From 4a02460d48a1a38afc2523b0dd0a52970bef53e3 Mon Sep 17 00:00:00 2001 From: Tamal Saha Date: Mon, 11 Dec 2023 13:43:40 -0800 Subject: [PATCH] Seed using stash v1 docs Signed-off-by: Tamal Saha --- .github/.kodiak.toml | 18 + .github/workflows/ci.yml | 63 + .github/workflows/preview-website.yml | 86 + .github/workflows/release-tracker.yml | 41 + .gitignore | 33 + DCO | 36 + LICENSE | 201 ++ docs/CONTRIBUTING.md | 32 + docs/FAQ/README.md | 59 + docs/FAQ/_index.md | 10 + docs/README.md | 80 + docs/_index.md | 10 + docs/acknowledgement.md | 19 + docs/addons/_index.md | 11 + docs/addons/elasticsearch/README.md | 43 + docs/addons/elasticsearch/_index.md | 10 + .../auto-backup/examples/backupblueprint.yaml | 28 + .../auto-backup/examples/es-demo-2.yaml | 18 + .../auto-backup/examples/es-demo-3.yaml | 18 + .../auto-backup/examples/es-demo.yaml | 17 + .../auto-backup/images/es-demo-2.png | Bin 0 -> 49160 bytes .../auto-backup/images/es-demo-3.png | Bin 0 -> 49578 bytes .../auto-backup/images/es-demo.png | Bin 0 -> 52538 bytes .../addons/elasticsearch/auto-backup/index.md | 694 ++++++ .../examples/backup/ignore-sg-index.yaml | 32 + .../backup/multi-retention-policy.yaml | 33 + .../examples/backup/passing-args.yaml | 32 + .../examples/backup/resource-limit.yaml | 38 + .../examples/backup/specific-user.yaml | 34 + .../examples/restore/passing-args.yaml | 29 + .../examples/restore/resource-limit.yaml | 35 + .../examples/restore/specific-snapshot.yaml | 26 + .../examples/restore/specific-user.yaml | 31 + .../elasticsearch/customization/index.md | 399 ++++ .../examples/backup/backupconfiguration.yaml | 33 + .../kubedb/examples/backup/repository.yaml | 11 + .../examples/elasticsearch/init_sample.yaml | 41 + .../examples/elasticsearch/sample_es.yaml | 39 + .../examples/restore/init_sample_restore.yaml | 29 + .../examples/restore/restoresession.yaml | 30 + .../kubedb/images/sample-es-backup.png | Bin 0 -> 47633 bytes docs/addons/elasticsearch/kubedb/index.md | 1170 +++++++++ .../overview/images/backup_overview.svg | 1033 ++++++++ .../overview/images/restore_overview.svg | 892 +++++++ docs/addons/elasticsearch/overview/index.md | 81 + docs/addons/etcd/README.md | 43 + docs/addons/etcd/_index.md | 10 + .../etcd/basic-auth/examples/appbinding.yaml | 15 + .../examples/backupconfiguration.yaml | 20 + .../etcd/basic-auth/examples/etcd-secret.yaml | 9 + .../addons/etcd/basic-auth/examples/etcd.yaml | 68 + .../etcd/basic-auth/examples/repository.yaml | 11 + .../basic-auth/examples/restoresession.yaml | 34 + .../etcd/basic-auth/images/etcd-backup.jpg | Bin 0 -> 289139 bytes docs/addons/etcd/basic-auth/index.md | 639 +++++ .../backup/multi-retention-policy.yaml | 24 + .../examples/backup/passing-args.yaml | 23 + .../examples/backup/resource-limit.yaml | 29 + .../examples/backup/specific-user.yaml | 25 + .../examples/restore/passing-args.yaml | 35 + .../examples/restore/resource-limit.yaml | 40 + .../examples/restore/specific-snapshot.yaml | 33 + .../examples/restore/specific-user.yaml | 33 + docs/addons/etcd/customization/index.md | 344 +++ .../etcd/overview/images/etcd-backup.svg | 1 + .../etcd/overview/images/etcd-restore.svg | 1 + docs/addons/etcd/overview/index.md | 85 + docs/addons/etcd/tls/examples/appbinding.yaml | 16 + .../tls/examples/backupconfiguration.yaml | 20 + .../addons/etcd/tls/examples/etcd-secret.yaml | 9 + docs/addons/etcd/tls/examples/etcd-tls.yaml | 80 + docs/addons/etcd/tls/examples/repository.yaml | 11 + .../etcd/tls/examples/restoresession.yaml | 33 + .../etcd/tls/images/etcd-tls-backup.jpg | Bin 0 -> 310682 bytes docs/addons/etcd/tls/index.md | 667 ++++++ docs/addons/kubedump/README.md | 32 + docs/addons/kubedump/_index.md | 10 + .../examples/backupconfiguration.yaml | 27 + .../kubedump/application/examples/rbac.yaml | 27 + .../application/examples/repository.yaml | 11 + .../images/application_manifest_backup.png | Bin 0 -> 76280 bytes docs/addons/kubedump/application/index.md | 454 ++++ .../cluster/examples/backupconfiguration.yaml | 18 + .../kubedump/cluster/examples/rbac.yaml | 27 + .../kubedump/cluster/examples/repository.yaml | 11 + .../images/cluster_manifests_backup.png | Bin 0 -> 73174 bytes docs/addons/kubedump/cluster/index.md | 537 +++++ .../examples/filter-resources.yaml | 21 + .../examples/multi-retention-policy.yaml | 22 + .../customization/examples/passing-args.yaml | 21 + .../examples/resource-limit.yaml | 26 + .../customization/examples/specific-user.yaml | 21 + docs/addons/kubedump/customization/index.md | 198 ++ .../examples/backupconfiguration.yaml | 23 + .../kubedump/namespace/examples/rbac.yaml | 27 + .../namespace/examples/repository.yaml | 11 + .../images/namespace_manifests_backup.png | Bin 0 -> 74373 bytes docs/addons/kubedump/namespace/index.md | 399 ++++ .../overview/images/kubedump-backup.svg | 914 +++++++ docs/addons/kubedump/overview/index.md | 56 + docs/addons/mariadb/README.md | 43 + docs/addons/mariadb/_index.md | 10 + .../auto-backup/examples/backupblueprint.yaml | 19 + .../examples/sample-mariadb-2.yaml | 20 + .../examples/sample-mariadb-3.yaml | 20 + .../auto-backup/examples/sample-mariadb.yaml | 19 + .../auto-backup/images/sample-mariadb-2.png | Bin 0 -> 45600 bytes .../auto-backup/images/sample-mariadb-3.png | Bin 0 -> 43310 bytes .../auto-backup/images/sample-mariadb.png | Bin 0 -> 42346 bytes docs/addons/mariadb/auto-backup/index.md | 665 ++++++ .../backup/multi-retention-policy.yaml | 24 + .../examples/backup/passing-args.yaml | 23 + .../examples/backup/resource-limit.yaml | 29 + .../examples/backup/specific-user.yaml | 25 + .../customization/examples/repository.yaml | 11 + .../examples/restore/passing-args.yaml | 22 + .../examples/restore/resource-limit.yaml | 29 + .../examples/restore/specific-snapshot.yaml | 19 + .../examples/restore/specific-user.yaml | 24 + .../examples/sample-mariadb.yaml | 15 + docs/addons/mariadb/customization/index.md | 300 +++ .../mariadb/helm/examples/appbinding.yaml | 23 + .../helm/examples/backupconfiguration.yaml | 20 + .../mariadb/helm/examples/repository.yaml | 11 + .../mariadb/helm/examples/restoresession.yaml | 17 + .../helm/images/sample-mariadb-backup.png | Bin 0 -> 50457 bytes docs/addons/mariadb/helm/index.md | 640 +++++ .../images/mariadb-logical-backup.svg | 987 ++++++++ .../images/mariadb-logical-restore.svg | 857 +++++++ docs/addons/mariadb/overview/index.md | 85 + docs/addons/mongodb/README.md | 43 + docs/addons/mongodb/_index.md | 11 + .../overview/images/backup_overview.svg | 997 ++++++++ .../overview/images/replicaset_backup.svg | 673 ++++++ .../overview/images/replicaset_restore.svg | 673 ++++++ .../overview/images/restore_overview.svg | 867 +++++++ .../overview/images/sharded_backup.svg | 2107 +++++++++++++++++ .../overview/images/sharded_restore.svg | 2107 +++++++++++++++++ .../overview/images/standalone_backup.svg | 673 ++++++ .../overview/images/standalone_restore.svg | 673 ++++++ docs/addons/mongodb/overview/index.md | 159 ++ .../backupconfiguration-replicaset.yaml | 20 + .../examples/mongodb-replicaset.yaml | 18 + .../examples/repository-replicaset.yaml | 11 + .../examples/restored-mongodb-replicaset.yaml | 20 + .../examples/restored-standalone.yaml | 18 + .../examples/restoresession-replicaset.yaml | 17 + .../examples/restoresession-standalone.yaml | 17 + .../examples/standalone-backup.yaml | 47 + docs/addons/mongodb/replicaset/index.md | 761 ++++++ .../backupconfiguration-sharding.yaml | 20 + .../sharding/examples/mongodb-sharding.yaml | 26 + .../examples/repository-sharding.yaml | 11 + .../examples/restored-mongodb-sharding.yaml | 30 + .../examples/restored-standalone.yaml | 20 + .../examples/restoresession-sharding.yaml | 17 + .../examples/restoresession-standalone.yaml | 17 + .../sharding/examples/standalone-backup.yaml | 47 + docs/addons/mongodb/sharding/index.md | 790 ++++++ .../examples/backupconfiguration.yaml | 20 + .../mongodb/standalone/examples/mongodb.yaml | 16 + .../standalone/examples/repository.yaml | 11 + .../standalone/examples/restored-mongodb.yaml | 19 + .../standalone/examples/restoresession.yaml | 17 + docs/addons/mongodb/standalone/index.md | 579 +++++ docs/addons/mysql/README.md | 41 + docs/addons/mysql/_index.md | 10 + .../mysql/overview/images/backup_overview.svg | 997 ++++++++ .../overview/images/restore_overview.svg | 867 +++++++ docs/addons/mysql/overview/index.md | 81 + .../examples/backupconfiguration.yaml | 20 + .../mysql/standalone/examples/repository.yaml | 11 + .../standalone/examples/restored-mysql.yaml | 18 + .../standalone/examples/restoresession.yaml | 17 + .../standalone/examples/sample-mysql.yaml | 16 + .../standalone/images/sample-mysql-backup.png | Bin 0 -> 59072 bytes docs/addons/mysql/standalone/index.md | 639 +++++ docs/addons/nats/README.md | 48 + docs/addons/nats/_index.md | 11 + docs/addons/nats/authentications/_index.md | 13 + .../basic-auth/examples/appbinding.yaml | 17 + .../examples/backupconfiguration.yaml | 29 + .../basic-auth/examples/repository.yaml | 11 + .../basic-auth/examples/restoresession.yaml | 26 + .../basic-auth/examples/secret.yaml | 10 + .../basic-auth/images/sample-nats-backup.png | Bin 0 -> 45342 bytes .../nats/authentications/basic-auth/index.md | 658 +++++ .../jwt-auth/examples/appbinding.yaml | 17 + .../examples/backupconfiguration.yaml | 29 + .../jwt-auth/examples/repository.yaml | 11 + .../jwt-auth/examples/restoresession.yaml | 26 + .../jwt-auth/examples/secret.yaml | 9 + .../jwt-auth/images/sample-nats-backup.png | Bin 0 -> 45342 bytes .../nats/authentications/jwt-auth/index.md | 662 ++++++ .../nkey-auth/examples/appbinding.yaml | 17 + .../examples/backupconfiguration.yaml | 29 + .../nkey-auth/examples/repository.yaml | 11 + .../nkey-auth/examples/restoresession.yaml | 26 + .../nkey-auth/examples/secret.yaml | 9 + .../nkey-auth/images/sample-nats-backup.png | Bin 0 -> 45342 bytes .../nats/authentications/nkey-auth/index.md | 659 ++++++ .../token-auth/examples/appbinding.yaml | 17 + .../examples/backupconfiguration.yaml | 29 + .../token-auth/examples/repository.yaml | 11 + .../token-auth/examples/restoresession.yaml | 26 + .../token-auth/examples/secret.yaml | 9 + .../token-auth/images/sample-nats-backup.png | Bin 0 -> 45342 bytes .../nats/authentications/token-auth/index.md | 655 +++++ .../backup/multi-retention-policy.yaml | 24 + .../examples/backup/passing-args.yaml | 23 + .../examples/backup/passing-streams.yaml | 23 + .../examples/backup/resource-limit.yaml | 29 + .../examples/backup/specific-user.yaml | 25 + .../examples/restore/passing-args.yaml | 20 + .../examples/restore/passing-streams.yaml | 20 + .../examples/restore/resource-limit.yaml | 26 + .../examples/restore/specific-snapshot.yaml | 17 + .../examples/restore/specific-user.yaml | 22 + docs/addons/nats/customization/index.md | 380 +++ .../addons/nats/helm/examples/appbinding.yaml | 15 + .../helm/examples/backupconfiguration.yaml | 29 + .../addons/nats/helm/examples/repository.yaml | 11 + .../nats/helm/examples/restoresession.yaml | 26 + .../nats/helm/images/sample-nats-backup.png | Bin 0 -> 45342 bytes docs/addons/nats/helm/index.md | 631 +++++ .../nats/overview/images/backup_overview.svg | 1 + .../nats/overview/images/restore_overview.svg | 1 + docs/addons/nats/overview/index.md | 81 + docs/addons/nats/tls/examples/appbinding.yaml | 18 + .../tls/examples/backupconfiguration.yaml | 29 + docs/addons/nats/tls/examples/ca.yaml | 14 + docs/addons/nats/tls/examples/cert.yaml | 29 + .../nats/tls/examples/clusterissuer.yaml | 6 + docs/addons/nats/tls/examples/issuer.yaml | 8 + docs/addons/nats/tls/examples/repository.yaml | 11 + .../nats/tls/examples/restoresession.yaml | 26 + .../nats/tls/images/sample-nats-backup.png | Bin 0 -> 81495 bytes docs/addons/nats/tls/index.md | 802 +++++++ docs/addons/percona-xtradb/README.md | 43 + docs/addons/percona-xtradb/_index.md | 10 + .../cluster/examples/backupconfiguration.yaml | 20 + .../cluster/examples/repository.yaml | 11 + .../examples/restored-xtradb-cluster.yaml | 21 + .../cluster/examples/restoresession.yaml | 32 + .../examples/sample-xtradb-cluster.yaml | 17 + .../images/sample-xtradb-cluster-backup.png | Bin 0 -> 35388 bytes docs/addons/percona-xtradb/cluster/index.md | 676 ++++++ .../overview/images/backup_overview.svg | 1002 ++++++++ .../overview/images/cluster_backup.png | Bin 0 -> 19439 bytes .../overview/images/cluster_restore.png | Bin 0 -> 10166 bytes .../overview/images/restore_overview.svg | 1 + .../overview/images/standalone_backup.png | Bin 0 -> 9535 bytes .../overview/images/standalone_backup.svg | 273 +++ .../overview/images/standalone_restore.png | Bin 0 -> 9287 bytes docs/addons/percona-xtradb/overview/index.md | 126 + .../examples/backupconfiguration.yaml | 20 + .../standalone/examples/repository.yaml | 11 + .../standalone/examples/restored-xtradb.yaml | 21 + .../standalone/examples/restoresession.yaml | 17 + .../standalone/examples/sample-xtradb.yaml | 17 + .../images/sample-xtradb-backup.png | Bin 0 -> 45568 bytes .../addons/percona-xtradb/standalone/index.md | 656 +++++ docs/addons/postgres/README.md | 42 + docs/addons/postgres/_index.md | 10 + .../auto-backup/examples/backupblueprint.yaml | 19 + .../auto-backup/examples/sample-pg-1.yaml | 18 + .../auto-backup/examples/sample-pg-2.yaml | 19 + .../auto-backup/examples/sample-pg-3.yaml | 19 + .../auto-backup/images/sample-postgres-1.png | Bin 0 -> 49329 bytes .../auto-backup/images/sample-postgres-2.png | Bin 0 -> 49530 bytes .../auto-backup/images/sample-postgres-3.png | Bin 0 -> 49637 bytes docs/addons/postgres/auto-backup/index.md | 648 +++++ .../overview/images/backup_overview.svg | 997 ++++++++ .../overview/images/restore_overview.svg | 857 +++++++ docs/addons/postgres/overview/index.md | 81 + .../standalone/examples/appbinding.yaml | 22 + .../examples/backupconfiguration.yaml | 20 + .../examples/minimal_appbinding.yaml | 17 + .../standalone/examples/postgres.yaml | 16 + .../standalone/examples/repository.yaml | 11 + .../examples/restored-postgres.yaml | 18 + .../standalone/examples/restoresession.yaml | 17 + .../standalone/examples/secret_transform.yaml | 21 + .../images/sample-postgres-backup.png | Bin 0 -> 53750 bytes docs/addons/postgres/standalone/index.md | 644 +++++ docs/addons/redis/README.md | 43 + docs/addons/redis/_index.md | 10 + .../auto-backup/examples/backupblueprint.yaml | 19 + .../auto-backup/examples/sample-redis-1.yaml | 22 + .../auto-backup/examples/sample-redis-2.yaml | 23 + .../auto-backup/examples/sample-redis-3.yaml | 23 + .../auto-backup/images/sample-redis-1.png | Bin 0 -> 51457 bytes .../auto-backup/images/sample-redis-2.png | Bin 0 -> 51060 bytes .../auto-backup/images/sample-redis-3.png | Bin 0 -> 51095 bytes docs/addons/redis/auto-backup/index.md | 726 ++++++ .../backup/multi-retention-policy.yaml | 24 + .../examples/backup/passing-args.yaml | 23 + .../examples/backup/resource-limit.yaml | 29 + .../examples/backup/specific-user.yaml | 25 + .../examples/restore/passing-args.yaml | 20 + .../examples/restore/resource-limit.yaml | 26 + .../examples/restore/specific-snapshot.yaml | 17 + .../examples/restore/specific-user.yaml | 22 + docs/addons/redis/customization/index.md | 290 +++ .../redis/helm/examples/appbinding.yaml | 20 + .../helm/examples/backupconfiguration.yaml | 20 + .../redis/helm/examples/repository.yaml | 11 + .../redis/helm/examples/restoresession.yaml | 17 + .../redis/helm/images/sample-redis-backup.png | Bin 0 -> 50845 bytes docs/addons/redis/helm/index.md | 568 +++++ .../overview/images/redis-logical-backup.svg | 987 ++++++++ .../overview/images/redis-logical-restore.svg | 857 +++++++ docs/addons/redis/overview/index.md | 85 + docs/concepts/README.md | 38 + docs/concepts/_index.md | 10 + docs/concepts/crds/_index.md | 11 + docs/concepts/crds/appbinding/appbinding.yaml | 22 + docs/concepts/crds/appbinding/index.md | 141 ++ .../crds/backupbatch/backupbatch.yaml | 57 + docs/concepts/crds/backupbatch/index.md | 187 ++ .../crds/backupblueprint/backupblueprint.yaml | 35 + docs/concepts/crds/backupblueprint/index.md | 134 ++ .../backupconfiguration.yaml | 77 + .../crds/backupconfiguration/index.md | 297 +++ .../crds/backupsession/backupsession.yaml | 90 + docs/concepts/crds/backupsession/index.md | 260 ++ docs/concepts/crds/function/function.yaml | 74 + docs/concepts/crds/function/index.md | 227 ++ docs/concepts/crds/repository/index.md | 174 ++ docs/concepts/crds/repository/repository.yaml | 19 + docs/concepts/crds/restorebatch/index.md | 204 ++ .../crds/restorebatch/restorebatch.yaml | 95 + docs/concepts/crds/restoresession/index.md | 342 +++ .../crds/restoresession/restoresession.yaml | 116 + docs/concepts/crds/snapshot/index.md | 149 ++ docs/concepts/crds/snapshot/snapshot.yaml | 19 + docs/concepts/crds/task/index.md | 97 + docs/concepts/crds/task/task.yaml | 22 + docs/concepts/what-is-stash/_index.md | 11 + .../images/stash_architecture.svg | 924 ++++++++ .../what-is-stash/architecture/index.md | 94 + docs/concepts/what-is-stash/overview/index.md | 46 + docs/design.md | 902 +++++++ docs/guides/README.md | 50 + docs/guides/_index.md | 9 + docs/guides/addons/_index.md | 10 + .../addons/overview/images/addon_overview.svg | 433 ++++ docs/guides/addons/overview/index.md | 43 + docs/guides/auto-backup/_index.md | 10 + docs/guides/auto-backup/database/index.md | 82 + .../overview/images/auto_backup_overview.svg | 557 +++++ docs/guides/auto-backup/overview/index.md | 68 + .../pvc/examples/backupblueprint.yaml | 19 + .../auto-backup/pvc/examples/nfs_pv.yaml | 14 + .../auto-backup/pvc/examples/nfs_pvc.yaml | 15 + .../auto-backup/pvc/examples/pod-1.yaml | 18 + .../auto-backup/pvc/examples/pod-2.yaml | 18 + .../auto-backup/pvc/images/pvc_repo.png | Bin 0 -> 54998 bytes docs/guides/auto-backup/pvc/index.md | 513 ++++ .../workload/examples/backupblueprint.yaml | 17 + .../workload/examples/daemonset.yaml | 45 + .../workload/examples/deployment.yaml | 59 + .../workload/examples/statefulset.yaml | 64 + .../workload/images/daemon_repo.png | Bin 0 -> 52260 bytes .../workload/images/deployment_repo.png | Bin 0 -> 53065 bytes .../workload/images/statefulset_repo.png | Bin 0 -> 52604 bytes docs/guides/auto-backup/workload/index.md | 730 ++++++ docs/guides/backends/_index.md | 10 + .../guides/backends/azure/examples/azure.yaml | 11 + docs/guides/backends/azure/index.md | 85 + docs/guides/backends/b2/examples/b2.yaml | 11 + docs/guides/backends/b2/index.md | 87 + docs/guides/backends/gcs/examples/gcs.yaml | 11 + docs/guides/backends/gcs/index.md | 87 + .../local/examples/awsElasticBolckStore.yaml | 13 + .../backends/local/examples/azureDisk.yaml | 13 + .../backends/local/examples/emptyDir.yaml | 11 + .../local/examples/gcePersistentDisk.yaml | 13 + .../backends/local/examples/hostPath.yaml | 12 + docs/guides/backends/local/examples/nfs.yaml | 13 + docs/guides/backends/local/examples/pvc.yaml | 12 + .../backends/local/examples/storageOS.yaml | 13 + docs/guides/backends/local/index.md | 277 +++ .../overview/images/backend_overview.svg | 527 +++++ .../overview/images/s3_repository.png | Bin 0 -> 39014 bytes docs/guides/backends/overview/index.md | 51 + docs/guides/backends/rest/examples/rest.yaml | 10 + docs/guides/backends/rest/index.md | 83 + docs/guides/backends/s3/examples/minio.yaml | 12 + docs/guides/backends/s3/examples/s3.yaml | 13 + docs/guides/backends/s3/index.md | 125 + .../guides/backends/swift/examples/swift.yaml | 11 + docs/guides/backends/swift/index.md | 158 ++ docs/guides/batch-backup/_index.md | 10 + .../overview/images/batch-restore.svg | 1128 +++++++++ .../overview/images/batchbackup_overview.svg | 1326 +++++++++++ docs/guides/batch-backup/overview/index.md | 72 + .../wordpress-backup/examples/appbinding.yaml | 15 + .../examples/backupbatch.yaml | 34 + .../wordpress-backup/examples/mysql.yaml | 75 + .../wordpress-backup/examples/repository.yaml | 11 + .../examples/restorebatch.yaml | 33 + .../examples/restoresession.yaml | 18 + .../wordpress-backup/examples/wordpress.yaml | 71 + .../wordpress-backup/images/backup-data.png | Bin 0 -> 49018 bytes .../wordpress-backup/images/sample-post.png | Bin 0 -> 59134 bytes .../images/wordpress-setup.png | Bin 0 -> 57563 bytes .../wordpress-backup/images/wp_missing.png | Bin 0 -> 50717 bytes .../wordpress-backup/images/wp_restored.png | Bin 0 -> 53156 bytes .../batch-backup/wordpress-backup/index.md | 954 ++++++++ docs/guides/cli/_index.md | 10 + docs/guides/cli/kubectl-plugin/index.md | 432 ++++ docs/guides/hooks/_index.md | 10 + .../examples/post_backup_hook_demo.yaml | 35 + .../examples/post_restore_hook_demo.yaml | 25 + .../examples/pre_backup_hook_demo.yaml | 28 + .../examples/pre_restore_hook_demo.yaml | 25 + .../examples/repository.yaml | 11 + .../examples/sample-mysql.yaml | 16 + .../hooks/backup-and-restore-hooks/index.md | 730 ++++++ .../batch-backup/examples/repository.yaml | 11 + .../examples/wordpress-backup.yaml | 77 + .../examples/wordpress-deployment.yaml | 60 + .../examples/wordpress-mysql.yaml | 20 + .../batch-backup/images/notification.png | Bin 0 -> 77029 bytes docs/guides/hooks/batch-backup/index.md | 410 ++++ docs/guides/hooks/configuring-hooks/index.md | 216 ++ .../hooks/overview/images/batch-backup.svg | 721 ++++++ .../hooks/overview/images/job-model.svg | 1058 +++++++++ .../hooks/overview/images/sidecar-model.svg | 290 +++ docs/guides/hooks/overview/index.md | 167 ++ .../examples/all_backup_notification.yaml | 44 + .../examples/deployment.yaml | 44 + .../examples/failed_backup_notification.yaml | 44 + .../examples/repository.yaml | 11 + .../examples/restoresession.yaml | 41 + .../images/all_notification.png | Bin 0 -> 100091 bytes .../images/failed_notification.png | Bin 0 -> 114093 bytes .../slack-notification/images/step_1.png | Bin 0 -> 187299 bytes .../slack-notification/images/step_2.png | Bin 0 -> 84861 bytes .../slack-notification/images/step_3.png | Bin 0 -> 118873 bytes .../slack-notification/images/step_4.png | Bin 0 -> 134753 bytes .../slack-notification/images/step_5.png | Bin 0 -> 85784 bytes .../slack-notification/images/step_6.png | Bin 0 -> 75836 bytes .../slack-notification/images/step_7.png | Bin 0 -> 36287 bytes .../slack-notification/images/step_8.png | Bin 0 -> 64309 bytes docs/guides/hooks/slack-notification/index.md | 404 ++++ docs/guides/managed-backup/_index.md | 10 + .../examples/backup-bluprint.yaml | 21 + .../clusterrole_clusterrolebinding.yaml | 24 + .../examples/mysql.yaml | 56 + .../examples/serviceaccount.yaml | 5 + .../images/gcs-prod-1.png | Bin 0 -> 64114 bytes .../images/gcs-prod-2.png | Bin 0 -> 71781 bytes .../images/gcs-prod-3.png | Bin 0 -> 72249 bytes .../index.md | 415 ++++ .../examples/backupconfiguration.yaml | 22 + .../clusterrole_clusterrolebinding.yaml | 24 + .../examples/mysql.yaml | 17 + .../examples/mysql_recovery.yaml | 17 + .../examples/repository.yaml | 11 + .../examples/restoresession.yaml | 21 + .../examples/serviceaccount.yaml | 5 + .../dedicated-backup-namespace/index.md | 595 +++++ .../examples/backupconfiguration.yaml | 24 + .../examples/repository.yaml | 14 + .../examples/restoresession.yaml | 20 + .../examples/statefulset.yaml | 54 + .../examples/statefulset_recovered.yaml | 51 + .../dedicated-storage-namespace/index.md | 488 ++++ docs/guides/monitoring/_index.md | 10 + .../grafana/images/import_dashboard_1.png | Bin 0 -> 35367 bytes .../grafana/images/import_dashboard_2.png | Bin 0 -> 30200 bytes .../grafana/images/import_dashboard_3.png | Bin 0 -> 45878 bytes .../images/stash_grafana_dashboard.png | Bin 0 -> 262149 bytes docs/guides/monitoring/grafana/index.md | 103 + .../overview/images/monitoring-structure.svg | 1456 ++++++++++++ docs/guides/monitoring/overview/index.md | 304 +++ docs/guides/monitoring/profiler.yaml | 20 + .../prom-builtin/examples/prom-config.yaml | 103 + .../examples/prom-deployment.yaml | 45 + .../prom-builtin/examples/prom-rbac.yaml | 39 + .../images/prom_builtin_target.png | Bin 0 -> 52086 bytes docs/guides/monitoring/prom-builtin/index.md | 433 ++++ .../images/prom_operator_web_ui.png | Bin 0 -> 142482 bytes docs/guides/monitoring/prom-operator/index.md | 302 +++ docs/guides/platforms/_index.md | 10 + .../aks/examples/backupconfiguration.yaml | 23 + .../platforms/aks/examples/deployment.yaml | 32 + docs/guides/platforms/aks/examples/pvc.yaml | 12 + .../aks/examples/recovered_deployment.yaml | 46 + .../platforms/aks/examples/repository.yaml | 11 + .../aks/examples/restoresession.yaml | 19 + docs/guides/platforms/aks/images/aks.png | Bin 0 -> 33112 bytes docs/guides/platforms/aks/index.md | 676 ++++++ .../examples/backupconfiguration.yaml | 21 + .../platforms/eks-irsa/examples/mariadb.yaml | 18 + .../eks-irsa/examples/repository.yaml | 13 + .../eks-irsa/examples/restoresession.yaml | 18 + .../images/create-bucket-policy-1.png | Bin 0 -> 55057 bytes .../images/create-bucket-policy-2.png | Bin 0 -> 58605 bytes docs/guides/platforms/eks-irsa/images/eks.png | Bin 0 -> 39626 bytes docs/guides/platforms/eks-irsa/images/gcs.png | Bin 0 -> 50457 bytes docs/guides/platforms/eks-irsa/index.md | 647 +++++ .../examples/backupconfiguration.yaml | 22 + .../eks-kube2iam/examples/kube2iam.yaml | 80 + .../eks-kube2iam/examples/mariadb.yaml | 18 + .../eks-kube2iam/examples/repository.yaml | 13 + .../eks-kube2iam/examples/restoresession.yaml | 19 + .../eks-kube2iam/images/attach-policy-1.png | Bin 0 -> 80546 bytes .../eks-kube2iam/images/attach-policy-2.png | Bin 0 -> 51296 bytes .../images/create-assume-policy-1.png | Bin 0 -> 53820 bytes .../images/create-assume-policy-2.png | Bin 0 -> 60605 bytes .../images/create-bucket-policy-1.png | Bin 0 -> 55057 bytes .../images/create-bucket-policy-2.png | Bin 0 -> 58605 bytes .../eks-kube2iam/images/create-role-1.png | Bin 0 -> 81816 bytes .../eks-kube2iam/images/create-role-2.png | Bin 0 -> 61410 bytes .../eks-kube2iam/images/create-role-3.png | Bin 0 -> 58763 bytes .../platforms/eks-kube2iam/images/eks.png | Bin 0 -> 39626 bytes .../platforms/eks-kube2iam/images/gcs.png | Bin 0 -> 50457 bytes .../eks-kube2iam/images/trust-policy-1.png | Bin 0 -> 83049 bytes .../eks-kube2iam/images/trust-policy-2.png | Bin 0 -> 40183 bytes docs/guides/platforms/eks-kube2iam/index.md | 728 ++++++ .../gke/examples/backupconfiguration.yaml | 21 + .../platforms/gke/examples/mariadb.yaml | 17 + .../platforms/gke/examples/repository.yaml | 11 + .../gke/examples/restoresession.yaml | 18 + docs/guides/platforms/gke/images/gke.png | Bin 0 -> 50457 bytes docs/guides/platforms/gke/index.md | 650 +++++ .../minio/examples/backupconfiguration.yaml | 23 + .../platforms/minio/examples/deployment.yaml | 32 + .../minio/examples/minio-deployment.yaml | 58 + .../minio/examples/minio-nodeport-svc.yaml | 14 + .../platforms/minio/examples/minio-pvc.yaml | 12 + docs/guides/platforms/minio/examples/pvc.yaml | 12 + .../minio/examples/recovered_deployment.yaml | 46 + .../platforms/minio/examples/repository.yaml | 12 + .../minio/examples/restoresession.yaml | 19 + docs/guides/platforms/minio/images/minio.png | Bin 0 -> 30646 bytes docs/guides/platforms/minio/index.md | 708 ++++++ .../rook/examples/backupconfiguration.yaml | 23 + .../platforms/rook/examples/deployment.yaml | 36 + docs/guides/platforms/rook/examples/pvc.yaml | 12 + .../rook/examples/recovered_deployment.yaml | 50 + .../platforms/rook/examples/repository.yaml | 12 + .../rook/examples/restoresession.yaml | 19 + docs/guides/platforms/rook/index.md | 707 ++++++ docs/guides/security/_index.md | 11 + docs/guides/security/psp/index.md | 149 ++ docs/guides/security/rbac/index.md | 61 + docs/guides/troubleshooting/_index.md | 11 + .../images/gcs_lifecycle_policy.png | Bin 0 -> 65692 bytes .../ciphertext-verification-failed/index.md | 45 + .../how-to-troubleshoot/index.md | 201 ++ .../permission-denided/index.md | 266 +++ .../repo-locked/images/repo_lock.png | Bin 0 -> 20543 bytes .../troubleshooting/repo-locked/index.md | 80 + .../source-data-read-failed/index.md | 68 + docs/guides/use-cases/_index.md | 10 + .../deployment/dep-backupconfiguration.yaml | 26 + .../examples/deployment/deployment.yaml | 63 + .../deployment/restore-deployment.yaml | 38 + .../examples/deployment/restoresession.yaml | 35 + .../clone-pvc/examples/repository.yaml | 11 + .../statefulset/restore-statefulset.yaml | 64 + .../examples/statefulset/restoresession.yaml | 36 + .../statefulset/ss-backupconfiguration.yaml | 26 + .../examples/statefulset/statefulset.yaml | 68 + docs/guides/use-cases/clone-pvc/index.md | 909 +++++++ .../examples/backupconfiguration_prod.yaml | 23 + .../examples/deployment_prod.yaml | 45 + .../examples/deployment_staging.yaml | 46 + .../examples/pvc_prod.yaml | 11 + .../examples/pvc_staging.yaml | 12 + .../examples/repository_prod.yaml | 11 + .../examples/repository_staging.yaml | 11 + .../examples/restoresession_staging.yaml | 19 + .../use-cases/cross-cluster-backup/index.md | 603 +++++ .../backup/multiple_retention_policy.yaml | 27 + .../examples/backup/passing_args.yaml | 24 + .../examples/backup/resource_limit.yaml | 32 + .../examples/backup/specific_user.yaml | 28 + .../examples/restore/passing_args.yaml | 20 + .../examples/restore/resource_limit.yaml | 27 + .../examples/restore/specific_snapshot.yaml | 18 + .../examples/restore/specific_user.yaml | 23 + .../customize-backup-restore/index.md | 305 +++ .../examples/backupconfiguration-exclude.yaml | 27 + .../examples/backupconfiguration-full.yaml | 23 + .../examples/deployment-recovered.yaml | 33 + .../examples/deployment-source.yaml | 33 + .../examples/pvc-recovered.yaml | 12 + .../examples/pvc-source.yaml | 12 + .../examples/repository-exclude.yaml | 11 + .../examples/repository-full.yaml | 11 + .../examples/restoresession-exclude.yaml | 23 + .../examples/restoresession-inlcude.yaml | 23 + .../use-cases/exclude-include-files/index.md | 587 +++++ .../examples/backupconfiguration.yaml | 23 + .../examples/backupsession.yaml | 12 + .../instant-backup/examples/deployment.yaml | 45 + .../instant-backup/examples/repository.yaml | 11 + .../instant-backup/images/instant.png | Bin 0 -> 65935 bytes docs/guides/use-cases/instant-backup/index.md | 307 +++ docs/guides/use-cases/ownership/index.md | 94 + .../examples/backupconfiguration.yaml | 23 + .../pause-backup/examples/backupsession.yaml | 12 + .../pause-backup/examples/deployment.yaml | 45 + .../pause-backup/examples/repository.yaml | 11 + docs/guides/use-cases/pause-backup/index.md | 402 ++++ docs/guides/volumes/_index.md | 10 + .../images/volume_backup_overview.svg | 942 ++++++++ .../images/volume_restore_overview.svg | 822 +++++++ docs/guides/volumes/overview/index.md | 83 + .../pvc/examples/backupconfiguration.yaml | 20 + docs/guides/volumes/pvc/examples/pod-1.yaml | 18 + docs/guides/volumes/pvc/examples/pod-2.yaml | 18 + docs/guides/volumes/pvc/examples/pv.yaml | 14 + docs/guides/volumes/pvc/examples/pvc.yaml | 15 + .../volumes/pvc/examples/repository.yaml | 11 + .../volumes/pvc/examples/restoresession.yaml | 17 + docs/guides/volumes/pvc/images/pvc_repo.png | Bin 0 -> 49991 bytes docs/guides/volumes/pvc/index.md | 514 ++++ docs/guides/volumesnapshot/_index.md | 10 + .../examples/backupconfiguration.yaml | 18 + .../deployment/examples/deployment.yaml | 37 + .../deployment/examples/pvcs.yaml | 25 + .../examples/restored-deployment.yaml | 38 + .../deployment/examples/restoresession.yaml | 33 + .../deployment/examples/storageclass.yaml | 9 + .../examples/volumesnapshotclass.yaml | 6 + .../volumesnapshot/deployment/images/gcp.png | Bin 0 -> 51354 bytes .../guides/volumesnapshot/deployment/index.md | 526 ++++ .../overview/images/restore-overview.svg | 106 + .../images/volumesnapshot-overview.svg | 111 + docs/guides/volumesnapshot/overview/index.md | 84 + .../pvc/examples/backupconfiguration.yaml | 18 + .../pvc/examples/restored-pod.yaml | 20 + .../pvc/examples/restoresession.yaml | 21 + .../pvc/examples/source-pod.yaml | 19 + .../pvc/examples/source-pvc.yaml | 12 + .../pvc/examples/storageclass.yaml | 9 + .../pvc/examples/volumesnapshotclass.yaml | 6 + docs/guides/volumesnapshot/pvc/images/gcp.png | Bin 0 -> 39238 bytes docs/guides/volumesnapshot/pvc/index.md | 453 ++++ .../backupconfiguration-single-replica.yaml | 19 + .../examples/backupconfiguration.yaml | 19 + .../examples/restored-statefulset.yaml | 54 + .../restoresession-single-replica.yaml | 22 + .../statefulset/examples/restoresession.yaml | 22 + .../statefulset/examples/statefulset.yaml | 58 + .../statefulset/examples/storageclass.yaml | 9 + .../examples/volumesnapshotclass.yaml | 6 + .../volumesnapshot/statefulset/images/gcp.png | Bin 0 -> 63287 bytes .../statefulset/images/gcp2.png | Bin 0 -> 39757 bytes .../volumesnapshot/statefulset/index.md | 850 +++++++ docs/guides/workloads/_index.md | 10 + .../examples/backupconfiguration.yaml | 23 + .../workloads/daemonset/examples/daemon.yaml | 31 + .../daemonset/examples/recovered_daemon.yaml | 32 + .../daemonset/examples/repository.yaml | 11 + .../daemonset/examples/restoresession.yaml | 19 + .../daemonset/images/gcs_bucket_dmn.png | Bin 0 -> 51663 bytes docs/guides/workloads/daemonset/index.md | 600 +++++ .../examples/backupconfiguration.yaml | 23 + .../deployment/examples/deployment.yaml | 32 + .../workloads/deployment/examples/pvc.yaml | 11 + .../examples/recovered_deployment.yaml | 46 + .../deployment/examples/repository.yaml | 11 + .../deployment/examples/restoresession.yaml | 19 + .../deployment/images/gcs_bucket_dep.png | Bin 0 -> 51489 bytes docs/guides/workloads/deployment/index.md | 658 +++++ .../overview/images/backup_overview.svg | 762 ++++++ .../overview/images/restore_overview.svg | 692 ++++++ docs/guides/workloads/overview/index.md | 87 + .../examples/adv_restoresession.yaml | 26 + .../statefulset/examples/adv_statefulset.yaml | 51 + .../examples/backupconfiguration.yaml | 23 + .../statefulset/examples/custom_restore.yaml | 77 + .../examples/recovered_statefulset.yaml | 51 + .../statefulset/examples/repository.yaml | 11 + .../statefulset/examples/restoresession.yaml | 19 + .../statefulset/examples/statefulset.yaml | 54 + .../statefulset/images/gcs_bucket_ss.png | Bin 0 -> 51376 bytes docs/guides/workloads/statefulset/index.md | 943 ++++++++ docs/reference/_index.md | 11 + docs/reference/cli/_index.md | 11 + docs/reference/operator/_index.md | 11 + docs/setup/README.md | 36 + docs/setup/_index.md | 9 + docs/setup/install/_index.md | 11 + docs/setup/install/kubectl-plugin/index.md | 82 + .../stash/images/enterprise_license_form.png | Bin 0 -> 39737 bytes docs/setup/install/stash/index.md | 177 ++ docs/setup/install/troubleshooting/index.md | 104 + docs/setup/uninstall/_index.md | 11 + docs/setup/uninstall/kubectl-plugin/index.md | 23 + docs/setup/uninstall/stash/index.md | 68 + .../images/stash-navigate-old-version.png | Bin 0 -> 105312 bytes docs/setup/upgrade/index.md | 211 ++ docs/support.md | 21 + hack/scripts/open-pr.sh | 42 + hack/scripts/update-release-tracker.sh | 72 + 703 files changed, 88071 insertions(+) create mode 100644 .github/.kodiak.toml create mode 100644 .github/workflows/ci.yml create mode 100644 .github/workflows/preview-website.yml create mode 100644 .github/workflows/release-tracker.yml create mode 100644 .gitignore create mode 100644 DCO create mode 100644 LICENSE create mode 100644 docs/CONTRIBUTING.md create mode 100644 docs/FAQ/README.md create mode 100644 docs/FAQ/_index.md create mode 100644 docs/README.md create mode 100644 docs/_index.md create mode 100644 docs/acknowledgement.md create mode 100644 docs/addons/_index.md create mode 100644 docs/addons/elasticsearch/README.md create mode 100644 docs/addons/elasticsearch/_index.md create mode 100644 docs/addons/elasticsearch/auto-backup/examples/backupblueprint.yaml create mode 100644 docs/addons/elasticsearch/auto-backup/examples/es-demo-2.yaml create mode 100644 docs/addons/elasticsearch/auto-backup/examples/es-demo-3.yaml create mode 100644 docs/addons/elasticsearch/auto-backup/examples/es-demo.yaml create mode 100644 docs/addons/elasticsearch/auto-backup/images/es-demo-2.png create mode 100644 docs/addons/elasticsearch/auto-backup/images/es-demo-3.png create mode 100644 docs/addons/elasticsearch/auto-backup/images/es-demo.png create mode 100644 docs/addons/elasticsearch/auto-backup/index.md create mode 100644 docs/addons/elasticsearch/customization/examples/backup/ignore-sg-index.yaml create mode 100644 docs/addons/elasticsearch/customization/examples/backup/multi-retention-policy.yaml create mode 100644 docs/addons/elasticsearch/customization/examples/backup/passing-args.yaml create mode 100644 docs/addons/elasticsearch/customization/examples/backup/resource-limit.yaml create mode 100644 docs/addons/elasticsearch/customization/examples/backup/specific-user.yaml create mode 100644 docs/addons/elasticsearch/customization/examples/restore/passing-args.yaml create mode 100644 docs/addons/elasticsearch/customization/examples/restore/resource-limit.yaml create mode 100644 docs/addons/elasticsearch/customization/examples/restore/specific-snapshot.yaml create mode 100644 docs/addons/elasticsearch/customization/examples/restore/specific-user.yaml create mode 100644 docs/addons/elasticsearch/customization/index.md create mode 100644 docs/addons/elasticsearch/kubedb/examples/backup/backupconfiguration.yaml create mode 100644 docs/addons/elasticsearch/kubedb/examples/backup/repository.yaml create mode 100644 docs/addons/elasticsearch/kubedb/examples/elasticsearch/init_sample.yaml create mode 100644 docs/addons/elasticsearch/kubedb/examples/elasticsearch/sample_es.yaml create mode 100644 docs/addons/elasticsearch/kubedb/examples/restore/init_sample_restore.yaml create mode 100644 docs/addons/elasticsearch/kubedb/examples/restore/restoresession.yaml create mode 100644 docs/addons/elasticsearch/kubedb/images/sample-es-backup.png create mode 100644 docs/addons/elasticsearch/kubedb/index.md create mode 100644 docs/addons/elasticsearch/overview/images/backup_overview.svg create mode 100644 docs/addons/elasticsearch/overview/images/restore_overview.svg create mode 100644 docs/addons/elasticsearch/overview/index.md create mode 100644 docs/addons/etcd/README.md create mode 100644 docs/addons/etcd/_index.md create mode 100644 docs/addons/etcd/basic-auth/examples/appbinding.yaml create mode 100644 docs/addons/etcd/basic-auth/examples/backupconfiguration.yaml create mode 100644 docs/addons/etcd/basic-auth/examples/etcd-secret.yaml create mode 100644 docs/addons/etcd/basic-auth/examples/etcd.yaml create mode 100644 docs/addons/etcd/basic-auth/examples/repository.yaml create mode 100644 docs/addons/etcd/basic-auth/examples/restoresession.yaml create mode 100644 docs/addons/etcd/basic-auth/images/etcd-backup.jpg create mode 100644 docs/addons/etcd/basic-auth/index.md create mode 100644 docs/addons/etcd/customization/examples/backup/multi-retention-policy.yaml create mode 100644 docs/addons/etcd/customization/examples/backup/passing-args.yaml create mode 100644 docs/addons/etcd/customization/examples/backup/resource-limit.yaml create mode 100644 docs/addons/etcd/customization/examples/backup/specific-user.yaml create mode 100644 docs/addons/etcd/customization/examples/restore/passing-args.yaml create mode 100644 docs/addons/etcd/customization/examples/restore/resource-limit.yaml create mode 100644 docs/addons/etcd/customization/examples/restore/specific-snapshot.yaml create mode 100644 docs/addons/etcd/customization/examples/restore/specific-user.yaml create mode 100644 docs/addons/etcd/customization/index.md create mode 100644 docs/addons/etcd/overview/images/etcd-backup.svg create mode 100644 docs/addons/etcd/overview/images/etcd-restore.svg create mode 100644 docs/addons/etcd/overview/index.md create mode 100644 docs/addons/etcd/tls/examples/appbinding.yaml create mode 100644 docs/addons/etcd/tls/examples/backupconfiguration.yaml create mode 100644 docs/addons/etcd/tls/examples/etcd-secret.yaml create mode 100644 docs/addons/etcd/tls/examples/etcd-tls.yaml create mode 100644 docs/addons/etcd/tls/examples/repository.yaml create mode 100644 docs/addons/etcd/tls/examples/restoresession.yaml create mode 100644 docs/addons/etcd/tls/images/etcd-tls-backup.jpg create mode 100644 docs/addons/etcd/tls/index.md create mode 100644 docs/addons/kubedump/README.md create mode 100644 docs/addons/kubedump/_index.md create mode 100644 docs/addons/kubedump/application/examples/backupconfiguration.yaml create mode 100644 docs/addons/kubedump/application/examples/rbac.yaml create mode 100644 docs/addons/kubedump/application/examples/repository.yaml create mode 100644 docs/addons/kubedump/application/images/application_manifest_backup.png create mode 100644 docs/addons/kubedump/application/index.md create mode 100644 docs/addons/kubedump/cluster/examples/backupconfiguration.yaml create mode 100644 docs/addons/kubedump/cluster/examples/rbac.yaml create mode 100644 docs/addons/kubedump/cluster/examples/repository.yaml create mode 100644 docs/addons/kubedump/cluster/images/cluster_manifests_backup.png create mode 100644 docs/addons/kubedump/cluster/index.md create mode 100644 docs/addons/kubedump/customization/examples/filter-resources.yaml create mode 100644 docs/addons/kubedump/customization/examples/multi-retention-policy.yaml create mode 100644 docs/addons/kubedump/customization/examples/passing-args.yaml create mode 100644 docs/addons/kubedump/customization/examples/resource-limit.yaml create mode 100644 docs/addons/kubedump/customization/examples/specific-user.yaml create mode 100644 docs/addons/kubedump/customization/index.md create mode 100644 docs/addons/kubedump/namespace/examples/backupconfiguration.yaml create mode 100644 docs/addons/kubedump/namespace/examples/rbac.yaml create mode 100644 docs/addons/kubedump/namespace/examples/repository.yaml create mode 100644 docs/addons/kubedump/namespace/images/namespace_manifests_backup.png create mode 100644 docs/addons/kubedump/namespace/index.md create mode 100644 docs/addons/kubedump/overview/images/kubedump-backup.svg create mode 100644 docs/addons/kubedump/overview/index.md create mode 100644 docs/addons/mariadb/README.md create mode 100644 docs/addons/mariadb/_index.md create mode 100644 docs/addons/mariadb/auto-backup/examples/backupblueprint.yaml create mode 100644 docs/addons/mariadb/auto-backup/examples/sample-mariadb-2.yaml create mode 100644 docs/addons/mariadb/auto-backup/examples/sample-mariadb-3.yaml create mode 100644 docs/addons/mariadb/auto-backup/examples/sample-mariadb.yaml create mode 100644 docs/addons/mariadb/auto-backup/images/sample-mariadb-2.png create mode 100644 docs/addons/mariadb/auto-backup/images/sample-mariadb-3.png create mode 100644 docs/addons/mariadb/auto-backup/images/sample-mariadb.png create mode 100644 docs/addons/mariadb/auto-backup/index.md create mode 100644 docs/addons/mariadb/customization/examples/backup/multi-retention-policy.yaml create mode 100644 docs/addons/mariadb/customization/examples/backup/passing-args.yaml create mode 100644 docs/addons/mariadb/customization/examples/backup/resource-limit.yaml create mode 100644 docs/addons/mariadb/customization/examples/backup/specific-user.yaml create mode 100644 docs/addons/mariadb/customization/examples/repository.yaml create mode 100644 docs/addons/mariadb/customization/examples/restore/passing-args.yaml create mode 100644 docs/addons/mariadb/customization/examples/restore/resource-limit.yaml create mode 100644 docs/addons/mariadb/customization/examples/restore/specific-snapshot.yaml create mode 100644 docs/addons/mariadb/customization/examples/restore/specific-user.yaml create mode 100644 docs/addons/mariadb/customization/examples/sample-mariadb.yaml create mode 100644 docs/addons/mariadb/customization/index.md create mode 100644 docs/addons/mariadb/helm/examples/appbinding.yaml create mode 100644 docs/addons/mariadb/helm/examples/backupconfiguration.yaml create mode 100644 docs/addons/mariadb/helm/examples/repository.yaml create mode 100644 docs/addons/mariadb/helm/examples/restoresession.yaml create mode 100644 docs/addons/mariadb/helm/images/sample-mariadb-backup.png create mode 100644 docs/addons/mariadb/helm/index.md create mode 100644 docs/addons/mariadb/overview/images/mariadb-logical-backup.svg create mode 100644 docs/addons/mariadb/overview/images/mariadb-logical-restore.svg create mode 100644 docs/addons/mariadb/overview/index.md create mode 100644 docs/addons/mongodb/README.md create mode 100644 docs/addons/mongodb/_index.md create mode 100644 docs/addons/mongodb/overview/images/backup_overview.svg create mode 100644 docs/addons/mongodb/overview/images/replicaset_backup.svg create mode 100644 docs/addons/mongodb/overview/images/replicaset_restore.svg create mode 100644 docs/addons/mongodb/overview/images/restore_overview.svg create mode 100644 docs/addons/mongodb/overview/images/sharded_backup.svg create mode 100644 docs/addons/mongodb/overview/images/sharded_restore.svg create mode 100644 docs/addons/mongodb/overview/images/standalone_backup.svg create mode 100644 docs/addons/mongodb/overview/images/standalone_restore.svg create mode 100644 docs/addons/mongodb/overview/index.md create mode 100644 docs/addons/mongodb/replicaset/examples/backupconfiguration-replicaset.yaml create mode 100644 docs/addons/mongodb/replicaset/examples/mongodb-replicaset.yaml create mode 100644 docs/addons/mongodb/replicaset/examples/repository-replicaset.yaml create mode 100644 docs/addons/mongodb/replicaset/examples/restored-mongodb-replicaset.yaml create mode 100644 docs/addons/mongodb/replicaset/examples/restored-standalone.yaml create mode 100644 docs/addons/mongodb/replicaset/examples/restoresession-replicaset.yaml create mode 100644 docs/addons/mongodb/replicaset/examples/restoresession-standalone.yaml create mode 100644 docs/addons/mongodb/replicaset/examples/standalone-backup.yaml create mode 100644 docs/addons/mongodb/replicaset/index.md create mode 100644 docs/addons/mongodb/sharding/examples/backupconfiguration-sharding.yaml create mode 100644 docs/addons/mongodb/sharding/examples/mongodb-sharding.yaml create mode 100644 docs/addons/mongodb/sharding/examples/repository-sharding.yaml create mode 100644 docs/addons/mongodb/sharding/examples/restored-mongodb-sharding.yaml create mode 100644 docs/addons/mongodb/sharding/examples/restored-standalone.yaml create mode 100644 docs/addons/mongodb/sharding/examples/restoresession-sharding.yaml create mode 100644 docs/addons/mongodb/sharding/examples/restoresession-standalone.yaml create mode 100644 docs/addons/mongodb/sharding/examples/standalone-backup.yaml create mode 100644 docs/addons/mongodb/sharding/index.md create mode 100644 docs/addons/mongodb/standalone/examples/backupconfiguration.yaml create mode 100644 docs/addons/mongodb/standalone/examples/mongodb.yaml create mode 100644 docs/addons/mongodb/standalone/examples/repository.yaml create mode 100644 docs/addons/mongodb/standalone/examples/restored-mongodb.yaml create mode 100644 docs/addons/mongodb/standalone/examples/restoresession.yaml create mode 100644 docs/addons/mongodb/standalone/index.md create mode 100644 docs/addons/mysql/README.md create mode 100644 docs/addons/mysql/_index.md create mode 100644 docs/addons/mysql/overview/images/backup_overview.svg create mode 100644 docs/addons/mysql/overview/images/restore_overview.svg create mode 100644 docs/addons/mysql/overview/index.md create mode 100644 docs/addons/mysql/standalone/examples/backupconfiguration.yaml create mode 100644 docs/addons/mysql/standalone/examples/repository.yaml create mode 100644 docs/addons/mysql/standalone/examples/restored-mysql.yaml create mode 100644 docs/addons/mysql/standalone/examples/restoresession.yaml create mode 100644 docs/addons/mysql/standalone/examples/sample-mysql.yaml create mode 100644 docs/addons/mysql/standalone/images/sample-mysql-backup.png create mode 100644 docs/addons/mysql/standalone/index.md create mode 100644 docs/addons/nats/README.md create mode 100644 docs/addons/nats/_index.md create mode 100644 docs/addons/nats/authentications/_index.md create mode 100644 docs/addons/nats/authentications/basic-auth/examples/appbinding.yaml create mode 100644 docs/addons/nats/authentications/basic-auth/examples/backupconfiguration.yaml create mode 100644 docs/addons/nats/authentications/basic-auth/examples/repository.yaml create mode 100644 docs/addons/nats/authentications/basic-auth/examples/restoresession.yaml create mode 100644 docs/addons/nats/authentications/basic-auth/examples/secret.yaml create mode 100644 docs/addons/nats/authentications/basic-auth/images/sample-nats-backup.png create mode 100644 docs/addons/nats/authentications/basic-auth/index.md create mode 100644 docs/addons/nats/authentications/jwt-auth/examples/appbinding.yaml create mode 100644 docs/addons/nats/authentications/jwt-auth/examples/backupconfiguration.yaml create mode 100644 docs/addons/nats/authentications/jwt-auth/examples/repository.yaml create mode 100644 docs/addons/nats/authentications/jwt-auth/examples/restoresession.yaml create mode 100644 docs/addons/nats/authentications/jwt-auth/examples/secret.yaml create mode 100644 docs/addons/nats/authentications/jwt-auth/images/sample-nats-backup.png create mode 100644 docs/addons/nats/authentications/jwt-auth/index.md create mode 100644 docs/addons/nats/authentications/nkey-auth/examples/appbinding.yaml create mode 100644 docs/addons/nats/authentications/nkey-auth/examples/backupconfiguration.yaml create mode 100644 docs/addons/nats/authentications/nkey-auth/examples/repository.yaml create mode 100644 docs/addons/nats/authentications/nkey-auth/examples/restoresession.yaml create mode 100644 docs/addons/nats/authentications/nkey-auth/examples/secret.yaml create mode 100644 docs/addons/nats/authentications/nkey-auth/images/sample-nats-backup.png create mode 100644 docs/addons/nats/authentications/nkey-auth/index.md create mode 100644 docs/addons/nats/authentications/token-auth/examples/appbinding.yaml create mode 100644 docs/addons/nats/authentications/token-auth/examples/backupconfiguration.yaml create mode 100644 docs/addons/nats/authentications/token-auth/examples/repository.yaml create mode 100644 docs/addons/nats/authentications/token-auth/examples/restoresession.yaml create mode 100644 docs/addons/nats/authentications/token-auth/examples/secret.yaml create mode 100644 docs/addons/nats/authentications/token-auth/images/sample-nats-backup.png create mode 100644 docs/addons/nats/authentications/token-auth/index.md create mode 100644 docs/addons/nats/customization/examples/backup/multi-retention-policy.yaml create mode 100644 docs/addons/nats/customization/examples/backup/passing-args.yaml create mode 100644 docs/addons/nats/customization/examples/backup/passing-streams.yaml create mode 100644 docs/addons/nats/customization/examples/backup/resource-limit.yaml create mode 100644 docs/addons/nats/customization/examples/backup/specific-user.yaml create mode 100644 docs/addons/nats/customization/examples/restore/passing-args.yaml create mode 100644 docs/addons/nats/customization/examples/restore/passing-streams.yaml create mode 100644 docs/addons/nats/customization/examples/restore/resource-limit.yaml create mode 100644 docs/addons/nats/customization/examples/restore/specific-snapshot.yaml create mode 100644 docs/addons/nats/customization/examples/restore/specific-user.yaml create mode 100644 docs/addons/nats/customization/index.md create mode 100644 docs/addons/nats/helm/examples/appbinding.yaml create mode 100644 docs/addons/nats/helm/examples/backupconfiguration.yaml create mode 100644 docs/addons/nats/helm/examples/repository.yaml create mode 100644 docs/addons/nats/helm/examples/restoresession.yaml create mode 100644 docs/addons/nats/helm/images/sample-nats-backup.png create mode 100644 docs/addons/nats/helm/index.md create mode 100644 docs/addons/nats/overview/images/backup_overview.svg create mode 100644 docs/addons/nats/overview/images/restore_overview.svg create mode 100644 docs/addons/nats/overview/index.md create mode 100644 docs/addons/nats/tls/examples/appbinding.yaml create mode 100644 docs/addons/nats/tls/examples/backupconfiguration.yaml create mode 100644 docs/addons/nats/tls/examples/ca.yaml create mode 100644 docs/addons/nats/tls/examples/cert.yaml create mode 100644 docs/addons/nats/tls/examples/clusterissuer.yaml create mode 100644 docs/addons/nats/tls/examples/issuer.yaml create mode 100644 docs/addons/nats/tls/examples/repository.yaml create mode 100644 docs/addons/nats/tls/examples/restoresession.yaml create mode 100644 docs/addons/nats/tls/images/sample-nats-backup.png create mode 100644 docs/addons/nats/tls/index.md create mode 100644 docs/addons/percona-xtradb/README.md create mode 100644 docs/addons/percona-xtradb/_index.md create mode 100644 docs/addons/percona-xtradb/cluster/examples/backupconfiguration.yaml create mode 100644 docs/addons/percona-xtradb/cluster/examples/repository.yaml create mode 100644 docs/addons/percona-xtradb/cluster/examples/restored-xtradb-cluster.yaml create mode 100644 docs/addons/percona-xtradb/cluster/examples/restoresession.yaml create mode 100644 docs/addons/percona-xtradb/cluster/examples/sample-xtradb-cluster.yaml create mode 100644 docs/addons/percona-xtradb/cluster/images/sample-xtradb-cluster-backup.png create mode 100644 docs/addons/percona-xtradb/cluster/index.md create mode 100644 docs/addons/percona-xtradb/overview/images/backup_overview.svg create mode 100644 docs/addons/percona-xtradb/overview/images/cluster_backup.png create mode 100644 docs/addons/percona-xtradb/overview/images/cluster_restore.png create mode 100644 docs/addons/percona-xtradb/overview/images/restore_overview.svg create mode 100644 docs/addons/percona-xtradb/overview/images/standalone_backup.png create mode 100644 docs/addons/percona-xtradb/overview/images/standalone_backup.svg create mode 100644 docs/addons/percona-xtradb/overview/images/standalone_restore.png create mode 100644 docs/addons/percona-xtradb/overview/index.md create mode 100644 docs/addons/percona-xtradb/standalone/examples/backupconfiguration.yaml create mode 100644 docs/addons/percona-xtradb/standalone/examples/repository.yaml create mode 100644 docs/addons/percona-xtradb/standalone/examples/restored-xtradb.yaml create mode 100644 docs/addons/percona-xtradb/standalone/examples/restoresession.yaml create mode 100644 docs/addons/percona-xtradb/standalone/examples/sample-xtradb.yaml create mode 100644 docs/addons/percona-xtradb/standalone/images/sample-xtradb-backup.png create mode 100644 docs/addons/percona-xtradb/standalone/index.md create mode 100644 docs/addons/postgres/README.md create mode 100644 docs/addons/postgres/_index.md create mode 100644 docs/addons/postgres/auto-backup/examples/backupblueprint.yaml create mode 100644 docs/addons/postgres/auto-backup/examples/sample-pg-1.yaml create mode 100644 docs/addons/postgres/auto-backup/examples/sample-pg-2.yaml create mode 100644 docs/addons/postgres/auto-backup/examples/sample-pg-3.yaml create mode 100644 docs/addons/postgres/auto-backup/images/sample-postgres-1.png create mode 100644 docs/addons/postgres/auto-backup/images/sample-postgres-2.png create mode 100644 docs/addons/postgres/auto-backup/images/sample-postgres-3.png create mode 100644 docs/addons/postgres/auto-backup/index.md create mode 100644 docs/addons/postgres/overview/images/backup_overview.svg create mode 100644 docs/addons/postgres/overview/images/restore_overview.svg create mode 100644 docs/addons/postgres/overview/index.md create mode 100644 docs/addons/postgres/standalone/examples/appbinding.yaml create mode 100644 docs/addons/postgres/standalone/examples/backupconfiguration.yaml create mode 100644 docs/addons/postgres/standalone/examples/minimal_appbinding.yaml create mode 100644 docs/addons/postgres/standalone/examples/postgres.yaml create mode 100644 docs/addons/postgres/standalone/examples/repository.yaml create mode 100644 docs/addons/postgres/standalone/examples/restored-postgres.yaml create mode 100644 docs/addons/postgres/standalone/examples/restoresession.yaml create mode 100644 docs/addons/postgres/standalone/examples/secret_transform.yaml create mode 100644 docs/addons/postgres/standalone/images/sample-postgres-backup.png create mode 100644 docs/addons/postgres/standalone/index.md create mode 100644 docs/addons/redis/README.md create mode 100644 docs/addons/redis/_index.md create mode 100644 docs/addons/redis/auto-backup/examples/backupblueprint.yaml create mode 100644 docs/addons/redis/auto-backup/examples/sample-redis-1.yaml create mode 100644 docs/addons/redis/auto-backup/examples/sample-redis-2.yaml create mode 100644 docs/addons/redis/auto-backup/examples/sample-redis-3.yaml create mode 100644 docs/addons/redis/auto-backup/images/sample-redis-1.png create mode 100644 docs/addons/redis/auto-backup/images/sample-redis-2.png create mode 100644 docs/addons/redis/auto-backup/images/sample-redis-3.png create mode 100644 docs/addons/redis/auto-backup/index.md create mode 100644 docs/addons/redis/customization/examples/backup/multi-retention-policy.yaml create mode 100644 docs/addons/redis/customization/examples/backup/passing-args.yaml create mode 100644 docs/addons/redis/customization/examples/backup/resource-limit.yaml create mode 100644 docs/addons/redis/customization/examples/backup/specific-user.yaml create mode 100644 docs/addons/redis/customization/examples/restore/passing-args.yaml create mode 100644 docs/addons/redis/customization/examples/restore/resource-limit.yaml create mode 100644 docs/addons/redis/customization/examples/restore/specific-snapshot.yaml create mode 100644 docs/addons/redis/customization/examples/restore/specific-user.yaml create mode 100644 docs/addons/redis/customization/index.md create mode 100644 docs/addons/redis/helm/examples/appbinding.yaml create mode 100644 docs/addons/redis/helm/examples/backupconfiguration.yaml create mode 100644 docs/addons/redis/helm/examples/repository.yaml create mode 100644 docs/addons/redis/helm/examples/restoresession.yaml create mode 100644 docs/addons/redis/helm/images/sample-redis-backup.png create mode 100644 docs/addons/redis/helm/index.md create mode 100644 docs/addons/redis/overview/images/redis-logical-backup.svg create mode 100644 docs/addons/redis/overview/images/redis-logical-restore.svg create mode 100644 docs/addons/redis/overview/index.md create mode 100644 docs/concepts/README.md create mode 100644 docs/concepts/_index.md create mode 100644 docs/concepts/crds/_index.md create mode 100644 docs/concepts/crds/appbinding/appbinding.yaml create mode 100644 docs/concepts/crds/appbinding/index.md create mode 100644 docs/concepts/crds/backupbatch/backupbatch.yaml create mode 100644 docs/concepts/crds/backupbatch/index.md create mode 100644 docs/concepts/crds/backupblueprint/backupblueprint.yaml create mode 100644 docs/concepts/crds/backupblueprint/index.md create mode 100644 docs/concepts/crds/backupconfiguration/backupconfiguration.yaml create mode 100644 docs/concepts/crds/backupconfiguration/index.md create mode 100644 docs/concepts/crds/backupsession/backupsession.yaml create mode 100644 docs/concepts/crds/backupsession/index.md create mode 100644 docs/concepts/crds/function/function.yaml create mode 100644 docs/concepts/crds/function/index.md create mode 100644 docs/concepts/crds/repository/index.md create mode 100644 docs/concepts/crds/repository/repository.yaml create mode 100644 docs/concepts/crds/restorebatch/index.md create mode 100644 docs/concepts/crds/restorebatch/restorebatch.yaml create mode 100644 docs/concepts/crds/restoresession/index.md create mode 100644 docs/concepts/crds/restoresession/restoresession.yaml create mode 100644 docs/concepts/crds/snapshot/index.md create mode 100644 docs/concepts/crds/snapshot/snapshot.yaml create mode 100644 docs/concepts/crds/task/index.md create mode 100644 docs/concepts/crds/task/task.yaml create mode 100644 docs/concepts/what-is-stash/_index.md create mode 100644 docs/concepts/what-is-stash/architecture/images/stash_architecture.svg create mode 100644 docs/concepts/what-is-stash/architecture/index.md create mode 100644 docs/concepts/what-is-stash/overview/index.md create mode 100644 docs/design.md create mode 100644 docs/guides/README.md create mode 100644 docs/guides/_index.md create mode 100644 docs/guides/addons/_index.md create mode 100644 docs/guides/addons/overview/images/addon_overview.svg create mode 100644 docs/guides/addons/overview/index.md create mode 100644 docs/guides/auto-backup/_index.md create mode 100644 docs/guides/auto-backup/database/index.md create mode 100644 docs/guides/auto-backup/overview/images/auto_backup_overview.svg create mode 100644 docs/guides/auto-backup/overview/index.md create mode 100644 docs/guides/auto-backup/pvc/examples/backupblueprint.yaml create mode 100644 docs/guides/auto-backup/pvc/examples/nfs_pv.yaml create mode 100644 docs/guides/auto-backup/pvc/examples/nfs_pvc.yaml create mode 100644 docs/guides/auto-backup/pvc/examples/pod-1.yaml create mode 100644 docs/guides/auto-backup/pvc/examples/pod-2.yaml create mode 100644 docs/guides/auto-backup/pvc/images/pvc_repo.png create mode 100644 docs/guides/auto-backup/pvc/index.md create mode 100644 docs/guides/auto-backup/workload/examples/backupblueprint.yaml create mode 100644 docs/guides/auto-backup/workload/examples/daemonset.yaml create mode 100644 docs/guides/auto-backup/workload/examples/deployment.yaml create mode 100644 docs/guides/auto-backup/workload/examples/statefulset.yaml create mode 100644 docs/guides/auto-backup/workload/images/daemon_repo.png create mode 100644 docs/guides/auto-backup/workload/images/deployment_repo.png create mode 100644 docs/guides/auto-backup/workload/images/statefulset_repo.png create mode 100644 docs/guides/auto-backup/workload/index.md create mode 100644 docs/guides/backends/_index.md create mode 100644 docs/guides/backends/azure/examples/azure.yaml create mode 100644 docs/guides/backends/azure/index.md create mode 100644 docs/guides/backends/b2/examples/b2.yaml create mode 100644 docs/guides/backends/b2/index.md create mode 100644 docs/guides/backends/gcs/examples/gcs.yaml create mode 100644 docs/guides/backends/gcs/index.md create mode 100644 docs/guides/backends/local/examples/awsElasticBolckStore.yaml create mode 100644 docs/guides/backends/local/examples/azureDisk.yaml create mode 100644 docs/guides/backends/local/examples/emptyDir.yaml create mode 100644 docs/guides/backends/local/examples/gcePersistentDisk.yaml create mode 100644 docs/guides/backends/local/examples/hostPath.yaml create mode 100644 docs/guides/backends/local/examples/nfs.yaml create mode 100644 docs/guides/backends/local/examples/pvc.yaml create mode 100644 docs/guides/backends/local/examples/storageOS.yaml create mode 100644 docs/guides/backends/local/index.md create mode 100644 docs/guides/backends/overview/images/backend_overview.svg create mode 100644 docs/guides/backends/overview/images/s3_repository.png create mode 100644 docs/guides/backends/overview/index.md create mode 100644 docs/guides/backends/rest/examples/rest.yaml create mode 100644 docs/guides/backends/rest/index.md create mode 100644 docs/guides/backends/s3/examples/minio.yaml create mode 100644 docs/guides/backends/s3/examples/s3.yaml create mode 100644 docs/guides/backends/s3/index.md create mode 100644 docs/guides/backends/swift/examples/swift.yaml create mode 100644 docs/guides/backends/swift/index.md create mode 100644 docs/guides/batch-backup/_index.md create mode 100644 docs/guides/batch-backup/overview/images/batch-restore.svg create mode 100644 docs/guides/batch-backup/overview/images/batchbackup_overview.svg create mode 100644 docs/guides/batch-backup/overview/index.md create mode 100644 docs/guides/batch-backup/wordpress-backup/examples/appbinding.yaml create mode 100644 docs/guides/batch-backup/wordpress-backup/examples/backupbatch.yaml create mode 100644 docs/guides/batch-backup/wordpress-backup/examples/mysql.yaml create mode 100644 docs/guides/batch-backup/wordpress-backup/examples/repository.yaml create mode 100644 docs/guides/batch-backup/wordpress-backup/examples/restorebatch.yaml create mode 100644 docs/guides/batch-backup/wordpress-backup/examples/restoresession.yaml create mode 100644 docs/guides/batch-backup/wordpress-backup/examples/wordpress.yaml create mode 100644 docs/guides/batch-backup/wordpress-backup/images/backup-data.png create mode 100644 docs/guides/batch-backup/wordpress-backup/images/sample-post.png create mode 100644 docs/guides/batch-backup/wordpress-backup/images/wordpress-setup.png create mode 100644 docs/guides/batch-backup/wordpress-backup/images/wp_missing.png create mode 100644 docs/guides/batch-backup/wordpress-backup/images/wp_restored.png create mode 100644 docs/guides/batch-backup/wordpress-backup/index.md create mode 100644 docs/guides/cli/_index.md create mode 100644 docs/guides/cli/kubectl-plugin/index.md create mode 100644 docs/guides/hooks/_index.md create mode 100644 docs/guides/hooks/backup-and-restore-hooks/examples/post_backup_hook_demo.yaml create mode 100644 docs/guides/hooks/backup-and-restore-hooks/examples/post_restore_hook_demo.yaml create mode 100644 docs/guides/hooks/backup-and-restore-hooks/examples/pre_backup_hook_demo.yaml create mode 100644 docs/guides/hooks/backup-and-restore-hooks/examples/pre_restore_hook_demo.yaml create mode 100644 docs/guides/hooks/backup-and-restore-hooks/examples/repository.yaml create mode 100644 docs/guides/hooks/backup-and-restore-hooks/examples/sample-mysql.yaml create mode 100644 docs/guides/hooks/backup-and-restore-hooks/index.md create mode 100644 docs/guides/hooks/batch-backup/examples/repository.yaml create mode 100644 docs/guides/hooks/batch-backup/examples/wordpress-backup.yaml create mode 100644 docs/guides/hooks/batch-backup/examples/wordpress-deployment.yaml create mode 100644 docs/guides/hooks/batch-backup/examples/wordpress-mysql.yaml create mode 100644 docs/guides/hooks/batch-backup/images/notification.png create mode 100644 docs/guides/hooks/batch-backup/index.md create mode 100644 docs/guides/hooks/configuring-hooks/index.md create mode 100644 docs/guides/hooks/overview/images/batch-backup.svg create mode 100644 docs/guides/hooks/overview/images/job-model.svg create mode 100644 docs/guides/hooks/overview/images/sidecar-model.svg create mode 100644 docs/guides/hooks/overview/index.md create mode 100644 docs/guides/hooks/slack-notification/examples/all_backup_notification.yaml create mode 100644 docs/guides/hooks/slack-notification/examples/deployment.yaml create mode 100644 docs/guides/hooks/slack-notification/examples/failed_backup_notification.yaml create mode 100644 docs/guides/hooks/slack-notification/examples/repository.yaml create mode 100644 docs/guides/hooks/slack-notification/examples/restoresession.yaml create mode 100644 docs/guides/hooks/slack-notification/images/all_notification.png create mode 100644 docs/guides/hooks/slack-notification/images/failed_notification.png create mode 100644 docs/guides/hooks/slack-notification/images/step_1.png create mode 100644 docs/guides/hooks/slack-notification/images/step_2.png create mode 100644 docs/guides/hooks/slack-notification/images/step_3.png create mode 100644 docs/guides/hooks/slack-notification/images/step_4.png create mode 100644 docs/guides/hooks/slack-notification/images/step_5.png create mode 100644 docs/guides/hooks/slack-notification/images/step_6.png create mode 100644 docs/guides/hooks/slack-notification/images/step_7.png create mode 100644 docs/guides/hooks/slack-notification/images/step_8.png create mode 100644 docs/guides/hooks/slack-notification/index.md create mode 100644 docs/guides/managed-backup/_index.md create mode 100644 docs/guides/managed-backup/dedicated-backup-namespace-auto-backup/examples/backup-bluprint.yaml create mode 100644 docs/guides/managed-backup/dedicated-backup-namespace-auto-backup/examples/clusterrole_clusterrolebinding.yaml create mode 100644 docs/guides/managed-backup/dedicated-backup-namespace-auto-backup/examples/mysql.yaml create mode 100644 docs/guides/managed-backup/dedicated-backup-namespace-auto-backup/examples/serviceaccount.yaml create mode 100644 docs/guides/managed-backup/dedicated-backup-namespace-auto-backup/images/gcs-prod-1.png create mode 100644 docs/guides/managed-backup/dedicated-backup-namespace-auto-backup/images/gcs-prod-2.png create mode 100644 docs/guides/managed-backup/dedicated-backup-namespace-auto-backup/images/gcs-prod-3.png create mode 100644 docs/guides/managed-backup/dedicated-backup-namespace-auto-backup/index.md create mode 100644 docs/guides/managed-backup/dedicated-backup-namespace/examples/backupconfiguration.yaml create mode 100644 docs/guides/managed-backup/dedicated-backup-namespace/examples/clusterrole_clusterrolebinding.yaml create mode 100644 docs/guides/managed-backup/dedicated-backup-namespace/examples/mysql.yaml create mode 100644 docs/guides/managed-backup/dedicated-backup-namespace/examples/mysql_recovery.yaml create mode 100644 docs/guides/managed-backup/dedicated-backup-namespace/examples/repository.yaml create mode 100644 docs/guides/managed-backup/dedicated-backup-namespace/examples/restoresession.yaml create mode 100644 docs/guides/managed-backup/dedicated-backup-namespace/examples/serviceaccount.yaml create mode 100644 docs/guides/managed-backup/dedicated-backup-namespace/index.md create mode 100644 docs/guides/managed-backup/dedicated-storage-namespace/examples/backupconfiguration.yaml create mode 100644 docs/guides/managed-backup/dedicated-storage-namespace/examples/repository.yaml create mode 100644 docs/guides/managed-backup/dedicated-storage-namespace/examples/restoresession.yaml create mode 100644 docs/guides/managed-backup/dedicated-storage-namespace/examples/statefulset.yaml create mode 100644 docs/guides/managed-backup/dedicated-storage-namespace/examples/statefulset_recovered.yaml create mode 100644 docs/guides/managed-backup/dedicated-storage-namespace/index.md create mode 100644 docs/guides/monitoring/_index.md create mode 100644 docs/guides/monitoring/grafana/images/import_dashboard_1.png create mode 100644 docs/guides/monitoring/grafana/images/import_dashboard_2.png create mode 100644 docs/guides/monitoring/grafana/images/import_dashboard_3.png create mode 100644 docs/guides/monitoring/grafana/images/stash_grafana_dashboard.png create mode 100644 docs/guides/monitoring/grafana/index.md create mode 100644 docs/guides/monitoring/overview/images/monitoring-structure.svg create mode 100644 docs/guides/monitoring/overview/index.md create mode 100644 docs/guides/monitoring/profiler.yaml create mode 100644 docs/guides/monitoring/prom-builtin/examples/prom-config.yaml create mode 100644 docs/guides/monitoring/prom-builtin/examples/prom-deployment.yaml create mode 100644 docs/guides/monitoring/prom-builtin/examples/prom-rbac.yaml create mode 100644 docs/guides/monitoring/prom-builtin/images/prom_builtin_target.png create mode 100644 docs/guides/monitoring/prom-builtin/index.md create mode 100644 docs/guides/monitoring/prom-operator/images/prom_operator_web_ui.png create mode 100644 docs/guides/monitoring/prom-operator/index.md create mode 100644 docs/guides/platforms/_index.md create mode 100644 docs/guides/platforms/aks/examples/backupconfiguration.yaml create mode 100644 docs/guides/platforms/aks/examples/deployment.yaml create mode 100644 docs/guides/platforms/aks/examples/pvc.yaml create mode 100644 docs/guides/platforms/aks/examples/recovered_deployment.yaml create mode 100644 docs/guides/platforms/aks/examples/repository.yaml create mode 100644 docs/guides/platforms/aks/examples/restoresession.yaml create mode 100644 docs/guides/platforms/aks/images/aks.png create mode 100644 docs/guides/platforms/aks/index.md create mode 100644 docs/guides/platforms/eks-irsa/examples/backupconfiguration.yaml create mode 100644 docs/guides/platforms/eks-irsa/examples/mariadb.yaml create mode 100644 docs/guides/platforms/eks-irsa/examples/repository.yaml create mode 100644 docs/guides/platforms/eks-irsa/examples/restoresession.yaml create mode 100644 docs/guides/platforms/eks-irsa/images/create-bucket-policy-1.png create mode 100644 docs/guides/platforms/eks-irsa/images/create-bucket-policy-2.png create mode 100644 docs/guides/platforms/eks-irsa/images/eks.png create mode 100644 docs/guides/platforms/eks-irsa/images/gcs.png create mode 100644 docs/guides/platforms/eks-irsa/index.md create mode 100644 docs/guides/platforms/eks-kube2iam/examples/backupconfiguration.yaml create mode 100644 docs/guides/platforms/eks-kube2iam/examples/kube2iam.yaml create mode 100644 docs/guides/platforms/eks-kube2iam/examples/mariadb.yaml create mode 100644 docs/guides/platforms/eks-kube2iam/examples/repository.yaml create mode 100644 docs/guides/platforms/eks-kube2iam/examples/restoresession.yaml create mode 100644 docs/guides/platforms/eks-kube2iam/images/attach-policy-1.png create mode 100644 docs/guides/platforms/eks-kube2iam/images/attach-policy-2.png create mode 100644 docs/guides/platforms/eks-kube2iam/images/create-assume-policy-1.png create mode 100644 docs/guides/platforms/eks-kube2iam/images/create-assume-policy-2.png create mode 100644 docs/guides/platforms/eks-kube2iam/images/create-bucket-policy-1.png create mode 100644 docs/guides/platforms/eks-kube2iam/images/create-bucket-policy-2.png create mode 100644 docs/guides/platforms/eks-kube2iam/images/create-role-1.png create mode 100644 docs/guides/platforms/eks-kube2iam/images/create-role-2.png create mode 100644 docs/guides/platforms/eks-kube2iam/images/create-role-3.png create mode 100644 docs/guides/platforms/eks-kube2iam/images/eks.png create mode 100644 docs/guides/platforms/eks-kube2iam/images/gcs.png create mode 100644 docs/guides/platforms/eks-kube2iam/images/trust-policy-1.png create mode 100644 docs/guides/platforms/eks-kube2iam/images/trust-policy-2.png create mode 100644 docs/guides/platforms/eks-kube2iam/index.md create mode 100644 docs/guides/platforms/gke/examples/backupconfiguration.yaml create mode 100644 docs/guides/platforms/gke/examples/mariadb.yaml create mode 100644 docs/guides/platforms/gke/examples/repository.yaml create mode 100644 docs/guides/platforms/gke/examples/restoresession.yaml create mode 100644 docs/guides/platforms/gke/images/gke.png create mode 100644 docs/guides/platforms/gke/index.md create mode 100644 docs/guides/platforms/minio/examples/backupconfiguration.yaml create mode 100644 docs/guides/platforms/minio/examples/deployment.yaml create mode 100644 docs/guides/platforms/minio/examples/minio-deployment.yaml create mode 100644 docs/guides/platforms/minio/examples/minio-nodeport-svc.yaml create mode 100644 docs/guides/platforms/minio/examples/minio-pvc.yaml create mode 100644 docs/guides/platforms/minio/examples/pvc.yaml create mode 100644 docs/guides/platforms/minio/examples/recovered_deployment.yaml create mode 100644 docs/guides/platforms/minio/examples/repository.yaml create mode 100644 docs/guides/platforms/minio/examples/restoresession.yaml create mode 100644 docs/guides/platforms/minio/images/minio.png create mode 100644 docs/guides/platforms/minio/index.md create mode 100644 docs/guides/platforms/rook/examples/backupconfiguration.yaml create mode 100644 docs/guides/platforms/rook/examples/deployment.yaml create mode 100644 docs/guides/platforms/rook/examples/pvc.yaml create mode 100644 docs/guides/platforms/rook/examples/recovered_deployment.yaml create mode 100644 docs/guides/platforms/rook/examples/repository.yaml create mode 100644 docs/guides/platforms/rook/examples/restoresession.yaml create mode 100644 docs/guides/platforms/rook/index.md create mode 100644 docs/guides/security/_index.md create mode 100644 docs/guides/security/psp/index.md create mode 100644 docs/guides/security/rbac/index.md create mode 100644 docs/guides/troubleshooting/_index.md create mode 100644 docs/guides/troubleshooting/ciphertext-verification-failed/images/gcs_lifecycle_policy.png create mode 100644 docs/guides/troubleshooting/ciphertext-verification-failed/index.md create mode 100644 docs/guides/troubleshooting/how-to-troubleshoot/index.md create mode 100644 docs/guides/troubleshooting/permission-denided/index.md create mode 100644 docs/guides/troubleshooting/repo-locked/images/repo_lock.png create mode 100644 docs/guides/troubleshooting/repo-locked/index.md create mode 100644 docs/guides/troubleshooting/source-data-read-failed/index.md create mode 100644 docs/guides/use-cases/_index.md create mode 100644 docs/guides/use-cases/clone-pvc/examples/deployment/dep-backupconfiguration.yaml create mode 100644 docs/guides/use-cases/clone-pvc/examples/deployment/deployment.yaml create mode 100644 docs/guides/use-cases/clone-pvc/examples/deployment/restore-deployment.yaml create mode 100644 docs/guides/use-cases/clone-pvc/examples/deployment/restoresession.yaml create mode 100644 docs/guides/use-cases/clone-pvc/examples/repository.yaml create mode 100644 docs/guides/use-cases/clone-pvc/examples/statefulset/restore-statefulset.yaml create mode 100644 docs/guides/use-cases/clone-pvc/examples/statefulset/restoresession.yaml create mode 100644 docs/guides/use-cases/clone-pvc/examples/statefulset/ss-backupconfiguration.yaml create mode 100644 docs/guides/use-cases/clone-pvc/examples/statefulset/statefulset.yaml create mode 100644 docs/guides/use-cases/clone-pvc/index.md create mode 100644 docs/guides/use-cases/cross-cluster-backup/examples/backupconfiguration_prod.yaml create mode 100644 docs/guides/use-cases/cross-cluster-backup/examples/deployment_prod.yaml create mode 100644 docs/guides/use-cases/cross-cluster-backup/examples/deployment_staging.yaml create mode 100644 docs/guides/use-cases/cross-cluster-backup/examples/pvc_prod.yaml create mode 100644 docs/guides/use-cases/cross-cluster-backup/examples/pvc_staging.yaml create mode 100644 docs/guides/use-cases/cross-cluster-backup/examples/repository_prod.yaml create mode 100644 docs/guides/use-cases/cross-cluster-backup/examples/repository_staging.yaml create mode 100644 docs/guides/use-cases/cross-cluster-backup/examples/restoresession_staging.yaml create mode 100644 docs/guides/use-cases/cross-cluster-backup/index.md create mode 100644 docs/guides/use-cases/customize-backup-restore/examples/backup/multiple_retention_policy.yaml create mode 100644 docs/guides/use-cases/customize-backup-restore/examples/backup/passing_args.yaml create mode 100644 docs/guides/use-cases/customize-backup-restore/examples/backup/resource_limit.yaml create mode 100644 docs/guides/use-cases/customize-backup-restore/examples/backup/specific_user.yaml create mode 100644 docs/guides/use-cases/customize-backup-restore/examples/restore/passing_args.yaml create mode 100644 docs/guides/use-cases/customize-backup-restore/examples/restore/resource_limit.yaml create mode 100644 docs/guides/use-cases/customize-backup-restore/examples/restore/specific_snapshot.yaml create mode 100644 docs/guides/use-cases/customize-backup-restore/examples/restore/specific_user.yaml create mode 100644 docs/guides/use-cases/customize-backup-restore/index.md create mode 100644 docs/guides/use-cases/exclude-include-files/examples/backupconfiguration-exclude.yaml create mode 100644 docs/guides/use-cases/exclude-include-files/examples/backupconfiguration-full.yaml create mode 100644 docs/guides/use-cases/exclude-include-files/examples/deployment-recovered.yaml create mode 100644 docs/guides/use-cases/exclude-include-files/examples/deployment-source.yaml create mode 100644 docs/guides/use-cases/exclude-include-files/examples/pvc-recovered.yaml create mode 100644 docs/guides/use-cases/exclude-include-files/examples/pvc-source.yaml create mode 100644 docs/guides/use-cases/exclude-include-files/examples/repository-exclude.yaml create mode 100644 docs/guides/use-cases/exclude-include-files/examples/repository-full.yaml create mode 100644 docs/guides/use-cases/exclude-include-files/examples/restoresession-exclude.yaml create mode 100644 docs/guides/use-cases/exclude-include-files/examples/restoresession-inlcude.yaml create mode 100644 docs/guides/use-cases/exclude-include-files/index.md create mode 100644 docs/guides/use-cases/instant-backup/examples/backupconfiguration.yaml create mode 100644 docs/guides/use-cases/instant-backup/examples/backupsession.yaml create mode 100644 docs/guides/use-cases/instant-backup/examples/deployment.yaml create mode 100644 docs/guides/use-cases/instant-backup/examples/repository.yaml create mode 100644 docs/guides/use-cases/instant-backup/images/instant.png create mode 100644 docs/guides/use-cases/instant-backup/index.md create mode 100644 docs/guides/use-cases/ownership/index.md create mode 100644 docs/guides/use-cases/pause-backup/examples/backupconfiguration.yaml create mode 100644 docs/guides/use-cases/pause-backup/examples/backupsession.yaml create mode 100644 docs/guides/use-cases/pause-backup/examples/deployment.yaml create mode 100644 docs/guides/use-cases/pause-backup/examples/repository.yaml create mode 100644 docs/guides/use-cases/pause-backup/index.md create mode 100644 docs/guides/volumes/_index.md create mode 100644 docs/guides/volumes/overview/images/volume_backup_overview.svg create mode 100644 docs/guides/volumes/overview/images/volume_restore_overview.svg create mode 100644 docs/guides/volumes/overview/index.md create mode 100644 docs/guides/volumes/pvc/examples/backupconfiguration.yaml create mode 100644 docs/guides/volumes/pvc/examples/pod-1.yaml create mode 100644 docs/guides/volumes/pvc/examples/pod-2.yaml create mode 100644 docs/guides/volumes/pvc/examples/pv.yaml create mode 100644 docs/guides/volumes/pvc/examples/pvc.yaml create mode 100644 docs/guides/volumes/pvc/examples/repository.yaml create mode 100644 docs/guides/volumes/pvc/examples/restoresession.yaml create mode 100644 docs/guides/volumes/pvc/images/pvc_repo.png create mode 100644 docs/guides/volumes/pvc/index.md create mode 100644 docs/guides/volumesnapshot/_index.md create mode 100644 docs/guides/volumesnapshot/deployment/examples/backupconfiguration.yaml create mode 100644 docs/guides/volumesnapshot/deployment/examples/deployment.yaml create mode 100644 docs/guides/volumesnapshot/deployment/examples/pvcs.yaml create mode 100644 docs/guides/volumesnapshot/deployment/examples/restored-deployment.yaml create mode 100644 docs/guides/volumesnapshot/deployment/examples/restoresession.yaml create mode 100644 docs/guides/volumesnapshot/deployment/examples/storageclass.yaml create mode 100644 docs/guides/volumesnapshot/deployment/examples/volumesnapshotclass.yaml create mode 100644 docs/guides/volumesnapshot/deployment/images/gcp.png create mode 100644 docs/guides/volumesnapshot/deployment/index.md create mode 100644 docs/guides/volumesnapshot/overview/images/restore-overview.svg create mode 100644 docs/guides/volumesnapshot/overview/images/volumesnapshot-overview.svg create mode 100644 docs/guides/volumesnapshot/overview/index.md create mode 100644 docs/guides/volumesnapshot/pvc/examples/backupconfiguration.yaml create mode 100644 docs/guides/volumesnapshot/pvc/examples/restored-pod.yaml create mode 100644 docs/guides/volumesnapshot/pvc/examples/restoresession.yaml create mode 100644 docs/guides/volumesnapshot/pvc/examples/source-pod.yaml create mode 100644 docs/guides/volumesnapshot/pvc/examples/source-pvc.yaml create mode 100644 docs/guides/volumesnapshot/pvc/examples/storageclass.yaml create mode 100644 docs/guides/volumesnapshot/pvc/examples/volumesnapshotclass.yaml create mode 100644 docs/guides/volumesnapshot/pvc/images/gcp.png create mode 100644 docs/guides/volumesnapshot/pvc/index.md create mode 100644 docs/guides/volumesnapshot/statefulset/examples/backupconfiguration-single-replica.yaml create mode 100644 docs/guides/volumesnapshot/statefulset/examples/backupconfiguration.yaml create mode 100644 docs/guides/volumesnapshot/statefulset/examples/restored-statefulset.yaml create mode 100644 docs/guides/volumesnapshot/statefulset/examples/restoresession-single-replica.yaml create mode 100644 docs/guides/volumesnapshot/statefulset/examples/restoresession.yaml create mode 100644 docs/guides/volumesnapshot/statefulset/examples/statefulset.yaml create mode 100644 docs/guides/volumesnapshot/statefulset/examples/storageclass.yaml create mode 100644 docs/guides/volumesnapshot/statefulset/examples/volumesnapshotclass.yaml create mode 100644 docs/guides/volumesnapshot/statefulset/images/gcp.png create mode 100644 docs/guides/volumesnapshot/statefulset/images/gcp2.png create mode 100644 docs/guides/volumesnapshot/statefulset/index.md create mode 100644 docs/guides/workloads/_index.md create mode 100644 docs/guides/workloads/daemonset/examples/backupconfiguration.yaml create mode 100644 docs/guides/workloads/daemonset/examples/daemon.yaml create mode 100644 docs/guides/workloads/daemonset/examples/recovered_daemon.yaml create mode 100644 docs/guides/workloads/daemonset/examples/repository.yaml create mode 100644 docs/guides/workloads/daemonset/examples/restoresession.yaml create mode 100644 docs/guides/workloads/daemonset/images/gcs_bucket_dmn.png create mode 100644 docs/guides/workloads/daemonset/index.md create mode 100644 docs/guides/workloads/deployment/examples/backupconfiguration.yaml create mode 100644 docs/guides/workloads/deployment/examples/deployment.yaml create mode 100644 docs/guides/workloads/deployment/examples/pvc.yaml create mode 100644 docs/guides/workloads/deployment/examples/recovered_deployment.yaml create mode 100644 docs/guides/workloads/deployment/examples/repository.yaml create mode 100644 docs/guides/workloads/deployment/examples/restoresession.yaml create mode 100644 docs/guides/workloads/deployment/images/gcs_bucket_dep.png create mode 100644 docs/guides/workloads/deployment/index.md create mode 100644 docs/guides/workloads/overview/images/backup_overview.svg create mode 100644 docs/guides/workloads/overview/images/restore_overview.svg create mode 100644 docs/guides/workloads/overview/index.md create mode 100644 docs/guides/workloads/statefulset/examples/adv_restoresession.yaml create mode 100644 docs/guides/workloads/statefulset/examples/adv_statefulset.yaml create mode 100644 docs/guides/workloads/statefulset/examples/backupconfiguration.yaml create mode 100644 docs/guides/workloads/statefulset/examples/custom_restore.yaml create mode 100644 docs/guides/workloads/statefulset/examples/recovered_statefulset.yaml create mode 100644 docs/guides/workloads/statefulset/examples/repository.yaml create mode 100644 docs/guides/workloads/statefulset/examples/restoresession.yaml create mode 100644 docs/guides/workloads/statefulset/examples/statefulset.yaml create mode 100644 docs/guides/workloads/statefulset/images/gcs_bucket_ss.png create mode 100644 docs/guides/workloads/statefulset/index.md create mode 100644 docs/reference/_index.md create mode 100644 docs/reference/cli/_index.md create mode 100644 docs/reference/operator/_index.md create mode 100644 docs/setup/README.md create mode 100644 docs/setup/_index.md create mode 100644 docs/setup/install/_index.md create mode 100644 docs/setup/install/kubectl-plugin/index.md create mode 100644 docs/setup/install/stash/images/enterprise_license_form.png create mode 100644 docs/setup/install/stash/index.md create mode 100644 docs/setup/install/troubleshooting/index.md create mode 100644 docs/setup/uninstall/_index.md create mode 100644 docs/setup/uninstall/kubectl-plugin/index.md create mode 100644 docs/setup/uninstall/stash/index.md create mode 100644 docs/setup/upgrade/images/stash-navigate-old-version.png create mode 100644 docs/setup/upgrade/index.md create mode 100644 docs/support.md create mode 100755 hack/scripts/open-pr.sh create mode 100755 hack/scripts/update-release-tracker.sh diff --git a/.github/.kodiak.toml b/.github/.kodiak.toml new file mode 100644 index 0000000..ded81e4 --- /dev/null +++ b/.github/.kodiak.toml @@ -0,0 +1,18 @@ +version = 1 + +[merge] +method = "squash" # default: "merge" +delete_branch_on_merge = true # default: false +optimistic_updates = true # default: true +prioritize_ready_to_merge = true # default: false + +[merge.message] +title = "pull_request_title" # default: "github_default" +body = "github_default" # default: "github_default" +strip_html_comments = true # default: false + +[update] +always = true # default: false + +[approve] +auto_approve_usernames = ["1gtm", "tamalsaha"] diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 0000000..a7f2d64 --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,63 @@ +name: CI + +on: + pull_request: + branches: + - "*" + push: + branches: + - master + workflow_dispatch: + +concurrency: + group: ${{ github.workflow }}-${{ github.head_ref || github.ref }} + cancel-in-progress: true + +jobs: + build: + name: Build + runs-on: ubuntu-20.04 + steps: + - uses: actions/checkout@v1 + + - name: Install link checker + run: | + curl -fsSL -o liche https://github.com/appscodelabs/liche/releases/download/v0.1.0/liche-linux-amd64 + chmod +x liche + sudo mv liche /usr/local/bin/liche + + - name: Install codespan schema checker + run: | + curl -fsSL -o codespan-schema-checker https://github.com/kmodules/codespan-schema-checker/releases/download/v0.0.1/codespan-schema-checker-linux-amd64 + chmod +x codespan-schema-checker + sudo mv codespan-schema-checker /usr/local/bin/codespan-schema-checker + + - name: Check links + run: | + liche -r docs -d $(pwd) -c 10 -p -h -l -x '^(.*/docs/{{<.*>}}/.*|.*github.com.*|.*api.slack.com.*|.*askapache.com.*|.*twitter.com.*)$' + + - name: Create Kubernetes cluster + id: kind + uses: engineerd/setup-kind@v0.5.0 + with: + version: v0.17.0 + + - name: Prepare cluster for testing + id: local-path + run: | + echo "waiting for nodes to be ready ..." + kubectl wait --for=condition=Ready nodes --all --timeout=5m + kubectl get nodes + echo + echo "install helm 3" + curl https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 | bash + echo "install stash-crds chart" + helm repo add appscode https://charts.appscode.com/stable/ + helm repo update + helm install stash-crds appscode/stash-crds + helm install kubedb-crds appscode/kubedb-crds + helm install kmodules-crds appscode/kmodules-crds + + - name: Check codespan schema + run: | + codespan-schema-checker --content=./docs diff --git a/.github/workflows/preview-website.yml b/.github/workflows/preview-website.yml new file mode 100644 index 0000000..c6b621f --- /dev/null +++ b/.github/workflows/preview-website.yml @@ -0,0 +1,86 @@ +name: preview-website + +on: + pull_request: + branches: + - "*" + workflow_dispatch: + +concurrency: + group: ${{ github.workflow }}-${{ github.head_ref || github.ref }} + cancel-in-progress: true + +jobs: + build: + name: Build + runs-on: ubuntu-20.04 + steps: + - uses: actions/checkout@v1 + + - name: Set up Go 1.x + uses: actions/setup-go@v2 + with: + go-version: '1.20' + id: go + + - name: Use Node.js + uses: actions/setup-node@v1 + with: + node-version: '18' + + - name: Install yq + run: | + curl -fsSL -o yqq https://github.com/mikefarah/yq/releases/download/3.3.0/yq_linux_amd64 + chmod +x yqq + sudo mv yqq /usr/local/bin/yqq + pip3 install yq + + - name: Install Hugo + run: | + curl -fsSL -o hugo_extended.deb https://github.com/gohugoio/hugo/releases/download/v0.111.1/hugo_extended_0.111.1_linux-amd64.deb + sudo dpkg -i hugo_extended.deb + rm hugo_extended.deb + + - name: Install Hugo Tools + run: | + curl -fsSL -o hugo-tools https://github.com/appscodelabs/hugo-tools/releases/download/v0.2.23/hugo-tools-linux-amd64 + chmod +x hugo-tools + sudo mv hugo-tools /usr/local/bin/hugo-tools + + - name: Clone website repository + env: + GITHUB_USER: 1gtm + GITHUB_TOKEN: ${{ secrets.LGTM_GITHUB_TOKEN }} + WEBSITE_REPOSITORY: ${{ secrets.WEBSITE_REPOSITORY }} + run: | + url="https://${GITHUB_USER}:${GITHUB_TOKEN}@${WEBSITE_REPOSITORY}.git" + cd $RUNNER_WORKSPACE + git clone $url + cd $(basename $WEBSITE_REPOSITORY) + git config user.name "${GITHUB_USER}" + git config user.email "${GITHUB_USER}@appscode.com" + + - name: Update docs + env: + GITHUB_USER: 1gtm + GITHUB_TOKEN: ${{ secrets.LGTM_GITHUB_TOKEN }} + WEBSITE_REPOSITORY: ${{ secrets.WEBSITE_REPOSITORY }} + run: | + set -x + export WEBSITE_ROOT=$RUNNER_WORKSPACE/$(basename $WEBSITE_REPOSITORY) + cd $WEBSITE_ROOT + npm install + make assets + hugo-tools update-branch --filename=./data/products/kubestash.json --branch=${{ github.event.pull_request.head.sha }} + make docs-skip-assets + make gen-prod + + - uses: FirebaseExtended/action-hosting-deploy@v0 + with: + repoToken: '${{ secrets.GITHUB_TOKEN }}' + firebaseServiceAccount: '${{ secrets.FIREBASE_SERVICE_ACCOUNT_QA }}' + projectId: kubedb-new-e7965 + # target: kubedb-new-e7965 + entryPoint: '../website' + env: + FIREBASE_CLI_PREVIEWS: hostingchannels diff --git a/.github/workflows/release-tracker.yml b/.github/workflows/release-tracker.yml new file mode 100644 index 0000000..c53fdf2 --- /dev/null +++ b/.github/workflows/release-tracker.yml @@ -0,0 +1,41 @@ +name: release-tracker + +on: + pull_request: + types: [closed] + workflow_dispatch: + +concurrency: + group: ${{ github.workflow }}-${{ github.head_ref || github.ref }} + cancel-in-progress: true + +jobs: + build: + runs-on: ubuntu-20.04 + + steps: + - uses: actions/checkout@v1 + + - name: Prepare git + env: + GITHUB_USER: 1gtm + GITHUB_TOKEN: ${{ secrets.LGTM_GITHUB_TOKEN }} + run: | + git config --global user.name "${GITHUB_USER}" + git config --global user.email "${GITHUB_USER}@appscode.com" + git remote set-url origin https://${GITHUB_USER}:${GITHUB_TOKEN}@github.com/${GITHUB_REPOSITORY}.git + + - name: Install GitHub CLI + run: | + curl -fsSL https://github.com/github/hub/raw/master/script/get | bash -s 2.14.1 + sudo mv bin/hub /usr/local/bin + + - name: Update release tracker + if: | + github.event.action == 'closed' && + github.event.pull_request.merged == true + env: + GITHUB_USER: 1gtm + GITHUB_TOKEN: ${{ secrets.LGTM_GITHUB_TOKEN }} + run: | + ./hack/scripts/update-release-tracker.sh diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..ed6c7b4 --- /dev/null +++ b/.gitignore @@ -0,0 +1,33 @@ +# Compiled Object files, Static and Dynamic libs (Shared Objects) +*.o +*.a +*.so + +# Folders +_obj +_test + +# Architecture specific extensions/prefixes +*.[568vq] +[568vq].out + +*.cgo1.go +*.cgo2.c +_cgo_defun.c +_cgo_gotypes.go +_cgo_export.* + +_testmain.go + +*.exe +*.test +*.prof +/.idea +/dist +**/junit.xml +**/.env +/.vscode +/coverage.txt + +/bin +/.go diff --git a/DCO b/DCO new file mode 100644 index 0000000..716561d --- /dev/null +++ b/DCO @@ -0,0 +1,36 @@ +Developer Certificate of Origin +Version 1.1 + +Copyright (C) 2004, 2006 The Linux Foundation and its contributors. +660 York Street, Suite 102, +San Francisco, CA 94110 USA + +Everyone is permitted to copy and distribute verbatim copies of this +license document, but changing it is not allowed. + + +Developer's Certificate of Origin 1.1 + +By making a contribution to this project, I certify that: + +(a) The contribution was created in whole or in part by me and I + have the right to submit it under the open source license + indicated in the file; or + +(b) The contribution is based upon previous work that, to the best + of my knowledge, is covered under an appropriate open source + license and I have the right under that license to submit that + work with modifications, whether created in whole or in part + by me, under the same open source license (unless I am + permitted to submit under a different license), as indicated + in the file; or + +(c) The contribution was provided directly to me by some other + person who certified (a), (b) or (c) and I have not modified + it. + +(d) I understand and agree that this project and the contribution + are public and that a record of the contribution (including all + personal information I submit with it, including my sign-off) is + maintained indefinitely and may be redistributed consistent with + this project or the open source license(s) involved. diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..8dada3e --- /dev/null +++ b/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "{}" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright {yyyy} {name of copyright owner} + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/docs/CONTRIBUTING.md b/docs/CONTRIBUTING.md new file mode 100644 index 0000000..a39336a --- /dev/null +++ b/docs/CONTRIBUTING.md @@ -0,0 +1,32 @@ +--- +title: Contributing | Stash +description: Contributing +menu: + docs_{{ .version }}: + identifier: contributing-stash + name: Contributing + parent: welcome + weight: 1000 +product_name: kubestash +menu_name: docs_{{ .version }} +section_menu_id: welcome +url: /docs/{{ .version }}/welcome/contributing/ +aliases: + - /docs/{{ .version }}/CONTRIBUTING/ +--- + +# Contribution Guidelines + +Want to contribute to Stash? + +## Getting Help + +To speak with us, please leave a message on [our website](https://appscode.com/contact/). To receive product announcements, follow us on [Twitter](https://twitter.com/KubeStash). + +## Bugs/Feature request + +If you have found a bug with Stash or want to request for new features, please [file an issue](https://github.com/kubestash/project/issues/new). + +## Spread the word + +If you have written blog post or tutorial on Stash, please share it with us on [Twitter](https://twitter.com/KubeStash). diff --git a/docs/FAQ/README.md b/docs/FAQ/README.md new file mode 100644 index 0000000..0d6e7ec --- /dev/null +++ b/docs/FAQ/README.md @@ -0,0 +1,59 @@ +--- +title: FAQ | Stash +menu: + docs_{{ .version }}: + identifier: faq-readme + name: README + parent: faq + weight: -1 +product_name: kubestash +menu_name: docs_{{ .version }} +section_menu_id: faq +url: /docs/{{ .version }}/faq/ +aliases: + - /docs/{{ .version }}/faq/README/ +--- + +# Frequently Asked Questions + +## How to temporarily pause a backup? + +### Pause Backup + +Run the following commands to pasue a backup temporarily, + +```bash +# pause backup by patching BackupConfiguration +❯ kubectl patch backupconfiguration -n --type="merge" --patch='{"spec": {"paused": true}}' + +# pause backup using Stash `kubectl` plugin +❯ kubectl stash pause backup -n demo --backupconfig= +``` + +### Resume Backup + +Similarly you can also resume a paused backup. Run the following commands to resume a backup, + +```bash +# resume backup by patching BackupConfiguration +kubectl patch backupconfiguration -n --type="merge" --patch='{"spec": {"paused": false}}' + +# resume backup using Stash `kubectl` plugin +❯ kubectl stash resume backup -n demo --backupconfig= +``` + +## When `retentionPolicy` is applied? + +`retentionPolicy` specifies the policy to follow for cleaning old snapshots. Stash removes any snapshot from backend that falls outside the scope of the policy. When a `BackupSession` is completed, Stash checks for outdated snapshots according to the `retentionPolicy` and remove them. If you use the policy `keep-last-5`, Stash will remove any snapshot that is older than the most recent 5 snapshots. + +## Do I need to delete the init containers after recovery? + +You don't need to delete the init containers after recovery. If your workload restarts with the `stash-init` init-container for any reason, the init-container will skip running restore process if there is no pending RestoreSession for this workload. If you delete the RestoreSession, Stash will remove the `init-container` automatically. Beware that it will cause your workload to restart. + +## I am experiencing problem X. How do I fix this? + +Please check our troubleshooting guide [here](/docs/guides/troubleshooting/how-to-troubleshoot/index.md). + +## Need More Help? + +To speak with us, please leave a message on [our website](https://appscode.com/contact/). To receive product announcements, follow us on [Twitter](https://twitter.com/KubeStash). diff --git a/docs/FAQ/_index.md b/docs/FAQ/_index.md new file mode 100644 index 0000000..c9499a5 --- /dev/null +++ b/docs/FAQ/_index.md @@ -0,0 +1,10 @@ +--- +title: FAQ +description: FAQ | Stash +menu: + docs_{{ .version }}: + identifier: faq + name: FAQ + weight: 1250 +menu_name: docs_{{ .version }} +--- diff --git a/docs/README.md b/docs/README.md new file mode 100644 index 0000000..f306199 --- /dev/null +++ b/docs/README.md @@ -0,0 +1,80 @@ +--- +title: Welcome | Stash +description: Welcome to Stash +menu: + docs_{{ .version }}: + identifier: readme-stash + name: Readme + parent: welcome + weight: -1 +product_name: kubestash +menu_name: docs_{{ .version }} +section_menu_id: welcome +url: /docs/{{ .version }}/welcome/ +aliases: + - /docs/{{ .version }}/ + - /docs/{{ .version }}/README/ +--- + +# Stash + +[Stash](https://stash.run) by AppsCode is a cloud native data backup and recovery solution for Kubernetes workloads. If you are running production workloads in Kubernetes, you might want to take backup of your disks, databases etc. Traditional tools are too complex to set up and maintain in a dynamic compute environment like Kubernetes. Stash is a Kubernetes operator that uses [restic](https://github.com/restic/restic) or Kubernetes CSI Driver VolumeSnapshotter functionality to address these issues. Using Stash, you can backup Kubernetes volumes mounted in workloads, stand-alone volumes and databases. Users may even extend Stash via [addons](https://stash.run/docs/{{< param "info.version" >}}/guides/addons/overview/) for any custom workload. + +Here, we are going to give you an overview of Stash documentation structure. + +## [Concepts](/docs/concepts/) + +Concept explains some significant aspect of Stash. This is where you can learn about what Stash does and how it does it. + +- [Stash Overview](/docs/concepts/what-is-stash/overview/index.md) Provides an introduction to Stash and gives an overview of the features it provides. +- [Stash Architecture](/docs/concepts/what-is-stash/architecture/index.md) Provides an overview of Stash architecture and it's core components. +- [Stash API](/docs/concepts/crds/repository/index.md) Introduces Stash CRDs. + +## [Setup](/docs/setup/) + +Setup contains instruction for installing, uninstalling, and upgrading Stash. + +- **Install Stash:** Provides installation instructions for Stash and its various components. + - [Stash](/docs/setup/install/stash/index.md): Provides installation instructions for Stash. + - [Stash kubectl Plugin](/docs/setup/install/kubectl-plugin/index.md): Provides installation instructions for Stash `kubectl` plugin. + - [Troubleshooting](/docs/setup/install/troubleshooting/index.md): Provides troubleshooting guide for various installation problems. +- **Uninstall Stash:** Provides uninstallation instructions for Stash and its various components. + - [Stash](/docs/setup/uninstall/stash/index.md): Provides uninstallation instructions for Stash. + - [Stash kubectl Plugin](/docs/setup/uninstall/kubectl-plugin/index.md): Provides uninstallation instructions for Stash `kubectl` plugin. +- [Upgrade Stash](/docs/setup/upgrade/index.md): Provides instruction for updating Stash license and upgrading between various Stash versions. + +## [Guides](/docs/guides/) + +Guides show how to perform different operations with Stash. + +- [Supported Backends](/docs/guides/backends/overview/index.md): Describes how to configure different storage for storing backed up data. +- [Workload Volume Backup](/docs/guides/workloads/overview/index.md): Shows how to use Stash to backup and restore volumes of a workload (i.e. `Deployment`, `StatefulSet`, `DaemonSet`, etc). +- [Stand-alone Volume Backup](/docs/guides/volumes/overview/index.md): Shows how to use Stash to backup and restore stand-alone volumes(i.e. `PersistentVolumeClaim`). +- [Batch Backup](/docs/guides/batch-backup/overview/index.md): Shows how to backup multiple co-related components using a single configuration known as `BackupBatch`. +- [Auto Backup](/docs/guides/auto-backup/overview/index.md): Shows how to configure automatic backup of any stateful workload in your cluster. +- [Volume Snapshot](/docs/guides/volumesnapshot/overview/index.md): Shows how Stash takes snapshot of `PersistentVolumeClaim`s and restore them from snapshot using Kubernetes `VolumeSnapshot` API. + +- **Different Use Cases:** +Shows different uses cases of Stash like instant backup, pause backup, cross-namespace backup and restore etc. + + - [Instant Backup](/docs/guides/use-cases/instant-backup/index.md): Shows you how to take an instant backup in Stash. + - [Exclude/Include Files](/docs/guides/use-cases/exclude-include-files/index.md): Shows how to exclude/include subset of files during backup/restore process. + - [Pause Backup](/docs/guides/use-cases/pause-backup/index.md): Shows how to pause a backup temporarily. + - [Clone Data Volumes](/docs/guides/use-cases/clone-pvc/index.md): Shows how to clone data volumes of a workload into a different namespace in a cluster using Stash. + - [File Ownership](/docs/guides/use-cases/ownership/index.md): Explains when and how ownership of the restored files can be changed. + - [Cross-Cluster Backup and Restore](/docs/guides/use-cases/cross-cluster-backup/index.md): Shows how to take backup and restore across clusters using Stash. + - [Customize Backup and Restore](/docs/guides/use-cases/customize-backup-restore/index.md): Shows how to customize backup and restore processes in Stash according to your needs. + +- **Managed Backup** +Shows how backup and restore can be managed in some specific scenerios. + - [Dedicated Backup Namespace](/docs/guides/managed-backup/dedicated-backup-namespace/index.md): Shows you how to manage backup and restore from a dedicated namespace for targets of different namespaces using Stash. + - [Dedicated Storage Namespace](/docs/guides/managed-backup/dedicated-storage-namespace/index.md): Shows you how to take backup and restore by keeping the storage resources (Repository and backend Secret) in a dedicated namespace using Stash. + +- [Platforms](/docs/guides/platforms/eks-irsa/index.md): Shows how to use Stash to backup and restore volumes of a Kubernetes workload running in different platforms. +- [Monitoring](/docs/guides/monitoring/overview/index.md): Shows how Prometheus monitoring works with Stash, what metrics Stash exports, and how to enable monitoring. +- [Hooks](/docs/guides/hooks/overview/index.md): Shows how to execute different actions before/after the backup/restore process. +- [CLI](/docs/guides/cli/kubectl-plugin/index.md): Shows how to manage Stash objects quickly and easily using Stash `kubectl` plugin. +- [Troubleshooting](/docs/guides/troubleshooting/how-to-troubleshoot/index.md): Gives an overview of how you can gather the necessary information to identify the issue that causes the backup/restore failure. +- [Security](/docs/guides/security/rbac/index.md): Describes different built-in cluster security support by Stash. + +We're always looking for help improving our documentation, so please don't hesitate to [file an issue](https://github.com/kubestash/project/issues/new) if you see some problem. diff --git a/docs/_index.md b/docs/_index.md new file mode 100644 index 0000000..e10e72a --- /dev/null +++ b/docs/_index.md @@ -0,0 +1,10 @@ +--- +title: Docs | Stash +description: Stash Docs +menu: + docs_{{ .version }}: + identifier: welcome + name: Welcome + weight: 10 +menu_name: docs_{{ .version }} +--- diff --git a/docs/acknowledgement.md b/docs/acknowledgement.md new file mode 100644 index 0000000..7705529 --- /dev/null +++ b/docs/acknowledgement.md @@ -0,0 +1,19 @@ +--- +title: Acknowledgement | Stash +description: Acknowledgement +menu: + docs_{{ .version }}: + identifier: acknowledgement-stash + name: Acknowledgement + parent: welcome + weight: 1010 +product_name: kubestash +menu_name: docs_{{ .version }} +section_menu_id: welcome +url: /docs/{{ .version }}/welcome/acknowledgement/ +aliases: + - /docs/{{ .version }}/acknowledgement/ +--- + +# Acknowledgement + - Many thanks to [Alexander Neumann](https://github.com/fd0) for [Restic](https://restic.net) project. diff --git a/docs/addons/_index.md b/docs/addons/_index.md new file mode 100644 index 0000000..01d412e --- /dev/null +++ b/docs/addons/_index.md @@ -0,0 +1,11 @@ +--- +title: Addons | Stash +menu: + docs_{{ .version }}: + identifier: stash-addons + name: Addons + weight: 60 + pre: dropdown +menu_name: docs_{{ .version }} +--- + diff --git a/docs/addons/elasticsearch/README.md b/docs/addons/elasticsearch/README.md new file mode 100644 index 0000000..7919569 --- /dev/null +++ b/docs/addons/elasticsearch/README.md @@ -0,0 +1,43 @@ +--- +title: Elasticsearch Addon Overview | Stash +description: Elasticsearch Addon Overview | Stash +menu: + docs_{{ .version }}: + identifier: stash-elasticsearch-readme + name: Readme + parent: stash-elasticsearch + weight: -1 +product_name: kubestash +menu_name: docs_{{ .version }} +section_menu_id: stash-addons +url: /docs/{{ .version }}/addons/elasticsearch/ +aliases: + - /docs/{{ .version }}/addons/elasticsearch/README/ +--- + +# Stash Elasticsearch Addon + +Stash 0.9.0+ supports extending its functionality through addons. Stash Elasticsearch addon enables Stash to backup and restore Elasticsearch databases. + +This guide will give you an overview of which Elasticsearch versions are supported and how the docs are organized. + +## Available Elasticsearch Addon Versions + +Stash has the following addon versions for Elasticsearch: + +{{< versionlist "elasticsearch">}} + +Here, the addon follows `M.M.P` versioning scheme where `M.M.P` (Major.Minor.Patch) represents the respective database version. + +## Addon Version Compatibility + +Any addon with matching major version with the database version should be able to take backup of that database. For example, Elasticsearch addon with version `7.x.x` should be able take backup of any Elasticsearch of `7.x.x` series. However, this might not be true for some versions. In that case, we will have separate addon for that version. + +## Documentation Overview + +Stash Elasticsearch documentations are organized as below: + +- [How does it work?](/docs/addons/elasticsearch/overview/index.md) gives an overview of how backup and restore process for Elasticsearch database works in Stash. +- [KubeDB managed Elasticsearch](/docs/addons/elasticsearch/kubedb/index.md) shows how to backup and restore a KubeDB managed Elasticsearch database. +- [Auto-Backup](/docs/addons/elasticsearch/auto-backup/index.md) shows how to configure a generic backup template for all the Elasticsearch databases of a cluster. +- [Customizing Backup & Restore Process](/docs/addons/elasticsearch/customization/index.md) shows how to customize the backup & restore process. diff --git a/docs/addons/elasticsearch/_index.md b/docs/addons/elasticsearch/_index.md new file mode 100644 index 0000000..66a53d5 --- /dev/null +++ b/docs/addons/elasticsearch/_index.md @@ -0,0 +1,10 @@ +--- +title: Stash Elasticsearch Addon +menu: + docs_{{ .version }}: + identifier: stash-elasticsearch + name: Elasticsearch + parent: stash-addons + weight: 20 +menu_name: docs_{{ .version }} +--- diff --git a/docs/addons/elasticsearch/auto-backup/examples/backupblueprint.yaml b/docs/addons/elasticsearch/auto-backup/examples/backupblueprint.yaml new file mode 100644 index 0000000..9877ccb --- /dev/null +++ b/docs/addons/elasticsearch/auto-backup/examples/backupblueprint.yaml @@ -0,0 +1,28 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: BackupBlueprint +metadata: + name: elasticsearch-backup-template +spec: + # ============== Blueprint for Repository ========================== + backend: + gcs: + bucket: stash-testing + prefix: stash-backup/${TARGET_NAMESPACE}/${TARGET_APP_RESOURCE}/${TARGET_NAME} + storageSecretName: gcs-secret + # ============== Blueprint for BackupConfiguration ================= + task: + name: elasticsearch-backup-7.3.2 + schedule: "*/5 * * * *" + interimVolumeTemplate: + metadata: + name: ${TARGET_APP_RESOURCE}-${TARGET_NAME} # To ensure that the PVC names are unique for different database + spec: + accessModes: [ "ReadWriteOnce" ] + storageClassName: "standard" + resources: + requests: + storage: 1Gi + retentionPolicy: + name: 'keep-last-5' + keepLast: 5 + prune: true diff --git a/docs/addons/elasticsearch/auto-backup/examples/es-demo-2.yaml b/docs/addons/elasticsearch/auto-backup/examples/es-demo-2.yaml new file mode 100644 index 0000000..f7a7a06 --- /dev/null +++ b/docs/addons/elasticsearch/auto-backup/examples/es-demo-2.yaml @@ -0,0 +1,18 @@ +apiVersion: kubedb.com/v1alpha2 +kind: Elasticsearch +metadata: + name: es-demo-2 + namespace: demo-2 + annotations: + stash.appscode.com/backup-blueprint: elasticsearch-backup-template + stash.appscode.com/schedule: "*/3 * * * *" +spec: + version: xpack-7.9.1-v1 + replicas: 1 + storageType: Durable + storage: + resources: + requests: + storage: 1Gi + storageClassName: standard + terminationPolicy: WipeOut diff --git a/docs/addons/elasticsearch/auto-backup/examples/es-demo-3.yaml b/docs/addons/elasticsearch/auto-backup/examples/es-demo-3.yaml new file mode 100644 index 0000000..4779725 --- /dev/null +++ b/docs/addons/elasticsearch/auto-backup/examples/es-demo-3.yaml @@ -0,0 +1,18 @@ +apiVersion: kubedb.com/v1alpha2 +kind: Elasticsearch +metadata: + name: es-demo-3 + namespace: demo-3 + annotations: + stash.appscode.com/backup-blueprint: elasticsearch-backup-template + params.stash.appscode.com/args: --ignoreType=settings,template +spec: + version: xpack-7.9.1-v1 + replicas: 1 + storageType: Durable + storage: + resources: + requests: + storage: 1Gi + storageClassName: standard + terminationPolicy: WipeOut diff --git a/docs/addons/elasticsearch/auto-backup/examples/es-demo.yaml b/docs/addons/elasticsearch/auto-backup/examples/es-demo.yaml new file mode 100644 index 0000000..61bc84d --- /dev/null +++ b/docs/addons/elasticsearch/auto-backup/examples/es-demo.yaml @@ -0,0 +1,17 @@ +apiVersion: kubedb.com/v1alpha2 +kind: Elasticsearch +metadata: + name: es-demo + namespace: demo + annotations: + stash.appscode.com/backup-blueprint: elasticsearch-backup-template +spec: + version: xpack-7.9.1-v1 + replicas: 1 + storageType: Durable + storage: + resources: + requests: + storage: 1Gi + storageClassName: standard + terminationPolicy: WipeOut diff --git a/docs/addons/elasticsearch/auto-backup/images/es-demo-2.png b/docs/addons/elasticsearch/auto-backup/images/es-demo-2.png new file mode 100644 index 0000000000000000000000000000000000000000..b4d3b419a64bc0b1c789a9ba62aef99fe64f12cc GIT binary patch literal 49160 zcmcG$1yoht_cjU!hzKYs9nuXF(xFJFfYKo?(%qn-ba$iD-FXNBIW!1J#{mu@eds#C zUB~zL{=RRFd;ep6&Kq1=HXMmc6XD6B-)sPt+HB0xK>V8roAdImwrA+|#$`y}aKXXWZ;huJ93X z^xheH@G>=qDf|UJQ~XCFjN*q@2~)SQCgh9MBp~A-2_@>g-WN+kB&K%lLXIV@H6uO} zSIB=Ql9-k#sKnuT|NHyPhyM5F8q64?2lk?R$+;Ub@g*4c*5QxLhK{|42IR!noy1^! z$;Ol%r%!26FLdex2-!csX2_to27{L@n(9YR)H(bY5={_v)NeHN?7UNwhSedz-rd9E zel!;_ws;>QB`GPHGs&IuwT(XbnvfuG*H)47KUcP>$v)E?Uw8w+{=zV3LwLBaHDM3mfee|Cz~=&^PK&qzkP7 zzMc1D_9B`X@87Z3?%rh%_&ZG+(HG@Zn0}i~JhUbfB=}E$UWW>uP?hHXi6aF+c6Ref z0w3Hnhfdk!zWH5sk+G=^^ObaeNNdte^~GeI@`PMue&h1tMsUFJR1*Yi6rBq%$<2)b zJlZD%vPH(os%Q@jaWH_b>orfBN|p6t2=-jj8cxXlwIybs>B{;%_1nl02ctPZ6DoX} zl&icwah?9dS>=6XojSB;_=Yx>!pkbTwd(uW2~5>$U5bmEBfLF|+}0rloNMZ>xstI0 zg9MuSiEOyRClb1A-pPxv%}oUb+Y{_jiFB6sM>=1Kft6WVcCxW%!UJcFMyQYKlg~Q6 zY!^I-yTniQ8}59_$2c3jtGWKY7OjkDfShRPVC5c~-7mfE|GS8g`#T5k%1 z*+I`vKQ}xBYhba~V4ue(JhQ68M4367boV$bYrQ^W`GwT5u;2Oz2|Z%)fF$Mhd!*JWY$bbf%(jYr7DS^%w{L)cL@!BhVpc%Z#gPh&k|g5?gRZ39@zTO)5r z+C}V5sFWK-*=D`{OQ|O8J9d^%tOnSUN24%pw_hy<*@}tH9ap{t%c`H@vG<^VGvLxJ zO{GR_*RiCD<6Xcd^=*HT?V)ROH;=PjKTY1WK`{+|8P5eSnvMWZ)00-g;j3dho^BoD zM+Bp*-K(sZn>OuN1C>kChLM4Zj55xBN(sTiJzdsAN(+6#-TdShTQU{|x^^w=81H&1 zu2P)T4GGHxCsu7X-jX0=xV}jvj_2x}%FVKfiKM|I11q0$LOievEl$H(^Ug4lfqr)1 z`XOFuG-m5o-9PX5ib@*igrh!hs%!POf1?OX!?-V6>yAn|w%O^r#Z+_mJRKQq>h`hA zQa@kT`|3BjqAwBQl}iJSg;9^Db_Cr6*RMT8pLbad@A)%dp{0r@uC3vaJRI=Xz2pYA zYr=td7c%dAg+7#!PtiX>Os0GwfSn|B*Xir`#2qh{LzLM!B5La!PwIJx`P-JnW}JqA z->Fs14x&c*V1Eyj<%8U?Fcb{VG^5*j9jZe(HDIDFPM;T{YU*xoWcfoHXdOZ?cw2%}>AExPY=!LuK_Sw0*jbHRwGU~$h} ze05bq2O`OHaApj)334mDd&Ffz@Te8$BQe_rmf_u8lS zdXPc^?m+ni9DePobR{8IMJH9x4A;lh5CJww^h~ej#Du6!Rd)wWa z!z$H2b`gddH())cDo=SIExi=sE2RQX z{>&CFb5=viv>}8@y%gn76kaOz!~;sfhYKs|cIQ0<4hzb~zyeZQt2(9@qS4z+GKji> zqi>(BI0s2zh1|ni{_=*EVQkt7cY%?!{D!HofyXu~kV4d_`++^IsEF`X)bzzO6f(Mz zIkTON?}~$)gZbNf^Q9HH+u2Y$Bh!_FvEdETaM%$>?E|_8@M2CY(j*>_j zSkm*ZagpkCx|k&f^KhK?gMxQ$S8nt$F-m>Ejy-dun-Lv2R>wePBCZXOLwriGeVoIP zHwa~e04{}VO0kYJgc*N+aR5%K1evE3Ie!~wCI>7I1R{UkB#Oc|2W%5lMJ5zXfz3!O zW#21s60|riEwZj`UK_#bj_~96_Bch@o4S0}CZa_87q}F8Z?3fE(~> zyS`Dp$Fn6&r?6Mi)R21aVKbS@(m)iG`3G;$fy;S&$j2BT&Z!;0q`I5; z>=1GB9f~?GmZ^KBWJ%1tdS!wjeA{f=?VC6Itg@oa!HG;+^_OBsTNG!SXDfx0kBuD% zs~!NI15+JqKiyetj;}kiC+B+IbyVC>lUI8m`R<5m?6i!eK6JZ|`aQIoUh6u?F8T%Q zH|{b%vBqRlYHfV4radQ(=(zZa$K{SF2p7Jh+2=3^yt&^&Zl@V*pCO{6w}%}J6)PaIwv2x%1 zrtu#>!|goKCL%J}`2hv&%ZWr$f@;7k58qklwKmsq5N;|gqx%1>Keb7FNCaKKd1Qku zDde2gu4=WMa0ORNS1`6HD5QAbJ*62P6Fr?&pF8xvdvmsJ-SuN4>VsCp8Zi}BnVFXJ zJ=QiVOVd+`eEEGuyDlaAg6AI)H2ERn<%HxziDKJjc;P;|WH{$Sd$u=8r_w)?V(jz? zxlCVFRPF+7J|RECIO8ErU_P_u&{@VFJ*6sL-8A%;1F;UyK%`VoqGlEB=1VKj?8USR4a`31?5SA}BcIcDX>Bf#J1p&?fmeR2%p{e?vGBq{{)7;l z+Z&7Y>M(r;_@dp+j(NAi%|QV;E#p}Zec9^o^$6=R>M<7fiivN2YKHqQvx3M71rI2D z>9cwl`@l<|an^sHW3A2H*u(J-0Pt4;7>mR7w*}o(?wfX7t=>nm?j zAH2;UNS48tHR~FBPvLdkh!&~tmGW~Z+wIQaC5Y8n5K(dqjEVZ!&tX2ba|=L@~Zh2H6Ow2 za^^DgUe6mN3MzfSbZXUhMG7+p$jhrg4oN}uTTx`%N1~W2JU6u_B4VX&T#li`dGoey zX@Qp-Z(}m>jhyct+w8rNDpkFKrC&O-Mo!U;)VX=yqJD*-xU&( zf9nw;0l;8rFgN@7A+Y<@5QlGoH4M#osQR`SmEW$|gD#%ij4KvUY5zGWczUAwJ62%S z`T@}f8HEK3>1>>d#Fn=Sh2nCuYz-uC6+apiG| zPXT*7#PD> z+p|8fIEV8IPr^g7j3o4!E?GAL*qg5pV~{?-x@2wEKD~Nk!83CiYdx=3k8;)UBB5-c1ZcZASv2OE2RFM|O_-7+otOs& z&%#T2(&+Ws)|L)-ZT*8~gIwN@B8-2rDmZfxz8$AjYkj2b7Z%b!@sw}Jf#8uXcPnyJ zV%%g;e5UrL&#N7u4*Qa(tu~LhLRog?-hkt6h}}m(V#?W8x~L?%*Ym^%8aK9y-W(r! zTB8)-1|`c#<2}jGm>yOeTWvpzXlsv9%5>BrfF|G`?)`yJPaiLaq2z11lU&==j#syN ze(bpzI@6=x6q{#CGo>X>iyH)jkgFxCFiy)C0y^+BmKKlcW`T(c(q#iqX&Mv z=tY2<{3FZ%NZS8RT>mrO;5!fRo}uPQgHE^dMfW*m;#P{#t3yO zpQo5-gkfJ02*j>!AnNV1Nm$^upZ2f^-B(uj-nVbx{@3{UkAHgwcHrUSG6)DX{C7(J ziVOq{afOiCzf+{i_)##tf%CG})*SUDbia->FUbGS&)~(sX$LGzuSb5T^KM!Dd!KG& zx_&UxIoO5l8S|x8PFpvhEr$`AW}%*zMpQMbcTtxu5oL4W)gx8jednyjQb6VJcup>= zQiHV8;fqaMWmbH;<(vihsN2{9Y&4(vjp?FB}}WiZ#nm z(x?atU43!3G3<5=mgl3CV+DotAZd;cOp2X+f=Qn>S$kDB7GjHI!`-2#y4u=0vZ*bX zGpf-aR_mH27wlJKe)|kQ1nZ6FIAV(MX%~H=rkq zRp+&2`TVbp7?3DQ?l#SDOO$F5(dR`$Z zdtQ3JWZwA4DzM%YDTUy=SD$rtbv5X5v~5sR6AcCgY8b z!&HuLvfQy-${_Y`9D77ZU|fG#kDSYLg?5Ej$rL=Ur-!riX8uT1J6XB8>oa?y(X>20 zed7ilbhbi=ZHio3tr~l4_Kj@n{AbGn_3e(q2@lP8+=8;4A3Uhas=T>lmn*f|w5)N{ zEgR!`XA2Ie%fqVt+0-&{?E)7*(28+o%#8*Lv(R)Jbu15j8T%f?-x$5m|8@?XQ#O= zyQ6lHif5ruuT4i^`jyR>`P`#$szsf-&ps9rAi@Gy@9pbl5N(%gM@r(4h1ow+@!XZ> zD^p}3Bo=jhLdL&#CK`gU(?qu%dYs8(|0pX_PD2|1WK?lfWBbEg>fwx?hcC;}EI0E{ zIZszy!4x?y1r5Y)3zl<=jfq7Ty1|s6%QV;_DGP^xa)R@B9b;!YJRYNrzd$Aj%6WpH zkx4QKVdCV>Zx)MnOL!6!monrz`JS>*wtb?#G+`|#?(kbiqi$%AgD2~N`dF;J06Zlt zMM_nk4+}?=sh^(SflI1xdS%@rdXZJ0bC7`@5`UH}_1OHUm({qsx?F`oa(bMcfi!yI zkRr^O@A{r29GZ! zKfR(d9|vJy+IXxyeiIu%Go+i>p?4rw^K56_+fl7~D<=;caK(4vh|Q!Tw}bGa1whcE z5Of)ULY5N7_zPv+sUTos;XKZzG5AE`ed`8Z9CZ#_ZFc(JT>1^X#n-`Rnd_EB) zsMM)k{$5iNU6n((P52{L*0wQd?!@LLa5c|H%9!?~vWE%>edKC8$DI1B@hj`m&tY=k zi=%HD5<>L*nAqJ+BI`};c)QmW={u+GL(@9K-xL+iNh&MRjFi_vrL^Uk8|K+4d4ju? zPE2;SDij6H%xniv+;xf;H=3_B)MC@*%$3ola?Qxg9LcsK?JTU&Wqat{RI!++-5jJ0 z*x&@|0&!}xN^(EH84QDk9L1%;MeITL#Ne>on7G@&p*1V>Zm=$EK9lNcjwZ%?t&ZuL zn%_<67gGKZy<=pcH!82;VP%bLuJNAHeS6FK{ZuzgQbeKp&SP77#^>E~FX48n+$zSF zzH8G}8G)r@NlcTYLq^QQ9&HO3J{GQmSe7X(rd=lWI$zm>;vtU0Q(CM;B@%t3p*@^E z`Cq?AHy_QqvpC_09USyFO$Bj+$P{BcX~KO**xx1W=-&AhM)c=2{An8(D{c_QM3Slw z#?OG$8psTBdspPVIiEDllGwkgPl1WKdQsN?w+cUxSn)^y8u_YpWkQRb*d5@s=onqrbFk)K+w0i3Ub53Mx)CMj@b?TW3wa?4g$bRy>sDAev**m( z%~hV#vww=`{mK><|5@AAVkK51eqn_<1Qj4(i5fqqK=`KZbZrBy6cG}}Kww+|+}~Uy z%m`DvA12>!&A70eVO%@=4AReJDKKYZ_UKFQF2>fhoTB5qg#-m6*~;c@sOE_-ystW<4#q3oPbg&|+t5wQ!;X2v%&f+#GE zMb_{Rd)W`R?!3@Wxe4Z7uQg1<)}(j8F;P647~vOD+Ibzjx^iCze>xWjkM`3Y2uXea zDvS@nLyWoJ8xrIrTIq+BltY=KUa8? z$8L`OI{En+f8el3NvR_?F}S5F-XAH#=W|aoYd)2hJ*}o$QiD#Ad03WyWb-?dc-ov2 zVP0w9k7+%EZOau?qG&{bq8d-eV>9}94(72ukdHY@YO+i!wCwbh3LcL<1REb~tA(g2 z{WQP3?YbRfd*6|}=SK(+bHp0Pm_v?POlq2}vOIp`fHS^LLi~zZ%=wJbvn-|YESN8W ztbFKN?c}JOEDJSryM&pMn8z2h277hwh3g6tYW4uR#={;(#T*gQFYd)*qyFTMt{rE& zA*CW;K-_+`zgdHJvyq==>y$Fly5oAXJsnOii2reU*;u38V2A(4n2KdAfBnw+<RnCN{ z^yNKcjksfY74|%&q{Ot3`=ED-rE^m;d-|nqiL&GUgUURM=(I%1x~|K+Zv?{*k504dAHg$qmpG-4NUZtN3W+oFf%KL)7bpm;~A4b$T(lg|#Xe@qA#0wc#&w z#?BqPg`B85+}R&h;N)^#k?rX0oNn=|hc#!aWsXgCX{Vx)o#xZ__uj<-{xDd2baYrz z3hEFIQE8ahcCV*sr6kB}f&z{3Q7~Fte&Qb#2@KYIPeCb_&j^Xm{^xJ!Ab_%{J3fjz z`ENbz|3xmSmdjc0BW!qd ze=xIO=!e7g1b#=&i6SP1xqL9`2Mc_n|sq~h8qlk{C`)vEB>k`)=Y zH>Bq0la-fP2A;N?cdZS4?-`#jMQur=fOD_FnI>-CLy9MTOQ9zb4pbCRLTz5W*W_KL z(UgAaN=eUAL7x{xYPYkCQLA7k$02xk^<4-fz33w^qP=on@i3&?j~Gem*v@1FjW@Er zODuB99&SX(Y_ z$X<{AwTj*v7CWa%Sng($Y0fCx`zhBql9oM4?|{iICw8Vb0=0r0Tup30sC?eSTrtnG z%hj%0(r;UdFq7=h&))}UW5VQqdi*FB#QMM|wG@|u6y(ju+cTIEo#9GPk_iqgwMG}NDr)zJ`qcuzp z(=@-N^6zV=V*`59>i+rhESr4233o~b-KwfivQp95r$OU(W2Z&M{@k2>EQf^Hq)gf7 zc^%lq~qo@R^L4u}QXQ z%<=5AD8rR$)ty=0T8sWy*<1B?Cz4Ry(+5#}UX!$=JeKF;q6<>u2sVnn4BNI>hmTe{${Q*%5DGMl#ck8rn?F%|6aOmq$qz+uX)!6O zFQ)Wp@iA#B{Xw?D=}obCEd9)^tog_+g%nea(;@PzgDsx^1P{~I?G7b6bhWrx=N5wXP)@}s1aID4de|obuSmZ^ZWXx@uCvwO`LqmI^;~d;3d2~vcSyO& zu0G-O5u2LK?Opr>?7q#k9h=(ewI2qs`l)4EdSSaK#Tu*8G4`1hkuv#l841Djx3nm7 z^62rg7g@4P9(;}UZ@yK8c9`?PktZEm#XOxtmojXJ3jZ|ox&1=ZCkFdDbP){eh5Fl` zeIeO&Avrmc_!-LhYU&PkPOOB*34I;pRaH*ROf0$E_6de+)2l@)uVxA4k8hKkr58Dxg&g)!L+WGVoakj73$)O zaT?-R+P3)naqE@FK3E(wG=+HV#v|XS6+>;Ca{`W#w={+*Rd_F_E@tkp4L3z_1y~E< z^Ym~ECz;qUIW{^#$dC;)7YxivF$wt}s35MprWOHNcw3ln4(5}!2%MO_O&+NS=?XMk zi4JpQcIy+ALCqE38wSA+*E(h&^JrM5MZH0VA8!+!=KYW8%Dtry$d; zJo;uC9$B*7siYDUo4l}Z=TV!dws^3(&wJ+Zq$afm6PvJ@|JWw8CS64|Vxs(pdDwxp ze>Sd)iHUvv7pAVe%PNhzO6ZqPVGm0Kn!?5%$Ri;)Lbl_#FQ5^BMGe~PkFe>!gI;+R zMp4lqnxrQ|JR!fs$?u0crcgxGb*Tf`2~yAfwy<@uv=iaW30tC%c$Cn085igfC)DHCC$l_wS8Ma0T5TPe64;x<(=>>1IS9HP|wv}>U;=)IEtvXZZz+4cC+=WYwN zTkjO;85vWS%nN23{UK$z-Nuy<#olut8eBdkD!Vvp3;12)ESSM= zK`)SOR4!WEn0BxV=T}p>nz;%^#Na9gCd`;>xF$$L^-Z#rzbf3Ao>@3aN>bsfzwSCn+TO2`|#wvD#v?o;`I5ib#K_(wklI{t2EE*)ZZg&pT?*Gxu039VsK# zOfJcSaggQeEoPI?{AsU1ZYLdi+OIv2D% z=LBT?IakJm^0|GrE$W6iQ0_7x(Ryw(;XxxVjRC6#YWYffBm1 ze-w$IF*BosOD^ygpJHFrK+;x&Pw?)S_{6u%RX||M(y`OV{r;@H*Mb^(boIXiY5Z@k zFSP6cxWZHd1mnmjQh0xnZ{EcjByT(`AMn*NggbO;9yf(-K%B%RS7Pzcq?*&FKV zm9YJ7YV7gYtisPo;qq`Reo>;RQkbdRIrII0Hzn%y0iryLv=Sw z<~TWPhbTL(@(T(IN=iu;vi&1G!+`7%2loxcrMQ2V1oJ-VWfZyGu2#xJ)t`c8!N6#3 zOH6{OF=-r^oGo$w-Y{5COaEF*v*qnVVs^=b+RO8iu?J0b@hL;-bSjaz7S9TW7&y;< zY4Ocj)7VCTsj*CowReFr%sOVB*k7s0r*JWcN>y7UyEi*mu2$d2tr89dukG65E>0B+ zT|3Pi)$IyJ7UxA4W9TM(b?1h+HF4gYWM!!yUH6*LB6mK^a;uv#u?Y@gleI06y|QKd z_Hxc$Nt`m3GNRVbo-re1*X3YE&cI{!NoZJ@17se^dv2c#=ho}va^*eMn+e z75Bx-j)H{5EoNrs-(Cf|Zx-eg^S*zG)*VGs6h%pCX>O1=XgzJ&<9hc4%_IZlD14D{ zDjwsX_k6Dpvu-2yyQvPt43XcvoKDhU$iSW1dVWi%moL%N_-vLzY2yL8Ks2b4al353 zfs4TWZmu3siX@kmut~gng+2xRyg!L^9d>gCyBhLPseL~}bFwpw=|1fB=FQ`5nJ5N& z`Y$~_J%r+zU{yHd7?hT;FZcNKQU=Yf`N&`w6ZOfwmaz`F=$Y=zSj)@H$T}{+Yj0c% zp`UoZh}(I}8GRSWTUQI&!(x}=nub0JQR3IhJQhRGtf!vsHm*~)p4673*9gH*Q{JDY zuyS&)uO=Cq4`+%3sVW^#+#TnVy!mY|%68C)eypHx@ZPg2jwqp}6XG6k!hyk8qUTwSWsmgRQpHzK_ z>vPDwTpWYLUd!o)kAe5a(MD$&XY173UM?7*Zg2~EzMf@qbA5$8^}DI((w}TR6$0hH zwO+<7Yi_%Z(OjsY)y7rJPTg#>n2%@i9+i7}1pk7204o3S=uvxv13X#KiJ`r{JtseZ ztj*6a({q#AWPUJ>|8O~sGd43*8JJX-&k0F+^TB;8pQA_A)YJmxxVx>Fw$^-U`vyLj zv#_;HuibsCSDmou?6pdsgn&Q2TMgv&SlTIX5T%aYQ)&F{CN9!jZpgZRR;WYS;PbUI zou^fNj6p|mwG8fe?fhBh+Dm*Zt07c@W`;=C;tJt7K+OO@{zc4VvAHNSeK~a_g(Kcz z^K?X&y1B6>H0XMZ$3V~huBDrSeAO7)w&=ciP;ltIH5oV08vz--duEdhAAB#i(aWgD zqb~6=9UBgK1-IH(7GuUlAW!QEhSg3BN=sKm7&E^%H>c<1&|y3v{xMOi>j6B)9l764 zBIL|;1J+VTLxZq05C^{CwYS>O*|t(zzp(t{({1Fog?OjwLFQp*hS`XLmP`%?z({x(w+hyFs28)KobewyXMsLqd#zccC@kTwfxW@cb4* z*>&xppA+*bs4@5Yg8b(o7`S00FRcL{DeQi8b*f$a;R&Nk=87=vJhF0bJXyW-e*HeT*41uRZZN$KvptBYfi>od5ig#`gV{^%wWT2xe| zRb`50WMrh6B}Ng|-3gj!yJG1T&W_9dc8Jn%cHP?Gsa9o{Cr*bWGE|k`=Z?#8xSYH^ z%KJ+UT2eV%&pP(JkDYDwgJ4&?ZdVH`#pCk&`WcS|#82m(0Pshrr$6{XpQLBZb{S#k zeLH{5vKbdw?2{XwBMelR|3EIuYTo?T#rRuZ66oD#EpMmSQ8h+>N4)Wqo`^A?S zac2?t(9*MM&(=Drs+Q~$Oy_KP5^F!FRGeV*&7dJJ#VOn2pR(p$NF2BptX;HZAA)PS zlpD8Fx6AWAK$ZS{B~In6SH-vEc+wE>2g=8JEO2$}tc}1HHlNH`={fe&Ba!RkjC4P} zLI7qTKwwvqcw%QCL7f5ZU8UC9VgTORVb;w6d;Q$#vY1R1Wki>;Wv#x|L=%%!rT!p5Qi+VbLqV+6);y*;A?t*SI5XdGUB%u!A3w=9V?AGF>KqeTurpY zx;g+hlZg8^#|Yx``dprv%{4ecw`gS|D?AR(=WOe_N*jki?di>eve*@Cd2=kvzwpG7 zzwRM0aY%oHC~*#q!A?YK2F!wsi%ZFt&6Mw>3>Vky>o(`zIB2IT-KbfACc@)MV^Z7+xmG2 zsAbt#hqSSg4IxQJY;2vDdwi2$DVer9N0&mBUpqlN-E3XePyn|t}PFw@PtzcPuN`m+7r~jx;&;L{ya}9l{W-*QpCfq zPwIWqm7ngri$J}Q(-v8k7Q>V!8pV&o1Ni?OU!@B=LG7*pLD%CT0u&d{>35Ee_A2lJ z*BT=o-D`FASE{Oy(8kBdx91wi?hT~znD#ux0Ja9u_-rie`ez6MW5Z@qu~xG?7cgxr zCtnjPZv=V(1`fBs7aC-K2q4(9n?71jPELi-rR(*6lppW3vbVPg08SMAy1{&sfRP;z z+WE$Hg%M#Y+T)cP1}*vwlld|TeJ?8;vYQW_eCy@MSsPS#=;U^BWC?fk?_WJgo1D8` zcZHm9R}T{lI_ALESAcJGG&VK@Y!m9or>40UP)}OXW`^sudB$MXNhNA-9;h> z-eXAD+^{#UE=7g=bxQ~BUzj+g3#`uj-AErFBvvFU$dZPJaaDg9d9q@C<}Wq8+f7dR za|bJC0CLEEak_Di-pUy;T3>#nj&Jx>Lsb?1g{0(Xm^aJ{b|Hr1aS+#?WzcM8x;xi6 zxLdt+wA2|y=F%g^sGR;aFAq8;V`<5pl9B>Nf>m-W;A>pE2GqZ=?P|6SeB8x)TEg93 zV1IufY-V7Fuv?YYBnQAFP*=X3d9Wj_0z7pfLpZ6M(kncIjQ=8m^iHUX_|9f_@LYW5e8u5*#esYPx1c5oQHGFbr4Xle1QnMR|eH0_gY>NgoBt5JKD@S9b?_RCAX6^^Q`u@epkp9}Zl9n|fSBe(uc z4(paVZ%=WxZ2;|pnR7n#KpCsRvE{rasZh6e8D_9m+>9oYsghjzYY73 zu#v+Rdx3`4L|ylt+DW9m;4LXd#RuYmabexR52T`hKL=#MofMAJF8*L2(BL;>V3AGx z;+d^y>mt~7>v((X8s}|oThGliy$|G2sv?nHH~E>7MA~sBQ2cYip}lV|Ve2iY3$&b^ zQS=IlD5n3eR!27jrq$+qmD&sg-tCi7MwSYKwfNPBO4`+fZYcDihc?Q7`6m`CA>Q8) z2M@TE)P^)G?jDP)ai+LHv6BZ>Vsq~EF==OHwhiqC$`w1o_OI; zAarcN&R<2m_pY8xUs*9tWYg}z;h$SP%_&#O65G*fdv4=Xm$UxooOwEIKo;^P`svx0 zSNBz(9n9&LQ$dK)tDyxsnPY6!7SkHDd+#MGAlw(JsIr#rAS%(p6R8WP(b+iJ}u^e$H#JMFh}4;7^WSPc&bvsY%%E zOvBlknb8rK0oy!A9e1FS6#d2JtuxzV-(~!*9{BnRy>Qc_diD+tHz)ukOz=rb`?kv4cKL5W z*zyMPYaOWcRiHB0;8EghfD)ZthV#|AY-#+}-~bXIf(t-k>jo1T1YX0;&Ta!B1tnU3 zeS78m{O0m>Zym7eK?9;BeOD4dzEE;>8E^;QymFn|KH`uZ!#3YJ$9{IjOpz3zb{nS2 zf-{S9w|+4)FhI{lP*bGX9C%-=b2VYJyY{sdrm*vE3ps~^CFtH2)Q3FP>xPXG8$j9G z)hX~=o5d5P(c@_>3k zFU=)}(+ZsafG)txRa1xcx=D^vySSN1sy*lk=`H$VDwvv z&lTo#x(_@y-3ekoko*#8$hM2|^6*Fpzl*Ufw0n4Xj4Ujnz)Vx?VZLdtK9{7~H$Yot zSKFJo%{gGE@!PEd%D&!?NoCrf$o_!%*^hEK94ImO>+|*LCKpz>1rH0z>}7O~!BgS0bubEp5?>dK{Rdq$JR;Bx2qIz;Nsw{4@eVS1hgU5*TXTjWV+$Gb($(?2X+6x?L!biJYJU<60KjK>SQk9E*vlZhLbSbOsi=9O zuwUf(x4QS1E)0;SNE|Z0XZDLP02|ev^8*q#;A`bXGZU&l!^J^V)MO8JPp(Q>e*w;K+YTv7ye_79nLKV=|BiMFxwdZklJXr`57FLFrq+x{Y%SFXy zx0;_vViR$g&NsOC>Z)zP03pbsj5+Rya6 z_5k6qva*s*tKx_IKpIHy7#L96wVpHND`yx3-64WRbSiyF_wjBw1{paxGy)Fx!wm2x z-{~B{x~d)E(jXf!`VEch-9(ADR;kAIS+{tV%`6`VE_u)Pbaf-hGU@1{IHlS0&k&#k zTV7q>zZ21K02s^0Dbw6~r10)ylpm6|yzSaE&Y=*|MX8X%s&>BF# z9zA~i6Kwk+fbV=NI+gek$9I=K9>+)4hwWa?o*A0W4ahQmH89-(G++Jvm9qJAg>op8m=P z5?F@HCmv)AQr;G8kW7Mgss1xtU+%y&;eLaXE!W8N(mEwi%DDU_=a@3Ek06JnL>cin z8+`}=|L;^j*2XS|-g}cVu|K;EvaF#_WxKn7yMB(|_x)Q$_}f+HM$7T}pHjrHe^dTy zEoG97e0+6~w7>s?VASl*_rKj=_%Hrji1@d1u;M?yXklUDgjjruW^8OMtD@5O8bSz2 z&!dg!99kGKqB;KS`oCoW=S+_NMZ2jA^rZeS5SgZ{EmY#pL4!Zvnl>BZZu8+#*#}UL z0(tuK5qk9Ng%+=KknA-?1Bvf6{k(>TDZ2%5RY+LaR_NN_@jzdb+V?{c8volxWSDg4 z46tzG|=QwR*Ch+axb-TnJ9 zg?eBt+3IC~=LSk1BvSc}F-|AD^Zlc_3c7k0K)SPxq1NS*po)HMdmG5u2{jLaXb<`N z_p>mdYdXmk0bgDQ(;!2({wZ?M@B3WmLBlwQG(2l0@4iP%B4Y zrb@rn)g}JZ(dPB?l=W|IgId2r)tNNXhl+r}>6`1{W241-6%Ty>?a=ZJz)t*67hYNZ z|JdUun-mWEzeJOJf6uc&1pg*tL>Q_Rd(AHSqA zx{0(qsAyXpfU72TWjMIRxBsnk?k@G&-|G5VGEb#!}Co|ph zvEq8Cn`BVU&>WNxqf3P4%bV>vpKgq;r;A-}jpdVJA-+76xJO;~tj-4H_tTkgu((LD z5U^q-{)T(1qkSXK0VR!@>)pd1M!0FQP02;sZ#eJC4dwD`+|TNS{)~vzkM~pDW52sK z9y*XT<6U&gk4i)la=7v3?R+6JXqeM}xMzgF*tS))g0K301lp#RF3F4xdP~i=yXOhV%7KU+t zo|dn;v@{P~E#p;^!fWGUXXfUl%|DL& zp_VjtpUN!%m`zL#rH^Zz^APyZ;;mZ)f9HCfAdwVC7wt=%JJKa)$iCJ6opcy=qMRY^{ktAyy~|Y3lf>) z=ju2$jB6BJaPOa}!pAcB@dJkx)Jc}UllV?UE_tKGUH)Isc9{0v z@3o{;#}qGKMn^yddU;iOzNQXGv%cNGh0_`NFf6FD2CGW!lN}%;C~EM*b=UCbVp6-= zegDf7rA4&?Gv+rUw;r%D%8L}KDw;ESi22e>HIvfD-TQX;ZRj-lmm*AJtvn=upiHT=<1PM366^zf7#Exh#>7UWFMA4@~R_oF;|c#Zk3=re1YN`WQmm*)v0 z)7~LPm`#=hA>H;&O3{%rVsYK_xmZ^8qrKeblKDcazWyxdie;5;4-BSZ zG{ocL3)7UM*)Pu;=F4^}J?!i-2Ylsn_D%D(Yfulz0*a6*D#(;M$qzw2)i9{k`{2T^fUGl^kQ|vA3sG zY$3~t^{rXX80ExYuSjjjJ5Ou5E`{4tM1!R3Np$hv6YkPo`J=z7c5oC(_Dzu=$K;V@ zTU#V@e9S`mhfrDMrE`M`qJO3O%Z0BqwlFEJ*oc1d`X>tN50gCKv~j7kCC9OeHUA`i z_eLzS;z+8zP$AQ*SKb~LZs?- zEm&jL@#~MTA~lC%SmPZ;f0aBO(JB#he?9b&_0DJKs8Fkz9%yA=Q)0~+r$Ld>ec*i# z{}*+C6%@x8zx|>iBuKCj2rdDFdvH%6K=1?!Bv^2FcXtc!4nuHv4<0-~a2*(22N__P z+0F0&zPoBy?Q<@6?Td3RsA8JcP0Q+@wZ6~id0O@MU6(1ovgrterM%I0oUXtyD7+GVQk}$*GyJ&>jU=CBUnevib0F;lZTPE;7lePP zGAQX2BQ`+<#*rFN={~Y$G7?nHD{VmJ2GzC|I0Eo#6aM^+Sp@%Kx7Tg>l%QU;_79s; zX7-P&qmMZh?K9{w+(PY?0C>`TsXEjP6{A*N7H}!I2@6G5l}d>;{W@W9SMOGpzdBXb zZfh=EgWUO84uO;`@AL24IKLOyziCrP9;&sx(8@@~nryvDK^mppv=RvJ+Une#zk%D5D{Kt2tNX9Ce2VRX;?30r(t74sH({OcU z)p%LES?WPKu-&lP*m3eq7Xc692g@Ny46t0YlX4!n6gYbtDt1aSJT2N+)<<8(V(zN1 z<_`Uq&xClSm-p;u$Ma>pPFI`cY?fSq)gtdazKhf-*_@nMG(~;4i#s@3)Q~_Yx3E1~ z`z{go-|=S7Hmwc*Md&p)rl($yj|r)taxz%)s9j-&HMx|>WH!&I^4$fX^V@zE!Nmct z%eW)C?TiS2bCMs@w$WvVq4BuqnF}9B6mS~aWsj*uk!6*pW!|_p%SHS)tGb-Ij~iZ` zZ^}wlYs&X+v{Gn3Se(@>-R=gXAZ(UVn!%9_nO4?0}x$=2zv%a3nd%Bt?0%29*(G!B zJk>V2WZSs^FWK?|;^{>uTBEc&KUd6uVqNHP1MI`sD$V6PkRHzGK7;Rv$XxTzh&!8e z1cRD02WGCSunZd!9Z^g?3!32cU^qlQ@I`T106}G(Uf%LYF!y(KwiU@x#ep|Dk^C~N zKJvvZrbV?mrmt|9VaX$qRV(v=xZOMdfW+aS5#MHn+aA^T$Hzb0_Xdo47Y{(62Q@x? zQugoZyLmb#)jvbJl^-$qllRCyWA+Rq(ZJ{sC5Jdmf^wXeqV^ZD5{AN!{c`%P8oTNX z3fh=y@zvN35)GEQ_>TK775`9D<)3oW6Z+k1JB+_RySn_IektP<7Hm^^jNkax=x`UP zDP1?rn0MRu*uN?wh>4dQr!_u|xpwJt<~{lZ-j6rMf7hE^;mAwCs9Nnej!l61p;*V{ zplS09bE{VTC$J7ThBWx2b)`_}aP_vFneNfYK>PNYU%aSZup(Z`V5!gSDt1rTqO+tv zggCm?@jD@WKQw2{tQ)?3k-i6#TKJ2C)7LcZ)7@p;s4hWFW>P_lJ6)q(?A#?ZKsBJ4 z^X64wI;0{woh8>$nvTNdV8C(?oP{64N48{Cwk~+im;JM=5HRzL5nePyG zqT-N4v`mf^5sahHEZQ{Go~_g4NKH?Hqe0)Ao6cpMc!bD#YhSPlH{&%OX@FrDc1Ea- z|8ARmfHKp!yzlbwPAqp)nUWN@_DPzm^3(CR*i|f8TG=!h<%F&CEYOr$Vs)86`|*A3 zvp4*xh{GFY-Vd6IjmO9|&xobOH1g!Iee!`>Ry;gGettR8c1Ugr=S3^68jA`tr#NC-#0~bO0@l-JDNPYjaR#ke1oaU_8Z=rqpfL z=BN^cWxD$#2y^% zBm1Piw`!CPdGg|FMO)9``=34^7gb@*-lXm{j8tEvf8U3}C?_jhO#~AU&}5)wjlEla z@pMYEKM^HFGR1g8ibv|B;WSpJnMBse5ARj|ip{$(#Ak;88vZ2t%Zn?O9uR!y6gk3@ zE6E|66CF{+=X^3Aogg2ruPxwgKIW6tVFQDq?0Jq}w}lWqJ$sTXUmIRUN}z&enP_YN zj2I>flg^e3h>PQv%S><6Pn&{yu*R&yerOfmy^@;my%Ew;Jok$ejvE^!quNo-NT8yd zyUw0*C)N<}ilc7XPUOBAr$%j)-mGTss)7)*4IdCAmTpu$4Q znB+Wtj1l3Sk*4>?Qid7kPsDJqfR0Dtl)!SX6DNS=j}$*B6y}eW=)J;c5X1AHq~nq* zyn8Xjo40Y{E!-beD(}<7s8^I>q0Xz}IF0d*M~YdUHO*G0%KtAb59Fws``e>Wq)7autS=)}Y{I=c(x_m+a5HQicim|Gs!rA2FSO zCOl&@<1w!D^vUtc9D@GSw&T;U0(6}%fLX9{8l8U1*@HbK7mCs?FP=@KkYVg@-LFcY zIzjL;u}BJS_mClA^m4hsr9k&l>|Rxp2>ex zEv4|}_x&IsA46FHoJL+DORU2N1wh#{_bvpVM~ay(F%$Oh!t*j!eqK+eP7sPT z7ZlaAyXp8^tgv+L27!27mVcoOYIN@yV~Ogh^zowb9+_vP<uO$NB_9_ z@Y;B$o{$QKg)WbM^cnHE3)vU7n{uY~j{9dj0zKU6HeK;}wxKp*%4Gf};T#Lg(zM9i znNq1fqBxNtx~17y-nopQaN`zDnN5xaV}&-|IkY34L3qbQSYvsHLB%Q3myxM>BuVL2 zsq;hWdp-qGf!kUYANE#v9#z@UfT~JHHD-K)AvUOPnP-wBjWSxUJim-!R*$pOc4rE~ z?4(*xpOx4@qBeu6x$NQ$m%+w?E!Z4mF*#a>reCh1V0qPHfUUh-U34x*dx(NK8BJv| zGi1s8H*3H2PvE}R@z>-~J&(S_2(taLp;`)~8->f56)y^=C@||=L{F)Yn5oj~=S?{) zN)5#hIKV~I4Ie_dM2uD0w=?x^&&#DR##Lta%|Fm#Jn3*uQ5Rl^MT0M8qk*|luTh*B zKZ|=uO=|g5mR7=j9k3Q3r7n3y`9WOG1ElSP(TA7M+>>9KaFS5zXT8h5wlM$hFQM}p z6hxUc{F+=p3R6e^R;JZM`dumZz#yHs?)-NS3ZuUkUN`(Sqt$-rOnHc_!bpK*a9aAE zkl*UFu5}6wY`E#p%NCQ!*WH!Qpj7%))%@>%k{hp?lX_j*K(^#)uETlX*?5=QRp?V` z)F?PKaaMV`Br&(XCR>A|@ytUbAR0{btbvxLAFV_`Y^ZX~&j1%IMBb?FW2Wg5#b0a5 zlzBGdr>XK_=0CUhAr>_hl1amOshOG#`j@qR1kX=V=5#V7U(%4`DG}Ob&nu?H8MP8Z zW1J%WExA=3R+{ZgETuR?)FXAk^)=(JoF7WlaLo8ETgzzFhB)+0S(4i!FK9 z6DjYD<`bfLja-VtB7`*FjZj=E6v#3szEQi#&!9Q@IHK%y*!)@N&$n~1i&XvbM8$1~l5~yn2z(k97B$Y9ybQYZD~usJf(EBJLs3bV zPpV_GoClcszyls1uJF4gDN^<6!H3|GnJlmsLCj*26Q`Juz#e{(AEyR2N-}Cq#e(n*}juv%X$Mb z8=>EFM=Jv4V+vFrI<%|&6KkPl^i+AuvFBFi&c;@*nEHym}C;<4D$i+27? zLsmbst=8{E2BI9S!(JJ*zbV>Rv{EjWW3o<|c>764t*DRa+&Ef?LxEPGy12HFTaxUD zj9h=+_Fv2kar4lSL=vh_>dXn=KXf@g@Z55Xfd>85$5=_G`512Zwzdv6c)vn{h!5*u;ovfgf*9UOO_ zhvXWMNs>4ERr=0k{rSnB@wN|tOF7i~ow8mzy5-=n$f^7cx@5QWsaiVBf*E&bp2FSF zq5+vB@!{xuZ2^maO`}WiLM&>-=?%9XNnbsu<|Poxcx$UNCA|8ywIHg*M6O{B=kFL( zsd`K0m$7vA+_xV%WQF4gWQTx>YF6!SP8rU({saTZR^Iap{Zn*W2U^oYW0@J2X5&x&g<8zjhzW(V_x$gAZLEcqwyO1ej>C;C&g0)6@$NVp{$=bWewVEpZs0U~ zU-TUC&Zf-k`(;;ERgGpRf7{Vszas(^{FY&5-G;&pg`YIau4J4a?AAI+e|TQ;h=yH1 zO!MhbbR$aD7!!-KNgW8{oy;v&#WlrC3*FY$Pd|^R^MpaF|Jp^N0VSyxNe!rlyi9bO zQJx3=yHe5bqCDrH_7wqM*@x%l1{O{KZPw|I3Fg^=);nq0aMq+9L3PLUyTaSS!h?l& z$`ve{;Fc`_1^$XK(lq>T{7fH%J0tpWHLs}4Wkc-S$k@l4SMbaFaK&kSNyQ^tWS`07 zf)>%ow!j}G!@qr$0V-pKBNWQO$1O3X$4`$<(xl(^5dXKbAyNF3|FiK^@5i+;XiV|{ zS3&Lnj~g1V?M(DkK;t8u1> zro%&wLinoPS?ior{sozvnaW20{F$y7Tx{XzE)?8NzOmm|BE*km8OuyLpW3bNGSh6ROxUJx?+ZcYcnkjZIfY7P27H?h$K|dQmKNMyZ1pTpE$rhU^<(AM# zM&MmQ+hb#e*Mk20=kvWO)Xom41=EMr6kaPh)SXDFZE-O?x6@3~>r3wIZVw`&3A1q< z;W+V@z-8i?{Zagr=>07*Qle`l4!JLg9>+xF?7HE7AWZdeX_ylG{gmQ9*E`}w4^}8^3*nrP zp1u8bk?r<+o*e5o2xtC$YKT{Okn#%`N4HDV!bK;?$+4)Ph*f(P3N=za*% z5mw>jvVVp7Tjo$Q&X7TBWQL1QZYw_?A@B<#w_CQi`3zH*IyI+Uq@TbbV?+a5QP4UcwZ%hq@kMW1C9jAKi)ABxOYM&-6Fvhz-t>wB zU9~UM2SZrT1IvJ6g!~-c`@S0MEPImj+IUUHL}v2-1n!EI(JxNlM(m6whqx5k7!?;R zg*d7u^R)^N?w*9lQ(-N;IbJQ03@bs8i?{1=h`{ZbnRwqRK+&L{Ju)poD!>^)eFaHJ5jk8R zeS35lKmjH#OWU?JgfZ7UA2#`!4#(fB1Jb#oD|L*fjNl95R)`h6}UL-zZDBue* zUfz$jTHB9+J}DWQ;ar)9H-sm5Gez5$v~dl;*hcF}zDieJxpCVJ$Xq(A9_9^Q# zpF)=~|M(zTzF=w1`kurf+pJW7BK{bb$kLZ8f4z$bOBBBbhv#mb&n%_j@O`&E4>&fK zs_u%&oGEG$eCI~glbC%AE4LFZ(ccVd@v|GY#@v;7_l7(J<&IQ-GJ9Ll-hKTIx`dZl zbDW&zt!&j!d2ZI^R1c=_^_aFZHPu#i*EPyX4p&}IUmMPR{W&N;$~`Q-j5F(cI>)a3}F-Vj9!^&-t(nEtdFy{NVY{nwY!3=*Se#3dVacP zG3HWjYz|d#F(R!72+6a-8|$5a`jF0{d~Ukqn)72u8v`F4C46G~WZM@Iiy?FpFnqOL5UU( z^`%)7oLBq{y@3$Ku9JwpyZSd4G(C##^W8fScZ9bu;&uS+=2Gf$dPXeao)|QmayCVr z>h!R$CVD?6;(d&6w)bf@d`8RWRyGAXr{dbPUr%x5lga3Jp{?c0Q<@o?s^SgrTj>ls zl0c=n_W0KxijLEQFk-!B1yk6^_915{@$lSgxVr*fo6B*lJFX*N4)HD+NdI@+p~ z=qhi*AIAE9o>uc+T$di+{wB+K*v3N~xUoGbKQLVW+4#cT9;{txS1mb^X};=j*((3u zUy~Uu#2x@YBhyRw9%0yw*8OWMjABcpP(|@W*q{KUyrIFA>}VV$IASW!H)fwyv-nrQ zTRoL+quqQT*LcBBuMmn z%<%+q)ZYn^ttpN-3t!qaIW}7Cw1rO?wqiO_9@sV}CHyFF$et*0e-ZsE6yx>kt1e0* z%;wududb^ZIJ78H1C*J()5-FRTzZCf_>3@lcnsLw%LDm4I=h_$908v;mzO1)SDGfyPS^v zAU4;z|6m82w%blId5hc=XX}3UNhNxMLD2X+JFFB=TdLgpJBs`6Ya;Y}}{?SFG7IX5LE@;;- z)uzY?;cL1jo=>&WcfqINK<1$>8-t^QcH{@8xN+4ZGU8v(SLe z7}8ZJYmzRP4SDzX{G(9Wm_MlIWU%6=^sEy_+z9pkXBzUa@z@C&iEQEK-$*iK7NO_) zr2QlyX@v^+-VW7x`5&($WHI-j5Tz7vnne;S;C^k%{wdwZtE7mdIQsjIRF!&>rEIM? z@#H*Lp@C!yT3VX$Gil;UbSn^TL6q}2-~3s8+^h;>u3QrefXdKv{f9^up93|3FA003 zHy?4xRhM~`D}1;jLm%L!nluxKk}A$@OCZ1!{tkM5>oh13gxcXe8}X+FO@yc%*8 zSanu|BHf&w&t}zB9sw;bKi~T}0X%>i2kZjBcg1gn0Q^At$w>I!{x_~CO*YWZQ=d3}_!hDE?Wlg&R6&-*c$4k-v^Evc z=R89Bcixfa837g<(LQf@H+}Ay=#E`^>mA1De_8tLsdTq~FU&NbIMks^Lw@OcyqA0LL0aGdd|K5Jh6Qj1Ib+- z4=Pug^Wp8rhOqsbW9k(5@S(ISjl1iQ zyI%fw&oDYVYg3lf%+r$m;hH*NXE2akErlaYjl%nwjU?*Z{5#sUTGQ8lNElg{pXOmp zL>YD82+j4WQ0S;engAO~qjw#cT3B>=236DHh7lXF*Cf=@X7}@e@J$u@2O#H;3oFzRvqkn zONeV=;cGUqB%Ksck4MB$Ru`Y5JNgVnk>I4W^*L|wQMC>1L7Fm zCZ1sslfzM{ohA&cT1MDr@Uks`1PWSIKNhsmS_VW1BBQ83Q#-^+Gj?OPjXiSO&bqtB zsd`WIs;lE(vwr0TqIUp9DF0Bn>hS4R&jVl(0C*RX4*10=@Kq7__-yaEkoS3e{0IOZ zlvji5owm>C9tUVn+r#)d9*}g49XrACW!v`3+hu?Z_>Wb-n$!Fu&o@s_Lb3s-Mhd2w z@X10MXQronA0bu%^juK{%NJ_%heFg`wEJ%MoBu|wU#!y8!BWTNJo%|XX0S;Qr&d-+ zv0CzgfRQGlq4zji{BiV!zTJ^KSOGI;g18leK7l3I*@nFb$rbut7|^CxxOKJ4{-<5S zxJGh|EbAg}+t#f`MqH>h^mM>`_xxJsOh#lxKmZwPhl^~zutY#I(VExXDdX&NCga?2 z&)l2hay+2lZfdREw-Ht?SDl0#-QqpO)V8HPA(Y;mqpYo7;uKlNiTN{;YB~c6+(WI- zn;LBI9pJ`b^vT^)@qvutceb7QS;;}7twXypDtZF@Og2LWtw58b?YFGaBX;v8iaB?p zHjVZB8BClHlbwTp9=6-3SALGHaX!`s9pm{{$Bo`d1ig(CmWLa2?3}-eW(+g+UYdmP z*^%D~A3_@ngE-EI;+@UKjfc?DjSf*GHF~~z-cT6**rY}D==BH_)ozCviC%4e`?u({ zJPJ8Pg~z3|>H5ych}Jt;#~u#xOt&64EOV5YI7_Gr$mMcyq3<6$J#P9!=gs5o;kMY&ZqpG<3^Qs8Mu1Oeuk@z*1%>|0<+ zS}tSun>X*R)^uRSZ0Uw{!~d)eOU=P@QtyRQi&pB^KfO~n4@7SX0I(9a*!xxUA}~6N zIa#5=+!T3wOWu=DGgBBCfp9!>SDEpH~$Q(e{ z`2p8@6tUBV@q=;OKIpEn^KsX z;&5fXh8bEEgvm_rV3_6>+cU`Ij;EB-fJbgs4CZ!bcdpeliYtHXy_(5-RHv2)wWx2N zWdBxb({?&#JuKImPaZA<<^JXzK@1isP9j%&q^uykh#a>7PLU=GfgbqncqyxbT}Os& zwdLVEI|Q| zA7sKlv1(%$Xjq)cZtTUZ)qISvL)}1aqM6VDMT+uQP4?U8 zT2qTCS+?cbO1B?>jd!r=Tb(`N^x0gnq%?Oitqm_n&ZEIbb90ObY(}fXiK`576^Ngf zOe#6@h#KB5C40L`q1#E!PtJSp)|^z)7yiq=gsD*Nl>QM)S!qg&bBuj%l~QNBhMBVt zd`UE|t*J#PXM6h@nK|Ji0w+coSX8`io98%6D7WKI%noeKFU0fHo9E0tu20u~$SQ&H zY%?qH+9?iDe!Z@nc6`m!74p?}`iKMsiPf89S3Bn&`~1M&X`sEg^I|75j*^VB*wQpD zT$f&x?K7^`jDnf^4{T2+`IQ%E@rV-Y%=7U#gc10W&tSG8s`=vR5*gvKT_4&4DMVbOU$Y*V!3(6L z1bw~XQ^Su&E5Lk+@`yoCyJSC(t~&tpPOv1+*D9S60K60OhH*VouKAzMb;x4DXOGWR zIM8Qzf~es?v^}&N%)dAx6;h&gu2gbFM^;*$_V@PkzLr1sRq>1XID23^{Mh;7x6s>p zzlV8dR5;)@f9H0h(@+~%Q$_f}r)=rhQH%}vxGSz8U9fie6ZtGiAWW~hu>U)ilm(A_ z9}5aXQJXilxTmLwG-JT)jt!O3ptrz-j&p{a7z!Gg!PbH}-77h5wt__^>?t8<$;%=# zr%#+Kb%$R}T#V&_vGYh^`>gQP+*oU|nxUbG%eTE3RC_7;v;w$f8<&t_H-( za`##$RXr~>e7%iHwI5$6LF`gTqv@jGTD-Z^ixfkyvlfJ5UGzg!?wnGAZKfoMiw@VzI*ZRw+;aI* zS$%DuCt?(BUbaXLTmIBBm*xxdHCDR`QHYUV>4LC~dBt8>Uo%M@>GtaTUC6(H+OSx_C%{RS@m6>!UU(sn;!C4c$5m(XxoRUU%fZQS-2Pd6Mxj=49w~owe5`?? zxyg!ra!=h9FJ+(qkHDS}0@%^~1^7xlT-b&5Jp$hYT`6Z~G5%2HYHcrlc5V z@Sso2UZ=k2sl`5H^|&yJ`OF(wX$3HPKp{G#^0P~CPCou*`XvAe5Ut;2qO@9Mz(>2` zSazLPUwQIwMB@Ozt35F3&vN0j{WXWRx4 zFfW~hhh$etu*u2Dw$3*Dy!WK24T1OwaEd-A-10f+RPA_ts_szZd6Pw2Xn;e&&ASY} z_0x7B5hUG|4V**1wu$bww$VPC3T6`-+7v^DL(^MVoaPHGlsHNDM0%l>`YBvQPF}F@ zCri6Pngl#WjXcFc3}sRr?Bu>_*i~;pLqWQ|Pdr&`Jnl#p#b&$qx#L_%LjO?gk6Lxb z#5Pd{r_1v6 zNK{As0VRf=c!q`LdIg0MbL?VSLAcKj-C*b9((@%>H`oI6|Gb%`%I=euxI&@oEW{7b z7E+_0TM-yWOmbSF{Rq<+9fU$B?OSdrec@JGZb%m+y?(LW@`?2ckZ2CKi`W-EGBx$k z<&E&$6<=~AXZuqz1^0_c%#*6E6C6$GbSJ9lHSAQd$pEu_0{h(hoaq6J7`nHF*)}(! zOx0%P&nb4puhRKXuHwANcMF``H{zEo3as zHbq7a*=I`39)gacrBL{><3g~{oPF2i@}%MlWAwwpyz2e;F8e+QU-yBPy~cMKi)cHB zAw3ublo8|yfh;?g{-(0wLUbtA`V)z)noM4}o3-&Frmtd`)a!TRpLAzCV`tj``q-rY zrbI}v38hQqBKAGjx{LM_dLC&S@yk+@d@fgd74B3+2JfSv8;9kFqzP*&(m( zfO4bxECu50qv;!Y)s4^uOlCX=UB1xFbzY<%VAoACG00%>157iMfSD5j1AwShN5F?j z<-UQEhX~1;m{9J54RG=|Ux~)$J{*}HEjQy0IXuA#^nWa?Qiypb=|3E3V&mYPhxx(6 zh`%K8RImLDy3=$fQ(2VB(fjbyy`@S7!YXXE1W`YBoz-+6Yg#thXm2SLpDr~@yL-Mu z7{`c$h@Npj+awpfNkJbk`Zp%+tej5RoH8F&)HS&g%**()jjHwOuo>^{vHS z<+EL&+<@Bc8&wS_O93W+mCd@N`m$eZY-IxXX=x=@PZNW=sHkmM1w(`BA<_n00yN13FM`ruwWmLm$JS0CavKO8ztXg3tPe8levPu zYRNqP-)HQ+y%1P_7bsMB3(uWjkCxb)?TX}laS@Z&3tj#((?Rd;ci0H7n;}~{?zWoS zu_G9C5k(Al$ao1ZS>vtW=AtPxj+3Y1YdYME&D(39W^U(*|K6plKnic3`BhvH{F3{-=S$bE`=OaNxs43~#tEgms5OlmBwlLdlKDg@ z-tZ(|VuI0F_{7~NU%BdV3wRdp(~uW#e;B5^316#DazM@g%=GaPod=sS_#5-AL_H~0 zuBlU*vI*J#N5yFStTeqMEspr=XIB=ers3wZ2F5iadEdwW3R}t61GLfgWf0aX1KB(i zQB)Gv?V#J4RR8Zn3F=Q9s((zFW30myKN&W&v04eY8N7-dkm(Al7U|z28!${a>_S}B z+G+_-pS`|HI0n4&9_ItZ-`bp+0lS$9Ilr~JvfBR9(e`5*5a`0by;ZvHkI@i-ci}O_ zg_Q4=xTs{e>G*JjuxNr^1|+F)3s`C6(S7~n$7Pf^5RS0D(Hq~~W81nzgt$~eCOsBi zKw4}UfLW5@8A|!r%B?sgEUxtyl6kv&>N|Amdn1C_z(f3)H4|!YYkN!%830@znJ9=y zn+}1BXfH5~dkime-v~f&LEIg3R=iw)9n&NZr}Sow1xI_-Z6}YIY3pZ@uJbF{u+MPy zVQzsD%Y+0_*5`G}DbzBZj7|=aU#wSryQDxY^fx^qK>}jL{J(U`Le?E^qyKbE$#Bv) zC|&UMHj| zHwgBPOc42oShEG2kfZ?+#i?GMu4V$iXTy8@k!zT*CXL1Thp6pp_&YbOqM7F_3au*L ziu}oijswIK()Pe2X@*0SPR9Ui1|`sEF%|OC1Qipe+r%QZv7di5IRRM=#yCrMrLNjzom{jmC3JxY-;GD1D7sko%O%+&@_Hnf)iT`$DbY z1bx|cUKYKs{m`>GvV8YQjOTwn!Wrn&jGCb3^g3d}HqrZx95l^8^Yf%X1&?DX)19#- z`JfK9J)Pv~R?Ocs9NZENo!DWupb2)r0n*Cogcn;z>4>TPM#77r!Po?YvCJOQb~3Hb@-@zb=}U)Bjq`d;B*)eG9SV znD48N$+QR#QmT-T!QKt>%xf1`9D&(P7ZCh#QleVPWJQb))eLu9sZz2Z!G=Xnq_hmr zZZSMr-WaMgf2F+8i#=Nqd;KbyKuEqS^tD|4=s<0`oOOv}$9G!W_YW3Qgc54>)TEda zf!@#PjD9wh8$(S*R~b^6f5yymUi%73iN@z^T}?;7oK}ogTzDcNHO%sZ(fLm+?Oad4 zoT*&8N5Y7xNi{tunZJqI|Q|m4_>pX>%{d$|C}(3$neh` zsIA+>k8zx4{92aK^nW!0U|(#$9QlhMODIJW@^&CWdg+rvD(l-uw%F`mj<3VPyl_cE zR@`*?oV_#>MtkU6F!Kd{Y7Yj!oXPN@H80ECW3D;-r;((Qb5D4(Xj4^QT8e@4KCVP= zn61dP-V+uuU>5pkIt(^uNapuoadvQ7D4^~g9leeJq}V#K^KSnWT>9NH#%3+fI(y=% zX|MdtW?5ffJ_5sI7ZLcK|Yc|a-9vXjHfgm~;_t#hnmf3V}z!zzk9A6(zk z@bq)0!NIUS;sN$}a)H28)v;~ndz24+QcF=k!MuMZU&p5WHj+A(^i@hc|_d#rTS5w!;C#Uco~?nZ-BHNC=-cHUh0>hvN2){5!*^ zD0;2$^VJ8ic(Fwkc?|_@zdv134UlY&q&DA6k>Y*zn-esm`Sj_Fq8W~9<7cdAOvD#S zW#R!Kqa_1c11tEr%7!WnA(OzrdP(+MmLletzb^nSfm*2@p^y{i_wk5bKBIT;w=1^qr&gQ`g(XD#WW7^mR zMQL<$pOey_yGwQhAon|s%74|ac5P~vI^9ZFfMr1BM2(Wtt!%vgUcHjvl^T5(qAfD} z2S;1O&QEFX&aHgh&9zKh;EJUfw=}1b{r+gR$X55(e@TcT#`CVZEJg&kv=?C88(caM zj+Tl%lT|J4OFVy=q% zTYf%XYxwF?wO)3Yq*`W|`F(xC%&!uZM5f-(?^+4~`=zKs@^iR0nl~;kr6;RbCd&fO zWg^Yje5z}uRC_w*p13%~x1Nm`6I3og>{Aa;zL%aXPfK*Yuxg(JX=|2UWxACk0HXYPm+bLLb?J8`$DEH<$x=;c_m=@Hja^g`4W+r+lM{}{i-7D$ql#tw zEGldJENGRWk+c{M9eob4_`c@a>;}foE*m{C$IL3XU2k{dBhU9Pe@m$rgnn5zeuw6& zmQ7O$&)(Vil<86bioJLJwe+J~xZzlQ?nCNQ3;5>&wYogc32=#jO^CG5UF(X>HN{wI z$PQ&&9@1z?2)uWx@Ogh_y`JxS6C*Ocqi>*2lwx9*X1S`CHJUcde+!##uFEl<7P_@XAJ6G>gBFy_MsqCtJb=h8^VuPqMyErf#^U&}(m!Q(W-4@kjq#$FN9ti@CiBaxuE2OFahrab z)FGG=X^-m!!A920sX!mfA+RX$BS+ zIzpNv)IGrw&u@f7M>A8rXHmvj!spHu+UVnv@zL+O^~LSdwIkT%*rj+0OMVoOL{qk* z2det0^CY`+@lG8J?zeoP(X>{?n6^)lqmYu~`Tfz_zT8Ove8#>2zd z7GPp&4nQ~|`BI<%B=|K(nF~v?QPAYby#h&g?eX&;yh->IA1&>`Vftx~{iia696v(o z-ejz&SZ5j|M2dtgZ&{FEowe_lx8^vaq{lt^Mb~Qv!?~eh7uIN_mZb8&nN&r|n0SYA zj7_b|eOzd1QaOn-i2^z=>JT?3K-74%nBehfuXxW(zlugr*^9dz{hYhL%!H=SouRa-mka0D ztp37_`pE~!HY}^N++KZQuwU7FaV|zZg(*!yd^HjDQc_U{v^N&6%ztt*5|b^?g_Co5 z4q2C(#;WXI5=`_SFks0r$h#L8-}qRdwJ-WyAXxj-L3NX#!=H?obDm6nrhiMCMehl$ zB|ykFa_W~-rW;KR@(M*%=LTc4U#THwU!DYwO7Vdz5Wu&=UR)=OU4Rb9`Lm8sb(}hE ziq@B0Ulm|YDO7XW3C3j@v+_^9r~*jI8pn8Xm|ENkcD|zqVqPD8jM&4!pvUXfl8oEN zREn?Pe6#M51#!;4QMH$V3NO|)zAqEHk)sx9JoFZwr{Br27c3~%A6Q=uXTvaVctKB>2QG+)``n_bSF zg2#_8|2}y?#3kIyd8`_)%yW6J)A3$bAni>c*Hq(`F$?_`WC3T=$&FBb7^I+ei1VV9 zVno$@CFH9BHg9$0(5IfwHa#%NNLcb?pK!d+i^>B03693@^bU6u^#S9f)EPHL}I~<$TWKba(tkRNM`X}-{_rnz`FOMQG z6$pWNAFK0$k<yL-$uj|kZZ&bM;O2e}K-a*u=v@67cPTqcuu zNuB;Ztnu>1+_dq4Y5g82d3gfrjpP^932FL9`syplfek%@l{&l-_Ca;E?=3B=oQs#K z+D0hGtMI%qU3L-T2D}rHtLKSr?+NNLHA(L^*NY?j*Pq^pk~7^XdX|whFxd+0W~0l+ zpvL|S_!x`&Z_B@NLE)Lhna}6l>PaDl7h=IhoRbTtE>~t(DqjW!^BypQO7oN^-AKF7 z(XND#g#^^+*$5k!K*mXs8HWZtFE$%9GT9X~EoI`*F@^=sb&!HG+T5n?hSz-`{uIq< zyKvJyF-`4ZmAfNNL^HRFd`tVy?#ZDvd*a)-+;_%>(RrjVL33rL*qnK?6K~R|p4g;M zt5~%eoHnsGWaotmc?M;1AlMnou;dUADJ$y)*aSftBlg2BmfY>)f{$r?pf`^O4m~RsL0fUg*$ysq=-)CnD4_DL$seYz({4|F%ACN)?x&ZqvIx z(x76-aDgM|(sDVajY938RW3%mxbjfrugG(F?|TIeJ&BL|s}2pb8># zd)u0-uU3Du-ja`3w})JDj|wonj6W`TfpB&3e72f2?3xzMqRMHSCKGIcUT(>Kg!>`O z&(4Up~3Zc~)SX!SOl5 zwkN{zg8%IW8~k67s~7g)MpjMGx5O)JxLnZwU6Dt_goQPh1o_`!d@+%t!QaPMa)B1~ z_PU9|T(%LBFNe5D-iql+ygiJ?Na_B$8IMg+Ff~Lv`=iYnUFz@JG3dtsaK`CXXpUds zb=F}z$U~p;=J0CK?w`3xlrYT$vFv4{e}I?);q|Z#lJg7U%&AEOC}T%v=rHmX6!J`ppbY2_$|H}*%Pd&eVl4C zMGDRzl|=US1RKp#q5J+Fd|d2dCvZL%Q^p=U$Iy`Tg~Nlt zr{G)4ZRlyCtlgXiW?0qfPdtLH{D2+T8p^~wA{MCWP>JTQ@i_@L!SXv>A8NNkm&U+= z8EEMRjogYM3DI@kzZ~+)^2V*J%uRS3>de8$eO1{FZQZ6T5QKcZX^Gus&4Zj%FU#lce_hT%az0!^<>?YJY9*e@U2O-l-)R%?#GYYzJ)}T z@syV3-<^TPMPn? z`u}<1EYC;G|H($j{u20K?#DZ+r2k258GHHvxrwWt+Y{}_<6WlwpVzN~79B7VeRvWb zt2F;*l30^9?)~@6|F^CD-~1zl?%i_tgSPKk5cL@VJ)Jfo#>dCcoBi&am;Xy_9}YFo z2<^Tr@7|J?xWivZB5oe@Rwv_pFX<2m)rd%tMUzMerOA9FkZ@|__ELKj$VdY}rnQ|p zoINsFKz@#gER+g}(t6DNB`1pmc5*B)s(Xtw5l`rB3E8JYwSMyBtBA`1p#e#im((;6 z7nA^E29mmuh-901j$6oeZ5l$h5q`*1q>nZfNY!2k1CmxI{@)l~&s^lSzTbEQP<6eJl z8$Ls`>C}d@ddC61M^ZtfIRAN`aK|F0d#2Hwg&E>Wug9PJB2U`0?k+{g=T_6uW6!n} zBp}0m2MVWqe#3xN!TV*r)&^vlD0EM+1tyMUfA}e@f8Q+x+_h{- zh;p{@0C3I<2fC4Gc*vg;0KxriL!kQ>r~7u?PSEXyLIS`}VfWogFZx^U_w2$Vv&kxJ zJM+1I?W+dE744T^${jwDSYB}#e_5;T;bC}A=RwUQYuy+};Hh{zQHLLsuCg9+%cEe< zj=@Ljjddt@i>Al(ZfAeJx^vh_{zRI8%0yiFeEoKyL{sPz?w}`x5Jl(k>yJ1}wO&v$ zy(gv45*|p8B5x4oINvW-^FG^8-p}>IwFdwtT$|zEzHvS!DU#4AzsG0+p~C5KiQ7bp zO%=qp3Q3F%yaaifOO%V(_xV^@`~7P;rRB{DtGDxoSPr6|c+t=2%hts%{2)8g8#XYn z!^egzaq0w55A)bKLJs-4Lq)@KmPSKVx;Orupo;n&d5p!a?Q~9(x$kjtJ{On0Mp@U} zz8rCLze$8Pw6o)OpAp1L)a#p}yJke~w%WVk$>#XQ7sfrM_}$_dh*zbvO^!X`eMz(H zks-10K!x0i!PBZ8l{lN+3!ALDxgcE=JLjOz?tTiP$q_@mn-r_7uUqno6P*zEA59e; z7$QNZGO|7S0E6%@b|ZySePL$sL*kps+}}ulAI=+(bMHTsDiXs+_Z;T~w?yEcFM6Ik z^pNXM$jV)2cK$*PNmb4}RDbmtS%rd_KpSmuoP2ytCp#yA3IoaO<-=Z-0Wg8a-ws$i7VPzfY;*S$=-EuMu0VQ18o4Sqk?p zX$Xfk;`AEG>254w-_?I8_ZtAB5^sC)e4q3@7VrVDn+8x=cXKLve_!sUQpI zeuJB`L+JtPdDWp2)Ruz?cp8d_wz0Y4KC$EJ8S_puB*SB^73{B3@trLj%vUY8&&YT z6!dz$L7M%>2f}i9cQo}jdW!J`9WHp+D{i#gZaff|jV0XNg5IKAJB4@`UOh=Hp?iyI_S7QBcl=M>d&Wzt93|CIWCXpo;_lzm z+_-jU;<0b`q%N7P>w%eHl#Kf7A-=zsChm$Rd9jNle0Zllc^r#OY5{(*J4Q#d`m0(b z$!+f`f%e%qmFVDJxA1m+Iz6W=*3VqJD?j=;i!U1IGb$1#!t4$^7`D6)34|RFpGSs&)`iZ7i|~0WPfsz(XOmVxu&C^=eD^zMYox8JS)tcEX^#DJ zVlX_nQTd_D{a&H_r4X*9PTZ75!+81${RtH7xW|?qvN$G0CVVh2wTp7I-k+Te_qtj* zdg}>ag}M6^OtuSqUj90ZiAI!tT1FCMcsd&B*GzB0_Bpas?t0hTs}$eF!j_PHpT|6| z*)Ed366%X{2R}pHQY=kj1IMh;q-laJ%!YY0oGoqZ+zgMtpDVn(0g|3n$2%1qc zb-Tz|h}M=E|JcD?!F3Gf)^sUVe%4ve&EX(VD@sCqs-c}$a{|#QhtFTp1e=r(rJe`Y z<(}MjAT9R}ShmaAs&ygqg0Y%l$Etey(7om-RW()RUhv^OoAUaORxag($&)^tdsX!@ zs~FUYe5R5Ttysyr3xlnFXLC!S_vIIeZoZS9G>MxhEGl(<>!qJX4lbO|wq3>!cH#Nt zVyp3`b#D8Hh2mh}v=ye?zL*VlHi6bBbo#wDU7vSged9l3tH9SXGZHRAIOd6}6D7wy zPGbujKcAJ2MEr!Kv_;@K!1<34YZETBn}qq>(Qkj5$s2wt@v`{78ISlVm{iX%By2e` zif#ZR?|k0B(cC;!oh97jA}Q|RhZDa1`d9_E# zuW_F4pzC#5kwvkHSDXq})%lTs!fCvaGoS|HyjVa`)#$0?eq@|9ou2>Y!RZXhsRsP;8-7y?GN|-=fBE3&o7e++pJ4mGxwbOBM6|5 z5?6$w*SimE`@9;(c9LN|-=@Ba&2rTN>_?!;XaoJk3+PE$;KJ7@PwV1)n>7wijn>K% z8=uLz6`N^HoL<{dULhv@xV*muy4hsKzXY$h36jlRz4r7xSM@x%)?FCb4pEjhnK}}x zxkDOtu_-?^5K>s-#|AhiCnX5oq?N0vEMe+nsK0i`#~+*QlLqE8Ej< zfZg_IKHT04B$IPxmd$LS`n5j+-3q{DuS;`D2Glp&7We$x{&aE_i`N9B25&Lx7Ym@v zQL*Z_6d`{)-sf3?O?a!1*P)#G;O{Qfz5mAby6wgoK>=NCYk~oVlaBs>x?Ms|9Y1~Z z0$QSOXwGxh-J7EA*?qG3ORDAP$npoFV7%|&~38R+*s)9-9G46yS~H(}SCS`A!{ zfEU*dyNtbw1bX=^g(}`&6$*GLPNq+)VSsCFd4&N85lxbwY%`v4*GrG-0$qEp4P+|| zDSArrL}+HlgM?H!-+ zl-z(> zzFVnp@Db^-T+94p7Kh<+U~S&DxAJnQ%d?(xQbg{>`A z>Av{SU;koZ1cf?$=-j|xJPb&!olZAvgFo?GoFDU^@5hk|##2D0WIk>DfwKGB<2z8? zRQEIe$}zKE`5i8W2q%pj{JpnD;PORO$Y>~WYJQuoQd~`j_TDEs@o&GA2TL?_RbM0+ zjg7LTSBk4BB^mM0cpK?S|0Hf_WpH~w`i=KT=LV-wdYJK0a1?~G1awXlocS0I$yQ-qj?n`v?N@jk_Iig&zXLWh*ye1>SWc>R_x+XM zBSz3ylD70hkk(2I=!I4Lsq*v4d(U(QcB0B=CN>9c0tY3LhL9N7$f$IlLo!bv+-&*a zE|devz4OZ_A6sjhj%Q7=J+J5Dc}&R(!Rr zl7sIVpcXAg4GPQm2pbF)wJ^@_nY90AGmmR)T)*e5jb(U^mIu|&X4}YYvhhgm*GkNf zk%?R;xpY;G!J~*3(7;ck>-_-zP5aph&hrk>57|U;M>IG9OQtLHt8n@T-kOv7K4Uut zyZUa{aI^cTLA`lri5D=wf}l|1<_J({3+_ zWY0lIY!hN?=Yw8ED}AAS1%F_D-R_q2;C|-fyuYM!^>Nv#2X`mfUa+I0I7NYTp_S%TQeRo4m7W{zv5oAocWLjs4^=Nx`6-pZm6PN^g&TM~ zz+kX{yMn*qW#5hg1sZ8$p-jxXA#iaIzN)B1yeOrjRmsmHBVmi(5mEEeP*CcV_fl<@ zW|~O&PEQdXGGjBY= zOulJhDS8H->8jTjLoJ>>tE)@R!7->c7|ecRS3AuuVoe!m@utJ6>eE!Z&%xHFH{)udZ9^4ee4P^8zU;KpPS4{qTO@qwJ2mQpvMd|10~dY4{XY5% z6{qG?gXFZT)KTdeb<8ZC)=>J%NcLV+Q9@8m#9cw-IK@fQt^{H8HCa~En1>KzsD+}r z!+I8BlIg&9*5QYn8a|NW{sfZ(FO;#RfOnxzGcJ`aC&61-DX|`R@8IJLS z7_~WD zh4rq#hQsx@2erNsK;3-xttrzMkpyC|Z7WEkCfc+OS9Qr`6tZg1*&9XU>{_aLOY$?y zKLeBAsBDYRnj(xD*=}uFq9sS-KA!NvQ-c1PMRTB(L_mcbF4RvS$1)3Wm)$%28d2=(gd8>6vHFrJ#~)52IN5O8fB{myp!Tfcqp+t}rWarJ-3~>Oqh+7S z%r&4I0p{(Geuj{dR~FaNzEhn)Og+2XoVw^=mLZMU5G<;Bn*AyH+Ffn#ux3nEdfXLk zb=j#HJ3PYg@Wa^QzG1B6bebkc`)2ot*Hl5NEhwgg&iMNM(mi^EzUBl^H1MY=gO3hK zaQ)dCyC_Y3o$Y#WtTV@GE4A{;FTPSdiyS|Lxwq`smc)!a(6UvkJ2s44+=2wM%rW`|QBCJ>sq9f+{G=>*vd1*<>r<(>nXNyNZW&jC=tZfch zroMFNm!ZKxQ6b?kzry{{*AHKEb5IGbahbQ9nkt1AiZODT)fL`zkXEfeq>tKEZnF?$ zI)#czoGK}Wd@r{sGIF@{;&-o^W^F0`$4X0_6|Zo;>8rjFU8res{?Yl>Qj(E_#<^?t zX+t|>(wl)M9_pIwL7h6{yNb=xpw=>&+dbkU*bv`jG=*(s_f59NdF|L8%pnm|!TJDv z%8ij4l))lXrg1-K(t~PGRZKap(viU3dzNDLO3rH}IJo_o`HU42bq^G#&@C z#dMm0dSuLWV{184s}>7ZKsn*6NS)ukl;F7SV5!L*o!1~+nVA^gCUSbEWnHf6l=Rc% z+MH&&!dN*$(D_OdrF|7pK_2Q4v-v%Zr=HHXdd zGz*GFbWgjznBzqiiG zUrHmfZScq|wXQoJK5)J;nXQYKhvtUt6I6y*MH_~5{%J?ke2BE4`! z;2GG?I=7vHtroH1jgQm%@pnPnqk>Y6pP!Bom41c#o3}-iI14ERp~#K`gbQ{tF?Zlk{OsWa&vD_tnK~|ey4r&f{1xFR6qB+(&YCn_Z=1JBXM9Y7 z^^~3KnUH`0^NNzxm|yA_n^>CNX=fMaOl;#)3+w(7_42QlMV_mErUniek>!3cjS?A6 zk3C(j%CYHiPqHrx`@&C{GGQylPoC+JAo>M-e|Y9e19ptJNhNZg4Lg4H)FMwhU|?DWO_ zf(Z81MB=$QmG4#8(~dkfc{5aI*(0nZz`R#q$l3w@-f-c!XY<0a7U>vLk@_n39JOh{ zUmxDtF#bYoV=n+?$;0Op%ip60ogRsP$)o-G$LKTl;P#`-uLA+|Mhy-o=Zx=ol8P!~ zas8Px-J%HfsR=4+qWX$1D<~sy?U?cSxA~)Zyeo2^21RDv$^5Ec#&7;}2`{!#i;pri zOT=D_rwa$yI+2hgCa?Wbh|utIg+siZm@VUAT|XWPjgOEa?vDiW|g-zg&CA&S1 zY>F&KhA6#<`5yJ^Z@CjRz_GfFXh;ve>SB({=#SmS+XDon%5#%@;omsx@oJwUnl~pD zp}~P3n-W)AO2CSkt_o)V#-4@GAR41$E(}gfU@u1dVFY>jU9$Igl8%HFdE_x_f2@Y@ zaTvy(S!PoXQBN$b*k9Agd@I?0qjXi}9x(38mlXNIy}-+8etZxWH%F{a*-UXP!p#Iv zak6RB+iXYzzE0?hJ^t7z;QOS#ZNc(85#p|3X&qI=g=6}dplM7@;=!kB7MWSyY4IUX ztc88AXiX`JGdVPl2hR`hxEjk*hi0a2I^#Q*_utV&u1~apWM}CfI(=Y&Bt+hiPy-h2 z)|TTt^fxQmZ{9tE=-kx!L{f3}Z5#*2`LaJClTTU4Iw;@+7VFTC=78Mfhr*Iq+$=rk zz5>XTO@E}3{xI-LtjQ9-iyHvq2e?+xg>~zl#0mHUu{XV)Ln6e0`;=7>ybnS{p!#t# zcc1{WNBTa!i&&ql#vk6tkQjIMlNlrEfJQ$}PI7RpZ7Qpoy5kqp8X!&H7nVvqeGFN1 zh~Qx}&pyBV!$A-uZ<6J>?GOvE$w9_s#)fvbE$q%9{}ajz-rh_sh%q(P zS-GEkO;(74xvY0I_#XAQ@1uzLbxHcTqQ*+%eIw6DG_{O<4{}EyW5*t~ag;Ssyup_r zvZ|`-fl@|t2B*Ho>y#rYk09dMbl|f{Zur4kQ&iQBxNPM86>rpo2PG}Y0eb&>Wc zsa2ln;y;rCQV`RCs3BTqE#(flA;c~Vbfx{_xKb@~K}6&_{c%~P7o+9v$fW zoi#9|n|Z8`r(Q@GG(xw4Yc)jm42ls=p=#2voA>eyOFO-}+K*m*2No<*Di52o`P^U~ zAp`zxY=cKxiV3JLt6+%W+k# zK}31Z%T-Q1e;G_4bfBE(##!rtM%+1^5wv#X`d4y1V9Vkk^npK216kQy9>ISJM3LQo z@-I|_zlK2FYB9#lfPm8^>fvoDNmj5Y^!2U){-20hH}C(BCE#Q#OuY~ERVn#%-%fyz z4j}95=>Lbez-RJrlK%R$EzcAjq5+ zGFG8P-5$Rm7uDeNp_Sjo`fUssecrH3vh-qKy-dbFl%QjdYbEUnjdjEZVhCTI65F;DlK{r z!Pc--bara;{^Ucpe7etr%?hH+7#p;lC!_REZa7X~h)P>^YJ~Qpd@&5M|iM;fR z3i*1kv}MK5R9uZ5K!aZ^){vW{r|_Um4$u~%esrn$_Z)wUDCOrW^$(zn(Mz^+##oFW zETM$+(VNdfMO^Gu_nLt-zk19=be~$`GH% zN=_;`FWe}AUMfFU-kG1h@f zk()40fAudR*-^667Gn-oE0mgtwlv}qr-n*a$D2RJlx$s?6_h4IT0RIGVc1VxKbhU% zt-a@C@M6>PeYX_Fhq38vaC}SZqKFaB@~Iuaw(@8j8g8ZkXFN!BKRRx$&+6KJO_PM< zkGu@P177)JW@fSFAZmh}ra!b3K|+GpKO(U0>az*Kbf6?$G29^iVy?;XDOWs3{ESeU`@#ZhIOCZhDE z@)zvC2!SVL4Ls9tj%9a=PXO%7UPhqeJc> zteoU!((LbdKtLSzE_V*WT(XM{20dKR;K*F=FUddig*S&0%Sn41mXFaSHy#vkxK4c7 zIlN!P8nMky@h)Beg%|Z;DRHsHWh0zJD~@!6KF#Ki0bUY=Sd7fWdqy8$@LMz%+g?eg z)Yd3iJIZ_$Wx|%%iyNz`27l|ZxqpHFF@|Va077ad^t_-A$VAXhcOG+27db(-t@AJ9 zI}hA_7^6-(R+AFCP=LLQ-b}^LP2j23TkN&y2f@>sfgI4}^LYeos@ibRxzR2ITQg9M)5vt_E zji`Ma`4U6!s7oG?B(1>Ik%2Ylap1r9@ff<8j;57T4a-SyOs*OJv+qS)BTP3DPi?3Uu?hT3ZFWVl7 zIEok(UH?&3=;jf#Q9`Ti{3ZA$5ax}_SUx0{TfQ9O|99AHUWT{GBbyeK*|pb&?&BWk z8y%>kF~%6>=Nh?Cjv%^p?EX#0yT{vAp-&xeTdb9$iUH;j)>>~SY=q^G}N7>H#%mvvM1#rwFswsMqMRYM5;fM@>_yApj^ zq}4s+&5t(#x=R@02BgA_evkvMYtp^`jMW$FBhL{}ljr1QTr1Fp@21Fmi6`c9s6pFU zcAU7;OGjA(#BhI*!bX`u5>x$Yqm*~y=!wSFmyA7Mu0D}%SY-jOV@7nIeUA&K7384< z_@SdcUTb5P#^ogQD}x#(X&@BRz$Z~vE`Dj%^c&J&lSp!)(njJ~8D@S*11#=ukwUE- znu%DSAord>-pxmkA`+#EGKF@`&la4}>TraDQ8VjmzaJu{7`LoT$kZiA4$w zl7zV_VQ4_6B~#XUxrxsaPF33wi!VgM>gH4L<@`N!W%5Hx90@$N1oTAMXTPx{eKYlq zF_dMHl#r2$KoH>K9zlf33!JA+M|;4sCSiX=d_ka7c}%LQUWl>_oR=p#m|V$VgnTJX zlrFr2W{OS!&1w1!n8GrG7m9IyoQcT=-NpqDY;s1bE`&$U%*_6JUr7;TBlF&Sma~6g zFMRu-u(!v;wE^K=GFq8Qu1p$5lt$cd$$Q=jq5Mq|C3m%M^Yth^TdM7~AFiRl{#e!* zbV|8#a-ppPWp!DTkXxUKuIB_fYPhfJGwD$DdQk}oMA@l#>q2JKlw-7a4BV z@(Z5sUt$&jI>dHGYWH+25^0PXjlHe2^fapqtD_-#6)@eYx0j0 zA)wI~dj0SkUyo!Ej6M+@zG0pmpk_h{bA=^m zq7WZ-v*+`e3|SY6Y0_GBGXYY<>YFv?3a53?`lxMJ!|7SYq*W^F&bBTyLgAh_8Mz z=0ln=Hq(w;s$yZnY6gdy&;6(ADYfUFyiAHp=Ye7M%MpPA9VX+pLN$>&N4=uz@5;-+ zTBJM5&SiqzW!&v+eF(>2F@5CMQ!jEKvbhr}P3AHEQr1WWc+-M*F3cqxY=^IU25{fD zSv^m+kT;186ncf7xE(43tV0ep9q+Bir`1pLrrImqjFt~~Y68})Ni+2qoC)C%AcwX} zVc-&lj}IqEuZz*msIih|34XR@B%c07 z;<6AVwn4l^x|g0}`QQc7<#mALym4+qK8nb>O|V`iVp}b;o#H1=xDf>iCKKPD9_2V3 z4TS5SDSZ=W2*LQYkzpASB(9t@70!qV@bIArQE(}~sf5&{n^LAm-3MlfVEI}{rkR|F z>zS{WPQO!D=LzF$)_REQXfs-!bb$HlBZpUgm4OFO9LUuO;zsQ6 zA7Iyy7(Gc$PNyhHMvfN>v6-88hwN79@Gl6{Kl9$`RGxB z{E`@QyXilhv66+@dINh2t)*tsY3p`1f|z<$65{5KK(<$Jj7D63wcV)AG?|I-1$Ki) z>P>6WV6>OP7&{#-t8Z1c1R^82_ z;tgP62f~7a{Md52&t~j{@vqeVwW$oZX)i0x8tpPCo5d0QDW)3Z-pKwk%*=8}gF!(& zAa;Z=_l(wQ!hw$_Vm$3{@Ev$fko1Ek-Ncv77u+r)fuo36n1j7yeH%8M;}^Em0%UyO zy5ZI!StoMab}^ScaVwM%pPgB#WU(XQRwRy#!z3+|%8AFsB_@tx zI%Cd6cR)5%Y9;B%kvqmpZxsn^py}0#l>7+jSb0OxU_p<8u(kOXT*k+Y%gfey(gPI@MLBuQR?_RCNspE|$ zdb8tjZ{A8lbPZ9li~aoX&0PMC==q1o7*KYmE^}^E$Ga`QAWrY(fC{j#ehyd76k9+LY8)Z&wI{b!&CrNYT_MoT$*T0uC+_Hp#zyDSF z!Y!_e0_ONXb8m`l{~XaMCg=Y>@8*~$tYD{xlg{h%|8R?lE^EuoM>)}~oCIdp-Kmy= zrkuJ5jV%?H3&Jyg0fI>1hDB8-JQt^0L&9;*{~2IU9k9uD-iH(HgN`Nl8XXCm@9e0sD&0Y-q+Ls+e>Vq8@Rp%`Wq}Q?i z2>@QA+D6YRw;b~>wiy}L#(;KQrf$9;K{#(RoK0e%?yYNJ`k5{s;l!Pt#o2zFE#Xlj zMywNY#Bi`2YU6P2?tQ|VgxXw1gKC8t0(T64VfroihxoCFRZ+Aae!_us+qwd@A)YtT zez;BoSC-jV-nLR#qniV2)6wSFUF)voa?YWF`Vhe30}mE|(lWyBLDLO{So}0mq&>m* z@#YQ!wI8_>^Y$8~+IZHaR-@KC2kp+W)9gGMC|K@ZLHI-O!=vrq&ISYV7Y<;x0x1k~ zr*7coOvLcoQ^-Ft6}SOwaTng%&rP8{D+48$-Hm&q&-FF?x0P9&hmUvwIVbZXUO8d7 zibAfLukOhn7BO0zk9QRw>qd-;cq1jI?AePuNZw!1`E$SIQWsHkcbNayCqE=tm)OtE zNHlVe3b680+yvq$Pnx78UJ2*2(qnA|b3e5~22~VvxCwYjnLtk)w1O;ri4TX6>{{vn zYNL~dxyKHr`R4OuF9h@B+vI$V%cT!{%O=Fw$!jqC`_*6u#(Yid7Tzo5Lz>#4fT_vb z2uVvL_wO9GjkeZ3gCHn6PBt2xff`(b_ZyjJXdF#4=iJgtjwscSMt?2Q-xF@JMZ{P+P%MR*;IWNXE9?bY=Tzyx z7^?Psi7@*whQ1HFp3CX$-&RItmsDX7Oy$ukG~LUpjL`Smh*Vu!0N?( zt&rGr!q-5D=7pf89$bn*SvmTMj#oppM1ivO5fL37uNWgmmpY?}JI!lvCLAuTKh|!Z zq@54G$$m8xyNIt?^MO<#j?9#$vqj7pyYz}sxS{mn{X29*M0u29`$~EA1xs7X7d7v+ z>K-<%bP~MIgU0b&>qH_q4C}!MRE7olTFZ>aJ?SZV!zkjPlJDOOm~E0(@JH6gRw%_A zwC+XCz6><*8d^!F9sS9{uc)k~W%{8Ax~}72@y_L{vSRVKNS;8yG?__O&20U(fFUJNHsMpIln`*Q^Z3Iy}i?gfl7joc}C=HJHH~K!9`+^D+d1|?cXkQq0FMB%X3hA z(9!DMlAAzh>aqM@EqLNXY1eu>PkAI&bo&*;ZCp^KHtOeSg=>btYL@2yX1c3xHh-zI zKiw8r&?8f1g#y6=e#OhYz(WhH>UVh@Lp0AE?BXueTs+^@;dgcC+G_l)9Cup1*H}Pq z&Q#gCzNav_l3 zUQn-?;$q2dGr3f_vu8Ch6c+okj9}8GXVHOh%TW!P^k}tOO+?9m+E~9JHn{%od7fdI zV-cI~umF5HGG8n&PySb`x=A`houSCG)?{!nr{jS`X_V2Umn(KW&m&h9xpK6}NAy|Y3Iqpx^c0DPED~h0p`pz@ zyF*v0Z|BhNGqf5MtQvg+J^H;;e%fPpl<^_?Wl-b`A2s8^G6`H6%8ybxiusD4)}qTO z8iumU-)CHm>FHZZmR=3VYYl%i^$0*o%B(j|j8Y4{x$ z&Bptv(y&c=#nfC*lAd~eUH|cvsKKK zz93mWBhfKyU0+fX4Xsg2@9vGyIZ%(LJH7(vu0H=>g@uM@9rhB~7ll$jIXNL<*oQ3~ zto8{BrzRgPBVvUnh0xH@to#WtXNMf7Zyp@g)`|%z9jp>O{gN}WOrzX~j)vwe5Ah)Y zM&0!#bO$z%AKwK|h4%2_9Xeoh|Nhs%zH0=|gm&k}90ssKKeHjIse!?~Hf4bS(5zPA z_asl6fC0}tAgQ+l?)v`A@F%;#X}rB3o&sMze}4aedY1p6yEWXQ*@n)>Sd=s0-XZ9v LvTWfCy>I^kZnv?% literal 0 HcmV?d00001 diff --git a/docs/addons/elasticsearch/auto-backup/images/es-demo-3.png b/docs/addons/elasticsearch/auto-backup/images/es-demo-3.png new file mode 100644 index 0000000000000000000000000000000000000000..53b7200d5d722adf7425741a82c405eb79c3e21a GIT binary patch literal 49578 zcmb@t1yGey_cuyO2m*q1gMf5*38*wENJ+PJcQ=yK9ZHFGcXtaY-JOT-y8Gz+{^!p9 z?w$GOo6F2I=kUaS_Fj9%@3+=EU*5}0JbOy`6b1(7nUv%kMHm=(1Q-}NEM!D*#tt6& z7x+N2kyN*bfkE$r9Fd9#0*aBYwai((gixQN-dY z=Nzjco>QEamuh@ytC6d*>t3h~oTY)xaP3-1IVuXew@A!-NjBzFa*5AjEpXck71rs6 zkuViiv&xk#w&@J{ur7%N)f-(!`1zcA36sXzFI~=GIxcbWXlCx+Xiiy%YQEnTdjtLR zh|zJzd;RxoLlhj`bLbygp3mPiUBPtZn9vi)daw&xFwk$&kQdw5lwB5-zsTV3WUp@3 zV(b4sbSy=KeO7rjHmcw8dm(V=-BV=fm|a^4SDn-pUI;h0cCVH<4M-^e{{5o;m7|-L z@t-H@L}6)eo)i-9e`BD4UKY+(AQu)g&SHCl0R4AW2@d`RI%m$mIeAEDnYC#<@ckV< z|LVFRIE&)neU!pO`I+LZt^vt)eXkLNZ*8-hBH??@=#=- zqMNLr6PIL!`x2Ttx8^oY1KkOKw=5kp4(q$n(wR2K?h+pm(yN$UzQzEBNm4`L7(ZgdytyV~xV8qBCZK5xJ9{3EON zVbQer@CTQDCjlOISC&L%RoyVSHfA{EYfuda86FqOJb8N7aFVvEusgV)dV@)5vAQO1 zQfIj{CNB~c5)yJIIQ90)$+Da$KH>A%B4J-dJlEILqli7~THOgX*GiGs-OEMa1l%Yo z?S0SLNAsTD$hxZ6T&yB!Y7-3Hr+z&#`G$HNx{>j2LNm4RVj;HZe+nO#I<8cPa46uniI5PZxO?bGkj}TFe%&vOvMR@ zmOVe3Z>{jNd`3SC^R1oMRbN_Xl@h+OAYiN1w(xO3RlKjRkcA~TAo}Qc?N+n5!qJ@O z5x=DaD@-ku&}_EiD04t>{@JOUkT6Y%Et{w|>?a9gw~Qu$%Isqz&@)?Bpd%#gatp*ty0*P}e)7yFJUGtsE3Jd*fWU69g|Bd`9M)=s3z z^woZ{0Cs-LLleA>#+V~Ftnx3{NPTKBvwHpiWh z%+@v4cP`2#ruDrj&o1`jo8gCDS4#7fgl9XB`h1v0SQH3TN}s?_NFWgzd?5V9O;x4j z#|q3e!{TBXG89HTnR)c{bL(j|wokY7g~7!zgM6b(4 zr8I|(0}_14w^@g0m|brX3FE8rYBJoJAApKu>HCF*q3Mo(<0xYOX;yQxMSw<(N3c9% z@Ys|R(U?ALb=l^8%c}p?z46ambmqgu(T$ad;z)y|eQyt0^2S#F&OD(Jn&SHiA+^k@ z7Ke#`ZY7ghCDROGi8DNxZ1jHa=;5dK-ikUt#-q9QjzA0?k2RP*-3Yex zE0o@~6Xt@Q^>)?GC=>6HI1IuA2RrZi)U*d{Jh_0%RoOBLZdjJwF%_Q{S-XT^XjTFv zUq5tW2P3>gd%CRa$^;~sEK9y@z4qYUoEZN6Qsw|X9*d>WaE<4mp7T>i9j*24 zNth|a@hU4yO1tAd6WhmTb9^)xiy4h)&K+%Kr~>s{?qmYjGhM)TAcG0b^1}RT{-4@P z{nXnsPaUqyt&fDg)=dj__?H!H%FNlTi+A;EYTQ(DzjT%EZ~c-y?a30X`1|csKapN8 z7X*~h^FKaatswX&ONKp!5K3R`2!9HH?o7^xE%wm8b__jn*K=MH#w~jULyr>fJ+w|c2uoOHzP5% z^kPpfsW?pil(FCvGuLWBaUG;U;N4h*n76V zTUk>=?_~NqFpD*PIOwJlIG-Dhs&ZM(sUC32>j75{T&p;ceU!q^U|kYA7$e;E`subz!qMl~sq9>0-0wt3d~wyZlq7c1?u0h8{Y?lWuf_ ze@VUovkjRAxJdDDG}#)?3?zzncIPCX z-sLm#xm8uEaoGo9=lbdwf!DMyd9}%YJ8+bOHIRVg1q&-QQS-g5wJ8ftSxj1DX41X_ zi}8+3AjX~rdB|wN5&f17ou2mAG72wQQ-MMv5&}$AvA~MsLG59o-ffE+Fb&ry@Gu0x zL)XX8B%U=Tg^iw#wKK|~Te^$SN8p~?rMBw4edG4sS=i35x7wHn?U~uQ469yJBXfn( zVW2fKLt&A@#$!gF!q+cX?Y^>2G$Bu7Z%-^9q~!TE-+a2SXZ)>zL1R7w0vR#mWeKPI zy9foX5AqLINOKp;?s5wJtu1e-E7S9U#JnozXYXanEO&kh zV@o8VJmV&q8ZsFDMhMYSAN%GRQAjq#4{_&OUo) z;l0r`Bxkuhe}Ob;o;nAUhHUPaBedQ zXU4y%B*HTb7$RZ6#uHB(&OMKYl`SRnSs*qd)bdclQD$SQJ(yR20#7+kbiYG&xwN-5 zKNFQ2j5s#6{~+!JB)hq=DNnUnQER&EqKb0l&wzA=t+_<%+%Ve>JPRXGZE|mHgJ1+- zlwD2c#l?-IbkXkX#=>Ngel2wiD_zsIlhR}&tB)1Ey=ihhX7de;HmyEm4VkTT0#5~P ziV_xd{?z5Sqh0dQCr3=s5L!*8)k!)h->A_dDs7^3d0SE3T%sW6D}o*TX)P= ziHb$x_%HgxG!!@vBi0xf9AYBeiF`uqll!Hd}VjMRa8i{RC( zg3ZW7wIo)~5K$G8@65+0o71{CDROt&E#XAY0`)5cua{7e+tN#5As&$M#v8822--xF zkv#qVl2S=`MJd7)G?m2*1?S~u(_`zjJT_nm$BXbA)%$$w=*W3o(y2!XR7}SoccEx8 zWywSQ6U3J4vlQ`|TS}x!O~!R?ASU7bjl|NpQd;{0(TcG4L|aE?Q88?G#O0ysG3nA! zeXUBu$nt{)oXeU&J*kGXpE6n9MENJ8tc4Hhw!>}>2^r#LwzaVbw@nk((94sWB;P`o z^(T2>y=Nt-#0wjZ{LOwD6(8<-qR}IK%@kE4Jd&VLD0Oep{RHFbJMJN3`38WYR zy1d-%$vXVx?jS7rS3f%ze46aNpMfp%Fn@0gT)^ofYq`a{SC!Tf@l|Aw!cbzc)8aq6 zqw4x#s3aZ%gbjbXa{QA&o9OfKybW%tKzsYir@W{de2xhh`Z<=n>QK{c{{;gCMj90y zzB$doIuPm_Zu4atr^MNa5gu)nT8xE8jl?3@!sVJH^3@Nn$u z8;%M?GkmawoVXjapXAU{N0zzdR&tIc>L{=4KIF6vWxnXBdB-7I{i4Y+p?yUTJ`x0s zHBEkTi4t||-;?&pf@>(Vd+!6Sg?iiZT-`!?v~Y5CU%z2?11M1OQBCwBs`%Y|Rv=`p z4B?MguFnE9YlZ*ZU3hY}a2)&y7AWrN2AH}bKfxjouBG8eX!l-Ie!qvs0t%ok9DuwO zAzqh)U;sp>S2cdf_p!5yC-Sr_&Z}pLofK$bvtKxfDlzfIW@tX=`-i%&#cW>R_yCH) zSIXkHuw85^Z5TFT6s+BeJ4W;G(0N7u zjM88!pmy!pFV1pwVcK5QXUWRhF0`Entd`R6HswWx1O1%1d)N}x7^#ozjAgga5`MKy zZyW6!@FaDX_y-B$es741@kVrpsiy4v*ey&4PURop#7AfNv(@Z;-!i}2gHVQqR238w z61X#D$`I_*(HCmIT*8zE^bt5UZip=wp#?jsiqp4~ehlKhS@NuJ7ZxLu@czDrJBzTQlz6HqYqe6 zh{JpvtH|B`SrG-sf4MvJ&Ypx#791Q#rWE>H>x4t92C`+M3g&PUku z1_sX?L)6BGHNzg~@BC_E!n*aF>XP8$!n(z5Y;2tI#G!ZRNT492p>b+!4#A4Pehu?% z^xx3rZKI<+q;HoG52IRJz5nOlV~%9m1uewC1Mbkk!n9z%NRp+=4~oCn zOcVZ_@xlES9dX$D=(V;4kBGK?*1>7AHIkk*Y;3_z#L{|q@`Nw%uRKe)afA?_Wyb&A zEz0zKRRn|y@!}YdV%i9F6KGl=IMks{X`iL96M4j)7c&BQ|X{ zRNG-*pB=ks8q5CG!M@!Wu&}gX`5g*g9rufUHa|bl+Y8s?J1OW-K75kZwn9I}LZ$0xc{yiwFgadbz?ixJR$Z;QKc`Elts-N}mPxIM z+d>7Ekdg(eO;Y&?2*tVZ)x8X*O=6mw#O>|v`-{zU=33U$cxJ?C^L)%j;0;&|7jYjI z4Mv%zWFmS=1rpPWJlGHV&yK!k;e}E&wFXo{n4#$+Nh%>qBjovJgtu?s@)Dz$Zot9{ zeaFt0Yo^8jEb0JH4&j#_js$ zSR|Qm+_dQyGxKUg{Ww>dXe^|jO?;+*H6lgDwixtBza7_{mbx&jMfOR~yHwT)w-hbj z8TLzQ**vxJry9aR*_=^lIW88ssJI%87r%)^Q<;8W6HkendeP8bs5xW!{CVf0Psm68 z4CAAuTMf$Bscam)5|>wLX3TC=>vZ#hm`audDAnKQ!FW2hAvS-Q$C{UGJV7kZGC(UGi4NWh54P0n%6nAv9A0} zq8?_5$vaYS5)HpLc&M(8r%l-oo+y?rWr)H$jaO9kk4ScWYD&wTR_fd9D?^ijEx34z zi}Oix$VNv(AW+b=Ha!lvBpYfM*Sp8VheAR|Kb#Ta(FX@zuEfNi<4F?*|EfAd06-af>t|cc%OX=C+qC8uApCWFzO8L~XvTsm^wmtTv zPRv^~6_jI{r*x80&RetjIbU_Z80kA9*6&>BOk;nk#?|c(=USB4*LPspkfwERjVG|i z`I`FCTg9~C<;xz9+N_nJE&F-)6Z^1o**@}G@^qKWnONdI@|z3IicFnHuZ8ZzyA3uKhTwK(v6|334SA754R1s?ow=G6eJ~=Gy z;y@JYNju#XUl|wm(NH%$fJ? zVqwwdORV473wnn106BTeF@`_AqNcVeyy=XDTwmYHMH)cVHd5H7Wzv(f*G%cMf1E~Y zh}y~{63kq`NQkq`88>Zmwh)j(eJzH_hZ-g|(vZqvpN*fY+nW(5D{V(vPPoAYoPbsi zkmdd5lJ%W?n-6TdcGBkld_8vMO!%N zyv?yiM!YQXiO(wh7P1+{a_v2wiWLXzJYMWcu5dCZ>?3*4xfsvue}^(1q-~z2MeUJ# z>yFY>QE>V154n6V#(gzRa}7yD$DIrns`MHEEp~Ep+BeEV&U4_DF_P5QF)zsOe&bLE zCOFP;9!d%qmb*1FzsUOP2m!H~>ec5VX$uR^B8J?Y7a>TOM$T1iopPLG+?8wsA3Es^ zvx|~e6;aDk%FhRf!-t1xMXLQ|8`IzJ&>7C4N`^ft)2)09kIp#ev|r4#SL+`!{h4EA z9BWr0|H+p7JY0pnlb)1YSW{6><(BoA9(~Ak2C-3Y93SKKcWg;{IdVRnSHskNdNk@g zd^xyzTswi#NW-Ti9l8ycyjuRjGJ0~hIpK4Bm;eNVXKHTmfS>Yt5T!GhU^-W z3jLgUun`KTzY` z=kGsLX`&Eo^875QK*C*BLG;NJz8SUbJso~&y1wC+2olzl70#I5)cS1fSSi*~YFcU( z88gZ;9P0J0jS5>9Oj{@G@&fgoO_~b9etC7br(aZ%0$tVDEvi_JjQB4$Low5(om7NT zMEc38JLUC^;c(p%XDUym+^CZSDn2U4u9e5(#H6N+f1?h(ihE0 zbXM9v_E~qHaZF6Cq>~+1LO3UuCC-a2HQaWC)-CkT^tndQo}2Q*UwB#2Ne?C$%jNhrlq8CT+MrN}igwH12m5 zaRtZIvgy@w+O4whoZarT@`dR|cX0X>6a53yRHYq$Ov2Gswe0rg`U%!gFsW9&p%%~NOb0}49 z%D#s?VFX6XQMdk*e&>c;Pf%be&_HFhrM1*Hc zI@;PJG1M~QQ;%1@BKU$XtTtW~8IYycOyKS8y}Ttj(;^-2V^yEKN{t?_{KcY6zo`_1 zF7{^(KniBAb`*dKNj$S6y;2`P*uS8xAISN0@p-F|w(ADY>gp;oI=b;CWI=n+O{U?! zfe?qXBouXaX#hwCtcJ_^_Y_%1;3PlfI=BhfbAJ_5@Ulcq}Rq&TEz4^aYOaD*S@xLJr++WH9%nw_pxTS(^1wR{%rzFlW*0+=>>y8EP z8-61HUDkLI^B#rE{zig7tPfSM*_HQRq{E+;zdM&h(oht5 zt2kf?0hK29%XU=LJJ&>yoaw8Elx( zNkfXgbxrWH@m^7jFeK_DO=BrZeW`VF_MOfB&Ktac$6nSIo0cHyfJavPk|nkYi=6w* zS&o{4tEnDrw*eXS zL4K!AG7j<4UH?NULcY~Ts9@*j;hYF9x93dl#as(ZIA#55rJB3IH43cXS^aM>z>}FA znjUP+YTa_R^6puw{(=18u*>8uGk*P?(OXe4|L`>pL;tnO<%bVx;%*h`YNFIsH~d4E-+` z4Oa*1HEiIBT{FJWU?&8~N)tkwc@xia5cDk}_EGYZluY?`{SPF$*M@nV!mSoh2X;&K zYDmK9l9Kn*V0fp7U)HtbhlI|*WTe5SF=ux@zh#sS>oH{4lN!j)ArE`u&d441B#a5y z-3+}uf+Zw7V7}_jYIgCtksJ+2YnE42U|`NXcPSL&OCG8MZEKkJj!ggI7@v^Pz#PzN zJ#6>$$xKh-EaMC=l?Bges=SkuqBH7dNFqiYxvw`|kJFVK$SW)Riq=Q~Qz_)%(IIv+J{wKr z&?Rayi`eqRZiW6aAfDqp%yed=xaj@)t3fGRPZ?^=_5kYC2uqzz?65{us3~{xydvNJ zh!dw$XC6Db{n_GNCOej+U%fsio`FNMqWTVUQ!F*ilHJslHs176e@|lU(`u|__>&(w zRdrPlHaO=6yei)fviFeYXUk01>!K3l#VoR$C8$ke;$MW}l)a&iPFP*+Q2!*m!AdRYm_`?!kn^X)hp%&ixp#SCpZyFg>rVvYhZ?F!WuoM-`YVBEY3*$rmEZ8gU`dAphok`}ZW>VfN2r0!}Za{-={Wj>%QBs%e8>02@M|<~QAas zPLC$=Byd=79)uHqrs8HxZyLAfLqb9i#?G&7kIF8l_2vs#@ut75H19=s;=G#C5Lt<% z{aQ|AtaLOfMuSmlV>rd1p~IQj*sJ9~obam!c4TYVw-NBaN$y4qsNyi2Jw@hEf9CGS z+-+p!QE|uBZ1A;^zPM3jpg?$4(Nk$pm}6e#z0OsITbys0A2ehlU)mEQi-C z)UYLo>2iwpQERN#`eTCgS=ozXnu#)L_}Gfq6ppL&z8>1F*l}IiuGh{Az~C~fI8QXV zcCfeDaJhNkE2!5jObheV#oooRqkC5*PpL8*P6oWZL%`JIg@&7G$Y_p$Hl>_Nl98Hxvgb& ztO(6k7mMr5NFyE^UzHWAsLyb%3Rw%3o> zoiU2WX-+8hJEl3gxv?65b3J@qv1xu{6|||o(kG`+KP9nOS9Zld{wrQ7`K z?!^TgzN7vE(}6|?5SBsp7QythqRIl6$cl;^6HK+TPeRIOGM@acvEv0C?H3O1<6;sMq%X7&JJm_L*O_%jPR=+>9dbg)*)Pk7RSbSv<)?o)K@)q6(oKy{ z_3RZtAC5cz^1PUv9ic0A!@%2f*l+0*em(s0M+y_PP_9AW# z&t<*#Pu_wirWD;c86PuGji}l9o;%xeNDeb*4Z(hV5u2JK+G0$A1y(@z-6xANV z={0`5g*qpCDpSJM^k<7>`x!-)&FF$0T355}@@edOf4GZQI{|qA;+I?eAiwZwKys+< zfyda+s0>BvD1N@#11ZBqMD_PnDAN}LL-{W-Tg(Xx;XSxS3LZrf+sW282pk{!cV0?3 zL+CzX@7EDc)v_L@==!a3yh1F?{hBW1uV?&YzC5k56s1SM98=JS(tc?=3|_+XQjC!< z*)*K9GuqLoHIp11`{}*|N?X*+Lk(c&% z2sQx`VKnTl(*blIFF17Q#)`55T3J;B`$dm>Y zctJrU#!kv1pTH13gXH5Q>8DTaBj{9%FJzyF>6om9qo7rOeE&&NI?xCo+n8~sxWi+d za46nPrk}=S1mSzfP*UgjkO)YTsgJ(YFvIeBFf9i=C0Zq4_>Xc9wF-(@x}NvX?L z+>pC?_(J<-!>QSr5?61^Q6nqh*e5EcR}jAMzpOrbh4lBfFQl?GEd@nMelhnJGwiV+ z29=Oe;U#h>guL1W!`0Q3U(y>uIhBV`|3<@=QjnRsIiJf>mSRwshB^gbvby0G-h0JQ zzMUW`Ek;?eLy+^*;bt2ZIx?x$f9n$y`2U~%ng9PVjs;T87dSY_+u2c0|0z;Exx$0GcFzkjEM2|^#@~62d-4mBf94JQOIt(EEVQ_T{|KCYKH@c!Vpb z4$=vzbhgRBC0iYihJRUsN#oV(?Yef4u=F3M(MS9wnQljiG8Mo%lUUi)9ntzqZ#KXN zccki=tT6KH?L#@u+;AptyU^0!=<$T(-PSCX#f&4Igd>S6Mg{BEhzxXkv`@Qb;@*MgV9M=&!==~85mGghY{OqEa&!el z;L6HaK^oy|EXwQ61pO;+Dd2e>7LFbq0gxBZTQmNCJ&Q#<9guI@0qxiOpnnJu#dt*4R2H@VwqgYU2?T@OC(P)McD5(Wukc~un-x)AB?z6+J zX?j1LX4+54@epj>ZLoMtWeR(`+#UDAUM>4$K;>Fk+Cus2RmfgRV3_vB=F$}`^Wc5?27}YCM1uiiyug@58;d4Pt2H6EOojC zPV*BD&{+vegWsg^DItjr&W`$)7GC!szys>Pd|(+bc&DRta+0kY<2IE$RMyB4tne_Z z*CBp?J);E?*?fKvKT};Asw3?El}O@j<-)SA&rN^E!Uewi>_NF=%j*u zrC#R@vNV@mr6nbsm#vRNVR$Uu30x+NO|Cs;Qa(vZ_~<13>(z3$wrr2rnU7K)9)e1F zvMcNTu|-;q3HP^`vB}9Z-|RiMzXgLz?s{J|71Vl9PV8`5v@MF3DvVGa9Ub>)DuYW~ zA5sRH8^inhBtg0K1B~#)mBGVVzKHFp(4`I78+c4ma$e^xR4LX!n5~}oI31pM-AeZW zidLjqAET5nf9y|o*ES7-Y8wknl<7pC0_i-@e;^J(sj#h97*KK&O4y?UpTD|Ti zrKDhW7aAM|kGrr9jf|dSV*c8_>7i#}P;YW!6BQMeP3Ol+9PAc2Z0cO?4s!+O)J%Ws zebq@;cQI?8dcWv#vy;!LQ4@Z30usOvC zGnbYgADk1IwFZ8C$gaD;nB#NW$G2`i$A!9?hr4UpRPKnaOz(_z0cX4W^C=|_jlntV z)?sB;t+!%ga7!Mi&j<(zK%w3q*#4?rz02)Et?NlYtt&JwtqhrL(EzQ%XFgdgc%|8o zkOTR&lC}7VC3aWYS5f(I;A}3Pi$5w)MOPkccscCN=~6$v-<2C%(O(%N%IqT^~c($!0bD#WV z)oyQyj9{+TGNV@Q+F2ki;YpIt<}UAj$PORZc=OX8Eco$b`xl?K^MYf~am(F_ z42T{??Nl(@m}%+3zCsft$2gY)S@!2NMgc!*NOrsZJvlCJ3Dbl#VPadwCsq zUjQ$-)k9>xZX$9^08=|}hl(ETf4(M^74XIwOs>)N!@-()eGOBDFHayME~8_*Z1!J(7SiVrpmSS43}vk zm=yFP^axF*Wo41yobPQ_M{M2N%@`$CUoB30vFr%9+N9ii%-!5g7O8h;iTXq38*w|j z<51yr@CjH``P@O%Eu?XMW5X8cX{FhCUfo;q?%TG07un}ROWEzUH<3KpI1;Maaqq@jl*lIVr1N%zOyPuF1KUj7KcF!f z8obA{CES@>K{U7JCH4TJvZn$Co5p4*H}T|l>2a}8%z@3eUbDyKZX;2r!eo@RNTu+D zE0Qzy%&Gn65JBnX)a2x<4KJ_P9WQ8$5r*+c!r-2yefjdemX@5J9tDiDvhx0PdFPKl z9+RWxcBraVn@^oAx*yt}tV@-&+?e4qed_x4O?*ysX__|Eqod6iK0+6UoS#2MhPl3L zuLVX@Ufy`F#?s?zC0OnPn~Y51{d-IXl_FixcJur9@1y2JRyxLTa;FjZb;ezzRf zSLxd!4GsLIm)uRIv$yUALJpakjX=z6&VHRMN1vwVx3(PkuK_~%5*BuPlW}(xEb@|; zHu%@C_p&tDm-F@*nVuH}jZO#pz;9~;n|(+1$0XCU=ikKUMcw7)(Rt==#2W_|W}Ri2 zy`%|t-^Aye!EP^&-c|%%KKr5LU2}3Sa!9h~y(n;t>fU~aj2KY!xK`)bp5N1&P3h-y zdW53`u;f^f~UG$T+$N<*OMMr}Bo3jU>wh1w8 ztknh7wSv0%L=e>o33sa(PiIfPqM!<-)#!8#7Qjc@+GPeu$??s%U{d|N ztK*)%i#u&IjD@W&tCw74{cOkiaJPR(}wo}Y2uBKHRDAmm!x+iZ{g z@i3lI%QHaFpGni%G1G~J!Cm{s=4_H1XZr6ylK-RwjHJ z>!p^QoSZU`>l55YgU5rVhv7bwOX61BWYFRDqo@dBzPLm|==?>a^C8r&?Dg#s^n&g; z!Q1^xs8#k!I`7UFDCJ)PqqkbmKqnK1`r<|J$9r@n1d?X?^73+MtZO>%A<{0O#tQ?W z%j;$$b9HM=;`8TMiCRv{V{>cAsY`c3;4zrBN7A+4D3kFVDT{@M_~BF@9@Ala{&cAO z5j_8`L@ex)1Ws~T&DU|Cx{Hg8*FQeoULQw!4*{C=#>$ErK*mjgpgYZ~YZ_Y0TRd;M zubbNMlid-Mc{trKEWEAZcJ+GAV4dBRif5SxLHc(@>_57 z<>DaJBBn@CZdz{_4hapO`Or+Y3biKAieFyWHv*L2m%#CMYm5gr385an&6{rg^Tm#V-+G?YyNaX$jL z`o=&3$bc?PsIbtjO#6p}jNI-1M^jgr@4X!LMt6HBEU?I^$0obOD=!!DM<6UeUx|E} z8yg&3b3t@Hn5pbl+jQWs2deF|5{L)2CqP?s>gtkaXDhcfG&Rwd&ynU0=Id;sd>=%Y z<{1NR&+|WBJv~@NL~|Ba#emm99YS`L@b|nt#IWv;uN2}TA-t)pIHZt_Z$I^(`b_Ms z17@tvf$SQ|1LBNT;{kV#_0ou{j^~rMrH2cipM`}pEuI2&baX?>9KpN0X2N$z;#Byi zr2y%}!NE<}+viW6tgh<&`S~>=cDe!bCUkZ%mk7du)3#c(Z?`@LH+KSHkouJ~DG2b( zEyiGEF6i;$!y^3I?d73@g#{xpYFbv-uRKd06Xy5H941#I&Mlp}iP{4IybnO#GgIyS z>N$y}#b5%{-L7gY6eH7s2f#;$JET4sSnUTz#c|+L0HhiK;J&$sk(k%UCtD(l+g(S~ zX~qb;?U#%0QPwTjJ!&m>8`1`O2|)4e_KIuSZCBq213NK>k6iqjd;5!uoqhaDSQE&R zgs{o9`cw1boF?now2XSuG+WS@m#FdQ01kI-3;=jIhh~3q1P0Cz#=4C@u z9#)^pgzwHcy|0fDDi85rlU0(@$~Q7x1xHSnS&q{E9Q}Qqe*k$p6SA#abbog}ml2z! z5^p=j%W(Lx(9En?=WIT-B*ORh{qjs`FV1t(X^9Ien(?6+Rg6>14T76XR6reZ(h3}H zr><%mvrE4`HC7hoBj5{8;-!y^Rj#(6|7o~P?YlL<_A3?&nA`o4PRC_fKw?l7;NvGx zo&X#|$iX0+DVz>kScCF2+(J{WTatl*V-gd4L8c@^bGQcrI%i2;*Q4#3r>aaR`i6$q zYg_M&*)WfQox+oYSOl_ECH0$xi=LNSAXyVW6RpXd$i~}H4j57_z_G^w6rKDM$0!F- z{pRxUkn7hepy^Flt6@-n+6ZYVT-Z36t7QSa=2E@YO9)UbP5WUk55P)*hhPUeAx2!8 z*o2?U%etg4%f4Y|SiX^0AclyPX7~a?#cith3>9^4Qp4J)Gw9jfGLi_ZqNJdI2d#Ws z-%sU2e9q69;QShZ0!*ZbKMPA%fd;O&KJ2wZ$rB1PvM#uafPjEWLLz5rX<4`@RNO}D zJa3DnQDdRkA4A>aY;=Ef4$UD*#nNzT1OYOY4h7z$-VYOM+=hLa+*b2_p*Re6D?voO zo;RFxwbole#FjNvCAH=rWNuJ&rY-s!@Jf7kL&?UA>tUWH7dZtp_T-cU6yBvJnTFA3 zfVZmm8ftTMM-P!iu3(`)51J7IhDEkQjhiwpqH-RGE#X@%S27HcEGs zX_2WOuqy=U0sCNc?L$6pG8-=K-BTo~Vs(|E(|U(f^WZDU%@DH}?3SM@7~}bC&v92P z@nrcDsZ3w{g^X(AaYts$iY${RSKrWyce5XGjaHTW&XK5{qX?z<8~CZA==vz^&%Kq& zNN@D!=#)_X{@V)xALH&1@-1HXdpf7RA`j8PKg5F6MM>T2Q(R`vK9GNUR%g#i2C@T_ zC0c_rEX{8~sws)rmJ+}v3tP9bhx=RLjxLW@!&owu>fc2YL#cxKRLMp+o=%q``*R$e z?z`*L2&*kn7qYXrcLfZW4{VG-;xqkrzbA5bRYHRCgLiixJ>dkMcsd^KK&hKP6#}f( z0}ep#?1SOpe1N;sul{rml6*seq7ks_!c-a$uU^bqTOSKeX*rWXBPBq%B>a=zS+;~D zpdr4wVN(dwbSnRFwDpoPF`e_F5U;`G#4bK4gh&!GOJewfmh(I7 zzboF+)*2Tt14c-Uj$~_V3$k4K{Wr>mDg=9sxTt`OsH(nzcJRM>Gy7`?wjG40tEI<# z9q8`^QWo-l{OB{+0)6p-N~iy8;(Bf>o}Z6)?|lIgmWK$OIrM= zzTAEoml3vkTl{BA3n#0WZ^d5}l|L<9{!}+T_q)6-n2m92 zxINpkm(S#Dg-kSyT=y$54|0nkQv_g&g@o}Oz_u?qF9~f{#xtm%fb5dCLJT+M`9G}9FB751e| z771MN7U-+ik}iCfw?rQKL>`W#Bs?xILG}_24ULtRwGG4T$p87E7kC2?sTl5mUaCFu zknrtzkz;{Uk}JK+_)3^MOYC){8LM-C?9f7gRN=4aX}ZUX?r z34pR5U1T&wo>R*pJ8H#Ps8V>sgZytcbz;VJxxaH4`!hlMGwSNT^zo*Y<(yf9*ZqPq z7=tV?JA17HqWVulg$qWmgYQq5NY%>qyEmqD|1IbHlf(`5_IMiS|BQ&gWK=Is{-4qL zrC$I0+J!~~>-+BkjwA$xe{&zw#lrkISvLRww;QL^7}8-Wx|9tkix|@3f#?!DtRFMe zvG7D8|MOfw2^>Y2njN(iGKH5wU%Jj1+<)F~i&Jiys$OXRFTR=1^3jVvGx|PGf(?gCIc@g1g{(PqcU#&P6{Vxbx5N}*<*Uo0 zsjEir?*I`oSz0hFzI0u73FbtqL^YG%pYoO$mr7UDqM^9)_xYM?=z17>Yd0P~O96Cd&$Xi+ z8p27XqWg`dB;*E?(Ub_NS~CYs3`KIWLwdd-o-w5453byQlu!+brNE-oeJNAdqCjn+ z6#lNCx0u$pWk82lB z_qA4cJdbo3Zg&61Qf6%zCQc*PalT-x^heW2i~LR^J#}+FEUuqGb>IpyRv|ZNIHaQ4 z*=bInWH(ba1?ib3!6Zzq(=9acu|GsiG@(G_Yr?3)1@F&3+ivmC#89owO;S<%eK0)~ z_>pMESn(?3u|pU|jeh~PQ#Jl;pWU?GP@aS8&==yepWl9UBOWRCk3{PbCymeFVSP2_ z{t_A!x=4q0P&+pPZFFe3Whg;Nh+Av`{BTn z&X@U^vC0+RVdeQg{>tpKkNI@}O24|^Pc|=xIIUtseqD?;kgK@OBM)&XU6u@Oz*)XG zoV`e-Fj2NakVK96PpE;%5BX3Mcfp>bM%PSsb008A8+dY%-Qb8nvOD9i4x_IGg=pf} ze3gHi7oCWxk+2t+YL`Y>j^VnrGKPf)=Mp>24@=&TpLjl#vs=eo=!*S=K2fJ&rSUBT zjmPPRZ||7V5ot;+(l*J%5JBj5qBh<;c&frZ$?1 z|6ul6C{lcRt50BDwKVG)`lQxy)DK?tp48)(+yw6n z`?**hV!Y_s(S&o>a5)lT3PM4+bkB5C63HRR9^}|T!;r;oRx;pfaVZrXCrcTLa~^mh z8j?vcWfe;AvHhruEK@5HeisU@M5EeX?MTw65)fxZZRKv|e!}o16=aPgB`BVYJlpx% z`)4N%xgG6mx>Q`~(sq2BIA;RI=khu>I&5Oo9V(@-#`Vgy;52?k`jJ^dCZt(JTR@83 z=B~7gJ6x$1zM;-jTt}`ea;P~pD_t+Cw^}KzCoC*mu4z(m zvO4$$B|*(rDQk6dsF>zaEP-^axSFwAT%aynVUflyS9X?dQge8`^zRmlDzCWBT+F55 zaA{seW1&IX$;tZH6Yk>jKW+}-L$L()T!FLosbWS?iq(+M3&^L4!TTcI99ZxJ8)QiW z0q^Gz!{SA2R$9dlSL5nUh}VU5ct-=p@rR2mMeHYqL;=OcnWr*ybtk^XMjpY3r$8fb zGAT3sGKxKVVC&45A(d!St;}bFq>E#Z;o)ZI^H~!Pm6n^imF}Xnm6U*XFaK-i<|xT5 zmM>n)Y36B}t%p*|Q&hS+-B-@gS~h-i_>6rG4#m$X%j$6+yuI3z$$=;mo%V(_eDB37dEAjoUcd{~_UF|)%F0#_X zQ#84YQs*frl+$S8R&tS5ie#!(aI)D~T)la$xSc=r8JXl_5ntXf0gd^&dz>v+|FT-K z|J(ky{&`ZO_h8 zK|R$Mmy7z$G#`A+g3@3wj!bizA1-)5>2;kncsJLoQ1)bDwy4?VdM@gvvtC`JNabzc z+uQ{B|E{U=EDSBJ^_s~{pW!d$vpZWW^BlRYH5hH5yDikHSuIo+Y5Uw5ymyIRZ#(@N z1u-b|fgt3$3*E8|WfVlcf6@eHNB$NFNYlajgq3@C{r$hny|<+}B$y#Ct|FY}{- zlj7~JGV^soB_)rBlJPmKVylYdtZ5&K$|X4y$`U4fsM#%urqfqBoZ9}^dD zQL%f2OYt1R(cFVF%f^wjua8c^z@H?#F!bn zHwwcD(9Lyrf?lQg96s$S)H_rlo`j@7^z)^-U93vA3lRjGk@`-ISHU~w0EL@+w#iMX ziyBcNE>=cOunJ%j6Dl2#N|>~&zT2Gda-RZFPoeZZ+iK$9htw}(t?G0I6|x?yhV4vZ z(DwAtduf6Me1N%-%JLUYDn#PxRxPtvw*23HI0R4y#i4WZ-(T69IO8o~w|mp%Y|aD2 z`{x@THScF;axuy;2)eV*KL^>>+x0<~jxW!1IxlnaGp23Uo$&qQeMc(%Y~jG*xD0xj zo~rD*X;Dc1(FtwyZ+J?|e^dR%!Z^ehVmR+(Tmw>){Z!Y-;3IID(AUqTmKKo*GTK~X z-?nuJwgc5O=JRkCgemjTzJBqQFf&L0P_T=CITHU3y)NbI?o%^C=^Y)cpKqu&EP@*M zU%dtPX7Jp6*%u4&_qGT&(w}6x3iOGT>Fj%ZpG8Q~^beSg$^7~Hf_Sxd6{su%NxIY@ zu>JC#XDqAPbFl8QZa~Aq8e-)465rn#8cyLc#K0tzKKp2g1L14z>JRlrpCU1 z^EjfsrqBL-I>Ablk|c10VRp+<{T5UfVEjWoFgu3EFF$*8n;W^j0{!Ps(HHcHhx$uk zZ9!3`_(cOWIm%d--y*nc86?3d^v&?E8Els!VoQ3#{s&X+E-F0*s4jmt0Xn09u1Lug>TYwFndF%QJnK6}eyGSSnAYq$Nap$`NT9u*WJy!3nHUaF zk{6&$8HUVx&{zB+PmnRl{R~aHJbHCLIhDqZG=?}^Uxb2t1w)|Kkk%f;#|z3y4@Dbe zH4!Rc-y!M?iwW5q0xR_5GoF0iG&QxPT=oz5f=NXaN2S>rEZF93_ag{HP0>C4y{9sm z_bFbB==?&nBNkkg%W|Eq@$=6p*S#rrHgwV8;GE|~kBemPzu#zC8to|RzN+1nSrajX z&A_d*WwqCvKtME_CepaWvMBVPh2afh&tvW@NSFLo>UuvrjQsR{x+w1lxfqF7=Zz2x zDcQCGXda2+(4m3S8jmm&rFpHk%^D36qS05ZNlp+HaZx~B_mhM5`I9Ha>%Vd0^`4&O zzhhEs3=tN`ys3}Yyo{x2UZL4X8*cctWDgx;>0-uKZe%~$KX~T}a%Yg3KG^-* z-F9so3_uLL>zUvPTU%W}tdfoMN$!pB}^9>>-3QAjyldW-eY7!P3{ z3HhFFT6A3mR9|@|MNs=*;g6Hi7e{HrfqZ`Fmc?3na)w~up5MSP`in7RkjB_fo-kf0 zh81Q~>WdC~_+pY=)qJI=*n?Ku;->?xJxd`P$8 zBn3!9@k9%(5Pg_$2kJkTiS>CCwMAC=yXq>QEcu4Kvn%|^@zJyNhqsjcX z{1!|k9`g~~SCTlzk~f!6kJ~Tw&MNSa;dj!zDXAGJRu&Ov44kLDO%GRf-=Dlcp@|xj ziBm@ZndoDEQJr%MiBc(f3ipI?bA0i!Ir)YWUq?eTZf%EY820dLZt_0Wy^Zio4`+l~?y7dK?fd zku*y`(_pMVEC!llO*8$*G>-AI_W+8kBPIf|z>A^>LabBA$mD6j+frC~Ed4h_-S>St z_#@7nQoQO^Xc%Hd$$vZ4AxXbhI~%L_*TO_;8wG@ zoK+RU-S71Ch1imUmE2nP32Bb)#Jbfq|*D{OrqM z0uqTHUYR!*iFv_bqGlz-HXcPFCrS#lquN7b-UlO4p;p%<5+eSvk&SDL%GnBQ+TUHd z(S#!v-)}q9;`TCp)Y1d2j>o1Ef0IbH3i%*R;H17iXl{?OYv&1;FC=68?t$Qtd^Lt+ zq;?N0`qCdU4uJjK`K*F$B(|mYLXRQ;uH_%adhgQIsB)y}9`lCTw*F>sFTb;=#$6I} z5K*%?ml=22%p@z3P2u0suk|`)8igIw11?m1hr4^2KPhLv94dTt)UtT|hm#;P($avS zs(lhE$6wbVoUlqwG;lpT@o?0C*V_MEblpM`xn1F(+^xEViMg6R)gDb95304FC&KaH zz8x!IkA$uG@xk5Wj>=>v_ml8$adsN4=vSH1;u!IybBHmb8QF9(JJFUWbQ9eKGQe-oKY5Y4>7I$&K;X~o3Jl0H6V_~SC|_L zO`1DG_*W0R&f9sE_(+IEDA=-Cl}EWkB%5=^Whs`?onNT>)tI&74=LKjrW8|&I-^7~ z{*Yst)Qd!-NI&_PPtl>mtQ9}M;Zmwq7*wQFs<2m*W236zGzr@dxqXR43lp@O)I+lz z{Z$_-VkN)GITaCvQ<-K>V*#yi*J_z4LW_jGu<3g8QRm7f$`~y)Se#;Jr}Rs#TskLC z^$@mMCnHo~&P~)nCBhO+brq)!i8SjM%0r{UeuGASU?;9xdeZ`>^Y#dG+m7U*XT~lh zvfz!1D*5Airq_o(QAq(-Zo6g}1{fms}4P4O2e`9gsy6(`<1 zXjbR9IvBpptyoRwfK1Qr%qe5|u^}k`20skg->Pjf5ovKSrY%JH!(MvgJDk!`S~_pfW}A+r=o zO$42|dhttDgvt?IH&ge`HqN4KWGgwB-Lk;MX5IrQ=wTuKl{tzvF z!0Ln5%gGRRXzxPbuG_fO+nVyHnA4=fjy%(rUR6KGiqCIPn(fxkV zk4|jwSBX!#gC<*b9F|=CsW@L#hjp3jc#KSirXN@@RH11O<}(+?_l6?wbbT{QPgu-z zxV%rK9gFab#81_GeoLQy+0q}CXZbsq!RL_(WT?zcP1)tuTx#sTD?mV*rg4w~aw<%M zT_zPfg_`$zb#4xZvF;Hk73z6;olcXt;`VSsms^O2<+`5~Jh_wWS?(<_mb7L#;ahj@ znS6cp4+fCO>@bRVz<(4pKB*1M#2Z2-#WM33K|N7l!_&@}pLOu#1&Y{TrjIRe^x?h$IgpI+Rw+SBZb z?G1iCKEE#Oq34yjf1opuX0R>#_cetY(iRb%09H^|Kb|T=%uPIpVr?>*;_XTAu_b+J&roYHJFoHPG{X%TO-&`w(%7nq)$ii!Lxpb9KVz$_cbNhO=?0KdWRr402ukC@?CA->*o~1pwg?5x-a8^?>wFu>NesA^M zSG>th^sC*Wd{fkbzoX$4mhh!ebUB&ya$u*y7&5JWt_$h}Y-2(Px^Z>GnS;gKW7xFe zVA$Q*uhwLaW-Cd$?Cs&+TVaB8_<`@?;9KBxPx$uuNd4Fp6qO+9dL6r4%2JL4zBjHi zHN)$2f|d2O=MSgkdquHbpFDdxn`%0+x~8!WU4GbgK8>R=_O^=ysoy?1oQE+4%we?rkZG5|-;gVnc=uRcWTNo`qF%{6eMT|S7WKULu z>`W`Pu=9K{o4EDm>Wc)1CefrLEsqG5VKx*e*Pj&T*TOPZ9tmcBHm|K;qq)?dNeDkp zE=clKXn&RQ-0y7r`1^aTeP5qgPo<@QHmb50X+sQ&7IO&2KUHZRu}GsI6`2SGJ&aZU z#NU-??3#=&f0JMg^oR*_Sbg8zyspSKuNwxyaEN3!3(R+fMVROjHCrwOpzzt}kIv4( zS+56K|5bq+*4%0C)_nxt%YT%znL8FbPqn~am?_f=}1&F@=ajv3Tx9h`r zCf|t8>#ojaRkT;cd(jvG9ulLyuXA{>Cxs)ucCOsCy&sI^i@pQ|1XwQBhROo8{t7_u z7+mska{kPg+Yor&7Qn{GH|z_;@Z4j`+5~EkL{)15`1i2K(J?ffK;s4gm14A#1v9NT z^BNGes+GP`QONH+DNxMI&o(R&a?k*=I<9tB3quDOxAB3NT)S|**k{KrT2}O1tR@+I zm_8&RHVyBy9sx5unXq=-8+M%>3aVrv6T`77!;;cu&A7pcV1^J0U{MdS{g8VGwbEBk(0JPHc#4zcpB zhQl6In49Q*@1FU*qY3*Yd!B=}mVLGH)#oVzcn}+*&eclQTuAY(abBlwSXepT91jOx z#5hnbacAk;-H-#|vI+CQTr?_t4HjoIPl2}Tc@6UYMVk4orX&gCaY!)dJ%g7gSQigZe?%3kQkR}$7IxF%&>52^kvR%s z{G_OML_EDC3#UVNW6XVx--$F!=SNP~^X>X;P~UnXOqmK?lKl|zEU&uDNc`%>{7q5( zxBL6X-OtvQW*Y*vK^i0~wV`lg3}$QuM3h;?8kbA~#3cDqXNlC9HHOdFp`!e3qjG^U zi?bZ2aVHMd$BKhS)rzcXf>a@)!cB@KX%`{=qz16^+tX71v8b4YGEG03()tkwLSe4e z9~bd4=mh&U%{Tr}7Jy3MU_+k%OMc?3(RpmNXW+Y!=bca1uNnmCq6NS`127r*0^aFo z-ghkks#L(Vu@3N#?;aaBz!RX>XiE%molqUGHx+mXZ9t7NoyR3=ZB6^V5dZl2$my_$ zm~X~Dzu4x%@m^Tzv1(Xl&ujgbx6tfF13*I*S@*q^z@E0vYE%olDV(r&hTQ8qx$k`7F ztH|gGtXVFP$^4u4Km{%=xksyH8DYNT%UOoNVDl(~yZeOnXVi29pG|_-x~2YYEdpM7 z8#a{E)G^ZaeXs|EqT1d0^HT5&;RHcow5KbiR|jvuLj^s!oJUN%E3LtiU&w=aa=cjy zblzlxcs~0{vgxd5`>tHlMs3t9r{Y7qH{^g9c#BDBK%>R$F?k@1-xCT28zP+P7q1e3 zq{C-rO&Avhb>@ypkCR(>h?()QS9H&dJcDC_YRj#Vw?VY_hNCaxXYHW{9JJ+HZf!0I zdk4bLivk_OcB^n|Dgv(t9=u_5O{Fi4&lYaJTSI-3Mr?JLNc0f=&B=HT_**m+Z&-aE z0t==Vq*pviY`0s#AVFW2fV_wyNw3IF_Jz_l7>=a8)u1cMV5_!(){*ZNpDO6v9FDy< zwQe)#T`xyCu9_ad@|dP?`glH3O|;nuZ3J6njcGJj+Ie;*fES(;To%?nK3e0b^RHc? z6kWz8$yAxneLr=5fu1-iz8vhiGSg^|c}kqW>>|Y4o1G}?_jNCP?k`!si1e@~!r}C3 zu_QjZx?|bCL#XqGNGw;Es?2O)1MYe0#9G6|h2Ya1)3Oo=;X&GgN6)iGg#^4$jv9{*jg z#>^lb1hh)l&feKB2F^x8RTX>axgEemwcSHhp7BhhQoeIgkhO=^aSxOAI9u=z3%}1@ z0NVx*!n1}jcY&WiU}50_`7^YU4u zhPByqM_E}UKww4<5c#AxIcRivxu0(cY5Tl5@!vH~yxVvnZ0}ZGW>#0nCcJNJLjT+4s)>E?9UAC|NAr=qS8UST@AE7~z13BjjaPUUU;*+xkko0O{Fm+=S#PbL+$_eO zRe=4I(J{<4)z2(7qJ5LqT2r9gwuNA*)CX*#$SPQox2{^YCT-CiYNkz&gzXlz5ys{8 zNE=WvVR!s90qahYYaHKNlUvOx-Pq?$O|?DbDRp^bEL^ST%i4a~rS%J`2?*`gK?V=S zQ;*srDLt?82z!8HWOVEVI;k5EPL_QdyTzk#*@>l3>SF3qWCuh?EX$cO6f~&Nh^RG(~B%) zI+IFh3l1JW_`+~nY;XSXnegS9gnK-FN6bT1_STd=cw_Y{MWsxhm)FjVz@j*MNhE%L zS?!2ocx1<_II)3+a~JZK&@ZpQ^_N0nd7#3v&lN59C$$;JzBa45kKWJM-(L6D_AF?N zoe?SF7F&+6kwLm^tTw%up;12P8xRwBIz3)ljQ0UNCKvsgkhhtc`Z5}PIs-fn8rDe) zjK2g})cB9wc${~j1r|>n%*T08Q){zY(^(xyy02;CgHKyihAfq(XOyNElM7$A*f|wjR=W|bU6~~;|(13iJV*sKO1v$Mt zL?PTgJk;tf)kv`+0H^|{xqO=wSq^U>ps4-d@lU|r@=i(dUxdn@KOWW5*Z@ez-jYQ{ zUYpnb?ZVmX>6!h`AeuHn+fwh^P>lgxV$H=OV54{^0N-T@ISID^mU;$6PuPh@Y^Rt~ zxxhotbJ`dHoSAL9acMs>GTTiteQ)!1R^y=0#_cAS2U?|9ytxH=n(z83eQ^b^J$8Rg z@J(bnJ*VR%ZA#BSv@D&T>4(k(7JRtG4E`<$4;dz#UHf@@EnhdVrFZRej%%*hpXK8l zR+;%3>>ACBEfzSps*9)Z?H7&~D)3_5L!f5wK2VUimN(toIa>gab-Q0d%id+%$qR4B zL7vCB=Dg=MH=)ly_o=G@40Q0*L$`r624_d)gpV25-PrFJbW3Jeb-OSNRn|jJtci{w zH>#+tQlAZXUQmfDhITgrhp_Df#Kh^P>rotslq*J~RhQ*nHm9?_KZfXT!?ps&1fP`T ziDhyBh~&DY&E>i_?yJ`c(Q20h5dniu&AzG^pU>6gzr_3^P4zGXCEX#moME`7y(s*` z+qP?pw>CS^nkJW3IM>UZn$5xU%c=n%B-_MHt%3cl4&U_}a8(ctt@|$aM4Nje+wJju zwOeD>+oEEF4`fBxOWW!-JLQt0a->NSd~CTmMNG9sA<|VcCw71&Z_v7j(yaokA=KK~Rd-F!to(3&~uU zVDW*wiz(c$5S7sw`dPT$RB2Y6qV=J3Y9sXc)LT56Uib)yfCZP2x#+){vhZ#kdDr2j z4R-Qz-TBb5SaqjaSv@^F>I>v(gS4sShE1sc8K|;nPtIK+c8R=?l%eR95S(^f(2|L? zI5p$%K4rIRXXaIV$&>j_0IC(Yv0->0jo*ho9_Ql?fPV*w`o^m97(DAnKfroC^L%U~ z&{Kbsc*R~jv1fuGY) zKyPmKliHF)Joq+!%TIP9?dwUXeh@WxRB`4*TAiWx|%B8gi<&B~AgRbh2$Gl&+f+^LU!GB7&ARU0O0lm`! z9eScCv0Qtc15|f$D(U5!XM$;Qs>Q1Rf)M?-^DC1k%U~)a`~e=E++faRv6sHFt2MxB zd{nkduC_M5ZfR=6E6iBo^)GaOJ8PM)ZiE^RhV&^#9WS*})^x{eS55o5OT)6n{CO<{ z{YFpayH%$-jAgB5O0`LL0zNBGSP>VgijzdV77~kG8oTZSrhAc8(Xk$!Xp}h{i^xKG z4BZa(@7kg~7X7bC?q9!;UfPAL*(acRbbTDaRiH43x<^2sfk%yu@GRuaqML_%6oz_R z(hA5QC^+)_eo_OpCFcVkYk(l9#Mk3(E~BuAB^KydS3^TVCyaN?=t$z+_&v-gOxx%C z1xac^h1&oSW4H}q)cgT*`j5>8KBB=xtG0V`y>E-(k!@hOg#O^iWCk4|1Z+-U1BhPF zgFVj!h%BjXK4H?D9{WuF+q8KBTujV>-(zWMsZhD(7|8Jh{H{Iefb<9Og3Krml@h<_aFLf(@i1Y1R&ADx94O zzPj9W$z%F|JKhi@|M7VxzQ!@ybfs?w!=*&JjdW8Z+wR$e=xR3ewp&+xp!Oy?+B_mM zz4ul5vW(Jqe`^gKh)uoqfF5iF@YkAsl7g=e5MV(zgxL!y1TGB8w!SqBs-0Ri47bWJ zt^;0)TQxT4ZKRS5*Skh5RevMdvNXHmPQ}~L87LP#phsz*AvU*QYElNi+7R%;2?x~Y znC!zT*G<5V&+?}UB(*5hr7sCjHqh=waSbfCfT0JDA2qGUr?0{$inwqsteatFh`>#J zbq^#H-rHX%*sWf-%C~tRe_wPrvb3%!?9M(vtayw-->_SIYnYi#awHhwXCyt&Cb>!O z*@1=;_9jtwt>*CAuUp3(bX=2O?#egHX#n=ot+e?8cfrg5Wz6boLxcDHBqup~rGKX6 z$b#O?U~Kqzr6cvkne&jfKsWeR#lt{QVCtfyWx(JJhx0~)D0?7P;&B6lfpF?UlLp+g z!d0risIGy3w_=^AMQBNUVVv`rvJ@-5hDFbgX$va0U_28T4o}JPEHJ_Gxf?2>rh*uS zsL#ySr1CA%3zlZZKit+cM}bVbIKQ~0{`{~h{UVRUfQrxJvWWP*ibm}t%sF1qG3GRr z6k=JRLivUUCQ!D<-iT(IoJ4}k`8^e$kAodF^#v7MI>3`)X7*eX+tU1z($iX!FZdoaVq6)u$P4C@2n z)*J_>{TX-&P0;SUr_$?gHS$DiW+$oRnH&ffh-`RSabC812H0&d0Pq@|qC&jKN&p_% zkTXv(55S$)#&-bn3dFmM>0Q!6^sO7{FuspDo2=zLaUC0#-XO;^=5$@4TnYV99laRjQ}6v2#Ie#^R|> z{ih&fMg;ka&y0ts2S~%y;XvMBa@@{VMc~cdnEh_OMOR{m;L$_&-2N(!BjWc8Msude zU85&>xnpm(nS3Q=BAme$KfNQyrZf#j4A%8^&Vg3FF211q6CUKC2E)xoLS_!{-6L~m zA&m@>IH63RSE`pQEc>@$@FYC^ zxJ7HV8F-z1Iuf0KR>Y~U98mm*+%@-?re2X;e5khuFi>NV! zOQFTQ*~GUEg~1$g0lD2hA_<(isXO7}d6rbUmyIXN=jzE1O7F;!cIVAGbZ>2)Ef__t z>(X;*I+77J+xC0Hx;R#1!EOzDn%5c;bH2Npo$1(IX#P>k$ub!JJLh^#XAr$);6Q$P z+3kAG8<3-0c<+pPrXENA00tOy;_Q;E&JZoF-I2hUuSo$|TZNxxZBX(Bc+$^)mzC!m zTT_YNWaTfMlO6#pJUuM$#@Ia-XM1Kfyh|?FFUqxjw>O@z`P-i0Vg$rA9B9h``RoXr zz!1b}7W3zid12AU!J)9haD&>^V)csoJFp0mgrTMs*&)*83b@Gd>f%7<3?|Gl%&l5I z=C7467*Sw*vezL!{}$2|b`K`PGC~l(B|Rr*Y!mLt2J#!G9jiz0ob0(Be!;F{J{Cq#n8?}l~nG(cvlHW~q9 zMV2H31%TCaCEyj#blbxLj2E8-t5n|^&`77hn5gk1MoY`fYQR(g0ep?;?e*+!+#lwX zC~v^zaekWh7T`kX1l+f{96B9<{E6GapxKBzQVnb;-$8GD9%n=?(7OaP5Jg}Buyukb zNTMevC!U+1bWAOen&|}|r=k~XOi;RXQ6bjv{)=LHmpS_wyt_6wzP`IfebC6cUd*jl zD}XEW#x^E|{-(p*@IvRUn9(=Ad-d>4g!6omK{x&aBUp9!yXV--UB+~-S>yiIq+-{m+4v%Z z=(^?v&I{jweXrQL{o>qyzOF~(jaP6YW%0S|WkeO&bDfntXAqru2V?1QcVz`xWZk@7 z60|={s@56;<{>veA1v+uR5Kh;l)v$ho>CXHDC>X#Nx0|w(sq^BUfbHIVvCH^VfniCi9(ja zE3H815NyFfy+>z7dOs=sd{BTj-H)Ta;N-u3g@xMYa}h#QwAT#mMN`muRrrN#xn3Sy z-UQynh&HC8wFN=dj+f5P?b|rNKyf=pg-Gn9YQ5{0?cP$(sc-=vXIgf<%Yk-KvI6`C zYlKnkOFbN~NkWwwqMaAqR7Sg#XiXGsz6JQa_V%+;) z*bhF{>8&rJV8j;NSqA$#>6C~56@S%l#H(ept=%Hp`KEg;mXuh1G zLWcy2wnw3@XD5%z;jhK$^7^gTmgXMp2Z?{hC3xk5c8@WY%8{e`H8@9DKaUiyOXjG= zr`QUF@c{lyrT0ZXAOrR_J00Q97z6#`Ax_`{{Xg9w@Y@)VrS<`${JSYuOw)|08LHBJ z?mU#+v7nQ6OuVAGLZcxH@JA-RzQ&@EyoVdVJOyXzw*V`u2Vf;-@OqB&7V|y36G)to zID0Bpt@0Om?h)9jU$)-n=y*Wtco?&}Z(DzAL#yCA+27xImvaD5ur)OFyGMG0_X-hM ze{BHrj2_Uv-s3T_ltYq4+R9K~2>f*;bZuudXc|Q5XPze~7V6b3%~FDJ!qD-q8ie}6 z30H>0(nJxi1C^{4eLip1GS(+W&ms`WWLY_&+uW9I5xR z>i^U}5&oB{A-Rj}>;D|64;%OYtph8$RJfs%W`LX!p!WQ~%oa*UqA<_|1OzJFpZ=Fi zM9FYC=6^2W|GE9*|E@;ci%8~^EBk)4g#TaNm5plKA!sLm9GBD?y0}V5lHX=Bw++8l zDA18~abWW?$Pyjsm&->G@c8}=bXa<%9}JU~s+n%C%<1gOWGa4(cHp`@NEjrmiLZF< zZh{AXRop4kR;n=^CtmOqOanF}#jqb@{bA$p_|fc7({SIe5Ch79uzW@77p%S6@h@5Gxc|iLz zuhC?`3uAQ$Y$c*Q{-O%Kz4+`57Dn^1-)@k73p|0&mDtJ2Q7+sO2WtUH(S}j6b4NUJ zf{Q2;JKKjUGQG=OdsOj2CNV3pQW&Q@#4`4rtfr_8zqIxzbd(gV^dO)H;RY*o^o@6- z_49*&08S(tt7EyQ_$T7tIq?tv;q&7`1oVrO3l+(>-^4l@^{&}y8U!g0bbkukBDis4 zVA0@{8>TQCV^gdNEU7JLkn5pj8Kj!|m7_(8oLfO*J8^-AVm+&+SY01Je1I5b3{{2j z8ukA=MHP{R(V&@YxS+!Nl`#N~WP7jN2_TJB5l|~5N^Ck$np{(VTS+hi&(wCTudaH; z9me*b=-{Cr-@X_~XBqb_Tzs%0@+;Is8&mlS*GZQj(l_&khF|on#J4mGOaH7-Ih0=A zqQAeB{~RCtjN4Y=nJ&jGIW<+;EndBd?M&`RK#NxLB@{=lB@L}hQf2UWa4?NGeMBt# z&jk$TrqAWp=+fY!K#KsVig*eD*e`T774`keEy-=@8%LqLTeZ!dXXzJa^I6L9XDZj{ zP<-+RY6e_iF=}+u%x`kHj>ootEGfd+iuc2q0+P|YZ-?Uvu+|adhK)j!edCBtjV60= z^ZdnXRf&z10Dgzeft+`YBz`a^6mRD{R1nCJYW&-mLP1U;y(9ClNw$7pyOvg0R?OG zCJ%Xa3Zkl={_XjIO)gaFtH7%Otl!&_cI0K^$G+rHouWCT`W@eQUgZyRnp~K{YT6GU z#t;=+-F&T&Q&qx`;agvZqMC#^AZK1nEJ;+gy~ zm`a(~Q+l9QI8bFb)k z+Lrih5BPcA)X`w6^?)lU?7IM#9!D^~xxC&?gTim%w?#J;ZCVtwKBiDvoI*?~OYyNl$n zv$bZ~63AM)4KRbW{3t5}*bH^Rno&rA$E`RJpfTGHnO6)~Ukt~?tq2}psxCWPn&V6J zIHI;uIa*dJIfWAb(XLF_QJ`^xw~)=vlL-9fo5-^6Lz%jZs9kd_kj$KllDY0W=8djc z@KU9hZsRe?xg^62Xy|e__nE26QT^>)iEEv?PKOq7i6_U$aw8xc6`*BGtJ(7mXL5Kh zQ6S@ZTx@JPz~Zai*(d<4oXywUt9IFylJ-0sp`A-rPHIbTmf;lZ)UBSW@(xe3rOQ^Q zOU!Tl%sp(=ijl92pfm^-tsD!HmXQmAi<#||nOpQT?iAANkJ$qx9rHJD=^CAm7H*tmN{Nbl7fH>~ZDn^zIS?9<2t)k})3h6ZgL+;fHIj z!gFD!f+x%Dt*e6XEjwx#U3+x4R9;;^+-0&Av^rbMttY_FxGG+1aEe>foKQKzZdUSg zDR%K_I6Pd-cQ^n2Yk9pMs^`gKr>5Rg;SQN?JVle{YD{{Bf`-OP&}z9>ZLT=C_||GU zx4Ge@1T+9y=XFIi@FT5@rz&gxcUl-iR5&tU{;m&WCmPb>$7wpkmbih2zHvNgzm> zT$u1fZ{z(;uBhyR04ij32{-BGJR zm9`py=a@!-)iE_@_(DD3c%n)Yp!?Nd&!mz*Z<|!SN7U63@qPEMF8J;QH3IUC#``~6 zfZ55(N$F3*a2?6SccO5yim9elQnVRgMN%}oifm>@IaA2dB2inDCF_B;42jUcSC-vi zS+8JuHB!`%x~9I?=(XAMgu?}XR?!0F19V9jrKox(&Pdt~-=UF$<&8|a6U6^|?`pAp zfG*o}40er|#E8&^mxKfUN0Yr3is$E4Nt&aRlS)H_C3rxl5Ja!egXipOC?;!?`~hU= z_C!Rw|F9=(<&WOFtIwRO_t%4v5EW6ZQl9Hl2BKgCO)5zJzI*oX#Z9>o`43j*zsHZh z!P{vD`LvM>wPaJ=9wLz4xm$qcPfCq9OF-}9!B5&8 zP7Z3qL+2NsBw6q4$@?QCkN=8VdevY$aW#3p$7iwM%&u>{Dg|=#bh)lx(rx`C8*6zQ z%}RiRvJRR|t&rNMfNY5!L5q-!|5+tSoYsHkG%6S($M@AN|K;s?)hA@dITQR=(6w2@ z$W9~NJ%kvwD`;;ojNj)&##UoVQXMlJ;lcnz81mH*-nePT?g?gV+&YzDnbf{IDtRvaQIpuLh<2Bdmt^UlHj*C&WMy&Pn}(s zty`9@TC`F21)3!U*7ClIXWfC5mcoAV=a*{y&9hRDx>tMBFf&t!I-(fRS~;&W$HS#v zVRLaPGpK`Yk({KV62oebFNKIPCCHOUJC?y|&OOA)vZ zi|G+qZ1ezY?=nZ-`ZFVOAtfajE#}Ha0|eTE9EX>ldit4aUmxihl+Z+bE~uXBzoQ() z-O~EW*b9z1w(}D8QVu7H3^S}|DrC7cA4-~JZf9A?hPz)_ArNOeZyxVU<}C_G6Z5Uq zzU4O{IYA}XJ+@loRq|#{LZycNN{q!r+YCcdW*QZ(U5y#cimIZXHe4+dP8u-7rJK7{ zW#0&jPSDezo-A!jvml^RmZe#)#dgLLIA$hzi-|>&eteB=unY;Y#Bjn{LJkU@nxCy% z;sTxNAwMC89mM~ZPML|m#7i$|&HMSe-$_yf3vmlgxniJp-*o0mtG}X6v`xk(+oIS4 zlV)@&-!Oh}#%+{?H>rswlJt~?wg9hCl<60@nuCH;tZWN>9Y&APaPEu-o9kzY8p(|W zvX=;Ps9LrkpJPio{OjTknLcjIa3Q{o6k+h(01Uz;-V2WJ8Y)XdY;Lm z{FE1Cq~NF-MndUiZ9?_pix4}fm$-3ztqA*GQ(*dvqB8eT!%7OfIL4isHwgQT4{A53 zp(wZb6)8%4n`u_;Kh@ZNsr`#_^@lLm@L>N8CRY!m?mRaF-7X_B-gxr_c0ack;c}j6 zUAm7xX$*OSl5DN$F6_;Gsg28~q?N5p3tmV$7aX)Lv?K4%-$+T5g#i z9R_2@x1mFDDiZ0=69qF2RsMJf^o|%6vbgsmnSGtM`=VOB1%ItoJzje)Z2zUVB8BpP z>R_u}B@A#pNoATT9dc)X&FymZn&wq6P+RSu2x8R}nLsY8vi0!#qpLpCST6n@yFuhf zhyga@AHs5?KTcxMBQA!nWIcgY*LJXM$@HsTF|`d-ju5t9?lRqzR~3s|`{wy(YjZ=L z?%UAy=IsB-Gh$w^NFT*JJ2M$SdKl)sMN@?x+%c=qbX~#C@SosW{$93pE(l05LQJLq zHQ99l!`efv#+%#MY0u|gZub)Iw~Ka9*Q3|1Yqy8*!%iv-rK`u}C8!nBjzOPfdZpgvjD>562GI z`(@_0w)>CB4~)cwxT?U*>6wab{_d?G-(Mf5(-H>g>1*^y>TH)gl`1pZy7MdXlZ9#^ z_H=8{&+V%Zn3uV}7<2MC>#7rYt}7k+hOD4DYqkSfbIx#8bL}s;8t=KLw`c1etJy2w zPNEG8s0oYx8u0Z(XzGFeG0aWBUx{6E|K!f(NaW9qS~mc3Uh9chddr_bEXJ6BVMudU z6cO2rREIw`lI}B&k#j37C|Jy^VGL{KCPaJ`?_Y>sz*D8waL@}!%bOoUB zH?9)@cb1i3vqt~DMeKjyjQ3!e|9wlXyVhS;*Du~9FyAXnc#j&YsvGZ!Nxwn0<6{jn2mQ$(FM@jLB9PJhWnBouiLiEx62%{2A#xo(1zw*Rnt+0_ z$m@qYDBDDx=Q&w7n={GhqK;0l27zx)!CLn_Sgkj=aGtMoKNfBv;E;(n_phR>(->Tz zI@-olD22OCt~)z#v^E;vSoTb^DsI+D@n2?qd+ydxlSNMTbh36EfVAS!=!r?qrO>7` z)QOIBVPw8WahHKlSr^N973zuWLQM1E+B8C=wS1-K$>vlG3A>*)flxzZF(8OWOU^-g;{Mr2_Oc5su=6VGjWbIAJ*>L;W}-+ukhZH|MyY?#CxUqJ+hkU?Sg3i z5=5RRNeAt)-w9;-LydXh`@B6Xoq3K8ZQIyyt!PKJUK(h-=I-WX5rG3fg`aVxw>ZX- zioN|G&3$E999!2Vga9Ep1h?QJIKeeI1PdX!I~_b|aCe6Q!Gkmj?(U5fwDHCz&{%MX zOp*KE`@Hkbd@}#0e^nQC>QG%(`|Q2;+IwN5x@E1ln)Y38cUtmauO$k*AJHz|_l^45 zU#_LtJM87zYq_t|$56J#s`w_KjLgAqNH(!5?EPh3^*1(P0`2!3tWLtUt_A#)=L_dUjjqy%U+%*A9fC0FT}dO zA_-mXB&zUZXZ+r9YMcM$CmA`6Ley?Cb74qxd*rky@>|rNLTq40P)vII>};;us|SgE zw%!w7dqe5t|66$bBu~~-dOdQ>ipo8W$mh4JtNx{*sr`L|6SnA3B)dpo+sQA-y-WEv zgI@+sH`@2xpBXth`Q5qKdLS1kXN>mocYA6FVqQrp23jlWu}f>S<)aWj!^0ud_KlNF z)T`AwX&<3us#vnyuH-;vC}vB1sHh{;f|)n6>sL z7`21HzgiZn+F=`%HH!|k&G&+khzeg3G*b$7VPms9Z1+2nFPsr%dsTt<^FG!$`1!t1dr%C_Vq~4yumVn%hc=|V^Mj8wPOEflf@Ey zeRIV$vVHqZd#1pi4e_E9+OQLSlT1+UMzPUIb;lM;bp8=OiRv|funs2zU-Zzb{K~t# zeU|N8J<@vGbqDBcR^W5Eiu51cw5^_8i2YncQu(-XCCNg5PdzI9$Wrt^qrCk(OocQs zP}X4Od$6SN$t^Xd7QvDCo{t031(MLOWk}Yd_0*RAzW0sJI<+A{920rE;$XvU}FZ4W|32-7as5F z-6HPm6@6|v9hPR(3yP$=XAQ(IXR+fov>&&O7n<|-B;?0qaoE_c&H%d3f4a$>xyrWf z_w~Bpp>O|Lo!#DZvrkJday?lR`2$&p?dYfyQB0t&VL|!a;1*@F6WMPOJ+|@!Ab_l^ z70!P8iRYQ^owQg{#4yg`CJCGHDLqj$6A}6aL-QIgAe?PodZ$??LX?i)p?S-4k0#b! zMKG_x=fQ3(;CqDUB zY{&bnR_5fp>%{s`yLZX5F_fE!Yeo$>Zl*>RzqYB4Zrgekrj#+%209WJV~=N-vX6$` zmW(Z}k4^=l$$Gat!o)Wm2QybpRarL|2b+kZTPLrG+<$h0WDbWd`{eJ>>23_*CqLAO ze$Bgx?Fn}{iTU^k7x=`XG#|8&dw%ac&=>0TNT9k=F&GecJy`2Jr*IvgFhJmSqN!7A zv!@bt4l}&l(JVIb1q2`j9M`&w%#0i<8c)6rjgiB=x1Wqs_$er8hL$%vqp{U)@n2lY z``jHcu{|Q&t!j;hpfe2jF}nY%KFJWfAo)chHd3_u^yBEOi-WHsC!&3^twRGUqN|hk z%Rgr^mW!?KuTy_ivnFtMFrflPAr$U z_SYHtn>8Y*7Um&c;*knO>=Qbn8p@{bN6#3SM0yw*mw#TOV)ptYpTmK7YfS%o z>-s#M{P(`Ra^@|MJ;iUoUg7RUR1Hn3Jp=auq>R-&{6c=udtpnJyMXoImjWqeF6@hq zkvEOqbFnJNJ)hh+4rz(ck}n}rK*hoLQ}U3ttxw;2KheVBUJJKiyO`_>QLz+29HJu}SN zN84{{R1QQTLiTMV>Ft*o>nr$s>E-evW!9rz)GRChvQ+xo@m6~QD$75IO@BGvcQOiG zcTqn)VIMI)-FFH!FIQ;~2iTX_hU=GB_YNQ}#J6#wGlJ6R!ab4YUfHOlnJc9;%Nv)d zDYF+Fh^~ga22Ga!jMxWj#TT(BBU`K&?BtuDsVG-=v6t4)_?FjNBRvIfw*wuPC5126 zoc4r%WBI0A+^z@TXg9arQ)Bu5Mi3fp>C^p{HD`ppl$+kp_V9`Vg?c-vlz^yDyY|Uy zF}BDl4p1j?tR&5(tDy3-4SD%$#LX|=lVfhUgpsCdFnBrP{sMpR=IApjZl?E5`6YZH z^y5yYlhD5q<_I5x-Y@)|;0! zRSSS8KKzjUFR@~}1RRHY8j=Uqha`-JRqk(EQX6Hbn3hXIBSMyx8*rj*^IvD0IJk3o z4|+%sBmp4x&v*H-uob}NumM|3b=yhxAgp7Wme#VO3}%z8|Fc(;4X~9L zTtojvUms<^6bBgrp$3d1;Lph@r1eAo3EKYiXzA}m0(3dZu|BPZGXh!}eIfT)nVL)diqoUpzk08gQ@(=h`>TbxnqS6a zZ@Y2fW>@JH*V;kNCO7oj+(z%&*-TC5*jk@=Kx5Z?Ka;3FHO5=f^M$)`C*`5JQ^p|H z;7|C(EXKlh((x@sNaMJvD}B+)Y!o7Ld*DraZp>ub=P%F9q|7~>PlZ|{^;|^0aAx?K zjrA;)EY=XL=jOclAb2ObG!dd(q$)B(>QIvEx0>rI>BxEj>kyQ`PMI| z`qH|L#F7N!D8ERm6(fstr8lQ9DL|?A4A~v2Yb5$EdDl@{lvHh+u(d(uA`P{y;Kwya zFIFIThQ6=PpfEM_n-3T)g|axV+PfSzn_=8!@1|K(dF|NgPRm4fXXg8k{bWz`qCOn? zLb|KKeS>aF$v#9fukqY8_0e})RJd)nvEBuwxBJ-%(LV-Q;3w8?zi#erBQ{WyOy3C7 z`B-`wSJVqVZ>&pe5i>Grnzfa7I#aI!Sw&%~lCm*xkSUg5VY--3P;_7N4lU_NhV#jx zQE0Wq)5*uUCmi!R>#mKqm=jPT5o}!?EI7G%H$7pP5n_Ofx-V-aw0x{bT zPGQPX`)?927&t|FJB2cHz)ui(aJl4>0y^WWYT=J5Wkfrfdr#G0E-(FM3mF%ibp^SwSjJS6 zxX4Io!2#1dwKD{S}tOTJ`8HkJ^MS|_)jYB*mHWrLBhjKgQP4e1~>-a!|in$AVJ2QUwgas1+g``7UJl5IOaKz%xczJ zn?R19qR^*aNU)QNP}(At43`gc<&DZhUv0>n7PUJU4#sO~BjhFPVG}ikBJGjp2wKif zSlSw@&`w?8nX8rti%o?N)-RY_ zT5`Xmn>3qDe3RUAZMHCO16ie^&E=>(I}3;6POWK9PjlNU#h-`ghWTW0wtd~TRS+Om zgB^$@VvH#R{TZB5^FePGUcE?&Do~ZPMN*a{XUq?z#89g$Xm(RDb(eBfOu#x!%b;r? z@wZW^;xB|t(P_)z%_f1k_GMImc56#AzLBpE>d1&QH`OUt5Q{!kjIU`M4XHjEC3~!mM=pT3fNAg&FzY+P0jMo-SBAF5e99M@gGd z(!DK}AIMfWN3CdyoaiBy5LFpqcKu~9ft%H8M(6zH6o>h&D@i_y_5y^w(9D!fOc_lN zzmFpP!ym+&(UW9ygOg_u6hpRZ*ugNd8T75Wl)iQwf!Veywv? z5O?I!FxtTLJoveMb&@zygiZgVp>QMgJ&=mp3<0ikkL;OzQ^}C266CZ#?p$P^U~84j zTEkCqZqZ8GEu}8wZTd)wkr)0hH&3)N+wP8;QQ8Fw!=GP{)3VNhdcfm z^%y2j(6Oj0G2Xf9aZlQFNC6Rw`_Q@OPm%(%G2N_7=mfXX{E%o32uJ|c_$|_6ctVLO zvVCS7@ho*YzuPXD6aB8eaP(FZFwy&>HT{|2W)zYYmF&I6x;}1peH~KgWBCrfGXs`D z7~mnLF&l*Mo0bm~LD7a(1lRTV>t+jQO}%TPc1#@~kl}6xvD|oiOUyi0^w3XvQTnaX z)h$F`H20vld#Q#YA3wwyC2;t+P1PqBqEROY5u!+tl6A%xI%8BM^m~sc9fwWTIoAKTZ>1x_P(2 z(DK5?-NrK2fg&sKSXJTN)51k+3|QXGmjmcW{SxDWchZJJ;BPi99S#2bXWt^877`67 zNJPd^O(dhR7B^>3NsDh@pIQb#DV*tvc{(_q=d^Ec(NtOo{;tbXEJ@s4vun|b5;OB< zs+aefboiozMX-qHrrWx7cUG{#-J|UW25BDFZp73wKHbq=XypJ|%0bD~xsUokR!`GD zjbx%>OkND8Ah5ImNdsV31BTp zs!{HWMRORNQ&qSEju7$L8H2VqVU2OAlbp4TyfRFem%&u>CN(Yu5pLrPHeW}%GhYnU z(ShdeVhu!+mRpPKzkScv+P_iMo7J3v7a&kiZ~7!HjTGH_PW{KuQ#G!Z(yL2# ztf`9~MvJ>swQh6VTGMAY%!3r&I}V#$n`<|eiS828sC__kMzicX^SKcoSn(zJ4yws< zbgg-P%WE!^L06qVmh2k=>+lm~90muXeEn)yT8yG;Xsm;>|4waaDxHgCK8;y=XlmY7 z@Y3PxYqek`TC%vBV)F?Pf~};rdr5UYb6N-ry3>`i5_)9B8QF1J%eeB>mxZzo?g55Q zp3pQYsGchi2Stm^n+qlA*fX?F_p4&wgDL$5;L@wb4?`4ErJQd?S6^7BO1&=)hMgVF zY%^5#8h~~}{H?BqQId)p*&y;Cw4-jDnG@!^qc!o#Ft(=$z-QA#N}TWnq5N zEGnZq=KM$xsdwL{_r(G-fQU4*f~YxISx9%xr><>zj3?$Bl7m%Km_OVW7iE<~l=z%< zljZfNW?F6fGxI28zwNOp;2W@L+&{AA0b6Aj=!}}%8>YbB8!QyH{oP6>CKq!laSI8S zj9y!jjKzfKofYS$6?JMACO6rV>OdNQ+AxI}OQ@BT?`frQg98PW<$8I?pJz?Cr7#)0 zB4ry_4)}hmbx~6@H8Hq|w0#kQ;-($ozQ6w^l_6=ks#siCZ3?BX^*WIZ96p69H=Ral z)`L7iulTCVyu8LGauE~m<`1Te#eZjVJ(Hyo44T1AjLF6+ed%ALSd|)&J04rOto~WH zn@_tgY1lZGA!N}U=cYIj&eN6-w(DpJCk?No%XUHBb(>az**j1`yKEH7GM-i+@DHKV zy{Ap6$;Fqh7bZ*P+>ez)nrZ2+S*Mm(hxV?P(1QzXsj=R)+}BK%d?!t|!%~v0KB&z# z&S1d6%)YM@@0)@3DUG6RIK#Peh+%JEyRCGHaDA%o1%CTs3Ly?tm!sAMXO4_>v~u)o zpOnsqp2J5T8yE>_m}AK#cQs(Lb34!*zWNymX%9w3T3sng;rE|GZBQO$?K*zD9An{( zvDt%~8#!Ioe9d0W$sQ{~hoQD58QqB>nRdPv3zu+jye76zQ2e_U?#{% z2^pU#QQx$0a9&IscMxVZttZH9={RiJomrYPjp)@Kzqp)-RXYd~Zd%C++}J8r1)0^P zZln@dYdl71UN?zyI@Y$e(~TWCnd5B!F!x!9Va|^~-C&3VjGWvfjcKa!LN75GR>>49 zkT_@G!X&%VvzN+#P+IOV7Fno!PNok1)lmB4*z24u{Z5RfaLZW4gdb%F zX7s%}Gg|HN`czXX^ArBA7F&$=yJu5-*KawBSQdJMawu^bP4_r*n@OPSf|L|bkLNf) z3{gwlLLD)|YHw4xIVgq_EzRck*bj`;Der7_-n!|fSO}X5TjNs1_HrNC*huQCB}Z<3 zRQS?^0i(RDsLsW3Z1r9cMlZL1HNeH-nnHG$c7XDMI@L+{)li&t+~%aQRNpZOGt@3A z5t+~^9s@sjtdC^UsL2^sa$>18AL+H_Yf99|ZAue5&bL@~AybRvC3aF{X8Ee3>DKeK zI^=%vODUf>q@nqksmTiLI`*XFo8CT{im*;t(0rLt2$c2|uS&ch2fco4O=rmZPVvPn zluy#p;jqYtcVFy`IH;q!1})};sPyfzd?D0(7jn>44%^PEa&i^+98HVvRV%@pxGf{i zNPRpTLH%_8@a-FTkLVE~gJ;@bhBuy{m)K>0lkd-U z03~PnaO@76Ho6~#u|$2lM)O~XVmnQgsA#>qYw_V{)hp3)HOI(&k^AP=wJ}$8C*~8& zQlywIV+KxR3Y>DzsV`H}VR8c~)M!R?6ds+YYOVo(@(DP>MgkPVGhcPGhzIvA`GfBK zSQNsKLB(}2Ot8M9PDe#0G3S%@ITp$B5cDjUc+QvB->x4koP9*ms8`vGhGUZk6oa3) z{uFGBrb5mKNpRZ~u15zrxZ2u~SVDtpq9l{&$uR?!oijn2yI#Xu9n@M2hD(a&xT@Sj zGWf?EJK7=B7S4}yUsCUe=KF1)h7nr-E~bXBu}DtE*}PXJV;Zk&a|_vjMXYC?mJF{DvjkCcuk&Cg^N>>eQQFAST~7Yv3+?z`HNS%KXTeNQVKrB zNb^Pm*!|aZ`6ynYFZ0goGUa5PY3HgY&k7YY4hHQ|Xg;PmJ~5$3qSOO(&R{(-dq z$?*Rn5&S19`M*J?Kl=0kmbKqsI6$x~1aigpZhr)3Xxx$--#j@b|LeHV|8E3<24u); z+=Ir?p9}v56o+DjLiVu?A0`i?01&6PmPK)!T0qh|8Gso-LJKKsZEwKYwkvLbGJHg(I~8SfCFrPgFYV+!MSB)177eGZ}xFQ1RM>QGN*vTaf>`(`m+4Yfvnsu3paoNW1gmj>m9$a5|7+2N#~xHUCy(?423yUd~&t z=NB*V?c?z5UMLU(gbhy8_bhy7kW$pMFrS%DZVZ+g#xFHP^}QTBYg!B;An1`A1M8$V z_K?D5p)Vz#7S=d%j(I|`drUA0c){fi>X0NZwACjXfL`Ylx+!sG z1coAo&p1pc(6+z-3i^?mAUyJI&yQ|M?wVp=m?5*KIJra?O&f&QO#&ic`M8-86d|nq z9SFsT!n^}%{OpPc}BV0aDHI9P1D9Q~{xS;SUYCu&0L_n%wh z&CfFUh5pjsFh{n2#)H9U!p-YwgH*A7E;z>i-5=!nx`%@qjwKugJDS_*tuqvZBUvXOB=T`>mcImLMkL3Hlkk9g>?be2j(iC_GST=Dd`YqN7`tu_+-|#Alvn z($YvZE=tWy8QZBwDwnb)Tw6d`$dqmN{O_SBnq^2w5M)xG%cC}%T15~N7~`2H>8*gNGS=B>>A)jH%kt8*P))r~8jCS?FI zZK-}7bd z0~Wu);zE)piH?q5Z=P9dzJ{#;SZv@^FUR`0zN5|-pelH)?E*UO>xvACO3|_p2FomO zQo;c}fo}D|d>?uMON%83v5n8`hjBDy`9N;tfyyKR{%7OAqHO&K^#3obo9-Q!`X^D) z`k@T(kx1xYnFo3o61<1Q|2N9le;EI7If;kmVI!O|%LphuCc74LSV4fSIy6Iw9!41V zZ4RZd+q>cD?muYk0fmkCxgz0xPTeT8T*G`PVcEQn0~qOe6oMhlIjvpsVU8VKOlu>F<=X8tQ;)J><5d3E zAjjq!^W!lHFW|4y_P?Ar*ZojTtvb`m^#IQ6O}>`I71Uac0=>syiwTEiv*^}aq<(h) z`r+*+cjA$#%Is7A?vM_ z{~5Xw9ZtmPJcM{>tn@{u+g47{fs=5i^kY?%!U~D?W4e#!F9z152C?L-qVku&4x3KM zH-8xLNQ(Q+Af6H5i^z6X^|*;9R_!Gp-2j)#a*o^tbGYZC$vH|sD2$XzO6oua;1t&T z`_KGZ*GACyV3RV(tcf~Cv*XUUB=eKR@i^^+*3Q$=TYDY*pyG3QdIvN>Dy)t?^%Eu` zm?9pf;vD2-+8XEC`6Q*;)<(y!ANsmg-!wMa2%4^hpsC8r!_Ih~A!VDuebb+Z!+DXV zcX6*qxJl}SZ|ypBQpcJy33gR_30&)AtsiMQ3y0cNHno#0)kAAJ5g_}k+DHua&Ipi$ z6@d@diJlo{+7E=q{(VaXTlC5I(c!kb)@;+$Jj3veviLIhMQhTIuDx?Kr4;`!V}?Hd zc70}&iAMQNKWxpNw+r74@b=A{KAA5<95TKlG5f;6jma$Zn1{R6A5^Lz2TBjAqr^we zBPbWzZ=$D-_l*75T)b5k!^ycIqv)*r5OWhzO3t+I5>60}i|BJ(p$7G?oJ09mIPW}- zxf$x|J}ahy8H@ysrZjx~>YE)YhoYiZ^0U-blu0G@66L2D(C&(643lhi_?5f02@!6* zP-rhsKW`QMifz51ZIGwOq3V4Yry$}YLtb{&cf>SK&}6o9yB2o%wP}l4KZh%Eh<5~G zj&V}7BV=hOAiBS`_h|cVT&%@9;(s*0KTy`{lM>C>U2L%HS^H(GXXYblM$5-tB!GKO z|A9Kr)?AiEo@52aluB4;ZNSu@u0JvEtnsYS(0_9b6CbbGcw6>aW~%&5H;r*zQ;>JI zd^=61a~Ri|Tk@xs|Hj<1{bO!DJlI^3Ce?MM%tW{4d+Jy0yx$#pjFL8F36Js#Bn)fP zQ!c&)D^6kqd|9atnQs7JkClbRVQ2C?X1NnzMV`b-ek5S(Z2WYd*!kPSGDN+v!PDMA zcgrt|4C$n?f2^Pk=-!PgZ_yM?%E{a<=t|p&VRS*K`8#8OJxEA1fW9}f>B=Rp~Vc0rM&HWCoMe67S`?9g65ez z<|bT}PyNfT>!;KPc=A)W_RRr!mozs~S*B6~~^}M1Y7+Jr? z2ieDVZ`_2t`5r=?;r9vBNHS-GnwX5wNu0+=^`)fjKL6v{woC_>j$^3x+P%)5h+jxl zY!QF6ZR17`q=(rja!eYj>nA+kZi?0|(lQtRo{?4@t>wVP?~5eX=*W+?_Q+SL%|ZTZ zyNXSgV=?(_O$#N&c=g;Qf}pm52U60FuCDvi=^II6pLf^u=TRmTj;%`pQPrt0GFUZ% z44Ft{Ri;nZH=DxpSo{DVMN-)y<2Q{3R5DUhb%B6aCc%2fkwZ2W1j*LEA?x)%ZT9&twT^B$f7W>6q4g zkaq~H`JO9DPRdc!eEg-FLOsVd{7r>Ddu$l}`kg!0+;sDCf~;xmTHpnjVGQ%%Fa*eQ;+B^z?Z%IUOKD z-}0mmu1O>ORVq*0mEyXc(*ttP!n`a!M71b=>W$tiS}l%5oH4FHZHD#nAOh}e_2dUx zfi$~9Yg2>}7^E6S@y#|u$YQ6{52kkadpe!qJH8VbCt?W z30Ya=SvmE};J4Ir`6h$8lq1Bt;m!%6W1w^nS8!;e4&?88Wc8O-^%xS08ULF7QVB+G z9ZPLhjKX5+!S+K7Fn*9hEOAUFYa<*NQjd6o1% zdsaAOzC{pGkaM4a2)g2s$?tXrCbifpX?&{X@PYLt@Hw$_p+b#%^eSfm9r1jE@ZLB& zYth$O)%>VEzc%l5v8;ZI4h|)&52RY8VrqPt#0(593QrXkk#@krJR^V`{KwlhjMqcp z_&0Y~8iS>;6OC(PB$cE88^XUzVjVdt$xrz$qV-oHRFB9pQsgRnr<)rHJXU?3OfLmN!62LYh2K=Hi}=G%?rkC6 z>JvqL7;pKHLG!dZi!v|gYO5x5`Y)n`hL9~H&*Qal2FRo^nP#j z-UfEw+7>Xj&sil|wW@;@^Dw}S+3Js_-T*&6|HmzMw-Sc`+@F0IEcJ61V3+Ixg2Vq%Y0UqB_mDNx{x;ffEHw3+nHMD7qM+?EpK3)k zwM3sa)8+GiU}aS10%{Kuzn|&w6cshK`Y#;4lo@ye!9FS>Gb~mVymT3)GsweXs51U9 zfr)lLUF@<#6XHJN%xJpD_*EFUdINqo3=g=3AdDguh;||Y8kJqYj4t-Pyv$f7Cngf~ z{7H2JVa}VQA8e{?&`JypXzwl&clBACW59AHrxN}U9FJ8!QhB?X&|qb~5v$I8^_nTs z6(o(f+{1;5G4z!TQ=8K9RRp||FvNK66t8#xU5?q;(AF9Q<*7&JQI==@_oJYRvfz{? z=sHK#Avr$Kie5+*o^RY(*H4^=*!I-!V>9=E4Q_m{PBhEFIW?W&r@>GgWWD16fFKIM zJ0yGous4eM@;~Sf{xByG&Y#-buQSp^-cXkmIR+()g3!1ny9^$wiZ4z^-JpEJ;naKC z!Z#`NT9oN~5w6c-AC)2kG4`W1-h6n9@(uI==v%;c8iIn%Nv8=4~P>Jz`Ish0z==y-fsp+!EIlgWs+QEbyLg~ zg~hBl-q%NIOG8~In>)s8Mms<0gw@H;*L9UJ%iG85hMb~5mhk&T{^e(sv)U^?%P@c3 zCuBvY;&^^u3Y2bovdtq$>t*Sq~Ztd zI)5TqXnrU}KuTqOjvOl%=JT|UWUn0m2hqG}uHdf$TE7g**1W|!3>RfwQD0sEjxO#P zMFkn3hAo}rmQc^OLLtkfVK;8_7W1Jm9?Ku^s(8Jh^%sSB-(QL87^acL2!#|b;}3$t zsi-055T6u0gf+}&lNEkFt*YC^b@r|JeEv9T1kNjlf}3UM-?iN@0tltd#^GJ2wvfA6Ulv3zF_G~)7RjX6@W=9wR(Pii$!(kP|8%CHB^J}YCYj_ zqQ_t28SXIcs|ta0XF%vN{T&<7+g{GweYGEf1ziyzA5H#ve0eR&tkF_OlyWA|N_J+H zd^h5j1J7Ld+(qf?vJQL`GxYPd<)SnGM=aa>>yuM$yJVouj8;$sQw!FYU)Y*D5rF?YV_57(<^t|NyspVdcf zT0`oZ-ku{BvII2d$<3#Xaw+{#RqpQMW;46Nhae_bZdEL*hM+_4$+jX*O&GwqS?A)4 zn!PwDQ%xXBl01rGZ)wPn0#>F7k%8GtG}=PD{BL}Q8&BYxXuvk77N2YNv!K3*eS zhHx0P6m$u12p)o0!re&ur;+4U<2a$ePIPIH9#JJ|zy zZ9lhs>uXdyB4CQ^p*cz5M0BO8 z%nvh8M36k8lTXM8ULZN(E3?J(IN+jbI-kZ)?%?{@7dq}_8ZUpys?87K%{?$0vw_3 zsu>6Vq1k`baza4B`u*_tB$g426anESg4Bn1s;(*fiyoda8>#pA)9YNEXs>aFOr9A@ zWWB(WR{ZfUH0;wWTkPNJFXz-%u&pfWNE`@_TXjhn8oNP^4p10l#V52yUCdq$|5|}R zpWZJ9DEebE_x=+1e<`cl>q}Pzsm%FY*+f%&q9cIP#&)hid0Qh`(*Nm6cqT@y)`aMUksWH@*;h>D;390s#80=RZ?(AS)}1w{kBN@ z{dKNc+U&%aB<;z%;J#5I4pCnl*jyktpI$sgPqP!GFUbtU^^P(L3gXVf< z14G0P*{>zWmv(wK4p(>ug(qsRB(sGPcold~a|YHlPr55`ti*iAhC|I}Z`p4LNPDg_ z`*_EO_;c=T9H{n+J{8I#^mUX zz>Nsk{AEqRorkQ#Yth>Cvwjr_Aea^#-m~OX3Y|ms zH3-IF`e&;9IQHA~656DB2^OI=nHCpgM9E~Y7`Ww?2Uf&4r`$DHU3VRNE|I3%3Jqkt zy%wISmid0?9fu4y=UQNUWa!<{;!<;~x*y0tENs_;1B?@rNCe+A3%LmweTOdpc)L2? zb6m9WdjI~WOR7xtibhIb-;pWF5@jXMJR(I&H%%c35I`W@Ti2b;X$;cgcl#C#z96tL z^mF|61rGEh@4F8szje}H3<1w%d3xh!rh=<|Sv$IZaTZ$?#*{1?2;1ydshA!Js>wT= zYxA}w1B)E2V3$Jfu_*cG2BVihn&dLaF;imPEpN4RAW)M_j(p=uk#naQ0o0e*sLV%} zwu2r%V*PoyZr=`Cfl zmeBa`n27|H7X9|ak*!Y_Izr=QB#iTm{WQUyFQx#97&Zaau-$j@d#|Shan|mB4SD6H zEPUgR^o8b~G{n+MC2vH*@xAIyKx-Y+9pu0)si`NcEiBYni*2a4{u}*gQUN#Pym;)- zf(YLu{Iv6k6D>oj+bw?8j`olW3hz6kreT8w7oF-;i^kV9^(Un#??5bIwxlw7UiS7E zL+p`&1O6c;FnF>l7Xrz}pw87q@>nEqs%}PBpd|0KO|v$cqN(s)IW)NWtvTp`0`i(0 zo)fKE!{qY!(N6ie(Za(b6Z}d5J?&P`pm%l6B*`XK!7R?pAZ3idgNN=uVzkA4AH*P3I+Ttmnx2>iSMlS{%X?2Ux>0I=8l1 zQ3YL_8)MI2WNLcvov==BW%rz9O_Kn!b`qDy&`-8~O~a667MTuM^wlD4Nn`|KFx)Py z%@j*nbKxN*S5a;fmso&nWO;dY4GHqHW2Cp!6H4{|9?tW_`yH1;lS5dbx+pG_(w0P* z!{^V|+nIOQF7i#Po`7v#p7Q}PR}ND|EmN(zB!1x+Jtr#{juuu0%MT9+yQgOdLoyqn zGAFXh|7ae@zQHC858cdM-~J9^^51J^5suSM2bEja)oEOm=fN7g7lo?|EZbO;{n0c+ z&5|1K1FsYfX1wzKx9(>;7}a_rk1DT?5pEXZThfyGSdvWZUbE2&M@U3cZn4KpOz?Z0-0 z#Xqd?^G@MiK}*ZtEX6h39M`=4$e-$c-x7bcn9xT3yt~}AEWVY@x@Z0gERw9%b|{5t zfP6Yh3ue3G&U3b=Ns&M}(%LfnJBpU_Ij5YCvl7$2+HA+D8Kr*XLN9>iZfh6D8OQv# zvUmrn$CP%w4%M@gpOx`s$kD7pZf$7BJU_OceNoee+A@;2w0QuIxi-6hT4`p*2zbBKmNn;) zo=^JpsXssJRCaHV)2J-x4&m?Py%Oe$x~qEj&X3k#)~%|grik&K{vV#g{FIm3$#iFB$*~4Vp%2QF<)7y!DfD%;4|+( z=y5>IYHMH&+#7?i5h2D7@$ayk$Z*QFkxNMd!UMQj=bDz8o>y7yWhvP$7}}h{^JIZz62QaSxAv%?N#}_O zDZ5HE67%Plhhqu5e&X5vx`HxuRii}o6dl!^{)z7leG(;`P9*blwrzyBc5IB>?8_p! z#AJjGha8z)yBb-uHdk~}($jBn1(RxV;Z{cf(+LXG^v?GXpt z8|A&5GJ?C+DV@fQADBjfK4s^j0upK+U~c9-+!Z$Zg29{g>P%#vDd&7?ntXw`mEDSU zN?*fu)oMOC;Q>lEkfzkV^YeScL&TKslNbBC%9qfI`60#vB@I8p zdecCc4j^mKOYGL_Ev8uI%m9m=7x_#%##9d6#XHstU`5`8uZ|B!?_qk5+sRGs+am8| z?9-ndYAyabs-=qv-2_;WXVv_-x9t^Cz|B{BNFxH4lD)zm!p_Ms;0Z%gk&uL*k>(uC z<~M;_<6+hd8yjh3H|3zaH@pnilz#fM3%tB{F{qMXDed?OK>KwERu2vZkfMM9iLV_2 z##+B-%|;kP&6Bheqxp{gp0+Hw*B2j+6afTryUyq26yOhoV5(A$Nr$EEwwjM@Z7K4H zD3nD2JY4Z1CE^-4I5?6;G7)u-q{wl(-DZEvY+z##Nv5T||0zO?E>iMbRWg$6y52M- zY6sU?iVL-|8S(d*0oPPv7RDYr@sqx&W7PW@NJ6#CTl2c3)8+#JAuw8~V11+VnOPVB z5T0lm8;Fy)K-w8;(Tk-2iaBDm32Jp1at>h%JMF}Le-W$Dv3&NPVL5^q(o?~e>M$zR7vfWA&>%E<4XzgCN zCxN-;|G2MM&^;W_FCOB;WZ*NC&VcSlXGjv%pe+qvk&C2-xcp{ba(Z~@km*PTLpZ>@7;fEH<}1?e zK4T#-J0I0n0yz0xzS2lg6X47j*Ifz@^2%jBxjEhCuDOZMYUVu{#vJ7<4HWc3Z@5Bw zEzXl$U9bApB<`-Qj89q}!l0LRL9{(?S8;8vquQ4e6dF7!Mwy8E@?cT{OPip$+PA#D zqCR8YApyaIEnE?GP}h@dcvHnV;8cPgdX&Z9i{9ah0QP8|wK9|09^()qiRwaN1Nb zr5LUSxFo?+gmyj*ze~3v58UAe^ef6s+v9Nf*?9K$E&aBYUrgG8ek&J0UU#XC=+aP) z`PFud-b+>HFNf%@E28$*(YooisJ7TqWaQ}7!r(n;{ZdvH6(k!HD|FRuzeT=fAWJ$c zt6SMOCNotmzj3O>{rz-)Nh9Ck@U+qq4PNW>%lVR5K|+#ivAiU(*#UutXp^EwrDzPw!V8eKQ`RQ@u<(M|L|dRUf%QmjjlHHZXpI^2OB z35wvvdsTncbZnJZP{0l(X%|T^&CA{86Ycx1N59+-t`vx2ci=!Z(>tmOf1l z_p{hd^5XJomxuti`#!q&d_mAIh|<{lDr&nWqe-j> z6p;sZ+E1(i)>#Q)b)AsYH^6cwFusAYoxkaM69^1X8@? z1HxU`GHu1#(|4o;`j+dRbMmDhgAFHLei9iAT}%@!VddM`oWwH90k{`|7Do?cxSJ8P zX5B=Xw+%(%q%Lj^mp?Ua)5v-NvR_X{6WDWSYn}hkn(aCJ-cLT3=9ftWDwz#iGQJe5 z?IHU5Jm4lBA(o_8@K`UhaaMwmNT8q@w#`^#+E3ifD==et3NLMlC9aVs+t9}i$%BlO za4&%AQIyI=LT(1u>J6;%E@g}pdHZ^gpie`Xz*wL^GrQ&|#ck|T9Hj2L)IN^c(FFw+ zfPFmkSZ?b6pnQ9>t?KnFHBg;$ISp6gv$DbVcq)i{tL zp{^=?|0{W=%rRP1Xh2r1D80jW5$@+_eDL+pH(qcf;xrI8ffOQe=p#wW7jvuWuZuuf z)Z`i;^t0?P|HJQ~^JRPKJL;~$tXF=t_&>Xib6yP}CmRi}1nsLixhw}xY7?l`Q~Z{{ zF@tHI0C~Xg9}kzbs+B;oo!Mx(*r_t3W$1-i;3I)5dTyRxc|ju)&W>IPEJPT0rc?VoflvFB7kkykYUdJNcTdtr@W5OTgcY`Ln#L*X zr}Q055`kdNKerD7R3m!`Vm%9K)>HnOSr2P;Z6fyu?c4P%+TY&PkE4#*SgzI*)1Gcc zW@K@)709~P)!NL?OB`OD2wiQk3teooi`*7R-!Dz|$LEn;yXOXP@`z5RSD$U_!&(AG zqn!SXGpdy^C7Nzh5{6~u3@NC|!G3s9Qdpu7ig*mmMnD!e0M|nS*!4P)4j>Vps8N6@ zKhurkbxlkp{2}T9^z;o;*SLrkuMyxon;Z-e&KH{?`5KV)xkD(|fRo^?v5Q z1ae8aVH_9P^b4FToN5ODa&LpA3r&^W`670~I{1Hx9=TU*c$ z{R#&+85*9aO=9A0y#@^l5EFh{1`?$5U^n;1ylRmzRzD7DE&xAAX_7RBqB+0uaTOWX zT~fs79L1v_MKvcnuxnaxbkTmuzr;C*iuIGo2>kqTp-+*v0IhT6S>?_G2|l0VwA7TU z@pdg2qMbcb6z}qtqHgVP$%}?XU}sDT zW+w14lZQ(dC8&R9kX4Q5x3V-hMrM7eEG<;ijT2u_8RZnxizb-g@}d+UHre{U&bP?# zf@~X-#y#|VV&d)eAE0KS3k|S*z85mLD4cVlyLg01voE1wpetMi+FP>eY8W8R*8|~C z-89N|1GLZ6NsWA5**GDZV!&5`a#&Zd_Wt4)8^=K{l*o@R$C3GmT}!syp8xxaVK6-?qOw!Uf8FjT{tb zS7J~e9iICu*Kq@A7f`(mLWBdkOUrer0FawF_4^qEE><0G@WF7nQ5!YW+VH+?__Of%XSh@(7* zmjKNz&$JR+-XS>xt!x)yhAv{(Qq9fmsu++3+<+thR{6>C$RyvEd#r~p%dG(r^H4VW zIYYlA}r{+yDN)>K{n3-1a==BhlXu z0Dm5r8@$@N@Q|JZ?>{;Q*S86g5|NE1AsBIokiYjLYZbM(JDB46KXf#Tn#UEqLU$vm zkVakJJZz4N>P6Jww#N7GAF}^$n2HMLZwKW2_m3a`-V6Ad(%>2I0YcjmGzfk_yIwUS z0_k|pO15M6D30%8((J*(!ELj|ME;+&wWXw`N&d^3zP`RI_+6C%Uu|`@L4~G7Bk|u` zXDQ3FDW(p!S2Q#vuCK30*#u$fBG8gPpaNL06L4t(i8G8fA6Z7pD$Y zLX*HlOX6F0Eo&3A4P~8Gik(f&2(aJJOe*Q3J;_l}5ksYRxmm0-=fc5@hiBx+ly6*f ztppt{k)ub#E)Sl2*j78MU;;OzTu$vDWL%T17x$7fZqGtCnMZ7O`&`Jt%DAywEUhyv zEln1OW3%{mL0+1IvD>Kc74I2W?L~I2RfkE1QBA@hRfWgBlcavJ51YVrW}7P3>YON0 zVNV{~pQ~ZqZy24Bt1-8@olD8au~qV6;&VLf9pJnB=&eT^5tb7}AjsgjZXYPwqeSoT znHPHdFMH@kBRMH8{3l;PT}^HE#I=JWGMMj{;2Y1GL*Z{$qyQ6jSZrPEr5-r0)&$0P7($+(-l11&aU z65;wq+XY>;Q56*_DMJxbp>enTm#BOHOmDvF%QGnpN9EB_UV9d{GB7ki+Zol@86d8@ ziD!It=a;1HSV@sJ=FYpZfjr~yf2Y&6jt}njEc_YbH`u1xwxF}0i($*ekX_s+RZ1O- zA%jd1rpZBWVmeDzUG%jQP7v3m{!R-tt+%mdIMQ!oDGo(eFaz7Bm`)~a;w!5wy)`p9 z>gzi;0M~@QFc+R}@DE$V&xtwUt~lOsly*cc>l+$+I$shKE8wuTj&;582n87N?@)UP z^*v8iYmFy%C`g{D7xUv?!rm52)24@*VRq=HH9H861PaG>G{xrN@dpYx%U}*W5-#lo ztOqpn_@{Kd5Q?Q`T7+p$3HA;28zVi}($$kzuY0YktJf{h;r3=gx*6sgz}#s_x5H0| zKlvk>`x}T~*LB>nZ{U!k&U%K^=F5?}hvR(BPwh>rx}GdrZ4`CtiRtN11FL$1=LACa zZ{Fnh4NDi307C(PX92p+5M{Mu8sRZmwwR9)l{ZMN>ky;zDx9WBy0^v|zU!c(tM`7i z6RT1PpU+>d?p;Cq#--6X*sI35{ zPK2hc1iLc=*cK)xT-oP1cFO4Xj&17FcE{eM%cQ6_e$KZ!4%8F$_)&t~ruT6tYjPcL zxtqq+a7*1Op^P?xm~7Y$8zE;is(*;;D5f zb-}||j?)-6@X$aMYi$1D-_!4h%=3n4Gg^DCEz$hBej8t8UjOq*7yW~!U0f-J+;>ZN zYv1Zfi70pILB=DD+1d2C$z4ymY1S9i1%7vbvd2?XjMk89s3Oa&@~gbnc5Ae!h>VL> z`I5U#`#6Fy{Mph}&mUE7Di>?#d8ux#WgTrh1T(TaxT<fGCru*u`y+|su1ymci7r&a3D&)=o$;xX~L#*ZP|uab(O zJiu=u^Unc0M^)9wGuyoS{FIwRIVV8|77z#=F8(sjjf(aYX+*JXn8yG^2?nW&l$_iZ zMh<``g(I`CcSv~XKW;zC=^`hAICZ5t2i^)_)Pop z2F*CZE=PyXtUaUlG7+O{ZpC?-)lWl9_B0eQ@lA7z7qP}E`{}?%)@B3!?Y277mbN^( zO-$AoEGZkN)(g+G$@H})^w`}@wSzKo$_QaPZng4h!T$;l`hsun-#)8>4L5Ps7Rkya>5`ww%VzAr4RRE0QFL z!b`3+DN5smtt9~s|7-&KSzqOpimv*H)wxe>6s*i?3!noN^SpA9jmYKx=gI@xUB-Tf zqWpIMcz5UuBu%*Nt6Po?!(e|$YPwi%m;Zp)`#w+tTvh#BVZkHMC~z5TKgkn??|dC# z(r;;6-a2f7+2+cpqQ6yB!{3`KdG2v1+e#z(XB#aNHhXoh%!A^?O&b+wxaF%BfVVLl z8HrZCq4Y^lOwXHvCICO7IFZj$T1zdO)LZa*sK1dpGBGkT9^saXo?S;$qWGPaIG)-3 zjZFY^-M1Hcsq-ODeIte0zYSj%Rr{fPyh83W#aoXxsGR8?WXa8>$Mz_v%%@4t%%qvX zi&4>0_3w(3Opi|cL>9w0P_a&^m=rHp(I;)DEl1a%t#S-g#edr2vQrHZ~@Ibs;ti=OHf>bt5j= zO1;Kc`ODKjN;DPi9xj5#@O!*qmjS}OB#i}^6V3e(Mbw9nxqmcPL{wq0e}&l)2_WW> zS!=WDQeDH5@HpE-;nYN3)xWbx@`K+s$X+Qr@5{&z5|0Y~UEFDo*sCmbbmm_(OY7E7 z5~w|+bN~Lzv8|;hSvAgIRQMP;dS^GoN*_m(9{8ln|J!`i|Kk|cfA=#nIk|A3Y*L3e z&LGeWa&qCZp}*vnxCXckk>v#-YN~ z#}Iv5pZ`+TTJP`P0!JAN`0lQ{?!>6y9*lzSS}|+#jK=>ZkwJN>u8Ka~XW@3DoDCye zc6zlzb6E%fim|Gk^z4Tja{WN)ooOSkYxgZZ8!(n(4-jw?T4^>?r9=fo!= zkPD3n@?qMKtSlk>v=}HzwYU9Iwu9xzs(1!#UbvDFf zz+c0x(JMLMM^3A%E9%aFty_|+0VBW)Z2uZGzpbV}^;q@_i@W&`Zj_&)`6(^;x z#}IoVT&J$!Y$-AeA|;4Mi|&#Rqz>|PB=o|D7v)uQVM_*bmoH(UHqgYLf3i_1rQ*Ou zVbN+tW_^3$v|zzzP)WGD+j6A#KSP`710VU1?Q; za6Pu%Y{M$o{8?}SH@027Rz*_(sSXp5V3j$zpkPU+gz)EBZnR;I!QO7kr=!8nG&q?@ z^H=r&uA<-@xZv#7f=fX@NJ&ZQ+v3xe465aKQ&oZ|Mz0x$0*6#Omzb^G+(V=LWAXXU zIK>tPpDg6?^O2Asu3{e_E_Nj4%uZ+*GK^GQwi?qi5?7h~&vy;OF%4u5m2)v=0=cWb z>o^G|FO%Ma*^RP&;q$!5`Dn#<-PmEUrl+9E_q7PC7jx z^AYJYFP^dvT0|!L8%CMlS_Gm#Ci=X}Nk-yae;7 zN0%=``oV7uFHG@b_kYX0c&@GnDRo$NoG!oil_Ih6#ONhOsuNeK<# zp_oKDb(FVA+>_k8$wf!Ih@acz4EG9ewH)x`P--<&WF#VM@;304Qc``9*=8&IMlhLH zOA2x~zd=bCHfUm|5iJ|=2+dt;=KX|Qzc1{3txIw=m(!?1D&hIW`Cd(3MS`Wvv`DMD z@f#vcN*<3(IDIXX$(pw9=Q~?H0!xH6lFy$Jb{*pQEfK=b(CL}&zr_tPu)NmpdMpb? z=>;|y?KUt*r|j><2sKBiDhT%G57P7 zq zn$NLpQ-mn2%&^4qaRmJXCt}Q^-5|C9H?8>@o0rroZL#9GKP(d)z?5igSB<)XA@%26VoQzmckXHqhl2|-X@k!-#9wB-(JCitqy;mlwdQgd@AkS z?Z$XLvkbY=6+L_*Y2l^~!jX?p?)2a}J1vxK@X#Zfur(hVV{(*1B`jA+K~u4(%5)z} zd90Ii5TQqO=H#Yi-g=&%$>g7F_S&07Yb*LyRmOl-o`s!}=I?4Ab!?!N8;tBOZH$XG z(|Jx2xQMe~Utg~iYOK`Gl$&oTE9%JSoV}ubveb+pgN>⪙4_`LYzqK%TgA*@deX# ze@S^EV-cjJ{zJjr`-v$F?i2uh)J(uyMGNQQGx#Hm{GBz8zoIl7hFi6v?at z#qPwgW2{ElPL5{sqMap|Zs5JTJb~{f!A}iU-+8174V5^J?CR+ogW+7Mcm&-VFdS-FL_OQs*5e~Z9Fy>Yx*GuZW@0rL9Z<$Fc z!BHn>NP+9b3l-ftV24Krbp8%N%Y@!R7iIXA%0jb&fV#qpNCfS?HGxQVQhx~5env|g zL1n0n+n4s&Kf@$`j``K)vKg|1)^r-a&00zUW#^x?Ly*JRWGye3mljiCzq;Y_C~du= zO*QOt`&#_ZI`yB0H1k+jeAVz(18qT~VH~Fn%q`#|8wOeQMUeivES1gWi!}G5?*SPZ*-1u^uVuXMRb1YO zMt-4|r%4}?ghU}_=j4QcQCXK=J6T~*?0{qxJ@eQ!wua`Ov~7~SKf8XEQ3^!WA;u{( zFDbJaqw;hh|Bys`$3a6eMt=~*`eXAYI9=QD(Qr~ijU*bMQ01k9lhCKVYpomniAOen z#ym|!u`}?@a(LlFNEnrqR``gGuTWa=_YVu_W@r1_{ZS{?)H)g%8JOSX{?_s>%B6_x zlE@VfZSs5Xc+e>#p!xt&CaV9LZ~Z4{|NqV?{>N8Q{+rb@aWEr*nm>@qd%jM7`M7l| zB%+EHO*OTyM&~_=&u4#+aeU0<;=3fo0*i_`Z4Ro;K7C9uarmX!^FDV8i$T`9LOp~Z zPW^%Wy};2-fTq2|+@iR!5OHNphV=lSq^Ph^)%jnY4}VM#jmf(=Azs3z4v%lC0GV!! zVF{naZs6QB1U>xkB9DhI)s*({JVtu{=DF*Gy!*Opu-(8<%F6E@9V;929(D6Q?0qK* znfY)^UrxLp`ZpIb_;yyL>tVx|yD-bY*TRfgG?&Bwn;KVjG7$f5WdV1NRB@#2anhRI z%qpJO34&P&LPkPOD~!oxY-LeaG(#gv;}0;It$0X2Qrc13ts>9R(Vc&auUj0s5Vfzc z(Bp_)GTd06npD0F%4&|&uB8tUw4;zT4vqBjsflA2j9j%mbGUwri|u)UXr>^)LU{+r zeY0$LST&?yL#LFGEG>S)?tL*u=;=8V%D@xSpb@^BF|Sho`UCd(D6!Vi&`{I)n2ajW zG`Mh=l97R2&f9JEGnQd6pT)P{23+h-tEi}my?>7g0;i^=kcCN5BSeba&<9~tZtmoz zo84ZWAdm@y!eB?O>GQVWa2lDoa-fi~;2c)O+;?CslBf{DNmt3_t1qe<8m3!8yg!AJ2~-{KnJP( z0O)J|{P{Bh=pilNOw|$b+Ujg`1N9Kkd)Tshe+-V?m_qd=z$s$Qg;C&Pr6v-EomXb1fzB3MV|6VaL6f8sAbzK&_n%vInp-UcOk;IR! zGasmnPY-bHea}BDeRS!sg@uK!$+1Om*&ZYXUWT(gCtxz@48%0t+KyHbS>1@&-voA> zot5R!SX%FA=L4J9@jU55z)8n$p=)g2TCnB4hcDj`0hJqeA`IC?j({W2EkPaE)c}MH zFZdm_b!4Hz2^g2m^SPm0gFv(@jF1tIT3{@I%sg*)@_u)9Ib2L?oR!#lg;p5%U`<;R zvm<$7Eqg(Az3pcII2dsa~ZnOHFPI&eOVvNAbU|u3YtijXb$$(e=8R zMDiZicU?usBI9dg^*#yx1Gz~-71W_`|+;bo-$21#j2^&IsjG z5z?~eOOl7$3Ojq0R+U+W>xofjR#xB0i243Zg%JFFJY(8+t~wZKAw=EYdhUY+(>+ho zSewsZPXpq<5d9 z-+Ya%UqN@0dc9R)Y{x08y|<|;LkIQRxc%c8F<8OWH2gkvy2l58_w4>E6v^84)Nxpb zOy@1*4J?!mm;-FpPx_qQiMq_VG~zolcXe2@75$T}lT@43b^G4CBXofE)zKbd`EQ(O zI0|>uhCgw$u9v2f2)!5}MzalNu|DpHFQ*kqJB78jRJ51n`vOP!zhtLw#pPf^lt_qE zQ&WYm*Q0@^Pi0jVF|RF|cCGa);4quPbZHN8wNd5+XA~C~*Kz2=e-ORr-SyV(WnJsW zO1uBeSCGgcioF5AUdS2~5I-s?Z2id)GaOLW&^SA~zdJH9 zGpn>;eV>$+e{7e_%kX+G6y_r7@S3loXoocXAQW1Py(!*txm6a>&w| z*FQqF|2)Gy+Z@VjZcYseL02#N)CKrs?vpiTi?4S+;gLjc5}XEAG4)=Uu8iE|??aC6m49CgRCiky}&^unF5Nx*b|EP z9@TsmZ-DepsvBTWz0j1j&E^BixpVxQJ2 z2&cr)fOlu&_i|~0;kYBy+aOWO&Wqrn^aW1eVk_Jy_Oc4=o06BOH}_L2_IcdZ#SFt= zO=Z92V6J$NuvyuZ6i4bphe8Vf)x-ckS)fG>@7AGXtLIqms8PsG=)3du6Bw zKofhx=N@jo)RZX0+8k43HSM_Mwsn$43ICpu&?ZUEz!0o|e>1&5TNT8hl8a!#kvLOj zj&0Wp=h44AjfX960tm~VD2p?H0Ysl4KYw=u<_ z*&G1~Y6w{672F#rAbGc@4<++*8h2v=t@@$Oq2veM0UsRzzuvASn}2-(*s!oLk-E`^ zg~7eD*5Qk3{SjyjR2adwafeoj0=umBPC);RzzD@683QtYLUb+^Ss9SAc#Os2Hu|=+4dO!~`k$X-cJyp(o>MdufN8bvU zl6mcDxw&hmZ>;!`c)GTc^E$1DEWm!GEri~c&Y_53+gMMcH! zj)G4IRC z+5jHl(#jfKpKfG~q)+c{0PdZWk?|y`vpw0aMG6Se(>hL=M@?r~={|S-GVv_Pi0MjY z(=zYgJt5SwfAY_j>^?Os0#2a_)+7*|cm)Im68N3WW*`r8qlgTO6usj+pLw7ND}K+fHduX#L93oTCop)1 z(=EUb$~~aAOawCY>+fF5BKrUrcjzt8&Ib2DG5|Xfy>(XYws>@Pe5T$qTaH`;Jxgip;S?BG6L4Xha0Nf<#JvH!N4DjQPIjb^q zRWNmP-G>i;6Kc*0TwE@QY_`@{ujD9j$1iSALeKAS;7WIU(4Kok9}@@kEjp|_RnO}v z?DzMnaW8uAwWH)!WDH=&9$}JPT^Gx-mEdz#>LSYKZ$GC+A){MZ24SIVjF+!do_zb~ zKV|{qyy5S=yCd&bh;F-iU%hH7ByDOdD=I>I2@sF{>y@MSY1Bm^Anz|UL_ZJ|R0`K$ zBQ_u(&#`Q&3fwS$1wQQjO)OsJ;0Z6^LXvTMFjx6sj%mBj#5Ihe%F_=PN7f|}EOI6E`b4+x+Y zHuF55B9s7N?YeMO0)bz>ShM}+V$TiW(3;Ke+?-~ED-nW+27n85U@NroGJjf{|7sjqGwkoKW|7>+L}6F@VM8jvLZzYikLDE-ayhtcMp3WJ6S5 zSiX9Y6=`W{6gbT&02zJ2AMp*m9hGvuaj*0_TqL1Y#y?}^I#~PqzRKm^L0-*e?Oq@0 z48p-S81SzC7hk+mApI$uZaHS@q=ijz$(M0Z*GHH5^Z50%#ZOhcdA~u7D&Sa47v|Y6 zkzUZ=bUjS1vT?@kS8V?Liwq7+Uy_`U(&CxFe(&-T1{xkBbi(hVWN8yA6N!lo{y@)8 z5>VIg_@E0OBfc;w{dDEbI8rzc=Hs(f2A-^gavxz*37hG8crdG};??cZ ztOq96;08d6S0ibBObo`J@1TLH%(GW-5qoer*-6X2{;1Dn8j$sQmQpO^dU_2j4UH+t zoihBO~R>g63pJA0=eb zYacVm{N_+X5ZPv)oX=(ruUrS?xr($MS3&V0+5F|@r3kMW0xqpd;{k<;XT5>Dwl?V> zsEik&IoD>ry9@n$=Qi87%kV=Nr=wbDyH=O9?l9uc46&fEvW&w>*g|cTcgLs{KDQ^U z`+Bw>G&D4~XQKC<<9Q0^-C?rvJAk`;L&3`%OW_T-rvnVEtXtEqcNgVIJ*yOS$wS@Y zyi2`64(3Dn#qzd1f!!FTZrNMVxI4@c03IMPaZkH19C$3lD1cN0p}`0IkS2I;a;6&& z#4%gXRTn7iy)`$d<6W=^Hgb#rWC14Qxxmyxz5O3(B&~c(uSV;Q+TEqyecS_peSF>F z1zqg%#}@fsSSY>)ZW=ZqJ~YUrSDeAq!i07zN@|9G1Y5sh)Tq+b^hbq2y1 zvqi&5t2#{3XK@*)nX==2Yf9U0qXl*d0jL?ncA}z|7Jv3dC~>hh+N-A@H70R5H8kkS zk&^Xo7!z8Yr*Yo&OXsK0o~_%BeXAHuEU4>*0Zm(Q{`Uv#P`0)ANXTZr^MaR7g z76+@9<%u+0qg@+H*~)Cm&UU+%e3Wv#tPhJF5UiKS&o&Gx2EzJpI`8dPe7PFod_Omn z?{5eYCLuki)6?=D@c8Jf&K9gs^NoQXd=jaL?dYI`x!B|>AVe+07ngzD_JlGfHkRFL zis?o0Q(awQSn|i$2M?f`R#}O?jCkF^7SqAP@QNNm+nhX@b^TTe57^Dc#f3%E6rIJlLH1-}51uOXk=)u^`(Fip(R9XDvzh>TGc`3W z)^BYwxC_RmOW?Jmc;Fn7!k0uoH{s4CU+^{~s;S^B-KmKO2Z)`DMYU;AKmzOYLd`zx+j`w%)>gwuq58Ve^rES+7`;b|0G((pLD3UHL%ts>vjPFnyodt-xU0itU4&kHrR=Tir)+hoOhBe*sR}P)r|kB; z-_gXQuD}*bu2TZ?U0J&i6Wb^{@l(p!<6EAJtr!oLQFCg>`*2V$?PSl{D z-TnQ65YjrmeiV<#4Z@3dXhf@{ni+tC!YeC_8mH;ue5@Y1+G<&(@YPm#xL#Nw4?hhc!2~3)d_W~Tog4Ltg~w%*($E;uk5lgj zFcaYJKLX3-x4_Ix=W`B=MR4nNO__WCyDps26gEeUYLG-4XNzQzxV`;1ARHsXWwzK1 z(tOk@JVth;&(@&?93r;1jDV%{w6#EuIJT5^Spb}4Y8VUv)yyv{!j(xpX}Qtp z77YI8542zok z{1Kzs@?@$zA6y~eO;YP!63w+qS>}6u%}dSB*NmgP_1S)TW5Qf^f9C?-ypxbuV9iNE_nP*_ti+H&&d(nBizXI;K z^;r*Ql}-<=!DuSH-ZIf0fSwG?N^y{iAesDF>JD=;t(y9-PdOlys z4$J_hnS?(ftrp~^u0xCo*dPB)Put9>J8m_y-932_N5DvOJ%I$n2(|!Wz~*t&$?*k( za^3MKQk)Q*DS5>T%N0(*renSHRv^}~(HjD6d&Wv$B<<#POa6t0&8MAkW^+<-yL9aj3n^t=XV(-A>(GJ-A!(-_@BszV0 z9DPB1jNRd;Z9e4%dcX4^cgQb4GfAz`{yr`p z{U-G9ABh4Z+ok_?Hqm!!6fo>xA0+an5P2>5_m4>Y!mAXJ=78TbDL&x&{oNwkXRrUZ zaVm}(Y_KZEtwY)Y%}?Um09v*g<-b4vkz3{8P08yh$J&=NT9X0zn)PbCmu(9C-&Y4) zy6ZI-PESv#9?<;V&u(Yo#=`%uqxp=_p}JqOHh~c8l@{RG0g4mG7U6$}M6w%P2X=TL z((*$0_sG^Czpj4?1?F-)NPK%FWw2De>3+y_{TI2-1seYvusuEs8S?zo0T`U|cI%Vn z76|I~N()$Fo@lE8UZA(L?as(nq$n+RzuDiX`eN~r%*$T^m?bCm!9T~qt^yz{H2^+O zGX}=H2q5T?FMtjKZ;by>53~Ayz6%B7VDU6Z3`opECZ5=xEgV&UHLVJ_{YAOb*R-_3 zfVAq<-`&^oO*xa6N9V`3N;OV2bh-HF@k&er&9vPOTh5ki^L121W<+*PO$^|lK<0wC zGce%a@VO-av|@)dE-n9nD{K!8u2`kUq}{&OY>s$I{_kh5gN8ef(bp4%iRhXF6cE3S8~2Zt3VzAS_QP6T)|>Ay_7bHpiV zqk-(pKZb1W0vz}+d%Q^c?=9TqyJw#?jCCqCCCdy8FhRm{5pR_Icz+_kGPeHrOsNK@ z#C;_B3NMVcgODU5QMWVif7tDRGX=Wz>J})0fA{3RNQ7i4;8e?CtdLfL_3eg{-_GAd z=O|*yP)?CW5VXe`Z3qG?o-Tw~QQ9#@k`K(1NysV$2tz8uR^Prz=O5^3fR-d5)pnqr zwqg`V?19_9UL4te7A%Z%?Rx4|>8U~Z?2lCOhvi;?IjTGJ!vsn6BCvHyenLubX>s?J zIn-oD{_LR;mcYY+L*hK2bQlww@M#kf3BLgK>rZrQh2*mf-Q11u8-~UKoW3K|-$04U zk`HQ1H&}C8f53Upthgh2wjdRy*l(+8NW5+VK9)s_6V9yVwEv7X^hOz;DU^vw5hHUulg3#*WiC`L>dOQh@w z-a@Y|qmw~bQQYRe;|~`e=tv?$?c`m7#tV%UN=n}cx6Ex=bQ@g?O5?%y`~IrRKn_#ce9)$_ zUz%eTG>9x;5#%Ec&6u@%%j^4yAopo%vkw;rRnp7A5gEqsbnXFeNcOv%#_I^M|9<*>N*-r$WREUN;iOo2K|8V7})U@sA5>(t1g>!*zDMt z9vvT#;!hvjQqj6kLGstRWuF|rovK%!>bO&sDX6{?mniUqn{$tt`h&~-b zA}Fy2R-SIPr!L+qV%858HLa?-9yx4PiJfY8X{fQ$bs#K8C~}^%G3{wwQXpHvEs-BQ zsh&Qg8c}I5%ZU-KZMQgxXa)hyvKosX8`G&?cZC3b}Q{!eODy^L=bxmEB#R#S=z4FuN=m!i7Cs8AV)B9W03=1@gX+xaL4UKcG z@pI`{zXSEBD{C4Unf3DQJU(5_wA}EIh#%wvpOPO|sJ&Hw&sdr%hLL`?2h()gUlB#AnX7 zicNJnX=d4Yslma~;UVFmdSk0*I&iDVW-BwxIi|*Ks(0vHytr-8`BZ{wzI{}U$z00x z{Py9Z&+zoVnufoHUTKDyJH1o_r2^fdM$@87?Rvyevl)lgK_&Wh<5EeizWrvXs$+si z9r4L6;i6ti>xG2r(cn{ZQC0b9(_hzhku^v|WKu1<*dG-Ko@x=3e(9iWA!Bi?y`*Gf z&){Tl3@`>Q)fr_CH3Q~1Ni%=ubYh)S|qli zDkULb1%wXF(gqFFh>G;M!o|(C*2*QuB8NENVIzIunzXU?92KN&um8SEKxpbP%=E{;V&|sy<@($-h)34;->=)M1xo?7iNO`PJA278xc_+U~tY+0LJ3-NTXW zxtqnb(&G!=lumB=F4o+5QsR*A$aiE3x-&~zW=?y06U5j=NWqazJmVao+Xvbb6DqwG zKHPdUEG)8oljZwD_&n%O@K~go(sKLyF5hIb~eAC8}FMcO` z1b+Ck2&)JEa6FnI(U-uz@(2IzOk1hxSTwP?Mwum%@9od1_A?q8bBRL}l72L>Jrv_b z$<#xTy1X>~L#T&V~hyRuB^sY;XD7R-p_$X2feB87CrkwV_6wX~H+ z`Qnnqr$U7wzzd<88~ui70%@^^dexOQ;J`G%)0_)eOhVdok2eqztv1GrABb{_qut!^X?Gm8A<8yvjrfGEwo< zOLmG*%6Og|rdhL)vy2cfj)Wx?X2K1IPY4gO3rVVuy)dhYE`?uJ#;dg4AJ}>0ghwrM z7ArxXT*8b>5WCotD#2ARZVC7EvUTVOpl;$Bh_X`AMmXgd6#$szi|-o+*hs91Mu-v{&dd9iP1+jbaS1PV(Rv zO&synWgB~rPOK+%GL{%aSdZXSk}z?{JK_Q}nZUr(g4q_%WC33-5aX`TQbv?n;HJPi zC{mhu$=yLpdgyTYb9iWgkx{UoC#}xy7d0Sv#eTc$^OmQ-06tv{xaVV7BgaLVnN%Eg z9tjqj0v5`QY+WGniC^6D-fGYegZK@KS7;cv=(2u z5vwh9L7~XoT1Bp2E zApFlMpHf+nNpB)OVp}wOER7C&EHt__q>FD26EDm9~HI&?Z4t9nl*hH&g;W!2g=y{mT z$T;2!)x&!6+!P^$JF(LOM83aCzJwY^^AvaRef+(cJa4tVoKd-PHgEj#;mjY+E`X!# zAj-RIrw=CJ!>#uZ|D~hRYOKwbJ_;sw4`z6H9^zU7c3LhEUSC|dH?PDUSFa7y;!GTp zuPLhSWahRTUQJ?8i&C*7#7XFmNw!aNXASz( zt$xNsSPRojt#eMqzQ3`}B;pu3qdt&Er&FE`C^ec-}tUa!i@N(_cMfi=+t$X?$9{7k!X6}aTy@X->tKiHms)n~&z|15_;&F;ioc^^b&!-6 znic$q3jmeozMEsKcf;}n8)0%6Q9C_zVaX|_r7LWGOJ~SDR zR@e?XK6ckNtNO+6$JaQt|`rB=Dtof7i9M#=b`F7Bs^0!7Nd#c&&B2llPF4i|ANmbssz=SqS!dx$x`WFin3p@-wCU4oNPAU^w9ZZhfTLMr3==|P7X|{*Vtp`7-=*9-v}+EN85+E> z6Omy6@RN{$4_inG09w26BmhK{eqc6P0%c7rmrb?SHSWgjO$dPEN%R9idp~tqvy5FU z5^wTJc8@g7IA5w898ve&=YL%(>;D-H?Pm++{n_gObvY~4EQ+m zFZ}SH=)Z8Z|HFXr|53F0f8MyfODW@N##t{9#>*_XCTr5S83)2?686)hCwAM2UfY$# z@B0-TZu+8%qpUf)@tn4=msLTna?BVg4-Kq;LMIhRp|4x%-3{kg4JE5jhf+7HV?ub+ zzC|p=iS-nq(=OB=eZk;b90}&Ha(aXl84czuq0x*m5WLpC>t@&Z(~EX8<|2!X%YvH6e;B{=SZp~Js7E!@3MeiB5I8IyOjb8!7_$; zMhoJX+D3nlmawgEn{7?yt|d{q%Sui*TZ!r;Oa0*}!qau!J|pdqHTI|t?t35%W8M3? zHWacya;s|D);Bd9`BaTBm^St|JF$pLt>@|v)8e{a>QM==vokGEXT(#U3=0LeA_ygP z1lx9MgY{QhqS*|##i<<3J)PNoVh45Xr;zp&GVOVXoBW)q@w+Y)VivFc_Gn57-)brw zcw6cEW*4koK3E&yF;0H>;n6XEyM*7qvs>UftmoTng)+6(cOv(Y9Ve3lfMYiOpGiQz zva{~57Fm7rq7p=@roV$yNzGpe1`Z#0ZdGQy&L#%=qQtjM%N%Opu-7(IzN?T5$D)1Y zeBV%_cVPm4ylrw^6haB<6(XICr!Zn-lZb;;b;z-+j?hx;!ada)d|(|I4#J)j%Qs34 z9p3BIA6zK2^UejFl7aT`JX1&YiyV7tqWJju#cB;GKO!Sh3JVMC4=V?)8q@$L8)u!G zs3=_9;}+dqlOr7zgi64?;>H+7F1Za*av%i%9e@oBg5+tTAh}{l78BrXWK~v1mX^}C z-T?U8S(s-skfgr=G#QW#o%P_Cy3N}0KYzLb0f4cYSvJ7BjiFYw0n*eq7sJdq{f+=b zW!xwl!ax}rfiSZ=02Z$?kVsT7UtH@7a9;I#59C}SQV6V!bkR9*I6PD!iErZzw(bMHIV$_jc*1E8-)v@U;YE zlW&)x&*1NA!WM%<1h-er_XS5KNQT1{w;0d)lsiF#xmH);^sK17w7VbjrV>)iQiJO{ zMK#suDTF!3rNx`IbYcR1n|GRZHltyoXI=h5%F%F-5=aX+(IoAuMFy46Lg2&if5FO09WOo)5=s3Z0Mqlgdm*JKN>Fva7pmYbQ4|x$8qscV&sn zB0H%dM|L+D+OoA}y5OvRE8I2B=Dzc9r(D#zUqxEI-zhSBxmqR&!H*?yc4m!MTlFQ< zvpiu(F95V0w2Wd3E1AxaCMpU3K?1y*T>b#9w+O5SyJYfkBDK z+2TQe2>KcgPc$f2y`*@~CY)_xz{#cmwl#@$VS>WG%_AV5P&HAdW|M$&{g^5#X;AQP zvMjN;&6wOP>hSK0hhSc|gJA`28(J{drcSo%i>~HhuBPGk{&U_dU6qk&gRNgBYJ2 zrE0_RI+gK{otTU`QKvQP(q3m)QT*PU3Z?k)J(BRjJn!T4)rpJ!cR906LHgvvq-bOX zv)1*=yV*kB8@_z+G}`h;;T_x1@bmio;C80JD1|M~=RKm$diMuA_0ca?0MC%~x*`ms%|W0pi`75- zO%hfPR3YKK>zB+dq=Hc0Aw&t>mD_i~WEQrV0~nCD=bOUU$4i3{HvVRR6x>82gFY-k zC)_?=>jE+Vs}F4eHH46(L$|cpCqfJ<$PXr`<(7lVhF{Qj)q25|AT&MQg}8@K8*?kEn`KG))PVf z`nd=~>vZqE`eZzFT{(YxvjLvOgHw7U|CR3T1fr_*X#-B_Gw;hv=eMfD`bNj1PTaim z72BfwH+d&!j4VPdD{2feJviLxtQd%7p;4@`i~>AG8{xr4S{W^@xVs9BSve_XX2!ZZ z8I;gmJnVKq)66*qro4lcs*0&5Bde^4@6TEmFN$t{erb&7pL?=gus}MX*k~MF>-kPy zktN^YjGeG?Q2eH}Q0IQW#qB163su$0y0jR5yDs?dx=_RG?(2ZEH2-;|dS>3o?LiOu z9YRspw*@mY#S1h255aj#SRUIcdVRJhRU7r4Eh~xrag`nMvTPkYo;LAUWy$T%&IT&Z z!?%miEC&*m8%-w_wk!1UQygt=PbbqIld7Tg86NDm%SMJz+X%6=*n<4SPNk*&n?6Uz z6vG;_4edn_w^xo94>KnDD%TO7-NdEj$TpQXp=ftOR`J>m@M6RsH z!Ma>7^$ng8oBWrAqpCVpYWp8hwO!dX3<(eW+s36(z#t?WU{#P`p}h@OLZwd%d!^f_ zvllO{^9vN%6)+Q%VpNqu342!U^{OFBSG+C)(L+qQ5?z>w@qZ<6192bDsT@geuqS zcnuNAKsaS^cwYu}7HZ9B&6prFsMdTzsXG63KoQLkq9TC;WF%o8mn5m~*UGKWS7mAY z8Fj zm+pLgd$%Mbnqa9&!8P6y3cb{~hc#+>ygFO`Yw_9d!=F^}fb4>+Bg2qlplt_ufQ|Jh zKGv;U%~nd7*!$lZaa9?(6m&g<>+&AIIKd9z)E$nTD6jEutU+L?1^ z6fG8HA>WfhK!^>Uq@$+_4_DxTiSSLlm{Q_I!irCXJcZbtYL}@+3x9a6SA8tA6Dd*F z1%pQE&(MomxCk~yVoCWzz6qaVhft1xYXaWeBy~Z08Pdrg27S3aR5(P5LfY|qDnFZ3 zy?hRA&9;YtKzIP4H6paPxIK-T2t7FP%#KPv5! z6yQNR^ST0b27tKn-QHf(_5s2O2H3?AxvPIn+c5|b4JIWisHhA8IvHocp{k&v{>z7h z&><@3%o?WqyyWEMz8a3;0S22Ss#`5>?f~lflrVq@7oaI3=_yV$qB*hdG>xx6706M% z|E$Cs>vz28Wcd0Ebcte;S}Od(lwp!=aZr{^^e_Ou7~RKikhl_0*1EH}>{!aI+fKI15-!v`E&0}1`% zKn9QNAdG3>>x#na;5$X}?NU`T#vM0UJjCkLEw*!s)p}TqhkH;dtxpPc@r3i@I+kwy zm?>9LZ%77S5Q$(F>cqQ)8|6Pu~G-(iB#$A{qWIrGW|~HrDpnE$6DP zJ|p*^KNcjzD|$M!)a!G3HstJF*lQ+r`6yn+)uEV_HUIEz(C-Xy6iijdFvoB2rf&&F zl#51x2YO$3xO2bw9HPIL3DvB z170mSLg{taHn(uEuuhk*;;)_yOfgi+Y#v7)S$nx85%!2r#`EPn@8f}l%+V+8P?TQ_ zr&rDamf?0{sHmSYt8prjI*gc{WDlKi+2>-VqnyCp?3PW(KM)1E@Fj-iqP0HF8#cy@ z_k9(YLW5P5m#Rtt=ir+1^K^8B7*%cV-15gM&T^6HaJai(_78{qK5LMlL1^2!L% zq5}MK_gHK$4|c&Y1KM2WDh74r>ywpHz;GeXc;z6iF2J?J<8Xl1_6>&V82-mj4vU!}lrxeaj z6Gwlz{Ei)(P=!bU9^zWS#xBvr?|{?IXePh;QTkjn?4f_!&P^Ly{%v4!$##Rqz9Q4v zjN2<~kGGE*oR@p|^`MSW_bhMVy^w2qdbR2YxFt+$S9jrS+dWDInaH{oD1H3~+GKe~ za_gHqGV7ah2?sMv?P0p*E$Ro!(_1bH4o?lVvV`A=aRoyZe&+)W1|Kv0iZhFSZ6vN6 zkWbh>B6XuTEf!zu@4mWH7|ty+u!i~AT40Ag-+w*0k^F*pN-DW9P8%xCJH@?2Mb`$k zHHF@OMif((`DK=GNOU*`=cO{gNh~yj%=1T{*>dio zAu7B4QDX^tk0F2h9P8s&*Wh~xM~+6rwfaoRF?8Q8Og2=q4l5y}q1p2|;ZSQ~ku_Y3 zP%>q&^6jOvnDr)9*ZGQ@&il&K9I-$Rfz64g*pNZrXqA;HuC9?b)pH$x+MdGA;F#Nf zwjun3nHd6`2$-j{JfmBd!hxU_H4)EHfj&0O9 zU_b;C4^ZzjFD+~czYK}R9eE#K(Qfd$uPBaNyDV|&OJOgw1r{#(Fqh4#VfP^N`u-;O z+7K$h6Gb1Ju<>5h=2+$*l%^=7Il_M9Q?Xmsi+CYWAM9M!+Zjt@W}XnZ>@FB@k=5|l zqztbQt-x>F7&uB?)ewv3MWF~&QN2+DuS^Vr6kogNu^tZdl9$9UQNdOsnmY^(3k{|kMn z3>Wd+H}T8GM>@7a=jWTOZf=(zgnK7%r`{1vE{r2#Lth>N@QU`wusv?I zBE_=5qT?sM6Cma#EnPjWuPA~oJZ?Xdi2C?hD7T#xR@DfI_P%`V`u*0Wu@q2#Kl%fN zVLD8T+(}~ueAaFtg0wlD?lo+4$zr*)`RGBv$K5xaX@>l}3r>m#y*K+^VJDk3iNmV4+@#?_8SWUR4r( zuj-hR{bi|Fb`*boIPurxLS}>$?`%)1y1Ci#5=`t@-D%%f+xpi<9@9$8&X4Y`FBCMY zQan@Rph^5X+wfv~@)|pW|Sph6y3wB4%IZ1mJ_2DBp)!TvC8|Ah( z9Lw51m6r$2PR1nhQ1RsUfig*fQ8LFvZnzca=9Ii7w!27Em~X;;)($|nIwmQcg_*B4 zweUS%+|qqXQR4-N5yzxw%9tzKF4e=^MTc=@0-SG%Nax1jL!2|C*Rr;2dkuucU!%IC z$O4x_X68_Zu+L!DoV=ape-+)}7iDgo&kFmmb9ik?O^hGbG)RQB+RncqoZ!RGmaJPfhjQgYSOe|RV7=S3J2HkTY%K4S#Y1BG}?TUjqQSkr)d z1c3gQ4G^$?1%v|lP!&qS09>*Y>m{}tFGQMOT514j0HB6aIg%inTsZ{=jAoLAlguF6 zbwFCC4OBgN+CB*LeAGR@xINndeB|B65r24GBU4j8d3hkB695!`5G80hc0~=Ks;2Y2 z8*H$j+yhB+T%j%0S@!MOz1B)3^91xZEN-`7A#o^BU;;aSNSTT;@RCHjWp=+i=Pxi9h4QKM*94=M#yd&JL)Eb}%Nwd?9lpP| zh7w#~y&R`@J|cgZU{$_3eKozs8MYPVIAtgpbi`5S+D5y+GPt~zq3PaUxJ?@x9hy;F znix}O1S|#2Kc}LcRuO{Ur#=2i<8b*wGPiQ1dUs{a_h=kw@kE$(;-+jUKHOA1H_>@h zrxZOSx7xf#+3+>&np|RaSd!~u;a8pe5wAtt zK3c1{Nnl)6$93MS8fL$!BlZwwN_$&zYr3SvxsN|SoMG|-UAsIMfe!OdxkV%#ZM zsB_3JZ4%#!UBU%tM=Ww2>8?c)Jt^SF4CiB#!c=Hq9#V+FFJ}JAwvFBP1FFY_*F$I( zRzH^KT}*LE3;rE@b-ZG2 zcW=e&TH~9y@tyaM?(@x;qza;8*)eqwH+K)!8c%`DUsA-DydAE;d4n}RPaEMsoA~~V z*YBlv^YI^XLl>h;FB9h98U=ch|GB>8f1dICZYg9*}?w*r`h?x-qTcTV_pe#Lkf=0 zJu;YCIred6iR-RTA*6HGa$}sv;a_x-tefYLQvYxPOp_$u9OkEz4OP|lgf+f-rTQU| zjkr$@qI_BZNC{B`dG?&{&0L(cc+91*qZSGGE`3)=AU+1ur^(cFvkFk?tX?)%q_hlq zY8x*bDk|p_-$nU(JQ0i z$<3o0?#f?UvN%mM0kRTJki>WQ&+zuMYPl*i-NbUyJ;uHztd5L5?y}fkyJ#ssSn=0= zjK4ntoON4Q>p44auD(0uywb!21-}oouBG(+bzX(5*G^xLaJ0}$BLl~*EMJ$&{!1A3 zGlE!MUQ%@>9eDzDw{)8X>(gsD8?p`5zRMtMPK5VlXXBXuxlo!xMa7htmMdq_h;5xU ztLBu z-DU>dn)^Txj|+90b!N>Qiy2Hxo8N9Ee8dtb01fkHr=@lqPs{OBlx%Oc{mq?=IC`Dc!epZ%ey>rWnnV zNpoJaXvB_Ie18k~(*JT{{&o-!C>abW4ZI2|^8NX(iKC{1uny!H0I0Gs{L1ic#$U5H z^RxRvNLW~&HdbkSDwo8{Vgn1uopzo+-(FJyb6&s-e&W@OaiWF?^-|rP(|yt}`LdQ2 z0uSI7?i+{!6BQL1mm7qHVrguT7A_>>lNFjbd86#MU)>KjaQ9|s4|UZffLd*gd$xkh z5?r`AqJ93H5-Y6rEKk#6T%wbgD)$%elc9HWVUv~|j_gmv#qQPDFC~|oWo0>Cx?OuU zb%=RMj?dsH8u3ZHTjss99f#aLPj?c0(Y^`XwtdO8q}jfZx=Ei=_BaCPhblWKGaCH+ z+rGV4L!q<-Pv#bO_Sn#+TX7ego$czEnXZzmv!dtA2FnyNPg`9Y@c=GSPmkLMyA{>A zoz!vWG*MLBAHWUgtU7VJztDVQ zeY)*U4kr6cPB#IH!RQM($6WTb$3K`Bf2>ihiA`T~1(l#kC;%Mi;>wV@e3WWj88k-0 zjtObjZ)TZV=s|j*xBOKUah2a|sNg@^IHw5Yh`a$6e$%0r3?QhXFz}LDHmY$jsKT-q z!h$aJL;Z7h!3qoO!W59;>pQ;bzX^ve$InxBt~76}cl0{9Fnw3q1{d4sHs23KZymZ(InTm3WD^$q8E=MvK@@z#g)!ZfF^l|6c15-OXX)?7 z`z2U|zoVG(s6qwtl%v_cF*{7!_0Pe>*8B)8;603*YRNf*hC&x#5Nkt~86FLN#z6A> z{wuJsBiTr5QYxmaJ_JfNt!3@CwBtm(?d#w!oT*Al%JQ8zVTHLF-^Gb@bEiLa<>L?0 z^833feBOzZ#(|v^sVlE=KQ!*p#qyU_8>^4E4ie44#z^p!TxgaPhi>K1kjVjKUrxcao8hQmnZzj&o4}znUDS<;SSHF<~s|F@Q-@s47p+?S`)($UI#K^D3KKD zhkwRwSX7AoC1@>WJWn_>of``r(D}QMw7&dG`qM08TAB2@jbhX&r;AeByw(9}8ZS^I zYooL?ePTZ`(N}JeAVe(GEKf*$Sf)I&{&SkZM^a=j)oyqUlR|N$dZtpD&aykSbp{95 z*D-r&MckpV`gJ@XNyXD5F(YbhZE?6TBPlnfOi!eVL_H#2jeS48&3+pa_LiTYC{wyb z1`+j-nb)H2i*S$iht8k*%3T$CWEm)b?H_OeNnM)J2Cb5af2kdTyB{pq@)4fRCpRC9 zg|K*NUE@=RkzR1Pi~!%%#UHx>5oaofaa(7GQT70NB{AkHt`i+$7|@(qAHU}XclhQim%Y%>h?1gFR%&&Q?H~4{AsYv^@D&b2c-WRyx>(>cb8 zr4Gaj6F@!C2KNUhHpgSNqilAU2uUVXDYJV~OKY{aUM1Sp@`=ZMm!fVo->ex~c>Q+4Zd7k)4MGzwHWYUx8c7IZ;zcz2EDR_f^ivll^8R`NIwetnBVJ4&R#;T{ z7g^HD<@YA|uRj6*HU5W3toUz<{O*592MtQIvroxgUUE_cd=7po&+!j9MoEY>R;@m8$iv@Ft9!^yAGeB^FxZL zndb)iqt=WGxq<#=vBT?BIaHnvNP)!9<~JdhZazRM+T!n#jkwRgFIOjo^!J?~0`EAP zpuTp`)vc^`)}lVjwuW7Wamue#GTA)Q=7 ztxtt7*t&iJS2t_7`qf=ERyUwa?d6iVYe8duwN%_{2lYA5F+!dEB_fM0R`&&t&GVTZ zxSRW%ZID}kzI5V&`2$i%2U4AI9jM6Ie7|4hcDojU!X6m9T}IcQLY-!1+#JXE;P{Du zc^|M~)1h5V;Jxxiu0<&y&#G~slf7hju;;7Oo>9rc*AoiIYGA*Yeta#s7T25e&g+n( zl!3lQvQ*D4QgVsp)$R&RXN)lfJjvRI!2G(FKo!?V}94(_cz>i2xP%;U;Y zC_1b2e5iXoT6z9bqY~nI7w4IvX0cFfr;2WCUqZLIF%n~&+~yRdS2IZoWo)fx>*6BN z0CEb2=3?!vokNrcZsOq{5AAaOV0~uA&K7$gf`$Im)yptfn`h86CNsU=(Yq{;1s1DI z{Xe3H;2ZsqqsJL-;f5y|tIPPMA5*u7FzbX|K-bOZ(4qK?WF-lv!zrpCLoD@91_fu^ z;L0fK+PSnRxI|x{8JiH7daSj~ z-QV4wY8h19Co<(KxXJ6msT3*%5yTO~Pz0nO-u8&t{U3spER%eE{0}7St zCBF}@c_V6k_oA_>2~N_M=Z#jS3B18bKV88{a_uwWe!^$rlXaoIp6(Vt;bg0BJ9i*t z>-SrEN~Vct!!L0*y*2=io!#w&Q;_fG(Z}Z1+0mb&CPULKoSlwuA0yS4I6Y%#{nc>e zo@n~o2ZDl{N9(R^vPyF+Hs&YgM<~Ai_T&w~>kzp(CVhC>b>ocEGWazov9|ocIw;@% z<7N{95m86qs?~&WO>&{G`*BDxC-rjwk$VkTLtnm5etP<@1Ej~#KT-~LR1|24fBSm`rL&h&Z~KzXGsSA}@p&W17Q>3T zCE{{g#b#}FwuPQ>xx0q}p5LbyM3=U(0Y2=vj1YK44Of7LDiGAKi2|`X{()xD z0kq_q<&}3)wCu6TEPr$TH`Oi(rx(6K+r2Uma75L{4}?K0cQ7a(NlAn2{h9u%FZgNy zUf~OIm4FaBS0y+9vFklGla5Vpd}AX_ai*8pi=C4Bc~`5z&T!ZCijA4UX<=fC!JuaM^XPQ$TY;CDrKf1Jx^K`rpS$c=3#QQw&-8hlv=@sri7g01szKk=x(tu8r(YJA>A(Q0!~$kYT|d9-lE zbRW0o<=Xg>lfHj_(>>i6ZXpaKsF=OGs!Kd3&G_D~?KDkH-kr?pd>+8jOr%7Nj_O^% zY`?6#R3f${i-?Mdsg7aLOgz`Qg&jS4MJ=}j98<6S=-UA4EL$S~4#s^r47<12=JNZa z$N{o!E0K)-*7_ZdM&^57ieB*d_#SB;SF=H-gbEpqs(Z#xsNZg+@O!|6&xModGGD; z@SuiByv%91UUOv1<;9|ZTVr^f)f{cR6yW#c#?X5(<^-dugeZRSczCsR<%*BV>XCss zgI7X67i5-cjwf-3>|aZ0?7uBfx?88e%9*(X{m~}U&ef96zWsKdd@-uYdo$wzwvzvd2Rt&Y6>J7ZWH|BOq1vquc7%-HnzeFN#=aLGG_ zJIG-%`!lb71_2!R-a6tOge!k)w>N+#@Vrf%*FEE|YHRA9CFOa-htr8?ayOx-g-c*G zVJCGyr_^Lk+Ts+`<1626|IDK%DA-%nqz7K87)zFRI_5EjW@39d*10L`^?bfw^yFtB z>#+7Xm>sykh?8&rW}3XIiNnq2nwcZV@XK-m`{BkcB04J8%)?afOwc{yGD~acA%P81 zCrrWpaf$I>DdgUow_Cb{-_vau(?3gh^Dsf4o8L85eSOsTXA4R>=XJ+trlw}sKeQsf zy@=ZUqrZr4nSWN$pDYhS54>-64y+2+zx}gLJ&iS?jc4F`hrIa0HMD$`_xl*(SW%+I z{uHAV4{z%*@W?SUygoRS2$!(+$9zsqlqLOf&l$qTu=JSNBd`Jgo>mjj{HmP z3)eH;BG`F<8Iqr$*>MxI>k8)nNwo~$tu3$HQ0(m>hb00`bY}$TefV1c=rhcc``%kf zNYj>uI;4bv>FEMTHI2#2MR&md*E4?v#F|L5D&oEFLd|sEYk{JP zZ-KRYVvT|VDCF?{w|CIQBevC-~#pQO$z z(xM>Gc**P@E?};J0~eR(X~M0zhtA`eYOW{TWb~HpT~u0?5b9L+j!G z>1{F9IcK<3x<|&xGv+@9ol+6l^eTbplyz`fAZRE@jD6l`hOLX6|Z9Awv19Axpls91vf_8 zonJxt>qayUD7>YwJ*_c+VTmGM8JTKPYWIGiJ?0-cKeN)!vU1RKY0qRfyEB_Wi6`4MLaR>0mdx%dp1DXvEuitQIBJkF2Z%(69t81d5r%p>+ zIdkLk_y>O2VC7Lc;39!q2QLH)O{}ks#qY#v;#+Bu*W`-T_k&V4pgHF@;&V z3B=LK)~RB$bpPAcVNd{25yM(oCH7yftm(f<>d%)CXy zE1SC0(E`IkRZ~-vMMLY#@ZbCBA!3?Ih32g*q3V*iXB&GrC#$1>c#yRhUwuZ9)|RQ1 zNldyr3s>|D^JQvo0GAEUv(9LRX45}11zlZVSJ;jG-GXR3bCBmJ3?akRLg@!cGj_bP z#M6Rzkr2SsZ32iM?H)`99d(9S4kvcm!Lio4xOur4RQcjU`I`M%trJJs^Zal~g4LLd z&mmM_lxg%mMir={OSm~F@S4$HJv4oJ4e{CM`i&aSpg@D1utQZ?`UEbSsf2mC_789wdrjCFVkgGBCCY^h=mIIDsD1;B8UJVsa<5$S{+^#F95gmwF+#YuNo%+y7Aue`Gq7IpdissEX4TV(ziCPr)2{3#C%q;if&IW*fWELDh4CXbTGtYF zAlt0MLt|n82LG#GT5;5#idg_lF?5QjudvD1B7wrKSLrpSLT>hZ>_CIelHPvyBPTx+ zh_Z+bjk_iS6)DWJ&3bv|TI1*+>G;x3kKV#{TU#))A28X;Bzh)h4%o@Z@iKJ_-cw{B zCUfJjT6lLg%k`I`vy**cM=bNn_?TRmRxDn!&z52#CN}$ZkJh$S<_}~1+se2M2PQMG zJ=e@L8f=DA@T1D%c!;RN^f>*!C$>l+_fELF3b3NpPmn4&y6_Zu2~n(t9p{l{ZN8T| z8px?~_7inMOHfP+vdE<(JwKk|j0#Oa6r0S%Mx;Fv=BEr(sWlF6pQta$C{{N{S%p}^ zLSC%M=2u3oAHd}f>kl4RM7y@Y>aS*Y{KPV}%sIje6^Z((fHvqqumEW9^stESgF*gZ zImESPn49CBOyT@#IeN+Sm{#FXqx-HNhcBcL8N~#DFsp1)lcv;+4VDPyY{yKa|40o7 zKkR4npLLW!a-v}^QZRVnr@jc{B` zfk**4X%q*dtcHPGdHvU53#8nDqTOL5^o8Hgc#$_sPGw)nZK*35?F%3{@=!U+w$yuu zu&V2zrFiX7oG^ZTr;bt>;}cs=#ec_9);z08P{e;P##Vjd{5Z@j>O|c2l`7&B3+pxl z6ziNF&>RqAlx#Ac(ulb78oan$Zhy^ut3t`g&}rs!0%w6)i~f?fC60u2B89S#p;&}v zUvl;2+I+@+f-DqLWjvFfW2Va8?&c}cvQxN^g|RC(6|eC7SX`Y$<|{Gf8ov5isBfR} ziPv4W)-fV-Y~-zke4b)1=X2J{QMHH5O>R~gu)($q=b2YbDKv>?KPu)Ywdr zqp?4ar!UhsZ(LcqN{*CTBg9$OFq5-4bSUO0F2k9IN`=?ri7oqPYRCx5Q;__Ff29ev zd&N&;fGaOXdj(?)mt85#V?*w+xu14LRN&D5#g;R**d%3vL4qP~{EO3JKr*gu)jIEw zfshZ(4so}X{nbNeLS@$qFypjes#g|2vD7&J?!{$A;2%?%8Y4*5v1*t*thhA9`+|bE z9a#dwY5r~w3sNb3cOyexodA7+hkNvs^$XFsXQtK~39=>E#PNlgX0}#&-kx&mJP#>t zkg-y_nYCQ1vQ}3{G+VO84`mlW##^0@fpD4nW}#v%yYTn0maaMp;_p&Zgu=7_*p!kO z5-iqB70g_p^@u9Nb88iRMy2SxW=+i+tQ7tJF1}U_uTX+a4z|o~%O1In2TSG2^vj^# zp(qGr5SBWjj66}I&g8OU+>KTtBr8oLjPe@&UNJ-kE;J890>!*M2JwmO2=A(&1+>=9 zlthg!&7~7*w-rl)20}-3r3mZ)KrvX$e%#cICAi?t<#ws;Fd;E|oQcG|F1 zwR=jIneM&RhPQy+sERYwkkUbuo*zo&lX7?{q-5s{mNHUw^zvLBK=ewN;%X3IB4>x^ z0`8|${5W4yY50lFEL%g#SHJ05j05N66m>IEry8XM(xPpyQJCuveQRpZ%?j31anRAi zG`!6b?}02I6UjmSDZT!DUaAp|hd^hXNQK9pQ${;jfmtQO^L1x_va9pL>#T?$0TCx#_sDJyzM40obrgIXdFg@O zRUhV;cCZyee8RH>*Iw!E!oS>STfd6;)qg|K8UBzG1E4VOvdhILv5Q(Y-b&U9<>Q?| z9KLA`B{LAqSm;+3QqipN%Z{m$Ho7+7s7A}hHEG-Hc{)hfl_6;Q)>U8-V=$b=RVr{IT}DgG0(!g8ZN5}SqMVA@p91myMFDf|ZWMZO#z%X$Ibl~D9LbIL>_#q$+k5(sDw-sln+ zYF%u4oHTaB@Z3Fc0xNj~ywJPvUv9Myr7APj*r-8#%NJc!9Ur3-R7F0s_{XxJuhWKd zfX-AxOa)22r6j|_c#R(zq7;w>r)u!;7i2Xj6>bbm;mCdEDTb9mD-}eAk%o^(Pk5lp zgv5*%^v066v@PY5(+HvaKO-v@O3;i63CgaGI1E>fMs{{yYz*$rC=-qKzEa{f}M{ez@$2x}Dug`L$cEx+VDb5olG=DPrsOvOh@|CrHS9LUsAvBJj$ zbHR?Nki2)Yqk6oQ!|n3Yn22<9B&Wy09 zexH6LHaOC7nVLzFRI<5{rpKq3l++xx7i@HVu~lU_Xl(-JbNR#FBW1x!3WMMtH-^FdfD@NfTMzf)%@V#gbP)V9U#qD=IXZ zNIm&@jpyq8rpk*?WtIh@z~nM^wm6EUv}V(ZTD=yt@8j<)f+^jhMUY?(KUsgVEj1cFd8Vb*P|ExH(<*uVem8XZwh0okbeR^wPhCbw!3iP|&EAd>E;vyN}zNmf~+nu^tR@wwqErLxn? zI-nbOL*IhAD3P_`uMe^glN~Y%KK?$wF(L{JJ;5H{mR>pulS?*BUgo<;UdP}iNZ<-H zcjbh#eQ^1*x=5L$0D?`epxTrqU^@eh#gDQF*5|)?qCql0lF3WKm?q+|;xqSJWvTGv zFjn6_`YaA&%trGTk<`S~SNu?Uz3XcL%;OHoyrYwt^fJyPDbWPh$eV=)aX zcRPE@__m)xbT6}rm-W6FYNRgO5Yz7YZJ#V{R5(6YJP$S^<;^zkpd30nrVO3`84P=! zTRaKL1ST_9F;(cCAW>>qOaqNEX=v&@m8@C}B}Nzbsg`R8^~zG>#R2O*4DtaZx{>;R1VtnSB`32WJ*P4&L7H5=C>(=?(WTV4z^a1l1$@F4 zp|ERyEwz;_%F;T4TtZFTH$5iFn@d?^k-eb3)+$$XT>telm8h{R4lpE%`Q2{|`UzEb)(-#`x>BQ1GW}ps11;w;snFYt&d#aec zT4`KiLT)}(YLanMZAT#Uo*GvKt2~Qh$+(j8sZ(ekuWlpt-fLmj{;l50Z|UrChu>3h z)k5A%?G55yZoI6nn-@ikMHp_monf&!O%{}H(~KwcQRON`PqUpoW?1NH(C&!e*+Kco zP)Mg_SBgL^*S@(>%nMFrr@KRn6ZRm;&3$i#z@6%xKr+H=`r(8kF+48bd_9ww&rWls zLro#UnM7)l_1c^qSdUci5Uws28V_sAw%a#wn2^F#@6^Q~!G)=iNCeidl0e56$`6MR zt+WJ>xSB8qt2$7_ph==D-14~ zm{&IBkOMDfK#477r~Vv=9BrJ$ETeAtJe%~|eGa+VQW^h*F~1@(K&WG#XDR=yb#5xc z7^;POvSfzT<2IE(Qj=B=nn-%R)EB7FTi;2{Sm%G`W>dp~iYP_<$t}g_O0QMv69eXG z--H=6@LgIfQ-xHN)F>dF%J+_$v0JL7o@}W0x_~S(daA=_Y!cp0u~ABO2p6pL#EUx7 zCfsnRHJr-8A$3K7n@)|XE5c6tO2cN5iFjt1*?7h+0>vLc5`DB(_PgQE;?j%#9^ho* zV3LR)oo=H~`Q{sgl{T21yjXdqtLCPwY+O|!!b15-@2m9jO-lWs!dD8Z1q1&9##J-Q zpcQi1A2-jW+1M7z7`}$ey`ZCg=a}Q#c23G1jq~%>u0`^4GNv^_@Sq z$&{dul~Vy+rKg5y-r;ud#{(gkqk|UMq>4;zkT=w#E zx!zmzeGP1n6j7J3QgkSRZ~W=)jryol%IsG+Qz7qnMum5_+F@9Sai@)RDB#T5i*6e7 zJ#5>`%Vn<|BJtRFk4`S*W3UG~tc*=m=Be+nKD2!nAC04iUN(U0%6@}qGhbk~$1;Le zOu1~2#dQ09(vsDfR?b&gXHb@%^&YWR2IX9RwpI+jCR(k$eq-KPAwBtX-;mOnhigO}CtJ^06vz9!?hQ$pN(D)3 zsPV$@lMnjC1$x^w%UFC}0ff^Joo;O^a2a){W9&v@V#1R}Mr{@B$xz46mU;Rb#g+bq zSav)zC*{WBnCHJoIT^DL-rEN*G>u`xvuh>gBBjRkup<39z@j+cr-61Z@j3Irq^rL z%0wwV<+TzGmA0QRY*1l2;kvcw5aUA%>1MKsWv)6Ns`J%hx(K0|(OdNb8)2EimXad% z&N+W@F0p@ZjwWZnF*R*-5m~;;0zX1%n`z$ z(XBj0MfI?xMEnP(4?d;yv^(}Gf-m=z(knIqT}5-HG-HzH!qtCxIHh9#D|d|A{~6$! zyDIOS=n(*7qQ(pNH~#Ki^edZhUOSMh<1aTYQG}z)Ul>4P*y(@gj{UbVy}Q?^dd)2b zWWLp$(Y3W@nzwNJ8`B2VAKu6afY%!^YGO|}x+Ve2rKD#kg4RmG-)*F_v)e#2-O*H{ zznT%CPJ_-RkPY}^-&D`d-e#{dBmuF9Wrp2lM?6vB@*x&{3P?J~5V{tuYqkVYfzIn;CVD$2@|7L)sW%WmgsxYqFvpH`=Y)!qd@H95P3_r3iFI z?{}h=gKPWJ&B)_=ZPtlZ@`x-7#marhp*C=NT;N3d>Ok*P5^F6D+rffS zh9qp$=~jNj5u7n!5>V0ao+I45Fs%X+-d>*qz?T@^iscWVMSh5;teKSa6y7OJ1Hc!JM`#xDz+^e zs#|(e)!^+8s<3xa25$XmXgm*m{1R9cg{mW)Fr+NsMbU;m<0?wwW7PU8=R(m*LO)}A zlosS`^h7(jCa%d4@k#~7CTY0x*T7~Ba#89druJNw7nacWv9R&x4)lfkl{!sONfN|~ zI;9I+5A2Dv+R`xg%}ShV2$v%dd&pzL5%gaua7airW793cU6wv&q7U0D}z9!q70SG z<%?{68CIIRuQ4K*$vx?DNEhe)kNM$d6p^Q{Q!4fo{yZaF1r&KS=NEde3p8=vBLjCZ-W9lSv z)bq?j>vMsk#%?@cM6wj4NW)ZiY}`u4Kj6!#bh53bl`LLfUeQKr2?eoLoD^n%r8L?? z1J*<^`A0k-ZGU=ZTi>3nO5{ze|FcL3inm)Cfv^kB3ui!W+{T8a@6(In>{qm}zorqu9wp5R6N z>t5rQswnP}NPp}p087* zVtPy-E6+!B;)9^|Ki&{pbgnSTd(Terp0s7;+%Pv5Yig&}fjcT_J`eDR7nm?)y3(pH z_j0Q8628tS^-&{xf|~4t261uaaPF{qShFvz9QG8!=_NVTwBi#5nKGv-Vb(bSt%Z%k zZ;@DY52+ut{pG%e)MnzyR3Sde-JDak0u{;}cC54}B`nsfA*CCAwFP40d^=k_SVaNa z)Ot9C?e6RwVRK%=x$8PiA*KvAGABjbik6KIO6vt*?0=_!XgrzLnr3>qrBz8J^Oi?}JCw1mqw(r6-8VZ7hA z6qA5>l12|*)?*6&U!0&yD6W4g0jvCJrPp3+%P%Wc*N0av2`G4DG@SCqO8k>>#Y{K7 z>hJ-)-j`|ysp|z*$zPj;ZnOo6wAs5-nCXb~B&1oRTkhC})-lqU@bj!G<}3!imy#D) zDSD|_fW zn3z~?6bJ7wqZh&h{#L}N(A{2>iiWK6sJGN6$kKGPX2Q^4t`HMRt#AKT7i>){`jEf* z@Izf}u_3Aqi0kpJ6IMMp@wDk@$<8s6UMiK;aH5gzN+EZ8DwWEiv?eQ)8vb%Y?x;)j zpL&2G|6lX~qhlNwW#}PS;7Y_~q|r}Bt&pPVwYmUx!r0qPYGCfEB-A2rFKuOjWeAvOn(^3*M5~K@X?3Q^A3duK+K^_UGm16txk=KGu7uWM06=TZd4VBqlO2`eR~>d1~qy zv6s^f%gk)wFh~G9+0a)XzaHMP;ElkpA!QzsSrc0w8+iF<#>DjDDLlHti~;?RI`GND%!W4`r%J| z8Ezqzo30WTFRVx|_0!ZI$}Z+ndSQu1!}EGg@@{jwXe_zc@gV>lzL^o@D+0g(m#6Ez zl~q-fts7-!bPz<3=lo7_P$q&+xxjI>Gf3|N% z3;uDvNAlLJNkI80HOqADuq0PH{_ zx~;R*q;5IAiv%cFEm-;ZG*Mr!$b=?F9?Fz2|W?TYxY%`tUWW{-`yHVLN?*&`m3jsL^P%AUtN`K(ub9`bf}= zJ$X+#4fDk%iCmJY|5q`LMxxjG`K1$C)?jr7cOQ3x>GT6>AbDD}0FRpC)ZGShJws^+dR8 z)V}0D&eU1Ukq55hbO`tQHfkwtbN83#3tZ{0eiu=yr9Ew0Me%lfxYHLr3R^dC_jvje zQzd<9FQzb;o_Rg~IX2&$)juzD_;c5|q#A#JBSjWuQ5gLydV<8mrYIpX^+jqLtUw$D z1Y*9VsE{(_#BeUz$<3eq+iGJ$N+a{3X3e-Jwh?eQ*D+1;&;sv(pl+e1`9nM(9OIQh zfi(AYB9eBz5(m<}d(Tqh+~9c~!=tvC1N`u4Q0rLefgpj1W4*B~4vw;{ND9<(S!!<< z{uSA#y@)o>(p5b9!L@y9X=Z=5W}Q`Z{z;~jC(dD%>^Ke0ask_0l4Z<3h0#tXbrUq> zwgM*jhm$B$8c9eJSlEH6(>XRuhp?L=d&GM-N}{767E2AS!^p$Y0mz-w-7B}C793O@ ztg=AgmsRMSw20^4Ni;W=SY(eI!ymM18-yrz0rcy2%f#=&{Z!!S;3#Tsj9>^h?BOSU zY>1-u^=~sF5U^Vm!&bfL?+{2ru*n@B?;m>Zd8JzsqdU&RdK4yqdEcM4?&|u7L|5%C zx$wVS>b~EkYO0BlgidB++Xe8?no}pxv9j(itm*MqWwG{gikW(u*j6K0Y(D3o>X3$A zZiN1T{Gg6jxV(vUb--NCkYl?pgFiYnaDOoWJ`kPr)klOi)%}yliwtS#ojvA~#V0`A z^`NHpaDMmCtk;zAhC~kB)z|yI|HD@O>IMLXE;78;k2H)&jrK@ge>Ma#=hjq(NPq}h9E!@zoQ^PF zuhuo%p7(n$HPWo24uh(*ArHacHh#8)yf90tQO`==Ip_^NYd0%t^ZS5&03CwOEgOe% zgLDn*DFvM*=#+8a(-xW2s;<8A3*pjK>dSJ$>a8a^vn(}$(f^DYNL(pQFh;Wg$nrW1 z4_MPa^Qcit;0+%9?;;5N@bFOn2yk7z{Z&J}p){B=x_CN&$6&ph*%HgNk3Z9&IbY(o z&-G1KjUr!rxWrzk{Z&A%{j1bA{pfhiiKYGZ+~u?!t>WgVk{lq$+)1GasaiWbcY!0v z{|*;$5qSlL{mI<;_IP4Y_3Y#k<~qzsYu2dSY8M66nJ;~@#U-z-G9UN$*Y!0=+W77h zl-DBqp-uK`5;>zrJn)l0AT2QUt0YY|8vILY5C8i6yWMN~zn9N~+O0lG_6`mX2k5WA zJ7~MI@XNaeydkeliv8|rm%{yYsU$tnbwmqqON)5QUEI4_G)+ec?% zu{B?NvBQe=#g(wlLgG6Xd0m&_p)$kJL#p9@V4Tyzv>baGQrn+d34b@a21z(3CE$tO z0}-R#zZ);(5Wldr#ca&fFi89L8~TA`3Vq8t*bmc%V`XJox*Q3CZsNGy;(90?bS4`# z6zL3s_4i?xqE5vi`=k~ZKvPC*$bta-BgCk~w3!%)>8=$M#SI$Ur6~*M9F1|}BO7Lm zb(LdJLo?+VJl7{t!Dd5%^jl7MY}f&Z1#1tpW}>|#y)^FE_oR+5{2W3w(BMdBM=NO} zo%+&}BWFrJe{kxsRQY+AR0tKFf%OpFJviXi%Q-g8*Rv@79=U!e^}{5MD#dlq%SsSI zYOD&VYyI2Z=L)xwl@#38OZEKB)#FK4trXTDS&8st!C{VG zdg)cmx0)B;ZG}tM$7&Ay_+g&%S}qZW5^cvCrWAw0xBRuX&SRGamIGJ9a`na{I6Hur zY0zPAq`2<=NK1Ux7PgBSn}p<)f-!rkUl!F^ez4_NYEE6}|5N{sBa-DR1}Z15Nz3yegOt?=uq7T!v+g>hdyq?ErQHxldwM2+UQjl ztwg7>>Yv(WQr^5{DN~VZSq9M?`auljQ-ufzWoe72lUi z3%M-QWREu>g_^HV*ZvE8|EoU3fEYusb(}QuHj2Q>iV!5?$#s+^csr&}?vN_D8vK8& z&(xF-VfN1G4_NtbI_ZGH)exPwdH<0@LyI{8A@L}d^-(GtUf>~GNmA#S>xPVZDiTe% z4c7uSC_rQof;^2-wxLjKVt6nlf9XqQ7b`2o0NO)lW(f7ee#>&Y+1gAr@uCycn3*$V zTCHBqDJ+Pn;LYoLCv=*^;siuot$%K}Sgz7Pb}mnP z?`CJzmFn8D9Pyst3kK!#>;XfY863X1C?bJlqP*%C=4+S{S4fvzNeaiaQb@)SH+fNb zrRB#QkYoBwWUq}F8dg~Nj+!qh;LTNUQYTu=s{E^djF{~F$;~H!0=)E(U_6P8Mb~T@ zK`m4&#NM`&{0$48EB@YRPOzPUT9XS-mmBU!d#f`ho!PVHc#m9m3KPAiuWQ<ho6EU1rIGAm>{thU{Y@P7BwfuAZL{Zc9E$vzCG(-i?{`XkViLTAD%R zZqZFXpcwzRnpBtFV%zapfPhRvnD5lw`8GO|@Ubx?nG=wuI%NKN6Lg`3~Vo3dP2wY%G8>B}_+Dwvo%nI!+IgrlRB`@`m2jXnkt1C!k$%xU6Sy>0~f9H)sm zTObA0#d=$72XHu|O&$Qq`gV`osH3B!y3^akLwKLTZ=UjmE{wWuYT%}NYmZ$iBJhxV z=9CKL$s#tt&Pa1!2p#t0dawJd9djUIIC!1_V6Ml*BiuOr;vbC600}=6Jsu9`n+CM# z$B!RT2>S+I0S6nK^40AVkR1ib!y33ya)XLD>c45*=P84cSwXwhS8aGD)jaUGijDeL zL+RgZ$G_~ZZ>^4Rn05f2KSS~PRWG_6%)gU3`%7=jgOycYZ~nhnU;k63|AX=N|EbIK aUm#h$C%Vl;=uIJjLsCpmv{G2l@BacFJsA)H literal 0 HcmV?d00001 diff --git a/docs/addons/elasticsearch/auto-backup/index.md b/docs/addons/elasticsearch/auto-backup/index.md new file mode 100644 index 0000000..df148d0 --- /dev/null +++ b/docs/addons/elasticsearch/auto-backup/index.md @@ -0,0 +1,694 @@ +--- +title: Elasticsearch Auto-Backup | Stash +description: Backup Elasticsearch using Stash Auto-Backup +menu: + docs_{{ .version }}: + identifier: stash-elasticsearch-auto-backup + name: Auto-Backup + parent: stash-elasticsearch + weight: 30 +product_name: kubestash +menu_name: docs_{{ .version }} +section_menu_id: stash-addons +--- + +# Backup Elasticsearch using Stash Auto-Backup + +Stash can be configured to automatically backup any Elasticsearch database in your cluster. Stash enables cluster administrators to deploy backup blueprints ahead of time so that the database owners can easily backup their database with just a few annotations. + +In this tutorial, we are going to show how you can configure a backup blueprint for Elasticsearch databases in your cluster and backup them with few annotations. + +## Before You Begin + +- At first, you need to have a Kubernetes cluster, and the `kubectl` command-line tool must be configured to communicate with your cluster. +- Install Stash in your cluster following the steps [here](/docs/setup/install/stash/index.md). +- Install [KubeDB](https://kubedb.com) in your cluster following the steps [here](https://kubedb.com/docs/latest/setup/). This step is optional. You can deploy your database using any method you want. +- If you are not familiar with how Stash backup and restore Elasticsearch databases, please check the following guide [here](/docs/addons/elasticsearch/overview/index.md). +- If you are not familiar with how auto-backup works in Stash, please check the following guide [here](/docs/guides/auto-backup/overview/index.md). +- If you are not familiar with the available auto-backup options for databases in Stash, please check the following guide [here](/docs/guides/auto-backup/database/index.md). + +You should be familiar with the following `Stash` concepts: + +- [BackupBlueprint](/docs/concepts/crds/backupblueprint/index.md) +- [BackupConfiguration](/docs/concepts/crds/backupconfiguration/index.md) +- [BackupSession](/docs/concepts/crds/backupsession/index.md) +- [Repository](/docs/concepts/crds/repository/index.md) +- [Function](/docs/concepts/crds/function/index.md) +- [Task](/docs/concepts/crds/task/index.md) + +In this tutorial, we are going to show backup of three different Elasticsearch databases on three different namespaces named `demo`, `demo-2`, and `demo-3`. Create the namespaces as below if you haven't done it already. + +```bash +❯ kubectl create ns demo +namespace/demo created + +❯ kubectl create ns demo-2 +namespace/demo-2 created + +❯ kubectl create ns demo-3 +namespace/demo-3 created +``` + +When you install Stash, it will automatically install the necessary addon to backup databases. Make sure you have installed the Elasticsearch addon for Stash. + +```bash +❯ kubectl get tasks.stash.appscode.com | grep elasticsearch +elasticsearch-backup-5.6.4 4d4h +elasticsearch-backup-6.2.4 4d4h +elasticsearch-backup-6.3.0 4d4h +elasticsearch-backup-6.4.0 4d4h +elasticsearch-backup-6.5.3 4d4h +elasticsearch-backup-6.8.0 4d4h +elasticsearch-backup-7.2.0 4d4h +elasticsearch-backup-7.3.2 4d4h +elasticsearch-restore-5.6.4 4d4h +elasticsearch-restore-6.2.4 4d4h +elasticsearch-restore-6.3.0 4d4h +elasticsearch-restore-6.4.0 4d4h +elasticsearch-restore-6.5.3 4d4h +elasticsearch-restore-6.8.0 4d4h +elasticsearch-restore-7.2.0 4d4h +elasticsearch-restore-7.3.2 4d4h +``` + +## Prepare Backup Blueprint + +To backup an Elasticsearch database using Stash, you have to create a `Secret` containing the backend credentials, a `Repository` containing the backend information, and a `BackupConfiguration` containing the schedule and target information. A `BackupBlueprint` allows you to specify a template for the `Repository` and the `BackupConfiguration`. + +The `BackupBlueprint` is a non-namespaced CRD. So, once you have created a `BackupBlueprint`, you can use it to backup any Elasticsearch database of any namespace just by creating the storage `Secret` in that namespace and adding few annotations to your Elasticsearch CRO. Then, Stash will automatically create a `Repository` and a `BackupConfiguration` according to the template to backup the database. + +Below is the `BackupBlueprint` object that we are going to use in this tutorial, + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: BackupBlueprint +metadata: + name: elasticsearch-backup-template +spec: + # ============== Blueprint for Repository ========================== + backend: + gcs: + bucket: stash-testing + prefix: stash-backup/${TARGET_NAMESPACE}/${TARGET_APP_RESOURCE}/${TARGET_NAME} + storageSecretName: gcs-secret + # ============== Blueprint for BackupConfiguration ================= + task: + name: elasticsearch-backup-7.3.2 + schedule: "*/5 * * * *" + interimVolumeTemplate: + metadata: + name: ${TARGET_APP_RESOURCE}-${TARGET_NAME} # To ensure that the PVC names are unique for different database + spec: + accessModes: [ "ReadWriteOnce" ] + storageClassName: "standard" + resources: + requests: + storage: 1Gi + retentionPolicy: + name: 'keep-last-5' + keepLast: 5 + prune: true +``` + +Here, we are using a GCS bucket as our backend. We are providing `gcs-secret` at the `storageSecretName` field. Hence, we have to create a secret named `gcs-secret` with the access credentials of our bucket in every namespace where we want to enable backup through this blueprint. + +Notice the `prefix` field of `backend` section. We have used some variables in form of `${VARIABLE_NAME}`. Stash will automatically resolve those variables from the database information to make the backend prefix unique for each database instance. + +We have also used some variables in `name` field of the `interimVolumeTemplate` section. This is to ensure that the generated PVC name becomes unique for the database instances. + +Let's create the `BackupBlueprint` we have shown above, + +```bash +❯ kubectl apply -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/elasticsearch/auto-backup/examples/backupblueprint.yaml +backupblueprint.stash.appscode.com/elasticsearch-backup-template created +``` + +Now, we are ready to backup our Elasticsearch databases using few annotations. You can check available auto-backup annotations for a databases from [here](/docs/guides/auto-backup/database/index.md#available-auto-backup-annotations-for-database). + +## Auto-backup with default configurations + +In this section, we are going to backup an Elasticsearch database of `demo` namespace. We are going to use the default configurations specified in the `BackupBlueprint`. + +### Create Storage Secret + +At first, let's create the `gcs-secret` in `demo` namespace with the access credentials to our GCS bucket. + +```bash +❯ echo -n 'changeit' > RESTIC_PASSWORD +❯ echo -n '' > GOOGLE_PROJECT_ID +❯ cat downloaded-sa-key.json > GOOGLE_SERVICE_ACCOUNT_JSON_KEY +❯ kubectl create secret generic -n demo gcs-secret \ + --from-file=./RESTIC_PASSWORD \ + --from-file=./GOOGLE_PROJECT_ID \ + --from-file=./GOOGLE_SERVICE_ACCOUNT_JSON_KEY +secret/gcs-secret created +``` + +### Create Database + +Now, we are going to create an Elasticsearch CRO in `demo` namespace. Below is the YAML of the Elasticsearch object that we are going to create, + +```yaml +apiVersion: kubedb.com/v1alpha2 +kind: Elasticsearch +metadata: + name: es-demo + namespace: demo + annotations: + stash.appscode.com/backup-blueprint: elasticsearch-backup-template +spec: + version: xpack-7.9.1-v1 + replicas: 1 + storageType: Durable + storage: + resources: + requests: + storage: 1Gi + storageClassName: standard + terminationPolicy: WipeOut +``` + +Notice the `annotations` section. We are pointing to the `BackupBlueprint` that we have created earlier though `stash.appscode.com/backup-blueprint` annotation. Stash will watch this annotation and create a `Repository` and a `BackupConfiguration` according to the `BackupBlueprint`. + +Let's create the above Elasticsearch CRO, + +```bash +❯ kubectl apply -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/elasticsearch/auto-backup/examples/es-demo.yaml +elasticsearch.kubedb.com/sample-elasticsearch created +``` + +### Verify Auto-backup configured + +In this section, we are going to verify whether Stash has created the respective `Repository` and `BackupConfiguration` for our Elasticsearch database we have just deployed or not. + +#### Verify Repository + +At first, let's verify whether Stash has created a `Repository` for our Elasticsearch or not. + +```bash +❯ kubectl get repository -n demo +NAME INTEGRITY SIZE SNAPSHOT-COUNT LAST-SUCCESSFUL-BACKUP AGE +app-es-demo 5s +``` + +Now, let's check the YAML of the `Repository`. + +```yaml +❯ kubectl get repository -n demo app-es-demo -o yaml +apiVersion: stash.appscode.com/v1alpha1 +kind: Repository +metadata: +... + name: app-es-demo + namespace: demo +spec: + backend: + gcs: + bucket: stash-testing + prefix: stash-backup/demo/elasticsearch/es-demo + storageSecretName: gcs-secret +``` + +Here, you can see that Stash has resolved the variables in `prefix` field and substituted them with the equivalent information from this database. + +#### Verify BackupConfiguration + +If everything goes well, Stash should create a `BackupConfiguration` for our ElasticSearch in `demo` namespace and the phase of that `BackupConfiguration` should be `Ready`. Verify the `BackupConfiguration` crd by the following command, + +```bash +❯ kubectl get backupconfiguration -n demo +NAME TASK SCHEDULE PAUSED PHASE AGE +app-es-demo elasticsearch-backup-7.3.2 */5 * * * * Ready 12s +``` + +Now, let's check the YAML of the `BackupConfiguration`. + +```yaml +❯ kubectl get backupconfiguration -n demo app-es-demo -o yaml +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: app-es-demo + namespace: demo + ... +spec: + driver: Restic + interimVolumeTemplate: + metadata: + name: elasticsearch-es-demo + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + storageClassName: standard + status: {} + repository: + name: app-es-demo + retentionPolicy: + keepLast: 5 + name: keep-last-5 + prune: true + runtimeSettings: {} + schedule: '*/5 * * * *' + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: es-demo + task: + name: elasticsearch-backup-7.3.2 + tempDir: {} +status: + conditions: + - lastTransitionTime: "2021-02-12T11:46:53Z" + message: Repository demo/app-es-demo exist. + reason: RepositoryAvailable + status: "True" + type: RepositoryFound + - lastTransitionTime: "2021-02-12T11:46:53Z" + message: Backend Secret demo/gcs-secret exist. + reason: BackendSecretAvailable + status: "True" + type: BackendSecretFound + - lastTransitionTime: "2021-02-12T11:46:53Z" + message: Backup target appcatalog.appscode.com/v1alpha1 appbinding/es-demo found. + reason: TargetAvailable + status: "True" + type: BackupTargetFound + - lastTransitionTime: "2021-02-12T11:46:53Z" + message: Successfully created backup triggering CronJob. + reason: CronJobCreationSucceeded + status: "True" + type: CronJobCreated + observedGeneration: 1 +``` + +Notice the `interimVolumeTemplate` section. The variables of `name` field have been substituted by the equivalent information from the database. + +Also, notice the `target` section. Stash has automatically added the Elasticsearch as the target of this `BackupConfiguration`. + +#### Verify Backup + +Now, let's wait for a backup run to complete. You can watch for `BackupSession` as below, + +```bash +❯ kubectl get backupsession -n demo -w +NAME INVOKER-TYPE INVOKER-NAME PHASE AGE +app-es-demo-1613130605 BackupConfiguration app-es-demo 0s +app-es-demo-1613130605 BackupConfiguration app-es-demo Running 10s +app-es-demo-1613130605 BackupConfiguration app-es-demo Succeeded 46s +``` + +Once the backup has been completed successfully, you should see the backed up data has been stored in the bucket at the directory pointed by the `prefix` field of the `Repository`. + +
+ Backup data in GCS Bucket +
Fig: Backup data in GCS Bucket
+
+ +## Auto-backup with a custom schedule + +In this section, we are going to backup an Elasticsearch database of `demo-2` namespace. This time, we are going to overwrite the default schedule used in the `BackupBlueprint`. + +### Create Storage Secret + +At first, let's create the `gcs-secret` in `demo-2` namespace with the access credentials to our GCS bucket. + +```bash +❯ kubectl create secret generic -n demo-2 gcs-secret \ + --from-file=./RESTIC_PASSWORD \ + --from-file=./GOOGLE_PROJECT_ID \ + --from-file=./GOOGLE_SERVICE_ACCOUNT_JSON_KEY +secret/gcs-secret created +``` + +### Create Database + +Now, we are going to create an Elasticsearch CRO in `demo-2` namespace. Below is the YAML of the Elasticsearch object that we are going to create, + +```yaml +apiVersion: kubedb.com/v1alpha2 +kind: Elasticsearch +metadata: + name: es-demo-2 + namespace: demo-2 + annotations: + stash.appscode.com/backup-blueprint: elasticsearch-backup-template + stash.appscode.com/schedule: "*/3 * * * *" +spec: + version: xpack-7.9.1-v1 + replicas: 1 + storageType: Durable + storage: + resources: + requests: + storage: 1Gi + storageClassName: standard + terminationPolicy: WipeOut +``` + +Notice the `annotations` section. This time, we have passed a schedule via `stash.appscode.com/schedule` annotation along with the `stash.appscode.com/backup-blueprint` annotation. + +Let's create the above Elasticsearch CRO, + +```bash +❯ kubectl apply -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/elasticsearch/auto-backup/examples/es-demo-2.yaml +elasticsearch.kubedb.com/es-demo-2 created +``` + +### Verify Auto-backup configured + +Now, let's verify whether the auto-backup has been configured properly or not. + +#### Verify Repository + +At first, let's verify whether Stash has created a `Repository` for our Elasticsearch or not. + +```bash +❯ kubectl get repository -n demo-2 +NAME INTEGRITY SIZE SNAPSHOT-COUNT LAST-SUCCESSFUL-BACKUP AGE +app-es-demo-2 25s +``` + +Now, let's check the YAML of the `Repository`. + +```yaml +❯ kubectl get repository -n demo-2 app-es-demo-2 -o yaml +apiVersion: stash.appscode.com/v1alpha1 +kind: Repository +metadata: + name: app-es-demo-2 + namespace: demo-2 + ... +spec: + backend: + gcs: + bucket: stash-testing + prefix: stash-backup/demo-2/elasticsearch/es-demo-2 + storageSecretName: gcs-secret +``` + +Here, you can see that Stash has resolved the variables in `prefix` field and substituted them with the equivalent information from this new database. + +#### Verify BackupConfiguration + +If everything goes well, Stash should create a `BackupConfiguration` for our ElasticSearch in `demo-2` namespace and the phase of that `BackupConfiguration` should be `Ready`. Verify the `BackupConfiguration` crd by the following command, + + +```bash +❯ kubectl get backupconfiguration -n demo-2 +NAME TASK SCHEDULE PAUSED PHASE AGE +app-es-demo-2 elasticsearch-backup-7.3.2 */3 * * * * Ready 77s +``` + +Now, let's check the YAML of the `BackupConfiguration`. + +```yaml +❯ kubectl get backupconfiguration -n demo-2 app-es-demo-2 -o yaml +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: app-es-demo-2 + namespace: demo-2 + ... +spec: + driver: Restic + interimVolumeTemplate: + metadata: + name: elasticsearch-es-demo-2 + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + storageClassName: standard + status: {} + repository: + name: app-es-demo-2 + retentionPolicy: + keepLast: 5 + name: keep-last-5 + prune: true + runtimeSettings: {} + schedule: '*/3 * * * *' + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: es-demo-2 + task: + name: elasticsearch-backup-7.3.2 + tempDir: {} +status: + conditions: + - lastTransitionTime: "2021-02-12T12:24:07Z" + message: Repository demo-2/app-es-demo-2 exist. + reason: RepositoryAvailable + status: "True" + type: RepositoryFound + - lastTransitionTime: "2021-02-12T12:24:07Z" + message: Backend Secret demo-2/gcs-secret exist. + reason: BackendSecretAvailable + status: "True" + type: BackendSecretFound + - lastTransitionTime: "2021-02-12T12:24:07Z" + message: Backup target appcatalog.appscode.com/v1alpha1 appbinding/es-demo-2 found. + reason: TargetAvailable + status: "True" + type: BackupTargetFound + - lastTransitionTime: "2021-02-12T12:24:07Z" + message: Successfully created backup triggering CronJob. + reason: CronJobCreationSucceeded + status: "True" + type: CronJobCreated + observedGeneration: 1 +``` + +Notice the `schedule` section. This time the `BackupConfiguration` has been created with the schedule we have provided via annotation. + +Also, notice the `target` section. Stash has automatically added the new Elasticsearch as the target of this `BackupConfiguration`. + +#### Verify Backup + +Now, let's wait for a backup run to complete. You can watch for `BackupSession` as below, + +```bash +❯ kubectl get backupsession -n demo-2 -w +NAME INVOKER-TYPE INVOKER-NAME PHASE AGE +app-es-demo-2-1613132831 BackupConfiguration app-es-demo-2 0s +app-es-demo-2-1613132831 BackupConfiguration app-es-demo-2 Running 17s +app-es-demo-2-1613132831 BackupConfiguration app-es-demo-2 Succeeded 41s +``` + +Once the backup has been completed successfully, you should see that Stash has created a new directory as pointed by the `prefix` field of the new `Repository` and stored the backed up data there. + +
+ Backup data in GCS Bucket +
Fig: Backup data in GCS Bucket
+
+ +## Auto-backup with custom parameters + +In this section, we are going to backup an Elasticsearch database of `demo-3` namespace. This time, we are going to pass some parameters for the Task through the annotations. + +### Create Storage Secret + +At first, let's create the `gcs-secret` in `demo-3` namespace with the access credentials to our GCS bucket. + +```bash +❯ kubectl create secret generic -n demo-3 gcs-secret \ + --from-file=./RESTIC_PASSWORD \ + --from-file=./GOOGLE_PROJECT_ID \ + --from-file=./GOOGLE_SERVICE_ACCOUNT_JSON_KEY +secret/gcs-secret created +``` + +### Create Database + +Now, we are going to create an Elasticsearch CRO in `demo-3` namespace. Below is the YAML of the Elasticsearch object that we are going to create, + +```yaml +apiVersion: kubedb.com/v1alpha2 +kind: Elasticsearch +metadata: + name: es-demo-3 + namespace: demo-3 + annotations: + stash.appscode.com/backup-blueprint: elasticsearch-backup-template + params.stash.appscode.com/args: --ignoreType=settings,template +spec: + version: xpack-7.9.1-v1 + replicas: 1 + storageType: Durable + storage: + resources: + requests: + storage: 1Gi + storageClassName: standard + terminationPolicy: WipeOut +``` + +Notice the `annotations` section. This time, we have passed an argument via `params.stash.appscode.com/args` annotation along with the `stash.appscode.com/backup-blueprint` annotation. + +Let's create the above Elasticsearch CRO, + +```bash +❯ kubectl apply -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/elasticsearch/auto-backup/examples/es-demo-3.yaml +elasticsearch.kubedb.com/es-demo-3 created +``` + +### Verify Auto-backup configured + +Now, let's verify whether the auto-backup resources has been created or not. + +#### Verify Repository + +At first, let's verify whether Stash has created a `Repository` for our Elasticsearch or not. + +```bash +❯ kubectl get repository -n demo-3 +NAME INTEGRITY SIZE SNAPSHOT-COUNT LAST-SUCCESSFUL-BACKUP AGE +app-es-demo-3 23s +``` + +Now, let's check the YAML of the `Repository`. + +```yaml +❯ kubectl get repository -n demo-3 app-es-demo-3 -o yaml +apiVersion: stash.appscode.com/v1alpha1 +kind: Repository +metadata: + name: app-es-demo-3 + namespace: demo-3 + ... +spec: + backend: + gcs: + bucket: stash-testing + prefix: stash-backup/demo-3/elasticsearch/es-demo-3 + storageSecretName: gcs-secret +``` + +Here, you can see that Stash has resolved the variables in `prefix` field and substituted them with the equivalent information from this new database. + +#### Verify BackupConfiguration + +If everything goes well, Stash should create a `BackupConfiguration` for our ElasticSearch in `demo-3` namespace and the phase of that `BackupConfiguration` should be `Ready`. Verify the `BackupConfiguration` crd by the following command, + +```bash +❯ kubectl get backupconfiguration -n demo-3 +NAME TASK SCHEDULE PAUSED PHASE AGE +app-es-demo-3 elasticsearch-backup-7.3.2 */5 * * * * Ready 84s +``` + +Now, let's check the YAML of the `BackupConfiguration`. + +```yaml +❯ kubectl get backupconfiguration -n demo-3 app-es-demo-3 -o yaml +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: app-es-demo-3 + namespace: demo-3 + ... +spec: + driver: Restic + interimVolumeTemplate: + metadata: + name: elasticsearch-es-demo-3 + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + storageClassName: standard + status: {} + repository: + name: app-es-demo-3 + retentionPolicy: + keepLast: 5 + name: keep-last-5 + prune: true + runtimeSettings: {} + schedule: '*/5 * * * *' + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: es-demo-3 + task: + name: elasticsearch-backup-7.3.2 + params: + - name: args + value: --ignoreType=settings,template + tempDir: {} +status: + conditions: + - lastTransitionTime: "2021-02-12T12:39:14Z" + message: Repository demo-3/app-es-demo-3 exist. + reason: RepositoryAvailable + status: "True" + type: RepositoryFound + - lastTransitionTime: "2021-02-12T12:39:14Z" + message: Backend Secret demo-3/gcs-secret exist. + reason: BackendSecretAvailable + status: "True" + type: BackendSecretFound + - lastTransitionTime: "2021-02-12T12:39:14Z" + message: Backup target appcatalog.appscode.com/v1alpha1 appbinding/es-demo-3 found. + reason: TargetAvailable + status: "True" + type: BackupTargetFound + - lastTransitionTime: "2021-02-12T12:39:14Z" + message: Successfully created backup triggering CronJob. + reason: CronJobCreationSucceeded + status: "True" + type: CronJobCreated + observedGeneration: 1 +``` + +Notice the `task` section. The `args` parameter that we had passed via annotations has been added to the `params` section. + +Also, notice the `target` section. Stash has automatically added the new Elasticsearch as the target of this `BackupConfiguration`. + +#### Verify Backup + +Now, let's wait for a backup run to complete. You can watch for `BackupSession` as below, + +```bash +❯ kubectl get backupsession -n demo-3 -w +NAME INVOKER-TYPE INVOKER-NAME PHASE AGE +app-es-demo-3-1613133604 BackupConfiguration app-es-demo-3 0s +app-es-demo-3-1613133604 BackupConfiguration app-es-demo-3 Running 5s +app-es-demo-3-1613133604 BackupConfiguration app-es-demo-3 Succeeded 48s +``` + +Once the backup has been completed successfully, you should see that Stash has created a new directory as pointed by the `prefix` field of the new `Repository` and stored the backed up data there. + +
+ Backup data in GCS Bucket +
Fig: Backup data in GCS Bucket
+
+ +## Cleanup + +To cleanup the resources crated by this tutorial, run the following commands, + +```bash +❯ kubectl delete -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/elasticsearch/auto-backup/examples/ +backupblueprint.stash.appscode.com "elasticsearch-backup-template" deleted +elasticsearch.kubedb.com "es-demo-2" deleted +elasticsearch.kubedb.com "es-demo-3" deleted +elasticsearch.kubedb.com "es-demo" deleted + +❯ kubectl delete repository -n demo --all +repository.stash.appscode.com "app-es-demo" deleted +❯ kubectl delete repository -n demo-2 --all +repository.stash.appscode.com "app-es-demo-2" deleted +❯ kubectl delete repository -n demo-3 --all +repository.stash.appscode.com "app-es-demo-3" deleted +``` diff --git a/docs/addons/elasticsearch/customization/examples/backup/ignore-sg-index.yaml b/docs/addons/elasticsearch/customization/examples/backup/ignore-sg-index.yaml new file mode 100644 index 0000000..3bba454 --- /dev/null +++ b/docs/addons/elasticsearch/customization/examples/backup/ignore-sg-index.yaml @@ -0,0 +1,32 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: sample-elasticsearch-backup + namespace: demo +spec: + schedule: "*/2 * * * *" + task: + name: elasticsearch-backup-7.3.2 + params: + - name: args + value: --match=^(?![.])(?!searchguard).+ --ignoreType=template + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-elasticsearch + interimVolumeTemplate: + metadata: + name: stash-tmp-backup-storage + spec: + accessModes: [ "ReadWriteOnce" ] + storageClassName: "standard" + resources: + requests: + storage: 1Gi + retentionPolicy: + name: keep-last-5 + keepLast: 5 + prune: true diff --git a/docs/addons/elasticsearch/customization/examples/backup/multi-retention-policy.yaml b/docs/addons/elasticsearch/customization/examples/backup/multi-retention-policy.yaml new file mode 100644 index 0000000..77b2a95 --- /dev/null +++ b/docs/addons/elasticsearch/customization/examples/backup/multi-retention-policy.yaml @@ -0,0 +1,33 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: sample-elasticsearch-backup + namespace: demo +spec: + schedule: "*/2 * * * *" + task: + name: elasticsearch-backup-7.3.2 + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-elasticsearch + interimVolumeTemplate: + metadata: + name: stash-tmp-backup-storage + spec: + accessModes: [ "ReadWriteOnce" ] + storageClassName: "standard" + resources: + requests: + storage: 1Gi + retentionPolicy: + name: sample-es-retention + keepLast: 5 + keepDaily: 10 + keepWeekly: 20 + keepMonthly: 50 + keepYearly: 100 + prune: true diff --git a/docs/addons/elasticsearch/customization/examples/backup/passing-args.yaml b/docs/addons/elasticsearch/customization/examples/backup/passing-args.yaml new file mode 100644 index 0000000..f20f381 --- /dev/null +++ b/docs/addons/elasticsearch/customization/examples/backup/passing-args.yaml @@ -0,0 +1,32 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: sample-elasticsearch-backup + namespace: demo +spec: + schedule: "*/2 * * * *" + task: + name: elasticsearch-backup-7.3.2 + params: + - name: args + value: --ignoreType=template,settings + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-elasticsearch + interimVolumeTemplate: + metadata: + name: stash-tmp-backup-storage + spec: + accessModes: [ "ReadWriteOnce" ] + storageClassName: "standard" + resources: + requests: + storage: 1Gi + retentionPolicy: + name: keep-last-5 + keepLast: 5 + prune: true diff --git a/docs/addons/elasticsearch/customization/examples/backup/resource-limit.yaml b/docs/addons/elasticsearch/customization/examples/backup/resource-limit.yaml new file mode 100644 index 0000000..897917e --- /dev/null +++ b/docs/addons/elasticsearch/customization/examples/backup/resource-limit.yaml @@ -0,0 +1,38 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: sample-elasticsearch-backup + namespace: demo +spec: + schedule: "*/2 * * * *" + task: + name: elasticsearch-backup-7.3.2 + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-elasticsearch + interimVolumeTemplate: + metadata: + name: stash-tmp-backup-storage + spec: + accessModes: ["ReadWriteOnce"] + storageClassName: "standard" + resources: + requests: + storage: 1Gi + runtimeSettings: + container: + resources: + requests: + cpu: "200m" + memory: "1Gi" + limits: + cpu: "200m" + memory: "1Gi" + retentionPolicy: + name: keep-last-5 + keepLast: 5 + prune: true diff --git a/docs/addons/elasticsearch/customization/examples/backup/specific-user.yaml b/docs/addons/elasticsearch/customization/examples/backup/specific-user.yaml new file mode 100644 index 0000000..3591c74 --- /dev/null +++ b/docs/addons/elasticsearch/customization/examples/backup/specific-user.yaml @@ -0,0 +1,34 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: sample-elasticsearch-backup + namespace: demo +spec: + schedule: "*/2 * * * *" + task: + name: elasticsearch-backup-7.3.2 + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-elasticsearch + interimVolumeTemplate: + metadata: + name: stash-tmp-backup-storage + spec: + accessModes: [ "ReadWriteOnce" ] + storageClassName: "standard" + resources: + requests: + storage: 1Gi + runtimeSettings: + pod: + securityContext: + runAsUser: 0 + runAsGroup: 0 + retentionPolicy: + name: keep-last-5 + keepLast: 5 + prune: true diff --git a/docs/addons/elasticsearch/customization/examples/restore/passing-args.yaml b/docs/addons/elasticsearch/customization/examples/restore/passing-args.yaml new file mode 100644 index 0000000..412599c --- /dev/null +++ b/docs/addons/elasticsearch/customization/examples/restore/passing-args.yaml @@ -0,0 +1,29 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: RestoreSession +metadata: + name: sample-elasticsearch-restore + namespace: demo # this label is mandatory if you are using KubeDB to deploy the database. Otherwise, Elasticsearch crd will be stuck in `Provisioning` phase. +spec: + task: + name: elasticsearch-restore-7.3.2 + params: + - name: args + value: --ignoreType=template,settings + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-elasticsearch + interimVolumeTemplate: + metadata: + name: stash-tmp-restore-storage + spec: + accessModes: [ "ReadWriteOnce" ] + storageClassName: "standard" + resources: + requests: + storage: 1Gi + rules: + - snapshots: [latest] diff --git a/docs/addons/elasticsearch/customization/examples/restore/resource-limit.yaml b/docs/addons/elasticsearch/customization/examples/restore/resource-limit.yaml new file mode 100644 index 0000000..4361a9c --- /dev/null +++ b/docs/addons/elasticsearch/customization/examples/restore/resource-limit.yaml @@ -0,0 +1,35 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: RestoreSession +metadata: + name: sample-elasticsearch-restore + namespace: demo +spec: + task: + name: elasticsearch-restore-7.3.2 + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-elasticsearch + interimVolumeTemplate: + metadata: + name: stash-tmp-restore-storage + spec: + accessModes: [ "ReadWriteOnce" ] + storageClassName: "standard" + resources: + requests: + storage: 1Gi + runtimeSettings: + container: + resources: + requests: + cpu: "200m" + memory: "1Gi" + limits: + cpu: "200m" + memory: "1Gi" + rules: + - snapshots: [latest] diff --git a/docs/addons/elasticsearch/customization/examples/restore/specific-snapshot.yaml b/docs/addons/elasticsearch/customization/examples/restore/specific-snapshot.yaml new file mode 100644 index 0000000..9557382 --- /dev/null +++ b/docs/addons/elasticsearch/customization/examples/restore/specific-snapshot.yaml @@ -0,0 +1,26 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: RestoreSession +metadata: + name: sample-elasticsearch-restore + namespace: demo +spec: + task: + name: elasticsearch-restore-7.3.2 + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-elasticsearch + interimVolumeTemplate: + metadata: + name: stash-tmp-restore-storage + spec: + accessModes: [ "ReadWriteOnce" ] + storageClassName: "standard" + resources: + requests: + storage: 1Gi + rules: + - snapshots: [4bc21d6f] diff --git a/docs/addons/elasticsearch/customization/examples/restore/specific-user.yaml b/docs/addons/elasticsearch/customization/examples/restore/specific-user.yaml new file mode 100644 index 0000000..8e30318 --- /dev/null +++ b/docs/addons/elasticsearch/customization/examples/restore/specific-user.yaml @@ -0,0 +1,31 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: RestoreSession +metadata: + name: sample-elasticsearch-restore + namespace: demo +spec: + task: + name: elasticsearch-restore-7.3.2 + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-elasticsearch + interimVolumeTemplate: + metadata: + name: stash-tmp-restore-storage + spec: + accessModes: [ "ReadWriteOnce" ] + storageClassName: "standard" + resources: + requests: + storage: 1Gi + runtimeSettings: + pod: + securityContext: + runAsUser: 0 + runAsGroup: 0 + rules: + - snapshots: [latest] diff --git a/docs/addons/elasticsearch/customization/index.md b/docs/addons/elasticsearch/customization/index.md new file mode 100644 index 0000000..c41529f --- /dev/null +++ b/docs/addons/elasticsearch/customization/index.md @@ -0,0 +1,399 @@ +--- +title: Elasticsearch Backup Customization | Stash +description: Customizing Elasticsearch Backup and Restore process with Stash +menu: + docs_{{ .version }}: + identifier: stash-elasticsearch-customization + name: Customizing Backup & Restore Process + parent: stash-elasticsearch + weight: 40 +product_name: kubestash +menu_name: docs_{{ .version }} +section_menu_id: stash-addons +--- + +# Customizing Backup and Restore Process + +Stash provides rich customization supports for the backup and restore process to meet the requirements of various cluster configurations. This guide will show you some examples of these customizations. + +## Customizing Backup Process + +In this section, we are going to show you how to customize the backup process. Here, we are going to show some examples of providing arguments to the backup process, running the backup process as a specific user, ignoring some indexes during the backup process, etc. + +### Passing arguments to the backup process + +Stash Elasticsearch addon uses [multielasticdump](https://github.com/elasticsearch-dump/elasticsearch-dump#multielasticdump) for backup. You can pass arguments to the `multielasticdump` through `args` param under `task.params` section. + +The below example shows how you can pass the `--ignoreType` argument to ignore `template` and `settings` during backup. + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: sample-elasticsearch-backup + namespace: demo +spec: + schedule: "*/2 * * * *" + task: + name: elasticsearch-backup-7.3.2 + params: + - name: args + value: --ignoreType=template,settings + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-elasticsearch + interimVolumeTemplate: + metadata: + name: stash-tmp-backup-storage + spec: + accessModes: [ "ReadWriteOnce" ] + storageClassName: "standard" + resources: + requests: + storage: 1Gi + retentionPolicy: + name: keep-last-5 + keepLast: 5 + prune: true +``` + +### Ignoring Search Guard Indexes + +If you are using the Search Guard variant for your Elasticsearch, you can pass a regex through the `--match` argument to ignore the Search Guard specific indexes during backup. + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: sample-elasticsearch-backup + namespace: demo +spec: + schedule: "*/2 * * * *" + task: + name: elasticsearch-backup-7.3.2 + params: + - name: args + value: --match=^(?![.])(?!searchguard).+ --ignoreType=template + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-elasticsearch + interimVolumeTemplate: + metadata: + name: stash-tmp-backup-storage + spec: + accessModes: [ "ReadWriteOnce" ] + storageClassName: "standard" + resources: + requests: + storage: 1Gi + retentionPolicy: + name: keep-last-5 + keepLast: 5 + prune: true +``` + +### Running backup job as a specific user + +If your cluster requires running the backup job as a specific user, you can provide `securityContext` under `runtimeSettings.pod` section. The below example shows how you can run the backup job as the root user. + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: sample-elasticsearch-backup + namespace: demo +spec: + schedule: "*/2 * * * *" + task: + name: elasticsearch-backup-7.3.2 + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-elasticsearch + interimVolumeTemplate: + metadata: + name: stash-tmp-backup-storage + spec: + accessModes: [ "ReadWriteOnce" ] + storageClassName: "standard" + resources: + requests: + storage: 1Gi + runtimeSettings: + pod: + securityContext: + runAsUser: 0 + runAsGroup: 0 + retentionPolicy: + name: keep-last-5 + keepLast: 5 + prune: true +``` + +### Specifying Memory/CPU limit/request for the backup job + +If you want to specify the Memory/CPU limit/request for your backup job, you can specify `resources` field under `runtimeSettings.container` section. + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: sample-elasticsearch-backup + namespace: demo +spec: + schedule: "*/2 * * * *" + task: + name: elasticsearch-backup-7.3.2 + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-elasticsearch + interimVolumeTemplate: + metadata: + name: stash-tmp-backup-storage + spec: + accessModes: ["ReadWriteOnce"] + storageClassName: "standard" + resources: + requests: + storage: 1Gi + runtimeSettings: + container: + resources: + requests: + cpu: "200m" + memory: "1Gi" + limits: + cpu: "200m" + memory: "1Gi" + retentionPolicy: + name: keep-last-5 + keepLast: 5 + prune: true +``` + +### Using multiple retention policies + +You can also specify multiple retention policies for your backed up data. For example, you may want to keep few daily snapshots, few weekly snapshots, and few monthly snapshots, etc. You just need to pass the desired number with the respective key under the `retentionPolicy` section. + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: sample-elasticsearch-backup + namespace: demo +spec: + schedule: "*/2 * * * *" + task: + name: elasticsearch-backup-7.3.2 + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-elasticsearch + interimVolumeTemplate: + metadata: + name: stash-tmp-backup-storage + spec: + accessModes: [ "ReadWriteOnce" ] + storageClassName: "standard" + resources: + requests: + storage: 1Gi + retentionPolicy: + name: sample-es-retention + keepLast: 5 + keepDaily: 10 + keepWeekly: 20 + keepMonthly: 50 + keepYearly: 100 + prune: true +``` + +To know more about the available options for retention policies, please visit [here](/docs/concepts/crds/backupconfiguration/index.md#specretentionpolicy). + +## Customizing Restore Process + +Stash also uses `multielasticdump` during the restore process. In this section, we are going to show how you can pass arguments to the restore process, restore a specific snapshot, run restore job as a specific user, etc. + +### Passing arguments to the restore process + +Similar to the backup process, you can pass arguments to the restore process through the `args` params under `task.params` section. + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: RestoreSession +metadata: + name: sample-elasticsearch-restore + namespace: demo +spec: + task: + name: elasticsearch-restore-7.3.2 + params: + - name: args + value: --ignoreType=template,settings + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-elasticsearch + interimVolumeTemplate: + metadata: + name: stash-tmp-restore-storage + spec: + accessModes: [ "ReadWriteOnce" ] + storageClassName: "standard" + resources: + requests: + storage: 1Gi + rules: + - snapshots: [latest] +``` + +### Restore specific snapshot + +You can also restore a specific snapshot. At first, list the available snapshots as below, + +```bash +❯ kubectl get snapshots -n demo +NAME ID REPOSITORY HOSTNAME CREATED AT +gcs-repo-4bc21d6f 4bc21d6f gcs-repo host-0 2022-01-12T14:54:27Z +gcs-repo-f0ac7cbd f0ac7cbd gcs-repo host-0 2022-01-12T14:56:26Z +gcs-repo-9210ebb6 9210ebb6 gcs-repo host-0 2022-01-12T14:58:27Z +gcs-repo-0aff8890 0aff8890 gcs-repo host-0 2022-01-12T15:00:28Z +``` + +>You can also filter the snapshots as shown in the guide [here](https://stash.run/docs/{{< param "info.version" >}}/concepts/crds/snapshot/#working-with-snapshot). + +You can use the respective ID of the snapshot to restore a specific snapshot. + +The below example shows how you can pass a specific snapshot ID through the `snapshots` field of `rules` section. + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: RestoreSession +metadata: + name: sample-elasticsearch-restore + namespace: demo +spec: + task: + name: elasticsearch-restore-7.3.2 + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-elasticsearch + interimVolumeTemplate: + metadata: + name: stash-tmp-restore-storage + spec: + accessModes: [ "ReadWriteOnce" ] + storageClassName: "standard" + resources: + requests: + storage: 1Gi + rules: + - snapshots: [4bc21d6f] +``` + +>Please, do not specify multiple snapshots here. Each snapshot represents a complete backup of your database. Multiple snapshots are only usable during file/directory restore. + +### Running restore job as a specific user + +You can provide `securityContext` under `runtimeSettings.pod` section to run the restore job as a specific user. + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: RestoreSession +metadata: + name: sample-elasticsearch-restore + namespace: demo +spec: + task: + name: elasticsearch-restore-7.3.2 + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-elasticsearch + interimVolumeTemplate: + metadata: + name: stash-tmp-restore-storage + spec: + accessModes: [ "ReadWriteOnce" ] + storageClassName: "standard" + resources: + requests: + storage: 1Gi + runtimeSettings: + pod: + securityContext: + runAsUser: 0 + runAsGroup: 0 + rules: + - snapshots: [latest] +``` + +### Specifying Memory/CPU limit/request for the restore job + +Similar to the backup process, you can also provide `resources` field under the `runtimeSettings.container` section to limit the Memory/CPU for your restore job. + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: RestoreSession +metadata: + name: sample-elasticsearch-restore + namespace: demo +spec: + task: + name: elasticsearch-restore-7.3.2 + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-elasticsearch + interimVolumeTemplate: + metadata: + name: stash-tmp-restore-storage + spec: + accessModes: [ "ReadWriteOnce" ] + storageClassName: "standard" + resources: + requests: + storage: 1Gi + runtimeSettings: + container: + resources: + requests: + cpu: "200m" + memory: "1Gi" + limits: + cpu: "200m" + memory: "1Gi" + rules: + - snapshots: [latest] +``` diff --git a/docs/addons/elasticsearch/kubedb/examples/backup/backupconfiguration.yaml b/docs/addons/elasticsearch/kubedb/examples/backup/backupconfiguration.yaml new file mode 100644 index 0000000..e98bd01 --- /dev/null +++ b/docs/addons/elasticsearch/kubedb/examples/backup/backupconfiguration.yaml @@ -0,0 +1,33 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: sample-es-backup + namespace: demo +spec: + schedule: "*/5 * * * *" + task: + name: elasticsearch-backup-7.3.2 + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-es + interimVolumeTemplate: + metadata: + name: sample-es-backup-tmp-storage + spec: + accessModes: [ "ReadWriteOnce" ] + storageClassName: "standard" + resources: + requests: + storage: 1Gi + runtimeSettings: + pod: + securityContext: + fsGroup: 65534 + retentionPolicy: + name: keep-last-5 + keepLast: 5 + prune: true diff --git a/docs/addons/elasticsearch/kubedb/examples/backup/repository.yaml b/docs/addons/elasticsearch/kubedb/examples/backup/repository.yaml new file mode 100644 index 0000000..73bc391 --- /dev/null +++ b/docs/addons/elasticsearch/kubedb/examples/backup/repository.yaml @@ -0,0 +1,11 @@ +apiVersion: stash.appscode.com/v1alpha1 +kind: Repository +metadata: + name: gcs-repo + namespace: demo +spec: + backend: + gcs: + bucket: stash-testing + prefix: /demo/sample-es + storageSecretName: gcs-secret diff --git a/docs/addons/elasticsearch/kubedb/examples/elasticsearch/init_sample.yaml b/docs/addons/elasticsearch/kubedb/examples/elasticsearch/init_sample.yaml new file mode 100644 index 0000000..1337e9b --- /dev/null +++ b/docs/addons/elasticsearch/kubedb/examples/elasticsearch/init_sample.yaml @@ -0,0 +1,41 @@ +apiVersion: kubedb.com/v1alpha2 +kind: Elasticsearch +metadata: + name: init-sample + namespace: restored +spec: + version: opendistro-1.9.0-v1 + storageType: Durable + init: + waitForInitialRestore: true + topology: + master: + suffix: master + replicas: 1 + storage: + storageClassName: "standard" + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + data: + suffix: data + replicas: 2 + storage: + storageClassName: "standard" + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + ingest: + suffix: client + replicas: 2 + storage: + storageClassName: "standard" + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi diff --git a/docs/addons/elasticsearch/kubedb/examples/elasticsearch/sample_es.yaml b/docs/addons/elasticsearch/kubedb/examples/elasticsearch/sample_es.yaml new file mode 100644 index 0000000..253bafc --- /dev/null +++ b/docs/addons/elasticsearch/kubedb/examples/elasticsearch/sample_es.yaml @@ -0,0 +1,39 @@ +apiVersion: kubedb.com/v1alpha2 +kind: Elasticsearch +metadata: + name: sample-es + namespace: demo +spec: + version: xpack-7.9.1-v1 + storageType: Durable + topology: + master: + suffix: master + replicas: 1 + storage: + storageClassName: "standard" + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + data: + suffix: data + replicas: 2 + storage: + storageClassName: "standard" + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + ingest: + suffix: client + replicas: 2 + storage: + storageClassName: "standard" + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi diff --git a/docs/addons/elasticsearch/kubedb/examples/restore/init_sample_restore.yaml b/docs/addons/elasticsearch/kubedb/examples/restore/init_sample_restore.yaml new file mode 100644 index 0000000..7ec161d --- /dev/null +++ b/docs/addons/elasticsearch/kubedb/examples/restore/init_sample_restore.yaml @@ -0,0 +1,29 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: RestoreSession +metadata: + name: init-sample-restore + namespace: restored +spec: + task: + name: elasticsearch-restore-7.3.2 + params: + - name: args + value: --ignoreType=settings,template + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: init-sample + interimVolumeTemplate: + metadata: + name: init-sample-restore-tmp-storage + spec: + accessModes: [ "ReadWriteOnce" ] + storageClassName: "standard" + resources: + requests: + storage: 1Gi + rules: + - snapshots: [latest] diff --git a/docs/addons/elasticsearch/kubedb/examples/restore/restoresession.yaml b/docs/addons/elasticsearch/kubedb/examples/restore/restoresession.yaml new file mode 100644 index 0000000..66f783f --- /dev/null +++ b/docs/addons/elasticsearch/kubedb/examples/restore/restoresession.yaml @@ -0,0 +1,30 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: RestoreSession +metadata: + name: sample-es-restore + namespace: demo +spec: + task: + name: elasticsearch-restore-7.3.2 + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-es + interimVolumeTemplate: + metadata: + name: sample-es-restore-tmp-storage + spec: + accessModes: [ "ReadWriteOnce" ] + storageClassName: "standard" + resources: + requests: + storage: 1Gi + runtimeSettings: + pod: + securityContext: + fsGroup: 65534 + rules: + - snapshots: [latest] diff --git a/docs/addons/elasticsearch/kubedb/images/sample-es-backup.png b/docs/addons/elasticsearch/kubedb/images/sample-es-backup.png new file mode 100644 index 0000000000000000000000000000000000000000..f902c53009bf9ef6f1f6bc253e70db267c3d4e78 GIT binary patch literal 47633 zcmcG$1yEdJ6D$cdvpC3p%42ZtspA*uui_vjov8J{47BPpVL z7T^zxy@aL{92|NN>VvpD++t$ z>JxsSC4T+_JYt**I`m-2dN61!aA8M|5CU4~;s3tZ_KLPcv~XHf0S*zJ^~LuwrKP94 z@4;u+0?pV(l16f@-qeK-vNtW<3$)_4C7gu$v8jnrg&V@UKMaBzC(9ilL-EJHCugN z4njy4B>RYva8}|~pFdkqO2Y2X_9HW@yOMxA@9|DkE85??^Wr)iKzJtJZtMl&3Grn8 zzLK}$9T;Sy8Febx;uc`{e_Rk;toNS0eZ0nT5axeI;w+0Mpy0Jbn!H;jtsdFOkrpEpH z)rP)s^x<AAMjt@v}MYsyLuTc zYALvI&7jUTb*G1tl}MpKK13Yql|z4x>}~uR>1gRxfh3(|(4ipB{NAxj{N|@Njy!2k z(D*y}%cUiYr{_HIWAgz$l{h3R_)u{Eu$J;bW$NdJ-EB=UxQWY)wFZOF80dzhJLYuK2Q+bPacYK2Z#nc(M6ZL02 zT;_|CQX}!WS9q@k))1pciF%U%Wa(`$H(F(Wg803oO{vFNY5esBljPw#z5bvz#Ac7& z`TXN^I9olBT=@j&42-DZXD1$lRLsc(4xK`{TEx7U@ukhpRDz7xonIFA14AUro5|_@ zZ^}sfQIgUUwB;)HaREyR%mw| z3gsHoiv0ch(ndkp+a4}zjsyx;_ux+5w0L^Qm=i5`lbAxlh_-f;w z*gY{FDDLyjy+dU-7N+Lwf6|mW?R#Fk4UA4Q1Qi(htGvhZCzcMf#Ukk!Unkjq1Z46Z z$XiXf^!?s;ywKy0uIv^VYSr3Z``HPvLxBI?Hly9`2An)~(rZx{-=t--nATigx$m`} zh((;3>r8!_0el1O+v`V7KZ6Q9HdqSWYcGe7bOn5#zbU@?Inx5%N5k8RHf}YLcf(n^ zqHkUKz^`sDL&FTLd@PMt!)tbb;99#=+I_$}@cX)E7bmV4Cj<^|^KG0rl8FmT3Jjvc zdbxwyT{T`krr(hq4(pi zS3Nt2+YMha)Tb{MG1&;?E}>CRVne*L>cQK*SnqiDoe6Onm6HF0nbMn}`dAn^#FyJ&`@S1DU>)_shlY<=?4F(j6 z!#wcQR&k_bNq*-aJF7c8E4}f%ok6x);B|kv4G`}!bt*8%>henO$Mlp3B3o<4{5`U&GK0C(mo#J%!2W80 zJqIq9eHz9GcH*pPRlji^5#ZSi0GQ%t=thn@tiUHlJr~$=7?BN}jMexAOyIzfO`RF2 z(DW8ipV=)v44)H_zm*YySehQ4itNs5PntdF<{fo%a4It;ccS(r5ffC<94p~WfSv<{ zF}UlJ*pPWNx-aG~ekioWk4;Uj1 z!rCU+0u1eJ?g6BExOY3OR!?h1_;{UU?etlLLH1?X?vIq(#yH3mS(%-X;9jh$U7el) z;DGoX>hUbN-F1*)?81{Q*w1ZF9n5L>jkeaxM53OfY{Rpge`b4^gQTmlA@jsgRm!~& zbwyH$anS0{8~epp*n;O`Z>f4p3LksJ`w8D|T6xB*y`0P&?GlzkOV~w-3Qy5|TjhDj zw3H<~NoW8vUOx+KY+!r0qdS@=xL8@A7$_)bR$8>yFg~)2LiUW5$RNJgz3NgG>IjDD zFgNYGEOFfP9GFszmQJ^_wjAaQBO~Bt%n{EHE!t^3X5HPpQ6OO-K@f@HM|PstXsQ_j z<_C%yIkO>dne9t z@}F0kS3{EMDiifu{0pk)PQ&|}+P}^4N4g242p?=c>;Dun(L|tP9lY-fcWPPvp$Q9X zyI;GZVDH4?`{hDERPIjwd9(3a=mR6}XO~`1#=)J2Iu()DkW+CGt4=Pilj=V?boUz| zrwF19XqU5B|1p#I*sqJyN;GjxLfv1U4iv0q%-l!0*7EYN@_3kJ34a~9PUm1g=$>lc zoMwy5TD6DdEVmO!*WeqhX*iCQw? zu<5(AYaOZSbu&Mqi|glesD0br1dXk#W50O1{XVz-`bKEX$>Ty-IC^o|_Rek22gJ8l zAD47{myLn;vc@I$b3h=%8E+}-F)ZDt!NtRsLPn7j78si^G&@70&!xpv7hn7-*@ha7 zYYX35I-pe(R*&o~lv;2bun4-(Xw;V+dFgTTG>4{!9g8=)bIkR-_00Jp`K6UQE zB&{b1r3v1_$H(qZB^AY+zTI~QXt_ie1Sj9>w6SMc%Dh^7_L+kU-HQOh$Szb&c_G-* z?RMM=ercqGo5c^%pAHQ-KU2ZH$ASTOyJqW87Q(*Nxd)v9!)rWF(vQh>8*aFiAe!~P z3UhN#0oaa7^7CFitJH2CX>1-|-iwLldCNGTCu`N!c`N=Oy3$=QFP|;+%nRyh^@Y;q zWwbuci?V{@qSnVT&ENPVHT5Sac+P>TPBl)}KidXx$Dpd8Ea?Gbx(t&?pR7K__$}kP zYeg-1&Iy}YU6hsN%{$d7 z13i=LQ8S3q(7gn}STx&~c|aIS;pj99&s{-Fg<%{Mww-t3!8DL*-!Jw<{x~_suj}{c31GbK$BzI2&34{@CVFmn9>dsPg7%}C zXA&2rrQDy*blO>Cy_|}*n6?gmIc%)-SC9^e&y~Rm=0_u6<9!`w3Ux`bhtWe_-=o2=Z-#g`A^`AlX9L{{+b^R$uNaWi^r``clXZ5UA@*I!S_q-T{DSb`( z6})P;-5j@?G#JW-6)=S%6N=b^h_{GG^nIC)7uO3tbE9G0MkhRAb3fc=$zN@DzNN1> z9PB$wxXHs0PvhjlbLaKsGjW>)MhhY@i?OB^f&`P$exw`^dp}tjh2qr(NCXUk@}Hi& zx7E-%lzd|Q0T2B{cM~wT4&c>RbvHeZ6H63^vR23w6(`-5Z86lZp${vu7zhfQqtp2R^C) zZrh$F4VX`pTZRBTM@esQX8`n^kN(|JJlt=5x2H?P2raS*DhIl;!1nO-2>LSisdG>= zJQg~&GhwVW0<{cqEboJMdJmJ0EE3e+sNb*gY}{FTgm~Ojy_~e|CcPZi8eavC=Mnfx|=7LQ_)2H3qU#i-VR`LtNL($2}dwwk=3@no&;LVQGvj60kjYPF&i}X>K zwnrB--PyO5#0c}P$gXdGMgG%NFoAKG3D=rVPG3=Xm3m#9?4zd4vubn$r=qaK=W$1Q zs++|No)14V(KgbycZok4a|%Al7X7?yS%nF{{;Rx>wj_@s;mij^#1lKb{#(LP?@ATF z@_HPg&tgu*1AIsoJS!s8)Je{M4RZS)si<47!(?dg&Nks3;&u+acGR#E9iR4mbd^r*dpW_s&tx^u zXTEr9WhwhHRTdHH%@Q0I{2e1w*+0FDSXk_)?DFklWAA3#1va#hkQ%Xo*1s=E|D&8& z9{-cRA(!y~?n3U{aXQL>(6F<;ZQnfKFrQiApZ2f_@xEG5(s3N1YMuWpU1Myq@o;dU zTjK@VXuEfcva+zF|I2$MB$2aw`Cq@nchGcPh!@CZbXnG(yK?_sjwV$DclU;)mACy< z5CMAvUVqEOp1xw)e(T;)eMuSK@9uTx~8sD7ir zV1hs7k^{n*o-fkY&YmKJ+v5u?Hl+X4de^sZ*bclnQvR295WRgfMCQP^oawdCb}wks zA8orMv=WBcnTEd4HEf%T0~*+{WX0fQDbkY#^4(W;Bi4j>H%m4xiP~knFNEaW#yA zjxJP>ejdo}rgpN>M>CL)J3p(tMfh~QLUxF1d7b`P*|Wap8zn{N(X`q`Ja#P3tk)f_ zM6IK=9=RRQiNtoREo^m#Ckxom7qUoRF*A>vFZjbFT+eeu+ZwA=#r1glN!`?xZ;y%= z_9LTW!`+Q#{0^de38cM^=%+tnx6ZeY7SU4DFoey;e)Iihi=v65W*yoX@8;GHX0R4G zQHp=#q^hN5iFo04v455_xj1OwA|lw)eUhER>S(}nQOL_gT#jby^B^k?;} zkFW_%YgYK_KLfbT5K{eukXhp6;J_wVFmCQ?U;t@q{GNZ0^{bwYE8wGseL~VIQ$L+l zy>S&~?2hu+RZ5nDz=1?D!|?&^_iMR)6|;;QjA}-!asB-)eHZhms;bFyExjL^iYz>& zu&EliD50|zT8vY>=t|Y7gf}V@S|upsmo!rmVK%5N-6mCWdcRx=M~}VPV^=CQ88xh3 zi7Xo9Yi5d^EG8vAL~x4Gn`tQQYF|K- z8h%^l8kGaKRA=g1$6zt>Ug695L6E2aH}*mL4(ni^S9=A`APn1H>Wb$acMY=Ff3ctuxG0>!)BGMp*VM@xdbV&+q zHKt9~P^aJ-%mvn3&&01fZFbh{Bjxfcxo3AsdTUW@;!E}q|b74g^( zaGz=|YESt41hdQ)9}x)5)SfFt7!aQJG_a zVffWT^+oPfM$ba5xSR;KWKl+o3jHwE0R<|D{wNJiZ?&AIr9jWZTRmHNY`P*{Uprv4 zJr5bG1`oFG zNJR2X=Bx@tC9LM}<$>%vY(=?LoM^$uk|9xf7Q{aqYpp0a%fo+}DKk~NTALMq`xZF5 zfKaJbxsqE_5q+FXX~g7D6*KpgyD?)n5N1yP*RoJO&$rJ8tQ;jGY`nKhvM7avOWvbn zW_)_-UOkbaB&Yca)ybQ&a%5wQsK|sTRn9>%IY!E*HY@~RlJYwKI}aTT9YRu=>1uFQ z$$S2dGNb_&1-<<)B0_oX1itx6Ti_unCL1pmRMbY7Et4wubLGx){6ES#CM8D4`aDir z?`5Uy44|O<^ebL;*E3ZUEai;7TELy)#hmf2SAR6w{6xxm%f*6M@`#x=mo}u?c!{Zb z%P)^dZG|{gD8R)?3A0kQa(HBrl7$H}sul&OOVCz1V*#*K<0*GRTF}w+R9#u>Z8-=<~3p$UJ3JW4c}`URVFvrQJKHz#g;>@ zn?h9ji76q8FnA&%nJn!p#%%F^i)kMg&_Yhr6dgKF_NslRZQ>~0-Su8Cp&TyGY0eJ` z@)4T8#7PL?O}x|?dudgIR$ZJPo8Qf)hOMZvVOgce7%J&H-0UhcOyqF#i$CQ|uWg^?HiMJ9tTbZtj`TFX~d>J;9i8=0TeCnTALj1F>D=@x5@&bXPozL{>uLNnTza6SV38Q)vl1AG`oT)GDmWoz`?x9(harmUQ9WGSJcD!B#E?Oc@9qTh`&C)bcy zW;6pbOzudwGtqHBKm*yePdRVPa9wEe2*>9@_Fq{snkd!Yv_Kb{-Y(%Hvi?9 z{{J}t3*rBis{WUn*#FK)4Cq-{+%8;cMw70uJs&-KGfzv~{WC;o*%B&5~%Fl*mX@J~OiOnM3! z`*m%hY(JQ8v?#Wm|YO-~mKW0V@+w>P(ogKb&>j+~*e19$EXIy}f&L0oW zzokXdYYnKLzS8gU!G5U<1NM{#1}<@&_oEB@5wK-F*s65cWg#^q zqh}B4PRJn45u#^*GP{(Oxh+SkCMV)bLM2y0l^;W3x3`DxBBd(H%!`C=5K2QO7&Ap; zTh1sPcFW$8DJm8_pRA{+A~CRRsiTS%uVNDYef;kzw{kpBQNOLMB3CswG>s4GB@Yga zX+g(>M`UXAPaz#`v`NFJv-a3+TTm z;WQJLoko>L)%+48%vp0NOO(RBfdj823NR2Frs@vaWvChGkj(28Rb!>az92M@eCajn zBp{SG(qewEI-*^iP05{+`%$9=2NkCnt(oFe_$|8@i(q*+EjL>5{KjaAzKQorgFdCoSC90BXt~#v=WKwr|De2-6=*K zMlSxy8Xc)r(&y&*9$TS3eOiP!sc+Rp3|CK{;KUyD3H$|**7EJ#S)Z@BM1pz;%)o6S z7{Lq4n~`j*$a5Qoco&7qwDtI7JB2A$^N_~*{Zi?ICK_3S^+-z{W^%K1ub;U^`+59= zvxRdt9fIE+NH%EQWMty`vmFRGB&Fy1ty)TdH`EKUmO0#*xrzQd3p62Phi!YLyTN@!ya)ix&v*$SUg?`;f`qWKi2w22=>BxNiQLY$A-AFTX zvKu$M=Sn*B`aq_gjoX5zOVDCV&P_JXW+a@i+Al|}w}GOikI^jiCgPo~+d3iYTpV?T zQ`DCaI?P7#UURvU`zgiu%e-PNW2e@_a|!QiK3XE8p(~$^SE2&b!BN-xBGrtwsQeao-V%AUvLohp6$bJ6JTfAH z?C&l$N51rY0{ol~wW!_%a`mXG=7c9sF8Y7$Osl4_8eQmz_<1 zJkGD^>ogTA=z|6M-Qb|^+ds302Y0@{sWjy-K<~)WKc$8y%I4CmW;~sQJ9RV{3yXAH zq#!F5LO)n6p!k)O3rBnP*Hk>C<7AoX-i%DFwN3ea!)ps9Y!x*%rA)}@)*}l=X>ZI> zSAWYv=|RG@VoOGcN=&OL8}Eu=pD8#d$Msz4&&{->BnQa(2O_a6dZ=SEw>7&|_1<1- z9&oFyZASayg-BBI^A}Yvs$u@DmLPuIAl1)8YqwihFlm;SF$FdM%yh0&buv-qYJ-lC zvU&OHsKL3a8Z)#OPL03FBD4pNXNZpFabfnWa(~MX0nVVgXTg=$Qm)jJ8%|cRhKn`t z?H|GBEILQIlo1r0q4T@GT>-6>p}D!Dn8fIqO3Dt-jtn@(3E#Sis;ZpmXz6oq?Q7*R zr?;$S`1`11W1|PkY;N57e#mLY76=A+i%40%B_ynW?PbyVtRY=aUe;HYM6$A|EyY)w zoY(X!x6VmXNljyA%UBhDD-toaPDvGgDZ8cQQ3w?oRcJDg>~1#`(#38HfOJ1M>5LaC7%5G#6)MP692Dh* zW^NzJGo}yKFa#Tg$&(dV%p2jp^RUG{8po;fe1{_EMP7u#Xu9>&LngwqEjQ!z_R+*} zn&``$sq;ZgoRQW~NAGN=usHfzgwuTNSDc&d8&hw2_^**^3t~PMc#<}|?HQ@ZL81sA zOC0M(YhXFidK=Smh-vb)cp=EMX!jGxmG_uQ|CtMF*&GfnU@$A0K)3q}i`u6aPj|h- z(Zt0_sIalU8_v)s$}~E{6E*VB6f(|$2eTv84h>6R1ucn3^ zTBl|yT7r_hj-#k}gwM}iYTApyfsd;=BAy0$Ma9;-vp8reo7b@g-LpMjW&FUcje*0c zCjV_#zy%x9m{z)YsT{M)niwTJn4MJ;_>R@#UHqe)OodE&HBY{+E#8;BrBlR`xn^q$3h_fNv;r<0#HM@2gS5qP6|vD% zHMzZ#3F8+UbQ<4>F@VKT( zpW4Q7c(#`7VCmteBrrUKqHI<-&SG`*=op{;+#XHEA3UF1k&1s45@-_)&FjYFCMYhK zI@HfpXu_c@N5^eyj%mvIdJ^!GUU8YbBu3YJau##^^cnR2Hpn1glU54tE}E|kTOhdm z#x6COF6JR?EkzLdq@y+>Jl^?uC_UmvPeKmFM2g?EXy0gu4bQe|B*yx`4imoTXP~tb zFi=Y?J$lp?SX(Km?(u?3bpbQg$&`wX>V>=;hvX1_ZWoG5LUdB1WPn&Nz>gST(EuO$ zioECq-h?OLrt7TPxzaM+y%_5*KUo(epMd_0*p`?&V)4L&559}2^{lUZq@*&j7(;Ul zBD18Je z%tYaXr(3KE-o2AaChz08_{1LJ3QOAFeR*_4Vn`;`>K`l1kj!mN#8qHU8u+9zSX}G=gj2E-jYt(eMzEq|9OU?XUBg#JOYf1AH=vAfS_DuioqmWmpSpZ0BKy(L zwD2Dm(j#PUohnA;!^spz6@9Lg6`Za=k5N6Y0`SAbzI0eezA{r{XW%kr8+VTvdAA0m zkc;Nu__kdCYJ<<8kt2zxT_R!DTLf8 zC8!>=^(bZ)<{oAKrs7YH*@F^VN(R9+UFKI%5hX%>q*pMUOZtQQZLLd9@vY&sP@PTM z(Bg)2DO{ z%sf~O<25vpzMZ)g=toqNZPsmWA*ym zSOKtv@yVgT9Q0Wx-WrFHJVN9POs9^If| zQL`HLJn5((-WZn`Uf(K!*s|%u?j#B>jC3w5-U_?si&Z_CHmy0bPA*K+z( z`Xw&zs$*kFXsF>tiKh2S+T!a(kB7Sp&30eG_4W0SpFhV&N57GhdTLgU@1G}~V ze#gY`y8GeBW?Bl|rOpK}Q5{b4W|b`TmN*JX=1C}r`owBNEr zypK@|-jH~#y?|TrxzIg6Ik{R1V|jv(zOh|gzHzhoAY^E0 zIDb}mni@IU?Y8KXRFLWUt=AJcPF7i2xN*CO zh#paQ7i8q!2$x5DnZkpLK|xck^`9YvKK@pH=qs5$WJG1(D9pRni3F7T#>0%8j%d#! zK|YAYYnP3lo?b#q$_SXL^=w@PO{ROGIH^zk3ktDAzlRGy6H`+*$2AFaOc;W0Xu?{^7}V5@Su|j{Hd0altg(rB7G3? z_7>nUA6)~>+;V@t1B^AQq@;v-Z}skCQC>mec`yd4+1>RSP$5;`SB}Q_bvCmfK77ck zsfh>n7YnTERe}Rpr&UvJJI|-*cjsc;u#9Zm zyvHSUxr8uLraLqcM{~9B)^5dk(Tl4e4S|e-9A0w`>7AsCO8imqF>q|yaEOGwr#2h7 zABfzenA`)KfR!n!tBV^Nl37iZ7=lVe4-`r;WIf;Xo2G(=fngP#Wph5T<$S!O|BzZy z!K$RJ3_n$2h!7=oO*=h3jfjj~$KT$#y=|GuqAzD}&suFZ(zWM$GNEl(2`1+Y(CQL# zz5U_tpmF56YIU$k8aLN3NF zYkz+KZh$yECUEj>d3l+Vh6cg@$9r7-A>SSC#ja(0ymEv`qqid;4lZIxPfiN1ZgyHP zKh-U^x8LpAmFP6a0^oBRVyd@4{iC?xzKRw}#M`yf8R#5|msg*UGGwQm0P&51e`sDi ze}{0py`!T0P>GLKemIJ0)^vUL_SgfD-1MfLug@4OW;-^zzp)O_qVFLE*M04maDE$T zRiXjbgb2JCDct>G0Y$_7;W$4t8S_kB20A)X2jsyaT)FHs&fXa}Y(5a*YdYb(E&0at z87uf?9tZN1%`tPZxG+%Rt|LyZMityH_7-S^gAN?Lll$%O&L9aum)`>l?UIgHlPA45?&yH{H0 zaJ(kTWjohjJE=Dm<#%fg2MaCfax{e8wrjw8I1_6%7_Fx&0wm+8@l%Zaum}hSfkQ=1 ziboO|4ka=*=r9{=SwRpED(j}Lq1Q?JzPuNUe!`?ar!g<4Fo^l$iTPa*0XlaySk<`f zsAcEmXzNgV5(~IT8}~)BSxqnk{Nn3yg0J$u^90^2VPIg;e3JI~lU?f>4vk#;5_kI* zTK8u(1Xy4*F)^v|I59IDNi}8ER#)$X)#HILFJ|kL`rWdDWT+6lDe!B*o7qKsz6|0_ zhP(ILn_ty+bkZG0YpHp7l7ZhqOj{sHz_)WpTxM@tb5Cw>E%xsA{@iJUC=Tvp4Ei6S zSDTKF?ssRCMP+5sW&6YPS-Uvk#hjBm-RFC=S0Hj|G}x0Z@rvs*v$ja`fsM+ zpOyQ`0_0KGbx{rekBL4+e!nghg#5N|BFT?DY0dM#Q#ItVn)j}0&+p}G6JfU!B7@w-L`4#QHd;-+TGh ztScnzye92H&u(4#;6bb%W4lw?@zLcR0ax0Hz{xPjoX^Gluiw9q0AR)e52q-6+yHt$ z;N%m3G4S!F652KdB?> z(pVGBR;{>J`sR;gV_{LzGK|v&VF(!j_<@p!0tVyX9gN|$8o>=SHVUsr)rZ?nVP2o> z*C31@rudFn2ao7W=8AFmoIQ&B!-h^x?*n@QkT1f zIh_9}z_571W0P1eou?C9U8l3kbO?{v(IogJ?dGr>1E0^i@Wn3#0IQAwzpm18;pph- zcBd+XV4%oUheb*%4`363?=qk*IUxGm0Xt&Ut{b)s^!)H3fH>y0aLVxm8)juYT!Q6% zH(o^?&Y6(brY62sx4`kO)0D}X8(=t>pz4m#VHQ5Nx#qQaL(J z(*IP^sY$7oW}z@&O=9%%6y8{ZpG$q-*)_{TW^M3*vD=Ct_g!JJnS24Rq^b(j|M1Wr zavHH0Kpsp?%(ox_!zdisrrm|sG!P2hJZ~0+-fc#LO7?S99LA*>aT3Gv zd|4qXr2CcXF(HmYO*rPZOC#UwamY0zhu^*T>f(E3EFPMyQd4|=TP<6lzC zrGFq2ubv+Mh=N7S$Y`?tt7vzwF%IZS@XpkR0g{M_h`@0_MTvfUCd|@nttMf{xiOkC zRAJc7m%ca`ibbQ<+W!m#!_GmEhX@_kO9h&%c*{VI6ygC+p=-bXUG5IRQnS_)yR)+s z#wdqVI0||_rXjU%B#)T3E1Vobk@&>}fQJ+CBrHE@fAGzhNik~KA3n$%{qEs=4*2r= z$u(dBukYu9akN_fyd`?_hOuzaoMv>i(hF^gqmi$pEdY&Rx=jZA ze?W{&19^ex3wR2og8OMP#eB;i#4kLldD;N6<8K#C2Kly2ZB7P#!QsMXoU%3}gMyhs z&6h#E{a6)gL4vcyFITP}j^fTlKWFIL%=Jr;l-wTKf0Lg$DY%F{dN^)h3-Xb3OoC?q zKEI9)KoIOZ2Qr80UIYFa!5W=3_%cND*y(Ct6atgq7COP}kYB%4)XMedH*7}zZtDFw zEQ?$BxDUob4_9GX8M1)p_dZg;bV0B4!=KVDE~XdZ=O6;LUyaz|@j27}_>mb~0p@lL zCOc9%LL}(<8Z787kTUy@28+K}P3mVGxAN26*AvverMPb2J3GG?zWxz~$7%ov7zeE9 z4?2%qu77`=g!uR|0^Y+#D!b{^@dA1CoAW(DkZRw%j;uR60Q@<=T#a%9s;ka+eh^HC zzr+s>17j0x>+)maOL(w7LLMF-jQVZqfaO0e{ynpQyMc^G@N4A`dCY6yC%LKU>SXhz z8gf_id(2)&<{5_I>2sK|gLHUHi-6GGsj}}`v3_l{@SP+GE0elz^Sy&uS)o>&k*SPa>~9VnHQlQX+IUe^JvM#$|PsEMhfv)S<< z=F-=7_YmK`AZU-)6CyZ2kB5e_Q{p@t0QPvix5EieYguq&X!Wdo(5?%+rYH4;_xA&I z_f4CKTMvy81br{tu}o*rs@tHq-VY&Bk+p{-FUY)|M4wQwoSCHe>EJwibJS-pXKP++ zu9DGr-@NyDuO)N1cu8N~5B-hk2e@k65X!9?iF0qYck4&jWh9Y8eK)Mi78XTpuw@0x z2gH-H=PzIOm?r6pfdF@QW`16un~T`7iBUNTmN|vh@DU))j>R^54!zh@d#<~#Ud6Qq zK-It)46-UqTiO;QZdOj7tPDBp8(;rFN*X6{|Gv}0K!ZoAb``2PBi-7 zM@VpfcRTt;rKP5uqZzsR`Bes;k1VaMu7F^()lqR))6pRc2nc}n;RuaOOGyDeckc0L zdqV*7J~Z(}=KXLAbz+a}=1l;8xbvc}K+ z2Q6{Hu$9!*CYEnEz?}xZz6kh10!?ml*7ddBa!26wOJpRM5Qe&r!}}x>r5deLp`AKc#qU4<11B)) zv3lWqVveWf^#E2B@Rd~%h!5%fJOEHhN=mZrQ+KC4c1TN{^WVJtR#3FWQMwx~ltR+Lr54$lS25R#6Drh3-B zROdL&&Z=%h_?{$_&JzQ|`N^Eqn4+pGNKYYt`t<47lJV0OYbp-EN7}CHP425_k zOk9C})(9==#(v`_35n;QuhsjLKyD2T4z5hL-`5^>%z`~acmtYuVq#)+Jk}Fh?#^cc z4JOFB0yKG*Y-t0g-0G~SyR6Dvp@2+|fsPh@0r!eAgowxJL`yJz4>o?z_hv6+{~${w z=yKGpts7)JP(Ti0kfD678$&o30EA|>nPH`dmPzE>w{IJOUEXaQUX@+8KimjIWbS}= z(>4(Rg_s5ab5k`ISc`Z2ZV^A99dwTY12CR%a(PC`6%N8{rQgFn*KG6c@sJ0Y&*j*| zt-NjHIu7VCo(5+DlLzcYNnd|)-`h@YVh6Bu*w{)mD!VRAtmhhH0KLtZhb&l5{}x&thEPF+@3wjk0=e8%&k?PmVqcy{qVQMFi&&Ewdl?f%*dCeX_o zHwY*i$1}CS{r zKz)&UIs5R<#6wfq}Haj zZQzdi1=!d>#~2ISNR4STCBj%II`qhJz3H91$RI1xeAzvy&fvZgrSH&0!c1yrcGm72 zWEc5ltKy(uHqyW!MeiDtV@)UIPcg#F@NmSnDT>Dj|4BL8;U#NJGR-MEx!AMJM zu+kIieLihIoGCa<M zqjcJij?dX|nH2UQz z$;>k73`By_<76(7)b?<+VBu;jUfU%|hxFZ_Si?(~0d69PXZ5U{{Xw$}|Bl4^2zHV6MT zCP}ozzJvjLkg~$s$?V)#yo<`qH$gkp|M>EPn@Hly-`*(Pzd7^&tKO*eNrIc*U27nm zpS%IIX=`h1v)bcta=qO}j|24Dw_UaW&GE0zoqmA&f?NVmh8)Q5z5|)#uq%+1;MmY) z#IbF^JI~zx+bae-l`1=Y4;ET)4<7DW;Cg#|OPQ5*bapxHfc^$q+cTAlWOPr>h10s+) zI4DKWz@S-gn=#e`@PzP@tuN6-7Pi4n_ z-K^~@C`#=AqtYKOqVIpc`(NlM(Rtko=cVM%0nC>naWo;c> zsn6O@-o2{Ty4$vGc1Sxv(Jt;R{Wep3QKp+$;JT;F^zr%ICu~R(1}v}_WIZom1+>Cm ze0;9#k9hv~#akJ8%qdi|k9Y|dsWNF?Hor*0yK(Z5ZZOyvsndp)P^kGSNM9+LWAzQh z$zVIs@RKTQDv;-=nq&-&Kmq*{XvBxzgBo)Rf{p%3CEdN{K29QbaIJD)@(VM<<7S=S zw5&B)#UWa*fY))YA2E+dpj<28QEg|qk8YO7yk$sa3sLpB==FLiA6&s<2LeWV!m1N9 zueQyxH`eFn5MeM%Y6#-FdBm3lIweLNIvhtzG>B1If39=SmFi&L;76o$kpAj)(Y?P1 zHtB-OqP4oas4tt*6J$Fe$GNBh=iX>yBIaDAh3 zlGGBE$|hmmzY5gBW*FX(tXs!g>t8hK=OxR=$xuqK$EuCA67f}}_xQ;bN_zg?I^D)N<;iac)vX?4Qiv3pG=0jel)>2g$MYr;3fv-8>SJE{ zb&Lsl8ZJfWwT&jJ*3&k8$a==YwZ`g(E%i=VYG&Wns0ArW!P zLt{@%$#i-xwAvW61Ff#^kwH^cWGi`@*A^b7me0oXyCU7v#d}W~SZYs9hp!SM&-&9$ zTO-;6z53WOC2A>Z{jBJSoEhF@1mw`kM%Yfp{+62H&P405*}p@IB^7c?MVdr1X8l)?$|q7+Vu$SBd_FE4E7v$h-T~fxZxxu0 zFd}nmXt%tdO8*YYKgrD@SW+6^a2TO%d>de`(>c0swR#rx^vWAsFeXQ#KjzEjODC!p z!*P5{d;8BL@}=R}RATvdDLZIR%G^z%d_sD>;+=|;Ca7!GC^D%h>{9b^0S5sI)cXB# zp@A7AN@_dnQYn|ck7{o|`dbP~|KN~ZfBMoC&5Y2)&ok5(t5_c>d?zWA8Ke82cUP(>Wh9Mj$I| ztt9ta_ng=K&FhwFjqNSV`}WM%^eaazge5or)u%s^SC1C31g+QV8K%lq*`xEsm}`;j zthpbX#aKk!tF`Vmh*^0hQLe0i>s8*K<;XbtF3QPF=CPnLAS5F|r}U6*5+DeS)apKys(Q%VrJ?3 z`yAY43CsnQpV>{;j=g;=++YJQzE1!Lg)R#XENja3)#RkuMhl$pJ~$Id6oAZ&KxQf|oZ-M) zi-u%idt{(^S26s<6N0R)a;#gk*B(h-Urd0iCawPs7U9t(zRf+j(GKGjsC4 zUMu*wyEz(x6=1Oy66=xErm8L!4c4h2x8QJAY@d+u&r4_j}t;rna6f_8P z_+#6@(6$_enN00H_@$SUXRbvf)j7`_%UjG`{rW8hInxV?`x~ZTJ4(JvMa4g(ol++! z;*9MoOQ>ua`@g)I@>h=lz9*F^N74})5&sH=&xn!rHl;6=Luwaj?(A( z$-p+v_W&MSu%rcEJ}usiWj+~tuU`E1Fp%1DJd`wFGa>I$qZNs={1b>J#JQlNWn$GT zX5(qTA%W;9U#{b-hS|)AcldN+4FWp6SU6B#%XJT_oip$4c)^chJlF*KLMkFM4mIsa z{APk#d5`uj#m9c6jLF1o@h5qY7{VAB6TW3GiCwk6y)OsDB=1VftQ{GhBXIF_Xm4sw zCmWw6j6+n($%|?r%e_i+w&kKaa-H2ExXa<^;XIWTAeuHzu^Ie_WLvMFaMp!fUEMp? zg#&hgx_1v{_xxj!3wi#LtXX!B72G56P(+%F*F8C+_`4N!CXjS~=$1Cp5k~KqL(1#f zWdy6cWslOQQK#YZ{Uw0U7=+4-ZTE>O3jSJb?r2!);+I7^OL%jrtD}tr1#dq(hJr-Z zt))}8y9BHvoPwdlJ+BOk*osQtFlR6c+t?%jX$6_5ePkwf*FF(<@`yL&5ZDyk1?s|9 zgl^m0+wdFo5qK>D7th#_K_w;%r&W$Wl}RnZ#l^v8PrZ*4f7R+I3DGf|g+Qe7BFV%P z_7j|6mciG4DDw~Cs+dRu&LPO0eLO>~HG0B2|kCdlY(@@%6sn4LfudV-hp~TtltjIC(UH%Z89yR|6-r)yO?wD%qw= z#>Dknx(k@oSF%GGXdVmI*4AdcYter6tvHgET>o z$0*CS__)%U-6@cjAJ<$eSpQ9Im342YTUef!!oq(pUR*WL{Sg|lBw6qM=P#y+%Cy7g z4By1M|7JFL72U_VO+r>PCSCmab;0o?yzzdzER!D1nhezDk#qMy8DY`=>ufadSI5ZN zPsjycJNXqTePh`*%1R0Sl)%ocRlh?QY8e)kS@`|UDqhwT%Kr5kue~-P9ILb#$q*#m z-TS1H?{Hf4^M28`dB8`&&7qQO(l8+}@t@S%Z>(>fx(WLO0_+s|35n{KTBJ=S)>4>? z$U=8NI2xp642&8AJ_r-E}W_?Z?yGMdIx|T=kK`=|M045)5e{+8R7o=)IcOLzA zW%J}?%;l97&X4qA_NCUNxTg_jMGer+Va=<1}{74ao=PgY_8IMBW$COLD#d z=BX_PGA;8+`Rs48Z^_11QI<(nbeDO=VX7jKXBkmh`PzeeG2imnP=%Lv+A1CW`j)kF zS&Fa7!@7j;D=g3;UgFCpKP_NIjPjXTIfZ7st-fJaX3u<@9Ff(44cv*MhjM|KL!+-t z54iq6BvEE4>FzHr83RQ{B_*Zaj~1WaT;8cmfO6OaetsV5E#sR4f8tEQ?!?>=Gjlq{ z1xaB!1dAGhxe6DbvA$4`$liFW&9O59uKhw8DWYaJDNg6q`iQX$t?Ieo{e?jp+A*-021#+u)q^s~@?XtQtoJgwhD+N~%>lb3Mwbm*pbO z`7&ouO)`cb@qSIB=6qL1eGb$9p;xuawW;`!QC{##7}GPDR0`GVHRD#(p#T) zm$3f79smEkVV~E2_j;_X3)5Y?;MkMbYkZe0y!^)g9QYLL(X!hAzQAwtKfQqCb+^Ss z#sVz-ec*NgY@dV!e1LyX!j#~9`~TR({}(p&OO8$VXWxm$EL{6uZo3)wcZy!?E4=#K`f%Qs(fPKa!5u@VODWPitA$3F``Sn+xtoXYoSrNThAjD>yUWO4 zZmDK0eMyt6F39Cg9x;N{Q!CTfA7=lscRDpw(rY%ym&G)Xx51xNxyiz-T5k6CFRSZa z8~zwoeJ!&A7rdQnS@yVrp*c3hA!e>D_kWjkd+xxOSUGigW_2G{b+H0g{AH+iD?aNZ%Z49g1 zM~P&5gEx#cnyAdC%dyrQTl0}*pa#o2<9vg2v6>zpeg=;Kuy@Ek9VjO|Z~8R3v1iydkMcreIVcPrl>(_20oy zi%7}(2F&Dv&0w!*eKXrL}|6aOTh-ibwUgk2tQ%7{4Zyhg`TKjz^Z( z>g?%qV|QG*(npNkxJ)BOypv8;%$5Qu%YvGR$9!1!s>5rQGy+w_2w^uHthwp9!avH7f8Q zEiok3B~LW0pEN)br-=@|Kb_%woJE>_l#Vz+jQO-gnD>lr%V{PffI&Gn;tb-8TllIL zo~5Xj$MxlvXZh#ow+dFwTjc%ZhJzndl7@>Xin+UMl;b#wjj`A`f}gO^2&-c+JWYni ze;9oimi!NyXo?J?>Qvk&CohJC#;bU13YPckoMOR^Ez!0lO35$4JV|eiP0^dFB8^3N z>{T8awF*Qj@>4BjBq*$4hx%Py(U>+*#hYTAwR#zBf)YE@$n!$kMbsQJvuJogEXPP6`|%a|PH1UFA|o;DgI0 zWNYtuzH-A}dDDHafeokT^S=gIfJ~Yg6-5kinw0DV<)uIU7b`>)TtJ>I;G;{CBS21rVDxwV;?C-~1MIDg!`h_x2+ zt#V})9mH<*a^KxS>fIjWn_EcKd;A)bXhNkPdD$dOCi42+ymZ0IK&wzKqi*vP11}!(n(FPOc6;?S7 zv6LB&-)=1CusfW=Q3DuVDl=g`3){qzJd4C$X&|7qraT@R8Oc6?GZLgOtsI7|+n%=XTLOq)9W=`wPBQj z+DYZRB@j@)N&rD_WDfuG)MjG2UP^5l_0iK9o>VDZ2fC7q^_MU2Zz(nD>!lj@z42?P z9?hnF3lguL&};THiEyxk6&gjYPEIGURN(Lb*gA+!JnsG^R30mP9U?n+u{bxh)zFcv z?-(kgv}hb(BD&Cst=i29M0W3v%L=es?TIR0j)}Z}AD9>+oQ_o&SE!CZ`h(5Uh~>Cs z#?>GCoq4gZFn}SFY$~;!=#M3uj$4wr8;Y&OA1cr7VptMS@U>a(DFvAHF_H3E)v5*| zbfF~DsBfi5lbPu=H|8aYQt0EzR7-d5fel2yFC}!H34AAkt^pBzN3HE0$8y+$G}hPG z7lWesU{WU!0gTb+-r?Q#1P~J|t?0wtnwof^K$!%9an;dFceN{kI-CX25&(&`0D#mq zF-IJuY1%!YJ{}M7!nt=<&$U0+)WK3WsI~pYrbIR9Dp^sRyREu*^_Fg32 zpl!ZeZiELOJOc8KH>}Kyq`i;))8a_8VZ0==zPa+_2R1r+2;#e9YWEjwZWQ06$deAq z#wGK>^Pu;m>Z8)Zi>t_2lHroD<9sUOslT>r_Q4+auk18#3R1Enrc@XM?}XAT*U&aq|IoH5V0ofAvCf&*E+2SPY~Gwm`w zSEx@DYMiEMmE4`2Mctq##N3bc8%$nsgKbVfm}AmD-|O){7hR~LU#i@?@GsY@8{p6L z-rXBKo(|Ig0D6>AV={GG8)NrZilh>A5WBG8V;AvEM>w**7@jpTJ$>-5sDe=V3hy}hH{lP#J#)Dk1t`CN;fBLfDCgey!C zrI>b2Y|efv@mJ+~!kU9aO&uJN$*EP#9kH$Vk^;|YdW>R}2se@ruPMT;haXBcqC2{# z@iZ7`dz<6lC#sPLYj2-syk@?;Zh$iJ0swg5 zRXv~o=#@zvKmZ)tN%9EvzR~n0>=p&ex*&)Ds9VYbro3s0Z~DeSVzoWwfPW!|MVaQ- z&dO>9@IP1wt~|59WmU4n3pLhM_RWaRGq&tRf0Od0|=BU z_5F&r8wrCtyH7(Y{uZq{YQ&(_;A!>OQj`)s8C(tz`R}q*2Vte=Hivo;U?~N?;xdJt21`# z7ShySrYn0)z}Z9cFV0N$o+VRcb`xkv+~+64c`o?18REnP`f-z=;C4?<>OGM=Qfyn) z_)jOK?PCz@!>w|;UbS)O=0vv^T&bE;s?8De4$Dt7-bwVV1yv`Fntziw2nksU(3$lv8IS6}pPj^A`f0=8=I;JPR&Q#-g7ohnhhHHF zsh|}Bdd$yR+yt2RO@@(?)S`GgtxPt8YM`*n!hmWX1`{kalZJ#y*7Yv%^qS=D4O(87 zZ5@pIGfCA5!)FF(4JCKKoY-ip6X8lb6kSMbf#^7%Z@VUm9E3i7vIQ~l!4luA% z8Gt`_hPPv9cwfvqZdC9N0mE5TCRN<|89*SjcwOu>5_a}@rl+Uh#bdpE5sF8cSHN^r z53u2P;47_FnzeSPycU$MPTU6U%PD=z&6;sGqgIkz=KFza5ABmK9;j2L{K}BnCF z-^uqahWT#i$Yq1e!%nlkD%x$fWgj>U+H^FnKy?gT{#(C$67GTWe}DZ^ixsrxR_(LN z_0DJiShzK^OBgJ-sJ0x%L7#2a4h7*+XI{C z;DLb~s*4i{Wc$|p9AeZh2d3q*pV-!OB$2JRT}le}ZEkx>`~~;45L5!TOcv&YFWmk% zzA?y!3hLEtYPMchJ#onLy&OGJd*C_y^YU@J^XAEWXA#cif#yUIVx6<4OvoaFI~6T) zIZ$BM^kHg4s>#(M%6j9;;X-ZC98d2j_?H6nAnV@_9;p+*soI>Z*4X>SU+{-gQ-rxv zEPu-qqo5;PEeJERG9Js-Jbzxtr%gYlUaVaz=I=iX#m(B*t9q!K{kF>VJDouAHTljx zZ0t8{1;6V~*Z-Wu_4!|aTs>!fgdP7f<;{eT*$#8G3B$~NyJW*gsdeWc8BySSS!{$0 z+An@stp36QE4*O*=iz6suxGJF8v^l~473zOe4&aXk^C1-R@T;Q06~sLC+-vkP;;R7 zg+M@(t7OeO5yMiW&_eL@~Cav3$o-Q^D!86Lqvity8ZxwS{a`;PFGIWJa20Idu( z6GFXdb**k4VYC0m0(gszU~i*a>gp1K(4Snv1V{(i!U9aF(*UbJ0ByMILn7>?=9yJ& z@bdD)5AYLr?m2Nma%pL6XL;y(!xQ>NY8-{frEF};{pI*$3ucf_lq~T-d!*8Os-5!= z6npr{o~$zI9qm(+&VuNTL8)+`NAI{+y{z@!kzX-T>j9y6WHcTIa|6z|*OatP z6f#ZFJnNZ{MR*yCUGnVO#aH*=bSvN_QRUz&>+*#B%}!cSPNymCWcBR z-f@lbb%E9IbHBEW+4?~A3sE*UnrOX%S6uCGr8D_+)M$4Ond6>qy1RxvN}jTGg!9($ z#_>wF(bGG@Hz%A22OjW<=edr~67*EX*y}*}Y4pQzO76Qz0Dx5x0NYCzDj%F@@}BZ8 z3q{S2`1FLxoMrQG*aC@dBxWRa`u2w}(BEP{nDjzf`O)Iy;vH6g#|Hx9UILHNpR)JW zs5$_f)xbpuJ^%@r^$^B&z{-XxUf8~x^V=t~TQf_y&)L=s)$^s*?h#cq7G7gcVUT3E zaL?uN$DmCP3FrKVhslIWQ0~0xN+uTz$(Y#nB>&dDFKPaNxXO(LaE-+V!_%p9k=|xr zAv5Fn^qiZO-;FaCp-HMQC44XL-=14w4BYH49A$-Hes4x%xw5(#in?_@&sRwus8Jp{ zBSATA9CrJdf@H<{GQU6|eLBttdLC=0tvmD^!^?CgXzWo|j~v7Kg(rgrA$7zVL9OsT zIKG7crvpJhvYL_2!PU7>Kh{$BoATmI%^A$mwM=vZduGWyp9Ti7d(An@nr$TLWCvsC zKdco+>1TDTgXXgv6DE5ku0nM~M)r=UAW+V-BOa)t zs6xE$YrL|7Ne52G(yqpgi=V-*k{1&nxcK_W?sV1%C#t16b6Z+PxTQ3Fi@0b(BH`5J z@7n}!dIJNxiv zS{(H{A?~{#cuiZaK#hw%SxLQ$&)E z2yw$!onldUAtbu~9Brz=ND4D4At+&Bq&#&v(V?Rn6x?0`R$TyS98~M_!>%tzTX)TI zM*x7#^c^V$1G)_z7Qajj*G_y%ziT2I9v<$Qw<@n+CGbHuEsxF5OXl@5-1U4exX#;N zZ!5{>l$Kh*z1-X0#)1Q#SQ~5LTQRJbmXeio=ZR zu4UD!R1oog#-qowz86?tl!IH~zi+$fU3r^~#k;~Id3UY2j0Nn2KGisJ8wdo}`CRcV z`{4XFo_;w$cBuc4q%Y5v_^9%Ht*H#BsD~5==KHekwL)P?VW!Nht+aP`jpolH+i&86 zOH*AB_0JiQ&Bv6;!T0S{i9>m(Q%F>Q?e{1(p01Qf(o;Mcl46lC=!xcGTRDSYx|qgZ z_rl-q3*JHNd&d8sO0{aG^?=v)x{jX5e0SipnT$VYT6NVL1A^Onpv1&0^|)4%8GFiU z9*gflAaBK>mL~XO(Zx>B85=x1*DnXU4VAOrtU}3yM&dy~eN{P;71W#Kb4$ZUr4pCp zkB&~(mt0BDSx-6>eQDI}iN!>G8TMM87(JyM%z&sQHIrebm|J>*hQ2dC4=pwi5f7S2 zWx3k)KxJw&8;vfWTSjoSQeADnIOCc25 z`$*Vdt{Yz+@X{`o9X;n%Ac*In7H<4DE|*#YhM#zdKuM$W7skm7a!77#vO zyb;Gzflk|g2K(h?XDSBeDC8tfJ>7U2-CojG(^Kn6;r!g5`Cfhb{G?V%mPkO#)z8+t zRc+ieJ&Y|=H;0ilizvSB3sg^Fskz5(d7eRr{} z&YrJ6-V69j<6&0aD&gnU+?si8`|dFycfnomravxGp-|CPTQjd$#6cs!{-#G7_Ecrw zu&UX4hG)8|nRVodLlG51H=dW&y*)UOe`036ZR}G()iy(_9gu}z-{V!J9j0qbuc3RAQpn#VHxlpAWv5easH;*w z`x~2beIF9pDDICNLHEX_ZJ;(_TH3Y|IPamsJKy;c_$Tj;#t86;XDS#o;8nIfKCqHJ zv7TqA1KSHf+t<$i@#x1@n~nK|+Gex`O1_{o}Qb@P+Td5w#NC}w~p zV`jV?oa=2isx;>D-ClO#T4K)Az(C~h%i#|jMF&4e9!{625p%8eO(&C-m$miEynHHg zEbMoW$CVMb*v9ydBXagvSx!+=iYjyTwlA#ZbMz~YxB-ek-E(=SI)as}W6qyX_5s&{ zy9OLfAg%`>VL-1Cj$C0oI5@bI`PS~l{JRF=J6atOR~B3*RB%08(Vpvx+iuVbTLZ zpNZejU;dn+vw+mX8+{?nAPaC9cQr_zG|r<(WdEsQreXj8pr-i0t$QYk&pt^a1akZ2 zeXf5?s1NzGhX>kQb92ppR{s-(@@wE}a0Z^;n?KQ2bEOP=yu}BUa{n!){?CwRyN5XW z9bOeg81mR6mJpZhWkmeh9j$ryP5n2pPDh4V*}u<#t>4oB3wi!G-^SQ=?|q}o&PR(E z0Ey@E76)DZhsnNJ&%-`o;zx{#_UZ<{s%yz{={gw+p^BU+SBwI(?4U74L}QI5pt`pA z)F}QJKM~72DdgS)cl1z#!^ox#hT!t8|E@Sh+@k&NUr%;8_H^E?JHK~g*&?^?%1-Jx zK{MrP4M(#}SS08ICFBo+tdh7|fhwA}_Sf#CskjE^%YIs+8c~XDJsdNyKfwtyR9d&q z@=d8Nc&oS4--xKrg=+kY-S!W!u#8R5XFqcBDqnVAi(H|KTPw;$vl0_t)vqma*IR`o zB?sGl)ifO?Pz?pDzi*kVhR01n93DSe+|);l9=|sKrt#Du$Xy~>#!_;*%5mypfylOm zBV|KA9Se&hM@gnDjlXXGsJW#hXu5($QVx+RrKqzCK>XF#2PHtSk-$8NP0h zR)p!*zLK9XaRA5YKFf3*W3KcCU)D#3kSISEcA+L!4FyHHzN_H1L`NJF^NY0*FF$O1doL*qRvb-M}Bgcc2 zkvSf$~zt`l|w`IC`)`_~Q|ZJ_TV1 zXZZ+H^EdgLY-{%<-btt_^2VrA6}zi=XkbA(E}4sMl1nN~dj!Z&@FQO6Sg;Dm*pW|E zXnv8#kyfltVlBtDV;Jbm?IGv*lo@pJU6_ubm^s-L55f4Velqwb{#Q(|fOFCYN5i)ONSGNjqb@fon0)@8U9^jU+?Xr=uZLA{qoBX#v){}` ztjcSt4{NyMoLL6HZRO z|0c3=_~VnREezp~dBiq6_~;$m`ss(fS1B0qQNMy7!uOg}y8X8LP4-n$VEQC}+FTVE zpuRIP|HO0Rr{`dg(7~HD;DRPF1d)Y!t;w13^hPTmsu%K*8meR}FhShnSCF&J(>V>gXOKIX`Qvs#0Q~ zEK@yx(}XCT`gok~e^ez3aIuZ^<@;TaaqxyBNMXt6sqt9TJQ^ipDF1-ZdR=BD*G>th z!vAE+i|moA_447s-V}cWIJ&SfJH=3i$ZSz*|8OG?jp7Om`IHl#KblViR&DcM|*jcW!au6=@dtUUA7}$ve za;+{X{Azrrg|WHylSaLHXF_FZljOqfb<0W^UeyVro~HR#s`DDl2CqkpyNv~-JpX~(V(VI-~?r9 z%FBOD-IS*3f$)?g}$L=z>bged5fvCMH7{;5jE@XC*rM_(FkxrDX&( zZT`Emw3O4Z%2eSYA$nqIiJ|pueAJV+0=Wfs2TM77&8T|0qYKI_o0^&sWWgpa(!YXA z!He{NqaK(HaMN}kmSa|imF)2iwjWO0Ej&3qBIvB#yF5N5{(Z4`L=5&d*FtU2QJ5$X zoUa6@n;b0oRetI|Sh?yI4IVjSaE~c#Mo;yOyaIeUNL}qcgbb0}33HANHpl`8%$3Ty z>%!g8akDd|lDUE|zgt{6RN3o1r>zSDh63NdC;LLZk9WP*-Ir_dTWR_S2)z7Lmd=U& zVJF|hEflrgNVHOrUh}Kb)s8^4%vTCpTxvi6WhHlH9~cCD`%7&s&}QDnyI-kV#t?Fw zkIs)=xgtvaoo-}8?Ro^t^mXyBUrE+)I-EPPtoP{@H2D$M_&ZVL!hX7DW6WW3jaT@j z_BNSl zlsh#AeEPl1y~B~tE0vXD&qZ6SlBVd0`~!SOdFtTow;Abt58PLsCz3>d9Q86w4twZK zy=3Tp6C3%NEi5?xwdp(MnR61UuqR9=J8Yd7`)qo}%r$+;0Z&O+S(PqSg`CtG@rV7UXZ#_0F{G$I5Ab2}iAMwP|-4JNKX-(7u14xv-{0qnFL}vK^Fj-2s!O1w z_+mq=Qz!(yyQ)))QjAN|*dx=8WJ}o8bi4{?-;v*y25u`I0x1&*Yg#|VEZ>pK;gJ&! zjN{Wi0B3&gmV;fK3zQ~}>3c`Ih~X^vB5~D;OpAr8I$+!Ce5UL%WBRS5ZwZBqY_$qg z-nFnAb@TnwPeF<4fVjsK)hGl_BRrCZiuXz?uy~?!Nkdc4*GwMsUuB3#ywg2zrX?Y) z5!VGsOk9p=_uYt1q5m+4f+lnC(GhAU$9(>d$ADWFc)FvVVF9$M?9RDvI_i693IeDP`pQopn1PCZ}h6L5RMY0`@J>X!xjP zSWfW|wfV@qv?Q8bORu6&w8HP01>Ou_1$Yhor0H~$dG!L*WozyT|I{x8fss>yGyhRnPw}GGPX9LBw}GWE^kRWWi)Z~9mqMD9MZc}e zvfv)ihACd}BR{`(uo#m$Dwh=gfMCvQSee?{2v0_aX0x*C$&d2jY^B#-Hv3N4^A&iQ zF-v*#TcGs*x>|rZ7=`n0%FdiKALUmL-i?H-6vBJq>Mgmz?5{m|`6=-!oQ? zk`hwF`l>R#jNONBFIta4gyYsvo@-FNG2Bi(mSH1_B3X=%jfBO3wbAN;I&9TLJRE-CCGz!aLKsS?m4f@UJQ>- zZUW3EB}PlRo!jCyFylVknCqS!O>NJQ>(`3x3Vus^?|EcQC7sg_jt=;t)V^WZ!Yke^ zyN5-aG3#+cU!DAeG8vQILdx>>@J-44*Go{(;pDHjq;vXb>b*WPg;IaM>?IE+1)KTJ zQ7!n623$D@){xhit|5Khug^=pVL>Jer;_Gkwet<=Eh; z8IbccVApa~^B%V<2wjb1pPoKX7pN^1C8BpMo~+>a*X?j^=R1E|p}G)qiIpzH>grktz&WBf5oK zJID}eb=Gj6r}|+5j6}(pU~#F0La)%ZVhf48n4MYH5Zf2wxFhm@ia+O#d!?}A>kzyk zAe9B`*Uy*~pQf%3+1G>$jIrS+J+b6DpGb!!HMyMf zfkkcTnAZG1lMco8_4d&I#Whb$iq8GmtwbLzm{d{%-p=yLb36mSbZ45Uug9(bLD zc*Z*kC}v-a6>BHBls(U)(L=no9Yl&{hN%cilfK|4??Y*5hCWo}@`rF}^d&r0AAK91 zRGfBYn)RM}6+2%u>g{r>@#?u~9}0_xrbbqKBiB?9KbUs)hazcLAZb1{*fcBa^Zl_a zI&$Hde-5eGHw0?3`3e+r?4ivh9lyfYs~Hg5bb=Y}obi1YVdqX=--tX2O&&+mk}He< zWC3!4ELx5wYR}cFS7}MQdEbBd<>XlZnW=CDf&(l9MXo3VuIPdLz;wSP6lC$Mk%p(u zu}!-|QoZIOqMp6w{N*=%es01}ho6FuwE#m3RFHuVT8U?poEDk7|Ik#u7XOMs&Zyx? z7DsEp5o-{nc5_s9>QgYSZndUy(|qevH&D3aFGDf zWFGq z(1x5p3V>21Qv@WvCpIzW5kE8X)M+Hxb=cCRXxV$(|f0WIQBPu7CFZ|ndtvDkMDycbw2rd z-Wcn@SOBd%i^9Ku|2kp}ori>h7qw#3z5i_wKt>*+|HTjwoio<})1i&KhjS*H?hco1 zJyLVMD2O{f0coq8dF@xUUVR2?yF(Lm7b7?OBQt zscbX&J&n<{y$9;Sh$CuF@^yEG2{9Jh!?hFUj);-GoJR={N}wA^xBTUrGB)}lHsuRUE{`Qam!`icwUyxDE+Wg=_ z!jk`z?Bo)!VTW6`emx!@>GzfUJ^8c4JVI>mMI=*YV~TO3>~Ls3=qq`M^;m)*u6{oP z3vMNjh}XiTdwVlZJ^eZ?6vv^PA$f^1o_o0-T*m^L*Q?$<;2UB!S?FV)md@M6){)MN zYuPlYCBr~l)t&3A>~*KC;UyXgSbtt(mT$eWd;rI{)4OU3;GK9H;)@Eo9%#D`|Baz5 zBDVlFos1b=?@vRHTm?T?)L(O|wjp?^KpF6_fJ^G68^ijzm;Lt^XMC})spuTQ zyA5ghKQI|20dLD0DQ~)G%mb{wVyZ&lwi78B+hq8@AMYjn>=vFW)B2~%LJcuqY$1NK z@gQy3=l6nZ?m=NQ@~|nbNvLqcF&PG&EK;Ub0CU<-5(SnWu41$GwTxL@{vibp&i>=H`CR(KYvu-{i-Hf%OPy1VIHTr>LwJ3M z)Rv_>(V5;II-RRk7T&7Tn17JoC$g9G(>xCQ{egzpD8cf5+22~MncdfL?xmYw{tp<| zzP4|n7~y-$Y0{_9?7dz5UE8|NM!Yk%)WCmd{aSX%@pz1-+YuI-TV0)4y?o_qn=PD) zD1ty|aPtUW#wzlnZO9jm@G6^c248~CIt#^78{$h67)r2VJV!VHP{WT7p-jbcBSGnwh-xz(6v92 zUA{?b6c#%{y*9qSaU{luU^eMhGkp?A%J;X9nL;c@g-~QCZQhYEeRvBP0cnMXw%r`! z$++L*MoHaBDO0)mKmg3SqJp#S5-{9!9?p;+IJ!AJ!Z{v*+{E0Kwt;dvh2Py6yt90v z@XphF+{_s|Q4cXOIGf&`~4EN~`T zg586uZr~ck&`a#XWz>^I2515m#50O1ae3`5xf)tCb#o4{zV7E#Gci4$DgH*KwlJcb z+5GxKEz{{XRIB;yHz~yT>{+3&Z%xW-CS zYn697iB<_f4Id8NUS{5UEH1a5O14##?%KOD%*x=QTlS9yn~&rAzt)W$cQo3xWit65 z6Wk)yjNx6KAm`O$mci1*BHaT1_g8_-W>z~^txacG)G)+;KN%OjZ!jyUGoF(O;_MF^ z@#*mIRXb@R1CWMGIv71FKusojUR<$ZdZDeW_?ShNuDNf%g5`R;4Rh3dGhA_bGPiRm z*(C>(9qd$sPatIj%|;w|cjO#)aF^P!VAmb&8OHjnO(U6bf6h!qG|n~+^0d!PX$Imu z$O`f4x5za9cpKgOZorvXYA|#S*QNoM+$nZ8zCQ8&}(;~^VD{AB+@1TM(wxV7SP z9|LPRY1c}F-iRr)w)VP#{U3pSdvqbtF4o8nGgb(ECw~o!yj+v2%DsD6Y7Ci4n@HTWen37Y+C2C zkx!8UXkul!Ve?h4YuT^RtSKLjfyyvv6sznCuq^0|?+QmqrgvOmWwz1?AL!-$xKI8Uopr^F zrKC%%F-nfi~ArL!tmmg#u zsNqlTGjH%S>17m9)2!~t;dLl`*~Z~*XWAJ z;Z4vMjLW|9!Yqm4e2)$q*9*EOll4N|Uer;J*zh;^#Pjk5I^J9Jxf@ANw=11e?G{ki z73EemTxb@sffHoDbx&ZbIJ-O)o&bwE$nFEJII`~k`SJR4fw;)!{hKK`+#mBnx*K#| z_zuQ$0fu*6*bx_D=>lh3T+ zU}uOWZ}Uj<#F4{AteP0Iv<}scCw2@EETet2RjTH`HyC2*0T*K(9JmJT`Bp@!cu&t) z*0|p5UY-HQdh6rB-rO_mhMNbvhlZICtU~lW2UmCFIe+~{oOf;-iT5@grLDzQ+dFOs z-d~#`Rl2*y&8!rnhO02ptG~2qms9VD(=mAV8JB)NQo~xkBCb4ihMqBIhH#AAh$G_U z6Hf-3-Qwn4u-w@Gw(%AV=^P&p&fE}9T!|)weVDZHKnI2!0<(+S%{iegW}QIlSPYb^ zD~7(1yuMmh7;Zu0r@~kOV@dSNpYH0kruyt{#Iwb#ixt?-HcZ4D3Yal1K28!9ge^$n zd0`VH&iXB?-VHBH4Oa6?bq6Lct(^gb4{_6(^vkf}XS$X>5^;>gQI)Av$-X_{)>P;8)=$PlyYt$Mo# zyF|cz2VoFjSUBD0Wg=v~IFQO69Xaj3R@m0#zW+LEzvYFa-S+6XBNyCX32d~SZ9(U! zw!9iSapZj2Q7Cr)+wpL^k;91$IA7(8;}#`&Y-US8t$piIcOa`fKZ*flUt2=wnL-7* zBnBCKCW=D50tLZ_8+}^6V(u-Ny=;~Y&wVUNvu|*ntaXF$4tWLih#KO3{H&q{@$AS* zd@xiA9E4_AZJ^3r>)WWi>=jyrv^8fAp+~^0U2aiTx4*rbFNeR{x(;(UogZ}GU8Hg# zTROhmM8JHmKy(wjogLy1;Pm#z@ju_VWuyl#U;S9du{*f0Qzwx5t?!HXCFl4p(kSZs z!?~gm)$-NR_4a<}HC(o>y|Zavf@GGdyyXQ&CFyPjJ)@FnQ3~iBFn;3t&g<)(;0BB{ zJm*j{x9!82r%zKoHj^z-cQ?r|(#SS+Q(F_yq%2?_LU8V!7jB^-PuVkV=zc_K4{`r) zVGK>^6wP=c|4~UAFx9+1No-p`pN4E@0<)WLaEFx7wV3ajlJ8vwFv4or6yu@6K1_GF zT*BR;Z^-umT&^8^))0pCcWXL5^@6=|+=K)ELq{HfmwTP`G7zkF-7$CcmeF@kTKmGg z|E}y#@*eAdJR$hcavP7Hcl>KI^%0xxKXz7Je$wJm7{KPvwF&=j-%p)uSOYP@!U}Hx z^>@DJf7Xt~%lh!|dW1i*$p5oe2&G@ZzlLUgIO>&mt5^buBe-zpqa(gsP<*z|e!2Dr zptd7c9O~zX{$1q~ukr|BI54htw2p;9QYH!o?4O;%hvT)j!PTD`huBmMn?v3^QXNTO>60eH;7QkSz^H5!v@$ z*@tAwHl$FIdN1A2{d<1z^WN|C+<(5G*I(DijPG^LHLmkK&f`44$FY0<_viDnN>#rB zq064Utdsn7&C9Y`m!A@m!>NP#ZdPq?Yw?l(5w`Yc59ziW!lm{y` zsFJ_}2d=hHP+I!6au(^F;`R#TmPNTSrLg$8py+S;E<`a&EOP>V1J2VgHcdjWCn~8y zx_XXBWh$pi!Mu#!k-dEv$1{d+FgtoDt2!1 zTKi6^;%MtK!w-fDiN4LY#+mAdTQZKk4E9&O+2_&g+A<;=Ii%z0Z62tB#VZfPv^m#`aw|WQ*I{Q@*b3+e+_P zsC`FK;?)@t4jG&*^F+NQS-Q-or^kJL%JYa~IqrTVD&s9CI|&90kt?#Dh)Ko?)M(!J ziAHg!n8A#F*aZSbZDsUqlJ^wY;3}D^Q~I|Tprz3`75R?1z%4wl*0~A@*c(10A*6f3 zBcLG`)lI8!yz~kTCwX`Zaoz7)4}P=Gs7hN^cdy*l@nJQlA>`G~VsGx4hUV2DnTowm zZ}c%tsC|y=A_#*G}oDKYE|rKQv4Vhi-`);YVI+@K!fAV$+S68>Zc0 zEJ@#e`-}V0EIwU#EuAN)H&}khdPG8tDx@`mP`7@XM_sw~TGw9c1|~zzHQ^)Y-IYM_ zptPPWs1jk#nT2dYAUNo{B_PE2(+F6Au?F)-8t2|4lKG6YYFaFAz<>4)Z<|ld^iWmH z7Mqbhe4I_LDY$ymY5-H3O1^zhUlxSjWPUo|m2jUyYvN#P(w2bic~#Ns@%bm?LJnr} z{Zb544qw*lCjVXKRyfnHmFBb*W4KWhgYrRAr7*ZGTo?vC;zh}Y$Y{wflh%+EqYk^GB@sKqe_=Q5`?eSY2#=gg9 z)n@C1r^k0c-?>~e_h`nYnN8iS&&^=mX3%6d7I+4rv z;KHFrXjxAWmbq-A1ryj-EqR3I0Q+fM8ogtiLdUxuG^HXmvEihcj1*Yi?kKQl$O*iR(AA%?dc7Btu>Iu|i3r2ew%go}ecDJ+t}-!^o}%PtZYf;4VdtmS zZhR(D8tyXswGk#+t5&j^V1H4XyTSuz?-S`ju71OV&V^P1|8O+*^#lgaIF0VB_@-~f zCyQ8t=TAoCfM!D05q%k7d!Jy;acqvTy}SYy+sC=C=KQ{+4)1t@4J#aXp_jk9j})!~ z&~v|5*40Ix8n>6@;jYQAnEHZT>~moU$L%b}U|}2%t@E9ALNQ%pRrNDv9#Vzg@^bG7 z166%OoVTcP2U8Ds7Al|jhVn!*>Aw>j^bJn^5#|R%sl4Tcx*LMwI?{Ux8l|?y4US)L zqoBHqc(k@nN&Zc?F@KR2;pN|lsJu5-J^q`+AmWm8(A&2DYncta#B1O|lDAY-x`k|t zEC?>i$GI0-sO&CZc>mYNOeVfkWK3C~Wi(#0Yu`JquJ9RG>~oY)!EGgSm?)2m&#g>+ zhf*kiujy->5>yLqJxu5sUPKrhSloND=b3MMr;qAaz_za3ClYQVb z?%IkW^SpvO{PJ+(7t*^TT&)Lfa*8Oeds&PZ+(Of$&Z{jz0~J$-L(MvOsYR|^?hGWT z32lwnP1f2OSj&maj7WiStC?;{n@kX#N>2H>y5{hKIrKSdZUwZ0=N6qbNoVG$dB&z1 zrlKjOX;MFqiHB@eW>da-ANYh!9oDoW$u@~7vR<0Gn5?fwS8Lz;>gD>J(V2%j(pQB+ zoQ{GvINx00*m$xCa~mqN=CxC0d1rr$uKJGB!G1(VHLcLETAKN7Xb%TgtX55Z{&0D> zqGSXV*&d@SQ@9SF^{AZ`@`AS%PkKj=MP+WL)4;wkdCP(iMCtRHv0gNxKi&0irmEc>mE29a8*;L}9!QXM*r#$<=5I%%C+%^1rN`S7dHQA$8TmcO z&5Ln*Y%Ed~nDii|RR#qOy8FqS!UE6Z;Ws&uOg67Gq-kjh8H)v5mU!Xg^>x?wgEepb z3&d;jiE6uvg0o~?Az}B_5;$$L=<3yMODTnxnziqID8vZiWpTOqxvP^UH|cKZzKG_& zm{O_n>2P7d%M1lKtT#0dhhPx(FepvjWX3*GhD9xsq=O6cJ~-UzijGjC^E{*;afe5h zJ((^+Hq0ZHqjkH%t`8b&jBH+uuevoHKPcV*5a%LHquklIAfs|&9Hq`usqrr7fPoWz zewYIyQeaDkjh)P@^u(lFI;u*Dx0=1(m&guo*=E)l56rjrS$8ekE)g>vdkJS$=pSs- zk}eV`A(N2Y$E%rT1<%d1g~7GveTrZ$kFBY0i3*p6?TM=T>($v=6}I(jG)i5el&y>{ z9iTHcHGEmZl7&_ikq9ZNsL&3an%MqU~zfdI9|gDlb)(Vm!@Fzgveo7JEVPn zIkUvI$4l{nB)+1hkrOM53-?#eHueprEU>?&0FEP8g`&!6Y@;oghzKXpr-s&62+V22 z`>2X2j)0x<%ua|w6{;wbLDvo2w!rhD2%E8y3bH!d*%>y#8T1;YHu|B8bmyUu9~e(- zU*pg}GGSEr1m*hZ6Bc3P9ST=(`H&f#tb+r#&+;HPSsOXWc22>yc!Y{O_FQpDdf0gJ zl8|bS%gx|4Emlbh{=?n9#?1$hQ2 zRp<}omm+2}-7}qkeh5%AOt9~-O93q{hIL^|1ldt)iB%KtCp#lvE`FGiz3-%>!~=aU z#_G(Qgf}Dg)=Asz!*156x?H&0wd9YvD`g{>k=g^xE56!QGrym-_*vciP4Lnp(e}&q zr4i#RNh(9dPw+Y5OH@u-QH8>0?hJIlPVrV zDW2TGn*JI$1=bZO%^OF7a6*_}?W1ZNn*slQ%B{F)=uod?QyEGLJnWb^Ej?Z}DbY*Q zG40ieg(_*9ajUzsZphd#Vvv2-Lv{xWu6;~?(4&F$ht()VIkX65!qr#xQfZFJ%Xx2n zr=e2#OSZ@0p((v%-TZ#UBHM$VnTM~R*mD{!h4?oxmhIyDYNtKi*l|3|Lbh9w!hk_Y z8Fsw2O8r_9@m*&^=R zc|gEIxpHwN)`QS;N;Jv(Hp`)0C7t(Yn)(+)xX#^YM=3>oXl%stcDHeI~_NWZ6dg4L(AOIy(+d6~c#;Uzl8^#!tRo zwOT&xuW1M@1oK6=rRv)swpOTidF;+HnX&2bGoR`%xx89zmRId?7-3> z?$jMn=wad)84sukqJn)Tj=3Z>glz9h+1_Q-!5iaP^idUwk?7ey`i@ZN0+pz^lo&;q5>h=eSQQ~{TJCsAsb)LI?zdpq<{#MMo4>PxJ?}%_uYs;P zl~v>AmC7O6>-8L~u8l&!b;}GDg}U=t!Vb`~>dOoO5%G)d`ns#fVUYZsJ@eL_>72p~ zfz9*oG+9kI6FZIK4?Ff*SF8hGi4hXD-4CkGZ?t55QyHDR$KHhQaJqlgF07j&N7^sh zQd{O(W$ZY&Pe^~qV!MVEUYG{?7@FHj0*p*G7v>vzw!ZQ)g&yF{P*ryXY&-i!3^@cy z9>5mE1XHc%Y2_2yAWb#gCdE}4sgbGSW6zx(5z!NC_C1S4k20BqqY?*!{wo8voiDUC z_{0WicH)snJddE(1^=e`zgVfi=pd1QNUr~#7y833{h#a;1$Dp)bCgJ3{kWd9niJrG z-p;~LeB=?1k|q=s?BQCfDn?8hZ(s6&-CQ**mkALLiMgRKS|Bjf-3te>U0gP69 zn*)!C`#XT!41IVz3Eh0MglKT!0$}e^-$;s3Sjlp2UIaX^@{ZiniKvAyQ{SsLzW_D^ zLv>0gmrnR5JT=@3tU)ogt>IVxb+G@$26UY=5;fc5{^rVy8|whmrAt-R59^{(2X^`Fw3WQNI7~z4tk&9tR*XyM8X@8N#e`YRCm< z=`)GodQM&IEu<{+KQ8(Q`O`Qq%)~Tpf9`-FvhYnd@R3l!*U9G^#i8e1%v+nE^{7v& z6x_WY5PU+P)O#;qm))tlh-@f)y}I7J;c-Y?wBn7Xskxb-uVv=sK$T&h_W^wnj zL`Bg!ZDwN1TRmW*^08;XLcQr~r7M}L4#d-Ln2lfAuhnmIVdp+XeCitSh0na{YOds{ z=9;L&q#KcxT{K;dq)&5<5GkU{bc~ogN@p zo$&#F_1U}eo?|xfz!%mwwbI^7fp&iPL(}ja$qu$NE4l4NUhey+o393{xhcxCEEi25 z8pZc&fY6go;N~nZd6|{c{8RbQvW?0&^T~@u>S?C~Q*-_0AKuzbs;YMN&$}%#2~YDJ zU?Gg%&QP)NIQzl2r%x{n#e`6FJHJ#=e)7rs{eCTaex1q7kbl-%qD-?r?3Y}zqmWg= z_b1`zM5&W{b@6lu2ffB=x3h)8qB;>+5SvWZf{>T&L0=XrAzxRkjR^-PqN;KqNOH9W z-Aa3=>IcFGWu9g!J7m;{qOh+|k{<1oQ|JXX}Jq?+O~4=h&B)IqSZ-n}|_Z zZi1>g4I?t@^SPN`iI8>~7v`EAA_nySaQB;+rL%+WM$~S4G9@-?wOY!o9R0$_yS|WJ zz+d|0B^rPxHvk$q_FFUp+6sibus15&Yk-BAs_HVjAllL1oH&{FP%_3}wVeYu;v?pN zjLUVgW&`V9x1OsK%~0H{hEt6noFznI29su-HQ#wx(^K`YGhLD%xf{k{ENeScM(f_) zLDriXFqa(Aesi}8M+ld){qjnW?R1zvOuni&=OR&C<@=V+eaDth(oTgLr4^vq;*G0Yj;MvwV7LT z?J4X{3<1T~4bHfnBn!689uYgU7cOnj!Bo$;-qLBBTi@5aA^yY>ImVl)W|Y*;p30qI z$FBAEPF8nuGNwIcUzqP2JVfqFEY*Vz=`)=d{jv>S^J%3q9nq*IRq@13iaEI6%EYb} zKLMTvm1lAuXV`s@m2;^_o_)G)G;yn6IPZh{9e*OF-01?1$BH@SVg`gRp&cIxWzD2e zgaUmu>)S~|Ev31UqDhX^?UXsv>_JHmwLw*MZaXw&oSe3Z>}o$dl`JemUjA(3zlgzr zNrvK2bZb6tq#?)qt6tYdOntn|DN`@SaOCTwCN6mTcpa3YoxEs91s3$8Xy5*DL;gHC zAdL9XBmQo6I?0v-Mfc7qHWFo?r8_YpJ@_NLDzPeH&V{3;ZR>y*p8h0beGDg1ikzmmrxJFI~%NM8oS`lI=4`q$;l0BAo71jn61X)WYwW$47>aHgxA; z`t7a|Uez8a1%!n(%~6XYYo0lAOch_4uZ9f>@vA4};52JRLuZOnXX>@tSd^d3TBw^B z$7}^RHxHbYPqJ<|p6g;w^ssqfZ>Ebm@_fBmk9tk_ zOcej{3&SX0e*Q+d(t(Fbbx}+){bw=@jBZlegzELQARv3P?RI$4lz{}{d&z+fQXP%V z@Pdn8pn0w{^(|xX+L%_jupy{=OPWE2CBdF{v>L$q`$u8hU6y_|oEP4SXvv)#?;sAo z_jJJCnL6J?ND+QfvS}}SOR$5V-{(5X55utiUSSw5ZG0TN?5F%GZQx<5uU9!vLLXjy z5@r&Gj1K*7otF@Iu0-fJf@d2oUXd*+Lx z9Y67EUC8zQ7>OG80rY)nLR)`w3Y^5pfH?nuHb4J5_zU*_k3lzB$?wy&c~eHppYxEM z^=JZOZT~b?qXCriKSk=l!Q4+)a$H{k@1YZ2E!43B;FR0G=vJTgXDK?Xh58d%iVhDrnJ*Y1$-OX*+yI8GAL*7ofwf5^GS9Jii zqydj6rPw|spYuJi;jM+T@ASfDn{MU}ynuIin2Poa&G&<_M{;!hOMGgZivYQ=pT}Dt zAp}AhGA4carcv8}-EhUuJH15`vmO{V2h#o`S45x!`1^Gqr>{7#F*J_ABWU+bi_x*z zJy@ryL0LbsTO^e;3E1lEdRIVXX@z!!wMLc~e#dLUQpkBf)QHsRO31 zf1g>16)JWJyAw~r0bN_nnCLt1A+-Lv(j^0)9?K;ZO^{k#X0+yWGk`3z!oL=Ra% zwrLAO)$i^W5>qP)rkA+dvLAqJR}L*Kq|THmxx8XTF}3$79T>QQk$(($D7}Z|k8{GV zrGgJ43e^RI;n)Sh}}=cpVBFk66%N(ZwYj^A)%lNL%@w zB8awBNdAeuO)t*Moz}mVCaBs@L(e(6!`#3buri3&yjvo$coxPyD`TROBJuBG+^kZ` zhMbVn0b~EIdILco(p5an=(q4m$V~U&`d0nynINDORZsTAJTQcE2pEyVve;jb#hr^S zI0_=fPfQj1|do8ZrCpec%tl`GvudcJ*$~dLUQx z)b&R1-^dEZ-!kMf+Q9B2ZH_P7==v3!Kh?Tlp2|`(cDqZcKLsMaE~I?G?V16sCLU}1 zHXP-hRxrk`_d*}4t=pdd(u4`LOEgrSHB# zSHbKRz-U-xBzE|`gi*D7tf}9bAiiSn+G{Pt#MzhppKbZ-BAZHa?HWwA$~Z5}{I5kDiK8gZ>B3!-Los^DolIR(_IHOsW5! zGUBs=2VMG__Xl&)bY1suSxUdVk|(pCoOVl6U`vqk;yd`@E7ycGOzo+R^LIHZe-sy& zsekvr{1`%MrFb@CHlYxW=%T8yzLj!4JT++Ef5}8E zYd-gsw0pFZd51KYDAF_EKmXrb%}Q)l|6ox@cgz0)1O0|j{m6(Mqrv6;6=GY+f!a^-O7mT&mt7OVqF%}o~Ya(Rrw=8{}j@j(#^@y{j-O!-=?iP{A7nl6|!z|_a*e)(t(Zbayb?bvt z8}LvCT>bLS z44vHy;~1bGRVsU#o--a7*;syQAQOK>EcLa1_(O~F0X!lrNk3EXdYnbZ3;U#Dadage zjr$W4`QsQQN`9Qq!5lJxfV{Q-T{wMZ%UB>3>7QB0p1kKtf3ro>>b}7{gUK3ABk=cJ zJqZK_Rlfv2=Ql-ib_MO(cQ3CrcJ8j-O^A2c|FVyJ^zH+Omm z4o;ECc7UXBZ{x20ZU&nSc2BdWQRY}Sz{KBSq&7_s6Q-wKI@SJH2DZ}EY>OzpEa^P( z-bIZ*y!x^g+@O$`cdH}?uh0YrfaER$YHNOj??sB%xIur323dfnG7{J)o;0!A8HjkpFb`Lb{JN`w7k8BW@Ub zTxgJU(4_Mp8R%qQ7Wnyh`1ujJgXnG6u8BY6p#j4{QU$JLfehYyr3A_U)HX}^))43g zWaI(#|F;gg0}iU=-1;*?&w%VIp;7kF8Q1^oXzRa`<^MLh3M|Uc|KD^d{#JhdG1mQ; i literal 0 HcmV?d00001 diff --git a/docs/addons/elasticsearch/kubedb/index.md b/docs/addons/elasticsearch/kubedb/index.md new file mode 100644 index 0000000..03ea7e8 --- /dev/null +++ b/docs/addons/elasticsearch/kubedb/index.md @@ -0,0 +1,1170 @@ +--- +title: Elasticsearch | Stash +description: Backup and restore Elasticsearch deployed with KubeDB +menu: + docs_{{ .version }}: + identifier: stash-elasticsearch-kubedb + name: KubeDB managed Elasticsearch + parent: stash-elasticsearch + weight: 20 +product_name: kubestash +menu_name: docs_{{ .version }} +section_menu_id: stash-addons +--- + +# Backup and restore Elasticsearch database deployed with KubeDB + +Stash 0.9.0+ supports backup and restoration of Elasticsearch clusters. This guide will show you how you can backup and restore your KubeDB deployed Elasticsearch database using Stash. + +## Before You Begin + +- At first, you need to have a Kubernetes cluster, and the `kubectl` command-line tool must be configured to communicate with your cluster. +- Install Stash in your cluster following the steps [here](/docs/setup/install/stash/index.md). +- Install [KubeDB](https://kubedb.com) in your cluster following the steps [here](https://kubedb.com/docs/latest/setup/). +- If you are not familiar with how Stash backup and restore Elasticsearch databases, please check the following guide [here](/docs/addons/elasticsearch/overview/index.md). + +You have to be familiar with following custom resources: + +- [AppBinding](/docs/concepts/crds/appbinding/index.md) +- [Function](/docs/concepts/crds/function/index.md) +- [Task](/docs/concepts/crds/task/index.md) +- [BackupConfiguration](/docs/concepts/crds/backupconfiguration/index.md) +- [BackupSession](/docs/concepts/crds/backupsession/index.md) +- [RestoreSession](/docs/concepts/crds/restoresession/index.md) + +To keep things isolated, we are going to use a separate namespace called `demo` throughout this tutorial. Create `demo` namespace if you haven't created it yet. + +```console +$ kubectl create ns demo +namespace/demo created +``` + +>Note: YAML files used in this tutorial are stored [here](https://github.com/kubestash/docs/tree/{{< param "info.version" >}}/docs/addons/elasticsearch/kubedb/examples). + +## Prepare Elasticsearch + +In this section, we are going to deploy an Elasticsearch database using KubeDB. Then, we are going to insert some sample data into it. + +### Deploy Elasticsearch + +At first, let's deploy a sample Elasticsearch database. Below is the YAML of a sample Elasticsearch crd that we are going to create for this tutorial: + +```yaml +apiVersion: kubedb.com/v1alpha2 +kind: Elasticsearch +metadata: + name: sample-es + namespace: demo +spec: + version: xpack-7.9.1-v1 + storageType: Durable + topology: + master: + suffix: master + replicas: 1 + storage: + storageClassName: "standard" + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + data: + suffix: data + replicas: 2 + storage: + storageClassName: "standard" + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + ingest: + suffix: client + replicas: 2 + storage: + storageClassName: "standard" + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi +``` + +Let's create the above `Elasticsearch` object, + +```console +$ kubectl apply -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/elasticsearch/kubedb/examples/elasticsearch/sample_es.yaml +elasticsearch.kubedb.com/sample-es created +``` + +KubeDB will create the necessary resources to deploy the Elasticsearch database according to the above specification. Let's wait until the database to be ready to use, + +```console +❯ kubectl get elasticsearch -n demo -w +NAME VERSION STATUS AGE +sample-es xpack-7.9.1-v1 Provisioning 89s +sample-es xpack-7.9.1-v1 Ready 5m26s +``` + +The database is in `Ready` state. It means the database is ready to accept connections. + +### Insert Sample Data + +In this section, we are going to create few indexes in the deployed Elasticsearch. At first, we are going to port-forward the respective Service so that we can connect with the database from our local machine. Then, we are going to insert some data into the Elasticsearch. + +#### Port-forward the Service + +KubeDB will create few Services to connect with the database. Let's see the Services created by KubeDB for our Elasticsearch, + +```bash +❯ kubectl get service -n demo +NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE +sample-es ClusterIP 10.108.129.195 9200/TCP 10m +sample-es-master ClusterIP None 9300/TCP 10m +sample-es-pods ClusterIP None 9200/TCP 10m +``` + +Here, we are going to use the `sample-es` Service to connect with the database. Now, let's port-forward the `sample-es` Service. Run the following command into a separate terminal. + +```bash +❯ kubectl port-forward -n demo service/sample-es 9200 +Forwarding from 127.0.0.1:9200 -> 9200 +Forwarding from [::1]:9200 -> 9200 +``` + +#### Export the Credentials + +KubeDB will create some Secrets for the database. Let's check which Secrets have been created by KubeDB for our `sample-es` Elasticsearch. + +```bash +❯ kubectl get secret -n demo | grep sample-es +sample-es-ca-cert kubernetes.io/tls 2 21m +sample-es-config Opaque 1 21m +sample-es-elastic-cred kubernetes.io/basic-auth 2 21m +sample-es-token-ctzn5 kubernetes.io/service-account-token 3 21m +sample-es-transport-cert kubernetes.io/tls 3 21m +``` + +Here, `sample-es-elastic-cred` contains the credentials require to connect with the database. Let's export the credentials as environment variable to our current shell so that we can easily environment variables to connect with the database. + +```bash +❯ export USER=$(kubectl get secrets -n demo sample-es-elastic-cred -o jsonpath='{.data.\username}' | base64 -d) +❯ export PASSWORD=$(kubectl get secrets -n demo sample-es-elastic-cred -o jsonpath='{.data.\password}' | base64 -d) +``` + +#### Insert data + +Now, let's create an index called `products` and insert some data into it. + +```bash +# Elasticsearch will automatically create the index if it does not exist already. +❯ curl -XPOST --user "$USER:$PASSWORD" "http://localhost:9200/products/_doc?pretty" -H 'Content-Type: application/json' -d' +{ + "name": "KubeDB", + "vendor": "AppsCode Inc.", + "description": "Database Operator for Kubernetes" +} +' + +# Let's insert another data into the "products" index. +❯ curl -XPOST --user "$USER:$PASSWORD" "http://localhost:9200/products/_doc?pretty" -H 'Content-Type: application/json' -d' +{ + "name": "Stash", + "vendor": "AppsCode Inc.", + "description": "Backup tool for Kubernetes workloads" +} +' +``` + +Let's create another index called `companies` and insert some data into it. + +```bash +❯ curl -XPOST --user "$USER:$PASSWORD" "http://localhost:9200/companies/_doc?pretty" -H 'Content-Type: application/json' -d' +{ + "name": "AppsCode Inc.", + "mission": "Accelerate the transition to Containers by building a Kubernetes-native Data Platform", + "products": ["KubeDB", "Stash", "KubeVault", "Kubeform", "ByteBuilders"] +} +' +``` + +Now, let's verify that the indexes have been created successfully. + +```bash +❯ curl -XGET --user "$USER:$PASSWORD" "http://localhost:9200/_cat/indices?v&s=index&pretty" +health status index uuid pri rep docs.count docs.deleted store.size pri.store.size +green open companies qs52L4xrShay14NPUExDNw 1 1 1 0 11.5kb 5.7kb +green open products 6aCd7y_kQf26sYG3QdY0ow 1 1 2 0 20.7kb 10.3kb +``` + +Also, let's verify the data in the indexes: + +```bash +# Verify the data in the "product" index. +❯ curl -XGET --user "$USER:$PASSWORD" "http://localhost:9200/products/_search?pretty" +{ + "took" : 354, + "timed_out" : false, + "_shards" : { + "total" : 1, + "successful" : 1, + "skipped" : 0, + "failed" : 0 + }, + "hits" : { + "total" : { + "value" : 2, + "relation" : "eq" + }, + "max_score" : 1.0, + "hits" : [ + { + "_index" : "products", + "_type" : "_doc", + "_id" : "3GyXa3cB55U52E6TvL8f", + "_score" : 1.0, + "_source" : { + "name" : "KubeDB", + "vendor" : "AppsCode Inc.", + "description" : "Database Operator for Kubernetes" + } + }, + { + "_index" : "products", + "_type" : "_doc", + "_id" : "3WyYa3cB55U52E6Tc7_G", + "_score" : 1.0, + "_source" : { + "name" : "Stash", + "vendor" : "AppsCode Inc.", + "description" : "Backup tool for Kubernetes workloads" + } + } + ] + } +} + +# Verify data in the "companies" index. +❯ curl -XGET --user "$USER:$PASSWORD" "http://localhost:9200/companies/_search?pretty" +{ + "took" : 172, + "timed_out" : false, + "_shards" : { + "total" : 1, + "successful" : 1, + "skipped" : 0, + "failed" : 0 + }, + "hits" : { + "total" : { + "value" : 1, + "relation" : "eq" + }, + "max_score" : 1.0, + "hits" : [ + { + "_index" : "companies", + "_type" : "_doc", + "_id" : "3myya3cB55U52E6TE78a", + "_score" : 1.0, + "_source" : { + "name" : "AppsCode Inc.", + "mission" : "Accelerate the transition to Containers by building a Kubernetes-native Data Platform", + "products" : [ + "KubeDB", + "Stash", + "KubeVault", + "Kubeform", + "ByteBuilders" + ] + } + } + ] + } +} +``` + +We now have sample data in our database. In the next section, we are going to prepare the necessary resources to backup these sample data. + +## Prepare for Backup + +In this section, we are going to prepare our cluster for backup. + +### Ensure Elasticsearch Addons + +When you install Stash, it will automatically install the pre-build database addons. Make sure the addons for Elasticsearch has been installed using the following command. + +```bash +❯ kubectl get tasks.stash.appscode.com | grep elasticsearch +elasticsearch-backup-5.6.4 3d2h +elasticsearch-backup-6.2.4 3d2h +elasticsearch-backup-6.3.0 3d2h +elasticsearch-backup-6.4.0 3d2h +elasticsearch-backup-6.5.3 3d2h +elasticsearch-backup-6.8.0 3d2h +elasticsearch-backup-7.2.0 3d2h +elasticsearch-backup-7.3.2 3d2h +elasticsearch-restore-5.6.4 3d2h +elasticsearch-restore-6.2.4 3d2h +elasticsearch-restore-6.3.0 3d2h +elasticsearch-restore-6.4.0 3d2h +elasticsearch-restore-6.5.3 3d2h +elasticsearch-restore-6.8.0 3d2h +elasticsearch-restore-7.2.0 3d2h +elasticsearch-restore-7.3.2 3d2h +``` + +Any of these addon versions should be able to take backup of the databases with matching major versions as discussed in [Addon Version Compatibility](/docs/addons/elasticsearch/README.md#addon-version-compatibility). + +### Verify AppBinding + +KubeDB will create an `AppBinding` object with the same name as the database object which contains the necessary information requires to connect with the database. + +Let's verify that the `AppBinding` object has been created for our `sample-es` Elasticsearch, + +```bash +❯ kubectl get appbindings.appcatalog.appscode.com -n demo sample-es +NAME TYPE VERSION AGE +sample-es kubedb.com/elasticsearch 7.9.1 2d +``` + +Now, if you check the YAML of the `AppBinding`, you will see that it contains the service and secret information that are necessary to connect with the database. + +```yaml +❯ kubectl get appbindings.appcatalog.appscode.com -n demo sample-es -o yaml +apiVersion: appcatalog.appscode.com/v1alpha1 +kind: AppBinding +metadata: + name: sample-es + namespace: demo + ... +spec: + clientConfig: + service: + name: sample-es + port: 9200 + scheme: http + secret: + name: sample-es-elastic-cred + type: kubedb.com/elasticsearch + version: 7.9.1 +``` + +### Prepare Backend + +We are going to store our backed up data into a GCS bucket. So, we need to create a `Secret` with GCS credentials and a `Repository` object with the bucket information. If you want to use a different backend, please read the respective backend configuration doc from [here](/docs/guides/backends/overview/index.md). + +#### Create Storage Secret + +At first, let's create a `Secret` called `gcs-secret` with access credentials to our desired GCS bucket, + +```bash +$ echo -n 'changeit' > RESTIC_PASSWORD +$ echo -n '' > GOOGLE_PROJECT_ID +$ cat downloaded-sa-key.json > GOOGLE_SERVICE_ACCOUNT_JSON_KEY +$ kubectl create secret generic -n demo gcs-secret \ + --from-file=./RESTIC_PASSWORD \ + --from-file=./GOOGLE_PROJECT_ID \ + --from-file=./GOOGLE_SERVICE_ACCOUNT_JSON_KEY +secret/gcs-secret created +``` + +#### Create Repository + +Now, crete a `Repository` object with the information of your desired bucket. Below is the YAML of `Repository` object we are going to create, + +```yaml +apiVersion: stash.appscode.com/v1alpha1 +kind: Repository +metadata: + name: gcs-repo + namespace: demo +spec: + backend: + gcs: + bucket: stash-testing + prefix: /demo/sample-es + storageSecretName: gcs-secret +``` + +Let's create the `Repository` we have shown above, + +```bash +$ kubectl create -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/elasticsearch/kubedb/examples/backup/repository.yaml +repository.stash.appscode.com/gcs-repo created +``` + +Now, we are ready to backup our database into our desired backend. + +## Backup + +To schedule a backup, we have to create a `BackupConfiguration` object targeting the respective `AppBinding` of our desired database. Then, Stash will create a CronJob to periodically trigger a backup of the database. + +### Create BackupConfiguration + +Below is the YAML for `BackupConfiguration` object we care going to use to backup the `sample-es` database we have deployed earlier, + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: sample-es-backup + namespace: demo +spec: + schedule: "*/5 * * * *" + task: + name: elasticsearch-backup-7.3.2 + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-es + interimVolumeTemplate: + metadata: + name: sample-es-backup-tmp-storage + spec: + accessModes: [ "ReadWriteOnce" ] + storageClassName: "standard" + resources: + requests: + storage: 1Gi + runtimeSettings: + pod: + securityContext: + fsGroup: 65534 + retentionPolicy: + name: keep-last-5 + keepLast: 5 + prune: true +``` + +Here, + +- `.spec.schedule` specifies that we want to backup the database every 5th minutes. +- `.spec.task.name` specifies the name of the `Task` object that specifies the necessary `Functions` and their execution order to backup an Elasticsearch database. +- `.spec.target.ref` refers to the `AppBinding` object that holds the connection information of our targeted database. +- `spec.interimVolumeTemplate` specifies a PVC template that will be used by Stash to hold the dumped data temporarily before uploading it into the cloud bucket. +- `spec.runtimeSettings.pod` specifies the runtime environment for the backup job at the pod level. + +> Note: When running a backup with Stash, it defaults to using the `nobody` user, which can cause permission issues when trying to access the interim volume directory. To avoid this problem, you can include the `fsGroup` of the Stash default user (which is `65534`) in the `runtimeSettings.pod.securityContext` section. + +Let's create the `BackupConfiguration` object we have shown above, + +```bash +$ kubectl create -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/elasticsearch/kubedb/examples/backup/backupconfiguration.yaml +backupconfiguration.stash.appscode.com/sample-es-backup created +``` + +### Verify Backup Setup Successful + +If everything goes well, the phase of the `BackupConfiguration` should be `Ready`. The `Ready` phase indicates that the backup setup is successful. Let's verify the `Phase` of the BackupConfiguration, + +```bash +$ kubectl get backupconfiguration -n demo +NAME TASK SCHEDULE PAUSED PHASE AGE +sample-es-backup elasticsearch-backup-7.3.2 */5 * * * * Ready 11s +``` + +### Verify CronJob + +Stash will create a CronJob with the schedule specified in the `spec.schedule` field of `BackupConfiguration` object. + +Verify that the CronJob has been created using the following command, + +```bash +❯ kubectl get cronjob -n demo +NAME SCHEDULE SUSPEND ACTIVE LAST SCHEDULE AGE +stash-backup-sample-es-backup */5 * * * * False 0 9s +``` + +### Wait for BackupSession + +The `stash-backup-sample-es-backup` CronJob will trigger a backup on each scheduled slot by creating a `BackupSession` object. + +Now, wait for a schedule to appear. Run the following command to watch for a `BackupSession` object, + +```bash +❯ kubectl get backupsessions.stash.appscode.com -n demo -w +NAME INVOKER-TYPE INVOKER-NAME PHASE AGE +sample-es-backup-1612440003 BackupConfiguration sample-es-backup 0s +sample-es-backup-1612440003 BackupConfiguration sample-es-backup Running 0s +sample-es-backup-1612440003 BackupConfiguration sample-es-backup Succeeded 54s +``` + +Here, the phase `Succeeded` means that the backup process has been completed successfully. + +### Verify Backup + +Now, we are going to verify whether the backed up data is present in the backend or not. Once a backup is completed, Stash will update the respective `Repository` object to reflect the backup completion. Check that the repository `gcs-repo` has been updated by the following command, + +```bash +❯ kubectl get repository -n demo gcs-repo +NAME INTEGRITY SIZE SNAPSHOT-COUNT LAST-SUCCESSFUL-BACKUP AGE +gcs-repo true 3.801 KiB 1 64s 3m46s +``` + +Now, if we navigate to the GCS bucket, we will see the backed up data has been stored in `demo/sample-es` directory as specified by the `.spec.backend.gcs.prefix` field of the `Repository` object. + +
+ Backup data in GCS Bucket +
Fig: Backup data in GCS Bucket
+
+ +> Note: Stash keeps all the backed up data encrypted. So, data in the backend will not make any sense until they are decrypted. + +## Restore + +If you have followed the previous sections properly, you should have a successful backup of your Elasticsearch database. Now, we are going to show how you can restore the database from the backed up data. + +### Restore into the same Elasticsearch + +You can restore your data into the same database you have backed up from or into a different database in the same cluster or a different cluster. In this section, we are going to show you how to restore in the same database which may be necessary when you have accidentally deleted any data from the running database. + +#### Temporarily pause backup + + +At first, let's stop taking any further backup of the database so that no backup runs after we delete the sample data. We are going to pause the `BackupConfiguration` object. Stash will stop taking any further backup when the `BackupConfiguration` is paused. + +Let's pause the `sample-es-backup` BackupConfiguration, + +```bash +❯ kubectl patch backupconfiguration -n demo sample-es-backup --type="merge" --patch='{"spec": {"paused": true}}' +backupconfiguration.stash.appscode.com/sample-es-backup patched +``` + +Verify that the `BackupConfiguration` has been paused, + +```bash +❯ kubectl get backupconfiguration -n demo sample-es-backup +NAME TASK SCHEDULE PAUSED PHASE AGE +sample-es-backup elasticsearch-backup-7.3.2 */5 * * * * true Ready 12m +``` + +Notice the `PAUSED` column. Value `true` for this field means that the `BackupConfiguration` has been paused. + +Stash will also suspend the respective CronJob. + +```bash +❯ kubectl get cronjob -n demo +NAME SCHEDULE SUSPEND ACTIVE LAST SCHEDULE AGE +stash-backup-sample-es-backup */5 * * * * True 0 5m19s 12m +``` + +#### Simulate Disaster + +Now, let's simulate an accidental deletion scenario. Here, we are going to delete the `products` and `companies` indexes that we had created earlier. + +```bash +# Delete "products" index +❯ curl -XDELETE --user "$USER:$PASSWORD" "http://localhost:9200/products?pretty" +{ + "acknowledged" : true +} + +# Delete "companies" index +❯ curl -XDELETE --user "$USER:$PASSWORD" "http://localhost:9200/companies?pretty" +{ + "acknowledged" : true +} +``` + +Now, let's verify that the indexes have been deleted from the database, + +```bash +❯ curl -XGET --user "$USER:$PASSWORD" "http://localhost:9200/_cat/indices?v&s=index&pretty" +health status index uuid pri rep docs.count docs.deleted store.size pri.store.size +``` + +So, we can see our `sample-es` database does not have any indexes. In the next section, we are going to restore the deleted indexes from backed up data. + +#### Create RestoreSession + +To restore the database, you have to create a `RestoreSession` object pointing to the `AppBinding` of the targeted database. + +Here, is the YAML of the `RestoreSession` object that we are going to use for restoring our `sample-es` database. + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: RestoreSession +metadata: + name: sample-es-restore + namespace: demo +spec: + task: + name: elasticsearch-restore-7.3.2 + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-es + interimVolumeTemplate: + metadata: + name: sample-es-restore-tmp-storage + spec: + accessModes: [ "ReadWriteOnce" ] + storageClassName: "standard" + resources: + requests: + storage: 1Gi + runtimeSettings: + pod: + securityContext: + fsGroup: 65534 + rules: + - snapshots: [latest] +``` + +Here, + +- `.spec.task.name` specifies the name of the `Task` object that specifies the necessary `Functions` and their execution order to restore an Elasticsearch database. +- `.spec.repository.name` specifies the `Repository` object that holds the backend information where our backed up data has been stored. +- `.spec.target.ref` refers to the respective `AppBinding` of the `sample-es` database. +- `spec.interimVolumeTemplate` specifies a PVC template that will be used by Stash to hold the restored data temporarily before injecting it into the database. +- `.spec.runtimeSettings.pod` specifies the runtime environment for the restore job at the pod level. +- `.spec.rules` specifies that we are restoring data from the latest backup snapshot of the database. + +> Note: When running a restore with Stash, it defaults to using the `nobody` user, which can cause permission issues when trying to access the interim volume directory. To avoid this problem, you can include the `fsGroup` of the Stash default user (which is `65534`) in the `runtimeSettings.pod.securityContext` section. + +Let's create the `RestoreSession` object object we have shown above, + +```bash +❯ kubectl apply -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/elasticsearch/kubedb/examples/restore/restoresession.yaml +restoresession.stash.appscode.com/sample-es-restore created +``` + +Once, you have created the `RestoreSession` object, Stash will create a restore Job. Run the following command to watch the phase of the `RestoreSession` object, + +```bash +❯ kubectl get restoresession -n demo -w +NAME REPOSITORY PHASE AGE +sample-es-restore gcs-repo Running 8s +sample-es-restore gcs-repo Running 24s +sample-es-restore gcs-repo Succeeded 24s +sample-es-restore gcs-repo Succeeded 25s +``` + +The `Succeeded` phase means that the restore process has been completed successfully. + +#### Verify Restored Data + +Now, it's time to verify whether the actual data has been restored or not. At first, let's verify that whether the indexes have been restored or not: + +```bash +❯ curl -XGET --user "$USER:$PASSWORD" "http://localhost:9200/_cat/indices?v&s=index&pretty" +health status index uuid pri rep docs.count docs.deleted store.size pri.store.size +green open companies 7UgxlL4wST6ZIAImxRVvzw 1 1 1 0 11.4kb 5.7kb +green open products vb19PIneSL2zMTPvNEgm-w 1 1 2 0 10.8kb 5.4kb +``` + +So, we can see the indexes have been restored. Now, let's verify the data of these indexes, + +```bash +# Verify the data of the "products" index +❯ curl -XGET --user "$USER:$PASSWORD" "http://localhost:9200/products/_search?pretty" +{ + "took" : 3, + "timed_out" : false, + "_shards" : { + "total" : 1, + "successful" : 1, + "skipped" : 0, + "failed" : 0 + }, + "hits" : { + "total" : { + "value" : 2, + "relation" : "eq" + }, + "max_score" : 1.0, + "hits" : [ + { + "_index" : "products", + "_type" : "_doc", + "_id" : "vKDVgXcBa1PZYKwIDBjy", + "_score" : 1.0, + "_source" : { + "name" : "Stash", + "vendor" : "AppsCode Inc.", + "description" : "Backup tool for Kubernetes workloads" + } + }, + { + "_index" : "products", + "_type" : "_doc", + "_id" : "u6DUgXcBa1PZYKwI5xic", + "_score" : 1.0, + "_source" : { + "name" : "KubeDB", + "vendor" : "AppsCode Inc.", + "description" : "Database Operator for Kubernetes" + } + } + ] + } +} + +# Verify the data of "companies" index +❯ curl -XGET --user "$USER:$PASSWORD" "http://localhost:9200/companies/_search?pretty" +{ + "took" : 2, + "timed_out" : false, + "_shards" : { + "total" : 1, + "successful" : 1, + "skipped" : 0, + "failed" : 0 + }, + "hits" : { + "total" : { + "value" : 1, + "relation" : "eq" + }, + "max_score" : 1.0, + "hits" : [ + { + "_index" : "companies", + "_type" : "_doc", + "_id" : "vaDVgXcBa1PZYKwIMxhm", + "_score" : 1.0, + "_source" : { + "name" : "AppsCode Inc.", + "mission" : "Accelerate the transition to Containers by building a Kubernetes-native Data Platform", + "products" : [ + "KubeDB", + "Stash", + "KubeVault", + "Kubeform", + "ByteBuilders" + ] + } + } + ] + } +} +``` + +So, we can see that the data has been restored as well. + +#### Resume Backup + +Since our data has been restored successfully we can now resume our usual backup process. Resume the `BackupConfiguration` using following command, + +```bash +❯ kubectl patch backupconfiguration -n demo sample-es-backup --type="merge" --patch='{"spec": {"paused": false}}' +backupconfiguration.stash.appscode.com/sample-es-backup patched +``` + +Verify that the `BackupConfiguration` has been resumed, + +```bash +❯ kubectl get backupconfiguration -n demo sample-es-backup +NAME TASK SCHEDULE PAUSED PHASE AGE +sample-es-backup elasticsearch-backup-7.3.2 */5 * * * * false Ready 30m +``` + +Here, `false` in the `PAUSED` column means the backup has been resume successfully. The CronJob also should be resumed now. + +```bash +❯ kubectl get cronjob -n demo +NAME SCHEDULE SUSPEND ACTIVE LAST SCHEDULE AGE +stash-backup-sample-es-backup */5 * * * * False 0 2m50s 30m +``` + +Here, `False` in the `SUSPEND` column means the CronJob is no longer suspended and will trigger in the next schedule. + +### Restore into a different Elasticsearch + +Now, we are going to restore the backed up data into a different Elasticsearch of a different namespace. This time, we are going to use `opendistro` variant for Elasticsearch to demonstrate migration between the variants. You can use the same variant of Elasticsearch if you are not considering to migrate from your current variant. + +We are going to restore the data into an Elasticsearch in `restored` namespace. If you already don't have the namespace, let's create it first. + +```bash +❯ kubectl create ns restored +namespace/restored created +``` + +#### Install `stash` kubectl plugin + +Now, we are going to use `stash` kubectl plugin to help us copying the `Repository` and backend `Secret` from our `demo` namespace into `restored` namespace. If you haven't already installed the `stash` kubectl-plugin, please install it by following the guide from [here](https://stash.run/docs/{{< param "info.version" >}}/setup/install/kubectl-plugin/). + +Verify that the `stash` kubectl plugin has been installed properly, + +```bash +❯ kubectl stash version +Version = v0.11.9 +VersionStrategy = tag +GitTag = v0.11.9 +GitBranch = HEAD +CommitHash = 05511503bab90e48514aed24457458456876dfcf +CommitTimestamp = 2021-01-21T22:12:04 +GoVersion = go1.15.6 +Compiler = gcc +Platform = linux/amd64 +``` + +#### Copy Repository and backend Secret into the new namespace + +Now, let's copy the `gcs-repo` Repository into our new namespace using the `stash` kubectl plugin, + +```bash +❯ kubectl stash cp repository gcs-repo -n demo --to-namespace=restored +I0208 19:51:43.950560 666626 copy_repository.go:58] Repository demo/gcs-repo uses Storage Secret demo/gcs-secret. +I0208 19:51:43.952899 666626 copy_secret.go:60] Copying Storage Secret demo to restored namespace +I0208 19:51:43.957204 666626 copy_secret.go:73] Secret demo/gcs-secret has been copied to restored namespace successfully. +I0208 19:51:43.967768 666626 copy_repository.go:75] Repository demo/gcs-repo has been copied to restored namespace successfully. +``` + +The above command will copy the `gcs-repo` Repository as well as the respective backend secret `gcs-secret`. + +Let's verify that the `Repository` has been copied into `restored` namespace, + +```bash +❯ kubectl get repository -n restored +NAME INTEGRITY SIZE SNAPSHOT-COUNT LAST-SUCCESSFUL-BACKUP AGE +gcs-repo 2m9s +``` + +>The command does not copy the status of the `Repository`. As a result, you will see the `INTEGRITY`, `SIZE`, `SNAPSHOT-COUNT`, and `LAST-SUCCESSFUL-BACKUP` fields are empty. Nothing to panic about here. Your actual data exist safely in the cloud bucket. The `Repository` just contains the connection information to that bucket. + +Now, let's verify that the backend secret has been copied as well, + +```bash +❯ kubectl get secret -n restored +NAME TYPE DATA AGE +default-token-rd2v5 kubernetes.io/service-account-token 3 15m +gcs-secret Opaque 3 8m36s +``` + +As you can see, the backend secret `gcs-secret` also has been copied to `restored` namespace. + +#### Deploy new Elasticsearch + +Now, we are going to deploy an Elasticsearch into `restored` namespace. We are going to initialize this database from the backed up data of first Elasticsearch. + +Here, is the YAML of the Elasticsearch object that we are going to create, + +```yaml +apiVersion: kubedb.com/v1alpha2 +kind: Elasticsearch +metadata: + name: init-sample + namespace: restored +spec: + version: opendistro-1.9.0-v1 + storageType: Durable + init: + waitForInitialRestore: true + topology: + master: + suffix: master + replicas: 1 + storage: + storageClassName: "standard" + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + data: + suffix: data + replicas: 2 + storage: + storageClassName: "standard" + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + ingest: + suffix: client + replicas: 2 + storage: + storageClassName: "standard" + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi +``` + +Notice that this time, we are using `opendistro-1.9.0-v1` variant for Elasticsearch. Also, notice that we have added an `init` section in the `spec`. Here, `waitForInitialRestore: true` tells KubeDB to wait for the first restore to complete before marking this database as ready to use. + +Let's deploy the above Elasticsearch, + +```bash +❯ kubectl apply -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/elasticsearch/kubedb/examples/elasticsearch/init_sample.yaml +elasticsearch.kubedb.com/init-sample created +``` + +Now, wait for the KubeDB to create all the nodes for this Elasticsearch. This time, Elasticsearch will get stuck in the `Provisioning` state because we haven't completed the first restore yet. + +You can check the condition of the Elasticsearch to verify whether we are ready to restore the database. + +```bash +❯ kubectl get elasticsearch -n restored init-sample -o jsonpath='{.status.conditions}' | jq +[ + { + "lastTransitionTime": "2021-02-08T14:13:22Z", + "message": "The KubeDB operator has started the provisioning of Elasticsearch: restored/init-sample", + "reason": "DatabaseProvisioningStartedSuccessfully", + "status": "True", + "type": "ProvisioningStarted" + }, + { + "lastTransitionTime": "2021-02-08T14:18:15Z", + "message": "All desired replicas are ready.", + "reason": "AllReplicasReady", + "status": "True", + "type": "ReplicaReady" + }, + { + "lastTransitionTime": "2021-02-08T14:19:22Z", + "message": "The Elasticsearch: restored/init-sample is accepting client requests.", + "observedGeneration": 3, + "reason": "DatabaseAcceptingConnectionRequest", + "status": "True", + "type": "AcceptingConnection" + }, + { + "lastTransitionTime": "2021-02-08T14:19:33Z", + "message": "The Elasticsearch: restored/init-sample is ready.", + "observedGeneration": 3, + "reason": "ReadinessCheckSucceeded", + "status": "True", + "type": "Ready" + } +] +``` + +Here, check the last two conditions. We can see that the database has passed the readiness check from `Ready` conditions and it is accepting connections from `AcceptingConnection` condition. So, we are good to start restoring into this database. + +KubeDB has created an AppBinding for this database. Let's verify that the AppBinding has been created, + +```bash +❯ kubectl get appbindings.appcatalog.appscode.com -n restored +NAME TYPE VERSION AGE +init-sample kubedb.com/elasticsearch 7.8.0 21m +``` + +We are going to create a `RestoreSession` targeting this AppBinding to restore into this database. + +#### Create RestoreSession for new Elasticsearch + +Now, we have to create a `RestoreSession` object targeting the `AppBinding` of our `init-sample` database. Here, is the YAML of the RestoreSession that we are going to create, + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: RestoreSession +metadata: + name: init-sample-restore + namespace: restored +spec: + task: + name: elasticsearch-restore-7.3.2 + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: init-sample + interimVolumeTemplate: + metadata: + name: init-sample-restore-tmp-storage + spec: + accessModes: [ "ReadWriteOnce" ] + storageClassName: "standard" + resources: + requests: + storage: 1Gi + rules: + - snapshots: [latest] +``` + +Let's create the above RestoreSession, + +```bash +❯ kubectl apply -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/elasticsearch/kubedb/examples/restore/init_sample_restore.yaml +restoresession.stash.appscode.com/init-sample-restore created +``` + +Now, wait for the restore process to complete, + +```bash +❯ kubectl get restoresession -n restored -w +NAME REPOSITORY PHASE AGE +init-sample-restore gcs-repo Running 4s +init-sample-restore gcs-repo Running 21s +init-sample-restore gcs-repo Succeeded 21s +init-sample-restore gcs-repo Succeeded 21s +``` + +#### Verify Restored Data in new Elasticsearch + +Now, we are going to verify whether the data has been restored or not. At first let's port-forward the respective Service for this Elasticsearch, + +```bash +❯ kubectl get service -n restored +NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE +init-sample ClusterIP 10.109.51.219 9200/TCP 54m +init-sample-master ClusterIP None 9300/TCP 54m +init-sample-pods ClusterIP None 9200/TCP 54m +``` + +```bash +❯ kubectl port-forward -n restored service/init-sample 9200 +Forwarding from 127.0.0.1:9200 -> 9200 +Forwarding from [::1]:9200 -> 9200 +``` + +Now, let's export the credentials of this Elasticsearch, + +```bash +❯ kubectl get secret -n restored | grep init-sample +init-sample-admin-cred kubernetes.io/basic-auth 2 55m +init-sample-ca-cert kubernetes.io/tls 2 55m +init-sample-config Opaque 3 55m +init-sample-kibanaro-cred kubernetes.io/basic-auth 2 55m +init-sample-kibanaserver-cred kubernetes.io/basic-auth 2 55m +init-sample-logstash-cred kubernetes.io/basic-auth 2 55m +init-sample-readall-cred kubernetes.io/basic-auth 2 55m +init-sample-snapshotrestore-cred kubernetes.io/basic-auth 2 55m +init-sample-token-xgnrx kubernetes.io/service-account-token 3 55m +init-sample-transport-cert kubernetes.io/tls 3 55m +stash-restore-init-sample-restore-0-token-vscdt kubernetes.io/service-account-token 3 4m40s +``` + +Here, we are going to use the `init-sample-admin-cred` for connecting with the database. Let's export the `username` and `password` keys. + +```bash +❯ export USER=$(kubectl get secrets -n restored init-sample-admin-cred -o jsonpath='{.data.\username}' | base64 -d) +❯ export PASSWORD=$(kubectl get secrets -n restored init-sample-admin-cred -o jsonpath='{.data.\password}' | base64 -d) +``` + +Now, let's verify whether the indexes have been restored or not. + +```bash +❯ curl -XGET --user "$USER:$PASSWORD" "http://localhost:9200/_cat/indices?v&s=index&pretty" +health status index uuid pri rep docs.count docs.deleted store.size pri.store.size +green open .opendistro_security _v-_YiJUReylNbUaIEXN8A 1 1 7 0 57.1kb 37.1kb +green open companies XfSvxePuS7-lNq-gcd-bxg 1 1 1 0 11.1kb 5.5kb +green open products pZYHzOp_TWK9bLaEU-uj8Q 1 1 2 0 10.5kb 5.2kb +``` + +So, we can see that our indexes have been restored successfully. Now, let's verify the data of these indexes. + +```bash +# Verify data of "products" index +❯ curl -XGET --user "$USER:$PASSWORD" "http://localhost:9200/products/_search?pretty" +{ + "took" : 634, + "timed_out" : false, + "_shards" : { + "total" : 1, + "successful" : 1, + "skipped" : 0, + "failed" : 0 + }, + "hits" : { + "total" : { + "value" : 2, + "relation" : "eq" + }, + "max_score" : 1.0, + "hits" : [ + { + "_index" : "products", + "_type" : "_doc", + "_id" : "u6DUgXcBa1PZYKwI5xic", + "_score" : 1.0, + "_source" : { + "name" : "KubeDB", + "vendor" : "AppsCode Inc.", + "description" : "Database Operator for Kubernetes" + } + }, + { + "_index" : "products", + "_type" : "_doc", + "_id" : "vKDVgXcBa1PZYKwIDBjy", + "_score" : 1.0, + "_source" : { + "name" : "Stash", + "vendor" : "AppsCode Inc.", + "description" : "Backup tool for Kubernetes workloads" + } + } + ] + } +} + +# Verify data of "companies" index +❯ curl -XGET --user "$USER:$PASSWORD" "http://localhost:9200/companies/_search?pretty" +{ + "took" : 5, + "timed_out" : false, + "_shards" : { + "total" : 1, + "successful" : 1, + "skipped" : 0, + "failed" : 0 + }, + "hits" : { + "total" : { + "value" : 1, + "relation" : "eq" + }, + "max_score" : 1.0, + "hits" : [ + { + "_index" : "companies", + "_type" : "_doc", + "_id" : "vaDVgXcBa1PZYKwIMxhm", + "_score" : 1.0, + "_source" : { + "name" : "AppsCode Inc.", + "mission" : "Accelerate the transition to Containers by building a Kubernetes-native Data Platform", + "products" : [ + "KubeDB", + "Stash", + "KubeVault", + "Kubeform", + "ByteBuilders" + ] + } + } + ] + } +} +``` + +So, we can see that the data of these indexes data has been restored too. + +### Restore into a different cluster + +If you want to restore into a different cluster, you have to install KubeDB and Stash in the desired cluster. Then, you have to install Stash Elasticsearch addon in that cluster too. Then, you have to deploy the target database there. Once, the database is ready to accept connections, create the Repository, backend Secret, in the same namespace as the database of your desired cluster. Finally, create the `RestoreSession` object in the desired cluster pointing to the AppBinding of the targeted database of that cluster. + +## Cleanup + +To cleanup the Kubernetes resources created by this tutorial, run: + +```bash +# delete all reasources from "demo" namespace +kubectl delete -n demo backupconfiguration sample-es-backup +kubectl delete -n demo restoresession sample-es-restore +kubectl delete -n demo repository gcs-repo +kubectl delete -n demo secret gcs-repo +kubectl delete -n demo secret gcs-secret +kubectl delete -n demo elasticsearch sample-es + +# delete all reasources from "restored" namespace +kubectl delete -n restored restoresession init-sample-restore +kubectl delete -n restored repository gcs-repo +kubectl delete -n restored secret gcs-secret +kubectl delete -n restored elasticsearch init-sample +``` diff --git a/docs/addons/elasticsearch/overview/images/backup_overview.svg b/docs/addons/elasticsearch/overview/images/backup_overview.svg new file mode 100644 index 0000000..5d043fc --- /dev/null +++ b/docs/addons/elasticsearch/overview/images/backup_overview.svg @@ -0,0 +1,1033 @@ + + + + + + image/svg+xml + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/addons/elasticsearch/overview/images/restore_overview.svg b/docs/addons/elasticsearch/overview/images/restore_overview.svg new file mode 100644 index 0000000..d1285c8 --- /dev/null +++ b/docs/addons/elasticsearch/overview/images/restore_overview.svg @@ -0,0 +1,892 @@ + + + + + + image/svg+xml + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/addons/elasticsearch/overview/index.md b/docs/addons/elasticsearch/overview/index.md new file mode 100644 index 0000000..7fb5a64 --- /dev/null +++ b/docs/addons/elasticsearch/overview/index.md @@ -0,0 +1,81 @@ +--- +title: Elasticsearch Backup Overview | Stash +description: How Elasticsearch Backup Works in Stash +menu: + docs_{{ .version }}: + identifier: stash-elasticsearch-overview + name: How does it work? + parent: stash-elasticsearch + weight: 10 +product_name: kubestash +menu_name: docs_{{ .version }} +section_menu_id: stash-addons +--- + +# How Stash Backup & Restore Elasticsearch Database + +Stash 0.9.0+ supports backup and restore operation of many databases. This guide will give you an overview of how Elasticsearch database backup and restore process works in Stash. + +## How Backup Works + +The following diagram shows how Stash takes a backup of an Elasticsearch database. Open the image in a new tab to see the enlarged version. + +
+ Elasticsearch Backup Overview +
Fig: Elasticsearch Backup Overview
+
+ +The backup process consists of the following steps: + +1. At first, a user creates a secret with access credentials of the backend where the backed up data will be stored. + +2. Then, she creates a `Repository` crd that specifies the backend information along with the secret that holds the credentials to access the backend. + +3. Then, she creates a `BackupConfiguration` crd targeting the [AppBinding](/docs/concepts/crds/appbinding/index.md) crd of the desired database. The `BackupConfiguration` object also specifies the `Task` to use to backup the database. + +4. Stash operator watches for `BackupConfiguration` crd. + +5. Once Stash operator finds a `BackupConfiguration` crd, it creates a CronJob with the schedule specified in `BackupConfiguration` object to trigger backup periodically. + +6. On the next scheduled slot, the CronJob triggers a backup by creating a `BackupSession` crd. + +7. Stash operator also watches for `BackupSession` crd. + +8. When it finds a `BackupSession` object, it resolves the respective `Task` and `Function` and prepares a Job definition to backup. + +9. Then, it creates the Job to backup the targeted database. + +10. The backup Job reads necessary information to connect with the database from the `AppBinding` crd. It also reads backend information and access credentials from `Repository` crd and Storage Secret respectively. + +11. Then, the Job dumps the targeted database and uploads the output to the backend. Stash stores the dumped files temporarily before uploading into the backend. Hence, you should provide a PVC template using `spec.interimVolumeTemplate` field of `BackupConfiguration` crd to use to store those dumped files temporarily. + +12. Finally, when the backup is completed, the Job sends Prometheus metrics to the Pushgateway running inside Stash operator pod. It also updates the `BackupSession` and `Repository` status to reflect the backup procedure. + +## How Restore Process Works + +The following diagram shows how Stash restores backed up data into an Elasticsearch database. Open the image in a new tab to see the enlarged version. + +
+ Database Restore Overview +
Fig: Elasticsearch Restore Process
+
+ +The restore process consists of the following steps: + +1. At first, a user creates a `RestoreSession` crd targeting the `AppBinding` of the desired database where the backed up data will be restored. It also specifies the `Repository` crd which holds the backend information and the `Task` to use to restore the target. + +2. Stash operator watches for `RestoreSession` object. + +3. Once it finds a `RestoreSession` object, it resolves the respective `Task` and `Function` and prepares a Job definition to restore. + +4. Then, it creates the Job to restore the target. + +5. The Job reads necessary information to connect with the database from respective `AppBinding` crd. It also reads backend information and access credentials from `Repository` crd and Storage Secret respectively. + +6. Then, the job downloads the backed up data from the backend and insert into the desired database. Stash stores the downloaded files temporarily before inserting into the targeted database. Hence, you should provide a PVC template using `spec.interimVolumeTemplate` field of `RestoreSession` crd to use to store those restored files temporarily. + +7. Finally, when the restore process is completed, the Job sends Prometheus metrics to the Pushgateway and update the `RestoreSession` status to reflect restore completion. + +## Next Steps + +- Backup your Elasticsearch databases using Stash by following the guide from [here](/docs/addons/elasticsearch/kubedb/index.md). diff --git a/docs/addons/etcd/README.md b/docs/addons/etcd/README.md new file mode 100644 index 0000000..ac0b9dc --- /dev/null +++ b/docs/addons/etcd/README.md @@ -0,0 +1,43 @@ +--- +title: Etcd Addon Overview | Stash +description: Etcd Addon Overview | Stash +menu: + docs_{{ .version }}: + identifier: stash-etcd-readme + name: Readme + parent: stash-etcd + weight: -1 +product_name: kubestash +menu_name: docs_{{ .version }} +section_menu_id: stash-addons +url: /docs/{{ .version }}/addons/etcd/ +aliases: + - /docs/{{ .version }}/addons/etcd/README/ +--- + +# Stash Etcd Addon + +Stash `{{< param "info.version" >}}` supports extending its functionality through its addons. Stash Etcd addon enables Stash to backup and restore Etcd databases. + +This guide will give you an overview of which Etcd versions are supported and how the docs are organized. + +## Supported Etcd Versions + +Stash has the following addon versions for Etcd: + +{{< versionlist "etcd">}} + +Here, the addon follows `M.M.P` versioning scheme where `M.M.P` (Major.Minor.Patch) represents the respective database version. + +## Addon Version Compatibility + +Any addon with matching major version with the database version should be able to take backup of that database. For example, Etcd addon with version `3.x.x` should be able to take backup of any Etcd of `3.x.x` series. However, this might not be true for some versions. In that case, we will have a separate addon for that version. + +## Documentation Overview + +Stash Etcd documentations are organized as below: + +- [How does it work?](/docs/addons/etcd/overview/index.md) gives an overview of how backup and restore process for Etcd database works in Stash. +- [Etcd Cluster with Basic Auth](/docs/addons/etcd/basic-auth/index.md) shows how to backup and restore an Etcd cluster with basic authentication enabled. +- [Etcd Cluster with TLS](/docs/addons/etcd/tls/index.md) shows how to configure backup and restore process for TLS secured Etcd cluster. +- [Customizing Backup & Restore Process](/docs/addons/etcd/customization/index.md) shows how to customize the backup & restore process. diff --git a/docs/addons/etcd/_index.md b/docs/addons/etcd/_index.md new file mode 100644 index 0000000..73b0ab2 --- /dev/null +++ b/docs/addons/etcd/_index.md @@ -0,0 +1,10 @@ +--- +title: Stash Etcd Addon +menu: + docs_{{ .version }}: + identifier: stash-etcd + name: Etcd + parent: stash-addons + weight: 100 +menu_name: docs_{{ .version }} +--- diff --git a/docs/addons/etcd/basic-auth/examples/appbinding.yaml b/docs/addons/etcd/basic-auth/examples/appbinding.yaml new file mode 100644 index 0000000..87be153 --- /dev/null +++ b/docs/addons/etcd/basic-auth/examples/appbinding.yaml @@ -0,0 +1,15 @@ +apiVersion: appcatalog.appscode.com/v1alpha1 +kind: AppBinding +metadata: + name: etcd-appbinding + namespace: demo +spec: + clientConfig: + service: + name: etcd + port: 2379 + scheme: http + secret: + name: etcd-basic-auth + type: etcd + version: 3.5.0 \ No newline at end of file diff --git a/docs/addons/etcd/basic-auth/examples/backupconfiguration.yaml b/docs/addons/etcd/basic-auth/examples/backupconfiguration.yaml new file mode 100644 index 0000000..cb37a1f --- /dev/null +++ b/docs/addons/etcd/basic-auth/examples/backupconfiguration.yaml @@ -0,0 +1,20 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: etcd-backup + namespace: demo +spec: + schedule: "*/5 * * * *" + task: + name: etcd-backup-3.5.0 + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: etcd-appbinding + retentionPolicy: + name: keep-last-5 + keepLast: 5 + prune: true \ No newline at end of file diff --git a/docs/addons/etcd/basic-auth/examples/etcd-secret.yaml b/docs/addons/etcd/basic-auth/examples/etcd-secret.yaml new file mode 100644 index 0000000..71ffde9 --- /dev/null +++ b/docs/addons/etcd/basic-auth/examples/etcd-secret.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Secret +metadata: + name: etcd-basic-auth + namespace: demo +type: Opaque +stringData: + username: root + password: not@secret \ No newline at end of file diff --git a/docs/addons/etcd/basic-auth/examples/etcd.yaml b/docs/addons/etcd/basic-auth/examples/etcd.yaml new file mode 100644 index 0000000..13b4201 --- /dev/null +++ b/docs/addons/etcd/basic-auth/examples/etcd.yaml @@ -0,0 +1,68 @@ +apiVersion: v1 +kind: Service +metadata: + namespace: demo + name: etcd +spec: + clusterIP: None + ports: + - port: 2379 + name: client + - port: 2380 + name: peer + selector: + app: etcd +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: etcd + namespace: demo + labels: + app: etcd +spec: + serviceName: etcd + replicas: 3 + selector: + matchLabels: + app: etcd + template: + metadata: + name: etcd + labels: + app: etcd + spec: + containers: + - name: etcd + image: gcr.io/etcd-development/etcd:v3.5.0 + ports: + - containerPort: 2379 + name: client + - containerPort: 2380 + name: peer + volumeMounts: + - name: data + mountPath: /var/run/etcd + command: + - /bin/sh + - -c + - | + PEERS="etcd-0=http://etcd-0.etcd:2380,etcd-1=http://etcd-1.etcd:2380,etcd-2=http://etcd-2.etcd:2380" + exec etcd --name ${HOSTNAME} \ + --listen-peer-urls http://0.0.0.0:2380 \ + --listen-client-urls http://0.0.0.0:2379 \ + --initial-cluster etcd-0=http://etcd-0.etcd:2380,etcd-1=http://etcd-1.etcd:2380,etcd-2=http://etcd-2.etcd:2380 \ + --initial-cluster-token etcd-cluster-1 \ + --advertise-client-urls http://${HOSTNAME}.etcd:2379 \ + --initial-advertise-peer-urls http://${HOSTNAME}.etcd:2380 \ + --data-dir /var/run/etcd + volumeClaimTemplates: + - metadata: + name: data + namespace: demo + spec: + storageClassName: standard + accessModes: ["ReadWriteOnce"] + resources: + requests: + storage: 1Gi diff --git a/docs/addons/etcd/basic-auth/examples/repository.yaml b/docs/addons/etcd/basic-auth/examples/repository.yaml new file mode 100644 index 0000000..7a565d9 --- /dev/null +++ b/docs/addons/etcd/basic-auth/examples/repository.yaml @@ -0,0 +1,11 @@ +apiVersion: stash.appscode.com/v1alpha1 +kind: Repository +metadata: + name: gcs-repo + namespace: demo +spec: + backend: + gcs: + bucket: stash-testing + prefix: /demo/etcd/sample-etcd + storageSecretName: gcs-secret \ No newline at end of file diff --git a/docs/addons/etcd/basic-auth/examples/restoresession.yaml b/docs/addons/etcd/basic-auth/examples/restoresession.yaml new file mode 100644 index 0000000..e7377ca --- /dev/null +++ b/docs/addons/etcd/basic-auth/examples/restoresession.yaml @@ -0,0 +1,34 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: RestoreSession +metadata: + name: etcd-restore + namespace: demo +spec: + task: + name: etcd-restore-3.5.0 + params: + - name: initialCluster + value: "etcd-0=http://etcd-0.etcd:2380,etcd-1=http://etcd-1.etcd:2380,etcd-2=http://etcd-2.etcd:2380" + - name: initialClusterToken + value: "etcd-cluster-1" + - name: dataDir + value: "/var/run/etcd" + - name: workloadKind + value: "StatefulSet" + - name: workloadName + value: "etcd" + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: etcd-appbinding + runtimeSettings: + container: + securityContext: + runAsUser: 0 + runAsGroup: 0 + rules: + - snapshots: [latest] + \ No newline at end of file diff --git a/docs/addons/etcd/basic-auth/images/etcd-backup.jpg b/docs/addons/etcd/basic-auth/images/etcd-backup.jpg new file mode 100644 index 0000000000000000000000000000000000000000..1502bd6929c4799b963fb305726a95941dbe300d GIT binary patch literal 289139 zcmeFZcTiJ%*ESqQMY>3nnxh=)5UR95Zsit^ARxUH5$PfzqCrAp0Yc{-rAa-AF@^x4 zgNPt0L)OAy_PW-( zR`x&aGeE~2?JwAa4jeoH`c3cx?azViKnMPZ+utYoAD-gCf&JGY>7xg)9+nh3APqVw zeLzV1z&-^827wM7{@1xd|G6DFD0JxX5#ggEqGEyr+K+(_9uN{bcu45*;X{W6N2dyY z2OW|=eEg)**&{M;A;PB;WR36rQFB!NTywvi`xxg}lPfpwi-^iAoKRFct)Z!`W!?K*Jqw%{WqedzE>qa(-9x(SCQ z$ec31cU1P=A2rSWBI+jY9Jwnu#zf_RHD#XW{%zWSSoVKr*!}-2%l^x-|83VSNL=WE z;N}TQgJ2*YleiNCTcT)z{ycbB6!ibc-NC;qLkzIV5)~E_+LobX(q|(Q-@NfU#JF(> zbm3qV#V21acV#rPLBY@bN%j`{^vie7uVmd5A1!2GfBVv$(AwhW;_~*T=G9M+HdoQY z%VWRDoYx;;KTvf6n=AjYyr{&;nr%!F6hjzN2zL?x~e7fel4@&d+$3Cc9idXh(AM_=Abk{?59|YS6Z4`m| z-cf5zUSG~W$nd`(25UE(|Gp2}2Wh+QgBC*meb~PN`ELv9-+=rZkbehm~A3u9*VVe?(sK$R(H5pVto3l!LQ?}oj~?M7B#+c?#ol9TfMG7n9W zQtQ#=bXt<*_d%*$__lmpE?sNs#5K)rh2!CbOT=erCw40QG%}P9G*3 zl(^f_4Xjd_1ccPuZX`!TauoJe1mfqz5&{Cd&&{~aL8RaZ*!H|$BO6Y!#5LP-`&_m zeuh-@J}AqZyUNdW<;_}{?}MJG_oE{V{)K}ULe~k%;_eD?_$63!3h5EXcxC>dIAo*7 zS+Ncmrncxd0v!5Lrd&0=R3#Qj^b_Df&Gkp3LpM%$JLTl~M(hemz#UFCRc}d#%oCxa z=U((m=`~bbiLd?;c%e82+9{RYf0=M4wKw6>0^qlCrBz%N66(@MpwA@^6ynDT7RcMm zfIce%qv#EWvTc?41A|<@biKL^-Q9>^hEku|_9`pnVC_CE_%&Kft6j4dmh+e$DU77e z+;DtS@pS;L zz{!7jZwsz~n5R6XLX|Y`;RvVb312>bay9*9&Ufb1$2Y%MKj2DHP$xLFlYT#BrYXBt zK)2#`pQ44Xi2RY(k8`rKqy;~NAQ2McW74gsY{@$}YmN?L?@ZvS!>PD~@lw)=tV-x3 zOeFK?a!5?*cRiY6V^gxdb20NFBA0%K=4g^HBW(ZGFmE;@FAobg=jva)ZC@wT-dr2y$)LVLVkS{3$D)$$-s zj<)2M^{QLEU3RHw+c!9tUUX<8Sj9hoRQ_d`H`>n!;~os1CifZvNff^huQUqV$Pe0F zTA#=I%J}NpkcItYF}Xp2FBzHf}e?{TznB!!hsu<1k3}z$ThH zIztWs95`{?*8mzG@yKyo%c}MB59&{4K8K32N_!wlv2`C^kU1~nmI{Mj zPh}t1x|i=f`T$_qlS6kM&Ra@x(EybQ@PjUq3vnx=oXUmO^R)4$PF%zgNq+V;Smk?CDo+ z#{&FG(^eUTx)q<6xvx9+1<(8)PEXa=MJvc}7dPQXPyWHq5Gt)9yv@m+U}@Nk73%4A_w2G|L~`Q~liVBJWuLPXuSvp7 zLtArOh5Qp8^X|+bmrlE5%uYDAEP6b8VOC~4kNV7M{bR`~^o zwk{UNJ+%+&FGH0i<41{K6Oaa6D(x=vA5~iI-S73<=CrSGl}8!eOn4gIJsTK>)#!QT z+O08+_J7m0q|H*(W#>!vhkRE`E&)w3XBDYPXBAV!6ZnKPPU1g68-s1lNzHP#P9pB6 z+&H=Pek(){DK}=kJ>qA6T>sBvClXJQ+ErnHurYvUYBFT+<{;%EtrvSVo*$!Et+-d? z*eIW;WK77)!KeEo?e$$AxYsXxzBbac*0y{Uu)&kx>a{U2JLQrui4l6 z0}JmZ7IFI^krYIq2gd-f>|2lHX-d5RJ`L`DxW!(17iD?hSNoO@D?}yuv+!B>A zBd%yk22rYXA9Q_+@zFuWK^`B{*W&GwF~XS<=WGzS`Wp49Y$MN=a}QrbO~~5AEVh?@ zZf^@z^)dZk9pWy50c*x5gsDjuD^60-Q9UEQu9+h>L2f(5Nz|WBT~XsjK6$?Bneq2Y z-LaDe1k@0^xg-}BEp-%mmCG;U`Y_NW@FAY)J}5m|aN$eYy%sJ|p-S;dwmIZ| zkeCVV*o_gbk@%12Nl=qQ4rW_(dmxlLQ)R8&Pu{ys35|b&ZXu=(e%C>5YaZ5-*`YM; zgI-ZWYMf>VpBCBD24Eala4uh->+t#&_|ijhlLL6*9JT58&d-xU#*+&i!4jLIuCeofb>&SA^!92y=KxXbjZlFsfo@7 zhHT|Rn=G=`W-YQeW5Vj%nm81wKGZqTKqn8J&;JDh@dV=7qsmC=w1J*MJMjSGC8bJi z%AgH@UGx24Nv>is=G|&F3C~88V?uA6rA^;5xe%d0SyV|WURNHCiPMhs*c!rEkht>a zA99a~R^IW2{?Mkk=APE`j3Udqialm5vm-qyq$2;#nqXN1$*k6~Jv!m}(;Dxm?&UnP z^&l*~k>OYQ%c=2fhpkj@gQn1l3Nd-l3x3Z0sO;@NFZzvo zc}*i4D>YrIwCpokI1L*h9q@s{XM3(rx6bd}b z%+rX4kd^j9`N#m)Hc`;&nZ9zpDbtg4(JdD5GRVkM!8x#OlIM$PmMWVt52Mv>hbIIXPZ zi9kxqxs(yyW$Q)^p2BXihqXBH<2;#I&MHmm$NhC^A_Jb~y`wVqJB^LbD61mWBf!B5 z{z;X)&VR1>f6ihKyRRrayo|M4Z`=%!ceWqd&?=5RuABAhv&u+xf~3>E5uGoO=OsM{ zNc9U3xoXN{4@R17>C)c!Gpr@<4=kRD_Nc?_oj>iQ=m)j&cYl<&pcBvi&U>aPAD1^6 zwfNIERa^ycZ`pA+lX7JvH=?b^v9(xCI-7JkK~DX`vlE@4 ze)K2|fQxnNPe;(Tb+==aY}|V-GS2{DFB7Ml?#*|*3G<_T1`7*1vyCY-QwXdnK zwKzrJ;o?NSK`gOtch_>^{^Atklkb@?@UbqB>A`JvrtwTx;VM%FnSo2gc9b!Gf}4yt#%xr^jP&* z(>-SqdTS@k7R9W?bY)A-&3#HrAgZq_^YSVb6gsC9yQ#5Jai$};YKRc4k$4qYQD|bt z`}*gMc-hqUWKzYd=k3C%ajbow#UR#yYt^MvNw!8orzrZIn4ems!^1_D^W~Rs1U425 zSb^y0fiz8b*{DWe#|HoQx`}An=kID=u+fvhu8Vpu>00~!=!F28C3L@ApA=FRKP) z5bf%)5|t`>w*f>T-4y$fZH(N-BtpF$^etbtAr7k@73j8Kq!4YKQVWk&?R3t;Pn7nXZnZ5EXN*z&5 zB~0(S5TrrLml*1Af%H;J;uJ-=T*^a5$Uzi{&9-`i#+oFX{Q1BX)QJhnv^8#eF@EJe zU->IvZKC~+!D4ql|1YWIz(X==Tl*sd#i{JVFM#^(cEYzLKUDcV4)Ozn;sCohG z%-LF3`{mLB0g<_V1}3#tz7N6#p9IP!MoPP-GJ5=&)xz*uC$o2x3lluAXF!41_)=SE zfM&}>k}_Hxj$Lbo_a~@~`_;>Liv0RM04Qo*Q}bLR3o^{EFkw)rVYQp3E5J zTA~!BMcY-w{LPj;jQ?C7kkxd#l}3=~z~)V_b9ea$Q|Z)v3zg20bUVCtTby62UXf!=RhJh8#?0&taC0D=AoS zysxFluJ%>Wo#N{4m&)H-Z6>j=Hig#j#11dy&aGenv&1lPPyt2LJ=G1VEDWDPrIduU z1`?#V>W>(koyJg7bT)0CV7;*-ePLNR`!>ty_Z6u-32`NlgZ0h7hX1q={e97*0(XYI z=V932oj?iMYY^oRPu99hJEsJi`A=vLJ2qJE7M;F+-Ou0gLZa7lRipr0RT`NHS_R7> zePS7VN0u(OP5jkXExT$oN*GQ$oY~GPNKYavthn`b+`9eaVDjcC(Z9sx0=)B`zUn`z z3W&K~ya-mvOk4v?gn1<*lLTpxnVz>_TA|_ZSofFsvc*y;PD*Q_JzDnX$t;?CW%vr- zJ}uf&8t-ObvDd5m#;C%%-0f|XoZ&=*7w2cbhMZ9%!R0=#IIOE@{1{fpG(k>w3DfVD zE{nGqY{L)SzzOU8&Rm^^{^S4YXN+wMvDf0rAEYEWZGA0z5jRan(?a(_QzrYMC3jmI-_n)eBC`*&>}T|~ zIqF#O<@W=Rcf$=f>Aeni<5#5Pq zs_ZJv?t@q!dyn=ym-a!=Qt$UJ2}l7@P(5c+4P>LaM`4ruptZqy4*>*dzQE#Zg7;p` z;VpE%;IiOr@R@3N{@C_s`W|5w?*3(OwA0pFkn^)d(P1Hio$@}2;?Dobe}~;7Zq4s` z@CW&WI~|a@J@~HhUhA&iYPH*T@c3T&%6!1m-nV93Q{o3H`nkKX%ln`!l@M<(jVDvh z7lm=y%+r;NHQWvk?-=)bYfWT%K{nEZ6G{%&dALOBD3fb*`O#hUEaO2?H&-q%&FDg6 zNZs7mhrKl##0cyt?-5%=SL|WxFZ=?i9X09sJI0`Ho^ic~xl+k?xZi+czK>FJQefQH!NJtLq-mhf4oDddh=Vl#Wj}%MnwK&1@SQ=Jg06n%|y>z=CGy; z&4?K&8L@6O!TCM!ypObluv|W&G-P?en3zGKiJZF|3 z?5D^nTiNlp-JbKmT2+kgb><29{M6FQ?5hOaT!kP(JxYF|1304Ix3#c*~ zMPye66?!mc;)jea!iv6LeoqZIGYLEcF~a%?nU%3ybv6yR4BL!*Y;;CTW>^tm0>oB= zKLl?6L6Vvk-p(55%SFN4yO&`dv>bF8EbUgc>{iOU>uXzSPUpQg2kznNTwa{;gUg)W zYF3{NP+9xPX}lr$J^gGk#dmeqsoq@14~~L6-IqbcRAJMD(zu}LVgIjw7&Kv3nJMyo&UW+($F&B$VvHe{B=#C41^v|(Hl3- zc@cMPa)_PPKUU*@9GBidk$?QA_GCd5XI=zhy?tjNbpI~z5HQMW0B@%NDZA=|*vBx> z=O37fLRkU&Sy<6!QY)Kc9r&D-M-O}kMW7`zZN>a zp0~3Ck11Q^p&8~X9F$)Udu<;?y_S=2Y-`n!_12=SN@zFcKt()8%8RAr%PUuXP~*~| zCuy6I5BE6WZ)W(x$^-9FF6|ZaS()9!YrWqS&ERVf8CEF#fe5RNzn<9d89&n}H7N+` zSJ^GSdZVG_EknNnVL3|=LQcQEtE!#iIjo+GwX{p681wmF$Q2Zc0}YDg5^d4bsc>}I;ed6>^GgI*)r=x5&*u#0TO@d|qDO4k6@c(X z6gb~m=U+_nz)yKXdyUX!JmRd`W2mKOfd;35qMR~p-cP0&zLlL-ZN%g0QMN?HrUw^c#;>x)-J5RQ{{n|!%`_FgC zq^Rr7D5^g^KdJg|cO02MrybhCsivSagAFIA$-xlrnr=wSbAN!$+)AU@efrv2JblJF zG|_+%yDNO(iTWWS$?eVh6O97KpdRKID8q*?(RLKrjMMINUjAt{Pw9Z|4K(-y?+U&-Mg8pX-+dw0BS zi6s#;ixD}#;&YalYTVmQ0`t>)TZ0R~(j}Y5@i{mWitMA{jc$SSWEWRoXMD9aBXb~3 zI8VLh>#6zO>rxNgd7hn}do_#g$h>p<#xN1*C#tss&i#^4Uh1}uZz0AFbl+S7@SCyN zsuc77R`zvG{=0nL*;Gd)T0nw@y(R@jGZqAl=Z)ZZ%ov+;dv z9i=%VO3D7Rbf{Rdf$!ZKd)5b`GJf%+?A(enw+k;UO`kj|ntOET*W&fBv7<|?i76eg zHrt6QUt^Mbr&dtkc&7kiCTupPAI$mZ=zTToS6$7V+qr-4wKqZ?V-5TVSN1`_aY_c@ zO2F**a~-eFwakpNe(SM7!sI@^)Sql!iLoK*4<$(RY^W7UWk76Ys)@z8daX-GT%l8c zUGnYrX9V|}oMD8W=G*7&I=6@M4dUH?*|fo;e}47!jS$6;7yhxALxw6B1NRD3WxAX! z2v&Z&8a@rUJU|n`*Vde+UGO(LC4bAjTw znV2ubhN`8MUgjv~i(zgEpR+(#)i34ke0GC2K8p>B)*h~k?*9i$9wEjg@F~(fD5tob`Pfz+-ERvECua2;JD*bY;yH7rs7nJeEU+w` za6#9Zu<9Ig)u8N`tdpIYzdGLGzhuB{AV}4K-N^i?_s){ z$tb_GWI54={b9DNeJPA8ju2P+}a8gF2%v_jV5 z#Bj5}7KXE^DN4apj&C>Y#~hYN*JC(N+ev%BqjdOlXtg%*%y;Iuf;GMp(r2%ne-wEf zux2&DJSJ@=0kAKC*|lBK8;Si7(DEur5gCWpoPil1yaO05YhEW%wc3V5BKoIP(Nwk;+32`S#&sdDTMP;w7pmxh3Y zGbk(zxW+(4pji6o_iNv*=+9YE=*W#P_6k-r3*+{{D;88PY)02q zg;f|8$3N4RVc${^tGsLssdszB^(&USmuTr=G`O*L9_ciQ_j!FK-cy$m>0PY6T6)c1 zr%-z@{8Aus?QkmR`rNjPAiXG_MW&Xp!um+VSN1{MdgDC11P+Q$n#B|_${<! zqchzzVVs%mmvn9Ac)_uV(p+_t$8gN0*Ihk9qS6$rNg3ZLubbn9H#g^xq9f;L*7>JV zWOz%&8kW(Qql6}l#m((96lifOh#%};JTs*_vsVvz0M15QGJ*`qF7J@ya8j=lr?=$K z;Gh@zy2B2aCK|(A{Jz}Vq?dn69AS-0A$FjaYjET#s76CIJpt2pae7znbX{G(N9rf>#dH4N(D zfO(D>?e7UIiwF$KdhKd6lsH*Hy4t4g)_-+RzTgP)_UR%Y{AaigxE-nXYd29R50I?w&CSj}0Q{`l2 zAxDY+HvEzXActkPxA)ZldQN?%?O52W_WV@XQtQyPAvLV(c>I(PMa_ss2@zeEmvFX3<*=CpjHy%gHTLy*md#qZen0a& zOcwFL=q*%(Jl4P(J$`ip(MQdmc@}mLzqZP1PU^aSidoT-9tnIw=H>|xk zkQ!WMRfO01fUfV0fMKd7(cyi7uIAb_6O0iwz4)T^C;W+hQ0rn2cWOL$pKbFWp z$yHcxWf{a)CqPcn6qyBTY>QKkQeX$oK|(_C@oIUFE?tm4_+^koYkaKVXbFPz`31#{ zgB6K^X3;?1<7#N#)E@ZWjf&V*vQ{Y}VP-ESinMq(k%ZvwW)m$59 zKJDB~M@JH~F)p0>H2yEMU#G3m8BmCTGx&gyHlFGOs_`T9M|nQBk2JH9K2Kann*_&vVHp@hBG&}J` zLYU&xZzSqnrAi-!*>ea8PiUx~E@xH@Afmz*^QB!Zc3x!Y%6Vr*WYkz8?gYDW<~;x( z=C>I*JB}x7C5Rwb0cjRG)2ee_m?5ajj56o@Um#C6u7X?V`*%~~(svxPw!USS^hqMm zvkHy{uC^d*LiwZZu7WjnX?z_TlB~Z_5fyi9)+^OPI;5)_%t9YQ2-#7p%<0A|kOSfT zU%0{w4rZ^J7P~poo~*#&fP2gxs9niImncGOAs_Dhd}HXa=+=#FBdotW{=$`l^0!8T zHupH+vU_41m_Lq&TYiS*ZS)>~YZ0>GI|LWvv|9z*WDGUGSU?sima>+zk_)4H%rr|w zW5%%M(_Y%=JsR{(cBQsm0I^*w{+vQz^ZdF98*&#W!B>h7HU_xd`RzF1C1;MgoyM02 z0=Q@Ng|{yQCENg#;0dV72uVx|VXhX4tymdUKU*oNwTdbU*1Ahih-wi_@kOh1UGtG= zInf0<6+(px^Tz~jBrOK&C|4@oBFC2IV8%iz7h6*rRhY;*jLF6IaV#7xJ}Q+<%pyCS zs5({b=Vo6SFoE|*uQ1 zOFzTi)??gAPWlZQHR%*j(x9o%;>|kC_l}i1@jpwp;au3-*sd$`>|X8l_HQ44Fs0H_ zlKf$KvlNY(6MTfDkdEb^sb+)a0+BXc2hytu`xiht*Vy^Sw*anY&R?c6s!rriHO;06 z4iBg3lrXq%;}k_~IY7P2IxCL_BxavXy^P|gg+_3~@>J%-s)v?syjN>u1Oq231(jzNdUD}?s z!Q&tl_{=`YZ7)qwKfA8#unpO(Xs|T{Zg2lF1q-W|M1-E>e9O9qIub3v(|6a@HT!qO z>Hu0ifZ8Znwo;M+N&-!q6?r+`s6V^wnG-nm=j1~BIP?9_8uG_v47a!Q{s;64689*Fmix3}G!C#IVzC?CC{GjT%SBx$l<{zGO&ROKRCwvD6Dn`Y4dskxOl|2M0gsP^|qb|%Ija?(!xGK zVsi=3SBzx2AL5hNot(?oV9PxO* zr1`Tme@4=waH&VJ{EMQu!YLAWIsb)oW5Z-9NhS3ItbMn^Z7V%VfQ*uW3Mbp)nvO0(BudYz(BSl2sERF5{E&n zBAx3H#)D2$!mC!ppKuf@%;JS6YFiRtFSw16&I*KX@}W(2Z;d9*9mgh^sj-pof}lhnrZ6JdO?zrq;|x2tq|@B zozh&?!({zCT~$X|^<}RNeqj`Bsbc^SUADMfL^igJ-J*5nE2}E%^zHk@I*y5GpN0r` z+3+U|!5IdX;6WY!Q&3hp>VR1AXT>=Glx_FS|J3GLcTE@;ge=oT!rb zeo;!fo$-ObdbX#F958Zb7JV(xO1$zVTzUNdkuM(z_?YL%6^17EG~SG|Go)`U zk07Sgsx)$Au5h?mtE7(`%YEzeocB8u>gk1?u}TC9vf3rJdp055RS#$W`pe^|y53dr zf}ucpvDE~!&&~LxPric%23G|=5lfxb4=%pXNdoDKHl*21>Hy-LE?5j0XA?;_*4xPw zmw{0Z(P_HPSz{mM{vLT+kOS`Iwzl!7;-v3+pVdugZ0u46s}o=UEb_|9$?2bB*W>LFp)` zDkhttW7HphtT@UAao)Qj$~{kzy-Hh-GYmw$Z$1TlwoUk6KBb&{>WNnIRYz2j2we5FdEb-dp6 z)}(qzw^uP*<~}oxOyBj;9BJu6!NmF>F9d$WSipZ}>2+qB_;X&rtBB&B3CSKc2}@^L zDW-WE`t}5a#U4*me5mz$b?(=X{pcD&408FyBgV*4;d@kWqn*>QEJ>|lAjas8ah>~+ z4#^7*?qsMt*3IR{SN^Y2y(eFAPz{2<)JOpr6m5Ha z?`f|%@qT+;mfC3!3ZGz$dA{;lf4tq&3AkVk;1} zs&0MO$H?i2u8Z-1X+m)20)d%Pvee{vxMWxVl7)*Zz4e;DMQA*5ktm%(UYe;2D+^^; zMRd6e^g5-FnHAc)Z39SVqIj*0JHiU! zU00ULdb6?Cs`r|H`fY-vMUs=$RxV0ddbgV3nRn4F0%q0A#Zd|rkRE%)h92$uXr;~p zqBx@5>m5qWZ>BtqdnBDfhvg_eK`glf5m(joV$J5)#;|n5cTeEQ0>8$x#9rPiOKumb zUXJ|o(YlaBOKVTOcv>8CWYO=sg6e=5A;stJz>-{7fP~&7X-d(Hrz;Fp3)k&|ptGaR z@;+E}UNpYu@OLkh-qXXtBWky0uyF?@_eMQk`YvPEbV@ap<7cC$O(9#?kT(Tdm@3Fh z6UnMT1Wfd*-70HJB~e56-PjDZsAu6g4CPxXP4>Le8^<$B4w@g|=qkvn(aS zM~N<$F?2fELUckqe(_9eO(AY=#hZ!C#=+{`%JJz$sW?ZS#v_*=eDUj)|1ty5{8<$d zpx>VmuAJVbWKr)DASy$1Bl=`E0Z9QC@3A_8j!i`;x9Zy1qMP8!I-IM5qBC-D*X{Gi zRsX*JZ*nUS#rmWXG=>6s^caBiL9m>LZwIC1p`FToC%$CKtos)YSCxdSe)>{_dx1FA z`tr>X?Hkgl)>Sx-#Un~6I6($2zGoWqT90BiorLb?L62yhxM+HHVXbL%^-7Fm(TQ2v ziJzAX-5r*CwWjcS1M#S+tmwv&a*mYbqGFXcNt%#PbMak~GeTgFQavf2SWK-_(bX5Y zHx=a(b1>;&fKsRzHv_Kv3fL2+3br!om8O8P6p4&h1iN51L9B{poWp8;1`JtM);w`PF*_u|e90>1wM_z0RbRL+onhmi8+ zO1zqg!3A4zQx|h0&eSv{kCC4>wY(^^(b34V0j_d!{hu`=l3gUbM-xLs+$VI8%Bz&swFQ<7%R ze~VIG1kc7{_F7-p?}awy80_TuVEKZ{kgL$uIUR}6ir(j3_`1%$>3cgrAV<*@_yYe! z@F_uKx25<_6G3Uiyo7~%xiu2t`FGd6!`pT3Q{1*q^e%YY;nLUxKVS~Wv&r$@t6iA7 zx!Rz)-M3erq#V;HXBT#LyIZaheas+9xAM$Ce|u^x*5QjB7LB++nf_e zh5He?e1xkcJB{K_MO>hD-6?E&F;!p3j&VAL%fMyjVzmT)Y|q36+PNowj~>-*0rM+M z&QQ3L8xy$FV^^gqe%WRWtt@jWu>5ezqx|b6je*a?H1Y8Uy z9DQG#ouMmbF-4ku*l@wFtli>V{0%O*!aDEG#;9yF()ljo!Q1b_)=WKTtD@7wTWi<^ zwWI)SlcZx?rYuysvKCwdc#5;i7fErU%d&GLytiSlU7O6H4jljWa23glm+6O`WoRU3I!u8Q88+HZs#}o^%ckp3 z;V>08@}Kk)xlkSNeg@zqQ68cjf8EFnhsjrvay7|qaqJO-3t3&SIvMt{4_>U;RWC+` z1~rQs2NPJ80jzY|I*jY%?`%DwW|o@Bw7t6zl89>q%R9tyjcNUN>OU)V#~tS#toCo2 zuHSONcsfVhz%RaAXTB_VouF8Y+m=&L~X`lU0=P)hN=5-j72$CtZsDqZ;*);dMO z%ESt0$m4OpI90N6fKY%qE(2j1Vq`HhQfPDn*mv{EwH0LU+{#LQ{sEjRe~c!MI@ufW*1$|Y zCT4D;v!_ZRd5_?9N@FPTJ-zt*2o+To_L-XWbn#odhJ!I3UB%fyWr|$rPo;B($U75o5xyl5N-+e8lwQeqwi1X?KLE|5@5Q{{28*<( z`Z!MW!KLlh55N*PA!7cYBgX=wO71+h!enmtDMX{fDmriV>NPt%`QM8bC~e*(ipzH4 z?wjcKCI<(VvjMVk|I$p5xLOiCyQwtLTiC{mnWB&vG4@4) zjjd$H;?i!xu?1j~#EUBlWji+c%Z4X4oIAfPHxN#dRS}4~%t9L(y%t zIatf<^%axfChNIL#=HnQ?h$wj2A`~b@Y1k6vpXL~H?R)6C~r-2@t@W25|&+ouP7?;s+I(UJQg{A0}aBdS-zcqV#E(K}zm zsCxSWcC@zNYH0x6^6W(&BE}ts)X-UU(Yu76$)l@BPC`jnn{+HDz}A2MK)`LG1sm3RH772X=52xYA0W%2SScevj&t!04TZkp^5) zWDd6sB9D-w?qoDGoPGXrEApF}go6tw%^bqIHKA%|8N7hjX9so)+hw;_5X^@xVlX!X z&84n>2o}k|{V*JuMO@T}8k{ON;~-n=ziZc|jT&}s7CwJRW|>5d`$d!SAy4pqlU?d2 z11yBkufr`B3esH3q%4*STW)~(>+nXP3K#K~tu@hapr0T6Xwf&<#WjmQ|I%xkywEmB zv)ahlaC{mDfFW6Csq(5OuY19Q>I>lD0Z_R|7I!IVNi)b1-aj}In9WyCp5yDWJj>nR z5D}L!uB}r@VP>AriIJQ}G|4&iNwlqE_vH1>;WLZ7^xtVpGy{@AFFC>m0(Z^G@fl|w z^WhXUuu5l~?(|H|=k0VcUvEon8xWQZfHSogNk?2UVJ}He7fuwJ13I{GQ@FtOVjrrk3$<(3uHXr0%xj0t|C4{t~Mh~T2ad~qxfJ0VyVS5 zI%2T9`;8`f-n&?M6~0#0Kjnt@bFgUyG{BkjlE|}9kYexqn5Q_?Y3OUj?49-Y#v-%M zA^~5+DDm$xQXs;J`+JQB>PolM7dto$dp&nP?UHeG*kXu5P2z*)%dL1pL55*e5tq#$ z9ZHN72H-;OjXH9c%{;q%v?Z@raFZUfG@P<@|c#dE__5v5z#|icvM>Qd_n! zvp3IOx2^2-QK+lrjccvu!%*Ae&9N&!Tim`u#5`QA z@pda*zVO05{?WB zZ#$_~*X(F!Sz9xTM51$IgsEq1=73az3QGiPSzD0d;43f2@NE-uHMo7Cq(0?=M1sCajubWa_eA_xxAW zlYYh%N+A5fht;Q$Dz|`kyKEHBRSzXc*Xc(S`T}=a-iF@mIIz&d#MryVWy!uMI`350 z{@G;L-k@6ll`@-8hzez(vpQ^51j9oOiHx9c_iy^zDgoKMEbv_q#<@;&9e{S@UPmvrn$)WNIjtwPwylkt|XRE}${d!*dZA>b2-FPZ)W}JHKQj}8Fz4}kH zZDpUaxDQb~UrMaba#c$*x6*V}cAzrQT9E-oIjBn0 !8dsDSE(>eBQFVsScFzyV zBuE{*(LGLOHh-}43RRH@OZ)eVnsU)ITP-~G4-9r$atGu=;!oD(wQ_w@7!RhWCM3OA zUKa0dJ>&KI-4h;cXxUCU_cdFG1k`PYW>9x8S`UP9i`eqd`V0s=k^F%F@xN02{HqsW z3Pw#J+X5Bw{rmjs>K4rXc2^7yPk=@ zHfR*1PkQC|pR;g`X$-u1ZvH%uwhgn@_3Y~EE<@7<@mPU`mTj#tKb9~rioU)GKwI)% zGX(0k>s$@LwT+Lqy2^RA8QY4s2_?*kx7kBRMXBwM#zaW$Tb&l1OX10#l0%5`{}}vM zS7(fz{@37l;8d@|uJV5lev70L;B(s6rLC z1v;4jfTJCKzpW302KNf!NMWoiQ_lpOj^F$j90C7}z4wf2YW>$mb-5I!MMQeZvLZ$4 z)sQS@2}@9-^d1ob0TB?9AR$qDXDw+`Bufz^y*C8{Bq2%_>7YOo0j0%?s_Zj2fGtT+4uY)g4Qke6d@BH=Wc~)mnjx;<8GOPdBa>&e+#r-oQOfZRC1(@0o z7%S3S&Jfbov8A~&AJz&L|2i=Tc&7(L5a&7zRrzrRES=sdq>2pxH8qde&=(?GA#Kp4 zFzGAT;~AHLRM+epsU#E$#VD_Sx6|jSZmIj-R#M3$XzpN?W@NpR!Bvop_hSyT70gAhmFpK?&A?Bs07l zE*GG@hdq(-JiCE>@MhillYf3aruETz*2SF?M)H50j*gVwA>8F zn1(w+!G-+IG73u3!JUkFhwB>v{1WaTjG-DVq22f&Ad6F`i|xqaFzNlf2r8v z(CGJ;fTT@<_@GwdIf`+Wy2=1xjfSOl_bT@4W}LRP_p?v4lr1!M>TsF7by=lb||s;WfZ&d)IhH)YBy2%1q~g|E^{SPF#* z(?^N<3-*E!G%!5`v5upl**P!<_)e91<(j0|?yy2pKHl)UA;zILL@r%Gt5j)mI(?KJ z&~mGS74uE=AmZpe`A~?QwI`9WsdzH{FYe7xybF}=rn5(efWskblZB@>`ZUWeD}ct4 zTz%o?3f0!J?7fy@<(34oPJwDjP{KD|g!o0w?&PMQNJ zG<^5To-VvX^6b}PoGRr1_ji$qqBG!itFzo0*ERVitJjTV&tA8hbkFr6>QE=0=fmUW zFnfGFlx!KPNcFhQvW*^JEDoUtW@;A@Rn~lHCCKbl2qa-qGl&} z`Pp0|`Ex(clP#me5*1P!WnMB@NZiQR6v@0E?1WQ>AIQ2Ep>FGZPe{Wl!h5(gQfsJ3<30=5&WVwig187fFG)XH}qi^dUC@(@ofo^IQei$0O1Wn=;L8ez}Zm#Ae)-5f5pDSTx#(c@vjs(5C+ z&(~44Z^JM>$1l0pDEw5{4JVBu-A4f{Q_q9#ve;vdi;WR>#cN*ZgP*M=EVKW_PvMOD z?K~mi(aI%oA&MIc9%C6kM4SM|Hz*V`tj!9LAF|>%BBH7_W0vXxdbeg$k!c<9I39KY zB=p#vtD3|1jL_<*mN#y4nqH-smQDK07#b3L3eDzyB4~DOgp^qqVku^`evZ+&IK?+Lnua7t9p<3on-!m`(1DO`gzv-R%&}gE>j6b~m&dp>((S@`U;fzTe8WTM z#s@_^>K;-L$8SrQLUWb+^_|?R}+XA&VCRmu%@x6W?1B zJ%Fk&$A&8QAWo-u+Qh>Z;?n(6c4p5Q<(KEnzOl>xY@L1Irr7m>$>Up>O}>?lrS1^Z z=bD4ogt+IiC-92cJ{tg?z!M8$?r-yC!o+ZTV95MXg0!+OJ4^jeEm++X$hdqA{faGK zv-d;Q-i5A_3vZIQ?{1Of)w4FhV_o9A=M@*&(&+fXknN9%U+W6@c~Nm@g&|@%;;Dic z3)!Dm^k@?$54!Qo+U;rtXU^@r%17Q6enDBK;;ykg410_J_Gw8i-;-sfpg5xN;Em3u z`lC+^d}{4&`s;&MS54&~^U&+wXIw_G-uAXs4HK$uoD)ds!laQU3BJ{d`Ic+{A%{^mtA2cEB8;9`mgQfOqfhipZ&EmI z-d%-;bRH^|k*?n7x0q+H|Gw}u1bdW%K$n~L!IS;cnlKZm3Ta(2d)0STM%hR?{JuB@ z<$SKPfl#5fo$HcYlu2yy)hf;Pd3?b}qFmOt(!5a^xXYHkHC;}wNyAXW7$@Tx?=Bbob`ERUmrcKs;mpH?40!s8O^b$3e>=M+J{pm7ws6A){|dq zyw;)EJbKjW`}hM{qsv#WN!TIziCSKqoZZ!wa+~MRo|Ek}(!mNb^qR5~Fwxy1!?bpp z9ZJ%F-5-ydK+0j)&$&CG6x>#b5*Cuo&^SH9#*Asjp7{fy7eLvzt&vmWFdPS8a@K(ZJYM!z&!~4-lS1<>H`*wNW zX+tU;h^Kn0qBS8DMVK}=|1X-keodHG@<9?jp^}L?JhZ#h34uJBBP7WfJZ3`sB-bOk zf|=gZj#v!S;L0TRvyBQJPNtu!2&vEV+hDvr|3cZOBsE@jFf^A84he+A*kqcrGJ7o{ zp+jCUh&g}@Vq?rZfbTR^8ft%sqy+<(iaMy5<|RaR$X`mvxR0*hLMJ`n7kH0FF**4# zEaI%(d#tx`9}s~Wu8-dMfVaTFsrVxy4p!Y@udG0J{;N8()aS#AznDO{bCjF3LyeLD z7`eXq>$TEFqYq(fS1b?3vhE5-^ml$|-}a0iyg7eId@rM7E)i&~aWkXgbSVKE%+w{Z z*sx z8rmu`8h!}!it4Tt2tQ!uPpcoh*2GZewlBbPbI38I=mm*=lzs&i1x7!fzZn z<9c;UQ$r6T&UhBFPX=X$m+si17L@L3lm;IPmE%$iD zvM3;_x3 zFyblhCU}8`KHz^JB6pD^cSB=^pFO02ge1p{=z}jBpJC}2W6VrwInB>kn%EGq=>;jw zmvrvht-F1S@Zph|;Iv>vi9?In)ggnvBGrX; zp|oCYdu_5^Wi;)Yzh#GzNIb-rU?P~4bVY;dJo_XjUX7`-a*E;c8-?8=bEG>2Bj&Sh zk3++Jh|7y2LJxb{ePUamnLyqPY1xa{YapTv11$=xR)6I^rOYy2Irj*AhVvC-uIig_ z&s|+pp=89ML_0*GVlKXbZPw)>4mHZftSBKM>dFX0n~4!6cujujV=8@f|CXrfcl>!ZHA!?cm_n4BHRd*T{g)sA{i!ro9Z~Ya-TzHlmKHN zt7?5;IMbpcnCg>Tv@yLj@2`Q+8m)vzPF(aMuGJR_^@a{=&sQ1Jn7Z;2)xTU}Cd-+_ zVUA*=WJz(2u4}<^DgCAP-44|8Y=TA0Rr{%FMV#&Uzh%98|O(fmCjOM*;myDdPcp#xcP<4 zOy7|3Kj`f567``eL+{?ic%}{-UP)6##V`lunP;T>{h2QpcvgS=d_ZMXMn6%*_BtV! zcK;i>NVfVg^&QlKHj^}d_vDu8{i|h9)w2A%jI8<@A2wwuh;x63ocyIox#?`eW??;| z%ZAona_NMdhi%%^49W=Ye43l7A7jZCwtqZM?VG=4!J{~rJN_X%tZo!=g^=X3HzDI2 zTpD+b{{*j#wW1T`pqB6QT-Tf&QgIot1zCoN$P?i3oZyfcrn65d4)ZKM?%&j#7MS?>@Z93ZK;m_iZsTUKG(~6bUig>d!I@ z>8Uvo@09W}gHCTbPC!^X)%&1xk#f7dROyCI4onWC6qn^!I+(R$N42l$I1ZV>4E%7B z3jdj4pI|gMaNZS`0^h|GD#4im?TcxQ@+XGpCfZC%?$~M92DbS_@tRw_fjbns;OM(X z*B}u>_vz;so?Q&^efH%(0t%9EhUG>n<4pSyNESx4RO2gIBxF1ynJLL^vqSxe4?zFEx8 z4-~^UE3B1yE$3MSV&gPe8`W`nqXT zx9<#q1f3#jYplx_fS-Xm6sd@v{HO-HSu2ye%Pjq$=))pM$n!5z4a!OEf_WlsNE~#W zC&x7eO)bv!)Zk8nat!pIWxOmX!^p$`2D-WfxyjIE_=UTghn=t~SH>Del<;3ym%{~G zEp3<2pHj38JWj4}2X9#nlOEI-!h76QANv$~=COL(JEso2S2D&z1lnJf^r(fhOQ8< zQheYpU0$YD&Weq6;s5vzjDK^O}+5lt8;u2vv1P|3@+31FM_D1Uu4}f1{v2K0%LPb*PcmOQ8ILoe;e5)1mG{K!e(Igm#sL7&+ zN+W~j5_Z<1aT+SbE}s~*g(Gued}#XAUC_8%i<%}+lP8IjC`afETz7~Z!sw4(5vv`= zTf_=3^cN1M6_x>Sut+1^3<7OYK)xSddIZI=!0iRYxo1JNKqB(AOCQ&)3nThtR}-ox z3@t$j2)I8t&9e>XH;3`7BVRz%A%42s_n_>5Si|7rVj+wnxZH_aA#ji?y3`-Ls@g)S z%D?%Lr^9L*JE{xW@G)e2JmlY_ySN&4xuajAY|>R$urEXHIFr-gGgNyNgYwzUJC*$M zgg)rbE@uecD3r*7YDn*??>XBJ=eDX#nc8#CG$#Lrr|n7@vfd$KtY%~(p|1OCLu;FK z$7gWVfge^OzF=#4bW%li-PYLD$L=Ju;J;b2i^1K;+wr7jr8#aQ_RL2vKaIdZ2l zx|TMUeg>J@EUAw(`F%q^T5t*U@B%`zYc1ca5}9Po{d@D^(`)OmBOVf!@FOn=^5 zW)NGP&@!ZuL!!26)!J>eO~5=lBoEbqucThucX^$NFTLmmTy!jT$dQpQzgpsA`^1Rm zP%Tf!WQWX2e)^zI1n!AwLEM?4N%(4wJ`L)-rzub6LI2SJGnr_oM7y1I9gm*FWz68& z!Ai@k(OIpZ-#yV(sIEr-{_iy*z9Nr;Tqm%AIWs30Fg_jlq7(uagkR1VJF4(fLmDOu z2K@=N$Izt~7Wkbx?kMxd{I&cq@2%dRIUau&>v9&`=ArzirqD3^>RUixTR(VIeNi?M zEn{M@-n!_VuBlrEF^}A|4T-~fJK0!13MrNkDJ1EuJ>q~FsGbmHP~u?iH()fxDc?v~ zk`xo?f(;XWt=YZMpm@xs>FBepm)E{nmxtXbaj?xg{2R*}VH#nzTr z;Y!wtiW}`pPhPEllk7-8txB5}D=$&kFMAcJ_u)q7Wm-dtOc|u1A$#-vKe|?@%h&ck z`qTTbeP7Go9WQubDjWA^X%`#P&`_myHSX^z>qys4b$?~>f)(_~$Jgxx3`}05k)^cN zY@7GKotF*UA7A$to`Ha!vDLpr8X7-#@v_^Ynfm)fTur4PyO5}jO1QwuZ|w+g4$9qr z`+vL*RmYy&Wc}EsHVkQKJpB2#`#%@tKWwC*3-WV8ej11WW>kMZ3qPNQpU=Y2XW?fk z^}if69^3LqgGa-uHwRG+|N2O%w$b<(K~o7Tg`fz`XT&XE^5#E3c7cBp@KBZx)fmR0 zBzyq=V^_}x3cQm`CG4m{Bh&HI7{TpRKXxT26UHFo!a?YMFn=ffySGCLae^ui0+K#^ zF$V^gKqEcO4Dcn1@4U|Yj1n9d;{BPycSrM}r=k4!b+KFjM5bk7SFs6nJ}4v?8P zfkEm&yCJm7F$k~*(V^-Qe(X{hf+p5(lEIT0`cO0qNFa0{VGt9E3S`E=rlbRX`UE{n+Ky!d1)VeCOnHs>cN+J}EbNja(;q8oxuY*?~qg8*WCT%LVH*0%PXT za6mE-A?SooS%r#(x=|3H2Pzg58rhK;)38o&FyKFJ2es(xP|#H zJUcYQ70?$k;0^RNMUa-jN%*mgqRxh{Bd?6#CphL9L;Q9RrwjR{%{cP*GX5-7IM1X7 z?HG6*AuwgAMBW<(sgE`OvCG1jg5sf#Tz~8;diwK&|M$B7T%4af=jYS${}a<; zLfDI^&Naf5+q@YNB?AWP7Se-+zsw$I8^ruG2NpYmy6j(+R4DgcddmGs9|NYJH|L)r z`bj@2?g}~iH1fn4Kkb#PYwyUc>mTwr0I--2jj!k^%QH1L&#*-(gTM9b+)6PR2$mBU z$uJ7^(rxo`e?axpYBiU5*W(pX;o$9&s%597sC=fnu@dGRUwzhwSWD^H59U4z*>@q6 z1uCT1A;bd<7xHc!n$Q3bJdlT!R7!(5n|vOZxQfI+1Gb~&>uKZmAy^muU}`J-u-E;+ z`B0zlKjs+ZG${Kcj-5QNhos;Ad383qsW|0<(Y73r?Zds8GTDrcWj?PTqr>^Tp#{}9icn;UahSkzNH_L`l_*gXsWUA_no`i`)}Xw zJZr|)<7vWc?+D)aaev3UV3I1CTkqiWZUHaS@Z+Okdf%S#i&s$su1qjW+ldQVZDg&*9zt zKduNR35E#`=q?CpYc@ZWjz{4l*m2blJ7jQ(k?W(l3spk_QKfDTxw%c#9vQ_qUm0Wv zMpgs}j)Ggm)2>G4&a11>E1j1Qu<81Ch$R^DB`D{D@*a8FnVsK;FBjMIa8)6M2TLY9$(D zPRaeIL-_rUy!niz8mtJ-rLwW1Y3E*MXlY@wpsh zeieaH@rhrWDUkZk`wb2Zz#G5!pr+6$AR8JEwuf$IHBZf{O;?kr0tpet22cn4(;}8zz#{mH&2L-s;%LvVpa%3F&10oed4GETu4o7$cIBY+fQVMvFeaQ6#2MoKhTq2yO8v2`7E&{R z!Y_vy&N?2x3?NRCr{UfmT-Zzpg@b8|O5R+Z4I*+}(~7LN70*F%WX~JMvk|MvMt)kB zk28c+uCCb`;@lH%(wvM8@^zi$26?UWtLw^FA-3YewO)Re0z^?bu6*>34y+;y%?&l_ zts_)&;T2JiTuAqK?^cHA+RaFU=NiAdmNObf(o|_A4Ggwra18j*P>f2lH*9K-Q-nMS z>1E)MraU;HLL-3ZQH+0~1Iq;xDDd)Kk<+1EA;BTcDq0L;V1$O|qN-Q_g^rdtoI#LL zT$2&PBeFMj8-WcnrhDtqD(r%_DZNguHcmHt^?|$Ew{2dmIM|KpyZ+tmaPehmhwDal z3WGPt4L^hZv8z1FVX7!1HxeGOw$4v`vM6WRw8XI^%;KMJW%$135(8EvmNz1ud16dB zcsh4=r9?9W;m4Sp;&P_I0TArxN zQ2&&d6EzS`@sV}wX$zim(C;Y>ku4Rg%M;KZysVtF%LbdBUtNT=B5??HzFUV+o z^dgG&4}Jn-V`+0{&p`0|)lCLQa)60e#M$r*efj0M1ErsHG+$!Xsi?iz*{B4ZicpdU z&QUbJ+c`|hisquAe{_**2k1>m3C^H&gwSnYpGB)7d9f`_TE!Dz#qFLOsVj&$8s=XsMzBCYMpX7P9>U zS@jqvE+pQ*Gqz&gccIVPu=Hw=_N}eC-PjlxHYOTzj0q8uo7n+EiHLKI0R^XV9<1`? zm+w2|*hY8rZV~9AhWX1(+kKZ0`#7E%s*z*!VfxJ>pM-vG*VlRyyur}u?uDr)@7(!N z1Tr+b%d6JO?POqViATDE4&_~?$=#3!)$5)RZ6wpLN8d~M@5SWo))$Wo+Y8AO7@3D% z%vvLpse8vH;)`86erfw+R~b`oQ|N0e=1?MMowa0sx!WeTQbl13r(RjDw+f-{_prz_ zDVz}iwyFR?j7Sq~SSMT>f68xXj=CN{w;y3T9~6CGGgco8IFLu!bQ~{ z}Hgo!%Ea_6U9@bY1RH=D9+&k=0X~OvlwF zt}C8Cr-1wo>q=AB2Cp(Sr|TJ{7{qB`cBDC=cP|%dh)(d(2Hn|bnd=X?(tNuOAP@bb zozb^`$nQS?MRthtKl!)DXP#rs_Qnc^OA4*_CQ%%zpJX+p{R$R(?NwPogtcczx_#V0 z)DsuGFW0pW^)FxPw62nFjCfCFs-7=_AphB#nhMDgcQ+DJyP2i)oBdI^;?w=b!eM}v zZZc#M{5LB8_-tS9x;v#ZXI>lZ*QLLsc-HCxVSd9@w1lmgIr+L6x3wfvgW9LY33u0rLLjf*kYzd zT2(_D(%sdr8ImK?OQ{TUDL}tx+$gxxmfk&huem-c$13TUp6Ak1ON$XjGN-!fa;c$d za;!W39cK!aE=Ktp_5*p=!jKSXYVG4`iBi+juHNGJ8sF|zRLc~yUM@_^c4N!f)oLN7 z`qrmCYqmn{HH~i)>xz-C>+0&|A6DALSW1#icyt>a3QNTwh!ua7=l#d28eZz2_j^TQ1#Dy{D&e z%q4`j0Oq$`y5u*S@!CeXQT643pHaz)Vr0OvK`l44N1wI@u4jfl@n&j45cw%djYsn8d2O_u*D! zawE1N&M3T~AQ#eiz_76N4TL!--cFuZei9^NoNL- zm1|MtF=(7$>uw01G81WnoPh!#-?gZ0O~1aORR-Rkg;5~;WyF!|*AoT1K}V+PV!dBE z{yjmiq58p`$cW|e(%7{&Fs=d&qIRg)Hjb-29J?E({Vn6b3hX4w2u(IOs&HQ(?Wf6T;c41ZxQTbzEY zU3f0}RbP#9v&fB>q^{7h^s}jit{HA zU9dqQ4i*F9jA))Fq?ttn$(rfU2#Fn{0M2Bhdp*vpb5<#ZdK8oDp_b`bm)li~ebdK} zn|DaKG_HVQAHMTtu<6hE#qtC2N@l&Hpe75mg`DdQXLGu{`^IG^%-G8(F%Q>RZoon{z2$Gxp?o-?;LB zR$N`TzRH69n$Ol~k14E+Opvks0n^KU?K9sRNgu>Z;LC}>1^K3P6t z)%_(#Fiz)~C2;zjeaTvnP_SLUqyvS^M$CjSwW(V6P&A)lF$T%-{Cc1G%qY406u zsnNxdszAoXp?UE9UD6QDI~hB5Js7l{u$C>nY((1}O%5&UdCt>j;}35ySR*8Jn4xNi zGmDPNP__w)2#LobCzaz)akmQI04>X7FT0Gv_nTvQjtnbP&C6rAd8XkE_mg5lHXZD5 zDPGU9j+gWOw%lEMXE`Wi@0wEABtTZNLnq--MMf$cH10AnN;SBUb3?zRN4H4zC0#7G z2<<-4&MF&??y-_G6Oy&Bbjea=sST4T5l!BZz%1~gJa}A4tMF6VHTGmbEAh@W;`9TO zHKI=`jkffzlX>TZsqARwP)re0STESV+(vLiA0q)Kwe8{ljyp_{0W&%w5jOuI(0GZd zxw^%*#MXBg9T~&HD=q>U+N;}f75;drR1!O6_Ijj|aKMjzxXp?&C&ojLhdnuKH*$O7 z{nkpQ*qP`69rNvAhdm-i-gD-wF$N`y=9gV51O=mLBjNf|MPwxPg9^<EPaEA{>!d>zkU`Q z8J5meOo22jmw7qe^P$%APZ3|MF2o0utY2KT&`OiNdZoGj?`vPY3!}dI4*^%OxB8Im zdWo*qHE)Lsa#M?|2IB+j@YSBhhL6^ltj`{0Y8W^tP<+7!j21^upnIB>k|sZy9ENCi z9n+ga&8HH8ARGEi=d&L8F*5LH#;l z>^5%9aAgkbYbv({Wq%wi?`c`~3qnX?c7u!&8tpbP;?%El`bK-f&bab>{uVN*7kmFI zqq@Eo4nPmg{Y=lsn*#S`Jb(kFnY(Q9xn zbO!6`NR(iR0L}K^%y@|THB6*BQD6*Im2$Oka-bQ2rnr3XjvR{R%qp_aq{uutgYXZF z97?=DlvweP1v_ql2SM&0%{eKZA7`;OrZv?86F2n3+eJ}SImhHY^1;QXC92)PM*4AP z5uDTsP7UR!s~>+0MKBtj4sX&?)k=b`_z@O^Ym{krrz8UtJb|2$= zH!Nd31N)om zyNu5f9#U)zxh11nnf?HPtl;bB_n2_=eWitjVh%C!uC7Y%V#{=cx5jHDhO>Qtu-(dN z`2*@iuf5-oT|w7A+jLzgB~bzRFM?eH3R!_LUrVe-K^Mt_|She{z24*HDDHc##Y@G#$ICJ^&Ohw+ktYGn6H$-p)bIb}wz| z^LG?kuq2wd6zlvG`QC%{;S$-gi&&w!j$JrO5IWmmQ~0HjgDv~9OA&!#rfCXv7#bo($qh}l0GkeQxSfQ z`+nfDPee{&chKo865K$!oV0HD{?4}mZzGFv=@AtuD~X=Wc|-Xn)IFS~Y`+#`9F zEWd&_bmP$4sWx?Z;##8-@3cOLbRwC2PYnr0}u~J9k16&23^|ZzWv2ego(2F z4Qzd#LTMO<*V8U)ekjcNOWO@;tK1Dp8J#61Z~t<*5)Di5c~2EM)NA-24sIT%YYwT? zb-P0nhPmmR;>S~KfNnan6qDRy2=kEbz00tyxbp$0+kfwv)T6ibJ+=n{dq_%%d8dEx zCBwz_wMgHR093t9&m5?lyGrL8tW-w*gCFPIhY-R;peh|gqRk{Y*70jJ!#)aeD&Gm@ z0!&a8)B}i@)1nl#nVC0kZyXm$W3A?AU$c)f7Rqr(@uz(q0PpegU&JgH+YqUB>A&rm z4nHxv0eWaMk-t85{531oZ7vNFwV9#`a<;ky$nvEA&kKqjgK@$l zVo4-e3#$#GYtJfj^{^cXDO9DjMZ{9iSw=Wq?rdEb0&ulP=q&{aDU8Ac+}Q%pVEc{! zoynxw_KKCR7$bCgH(F+Ww`V*BlvE;yl$4-^$@J(V*;HRH$6lnOF*RNriA(AxjNqm zIMZUDCwPJTr(hJ-Ov|9bcH=JcpW!foWEYf(Dh+iHB@yLtSAijhFEt~*=rF`Hjh6KA zL+XzCj`A=OjM#ULyV|8<6-dRDiKoZ%jU~tEs}$cPad7T zwfE9&f(WqBJ+=Skr@J-pOCF=6>)PlN8QlxnQR(gv(~TD=^TUp1UZspi#97MiMJZ_; z+aJXmugChbY=1>%lVx5~$y5fx&hX*5dN8d5m~-Nx;PY^MB;ZsGU`1N#SLj zG;V83<}Jz*qD>rQH>lx@7WTyE17H=ABv8C!$C;KtH!tf-J=AHzY(IWoO3eRc`zboDCBOPhiY-QnjQf9gZZoXqBqQ202#Df(E4-t%xpqLuLS73x*h93 z?aXm4w0YIZ&<7Ks&v;30t#9daF_Td8Wdk*HGS-GxGgiMwM54Dsxo5v)rf2&yx#$(* z8t=m#lm`0N?m%@z1rkJd>p@tYn3yNBdx=|r5w-_mqXbq2VeBQulGDaFt6rjP1w#dT zlqhO`{xQNij4O{j*aRq-JiRF}g4$=%aro|oSVKp)d3IzK7+}S|M25E+6v0PvX3zXy zy-0ewB7Y*MY&_SbD%Z2(i(xZIdnh2FbaF_|{erVb$RoCTx9q}J@MuUzdMM1xQO5km zF|mDZCaeh+hd77Oh z^Xj_Yh%h+XC~7Y+wS>;sE4S}vs*V(-E}gHijqM8rr#Z!j$|0FR+0q$%D=LMI{CWukjyyWk>L;K(gi3m0r*b$&;Z{u2}$=+Ns!ju z9aa}7|6?vqNyGvWpl@i1eVx%nh7}kbY%i|M<1KLTf9l1M#JaC5gqK*tn1y23}#Hy;6n} z0kx&HV~6gP9agg)&{c%kiS7t~d()zBn0_XVtrrr3fjLw|d>MWVcWYWNyAY@*bk zmT;ryaW2ySd~wDkgCxXUdY`tbZo@NqP>@f>T;%a!+6UY8yg z2+&in=ZU<-X9dCp?k(IYelx;Qg*LPs-v{4~x}gA{DxN1Lwb?SGRJvTm6W9e^$kS|1 z>Rj5iW?X}5ka;|p?kLb7ISP1_slR6~&&oCf14Vhy{pADSm)p$)MsDWk=m;}=YsGUY zDKH_f*7&)4%cA13zixcc>~1BAd)_IulaEkmn&kC_QtfM{(>37;of7Nj(cmy(1JtP2 zqF>vn-n(I9FD-MNhSiQ{PAv>Rk#Dh9XUc!DEdaiHrVpGNC!wlG7`S59Hyf)4?#^R< zF9{X;wb@$Law#Ntyoca}$8Y@SP@r}Z+H1G{$iStbBp349Ci`p`xwe^ic(aorhSy&% zQUk~t2=}L;2u0Z#bQen6dSb%aw9C8%wzFaL#DoU*x%i^J!(n1JD>m%#v~Or}3+Aum zC*2*<=54Ph4n6aCG=@4e_N=g%q&_{quc!N}@CalHk_q+SwsS_Hb{+oI;UJp~^+agkdk8!g9@S;EZE5Db6{^{#znjE%!h$GBg=#K;Q8G z;Ftnb8>Yh^gr<&{Rb$lN7)ALweF#nWHL5^5=e%Q-*-~uFAI52V@}CY-+zmNU9VyzJ zC&YhHxhBwtBF|>>nr6icT&XcAnW)UO1z=QoBZ;btl*d-nUC0l~eo)f3r@KgsJ(v1z z2##|HtDk?I#90B;Hyx+b$<^4S@R;#oKfJ;(vy{)Fsa5uE7vHp4agQCR1viUf1A1EL zgn%BH+ua$kOkJ1;? zcnTZTgYZrosJ~U8wwZAdyC=S7!no(!O+v+_D8+OzRJ1wyPBIWSioHW{c~dvLkCfJ1 z-dkkxmycxe-^_q_J)X5jRROFZp5zJ>MyZ}`76@+^^X~BrP~Ph?gnFrr)rTr{%!9c) zLrV3uAq~^090%-y#wg$qk!QYS;zGg57vMU>uzLbT!P35+P2AgU}(U zKqwBcgf(B9r&ESxp$@WAiOc6{)1f4u_xzd+6|XYk@qXZtoW7<+K<>o-s?vy<6ANpj z&4+Z)W@27|wXRap%vqzZYcG2%&nOPIRI4#~<+FBLSdG`l1EdGNT3MMM6cOu+1z|hY zjUMreR-0SAgzh|zpah=Olj}Fi7I9YHg~y6~r?Rpm7)g9 zh2@qTcR$-?Q1+Mb@_5$#Ou?^^=rnMiI1?lgwqo~C+}XZsYpej`bPxtIj6G0`1gbIA zu`?+A@Gf$LVKP$54^_{P%O)nB)_Wqu$c;ywDE9LZ&19JNWC;{UZ{42y+VDE*tKRmS zK>x~9$`m@<>S)!n=VmGPK;fcsW!9YhqM|1ir}UUD?ORw{dSyU;elzv9NxZPffZ0j< z4ah7B%evu(8zTg?+zU&{6Ij}V0hcF`NC?7IBI~eK_es_KR~SHJI#l!=Ya&jKLxG2P(pZh8XHaH$T$66%tIv5Oe*eQ z1KpL<{(9#vm|`O)3_Q|ReqnD*BE@wQc1z- zGBOV0&ewuL_f8|!%gic2H`!X1VXcSPE108!3-M>t;YDyQw)%r|yUc!FT=)aL%3@(a zK1H)QmtjOq#h#6UD$eCNZ$$&?uv2ImTlJEhr7U)DXkk6h!8<+9>l4z)tZb%ai0tny*@D6ye>Et3EhZ3ZxP z2;^ztWHT#he-~E=Ys-MbKzK4<1Cx}$9_KJe6X=7vFF!ljev$m*BA)aVyYy#MEzv54 zp^J0SAqiuX=zWryJtl4EXoqu^hNNs|XzM6OI=q+d+^CTt`cd8qk&(d0emJA=$(CI$ z4S^kmRQWDhaB>b!<`cYg82}bBK|zXA7=9C!;Wt`F{VIDsp%I@f|3WF`qguzgq=4w3(I>;Gc!y@Q%e|9DYcS6L}W2)$($X^~!}7?WL5SZR^oiGXww z5LlxIq9UQgu2iYZB18xfx`;?1b)_m@ERaM%ijsifD};F7-<><>&Y8LQ{&D8qx#yhO zzZhni@Vsx{=Xt;1&-YXCGQu$_V1l}1HJ={9(XML+?(|sjSQ)+Mj~&@(VgUPunwkq5 zbl8FWw1xt~QO5LOJ>LeRyNlp44WQKK#=vwJ5}Pc3*$@{^sBw`sob4%>%4S|_=FI{x zhd#82SOIU%BC+8!d&1-ORyfZu)v3DE6!9RV_bBI~*j`_!@>-i5zYEFA4EF`W1*|7+ zrXNo(Q8{X&Ma&y&u(zoDI7m2LXlGF#oVE&@S4!;;EzHoy6oqpz5s*Tm0_^Rb#O|@H za{8cA^D?0689to??N#Q-ESUF~kzs(`CJ0*~HTDa7Jr`EY?6E>Moc~0^vpgvv-?nE) zZ?ue)gFOF)XL~OQ-|}vcN74-wUBs3uraH_UP~*^YSNP1(?whYT4rC+RCAQ#q^HhGP z<*Ez)ig$=E>qs8^g$q6S0U@SjXstcxH|LrK51Ov1>=ZF$=;NZrI`{tO)urs~jTfvQ zib{n{#wY(g$fXzXR%IgDK(0lj+10%CFoc{R-?Xi_!i|_iP9tUGpLB97TmDxb=^YS^ zfXz4^wW+k9Mp@V4&wm%O6aIKf^aZAU=F_V^1WpA&u_0+{R{MAQByd;xo@po$auvWY6=WryM;GysV!p7{z+1T`6a~ zvNQ0JgU0wZ{p6AAIr+)ZbXs)yfjQWmC;R4pR`E^*<~4YBy}~(RL-$Ma+C| z5=~#4Ip3aN)7)Za@ugmVz=&#=VM=4qPRHozZz+oG|MXoXC9YA(c%1xBiYsZ5nJo3* zh$)`*gpTjf8;7p#J-u{r|7FL4eZ)&qMZP?H>`tFPAkV-^Bx?g_XjR9MYS`rq&w0z) z2zkz@6GH*KnGDmjHtLd}i%Bb1_f1~EpL0qpS<2|LdemA_WSaPabvgE75%{)>{wYY? zDWT!IeW|`|%XVNoEl7JZCC5jhT>nI&u8lm@CSi@;DpT)S?NSjLTYjs>>#c`>1~GfU zvl1p{Utv>wx|!`!{&Bk2qJ!;`ddm!ciGGQs_=#;qX+wrygMU5tZ^?zP!nsHQBj90mAru3-4QbwzL3skWYC@ z0JbnpN^Y_wKcJd}k&8f@14M2{M-=%OFk+jLIO4HPohy3}+&(|qafKJnN^9)ZYgj2N zC8steMB5xs4DjP&Z#_gquH;IC0j`-*X~*rFd@LIOb~ni$Lsnc>3$}?J4$QdO9QTkT zr^8uH&q0LvslZu3R;T4PNd%mz412i5uNTf&Tn2f_(Uw$M?N9}YC+hvY_Yl#{0k`ZH zv)Gp}uD?Ah)}$Etyi#jc*9LCZ>RKO=hziBbitpI$=aCU%B-{bOI)+^(EwFB#NXSzL z<{8N*V8q`Ij#fs3s-oIi7)_~)9+RD{&;OcR$E$qMW;ub=>^qK@oPB0m)Z^!(IyH}x za)lPoyohRWzup*nqRs$zw@^%tX2S5G4IOcnEz@vB%t-S(;p`fW5w@X)HchsH=2&gl zpsXsP5PL&f=pQM$fp@9)2a1D|YHbmugNO?%{tj}^^5$rrfoVn{Z?+Wh>jI;r*4T!H zQLg2@lAA8yp3yM8^Lc>AMv5ScjZRln-Y-h{WI)G5gjydlU?f~4Miyx~!ln@L#{`y~ ze{gYiQ7{P{G?5Q_tKrNi#xni_(Ir>jle+@cUx2;;U8ln4aG%^iHZD&U1+`k9=|>;% zd30*AB(hsq&A7Mnj3MENE_B{Mks(v2vtaPbzDW(sLHs=Es6fMyalwV2SKxl};T^rp z$Nchg;lafD38WDg#-7i^=`6%#8-`C`PfELpg7#W+UL?HvX`!|KfwFxRHfZbkT`H9j zn3{8v_plUl{u`6|{8|MhO7*rU<_Q*uh zUI||^Z~Hxw`s6}iG!2kHkd85kIpMu<%D}I@wVh(Aym|IwDfG|h#-RH_lbSofm8Ej(rVO-rTa=jHbvRC|=m?Jwsgx-;+SJdaVZ&$2^F8P9eGU zP_Mc2sW6wQH^Fh(%(t0#6$TOOAE_1E=gO0h@aF|mS;8X^`C6>x6F@3w>~+{LWv=|< zjJ#|?G&>0b&M)M9VZ1z6z^Mm(Gw~)o3-d#-Dqr+hK!@w^>fDzd5cxGg2f&jqHu{_9 zuM#%BL&CO<2TiYMVwDt>+_1(g2NHWGpdC07RB7ai?0%thT~NZ(t_KM^yp0#`h}i& z?rrm8^XYxMZFm{ng?1p28`gHym9dxJ)oda)O7zF|gwzn<$;HV18TiP=Lf zuaRfpvDZRx+DMBPDW4i?Rq(WyDhrtm*GSD3H6~@!k{orRk9hUY$fj{hSXIid0c%Vy zd15#0{vk5UKm}*SBMywoVBbawwF)Bfk^(96+IwvtB~6qNHeJh0N*~{zhprXVJSTcl zVa@N8o~-u}h&RHb!(y(rxEA@}AB(jxUyto|tXRa^R*d7H?|zPd@L{`6qFwRRsoQql zcv6VjDjP|@Um>A)4Ih(U?Fm(wcFn3mt7iVw+Wi<_QmHg(lAU(4Jm%u%>*aeU{b1;_ zl*`{M#)4oSRe>VJn3;p|SY|ec*iH-UH!3yBiEjUJpL6OnBrh8})`Th6XOw zVGY3clY#mnd3K&R40dzti3;0#0UMq`)SlhPxv?CiyqCZpkTj#uA!}|lU_o>Pz3(VLs1#HwM z-dMU#e)#yC(+>~VAS16$36Wz>avA#fmUh@T-qMUoBJDn5zaO76+8Jc$tgwr0= z#3s2gFA3-B?~=2c2!)}GX>^uk&d%2TMFY_jMJR}{i)-YCcxHf$qpP4RLd#JE@Eh?y zEw4Wof2-u}v*VTWQcitPs6>rHZ6SLRY1dIxvQTMo(1NKDLHk5`owsAWUy2WIQfHK+ z*ZI7``2k~K&!c??ahsFm$xu5D6TshYl znB!*1V=T!|IsE6F6}NkStAIDDj`mt;;WMX)%Ol-cGqk{16GqUf8HNYp;E$_AqQ&gx zbdo#UcwLvTklA6VfC)|kvzXJH#NbW0+N&mIhZFzX=r#qp`AyR`*p3KqURaLv{6+bT z$R*KHO2@`JgZE~q5r~fCedWkL|CIACXI<@Qo>r~^WjWCs&6{A(#cd^El&}UqS<#~p z8zYKODYrek_vTWUw08jOq%@8a*RO)F!X{Q(pLwBW*J(9Lyfy;-S*D9Lc*1Gpa59EOz<2@m4S3y^Wr>8m~knr8pM6PPG9#S=)VZM8< zDkkg(M>0SaKF)H?a+z8t*zeI>+n;p#W_*x3|M(EDD=NDhWM2@@h!?Zl%1@gpXEFje zdsRs2BgM{SpTvmEE#vgbrT{m?mk(+#PLr&1k2$$q-Ql^x*|As$v#ah`6R#qba+JE? zo~u;?dJ5{9Q2KO^f-6WwOa<)G?;2%M0j1$|E5b8T zM%E{x!Md(e|GBPOOfh4kNE|s-RYO(law*0^dsEgQcPQkO2v^Zf5R5k{jr-h?buwk@0 zkWG`(_2A^oiOG!qLtMwudG`S!zA0ODWYZIY9jo zficq`6z5!dqR!LfIj%>RG*h285ESR8Cf8>mdB4!}erX-koV=MQDMpe zl-{Sq)0_Gysx0p?w#IE5XQVg$)e};yNY<~snoPdHHJV*^w0iybqjo!&-WE$RSo=Zs zetpr!-Y3R8YSWLx5x+}6t8uzsYhP3rXUU_id)s*b$!uZQjx7ItUHQt?4!ujBhGjQ~+D<)A>7w~>PQbc{MAuoB*C#>Jl*ym+Sb!_ys(X;63gGJWIjx~t?ICWG^;`WYh-kpCtYVh z%!sk%r81`0nmJhoHN;-~7-=_I#fw)T>FMT(q34_YJ)nOK<}e;9au*S)obaeqjM zGwpw`I)@n;i}g|P3pkO3@m({cbOLFJ>n_6yNi8iFGShnj{XX z!r(&JWT(_4AFs~s3H#;{v723v`Y@JDEuu1!6hyoS*6(7nMza|%6@G(F4l=RZtD(J< zhMUAPH$s#T`X@xq}Uv8Eh{{9lIRnQW=**kOKqHeVQD62iUyCq~{W9M{|wc zLEYgGO}9E@6>gdGyfSmfq|T9|DVO)l@u3?jRc&EZ%u$>KaD-if9+(&JJrRRvtMHac zT)dj#*DAYA;o|4o_7pl^8ixjpdYP_@gOvQbmHf5qE4yd2V0bZpgepb{8l8fnn@5=34K(VePcEE!f1oxy*lRV|KDscW0=&zl1HL_~DYX0|z z7PE`QAri(cu0}51<xfHU%@f@eUR1zR)}TY((k`gyQ*Z6QrMY(%CXM~ zoyRs{X1D|fDBbvVQqv&*HW3|v@u3_RD(@?P*4V z-{Mz7G*U#M#|HslbQnK@)KQom=BWD6~|D|^z>HqJ?l4Ec)B`m*bwW7 zG?7$F@KEbS1=_xz3?3@{@C^~>Vc`VpcN=Vr9PD&24fz%l9kmGH_~^Ze%dOCOQaa7v zuu$c~t=ZD;YOC4u^Q*h&G|H^#&IP~$6)FpWv!ypwo{;%FMMf7NniYjo#GS7kVkZ?d zqfS+rbIw*&fKr95=1&OQDDv!kKi^+txZ1c2@@d>e@cD}{jhDG_X0e1DRuZ)3Q<5<` zY$VVq;GH&*buD_d#_O_mJxMAIx$c_%S6@9+^+hSm#%MUo_Qz_BqK7QssA)vy=uriw zhatLVa0{_=PfX6@{pv&KGCA1}z`a`BXu0+#JYbqA8@3&Gul7Z;)zj?NB-hGZCAXW; zeT7GA_aJMO_P)G5coghFM};jo4ig>+_x)HZ!Yq-qk=}+)8>oWfe7R_8+^;jZn+y01 z3a`bt!@qYdsCBT_A@Dm1-6a`f5eewWz4nRHZ_=U2?^q zQ8Gy8Zx36KV{ga+@jHn?Sj>VKB9TnY#NB9KMQVao8B7h>q8rZXr8YNlt1>{a*p>@R zuQYx(vF^F<#3j+HS;J4Y5H!%8A(hTOHQkg! zM~fE2*9`ipbth`Qo%=5b7|0{ken=sv(A=59@K-fr-Hqp0lg#~yUjHi(zeN6f7XN?O zHy-%q|7+ph|G)p?u;?5Ptn7YC0!gT1j<#Uzl${82f>X77@FNUxi9`toFCEya0#V_Y zuwOvPIUhtcmt5{ZIsl^Z&aS9XrZn%nh;e~P5|M%WBKi`=do+pvR`A!sPe`5bB7Y(8 zg0-M#&3BRES`k4FaNINe~SBYP;73Q z9!4*Hs^pZhoFh+LI~hio=V+t{0Do5hsi~%@zj>y2P1o_qC}{??aYFH(UcY(rzmLnm z+vneH{O_^$?=k=HYwzDO;NP<7f4VXeDwMW|eOtWoT_hQtM{>78)^6yG@D>UH>)LPL zFSZ9UL$05}LiQw#_rUAB$k-{$-d9jy1*_RRP1$<&U8En>KMm5>3MfUycQD~^DE7%# zFj3VL|MfFWh_c;@#xH|4?p^eEk;1eY9lRd82POCePrVrYT?EnmU1Z}eN|2nlJ_mj< zSYQ88^@32>~|6VE~*^_Va~z?Vt7F#@~Qo|$Ru!;A5#9?%lv}>zb?`%>3Z?z zk6is6-b#|!u6uy%+s^N~_$B7)jECmk z|ILAl1HY)bV!W`&|9dVo60j9oSAu74OH3N&OAXzO6N+J_?cdB37GL_p!&8g*arj*a z^si)#wf|P$`@iFFo29$70Wpzp_B-SIM4Z;1rf^JX3RG}ZZw*=VC8zT_C`p`FmdnfD zU&$-)j{_9cy45z&KG zbI!=otqEPKC;ZU>6pC_w2F@X3@e5?5Cycwix7bF3WX!Cn?PeM0XC7nyD$HO90K^F=K@E1} zOhz2G@u;V*1!J7CS%;U+7f#T$_HdSqO#J-fz1M~o14q`Bf!5a{F*z6J88X8WWk zI_9Ca{2JSsv}9c#nP~tx7b}_H&C3#6M5t--KL|zJfHdNY@X%zh;(|B|3f%oHFvqTG zfTNVV36efzzHL1(mnL%7X2myd%d_iHvYt9sM>wFp@Un_Q24~fM>(`vC0j| zf{~fAAVB?0{|r6O24fA&XY-~a7Q1zCvpf>}nmi9+PE`lURw}vecSt2m_f_pPX~Mtwm>qY&CCg}d3ET@25L#nzItX7<$R-~2X@)75FI>On^=;`J z;bI!ermeo>a;!ymgJG@9lj;3z4YPUA%r-08{}?DVe1Xs0Jg-R#d0hd=O4#5f%p8gj zR(RB>XjHu@f?Ax9iT@Cq`d%|m2SBD*fa8wu-=Iq(v;H$G0D z4k#(^oPriiz@2;T_K#>w7vT zpXn^$4Ds`Dy-U#O4ZTeV{T9R)Exa$$seNbCEduHSZBauJt`!O|+=k$b*jZ1Kvo%D= z^-;Y?{dS{4*P`-H|9+(m;7?(n>Aj7X4^I~3>k*nDcau+`{|eugr)TtyEvVYF0#2k+ zUBWSvdV;{yP})4NH4!F$vHpWu!*BP^Ze`Kb%o9zNV6&6l^uaBO2{<{mzU)ImYf0nS z$r=@#xH~Ue5>2!@*cAC9=W?x_>OaPZ8v>tlm0GhO{VnKu8$~lUEWzQn^smZk9YD-k zlqw)-P@7ywl~4nb_O}VVSs#-AKT$y~3aePZuZFu_&RMxosHb>#lTD7@pQ{vh4e}@~ zy@u_@PsrgOY^J0lF_PG)y_$$Xwc`CJTK9Z8Cq8PiIly8<)t9Y>I{t5b&(}iydhXPc z?Y-_&Z<+3#5YnE$1^i)U_j-?I!DgvNaSEy2`Jcrs?{~P$BDit2r+H1W+fc;heJ;W! zw(uDrXI*ePULgeA=u6Bh#2u9;>ceC`#Z#D}9gk-QTP%wLZBiW$dxC0uPHd;~uv~Bk zmDB!Hu;KNASB5xU$NA-gw;7*6-Pwp?E)=U_!qK zDZSD?i+qHg=K+q9tYMCGk)~-qhnG)Y z-QG%T_t!xXQY^l6YHt0p6Z3U@L7`gn+$u&ru< z^&gPn#|*#@2^CWDM|^I_$28&`lVUj2?S*1mNP}J};QB(W;{CqE1Acc!} zg^o!Y7J2)@{M#8aT4RKNJmk|1d*<`^j0^cM-_;J41(~SIc0{g~l?eH~+uGi?B3ItN z>byGQF|u~X_aT>vGkr$cQNmtG?wYWN)tLcCyVy&jgQ!l{fa+~-)qSDTiW2O8vOMmW zyaAK~&V&!~=gBkmoW5SK=m%z0v0(@e(&GA(K~Ueg3&( z^iS)xeQ{anHHK zS8ND@_xooCoB)KI5;?LX(j`8NUzG-H!{iAJnt@Y(N_Z-U@LuI5K0;e)G{D2Ki%8@E zffaCroi6+dOJUdU6fY=0t2&59o_QBf7wXJ>68MsR7z-Oe0N2f{oGZsgCwsqj<~5EY zetW?$@uP_&(9k%!Gg53}2sNKGdYl%hz5IFIj9b`CrtKe~n*VQvM1q+~&)C|Lo&Ix-Ow|5%n^Jga{^;IP7D4uN>iSNjUbs&VM zNuKm5zQ;RxPDK@ylqbSkSmd>1BRLVc=L@An!LWKBjar1x@yd3(h}IxWghtr7 z<2xT;qK_7$?9JH%uDrhfP;8;`OnzKnMA6dCTob6LEZSu7xE<~+f_vz0{{(G@8hV}C zONfE9JXs;6lQ&aOEq=>xD>Y%>#LywL1{}HP-$lgdU3htU0+YXhJi3}?ipPFcqWJx( zLeTuimg(7NFqLe!(o@|vaivJlnkoMu`#fz%uw22DuF&cEfteMpT85mr6Plpj1v@yo*}HM4);~zb0-qb4{$dNMInoXZl!wm-z=wewdc=}3 zh)z&)P0mP@<8+f*<`FzhCE&e4b5yo^dwKJmWb z%z|=f?#8ctG%XJjQMyb+&uLw#vXz%hRvH)J6WIzleX~>lTz;^2MLw9t{*3x3_%1_V z-+MaF7h1ObZ4{+JD)?Z@bS~#?l^Vv8?~b%f*g(!KIMCKEWw(B-yPz`KXC)Imp0Hx& zRIoLQMHv!&?+jV^c&W&=jY0-un;pwMm`mQjNB`+IL@a4MtY7PJNcX}~_zPYu^AdfW zjo=i?>+K3mthSBZ<>H(J4RPjsicxbg#@aiKTh~OdKW`V4=fh%+X!%Z|!pU>4cD+1d zX9G5OnRR;358qyyS8vNR_n0z8$@%}*b0b^d?6$?VFRe1W^C@PI4*nzfE-ku1FIk#) zId&Vq_;5-7Zt+34YU_Iz^2%sfO0Ku-32ZSFSVwd}(XYuGgj)m~&nfu1)%Z{69yA$n zCOKJzJ>-R44LcTUG2Qp9a2autCO`*N1ZZ)x{{|ypPBN}oW`~0=3g0e-e|T%{q)3FY z+a8h*`=qSG4@c~Be}bIZN%(U zIJRWpS8rfp_4aShP3e!wo)AmxqK*wm#!!(X6Xj0(7J?&+=Fm7=Ht}@6mO_}!J4GjF zuWLVZhS!h-6J_;IW$r7Nx8O2-XXiqTpg<3qhUr=bkNVHDo1)$S!`|vtJ}MJovQPzC zQ`6%Yr*{|}0k!$l@=DDVP7HK)H#vp953%pC)|jqsjIwHC)RonF`PzuT4G4HU5F_@( z_-_p+-kxM@NhkMKv--e~45~3H;E|4NR=veUU9DBFkyE0USghlF*MeZ>!HZ`f2d;4% zm;@!zkt(9z!nxWhG4jPZ>3Vae1g_4DbLAnHrd7J?I%iJ4-ujw`kFJ`XVWK1j@%*fT z`A+is5NG55yhN~fvbq4xW3kAow>D^FBD%S)=WtP6(B|z%vJ&sF(y-rxtUePjpDY|V z8)^|n%t-0hXjjIk)24SH)o5R?EoBQ8InsJ(e6>rCQ$$t6^ae*f%>xn=e}duDh`G^;z|>W@jUfmzdP(djOwY>#48XiquqI3`%?P9-dD zGgrOd1$K$Gm=O1^eA^9(kxyqVyG2}i{rPyU?ZHyC=z|~=ufSI68jqW}X-&g~YO5@Q z*D7iaBNbb&RGkg%Kauvv!A-QTN%kl1jfaJ3UH9I-w?ltkUJ4qlU3E8RpI1dW~(&* zA={5QBswJXwlO~#hu`x{9>j{1tA4`1o z*ot*IA?7ePi{5i1efwA3dVT2Cj@OK#w#G9rerO-SQ;XnrqWYkPD|5VF$vqZpu+!)c zZ_f@BOEmm)w${t7Ktqu!eXpQK`-Ns{2-jyQHg4ENu0`PpH8C)kNoiPEb}C8}9br1!8QX8=?|}24dk?X!9US=csc?9{RVz~;c^Eje695qRGzC8U zfA#6$ynqb-dT@p$i#_8B;0lZ zWdl$3M$)$2n-0Nc)zdxH_4@$~=2Q(LR4WGnnVf*H@!uNPpE-c$ zl0hXjFLh+QXy9f@3|J#cs^g9At%+Zkv`RCc$3MS%S_`5iO%GgqnX8#e z53Kbmv~#8hE?Q3H+&UVUNxCpv@f*D3+h5B^7?w}|c-T!Q!~o=?d#KR}n}Tcdr`>O1i*-5q{l zOecif%X^sCcu!`f?C69{HH27BUz=~Q{!a~8t@LLBzB8_su@H_AUfkAu;cJ4$g*XfZ zUS4)z;9)cS#vVwQC-+R?BhjzhT>*{2y^C)^h0u?_JIRw*ljlX5+d%7r4)U0()G9Rm zt1boVib0C~sb@xtYLZ(zKRswo@_DbWLItZ=XBfniEt%2&+HIae&|`9}{I85|&xUC2{4zN&X?!2>5G zvD&G;wFE(}kktun^-i+OB%Ce`pQu!8izO-8Ta$r6e$~QP=Eh-bzVZT#fhSPplhxi{ zOq8VLAr-J|R3VagW%D)s`T8ZGhFaR(^tZjn-&SYGHMY!pdOE5P{@~!Q)UD*)lw0d6 zYJ3>1jA=2a0{T6;g1JT>u(JB#I$UYTKAX_VXG)bsNdNq8BYSfFg zi2Q@>QKV_7Z*i+*#nP$brp`cvi(QRtmh;y_!3KN&Q^uY;E?@@X&d$3(-)X+i32aoP`0Lm?Mj?yp*PMx7HY*FawL>gqXLf&S#6 zZ@a#{-iE0ToSU#iF4cotdGnn{G9>8r0Y+ z9OYmk-(1=~>(S<@+!+6Lv$TT4U~da>li^0Rm34Vk|D+e+&U+i5&#Oc>;XI(GH3L(R zgWD4Ar7)+NacU6xhfC!~e_Sey8@3?*+`nLi_ZwWX>Rg$wH4jKta*H$pEmwjuZ*EO6 zVQsASuYB{JA>iBIVJwET!HR)mDO5GNXZsbDaJ(3{cmYMHK*Qhb&3t)o0xCNW;rux$ z#nln+hV0zOp2WsvE%0a~fa7eLfQa|UQ#?9d6`n--Vs4mL-=lG^ud5xk0D{(d75XQc zm$$?&)n>XGDmuZ8ISw;NY>ZOvde0P&H>vpJ#vWiDjvjp!=Bt`PgL~(mV)Rclrizbw z($NQ94TieAs*Yafd%^R|!zV}1K48BknU{Z9VRvVpE@;@dK43uNv?EYct)|!4HEwNR z7Z}XoML{D>gV!@VscI)tB7I1lEU&njQBMkUJ?$=XvrM6C0xcMkqmBqm?S{hGw#esJ*Bmc6B~1F2 zdOov2NeMyCajSU>c+b=TSH^so)_OZTMg|9OD|QB|*%Z)H3V$TwES}w0b?8%H*;#Nh zpOA!RO!wratXEIQ=;>$XmwdPTlR(9Asws?-8q z#X*_3l!_)yT=%>N+=xEIu(OCXRhjbX&alZ=hv%GMtp_C&j7$Af)jpMHpoFFz+T~T3 zawD&7HRXe@ru3kXfs3*}&B~A>=cbZrvXgYJ{Xx4r{YTui`wa$lrq5j+W=u!U_`FI~ zR>jy%tw)j{UrDrfMY|zZe~JH6}VFb7}nZoOd*MYUhSu!M^j_ z;l$3C%V|laFatr*7HhX1JKLzQS!kzFep)m2q6;|1#HUhSJPWjVWp=@!1iEv<3TSFoYvEqwQ?TsR zWXX&zs5$v=wg2OP1(>u&{+}}D{wMzvhz_|CaqPcm@n$%65Uv?JhMzU3&F?yMl=vnF zT$-?#^ zJ6Ql|(&uQ)y%L}ib8lW=crrqXKy1LqFQhSi^Td7qBR$k0pj+$N?a}HFBXU(qf6dN6 z?_G%;?2EQi$b1{mes}eWXi?bHY3HiRG2_q2M(YQged+vxz&>K;z~rO9xgNd24_#`} zlA7;PkSxYxOO7Si!$kDselUcfSrsri04qqMB)3gf& zOrqmMOnvl5Ti>|Us?6L44cVN14T+vQ{fpn0r9UWcv<>TACItp~qJJL4-c~-$E75&( zsANeo$u7ZAMms2$H)7(4i#pe5pe(v&*}%B+v^Z6E%V2$XGF}2N4HAHU;%go4_3+MZ z@_8Z|W|6&dV)UaMK7hp&YW+;*z6Fi>Le(WRnKZotU8JUklIu{P8d%dt19>~H`xU5# zInk#&tcLDDw?4NZ_F19{zK25e$QvsCk>~S7p|W6 z&gSSsRN_Xis^KfG%yd{rP5GDGcDKPR@F{2r3L{h(Haf{ws;|i)^9e2E#ku(3j!ZOd z8*E4AS*%GGO%e&T8OCC{o-0isLSK4n0CAPX&*OZDd)ELzVu`C&`@oV;`!YenPF|lkhj`bl?T|&H4UYF`#bXe9{pfn(i zuL$D3Cf^m9(VvDwR=opE7?4A)erH{+=%5d8j|FZmtF7l|j#;H$T!p6!Sut&ZA0Xy# z1QySs7P==Gy2w*9t^1Tu2ltEs6RJ;@Kz41XX&iYt8MJQlLd`BS@v6z1*omEoeB^WP zzWoAAAOqV$O(VeP8wybooaTkm4U_>B--(X1XV{6&==*v&= zW1(k%h?;8bS&7dC^?g5j*q3&{G`gA+=)x#wxi{9{OOm`tU+#Fz1BS1`n*%*1RenF< znW{8|7>+A>@ro8E3wPcRgW0Ni|#N~6WwSqWemhGfa)(_{k zUxWjdCqF)%!o@AX2vr@a^?YG<;$Ogx3;d4`VaUim$CVLnoEL4_NWCd&Cp~df*on& z_L0MXXp@u^pA(7q237Zka34ZoTB;qU*pu}#jZk@T@#)F9r%vv<{9=Y~3ap3*^(k+e zY*YJ*9vpRL*3VzmrqMY2FrHQtsqj;vhV_w*7qJP3@PfAT3l19Sc<`ybiWTL?^pCwU z7alzU90V_F0@Rql=52u`F0cVg;V=h4^ggbWzmv762UuU?ho*6SH`2v#|AqTGPbl4V zn7ToWTg~`u<^8eFCvBZmR|S^Dv(G7Mjfb97Sg||i2p0ANt+zWz}oZJ=aP(QrJXHORJwqpz8 ztA4bwhout>UQsXQs$0=MJk>YXC8gJ~#V%2GC(^fYPDYn98>WLZ3uVW&HJJDT9QaZQ zTASxxAZJ#BuJ&Lr4cif)qJ)nf6uz22q}vC@j_p|UzA{wN=XhyU3KZDrm%FuH1LSjs zmAJ&euxWIk=Ut#nL{yB#yE)*7$4kAApU85YrBkVn+O(5t>B&Fz7|~hs4}pr5A#5v$ zd*A!_z#^A_utSP>`;q4xIBj!r7#})2-XJ24U}o2;ps}IW=h7be8j|^CEy<8Lvwk|>ja&2533)p$^Ot(;!HLOfk$lOdA@lE*5ZZl zVc-?LHeUcu_QvH{U5sP8S^7I}9vymtVU#c2Lr-LwUL#QhmI76q7^Bmb`aaTu?P7(xWc1?PMNL)nw<& zAG|nTXjQ;daCipY_C~~gLAbD!kJlEnTlh4&I!_ zNM69)&tX< z5CZH!j_b<8Bc1$Ee<-a=Em0CPFeg`bi1kT>m%Bv;ohP0!BtBolV;J=49VE$fuiB9tG|8z7-z|Zc`!a48!@S z{m}+lBtpNf{=hh$cD&LY47m+5a@&0E)&NRIr-SbTN;?Cwa=%uvO@52BJ;E0Jx**}? zOP`E0+iW%+YVVy$kMLw8uEr}&g6iyZU13gTqiuqt>XP?~_o!E<7Z7~#rf@lZT(Mg)zA3ZV<8^k4N2xBzu%o_%e`gXx=D8jx_ zPDiQOM6U?8XxuxF{z%GWxeQFChvqQ)EwjGy|IE{QQj?KIjww^z$5U@x7cJSP;lF&^2nPCy!yVypY&n> zF{7&i6MWqZAP@ve_q9tFXx9lsc;B-UN?{5Oksri)uc|8lTG*h?;}m)9ynu5~_oH6| zfh#EUFT!0v;-Gq2m<(@d?E;}LhdFe(D9m3y_wlP&e}DulHu+DUARZR>vr9#2dX=a? zN9{LOkotvM_BuEEh3t&!6f$xdd0O;8PB5>*%M`gm+uX) zp1XUi*x-2aGP)n;zq(T!IxCu0_(1|3{O7K?edrIR?DaSGvlYe~wobcQq zi1nHgBG%tVC?Hy;W(G#WcZ(-XV^sj_)d4RVqKZFK;og_FLOfx7@ioaGa{~d`ue`Zh zZa1~Cj&-Rf{Jl*Rzwt$xY6qQpg8_ zNBzmh^>!{g5dnmI?&gC{~Y=WbROtI>ZXKIcr0!27-*EZzAsFg$1lF70W9deJK|x7 zPy{0MhPu@YCWU+WucyGq=>2!WPAe$PF2M7%5UsU%jab1EsGt!}_S&mE014C|ZH32Q zZtZP=b342yXa$kQM_v}%F9MQ?y(@Q}soQS*%l{nun;=lXy|_I+Aryj7X8#%Cc(tI2 z##6+9?fp@SS|NWQ`sdIC$p7Iqx%}_WQu6;iN&oXC{m(n;|H9)&cus2MOVcDrR7@h_ zs(&gD$<5CM{&v~;Z-SNWg5rSL3RjnL+|%U#Lwj-f*Gup1ku}9tU)OI1t=SiqC$=b0f7-}aDOuV+O!)C$&ehxT-(Z+q zQ>DFSj=rYpy36kDH7BtNX3)BGS`-k~T;r;?Ad$fgirQvxOq1c=Y6yjUMUg?#*3mLH z7=I@VaAujwaK2poDL8JY#x?!)!+QH%j7^)>GfbALk?dsj8yYB6A)|P+l4D z2WeDm%9Ql{c=O7qL+DW5wRX+LxgSDv#C` zDaDD3#@2|znn+$O}_7$o~i4M9}-@j#ptsW&CR>@RiHDnoXzm6E3+|+Ck4k~HSOy@*%_o46zhlDw52`#nra>xE#&j&32I-D|D!2@Mj_2GJ8L&3d zD-T_WwkESw_76fByAMwfRvn%Rn-m<~7SZcbNmMHR0Z0z16nim(Z(vcA>y}zmI@GOU zLGt=Jt>N{F!u8)>`adeZ4pZ{LijXZGbbs_%G2~pUym^I9MZ8&^(s@kT6+>r2IG-y# znhhQZ<=`pY82rvcg{Hy*_#u8c3w0vOvwSSOZ3B87`v)(ufLj?n=)Icl0i-Muf5w2> z9lrp{bq=PN&hC8A5tuc+TX#Kj_oCm^+h>sU!Q=JGdS6n+IKxKn*)+xVNvLbvC5NeDv}Mk8P6W4ps(uJ8&@9UnG}4FV zrHgcKo?+A43>)%7Hygi!odNqXAGHZ!;VKZ@xwnkVX^6V32Lwc@=RtLkG;RtUJRdc! zG~niM?(>K)fD$j7r7ZoQ##;Il?hxSg%y)6lA5gytp#K60&cM|l?zem^m#c`NNHm2C z;(_e47VKX(r%%8A^;>NSztu?KRX!jW_%w7t(a~Hqi{JU|VLvCn0xn}tUu}gqc`0rT zR)#*h(l|TV`P`&Bi|JfZok8);^=(~U9@Fm~JIlUS85A)-2JpC*m zzx#X|tHFWfSAo)o)Q$n`MS)g1ExC2!K%G8=pH)-mn^W2O5@6-IHeb0zd$2U3z-XW8 z!9S{H+=j&sK{XHK!#-~O+J{@!&P%97pP=JU%nck5?&+!sIsXb3nF*!>GKJggUpl71 zx$6=6G;!S8T&YI+swM8%0pUM~Ea)FGaMkK;p+d{+<{yfx<}#w2XZB&HuZmPV4nv+h z=QJgp&o}ekuC#Bio5sCaZ0P_ApR}d#x$r~6H~)FcL5|B&_$lv&NTEK@vuB1k7Zo?V zIKTb^%Ug`JD8JtFWZgHcE+n)rGN~uGF7iiv89q8TG3ZV#`otfWOim47?~e1RN|P&cUziaq(dgduBrO2?yb zYS)#L&J5DM=)UGj@{`JXy5?Eqn}%_(@jQ|3npNiV6;X6MKp96)ipss=7C#Vy9VP)OxnflKurJtf z4yPiT*6Z45^HgMg9ODxdXL-h}T1&_KSt(3kT~2v6=e$lMcM!oA&x=eS+_IIb4ABWw zda71~8HSsvxPm$q-+DWhohO7; z`9kg0^TjoD+sl(`qoZO54dpQ=IuA#_c3v&JPe$pad1T~?o7M%b-Mwx?cCE5H@RbeM zqo>)sho=o|XywvJbH#$1WGj`Om6pF%7lm!Wd#&D#synRnhR;)c+tz|e+Rjf;WK*mk z)TB172wPG~ia|{-%XymMcSJjpya~39zxaYz@S{-=k_&$#4j5*PtH%M-jWb2 z^QiVxA&|V*fllrx_N0fZq|uuSopEsD5Po?V114TflO2u|D0(J!1m<{6MvYFwnp+*z z{gF`Y!9FM=^8pHWS5b3YjA?wER}M^@0_d`!@}{&C!2TaEW^O`GV4S)o8X8D!CtX%C z?w77?)DulEtsLqjGzfn#!(=x1nwq7=x&2Xyy>Fu*I7j!R9&VoyfJkOlL>FU4a>a7o!Zk z7&zb@duFqa_lSW%gm3AA3YkQ?SfROa*jiL@7MXjS$a~(SwT?U8!w>kLNo$K0s=tp8 zG}#6-nRdY&P=O;&;*3G;R__*{)I4{F(~gYYN1ig?O>i|&$Za@<=Y<0ehQT^pcj=+5V1j%ym?T?zj5^mAhQluK?^Cqs1H=_{px zO|dn}*QF>_2RC?g&7C9&#l0o+Y*F(CyH94YcX(AGES|9s5e_0`;l=`+=Gbf~&lO34 zwtb*-5vkUwd2hq0esSM>H2uE9jvQV90&~*Pu^LhPRb!I`<{( zQ5~qqmWtR-GOL);IAn{~cvTo{bXoTAVfUYs1HasTG{cenZavmyy5_=MO>7T&#L;$f zav`CN`#t+T$d@j)*V&LFFP6u&$u@k!mPmdq1j5sSJA^YcRXX{QkBQEg9AsR@D;+Pu z>VG2i+H|kgIoTwH{O(>T`{eOQ&Xe(%8@jL0_x|5mq5r>J8}L6SJOAD9v|2#!DYq@| z{{%#Xi+?QgUnk`b{dWrH|KI$dB3zq~B*0|YBhjo6`qQmj(wGoNdBQZcA-eq4?(X_ry4;P(fD|ysh_I;*idu@2TDc{Uq7fY5LoeLe5Y;_Phw)-c^elJ zc?`O5e_BE;2a&IKa>_u(jyL*}_hp3g#{R{Jmxrec+ixRZ+PCB;=+?atnf%<^3wa8v zt`<*XuL7A%P$h69*7iM(g1wFAn|L624KTwPje@1BH^G-dZ}*Y_A@^R&TQ*Od!zZK$7@%hK5u^d7nF$Lx!@NToWb{c64n&3<@*Hys5(%Z zO#^>-1oVhNolo9HWb`NFd8@ri9chAiF8-t-z`>2Zc#J6LC$QuZ?j=xxli}InztOccbxUXXzio>{EU9M>ymXl^c_-3Quox?Adn=rl$-q+M zUfz`rx)uBgCTIL6`X;ZLF%nXf!QjovhtE2i`41^DeBe+M`p43%!Y*R4kU%f_fcS18JY;0da`DbG2DoS zGTV$wGrb7AFhg&jDMoNr(8c5Ikrq8oRNt($9(}r|?D-;sUGefvU(ou*$6;d_7xWjV zxAbU|a#EfbLkLY3cl)$mydww9>X_b9?r3lCw-lcwWHJa>sfIQ~nRu0T&%M99$#+KB%b!<7HxW+4%#0`9DjX>*og$`-lp_mu=g; z!QB9xqw1|)5#8&hFJx~>4rSI`7v8|u5NcR+X}+zx6a6l1`>gC5=9|HAd#fHTLK8&p ze!7A+eJMJ$^I2EApPf`@y_az>`GS4T zGx+J(ceG4xm%fmV;2U}jg|v~l!sgBXr@CSnm2l?nu<{|Hc+38;0GEwoK{FObai@@+ zz3!j(je)VhO%Jew7iD(0Nyt5=}dS8;~ z`?0hvs9GF&y*x*o+!pWBk3~x96_|Tpa)6ZUnF>3kvBggzRwI_T&(>tr4Ka84rPru( zwo*E?NkDhIxA#idRkT@n+R)l+mqY*ML^33}Y1V(kz`4HvO6^_Lad5n(Adr*T#qbe% z{~U@!9Rd1hIHL4i_1#Ond~mw0D7XX=`4a5deu$VryJrFxTkX4^3WN*<8UoSm7!~ga z2@(qdCVjUqJ0{SwZ+RJlIc`GzW9*W#--fuQAzy#I8H(n5z_euI-ebpxhm5vNC=BrST63lz z$Dj)_1**;}$3Hjc9C0a~;UFmvD&;ezlFZ{+bdD8zAl3YuV$*QoAs&M1jr$GL;XWZ$$87b30B-fAS0YP@&!QY;?)MJ}Any7Y zGgf>Z+VV7+M|B1L1nl=-?2n#q0hnEb6Ij!6nZDu^K2d5K1&&RVH}|tiu8+tt$;3Jj zQt8J8%p<8>`bJMZKzNTKn-JM(8m|cJ#m7}r)%P?Gio!B}E zxak$6iJVuj0v%1^)x~sgVvzM)W-w(l&K+$w|AedHs;Jr__b8aO*({JZPzQBT^6|Ug z4Zn@u_@eYW@{Uea!s^buE%PCs|F^YK&=C*yVU4DrC`$Tv@c2n1c--*#?gI)Ue8`si z1a*uJ=5Ub*Xi~UgHQf##F<$MIuMMxK;f;T4C4Mv*5{G zK$P#(y1IbhL&%XY5^_!ipiqk+-gSFU-}1cm)&ZT6fc`DcuTS;i;F_|DG&WFIDw)nf z&(42q?1ZVQwd*QmQY|NH2#lb$!M3EGXP0UxNEZt=T%UZL3_03m{?MGk-r(?M4NHCH z(3a0VqP(%@DiG&{dXDaNMdaJ+i$!KSMNw0AXC}zb#|u}j&alkK;nDzjKOMe!kcy9l zDuWNnD*(Y?nL+U{%%pW+;O0y9H3;B96Yu*UK=#tu(OjVxA4P}C3ha1VsolDKBIAWD zNa84N;nn!^i;2--iOL*xNGAVt=*i55XfRZWYt6cdfk7alh4I}#EN2}KmtLJSKV=Z| zXeIHYw#x|5D&UfRr6Pz9k%Fl+y%<5SI;M>*lROgNt%133p;mf2Zq)p-mI^!Rk2H@u z$v{z4j^tUL9lny9s5yPG!6S3z6PwrB?d15P*xdVXb|Yrkwq`S~w7jr~4xso5Hn^Cj z5~`%Z1E^;uA@jgkuHWBWgSjlx6eCQ``tvym$od1ZZwFpZW#d{8r`J!bX=2_seJ@ng zrK%+NhjtQD2ZGkwXq{r^mo>hy7I$=Ml=tx2i?re%`B%!{7JU;=|0oSID)mpWE^16z z<7m6GxI8(nOWPL}hp8tshD;>S;kUQN^69~GZ6$M*i|ChaqhGtE|NLJcd0zf}%5EAD zwfSiOoFMFgBvg;AIy2oZ#U>4@)1 zt#52zhaVwPBjs<{dxXHe_<)vUd(w&Pyzm7I!;4 zHNZOI>V`W#bf=E}m{Se=cbyHz-gMczafc>}xj)9LQU=v0H$OE5O$Z#S*WkZ4rSF{1 z`>K0BjK1j7mi5I_v+Mr3(xt8om8UwZGzzT;Olw6tI?9))zG5eg2hqkPn6p=Yf9P!H zo5E$A1Tdha6x@;N{7G_kC%G0@f}S6%PSfS1=UCVt+lru0g8J(gfvoO$-)fm>Kt+&t zaE-HKIp*4!sGW+9BA99&Sg1=c!dz^P^rSeO$rkENX1U!d>P@Qt4-4$4k0>?aIf3>; zX^*tvci@0Oz|!hNh~eZhIJ_*d&5EwZlrTS6fAXC8J=To(1_rGGV>o`)`7{Lm9{Kpw zi`yHx&49j|3+j5&7f9oBigTeAvQ!X9I8r65$n z86=o{ybc$=^U1WIpHG0P^TF>mm2nc!s*-P?y#84)7W9fpto`UOA_si%@mqZFH+1`2 z^N*$>zAJ-^zD!n{7%~Fg>7hqGt6|Q5ehQy^>Qxz{%K1v58^k+`$CzSWCV>MhH?s4M z+AgHhisA)WyMF!0(MYfQ!r)g$v9)0j7_OuYs^m+fUHs+#8FD&B(jCkQadJdXS@G=) z7!!4_YDN3rxJep>7D7wSW-!(CCa7j>{k5@YZ$`vkH{F+V-L*8`ukx1+L}X%2(jw-q2&#N%(bOB| zQ#bqA+j=+|XbzZsTc?)vEzXEk0&ZkVufg?S)alq;M)tcES~siq(ow_b5QD0z6nQzHJ9JUTfFe8*tSAZ^ zAvBsA`z*D8QDAaV+6}%!kK%}r7jq2;XmS@@vFGc7n*C@d9J;TNs`nqD9HKq;8}ak2 zu*Ko_ed*-dt&-P<#}m`7~pF-sR6rS&7?hBwrY=e^Vdfnr0tZ)O}|3!q-1@ShVwn4oHI{BSv;)@>zs@S%ItUc1kE zqb|)LSiSMng2FT0IxtM83%q%NSI~dM@)Lc4 zy#s9V$h*P7Ild_O`v6py_=`XT@L}%>+_+a@p1Q)5JI$rcIWD7F|YvrSfc6QPbXNXxgChu$i@YQbN=q z=J~+MG{%M68#W#u_RVB_lRC9wX;k)by$55dPG>4&DIPZXJiyn~-OvZ_mp!tr^Ce;3 zEv<3xmZ)4toNGeVzCoysoG$oI6CCVY;`=V*L;g85Pa6QkvBpvmGB8^-|C~Lq9P<@L zK*;n+3gQolg4?yg$*sR8RQlnnU;r-YlcPx{fFfRu?}E$A)~22rfdP3#*|YLCXv)PW z#GZZMJhVPwz;b}(vTQ2Ck$TJ^URU8M-&DR;%r#W|kLU4{s!^~oamBKrdIrQx&ZbCb zN*nw=gO8VC;iW;cUuR!X3#>?i4K7)`9zE6Nc2f4mr@M_e2j&iJRRXJ&TaCc9AHJCp z!hMycgM@${>ASD|!y{LfZ?m@2lV~iIEEY0>4S)Or>&ru>2#ok5tU!_UNNL(*j6r`= z-peN#Kj!WB&nNm{gmu&b;epM~Wg0iWD+i2QKke&c7xV|U=!MBy1O7xa#?`V)jON-> z%e62c2P?)E-63cH3)dRj^ltu2O_Ir>-aVXE80VcsmB=cL2#)W5X*lxrnMw3~Nb_*L zVNFq(<=}Cr4m+_@&Y2+HOJ6&u>VGM4b^MlO3*!zz6?&8eW-~%1z;B?+$PUiL$Yq}JD?OkB}q+F$+PQ!I>bhDoRn4mIV8D(CeMF6 z8RFKW8|PuL7`o>fiS(CGxF;MRdWN_`@`uhCVWg90BfoMQ6XbP8GN1Bh=Pj|WIqE)d zcg<=iYuz7`^M-G%y$>-4Bf!nAD=Vs<+by(*;)jj@^NeEMbwbN}M2>%MEQ)@cx`C8% zePV>U<{=Kx{TKazBQX6xCT|o7z^P^0EJiDkN8KD*8p}uuYvVw~!3e5m;Sr323$OiA z-Rmc7ftsij5IIo(9uCksVj(Yx40*8?Oy;)@@0CZcGp6UInQf^iL-lLD(Ci;GpZ)mi zOvF)v1>eHwElw4M{TEMR6VHL+`u9fj2;|2IyS3EU?%%L8dG!^(X_`4BxZum5A%@|GYANih`SI_0N;nyrDmP}>gG&Em+F=Zl-jyo}>q55> zRpSB?>0f_zhU?qM?{%)>YtR0CdH2 zY1hImyFLz;)h#tpT3!Uz@VRp-RA7)px=(1VcWwxB6SF(3A>-4{UQv&bH8q6kLTWl%m#pmIF0j~))?FDum6Sm@H z%h`Fds1Vzo$lYtWIxeuN1M0zy#+U8<^Yd%II;f<0s-O9fT-<4@YkMS9Rh_embs32} zPPXs4%Q48TkVs#Ge17+|a8lcKP&+hH-yx?8Dziy03G*I3#k|tkNy>|>{}}vr&=e&2 z-G+dg``eJ^*)fPATWxwd(*Z_#%CQ>iiur(-@U! zQBLdyd7>?=^p8N_p@eS3Ls#C(SCn=mz6 z1?xGJZjf~&&yd9lNvHFX$1t{4nDEp-_OjbSV0tK1F;J1Q;&1Dxq=Q1ymmm7;UI=|> zV0)HjcSbm|n{PGz!R~&##oCP|z`x}D(DX@;F7G{3xtS)n9ks)ub;Qlx^6T#!fV#3P zXwrN+!_s$yN-N>1j2TYF#h?;!yb!8%%i@=>dcOea?O?7We?}mq!kqy%BH=U;aVqv4 z7QoAb9v2vZml+`(C-RV6#{xe@e=y0v&<(ui=d)Kg_t*xKm=e1#La&9w3{>*DnL(;h zoft43d-FYl<=O7_La!X3Vs`0EETwhpPL9z{ASFw1X)MmAQcp`MTn)OS6a%x*F_Mko z5i^v=*!fFtOoo{4I*($Ok)ST_VV$1=?$@2E`5*N8 zqMs45kAa${&-sKNV@&++aUh?!&zx^>;huZ%#Xz+pHq9C^2){Q1B`%&&3@WGW`4)Z1 z46i_miK|nBATriwT!52Vh&QKsEYI z!>2bR&DV97z9_IIH?&6hvY%$^8GG##qKw%WW$=)aw;XYo{*_M0L6Wuc-@=*-%$}!B zZQSl9#$NjA$tHwdmYOK~qPm!<=To2TA^wNcD~i&m{|@o=zFoErVM8{7sF0S3x|G%R$aVI3qK?5U`Y$g(3MRLb2sqJKh+3EWhUz@VytV z0$AcK4j^2gj?)0~3+ z(VeJEzuGCtR&d7TI0p51C-z%$E0x^?4l@IftOlOA>f`Kj(d^lPlAgSl%)R05oCO8c zPq151nG7;v2pr&rT#1{@Cle?7!@JOXugsx=<9W>Np>g(Q=J* z5OSI&w5B!8x{ZP{+fA-m4o+j+~faUWgS^pfmg3qzu`fSBPwR-(zG~1?Q zrblz4?Z(Yhs@lF*vOtt~n@+YSmHXMzYwF>nI;boV3oYP%t^ORK7M{Z7)J=}wB{zE~ ziQnjh^*_$lwv)ZGzIxLn3v}mU(@q+qO^^jZ*>k{yB6U39Iv(>#xs)Du7#n z%|yo~vTIMga4d(E4B~4tzgn;s(*m^*?!mz@*dPp%tF>9cJ{!^xZG(PpqF_+}K6uij zC9ngmcwSzB-M%vrzNFSL?K?9-K`hPWo1)Tas#p`M;O7a0n+S<0oYHh_Y^Lu;QUl<{ z=s9gYd4J1^)4P(b)pzB_1#4F(r&A{T#`BR&({)*C_JQa59hqJ77U|7DT)gvi>m79Y zYIy+_aYf2q*CX=>E^xmNP8q_i+!V5Rz*O7BQQdQ+?r1}X!Le>5j^qpXzsSz-SSVvwxjhtUi7a*T(Bn1?= zN&2?+JgW5_sQq_Iu!q{0*fgKJYBGZrQR9?{m`Jwy@41ZN0IeL*$q7kURWDd63p;Tz_@d>wX|_bg4`C0+E!!t-AML<;kgjCJS1cEQn!8y#}=mMyU<%2FJF`=oz|4ol5zR#iOumA;=kg!KVE{_T~ zKNohMw@Mct0ux@Vt^mns&NBNA|!9=gj z3dAGOGZ#`~%UD#t;oJGbJ8I|C`O5n$VoSA9@V%8BqmoA>N4oO)ogz`W@5+GR8rx=D}QsBqL8M*exli> z{_LFK1-sXa?JKX?s09V^h9&dK;J@+vu>uTujENW|9okAr#+||*nnYa9pGPu;h;e-6 zO8~AMC{PE;T*Mr~n@3K==>bE1cwUA@K2~=LktyFJGbPYkid8}Rug6D~%MG3koOy61 zk{vI7h7~5O6Jj*CNa%7xK#VLU1FRnonsjT)uNrc?by;tjZsfj-3y+p3Z-|#&kEw9) zyZF@S{6%u#0$y%?Mb zPk&^=)o!~CO2+8d=k0l?J)${=&)OACs($u%G+>nDH@o;$XI}p19R-2x#;(IbBO)4^ zJa4fHs?&ODl0q4QDerrJ4@}?yoZ7dKT5J`~z+U40EwCl@CVi;6v$U8!jc+jnIe~`& zKW<6Zm%ME7ds8Jd9b<-6#^83Y8#J6Brn}ac@||D-s0JV{6YNqB*Iw;LJ(#H}x*{L* zFs?Z0KL7Wt0y_)avwv@2!)HMB$F^0!P_F5#WPJUB{nnKD^n{$D8PL3X=`zS8zFD^% zsOrkM=+_%K-nZ8;--eBW9~(7sOvlL&!Ptw@UPfaetm^Lwbi0HI{oAQLR@}$<&3cK< zA>-i-P)ZOccHukQ;Pa(A!FAB^{mTLPri~myaAxQ#VE(q;VjnWMoZ3g5NA30jd^{U} z^t}M~66nRA-S@y610$h4_1&A3Fv;sM7dA4lO5!bCN#MYT4vbtxoB$Tx@5h*UxAQL& z)_9fvFoEl!i6l--pUyU_f`^%6UN6PP{`T5PAeB$PKUni9OsOH#8H4?vY)KHyV!1PT zw`2^4zK%*)i^9g+Qn#TxB^TVji8kpqIG5+OLU7vcCN{b813B2pRI8L{P-!m6+8mN zU^ay#nu2wx#rJ`?br61DzWix~o*Curj<2 z)-+K@faJb9J>y|cl%krwvh(9R_2g@|{q}XQLJILLRCt2zf!f@JO7RJ~7{_gqj9T91 zYDur7n5~p0EZsY4v_dx&%^qG%?~K(P=8)2>-Q-F>%0|&a;FdCZ9Fu=-NP&CH{8(Zo z?hH@l-Wi@yC)Lxq-6XR_1{0IbSJ8j6w$0HF-)o4!mlt2Q6sj0vLMr66luodMzODo1 z0iwx>u>8DTe47?yX!igV_(d*2fHVEzABS!DTTE*1V*AuqI`*z8I6cDmA*irWZm#np z9n|ujBuy%?Z)d`lHlRN@2#)i%==heW#DsWGz7%Ew8BO2?X5NX8e>S#l6`+Mo{+gqy zoa?AV2edhwNKTc=NoQ9U8le`_X_sYa85^2XyY9sqUNz%xhC{;NnGu)0uQ^E)b-{Z0 z#;2fl8;=3wDqR!4@{R0aZaJFp6Gw2oN_>{MV|$t&0!UN5IZd(}3Ji>734sTTxyKQ- zKy%4nnbF+!AaIiq8*HKqTlJhg+oFH|}BtHi(U4}k?~fHD_p0TpkJRkVFFXLsxD4BhkPlMAsl z#x#9tyXVvpZz{s=Z$8luB93bDI0ZY2gAX;qPjvSeSr-&m>+AGgrm`^pG0HcDQ}obI z?7-Q2aUYzYp1I2KXr%ja?TS*nrks(|sLYz}0FcxC%q`a!D^bqrPGZ=pq*vQLgruW^ zB!8vcJY(4pUOB@?bAbsuMJz*EoYaR-JG|pT?D<N)gH_p|H!##xsc!EV{4tYWnUT)l>88ehB+*Os>O zgJpms@K4agyY%&|t~N)N`p+0J-9|pBd3P=+oC#j@NDtA|3vu<%SX!0KC^|Y(r_=Ow zscxjlPS6Wp8woJtdusrC1Rv_8u!}mNVB_~ysGF<&0Xj-f2+}$nXrZ9Ef8E+(^L(8@ z)-cs|$vWe;2i++`JTMKuISv-hmA!%E5XNooMb;_OWr-g!%QZ!$AZy%<_4Q0i_rX zw<`#yb+ll;T6TK^FJzJ#g5P_K&Mav$)^WeFSNq?cx?eABjytQbz`TMfSGBEL-g~a5 zS#@}#F2`H4L&{dA)XsX)GTVG;Jx=&XlUe;6pngeVvn(9M2izkzQ3?1c@Rh3d8O>ds z8|WoABANKq?}$TiHQX>w0g};MF&A%yQv0Jv&Isak=rO2_o{$vd;AKNQbW%PAV%Y_z$XjnDK8BUge zIO7WiLoX3QAI2ZAU&7RzRYik@Rdk_q1=q{4+UiP^TDaKKMyOfyJM*~4g4fM7MVMzl zrY0@d8nd`lVldoPVTO=0$@=pzt{XE@X|NL_RvFi$A^{p`*Oo0okBdT6pM&U54r1z` zLn4S^@ z&ma{Ji}W%Vsv_rQ9N)ANA)k~>a=+zfv8F!EMy}(*=+T$6sj(WA+CV^G{Xau*)M5>@a*AdJ}&_7Au z(E)&<(?Glw%sF~V)9sNn2B+9-%euDGqhOpSNzaG4^kEk0f=g^o6qD#j_7k%;8N^(- zj4Fkx-5&cr*mw{STu^nt(Z$imLU|jzHx62V1MvG%7$m5^ZR2k(tujzxE8PU$ETdo+ z*SuWlSpF4j_jNt=^El0IYkyeEZs z8^xcb@jUYn;rlG`;gB5SFF3_n;H6OP{4>nLZUo<;Z!D|l2$0)=8=JpS!mJGE5>l=q z!uJ=|uzEn--6xo;@k?d_x7mSdTvU4C8Q>8JpSWbY1&KN~!jF zqaOyrAHdKV!)r)Ux6C+Mo*|Ez99Qh@wC@#Ajk*&8ww|WT+c>xP(OcKJO3G_xSa#_NFCEVAq}rozd(Q!r*d80bM5HB!{Md1Kf)B)LlcaA|No2TgPrT$w17T72GN;}_Ofg<`aQTLJ8#QK-58K?+C~y^n|h7aKDEPQN)Fo}4FrX~K}RZMPj&Ef)F3?4&WHSX%G&e~3N?Lc(YhFw!Ehmpx#W5E;Wr>}If-~_u3-V4 zV>p|W&6GYi5Z3t|{;xHBL}+5q@5MnaN!=*c?CkiEiJroADD1jCbQ&bYK>n56K$)=g?fU00{{jGh|~s2%Vb7^`&f+7nU$j z1R*In}qfoVuNZIJ5vrZ2RNng`cp0~C9bo~DWnUFntTmiBA(-qs0jXtsXV z@~nXR(>>wHpryv$z`a~>A7g4_Fv7>cVjw^B_H6oQSYdOqZ);Lk=_TOGCtZXoSudqJ zV>o!@x;*1K+$04vL_hH^Bbv(D!{tdvDjyo-DAvw*MOnHS}1ZHP)z@6X@rv zWG5S@YM058)Ynn+y!~)R|0yIB5GLqyHkJf`u-7N!Ol$6u0xgS5IO~^7*1GL{A93|+ zOjhVC(rTK#BkH0l1MI+9#!XE8;fLdl6{{7yN1^&v(S6vH#q1hSe>?W>owT}Kj&)Is zWK}U33?rBNEa|)8*!~hK7k5PXrpNkC@Ig6T4}OgqJQOCwg=T&*1EBkX*lPr2=akvd)&gXyzbHB=F(@|iu|xekAE11C4!!`% zs_{#2nRh7;xW`~vvJV$5H9zyXAs|~++x|9I8>W=!MYnpQQNcUw`09C29-5Hri&6WP z1rn7TilVyQb?uhpbu2T`YDmvmlVNlMd7x+;doeyc5B=!l+kvn-xP^$FT>qSt#{+b_ zPhOqdafegA?$t2HslKIf>v)DM1qCr!6ZT+sf4+w>z%R8yA>DWQUP3WHuo*uGpq6L~ zf`0?aoW=V|4FzoEFMue+mzDzy<(&5nKwW%z9>Msa_~u%|*%04JWy>eU=X50`>MBp) z`s#DMX?evx+Kb9KUhPT|bLC4gR0A9Xly9y({FK&*$){4mb((R?(`k;EGN--;|XIwm%z@xfE_rI$hd5J3x?vMK5?2Jbo1>U4Jt zroz7K>yuDF)%{lEE#)*^J9@)F{9UBlnOEN$Wxomxjt8OlI-2@FdXJH2An11eTv45= zs5pI16maW!_{ZHc&PzsU1}09ptpH5GaU7R`(1#3maEjz@y)GIl=m?77`1 zz-lb-Hgnn-AhWgTC;eDS`Kd?99O^L;0>B%sub=%89TAlG5sB^)A8nUW>2)17x~ZXO zhI&G|_9DSZwjOzUN%$)-bJ<^`AWX578eVK`!U53d16A4G9=_h)znEanPZWzn^aiAC z$n{J^h8L-SNT+X_oWbN-+%Hw#eWGnI+eyf|L3|?ZQMuw>(Q~{+KPLY*MqbGjQ*yp< zoN8-GE*evS4H$x5HF~H7B=*p_0s021w~6f?n?c~zJ?S9(=Hfg=D87v6pzc-u0_gJH zz>udVV2+R2t$WGW+WgEf0byAJBdPoxtQ{MF0&ApZ+6H*=&zm|q&_6(?U>AZoeUwk~ z<*)KHCRU6yE|dDYAt?hvP4Q!qcNMV)>`{dxrHjS7>76b59LZgp@-oW5eh7IVQ!iJ- zu?%!?fz4yYY$b|A8n3@Pvg&Yr3$5_KaQCJ`O{HzScH6evOh#m$TWO{c<~c^vEf3H# zMF?Sr2nfia%n~#ZMF?|fl|kl43>X508AKpL0w^H!ECLAvGD)I{O9(uBJ+;4g|M}is z_5J#)_Wnyj6;-fS?)$oq^Eju&J;K>eddhv?+CThNHjqqNOJ;Mp?tVT&jH9X2QzAP6 z1jr=)Lt*>&c9`Ub+X_y*R(R&w_nV2hwaBB+6j<|Z*J0}wnv;`EFKj4qEIyoh?In1W z4@!Si59qw#2tV^QsJx%J-$}eUkjxlP<{Y4;0E_p`zj>H;K!AOu$hPczzjOiz^Y8+` zvr6yt0>xi)&1}ZO+xLepk#5T7ldGHD#6|UVAmGrV%QfGd+-q`@jo1~)X6tQd3Bcsh zPA%$2Lv1laFeOcmGQ?M*WQH&09jsKMz!y1fGC|E{IR>nAA}W(vpH(T3SvqsJE;nRD zos%MDodT_s^<+b*>)Sr9#u{Qu)*^em_(&>h%z>_}-&(%fWI@S9)~rKW(LJ~$UFi7i z@i3T;_Xc9vG=84lQ8wWw;XHT}Fhzh{-BVXbk5%wjkMd0Aj{BDsj(`5tb?K-8k2zF! zoxj=M+A}iyzV{djkhw@FK%KQae|4`^oc9Ny1itYkamO3cFSMd;a4C<(JGryq7_=yOK=><6s`#sHl(jKjc_{N6xX_<{HO-RKAbu^k=@eMl`Dj#yJwp@ z^#<=m_6e`JW3k8p-0k1S@n#e}@)Zu8GR$*(&DR_wgW8H18Ns+1*8Z8quS3e-*21I# zs^5=1Nk_Ivsc@fm_7^-o(@RF-wL!QC3T7cA^wdvE_pO)TQy*P?{Mptb@Vxc{_GR!+A6@9>+%pHyJrWE(Feg=n5c4pmLR4O_T? z0HgE0ImYEgCE{ScNsjD%Z79giL$n7rRy)K3^2S+q{FT<~z0<4^OjW*AXMQtmZTlZjz*Vp7yslV5ZZ<*3n^A<>MQMFtVnaMCHZJxXuGMxT<8cp+lYyMfE7oG#eq)E1C^dk0fwm((8^If=0C}K z$Uejij3EQc3`)uEVYA2Q7&8O)Ig8lzw>oDL z`CT%yz&+x0;L{m!X05=FyPRDmwlUf7CzTtJ?fV7C6%WW;j_|N)3>5-$Nf)~U^SQO& zDNJ8ok`gVU4<+DkFsKKY{Sd%Aud=Mg)Jj-t;c;o(4DRN{Uz4Wd_{co=`i=s3WjU)a zbZ%tDG;>AHon7*z1|YmHRXF~g&@;m&Y=hgnQ=;56DS`(%{SUhIc^Vwv-Mj~g%g_7b z-}`z~ZGGu*fvo)k#nN+fYX ztRScv-lS*->$yhDVoozBa>a=k8ILlwb>IaX0eM&0TBFBV-O=)vMn7fQ6 zdDs~-j+MKYIghd{&jtYtes?7i29nnEGt3$Cm9(6oztedik2>hfxyQ)PqZC3AA=6YF zd@Nn#Ka@5{w{B~2wU&{umwpAxy9s>Tw-I9HcncI?P>B|2gprj99znVlh(_@jxOu5G zyjJ1ZTPC`Asfjz>u#mNAmC^h+)MdME@JbIiA19zPt<50tGO=`E}5)K_iMg?WE+ zgL~tZ+Bq#%2U*?p46p;Xmd=^z(*QA5>sRC3?zUsm=>og5=9eof$sa6&5e(rpu8hFn zPB?kPJZa7mQm}E=i+ED`Z5!ldj-}9p!7tT2Q;d&4lx-h#Z!~7CAl`snc4Kv`LQ<}L ziD6D%1wv6)Qv%8fkYi>C`2eP}N(IwgYI1#B(97I#rmSBIrKir76u@X8r@o6Ua#DZr zXn(}2CNuyupw>a$Q{a8}lIxGv*L4XTD=CqdHNTC(hzNPS)}xn0?_E8G?=g4Lx7 zj>s_Ll_v(Mqa3;(+s3oeJc)S&VPf#NS!Q@p7e;DCBxk(OCy*VGP@2OtJOXooHwTe( z-&dl)GjqiVsHN@*BKQvxca3v}VOZt8#K`DJjS_Rck-u*dT$&iXx$=Y*_@O`sf zuDA<1xmfnQfTc|OVDQnEOhVc5#p6DO#(mn0;~oVWQ&B> z#5atvBDe7xtPjvF+n4aLVh?}M{)JPSL-k-^4~_Lb^@p;60X4lmz4u1`H?Q9qYhL30 zscodhb>i!ef-c1r?t(!^AG?4BI~yRYtfG)y<2sQPj@Qm_{Rw!OcU>D3#DFm6Mb{;_ zTO^@v9^$dt*Qxg10LAPAYunr)Z8%bPJvngI6(u@8$cc8A9Xy5FY|?{D^3SGx(T*P~ z6|O;;mu=F)qN_)TR`}qfq#eR?IXDbOO7c8`Gs{a4k)phqYFrkxRHP&P*<$=4Ql@$2 zLA+=^I2m&ToRy1%SK4?N*qI`KaJ7>4Z3CEa%k-0$L8C#_bOXlL$z)b2M0@VDfJAz~ zcRZ;nLQ|Z4MUSMI)V43L9j+NzGCHJ8^)3}$f7yD9UANcZF`-RK$UR{dNiu@DY~o%X zN)1I?@vPbA_+%NgGl{(bt6OU1ydBvsiZEUKQ%{^6fL5#&EER^{HW|h|!KEe-ZgQ1T z_i1jf)WHByYpoxvY;@ub?<{x@yn}ZH#@JbNC%czgcDLVg1Ns$&cq;!BbWBLvIF{oq z^#-G4fY&_zIxcF*5?pSai+@W$bF7A=+f5qCLD$*4L{t93=UPOb7+dI`J@;&SG}r)M z-vGvt5^}%Wcwl4)N`-*3OiC)b0GFJ|QRohljqIo@3hsE%a)3+FuWx^KRF)lu7&@TH7%oF?ykYvlG`ieBDKkXuR&|Y zJ}!#+FX%BQ>l|@ekdzvP1&U!(68>;VeRbAjP}o|)@+9J{t14?f!8KmwKo0z^90TcM zdsskuX8X@)yvXs6*fO5y7}B4Xt7!=4;>8F?=;yntHb9xI+nXLm595@QT|qeZ^P17P!^3?#kh28ivoi*e|VY*T}t<*?Z_168<`vP{O; z0|e4q$m;oZR-V~KqNgnFv1#`zl@F$ei@8dtZ>^x}{`YaU|4$N#|37|w{TA|L&^gdbvOxxjG=J zZ#hy{BgFJ#mxxGG|LW5LDIzw5;ZxUq6FkUdDC-HC30u@i*A)fW2K!HZV)%fy2~Lil z$o&j?B)Iadu^=fERZbLK50|>_o4{n%>u-WSH;+3fB~p8QUO18Am>13zyYTQQh{pY! zM_Ggb?A#d(E-909lEqs*ADU9~dsgq#Is8>NL>m7GP{uveU!vGLu{<8qjFjft0W>yE zhG)U`DDcV)6)!F~qv0yAHIIe-E4ST7JnWtB)eXl!HuQR3Y^VVoCwR)^wxZBO#%Ng* z19YWhl0pU*9CD>|RM~p49x}-NX#onQ{V8~ZGl2Vc~$!Vq$yv6`jf zZ1=g_f_L`Y%{xDebYK2B@%yzV2mK^_>tA!+!pgx4dkQ}e-ymuAGU@J)|_sQQt zyIDufe}zA+MzCD3py+wIS?=4H2<|6tJ(QBKEJ*B zhzJbd%02MUsqXB|;q8yQ1?|(wAcY6U#hzOeo_}D(N;P-o=VEL-i_Og-sX5T54WFEt zKc_0;dU;df7>;og)WDa2a@AUbNV@_~7q8kCH8mHm?@xMNY!NpIbgW4x%GbDzQ~2vL z5uQfQ5Cf+t#cF*u`s)&Q5fk@3CA+kMADpe%C5l{&BzByYt!Dr0_+P*^ICyu7`S};l zNWxxCfK#3Yr=+mj)8KVi8&@F%tPyHty%R8>_-1{WJ?1ZAKW|%wyQ|^LAFb$AqFL=& zjL`JG|MnS+Z6QRf&Yk0A(`Q$fTdGK9H+$Di?fw_5#_|$xQgji6Tr!j$oc1mDtId zS;=CArW+M3<}L4_J+r(xAEl$$T3Mk|fJi@G5dWVvFvGLrQ8j8AM2Dm}S!s4j)T`cc z@_DuW&rP#lybXw!E8g4vrK%H}dG%VZGNQ2@b)JJMf})E!ZEr@&sRtFh*(%UBgf(Nj z(oIz7TDcQh&7?;+wytg7mQ;NJ4`ZJ!8@zWqN&WPGepj6 z?~^0d!hp=@^t^H_`VnO$7~BG_CpT*eY)CKG2UKjv8%*CuTxMCT=c${%s&V^tm!5iC z|NSZcMZY1q_`~WTQZ>fBwlwU0E0n5g;P8s^=T~PJgx%$F?D=k%`gIOaWKLiIAU#Js zTlC>GIi>Q(=k2Pi_GK_z=eNm8cx7n}wp-Q$-oRj~8S#L$9dt$eV8bgDdJ;h-N+G@L z999~*J>gtGUdW6$1-p3%T(G{J>bP_-yyERX4Soym z?pj;3{n^X?FIfpw2(*vJ3XoE^F7WEvs)#1` zgsZnw%0MN?z~u{9Y_YDlVwm+oMsP?HLT))r4sXk?t?@2Tk#U)-?hxTjFuXLmA??ap z`>+0_20t`EelsEedHmAW`gidL5Z(~%wS?SC#JrR`&J(E?R#(RCYUbGtv zUJe>7hKg}>R2^y@a$FpWR;`{9N!cq`j8h}7R9C;ZSME-wKe3aV6&#m4ZV%eU?_n2Tauq00ABnZdS?o;SZr@_W2^ z!|#!A$@J&p&r;jX0s?K2OQuC+fS!X8L(L?F zlZaSyjUAet(!=IVQGCMM3iK#uBFR*%PU$CP2N67Ilwn>$SF9hlPjS9^JLR~Efh=Zo zWipesHA>@;{^X zoI522xs?I`xX*b8i*zfkHverc5NCO9e4CtY9W5i)HmQLgbiR0{+rC(Tll`SbHi}vp z;3{uUd~z(S6MG!~;B8p6dULF$khNG=Ia&lBPH~dNO%+28s#M2|BaqZJm*UGM&W{7; z_AkV}Tn6qb_pd*lkHXZzY(12*ZYAO(IdC-7DjPaoW`(XfOS9yjF037_VN_=Rb(OUf z6nE0$cy!F5QwrI1YX?Sq4v#A6EA^Idu9UfTWvXnt$$3)WJ>O=3`XI5@FfaU%^4+oW zlq^oYg4@3H_kiR6tlrh;BeIlRvy2b;y0m_OrF2>q>au`r?)Cvscw@@tZq2869g?Sx zDz!Ror@}%twrfE-`pyXCLtmcZ z-Oi3>#*zq1hl0Y>#2zr%8&~J6)z+SdSSZ5!UQqkMfTs=JsC%p+ubHT&(r+njk*T&E z>?>$q_hoSMefZFZuU|4%l76G!B-%}>{7oXP}=1Dq1;K&4Aq} z{L$*pH4dUL#>ikxuv5)dRWR9HBvQ2LSZJSkv52f(F8cm24)T}yNpL`EdLhX7DrYJE zn^;@hXf#snW~-?Z2b>?C43yX5bfwGc1uZH8u{2<*r$lbF>v!BeyVjR2uR5kXPQC!L zY!Zeyr@5b#YKBCvl3ih@BHDfIP$D^ddD^$Yf!XI0a>q08?U(91MjEx0HDeEjre=xM znxrJLlw#PW0-95?$vR|_&2fP%>=;DCLK+sjYDJD{r$|G-Qtws)n?a$Shywt`3#>XZ z4?*ru*)a?#7<<0qy)|6g0uZoc9hiSUm8fz)m*1iS1m<0fLfXx{&4m(8lY4Pq!*XUe zlNugLTA{Ii;X+Ip<|@hj_mjO*K6SGh|7q6ibto2eIuAnL%9-YYW3(#~WT)(DidFGn z1G{72*Y5}AN#RrkX zJ)Usx93M&L@v)GK|4JBM12vGAYzY$n(z1|vDD?Q>KiRe(iq$r|v%}6Je9))7N=;|X*P=cte{mGxxHTe_)~h!2xMRg~js;bLhEYvp|AgMwbjX-` zOimmMfBcG^>la%RnvxMsK^S5l(4P8SFu!DhS+|53k7cad6;-wMMF)1j>>q=s@&EL- z6#SHFf~0qeDdkZ&)i)rHK^t%eeABShNg zD2nZ9Td7U%cz&=@ zIOzvT|K-?=)#_WyH2oDg!TF8>a#jx0nWKAew?m#aj6Z9BIo+ITZQtg8&sNX8p`&AB zxuYxkYwe=Zs|OeAnmRiRTy}Q+qk+ZCD;>#<5}Dp`OJO_uWEf~92*QQP-gN9=smE0n zW!F9Bm&~vb&%s+>q^1-pc@+>r-jJpSjq;zF2jX7Knt^fZWzbYcxt8mlPEKK>gfohR zT;tF1B|Qg?+ACY5WvLW1h{X0Mi|{fBjE(^ZxEq$^Hk!Vt1qnVtrZvgQFpuTwty577 z=Qi$0PiIoxx(!9oP zcyj?+jPeJBg#_5d@(GhU9tfg|>Q~j&=dbFIeU++kCB2P=#oHHnS6%-Kqe-Q{_T}W{ zX?PfF@wr9mi2BnDie0QUXY6KdEArRr=Z}r?M!?nRvcN9gDTA3AgsnUov_kuKcbx*6 z=OxLYJJLpTgqG-ggfn=3&PaNP{ZUeR;o&b+%^UiOV@+>EtDkjsC0M_TdQ!e6+S&9; zMa{ANigC4BCj1HcA;T_$3~sS#U?YsQ!6urDf}o`w5_Lq%QZmojv$ml4+HCNfQ`AsjJ)ZuolxrP3O0AB3?>YB@aXGilJ4RGuKKiKnUD8o!=V}wj za?UNu1F^ziZy#Bn%yh{1d>#$#7#2Td859BE%`@u7Qfx zbLAf|W-7h(a*VV-Of$W!ddTqXpfM&Z*b#J!7O?e_i(y5X@|Q9tV*YmRf4-W$-A7V88`IF#9?l};EDzm;eSS%HT0$CFC|=ueq9mjex==Q`zo$z z_}@8_=t_%P#h|TCpvX}C?qu(cS(`6~q&gQH|8S<15;QV2*IHQCS!kuoG0_)l4RPi( zp3bq#p z^bf`7dS|VCbfAHb9p?q*s%gL#l9GNAr5&^GRixo$^n6o|wOQ39dekZK=S-z7=J|T- zAF_L1FwVlUdKX9Et@jD=%9eAS&!+C2xPhEET$G!RmUF&3{w>z${eyse6!1-6q+L<~<9@FETq5lFUEaiZ zH4$};?N^VD3jZwc;#}xAK;Eg<%+omf?9ksEFFV;`NdvAhTpHTBMoHCC8rDoW%t5?s z9EP_&q8vSlj+Gx(OvfDePQ|}5(;?Ii{dG+uG9g-ZlKH2JJ(*OKJNcqZ(zgykywa{o z3O$aW==Ptxt!y0{knw!?&bZ29d-euuf#NP87_Dk;iRMF#rFWYNL)I!`PA8?z@(F`O zm;ZX@iYg@fptuJAYwonT+1+s!BVY{NqT*ljtD(G7B8<38D|oUpx<u^vXhDlqn`dNGs5;^q)YtoZ3e6Mtg5cySQ6TQVH2#t6FQ1Iu;xkDmT^EG5*ax zSOaa_{)LQcatU&}leZtS+uG5Rz&5#Pt3FC0(%gldA7L0%lq*%0PB}qAWVQClk2Mz2 zs#D4OSPeIfiq*3w%CLP9N?MG4Ha@MOJsI`z1Dx7)5cT6aAvw!ZZd?EnCQ5`nQ{lQ z-{x)mtTy=GLV;?%JIw3BNA40=c~LrNGi5CsUbLfTeN-n~x_18h*6uNrY^sSj;f69H zDM$gtC3c|(x_^nE%^6xW<$N^!&RxLWMM}DW*Ld7uba>#|Vti=G^~Zr|>yEBC<0hS; z;DF1$9T8KaT*<2|FOI+Rp|qKPku~Bkoh}L3WxDNE?-)tm3-y!U1ZzS?lKZ{YFeU1m zL#nJ|!oG)vgn(yXiK5K?*b?#dY>&<5^3>e((T~&dwZ$0Q$#PS-y-z-Ml2zH|Nkd^` z^@vlYJ7~^DP%t%$J3Z0Y>ah7eUhO4EgVchTT6xnY8)SN^@$pT~4xtLXXCXtFr#9Jf zOXx#$U&*m>9k;kYh2FHYK5@Dr`qvvR=wC{F`7zqT^Zmj^rf*ox(d1WIaq%2Cpy;-< zU27wy;QA-;Iv@k%;pHi7CogFw#*KJU2ewtD^}Y2QFVYE}8%PQr$WBtn~hg!_Lnw6DtwW?lyhucfR6SXv$e`|Y=${!B(i6^k12%C5AjVzRT?rKj4E^6TIqg^pa8ZP7jE>TC*2r>S+{ zIF%JPJ3F!NTnWE>fJmrVXmGjOi&$=Xi3Qyw@e_Kpt1X6$`;B zc1tVmrtr|U1|%{?Gp9UoOo|rj#;|CdjJ9r0_|1di?He7j9RFDY;Ut-1EBJdLO2kRu z+g;+p>z>H=M8&ScpmKMGndFo45umzqoBqa5?~<)9X^+Pm*)z^D6KPOWC)_Ji-X+U z`Gc>l?0LMzL1uC~Y;Q^M?TXB+R~im|<14n!&GOQz-~Q4xP=BQwdhxwb;ezK?S)nDg zKuS5OZ?!qls^pSpH=7GAAgak`eD{aGRF{fj29Aes=lT|}J|zU$MN*M9_kzNT`Hj<> z+EjgRvLhChL$5reLskAc)p6IcvRlAm0?3Nui zb(8^}x<*FcZ>Im`0nk|=NOX{rLW*7(*92pC^!br~I2PpTjt9Nq!0xg&RZ9vO__EU7 ziWNl$>)oXZL zP+OTDCe~K^pk6>q^o6xZ(f}UzHp1=O*6P!PYq@cZPz98TrQ8#X$NkoZWjSyl2y!Be zB=ZU6MU3{FX9&K<);636qj-Vn7kCKAuDA>@lFabBJaeoASRG8_(8nT3$P(Uv`WWes zTDg=?6PU-fT21JeZY!L^HH}mS!f$jT8>jW>z7;N6rij7wGXh9dltItGf2uCJobgV@ zjGrqR`!Tx_bO<22eZwTB|1Ld$56WMwpquNS_PRgi#kIa8XCd^VUCzmoH!E-)ys7T$ zYR*b-c&&&Q#jX6G%{7BMycv-N8&oebOmg95!rKNw7uAEFHA$Q4Qi1+F0edt#A-#vU zRDm~`;$7m*^vy^U7!_Qwk5QIq3;cPynZx+k5ok`h35wVFyA%lC8}d4Ny~uO5^c!3B zw8aZRF?V{6)0@+tGP5h+n)a3-@6_uE4_-tL+x+Sah3L}P zcf2%?9!HIcZPLXqaDHiV`!Got=qExap&n^6n-l z{$8GMu3@Lm$hrE_75+)>rj^oVtf@1zsln#-X(`KdQ&cpc;DZ&4nM~Hf{@DtR@$hI| zZLuU&DlT4~1&fzBG|gxrJM+o^Jh)!qb0N>CV#8k+>7H6|Jis%1WFd*a?aho}`0KpB z?sQUz!Rln};{f}LPsk>%*I>1x>QTXGQ+eD&CbHo#PIF1K)>$D$XLzXpXU$aunC`reiPbr8*kT z;MAB)PBHvkche-TJf7YKqU~}o8L-lL>Q7k>L0@Vz-ZXUFfk1jC7pP}c83GIt(RH#O zNi5M7)j_%+kHjm?G=av#>DGebRO*Id$?r$y5+0nL>B@>l7x&=_^%1@;&hiK{@;83R|Lvu=Cgq6-vE;_6t2od>GW=VH+d$G14m9Qc@XxkIf)vi78o zBg_8Y6Y%^gWl#I{?LemE#-x40%^zQxcTbg2YL1uW#kkH4`gxwi%ju3d&ZRy&CmFDI zf}hFU?UH=US!dNgDFaGh#|%dMMr*b%XNltk*k|di!ONxx!(Y){WKwO^jxH-Ycy#&z=t^r56Tevx zJ87JUA51Q!tJO)(sKgHO)W#e}AWGWE%V_lt6ouuJ6?Q_;aZFkv>~QdiTq1L5RcqJ* zb)>+pHHmTenNv)bnopq5rys~vU!b3R<`1Cw`OUk|{aR^Dd{J*qPrs$&`q=^9nP$th z9Rc>pDHongmIE-yF*9pv=OBBKB0LMuAl|sS;6NZf^wdV4+faLMJ?kl0#U|(L_4U>P zr7vSW&j&1zl6K)oU>+VYwf6$NOcp)bf>YF%8*RQ{WLS%-5LqQUy_{pX3vOAveyHJK zu2WhTiH6*#9+5{JT&k|olHRKOc;}l+vriFoq3wyfvh%oM1(&-f7O|P(<**pxkGS~X zx?#@KUsYFKTTUiN3VMYm=2)F)tS{m~sKT<)g}dIP@DMAExNv9ynC)jBJ&pejRE?8z zI8XYzL}zO9dK9tsz}O1mr}&WxT#OBOEvxLW_K}D4D}Ro6Kq`a06ekfTY=SU&k(zY- zh~2vE0<*O_bz7EJFhxm;YD;G-C1tC?hP#{@AaP;n%aBqM#Mr3!PBE4@!%3HnnBHH0 zTpdyEUbC-pha@nZ9bdpFKe1nM#TC@cwy8dVdjgAu5ks^>3c|(B*}2ZW`I%M*IuqTa z%r#MCBaLovkbzxC88KPfCQdSP8GYA1CD&RRnd~wW^!u z*%b(_6KTrhCdLGavnG>6&8B$kw2`E_il?BHTVtqGg=_L!0kYPNsIRhde1k&wsn)8@ zHPBwV-~=rZ5p0B)I`>w^J}bFsOsbBwIU~_mKuznhX9A(AMClq3v)y@l2b4`2LD{o@ zv(kGj?%L6+tf1>(W$6M}YSnei?$;!_csNf@iB00Ak4it|A+`U3iuP!U?d!?$zXvHa z6L$Vo=tW6n@o#}3B_XLqsc`@AuF)D^AY~*-tL9iP$Sn;g;K2D%Tl2e@`0-@NsDZ}$ z-|17gK5H&osw9;40IGyW78GajcsVi%K2eGI%9kBxs9d6;W4G{QSU@4Ue-v~N7+yMK zM^x8%M)AIh5)v{ds!OG;bld`So)A$mE(zU$P6e*wNGgFNSBwJ;2CJYBxeCIvrKgxu@mjDFB_p#_?tEyyGE#R(PX&Z8l@$22%HTtY zfr}M)QYFR1Ae{`4AZMd8wDU7ny!5w5vxEs0Oam_t0b7^y4I9JjWHEeA%LOei2{=@o zIC83x0YeWGtF-wu=966)ZX$(leM8P&)cW;Pi86RZIEt|zGaw|CAdjBu7oX`fRpKU* z`;(C^T_QZCnU0gJQsR=N>4m@<5&V@x_Acq$FG!(g>bporCOdSe)69Lc;!C5n%Ybpn zAcUCJ_)Z%y@`$1C8dbEOFr<<=L?*q#1*9w}CA_I*h}~S)jt*~Kqja%MQpHIfW7K)nDpSMv8Blv@iSOclhQdOOLz z^@-TTVmM!-Jsp>aG}Y(2SBr%5m&10YY^MixkALss=1GEWP`K*pjGQ2slvRvUwtv&~ zMdPaafz2tVx1s~l55sQc#d6v&qhFWGEFa~^|BSZ)|8;tyIck z>pbpuAf6FUp=6_T-QC30*iHlxhU@R;LC&%3MO@P6h$;rlCfD1rQ07|HM-I=t7-dYn z+i>ty`bQ}kmv4f4m%;UhIoZK?VM{+pL*#fq<543iNPh4fgE#Fs>WaSv40<$h&m?|J z&-!)KOOSq)M|xDY)xPH}?t68TCsGZRs7ATRezT8c)kHekm$!AcDNp_|F_%7@Yx}L; zv9N~&No%`pW230*Fr=p?|H3~uj&HoGNZd&5@g%j#FMHE`2IpdC{Q7y_UU<|I={K5_ zwdp}lP?`$}Ro|(GUf&!xsJb4pd%DimE7U171d)SD>hafK&-R~Evvo*v_0cVgYz_hf ze@s(3>(~b17Kg#gOEWzYw^rUdv~N0=CEhF&-U)nBeKaaGw7ZtP6s>t?(dT zfUA{wq3NMJ$9%Mu1tL(A*m=O3HIuAgFaDq^aKGz9+GhnVDYOh}pboRy{&j@FmcHTQ z;^QaXI2`WUjJODHq=Asl&YKggklmB0Q+ZQ;{*omg6JTPPwSfuc%c%5xG5UH1mmq0{ zyLn@LWk8Zny|ynJF{JEnDpi?9%XBqV5OS&%@sk`nl*wnUKlW?Vk(5>THSwu8M%^;| znQ~a#ErXS}r4qUgqi7QIz~dRVb0R$eo7$e->y8zBzci1lv>hwwU>P(%FE`+shSSyP zzi70MSRLvgSk%Cu-YpW&o9LaX$gzr!ECRWO zHk83YnaPzLV}=A;h`|eYRYRA-E-}`OW2~|_2hx6QO2!ab3$3S|9#+D=)Yo!!tL(D> zdGXOz6UEN;9C?VYajmAEB#yMX^VyEoq%kareow$+*=(wJ(A3c%v|qm^+&9URaqHZD zhAhNjGc_mUaHRv7*qtU=S$I#$R&CLs}x8Kys_dHGI!sz=qT3eyh`;@4OA;FtH z9lYsm9VvhBWJ+R*w^bKJ_)5#^Vyrh>;!3j`x+afkJxYO{I0O%aQu6m zUh}qA>Bxc)aU3J?hVr`E2$f#K z+4=AL(MLtcvKz>TV~U@6>LDyx+O!ljEvkURi1Plo|KMXt?@<$Yd)AR2D~9-uK)h?z zJ(3DfP7T@Rp~%PM@p{^>L9{zFT@qZequjC>LfnVG9CG>yZddoMI;Il(6meEPv1<8p zt%UTKA8g}7iDZ&(ft{wTn!9qP>@(v9lB7|AKh}M)?%S7+D{pQttBmyE?i#}&g5HrX z*Mg)zD`$z@_rh@*zifGHcU-n0sT&P`BD}qo_>O|Ot#E>Lu-&j-U~ z;su;yFUjBykDh@m@e!6vMu#PL(B`NR)VQEn0jbUOUvZ?v{`Qz&njjDM_$$*bk1-ce zf6H!yEuYVxWi@j(mWYp$!W!chnbmJbjb;m{hCulx*Ayx71a5p+%=A%P2u2z(bwT6B zoM?$IFmqhnybi12hbQb%h*V%d2rjb3;Uxx>M0X|PmoM!i%#X2#Ck>*jdh+f!>u%dg zh&hy}v2QwpQ8l>Oiken1QxcB}Dd;*e6*&|ZUEgN)<6b#pq*QE_7XrAnm!@|?J#hWY z$xM_SFAjVk2kqXMR|8zRW|jbEB~&8t0Q)*lu^)VI8Hi3a(NgCP(_>k*QvkNdN!mHH zKLf!RR~u*~5^V1Uw0vjGCv|?yZ9{~lO@=Q>eGA=(SqNkpKa}X5+5%6nAhlTGYKAWjytQgCrsriOIs)U`A3}~b# z4sm|m@fG|R)d!aaFHdJU;p~*NDdYWv^Pq$Z>}D>%pTo8BbKdeA)}f_#uXhNeRr{`3 z>(JcQ%Tif9x?cb4;~tA*Q|WHU!SH+{ME}k2i%_x>X(-Z0bp5F8>GB31c~s2PSHP4pL;kA?sBAmHc7AcwaE~anMXre=N ziSzdcJjyLAIr=@}^ir^?Y?r%`p4EhR*Z7e+>@vd3-J-V51DPy!8CFniJeez_xgtHQ z00AWsTn9&Ya>7XPD(IPecs$MQ%L&o&P*y+XEM+N!<+H8YmGY9cO(Ua^8im=d=bVRB z)cQzTddoJ*bGV$NVlWs@g=0P6g55SA>V;EKA`$aNhX%civt4I6{NHBLV6a=wu++71-j+xNzz^$D^59jxFxAv)I6xmdrbH zwXj-^&knBT`AV^cw4=hFJ#KV4R)M%&E7;?Y&b;ZI9SKtrT*cvgz^UJ=>Od#V4?elI zIZu_Uta%gkWEfZ5B3;_p?bBAN-|NR~Qc5PHPq<#om9CJ_U|k(&3=~-9Xa%5VUmWr| z{O3FksoN_0^uOqE-if0+dLTrA=W|qz;N$ch&)9M;yF(L?RSIpmr_(7wBZ?E6+<|5H zk?w^GFJgg8^kh?}x^4ZqU?A(r$evDbB`&(h1+mAs-v?hu{$Q-cq|SxP;#wbt^}0#o zR~`Unh6lMuTFd}PT|qkHoyP~*k}%eU$qqBNkyn7cX;@I!6HZNnT9NdG&Cb7A)1@DH zFJqHj=|AH@^?+w`P1;-FFjF_hS9gKI_m~~IJ)-y)o#atLlu_;h?|VaDD$7EDu!@dHbgxpa!xTRo!RD^JjKU@A!e;gZ0Y+M*JTD^i5z>gI0NKlqOQ7fNJWQ6P=OFk)(jK6J^LND6QYx2rwx5dGET zS;3R^B2Kd(Vn)agTH`uelRscrEGTANDzG=iDO={wV#Ojt^bTr$VWybg>`#mjWmy?w zvNWSoD88<5EHPpMb2S1D66PmeXZqjL>%eg`^^$->iq{El_B?9m)T(KcdXgNt*rHF1C7&L4nXJ%DzN|srW?~92QNx;uZ}l$-kxxqLY%1HX!k1r=dG;t zNMbV|tBZcTQ05S&lb=no>ypP6iQAvCaEVSEYHX}xhMxkppfq}NxBc>>WF5VsJEIiP#b zUp!NAAQS%5AB)x*;GQcv+aj}Odj@8aAvvN1tkCLt;PuV0$%c`$7u;p*!D8irz8jCpdFxT( zv(g4o!fgwY*JF&8&9Sf^-oDExhe2a2*J-eFNQr^-OnB`-XA|g1OFdw-QRj4As%v9! z84q+sb~r&K@~UaV+nzSLok5bDZPm{tt0b$Psdy|Wl({R4%UiisTO1g`#`1llw@5H- z%~raSVmRr&1o=I=dkmf9-X+29TPmPp81ggF|N2-9C}X)RC@cUmj+1z$vY>**;~P%W zA7;R{v-dO4zy@4Ye2vz2krf%TjimwgsFT(r3ACqX0);-fs>B8lb2mrX&P=yh4D9Pk z;*dIvi^Ge1lX{$T5E@wDg4Ho1$=j~5XPSoLo?pfah$BUkhE)Bgz_WtUIWCpWZ;UsO z9@MJ#$%TldF&voQI+EMv;MG&jM?DT?oRBep0G5zs{j3Bk_xd*!FMA?rB5Kn^ zU+%{4i=;*hE~)qUfq!8=(uHnz-Ahd^jqYoGqx*ye!`(l7U?cHC$!QJsi- zWeY(~Ml;F`I_Y=LVknyWj42w?r5zZS>UX3Pvv0B*W%W6@0@tOftuNl6{9Ou)uA+pV z`tNDi=Xl)KnP8tGmPo}#d?c> zI+t)`lx-y?2Mf`j{1RfQ+zNRIz9gsaGeO_sZi2Iuf;2r?Bj7diG>C8sgA;(*L*w8q z_7b?efz<95yR#wpqabP0O-oJd51O*l+U0Ws{Crpb{gV_9dKo^w+cR^lHi5vb+z$U0@O2?v?{Mt)9v!`q&JHi~^JCV}M8LUJL zyVAFd&~NMK46)e(AaAbiVgeIVUDH?0wJL@@NBUs}0^wRrLZ)w?y*ZXfaXCD!&mTR+HHerUXnMway5<`1 z#T9<17la8v*E`yO15on~kJim+ocZdM%vthEXR9RJAo=5edmle-xYT^7lTDMu$G+qs zQ)@adSH+JwfQD5jJhd(~vmuZRAiaRN7kG(MbB=Seso*^B@h*A{VZSe>&<*$e{3M$F zD}q;XzB1=y`2Qg9&4ZfC-hN+fS`ir{GLLaa8D*X#`6-R42vO!aA~K7BfCPz&$~DV3EQ>T zde-xNzn^cVaKJ{Y=UJa@PE@PDV^uiQm0)k#<5J>dVvoc21!?S_7$78R4mP&HV_&J& z=i0RODw3-U7!{byU5=U5DXWa?DtRu*4W%2#r$`10W{q-K!z`YUaJ zMRr3{eJQ`@lN{iRhJkbvoD67L?66kWOasv(dvV(YV#s}{mPbw!N)t)gR#Xng6>9Fo zqn0stoE$qYK2J9mB?;(;!o8y{fP(VRg(5GKD8oZ-BgET}Q*qZh>iQ>W_9fV!KYFYS zHPO3H8*r@;=O6A(Jxf(6FW@!C+zm}6>6hP)dKBtHx$)q7%Qv;Hk|;Sl<&wU;p*ng8 z6Jo!qjP^P8YV^5^4`qYw^vkr?;z^jHe*dFIipg4$i@967JnY~#@^e`)%-C@0s&D4Y zBV&dyUOs^D-)&5IrDhW5aVkhQiG>%Z9YQ8Rb>H{6{V=ya9w3g3R~v3v8-T+j5TD6z zA*a(+k(Wa~BWSq=tQ6H7S_EvOP1$u4lA+Na{csV-kJJdgT6D0BVpHMeN1!>NkB=M6 zZ(L%RmZ78XIRB&tQJtB5=q<%j$#aamU}6|D(u>2eUbgu?buIQMTV zY>5Y>?bVZVQ6H~d8$7SsXFOmE5=@Z$C2fQQ3QR88Mi`4vhKxhzU zCQL+RGF`g+O$HWu<*9u^EzLT5()4O!KZr-4>n10Wl~;3&IG?IHN1cKEL75za-?<1V zNt3+}?hJPg{gDGm4j;EmfGzH^rx336_48a?CmGN4B!OSGxaS)ob@sK=5^%zD-4Ryz#_}@EA0dK%~$foy^ zl%^<_d*z9``4xN76Ya|IRt=(_LTX^qhi^SWSI&7}*SVuyaGq3;esU~P#pTKp@muCS zYSU|_>~>jqd3TwVhw$nGkJ!MC?;V;3osLYB1ThlM7RpVs`-OX8y<#}NhqM(r%C|yi zXsEPpRWPRo8u3F*Au2OobTbuFVPHZe_7Wta zM|drpYh9{Ux^FiV8Z%GYV&OEP5yyyarfx{ET=!_E7Yg+FO+^1CEgMx38+DYQ8B?IX zamj4VyvaP{6A}s^uvE&H2Z_jv=}}WB{1v?|h0Is}e?Y{J2>U7SX3Cj{)F`U%{ZDVh zK$iUjXXyLZ8G2-Fi+Q&nzuALf`Khk`v9F(us{9F+O_9H_Y<#Ds1pd z8~UP^Z&JX}|I3hi(DI4qW}z&jgL)@P;gq{*;qdL8ORouaL8=>KTkx7CK2m3D4GBw* zmZ{s6YJ!lr17gnEM<10MS`5j+CjtuIFkV)fp~}viH)I(+o7k0WS&6;;bkJH+^nPDe zoSjvQGB^AqQfDeFb>HFRigN9S0r6Bb6r4(ofx?-jUpF7FmT4^DHOOJwo5r>qmIC6a zz#u+=w~|w~i|Wk1j&np<@zAt>(uC=?*_7(}>C``X+5jXy{rOziGG#hWN$su%=JSvN zSF%Dh?dN+yWxR3Z9>!M7bv_W_Z~VmeSFb&=-q99}QP)a%bU@s>n>FTCpR;cKIPr9I z@`3jjHd|RgK4Eu4-+BT%D4IxJU|Tjg)&2AuGFog43bq{pJq)le%Insq#Aa-isZ z_;{*Tn_iuHk;lUQ)V&r@0&aR_Up|%5JIabS-Sw!^VjZn~j=!gX`(a`7<)OgVV23xt zaaJFFAuypo zwK_e@dDcaLR-A7i9&(_-@pyS%*8{B}AHAAhlOwChB13S(z$G(Zg&?V~3JEpQc-g@R z`;r;w=iQkBTH~!M=3cI06L&+8U-7-?SwkTHEy6xq;wQzgGeIR5#2FB1l0#8%E#=}s zFo>g8tD3dSU45svz4cly6WiBSmc#Eo^xO=hrwQ9v5{3DK!Y8^dFH5eZ{ zUMKLPJXvuC3Iv^_elj4BwB}h*Fb^#?NA%2hsxTkWWd=Stz}tqlcy-vn9DLs3XuI`U zl`6dw&C}+NhdfKXUf<@aJxwNdj&j}VH5u)r04*+s)N}Ca)55>dXrlgxn_oB`g$a1b zCVC?kbpqqIQ4F^7efV@~X&Y$4=`(%pdB+!ien|sA`gS&fr_^FMc4;?kLbcxabofgr zA%_#~aoIRQUL0VXgK#JEBrn3{&f$p zW32Zxqb7py2Flbc7IKfs-o5g!pg^HY!5b@!4aTQii;rS#9tvLp^mbg{FFkzyDI=~i zTP816pb26dBY2Tgf(y{2Qmd!1(rD|-RyNYltEzyi7W<|nmhTEphpqP@4W~NGZ1KB1 zhmPj2l~GE^%Q1h8WF5BfuYo>FV>u5-QK_H?Nx1IQS*6dcNqFx=*XW7{Z(z)- z4W!NoG!Z&YxOW2%eTpNb=1E7n8?Q}%=GgPOBd?V$?|!rR4n<) zeEYS6{D>N#FqKk@Ud-K!eE%bBT9)5DOT#l6uC>57Q){Ek1D}!{D?g{M#RnC>cj3uT_6<)s()ue64_JkD~lQ z8-rJ29N0thpuTc4Ma#LHWB3@H*#^-}9qg=Y_tpQ01fOVQ;RLybo<_eol;qXWhmt|! zJz?Ljg68rNQ%mX0GqUV3m5-lqT8~$EwT@Ti1xJL+e;oB=_qBcVITlgL?E72fTyyTf zPz*ehm79K2pA*n_>WffeYYkrVU}!C=2= z5Ne|lJJ9dZpV}<`TV&Un&B9H+8`vx0(@f(T?AEfLdTo$zi?OOhoMyj!PR6P(i+LSP zSc;R9UhM{T?byil#HdH}vzCI_^O2YKg%d7oJ{$SyPp0_UDT$4YiJTSd$F|{@z2i2t zfpSJW#9DM%K;{F|gfh?zYIFNa_}KI|x)@3EEz-~Q(}3MGbt8ob1)iNyf39kehWd50 z9$+k~8mL6}_4)0EQJE`5EMU4I;Z9>~_kQ#A7dGb(8P1}+M;QaE_c$?wuk01mt5Yl2 ztTnppNS3(@#z3L$=wIwcu_T{+3B8TC9P`fw=5wy0pj|byqB64f{8yhj>wXue-PYUG zTzPI%xt(lAoRM(vOG3Dq+oNzEWPIe=RaNEUv-S6b%(H(x>>tu+%-w-d9c88Pg`?z% z$24_B)NAr@kxP*&rF%Dv1u+#wmo%>QADp3W3_g9@ZIX{mUqeYu5e96>$Uz1mI_i2E zD>Ap!wEUq@n3J#9Ja%h~zT#&^nk@XldN)*19KanYIqk6E+WoQ=cp{owVb6RWUZqdf z6K^+Vn%7fFhcJsOBlYAS*Fo?;&iivy2dkqcm~{;c%BkXf?eo$3TIZ{|j!Hw}_v;*V z)YYW%b_baZi_`$S4OK;)bzP$;Nm^+z)^L7g$S-^--{r5GvmVnO4YlI~o69qR>zOM8DcP@9e1TZ)NxhSo5*2f`~>(7d*wFQ0v z{o7GAV$JbN%X=8MDC?dY!}w)W!qosr=YfTf9uL|jQdpdCZ+XFYg6tJDDhm1GJi{|z z3q)8hxhkp0To;|Kc<+XiYW=l<>gc|8_}%^^lpMyV4j+(_+QV<`5ImPj?GID}$LyqD z_g7fjOu{aW&OO6G%m7o#7dZgOaNE1fvfI7T=`=;)aC^3a5xxN@iyIAGb+q9-y|Wl7 zGMOAKflpJ(%hiuXiw!}(t6;jUq1-Y`+G7)Mmeqn&2yOdW-qM=HoxKmM*yltFWy)*} zEA0;DhI$`iIRWsQxluCmvNB8&m~YWpMp_9$s;GPC{}zc)?>VlN;gYM-WzN_BBv+tn zRDLrJ736s}A@j)X>U;c({Eu(1tu?J-++I-+GlrQ?r8`Q^Oa`Lfxo1|S_qf+`=oU?zqo{($YFL*gowu zRne5}RN`?FOs(^^GR;4}r2;(s%f^l!V~Yb;FOAeTw3%j0SKj&I?%0SqAMNiqWhUx8 zDbdiN+&fjTn z*{Q|O1AP_wUU7%dF(%esfv@N&E9x~Gl|;ditgFa3Ump1(^v~C6->P=vJXo2hGEzhD zANL5Uqi@A2;#IYFcJuwvUU4B~MOpQybIkq-FfR!(hzsRBon&;V1?qIRU2XQc_&BgZ zyY}8hWg#cJR&mKlhseJ*K*?m%FJ9jV8Li($a2qEP({KIw?HIf34IxGD8F64Dn%a+t z@^Y-z5pYE_g81DM%)KWbo=Ry*p5H=KC1#3rmP;lEMdPWG1;ULKXK<( z>m^+;<0DE{pIv){?s*1WSqf5=PwnHt9btq)KVQEpw0si4UZ3MO>ukg7u|{+3+{Nyl zZ@Q=Ea`-|cFiIWfg}O2W8ndQHS^oqoUm_{Wq&1{4{r|yWU?wG&4_yd#s$GKb`vu$> zY>XT8l?)P9O<{3sTp5!TC%;!dpZ-Ub;(zr}h*^dHEwaxIfI`n>rO5M<8J|V}{4W9T z{|PDr?pT$54H%jo#5>J-AeFvfU$OQmFx z-UCe)LJj=5=76hzh4bvslCU-C_44U#*u~#QQOVJ?s5~o0O{a+vteM7g>kjNFTCKTY zI7oYWz+hH&x7o z0lNhSJb9v~N^z`LN^DuYP-@!ZE}*h7rf9L{ zpzn8bRmG3r-OD~;qTF%9u-?mcM}}K(V2IY{UnzIDnLC*v1g zaIm$DwpWQLud=3fZU8cdHsyE!Z$IjP`@vDAm$4TcrgFdV5^M8rfWY&M9nXrqGd@^L z58r)Z{Cec{N4F^#g{wimkIy|25tIK>g4;$sTCHODeG6v^w8p`6}Ham3Etn;Y0}dqRd<)3z*^KNGPQQ9LUH z^c$jx1XICU8^ZVMix2{sogSSkSD*ihggZ2i>)5W9^pzy6+y8am^P!okV!T_7($txP zN!jDfe(mbjD|kubQSQ3|)PsvY>I{(Co9tSkh`u!dTqpj*rsGvA^ry8--<;#3)@p`} zvm9M&98vG@;9k8JxWM}|3hWV< z$Z&(hDHD~J>M_67y^}5O@5_DxD_BgFgH5%TK*E94Bml8-=xTWe4`rF4z?AjeIMIfO zlUw+?lF_Q|tt#HIVv;An@N>5IgLi0WQ1PRAOBeS)LRA#KQb)w=zeJwva zA?LTstiBDU$;Y>oU3HArj=a5ebo-SzJ)A~3-!842Gk><{O^Mey@X#!d-`!Xc`L`GA z12vvQmKL0XQoA^K1y;>FLNIeew<`QoU1b5c(# zwiZ-JYE)7j;;QiV;6Efj+|&eGH8|@6%kjN#KM2+`(btl{8(*36ko^>F00;Tr;u$GE zdV8gMyHtL^d=Mcz5D$d#j*K5TL6zIgCwRI6LDpH<#x>ocH0H>s^?R3G#hsa4?Y>e? zDYx9c`IdjYA2BX5J2uktO5()R_EF>OinymEu_cxx22!91oSzu>d^_dEr0ck?7c{bd zHE0l53#+*4+fnDXPc?%HcHLmSd{%?Ed`82$*-8MpcvLe{Yc>(5<>-88@!%9Am2tL* z+lZVoF&}35hk$hM`4fVc$7d-jF4cX@G!N(O3r}XAj<2aTf{PM|O+;-6XOz@yNg1!eWR$x$FszzDzJZ||GsIEOREN2R}d zC+wyBp5xz+Y@YvadA-8h58sm*wneaLTD);7;V{4s-m)Y!9s(JMdfdUUz0X6*L6JEr zWUhszE}DT3dCx<&sEZ)KhuQygeV8G(sO%IGX3)>)0j#PDO^P%~+m1xSvl}NnU~q)*&f#vdu_c6Vy&Z7Nh;(^su^YQbhIvc0y2B7x{DNYph5>kia)a*b7F*e4nb|$heRYmWImfQ@Ji8j^ou~8hm!Xq zX!88(p`Ty-y`K#eJs%-|4uBlih>OqOc>e~H4x>>^aY@f^M2Z)4qUHCjO)EXV04WWcO4o(*kHqw! zHz5C^NQO?~r+=C2ofU&!b1BeD4`|o)u1v@DnE0}$wWe^e zP5pyY={|X;(gS^|Xo^J8k0$|H{ehkjzJAf<>!JB-r68(=7<8$55Gy{Ea^+oxR1(kP z0==ctV_~g4XUsIYbgCdakPWlhl$QjQ=s8!WH(tkr=AN!@ySQqUapO?i4H^M^L`w6aD#w?Q1bDk`7) z5;E60;hM)mq63KsR4g zs_MReJRICgOBg0|?x9D|R`gZl?LjT4{zUT&1__Qj~1 zEr)$PR4)Du0GiwX!||FHwS_gBISmqo(+&Ylvey;5h3p({VQ5d8Z`4;9xY&k_R1ItDov2(I2VZ&?W$F+^@uFcoD=S6V*8l(;!I?MN=m58Ei$2 zwqiE;{@VJPWs)SdaCeYch)D*d99~a55(}!4p>wEa2`}pMWgD#zeGKioVrgj zox3zr<&ECaA)Ea8lR&rRymfO{?vC6*d)XVFU%UIau+F|DRO~6Y5liZGV{tYI-GbNN zebag=Y)-!W73{`M_e}%5Kz3E%wp=4?SXI4vc%Y*!&1lCx3?^E+)cZDXE}eUNsz6hn zAr~W=mTq9a6c=B}fw9eHjVnDXdHAg)Swa@b=T^+&!0zdBc^Nbv*gc7A6$!iZ(EVJf zm^)Fs?GLdulERCPV*)>DD2b#ah`wX$AXWicqQbFQfmzvhx1-Ne4bPY_)97-=X(l9}bn4RGrS`Ma$3GOChtsp!-%^FHUg0I9Gu_C z`O)PsnB93X@|>=`xNLVtgX`W27`qFC0TA;_`#kf%EsWiDx|shGn$ z|84C)`Mi5Y3WEb1HJArQIOk&nwO#M-(MN3(xpsH>F)Pb>#9<&>iFnW&e{PWWEQ!gh zJ;&fazFU@C`QozgH{FuH4_ZS$^+@;YWDSZ z)1z^RSuRPW+*8aSnmegJh7T?-x^;KjE2lEg!&6s{q?Y-I&*ooJ2u$t0Fh5$adL9F&##cMn@#j!T&f~^r;Z?)Kd>mVk|H!i5+Qb9C+R*1=s`5cT2|DEu5ThR zzzoFbB$aR@w}-pa_S0a!oa>>{A+t(Jp6%_WyrY)FM2C~b2J;tZ72*D!HV10+FRs=) z@gymhLsx2$?76)IpWR=Y$16K;DG8``AB@51>TK27rj_I2;+YIJKiH$S>hF}c;)v&p@zoWVZE|i8Zp^Vw3T-U7FwkP?xD7 zV#naTT$Ag^4}D4uM{oOVx%yQivEg@B@0$t@y``1~F{ytY`QayaWDqu2a}28fsCJ40 za-^jS{r8t=^nLOyb$!4$q*A1gJ8D&48dXlZHAiV!+4HLG=NdyoufAxa|3c$EE%PFC zO&t=hByfE30xbSAS5@p*f8blPXYF$}oj%cgVeo6-cz6 z@ekTm$fN>1u=na&ARIaUqw}wd+nms#xFd*;->w4v48&Q~#+VUgQp0U@y>fr)nbM-){?R9`ISLGr)s?)qlI9heWxdxvvC`8w?3h66PeQ6{qLSCb!pS{a%O*rM zSUNXSC+7pQV=6~SPhUMNRW{Qcr=Bu!q(fyDdRsF!5tuZj{qfoU&v}{6%;8%MT%deyF7!6R{e{sx6Ji9>_3%VF4$y%NUwRC_7^`rMi@d?$ z1*k;F6lcdBo#dMJ>8H}wsG49~qW99}y^sb*bRh=T(GxT8x^{8oME3 zS3o5|c@?cc`1)I9tZ$m=4euUs zM`e^}_FVY$BWScYbyxx{sFj%S3BLiwB%q5JyQ`@*b|rb_r(~Jc%Wneotu44pUEmzRqE z1#Ml$)T+Hhi8A&W&A>XP>GLeNl;Am}5jQPFIiVkeg#S%HuCz6zOf>>;xlW z`@9sijL;-6b9e@fV~)jDOc8O<#xSa|#2MKA=4FgcBIRw!VID5^XI}C$Y5#n6-MfXW zoLj+X@ZF@1#n!?u&SSM^&2&{m$_ISB)$p1+wZ8t2|>uYp+a^JH& zm!>ku=3%`xbvu`~2k%4M;@x1J&Uy9kth^bk^>Ab#PXfO~a1!}r^ADbCp42hERf+aV zh@3|Zj(JG1UO0834R!|+u-l>bbUuVl3%))3!M2{jT0LrdEaJ+*6{qQ|*`gyFdf^YE9c-6^Rl1yT65C9^ zCEOZHZs|{_=@71sa)R2X_l9D3*6$f#%P|y2?p&1ltP;`Hm6}zxpu&Hz_vEYRLIHj1 z0{@ulwFlEnUU9TL)vrRfWWnw0qnjmQQ;!H^97o!DWaZC_UUe#RKjXgSLGFBVuE6S= z@Zi|N5h~U{^1q1CrHRhmP?HkxbIH@5A^SXq(*>RpB8|WN{Ok3WHw2sYdPJ5V;m(*= zxWij^cbLGO5?TuxUCiIahv;ptYGc zr>XSDlDICt>F>WuJ$}3m-3wxT*8>nfuMpUf(V18McEj2s--UZeRyXLD6#^g?P+g((nM|okYCn$zN$Io6Y1PvJx1LxAy}@ zhTz=O3DPdYKwlA>(SSl~h8VL)LiK^lLi{VkG)XT0E*NUyIj+piX!iF+^W z(B9J4**3ls)ILnfIva(eeEyH}8kMb2=ai$LTIci8y9j7Eq^u@Xg_0z=o(Mf>c}+Ax z4SeZB=sRQf=;+$X*zh4~AdZ!9MTvL|^qV@foS(I|D#{{VIv2xhL-%&xR!zScC1qbW zLs<`RM^bqDDUC=WPr8Y(za5zr%1;8Rxe+9~o(u=2lp}*uM<2ZbtPnx~_i_X0d1yUv zJa)18IRzGJY;LCBT3=XDJ@M_vRtYq62(?uBnDBLl+e>sDyF|4OfQ_6HvzWws!4c#+ zm;Gx4OKP8Q2gF*r^(Ru?K#*`iB4X-uNYlPrBdU=K_8OJ37aT0TTRYlA|8+E;i(giS zy!pO!tOzW(EVqton+VzTUt3||G7G-WcYaCIOvVIqpIzQPVZ7MGbI`U^EN~l{_Sn$;8E=p!)vPJV{0ErR!eLnm|m`HYs?AgrAQf=pGTBU zCGzOG#^BqLwjlMOnO5v0WP?)?Kll$WGE$nrK|F)+Fm1SVIcqD@p(Jr6ecD)|-93Jh zlecqmd23Gns|{4s%qvR~H^^-H#fG-v6nx2A9Ky4Tbpw3q?Xd1-+6S^Efo%`14=1ed`*B>fYnHA-jhw zI$AAjr#5TYgCY~yHvOennGZO9Vto1aA&bF>j@ zbY@m{sNdccj8!~r*<+$F5<21Zw@5&XpY}M>IYQ@D<-E1@b+Xg#^^n*X5f{d)a))o2 zlB7s)*kVE~fC})r?pb)h4(Mt{XeHsf%{bA5NBj_(|nsq=NZfKlout5jl-0{*X|}jGvsYpH>Y&xoljWKNrH)d1}84471TQ ze~YZ2!To|f=c%z}*Cc$!x=FjCv=l)=m7l->X%FD9pu*`p^<{C8ZEgir^Q}9Ih|4BC zfrUfmzWPbC1LtmA-Hf=xoA|)oGD)xk?b;$@3>TZBVLB{4^ft6etY^{Q!G@OszfR(@ zQ@ti{)S0NBT8VuQq@H4piO{_w=y|z!%fC;V3Sn{zR@x z9Dqynq4kq3uk1Y$XUYtc<(Agx^{OBRkfo#7BCgJUjQmvQm^*rM{E5yDs~pXBAW>Vx zZzrtuPg);=amhq=XnN>m7aX5%eNcc#hN0ViBS%SJBdl!ONAg&xG}_KWmSt(>W5#A# zcm?8iG~Dg>PhRh!r$h1ZTnlxTCEtAxQ`)eSruXZHK0-D=;H z>6}0DPq8@y1I-+&6)eVjikO(7Btp*-8e9=o_#1ku3`znWA)!(-;&_zgh1aabP+E_LQNiaIR+FWuXf3IP&}vLS}V3e?Eug z%Kk}ccYQ;Y6Ka0VOS{8EXRqQ=fM|lmPBY^bzAH%Z>&c8h-fQ0M+Lo4%)L@a-dNhBf zS1OTjmWd7S((ap3#43XfY+coUunMg_7uMS+gff$}hgRQT?Gvuxl58iIRqV4)uAE4# z4s)K@Pdwk*;^uHYJ^s<9xeP# zO?r%88Uk$y$ENW0>)!VCR@SGo%Yk1p$gc$>4C5ObY5(2@(ul7nxGyhD+K8y?$0n2tGST+ATPQ(4iUUE?D7N zW5_f*6{8JA&Ral1UTQoZXZO2pKmb4z`gS}kxp?c)bVy*1h%5u!*1y!xTZM{4$g(ys z__&M$`nJ_9UFV)zEVN!72-}<;2Ico7f;MX!mrm5KTp)=|tZnX{2&YTg@So$PZFx?$ z5f29*zkeYoy`_Oio?cmxfi4K#?f{aXtd8+L+73c-FKq{s5p9~myI8%I zr`Oc73R@Yv~bB{IYWo-*+;R|1P7i1E-&-(WoatEKDu zGri(~heT7TA*;3T_EAj-8ZF`CD8J1k;?dv?^hmTCWQT|MkX0~x!~o7=%sIVeP;US3 z&0?cyy9LJMw3z^PYM}@rl7~+b?Bf}Q?OH%MtB`lR@ky?1q~_{0&^ssDG56f9cyW*^#$I|XNqT+tB)nC%s^(n#C zlC(Q&!oT=Dfh^zmKsNKQE5sF}dL2DqngX`?3)SpG8&?9N35wBtpSG^jwXd(067A)_-L?LAG}iEz$ay(1044&q>kl|B{yc>bDnMM7LP2=3@^`## zRXea_K`AbSVc}YtR%-RU(Fl3Q~qK0-3Wtm%ThY30~ns?soj?9GI$n@?{ zo)cE$oB0;Jn85+@8@*193#I6-s7Ub*3^sG<>EKLeN3MmL9IU58lTCYkJ>KG_|L?F= zTpE)%&p$FnI;VE_gt^WPtm}aEw+oGkMMGGb>MCATAO*Q63k>+E%z`p8eWD33;_@Nm2ep@Uc@8N9RU@vJi13&pd1%8c_bAL`*E_KL;u z)$n_tl!K+mc$pr8ZM&RV{;*slGCg%Q(9we&fvx55al2EE>jCrfMZ>(Eu!8Dg9!3Fe z3`^YnCb^4po2NB5W++J8lGGazL%7)7%WIO!+0hc_%5Y|J9@T7^Z}?!!O~ez~>3YJw z;e}<*=>GjpoAu<7>$2;YHXmYq8;B=HthI!%z7h{1P5P-oRgIpcivNkEb+e^(td)re z(|FP)&KT@q7aPB=4kfElr?;J-)H;&DE3S`HOrL25lG$Vv+ z5zN=!`)R-_pD4v~&}SBQPG-c_>*Lx=rL2By>u4I8;We6H(%%91Co8GNr(2L^hF=hp z_V)+HMkQoNKhW-RseuF40*M-8M++>UxMxt@lKmndTsUIfcu!JqZ|g}%nqE|GI^I5` z9*^PDuuN`;v*KNs!7FtGQeeK(i?L2%#-!RhqwHleUrs2Lnr3rd>$c(Tq#)zIVT zD8~&cCpp%d$lfogsj~Gw;PIAmvCCVm>mhb89Tof>NrA-mfLVeFvZQsI5vy&tOlq;I zy9kl^F+ntC;m*4->mBe=%H>!o&)7x#zA`6h_VIa{Y4D-|Ixw2hx>?42peSjYcyBI> zavLtL6jGx5yxlW3vwzn6?as9lOM9v9&)uQicJ3ZSIW2Bso$x$jowEt^>%l|oLZY86q^StFpgej%h^IpeP8fmI(-XY=}kAd{E} zYS3D6Nq`?pIpgKy56?=Y3;POG%!#9B10j7f<@elf*B-y@(g*~tjNxjXqw@R9rt^QC z`hM(xEgQwUv2B!8VsIdgTE`+k9wM?Vx*T=i#!-Pk97KoF-KC<#Y^KmKLZY9%L*U7g zGV1#&mi#b|2HUc4n!FF{cP>0Vyq5}#P3b++TYWB3*6edhOjwQnrIF3;Qto!fv(o`vsO~3bMqb&a@l@J9GRDe zMcjcWBK0|$hm{EtN_ZEm>TU})_BFhLkzIcbiLvn0&c`=9Nalon94s)qBldmlt=K^J zE!s}VE{mi>NIM2l{xMA2w#|pm{UlvDo4li{xv(!fR6_xpeYWl9*7fIqdO2LDOf3|; zMVsbR-Z?&$CDg8mA&XGOdf6~Z4vFlh>A{6dLmbpp|N2Z9BF2|ewVgEiOq8bxB7p-n zg}$^_kDvB@Zx;~c~&9woBQae&h{=iIK`Rq-Agm8HGw<1 z+7&br8uCkFPlC`=_zEv8*b3j_)4SPOGy^J}7h_&7L;!401mU~6qDtn2$ZJ3WZ%$SXLJ+rAXIVTt^M7WX0=B3P)5M`o7gfu&Fm zDiu}1UT7#CESybH?mYeO(1zsH5DnqKU~766QpiHfS?h;J&tH>&UHmwNb_fEAz7vI% zfvRagkwoH8)UrHZ|E(wh4g|vcxbe)xG!x?X&00WTO!YHwZGp-%*09J)sud_K%2IUq zA`RS)p{4XEpq(mZ$KA}m!?S0nyG`^TFF3h2P@DCakU_X0vPzyw;-FcPIqVj6#wt4P z=e902YXi_|j}(s5cdXKtORUbeK^Lu$!jZYw>JH$xxGh{mcLTewmrv#;dRx6sDS6NH zrTyNS|I^zcJUGhbm(+}C{?N1{uWU&>_#x?anX*u#XG41ip)>IcCct`Ah5~BPazaEf zqFGDSZ%2HgZ|>CJJq0JynAe20p>uu&JqJ6+FcSG&(z%W<(>h~61_>Gs;}TI6)Mc$|1|Y=_|SI3jKgqi zxYPmO$dmeyiSr*tJ_@C0!8Yx%aSlAwnd$cBW)4=8Kwp0|L5=tm(d5#XQm(@i96FON z9;Ts+gje+QbOU&gz;#g&P#dZe^vpEp`opkEk}8t&&@1$sX^wR5#p%Fzla`g;Vt0Ud zlZ?K!1d@{3iZg;(7}ss_w+N>iFGux%AM7ph zAn-UD`Zv)nQf0mGci_|qU=+t}*$$esAE&91UKuhtD>6BUghTXJ(+X~)ubpoz6*gWk zMGY^t)CcndtI9dc@#i{r5`tzA?@brQa!PYx9D}5fSU~;U!XEu;v)>T!N1lR{K+2E? zIj`SFd?`qAH~r~SH3u)-U-@46irv!1PK$lz&5G2_coKm*%zdwF3!|7PP0DsGy4Rxx zdw;L36OqFP>F*#qZ{EMKnL)Dv@D~ogk1j`WW2{RTuE)dpQ~`)jWspaJ@FK zzgHiP1anuw&}~LyeGOsPAy?H8ehw##5M@DRxMr3r*SdnYY-giVkOi&uMIlcHY~jn9 zh3@kT`TQg=u4@ZrBa@pKN~Pe) zY|wqX)hS)^rx$4qy(R9j@i!o`hF^LZa$Hp;RfBjoTDt0A>tYU2;P#hs`7rsI7(piqZew}K^T|s|#(@=-N zE}Fg?nHKLf-$s*zgX%d$5(AIh=uhmnwpDx>x+a4C?cW80qTl$!9cIu*KYbTXnJ5m< zH%2X4S+6T{BY-qmG~S<1mEd*=oa+&>6C<=e-VQZH+X&Ndwy<=TLK)|tXWZfdsEI-q zX^PGEws-LD#STV{-D0oEt@I^lUJjb;o-T0Z(lrDz$UOYF2#?Z_no{Uz(q;7pR-E^d zERqtKK4G&h-O4F`NO(6W&}g7%EjCQWay;U$gM^k!;3!XylQ?|f)EY|G=Y43SvB8Z5 z#XK<4KSp{ZNnRYO>0KFToiuV{8X)&NF$uWDsGUbUgz4IneF5 z|2dL7F^O+K*u|HyTE=$I*>y~=oSBs?K+C<|I{alX_06L+w;avU1D+2=Yv7+mC!`h{ z?JerdN!$n!z5(`J5p0I=?8tw7>CH!sGXk3HLLetv?uc7o-k63jX z|7Pmgmm65qmdIqR!d|faPYYkOr9LA5@Gfk6k!Bw`si>+IG^FHtE^yT!RiWgzt(1&b zT{{=3IW)Ge{W7O)(o|EF_!nR2zsNhX1WEL;?RgAm zQC_*aeYob{njZ4@`CRVOW9r*FBs-DuzsNC2i`b^+;+{v24wNq5PYX)GWZ@U`&far! zA_4XUV-E0M*c5+lh>{%d;tTf-eeD@poQ zu{2GPiAHQBXk@8?XNWj)Miz-mDcjdG8FWD^R`F!?rs86m#+40IMn=3DX;eYCZz$^pMn6b{r_QiW%)Z)GTq} zi-?sFlOHBPw=hyLXsEJjw=hy$hGo8*vJQ)+GWEra+jHj=D^g0jBEF_9YxMs6@E>YQ zwvvR#O~fblcZ7*F67n8TS@99NL_D-$@?!Py@TLdu)G1dz^A z2T2xv;920tq7NT#!b^zh@4+m^tAZ(|V^$7@5eC=wOM>KOR@@ZgigSc?V)Z4&Moc^e zd(^`HZH{UQhmi~L$9@5|RTZD?EO^PNXc6j>YOttK|8=)()%-UxJ_S})Ri-Ns;==C@ zQu^>q@L|*Y@B?w}G?k!UD*`GMz~DE8jc8}JKp2G?c{jM?+pW;r}M^z^^?6dcXuMGSm+CqX+Hf;)6Qr-n+tb$Ccb1weJ~FH4GUurh;%E398*H+w;PZCTWt!mSCny+FgqY4^kq?CVzwxqBmFG}9 zAg`1jT2RU(L8qaX@CBtYaMml}l~0&PEhu$u#E75M=Kg@by;N4%U>|5+8_&;!5KXDmg3_10&a$&~`ALi-`Vx48J}fAC z6fP)jhrfS?E1*vN3e<~#2Cq+Pg8){XyALnAiJx2p-gieu7Kxp&#eA!$N;+gZJVhd4 zKk*blf7gYOy#e1qAH35`WkKl--NHj^8x00)&$rZEGWUo5-J$7KQsUB z`!52Cd#9q@SrIOfgTY-~zo2x_U9l9rT*lYn7nH1SKpiGf->(Zwqks@KLYxc5e~Cm* zXCme-`7#>p%91UWgW%}f{X)eKcSRK#uN_bSRYvs71ZJT6sQfWrSPkklESNs^Z9!?< zjLejaoa&^Z7nFKp6)Snjevs-0Az6wx8sZE+T2Pv>m(v%Nw#>`E0&s;;8*25GIbo4x z{1*dxy`mY+722GNJWqa8!B|ilUQp_1g26fnc`hjBbo9ck`7erhibm)m^hHgcrziyl zB&f%^-?3Q^{&|+=G0&3!7DxPcK7O~n65O9xCEz4{LL%$ieFitP3^kqMtVnc)z(ggR zf1i3vm?7Ov`7%%mQ2dPee4hOAELy@hH{ zJ9dAFuj0M<61{wM)ARUDNkv%p2ij3d0bA;1kk}Fj1wNaO&+H5BmK1OY-6ePK3>Uo7 z?;Fif^e4!+i_skHG-gia5~=?hzRIygUap|Sb#WZt05pj429bKE#6nqb4qG92Sv^N6 zlVZ!{?%GoqFoZxBJ|0A7AU*m%n_;2_Pz!xa#?en_h10z7pH+^a=Nbywubi z0-c#n^v^OcfpO~a;+#V-Z71276%E);98t)J26A_rEjGnA+JbY+`oZz2!)NDhr$pv0 zf`_6|!6Q=BZk(CP^QN(YDCf%l=P6svBij%*;}W%>gV(=;onE>t&GQlCV27lRh&tGQ_#sngy@AZAK= zSH$!4mRGwnt9#7JJja(4BZBp}@v7qJrPLR;nQXHq7PLA5BL|w|+Aam>y)Lm*B^H$YDXL&53ynnvDfV?1Y~zDBb-7q=Nti-D1TW z8^V9tN{$Cz3%avx7Xby0(H4|mRDeUdpp%kHjo$*=JToBqyDR{I`xQk0>VBa65(2%h zgFYTdq~N#%naI@w08@SqHpJV$;Mjs+L1L*s9{~Qu1GRbO))~bWCxt%v;Gf?tC>5Rt zAJ8WL3XaRih?nBP<^2VLcEe+EEG|J|Vlc}F2eCk|s*=c)|4fzbh*c~tT2R_E08XDK z0_S(I!wXlE;ue%Z?@JLF%~D)YksY=l2mKmna3U*|Drf;B%hE=FJ;}!8XkYKmNuG@A3BI z=k3AGxJv?q_v&}(f4XmlinYd6)+_-Gv?n-l^bhFAE&FlHemrGAp0Xbca58xZOr3fR;<{FQ0dG13A}Y8FUYg{v zcnSo*7nmtvzl1H2zfG=hK4v`ZOWQa#QDL>?&Kj$#VchIr21s z6hV7*Z#t}BLV0(l&xkP-WgX^`V;$OSJkyhdwJ{4{yoxbCbH6_M&IuuFN(5_WHb`w1 zBf?>6ds(EUE?iE#`2q4#bkZ`uSt!dBHns!~1fl}61K;9oq}$aqYbB0@^);Nsr5@1h zUdlXlz2)B|5B{sTx&OZR{Ua@1W!OitY-mBr7&L@_J_FK|!Y2z#y_Hgneqq5T=owMq zEWhz5_zO)PGd}Z*pg7boxeN_t-vbaXn+)R_S4tmr>;Ith{XYy(1a_q$ewURkmPSDX z6(kp6l*M?fU}^omp!6Pz%9Ll3h;nCvyWBxcP#g)I4F}iWTL6Gbq7L@gVpbUb#hQP| z-~C_vX#96(s{f1ZcQhRTKC~a2QV}rZ=3)n>bB7lppv$)ye9Np}kb~Jm1FzqKFZ))W z6DB5T;omdhLdEmF&;*x?n*BNk5|B-k(w(fS&Vvg|eR}O#|NDrn7rwKX48ldD$q{99 zs04s&!{PaQP^LG1Y6#OF@766i!e!^tQoSKgTISX4x+NVT9n-Pqrs_syRLFKFp-^M< ziYM^U-fmsdq3)ud;_mQI`yVWtQ)6)m)UW5~t=}=OH5o*Q39;IfhRU$KiqDHt-Md3IaiwhC88p5|xm?#X_u%u!fSdVyhr zq0CBt4|hU<(g6@zx`;3^Bw%GI){t0&pd`h5(i!BhmxLw3_49>e1sf9fJFe{|>woRv z?zBH_+MWHS_Qsbb+ikY3sXv4AX8|$+cTc_8cm68}`_q`yQ{7XUW#nJ|h;8#r3UDfP z(v^XV8lRa}wIAdx*?JG}8ja5FITy;)ez9J4{7)a}n;OYV0R5;z=_gjlCdFhX=mK0> zJAvxCk_`1R&Jh50G*3iO4b`dpEhFBWjjiNQrV#nvxC1Y z*1&B^MN#Er&-A}Isn!*qI9+O1xrc*G{YB;OE5JvoCQkdoG)eJmoaY0wLk`Cdo2jP!BXesd2%gNrxEN!0y7HH!s7QjXs-}mfAPG`S^;fQ(hc8 zA5pMqwn*v1*J~7WvMCZ^k*LC9fGcAf5`=mE-DFGDHK6IjUFsq<-(|V1IVsVQRT45& zI#TF6M6K;^<4goy)mn0Rcu@=KgrpEzDg;)ivSUcpUqCe97iiwDNVDNg?!^%Vh!B2v ze|sgjj5p#Uf6%UqS~mPlo*|s}88?s=`GUePI{wK%vuMYD9QX43Jh zScOhVm5WZH*aA@6u2wWH3NW)|hgo?twQ2nFba+7 zW2Ed+;hn0Mk``fFWF_+J|!fRK{`6g49$@+xOhITn3Q#}yGdI#vyAjm(ZO!)t!@64!5Hxx^RAV* zRiu@Ay&HTto?9j^%8=J~HA$*FwO&^%VJ|bcgJLQzE~XfGj?}{)Lc^jH+V8(MLYJH3 z1VkPGffl;o(9uv$Kks1OihB-C9_aq;^PYdY=x!{3_pY|)gHgeTW2ggnQ2-=*iZ%EI z$O5?jMPeL8;;_l*h#E3S@c}xYm&{Yc#oxy!GL6U%V)gvE*x+n`3%JnVzmx7V1GgHiunBy4cY^Kb?Bv!;DqrGQZHRVU76@Rm1Z8bv!g% zSwS=lT*>xJQErrOTJ=d!yIx>qfqgnQgWFL|ob+E?lO^O{`g8Qx*R$on)?~PQ^xX|7 zyA+M*MwFEo6M4K1I&~MX)ZXM&4ku_Uozt!Fz+7oWU9O>}%#XGKl}DGT=;vN0tKvJkOYpQ20T2nu?{w`PdU|4m)2fjojNGg%QtP& z^?R{pFm$lF%r4`-XYRF}z`!Ej2(d+3DJ~+Vd~9Un>l%gzDfUQr?K@?^?y}l=wD%iq z_?&^M=bKtR(x+Lui))YhhU`8`yQJ@EMR-Jc(Vt8C*EgmNtXjFKWG7}jB9gFxW}6B; zBy?^IcM=iU@nNmRrP-vWNI*f36c99t4LkPt1!gHU)jVA6^IY}VD{JhS zC2^YGUW1)m0+kGUxgD&_+2Q=dO+fmr0LZ`n8XgUISy0v?j!Te~@QbgD@;fej_yrKs z?moHjmrKaGMGu_qU357w{eD&Y!b)FIs&!^ZUd{b_wF!kvZbAux6~soQ5DpW_dF)lp zHDh)`*JfQY!Wjbr+FVe`KD|-=3J8f*3$9LbM=)<@jG^6 ztlv_4c}qXxLm&;xv&J&!TA0?>W!gG#lip+*DSWr~91%r63`^+rTE)FMnBnv1=c6(o z<3#TrQ)I%aI*CnoY@PR`$^^ICS96`^w%?x&0cC^i5E2B0eHvMu$aIVbSrw)WW~gtL zTF)2&S;SbXOqKsm!=hqcb!|M6quA7A)vW32lJ{6pdzle=Pt(^`OCvk`H@8J!;=jtY zG$l6G$TYlOa+WHgBCe(6L-HcrA|W<~ref8M5@N2z#Nk(w2)ml#-t4>!bbl{W60x>Z zG)~@)qb)!FCI(bIYC@>;C7_jSx92$g@syygU69y@duonGZIu3`ma^#LyuP z2?(vcbmDR-n5GT5t!U8jk)4DSWG+ZIo#ZKCu(8Rpj(9ke{cbPLUYJvL9!ZG%i+g{p z&v5gVzmek;3Rj9#togOvMYA3^rA`X&{7hSUBwr^*%;kTo77wxQ&h!GaG0%NS9>3g4 z*iW6!QY-(v*P2Du$sHcq`sSP{GA{58HgYyB?u6RAGG;_)^6jUNXXSVCe9#$Ia@3}9 zS#_T6m_(um1x0!7zeAozQTtBo6dUvD?3oPzWsTxfw;#x?;fiMAdOlYlPeob ziSj1DVuUU{b+aT4LXoi-1Vb4f2B&x&L%TOMeqnC#sp}3`y)#qK$uWnSucjlz%Pihs zRn8aJPy0#DWmZ)^bJ%3S`=UL?Qs>X72&Yd76x9z%Ln1VrwQL~75C=;V1BLlOCnCS^ ziO~KRGo0T&B*?wH$+?UaG4XqCzU8hSv)Z_!O;*we78{i27=ZTJieJ%$y+`6bbu@uT zui?|lDj@zJ zc-SAG0M#*B#fmN(1`3^dI|)SiD#gkj{yS&_n=8=qnJcvVoXZL{5K_dgg}V=k%O*=F z!7>C`=1cdYIN{p~D6(6hbr>n;N&L#u*2Y-s`q#pSK5)d^GpI4)CH!Jm5U6AvRh5AI zSM3YuC<=*{a?0lG3rf#m5k_hRcp;gs^!Yd;P4=*J49xeSQU{QFc4SijnR({_EBW|8 zEA@63Ub`*Dl1~8k81JYL_6mOWY^L52AlGa~!~#~Dp$Q@vghxt_S0j<7l-IiSYd(Hd z{t9G9_;;WRXqtm?CO>U$IdQg2uf{=_>^Nf>b;Z4WV-r3RhEW_Q-|h#FgYIA@65w(wasjIGeJ*q2CRauKTWrvIR-JAWr28INlajk|{!R1*ft3 z?&AD7$?x*JHK?R|XqlCzkf?*A(rWszEGUJP8;cAxO3COtpilUTeZ+BX4rfG99K+ze zLla>&ZhK~;Voh^*3_&f-aXTDd&&IDH1-0_jYTg+iftif^?=b3@VhhyeG=&Li+o&WS zq0$jO;b=;&0b0_5WQyrR=S0PNge^G(SkmuMfKx0Nqxo%LQx#osF;CFnVqn+T$?;$R z1_Xzgr6l}e@sdiM&B(gGsan)ZBJ#sSc=YzxdwW;%k% zI;*|$YfEIZzxu0MRLaGVMdd@2m}-35tZg_xI74@`W3cc3AcKQZmw9)W;danNa?p+2 zld7K4$K8jOD7gn!MDlFF2;66G9a0Ke36 zGl|tE;w&gFQ=pN&HakTT?Ab1H$FzHm1#J50#X@cxF* zJ$=_O<}V7DXjoAbnOU$-oYOj!2I%WefzsVF4Wx_T){NYgT9Lv;UCA(>4XKfie`y~y zK~VcE<##GTJQm~&PnSiJ+}q#*V5~;L9Fms^%TF9hvcLV*!G>=$B^5_t(^*THYh*si z2|=ENG235BUVVCoQE`rYwa$NIbsz8}^F~&ekuZl4>OHdUy z?8UV2TjaL>JmGEhZ5qEkmtSRhIKiN;-STqi)D>jh#fB@EG@C{+b#6^n|)6l_S zV45il5~@XVCRWhsG4Ynd7#l~R`}NI3_#xFoxolyiT}G^4`{!(3oVc+kOa>vA8LN4*yB;kpDZ zdyAcTw+G7NA&D2FCO#p;Og|Q*6w3^NfArwjsb_*G87c=6S9p}q84M$x5E{2Zs1O&& zR1jt2gPV5*{<%5gBq<=T^`d@dUT>x|T=c3b>vy;=^C9w7Sz>evZ?vEkhPni;YI2H{ zMg{}nVKlbgg*KS;)KR$_Mx{+Rxx!DJYvGNc;waNYC;7A}HWQLTIPN7+P80ds z63f)?COZd239&k%dmnNIUg3G3H-19tQl7KWF@!-CVOb+hX3+%+`rBxOXg;sK8Oy<- zaL&@r!3E3UX%;)fUU1d>G=2qEVMMm;hl1Z>kHUu4u;Sw+yAHo}&hNyp{pa+a_}Q%{ zuZGG<6%%91g-9f@_Um_k!#aLLtio1XX6`JonGTfhmw6!9J`a;jK835Y9UWieLp@+( z%E^ZMo(gxct z{hWNgr#v((lJ$se1cQyuQP(T15u)OQXEOSLx?GsprDd;h22BckdWe8dI%h!G)jR9w z+2)N(KG&=w+*ADMXc}T2zY*qvjx(M=D&czt$ zJ)MutWEzp!9fK%#vysB~*p-LUGlihXKPKkGa z7=ASHykAGxZ(4FasDw~9{&W=vCd>?YddV|br-&**6bPMJ3uN8oi62XZ4iOTcG%C!a z&JkDCpgk3u@Zut2d0#$1-*9|myrb!L{rPM3*s`$CgCUt^1|}Tkaa7vKiay6RGGpW( zABzeL7vw`=kx`e03Di)W;O_MZbX1H@s&&xY-`86Xe8jYCN{8NJd+*BOEz0PZI+ySp zYG&Sk5k)35Rb*%3x*`ED-7c2n!g`z8My$qOnFaU3-%NhJoT4|8n=yT}xjpS3X<5I7 zgj^7qpPg)-_b4rDW+gRwij%&w2a7Z4NSfPa+4|*;b&LlCm*O>r41f~Sn!_5%LdE_? zQd3N7qv!N)xL$xwQla9aL{Or4czvr2Yv}-zMd$;{a~CBTbQs!&pJy+Rz=H{Z{~0tz z3bDypz@w=Omh@-O`!h(O*h%N3+fCympr7B$mglr}#)CTjGB8Em@g2W65nv|IIa4r< zN0Zlz3|u3o=4Q0t%Jvyr!>FrfGh`K=tRR6;z8#438`U1a#_f%diA5)ERFVhYMRi0D z>G5rVMM<2b3fT=a_QKnnVW8SHRnG{<=#X8dM>~t_u7iA)MD?nw=>Y|jBoJ5Al0`W$ zwhskdLS}peb32{II$43%@;kBq`md&NCl^UIcVe=6usdy_L&RtwgHFdZHG)x0|^+ zWN>5JSQY8d8MePAoOA884EwNs(Pz&V?%OQUXlv$bN*mJ%h}%-^i<6iJU>&(j@)Y)d z&17z%JlD->n;G~DVuyOqHdF#pOJ*&$@$IIl`jEAd4GM!=F^Y}Xnw+1x3RU0WLFWi7IH41WNIl1sg!^ ze=t&w94^*w=C(S6<${&Cf^6AK_7hzOm4v(;K~mvEpf?F%VroE$FNhj3m#_I8i4*1T znc+0H-&r)vYJ~=7B&i5p8lV7+yS}HOzMX*>v93C9q&x>qu-I1GQiRbm$e6Mg;Zt+J zrc+eNzst*NSq4Xmr1R!@Ne$u|P~?LUg;aL)Pi*%-oc)CoBJiPjC3tO}ul|M5BXhW` zMCLIl9mLv*qEbZ7ftCK@r9$h(WYf^++?Tr%#5POt_~w6Wj=gw=|_ zb!d-N5^l^K-O

*77^yXO*T5)Gx>5mhOC_0d0NnX25>Q6z?v&yw zJl-!*#LRLTXp~*;=W~-BZ7BUC2I9c4sRHB)pONB*Fxn_T!&1r{mdb%A4oL|@NVAJi zxaznAaVjL6!CYz+L68x&r;luZ?-Hr4g9-(I&#h{)QypTkeNSB$c4q36K{@tHnPQNJ zVPYuU+#n8X;42ZyjDu&0;6Khh6S$(ix@Ckou_*xoo*t7fS*^L#y`L_Z%MQSE`2|Jy zfj3xCnzi22bLMd%RHT77#mLZL;yOzx{j)&GPOF=#3%pyLr&Xn{Xg?GnVv-P!ZbDdiQo!wSt@QEL>b!%eJKpA;G6uu{*!ZC3f) zAK?5?6wgOYS5Ymqp+&0fBRElqrx+?nc zRUOj+1G=~$bo(HdAQvAJc?nbFECYyAcn(5bA;E6hNhC%bsaOHD81}MGbSWz|xX3<8 zpd`isG9m^HcY;Dg9w*h5`b^OVS#NV$Z*jnnaEQA>c|QIwswEPDK@}c9$s1Tx{WuVs zJm{Z-h^Z%`&t%&U#j_@?q7W`o6d?2kC6lUoAm=eK!G-3cL;`6yv6l96#lNPS&VQ;3 z5nV_7Y#qjuD8v1VY^30lor#hRs8C#~0~HidQf$%3PmO(AP?|eU>8wTQshH262oSIc z+`yU(VpHeiW;GX-Zp6s%5+#8Tph-2+-v7*qC~r*NEc|nI;of_<4L2XZsq=eL>h8@O z&hFut7M7TdJuTh5=E_p7MJb)}S|3<4`J?tnA7;X%U?kE+;qjNzd!?c^l>z6vfB1_Jm`|!7j@QjZBMD5ic`TB;IRI&Dn zeU|yQ`|jU6uy0w+TC~v(y7mR^T$Uu_Ou>l`rk32=7HwR9g?&mEBA8hY7kDPWc<5P} z6Y#}wy?}+TBCDNltwXD&bKbPLaYUO5+U}^UZJvq0^xV|9zL;uNGy;T}ec@ z0oWN*5dyffx=iGnY%LJj`LqFC1Fm{OiM9xY>;>N`>p}c_#RlJKkT$%>3)f-amMT)H z(_qS9^=yR{@ih=9R)CsEM;R+LKG0+c3c3IFjj19H)SSiZL^MSXIID&RrHwedA0LXB ztz&8ebpCYV|1hFYp*CaYb>ghocdShc8qnisAES`uG>Hk|DFjHtS}M?n!J|hD$A}FO zCq?4$UT^^yg1}HID>ggKg1q}LZcC)>_lD60rJ}!~e{dH;G?6^hikY<#5@hQ;@!#Md z_wdI({P7(A$Cd5JbNFK|{jrw**bjfiH2=SkX-HU^W||}!Nb?dwQQ^A$p#o2~ew4L`eqt5KhUZYzrVc0{v0)A>{~_t@ypTK9*fn~a-Wdj> z=AecP<;TP%6-OX}ou=1=O4 zU&u4dONR*az9a%b_5ona&p318iwKunQ7WoPucy>$HM`-?d8~1{yxyt(+PYRbLF0Dd z<2~Ey)h(xx(4(2*If8Fn4>Fcf`fh~um&mvF&u&)iNc=a0(tpiF>wg92|A$G~zbKIY zzg>@5{d~7#PkF53DFqZO-taVEsqFsFAXy~lO?!&nJ7{W60n)W0{>%EI%F~XU6g~cE zBu4ZAUo{)4L&3qHL*~n%Q=k80{%%yT89D%W zQ>!Rz=t8S%GNy0DNkCm0rQ@ckOuaX^U$p4jvrU4nw5i&$hl=L~SPe|6FuqQQUeoNY zd1H-8JRFxR`s|yzu08OkqCBOYbW`y0*OZc}2Yr&;d*br?TR%1&*uUGZMlknqMY=CVgwAF7>TzP`?58a{rJ%l8^n0LV0dy>GgG&; z4R^}*3OfM6{KTt5)pP1w58g{HajSuwoTLXSeU9odzU^JuP9#O_)DA75B^ppV?Fek{ zHP&h}jOh3Iw%bSr3KEDq#1LjvxVb3855d6eqA)&TKYvhC{`tGsCs;qz|y zCr$NrtoqrrER<|V*OyOAfjb{sJ#e)o5ag%I(#V7c_sp$0znh(#pEY2&zTCEaM&mZW zdP<~u13-Lg$84b>Gey(Znk|(KoVD(@(p~gK4$iObo3ko%J@@48_PD&j0Sxuq`RD{; z#9D#wjwPlWh4aHPf4=|x{E;o$!}SLLOOu5$wer>-k99FsWFQ66U335}P;P0C3VE61 zX4%2lkR~}O0q{CbGp5dv z4^^c3IIQ2BN382PSNhAx<|ldkn160Mgx7}qsb}>m#ExMfPJ_wgcF(8!4mlsM|Gh~R z`k{2ki|Qt+@*jacQKVrTX`p_+syo_q^|hm$U$q@M{NN2eJ$$8_b8ci%pBAT{4Ert-$;Pr96dswsyH@!rLj=zT{D z-L#r-67mD(70gYtpJ47ZmrqNhY_35biy{Z2_ab2rWLw3v{^-|a(=xJi6Y@nc)BM|3Na zbw_OITyT;%xT>jhF+jAHyq(gjZkn{{_;|K7gS7O$?c-BewQHQ?^u)GflW*pG_r-+l z!QhjG^D@jG@kiyf>ZPOK@QYy!7vXN)^I}!hr4Hfe7x9!$onn1_dXl^DQDTMA@|q55 zIZcz=8n7|#!b_bycT3%}a4a8r8K|)@SG3SDS#7Kp=2n@&>m?kRKVhyaaN?0H0kqgf zTjq}iSn>-^HllEBt2dQuL0;1cr8w#%FYWa#jg#8SasV(pW^t3}A(hN=xImu-W$9apA#D3w>^0(-d(33?XnI6o0_W9y5>_R% z^~j5@H^TOid|gqc-sPL)v(XsZN&TqnFf%B>M~JIWwGB#%PS?S%zTCORtHSd(ToA}6 zoj$Mo*Yn_Gj~dEKx3q{o)GKsr9$AT3?e|~CG^`C3b6)3uOJq8b4~jjfGo`!9MxbLE zO2{NGufZsjk0ODfcg0jiyrky9KPU6*d%(Ydzc-1yW+@g(IxsU&X0z8#a_rg$3cj{c zEMND#c1LVrhD=*^9(kNFv&9#~MzG6BnyH(R_?9N;%&yM`*cY}5TZP0Gl``vVOc&0D zI@GeN7q_EWsInHeMQiJ_Y_DwL!+yrTd<*Ye4=1cCPzsV@m6_ZW#D*q4HDHP7&G&Z} z6OF0ra0NQWczMu@Gqw7ZFrU>sVAhHwe`VVpr6`5!ooOU(Q$X{+%@~Rphl{`Sc zFvxomy}O|!_EP`rBFvCf(u8aj+7pmHI6W0fCL5Ee&=B_lhoI%(BqN4NAG@XM(mmZl zih)PD{TyA|KvVe%kDj%;qz~yG?3bu}?8hUH*@S1QEpo#qN6{Sz;`H)2{@m2)7Yj;j zTTb1kZ>X%eqo_@67ly>|JCp6_JQyv2Z#>*}N5Bkh+abYdbIy&4zOB79zyIV2CSd)X zuYPmRFUOHkW6Zs<6e9EhJZs8_+2X#QH zti_J{q(VN8L(mJ0#i%eBjqwbdydEOeY{eG1;QC)37F28tH{DK>UzlO(*{k+JUVJmK zcz2Zco!Hnz!+t(y3VfpP+CPJEi`&V+rV105mbZVDc)E>OiY zGHLyV9NE@{^3<3!tE~4Vp7!(poLPHwncG#9hWU{VK_nRsBY3H)a_5wn5enZf?ll|L zxN)*4dbqtAmt!Khj*Hupr)#I6Ul+fP0& z4#*QzFbQYgR+!w&>w6i>#XkMmgvF(y%&Ip&eQ&+x^U+)IyX9cn2y=T;*|4v3s8{|w zFf*DM*@%SjQ5s=`yab#}d02rOJW~D;$rSYVcFkNO{|Y?_(aG_&<6Zg0&~+(k!anRY zC5}Z#nRP=!goq6V=a&S@R8ruhzE6_B3@=e#ocEytrxSiF;LN~z=s>>NmqmM$Ov-JK zRg>Hf(e*o2S3O+C{M|i`ap3IXar!e%v%ojPbgSS+jzRj1ZFhz=Q#;|ghaYe2(If|s zk1jraeu=d{{lGO7T55FFHSn}}CnJ~5k3|e81SeV;JOV*`M7lD;wV^hCu zhC1>yFjQPl;+p5c0`ESeB!mIp1#L-*47=)=;mV|A=?wX2`L7Q&F}u zKSDSGwR|@r?3qXTzH{TdFlJx$BW1e_3iM-+#4$w+~58ct$Qj@0zJzTAQ7tk=LZu8X>E`m{uB>v zRR)Q?qzz*FRIgan0c?H>==|{YEsg!j*7zmllQ3`((nUr&x@v9ZJYYR0R3kpM`zzF& zccr{G&S6`JTc3s7q;q}lVBaA7O9YNjQ-}4Xgkj6DznPb zCd&d5Qn>NyDXj^&mY`e9x5r$$rl*qU!S-O-t+I{NKis>ow-V!iLyXn#=^#ZWy$C&C z5)iF062~f=d`oh5F?vDDq}qn5T<;f{^>2A@+FHDRUHjoAOO52xB({9t(L^`vutP^L z-q`eJLgp%B3`UD$+cAT5fCyJnY#-+-c@P)*DZ>+5D)hVTiOJ4vVn#Pm}2Cu4!#aNsr3 z#5V<2Yqa3h1#5lkhG)?w@3$1)a5gF3eY`r|)z=ZL=T;XoS7z{w+~Z2i0n3uZ^Nroy z1{!C7_ob@SpM9~;Yn~xk&6KW9frx%L`qn8~w6npr7R97xp{JUQ@$)lUj}CDH#t$Xo z4X%}Bq+8-P>Yh6!gjO#oMG!IztmS$5KtD(lRSUe?#M1ASu2@NeI3mp`k3N}uARp%O zc~>gP1hM9>+M52;b0KSM#S2Pl2U7UhWfO*8y(=9;imI9QJ!{c_$QkO0ON$pKS+QPV z`;qhlqRKS$0-G$IR#a-AAq^i0Y4_?wn+hi8O!*T5CrrK>9dh5s{o;M_#-<&CzBe~< zQAb|U*cG-yiV-|?6@$WA_yNrBh3rVSm)h?E_fnn;zBsOAkJ^r`?RpSUd6x5Sm#Jmk@IS*@WP2o+Y2Wz6cDE=m1Zs z<*wKhZr1CUwvwx6!^G!pQeoyY5h-?i8>~>x92Xa0cO3O~^i1zKbiv4(eRSUI@JM8i zXe^-8%l|~$i_fyKBpq!BMm^oz;#{y4a~RnRR>a@I_)i6jvj8*F_%(n9rejp5p*gK44o#IajGlB41XX1mV!Edx zHtU~}cL~f`X7se2<>Dm0OAVQeb3|gpe$18U4b0W&jhKhh+5{r%P48QKJ=+2{3rika zKMWA{2^P<0Mf z79J0?gppI7MdXc$bD&tc9V>9yHgxE<pqmdTd@Ld9LaYZzN2pUL9UW3jZ`` z+cms(Xrhl*DaIz=*1>aL)U(T2R}iPGpUM546nI24rOF@A5u>%BlZH8+B(tWSm={l&x&X>18BI8ggAUoz#+}zVcSe_Q@YW zr)Vh{Re%OF6_wLFT=9T%7a;D7vmaNiCh0vLq_)na@Rll86U6H}-QWjs?agN9V}AUB z5zrHNiC^EY)2LtsMJ>sR-QFC%ygs{HW{BAU;^J!!(HYf_h63H;wW<8&vCD)d4Wk2f zk?L#zj#g|aWXHgdo1%4ZuD{v^&uv|GIvnSJ#7uo+;CN%y5~o(geon;_KvMJRu*f+4CJK5VJ`cFMVu z^Qyz0(|yBam!AJR`CpD(kAg7W2=tFb@`$T05W$Y`1+zHk#r3lF3LP@SJ@m>dZKx|q zq4C(t8BYFEQ9;j<+6J%Rmr41%%+2~YuN>twPv-aIQ665Mt=KlyTvVWo-mUFbv3YXO zi8MoTq~-a0pW*{VhQ`x&!wPZc;wZ!DJkqb}!aE(S=h7vaKZ_-i1cN!Ux!$SOMm`); zdbP$}sMh9Vyx!7dTe2hs^)U~LZ$s*l6K?l|Mu{t#I}~qN)n4MD%T2E0Dq{LJ60p;? zLB!%t0hC$GrLxpz)*=YtN;MQHQrNy;qw4QCQx#I2Gi;n9+x%d+(A4FfrPRIkr_V#~ zZwA{Ht_Rx3`~7cD zug?4MtBV6B>+r6&hQw7O$#DbMNDVPp3;rY`?ZP?AjVCOi@#G_v0?FWD>H z9#Sy+R#v#k#Wn+H6m(O7%xrHz`I*z2jn+&naX0U*B$53MZLK{~CO04TIuh3lKdose z#orR|624s9E;iC^1&>!+f#)@WFUwr;VDuJ6E88)RJ=!fet*)$1Z8_B&?4mMN-H4Fc zs!N65?flI`6Xyy1+jw@ zq;6UC02xnZpZ8yk_{5h7H`ZT%PvcZg=;mBrzuk>}EW5Gy1^Ql)Oxk9sE*Q?deAf39 zWBL1GblU}*rfAD;4^KAEFIl9Y=P1A#s^5?L*5w<%e==p$G4bv5=N}E63x4%-y~*>s z^+U%_nCQdv7R!aFXSRx#J05be@3PI@OmF$p)o^>X$-$XgIqZ-xih3M5U+J`@Ylq(^*hqrfvUgqoZq1E4TW-;-7nc z@`3i1`$9d%w~EV)iP0&~seit9G%liWZJ}bUTZe_B5T`-~-op{7QWkA~nAwwYd1OuB ztHG~&r9ga+oSS6vZ;^3Uv24CqVAVAzAquf~uF^Gwi>$a@N0ry5L*WRJE7%^3L}c;u znd++*V69x0(a;V~cdkpGzOmllbuMv{aRf6v#c#F~0~W1EUB@R-8oYk4vggq=s44d@ z^%wl}64#U7eYbCynsySYOHUIU(BZ|7xa^?C7tnGM1LrtTs};Dm=`lL2dF6#9-E70{ z@~W(k*=FU1y`GJEEyS(?AC8gtthps4CGjwxZ|oIOA{?9>Q)J}!_EM`ZiH~`~~9V;GXLDRV1to2IKes)o$*ok) z95Zx)i*bJ9P)bjnx@A}fS{ZsTfvXry<6D(pEj9!{9J*;JQb3m7oYp3lnlZz&kd&H} zSyXle^)vxjxy{`CQ7sjgQX;|Z36=p$GS9H$dB<|Yq00mQh0NQRJgG(`76&PiS0#2H zKk`OHlG7vNWVjNjnlVLc3>B|(2(fGqR9hs8f%k2A-w*B3Gc70w9)b&J6%#m#EYkvt z#aiJ?#hOw!Ux5k2-oy6RqNmctJ2hWKUmhaZa%0o?Rz%ElZZ%@+& z{&sRZ>{+)I=Q^-+K%9&-{loR8;pdF=R4&YyDpMW7tjY2c8P}hFelt|(x@$M3M%_|DROp}__ zhA2a1?0@zsXN6eb-c*4Fq!eQN1s=yI2- zC`~>Zp_D`2Vc2K7b;1^ZT;6-wU(@Mi6! zbRK_X@V9wxtlFzM$iyI~rANz2IWvKu)CL__%Bp>GbK6$JULq3{Ilg0*u>5^8C~me+ zPIm^hEJ2qg=eaV>n^wP^S!l&w%(xVq>Xr8 zVLBV8QCDJ9(d2{|F!z#uQ)bsjFz3{I7@^zK_4mG;?~&j+$U4Zc0pHAG&EKoz@H$Gv zbL3Jd*ShTCV1)3;#L;>Dp1i+|3-H}edhSAYYBqSPsQkM}n)LC+Y6qOQnmu@qf*iPf z^c)Rq+RaQ0FDw|4of{DUq|~;GRpnU`ksxMTF4Xqu5%aw(JD>2Gn@HGd^XDa6n|OBL zRgy9~O8b&7d?i(?J>`$dUvPQOoh#Hz@ZZ60WDwGTl4vQyv%NeTFBQmAv;@)S|EC_R zj~qoQWiT}=W3P6pyNt2|vuo{eqCs);&CjX?*FJgVL2uWXOtw#pL)vkg@nL7ypMF~f zf7g+G`R&~cOx$v@BlL+t#m(~=K!lt}BJ`?7J=|NRMM6+E@z~MVLx);-yK6o0T7FNi z9MxGyz5qQ;J2@BwKg0KZy;t)a%7a(N*{22^l{XE@^L&=5Xjxte*Oz5Xeqi)p&S+uN zKk%%Q!80i1=!UI(lj|Qkn*u(W*Z+d1=kt&sLf-d1`E_VsSYqhqsrhiYPLSar)DLd!E7~3n1Gq< z5C7k9!At+FtEUnUrGbaWLvApWK%YJXTwsXf)djx(q3!Vu?2p%gHNCCFU-L6ef}=`P zKv;2_pX{fC9p{>2(%L#+cxj{Gr-(A}sqNGAWL+JZjo6nccP76M%axZCDG}UL+Zd3J zvpgHTw5ab@6I&T3V-%lKV8H8Jc(2 zZ^4<)OjeGsjWj=1k=VGUsD`7(ZLj!$_*YwHF6N)~HS}8s5Pu&L`mR6Tw@C#n?Dvw37Epl5suj$_`bIn+S< z=w^V;1*kPryp{1QGtC1KAM_OBO^a5w{A;a`{r~%pH$^uLG|SnT+Bey0UHnG5w)Rz# zc^e0U5~u?r#o~j1a?rt^S*-yVg4uMpc8CA_?ZOy|tv?Tek>#lp-m??j??pn+%!W6n zScFef*n`Xl@-t>5TdoROQTb5@CmF8;7ER|CnldW~RmPD{1%{VM)MckMNx0?&GF@Ib z|JP&sO*K}WbY7@3beK(aCfeYk?(!pDiv94*N7;k7l~$BkqXlWVjwA=5yr1mYY_uv5 zK||{w)dEqPpZoVYWGd)1--4G$i0EFNK^`(!X{lglHxDoT_5R?Gay?mBuS*WX+U(RA*O{$k_moT{QrLQYL{Ql`hI+Il-aH$ z$KY%Tp8$;24Q2tC4XI%%8wi^8?GkN_LyRM)z|oxTwc)%CB&$_uiX=#H1`<|<)1xj z2j&NW%2Xi7C|_?LJiHdL%8Rn+SvBb3m|u*cwgL>&+bRiWSC3KjWrsPw;RF}Z?v5hf$D)7(vU zSel+qJ$#IZjtctZ)XA9IXk-v@)5vtMmm143MYDm3C(Qn55mWup_ALEM2{>*pvo@>B zhwq&}&iO{xn5B(^Xm4bQBSviH`>sd$!SJTAeV3!Me|dLVQ3{CtQr-*Zv^a0mZApiJ znfdAhg+m^x()Hq+=Hbo%lr;}GNkCRd!9l!B!%ZC|ckCw3CQ7xdAEOiWWm<#T_W2v; z9>i0t@I2G+Nj|dTbiK_VdA%Q?1 zC$6NpYsvRkX)ISGio=la=5T%uy6@c?K?x2Xt{Lx= z?dj~U>Pu~00uCy`8ay3g`P-K-x09YXkwXAoj|%!7!PB(uDjs7j{`B;ZWejMgho$=1 zf4M5%ywUyrLRXhP61mMZRDBeJG{0_@{k__h)qHluqhE$0QA<15_O6d|vzO!kJVaX1 zb0W+`?`eFggSK5~QDrj$)Z9o?q|9!hMx8rW>wGHn_RBCKK0n^{F?W_G8R8co3UP&J4!9 z65_MaHsZl48#nq&)a!U9oD~1MCIJ-Gejbi8P zWS*yQ7cZp_^%r;bVP-i!{Z;53@`-Evf`iobeWK5$e_N5I{9A)<`p7)_5J4v7NoI?^ zc)1twmXA4~Vq*y^9A**8(R)SMhPH|E-!p6No=KTIXEvqN$WfroeCV_~KEH}xb`v17#1n0r z70=!L)a!}2EFb5(x4I=X^psbYRyw)Ldnki4)5#@vo!8bvT<}noa=?>)NmWSTd66iu za>?yQXBs0fa^`^TanxxHu*E?8^DRrLE9_Ut7f_}=47dFX4^I4)b^;Z}N)tmyIlhJ( zhFGS5Nmi2NA(#Us4%f1+^KSX}ewuvbH$SV$t$3DtK{==Q02Oelu?L~X2vq(29k}DH zZdI>pW5ljw|`J*Z_A$?=C_j@W#5u?U+^i#Yfe{d^2?tOUR z*7YUQ?O3t(H}8`C^xCS;4as>;K8=CSHZvrpz;T@Ojjt3X_W%7>xY{9*)2SrDGi7~4 zDQ7U#h6mFXFLF_9D@Go@i4A8MR`d|2q1I;(us${5n9K zcc07HWPZ)(;Fz%^yI`L0NVno2yi^uKXy@L~oM>otGSP}PKIus%Fb0=P;7rmrxkF)k zpTmCqJGgP{yIeVBS^)9k7=#2RoenOxtzM|LKY=JO5)9$N&b>73dz0)bs%3#(BqL;U zKLU7b&o_Oo{bq9nq4>Q>rW(sI2K0)p(E|xP5L1=NVK7r7SwuEMGWc7hba_%MuuR(& zk`A#R7nU_zNC{l)$D6s4%ns@Y0iaGScMv;phVP0HN4{9I9R|YEr)L3n4L~DXJ>7^l z@QOf4#;R6zrYf-kp}DFw&Vu~pA+%kxWWy|NA7fp)VH9YCM2!{s*?>=)+clrUslqOlbdnA+A48HG zg4_6Q2_qE8@KCdTZyH=Pp*jS9_UXo%aW(gs-?ksqw46X-s7^>uUVn9PPOTb~v-jLC zZvc4E+Ms2k%n4Zoib&Of#l4!-yh6`Ks9{~CIW7x&B0fHGttnyqD?{el0$;ZBs*`@Qx*5IG<=n=)tb0;2 zQO!L*w<2d_JPLj`9q)n6k?vX#(5D5?wY|OIzP2z;R=x)}(bd~se*G5OPiuz)0&ke&v#M>&KSCU&K;o5p z?fBALWyQf+n8=mq1g`wo zN`YrKb4)tmuU%rR>1G)^2|_qu)YlUZPZ zVwXw(f7e|_&ppa__tn8;M}nAElBMt*2>Ak?r9Op+LiPMqJcVuQRZrD@U0`fHo`{Qm z9GPUWXD|LvKj5Q#v>YJ$)iPg@Pej%L&;`6D2Cc|X<9#_aM};jKy$4;JGa8hAk3_E0*S01Tk|Td5G~1QO%}6az1JfVYOLj2o?fJpM5I_7``mRsnU#;SLD)-tiI;ZL zUCT2z-#dSLY)~w|`46n(Q~eK9VtM*9G08MtHLzNd zPUo>w`dFp2w(qOK+phZ;Z*rwkXcN4TpcY6xzT^Z9RBIXDi!{tSeo@Xg+xB-O`aodf ztV+^Kkc!4U!5OmfYaMD~P3Nl}bsR$g&(VP3meSeIooH2dSoX2{@zk$eBvuqebzVlf z^CY;jqj&B(ZjkD?R^QBQNtqW^Z3Y0MI_ckt^3=uLv{=Hnc`E%yWQ&tUU+FzbL$m_b zIURr7+E3u@I{*9AIu`=&U|0MW@0a_f_i$q9v|z@lO}%1+Tf3H2Sn&c@33NIz61msv z{^?d_aDKAcf))uf%9*l!EILE`$oGH9{Jg3|8>tMCVH@;4sr=+ZA9kbPI;i)}-S^6w zZ8Wn4!rr%c+on##yRkaA4t6%s=XZ=)_d{C7Mk6013^Bt+8hzvXGpV zzT>x3oaB%%kw?Cl+&+y}YSe6+l*(tS;)b9bH;k^Ki|TR zNi(DO-#w}kU)bkQVU?B-HrlxrK)7WWI~W;TxClUDFD~#+4=wqr+`Aa+ zt2Y3MuUHk%oiuq%m$k%o6e@c0Dh@6E`=d3zC|pHy2y$Q zgV&0mRVk2nVShdQQ@bWRmx!^-O~;-W^q%YVj$ieQ zg$*yn zci=DZu<5FPJ~T#7AaA2q%Ua$YYJJ;S+7oZ;(YU?<)m`c-?iOQiLkBA`$h-Q(ET;65 z^JF{fQkW?;8tPCPc{4y+7yl*DrdixAf~7f+@pU0MCf>E|FwKW1a(7q)xDDPOcaW)? z@r5tPQKq3!a=J%Wmp83>z2`t&&EXR?*&!}Gs}4ZE*=*V%cW-q`?KVfQSd%nYEuKgD zUPq7b&W^9!DpiDhYtjnU{hiTE2D#>YQ3W1WgHPD1d8O_5-q+A8LOE$lam9&w2~_8# zFc-Xe0_Hk$#~>fojWaa9DvdIU7)AzMpfM`9gIaSXvL@P*PWn{WBD=lwZ~-iJw*L9e z*(Q(5r{{L;;$XC+N`5NaQifNuUo^w_CtoM~q9DAz=RAp#Sd)r>x4ykW#!L^P|6HhR zFY1Ukb@W}9b6eQEJo=*FH}~JA(354+fnDi}A_~?yuUfnguIe>qPa^yB=H(BRt#nuu zY@MMS=}+-rnQ@TYFh#>B$&n3_%@^>I--#ZnJ!3Azo5^hp9?9X%p4jwOzddC~r)E=w zmujrvAi8CM(HXysR+L3!)6(kfMq9u_Q&tL7fYN< zp#K`{qb@%Q4smgBg?tqoHm{j*7;8DSy!q^=4?$VTLMkoX zot%;)*O>mcek*t_C5bSeik%V18zBSu7Zl}0)mi;rh;+I$E!9@erIL%xGt&1$E)KJz z7OEvAZAD#-w>)YCkSM=?5c3>DDOqVnnN3cI+8;Wjt^%GOn1CavVV`=9!b|0VoPhLv zA4ryGcS!STu436AftWUB#4FJXlMTMU_RPb6+5O9RQ16Xs*LvaNTb!xb%0mcT0y6<= zSFaUJY;XgJVF_9U$%l*;1DE1USXI*^^z|_>pSF?LnA^}#WBnSvtO)x=?G@| z)9GKnP`ak~doB!gAR=zyg`o57y&_=G&Tu2nUOd0;+;1cQ}%K>|GXVZ06a1es8#}!d3Y@y-?9xi&U~w6Z~P-_!yA!v z=vJ3bA7k~P^*uy{Js1+Wy0w?G`JeyqkRbUl1b)8H?$HCjF@Ta7Q2j?N=YN%~Ksm}~ zfFv0E8-lSA4+TWQBHZc%D(lEa)wkX#o*!$Ku?Z1sqk1$wWVn!UO|GJO zLmOrRCIx}Tp($vMygFCm(wq9F_mW!{*4~$N)VUbz?U7uF%rnPBgMuGtjC}zr<0=>x z%-WSe-QvNygA9Oe<<3HguJW&N3v*yX+dk-8;H_c17^6*52xi{56xcc&@v2@YgGm++ z7gnrFyr=cGaW_WxM=F7D6QhjJ8;@K+uoVe03$UlY^Q5L&imvy_j}+UM1S027e{sF6!ELalUT9zt5mZ?|PspWoqpkIDTld&%S zJV<@5wN%8dWI=!Ly{SFen$bYGv@WS;zt!_Zd6)|q4Wnq6*-;EWoF8U#Als$hu2_w8 zddu~Q3ft}PO?Lg#PRP72jCnzm&`gr5kA7aHon*wpsn$cOEtnQ(4_n6GT{*Fz%iYX@ z>a#^nM-ieh^(fc{Uev#+Ye4_WWrfQ(X1)?QI^;D=OaN$RvY;OydAIy-){iuBxS}R7 z`k0;Ur- z@QfA69)3+*(>Dv%)S@%>&n8E(%$j1wQD8XuAwA?^`V3bw)u!20bu!^#1CrNVpnPG< zz`SRyNB*s9)6)6wm!8)jcS>f_H4YS20V_i=dZMqnh6}7! z9mzRpL0&N16oXdcMKRE4c_zogoIwoWp=6d6xQu60NZ7n9-C!QFx$X^`B^=gm0AK9Ou zXv=0j-{>)$zC^a3WgH>i)8;1hene8i@|GPV^HdooLV%?h(}DzjhQiW@dB?(2E#3-H z#S;Q$>ph=QhC;}9{wFh^H*6dv4Rm70TbsVk4u?ulSlpAw>_r6j1Kj(~&*MzXOqezh z5y&OW@UQc_xtQBBN;j5rnW-emi=zI$eYeD? ziBSdMm$ouo=QqGBjoou^S13wyw0D5hPSN!tb6dvg3RT{;gxxCBq?Lhb!S2JtY(Q!p^$^9S!^UBjtF{#HoZ zo6_5(mubw%`JoVTx~&4@_XpGvp4N-sG5B1@2oODRsg~H09(#i_q%A#f`4KGE&RiV^ z384(RKN-_mD`K@Qx&B!8Xb#_k4Fa!h|Ganmmq!JW7d0XaPj9@*c_($x5%az(ug{|} zI{vN{A+^!(`t$41miJd~&#cfl!sNY6H~lO}{7iG|(g_dO-s!|d59 zB@16z<>2UJ90r%ns)Amoz8+ynCri)g`(!Va)LH?T0`x5Z0_6@6X)Rg10#OJtpo=Q30Il~nvKXe>f;$$E#llo(ZgD0&%;`trjx38`8Y1DS@WdlZ>`cW<&kywgq(9N zmOkUHZpy`1F`mBLymCmRJ&j?29JTuq66<$_UGnF8K7^fjJak9T?;|9jCzzICo-CDR zfo{L$wFRkEwl1*{VGYCHt78dXyz=^$haT-2WolgR;md2JH8_WOD9+ z{M`D2Q|SP74#C7MWiS_hj4Ol!pV(F|_#t0+ZStPBhI_Yp?#uLh)RU|MWdXrJm0|gl z`L8~OPG5f221R>Uu?&voCn5tmPxajmP*+*fVIWXJu>dHW5pqx;QMSI*ZY9M(>BfoQdy3T!N4uF_+;{ zb#JOl);ZtY?OKT1B&3(qX4^_V5c8+X==lG=ZbY!x9oO3d;qraj$v*bw?i!0t zKG9=M_x1=b{gDOl_9C6^^c}756tSyc0xw1-H5B6L5k(akJ^rjY*8z08$qa}hzq@d* zqD;9SgPbV(Jtf=*m;CU{o^Zbt^(p`s%tooQ4*&S&{-KUI@Q57V)n}UhV}3q{)xOBe zqqU+jRM-VJ@9sqswX`w=!y{cNj%nxXc+fl8 zHLfIA=8gvBo>P}t!e-*ZyB(a`#zD1v^^J-4+l7{|IFL%x$*PY%c@|np36%i`)xn-x zL=m)v-q8HWs6JuumzbAjV_<8t#v*kIukm=GkeaqE$5a|YD4}57-3R}20hyhu`=A{? zH6X?5+rHC{mcb3p@yPbvyuN%6WiE^h@ZoaS7mc2mrv{{*sks0AYwWETbA*A)fb-S7 z3L4-3X}pwc<@kv_KWBy)3^Kvp1-TTPg}#v|%ROOo-niTJL&cOdvBC-vTS0l@DpOmK ztnt=N{T6&;j3<2lRja%zLdR=NIOE%t`nbWi?pfJ+t}|OC#(i}UP&4&RLv%SgSLaWyd!<{%yL8|jS3+Xs;8Zfz7#W7) z)m)l3)FPYEnUKc?DV8AxuRaBHcp5#CWjd*k-Ei7kk*j{5l7jt~cckB3f z#|sK*3)ziSQHmAkrvpc-IVoE-=l!$5_|I!7#6%0^9z-w>_s52elW#fed$r71q65Kj zbgjoquAoS^hyJ(Sz#VR(KsNmbKA&8&=|y3m@B}NxLN7nL`@JFVzp9>~QWsW$+DO=s zZ(AYK1DA$_zD-<8EMNb7G+6(Qh)&4ogsk-u0LlU<&-81**T5DYkTs#IwEp_1WLn^20< zSuRfe7V>t3x9vj0y~>!j!7r7B-?0-0s8s1&GsI$Zo|d+k2ki!_bVICOhoXwbg12Ku z&{M0TP)W{(!~Hv){9?jCeAqm2YYhs%pFD*J@VnW~w)wRS0y$9Yl;$1%?S$SC~99rx{5>{jn)Q@KK#J7Ytp zIl7Pzmn#h|Yc^@@A23uXpu1K1?1f#d0}Gu~wiUI($R>IL%pTF&qv{_u%Z0vkU-<|Q z*^%e_40XP@m8(7BvR%HK*%2$Y!V5jM5c?xHTG4n>rL`T)a5yz6Rn>>9MlHNvL7G9M^*00hP)n2r<=Zx)mRnPkN=%6dixM60KdeW5c zlYetcM3{+wOTSme3o$DRXG^BD^$$Ysl{TK3Bp~z{5Man{SOAO<6YYnWwF%kJcc_B0 zEqJxKk5F*QEtzi7jSlX?REVP3)6J3I(C7lM#`X(E4i?aJn;3!}R!K6e>8MJem?}{Q z+y@O_vJ0PFnm|!zFeLy3lYSQ&GrBg=dI;S{baa2QW~F8L5U4U}i4`80Cc8R(Y3>I| zLy!%5^ z0g4=3fY8ny>~we?Y3fNGE-6{bKgxfyJ-02zNiCx^hUNCY_bG!WH0ENEQ95HtvJTt( z70XcMt^Oo;{?qY(zLr*^o%FqPt&+!0P8jco)*l7|C&$}z z-iTP=o;IJ>ymfHN5Z9(!6{MG}ek&y=(5661zHQ8K6NcGwEXiqiy>Fi4q&Ry1yjkeI`<$Lw{xj$gv7Wj>q zTEvA3WUJD}C*!&eVm?2Fu9A;~kUg7PqKr1KyJ5RZe2XOE}Y}rT`7hv#OTi2+A6Pp{2(j@vJ zkiN8E8|A+)Z$CkfQoFkQu$cPD#lH9W=dWYGYUyV5jQf7IWF-K9 z;!0e0eC$O}lM;QbgipZAr0Dyi`MCE!lae(3mjlJ{iVZ)@ijdw7cn`jM1a_7%+_VqW{w!RHu)m%hQloE`Du!O)B5C34Dn|WuXH9tP z`+nP0>T!VYdvsYAw*fj=+^`*&pcjXc$ zH?hgbEWp`SeTad-R}}G@;A0f&!fR}Q@a^-9vqg)<@~~yRNQOY!T2HL*Wb2Q3h>jAz zVx2qIS`;T#EsoU~&|ZJ!CFDhUD_It#9_aUpLD1U3zebYwrFr%&5<+MQWz7Zur-oY7 z?wLJ!>&VKPbKJzNh}xAyUEr$Xw0@j!M1>}UPH%g315onj#wWC6>3JiPzpR2KE%C$k z#E{gw_tSNjmn7&PE{?Daw`YfMA$!6oX+_AgJ-+}sC8&urJ;fv1*Qh}EQohzyzR$VV z`JHL?i3nB$I}D-Wwso~h-e1G(O;q~YZG!GdoDNtxYeIeefq_<-XowfxRdDYe^}^^! zq~8;8ahSV@pcNR?@QvRM$=9;bk`LeXMk`5LE#Iit6wY3^WIpWJ0jMWS!ys|={9vbN z?to-ez@M`NaH++*I(`aG-Ch|B&fZDUZd@@FQgj*<0RjCnSA?>hdJ(-`5Y}IJ% zHE+H`%;$LtlI(y2pG{1yN2lGkK2hTdAX-#iyQ_HS2mon^4q_2fsFU0$Yd;@!>}Dvc zabP8^_d;JsnRm(nwFsHUI)z~!3SYLbQevs3f4b{w{-yrWUBa84a*;02UygeP?YEx* z<7VWy!Q3b(Ftj<;+%}8)C(u z+g=0Oz+f^+ zvL~lTiSsjyJN$9=ZKW~hWn8I<=>m6k**${u)f&g-i?q5~cA&dm@D7TyRer8@1+_A) zN`l?F2;-};Jf5WnsfarT_dxdb=$?tE1m;gGn?Ft2g69*1!Z&^-9N2;+Z7>?h2GR-n z|Hdb)-yitUd}+F3e&8%hmJ1pg?+;*mAN_-d@WV1(+uJ)j=LWR>QJOt%uN|K~HhVEM z$PD0X@b2E}_6*-SIWrGr+(q=QKVJFs;m0)LY$WLfK#cj(LXjAe*LKOjSJV)MjFG=C zVx#Q@9T=53>ZX;wR|*zHe-pyUN}3&OJjV3}Tn7f~@;)L=jRj?cMC3+XheBsxsbu1J zUl&3DYuVoB@IrDgNAI6cbBVO6!Zxz+igT5%9bR+wBw7GzzXr#lJeh@p2wsNU96y+= z$x@jU1=$$WdR3j-1JyQI+DKGumXb3eK*pr@OBoJ8|)DIfg&nELV}! zL)K&c>ecp}!U_R-=3r$e^kSUb&Ro9Vi@$~&#l*T)JZUUHZc%viZFf7Te8Kq_cwC)Q z+?O!}Egb+n=@gPl$|+XP?ddjRYtcQ3j&szFvJSn!Y0g6$ZV^t!r^<(Ck@u1}vuRhI zVvr3bIfc_OMc~PW;>&Y3`kAON{I>{=8oJA|cHzhqHT;wn%sV zwHS+g$vs$MX;CvdJ!5XjD7lKXaH<*6qf0cfT1Q&TCi(ORudzh5p!QLa{!fyp_EV*H z6PWBVeKAcC<=(hcEqGLy7JhVjymhdd?8+;NDfHd7vS_P&@J zp&Bsz*ZnR(_=PNu_!P& zLXRc+N;S+(SCl=E&4p7fPZ~$t(h#R9C%IPi0C5UO_W=q{v~L*upf;BTI*9}g?KJM} zi#G45TF;~W<5^}#X2vpKlO9FfY4Nk#=33_SZE1sV_v-%U6oNJ?-Ae+$p_QlG4_@db%XfhP49)$PEtui~{!A0Bhj5r3j-mHh+Oy|e!Le9Mg12%?_?56s*j`cezjol$d@*tGIz<6^Gun0 zZwtKA)tzQQ2jvD1VlG-2I-k6&WSIqZtC3i%wS}y~{-lK_wTZOjo^#KI$Gbzf3&5&l zpF#l9OP=C=^px9kTSqoGZ?gyvGH=-+Vk_kyZm;vzp@i&sihXgs>De_xDYps@84Wo{ zcs#C3+bE?hR!8NHI7znI_2wl^xDjnndK5v&q&w3S^0lI&_FniIr0%{t&vQ*wcOTKp znHuE&G46cyq$#;dmH9KL8*%Lb(3x;_Ec=v||Qr;ek*r|B$J0Uni20oxms9120?!pLEW3l&7q61PnfNptq zTz2x@BmMIs`Rt$`5y^StUw_-gAzvz6TxkS+3Bh_jl`6JsbMzZcIHH}|c86WI2;QM=R8o?1wb`oc{4^4DD8oSg6ct@4#` z-ocNxTQzs=OM>Esx=2PxL{mt)wHsX!*?sjFj4KOnz%ngrf8>-=~{H&iR1=g?Gt*Ad%l~_n|8U zFdd{MAOMou&~a~|>B6fG?`5wQZ{Ig`c^3QM&a_yBTn@=5v(;-mMO2U_FV|!xNbNO- zmYhhZx+TOEOW`4KrJVYM_kN>ieL7U^a`8C4e7-Hn$vEmN7T8pk6)rG6>_G?xx=i0B zm)B^m9cYV>&#hETOc|~ zN_s;>?D)D5nNTNXnZs=!<%P~<#72(~udLbHS3xNlH@@!Uyze^x$%UYGnWi3e%N;M& zsWG4Dq2R`nq_x&zj}{fNmWN=8$4}h|0Dls=M!G7()ai&++If|7_+6~Ld z=*|lg&e(;E{Uvr?I0uIoZoUZ25mV`5fVF~KVEsj64{cQ(zJqYX;}Y&&Rek~9nbaeM zChgUsk25)om|JXm_W!Z>rqOJ#@BeT2ZdKJ(Rr9o4HN{vn4f(blZX_vcs-!ASiS+;3|3|+k=R7zM&ibEqzH3>mMb?Uy z*Zun)vo0{NZT)aWOhSK-Ms2A{}#}^Z5|rb8Vw`|!`~@9_Gunx9+bmr zrb8VqDPZaT$+*zzE&pSHgA$U!%YG5^H~SB^Gf_djM~S+^&+enHBqLjT^j3>{85Irj z_3TH((l=9cYrMi98|8e%y&-D0y%F?NPi$x9*azlc_TlaM$V_-VZCZE;{ygM7B|vNrH$S&71>35(Sl(x^gQff05&=wxivOI6}lpx7gaSdlT z?4}ea96KE@G}ILL;(R2(D1K891O@nM)m*xO3y3PlWa2XOgQU06uynU<1N&Q5(y)@^ z+)yvAO!&9EM`}(PwbEtzI-zrIFW&3buc5G(*YjL~ zh`tLe105Av6>($&yRJeB9#GF$U>_06(FqR2UXQ3jDRxF#uESdEp{@~ZCY zLxZB*^(360f5Hf}?h=I#TyS<2fJuycuTp;P8m;CvdGnnO(A1-Jb4hsWAW$~JT4Vw{+j(fRTErBnwlq_GArH$Xm|9OkABK( zle8O&HztfmZ*Rz+R+Mqm%Et|X_av@6@V|Rn**r*EqN+Jz(pk&zb$wvAQ3JQX-cVAv z#R}g>w!AJ&^q|yclWywN!B1V-1>Xj*#!Un=ATq$U(5trvKhEZ5s7kW5;OlUO!jeT->DooZ#~n>}AK#_WMOHz0 z4Xk2$dEFzmb)@NsgP24PuFOHk305b?y=2_8!sA|Oe8W%e)?qcyN*`_CD7v^htrPcZ z73beHqw}ry+GNj#EXIhjsY#H=WyR}_H_zsO9SexYWf3X3G;Ai0*R2OdXr*q{Vx*wp=BgxM=OCC*duVR(PpH8;rKf59Ap=>k|15NX$*E)hq#Z;Y}yB zLy1$RlJWlg=$=YLQGN%WYqzSmY)m_|EWHYXCfo=r5^1>1L0Z_zJJZfG*T?f2WzSL! zOrN_@?Mt#0=jX2c?}_CxD3Iw6+LfU}$Xx`r0j4`$fz*Hiu2_J)A@_hnCA^`^NjL!d z!qA2-ufs*(k6X)U<~Wwvf8Hh5*(*3QSbZ;-tpIRDuZKr&pX}Ze6kTjDyc)O+E zieI#NHGITQ(68nspZm${+ViGj$E759vNP`HTog{$(qn`fmG!XTanb0O^Cxur2)FM* z!{?&ZY;}v&Dv0K;6z44nSq|#7p+u9qoC~gEA8K_SslfHSDCV+WFa>}dI56%`g`mE0 z6jyV_IGS^s`h6lEFgvFsa0x#3K!quvM=Mt(d->twL&NL*08y6(daDTKfjaVA{<7j& zNL%+SIZzL{!Y&(f-MZdr#FIK2)mm#z5>D^G?H&K%yh|6f8C$4kZxYLRO`0V-mu))L z)!Gc~-@@4D@CyGKTa|`M2IwyB(v6BGunegh0~b%A?u=G7^44QLkIxFmSV;azY?F$% zC{h?iHX{e{5}dQ8Eadb=W+0>dd&VkrwwWdwH{aM3k7tv&(PZhq^titB;nELlS->fy z<7QlFqfc)};nZFT<=bS;zb?z)i!)MxOf9}kq*FjBKs*5=7kVjiZ_L0lyo;3A~LR?ZF+P3rG|*>NTnaup;d zeaoFF_NIZpmNcuUi=#I8ueC{O3g!8Sh8~wm8y5UfrvfY|HdYJgR9`hXqv)4deu~H(LZ}WevZeo|oM$ZT37lLHpW4wwVI~Kt8XFQGsEa7%FXlqfw6nlr- zsd)Kt(tb<@ui+rQc_s(~5Pf{y0*eD;1T1~T{C@mWAU_)#$?TiRKNOLFqH_c~w zAw-S~8sPl22@zNl2`a-i@?a+n_KEaZGxf+wf$DCyWBjV1w6kR)_craGHTD}JEOH04?wO%ZeyzUuz!&+(2Ux&0UIJ3Ur23|G!?tFZOVP` zOkC>>Gmtg$&BxkI)lJi_Nea!CBqV^$F}=oOIqRX6%)3fkws7wU8B;1}BWl zwV~YCSJKz*z+6gxi&WIf_dz)oAop^U5M8pZ(}1bp=vIVQ9QwF)=Q#`F{*tNS6;1B3 z`c&BrA#MMI9CGhoAuD7q0>!VMM5Y#f_kh)jJG@g|ZBTwdZbRnr?bPQ5$!H91t}>Ho7#4 zmA5qjQJKX%miIK6F54r?Yf^*zgMXCWk=NTUn*n{O2zoLQ)K%c4@sITUm^{A*>C=~d zoYjF&pLai%ZY`rh@Gx=Bw*8QVu|?M;KBGM8m*cUqx%}Mba=~-2%Z2Z>(s@q)+u@<_ zi6REMJj{qJb0s#)gPqAtW<%-1Y5GVJ&L3hM!jp=x^3f9U`L+DK}Dfbw$%*d9(#wBw>Vmp!$N>c z(QU>-Q|l(N&C(5cgJ0329LwPvuiV1Le61q0(2`r*$k&+i339F^=OzO>w31!P7YCKw z<$Sp-q`5Nm94epJ_VpjJa`s(l`v9gt&IYu^T` z2Ni4w1ZIp!nT+41-KmQSWadYDz+J5kBxj!E9ezQvDyFJGtx4IvFws-7M`=N&VPVE` zg+Z}j?}7ft+F$8+8VbBJefLP~k(K#KqhagqO-fCHlD#;*;q4?cD3&pt!*Qoqo`ol{ znN$pOB6}B(r0tyv?dapHVHCc>TVOvgy3Tjyy0WcnVX6FP-u54M8sa4D!Iq(hBt4Ih z3$~N*M3V9&qf#U(Dfcur5chL2NsZN?oeE=00`}o<(pqJ;?y$Q7QEmR$?0ay;tWaQ; zbaBF&3=%!w*|%=HVzX=WgG?-M5Q|zoUQph>9`W=O7N?rV>4Zz|Y#s-+R;A=f*C4LwxNSI**RXZ0c&zpQ7?n+Y-S4dqf*dvDHc|Q8G(LU2X*7c#3R_K{s zxbJa6RNYp`BYs(Vji)S~k<7$DAK63iofg*aZ*6Xk9($Q;mwdS1k|V?a6q%wr`NCGxeChG#uCh9zLdsmi}933MY2F)3_P-ZQC7thUTZTK;6Fn zoMg|pUngW={)ao_pT~fJ{5&iI_*c(y)j775y|}Knm8>glLkQ4>^qIG*p2t7=rd}x= zs&f6QpyBe@`H!ByHd^T8Dr9Z?gQsRqt!et2$qYt?W9B>WqM4{p&e9c}qrpMi+)oQMQ9YN+l^npY4u@{R;=XRd4G^xB%Y~M-@7g9IB36#tswLE?>wD$IN5l0Cj4#;}* zfClQo5CD*Vr+)%Tbf-ofO6d!8WJ6atdH>=4?_>V^`uz8^@!#v>zxRay-Vgt~7W{WD z`2X2jAoK12(O&caB2j$;@GSx7>;L}vpD%&QlEV+_ww0q_*x`V81Mcu2IWYh{_0<`% zQrYwz?hg57g*9{hyojF0%;l)JFoOC3Ol}g6=>z`{car-SC=N<;uA1x0Ys+8Z0#uW9 zC`VDnn!CuI{CVQ~k;Ec0&h8i0_15EdPo?5Xz=fc_xGFv5d{_g$PEc3K*dQJKaSY{2 zB?UxDcF(Z@ILPAzob828mwY#q`i7X``$3bA#G9jXKr!(Ovr0n%pT-I=l99ES_OQ91 zo^vVb<$4`ueK%Hn5yy&UT4yQ@5Tw}ytN3$a&p0Z`oDi4EILNNUsSaWq99jnxq7ON8 z{&<}cfy(n(V88i&rqz4%MLpdEN9j==QZ!=g*jkmD+0#*$g?}*Qean-=R3TP$sc;fmo+v=AA_~Zc`o69C8e;p~(HwGHx!(xy_DaJ|7-DEFvLAkVNaCRYwMB@7O)`Ui{AOp4^wk#mSLz|cHJ}#VS-83yYMql1_ zp@O;|IFwR+04drNeDRubCgz|=T*7GVE9js%FRWMS#+>q46JbKsHrq4Ndx?0ShYLM3RHMLn@3loB$;J$^V#ijY#!wKOiWxL`S|1H-Pg~ns2p4z}B zc8`IuU9G|Yyi$cr&Chb@ASZysa^(dWg@`=eOeqmj*&=Vum{-eh8wRw8dc$&N$NIu6@YaRK^3@W zhM#;f^NuNqyh~ln#%7=`>s@p_>f768go}gbcihBgiMM0!2`P%%rfRDW&Y@pWaiDKF z|BGNPkUk=>R`S+q0I_fLl5IrtyU0YPYa?6WSE)CJ-I&UKuZ~N;?C(fxrT9nHg?04Z zX?nVKxV_VE*fPNiR}U}k;`D(Q`D*TDckTmWK2SeUph<-KKN*dLl_3oKlxzvZd`W1q z)g}CE^x1;C1XKMDb6b}Ur-y6FO3E*fqCdWoDqS}gz-plnvPk+v)aV@{g+(XKF0**? z8)M$fe70xv7G^hmCfN)VmcMCHT2f6t^{K^N0k%)91f;jCmFdeTXOJCmVWtGpTo!06 z$MrRBc|lpjDR6J}!Zufa2H6rI5f@QdthO|s^Fd{x~^Gb~rCZ5t%iHmXR;D|X9@(~^9r z#5XZgZUE3Q--hA2mJ#QX^Cvxio}k2ypNRPI%YWoOnUCm|1KJBmq=)9Zfcr6%8Zw}L zChYNAM{4Yf7{`~LMAc4RmYD|IB>2~cwIk%4=fFX@&)vSuU5_xIyN59Ms|VtgI4o&< zOuX0|?|EOFbG+{>8T$@w<-Oy}60D0r9Ji4z{PV>4?ukSRM&`dyw#Z9*w5$sNe}E?& zS~(M1vNn+#r!B_0^zW0Uo6Ar*HbMS1TOAehggLMbZrjVZrYjV)?PZRMsh)_FseYP& zJm0fy2O?6N)b+>#G0H&hP%4~QA3YZCHkbg4ZPGq9dnI5)mAWief4z36(q!6)I}d5m z>?8N3_MN%S9$noH9|kB9U<&}kD}QLbmPpfHafb45AQLa@3asry^#RD}ptW%ojhEWsH6xBmTbE2ccqMJLG5w2miO z%rpcLrrOG-xpOX4ZCBN%!4f41bf5<7QDMtPL9xNsDa%WLz5Nv9HH~%3?*dWEO}-L+ z3KUiC3ab^J&aXXpD2&Vx;SIMvpH)D)@m@@A+TLa3Y=!}7Dla)dKWwtr)S$LQe5%&A z&14G4yXRcXM+~*q)HHoc{L>gI2e)U3GrEZruIv{~eqh*F=v%MV&V1-$QBIHN-)t-5 zA^ZCG(IE?+MdD-Pav%J#Tb;1$;E6&FT%xgq9;0qJ7S z&Ro1nh^Jsc-xS@V?Df~Yp6A(Di%vQ=fLzsw3T$p+OkK8SZ{=a^F+pxFq0_I5E~~id zhuh{~o~{GA`Z&9+JqUmT36N9P$q_w|f|&08CEt?)rJFD;cQ7wpUX&?cN|)SVY$U6+ zw=wPUHA^tJ#DF7@R>tu^y9I^yi#OZ0J^hv!7VOjG;!Zh*tB#yU^IeZBywvWFsxDL6 zb9uji_JzI6Qd^asT=66xAcVi7Uz;HX;2o{`(+V^;jc4<#Y-2Z6?Ii5&7M*Xp_OCI= zqhbx714tNeQ`iD^X8YKyLAtIqJIo$Y8-WaZbos-Q@6v=p_fqee$XK@7>wm~9?M6DM z_wSFBRmPKVq}|C~zh$kjPbt~9uYcvz;&iLwjB~B2Q)nwz8ptL`^-crtXjj;^o=rEb zUxD=W+BmRmU@~7W=F8nMc;uvyQ@v>wR&L{jJM(TZ;aeSvjx`?oNAW*@3kB~Dnaega zAEvL`HCT@@-P69AA;~3%1uVPoN5PrYgx<5mzP(4W4}n+cICY!ceHj|k-ShOz#_pS) z)y|y7-BmU2p~oxAcg#~v3O?OC0pzjRnPD92=jP06i)^EhI#k?ZJ$h9ob?t54aW>e@ zt6~@IrsW}heq}KLor2FUP`CPGNThDNZj@vjy?cw@RXStma1?GW-Ot#ZX&s=QrpS2t z^6#?xmITq5sd+-Z{)Evk_J;SIonha(#DWLq_s3qko%sW+Ws73+_zWDuFiWf;_O0O&Ty3lxwudg z#wlpGmruW!skuD&Y07i^-#cWJ@`xdMS;iMURgTwl8ZnH6?RoTm0IP?x?6z}veSvo}oo{8ky~;4;?{q&THih%xwU8i18 zuL9xwpcqU_iYE~^!YEYWlb(6Gnc}{qvn}TS4;s)dh#4_m8Zz)_3ocrvNbbAgRVUGI zy^pNQ=&2-1h2r^5$IMsv*l6;i%2SR3O+gY?`2EO;R3SEL02SF@%w1^QGao?TE!5lc zD&JVp_^q4JePmG3N=d93nWb&rukh_TKk`l{$gRy(#2E)f{~OM#EjsnyundDezS8Q9 zI1Xz{SzOCC(k}}rE1ZX$`M5qd4m-yxV2WL|$~QsFKQ6e8KC^G{m>i*8u%;yTCRB=` z#@t8&ORO#dgd2HfU}pkX#B9zUwy_#ma<=<#DPKxXJ*DqRCzj7*wTtI;gh4WD%Dz8f z)9MAA<U3SmzXG~GrvWTDJv{011%nU^M$(!p*L?~Cw9YTQY1&J zVZda9@t8o12KczeH_ zJbe4{f1bwv=cf1nD~DB~hZL?=!y|4#Li*>4sTI)=yq3Uz3!#b}(1%|=y7i8RTtxd# z5_CAHnvTl@faZKIVp-9H?OBT$2l|8u(CkMP?9iT+MVxXelQqYxn}iEi4;yyQc4zmv zLtBDhvld&eYCIAo{> z(WSYG9H0Uu+#03>El%-ZuGq2!s!U1_$8T>p0(WtWJ z5yr1k`={$`l-!G>?5wnira{r|rXux5`bO zVw;LTQcTFf#*Jac0wd>WrUp$v2+*Xl$mK6~paRZ~ce-CfjA=c#$1mZKBy23s37x{s zC4$8*3f2m~;s120;MW|{afv?c3^}eSw3AuuEMc4WUE@we<;~Rr_axiGoDVS#ti@b8 zxP0?*J|tup$>m#OKB9$iE{p;O4bQ(hHq6;K3YkjGh@2h>2By9W-33EdF$ncmrfY5r z2k^}&RbD{+1}k;UB~FGGc3UU$0JhG`A#rYnwB%MZg(*rsae+bRgBBjBsM0uAS2LUD`$X>2nqQ#t7TYuX@XRCS3dmJ{zdE28^=ZY`CDN$>T(=u=O>I&nlyoSIP@UvCPI9?Q;{#3x?^QMAlBq*Wl=ac zMAw}U0^2+x&QZA%$En9pzeR|{T3EntnrJpm|g4gb3-fbNK($?>i z(O_Swzz-G4=nv|$6c9$I7y3gpn35V(E~>NdU`7KwzBiPe0LN5&{FivDumHU?R{^6HM zm%4+HQP@rF<5`dGtdNy)M%4wyMRzZ7LrQyOH`keC;Zr$fzFv(duP~vy_%lHZ6`~5O z2zAmsN0JkU`+8#^AcF|-`1Fa{>K|8Lpk85nhAcot{aXNo9UGadW1xo*DL{re4bL1E zarye_4vP*ng(G#!D>mcol{`| z=4q7lMPitiSPmCDt3HfS4p+DkTdBaEMYdYz?(!emEV1#x+#W|TVSuE@(-dEc7>`+f9?%qgGj%C)j~yQFg+REJU{3;a3LSCY3=+GR_k#o~e){ z))*E>Wyb0Jc<-214$oAu7ReeMRZoq|9bPZ4RBk(Nf;$4N7@jli@Q_vEtV$8|G~Dj! z9%8EUSFSGHgq?d72(bIK$%2a1JrqHV`$2(`_L*?$_(?1>#nfo$=ZPazjuBKGc9JOl zy&sy%fK3T!Lqzn?d@G0g^)T-d)R`A4<{^B3y$JsITOS&X>~t7Lc`W|W!1lktzr*#Np#@nBic)k(ecbc(`1m~)gj)P^Rh*Gl>=}}^JOl^?_&*3!OR6_xsVO!x) z;5vJpZ!W>6&@Azs^SY!VNL$hFOnvCj6YbC)Gp0MueOKiqcTu7BCT1lUfS7zAfc_Hq z^Tf%mMde<9`Vmxwqxj~-fr7%e;444Qg;{giEkBcvj@KRR+(i1RQV;Izv9Qi)wSIzi=SyR3qax>J zfgDa183yKM

LxUC%MEcPMY$Tg+rtGa`F(qK1M~Y$h6=GaoOO%c$D4{Uf!{gq z;~F6PbzpO>0*1;i4?Q|SSSjvgFK zdP@x{h>8V8*{i5my|^>6M35T|3+lX4sy;ADvn}SRQ2d*wqq`4uw_2m(@j^jpVy0Tgj=dl`3W$jP{8!l8U{JB8glKJ`xGpxH3x-ht} z9@_q$j8F69IZlP#z8ORB7#&Twbwq7XoVsE4AEi}XPq42_l61DpW z0N(-?dS;9v8ci)go{oE^jnc$sY|z#3T~~qPKK$W%N!5oiSgyl0d_- z1XLz-^ls4nn6mnoac&OSjIMnS9?A>>))gRVFW48lx9BhkZANASB*%InAmh(~(p8=U zzs|zZg){qpy$4yXtUSk6hJEiZvEDVPW-oEYiw2R&CA_<07+8lDV&D009yBblAV@09A#eaW8uH&!$u^cBCWfxkqrFXinwVMP^D1Ct2m zCW&E8q8rXO`^JhgF{qO>WX#b@DDI))%?F)Fo8Sq~7Y7}IRaUY8hPk!~pVRo~Pd*Oh zk3mmH*c2sz2tJpcawecN7%NQQ_Ysns5PrTLOY?EbVi$urn_jLl1f>|SH?vgos1 zNj8bTk!&u@v3-5qint8dpG644(A={MN3Nft;ypG;=RzsKjHbE#Bvm1>p+;ha`H(aP`hLe~%1}^K?ys&izcBW2r3=$rgq$B9Rp?tW1uU5w_SY(D z+twnoMLa~YD`L8R0cv1vM$D@F4uJJM507Qj8E;l4$ink;+_M9~@>$WLy{pa~5WOxh z#I9thSiWX*Gx6aB$P6CNkAq)j9PgzWKzV%G_BYkQ>NLR^^0Fe}t^_XIiSy8Kv66s5 zjY=^`n3&WrUy;&4`tHom|F3GSzY~P(F``77@3>qQ>}O?rTY<@`_~khv)%x`Gs}QR5SYBHH7?mjKc1U|DVI_#>>KJ(mZf%DhU?q ziGqjpM~%lwPGswSy!qG|>=rjzu%CNBFF39RtgN6j8ZFS0%#6?;EfSp}Zy+^c)^t>M z2zz`rytpq^INKD@x!~*!Y<<(&9n|5$-1#raOnJjM3`i<6&@Lhiq08WOX8{7wvTihh z`9Ki`PqJ>mX3P!dp5amo5oem2!WowoqN>Tt!vY!w_K7R4(;Z|?MY z7x^&I&LFn0DJ*gvqz`spU4H}Q=_`Lh-d;)T?%3r!vVq&pA@Aib@Uo651oO}p2`-p( z1Hd3moX0;QoMcxH6MpIY!1)DW%xod}80K$QkB-GPl_$sq{tx;J=h;cWzab2NJ+6c0P80Hjl!g8ODQ0{dRl69|=X$du>p|0u3*fXS)DW>>e!YNvg)anKpv zq+Kiw2%F%|uHfHhLmONU<cA`2y2uw;auu@M)S+ETuN|4MP9y4*9db zbslV{^-S=47RQ2i-%CHy-HFg$^sVQ6o*3OIz01$UD%MzLutJ0RNX%Qr76S{BRm>u- z$D4Z-O;W;gE2Z-N!9mn7{3QC%+f5&`f>0BmVL?OYpeR9s_sO*Zp)|M{bt_j6VA|;A zeser>hD$PYfnLB91egsZpXrt4+=UjJcrT`fEkh3>zUfqCI{e9T4!&_{RjXVCZ@{q8 zq^~}ztxT1aHf?3I5X;Vx5EC^0lNd@(~fk=&M)=I&F=L-jXnb|`*KJa{z-)l zz&+uEQ3ks411k#@dPL^8abYq-nSF)ou!y4`pvaX^y^upo+I+A~TXq~xLHh0^Q>(T* zue%RRYTA@bX=dKU!e(~6Fkjg6rIrt0#A(Oq{F6Uy|23>LRk-2~95q1Yx55A-I~>iQ zC)oB7swa{NR9BN7fb3RE-p>>KDn|)i5$L}UN=i)Po=5)s7=S395yKUM?DXyK?e4Mj zj+2foj^+P^;Ghfct0Dgeq4%Ep@iQJ2FdngD*-Ery2f&G&PS9gJvs~GU{*0y7!YXF_ zccP!%6yXvZHSk!j{n^W{qQ`Q}wJ(Qj*fDNQ-}(y8N}`to>fXUd}gbV1D@b(j8QV=_5EC8Ha}~geY#Jy6_VZ8g3UGuaolD#{Ev&xd6&0!;5uwn z6_6B8p#D7Z%gq?zyY8G_o*zRZ$DhKv?(EswL1=NGx&uE^E-dic$Ip;5x{_J>hbpzI z2wxlgjX4cu(~R8OgWR`c!~Ffd+M&+E*Cj!&caOjWpf9iySDl`oh<8wO*&hE>dnp{l zeLy~JA<1K`#09qo_I5bQTQHR)Dmrm?nu)(sI#w3d`M4OQAG*4cf^!%9vA=4j=+0gO z%ndvYhYZe5ri`QM%I@0F6TFfzEz&Ipu#bqyK@0ilh z*PkcaUeQ4Swh#Oengys|N^i^Ez$;jYJt4c1Tn@p?S{0&$Lce)rw7yznM_^D%#S);e zS*k#xMf-D6E;h3^xmHE2(1kcG1!&){%-i@grGg-zKp=x4x&5qoGU2YDVk;LW8JW_>+ zbus3M+F1$`J$wv+zD5Q(pWf^PDh#-WH>fqu)V`ECdF>u1^v~8xL0@*p1bIccM-$6V z@>oj5u^(~;0i13P%U{jEmev#e-v4QVhM(QAxin)<1AnE;s^+8$nTdRoDK*p@y;Bp{ zoUc2gL(4LR=)7e_=SNBLJkH-fhMp|<|HR-(F3>_Oh*{6*kog#&j-j$$`q!PH&~=kk z?*Vyz#=6X(j0M!W>#4#b6$wI8LsZ?dZM`fd>-5hg(b0^dJ1=T38UH-7^(*1_VG@01 z(P?f-qE8GN#E<+noFL6uNw1_Ck@W&`><(fHHak}R4m8QnD7@_r005*zPJ~I|&0dwr zJVFf`{yIygcNJcJOAEJoJpjU+k&jF$$?hkkL>sZTu1ZcthYQrHTNu^Z>Q~dO#{A=Y zx}R1V$cY7V4fHBx&)GySv6^ZP*>fqbDrcK(s@#ucvc1YJL9U4n20X^yjSR^zD(V!`}Lc1}2NpTQy z_LR4Jsh}x0K~;&s6mJ2vD%#8ZIGA?Dl*!9YmoX;zuUAzT<_w#u?67BeP~3J@&3%D5 zFI|^cbpRNWMD%%v0^g;OJ~ViXYMA29)Q-GdqOH|Pi|&I_#~=#Y-bKtu(_DZ&NA%xT zajUPZH_i8su578e=t6cvqgWaFCVlb~b#P;5h+3+Lun7`A=^to{ntF?iTVau6J3{<#G?%YhzU+bl6aanx28QM8r8^6PTuE2|EJaxsI5 z3)6(FVF)<}Z$_N2*3T0@lW<6bHQH-idi;B89G`Yorpsha(jVI|#HZoTxOt8%v%QG68$Qq>F5Ye~I^77CstI2?AG@?ImoTs> z-bMT4K6M6c2NdhC;!5ZBcQ4U>Q{r9(03$_cZv&(s?yUY=e(-#~n1SPMozD70sZ<*Q zL$U7jB+f@y_o=A zUwr9vUmGHiu}_QJBj=vyT%F-KGY*G`D$j@x7(JdKkE=U==(!fS=f z3|N6xdi$8CN;Xkm^#(H*Pn-_3MT13Ad*}DvU!&34C7F;jHbVTmeSz7 z<>9A{FAZuQ69;|MnRb(x+zTl1T&g4{|4^|*z~dM9t+3^u^J+x>@$%|bI8 zJ04d`#Cmd1u5cXL4mE5Nxlagrw=WG~_P0S$@)Eri&P`x@^=o)#4j06*P6As{v-P}Z z?{j{+UvKH(0EKc)nrFZkNO|HL|#^gJVl~yI!mPTC;%*Z&*IggR{(RL6e z{Rp}@QUNl!QtV0w)o%tbPbv5{r1yU^Xl5UrofbdqS`MCS^tPEBro4@gw-eT9!rIbs zgB~}`@0a?24W;%L%7_V_Zzy$XC?Y1Mp7*>7UQG40eSop1Y#BlX@aC5gqX-=eLX&fy zi6ZSn=zX~yBWi>+EQwY`Hs+YWhH{MNw847Ra_u2!Sji%V7F<*dBbeyllo&J}1h&H3 zaDTyn=15BoF=SIy^E`vwN^VjOQf}2%nM08h=cY(?t!k6xV1vk>P|_4>DBk@w*1qDB ziQX7!C|M^KTY5XX>`i*q1)!%Yeo_}*81TyV9kU7JIl=#wHkKrk!xGzeN%ckzG8!XL z!*e-7eBI4xfuS1T-EeDBB~n*TXmOD7AYfEf_-sq^V%#8KFo_6AVS>$V8CBq!EK*Q-HL4TM$%et7%L8vC?|JzK3}H+dM#f5SCp>8D!>2 zC=Guon+0x=C)0Dh|18%CK8tT5e(FM8q^)JV+c$MpTlc8<4RH)mAH1!j88UU)ezVxc z9pjXHY9pR-8VHW7ftPsXFO&VlJ`4>n(qc5GlE01_%|&}s3O!!Wua+^UH?oK6vj^iF z89Q-(qHvo`nhLoqu0e(MnXyNb)3dA`=BniNvsQ#TmNdv|Sd2TPzJiB4C4Yg?Trmgj zd(+xI9gFLAx9a<<^x;6zP!gURAEB?t$nqCUt1WkCno7>3BbJtW>N+yoz7`W*;|X;P zgU(0lE+Fc0IW*7)@UP&KvSrQW^a?_T;zU`F@0t+uwCKZF?dunCblnMopkkL-o5uFt zV?f~9TI_oDvUoHe{JYLK=1j9kkF~_AV9XzL2o1zY(efogj0!!+dDzYFWkx$>LWB;G z^4nhJeNPQk%_ZRe9l7?I)a-S1R5cvjJbBK0(_Ff9NT`OP9Z@-+&%3>V!V1Le<7mBNl=EhC=dm$D_JoyT-@kZ>w)AAAExBk1=YZ)&hCRFB>`o1k^atmBWQGy3k^P0 zXo@iz6;!?b*>U8G0myXP1f-_q^&0Q?wL)1 zpQ++K_w&S^y`06OU9*?4%E86GbQ%Mab)PGvahMQBkeX>!Y68UMFphr=4u%-*_Yx|n z0-4+kVWRJ-+ijBI6b*TA01qi}+O?$4zVWJH=BrtVLH6U~{Jljx->C;2MdpSb`x(%fT9#xQ z=20tC-1<&(lG<9gY`0(ZKJ zC+}tVEX#XT5sGH3LZh^NO&^liotQBoY_b0q;>YS&4n#6?f3yIsUxrQ@=(&I{p^U2$ z3vO72J4^iu>uwrw_(h>~6#Z_XIQG-$wbu-5J-lr%L8pVZM zBasoHT9c{NlOlFf2MGAP*<7S>HbN_`vNfl+dKnN)0Og{Gz(T!ZH`ybHhsU!~HDTQw z{hzfoUK)BS?2HF8I-D8q89)l2s-|tw$yKQo9Z#%=J-5O3F`=mXSnmcQ$|&{76`h3h z(rVqZ$Ox>wm1}6)YdWn|={(}HIa?tOHnBS?Yi^S@Fk7WM^MKs`S6pd3gvc*%MB$qw5FdYyeb|yzi7L$uQu$@RGS{X(533H16jzw zQt-;lXBj|NwQP_e((Ft+G*kZtCxodt*x{!?ZLY+L0zv^$K3J~(WSm3V;e*W8O@t2n z!M01$s#|#&PYSC%vD!1VovTUs5DUynZVTdW#yu!_Ck3$6lQ-?7YR`V;e;zz@5h|i# zt}Rx&4%Z|a*DWMpp=5g2=%(0qqEOV2zV0bQ)>6g6f1wZRmGwl;%Upb#dxG4`RBT;3 zDOX4C9=r1cR*ciGg;5dbZedceMVB{Mb&Avc@A@};9;;f56z%)#$S)g%t%UjPzU(b5 zku_=fr`(fsH@MnwBuau72jl4tRuf)KrQP0|hF6~6em>zW(}#Jy>H15!1Q-@LTBNVo zxAy?V=}Nmf1D=HA>+9|Z%^#v_QPD|Q)2;`OX|;S*H(rsmon<)QwExB4n?^O2zU`h` zmZA(sW(Y${EtyA|F+wRNlpsWgKnM^7WEKGd2@*kN2txu@GKvgh3?YONkWoaCOq9$s zhzcYK$fSt^MhH~z|LODgdf(M&_3E=$cdzbV|Bv~Son-Gk&;8u@b^R`ia?%mqvDZss zL|_fMR(*?8|0s7dN`P=>j1irztPbxM*TgR&FjMAq+bGs}4+o%@h2ts}uNh7dz=Hn9 z!V*s)6qA@qy^l!XYQbw);T6puk~2Vh>;DrzYakZ=|MCm{ANqwZo;~_A`ImbPMa9o% zKb^J2Jve_s**(q=z-+muA@kKOV^YIMff$Oj`Q8EUB{ZjId6&mwQSj=CXCEJuouWFt zkjCp}<%8QvP6Owx)hdE=f7+`^4z4(!G;~KFPmTSefd0<)&E8iR{x;F60f=@9d|QCr z7QYYWf5A2DYX8pr(7fLOuzG{jIzaOu&i4Gq!=?#!=f6mN0@#|#0PpcMqf=!pf-_dK zMWfN~6u`w_YW7x-5N$;AI1O%5ys8?@g0&@!D(iCtG0G8P%~})8CB^cHM+?!#CC^KU z_9hzh1~O3zD6xb0>B~q6VxaNHQY}%(DctpFf%R>3?^eCOdZ3U&T`q9Oc}(0Y?ZjJ* z6K!u%Gnh*X{X^#c4T$vx)BXlQS5mFRe^al4K)}36ta}bZ-Iw)3_qg!&N-B<8nPW@@ zyBq@N@qpgImyQ5lqifp)#=2?^>o(H-R}6>JmtEu-G}s+G;KDtT9ay{aSsY&{+Ej1R z;#oT4T&S%@WHv=@uBv@);0uY>c4wi9?;LmP^a4P7os5xvVw(injrA`8z6V&6H^S+uOC5B^t93mCIZ_c;FeW_jFY#<0OcNjhm1GM|qP_doV z7?Q*H;?k|fO+)ld9ZcFzvoBERk~mgm{R5B=QdJjxrZk{Z=lqqMevkaV?i9a|z*srw zaq7h&vc)=uW$<<03zaazj)JA89VmN9+qu79Mu1gaO|;)?^pS^jay5U3iDlkHjx=8@tf)yN|c^HrhTk z$CQd62u}73sn|R++Qst)lsxQ^1N-z5>rWEI@cc~}V;*mU0|{c}L^ z$)R1b-~T!A#IyjIg6zWfjeZl^mdpI-z;6-SfCg&2LKt)pw5}_?e{aTPUu?r#FmM1e zja1(|*hCWo)=GZK0qgoE*v_F)Ux7YwLl*#k$iJ`u@8AF5&)>iQfB#;8{=NSGd;j@= z+x{!^9Pk|f=i1``4+9m% zJ)o{I0^}OL??kp4d*vp{c))>O!5)AuOg8gfxpiIq-R;7WIGW<>EM)K5z5!a_emw5{ zIXXlE$kP5q`-L}^-sET*x*nTo*BP$g>if9NcIorys6+c=UceQcfhz<9SFrAyFR^a2 z-oWlck_Ou=x~*qm^XW96h_3+7cfBOo+Py4Dapwg!QjwbT66tv{>l_7t*1|k@#D5US1U!Q2Y3$YCfJ>@jhw3zam@y?AtN%g{^u{xEH z93D*T|Gb{m$@f#>6XpjB8`j=C-t>Wlo}CwUfmVcV;d=*`C!|;!>F=b zAP!9FYK>?)q;e~LZYkD~0e8BZCR%){$gg@q-Br@zuzjH~^3`GYSJxXnbgUz($*dCj z2eeKljMS(wycV5D_f-f;ZoA?G z?Y5Pt`|}Vxs8JWjMFg^*Eao1H3hA1E!VB4#=ZoNyP6~ekoYs{U_h-R^E#4+$VF2XQ z!N;ayJh^xEyW344(@5Jv1tc^CS%I2rvNjByfLyOfIfwr8u&OP{Ya>_Ww z!bbXjE;6+&poF%>Te?$8sOkRa8Ka>lg^;}ziDK6{A1#1ct5+I+wd|Okd_kZ1T03-O zFF?c#gzx4W6cg7!Al&n{t`c1Gxqjjf=$SUni-x5JinoK0U98nI!S<8z1W|=*+aZZ! zzXpq&dWGuZWnuOu4F4z~oJ9G`ubq{3uGRmO&P8jJSP0O3faoMy3rYdM+08f@ z4!m@qlbpJ5B=89L;}!MHiAryDO`G|OTbZmNB^H+&_%6$r9drYmBx2a6qnB%%Kj*5a zMo>AP+C_(uFwMB|Iq64Zob~UJ(s_MlJ-@;w1uaC!C2`x!jy=;s7FH5t^jdgWe&aC* z-9jT-_bSyo6$|Lnc(m+ddZ)ZTV!bdOmWxYjP3_m@2HqoPGlHov;JuB?-m43r<~gwG ztE8Otp9<7-h?xa7=z#4m!P@{{#rAE!N*BEXBt%SDnfkm#hdbms3tA&M5arc<%_3&f zspbhx#W8f^Jaq{B?l)c+);OPkq?K!!P>JviZRjt${U-L$0rH*kYIaL>-eQ~!!v^y3 zx+nF9kLrz!jKD3lulhh^>4Ku|vz0`RtE`2vt2wIp(7kY3uVZ#1PPvmSoTwiQLG{ym zr}{O>?m4a%d^Jy)n6qsbC4<3t3eWqPU?uu$6>580-bT#PIc~mYtkOo>SJp!k;5;i@ zt?T<6h02X1ic1zA>KroQ5m5{qoh8cvXlu4&IW zK-`ZT_5pDCpU5SCQL=DkK~(Is_Z(-o#L~v1G+A^q@^JC>x9)+8->#NHZ^wxm5|vwI zPhzGd?z6e|FOmYXNb4tUq+Mvw5gC3Id+WPn8vp%y6YdEnM0)x_Gj{Vs_l0M6ozTm4 zs}q7TeU|p)vg19R<=1;~%xU?1LiMU}cRA#7A{UZg(n5)o*!a*-|LSx5yW0!IyBkJo z6Q|Dh#%cSSNaPcwOg(S7;8K@&`XD_NPVIx-3dxES0{k@ZB9~bO? zi=tH$B&*3dmckk#fb}}#3O?o$72QfL!lU++b7(lH+GXoVFX_KV$y%7z)THK&G!2)k zYI>0-1=u-%tLw1fM8L81Ow5G^Yiv1KFjj+cA6DaUv{aa-)ma@EO#Q(-{GgBQC6Gae zNnNcfmOv!iiwGQXylZGPjnyx0~-EjVSq!yWuE|9wc1cPMiU z9q~~VUIVXadSj@VbXSvWDEotdwO6y|&nNueW)X2^UR%~%AB=Yc0;hT|gXhMtD=^t3 z6h#gF{Lg_p7p_)*wQXsX05c|mIZhW&!R%sFZ9 zLiewKTZTEy8mu$qgkB4C>#>t`DLZyy@64_RCLRD&g(PFudysH^`Xj3fZlo0YoKO9T z(6I_Vbuk6SV?UYncnFx+ETLCJ%Qc7f=fiy*Y^QW}sR3PMU#|T{jrcexwdG#<28cTN zbGtV^{9d{>NZCmh;SJZQby7c!%27YQ?CeUmQ+mL1agq%KcmpzPbWF30rweT;v%mh~ zwo{cC9uRwYpO1`8udA7l@+?$s7Oj&Zh0cEyw{9i6j9_x?xy z)BlZO1{(TuM3B2(AsDFpor>Z!mZI zl`%13IDUG!OBut$Rt?KFcL-gNI)*oYf1mhf|MiDREU)6@N@ zX>a#S;;Ld|nMJ$58@_%26-t3t^LsH3InJogpyw0HDuA`lO71a>A(>G(9{5*H(rkPB zeU3^b8}+NenKLK;>ASCzN!R@fiDrE%Vd(ItiWsZ>6mKY_!{-?~+n1m8sz%^4+Q*@# z8NWJ5f4Hi)zlnaZ^Lgjvr|mm8c6Ci8?DE7i(6#E~w&G_Nv3jen6tPbtsGTX znwKdH-dE_8R`~!&41?FVt+uV-JX@z$4$)^^qx8DeZRV(T0ew5jNE0n>Us*s1nAbn{ zKIFSxl4%i3yB08KCUXQwNb?Y>F02XdI7XvAJi>NiLGLBzSIy<5yH&b0&E#%0Ea)Eq9;Qc=oxh+x=rGC{{4RPGuR zUV8REG)adyZV5F+hr`-mOnmtq+qX6P&Z#7RnN25p%blu| zvF@dBoN0Qx99$mm=4M+nh6M6~oq`&nAgw>f) zFUp$b_l#yAd5;SC1jeT3!`hvJ@fB{_ox}1w)D70ezf z!A=F5iw(rT7p#;xTBD^W|E9PzqdH+3w9JR0mnT>rWLHUK3~H1Z)<}l8Kg>&@$CPVZ zZs&iHKd#Q5F=V{3br5p^F@H3RDwvz^W)(`|Ezw~Hq%gM?mo!Uz;{})~@;@dIZR3Sm?0pvpZ}!S>K+gZ zoJ=pYtjO4WOT!qcr=QOC7(UrB5ebDYygCu4dWu(+BDCP1+wdJQwNet80Dr4sAo_E@ zWZx7xhQ?ze`PLhmyI1!ox&U3k#vUZ6P8h)p-~KwfNwyB{NVK!352_mqNRg z^)^9DnBM_o!)ztri+Klfe_sOgn;;s5?GzVY7DUK+Y;Yn49?7bkFwwP{f*~f=mVW-6 z>x(gyQ@*J_9c0qgsE%U|5=8~*UXPL*&trq=!%5VSXjm|+TpiWK_st_jptl$PW%9K=KY=>&Q&VAwF(jYgi>uD`$FBi@89{$ z_}1Q$b8Fcu786Wo;)6vp9iQEm%%1$AFe=GmJsVIo}*9s(1;3N)#b~BuEed<5^5Nbf!y!Wm`c8Ow%zqL zhf`voy0)Y*2_Eg^J;&RJk6@&C!&WP#P0DUXV*fdC9t|M#&$OePO9@+G`LNsz`Z&|5Tw%aqd_rTq&@Ut1FaOpxKPO{3Q~3K}9UaY! z)Ff9%1@EdPH$ojX)|8yy2?n%6yD&gMDv<<6htv0e5=?Nqlm#GW$q;i7f|zO|J?6IL zai-UelLdCba7RM$7sf9V&;iUo+j0C{*wO-{=)RAs$_7~u>5(3UOL{2fa+Os)Tucn6 z!_Y~Jz4b3914=mIgQdjWKGJ!}j8N?%xRRs)ZcgS(-6_h@iKU4O zZojiBUw{|CVzIW%B4zu$czx2BM(F-gpW{AFaQf|}xa6;Fg;jF|Up103edV~w&m^;w zpyKvNR@zd$={xl#TVo2#gJNF*bxfK_qbPDU{S!h4E!Z9pIa+oz@a{=!F>lF-Szy@K z0VL6_uQwh}>kk1sHZ&(V$)!cgfWC{l!kbR6jH{S=d?oThmxz_NK)!owR)3=Nd|0O# zpkItUJiBI^q-3UgieHenRILN}<4%XxB0o)nRniM;hbUpU+mmP&>)b-qq9CsFj>3Dj z)1WfHuU9NdnN0tX03*>jk{R~tbDW&3&gYf@Q;vId=b>p!G=h%EoMMg=0>kpK757-f z%tiG2l+-eoR0LZs&N2=V_qn_jX;sNEc+CmkFxb>$S4C&w&AH3&c=?pHE2tK{rT}m^ zGPu`$6_Y^Ws53lkJX9jakC(XpbOP$di+~3BspWEYBRTs--o7rx`T1ldkgv%(pXk{B zz>88LDriJCkBkn%ChCIAb#+mEkSe&@5|+ikn(ReV72`mYlqB%6yqMmGwpo2<;B-$G zJQ!8@6IJ6vElL|?`Hfn@F0+rWTeT65<%Ys*+5(Q9^HcZ8<^PEAMoEsd#`?ehb6^W{ zwx8F)*wu22HgAuiXeqzAd&js;c`5bNWm^QATMowxWlRBVC&2w_-UiAcr4Nam@3yn`a+aRC`>VjsBC-2 zweJ*vI>FzsPcahxa(i(CqgyFd?}|*FRq?Uo-o$e8x6G!j&Y|Uh=c)9e!@XKZ=7A>7 zJu596((1k_e<};(A^Um~bB3@gKP%?7ryc<0?>YV`q>JJ$987Y&$^P(qMO90p;;`Gd zOz3K}J=|dWN(~X=+B4Y;*Yp6~{l)gy?$lIDD!PJtQB$p}aXDwZEwpFX*SNPbqtcy- zsS?uzS{%^Ze#IAaC(rilU0bS0SW^RgN!#fVL&j8^!nIegl841E&#sP6E;%GnRk^c@ zv!k3Rp&KZ~q-|>%wW_Tpv{EPFFY0IYd+iNbp#d}N6j!&J2_pDU3OG*P5nfeAp17Kq zMLz5zv#Q~!7gCeYF)mq74UB!xa7W`zRXfP`sgz+N(k)mkrcBR4lPyO_dNmiS%5&2#x3IUSvu-U8Z zpdYvOI{kdc!{8+}_k6XL7xra(D5T5^tF7z6SaRfULUVE!Se3wQnOyebK^P!;q4OBj zWF7=0O9?8uFCT+M&=1BKQ~OH%Z9M0k=e!_>+jAG@G?7!>UXgtbYn%9EX6uV_U-pqf zlku-5FYp%5WS2CQVw#6&Uc!}=%!yS$!1xsKHqpXPoos(=@JAHYPs2;v9+4$Ya=AN3 zw@m1i)-5H9qC1@KrVzFMyxLF7_`6=J|Ak+^J*hc*uzquO>~A0MOW@-5>wc+Z2QiB` zW2}j;8!%jw8t@QyC!Y{n@)3mOhV6_HXJ5lJ1%p+ z{0yrOosvE~J0nQaJ{wFaXysM+m|c0N(yD0F zwNxUI-d&8`gwQCk8l%9=We=romn7qxlBHH>Er&6Y+>O(( zJ5@&F5)rXf)1mIpUtaOmGXQ~a%B~&L{p!k0YHO=my|<_1wb|wyXVCr)7Cy4zw-c(T zIG6 zM796IsiX09ko&{g{6nwz507?&kwV8Y8s-eSdtpv&ZU5|O$JIG$k+fgJ&x08kcomuN z5SbnFR+SOeE75O}Gjo>`CAgf+IzHZKl*J3~G*Xzx-;TP&B({!5O&-$e=Qne-;fNYU zty+AZgDz}!D_YjDK+}VmRt|oe=utEtGRX?MS}rf4bNq64AL+32@BE3F^)=Z){S2f? ziWkjqxI>Iyb5|AsOtD|+RigMMaVIrd|Ds-1)xD~u^PjB5`5tdSZ)plWO|To^xo?fF zWzh5s}JLImRr7bkTaFt;5m0`oaZv zY=P(YNQ$?osL7{`hHNxJJbTwtR+)E;;li6cSmx3f;BqyKu{iyHv^31AMP4k8<-9X+ z18xrw)S3pDbpbJ^cYNOtamt&l)EEo;vVv!T-}x9HeAl(d7t#y?ugpwk?VGKEzo%_R zXw5OLEO<*PB#bGqKfngd-2e5ZYET-dFLA?3EL^NO)|_UN{G|T_*nGWDo$ksQP6!4l zRW;_x)Jfc_8lccJy^E*d29`xoogf`T8he!CMoA}U_Kc^{L=`SCEZn0DUfiO3i4`uJ zleyZi0|FxhZvXG~`GIEQdVnUg&mf=Yc}A{!jJ-5nx*#TkWw_%E8W5QC_S0<~Vs_FC zPUJiG8dtY9y~Bbx#krlfP?6RCB?pr{zt#mpCoZUCw;)*eLdbE9#S=6M#Sg;s;~ja6 z`xRVWwFL)0FmM~;WHXR=CkAQBF;%{Gg)^~ZU3qvwZ>@95Tbt?1aOHGNS@s*6gm$PI z>5@_gmKhCc;yN|HihwXxj#f07qgJTea(Im0Cw)=+^6gz@Y#3L=U&}d1%_7I{-s>@f zS!N}E|9zj~k5}NWh7%7E_6Qv{*AmzMl|-nMUb?;rR9Dr1gKF6CZe?;ImerxaC_uAJ3;!%pm@AWQH_Ex!z4SQZ${l1w(V+$oj?USv(PQgsV% zBQ4Z%B#N7)OHe+Sf4#n`UI=@9wK63ow+-0U#z^S|(c46)0u9$^1Sdm>)%I_W5B@`< zXa(APzOOA9;>-b~mSFrLfS3dg<-KI=Tl4L5jlU>{SAaSdR+8nQ9=cU&^DmmIsuE`O zRse;OnSA!21L2oMXC0n>l5&v9Z+!1_S*1zB7&`uJHRy|&<%FLt^jyi3%!+H}Mu3-6 z`T#m!%i&2l0bdPMGO?iqW^+h#|N-kKr{p3U}S0qy2?`7wY>ay}e69@$~W|K76? z;xA`z+6v&@3OV6y|07@-~zEpYVDwtSR1**c1J3YH=bRSt9|9R zo;ikK(laFHlx~e}J9mg_QT0=f_RJ_5#|rAOc|c0RdvUFZ7V~E@a@LZNh~h+LCqFOo z{L|R07QD8|@JEXZ_K2D`oQP!fQx5K>qOaI`m|t~I`t$d5vRTjZhl@uUOL6=kamQ*9 zvKf_FlFv}dD(XVz{`8!b@eo)D6O48pZ?2HVoQb^G^&Cj#hRLHt_cf3D3oboHkJ<5U ziCnR{qal{*>60j(i4w8LoADnxmKM5Nj`-OVimM>@guu+9XPF6sNMW4F|Npcr~?FN z45%$b+n4UsI@cVHP~qnxwpQ}|Qd1*DSiGt#zIp9rAQ~xgJ0arcDPQ|e(JG0BsJ6GZ z>7j)In%5fI%*k$*n&U*D@p2KR5FKv=M5zfz^;`ugtpH4uaLJEWz`!jj56aILYH|z} zWTCbmxda?7mF;MomK>Z$O-obs=Xp<{WP{ucqgaa@9<&XOQ6{~eF;!`4m$mBK3Us}b zv#ov=#4q?B4Jpwpdb&~}*ZhZmtZ&x-aegjSEYUYr74i~LJR~ewr_IRRLZKm!eADcz zRS&BZ<-5%I@86$$u_7recYgiW6!k+UI*Obhq*zMOk9g2ac&wua*{dooxUzisp(}td z|D?gGe>=upGFR*qebp)HLiS-8P;}0qdnPEU`9@c0da0bgN6QN04;64QQ^oeT>7E(= zJ{;_w@FNV0CCvAo`H#QMmi_}6$FsVI@DCWr9b6ByTPGjpcVAE2p+crR+$LVu$sp~Xyx?H3GZ90S76^Oh7R10VTCH;^nAqR`4#@LYz+N4je*pK{E; zz%oBNn(6v2#2-NF#2IDXYBhdw!e2+AihLW-+@75rA_taX4erpK*B80; z1pQN@Qi6%EDCY81(;pj{!03fzap%lCBmj)Xhf}-mCFie(rPyE{+Dd81Om_Ex%3`lAOEP}cHChgr7xE1l-{n``zhmN~NVV|0&b z(nf*hS$44R^xKFyGialv#v%eb*1qrV|1Z94EPg{Yhdk2Usrm(($ z+7o^1$REO+?bf&(TZv-NUbK!jMFh^ntjE(uBaH{1&*Wu!qO6tf7a&CuS#=8Db>+bh z#?1NAbajcmg}b#;ZI}piE)m>Ipj|Amgr5Ovp{MOMUI#^IZx{FLGyn-8VR#L0$TIxv z6_kUG@;Gm+u~)Xfd96ppcNKkS^Gs@NLmi^c_B^Q@H1qr$K;;C<2@WQyhVCmj@&<;o zH`GgfGf|K(LCRA{j`fMElw$%cuW;FE1mifrmMlY1abs9?v_ALs$xrQI#+dk? zLQ-z8UkU8H6%YoxaPnw!(=e{#GtJZ^lR36n2s-zgT|&n70aV{uf~==A+ns!2tm0-U z=A}uYr|iaF`8mn^WueK9mLruZIa(GizE0GI;*SV&E0(^%n;@cM3PhWuj6>iB_D*|U zUE#FjN!@b|w2i~NUIM}&kte1xa=c$>w#zu(G23VO`q^=Km?N*^p3uZ(`wfyl#k4Zx zi(s3)UR^lZ_K-cf6W&IxyPkIKuY*GHes4vq?*;%4I&3a@JfB?_urGFO*H8G%UR{!g zr|_--VC;zkySa6G2`RyRJ-Cm5Joggt%NeAV$RMSDrj>-T0XSI`2}e z;4et3j){sKC=&$`FoFnHWf~%z!0F`3r{r!VCK)Ug}?FUa7`QTK#cu&=CRmwCsivd*LGg>ma}3br9#`U$nEH~)39eIo3hVq z^?BxA96exNnFXBf$NwiKA^)9s4W07*mm%RQU`S9+`{w|$^Oq+_LjY{jg7p4T0`Ot$ zfTn*)^1q~KfZCvuwtjclZ-02F3wUl|^W`M|+9d&*NAVRL+I0v=PNkSco=6%^R)B^Q zLubkfKsz#}^AvBhHBS)EY}X?g%UQDCO*em;j%2kEBH}}D9!TyE2cWofJm8Qg&;SXg zZMLy{xz+(+X0%-eZ-MlT$cg;}pCF>0vY)yRCWl&sR%eYSn|x=y=D*-fRE(S^FrmC; z1`7P(t3C)FkLY}$VuySlzT6}yXB|3zGeTGIfOTX0zhb9A#)1?cjWH)>;+uYl{UV`u z=Dkphzei$5g4FV&1Adk-`B0u#C%B{S6Buc{wxVZT^_(xU{`^9KUfJ!NPn+X95f2f; z26O8#%ETwj+p-jI#uZ$Yp3G(}xBW5S5R)I!XND}((DZv&qj8b=0U1a5OlEfbKi~Ng z=TM`73xeTGIYhX}ul>9qEpmqW`A-00oFAESqV$aBNDSU$w0gnC+7gx2U2*uGt00pa z0w(2RWNR=s0x}1Lmx$*$dNH~u<^)aaWs>L~u2V^HiaYsrj8!4kOnDa}zkte^0zR4Wd~$q(d{0@V z178Fm8Cj<*)C|-eBu0`$4KF|SZam!T^|*n|pcv74m%Pt|U!aWCak9#)MrrllCpAV! zW6zcz@p~L(9(pzZ$0+MxEm?wAbAWq({btmg;q4JBvXO|SLWd4Mwtq$mIJ*yEx4b!8 zliP8P@qb=3za6_qFR3a#QYEcN%s^w#RhkEAxyMpm>Fo$4tbH##=|q^NYA$C0^@WYB z%X=#PX{0MS@ejQ?yy>hf#~Kt~Vx6(+D`hhK_$k82W&wW=IUL)!>x1kKchs`jVCbcd zsTB8L@(waG>bICxQhc>4MS%j=CGEC71$0-^etZ!q_O1+Ppb06 zwK`9-Bo=RMBJ?8ls@h(S-;BJul#osKopB*Kymi6;x(3hZ$dQoLczKtYj#59F%A+m} zASGSwqG1v{&BBeMl_le*HCRJ-w|A?)nr1Q3Tc+i926@%FeVOd;LNoJ{%_zh8#F8&I zC(wZa?k&sL)BlrekClDvUQQC^0{4TuPb64~c)_c{?w^M7gMSm)#B&F%7C1TC{3GG- zKEUJF#MFUqn(z!+wxzLpc1`Y%_^iQW#_jgh&%94-$G&RooLAuR#_Qko*3bjZg?V}u z)EKpJ@oml_$%08@`a@?tvgvt0>h!^MRsaXb9A?1tPkWV&!tr_RJ|)ehgv_x*@4~^0i~VwU>PSSj$0m~nRiQ0E z>qOZHuQ8^|#2s%q6(lu2;H)=F+ScrSxbZUmmQd}G{_DZmGU!G6INC0UHIjz5tqaJY zW?-LR1^Nh1ns)L|#>+<;d8S|RRU#YcDqnCnkNQN;{5H+jEH7rAU@$gUh%!9IM(?~@tDkOaU(l`TuK9<`B!eWXT7>?Z=RL+dZLG``IX%gp3%n}kIFYR zU%Ayp87zc=w#e5ADTp3h2ojI@X6tJ=jQC&Oa0i#l)de1$FLD@Lfgk^zbH}9LRHrlz zFU@Ev^pG=Lktg)rF{#4>+O7z%A(Hp(`^Vu9e|#M4WK@TCIx^0^&;GlYP7|M%m&|33 zO(vu}@8LaR2s^Poa?#TM=)+v?oYQL-5l3U3TuJNd?pA#>_JEJI?;YopABhOH3QZrF zUwAgFE>^VkHp2Y!OV)6#QK{RqtipI)=x}}*TaxTVTb{#r1tzPYDRiLm*oEJurS~xA zPIQH|HTjC8A>CiNxnka7@+D>|>&9z}P#e>R$Ql|p)}kYxa^`dAq&%4JjqDC5byiRA zl;$BB>7qsTe}9E`l~k!#oz6Kst2Mx}CBSd>pW@zlX|PjEq4Y>*_X0!1n?X)h5>v#D z7z@98SLR?z+<8dtMT`TkU#r(7Bv2?>7S-vKU1oM;ObPeK$Qv^0uBhn*uk+RA3kx8K|0mc`h&vY@e z9r~<)W^oeV>5IP=+#2m+6wcJOM#xhCIe;~Bn+TX}cAuIs>s76 z`+QTNYnzt#>R@z%=#FZqCvDovzE=^g>&SQFrzf~4D7RUM)9oy%or)zD^eoa^ZUjK$~ zo;6+SP<~j?ZvB%#A6<$9No1l+^+1xyTMTES(j}d49d_Z_vPk%1=7Vfk{d)y~~1Hpt#>8D9Vdra=6g~mwkc`XwS zc7c8LU)0O&PVG!X^DMWuo-89R&z6An>Qx|fon;qLYmF()J+&?x1;`Zx%#3qFK8OYxRr3gG-Y{pkFe4-z8b_;xo2hev$N9 znf*1-ndeR*z0+->R=*zz0Hwu#5r2Cr$bV$1v2EmJwv&eo-ZH1dC6+f`^w$I>1-EP| z#p126y7d{3mW9GuaOPN<=Qw4f!6a%c%sNy{b!=8ebVB1UG7L2)nZ{Zwu2CSfwW#L7 z<`_9?1Nuc7f`f#En3q@)CxkUz=^%UAHcr#u4@tFu{s}0U$2hqebscfh08%>RFBboh zjUdvG;^`UQe(4!FIkQuWMeGLBCBZ+Bpku=iLmzscbvZb zn-s=q_dL(yj#DS-7=2`3cuCx5DJMK{lm%yV+^?_fYC6cKuso=~Vj0~XkVcB@jJbUj zQR_BvY`8uInhl)=oy8yo*R^vh6FuJyy7^{=t`GjZcea!j@2`g z&Xq-&l4x910gypBbO;yuCjKx!+&^jS9Y*kfg5*kUJ5c^W!H) zZ)!{6*keprwvD{_EjHKcm9m|&#d+-fcX}5{C?yEzz|zWPJ14gQV3k$xQjcRN|I7#C z_KO(VNkRho?;ZRiAYToSHk;9}a{krb^atLxAM{ItFGV`D94M1qjJZ64c%$9}qUs;J z;uJmlVsV1`2Y?@LkiY2hm+j-4rIj(FBfHeU%;cDV@Q}+b*1|U(c5RJAIZU!7NTIY( zD!-y*p2Drs!hDXCHIa28UjF7*#6JhXOihxzkN$HYbZEwUJ1zO$mu+L7?00tJoT9** zp{fMe;X-ZVD13CH0*k_ zl8O;>tQmh1cKlljL`tXy9Q3r3W_)>W$pXy}T|K$@3UTXjec=4t5R7fENQH4>iu<#w z2L$mvkA;?3KvBj?et>}xU_2}k3Yw&dPNb_IAJc6<4`b|9q;+WOKj@Htf|h1j{aiA~ zw0t%2CA;IpY347G70`e2VTruCJ=ZYB*o~AA+4;ezu@Y&=1c_YeoZKcT)vR1+?6Z|Z z$lQs*&Q}vfsD|f}K%OHVS^qBF62H_C{G@N;Sch47wbPg5Ie%81!gcLS7fQJ937^03 zk_W{{M^j|L+#C=`O4{7_VHAX7rhA#>*P8R-rx2Wd8qaH3zV?AcM=C1$I zADb+dakCSC53)jY$hErSDo$a7kdKPV;tS--c+XDP{1d1O?SiM#zH}?CNug%7FiODS zgAjauI^={`m@DS8Acmu#p{mj)xN34w@M|mQE^WY>+>^c{$W(RF>~n)aTT)+4%b8{QV(9`*y?-Juv#61ME#~MoAh-b~ z<&sUf_zGEk&PF7q+XiY15)(gv14;z>Ibfr_tsivz!$bY##B_(q%V<$I%2k;B16H8m z(G+_=y6O6&t32?f10FK{4INI;x2}8E_@G7S5CQ@aBG(1#)U#$)WLrxaS4g3Q*{V{L z9m!8VRY=#xPMd&41zp}n3`;=Af^kluybZB*B65$^^VZvasv4DD&^Hq$!ycM8l5ErE zf33t;S9*vrB2N#vi@h7`4hWqZin00yfp(DUYEnMC^P{M-5+4^5P<~3GWVM5kajOI# z=D`g5#&j;YVs+Z`^^&J|!(e_x8}d=`@xb>M%JFK)lU*1vC5K~Kw_e+rulq)rt@W}abw?FSIb64@&!ckiV%uT75 zLyGsKsNfOu1J<>*ArK0Wig$q)DDS;8hr`oxA=mf_(T1JR5T(nm%v!HJvP&#~)5u<- z7|!SeL4k0XVoua_zcH^47cz*`yeK9ya1j+yyU&^vhdMr+4n=A4?N}h0=B@`xIs%C6 zMDrJUueos4=@vm>0%1N#n0h+xYP+x~8O=C5JhP2-Uc3*v<(Pkroi!&mCl-q@8k zZl%4LgtD#YpMih6-CRt=N-Xzfo)!9l3qFK3H;fJxwX)oM#@X}^NW=EkDuOH#+#Kpg zhnHRUS5F;`emfTTA|YDV=(q|isu?3|?-pQNAl_+Vsuip0^4dlORTg3+yH%7C7X~Lk zO=7Dm47;-8Zzn4zS({~bc*gU-?k6i($P3)3nChORYYL}=O`3l6@21F9cab(ydh zk3>;8LnqLY-n@am4)?|~u(qK5tK%x1e9pY@?VF`XRS~FYoEFqw-J;LH0u`w2W++Lu zZ`Rs8D?D$H8K3Z0387U_GOm&?rl}$o!i;4VZ1vot-s*u)(yzv8vCW}Jd`jR0JP4d( z8{1$U?iU?bLv)b^c3HB!!Zg<>49G&=-Bu8U$IL5%uyU%_f;UeD@w?ir9rbMg5ur!r z(f!k*o#*(6hq9o~5L_%CMn_hppMKdj85tSeIw3s$1nufMdab>%&u&~tr%>ZGn`mi* zk}I<}DD+LGUvIOta3gxo6CALsPAy&<<8dfI``R$KYQC&S02%5Q2uA0I+T)M9tfnD( zE&zM=~J-i8*<0Xlub_`LKdnb;*dDM3@TvW z+LgB-(`jxg-UEpO&2Z1cW3De^o1Mav28*CI zCT0Nmu25Y`rx&#PD7D_g7S(`ud-W{jV{u@5-%@2JqU1QyWXK(}Npd10n=Qz@diGc6 zJJffN2u*k?)nog=Vxrp`>jeqig_ z{~?nhYgtbfcQY&w+x+B4=Z4f6&$pi5%f=iqe*Ebs^e*53I~$zK$`uucycASeHF6X% zG3xjZrDyusO-_(`aLdyRs9kfe-yN_p`ogGvEmO7yk=;?-|u( z+V^Wa<0#UM^eP!edM}|F$%rEe2uSEf5Re*aQVbBmp?7Yn(t-#fgb<2!q(~BA1nEr> zfdm0*l7Qf)1ZH3Nv)8lN-k;vR_Q!YK-|{gl<-E@GfBt^Qar-VzKGY-E{h;=tk5SnN z4?HzgDsjx$!+m|d;YS{ud7h(=+)9N3zg#VJri0k|!KPxjqNrxZZw8CXTXTRDM~&zD zXzFmXZk?r~)NTH?l(*~bbYHp}Q3P4LzM2xYIZ$$CCt4GbqXk|@FPkur>Z{SQ%k~qe zm%%8!r@ue`zVGU(o@f#5YwlyB0}1y|3|^`wFtZwYj1idX|N9HfH)J zNw<=N_H(Co3Z%)O(HlY%emZxhCB;(kRu>i>@yQ{BvsR^^F2(V_)syMDIQ^gK&Rk;9 zTIkCSiug^d6jkwe`?G`AZxws28&iz+Ubwn<%;-TNHa6e8-z2q1+?d;OVkF%g{}yv` ztDr}7y15&&B9U>DA8sVYQOBhaz-m}nDw;GhUtchMGb!}YpFC0$Yq47*68THFzM*`9fMpr z@W4@p{e%_iI&%)T8@LSe1BP&zVO9e!9#`-n|GcoB!G7C0q)rXGK+#j&oKx|wRYgk4 z2A2R=u_~e1GrOTIA*bh2`a6AsAi4 zr(mbIW)eLTM!dD1L=x!L!LfO_1vuuLbt1F4b!_k^nib;w3~P`3G{$KkMMy4+Bex+H z%PSVSyyMTPplTJhRN6hf@@;iYN}>Z&ge|?XXI)M&T^xOaM!Z+W zZdf6shKJ`zma@WUj~Lt+6^y#t-fU54iOB=&5$RqGU~vpg+RU-ry{y1U`|S7U%z*k_ z^jsxFV1L7j+ZB?APs_XGj>0?0-Mm!{F)Za0v?|c4HRP0|VZ1NY-iT`VcwG{%!JSpj z{925Yb0^Rn(0-sp-N8*jG`Ae7c~U8Ryur01#uE&BB+$ZB3F6|__gqFcIS2Bu<}SA# zwX-gICYAb3g$y$z0)%*C$z$isFIWZJKl0MTUd5^lw|nGk^BjJm>z2RUL9q1*05K~C z6!5xSkwH3YBcNmYj_kDb{J*Ct@2a#6zo=^w8!I*3bfD*=81IPN2gDzQrGQsD^E7gxe8cXZG==4s%!G(Es83;l{-fM*C-4Q zqLevUH&zjsS&BeHjSET@<$9q-g?|ex*3!`4m}c7D4&v79x|9gg9oz$@VNXK1M4v9^ z*pm{z7BQFPjo}5V=iA(qzN*CyM1h=9^;u5tw81rp4C8(UW4jDY8Mm?4&pvQGs(Md0K183rAwciX_NEBWf3$BW_gUIFto^t4FNq z`Wn%rSP@{N7LB6XEvW)&D~L;I??0J=3FWgr;@d^GX)!fui@{5qjp$;EV-rf0E%`x? zS+AaXnVyBmxkQpjNI=d9zwpV2Sd$m>Hd2KlCKb36&(Qt!F$fwI8eZl&Y}Bzqs;6aR z1$!iU^a4s~9F6t1nexKv@K2I8Sap)@imnHnmHdcXsb|YVK}(;=7$_>&mGw0^rHvF7k{|Wl5~3E6efW zS>Ch}nSRDcKuHBJ8fz?x`Yx(m{>u4&N`TU%hf|@)M51oDE6Lm;12aIxHepMaUz<;}Ca0Z{c+9W)L4qlbc9jGjDFRVd|%_?W8bXs|c0} zjy<813>@GwATs6hXj0VES8YjqFi6_z`9^RiKoVS^g+M+om0hH~v>ym9zSDA{es@m_ zYdT_n`l+HN>#qqsD9JqcaC@BeJQxC*J<2XpN1r|?8dJouXQJ%V}r3Zb$LTFoEuw27jaNV<(I8P*{;9&^g zw0J2KYt=1#-_YgrG2W$TS1KppRRVkTg7lYhluqxsE*Kv32h+2s1qUef{eNH6mSpCi7yVs7~$e$QLEj|XiyZCXcFc*9X<}MOo(!f&%WR9D>#1j= zY?}aoA`o}8gTY-4rqd5g73fO2whe&oGBxKTif6m6fXCt~J*pcy5EiT8e_K(|Nv>Xw^*LUr3md+hHFavE{l7U6eL4;pp71g+K7vf9ez^Oey>%|R`y zCx?v!eqI)^s#!51{j0-3U0XwHXt2oF`>~_~iik@>m}AMzBUoeuDakTZRDAL$PF&L) zsqqGNEC6uBl|pExR&^_B*&S2k@apaL8nBdKLlIKEZLte0v>qX@x8fDUwS}CNscSZ~ z3JX?P9$KRgSGazn0=p5X5hMj%QIqS>JI5ew?gFAx|>lV$}Kez`uSe})#74>UOr#ZgY9U(nXW6+X%YH`IAagorVG!cKL#OP3hUYdG0~YGM2Z*63f9}du5NNC6Wj7o->Kv@(^Gq5mQiiYOdci8L z+l{F544SIu!TqNwppAvEx(4*#VU%H(Wexabya{+2GtIEu>HT*Rj&-*Qc!lv~YWFX+ zCg9O+cNi{NtATv>s7}OR&Ann<;hpu#k2J*^%NNk~_gb(~IuBka4M@l^4ScmwNB*)7 z1AGDY(hN;CenKzGPN-n*hqLnf;5=R>${Gw++*Y{=W| z=u94AvUWj(?o}Y;B{1u%lF|9wf>)MD)#eIxfsG|r1|q8RncyWo@5dus=3?*V&y!bA z!0eDOln?y`G*|GlbYJ>uEzA~xGh<3L_f(4$BxxD4Hm6u*hPXfXEe5#5vZ)1fkdxl+ z6IW+2#>#1xE`F_!nvq9!znpM^v@MD9|6^qQe~Iqm|7E>%+HN0Bymx%D@JaRRt?{nq z*CSQ^pVz-r#k9c!rt5sbf$A})Oj}Is{e14yFKqKIdp`xkTv=RNVH<#bG9fp+PBQ^}Ia0v+(_dQ?LFM^ep^yreONa(_&EfR_+ag z9^Q^!jM@MB4AO*J{-(Iq3y9FhPF?T)a^xR%notVH&CbHX?`C-GjQ&V{%y?4`C~x&n zLi~98$A8|$e?E!-{3ibM@A%I;@t+m*KhKW;zduDIGyb2P8f@2n|4k)*15!y5+%cPh zDPPXM0ud^RBIvVah9h`?zr35ocw=z#s@KB;xMJJLd~@W*JSD8k>hoi4m~1S5;*ke% zlLU<2VOV6aj2OqZ(=8T>J!%YR>{Uj>XMGt)RR?|qx4h^w*g3YVC7Ow=T6EYF`kies z3sBN#@gE%N18$_~323VY>r%ZnaQRpR&1uiLT@PMripsF~n~uDIH$*`4Pv&4Icr$Qd zHuG;MDLX>}C>s#Upd$o*W`lf1Q40#)<3<0RK~8@A5C~Ja2ic7Lca`pJf3HtgR`eOr zJIjUMTkY)^X|eBuFpe!6yJv+A8tz*-yeYPwZC<|Uv*4BIA=O{Pw+{))6Qyf zjRP;N#=rK6Zi${NNNt8BcM4{_+SY0Ss<>SOAzR^tl%8u$udFcqmOt&}@dZ}5v+GU$ z0-ZOn+fto$1OCw8_%C`5xVg=8ZGHmkg^S5W2vFq>ygH`*bWMR<;?a`i&VavG_QWwp z%(8ThN6q|}UPe{|OMtOQD@$a#t%4P)?a9qZ{d%H)0WF4WYcBt%VNQ+ToGJzH`@KMw zrg$5cN?x&RA*K%)2_O^2AO=0sM9PZle!oX!o?8;$hSne~%40R)C0yniOFlNaM0J-N z<1v82tUV9G5h1d|i2YfjDA;6|;YlKoS2EjK%6751-C&rnL6wZyi`AePiV}i3SQ#M@ z)sZieXZ%LRjFFW34ZLr#qhK`|+gnH<355yGu}fdZYJK#+CmecD!J_We*A|1_T5uF7 zMlIrIwqZ5GDp3pO#l+2nz?Nx6|A1Hd{CoX0zm-Nv zNlU}b%J&RM5Y$#QtAVo0;!eS(y&_H=b!CS6F0^m}j*X=pQ{}cAZf()#4QO;p zM7C81P4?Zlu+f13c7^Be1RLMfUeaMwT_clau~aa%MB$mYJZc*_S? z*bHmeD{-{!Y;S87jawk$7i1El*Wc#}l<*Nb4&`K!SV0npaM8b<8I(CHxy2bKdXTXS z0;aHHJRp%NQ-jDMfHyPItfE&=OBwR{@lmZvw($>tc)H|Egc9iTmT64{^8}M`R~&yi85vh~ydJHNL~2;r>SY{%&ylI@+r(eK$Lmq(%-g0lbIUaRwD5zfq2|au%Fa0Vh6Ii z^qRjY-ZuHxK`@A`cgzrQL|UJa97BI}Z168ho@C?Xb?T4&J|vlI%DE##kj+H5CFNXS z1H595Uc3D;pV>|0v5TcXOGS@`-u5;df#e6K5w)`*PG5u-0$gYE4T#<#tsT|V5Wj*+ zXS=j6Q=Ee@_@fOkk0AKCKxYrRkpr`X_ujNLcC~l3q$;3>i=!Mq$rNe&y#!5dhl}dy zbf^;h(}1MCpvCqVLulWqNX&Fc@TK^Tn+FTE9&%Remj1$JM{twARm6O7X7?j?GCd|3 z%r3(HOnNTgBM#er9M6z{O)@Q5umV$f!Kv}JpPn40os_{|-o2xJY539W%IfzGy}L6q zrsq!QZA*e1QQfFGTT>}4%`2I{^ zfu#pjRDLNMd&at7xqY;Bg^{1M+ATk+E7dr6jqxPqVRzCWOo8RZmOHhW+qlih=AQu- z{vN?KzTpN@B>mGFqXosU9%*%GIXJyz)^sf;Q^dPQwA5z1qm)m$NBOL=FV z2fxie{Z0PwSG8@kw%@f{t(F`q5g29ejLNo4gCS@o9?wp#hU>L$zb^d;#?x@AE(Qhlx&;+@HN0iYOYx>@Ra&l`kPepNu(HWidbg|x4p`9Ad~DT zExeH+j)5So5<$*zs9ZJoM~-7|z69{bujg25q)iFQ@s?{5p}VM?pyKqY^r=o&_L8w; zi;_Mn?RsS<+Vig^_Dbs_xvTD%MQ-c7Gt4dWgMD#hT0fk!BqjEb<5S7*zBg*_^}7*~ zRJUz|Z`=2X<}F~fepUK@$Sgi)$&IN~D{&PXkf?GlnHWDnLmAO=DP;FAwq$y>nPDB2 z$B-o2m|zl;I#+q#^Qf)Dx1dPBl;HQ%tE?KGxc~I}9}PXdEzMnXFwXmW2X>u}6T9B| zx`)??{bkIjVaB_UvLk3ywSg)RZ@0E!ttIzHt;_dpKwF`__3ECv4v4+}5ZPXM(*;aY z^Q8BU6CCQjIX=|F{i*!diM4RFto_#Eo^er;biSw4U5yZ4*0IT3WNhe|(ir zy^x1{&Y$LB!09lZouEVV)P1vXDRV!ksoA|aJp7Mu8OGgLO!6FO9-fMZ`dEQ4{7ik2 z6()QH+sdL0z2MySY4?SeKLq?$YU?K*6a$q4Jz}@EhJ2NjuXfxCe1wm3`e^JZ6qdO) zxh|*lm9&`RzmY-DwJ~RHEqi~d;rk5up8oD`PRk9%^Y`|lVELoGT5FU{0FmBE^YjYb=FR8e2dkE>L zmTr}cle;e4uh9C@_gdb^37&;dPOeT)F7wWP5#ABMY1-x`}1(!=hYAGtDVGY4!9~ z5weM8HZuLybcO7@`zA{FHK)upcV?@xmH%rMId>*vwv8D_Q%S^lyaL&xGX2mb7bx%- z{U$hYd)v93(FLmn23;IJtNpQ{lBjZc{b`^zp9zV2*XOaoo(>aBRnvhq?fzqOE!iWn?Q^y zIan2ABe1pPQl|MNtGV1Z&*#3fpN-sf22H1p;!`FR&5te^h}@%OUBp;`p%X}Qv{0r) zm+8t4zJVUG8H_jWLwV8l2;3Y-#f@N5=d0Eqtf^}9{YYzDd~%TQUteo%&Nphxq*7qX z6ssbf70<2j&2rNLmew1#WiTDHA$1ep?7USeRF%LKd8XWmx2N8T@0=C4N$=Mhy4+A% zYlaE`*5jdCDWmT-q0_H6k2m+X5M+d)z98n0nJ%!i%t?2pfSDas&!vuIp|nuf3&1eA zlbq>NK|jpq@ue$WH=M2y)HE&Al5^jO$@=3CB%f;q82&N=jwZ=dgZEBOIcjr#J!DT0 zIFV+$vQyMsMd_bcMT})fT60i;l3$}S)(tvYiym$w=4id;&VGYSxo*0q5PiqSbZ?yj zWRQt^uKR+&41P5b3h>dY{tBk|CZEELj~-tE13Y3t{q)4UnH>AFrk3 zP|~xxUuJ7+hVta|Bn^s54pZ?})f340%Z_z&;0LpDL3eZlSt1$rPG)p_SuC0h?bP>E zg^J)~IRkFAu`}rByONB(%&vefJjdSX6;OO{hV<>e<(_-0gTLUwQFuqD zuEeFSbiW@9@@pe3VBxuu7=0DuHU|;o19-Cwz^;+mH+>TQu|*jaUZ7H~_vY zX)z+rzAHaiuB*MAXg{bRobX$tOd@VJ%<0;kuvMI;Su#NB$Loh zIS}j|{oGro5`Fx(=XWNU+=spdrpS@YXjs%tl8ifX}*>_$YVtA$R5sZJ5a$U4c_ z7QYOcR3e|GHVN2P+u;)HX2i`UFET?_4`ZIVwDKya=F8{FE#U6LT_i7-q7AL5>Tl~t zABlhRJp11z=H*i%88Q^G7$au^j=kJqHr@Ba?LGkY&l&cyL<9{XxW2p_8?v&uYXRJe zm!3M2H3{8KT>eh$sxQJ`hC8E%Ik3_?E-|&kkmE13liUvZs3#VMmPa9ed`Bf+*_hW& z<7&_yEM?nuXW8-d&-z(J$YGf;BMRa>yxVa)*tEXB8Pe0-^SamgVPjWIcP1y1C|B9s zp1O9W`*rDVpud#Q{n_h8(-)O(oo$b$+OXQG*2X-!QnhZdT6rUENq%EV!0HIQzwCjb zWv9Q3lFMe?WJuMwQvKUVa1mUX0B^R&F0by&+E%!TzY77oRF#431LiYlytegvN@*uh zo4J;#tk=GJ(#21STLsb9-=UsU%^w{CRRZ8?_EjCl?^+YVoEh2^Yxd@9sxb#)W56Bk zC`c<@P9y9zv@71gfX?`98#@dj5=nBzOX-YO{*WUhKjYcWZJQ`nnt2o}A#rs7xYrbyhbomvk^JxzO=W>z_3Qo3NTkJpGM9kOw``4`;z=O5Y4Ziavd z+cYF!0l$g+cwCn+ovlAH@oVCC+z57VbNmr{hn276lVV$9S=$hp>6gje5?#lL9es->hj)~>tE)Ut(?CjoG;MOtfSga%PL33A2 zXPH^M(+xwhsAR8v^6oBak9YP+=M#38R{NC{kk3vwnVr)*NKi8qQ|ydS?J- zZ(?0zl3_n!YPe|=ziDl}BydI6WHQZIE4M_<#P3q|%C~I1Rq_1DU>HY9&gZ-i&tYZT zANSi)7HPfgd#tDkM%^GihBCaIDjN32#ShB83rEr3WJ!EjxW*njXNQF(S;buX=tQc0 zzSw-Q`R>wRlkQ|KTPes<4LY?w@F>+@SBJiJ@8l4!m}fs8Of@gl^f9(8@oBN?uX&w; z$f(@vL_4^Zr&@5s-H~L2&QQf3Ig?1 zm$M8!bu8&rhB+9ooh69Ype$)H)?4VkT*4bp4s6L?*Fk2CUQgQEV&})+qrB4A`FZz8 zcMP&qe-4P+zensbf@`Wx1&qG8`^;gED&!gKl{LNI$mzw7f6hF)apRpM3YJ8@#h&b! zD36nJ#ELc@*{9|@U$L}F5ZRwDl`$vDr&hYtX-M8)Mf$Q4J&+&p?)$fVp-cpwWxyy% z)b!DxsYPdjgx<23U-ZoCUp#+`N6s8NrJ3muK(y|x9@N!c&3Yed_ObBhD9KM#QpA>M zp6;nLm0mNQp)*wZsr*7mbIJO*bh~buS9fRgL}xa3z90#Xc*TvKO#>U5cjmkVq;rG0 zbMwD<(Ig+TdTvqbqt$D`GQ$O$G=Xs}rhg{`JpvY4lJtjI1mhJ(zgS!4A-rCswHB@` z9e6c+{Lyq~fCm~eTk-o8&*?ioex~crj2aTprKtw(z+MHNzs(f}FkMea8#!{A+(1!I z$rZVNo&FYZ@kUbND#s>$1h^CB^oN`EWt|cFW&OYh`JVH}uGXi151PP$i%1vfB7)z@cKrGb=_8#`t8o(U_VHo2l}2VvJ{eZ8uh$RKbq$Ho&xa`^?~EhS_|k;}(KDZk^yEc0!5& z-ojailTyo%7jMXnAO(qzWiY)!Y@U78zRRKB^CezWLNBvEE|hrVtR+a0rIl)1Fm1l( zRRJzP|2g9_S-ZnBuHLSa8sE|6B&M~m%&LUtW6w>JLO0sWEH(aAl6>)ZVMzR@do&I_ zOr)< z)o~6ohQzw!O2UkpUdYB;5i0LZDa_bg4wA`&1h0yfB?X~}$vLb)UQY}r*TcCX$;~Nn z4`15Bjh2SF0E~J;2I*!+aq;l=V8Zaje8VWBPyFdarh>egUFOwLM-rEmqqW-O%9%Sf zlwJCUVdm9)ofWpta@M8tVdCCM%?(-Ua_Q1Pznr*!lri1*t8BndE&iPLX%n5K95{WH zH-lMDt>5z{I8+d;e*d3f@Uv{TOuIx)?pu@v^EdPxY`14HPSqn7fYsfZmJEdXG~A5% z(f+<)n<%J3uUEd(G20@n`9|TB3F@-e_2L(`O3L*TQf+Pde_lCWShm9-zc-p`6kc|N zM7K>dvdg(#ROSs2ezpqQmuLnH{CJut;w~$nlSVYVLpZL12-tl``_O~hb=~Eoas@TS zw~WrkhvEECeCc_j!<;vV7wDJeQ**s&3KqWf%fEs!B@pfDQRgev33lvWO)0}pE>0m| zcg$+)z}mlhPE^fm{_Pd@NnOcBLE&BKJCz52sjN14L>cBi$SvpJFt>5rLncaBT?~`l zvr1IXgtDg*6LM!(#my9z-JVgWUoH^2^tIU?Ev=cFp4yt5qx|b7@-~!PA|`y!O@ugN za{tOEyfP@oI(cbVL>w$oNZ5LZ8OS)iUd_z+1hNOgxFCr0sc*R6~%yY~Zrx)DYj|__K!tw8d&oA*(d?rTe>FU!E z+DIK?9T=lTi!nCR4oPA=j;T-6C_PHk7$Y1y=HBT<_Jk%eYnKz;vY}%kuN_@2o}y05 z)|Wmy-3s%R8mgS}19N2ETWI)0RpAtj{+JM4N<7rp(KdH4foe(Il>=8GR;FL2=Y_nO zV7R#aanpO*)nH*5Gs;gl?9pYehkIf*(F1h|b_vHiUczn!!7w<%h$|FmVbHpa>4EHK z^b=_cRpQbd{0c22eAq7AUr+~rdv*Il3*!8jaP6O6T8`muH9+bl+Pu`Q{L_}Uy7Qe@ zGf^<^Q8AlK810r1^Qre0?a1`ZLt6UI5VJt8w{%P)ZS!7lE8$SFK8>= z03AM>cM8;|HF07GEV!HngUi~KQvbTi%WTHLZ5ro6;L0cX*{v)q`a ztI8s3wzMQvz|av{h2OzXbZgs}wCspFy?XNM5QQ4?gqy97rAA*fvt1W!F1zP?3ADRs zkVqfj!vZDHJuEOac<;=~{7GHcEoKzi^>y1WlwLOf&zZZ$j=&mi`LAWLCl;?~Q&%d{ z^dyD}z00s|iCEc2DM{F`rP=l5xFk{?e37>`BlDJX9x_duUVNm|MO$P&ZEB2oQu@Y! z4&3J&gT_{Fd%RxEtn-Y=m93*W%ag$Wa8|i!ZgAL=7+Z2q!B^GxMQcA~zRVHkl9Y0*%LtPgVh0RTyaoY%YNm_*H*UwY zVY@{speu=Ui|;{-Ml;XrNRe3)X+!Giy;)Z>a4(ob?A|Qb0w5+oSetixOl^vmF70;i zq&vro?wEuBacYw~rVzx^Py_{LEc=3lMWe!5ny;tQ7!Nfx7$d+HprW?oht^rsy%ds~i7~!0DKR`v~huYalA5ddV4c zlNkxz>c=WEWfH%cMVWOmPFjm;`0SM$FEp03qKxL96xQB5$YIZ+hF2`(DPthGPsBA& z6=+*OGNEi-+!$NeTU0I;zLkCK@4=a#h4=nueCW~&bQQ{dpb<7-x+>@SL0_Z(Uv!UT zqD3rRpuT8^pbhHM>U8K9m1CR?to!~(+Rr6Em6671iB)yDOCUus)8-le#YCnDWqF=u zS-1x50MTOjbOb799(*?$(K4qKr|OKk9S|pWF7M=J&n1>@FH>mO^w{tdFbqN&WLSKz zE&$Vm)_V!qhooxts4-cc+L>Wb4F~Un)&p)7^;A{j*WQ^P(Pebv@muT_ru1L6!9f|m zwu3!>ta`DWGQvA~|Xw)sUe^uvkm5pOft^!(Y_4C4P@v*|~W8c#`SMg}}=+TAcXQ14q z)SH6f*IZtZp~v(Um!&|#Wg@oM-+~`)MEg!z7G$|FdQ(DUcz}8&<4GS-l|zHR-Swsl zVJ|bsn|r2&`t&v17~T0P9tSUKCU9iFLCb!3#OzO3BbAE$CuCu%$QBLf;bgenpqIWR zQ&31gR~|`UlFAIZ^%s~{h9-c|EQYHQg$+NTc-72cYDf5p=4N4`X zvzcDo1*IurRl{^YtWc}AkyA>ccLPxJU(>@{kXE)t>VH&f*(sa z&yH#$o@tpwNG90UZiS56)R>2PBP%!LhBwq5>xgufqjYomyo(5?#<_T68Zsg5*;{l< zzp!{G$UG0#Cs}Ylqkw!R)qj;I;o`~-v4WWr3G%8HkY0s#i--TW)F*xMNsQ3S-i6a; z@-`XE&sYXa9X7{Gz&15nrej?5hK5l)I9yUWg`wr0K83iHS+ukj*v)+X{CsH@IW0=x z_i}$&*mPgl^z(506a*3iG2)|zR2Z-uB*@rGsGHXkCNl_R8?TP7AvN>LlOG+Xmg~J; zgueEaV<7ck%&QqD2j7Y2nY;z@nnBHYTRSjYT#Yk=m?MKLjO9b8A7sNhSC%tZ7%KhC z7ckcWOXeE~pwVL$k_;+b0|?BV72CEImGkz%!AhuT-X1kDg%{{KI8>#OR71lC$Bn4Jzq@UBr1QvGs>#hHT? zl~@GF>2E**MRQGc$$-xcfp;`+F~b>*ZXG~Y zLQz{g2f;aU%7!g-TC_f450(t$Z)}_P9~+;_Z44TzvHjU9b2jd6(DA#FMXnj=^Wa<+ zV9Rw=a9bE|v`2fQP3&13&|!h4);om)aKh80>WZY$d5W_R|*hPWlw=HO8r z-)}@vV0c*M-I3|9r*751vc!oX#tnPAv`W|AFOCTySJ|E8;@U#Ii1CAnef$V|(@r_$ z7(+2xh%>C;dtiZyl}`&5W}tdJq;$YgH?#ji(1f5vrs z>1Z0=$jp6V0hM-VcNcy)vl5r*StA_T@tz@}xO#BmbI0AaTUzVoMGUX20`l~$Ol7QK zS3`~EW6Ij}Nj{&Lc@-)FZ)?B9MsUy*+2t~7tH`dkOSBjNl`c**sJoSP)OC}d$KKf< z`TFe?)l@lAcW%&acgXC9ak=2D_dN_TgW%zL;DSz~gS1?Wp?HCQA z^fC3YVfh!20wo@(b1i^^fpFCwNY7ftZ&)?{r>IL zdZ7Z(&%xJb`F?-D1(Sybok|2t#N^M!qD5^q(tF@mDShs$AAXwhfJR`9mZVhQpz7b3 zMLsi!sn>+cyLlH4;lw+p`o{;|D|E;1 zn;=)Afx~fx*n(erE+)tv!m{406|yBBHohUay-uTl;M@OyQ0u%IU-VtjdL}PbIFn%zQ(P zZ%l`-VCbDiTgzC2xd6cRpU>T$fWVY5_sz>{fWI6*-%N+ZL@$@}09k~_hxeXnP3M)Re29}XwiQ7qBzUf)e5UU%Yoviv{p~s35 zW8cDT12-k^kmO|nkmJ=CR)O(4sq5kO5k1@h>sP7XH@k}|J@Ruazzv$|h__`ACCTwI^A)u-+8G8th3fzF4$&#()jZiPI2tD!Iju zp=Hh$PUCWK&XC>IH1`*^e2do6iUOiRAn_M=Fi!*Py+w&KD*Mcgv9rZ)6|!AKX(lRh zYl3h~%udMSY~BWF)V$~`nx$JktKRc##HmNY%Ihu{8G+;kxHO6@=WKd?zBf8G0^9rS z^qP~O1UDcgw0ng)M^_>5#eeTTgR!GSxX>TXfu>bx;u8r?V1x~f3Gr-pCKeOX-*3)_ zj(GIzOEbpe{aM$atdu1#BoeFb0sOIry*C4&YM9-+5L2AyT<9O!EN_z-af{M>AsDV5 zOPS1wpyLaJxR?&7p7BH8>~27kHnC*tU3mtD?(1<{FK#PAq)g=pCsS<>nG!QzFN&Mnr)keB zZsLy0nH7UrE)X)El>)x;Q!TV4U5FA0$UGs(q=iR96S`u+o6Ury1@Hb%q1CVD;C+k{ z_@`sva+Hc+I9Xv-CHF`&@|%3M6P2?HD}gwQUD>?j-AEhn7fHDj^pcP4;@WeM>lA5g z7F;zkK5IInleE#x0~;O6qInT^WRLyG!cvUaMGfkp;F4%Ib?rm?4UDafKuQF+yl$d* zpU4eg8|vrzQSGdtGyxUg`1c0^P)cyLaXzEfGkIVtQS5TkdnpP~BfJ-Av=x@GAYfzn zs(Q4F>n9n)gZ@qrZv;b;sro!kNiIypTi5v|S1y+BYahw%VW*Sw9x3!$V<3g@CFqtd zUdbB0v3A+G)0JVQIR|K8tdJ5}l+ zjJo1GRO(tctWLi(_zPUgB<%9tIZBt(rfq@`A%Z26OxehVD^a{($8XvW1A*x}Mcu}x zoJptSba9y@m;2@<8+pq<`s1!xJkPpKhhybFR&Q8MZmCpm>W4&N>XOmv64W24Mqc~@P4v#ZUW|mfzfrtqCmK-An!5~c&QZ4fsQd{ zd@T!wBg94+yNHI}s)BkkBe_KH5?V!CX#2&)n705%`e_1nSin|SOC!VQ0XnsgPk+5W zePEpMHspN>W?Qw?aYiSy^{iq)ZKJ^My{Ac!2q?$s;k-g!Rh=$?x~q2Gvb#+AkQ&rS zt6A5HW*ZCsa93L8YI*~}bx{mLmk>%&ht~w-<1+o@Mh=|ejfFTpjRDV(h|7=k&jYB5pr5iT#(lQ0h?=i$%gROKix`H-JX?~4CyZZgB$&YM*ywiMb=d*`0~u=sd6kH?O=x>)6mL8@z--r%lG z4G>PD*T;2fRBtYe^@w}{S!>Ppe9^NAp>HFm;G)+A`qx%c0;CxAJKL2QDdv-SeZ6^b zFG~5oq=4OCb*W&o*)T8uMUPmv>|rLw?ZRcQ@uKo338|!ag%d@C*6-Ulxch&EacE?^ z#a7%Bp|(4B#trihmG@bw49R{joOMVU&gT{GY((Z?7iJy|H6#W*ahrljC3XQCyd`Ll zovvdFtG9e=Dpp8;y!Zx8upUi&znG=ZrO|c09F#qt4Vd!TM%)$+tzHX74MV891>Mnu zvo60gqzjojWW)u{6V5@=(Y#|vR&X;wsK7X#RGi9#bPGO;b}vs@_pQFp(ZWiUJ|8gi zG>V8WBNwF5FU(n$y-izvFbhH)yG(0cTrCJ6M_qMoXgwFgUX|z9zEP)m33uHPwxQBA zoF%|Hu9rxdxOxW1V?rFoFu||TYH($9WqS_qBJ39eo}h;keSLx2#e}pe!Z^56n`ne)iv0V&Bkg{1E^ZN*W4o%;OT2RKVL}p@|I+o(L|6P_odV zzCMt~=(Pm8ncDP$-c`ie=y4+|+gpT0kNoCOYxK<{RY@E{I)$OS?0(!L<^8(WBV1B5s{( zIXHImI_Z+vA<>4q?gCvs?Z~klDlc8BSt)s4=4P=>o~ejm?aHs*o+4Wk=>nLxt;}ZC z_VhQ>q+7b5%gy6|XNcgrJ=^a}3B`eX6Gi1<_}uYXb&7{?*Fxon_6|K8H4AMDFJ=tW zWvCXszWU&o9UHUo@1Il;_oTiy%kT}OwT0Pxlc}FqIb4OFRfrMpTA%|VREiZNVfoqN z@jT|n%a1oz;y}&d`Me4TpPw-wf=L(~#i;?VIk_HfkPyLGY)9g+j;I2uBD*R=xLfLE ztC~jskVodITZ%(9$PxKkFBvgprjP`2X7C=ETx5Ocatl%~r?uLZnAEu@^=~*^nWp8+ zSe?xvcjdeAPGQfJI^;b=gZK{={llJ>TW}jf9jJ(hjE;Oa)64xBUSODMi}(%rKBza? z?+Zg^C>%XtCMD}@p%Jv@-OJ3gtAm3|ob&}VT2&KM9-{=5F@z`*Y$pY9Gun1qmXPlg zu*j+;<$BTRxBTzn`WI(kGCXISv_Y)Lq86u?z23j-|7AS_n4Zn{(s|^6*YJEEoT6R- ztlsJJK%TP(yJumQt0PuHzu$_|MfttFVD`PL&fV0mS^nj-iqSIaL(y#pSSUP}e%Hk} z&t27m)3FE2o=5i-<<(jnOhG9{H|Gr}F4F zYBuH;LpwoV6-Z#63u8Vxx@gAd3ZRayz`^q2QIu;cR1n00xTb_hivdjVsS5$DsNV%$ zt~D}FO0nIvjH|15jJBlu#B%S7PmVWczUH~rapVTS=t_d5R?UcF0tf9yEb$yK?$BSS z3&rVRue@EsrQ%ag$KUUN@V-=^-sgqxuzcU$yw3R0rg;9W*hR%~g{==<+dOfg;hTjR z4zA~O2~`s=(Rz}^RFEFpqHnF$P({?cTPNb}hc=2XUdmDW)6^PGO`%q(Z;!V}F zOU0b^JiZMS8vujMuTfdgpe+S&U4H||1YI|oZFIYo<_zsVtaias#5Bu|Rwm%Ey>zV? z!M6h&0E+2pY9UM$SCOrS%V{5+02Fc}A>GXWGfc*b=WPzSMvm#xS<8t{+Q%US!kbz}E zAdP017%h0ZxXh-n&|js!%f~dO+YOwU_F>tkYxSp?3iNL-GMRs#l)_vSj?T{<)(boO zh$2{5eqKx?0G@&Vm~$i`@-U3El=rFn77g=*B9ul85P18L&yw!^hR?y;K4KtIMsAgD zpb+b(d~LA))7ZJcLWwIH{iW_#EZ9!#Yc!)9_3U-Waa%~N*f0I_Re@BK+;*=X&V>6W zK&nX(rz(vL`diQ`+x5RyhqH4-IF=VaD9ey-XS-}VChfVzd%ehY7~ zyxt>z@={-)Wd?XNW5{#8XG43RE%7kC(=lfL&@4@2*{{IW7=djG3Bai0ZV}tyk1k`T z{`O#x1aq-yBN6^^iEBdhBkILNMyMbYg?!2hN_R&a^VI8?Ekp(#*2Va8hj4eM$U(JC zz%z%YVEH&^>(nfTw$Ly*L*L@ z&9#=4ZURQnoHN|1tc7LlZ(O2ZbYRga^jp z^fg;ixQS=ImwlIp_k(N8oaY|~3q)0Dm%|fa=nxiUbBq(la?4&UzuPSVI|RVtdthES z!7RU5COm;X368US0HvI^ekBOhFP}{s5#n@aB(|ARM7!7b=!Cgf3U_S#82eCqu-ZP*s=AZd_hYCU~Xl$_~>~ zc68(oD`Z(3V9%v}@G13pUO>u^Pm@59c4aC-=#8ixSVicDa5ah<<&9G_$z~UsXEhcU zMK@zOqUZN2b@+BlA6c?fZWOcKAb=H2XDm{=7Arh$ozZ!g73zJ>S0jh+XjvKZ_ zvcQA(%S12Hud7?ZoZE{DJzIjzZ+)WaCulOhrzXtY zBMBIRHcm=LGv(li3CtfH*xkp$b}Ygo*FKd@3uTN(HG#_=$emlyO`J)@U-Q^;^juYz7;V-7X5u*L$HlW9MB1$ zX$<*=6TKGjz-_r?MYcpqP?P-dGSvWxsmBNa=a=BGhXzc)^_M4>L4n_?2lndf497C& zl{n!3jmp1f4xwstF92a+n};g(@+&#i){(uCY{x5%S+YCP+rhU&lBUG};T=*B29gVQ=i~)EMvpyjPf#db=AILfjSB|@R6Ez{d4y~x`M}r5 zP?DC8bm?`N?MMo%o+Aq^Hrd?B8CGV&pr=`;u~-d)w~;NrpN+>rMTR8OYeH0H5qOV&$7&A{3@+nJft14#lQRetqc6#&VZS^Cyv=iduq=W=gx zj8Yc&G?|pm?%PY|a`V@UaO5gr!~NCe_7EQkW5a*(Q%amq3zfvm7V8b-Pd(q3+zF{! zFB0+C)EoA*#p#<}A`L1+dmx-6Ax;dZ*o;xVQPIICC4qv12;VtZldO7wOCw?mW3F1_ zSjiWqV||hSA&cQ4kbz(cf%9kfNBH`rfS0D;oC6W-$vbA{Fv!V^^o8~XPIA8P~VlGFGU_s?@p~_?xJD8&Gwz0Z~N+;n5ADOy^PlFZae)MaK4Nw%) z>9r#Ir?XR^mIdL6R%nkQnN%=_rfXn7XYTDh?xmITd5*e#pq04P*7I(a$sA5uH1p*b zP4(a!SzF)Hd)qB`dV;cvC9^0g4}@&1)_5z)aXIu3kEs;A4l3`R#(m!r3-f5-ke!av z;w4+i!3_kA%nB3M-pPm!@*@R*n~~?wIQcR(x=#PXOem|!nSg@&ldp9=ZkQZD{N~c+ z_U;$4rmnUEc+QxT5#~(s%;4#De~p0HVZDwAx5`_F!}B=k^KemDUvWyx@ME~3qslu) zSNS}Y+9c70LKwmlgqEO{Mf0-f(}p7Cl2ym#hcp@Ppm@1N+tY~xdi%X3@$D`InFpww zJj2@Y80F&cfsg=pQ*X+WD>2LLbO8Iz0QJmX4OhP&K=x2&y7r2&%4iQD%wf7kRDRu8 z>19-c)U~;V)E00XCp~|n0qCto6Z^1g9pho0p;haR!P12vu+=Tz^{=1wj^+XWnuB^$ zbk7mP&4$jY#wa~*cgo`$-O4+e5psW!mnsWu%_1|i>K(sc`XrXt9~e=>!?MI?Se_lYg1!eEca0b);6|@qeeEWpPfX1gSwVwNN1|}$p37{& z+fV~SDoW@ZOa9UNEQDFAKQJ%Z%@N)q>!bu#A~xKdQN{>{lGsFNyisu&D(7K9XGSlA z`jC}!SF+O>D4qQC?xI5d(QEA&Z8C3WP6+1&W<3gd_X8J-rv=Pb zZGK=iN|NlZFSc3&aPDPfCU)5=jcQ zE-mTfF3Zrsu|I0@w0|4R<@E3N{oE&nkzu{YLeMb?b`XP%l)_Fsq6-mw`PAQl8>{s4 zmY77a>;%a?g+!H0Qz0SLqZ}dAY4RdcVEvmmN7G^&W4-t+<1kOrLMxXwQk~V>aW&%p z1kO}Z^NxM=saedkqbWmQE>Q^>6+c>Y#A%)Av_1z`vIQA0za3w%e|)6o+_DGJse5{k zB@~Zv{c?D$#`4$pXGa}1JZi0E1kJEs=}D;NPH(n{B2lZyk=f#Qq%`hzz0Bc4m%%kh z&uXQD7}>`Y%t5rb&5%i*AOpmi>$52=cw*rI5BBmS#r(#n4A4+|cE%iKo@y>?kS(}o z4EA6d<&wZj%w=Gx_8oe60QB-QQ(gjxQ*EZSG4RE91GqHTo^y02rElda$+8~xZNf^r zvMwi_@3e+}-c8?=J7sUg+@ZalpFsCr^rah)_SL@>PDjM92$XuOK((2CZn$5fRWnC) zWiOhx_-C&(`sij$n|}mPlTxF&CMD{Ar0=d0KhFwLZZ1hrslK@3q{+;A}TfgX`7Gejf+fnh1J)ZV`^}mT0yG zjihF|hQKHG65U*=*b~%ysDiz|R2Vct5D0O@N5N%LtsVSno#z6FB3XRxtuxWP!jA5) zr~s3f zi_toT^=HH*>Q4x#c*HVg(xMt9L(|HF<*v^D+$W;UXwmy|x>~hZ4yi+aaAi5QcP8sN z0cGNv#2Xz}wklANf@$+qN0!W!$^?pcasY4|{J^!sg~ne^XXwKAW2{@oSkVznZ&xHWzUn5CXHFMNA_sMEC!p9IS}wViAOR1bMaKH`P4>0*il=l z)E`PRT{A`T#D=>3%($XF^E>g;5E=a-l%5Xc8t86bXY?UtzoYyg}G+>|6L+?rn}cJ=EOU z_LJxb;~&#x_M1gWVy9^B8l>4iLpyz>ifca!(^xN`g-IVdTTmFm>}%?rRM?7mjXCFXQzw~w($dB#t-*Fl|^HjzSNFxM?qlz<5(XXEON*cMrW;7y%FIO`<3A2T({Etp1?@o%rxtt{9zZNEOCPrn*l zD8Ab6nojq3(VcZqr7do-I369IDIHk)I3ORUh@E|cG2)C8IgnodrIdR!zjLsprBWp8 z>Rf(vLen?eh2`{xfgd}Sb)eL!VWK`K-gLmdd&cltTHTf-#Eq)^eSrLHqb4p~RO*}q zNk@6f^SqX}nF86uvyMN7q9GalinzOOmYW=41C_F)OR2l&2l-M8({?md#VcH0(icZ% zS2A_=`X&fYo(uA$;mNU66jgN_-#23CXNqW7Hm;nCz=_ME7aJD-YPmo8ui^Op-(4v{ zH^>6*7UR8BlGv-9p|jC5teJGxE;cfSYe&c!6XOO0uI9a9&GUorA$A*W=uAc|l=>T} zuFawMnVPVPNmdn)(FuJLzP@i~Jx0iukA2a=Ai5;%z|@N;*QUvg`~4A#q`R~)w)z;` z2OQ~;RHpZeBgi;Z3mRMI zMLR-U@pyVJKvt-7e~KgPdb#BCZn_DPp$FPPDCAGA^sS&3Kk=m}E1nk$6$oDh9Tr09 z_pi+h?2&k;Tvq_P6voFJK{n-ZH31g&mJ@y&_8#mMW4$!zWk=+AQ00VRR+S9S@4aMGtM1^HHVV2G47>vQsiJ zj${xK5tp52o!0DQ&Ty0W=}ZWExy1G%0Ixcg2_HJ(_}o5v65AtAHW!y&yXb2Wd>@U*8&80bct@32}2k2M&W1o;=aOOd189}u@6^F9x{{oD;k^pt*M zW!kG8skF%Z%nkG@zKYg5dvQ>5KGcaSs*$BZP>Xjz@tl-UvwgzsR!}CLJtn$qiq7u+ zc9YlZd+1g4(c|Xn3BT0x^v8CsuifvI=BWY!*Re|ICTq_710Pq( zyy-xA7$9p_eiohCdeft}M(zfRBl*F~kYE;Rs#oegq?LboYOD#O7>SwDruQd-(W?E@ zA6)y=OB;Oh*zxF_!vk6)pKDCKcfX3z(digr+GWEL3YaTrMdhIzlXpeWWtqW#k0D z&%M$VFoRAPfTM}tB)|2qixqIaoK4xiHAq9XiuvdF%+XuNAGjP;-iN9A=3T^GWN2027oq_MH zgcRR1?6wS;Fy=QPe`)N_{Bicco#s7wAHrw5!zeB65n}C!eVQ>IW4o8hJI*N}8>cO2 zSQj%|zh|Rw@GW^~sEumU&_XKyjHi^N;e|3QfLY5G4VNr&*Uy__ zlCK8!2%zteoIn=RlhxQh_qmVFLQRf*SeZ?AyxBjN21w`*Ke3To${q-Kdn`YE^fv9a z_VqzLpK)r4IW4?D_yLP_&hOOse1ZJ%339xF{Ky2Zw+QLb%QD$oN$Dy z#l5mu7nS|m-34f2Z5j6@h%}ESQO$w2c-GOFftWVx@yV!n5E~#MGBmgfoe6t*eIEQ; z#R-pq7@FWoUsXO6Uxm2tTy--W&$XQ&r`GO(Iy^488uyGu{KK$I9>N z)X!Vh?^#-_$qOFz-0@_D>9H>E1&Q8C_MU+xdg9E_(3Zb{sz!feCiHa4>;&)S8JgpM zq|iTQ=%NoSiEfrJBKa_(uTHSb)54;Km1cGl*@oq*C)f)a+g6hm6V36Kh-^ohIO)3} zCNaR{c^x4(Kr3Hjrp}4@;}fl=62}PO^wkdW$-9CAty(MF0>E)V@E9Sh&t9@-1yv^V znpKfO5d<|6>nlexgVJ)bR;u4hWcnM)sdRr0T0u~Wy9Xkic#jrTa<2cWh&e14E9OGk zE4Hsb-qwJVawQ>f2eV`j`*tNBK*7C; zFHn#JY0wXZx)Yg&EA6J=QM6?fMcCo+j{(W#5`UBpvRX+Bps>BH*x!<(w4tp2lv+=4 z?EjR{0mm6kI8S+|W$y&b;0ro|SwM-WgvfmB7)TAn#3xky^n$9IKypU|&___1y8cSMcZ zvj@`6PA}Q<+jFdwTDtTZ*rQXd*zK+`t4?q}%&r@!zTBE)>-FpwI?&_eZ$*a%bYE*Z zS;WVocow^rM2aF_3_*e zQgYwYDcJ`GlaH75xUSbljD;P~`nwBf(5LBB834*TFHT|d&fg};W1?@enYYS0*(}w~ z=*2VdyjURJwpuNGfA{G7z7Ta>3;W#d%4q&_CMB7m0`Zq3Ou^oUi<85 z5`*>R?F7HJZfu~w9L_1JroYOx@d=$O4Z1sk8DZP0rFzMpKo64{60S^@4~grvh{P+} zLFfGGT(EXX!rI)15MU(rTGiw~u6Mh4w@6uH5btR2GvQB3xe=4}WD5v`x?xpi& zc@r=-cHBbnXW(|vtwJS}Mj(ZAhPl)7t1}8=eUEF$eA9J?;pVH;e16JI3{=91A=k5G ztJmk{+b3(|g|xt^&#%$%Qu3J!8SS)Lx^AU^IHP|^P^(EHiCung?Xt;jgOOlY`e2qE zXT`nXs`*@Vqlc*{^%p8c4h~+bmHQFPeM1W1wO~8sjOf>9(3NB=3j9A@etc!An5kQ) z&UuHiioG|uS8zP}`iyX|XIXI3)Qfo;DaG!zn_Me*aD_1w3ZEq>NFZsxI_$7iLvsMJ zaHP{~R|liLM@a~HLrM9$Pv#@`EY~4ahfe=7{cN!cXdmGe4GkD|P_oP<7E1%y=Ry@& zGU;Z{EOm@n{krLUdDRSq@7sK##+T{_PZRmBG#!fff_SBxSr0z>6l!52=l>a1CLbih z?3ijmfzs|v_U0Ks_qCWrYWLY>FoM3@3F#o!S7fzzrN87VsF}$~G4)CVvc6DDgOa&wkHAX8Jb*f0n-Kp3s-GOe!f{oF` z=-aHIO>#Bn9PpF{O-3HZ*pe|m8U010_c@V$$V1KXZVR@+^|`{7N{)H98I)x%>^mFG zMx_bAE9LTjo4DJ3%A)NJrD*=sFmaPmwxqU%8qIE6tUuPrY#6O&zbp&2&NMUa9nYcD zT$Y?=EcqS;=CPYyycgQYDMb4Sim6m|V!n=I&-Bo5jW!r0-Nd}E#&IMpbH(wx4Tn~KotV~0Oa+mGw19IMVUZM#l*7AlR5&)F^lnV_w+C+G~GVe zrF%l2_j8};r10bw%`1NQh99rEEaO;O?kQ%+9`0GlM&rO7C)CliM1Ns(_?hS-Q_p9_ z?B|WKqh1BfC9lJ&j1Htb(el>{%M3BgQexheM`p1OM^geverPGZvADMEK@}ZdMGB{m zY_K$H?aviP#4FBd4@CgnOAR+G3jW)2R*Tq-2QU1E{ha!o8#4=5jTD0TDP#-1>VU-#*2i< z1CfjG!Zz!S9!_Ov=^ws3CVlbT6_YHJtiyGA0e=#N5X1Tio@{t&@Iqex$-#ST^1UCoQ>7OA62a5CWCtTBQsWfx``6b#NN*EC;$J1&&$F zH31;A+Iy@@A64{;o*-^(TNSYb-Bc@a6 zd5sTKS_-apDzbgM;($y&+LHQGM8XB{F~JA+E|ThC{bailJ*=aVdCayTOI0E%4@BBj z@8#}9a>}wtQ89v>mZ^uF;I0V#B+^sLysBkh5*-U|k!n$CSg`yWn{PWykJn_SL^ zRB!*i?)-=0$G_7${+E6nCIPpV8ow>B%^#qNZf+f5j}xqTKkyAJ@Tdw%rrZ?g zV*N)~w*9nr)wp4uJ|oVmqS|*PR(xuXrDj?$=KxU7z29l_+ z#n=8U7X@Z4*gGj42<_mi^WSXF{y6#dj`X+eD>pY`#v6GN^AmCffgVzYfe+6jvP=}Q zV)nHq@hzhMMaxqf7F`&a3f1;uKtAUI>V9P=DK$%h|0{MFrdKWHP%030EVFkhctuty zlDMVG)HPtL>0CeSZU(B>TGyt~iW>(WF8U)fHJs@dPPOYlVrbB0Uw%N2-Nsz#Eyu-~ zbHNiRiv647P`01#n|`C7Qf|kdNsc1>C|qbQcxX0~YEJgAh?c?@MJ`~^=d2nH#CO_hM5#FwZHgT3 zS!Wb1ss}tUMVo@iy)4fe3Q{VwPRri-XlDNvjV0ahxHA%Gz4Q+t6FNbs(UJ zs1;k=CEhNw_`msN9T?>)aP?neWjp{f{H4y<+s`pbj_827c#F!kYEyfGaLmAuy_wXO zVq57a4HM(qDswv@FEl^b5nuVN;QB{Lch>`hEtmIei+aNyMp1etIwuaN1 z=$P!-f%|?Mp!1lumd_=-3#L&)Hp!BJBYW%|aCT8!h6(yveZ9RUVNvW=HooCgHoEF^ z|LdnCDC)^h8U3{#`GCsWn7OWDH=3rb4dUcs^`d~B*g)6{Xdw<|E}vF8|0nZ3@AM*Y zTczhcS|h*get}B81hmpw$~1y#gHCfT)i6-Ek@Tyx-qMXN(?hs|0+vr^jPnU1vYore z{i_~>QO=!}Da7=FX(BFZ*{SvvhbZ4dc5xz`pa1LJf8{zJ^ewFT&>_E|l2#QQXNrm= zfSyY#g~YkwjmH~^s_tu(UvDor8O|XI zNY?L_9&%&M^t<6@F$PQSGU*Ifjg^1~y5xM^XZt!t&Y$D?h?e&h#IwIPrsJk+*|V37 zkho}+Ikplc!J;ooiQEF`lmu~f=Vh>@b%J!^|1Io_xcBn}*kg<^fekl{R0cHw;yZDr|F$CFN@7z-Cn4$fiG?dG_hRLwDKz+W)XudBz$W4N%Zs967dWvD8m*=L*pVi|Q zaYG;NJ;aaPpMf{M-(q8^n#`C^Hajop%eXjfV?UUWN zzh__gzD0rRH=(U>ZftdVh22_k8(xy7=_Z{3k$sLy$MgJU`w+UBu6h2FITugnxLJ&= zfh&)QGhOKryF0Po%r%BNq80oNYs|4*z?->7&BTDc?Xk45s6G9Q#ZK+T4js>OPJxb2 zRci$WZX*ZFiEBUN38i>KOQ)u+I&VWbg=YDV&J4)P7YK&l^vnv%8jZjYzWu7~r8^vv z|GmcM<~_3fsfY?IyvB{no%W*Hj*Gd$<;vRxoNIp?LdUleb&(vPA|WDgoaU?pOK>8 zAx1+4Kh%BI)>#>Inpn-5W4WY%gFkEOYPs1o_tw(X`ZzP4#^kie&0g|Ro1w9SN3)J6 z+wPifqg3UaQIDHfZE6*WZpD}u^+AWC@Vwjw!8FP}aL(jG@UEGac$b!)K$^2-MY?U;y~g=;@VikYQQp1IBq@%~Y| z^?053R`a{Fp#~qSLx!eWWajXDeM3p5W(KGJ{1(n;usEHCp<{AcQPie1@@Zq!mKrBI zGyGM_vZ^g;4Sbn&(=Yr%oWax|H8WW%#4cYGEhC@9U8g|}s?`~p6uO1RE4(SXcI*^m zP8Y1#1Rig(*2oV~of`iS!qdMI8uqXHssKTM0px*hA>MJ6aa^bA0*%y(G*79!PHf7y z?M#qIV}LLh`C*A!Z=bi?U1?vUIR5cO*?QjX#AwlvY8AXOFlaFAF4{TiayI+#NJY zQ6|{i%|k`CpyK{DF89)FIFb!H_-oEYM1I15#JvBODe*r>F#oF`_20ZxF>;{hBCF1S z*XT2CLLQQW`P3HNCZGMVctQL-*8TNYAN?1v(~LiT;f}m$8=RfLe6a9!CzvOk!yf=s z-7f2&`-(b1^AuM3520%iz;4}~JN0t^PMGA+eJ}lg2X``Ijz9OU)Pw#jXd*9Bo}VWX zm;G~}VHD`l(r3Oc`_i0UJelyF3_7^XtN+~hSN~lw1DUVhJKh2j5xDKb{?`Nz`wFVRq5;7 ztkyL4+&~W~IX=eKXnob(oeI<8DCM#e#691gUv!;5_H^d@C=u0BxD!3~k)-@^@)J0x zq&5$tz4$=+&pmJ601`}}!h~=01pNrSi65#x+Wt)G3NrV=G)RytGJi5d3q8RKEMDry zCx~FB=dYO-GT?$CbDz@8bc3Y2vrbN~cD~$RnbHyOnf3HtbADG%zPf+!258{Nw-3_> zVtvLr*n#dQW5&XqUf97G96s1lYvyq?h%}Wd6B>w=Mt`F54&D`^&Kaj3EInGnQ^|HH zaI8c&-$$J7_=BQ1cn9)lcT+Z3@eEsrh0JWhi|!->A*!20%roXfZ`V7lv-mT(KAbY` zAcn(whg}s+DnSI$TpTU04bJgdYwIYZNVl9Sx5Gzy*4_|ucb`7)AUZ>NUAZ%{_ptlA zT4#Xq<|@a?Je9=$VfPDEc0Ut(6tMS^>vZTC`k=hX8B6BspM4*f%H};eUJTFrs5VEt z+Kw*iuiyVw=zj#6Pj3OmT}~~iKM7WOs%~|NCcJ4BX(A(U-KC@`^VlJx`ly|iu3c-6 z#*xyC{iP;@ksxv2LhNSAstUNRt$IsP8P9YIZOw6q@v%Yk9pnxg976{)-u+Zbj18d6 zvF`Pi-zx=i1PcQR3RER-1lv5b6S{cRlKF{|a0o5x#TLy7#Td<1=l(U1@I({1wl(W> z0~yV0+aW%Nb@kiQ>F?K#=9u3#0=%tDuV`5F=U+vxpKSP!53DR)X>NZ761p`V`$s0| z&cxgyI$(7(iKE-sxvt^V+bQ6&-se;*L{HI+(=E_684KamD^Z>8p}V$P6q*zJqb$NT zTzBU|O@8EHNvu<;KqLWIdiZ@4-Vk44WP2ci1?NgG?C=3db}@ZH@oV?o%no*%Dgla} zx|6X2ALh;2Vf|1XRg>K{#(+p}%vs^)tao;DSx=kqn5m02ff`lx24-w=;UEH4ra5z^ zywb*-rWy%SXMVZ&v*)M+c zVcA1^W7isEaq^{?sGyRQOdRaCY6}x{r6a z*2OEFNjCbaAIZf7)!F^K-R>pqsPxZ$5@v>Mw}d(V#Y~8tSx}`HkO4kdhXaAS#S1(Y zbQAsCEjS4gLX~GLYz(nVW2`zRDsy-X&g0u4F1q&q$I8;boPV2^#hkz78+0dGU}E5E zE*XBh*CKB@V^G7vF&`a>j+XJ-Z>kXnJYi2eu}mk9;{1mg42s>{tpwghPZ~G}D?!zN@?lO2 z!<3L;U#gmnQDxRy_u&^m2?Wm{@6L72aB1a;X0>RW_qF*-G&a2otJB#Y+mEKMI!;DC z)i!u;c%6M8J?Qx^?iOA#L*max(Bs#jBE5eVzt~EBQ~#DKKviWJ{OifpOq;(e!4YnD%@B1j98#^HSqU|#4zbbsaWL{ z8ndbBsU#=*?NK@Z@b7NtOIQH{=venYQ(26RSU`PbfxKSnMK_{FY0$;CYLz0|&|%OM z#*GS9CzM)>UUb>XV|!%IoO!|KO-BchS8Rp&nmmaAygD->0o`c!l(qkhumapco;=iTw@^AYwMb|*?Fqez!)uB?q6(4q-= zAWYh9N^P3HO|CiRX}DCTl5C>Z#~-s>$P+txC{SE{`F*T;qB#nQn=7Y33rj_cV=gWx zB;G12WOS#2(*ezA!W1#*UPh7QV?2RKj!a+KFSxUs&NGGd`$!b_H@KitlTuo6Xhigt zHr$JVNj?&_JW(uj#}nrM;1%I($&C=2hmtyN*YDMQ;dRR;VLn;=`V;HpeNMD7 zDY!7X)bt5`BKpLIxmq7BdTK+iy@~J9F^%`LnY4@jNl(>5(;f-W?sv?yZ7oH~a?_=I znI)(pS2?T_ZxShlv1W%Yw)J(VVl~*1-UYyidh}&Wf)J3Dv3p+ZsaX4n(f~tF&MmrfUf}BjPZ0D8-to~H zI4^e@dFSGt@SQ(hLp1crP|s$dl0D|YY57L?5>2J@bpiP5bK28{MM1a>8oSy*7hfw~ z@X%V+ES_2+|Jj9r@6tLS{q@3R1iJVo z?Ft!sg}7U5be!00Rhb=q?%zw^|HtJYut@jc6odY+y!!tLeL4gOwEvKJ`*UBf9_VrW zV2fE0D-BK3e`2XHxWPvmpd`1sJ4^jOe7v<4=au&U#MM*hPd<^t%iZB;OZ^U+f^rqk z{kp-wMTmMi*g9dmd*+-}FPcWNLY`r0en%VA}>M4^9BKC9-omQJLl&Tzv+oaXVq zDU?lts2SZ4wJh6_lf)E)8C4POt0XI+x09O`VU7%NeaR?Ad0dwcNTwjD@?zvP8coU{ zb3;0B`H)NB<`;lV2L8=iOl0`icT&@7Nv+K=&MJLc<{6O)NkDwddzId@)6nL`1JPJxK$mWNE zz$GMZbcQ8^GgBb?czdp!BOflUE$PEd$6!rGgV~axegP@vRB2K6iz3oiZSmu89DQBZ zbuc)AFqZI9LHy@T8L{``gI%owS-sY$dIRzs(3{a(!Zs$*tmijh1elpK!S_za#$%9& z(J@O2!b|!ZIm7OPfu{$g*=@L|NWn$jpZnahAn6g_$_%*yq1BtL3om>8BGujl+;I^D zU0~fc?cROZ zsbH)+(8LV6ziYS-5j79&7DD&W(8}Z*pMZk>PRme2h#Q2BpIz^ks1Is;*2?|_18ee) z;Q==;TnWfSkFX#zfl+L6hW)eW?QeQV6&AgXLY-psy;Y>CMp?1onp(mPH()!3_g(>k zdk@Q?5^&wo5J+M{h&BG^hnts=F(B4ON(#&EwRT!(wVoYj#3q2&I%VTSe%9KAjN!-c zn<^Qeu0m~6>7J!1TN!ArYY(#l+;hB+3EMr#8}4p%?}N|TuR6TK9sru?NRjNV-CYQF z;+FgT{>cPCxF80?5v4{ zaip#2WZkw*)iXm%CDfV3JeV5QecgrfGzfMY+6X9$xVo{bsNd)EWK$Vo!c$#@9qI|# zu8DWToU=7xZUzZ*4nj{ZX<;>G(gxL?2lZ=-x^#9TQ^*x_5F!d!BV`RU-RdLL7`z%@ zKUSOrK481QW5c~y2{Pj^yw1pC<{64#8sY0T3b5X?{2epy2B!Wu|G*jg7ecAPv5!ub6?2twdti2oUgXLg3|9(Gv9mhec4&!w)0v!FTLz3?hf8t}YQ94&7MZ~IGr#vs z+@s{O<1vG=tpV~m-*f@9U5434Haan-31vih5Pl<=_EGU=g+T6ZT%*zdd>#dhnlTUP z#+4nLZt;l&r{NZweY$p<9{ZwV{=AmZD!LWQ#7ip_ug$ZrHB&^;Axk%MnOpquizfq` z#tqIw?Z=yeUl6mNUS8)F)l20a!It=6>ox|gN*P3p_j$L%FVhs${2JTNb(g$yw;_^~ z>(y1|U*|GI?MqE{n@`AUTI3!3buRs8PPW1F$myr{PPsdugn$@0yWlPX9cI%$bEA1n z{*_jpj+q@RTLL|UERubp@q?1i4IppKtIgaPU7~{Q>S;s4HLG6>b)JDk@?$$7C}?KA?@#$p}Xe7S#`u2R79&^@vDkdTZP0jZ@`w$?dDG{I3V6A=fCs1 zz_G-yQL@HwkE&88k~82;O7y&)J5rZjcc+pvxfUKMs7~<`nHQB2y3L}R4X{2~A5Gbj zOW*Ol6`IF7^_2wjM^Wt^IXzQ^%pc#Nd62saGJI15w0r;|;EjFlz#AXgwSkDC6|Z%( z)6a9Rh^7spet2*W0o4lKfs9>yw9SLKulfjd*p~XMA&zWjQ?zOK#_h_} z{t44>p`y$NX-w|(GUQ!mt$cz0hEo4aX05$->Igb)*R&N@eL_N!ya9RLM9wadfG`(& zK4l^WI^oO(NQgNf1*ZO{C3`D!u{is{8i;7PY#1hZ9>ln0Ph(Zk?)|#mnOx)}wC@rf zYsB_?6O4tX*iYZUcoKT|@Bzj+!{6rm3QCuUL=hP6%;)jxSx{s47`^N$nrMopA9%>F zzQ~Z(dZRvE)D?S~cb+in;tnQ zk^|0wKG6EPPn&6GbiibYsqRRG>%KsW2BK{YBBnmCf2MPkv|si)Bt=L@V4(rK$1w>n zI~CZtH%>39+Gk5=HiH)zKq7$eFMxhM_W2B=FuA2mW0zr!ReQy~cpD_Uc=eSj<@S`R zw#;nr`dA_W$GVFY>uBbKtIycq(k^G8i`SeT4t5;4(w@QRES5@19wV`Kuomo7yqGlngzM{N(SnFoQ88?gJ>=IUBps~yD~}@dOjNGJwds-}w7WZC zAyNJtO*?X_DWu4b0S?h{Qt0QH31aIV)C>xc(&sD7cHi6uT#Sz0*+Pt2H8)IY&)w*>*YoI*O>+rP#vmm*tuY9^yi>(Ft#7G~9-BtT zOCh1DcxdfqLJBIE!P0z50IhDj+)Xv+tz>>}Xt|l{lr*gXU4$KB0;VnC@U5*xo;&OC zm4+OWK$Mibh3s1`B53DYAm6$E)WIEp!THBZyXb{~J?sBj^ZxrP1KA`>50eb(XiIGY zhoD|g&*7TlVHL4q%!Rp)odz~8S?HUN?}hDhLBMv&Esa@vu+M`ftZzAPuw^u*d$g`f z_fDm$OQn@S$E)G^v+`wQN;gsu;QH(cHo2ag|Kavzhc5|&J8rm7! z<29Wst&&b(8&8%s7C1uWcXA-gAjlcy)S6Y_&UJT^Q&m?k%~xi^3{+`DX+O@6rBV#u z9hdv9`6(wX)68q>lbB7;Tf3VhHR$dE#6l|9vu^lg>GT$I7#;Q8)6F4rle-DRBf;;_WVqrd$g`eQGTOg%~bhW4aZ8E zL#B8z*tfa0AU>~9+@h=VHta#~PJNQHReBB~rK-XrN!@{9Ut+59{N;asZV#;5MecY3 zpxH)<>kNf!w|oB0LWpVd3NiLz%I;;}^t|jVzo*pFk1829>{T4qXblEZ0Jd|iyw0Am z9N*s3gx^uFOU`d;cBDOgMUXeBuo0=MwAav$20>r0!3k$kUr30mXQPCR7r$Qb$X9l= zzv*E2xPNkOqEf*^_g=HQ#Sy#5M0K?<_TCf4dCThNH`rq-QDBkhn!G!1n~cA;VgIU5 zd~ke;F|Wok#z%jz$jqVC0F-_NwTp$nwfXVPr>|Z94%EEM7jH6MM2e<}zNko-N@e@} zGmaJ3q9O=`3M=7>3j0#yzpt7bIlG178cFeu)|>?GEw+O#G8KPYe*vlwz^Sb3e|#rT zlYE0+C{9&NHu@yBSCw)aCMbbKLZP^1t$BdcU(kCPjjngZy6&x80pYVk%7RJa( z43+--#k3)y>Za-tolnVArNIQ#FC@@3X#Jw&--i-sBYBEVuqZW+7_akm%?nVrGnpV< zyscsIc%T4pGM<=sjaCxi*snfScXEB^@v>Xx?x539(?zp5X*JT5(?;aUS4s*2@bb1XHvqS;@aUYjrX(xzP5 zCa-4D9xvzSR4M=R9`3k9^qMoO^Buxq-2xwLmAOHyVgs>Gy+AA*+KUv5zFikdk6Y+J zYqRqOo_nbPlA6#A-#WmFykHxwqx}(KixkDU1EouLzYI8tBl;WHrxBr4veYwg#QC^_ zwwUmdSMpEr8X&Ckg;Uh3s)j*;tEtVSbfT|AH0j)~=WUy)8jI3EQpc-e!bN(SOQmUE zO`D@lw)t^9>Sgs_Rcyf4HCk1$`xD>Q)?|1PG_L$)aZuxQ;N5@uBLAQ7|NlFidm03k ze)m2BTO^iaazLREC$Mc-@ET`B>BJP&5N~H@&Uv#_!N#RRDJvlv<(u80Nz~Gf6ej-Q z@ZhH3gn>51ZbIAT`>odS{$KVTpp~<)4{(os>&2>o5SEN>$ZU`;?+v@Zk+{)uahi7) zJ4w|TKUhh4cRn_7t`OJh%<1-I&p!)nJJLU~7Ppf7crB(ek#8%XA;M|k|M>O)eg)+J zcE#m?_5VeTRliw>X-vajsZ>C6D}b1w*=QfEa{Bv*o^IZHB z6aI;Z|EvZ7tOfr+TMHDn|5wwnf9uRCZV|b7#HYPGTtkqHNLBqyBpuvM^3=K)Qz7g> zL;)35uB1NiaLTR;_O*E{a&xs76SY^3H9?g_zILaBrA^GaT?_0)kxJW=50bvnJkSsS zHQ2O(L`0uiGRASwNG*5c%ycW(n&5two-Z)d$gpl>ME=O~a?gHHkOZc0_kK(0Jp~Gn z$`aU@;B)#rLwoq{AYtdlge`qG)MKyQ>>Rt8MNI>z^mZO{L@0}OVP1Pgm=Iv>G`amw zwSPg*49?8Rc!4?1vJ0dgZqXL`TIc{`@3ob;|Kp!IVKEvxNE|r zLlmicTqVx0SScWT5#T8jaolq{*^fdts@u}A+JGPpQB`??qf|=1R+w|~QOI1Ln6Rb& zvvj!t+oX(9oRNd*it0`T_<=uov!F*#Ky8S5^U>ji=9$D#82!lVU|&I_pZkPiLPL+x z1$OQiJ6bpvAoL1yD2&o_XlwhK5AtH6MQ2lpZNU_Cl5bcdI8Ev~|Mq!s4DluSnT6n{ zmrpWd=^TXbJz#F$`yHlq_=Ne9nE?*^9uz{s59{QL{)$%Leqk`ccG=Lf*BwC+sM>Zxw-WIGVRu4F+NvhtyFTx)@m#f3xbyyKZeOn`fFadpOD zl&Btm)Xaw&I9X^E!qS!;Hq;DLNR3o~|6M7#=v*Is|Gm2O?6dr7_%-W?>JA>Y5;diD zgN;#2ZL8yBZ}NlF{{|ze z^+3M@)9-!mjK_>fM~7asqRn+1jh?s9`m&h9g)A#dIz1B2>4YOs4yoT}d^pr$W*+zz zWt7&euqbBnvawbF&;@I4M)3WtlO|4!)Nlx(C7c$!5pkZQvA#49$sP<~VQ1!e@SQ@8 zx?q&oEde-_`NH^1-1vTKDyZo^#JQotg=aN%s}I#+X$tHv*B+4S-x84m;oz68PITm* z8R01=yQ1%@pGhv@5>Wxm-}d74_*IJR{OqEW_8tW6@16;!bUCb+(SPK{;E}=;C)Z4A6?b)gLoCjQ`u!^6#MJX-N zL%`T`RVe_}BvL>{xNv4OxrX1I&bwT{c=D)MXGg^;snp(yhFn$_GpjvbD;0D{V0SAI zJYp)PzcjQkAnRHbT&wGTT z#EG~symZsku;uYtT?^+8yM zp2;Q1!W4ZQCb`Qy+OMb)BgE;K$V#*gO;tU zpMaA$CKoS64}5J*`1woOBwjq|;GD%UDt=ccxo8o6L39K&TrZRHh=r6{bS638qrHFA zcj;EGuAhbo(xC6Ayst(iNErW@Dop5=ddzEB6C7tk@uXL%?~q}^a48i2%sA9IJLb%k z)k(hbXdFe!eQYVoXUE8W^b_A9;wC9f&eY&SL_%P~&!#8G`Zz-e&SzCwn2;}Pooy9u zS#u`KTEvA6n`pUZPCJo>H3y(onW054<#vXVwT`jX`By;O_LThKL&FE6?m3R7RGB?P zIOkufF9~i#1^22daO=S~XG2f-(N~>5teZDRpkLt!P{E#Kn;W~m8}sj~d@QI7^^`~4 zs0=;gArccBWvu6x8k2m<kgUkU5yz94ZScT4IAd$DgtI9M!FU7>Xv-feF|md!iD5w zjv`S%glwL6cU=>~Z`gAjb?#qn)ugo4o^k-25G~B81aX&lmK(}0x)nw*YXXkQHMW;n zdU_tI%9}q7^5aRVB>LMUrLXEXbT3_)dfAA!&h43ht8Y+EZ65a*cX#);z4!)1E8HeK z!^Ki5w69;*9YeFohvwA~zGr%iJ&tA_TX{vY%R%1xQ{Su8m7GB~=6;MRRLvt|Z^EYs zdvw?%f7r9&Y0-cMG+m!B-vO}X(pdoJKtt~f6Ei-j480H0(yfPu;3E#5uMh{Dx`nXa zZvjauxpvO_tbyQ_tuxA0xre2G&eAd_B*-f(;}E%*X-W@_ZB};Fu0B9KG*Bi#VOZ8L zlY-hT8a!E<8W&xIYEAFyqgrW92Y#)sySTz$3q+xto?u<~sM>kky=2|0P<;X_^^Ufh z!i@&Gs2Vd}n_$=Dw16Y7rWJB#zHt{#@1k{gC?*8p*Onm&5@hqjvthDvb1IlI`TfgS ziCD-_^he7OajS#qI1qYMXK4$%K3_*AgJ=u{(fG%?3LlE)tZ&6QQT%W|$pejM9gz+0v{Yq1 z-)3FKz991_rV?k%eVM!Pg?jFd###pj2QY7%&TypWD?oo2asEYs%GL1MA#@snmJ}^i zNxs4S@<;R$meO|UgJ)c3M(l>IA4jj?AR<*zPN^?t!G1=BW1thTMw7fsl+{NSE0@#! zQ7=nX=pmv7>SD7t?aG0nFJa9E7oS1FXz9jnYp}T9ZTKLPnEuiLE}Y639eiw9mELE0 zTuC}5E{5jJSkRs%o|Sx}qtDJU833?aO~m^PkNGf$JI8?Tnu-muNqHP=kZ|%R6Qhfc z2dYgKGEx;y3{W+wCF^A-4%-rp6X>C~`~1W?u;k7pa)_VsC802?Y~T}4b{jo>22>SR zqrvufo(imd`(i-~xEPm|?Mk;Y9IH>B28^deKl@xd-WW$xA5Pb6fVnZw9(r?`yyJ+{ zWuAPoWGk)NG107?YeX&xa?_+sX|ENgCSI?LG6B1@enrNbp5#m-Qp`Sgtwm$!cTT<6 zpTP=NJ_Hc=ELj#=>=7Y8;EmBxY{Yt$1^QKcd*CM?gCy4#HwwNy>>%ee#V_|&!EoF^ zHu*n+>Om}lOkT%M9{))F>a09BV&n9-C4gj1OMKl5ddixUMu!2{9)x$CB!+!BMS*#Y zn!pasgek^tw%mHiD=OqL#qKoO)ERh>Qf#I7c%&lY$WI-$iCTRRmC3_ytLGdgouf%E zG9;6vzNmcl&~rp0!sL;|*)Hw;pp}uDN{<61Q+sJU*=2X<5{EI$S)#>w@O4Cf&Dn>_ zm6~nq6$iNZl+K%Ad$U)t2gDSiLs_S%Ki*P!6Y4YaF~WET zxZKg!4r+1P7dz`6E|K#;=2$z1NJU#tSe{dC(Y7lP<)((k5Y3%>ok;0)59gB1*v3O) zwJNKCjolebu>Ebi%?RQ3EsD;~U^y@t}&Ef1YuM8*3S&GGY*g3~? zgi*Gg`%zxL_L%|0%w_g;;5f-8t4w>WT#Kk+=9W^auFz+cQg$V;g{3*HH<=%(pi^DE zF{{9}#i7Ih2=&teC8=7VascvDi~Wuaqe5Zg>rT=ylUD0@xNbT7wl3firg#UHY+?-3Yy2`_3wI+$DqQ{9YvWFK%&UGi6 zJYpYSb*i;%QS)e3aLhjMc87waxJsoxTogW5^NQh8d$#rDcd`e`B_ABZbJr(rD*xS~ zj*`!$hRwZ+d9HeNoPT72ISrqezk~L9FnG`caSuI8_@`VxPb&-<9DOG+Yp7!d?Og?p3xOcpkcDpYMADPUdAT^D`|qP7RJk z#a9s}1&A1ui9+9nP>*bcVOF>c+0KPz*Af7(O)ZxON0X3=jC;;`u zra>{T4QE?wZL-7M1M#)%2GZbWDi9S6mq!G6pKG&gXr$ORG!t}p$`LVby6ibm?~?yu zuP00~BC;SNR#LB5rU|{&447oM+)799+d@UhO0H7htODm;4*8}yETm-6@fr6dsoG~2 zM4O6#_L;e$`(oc0@1M{Ur4&08|1%TSwc{j@Rtvo-_b``AZGDQz!I`B33nPY8s&}v1 zSV5veDF`!daSON0;z|>pUlCmj6br_WEss(BOh{+*SJhvL7F6OHj``~9+IK4vP7W@m zIZ|}yv<43YJgt3)N@Cge!;=Xzt=lSA4v25oKmzwvkDu|x`qxMGCpOf_Keo(CtR)s~ zbQ4r2-Vs}hnrMYDqT(XN&L1l=xt=yc(RSDAE4Ton?qgRc!DPXe?Cloo@AAO+_i}f; zT9ShC2eMlf{GP{BL6|<-E^Box6~Pzu<=5Dl=p>naapO5%vm-TUx)6?{@5UG0U5_jN z<6q4=|4D59x4CM}6T)Yca4K&%XG%~ARNS)A7Sh}efO0!`AYgMd0<4kTCvf0!;JExc zYg-BP2HSGIkptxw1CSatcEn1Df1E44{(ajqJaO($D|WwN45nat?cqvCb=CZ*WUFJG z_icGV0ApH}Xe_5V^uF*!5>Mh6#HzxwVc^dY`P{5qyZ$8@n?VDg<)b;_)7^Lwnq~$%eC79mct@?s{6q)P{oE=B?Kc788 zaDngD=(U+5-R+cOBM;1Yox47JVq_r&`PK&>{n^n!wd!`+EesPK2Lyr_zuNiSK4>y_ z2FuCD(%t|*+}$h^{}}cSbq4kt!YN0=JvjZmDW2`j*M<$`I&}lyh7HDsg;KA7wi@DX z!%R1%zbo+EciQrT5^USH8hAO9Ph{3q2WOHX;i|~c^)4bbbdU;d1&6*^bxPvH52001 z!2iAXw+TVpPG(u))3%AzZ4-j#o${=z%q?mg&%G=63D1f-y{*{IEG4`de%tWn-nKv_ zfH!v=*^2K$0)E{{zA-p9*uXAf!2u-Taq5Q<3oL`-!T@(pDXVDuhfpJxlc>^}+Ce>+Yw>*Q2U_O32H{L~<=>GjRRTV?othkP)MB#(}lWv(w>`PuuGM!Z(D1&xE1G!J?gg?bcG=-KN%x3 zwBA;JC*70byR?0>Ua@c&d>3wz<28-SI;U8ijU+SmIYW`1QTAejo;0r5kv|PFM`}+6 z=zrx}nifVD+TI?DE;HPsTvWg62Y>$d6mID8>rM}UJcE6tI3Q9-w>CE`vJ**T0>`9o zV?@wst`taq15f$JxB5d|TQ(C^_xc$i^&uY%(;@PhiHd{3U9RIA=qb7_SGDaWm8N)- z%9g^b%5a&P*IOyO&p+l!r3$oqSzRy(4wSE#_SH+#lQj@}xycbizw#zXEAVw4A=N-x zjsCsR=ge;fx?<0n$DgyC`MTQh?HHxxKZ8DZ+SAz4mM0U7CS%r526#%}*NykP{`l#~ zr1YUL2$LAylTnPPFd42Sve+}ne<)|LvG_(HXddhlbtvNiUTVyZuW^k1hw&oQS z-%mrD{xzBzP-v}3t_0(VuHZP@0NgHkmOPz0ZL`$pw|}QT5WvQ5|8|aRWItIKM^!+d z;R@%RfbiOZFPx=Iqb7v?*7NU@7C!ZSH-X{PISH{a0QA4Z2D2n0Y`K#uCC3{>*%3%7 z*Aql5l>xt>kgHfRu9ZXid-I^99WSE*B+M% zmhKS+o<`1|qUFd9wI_?v+(HJ8$z`utb0DY4q<`@%5F^V#HN2Uz_X!vC30KlVUDI9P zV70ciwq;+wGd(?Pf)hg>{pEnBfBFHlgcb{#*gEbFeh=3?8(ctO8d<}l zAZ$FZ+^#_5_@dTubaZ~{b(d>xH$qcsERNUJlVTz^6%dh>N?Wm1`e;U~_966Xv(YM> ze7UW!D1P5*Vk_y7BqQinMaH1LkueF7Z>RPA)_fO98y1BRFWA>@w@ z+{qJ2e*!!Os?=98JEWbem>tSa1MgF7z&6ZbTe#qT&^K%uPHBg*JEI4U^=5-!=QkVZ zFE$0LEM@#^S;aR~5SrtTY1_;}ZNnS3r2?dCwy#<b@ zo)tS0rSBGb)HT?|O}y??tE!Ei7D4lRq(B*aWg}wy65ot^aARuz7(rQ{cL$5JejY54 zfdLNvIb-bR5FM_yKnAkD3B+qKzJfVdhr`ckGw|QL$uBB%6(tn92gHB!I(Kh7oE=E_ zx*8;-7S$^2n4`9*c(EO}p&r)sQv1ql@#!Z@+GHD)n69d~kA99nQo^s=$dXnTg`J6z z?5+bU3isyjj}h#6l5n)ZVhn8iRMBg<=i|&s1sjM&2~)<^a7?zCsppMuG>dq&2t@GC zaf9hy*0x+*Iy7_IDs>^r+sbUk;sb>pfdf?uf0^XVa|s}WkDGBq8z$+^Kga2vEoCEj zhbLydS@zQapFU&zBK3}g_h#i9Skr1``);$6>J6K%R&tCpuN}E-{@!Ysh~G?&gzdy)7v1{BRY= zvtLycM4iEDbGze)f*0CAf;Ki=QLn8Muvv4Vj&?e;q$E}aMkB#M(!!yStwX^>?a2M8 zD*6FCvA!G445pK8hI$1 zT6M;2JzDMZn9XR%YZfu(36l*TsD#TZ3YT>}YdvK(J2uUOO=SuX zh0vZHs7p{&hDyBmJ+0`rJX+<@f2_7-+^ZyZxvyMte|@vn`QKJtvUQC^)E#3|#WivTwO)eJ@jByAFl)}IJl@)168zLa7Z+N*c=N$|J`?&f z7xQv`wzTnS^e!R@wne5=m#=^lPEjQ6X9pn&rvUH~;2d^?7AA_Ii|nyiyZ(O7-{bT5 z+W324{2deij)#Ar1%ICf|A(Cg|H(R3`_P_XYGni_`BIh&>`U>q#JP>Jsuy*r7`M)m zO;fP+_na_|?^8U|{kWL&5!=LfWDM`v79wE`aCxYxZs(8N)+y&;uYs1eeX~5*?~P zo*g`4GUVepy8f#8Q^bjR+q=KO;vfAp=G{MMj{P6<%Ku0({}zlBp3DEEil_KP=vna( zp-KAAACH872qjlh7xzHgpgS|Bf+vvm?O!0&@xK6rkU}g6K@P+VM2faAS{lBPxi64n zAT&Z=_rm&_slUUe0}tQ-aOc920+E?xE|%9tjegq2w-F4(T4DVSZ#4Q4{UE(Ln5p`L zv)x+)))ud$A+@Uk^a^S2MbB=PXA`mIVd3(lo#B6=@@#Xg$svh>3`ELF=~a(4@yW?= zcM-F5*3r9m0x5hN3BvhD=!Qle-7f`#697#-|GxZ2&kv!X^zHN5)e3Gl8n0@i zDl_zu=iJkFWj0fvX8Pb6CjI0V#GmzvUsR?5+D+M5{}8IRH25yYAqhl#xJSo$kmLn? z3I?+LL{+5`DBm^_FsMIc4z10JU@U-z1uCxlFpzA|>B|FMa0w7A8MHCp2`G+Z-3>kNZtn+Cb<~5xze0e$v%J;R4%CRAz?$Td{jr+Gmx93?3JX=I-u{I27pRtC}FH z@Bx@P@R+xfF1^%T2)vI>HrZf!zT3bjD{01W=;Q>g3Xq@`Akpi6%Ij*^k?1cjH;% zOkuutsojKQK^)g>wTV=~4*QMMR3sgwEY@pYB*Gc(^N&&X3+(q*@4bKViNYT5`L6N{ zEYw(v(N%~n=c5WMQlSuOnVTN{)~#7{v@)Cc?fzADbWkX+$Dey})(5nux1udQT|`q= z@U%cnmHzv_pN=pBYFtYTw2O;`f$S7kXR}!^Xsq;huMWk}A&>+G@^GPOeubz{mNDA+y=cKd?CUNl=G;#z*miB{tH{+ptMk@=`K2yG$?s(_D+v`)1qP~N|e#mCg%ySpnj+21Q~{G&aD@ zY5G3(!Vv8nQ<86}0Y6SoVPJ0aVO(s66;v<-Q-HQK$e`}b%zs*cHm@Q!pNYacPC_Z2 zS_^P+BOk2f%=Hq|EGpWFKEBoE4Sr}H(7cwWqC}fc-Rz<-ciAKTnFa=nf{Wvrs)eqQ|?bximAuZ7$tn`p9~tcFds zs!K+6l{cu;e{CndLpIzw`qIsE#NCbKm(JT9h{`_i;gPviU8C8i+2^R`PO^(nzJ8$d zpl_9ih@*0I5eWA395>n6Z8r%bF4ww6$K%9)efo?;O0TyxifdSQH9t~k;*+}<$n5Qw zFZrnZ)29chJnzOM_@bmEZ{@37&0I^ebVeDrZ$=3%4{B{h-L=j>Tru&>7OfbQGPg_h z_+!P6V%{OE;}pB*wp8U3cX-jlByz)@;^11hJP@6&J)w2BDOP(D-^8FvGn`#YD2gVb z{nB>0Bkq;(8%-wvs0Z_FxtFS27jkE07CzxxbAQ6TCLG{{Fe2FPlheoMe!_-jhtD_M z>Q?RtU6H~}E#7W@O1=6+DD2a%rq!4*PifoQ*-IgQ`?=X)pYURAsT4(hDQOSyHkWeXNgK9jUzC`@xHkF)Y_5(`9xZ?UeLS@Wvyz zmfY2CynQwMWT&=rQ(meU{kAe%ncI+E+oyWOUn8wTyDk!ySkUgQ?9Xry4sy2mwCph;Nx`K8qfYmQ3yQECnt<@jou zM}aN)#yKFtl)jdIcCBXsI@53MRep8%;6rW%ZZYcuJS(yo2NU8v&OQ_vmE&0v?0w17 z9X4wX*?fB(F6y22xM`65K8{;(0OxP7OW6RpH5H;o(k{Xl{h46X(l_S@ATuMU?j zdS6@^EUuC;;jaIsXFev!mnxIdPy$agXjd2M?D~*j4ioL8FjUTdNhAI9hpLi)CCW+y=+F+o!(${Fgu)*wUnbHk~cbNHqa$i2R}j5PN=?S z*9|o;tG$U_h3`&z-sggH>z8IL{n?l^S!g(U1z>w{yc=0C zhdB2;dewO2kKbf`x7sapI|?WHMCmY-s}LyuVm!_O37Tl7{_*~ibGdeGb!8^bNZOG) z&Jjd2*x_z}vXqURw(eKRvOXRi;=Jy4d2+N+?UdkMm8TA!s0@nwKW7`R8!x5xx-uLe zc$FDHjt#azWk8Tq3bX&c!Z7*^n7kkl#5%-#j2biF$n$Vq41t7%hX%8AC4nLy{K>1< zGD{!~-V@<1r4 zD|+RfXe;^ic$WKlMAf|%(Eg{)gT@?aQ8EGf;yo894)8DbIcnyU4P)}?zk_K{nhW(_wb7?Enx zs%er|b(Yjh8!vl2@z!7aK!eT0#}kc*g6*X}EAkgz^jxc4K*QQIXKNoWYL3=gMAnrn zwpOll_osx9IEK}Qy5DKAOO12Mw#sNS{zp9hZ*MB!$9#bqF7yH@v!qAoS?xUF!vjcR z@`WB4wO63h#j%;?j?LDVPvREc1;T$p!=z9+6_``D-0JX&m@^}-Zg<>#b`1O8Ux-kR z4c5-Dbcqe~U(_UNo0Mz0SI@mJt@LP>SD$(_K~^0N98dArI5eIb7}A{>_8>Dl>k7L7 z5lcdyWa;#r8!(K_XAPPs#pB{`TKl~+rUbZix}VKcY@J%{OR1u$k_EacLXc{7Pm%84 z4x++9U~)n|`?=nhM!HGqfkO%LO)5Q!;24_!HHN?5EZ5q$({B0gzfRloEAoc^m;6WW zVUqbZW2KcYt-_A2j)^83E|RWQo{|%Y@d=CJERyCZ#U)=y<18g4N%!Ir<#V!HH6v9X zWl;woU6w^0{1&eE@6{MA#d_xsbsqt(fe{tyRhR)J1dXkJZGZ4aHgOW4YE-7k9S+?feDvk)kI= zJHOGChb!(;S!9df^Qt^rHAI^>p?gr7o?H<8wb>Q_9HRq-lP{efV6vnXXHlx4tQI1= zC+e8=g@l;DkYO-R9&z27viNw6?~Fa_Go(0c8+zk-YvzN8YEr?2i1O=+QDt2vbzS+y zq!IE4*`@2ecZ`MKXlBRz+SAvD93L)e54dTMxYcZ%*;W0qkcMw2!6Iy5Pu6OVekgl1 zBdsXALsZOty)AD?@vCqCe-8Nnc0qn=NSi&$HNB%7yG8|}I6x-%4x9JUKB?S@HB92< zUF;rVokvel$FBfwTwB)l(i0Dvf?UN=3mh4J{8V*Q#+*^s+xIoJk}4Oc0*mH?*p(#h zXp*);sshQ~Gft-_uUx}1+s@7`aiA4pRItx;S$%nHzB*YnrkFdWDAD#Z_vK z#>!eq<{xo)YjA8XJepYvLIl&w#UXftOlSClgWsA1S7UvHo6Axu=q9MI`yB!B6ajO( z@b1m%A~{ZdUbqx3HwQ$9eH~ZN3DsM;_szO_G_{LJ8zlF~P8LpGl1{m#U7!*cRi@!+ zP^s=SJ>lxET;m!=)Yd+jaI{9dl{|i(0t*l&yT?9Vba5uziDqBuBf(CGbZD1Lo}aav zaIDj&hU~mfQgo-NZ!?3HE^Mm=h5Yvd=>O#J{sSi7dFp&wVlH1^N+1%ot&G;%N&X54 zj^c8+okD&H32nkNPg(@`Q>DPN%|%$?r&J3KMlA$_4gpP3J!ZT|1rX5Vw}hI`Hx0ff zpW|tZo4M4fSU$Q!oi_DA_!i;qn}uNWRV77yc`<=#_O=SzbtifA6L9oK(YAgF0TP#+ zg1}I?Uwr-|reOw=aCdPyS8fo zD{U_14EV!(@`6P}Ujjzom;YN4i(BZ*`EI#u?``2*GJOwb%{Kb8(c#C5dPI%v>m{Kj ztGy>i`+h!uEcDp#LYQpyuN>i&ZXIBEKSZn(`w$dJ2jtndDV7)JVTvKxi1Dw~4T31@ znQiAQOKT!Fbh)kLMk5Iu5^9n9jx^IkIot2j@&&!EG#GxLU2JXuh#wD5slDCr!UGWe zipiqWcIesRhuZYHDvLO^uzVKuMi{TT(+A!R?Pq_k!-yF@cjp~ir^;F@B{!_Exbw`) zOuQy5J>N{G+L@SZpEZ0Ba!3}#9S>xN@>y)`Yc-x7_ck|SO0a+WEkP9xIwNxWd#jnf zbNh{B>QM3XIaNEgoFtFmmuGdxh8h^TIQbcMP=ZrOs)_H*>5QD22@#mKv_5IW!CdwG zE`Pb`5uDS@4!691t#@?cr6W|r#Y@~l5=y~U2rE=9x^tisu19-6pcMLdmDSzzzA3)8 z%Ubx((4&ROc4ZYs)sx;uzeQ&~J2nvMg%Hza3HCE0B`@9T?FsVojtn}EN^D}i9L@>Y zY!7~VN!&(-%{ge)dmk*$1Vj}-G1V)SmoE>NZJe{fjKDaK5#oF};K`Zc`EY_$J59&} zrp3~R2xohtVMC2g&4nH6Hsyx{Q*|#mxqVi9xU;t(0!UAQ2xH{RfUFa5;5Hb;tRSdN z23Wk%Uk(LJmaNYg!ddU6dI{lp`_YIKedBblt?*L&{ZXRzEuDoJffA{R^|&RRnGt-O zt*8)q(ZS4#&RS+g7Psw(r!_0nNW5y81sPAyn*zP40*EF44FuTG+#|qay%h@4Z<(j99F#}%+Row;x zusGGk>}Nt8xH{}ydRKrK2&pBa0)FA56(PN_Ou=prwihA=KwY0rTB@_=vI&w_5a1h# z%#;*Zppxi`sXJe%PbPCSX|radx@uh=t!>Tr_UXT2u68{9Tz9#D9@*TWJSWW1Pjv&m zi+!z&Mthu|N9|F5CRe-oHD+B!w@nwPWI@E?g3kmd1UL7dTYRlyU8Qp9gPG~=-af+z zpUdcn<3iO_`#Y0QdJ&6359IsEfMTrwLU-4FOGo%7b$zZ zU48N&K0cv08bhsQM_N?m40IF29FB;z2Y%P{-ZO~%v+3$yhg8qJ@`xImyTO|ZZI?WE zBfrB#Yac9a37(*=mq7wAqIf~mKQcdRKivgy2h|^rF|F6Ie7Sg^9h(KJ@!JX~4}cIa zv3-4(#le!1AKdS8h8;xfpXiyNv@fcoE8PD8^Lc6DM|TSQpA6Rj!0twEncnKu04rf~ z0JGo1rho@O$UlpeAZ2dC+rmI2tMG=D*zIf`I(^;KG%s`#@`fkx+EcDK`sce(Um~(! z4&2j%e>2u*k+)lPK6qu#)|q~I8I^Fux!|&a@@VJ6hQ5NNyY(9zyA(|AhQFOjEj!F3 z&WD1?POR8OD8z|Z=kwkVa^B#sl{nEq_l*=ChglBkYq^3#of3f< zAq~c9&P}P$1+S4Tb)?eGJi&oEutZFgM8_6}|JHpPCPrncfnqvW(1}k5YPwCWq^-2Q zWv}n8*E?t@4&6RrFP?8MXJrjAHq;r(sot5xLHf%+$XCqMZD++ZESmm`IXOfrdAFpx!Y72s@%xZM>^pybDewYB!4oCb2L*v zT2=lCGw?%bcbo*wW(=Pim#q~m;nTl0T=WPPz?Nqa_JwnXxNwH2)d?V-1ZQJK0jdpG zwUR}UM`f(EIt2G@;cDYp_URj6zh06(JlgUn#avK(#<>d5i>Hsi(6=<>d~`*j9WN9* zXNyzyUTT_Kc$X{7Y7Ur%2I=>@KU}*^63wVKlGUCbpj`0my<9fUSTKqwj5FxpP#NAY zAKgTF<3wA`!xr1qS))~^MT24rGy|8+#cc8=%%9*Pyz~k!#(IX_x0blKlru-$&p*w1 zSRn-zfR+u446C1#2ejtPV;C4IZZ)0_J%l>nsiixs%*Bx#LcYngG&6&bjWLgvx9Yf2 zvTAcE>K@%kbN1r2Wz`hsxh+k9x{-?LDn%D8sVbWmaoqj%PCvyKa=%QvGj_vdr`pMH z06#(YD^t54WKL1cpTX$}-w%47OZk8*qbkWY7RPd5r`lB?HB$r<&M zSTKBr1n0!JOcRJ`NaON1jM-%D29~iQFRtvr@~VQCv3{YDkdkw9L|>D zL;u$|3)i~+D=3Y{IostrAHO~{eqD&lJ?$uJZ1A7}^k0|Ltt}j=lYuf9E*m z7Z`C>NN|lh-)8_*yywgJUEHHQb(%A$!?3H<|6Ul8 z{oJ!${?KHqa*z?8vl(dTntI-*&fmqcwA|vZ%Y}gho|!*{5ZIu8xeu1RS+--yoX?4e zbR8pl{8S^Ea*JM9hszV++)y)M4J&bz&7Qw{smY2mvvly4^>vgiu)Jh>(n!oNR^7!o z%2?ZMBDV(1uz)l|cVr>c1dvx0kwWFa*Lfy5Y`PEoYA_wVn(F)zS~C9(vIIRM9tQ77 zV??oR^M2%x0TT)^!NQ&?Sbw}KU?Rc#5Es87)t@_^+e4MKR8lR1rdwWsrgiS3=#_O$ zwp9Z$_PgylOY7Tp;qgs=Yl(fOq+U5f^*j3y@6=(Ya(luKQI#;R3npPw*!cXZTC_hY@@L__88GvANAxBfTZ(G1(`-F=tv z^&FrDs#GnhV88ZT4TC?$!Y(7Xv_VvrKyFS1`~6Qa|KG2a0$UDb5CHE2(2%+e#;%(? z&)ho7KM3{^VsfZk0eHT3<@SLeLL<&QWH5h!0@(i$8a|r~+H~7(Cey{o;e?ch#Z_QKxA@rbX8!U*hu5pUMhf0NTcePs!aK0D7&o2gVI_7kN z_R!ZX@MX{*IN#Q6?T1jc**{q}n&4&w8L03UtuxRjo81nBHjWH*ezn>})=~HK>W;YU|GCT~ zJcZ{vpoZKj#3d9kL2B=6tDtodM?u6!NfQf@({H}wEAQKC*Yp=*Zm-Uq~BT4p;cCT3^P>%;(=Gu*_z;p;El&n`&wZZvyi4Em9`>8h4I|=ftPRo{Ea6 zph|m@G6E4GiN1BN)?QgGrY78?t*6w%6y9bubns~Sv-?$sgUbGG9d}ssP*9m8h3@*& ztPqujIkl_sw-9UjLc1qMhC>GVhU?8xnoEx3Qd)nIIZj97)^mT&K2%nak+iiKp5)RM z7MaiFwd@=vJNI4=<3!wX;{eKXrwsep8uZQ>Q8UYDx-^fMM!Fd7y3X_9?{ulVaEySc z*ELP4;>TsAd}REH7RDsAuaJK_Q^7(ETCf*3sCy>tZxF8+$VLjZE3!2A2f$p4>*5ttP=3-@zITb>60=&Ud&;!XD$ND{!2cZj@C z8_-jKKHi4D=7ZJ?X!!m}Rd|mwlGV@i&@g0RL%GM5)*#cek6RP0h$UCL2Vd{_2&XK5 z*m?&KWo|$RCH?H}OSkYe2$7IBX9uk!jKO!XFHkxlRnxiiAQ;V?u;ct^rw0X%g62qQ z`W#X)BA8}79_G#V?;v|_x~|T-@i0@e8{Lge``15&{5)cIs;3pWxdyWMSGU5q(m)ip zz45;w=DCYiVY%}N7L=P>p_bP(CqoUv-X=(*FG+L}-*?M#mwKr}fHflufg}|N#2v@8 zrS^wzmH5o|f0=fie4vy6y)xJ@EX2{QW{l1vD%%__NBM_2{V@?X&NT@gp}?gq+}@HD zH#I@8Ab%TYcMZobg+4u#-xlLS-6|am5aUZW1&J;VHbgJGa*OdJ9u$#DqB&79zX~bk zmsNA7-G-vrGUG}z?xLBil^7RlT)12ycb=GCuyD`R>Cfd=yAF%r2L|k#em`?~@?KV@ z*4e0h4H2^eLr24`2OF9LdP5hC#~hBAH0u*R3KHEwbv4IU#c`HL0m2njw+VI2D7VO8 zJ<~p1#vZRUYg0H^UFu+TkK>u!slk;wQ_7f?oS;52K6Nvu*H5YB+qy*|p&7w}r<)-6 z0TqMm)5P-Z8Eg;=|LX*(kI-`B8NzR;Xd@B*?S_%h+rc3p8C$6$=b>779+VMic9oZ- zRv5iB(1_9uGDCYdWd$Ov#)MsDyHda+tk|~sNVeO2OL&n&&hyg-3D+&EeX>F7qE%E& zm1CUdHk>uSm>m`|4a&g5O9raKE?k(0E2EHXWHQ=_ySvAN#G6V%`&W4Z$@G%8*R3k1 z+qUP&D}6F`sE@-Y3l+;r?bZ~jx&6ppY!BI<`w{y_{K`7H*v^%~nE3o=M! zIuoC%@);~vMhMR3gZW!3=u5m|>7pQ4meqreI{9ebc zQQiHu_tbv*12QV#|IXHZ)M^huXd)IWvnCLk{Q4;sxj&)>tAO(C@dQ=)&YI_Jj6>L3oOlB??^7GTZ>x5*<4I zY#}}~E)MuBT6d3FUfBKxExPl}N=q;S5uI@cDBHgQwyY@zi34h7W(wrTy7e%_NL9;F z)=EQvFK9ey^Fzp&3#B9X0zOWhjq37BT9M#z+c@TPg_2mwk}veE8D#x!Mq8$Nh5Js? zCbQnT_sS;Pn0;}&+MbS%xK)eqkNPC)A3m?o)Ms)j!3lbCX*7=)&1lO;FI^k?d7S_Q z?;!hLubTTS9};Gjp65!N;k>4wVtI~6Qsq~EAN2Dsjf(hbilnQ7?>wj7KD}ucu`ADB z0zbsL?|0a{LTdWGnSBzeFE`6bFtqh;!(rP3G_!2mkdo?wi3#38ge+C&nX-JRoi>3E z|L7~eENdRBqgL9xlg#Ng0C@o^=i=aJR&$p&xsiau=0*x$#s zJ@i{}-SoIP!HONvR^sjhn77#OSG~dLJIKRcdE)4 zB0=&xP{q~|3-%tC*;DLBzQy{e(z~cEo5yOeg5057@1cKf^m-X&n=5=2lfec1JBi9Nj&)sXGlh zTK8q2`*7r&Jr-VN4I*D}v9cN`=lezupo{d^* znr6ikRDry6QS1|Ex2`rC^*asew?=)x=@oUgUARZtFaGyPo{~s5)6mM~B`QfeXQ3v+ z6xR;A4FUBD9}-NH*;gMN)at)w@Eyj}llUzFwD7H{|EWUe02gK1rj$z9NAHEm>wD|n zBrHTZ{b}^^;Papa6G;Vn6eJC0@tFxgkF#EQ4y{DC?H^-wR2;eD9$0!g?1L;S5jEBc zJV(0{|1!RHrCyB?M!SJ>+bU=`P^K3SXuxyOQV+4T0j?))&|_i~ehbo^HG34l(AG02 zGzTQH<`|b^7$qm0<5*Z_0LIq9^IcggB849z!pnY&<5nY&d~e#=-mWbAU}<{WUYEf# zf>s|-dj2LyMvpNygbI+McUt%QiANSj;9pb~yY)8IUXFgbE#s=oT(~MInuspDq&#|{ zQr(lqJ+$?dDiOeSDGbK<2L2E_^R3@YykEs8$Gf)$$kf1(#%CDn`o(8FAECK>)zzA^ z_$FvSdq*>LMJxJx46bi+V&$?XU2M(tuW1T2?Yn6^wDYk0WdC2<+Yx})X)0|7{(5zc zy_B=j38vZN=S=%cBg87KUimw0|ZSopsGmtmC!bJR10SDkAE{b{xpWFfI&K{w9QEy`Cci}g{17CCw8 z`Pa{A4{y(m$j>jr)CsQau=W~|Xw$n{`x};h*du(~!dp-Njy7PuuFoaG)4qs1BAC$rJiFHcIwb) zIF3Jr=rE2ablQ-)(3i>01r^t8`MVy>p?>-VhFnEUYfk@j>LFOzJF#Bu{%&mnBhj?C zYcEoQ|I29i>6!iqFSu36k+0cM#xyCbRZ7`DK5FQ8uMJ5ArMtF+l(|jn;V0l4?i8AH zb`;Bk3%PrPZ!s3{qZg#ku(%4}#9mPfKfI0*Gl;JK-w7EhjmuRNf)x zySxkuEQ8z{Y{GU}?M9!2wSstr*YdoZPbM(Bs8V_fDF>s586_NQMP~V#j&*CHO1%N2 z?c@C5aZn>BRqig|YpnAWD~cP>Vlt$1uW<^$v4k1#lB`>~kUr=gtDnX@o!R~4oz_VW zes6EeDP|)#)}LAZU+rCcJd|nspSEqSLrsM+WM0{lAtVxEYHhSEB7=n4l7xg(O$@Vz zQI1Agn z3Im<`OeC+uR(oxLRL>K#3q8n8{U7~q@bZkwicM3eJ}Ta!C`ljZNk$oK-~G852AhwC z^lRZ17|&>e0h)A;)ks>>-3+SSoYb-1=vxVJVgB?d%ZO@Sn`MM2 z9@RdSt1jJ}Nt%Czom=-|GeiA5-o+1lIzU~SrzR<{FfDf{ttN&@a!vA)jwQYh1>=#U zQ?(+)CX1e2isekt2Cs_xBVc_$%01M*tvoqwFz8&2#?uf6)$U%x{;rX$AxGO1>8Jy^ zQ74MO@-)VUf-#{OR47poufv2#Yh!pQ={X-e$H#RCa%q7(O; zYX%&s%0BNNhZCExlLN+IOm~ zkmgW&WQoMH<8zy=$S)d!*2C#Me+D(e-)sVYCXHuDIw+%?z2ZE(FC#j7@@wket<-S9=HSu+DoVtb|y zyhY0#hF9P<2;UG+#&V70H$Y%RS}=8KfS^w6cy zSwAz-8J)_O6Mjpvr`Y2vzjFezhX=g(Cf=lG)jiShY02o|1WZsc&rNmt+trHoR$iti zJUYNVI+{wmLiaUat??Pw9=xB_(W+3AAZ=Pk@aBrIg(&MX?8C<^!REqaUdpwp%nQiI zl=Y5w;xmwzfV82NA4;x^@40?!pqL?eaTv$jc50p_zpp$n>5O@G?bDfg#~3|Hz`Q*H zux77TYa|;c5{8g=lNnmc%}3rcWt2w({XJFP&sIhRMmr$wO&Tg=%P}}Y_ls1f*dm=~ z)J$%1_4VLDIw9#RNd;4jI%)Ql8=rrmTG$Y~s^yYsJhPNonY-D`$euagO>5oVmZ9qs zo0OAlLTmeelf6qZU$$kS#x*=+KPTrHjcs3%lpUevnq!r#G~!+s?8r;mikUqakCHt| z^KqluW@%@jT;tVvO-?!VZn3lMVZ!(A>^h&?)Ed?rD6RRb&8A7Op*W@?4Kifc&fdI| zt!u)PpVTxGi77>&XO@R5eCq?T4qrI6Df`tat<;FSwcu514~}g-igW(~S0D$;F!MFh zq`6vsc&5jlEktjv}7kR(7ZZ=Vvbm=C*ylCy;mcg(0Xx0RUV8M3k zpC9sp7(Us?vcU`I5%s3IYK|646J6A)aUB$|z&EDHk37-Iu5+W~aN4N(0$1i%eu3+* z$ip>POa6|nR&$l$%^GR<`G!s1Gej9t(y$5{-mG7_QT+?i`Kf+DO*y#fPTb+fYAy{b zw3X0_D~cyNAD^pLY~BXKCOGn-XNa%btBY?8b`;UK*7!zDI1jjoXJA|lm2Gjyg+gG> z8JzBci1D6Ms%kG?4MZC)F}Cqmm^vpHu@TM5y6xIEy1VJIiPCT!Rn0a<8FdyzYs=74 zvrjR%O`r5g_c^qfb*T&vKf-^uJM{A4CLuME>6Lc+>}n8)RN%oY_|HlP1-8|Pv7ngN z63U=?T5ce#8XU`SUQB%P+-`HXOaDGhKfA-FBc{Etv1pqUhH;mUV$NqQj5=qgpaYz| zPIqS2r0c)&I`96vm`-yS^K_kz=|l^vZ3M+Wp}M#}H_*P`-a>o5x=Z=I zh;C0&YphxId05klT(sY=C(0YoyI!Zd;1UbvFs2y#JhF?HJSTDJ|Uc%trPZ+1wZ z%v}8*G~iWGj*>dhN@bP7IdSh1u&+NaKDCjAWREAp&dulrJs5-|s;=P|@A9i9dlx?? zJu#O)4P7!$$Ii!#%A^UCVm91h$sRF$#31M2MY93Z0UCP5zs&RpWoa&fccAO+GeKT$ zso9Aq7TaMs-Ecmg)W)H#!38c(%Q{WkBg#^%Ft-@^+`j19ItEddLP0_lXT1d znj}Y`C{LqDN4AwIEXKWc)VQYXk6287?-wiCu%A%=(V!VLDRdUc@&IYfGpKzS3$zy? zd?V_3{sl@iKgGcr>Ifcw;H=~*aL~&|y}>b=chVl#*_>D(nB9}Mn*KaU$EB9%9_(Mu zY$&RF?t3BSR{DfUMxm4MeJp6uZ5*gNUEd0 zkvj`#Jq3jclq>9`lEz!lKRB_GmXI1>&U7gu3=XlqKGrnh%~|QNQH&&h$K5fe3k?D? z0=#)gBzu6|kl8}_9g8%e2v(C^IwNl0ynoVUayr!GL3J&8#I^p~(fpYL-(15NUCl>z z1(gS=Gd7Beg?o<#9u4N~#8oQYd3u3c2Y#_7!-JfGA9RpW@UhgOzF~g0 zL-y;@G_u;0nYiuMEkea+P8O!AWo2xJzZv;9pY?x7K$10HcqnvXH=r$6k>rpc0Ehb> zXUlRlI9uZ98?lm)J*E>Dh=EUkqg2m-ER67PYe?e^xAaRvx!=;xw~bvWbOP~BZD1`b z?Yo;p>lb1?`saOiJnp|@_GT7teO&vbZ}96+vig}I8oW1UC5Tqm+krgpI)rtrAb(Ne z1R8Rjz{0$zE5xBnAYfe@7dgKN?IdcuY3yfT&I(T{uh1gGUIhkWj2s;yhHj37u98m?KdC8)9U zEQDFf-a9zYUD#5impNwanzvFU+dm`vd&jtkBF>>EPfM;!vY0)V<;{mxrU4S_d>yh zf*`p>F297- zNV*ETIp2=hXrE;&=PFC^!>|yiqtVLZN)=2kV9TBc4S>W*9&_GJ`HkN zS^y3#%tC_y`bTY|LEe~8+M;!PKfM-ytO*io#%#G87YhHj!wK*{=YEjVzrS|`FGW|U zN%I>?#{fWk4m>^1<>1Bj5HV(XeUK9qvONqZ}l68J=w)*F0iAzYR=@jYe)CnnD)FMqXPzSy7 z#)9$+5X@V5Q0%^p=ro0T!Gbn5vW%b#S^ek_Mq>4sL=)HXwLp@}vC!Fk``^^~|5}*U zPX}NGN%ky29IxAsh(?CW(S0%Iqz->J335mPhIhjXFfmVt7HwH5;4+dN(wtQBgP8zD ze(#bgiI3!4#*lIjAhJIeAT;Dz!x<%pf`+d_AwI^p=$mcjWL(8x?^>#UVm2%Tns;)zn0LT zu8x<5WufR#YNAUAAnpAQyM4~PCcZGxA0e-{`7-tG;wuQh0?NuBW$wrhH(MJf^-ti# zL-J`U0cwq(w=nOj;G;DKr>ZFPqh{13KSEc)9jt5XU~q_x77gdIUC@I{6HS_j`E+Icj6Q^$&$( z*mmDJ1Ug<*3H$c-{da0yOTR_2H7ExDsj&*Ho!_hhM-;peKC|aN`sJn&{p~p}`i7M> z9gzdbzHk}Qo-M_n^o! z@a!}GzN0&0ZoE6jZN-pn5=#GsQOQRa$5tV%|8?-=(WXbARYP%mjphR={}6Imf5 z+i_wi-+voe_Ya4H HSnmHH9lAK* literal 0 HcmV?d00001 diff --git a/docs/addons/etcd/basic-auth/index.md b/docs/addons/etcd/basic-auth/index.md new file mode 100644 index 0000000..2edb282 --- /dev/null +++ b/docs/addons/etcd/basic-auth/index.md @@ -0,0 +1,639 @@ +--- +title: Backup & Restore Etcd | Stash +description: Take backup of Etcd cluster using Stash +menu: + docs_{{ .version }}: + identifier: stash-etcd-basic-auth + name: Etcd Cluster with Basic Auth + parent: stash-etcd + weight: 20 +product_name: kubestash +menu_name: docs_{{ .version }} +section_menu_id: stash-addons +--- + +# Backup & Restore an Etcd Cluster with Basic Auth Enabled + +Stash `{{< param "info.version" >}}` supports backup and restoration of Etcd database. This guide will show you how you can take backup & restore your Etcd database using Stash. + +## Before You Begin + +- At first, you need to have a Kubernetes cluster, and the `kubectl` command-line tool must be configured to communicate with your cluster. +- Install Stash in your cluster following the steps [here](/docs/setup/install/stash/index.md). +- If you are not familiar with how Stash backup and restore Etcd database, please check the following guide [here](/docs/addons/etcd/overview/index.md). + +You have to be familiar with following custom resources: + +- [AppBinding](/docs/concepts/crds/appbinding/index.md) +- [Function](/docs/concepts/crds/function/index.md) +- [Task](/docs/concepts/crds/task/index.md) +- [BackupConfiguration](/docs/concepts/crds/backupconfiguration/index.md) +- [BackupSession](/docs/concepts/crds/backupsession/index.md) +- [RestoreSession](/docs/concepts/crds/restoresession/index.md) + +To keep things isolated, we are going to use a separate namespace called `demo` throughout this tutorial. Create `demo` namespace if you haven't created that already. + +```bash +$ kubectl create ns demo +namespace/demo created +``` + +> Note: YAML files used in this tutorial are stored [here](https://github.com/kubestash/docs/tree/{{< param "info.version" >}}/docs/addons/etcd/basic-auth/examples). + +## Prepare Etcd + +In this section, we are going to deploy an Etcd cluster. Then, we will insert some sample data into it. + +### Deploy Etcd + +At first, let's deploy an Etcd cluster. Here, we will use a StatefulSet and a Service to deploy an Etcd cluster consisting of three members. The Service is used for handling peer communications and client requests. + +Here, is the sample YAMLs that we are going to use to deploy the Etcd cluster, + +```yaml +apiVersion: v1 +kind: Service +metadata: + namespace: demo + name: etcd +spec: + clusterIP: None + ports: + - port: 2379 + name: client + - port: 2380 + name: peer + selector: + app: etcd +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: etcd + namespace: demo + labels: + app: etcd +spec: + serviceName: etcd + replicas: 3 + selector: + matchLabels: + app: etcd + template: + metadata: + name: etcd + labels: + app: etcd + spec: + containers: + - name: etcd + image: gcr.io/etcd-development/etcd:v3.5.0 + ports: + - containerPort: 2379 + name: client + - containerPort: 2380 + name: peer + volumeMounts: + - name: data + mountPath: /var/run/etcd + command: + - /bin/sh + - -c + - | + PEERS="etcd-0=http://etcd-0.etcd:2380,etcd-1=http://etcd-1.etcd:2380,etcd-2=http://etcd-2.etcd:2380" + exec etcd --name ${HOSTNAME} \ + --listen-peer-urls http://0.0.0.0:2380 \ + --listen-client-urls http://0.0.0.0:2379 \ + --initial-cluster etcd-0=http://etcd-0.etcd:2380,etcd-1=http://etcd-1.etcd:2380,etcd-2=http://etcd-2.etcd:2380 \ + --initial-cluster-token etcd-cluster-1 \ + --advertise-client-urls http://${HOSTNAME}.etcd:2379 \ + --initial-advertise-peer-urls http://${HOSTNAME}.etcd:2380 \ + --data-dir /var/run/etcd + volumeClaimTemplates: + - metadata: + name: data + namespace: demo + spec: + storageClassName: standard + accessModes: ["ReadWriteOnce"] + resources: + requests: + storage: 1Gi +``` + +Let's deploy the Etcd cluster we have shown above, +```bash +$ kubectl apply -f https://github.com/kubestash/docs/tree/{{< param "info.version" >}}/docs/addons/etcd/basic-auth/examples/etcd.yaml +service/etcd created +statefulset.apps/etcd created +``` + +Now, let's wait for the database pods `etcd-0`, `etcd-1`, and `etcd-2` to go into `Running` state, + +```bash +❯ kubectl get pods -n demo --selector=app=etcd + +NAME READY STATUS RESTARTS AGE +etcd-0 1/1 Running 0 11s +etcd-1 1/1 Running 0 10s +etcd-2 1/1 Running 0 9s +``` + +Once the database pods are in `Running` state, verify that the Etcd cluster is ready to accept connections. Let's exec into the `etcd-0` pod and check cluster's health. + +```bash +❯ kubectl exec -it -n demo etcd-0 -- /bin/sh +127.0.0.1:2379> etcdctl endpoint health +127.0.0.1:2379 is healthy: successfully committed proposal: took = 1.258639ms +``` +We can see from the above output that our Etcd cluster is ready to accept connections. + +### Enabling basic authentication +To use basic authentication in Etcd cluster, we need to create a user using `etcdctl`. We will add one special user, `root` and grant this user `root` role. The `root` role has global read-write access and permission accross an Etcd database by default. + +Let's exec into `etcd-0` pod and enable basic authentication, + +```bash +❯ kubectl exec -it -n demo etcd-0 -- /bin/sh + +127.0.0.1:2379> etcdctl user add root +Password of root: +Type password of root again for confirmation: +User root created + +127.0.0.1:2379> etcdctl user grant-role root root +Role root is granted to user root + +127.0.0.1:2379> etcdctl auth enable +Authentication Enabled +127.0.0.1:2379> exit +``` +Here, we have used `not@secret` as password for the user we have created above. + +### Insert Sample Data + +Now, we are going to exec into any of the database pods and insert some sample data. + +Let's exec into the `etcd-0` pod for inserting sample data. We are going to export the username and password as an environment variable. + +```bash +❯ kubectl exec -it -n demo etcd-0 -- /bin/sh + +127.0.0.1:2379> export USER=root +127.0.0.1:2379> export PASSWORD=not@secret + +127.0.0.1:2379> etcdctl --user $USER:$PASSWORD put foo bar +OK +127.0.0.1:2379> etcdctl --user $USER:$PASSWORD put foo2 bar2 +OK +127.0.0.1:2379> etcdctl --user $USER:$PASSWORD put foo3 bar3 +OK + +# Verify that the data has been inserted successfully +127.0.0.1:2379> etcdctl --user $USER:$PASSWORD get --prefix foo +foo +bar +foo2 +bar2 +foo3 +bar3 +127.0.0.1:2379> exit +``` + +We have successfully deployed an Etcd cluster and inserted some sample data into it. In the subsequent sections, we are going to backup these data using Stash. + +## Prepare for Backup + +In this section, we are going to prepare the necessary resources (e.g., database connection information, backend information, etc.) before backup. + +### Ensure Etcd Addon + +When you install Stash, it will automatically install all the official addons. Make sure that Etcd addon has been installed properly using the following command. + +```bash +❯ kubectl get tasks.stash.appscode.com | grep etcd +etcd-backup-3.5.0 18m +etcd-restore-3.5.0 18m +``` + +This addon should be able to take backup of the databases with matching major versions as discussed in [Addon Version Compatibility](/docs/addons/etcd/README.md#addon-version-compatibility). + +### Create Secret + +>You can skip this section if you don't have basic authentication enabled in your Etcd cluster. + +Now, we have to create a Secret with the access credentials to our Etcd database. Here, is the YAML of the Secret we are going to create, + +```yaml +apiVersion: v1 +kind: Secret +metadata: + name: etcd-basic-auth + namespace: demo +type: Opaque +stringData: + username: root + password: not@secret +``` + +Let's create the `etcd-basic-auth` Secret we have shown above, +```bash +$ kubectl apply -f https://github.com/kubestash/docs/tree/{{< param "info.version" >}}/docs/addons/etcd/basic-auth/examples/etcd-secret.yaml +secret/etcd-basic-auth created +``` + +### Create AppBinding + +Stash needs to know how to connect with the Etcd cluster. An `AppBinding` exactly provides this information. It holds the Service and Secret information of the Etcd cluster. You have to point to the respective `AppBinding` as a target of backup instead of the Etcd cluster itself. + +Here is the YAML of the `AppBinding` that we are going to create for the Etcd cluster we have deployed earlier. + +```yaml +apiVersion: appcatalog.appscode.com/v1alpha1 +kind: AppBinding +metadata: + name: etcd-appbinding + namespace: demo +spec: + clientConfig: + service: + name: etcd + port: 2379 + scheme: http + secret: + name: etcd-basic-auth + type: etcd + version: 3.5.0 +``` + +Here, + +- `.spec.clientConfig.Service` specifies the Service information to use to connects with the database client. +- `.spec.secret` specifies the name of the Secret that holds necessary credentials to access the database. If your Etcd database is not using authentication, then don't provide this field. +- `.spec.type` specifies the type of the database. + +Let's create the `AppBinding` we have shown above, + +```bash +$ kubectl apply -f https://github.com/kubestash/docs/tree/{{< param "info.version" >}}/docs/addons/etcd/basic-auth/examples/appbinding.yaml +appbinding.appcatalog.appscode.com/etcd-appbinding created +``` + +### Prepare Backend + +We are going to store our backed up data into a GCS bucket. So, we need to create a Secret with GCS credentials and a `Repository` object with the bucket information. If you want to use a different backend, please read the respective backend configuration doc from [here](/docs/guides/backends/overview/index.md). + +**Create Storage Secret:** + +At first, let's create a secret called `gcs-secret` with access credentials to our desired GCS bucket, + +```bash +$ echo -n 'changeit' > RESTIC_PASSWORD +$ echo -n '' > GOOGLE_PROJECT_ID +$ cat downloaded-sa-key.json > GOOGLE_SERVICE_ACCOUNT_JSON_KEY +$ kubectl create secret generic -n demo gcs-secret \ + --from-file=./RESTIC_PASSWORD \ + --from-file=./GOOGLE_PROJECT_ID \ + --from-file=./GOOGLE_SERVICE_ACCOUNT_JSON_KEY +secret/gcs-secret created +``` + +**Create Repository:** + +Now, create a `Repository` object with the information of your desired bucket. Below is the YAML of `Repository` object we are going to create, + +```yaml +apiVersion: stash.appscode.com/v1alpha1 +kind: Repository +metadata: + name: gcs-repo + namespace: demo +spec: + backend: + gcs: + bucket: stash-testing + prefix: /demo/etcd/basic-auth-backup + storageSecretName: gcs-secret +``` + +Let's create the `Repository` we have shown above, + +```bash +$ kubectl create -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/etcd/basic-auth/examples/repository.yaml +repository.stash.appscode.com/gcs-repo created +``` + +Now, we are ready to backup our data into our desired backend. + +### Backup + +To schedule a backup, we have to create a `BackupConfiguration` object targeting the respective `AppBinding` of our Etcd cluster. Then Stash will create a CronJob to periodically backup the database. + +#### Create BackupConfiguration + +Below, is the YAML for `BackupConfiguration` object we are going to use to backup the Etcd cluster we have deployed earlier. + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: etcd-backup + namespace: demo +spec: + schedule: "*/5 * * * *" + task: + name: etcd-backup-3.5.0 + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: etcd-appbinding + retentionPolicy: + name: keep-last-5 + keepLast: 5 + prune: true +``` + +Here, + +- `.spec.schedule` specifies that we want to backup the database at 5 minutes intervals. +- `.spec.task.name` specifies the name of the Task object that specifies the necessary Functions and their execution order to backup an Etcd database. +- `.spec.repository.name` specifies the Repository CR name we have created earlier with backend information. +- `.spec.target.ref` refers to the AppBinding object that holds the connection information of our targeted database. +- `.spec.retentionPolicy` specifies a policy indicating how we want to cleanup the old backups. + +Let's create the `BackupConfiguration` object we have shown above, + +```bash +$ kubectl create -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/etcd/basic-auth/examples/backupconfiguration.yaml +backupconfiguration.stash.appscode.com/etcd-backup created +``` + +### Verify Backup Setup Successful + +If everything goes well, the phase of the `BackupConfiguration` should be `Ready`. The `Ready` phase indicates that the backup setup is successful. Let's verify the `Phase` of the BackupConfiguration, + +```bash +$ kubectl get backupconfiguration -n demo +NAME TASK SCHEDULE PAUSED PHASE AGE +etcd-backup etcd-backup-3.5.0 */5 * * * * Ready 11s +``` + +#### Verify CronJob + +Stash will create a CronJob with the schedule specified in `spec.schedule` field of `BackupConfiguration` object. + +Verify that the CronJob has been created using the following command, + +```bash +❯ kubectl get cronjob -n demo +NAME SCHEDULE SUSPEND ACTIVE LAST SCHEDULE AGE +stash-trigger-etcd-backup */5 * * * * False 0 14s +``` + +#### Wait for BackupSession + +The `stash-trigger-etcd-backup` CronJob will trigger a backup on each scheduled slot by creating a `BackupSession` object. + +Now, wait for a schedule to appear. Run the following command to watch for a `BackupSession` object, + +```bash +❯ kubectl get backupsession -n demo -w +NAME INVOKER-TYPE INVOKER-NAME PHASE DURATION AGE +etcd-backup-1634538902 BackupConfiguration etcd-backup 0s +etcd-backup-1634538902 BackupConfiguration etcd-backup Running 0s +etcd-backup-1634538902 BackupConfiguration etcd-backup Succeeded 39s 39s +``` + +Here, the phase `Succeeded` means that the backup process has been completed successfully. + +#### Verify Backup + +Now, we are going to verify whether the backed up data is present in the backend or not. Once a backup is completed, Stash will update the respective `Repository` object to reflect the backup completion. Check that the repository `gcs-repo` has been updated by the following command, + +```bash +❯ kubectl get repository -n demo +NAME INTEGRITY SIZE SNAPSHOT-COUNT LAST-SUCCESSFUL-BACKUP AGE +gcs-repo true 93 B 1 2m1s 24m +``` + +Now, if we navigate to the GCS bucket, we will see the backed up data has been stored in `/demo/etcd/basic-auth-backup` directory as specified by `.spec.backend.gcs.prefix` field of the `Repository` object. + +

+ Backup data in GCS Bucket +
Fig: Backup data in GCS Bucket
+
+ +> Note: Stash keeps all the backed up data encrypted. So, data in the backend will not make any sense until they are decrypted. + +## Restore Etcd + +If you have followed the previous sections properly, you should have a successful backup of your Etcd cluster. Now, we are going to show how you can restore the database from the backed up data. + +### Restore Into the Same Etcd Cluster + +You can restore your data into the same Etcd cluster you have taken backup from or into a different Etcd cluster. In this section, we are going to show you how to restore data in the same Etcd cluster which maybe necessary when you have accidentally deleted any data from the running cluster. + +#### Temporarily Pause Backup + +At first, let's stop taking any further backup of the Etcd cluster so that no backup runs after we delete the sample data. We are going to pause the `BackupConfiguration` object. Stash will stop taking any further backup when the `BackupConfiguration` is paused. + +Let's pause the `etcd-backup` BackupConfiguration, + +```bash +$ kubectl patch backupconfiguration -n demo etcd-backup --type="merge" --patch='{"spec": {"paused": true}}' +backupconfiguration.stash.appscode.com/etcd-backup patched +``` + +Verify that the `BackupConfiguration` has been paused, + +```bash +❯ kubectl get backupconfiguration -n demo etcd-backup +NAME TASK SCHEDULE PAUSED PHASE AGE +etcd-backup etcd-backup-3.5.0 */5 * * * * true Ready 22m +``` + +Notice the `PAUSED` column. Value `true` for this field means that the `BackupConfiguration` has been paused. + +Stash will also suspend the respective CronJob. + +```bash +❯ kubectl get cronjob -n demo +NAME SCHEDULE SUSPEND ACTIVE LAST SCHEDULE AGE +stash-trigger-etcd-backup */5 * * * * True 0 6m15s 23m +``` + +#### Simulate Disaster + +Now, let's simulate an accidental deletion scenario. Here, we are going to exec into the `etcd-0` database pod and delete the sample data we have inserted earlier. + +```bash +❯ kubectl exec -it -n demo etcd-0 -- /bin/sh +127.0.0.1:2379> export USER=root +127.0.0.1:2379> export PASSWORD=not@secret + +127.0.0.1:2379> etcdctl --user $USER:$PASSWORD del foo +1 +127.0.0.1:2379> etcdctl --user $USER:$PASSWORD del foo2 +1 +127.0.0.1:2379> etcdctl --user $USER:$PASSWORD del foo3 +1 +# verify that the sample data has been deleted +127.0.0.1:2379> etcdctl --user $USER:$PASSWORD get --prefix foo +(nil) +127.0.0.1:2379> exit +``` + +#### Create RestoreSession + +To restore the database, you have to create a `RestoreSession` object pointing to the `AppBinding` of the targeted database. + +Here, is the YAML of the `RestoreSession` object that we are going to use for restoring our Etcd database cluster. + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: RestoreSession +metadata: + name: etcd-restore + namespace: demo +spec: + task: + name: etcd-restore-3.5.0 + params: + - name: initialCluster + value: "etcd-0=http://etcd-0.etcd:2380,etcd-1=http://etcd-1.etcd:2380,etcd-2=http://etcd-2.etcd:2380" + - name: initialClusterToken + value: "etcd-cluster-1" + - name: dataDir + value: "/var/run/etcd" + - name: workloadKind + value: "StatefulSet" + - name: workloadName + value: "etcd" + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: etcd-appbinding + runtimeSettings: + container: + securityContext: + runAsUser: 0 + runAsGroup: 0 + rules: + - snapshots: [latest] +``` + +Here, + +- `.spec.task.name` specifies the name of the Task object that specifies the necessary Functions and their execution order to restore an Etcd database. +- `.spec.task.params` refers to the names and values of the Params objects specifying necessary parameters and their values for restoring backup data into an Etcd cluster. We need to specify the folowing parameters, + - `initialcluster` parameter refers to the initial cluster configuration of the Etcd cluster and it must be the same as the initial cluster configuration of the deployed Etcd cluster. + - `dataDir` parameter refers to the datadir of the deployed Etcd cluster where the backed up data will get restored. + - `workloadKind` parameter refers to the workload e.g. Pod/StatefulSet we have used to deploy the Etcd cluster. + - `workloadName` parameter refers to the workload name we have used to deploy the Etcd cluster. +- `.spec.repository.name` specifies the Repository object that holds the backend information where our backed up data has been stored. +- `.spec.target.ref` refers to the respective AppBinding of the Etcd database. +- `.spec.rules` specifies that we are restoring data from the latest backup snapshot of the database. +- The restore Job need access to the respective volume of the Etcd database. As a result, we have to run the restore Job as the same user as the Etcd database or as root user. Here, we are running the restore Job as root user using `spec.runtimeSettings.Container.securityContext` section. + +Let's create the `RestoreSession` object object we have shown above, + +```bash +$ kubectl apply -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/etcd/basic-auth/examples/restoresession.yaml +restoresession.stash.appscode.com/etcd-restore created +``` + +Once, you have created the `RestoreSession` object, Stash will create a restore Job. Run the following command to watch the phase of the `RestoreSession` object, + +```bash +❯ kubectl get restoresession -n demo -w +NAME REPOSITORY PHASE DURATION AGE +etcd-restore gcs-repo Running 9s +etcd-restore gcs-repo Running 13s +etcd-restore gcs-repo Running 72s +etcd-restore gcs-repo Succeeded 72s +etcd-restore gcs-repo Succeeded 1m13s 72s +``` + +The `Succeeded` phase means that the restore process has been completed successfully. + +#### Verify Restored Data + +Now, let's exec into the `etcd-0` database pod and verify whether the actual data has been restored or not, + +```bash +❯ kubectl exec -it -n demo etcd-0 -- /bin/sh + +127.0.0.1:2379> export USER=root +127.0.0.1:2379> export PASSWORD=not@secret + +127.0.0.1:2379> etcdctl --user $USER:$PASSWORD get --prefix foo +foo +bar +foo2 +bar2 +foo3 +bar3 +127.0.0.1:2379> exit +``` + +Hence, we can see from the above output that the deleted data has been restored successfully from the backup. + +#### Resume Backup + +Since our data has been restored successfully we can now resume our usual backup process. Resume the `BackupConfiguration` using following command, + +```bash +❯ kubectl patch backupconfiguration -n demo etcd-backup --type="merge" --patch='{"spec": {"paused": false}}' +backupconfiguration.stash.appscode.com/etcd-backup patched +``` + +Verify that the `BackupConfiguration` has been resumed, +```bash +❯ kubectl get backupconfiguration -n demo etcd-backup +NAME TASK SCHEDULE PAUSED PHASE AGE +etcd-backup etcd-backup-3.5.0 */5 * * * * false Ready 4h54m +``` + +Here, `false` in the `PAUSED` column means the backup has been resumed successfully. The CronJob also should be resumed now. + +```bash +❯ kubectl get cronjob -n demo +NAME SCHEDULE SUSPEND ACTIVE LAST SCHEDULE AGE +stash-trigger-etcd-backup */5 * * * * False 0 3m24s 4h54m +``` + +Here, `False` in the `SUSPEND` column means the CronJob is no longer suspended and will trigger in the next schedule. + +### Restore Into Different Database of the Same Namespace + +If you want to restore the backed up data into a different Etcd cluster of the same namespace, you have to create another `AppBinding` pointing to the desired Etcd database. Then, you have to create the `RestoreSession` pointing to the new `AppBinding`. + +### Restore Into Different Namespace + +If you want to restore into a different namespace of the same cluster, you have to create the Repository, backend Secret, AppBinding, in the desired namespace. You can use [Stash kubectl plugin](https://stash.run/docs/{{< param "info.version" >}}/guides/cli/cli/) to easily copy the resources into a new namespace. Then, you have to create the `RestoreSession` object in the desired namespace pointing to the Repository, AppBinding of that namespace. + +### Restore Into Different Cluster + +If you want to restore into a different cluster, you have to install Stash in the desired cluster. Then, you have to create the Repository, backend Secret, AppBinding, in the desired cluster. Finally, you have to create the `RestoreSession` object in the desired cluster pointing to the Repository, AppBinding of that cluster. + +## Cleanup + +To cleanup the Kubernetes resources created by this tutorial, run: + +```bash +kubectl delete -n demo backupconfiguration etcd-backup +kubectl delete -n demo restoresession etcd-restore +kubectl delete -n demo repository gcs-repo +kubectl delete -n demo appbinding etcd-appbinding +kubectl delete -n demo Secret etcd-basic-auth +kubectl delete -n demo Secret gcs-secret +# delete the Etcd cluster, Service, and PVCs +kubectl delete -f https://github.com/kubestash/docs/tree/{{< param "info.version" >}}/docs/addons/etcd/basic-auth/examples/etcd.yaml +kubectl delete pvc -n demo data-etcd-0 data-etcd-1 data-etcd-2 +``` diff --git a/docs/addons/etcd/customization/examples/backup/multi-retention-policy.yaml b/docs/addons/etcd/customization/examples/backup/multi-retention-policy.yaml new file mode 100644 index 0000000..3c9aed6 --- /dev/null +++ b/docs/addons/etcd/customization/examples/backup/multi-retention-policy.yaml @@ -0,0 +1,24 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: etcd-backup + namespace: demo +spec: + schedule: "*/5 * * * *" + task: + name: etcd-backup-3.5.0 + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: etcd-appbinding + retentionPolicy: + name: sample-etcd-retention + keepLast: 5 + keepDaily: 10 + keepWeekly: 20 + keepMonthly: 50 + keepYearly: 100 + prune: true diff --git a/docs/addons/etcd/customization/examples/backup/passing-args.yaml b/docs/addons/etcd/customization/examples/backup/passing-args.yaml new file mode 100644 index 0000000..e8e5bba --- /dev/null +++ b/docs/addons/etcd/customization/examples/backup/passing-args.yaml @@ -0,0 +1,23 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: etcd-backup + namespace: demo +spec: + schedule: "*/5 * * * *" + task: + name: etcd-backup-3.5.0 + params: + - name: args + value: --insecure-skip-tls-verify=true + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: etcd-appbinding + retentionPolicy: + name: keep-last-5 + keepLast: 5 + prune: true \ No newline at end of file diff --git a/docs/addons/etcd/customization/examples/backup/resource-limit.yaml b/docs/addons/etcd/customization/examples/backup/resource-limit.yaml new file mode 100644 index 0000000..a26e4fd --- /dev/null +++ b/docs/addons/etcd/customization/examples/backup/resource-limit.yaml @@ -0,0 +1,29 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: etcd-backup + namespace: demo +spec: + schedule: "*/5 * * * *" + task: + name: etcd-backup-3.5.0 + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: etcd-appbinding + runtimeSettings: + container: + resources: + requests: + cpu: "200m" + memory: "1Gi" + limits: + cpu: "200m" + memory: "1Gi" + retentionPolicy: + name: keep-last-5 + keepLast: 5 + prune: true \ No newline at end of file diff --git a/docs/addons/etcd/customization/examples/backup/specific-user.yaml b/docs/addons/etcd/customization/examples/backup/specific-user.yaml new file mode 100644 index 0000000..54c1d5e --- /dev/null +++ b/docs/addons/etcd/customization/examples/backup/specific-user.yaml @@ -0,0 +1,25 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: etcd-backup + namespace: demo +spec: + schedule: "*/5 * * * *" + task: + name: etcd-backup-3.5.0 + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: etcd-appbinding + runtimeSettings: + pod: + securityContext: + runAsUser: 0 + runAsGroup: 0 + retentionPolicy: + name: keep-last-5 + keepLast: 5 + prune: true \ No newline at end of file diff --git a/docs/addons/etcd/customization/examples/restore/passing-args.yaml b/docs/addons/etcd/customization/examples/restore/passing-args.yaml new file mode 100644 index 0000000..65c1f10 --- /dev/null +++ b/docs/addons/etcd/customization/examples/restore/passing-args.yaml @@ -0,0 +1,35 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: RestoreSession +metadata: + name: etcd-restore + namespace: demo +spec: + task: + name: etcd-restore-3.5.0 + params: + - name: initialCluster + value: "etcd-0=http://etcd-0.etcd:2380,etcd-1=http://etcd-1.etcd:2380,etcd-2=http://etcd-2.etcd:2380" + - name: initialClusterToken + value: "etcd-cluster-1" + - name: dataDir + value: "/var/run/etcd" + - name: workloadKind + value: "StatefulSet" + - name: workloadName + value: "etcd" + - name: args + value: --insecure-skip-tls-verify=true + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: etcd-appbinding + runtimeSettings: + container: + securityContext: + runAsUser: 0 + runAsGroup: 0 + rules: + - snapshots: [latest] \ No newline at end of file diff --git a/docs/addons/etcd/customization/examples/restore/resource-limit.yaml b/docs/addons/etcd/customization/examples/restore/resource-limit.yaml new file mode 100644 index 0000000..494ae7f --- /dev/null +++ b/docs/addons/etcd/customization/examples/restore/resource-limit.yaml @@ -0,0 +1,40 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: RestoreSession +metadata: + name: etcd-restore + namespace: demo +spec: + task: + name: etcd-restore-3.5.0 + params: + - name: initialCluster + value: "etcd-0=http://etcd-0.etcd:2380,etcd-1=http://etcd-1.etcd:2380,etcd-2=http://etcd-2.etcd:2380" + - name: initialClusterToken + value: "etcd-cluster-1" + - name: dataDir + value: "/var/run/etcd" + - name: workloadKind + value: "StatefulSet" + - name: workloadName + value: "etcd" + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: etcd-appbinding + runtimeSettings: + container: + securityContext: + runAsUser: 0 + runAsGroup: 0 + resources: + requests: + cpu: "200m" + memory: "1Gi" + limits: + cpu: "200m" + memory: "1Gi" + rules: + - snapshots: [latest] \ No newline at end of file diff --git a/docs/addons/etcd/customization/examples/restore/specific-snapshot.yaml b/docs/addons/etcd/customization/examples/restore/specific-snapshot.yaml new file mode 100644 index 0000000..ad10d24 --- /dev/null +++ b/docs/addons/etcd/customization/examples/restore/specific-snapshot.yaml @@ -0,0 +1,33 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: RestoreSession +metadata: + name: etcd-restore + namespace: demo +spec: + task: + name: etcd-restore-3.5.0 + params: + - name: initialCluster + value: "etcd-0=http://etcd-0.etcd:2380,etcd-1=http://etcd-1.etcd:2380,etcd-2=http://etcd-2.etcd:2380" + - name: initialClusterToken + value: "etcd-cluster-1" + - name: dataDir + value: "/var/run/etcd" + - name: workloadKind + value: "StatefulSet" + - name: workloadName + value: "etcd" + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: etcd-appbinding + runtimeSettings: + container: + securityContext: + runAsUser: 0 + runAsGroup: 0 + rules: + - snapshots: [4bc21d6f] \ No newline at end of file diff --git a/docs/addons/etcd/customization/examples/restore/specific-user.yaml b/docs/addons/etcd/customization/examples/restore/specific-user.yaml new file mode 100644 index 0000000..5687b3c --- /dev/null +++ b/docs/addons/etcd/customization/examples/restore/specific-user.yaml @@ -0,0 +1,33 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: RestoreSession +metadata: + name: etcd-restore + namespace: demo +spec: + task: + name: etcd-restore-3.5.0 + params: + - name: initialCluster + value: "etcd-0=http://etcd-0.etcd:2380,etcd-1=http://etcd-1.etcd:2380,etcd-2=http://etcd-2.etcd:2380" + - name: initialClusterToken + value: "etcd-cluster-1" + - name: dataDir + value: "/var/run/etcd" + - name: workloadKind + value: "StatefulSet" + - name: workloadName + value: "etcd" + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: etcd-appbinding + runtimeSettings: + container: + securityContext: + runAsUser: 0 + runAsGroup: 0 + rules: + - snapshots: [latest] \ No newline at end of file diff --git a/docs/addons/etcd/customization/index.md b/docs/addons/etcd/customization/index.md new file mode 100644 index 0000000..ecfa3d8 --- /dev/null +++ b/docs/addons/etcd/customization/index.md @@ -0,0 +1,344 @@ +--- +title: Etcd Backup Customization | Stash +description: Customizing Backup and Restore process with Stash +menu: + docs_{{ .version }}: + identifier: stash-etcd-customization + name: Customizing Backup & Restore Process + parent: stash-etcd + weight: 40 +product_name: kubestash +menu_name: docs_{{ .version }} +section_menu_id: stash-addons +--- + +# Customizing Backup and Restore Process + +Stash provides rich customization supports for the backup and restore process to meet the requirements of various cluster configurations. This guide will show you some examples of these customizations. + +> Note: YAML files used in this tutorial are stored [here](https://github.com/kubestash/docs/tree/{{< param "info.version" >}}/docs/addons/etcd/customization/examples). + +## Customizing Backup Process + +In this section, we are going to show you how to customize the backup process. Here, we are going to show some examples of providing arguments to the backup process, running the backup process as a specific user, ignoring some indexes during the backup process, etc. + +### Passing arguments to the backup process +Stash Etcd addon uses [etcdctl](https://github.com/etcd-io/etcd/tree/main/etcdctl) for backup. You can pass arguments to the `etcdctl` through `args` param under `task.params` section. + +The below example shows how you can pass the `--insecure-skip-tls-verify` to skip server certificate verification (`CAUTION`: this option should be enabled only for testing purposes) +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: etcd-backup + namespace: demo +spec: + schedule: "*/5 * * * *" + task: + name: etcd-backup-3.5.0 + params: + - name: args + value: --insecure-skip-tls-verify=true + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: etcd-appbinding + retentionPolicy: + name: keep-last-5 + keepLast: 5 + prune: true +``` + +### Running backup job as a specific user + +If your cluster requires running the backup job as a specific user, you can provide `securityContext` under `runtimeSettings.pod` section. The below example shows how you can run the backup job as the root user. + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: etcd-backup + namespace: demo +spec: + schedule: "*/5 * * * *" + task: + name: etcd-backup-3.5.0 + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: etcd-appbinding + runtimeSettings: + pod: + securityContext: + runAsUser: 0 + runAsGroup: 0 + retentionPolicy: + name: keep-last-5 + keepLast: 5 + prune: true +``` + +### Specifying Memory/CPU limit/request for the backup job + +If you want to specify the Memory/CPU limit/request for your backup job, you can specify `resources` field under `runtimeSettings.container` section. + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: etcd-backup + namespace: demo +spec: + schedule: "*/5 * * * *" + task: + name: etcd-backup-3.5.0 + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: etcd-appbinding + runtimeSettings: + container: + resources: + requests: + cpu: "200m" + memory: "1Gi" + limits: + cpu: "200m" + memory: "1Gi" + retentionPolicy: + name: keep-last-5 + keepLast: 5 + prune: true +``` + +### Using multiple retention policies + +You can also specify multiple retention policies for your backed up data. For example, you may want to keep few daily snapshots, few weekly snapshots, and few monthly snapshots, etc. You just need to pass the desired number with the respective key under the `retentionPolicy` section. + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: etcd-backup + namespace: demo +spec: + schedule: "*/5 * * * *" + task: + name: etcd-backup-3.5.0 + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: etcd-appbinding + retentionPolicy: + name: sample-etcd-retention + keepLast: 5 + keepDaily: 10 + keepWeekly: 20 + keepMonthly: 50 + keepYearly: 100 + prune: true +``` + +To know more about the available options for retention policies, please visit [here](/docs/concepts/crds/backupconfiguration/index.md#specretentionpolicy). + +## Customizing Restore Process + +Stash uses `etcdctl` during the restore process as well. In this section, we are going to show how you can pass arguments to the restore process, restore a specific snapshot, run restore job as a specific user, etc. + +### Passing arguments to the restore process + +Similar to the backup process, you can pass additional arguments to the restore process alongside with the reqiored arguements through the `args` params under `task.params` section. Here, we have passed `--insecure-skip-tls-verify` argument to the `etcdctl` to skip server certificate verification (CAUTION: this option should be enabled only for testing purposes). + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: RestoreSession +metadata: + name: etcd-restore + namespace: demo +spec: + task: + name: etcd-restore-3.5.0 + params: + - name: initialCluster + value: "etcd-0=http://etcd-0.etcd:2380,etcd-1=http://etcd-1.etcd:2380,etcd-2=http://etcd-2.etcd:2380" + - name: initialClusterToken + value: "etcd-cluster-1" + - name: dataDir + value: "/var/run/etcd" + - name: workloadKind + value: "StatefulSet" + - name: workloadName + value: "etcd" + - name: args + value: --insecure-skip-tls-verify=true + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: etcd-appbinding + runtimeSettings: + container: + securityContext: + runAsUser: 0 + runAsGroup: 0 + rules: + - snapshots: [latest] +``` + +### Restore specific snapshot + +You can also restore a specific snapshot. At first, list the available snapshots as below, + +```bash +❯ kubectl get snapshots -n demo +NAME ID REPOSITORY HOSTNAME CREATED AT +gcs-repo-4bc21d6f 4bc21d6f gcs-repo host-0 2022-01-12T14:54:27Z +gcs-repo-f0ac7cbd f0ac7cbd gcs-repo host-0 2022-01-12T14:56:26Z +gcs-repo-9210ebb6 9210ebb6 gcs-repo host-0 2022-01-12T14:58:27Z +gcs-repo-0aff8890 0aff8890 gcs-repo host-0 2022-01-12T15:00:28Z +``` + +>You can also filter the snapshots as shown in the guide [here](https://stash.run/docs/{{< param "info.version" >}}/concepts/crds/snapshot/#working-with-snapshot). + +You can use the respective ID of the snapshot to restore a specific snapshot. + +The below example shows how you can pass a specific snapshot ID through the `snapshots` field of `rules` section. + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: RestoreSession +metadata: + name: etcd-restore + namespace: demo +spec: + task: + name: etcd-restore-3.5.0 + params: + - name: initialCluster + value: "etcd-0=http://etcd-0.etcd:2380,etcd-1=http://etcd-1.etcd:2380,etcd-2=http://etcd-2.etcd:2380" + - name: initialClusterToken + value: "etcd-cluster-1" + - name: dataDir + value: "/var/run/etcd" + - name: workloadKind + value: "StatefulSet" + - name: workloadName + value: "etcd" + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: etcd-appbinding + runtimeSettings: + container: + securityContext: + runAsUser: 0 + runAsGroup: 0 + rules: + - snapshots: [4bc21d6f] +``` + +>Please, do not specify multiple snapshots here. Each snapshot represents a complete backup of your database. Multiple snapshots are only usable during file/directory restore. + +### Running restore job as a specific user + +You can provide `securityContext` under `runtimeSettings.pod` section to run the restore job as a specific user. + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: RestoreSession +metadata: + name: etcd-restore + namespace: demo +spec: + task: + name: etcd-restore-3.5.0 + params: + - name: initialCluster + value: "etcd-0=http://etcd-0.etcd:2380,etcd-1=http://etcd-1.etcd:2380,etcd-2=http://etcd-2.etcd:2380" + - name: initialClusterToken + value: "etcd-cluster-1" + - name: dataDir + value: "/var/run/etcd" + - name: workloadKind + value: "StatefulSet" + - name: workloadName + value: "etcd" + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: etcd-appbinding + runtimeSettings: + container: + securityContext: + runAsUser: 0 + runAsGroup: 0 + rules: + - snapshots: [latest] +``` + +### Specifying Memory/CPU limit/request for the restore job + +Similar to the backup process, you can also provide `resources` field under the `runtimeSettings.container` section to limit the Memory/CPU for your restore job. + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: RestoreSession +metadata: + name: etcd-restore + namespace: demo +spec: + task: + name: etcd-restore-3.5.0 + params: + - name: initialCluster + value: "etcd-0=http://etcd-0.etcd:2380,etcd-1=http://etcd-1.etcd:2380,etcd-2=http://etcd-2.etcd:2380" + - name: initialClusterToken + value: "etcd-cluster-1" + - name: dataDir + value: "/var/run/etcd" + - name: workloadKind + value: "StatefulSet" + - name: workloadName + value: "etcd" + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: etcd-appbinding + runtimeSettings: + container: + securityContext: + runAsUser: 0 + runAsGroup: 0 + resources: + requests: + cpu: "200m" + memory: "1Gi" + limits: + cpu: "200m" + memory: "1Gi" + rules: + - snapshots: [latest] +``` diff --git a/docs/addons/etcd/overview/images/etcd-backup.svg b/docs/addons/etcd/overview/images/etcd-backup.svg new file mode 100644 index 0000000..c8ec415 --- /dev/null +++ b/docs/addons/etcd/overview/images/etcd-backup.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/docs/addons/etcd/overview/images/etcd-restore.svg b/docs/addons/etcd/overview/images/etcd-restore.svg new file mode 100644 index 0000000..4078ec2 --- /dev/null +++ b/docs/addons/etcd/overview/images/etcd-restore.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/docs/addons/etcd/overview/index.md b/docs/addons/etcd/overview/index.md new file mode 100644 index 0000000..25edbd1 --- /dev/null +++ b/docs/addons/etcd/overview/index.md @@ -0,0 +1,85 @@ +--- +title: Etcd Backup & Restore Overview | Stash +description: How Etcd Backup & Restore Works in Stash +menu: + docs_{{ .version }}: + identifier: stash-etcd-overview + name: How does it work? + parent: stash-etcd + weight: 10 +product_name: kubestash +menu_name: docs_{{ .version }} +section_menu_id: stash-addons +--- + +# How Stash Backups & Restores Etcd Database + +Stash `{{< param "info.version" >}}` supports backup and restore operation of many databases. This guide will give you an overview of how Etcd database backup and restore process works in Stash. + +## Backup + +Stash supports taking backup of Etcd database using [etcdctl](https://github.com/etcd-io/etcd/tree/main/etcdctl). It is the most flexible way to perform backup and restore of Etcd database. + +### How Backup Works + +The following diagram shows how Stash takes backup of a Etcd database. Open the image in a new tab to see the enlarged version. + +
+  Etcd Backup Overview +
Fig: Etcd Backup Overview
+
+ +The backup process consists of the following steps: + +1. At first, a user creates a secret with access credentials of the backend where the backed up data will be stored. + +2. Then, she creates a `Repository` crd that specifies the backend information along with the secret that holds the credentials to access the backend. + +3. Then, she creates a `BackupConfiguration` crd targeting the [AppBinding](/docs/concepts/crds/appbinding/index.md) crd of the desired database. The `BackupConfiguration` object also specifies the `Task` to use to backup the database. + +4. Stash operator watches for `BackupConfiguration` crd. + +5. Once Stash operator finds a `BackupConfiguration` crd, it creates a CronJob with the schedule specified in `BackupConfiguration` object to trigger backup periodically. + +6. On the next scheduled slot, the CronJob triggers a backup by creating a `BackupSession` crd. + +7. Stash operator also watches for `BackupSession` crd. + +8. When it finds a `BackupSession` object, it resolves the respective `Task` and `Function` and prepares a Job definition to backup. + +9. Then, it creates the Job to backup the targeted database. + +10. The backup Job reads the necessary information to connect with the database from the `AppBinding` crd. It also reads backend information and access credentials from `Repository` crd and Storage Secret respectively. + +11. Then, the Job takes snapshot of the targeted database using `etcdctl` and uploads the snapshot to the backend. Stash stores the snapshot temporarily in a directory before uploading that into the backend. You can limit the temporary directory size using `spec.TempDir` field of `BackupConfiguration` crd. + +12. Finally, when the backup is complete, the Job sends Prometheus metrics to the Pushgateway running inside Stash operator pod. It also updates the `BackupSession` and `Repository` status to reflect the backup completion. + +### How Restore from Backup Works + +The following diagram shows how Stash restores an Etcd database from a backup. Open the image in a new tab to see the enlarged version. + +
+  Etcd Database Restore Overview +
Fig: Etcd Restore Process Overview
+
+ +The restore process consists of the following steps: + +1. At first, a user creates a `RestoreSession` crd targeting the `AppBinding` of the desired database where the backed up data will be restored. It also specifies the `Repository` crd which holds the backend information and the `Task` to use to restore the target. + +2. Stash operator watches for `RestoreSession` object. + +3. Once it finds a `RestoreSession` object, it resolves the respective `Task` and `Function` and prepares a Job definition to restore. + +4. Then, it creates the Job to restore the target. + +5. The Job reads necessary information to connect with the database from respective `AppBinding` crd. It also reads backend information and access credentials from `Repository` crd and Storage Secret respectively. + +6. Then, the job downloads the backed up snapshot from the backend and restore that snapshot into the `Etcd` database. Stash stores the downloaded files temporarily before inserting into the targeted database. + +7. Finally, when the restore process is complete, the Job sends Prometheus metrics to the Pushgateway and update the `RestoreSession` status to reflect restore completion. + +## Next Steps + +- Backup your Etcd database using Stash following the guide from [here](/docs/addons/etcd/basic-auth/index.md). diff --git a/docs/addons/etcd/tls/examples/appbinding.yaml b/docs/addons/etcd/tls/examples/appbinding.yaml new file mode 100644 index 0000000..cde2f40 --- /dev/null +++ b/docs/addons/etcd/tls/examples/appbinding.yaml @@ -0,0 +1,16 @@ +apiVersion: appcatalog.appscode.com/v1alpha1 +kind: AppBinding +metadata: + name: etcd-appbinding + namespace: demo +spec: + clientConfig: + caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM2akNDQWRLZ0F3SUJBZ0lVZEJYNnU0RHRyNDA3WkZDTWN6Nzg4Y1YyWHVJd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0RURUxNQWtHQTFVRUF4TUNRMEV3SGhjTk1qRXhNREU1TVRBeE56QXdXaGNOTWpZeE1ERTRNVEF4TnpBdwpXakFOTVFzd0NRWURWUVFERXdKRFFUQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCCkFMZmp6OEJhbDhpWTdjSTd2OHNFdndpSmJnQXBqTDIvNnVZbXBaQVZvcW50cjJCcmFMbTlCb1czdkMydm5tbWYKWDhRUFBsWnFIeUxzY1gxZUlpazJyWHJEYUdQaU45VHhLQXVrbWJjZXFsUXZScGNZZkVaVTBQMzhNc0xsQUlHaQpZamZxRjR5Z1UyMjA0L3FucVVPbFFjLzh2MmJpRFNSQXNUM1NUT2FVemdMd05KT20wOUlqT1dUQW15Q2xXWmxnClJmV2tETzVTQ0xZd1pmQ1Z1MTdBalJRMTNsZTdocW9GcW9SUW96dUZQMFp0dlVFdWVPSXlSa3ZlYTFRYVNyTjgKcm1aN1BaL0lIb3dyNjFtMFd0bVE3ckw1eTMyOTgxb3hRNGg2UHdLMGNGNVNyOG9WRUR0TGZVeE1OWHpoMXpRUAorY2FhZWlUWklyc1dqRGNxSm9VWk1wVUNBd0VBQWFOQ01FQXdEZ1lEVlIwUEFRSC9CQVFEQWdFR01BOEdBMVVkCkV3RUIvd1FGTUFNQkFmOHdIUVlEVlIwT0JCWUVGQ1FzZmsvcHJxWGwxKzhIODk1WUFmZzR2THQxTUEwR0NTcUcKU0liM0RRRUJDd1VBQTRJQkFRQmpOOHlxalhEaUdqaDFuUGdKVFpZa1FCa1E4SFZHeThIdlFWWG0zdFhHM3RLcApTaVdDQTlPbittR0xZZTlCMi9lOEFJNkIyMFB1Z0NZWHljMHVOb1RiSFdiZ01pNURiNEVZYXdDdVpkN3M4MXlUClRXY1N0VWZFeUdKNW1ycWZ6OFFPaUt0Sk1UeWFYbHllWllURnhnWUsyOThTcDhubFBRQlgzNVBDakZTbXZwa1UKY0N5TllYMDF1RnFhWE9FZTdkTnpBUmhIaU1xVFM0dkNUUnFrbFpMWHB6a3ViZER3WTVKK3gzYmptcDk1RUtmVwpJbkhERTJ2ckxsU0crZDVWNnBuUG54bXc3aGg2L0NMUTNVMXM3V1d0clVlSU9NUDdCcFJxRG05TjJhajJXUHNLCmpEYXdRcFpGdGhmbEdJR1ZqUUNCNFMwTkQzWWliSkVqdHZHMnBuTlkKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ== + service: + name: etcd + port: 2379 + scheme: https + secret: + name: etcd-client-certs + type: etcd + version: 3.5.0 \ No newline at end of file diff --git a/docs/addons/etcd/tls/examples/backupconfiguration.yaml b/docs/addons/etcd/tls/examples/backupconfiguration.yaml new file mode 100644 index 0000000..40b8ee2 --- /dev/null +++ b/docs/addons/etcd/tls/examples/backupconfiguration.yaml @@ -0,0 +1,20 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: etcd-tls-backup + namespace: demo +spec: + schedule: "*/5 * * * *" + task: + name: etcd-backup-3.5.0 + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: etcd-appbinding + retentionPolicy: + name: keep-last-5 + keepLast: 5 + prune: true \ No newline at end of file diff --git a/docs/addons/etcd/tls/examples/etcd-secret.yaml b/docs/addons/etcd/tls/examples/etcd-secret.yaml new file mode 100644 index 0000000..0323bb8 --- /dev/null +++ b/docs/addons/etcd/tls/examples/etcd-secret.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Secret +metadata: + name: etcd-stash-auth + namespace: demo +type: Opaque +data: + client-key.pem: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBc1ZVeUQ3L25QanBnOWlrYlpIdk5pN2ZUZFUyM3NXLzZjT2p6cWdXYm9HRDJLbTdFCk9GeVFXb2FacWxWNHM5V3F3cy9vaGxjb0JHUzMrVUVNbkJjNi9QU0tTUmxVUUUxS3ZqeXhFUkwzU0Yxc3h4UnMKMExVZVFnWno2T1dubkhORTBjNXZObjlSUVo5VENOeHl0WjBqVi94MG9wd0c3KzBzNSs0R05GbmZQMjB5ZXFLNQpDM1JEbEJSWVFKRWZMYTR5dHh6TjI1TENUQ2dsaTlkdWZoaC9ieXVLdHUxVzVaTmowVVh0bXRNRkd5N2JhZ1J2CmlLQ0NqVDQvc0RqWXpTWlZ2VitESlFFemhLZmdqc2NrNXBhaTJsWFhpaXJQVzE4N3JUSkxoc1pacWt3NUlCWEEKSUpqWjFBSSttYytSUE1mVitxV0h0ZG5XOHM1TDZxd2VvVUdwUlFJREFRQUJBb0lCQUFMMGJIVWV1WGVyK1ZtZwpyYmdxNSszZ0RrSHlIWkZ6VURUNWJMWDBpZmRPSmt2bXRKWkwxSXZ0bWpuZ1dyYUVaT2dDRnRuR01nQ0F2U0FHCkdYT3dYMmMvbTk1RDhjZHdna0pST0pJVVF0S04yL1lsUFBydFNhZkgrNzV4dFMxQ0xtOWdoVEhmUlRkV3RFZDkKaE52SjFvRHN6L1Mxck5mcWw4ajFpbHpzOG05WUYxWEtoRlozQmpSWHBFRFdCWUIzeTE2dGV6RlU0NlJaMSs1UwpaR3pTakxhOTNuK0JEeGc2ejdMVjhON0xyYXVQY3lCbkFnUC9KMlR0MTQ3bHM2cHhUWlh2UFd0ZXdvRHV1aHF1CndWQ1FkUWZ3bmlPTmJmbUxDNUp6OWNrNzJvWUg2ditjbEtFc05GT2xZWjdjRGkzaTZ6K2RuK1JOYTUvc295Mm0KV0RsQ1ZURUNnWUVBNHlUSGlXYk5FMEk1N2NnNDNlWkJ6eTBSMGtvTktJRGlJMWZkQmRBWUcraU1vZzZUSEdBSApvYkRFSnI0YkZ3aUM1QmlYeHVxZ2RQSVhqcXNNTGtYM2Zra3ErNkh0VS9XRS9pSmJyRnN6clUreFdoYmxEc0ZPCkRCUWw3SjlkaitRaGcyeXBOcEtjUWVYS0E5WVdvV1VqTkp0Z1dVMG81MmFVcUF3NnRKWW8wMzhDZ1lFQXg5eDAKZVg1YkUyWU02ZU9tZWVXWWdBZC93cVV4NmlYaWl4S2M3Z1Z6WG9qVUVaaUQwVEdrSi9RTW9TNHNHV01OekRlYQorbTdXNzVSTUZoOGlzQjdlTUxlSE0zRTRBV08yVlc4SUVuM1h6U0JLNngvcWIwS2VoWVNIS0R4YnQ0UDBGSVdTCjdYc0pYc09mRlRMclZLbHYyZnE2ZzBwZ1R1Ri9QZzdaRUIxQWxUc0NnWUJ4VDJhdTEzYVVGZVI2QnZpL1VWOGcKNzdYRk5xV3J2K2VQaEFSQkl4Ynp6U1Zpcm15YXFoa0VndjdHNk96d3A1Rk1JaXlNMFh5citoemdVZG1vdDhTSAozZzR3S3c0T1pSc3IvNDNGeEZWYUxyZ2xYZWgwWE9BSFRJSENzWmxsNzRMOFlkZGozdTFPUGtoeGMzb2tseVJoCjJPVE9oNXhSR3k0clNyWjZZYklLRndLQmdDUEg1eDVkTGNjQ1RTdU9jeDU5cVZpNmZ2Z0ZCVE9yUnF5cFQya1oKbHJjRS9ocU1XSVVhUXc1WUZlN0JTbW5kSHZwQnRrQkJtYjlZcUdxSmRuZGJmMkh2YVlnZksreXJ3bGYzUWRXMQpxKzN3YXhrL0pJUjR3OUtaa0d6MnFXRG9nY2t1eE1nNWI4c0VjTFdsNFJYT0k5VTlteWlvSnlmWUhTU3FHZGhWCnRGdERBb0dCQUlEZ1RVOHZNL2VkTml3TVZSMmRnZjRXNEVhcE9zWXhmdFZnOU5YUFNOOEdVNHFtWURCNGtIWnMKQjg5dzFEajB0WU0xQnNseXRYN3llSTUxNi8rUDVuYnQ4eHRtS3RUWVlrWmlvOGFEM2FaZXh0ZTIySXRjTE1xTwpMMERWZ0s3bzRxMVdUVWVCZWkxbDB4b3JXWUR0a0tIYkUvWGJDeHFtOGgzWDdpMlVWOWZFCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0t + client.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURnekNDQW11Z0F3SUJBZ0lVT1VLSTFzY2pVaEROTEJPazdma3J4dFFlNU9Fd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0RURUxNQWtHQTFVRUF4TUNRMEV3SGhjTk1qRXhNREU1TVRFMU56QXdXaGNOTWpZeE1ERTRNVEUxTnpBdwpXakFSTVE4d0RRWURWUVFERXdaamJHbGxiblF3Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLCkFvSUJBUUN4VlRJUHYrYytPbUQyS1J0a2U4Mkx0OU4xVGJleGIvcHc2UE9xQlp1Z1lQWXFic1E0WEpCYWhwbXEKVlhpejFhckN6K2lHVnlnRVpMZjVRUXljRnpyODlJcEpHVlJBVFVxK1BMRVJFdmRJWFd6SEZHelF0UjVDQm5Qbwo1YWVjYzBUUnptODJmMUZCbjFNSTNISzFuU05YL0hTaW5BYnY3U3puN2dZMFdkOC9iVEo2b3JrTGRFT1VGRmhBCmtSOHRyakszSE0zYmtzSk1LQ1dMMTI1K0dIOXZLNHEyN1ZibGsyUFJSZTJhMHdVYkx0dHFCRytJb0lLTlBqK3cKT05qTkpsVzlYNE1sQVRPRXArQ094eVRtbHFMYVZkZUtLczliWHp1dE1rdUd4bG1xVERrZ0ZjQWdtTm5VQWo2Wgp6NUU4eDlYNnBZZTEyZGJ5emt2cXJCNmhRYWxGQWdNQkFBR2pnZFl3Z2RNd0RnWURWUjBQQVFIL0JBUURBZ1dnCk1DTUdBMVVkSlFRY01Cb0dDQ3NHQVFVRkJ3TUJCZ2dyQmdFRkJRY0RBZ1lFVlIwbEFEQU1CZ05WSFJNQkFmOEUKQWpBQU1CMEdBMVVkRGdRV0JCU3dUcWpsZWlxVCsyU1pHM1lndzBTY3RDeEkxekFmQmdOVkhTTUVHREFXZ0JRawpMSDVQNmE2bDVkZnZCL1BlV0FINE9MeTdkVEJPQmdOVkhSRUVSekJGZ2c5bGRHTmtMWFJzY3kwd0xtVjBZMlNDCkQyVjBZMlF0ZEd4ekxURXVaWFJqWklJUFpYUmpaQzEwYkhNdE1pNWxkR05rZ2dSbGRHTmtod1IvQUFBQmh3UUEKQUFBQU1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQXJlNHd2b2hGK094dHpONGgvM0RjUHd1dk5hU3BoMnpEWQp4SUwzVDY1U2kxcmNYL3NPdmVVZ0hBZ0RIeGRqeWoyRXB0ckpDWFBsaElQSGt4NWYydHVzV1hxRWVUNHhVdmo3CnlGaXZTSFR3OEtBSWlWL0FjWi96Z2JXYXFqaXo4dTFzd2JZVXFGWERkbDR2ZktVOFc2dVh2elU5U2k2RDRMTWwKbEtHMzY0VStCVzcxS2lBNnR3MmZ1ZitOd3E0TkFNUHZhRlhZaU5JOHVWUDV5eFNFZnBFcldicjBFZ2JwU3JWcwo4SVJPTEJ4cFo5b09qWGloNHBMWTFXV29xVXR4bVR6SWZhMjgxRi85ZzAyMUVrMmErb1lKbnZhMjQvMGEwNHlKCkYyYTM1VDZ0eVhsU0oxMGhkTFpDbi9QMnVNTkNJajBVZk5LZ1M3RVVMQ0x0UnpzbzhMWGkKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ== \ No newline at end of file diff --git a/docs/addons/etcd/tls/examples/etcd-tls.yaml b/docs/addons/etcd/tls/examples/etcd-tls.yaml new file mode 100644 index 0000000..5b827b1 --- /dev/null +++ b/docs/addons/etcd/tls/examples/etcd-tls.yaml @@ -0,0 +1,80 @@ +apiVersion: v1 +kind: Service +metadata: + name: etcd + namespace: demo +spec: + clusterIP: None + ports: + - port: 2379 + name: client + - port: 2380 + name: peer + selector: + app: etcd-tls +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: etcd-tls + namespace: demo + labels: + app: etcd-tls +spec: + serviceName: etcd + replicas: 3 + selector: + matchLabels: + app: etcd-tls + template: + metadata: + name: etcd-tls + namespace: demo + labels: + app: etcd-tls + spec: + containers: + - name: etcd + image: gcr.io/etcd-development/etcd:v3.5.0 + ports: + - containerPort: 2379 + name: client + - containerPort: 2380 + name: peer + volumeMounts: + - name: data + mountPath: /var/run/etcd + - name: etcd-secret + mountPath: /etc/etcd-secret + command: + - /bin/sh + - -c + - | + PEERS="etcd-tls-0=https://etcd-tls-0.etcd:2380,etcd-tls-1=https://etcd-tls-1.etcd:2380,etcd-tls-2=https://etcd-tls-2.etcd:2380" ;\ + exec etcd --name ${HOSTNAME} \ + --listen-peer-urls https://0.0.0.0:2380 \ + --listen-client-urls https://0.0.0.0:2379 \ + --advertise-client-urls https://${HOSTNAME}.etcd:2379 \ + --initial-advertise-peer-urls https://${HOSTNAME}.etcd:2380 \ + --initial-cluster etcd-tls-0=https://etcd-tls-0.etcd:2380,etcd-tls-1=https://etcd-tls-1.etcd:2380,etcd-tls-2=https://etcd-tls-2.etcd:2380 \ + --initial-cluster-token etcd-cluster-1 \ + --data-dir /var/run/etcd \ + --client-cert-auth \ + --cert-file "/etc/etcd-secret/server.pem" \ + --key-file "/etc/etcd-secret/server-key.pem" \ + --trusted-ca-file "/etc/etcd-secret/ca.pem" \ + --peer-auto-tls + volumes: + - name: etcd-secret + secret: + secretName: etcd-server-certs + volumeClaimTemplates: + - metadata: + name: data + namespace: demo + spec: + storageClassName: standard + accessModes: ["ReadWriteOnce"] + resources: + requests: + storage: 1Gi diff --git a/docs/addons/etcd/tls/examples/repository.yaml b/docs/addons/etcd/tls/examples/repository.yaml new file mode 100644 index 0000000..3ce1068 --- /dev/null +++ b/docs/addons/etcd/tls/examples/repository.yaml @@ -0,0 +1,11 @@ +apiVersion: stash.appscode.com/v1alpha1 +kind: Repository +metadata: + name: gcs-repo + namespace: demo +spec: + backend: + gcs: + bucket: stash-testing + prefix: /demo/etcd/etcd-tls + storageSecretName: gcs-secret \ No newline at end of file diff --git a/docs/addons/etcd/tls/examples/restoresession.yaml b/docs/addons/etcd/tls/examples/restoresession.yaml new file mode 100644 index 0000000..27dea9f --- /dev/null +++ b/docs/addons/etcd/tls/examples/restoresession.yaml @@ -0,0 +1,33 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: RestoreSession +metadata: + name: etcd-tls-restore + namespace: demo +spec: + task: + name: etcd-restore-3.5.0 + params: + - name: initialCluster + value: "etcd-tls-0=https://etcd-tls-0.etcd:2380,etcd-tls-1=https://etcd-tls-1.etcd:2380,etcd-tls-2=https://etcd-tls-2.etcd:2380" + - name: initialClusterToken + value: "etcd-cluster-1" + - name: dataDir + value: "/var/run/etcd" + - name: workloadKind + value: "StatefulSet" + - name: workloadName + value: "etcd-tls" + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: etcd-appbinding + runtimeSettings: + container: + securityContext: + runAsUser: 0 + runAsGroup: 0 + rules: + - snapshots: [latest] \ No newline at end of file diff --git a/docs/addons/etcd/tls/images/etcd-tls-backup.jpg b/docs/addons/etcd/tls/images/etcd-tls-backup.jpg new file mode 100644 index 0000000000000000000000000000000000000000..e94ec1fb490093e57ff77b37c978567c39e8a01e GIT binary patch literal 310682 zcmeFZ2~bm8w=Nn*M0yeFA=!$E^wI~6$**i-3qlm6M)NFZBjLeEzE{zt?J zksbsT2_zwGML>E%B@F@sx?KUqC4}(Se&@dXUfpx*)vbF^)u~(chgt;4T9Y~EoMX%} zzVVH@^LB>=+i!1s))uyF_b%9P&=+jy9n1!{>wok0cO(CsP3+pW(+iW^w>wC5x5zFz z*lxL9B67QSm@otkwoCNi+J^nN*RI_ndqnq&?Gu-fgl=fx58J&bxq0~o zg+;|B52_#5Jfb|Vt!rs*Yk%6&+4YRhVD_^H{(SjrYlSbAsLdUy|&<3-1c4bowU$L;v+@H~#yFVJ0@w_ya8u$Mi^7;`bqODV?qT3BL?>Qpr(Efn_(cMg7- zC!+$4YYqT&ab= zaqNFprcNrMfx$bl-*;f&eih2?z_=Yi#12e{x_xd3ma4~D+E$H_+JW&!xDmn_#FCic z3{8RdX%S4`fu&Inkkm~skcR&DCulTp_jw1lB}1YQ@{I(hw7wHq z(1pg=hUN$(RI+1`k}yEa4(#Ku8WR1~4ouug@XMy9;4pj5YzGGQHed%9xC47FvZeQh z#y8%&l(5h@Cjmrkb`_GC{{TvR+25aUH*R@vJ8@9dZJ!+&sXyLk>%>-=u5f$@b}x9M zr{jC&&z#Na<{en@hTVL(E03+P1B-x~oyd_VLT|1+uo+S-W~#yLHLZj8zG(+`X>$j* zVH>zzxdYRbt>1QEf#eYVP72%FfrZ9K2uyciy`;^V zmBL?$20O6f>LnU98ufpV2GdC3h|JxARY2lFvjrf8sg-n$z(NQO(1JPQ-#z+IXh1u7 z9oy>c{WQKA4=apCG$s79ormF6A^>beGFuc{2%!lK5^M(+LYt+{lNs@{^M*B5L7BK0xWmP?jlf7f337M>|-n6akvn5ydU%S(ev*64p4VRK8@4M zv{Q$GZo7OiZeT_sFuCH)b_dsP4;PuESNGxpYm^mibsa}$1a*29P@EI%3tX7==(3Y- zIu|m-gmx_UZ-!dD+g8`L54}b%-Hk4ZX4)Zz1ANO&C_(qDIAcd-H+K7!5yC#w?r+-4~Zxkp){MhCr!GQh;Wxlch> z+SbD2njM(GbhPW61G74Y3)43~n0!5({!(?ro7oPJu{DpEGx4nF%Q=x zm+#{(FPb59({*)0tA@ZVhF^6tDo9V{^Eg%iIzrZ6QdN99Kk$rISx4_z@aWU(E&H?e zM!mGR<8<}`KY*th_ADh4DC`Tc8+%w_Su!{L!-qEZxs70cqBG#Ww}DP0t*tR2-My`? z*#D143aiU#G=lM%!&ZwdOeCH_^|jw&%y$|k&zUMHzdT(Niqus(8SVp2P>!*l>YU$f zSFtyyy2)I?j&Rl4%Nhgs`|XmDmHosG%+FH2Tu&&@n`QUU^z05HH9tzb#V?s%bI=<}83b%j<@Db?V6*2|w9ks_ zl{t8}BgP?xbu~t(y>xulj+=?YDLN9LjxWa2LQK1vB_%H2|^ms zxOY&mQN`(E6;?Ja#rqh~*tAicJD*rRl2M?0fX>Qbo*DP)yso)v!vjkwd;L1A`(Jgt z+IKY7|1pq;Y~6B@HJ6C-;Va+Dab|GmZR=6z_%Sak6qUXH=(lfSymTdn3M8Rra@vRy zFLi*xy&3f7&Te*B{DBLV7;$1Yxfp?Z&^8=c8sRo6`1w7KGY2so<5L@o78 zDakJST>Imr2ki^oWMrXmeq}z;W6CfEs~`dT7#?-Gq3e|Yc&f%Z6rXSU=l4ob zYqF6wGHbMP4t#gBSJN*fQ z5vBB(fC9egPww#<^Ke)D2szIYg^VoGlq&1AsanUg2+NHA?O(vwZ1Afd$M7)U!L08J z(UFO~evXzwNLQA6E}1ff&ui*D>(5td*Eg`POGXYzC+Cx%Oeb5#sm53xnf?=gd^@*C zS%BuFJ2;K%!eN9gN|X0hnmtsrDpcdk(jz37t%vVDK9yrKwFAR;zwz(v$kRKLssX#N zoqaW<|L}=~_B_y&gN`rYw3g*EBE;8ysK!-NPGZJ`pivUu19eH9T~IIaE$ZcXtr|sX zP>+SrJCav@gl0U1vg21Dd2Jl)6fqz?8dzMhyR8X)z4t^0p;|hf;g;3t)UMi<6fEvp zt4FmzkjZ<0rF0t(eEl4}1Kaa;I~Oe?&;n^&_6dKop>5}CL>9XZPR2v#IhnQx;W&yC z1Ag?f#qY1JI=o5vMQ~=aTd$gu*1qlD|ExTJXqt>Nrp(PQn=UIB;#cM0ePHNI3)YJW z(f0_o1M05y1dT}dWa6&AGSRG*GtBo_yLC9->*!&ycC;pK;0g+pJY-T>z&YOKrrK`p znG)!m<#W;4HN-(&e5~v!EvlEl7{R59MNS{!e^nynvfg{MIz5Al7&?Y8PiQ^*vL!(^ z>vrC8mATloK~wA(slf257ZUlAR`I%RKzn4{sx!+vCS>x_3h2NY5FDUw6ocbidLWiT z0$k5zF-Cho||{ z9pv_VH4TLp)ph-k->n*5H839{N+hTOx6*z#1QdXFtXSI%+(xC~Zp*SD^!`W-PnL?d zLZGLUo=PFBMqlwP8a`~2YMX!V;!2RRT^ixBAJD=W*<1Ilb79UDjpngsqFz5&vtaTdFF-qti(OOAcC>uXb0UGl)mo zF^DJ9VnPWqjF{#b*0t=H0J1w`J(a6v4tGzcra(Mw(Xgkn5P5#8+#t;nyL#?lnJ}3oUiE`bp6l-(5 zOdk8BC#(86$^lxb<$PLFf<9=+x!JKLPq4tGvG<#O!MXtm@;5e_Ce^-*QC%)E%#CeW zRhm1%x4i?WaE;{NE#G!b{_t1T(VT`kNo4f}{K89p9qoimknfRO0yJD>bs8!I2|kv8 z@Sx#cN2GG3azwn3G6Re+Mtay=HF#$Kd3>e;=c16_XrB#7c1t6!=~!Y*j+f>rqA_Pb zx2Bm4%k}eR(=YI(R#G(Ob2*RkJ^0L;k~eg}x_M*QsLu?s^65e2CWhbR3F;+obN4S5b_e!uP91bDAVn;7k)%GdJvqM0 zxLK8rurIXMmTrvU1w9@CWg=#2Z@Xi8P66BG+<;E9#U@RK zFS(iRP_SjxxM<$B?(t4GWn@uIz*kI6E4!c-DJIgr$LE%ac;?Be^EOYcV1N%EE0 zPZr=Lo6h(vx{zO0>|7eJ>nfmI8Zm;XG&Y~4l=kc&f zg=-SaZq}vtjHO!{7hWoq(AtuNOx4Dcsj+K~BjrL3S zef3u*#_{fd`pyGg9ACOt6O9h8ciM$8hqX7y@ks=FAU#j@>#*4CUu! zqpaq?suA2-(IAZ%pG~a^BLP|9X=U>rn1s)YbLg!6s-mjT?f8n~*qGY#15*PIPk%EE z5O^mEeqj-kGx;Q|K~tP0(!r2JQUtdWTQUoe1M+mAkzyn?2^POfch}%k@v1i#K5A*@6QZ8%IDnZUm?^ zl@kJ(a;G!e8)soMPtDD_$uCgZu`I44f1oDh^8F!jS=$392}>}4mBkjgHfAP`CK>KJh0FU@Y(M$ ze@*@$>3a%RmOLf}Cju$6Gky5jXuLvw_qg5WhKR{ezjO&WjIts;{} zA~*YZt!5K$m+lS+|1qG&nx|OV=A(|vAFubV4;invFI$;N()yX=m$d1!KsEwME8@+0*&FY-cT{|!t z`%Va4(1or(=!ybxf-J;!$kyG0)}3W9X)S^c)IyupRTAS@65V^_>rW`|UKHCV@4)tr z%+eOMw<$ZYA))=f{(uXj7}{L@L%#`+o_^$V-5O2<25N< zfAYE%6$w~ocVA~+Q8|O#+ZlY<#3y*qg21ZaaKHZ{s{iU6COas z7U5--OkXeCqrY1hNx=^*JQ#ntSVEHoo(sjV@n~7v2q}y|Miy+do4*vtot*a~Y66!^ zLg3~=Pi}BMn86VKlIuFIuL&&7Wl&bE<5o;o>nUE|KJ1y0F&}B$70I(FdydlMqU5fQxc(X8)j=o1ln{*V<_2# z+sEs@vQ;KFheB@zPJyPvecOB+p2nazXu6>YJbIxz#5;le;t)ZulsXKoegLto+XIXb zQLhm4AL?mj?Vb*PA^H1|#28D%+2Munl0B`^E=4#t>yW(Gnn`-I^~=M$U=^{%A{Aud zB)Z<^cayV=ay2C%!E-w>QLor*hKSlCmns+S0Z#K|*od^MhdrTgfB$f@*S$yED5}V} z$HObnVtsG%o*L@}?ceN2TMTRd9%IryEq_1Y>VR==h0QKqU?`H%t)(l+eD=1MOC1rH z_!i>yphi}3z>;@mPMl9-+HCDzwwRL#j#TL8^jj7}s!f!8v|=3vs;)U=SnlV+==0-W zh-d4T=agx87YBVN&EgO5z?{afe=#y>Xs9k3UOqfW$a%2G^a%x0@n+P4+LGXVuNDd} zRP}Y6rZIT%7<==zbeGqWKMl@3mrQ;A*r_~RQB5hMDwXL>wXLysP7ZY<(8*&Zu}&f7 zJFqbD1=iptrHEln#ifH}S>K$EGj*|!{ z!T3n}4B7&(e}}MspWQYSd^-mF=kDJnVE=z_l*b_( zs_n@e`E_q+R&M)Jf}<%bUe~LxNqfrufuxdn<#WD9M*UnoDCMRpn%(Drj0bqU*9t8P_mx*lsa1VTbW@VEJzq~| z`mLT;xH?sXyjbHbSEi+M#(aVOx8%DZj5tl8xdUTFaQ+64mn#1qURnLue{NLpT-Hne`DK{ zq<@39|C7Mne@XbSIsE^s)W25gzx425mgavgG4?N8`k!t~@2$dBw@YckA>SNyf zD+KrDL`@+#;?Bc+Pd^M(yV$4oBma5qCGtFsBk_|s(8u1#&8$}@cyeDKeoK9)xCFxX9&<|hrp&$H*_mJt6pYp0gT6_PZXtJIqcp(*$hUCiV1?(W zl?10{#c7|WK`4Yw#Y&Ubn`mGLT9-6B$QOaOYeUEjS-STP@tFdFRo}KNFd?K_1Q*u} z_J|XeM*a9psTJcFC+mfB1jUtAM?jeKC={;AH(1C+0NJnZAJp4tFmb&6vb%*YUS4r`6 z&V>6Nd&ckcGlut1WYnm3-=~J!UyJ7hTN{QDu6t5A4L6!51%17PX?m0hFA%Yy>uKjf7zTQZYUyZFH%4loY zs&_q!FaOQOWw9jRp87*SBd5jaU~4#oA(R{;`g4gtwk$0g=|o&Q-z8%m`{na>m&C@b z^CMB`Y^}Ia@6o2RN#(x+(yqQ^kqcGMX0?NB@ zAG;mch~{bzH0)5`xtiBVh8yw?^S9IllHda0@;AOy`Q=KJK4vqVe#RwRP6* z>xtZBW(WoF+4A=r8FpduhlRY8Dz1i&H=aLyk;WBNW+P=8K8>j@WgQB1G$Il!&0Fg} zbBj3&uoI2*npI}|$E)qMnE|anWR3g)YH#6|jkyi?4|k}?tQS#h})HTIAna(TN#wf#44m+M*X zO5Cs0dUZlNrlm5A=*fHcbr*3rr~}Y?eGiVIPQ=f9CKwV;ffwa822DQ9cpxB-Gu<^V zP@#f_Oo)mguI`mjA@6}}6kh5c`=Zq~@x)&^GGQcEo6KpHHVLQdR#$-D+-dpXt_Gvy zRk?Oapi)xUMV?g0-UZ+6>$MQjey#&XYh55yi@Fx~_l`0rvry(CakmfVSgQ0_9A5H# z8s_~AWCmoE|6F^bcqw(5t;iox^jiitg0t+Ceaa^&sSxb8$RBOQ!shQ37`979=ikO} znCqfqX`FJB$hWU@tJd17LKWdlUxl%@c#(hbPZP$yfrumoeRJauuk+epDAQVk*GaWL zYg#(d4&EFQb@aCzjZ*I~g;1r(R{scz@;;X~Bcl#6911V*NUTcme3}C>r&TckMna; zgU5?ddvPUp)+|C=zpUN>$JB!rdtFm+vp(D{u*gnH#ZsBOwmeL3ecX&^yi&A)A_z`# z(V6dG_w0uN72`nXc`_+N1UVvrFK#Dn50^D#kAR06hZm-(|du!wCyjK1Q zvyPciq|H3te3*f3%fRNkxHYM}nly?CsrTIJ1XD(Awl?OqDUl+Xf4LjQ*@1mQS%loP zJFt$DL1!OT4pk2A4B_w(F1h;a`aM|Q@^sHusapy};j${dMvnOl{70hRTbwFfP-)OM zA0Q<5HxC+n2F2>?8L$?<18dAlrVCT|Ta82%V~lxr$T?YMdVAE}5wcxjM2(4W^@o?y ziU}__yndwLaKtiu_5l_(9FpV=fySCsAFp)&?R&Y*EOs|3V5aYhwC4F-##F`8DFLQ# z^IM+b5T_p={k$??Tag3-9t^0!aq6ed>}MgiPhu=))}@hQvqJ zpF>Om{DH~ACJ%vygiHHv;A5pBfp{y+qYQlj&(A`n;Rnp#IK&+28<88yoWG3wM zCiGxMSAAvQkhli?rL-H{SXPJXheh(0xdW5m>dlu%zh&r!NnXNU1X#tjm)^d&sb=7B zX>7RE9Z#Nde@6lc)pk*p$!B(b+`XG{1hQ5X>RpVJIlfr^y%T>GD z!>u0>4sQ1ys95n(6aAN0bB@>p`cCJmjw*W3zoE4_*u9-N z(PY*<>ImmaC~L7e0ZV2ql!?(hGhNRG1z++5nzM8}Q79iR*T*kwyYwDaX~iYPFw}$R z#S{YY1bsyMd)!@uej}pHA8$ob=i91@JBSvHxi&lJdwD#u$*gwlYPfpLT*ViEllCx# z2AunvxcMVhuU z$CFBsPiy+wPi(ZV8t4vi(24ppGKN3%NJ#+|Jc$SO-Bh!bYh9Qe9s2iAjuRIHt=rbk z8bR&g&s%jijbR3yk+)m+06MKLxIiVvh1*0s89BS$^6hn|-RWX%m z`;o&1u0=tF%p=D4`vTv$tpq8o_|-bbht{9#$yQD7TENZND`=gh3FHH~Cwr>qw{S{C z)$PI_cu1v;xq+JPbT@V$v5VkHJQ+&`@6X2DF}!X;j58}vr5uEvMeM)2F&;L1WA=Kv zdC8~HlA7;B>pG%`Ggh=J#2{EU|r@1&Qwqwg=ol_n;t!KS2x1kqCoZOb|7; zFbTs?;mTkHC*pUdp2JVcy%kE6?2FTAZ34o!t9wF#i8H)Y=e?rnUh#|SqZ-qvl;8l- zn#s;lZXC{V7J<0a8Ag9HE`Fc8PLc$V_5?FM+3*X4D_F*y9NkXxF89f*ic_{4!q)1# zYK_E1B*Kl+r*9rQPPL~@E!M4HtZX0XT1xxrW^{u2u}2GEfY9T<&b_m`XjVNS@Xn~v zQ(+cgN6h+1Duf0hAG_DMt5SJK7t*S157ybNH02pMp-wgmrAwVyk)hh2cKoe6kC3y~pKiOg$K0y**>_`< zBo#G+=x{#_SS#Od*MX+SqZ_w5R1#Srt3!_z+c){T_1wE-ZiU~pnA3`F8%dn~{t4*07rVFW5uwobS@S3gFGJb58gAyD%Apa^BU~g-PN?e~HmqV;4U4Ju5~WjE3vY7*bibP{NZDG7*ll5zYzaiCOBobzmHQ*o zU$k*5;!bxf-&}dyc!26Ya&^fU$w$L06r_IOGT9-lZPeFhvcBe;l$GD}qV+LfjgXcYQkc8A@)Rly{yCY`xLcQZ^W|xV=}8EI7yr zDtiA6Ed@-OWV>ef26hc!y90bpYPP!WlKnb_OFhrvO!@&w22V-BFB-)bEgX?^swW;U$31r0Xr)hQ zs}`Is>NBGv4m#zZs%7PNf2k)G{|O};`^$c)>1$vV2^|K> z`sTzSZH-d?kNq6LBisV6>#FM%hH!fk(s7Jlfe5i%p171|#jUkB>ye`>KU#c*G7^NC1HIIBlI-a2^fw93n zX-&H@hYTy}ciz3gi1tgjSKTst=JyGFf(0*HRaxIMQ)N5c(1_gp9(#9qIu+&V zpw%B3d(FNLKc1~EXN}A}8E)>SP&-A*qWih(xa3lg*%dgIu>nU?QY#^c`&Tk|B$3_1 z&TNBt)=$0us^&H-6K?hTD&)}dGX%$mkxWB#Dou`n_{Zc84}o@A0RC~JT-e^{PV@cgp zY%d|Y96uMF?+zp;MTI{Xr>ocos8?D6Kkh#EuPWlTX3iythvSv?;nwD#rs(JC7wilC zyk(v0C7N#3`d6je-P(_LPgT+06*$w5Q0%O>e%l?&zp#&gJI*n z!zo58cQ+J1&FlJyot@})ZgkEMb#blZQcjiq19F9l0vRax9l^z=9Uy9N7xHoj+`Y2M zcLh-9L4y5{PCh%WU0R#@2f=@H&}sCuU|00z`*tySjah6wb!G+|T=dUpxffX_@f3QG z6zPd4MP{IHSU#`CnsEE)FkV;%Ttnp;FnBG?ix>6$jbo~uo@ds&H zrF3nuMVCv?@XppVXVqtOQeq3k{pstIM<;GoIv0tooI;ygFMKw-D_(0 zvQ?kW=uu!m1jxO+lkkKR&?o@X(q$y)VRI8>(Zgr2ZiAeCyRQ8C{AcU>1FZL=Qm*GP z8D(e6co5Y}G(TA7CYGlp&%@84F~=MAk1D2^yEFZoTAf(~E2j0o_Xk{c?l-ru@t9ji z;UKF!2U>AGE1gl;06O$l>;=k~(z;L1J38}LUJd+88;{A^b2Z?C z>57H>ZQKSWg)-gtTf1_?pan$@GP=c1XE@m*`yfQdilJhG^FG?hR92rxLMHdqLRShl zg<{`Mye4HUlVZ;OdHj2=e?ol`LnNyJo-m~xa%?1Ts1>8y^3pz8R;iP0Juo^P`5u$? zYK^qN^TE@A!bR{|{xLtGC=+e+RMd5&DBblq+oN}a<)`UuShm_f(}}tUNwNg$aE3&f zw*?qUQXoQwa_75)h7wPvm{TbNy0}iFBp-)bI)_YUG-&;}^Np%Ds6F}Mn#y;Q6b>ZY zWw>4quc4haye9Zy;;R9;BL@QCszAQ5=ZWE_c7CypwiP4@(CPD4mRzHL#{KS%V?64G zCrvFL{YkGMUp9`W*G?siK@`~N;q@GqmhioSIXRi0LcDs8l8tDkUkh%3Cq*Isr5-PI zQ1)zqpKpU=zCBh+DUpyV8h#y)EL3%_E6deetpuECNnT=U3Fe^JIw$AzJHsjfajw#p zPn=>)cOT!lo%Mp2)+Q@qO}KuRC@1wJSHq5Z(^Plm=BBmUv4)2x`peR7o0mHydOs&z z>MJfshE^&cZD z<%F3#uL*!2}WX?QDT7g0rvQkc z+R9X^(3DGOY};rvMmNT(Zka#~#jD3?g`oTb!5B7`rAFuo(NcaY!z()u#!XZbOIlg|do(`9R~ z{$Tk9e=kw~bCGo6MwNT1ylNh0-?BP`^{Vr|xfCX&`%D@Hm>6PGb@*Cv3~%6`ozAOO z2iYQ?u50;kLC0(FGW-2jxo|H&zSg<)qJ~v%MacXP>}~5t9I%%{@fZY18zFqxl-6pm z)lH*Rq6VnH8JEBg_%52O>rJI&Fr*FG;JY2qAPi4Zxj-4JBrw_g<-fQm|(=FCA4+oz|d}SsHRL6!`n}QU?p1!pA?)X zgzdn}q5J=90pef&0~xRW2O>hHcmI;`Uvv0hl*ahiD*b;<&A;^UU$*qWE}i&)jvnT; zLaC@Cwq$}l@i?>vLoDjP69PL9CYdcGPefZwPEISdlzYeCzetTOX__WK78nNFtLN@Ljx$1ABBx2>IXj@ROvmi`#I>L>-1G zly^jgN=kx*9l~52D8ztx^b86BkrAs}a=zPrTG)a87W=ITN>~SE(>DFZHb>{Dx3#dN zP|o~-p)^Fr+%HhvZi~rDyA7rI4EWmaU?0Dld+UodU-7GO|5xz0p5sKN$s5uUTuO!@ z2L^h*`wgnI4|4%%Dcy&ve0E@$ubyA7P?|zBxF0Ytr@uM6%`JVoboA?Bwt>F0`qcntW5CB+`tKdeV!Qz zO0|l)tau>()&%a&y>C9UxW@Zyzv!}J>WI&Ak18vYVF?_fJ)oU};nZSepF z(vmTujme~a#6!Rd9=n&8o?tlEEgC)lm?*nZ)Mk`QllZQ2ZlETV;hpPN9CPiULtsP= zxxMY)=fA%A=Q1n%%d9GbaJCRfItz?T2XU#F3=e(MZ@-!#s;ob<*9173xl-!_0OfdzL8%NY|z{Wtv}ZwH?=b^#iU1$ z=PS$8AC$};vCO{k#ZBoXcNQupMv^lNbR86umne2JFS1U&sdp$n{)04Ix={-*10x&u zUZmzIc=d<2pV3js2B1Ug+pEJF~?i$H*6?yY2j=|gX@ zl7;YV2Nttx)H2>}9h0eiGV56936Y?^KC$JvIVtLL%nDtAq6mQ@b0qE$5x`arGq8xl zF-J$L(|A3HhD=@+J7Ej2c#`CUVheO1dFRE2cBPmetU8?>vK=7ir5wt3tDk0Vf;+h;4`nI+G4?vTAhl=&W+>-z0*`NpC*Bgn+#LwLfIj_g`|(x)c|L>a|ApqBGWiwVXbg=T^9W5A*aJ^f%*c;BlI`LW)Kmuu$~y_4txpan%zw`VTJRLM)>6Lf&Y z8~U@T`mC6xaMtzAp75y{4a<$u?K~bBvZX;h3n2O`I$FU!4uAd~`_| zCo2oqk!7y<#Je*-3n?jJ#6y`Fo{`}6)rHUo{9TUEi1c0h!p}_5cD#C|(3S2_W&A?9 zeV!2z|Ioh)Spt^eLc#fzP`nJj@A!OpK_$clusq6<1=HnUFG*44S)Ee0dh*$WP$Z2F z_PX#oAhT~QcKwAt_(Z9>UaN?E{H<4ef&?fs0CCze!ML~644j(Klz?E}npF}gba0PW zYxN}aF=s(?l|XN_lB=Edmlm+tJ}>ELzy9l3jAU9(ZhuDw{OJVz-Pv)$nVOYpS%v9T z?evq#0W_o(Oj)H?LrIQcRl6#CQy1?BH#dH7p8ltCH#Q?j;p4=75ofKW^EUFe8@x-T9VE$xflEIhHX7@P70@td6 zh-(3g&3G-Q-h9uYWq_s_siYd@S*ZZ9#TJG80IYO_E;m~=M-8fpP91E?G}@?? z9HsbX>vo7u4N+X=(qku4t!ldYdL!aaW*_YRW@@ZjkKpnm(U|EM)&fq;Tg@W?ZHTWV>e&DIfqL!tM|L{&Vr8;?mzJK zjs?xIns>J0P|MSnT;D(5l7f~i-&TlR=~6tyWqBrYht=oNO0Pm8W|kYmXnv-hNvOP* zRXbGb-;^Wo8Q3(`rD(0Z&u{J1>6kkA?7h0QDLm%YoY~^f;g|uaCJW7zImkl|E1zqX z#i{k(7~={oTl$>C^yvP=`ZJ4IgC&CJd`;?Wiupe7LUs>gr3gzE!~xWP=rouM*xz?x z&;dAEkbOxrYg8A6ZkM5VgK-;I!RLVL$+&-vCHyi=aN#D@*E<4RyjzKFj$W(wg)Fqn zR2%MqL1F5nv68SaYF_EHOs~)r<|j|H*WPEOn^ac+P$v}L=L_(jMtec>fE77apgmyH zJKyXn9X_7c)QJp!Z&^AY*~UNr%2Xe2Y8cZ3`sW>+KORNBG|6B~pQe188IcL$Yi->-dY+t7##FUiI#)za0NB+De!^21a36dcxD-Ogy646K+*wUvHVkf9~S+*(g zgLsIaV)irVcT%$vYh-46BWpVg6~~`55+~|UwKu*~+lYB1FaUCy3CEf`q0-eXG&XGx z(K*qL3*dZ_-12LqiC?`x%LpLVffZY)Ln2}%m2YgtjkJ5KY@@CDrHQChz>j`G#+`){ zK3Z0ci%3PjA5UKsw7fve59$r1@V@~wjzqS`_cLij_-3m0#PP0cQc+o|3QN8Bt&Iq+4XDV|hS-X-`H~sq40zsKKrKU%J7Mf3V z3rOwrZ4W*8X}n(dTdc6mQRL!wRe}Vm?-c0@`_AU@y^yW5Z0NV{5I*TVAU*ZsAtAsU zoChMDdZya;bt`eVhC+8>4$afSKtz_oLw@~mhQZQb_%QtoW+0NftXV9^cIcDp$*@7QnK zyFH|^>XD6EXf+_)RMH{4j_{!rZ>xQTnoj57iGK76T^?|8?TJEoVE9S(b8Am{CBwnw zm`7aQ|XSAB^#o!RjZaH7+Qh& z+jb=}9_Tm&1ZSE%nqKG`6VXh^E!{`B+r|PSK3F;Z##5mpVn~ zOhq%hveYMSYhqqeU8B$XJ(^!*f4;S)n(zhz=^7adejdOzK|W^^#0SQ2?G{ebBm~;< z=hS7n55!Y^5%A_fzkA`_?$+#|Ur`shAB=2(OJBA(XcTXUM`sj-CDH@MX7~CxBQg?< z07P0W`FE9DB8y*B!!Gcr=|b(Hz`Jz+1&2eucE=m@N2@B_@|8yiqotfIk=3VD#N?cj z#r7$Ow$L87&VnBdgakOv_^g!mR(SkX^}RP#&UEVg6NUP|dQx>u9y6D(E}H9InW%Pi zHI)*Tg1dS_#IIvp%DQi3UN2bH#nRf0K5s!Md_bg+1Cag5nGN3Xn1F}}!Sx6Zt#{Q3 zs-Zmq<%rcl5(BNcUEs~Vm59PTBCMa{w{NpLg64MjfbqN+dOm!&F6(#tw=Vc5jp5v$ z->E0t!SG+nzVOH;1c>J)Xf$B@`DE28o}mWwN~d7Zlz(D7XxJDm%hAX^pCVB=ax8ep zS5GvbQ~Rvp;?kMHgH3sLx;cee1nr#8B{ZkuB(ULaL{B#MoD%7 zsc#Wc7&O__r4p#nqCX;@`MSA1;0*md)3!p6w{qde^y^B%GmaX^26Yf$6yid3v0=Bw z`r@b|^Hyi;|H1@+O@Za2-i?vcIunlN@?FEaWs%i2+r;=RFwrJ+~RR(YW0W9mT_* z>G;QXMgo*?0IOy12#lc=DSHD-gFZ$h1jbYCMdpqHy{2zhEG>NX_}X{BS1K&?cvHjs zdPe-}-+9qdi+7bP78f1~phJ{Ih=zP6#5_EnMKndNnvioUj&Uw7RpJe0#ZiXxC<;#2 z>8X2RurjJq?(@o2EhYpf=KOHG-|Cgw^5cX=9>hh|jD$C~#;;Y3k zOlv{}+4j9o1A8|BLE4h|;1Uy<`*-Dbl-v z%*Y5zi}WfHkPZq05+D#22pyCz0vSX=dT$yDkOZVluL4N~1Vj@-I6#Q+%~Gnh@*I1gq9+N>rEO4^+w!mb8J=bQ&Je1)?Hz%(xm2|x zV^ytDX;ZOKP^Rg5SbeC6W*db`A9{J^dCTJA}vsp)wNv1-R&MFyS&lCL8P{Y3dR(&AE%uRqH4Im@WhAyC=@)Xaxp&Dm^fpy zeQ3yuc(#)H;2 zS{Vt#<+Z0F?L`09?TDC7U( zT^ea9%zQak@AUg1`P(2%-(pa!qBcQ|QP)?LP-0XftA(qWEOE9Z z^`}Y{=wyC08eL1o^eidQFg{EB202XLP}VoFzhwI@&UYH5Z(C@t8~;3p z0`c~CPMzQJ20xEwaP9>BJcb8p|JB*QAG+-p9u?^6M9us>*0j{UG`F;Sli?Y6_bC4& z9oLnBKg-}*>Rsgh5S%uvG0+(oc+Qg^k zR{NU26EPz6X_CY#dJ^&8C3+dzsZuE|K5$5@M|c`C@xIaNp(5F6c2!fO)Gr%i-;z90;kAqP!J5 z6HRPzgOdc0Q1VIlSQ5>Psuc3TuLrBBnRV&|dQ#b%MjFD9z?I-h5faYSe$KJ{issM&Tow~mQK8EpZtl^ zU#}(BtJ9BZqD738;BJnKNv2HALo-wwNd(U1lV+WUd%oHXuX*lsFuhemRXvHrgm^-k z7bQf2Z8yQV=DI5@Y4<8$8dh(fEnT&HXHaQcj6703|QKt`Y^aD+D+dI!H}%0wLUZ$v5M>D#lKUlr7naQwa^g#`7Ke$)Gx z${+5TV6P{aZR-gtcHJR(W}%6vV~gW@U4umI-}$*;zD#w`GiRi6XIczO+DGg#g1_T0 zi5}bp_v`D$Q@07ucCb`w42xZn{0@7z~T6nQYSVf`8tJ>@CSuk1B>UgISj%dj# zKOmgYtD}BynW0`{voPhm?@+t5^Yhr%C;tyr^8Y)U`G5VjT{s8k{cl9pB4MY6+M%!Z z^H@~v&tn0EogviDKEaB*a?!%jS65RXs;|C{`;?ox<}+KkCKBYB4?E3^y6KfDmam zi;RM+Swx;fu#Xvsx&O_mqW@@Nr?7_g*cp3FX#q?fE*b^_TV;+L zEGRHZ8##eCV|1H&(1rl^R5|QpI@s2P+pN zOA>{*#QZ4G#a9cjj#$?dJ@_l&BmxK9z(ot&80W6lk?yp$!us0cR4Ws*IaN|_cv!dH zmm`^%#J;cR%krKIAiB0!cFS?go5CNwgU4cgkkNX_fvdD59e50ZAEwI)q8O&ZbiHY{ zaZwk>)j929H(e<2EH=K*K_TcrM=zXN03v#Hq=pK}*b?s$@4NR%GU4(~vny}L)RyM) z$~3OMqz3uF+bXfDV5OR$rc{|8coLaFoJ_rqR3=)KSfH43!kRiLW|^>Avknm6R57*d z^fjqEKE~UX0Zl@^=-QV)wT8O?1DT*Ch9C-m{jD(MsapU5YBOAR2SAmKUbX@k$pK5Y z=Po`L<=3iw#!9x{;hJ`>WF!34A$f8;LEDf1f%wvS-qIt{Dszfye&|3-?K$toi#n`m z1_*i1av#8^XfzS74HLo2;K?hOSgx$J4+tAxrhLmP=roXc;Qral>T5ATuE@t)*<=9ht-6yhS)xG7- z1O>6=Yj|0kN|C4KY$w(uF!P+o86?b^Ey@H-9+3WvkrShL4tOw6)r|R}tFuYn$s=@| zs%(NSB1>wszaw$ZGyW^g(X+y*k7|1LFskq6m69frl7%-x#v%J;#3_dP01)+xz95%R zYe3H@s&eG(=27a;wV7#|$${t@R~3A9m4Zvc!1{`HU7Kx=t6q`4@lgqa+ej;x1M|v~ zfnk#;>XnHwtuybaI^nP?8?e8!ZM&_h?QU8QDPWm5q83vxB!5Y#)Yn)r0qb(z&0Fg= zr9fx9Kw5L)^HLKshRTp8C4F@4fl3takrpNB&PfzRa>GXeg9ONw9s0!f$IWbwmurrr zFFyn;3Oe2H>lim=pyyH(*s`+PC)MA(<8Ma7JmcD{8or7b$MmBF)E+DlwR=|cp(1un z$SK;Q`zedg>B=v3yFR!2SyLVJW+!J$1SF;0p&3zmXHCQ+?L`bj^m3{jDJ0OoOkC%A zp<_DOA-a-f(kM!9JGIg*JJoCcsw}bFvhz-(L-R_woyl-D`l8nu(vDPaCaai;X^M-6 zg}5^wh;kyJrlFt~vTf(m3GdcLxg6uk5PNl8>_IQ~-j5+$vdDx(ZXV0jb^2N!Ro6yT zM&XCJ#pmW#oQqhRiY+G)ntwN>%_3yu)2))H3`0>*RGzR?pq-O^0NOZu&}+G_-Gj&O zp3&KE>z?lXy2fe|JG8pmYpPtoEJRO+0hJn2TCg|fHq^^c&8OA&2{Bm~bUpgM$m zDat|%X6{MYE5nWCQKB}HkHZ4YF0C@Euf;g#(G*#dOaVq|^zv;>>ZKG0$7T->!V-5t z>n0JyPmSK8dnQrnpB%CXG3uuJq;X#X)&=@o2S;Z+VvU_QOJW++3~w}P37vCXy79;E z<$!O(cW1tAa}t5UC)uVr2Dcx}KK1HmmTL0Lu;jW)RX+{r6)bNl@_9wGjBO!Dha~jL zLF-hQoH?oD>>6V;Q2O^ZEwMO$lAXl)+I%oY;~Av@D{X>L%FZ}^7Uc24 zhUrr_uj)ZHN_o$gU`2xxsP{!b)P34o^bRHg*O-?4HF$})BZnSM2}yf`HvU~8+!49t z(=zR>muH;9Bcq;M{WbV|hs=1lF(#zcDH}@{y?(ayp0=vQ??a4yb*hA^F<*8sKN)X| z)E=lX1BGIXV#^U1V!UbYVqz7RBN+j!{?T-`BnUx0AUS`rpUYZ88v>$XT@V55YLQ z5g=Yn_y@AOB8~e;+E#c}pQ~X7&+Hk%CJ)B;7*s5o(QT*^Nga?fVZZFHF#TJUutJBid;lBgy#=vG| z<)*`G7Uc*|76H+Q9m;5}cXTyH|9|XJ85UzZLnrhF=6(|c(!cIfPgE?aDeBDG!P9c- z(tK-8K(W%0+$Rv)rbnV*=eh)8OYEH>FuXqc-qbf%N8HG53cX9mU%3+Y;mWzLtxWB)B)RywWWh{j##Ts_HRC+w zm2|Mt=@?tmoo^}j6)Vb(L&U3miPG0Uo>Wsoty5DHVhYG{rjeJuBV?QEP!73hYuMiv zw<<;QC*-ay*>>|oP#-LV{P4j)L%6_>5buQl-- z?u4~M>3iqKsa%b)?loa&^Q6J=@&o6qvn;wi?3jYPCvN}`Q=v*lNj>hFf#yB#i3LW@ z-mXP34HcD4N#~?b>Y%RKHU$Eryb}&imbft_ZvYtD(lIm_eYK!sX1zmb67TYI6LS&` zf4Q!#yP5`%S1S;;8dvvdnY<7YAM#FR#VtaP;>P#9321-t^>^w*F*i|*sU9UxUYiw& z=$XYzays%o2lcT%Aj!(WpjDQblaf%ChbUjHwbGc?+7puH1MAm^VNx95zYGH4`Lt>> zf^Rv{F6v_UCvDdCuCPchQ!YJwP`n$}ahB-v8AJ|D^it@kWIdUlrrS5%E?b%JhVY+i zH_ALe-2q3-OxK3gp6V-MUTX&IsmRAm94vlkpWo(*trAy9n`>ijb*i`u}EkH`sZ_5|e? zyD_~R7QDT1Ni(+6f^;Wv=X2F<*hz)t4f9W=TLoyzN{)trU@0?Mv~6_M1?D+$mq(ks zlz1c0Y=K(GjmxV9I?;A|ksET0@ou%b#+Z%Sp&}uai9&eaRL-*n)1ZK$S+fc4 zP_I-+IP%oCMaeboNcpbrbKVsMy8`bay;{n*UJO=`pDyr%GIS4~pz|XY_Yd&GY*LSR zV^@NoVcWgL@0(ZQvsnfd4%jkys^-2CMeDD8eGyr%Pf>&{ebgu^iEQb$X-WTTT4;mm zTrke_Y|HOuR}k-0$i`4& zv)HB!LnzPQhNsdlAKqMKZxj^70NoY{XPBz=Y4SlwBQ?T5@cbl9ycQL7lc5+}tycMs zAK-JE)a&uXyHP52eO9}>BOSW0`WEP(@Cmmbw8<-3*wx7@`E=`s-rLkRj0zQ2b~<{% z=T1I-wu4=X>^@uIWX)9z>vD-~sLu3IuM4i6#tPsoENix~WXmik^~*NI$zmB2u=pEQ zz7-pU_Rv%X!22yjcff>&92iN5bQl(q`z5_SFXU>xzxmtg~?DrVA34- z*Q8n>jSk4T-c^(%l}lr3cGn+6NlVc!rvh?P~`_~AQo zfZv!{iM6}NOMjqvMrE+awo0e_!aj%REJ>oWcMYZhX-RD2K}j~1q{b*IHO0((|3ZURNrTIkYdp~?reF6DF07V|Gk z8s}$$sqDOm2~-^4yQ-;ZVt?bS>DHS8_O)*9aa$)$8-6^1Wh4-$#fXWGz+F2#*EUc2 z_g;4z&<|bGvSf3)MpSwyDs9iE45&=n@JDqlNO7o@aLTHbz(I)mqFGpBz?rSIQdAvX>`boa0#mm?Gm9ll#0wP)3EXCPb zlpTR1KmhX(#;=<{^r+Ui_ax`oBU zi10SH2{3B*8z;%OZA@SqQ6ucxcf5MJEsA??6~(>ZSkdZrP`_-DrIVgz3%goo@g~s7 zS~ve4QJ4|Qp=}#y6`&>u8+cORUaI$&)ScHwm2(a1*KXlalQP3^T0KeO=R!1<{MBPN zar7#3dzz)l8p{(Tao%=WW-M)qQ?I~DEZH%25N#E^sLZ$>3lhb-6_)HxL(SQPU7fTV|(c0Sjwwh+~=CSMj42mL8;4HV(g+fEhDiSH*&p?TYnP$3& zY?MHC?wWZ<_ZbxJ`ebvh0BU!@ zDdSLf_~0AKVqN3I{Q8;2xzCIZ-lhbsJ*6g4+e65Nc*q&|J$VG%SQV$y6;P%=fw@i+*3WFZ3^%P`j|~(jmh0q}kCrE)P_GBT1^kkwuSj-hjI>2-3}|Is z8d1sj6mWTv>-rsb$vVF9QmM7Ec9&~ldrb&JWC{v#XmOK0n*xK$^~6o-(ngr(3}cGK za|$x)O=$NaBwl3`E_zSxb;x_BzdvQuRJF?)TF3Cmr7EaJ@_sX%Y<8>_a9-F1dy~Er z?XPE0ce_d*O$@U4LJe-b`_hQjYUIlcD3na7{B)*^ej8>*x9Icn;1ARu*6Xl#lqyT= z86#5yni?w9K)nZ3`#W_%wiVE(H!w{VRuk^a9(e0+J9KSQ9aA}uD(r@uYvFgx4nZiC z#P-qEf^K-K2eirN!fa$~+-+)9Qbd%=u9ug^ltweGZhLEsucbukp@pZHcCn0yS#Ass zxH#*B1f+RfQLS3vgx-KcbkEU%w_Syor_Q%dUcu{Y)K+_k2BE^g%=oBy>sU`dIV$Y` zSLSl-fsaUNTthK6VKZ3*x3T0hY_aB2svIO?NW%B|a<+B8d)rN`?uh|POc&K# zU+GmPg_cORs5vU}a{U}}`2#7Uy%!pAPn*H=jUh7Bf`(!JG89=#y%4(EJ?x(9=B$V2 zSrJrTSWG>tO84e+g^u+Kw#Xv=Q;GZ)q_^xuSb;HZ4oa!l0%01bA397`sUO1m z!L#b|9|ii?J|KyE;g{mPPsXEf2CF9tH7jGP{<>5o)QC3h!W;Jp>#CFZD2cP!6Y+HI zUCU>~snSqlU{Q3}bmvt6Hq0F@0ToZRJFr{ux2M4y%OfqC>K2KowLauD7mCr$1eTeL zh`9B@>tX~bF_)R9Il_-tfW)uG_qcv`d+ibSkRw&@Y|e5a(w04@1abPuew8(}3T7Z> z^vdeKDVSOix6yxp`0)`zMQ$lmeN6?s4yIDd(0@(hub0lDHi;dQli#wJeHNkgSI*}N zV=ssx{BoDRE;17H10lB1MHTvb@0&ZJPI-QoOR_U8MhheQm>95z-S>C$xc{WbRfS6d znNXSTA^eaxx|H6=9J7z)vgkbw&mb>vJ89fBD?L75VxT5hZdDOHKoV=QHQAjBx!O*L_%e&f}qS@3P0;H3<7 zC=g45#CM#h?-o;Z6~0T4q2)YZ0&!%W+Bl{*MK`E-?u$-pd6;6NI*uDKh#)}LLkTYL z>PLHLYePf_X4GEa579N)_!|11Rr~lm*L++9lL*P9diA+Bf`t%4zMHl!HqG|zj%OUv zBGoZ^Fv!cIm+EyGuFgoCGbfG~Tk`8@`RVH1a$1t?&A*-*DB+SreNc79YlJh~qT55e zRPjWPJL=1xI0ulJJ{b5s%2KC|OV`?(=o<*^Zq% z_CN9kY82I_52sr!0n&GV9;?`9M3lj|-H^>6F~X7Bm`~#Ydq?>uWgvjKMgd-@7YqL$ zq6&IpY3|pun$VXq7^P<`*Qbvhg4qv?=Lr27M}NZ86ano&e;(^Gi|WGT_9byG-`MNG z3Tb@zk6!V2KaU+u9`)@U0}s%8NrYX$ZQPL$N{OX&a1Ya04rWV-TK2ZAMzkFU9>VIt ztK004hA#V3=YCFaio`0T6=^>JO-;s1P;_IqHV;^Xba z*+QsXU(le&RR!|h*%nih5P#Z$s(hKatP0tsj7`V7ZgQb+rwrRe@dZWXH?B>W$Cbwu zr+3ok%GW=h2B!b|RR6d&xR(>kbGLAH!&^Z?`st5!?-I{+L*3cg+&wjm5~CC?i(<0^S*vMznXwq} z@fe%Ym_IUIbMB^}9uD!;$&%K|lD#<`A}y^w{2(;5Oh!}2$h76ty#K~5o7at7Y%gBS z4|LsA`1!gr}P)X0C*(pL;PXVpi?YF=SnC@v_9!qGUuHF*}xYPi=i$ zv(HSy!sl$0Wrp|d`cWT2y2I_6zam1pQ}!P%*EI8}KwQ9R-)t9Zy zIYK7Yo%5wHcQ=$s>ljt>nZGVKv&hm5-oLm|>@hEE)8q0#ynpGul(qn=SZ21A*@Id=w>5_icmq2k%7hd z61G#zTGg5EJ0K+@!<4wR8>oUi@@Q*gbsn7id8}_@1QhLCS|uEe(ul{6!kgZ+1M)Zb&ym41Isy!+K`?9toJK-{0RGCw!X(7e{K0MFt_rBZG!4HpI_k zS&(_-rl>WR3y4bYss4FP?;!N(0G#YkZ{YO-gzasR6a3f`v_t%Bt7Hxy1R6ttL62th z^B6AjD(hcc$M3hHGi}KI{dmxPu^jyIpWU%7DER(dOm|=?@>waZ+S5 zNtk6T(7W8;^c%qoW0{n26mBifb;yw5_jsD$7CV? z3ZsX({WzwyNGtPjeQ9rF?dP%d&;NNA*jsYEjz*Y77GH`ZD{|-C;SX@EeZd%43TACp z^5?PNz+9m}`qxx}H_Wf8`gK?RdH{dzRlm0NUlH(Evhe?Pvhe&z8Iuo33Y{Y`&w)Pb zH2)y}S6(>L4rNd`&7|r!2F&B;rj$;nhY5P~wit{KF9trvBDGc_&pEBY-M z($dkEnIespDCL~lnA_j@r=~jMcA+1#i*pk3f94^--*2=n0V&PJ6ol##2gUvS%dNvE z8t!Xa?Y27W25v(cNI3LEAERToL_tF%g`=m;vor+vXJ_fL9l}f{i{k{fP3;I{IR4}9 z#wb>{5DL{lYakSFPO>fG7=2PM5>nB1 z)8N&_nP4KS=zsT-w?HkMn-s*6s3HWz;G_^(5963R zt;>)jUI=KmbN^pA`2IOKRUOp}I+=TtMwkdKFhwl{uj))jH|{{g8KkvS1&J8u7UaJl zWD|x2`V+EJM-p&AVIWuq=<2i1gOHdVKfEqTasQW{vOfo-2|sh5{_X$KShI6K*UfGESph~ zg;lZP0-N&14tXPVIBvKg8ur~7YV$ESopr9 zA=981EHOWS0iJ`>Mr+`QZBM{|E#j|5{PiUMdJ_Lv+D?1vdraQxi_@h|NlC~`E`i% z>m=^iN!)*XX8fy8{8cCZsuO?JiT_*FiHHI{DHa*W1)4z35m~1rXc#sWUl&VoG6XU2 zMrDunoKS;se$JEnG$pu1H$%>UvrQj1ey1^Z`cn(2gxK`F`s3ggbv$pw*92j--X9Fk zw6;ceV+CrB7L7-0;4`%-rT7t*M{2k+UtHc@$NIG;d8~U?Yr&KQRS~SLm8evEO18el zxmj!ITGhn6{Ithy(%8TdWu|5q^9m8zm}Vfb>lpp&-jH`_Hh%9@Q#yNL|C~qqsYgl#%08|Eal}WM1DTnp z;aCE5?=lE*iCc~8gYSTlcduIJMHZ+Vv%T;SPXrlBM?z+{yG8hy;?<#8TvPK*GS8pO74emx*|Vl4fy89U7wsko1}Y+B?o}WJ?Z7k#95V)D(Bax`fJ@ z8Z^~eelkRnV*|TqHYMLvKoz}uvnh!d`f4M)d+xiXUO}Y5q4%F~LpWuX(11L;(7GD} za-eWn+!0UH@qPYfe~c*|G)#w5Q+$aIp~*WKZlH{Kz^Yz8a!K@-kQ)zO${uI(+v1RFnYWFFNl$3zW%k{yLtac@F6%wW zONN8t=Z6(w_DHYr9|-7ikOUWo`zg+i>}~@?hy1L*C1}&qEITFVOB{WiqL>7RD8+-#-HKC*n56^M&vdkFXHX&RdXiSwJ3W7bnkiVkO zmOi4{-{5!2_HkJp$u-bA5a^#xe%%YXhTZSEfVFmv`R=60o2scsHHlWGGDo2C)$vvh z@=2V9G%dHwoi0jkVdg1*^V)+A3-h9ue94u_)A|aXqp|XGB(qA~dt56!`92^6?<4@1 z%9!UIK@wb(VCs($#!@FnkTvp*H4JTqcM%$xrx}o59F}lKPX?{1^KNo4HcAXt{!LE; zOa^qxQ|-%8C_HYO=q$)Edr|IS{L=gE%!1FgwbA}fmmsmjE}7|WL)k$FOFLkiGtdxX zS&J0TT-_H}_+#Mw<6)U24{N7}RQZAW=F1*1-L&d7JClcwsj)_rb)Zg!h}bYz@-+O6 zw*?6{EtM9H4YVetaz56xLqP+`2(@)ZabK~_8w)eq-vN{a`< zx2Irdsj8?#;i-;`8yzx?+D9TZnsq7QaM_9 ze(XVD0+u+OdYfp>m+()c-h~0_)V>FAn)idmrcXRB=i<>+Pu{!?iaCbBhVbpQZIgQ^ zWBo9C5-CQ_GLxSs>1)h$7dZC+c#)oIG!lA`%uQ zeVK$0LEby65oqCrX7;Le(k{D7jRHw54ndIoFG-c&DgxbNG#4+?xy!zY(i4586Vq=XGI9?t-kCNP&6CWT`AmTtJk#%`2_+2DSo9cW2H?)}uBx$F; zW(UsOyF6nf8R@#W`wwT6m_|H*s;K&>azR*OFy}b6N z@)h$sU|5c_>^vw-?$8F6nboO;H0T+ab_n%b9HCM05hxjv45Dd6=V9KZy#bKq(jJ%Q4v?((bZXbZ5%HzwP#ix$|VisN;< z?>?{bj~P(P=(*_*_zl2&?U97iIA-(34Ij; z-KAFTi4#)s$=mr(swS0+1;V|*l{}v!E-Qs$6}8D9`pYK=eJBlc^~ACCwLk_AdjLLi zLCer&*jWY#Boz$9Y@tU__5MKX0C6=yEfNR=nH#${fF*-KnNDIV7U@@`bzdwWEj?!X z)5|D`9^`4X^#rzPnNj3}@tj1RO)4?Qq>D3GeqEdNkYy~}<7?)QZ#RX&8EzIKU2 ziXC1(d;&eb`#UIO*13q9XPq9W-k+D-r2!F)s}wcRqbY%Q|0J1Oj^i2Yq^%aN{n<7R)3}E={GEE9 zLmM8KrLOpq_O z|2xy)Z=Nm7lGuy$mO&)p%?H-{GQr9IeXac{d_OzT0n5kUjn~dLQ!al@^$Tq-=g+^( zxWyXHJ_~w~C(dTuM-M26rNa5eE=ElO5OCcT!9~iUY9{J&qKM0cE%ieMbifBa!40?w zs51<0h7e6TJM|QSXY^u&JULU}9vt_5ydo`40wqV@L?p$5A8^)95Nb) zp8+t&28B1YRgHEY42w}aE{2r5eGV|-v13UOJUDn-{lXn}(}mGYN0r4@$_k;KPpA|k zQ@WOeoOl%ZGmW7JS}+4R#PMuQN_bayjiL?(ooD5{OzX+rUqLIra4R>%TIQ`<=~Y{b zX7^NB_S|VSISCQeS0TF#XLGW>fHhbv1AaV`5G-jpEgB647jYqK7%l|&7_!}MYXMFl zdIEyWe~h68(8pq^T=}&Ur}?XcS`o*e-c>7-%J)o)Z-9lKz16$? z+15%4@M}Gu<^H4I9;>QJc7J*Rx`1gOtKWa92uUsgLB^ou!;-F7Ig8dnF3W+G6O-p(sP`Ug~jA=kO zYh6y_);F9`8+x!YPR7l3h)?{Zp|hJ&x`0z?S61z&pn|Sa6WhK>4rsY4VeLu%nH7`d zPj++r?r0htLJ(VKU_m0P4Ah~%7~Dq6g~f6qCo0EF%qN4-JNju(1%|QoiJ2r+L1<{(e*RkxxF$JVHjIHo8S$&0d)OR??J6J!|AkN83#o>1s<-F9k?V^}$xlC-ng zRR?L$R<~Rjpf8FHWw19PFgM?}?qG_qP{@f*UaU^Y&qi9UIA!qrJ}5h@GMzjafVR)} zj2`&jAvto{nl<|#a8*r(Yxd<#)mbw#xA7ACmdBrjL{&RiQIbhh_m!&+u-92#NnKU5 ztIaCRx8h%rQ225c?nD$DQy-{b*1fviyXDB(LmU3y8MbWc~p$E+CViMkQ#Wsl~H=oh|z^rvpTdG?~F#C>j)Ho!*=UO!f zz3i*&1ExQyoi5i+S;-5$bXA_{sbzLg*i`at0;u z;es7h^)f%`;pBAWcI0+w{k-=C=1V~&=yB0=Nbui$TR@XWL@HCg2q1P#TpW9)>YWGD zx6n6B9eqUv8eQaMRcANC-B+4d-s(u^mfrrHk|ojNp5yi)nJAv+VI>s{-Z0LRCsK$; zxAI@R)-`)xdnc`9Q6Tf(I_71WQBav$X8G_f9|Rdx9uf%3xzp&>(mJK2jTOmOMgX-6{iL%=3m=*0q2wMHl`oeh#ZyTZ-FN7jWk|k+TCMS7gA}cHvyz*AB|>Dy!v3vSQNdBe zOS~8_#d&F(Le`;yw@z(B2WJ#{@w6#uP$~GNM(r>{Q7~$JFFdQDCj(9*h}&;uXN(jv z)thgMY<7mLdHYu^eeAtot4?meu}BD{CC5F%D^UCpCtL$&cw`xt8YrU$;}_TP8!Ls- z@gf_c+`HP>opkN=g>hDaR@=!|1tz*8_fYDm7jH19v5jVuG^dRm-qGsB_W<;_%JIHB zl@cL0R85GBtjbUzz4|nQJL@k^*qazDxyiiLOBRVMaI;GKi62V;{016kFi!x_Xz+PU z+BYUYe7E`Nc?a0@?D`w#ekjfqIl}!s<^hUsQ$4XvT?+g$t|5+e<3}1F+O8eQxlgS; z0_zV79Yz|CHK$&UJ?wI$Xw^H0COxMn{!xhK2_)~=G>?#m~UHAo2*GgGOmup*ULSXWr2*jbicH{YbnW(ElNVudyMKo+MI zG7fD{YA*@51_k-!2OE%Q>%}y&sS^BA_1AJ*z`Q?P;T-)duDNTp@{6ZU%O&e(f*THy z&52h73vx>!<;S3|Xfqm*Hv1<9L3`M?NC7Np6F1P7R60@aX9}0{0Gk zMDE8n;kb~#A`>kVI_-45*6MYeoDPY}ReE+tg-h_nZe5einjPYlj|*L;uMv5!fy-Ha zWpcx|kX@m7B@>_t!c2UqlJfn9*7*h_iVv6xrYaYe`E8g&Ns{u?mpDgx!2HISSZ0tSKNl9|mL1?BEl30st;At(2)v(!TLm$mv~v=U(FfTQIn6Hy zWo%J6u!ua%nqC6E*A8vHml^~JzSI=W-qxi?L^9l`9q%6EPdUV3br3|w6R2;01DIOJ zO_3kH3FoK%nAZi$YaM+8=hHX`iWK7fBSJ%{oQ|)H>t7HLhDC&U9Q+;j76-^tXMW&XOmNZN(fo_kS z?WN`<>+#NBr(<>-Ktou}9AEE4usHK8%`b^^b%YwX{<}Iok0x zYSSQ^dT~lq8Lczbah|D7H+W3DDWJ8ZYq4>2YYK^A%W+e-tI+n4jcIV&7R+!B`a<|) z*eT$7i%T{|Wv#%~St4H?tu7xTpRTT&mFX5}XR=s>Gzz(V$7dp-1b$V$_s;hPJ(pZ_ zviWcW`h_~yw9xap*c4o@uReXq`xC#9n{U)cwNoP-Nxl58eQIdVhu*vG58W(}8kLG; z${hI-pK52^SRBe_%s&808n-GfG`>TVH3k=t0y)TC7KD3{M?a4>j&uABI>%eqZ zOclD7%5iXYrHQw?fB}iNGrLIjqqZtGcHN;f&3l5C7hHOTGhdL5(k}6_XIs=>UKL*S zPe>KK(yyeQ<-=S2muF)bQt0T9ZP?!*#gecvME9pz2}eYsS%;h`WiJlEv!4zqbu?3W z(d))&8;sJ){tdL71;T84J?vAZ*$hG$7Keo0Ct#je#uNq4GE}LC-9ymjoGtr917G-W zXx(B|+3vF`a34vF5kQ{B%N*)>vHlnxNeFHR3aU1ul;}lor`PB&aRLL&wb)(48FZjG z1t(|!mcAg6qfrZgVF-;W;Bxkiub_)*KOSV*Yse)sGB3`Qw7+ruOxzNG5+0^&F0Vt9C|l zxwjMX7%Cj4#2SD$3wB}RF}xHYV;RTI6nZzNr|`LTQ4}zx!hc7b04~+2S{gDIX88&b zrKsnm)UE(Sp41Uez>R#h?8$uBqA;Us_rc4Eb{^a0>K?rdbix@+duwL_%3yX0e|))F z@B?%=L9|zj#L)0f8gO<&h<1n7{D!>M=d*%P?wJ~t;&S?appB-bVBiI-ZQ*F~&IR*l zL$tz3vV9AmU`&jd@@%T;@h&@b zRE_x#L{)-zj?ISM(3yedv;>wO+Haz{62Xpouz78?Y6r*h*>+Km(V7DK&wlh6Ar^Ae z1s^e`OXYkdE-`RPO#Rn0pXYd<`L9&9YC^rOP+0EU&4+<=y_3)l{LGn`cDC#OT zrci`Fk_z*uzaURP6jAR@P;*3_wF9E98PYLuYDkgqEg;IVvc<0P_A8!0DuT-?E=dFMh6>wZmHnv!RhT%3l}j$wJ)7!9feoK0 z4cFYJ2#B6|Jg78NHBL&^DMFs*QhmA2tZ|lDmUGtq`YTXc z;RGbP7q0-_(5gD=pLe${`S6eTK{pJK=Lhnf#2Py$$czto+2(uQ8e}Z!UaJYpxjWk< zEjz@R5z>t7GJ9*~++H0nd|PZyP-LRf=`A)0@?}_dNX4g#u^-Cq>b;uTARpp1z%P7F zE14iY;;VmYc-ybQ zIh#b1;Ge*2)1dKD;(*M{b<9b;lt0)%E7WAb<2qD)7Eb~nY402@7|0}r`ymK%lmdp+ zYf)zO5Bi@sVApF<5l%^mTn|=qs|1<)@`fUwLT^wGvlu>9tf63haJ@=#QvY|ZC}TtR zrz;ijv0 zyVNzl+$3rYGn|49&yt!qsT(em66dHlKZQBpCbk3($#|S&q^b5d3|=ghia>Ua0CK&Z zwMjVMs8c8~_gcQc6+%aLW188HSQ&>(%wS-R?%dmnJE^DVvpdJVm$>szx+||qLT!ra zOZkW(FY=A6L-6MPw$7G8jpzB`64yc_sn|WCj5V8WIN}%&5pbq$~=Nc}74aKmy1t zG6|?;U=RdNK;l7?*r)ogzN^1p-QT*mZ?C)Vcf0=Jk1Wp0IcI0@{qFa9pZ9s-d5RPx zlK|af<>CpAVLw7;$!wXhR->z2>$aRsp=$+~boRC3ej2{rPXX`N1+#}nEHQhe7FZDsl__~MGI@GW_M)WPIITM0%oJIu*% zkGpTddk2+-yD;BcgR2fViIDqJj|Ju7_=P#YaG%5k*8>-^Fs9t+-+<5nRvL|6Ko7rL z7`oO6l?$3fNa2p!Jo{`g?+H}U&#Wt*0us@cAKzgHd)aNbPDf6_)n)t|m45LH>N6=u zNcwQD^!rOTiq05(TJbbu)Cx;_E~%xKy4|nLWtc>1SKRNTZqS)CN|$rirb-k(zPjxi zmZ{y%pJe{{=u>r{MywIdSiryF{L>NDhyJo{LVY#k&-}6jL>xxJvqeP-ot59&oT(It z#!f*Wuj~e|INq48{{h)Qhwt^o9mf6wJYrSQIEY{I!LUqs)MmfW(+xzcaX<1dl>gg= zA{NFizBboo%AetrM%SsX!YuXiPR@L7AszH`2j(cZWBa}ea(*W<*OI#aLAFOMbmuI5`gMSK=dj~H%z_x`jHXvzS3 z+{#Nj+2_P|ET;7Ns{4LI%edngiZ7=OF*~?AQX?z;rSNLK%Cz!qx~i~eL%yIBm_h0_ z4e2^HAMtCpat)mA^Qp4SQJ>~&F)cIT+AQVXQZax)jSrfl;DlI9NzpJFz>;$M@CCm* zAb_&qRoD77h>eSmv|)!@Tfb`Ux@#?ApS)^!@&@h69obT^jG-L`oJ0N_ObA(P0L*G{ zDcL7{5cU>rVFIbP(dA|i?3l`N__qqPs27H+YOSivD+Rd_(~$<#HZPY&s)5!isC+`r z`gEB_KGsHUrd)lpRxsxI^zvgTwK>pKL$=bs+E!9ot?tkEOzMBmV*VG(Y6|lGzwl)T zcVgM!K%K)6;K~5Sd|DC#(oa6G91wR=`~x!Cp7o_{|0mzZR0HqR571U`_YcU}gfxEG z^S_i%EqA~q9>jd_yGQLZ6n5^OxyA>f)I;&TmI&(87fWrHgW-4a!Z`i72C&51GLeBh zidAP4Ihqsq1(w0Wq7aheEzArjkX~TVQLo3DyGEB7?|V=RM_!Du$6OqSIy(Oa^#IkB zLEXm*jvks1dyIw$)c*#Y2f9x&zdpdiSan{0l#kkT(OJSk?BxeEd=IcTWAx$9)faDD zGR$Oka7yH`#~(MOo!OIJI~N7Jo|fkt3ilkeWDouA5=^Z{G=+|V(v=)Ms|q5B+1>1t zu367OGuPNymdIZV#wi>-beZ;t+EIjPjEGsxtt_W0wAjEzcua7F)45Cj*B~2yY!4PO z#atOTN^Gv6z+^X2i{`qlwH{)Ew*kw$o_$6HvF}1DRRi#}t#GetQuDWJ4@I59t%dU4 znYnl07B$ZZg&Pkwx4w9BiT)ep)*q0*dPOg+3pk`$eD7sM5Om@38atf(2mS_WK8yVs z2xJNem!9P2b;|`U$>UC9rGTaVGr%2hrh=Jq8cz&k_l)(i46Hq3pbk^5iUtGTGH+X} zpSw;cpp%tPA2C0|2wMYDBHHF;MjV2R3`~%!NTE zxryeryx9zFQ4(M*L~+Bjq3k+8Y52*gE2jmM5Jq%Qw1SN%Q3rf#nsRy$R>#zSHS?_R z3SCMZM)nQ79^IwH=pyoGj6QelWdK>}JLU%&W~PZ+)jBm#lPjL|wP`B9ZjW~^=RPH_ zqP!??$&=-%gXeMm(kb1iz*OrDBK+$jnf^T;kH#-#u@ix_`;l(E36z+*G-#v5b^*@R zVli`YV@B2kl7I^hnTiwUSTmQBbmS@C0v-j?Tmwq?A(nqfKme2N5qih5c^Yo{*N1oB z8q5`wbsrN4J?c^=U9|{ZdLnW{W*JCne>;Ln(`IbA9X@Us*XqW#)EroL%d}1&`D`~D zG|8TizoKIx{K3Q`p_xKe3|UMBN=-V052DCAQq=VQLw4gPrE;UdnX~lGL6HpdiecsS zz^bdx@sajUqsW}54WmZakU6aqIl%o9Me8Dzz&X1Q!_6R?Ci=nwRs2>Y=KbfE}33>wi z7EIk4SZMfeXy~`k){F6{HyA zm@!B2)?DtejYEmt9}SMEKX|n_qD|kVz@jz8_{UHYI^PUyV+pHFPQ2aJKTY&YkG_vg}rh#HY!{8Icb#kacx$YRaW1Gb9xgTOb1wk{pPQBW@+AkUE_1gwGf zdqgGBI)um$W-XCXzj97ZbI$FkmT%F2PE$=wSUmHn_p=^}} zvOgN+xv@kamA}8^rmbb9V>;fPiuvI%q)N+6-m`VeXP~Ad-P&L#V^{^!=>G?v0A#wX@7 zvm^cnD;Js?A=&6QAeEqt@r3c)4ewwgMZGBPU1!P?=vLs1O6F)iE)ndgQxz(D%bTgU zqcyZ@`gG#}7p6G7G><3H&zz$jF51_^#^JL_%quWJeH7K2mCO^zO!UO^4!^+%e*Gm7 z(TV`i6)A@Y*^%JFOgY)iMD!OG@Dwn!Fv%Ou>t-#5H!;n&lhNv{Sy!i{r;MfSGLulq zo>KjK%VSzn7kgY$qCmB3A~ckOMcCITv~UpP&9AT9I0A-1``>Bn*s?#(Y*LwmA_U)47 zi=0N*FZ$|s#0$oS@oSFg&L=9Ehi8oLxTlHacFK47WbFOX!a)j_7}prHe}Sf~4JGdvE_5cp)C8=t<1Hh2V!v zGR96XUTpwoAPLKkZ=(02Uw7GrhDOH6(ttnbPE7eDJ6S@q_b4pl!I^pw`E;67HW2@S ze!KXrJtqBkTsck3>p`DSq>(;&ZVj{_Y3K?}8g9T^HKh!KbdTqZh#kip7j$!A1yuMc z7^IJhs8Xa0xcx ztBKBe4wAeYo_xj*GDp}pz@z=kxEW%b7l{nH57M#_Nl<=}SC<7S*AEcqAM_w(@zkiu(wYN|MxY1zZ5#w%z>cm`_Nl!$ne0tSfS?buy8Phq+YETmYM*ilY zWcsi^2X|0DUrP}lJG0I;M;2adzy{N#LfrzydX_t~6n!vxie^Sm3V%L}v?g;d%H_lB z#M94~3m^7Kt7+bp63z80^lu4VkqHSi7SFb^H#Y|Bw#Tq;prYlG^?gmuKKmrM7RSf2 z1X*WTFszv3pd3#Yv>%oD2r#CC=4$vvvt*_RIQ+uhs$QRAWgP!TR{Ux~WHn&BLreEo zp4!5~4h@vkgFgsf@@aj^6^v_xq;UdAFe9++K6JqfO4=kdQ(QlRY1*&g981en^b5$g zR;}vpCN-l3n?+yL{2MK0cT%dp7ZV?Ls>OmJzZ|J1*bhjk-DwEWU zO#LVV#4}$GmP*cr#K4YxRyqlgef|LO6x>nXPC-|?u{|#|oA%V<{`N!x3viddrIMJsM&T5E=t+>{4o1~abZ6U*EMfp!tdDoYu-AXGR# z8Z^X9DWrpi51B|Ct$|!|m40w@IA|vO%!80)tNPlY?kMfO=($2F%k7qvO@Ql+T!*u` zAq{>@#81-Qbs^shsA;Mbu+Q4%2U#L|%&)!S^Dn8$K9m3k;tsgchy)Z!2c;=Oz+ldC z;Lq6oN&pS>Xs^tM7klLf)3sx4!lo!c2#Jr6|LGN+dwZY~T{+@AcPsY0^V@y{E>X;P zEpsC3%I`aJZm(DlWx}&bQWy=l90d(mcbQKfd4CeEuxF?p>~0Rs`U zax$KIN6PYi^;3K+(#G^;{WZlEyp<1Sj7PQ?FG9~hJ5gfQvP#Pspqo0Gb~@5VtP0bQ z%UFKYq?~>8Z*up82m6TInwW52j~s$mRQvoO?yfnO`<&#zMEJ?qO6)~SgTLJ4m`iX3 zJ-N1`ZN|`JC}h`*-}~*Vbf?rSbZhrmtWM7JLCHDxt#ZlnB5d;PT<%+oJya|6d*)8P z2vDy@e^1!h8Ccn_6ri!9%UmGoz4U*r`{~Any((9u->`Dzz7lY#zu0Q#ke*92?Z@in zMJ8R$cpZfdRyeJr7g>EitR%$z#FLyW<|l~r#m{H#h|SfqZ!5#xA4UdHmo_KB8TONp zn+n%sxsm)(ix=3T4XxZid|Rh?!xKnS--szhMMLBP+_d-MDY4+{3_Q6l7bUj!jRfJG ze^YZJ4jVuXzER6)b@iW)u0}W5r*R2`-3CB?egvIm+1Guh*5Uq&10;#=Ek{{aIG#3+ zH6LS%8qyvNI#xfNIF>P_m-AOyj{mNTsbf@z@Rbh%v7G%ro&xifI4Hwvk6B7mCnry9 z%nt1on%3bj=+H+GNvvtvN*x{Zvlc0!tyeR)f#=WNW}iaQe{xH}2uCFnn^ZT;7@)tl zY7Z=d$h?OcbYs5ydVg2jk0-vA(yhLaOlnp1_KK{)T^hcZjz8 zw4QkRChOg%joOYA`6>|}Se2HYV`Jfv-aTADf_wo2ItTYIaO=#4dE+ABX)J+T%~Qp_ zhcazY3o!O;-~#>YJb~>5E+(ifaFBfz7}|FNG_6>%Njm1IUQj~K$P}f+Ok}d5jgX6n z7qXAFp;xrr&V8@vguV}2)% zWvoAXGnt`l_~A0wx72Qza}g1EdAcHDaO#QgI%B=F*t}?8n>XuBWZK}93yJp;{-`W- zCBTyTfG1eMbYYXY=_Fr-)PNCe0nv+U%NscLaAd16dG6ELv(+EH=Q$Tx zv3Jddg3LAxzYr?m-q1$E__X26!#_0Q%CSUws&gnMW+TA#h45OzKI6)uR`!HmN4Ri6 z2TCbog8v%JsiA>gY+1-`v!Di2@AX5yn0eH~di%+}p2U1z6#|CFVPH zB4r88;&VR^Xe+y0&cP9pYrDMJ2!3$Xg!;%Y@lPfdmy^ty80Y4Li z0fm#ARG)$X03j?5xrQTM95Ez7=2!;e>a*3z1$**jzhC6H2HB*;VR5-0cWV;|{V`hF z!VIlU)pfOicb-ajs5;uTWBr93dr(p`DxSF3yGV#r8xcYp3Z2GUJZg<(o zZ8n*MzEb?!qm7tiQFD`U3>Soh0*P7f;k~4HX>5fVJhgz>V#YxOXF{1sn(AQvF^(S) z(S3~j1f+`xQ=es3VD9uo70jWyH^#YU-|zCYmPVk2f6eiZVuEQTHZi5u2IHLoH!MO87==8B*#*H`Kk{q3bn*B@{K^NNX$)uP3Uf?|6PUeOmA)?(IaxgnIAtUXn(w@b4sD5*qUECA*AE;Hh&QL1?HJqe(+- zL0GT>RrV&g6(`Aw=VrHp-FNP*^^Evf_P>Cq`xf4x%@u))eP!UpK3Nxd4Wyl8omj;B z?DHqeZ4WX65@RxMDVl#qzk2j)uavLWl7Nx!<;jgIx~{-OX?T(AoB;Q$wH_u^QKMml zFRJBzK=Fi7(qB6Y#zM4D!zD_pud8V+$(tK-+w{V?_@I{OzBhmJ{lPGkDOF)Wq;{~s zJVhE&CyqvTUFeA}b54SsU~mY>dOX#6Z8RxOMR!ww%~S)BDtR!;gea2UGll6E9|0^{ zJuhm!>pErpwhO-xyU0Yb$=oii-TpbO0Qk}!oU2U!tzee-2s@2i3J(S2#dn}!-{S^O zkmaAvfF^wuW3DBei*SMgG!scj+^sQ};9O*uzW75?XM#eKZSfMfoZ+a(1qW1OiY~V> zm(7CWOtcP}d1|LoM{R#`eg9pXo@ri@GQw)-oK{Z25LD?OPY$jX+=9Wz8=a~mwlqTh zF(B>zhGU7G{f}~CvIv+IX0W$+4HWtr?Rn~qV$w0>fye$>2yIo$B-IpWaA*L2ri2-W zgg470PY)|UAhQ%N(bXnLcG44lDt!YUP#BSb@D=^{v$^_@cAqseFL-jZ5rGKcgleX_ z0&fV~;+(f{j+F-v?q9%-e^dwXR4+{@ZW%Uk|1>6xkwxehv!-T1>D@1BipYKg8=AJb zr<4JeRhP$lQiING?#-BFi7MtI)3e%XI#pS2RUf79}=dj3<831Kl0VqI4bX@hW%QCAEKt;M=7!o zeuo^bK@0T9o+G;knHomPvHH*;3VV`XDo-CaH4jZM4p2DdRXR!ISlD3pW zuaMZ=6AgPfAL?NvYGeCrW^6j#y1)1W;i-i|F8`rqYS%NcVink7CRY3zZBHK5Ei;>! z#9A1LB=oMf*P!8GVUkJQjNO;Uz^s9&eJ$P~2sn{89l)bNG7GVFfQcU<9pR|3_${)* zby=Z9q7vntCVH2oZu}@M*gpqY4i~PwLGj!ENoGd07X|B^W`}76V zJcW8DI4#(tb6??9IAP4Bp3qKK$?$A?<^oq0w;)MBpBZgOChOOfMz1}nu!d@RYo4uz zFD@(>glVeg`dCUnWRx0+CzmJvn3VuRCR8hPBi3Y?rGXl5Z9?$8W7nTlM&R4X)OHd9 zlV{fNt6SI75Y0rMD7jKEenGLM`(H_3D4}9n)pX@nV_i-ht^jM=$bD`uf?Gr}-Iqkc zh5$vD6*Ps|LP+d_u$I_nz+e>?K3$LZCrMyl^pKjKr7=HSFz1rHwJwVTu-{oR#C|XR zx5JDc-to@X>8~vmqJu}k*1aigPlBqR2lyuZFa&q7`6@@V5z509Oy3nirl>=>OK3mDyT5UhwLTGU$si-WH zG!F*mu4-6R6>kE{bcaY_(ZI!hU#udFxK+EDqL%?QG#kd&8o01 zZb0z&OEhoB5`fW)GxrBr)eMqAR54kEJR)LAIGzW#J-vq&MIJWLjx(%WkA90xX( zBHwjcvtEMbx2CVr$X{I7i9#{q3uQg-r4On=a8zIpdz@~v$~4Zb;Td28$P4A9do^V< zhKQ8T^2C{fW@c06YCE>>nKS|9`n9yzn^Ih8qQ?_edmTyr=JGXiVMlw1J3C6Tefv)AX)Xhl)X0cawmO z`htiV&lfuBJ6a)_JGvC-%D$U}WTTO0t<&0Xiks3;{HR5IVoGW&mqE)@2AV>E5o#9!Xs-7XPzb<9LHQb-h(oH(vU*UbMdP0)b zWdNsFK$d4r?u(Yjz+Vb!4HtLURSimN*hRVKJm?lQ>93gcx%Y&5w15A`wF(CzIfJ~a zxzs!N{y%Hf`0sf+@~?i~0!LQmB~JjPm;?&3@FWgHlP7rQH)z?z`Y*nFMO^pTpM2M^ z@~YfZRzxA?`#z_`FjiCC$*)7zGY;ueo7pFY*_>2Siq z$2Gt$;g!C?VkT0cio7G3#r{0IPf}!WRsaQ(+L`mNiODMqh(`yoQ_PQDVR`guFY8^D z@G+k>Y;M@`FLdVPWsm~G37vC&i1~dgs*fn<6&Txn0`Ox-(Xz-NZh!y1@XOl8m$O~c z)LL=!?ef`2k$Cj8CC|WE>4lK(^&Ri^S?QY#aAYJp*Z_X)?j6Pdo)@%)k(d6I``cY@ z`KxXVWaoyiDVX!@_Ks~wu=ReNc9`?h)v1csX{`X=VY=pse0A_h;OVhYxWS*7y7D=q z@&-MOoA0j&z)$%kP^ghtE8N?Z{$jrCG7aM5Ir?358?UjiB^w`iVoOz^C9DYwt~{cp!#6*bbx zL=v8P8Fv5UuK(&zG36)Xd{|n6TP`+A?$pjR5DYRm*2Odh66uPX0CB zcN_)%=Y6gUiT;4_cHM>hm59wvTc0NkXLNSwPXCB>KG#}p)W=dW4;>x(?dIrN>}jQU zmmQu}l4dmMXZ~jR|64js53_=k`ceKTU&CQ=t9|x4h;Io*;nX|>-O(S|#L5qWv(jd{ z*=*8g?Ron6$KWl4EoSYj@9g;Zk6PHM(0k58q~^=eh2u_{p`U)4eM9jDsX2rS?^ZJz zV!&>yZneoI<&LcBBzu~nBG^3~I! zJc8@pb(R0q=E*&~2;`TkQqw)lvv=O`ug;}`^|8NqEWXd6m(?D4c?uXF#SC}?0a;H! zmv;GO{{}60{GYI2|L?Te{Li_#|37kJ{`dCv|E2%qUtQY*M^NR({}ChvS$N*dzhlIY zAJM&EK$(i0$M&B$l9b&29wHKMjq%}b0NVpXpt^%5YO_`1Yn&VePz9M!=dXs;fBiNT z3)_+e_wTmfgnz`$w0u=kOi5YRGYGkLen|E=$YeNR@$Kv0-W+&@sb(R6^6C67D3lNm ziU|=*@L+#C3G}(zrr(A9bJ;%w@?U1ifybC|)ZhWe9l+V`#=$AGpk z&}B;7D~%6}8Jkn)DH#s4qk|5lt_OBVg`!c;JPhK5Vu&Wa@bUg6e;U$jp?N|;6 zoaulQQ1O#5Pl6BMXIz1w7zde!i6~GKGV(Y6f3EpweEyjm|E!CD_Jn`-!+&DIKe6CH zY%DmiH@P1jc)AlmhyYaJv)dat&)|E{aeSl}KLoo?(-)SQS0(_pDRk(r;`xn34<)>s zYJxTDmPN%bOWs9T|H(g`^);UIN#Fd_`UKL7k3#{nW6lyel0|IS#|szaUu=S~?;*(f zemkBs_fG^hPs>HL=9N=i58UrwG5cDeL#?x2rP7V6u*=@oPHLJTwa*r9o3e~lZ3~|$ z78SZQ-M%@ri)=#tMtWg{-23s9@Ac`Qe4L zs_+wYymK#p@-ZCaEy3i&oV0zL$jOfnB7vyYas&8xVLuA2n-c3e4?yH+;Q5bCX}l{WoMe1h5OD{*!$Yv(3Cuw4`oJft z=ahnT?-bO%o&%a0Ya#ZI^4`xN*1$XbYY}vKt}-u61Rn&ocNWRJV*bxa{WDVkdC~mu zG^dPqUpe^w-^LGx zfryy>PriloU8tXYb;IDNO!n7rU#DL2;nMqw8d|ysN3Q(x;qYW8c@Of(ACQr+src<& z#5{^OD#R0%2YX@$z(MWR+2h{cHrWWC9KmNHe(b=wIt4@NJPG{YjmK}V$FF4+hdVA4HFQ_?@iX)6hal2o<6rDf z)*Saqb^HB}vcJ-R4S61v?4WD-nA}kwH`sKN^ZwW-e`-Xp>VeT|rA1%K!vs~82(91};%bh!XBS3mDW zm}linH-iGE>K0@l!Lgr(l1aiiQ;s5#K|ivkLdrhRRHZB(!jN1u2Y#tGVyu@!XLp5W zS`tg7Jd*BSkc|UHX9vL@qp>U<$#W}G3t!sLiScaZ`{og?s=k_yrpYh7SDNg*`Sv^$B`rm6-bN@AG9n|ef!T|lkF)W z>$_zmFJR-w!R;M-DT20%YHIkk7}tYmUgfm%|$qQ?;^Nx+HkY@qa5Y^Xuz6mt_s*Ntp|CBxh2tC)@}eO z#*qRF=3r4YBGeTd1PYJ{A;rBomT$gvIY{NvC7Da9hGQ1U!-^Vn}jOmQSHp-}G zjj$w?3*&vC8TsDu4RR>oyJGOV2<1^hj=2?+4Olw838#eeHlNdhE);=D2q zPk|+s0$EQ(xS@_3pEB^z_@+RV4sw=p&r zKjOLlhuDV#m3{Z8HiN zcEwE&qoq{Ng}*+5 z)N`CFvUZ*IalW=C@B4|9yi%~U;`jF8z8n6onS6adJDmOGh>kBPio$VAL%OI&-xNLP ze%aj-lY0^4`f<)DT;o7t7iyzPsRpgn)ok~ZGbaCPnZ`p-QEEW`9Nk+Dl+l8_6*=_* zaXG$CSeOV){`LAw!AIj`gHN8X%2XMQZx5Rc=NAIPFXjhKV~@@}(eJpL>*6-^G;uIq zsD?L=(CgG zV29StzEWnor?tO<%`4s;?xpvuLq*23;;x0qglF{u@#Or(-hx{?@QZl?SgUrj-dMnH z*P#$l9Do@X*>4yLXq|T5{#v_g+O4cj8-Ak8sx0!kVL$pL=ra8V{Z$gAQ^BpkzHc?I zIMUQP_%ZVPw6whc`c<2#Q?edvHj*!Z^{8vR`bBe6F^MO zhb)m`b5oYrQWDmIs(9x@eAt>p7Yk%0dj<5RoTa@rEXp#{+S65#?(@8Gf28?Jq36ZC zNwB|qt|ps5*WY#XrCz^fYP&}g)6@D%`>Kp*nRa=`NYsYwhN)lg1?@hDZd{I4G%ch5 ze7ULPmr;W{l_7LyAH(N~zeyDw@gx$b^vvV_0PWAFD+nq3;r2y=WUy6EZU<9LB&_?( z4j>C1`UfF}PEYLFOQEa#a`Y?j(+Mu=6>>4kTh$B$oG>WUC#+^d z3$!1*8FGc!Qj`QEwsBj{wK0~oB?>}}V>JnvjA4{O`cR@V+6J`vJTfAK2!Vq#+tOf* z;y?+Lr>N|}Tx~Bk?Er?TisBw~TBkX7z}Yx0Z)(cQJ! zHeA?TUQ%WC4dcohf5KQ4*u8l0Uf*m_L~bahiS~SIR5vacDw#Js!u)n~Q|b=L(+$%e zE>+bh`$T!GzJ6|3o<06ds%$ut=miSky+#DpFX*rrZJ4jJlDZH9bgy8>3oUC#Fb#~tvZAh(-32ww(}kjS>{CbD!7$gV-*{?sQoCaEoFX@m(Bqdd^cpv zGLF#ot4u~!uu7*V2kpt{U5l4w1ExO(9CcNrYx)FZ;)O{D0}+Fg5d$t}oWKFpM%x*U z5@GhS`g}hVT)O&dPGj6Hbvw${vF+!xeN>J8Abqa()LS0N1laW`vL3TPV|{(P-f&;N zWkl%ZZlcuo>WEFpv{7(|`P)19PPWZDY;+dSK5ROt^Ay8s9VI5vRS3B!x*A%l?fQmW z-F%+YHOU}Fj}VnzX4QSF6e@r`=3Zj%I#Z7nN=kIAbj(yrzg{``ZB#2#m+ZsHsJ?J4 zJwwp0f36Qyn%13Z)F^hk-Hui9bUs}tm1tGvP)?}K=$|gL87OACrd*sU8K%7dAJ?|! ze)2_X=4_Sv0Dphw-vl6E4wBo_t->(@3Yd35t#Y_=^$l~uSImHP z0!7=UU(O&%D%X8_VK8xZN}g;k%nDyTnb=x?v=;}Ke6L|n$OU;6wFDlj*bScqWs621 z^o(3h6)$JVPn~Gn(BsK?{ z5tA^rw6Neo*;1E+<@VxgP}uW+_5Fdafi|7A>LbqVcb1oF5w7DnOAm>Pt+Pd`(bI8L zSmJTsFpBv*aY2X%-I8a<()0RJ@*JUAtPu0_z(PPqOsGMh_X*aQ3cAq9gh*T`iSTD* z<19}WlnO4v(^Og}KYsJtU{@91{$MTBUZC7c{8oR=Jm zt|1oadqbbDRoV}3(;Ay6VAU4ZP7lx*bg!!utp57 zGVOaxsPg3I*0;qpn_#kZ+d|@>hGq#a)>=<_OKL3f)NS}n?cwcBTPKCnHYmxIp$$5K zN^FLYsDn&)q!^%k=Q!(q`CPZ%Fj!t=L`FGt3mEK2?d2(-RHXVM; zvbMhbZ86^VP?pmU3^kM`$&%1mHc5?ZJ5{Qh6p&o`h+cWe3{xWlYPhA1HyW9@9m-ysd&6%*xmUw&*yBeUyhHyR+w0{kHdkKp$1oty<1SN z$~;H=9_RMb-hU!P*8_+S^;+)G}BKkwBbkPK(OaUyt6i>6p){ zdTyDPg3A_0oz2m7(JtM^ZQHGfW9**@gar`mj7wi(J^M*6!ovU$CiU2xzZ#dT9TUly`If%wamn|d$>+#$F<<>n3nvfb{*i;J^vjWnw~Z6f z=BIKMY2FcyM-w8C_TP~;sSj|L0MF)rHcsD%d#=k`xTU_1Y*&!b1?ps8Z$x~&=xtD| zQE8_k;4&6%(a?ta$ z94Za28B7hepBwNtWPQ)-uee{MWAlYbg9wi>h!U7o{2{>4rhB_p#P}RDx>Gc-BItCR zSz=C&bgq=c;*WPr$AAe%)WMX>VoONM$PQ|2!DzdyS#7A=d3;aNxMK%A2ikH+&|$E>~NFB9`*& zh-1;U$o?fU+$qdw6rq1XGzb6mQ)dG2B&$B%2y|5ll5%&>sa%?Wcf%~HB8K+a^~?1e zE#-N^^*XAVm~2VsR{<$KKDg#5tFnr>P5m!CybhSIbbw`1iu=f%@bn>%hJr<~v)4n*zoSqCD;cUJ)n2QGU~HguUI`2C$e*>{#Z~ zT{x7U&_E>5${ns{a8)VBh@)7q=WZK?POq8ltY_~Y$9Tx!v0j{?a`ZBo=wSpgA`~2m zmi%rJgZ%#OSF+5;DqBm!8p0*Nwa7r*s>e6OcC2h`DhU3kc@( z-iJYj?$!5opgrRyi7ZgtBf#yHm)gG8$(!jFr;{$G4y+cuavK!NRa?zbvx}@1urLI* zQm<51Mb+-&hmn9Lf+GcCzn?|;lHU1&EfkrE0DK0bc`(Tw)V4+mbF^9VUO+Zu>>y3L zKORE2AtrZ4(H6hXBPb{#xE*y1X-{HSP+mvlflHw{qxByNIQf>hTHngdGuVrJwOX%6 zr37C=q`FQI->5+xUEcf7_D5%}>YZH2ly#x+C}*tTTV+O|xlk zi8-u1Eh*eR2@2~O6iEG}awf_6ou4FDN}e6enBYigvL^t$GTzw7Uzq$Hu_8w7AZlTR zLAYPvg=W+zDv1J(w0I~x2H=Y(wqzj5q@zFiLSM!9PI69WQ=-n+k}-EKw@qr-w*uF+ za%W?ue~8pIk0ldY#v40s*)M@_xAo=Hcdrs+0nrBi>CIVACP_K_07>d*v*MXC*3{&Q!Ndq9|K+Z z1+Na>99>e!DD-7`URM#6=>)p|bkgu`+HV#_EJpzBi-6KC zHxIGIP!EVLgPX%Y29rS6KIt4#eWxyvC(FzubU_&V2&`ZVB2S|f&U!AY4^Gx@ zt=)6;7niiuqxh=GW#@|8X27+YlO2bB=AK+*z3bMYi;9eWau{kBm3!U9(;B27_ckpR zd?Dn&hx5x{aeMa5t0QkSPj#b(D`W|M*Z%s{Pe(t<32{=8(wBL63)S?3BWcOb2C7-# zX_h_Ve;X!dv8vgK2kbQ9P7NskF2wS)0&1yW7yM|qUX`!ApDaCTX4wxB{VtNC#&jh+HS6YWaptRB1izii9(u31u#>}9bpr&GuWDP702eOa<~F5Y4ovv1sT z>JTbWr1HrekX?DAY^sS9_(Yn@S}X1_$IDz`H1AU*5!<7HWhyILx8qhg zp;BhmB+gHbrf2GJpif&L+`qt|X9GNCp$z0hH&&Hb|n3w7S4e2c* z5aa`^XZNFUZ_Le@c#e21{reUSRC+qaZARQ6%HrPOTWm8}Su`RU3c;S41p8hw&TlVu ziBmIhixj0ZKu0C!_SlJOxa)$&qdzcr$d6ENB1p>B^Wk+Nh80CVl@ZeSG|wi6WGfR0 z^Twi+V=FR#dNS{Eegp4a+(D5p7pv$Mg*r?zLm->htPp0vkCZL78`WPp8l&5?mh#=; zN|~fbKjJSHcrGSn30_YRKgQA=Ia}_j1UZz8?t+q^L`pOZe~i|6TT$fj^dX};Xx;)M zl-2)cNOPs&31cMRp&at1g8IE5A;7r_SThG1$h&nqVO_^q;b8c9z*E7Tr?U?P-+?7{ zh10kQN~iM2g_>;b)-|yGKTM}~Ht=`pUoIsy9r}2CXS7WGVSs6!Wm<_~drg_%0J?R9 zR-us}G!ubI&5v^?J3dh#ex}r1v886~NK=3NMP3UUV=^Boy4*1a*4@lt?fch?2^Hs29 zOw9Z5vu}14Q6=*>x#dXXUIMogr}!cftIAA8X52PTqH#NF(MktAGFoJheQ@L$NId_d4t$rDnpK{$1Qx&+y@zic$iTp4&g zneV>-SX=b-<=I^X3^o?AtFP6Z9+f{cgn^yux5~9CZbiyxjOuF2S{_8gGi|KOHCptw zoPyp|CXDHsRDt4k@5@t5#k!^S$k*aSZh1J%u7rsWSG@%h9f1dZzK!z|+&X@N`xL*Y z?ikNMyQ9pU*70EoANRzNKV{q)KIs*^W`>PM6_*`%5g8yq*P~u=p?_ZlW6eI!E$Tw= zhhbyD*S*itodIL85a1$B$@-PUHyQmkNl9U{$c1Iz$P%XqWK!p%VZy<;kAsFz^BmJ) zP@%M~f;M(*+J%p;Z}u|T zez`Rl)qEpa;}x4hv`X7d(OS51K_%hspPtdrzd*a%Dr-(sl1=7Dqzv3K_ru2400rQ*mEpn zj#xeW6}X-IvDJVN`=@wsiOry?Tpftby?KoJ$wzldf*Z%}pI$h3Cr~?YAnSp*!AoZ7 zQW8E0CKU9eypehRD4?V*NH?C=*(K?HyJR@>Az;mQx0(_lh|hfv#aX=4lv33{=pO%7Fi_`6l<2OwB3j^>+87N@AqN z#X_`IciiLalFe66p=_He%LS#D#Y}=MBk$NXAh*PXs^r(#s;^;Mf`ew5wGY3o&$~GL zRM<%)dj+S1o96usNZD7x_X?Pw_?uAwlh3bS%8TO$wu?vchPtHyw>VnX;%RFEqUT&U z^iyo9Ft?@)9m`y!4NYFj0ed-Z=4sJVss?x%DZVA=wdd*3OX+Y2S<%bDSHNVa9MN3A8_Gc`wG4btG%J+zuMybR11lQpy?AdD!H3Q`wZ1fbAU7 zZ8UuJPLPv5EGw6(QzB(4B^D4<49p3yb;}&Eel@I+%E4FcE#&C9-&>z{Ll+;+pBdF# z+>g+sb3<&+8eOH|UDa8>Trd0@A`2w;K`IEo)EdtL##YKtfqMngotwKm z$AUca9t46)Fb1jkX<0JFTLyH!7s_DfaDQwezU1y#?czO}Dmd zo(}+2cp^Q`hFPs)TDMDKnYB7=B_;n5TKjzZo81Bos~M{z(1aOD1XXx;nqh*8keXZ$ z#*dg;rUC7RTgy3SyYNzkBSc8cvIgejnrEl4wY}WpAAAB=9`$o1!O?dfpQ5e|Ji(>) z+Oo}IGbSj>ZpJ{ABI^AjkT)NCf_nAiE3g-USMk@QdiYkAtV&056JN~$lg%&3hC==S zDR~V0s5?;CAgy8H;!BNLl?5j}#hP9PJLdYQ#AP$yMzh>GEnn@(D$y2^f3l*b!9%z( zBhl0B3(ILoGHVSl&bs%)acr3qKD1XQ79t()$&8hRs=4MUrsYAzlG(?cOaC6O{QrW4 z=ZF0+yaW92_PbmR*wiQ={apz6A0&d$EO2A%{p=l#6~{%_Du#b>F^8>^@~>|{{YSTz z%&*MgxxRGoAfxD)USNdWB;R1=e`AGn(h~| zy^jv})o-@+-tbE+uC+c`=<_TaduN2}kc{>Zkw@E~wsE^~@;sWkFjA`Zn~7bShN%mY zTHqyX!y5pF#CHHt8EeVe#=9QC{a4nQLVo9`9ptr`~BR&r}Rn&-5tqnOBL(N`$ULG<{U*l3;U$a(= zyqBt|xFY%Tuxkx*;F2#iwPQn=#x%KZnS(omgRm3yKE!Sng_SS(Ww(TX-Z%^6lau0o za5kSyq)`?kJ!TEROnipJ%6Yc{BK^#vb>h{RN;FyCFb64*5Pz4U`sms;ex>gv`rOA? zTKlD7>kmEJT3b-GguV{jTaipk=n#oip>?0sSJ=%e2sA;5-&|tu&08}F_SMhqG-b?I zrta=~_2t2~=5POGtYFS!^+xm~MA#u;RcbeZV)Oavk7h^yiFeUmoE<9jYZNlBieJ@|4QSf5< z^XWuvP6mts3FL6Ku-au)a_3SI;RsN5$Kohnq#IUD^{qJrYVf~)55uc-mgOK#YUhpk z9{=TJv@^a)Eo<}BGs8IBGjVP6nqkClwl%3xn?RYh`D&lezm*0X0|y*!8Q0rvXb`>| zm_&RH|4y;P)0Xeif zVUYm&MQIKHgzT7n>r8GT3(C%@PNlKb%2+W^rpK;d@J~Q@>Wm-DUDGSSOAF{KL3I%a zj0LiUm;VvUKq8Fk2>QvbNWP3CPklGZfcO*sTn29rl7ZjB{$9|zb91X=d6->$54v40 z81WGPameAu=|#-c(|BLMbS}d}YWnd#j4wyugTwUjc`f0pXeN7*$IK?)x zQiyQYs?FAjHj8~3E zGmY~0Vt8kF^I&;31@1ErbW#8(L}K4@7%4Hw5xIdmf|G>#Il*4&Og;Z7lvs&(1lx1c zvD84CT%RO#o5W|WxRHmW6D<5a9tHbU^J2pAhG& zR3;T?rdM`U?=i(zAPGO#Va!#^YZMQzBk$gZXuMCm5BcXgIXOfTjL-Nyh4p!*D&67) zVS*@(w`JAZAAnSumwJG}R6K%(O~WASwG8VK^lxK*MI|0zVCpRUNXOH>E9RF9to`@Z zQz@-$ z*MEJq=HSR*zUyCTo!C;Bp8^I951I5xH?;@v zxZ79^->;N#n~oqjgGvKrWem*tflM0vv2C|=HcNM`_&&QuKlaX7k^RUP*&NWGg}t)^ zC9+XTWkw{9Am?^;9X@oXaz@J!P)o!cmcNS%xw)L$9@-u8b}EwHJ+axoQ5$ZxFt^sF z@hr?rZSX>|QT1o#KzY!`lBp08ne~?DFW+l)uK!b%$)*A9?NVi}#|)4UBgpN!Lz}8j z%~QWxfwn-xUWl2b_CcKTNhuOuY4Dnpe`-GzpC7P@$$k#pug)0rfs=>Qj^x+vKO9q? z%3!}|$ME5tN#6~}zuA@sxfi@@S^Iqv>V^dqKXk=8V%GXD&emT+Pbfe*2sFE=;{sf{J2 z*>>u;vYLDkm&(82dn2dgC}r#(JM=y(|FpHnw?>7iF;`W^5%1u%JgMZ5>ux6$-L%%T z!&86k4DUHlrd#`8(w#!DZ*Zc zUSeM42fCHGgv0A9U?N3SvcQoByJWDNok6EJ7tV>yG|f~dGT7BDiajx`ao(J&Dg+&a zx6XAa7?ctmr~>0Ta&QVbleJo@_04`03)*tx2XkICdBU($X=rVZ%p1tIzfTMJK+lqb zJp~BLi=oC74Yl>woHL=;W{>k@h{TZnrR+1B4&RhNN?K7=*Iw1x`4v0SeQ?;L&mr^7 zZ87C2%7Td(N&Mc6_t%uIf6d=9L>oCiV6RUMfvNDHMswrtK>oFyzrvHf?g|qqha;gfnFmC zldydrmz;E_gT8js5c3ZNB7Wd&!GRfg5Mv-D7mhHP?fG)I@7S9VKfysJK;|vYYPAzz zU*MktwnoXRpOIqt-}6?t*WB8t4T+oK#x?*lnQ!}~qe7xO{E7Rk;~wXD`Ej>aqua%t zBPDParkOel`ATe)&V5CJE$nxeQUvLNXzW417HmWBVJF>r9%5fIN9#uD=bO&@B3~-b zTE+KY)#+Q_>)OxiwdEwNd>6tFo9HX`LnXx;+0mCLX_i^7*`i$KVsp0xTrZ84UQFt! zzJzMUy~fm9u|`A^c{bE31%)W(>PkRUj|daX?U>DYn3M!*lXfIwf{Zx+;*REz>nqWZ zvLDXnHD)00cxzAav8-`%z8IjI#Lki92hX-$R207fXV?9#-F~1d9LW*REC(2MdAyG= zs@>n;x^(_a0pD9m<;}ZkTFwhJ*L`4H(~#=)Q?&{dCq^V!R78EV7g>v z0z+V`!W)JfzCc{l=U`O026PiyYA>2W+g0xUofVi&cOJiPO+}x%S8nyN#x@PpYGR)H z#%qdn>fG%}{ox8nL+Vw{*-BEo*n&xkNL;yye2M)M45(a;yo*%)VRN<*J|>b9(V<-8 zJ&ZJ3iM5=$EH97=Aq(?iPh=rnBW+0mYJ42LjIcQB9-^2-yK>8QGVD{MircFtth(F^gV^6;e76ktuAJ;pGH<;2_Eoz3 zO?x?ql!ylj{y~>x!S}|=xlRNaEwdw>0hXdg{wTX_Noy1a3_rS!=?w>Qua7hysVcm> z&V7LMz}59tD!yd;tT{VV?Q(ygOE&%WJV8YO3niM?wuWIV#e*=_<>$EF>R!{GWBd>> zevk;A{Ib;!8@jnc8Z^L9ApBm4CzhXukA{w`tTC`l8lTok852 ze(&Qzhnn8Qs05>15<KdjgfmYdyCPV1yH)5*MmcnN9Gw7##(strm zm@QlQI{JFAKq7dzjBsk>yHE>xOJV2a`=Us`lqN?znceu4V7g4Om(OQ_S3_SanWBZjUDQWi|&E{=+081 zgUKmUN_N>uhN^L+qg)29_p}+rw@$`8TPj#;S2=jUR?52yrxkjSo5sHLX)YLX(ckwg zxouc;i1><;5ZLkGx^VqJrJw%~I4=B;{ptVAbLV4o8u{iwtP67H6h6F%J#Hk!w=2dr zzXq3;-pGUbv9$awW^%Q~|dKH}tug7kF zn#}chcx}bbt0gq|>A80cH`*R}R<8c`p8EGnQI8$(smFXnR(#;QHJ)nz4>{6TMVLUF z4X5~dGl=8M{QIy*=$F9H9>^E4aL69MNFz4SpkP7LwjmRaL9W<%)%bM>{;4A@DcZZ< zhIs&Am*L+yj(l|!`$LiRHZ(_IZavqG{Rn@-<5jS7Nq8oRs3y3G5&Vv6`b7DmM|wVo zZ{%Qb&BEJY| zli!8b=DrIZ^CE%^7SCY#i%j`?0wegBMXlvm%yuxWy*j%~s{Elv5?H}5)7-Y(x8MRD zL)^9@^6%VsA#D@iPQhO_X$N8ZLyE-Df)N5{&^Ml@fB^saA^agi-|7)>VLcT505639 zPcLfX^QJ2wMtEMR!ymKff4!&w^`8EJGM|pL1QlW7qV^r7e|dX>3zJx;JpQj2-*2k_ z3D)vTS%p!pf3v#^KVR;M-}D5kc&m_mC0-j&g|p8P?1!-e&%quPoh-!v4Uz)w8OQ^D zr|@VfiTygXd z6x18BS8qu0R9RJjA9mg;S(zyY;JzKc2SZynxL&PFQmwi}T<*cy3Y&T}x6I!(c$XM8 zIP|b~-qY2&qaJJ!*jb1#PoTXY4i5Bt%Bjp?34H z{Bd#<+!s6?!;9HXfr*CappSn+UtmMLN0?w#`c3hiduX4X^MX0Dd?djbAKU|2ltzap z1hR^ehld~G;xA62jb+|s-P`t@4~klPLkxTmTv;9uuA288*t*2L?Wj(__DW1u7)AB_ zDB|7_iav>)=fvQt$qFxNoL1%E)*Rvjtx7!>n<_Vhol5P4y-PhFMopG;I8nOHfCA;$ zI&`kSn3dx_`qk?mZaspjgZJ6daVi%sqMwS(Q%g-}djD#cdDeF_S)*&nEo9oKFd%x6 zQ097Y@!yTw|Jb?rZ>GTiYk%xN&RMQN4t8hCKZ9Yj2`Juop^_ioObL9mm%{HBFW{ea zVb-T=;M(ZSyS*P{7|YxFi1`@71o-24{Vp^MHx%!B5X+K4h7ck5(w=|G3w{A564__u z96+`7xKSj{TV*2r1ZCFn2dn9Zhf&6(S5$q&e=2K2^k2KZ^7zd(kF$;|&%8c%YOn8q zG3@%kL)x#A*Wm*wn(|5NU-E?iw4VN@^yz>0oBW^pdB|c)XB9v119Sql`v}F@C2lET zfy>KPANS6s3+*bUk#c1ZF!Kt&+JCX0yn``D!+I+9=-qtNaegQl&OQ4sRIdQn_HFQy z@AUw#p58kP5j+Gl%c=w&{#mH}31Nub+L?9)GPOvo!AaS|?&8+CGSkxrjR!WCB_CMz zK#>5g|6g1AUf^8z%3Q1o^*!UCtF4qgr5hc#w>=#v?^sAfD{!oHBb}U5M9#v56%&PX zk|{!bT^~-CIcuColwG*}fJXqVqHm_RuCs%-CW7G8A626xL1C@X%lG+c?Zya-X)CKhH3P>qW00t23wN>EHcB`EuY z<20T0;Fl3~A4oL4Ho%}NXTQlgLz) zP>r}N=o1q1T*WS!5|UY0V;6G|_EV?aiJI4oeXp&=+AK~3mS#)Eo?)a-zR(wQlDmd= zBWw(O9z>(|`g@6I4fe#8216ONW%qh};fHDniCuU_g&|*Ke*+OrGMx8AZw*~;Lv9gw zZs28r4^$L_@Un=Ujdlkf@Gt<8iGB5+5}L|C+_z^6Z_h5Z3q_=0L=4n`Ild;Wrm2E4 zA^u6S?1?hY7kUrs_2)AeEl7JF`Ubr%F&+3EU7*n|u%#39X_-(V+dEJzK#jIYrp<#^ z!Wul>h)Nh?U-aA|?)4?9$6!?dHNLt_L!hEVRbrm79M>;qL;{88*cnkB2A$b>B5CQc zFQoqq%_-rEmX%yO{tBo@)0P@<{|I3pw{4J0PQNoF-%Pm;?hYZEeI|PjlqOc(n0mbvo$h;1q zlY#mPuQk=D6C}`?hX?rxwtyYDaK@5 zP$W1}?%#!~i)Zj>Y;~)$(?`JAE;2P!*4Yv6#k2rWpDJja46PYfJL*=r2eh~JemFLY zGgq)HRdkL~HVV&WH@Q7*Sz$=m0?Xr+LzD>ALMz8Lu@_1F3zxzEKpoHehTVi~?S1K! zd`Hf*#QSCWc5Lz}h~Ob11~AO_heM}P00EipEjtO<+V^U0T0n_rHr)DOFS7s<)Y5pb zwg*;opG!4fGtBI>@mjB?Yv81X=#%bRF4&Z67Dfn{Xn)Y<89Ku6E|Jz%(M9O_2p%?9-VmF9%%)ooUoke73>|#PnG0)#$EFRinqka(4#NwT43i5_Eaz zl3>Zg1el`|lZc33pB=priW~tc=%@UQ2_?c4UA7O!*MR=&Lqb)zK{!?H6|CKhVJ-g* z`EfhQ)i|k3p_ml!Bl(=j!7R@~tfaxy(-9voP8(p72A5s)&%P9l(>=N@RL0SMW5HMd z>bgbKhQ0c?@HxVluQn@;`QI7V#h)#k9gb199Ara&$14-F52MfAg)Mu}rj=gsKBmoB z&Gq}!S06vj;+xfaqS-`Y9cVE?BY~OLEgr_nj`l<-Qx#+#6RQRwFJseH%J#y7cTOVO_Tx3`)p+&;A?k8a${CFsDXVWwaTixh|nW{^?>1$X>$*wEgb&Ey}> zU^BOh)kuc7)wts0%q;uCWu!ou@KT^Yg-6266uzX2!~7fdq<#O$)?V|cxUGnYKOyHXi6%Y259FWx@|4O2`r3OODQyHg2F6(%HHP2 z5KhINur?h6x>I2IUmhZstaK|@lV~)9;g|zJd&sy{7-#n|yjB zbPBbV1@Hwks^&m_&gL?zpZx0a4$qtf%lJTSl0X~E;364~5^$7rAV6dgELtb~j#Le* z=+pZ4gTl$n%r9RA@}N~Gi;@<~vDaSy4cwnt<>ldp>va2OW9qLJDd}@8`+l}4=G(7p z7Gf_e?^IgubwpKQQ%#PMwljC1T&_;4{j9~zj%sh7Hw3ZG~g`wC$6u&Ldbwn=3UjPLmw5GhW!xM;huh2gkLJd z{}n$r8uuhH7Bp06-GV6yuZMZGX|yf7F}+U-UaSH27+x@F&zF9Bem7CeLUp507$R5W zV>^L=GQg=zkQA4k5l=Z>XQB1pLO98Dw%4AWBe{sPXTRnjvn3+l$@QpGYT>TeoURux z;^P_=k{N^g{FD2`%2T*R8akR`5|@Z|&9f)HFhS6>_1L{Vz0IO>V#AVIl>_r}7rw~Z zu1gNr`s&WhDha36hi&ZRb?@MenFiZT`DvC|V2UZh2Yo#kw+fXRkK@()13v3Ke5ZA6 z_?^F7h16jX* zIQps)$K8Pb}t$<&2*EF7)dpI`DRa#4Phf^cdhK7N>5# z$J&g&xR%is9dO^xG+IvVt+Z~}=CH}o>eqMH2(enNk(j#EVnZF+>=C^ZiDPnis2o4} z!7B={1=RZDOLb*Nc*DZC?#6Oj-M12=vV-Z4LqRLA(BHDKKB@P(nd95&{eiBiiUOZ) zuZYm3iV~OpDwo(oph_U}2Kd3fNl(rpSx5?IZoszU8;C4piU=lXWBjhM8D#*GJr4YI zCL}UVkw`86un(8SAWKFX9th`~at`($gPnnuaYm@r(TX?jd<>c1b1&~k{AGpl9VN-) zIU1)aH#ln0a}ekCK#KIFbz~|fCVf6!xl?brDK^)`S%Z@ocb`LS(UmVTN+1oldYuf; z7(V4cESX+Dk^UDj|3*36Fbb-+(8derjGl6>RL(!idFL=_)8|+eAYbiMZdWEJlee1S zt!YA~$^CJ8bbHa;Q)_PHa;0742&T=NFNd^&0(Z;_Q{+QvnH?3u^i32qavs*dt!Mf@E6H^sI{_ ziP}{fCp-0}RO}+)Jtz%Io2nW|D^i09=xhCO?S*TPQ=Y+L6K6*h90p{hVX#XlgTl^ zdll))VgdVLxf@esB&Nh7A$dr*-Q;F_ScJ8u@gVx7u+#=TFJHhXgb;3-*Hp|)1W=g* zMI45OpxVDG9#lk89|8LxH1KafgC6W$8Rljoe}ycS1wTRKpxOXYvNxdtYW)rPkis|o z8)r8~Td>L^60gT06ma<$^TItXm)Z|Z;WAalr^ofZtkZMx#?N&UE}9NL4ov$lbP3YT zl-XyilX6&7CNY~>GBc_#0+q;KvEG+E!*i;#72d5Zgxt`vpoxX_XmrlO`)}v-@0or{ zSGFwTZaCHEue{Pma=q44LRY6jlbaD8O2OBMgjasl~M{c$^5Qcm5sUP-`a|B9oGVIg-B`qik$Z@1h zZ1!m_;r6-$YB`^f``6$9jq4m(mc-i!%Y6H4R%aF_Yc@KYn^e zWHvcu`Xw@i+*e|qv#!DolzMs<`4WSrYqIa* zxPD_E3r0@E1kC03FSHM@F>FdY;TK4biajh)Sw|xJG;upD5*_y7mPcbMa4{SVjhv1Z zM{RB5UD+5ZcU&mFOb=*hFlv_G&+&S4Qt<8^6Mx7efM?a9Vm9&(!N;xK)F|gWg;eVIT-k7*o;V8By3?n<8?GC_9WH_X5-gDAD1MRR{GWTEP(Oe?P^JuZf(~E$VIz5B2xdWv29J{a z4w^9Ht=bASR5iT!J^|I1<54rcD9*7+Zq|*-sewM#*|8(;hHKt_UGh^V1mYY<^e=QYINGAvnX)Gv)Zj`$Uu(9^CyO~*pTnrO z6}`_ryvGx2W$V9Ltn{FSb#L@bVjyHlE&h5~^Ym?_k@i()*Ny7VI}a?pWeBSX)(T zD84@%k!+!vGnikddE3Djvmff?QuCM008Ap^oLj)xuOm{C^&1x>GEj+HvBB5eQ{vNp zoFz^0IRNU5)1aE@3c5SxXa84d?ZDKr?M1Pw&9Igd0=C2!#pD1AkCEz3pH{5^QSo~Z z*J-zhK&d^P#|X+?&-ok>fq%Cy1$h+0lI~|+Gj|6W_4GPQwv76H492EqepwbSElOoWroQyY)w42j;J?I7JHji9- zpl+VEW4c;K1{~azE&9t~!2CaoGuH_bnlGy8UZ?Mtr#`51=f*6i=#1%n+F&<*YTo!Q_kUUUPd=7{1MT%RfP+)Z0aK8|f7?w<|tb z(}fn8z%Wyt@ds&_;4K#Cbw;D`p>DyZos^XI-ekI6=AS(4tus48c+_rwuM*Hn@2MgY zj`FX9YRpKbpk)ccKD;`l^jEN|HuM0z#VA^W@wyI8)B%rB!7+ezZ>wz!Lse95<jE8hqRv<~?k29s^s|M$o7fdE@a1@OLCMd4R#_LGqS!YtSCdy2 z?tyVl(@{`ZOI%ZzO%v|{!-eS=g+rfIlJxGq+DY|ok{?samu2cwr`UsC1e37YP$@I{ zO?w&66Shg@-n%JEh}1@`LdkU9x{tcX<#hNNIkjWiNKx-c7&AD#eBCs`%S^b04WbIQ{ylbArZWp;vhOd%V1_+)lmeR{Z6ovmZIy?MhvX=KGyhiU^$ zc93;5w7CD+R+``#UMvkxE)*OE?KekZUGFW}d;yhR)VcYAg`97sW5i%&Cy*3 ztU?XM1mJq-j&rns$x{-x>D4U^aHrzFnMM%N!ziZ1K!6h{ujP&U=?SZ;3mu@ZU!G0# z(@QtuOVy@UR<&2!9xUd56lvQYk#Njpqo4Uj>$#Q424-+^oiu~%ixF@j-@ONeJ#No^ z*RmS#rksau0jkKhS|z}rjN2e!&RNX`m)Z777FzF?4ng@WQKUj}%Tmrhybo})6PV%z zCjYaAYWVcb`Zthxmw#3|{+m^G)w+?f%L?cIm-Ewq{T>%C>@?G6yM=Ll`fiXdD^YJ2 z&G6A}+wjqmUzabDad#?rL=>=^;MfzcOR2IIQc}^RD2l;qj)ie32@S(0+{hWRi;8XK zd8)m&w|xzDy6RNIw2hVSG+N5p>6C=Bbe*Ge18pkRXKB7o?SbcJsD4p#pgcN2F}7L$ z=4bU${h5tF-ofJQABR9T%(k-b(<6*vI&%6y%oh*9urgoj3(pz44I+7=P$Agr3Fp7! z-U)P{0-u*N@RFb~wd~NOg(}X~;UzI>`HqKkUq!?FvLk)7$J)DZ6P@m#7QIw7IqUZK z{p0L@j;fj-XVWmuMI_fk<$0H}K|c$L)>odTNCx2j?=q<+Gd7d4ItI9yeTJX$PbFPS zKxhBU&W;s!s@cKGDZ)otBSYD8DrxofUM!>cOo6ZZ_W0h1SFcMbvp3iF<VCYe%y^3BZQUtih;SKep4QnBCPI z+2A%@u|W~RU#VGy%8=3?5b5_Bv_I#=p~idKvkSKNVj*U+#uf_C)?Zx5hkcZgVrQ=2 zuP6(|{7#hSYmaKgFzm(i09fa%Cdq2~W|E0sX9d{{7t!>w3mJQgrs2e2|_q+B| zi7TTqVVdlSU%2SM9TNgyV4N zda`1HoU;p!Q1q1BPA{~#|$(lauZaZav!`?k5m#a5*9ZEt2 z5+e5MHs-z@X)4slsQj7|o!U>>j{QOjvxiPC)5xz{9i|^J$v=G;3L&QUNdob-cLFWE zH&hJ}*@mQ43t7Ar6!vYgNV-fN{E&%uh9CXs*CCVc!;!aYLI{VTE5h{1R5N>0SOof9 zHDonqeamyWL?`Z@Z}YNqqeq!*viqC_u-Te9(QD+s+sSZCPJR(3{ngovCS41Aj6UJ$ zi>YGMhN5J^f(u3%WD3K@$u&GoRoleIxe1rB+O-ZTe-|>Kz3q;vLJxIZp}CoGTf@An z(#qsCsWq`G*2y%#kLZ)eIyk&-zfbd_a?=J|1`=@2xzmFf91Ud4CIQ2+Ca0K9{uz4B zwx?k;Fl`tbBDsSAi`#%0j__bT%zNyFcLGt|4jl>PzJk_mYu}(4OOn%Q*lbag4co++ zvToT+2TelD9sp406Smzo-CO%E`ozg&0wY~X^rkE;? znNu?ZtJ2X5dV_G8&wtz(O=`STUf@)1cL8j6e=L#hZf`(!Dhrnz_-dSLQX=7QQ-5K2 z?||1?MJTf>HIxPFP{*EWdAp}HmQD@p!D086_ooCC*^U}|8M#Cf5^%xHf8YetD}gdN zp^=w9VIdV#rUo%sWE*Glzp$73@Uyi>QA3B2tdgAMJk#HzJAGZhKOf z^nc7Z#EuPK71*D%V~!iTkpi9yDQZDYDtuI>7*Qv&9^*jnFPm#GixS9|lDx5*{ zZP{Gb;cQl+I3aem&vi}nfAWV)xamM_$k4+Wv-az~pD8lKkuvH()#X=hz=AyC{Rbl#2 zN8i=nss8B~L0vCLTIPX>%VHlfjoFn2Xc<%16aV($nSQR`LU#(%tXiGj;=T&w zz1n%mq=N-lqZ4izo4e&&lYm0mb9ASV>koAuhjr)U4+nNdC=L0L@)T2!$&i?{W4Z+w zEYwbq>U0y#wJTFAGe?4aqOLoSQ;30-tZ&3Eae(qWRO|zM;C!J5Ql{g!*aIRkt zcEPeZf%EhPW}6er*B5Sd{1<~aoX988%_{&2W7XYdvK@-fPPt-E*ngr6F2F`vK6%`x&ps|GntKYb0tG#W>K}I$ zd}`Pmvvn5gvyFv5AwJFWUUtp}bHlo^8?f_gl}DDDAs4$hXJD4GQuuhUB#C~h-V&MT z7hT}8hCXf6*8IvVKn}5$`#kQyXd?GOm*GQR1s={E{I%TzVmLB!xz#v{5`=-&K5W(k zI~>d=oXE}%=ma0|zzM!zJbQy83mxMilF>&V;n6@tlhMGN{}~k#oY-%H3oxxG936p%_vIv;*5p2V zcQpuD6$xGcdgExlDW_)W@0u#Bk~7LvqGA%~1`2bPwaukG({PlG9|@q2D`mo``rj&> z(&ooRkuF6Q!g6VFS9SYa3*9g1Wwk@cPtq$^j{-lJbl^YBk$S9JyV--BMFzt$M|vVL#3MxxXN}%e4$A3Bw!ZBW9+Z)WizR5kwxIEyLK3eAfalPZ@!&VWeH4^7M<}j|6 zW+zooldkdgXBJY#uDPonn#P-_o*Oaha2(Ed5>%~hf! zbA@kSS+ELa52(p7BT^AU z%tvaOeP*w(c=O#RK3z0sy`MH5HNFV^1#hiw_UQz*>3rC-#K5N&454CWXAfJT@+VCtgN5Nfb@f zugrI*!9IgnGJDZVA3ea7)Q}E#9qIiS2Z`vi7q{y)v_p+b;a+;+*hE)RK_I1otjuf=YvSh8UnQLz1j`9KR^7INLO#9x4t zV4v|5onTe6U=JS&jYTZO5JWlw<+0wU0gPv``ewomMg!fS0O)feNtPpI*rb5RtQM= zV^u~!-A(QORiJy-1)R@Qe0*f8>Y1{WuBn}C0sDxfROXmo_VMv3^cmaxrk}RQ4vm1_ zNXfa{U)$ba)%kpV^NZ$ai~Wai^r`^%!sM-iG18 z7aVeO9;W%r*0~)+z9>+Y#lKYv$uVyVXBk9h2~I=Ezr7xJvU7eGy!>|ZX((6p4T6(9 zmx)Fhk!z|_4898qFXLRD!F}{4T@oEBR=>>-Q}N=FlG~$ecg&@j-Z}x^irnp*Y>S0t z<^6ueSEFMA-1^}`Ht@C2(owtW4(I0QCw|-O3Vj;M7Rn?k|Cq+2t6#e+^egWB;(x8W z)8~JOjr=JT>P#H19<(V9*&wx|xu^5gPz+)qXX9G$ukckpil=(Gf3^KOe}9a1nm^V3 zpre<*jd$dvuVnOZah?biUjVZhh35tb@e%npJEkr2wyEkX&QZhbe{#^W358Mlyqp~~ z&L%>F23zxTu50|koA#F@J^$Ei=V`B3o$oq+YQ<#jzQc%`oenu7!K2Jlc`0t?^9)UT zTXE5Ex1dZtDqQ<`wxg>S`Ou4+sK3fd%mn@N@X} z3Gt($MxcUSRti}2Y5|EXkiz-GMBKrO3iR>6L(#0;YOLi9f*xMz88}MGLJL^~kVHgP9hXS2DTJvqY=HQ`|b_-QSPN9xeYX3s@?>TfEPIM^*T*aj*a7fBuLfof6poAiD}C<=_F|z2VB2j;}gKwkI$vg$P-{ z(a*_$wK`^}vxu+Aeh8CeIh#blz-UAAt&fE38c@qa-Ag)n0F z3dTGgVH-C&9vS+*H+r}5yU@W%zA=JtK;h+-!bzJOTUY?bdZ-8C#8h(oZqAOq;PCP% z#AePW5h7m_{v`Utj$zNXF$49=l4lFeSMmKP`!w-N6a1LRgqPlCkTZzl@W}NWOS*Z( z41p1(=EJ^-VwbgrmxIze@325laGwaUO13CvKb&YIADVZ6;{lb?+(~Y;4=&a9I1E+M zKI_QRrr8mCBj|rUSMzsCh?iR}2-8L&OJEO<%d>fEqIYR8^F$AC_%~N7{!x{5w-LLr zmQg7dtDlZ5OQ2y`uW-cTLBo&qV0=DCkyZFev#ck+(9-wxa7Wp|KG zsLy0L)Z^P$JS9CU#kAqVBwn43c0tPAqxk~z*~sUui&JUaVf(^5rED6ot~;pI){+}> zi41!&uq%wY?pEVgFg>*0eRY{-|Ehu)0ENP%+lM`XHz^vw3}HYecy`F~6*wx6OpIjj zWzM`no&P&<;~5K~g8vm<&cr)&wn7>hzUm2QZ$9;6Xj;7JQ}lEm9DSVc`%>--l3nJXP(+}fnv(= zed6<;8yX<0kXD@*r+;CBYr4)p<$KEao$r~3lO}?rFL13&u2N}qPBacyWRdi|TqUl# zZCaT<^C(zo9%@nc_ag7RTXuwXYGoS0{m#A(+i0XHo<_oERC%8?cT}wHA;+KygB|RG z_u$eQONOe+td{C9j|!H;$IF7n*caOw{>9smLtMy*dp#e!hr}B#WR*^pf2oJ?ptopTdQ-uaEk@cS#9! z9-0Ajovv2At8+PO`V9TeFi>nMNA9Z0KY2#7_uhlv?z9=4>z?9YOQeGa-S8>Tyu_l? z$O$&O*QhDIdH#u)hMxr@G!iwnc8C9^v}9 z?ESU)p5(Ow7^C}jl7M;z?QqBgAJI{?aQHq(OzZUlzR~PE+b6@&rs0(yuiY8%{hFOy z(M*-1RXc@jlwnn#rCGK`u5y5As@j8HU-uiR)a~ALW`%*00VX#KMsCL!1>!Cc{ID{G z0R?qd8Vzdtu;(zYNjey|1XUH*%HhR{H7aB?uU+pqy$X66V)e5RmzgQ6XVZFcOVR^y ziM7(Eilr4~HtrF#aLx63?^ABAIsBge4C@FRTLzT6+CYrI#(~xgZ7=)I@DV`c<{Qw~ za>9@-4aHc^SsZ|nXTio4*nR1{(D}(;OvC#;Rgo!!(|b8;8J}vEmVbH;g?iXtaX4}N z;%l3UVtb~NSz)IB0l)RxL1JihSl0)=>ePCdhGPnh`?RRl!wI8!r&UnD-hp)Rtz@<3 zLY>NamP#;t#Zw`tI=#0=dOOTj!cVWpDax?R`Un+ZN@$%?yi}h1)RkET}`-fLmJbw_AA~3>PdqKgx5C0o=?-|u({zvAe?Y@>fO}K|tv}A_GWKKtzMYL@A-esPqyB8Hn^=r3fjEbSXg)fg}Rb zhCCwi5kmg=nOA46d+uHLo)_oES-fzua4kstmHplOvthXRXm))+<9;x-;uc{4(++uU zhjJXpVU2<@jIWCh|8#(vP&**2bXRC83ssS7={;e6$-Z8ggfO-ite zDiS+hx~w_oLowWV8pk_g&sTAr_-J^e(-~T{krIDLqUPKD5#>km&_W(`gqBFJNZz~i zdHx=p-%Y2S@OgmFUh@@qF5hVqTVwMuzB&W8XE`rwG^)XS7n$AYg{H#sIZlJcXwG#} zF9duYPtgTc!ZUG7xOt>F*oswRJ22Jz9e!~*XAG(O0kA^{#|B!j7o*?%;yNMr*5;gFCOlS;o z-P_gf86Yl@cS~~ zl3sTutBiUoh9)JKIM6v9Lq&@!rw=j9_vL-XvVIPdS0K7%8kk2t=$w#9!NNrq7~H_< zqavgfBb}BhT5M?XLs7Q=B4?@j|Fs+a*b98k%OhwVoV5GN4|L*P4Hto4BR*>=dllXG zQ}`s57kGXj_qM-n7kceJ!Z-~_uknHXAJHqjWL;6-oUan7&D2%k>VXA^(xIg?(b}@; zc(m|?EP|`+0*s=d$!P`c1XbGn{qa?{%0tf#3iU?y zN6g;t-7-uZh(QU&KHl+X+shmerFPNWvM|y^0#1d}^}0jW;sp1Px7BZ!OV5>Sjz#)H zPRzI~Aq!GjSSiLx!$PU+41`tRCG@wObR9mxz&O6pd+c)AJUC?1clv}K2(sa+zchQ^IUrFKoa|bzV(%9^N5nk5oVS)uj}kq# z(zE*%^cg#{KVyJchb--m5_^9;x@fF>(3}Q6)`Fj}b{}RLe&}u zsXshvHm%y&3(#Y8#fE^E>-f38nKe8@BGw>6NUwf44sctO`5tS)Upx z2+xWDUk7*KjKFV8%D{0FAdHpn1v2YuxY}qK29oJX$LsFC`UKW^0D4n&bN1-Q?Up{d zn(TG6h5T)%ygJ$Y+|%)FTwPMdQ-;fPMx*p1S&cj{WB^^GOkuY$k4&?nK9ml*7tFoF z2hF1@7Y*FGrVU9$PH!WfF-cm3jsq)zcXR>fS#f|tyM}x1oCP(ot34_&pexZ6`y=pL zI#X+1hN4HFBL@~F%47Ail?&)25zCHMUs2Eyz%*`Ra7py&H5Za^7Hk(5Xxn?pv4i!0P5$)Rwd!2v!h(|p+Iv2T=^aN@MSq+FoJhc zJdJFD(J-ra(bFe0pVVP#n7?NRFB8;-O~6^V>cM9~&5dO0GqEdETu}MpK(1z6yI6+7ILAaN0h&NunND zbLeD;2Vz-43H^SWr7&prhG%<{2TnsDyN$yWp*UqAC=REyfjdLTDS>;}fqyeR5}~_?DLh`BAoxyd{! z391cW3xB>QZPj>x^#1mc&Tva=bCtZkXxoXP?8a}qUK*Jf<;E;E%Me*=jAFWrp>UeO z%J;z=xD3;|wNweDhosTPhi=e5k>-fF$Kz#@qnx zXRcX1la#!RgMV-c2ULCMqO%l2p)+?z)u&MLMg7UK+IBj}_&GCT5moRR-hW_rc9Um<-^qEVw%!2ev1uu8I7`68*j{CL`giXjQ@kZ9hiWzZAA zgrLC7_|N`;6!!w^1B#vb5A?HA-Ua+ZY1j}~Y2nfQ9!gOV?aa6*%BYET*muwv`#Mq2 zg`;`1Ea(N?4c`xs-RvVD1@I;~zRTh}xQhM$V23S~YuTp16dg=MO+e?!qb`SpjUy-4 zLBm1A+hW}THx6&Ne@KZi1pK{vP^k3%H(E;tqq zWr+Sog6=pl!{^JH0)u1zlsR-zH~Ti$2UG^EF9Qz~kCJLI{w#+959nO>0}&NWlCEnD zKN0fK*Mz;+!m#tvsc$`;v%9h>wVq)y1LUXws(PheP9b~lUDJ<;eu)PhG3O8_`@^sq z_ZOcK$C0RXV{fC^)(Th0rEB}8(nj`#O$KNDEo4sEfOG6O94?Twb5sLvpo02g9^CVD*Z@FjVCfwAhy{g9P9K$WF99$zr(dM! zPL{5F`=+D4cS|Q5}TXkg+%1imrBiM~WZOxMh&u>ojPoUB9wrJ2Vy%y;uB(B4{=Y zK91>t3?RoMqlJg~;}6=!)tL?=5ncA;i2&Hs#?+XdD0j?tvL~IIkSg%o^ZtI?BC4i{ zvEjFI!w4sdACQm6Cml?@E#=!PZM#Qe>CS6%tid!Oh}pkgbBM$b7EE$4GE093=a{Z} z0L=Qm0Hrj;6=&A_2CQN)_|J2G+yLVHLm&m?b^;f$crB$k6 ztxxSii#rTrSp(ZODazNZq;=%SF;O}UVf%p0cMv~h0+lBmU?xw*bi3Df2yEx7iW5fI z`CLn?<$RrE+US<+;7yEoo-uGy74T0s2)gN7mCi(vQUiv<`LfqCi#1oxMGZ4H=}e6e zS}yV|nVld9ey!n3!3+!Qb1XP`-grF)6|nmO#tF~jykzHgka!g2NdW)M*hiNI-|l5h zWb_~7nR|jmmhF=tsY@zHC0H*2xlDc>L~-~D7f(f-CRLt#5D zMV+3ni&wSUb5&jr_V}vCt5+aMYNH05F4e>BniS%BKvLqI+v&u&%q2V#$c^IF0xD=i zgMB^z4+e_<54xrn=UKBR<11$rQ30WX7xBq#7pyL(c(z8 zP&nHGo{Vn_O7C%CdvPG?BoSbDu>N_9cm(iKmPHUsRagJSdUbXky~L?(K!ct$(Qoje zC(@!5&>i@JP>qg_iMm%vEIOV9mlC_(BC7e{pM1ba0)#{@Q|Zq{F+Yeej}mLd=#t&J3b~+;0$zEJh`-Eb?18m?UvpUk@cl{?OJkRtxM>v5@&B z|3-Oe`mO6h<}y!&H`#aY3%unKC0r^LeGGdEh;lee?+;j>|Hw&XXAR-!#Tlrbv^?OQy0GOZay^%My2#zZlHcEk=MGvz3^An6E|JR_*~>tZqa%_Y*%~u{%{UNC#!Dv zdrCzF>gv)~!Q#8_PCsG9!2nD-zB`{Q~B_#i`Feh%M3m4|Eo2 zyQIUsWN>(uUdx}-*7@V$L+!A)gN{~3hT|yU5p?ErLG#dHyT7gBaOa@AynR^pc%=qW z#XJWwp)nkFT{H-BHD-!>>vNM)WOkFw%F(EffOh%7Zk)cfhx5DO+h!>Jw_5Uz^8sPU z!{2sxGBL3-SER$_1|ZUT6zvvZ?hR3YjUzhWS>+%QZ1CFqAG%B_u2?*?l&0W7_SFNc z4r90ufD}~|K5xsRK>X~hfWu|TWBA{neg>P`92TZ2IDt79G;$@dhf?oqA!WfRh89vV z=|AkOrwh~6!uGOPpMEulB{zk*zSuP7en{7m+AMa9d+St{R6$wPWaNpA*Xy(lF*RM; zdl^yoMpS>0U}NSfvm>fiRp|WAFpMOW^f$Zp>u)0`PtrNlFTO!mb!$3kDwV~Nt{8-R zj7#ew$RB{ z%$k5QGAjwt=}SBO(CX8j($?hxI4l(33Lofyh7xRp>fRi<;(H7@c{$;Q1N$Ov=^XHD z;SgmazIzukYb+^%W0hR5skR^7i$L56Rf?`?03Z*0o$SH1vVM+s?z4^CKm;YApx(O? zqdqx?y*zC8wcaD+&n9nU8)-$wq0eUZGUU%jzOYSmxvDg%#qPrWVw_jf8`D^kQKR8gVRnsJy4eKmz#44%|qjm|NeCBLBoR73cWm->98P9?N@-3 z3yDOdqvW2GtmO|bT3C;jv5Nzc98klRJ5<2bFe}TeAw=;b!aolvz))fk)H=&o26fY9 zwJC&p<^J=P?DRxYM~nI-R*3AbZr`qw1zR=exdR?!!D|IGH9-Zl*VhRCxj{ED!htta z7_*KsL81dsVqx*aTg=7})$Z%AIndG*pWWEWQyVRR_pE{9g1H?+xNMVYmv;qW`jjZx z69w_`SdB7^VAD*dW*Q(yUWt^+Rn`7G7Sfnu;w8ly>vUZ+$@lH3K*ziJ2Igg_w7|_Ez+T_A?;8eH5cVQvWZ5I z0>r^Qx_)Qs{*&UE+8B>O@8&OSf+*LxQN!AGbNB1VB~}b-+X8>&s_J>%yP4MwHoRWV zm+-kk_RBqAmmT0#V3DbRP}oyGE%*}%C48HF(^wN9M;J*v4fP<&c19a1%Nxau^#{54 ziH9ux(n{CfzgU`#KHVe2`ofKYr|lX;9KP$NmRSSMUsB3+6Lc^1+1<8%-|#`Z#(l}v zmF|U3i#!<{3|M&#bUi?`EAsHw9;Fg%_N_txMg-HCccvc9&GuD)-FGS#-%k|2I9|%3 zc?`rrs%ucziAc0Wq)|0qCNMOm6RpGOe{GZZ4_)F`e+%!;ejdV+a)_=u@=a>t?0wz+ zD8vy2p96cW{=tcbix6f^_b${-ah(Vl+%e?(HFQZ~eTHZ=|LIdDSXkL<- zh#-#DURQd_+~fNCWW8mvTn)=^)~k#)b{-h3(GTddZKi~}r_}ePG~W{WcQ?ExT%|F! zkCM1|oiaM__k`SM-5?N_73UaNDoT;up!{cLr z=boBo1(ETB!8kDxih%O}(h5EasKO6i>N|rUxY(zymCNr%LkZC zT%F;Wc|xKHKP&vy2avaGKPdrSA~dHEDoVXQGhy6-s7Dngd>ebUcB1Dfkz>MBiNO)O z$%tzMGMp#be)^gs=^TW_+ph3moJJxFT3@?4mqFH#`3!8JN=&qeBYDkM;7WEVL((5T z__x|DqkB=NV0Bh~B-u=?A*Hi8$$)w@$6J<)$zaL?{4TWBKkBTvPW|14!S*G}-lW}h z=UV+t)M@>4tA^Q}y3|{X9}wf}wf9SYgYjcyd)XcFJ$P0rs3MhuReu$N7M`ONX2oI6 zp#@~7olPu#1qR)qPctP6MD0GXj)bva5b8gzlEY|Y-=)sv*}lRwo_%)6{=rj@M8N+UO|R=SNhX~ah>_UM&YqgynI8fbWuVYsAMMUDRA=pN!;4R#kSHs&-J-XEBD zxicXnJYdy5FnJ)riGd`QSg!w3Ay4heOUCX_Df7}r4zd|!0eH^SDSV(NJl^+o3-J4r z8u-2rlSk!UV5_F~As4|cr@lF!=mzd0fa_)M!ayfGFq}~;Nqu;5ue26xNq;bAti1*_ zo7c9ezq{WvC}f%>#D2NbCl_^p;C*?{jn^9iW}}-KrmivLkDjmEo8R-ws7M~stDCAw zhho>mz>Cs`QYRjLY;Sw(m}<6vXMalbxE8bLSNum!CS*+%*C{J-dRO9REAnCm^P=4) zo*0!>l`y(#DTKHuq(TWeO^x+LTi^$-LlMukM|k#4hZLMCFgvs(4p}R{EFq4F=Rjes zIuOP2VNdMnL$VR^V8j(rX$c3MIFYkGc7W!n#Yi4?q_aq!vchYuc(E>xQ_fMhH602N zE7LGG>ri#>t9ubCdcI!6{Gp(c+WQfI&n!A=TM_cD#RX&UfYv}Lbx9SJIt+)%PO5|O z45+-u9B|_hK)-UV2s^ih1w|!(1-(|n`5=>w$Pn2f&0;sLequ07fa?nh@lYfBM-23j zXVx?1h0s&9?pGLFDo^gNy@&rnL11>xTK;h7wk(Z(z(QVRA=|v4%%GV#wI;#&cUjObm2-P+T38f$Oi}@jpS4xFj zL{&3H!^3mgI%q_x`h-C`F}i{)XWuYSUOu*c&K=+oH6c^ z?-ViMAo3E*LLf>t$C~neue%82#aDYSJthARhSA`TBSuwOxxWE9@^kYJMpOpa-5~ut zaYSQiO+F?OfSZym@V+jcaZtS8Y+KRI9Dy*XhmW_shB8%a1<^L<1QXw>dU1iml`r-q z>;Hn1PF!Y8%tw*?Q0%$5K0U6~WPL-Q0EPs$@%5*{Mfz{`&$A#%v1!t`tW%%vKsyZ} zMJr7`Xzjby3hvilEx*$UVKUoKt}GLL<-qvLO^dPh^lx@fzMa!;8Jg2jsHk(4q(^ok z3g!kC*(Q}2B2-IE&CD^T&XG#a|4U#wPR=k^wmG(DL>42sVU-$z_f)7?fOU6P%F zGd)-xm_Yo*{Y6@~zVZD*Teyh9vS=BWVHoTSREi9CrcC8bAs1%t2M#qjKcQjXbnGP919i=?PHR&-d+f zZ2BBWxX1yFW{d@q7xJLu&<|M@C=1#X@Rv7!aN?zhgE;pZpc~hx#l1KejgkbT20iN& zQAu?VV!nN{i4;o=d!sbsBa7)VxmgrxAG(iSbBXdcR;6_LdgS@ByX2zvx-zd?5;Our z^%$LGLmK&H#%NShIw`9ni{t!|9QA&*1u;giOQQNW3#Tc$Z~m!aQdnHhf4_UP6`=sJFWK2Ye;RQcVkw!Btg_}VCF-`+j9t?EpE`4qXMv7ww^!gE=PT%U7`oM`KD968 zK!A*Tl!ke_Zo)#xGi~FvC-&=1DM~mW<^ZK=%{&~#k4&phve;qW=kM4ugx=}Cbbs+J zlp_>EH_gdu%bjB`Uh!SP-pq}-=Oe{c4_MyJ4Wh=ptdm&?7e9Ih78;cp?}u0S^g6Fo zj{Gb|_ee)gxe>n5VPT#%DDOt~w$mu3c@#45NsV-dZ;DkMwk5jjZvXeE`lEn}Gfl|3 z&Hw)7R z*H3q@MqI)khbI9&{;8DP>T_*D$u;>?%=!0mtADbc-d1zL{@Ozeg=l>+A5Sr_$+MA` z4@&ZmECKoiPHm9I9i&pm%wl!^W`8gx6#F^Ag!}4!gderNq>?3Mj-dTpKdlax0jYH0 zh45sa1ct=9-wt*8c!u`NA%$>MxF}AOt9O*uCu7Zq+7Ms}yA?YDCMf|%cAM$b=Grs? zk5U9^x?&hZM*PT1!%6gpuMmi?qzX^ehFX|3RW}uL*6-I)=Fu{isMk&2S80oUx}s5t zy_3*isRO@28PTXKVzE6CE&&e634M>_*Srj9v!fa--VxDd3B&AW>Tn$j#cxA&$aq)w z$Iu}v$p9~gXKGlUqjaqq>w8~IqDCISs4?I+7BZaSLY_xnOpU6&2jjC95vE}ZRwOme z8WP`H3%RX+a^s2oGu>92xZE6+$h8L6S4yeyWOTC>87_^Rz?}r(LlYk!4fM<6B>&C- z)7yG4`uy9scax2#luFn2jRB#Iqcx%zG=pZKlNA+w+(SHj>zh`BzZHF-nyxXXxsB~r z&;O%h=I+0jd5V!K!whL{%=Wo%1@)9>m1PGlnz}aE>A)Kh4SH2iN1GS%2k-Ly*X=WP z9#oAJ6mw+Aej6)atAD6SVya^TVH8DO*0}7SfJ=CscjR`H{N?A7N)R~^FcGZ}zUI$% zFE-Xuq^z7#yHOVGRF&MYkAxVnzq|sUvtLqQfbpFF95oejTpPg@w&e+;cgg!lf}Eu}NJ*gJfA;Y3arX}PJ=r>I z)ERy95mYM_7!yyk6;ET-21%?g`dBMLDUE%uiYniW2nZZRf5$4FSeUK(W32#wlD!6l zC*=NYwh+$evs#erL!cp)<(VIf zBf)HiusKa8^4vs}aE*eKNm1V1VpO%q>>X#yTm?|XJ9!#%sy;5=>GH4S&4eMuX3*{W`0q3IJKXTQfGt^wnFYgIvX=+ybggBz=LipC z8w5iZ+UAm_+#yGih!{&zj*7qK@T|8&&0jqNmfqEn=5bX6wT+z0JH=|b{t?M2h6XMn zX^Gfr1wu`3;AC8`SNx#!0DYuIhUuya%R3#gd#Rink*QKA>>z`Y@)`(RmrA)wn|aMH zu=jrvv3q7J(Ks&AVjhPsS~D2?T4WZ4S(s^(#ttc$U-eVfhTu$6E=9}>-D0?zg&ug* zlZl-M*v^lrLtSfj67-uBhS8bNF?4w97~}onWw^|fGNjNV*5?@_7WE9e&$xD^3KzAS z^_`II zu2pmO4^B>FPD_YK^?>7F(SXQ_AZKt*`s%;FuG2QT)|QkYO-O)j-&lqA^|!2woWmd+ z4+Y-~Z`t=Olg2mI*W_PTWKe#8Kdiy3WK40P!*1LS{9xxK%3mAClUn9Xa1Bg%dJnB} z^C;*=N%T5`EMh_eJlW$c&eKw!#L#o-TiHY2X%zTtKjSepxJ&3C2Xr~#x#vIjGo;?* z+kw9jgbt31ZXDp<4=vBmh%=)-il6(Nc$2*M!(g~JgtYFebK4{i9r<#W=jA&~gZC$b zj!3YYLz}IX#{d4bC6B$9g@WeP%yXErfhC>gye;@Vd^1;9C>2`6JIaorul;)tJK-GN z>b*UDATuT=;84K5u9C|*(BYrcP*bN?qB%YRk1DGF{?wWX z_Cwlz&c7*$e>?8;lUY9jP5MtQ?kdjw>&4vtVVktw1+{p9(3?C3zhwnYzO>DekoiOO z!=JFJ?*H{?>i?4=Dloou7Rp=-FnUdy^qMDsf!$vCc=Q>p0Q)6nBiOI}8YDR-^UhJ( zQ+Fl5U-oGGBDVEw8#}v%>=sKXk)F9kOgb|MAI7Px4= zL5!{@k-N;g0!0az(-VT7og2s7yp4R-uSAF3Y+z(9pvgQvFsBBKnnWsaU1yA*NDV2T zh0sS>m)1!H3eR4f7~)Az2h8mEi-uHHV(Py$rIM7|-Ibf;sYuAMmbCK3*749dH;)-R zAFZvsGr=#FF*rrj^#3sIOtAyqZx5-pT14f~K`k?w8Wfh9V zg!M9=MnnD1SxZ>R;w4dcE{QYlb%irR(LZyoz*1&E`0G9jzNIJ!22^68Ma+pk_w+$* zYhy2Pubrm_QRcp}f|d8K1^xBq@l{?O3wGMuV^bfDB6~JXhw~=hY554^7bGIZF=73x zW$~0C^E#Vo)n^c-0j998n&PbFCFdKx5fDREem}y7wgtUTK``CU;!MRAmu^2ojiX1j zAR;Gno~A01@b2rEnS{ug9PG~{yx#2qS7&y9h}pHkc^3@`-Xsx6w(0XvEVF9!oX$S? z4pI%<=AJ>eg-Z{9qua5Q8n1%7C$h>SKg*WFgn9h^wv{<#^hdL`DZ6Nm)#=*rEdc83DVJs#|TzB}}^^!5aFH(Er6 zSlA=S8~D3iD-fn)Q!A$FIVW6*N+Qv8}(gzmg33-6W%!c?0iEdVBnjngCRq4=a*WM5(ijCQ@F+?#Cwii3& zD%odIX;Cj^KtvM;ZnvO1k>|PpnMTTRb%B1W!b5fCDeTFW@KfNrb4SOyK;i_sP-3Yo zIy4M@)(-J7>le9}0-s}J_k$$1Zs~n^=cjIcIz63NljpZNHcikqpv+~$v<7FY&Kwm- zVm3cu5!D}a3#-?5q}%1qZ4d8NUbF9YXDAguxy;mjZIR8+25wd$tdyRQ>o~Jp*Bxup zs^kWXdg#rN-wKlIhfql^P&-Xf2JReI7DVG&a6%dYqrjmA259Zo4~Euat$^b_+qj=G z22dr<93wD^5yRCEe#GDYvIgw{#}kCliJK6_r<@-O0yey; z?Kqah0K^X3QR!QqYuQoq%R-)lb@Iv@nBsmBH}Pi!0i9ecLGw0#Ep07jS?StvNg)~G zdv@9D)8yN)Czf7Q2p54A9Z`ZHYvv|GaQl-kLrf@>hf^sWx*b^nB^@*V-m_s- ztlT$cZ~`CpVGGr)K@$tB=gf%&-%Efh<*q7&_!79tQcda;?N3D9E#s=Pm&#R0!HQk4 zLl@Rlv1gZ58fWVtz)pR_gkND_%}d3`)@*oQTK$X^3&^G#e7h zf##LLR?c5mF^l%cGyTz8v>_pRD~)zdwLz#XeHa~Eu4XX0BN_9szscsXE`SQ01-jC@C$smw&LW!fRP9pmnF}W9Es;Lcbx)oj$ z=wlfr+DEpWHqax0F_DhbZb_nae^0^*Vc>6+-R_>%xe~1N8J_N`XCmDnr?$gS4;X_7i7v9ON0ryE zczZ}$&(ldZZ3r5E^I?#hU-dM}Ui0+RjIgU3Ir=vSv15QZX9%oN=%@bntv?ZoV5@=F zhu+wq!HW{xdR#-`UO6B&*k?S8lU%~2U7mjMXR~GF&o$wzENOA#S?JJ$aI@1@BXqv1m0I#$7V-UKFwHV^y zBO!rc%9=FxLZq{14^j#KM|Wp;1JpIs+S#3`@dtEdCZ7J=kgF0lYi$cd45b-(cUJ@@ ze$G`Ax78ofWR>UmF`iLaLGMyBb@`r-`nuVQbNUD2>D><0k8l|yqy&)lwC5^&kNO=c z0QARUV+4|v0M(@EFAwa*DeW7VhT?ndSa88jR}1JieD&4l!Nc-0Op$8~apA}97w+L_ zyW8Tn#uJ6>2@$}V&0C>2Mni4>Qu1&RL68(OMq1=e&X;&PughCWi9fB2wsR?WO@Hl1 zrq|iDURWoF$|a9%zOS+rx60*{I5CqWV=ew{^h+#O^dii{IHbW3o!cv5-`_}`q%ic2 z^vyzy)jiP&t`10sz#1;>?@y8D7=OrYEM$z1$DiWb-PS@%Sq9W?;3Xg66Cby~QOODb zEOwdqnpkh}zl2z{g(7Gup~)0_=layvJFN3S!3{SdEaIkfhZf}BfRv!s$f+* zY(&EA7l`ft$8AITXX^#HSMjmj&FYU=%4LUN+P`+ufQt$r3{y+Rb`bWmstu42dW-J{JsQx zzsw=AXGs}5Sa?0w1RP*IL3#H8yq7Bt3Sb^tR`EFlr5M^T{4FEM7h;++w$!=K*cd-k z4k{^n%=SOCSpSt$K`@+}EBpK0lGL1Wta+V|4z~Kkf;+axa4fXS(IZII->hln!UlpY z_54<(w6HPORWUupCP)5CRbjx~h@mVfOi$O3B&zaXF>2DuDtF-XZ1;aU@?|&&UBCY0 zk+6fDjPcWfb@Mvmt5`+F-e4n<|>U#rcb3w|-8aYB5DWF-*;nVF$PX&P3O z{SnPxe!HCIS>Fr9TJ}OX%Z8-W8_R-su~AGI;a_A@uags)bH6Z&`UZ6pL=QfU!ZcXD z_fMiBwV;V(w9maYO*jF56h&!_{^;O`5S#@$O(|8_yw0kKrx)xNW1lM3<+C;+1kLL&m+RQKVxc5G$jaB z=Mfi;Xu6kcxLn@t1AT*bj|A$KL~j+{lR236wDE|}8mnG;JfT2WfE5f?2Q#-EOS~K8 zk|$o<=L(&+7AdmeJ|FWZVB{x+b_%n0(pJU{hkVbnpG=Um(n!CuvuH3OtT2G4p7`c) zLYG`8FtlXa&d%-=?;r;EL`kI^i|D%d0PWBI>Z>ZlTy*VtZ!FiQc!5W2c|qr_7wMoE zY<03x^Zvyy%1MWG0@*?CTKx*P`o&FRW%jjt*-J+6;7mJflV@dSy@o zWC+2}65XeBA#k`r3V9{e|I6em^+uT&Oe+u$chDW9i_5w3VbL=|N$F$yE@j!XVYjP|-~!15?^Xom;2CllY~-lS2>A$=~N`tB^TE?zg`lRi0I0U%$Y6mT%N})YDIw6?<=5Ix)!r{ z_launH0Cn+Wl=taYo!4nu;b3^H^>u4Wf?@tM0u^((^f-rCE$!=8aQ-VE_xv*5)35)|N~8Jdd$`Jpyzr~G zsf5F<6*9{6{S9TE8hjmdrIcy!$+rMZYNPY_2aER)z+p_7J+c>pL&syTEA@Jtz+`Oo zs#3;6<{f8&BTr7?i4j}X^IfYPONO;(@cRCc9O zQ78*K$Va^&sT`CfOq5n3Ak9JJdIXWA3&qHH-InxSWv)}zN@wb+ndo;f$ z1S&spY&cU%+)X5LXnHh4dYf3HTHrQFk1+|zpx(a!h1pzeqWQia9~v&W;j8p!vd4}+ z&4S0*s=n`2*+L2e4yir*j3d>nV0QnBZ-*sbG!w-$(`aflIDM_(PG$JJ%Va;}Ht6s+ z*H>k#E?}lr?&Bd`hrxZEe_+&%9WkqtZOU{bJFx_R#HQn0Rmn4(x9*I{*+Wzt7m}yM zo;L}WJfaT`%I?NB6flBWY%>q*GmT4i@*-hYp}7Ih@*0SVWOk3TF!sr-5y+pQL-2>d zZ_uNieLSNeUv5+!h3FT_7>*R;ciPO~wr(TG;vW6ys1qlP{<1(y#`>(3Lb9FUH{0-d zb>KVsJJjl81YxT&EJj{Q#r$FjQEIwJfd!Y|1U5N^nZ17oH-m0eSv;Y~;nLEZ3ONy# zuk7`qnV z@9Ebs%c@EyS=9^4#3f=~-BO1pD>Ran8BlD7)=?_M)Aqs?G2CdoLKv@s{-1e5An8}| zQWdB>V6jfIbD;8&UD4@ehax7A(yG+{4C5?AAL5Es;4M>kl(WT}EF(#t0{gh=0d zO_=O_*r%{Qht3&PSiewk_xZ6Xb`k3`Fog}8;{CkLJsW==jE)5OY{A5OP@Q+~PK3`A z^l{?Pem&zE@)fvRr$Er5gQi*9MdQxnwckS!#QopvpFXnd!;99 z2HB$;L1tlIv|8P!Is(DVHzL@caK7ZavG=8r?4~o-#uhVQ5VQX18GLiZkK-l{9c=-r z1Cb`-&;D-4x}IF|)pyNQGNScd_+mFjyHOWUo2nxuhCHaE?}ewM+y3e5zx=*W3Zu%z zy~stiHoOgw?=u05qF!OmW)OT8n>;13V8zD}!XaxG=pel6FmWum*2(>k&>L?PVk3S} z2DuMBjEbC5>z1zeU z>0z@F`Ky0i>6Kw^thz+DHZT4f>_lOdJT|@#@w2;BPtS6k2%))bj!S{dpA}XW-tpo^ zOau8qLEUSdbMUj=CzK|X4EDtT#$sCK_ z)aT(3At5@5cWD&)Jik^q9qvSu(mmPCeWG(>EUF@rq$O-tF0r#^Z5mVi`tno-p)Qf) zr$op!z<68Tj2~J*Q^mZ%<_#U1Y9AP{063wZC)d7${rLeom_xO{eN}2BTUNH^%94og z%@rQBiZCB7AK@sMgD0C520mj~F8^nS zYmR%+E5|%uR_j&OWe~8xsKO_eQmipWU2UNTMjL!v>~w>44YULSGPY`c^0qqPix@6Z zRHWUmILhv8@mc$zrK71`!S5TDf>6{|NF-a&BXl$}anlDpXf!nXAZN&p@0DV1Ckd1Y63up)Fuk zG`<3ZyY@i$G**M{KyeWJga%*C?w8mMUo;6%I!Fsn3svmth#DhVzMl8;ns`X>Gr^}) z7|p^H63-wOTGrqK@xqFx&8fn&JSJququvU3PW;W8q&1ulPOIjG8CA^=phfbnw_N;f zVfzz*LYy*H3P%38A3s{in$nF_Tr;W~|LaMgDXeJy2hIeF!aoSn>T70T#~dl@?`ikl z25dKHNERa^YfI8ct^d4SaV}g==gI(518^~;-Fb%_;L)p42zjr-kozRS%*c!9!poO2 z{gghbNv;H-I8YL1-0Od>v!CsdvJXq(oqI9lJ-yn}Hf{7S$@y4@7l$m6yWP5yOAZHsq|j1U=p(IcAq9H6+w|nr-{4YEuV=37JxA74*OspQ$s8*I)`7nx``|B}=|o$`r4eOFDR+R<-bG z56z|5LEgs!=Zb4H*-I!GT8+#EFkzy6G9@=^a{OvW-~t2>zb1CoOTU(D{h>D_Xt1;> zEp1ucgm~^}vsz{E&@p}Y$2rwbiDtLhkOe&kCnb{~_@KGlR_~zATf`fw(M>*dyHiMP zizR_*NEZ#40noy97C4Rxtama|rQQzMD(PskSklm5@Gpde23F z7F_m=q8R9hX9`J8-{n4>Fm9Pxb2x39ix@1?L5F9%P8bYhQmlmZhc}enw!UpT<=8l@ zjr_b?d}ENM;TLtCtXknDlXFXd=Y56Shnj0QsdIzlwaWX#_r!I_HKtrbhE!<&{z=Xe z;PA~#z-3j~-tgqpAqP$J+L`;sPw+Ks`+7PA9rwrhlc->rB!oSF2@y0cc2|~DzU`h~ z2F2E?lUS2hI)dMr*M4`qZz|8?coizsfAakMdo$Of!XfB{O8=i*DM5GdcX(cxs+^kI z@>Qw+DqmUeXLF;@B1Tlsw8Wx1l5m=-r$;mQS1=oP9CWNO&cC*T>qyJ>u!tncdi1vq zZ|uBa^tVNEeeIkU{QQ!bJ-bO&&M!z7oyn^)D59of5mGDCoQU?*P<3Z81 zmtNjBwKT1H2ckIBc2SJ)WRZtkE03r5XM>%cBUFJ-fKWqMZ%ENz)@hI65LuOz6K2!CK7@OgO1LCIOWJqBCam^>;1yE zJ%p%}uhA`_YmsED_IA3#%5ZEosVr{>TAZRN&gIquPs`Cp1Aa=$6Ctaj^(x&JRuWH2 zf}Otaig7WJKdL{$0!^Ep3CCVt$r1}*g7vY3+2bWhQXOUipX}!8lJxXjxNxx8liXN{ zCe@w$=C9xbpNfy}f4NEheel;obgk4Q6D|m`Wsmzis8$iGyo?(1Cp609$PO?^mnKN% zZ%B!x*!1Yx3MC9M^a}`@3Qpp}3i5AGCev*C8%g7w0ar3BBH9ohF08``i)+ZDF`J&( zSV;>bWsH6N)it6hj+CjoF!6y{8UKL%VItZAhPeCNjl2=~8GPuc`%^4NPF7-%5QO={ zU2Hsh#pQ?8G-lp_o!4bBx{7;shO5uYN-8~#uw-o68F0wdJ{2(94e0N~~^3W5q-YKeskIFMpzHH&{(liL6 zr^`eq;Lc)#phD#`ukn!>tVCN{atKkm()Gk85{B5Daco9?1E}Xmt7+!|pdet8k zF5Z}8~-j{PsjkYR|>N`5cRHo0IOHZX-Zfu73h$ zbzkp+#!Ow}!K$zq`DU55$(D1IvBu1VeFn-b3g)`>`U3?KQs?@y)7Jn|8m z+9xyh5bMj*EZFh+jU{oQ{`ty;tPg(B>(52iB>sw- zj#J@IBB>P+pglk2`8dRH@@{T`MNP)E>T@kqpbE`&!<)5G6IC!;ArWf&FwQqyl}^4N za>f7L{2Kh|{;}IU zHTr`OZ67mC4t{N)dNmV%tLN*j!{0`vWOv0ANA4eVdUh@j=@HQJ6c>VuyP8vKP0G;P zY_Qr5n)BNL8542+iKc94wcFLV47RVDSrO0CG|Tzjgd6vxw5A9K1fgSjZevlx3hInp ze=`RApE^XTh^rWN#lL8+b1v!c=64qP=?d4OD{N)8E9s^=D6zhy&!U3*>{nkW$Vf>z z9Cv~1)OJMN{U)>#eWyo&0Z;2j5Y>{Hl69}IictE_cC+t23s?!4z?5H}_U}(}0aP-v zs5^z!QcfrR>~@KTJ9k8d{CQuQ@OFJZ&@@?XZj`lOZ10sFP=M4l9@FbAbax|^WsWzG z;v})^sb#jOg9+mn@hR#)--km~OkKt7Ys}DjkZG zq5nlUvi)%T`M0C+|6EPrNY_5R8dn^`sAlagj%ZS+a(;8;{J=>OB4g+D7(`^42haS)E+C@Kp##2t zhD`=5V!z5ly4tKqhM$YN#Xyy1Of6kfu7^67R1CyYOh{1i}<8Rml;&F zLCBIp5lvXR>4gr@Uu_uW5gC?Yl=-tPYF$!YQuB}4+^Jfb6x<5X_%oa+cc|Cb>SKp` zXC}(4qRgb_igMQEHng?4m*!> zB$a|Eqh@spzRiX#xW*-lVj(L1FYS&jKR%Z=-`5yVY{Lc?u-oL@pc(}B33 z8SqbLXVKO0JOKu4D!gDb>!jR3=C!Q#;Ii1=>GC!HBVJ@1txw-Mi!yn; zAklmAausVmEDd&Lj0+@@od$L{?X5&%X?5AchR5|*HaLxI7z(+nJH$un{xx2b6}OPa zMG`)9yge`=e;I1YlWtUlkyL<}ngeANYn#{yq|d0qmy4SVrGV`TaG(m6?L&E9beRhV9QdeMo#{oK_+^XWved_#@;1~ujhpV4=%_&D|2oDsEAt>%ug0GrZ#@b# zovcdXt=8`p058On+&~~d+XM@e}cp((n(&LQauj*l9prCyG`P(fM3pGM(t13^9?qAiWS_r*>V{HldYOe|*> z+X^j}(*O7os(gvyfDp&gc`9|3A8~-|wPmV^>NV||I@nZ@0wimMv)`*SwVYHtW2MYL zJWR=uv!LC1Q9YSHE=r?+z4=R=t9&ub;ri2vf&t=|W~P`ZmLYc;ESp4z5DuZ1a{6cN zNHbL~?U%8NAe>dArqck?y(-A@DDw;3vHwrrWe&hmJjs^C*}Ah~<&P@CPdyYSV9FdK zY5odp`!)St?`gC-hv3P$G!95-#3nZP*3ORfx$Ka|sz3iy;U5v?ab?Q4F>iYZ+MBDc z1icBhl#%*#rq5e5+F#YW?8*B;MuZ)pW}dkI79NIs--2$lNo?l&oXnpn%SeKv!+BHo zNg)vv)hTu`f)Ji3)k9%ZTkH^9D)8CRnw8T^GTB!; z@28wq&mhk=ddx!V0tSkGQ7EZmT+W`IRDY_1kh*NYZXyw`^VYqiz& z9B~ac;Q)(AdEcmiyw5_le>&PTu}U50>5-`>kWBJ!wC6SC+h;1Iv+kp?pCJT#z>Q}W zwkI>+H+?%QUP1_@6N*OPu{b+h!AcN6^{6Q*?rNrxxP@p!|KehkU3p5iiMZ;WCD>(5 zAM`GJyGxgf&*XsvdKJ!~&&!;w?>dBY9#VSMIe@nCXK&Vk(<=T{k3|Tu2}M>hf?Phv zEvQcZ!A?St)?%`=t|ii`YkcpuP|&N*vh6-bd|j!{aE)nQ;D=DHa%yYUUMfM8YFetz zmlC5FQRHyY57B;mry_}f8^j-8y{%d&?S*Mop^2GD_ob869n2h+6065El@q>(ic^S$ z@zS59(x*$~wmK6a1AkO|hC8>J&(4)ztGMOGYe7KzOmi9wQqO5c8Dkuda-%~(aUozz1sQc`lAm&nxCt;SHzAds@W58LyceUY)SO5pe+NY%AE$hr)`~u4&`2} zRz!@hi<-tky|%^xdrCa^n-*eFfP@3b^}_{p~|9AZ0nNX ztXs>P&qP(p;VouaN_pXmjwXvVO7&d3y9vAjoBIi202}GXQQl6k;)nSFVBQsf0gxnk zKss1D(=IqH`YO|P3vp+n4*E+4JOdKa<6gHa7Wn;lMD5!5c#)Rr5bqYmrm@DdTH5QL zF1JSR1*>wK2GY*sxHkWKbLSkCkn}Tzz~-vH;a#7CyVv9{%ZjUbX*E@30JkISr)8?n zAqrW6gDpqUM{Zayd%?0bk4@c&gOG6oUAzu&3Kx z+RCBPh!}vyyFA0lCjseyf{-wgl7=jx)l~krCGa9dt2UqF0e&-f>P6%BkGZk>yfyE6 z0sp5s{^fe~T&c1oj)LG*wQKseVe|glnq$tJB(wz(=gYG*aLpFKJr)wr0b8_S@-JZ>? z9D?|GqY6+KKw&fkqGBd`B{-$u>01rtur#<(yee0tlk=K2z2eSVnlAGspzwVM##w-~ z$lcXFutR%2$eVGYAt+vgjY;%jeF1EG3d>Z%?|$bRyE4$sS+y@cH?J(8YeaPe^ZVyI zT6W4ZT~UEkxo9P$Rz)K_txmLqkoMa_&9@`qd^ zp9dGRiMqDQNK$n=nfPAKx=JvbVBLTtjrA`&NXkB@Eg|QexaHco3v1Z$2KJq)Ny&xD~}S^G1zhjZIc7Joo*&q=2ANbbWWP}j(Ba;$xs8XS!XXisT z`t5sw(IT*)*j871@3{g3VMO)P6mPO`;utO)sD2RS^q5!ACX}FwVvmPdEoE|tS1Bt7 zwHgv&c}Vgo5R zLQ32NAr{@gpwb=W2L+&>IIOH1c`-b)TG;aR&+j>)jRL$+a+RYR zjh0enA#W>WnkVwtv7piZh|tL7IuC=S1nP|n8Tg$tBh{WaLdc_>wm3g3@ra?!^_^AEv;X==U( z!R`=GPz~L|)mFf8I@1$Z8wanqdB4_o$X^^@YDSity=6q03*R}r*z$>}MK=9bq6F1Y zXm`)(o6L=Nsk;q>VHE`%_Zm?nA)E--D-<8~uVb=YyXb|jC+vKNMiG-)RRY=MBbOt9 zd^RMG_M1L(PM`Qu;UV_|W^N($P%nQ8XlxxNY$EpI?Vo+jb1vkJ4FvYvY35zyA-z%oy_cq;iXmXEZkELS+{i08kDVlf z4Md$#FzlRxF4Dj{C*;m6V6SCLDpmi}=R@(~=@O^qf={P@vWqyAE3ouI-8AfPC3&p~ zU~s!p%k-2PA67W2es<)mu!CPgQz~WX&Dem++8w*>+xp$Q6*g193@XsKSa!#>%i*B;_6>c zU_+R4yz9Myw9bcqocSn%?%%q_N9uNO&!B(4Zu)wx{$(c3ZUUN=H+aYge%5odDr+&A z{4~fbz&5Jd5jA`7D_}-y;uuU}=A^gGpIg)wFbH0fGfh(5kU$GQ)xDS_)q-vGia_C^ zMj*;cd&e~Gfi8Y5h?At{Zdf*@=G5ldeI#ztVZbJgo z!k>l)zu+D(qT{IUU@}Iu_Y_(l`Ba2~5l8EHvhx$sA&VbN^!rBF{p?xBI0}e=z1!ne z_sElPArJrYdZGvAcq@0O^~fB2=ELV^$mlX^u7G=(qMaJF-fB<=C{0_#AKKT9@F*1zOkRjKaZ>$2W!!nDTUM>JNxnrJ9M5p$NL zA3&r{1dB_AHEz19=ej8fRw|1*N+uFaPP&54>t#@zj@3Y3ByoTGIokw46DIC#F0h*6 z0S#DWD-sy`{!A-5$^ZldE7qKwuP`KeVAGOJB=@uSXw)Ydt4=V_4dq0E8SqZ zfTOHmz&^L(xi%u6PH;FEDVVFaOK-GSGi{R{3Lk_MkRmd_lhp_H=si(N1&&Us(w1)d z;Af7RLh1y2`l}^F5vQeG;_R0i$G%DGk#D7Ua+!r>675L-P=_OiWIcR}wyfj4Mr50^ zA5!rt^KecdL;fe{x|Jew2s6&70+{A~O;YT0n7d0RL=+q96#Jt-q-eR=vb0C{R*>sSGvkpKsD`UMDZ3%h zlNIe}ntN+lNWkG>+oyQBDapl7TixR)168L~4^sEweGTwCl&v~t=EV`$7(D`^bM-=y z0?w)&nGXjAGTZjy6UDu_`p7#kKo>a`z`dncxs&yGlax`w31J|GJ_Ww6)7=pqV(#EP z)F;}~oIpzop8wQq7LYZ$z5y+x>UIEM%SMkIz6%MHP3eKq&X@9VuC1FZ?ln%jx zJmD~G;c_+`eoH}z6-FD8=SH%{N4RSCtt^Swg>z6yE$TW=0mQ;RZY9dBeOEX>;WMu5 z+soQ6Q%>bNM^vFoLb<;%WWywH)vW8a?9taJNOpq(qe+NOF6ieKv?7oX{)sck3EoJ( z#?#8vDAm)Un+VvREb(c*a+fvP{NwKG7jr{*Bc1i}iUN}&DYn#l3}s_DF`}z9=J$w` z>Nkb;Tgq_#z!DIFoh6xw;z|PBn!Ys|-d-QktcLo?`KoEXYWkfzmYSy!@B9+r2l+O$ za~smyz^MwL$*^y)5t%YRRVj21xatGfiS3T-&k{tHlMxW=Lh3WrKA>{tq!3WIdQ46n zSPs<}(Ty)MXjU>&-NM=ye${KGw;MyU`wcDeT%rlg+c8plTt%Jc~8zVRA}No9JOYkzniZOut}$c7*}PuKuB=KH)V`}-5v8I;UC zLJ%$chDA)g+Pag7KhtBz=Gz23gKt)-BWKq=uCZuY6>O#DBqmW9B#w%gxBa#7fHck{ z4Iggi@nS1(6l=joL~zyW$g_7*X<}HKEo$?R)<$RJ;6mv*x9-R!^AF}x>$Wty5>now zS5}wo2?+VTyiLzZtPNWTS=FI$D<=KfS#$}jecbtOWb!1#@Lo$^n3-mVQLAQG9{5m3 zDmF_be}d#lax5{DaubQR6?cJPiH+|upq<)1DQ*z3ks#o zBLd5mB$Sn;4@gU9l3GWk1IPSbd@FsjD7UIVEd<4;i`7xX$6y7Y2)i3^J<*CGDIZt2Q+l9Bbmy0_|7g^ZmyLiEPD@c9vtjjmQSn)`r%V?-}^ z)w7~-5v6ug2}d5#tl(9$sT!I|F)A}9=6l+zIx0(TB`!UaYTca&_e*8he^|*rq7a+S z()Nr!4lRIRk$NP1gM+B%jm3)`RWzU_F|1yuJ3A^KG75c2A4!fs&)P3xe&eK-1C~26 zK#uiIde2~M8+{T}xB76dZ6vooQ07-n|8n7W>pldo#7X@o46wmDE9Q{04_e>gMDKDM zK&l4sbUgq=Ys-2>{9RUdIYMYCiM-f2#k8q2>g;~gm7|zZMNxg~iTYuatD`e`oTdj}Gqy zA|(L>-qU%FgheDa3~j+yc6n;dXL@*YKi4zjg$Y5jV-jsCSJ=kGpUaoA%rA^u-TG39 z+H>C2D4n;s{-_yW$mvLB-iH6Qa;}q4l>!_V1*X!WqVyno_}={igJFNKuTBhy0 zpo26Dx-)%)uc(t|^sYQN@-85i5;3oLSW#_@6!M-cD^TyxHIfRer7t~gP`|APtl9|y z&d%b!PJ$4HKshaMLk{1+e&H627ys4D&DT5M`>$isg*DdY77)a-+~BUIXjMl_98yd! zPKv&SYdGvXRIp_K0e=!NGujK~cpQ>FuCo$bP}V+^(enB>J%Hz^l@O%(g7cK&e(n36 zU%P^?XKlKYAKw2y(=m5-xXwW66%Dzn|J0V5jKbvk%%5K}NN<3>Q?+}yHX@lqW<*Gr zIwqFmVjg%pI0feBsH)m~ARXtXO3*jmdQo%Dy;uG^X3!IbJC2~Z&0J$K4am!%u9w5mB+RUyF;!HC4zN3rZb089hWf%f&YxLI453$Lqx+ zunhNp3pgO!z3#aVl4$s*F+4ue4B~QVSMe!&+C$! z8|@12=r@e!+o6sr_3K^)jt|fop$TOq8keYRxZVuU6~63a%Rgf1717kk%H#v3RszY= zdn=GI9F{+?4r*3qp`8bY0vyc%qF0Ye83U#-;1E&bX6nDrme2-2CVQ2c=Y&6xSJq^> zg(?fzcxn|C%Ny8|Cn?@uIm{KX6ww!-Tq?rhW8Ol0GCw;qD~XE>v$iyR3*>E<09S`2 zTfb&B=*Be%-d{Mbu0{(}$Q>a1iiSpie(2c4>PXxSHKO#^+Ig%#&9rt?&A$>kS{KPDhwFGSlQb2rEmC7{DHwJrMQs!@S ztHJG)a!Tf{jZO_}7yHHs)>ucXoylg(i>nBIAUdeVo9*;o&lZ|3$YNF5M6-kVpVF3{ zZnvoQ-Q8F|iw$sT_e`hNDpGB}ZDf5=?&}~*Zu748X0agFVUip3r`Y(6tG!CRpAMEq@kVT~~6>*}3`7VDH9TUfotGY?zg? z-UvYDhL@Qb54Y5I_XN%_emMP)MPNVrR0&Jz961Vqu1D!C%y;nKYLe}1+m~$ zjq`e9{H|i;7*l?&1k|4_tQk3`QdahguVGL{-crP%lB$8g{c)_y-MG@9YD&;n_Q_5F zsQ!mfY_3*=>?Q^T`-%GxP8j3l_&0F+SRc!Dh6XcaAK}QaU<$KU8A?PpuZ{sa8#pgM z15=(y;jNn{(I>qbS-?$jKC5yKbD9eW2J#uomPGb&Mdj>g*L8(Bbz?&x6uLonD5d=I zpWfscOmjB*hG8g}Uzng?osqOLBAGeRoEpV4aA^%(Y|K?Q&(xNFOkvzzf(J=0Atf`Z z^g^=T&{rov!&gRK|#D^VHTh^cEv64nc|a z#fRSo0(X7qV0glCN+dtF^+_+k^A_5h3LzbU zKhdLg2t&~*9mtcRZSHDRh2xyK=sFCkYbGj8_#HcNmV1@0O_m8ujxKV=i+ThB@q(Eh zk6wM6|HL)!Xw5>5*IsX_A;1~{rBIaxKlMYwa?CQA-(b7}p%0AU697>1WsNo{V*i2c zHPTeYjY^QTiC(TCO1RqzZKrjP9nJnEC3vp+!{j!3;}Q_l5X$z{M> zv!3rP5zno_q9&sGj(=7tA*IdV7|qWWuRc;vhWi3>tMlj+EX3Oe!Hv0wq>x_8 zk7&(&Ix+PN_M`ihjyz_OSMg#)L2$awRjr|U4)x@88GQrJ`K@(LhN@enR%bpfn{myx zAav_?ylOARkhId82Nucb^L0v(m&t0bwmtTWd7m3^nK>AE$9~OA=?Ue_^Gdkd(Y!{c zMuyQ?gPEAHrIfw0KvI>3I?czayP()zZbl%vywFS0K?)tJCY{nx*3SzP?Co!pky`be zeC201P9FKW$BQ$K>s$SyJZz;$`jG}>)0>0<%4Cl zx;GzJCsaRvnpU312&PHz(f05S-kfr5BU(8ncU4_-iiLvWuMPsK4x_epGLxz^6mPXj z%9IZy0OLR2Z~gw|`UD}5wQc*@>DR`VK~}MGzmtc4lAjTfZ!ip(Ew-f``PSyDpDl-q z8~6-J8I93mKH*!2n|#;{^w0#xbM8&{b!Rp((lS9i9ld~E2tb~0+u`Htc60zNs@TEB z{-hV2cwiDO>hE$P?YFU32xv{=G)95bLKE_-`ot-BDRp(7?2R`E@}l$wioaxSNCnsA z;Ac#wf=jzsrn2+Iz$yFTRJsB{3?Qi%pzC~^t7RrTnTdVW5doWA zAO*?w>d0>4q*fcRr8v$k`F>BRS#p&Lv_yB4K))6|D4Rs`uJPGp@2LS&3IIVZK^dbS zHlz`O*<2a`bm|3jaKEs>(=tGI?7EQ**f|cfue&~lmDCDk;tEgl&TvLd*uyDcuG%c` zQjmxGOgZ~<(;xj%|L+)yEtiAOFVe^fr0Sq{G*Ss_YMD;9O^yV&YLx(=#C4o>6)N)KbXisM>(V!o zpkW>3Qm{mC%U*TuT>C`;3>mm=O>hO;L*Itl zIfu4_$*{v7LqRoxJS8^J*pKXc09bHg7f^p-ggkPXO=y9r*o>{-OKcLFl$Kw9^Ii9K@F)m4&#tTNjk)@wXghVl&)d!pdgXWkR#-Io=FqtOz!Xf&cmAEb6{Z1H;mEf}$0q zaM9hwT*bbB^Ztz@B2o_OU@_LLGAntNNjBJurhaLe)MCj2&1XiN0ROAMppTRCibxnEyR zmm{>v4&~4829d=RX`bw^2PRMY7y*MKM&Eo(^^XdAHG$|qztkfKZE^qAdFuUt>?1vu~(nh=e_ry_gKAlKkR>a_LkCNcCe$U2lOqZ7} zf}Bk&jb06>njm3IKo2n^kRGu3RYA6&^-1NfSl@85)}FGXSfSUtJ?aDVt4fD?y0WUB z<_ENfOfE2$1*vw_+$2RAm{|Xc||Ka%CVMFHO{MDRvN>r-LgxJMxVt{q6J4R<$e> zZhCvVe(apA0*CEM-)-vht`LT)T^-u};mMAoXP|m~W!fdR>dc+vj3!?($}5c8UNqSq zwXWIJHr}sLzf^&ve7%!*)r-}+p6ioB_HIr`tI>TNe`<7cvsbtJDf439z3eFOE%*tT z6tS-%DIUZLP)=!sNWqh8>+6aK6t-6_`Tu7-TR+}2q`s9Qtw>{o4I<&nN6I6@iI9F?<|yG z#`_5K4DsatnFeQD99(sYJh~5dc~Azb^EE8>+|~7g?qPR4 zu>$=MHYB0#^Nrm@>-;;r8GpE-Y(g%s+{`xXw7enjyz=NUx=nA!4KSaULE&dTBXoF8 zCdseDse+BmC6c(T(-vtJLxMS9YPt(LsJA8v=BU_C=_NM7yuz8GsILDj+dii=v|c7m zB$@u641e$MkWsllHN49Dtok7RS%&gcJV-S^zdciN!!7e%?x_uKA8TR%^kh6BXbZ-G zdUY3wnNVpqkwz5nl|{X#^@y#cUi~G8*FrrmZD7WzOTPH3(klhd0 zE>SmjQ+vBSF%q!U`OdMzp;x8?t#Ng-Z&0Y9M?p5#DOkP6Pc%sdNX^{*dVZw2_Vn35 zlGL$8Pob>&z}kPWKVDOO{}|QJ`XzG6%9`Kh7g+L=#kAvzbOKm z4|zcF_rQ8#BXV70CN{6qGjP1m)J}8s73-h$*kVImQf$sjioF)v-7G^}eL_6B97i4p zMl!<7&bhIzSLm8KS9)mqr>p6#*2ditS<`w?Yp)1#6*F;|>Hz9lPvbWqgz(yzVu2zQ zCf}zZR$OhGU|J%Fm(90Ab$_U}51eYAYbHpKfK@xg@DR*mVXrs}DvQzuJ&o64>pfZg zjC^Y}UCy4^_hHTSmz>`DbA zAmnL^52xpH0G2dahCOJpm(c6=T=#CW>1SvawAYxnd0b&yT_lZ_UTodvj4@#sswv{T zpU47McFGyNp&Ggwe-_E>TCIhBr1a2z?*QvQUXH(vZaz-usw8QkXp@O45nG$_x{r6mYLkqQOCR zw5ks%?^|r&`fgA%z}I7qi1$qdw{=X_*TXyNmRcV*oSbtDX!yx>cHW};G5X_6PT2nA zBP=lpfA|ldT>GR7%fBwC+e}yJ17cEyTRHtvI})&Jwl?J;KN%*^ z8_Qk?i$EK%BwPUqaWV>{g@CutY=8wd+)#`H8f_baA1b`JXdF!Kn&60#^0q`LrCR89h%sM#5e z5&W_TZ$^C-!B58Uf{@9(pL~pTA`IVuRnO9*zek?-X#l5Id-R?vZ0b4mOMX4ToX$FDBX{m-GA3H)2>l>mCklE?C+Jk*QFaq z7_OAmsKZD2CH`=a@zl&ZTQf1B+N)l+$E^W020b1>$(cPN`#DF)pC61oE%_Y)d$%oY z#W3*6nA5#{T+vD1&m4>^z;v?4^f`SKLDGl{t(YvZ+|?d=`ob)nxz~Y1^8*9*?^q%| z9))n8RGh4hUf6sMAbwp@-$^i$(W^33T!A3^RUl4oUU;f&SJ0sLzpm4dN=u}hJ+8})Rt9E&b?S54F?q(zU3sz}NH(RgBtZkd2BUuZZqJHw z;+i91C{YWS{AqD*oFHg`hJmghTxURkdml0UH1U;norx?tS6)uzCoD)Pv-Dy&wLj0Z zfbn(RWkG<@3jk;9TD@Xdai@PM$)?hZg>EWot{Mq3HcU+PiX zOn3(GgcH}0bE_PPr3xdzc}OaJn8LMXk^AEnC!r4+8QzQ&^QT6`&}x+coy+Idf}4Al z@)>WHCGK_Vr;z-9gwi&q;(#1B;EY+2LFrh1ye=sm>B`d^Gh$OXDq~r;KXq^h8?;35Q z!eiP)a+p_^evg@VEoS`DEc`Lq!Kc9Meh)uxK-xE?h;e^YyX^UBIeu}S4wWom1ct|s zT(Pd$n{!4eEO%w9DtwfFJfH=I6#0ID5;SOEKA=pXJSx@a$IaV=*O@&!Z0S%0F3;%Y zuHodnCaGY=H^I~YIREtL6KC$9HoXsuSbdZkv@+Kc zbmYy-`eL6d9po)%_rR+cpZ=eyhJSN#{>MSW|Alse|NHpL|8MOH#DCcndi;2Lk_;Yv z=kIgc!XZm;- z*rp|(-qEmE!G1v^%67l!EiJQ#Y9EBV9MzBaGme3>i9QI9BAmQ)!r!5=V@u}%nZZ+9 z1kjOu$h<~nN=GfZW~f>S$*OH& zzAYE?eLws665wMr02CV*0x~Ph^vgioGZ&JPB0ax6B%p7ET;Qp!#!GRiY$APzj7i^m z@xf(H<`!p-g`Mvec?|-(>$llAu%1O;w$>34%dy zw)GLvjm1rus{X(kA&?5x*-kwk7u#-osJ;m-=A^^G;#d-0 z8CPbW34#nZ$0BXZ5yxF(^sHU%cYE?BQ{K`*DYP$L=qe+iB`WVInn!1i=bbH;FmPBc z=)gDfZxSAr2O04L7zM~gYaMd`Y5xAJj`mTQ0Xl{?!7*b_edaaP1opx>o)76eDTO{e zBx&?7uQ+Lxd;k)&LmJHD=U7l5!j##+_Ffv*1@eD7!``>QY|h&ATr>=Tokp#Of2+A6 zRqd(ioOe1VUR#L@wETC6IDz#)y<}O_(R3!~0rqSpd30dSI_Jf-AFiSpQwP$tt>KJZ zeYZQTn5#O~_>5+DzB+&UU5o0qzF{Dc>(b!Hk~HixPGSjhk_vWyx0`2%)#EDj(bY zBv#C}WJ=>KQrE{OY<2|&)zjaoM`+<&4%%+JHD*`eFx3|^(V`&4({b$$wkg+oHHv>! zS#eFW!>#nmwH=yE6;}YqOG2caFJkYe_>;OVVyl)^U{{@y(<=Jpp*^NgH`|4k50up> z;s?PedQZvozl}e^nOHQ|*kJH)86Mu{jqtQt_u$e!*8J(ZWAIGg$w8)NBy)yjY)g3< zJN=r8oNZuqPV|T~hAg8z!vLoR$jSN5?`(Eg^zC8nbrnKdOeivAu~c*s@PJ_dXpwmy z{|ial0fO6&mBtBs2U@@D?5@A{Y!H$q#P}Ng03@BwTwUh8cTm)?!!rUs-+YqrG~@HY z25hQ&w+On$P+;d7tZ3CElZ_uM=awfJa^J;sBJ@NN28(E`$YO@p?udd}0+k+l8&Gxw z2K%MX;52?yViQW1Ct!JaWep?LdlDrHm@IS`z#9uc12q$f17egsH0NZn0g-kR%zzWQ zXq5!Op-e%UU;&;2`qxpI9Qq#X2wN`Bt13q!nEW{2`PBpU*plg@5V^c(=FLZyAtgs) zX4YeAN$`vP95WWd`$k>rrO)kgEy{I9h2Y7#m|+W zE0?N}>Q_-Zm;3CN|1+0Mt-raP`X8T7|3AjqKm4~C`$i~++)P|7?^C&oF6^4GDPPTnAn*94TICq>^G4x4RB1KX*US=uS}uQT-DlqbjjLz~@y zh_e5m=VtsLFMH4?ap*ipsJ+uNaJ`HZGSlK z74QJmW30I!j^-kAd8_*`Ktn`8csAe$_Za~ap=sQ6zwYe-I?;cv{u8A?40dKxj~%K0 zhs*un{k^Ad@#+!ZfyelZ&T$+a@k6{vA85jefd4vXIX!ut_+RPv{ZB8R|F>TNgkv1W z3UfmNO`XkSZNSd*-!n|O-J|@gUoOR1qZf9EjN#qJrWlw%5W7MB0W>K7egk!Ium4@d zXK{a9;3zeO&J%4ckHzPV{-<9Se3t-OuJR!;mU&TljLfRyrp^P;qVZJLU&ksp0*@^K z4-{^|jXpHvP0Xuv5)Mt*kS$?JFu|e4ky+=~&*1*EXh)1Jf&oeGHOPLu4;R&K5Jbsf z1lNsxOBRdb6iue0-pHeWVO)oZRjee3zH`5P^_paN!>8TMzX?NE-=Sp1XfavhG+nl+ zBh}}3dRq>ekKA=TGPdionAQ-zV3guGRO1zaLYt~AHtOF0ZgJ8QDW?8wuJ%`Tj2PQN z`x+wl}IeOk{6Z6gl!L}PA%&0Et}e8LA?WMcYnF(Bf8F__et z1zhKImfS99=|?=D8p+4L+K;md)5m>v$ys$MHLCqc@imM)X)${v+J9JF)ne%@{9IEr zfTGD?c2oR)sk4`V5Y?QHsx+udqXMw|^f<#MCzsCPk9-35RdVWzhsBpQ8d_I!0;bZ- zPJXW^9^ODrkL;ggOKzE$3be8C6nXf*`%JGv-y%qy_R3@J0FwG`2diJI*A94>McVpt zgwFy0Tn{%3h&k)#-`(1-^!rDPUiI_b$di4BmPkn!OaVGq>GRBy&CgHL9=^Y3U4azO zcN|&s(bf83XouAnL5QkDmuzy1wNU=kt z`_K@5W5W07#kVYR5kx=lJZEt6vjs&#X@Uy~5?Mr^{Kugxj^mw)tul$x+4cPP{qF5t z`J>HjBSiE86~b>21R@)_ZObV!W@Kk5Y=qpGTza2V@oPY#E0ok?E~S1ln2M=>{)vgy zDtCGL24E1cSyhUOs_K-Vpd;wY42eibqlP>S*dk1}!t4^gcp#@UGgEtx$u^t^94+FA zpZ_{Gt=_ItdbYx#-d?aJU2V+%@|Ve~?Q1~HWjj9wFNTgm%r5i+Q79%rH?E4R#nqbm zhLpR-6w#*=DIyw^QKpk6epI2;TjgUTHgK%yEok|eL+m>C(8K2*<%MEQS z%FwoSuD|f(3d<2|D8ZM2mtFpZeA3U}Mydn7p|k-9XXI77hJ3$o!Dh>q{uP55fW^$g zi9%jE^!uK>M%=8PAX6tuWKnn0+3$E!c6~r9L!69K08{9lt`g0)H-#VdkN2<4_JaA6 z`kAaB(f*8T`u#$S4LcUcymKiteZ9?Sx5A>(dVo{K&fZ^UEo||#6zTfdJ>)Fz#yH&n zPnh~TPr8j=MG8xq`<@Du{lLA(s>d<9qCisX9#TgyS{Fc^7Pma(-~dUN2JBXAhT>M9 zt%q};?#r?BtMqvZRvNg^&685Vg(pkBNAMxAtPcmz9nXgIK#-9jzaN zJQ1KE!$Gi3zXDy8(_GA+vok$jPy5ftDHZPvK=Ol!KzY7oe~+yNoOW-rng#U7^QYe4A$|GL%I*sF zrv6UAkteCl`@->xk_e6Rn^OdrOi5wp^XYWfE>@#LMJK-D>2D{VzI<$6>~l;0^!VWK zqg!6uqrVSf42-`M3*X>N+cB}XkK$ro-+kL1-`Eaz`9F#s?&m3tKYs2bi`Dm;$>htw(!t;Y>jHd`#m7BAc zpVV>MY19WsneAI~H5p>JzIuE*j=p(l%9~m^3sXV+vG_M<7ZC}uGQ44!G$$s4tuVt( z=c!J$H2_dU0LtSOuSjLlNRr^wdxMr@WHNbP;SGQv@#~+U;~ zqyc|YzyizOB5ffZ)4cH+C3bt9=-ZG5Z}Cfjsd0AtC4b^!&Y>mP_^jSbff(Ud!yb#e z46B8I;OTD~GU{5h_}1r&IHALjEG;M!9!i}+sQ0UT-YsOOOa5QE37M$X8_v3PMCgK!k{NiZKxaNm&*~X(cG>O6g^-62dC767Tfe=lkxt z``mrc-p|?lxn2G9F&%5IIp-Mf81MTI`nw`G$UU=;%1Z?AzRa+u+Xm{yq&o6AnTzh$ za_X|_;+^nZWW9=v9o}R^zEV9!$;6qsHa<$S(H!lZx^ljJq&5gC>R4IF?}$=7?mUgD zgB1TF^xZkuw^Q7*Wys z$4`;=5PEDs2TM(xXr^02$>GyI(=*kDmZf)x^P({>NTRwEDXpZpGaxb}E8fH4vKgqt z*Rw^OWQs9;>D%T~YDTQR)ptn7ZR+6Ro@$;&q+{mYF4yrRJu2a*d8Lx-k)maFSFNji zK8gPPJZHg^ ziIw4~;^skRW5%+_NP+65siNI*C-goq2i?B1MlPHG)<@C4&%LI5>7^>0@3G~R6aB2# znX+-o1Ny5Toek7Q(mx$zO0$KyZQ)D1K6b@0BC&I+xE)BXlB7?0mwi&Un`qa7Fu2|) zj8Z(J_;tEVO9aku^(poX8b|M2kp;^XfL1irr1Km>OX~1jx zeA?;GDe^*UsFL_Z`PA8S2c+mCg=GhH?&v*xmVl$JtH=X~Bz+QPPZ^|?9eoP% zuPbAaJ*bb8WB$TDZOnPBiV##X{Ia4j)UR+-OE@+>q9;NRfz|gn`fJ<*y8SQ%4kef= zW!W<97fe(jxsRptzrtHd^Qsu8yFx!x3<*2ot1*@|b4_qfX+%CHo!}?e7_CP)-bG4z zJ}Yvnn{wE3Wf6Z!%HHia=o5Sc^yIUU35_RJ)9hgU1iJSW3MFef^jTokb&|4uO}`(- zWOM`VSQjm6PO&lf0)US z!>3_ld)4p@4RE19_IBNF1yba9heYJN#>99J92^#U5?n2Y6 zgX?=+e6g)nu;C8qG-CmM`LGPCB?NQ1qX}oY@yejtvAB#}o8;jchkMgad)Ga>rv`~X(i3OoFks~0@)PU5gYr}2%Te3FN)HTBJzIj!u$vK&kq+BO{m8gX1O|{I0W052m`zr2GNMY6A1i+&gx?Nt$_iebLouf9 z=hZZVp`$ORSc%?C3&@W#lV31w8FWx)0!(hPW63J+)nE&tnpCo-W(OcIAUqo4udnOj zj)TVVrY4wkMQ4HTu-cSBe4-c~C0mAZEa}UT$mdO`n^L<)MNQZ9(q~C8-s#y}g9)SU z1R2{##NP**CKdplyJY}Fi0=>RR7c?!qT6pH(+9xXWv7|Z@Q^si5vhWid!bkL@zo=5 z`Xif!)bQ%b0?8~SdLZc3cX>wy9ZMUER0l9!FnhcZq_E4>wAcLQlwn4#INd)OQQe~v zSn3}k;~Hg5I+_vjali9?l6Y4fr2HBSVXYVn>e!4x|D8^wCDHMEdujV@| zjKvsePT!@w*C45ySacI8E7MjK2cxDe)l2$s^femGh9X;}unILmPTWJcgP{uO2|NDs zM3!JtSUw}2hgV)wzOLqNad@h*9S^V5L;*kY`1nSQ3G!48BkKITmLRjej6SY>Oh?q- z)S1&xzvlU9c6h0tS%G$f9dQM9`nx>89-SF&4e*W2oWw7nuK6r%G?51Gr3C>DgJfY% zhCT-(p?)=)NxRNrdng7Y0qR->-f+}mH8evdw@SIpx+t&KU`zIq+Flj(@o8dNAP`BK z2Yf1I8AUj+)cLUHPDL(mXv*Bycy6iJhH}i%(0{9m>BA~@7FbBDP#0|pDGZyM5Z^ZO zRt!=I;sW$rAzBHgKkkCF`Fl(#yE_w^N7Q@3>>vm zgfl%$IGp$Z@Ez)P+3?0@Kgp$1@7r&s(o(K)JSNz$GH~n1%;+;dvoJH1UD`_E9wEsI zc7zOslq)1-ofWzP6amqVWFbk4Q@L{Lj08Dxg{0<$ytX4<&b0MVi8pY($MYPy4NWet z_CIL+VauAh7|S2;d4<>&**)nVQ0+_67tuU5QS{z{CCD*oqslpl}DB~NV6>TN>UP?OAxs$$_bQM@=0h=RPnj6*%5Q{l;W5N75X(Y#x zx@S-*P2%4lz{5b1JZKfqPy zd@Rk9kDP*?o)3JBFje?e{$?au@$96g_1ee)0ZD{Ag>)>O^J8%&9oO}Jr~h|vTzj8& zMxQMTY(8(Nxx5s~(3}JO`a;xGvm*?*Xp+Jt5(?yAV^5(<<+~`Tb35#Hm7Ps=M9CoA zATjgFOlN^&CCteoJw%-@C6yt2Uf6&UoW2_ppPll{)%abha(#NvDBEAn(N^dTke7QQ zgK?Zfc6lbZ3igt7Knp)zHZN`>8KTbg?s-kP1d&=S`5R#ap$rGcr1auHO=&kw?Ce_j zc`uxHr2+}(%6501y$gK;dZg)#&mBCWMBV%ll_WzphZLesJP1*ec`M*bC3bv;hJY?c z`sI-t`?$&X8$lW&mdpcog1`%o%RHiLRqb!=B%GHcuG#)A@zQ}3rIYW*{j63#uB$38 zvfak#K1Q4Ozt`%BByAoe3};O{i`c7V8AWS42^-5s2P~0d%{Ii5TnA}$E5q;lmVzE? zs!}iyxv2cZ$S0tiySxh@J3hZ7D&i=9e7qWe`pHkC&V5&u4JrDce--NHd%|U{AizCJ zN#M3h-gc@lvQ(TgP9i+rRkx!qsQuN zyQa7%5otzd2Y(F7oqe$ZGZx3~&r|tw#3U=!zDp1;Lmb&H1y}@dCkdm^Bc%Q3b-~p94`&HJcimob&xKx1yp5%Hlfv-Q zX{BQ;i5 zO(`EWN3SYhg<*&Xa1Cq#olWUoBwO9wW4hP4hvMc+3KJ|cXGr**KMQ$Lj8u;T0MuH^ zFhTs9n|^l>Sg@b|ns2~7Ea-~kEPO}3;N|Ps+-uri-fZ-!IsS*`Y1^>99{+%;|3e}9 zKVft-`d<5t^m`+t8SrwJ(D8Pkdv)`!gHU2`Ptr0xK|^TQDcOfI%HwAn*-aja`wc$+ zT^#bkh4g4p`*%*o^I;D1b*yyRGB8&<_#L29?g{&!w}AfDrTot+Ex6gV-P#;NVkPyn z$~}{BNPiOmtlACLIW-+sIydAf>h_vP>z%2-sYvIU;#oxd$bg)u#V;UDn@w3t)Pu=q zd;SqSL?T*zixR zm2Qr{lv14B_Fxn*{ODJiUc9G}_J|jLxFVH$^T2hsum$vR^k@@|u!nIMG_nB0e-_IPJr^F+U6X}x-yP@Ev zh!K1ZY!lS^j_zgAZ0&Xb79t5TiiGd`$-iK}i6pM-UR&QE1Uz1pl;l`ss(*;KtD#pQ z4Yuxab}V`o`1J9_LY>dINmLJFX0z;DRzTEKDg+( z0PAnyXXLe{-O0yb*HJ5vU?DEGV(#JWH3#nwi5~D!f9ALO-=aiEW-ZV1a7uB@O~$+= z@_NNk=%blj3dQQkqICbt{O>EorU$>R_SPJCrtaB)AwR!dVbR0*9&6W6ThYPSLpN(H z3Fj50=ls=JAjW)$wZ^UxG>0yB|_#>eo#{ zkL?DsfuZWXq+GzJcD4(4xK*>6zM?mGne=4o0^i-U8OGU z&t^S;^V>7NrAg%;z9YT@Sf+0dcDLG5zjy1g`$wDB{8TzNwChmuvNO}_Rme>R15~Jx zVu++-3OTdFiEao3id2jZm?GCSTYTZPAjiGP>f56p2Fz$zfk~MthByh7FIvrN*`>)yy%_#(%>f4`Kr+7n59F5 zt&hbp~!7wAes*=KiF3{L`Tt>koFD{P)~jrtuv48MsCXmx~Ff z*ZhuTh0HhazmWDlG*x2r_R@~?+0S0KF=}}Lo3(4!p~sk_glrzEHaY_i{Eqcq_t+<% zcO`XzltDLsO<0=ORK}X9|0O2M&E7tCNkyAg9d;BdG@|rmzD)M z`>|i2`ZnrhE#LgrvYZNwmdT9?^Hamf7J&}6dyR3k%KU8)@*;MWT6jvkfN(EE8RFi) zCi*jdHawwT4AN%tX@n^+3{>ZJcgjQCu$IF`>v~W}aiBi@!19%Yqo-;=fCY8zqs$l+Xv{ezFR z#)s$LPd-1tc>9^qljh$?$FKeL?uS>u{dVc3_e#OS=<&wLhJlO~+|xgKU-Vwyutz-X zeQZU)Z(z*F_x)1|HC>ng+o6x@;JmRA*imOj%5LI5pO7ZEGQJ_0YP?1uYMxS(Itk_( z`KQzTPAUIHH{YX@T7%akB-k4DE*`-xp!q0cjE9;6f=2uU@L3$6p7CY9le0S}7S6i- z4cS^JBAGbz5@7>SyqX?&Qev-mg0gG;Rgfy=fN7%+g>V{(zP%JI>OwPBNN`|ikHb=U zWyXCfMY#jTj`(vbH%y zLU`T0!VoA@XZ_L0Q{^_%nn=1V1Kr0kQkEai0ZdLFfKH1(s(%Mz@pEinqWDMjJH!d# zPn#h+4>LD0xfG^MMG#1cVc=H0-0Dx`#N3+X8+H&y~if5LRp|J#U{aYK$wl-JhdJ zx+0Jly`g;zvB$=-Da6&shB+3DP;S;2j5&P;fWYQn!k?Fk9OeTfb&4&Ot+Z;Pm{KEf zHqC_mmG#A-JnzXqN?iH)@xyMO(;cKpvM=>-LqmEWFOr}=SZsLFET}7&Qip9j1&D4J zRL;zC6M+?eN@6ENJp@P>e+$DZQs-8nKF7#7fRe7pm<(GbaFe6?FU#91U9!u6owoUa zvM<>~2Jam#5JSLTl#H*3!cxR%=YQpb+2UVeo%TItH=E5Cj{l_pcnvp()eZr=mun(l&o_D1nInS z{VF6T9%41D$GS{qwxsMu9{2Pp_de7NC_0<0jUkMAHU9iXj8N)_bv+Lcwa1ok|CtMu_H4S9h( z^G+83r`XW0)7^~`EW>brj0t)aRI%xvs!ECU8*wwkTmk$%@lvx^5{ABnn*976jpQ4% z50D4i7*|OqgcZstA2HD(zh6YOt#6=Y1e-&_R}^HkaQ!{r%ep5=NsAbf6mNS`>P0Q$jYD{Go~dwONdo>TU@g#I@1r=4q~R(YpfBCaHg?MW{IxX-sSCtMn#;3 zq;OwPby{ci1DdsEr5tgd0>uU!B(9w1im>G@u4TUzB}2dU=x`qI++S88?tY#18LpbD zwQnW&2s4)rNOJC5iqb&HSwQ{i^K(w!$9lOeE7%zsEJrWGxJ-be`n_N4j3W~osuWJR z*%1y4x&@)5By*SR40%EOvVC=3)l0wDB7c6Ne7h9(LRa`uuP)WQE{{PRBdLBA$SSLz zlw~=?W!2%N!h_mMUPLT8btXQUX07yP>_?7OplgX15aVhr*OD9#X~>(baueEh_2C%@G#W@o;D zy3mule%))5VXs&oacVaaRMk_;G^>mZbY}QRSDY~c$Th&^dIxdZ@Ts_ZFJX)+y5lMH zkoLA949K8mdRfefy0gyt*Bn=J9&GdIaQD&I60nA;E-iXt7a`;DM`lPfgDrF z$?R;M4fR3*Ec(#^0Oy6HYUAF3XLWfF8{fFZ*(SN~Z|daY$1F#_$3CW8pu`SPHeHXz zLABory6b~%6^&PTj&f&5zuxH7PmSfneACxwT@9VagU3&0Zpq&Bsh^ya*mp8*QGn8W z!8)PkFF)%)`{!29=hMBF-9~?Xo{T{jpAeM2IgN=7_qb0 za`xB5=F+OqBQZ)p<=YQoC*DjR=@2~n(MVLGzMi-Z>w=VO79fr)Tx*QfT@<{vcS(0F zS!yVEze=BvGiDp@XyROnrdgCzC5LL@0j4q|?vga>%vP_qOB|wT zQPQ=udKu+(F(BEUMLp#)nFHTw%f%^t(oxh5j4GdCaZKt-$pMrs!fN>1cM!vly5%mw@;jXEIA-4jGbwmSRTNQum(%pgZ%GtNJSuqqTw9WTWQ*9C7kQynT zX}gQl2Vq|V@{zinTIGbvP{Y8IUfl|$v4yfQMz;!Sj!UiU;*lcn22-b7^Q-R({Tc%` zF-C!s+0PoXEBgD|^e{CrSG^D6s5ny3z1kAc%m@dC+VO~9c@||>J=O^IL}ojRqSk!& zAv;j0jG_^D>K0Y1;uUzkTqi8lf58GD^3rg973+xPqa)}gy$crNh+1@ z#AndX7aPuv{rOo3_fy@QOXu{49SGW=#aXDS#+mA*vt+ZP3)ErAOQ=Nodyz9d8VroG z%35FW7Yz+8?kIZ%{NUn@F8DlUABPV~fk=v(@w=|mXG?m~D%aIfA2Xb{ZH{4a9!{jt zH=&-|+dvP&wH(<%rKqOIv~u#51ZL`FlC$ghsg_#AunpJ&=3ZAlTh{i|Nc_Wh5j|3I z`dYke`zDppJMu)*?dJ1w7w!kXe-UD0us&R4j_!nG(hEeCI;-&&=i!1j;vxi0@ls%0 zdGdN+@vggBa%#M0!A`4C84tw}#x@GX9RL}hObjH3XMwZu;<`0=3y;ow)QH&Fl zyv8p+w>wh_c6d8fh{_()pM}FqC%oa_v7j=V4fL^A8Hk^6UW2Fd%|sV-Z;aP(g0^Jb zuAeWZ`EDAzY$nH!8Qr56oH%qapP-#!{dh$B1fRRnXTDHaXwl+>&if}!7|KZ!#pB^?0 z$QM$%YImdt=-|rQ7*;epZTS@b>ZoSNa1qFwQ&l0QH0Msj_V`OGXKc%+A_E@iYb6Ih zfz$Gmpn^7#{XRHb@>5_b{NY(nX-LQesaRVYqh?~J1dHguS<+V_1;9dbhl6`}A?fr> zw!L>$l(N!?ZH*Kt?SeNT-VCT=bG^(KOdx0|j;iW=5f=q2mcdUS_I^Tl-Va#!#AizZ zdwkV4f>nfssc<_d9|JDRj+G5BX7PN3I zeU%jBAk+;`0@v`MZq%o0Ptuk)bo#Q{U!R;I$sfpxDx{P%M<4L(kc z4}Za|c&eKR(wOjnvPEZR9K`t;txa}~%>oBgM*0^_EGSM+umD-~>Q}PpA{;aUWZdZv zh_(dCxRXhpBiQAix8X_;{c{8TyZ?w6r0y3w6=P`S<#p)lFPNo`;Lsk^EBS&MZjxSh zANmhhJOAJG0g^i@hVl;?J%y$Hf*G_19HCcTdNZ4?9gfrR?}DG`hNcewovZsVdOK`i zjP4Csv$GdEp!7Ea$cKD_z29TX5eW4DSJ}E~RhK{xc)Ab0THC$$BR{HeDNO^V%87LM z#$b1NUx`)gM8+ml3c_x?@PZqeS9A0&a%VvF>z1m0x{=tr+QzFreWy+Oh32c$1y4e7 z-guiwYb)2j*igN3rrQ5n2(q@)8Dv3~JV(mN+XVt6pLxl}<29Qt&hCsk#Vpy!splT4 zinzs_ir5!@ka1Im+C!?1;!_va#v5yB(I;4~s+#M9`p?qfehXF=Vb@Y_ZOP5fQnK`L z#pXW_md!sWSi59VsfCZu?ne+5K77I4S^pJe^dV(mFzs;(B-m9)_=0&8{{@pTp7RAW zN%(=$iiMu)GT3PQc`VTCC;y*+68ArR5C`j{z~t-BsV|s~$34GbB;SLRV>zRFGh-+V zgm>g39jxNdL0+gYiA|ae`hxjb(=5<}w$e5L6a+&zzF>aqH39E9boa2~}f}AG}brJYBj-0Dd)8 z$@zkD>teKaB7pj_Q>Kfw1LyW@(6jsN(*D)s{=fC9k#?b2NU{gOPObsE1q!a^4h z2g=%C?76kL#A4=*zJBVFUS)c1M&{Udaxt$uQeCwm;*I}oe_&+oEjlbx{ZPzVWf!Bof*RD#9fS`NKlS}Y+Gb#`)fTd8(jD6Ua(K) z?x})53vTQG>z~?YpeBMy;28{7`{e=9`u!Mv89SEbrAvFp_=3^nIfKpg9`n~<^Vhxk zKQ7U~*3Dmg>aX+Wue12C$nYPD4Cs*d$)u)|lEZ-Zggf?3ZS}U*&Bv-{nNW6?c+FoA zu-_R*^R9wd2KzeJI&N5XWLwq7*2DelH~x9{GOqMZwCOH)uIcR&pe_8TImq9^%EVV? zGY~fc^~cqKE9f(R;V)nPzW&2n$NxVoYi0eNoNVB>b^zp4vkhVDxa=Q9BIK*xTJ49O zU!fIQaSC0=-wdR+GOMrBT1Ln#@YHOk!HrK>kN-nls|$4mPXh>|@Bf=7IR7Sw{=b~t zN;gBPfbS%~4N|=KBwNyHQXf{%e9p<_K=;x03Y_&$tE_8&9RzRCqZ{DLIcW*}#)^o5 z0WRFA7)-+x#Y#r{#r(L!qQdamKyl(&f2RJaW`$NuUtf5hYxf0HeMw+=u7Uj1M@rx0 zvo6kS11fw>rxG3$nyMnMI~{(tZc+FjC(pxWbN#YHU#!wR`fy7!DHh^Ntls$RR+I_3 z4zx=!uJzTtFPNa(TN>v5LkeKU|EHIlub+;H^>P*KZbs`1i=1ACCDIB~os{sRte}J& zlq$am*CQNchN)PD!htB*nGKXa78oZbFlJ01f1_7uUo6;jDa6$p%$NYjBx=m7A>0Sb% z_->iC01|_bPp1F%lYiaVzn0Hmo8+&f;IA|GuSoJ&y!>z$5MHVv*IPA?%~@9fk$^9tX?)U`S4P9fZOVx z(p#sX*MqI{75mOrSd)L+Fny|h9y3F>3x9`;`jFGXR4^kYDdSd@?(X1bEY`20bwjg! z1ACmtFoiDaZ)iFB$2$g-u=-Z7+S=XXb(;cSv}Y0$1XS$w=+>q=&8Ls~j}88L>pzU} z{!2cf_vaH$Le{@{;;?6ap|EByfcay;0!);%-(YAGSmMNe!5k^n`xj3lt`!IA2c}Rj zfH4;hXlcKDyp@T%hN254b{7GT8r}b209{c>#NZ2NHKc72jJ@T7?os*RST-f=H0O`R zZ-u%S@7#4I&=cJar1%SFjbLUoqwk}HG!>(IqN$;4pUlC5#i{0GvI;v7*YJ7p>|A zRJ$!?YudusB`_%!U0;fHwn~q%RpcCw5pY<{plwn3hPDj2KkSX`L-9)cGo8CT`&%5A zJ}KD$xKStRh@P5VpQU@nxGDY(XT*q%S%i4DQY` zj-%OvM%4q|93_(tHMZq9aOJCr3u!K0cvMe88OLEq`9`qObPHvkP-TBcBI29Yz_Ulf z9*rh^Z}6JvqOImm#^4Z{f|N#F)CQ1$Q;e80n>GiDyBCb~>rAy+QNUm(DfA^)y73t7 zm@(A`71dvmQ;ZPLX2AaMqLAOv;woe>Zc7Wd?92Te$nt%J`BS2lji)LlDKZBgW&p4u znVB@K61Rx9T3brD52Iin(Bh2%$yc|Q_5(SK^9UewojIVUu2B$@ZRVv|;ebk|j0Hh!tXq2{b+!7N&$603)F2o;+ODo~dWqU`{B zrelgBwGtND!By2|DlLiJ6FmuB?Dcwijv-vyIr7{gkHVrSmBH`XY0QJQO$`qr?Y#;m zzJBP)Hp{i7NKQ82q>~XTGoyJSk@BFxoydC4ZmN&M;ED>^ggR4?4%@_J@=PH=|GdM< z^=dMd(}!-BV+}pw6@)0IB>f?n^WNpkiqysnLH#BDIPkgaI*-H#H`6A{K416)yOH~ z>w$MvrXp&fz{r5P2SikO#syv*n*hd zMk66&;r+0sO5L=O=mIrV=k(IeVLog2&-v=B`RQr4z86J$jL`Udk-761ce#$f^ncvg z8RypJT7bb;uG0UEJ)nI8NPd+qINS#$9;#HR3zaco`UVk?6zu7w?Sw_m1csa?Noz`J ziam&4KuC_lW~BflQ95rh@@ymOH$pQsZ)hT;wDasF)&$`+KaBiaWW#gNpf@E&V{Ood z$Yw|;mMtXAhBCL34T5JKFuBR;gc7g66U0x38GbTdR5xJJ zMR1ej4UfK$@L({jXo(f?C3e5*4Is7Z_QxH>4M?Pd!Q|Tyd0bBul%n{avo2@|d}=39 ztaI$cWeYzAoqhr=0T^b;r8*qTNbbCKSFx&!q_f1Q)E8KJPmbIA^h~rpaKG%ZSwp0E z;Y?}ELT`ryD+s~{H=undX}OHEq!bTF5!aL!aLo^PxK@skl@sIkN||xMNYR3B+ScVB z6rsI-3&|MIn^zjqfo{+IEChbXeQol7(%iPPh*x?eHofB~DkB+nl;`7S3WIdr9GaK5 z06hgsRI*Go3Mh~%7XGdAKT^;Y0%U*w%eP=svs0VR(je*%u?X7Qkbz?fkq4vFjP5}w zk?Oa{!5QJe2Z?MW6;->P*&V$b-=>i8nj_NM|f)O$1(M}@u_ro~GW3h!t zVle1lBu1gdlb;}m0qrjT%+s>t)c6+9qi|`~^u?J^8A(b*d&YMKJ~zG*0G?G8BRhZa zc~rcT)WZFSHve&tD~ZLa6(`^At;0%JVl#pZum1GmV6dM-OPLh|7_9rI;MqO8HD53%5L~mRpccoj zn@E!_oT`OaN)(@-RYa=&b*o@($~eK$LLh7>4hFMZR}*V-smjhc_eRVNUVRY}xQn^T zd=sSVg2J0-dS1zd?cyCQIL8{{1v9P#4q%|FB0TD2k2B!N;X|%Z?t1cLRh3R+_zGA8 z@p4x1Zt1hMTr>5xM#P<=B=`BXI#_oS*C4jXI%&~_^-3+yr>hQ|NnZp_x;Hv3K?38; zN3I3pQ4!r)^4&rbWlK1}Ksl|848n^QEmi)aC;@Y7>U;6_y*x)?C*%N$!5#UXXFbjCN1 zZ$f(Oya^{|lKQgQ?j?i;X{G`~8*o3ePKt(NK-YkO!7YUx;2pE@?=#(B4=^j(+P8 zVf= zfo2QRdzEVkmW2;&y-1nudAo+cANx2=|Bp^}zV-p#ncga^C97Z8ZcuBMb5_n^Y$5L<`U?GM1*DKyFZtuN19-3`-XG#iz-g)eeS(Vil!{0?Lw|Y$!#_U zOy2BJjXSkbeL{PizY*y@a82Cn(aUnJ0(|vW5;NEUPW_Zl+bVbV7Y;11heVB)BQx$y zMF%f9-@Vltd-w^Q(L>upV#czu)N=if0(CQzt&pX;Gc0vWb?smz18+$+$e^ZkbXKG^ z`ZAzW6u`!1DvBB4f(Fk)LRCmLZ@nTA$0V5&$d%M-AwDYVUIfX6wrqALl6etMX|yp6 z2)=wwTgZ!pS#7v_+_+~kE#S=^=q%qBIiYcRKkP8;HGjnjVicFSm`#5i#0#*wC|oF6Op>8VLst`jCBx`ptrYYM!nV+z6l zJ~ckDlebaX=gK0Rcqter1H*Znr1*5sb^-N4T-_VD)lv1EI`GSLIuBZkUMV`P3ojcC zipShFC#ZwU&}{lD-3we@?#;4cN`2$l2Xhj1YlOcj#~L+)y_)}caZh-Mwhuz3XHSZ^ zJ?n{@%3e4T0F}NAINMVjp`H%7Sa34?J`&$@8&~S8hx`ba=?qUnrxaG>Bo*WGF47hE z1g{oB4r4AU6qoMU#;MP{%+uF+QPACpNPu1VG8iFgRs|#eN8!9SN(v4e&0j;^CsW3= z^V<04-D6h1NHXaP!4x(o=|x$}UbsQD>%V-Ib9KDL!}nKOqLrP=*=<k4RMuS~g(C=Z4T1t-2;~iDv56p=0{@Pov<9;nfW5i!BNU>^~b6xq>tu3ZDh;EcpGkOd!)h* z4c(2w8Kdg}y3HElU`g_Hh7ky30;!oiuMLN+qNI@IKhy2B_dX(*;Fs!@hfk2+Y7&!l zW(r{`DOto7P*pdlm7GZ=b)7vMJMJUORX0sAt6VwhP0wxxIHuDVQ{8=gVtA+SUQXCo zstKcAMDTFG`W8|Tdp6GuW>*vR0R6HN{CpxUph;Uux1#NZ~O_v~0jkbNf2w4Afj-H+LRPQHQOgx8tDQ3?@S#7=u$9C1a5q zb6Nk=mvj_f3+s3tp~efC|ugrN68uG@0iWqI$~4p?<&_#!9T) zlB|fTLF$#hK8k_sD(+k_$X~pX=8GIBU{AJG;jEnkYZbUC|Kfp+LoReLXy(S=*VbmkIa^L0Ge(aaDtu38f+YXCTvv(+4>`)3JJ2Eq@Zw< z30vd^j5_gc>cyVju{Y};8aYw=_DFntoq1k&0Ho6tN804FIgeF^X66p?G5?fP#mu@?~fo%fp%_ox`NoZ7iWD3G{&0ltFjf@27CxOn zuNPRslFV$kSB}Q3i_BjWRx7r;eZ1PzBHc<75*NLWy>X|`+l;I^)En=Pv2!0kr6G>u zfM})V7~iN5Jqo+GkQX2YtsdVZ1xX5{O`^{fxKa3RsuZbI)ZZ&hBseS5(LlSNhwqWJ z9;ZJ~)YTXGKJADLay-=azy-4vOs^2)^nh~83RGjz^^hn}F8hY+?!(*-O*8A#_a4dJ z^rK~be0;bIK4v0%dA{aQH~!v}uDGCGA4d;#MOSmHt6i33J`L%sMoDjhT@svAybS;a_M>yv+ZrwI3cQZD0oFDZ^>N%&9VKinxn4oJqDHj z*=Sb0zN2%LQj9tRrnM)Lyq&8LREuT2q8&OW|RYCZbTzIN}ShCJD@OBZMt&Thl@=C(!sb8 zrS*fJq<~i+FI9)!&@b%}gs_>?UDu(B-3>j2(`wlQ5Iq>_vO50N&m%U=$nh#chE&`( z9z*E>cCNxVUZj*N7rrZUZ|l;QS58JJ2L^=OeBLMS|Ec#t-eJrbFA?$+%1nq$XzP%h ziPhACov=a6DA_Ko=g5o`lHhCG7Ho#F4VX*eyky#mGAdKpgz#R+Wzd!>o;Kv|%-h~O z9_?D5n)@Us>U>g6tlpplR{OIn*?<~&2w_CQEY&~>^q!|*j=Dmjmp}31N{2mSS|;WP zm)^BJPsOzsnLv$c^d%tojQ&+5*$3sN)6T0%Hj#XrPPt~~werB7Zok~nFM6WQBv@1; ziOPmTr6faUg@!06SnW_Y&lC0wc!tE3A)oh>^nk+771=#wAxP0#1MA0m=j9XTK18ks zkRAs`Yl3qx06|z`g2*;7@SJh=OZ9%pzOnTwnPo+Egg;d%M;Tetcyag#J|E&;v|(pY zg0PmSvpyug6mk#oA;M!*;ArS3IwORn`46 z;q2xO6yTPi-WYiFby;s*r8oB^W_qFztMJO8&jkwi`8sRruVH84Q08RNj=|QGvcsI9 z%wABcOm}0Lk9eHxjXu%HIiBP)7Q%}Z5N)PvZj;a`vcK!HC`-}vT?L z1*WrC5W;2ZmUQs(L(@&-tdk8$FZ@)|2u22PtuDT^Tg>u6`&zzx^S3l3-&BN%E29te3_DDWy|C609vy~LD%MSp-C zRz%9W5P6VVfl?o0=VNiUY{d6to_JJ|3u~yRg!9X&H)(6!7C$OC=kqn~K3kVugG z)mL%Gec?or2d8z2j~i;*SEwPyKAC8bn$OF|pBKelSwp*kO5^4>?h6#cws z+M7Il1;SRaGpAx~XzQZdUPJVMjr$di zS0{mEOaERUN-E!?GcE{w{0&KAnAf7ShT4IpF#{W+vxMr^sj7+eULq0xlt185)4*(% zop{nc9=8s=6Yn&$NcTIshBIX$p}Xyc3X zfeZk6yc7PNSe1QbtGDx{q;}xhv%-lVEz4Z0lI~*?CbC@H;{&0*OxGAg_%};K>MS%lxIK628Yt&hhh&4lsLBlhRz8oo3BxYY|(HVfqOp7a{tw0K)eorL% zE|SoJwHZzr%S)(}rW@RP2gZES7q#Ki??GY_LyCRgq|tTBOc`g%DFe<>LoIX*VX0%0 zcK9cfeVJ%Aap6lPK6zkqryF-R?I38eaNv17ikzGiKoL=lekB~fH0N5#UFqm_HxJiKB4h0eu+TMq=@ekv7#9Tsp^uwh>@R%sYjGabGBg*K+Lf~D7l67aNs)l zt(idXB47r;t3b2STjMB+=SJGZqmE7DmVP$VjOP3-&#$*`tJ!xQy{*&yMUQVt?hn%) zI@fj{_}lw{;frtX2bLS;f}1&O1lsJdx;qZb2FM+#Hd{#+z)z-@Gp34zFN(#)SrEB3 zo8+m@QykW#xCN~3I1@*(MNEWdyzdKIj>?HhBe{SXg<&8Nco6N#3BCeqwjA8cZ@NjRoGtU%kFQ!e@ z)IbJwO)=fVNwWd@kDLqK19o1OG=q*NVY89qVcwA*Qr*-`t*2iT2E7Ns5vVaVJDaI{ zwEzP~OgPZnIkT4_R{&9UHu9rpE6rScgJ4!ghFw%G^QvhJAkug-#8Mab>Kv*$DvCWd zUfxjP>LEy}mskWMB}Y3aC(Pfy3v5#ip=52rdE=kuxW)9&P@UmM@Qqf;|Hj^XMm4p! zaiV%WsC1Ezlvj}!dJh=jSODolfIuh_kP=WJ6bTaGs1Q0FrT2rB5FivG6pbJx1Zg4= ziikjhbdW>^Bkjz7XYPktbMIPrX5D+&+z;=kd`Z^c+2#L#p6AyHz%^q4RUd*aTVnE3 zpUe;Jy(os#iXde}>d^e}f-sfBZpa+>9=p8uia9h1RD) z-B=1V9GfOWG8h26TWJ{Pp_3_Ln7PiTm?Bp?(Sx7-2P)ACClX)yK48CSM? zyM@?~aqQr=G3L3qHkLr%@+8Lh1xAPUHNQUo-e%cvZ$7B&Y`H~#+g*8O(M0&FGkAaP zBz}a2F(rE{prqp;(|NW``j*4Cr4g1c)_R6z(y+H*auuA*)G`qnIM_$WUfYBXs-exG z0o8F{=HT!x$z*9Qqvv`#2k8ondDC+IDPl>GIL~3A$^n>N{1asMo;&FVM&!q+++`1m<0n=kEw6U z*(oHqe@>Y-CHF8@fCsf=^1BK9*;wVwvBKC>;BkIpauAmEfA!0(|M7<(fM!VYz$ktK z!`1~ZB3SmHQ#i$V@~p}I-GiGycYwO#F+w>0Kn$2AB^USi{0L+NJoDd107|$N|9_77 zf83A%T-E_sAK~yVp;}371Igxu!AH0Bgb|?W3sk{;p?5Ir4q94qo=tTc$Kv?dPuH zxrmyPFOP%`J*R8*gf83KPX{X5I@JE%W4+uc!wm0L|9dRMSRk}%LYZtLs(m8AY%Iap z=8%?t&vxT1p58Bk(y@ZV`E+oM>N1}qb-BCp2_0jGOzt1A>k4fpfC>T~nX$|X z-(;@;*SO_@BO~%YfXlUE;(KqsmM&+Gmou%bCBHl^DJ#{?`uqO_a`*oOAoPDP4EsNE z^#2a2J(&EZ8B?fiMl#Ip8(nF0QPA8f#J3I$;5%}1wusN=w>HXIn0Xww^l^eOiM zyU=3O#ijFz+tUBCz})Y7FqY^O`+LR%gog;%+;xe+k!e^eF{Ke1*mr@_muq34v&^Zx`skliJFY-FqVrFS zNsRrW1?CKMp|WXx&Lp`_nKyo!pFAr46VCiMJTbjRKKPm)RLf3Xh&4BxdElWI5o`P2 zpn-Vpp=$%KOphln=^TA5*)<)NJ1^oG$m37^PI3%2$UJK)Hh)&jQA6A1 zelVYnxo~0w9lJGW!pYMFc6u@u~g3Yo_G z<~vg8p`imyxU>P^9>9rHMbl9(g$mqn7ZGuFQxxAGco6U2rhS>{7O(w&_vB}T zMZqIq_VuN5!SymuR(XF2c0qtuo{}z0juT*+WMVY`Mwe60GQuAO>)4!eno`yEa2X5Z zC7Il9>-_G2_Uh+t^Mp~ zMcB&MaGSR~n_VL}di0@J=h>&1x3)=O$$IUPX+76qkE{{dyrrPk=(M*>EHUDr!=dj5 zD1KryNjQ72P;j(UO+91l5Mrd@z*T*_i+U_Z3g%a@HtRMK#rE1$e43*@rQ6lssOW-z z<@p#)4u9L!RkpoQpE+P#diyT(uP}GW+N%`NUKTE8#u^3?s{#zqxFNW_jPVmjj3@?c_he`0fjyEq8xRkS(BSkOm$ zJrkWC?9@&Nr=3e40mmnT^NrqmfrhZ^QrY)hYy6+~%_M>%*USY{dcA_iE1iWv69iDC zf;ctTGE(ABi5p{7`zTEojb3w|hGq|oRI8|jTMwMeCs})eCrg^QMB!--6%O_ZrN+ME zLz)k>Z~u@ArvMQDSkj)l2s@i1p^yZ4ns4MwEVM8lggZ4)U`(pkr~kTCPjGXX4q5A% zY|t4FatbO=JFG7tcs;hBuxxoU#qeqd&->|N-JbR`T3j=gg{?TSZ@rrLf|gO>p(&pm znHRAlIdY!uAVRcR21saQh+z3L1AKk7>XGq6*3?@1KCK&X#qA~q72dhL_XsU%ERBA} z9-QfUi50<$lv>-|zg1N`N$!ipfhW_eNI}<+8vra?XaH|T&zeK*$Fn5iI*%e=k&5`K zh$J}akt4jj$%lR{?_mKzsRHw=>5ppO)FF%HOMaTky_wp(B&9by932(HQw~dGexkVl z-rPLE7f-~*aQ3*pbF6zA&4y$lvnX#!fJQQ&TS#ojT% zsU+@EmIO2S3b^YIV?n%0^6c40|IA#;Ll9n4#O+46C^tf*ztg*_c~%14@Q|AqChGP) z(U3i&Do%6K6sj~qj6*yCvuzJ{njLd7<;aM^4VXm)snW+pTmy=xi|anK5fmj~BwjC( zp&Z0roYLmu8?gg8inqP7P;E-g-Kie`^LjW>);D%ThvwT4Z@p1nar)?HADv9Pl=}ohUX_nIFLmVn;hxOPX@g+;c6%(_`1YnM6%Ai34IQjo$t} zG<)D~1+apn6_=T;{w3cuvXbF!z;bAIrt%Xi`tw!3b6z-DStrvR|zsut?RK4?9Qt{tP8zArakpId8#3@0$FZ%z&zt z3cmEp4P|r`QvVgappJ^>yCwb2XDq>5SnoB5Sx>e;fKZ?PjHc4N`GpSmbm zczY@}7~*z{9#6B~mJz*8lI%)2)8t8Y=)J7+EE4{k6rS-HZz}AH{_-gXMW?H;iGwAH9|zI5eqUo!u_i?DH)c z3p(eJKc&e|*M+Fb&fQRpIL>hW-fLjCp%-=Y+F+euWEecU+ZDn{GU*ud%IdSyuG|Ku zq&uMkbu7o@@=t43U2#)cHch8~^Z{NaPgYmwhUOUGzA?D1tZvJ7y?WJ^2UaBz{?4c_ zV=$s!uVBx6n>}~E=bH(hDxFol3Z^eR+RMbJ%C;`JX(SW*tmPdm7h-4kgbn~+Y$9tfsS7Oz<~irXiXv;0jQ0BX2*m#Wwy=Jl%x)4p zDp|=#+x=Cec?onxOGQsvyzH(*o{v}hU~_>uG*e%=i0*qGHrzaG;9M=~gmG7#AP*6A zo$rKa92G?`*tng>jw1a&`ntDXN+U06L}x&N^erAw6VcSXbDU4eKC({qEe6YFcKBQp z*#QrlYO&9gE|GHuOCl0YkWC+750oh)&ah?npRz9lR1Q*y^9G%t3j<@yB$MuZpH1QY zp-exPMUbY7+%$Qpo0GO2d206qrBL+OEgfAcDyNM2FRB^Z|0VTyFoN;?ezm2D0+W8az_q1kbOd11I5x+eYt*Ir3Fr=eOQIa zva;#?6y6vQX49YDpd)=&N6L|!J360SCcqlQLM)ol5d+|MRO9-A9zLcPDW`V30~H?< z(jImN{MSy?O-*{7{E&tiWJZrZ|5JHbTN<%_G@v=8%_DL~YV@3g36$y``lFd$7Ko%} zHRG@K8mLFQf2l6L$4(y*$hkB6a_D3GMXfw#u?zSAjFe1Z_X92z)gnKYvb}hybtu9W&4ViINj&Fq+7->AlV_1LGBYq zi5ZG*KwaRSbwYJeyc@r5L%l-+-Jnl1$894|pMxhB(ugLhXdBLQ`sKXb@K!RHfvI4X zmV65)`wSXxF$Jhp7YpxY8~QXzoo^F_e@iFH9^Sy50Wiwc5EAc_Nv6zs$b;nvT2|{s z^>b`v!6-HM(6YEptL$c;WDqy5?`A^3w<)* z75YJ8_5IAUm~7hn=Gk;JL4ll`+Pzjf6{&reRhlk=A2C5B;0cn52r?Hii|}zs$2(@+ z?(ee*JThmGF=Lii+Vi7XQH&lkBJts)FF*C>RA(shQfS26{ki_p5|mYRNc9*a7HXAt zr))xr{(M#0tmw9EkwUK1y&KVCYGMpe#rkA2bB5o)#1z44E8OB3rh=0xo&sKR1+GYx z(6=MwD-lRqiSK#aDj#u6HO&V#nI*%zL*MS}pbDwJe-1TgH}UA8T=TT~ACs*F9ZKPC zOjc7W-ZHz%A(w0KvV{dL*HG7AtaGy1R!A+n%=bHCW}V&X$arUOU7nDxTwW^;E-j-a&f4fcq!+KUfXT@9Jkxs!-+oGh-n2gj(b?#0&=edx!SAhqCH+2|~50 zt?C`kybB0Xa8_YDiCAAjs&rlmRUca zRN19y4fB(0?1a{ByN!#aw3gvT>Ks~&&lrW?;{-J#(&t0Q;XsX>JEB>nc@Xq#;+^*F zm|nF?zFvkqHotvLX;_V_^rbDX#hh~|Jirk0F;bntQ1pte(X`K+Rvxd6M>+`PTaLcO zduc=`ghSpeX-j&_oX%f%*5_dsY{#j>@&q}aQtHYEgwrSuYD#n_O~G&~PvSL>6QpYp zy_<}XIyrX)$TBk&07eF|9P>na#EA#%NNEFlAiMKu^*hr`*n90ou~&vEMbzSO{7qrX zvtE@v)X1~ZE4N0Za_#)g`y^c{G?r6mNFqBeS?R6^cscM(w7hRIkZ{;if>&{5irv2z z`n3v4%hh%2eXp~+9LWjScHfnMN5|qzSAY50*=4U(f>$@Hhs_1xPY< zZgoL7H&dih|3FeB>1G4+L(m;Ja;=Mv&fNWc&3@sXs?4E$jr?enbEv2b49!{Vr-_|e zkbd8=1Z{|(-Luu`GFi1!i)oxKcoVFm`l!IdwnmzCS@IUL%Qi8f-vC;a?xVe(rPk{e zu0l2(3N?7BO9iXMX>0bM)?GFeXNJWxUqwV05Ew|%1vf~Es3?#ZVW36)vpBB3-5aM5gov5Yw6r*h`SHyEzJ zS#638X(ju5x3eu^|5P035IQpX?@g-obh$nW`KYF_5!o*BKCN~ZFo&;4hSVa98uO!p zk5?Iq^HxTLoy5JWZ1@7)y>CPJ%_!;RO&!~pX4~nU>?7Mtf=?*0J|7^muYjcM`hh}6 z>D1k!cx_E&CtB*RPo;w#>TQwKh)px?gzWU^$jSw>cj)Y#P>T!1l*dzqBy1^Gq6?2) zcgCq>t3kAC!^nRfSYAZMipMqU1H$|>$*f(mJDrX4kaiHY<~GA5=8-zZ67_A9}ORg!GY?} zWUsJEW8&L?GjOoYS&;5l4A{Wb5>wI=mioX$vUC0+w@TmCfS=2V8sbUCP`!_4XR3>} zs;Kg}y3W+^IJ0tnm9FU3rlFly19g#;@%YxYKO+EIR@wkUs+*UsPCfw>%MN=V?WV;k zuocKf`f1yQ=hIfjW89lX)GmMDrnyf8vA$P-N?89y-OA4+$kxr@LQD>K%4CG62m9o$ zKrZ)-*Z5?=FNJ(MogaGgAcMLR2^wlZ-qh@)H|GW|;T#-;%t}x?8{55I4* z6!_?2M`{mJ#$LJ`J7t#O@3tELsyUm9NXH8+fY9!~mMpTjf-tASja-XC#X;h|9Rwx5 ztz&z6>G)h95Tg;YbDC+_w;;-*=;s@A0SwX;5L@up2aHz;PKUGB9qr~q+uQOmp@~w$A#5uD-A$+Zp zQan=DW}FORP-ZG+vUQdG6!xjh~tUg^Xq-lZo+YXTN6lEz_?Vq{J!oF7I+#F^Pug71UCtc;Slo#>gDag-?oqjEmlV7Q_` z(Wpjr>%*5JIjn0!7Zb7b*9y7&zWU*fH|m&)EP>DySrFB~6Z2EP>ACL*isOiOkwF<( zqtjztf<3yfV5CoYC83YZQ!SdD`{+Z4u;QysrOI;yJ#9VP%glNYY0-Zt4r4B|Ll}N7 z?Ng#;Kn7F~a8I`gHJ)wt{&YkR%h%0?6Pt4Z*^OC%ypVwc&x^>APxL50T7w^|3+Rf>ni!a1 zKCRyizpO!HwO#%**IflLZ=tm~UiK7PapQF^eH7@36E`-eVq_%cWn|Qp>9tF!$QJZ{ zHQlu?c%L^)jMD*YjFq{_@}v^)3vG>Os^uCCp^?tj65~(tzaO7*VD~fAOxdvySV1mq z9CO)%?GzJ)L%1H<&`2nHu}sp;LwG+$ugGSlBmFD!Hp#%K5g&=-XfH*HRIxng?RfOY zRGwey$goOe=e0+xiB*!jc0A=0;WRli?PW=<^*7ySntw9IJ`c)sZ2+kCf7HPUHgwvC zJcL0(9n)4SSUT74;WfbO3&QPc8lxMb5$vyK`1WJH07JEvZ; z;odSfr`}&vF8|Qfa{NJKjpEcQyKK z(4YOQxk$r60^~J+YM%okqf`N&is#V*4e=3luXZhCv=*+?=hwE<6vw`~&m0v$MOC^{3AKoK~_oX+edASH8q6C3+{dhq3NJkpQWYRzlis{RHpBs$Z=Y-Dy?O;hN# zO(D*un+!!LdvnrZhMmX)CRKe#BK#LI&g={TBQutIMY}wq3h+~tJ=K9x_mdxPrOpiQ z;#!?|x^@=>B_5>DCG1Z}MP2x4e$9Q5gD`>@H2=MURH$~n93`*i8pZdeusgoMEYaGr z*+9)LeH8VK>`-bLiP9q94VY=Dh2r7qAm`Bi&{8-mC#TNT_$bcn&mm^6=C3k+&iuPb z%M#Esid_VT$SFMGkCZEgi%nH=1T{)t?#~U! zksaBHiWY^9;x&H-M{>ABK-LDnN zEv5SBUOAo$U|hk{TCNvu>qB4f%!sTjT}g@20=}=~VL86qlw4uzSq(?!i9D$-mybd`)X;GuV5^@WGijcx+6I&g{Rsm#-Xy z^7W016yoO~O(@i>^BmpI)XQ^I=kHuF$iS##A|<=smC98f+!qmPl*THETX8X^7ivWL z5u%Be2m!9(Tu^6;kzscF7Sv%WNg_1T-B>}?E)5)5Bgg^cxGA23jmaJ3PiQJMmx8>? zly5`XmU4BneG7A#j+;Y*{pRWemQQM%3zF<+NTSPtGlT{6xCuy`W{>ri88eCBho$mU zFro}q*?wag((}*lc2bS46$=RD3_thL^9GpOc*hXkPWZcPyH&|Ov5zZVU!jHfx-!7j zNDcA!bHe#P$iAr19A@W`V-Qu_0{EE7EiE>>-=RD7y~JcjD}DHM5#6W?9~-1f^aFI?w4de}biJq+nQ(w@ZjE01_cUsiWb^NVJV*+(3@EsmGYNms=oZWH z1!S{}JtlsLMP^;t^t)cOZs=GknI_(GAhkr@$5_+)`RAE!+s3}&L0qvtJ8L~;%i*h`=LKBfK z!qtHhNco9KkfnxAHA=Tff~`-6cO>b^2(UZIhG)B$FAe_KJ-XFrPh{0bVb#X zp2)r&Upa4zCx}Tpxk_T*m%jSJj}=#5HMcc$A_V9tzOdvnlVVV+rDeqE3c21X)wbf- zo$^E?&5vkh@bz-u`I=~-NDiINNs3cdDL@7_Rgni(>yFv+rZ!z?)OxiDW-OZvxbc)- z$(6{|1>Lc2xUzx!SFt1RMyVN|)^ATpAw!G5l*#fZ)pLoZ{*YC+BuWTxLM!0}T}6j_ z2cb2^_x5&jKnB~jY;(Y3qms4zWRZMwwtK3r=TZ=!QOesEe=hJ5*VUrcQbwswNJf6r zZd<^YjJ+Tmc#Ktsft18Iu+w9MS27mhobnA_sN}F#8#uVG)*deN>R@9+1UO?0S{FRg^fIqwVST z5&2|uHOQs9GgB{B57qOsey{7UQLbInjXW(96Z8CFUU6m6N`s(c^rj7Y*GG}$YtF%= zg`5tx0o;nrTyFa;JLfd($~{el+z&LRD?s`z#m?WnP~MW$G8rfa#&@J-+rOxpGmFZI zyLx2E4)XV}1tfbvpO8*_)z0hIl*cY3gw{QUTf1MI@=do#8SWe>=<9POT)W9ldVJga z?+ZcvNV~bdEQk@&R0&!=@`hk4Dy+a2wN{jt<5&U(hE!iO6KyN29bVz|&C;F_T+M8A z6`;k>9Pz=o4ZhhuvuF%v8cvx?%3-a3PyIA6o1N2O8xdzo5w$n+;H}#C4xs>&Jy0y}|G*IkOP92oujZ45`E5Me*Ey9|cIn5dsmKL@Rtd@V@ zo5}R*6epx1D6mRh2*>rI-XVS2xm1j?2Cr5E{Z-9#j)>lHDsjsIFHK9o?jN#IF=?sa zDKRS9>4*Z;RB_=_j8-pghatEKA1+d8$u zgc@3P%Mrcj;wv48BeZLY;K-h1JGJl_TvMwuEceBZ(5DZ(0skg}2oyS5X>!$ZYipi%`eX2F*{L(n?M{US`hy)3HXTcl zlQ?nPYKy@e7ZL<>)(i$~shX)_IaL#>Hto+PY;DYx+UG3f9)23Xnn&n(VHG|K7-!;^ z)+nzJN0sSg{pHv=6WWjUqS%`@OuHS{nze_z$ncKMFBwk*5g- z89lp{Cj(wdKmXqTRi_A$lR!=UhkMsYVG;3MSdLC8FNX_@oF1H?*a?LFs(kL}jc%Vy%s@B%<#!%C0yDjn_*A3tv_emZ&87;niyy;U){lc5Iv8_Yth< zq&Fe^k}4ZCtb*tfmtexObCvtOywx5C;LcWL`ZF0~-xzRm=|jZ3xN&^YqZ6EO<%R_2 z(vx35=kh9zh`CkQ3SlE<0h8gUUte{O1WmlisiWa6wQ{^f9Z*klR(He{`@_`oK)n)*)})qJ08{Mo^6fSluc7|E{^4_|QG% ze0lp220!;!kzdaXcQL+?6vM{c$S5zR#Lk?n+ddFu-k@YVPMfKI1#DIA@P$op(UzKK z*4k?08Z-}-9$WIOZt+=|?YEyEFL7Y!oC-5kJ=oFFpDPTS1M2Jx%&8Qa4+PV2a%Xe8 z{Lckh=s%BBIMPAjC+or#(}`F}CCDn+DWhI4CCwb3|hGL+dST#HpJk5VTY+;JxaG zrB;(++d9<=XXaAioOpH9Hizjsx%I4G%wsZ7aCYio#4o#IyDr9w&jLR7 zV3FJ-$u=37Q-KyEb>lhMfJEOmU+UeZjMt0nQ61AMUJ1zT3F1epl{XgV|~3ka?U zUfTuzaosFIv^pb++#|{kCx5UCZ(={~JJDlK_q+&r_`z*B%81%hw*fExj4k|Kuh}MC zrK7c1@*#6ryE#+e3&@InBm-|cOxN%3ZgKk=p>AV38iV{c`BP|VZ8xUQK6rlU*LaYC zCm7BP>$jn5knN9GqKCpAm&L}DbS(^k1;|phizpmbF^Dv2+ufdN%CKHXw5h+{2?%)Q zLG5agQecezNffABZx6f9yU>C^&O#J#OL#PNIFGvrih4R#U3CBB`3OP93x6Y+??pn1 zER6RC)ION2U0=}Z+*6?S0(Fu+0>SROdcU?9ffE%LwuIaL`R+_yJ^+gcg-ujCpnf1k(LdiV^8XNF!Ll$&y2hl9jB`9tS#NlrTj-bl2JsJ9ggoT>-n`=*}b90+J= zJv;*0_rNmJ$1E}MB~EBfA|i0KS|U8Kmg-XE(3F(cbVJB1xinB|s+z~hG6xTB0{yj` z5b&PxNQmx4%X{_lxU%~UuW-{ROAq%W1UvRPZ?4FV@M&Wh z2-f4||HykV_sX4EkiWwnyrr3L)|>g5 zKeUY-%?^OYDJJbFuw~S-_jRwSUOc4OV_cX*MZ$TlcsEZ^>Yz_^ zDz3g>Jac5mj$!FrmU{y7`JS_w8y|L>swUMU%g?YYZ?XJxL-03wL}a#h(XEOPko1Tl+BzX`{>KA?h#yv#M8v;O{0j*qiI34X}&%LFt%@J7UnVtWo< zQGZk<$Bdvv!&?FaWP;o|=MsNWhv&7$HJjJ<6+x+5ppG{C=ytz^N&5esy2~pAxC2hpPWSu)C}K|owq*W{{3ig! z1cXa+RV2JvDq56$=Na>-dm$7G=D& z*S%XioCzk|N5a-G>@Hb}Bl7tjO60_Bril8#{7ejn(RP#t-S?eo!jkpMV`$|+mG8}N zTZ2@LeW8g=i2399&0xcpgbFvEzL{JOo;uZ4a2>iq^}d<}5j6g6P3HF#4h)i|PhFJ6 zfIc+E@v@a+<2`rFXVc#PbLt`?P8TCVi&F=T^>~-!r2_P)JtZeq<1V8wSx@TPXl;IS zOmobF+r-$>s;$I4r^N_j8sXD7NHdc zmer;y*5K=&Z9qWqCRajvp`0pLdST@6PW2Kmb8p9(yk{#bGORnqm#A(x@}T+t(RSmN z3G1t1HN`=cIDtzzbl$aig0j>i9;rfB!P^PizH)52K!As?Bw}>os$)gc+054nHt!+F z$;T)e?l>h361W$MfWNfKtjQAppAcO}PfF2h`QPs7nk{mVfU#UGzCv)Qef(WZN4ZF0 z;5XBn*#gxoQCN=frL`P%4>g`U-1Z9nM2PD1oo8~u`09I9m*@4wrcBpZ9=mg)JBGoP z2~zN)Z)WXkRX!@V@=yXW({qR6v2X8ni=q~j3Z0Qs05`JFU{fzUq#!AU^4gZ6j-2 zabIS?Z+PESDTc}=cGNB7^kU0x*2FWqhwB4l@j`f`cG($?cVOHVIuGpps<1|g)Z;Ps zWu~-i66H%F$2ttFu7SB}mkgTfyUVDb>0d>wguTY|+=BEhzsVoi&D1Zuz>fE2P6D)i z3NTOaX%XFi!>l_`f-z6xfA@4lU)x`s(rHR6zwkA3R}{f+8d$hc?h1?tATr3xKv}Z0 zr}ET`{Qe>up_;StzQfN=G)%nLT?&!h`T8&>ksY5za$;E}FW)>}3Vp8x9X%2r*8KR@ zzF;YA-Wc|Lwdve3K7Dl4j<026xH(tp%Pct7w=dVv|Yjw0fjX z*E^%dNR4)~ZY)FQ01j3p6FW8LYPUbaU|^*)zz&OF3YR>nkxw}30{wa;@v?IJYN_4* zG+-CYC!r2q*jCFS14cJ{CF04u>G4dP9?sz)dXEIM8J(~xt=P>bGtMv&r;uebF;ZsV z-C25tk^W5q(Dj1{8Sg7l#^q7J-|2eS^o)WI8R*i-V%&O5WRl)%cCGQo{wvVXWxlM9 z8R_iAcfLZU$*4?Exb`N;<9>U}O2N91@=W!OCzKC(!@piWKPc(Q_}1_#nWW5kFGt9~ z*Va-d#(M8j;xL*c`{XUkSuh=K!clT>Pm$pT`{dNS{H@_9w}dp6;BLwze?_C(-los9 ztA_0}(9H`xh)S62%w0;XzWX@jrq7`kCiwZlA1sYh$W8hp$D&C_B!7~p^t9^NmMEXt z3ifYXWVm~g$E+3MU+~8KaLMqGgAzy7=mKAH+ypMErAtkLBZEu>>|ayS^KtHU6+W+W zue#8MODURccute$8;Jh}`;iuYVT)HTgS0%gl4`E;>;unJebaqtpx{D7oIUbp1~Fj+ zq0?@e)ecy7H9Ak9Br1arkqQ*{vTc;m3FG<|Kh+$0S)xGlYBO7@TIHI#IBTmHA$+8L zc>2?(%tfNz<5#6v96oM9hMB^jD8os*$=r2+*=izce910aG+p;WIKw=%f~7Kf;{cW` zU+P6)UnaG8cRd%+`?_#R{ck#CCP{O_WJ%+f^rf^=c7rjB5x-x_;Je!E?;0EUj2@?$ zsO0OSB7ZZ-ak!EzO=un^R)Q(z%0Zgh=Yn#TF>11$CFFHF1x)gjm95X4W`@h2jNuZ7 zG+o>o8HQ76I6-XrJE*H&EmI2tOZQ2QXa<`m_nV0&*WJl#iK{%+j+;Q7IuQhD1|2ZK zmN_L}6vMF;atYnDPyT+SP7e`8r;;tFiR+Pei9K9DYz%GGsGE*OJLpp#Pc1AjiRHl;U!zD!w?9->J;04eHtN*?WI*xNwBnf9#gn|4$`tr zq)K_vqTb-3(g8v{l`w#8l} zOM{CU)Y8hv4gz8x?tu=LT@rdYj%%M-ex1sibW7Sf@}#?yW%5?KsQd{>ru7nWlI$o4 zjBC!pX5C_ht)y-!wf*G;9+$V@<9e9kfHz9gR8kM2BBFoj&zVFvYxmhRbd+*$70a&lRj3*XTE@J^O|23_^0GfSir*>Gb)`L!vj93c>ju_|N^q?Fi~LBWi zS|$DXlSAjP)1y)~Gauwl_Dw7ufDZ&lw6<-GUHl6%THAg|D~^OdZ;dIXdp}k;2FQa! z_gww-6T;kIW^#b|q>|U`EC*vzk>0_wqOo@g(eNe9@I{mD#3Kh%i zqXFIq9qgk(fyKusO^oFO2p|#TLr@Q5flS06(G6#T=$X0l#JywVA*rG62cN&@Mm-1- zS-lJ!DRT4}xsm?mFJ+AG?Qsfy^Zijy{RIA+g2FJ@vmAo(!_V0-;T*tOqGTG6eF1HSHFKd>x*DJ~tfa$4uPG>sBfO1xViZ5W*-+V9eUZL~=ktcMaz zb|h^ABev`W%(?2uIJktX(;a2Gd%kQxCn=&M-!4c`Ww@Z)VT=K8=aEk2IQ|&_`0W?T zn8LN_8f0q4@L@w87G~;AFR--YO-{rZlHWIMf(KyxSC4Z@v8=77b8l6nC}jq0D19-} zguf@CT;j;>!!|^l8T=k_9DpT6UcsLHf4g~T#{(X5DkRnUd~m$pJ9?ANEMg@Ge48$|gS5TE63XC>OZ1??0% z^a{&OcVzYD{8xb2E$?ACyM3nmDfK3(J{1tvOp>XQE1>M+Zou7%9UFhhhlx2ZB5|;y zdiN1TlN8d;!=Qlf(`=t0Mv$^ea{h_JOt{R|;FGZzd* zX$F^;(3NdpYG4LiiMJzT?6Ox%t}pXhsr++FWvH`Kn+5AvG2y+_zszJ?oA2-Ydv+tp zVnuOtRR-Rzzq}+t!}AW+^0XXxk1-DP*nSvGAMnpD+Xoz4&9bV|QB=e!#uTx9jw@EC zH@{nq7RQf~oiOHNXITTr**zJL(u-^!Pc-cz#H6$qRFx@F+Ma<6S32_Dh=TryH-bxc zPg6fWkdfBrGo-=>m@{H`>%BU!PmKaf4U8M5pj&;Y1*4F*bfkk4cGePuw2Rek)*x&( z-};ViM&@2UPKeW&#kywF<2gESUha)WP)aJ(JFi4H{)Sefhm+EH^H;>X1u2gT_vMLV zwBg!SVvvfof?#HoW!42BO>nf=mXGhC9AojUvC`2W%(WeU=FI+2mR&E92CyK?%-T_A zRrW7%0W1d-icfC}a}M!wjj_qT*4xu6SDNa|-uy{53`5^^W%@teD<(ianeu74+hrgY z=TpbLOK*&=cJX7KK?+U11_O_0Z58Mx!6ATMUcTQi7~kE62P%grS3-Db?>n^L!WlAEyz7$1l=;)>!6=Do6c6_HH8N$<^bm0b= z$M`l$gmO1jlHZ|5tE5%Tj}}NyWp>3&Ij3u-c3RG+&JH%*aKby4+5uD|AdI5vF@pDm z|43Cr0WjaXUwRJsuZUEV(F6Jeg`I_K?4SzdA`zBybe&NyjwZWJZZE`hqm{bF;{)9S zwYH)@xCH4*{-uIvz7?Ivy9wdz8)$Fk-P5<(55(F4jHV z&wbgC_GGQJ--A$+&33#uIW21x_){xXZsw}{D|I(srL1(4ItGj-hF7o@^wR?NOgU^R zU5YEPJN(I5Eo;Fp`K|vCC$Md!N5Zg%i{wJPGMHj0rlQ7`rBL=C)(`E@s3BWNp9hN$I{oJBnJWO_1RTZdC7Shp1Mvi+ks=H3+-Z zO(TDwa+Hn@*q>`ppk>fWBT`qZ5 zDuZ7Imz?##$t{;$D()PqA(jZ^slStoGi<51`w=hXl~Q-4Rr#bI5Qlc8c8cBIWUO0> z{+Z!R|Cu7Juy-V7I1BG=xJK?H`B>&D^MVN?f8cI3u#N6F)uA_KehZ9~XFmuE2Zo4w zJ&o?|_(&gutIMX9>TI)g4>t`@nLo`iGpFZ-ucK^D(mJncoeWX^3ouclt0aNPgWvC~ zsdHLgO6zN}&zrtW_RM#P?=W4{d%?tB;`>oj zy<@jyJsb?$eNq`DeyMx2MYAf-3cSz@t&)qX@0{HdM}lq;k$q?b`lb!7kJdr)*`jNF zj0-RSP%0_P;S-lVf3El*IK}=T6QRO)=}*m0&#R+Mja*4xLj&V$siCg>>ipmvI)NR@ zR45T*?QjszSldxOyc#6azWdfLbwL%ti;5}nzei?$v|C=psvJS_9vhx=%(zy@ZNNlV zKNG<}Tk-TxlGAhm*^RWFDViyzB`=u>J@C5pYBw&AJn!`q$pX<+CjiYMQiPWVw# zxBcTW2(*{cs*u@7Ix8q;EWVU)mU!QKwRXJmq$@ELnscwa#iBmE{>X6-+r)gbw*T7< zpvW-6mY>F42F#B?ZMm~;6n0FOj(uQE|0i)g>{i%B(}~!+@nvSnkzDt0(>fbXI^0`c zbR(^0iilP~OP~ZK1bH=7_0MDPLwN<8FOfg?Vg}Y+3R2I*{PLq!m(pXy*(%R!X z{{pUAOqw#CXE-5z{Vr%`u+C|S<$`I_9@$)VDJkX#&2pLnxk5g7aoErb#5%wDX1PF| z>dC~(DHg!UV8nlfG8WS=0}a}vBUn%7ah!PI!oS#Z%cD0<*~|X8%}1h-G1@^asTF2- zQ!L}wQ>!%lX_5uwld?F}`KkS6)5V{9J=}lxeJRnT?~2{+{I1NB!G0@5kG=g-=T%+q z6P8;RQ=Aa=~qga@EZKfDI4b?dDx z<1!$c;-}}F#HR4&1uT<=|M1N@;-NQUXW1ji2qX@~Qsi?D5^I+lmbX699c5P{c=D-M zU7}(|5%{5?GhO23E(x9y^F8XVIAcM2?zQgXZP+;m%dn+z=r#T}%tVP2>?xvsrQA}| zZM0U~tMi)WiPHJu2?9fd5k6a?HtJ9Ts~PG=-iPv+%+xl#8G$Zj?XpjKyFb>QyufIR zme^S2ss2s4L8zykOdU1&=nm&E31I#*as#^@G6qU zVG3+4&2bUVlU^9SuR>l0aZ){xUvRIiT~;~BU_r9DSJy<5!1@3ID%!KR6o0}p#GW*5 zt(;&_e0#f(;iE*?Bg4lW+6TJkKcQqIgACnG{PF8^U!aZY+;BhDjqc_PBf;-<)@nh< zD20l34(!)4x~(bg&EU_U5~!RrMe8mNNzCxi9A^C!nTJ*koiv`@YpRmT5W}Oe3L-FVQz28EGAZ>Q zqS}TlYxFVRLt$?d3$>+x&iDpt+06V5JI7VvSTln;Wk)D`_8>Qj<=M}%W|5eFPoXN2 z%mVB|{|VN&+`co0k*9=PLtv2QVMeAfB7E68Q~P}PBj-XYIxB0C(bkRZD52}4RT!vr z7U;oajxtKA+y*BV>-dY)xPhION5$Oh)*ipG{oGe3+4)J%UctW)t?8A;!+w90fAPC{ zkxH>@uIv95Z~{9N92ug=SA?gDm~c3M_%bM$XUuyeaBy{|PXj2q z#dZ)X>CYB;5Du6p{@!F{^~~L4NxNw!&P$9op+3yKgsO4u)XbGq8t(ON2~OQx`T6fw zG=$0hjm@t|%4F>tj{>Hr=O9%3HER$zw-moS^!JqD6Q_MEMImFA8A^t~4LZ1a zT-C3?jLe|ece5|!vUzeSzbQkxMql)fNx#W1YyI0M2^Iv@bL-zQ} z`fe|hO3Meb88?h3(@e+6ByrBS^qm{(47K377_V>qo1SHT3No}b0!4d*5VXfN2dX3G zJgAhEd!>3#A^ei2`}w*Ds7OlLu0K=hV(yN-D7@XhaggyJc;Ad3!2 zgN4IO)R~&BI$4LJ=ms`K(ps4b5skge{;q6kV`h@|)enA|-1}WVJWx+j&T(hI<*{DR z&Gpj2L21JoJ)^@8( zjn(pDStyU`~%75bGmOZNq1b1g?msn}u8__r?;kJ%tSM-ruH%W@_i8 z=0?6}fOQXHY@T@rTw_AbHf^t)5htdYN(n|bMakuH{6XceV`{dN`Bi5N4$|d)!kij& zhvzBRlGGO~u6jB&eP3NB4dMV%HS5b7?B&swWgyJCiww|m=FvZ~Nh8v*Ur@4acpCIv z1gp-0weljgCIV33f$KRl3^bk*2?k=8qP|upP)#g$kMtEZy`YD3c`(LC)PR^lQ!0eY zwar*Ntgw8vSyqzHb$P_f^V4Niyf7Mp>Cggoon7zv%x5@K7EvU*vYU5Xd(eKHpy>Tq z6P5}BnRpu$T91eL4?cot>4t{dgsKZu2h^thE15NaHGgo97NhJ`H3_D2>_UWUBcCk1 zj``Zq*Jwz3KyltoyyshHHbt^szQVOWvOzwglQJO(&pE5CD_@E5gBvdvfN@ykcU9+2r9L=wHJ;qZ`?b&A>Ma-bVNO`U;=sp zc#4AVBy%RW%a9)R>!<P=HS2Y#t^+J@ucaqV9V+%JzNwGbf8d=%+UCCwPNzAM98VOFfw~&Lg^DsFeV+AJDKhqBi2dDwH zb-~f>0!DC2h6yL219RdPx=Ic^e1HC7e61&v?91;)T?R?ZqpP}j5xEt`XXwCNM@2U|AX?ycM(u{9R?+MW&&S`5wW z$%ZMAX^}^z2UxzHBmU9obmTuwQUo%Pw%d;XGz8dzvhbkE>=ju1ahKtx-vGvhV}|T9 zS7qwtx1oY8ms|5_I7^!Ig0y>o{cBzr(XP!Kxq2m=vAFc?Z0ogvc%#o_F`d`6&yI6{ zqlTiC7#PtHbA4wRVPgWrX1udrJYytU8GyC8{@qrvA9Nyp$R$s9QQF8uZDh0veZNS> z)E#eAf;qE!{dKpkW_1R`PiWFW*3XDzDeGn$p+UV)SyN+H56|j<{?w=Wpl!Hf@G-v69c{|dAm5jVone78 zIvVXEz?KUp0MxZnpA}zAIz$dBG-}!>z=NFFnhmhQu{CsaC^71p%c;B62m*D`e zZn6FTxZ_FfpD4CzUwjtiG-sg0Nw-I2{4@1Ge$#c`dXrduwQ6>F9e17Vj87lBL0H?g zDpC!63|?f3LBy?d0Pe-xVzH95)@Fal^khh?k!`hJX~b;EoyYTP*Yp?dQ8qiv5v>;u?&%i3_3K6eHEu>Og!4WIc~_#do@{4_mhhEHd$zmcQC5bLwt zMwy$3wx{#N^V~wSW-s&dOVfu3Vku4S=vR|PH1`MsU@Cw0#gXKM%PLdKzo=|~ed-Y=idHT)> zgX4W^?c)oX9K0!`I2O0D^6Ljz-R^9+$F2=FK6*tTWb(j@5pIl%WYbZngjl2oBQ)pk zY98$DahDMQ9+mhSE$}ZXsflxmij(NDV%^1n@WP~I&ylKR$Nexd_v(t z*mu9Iav%=V?>pZ6IS~w9yvE{ipn%;QD;|YGYb@l7)@W=|oV>9bIewj%n13!7Ec|9@ zw4kHzmF0zJ-GNeiZY}#^6!E_aUmRRF7pU>K81yF_NV5^Jbqae?-7DmR$gU<7nec1= zB~@nl^Jox zeHnU?`GUPk`z$R7$`}yszrfl5!53VRy7Egmz#Z-r;)(EHvARAf5efuQSM4qRfGG}+ zwj%Z7Mdx&%!e6%zMaLBtTG-lz+f^6m10&6%E_P&Zu8ivy4#t9{*h#hDb)lgynuD{= zvn|rO*k8xl()qAzRhPWm2x8fBlnk_5#ISze%g2RqaZ_^rIn)>;NA8m$$8UT$a1f(x z^mNGTS3$sz;L4jt`cc0S)H~j5o(Wr@BW#!*o0B9hn$R7oIDLF#RW*Sdz|zTrX(5vi z(%EyLQ~Gr1pdA0_@br)Uzi>8zZ8{p|%NiI0GWs!em4$c!E-Sonu4`aQVu5-`I8S+g zZ!n_#R1I-?+e9`VfAsRjQomcv<2#3au|*Bt_e-0i;>e5Kr~S$WU5Nuf1N<-sL|e#k z=jyy$M4+F3?N3EEZFL@cgF%e}>QlL{hb&HoyNo4;LInfM(Q-5 z!reMV%@?zRQY)$}LLU-cb~xEU$XA5yqCELotm((gw>G4gpbbUH*ExqYFNeY!wfVZN z239GerM_qV)AnoQxh?v8bz5*68Cf>$C{VgSJ1==MtHvecuboXP)nWH)D9l7IXV@i% zY?CfkKy`WYxM7+IaG2wO`tQO_pFhyWIAE`4qKp_AejsqknKhYKzB&v$@w{+m(7cl% zKm~~*!oe$$8LJMWV?+(mu)cEd?C}1v)yC<ixC@M@jg=F4Y;}Y2#Gp#qX40(5@SWDw2=0)elKT(q0mC2bH1`JooA9Bn&R(~ zlLsxhl(t0*)AVSg&ZH&h-7nnCq0;bfR^o*<5PeQZHE(L-=r^ulE89O0Ewj6#G21VM zo}0&rDFc*mh!hI`#Fl+=6@_}{D1u2zH6~9{RE{twZoI1vh zkp$;z7;f@L>ic>#tbbCnYn;%BPnhzpP-De{i{X}19^d}NyD<aaG~Cb88sm|GwqT0tDGxXSgIz6<#OS8kzAI0;X0`GMz}V5YCw`n*VeVWR#5HKFjG zr_Ts+6*C-62tVss*ID~nzGmyV83G=Tow(CO_Azrj$FPAd=UgA#UN>zj?}YsNYRAdx z`r#*$<;2jIpd~E!e9UsS( zVP@N?i%Ui04b1bf5V!Ck!t7yRi_~_2&$Eh{v6siC{g=4X9mh|gv8?+{1}5bOhoIec zT)g?Ge_W(@%0x9u7;)Ww)fhKUj2z07gpB4b`b@;S!F=c1kYiXFJsdd zRlJdx7nzS7W|VCrgs72wnt4 zX=+Q3Zvzq4wnZK0lS{NOZ@xr7fc*-n2*oHo!To5Kjj+xcfbSl(=J|w)?pm`qLtw;E zaL3f%{D%z4Db5Ua{^9aAduRCvU+#xDpW36v!Vz_EUw4Hs=f*B;^>q~;lu?6Rpp0=8 zfe{h&DN2-~DR#5PB)9E$l*W-7>j0!3TV%>?(=^u3(2%jH6dbLUC=#)&`^a?h&l;@l zj?)->Z)0fCHR9z5SIt+~cGKr7LQE$%aT{*TkBzqc#qO_Kbp*2rhzivW{gE3jUyGF+ z@jre0xKHF703avQ(p!36iX_GVZ2LWZQHDQqJOHiw4rW+82wGqWN2zk^H5{J&Mek1@bnQFk6KgPy$q?T@}>7Ue*MRX|p| zo0q_xq)cWPBR&`C^l1dP?JAz&goV{}W>J=1?2Un-+d)(91E<5low7IYE4E@pdiVD? zDmw3#Nc`4>vwOS~Y8Gz?B$DQWJ9U{>%%9cbIcFB62aPWvJ-RXXTkB(XEc;YH{K(m`r^a0-SrL+N z#%NeEY?ZeAO?TVl;9+g$ofR^qM&VrY@eb(`J1Quj>GfMhqE3o zqFg%I{9)7Y>(ZDk7fV82KD-?Zs6EW&wkMK>QbVBJ;_Flo*6YMOMViKToXCx@Z$I!x z@F`@M0@)|1oS#&j{ea8{Q1XBRg(7pj(KYy}JrIav(OV&9}KloM% za1jH$*GQW?1%?rmCX>&#%?AV2EF6p8{#qipE)=ExSW&ye*{8wL2Q6kg9>uRgo5RaP zvJ$PX6oz)xzXC)-dr+`=%tm5vg-dSOg!>RDDbvAcUj=e6>dZU&?qo~yS$O+qDp~;f zgU=^2f+Bk4f__`2!@gHWSbU|7W57kj0Q?D@Njk;7JgarlQtm2-zDxQE5mEd*mAdz5 z;rBoPUO(De3twOQCcOUrp1LP0L^2h6oiT2dsN`G(eQP>#=O5)UJt?&p4V>_@pufWc zZ@pUSlzqJQ#bSHpZ(^w}_%Zv`C8Hr1l2j$faj2|HOlN6o_{MXtu^iCulv3-SJwPu& z$Ge-;VudQVUq1^^f4v*TUT&p*X0sm$YfgF5;im8@@-+>1lU(xJ|4?rVLLvx~LpH8sDL#6q#Hx zeuZDYxW3lyuDEwevN+J^f;nk-Kc;&e2GM_3e)mhZ=Z;XNP6)yB)9NyasWYULV_q-_ zk=^Py2FO7Le*jt)n9)!J>Mji2-No)trH9O+L>apftl|ZBC+=D8)AOu@M~sb>jieX5 zVVasMN5<9nF61vdo(Z_H@AFxETrbvDx9AR9ZS46w%4w#&sMxt8Xfghm-Xcg_O>UJJ zbWAvP*xq`FlN+x}>yRzl?nwxI*XjeWSYJG~vtg@8w?kh#dF4wW8>(YzNVPSslhymi z_KZgq3xKnSW?TrFlweL4t;jQ=VUVRG!?h{+z4MsVXMbd}o#0UgK7JbSp9(qIF9?9m zwhWUsXg~O*_m4qTgf(?QiVM%!Z}(N+^Mz0(-ui^YR5HAMA=l^cN|iG`#os!j`&x!( zf&5BEMe5YBBdCI%5nbAJ<}#2e93?OqEOXW%I~Lv0ph5;eKw>R(>d=NI*C(LwAN6Wlv|9k=!z`06~&Wb}KBJabo zunTNlYJ0RS`8m>Z*w29VC9GGc;Ok33SsU5^!ia3mC|%y0pDR_m|AsbAgUQf>A_9Uu zuw3g`F}URkI)sOWWHFd|KN$xq^OV^XlQ_#Uepu_((K zJza-rGFSx}>;_&gzca#ygIK;kCGZBkP=}JHRhWgBa(KOsE=kkjf_~#iylvsj=w2Qu z0zj*09R-BL#rsbHpCue8ympKe$UrM`-jZc8OTb-(%hX~<0_ew~`?qC@9WOhJ7zL7? z1WGF>i`1cT`SYsvOuUA#`oW%>QpU6<%XQb85^H4BfY&@_qWia^w?$J0thFp4Y;*Ok zOuj_g`oz9RDmB>DhLdRltjn3x>zhStuEm~M3p`A$+WO(fQZn=~k@)-2Y!&1@?Z)%p z*YrPLMbcub5zTQH{U)FXjpm-29Xtj)|2k{| zfG|9^!|Kk$KOh@_EIG}361i3AiI#bWXIF%&P9^sH6C(`g*o9w2w4>QtWC&$TH&Xo{fhZ8*%5*rdHvdz02q$FeyhKs z?&hYbax#-YfI z#MOwd2g!z)tV(b_&Nkg`zx6S`wu3c*<=;K2osFPf&AZ2j(p?lhWYlQAH6vW9Y+}Js z_w;B@Dk{3DVeY+5k{7KAF+=XV$ZLCLg=?>Kaw|f_)yAY8=u)mfc9(LaM;TRH3gkK@ zrm+WhiWA(6%-yuGITgBqHJ)f6kc|J`^tFDSkdd4JQ+UL{GGuLlTCfD%NZ%kLfN)%e zeG>4EnV?^n<1&rZ;%yzzaH7elak5@dl09h4A!Uu*U0Q!xDiw|Q<`HJU_Cz&(()l&} zU}>lv1`Vu0KFNq}t&~Lu56g7u5ElyC$+YJTsn*98op5DP=gF#c^w}hGZST_v+#u0 zFUhGnQsqsR#Bi@3Nzlta zFFjHTh^RU(Yg4l8w#zruz{Zj@!HZ$@)o_l>tMFrlczC<&q@?=Yoj{U%EJ3y?jClbY zUZhIXYdkrrVvIUwZ|vH#qCfu2k>f6W+V{uuPTKls;@W66NsI!8t=gj@*`N^?mKxmQ z2o9T<9m&u((lS=~xFDXFWLGqX8To3aiN?X|>p7KKehVNAAw?yZg83Vp7W*wyx71zf zvX6UWr8DSQvi-FNB!RwTQ+aFVz~FmR#uMV;%p<(t%WDCq#?RghsxE{VNPg%zCfXF% zxs9d^OlA&WZJY$j{}$x@xb9QXA^6CQ^W`@HFen)B3t{LCO=it3?e=C=HgXEqqVnKa z?wPJ_Dg3N?;&e0DpZTOQ8L?{L+mf__qe_;|-%`#OzEyc%zBD_^Fvi8T^$gPkWL$@M zTB$yhuOTitOUB#ap4Z4(0Ujc^;QdT@!Y8wEt4dgdkxu6DbkS|V^|fvli?`7>+6rix zwkaI;BRYnemu7punkGnJ$F{~iBbZGS5Tut2YO}!L{KUV0oB!FLf01>maJhlC$2AK) zAuxlz3XGjJctV%90qEX7;}5uXfXZl23g%t~dverlcjXVbai4zyCkgwpTfm=_Fv&e* z3$WAx0s}M|(%>UuH^ndc&|6YXu&7a2qdl91ky$EYJfACSrT>l3PIL^N`jD)T|fZf>rV6WzAHP&3Dpw~QZ zW*Wd@p#C2m22ga2!Z2%3eUpJv^D1x|AXvzl{Pq7KiA3xI#ekEGjH56_HGV5R@ifdr zMu~lrtN-eB%O6&Iqa ze(?PTdjR;llz}7hIGzs@#&$eD@fE~XGlKAfRr!t_voTwszcBP`0I~3k+J6L=Q7%9D z{*%lPbc*b)fAE#r@WEynxI_Le2*)`b&K1ikxlj7@brhy`=4Zc=$#py5HZ!_1euD<|FzKC+owIExt|3DWHWQe%K{SUFTZ~lh`l?Yr2 z^EZ(`aKs1r9uK2B{}Mgq111Xp3waAd(Me|#fQTS3k#Ft^3#~1}>%TN9&#aaC=3pfZ zcCJgO)Tp^WZmV{c;Pd%kdAk3FSN#9V}`7g%^-ey zJLZ1?mG9&4PB$tN!vMuw4bYM_*f%`!{RM-Ip}d0!w+Na7R|sfQ4E@&ob&_is&6Sv` za}4@aA>n9v;?U)P|9~p;=-3DMj|ng37C(rL+tWZs^9E(%yeGtZe)JzO=i^RHm}ta- z9YACZV2@BRpsxeje&^rxU1K$p5ugY01M=-Mw zdgQ|JKmkS!CcqJbr^7p}X$5)g@Gi8;bYBo5+$6zy7v3^5)Q0Dz+5=6YkSQpnU-fdd`1@V+I)_#Po{_tA&Tir@Xqsv`F0Ma(a0IiF6PxoS~ zj!0?Rywdw>pl*aO8PgdgOTX(){0G*g@A62_8+hy&pZU8jKlrYXu9MFMyCcirRIs6L zKyFmbMKw3P?a9na^}7wR4rlv?I;3(BR|4zT^uF%hZm!kIeEx&)3H+u%M}7Vg`;psm zAzG5_$w_9~n=rwj)L3vPh?cY}1xWq%*tL!i&@$~DZ}ug7mf`)|{f0OSPm48Q8J1KR z&RUIFIXByX&h{^)ic81LSDeg_A7l=iw5Fhgm_JRPugk26pqvz`q4*1SZ<-B<6xFZk z+KP{?C+u6`Mwxs?H?4kTMzNOZU9U zm`_Md%}4lJJ)~u&hK|Wb8|N_HCP-;$F|NTp&yYi+-X9^8@?^ydh+KKr#$SfS1jYzC z;!`wz1t%~<%IFQLQ|iRU17;+ChW6x>R?k{L zYt`2HpK0my%1I^9*5!}`FAR2j1({NW)5dkD8%vmRFa^rU6T?@m(uSo@*=O6=iv<}P z&Uk3S^1#8?3{MhGQ9O6t29xk^Up`gBh)zG-`3M!p@nuKQzxuPX0NvQ?gZ{I~0V`X5rw#z@nZlP7COQ==gfp*^9dncry>YCjXqjVn_D3ddp zwx`K3y&p#n>4rAKXwLXNPn4pfbcGeF7XW17NK+n-5liWGUi~;FwS#T;BH7{V#x;H@FSuid(0b_?4 zv2lYl^;1zuAEM|HvKk03qfGK#Y+P)`Uo2E46|z$&w1K>4q3@M%Um2^l2h~m}fx0`% zzt$&v(58ukR};E^@O6SeuGgYKoEJye{JB=%(J7Fh;tR6N!NZVD5ZzH;!Gv;%9fFI8 z_e*f9Za2A5?1@N{BdaURP%G&75-%3IjI?!#pD(*_XnX8ndNFnrponDnQ+l55kfp^m zd4q{!=c6A61q_=F%jaNsX6rQE2B#(rWlD?E7H|8(?h3g-ry{94DWoEa=+xyY}5K6x7$TiytkA< z{T;uAzc52rfA9rOo(8}`3waDqBVo%NGRT2SC9uze6uGLLF%}@KFvn2G#_~+)XkZuT z2Tbotbc`(5VhXLc)7d2pCx42duVT4wc+~InHRdKMI!2$a6Kmq#@Q8efu%D}*M3o7g zKyKGR{P&%1#~R6+p_NIXg}-&b?rb9MHl*zqPUIGQ=ZtLy^6;6StHJw-`0yD$&k1KQYFBt%=sa(ZVcqLmf zBF|>_f{XGlPssmBc9CQ98@mILQ_3N{k*Q3n&5z&fIOfa))NxHUXBbS|h5xhzmxR+j zA|NMja%=|V`plRB_V%Z+IL;%BDU>Da$hMcQkT;)O{?m?!->+{X_tgr&?H%5Y%&Q73 z3Qe3p5u6t?;5EjH(8oWHmHNG}gYh_4=4^n+;s!@3Uz*!{CKg%YCtD0YnM<_%-L-c9 z*3QI@f!1)=vF6ATu$cs#3uo^HY_aCgmyh%6*`6W?o$7faBt5b^M%>Ux@~?Xuy5GYtcV*gc&25@mkRgog5>7te;%ZT>mfJWB@xy=QLKo4gc0VGE{ID zxl4l!e+B)Ff^jx$mv1466RSfY2og(ypAE=Z7{{DSuUed#NgJ9UaS$I$l6R&COT}?} zJ0VgTjp?uVZX2I9eRnUIQrhi~^iu+GbkPw|M)MVKeJ^NBVv+pJPSNu|S``>4l}A}4 zco1{qW5xu^Z|wPu7Tq>huF_E+Z_`W`X;Y(YE~+_uj;Dv3e)Kz)Z|!eZ{eTi`t2d?* z?AChM0D98S`YHGFaSuFrG8+R9;V7*6XFb|ggh$}y7H?%>PM~b3pn^=I3%%&uK{T~e zj_yA^c^Y}imILI_`f?J{Z3xb;1)!0~fFl&ei>JBBlraa{cy`z3SdHe}6CV15SLeyo zW2~OB4M$KW;bBm#YmBM(dCHAg*oa&Xy)VQ-DuohYS|E%i76wLy$i$nQejn2tY_fI; zP$~*iThm+Zp-$>m*{VJRrk0zJ_qgs6F29Zh-cs+rJ&+l;-YtSQueHo4VkfrgEz*Z= zL#k`74kd85Ezr42p;TCJeK_8%1&ZtszDF^w$hr}j-W%wpn+IL7JNGLe7nf*=7n8j@&zt%Pxe#E# z;>nNKeMe4WiPY{~G22r59dpyZ2nt;z#Pglb=???f$=yuo3H9KU9i-t{4O zN}z^gGiC^AJKn^JaCVtE$^-^*i9FlIwK#CW|G(MRRr z*`B(Xp+*vla=EU`nf~g7mzCg*=eylYUbG9M>0VYYSlWhuhK6u%zRX&zC(7R19X29U zvZi9LBUu(KoT=InzcpWzLEn7vI!=XZ*023|Gwp9Ax=I-PrF^b!{GWdRqU(owHg2sk zM03L(RN@iPa2-NG`RSl^#Z$8bA-{9o7`SYI33wPByV`bTrvDuJ6{b_0kjx6AD(ZGT zXKNh{u!9aTZ_u(xIP=dw*vS{ERDTfkWHRKBj)I&&{f3j*l0$y*S2%q{$t!g z^Go{PZF$yg7+Wezb#p@fN>GgFRkHl$icPO(F9cD<4+2XszMcYz_W)U@atX?X%D_H=6UA^&J(j z^z9Rv?tcb3`5Pyc9YnV#+XBoc^sD*}e}Q5Fg1Ta&_X@ye|tN<^-_+f+Y|% z0>fUCf>vkiq>!K)l?`Vdoi2vz2u8X>yGyZ(X z6QvE2EVn!k9(EdZ9&0g`?V%}}RoTk>3EJupxexc96p6oWFVaa;LXAlcCp!Kzl`gM! zTV8Dw>OxuFB?$$Wu4fVbWa3ejvpTZpf!9J48*i>e`B?&tF_XjKV-%dPb)Jp=Rs zPfvxY&|;r^wB|j1Pn4!U@?zHg1j;*ja;FWpF<}_6MIkKIc^&bQSD)BK>tt95pyzV`@Z)SifGD+tLpNjd9d)6gM{fBasoE zVZL76!xCU%vwrYJXh||_yBLn?tI~I)vsXob@X<^9e?cxVJhJW@ay%M=uunj$09V*T zd`qhup{@wA{VAf3!zGBYBgKdGMI+&3bM_dWg;_3rxBODwOHqzI&ZI(5MWhgIA!*bR z9kwLJK_opPXRt3yvDpn&SALDf%c4gV@)?h!^=klY(==xbIMbJvxyu0U3U3u^wAj(Yht&Co%i}!2phT32mz=R~4LDDb!BS98C6&jk+RbtA|e``PKg4VCuO$@1~`7 zaG0ysCV1|zUbnVCyI6*2fC#pMqR2nUHFvBQd@soo`&LrkW&W{H!m^t_RRI>oVXj`;Pv7AgAck#J7qOMRffW!pU) z*pcHlQ@+K&Bg;3~^MmhU9WXU(5y*mnWzuc?QkIt z!w5~#IT$$*I5;jTsoUv%_?JK?hH?)x6f&^QKk$84X9);_Dih*6K7ZT}zctCZ312ce z$Ud$gpaWXcbU+3!Bup2`M{8in!0jyv;-1H_iZNuFYTsS|ML6pbCV=zgNZ`o!<3I>+ z7I@JluOmp=CMMK3a_`CTWLrYvjh4l3da)WKZbkZ)n~L|&j!u^8BQ^SZR=kw#rzW`x zSm(An=9402G06rt^Va3yj(puwv~Dr~F2rqpEUu5Te54cogYP`5M0eu2pzWX?vjVHx z$AnED;UYdIs_!MKapiyk>d7<5jXY`eByhTE@A_nLq<}ifxx#w=5Bv|p+KYi-c*{I} z4yAs#w`3$b+aH96Y!}P&%JAsn73n@!%XIsIg7Hg*_f0Tmtn=L6zfqU&8rmvYV9td3 zNBb)smViHSL3z~f(C-78-=nc_@EJAo4pI&;CRI1Q@4f>l2gB<~b0kzWK9#az zsMno))owwj>Qog3!t#Wj^C}V8kdJ>rUd6^Jf@8s1am3ta7U%Ej(L0(tr-RFaQ3^uR zBSMMAVzv6xAJMY4#+`27q85hweJiGfF=3|SX`p^yzO^C&poh2@kN-l;A#0Dk*a_S- z-wtw))6r*kF#P?Z+%UG^qi0Atx&YSjIGO^;Q;#>Yo}sMT7f_M)em*c9aSJBhH?<#T z_#z7x7P^*vX$URF4(Y1UgB(*pbZiA1>d6RX`nU{zM+*o$ zw>#Hl(CGT+Qf<&N$y{PF>wVPi1aamb>V@g6AdfB6hPuPnG^YGUdvNBcX#|wDs!Vx9 z8QC?fy>J}MI!ZxynE>oj0kv6T3DXoO@!Y35U(Bpd(h2XVOz+c9s=CoSRk9Tch-B&x z&da~lQ+SzO0m{;fv2mu(up2&HI`vQHl%-%Uaa z*Im`VknggVN+g_stb@T2PWhcG@Htv&d#FvK7331JWNzFIWlpwgZ#^UBuz7IpxC;~F*TkIALI!uDtWtIi;NHJ zGdKGE?qzr3JTRh=;@MS2g9mo{=TPXni#uP7pfG(R!ZTF8-7UO-Ot6IM8=QWCL*z>| z%NY*Ml9{1arqH0G`<^!YJ8P{il<%!00ik6fGIr`_%;)`X1$9F4!PX!r<`=u?o(Z|R ziek0e#Re)Pmg1@S%qk7hYXPyI*@i7;`M&<({m58_(DiRz$;|_x?f8Q)46~GafZ{x8 z;DG43?0vbWIXK2VVGSpVY^1H|a>Q9A20WkZU&}QGlv`gKIB-Yrx1Z&G zeHOQj6_uy%wk5~|h65lqDs=DcPn-&60flV9Lr4i~H5*nv_C1bz357XQy}CfIMD_Ty zVo!*OW)}}hA)&5|0q&J%fj*C)HR=`20hsnvQpcfE>0^5+|0C-oWySa}6$K|NohU~L zj1NK9wb)$xemAahG$Cz=BB~S~{dQkx`R}m%vk70e=F1CGZlmRSQ;M4NL9F~TW;7UC z7#XyN8+H`onzy&jNa%=#$)>zr$#ZmhLj9e0y02xb`6)OCS-eR>xV?T+&pN)ZJ7xgv zTV^)WXt_1+k)Tj?VWl;-)ZrY>z0O<8>5lUdxymIYUrsK!uDHPlkLW&hRrvi)_00Y? z*YUk~&5xNv-BlVBoCGQL)*>LZdwt0r1QDc&UNwQnRVmxfzqNjk64px>YB1e$+~M4^^2~KtC(0T& z25tv0-WRV#t(gAqQLWywH|p7-I3}4!lFiRI5jKB6g6-EwLD`{s+$*dvl>7ZPL;$Tv zxWzknR`CoQwW2tUX*W#1K$X4g;b$oO3+qPr?AORRhgriHu5A8yJJ&BSECzNbUvjp! ztF~#{W~d*Tk)>~2X$W{N9Q)hPX-Ys*%z_Y)8Y4F*m`>~w$CMzo(J-03k@C$U{SWrMlA{EAP>w|?CrW| zZ3WoYGf`J-Bh2gGeg!u4#mR#sI2>wnbn~$;@2K*&m26JL5=9EY02bYL2lG3Vl%Qx0 zQ3pw6uCbWg?o^R^3&Ftv@2s~V#T&7Ar6xT*dloJQ%2zR%rD_mhYg0Y&r;|o%;iy;4Jdk(26|UBfFz$ zW|bPtdA_&mz^ck({@{aLi>%?8P{CD@g}$pvrwZ0=qfdvSrKh#Ep2}`!?SB^CT9KdD zjyfwC??ue(*nek%Hyhzsa#jo6vrD~1aIgEP1!-q;8n9-eg^+!bes;znknaM}D8EfZ z%650ZX*3In*(U%r+{kqcQag=&8Zf0y8Z_mn{o2!t{OE398rWjAMc2K)Ne$BbGhfyy z7U|P#%AtoMD$ZpA>AxAnf%l`ud2dz)`ZNfO+xG`@`7a+-{V(R=(tiXr`kUI291+(e*N8e$E1Mmtp3Zf!u>#USyN#0en|NoVJKRQH8~4}h8-_8Zw*bajP?c{UaH5Y+PgA^5Z0gh8e@O~{v%0te zIj$I>X?#gzyguMwqYRM71O55?h2tVi!AvS+-TCw&IbTDt$UV0qD1@2zY%_bJg(H6^ z)So9+2ZdcwM~)jCh&tCbBmEhn5Bh@WawLUY2(A`A*{q{}KiSfweHLY8`~Z$s>Q1Ge zt-3hfcP;eU4o|LsN~xpU7eVoBnIQq~N44^uUrIzGBvk`+$7KA7s&u7vg3dq8z7K^!RI1gJ( zX5uaS6>}(abwZ<_+0so$D0ol!SG_YDQ*n4i#rkIPKnG~>2nTf7hb55x-)yH)qBUWP z7ulM;b1eS?lwN!Uz2LO3ZE!WGfnvi3XBfWp_G8tO;-X{ERx&W4#hr4|)rXfT_0X8V z$KrAcH2n${LFlAF;cSiRsA-dNM5#N4&hiwwCvh$CIoIKQvwC(qG+zD^fGf6{-C8Iz zORI55wc}-9t(WD;S`lTeIw9cVVADiKn`VfAcI`TLJS;%fvYa%l&bWwoPFJP5#hN1B zT0x&QSmC|`)Rl7>$?#(1s?&3ZT43*)cnm-4KT{~r^1AGDB^JK6WG&gBJnv`77UmG~ zPIM2}!GngY4EyIl_yVt?f5nZJ`C1EWd%gC2ckhB0WePxwv^tOLmLh}nkg}yVPF3m| z8iJ_=`6%s-^Lgr}x8)AsBWEaePNs-E&5yV116YP%%)86x>TLOsD-kbIS|X89^0Vp( zq;zT^Yc8hr{%ow&xy<4EfLlEb_31kEfuGU9oOXeoM$5f?<3}mB{&zUAc%H8JG3IxI7^U#5o)>9_nM7f zhVTU3DR|Ha;Wg*BPC?cO?$A~h<#W)uPGy&A~~BMd=^1VS$Y14xrD0V5feULTbJQU@W# z5Fk1wtCsrmMHq;UHa>x^M00^{0=@nZ;CLSR1FLNrTGXics;C zBm}4rwO^rml;L(g|AEWIjxji6-!xRL1$ZlbnRJ@x^kV$mmZvZ{ ztqc0{FpAaN!6Hd=tr?alDH#V)dZ|)@e|_il9!s8QLeWxDAv zYuu*u`Pc=!F1&_|Vb|MN$QrE<$^H@zz>3B1X|%+#skT0>QmZjG+uscekvE6Q|82Hn4z6MkIloJV^kBt<m?R0^9L_gQWtuFl8D#nBMIYu_J>`fPJiFg@)8tj8|U;GJm1 zF!&z9F`EFG?FH{vLmVQM&KWi90fC3>aRJZjThi*9V-cyL%h4zZRot_dX>)Iw!`)Bv z1%d5PyI!lwdO7=ALrY7)Bn~82!fM}u-iS(_ycI>4D^Ax&>ob=W{X$LK6P-}feltc((gozpQL356h*~vR zJl>P+DN$k3ii7l*2RSyXkJE?M0e0|wls3)gW_q|tkADnY)>(^?gU`s9megp?jh=pI zK=iDTGtxw^;T5iEi3SNy5EX3Xib8zNyt|UpPg6HNykk1ECU9x|iJG*%$;OOpANT3t z&@JSHr~fBB5&tE%Ke&w2f#(%%b5(Q?Yc&TH0TGkgzr_4+1U^kAeO>u*NayQ8Q*W(- zua+L+z2^W<)V$7=VSwHIFDd_nzmJUkOY?-$-5C)4zoO#@OJVw~puv{{_h^TOyvTz~ zH=0pWAK`M`;pKchF%*b2nb?T>Ib2DcEx>@M1N4CI@V_?Oi%JEu7OrLZvNKY5d*o*A zpO5Q&dynAn&%&o`TPAgGZa216XY>zeb%G3EKbz8@gNntBfnubR{v_E{s%`$T^zd!q za5c<4Ir~i-y{dV(jxrHGFd5ImAxYw7&Wl{1t6{IWF9eGMh}YxLYj;s=87cE3%NuBc7nrvD8$l2AN;m2w7vQbUE>v~~9) z*-M|(*nxYohh^Pr?AE<8uGfJBFgcG=F&VxJ+)LFcJdhli*6qja@%=b<1@Q8h#J`VX z6r1diW`+8jyf{(y^Zd=qneU#5Pdq&@>)sNV&cc=d!R@v=*Avm9{)%^Xm~j1&49iYe z%i|fbM#cJ({r+nzR#@m(#EvfQuIx z1sHD0$2rBBXnnQ2+HE=8g4}*kdQq(C%}CENdZTKdR0Z+JT$50KTv3eDmCQzG!Mm)e zV`vTbVy|V9lFVyIKU#_$TgNmVmx(WSA*I$7yxKuiO$NwWm4QIqp`Lq$j>>9hHaGjN z0<<-i!7}Jx(P1e_3YnEtf7y57e9wFCDv5pYwf36qRYIlg(0Y$^;enj2>ZykK ziy)EkeYK2kbEz`I9ZBzxsLwz^j2o4q^EwW6ny1F%|1$i^C5ct((Wj)m%DY|Ze}m%~ zbG+&!cGXSL7h;|N0XJrjEc_H+4a9whYM%)@t^Y-DXmL1 z%Dmeij8o7DPwisdZG&c6;4=YydImL_MDrkXyFtg-`nPkJ#8OliMPs^+>oz>Uwa=O; ziFT9Q+n=>%dkqh6H3s!eRG0d|CI{2cwM%Drnr7)ut-E?_Gs-X0clF2{jyZJZSIA(n zc)u0SB4J81z+4$-Sm=FrM7=`?DXV4a1;d|=5fBdCaLL&Fo{kQA*-G=52>Gn z=9D2NnZqo;JWrAnlH054j%WORWDZPEfpD7-OmB37GSMOI9j0_niYm{QOX0xjy=Nzl z{R99_M{mW64EC2rAH6W8Us~E`dB2uBRcF?9hNv(j9HMrIEjYe-$w@3G#8&uTe~g+K zyCALGwwU^`Va-i>xElcImE;3n`iNNGB_Y{SO=-WQMc2P(8^(+eb zn)K@L_$-P)R1!nQlb7DAy`0}pFJ`&EI564(i|X(KSqmdTaAfilog}qB5mpK1jAiM5 zs{qO&G(B!BORA9tl?W>~Nj4#%LZ<5y+8&Q;elpzu5qVRS+2CsjL#4fLt*IPySC5m7?+Jz$-e>#YqE9Fy364c-`YwEOPPJpBw+qBqidbrWc8mkD zljy9;>kOnTz)xvNN=9glnR2{-VRbzwwGvfpTOz;`9Atu^?ZPbe!?$x!C+RadA!HI} z-gZy_kN^qiIPaBk8`;vVs6Tna4S-}%@IVHw!>(FDd#qqihIj1n$1n;hdg$M{Wab^O zfnEuA@bf10g^6Aj6o{owx{uc8_`TEz)B?St(>KX}r`9VKCU-^UZMwVJPYG}GEhW_< z!QzUn1TlU3YTJ&2FZ{6Pf$iOB1%0jK-YZ8P>!3OerxA9%VW@N81ku{y<+6Wa04M(0 z^GXAwi=UhdraJ9KHHHOqncJeBE2+#7MuI|l8Db$gC{)D9?)617m_jo5I=^QemP2}vnetj9`pRA(x|N%A~zCx z13quPm%~vlSkA;;CrR*!Cb<^6x!^WX>Jke~!${6?mz*caw;kYg(@MqhHFivQq~$DC zv~Jy36yvPgXsd}YoFF3Hi;F)j>aLQ*uf6ow6YB9h757DK^lNf6^&0Vfk(jw^Na~1Y zfWAzwj~(?`ZeB#>)my4XeybrUh+~w()?}*Q#Or4%qW*f{Hb1(*?l+>aKRK++cFP z{NRt40{^sOh~6+~5%540-ifoKL_&~y`5L$gxO{X+o~)FQmpZ|z-?;{0_UApArccut zg05*=N{YL*{rD-5T4!^hW7mofAUw5H|A zt3Vgo{(`$-<3QupU^^`rHt2MIk=H7w*%pux5BRm3(lM!xE8*JGjKyPzWjt$+n=jX# z6Xkl?iHQP(QAHn6JC2;<45OIv14-1T54Z&bVBOMPLN;aS0^yX zj-hn6eRtX}wM6{EejIr`8-Nlt$^RL9^C$sgz@JI?PaDEaTNpR%z1~UP5h>7kO^D9- zDzSX!-5ZN}92`kA%T)zu#*7{H(;wCdmfS&;WJ`kq6sx_uI=jY@{qV zEwvW+Y3klB@&#JzmV*3Ol#{(0XzPE*m?^9)sdN39Bt`T&E}l7Zn~ni>A7>V%_v(#X zYHl`j{aj{j9xzE~P%BKuymZQm$Cx zt+?c`uOOEDrfcrJmP(~ADl>XmKmC|C_4-c9O8xY(nzMXn5i-9pdfd0j(6G{ez(Xps zZ~~vhQUKpYo3T+^qu*j-C0)Imhsx?7WV(GdMK%Lf(q0BGnzYAZZI9`0mCN@t0kWu* zN+!we6F3{gzDiNx*>Nu)+(B!>!Jm=^51&wOM9r3_uuJ*J4E9t?OVdI@GQ0%Or9Ofn>6OcG0mbpRbfa#FgFuer(XY`m=`T-dY7r);8s z8Wpi{%%%w}xw@KkQ(TwerM)+;WShk{%|QQBsnLE+7vQ%`er=%Se%+s=wd6)%TH+MW zLuW)<&wQQVWq;erHZs&Ap85LD@|+Bwfs*G75;(AlP3Cs~Hcy|u$y}o4=q_0Ag>!c} z+PmNduf3_mcH;sGwEkfgM0e#-Y=DLiJtTgM;@U@{T{|o|2kQ3w}buf1kiT zoOI#1k`pA!tlP4VP!RT`!bM+0qL!FnCdbc^!BoGlXO=`Y;vDN&pi-}jx(E21W{!qW zR_G}4r(QQtx9mp`0>Z%9ca<`^B1MsFAu=M4;aHB&>3WRsYoN4qvZb7&=%tuXbaV%U zx`DAF6{q3c=V(a%P@++CRqeD^jZUAfA<;S05JryEn)Z*AMGie5%cHPi1$jU%mwy6i z>8WKy64{CU6cOI#gFjMc0UfFhVMSh8m;y$Pf+SHZD*^?4^^{>tiAkRN3Ooa-xZaSm zAmv9UK<7nzGRBE2S0LRGxYnlR2fm^Jpa!P@ zrFFvw(Qrm|yDe>!I`;PCbIg&TUd3oX(Aw8mf8ezsW)yi^H#jZn3Ob5B^p%&7Y{u4P zj_3ocjo&AMEm^j}ird!N15KVKyQvk!CiPL;s_sGp4?Ow@j$0=G=l8r2t|%b5 zr%1rlf~R!i6$J)b(YhSR9%gvOiAzD= z-c3e9ZpT5U$5M%zOhC^S_wI@Y9Ljvo=Ia^`vJ>&JUSa*=oroIa>PIs)CgBdEH{@YZ z!j7*zp~Nw@rRzu0Ww>dhtn&!&s{`Y+;=xs(!{HOO`hhzTgusX- zHaBslK#9B5mmlAq@*BHMg-ul*Zh5Uq zW1V$AiXCU>*2tHBOyHD6*qAh#>NREz5p0E1`=-}eS4~VaqmwEG6jY_6U!j5coX0ke zVL7MMmZOxuj>)3#8;#W08y%)A>s3P*GzJaoWzc9njGd(YoVA9MK28%6( z%ZcIf8*-F_vs1f7Kauqm*&W@_JllqMKjxF8t;Mm|xuHQnfC!`_AM5@oNiNtF8`>|U z?y^!)drNvi#5fFFKUFh`bz;g%e&vmJA7Ybb-_@j3nH=-mNey?pUBUVzt*;}!^8$Q> zO1Z@4CFu`rYCUCMY3xsaz9d?f&V0%csYmkP(m0XcmWC=d83|{-RB~e^o6R7D)|x0V z`!~wmE9#`qu_D7H#+Z_|=>vy48LIZkQSVcZsijXE#hf9CN)Q%Cc4>}RMXXT&>L z4t13wO?&$~CxdINI}j|P;Yk*84Sb0P^(B3Q3S`>@iI%P1dqtK;%{%n*j4Y??&E28& z$CXGeNN3{FOwvO(83N1*2162t<=-ti7ju}{0RMx>{w-gi9PunOCG1r>l((b9OUR|q z%`!tW5!ylDws{h*e8HFlO-!E)UvM5R4*-EL5v&uKjUK=w2oxkF(b76)INmjGV1vEN z)9G4vWe*{=vRgmZ=2ea(9Kw-E2zu5}+tz2B6$nYWGr9Ftq!>bGCp_hL{4Yz*4&ImeClO*yiJW z5XcuVX#WHbn1UFp%pXZ1WBM*bL$+m8rk9!pw!99Ec#tWcehq4K1^@D&gI@%qQqP^( zK~8q7;KTX4?Du;Gb?>?P2iD_g+Xl}YZ0~mi-)H55?-LgpM{adYe);1k)gOG-q3|`2 z6p%m$_T*5;ndn2rKdh2OwmRQHIX$i=SKJv zvtbtWDEJ{Gz~3{z(wSyNtxv&He0}Lzd*gvQpHX#!5*#&m!1|tVyghf!n~MiRRYBZPo&b}gza+AM)->|F@O~M?=XH*BXVsRriL)G_9Mar=DT; zvFej)n5R=D$=`M!W0s3CWVdv*M-2dJH_gU`ymuS01OZ2!*XT&#Z^kDjc_7#;MLE=0 zZq`zO7sL%|;OTaSrUP-)RF15nuTj_;jPjCWr-92=2C5So#I&qk-C=^Zlv!MBy`!+?JAn zm^k{Rdwu*3Ct5&CS&ljc=+$wg1=7es(;|c~#EBB^w*CN2)cuZ<%kSzud=o8V8l8_8 zhsai1m)HfH2_*s1V0Td(Bmg>e+BaPo*gRnR#8Y&6=7%-9yP_Cc$}w)mf#r=Va>zi` z`~nk`32{C^rYy|(YOxb@Q`8(*C}(bT{o&W5Q$Ska51rytsY(|()BL<7&Vz)DbKMTh zgT~M;O1gCN$JX1iOVG4oj!YDYGL1swZ7&X@m4T;0sPnc#ETLp#;5xV9>*uBI^wK|0=y{VLcD&E!5WsHVi%uEo zH9st%_(#oQ_5!)Z^<20&XS)xc=BakK8%g9!9RQJlXP<`6M-;;^F*3Gy4~3}~BQxc! z_^)+S@uC{5nUQ-Bmc_qA;AQ@;2f|n5{7f{ zl5Bn+e6C6ArW3(g)B>rAsP=TOfv~oMFy3LbrC0(ZPMH#{dvqP#Z2B3?ab|$U z_>!nHhLXx*6*S0C2_-);t8`|ZTqVa1x5?P^;i}cH-y*Uc{C>@G8z(D5UB`{R7H$~b zvAOMar91oMA~2J9GtLap?xlF$qh14qMFY+R+Qh&tHDz;Cf6S~n(@-M}=|AX7{u(hW zTFjchQF{o)x7=x$lGt$R9`c(vuT&Fv-F+6@#~u+;1&bey5oca~g%FQu6JR+9#ccyqXnX*@0$fw z*bl#DfT_=cyi|s3`SYZiGmYM}Ag%K&j>vlFv=GlUL7UTrS$klUd)SoAZ^&SUw;MB_yPO#aXayv?UbNRD zvlU+@@vHo`-l@ax3HOLGAjx@G-EO&)sFxm|iO3>zKPsC!;LS`10VX?fIpkY={#O_S)}i;jq|z zYv1=Svmg~C##gcpeA?dDvZ(z!u~)47cI1B3bEB?^BE!XvM}ETz3T|GKkSo$#s}?2o zj~Qn^CTt8k`%WH2K?Z``%J#0+z~}2xh0Uk&R(Ue6Yk4QTU|Iu}QbytaiWmAT!NODs z^g(~2kL{qFT2biMohovLXMyNoZjGEc(KBIf(0M`SJkEIt?F@*;ee0IQd%^3bmB)dF z7RkY|(#tr8G$r+^1iw?40hPCG7aO;o*=<_G4FHKP-mo}W8e{%G`77trY;N~Owe;nw z-=dg@L2YFrFFp=`_yoBpQ;4;c8?9e6vwL&+VMki*0wbnUSU3ysMwZ>J+-NTm`IEJCWP(=>!7N(=Eg(EGCNZ|PN+&ooxHB>mHLV8swSU75O8AsXh9om zAw>Y0_!WDjgnAcX#5kHIqxT-O-B@*LC#q_=J4miwHIU2VwqGZTDO~uFe3ZkAkW}`31n8|&MmOK2H9VY z)F_$%v8&Z9PSjBwF-s<ehP8exiD2JWEyM z5Umr?^UDpEfKoFs_VH*D7%Ypq0ho~VO0qk(9DnMS7Ka(Xi+Nk`vNWq6pl{aTD}L%n z%NGldCipJRKZSH5F#7R#$%7j+{U5Kv#qVLw|3GQk$o0yy*quY}RiTJ`gtUHFOYEE8 z6F_mq?+yt75(q``CB~L1im2PnraU4ENC}tq9$Z#OA7_dhzKqkk&wT!ETilK#ZQaXW z%&P+?L%_qznN8FEZ2WUq6=HUm_9Cd@&HmKJiayknfIwMvJ7=@pS%Gr)1_Y7#SZvPA zQ39gMAj`v^Hj-92hjvf8ee%l0VL8_kGjZ$rX_%6{A_N@$rp&c zHHtLiCtMhnQ78tP`L@GLVibQL&DZFaYG6PA7)g8Hqu?MCdEvIVjz*f}xk>@~d-0mg z9g*I2)%)}}9=S!*?XAxAk66Ok!=gy+A7){1h#9!dYJ2I2{svlIF7?Y{gX6EGfs7kF z1*D*3JLoj_V}c&H^csEmC@kTU@=GYFSNl`d@owbuRwBcd&HHuc9Oo4~y?wu~k)s64 z7~gDOR7*7)>~>}yUIcCeEsb6H$ZN#p1*_3u(q*Qf-1ALa;l|g{QjN~?-ZT+y_rv5$ z&|H9iej23LY<|g`PeB8ng32$=WC?!>duHB zs@?+~W89oyB$f`+0pbF8a}jvgDA`?k~W`uhwJ$^!bCejeUbnx*#GApJL62XnZ~6KcexAax?1sy2nVrYmkGR)!MkmI^f_FH^gH0fqn zyyZ?XsBdA&3zKN$qM(#{J)|1kV37M2FYmAR`BLMB*_X3e1toz~i|6vfd>6!hvF5{~ zmjf>8E+^gvVol{KIs4yf7kJ8{M4kf|r?a=y{6$y)Cd4j~nHT8F-s`FR#8;VAb8yr>$xWXTwHiZAxXyeTI81Qo^mTPwBpJD= z&+K;`3*v!Gu1sNdJeY*&fpc{ik0TL{TY+!`CK__qrbiAW{wLinmXJ!bIyosG;c#_x z2`dwb>Wgs|3acVx3ClZZ@^wyOPot!y*YV0gF9M7VCkCqfYhGZjTQw<>G)+H0VlACk zw1P`;A5q(#Q9JzCDNe40f(~XH6 zrlq}qxm|NmJzDQQzy9WFmkg})s`2kr@v+_~)vsBPKGQ(YxMOZEeIy|G`d6B_g%4n7$r&H^9FK~jLsE<{&kXkL>F=o=c-X;!yr`?YE z_P`{=94n>gEsR4D`7`$q47kl|<2>uzIMi)wuX+xEvj9tOPP|7aa@RRC+emg5Rk+~P z`;*f2CFzJ+rw$;;rubTdy?0w?$ zy}p@*@Or0wpMf7>i9i;+DGr}njYxO%+9+J+Bv?{>Qzp7E03oIL*$v8xUJY;_hF!|_ zUFk~^f0F=Gyy2_Hk+BB!iZ+xP@bP4EX*s^`un}*+IY9 zi20o(RZy!_wkLY_W_;>Fh>jb7P{-TK9wbmXit==$`8Q(?E!=@V8M4Oy6jLj`R~it7 z2Xb~>HaZKo(7r<5n-h3@W116nF;qIIZc*u`S(fvlzg72-rz}0_+}m!6=5b)^6G#wLa~(IWGi&qyIycqW^2mpkq6Ud%J%hdH5b6_u^Kd zoM$8%z-Wp3m#S%ZnX|dIKJzEkhUKbn6UP&LSHM(E|8@VT8^?Cy=u2OVL343xAJbj-j@{g0Ul<5T0A+VLa4LswL~C$$e}vLIU7 zr>gUu9m-)I)Au2lov7xy#~lCs-`|tU9!p1?E|WyLxBGfU*?SpG-IFML>j|_W6D|Z~ zC_HAkMzg8dwI>xEl{IGVxFE@ z{jUOi|4U-E{{TMtf6=q)(z$>+k=jC8uIW6CspJdt>BCN)(sE zN30y^fc>~?0K*Gd06k6lf}wl>2K8UN;UnD_S$&brL!qSu0k5)G<880dpUSMh;=VTg z1vk*W=#}lKz4rxfa-nwKhCAN!*Rc@3xXRy0suKa2ZZGfB-$#b`k3g9Qe*4lu4f$Z3 zy2PXWb?o0S`S*4C_rvh-LGtgJ;osBYzn6)BuZ{nIZU}hn!w%lBU3f+mSLF(2&y^4$ z&KD9~kep8y&Lq9c+2 z>N~(u9h1fkc>^q~|AtZhA6u|w5JTd>x(j2(>;CxZ#?qb;AgK8EQ0~a|U!ZIZ0L@>Z zGQm9Y6{c=#uO`ofji--gMgek!wR^qCc)DDFw(`q$jx=i)pvdG@ood`2rkv!8zg#?1 z=FUFsZ6s~F^5thl)5_=RWlP>(ws`kLqDxP6%kv|=&A*Ri0AAb~Ip}haAGhi6BYz)J zkU08n?6U_ziU{G_AB6BwoQ%(}mRdu$8V^)?x7fw~W|kM}?8&`Ju4ok7kglZ7wO7k+ z>;;dlR0*uda3|@-$(475R^*2xf4Y6}s%;@@S3E8XZ+AzvtiCZ*U?cCJ8*%{voG-X^ zmj{5(yfFPiOn4g)dQYCDhqEaBXX6Mwi~E0+p)uqSUk-Ag_Pvzl>H)9+7Szz1VU;mJoD_HI;Y}Is-?}1W$Na0 zmDTMQe#fi*QD&|PVvY4v#6vv+(H14E3dFlyy}ADt{xr%`cs zQxV3RIhX8xA1(^w9nOu0k_FObgS=uNybwLa`X(FoRKP>Cs{O<>@Pj&N8+lYQ>$1{ZnhDD;6gk({N{hUvLcvMsEl9Pl{o~|Bf7=M0wzi9)85!^;^yKnQ=i)+ zrD3hPcU2Z~^>_XU=gEa3 zLM^aF7d)&`{3F3N8vpa^1w76I8E)5~XMqhSOxFV?NP-G1O?{T+G@wp)%o9q`M3#BC z0hiT|d~%Rv$qr$R-Ss<7e!v{dpva|&qjqSjGq;)5C_|R%eV$W8nI_`iM|NnkYU>?z zWaR7StS^uP4e@hH`7dTKovLxI)tJJ=YMEB23BJ*(I3c4|ghZf4OLkbfif5yRQ{j9L z0dWdm8UwFPAUI=XT!@b497#ouQ{^kNZbUg`_z+fR5RZ6LZ9@(@scwhBxz>0Wewb~T z3BLRPRaiKBd}M@-CDT_|X;MYE{$U@NkPxR8?d9e5Yo6A3Y4M>!2|epGZ4ZZ)wPK#M zzBvB#6cC48sOH+hbgVFY?ufIqIh7jFv}!*1bU;09Ayno0wbTtqqjjJ;ZGOS(R8HZV z`9&N3T<6%rGP^6P3%6ivYJk9Q36yf)V=)XW#!FfrQ(E6on0q#*+bzw?6Q`TpGVM#0 z*Bq`8+us-VdPdRjsF=9k{h1!IKIO7L6J1*4RrYo|<{{qgQE}DWREO3NbLPms-=2qCXj|Cl1sx{h@ipjP0=Jhvm7kBy`CZGQG;o+my35r(Z+?2%SgoMbT$e1Lc zi;b(OHF)>l$H!hlYG#J5Y;R1beQmiSqBqcZzU9@>ga7t}N2Br57LRhzDz2Jep!>}E zB0@FWi%5w9HL{LQsmki34mSGPv4yqo3j-x@EhL}EF1(Ewr^bnxnoM4aiHebk>w}y* z|7=X;>G|v%LAfn<5}8AsSGlh~^%ef(a-)i@6(V)zg5#N(^7G|EvRCGv3Vq6hq)J0; zCtZ^t4>*+vn!yZHSvWyD!N%!fcaW?m!N#txG}7oxKAgU2$u7RD!Y;Sen5MMUau_+^ zC`Y*-DSd<`Oc;vf+0olIY1FXZo|qG~S7Nj*^s<`UMeMcCPG-#?&u zR6#7$O{05tD~9`78x(8sVXt=vuOj0@5F7Xh_%UD<=Se~Ng4hFD^cC<)KyL_m9Cw(r zfA*@{sx(*>-;3Y6I6yhoeVO?@D$uSmfP*cd>I$OL>nrlqrirg-X8st^`E?+%?_=okn4tPQCK)>agFk41Fkk zAe;uc6Rvih3bP3M?CcRH)jk_NEOaC}?SCpTow(WD5UQj!vAsKjK~BbBlD2Oz`tCfv zo3rU-Xg}Go?6c#uv?1Nn7a9^N^wY#xj8=?IO40J$C3Q}x9Mh9x-PBMhxtw5`Yw#lYJeM*e%nRP5r*UMRbm)^mhg z)o0PMHE^2ghr(Ht zht!y}U<~LU-PYSO@K1oCXi;`MLd-H%-weiUn#6D2a7jI^aPKEy{5p*n#7npw&KT+s zZ`|(e#w)sMzgCahMMs_lmMY5$Q=D6oF@X|lm7s24I{tM2q0hf|Bmc}Y3JUK6s*QKR z2o5MKp+b||bs{g+m``d7@5-xuRI~1Cve|q4y}dJ~ba7~4;^*Ua&$}uw1Ufx`Z)76r<1(`hhb!J{>|$wEd*`zd@SQ!M*i;~ ztdQeV>9z=D;XT2hpgS1H$st2$@s4DB>( zopr@}I_JR>LZ`ATEDAR+caDnZAW~WHfLS5Zh%r^CKpw70r%PRx@>o{PV1tqs2Mdy(F&L?q6Sid3Hd)*~FG4pYX7A&= zFuodRuXL|#ER$Ry7 zFkL!oRS$@WVvEk`KYGZxz7cHZ`5+f()$V75voO}@(5_erAD5fa?_WTH^z!Z2#E?(v8f8R8&kmaRR6O$H)73#%<+<2U*o z#auQ9B-J})Rhfv><$f>B2JCRJQ7;&aXV~X^#WU!h9eXa7W}KAbWvH<3TjPt{TX4xu z*YC5Q!Pp9uQBFkfpNZ>UvaL++dNt4r}eR&cFN*>MiihjZdo)^?QK2Cp^7_7KAZHNE#lCC zy?mpfw#Fnua56TRwe)0T9+#hi+whzrKeGgg%N=m=#Yl zVGpWde@2X`zJFlz1?ebLenmk^{&WrvKF4IYX|Ob>R?B}}c!SpR!O_pH`W|iU zp*|M2I98OZF&e*Ox%N9p>@MpVAy3$A!nkhS*gg;B>7$8goszem*;2k2-XrhgWmgw@ z(UqLOG4EAj!M0BNIq?+a*^{BPX1lKV4II!WA~n~Oac&!cl^XU1dj;j<5`#k9$Pw>9 z#AjA}<~AYcf_zyn;^$6|Kwftu$sLtQ-H$H4EZX>D zDNNkz(bCd81JBUXpr=(%K(!%#7*2lvqV$6IG3L_TZN4xVXaf!%wx*n`O2xEhY$dTb z85HsJ4>uG|`z-P+R{S!0f8m^Ocj}&XLYXjt0D*2fzR5#j6z)YlJ8R~xhxMgTCnf}g ze-(SN2NV$=eh1#I9$-EG$sHyg)>!j}w7>DMCv$!U6PoqDKIxPBItfW)TN5b9+ER%TB z8T{yR0GGD`Xmk_*KC*rNFVJHB5uW7VM=Jh;ZvRB#odQ02<6nngo+fwe32Lk#bB40~ z*ODSyP^_kbURzheX0Rytw}KK2yt#oZ(78?ODJm=cqD_?AK{&G`E2NzxQ}}Zd+BlAt z6RL{5K}SWCbxzXWG$vg~W#pJGXf~RX_HKp$Iie?%ulQOy-0Tf0>$U!zP5=efQxu*~ z*9cusnr*b};sq5tR+cQvGrx$8J#)%-V+8HCDxLFoC>+}B@#KmSk3U|ebk|h|K62`( z+-M%v6sLm~A@<9Mw#&E5m`e&M0Efp&?LK=T<>~P$8Bf;^?_ZRffta%n{DizvO>iOf zFK>7t%wIgGH>8Gyi+P3vmfGCAD~dXBk&SWdAZAbN95v|ao%irP%IQ`)gRn-0#4L|R z+XCt|T++AbM3ayceoJo}sbvYjPsk=II66NbuT(Y|2%Id?=pRy|veY}$*b7H}p`DHC z?6HF=9U20_vu5m73W#Sv#qVZXyv>~j+k*aFrGNN}v)8IA1T;s(^HYro-v@wMM}f;2 zs5xISYA4^#Iu^|)~@B=IvT&l42>VI5`MdI zx#0%FBm5ts&OV`1^M!IzbJ~rTei!OCf)vbUr-%rE%pn9m%?h7-y5^fSAfW#$+6=(@ zU^i3=ACV!MI9Z!~i$)CugDNS@s?OT?J~+jG`^A`c4R2G};wRCG$kxu2G z+pLo21+n{phGh+7&(j)nvwu-V;M!SP%}^r=1;=61KTNox!fDgtMjk{{6wxwo&B`92)dEYYf+`C~G& z%H{U&QQ8fpv*hrP6^*Q}*0$&Q=dv!fok`ESxMRkwejI$N&&q`z%?MaY#hdrn0*{K;G1#D{V!o)R1xh68TG&awUPJl|Q7oAIT^@8{y{Ujk20WF6F$9QDKZ_lRQht=o7 zT-5Abo~{}@#@`r~Ud3uen(3r>!hiiw2`NBD(1=jnjTQ{YK zI15%>a|sI|uwuPa ze|CNTdlp*%_7hCMaNJF31m@3uXlBYqo_H(A^e$f!9Wn{0LNkM}qEa^9r;WBuX_n$` z03K2r4BGT;DvrA}P@(*eq0(^e@>2Sqevy}(6miu|s6*U zOL2MC=`@T`?y3W<$iI-)TyoV>73urSj^=@HM1PS~eB4!+XkP^c)h%7Bls=iua~!@f z{wgj^57EzxF)H7f!O0Nff_~KMx#wC+>E$bVyXJ9HBE6VPTjm_yWr3|@9C2C)(+Cbi z2{UhXaMl2Z#A#j#6PhY#T7bS(gSO``5kgaxr_i?>QE;zWZ5`4VBL`bJdt|118FSJ$ zyq|)f;2d3fktj2L`pH8}((QtuT~_Y4)%g=3@Vc&P15;Ck|L#3!;x|xGAqm@DsI` zP8;%i2S8jJ0ElbxIE7PtEBReVaZzGc2mzP{8Bgv0^4^HDeE7zCefoaB zN6}EXc5Xte%ciZUh>Dhtk3u}9HR$uys>SpT^?+yu!>k^)FXL^ZTD}2GINx3G{BcBo zyxMg4%H1Iq4RIQhHeFL{VOA1s@TkI!A)w%(ff9l5{Sh>B5BS$&x>7}$UhzB0{=|Qk z4Stq3X`gN1@$~iTOAL?Blh~Wpx4qOo-XW^+W{9MaNlmwPb$*A4LAX9dxH*ofl7M4Z z$czEZ?n|jdScWW2hjUYB#8(?1swS)1l&@XaRW~_a_28D=EfUl3?%zkqV>D8RV8Rm= zaryh!V-A@0n;rAxFJ$xOxUx%)AL89 z(A1hBBFBVyuQH@8rpY-yo)9eau0{p_fEAJekxI0s^2J9CX44<$0*>-@sGvwo_jSsA z^p7Hqv@2$AExjhF^bUb&f+WnKC1o}2}carDEs>&+6Topm!N~4(?(iK4N;31n0)c& zFf$ms;ItM-g0&HIQ_})C4+UwU=EsaHwCWl)hQbdtkHKPdLxT#N-L>_m*+~@pJ3%|n<_#%DtIxC_B*fDMaMYX( zmzi$c7!o(cw{1Eh@7&r;D|!1D;gOazf>H3ER9prcUQmZMA1IIymbuE%!Kvisnt7T< z7~KF;Psl;AbdbxL4QgmgBGAys27v3yhfY`dP4Q?LQP2Z0leVH1hz-{ z@+TKUrSnKDYPICuP0L6Btc!Dl-Z}yqX6g0J8ikwk@;>7)1Deer6^VaO>ApYnzl*f~ z*Gc||^4{8n@krdBKllG(?>(cM+WYoTJRU`wi1eDHC?)h>4B=J;jvz!z=nw(vARr(C z0y#&7&~sFpNKp}DXrY5hPeP7V=|u&S97LKVD!7FZ|NEXbv*wvK>zR4hniuotexH>U zHhb^iw_Mlf%JhG}(N*4d)(frYz=r2mUXG3@hAtnU!o<;goM=nQZDrNBNrlXT{lww- z3!dqP2NOFISq~G24AMfti@Yv2$P|x36Yy$t__kJiAS|r!_m&#tsBlCv%r|P z3D6+nIU?$j&2 z--micZBqLsI+g;f2yXAuUu~zf_N2Amq8&dnZCFPfQw373KmxYWI#5zLll0_Pr^jrx zSo7$5-b;tkkdd?V`)i?I=P0vKzb^+(1+K0quE2*1FNx!bR|>qs8^t${{6*8MG6#Qv z$SXv&zh9v$?PyC&js3+T>QOOANUIv|9(9LhyRZ`sA$rF)-JIo*WFE%F&)_ z5{Gw;1MAd2nQqlX=RUHnaAwy!4u8Mfon>SRnE5jMK){&@6K)3F**BE|<~%EKE)XG% zZvcDRm2I~}%Z%+i1I$wtv|495ke5pyAKu$mdW4XY;tQ=a&?R4~OjRg|c8va2ukJOk zrC*o@u5l6btWdpAqcoV_OstdhE%p8CHeVXOSkXE#U!YbK(|v%SY2M6ld{pyt1Q+7> zrF2BZWHOskY894C@heo5<#QnwtHUq)et8+SI~y{YZU;5^-*|s9bk1$9EFWc{sTSkT zvLofeRX4j_@qIykOOI}_c~j$7a(cDryCWl*kY7RzUAf}ZZIL`13c{>N99(F#>1xo_ zEdaZ!5lNBoxxh+WUx0Z=UU0RKi&T1H)*%p706yI{?pVR7coBNENTj^=7Ba?E3e*{6 zhMTKk;gxB$SL-HWgLRdfG+z*y*%3Pvob<40wsRz%Xa$6}aW0Q_#z@;kwjXeZ%Uz3S z2aa5i*&_=j?yCjVivG2}7p*fMeFM3bWPdw^2(xBeFf_}8Sn=eaJg0j#LKP%gVDHv3 zm}{{bl(9$3gPd&@5~ZNdK5>~j$3E)$`1l0}20V#j&pS;SWUFcMjj>2RGp#_k*;A={ z5U>_76EA~W^s9nd%SQ7K_&jIIZgUFc6M?IO<%(QYO)md%gbmP>h-1{#Jx3bFQ zta#6XOh8@ z7-nBOq`3&JZq(?v%Rz|z3a+AMWe6|FF`1hBaJ#~hy>h=-7AQio(#zW$9%_vEpi>dk zJ98f@*UPd^II$JT08NFS2@Xm z_o`O*N-J*X1Z!nL0;G&+A3fxp{K+F7xtA+TGp(Qr1vz#nL;8Eqy#1z?k+_lrv#kdv zT-f#NxNbeoqTpkP;OhNkLCR$BIrjPvsQx|i8w)ZR$-BZaJ;K8;grsO5RbtMu9&1{z zgEu=m{X5gDs1l>YN-6y9_iu-`-vMt%y(iiAyWyF4Lbu8E_T2Rge+3r`gdaQl_FoZ= zn5M&^5TDa?eL+8YL^rswC)6cux~w}ZVD@t#sAxFtiSA_%7Rf|r$3`HogXj&g=JHta zV!5Q%xG%1t#|Leb+KR{zHl;g`U1xo9d02)2I~v-fuB6CY=F2vQ`Dm7gt`%dvVTL-6 z+*zl5RT^)GVRx_y>(&UK zPD^x0x@n@B8w1_fO)g5Bim46S)Ln#%V>K|YwP;0JBIxAK-jnWz^(wH;L8rW7g;dHU zil@ySbjb_AB{9}-waz^p`bvo}QF_7%E7Q9Irf(hk22^h;C{7yG+h{1>m<=aP?L`>w zj9Sc(_z{_%m&7)ZBiuF$ChmS!A(CVY*Z>@BUO#0V7+(}OYubmL(36pZJ)0(7Ss>E& zye>pbZA(Pv9?&YX*2_JqfQ=scW1MOfP5^8ei1ZMrQ59bnCd|g*PR^{OeW6l==bxnF zb+L`JslG@1=!g- zyW1gMT4eikqd=;5erfb8SJ@kbgVhiLtB{(q&yl&xfK`vxbTwBP?F7zp464p zwfwc;S9>pFuCmR^eT&~$Z>Q*B&`*ZSjgCt8@VS4X3Dmw;;ar&Vi%{&D1`t;29?^QF z=seji%QP3^{EID7WSUI63Yf*mJVVPc?K)@L5NCa!^w=<6vgaAlhyBqf6Vm%@qA=zN zRkzR>f_-<*6sbHA84XkwPAvMy7(ipa<(T5db8eU-&BD{=?$$zx54c?NTQ?3tg~GhB zF1Vhd7yerEjf=CdO*-nDuXb$hM}?_sHC3cIdPIXeOrE6$xz|HiJP)=Tzp?h>;1@6v zY~((%F3d*K*M;zJ!lvWH(FC8w&TtJGIp2FDp9Wk@*h#QAF*zra7%Ft*NZ#x+ zxcrNkE-|_4N=Cd0VfXp&a(Iu&Os#3xP>PkZNJi1g*`awN)LAk$dR%vOF3Sz$qn90e zQ!l98J}!7EPA4Hbm`)gE)m)x6N}@VC-V+A}O6VHBw#QSZ@87N1ILLb)RscR)6qg zLg2ZtzACIS_1a^wuDbl6Jn@CAP5L!~#=}2$Op?Okz7`9Ip}LiV8kXf9w!C)Ey`t(x z{1f8oqfxa*l5i#W@fiC$MVFE?uiL(9l{oq)8ZQ5G%|Zu^3c-jYbBLLhUnDbnl{Xax z!CXHfUIaTnk0Txb5+LorW1q%jD>2A-|zfoV$0iTUTDWP6Yp??&@8SUc*@TtcH42cZlXEezs%UNDdS0A%XZT%r7Y9<&+DwfT zdb9)Hk1PxKf%eEa?Kct}&jNdywN9zJrEwvq$c?BWVG$R*5uxnSnBUnaykKnUK=?zV zAQ>J@w>{yRt_O`2a!iwSpQ>(}sugxQ%7ZJ0E%kvjasc5Dlrbl=WO8Zgn1uSUB9Qr8 zimr5G4LyhnVjg;W8(jy|SYb3Dv1tS0#Y0+GM8V`#tCld@-17-J<=o^>6LjS56cBaANlUs7rIgacMI`iKjl-i zWufTJ8c5CFgUjGL6hl0`^Ow0lsA@1S=K<^(Q;4TBu?6d34{N?%QgGoJKgMBTy7a}4 z)F90L;jm-m^J|7Hw~|a`diBH#cNG}{KY2=)LoswVZ6A!0VW94Dg>dwaA%odfJeUB) zF<{y`(L1Q=KpX*md){TTZRCk3HWNguU!wO(p$YW)`+K(a{9)G&K);p%L*Rp>fSJPF z=VgJB=H&1>JrYGM;MZkg$!vznB*{s{Q|J$hUsSPaXO>-E@6nfX>l4 zyw0nMzX}Q;CX7VA54cbF5DOi2psfN)zujjw4Ng)%iv7k;u;P{WF~%TmVxxd?tu}Cq zHTb-=dD|@B^oCpJWPXbA4BV7+xeJhIg;C2@fe%dd6Pvf(OW@{U!PJ!sQNS3pQMr2v zK90)_%$$B{g`Z=e+Fz9DO0CFDgy6o7c*ALQ9A)RY4QLM?TK;SniJW@Y)7^E35~Q^w zSSzaHTAxLWTH*0?k>pJ!!>;ReF17hT@&6Pxv*|kg)x-G5pngn_nIO{o;ZP0%S1+EO z=DN{2wKg7=zlM93+Rw&|(C3uJvnehEGb83rx|~2%kzZ#fRJz;_?A9PC@kbx^o}DPA zc8Sx&+r>~H`dZ}E)2hIcc^mrG941;a8)o;6Bh4CD#s{MBfSPKL}r1ZqZ8D zij&qCOO~Zf2@6{&mHD+Viy$ryCZ3ws_dP1}Mtek)|4HaQiJ$%0ynDtNFO+%Ey6N|l z{%L}*(D_Y`1BKyz-MVE=rEah_It~g#FL48OsDG%R#PO4#eq_}(iFbNRXP{p?)6mI} zW}i2ON+s^qOpfar~Ei}Zk{iq^E*&CzD zMx}wk^-l*hN?#sV6sTuv@o$)#XBy<5UAo4JXI#<}2#z!y`+B6V1dYWc# zmjv0?qCk+2GUR?0U$j|@9BV?CzFm@gYT`J)Fm7;iRIi3L{15mBfZ1bVnvxJ{Ww{p3 zhFV8L8o|Y_GtPnR+xX-Doo%nG(=vn6D;baB*pk_Lt%jRlwh3nBn_otzh>HsZu-_QLz#T)r793>HZ7_;XIa;W&LUlTvU z`R6$1HQpGFIaoYHWHkxxWXZlbqX6$@hkNwCGDXDElWng|#|D$a&+9Du9J)uSLzxPY zLf%Ec&`EaEr9r=qBvd_F?eE4WiX*+G(>?*Qxd6H?(Fv2Is&7EzK{jRj<+>&sqL)X^ zDmoRoC9!VJ>pIBi$8zfsu3_qVed*S-ET5)XK{b2Tgl+PqT}Ce2k&oZMGgPDhLjsET zrwfU5tl2HA^BD$UM$`JCEduBPTc9%%2!G~^bjV#WB5OtL{btDp?S+l55A_fK75F;I z&f{3*KU+)JLBMZo(E&2I>V>%)f17rxXy&N)o-#tJ7e6A`#BVoq@Q(5LWW>w#qN3v2mnu?adhF~ise)rga^oWXep6D518>zcwdG7Wy4}=u;VmC7xTQ`%yHQ9nZ;rtdh^GStZ2nyoU1wsSLO18H52uv zP?5Y|-F)55W;RUygc~}&MQ%_p7p$#T1SpRiM4>q?A@<0|#^F0lCMjCS3X&w#N12Yj z($0?vGH3P>BIxpD?0zcCppSyeN z^~SXOoQ{UKYq~-eTaVh20-xgQr@ZUJQX)@`m zu0R6G1fX2@6(+myv?U?;7m)i@lFWJJrqPz$Hjd-L+XS_-YK?N}GI4t(86Up&EyMhy z_0tzBv;U6T^D#gy7e?cZxn=e;83+M&l=!j*LQ%pu4sisMCSF%VuWVQBS^Vj=9Co(8bt+XRcVpm1S0h4 zu4%g|3g|mnnPAdUJsl#nxqMOgMfK2@UB|2LdlU8#KN{~U$l^-}yPO98v6alIzYK@4 zB}EErZo3Sv&tRO#SPO~BvpK!5GRe2v^t`ORi=6jc*#%L<5F{05V5&^YK!!{hm-DBY zwjr_npO~&KY3_7gbrkMZa`=e2O@7}8x~EaqLtmXA1s7!&V1}kWmY%0;ohcR@yO|Yd zs#q1<)|EiBmIB6Weut#Nk*uP!m8`%Y@6SA35#CDCo&NSZQUvIuNTw*vk-7ycC!S64 zv6b`cyUpNzk=?)eW8#l&7!7-loiEJuyk`e$U1nK1lo%+hLUd876{5FrdM7L98RM3PWz@^ob z73}ZK-L$yf%w-XP#H@F9Z0?wXNw4l;>AY!?y{6uu6eQXEB>KCp4_L~)hf-TZNSEDu z7MENZ^4;(A+jkb1h;K}d`8zk;8av-a`NVmu=fc#r3t|+`_p|4;R3B2-IunqUnWK#` zqbuUti*arah42?)AVr8bC)ewuY7V%yDxL0kBr~GE0gvv(JCuFUyTpIoD|lUK%pePq zj2tNa4#!p0sh`g7d~bSVcn(@EDNv%W&de^VCQ)o(;}td%<0+^mz5PE~Rbw50^zwY* zj@@w&=KjX|+`@hs5qR(oO?G2z4b}=6$L?mp&&@>oPk+Oo{nUHzp3~D$dOvw?CuiG+ zyqMulIjdI~i7H9sEz?vP@NN2`{wk>G#@`pouTF%v6iCbp*79c480d!$Ath7!L4Wx- zW*>HPCoi7rOmdC*FR6&bZc7|b>%Y7U3D~prN>pmjCa4Ln# zPH(iuMR8~8>=v4R9<&->l?baK?`D}p;_!Js#_e+{%A0UWcHxr-?xbOg0ZV_`nEjI{ z&mh-mK*k=&zyT32(dPT%9RO$uI@SJ1xx67v_)P#a`35SLhq9B;akHLxf{t$zoJXt&JNJbF8SA0d@-*EkDSR-JHam^#E z8+gS$v(_eC;4WqmKvqxX>6QIzcR~NkOfusue^f0>??vNE=yxp{(TOXX3#BW1 zw7Ja?GRs0cuO|+zRwCb$9dfXlSO8|epALXk+B@NW5g?9;j{lvF-#!9Qhkip;t3eSN zFXy@Wy^kLxtvjbO@EQ7AqUddhssOH%^3`8d}c(*fGh0{=i-?SF+ zt4j6HHcjKnS_}JHVjQ)$=6MnfoHceJrczYA08grGM=umm*Cz=BSoe8QdcG->_U&Jg zPpB z#qI9PFGD3hesGYGz>hc|yYiOz^Zn~r9q{>n`b;6(u<^#fAWwQVX&f`!z8B9O^VJFn z%R!#D!j%Ep9Kq2OuoN%W37(XK|2m}qpCKlWU--%6s(c7S*q)Z~us;ZJ|5ajibg%U% z&(VeSKMaD8e|gR2pE#7jppRO(XSrj!hq`FcGN< zKv5pwQ=#33mVFIyMUn#nRA@QotIx442ZRKd%E!EVl=a(DHs<&$Vxb9cdX1jI(Nd<_ zM&`M~HQ1?~J56|G>wLX|+pa!Z)N*Dw_Q(R!)2{2bQDl0nL#C1UbHIObQv6$z|3AAd z|IH^A;@GbA9z3=0co<4}FH!_eB710MJh#=jvo+9_TUbyRYO0>wfqZ+RuLq1pY1v5J zdt_I&ITj$){$fs2uPXhSZ`7MRkDZ^{v|U$kI)nV=%XV%uh>DBc^Sbl=1wD;sby_^s zSKgI>R@JfAa<)t+cGDi6;8N+DXk4-o;Ncc>D0uzTa5+Tw)R0?gZ%dg8P4?b?R@Etg z)jP(MM4w!=)BeNKkebOVm-4udffYV?uppYC3h>Ts$3>pv=+2~w26tVon{xm{h50v4 z$J6T1&RHWOEDo=XM+&=nEZR!cikIHCgE=mY=~=?e@S+~*9Hykp?RG`8LQhz-N6DL+ z5w&%xETrm}FE7X2ymlqnnwU+me6y0O5rTKigHB2z&CxZSHU$I&BlG^SwI(bevVz@>m?5|*x5}=ni;u`e6s4pi{scxM)65?@15ZJ_>5sDnG|=uk>vI^KjajA=|sKc($U~v_@d- z)X+1fim-s{Ps=haj*;tIz<;pBtWM_c!>;tIq)VF~pGoy$9>u&H5&!pFl6L}f1{(-2 z(lB=H>M{mi4A^Cq(QtKbef;RcUHVl8Xe%OZX}oXs$;(KN2{F{;!hyzk+u0@1K4h9Z zS5yh$ZQkxhTp67E>N>UCAo9rKS5XKAI*zPod|!6YtNqhGiFz|YILOgJ zb#lF2L3}*}Ob2nPM+w{HZ;rLdhTr9{{^hyzOTQ>#HCob%H|k`~Lfr<#YEj9tiPIj_ z^`_!mZ_@<5z0MQT%Fj(!+Grmr{Pq9g`8xKa3T)OdftMM{9mTSc_*4(X;Kb6&3GcTY zi`6o)HuVOa*kJ>Di;KW6z4sMyi5yZR1h=~~_uXy|W575S5$+2{I~ruWf7@}7Ju=+q zosRpUXgSx~FZ}mPDvA}>G5CO8xf)N!zDwF~WEbtUJWCnHp6*rPC<5ZF=Uc0^Kj9|< zSsNgLRrs0vmEL!cdqL}dTc2nsR;(3&+AB1^W!aDr{{jWH{o`pa?Xz_t(m8qiUtqv^ z#IJ5#7=O*c);YDzHd5VKY6~>aD6{6|BLrOANkL9 z`OnSppNHf>Z-)Q84*zpZ{O4@^|FIxA_Je*H`RTX~umkqnFFU!jvs&Pgc;GV3U-(g? z{lq2rI#ktHLW$({JofPGz_lu`=CT8cL}Gw0ZJ@IHv(S^2LB z9^3yN!Sm)j_m8_&u)BWy-*kolebM`W>8{Bv0w-%3oC`Fb#Q)@}-U{Vec`7^z0kkUc zz1qQ$Q`pstic`HJm>6K-@DlA1Oa~fp{mJ7`S`=jvD1CpVXk&3Jl3-_^3hDthdX=e6 zfyiIbo3fV<@%-pN-UlZdJ|k?h7C)T#+L(N|vKT7kP34x|JvIT7AHl4OEdvM(waal^ z0apUUJm4^H0T0S}sJjalT!8|n)`AW;qVFAczYXAHg6++(khYojpFHjBv|8}TL0K!* zE!5J%yVcq5WudtjtnX<%FcbP7>z0wuMAhPk()x{=IN2vXwhrA{@2<5^|I55;^WXGS z;dL-l2YYyvyVQI9sEy0Z9X4;qQ^w5cn3PL^I;bX&j02;cYA^w_aoz!Y6&O7RlHJ!-kGC`ZE2RQz=+cE*}R9;25X$7s`c9M1q5O~BCs29Ed$YcH=R^Q-CDqINscTkeC2-Y%QHndlH_8UpSdjl>r zU845k?sr5-iS&g5MsS_Q;MZ%j=>j5;8FC@WGP%>P_eu8$88O!j_b4)1Jgwgm?c&-ljb#I z2m=14)0G7Z0$7xf;;dIG=Hj+OFt~uYV^J2mkIRod6hkXpva~YVv~tbgl}J*|aUpE1 z)hrlSXaf9upJM_1KHnU22jdJBX$}75`32pNkpsd)YTm7cm=@vTn%F@Ry0;d{=IPOL zn5~ceX6Caz(i|IPt4&#J3$V()F8XFpOV(55N}hE(#?s2ITmcC@tp7b~Piu#B-tGOP z3O&@)g7g#()S|czx>R~#@}WmT#}E))RVGPhp>FrM#W8E%EMkRUG)FHZT{Kf$>b6Xp zB*nNCE9?)3|=Pc zoj>&e6zGa!g4q*)!i4A(IXdcKUYbfj4*T zsy@Doh!s@4t|TCtGfK#JB+n6wrx|Gj2HFdM+iJxEU1+Z-(iS+VGp)`*DoASBor@Ig zI}Xk2_0Og__uo{^pxtCIU<{2*Z;J{Pz8%~2Q$>z6VU*#fgMQjE?znklc%HK9Afq#z z&-U0}2~bBm=7ekUcvY?}Z1dtyx4gQcZ*j8cvEsGPQq*woG4O@=2zbO0-pOXS^h=gh zq;o~N*w@u#E=FMS588xgr2H33M+Cqjkr3XAE!$0mY+c zaN&VyrHEW=psiky7iQVIztq1Z5G@E7g%Zi=Ea`Zmz|JBn65GUNKxE8dsgtBy9ZVJoyS z&5xlinEo7NP{pLqmb|ykQDo?|b1QHdED<}XN(^!OwESE0CAWtHd;}=s5+R*f$UQKA zPtciQ@z=W9JkGmZpvH{Z?kd#V+=~&+^$`#%z4;8KK^v}@TGcUr?E1X=t4-^d5P$#T zHx3E6^)8O+ffAO^fP@YazvgZQyGMaB19ew*x3^?nO-E|1m4=4XL#%mS+I=$y9r|xJ zEtDF)o5}s3(x8u*uv0o}K?8V6dDAnrg(v$XDM$`XAgjPdVhq5fjPB_Vmm`{&52**c z>D^{wLN%lF^V2I^5>$1K2D?(D`IW%NuJIQ&7sYK#h$i;h-)pQ2OhY|q>y5??tV+HU zwnO~X+N$KtLY9PWqVK<$waLo&x37EuD!{~UngD%JX|LlFS33;N6%K(qi+lWq&aqMe zkpPH)G;H^2<+OeKNoG(0^=184&R;4Q0<%lGmcp!9w7gN}5|(M!BX~84?AEK)&xitSqJ|hc zQsoL0OwIi6 z#+-fSD|qgwew>MbU9Jw<&pW6AM9xj$)(Xs87V;DL{WB?{W!vISR9je$_~vY-+*u-y zI(=||HXM1~Ow|J8T%cmpX9k_RSC(j_7aRQQ3$60p)34n$-h0T#Z=aYgP-8i`mXPaK z(>@Y9O&)Li{SKWeGgI3&v!0$7`oL${h+-8}X6l6)L@hxWkW8*3_*?N*Y+8ySOY;?T z;yzfqNpT=aEGFYKksV|Mmz|1332d0=;wtP z?(C#DHIsdtL|!xjGHu*fB>lZB;ApOrxS4o2vwBlzya^jr6(VDoyG*DFO-vhg0X>st zzP}c^c6^_Y7nYM~zgswI8yyp^_u__y>>I@zRYf_=L}L#y95U-cm4&cPRp{)+6pvV< z<#^0pyCogFMWy98M$g(I!YFZ{JV_y&DvZ5Sy{S~9*fVHBm`lBZeF5}F)}1n&NBO>| zs79*#4`0J0Q}_QqDhp&yWMfc9xqHcK7A!mb{kG&}jwR?m$EO?UJVk%?M4U$JQDu~I z-Il98S`-B+3zykOI6R4GfY$kq#QF5d3)fy`Begvz)RQ&KoHs5{*6(b7TnJBFJ<4@0 zzA@fZ+UGpXesu>o-^{tIR+fws$|KV^=UR_S1GYEse6^}l9UBsVISyG&D2%ri=bs@I zF}{?R=Wl&{oPJz4XZg4e`DXBdGi9dVFPgtJj1CsW$%9ErkGOL`d5+cVn^}0zz#JHM z8nG2J=otFPO8SvMJ&0Ncq0OaevvW?a56WC!5!^FBzJvistTwABIC@xciTrA6@2IZJ zZs#4*;p}9AbtfWzSa<2iP{5x=Io(=yLnGb-`Wn7IjS4kjrq!m_ z5IdPHEs;9EHTA^XVsq}P{U42o+tvjQ6{J%FN}S$AxgEHbUM14mZqOg~h?mJ>0*-C` z=q%$-BvF{?FMm48>xl3z!h^Y*OdA||VisfrR&zTi5?G$JyS?fxS`G%3DDc@;b2NYl z%rcAXJuFgY1V)2_KLs=_gJ8;XNK6ESBy19K92wTx`nYnYb<7GD;JWCi($$dDeDGe2 zT6!5FV$&UJ^#Zu_FpIFm8j*O$@3!PNst{nYxu;W{2!wXV+ZUeC+3400_qP>za!r*i zTfhX*O_#J#gL5NthvxM6ylwxyeA)G_Ho#&GG*F8I z*)&3&2&V8Ed0lJCKcog{*F!lXq85C`IzU`G;+A5c1ovw&6Zhys| z$9HS3=JHFQ^-a3?XaE)+JMa9-ul#JBzr8bS(M3@db#{Z^=w?}ZBd$?rC{P@V4O*Sk zb#Bt>KZ+5@)n=#5v@)$kt9)|h!MnD}F;{igIi~I>&qcB$c?g|z*EfUC8Eog3mOJfj zB}(&e5>pg3yB;Ulm2O(jU#%x>yJfJ!&@Rq#4X8<(fgIPzOS_@Z?$S<1g#P5Y!K(ht zKuC)W*Pe%o6T*BhrO&Mo$Vg_STnO%k%)sRV@MOyEeO5h2j}V}gt4_5=p0TXi(0Z}> zp`n%_TObn`fD%dHH=t*b{q)r3h%V1u?r-@whs%4VgcaSa^f;4{7f|G@GFO{3(g<;< z-H5GmBI0u0Yy`?1l+xsc1c#BtiQ^gl^cXir@HIc;^lJ2o)9Bi(hS*kTY|DoUjynDn<_3U{+`CpE zm;EwMOXw$0I7Yw3%+skLHiWYx6sjAnZ0V8%g7jG1-xDo+YpeOwu1CPqTg8&glWem? z9jgh5tyoEZUjQ%a<48u9DTE@4QJflNt!ciC^z6{h5NqkOHL30ArvCplig#uUna2k_+vnP=-dBM-vmrjQQEs1(P`Ix-N=c9#;C_C`fMrXC z>pklCP|gW@HQ&3)@Yb_`RWX>N59WeF6)XsG8DI;Aehb7)(JPtsmZ+(4*j4lmwx_JN7bi$CNuu7f15j2KE z_ZOt`TJ@f;9lCi`7IG9Rv=d8`_GRA~m~|n+;^dmWa*m_6 zw+$fut!Xw2n1vcVgYw7LSn0#XxwF_`dJV!rQ3`9FdQje!%+TVWU}6PriGTn@>wYXr z0`M75Hk@__(H|uA$Y2WOZMRp6{Kuy11t9AkIWdozL?7Ae+-@6*fN$JNyX23nS79ur zm7g?*cGld<_w^~4)kXSv=eZ>e8*B!2u3aI_d^L4mFJhq1S7tt`y@r5J=khmIA(tG7 zn9WpUg5$l>FN^c(mo&AbVl=mj4GJtE*gx4v%aJdV z9;`=-yNER|m?m&hf08`6oU&@`-Ruk1j4KUf(3mHZe~#4p>xirR5?x2xCMm+AStC)C z^~PNb?@#)B%0HMHn2H&i8@=Q8!HJxtF87fHKBH}s{Sgo{{46^RJ@wslsyjNMAv8s{ zofUKs{u}y`67La|)}YwJzDvNat{ewkDR8Z~tt%%(MJ=mQkx8Ft(yqi;+j~MQ) z^;fe!Krrc*T7qN!MX3Pb`ci|c^ZhT|a3ua-ZPCZ#y79Ax-f1H(G7&Q)?1fUKx+Yv~ z3&H2o8tf9KGK9{sao(6gDi+TT!-+1XtRMHkhMTv?ed#iZKu?dVebg7{Z?3;rnNG~C z5|_5m_ji0!p-12@{N&+{6V3v&>h2aLev{Gqx1%zN3A&`kKXFU_QmYRQeWwt@{_BVOx!4^eEqNCbvYXlnGvRV9cgjZ8xwDDD- zX8L(uf=`38sL9(jbpwf>DiAyoohGNipA+h@XM=?I6yBh&s?JgdeGd;xjSwfe?=+S3 zqSZyo29ElD&Hnl0wxTK@e1B9vp2^c;$e(yLM|L28Bnf1U=?=SUT*|Ze;Zm!{R_+QVgZ2 z1SZ3q^I4r2$5E~cT|PIXzhk;~XqqjVPgl07QwV$F{N~kBfz87K|3(%WN%hs~OpGp9 zN)NzQ=6|A&?#lYzOAK?>4c-CQlS=LGnS--qjk93^uVM(UBE^2%K%#h!^(VXx2gw2*guEWW?vQC=W#uQ+ z`v(^bpYX6~S#1z8Fp4Zw>E4P3i(9bjt!CNF9wIVwZ5WJ8VOW6>uKX*uzRH*}Wj2R=4#m@9+~Vjkt~ zz?DbTIf9jsc=TZi=eH+R>INhyM`MO+me-O zE|1U`wYo1hY%G=MDpiosF_gwnOS@^YKQ6LSnc@0<{BFyk?1*&oglJCT+0&0w={4`| z(uW3nWI6?J^A|=I-rDeuo*}^GgAXxx&r9W8)j9j@&!N?gHRHt_V|v#~0$CHHE>htq zypk;)7s5a1S!WF#@^9&o{labmrJr?ci%hXTKJzDR1yILrH@WW&$o}wG1s1Yt1I!xw z_gD}mF1nvG%K>>bG8M&s#88MDk$eDyfMWyt!u{DmPVIKh#WS$yyaIFA5 z{UjgzmPywDa)uHO(1MLuQ#Nf1m_BjtVnqw~-tLR$dH8Q1^zSZ0jTUzT`pRfwT+9@F}le$6wS+1)PuxG)w&Fm)@v zeYWeMExf}Na|w@bZ_L+zyx!Q)@GW$u`gyCX>!7pT^F%lEKSb^iw-9lIrn9VtlGvF0 zJ@tYT=kJwY3^cL4et67UfREACIr=;;+yx?%OAY|gv$Qz^Sa*};ynNH+qMDp*{8Xn1 z8RTKoQ;Z()mGzpjPh`l8_IG_ICe)#QCah*bJtc}2l**R8| z3QCH|{5zYOqO0t9oc}CFucobFcp_4Q{r4^%Z9 ze(P|*c>SL(n|5Bl`_K03QbLMXbxU6h?D$&x>3~d|LQx^UxtBkJ=^Nvujv+spirL24 zCMkT7)8ZZ5&>K&gStQUzGjQ_`=e6G0SGj=ShocAAUKx64jm5}p=9?YNhO9Qmtyu^Q zAVl1qo}H|6F!(1$`sgXgy9&KI(GO`ACSy-yWM^O&t9WtD6;^uRbB;qcLo#*uoB1z> z`CP*(&b9h~+f`#!wSRZaEEXM+_C&PS1k7bf4bViiz^Uh0^kOU^A7@G){ zeKfSWs*K5eL_asi$J_{NYebjQc=P>O#qk->n~XW9Q6&s*q_*+Jk zFwv4rSzbBDQD%Lo^uniB7{b}O^hbk6k@R{ax+HbXh?3Zl%JlY*EfW|@RC-(ooF4w} z3M6CCzt0xVNDOFO|8r06Q+=x~A1^z~`JzizH)4yluL_A3^FgV>sG4Y?F8-b_;3n@`N(K=(E;1<$c8pC8PXjPeVU z7->2vUY{qIB{7sUF#bd!={jo{XYlK6_wmST<&5)TL-Q$$s4%#E?>rZRPP#J9D8Zh2 zle~IlOYunl)G;YaHZq-^x%*4B7+b7qrWvpnf;QLZ5K1=9T#c~NhRb~ zdTyN^q#Z9(H)>D6B%eKarR;b5x~sSq>nnM7(3R#~eqJmDq?tU!>_dVTa`3 zj$p&X9VtBdr7G_YfHR|v$V>Y|Z)(GIsA~6Gu5L`aePT3;qaU^l@D&c_B5M5_0ctkI zk7X;IRduyCT&~3wy*}b}B8NWO$0sL)F31~-wz5QIvc$ZaAUE9HeVe5MP4aG4?F3vY z^yZGp#qXzkuu)eqq5#P862J~Pq4Upuk90)!=k{N@@0-4!hF#a@Vu#VgDcvWri40X+T z*zG!^i3nXtd_Z066x`CH&^KqQa70t%_Z0>sO>c8O#MIuRi_$6JcjW%A_1nLZ!)($1 zUZ~y*M(_b#*puVIQXY82iK_uN?PO_PL$8@fVdQe@X^g`vHZ6BGdqhhd%}=AGC^t_> z8YJ|d4^BK9HI!MdsziGto2TgyzvyzWBQdXqGb?7H>&B()e1(qp_V=E-DwEfx@FAs6 zrHzv#QJn|w3VNcc^;fF>Rn}&s+zSm0MFlcSUq%%75kWSqy|k^g+#~hDkFQGeFWTJy zG*3t+ISJ&?Ws%g$+JjRx-%rR&pF$L__DRj6p(q$A?UWOGD+JY6-trPny7Iac@D2-O zSyL-yF?NS=z@OplV-_|c^#K4Eou(C;93!PlB1ao_lI&j%K-}24)IE|=aMx@H#m<$Y zXTKD11lCmgJMbUtZ4)OhWQ*d=bdWjo}w1*h{I~YYE_M1uxZwqC+23RFu7=mdzDMTD~J`f-E5CtH@t#Gt0kx zsYS@!YK|KhK}YmVT!?>^K`VUf(+D|LsXgAP6WmE~`5A}Ez@COFvV~W#gGx{R$eaV~ zyf}RNBlEnUJRR`g7RjqgYTiDKX~sNx1b-5^J58V6Csuls&A__EfPK_ZR)Yw6ioW;t z_gSq7Muh4W$8>+I5QN?cI;G;Q%iv9dt#}$S?SP9YU}%fQ@E2$|6-K1f);swXhR}%# zDN6cZ`4_HF^{9&x9Ha4@d)j*{-0xZ>N(>#BL&6v!bKJ3K0-bffHD>zBV=AT7>2*U5 zvZ6ARLtRL1q*}mCN+Z*@15jhrJb`*fUpDtFTXJwLhVDaT5xiK{1xk+@h_iqvMP|Gz zg0aHC1T+kN=9-^Gh4so!-9F#aovs?*x(hzDW^0+fR!-vHGNBEwaxqp=OfHi<-L z%*@Hy*QhWvNl49P>54Jud%ZuO?;r5}{_b{jGv>Np&)4&@+;h$X;lIx(j9FiuGWsfn zzNKYlH`(pv;6H1WAMVa|CSIT1h#jgosttrh;4UqE80hcxO@&NE>@yfTI=b}xS2Fy5 zYwUHY%OqyE`XI02oeeFjn=F5yBdX8+SZU9@1a{ZYCTv}^SDcw)wCj(?mHA1j;j?Jq zIi_i(EDdgPL-fv2hN!P+DCBBYBai+q)}^JQ(9iBkUnEsO1wgohJY}3Xrza<);f-K6 z#_VtO1Fv%a+`i6swf=(3q3RN*GPV1D<+dfFW*-gT#)UsQx1GByJ8Dqd68$VTL^ju6)sCV{@IWeEXf$Dc2HJqtV#KFxiC`4sg?BxR<29$F}cZ?Tr|hjF_$s6wjqHAP>nP zcy)Lxos@q5vw?`ar|+B4a*yyza25l{g1)jSf zRjD`_;LU8kE9y%*D+tEyFSi2nzdxS~?dN=Xvbr@PvB_7NZuziuwhjp^4b5gngv6C& z!%OGE5;o_&h}5tTa|VU2%x0T}kbDZuO;Jp;w0$(fy|#=MxvIAIBTPqD%%_up5GWXR zi=E?mMKwQ*upx4Jd$_&$N1TX0GaP_8;8#*W%#&EhNk&`Fm?s#hyRFMoHi4ybBdCp%ae;g8Z7)COT6ZjZ zr0nbG<~I|~^wT*By_T(kf6g{GG86z6F%p80{ zSS#eT+Cnl36--WSHEK4ZDSoaVU&;KsL|@g(0m(9)!{4|i_&ApQgf!TTbM*9kz)wIv z9&lZ!<4%ssbpiEa&*|CT^E08CW>fSnd`gAA&;Am z!u8ygrLVLhHTN^@JH29BZ|pYM;8b;o=w~+&vYA6}M4`mI_KxOnn>j6dTM%=pIg2YK1h-DV}Pnvw)EXjRK+@5}=qrvuoC}H<6iQ!c_sA zngsv`nSAiwHO+^slko)}SR38*Fla8y_xqE6WqTwxA(!TK{Tq)6`gG=rky)w8VV4Z> zP{49z{A{d*bFU3EJ4Zd-D?ZAM8lm1q!Q))X6MlsOWNX%v+QF z*j~|2?cv%J7vF>FL$o=e-v{90@*OR^n%Snm~I5SPs!Q#$wt+Kl#4Bx}90S}W`eN!cU>F@#Q zoc4LOr2eu+*3BIxcuVgsZ zB2hi_Yql$v!(jN%xb?4_Nv$KprE<8!dX&Udp)Dbͱzg3v$T%!i3er{+HVNj@g~ zX04D|9>h!=jRWkRZ#QJnSna!OE)6C^QtS3&xAgM--UU}xg-E{Nmh6T@D`h?PUVp11 z_eap4UDkTV*06b86k*e*A#DHh_nEvkvu0F0N(fn16ops2+|%J_`}F^&Z(;`}2F?Tb zm^zdRIWT?_`JRa7oo2TBQsqWA_E}$DDj2_am3(n8Rkz4ZeHJp6<{fV`N z)7joXV~0V|m#f=NcPgvHt6$9j;n38Ydq;0cL_TG$_m)sm!=;%F$1p1?EaeK`n_O(> zjwF~O^Pcv_mL+7jG>yCzQID842*vZ|m>3{OPIv3h3p^F!j)^!-dErH4qU%BWbGI@#M{ z&QcMxSQYGrXGrxsJ0gk@acr@V%;&pec%M|?SF4+zROTh~=kJ{4yflqf#ckhV5L{bV z65!jwyTXyCOvs?WdvMQiMlGc|za3citlqyBIViPxSI)nRul0=Ukr~;BmcBCO^zX5K zV(y+(3?(0|t`VYN8!*?}8`a(TZXwfW!~xz}{v-^xAmrJ0qI1fMMNXb8iY?~u#hHHg zP{e89Q3B=KJ9SqiHG((8+;taSDJ`K1&Xy_exs;D)kz=acpQZ{<*6VEUHeDGo5ckn{ zi&*`3kf0G13v96TTr=R7`ZA57q}bbu-Fk%@xm2qf-+dCdxX9;w8Yw2N&m0p!%{M~Z zuHGtN9fPqlXavp#_#)5a3BaiGqSrB=y+GX4t%{ViI^eXCR^;&Ocn-ebww}>I4-a8( zd!Z^q$3|*lL~D&iOr3fe&sOppQ6%}GD)vvN$VF~>o3_MX9seHl8}dwVM{9PHWN7tD z##Dwjb&9d}i0(nz4u}-cT-Ykz_fB!4{1{jCk`HbUxyiK>x0D#+6qKA_^^k@+T+WEu zR(D4^K(Hf0A~V7{^yc06>F>lxsZw84)Nd|p`=^pQfDUa%tUtL8W5Qj>Mv-<{FBK`n z6-KyX0yQ4I%1R96GhgH<|7RX!LHy*iT$*~HIS4^n+SKj)+g_dd8r|?PrX=6-oNpNu zHQSUi`ib4(Y_ws6Rms2*&BsiW!Bw#uvNikf25ZCD9UXXAtjbGG8;Q*~pkt)F(KVN) z77{NqC~YGdCv!S<`Xk==?c^{sKB`o6qFtt0O4&L8H+g!KUg{NITFczCYVE zJv{%dCNHo%b=WGyJTrIiAHKjCf%gj#57s!^ax)9|VxWT=JeRf!wnnwk`!6XF;1r+C3Tx+S_IUjS4(zDF9~V`P zgH9)(x~}`9Q2a(2?}>J?P;W+3F`tkPnmy5uS6T%sX0iUZMpg2|?*HhU`~8YT-mMd{ z6!N}dnk#NC;GzA3#%}l1@)fONU7BxrSZi*YwW|B3#U@miSyFyfmvTO0t4EK3NWL6zp4mh#W}FAx45F`zXY-S5pb|k_Ew*riym! z90Lky>|xwR4vy3aRN8Xa!1jXfEsgb=e)%SJru`(#4kMfZ0uX>wm)UUAz(bO-sNANS zmYlBZ!ADgg-~Q*JXgS%axbv%>@P$ zh>~Es-Sr(uOP`t^tg6=VM>oCp?>B=lF}r+zAi8Uv0|)n|wm@~FR?`WtqWb1rGDbn@ zacp57&zYN<1)h4~wht!@+;8JK%(WDC2gptu6$;%nkSUR^uXGul!vwY6OiHMK68y*4 z!N+4H|L_pvepp8H#9_|rSiC^-YMkjoQPrm)U7*E7rLI&9ZYeLAHXNeiL14&{KH#BN za~sy+X*O4)@>0Omm6D9{fW0`LcEGs8+b5r#PTSZ6W5fD>neRh5Li>B6(+NT>J5Rwym!U){~%I%kBm zwv{bCT6)vE6UQ*F#IfOyBjnOL<=hXvndh`RyosRl zxwm$tJC#vf{dafbp$eKeBKp944EI`5QN_MYPPg`wUGg%cVt#u61!<*j;rP4%JKxbPk|@aH|DkPyl{&A&w^{@i)feasQ%68eCIP`=z2-N%{AdHLU3o36Oyn8tu&qJ z^c&P~$Xa`X6EvZ5K89n9(Lql;-`!I5a=g;Gb-kHwVJ>@*#D+gfU-w;{oPdciIg4aG zD29}+_lCJtvcC0|-BXV{_~Ku>j)sTHJ*KW04^d>Z{%X`bX)bfC9`aUtb-bJj!}8B_ zKa%2^TE6sDVT>#{#A9-I1p>^_?*@wT^w?VZ^WWZj0~xH;(`e_z-#I$zwJ%G)IzHnP z3k%bDR*j5$)L9BVFyv*m^FmNu6&bbT$qM7v)41eTCP zL~eRTQFPZb9F2Y9H#!oOe4gNiI+~p0fAD&wkgz}3WM?SOHTwge(0S}n>A1@dq;7gT=cmRzWPHO!+cy`7I^*B%c)Ow#q_gl>z-FbUQ)|66 zmu%`@FbYWt)?ZSbmdU92064ORvxZ&=bH=g8&%&J_S7S^_bu!7Cq%oHN)eNtS=@Gn# zS(}7(8Xg)*LcDt29}~y!jYiUE$HD_;O&O;~! z#Mw=adtrUXPvTf*U-o*5n%leRuMK@Y1&-}bVd8jAjdicW?a++>JrSO010<(xWo!g$Kxg$Tv=x& zSrLO)O%-W*kp-PRJ#?{ys1VQy>d+0@$U4Ogz9mMh^y*YXB}`Itp05VvvTD*TW&hl@ zI;)NfJj;W{v4s`xQKBU_^qg)!Gg&^tbrdBm=Q;^}jtFy5@IVv07qx-7=M~-G7K1r1 z87KfJH~PF%BLi&Ka}F&1u-DZTtgfo=Ty;+DNvpb)sVEA)7(q-%|UZXZUH*D{-zlU3vatNflci}U{lWX z$J>E<;kWWJ`Rn_)76uG-unDl^7(343!-VY^GXIPmG5Z&eF^N^FA*w^~6U6eaYCS7u zX`~7OZ-?(4$k}TpIN48s`oZqWO8oZu?I-FujD9yW2^jd3X1nsGA;ztuf z5ktKk(>%%ehN7U*GPhT=kB6U6QG@Fq7RW<p%Xw@p4Y`e)Qxc0!gisTpX9Xy|9I&iSLOvD+G&ujV1i-An1QbhZl zB|RFf1pOibDG6KrA}Gc+YFahjv0UwcmKVX0&!@YA=id{fLM=@#nP3g}Ktt6b#viJE z673@c*X$C=i96uSYy99nk;)mpU6rPgQ=pi>V<|9VIwSAl9>LT_`&n8^Q1FD>lgCU}%vGGh6xVE0L1;?q}emw#`JUJxAa69$48KUwG@w3sXpvNQo^NE-r zu0;_+TMf>55jXV-h)+JsG{?wY#0jH#L9gjb!Y|E1Ty&I;w789{J9sG0g3h}pL8;~D zp@rd~8n~W}r|sJ*f-_$3j{=oEJyX<(RFEJNl3nX6)&8aeg~nVp8MAphUHnq0%kY2q zmSZb#XZQ~HcxOxb)6%S+1qG|s@<5Ku%=`l@n;@&c+>ch9Grjyzpb_MOl}Uf#zsJ<# zj!LbzVPM?~%$m+K4CkGlEU-;UTn*X!e z?R;-e*#3KLCV_M;W>Rp60d85ufEr4`Nlp##tT27Rm@AeEwyK{%OYntBV9JfhEiHhD zv#Nb4;9HUtlMc5C=hnF_@Z4F0;;4ml6;_!TliCf=*!`BsikEA+@_KKo^4#|9870$W zN1)j@vm8ES!MCXz>#koM$=0j`i~~*HAb}=UGu79{N>*fe3ioAX1lk8cI97uO89O1 z>u1tQ(z()WPQM85cKo+?Og_J2apV$RA3i zj13rZ9RKit6EM_@FL^=e$%#rhbtmy^K}jE}r2qKQRtn8ro5&=-`M&SM`7+oLaPwgQ z;h_;vXe!~Q(zS=%38EUF(*x3g58ZW!*oqg{dbyVWLBiK>=mLRih>(9Ua`jlE4rqxq zV7C#tJNv0eppqD_5tBZk31o9ZhOFfH5?e44OB3`A4JHbgW=;Hrx%C`~Y}quQFXqCA zV4?%MTLBW>%yga|r-mYZF3yUAIJ2>=GMS)|`de>5hxg5Ule6{+r>a9=-@7?e>nS?S zvnaXoe1wFW!zyV|Z+Or7t*DL0cAs~m7?8(hu`wBA`Z>>AI#|sJHQLme?zfROYgzOr z8bjB5%_-jWtn>%cDQw{_Mh~%>5va?W@AVGe8ahoGm%`PfzjB9U>II0$C**s!hJIUs)Xt?H}(l)%XvkM@ZYdVs*RZm$;;nHg5gs+Qiz9cBD`EC?(}-P*qc z^fF-}|58Z!(3a;rTgQRr4k!<9gG_|XPPFuX_du!Z(NoKx(NCC}ncX#M=HTRj;NE2n znVSqB60>lZrcx{dQOjo+`j3NYnWUD%o2DxL9Y6tetONRl5}WzZlz)m)9{P+}6dYO{ z3%w4c3R-uG?pHw}b zJ+>oaX~@TKRc-#yx%U4Q8?!V8mkl~OgJR(6209xsCR2e-kj;_I3{;3*)_&r^jY_Jo z1-&y%ck$f7;brqo>r$U56wjm;tdSBv(jz*Y#jrZHbx%>AtCioX1uw*!dS0N>_5fUiTGWvbAJcUK-bRud_F;AuzkzjHq$iirC91)PW?g24Ag~Z|_2-a`SY{ zs($MLX|zq(8`XJ(=>r11SdPt~tip2}a*)qQjp%jS3e2c5Uv7o0Wpg+zj?takHbQ`C zpA&_)oKmV4h=Sr@oa%Rbax)e^4CP$So1wD0 z{Gwy_M$bx$pP(TC?oBIIHbC;P)? zg`>)T|2qCZgVF;hN#E02;n7@A+oQj}{M9v8gX{((R=1Pcck9>|s0oU>NW<@P{a{#% zw2~7vQ*s2ih)GPAA}zNUS6mwB%EQF+mtte+lwGu5NSD0FXQ zp~-xA1EKKw5;cC6Ba?uX*z@bd3Z7Oc-Op`2{N@-q`~2@g@es9S(_kQ1u*#jxRN)%n ztxu$neET#Q<70X?cQkJIcH_rH+yysIH&>Q+S;0d$!>q~b@==9VC_)+psg^Tipmv-m z`;kZ0cVa|&x^r-0Rw^WA?BGiWXjU7$br2&mP|Qlr>YU&NuHGt+24~`Ig5RfrySZ%9 zSbubl+wZ)q4T}!Rk&Q>nQ3>j0ZOYWEppk!kGYJ3ipT8b6^if6e&;Vnv0||E}*^rR* zw$3C6$b%sy?qut|oRafXjEx}6@Y5ypl(lzy4+yTN{bANZakMy5Z^og6QJn~`-q%-~ zU^mm`Y6_<)xMJ_;;gk$$x7puDMQ$=@L0=YP*Q38~@xMmCC)_VjSWd~Wmh~rj@kO#sp!u+|9nu? zBp0X*h`od=yW5JJ;!pS5S3E}MHM=C#%Fa@bf-9;at*#mN&jTa&a@;oE@G=fP+O1g1 zM;SR_#Fdy{mrI!&p310do^0?qOE}eVNmcDvyGtXnuD8bHoL;Ax@B)vjEzNkBIVQtj zbC!+zIoWdwgQrr)Qbj*U)q@k!1iNa%QV*QGw|`x&PJ~}gZRNR7?%M6bM7O$7trim* z{pTAtl2RV3+X-Y0)Q6i)9ioM1+kenJ9Zp|j&RaaS7XV?QBF3i~3d7W2ZF8nhem|koeqOuIr zX0BzI1i9uZ=h4_wYS-J}V3f_=_I4z>5F3g3(t~RA;LcW%>wA=QP? zthJZA6x0YO9NR*?Va4s4fyApWTM$E~@f$}3yacQPI;;uFnnfaW;T0^)IK`9;$v2!3 z{bXK4xo=DDE6HW2o_ZG%ATUqlMc{wun=eG~)%+BB&I(fL=U}07lNa>&@3)E$yqbw; zb{wHn=4j}Wx0pJ5qW8rgj)*^wat+SNl8yn>rP zS~3Ld8XUIXVCLuWxv#>jlJh9ch=qezXqY$kor85&>>oH|NrF4WKvR|`_|r2phb?jw)tEYAZ2t5$g!Sps1BmIZqiBM$_8L*#&E>k1nwGE)OmTY;i` zHD}QZso`G*HarJ~;SNVHngDD6`Q1P{fDT^6=eo;{@-JU;x*#7d?>N`}{SiUPdq1#Z zAwMf1cplVeAqmOH+e@>CPw1+=ig!{ zsy)eZCGv&K?%8#&DKt0GLJE&WK+2eSK@kg)KJ+_n9eGa)sHj-Ww3QFWnX|HUZHBYl zt&keO`Fuc>21JU`((4dQhmOXo+Ni4xFQxg}EuYE$E7`EZf3Go)vpg6fm*o+GglrR2zWgA#3|~?)JN7 zP43BJcAz|h^|n>zd}JMPOCexe%d|tUHE$?>!7ZdB2xB!I>ntW&RT7v*48(Ha>N^<6 zca|L)e|;O3vgf{TLQ=`tkes@#0!tFSIYSdUe5Gi~0`e%RE|cs!+C2XX|HQS`zTO`mrWLH)yTTc-feyehrbp$44_C-?>)`eI z`+hW7IhoJwnpb_a{FT0J$XTGIir%z5Kl#Pzy@?H}pVN~`f(fr|9c;{nPZ=e46THq( zcUL_DIHlR5clQH{EGsXuWRtF3}Ni zE}Yj`pwEzl_{7&9PdBKSXgQR5!j%%UP~7?Ts??)OkN6Bt_NmU)v$()N%sbZH^cJ6) z>LQje zThSrb+`^3hK;{^D`Hs%N$enbGiEKn8_8EgQDomqX}HW2YyjdAE}?(HeD<~`eqbUBpFb zUX|-YN8ML+qp zH%h_4d5Q*=d;9Xr@vT1FG%-9%25R@#D2wy&h$wGjtVL4)AaDDq?dEFL;J@W>gDXAL$8?{ z368Dw4f~f#Q>{qZp~alG&MJmP8ctgLzd~7eqrEK6*JD6OFl)bPZ$W)f^9$Ewxr~khRsLhtAz@8d}})v(VHIg@({rac7EU z*MPRD6#Aezkq^bVc^k%@LZ`CmIibLLmF(oUlo`;0_kCNqVT;3)04ig+S11l#Sb?R< z8IRje!{P~^WyKnu zzmkWV8k(Z4zRc_LaZ}BqvOR>n{-I026{SV3LLU6Zxxng~^u4E4X}PJvYcT z4ZvFFw5lP853%~K|QCMbM7uUC(OtJnK)YMN=dX2{J(tXBKkKp^GdFX0+(xih-T)XOwi1g*u>M;j;f zsB2^Y9*ZF5k9-Q=T#YNgLs%2*zI5a(k-5>}(RLvp_2$hCB}^u-Qm}MFG-HkW!EaZu zSH-wh^Da`|`__reX?%K~ZZFP2Aak^RF}*3AJD_h`rEQSTnRo?RI$>Y9kLE(M;7&}d zb3iH6gf^I^s5OhRVj;3DO}Ib%NRx?KisIbxN3A@yI*iXe50c16WaCsg3Yl42dlpu{ zpsm30@`|jT$bn5q>rGV2!CaDL?Q}K&ze26ltF9&{@)|@KvXx=pb8;QExmfq@OCNT1fjniogbl9T!skHlPi&^(XYSv= zk>>8-3;90*3#`Db4^z7_d4aM6LSQO++VWxmdR*hB@mtnc@@4;k?XgIGSo*wX4`!#T(Ktqo_ zl7~XluQgO~qAZCIM|C+^9f3TrCI_w2*yr~UGsB(*DsTt8i8shG%$0G|mE$g}9N;w# zXKjnvD#&b5gDU5k@fhpwJz#4Y6bmsHTQ2iS@9=M%|mUB zQ5_I*CpBlA{q?7zLx+@^0cZh(z9Iql8@Lph<-kpI&h-KYxi}}YTM1=G#8bdqFOKm; zknic)&pmDq#ZDmFKaRx~$GyQ&v>QC049znAdM=Eh5T|WLZ8fMtjbVR|`gNMCKMO2d z?K;hFzY{ySSfKZ7@AIGlNrHDaW^Z4N!N#-*%#u;o8WD zBcC+Cy)?>uO;~%5`CH=l$n67N8beyn=v``8?DL#Sbn?C~Q1=vk%o&`etzpIEm3}}b z*fTD9RAuP!PlA=Wg8B+=MYLa-D?vV3Zf$1hUtHls;4mWrOZ*?LW$A^f`ECET5v-^wRy1` z8R8Qu>`@T%kZ#l8E=zO5-7sCxXas4e*LObG$v*+>dAu3#4(8957<*O0Q7M~vlx~CP zch~ZrzZqGF$GRE61T=?nrFq*$@2Nw z#F{w8yL{hLOT%u8{cMsa9NrLlsg;0o-L%vn&|Pe-=yp@84AFIs9gTbAM-Y5KVS)Kx zkwMYoa6n9L->Z3+4LX*=cWk(swl&m`nZb|}Iq4gaFLaww?p!a$?2xF-VFI4%dNP`I zrUl6btylXMbqwg!BL?tH2vqsB=8fAJBWO>S>7(0u+(nX4**hE003)^3P=~E&Akijf zzX*82Nv7leyQVpY(Q4~?*ssByI5C)Egpfl&dK@y&y|a62s$J|jsg?lF4PjH+pMc*B&Q{=C90iW^@bS0IsT z`bc(JNrza`Vr0KquOV4&Z>ov;)-oWQobLgKT(;$=DT#?G{s@6$Z74e1L8DM0F6I>Y zci;C$=r(DeXZFS}3&R|A(2YUuE<-MXKBKxFqk0G8uNQgkQ%O=0UxnL{r3E)&M*2=@@X!9Yp0Ig_c`y5Gg2g>VkBJ9Pbarn7 z%ZX^cuU!A46}bObcPXW`UuIK}kX>h!VZW!}kpGzOhD;0#57fvv-$s(1)9ALx^Qd!P zD5GZbOYc?AT%5Zuy08sN@hBubXlZgG21?oIjGj*`>O2su9KB7gFfXdJW3$c6qobTp zK%Ct>^zo-=O0-FGrsjX*GlxBh4(qKZtDdxKRj}PjfRrl2GXu`A*2waXaVN49Cd2?Z zCJqFk4T|z?r{Kw}D`$aty61oa(9n$e3GCLngHVVxpUA$*^-S#44cDPg{o%tj~NUn^$j(>d%q#qw+Lu%E)`<8k;C&-UXuPs zY53xqDt;?P*7Da!WENp2Luhf{z>LPV45?mdNY78&5_S+QcOhi$-{G3hVJYFVx6YEh z#wE9cKen3xNehnmwy7iz_l{pkh`oav>DJHd!U8ea=gFE)SyXew>L_Oufkz`OHr!Io zbTlfy#pa}rXz6SnqKJF%0r-79ir-H!q<`n103htI*Z{%4?!ZR}D!trwmh_`rJmvW0 z24NjZ%vCNV?Q?1vQDFnT;}^p{lS-a2D@(XlKAssolZ*T2|LL4F+D`R-F>z_F*5f56 z)d(7(Bc3(n083Bx#|2Wlnq-cAwa6a)iFCc*4AY|!a{}BgJl6qIbdAdF+?474m>kyO zz7h0kwUU6PT*K$#gwHOE;X-SWFMW&*pjV{};u-pVQ%^hd;IY&B(7xe=|7 zI7MOR>#x{wd-7FG0u0kw=bE%z|N68)&mLO3|FIUnPtbZocKxT>BRxEq8K6M_VCHU~ zAYWV7S7lPp3G>gT2dfGob-ZrLjYZNWGHWwO1C$KvY$cpuiohGN2!r_HS(X*SkV#!^ zfP73W;tD@b^y{pe!J^Z2@elBjXfObYOCayMtIZQiTLzC;1T#N#6WWWE18V`TRh^|6 zJD``yvjrAbbsn12I#|647H3moXkRvcSTqL7flwlob92GYG_)WHH}{X+kL1vbqZ{m! zPnIXMFEa+SIH;6M3(M=nKG@p$@TY(;xz8e$*R8)1L>P~y28Y%f^59R8-2}ZA zyEPV$m&u{B(VEU0kfNXVd zeve+~pFy0#SOAI4d z^u4*=c0D_&*mQMNQein!)2d5c%qZyy+b z2#PsuAR?0uZ~$WQHG?PDzyo9Gps#xH~giMuA|e&2{SY zhgt1tEgfxFn(&J^OPk4&@=f#aFFuy{ekv@HxHvC_=Jn{lVy=UX38C%?H^SJd03RFV zTE5*?BZ9p_WVG`#bo5+c#Ru;;^Yo3Db5>fQL3UPIXz%=9(r%p8r>UxHxr7EqJ95>B zjVpC_JwNYKJEr;Sz~xu`(;RyGotn(0?XQ_BvWz;E1iFwKpfnjBNL!N5-1UVB`FanO zuM*EVnPiasZ4}(lnVvX#e_z|qTtto2WJ1%Iw&)iAlgo7Em;vv*K3;Z)941>Gl_Kiq zaxkH7VxI5k1a~qWacdmGB0a@@((t}#2pbjvL+zsGhjwU1TXVPwTOGV}^-X5To)9qV)~soxh!vLl6rfm1eUcgl z3bmdM=zGrJ_FiQ1EWlxDzpE+IDvGn(-5KdSc4N~=EaRxM_2mvq_g%y@CHIb;Xig-2B8CN^!gzujBmb7n)cD3f)$ z!%1-o@)&M<$mdw6+p|SW!wx!R2mQ2L)rOy@#sbU>gj$QZX7}MLDlehhDy>mkiaAf) z|2xpJSp(VZ!82$j*O?S3YCvWN?z$j%gEPdAmOqRkD_)r1CJ9H7Rs?~9CDVo%UDFuf zI_3R`@huzs3#A9Yfc%}eh*{jsq2(6trHQLo3Q7hOcFriQWAU!?p}86M>@#TzY_W8f zTbw?{jWXYAt6S?5#FgCi9CD=u-<%}}>xm~%RXif1=GvcUyQI3%Co@TeQg*~_gD)i4 zD>Wv=t4z&x->C6^xTx8+R*yS+G8jkDM$9oi`h%~VdYxy}%UQ|fpTzv)?@J5pnkc|P zz##7l+JM1qim(q*vsy|`PR#;cjmqD1E&@oV9bBn}hv+2D@Gdu}l4UuuixG^!H~Q-F zF|4uw^iSk+7L?%IgAs3!D%g|2c}t_+r6AU zV1&6jz0EUYB928a3(S)yua)#ThF!Ooz1eDaG)A2Y$7 zT9-G<93JXYa6T@A=!5ajWmSfLI8^0=d+ZM}C5@qVvlMA5 zYfXah*3?jNhr7XPkT-WeyMJ+E^mYqak|oLM8oMphaFWwau&)*&8ofejP(zyGwBl1C z=*-jQ>~9+j={xE&R-gZ2)j9}2sD_?A_vbs+&qTHz?>y%#Mf!lAk;zknkyfZH1qUDY zlM32fRUf9D->Q)(?jBj$mhTGOa0xj>l0S6bzf@jo{px6D>fh521Zh^J>b|L#ti9%e_(SGIkc-PbKDmYuaP>eG|j z(hNV#Zby}p#!L$z#P|2f6zhb_#FpG=evHY*7vz~$BrwS`K+wiiLWoB~dmI4?kt^N| z>ecy~KQ`E1kbjROd}UycFNTf>2fVJrp~38bkDcy6&nAjRTB>s)IT+hS7VISY-Vo?+ zd{)Of^yZw)We$olo>G}FoE(Nzqyy#9Ab|W^gvW$Wq{}|I1!73$j)hVetJV<5tGFhD z!Qbo+IV;;T(31(d6F|IKYi@qh?1mf8*JVwL-}>w7%Vz=AB8JQ1a$VG*AMIt1ia!xW zSDE(pR?4qUK{p%Fh<%oUNp{{E#lhdfC`h}(*48lNL7q8+Gi98`>~ z=kbzQL5c8QT1W|eK@!}<#aB5wszjd(ecqB_FG*mX_k26aSof63r#U5|bDkqWl;nL> zzo`i|09s<~#(db2Pv@?Pu6bMf7I<5Vg4tI9B~wL$ld&g_wyYth_SI2Iwb&shKMnYC zXu(5)&-S*i<(VGxdt1a&BVTv}3{GOKO@<34(Onej<)0S1twh1TwYxsc`GVN~)9l~- zed|ztR=G+hau#dr8LE?ePWsU{%inzpJuApFLnU%}jF_r=8xyMRtUbhyhWe|j1&5e2 zO&tUZMmCvY#j?n1ZLuMbp^s;%SKOMzWcm^~QtZrHS0c$;*1jO}&v59I;wXYf-Q#%* zm_Q?BzFJTGc)x^Q8?aMJbdVnIt%lwex)UN2CJia2KnfU}Emysd2ASKI(W?KM+$EG` ze=!_`InJ!3WtXHY#z%xBe9rx;bT=Dktk*@CFZ!iZZKN<#f7n{KjLp4M#70QvQ-jrL zf7_#^w#Hi|XG1SFHNIB6G-7vo$q9v7c1k0Z-uU4h7~r<%d!l4DHUV!p;)eGW&cI)J z+B6cE{@%pYMDWrTXXD#>{?l*Tl>Rr94W0@;?0e)bNPg<6feSp9S&~M++yb31F~>7G z>Wciy-|yykll}1$^KOsFb|Rkn^?|~XUppKOUHr2|yC2gYcjal&&*C5wj|k2MR+?k_ zm>q3`PtCJhk%{wTv5E7(npZEf)yq?7Iijx`YD zqM>0B-H{!rCaT}U(b>ClRnIIS{7QlHl{$)N>jPS_+T?I^f}&h^tv|A|;U9kFY|2Sq z0&!r~tC%x!g?ltmk|Msv*W#XQWf#h#zcRm&I0Fb-6bSYlT9(LVeyn*4 zgitNjdOJCHYZ}o95k}Fjuh+S`ZzC=n36!mJdQ0T9qnfYB$$l65_)aZ@q7l-#CgXRg zP|V(ex^X)Xs&;(3adxFax_1KnOOgBTdUJ&Fgm5et27Mu(JF-T(bKXNXL!>bKwxSA+ z9cQ>KAyGBQY&Hef%2XfLy1s<=RY%=2$AuOQQxx)Uw}RCW07gsBsCnGfHDzL@TPN2l z{HtWj#DIP;ApduSu~nC6*1!q04mCiohT6yPWksV7DM^9YJE<~TQ>YYa&N~n|s25si zt!H)dcCBvlb_($NxPxc$wxoq4(y?FRhui)@D?$@vp;^j8F5Gj1884 z+b@20g|9~1PyHoA@6{xtnc{qfMusP1#ktEjSf@$?a#Ww$%j5~5KX&^l1aZ3*m#uKd)d zWhoCnpF+Ds^Cs`Z55 z6GWXgE*V7|3!m&2#oij|$_{jC@-cOE*3RRSLedKTckgknh|E5w|`K zUOe@@OQePUS!zQIjP}H|%7#kYk4_r{9$8&F;Sn%1AdiDxSoavLaJ4DJkl zMUn+fubF{-FEXtvRS&#xK{Hq0VIPX-48MOCc3(jao%kBs2pQ@lg}v z)>58&qj564ud;=df?`J-X*ij+*&A#?{G9iH*n97wCf9F&6t@MD5|v)F6_wtkV<1}) z5D+3Ibcuin0cipnFc6jAm8u9~BZL3}A|0fsz?Ldqu|SdyNKY&nA;jOizo*RHbLRZM z=XdVhd*{yVzcOK7CdvCg&sytQ>r-NHEjgB{UipH4X7Wcwh7keKeNG^msaMDUq4`5p z%HWEH6xK0+EJ<38G)eY*az&@xZ1H0%ONDkfQ@uG<9AyccjRGVM#0N1VTy4Pn92Bo> zeEWMJm@g@_3~jIs*Xj6411@#V$9oHax%eyz?tV>k)jEV!vq8TW(o>>BF z$)e|8Vx|h!y4&-nib35m^&Vu=4M}4eAt{F{rr|lOewex&RzujpF-k%8&c%nB)=-yn zP$;FLEScbrb#w-($n=H#y~u1abm#=f)^`#10CSuxgoa9~w=m~OavFdO1i*p+9#21G z|1=aJXE97CFgLf;+(UY6P$B+$r9zQkS*MX+a*sp0Tq2NB^m`>IF?^qw>LayK#W&R_ zh)UD_iz>8tL;wgy4~Ru*63jpj27amxZGg+4MD_9an!b(S&%KWoE4Xlhviw1UYt4qJ z^MjPgAjN%u1Drw4?GZqh-=nV3TOl=JIAh5oyV;oEChS0HWx zFc>kbo1H4hJGo^dWzO_vh!18bFUSIbY?bljC@eTtPPCm#T>;z$DBNSO(Pw!dZlU$* z0T5dPN2irL&bm_uD2~E@e;YJM0%Eebm>4m<)oE4;4;nn7WS7n7A3YY4566odb(9aR zy!|e=^yF47-&pbOg^jJ#<26R#Ua&JpeH&{o5Rqm!QWp)`1WAX zO~D!tz>HsnJ}^;xt=95vTY#fIbBg_q1rT!q@dGTEKCfoCXUazEZ_GqJ2Q2c?jzPBy zdo*UYxM$q!IN`2r=;hgFn2`H5+Zqdp{UouPfsaX0Eu8($H(e^b+qy=&%09P83V$KQ zUZi~v)LmU%^KB(QS-x5jm63GndZTK&;_7IJ3jFsM{PT-|^`fuGfy4m|2{)K_bt38( zS$|-*T;^7duW^CAbo@}6$S1#Oc+4ABh1tLFt(0nRVNvEtHF&wqC4YkVt zqs3;+I)ZqAD56LtY#Sh0u;A#G14(#Y;OIza`zN$x_!22T%9e$EhRcTPr(H8_FWd0O z_s!rkh$$KJsfmJOVp)ErVVl-(s;+AqcxFYPgNi!~RlL{&kaiK)?L(3Biu*p90%B*O zew%>gzK_ySqH<_aiPb&q2Lz>u_iYvOF&pE>;!V_B2$=eq{;Am(0iV>0sI;x>50>c4 zw(Tm}ywROBahOE%&w6_|C4m(Jm$`|cyglcZflJHM;4NNqi}Q9C)tuJSBAN*&kN`gn z>uz@u0>IQYIO~p6w4y5KWD$~@fcKAXvN^K1WN0qRBMnc40%j=Qev((IKAPz9HzZu3 zpk221j(suX?jKmJBQw1pd@}AN`UIPoIWRfbx4T1J1SfM(GGW;oArMO<@?~IKVh`9P zPXjHl8h5hct(SYGyp?sLF<&6z3~nY#KHWQZae{Ra60)DsPJxU z)TeuQ0r>92KA#AwmhhQs>x!x&*DezwqKUAeQ5bN_CVG2_$5(J0V?yJ%;!b;>o#QC% z>OcHi=m8RHdCbJ5wu~RIm@l4J>%yu%{1oJMlG)$-Vv2JqWD{~B>O^PztPZ?wT35wb z=*OQ^@+&n}Nj0uPElYTQD&eeZJ#ZFqs7v{ipeqpTPLybH4GgT5OEmBf6X!dC0zZy6^gz3}Zv9tNFLi1?Riu8=bE$fBGk?E5tFqI-$IX zaSEnP-f?GtS;X+I_lPoOfj*1ub+r5bGm{f&z$>|mJ?O!Tddw70>5)c5r@3+;*yO$) zDgTEpuG}*LMp^lF?>#+G7byA&!86$oQ#qeu$5q`wEM=8`g;)U;2vogB-wgakhqy2+ zE1EJfFlk>9p4870J9y^R7f8b*Aj%Qfv|mDQm+H9VCoo=kAZx&939wC>EHj%&d1^rr zLJo@=q z2y??KQxxmA9*zPVOeZGvN_5%OuC_@XX=0Ko;6s2Gq{&0>Pacn%Us*eabd85B6w#td z_>&btwdZ%6=(2i_D$%HKX`+v+*iW`x)7_XO@8ViHLL__>Fl*4)ly%2qUh? zNlb3Mqt0QDM^@`xQ{LM5W!6_m3y7cm(V={GxE-uT-FxvWJnr;OiDM|t$6?u&YPv#N zbevRy_WZrW56jFXv#L`mM&}11cf>L@v#`?d;8oo+yC!qs0k(`$#@dRZ#?c$7A>fTo#qc_Kb()VRQ;RYTO2|Ii&~+{glW6K%ejeau{= zf0=Cww64qPE}Meh^i+ro<04DkZPG-(jT-C0Jz-ONm`L7cTYN1sBNr`Der#e|7_2Q~ zC|yvUbRpN9w)bMTiFuXm9DRqEKP6ump}Od$xHzOOH_LGav9o`HG5<3Y=p zfXhzyX_At`CPmyD%NChUq-Bk@TetCDud-@MzzKNyk~=Cd=u&-7FS%e_eV5pIrPdZffTV5F~kl#1m$0ZX|aWeih+Mcp!iz`LKtWyC=yvfME~PrH zv@uIAgWxjYqfF9Kv}iqrv*A}YmYP}dD3wgbdx&p@HPp%Is&`IfPuE#F;;hqfNn{#8 z>^hN>7eI=rbMB6ID3chdSMH9cF(a$mudlk<2&dOMxA?EN9C`2$Cf<+Ey%@}^5P<0e zC~MA}c6kFFz{^9x+pOIP4mTOc6PI}jmM=>IOhVJ%>3?>^D)?^ zuT+F1N+YJ22u?3G=Z-cPUS;;CM~)&cb?3|?K6-SIX4DCkLi{|6czy_TWiJ3<70~dg zKyv%Q>?EKmNc_ojp@`>uDX>)<^*74)&U*&UVVXiWsCy6qnd_yLG`T?e4n4>Pcrt8Q zIQ_ys-W(4J-PJB$THPpA)?y>J4gNekn{04s3qXD=hw{wR} zpi6)8X5~tE!T~>PI}X>4fjtb^C|>=)XQN05kOieeFxoh19Gd*q3jgfVB(4YAn8j{@cg@b76 zDzpXrExk9sl($E2^`r-xfZC=PbS@H;KMGEr?ZhZgs+m!^YA+{sY?Rb-`yXCnk5Y%t4`rcX`J7V=o=dh9w*G+Q)|K;&Ld+PRF&n!I)~c#_6=e9HgE zbsiId$d=$pTKKB=3CvcQ>ir>gAH+6?sQu(I{Rn)-!&qQlKd$2W`=Y;Z!QZRk?~U+x zEciPd{+$v2PKy7(stce-(2z`Fi>Ww6pqNrxnQG2dC;0=lO+1^VP&5o{Zp|+XWuNos zh#=?nP(GPO=O@bZ6p%M8 zJ+IB>Lk=2;Y5fMqIr01-SD&w-Gq1P|%%^krH91N@c}}+hr-zLL0hV2^Hyy+WC;`izYGO~| zgSetBL~>Nny>2kYOL|V{M`gpTjI?po`tT&25|FOw3Lv8%cvEl*;v-=cqEN3mY^V?1WbUSjglYd#Z2VcB>o1(x-1d zyIbq^2IcEMxw)+?`E_61x-qD;YUzoGtA}ZQwS>rl&*J^rYz>XgZe}PApJXD{T}Z;D z^OCjJ9)nWAk{fX07;icx2Hw6&8;WFp*z(zmwIbRI$3-mIXOc#xAvQoSfXD ze`e{d+l)E{s1|H(tt|zYr@+D?WlPsV;`S?bmPgb??#k+a49D4$#TQcZFHLo*-o=8d-RL@ zbd#rrT$YAxzTeldr|Ks48rtMhnvzeb=msGD0Fq517|e{KlKIJ!7IGpTG=x@Nu75OF zK{SiFDX%K#Sg_O~dN-3oWBy3erH4Pg1LiNFV^3FninHcO0*mk|$8o;|x>&mKi-`jI z>T45efY90_-?mSL1Os>k?ku=X{9zBTEih{V_`U&v-?dRxX+I{Z2e6k)<|?5&85&e} z7c^KbeQ{jKk_KFbHfo)K7*`^{_nzb!%Fd?ajRpYHIN|{f39oh(ebCR=T1-CStFrXf zq=mw!HuJLnW$5 zY@fhH69G4XBfRUq_Gkd6@bEr&!pmg;cW6L~C5)}R2uv-8xkCH#fB*(@ew`+ljYGS~ zUt)i#0~*nrQ(W!!d9|!=Jo_DO0T4tBFv?E*mHF!g$0~@34rpVxk@+z~NUnS<%Oz8M zzP6+5^w2gDi}lXpN(dZ(j@ z#Q`7ExwD^bB8P&}SF*bt_w=|^QsSGwOaRr&n}NQ-_z*KBdx3s4dl8(ZJrAh#a(V^3 zfMNGwUt8SqfkM>$*@1K-JJ)u0QzIx_C+`JXC5^5sDB$IvQbutr<@3HhgtDIYx>rj3 zJSI7EJI&KDrKgXuh;myWmy$X(2ET2dVq3$J{vBrpC7y@5a)kCT2EW>iNoNK$$W`M z8^$j^JEJIhV~^Q+ZU1*-(K-X1#xdy8Wz7~xj)JYS`*%w-i6I=9Q0B*v@64vYzB8=r z5nnB$W|N0w9qvU(1&4qIDx2yNf$r4(Z~KFF#n%J;TxW7$57>_?2nCub&2Bd5E_kg#aD}s+2n4 z;Z`qy?{USayOm=T{=J>YUFYAwH!rbns9dd9&YY>LwtPE5fGZh{-K|VKdT-$jEta{zSZ8TV(KT;3WuZh1F>qXwtgar?PAvYP8!r2!hq4$~{h~$9$`P9UoR^SHZB>u9kGJQ>-xvRIZdi;ZPu#@BU)< z$Uoe;{zaPYOKV3>TW*{j@mJHxy+o!S0U#RH@lMP zlZ=h;cbKDpUh^0aRv%YK`K3OUrqDgT`_!qO_A4P#`QBPi9V@VT8p~i!B*<|E zr|6VyY&Zn@y23Z`J)!(e5$79QW$)6O6femJnt@ehckf+C2eA&1KQNJWFHORT_WElG zqK`B6I$0|80U`~6#sv=dndr6e=k^>T*YlT3tQYLs*6ozCgsCsjCMUH>XCFtn1->SG zS7kSjX+9#|Y=4heDHDLT(J>nWHE#8%D-UYoj?Rn(#rjJp<^|9LyqO(di1b1KsFhr2 z>@fobfef;gO(iX|px^=@Zd1Ya2*{kcsvtx|$OrYzsJhUbku{8!K3L#L@vX9_^!vP+ zQE=!vU3@<9_-NR;Cgt9_hNj_Fz_53BJADDnmA{4@W`3v2$zkFb#2~VOWWRp*>~(f5 z3k+vrk|0*hIr`k-HF@%cNj^iHhDeqg-K?(xsOLbVoDHbn^d>~UxfIqc{jFQvIcW`{ z!Bg!MktJQC+*EBLV@~Nf7nD#3%Q;D*L3GBOHdLqK*3GP^!J)N_;izLX`7)Qne?;B& zI0!h-k!J`Wp4zoa|4J`(&I^DO`(2Ay&Qcv}R=kQ|beZM*z4>HqkLP_bdVU1~`j(hn zmr|xG7o1QaE}Igil^51A|9uk-6gm1?(3_x>0Vc;o4|0yNV4G(2-eX9tP9qzKLfbMn z`TH?~CPu4sk5TVvb)|{T!-CrVyWdkFnt+#Mvf9D`R~<`(KyiUZTZy#2ofm29ki#)f ztmvD*Pp46V5(^-M>~y6?Ur8S(Ygo%o9bUX7QG09d401)}cGpd5u#BEG2na){nrWrw zP*Lm1waDe>8V7Q?5I?V^GsO>WMSgGS)!jq9b`uq1^2g^}TLwq*4)F79sG;bji(cLC zZy?UP)3?hDT>x}EwH{^%*Z z)7UWDy9H5`R8~4|=P|7_ef(h|R_*mI^(a9h%%%odE%~wDGx}wnYbdkw@n+-Z7q@FZ zePNu6r*VcNHD}~g`^dal|EEXHAgW(n6={r;rS_h)!?8VHtNS*>ud;Wuf>V-yX>n}u zMncwk^JBeD3lvhd-fKY2-9xgJ0F8Z_6=}#YU%^bV3gf)MB@{+0OImX$Ps>jCc1?Rm z8%SVCZusjn+H4y`;{@C6@*E_Zc1^h7>(n$&zmXk!krg$bxv8@*o%AJgx?^q&qDDJh z2oF+7YzeY4R%h6~=+&M_?vAw~MchlqLo`4FYDn)HKleIuhk|oq3FQ}kl;G8NLHtI= z`2^Z~U%sh21Sq~vJ=y~0j!qr#A7V|7yoe0v_IoqgLk72;kDMoLs*LlclDt_b3IIWa zfdc6hQY}Fak&1Hzj*$R+^jp5s6q&Xcvt)eyzm|?%L3_|Mwfo~_r#beu9;mc0wv(r_ z?h!)yP*7@*2}`8<49lZt6?>eio=S&`1x4_kv&dPnm7f zJJPOel>|R~)XKhG5-=vK7g03D0SRGvfOBCFhSpXv>w5p|s`)^E z%;+r93?y{L_}G)QR40lP&JONpmsf6@aATcLc!|2DYxJgQx*CS9bDc;lp0Oyg*2%$H z)I~?Q5RPevh)fag| zQJpa11!R$HtG-^3AQP6sJ=)J6HB=Ac8cu-{+6E^Z0ahFf)kE6@9(gIzZkmnr*_*M<<^C!g(uiv5K>Z!YTGo z+UXFSL+WC5PSZ^D)@?1K)*KVohK>hj9(^@SfrpiumRQdyO%)ouzbF?qtZ8&0SmZcW z%~EWz-GPz6zE^atHkiyY0yeL0HGZj5oJrH$z-8tOp#n-&`xe_Ch8mFYZYU}17 zzpmn6Iou_<=O4X2i8pHWnrvPrmkbCx;zu`CoWja2wCfy>7bdKNTP(?Hq4255APs@I z3FZd?nOYQ8JKwtzzITm{u}-7!pf+i_4s%i44|YS6%U#dps9aks8YuUzbp7qj%bu>* z)-<===b1__)lyd@8A@JbErA9xfv;YDaV8o?mOa0-QXF0KoOmvGndmMNqZ>30_d9kq z-)bQ77`tXn%O$V?ENEAMx_O?BoWMC$e0-Gf?DDQj(_hx0|5A+nhnIsZ08DraEQCHq z7jz*T{nc0qknXm$?9eN`Ya+g%3k@ulLB%0W&pi7|6ho;jj;BCW>fZ%N{qp_NY!v@_ z8bkQ0{9_j*xUai<82lt$#UT)I_&7UiTKj3V$~n<+s2Fc&m+2>NbHa+$%{N`c?b3qElSzUqVrxijykHxp%1 z5q2!QR3!bLthST*k@>j+6Fyccx%UJ`tsdW$yJy)CbR~4a0;smjYHD5CAun4~Z_M4P zJN)hUqM_w^x>s5=&T2qA@?E|W+@-P3qS2mUr+XTwtX(bPWS;{M7#(PlN^>HZmbhB; zV@q6Tc8Y7B??j!o_L|HL)X!793w!67+)}x{HH#a!i23Z4U-B|$%Yw? zfnm1NF;+5c&jQ8~xm!xEUE(|!bH$OBE5 zCqRRxZlQ>0U-`d|&Hv$}|NX%pvEtUlzDxh)xu|m>nFjkI+NJ-K=ei*HCy(vy^nu>r zzzI+$0?Na=KF2){^tqrW8tBt(Nml$$O7@N^kcNreK?K0EfhCplaO8kH+M^K&=H&{$ zL&FLO#7zz{RrL$RO;lJs9dkOtP}tD9Z{W#q zJbprB@M3oQ!clZ6Gn729klZ8q2_yK;SetIq0npRn!7c!^ zHJf7>T5FjEIlz#%$uyx)4d~4-zW03VNsaJ>Zkm{wxCGw#kb z-zlqH2kaLB`uJLmdL4ccb-Uco6@61f+_WXoMtexk{28sf-69EDV5v!3ZVz-#{Tv$# z_>FxLI1?@z=UdJ_yVmC9%4QfQjG%mqm|Out+Y-zO6>ra~e| zeDAlonU9Ate4I1vHYS)Vr@-9KG!gMcwb2(y8ktZLG$0r<;3dR
    )g`i6z|(6*$yD?vb@GB+w_-e30@;}bF_v-f;6wa>$!PN zNo%6JDmpSb^gk=1zqOX#1sTygQsMs-7 z{>j`+$7Q`D*@uek(I!I7bboMk`4*q3=K_9L@fq}X^>b~UXk<9ttOY$U9;dEa1~)+8 zmi)o+1x3D8K#N{;C5ozCge}Kh{XhdPummPp;pJ%W1@`NFq%}-bC=)yn82kTd&tFNn^4t1&am%4S%l}s)UJ`wPEiENM2V#v!&fWLUznNf! zxr*g^aYN}eUuPpO!Rz<(+eDZNtY7?8tbrS}SprH--$Q=` zhkG)?Flh;SAJPKg*!TB1*#h}sE%8zoM>LKE-{AzwjpgIm?^#a|Z|Z>zo~L?Xpc^k+ z_Jd=ff&=>Z=lJ`5{JlQ@-YBPLhBU0-Cb(;&8ry~6yT z<0w2!01QkVz(ScX=U3+5z0?0KfWWV@Y_84y08I2jvffGdK>xlnparJ>DeNokN%+ej z9B-jh8I)8!RE|-O0(Fqok_@3a%}irPZu%x$%IV|JYUQ5ue4K0Z_-Xn<--nd3E2P zrN`LX0K-NpcY2+aUNg+TSyyzGVdFxp z`vXDF;?_SJ?lHGxrc3D7^B>2U{6GPSN&CSe#FA#@_7ux8RDS9TlkSFMwCT$acB5ry zu8y;=Qc=9q`cdIjY?26`$pOex2gJy z$$TlO?pC}SCCL#zT(&NTND3=bLA}>7yX^G7bx^n8ZX~>3iaBFB8lEO+`7-$%nEkym z=(FG0<-L5fxmf(Q;*3${%Z``%@(Ve?mm8jzx=Mp)be*6Z_M#qOo0n=UfgBncD+SYH z+#^Yy9N*c$qKxA4>A-eJp^kh4oASiFld4L}*mL`0Gq3FxbQZn?xw&c#hg_j@Bj(;1)8g*ff*QP62L%%^X{XJp`_NUGjt?#)v3@J4j1o-ALO-)P}@d1=Z( z(5W%OEcbPfh%`mb#*gV@0>x@a6dvkY_AL00qm>BR^5Z$Ey!YfqyNT;+Z`~W8#IXM) z{OfvSu#$3Ex<~9wHpQRQk)ioIoGA$*b{JGVU)So=ADo=psXsg9f8C;EU!zb<_#V`& zr7b`3?1#Ciyt@%W*Olt3W~T;RpkRl(3Fs*9J^p}bOQP0%HOIXmQmTzxeG9Y7bTdEW zj+;C#l+$r|pISZ|tqqfvzDS}3i5SOB3a9nFC%F2A5=vTo+=?cU;Y z%CWiaEVlv|I335#0Q?xwzRXR&y$cmi)yfx$k!k$E^4iyBzsGZT%2lt7MW@a<`+#(} zQaZkS?$pHXH_7bjbwtxxYi;epHBtrsMQi(u){bJRaV0;WfnAj?Za1=BcaF%P*kde$ zu~z5{#pxoBJKXH)t5C>V=3>Ol!(iF9QJ2Z=J7D?Z5n;T{a%PlFLhzz^xtAT8 z-B9Q>J2qZw9&c>%Mq$_YTDHA$k*;NtaSKJcmwK;flapeQ_-vhhwq;`L&hESvMh}Sa z5lRX42o9BMWk{2CwH}0BuFdKiS6|6AX_*M`H%W8wuFU_!t9SX~osEX)$je3%K5)N` z{*aYblzM$yX<}AO#qotpPGeW<){R_(QycRPWQ(+pSq1Xzo_riHZ&iz_C5 zAgYN{>K8n=?oe@z8q{vf#dkNZX5Z9V=lpoJvBaYSW?`RdW@k7`AIft43O&9nOLkw@CyUgP`025B(AaW#Iz{EH{)Q$r$`cPl=7B z?JEao0Fytj$+keidl-V102ZpY}f}4yw}R< zX&f;>iz_a8FZ?u()=S2JJfZUOnscB*7k!I>pHYSQTBwaoiXbaul6gqvj=l{>+@%+tYap!CaYTv0;#bj6^=!n9+PgTGh)64A?x zT;R#`npH1v+|`~}CZciOcC6m`iy{w)ij>Ut?4!9pZoDv*GfBE=uO}@%uo(YN4Xmkv zc7gKN?=FFI3vr3Eq*@^JK`tct2K~iABa1W7h8|1az#Z?^DYi5(vZsEn!$Avfz36+A z$azqdw;W-k1(G>^OqBbZ=8NZBa2wwl(lnJGZw<4hSothA4Qihfh5S0v z7nG6ItYv$lAMNaE=c0@w>50=`%;Gfr>EDZ0c=JE!wPIX2mEU1VN*DB`D4kcF5-OpI zjZUH@9f(lSoSJI!y{o}(dt)S#m@_1|kkk&y6{_i7zenSgl3m-L)G}!C82Lkgll_P5 zc|l(k`7Cv)fz@47n4>_wI~W1UFeW#et5!Oe@cXcsp^n5JH~tF4Y-Njs>Vznbo?cr^o%FDqJ4K+;^9-QLKyBP5Oh+5~3lN%QX?ED;Wn+oM zge-@6y}Q%vN^;`@Wt8+`3dFNj%uyY;9)^H!4`Pe;5`uQ+T>vmR#dUc9vHDi+?{ zb#}1HdfWWWusb^f%#Lhi4H|8FNNk*>HfG_l}^L*2;m?n4{iU`B(m1C( z%g%*_jaGAoWZ|x5hppOFmRf(Xh+9JzY1^ihI;4Jbf_<(XL1tC;)oUy4_>F|0A1;9&T6~@`;<;^RM zGqYTeT~oHqv`F?Zk7CI?q(hUn1No9_&EvU5*$9U>kz;8J>fWORLEF_f^+xT4BHf@= zoX(K(#pIAoBTbB=RyQPFjB~@a+~+vMk+#*diQJ}ay-k7{(hFQh*?ee((+Gy|*&6#8 z9(c8Y__d!tL(wAOB@C%o5R}b^WSDp$?xz5Au0HrxSobBrTorJ@B#@*LWJ#?vZ89zn z&r-geqop>WqxafTGTV~8q?#51YAL;Pm+U>9!ZELPhAyH_yFv#-SV!&%IU8FATVL9^ zM+%xyB1l}0w*${fw`IjYg45+j*?D9`u7AyX3e_ z8=kTvEHb{OdyMRg8QrF|4vx<$y#jdYfxRvqz~OL4FH>Y3qe4IE5=6hI6vF9G&|0)q z-ClBFk{%S$e-1L;Z7Si(QG$ z0}AAzG7`%^<*l)G^(1@nFI7DuPaO{toBHEJI(JbiRCzZ_wui>@H9MHi*%nGXv2z(> z-eBMb>T1(v%I=qfiB*@>c(-RTQ!RDdX$dE=5Nz)$l@grG>`Se&LB2lvfW_bYE4jtK1Ixi<%>TKHVCr z<6cS$2+r|*M5>5GtuF>h^)-G^mlHMb$Ys8SLwj~Y>%t}09`_Q(W9tP?L{_NYx8}== zJFLA(ml{NAuE{i|6wyb7*zk43I7)Ax0UUJSQ?Rg1aEyBgfS~Oo`HQD=M2YI%69csi z!7m6CL(&vo_*+Dp8cPkRkiu7@?_+!sph!E7zD1T)B+S2nk|8`mF3m8x)0)DIBoijd zB`pDMVAdP+D<~?8)=H7;bp%3Hhz(r6k@c;O{)*GrmHYOc7{$xv?Zu}0 zRb+z9uLTqYeZ5;xaD*jZI%P-HV#=meUafemp*ZeXZ?pGR z#68`l-W`d59QDZ^*`?;|kW;2X`cf7e9HBl2ugJ4uP7Pd3eM;Y{wXKN5>0c9Z5V20G zMP~CziW#e41nfEH$N~1*b>Bk$m7Mw^#);0Q-yfthPe=f{Lg9c|s7{bzwvU4q6pkj)4B~Aj3>I zo2A<82WIfc9nr?yJr2_44AV(5kGAwq6&m7rzj_my`9isw676#6*RL%%4MR@1C+aq4 z>mT8oIRAAVr@5+dVLbI5h+AZi*HoC-IAu#}aP?j2u=X(@b3hjQyz2||nFP&@&s&FQ zxhrJh%mp(`ZBh>^r9#po6_DAY*0>`s*^wtIL;*0`;9?n#Xnc~h9S28^8m7g`VlhS0 zf%hUPSU$8L6Y=tW>pI#AmhVy@Oi}rmNMOq*kT$KCK~V+jj_h+ghz#?uotlXIAGc@iCf2u@b zHK9RW?$^pSnd8P649cU6jQxiSFz+oxDnIA8;I!vd-eE4#{is@rtg994x^0_Y`@aFp z=3`$l`}pH%95`L~2A8<|S7#fdX)Rap_(47lO0Dv5yVU<$pP`v?Z^sNnf=URNH!oBqy{|V2crF!Uy;5y#xdPQ@EyYAXr10 zt~Dqtk}*JL$=l#;!WmfFyVe@=`dVKitJIZ%9SP04r3?BO2TZ^CkPN=$k257j(fG1Sqo84qzW;oHAt(EG@ z&$i4vQo_tY)MvSXt3$=n8jFG=8T~`%0g2tH$ugC*vUNQk#?_dBFS;9Zn4>s9Ehu z+uF?7Hv}GxlG&qQ*RM^mRQJzbukh1kj`gZfyHse#?kle3f3^{3lsSBQSGKNeUiqhq zwB4Gf?ODa7z4JrrYX+ep-AZI`$4_?zceyfGt<)yox^MdN=UPeR8ydRHcW2oq&B1DY zf-qDrbIk3$!l`-#q>Z(_A-HA}Lt{TEv~sn~xE$yxmaXg!jQ_jF_&-9MASIm^bT6t_ z66|Wtx-Q}$D*$Rfu58LI=BML-23LM~$clx4{=QIlC=Ks|~hU)S!lsv;DwYq`|>?3>=8DCv8M)~MFo1QSO~uUeKOK6FYxUF#B| zFBLuWivf2`kD2*jP9SR@O&;sc(UYDSn6#WVm`-aTf{Zdim|!6enirDi_vHxF4z2Yq zkh{u(4ohEY&+2FvBtn|5g8J%Ja%SE5qIsdK!YFgX_nlS!xwVO#S>837kIRg+WyFG) zappIfg%dS4%hd{xn90dZi|l%XlBNpd9ZF#M1T(v6{)+u-K=FT8Q~eZD7{q9SLJGr! z+bX03ou5hyY`5Y0!#k0uU{xJIIBL!B|KJGwH}>l=%O9j1d zm3}$u2gh#J;hma)z3}+I2OYe{{{$U8`&r>nH?&@Kold+a5pe-Kc*s0@XlSN~fAw3Y@7)i3$+NSokETqj z*9Kz_?cx97B1^-b0y(T7ztLoC-Ji2u06}^nwX&^Zm1Z=ik?|19gW;#8*_w~W4}6O? zZ5oFmO4oAl=A&P~detFxciZrea)4Y(|F*}YCx?fAa8Tm$Zty*|l8-15VYfw*1EnA8 zhjz%B<*N=SvMaqEgz|7J9kMC7kE^DUK3j|#iyOI3#@HOzO{0afL(jm4GOO|0sf{O#v#Ba>5OTYy63CoqCLUI5* zF&GaT_9T#D*^(R;Ep47*$LIw^acn92GEsB#-pe^&FnxZvlW_>G0A|xSU($0ETI^J| zq>HPJ?d~*lXO3hhpyEjG!8OGKS<)`lbI!fBwj{C#6uQ4% zd=+qbrcMeKTWa7(a%&b{YTdGg!kU%dS$j^$OVrBcTzZbmr35kjcw-48JxlgEx)n+n z#8gS1_Brl()PpY93=-8Z^1$fozpnK8Pr2s5rUn1+cpO@QZ);%XYymPV2jwcH9~^rd zU^#N@d#~jTh+vjTiunS^f8%e55-ta4{1tuv@OB^x3_}y!WBTLV*%l0N#q$lpH)tTY zxul^%j{biFmlsz19h{W?&fhaVdtCNmg>JWil!WTFde_5B7NRV;`jU3{u>_xrtg53% zw=qo|Gwj}R?26wcSV$Eo%(DjHA3DeYwNLLS8^Eou6_5X3@bvIL6x^Dn4dA+d8_12_ z*7}W;sR!zouDjrWaNM600!2>&_aPh6hU|nlAan0f=LJyH^ohf&tGToBWzJflkRMe$ zs~KB{Mm-gUZ(rC0S<6@VC0NE_9e0F1Q^M0apFGcn^_vHo_4KVo*1c-hl{YVd_ytH} zzD=ugYXurhlsebm(b`6z-ztJ6Gb1H|aw3D%KP4wok$ zM?NUEgq)|!A;Wzv_IlX@P?j)}o#DrH1GQk5#FB$!6Fc)$#hTa=S0WxTOZ>sH;>6No zpH18V-&=VIqX6W0=Yc;Wfccd*29@4xHgd{-vO57Bd9Z&rGPyYR4!L|4Q zjpd_<1wf_{o2!3cK4t{p)Nmi`1DP(P;8I!8eSOv)`f{8yNFhmxIRe}ZRz&-mGA4=9 z;^e!L^~`4a;cnp$tNip_T0c6h|BYBwZMpZBr<$Efpzk*+O%*l9<%IT>xQk%q#J4y# ztBfsjZG2pjyFgbdfFLAuM@VC}x_Po(6)JuRagnj2x1rv1e*e|v|J30Mo!ZMd z;Envj!9I+31a+w$9Pp-H=$_c_4-VE*Iw+q|3**4LufcaT*1>3smlDYKT;cd{JL>=b zH2?e>{QKSf{cip%;nUyi=I?d$_qzE5z~cjKw+M2Sp~+g0LzGCf~ANDi|BqP z4{9cmIe$1i#fY3_cD)2N0<~hpt6^6tQHT@hXpAWD zKDa?9VNShysF?34thEq;mk-8RNa8h)V; zPPc(h^D_kwNuQt6~|x#{|~-zN__<(gI>Bi7#GYc`#S$ z(S>4RLNSn*BAY0a*SW7=zmi>avwMd6IJ~XBpvQylCYKzB5D`4kX>p1zDT%H6J@P3d zpCv*Mj9mh}J)8rPVv2w(E0|FO5lH$>Ul{p3adyHYpVzKv7 zXbPUEOA=#8Z*fS~69GyV5XV^8>7R8;otpVApjin9jsr4(PqAu!`RYyE%W?Oy-OFKb z+8%uUA`)<;i4>}<(6=Dv#n@+71Je7KNE8*ovG_DY|2dBKx;|hAG#~+@=?&Cg@-P%g zgQ?mGHV<41{c>9CnWM@Pu1sp;03F*dC@%$=@aEc^-uzsR&`b#ygVzIg)->y?# zaiUbW<`mImDwQT_<7+|i$TJY;kL#wY-I

    UngXdgCx=DXdh3}V(H^?OdvVT+6(D~ zyAd=|k+3&KK5dWTt8I~csV z3G9nNZVzZZEe7Ck&~u5w;S~P>(Cv^&(oM)H1*szBv$-`4_{w>3#PyY@#&BO%?3Q z(XOXw>!UdDlU*r}{1Ri361PhmQsNL4e*w*wn_7Jfoxz*N-gZCIbTQ7Ipc8n(HJP^CPR)0?hYcg zQ&S7h%@U{K(~8CEF7K-0+8uTq^NMLoRxU@}wgaGVtp>Jd%am%<_TEU$XuYGW*V+!esC!oeGi~F`Tx8v7vNNg+3j)b)p8S0;=A;MY7rL4pl_;~G zdf9ib@a(JN;``(_R0Z|gt0?PM3Fh%&p#gI6sMC<4-*wUldkS^~25wN6$v#Zd(h|^M z^j`x&?Gg7p!B&{r(Mvc2%sgjlj&<>9^>`JSb%@Eu+4lB2FpS0RJ5{{uu47$g20X%+ z3rD(b`%85j2flVr>h@*ZbxPiuQT(fhR_%ozD1)ThVGR5b=h^*(ik>Da6%UKKk7qC0 z&6>(Dd}Vn=>Mq$Oi|U&?D@EHOi&4pxSt*Z=c~Fn&ru~}tF}2-Ow2)prCweEeJy`0x zp-OFfj#L`vZeZ?WAC8$InK`j=iZ zmK!8^MSeb9M`G5nL8p;Whng_7vDU?=1G&hOwP?Hfa* zFu!(~#LPvK1?5g}(${>e_1+`dpI=ccQsa#U=dPEy2cexBlB8@M(59m}h$qUKXs9w= z{hs|7$(p>_m!pZBqzCszA2qw*JxSA(q&QLQo#0Hoh%2BaXvulrCS4pBS35DN9cdr0 zfbMMLB#FjwAIhKX`K*Pq5&b;zjyE$n-ASo(wZ_AXxYpa!PGWEgVDT)WW=r|HcuzIQdZKR|hH zLG|{+#jbun&@5@_>st7E>UpcTOXx4+-5&6sv%l9^I_`gMyXFfaZlK{D$L}JxkwAQU&zda+h_o z8Vn)1!ABtpbmhK4wSnr}SY^h4oA}|3U=0)#jdSN4a zBZcEx&4qW%vx$j8) z;K+*H!~Ed*m=A`db%v?9FH2zS>U2MRZ=q!GSi{cfMhJ? zC>@&C>Cc30B7p0i($t^+HJ;J68>neGJ!56EqisrWh8cx_5#6v+;tw_43cEPm=(*1xr!sz+xs}=WaIp##K3NomrDHf zZC;I>XLJ+gT4tW@!ix;r3OA*U7`niwkys>_+q!ATD6ih z+ST{g*Y6(N12Rc<-+d{rJQ^bVrqK>Sryf6Ne1f#FrNHWY-!M$zz8w$}`0MJNG+-9e zk<%2&z%LjQwuI4vRN)6O>;j4(2sHtkLC{mNNc)>{3@^|s;OY*$-m(1zN8gu+-gmq?BEHcStd zKr%q43Ta(vkjbbp5qwa$GETa+j!cjl=1nTE23|9J=w7S~*jVt&juH1YqF%X9hDvIn z;`P+W16jO`6L9Y9ew3}mc|MFj)erS6NTxR#)ssRel48Ue@c1xiXpfMCN)pCWHcnaN z%4M6;3mSsq=DCb&SBB_Z)Z>Md=3ekdhgs6Tx(ocK2+|^+PG{_kyLZBVsT9?Y_l)ST*^eS-z5w8f&L`^$<4kZICH~Xx69T% z7p5cRA75t4mka`2b-L;k2I(!{ZoY0Ib!NWypoojC(C!VBl1DPJhk$Kj$*E3N9MDVf zukWWE*bez?uDj4dX0+(N=sH=lrYD@bIyryt*l)qZQ?!=2pL* zbb2?5f;jS?C-Rw%)KF)u2CF8^&W{(#kCJW%&bX?cEYeYU;$(H6>a+hmtW31Ke}F){ z2pYUU7b>gQ*Y(w)nb(xMXawy9tFKWMhxp1;iG4X|i<-2JJ`neCP9-0JfH8RP(C~nqgA>}AB?W^%YU<2oL6a2l9|{XKPj!v zaUc$Me4DV{O88Zol15IptlWn##=UBcf?<>gx?t5 z+Gsu6DwKQE>@??2({B>EH1GyH_T|~t)x%)#QLYWUJ^w35j6Alx3;NX)&X3(##(4eU zsHt6OjZt0jVm-FcILNZYAJ}+s?z!(FS7?GA=vdm>Y49gUE#==18_vudpH%^ zI!uHMW6lBGj7(}t{3hND$_0dMxqxikF|v!!XkF{(WojVljrsQPU7aAmriSQVbse{! zZ?^jKwYNu<--=9{vx(qAA=swK=z#*Rfit1()MX~vckYP-z~;q38VB~N?M66dFsgh0 zh1NzB1uEzxmYB%0prAhXE+i(xjGnH282#wmA^WD3b%{>StMd^nD(q`^@D&Rv^$Yfh z@K>m7bRwQZp1*zeK8%yeILK!!Vj>GDCtlHU-QY{XxYn|?I~e_c&=BeH7RW{k15Wrh zr#!0uMh(G05#ZAqO#k;RKgQv=%Lo(kev}wU`JziTP#Th_otY&bb?Xklpd$}eecvuk zOV<*8*gd(IcE{!F!*}%Wm11uk(1l&CcVf83=3KM;1TW1gzf(kTCiYlSHa?&wF2MSg z-?|q|^Fw_SGVb`fR^;{`PfGmYin!9R7MT|#$9V@qy^xfwRhss_%Q&S8 z!^1s!VZrE5WoML5e`&ml`raU<0322Y@&n_P{deXM&m$N(0(H`1^k@^+8L_X`qqUb9 zcSl*jP%Hx_c(b(NbD>YxqJYoB{K;S(gducfJelaqZpaR5S_!1rzE)zCU)ReIf3yF)Jrsl9R}34f?6UH zoNYYzxtG?gCq;z?L@AXVHc=v5Mc8sJIceoA3pBRcm^kvY8{IC3H=*k$52Msb6R0!S z&ypyxi-aJ3t`;c;m*cJ&?H&spG9u=%3N=zf>xqYb!rkUVDM>GwS=RE@bh|uE$SWEY)Y1PchHAs~xGmbD~w1Luq4)Ai}8=aGGMJNPknM&Z?r+RP~E zb6CG{dS8gC5a%J72drUVSe@jiW;c9sulQ8lehF}ob2CE&zj=5e4T3r-VMAEzKoK3v zd<%qE0il!4C2%dmWUAQUY#KJmFua-9>oj;@9EBVZzlBOf| zu5?;x9idQ&Uvm(B_l?qCVB)p}4&t~Eg;VX9BGOIrJ*7^&2a8C|sF7}qbYV^i<({JX z+G!*l5iv?8O9F3@Pdq`E9JU=Ue#D-tdl z(~E8Wg5S5A!UWS#1AO#g7y_)_d-bS1EI9=_xT6nB!w`bLT@boZ_QDJ_3A{S>&czI> zEb#B^#!T#GB(-co){8mm&`l_V(*iK0Z5>9#t?3)nh7Vc>O}cXwqjjvRZcokXFQ)e1 zMoSE*sc}Vwi;3KmQYp7S%>h0nrkhf>u{ zJ#;<&cROivgl*SGZS%ABMEesK64!b@WKxv+kLPs~RU6`{O3J9XUdH^1o7E|U3X3q+ zlG_ndrv%lM?)aH0-H;OB03)P+idQ;|6O<*9*}4F+O!*H65d<5w(lXMag6i_Bzz1h(%=v>tY2@a7MW57K1IZ}-4}@lXGfgCO%n=`R`E>|j)L$x?8||3b*f zsY+A%6;Pw9Bx*o8!DdB90xX;&>Ey`kNSM3yUcCWKGp&T~1)-*S4X=OLRB7oS@r(BJ zkGiAm@9|Z6bD=%u&WOQ!k+FJBM?k$oxTIKet1yzUpu*Z9$lB+X?CSWK4GV!MePS-q z5gQ}mL@k`;AUQmvj^amyV{*h2a7@nd_18I-R-eeBOv-CBL&U4E<&WWdqf4TgSCU%( zo}880k>fJ*@9S++myKJG8)qAhWmQq-&Eq34Wr+o3M`|co)SI<&W#M!~k#YH$UGI?| z{cCR&tV_jO{0szr2<7gMybi_E5NiWpBkR(n3gb6o4?{=m&5P``hxi`b$PGBt1#sE(ZBx77wMLC>KCn7kGUQ5 z9t+-0p7Y`skI-TN^3v~-7dRzlMM)Y6DeOITExfSIK(OhF?o=eQ_WZSSnz>rFuof5S z+#GN*vjtWECv9ah;)_WhRT>#~X=6sYcQRg3)TT%Rq-~xp_b~{?9ksu{ht?kDiW@4gKt8 zYsotSigCfSs_8@LRqEZVhSmF4T~(h9Xkbi;R8{rGjMDgCx1b5dg*hJtFIWrg60;VJ zRA(9OYp}e4yao_Mib|^hTq!7VAh8$!B8&lCClsG&Ad+Eoa|KtJ zBNsMoc^9*#by`uPd0qg|`o&)NG2CDrA;e?KRFm__HM{SwUI^i&qR6iU%RG{BNX!6U zyyf!zA0?0hJl7Hcr^9LU8F~u#=vOdX+A+2akV}+O8PU5qy*e#98Jqjogfb}Cqbs;Y zy6T6mGo)>r&-d8uS^6pZKb>=WnS)+&J(E!J?vVqt4cPYn+T%vDQH5uN2(+gNJFZdNJc2(nH5 zR{M-j|C?07@Z|C)I%%|zfh?Aq(spe`4@iQ{jwSU@OYr1*fCiRL0Us(ffnOz|)iHyY zB?2_ldnxdq5Q`_$J+ z?@D}n^|Pa6ct^IP1V`eHkc-!~&MBMZ$k{>w=e- zc$|}dGQm*0XPl@DM9{$b%qiM7r!DUurDFP>d!^3@WR}mJ4W&&F?|zYKlPEMbBtBcD z^tO!2*(Rq`HE40_8o5i6--XLqut~6nWF#XamMx=QeQp|QR9imXHTVUsqj%ytD$B!; zYZRw2CDC>`wicYMs!(XZqoJT7V>Wa#vvTq1!s0O_@*r7x74Ag(ma;S*o+$M|y%kIT}BN zshZZDOB3<3NfYbiYE=lg*3DYCw00Fs7OXZh&$g4t^&_)Ji*#!LL7uJ6N7g&U6|PuU z8-(B-QY(x@aPk&C$Re(t!lz?l>+h?PY2I4k1Iy;VH?uMs_!I2E@Gr2jyPxDpQl}1{ zV7*GXfr6`DZ4>G$eCT@%4Mcx_=aKNshNq_2bj=$o(Y`Y`#~SL(e=&)AeK{%MOpuh0 z;C+oTgEtu1C(|pwEegijk*A8pGAnd$l5SQf^o)eWri3+#_)Y}vuC~2%h- z_I+)n!bL%_+Oq!Gc$xjRI%%ZBbE!JT_cdkeqt)P99$q!5>}w4k+&` zJvZtzt6)|Bd3C%T*>rGeE(Zd}{zrRX9@W(K?SC;!6cDsx z5d>n370|Xyu}UD}Vr@Yjh_e+flwt+yz$k|CGDuO2iHKUOkYG`fRzV9bs7M%;z}HH^ zP?4exh8n^k34{l|*w*&D*6Z)R_15pb_46;6sxe72zE z#+Ux@daY~Qo-DcO2Tm_)(Uv^wgR38Gytpyyw}mc8H=Xy(xM+CpqTjLAC--dHSAEg3 zA-nnf0xsQmY52_bMXOH*dtS9_O7jgXnDek^YyROH*kf>FOYmoo8;d-@-6{WmQ~p*{ z=R>qVn$ytjOv zPq}73^I3d4Ec|5X>reZC5r*`%-uFv0*62!yTl-XIY3@5<)<(G@zza_sz2n{1xG>xFKstI*LLpQz2tp+W}NMP8h2#*nzva`X7AYw zw`u+I#g>zf5AvpM$^OozDbHu=I< zy|;efFR8VCP%6TE{DXD5$ zMXi?z=ctgxQ-5pI{0}>JNb|>$ZT4zdcFR4B)JXF+N86#;dd(0@sF(V_Kss{G+?4s! z^seQ6)UcOgnz$@}F|7Q@16&=mz=FQ68F{> zUU_NUIZIzlcjmuJml_P&Yg`ZF(>@j`w(eAvl-L`p4gm;~2Yw{u?=1mRd+nb}<*tLn{_-R0gjWpBT;bFJ)vW5m5#_YW7WK4#f0zAGJwJu2_n z$ezDD_r|;5UUXcJS17-iUsp|n^;#GAg)+2?VOe$#y*IQMH4AXUAF|f;M`SE;bNcz3 zlJT8%G~*i|qx|C9XRT?WSGLp$W-q=HM}2r|;pPybY6gg2x&u~Bm)};qQu0&E7YTg0 zvZFMW+MvPI8M4mLn62Z;N9m@pNU)3oeMgbQsPZV~2iWSKd9OB9;|>XdmR|Y$D7VzE z30Rkrw24Yi@D$* zy#1Ay3u)+0I=XMLwQ(GIe5%VIa?z&Cqm=Y#?_qzPe;AxdcwW7D9FbU;!`y40g~GDM zV+L?a`A!Ex0xTvR+Lq=D%>eZUQ6k$Ly$<*tSuy^VDeSMS-ityfQ5SSXtW@}qBM+!d zpg;ZRj&UTv%oyeXtUmWxn}bP@N-rf`A4ld~Z1Aq+Cze?^{gWmlHE4Gq&OWG!f-fzq zPJMJhd-A%VrSB+uowj!z`L-qnR#N%s((BS zuJZn1t1tuB9r|?@Tzp`WUj^49hejn6%f1#Vhk8OFO)9+vLp5C4_`ZRQ8n>TDcx;m;k-(KE~ zp9BqUpDZn|tsqMo)uFF5moJlrCOJ3EhKjLcK=Iz26@fd_nOP29y^mBkT8@@`9jW~E z+8mBuEo1hkMb)dzd$tugcF9gT1Qd9wm=6q>wk?Sro5m04C!SKD$2VJT{(s*k`XBl+ zgTK{~{&IQr#MMb~LjLlZ+GY&X`bJZpQ2d`ImKcoPcse+?CcXa#EY0b*Gvk=Fi6>p- zlUN?e2_x@C{;L-!9hM5djHjaMG?a!@nig>O&02jra#_SqMopeCh&fm7iyWMP-O8QgIx>!Yo#@;_ z%I0`HO@iWI8d=K6)9B<envFcP}%jE~Bla(P>7^A3l zxUEB$JNXY{3$bpqe6fUUr;3fWPSTO3kaAL$J*t=yF-{*sNy^y8H^yh4XpSopuyHxLK^ zb3be<=^#%250MYpuN8_hr30GrX3Uim^_uOz3m_BPja7N(d>b*7qRP8P=1Zb$m4p+rz@NU!wyQigW`dUz1Jji)-t!?`xR;-%~^R zPi^^oxq|sW_kYCJL___tOGO&<#dk$KOu1m2#{8fVde{2kRB2W<gV+zk zMlgX{LdtMB7xJC#>|qYi@6dla-}(DRvHw3v;0Ymt%6g~{r73x&B2=n7$SCwT*qj?q z`ps*!;%Ss6B`Qjse-TOi2ybzxDpRG#iau=)8j@hFh*aKHuT+w1&>va`(xq$ep2e!@ z2Nj9J_)T5x*W*7`7OPE}gO#N%DvUqK!X}m6U+K}jl%2$#v9GXDL%q^>mX%YmL$cm4 zWW$axHaw|Cptu#c04mI@ngAM;0rEBsD(&sz-*i}D=TFygUOFklnxZ!4C~C!;SIhKh47?`b)k4>9y~`H7)P8sU|39D z=RZb+Y^bL7eV)pbtucq16`3dXS&REirR5VJ6KM8$;YMV>zY-FoDylnAew^o%m`!9} zX1k!xL1KkU*P|K=Rz-C?0F zp9q$f!eMe9V=60zK`<2RTQwzEXD+jkI{?2fKv5;r-+x6j>m$f^fiZ05Lt^%v6*#Cv zN<^TJ;ZGsog?ELxjgD(#Jg-CQ!@$pcLcH_I3uXdO1~s#?pzuB$$E$g3ka*zKkx_V$#Tz-!3xwp8p0z`azpwj}s7S*g=FLI7x?(Dy z$C_#<$efU$=6#sFBgkld(Xev8UJf#@GMbnIMWJIhCa;FA)}4QF^LKUNd;^CtrKzwD z%{pRVuuZ_wiBe|{?g?Sg(DP!?N4ljyv@Hxfm||L#LjF|EEl!7)tF zFcC$j8!eCn+ox-)Wy(g9KW@Y?oDC)Fbe%O+eg3I4EJajN<5Ez`8-67QIp1PcTQn;! z_1yH#K{d08L_el~={;k|vo=8V&rP(4KV`0X<1n-tzF~8`WY_uNrlZHVn`a}_oxn(Dj=suF?qx|G}bv!l3?U#>0F7Fc%xaijK>AI$s#hm$zUVzoGYVBY+1Z9p~GfVXu^K z4kEk;rT~!QKc>-H&hHRCp&mjMz?RYLno1D+2m8h(6Owl6V=Eu|@5fIffZ+#T!tfVB zwQi4ISd%2&F&)&Z0Fs_pL=k0UNR{_3rz&Q;cd8(Fl_Z@z52 z6ENh4wSUm_XAjb*H;Hj%^f+&bNfadi;!(fR@Bo-6zV(Ni01~7`Bw&&^60^0`m$g6- zgwbH2RO6R^0V~kkd;fcw7+##9@P!#r6o8a~po@W-v9f+9?N2iR_}6<~6eOCT2&LxV zr87(K#z8vU#>9<{lK?RP?BNMXhpOuQdBgIhP`L&F_lL!|plyWw2&<~7NG-5Fss{^- z>?+|wXsKF4pC`=nu3q#Lx+2he>7BI>UnV>?;f@JN(s^opsgA}%Oymp1ySqXmS`Bgs zNndyoG>p9jW(4-wVBjTc^$PPxD8eOz1{&zgaPnihjcS5QU2s5F?%_#&HfeaB=l#V} zJ-0=ubO7kLMf=?d@(EDVg;RftVf1bZ%+uRgj^|z0k^3St;&5d;0Y|dRfW|b%AW<>? z1Mdh(i+eHlgp_y^E12iI-@xwK7ce=-%9Y0Itl}oDfM$n4XA@5kg#=9#?@hqigwu_~ z9)6(Zi~sG{bnv=fKMPm`(ffh1T2vo*@aa?nxJ9y;RPJxSd?HxP*Q7(Vn5`uPl5wk( zV9-}S5Mpd_IIn!*D=3+X;xBV_Z_oSwsT4M)=uKj+h=V{Mw3)VNLP8F zv~Q)1B`mmO?eN^W-ab39S)~~Cunj|lLZ_Iz|9s~8GFiiWiDeBaNw6BiupEsAYoEwn zJ+-fmXX7Pg8LmJ!s9lwdGrR3~hLw%6EjyzSTPHa53KHipqoo_Kz1g}1ZKaN-2eu8_ z7u~;)EXOU|s<7cfO70ly_gK!qL{CFp;Oa5sN;GI~_i*V6ua%7)CDLtB*&A#?e9s*F z?N?g3#*$j63iAr&q)K5Sd$6+x?*EdF*t;oT@-8a`OMGmthS%6w$NfYfYiWZ{-ARohAZ68`<;7nYA6mMa9|Ek(%Gj^g~3bj>Y3do&@|H0N6Q zNIg*-0Zt|)He?4X8TKd4R zFVf~cpC#zL2p5}RgAU-CQTJC-1HZ(naj%R~%LWH{bfEJ})jHChqkx zQ-U^(z(sf$_Epxd5|L8t#T;+C64|77V=l^4MAag5$aZ0L)U|&?F1z1o z1=gR2g*V40PR>g9K!6Q%-g6h&E<0f=5VW{7<<^c%t_eR!lk#b@UTj5@ZpJ}_J8GXWo>Y#|0(n1~6-HJPnS~qEVHTc| z6g7YG{NXHN5iQ82uReD&1%^nc>|T3tE>moY?hK+Ni!VaD0LsQ+CgUa?Ixx_|%9HR( z^O792Iq?>CL$eB9cETkTb*Q$1z}S9jObSGq9hQ9!Xl)XS_?w;9mUf`FCVQ9ol4~}%E@+Zo0|VK`{9#k~O|?u* zQML)DD$CW$w86dM%pBa5DYBHi*p`iUHbT`F1_{1jp1?O^j`R(%9?v9pyqJKtB`cyt z&+0bLRo{t?3o7etNtztmDy&+Geki zU4t!K&ka`F8d%zsx%ovjF-wl5Dh^1uVxnJB{~N4t?B`I9Q>{%)kU>HQ5QN!hkB$^=?Z3&d8B@WQ}uaib~5tH!kZ8oFATC)jcej&(R=` zgn8DhT>}vlQf8SgH{CCmyP^)kVB9G6dozbPn^{X-Tzcu~B=5>xB(b60#1d?Lt~WVE z^qU}eK*DOzPMQb$GkY9ymppoH8<53(9-b+fJQVgGLIG6yj21KqvrRxGg?aNP7-#2hbdajOOcwj3aPY#?#xEH zeFZ{A!d%Zn1rWYR8H;9HV}?Ev?%6XRiE}jwD3Nl>IC8H%!Mj1&!8wB#&=PZXjF#QM z85fWs@N<3y=Al8rz{+1Y{ir+;pM>2SXqh9RGrOY+{7^b{!rert?A*LXnMzgUBTmE= zgaqQ-KKbyBedIYCu_uEAf(>nxqmW=2!h-XTsNZn2tZp!4L`)Ispw%K1XWP1p0vg_n z6x#SOx?#hYUI(x9TSa5(6h{%wMAl%4YIm;J2{nikwAKV8)50@U)@D27q&hcKZc(zk z-CdMMiycw$_fO580?Yw*^H95n5ASlEu6;_U7e7AGS2<~Uzohd#;e15e4!_j=z19g4 z2@}rF-@iD24nC{CJGD_XEP6+=0%*hY}Vy z(k4kFpv7_kFB}o#X?iCEmAPotbk% zR;Njz_A{uHk_-swPWf=^veXPm^!cble0d~$bkY(kB7Je-1muYI)CuJN%rkF&*3mtS)EoK*AGDK53F0~1!x|mLXOMW59VLuGFwjTbJvkhgSm<*>3YHe$?(CV z6~doP-EX+-9p2(1*o%!#>mFLs6Fw&EBSci1!Z-ZYouB0CT_u+E38UZF0 zHyi+Yg`216L8K$PLY)0jY zFsRZNm!=wewTfyVtoW5V7TMz#8(5k@Zz`cbnBZpgijWjS3f5LPpVNJ(P52bZ;B4Q7SGsHGA zOLdNAy{NyQB?`3`+4p6Lq%>V12FmuV-FfgD>-H^KbAn6ft{GD(#YHJ&wjUhe8?(>I zIAjk4k&R3T+o4kyO?oGbq|M@wDE+4+;BsXZtH9vU}6hXyGdBTGib zm&|$@l*@W9mq+gBJo1lh$xzIZ^MS)eXrG!H3c+a-_qqB&t+T+7YLf)`fg8D?yV-B8 zYIwlxPIS*!*k|jbw%1p@IeG4iT66AboI0{Oy2=KzBE}GZ#Z()dqD8og=rMd{qYhlV zu{=Jj>``P!ww%8yYs{o`LId9pS1|Da{=b+45-l>B4V^>gI+L$XUp1?bZ{ro#Ci3N zItk~CNJC`1Od51TjpxijQvPC~j*FzHbxg191x%9P%N HjJN(D?ba}2 literal 0 HcmV?d00001 diff --git a/docs/addons/etcd/tls/index.md b/docs/addons/etcd/tls/index.md new file mode 100644 index 0000000..dc7ca4f --- /dev/null +++ b/docs/addons/etcd/tls/index.md @@ -0,0 +1,667 @@ +--- +title: TLS Secured Etcd Backup | Stash +description: Backup TLS Secured Etcd using Stash +menu: + docs_{{ .version }}: + identifier: etcd-backup-tls + name: Etcd Cluster with TLS + parent: stash-etcd + weight: 30 +product_name: kubestash +menu_name: docs_{{ .version }} +section_menu_id: stash-addons +--- + + +# Backup & Restore an Etcd Cluster with TLS + +Stash `{{< param "info.version" >}}` supports backup and restoration of Etcd database. This guide will show you how you can backup & restore a TLS secured Etcd cluster using Stash. + +## Before You Begin + +- At first, you need to have a Kubernetes cluster, and the `kubectl` command-line tool must be configured to communicate with your cluster. +- Install Stash in your cluster following the steps [here](/docs/setup/install/stash/index.md). +- If you are not familiar with how Stash backup and restore Etcd databases, please check the following guide [here](/docs/addons/etcd/overview/index.md). + +You have to be familiar with following custom resources: + +- [AppBinding](/docs/concepts/crds/appbinding/index.md) +- [Function](/docs/concepts/crds/function/index.md) +- [Task](/docs/concepts/crds/task/index.md) +- [BackupConfiguration](/docs/concepts/crds/backupconfiguration/index.md) +- [BackupSession](/docs/concepts/crds/backupsession/index.md) +- [RestoreSession](/docs/concepts/crds/restoresession/index.md) + +To keep things isolated, we are going to use a separate namespace called `demo` throughout this tutorial. Create `demo` namespace if you haven't created already. + +```bash +$ kubectl create ns demo +namespace/demo created +``` + +> Note: YAML files used in this tutorial are stored [here](https://github.com/kubestash/docs/tree/{{< param "info.version" >}}/docs/addons/etcd/tls/examples). + +## Prepare Etcd + +In this section, we are going to deploy a TLS secured Etcd cluster. Then, we will insert some sample data into the cluster. + + +### Create Certificates +Let's create certificates that our Etcd cluster will use for authenticating client requests and peer communications. We will be using Etcd recommended [cfssl](https://github.com/cloudflare/cfssl) tool for creating our necessary certificates. + +If you have `go` installed on your machine, you can run the following commands to install `cfssl`, +```bash +$ go get github.com/cloudflare/cfssl/cmd/cfssl +$ go get github.com/cloudflare/cfssl/cmd/cfssljson +```` + +To create the necessary certificates using `cfssl` you can follow the commands below. + +```bash +$ echo '{"CN":"CA","key":{"algo":"rsa","size":2048}}' | cfssl gencert -initca - | cfssljson -bare ca - + + +$ echo '{"signing":{"default":{"expiry":"43800h","usages":["signing","key encipherment","server auth","client auth", "any"]}}}' > ca-config.json + + +$ export ADDRESS='127.0.0.1,0.0.0.0,etcd-tls-0.etcd,etcd-tls-1.etcd,etcd-tls-2.etcd,etcd' + +$ export NAME=server + +$ echo '{"CN":"'$NAME'","hosts":[""],"key":{"algo":"rsa","size":2048}}' | cfssl gencert -config=ca-config.json -ca=ca.pem -ca-key=ca-key.pem -hostname="$ADDRESS" - | cfssljson -bare $NAME + + +$ export NAME=client + +$ echo '{"CN":"'$NAME'","hosts":[""],"key":{"algo":"rsa","size":2048}}' | cfssl gencert -config=ca-config.json -ca=ca.pem -ca-key=ca-key.pem -hostname="$ADDRESS" - | cfssljson -bare $NAME +```` + +We have stored our SANs in the `ADDRESS` variable here. The above commands should create 5 certificates named `ca.pem`, `server.pem`, `server-key.pem`, `client.pem`, and `client-key.pem`. The `ca.pem` is a self-signed CA certificate. Rest of the certificates are signed by this CA. + +### Create Secret +Let's create a generic Secret with the certificates created above. +```bash +$ kubectl create secret generic -n demo etcd-server-certs\ + --from-file=./ca.pem\ + --from-file=./server.pem\ + --from-file=./server-key.pem\ + --from-file=./client.pem\ + --from-file=./client-key.pem + +secret/etcd-server-certs created +```` + +### Deploy Etcd + +At first, let's deploy an Etcd cluster. Here, we will use a StatefulSet and a Service to deploy an Etcd cluster consisting of three members. The Service is used for handling peer communications and client requests. + +Here, are the sample YAMLs that we are going to use to deploy the Etcd cluster, + +```yaml +apiVersion: v1 +kind: Service +metadata: + name: etcd + namespace: demo +spec: + clusterIP: None + ports: + - port: 2379 + name: client + - port: 2380 + name: peer + selector: + app: etcd-tls +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: etcd-tls + namespace: demo + labels: + app: etcd-tls +spec: + serviceName: etcd + replicas: 3 + selector: + matchLabels: + app: etcd-tls + template: + metadata: + name: etcd-tls + namespace: demo + labels: + app: etcd-tls + spec: + containers: + - name: etcd + image: gcr.io/etcd-development/etcd:v3.5.0 + ports: + - containerPort: 2379 + name: client + - containerPort: 2380 + name: peer + volumeMounts: + - name: data + mountPath: /var/run/etcd + - name: etcd-secret + mountPath: /etc/etcd-secret + command: + - /bin/sh + - -c + - | + PEERS="etcd-tls-0=https://etcd-tls-0.etcd:2380,etcd-tls-1=https://etcd-tls-1.etcd:2380,etcd-tls-2=https://etcd-tls-2.etcd:2380" ;\ + exec etcd --name ${HOSTNAME} \ + --listen-peer-urls https://0.0.0.0:2380 \ + --listen-client-urls https://0.0.0.0:2379 \ + --advertise-client-urls https://${HOSTNAME}.etcd:2379 \ + --initial-advertise-peer-urls https://${HOSTNAME}.etcd:2380 \ + --initial-cluster etcd-tls-0=https://etcd-tls-0.etcd:2380,etcd-tls-1=https://etcd-tls-1.etcd:2380,etcd-tls-2=https://etcd-tls-2.etcd:2380 \ + --initial-cluster-token etcd-cluster-1 \ + --data-dir /var/run/etcd \ + --client-cert-auth \ + --cert-file "/etc/etcd-secret/server.pem" \ + --key-file "/etc/etcd-secret/server-key.pem" \ + --trusted-ca-file "/etc/etcd-secret/ca.pem" \ + --peer-auto-tls + volumes: + - name: etcd-secret + secret: + secretName: etcd-server-certs + volumeClaimTemplates: + - metadata: + name: data + namespace: demo + spec: + storageClassName: standard + accessModes: ["ReadWriteOnce"] + resources: + requests: + storage: 1Gi +``` + +Let's deploy the Etcd cluster we have shown above, +```bash +$ kubectl apply -f https://github.com/kubestash/docs/tree/{{< param "info.version" >}}/docs/addons/etcd/tls/examples/etcd.yaml +service/etcd created +statefulset.apps/etcd-tls created +``` + +Now, let's wait for the database pods `etcd-tls-0`, `etcd-tls-1`, and `etcd-tls-2` to go into `Running` state, + +```bash +❯ kubectl get pods -n demo --selector=app=etcd-tls + +NAME READY STATUS RESTARTS AGE +etcd-tls-0 1/1 Running 0 6m +etcd-tls-1 1/1 Running 0 6m +etcd-tls-2 1/1 Running 0 6m +``` + +Once the database pods are in `Running` state, verify that the Etcd cluster is ready to accept connections. Let's exec into the `etcd-tls-0` database pod and check cluster's health. + +```bash +❯ kubectl exec -it -n demo etcd-tls-0 -- /bin/sh + +127.0.0.1:2379> etcdctl --cacert /etc/etcd-secret/ca.pem --cert /etc/etcd-secret/client.pem --key /etc/etcd-secret/client-key.pem endpoint health +127.0.0.1:2379 is healthy: successfully committed proposal: took = 8.497131ms +``` +We can see from the above output that our Etcd cluster is ready to accept connections. + +### Insert Sample Data +Now, we are going to exec into any of the database pods and insert some sample data. + +Let's exec into the `etcd-tls-0` pod for inserting sample data. + +```bash +❯ kubectl exec -it -n demo etcd-tls-0 -- /bin/sh +127.0.0.1:2379> etcdctl --cacert /etc/etcd-secret/ca.pem --cert /etc/etcd-secret/client.pem --key /etc/etcd-secret/client-key.pem put foo bar +OK +127.0.0.1:2379> etcdctl --cacert /etc/etcd-secret/ca.pem --cert /etc/etcd-secret/client.pem --key /etc/etcd-secret/client-key.pem put foo2 bar2 +OK +127.0.0.1:2379> etcdctl --cacert /etc/etcd-secret/ca.pem --cert /etc/etcd-secret/client.pem --key /etc/etcd-secret/client-key.pem put foo3 bar3 +OK +127.0.0.1:2379> etcdctl --cacert /etc/etcd-secret/ca.pem --cert /etc/etcd-secret/client.pem --key /etc/etcd-secret/client-key.pem put foo4 bar4 +OK + +# Verify that the data has been inserted successfully +127.0.0.1:2379> etcdctl --cacert /etc/etcd-secret/ca.pem --cert /etc/etcd-secret/client.pem --key /etc/etcd-secret/client-key.pem get --prefix foo +foo +bar +foo2 +bar2 +foo3 +bar3 +foo4 +bar4 +127.0.0.1:2379> exit +``` + +We have successfully deployed an Etcd cluster and inserted some sample data into it. In the subsequent sections, we are going to backup these data using Stash. + + +## Prepare for Backup + +In this section, we are going to prepare the necessary resources (e.g., connection information, backend information, etc.) before backup. + +### Ensure Etcd Addon + +When you install Stash, it will automatically install all the official addons. Make sure that Etcd addon has been installed properly using the following command. + +```bash +❯ kubectl get tasks.stash.appscode.com | grep etcd +etcd-backup-3.5.0 18m +etcd-restore-3.5.0 18m +``` + +This addon should be able to take backup of the databases with matching major versions as discussed in [Addon Version Compatibility](/docs/addons/etcd/README.md#addon-version-compatibility). + +### Create Secret +To access TLS secured Etcd cluster from Stash, we need to create a Secret. Let's create the Secret containing `client-key,pem` and `client.pem` from the certificates we have created earlier. + +```bash +kc create secret generic -n demo etcd-client-certs\ + --from-file=./client.pem\ + --from-file=./client-key.pem +secret/etcd-client-certs created +``` + +### Create AppBinding + +Stash needs to know how to connect with the Etcd cluster. An `AppBinding` exactly provides this information. It holds the Service and Secret information of the Etcd cluster. You have to point to the respective `AppBinding` as a target of backup instead of the Etcd cluster itself. + +Here is the YAML of the `AppBinding` that we are going to create for the Etcd cluster we have deployed earlier. + +```yaml +apiVersion: appcatalog.appscode.com/v1alpha1 +kind: AppBinding +metadata: + name: etcd-appbinding + namespace: demo +spec: + clientConfig: + caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM2akNDQWRLZ0F3SUJBZ0lVZEJYNnU0RHRyNDA3WkZDTWN6Nzg4Y1YyWHVJd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0RURUxNQWtHQTFVRUF4TUNRMEV3SGhjTk1qRXhNREU1TVRBeE56QXdXaGNOTWpZeE1ERTRNVEF4TnpBdwpXakFOTVFzd0NRWURWUVFERXdKRFFUQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCCkFMZmp6OEJhbDhpWTdjSTd2OHNFdndpSmJnQXBqTDIvNnVZbXBaQVZvcW50cjJCcmFMbTlCb1czdkMydm5tbWYKWDhRUFBsWnFIeUxzY1gxZUlpazJyWHJEYUdQaU45VHhLQXVrbWJjZXFsUXZScGNZZkVaVTBQMzhNc0xsQUlHaQpZamZxRjR5Z1UyMjA0L3FucVVPbFFjLzh2MmJpRFNSQXNUM1NUT2FVemdMd05KT20wOUlqT1dUQW15Q2xXWmxnClJmV2tETzVTQ0xZd1pmQ1Z1MTdBalJRMTNsZTdocW9GcW9SUW96dUZQMFp0dlVFdWVPSXlSa3ZlYTFRYVNyTjgKcm1aN1BaL0lIb3dyNjFtMFd0bVE3ckw1eTMyOTgxb3hRNGg2UHdLMGNGNVNyOG9WRUR0TGZVeE1OWHpoMXpRUAorY2FhZWlUWklyc1dqRGNxSm9VWk1wVUNBd0VBQWFOQ01FQXdEZ1lEVlIwUEFRSC9CQVFEQWdFR01BOEdBMVVkCkV3RUIvd1FGTUFNQkFmOHdIUVlEVlIwT0JCWUVGQ1FzZmsvcHJxWGwxKzhIODk1WUFmZzR2THQxTUEwR0NTcUcKU0liM0RRRUJDd1VBQTRJQkFRQmpOOHlxalhEaUdqaDFuUGdKVFpZa1FCa1E4SFZHeThIdlFWWG0zdFhHM3RLcApTaVdDQTlPbittR0xZZTlCMi9lOEFJNkIyMFB1Z0NZWHljMHVOb1RiSFdiZ01pNURiNEVZYXdDdVpkN3M4MXlUClRXY1N0VWZFeUdKNW1ycWZ6OFFPaUt0Sk1UeWFYbHllWllURnhnWUsyOThTcDhubFBRQlgzNVBDakZTbXZwa1UKY0N5TllYMDF1RnFhWE9FZTdkTnpBUmhIaU1xVFM0dkNUUnFrbFpMWHB6a3ViZER3WTVKK3gzYmptcDk1RUtmVwpJbkhERTJ2ckxsU0crZDVWNnBuUG54bXc3aGg2L0NMUTNVMXM3V1d0clVlSU9NUDdCcFJxRG05TjJhajJXUHNLCmpEYXdRcFpGdGhmbEdJR1ZqUUNCNFMwTkQzWWliSkVqdHZHMnBuTlkKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ== + service: + name: etcd + port: 2379 + scheme: https + secret: + name: etcd-client-certs + type: etcd + version: 3.5.0 +``` + +Here, + +- `.spec.clientConfig.caBundle` specifies the base64 encoded CA certificate. Here, we have used the base64 encoded version of our previously generated `ca.pem` certificate. +- `.spec.clientConfig.Service` specifies the Service information to use to connect with the Etcd cluster. +- `.spec.secret` specifies the name of the Secret that holds the necessary client certificates. +- `.spec.type` specifies the type of the database. + +Let's create the `AppBinding` we have shown above, + +```bash +$ kubectl apply -f https://github.com/kubestash/docs/tree/{{< param "info.version" >}}/docs/addons/etcd/tls/examples/appbinding.yaml +appbinding.appcatalog.appscode.com/etcd-appbinding created +``` + +### Prepare Backend + +We are going to store our backed up data into a GCS bucket. So, we need to create a Secret with GCS credentials and a `Repository` object with the bucket information. If you want to use a different backend, please read the respective backend configuration doc from [here](/docs/guides/backends/overview/index.md). + +**Create Storage Secret:** + +At first, let's create a secret called `gcs-secret` with access credentials to our desired GCS bucket, + +```bash +$ echo -n 'changeit' > RESTIC_PASSWORD +$ echo -n '' > GOOGLE_PROJECT_ID +$ cat downloaded-sa-key.json > GOOGLE_SERVICE_ACCOUNT_JSON_KEY +$ kubectl create secret generic -n demo gcs-secret \ + --from-file=./RESTIC_PASSWORD \ + --from-file=./GOOGLE_PROJECT_ID \ + --from-file=./GOOGLE_SERVICE_ACCOUNT_JSON_KEY +secret/gcs-secret created +``` + +**Create Repository:** + +Now, create a `Repository` object with the information of your desired bucket. Below is the YAML of `Repository` object we are going to create, + +```yaml +apiVersion: stash.appscode.com/v1alpha1 +kind: Repository +metadata: + name: gcs-repo + namespace: demo +spec: + backend: + gcs: + bucket: stash-testing + prefix: /demo/etcd/etcd-tls + storageSecretName: gcs-secret +``` + +Let's create the `Repository` we have shown above, + +```bash +$ kubectl create -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/etcd/tls/examples/repository.yaml +repository.stash.appscode.com/gcs-repo created +``` + +Now, we are ready to backup our data into our desired backend. + +### Backup + +To schedule a backup, we need to create a `BackupConfiguration` object targeting the respective `AppBinding` of our Etcd cluster. Then, Stash will create a CronJob to periodically backup the cluster. + +#### Create BackupConfiguration + +Below, is the YAML for `BackupConfiguration` object that we are going to use to backup the TLS enabled Etcd cluster we have deployed earlier, + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: etcd-tls-backup + namespace: demo +spec: + schedule: "*/5 * * * *" + task: + name: etcd-backup-3.5.0 + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: etcd-appbinding + retentionPolicy: + name: keep-last-5 + keepLast: 5 + prune: true +``` + +Here, + +- `.spec.schedule` specifies that we want to backup the streams at 5 minutes intervals. +- `.spec.task.name` specifies the name of the Task object that specifies the necessary Functions and their execution order to backup our Etcd cluster. +- `.spec.repository.name` specifies the Repository CR name we have created earlier with backend information. +- `.spec.target.ref` refers to the AppBinding object that holds the connection information of our targeted Etcd cluster. +- `.spec.retentionPolicy` specifies a policy indicating how we want to cleanup the old backups. + +Let's create the `BackupConfiguration` object we have shown above, + +```bash +$ kubectl create -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/etcd/tls/examples/backupconfiguration.yaml +backupconfiguration.stash.appscode.com/etcd-tls-backup created +``` + +### Verify Backup Setup Successful + +If everything goes well, the phase of the `BackupConfiguration` should be `Ready`. The `Ready` phase indicates that the backup setup is successful. Let's verify the `Phase` of the BackupConfiguration, +```bash +$ kubectl get backupconfiguration -n demo +NAME TASK SCHEDULE PAUSED PHASE AGE +etcd-tls-backup etcd-backup-3.5.0 */5 * * * * Ready 11s +``` + +#### Verify CronJob + +Stash will create a CronJob with the schedule specified in `spec.schedule` field of `BackupConfiguration` object. + +Verify that the CronJob has been created using the following command, + +```bash +❯ kubectl get cronjob -n demo +NAME SCHEDULE SUSPEND ACTIVE LAST SCHEDULE AGE +stash-trigger-etcd-tls-backup */5 * * * * False 0 65s +``` + +#### Wait for BackupSession + +The `stash-trigger-etcd-tls-backup` CronJob will trigger a backup on each scheduled slot by creating a `BackupSession` object. + +Now, wait for a schedule to appear. Run the following command to watch for `BackupSession` object, + +```bash +❯ kubectl get backupsession -n demo -w +NAME INVOKER-TYPE INVOKER-NAME PHASE DURATION AGE +etcd-tls-backup-q2dk6 BackupConfiguration etcd-tls-backup Succeeded 41s 60s +``` + +Here, the phase `Succeeded` means that the backup process has been completed successfully. + +#### Verify Backup + +Now, we are going to verify whether the backed up data is present in the backend or not. Once a backup is completed, Stash will update the respective `Repository` object to reflect the backup completion. Check that the repository `gcs-repo` has been updated by the following command, + +```bash +❯ kubectl get repository -n demo +NAME INTEGRITY SIZE SNAPSHOT-COUNT LAST-SUCCESSFUL-BACKUP AGE +gcs-repo true 42.105 KiB 2 2m10s 47m +``` + +Now, if we navigate to the GCS bucket, we will see the backed up data has been stored in `demo/nats/sample-nats-tls` directory as specified by `.spec.backend.gcs.prefix` field of the `Repository` object. + +

    + Backup data in GCS Bucket +
    Fig: Backup data in GCS Bucket
    +
    + + + +> Note: Stash keeps all the backed up data encrypted. So, data in the backend will not make any sense until they are decrypted. + +## Restore Etcd + +If you have followed the previous sections properly, you should have a successful backup of your TLS enabled Etcd cluster. Now, we are going to show how you can restore the Etcd cluster from the backup. + +### Restore Into the Same Etcd Cluster + +You can restore your data into the same Etcd cluster you have taken backup from or into a different Etcd cluster. In this section, we are going to show you how to restore data in the same Etcd cluster which maybe necessary when you have accidentally deleted any data from the running cluster. + + +#### Temporarily Pause Backup + +At first, let's stop taking any further backup of the Etcd cluster so that no backup runs after we delete the sample data. We are going to pause the `BackupConfiguration` object. Stash will stop taking any further backup when the `BackupConfiguration` is paused. + +Let's pause the `etcd-tls-backup` BackupConfiguration, + +```bash +$ kubectl patch backupconfiguration -n demo etcd-tls-backup --type="merge" --patch='{"spec": {"paused": true}}' +backupconfiguration.stash.appscode.com/etcd-tls-backup patched +``` + +Verify that the `BackupConfiguration` has been paused, + +```bash +❯ kubectl get backupconfiguration -n demo etcd-tls-backup +NAME TASK SCHEDULE PAUSED PHASE AGE +etcd-tls-backup etcd-backup-3.5.0 */5 * * * * true Ready 25m +``` + +Notice the `PAUSED` column. Value `true` for this field means that the `BackupConfiguration` has been paused. + +Stash will also suspend the respective CronJob. + +```bash +❯ kubectl get cronjob -n demo +NAME SCHEDULE SUSPEND ACTIVE LAST SCHEDULE AGE +stash-trigger-etcd-tls-backup */5 * * * * True 0 6m25s 95m +``` + +#### Simulate Disaster + +Now, let's simulate an accidental deletion scenario. Here, we are going to exec into the `etcd-tls-0` database pod and delete the sample data we have inserted earlier. + +```bash +❯ kubectl exec -it -n demo etcd-tls-0 -- /bin/sh +127.0.0.1:2379> etcdctl --cacert /etc/etcd-secret/ca.pem --cert /etc/etcd-secret/client.pem --key /etc/etcd-secret/client-key.pem del foo +1 +127.0.0.1:2379> etcdctl --cacert /etc/etcd-secret/ca.pem --cert /etc/etcd-secret/client.pem --key /etc/etcd-secret/client-key.pem del foo2 +1 +127.0.0.1:2379> etcdctl --cacert /etc/etcd-secret/ca.pem --cert /etc/etcd-secret/client.pem --key /etc/etcd-secret/client-key.pem del foo3 +1 +127.0.0.1:2379> etcdctl --cacert /etc/etcd-secret/ca.pem --cert /etc/etcd-secret/client.pem --key /etc/etcd-secret/client-key.pem del foo4 +1 + +# Verify that the data has been deleted successfully +127.0.0.1:2379> etcdctl --cacert /etc/etcd-secret/ca.pem --cert /etc/etcd-secret/client.pem --key /etc/etcd-secret/client-key.pem get --prefix foo +(nil) +127.0.0.1:2379> exit +``` + +#### Create RestoreSession + +To restore the database, you have to create a `RestoreSession` object pointing to the `AppBinding` of the targeted database. + +Here, is the YAML of the `RestoreSession` object that we are going to use for restoring our Etcd database cluster. + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: RestoreSession +metadata: + name: etcd-tls-restore + namespace: demo +spec: + task: + name: etcd-restore-3.5.0 + params: + - name: initialCluster + value: "etcd-tls-0=https://etcd-tls-0.etcd:2380,etcd-tls-1=https://etcd-tls-1.etcd:2380,etcd-tls-2=https://etcd-tls-2.etcd:2380" + - name: initialClusterToken + value: "etcd-cluster-1" + - name: dataDir + value: "/var/run/etcd" + - name: workloadKind + value: "StatefulSet" + - name: workloadName + value: "etcd-tls" + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: etcd-appbinding + runtimeSettings: + container: + securityContext: + runAsUser: 0 + runAsGroup: 0 + rules: + - snapshots: [latest] +``` + +Here, + +- `.spec.task.name` specifies the name of the Task object that specifies the necessary Functions and their execution order to restore an Etcd database. +- `.spec.task.params` refers to the names and values of the Params objects specifying necessary parameters and their values for restoring backup data into an Etcd cluster. We need to specify the folowing parameters, + - `initialcluster` parameter refers to the initial cluster configuration of the Etcd cluster and it must be the same as the initial cluster configuration of the deployed Etcd cluster. + - `dataDir` parameter refers to the datadir of the deployed Etcd cluster where the backed up data will get restored. + - `workloadKind` parameter refers to the workload e.g. Pod/StatefulSet we have used to deploy the Etcd cluster. + - `workloadName` parameter refers to the workload name we have used to deploy the Etcd cluster. +- `.spec.repository.name` specifies the Repository object that holds the backend information where our backed up data has been stored. +- `.spec.target.ref` refers to the respective AppBinding of the Etcd database. +- `.spec.rules` specifies that we are restoring data from the latest backup snapshot of the database. +- The restore Job need access to the respective volume of the Etcd database. As a result, we have to run the restore Job as the same user as the Etcd database or as root user. Here, we are running the restore Job as root user using `spec.runtimeSettings.Container.securityContext` section. + +Let's create the `RestoreSession` object object we have shown above, + +```bash +$ kubectl apply -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/etcd/tls/examples/restoresession.yaml +restoresession.stash.appscode.com/etcd-tls-restore created +``` + +Once, you have created the `RestoreSession` object, Stash will create a restore Job. Run the following command to watch the phase of the `RestoreSession` object, + +```bash +❯ kubectl get restoresession -n demo -w +NAME REPOSITORY PHASE DURATION AGE +etcd-tls-restore gcs-repo Running 5s +etcd-tls-restore gcs-repo Running 60s +etcd-tls-restore gcs-repo Running 2m3s +etcd-tls-restore gcs-repo Succeeded 2m3s +etcd-tls-restore gcs-repo Succeeded 2m3s 2m3s +``` + +The `Succeeded` phase means that the restore process has been completed successfully. + +#### Verify Restored Data + +Now, let's exec into the `etcd-tls-0` database pod and verify whether the actual data has been restored or not, + +```bash +❯ kubectl exec -it -n demo etcd-tls-0 -- /bin/sh + +127.0.0.1:2379> etcdctl --cacert /etc/etcd-secret/ca.pem --cert /etc/etcd-secret/client.pem --key /etc/etcd-secret/client-key.pem get --prefix foo +foo +bar +foo2 +bar2 +foo3 +bar3 +foo4 +bar4 + +127.0.0.1:2379> exit +``` + +Hence, we can see from the above output that the deleted data has been restored successfully from the backup. + +#### Resume Backup + +Since our data has been restored successfully we can now resume our usual backup process. Resume the `BackupConfiguration` using following command, + +```bash +❯ kubectl patch backupconfiguration -n demo etcd-tls-backup --type="merge" --patch='{"spec": {"paused": false}}' +backupconfiguration.stash.appscode.com/etcd-tls-backup patched +``` + +Verify that the `BackupConfiguration` has been resumed, +```bash +❯ kubectl get backupconfiguration -n demo etcd-tls-backup +NAME TASK SCHEDULE PAUSED PHASE AGE +etcd-tls-backup etcd-backup-3.5.0 */5 * * * * false Ready 39m +``` + +Here, `false` in the `PAUSED` column means the backup has been resumed successfully. The CronJob also should be resumed now. + +```bash +❯ kubectl get cronjob -n demo +NAME SCHEDULE SUSPEND ACTIVE LAST SCHEDULE AGE +stash-trigger-etcd-tls-backup */5 * * * * False 0 2m39s 42m +``` + +Here, `False` in the `SUSPEND` column means the CronJob is no longer suspended and will trigger in the next schedule. + +### Restore Into Different Database of the Same Namespace + +If you want to restore the backed up data into a different Etcd cluster of the same namespace, you have to create another `AppBinding` ppointing to the desired Etcd database. Then, you have to create the `RestoreSession` pointing to the new `AppBinding`. + +### Restore Into Different Namespace + +If you want to restore into a different namespace of the same cluster, you have to create the Repository, backend Secret, AppBinding, in the desired namespace. You can use [Stash kubectl plugin](https://stash.run/docs/{{< param "info.version" >}}/guides/cli/cli/) to easily copy the resources into a new namespace. Then, you have to create the `RestoreSession` object in the desired namespace pointing to the Repository, AppBinding of that namespace. + +### Restore Into Different Cluster + +If you want to restore into a different cluster, you have to install Stash in the desired cluster. Then, you have to create the Repository, backend Secret, AppBinding, in the desired cluster. Finally, you have to create the `RestoreSession` object in the desired cluster pointing to the Repository, AppBinding of that cluster. + + +## Cleanup + +To cleanup the Kubernetes resources created by this tutorial, run: + +```bash +kubectl delete -n demo backupconfiguration etcd-tls-backup +kubectl delete -n demo restoresession etcd-tls-restore +kubectl delete -n demo repository gcs-repo +kubectl delete -n demo appbinding etcd-appbinding +kubectl delete -n demo Secret gcs-secret +kubectl delete -n demo Secret etcd-client-certs +kubectl delete -n demo Secret etcd-server-certs +# delete the database, Service, and PVCs +kubectl delete -f https://github.com/kubestash/docs/tree/{{< param "info.version" >}}/docs/addons/etcd/tls/examples/etcd-tls.yaml +kubectl delete pvc -n demo data-etcd-tls-0 data-etcd-tls-1 data-etcd-tls-2 +``` diff --git a/docs/addons/kubedump/README.md b/docs/addons/kubedump/README.md new file mode 100644 index 0000000..167d214 --- /dev/null +++ b/docs/addons/kubedump/README.md @@ -0,0 +1,32 @@ +--- +title: KubeDump Backup Addon Overview | Stash +description: KubeDump Backup Addon Overview | Stash +menu: + docs_{{ .version }}: + identifier: stash-kubedump-readme + name: Readme + parent: stash-kubedump + weight: -1 +product_name: kubestash +menu_name: docs_{{ .version }} +section_menu_id: stash-addons +url: /docs/{{ .version }}/addons/kubedump/ +aliases: + - /docs/{{ .version }}/addons/kubedump/README/ +--- + +# Stash KubeDump Backup Addon + +Stash `{{< param "info.version" >}}` supports extending its functionality through addons. Stash KubeDump backup addon enables Stash to backup and restore Kubernetes manifests. You can backup the manifest of your entire cluster, a particular namespace, or a particular application. + +This guide will give you an overview of how the docs are organized. + +## Documentation Overview + +Stash KubeDump backup documentations are organized as below: + +- [How does it work?](/docs/addons/kubedump/overview/index.md) gives an overview of how manifest backup works in Stash. +- [Cluster Backup](/docs/addons/kubedump/cluster/index.md) shows how to backup all the cluster manifests. +- [Namespace Backup](/docs/addons/kubedump/namespace/index.md) shows how to backup the manifests only for a particular namespace. +- [Application Backup](/docs/addons/kubedump/application/index.md) shows how to manifests of a particular application. +- [Customizing Backup](/docs/addons/kubedump/customization/index.md) shows how to customize the backup process. diff --git a/docs/addons/kubedump/_index.md b/docs/addons/kubedump/_index.md new file mode 100644 index 0000000..d55442d --- /dev/null +++ b/docs/addons/kubedump/_index.md @@ -0,0 +1,10 @@ +--- +title: Stash KubeDump Backup Addon +menu: + docs_{{ .version }}: + identifier: stash-kubedump + name: KubeDump + parent: stash-addons + weight: 110 +menu_name: docs_{{ .version }} +--- diff --git a/docs/addons/kubedump/application/examples/backupconfiguration.yaml b/docs/addons/kubedump/application/examples/backupconfiguration.yaml new file mode 100644 index 0000000..8cbc8aa --- /dev/null +++ b/docs/addons/kubedump/application/examples/backupconfiguration.yaml @@ -0,0 +1,27 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: application-manifest-backup + namespace: demo +spec: + schedule: "*/5 * * * *" + task: + name: kubedump-backup-0.1.0 + params: + - name: includeDependants + value: "true" + repository: + name: application-resource-storage + target: + ref: + apiVersion: apps/v1 + kind: Deployment + name: stash-stash-enterprise + namespace: kube-system + runtimeSettings: + pod: + serviceAccountName: cluster-resource-reader + retentionPolicy: + name: keep-last-5 + keepLast: 5 + prune: true diff --git a/docs/addons/kubedump/application/examples/rbac.yaml b/docs/addons/kubedump/application/examples/rbac.yaml new file mode 100644 index 0000000..52ae310 --- /dev/null +++ b/docs/addons/kubedump/application/examples/rbac.yaml @@ -0,0 +1,27 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: cluster-resource-reader + namespace: demo +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: cluster-resource-reader +rules: +- apiGroups: ["*"] + resources: ["*"] + verbs: ["get","list"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: cluster-resource-reader +subjects: +- kind: ServiceAccount + name: cluster-resource-reader + namespace: demo +roleRef: + kind: ClusterRole + name: cluster-resource-reader + apiGroup: rbac.authorization.k8s.io diff --git a/docs/addons/kubedump/application/examples/repository.yaml b/docs/addons/kubedump/application/examples/repository.yaml new file mode 100644 index 0000000..c2afa3b --- /dev/null +++ b/docs/addons/kubedump/application/examples/repository.yaml @@ -0,0 +1,11 @@ +apiVersion: stash.appscode.com/v1alpha1 +kind: Repository +metadata: + name: application-resource-storage + namespace: demo +spec: + backend: + gcs: + bucket: stash-testing + prefix: /manifests/applications/kube-system/stash-enterprise + storageSecretName: gcs-secret diff --git a/docs/addons/kubedump/application/images/application_manifest_backup.png b/docs/addons/kubedump/application/images/application_manifest_backup.png new file mode 100644 index 0000000000000000000000000000000000000000..303719e18cf68679bf608e6624337151cac86441 GIT binary patch literal 76280 zcmb??1#neOx8;pHNr<}zQ2<=<}1$(_+^QvxIctTZOB%$7%eokUF8Q5$Nj z;{4z0Zdtuy=y`nRVD3RggoQ^OJpAo)N3}DOddX`Hy^}ikdwEc_KvA7v_;0gXUq1m4 z{@X;E0-68oL9b2V-;W2wvBywQ|Fov)voP>RHnlk$+@V9~dKMq$z0E|b~x?F!oqXGJs! z4j#1pGt5NrRf|7JgCX&JB;Cz9K~Pwj4F7MZwpK)^0YIn0t16o(a)5ap>S(Wah4X~w z!@Z8w!i0)C5!Ly}bkS76v~k7S#uh}tA`qhS>wHWgn*n1}n@sGSae%pk{*DRz?iSR- z^7`ejf6ZI;(L(B0_>NdF41aSvokQEW|M#Mk$FtP?vAH*C>eQRyAFFJV!Q&i{=RHT} zPY;n%41%$bp+JS~^*N8=DR*!GtQk@~D&E-0x2rCM+k1VD%!1)<)gaueZJ8-zYv&d zTjY>{SNn6l*N*LhXZ8sLV{^$s9~kOy*f|5NAey9$YMv@d`;ozX5ew)N8O(?Cyw;!r zYmlTCWvp{YZ-jbH=pkX5j(ClFPvlU^jn!8)aZ#I8_rmQyv`AFCOt8r!zKRuB;=nSBcg;iN#fs@?Q z0!f-p(&a?>%Vfe~pT}T0i^71w&QrjNbtC`om$%n?5Yftqw8@v_6s6WHS+Xx)yX{Kj zeLtZ|_@hYdj{Ce+GnOIloMJCo`}+c&@L%eYlDw^a+Vfw2)?9V8!I`g`^FOcMcl2>J zNw31Qnx!nB3qKn+%-FHDeHYkT|KTY+W<{O5e5?b!r{_LEE9?DmjA+k|hyYLS=^F&Xq*GPU#|;`JG|$8q8Sv<#1#5cXIF725`SxwYdL;!Yvx+Lrz4Gd&^h zu}9*xhVu1I;u~SU80v8mZwW zhmRJEEd-+|t?+gO#LB$!aD@?^JZHlc?Y{#H;#B#WoE=A&*7$Wtu*SF}w4Pj;Y}-B?wvtB*_>5lZ zV$OiAwZ&oNo9q4|1PTv_>g^C(bRbHQ@<-_oXXU?Nt=pIK0m6_EhVuhyx0|e%SC>CQ z28+J5so0sJ`Qo9OwgxR8*50>iRj=_tw;Zk7U%$jBOdnH9W>QXr0;V88q?dOBL5SvX zgo<}5p!i~*3ddHi&{sh8ftRCNk@<7QvU{cy25PI`84#>Tdu`DcQ zCUcA@0xaFAmOT(uw5y--dbEfc;AQ?zPRtkfyr51v`1 zzO|J{hea{CyN5wzBQWtjsa1HP>}Usj<|X8CD2BQfp+4JMlG}5T_D7yPmDQV+N-r$8 z7JJ?mH6SvzYsS__-3-me)((5ib0*sqtmuw6Zg$X7at%G5k$(Z6`u=-qNT{{zxcdo6nh) zZ}L`kyjNnlA%)vqQ2AJD$##^idGHE)BYn3Ur{^PDe}><+mG6gqm6IqX@^Vb@>3A-| zK*&Z{xzzdy9}yaiPc{JH$!5KJtBhw8L525h*s^rW@!{ut5(lSyF!p8>2^vOfeHH55!=4XG|i< z4TzNOmOThWY`?T;$}6fcrO<3P)-3O`+RZ;#kUPUt-Bdp5(%RRa8qyL z5c=VUn@<{#=A)8z?Yt2B+{1=nS*RF*0;<}(;TVkV%16T%2#`(*TJA)PWuXw2Ce1$3 z6M8RXI0Ogb2}H2`4ux3h^{Z7?;g*|b+FbNgfo}S{WHbPT0`5Rk!#i-Zs#&(pD2FYl zYJ76j)^LmravzMwEbh%V1vj#8^9Qg_tD@w-MSZ8y+mq7>z=C5(h{_;#)0#LAmue^g z6rzT5F}W6HICq5aiT52LfEht0NjB%OP)@?wlX}{`+%$uos?|OuqQ2MjXsJziJs>d6 zuz=uNLKKw(BB9^VxqCTxg99^;i1zVaF3!?hvGpf(*42+j!d%xD4m)e7~fJ6@l2a$qt2N!l?R+*IL^7-9#^oVFQp$_X&bOk}e4vqE8l8tQI8{3N{ICrv5ubEmwhxSfr9uDH78PKE zznXqayxX1GoDN|7kV^5ZE=V!4ZTs!BqNOjzAeuXo@@5+vX}Ws{nErJ7ou(k@J8w0w zW8Z;>vPv+%H6O*X@#2ZwvRe&hH89^2xcT3vm#lLuv3bt0E~K-_^e5*0Lkmj1Uv9d9 zpr9}-o?%WejkEe>&6=$C;ZE@j!6I#^{bk&sc2>8yRTE^aD!kF`*sWN_qsnlMBr|Wx#Mte`B5jwZU71jxajP!lClf!)y zDE6VW{_fv9**JAl$Bp*cSUpLodctpDm(xxT8Z?C^NWLNi(BSgy2d%-Th5~rQ^n#a* z?pMAqS`1lR79~@SZ0c`Vv+gY3i^4IrHg*yL{IXR2S0n)A4bF_q|}!rmHu zN-1+#_}JTz`F5c@g+MHYLE@})OibYwM>cB8Rk^}fGH<7FWg?+nCBsQ&B*XGwV<*Vn=Nn07U0kpi6WKEoy!+-Om6o^Uubn5&{F?{_yOO;*c8=nl&9Jh!Q(AA8j44t>DQDlz#gNm1APQCYu# z(=}nj3Jg91&-TNn=;Hw$m{^BZAK;U%?vlL&7zB0gwG1F`$FjqB-GLTf*$9~9J5107 zn3T}L2XgQyp0izVC;Xofl%Ke@*~W~A;1IX_#~uJJz|xTEzKe+0<-H{VTC-|vJf zHYwoLt_jENqv>wDOgk^rt`t-0y-&R`T{%1`w=XkG>K~rmtUqcs&Jo!m!Su#;);I^<~qf2{;)Xz}6b4QRcpyuY~Zx>Cg_ga$3W zYI<|jkfzn6afs05s;+$ZR5AOJ8;uQ9+|l#84UQd#h4h1P^O&k_!zt^`N-O~Qt(VSZ zPF^%^w-|~PkBeja5%<)?;wQg%ml$M+9J+zT-M zY@x&Uj-KH-u~xXU$JC-M?Nck2b*VNMZp}QR2TO-8x|R>*F-CkBJx@#ORU20Ou4(ji zKj;%}IIf|Aa6)`26WbOl3&ene@y?splkVWYDacoqM$JlkD3jCX9$Pls)ritS5W34} zVgv66oP%h`LUA(^CaH-68>26|)44aV*mpqRq0^nyg7^jNNqGYsh$Km}UR~39N@CZd zp;N@&fQL@wEmdurFvoK{2sC3V+mC1<&0Acy_9U!Daba7}W{J8tzM>5v^M0iV zuVxr%gvQjA(e=y#V7Pao(rdzrDTQ_K=;ngEXyJ`qfj-WVNRqvNu%b_j`30@g@tjKK zLxSvuRLPUkx8pz!Zzon>g;ignZQ4f5RIImF%Eae%VAgc<>&l#tRDiMAaSm24T$dCD zbK%G_gfAN&c+YFz_v=mCG`99Wl<2cf#2#(jV*=_@l`zbpvrQdNI=0%SpN2p{Of4JJ z*Q-sUHK~V2s_)FEXJ61*NJR0uz7-!BSEuXwt;YPkOY1k)IS{du@3F-M1Ydmmmkj&i zyx74rP6(0|_O!a-iL=UfTt@S5>`dNJ9*?(8o!+66BNJMW%8*Sd2P8hAL`hV!sK=B?RH48Eg+ z;?+j;f8n0-?RYGKdX+~hjvwXwf1I;>rc8NZsjIt4zKOo&O5N9(1IW!CKz+VME_BB{ z7q)N{GU)(zY4($v+0Tbl>u=xPlGn&%<$n%8=Fl`0yfdMPeX;1G{hEHa(P|%xp&n|( zZ$^EyD3p`=xdW_uik3rTbumvpHM}5bI{Zv7CzMVKP&K=W6WhDxt0rAkT{#0!d4~hR zxF{;P9YVOny)&7WX@_eqa+b(E7FZ7eKWWkU#a)gC>Mk?2+2tk!k`b@+2%v@7B{#L& zX9=m6hc~X}!eP-`yA@~rfKqj5FOkQRoIlsKk90P$D8nvyl+jQ>?xXXCP|rA6WjS`N z8}p;PkG>(dI5@l-Wdo#N%d{o8=;FA!wXX;3Kxx6#37tu^7EDe4VNV=5E;O?+OKM!I zWnH9D!=-H8@NVvyQuZB9%ls1H5F_xn0*02{&-vDUSi4JSeZScrx3wpII+4vht8P5^ zDaQE5K5y!9R6|i#d}M(K=x_HyH}vuMs#rKi3|+&loc6v1|JR2*b#C(O+ZxtU>^@d}~JQRcM`{cI&|V zC92=@d|wEwVr+3lnGpR>?Vvp-p3n`vE*Vr4x{>P%EqN?=98b8qEDb=y)d=q6#sF_{ z(+plqe0cZTwWUh^@VH^e=G~}Pm)phE{<0fM6xZ-dZNF$Tkm%Lo zyDLL$P5ll)WU^4@fmg?b=^U=n|AH9nVk?(B*8TyE`Gg>k1` zhvS=o=xo+%`?$o`>OK-&(az3U_hD~Lc`XG6Sc-|_2t4H!Oz2RpmDVpMpZt*+Dc#ukl)X={`gw}4+at|@ zkLo&aF#hHvZb~SU5#&9mcRc2o*k)`cZKtQCH*#)QG{M=2J;CtCJ`th4B2!TA>``NY zva%zJK5;s_6E;g$vU=*tMY=wj?CZmHm{${?Zx17Yc>|r>NvT(RHLRv;Ec)A7PNv!> zIeYlh&CF2`K?T4k)SG2wmxHu>tA>Rn%h?xvJfbuxVab56qB zC0p~zUApcHX1^_Zb46d2=S2X*i72)?%*``-dg+aH53Dwt8*wq`ciS22Rb^C-`_pi( z_pj~aRG6icM>-ij_AFA$;g~?yw92{we4GWrh>@Is0b@lHIt8}_x&5Z2o3{=NbFpO4H@bn zN_MHMc>1w`kZN1dkH^=%fTrzf&8>X3Kc$ks^fKvRWhUMF*hwY%CZ5bL4BuO=yt~Fe z@3Q(ANcuI0!QA7)pmhALDVq1}GJ5^+baZx(eKQ`9r|Ow^pJVxn%-TW{w)5FLWPI+^ z&))zt6NcRMz1s689Lp=kW}D$8(%ZCOy5CKA2A{e&80k`AHalWY(|jdJ-g=LTBuMIH z!svBc+K=;i@boyZB6Dv%Vtnh@5awgaVi+F}2Rt9aZonX;oyAKWi%PwvXt8B8#fOI^ zdVnVAJR+sLTp70mi~lVY=@_7Zrf98|`_G_dr%m7=#AV0-&fwsWlQ*l}uli!S?g!bsQu+IK$86OhyQV5IDZY55#Z^)luU z>ViPk-@0Mc1On3nJ?24~JO+K_dEaW>SCt0=2tfR(ut@1tmPO@!LqTL(F{&Fk44R$7=)03o9B3>Mu#F1rDkr&(_`4NbFW2KY42DeJGOy3o5<;he98pwxS(H-k@ZhPzaCIc4+!Y8uvJ*AZ%E zvF!vHzt->B zXw%trD2dbx%YjQG77irb*5*pWloRC6t^#mfllshG{u8UI5o3Jhxtco)UWq(9D=GRd399A2!FQz!60eR{2Oa8eq8EQ)gZB>!2M%NL{!cSI8UN_(2M4;$d#9zz&=tb5uz6}g5*-a-|c{^ z0m8G=sO-iL$du+7!&;;N+&b_2@iryld;{Ejt3swrold9^3XO1t)q&e-yepRW?plM- zWia=6ttdJ$nL}gU?Grdqc~O&;J7!^etqR_%Q`WDejLpB6szMPSHMPD&Oqx8H^O@{j z7&cwXDkgL(;t3w|zzH}L{szA!t&cMeHSdo82v&N#z; z^$|e2?D;-;LhGh0#1g`2^xKsHz%YT5#vs>p@MWD5U|^Lr^>Ibi!rCPk)}1~OWdW=? zp7Q+pP2pEOzjT5AB!RNy%}x`LF7Vd2Cj+vz1q(3>?Sym<<`4Mu{lwK$UoF+?f8EU8F8UGLIH0O2=gb z>+-aBk?L)znNeALpXWMWD(L0cm&t3U5LFyJ@nj*uxw(KuAP}N}Dj71VsJj5(K>&~k z8Jnx$1oHK(#aT4~-vko)OD(H_db6!;&HH>93oteg7rEN{?&ugtWqFMRb%-cn)q;Ui z0Z^m?QugN!Gwh3Kmp{0Q>V|)F?c#U=X%!e?&w&yHDzVFzinFnFn|!2muHYAiWRN0s?`w=uOlh8&#FQjG=j1t<_gPty-;C_Fzo+1n7aU0+uUdKpA2& zg<5GgDf-OJGE#T3u9#izXsNQ!p9^3)xpSJAOL{R9)plnxYvj>yjB+V zLlZNkE?%K#eW-yRSubGA>S@s~@ZLxxlQKrn<6N_BVYL-KN^J^XqHVp{n4meC%K~d! zj-S=WdyBMGU^1>>2@b{J=G-;#f#U<&x3ahdDQ&(U3r=Q_s%=D6B=!>vP9b5kIqQw@ zfW{G)NI(2V{%QYfb^-YLJYE9l>Im#q1+8(RH67m4d8dQG!7SR|x5zK`#QY>R4RkoA z=VCxj*n)Vouz}Y7AiOPuJTx!@P|Q3NCcao6* z+yyulXy(ny@>>tXTWFp<@=yo>mR<#QiqUg5U2e1TbO)$`zqYaVwrS6^Nh>hFB-D`g zu#`A$2Hn~C&%l1yJ8$j}&ojQhH0_-4#D4;p=z;|NM+nrDL;?i+Dr6bS*M|_NYY8KX z4mtP*C9XnY!NJQvd;XU5k?J>?%K-Rpxwy8Uq}3>7BAUBS2$o2N2#TT4RXC@UIMD%NF4tu z`IDa%3b}K?`UGLddeBgp9W<-3Fv}jt&Y$nPG(_HZ13B|-O4nBoLb6LM36wU4|CH`u z%lFH{w~()YzqaMSBLbsF<1zkY)vL{RWPb*Gov+ouZ!v6Dj8ciXySKC)Vx#jto~XUHhftJvTI}s!z2mAE1Iu0`_~qow%pUxL-=FRfQdbUxzd0Mhlht}`CpGU zC}K5lv%in3S8j`pJP|B6o|(+l8`#v>X0oTx{PuN~UK_g}htQwN3vY>f zrZ<}`R2$yBAj88S%;`1TKi=7bI`7UmtL%5j1Qsa%7=k*XgUv>3{P^^=q6z-@BiRl- zw)L=vhK82U#D6*_J#ZGHNd<=NJZ@Nf6CgNYn540~OQ`a9FkvCB4sya2Hp}J>d!;h9 znd9mpA}?&9H;~Wdq}D0CZRLRO449Ip_}2TsCE_;Vs|J;Oug~TUVUB=0 zFOehrkNGYf?M3JYS%cjvkZd<|iTaA+(c98OuiQhkUMjJdjEa`k*W!Q?TG$ZGw&mVQ z;q|Ijn6|)EO_RXN!l6Lta{O6R+=zSH>%F33IqTN*emr0&fulo3Pw%Y8mfFnX_{M0* zT&$@n`=k)1jRj{YnjkWl7NKW^ntE_W%YQ`mGh^>&(z+O7U~RViCwpgtKMTW>i1c;th_?uuZ~v55Ws^><>MI41V0 zlg;PLVV~NsRd~7aNzA}}xgh0FrNmCegWA~Rh{+_Ob)DGUj(C(*{jZTl^f$t1Hw&fs z`_n@RBgy`5jCN0U$GACK2QX~k>d(Tcr+v`*P zaVe^f1s6jP2c8h|ydR5dkxS0K|?M@+!BeMu&7e9&Ea%c)w<8|s?3QM96D zt}{l$)QD6=Yk}9F^|RRHNUX)JmH)a@PhTahaiH69(mKvaaA8TYXkFcDOjR{@)8V8H zl_<&azVH<*c;S3{#L*P)J0hC?dYsv$M5SIKW_OxNb_>y=n9*^r_Fs~8Z%>E$ZDroV z-;{n;GWC2kz>H~7A~v&RboePE00w#=lc^Y}zjGtGm3JaG8OGsX6q@A=eo(2>J34bE zqYQm9R#eHN9n=~y+vdgvCwu!vFN!3dm6O|rQl(Pv^c4>#=w^$LAjms$a zPMzG{L4)(vtwDy`ab)m_Amw%ek zf)g4@0B_)7rFyl;O!E0739Bj_74y#?p%`%TQXq>S1!@?K?H#hrxuIhy@`sJ^%Z2rr zZ|i>Yu)^#82~~*S!Z(9XvfYl3PD;pmx=lPrVoBv*0Wu60+<8R7F6QQX@i(uNv7{Fi z$BANTKz1Z3^5I~E6TjuO5H1(EVnO`b;K zGcY(LhimUNG)NSTA15gF5_9Xy>J@~6#xjB!8qdrE+QR+dX^8ihQpMY9S&o33Q@C?iGo~X(-QVO%0a@Y zII<*zd(|XR2WE(Sj^nz;qBE|jA?iIStDBT?OB_-Gm+eW8+*NZxHivJZ;U3w~UNT2j*1T=0GF_ zs6Ud3Z%gfDzL^23!%B+Af1sCSOt(J2F#v9y#Vo3k8qM`ReAIMMLj%2~C1N;9a7xA3 z6Mn9k`T@Nci6AR+3eXP~gPn@6vwadX^5vviQSZw&)>ti-g@@EkTa)+Va0a!wF_Q5x ze0Z_Gh1xx+l)_ix@diFuy+uD+LS8{7xKQ5KdumoG9ir#oL8M^$Yif$_lwJSY+S&@a z!!ToJRRBv5S?0cEK;;nbuaCeYf_y;%j!{|@(>=pmxc*^^^Tw`noF2u!KbXEN(x9-> zjx3%CgB>?N&A<4A9UAwM>R;O#^m&BUelk@ZR6){V60|k{px1)8)zGljH69jwFqxu5 zgpglizFaOIv`kvt-;9GXOXgsQscKy|f-bQkn>KZb{@-Zo?EKy^ZfK25C+%Holnh12n{JAq-cx zo_{BEg;W&J48&O(Ds%vcf~Z2i3~ybKC>DS2DS-+H>-)VhNND_2RR!Niv_twLPkfMM z(5v3UV!G2$=H>`*NA%feqe{ge`+EF%NN575({?elGA<>$)t#^!voHH#NVpgJ8`V-m z_;L??Z%2Hfin8@uu7Sl;uF#c!(kC^n&%5~b5qPU7(p-7P;ItG>pI0`+e;OebO2<$w% z7P@~R)TKeaCuLX2V>6pk37Xf;g zY_KN-*3uX`r?f~}NZ$?wm&vRV@xzP*IvWj&ojU%clQHRL`w91k3E`;dO|;273n{_- zFg=TuJi%piuDyH%(#<*^10GW!(ocRxm+V4-U{O=gAW`IDV*e1}Wl2(9zeh4+LomjV z5o!qopD8iQe-aBfDCbXXX2n#Up-8q*UO=hU8&%8$OtO8q&ca`E{{%Z? zq|IL@8w@=cwf|05OUufd)Bfg2wZO0^>$ALZM42Iw6aF)jtn)vdNm26u;!GL+e8#oZgQ@}8$*jg^Z%m64&*(0G{;%I;cS0iLYv8TEB+*KMo=+Joo;;5hDM(PW|_~^#8@i|E+lb=qjN5|0k7WusfDk)7TQ+ zrNfr8zQ4c!zcozipd`gqFr0C5aWR9}qsu>6tN*dpfYR9fzeK_9dg6c0;Qx?M|1+yU zc{MF;03s(~frse^xETIV3&i>(9$%;X-^#TA**O104fwClqdka~pCfBVRa!2&S#U?` z5@2B5*3Y5X*Nx>LVX9xRjK8*Q5_5j_F`fkV1xuigG*f5ka_vV1T@Cr?De%}5c+B$c z7~~V#AnDZPVRT@sFjtRc0Qa9$AcQ;cFKL>TRkSj>_C77i?Y>xRP7@*J8Q7)?nFoSb znAKVOFa7lXUkjB3250<;?x}q|)B2w)`6i8cQNmjVv5(N(fPVhddRBb=nHvJ&{Vs6- zW8AuxPIr=cyQkOa&-^=Ne)8!o@WVQAKs{3A$2YbldXW$g@jC?Ll2jeak~X*e{aSVj z8BuUtV1(>1qdKhi3iHF6OKT-}5{_|mVhNlLAYLU$R*Mq5STV)q7cFbbRA5WkM|)=C z%82UjPuY$mp54&gl!~pJf?_wTjC2#9Y@c?yzANGp<2rE2wm~n#L1@7K@uvw8c9ab? z$ct+TD=0$qv{c|m8XzGV2i0fc(VOi zQT!VhG-JV1I_?Xy+K@HwFP7J{??180ZRG21go8s0ghx>`S3TyD?uh_nH7fXwm{U~0 z&&zO>{^Bp0FS^kl;rKe=^KnW4NO>U?$U;_m#?v8<@6!&e$zX;plhK)Juyq|E0RrE% zd0~U2BA>%7l>?b-GAQN(|4)ZVDc`m`=)bN@a68(4%y%1NI2TW=UHxG(aup*mUM?1( z&zkppPz62wRaSN2qSe8DT2q`geA;LtE!CbieIfiASib0n*znVz7%i$%Y!Sg$niMjK z(H_y7oIh%aSe`O_{9RlAJ4aGrhy6u<7jgiCqH6s=nrgF&%KS({SRd*_eixvOmSwD{ zhqwEso0qVkTnl!aPUpH@U=avTQWCU{rotI3@fm zO-$%dUYrgCSK|aj{z_mVQil>f#?w5eU>SZ^aR{j#LJYBss%H~aiLw34mn158WnxgF z+k4b1R%mw{vh-OJc2+`10YfU4x64lv)V`=r37CbY{0p3ZSC^K!h26f#hZU<0_*I|n z^P0EesdRjvF9i)e%Y~}iVVfP*_M43DqB-L05HwG$6=sh+|QQ3l7(rjwPp%&?^ z@=@^3IjBz&3ZQ&5^tL*pnUBYdx$m|JXhj7M6sYTAB|7VK`lwcu-XXzj$OqRB*vn27 z@=yN&Pc3HdHYpW4kLQ3KMxt`1Mp`h=Rg7z`*Mc`9ojR*(hcBRM7nrHC3`PL&Wp*80 zRs@^rwxpt?7VSr*ekVIJ$Zspo2%ml;qMVOQ)}65sX^s1#aym_L?5*j%-cvfyUg<#2 zeHo$wJ{#ylr?>n;#qFd|eo!41+QCZqFMDF)#~!<4j|EeNE@}!i^M&r3trt%wPa1Tk zh2g9y7tlZsmoNP(deKfZty${l<;>LmeKIFx(53eaGzj7f!);%{56qDQBqPKuP8LA% zI>?yFi8<%s!uR0HF>`MQv=ppB0dg4h*p2AcPi}#Q6+WvD*DYFY^vduW6z_B|<6VlZ zn&1~HnWE9*_&*3ufEAqpnPk%pL6&jIg&TUf6z3h{-8#!p9iKg~13>%+@N5;~exh*v z7=gJMvtL6+Ugd{Q=ksld4k$BNTx`s~YSP}XyVBt^^hVrVz3ZRQoV|)W?&>7^&K3Rb zNvPmWKht;1FcBA1@QvMmQYX<5*+f!;7WB$FGDSKZG2x?2mof@+V4ihg*+Mp?A+yh1 zXd6+PqryX|AFDTeWNo#1HjKoV)SCsDq{4kK>%YTOl^(Ky^Gor*?T(Sz;?M~veY4d5 zfnN@}YqBT?O-`9w2zAm}gxe9GNo8Pm;;;nF1f`7uEV;ohi!U`|Z=dVk^7|QlZgx2F zr?VmjDp0_t+oPh~M+#Z4hpTsF^2e-8WvvEFc!SAma{ChCo~N=P9w zDh7;Q)$@?>Na|bPs6ydVzDfN767HvRNa4{h0<-B%!Me7e-1LxUc~bo6tJ2b`kcAdc zNG;qILUm#Zn;WX5p2vA4XZ(pDR}s%Jn_S zQk^Nfi3F*tiw?R7X_C~{n6bFHUEn;3bI^l}P?iRQ=B7+++OL-cSEEYBNLw=Z?|}H zf^s$65UR@4K>>A#a+>-pAnVXSakhuxh^P{jk3vfm9|zxcQ*lw!&IHv&r6)&Rm2oMQu#AsMcPGDrl69_l)2|qo?_bh@Qnviz6Tv7tbjiuaH{Yg+G*)8BYE@c$c6+V&ITlh zd58uU$9w5yO3DJ($D%p#)qS+!=(GEk*V;;%YPAtT+3*6D;Ila2FS4v5#|y>Q4-5>P z;nfuMpf0>J0!nB0=Z{eCv9A;hAwW&IB*o7wBI*b@EJ~S24q^$EquuX%p}|b1N%Y0J z;H5uDhQ@Ij@S%rR;tc0mDcNNnd}6DvFBe-}v{0BYXesx7&UWnZwV1MhpBeM!ZEuBi z<_NLiQNosRKx4q<_r;B9$y|$R@hPjh?<6lnBXrCff6omPdLZ)?EeC3nxqem*UZy%; zc$DpWB9|elV76Q)GbqG#=u?KZ)aNbT;8_XJfGh4D5@8uK+elcd&8TWpczDo#!&^pK zT0hB;sBrX-{vRE~C+BHHn#`kIwHb)xNzCh^Np$5ISwBD~2VKZo%JE<7;J&52I;AVl z7bBAd%ajeeq6UYwr1&8T>Zj0MdjAKkk%{6Md*eATl(Dr|_z{U(7BrF3}J8@fjk%jqi}n3ByDZtKZyD zxlL2|pgibMz(<^jsTmCH_!6xIE>r4d!O8KX<_g?#WSL7T3lRoxt#EC9L<=gcqM<^k zF*#8S8R;I0D5~A2>%V&~bOG%^j7dnorEf(95xQm}EO7DkuY3~vMkS~~m74$5zkeMZ z@q_=HxZjr0n$8lUGltk77a#*u9~&PekJt6o;MghqA(rG=Y+WT6bX~NRi&Ng;Pioby z{{G!RV`QW9p8&taUCzIN4C$B^a(;&@-#{Ud2iYrnm^l){@Xm5bIQ1gL{I5mL6o7_i z(rac_R8p!|N8>D^6F7;t99$_7>f?kEj)RtEwEYCA_({ztUNz)D=T{c%-Hoh3{g=r4?>ZMEO{J!#?JHI+`QKHniA;NU4tX`Tkd+qamVbV;`_IZWV1KvCZvpk6 zpD$T=crr-*T>_xI1$TK`it1?0-;;C#j-%WqX==L9AJ61sX2&QUMdG12lxbOg zZ^Jg*p#a-v*$ngAlGZ;qcqL-=8my%Xa{zkxYgRG3|Mx3eNb>I?lG?@DREx~&^+VeIH$zGan|9Ti&cXWEC;#v-=2WDCI_YYY+$ zt$hU2o$FrctuelZ#TvOIQi9KlS}ZNu&8(Q86W$TiG``G=_sAH$wS&Lae+hyb)WksA z{OT~Go*WQTqN2Eano}~ne~Qdk0vv3IHoPdCenk+o}_<=9}YA6hh6i@-J*hFB69JZz48~!c^ zrJn^KmtEeK4fpND*}^ude3h;j6>4NBf|iG>t_3%G)E(o9#4(RDM ztSa(a}4#})m(iQ6i?>PWixZV!Dr*X@Y!gai01 z>3%+SJ5u8J6sUfhmdMa_oR`c!ooG2Km-p29_%=W26Rm&#h|s-z{lh)!52p_UBkD6K zkgOD6qmqvgwcCG@EVrZ$F6Diuz=x2PYK;+;qT1^j3o#Jn>fKICirV{RE^@ zwuQ39K-I}ryVFDZ?HMnJ<>9Q!hc&JK6E$UlEO?pI9W*-A?73_(1XBh2x}>8|}3W89}IA236==d1K@ z3LSF>ON)w-_63C^}Ss47aPn^dW-BIE}`O%V^dqv%?(aVjRIo_et2orQ28{W>%W_Yeg4}+61jwKJ{$T19#{F;`L z1?O2G)M2Ua5wnpaE8bloj%?NY@VFO`**%LshBelid1GwRXXVZCU${m&QoSDf+sOf< z3d$wAR(RWzyB?~;VP5Un?Z{tPv?0v-^i?Btv4`Ztb!ui{QyRzSpJur94k(v|*d%0+DS)2a5MF6bSt z{%Vcgi{I~|)0WmYs%_FQ55o-U18~~Ym2&3zrVx9omax|_dmi_g$kwRrQ)xKU^AwzT z-oKB%ju!PPnAziT%c?5R)le74QNMUke~A$9ryqJ=$`^PlR1-!!B;NmHA`Pj=7>~?s zz>z9by`NX#jIu`egk@$vO<7~^rh+;9gbDAC&)j0@Co3ke0o&OXYq#i6cFgic%Pl24 z>7qTa?`-TNm2S}3Pg?4(C+#=ATx1Q^?pjcD8FG$wlkTSFRc8V<0z-9XGaqua5fJSQ zRQq|IiL3zJiI&i)`8DzzEHS2YSlznK(BtLlc02z?$(OmQstpmaNx${IQk>DqfdShH z@(6o1zPP9Y0-|}Z#GH`bVsVk^wE6pR7P7hd2C|{~G%cRpGY_&63%2f^e4IepM`C6A zNtIojFTtCI_X3)W&qD}L@DQTFRuTj=eMYrReZD)!|=6?DO&?0seWu&twzt_PYLG9N&E0a z5>p2suvOMG~B=uu;Za`4cE}u z^qEhBpyw=ZDRB5%2Dq1~` znM1z5JP9udXLAkd0vn@ecbF{RZ$zJ z##?Y_)Oe)@!M3yoGoF7;edzFDmHvfzfP0prLy>vv5`R2M%Kq_N;=ste*5#B+ac&x_ zmk-quKF*t^HRO)V)xwYXznFXLs4Ba! zZ4?AS1VID@1VKbVq(QoD8kCUklI|`A1(A|&P$`k_?rzCVcZf8b&NKJ(i|_sSJL9}# zoIQr);emVK`(A6!xUOr?wYH{%<>k1X&X_3nLJfadRlM`yc9Qt?WPHdl(Ul~%_QHOP z(Q{j}p1*E(r@zM@Brq3km~~9X?yQB2kB7dH-xVn=98fuYW{lXW`*?%z5^4U~iim4* zygkQYHOmIIj8_VSNp%h^oGqENOMPMlxW2H@batJ2FX`ax|HVeGYTj&`o%MCb{>U-s zWB=2p16y3O*efbhJ<-A9@PgTPu#A1b!Oo{DM)QV+vn>GD=9&dupMZw>QmnXXHynC&P zBAOc>G;1nRYXssGN&Czpa;=U+zQ))xbo|aD9jeER8GRWDIuY8pNy|!8!WFRz5<1U9 zs#Zl9KU}F_pNV}MzCtuieqbg3Q-{6J_pv!%McV*Buf_`jRh6Aw<)`J}3I){jXx_^4 zIi~*Ds!%ByDSB4(wENPOw<_GJNYI7)6o1pm^j$3Fu`5OerJz=!-0FksvV@OYQlj1@ z=FUkCYz(ufdbd@aT31fH&Xm+m;t+>l+k={svYY1afgcgc47*!hs&y{HS<5w&-O5*wO3j|XXV5ul zmA>7vrd&Wv8`JPyP~oO%r144)gYI*@J{dLNoEDw?&zVL&4IN5fvYpIa#ocKf}dS>l-^os$#usx z>{0UsV5+aS8-8GkzOq|j_#k}G29M}s2~V6P;e&VHGFQ2n)%_K^{L2SAJc8<%&W*LB z467HjI&jp8Xhn=>4tB2oL@ci9=#LxAToTO5MG5=VZS1<1&tkWw(bra_?=3IvGbf)3 zArDn>+}N`R-tsChIBPjmyxsK77DXrLkd7%%_}J4G%U(=6n%>$S0XpsuMqr>g4e1D51^JG-!aCC5IW0Yow< z`m=v|SCl==iDaUvZ}-xLdyd8yhw;M+zsrVCuX1(CjE)D(v)?aD6R->OeXbFv&Htik6D$i%+lW zM&34=ZEh%(R=#c_@r#cwUVvAcGzt zzHwFssS;q38QFE{6sopX`kx2Rwi-2QG$Gz0bs`GPy>{La=Gw?=P~=tjQfU|oscSG` zRN`~GmWc8$2kI_Tm@xea)Y?cqE-c08N(!3NoZ}O(P&X#`5#TRdm?(`VEV-X^_N46i zG|*7af#-^8%niGR-qvp!uH@)RBl8@pwn3@ zETgP``aM$_O(?+YA|<0fC@aW{*(QRHPz%Xz;$Kdz6$u9Z?}&y{}Q z&t&=0QHX{~DoF^sZ3Fs;AYAG``A5P@krps-=Z>j_BaNmpJ#T66Jswbr(J0)P?5qy6 zZC4W={^JzQ#bURhlQOf&f-tOKRu|iOU$1FQZbH(_CQPO1FS(^}xGCmK+cnBrkxaO* zt+A;|8>Ff(g~eR?8&aXuIitEVTY}&9)&%lZN;{*()&vyXp@{L*C2JkVKdL^O4?ycq z;71mE)xQ1mqObi7>9?jOP6J|fX|C7|8G zXle6%=%g^CZ@b?hV}9v(gcOsDUGWvJe=gdcfWFv&U4H+*rM*n;$iH+L_*L|)hJSZ< z5)$&tTfh3Zn%Nvgj2h2BFB{sc#{d5Hi%IeS>&q*cgA>fnUvBoc>zL`3(4R*~#1Ot zyL2LJATMA(|102Y{Kfo%*W(ZgT3YDf&}qiy`aBgjH%{QDc7I2mYv@PYT~>J><<5&1 zp;t12d1o4RF#!oFB$~##B@r**z(|gjCd!LXENN|AF+;uNQqP8aUv-{bl_ux%{`~pc z{WfXchGjcLqY0r;pOr_#&a-S?O87_l*}Om7NJ+5pdAahKWxU`tL@Jf1qXhMKx;NI# zyiHGANzEjLtT#h87GvH7x-o@zCl_@Hp?`|Zwm5YX67+B#$VkJ<4s|!Ov=I&joJ*MZ|ms_`tm?dk| zS>(?uZ|ELT`{bX+1u5>N7;in1pXWWV#9rz8TH%S0EOYDUGG#3&D3A`pYdq+;zisX? zLg@CFXT(x2uUMm{p^atJZW2jjTJq9IQ3Jn&wQkm`5A>gJW(ZX zoCWdj@7(10C<>-RC@Q0sx{?=?Bow6bHT4cO?SlGpA+J(ZHC~8 z2L~HuI@~Y9J`pUdHN<+Ojmecc=p^kXO0G`D?9B6JsIHryvOct@G=|Y!PLi(7745rE z8+&$mi3U|!-dOPJ2YX+B~@_KZNq*P^W>M(apXZ{)AF~(rG`Wq34~h1nN^lVNT4_KHX*`CXYCSFqNmC z8`vYas?3Spg2y?A@l)4k=kQi%6O6C_l{~FhsXepOK8x2>bEvY#=j7rnD5iKu>Se6b zFguk{t-QSI#*V#Axfme(0Q zHyDNTiMpDKVn>Ne*;JoQjwr4VW8mOi!A3`%=x7>8M#}II8y4+-;vY@^Y~(Dsaz}6` z&_LL{P!5;4uN+nTfHm@yw&;Z1e7B<JPLMtYfj7E_Mt`eV{K^DHQB_ra?X`MUq@QTSS58=%XbmvQgjIK zLUXrye~+11YN_ypJu;y{k(_|0q?eBJ3oH2?jIrJKslD9@>@*MMd3%f-#^$;`gg#5= zCBEd5f7@2LI7rMX7r$LqM9@UFROczmMu6pO3W!pD-9>1>q7CPGM6y*jkY!E-w)qA83xw;_i(bZkr%(iv-Z+HWB+4=l(QU zPt6T6T=f-BP3D|)a(g%@_mM~g+c>(&rUUb=Kp>OCG0by3zCNjmoU2}yCs<$5U!AzE z6l3hQXiU;`zy31Kv9&UkX!did+aa=}H73oVjJjzuhORpp@1BDMGettG+_(uNbb1I$3M;AG&7Q zRlohLtIX#E$uwTcZTa}OuUzuQ{`vVj`+epzUFrTq@g-4m5ll>CHf_4EGfuzyl1Tb{ z{rvBvG12&l4V2Yfy)OSbzUJeeQB%xC9$oi&*H(eoW53Y=`?1U^54`?`(^+kobu%;L~MKvjOi-=@Il4f zm)$7|`IOskpYrw@@7Fo65Z#W1IZP_8XX^|r0%Zp2sS8{>oc)(^GR{rJ^Ya01i~MA5 z)l2-v9xn4~CpQAhS=A^a-ylu~U@+o!z5uN5{_$l3!MchkpG(+T2zMe#9p zXM)~LKev|nh^rP`gp@JwdftQt zBF`+QqmF>q)eXuDxzdO98S5;_SR~`eTE1wy{z06)GKxOXZ|^BB?!G zP3!Cs{lPc&p`E{Y^(3r>6UI0Sq&KZ};ba?g#OPC0a#?!FXQvsvy?dpKg<=8_7_RaB zjMy!;x^>$z^NF};_0)|xJKRruo}BDmYb<4mm1f2i6$!Gz@XmjW9`1F`f?~9z*XDv| zOX(_QhHXc0f&Qf=Ra(A1W$)t8*VPBD91e@uex$b*I&OW!crG&a zigSa_<61V(5Z?VoN2@}+-lgFTeQMXoMLL|PHwReJ#AJCYp8V~FTKVbC>FF;W26XJ% zOdsfauCcmGSHE*{dU(Mt^O`PxQFHa^&^n2fK7jiB;YH`B0q@T)miR*V@xuqj5;m%P z1WlLLoQ(Ww(H%!l_hUDDBc*;feaB3t3)l16vzRDw__JVMBH!{%CyxeiZJI2vYyHrc zf91{J0}F$)EwLA3)Y3}QM^i+y)R&64>K^6lYkjcyV850%_A$+n`o!LQQP>b$BzJv0 zwxidA98+X8dRBm*{ghB(8|S3BSVR7O-_8b){MmDyOpKweXQNwT64Hz!_dYpNDoMvY zs<=>Gj?*Y(3&6Sb^X+d-X!o|Aisu|VR(*tCLwn6a4?R3`7XAF4mpR46g?b@|1yhKcJvRX!0W{+#v&Ct23xj~ef%DeR#Sk^sk3nH|h3bKU>!tdm_| zKyYp?smKoFJxF!po1@9>c5_TBDtXTsqdR!2bJ`)h`y=!Pvw+op<@D$m=_BIQn}^Hp zwOz#vKj-U{6vR7D?JqC%$uDdu&9p=GJ~a7#b346tQP)t%I)RU^)0m}5F4=l-yvcM4d&9E;K079 zdBs^k&1W0t@8%(b+dUXF+I8A_m|01Ji+>##jmz3xP)d3E)~-GE6`3b8Ue8X1pB|LG zaj$55_0EGSUBfsaB8-Em(9ZmI*B6rZR?L^m6-H_rNGSnCtCNpF2bCr zui#(baQua+!?)@V;1my>`n>RAZf_e~`t6l1@@FrMI2CHe8~QV)VoBE5H6Hr~4f}B& zl<2rif30*Twv*KsVzkP-TGbQG)vVn5GNi-h7wC(&UlWb})C+5*3j!i#+UC<8qXn$@ z*!V|#)!rF?S8OR6DxN3e2^ZXB3#TR^z>1p4PwV{%8ajipDk!Mckwp`}DSOr!#kg zbnT`?B=>69wqJNGanYB1dGluWBupc5_?%t>Tjl(P9lb^KnpwL&F2mWuX%f_}HFqx7 zu)d=dgyS2p%hI!Y{yz6m5Sa0Z3~JJ4;9?A2O#X7&?vPsOxU8rr+SQD%Vyc?ZGu9<+ za7;KbmOK=)@TKZHfBQ5^-#`yJAEo1ZOP(|C1`lVgQ>kn#f@~Ia-VU6XVU2r;PA!b#NJW&adS1Dl*UQFp-&=ai;|7c|~WVJ~7ZMd$ME)&P(}hkO^eL(JY_8J1E6>G0i)O0x z@VB)*EDQ}x@RX@*Ub;=n6#q!%=$KD@Dl)KVu0E>N-vV0_Td>H<>H$YnaLT>-M6+A% z?`}!Ij@=ALPkjFKLWwf#z-R$&-LH(O%v^BnWv@$=rrB7G5%#))rB;35%ZY^K54G+5 zt``o=w!JC!teORz{>DmQZdiXke@SV^bp>Zbk@DL^X~PL$V)Lu`>n3KZr&lqZm<6%q z=n%4J*Kl@d9R}4BBn*n|jwzR|I#RzD?$;D|Z%nk~;n9=_lVp_~X(#GDQ%eso7baqE z*mM6TFcHnHd#Wo)%-?0W%CLImaIIGSN!IS#!TvJBjL*Z2u81qe;0poGAy!x|Yj7ez z{)$VPEeqp*)xiFJjOchZC%W=`q2>FTy_+d6ndWM@#dd=((V4&)L)TCn#(C_n&H04K z7BPR(4PeH!zt);zxr0Wrtm8{lLm~5@UVy;P2aaQSub4YO#d#KQ2`ALDbXm3LA;e$Z zZZ0(Vdu=(9XKs-Bqv!K;_SkbA>XW-jWof-;PF(c6&v49Fo-Z>}%!<8Rv@@t9YD*81iAlKQjwv-AD>fv?^K(^h`?HwTwVyLl ztUc$}`y{3}pCKImnaPP-LP?iz*^v894|tO4(=Mn~+TNm_&VMc=I_~&IXZ^hn^ZPV6 zOb^e`hP~PetBxC#FP<3D9DGUQ=!x8FBEk9FL^QPwn~n&Z45Yo-9?-S9>9JuH)h(aoIywn|{L@?y`!G(sv?e zBINq!UKp_HTxj3=o=)QBgQS|F?bU8lt@?t#W?peC#-jMqjq}U@y zn%AiBZkjVHFH_!q`->nhbJAfstdI7xHqhnQSEt)Sw7bUGQLi>uId=J1Vl?>Q!%5QS z2A%Dz1`E%vw^qmoYR@Wc8_XDH5oUNz8@QkElCGZ3tN4io`de#JKUA1`E?KA&Avu3w z?tN0mGT7MuLdWl3p|T}yiZb7a^EQrFGaMT(F~V~@ny6PFKJHP8IhP@yabZVsn$8Z` z)hX{VxS!acytSRG-TZab&%l|ms64L`?oLJ4D}H(_N}8&{`wG#%x*w;z{Y*faZviG3 z^P>d10MeT!oD(j6YgA7^yFNzk*NRxsCG(xzl-3}4`SK+tzwO6#nfOXUCf~t`TQ+ z{`poxJRQsY{Er8MLcLi+31pzq)k4`rh(lU;QDwPt)>QXQ--iFp6_e zRud$pohSFDir?|)@v-XCit zw&@SpF|7Cg^shx`quvLv_8S{<9yumGaoohj#5akFUr0(yRva_E&9?60itiCR+ipTU zVnUH8)QdM8bnj#M4ujEB3ko!C_`FYD?&tf6wB@T;ul85FAk9MW{-Z~uWcCs6)sbSO zp13Zpm4y(|S}gv5|Anxk0E%ecnod(nmTE;tJpj#0jn;^x8|-&Q(qxUv+|{%a=g+cs6wvlzoh%DFBry#dQnLZu zbQk2Z{l<9Y*_r!zsYRF5j7M9pW|bt%;P>a)@HHylSK@fBJXs3=^B&vhNOruYaw?n} zC`zPxCiB}Z?~9M5{rvfvRxJ2;vB}_CT<*UX?6bIG?gSz(j@xYcq(ZmJ7s2$O*$Sl? zcQE5$ur%fW&qMyR=KrY|yy#T;->4n@XQ}>oDiiDlr; z6r}Rldox~QwxYHS4XaCF(+_BAef|z-4OZA0W8qVZ5C2j^ClhpJ77L*=T<(s2Y(9GP zeRZ`^lIvf_lY_adxu~amroLy<9T?c<`IZ;@icOhX zPO;TYQX7?9pjwHkWQ^dj}BU^~%gr4>#39Ht)I%IMR*#Eh?RdYxMkJ&tD{ri^^lP?~5BWk|iORhu@ z`6JgR3-sGmO3ld`85y0Oovlwd%HYd^K7@o2yf@QM_Bc@8tXQE^7D@KHaACfU>vcLY zgLd>cEAMki2m==v5gQvDd_w(fgHNVv(em)4+hvUE)7+**-(Wt34o3BlPEV1;%Gw-m z2j&R(fEMq%I?=hgIZQ09%5?2NlaCk|z6@n4ha4kUqJM?2#EWWYR* zKEn?0c#-us2Q~S%wY4zkK~}ZL>5UsR5U3`-F3%C!T9e(9o%=1M+KWJbnYr`UD-_3S zbZ2TkNUOE>{tn|dv8xmr-B2$zr{U!#rKYBK-TQ-@oUwde43xRNdGp48eU$J$mvJw< z>Ci(MA^e0{K6_%Fn|+%_?c-g-SMEeCjWA?nr5Y(J}dB}^xp z674+EbW9tMJ-*wbB4{_Ng^v&X+_f~UKeAewZ8!VuxA!`1kHk@OhL9HONDpQ?M@*(bJXY5Bh|JDr zMtMe}fWy%lvM-iHA1jhi9__SIAJ6&_wDk9x2>9J5s#C6s~M4LmzBHgj)LbW z`*tkRv9S{F?m`$?c;(sW<*|?7{eDmL+!yUDxIkwl(=mLw)ZN3v{cnq--pIM-+SARZ zIqU5)jd$|WQQq$H7kFoN)XkP*N;^>v9VQeUwO~uj5oWs z*7f`QbE&0F2xp6ni`$603lb|UE9J!VqlFNc{bA);emnXQk&~ZmPtW00sdUGU@sECf z7_ZALHLv61N?9OHhXZDQeA&Elda#jYt<|wVKjk!I2*(QSt&fFAv8eBY7y3C(yI?o5 z|LIS`Mn$)sot@m-?v-S(-agUGZUs5vPjGxzz-^Yw*%Pm$CTdp3ne)>_HV2kMwVb*W z6%-us=2F&#gmc^K#6Rh-*-lv-1^Vx@tjM!LtS!qE|Axb4vxZsanP%Y)Q?yyt79Ubl z%DL0-!H*hx*6DVyZ~Rhbnc`xh;SV|YyB;IZ9U}UX?-Fg(QB0;%G`TbG0mT9p(t*Y7 zpz?-U(4$--H0H50BI6rmV+cQ^paic!@j_O#9LJa$vdJvb(>+FrT+P(9G!ENE@k;yE zD^H-$+GV$cK|)$O75t*PrR5Dw483&B`;3etW>Z9N4{VSatMd{qoADGxGb)OOkrf$s z-QKLbyueL&X}jwb;fA3)f=%uI9s;I*TkulpL_*sr0uh~~UZz(x#%e~rRgIKYcJ;%* zs|Pbo=KBHW%2)SmOpLg-H9Le{u)kYWRKYEJHZ>b16NxNYS1>S4rYapinT&2Yf=NA( zX4ORH8@wlnn^XKACy%p~^U|HRrgIH@jJQxgD`d##-lizK6VNj6N_ORFH6wYn*n}uU zF4<8g>nBwND6!hwh!YmIVx6I%Z_ZXkFKwV=q?-O;vg++!2le!DC%=l4Z)K7M{;6;XH4hGC@Et{NJY zpFVv;#i*ey=)Hzmfsrno*a<22&tyfB*%;(Tc|hv&6a3EGI++`qIj%eEkPW{7aAA;5 z&>2jZ`S|Hm#g$*0mG*PsGv?FPv7%>l1bCEuU%k#2sMp7e{J=X3T=z{a>&_j$eSFwV z&ZSUv;rdz>81b0^?_v1CjXza^S166~Hmg$Xk!Nm~8CVeGcaxj0E{*WVdPRL)B#NoA zOsUWwwnefv+q8cBJ$JUkr;nD;%R>E4@$jdqk`=A4<2`*U6YG8pN1R_zmBO*}s@)>I zyyC^?$bCEyRbqMnI`MkwU?mXvKFQpCtd#ZEaIWzaU;tvjriQ~AFF9-Ld?t1b7yx$t znA-Oj5JAfir`=Q`gNt5j)W)m&L)cJw{rbt%r%x-&deMA!t^fR{0R*G*A@;|Q`zVyp z)hA>(W<@8LEF$CSDPm$`vOZB3(i%ijMOA#bG0_$xdLgc&Le|jG;0`%2LD=n}u#{l? z{BXu@xtn|wa-sa7Amn^NG7@rfPBK;S=@1g;AiA`&2X@J>8Ck=*BFf~{kj5h-h{1_8 zf6@6s>^&E>Tb9n;?@Qo+{`4t2EXh3@8ua>Mfh)6zb(g}hvhI)x&=yx#kdV&Hy&sX7 z45Z>f+DD}TfM*eqyaoylrLA*?Y1nRQE8wc}spCd5%-UF}zc*f|Ug@#&B0DF#G z)0&oo8xv)1U0nfQ7s%xG@e*9Wrl;UWE3SRvBuK=5gU%K#eK)dR6M{ z*RQwt_8LK4h>@mu_wZm_oBS21OP2OmcVG3dtZhW$TYe*E}Rj_cKG9Mdjd+M(aAAl#w?xy`r)$?U)yXB!w zh4)CAgJVgmA9i+j=$+hEY{%!2ywlPN0Am8Q@{Nfhdlg9bMmMg>kHG1C5D#;BD49cfp_}Hz76y{){ zAU&cl=nnUz;g+RvIgvT|hh9H882$kRd!RsH3}N#)zGu<_p$Wm$cE;ln04zRU(>Dme zkY0Z@3dKs(qjEN!j@Z7t)aA00=mZ&fxuA`zsjqMA2ePZPtE*{ZqH1yv9yd~ut>y!e*a2hJCvx-MoUbIB8RQ>t$&cOms&aAjj zoKVpz>3v^xCDN12k_mr&NPw-rze>RZ%PFrZwrIPfSKImAhuUPgxf@c6w!B(@O1%7V z*Vz3ZzdDY+f=qk&fIjs;1F~z;wvkaYw*r{zc}hi;GLza&p}n$Rxd@7dr&NkibyjtRbiK9rZBJF(F_} zUtpV#H-jLB#|4NRTw1~OXPvjgOnm*7|s ztDIe2Lce~s9&3ojy_*p>({-^kQ|Vv^iPm#|eqPeSu3YJ{>CoqlWY4$>%c>w)xjDd( zrdO5p=9~TDz3Al^Y&M5ePJ=081f`Z!lFyz!tGJB^dXN3qbRt5_EeOEyEh3`T$qFu| zUy7c=h+j$pAWHyoZ-Ct1b-Gp8mnsn+BkacWHmhXd*l_sg8y{`Yd0nh{9UV+qX)avV>^&jnGHAaE<6k;Ce@oV`j_SU*Mjk3uG!*aW`5KcD zlzOV41kD|6$pYqjY&75`ym_-8 z61Bz@T0OrG+v~ps1Gi9t5hw%cnYSdIp9i3a8$eU8b$8?=rC-0RUF>Sl57a5~u>o~K zjHzgiMANWJ@7oe_IN39iO%hW5DHBxfI@=$JYW{8X?rNGUdd77&A`?kOK^L zer-*il^vs3e*}__TB*6jV0s!hB3B^;A0CrlNQe@+@7r7rRnv=DF5`EI+`Id02;fR7Wv%465p&86vyKr_?<%mTO$ANWT9u_5eo`U0#&UVoBO#61QW zc15G*YY`C<0O&}-akg-jEMgC^ciZr%AFqP$2yNG60D`gEo^7y2_m5XaP1^7;5}CNi zjHHl}aDR;Cs3Y5HL#*L_BB$$Ivz@&;Ut)TUls(MG3e&Qrl#t6k9i5$z99SeIBy?x% zKbX(do);eeive_Q-XPIr1M=YukSp_)w4N!ix)Bh+lnfK&*2(@_RXUhnqzPci%u0uX zdj$Z9H13o@G%{8F#s1UnE(+WK(xRFiD-@_ANYd-t6iV7u2>A`xzUUz4jJL~J-l!TER<-+%>9P^_A{yc@)KJ%?ftF|ut+~F64SW2q^@#A=Z zbrvtR@m+M0{~g&ikO>Rodb$03iqy(+GTnsxt$S1#(-svSb2&W&vafI_i|Fw$v> zKHjk4yMjPDiS+dJ^2f}Fay8@oL{0+%|3I+E0v!}1251o~Jp*`Q6FuJ}qW0J$gg{Vb z#y(qkA9`)Se5ssw7e4uuBAqOf2#gTso&YW11!+`2M%Oqo5f5`+z(TA>UV?bH%$zvkeaU@31R|d^ zG8jN1`z9Ir2$UHG03fSpVIz8UC^-p5=s>~Ma4_8eJ3N%FiuA_t7de{sc|b?E139cJ zo!e|AFo=S87w9wLty_(d&%`Aqe|Vms)OF+?O+uQ*#KgQwO)XbuImNmunH302=@w;5e^;;ZA%~$r+K-sxwE?n(|o@ph@9yfo8uad{1^e|MgxC z4BFF^*LkH3)SgLQCv2V#Wx@VG(Qi02XWQfYeOwf}6^3MYah+A}Yc6kdU$w77>TX1~ zQ4m(m@e%29?&Rpt=XsenCw@qa7Z#=VNFCbh6Vga-*V=bB+uMTlYJO3&$!GipPwhx) ziMo&byXKRUfaUY=y(O8p6wIf4#ylPyl&R$&$iHXWUdaKuZd}`Ydj^oDP+z0a>A72cqwtFc21@hB#n0uTXH?m&M5M`^va#+pSzB-4^YlRGAt|%;-vc1vD{~%yjXh_9=QYPWl#1zVPsOyeZa|CI8^=n_iK@}?dOe+ zjjVA=$;s4S=WE(vnV-zqmw{#=8*$k{w>UFZH$-+}8UKYbLMBBKn67BHwx%W@9*c1} zBgdxU+ZWWi+-RFowrMEz=~gdiOd6?BzVKb0#n*S{|Mehck%hnz{cN9ku)R)65xcJhIo8Xwy<} z`uBfm*LmVm@C1Sag*;wKF4Aqn0#kH8+i7DvmXeCD^c>skqsGoz7b%6*gF{5G(K-!0 zTKuI@p!zC)rI(==Y*T5Y($Y)cgPJo=BaAqvZefqJTXb|E{sj zzq&cm0q3GF{|0Y&DFaydQ7KOR2%1pRoL&tum7T+A5Q&2oloH_V&-cWVn+C z|5am4dC|)=E(~n^X3MfFC=B1YTNK|17`YSDOkccJ?doRsBXahAB^K zx|@zW<>SEh8}iaJ9B*E{{CXFQEK2w296fMdD%N`K)U)Qur$}gJtT)!K7MWnYsd)P` z} z2zetfFTa+2^Vu~TPf?s+_*N3*J|kG6Z1u8Wx6KMa2(H``BAfQs^t`;$AYc_5bcBiS z8=d9dO5ot)S^$xwd2H;MAY_a z?(7^7BJX{?`Rr_1+Gyz462q>04z-RZ1DJokWwMGDhurM1!(0nAhsd zi_=!*DOihfZvsCG4?v#h0J%bPUprUN%cnArp`=7rW<}dY@aZbXBEX9VT(;_ZAh@W< z7#kaVa=xKC=rTy=RLIh~w6wG{Zk9(*eTK+U2i;3BaINlmnPS>`;l{#cW@aWVEX)ag z{=5GBVDEuzrfYdhQ{^^3C`~PpS~Lj&2xM#YdZ@WD1$ke)al;T&vBRc&+y$P5x=OE#WT#0TdcuPK7ds zMMW+rs~H7lWo=_)v2d0>JV0Z)%>rtH;7ObM`$OmF^#%q9$vN~e!CA`7%eNuVXHDC8 zzI^p+0HlB+Q*O`}KvP7-Bm=q_tn>0RH#h$?T_cG4DigGcQj3M}epK@yR;9ygzI%KJ zpGxT36F^XW?nmqZ7xYK-b)T%d@VV?7s1?8a5FbymRd*@!dOV$;o?bdpfTTpN2Z}XN zC%c7;j5V(NjV&#oE>G(&xsn**<|*(cASiw*CMJdkio|G%87W%b#R*f0(C#%J9v;xm zgxz6)`%!7%|GKrT!gtRFNy=TL`FIodZLWb7d33Utw>nxtJ2En|Z&?RWWY1L?@Vm~= ze2Y6o?$-EiTlf^fG*Qrrp<`*;3nk!VFn(t!d#jX~k|^hCErC+Jw>6V|75DbH*AG#( z0hIm?PBDjaTJ_REu)6T%WUJ}|vuh9=07rj{j2xz}C7*#Z6G%Shqxm1`q@t|XM>%8@ z_!__sr9eU@7jZAQ(fSOOK*!kF*xmUYqDTc4^b=Pjs$7ut(3qnG6)lv0{D6T$xl^pl zaRc?yk0QUogWe<~6SuM9fay(Dz>FoC*o?H~7sC@Op9{GGYH;7v+O zLJbNPY=M!2H>^%o@rH(mwmxYD0YW-YtLE=yM*6{cp&>3gIXNmjp^C$o7l(CcAS$&k ztnIskj?n>AfGQIo!|zmU-T7e&XU~q2GLD|r`y=WGMn+*@zt%%=8>@6+LUk&j{tK&@ z233UA^mIK_(@qdM{lmkFQ1yhFx@3?=6Mz2vDKNkOe14m3g4aiRIb8e;V>I2UcDg~G~cHSANy91KY%1T$qzm!g|fmVXnH_}BA_p1Tt?D0r;E$W zwoqGuGI)?=T4P5?$5D`41t?cG^UXNRJ@LkP2O!IE*#CK*keCP?QguP~dhzPjh%+7+ z7Z=1b2}wz~l{dsmcH71FSCKhjTFe^dzn!@*pl9K+>80)R^70>h0eJ-l8(Z6XRFxJm z8n-0{B_$l{uFuZRjZ%Yw%K1XQ0V@p-jOzO)pZRCJgvrs-vGvVW2Y#;$A@Eept5?4( zK3W~lB8A^;lv|@KC@4fo(t+3mlTAoW+zh3xI~tpDyD5k@euuxrC{u=@34;Cf(d!Wv zr(YgW?=YFE6^3YYbaFCKYN3vjUzwSi|G+)rHW3jK-xMFI7QZ8`aXV~nZvF`JMR;_y z*sE8s5)E_vfO7o-&;s_})ZHEU?c2THBw;BKBT`Oe^-FVl5`Uo_1!NSV_nDcDZ{NPf zBj-#Va9Lkmd;zf>-5F#L_$sI~hNbET9fEbaE8T+BgWkdB=H_q1rfchYO0n_r;m|4o3lB|s z;P$sm)MUU~+WY!e8b9GKE-l$yoVhGGd@J?%_2}WlStuLm!24BHRr_HEK(0{AWV=Bn zM8?F#w7~QcO6dze^b3Fvi;+ffx1?vRzr;+rHTZ59Jb5|f1rRq;2cFes1$ylnKL$o3 z3paxXpC8b60UaLfdd;8jl(Dd~E`#92D}t7uno3qzkj0W1XBk0q{VD)ARFM|gKF04l zuS?UJxQz7lAH$~Pyp{L4vaX*WNcyr%u99cq%xP`Ny>QkkHEk{NxN|s6%|O0 zVgPM}2m+TjJQ(^YjutFzAeLKBRlWp-5lGMy1UCus_s0QXSaN_E8d5~{#x4{B<3I^) zn^RS>f=;a9qNolqRI|y$8^58fm=G9sCie*r(B``qRSAq9N3CvouQ@cXdj^srK&k-uxoWu`74#7Cn6&w z)4#S4aIg7DZ4^p{s}NxT|A8Zr|Fb4Aukf>y6o#bO10^M@z`gx_ZdNWbyudr$zn(hC zd*;&7(G6E^01QWk2&jsP=BSm-M=ERS0^QW8a?BYiL_wP$t0*?Y#m(IUZFy2sQmopw zf#5c;UG*W!yfsnB#>SSGmTqrvukYx4y%Q-QC?IXe}56ya9OG(mECeTc0Di@7w_9D(Q2W^N@oh^!sx^ zPH6ZF3lB$0rV#O9j*G`j0V6W7vwwx!cFOCAk7_L6s0%m*3E^D7e*fXapCkMD`1pJR z0=wYKO6nQIrl??lus%jiN=kI+PA35Qz`Xu5DpXXi_X!H>*^*3|Of*gQm6VoVgsz$; zXhlR7DIuM3Lh2Ar$o28TKp{cM((WY=P$xIDo-vUY&H7iUv{8agGdealT%Mbn`VlJW z06^cYT{vh$p;g+`DITf^zXpVupu}ZhXgC~8T5h+}lW26uP6BA=S*LZc>b&UmD0|H{BQDT438fZ2fcc(p`lS?QD!kQGRs*}UJl3< z0^$8TLFogPzGuJGj@`NTWp*`HRN6th8!fk?1y_ZcY*!03X2Brt_U+q{&I*B90ip(~Wel2yMx}j6j21|VDCiDG z-Wo~`oolGRLBM`QHCl2nUSL9a!m1w_xaHHJynu*uRE{`^aa$$QUFfCzp_y z58IiTsvI!E1LM}O1Wbvp^Z$_dR#9X}>*y^;JeD0(A`QQim0ctPg-Kz>T&8Ms>`h7I?BE-lXB<#tkvYlk(e_*ff|3 zfXo$$#9;20S6kx`0XX=U;sES4BCNmP+#I0xoEHYxzr~xHpMRN~WRT>T#I;EF@UTxF zbZ!gW6aeAgM3{iAX{><>;97x2mDkdGOJVenj+S$v=M@3A?z&dJ=dzp*386_e$wOI?H??nf^w)h*eH@2FZnuLUe0FHr$Lm_05y*oZQ7y!T=aN%z#`|RvY z>Jj+IH@gTtw{HQGc9V-(sp{;!EzI@ilmUccZ*sBTa6E1vp0~9I$bfqw zzIqFy8{hCxa@mEgc)m<>F97KF0F+US#tK{xV6&=SPj!4AkGURhPvzQtp5Iix0E4v! z5P^V>0g(oI=PiXel*XTYxjXunMFu2roq&`pfzO={NZJ@Y-JK&d%>rraMga8?xu2!8 z86#+v#sS$c7VihArKP2}v;hS0jU<5kG60hMz((6-9)6SM78K9`NF^L~)j4+(*B=&n zBRfjK;B=)WAvu}d^+e0(`C9FbE&>9I%IfN_kr5PESJyXO09X|FH*W+4Om6qv@e!y} zSd-@Ak}*{JEVyr!&>bKRk^#&JzIG7rya2K@0PNX-upy2~+ky}t5C$mj0;K0S0HuI6 z9s#(EH`WRWklTUV#lVOGEj9yM3c$pDKt~rA66zp1`S(8euo+Dkd@EnD8|A-MehAg# z<>l?{>PiIeSR#^e9pD4Xu9AdhESl1$W=(*C;37asI|wjQZ&?bZysu;cbOQc)iomGw zwAnmFFdJ;ife$QL*IRfD$Y}wH(zmjb2Cy=f7SnVKfKxJme3NhkY3T%j=l~qjo0P!! z&!eT7iHXVEid0mv{EPkoOg9i`$N(GQojhIaTQCZc5(@zM&+sm)n+0~lo6iA4>$geI z$;q+E<~;e$J5L1!Jrs<(-f_rucqGk}R)Hjah| z2YwI^5sa7YU)_oUxS9muqMyvUa=>bUXcpi|>(9B?w^3=pQ75-exJW@#t0y)~4QN0N z1+ZjeYaBkVk0Bb%rJz)R3j=&XDF>HWBS6Na0je4N-R`@lho-AjIe~jUG8;f70E7>a7L!pj&HZ&jYA93x)48;ml6AnPf!rMfK)f$%{VD7ls6dWQU&(Zx z*%ELH0FML!Oz_6$=9^%Hx#dbRd*bI!<7JL)a#Wj#CgATKpC6okp3WtJNtv0NH~-n@ zksLB`vL$*6d|>x#Dzs^USsw5djskq_5U?#PDl6Cfsnbh1`g1>Qlmo}Ew3z@T${Q4p z^)Z$X$pbJGmk+T2L9>W&2+4k{mTH{C2)FtTk#G5Y24K@WBVj$@SHKu}38A9w!26F8 z#sB$8Fqbh&^}d|rU!U{#0#;&k5dZH{7JUC-ym1aGsU#5GKi~D9OthMm-1OgH4MYe( zfxG*!3;F-b=q=`{$B6IVd>v>%F7*7iSYPsh%v0j_40_Z`g-glyzo8MRFo-`r0F0lb6@fxX8x(7aqJjuxOE8 zc6ql$s1@|5@|ksTk-m!E?WL9?3n}+CX)$ShxEiLzFY<0-Mm{fw>ufP6w_?B`zV-ON zQ*CgQp52Z>TVsWtml^G;1qM;I&a^>g`*>8D(G~BM)U^&t9{qNbaVEebRBFOM7LWM0 zR)I8#Yrza=eU()OEat$p}nvXt9lb*;EW}|G)rWD5ASgB8ZPmiCTsxyIZ zI~YMsLKr*%)k|n9*|wD&YE1hceodVXh^wdD9Uj7ruT$l_Z(uiU;_#2ETl!Mh+?b5( zj{z}h!dhV+=o|zsys9ldCqsE6H)JeTzGzx`G9(*!${p6#j`#I+SDCTpTmHK|S%Q$f z=8#<%Hd{>werhJtGvWg|xb_T6swYx?YQryo={mnIC&?~D;ocNbqe!hi$*$aS<7>x$ zq-~L?b}Nw!BnUR@oGB&y${M21eASWZRmu5_anL2^<*$P;4GHSdZs0ikH3+;~jMOV7SwVLU3W1WYX~vAt3x4l3IIk0?c?2{eUS-@PQ1ep1 z$i99iH6zZ=;vmbyKmB=~$AxK8%IlW4*+mZ1){8LWphGV&>MWyK$`F;o)G!Bea|Jip zRLHz_!ZVn~vLMf*Oep^IRM=y-ER*_Ws5s+-oZ_H%*2GUN~kMbTbE0 zR1ES_y|~m;uw3?IuJe(A?(+g{h6hW6n17Y+ZQ_rkrvx^x53ctXDu6BjmDHgfRuJ9! zow^Tn;R};Nzg9fPq1vn#-t+wisob)y25F~UY6A|@vRA++iXJ8)IG^3rm`qyNwvY7j z0{J>XVk--VDedppki2PgvDaMvl}%5v&kiQlZq@4-gi&2Oz2oAtt1?zxgYT!LIK3_n z&+kl5jNsiDdgDF4=sh%-baHI+bIyd(Ck6YVa+-Z;fv2mOHCy;Dmv`UoYVHFM8-Cq|)^XP}}41PO9p}bH_OPP)=Xg*B{ z59cVLG+^SO`A|gMTV5qFTZMt=O&D8<+^>ZYS@uHjX(Je$%KW{lv7H!nbsg^qds6>W z6uocw-Lp;s*9-Eul%t;cgYS#Zay2H_6R!b}rGOJiC&L1W~& z_i7L{<(XQzozy;E)r@SX{~LDG*Ztm&O9%)gj1)s48o|(wv$VJMD^y z1%dh(&*P>-osE>~m2~#G!fZOU6tZ_3QoDAvOy~V3;bLW)oArAo4_=`Y9)ZQ?umD3c~%x1LSz%Y`NDi z!6N(FBh+M|?_;GT8L1x>Xr>qK&3R* zZY-Sqj;#Hs?A42RO6^Hk!OKYjW`3Hhv)+S|dqADnY@BG$Gj3 zAy}fZW$LPoZDPYjS%9l@EwEh`$rVC=GmoWWrzEX`(9Rq-+Z4Zh;Ct|CJtHF3{Kl_n ziL+atlzx})(mL-d_Ia<8ceS>fGm%R1D+~fw(s0jMJ6_3BZm%v#bo6aEMpWzWCU>49 zcZpv+9jAJobEOVvR}s!sHWj@B?{#xOyx8#?>K3QyI(jt~7elw_YfSCE(pp;Kg~&S8{`GwxlL95uA8o&#${wYl!I zg~h4ft?FtByrRJR2&8u=76*=1dU?xiGaHWC--$vTjBvVX4eNsgA}fXHhBVbDn^epN zLR5VV(NS$bwM3Br7&t7?t1DHH*mZFce}1llFrNjd7TzbxAeoek#jB4z*)*H|0BK>_{AXf3ZF_FCe@=iq&|YK^k~NLEL4#z=%>lFzO9RGq zGCK?n?jtGpza#17jxX1r+p@o+m0s$T>3?t)f#+R;ONS^!{vsA=X^P6HytaNE=&w)7 z+ttNAYsisit|s|cWkW!Z)ca2{1S%h4#@=6*iAi4*^c018%d@>A2)=XRNG2C;+)TlT z_3_n0A?FV%@s3zGe6|@bEeGTIZJe0o_%G8aWv5q)4OY zU3Ru#YHGp-c5o$_{dfQBi3`eW_z5g)>kW&4?9ASGjMClzLMs9}PL08GdDi{xfdstU zQ_AI!jgxI~y>16CiCtX)la~--TD&IRK_--)F9QXS8_04-~hrye=*|l|rt^%qz{<17XId=%aF{1iQI_bGdh%9I*xkQlZ3S9x?bIKQzKhs5MOKs6L8^Zg z)>nw-!@taCkmc+c*UMY~)S5EgJ9Z!O*?-?liJM{v1)g-%*;8`PZ5A+M2btIFWSwuI(&^{eD* zrnQ?YRL)FYl;06w`^ax8r7jxGISojd9wR8mu(w^|>)tm5T~oF5qyE>cxG{Q~_2603 z&Tm?|E`-1I(%B2JlwP&>T&-+2wp|m`$d5bC4tNggY}7%N+poO572f)mpnA)mg+wV% zk}sRj5%wi4>|L|7et3Q;PA|HEu2;@@=n4VZ%&>pXzI5Lj*3@D?w<03|@~iY=8)R)P zBqEX#&Tqyq14gg0=pa;;$ws0pM_JRs(62T(mMVvP?;Tal@fVtdwr8zB!wDef2tAin zS_}*hXV0GVdOU((Ly1eyN@;DW8k}u=fTQm4ujq!;2jqo)1oRArrziWDvK+?NcE%5{ z=$X@nfvI3>KCqN>hndmx!N^D;`B;;quCab<9mG6SAZI!MT8z=UEJF}CdRQ1 zynqHO%Zn-8aa?T6e6C_G(lYg3D2M;FJ>2`NaisByyr*u|kA=DR6kWToLIFBgYPR^toQ?w%%{L;G^wE0sX&Jsvile^|zm;Cjb z=-^72Qz3~!$_a__K2Ox(rnFDNgTzaWe0VK-gaYqiiJ~=k(aibEc>T&{JIW8v-#ypL z&y1j!)-4q>5NT%;m#8TJ5TaKuV2G8^D984-c%Pe#Md!5VljtkuU$1L=LDXmz&e~WsL z#j?EcY9UPhuoe167s;}9UgBH*2hb-LPq9D{i;BL=b{G`9G#2LJU;1~yJq+a1D3=#f z^>0CA{cC;)UpW*i{m0yvi}}^2JKB6Y_^PzQ?!ubgl5C!iE&TpGxF4&vQSlr4 z6Dl=v9pungd*`~GTruy*-~4l!%J3PuNV%wC#;B8lIBYyACc<1`%PE+(b!)LflB#)d zR>(S(MWRe?U3*kCd<)bf+jz^Bg7_kC$4QXF*KT6fpBtpm-lJ$+NCg5^;n>u?&L zJB+AU?&XW0=GO+Dp_|513ovCtqq*_mL?xpgD-0sNqgKkW{H$Y)iH-hun4a8gT_Jrx zKS<2ExarHD5C$d#p^ALGK(RC6RWs74lDSo7TT+L9>_BQ#es)F`>jF_v-xmHyC+u}~ zuMdHal8(m8=}_B4{Avrmos~9OgF;+=9M?qRt2$Gp_R(3{{&Y!`jQ;mr$_(a0%Af9< zgO8fkHR&+sXrV)bnHh`EoUwJ~wNE_rM}kV>f5MQLX*xQWVRgd@eZt4Gj#skuvx9+_ zt_CHHk=xdmnuE8FP|vpGDbgw%D~m)bWDPDi?dxt7`J*|L)vnv| zw92WlXm@%@nvsMQ8?SWW@Y&?ZKs-7pOsoS4N)*)ak6Xk<@O^bvkHUcgm~?zWuoxMQ z&uvQ9M1wt1_I_A9yMK8HJFNSp{FxB2=p2pJ^2_bnhV@I^OQhh=BR& z8TS`aV=A>}ETix1rVzCXhbdTKP#%@Ug5X2ZVEIpR$KU1TZ3z==>O44ty)d!2_LNf2 zhe5fyPSkpxpZNv`ia1;|oXLAjc&~8#&Dt&uX%*^!ExM2e+|kDrKP~66i6Q5h#IN8& z$s3V=LS;}MSi}Gu{3vd6CMV$>K0nC_ICZ>Z&Be0Wj`5`0J~PB`a4$BKWYrbh`Xvr; zp03?-TD|C*4}^9$pBeok59hs-VQp?TrynW`UFv!lpQBo3^?q3P6>T$7c`bh8G%ZrU z`%a!(%5ZkP2)kIL)l1kUBzwO_~+JikPYdD+$Ig}}&gZet25#*Iw zxb(?fL0uH<^ZLFhtgKvf%Z4yjFuTT?k;n)fA|>$&@?qGgv_<6ocpQSCZel8B?77|r zd6vSl&CZ-1)@Gc+ucMsrbukw~Sb6nvd0#w*iU+I4zJF-IK;-DFOrz9LKTMxP%TB72~`73)G)e zgWY-GMR1TUG7fAPreyl&FVFW>P8ym%KaBFuM3I8>KeeV3e%23bA~*^Q`JOd%XJHYNL94w_ zFc*^=Yfcm!a<@0!elTp7UjBNnjr(uTwJp(PdOlD3ZqOyW6cIypuSwO5T?FEZ-Yy9oeE7UP_XD7}GkHz+xzGvikS~XSr=3p!%BfGmQ_ZYR=r0A1_|_(omhKF$%_!Xz72KmPk&T zjg1}5PNn4ne=$DibgOHEvC#H0XXzZluQxf5wUy z*2IEK3$u}JkdF~>u5Sk&KIs%Q(8X8Y9DW_1g+8U5S8#RRDs<7{B$V79>KZ2dqUI;; z9~DI}ftoII%Jwt*IQFNOe#;F*G>&rtU+}pVNrXLzjK`Jf(GzXbUrPw2Vtgz$cb2nC z;%=)5Q8nTb%P*i~&kt*^DX5Vr#$jTdKB+`3gVJkLJy!A-EX8B8^P#NWNveD0MKcZc z)=wp}Nx{$Od@af40`rmzB+MF)Vby(|A@w&#HM%|hhRzgPKg6t?0}}KXRh9I$k?6!Y z;ddh)kHU#>`ykJhA*@sNz%-dnjG6JgC_k*2(z(M_$MLEAb{vzlN2N%q#DfLMtN}ea)}*Xy##EUrn@g-|nMg>K;!w9NaG+mkYXwIDv4l zfvAg0BC-09b1kY0Ntb?<2Ma};|gFFch=U@RD?UUVtXRVQdN z+Gdhep)Ut&x}nGt3)S4kW0KkKt~46bDs?IR@aXo4E~xf?hsh9Gs$0U4c`79kyEnPc5l?WuQz8Sh%`C7 zf#=syQd(NltRVf1x4Luo!NhiS0!RAWr8_9O-hABPho%HCcDSp>+^AH1ajwly_(8iy zlVT>i#9tS99>sqq_HY;na-tR&FyYeqy0|WzoZEWO0kFV1fkyQr`Y!fHeI~tJy%3 z_rBFiT!gB^0!f^#eeWuEk=%eG@C?IwNGxp#>Kd~j6i(!RihHG`493W~)RPEuEtA(J z!a@>E>Wafi)FK>98o5SJmFqX@5Bh;eduW+Tpz%e?>+mRk+oDnRx>T!Iqny1~8>7hk z-nPF$$il_if=TGlK#IrR7#SbL$!#I$s_4W1WH&bV+Uz3gElRy$+$R?w(bR>$#+XVZ ze0hEumDx0CZxk-c}kSF*-P{uyp}(G2fT=I`J{9@F^P=ff+=`$9l9{%^^Osd#%R$g>jeKf)xVmDU72sxNJwegdy< z$jqC67)8Go*qd!euCiytpD~4ra>IS#Qy1Hdrs)(6BW?MM1Q#z0&BtDHqg!JExu1Vq zxgCxkt8K}l9gKE#8ti%B-T*rjt&yEs`!UYS)zwf?(b*y2|AJ8MQxa&0O(DzOiN*(~ z-i{$V$Sbw1!dRX67LN;Nuv~=arAt6|+h2qL6|xtZqFn@rD-z8eN(&BltXd>6MBbCK zwQm$1pGd5e+*kxU=Hq+|C3kha3RySu!R@Bdyb3T}Yx{`bP={4b+`|0g5IS&B*@Uw(*F z>g9Q(>+zx6D$^l9-sB@)aTAV1|L47hGGw9_$b>rflQJTZhd%02`n<@CHt)u2ia^r6 z4pl+g()iQi(}X}A^P)t_IukKF`S%E0D>AlQCgMw*rkZ3*TM~-aUXSS*J1;H*HAd5I zaQ66gY~%}}=IS@;Z;bJW0bTU&o0E=UzP5kv=C=Z;GwjRmepjN4+`GeaRUNDQGpP|U zNq4-+)7<4ZX#LS*I@_O^BM+}e8-lzcOs< zfX?Bi?72*b6tjk4J2npil;V&BCwi-Qa4iOP+%07kEhrl5yQfkSFTn89tiQToT9 z>QO4g+FkoLqUg~_Qme#e!>3)8Jm0-_DKqehhW1=gIJ9NnR20JR6|}3Hz%Q#)-$QjN zF4px17sCcDT)H(E&mCQ$io9TwF-LZ=>}%Y4LYO8Hz`wq37@+U786k=AEx)VJ8~J(H z@|*EYw;@rDxWPM8{g1OBb{rDkry#F#PWew>j{A;rOyMR5ZA~~S5E)%8CePWZvfHom zQF07NU3>ZMwF_=y{6P8xZTnz4ry~&sHOc_93`~Qp{bU}g4c)ebo6;{uwOoYJb>b|{ zXej4^B%hPPkTJh)4b2KNRTp*>cqM_QfhVL89|(r zyOlsPSI`;;Z#waFB>TA)E}1ng(e|V<5}vKL-eUoFulJ>EWX5n1=g`HU_MKETin=rX zjUW6a1lvfTcTi71uzB+9_8RH!AN3_*C9B^juy?omr;o;8xmCiTk$CsRv=F?o&$6~1 z6Ynsu$ciee>(m9T8N&bUKfe`rGoFqYHC@5`Wo8JIId1@tr|+FZTvS`bEav!`pnfWe0wUmYL1!TTFVAI*Q9`R;NVxQ&H<(yxoEO z{;1`Sr}((4=SS{~)Ms2)Q_4fCN4>%*lh)G@OnjWkC?%VNb6!itsiQlkQkoWC@VvY}iS@-^b9)3!J|W)TTrK0ifGR#?wvYLS5UUxy-z ztYy>(okkx~kIA2gRGbE8+^*m$&d`vH!ryb2{ph?9pghNMx=P^-^HYJ8TS#EJ@xkiY z=HM@yA-+RK%#m{+>&w{GxKoWxk6e%IfQSC6hI*k zBO}udEUp*K4!Z4@gvYJv4m#Z)lZ$UuDadh-Z-qv=74g)gOivvaS4(NXFrLNzxc-x6(7dqWmvvREk-a z!K4Dnll5$W{K^RuX4{+ha_(Y>r#UU5=Zl>2 zva?E~BK-3aDVqI0ji&o}k1A^Kq3W?SR+B4ylhU&Nzz?z&+Mlz%jTo=jri4$laaY1v zrM!=sKK%uT;*$^WM)?bbH9q4v{I>_12E39Nyw_z@4Mj(zLFtCv9lCCw0bd>zvh<#)sa z&pG8f&r3M2)^jHN>#p4fv3g%&x2SAOj=^JdEa5CvqUU?O7GfO)a#r%_ki_lXxH$A8ACf1O^VjL*tdUip1(P2u^?rR0D2 z^eeKvi)^cnH|Tz~hHPsPvBawerUg6g$Mq_mBt}b9)B?zj}Vj{c=CIP4M4bZhmfO%bx^nh}wVK$aa(}``QAWWyc{5pbEX9E(k$U|Ix_ibtC&5Bd}Ar2&ZZpb{X^UbRo6ZJIhuE9 zPX`9rU-v>^f|m(F<@t2Sqv@5`)a(zk>g}42;+xUL10!e9?|y-o`bRENkW%V=>vhtl zm_?v@+roP``)3mb3ZUq2Gn+YGDbl1uP+!BdJ#_P!+`@V$AuITA@!;gtQjf)?w|04X zOu2sJ**5ol4^7(w*C$sL*Vlh(P4VsW{eb=Chz&(#2#+inO#J1=hx(C;m*pt8hamy& zi>C-k?2~f!fF}oH@6G4qJ&Ci!a@GkYb+ER|(CSL6X!5Q8Ky%L!(PkhU`=VRQp92I^ z&El-xhS_f{GjP?HnO@k|gBkJImowiB@9;m)-8&;qYrg3afok&QrI_6j;kmi&FOF0b+FQq8zI)7V6r1B{NR@?TfhUG;#!fgI-|8|3^}v5} zdeP#c=I*MmlHYSixpbjRFA)<6M?Gbj4r z_8YxHVZFR?mSX45Pf=_|S@`7df}aU~;3ZK}nPi-jJYn8vn*6%=5g_Ix_VCf#1(}XC zjySLE{wZ@@{G7+1^abdIuk53g2tpa4AMkUSm_%{d-7J>GE&8rWU9sgF!xLW}4{&be z<@S>a88BmP_o1RE3@d{x)yH-Bd(f~eC6I?YitM!%0@c1B7z@5*sNkC1H2(fv)GYj2mtH_Wm~f!yQ8Lg6O?##}J=xdSSNfre zf{A_+!^zEzFX@HPG-h1eOPu#7T798>rtqQQcRvlgt-N14>!U|)C6ug8elY#giBhah zjvAdlbm(ca#`m_StnPbJ??;r4s(1RS-K*|T_mBISPS=}GxW)STaBmMo@7#P1^k`m* zk@^IS&63Km$lQ+fI8Jc5y!ceKzRHa8cf;O_tml0O?_!?Z@bm=tStQK@u&yH0YzfQl zZe@7cwS6}ii%79B^DZ0XEpFQvp=u%{~~)nEGRTb+_*w~ zaiv<>@#}0MA&2s|o1QvD{zS;7vcaB7n~s3WpJ^DRbMcLhpSXBtbrUf%eXp-UH+W++ z^Ygf1g1ykQ{Eb^l(xm`HfL@D)k|kX(WbPq>Me74>d{bIzoBGg(XRs88>OTREb7!%L z^o9;1_;hZ2gDr*EGxD;0RJ^`;Syb#jM%$mK8f6`wy%JT1_N}}9a5pmlWh@MyctiaQ zcBTFMN+lS^)h304waZ$H7a!)HT|(bLhhRaR`g^l}_8PIDNlhL+5VP(hsg+f?_Fz6@ z+xjPKofOCM=LX(-57rNeGv&UK5k4dFjwg!-s!^AE&WECKMQ|nj;7SSB@7=31Cf6lh zLpp*@lW688yQAy4nBT!oPxp`R9cd0D&YZuiA?=*2wnO$Q%rNFsJ&CPXgq-a6zwVi& zYkp?|YNI!GUms>+Cd-1`hg9;%*shtI)LA>SuV0Cpx~{jD<{b#j92D~pzF4R2*m2|9 zmuX8=_o$e$ZsGuJ|Ef$Iz4ofA|M8>LiuNnVX`QT7W^>oL;mh*E8*)qM^F}eJ9 zlUnCLPmJ|ub}9=@U+c$vxn@9-ZP$cyZPPX$tD#<-4?%xGF!g2&fuEha61nU4(}@#Z4^Ql4=^JH&ZkiC6S#VTf139j*0(TLFzI`N?6Ru$T@UhVf8wf>p0w zA;IO?YxqA~hS#ac1fYlO`@z9HN)gsyTU-#$dS96v%6nAFE4J3!37N5&)qI z)O)Yx00LnJ_Y8-W-KG0HRctbL^f8k%J!cyply(m*Ui!2p*?Y?CU^~0BSZ6|k({}q8 z(&E|E9(o&mGK62qT2$Oxp(j zBEk*1SK2H5`cPU^URCM0ba3n^kvn=JmzWZWt?jC(Stm!H&A0I3EO*Xd#76%r2&4?G zj$hF z9gdGfqm0joxpp*{)xDij*7(70X1;(=wfo${bh2_!Rq(sSgI&>?x9s#Jhy3~ZK$ym< z)_JAHI_vLf5ephlpYh)=%e0a4i%CuP&aNd)s+avtoVhKFPDhyd9K=#)Mq)_J8;RF zSnq)11O$@Nz&vpEEB!UpuGOqMp7#(%_m^GF5B5Az2b?~Y4ar@rj zUl{p^j9qWVv_)a$XI!6K|E~l-=lumyZa?ALMz@aDR4ZF_gxVIx9pskYVfqSekP+Y6 z;Mlg_Nm$_XpW)eaIc^4V)jr`8cc#MFR_*h!SH}r_F?;g=wz4pqr?Ob+*aVZlX1*kt zDRS1upFnG`d-m`mQ{u4*m5#QF%U43O10vwB4cW)JN$;L{VlEeaB`f#@oY7-9m`i+f z5;+YsTNm{64vyv2Bc>MYvYt7<=^B>jK9qP8H7(Zn=}740b!RxwP!09jtMB}?a6wHH z+P@gIrvsp2z+GlNyFH-$<#=m-4U0;=blKU)v8$AbZJz+s18#eYV{choJ8k(^FtAp= zmDcp4r7K{n-R(5OKl>C|rt{W$$#Re{yoBxMQ6{rI`u{dnQ;EVB^t5%|(X2y*6K|3C{-+n;Mg%!!Aj zh$4B_vtS7Ds{8rpt__XKs%J7VwihTGtGvvN81YL;dT6iGk#2hDV+23}mdn}h{=-6t z5d3noMBjjQF8%ZAU-lBf{(EU&|4F{${4eC||85jQ@EZx1;UDMtK@b%^<)7($o5MY^ z{~MzpD6w`->qSnW;P-AT zM($n1W+ZP&SePNu7YgWsbDKX<`JrV%^=D_2H@?Y}J$5!`ODe%Q*5bPI%#jM4;kHP) z!zs(G)D(I`<>GOC zZ5nV#8yO=}7tR97Izv6!d|^H8$Q;@eDqCf%0ru?-sv{hKC4q(2@Wzt3F^PUP$HI<> zOqF9Qt=@;opBAL0jk`dc*n85CG893WZ$fMoF<`=uPS z)cO2LPd|&pd1kcf|G+{P8b{5nY;4yNKS?8}IZf)wc?Z+5f7U_*N9MO8e^)DWY-kC69fu(0BGW zqt(=mv-Ciuo8!Q>@Lrs*FVtxo8RK7_Yk@1!ti)xgR;K${SL7_7HgLj27W52h4s+mB@ zLER3gbrih#7AO5WLUNFjRmwl>W#LH+fM0RwgtynOR&ZW{t(W;oWq^s_z6S5?DQ9qx ze?TWi!&lP51qx9zFaFD5*;W=*8O22IQxI0vg=h3KDLQ>id>8pczt=l^Ogo=EV;>eK z6RMzA51J1aTE9UXCKA1_Y(aE50EQv*#>Ph0Do3~T^!=S4lzW7b8?UT=6?U^kFU#gj zr5l~E1_lov4`E@2pUr!;bM^#|Z!3|ZI%96=o9mM_;=>#3g~O#5Q2YfxKD?BaDx&iO zdMXR>&B1g9MPnbX1w+GKUF=^tHCT=ZNq4hjzTtnm3+iSe=M2Fp-4;c$)UEhg!-1l! ziDNz|)$h(9(>Va*@DUmF0-HA}XlhCWb-{ychb{Y^Vb%`0BaGcXO6OaE8i|um{L9$I>rMwYMN842zv$A?ig7to zR)5Fhmffj#93_+WLdI{a?0z;y5+agQ>N5{dRL6}{Q`kL`9NWShN*K#L)XkqYoV;P| ztD0*(eV=bBw8@^N+t2wV4^dQ93t=&*TLupkfmAF%)KP=D_)Wd7KOPPfMyA#IQu&VGQhmSy zAgr=?MNI1HZv!E@pRPn1whNz+;Uj(S(ENi5xKoq9k3$m5>fg`fV#^g7IC^|Si(=OM zMXjAi5UF&3wB#Lv!AZFy;>_)_o)9+Zn5r7w6ZMILf$(`&yb47VG-NMdMVlQEuG|NJcO|^_-=>AC^sRm-(-NH z+RsZNyPiWSdSDgQeu?!4V`t!R9`e$bTvJ-?AbosLi*6zhjw#bw#<0(>Qr55Yzg;7< zW>#H79@2OLCqqWQi@+|@77~?3HVyHd-7VktPd$2S7a9XoMB^TZZFli+5&DnAhb3#A zdB}V`uUBwua*hpxnp{c6ZJT1{bb(b6kY$L!`yCw@=OUz*2Q-2NdJdKKPXHZ;s)Y5 z8ahJOO3Wpuh0U}7!b25b*R(V;b&(7Xw#LcztdDV&>Pgr~jb@SU3T;{J=XYH9ac+F} zz~D&?oI;i%-LJ&M)spD|(b8?ieOQWvi_w8{Rh31SSJ{d0kZ_3Q z;N>cYq|+$bt~@MlFxwbRxUr%Yk|CUy8}B&M`_Js}7)ZA4hq4TxvRR=Unpm)sE8K%F z$I2zvBOqqa$&VO#{m8A3pq55Gyp0 z2Je}f$nuY%Bi|uP(2?!=LHDkfz0<~$cvbyghz<#Rd-D=P5Lp}v%2;i4E};8EyFeFZ zlNO$cFVcW>X3Vs&ozkY@$4c>FadtDFX+|j0&P!F)R+rfz5-bkmb?PUZFMPh8Ia2P& zo?r0T>1U%wXusKavF)Z z2)Vm&+P1R}NV?}dH$(nt2j{iHqH@U>IPG!BD_V8#V2DkWOJqVdxAFHc_*4F#;Yzjr zkr_=P8Yv9HZFBJCu{NkE#Yl%#jq#qO%vXr>D`n%mIRX02nw9v5IXfipj{3TQU#?O- z>-f`CMQ|DC(COYbU6*B|Stn-!ybnT#WX=&d;&=Ri8i+L;v}7B4J`XkbgqL4__OCXE zWeSWOKbJ%*bY8b_ab9-5r0_C9Ur%dwTY>iQCpPr?gstYN87pqbNq3&c;t$hhJ$7rt zfsKXGo?T9zG;*V6NXln`31QRvO@J;(ib!@z8y1s^rA6(>uz^3b4B@k)pS}&@CKT3( zf;Fdo)yOzy)`9HbbO5s3q-K?Zf#AfT^yIY>^^?l)>Oz(`KRYV^?r81U#K%>{@q4C- zWhm0{$qvRXiN~Y)j2hIiVevo6d&{Uex@cPz4-Ua0NN{)e0Kwhe-5ml12p-(s-QBfu zcXtg=!edC;a?ilx7d1Jg^uYdHYuIgU3_pa)_)|$2UoUz;ENYZ{61vrB~b&2lC zk46@p8~InD8{6$V+8GN!@>@O(9*<-%(h;N-SOQhrnqe!R?Xr!*3ss_^&wPgs>Cu_1 z;65@OaTOe97y7Pb8fwV?AH|4IPQ$P5Nc(&ButzONOF<_1T%l&dXw2a7-N6F~R(OBx zOnv59B7ZG4FK=UGWq?mOKyG?DQ@xA_?lvG?j0oxQvG{$$i-b_G4B%O71}*MRaeIs1 zZ%;Glq`7Qrk6CMMIlv&K0zZ7<&+w(Ut!d}>RejURSZ~e*Qcf(N=uX3CWiHURN%ffx z?SN%g0pXQ&jMgsxGOHgJ78E#uWW_F*jiYs$It$0*QPa95$6+)2y%!4c-wt{IbYz9? z?F{tmJM`5X*0(F%E;J@x;bp=EjRjZkdlB2&F2#&?hM)Gl(<8GTJ?s7KT(RM>sGzV0 zI@M_v)0C7K1Fv1UYq-DVTehZqvYc$T6x~fV6)x=GZy@#aGlha^HX!7=Z zMLi-&ZQYuD___9(6$-k(-pWC!p!&18#(e@C;`$WVWMtiLjol(u<>%|qQnam1Tyq+c zj_%0CFTwFRz_p+CSKsp0el7h#Bf<$UDkRCDcIaHVVvyYWim0dg=be>Ew3G95pX;|F z1|1L%%YZ>h!#B^F@1(rrrB9;hGkWj@uac=UAM`kKcQ>ewG$fbV%g#`8j90~3`}PD> ziIg-to<<&X_jnh!bmM8&hhaUvB123=HxX!VyisG+EzD)UiGnY)K|Uhu_aM$-bz zmpYe_Bp@nyRuCTLmdk_W< z8x7ZjXXY~3nn$tw3n;amx3!Ds;ouD z-;xRRV!6am`~G;R(%6gKnK*;c( zFiOKqPZjox_24`*Ssbaz-7W6MFLZW~{Lf*sf#Y2M#U*CIi9e!~JT(p)8dzd6xAzI# z0td8EzQ2OErm&tQCOZ~u;m5kj`IX$W#s|p}Q^e(zN&A8(~FYDNU( zLWr$y;u07fCPW8C&t(ZqS0wi0=$QH;iNxE_*quV3yLH_?_Gm^-Ui?T?q6mmVHPIBw zocY2$Pg)Y3ht;QE*exeDDp@&ywm&5_MXBa~%T?*-EM_LCwrZ2(kq#h+LRMA0b7TlA zF5}Yu88|CV#{p7&SvbD^OHl;k6Ag!8-KZqBBg5<9?|D_k;zhylQ8C*c<`t77fWL)w z`2`UKVUtK9ljth@&?H5wd6A&-EXjZiT|9$GB&tA(vaYL#0_hJs%MHp)@-A7?gFM8w z#(XD$`LGVW6R{66DwCoL1Pb++*c&07+HV)FJM*JX7^SHBH(wt_F{3=OtHd1U z)tpc2g|DT{w34el1vBRx_%X7oatkYS@=&(V{XQ|2jY@IZw)TQ={~g+rJ&Uo6Hp)-R zot*jNp7{ufz3sILuK^TglZi@?ma0?7uG9Oi%-!9nnUVP)p+vK3|H<8uEaM2bN{63%`d;9J99&@CDIIa!e>!SN<00 z&v)MtlXN{yfK&rsCCHK5H_vTX<0-bJ&KJZivpQ7ID26|6zJ<7%!227Sf3D{Z=-ALs z?`py04KEQ=aDPT?68xHh`=CAigEK%Dnn5K?sJ~x)yHX+7mno{P`Ff>`8=Gwtr)ZG% z{_s_(e$Xn)#AaV&>|;Zm+4{-5|9i&Qy-T?!--EHE9#0JY)tY6Dz@Z5W8fTQ&kL5s- z+&*_52<9Fd2Uezod*M2PWs&z^V1#(?(DV=M9ig5~;6vv+PI`i2!iQta$8a*&5U}Qh z^E9(4HkA9M^1Ay;U zSGOH)DBxDE%Kg1|fDR60^|mY!Khvp%Eiv_o*v}7ZYUTj2G{N#!cPv^Ww&5>m#6Cui zjg5bK(?K$g`b=+^JAGg>DNH;5#~`Ic5WD_paf9fE1D8W-8cc2>OGsmS^fs?MIV*%0 zuQ4dF7TPrjfrtI_-EKvJuQsH`t}tRxw;dg*yC&5R%&>uYkx50JF9w1L=peg@w-lQe6C7jZ??L3?#4hKkl6Ue-C>9Q!w-QEe`~b zABcP2EvSPiR$oul0c{n6oqAKCky`!V0K)2T%BvvC!;_N}TCJtIIrRFKpQ<;`rGEv! zKpKpN(v$5VO(($1#zhP0kL|mg@gHD4DkqjD_YG+y6zAV?V(i%(U}yihw)O6&xmI0O zbx@eB_YCLkay-hK%tB8FRxJd+?y<##%T_#15d{ED3+O7g(RV`@)c$UOI-ppGSX%GtxjYk4Lq|?ez`>;eqCcgKJJ?5TS8kUDb zhMeK-3SYI3168ohl!_uLoLZjYojr{m)0%2cWSMiPDvT#<$`i{n>pHcUlbjQrzLa!| zvzp%X?IOtnLhDJQ>8nkZTzVniAmQ4537sjQT)gx&qRr||4}D}*-KL+>d29)9^3tZr zwQ*NUwTIsu(At&c9r|Sm-(;zt1^5pO*Ie3X4T`VlAR?fN6e^-jCrF7a>oX3+m#kg`nW~?y--+lPQdwF!Un;_z{m%r8OQ<}a{ zC80a-AUAbd_N!QaszeFCavaYf42}*XQiTb%?vdI|6SX;IjduM&_gI*0B^*m#YKrj& z^&>rNTM{^y%D_c4EG`9B9DV1Ent8|%?YRRGZeo_q*RM~G-grZ(J&DPxBDDE8qlT(wph?-k@RrSkz4;3jp@D2I?S9pkrTG4`=poi!w;02Aaj z*fzvZVB@cSW?2LZ@++Grah$e&jNGB9rqH*Q7^mvbd#^U1Mi}kBdJW_4esYc7 zeuA`Fz6BSE<{vw7^gJsfAfvQ52-)H}Ky)@*ZH+w({-I_U)_>S;)YMTEtNsb*dY*sv z{Kg2#u)%OWtI!j*Z%s9ebLp&Rm(dMgZHqq3etD_J{ z3iqWI4CXWz)RCL-TJ>4~tr!b$SCpCNwbW}u;vZX|tVrHB&14IU7kb_`G0LC2S*8>A z5b1>PR%6Q_Ct_J3>Yz6ASb6}R_zeP6i0It==TV&>sB^B1vnx;41bo?AV#BYAWE;65 z)zPt;X}vd=oLB4iA`1GBxMWqKG^8Gf-k1HquYQu%LVD>Hit{J14%pj}wF@Mfp5|XY zRe_pX5R>;{Y^pN!OBjK&=+?w-{(JpdHLz+56f=E0eg#+3qwV{+a;?BGEi%$)vDO>y zzj)$?^4XBpgQ&{M$bI3_Yu-1(W*h}(pBrfBc5d+JhrHPWobJFmY-sE@0G@LkYMm*) ze#Eq)_h)urGA-1L3uff@X9#STU-@qJhcdvx$W;y;FMrV8AOe+~(zqUd$Xj&V+x(%- z`{l8J))Jb{?MZ7SE01#zz!tsx(5I`(nSI@UG~%Tt)R%qEb;5_FWO*BDw0X6KrTORC z@sY;x{LOK}L1I3Gj;8cuURqVbYI=^6Aids1NE;vh6*%ZH4 zun^V>KoRh6v|!97IX#ED1ux`?8FqX><5CE11fLhIm#TUD!J$2i;?OV}RcHTor#?P~ zRSaR_lSbqCZ@0WODP?lCkhtz653&vWZyT?dY6s@O!r;p)-R$sEyI=b)UU}4<-V-MV zlZlT9JaC@5n0;FU)ZOu@%iZ$s5y%A`31b5ie#M8qvd!LOC@SuK=O>Fu4RwaI9yVLZ zuBWbFG2Hk$dZ9fs>P5Q}o8kA7okrxAzGY&Hm1KCFPx-?LB3b|^SP!mf{>jEsj=0~7 zY|2E8n<^m{0sHguMv~~EBdO?#Lzb0~gIgA(!H_jBPIS7X6(n3_`dEio8YBafnvA_I zF^~W~af|k>v8T~!a zhcVUE9>cg%Xw;uPfnIMYV+WhCX)y^K6Kk5Ix#M?Do$(6H_2gPDk$3PDEt>8;? zW$z!>wC6q1k_+vj(b5yS=F@yAym5>|z-ZLN7!zm76%oN$$H7+RW8#yIb0E3}eO}49 z|14uhYkeQ{g|zXyiW#^u|{67xf6FP=0Yqt z^aiO$KR%pM@3`DY1)9)Xe-f}luEteXI2xsJ#7o$d=a4xlalP9g zC|U-gx^iQ(`viW6;?TVyC56L{5r49zL_Fz$Kd)%oCd3o(<>Ht6W(`X@{{m)u2t-wo zyedXb!&#Z%6~Yv@NkQ@Dvg-Ab*J$>DJ7?H1)Kyu2c|>jh3CYSXH9DJY@LctF#b&%D zh9)>Mt%B?sjK-}b?o^0-nR^y#N|qgMJh5A|_zCl-M}5RCn%wON#Xxc$pzqA2+B0~U znO2iqHGGya&Er9)M;>xpgHh(oN{u94)dYSC>A^k-FYw>~o42jIGZ$*nBL~U-98fPgts>7C;do6`Ap!JFjgi zN*S-@UH-5nmn%dG_Bw3Z5a&tKRnGZJA4Cu`TC;^AQ39Uv_%M2PYKtjGDw8(#`aEId z1Mpvl0u?i(h~_mQQkGuuAUnHZD=FSX>123GobP)Yc?}nbkl#4Wg)z|E_Rj5{kYaX5^nym zFQeX8zUQiKRt_)W!-J6hq1QK_v|ZEJA601@*dL;pu`;_`_420bo7Nkr@`DZJnPKFG z&Bn<)JU$ZoMBo;2sH>s)+SkMmwN4Ul757*fk}kbHFtV9MzPURx z28=nCbacg^s-Wn6Qzv`Jo4Oja54|Hk>MxwDo>|pUc!$FPCfmPPhs`w+aB?$cpHt&s z`QLj-EAt(o>$4fmualhU%#rIn6}X9fT?rN-0$T`67IZ&}<5g$?{6^Q=>9k+Dq6Odh z*5D^9_lmeGu`0GO;_r*e`MNCN$~jDx&DsNPS4W3w>BQ}sT(;O+IG4kh>)yfE+x;g> z(>>hM(DrC8ZFQURDo`J(tmBsI4MpkjB@EYQ4oGJWhRWd0XR?=S-v>PCT)qYU_->VN8*>*??a?iWA%4y&y|VPgC|h66m!fH9ig0JI$eg zzh7WA9WhhWyImZYQ?z19WhbVSkt4O0Me{43{o!M-d1|k2Nh2<}r^x}Ri%Qj_a5HHl zLKzyV6&ZL84B}7~B%pAskk02bAhgz#G=AG{uK}cvC!qjkErDCz!K9vMRhu%aMTs(& zeBFb4Pag%#4}xO{F+T4b~a|pT7b6B$AaZw#Py+i~S0| zu$G#ANxw^7R(Gr)*y9#|yvH1(?HaG|FZHe9M{$yw=JH1OY(|1yxEl$a;!pEXa$)2R zFVbH=9u3>yMgaBYwBFAfD7A+R0VF2g2Q4dhj)Suv!}>V06T8 zs9-IJuQXAAd3mHft00!fu&&RzFWaSa-qz$zOy7N=KWje6631!fr-+z2!1};;PvHK=ORS2 z#oG0Dkw|&1@moh|B^-3~AysmIML;F1FlXh(e<+1)+geo&G=3 z1!8v|b^5%T8Ztf$%8sSp*vDs`%I}8MUjlGjxcx90HJ5ciMRfoRc+KM9$4y{pe*IlC zp}~VbcVEZhg9Y|}C9TP%hG3CO=t?QwoZyVy7Wsy4ezvbOZlxxU^c`B}QI`ZgTi5&U zK^AtVRlw?XP|V+)Dz|T8S#ad5sWZ!{pLNRdr=x&SM1)>c4m=`IZnP$RZOyYt58vKW zt|Y>oemG^yy6wWF=qX-zRNGxXo4H%2gqza3tLd_-mGH|)2KIgJhDqDfM`Tar@~BAs zYoR-tvM{UUQwgG28MynaSTI}X!pWYv&Adh37G2RUIDmmu-HxuC=RnaYotDH;`H)Fo z)2|&p!Doi=&UfMQ2Mstqv2k#Z9P1)X+l93~Ey=}R`tMieF&qrPenC{Z&1b%-3D|xD zP+1T;&o`tJID+G;rk|`>X z5Qz@LLl|d$EyzZ@B);a1-eoK0_4vhP%xBX3vFRF!tO6lxfBayMrOe$|9l}hQ(9#~T zVKw-iNhCmOUUyyXcC@x|eU6xpv+_z&{Q^9pq~C3&;`c=Q%rb8F&m9?|CC)XPccK#kH2mgI-ZrS1RMnbZh?6&zP?d9c#$@Cl}Os&$$2L^;d z46i4C_q>mhLokP4VKg<0_VFL~`xPJlX~_)|F9Ta1K*hLG@RGm643r|4&+HDnl3i+; zwTbA+L2=&z9lNWu`-Q-A9J=Yyr z_x?uYpw1rosp+z|h(Si}7YvS@JQ-)FL(J|c#K1Bj#vyiYhZn9-f$qW8v1wK;U#*t> zW|mD;#j?Mu_1D)d4I@fux7FwRb`}k!mX{#(FN^c=;`}@~*&F*RyxkxAq8R9-c`XMn z;$mng?qKL(R>FiHQK*$&t$ax2KfZD7FSy~rfYg|Fqerj8eexO+!#dWwqkMJa^Y7|+ zU;BTLFvg|6f%T@Gy&!rNr9ws7m5RFfek?>IQqH%Be0rCwYVU4o4Xo1YtLvwiJr1Pb zU2#k%T{oq7Dsa?oo^z~oLEcVw7N;;;0`XC7XoahdnP^J?>+5e;EV8+u4-{EC%xh^;} z6JIQJ_mleMziU_Or?#dL?%ALXz^Y6l^urhYmu&Ua8>&!ut)|i9m_ioUZuoD0zdbr$ zN2&Q|qm2FqBVlNc(I&PF}3_Y7lV-)=A(UGENVOg&Q9<%D* zKcaftJE!FJ5LlmcG+`tfx-1R*nE`I+DEo4zKLj+&MEA)-$v=^t%S#!pwZ$ z_;eV}f>O~G)`swgocOQfuD3{4@nR8_qqPE@*+nqta%UX!*EB}y5LE5H9rLH;1VXe?oOGr~ZC9Y}Ib45H$uZZyqD67}mxh>gmoo3!KQALahOvR{Mkh2w}bjW+B zyyg&LIBhiUD%`W8zWw$)639!_!fY9%6U?BeIIOAOa*|wF(06N@>Y%syZ~~22}@yZ zi%%BP`SH<7mZ|5i2H#ZRVDm___(6@a;Z9MfFGc($OO(~QReh+F-W2~f>9xbp5cXg`QIYsOWZ zR<}|^oJt@7@;Ba=YZeP#ax0~t8Aw_nlCnB_c9gk>RH~Z@4Uxmod8Nh6n!Xcy$Wjhs zuWa<@b_Bn%)h4~6*Voxb6cuG^`?6#F^hzcZoi|0Te-(A?;{QPIN6>;~OCCE_BRHJQ z>g!2_b`L}qREi9RBoeZ)W>s-tPoz(Dq{M`NDZNbTr+C;IibwSX|Ka#2f55c#^&XEt^19W44)0j+sFN;B(r)P&BsIvVo#KAzi=i+r(4 zMfB%x&#a?1v4x)&!kP`O8`@7Wyou&~p)xVUD|bdMXSl{ zKZ?k*o~2A%(cyoy_{fji?iqj?j*a+wth1&|YtK~fvn4^VRs zwKumNu+eTuI^~zY>MwBHX$mun;z1%4ePm;=Mfq(OMjVh3J(_BKRHW$>km^4%VnSN0igk@}}<$_0RX1$iej#ZA?(AIQXS>EB2e2(d?l$tJcZAe7u?Svd0r7sI%K}C82 zG}f3TG9DqFICRTLKOB;lV4E=AsIzEDPGICUg%)>=g0&_@To0-Fjp}B@P*}GaZ_IDI zC*@WhomJz7Xws1>9$T5>BtnPq;`inWFSA=fXU!`5X2wEULH)gw^E->Z7;d=U`>(pz z;Bf!T#Q=3Rn0D)VD&Qi*=(rjZ#jM_Vzt4wqh1PCBoD_??fQW}V+}%uG=RoMnqU-OE zU2v?H&+Tj`i)z>vE?fpLQ!_Z?{2gHb#HIYLtwJ%OPTc%(b1dzy1wwD)etH$ zMwCynoz*F$FYWfg<5zWxk?I8Wx@|Zk$W<%Y)h-?;%{8qu4y~HiH2>|5gF@qRRI8$9!#y=GUi?u4FF))J_hY}p)b-p0AGC_g zhdS}WbQqVoD$}=KIjuE_U}A54`6F>cC_c$RMA;q1v@y2f_Q26B!weo7!w?CvDBX}O zjcXhOp#9xc@Z+FpO^|eJ`KhYaqjpYB@~T}lVQKDGjW8!SW49On45W*2M&d3O(!{5; zsC;DzZboUq9-C_1dovkhrw#KY4=ehn$nhe-3eKC@O3n9?_LrP zsvMOV%L50n`9_A2_qsA73nL7VNLa+1iZ>>51fFXG!&csGuRU=d@?6UO1W>C4gnIl~ zYv0SEy71cCBSPM-AU8__bz3KGtV+36Xcu=$&$5vM{c>3e^Cjbxz^0Rq`7 zM(X-6LW_Y-xHzlXporh06Q5bd`z$A5GrzMf#M>O;ksGfvaNwj25N6E{k8IL;wfcg= zKr?^6{N1I`%8Q$I_{2Z;pvi%9dG!K{n8@j!j@EPEc%Cd3loZ|{kgYDXE4=|?ve{L~ zLL!5{h&P|iPgvo(!;oQ z$k=B3bG@RdUUzAE3S$YVx;G-xip68nsKp4tmt+vl;weIT@$K@NxyqIEnWv{NK>(Di z-&`JM+(DmSja zSvhaDh9G*#dzYMloT!}Lo)Q?JkpL3&3Z{^)ABaUHsjH}QFuxBA+z7g!HG--P2CEGu z;C&X$j3*8;B960-56i5lhnKcLN4dDi>GZ@u1KZ!bX0m;9Sh1g9Z2dQ$uj7nM?o{GC zvV9yQt)p}$C6P0EJqzr2_hWKd^|sV6U|L0WECh-Wt|Xn_fXPerr(10aY(vFG2YydI zVjnlnQ?MUfZ?Y9#SMHhD9NCKQ5=z_tX`8mH-z)ag=D?+uYVK;>R6O>7viJ_KQ^)#V z#O+N*@;I%=V9W>Qi~o5`ldftxozIJ{W;J%oJT*D>GXH}j75i{7rp$TNb`4OYaWkvC z=6~xMhdnGmN4WNJ5ZZ_%dB4d(2B?%jM?ag{p4jo1##gFwU)1S6;22|_D>yk-2$XD; zqZlbCoVECQM}E#^P01-{7ae<3%H-j|uyT}1f^a9Jx+~@JAdF7Js04nZRcRrXhFe=L z)I?}_O@&--y@sjA-=bF9xDjY|&M0fa$RCJihy&?{zBqtIXqm)0aXhMa7HhP&w~?1C zOQxPOPOTHQ|Lm;$(5l>cy1V`WNDNHMF7mivU;2VUb(Xo9mnp^3sSQj@&YmFQh5=IT zEaM9LF+E@3rGOi0?@sq$2q9&jC`;ZDg8-i*GcO{FJ`KG)vd6qbZyY(Kjxl z!2{p%**t5|$8X0RRTClT_G z3el+h#%PL_tY+VmbJFIt-!)4<5wY;PZ{6q=MJ7sh)n%foPo-=p-t>NaoSTVLyToS~ zm}Fvh+L!EB{*{sHCF8Gdu) zJAQl((9B!U)>m*a>xj$NslEW!HAZ!OAVhk(K9U0F+eEoP!6eBgzxm0Q4NEPq>Hy00 zx7OY1pR_8_;%^%7^~y1L@=qcc!d|abbrpz+7B>ggo=D47rv^ z4^-4ad9PXzY&(AVk`?f6@pLK9<$CpHV|U&@q}-H@xEi@@wgN%_dkM?Oa`M=V{ZKeR z=!PM%q@jI0AKn@MeRvx8&}iimZ`4T6uD0cE)A`!?qMFq#t?P?ky4?S%+8ao~_&HRn zb*iYy_oa#OmBw&GcG%Omi^Cdlaw_F|i4N$hS>AtrF{vCo^_6*CSjvg5>LIOdY2bPA zck>EMeDN%(n7OLce)*u^iYtg})C zuq;wV7B9#P-nhoXRbx&-oW< z9&`130HI1}uco6@Zq&kYADraRBdH0rS?^@7r^}}=`@jT&*Qah^eq1kUw+p2|zNyuif?6vN?b8yCHlYhUpQ~6yFOb#8hQ&JM7yvoX$tbi`2ysZYE|77dmD?8j4mdNA;D}Yl#)JNpq=ni z@j$K*2X|OI=F5wl(4&9aN>BLdIwb!=s_>RdSoyJ7lW*@MR9(hN5L^EvKF+>KdxFW* ze}XsRCWO!JSLs;wW|V*(_Y zgY@rLxvDJruomhArq)y|a0he*cPd-wP!bY*f9+ShA}uDUX7-Jov@|^1)dtDT%%#@W zXByCH_xJZbU$2IS8VSMvzL*+OC;!<1OZm-h{_mE|cP_|(whTymasS1E?@UF`)jmm^E~o)a@G`Iw)i(3G>;yQ84@aOQpt_Gsuf0?Nrj1_2XRXU^rsi5%=ozqny0r zri@D`L6KW(4_|myyvw|Xi?H$B%AO;1%bV4#)itAbMKYg_4EBpdR5kY#`Rirc^{N!2 z_A<)!dGf~QM%>-T-rq=oWjeIj1iYY;S4L}QH#EYDw6bs-eT&j&C?~T{TSwtmU0Q5j zefp8P`4Ou;sTr4$cl!rt;pyirQ~kJxj)&(>CKWjsU0hz`^Cd~?a`8POwPzaHlgsu3 zR^dCDXwnFe;5LV=oxGpaCf*LU^9*f6A>AHFdViC)tZAwh-XqI;ZbThRfc@k4WzgW)UEOZoch#&k9ANZNBOk`Gpg9l)!3nTNRt?hBO}!uxwiQ!E zQ!Z|wC6zcwk~y4R*&y9_QMR{FSNJhT!j8{VE;_c10W*C$%8w`p@j6Pl%Un*OtMGwt z5(-S`NdqGd<%Fy=L7P1kp++cT@gABNmF{bAx1e}u}?%8~@K=|9+=*ICF^6A|B zsIJQPh^lu?a9m%m+%k1}D%7KkbU3zAXDTtx=%|z2H87?f60~G0$sw1TT-A*@|7JfZ%Z%>|j*^S;!;-f1WeAB(aEjhXB&J%$`m{L3QS8_4Ax}Je0fdY{i@F#5L;^ zBWT{C572{@iLt2koXM}}K22~?|E4$tr-hF`CrByNP}gLuz87yd(MkLDFptiZyqKye zUzZ>*50F|^@rjQ{CZ#;d_bJ{@pj9`hc#+yxF6fVh;vy-vQzO(oW(NZxs4wZFp?TyaH@oaN6A*4!*Z>N6) z=dDh4c2H2XhN}`tuQw9S$Kcfx?0bz48q%VSn$68kz54JJ#QVPt$9f39Uo&&xK0 zw)J!HJ%62sy})zVi5klmBFF-mfz@tP(b_y{?Ifk?cz>PMLiH5d_}>FyMQl9gb}<`v z>gMK$DTAvv98Yhgd~sO+99zFW0y!g)*Q{Hy$tN_gUjcDU34mk%>xoJOC;!7i&T#)< z`Am|Ge=LA8&9K!Yq}UuzWplRw>mq-R*|j@RFfdG>q5abUFowM*ihsBMmtOckEq>k^ zM=C2VjRo~bLu0u_&#he-?o+#589q zj4P`xG}|nZ2;_pMq;96^ z)xS}$dbJL}GEoW-GNp{TgBUyvy6$dIM{QOaQd?@p12YsbtZ@+{garC2g+M4)FbbK1 zxa`fs#v9Tuo$t+{MGRnKesF$QiIG+1MIxWFB-M9%kV}WkNz@}|!<%U~F!OO)^Vv8n zg((^C>{s{Zx{##Vd98x;GNkYN%LSlefYg^Eo|r|Gs^jChVX4VgmG-U@Eb}dfRYqNh zvGQ@A9jk3rQV3z40fTNw-)zH`>Xg~XWg)?se0oWrAyWO+0S4mr_eq#k54AR}oJkfB zGiuNwUx=>DpAyk*9n8l%yS}%lzp2}pX9$!Kq&x5Xj92dccYm&Pzh9W#{gq{Ur4c%CNhRsi}1x{22NdB&eWJ&@XM zqL4ugS6ci~q27uqP$^_cfcFN*38?o0el%{EdKP-mkx&brpJ8BT9(}>IxE^+)5;G` z<6#|GJT6*2om3aGW`nk7$DU|fX1P7)5W+G#+R*DOGvqJbAi%G<=pY$oI;!C*GhpwV zvw(p9De__LB}+ca^hqi#Dh8wc&kI`P$6i-sr9J0yZwI1nmc43VLH`B$SnE~6B+gjF z_u1Qa9W9orDj`l)@V#w+WPxVQJKv6btk{Qr>!tXr5n8wunPQs#DxOlts)blCemz|6 zW((2V0=1yiotI$h2tjSbD9boc2qpQDRYt9S7ewD6M3;s!i^{p{R8@64`Bn>wu%x?O zh*tB3QZ}o0_+&&WGYCo*cP1HyN&{9kJduOJ4pD(3dEblHM9POk>H_eAMP=U{(* z_fZb2lDf5uSuY=4JdDXeL|osm(QsjT&us`GQpa z7}$87LnmK#iY}B`!H)aYaK1R zr2(46uEfI3x99>SHjnvjokFpp{v;HzB{a)Mn!GVaQnHm7NIc(S;tk8rYb$KK#JkCy z*KAkmF#NXcRJ9dlCzTyJ{8<9@*BdBI(B$hd|JbYd+@s1vAR;6$YB)WOzW?Lzo1(-j9HN* zgVgMj98mr3xJ%N%UC?szz0K??^%WZoY&%Kl5K-n(=Yv-DF-u_)KbnnJi$OiX2u4jy zx$(xJ6#iyI>c=MKgp|SwN;570s=`~EFgpWH;sbGcUZbukJ3>Phm+Xb$Ui?tIh6m$S z1O*sH-T%~i7LI*(A$ke0P6TdMW`0R8NLAy;j}1G~$7ZG!c{=YbTT!l9pUfe#xsvkv zPiDO%BcC6SNlr}RvNEz(B zU$x%T8F{>UGb&B;RVu6J#Y)xvJJEuHEr}kE+ggE^m+*MqpOp;BKu;18EgVh$<5|IO zrn#L1&i-o(Mzj;#@XznIlZFDjIZHY^bU4y&=l5(l(nrU}D04{uImnba{hw}==l`GC zXCzV1U*{9{bFEF~;WF|98O)CUf9pVD&Fz%?pjqSQS66vjgCdHhkvxrZ#i=jwr^__W zupzgbQ2!5dPCH$8^nR{CGgm>Ht8z?`21=qdPsh4iyn?%9qAu;A>tleCf{LTR66vz= zXjRX)mdY?C?yc|M(WrV{g(ErQ3?CjG-R8qn@uzc$nHImgXrGVz7E8NTU!VdPyd)8Gc#R8Y5S zG!Dt>@H~l=&CnbcG)cgH=L&$sQW)x?YIA^cpH$+DlCD)eW0g*;Y{ePHT3gcd2P*>i27oJaj)%dmz?)pk44@5#b@yt;vb(g5qU?bg*zu0qwjzdpq9xA{6r3$GS;Vz#k z;9DRU{`egd{bW50BC&(LSNR}M-9lP((3T_AwmEH-Wr6L|v_%Bh)KqInu*kTFTq`?^ z%DRPYh{cqSzi78vaQY-DG+^*$-+PL3sO~4ZsJKL!>a}<1>WAaj>SA-ci=kdH$5bZLB8Of3|+ z&{<4g+3V~#nA+ZrhPm`gGu%JXBf8VP*I)5M8kA^M{;X1?onU}u8tc8g?l5xujKkh# zpVAA$IQ;0OR_?ppHWf<}hz_Xtzh} zYiUF4HDI<&@)tdGSd&&k))YCeRS7?Xx?9_k9FzlVsDw@)8Npmnu$rqhyw7aG8-SJV z_Y{xV*&s-fEZEO*;Oo@ByA@mr~>ojS|RFba1H1OnOHe~+NT2hA@o7PYjrIBwW$Xrz!?HrVfJ3`Hi7kB>7)dI1|jO!{$# zEPsqB1n2pz@ zI`S~>R;WXn5=(X%9c|@e{!eDsJrU$^00UyGaCLLjI}gMKYSd$3W2d{FS)W+W^QgDs zWq3R5{l9a}bK?vKb(w;`oBx@=wgY=pTUxm4rT^(CSj$-xg83jB-S`>21MLZD z2>$_zyJdgv1JOU{ zNTI7}ez;GOApbYTwTYf3Od&N%X&wau$@TTlGVGwSdwP3kjvT~RStYwOcLSWa^{|E*dx4{G}8!+1bZ z1O?j)A+~Z<5C|l^2#6R#EpjC&R{|y&;MK}m)FcEXsCX0=g5j`05Fsx|BnJVx${`|R z1p!GQK&sq_5E5%Z4nb-{f7H?Uoq0R&O#kRi-~D%YzPq!tv-|AxdDvs%Efw$eJxoWI zrG>bQjmNNf3?)7%VjQ_HsId!zIb+_P#;tgJ{{RAx2M1K zcGE^(d&10jPMvr1S$3%E(z{MdZs9zkkTnT?ADgK?V&iC45F8OkC`?umTFTWua0Ij+cRo2ER6rN;**yXG)Lbt_*1&v12%|sy3CI`2}htQiaCAfdl zSr8yQ;n%@nXO)RND9Lwu$e1UgEze9kk8ryZFB7sF=Jr>kDhiTATZHEMx7 zRF5iCRvk@eQa$i6GBV5*BjN5y-`sZ~qm&oP=0vv+|9YvCO&m6mAUdk|_U~kP2yK1PD$oYVOvwMjbho*v zW3i}YHEfmV#zx{zv{w3=)R_*_Q|J;x1!s*)*On9uLfYn8E;j`h-qOC+>+U%QRORq9 zi|mtWDC$MxL0Ae(bon)0#Fc%I!XgTc7lu@x5&t%ZyJ5}jxHg&NE#ur;8OQBN?3u_Y zCsTcA%|<@??OTiI-hSm7BZakC3=R}EACmc#VS9}6a$s-D-Q~peA5SFPlI z^-gM4dsx#Ov6OMz5;;n)+DfJQCinLZ?~=$Ary?ERnOi2+ovdBA^0G2GEbcqmXT|Ls}qUfNRAP6_c;2E3++R%X zIA@JDB(zP6*egkZxz$v3f)BuwCIV)E13FfI3*;Yy{q;0LTF0;D!y)p4_3$5AW0RBz zda2f-N5M0X6r17@+c7KO6yDJ+Znx>|$`Qb2IqUc8V@oWPDqIE^lie6(xvOw9)||n8Ff`2_dkj5g6v7@K*&KG;$+BC!bJ}axg)K<$HGp;H94J&<9XU?M}=Tqzv@k@Kl8qVp+9 zrQqX+;BfJTQmpO`uVgb6*&faugpu)IJ#YFt!lN*c4rW3~6}@y%sK5&D)=hkPthkEi z4Wnh}LrB8K;O1zIe45fThs$_-;;NdtE-c2`6#9tQ5(kY6@{eEYu+9>arZ|?ZY?alQ z8JRzDWbbrr_Dg${vn`2{>Y*4i+Z!fKyg*LERU_dm-5}R=Bd-?;FDm2=q*m<^E|B1! zrYSay8S9ei{BEZ#dm?O4cU|j5EDQ+#t^VGG4*`Zs>mc;p7=7CTG0|3I?I~{j0~8@2 zy?3v1Rb$>aVX^GX*8_V+gb5=nE0X&}03ZMfrQdF&G(d^Wr!_njSu@A4<(~2uoS2i& zl^m%nvwiejm0=7N1~t9D&d>fxC?X%Hb8=yUz_Y&AH3}WPM7RpLCjjNPh-praF2Mp( zi6e+TYn`Cw&vUKTJeKqB2Gq`ApV-)U>(No_IaA&eNzQEM2YPTCMB<;}}` supports taking backup of the resource YAMLs using `kubedump` plugin. This guide will show you how you can take a backup of the YAMLs of an application along with it's dependant using Stash. + +## Before You Begin + +- At first, you need to have a Kubernetes cluster, and the `kubectl` command-line tool must be configured to communicate with your cluster. +- Install Stash in your cluster following the steps [here](/docs/setup/install/stash/index.md). +- Install Stash `kubectl` plugin in your local machine following the steps [here](/docs/setup/install/kubectl-plugin/index.md). +- If you are not familiar with how Stash backup the resource YAMLs, please check the following guide [here](/docs/addons/kubedump/overview/index.md). + +You have to be familiar with the following custom resources: + +- [AppBinding](/docs/concepts/crds/appbinding/index.md) +- [Function](/docs/concepts/crds/function/index.md) +- [Task](/docs/concepts/crds/task/index.md) +- [BackupConfiguration](/docs/concepts/crds/backupconfiguration/index.md) +- [BackupSession](/docs/concepts/crds/backupsession/index.md) + +To keep things isolated, we are going to use a separate namespace called `demo` throughout this tutorial. Create the `demo` namespace if you haven't created it already. + +```bash +$ kubectl create ns demo +namespace/demo created +``` + +> Note: YAML files used in this tutorial are stored [here](https://github.com/kubestash/docs/tree/{{< param "info.version" >}}/docs/addons/kubedump/application/examples). + +### Prepare for Backup + +In this section, we are going to configure a backup for YAML definition of a Deployment along with its ReplicaSet and its Pods. + +#### Ensure `kubedump` Addon + +When you install the Stash, it will automatically install all the official addons. Make sure that `kubedump` addon was installed properly using the following command. + +```bash +❯ kubectl get tasks.stash.appscode.com | grep kubedump +kubedump-backup-0.1.0 23s +``` + +#### Prepare Backend + +We are going to store our backed-up data into a GCS bucket. So, we need to create a Secret with GCS credentials and a `Repository` object with the bucket information. If you want to use a different backend, please read the respective backend configuration doc from [here](/docs/guides/backends/overview/index.md). + +**Create Storage Secret:** + +At first, let's create a secret called `gcs-secret` with access credentials to our desired GCS bucket, + +```bash +$ echo -n 'changeit' > RESTIC_PASSWORD +$ echo -n '' > GOOGLE_PROJECT_ID +$ cat downloaded-sa-json.key > GOOGLE_SERVICE_ACCOUNT_JSON_KEY +$ kubectl create secret generic -n demo gcs-secret \ + --from-file=./RESTIC_PASSWORD \ + --from-file=./GOOGLE_PROJECT_ID \ + --from-file=./GOOGLE_SERVICE_ACCOUNT_JSON_KEY +secret/gcs-secret created +``` + +**Create Repository:** + +Now, crete a `Repository` object with the information of your desired bucket. Below is the YAML of `Repository` object we are going to create, + +```yaml +apiVersion: stash.appscode.com/v1alpha1 +kind: Repository +metadata: + name: application-resource-storage + namespace: demo +spec: + backend: + gcs: + bucket: stash-testing + prefix: /manifests/applications/kube-system/stash-enterprise + storageSecretName: gcs-secret +``` + +Let's create the `Repository` we have shown above, + +```bash +$ kubectl apply -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/kubedump/application/examples/repository.yaml +repository.stash.appscode.com/application-resource-storage created +``` + +#### Create RBAC + +The `kubedump` plugin requires read permission for the application resources. By default, Stash does not grant such permissions. We have to provide the necessary permissions manually. + +Here, is the YAML of the `ServiceAccount`, `ClusterRole`, and `ClusterRoleBinding` that we are going to use for granting the necessary permissions. + +```yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: cluster-resource-reader + namespace: demo +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: cluster-resource-reader +rules: +- apiGroups: ["*"] + resources: ["*"] + verbs: ["get","list"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: cluster-resource-reader +subjects: +- kind: ServiceAccount + name: cluster-resource-reader + namespace: demo +roleRef: + kind: ClusterRole + name: cluster-resource-reader + apiGroup: rbac.authorization.k8s.io +``` + +Here, we have give permission to read all the cluster resources. You can restrict this permission to a particular application resources only. + +Let's create the RBAC resources we have shown above, + +```bash +❯ kubectl apply -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/kubedump/application/examples/rbac.yaml +serviceaccount/cluster-resource-reader created +clusterrole.rbac.authorization.k8s.io/cluster-resource-reader created +clusterrolebinding.rbac.authorization.k8s.io/cluster-resource-reader created +``` + +Now, we are ready for backup. In the next section, we are going to schedule a backup for our cluster resources. + +### Backup + +To schedule a backup, we have to create a `BackupConfiguration` object. Then Stash will create a CronJob to periodically backup the database. + +At first, lets list available Deployment in `kube-system` namespace. + +```bash +❯ kubectl get deployments -n kube-system +NAME READY UP-TO-DATE AVAILABLE AGE +coredns 2/2 2 2 13d +stash-stash-enterprise 1/1 1 1 30h +``` + +Here, we are going to setup backup YAMLs for `stash-stash-enterprise` Deployment. + +#### Create BackupConfiguration + +Below is the YAML for `BackupConfiguration` object we care going to use to backup the YAMLs of the cluster resources, + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: application-manifest-backup + namespace: demo +spec: + schedule: "*/5 * * * *" + task: + name: kubedump-backup-0.1.0 + params: + - name: includeDependants + value: "true" + repository: + name: application-resource-storage + target: + ref: + apiVersion: apps/v1 + kind: Deployment + name: stash-stash-enterprise + namespace: kube-system + runtimeSettings: + pod: + serviceAccountName: cluster-resource-reader + retentionPolicy: + name: keep-last-5 + keepLast: 5 + prune: true +``` + +Here, + +- `.spec.schedule` specifies that we want to backup the cluster resources at 5 minutes intervals. +- `.spec.task.name` specifies the name of the Task object that specifies the necessary Functions and their execution order to backup the resource YAMLs. +- `.spec.repository.name` specifies the Repository CR name we have created earlier with backend information. +- `.spec.target` specifies the targeted application that we are going to backup. +- `.spec.runtimeSettings.pod.serviceAccountName` specifies the ServiceAccount name that we have created earlier with cluster-wide resource reading permission. +- `.spec.retentionPolicy` specifies a policy indicating how we want to cleanup the old backups. + +Let's create the `BackupConfiguration` object we have shown above, + +```bash +$ kubectl apply -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/kubedump/application/examples/backupconfiguration.yaml +backupconfiguration.stash.appscode.com/application-manifest-backup created +``` + +#### Verify Backup Setup Successful + +If everything goes well, the phase of the `BackupConfiguration` should be `Ready`. The `Ready` phase indicates that the backup setup is successful. Let's verify the `Phase` of the BackupConfiguration, + +```bash +❯ kubectl get backupconfiguration -n demo +NAME TASK SCHEDULE PAUSED PHASE AGE +application-manifest-backup kubedump-backup-0.1.0 */5 * * * * Ready 2m46s +``` + +#### Verify CronJob + +Stash will create a CronJob with the schedule specified in `spec.schedule` field of `BackupConfiguration` object. + +Verify that the CronJob has been created using the following command, + +```bash +❯ kubectl get cronjob -n demo +NAME SCHEDULE SUSPEND ACTIVE LAST SCHEDULE AGE +stash-trigger-demo-application-manifest-backup */5 * * * * False 0 36s +``` + +#### Wait for BackupSession + +The `stash-trigger-application-manifest-backup` CronJob will trigger a backup on each scheduled slot by creating a `BackupSession` object. + +Now, wait for a schedule to appear. Run the following command to watch for a `BackupSession` object, + +```bash +❯ kubectl get backupsession -n demo -w +NAME INVOKER-TYPE INVOKER-NAME PHASE DURATION AGE +application-manifest-backup-1652269801 BackupConfiguration application-manifest-backup 0s +application-manifest-backup-1652269801 BackupConfiguration application-manifest-backup Pending 0s +application-manifest-backup-1652269801 BackupConfiguration application-manifest-backup Running 0s +application-manifest-backup-1652269801 BackupConfiguration application-manifest-backup Succeeded 59s 59s +``` + +Here, the phase `Succeeded` means that the backup process has been completed successfully. + +#### Verify Backup + +Now, we are going to verify whether the backed-up data is present in the backend or not. Once a backup is completed, Stash will update the respective `Repository` object to reflect the backup completion. Check that the repository `application-resource-storage` has been updated by the following command, + +```bash +❯ kubectl get repository -n demo +NAME INTEGRITY SIZE SNAPSHOT-COUNT LAST-SUCCESSFUL-BACKUP AGE +application-resource-storage true 14.902 KiB 1 61s 11m +``` + +Now, if we navigate to the GCS bucket, we will see the backed up data has been stored in `/manifest/applications/kube-system/stash-enterprise` directory as specified by `.spec.backend.gcs.prefix` field of the `Repository` object. + +
    + Backup data in GCS Bucket +
    Fig: Backup data in GCS Bucket
    +
    + +> Note: Stash keeps all the backed-up data encrypted. So, data in the backend will not make any sense until they are decrypted. + +## Restore + +Stash does not provide any automatic mechanism to restore the cluster resources from the backed-up YAMLs. Your application might be managed by Helm or by an operator. In such cases, just applying the YAMLs is not enough to restore the application. Furthermore, there might be an order issue. Some resources must be applied before others. It is difficult to generalize and codify various application-specific logic. + +Therefore, it is the user's responsibility to download the backed-up YAMLs and take the necessary steps based on his application to restore it properly. + +### Download the YAMLs + +Stash provides a [kubectl plugin](https://stash.run/docs/v2022.05.12/guides/cli/cli/#download-snapshots) for making it easy to download a snapshot locally. + +Now, let's download the latest Snapshot from our backed-up data into the `$HOME/Downloads/stash/applications/kube-system/stash-enterprise` folder of our local machine. + +```bash +❯ kubectl stash download -n demo application-resource-storage --destination=$HOME/Downloads/stash/applications/kube-system/stash-enterprise --snapshots="latest" +``` + +Now, lets use [tree](https://linux.die.net/man/1/tree) command to inspect downloaded YAMLs files. + +```bash +❯ tree $HOME/Downloads/stash/applications/kube-system/stash-enterprise +/home/emruz/Downloads/stash/applications/kube-system/stash-enterprise +└── latest + └── tmp + └── resources + ├── ReplicaSet + │   └── stash-stash-enterprise-567dd95f5b + │   ├── Pod + │   │   └── stash-stash-enterprise-567dd95f5b-6xtxg + │   │   └── stash-stash-enterprise-567dd95f5b-6xtxg.yaml + │   └── stash-stash-enterprise-567dd95f5b.yaml + └── stash-stash-enterprise.yaml + +7 directories, 3 files +``` + +As you can see that the Deployment has been backed up along with it's ReplicaSet and Pods. + +Let's inspect the YAML of `stash-stash-enterprise.yaml` file, + +```yaml +❯ cat $HOME/Downloads/stash/applications/kube-system/stash-enterprise/latest/tmp/resources/stash-stash-enterprise.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + deployment.kubernetes.io/revision: "1" + meta.helm.sh/release-name: stash + meta.helm.sh/release-namespace: kube-system + labels: + app.kubernetes.io/instance: stash + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: stash-enterprise + app.kubernetes.io/version: v0.20.0 + helm.sh/chart: stash-enterprise-v0.20.0 + name: stash-stash-enterprise + namespace: kube-system +spec: + progressDeadlineSeconds: 600 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/instance: stash + app.kubernetes.io/name: stash-enterprise + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + template: + metadata: + annotations: + checksum/apiregistration.yaml: ea1443f1d9a807c14104b3e24ca051acb32c215743fde21c682ccb1876deee8d + labels: + app.kubernetes.io/instance: stash + app.kubernetes.io/name: stash-enterprise + spec: + containers: + - args: + - run + - --v=3 + - --docker-registry=stashed + - --image=stash-enterprise + - --image-tag=v0.20.0 + - --secure-port=8443 + - --audit-log-path=- + - --tls-cert-file=/var/serving-cert/tls.crt + - --tls-private-key-file=/var/serving-cert/tls.key + - --pushgateway-url=http://stash-stash-enterprise.kube-system.svc:56789 + - --enable-mutating-webhook=true + - --enable-validating-webhook=true + - --bypass-validating-webhook-xray=false + - --use-kubeapiserver-fqdn-for-aks=true + - --cron-job-psp=baseline + - --backup-job-psp=baseline + - --restore-job-psp=baseline + - --nva-cpu=100m + - --nva-memory=128Mi + - --nva-user=2000 + - --nva-privileged-mode=false + - --nva-psp=baseline + - --license-file=/var/run/secrets/appscode/license/key.txt + - --license-apiservice=v1beta1.admission.stash.appscode.com + env: + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: stashed/stash-enterprise:v0.20.0 + imagePullPolicy: IfNotPresent + name: operator + ports: + - containerPort: 8443 + protocol: TCP + resources: + requests: + cpu: 100m + securityContext: {} + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/serving-cert + name: serving-cert + - mountPath: /var/run/secrets/appscode/license + name: license + - args: + - --web.listen-address=:56789 + - --persistence.file=/var/pv/pushgateway.dat + image: prom/pushgateway:v1.4.2 + imagePullPolicy: IfNotPresent + name: pushgateway + ports: + - containerPort: 56789 + protocol: TCP + resources: {} + securityContext: {} + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/pv + name: data-volume + - mountPath: /tmp + name: stash-scratchdir + nodeSelector: + kubernetes.io/os: linux + restartPolicy: Always + schedulerName: default-scheduler + securityContext: + fsGroup: 65535 + serviceAccount: stash-stash-enterprise + serviceAccountName: stash-stash-enterprise + volumes: + - emptyDir: {} + name: data-volume + - emptyDir: {} + name: stash-scratchdir + - name: serving-cert + secret: + defaultMode: 420 + secretName: stash-stash-enterprise-apiserver-cert + - name: license + secret: + defaultMode: 420 + secretName: stash-stash-enterprise-license +``` + +Now, you can use these YAML files to re-create your desired application. + +## Cleanup + +To cleanup the Kubernetes resources created by this tutorial, run: + +```bash +kubectl delete -n demo backupconfiguration application-manifest-backup +kubectl delete -n demo repository application-resource-storage +kubectl delete -n demo serviceaccount cluster-resource-reader +kubectl delete -n demo clusterrole cluster-resource-reader +kubectl delete -n demo clusterrolebinding cluster-resource-reader +``` diff --git a/docs/addons/kubedump/cluster/examples/backupconfiguration.yaml b/docs/addons/kubedump/cluster/examples/backupconfiguration.yaml new file mode 100644 index 0000000..e9ee92b --- /dev/null +++ b/docs/addons/kubedump/cluster/examples/backupconfiguration.yaml @@ -0,0 +1,18 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: cluster-resources-backup + namespace: demo +spec: + schedule: "*/5 * * * *" + task: + name: kubedump-backup-0.1.0 + repository: + name: cluster-resource-storage + runtimeSettings: + pod: + serviceAccountName: cluster-resource-reader + retentionPolicy: + name: keep-last-5 + keepLast: 5 + prune: true diff --git a/docs/addons/kubedump/cluster/examples/rbac.yaml b/docs/addons/kubedump/cluster/examples/rbac.yaml new file mode 100644 index 0000000..52ae310 --- /dev/null +++ b/docs/addons/kubedump/cluster/examples/rbac.yaml @@ -0,0 +1,27 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: cluster-resource-reader + namespace: demo +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: cluster-resource-reader +rules: +- apiGroups: ["*"] + resources: ["*"] + verbs: ["get","list"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: cluster-resource-reader +subjects: +- kind: ServiceAccount + name: cluster-resource-reader + namespace: demo +roleRef: + kind: ClusterRole + name: cluster-resource-reader + apiGroup: rbac.authorization.k8s.io diff --git a/docs/addons/kubedump/cluster/examples/repository.yaml b/docs/addons/kubedump/cluster/examples/repository.yaml new file mode 100644 index 0000000..fdc38ef --- /dev/null +++ b/docs/addons/kubedump/cluster/examples/repository.yaml @@ -0,0 +1,11 @@ +apiVersion: stash.appscode.com/v1alpha1 +kind: Repository +metadata: + name: cluster-resource-storage + namespace: demo +spec: + backend: + gcs: + bucket: stash-testing + prefix: /manifests/cluster + storageSecretName: gcs-secret diff --git a/docs/addons/kubedump/cluster/images/cluster_manifests_backup.png b/docs/addons/kubedump/cluster/images/cluster_manifests_backup.png new file mode 100644 index 0000000000000000000000000000000000000000..2ea0e447c90395c62dfa534b1fba4357c267c9c2 GIT binary patch literal 73174 zcmb@t1yCJJ)GoRqxV!6y0KpxCyK90IoZu4NEx1c?2tk9pJHaKmdvJFR`i7I7zs{|? zuj;;fcdAm^%*5D9cBgdh+ZNLox-#WnqK+3SOf(}LjXXa~qazXLxTl5_%nF#*=4 ztA^nEyN(@4561}^N1o*PHD^Jy?~?q$Afe-|*nMqWGyFoANS+94nORe0v!)WAOmk>M zUSug{JRF6hgD?K}O`kz81Pl~D5sARb?9i<2_Rn;OuWYXzMx4q{t`Z^@3aflW{$6*( z!_yFG=zlI`T)CQmKfi^?WDxs%DRhb<{%sQbg?U`$@9j-Wdv#c$mp?WU>Z5KtvdtmE z)NbqF50=Px7^J{pdq^s+m)Dqe|Mp5JH3@KCuT_kk``rYQ&y=js+RQ@>1{0tpn~{UT z;B55QE`bC)$R=Vo1t#`^AtC8ep*X;OFae7<=}zzk3|q#E&d$CP&{?u!Ht>B&h(v&P zpNGCg2sM~XrI`l{Xxck>9{%SW@kywb>%!PBprM%%%bx*Lh-^|S?hdBu5W}FOBRl+= z>3GPeNvC6OuOFNH%rAW#{p}m7k&xR8=nIDEKUQD`n-VwC{X{e{+QiFu?rYRy8=0U%sjsLvB?A3(6ds3#z)H&w2eaA24{o96iA- z1@ky?=j6JF+s7q%hz*rf|KdllB~gNr(e$xYN~zdc3Qj(iR?UwL4U(tW#ycEuC@XA3rYx>KM47BH|`@S|;5&33|JR z&{ENX8~z=!!9^Q+KLSTR$X)eN(fDO9J52iHju6#cdPJvTUx6nnN3Vrj&4d99s32wU z7x;ZgzV6OQuvi=|Qy2kurjF&z1;``(yX+2m8Y(CFB6B0WxEP(S2l4p=k@R6#Vvqgl z!dB~aJs6q$?CU|%m+%aD-*051w+o00n%|a?Z=H?$EF%!FthukP=_a1vp?cL`j8a%yYPL*I(r!Mz3V7+@c3=q;aIX@3ceiu;V1{{{pC7LQ0pbgV4U z3DJ}Hp#=FlfOF2Fd-aFMo`7IO^T3C@p5y*p!cEtmS&Qz6_VC-bvf=49G<0M)gPg6p zGzQDn@;*OIFko%^R7U+}NIk%^Km0JW-`m_R`2_o}t{w#2GA37Ee4%pn7^pBy^}UIE zV0qpmh*w7`&-z7(%C5iKp6hUN;I(|Z$>epa8z<;pc?PyfgSl~;<84>l_)v;p*z7va zH&J?Tt4Aa-{rRRHt(jiiKFzmY0C(I3LhY!qE59AN!w)lq+tb4Mn7_A4{5y zd%p?Th{A_vf)IpuBZKT+ zkc5Fu>NEYB3qwW2E}tuI)$U2WH4VwkVO+g8@QyS6Ntnl$|MAtQ^=369`DPMX8{E^u zwWzMgWn*7x-;Yq9t&QjWdjtBBLkU!{1L$nxe&%~R#jR9O4I7DeB(AxSwxX?OKSmVO zDlDQff)%Gf94HM81bKXS8Rj^@tJ8y5%vil*Xk&cgX1+_vt*IF0muzCp* z5Lb`|g@cA+3Cmr%^0)><0w$S*3I|DWL4y%l^Kb~?SX@A~m&xPe;4k9s8z zL&_!4jr@x7HP!O3sG=s$O)nF%nYCUN+!?y;mRPi{NafFj0`!=b7K;2@awE;>Ww;F7 z4nG1yXJz}?fGkH<4UK?`Z}V*z;^;2Cpv72XsT6^7oq<|1ZqdPF#l>XQPWqeb1P!#cKwcl8#?=+so8RPS@w_@IU%W2_m+@Ed9jDmxVJI-mTjfk5T*8Hz`xJCw{<H1`&w`BhXwurHItyVED=0f_5wHN&J>sC_0 zs%vS8CRTS9SzS&83>$ng*L1IK8V6n>XG5QOksCg?!7O^bq^h&IZ%p&FEWN**H>#&0 z8mNn5p2zB)36nVIFpG`i;fNXfP_L|ATMOWQ9u~KZmR1{@DZWUbEQ`iMg7#b{7T*UE zG!MnT1e~Siw&b_-h{rY^eR}o!M;=$)whf*-H@<2e9=k7#_x z8oaBx4*9Oar}1mI^`)*){_YRWgJ&Ew07{8^&c_zyE&%HShUsKV!$0)PUpUFt@c6;KkTfy`q`|qf3Iy-ZNPvsa0Xq;Gne|G-p_aTKVKYa9Y$ZaJNKvB zdPk^<7>tJq)fZaRnjiK*fk|{)!dPkYA+V-6=9?-s;BE(atgTqrz7p^>1weqBn43$X zh1l_D&)Zk9ObpRu-1Il zwg_d+co)>X@aS+d=rQ!XN?YtYjvZ*niJ>dZdbiLeJIgP)0VvMcNM`~6t zvfKU)k61q~vIg;RtSe}x%ZCu%X3){S`s6Ffq@I;M6S2BIn=^0x1G&w{)j9>i=gtF@ zWT-XZThvttFyjJqi-Q=b{g=>;C;!gLUEG=wa0H5H79V4urGVAL!oE$iw?Mq|&niUr zhze~0;N|FuI+&#%g?hB!5Qwhj0=b=s!?r^fRqmfRffj@`91U6^>ICwSN9CPT`pkyD19}%g&oJ#`Z{-KHFHr?!9M+z=y+DveHh~7*pQ>kZ5_g4+ZHDs)F zm_TYceSp+U=e89&OG!lW(&r?#5*ts!iNG*+HSlA4!Nv6*xQcB$ri8t(K%|KrM)!U4 zc(40oShe>)!38C7tQpC7TM15t0D;(e>L5F<1RA62P!nK9dXinsED z=Onz!PpQ5D13+nO&P$VkRd75S{=~7ufIU73)>-1m+KUVZx7yvoV(QKu)B8f-OghPd8bOk#e{CpO(Yl>VvMg2p|F%<^15q9%O_fasUh)4yzN#;G}G z0`U`PPXn^!_FyUNG$!j*7TvUXm|NRAXwE{|NcO}A>RD+vXlJ#&{xRJ?iK(r`tS6jQ zW;M-}F_~Fs!|&b(vtlPXgcNqbz^v+5Id$5&Rh9mRAB@U$iuHi6*kdg(sXw!gyQnv0W4~ zvRlrs1taFpLN8a6)KgC{Nc9A8zXJ5`7vbhuS$UmmMTzSphJYTX?{k~D42A$_7i_uL zLV(M{=%=Bv%7dP`P;@AsY}nU zKJO0bGS_JlWfUJ24<|czRg?$gUEiWCRI0JhCAlz0$MtqD=uv9>kmqW8dVV^o!zpQa z@2bPUC|f50rFfh|jB z*RvPg=`%cl3^%d;Are0YmN0KH(mYJywbpik?8oBKcD+^dC!kNhs>!i6$S0XYrhPh# zVH#fBeT?E(o}4_xl{5|rzyUGMLI+I^-Yyq>L&o!+nFIP`(?BhEUe&PZwXC$to@A&sFDC6#G2l4!@w%BUiyKC zv|;HKOfEv1Iw=vf&c4&wSBu`PszgT7(UPU*+$?uoLLwx>CY_E&$w(AI7bgis33wa+ zV5|za`+!@51bv6ba#+jp8L{Qd|=E8^z{m68(9l)Ld z!px#}WYg@*Brv&fbU_49NYOf?z7~`otXh{PM?IQW@#z1ZkhLVn722}5+Kh?jIi^4cr)Kg ziHMH;5lDqrUW?9r+4i^ToAWYQI$O-nbU;AU%+f6=Fz?#A!|}8$!`4f;>{)$c;OO!a zI*6=2k>)afa#PqRG#E{Va=ZGW-0(3SRtEJJ)`W4*7 zS-AiG!tV3bPIobCR{@VDhh8JOjn8^p+%}2CVofrr+W%Ls7mS?syTe41l_f<0kzHO| zJgoQWhBVD%@+L)g3SO3K)J=|kY#+9s;Nj=hv0MFh5QHyy-MtUlCt3rgn7M_~jDYIY zC7`P2ykb1muXRG}Xqw*MY`rUC%XEGqzL(Uo@GyCTFyFUg63p8?_0(f^)Lz-#9pX_x zZ8)>HvhNQ5m|cpB zqLTt}gjMUN@#|5oKw~{GBd7D0&}n)K6(Cjx^QR>nlV`7yUFg3uv2B}MdpPT=GNEiS zdC`~xA`^{9WuCpi>h+U#ZTI9Giy2hrkd&v^uB#;)hSm0 zI>2)*-Q4>sA?as3SpfiB@ySNJamnTs?lISg7@O(>I{Y{}*@(_snl7F^7Q2@zS*}e`tx=y|4X1cvt z4vvsQzQ}+$OvT(xbnEpVa;qMl{xKGlr+X80JDpVr6B|?KY9I2AnAGemz(+o%_2zUz z!OUzppSL)QHdM|-=FM(VyI!u7YyzqH(@;ZH-*ZxyuEuXf(){k_ubhaVwm&xx-CMN# zykJfdUtXKj=7*J{mgUnN!Yv@Kixkg)wq;5^`=W4G4rl}boFV%HG1^U&1^=n9%_sEM z+MD=zlv7`=0JpQx(KB*7(4FnUi^n?=N8wA*nW~QcLkfyg(-m!@nEzshVht#X=@v&G z*GiOu=K|BX-%XBWaM|@LTQCd0Tm%-_Ef{ZNv{~WAQN|C}$$u*+b-oqRwAggRYiuv{b8iJ2`MV$(8Cbp;B4w?tYblA?m{>mfoLggAKlf2R<3HtjK zu5}w#{RgLG*Gn@J@HNNet2omYe33kQ^>(7%-eaL@Gc2opeZEK^nEBSb z4-njztHuq&=+D7O8|4mtxI0?JjQLqcV(eY~pR(~4Ti;W2z(t<-rZY1g(z0Y9@?t(f zaRo%iF1lx?^VwE?y`8O9{MHNz#vW>SMo0Hozz#4PXAiXgPGI@Y1Yj{5-12v#$N4b^ z>Y*W(7A}A&j0hy8Lkf9rb)#P1*An#YlZ!J*PC(03%%vFnz$fVI>gE?FKQEd33wW&O z>&h66$F=JZz&Whw%$KVtNa4%ziJn+u+(&56rg)uDicwyaQvh^HWo-FZooHDPe5)9@ zryPx2ujllrLQ&se!m}A?&)V=#z>DQu>@$!)x==3=+Gmn{&ma>y<38I^%>~E{LD>K} z3zko>2c$OQgW_@vZd_#BYoGj=m>ioqVkW#)N3dCbS^rx5xYn|B6_*f!@bn6mijQb7 z65GYS%NXYAu@&C@WM)JEp7~G^_#DZAQxbCC3pkJpSB*g*wS3)n1t6;EdzDPFKLd=0 z$!97=)ge9^ZR`=b%xJZ49T0Ymr3lF2vC z%KJRGP<< zo|C@c02*-n9MKF=1twjRc_(i>ay1kLe?>;Jy$tp{exvhUP z=r&8>1tgo#NE6K8M%xo*?1fgagRr={=D)_lUsN? zA}IXYm1W=8^;G*K!;Dk9a&nA{@awzjatM7<@^M2B>Lo;g>N>glAxr6O%(m&RZiUyc07Cg|BSJvcW}&+B z0ANt1Xrtld6X5Pj+tM%zy&Ph7S9DBQ|tFiqwwm# zsC;fv`f_=r)(?jr9-;7`D!1KlX^n|Z9+lmi-!7G1Ip`nF8+}cjZ_@2J+i9rpE6I0q ztS>2#=1p_j&KaS#7zV_VrqKi5Z}__r75&f>`6`V(P~dF3JD_IAc)+wv-5=9FL7J7b zg<^`E8+$Yjt7>LtbMVPqnphqsZljC3ylYgiq<4P*Y52Q)DZmb~_%VG|J@!BC8nZne zm?+-9F{XK#I6HZ^98%%-7+*4=q9#ZU@?!ho0jt2i0Z4!^x*t$M0F0)jY}pHV1|Z}w z6e06y*G+<~EAp*fWxrM;!w#l4s{|ebyvz^N(8DPr{>+*E$X?Tfl>(?`g8ljJ%4Q;7 zQHy!D-MMR1HD{|8iM&-`wELb4U_24R!_d=l`&$6}_b$%^S$XYi4tR#)wD!uqvdZQ} z#wGb1p!wydnpJpFS#>g^ z0O*xTblTv>;8~1$-ZLFK`(}Iv5e)p?z4&06IA~BrDGuL_Fh8Je^-$~8UuqPdS4(Hy z4rrkAoz3J~;*lfAd#l$dtpYNSq)0qhTQSR`3^zpK;FkWmlRCf0$aJ?sD|cd?{Hq&S zx)T03j(NJ2-k*QYjG7eOFyKp4$utfvJx{OC?3?a$N-6u;?1lb z#%rOyppA*>$$!rRbW%T_?H(k}efyZa>mrVLH4JR=<1|JoQPYRzv$aqYU}@`$qAjP( zH$Dt^P^lkY)vbRYnY*9QFgpdRwVhwoUJA?EHV&hh{kl{<;Z{pCr{qs z`aap8Vbs1H4;W{Mi2cH62f&S(3mi&x^tTZIspogL@c(a5HT)kOg6My~z3^$^34*xl zLKXZKL}>HL3Gc;bz{L*PuS%OxY=ozjO=H+_Lh<(%$SCK^ITDS)Bhyn;0c&m1e_D&N zbN5eM)V?&AmzT#ozL)xY-`{_!udi>K1&Kx&jd|%N_Mb@s>j2wG23HnkAoKZXaQEO_H>3r44x@TA@C?pN$>nLJg7!aPIH=pz2oSl3fu)_ab zQ>6Y)**&wfv(x1N9xS<9$W*9tb$4$9V&9)DTi3xY`!zj1QvHfM9TtLk(nou@atY4A z??p#OcpNmgT53288`Z3}P^}*#ao;5m2n>V($;il5Sk9KA4Ds{v-C<_P9x}8AZ0K>U zHwH^I^ThvHQ^NRcXpi<=g5f;LQU1G*Y@TJl;eNP<6~i-JDCP%T$+aAdpB{8DziS&q zJ~IBXu$hLPxp+9o03_(gj~~Q|16%eD&CPlTF?Szr&tA8j-nqTJ!$^;#ktZERW>z6k zj_Tl4vB4Ysy_a5cJBwC5c$Qa{$Jn}GNFmf<*J@TJ45^er*kwoPJf-+-N0WYl>qr8~m?Uv-b#6bP+cuGKv61ywO z!`m!O%#tMe9N+mx%Fc=C&r&+dH?-i}XlmjER@Y}I;N=rg!C(-j9+-%%j2%+|bvwAL zq~->PsRxQs{S;LQMi&R4{)9 zmTC2%%sHZ6>jTzIM^oBuaVX&JpJQEX7Mqtrw{S$Mxtp>)7;XlRUE0Qjo< zxSl+NQAq1h1?o2f+Gi1#i%=pW+fR7%f^~Ev?Od;hOoPEv3_?n<2K&o}{cjEGZ@wGm z2KJNv91)3rRYQvqd!|oGrMv1)R11tlXJy0gj}vA8Fdd5;#YcG0i~1W_4!l8SU1*vb zKc$!pW*aJ$$8*8Sn2l00BmNfRoD(~inJG*1 zAEpDPQVFBeX^{=pa>;r6L(U)ZrFgPoH^;BXFD;u@n=zRk%puScd~+kw;n?HBCtGs# z-?ZVc#y@mBFMIV7I7+2r2h+1)gcfs>ix>#mt*9B(M+U8^ge|>p)%oj6jSHFbHAvTC ziCHPe=*rrffkoG6!o6YO%@SE*KRmzq{PpqKq2K4$h5bBv!s|c4R$s>ja>l|m%uE!; z_wVFsbgSUC?s3ycgdh0LX%M7@o{l-jXctKZV?(`{061Umi*V76%Ug?u4MFYFhf?Npcs1dtLqn-;m~f@Lt6-=6&rl?V(3K zR#*Z1Cdmi?kn7dl+W|0pWn=%mt1+jNqT%2GKl9-0N39aPzA(`=lAQh_E z?FIdPIjKpBC?ps ziZrF8yGqtLnH0*D+AL)2k!y~cFf#g|m)2rCu`J)nk>@Lguzg0C($gPdvsAGL^`1DuG*gCnm|Gfe!k zoa9}U2-erJoI$b$-QuG)Rh^~Spu>Dw^!C>%n5z>)gxHb0jg=vK82)I^)Kvc%n&6## zf|+KWRm#yb1O&t@oQPJVz9n&m{x2Wx(U^KEKYg*=uIJ82J?T~pZE0FrDlDj`jjtOc-d~UtZ9%op7-R&RWPpVs9w;%AffS>^%{HXh{5C?pC1$y$x=}w1qGK=^84wAI zA><@zY@#F_U65@&WJ%zLx!*9h!q=_5(YbPHrXselOA@hD6gcPV(=GFeg{>uRU%@QC zEU-dDW0wxki?*!1v;&!5ppjxn|Ezs0#U1zgn0Mk&q8!&>Ki~W6!8&J3l3Gq2xI;pK zEF{waWS`CTkh0H(L`{l=5P>jRMtQ+1!oo_)mo!ZEX&>g40Ch+DRwZZE zqZdnHSfc=eBKTkXW(r@Hz|kmRlht<%FuuCXr{m?T)?4HVW#$B-SssyKDSJ2c+YIin zyjkYP#LVvoU&Jr_W7Z_|s6kW;2V_Mb{K-e)SvxmzSq%+5EClGm!9lVx!{CqhjYD0{ z*;%UdhC<4^I90v1&vQzl*{Jq0H}Gg@j$p&ZU}W>{Ua-9rhCNB7|N6KY6#muN(TMn( zd58C1T1-M(OoJr}E3SCXd8n%xYzWPAT41^;LU&v0XERCL)m$;FO<2(7+nG`+z9HBwa4HbVnSK&)vOh@@OvuHCd`J#S zhS%XjuVN*JxBV$P6UR+6Lj~p;^PO~8t(*T48RtbfkFTY^TP zTg!K;%RPh&JxEJ*wxcP_iyeC0mWtf#iEm1PARH|L?s1LCI03Za#KNz#_3t`QmdiFo z5_0LDy)9NN-FKcBMdc3wGB!v^S{mN@XkpsmxBj>Fd5eBZZ8>)=8!3^jE7LrL)PYzj z&)3L%bhSwysd6%6&bqJT)ON@$zoLY7z=;XQ_?Mbu@+d@?g!O)Z(!C^R%%3CC8BUxr z7kva{xJMVrT=Xuskry!~SOqQxJ-VbTmb;CXSR6TlnJn9d!IPTWaMgfgV%A!GrI%8L z6I3J}8?ss=dbfezs`=_q&O*ju4ev2*ocPjY8ML@67XEl(X=zz$&;_$N`uwmX$YSyn z5A>L(d$(xY-gA4lQGR#jWgvKT0gL~I`K~D|mgY}V0E2fv?PUhMpf2&D6gE>HdP0P* zAfD=SLxZ?KK_bL#b5ET!C*LAr#r5%O799r%Mi@;=O>M?tUJ0LbYCe;Q^)I9qn++Hm zlHj4%C<(Iob6OY(+7e~Lysa1d-xgB-MDUP;YT-091AzYhod!p1s*@Q_b7D2h-#g>| zoMv?Y9FKl^B8cG6QR$b@=>dNz)63AQ4gTj9{nCGqO26E;$N0a~JoYQU#|*%jV8Z6D zf|{F~i@V5Px_>#3En>o&66BPfS5<|v(HHIFMDut00KL&X6aM?hCeh)4PJ{m+@TUJB z9{*4C(1&+ldH|Y&SM7FtO!%+O1OVRrXE^`YCj9@yoSP%MYl5Tf21ijRWBTm8A4qmj z{Q7W~e80(`IbDDMOPE4F4DMkwjBcwqrWr%{7Nx4SoIjzCtkD0RQtZ&%*6ciGt5+b; z8n>#hEw(R;Sw-Kc=hOb44F}u5z5dUfQ?e?D*CVipjnuOUi+I|EV`4yjm8=TxkCjuNFAJpxC+angw?z+27QD| z6u^Ep46-fvbb&!ofJi0^=Rg#-iarpW%&Hj#jc0b96>*Fy;QbQ%JK(zx^H88Hzej0H z#OGc(J4zh;5(^bX)dC^Mi}FON#@}hD2Vd6mgcxCFdGWyz27@}=R0v!V9K9D+=d|))y83o= z>UV+PWCiH#9|4-80oMu#0wW|M#JK$wQwzMTe&Hzt zQz5G!Zp1-xM7jLjm{}WBXiyLq!zw>Lz_2~jU+YbT_C{2?&8bC>=m4HV&dx((-aNF{ z;3UluR!?oP9ZzQ7O3qgKfZD_S!8~8VSidM33G>^S^g(HVryMFilr_xYQO=tI(S>ZO z02p{Q&*|iXNYVX~3C085Q5>+5X8xlGJz`VQwNZmL6;z7v?ec_fNb?5y+*LA53qGtc zmA@QuG~}1d)b&kZq{e7CTUigEs1hZE!TsvKXjow>(Oa1{S?|%1xB6u>f(r?pJW9^` z=ZY;)Oex5Yhv`VL|2k!Gy4E-b;04i~iq6}#!4X9+Nfh?xD3{<&xG5pF8MsGyVtci{ zigIp3acFoY`H+C?D4E@M8p#B>0xB^wN+sk-Ev;Y!9}F<=$E+3zUskl#N`$El2Jto0 zL{S$N)a5ltGi(rOp%557h!6FvMlD4)j)nVf`+4q;dij6RQ(re;d1tmMG`)gk z>;)-S{tPEBSqEkWfv}QO)1$N3qhp@*K$(&w?r$`+Qroeq>FCaeXA=teQlrdXlX)iw z%AeFx!xlNjHkM*#e+W!gkIFee_`>a`5FJf|>ep%PYqLRx{m)^b!D`zZ z#-->IMhsz`ePl{DLTBM``gs^ii*Bcp-V9)5e2%_M;MROXrj51{mjjVyjELWj*caf~ zh%4KnPnbx-qxM9wV`1ZxKNspE;TCa%FZaA|zpp^b9!VQB#cEyeyX=U}dh->n$cZkH zzaj&eT2plHjxKlT5;nQe&LHmJ;3Hs|-GeU&qe76&iZBg@47qp^z%Dxx`)I*grKjni zOcExs@GY{tHKCwY3GuN^EPy6Y5__#OBm)TqvpaM(;Scl5LLQVEWD+MKpOWCD?rT$uPecn?3jjmUj+`ow*Dh3JhND>+0OXP=DSkm{H~ zMpVEjkl`DI8(F(qwON^atX$wIcasnNTnz=`e7TMIKJk7rDio;mONF^L61xnj2#vDD z%yxlpKdT%BdUf5Z4fhHpu0mV&Eiy5K5bbkb+9X=>;p+C^i~{3$oQy6?;@98-j;YPU z$|KB1*TM*%Ya9>BK#%N~#6Vjfnx;{q#X~VQn5_GNg_9(z_tDoZ2@1XEnuP_^5G`L` z^2~t0%1~6MQoV!LP`yR@_KkJ!m2S{y@92mXueISt?=*v*gD%Z?<IvppfP3tV4cXsuvalLf^V~h&dDE zGf{vSQ4-^0MY-YT?vrR|LqV_p64Tg>WhjM&L89l+F-l41Zk10xC>m2$jHXRG4j#)5 zJ|33K72rmF&mj!g%8LwbT5dubfkxQP`0P&Asc%L)Vmy{}`Na@x@sZBf_Ln7ABnULU zRC;SROVAxar=BU1ds&hgtub9Zod_(js)=W=ZnDw3f>|2?)af}DD9RfMfIN{5J8*L=T znjmN_8B3-F`P<%!y{n^VTD{OZemw_8o@+17&_O0ak>erD7-rE|Dp(Xdp?H*shdLtr z`|wINsHjEO1;oFs|3Hj!scx}wwsc0J-XfLUvO$r`0+Id*4NAUd?E5f>TrqLcHwdUY z5U+k3vR4T`dK6U=hEvJ(qRQmkB?JN4pn?Zo^J^RxZ6#5o zPrumqzKT_q>@U2_gaT+#BY`mO&T)3FJv8zb4Zo9{My!beWcDlIshB!SZ0P*lz8(bP zDv}6^{)nv!C91bdZrq3|+N?2EoQPX>Z<6V<+Q-`TAZFg=U@J+(!mrQvDO;eC^SnmP z7WpY+o@#pbi6@S8H@7geST^=X%snY3^jEb`sZLJEx?bvtV?7swk}-HM-%8H>J4g2f;*g@dQw zKtfsb$jF0wsq_zqWYM!hNZ&q!8O3~m(Fx&kVM^O3hz3-)j$6TD%;b}az^k;T1&n2e z!bQUMblbg;JxhUu5~H}P9J2P$m#F2Mc?4s|T0o>4e|5MvGT@omfsuhPon}L)>?dpX zrd@YQtp1mw+(m}seqgK~5ya=6%lwIEGPvx!hZB~D>*A=&ROB=ZwbAwi}~XOn<(Ghsa^ z2@~Bz5=}`t>Kp-Gc+xQDHVj3)TuPNt0XyS!`Y`;Mf|76+l34$+a2>ukyR5ykBPHP* z#9BCb6%Z9PBsHM4>{;zbZG!7sQ_3wQc*4RQD!2X20%$C=1oI?IS)s;Jb19zt1#$!Q zRzCcq(2l)uWoL&#pn+tEBc^tY+_UHxjcJe#UdlH@V^M<+6oDQlmW|bo@pf}JZS>FJ z{+rNS$=KNIG(Qk`3$dgP7nJ`-`9q!9lS9B_f!SRuQ``xD{UPjFY3x#bx5#xPpHx5n zb%FTG>_7>eN-TVqtmJxH)V!lf#c*sMV@lfu6AJ>u$mBi7$e2IdD~P$V_!U{xciO0& zT}yt);0+chSx6NbAuBUmsS-Hh&TYqTn(~H!emo1L$zWrg@Q)g(#6<-KzsAV-3ySdG zrqzQ@%TcyWkW-+mDM-$(zaxFq)f`upMk zgXRtNa~5)@X6@*UVxHJ8@#Nf8>#^FnP>>31c#ZY>i`*T&2&$jJ7Rt!SKId z=s3KJGpnR}&qJ-vL#>I!q|1kvMxBi=?+U0C%_$pV=R*@83*( z?rMYk%*?6l`roKDfvf!=Zc@qK6eJ)M&Yp z{iD=T6lr}1N3``5rahv4rFkep&%rjiiD=0;%8z*9*TunoeNO*jU*WAqyfz9^x zfRI5V%3*n-6;)jjZ+6pL0@qrlBPdEwG_#ABOX0LmWtca7=JrKTFh+0h7oIp&D)7of_`Kyq6LdsU zTOcWX&i4SyW}Ee(NkoR-Q_|W?!~sI(Rb+kSrVJs z+yS~w`YQ^eT;JxM^ATgP_|Yx&IH)8T`p)Mq;3nCuaGg~>Ced)wp|ZT(MsTBGoA3k% z#9Gwu4vR!hz)tlmYca`1kN6>JB$TShaw)-6E~Ph%;_)_mQ7K%-p>B~4(#{ZrL zAc>CXI#Sm1AuYFk_G;lp4m2e$@$4vIak4=&-0ma0j^*grBt=XR4)&7tJAY0?NMS~G zn^AJ%q48&grWnq9DWvJ_1w(zvRI`)a818QCV6k~Cx2HjJh~J@yk&t5DABx23xWKV#Mu zdehMi;xTItdYterk-FCs5VHM~;wXt*+89(F*>~k)vd+S7ukQ=ZWHb53Fq(5F3@h;% z#7D(6um<5|JL&G}@6Ts640}5aH4IKjH+6voMUudF1xTJx9!B$H8i0AVlIA zZAr@>QxG7kR3;uWwO3BnY0;CGBGu?yWpCxo&{CFSPV8kHF>dg|F{pX*~mfgShf zja#F64%{Tt+3pBCD{rJo+r&e(1bI7=uc9A2)2qT1>`;nn?09GdQT8(@9j)Fbry9nR zl4}#oz4^|bUT6)=W^JLqT{ZtvU{$c}$WTxjxAVfg`KVW*edT0y=kdu?;J!uR=;S+B@;jUS|Z+9O8M5H)W`TG^q|XcCJ)-DQ!?EB1Est)6o_ z%NTCgO`EyI(w$T9XX?+$)ot>k|5>eTIX8h>w#_D2b#lbUBi?~J)k6_@P!Jj<7 z;HW@hU$;l@l1edwN-LF^%XR8KW_tOimf%)`;NTpY;_;h7&^(b9Un_Wi?rTE_-fpx( zt50mK7xW;No0YF$V|nH7CqLyFJ^js(C!FgfmbOY&iud242$Sy#?A%7S5Y>?0*0;a@ zxW>0Li*LsifZvv(mUALFiQHAWm^=s3_3$ZOSwEgvVVY=^wTL%kI$_{WilSrE!jZ7K zUqfB1tTZQr0eU*gEn(}|oFU&)^qR-Bm65DWRi(WZSJ&bEO2~p8G{SCEKEnQnqR+;3x%uXUul)_;5puO{ZY5)TlShW~^_`K*JN4q9{%m80$2`N> z8uRA?<$kug7hC=Suw~NH@T5R$Ef*Lm#CC}CEtbl~!_|~HB0t10{mKP~ z!-i(hp++*dZ@8e?AYM^n)KjFjL>L>Auza~S6zrrrDad`O9uR&^`hA3CwAUF1^5GTjz?VoPNh^Krkuizdbe;Dwz5fq;Zy8i)w{;6b&;$}< zI6(q|1b4TD1eXL7+}+(ZxVt;S39xZ@cXu}K?ykM|d(Qdp_ou6F_wA~#x^=0FY~hi$ zri?kpT$Fv+K}!Wlxvhd7|ci z_w2RBBSFCBhVX&@fkY%1se_goysQ+ez2++mEoj+o2fZTe$wthwl`yx0DKs{+2LH_z zMPxl`{92TYwq8!zL5(S7)$J9&`NQfA;^KyGcUidHz~}*c$}h8wu)S69IG4mEe6GK3 zFS7>%-uGACFcy^(^lOManZe&b)55`(&<2p_VE(_|Sp2@>=eCxwtP zIBE$gQycqxSjq23?CW|tmju&!o|>2>k+rM^yI~{C_uju}n(zg(sfqvM?=6PO_wdI^ z=#QeGgy@)?+IypymaNPdM+iOc>=?I^%kwNxhxay$X?DyGKYQ+5yc9UUCpj~45aqJR zRh?+?XWepb_xYN|p8YnjPT19;mE1D$8U4(TP`EQ!cP440N7x9R# zEyk9)o;u17xOvCXJv-i?PJxqZ-V2U5mYyuq6w;*^@U_dJ*T9n+Qj=Qo!AXfH@GU(5 z{$7A;#?{8A(ngK2{@rUmo;I<=0=@et)%Uu)HNLCGLO!Dll>uxU5WUA`W5&wPqrEts zi)gV{$HVV8lQW4*r5Qd-5?8PD%G!4^ijQXj4*4Rx8u@ ztBxl=7Y9OXcV9135&L!Z@(HA-v2WQM4)A-ahz=+)%61DMFpbBgv&ajfTD+0{CpCQv zj~eK717g(JhM%Wie`{0w#fe?kKgSjx9aDay5muE9G zxMXy0{(2kaS|A^y=oIm-d$`mVfug3Hr9;IfY>>!mUHZ|jMtPe-@#Es=ed9O56b&3C zHEPE90to2&Gsf~tc1%9~61Kq(8gKWQRyr?OX4#nWb&Ym9J50%aolJg^ylU%S?rvp`%EFe)`*L)x6uLfOuY> z!@zH(Fu6#BH4(&cC(=ECB*9Xnmof95d$&)}%WABNCyce`Gu;KvnaVUEt48HbbiIC1 zHO5*GBjuMkCR_N~cT z!#JKHlQw$vw(dm}YDda`{l#Hp^-8>bfmBwk{RYMi?C2Lh_;M5eThn^fj?~jfg<7or z5A#9Ye)MgIykgqUBp^)M9Z-IR=K7PuXk*vlx1s`arFHS|P zpmDNBthcXIC-DtnmBp(XQxFACj57HHyNkSo&!rYx%DltHov7nlGdaFWNRcf~%#-m= zJs9f2+QYwoZ8sS&Q~3&kqq0K}T?^@9_{tmh`A-Fpi<*27z80qTKZgw84OA@uH?8Ma z?GJ6_{CCIgd&>-&v~T|$2OLS_t^Pk>2Y*?-L4w`RKRU;iW`GUVx4(ZaT^ykUnNC}cY8lL{9u$5C$@Z$ zWJ3}nSR<#?7F4FRtuj88gP3z!ky3=2Pd|sw)`k6WQxHt>aHGv*$naB)u&pRtR;@{l z!{dm|yvtAi*PV-H@b}r!?v^1&yohp%s>(Xl-jApePr;MYwZX^_VP09B^M5=-_1JxK zZD1UbB0B!&)mLuLfZRMZg+#;K_4x9v((SfnKCa@3G79%=x=@mn5!CmB-x#cVY)fga zWWxJ@MdC8KZPKAe#2r1}qk1rDDO_}5qF20y3SX=9MhXdmHuIL;P2JaZAI2((F3!ka zSL*)F8kjJ5FTJkWOC8Yb&-B_EI!CK%=1`om*{~E-A^0{PF|Jk~9GHK|8ln63<@F^Q zrRu(MCPb}!+#&-^BC+M%Pb^bjIo-+u8Gm~R8jhxqu?HLKn|G-1$*D;TkM6cP3X<`9 z#s^HRvtb*_%`LsvuYquM-x<@0pbXwGC%tC!d1^);ey;UGfg&w8p~B=*L_J4}=%$JR zo;4y}ue9>0Dkuq8%=iplaPg@~(U9K$h+3Qkl#L8>om7x|Osv0%-`CH^+huvkzVWr| z_5BI`-D6c$e4q@i5oonbX~VhpC8loDCS|$X8lwvv_mXJZBe{C5U6|VEv9EgOpCDvx zOwIJ(v)F~+(_1Oorah%HxB|-bw-DRXK{?mhl~%0FJ&1rXz%5veedl(>gzVjE#*azX%6D9DKA!!UOmVjsubNy8kxNQS`W+Z?ZWC~+@7AV> z3e2@l$!v8JJpKX>=Y6dE=EPvL&GMEaxs+(e5dP|xDRRJ=JXXc;^lpcsE!2>HGEHoX zVkRbx0(Wb$cIdt1jmF<%5-tOxj#A@!LPkji)Gf~6;h{b&dQV)%Ni;;b@h^3k>91d% z)%jUr+*~kEc6OH9N@3YXV!S&*-z@Q^F-~Al&D65pb0TNjsnh89dzRIfw*7UgqB+Go zv;9|<46ChcjJw;AUXsCEy>JWES#*pK#qLjwR~DI)jta80*QfvFA$67Px6`S1R3dP& z7r1-P5w-ZKKE(Zw+7gaYpkUA|ZnD}{(tUldKp$D>+ID6qQ@q~Rnv)@X+egp}PrzXu z7~gxb#(ZLk@{-eI-e8<9>Y7?J%Wt-Xyx+Rrw89zObzkl42Ly z3|6J>Mee{%(Gw%S;+W}bi9HU(uAh8igaSg01!Yz#pK?)>PqeP@+z^h;94sdGH?6{= z1%Jf1int%-amDt_x*J(G=s|%@144?K{u$~zr`##_)er-f@3epDe-EJ*)o6z z(RydduY2JtF?s%%<~tYEN)ysgEGROkFI!V_CG=(V6yufB{Z(rsseLit)q-$yNYc=& zC7mR4=arXvW0StsEJ=;guOUq|-Dpj6tTa|U^@5BHl>kxsz|+S2mmDj{_oTMc%?(XA z>V)uj$wqt5q!GV@$r-f5nykPm4VRdIj2Julvu zAZ9fs&FdnNhkCt!Sfl@f$8j2V`il+3Z{4^-$)>V_MQ=`1~# z@AzPnO09i>MRy|=q`SR4^fKwq(4Cifv*4%_+Ex8$M5YBr(KD|_%|~;RrzlCgSuVw4 z72h<(15`!##@*$c$M4+paWT9$A1!Yro0@;g12jzQ72B+vA}P%jAw z>m5A9Z+gd-8W+cbZdC3&{Q){?1K(Y-dg>eNm%5i_o(&ZKVj6Y%8ZbSKxs-L#hJgv`XV@> zb+g1z{kbiUZSi_IzQU0f?Gd}XyQ!<#`at*z2Hl5?46Ap-rP54CxXj*LZUZFsB9zBZ zKWI%81nE7TD06aiq)xj@YVt?QtVP8vdWSsyHf?CFKE9|GKi=hAaE|6Dajr2&DFG%mk z{9KIQaQr59!L-t1L=8$35bx(s*)}G1U7)mdlywbx@|`qy#b!eqf)xL>-(}UR07H_5 zlRV+Lp+VTu1zx1)!)ahyH^Zey>u$+cKB9ot3~y@auaf726H}7iv+SwYYBw)=X%e!` z#M6gnB&g*dp0`AgUp^zqBXeDr*iw18^7YY}DG4qgT?^F>+dj%MsUh}WyqEEdpTdzsLEKn%XtGh3my8s?k#KWmT9E&`3g4 zgfi40{NbkNfPJ#7Z2RMqu-3$GiFP@DPg0zGHn+Y8G_k~ZN}da37fXa6Y3rp-%j-zC zN-rv9)c0`)Gn+!m%YR(2TTWN9ME_p&ezRiaQR{wo_|D5j>Y0K(s;f2U8)PJnLU{7W zmz>O%k&(N18FTr_?2_x@kw#tPxm={#gBo9B)yDIXPOQ3lj9L^Q=Ufq=C%0$vU4)QG-c{Oz;-dQ6p~;K970op#k@?D*VjU)B{h}gR9D&XwcI5;6%4oGzXQvQV3zAqJ1fM-^paQ0X4l?t{LgAAcpETl0N zPWdlRuFePs&YI3BifO;I`GqOf_w?|@%B9lYZ_kf<^y~=;cfk?VaIC=_aLE+g>`2*D zP?1MQHy0Bk#xyQ8EioLY54`(xHO2Bdm_XWAXK4}Ypc+T*>a}o=R%d)Ks$w`3wK{l-zvHt!*6!)bcS@TNgOg+|)QA`FI{j1! zj%wQ*Kg3!RW|=I4VC4SQ`nct1o7ZCU^4X;n>2_cQ=LV*5=&eU_f`t6+S&o~W@QjS> z@Zt_6Sz&K3Mr6qa0o7FfNg2@}PofMr{Jw8Uy98=xq!WBmVaWU$2VVE&-kIYO2-4bJ zKia(V5_Y9*X!~q#0Xl4QL%bglp)MHq{ur2?n)zy&&SQ83i(cU=A#<2yS7ph*TNc-_ z`!IaVRU9}m;v4+|5(*T8JP|U?3-zUYcX`9OqwU#LLbjaJ+uxj@VC7}7fQm0I7m*_$ zPe{5~MZX(EjEoJ!(`{@?dttoO)RaT#K(lAM?LiOIuEmk1_ROyWhm`Jh&5S$9ouA40 zyJ^8MYR_1Vo2w7eq@VFrJ$kOCZvU5w&$|ZTnK{iIQUztFqh)&FB4T?HqeIBlTl8*IR}M*Ap2}M{F{!l%0}Kq7u_D zy024k#dI!g_7?aMku;swt+`YWJ6OAZY|$;#sF~TUchv0234aPb?j2&!p9mlwlf5wf zZk&HJtDxQH+UqspsQNe9V|%`gtZ3r!DHq?2$YA5!^oO^*N!GI=8TJ%yoHkw3eI9w! z8}&aQf)03N*K1w!46m4oOZh&@V7*>6V1|?xOoz}cdQEKBpAN2hN~z#;IPlMlR{lDf z&F*BEzOP||TJpoiIpUrh&d~TrK5^}EdILsW_OXh0R!fU^ z%#p|*q-@?-Q&`2r+{q#?4Q>y-6P21RpMQ|3BZrvi&Gd4AN!gQ1dz!l|)!p3Hea#s# zbUBS`qTLa-Y5Yl=vy)#E@_a|3Qqz=V<-Zj}q#q$?MI;P^}Jmlh<P9f_BUO?_r1t~~E<-Y__|!{Z+i%jpFO`nFQJ@Tg%=Zus*o7#HwF92X(4 zYI&4@(28@qX%%r$qM0_aOvN@SKYT#*lw*sm$cQsMkv;x1d&`x3oy+wrgbiD=dbJ@b;9vZxu4 zgp%q8(4jJeb}13f&CvO$CIr8m47eWe2R~n?S#k7U>ywX33&g#~R2=BcuQOH49Scun zA!_bMk&YuM3m`6vFtUD5HCg+j)Rq0Pn!~cYr)ou|=w`rSqA)ni!HvBB^+O-BI;>2u z@yXi_}V zLc>|ajsS(D?zMa+#~a_akcPDhqwsmb4Q!E20vgI0pX4Yz3MM8~3XT`_6BnH;Hm0}a zk*CXWIHT53g$3Ch@AccT57k8*iI|Lg z5@O?&L&qT~E#4ySMN(F_BmGiZGRoYanjYN!mN@^@3xL4@(v@Fzuwr?&Cx_S3pHKb4 zftu}_Xz|V~j{fD81vLz9V|bQeqX>>+^Di zRMz=z3o(=ez8TuN=)ddyf;>24XJ;b?ED8qWy%_m5Ye~5WamzzgZ~Q(&xWzXD0z~FKK$7!R&wNR9+qXRy~z520Ctx_768_hB3q*{df zW!wn1>wzgTp^pZR9M_vzF$)U@p%8*U-vY7ZxTvPG&+N(T*VWs{H3ofYEb5X%vl*Gn z_+$i;)P~+^tr^~E@`i7^EL=N=*J}4Wq}u&Mxn7@tpCZXq>;ouOob;isU(`1}TJ0m7 zzs_R`qj{JIwPpNUu5M1>Aaq_7L4xJT9JteT(CHWVii*F+Vp8=Dt#oEw|XmiNRnP zWh{&oTd_NARMa47Ys(5Jk;uAE=XTw}=V%Ce4m#Q`}`U{RkM`OM`3wA)g_XRY;1Bw+CF6CQ#(& zST$FLZALZMYn^xp@QdY!6TK=5|Jiz>=I`93js8FaOKkn1FOlmOHgx` zm|~@I4;o#4Gx)>b7ehnUe>hiDRu_T&Zz8*92PmI4r-NKIj}Nzf;%FEcT~H{#nVDH@ zTU%d0KC}Kyy9I}w|Nebia4Y?~R?(-=o;{=08-<}U*pFNi^a+hpm1!aUMsLIivF^S; zQaZX&Oe)!^_{(KqqFUr3%>SH{uzEjVAlk)XtM0H->*j3x7o^N)R~C%eGK3m7(y$-p zU#3PQC(Q^L$|szj$j>e1PX2WoaH3?WVmTOy074$e@87@k`@VR01-dDwD~#mgbvW$~ z_7dde<%Pl8%em%-mYQ0%n}OpTz*6UD^Fwp#0crC6?S@onti zR~L>yrgOjZ9gLL9quFR?&wro9x&j(S2y4ZEw1IG{?b6Esym(a;{&Dy}m$*Xy?7yiD zPiX%0zG*uDKTkA)T~^}%`MUrA&B)lR?xQP9twg$#Jw$Sc+;63cAiP=r^BiY<4FC6? zOovy9m=%pu-G)TDv0`Knp?(1Bfu}Qox35$0dY}|K8ZPt6!BNhEq zYHkC!hfPwty5to`Q`x{7&=DXjPDmPn95s4&+H$PhXJoQM$WNVS1-x8-QLt>*Ti&Oa!~S|VSej2x_r&Q@!3opZUIhiIW5^->iL|NWKE2*u&D zrJk9Y;l7yGI@=!eoyeDq{gff#`{HkxLC1TRobpp`n)#TsC^o8WV8T@8}in+D%; z*#=ctvrEg!93LGm#VDDA)um5}h=|~(8hP)}#^xM0lOdp$Zm$e<9X?!CHNhWsV5^0N zh4IVEVyUXCS|7~CgTaxmGF7p|?E59tSid`-CjjDx{aU!t(dFf4AYG&SU=j!98Y>XV z&CLx2#HZ-!))GZKbCfizz0AhbVMu6LQF)P@i40oE4-XFnoYsEpeX*yDj}O?9Jzt@f zCb*o|AHhZi;;FpJMU6LqNB0-Otcqr%WSDsUgPOvcQD+GU%!1D$r8hc1J~CU$Dma# zPu-uuf|k~MzO1Z3qgszsHlw`F8)FChF;Dl(h92q>C}70g_p}a)1?5Pw{+rdaUBy&C zCo^5Sgk*(7!d0(^xUO3kYZ~m?JX#FvDrxf@>OR&-{_#X1d8R_l=Q}FOKl+_VG3dr> ze1r=V#xt)9TE>cqR=!KVB0Vtj3$3CcI=J%ZYqE%o+q}a)=O;z><|L|BQ;3o9tWDuQ zzZHaIzPMQ1J$z>Gy8NovF1JnVl7)<7s3padPkT2_Wj zuMYPdk9i4nmFjHt$BV}^ddJWxmD(Muf>Dr!4K1%TdreJEfl^fn5R{LAC#)dvs zaC^|IP~hu~+TAaKpCj|%-<(rrmVwL;JFbe|{I|!4`D^J zbb!rZx|jr*8bl`|BBB>j@dW`pzpbrpv;!qIwf4?<-gv%Ts1T9M+us4W#uN8|lwEy3sgx&Ir0Tt& znU%$0ccARy=?R+$zPlp?D%k>J3W}Wmfl{twOPA?0pb{#9!uDG z7O4&d;WEYXx$$BJX3bjVJ6#?yn=KHSBWqn8%=ZD?M_GD?h;Vgt!{~f<#OPo+SIq$C z@$S6Htpf^${?Y?y6Mz|k?m$8Z*oam#hLuqs!riFbK<8E($`bl@!}X7o&U-A+ev zZmCmSqsuL2vYcbX)n(J;KxZ)i_E-*v$!z&@)8joIY}9=;hU@IicyG2yU%!5>>>eY< zcOOOMb{9^OV*dmK0|TrcP+q@jx}86yrCbD~rXFt;K4Ey@(FL^mHOFlJK>W2-O5L7p zqOGwkLN}-KPjCp1@}JmEjt(XG=+9EDXwdHP;;YNF-obGj*&p4tk~$~aB!mT`ms_L# z71&SEadQ5Uy;k=4on%b#>bUOZCQ%uWS)o{w-k5x(u~sW-BSdFFl})2irY#!fcUGd? zQUQDh%GGdb-f5_9{*2!M zPNKLxpzd(ka7oC^%Ns<*my&2|NvNf!rdDY>A26U>m+4Z!UkO#-eg~r3KD0^;2bqwN z5Xa}UwDfDRl@>s-5m8ZJ?d{n?yZ1TPq^Vt{{WEm*OqDv@=xmKDs6v_U^Z7cvO)0mV zH*gJ(=PMwv7pOKQxZdB?#IPg|!2S^~YDakCWg9 zFok{)04Ud}XlS0d(f1;rfP}|ocaT|JeB`m&Td{I?I;>f8G;36JJa4yHvr%O*)@d{7 zU~m8O-MfM1HeZ8<`fH@2LU2fgK`hv4VJd!y8wYnex_x|n46ODTL@BUe7t_&VwS`u; zL}F(OkJHvx|t(9e>|;lh2g^2l_dU7p7ARW=pNxu-vn|D)rZR;52rS~-}KOt7YuYB;ue)p zKVzBmuEFcn7K|4tM1q2k!THJ@-RYtrKM3O;=T}2RN`Rl}##)<~&8uBOmX*=HXVM$| zE-&Bh|Asj(FfUa?_GI zlF3IWCo8FscNBHD`>o67!})S_s`ks?yX4(ZHV1EsT(8`RcyG}`2$Pe;GoSQrZT$jr z({zaz3VGyHHMK=C&Z@s!ID+w
    ~l+>_zSp3CtEq3eC7U3ib93BqSuU^{EGcvDwmh z4xUG=(7_5$Fkni5`qqKPIh;?(!2`?0FI1}1o%s99c(E~gZcf?f#XHB5UA3TE~BvQyoYmimZh_(A9f?RjZ^;Y~3GYYoD7S=MFpWg5!lQ z`=KM2JL8|4uYInavoP8n930><6DngLTtSX!9P`B>8kAFW`6e!oo*@|gmw6zZRH*i0 z5!BAlR$nD?JG}O7TQ<~mTWW?^1vT{49higVh)xJQUjxWjC;d!A)vi*aqUj)8Tknkf zgBd;oknD6qPVE%|f%6EIZh+~hOOmLPA)LK~1B2z7Fbqe+wyOcbc0){bS1~L;e%nz1 zeXxWP+?CskKZWw6*=)H%yeS!x%h@Z~AGnm16j&KRt5RDXk}+ev0ql|D(kND1PAP*ck$tZ4TM|KDTs>7yfdxsJ=!NV z+mVrx9bV93C;c2raW0Ly`B=+!hHbJk0#3Z))C2Rrc2ZBj2sw!ZjcEVQe`?`2rE*|k zZZiAgTNWlyB@#7e#Q6Bz9Nna1>@tU`rwdoavGHmOumQ|m z#jQIgTa8x=glY)${rx@6?5_cpAm8YGjdYpkj2#Mm9l**KkbCSBm<_&wWTSF>2Q0)2 z0Bad#W%2LdUxI-qBPUn2Ow0Pa`t!!=nr{tSVbsNQIVa%k>>Lk4oC*Yy9#*AUj!Cfn zC{pDCZz~r@iUNOpN=HWrH`SDNP`&!X@$z6`vQSAxT)beoG_ANeOtr!BcqhLoA~{(C zq}=&h8(`l%L&uKiI}DobsDM$p0@%(0pu>1>2S%%n{uaXuS+1sfPMe)00GfZrrKF}F z;=R0amf}7}1UX+h%cdHHWA4j2E8rFpU<{59>JB4PQU=HKWb)@zje5X<9G{$|1B(Jd zG0I>bksg5BCkO}%rP@!yqXw5im_(wzpZhBcM!{hxFGsm47Fo`43gR--k`TB&=xC9V zcd+n%=6vPuR?cR&%53QIe(~}6d`hjZbE+oloK73mZ{;S?$@ANDdcO)F+pb&hU!q-O zZY`;y4dD?Q-`DOX*6%MSWrC`^d1G?{&vB~ov$_>iRXIJ=UJ7y&3-S8Wr-&ww9<>E_ z@ktB4$hk=GL1KwyMIEBQrpIh!3~5;J5DZ^U_t(r5KPtjG$J-uYADaUoQYRUN*keQdfU1fI;QN^sKv&uCaNx$u-ODLUa+&v+Vi;6t34(O%L8Z z+V6>pe}nW|oiOWZRjioSPZXO~YqKi|a#;S|YvDvz6a6X3yZzaUeCwbHJQhP(snPgw zV+1muZdp7CF}0lNKcvFEsqh=Cogpn#_R zRA}TrW1J1J7a}t9%I>ZbN%xaMt;uW&d=QER0^qmzXwE9gFe zjkC6C`1r|NH1UC)8j58tGg?UsWXsnp%W5+K=7CYHww0QwK!U8 zdDh}>qyQTfMEfCkN0}*&C+JFQZ!g^4Y`5cfm~G<2+rZj z$toL)5eW&sOD&!=0P=r0%=xDPsC5$1nF<604czp{#skvPNgo{(*e;TBOth~KY|sla zh%I%sNnkZm%r;f|xI_i2;0&2SEVf*|ycWO;$(L@U7&96&BC)h8`U~|O3=9m@#;iM2MMD&+&R+of0XB%JKAiR$RQZ7*-$mCQ z)CR&J0Ibdfi*`C#UYa@pq6W|c_j}GffRO@7)-z8g#}WYiC&dn@y3I5D%}{6}80!+( zdq)`LHWC4AGHsskC@tJyE)IbpC0}FtL8~)}gn{7|;C~;$c5HPq9L`tt;9{I_wsW|T znh~&*7eRm-E>hzI6e_SpY+$;20L(Z)TyJup4GY8#Y&+aPXH3#`PyGE(j5TJ z0*tpG*x+u$WT}oAtLa>KqFJMeurMmXRqp}F0u0xDm|8{+C~;6xQHeo04$z|Nc#RDM zEZr?L4FKc=wH-yz$U=XZ(uI=O+s#O7$jC#ubbMo(|=1T$4cYMdLtaanCh7JD%=JCWMg{qXx542&S>6Z@GXA% zMSc%oih*R;Z$<3>+xz()nN@PX+bbbfmu-TyDw+J*yX()XXb>lwqq8&Z(M%C)g;K9* zDmiJ8?M^oaaKV<)pt^=9W@nGvOm#~EpS*taMgWACr_Z0ShYJzroiGgo;zoUI_z$&W z`Ig@LF31}?tzJ(Hlxrful!7Aub08KC4x4GxZsAe2#j5>gvYkAr7Qw`%gQ}4m@O6Nq zY#cS2EK*B#I;in|j?X#_s4hk(CWotK-#%xNTtEgopN$BSefXdvorbgo&I*!WslgaI zC|!F8*cSVV99s+_Ml9xpf@ zMqj&tcz}tV+JFP_JMs&HZogNgFq$OQ_2v^k*m%FI%NI~VXX#Bi)+M{KQjd2QZM}zD zKrOM~&WfegI0Vv^DK%l|`HjfSq>MEp4$I6hkuLw1Xu|tGYyJPNVEm&3Jgo|yb*m^N zp15MHy`LEL__v^=l>6;}2r2eBJ{rpV;>xrg9UTN5mTQK30{_wx_qPyEoKZPxzx{yMKMP8tMS*XNT2bHi)e(Bo`E8OTd%Z7M-ms z%B1rEfxcs?_s>q1YYA!meL5%YZ=~n}U4o23*sm4J)7eMYB<|>V^Q$LtKvxS8six3{ zs82F+^ct-?7^-9x6lHFY4}A%O4j@l#fDIQ-=R*Kl3>bwK;Hypcb=a$-(V=zyNnp)P zCK;Til@)9=1K`kL2h9~dvr~XOV7b6T4y!0n>jnguTARf_CiIM6qJLZl*7E9jP_yY5 z7^v0af%G`E(9rem*Jdb@8$3ckswX}1`&QirYyZq9eRfG};VbTTsH9upDqdUR|IR?N6fq7A8urFG2CCgh~L;<2$+ zr6!pw&HcR}`vKc@A69q3fo2iZNfWMrcon-|3z5;!vXJ}{> z%*cCka%3(pE|>}iQLbqfqigUA4t|dEfl_?B5c>6} zMP0qk=XnyR%`@*WEwH=+8yJxA1wgGWD=Q0A=wNvcC=)Qy0vM{2ii!^av4G03GEVaI zXLu=|^S7`P9WW7{>h$!cbL`pT@zQie0Lf`?k7m8a#?Fw=t3GVJMMXnf-I>S-Pd*4o z15fYX*ysdS>r++52IueZZ#-Wc4fsn?1xoz<`4*fwcr>2f;ytjfJ0K2r4GxCnq&Nlu z#14}{M8(8**EhkWgKGYf_`?SzKmq||0@g zbzq&{A&iXDXU0oUPd_?6MIa_6^#uC9Z-2kIva&KDKamkoUKE&A4MYQhQ;q!NN7M?? zh8K*_fEPRsg`NTzwF2q-1SGX%kiEhZ6Z;NbFS%0eSDrHCNtE3>1NnoDj7*&|9!5_e z)}Ox6(b18hg-%+0<18J(e)|^2lmb9x2yFwT1yEY#m6WVNT?BN_?U^zPFi5mOfkgQG zM4B@>M5iz2$IqYbKxkmMTtls_tc2-<)M||c$&y_l<^K5iHVBU;;QsbfMq0XcuEq+K z1zeJnlGO6WzX51|4F|qP^l;=m+f}hKl)7l#XteVe*t*2|i`DI zVZUNZSW0RWK-wTeo`jA-Y%K$W9x!Zx_FV=rWVLLFR|^0MAXdG|80iLCd3@t!dS-?J zXs@-_+b5BSCjccUj*fyQ#%e?PMUB0HlKH2+2Z|3aXu*gimso)LSCL_tA;(dQtP&Qx2Fw)tY{0hRy`Cs+_B<$z7( zhxi_^r9gZn1geu5sBZIhAg|uOZ3ok4VQC4IondM%>>j36oq~av0XZBQ5cw^D1AETg zG?bB%;c(P~0>)DVd{#)s@VK~Xh`Q=? z2WMean3ec-k`13QDFTcN^K)2<4p!HJd|X~D3HGc40ZcrR^?9_YcYZz<%*hNZYHj0z z8yx}aqs)A{b+%aotn>Tx=TCJ_jfR<-l)nDQr%#_sn6`na91!pfh@Bv$=p4+|1UuT7 z!J_E2@JBW1|z<`pt>|Rh&frqmo z0o@&p;2T21!B%fHsPaMfi56qLu&C$?@bC7P7Wah)Cng{|v*sws3GJsgH}iuK6`Y*> z&fVSpY;Pu#>!2DzNl6J92dpb9Iy(B}+h?#T_rV|v@%BanhL8i!?cw2p)i;*_L${z5 z0$A0rqJjlL0-*KaWsFQiD#ucE631TID1QIm42pZezj3^H@dDNhV7KUkjg1{^n+1aC zM@q`~q@)OdzW@yjMox|6zkuU|DoUY56A5r1>p%eH!QeT23Hb8ADjWV3DQQ5=tZ3N% zCv$nd+KayN=`P)xqrB9LixLp zh5+k6Fg7;cu~{4%7+42&vL0v*;-5$c!Mhp2l3K0?U=%@|jF_-aS zT&`9!f!QA%P1R|i1#FOy!=Q;6Ng-uwIRhqq0qpt$$Y8{u&yy6bP#S8ig9NoQtf^^e z@^W+4!L04g*J1x2$q-`0b7o;4Z*-8-MKB>h}WOpKC>3J@t^N`Nw8514?DA3x^K(+!-P=YFy> zIypIkX(PM)_~4r-r>D>f+u1T>BUjPn$?_S%K2AvDvlzbpem?o9(h-#R;6UOj-0=Wh zJe=k5mDnGz2=+}N0)7y|2zG6NdcMi%BmUP|>&GK1n!*DE10VmOj0S%93d~v>rTOp? zZK+^JOKU5zh$q0H;j10bDKRlIKSqnf!SqUy8|;DF3#(877u7s76OTgV90oZ3%7j#4 zw#%EFT_D7KqM=y_DM$x|0$3C@p&bJfydhEQuwezPd^Az5f)o@`gK{pO(}t3RgQGyP z;u*jb;0=75I?Hv@*4EZICcPIiF)1 zO=+2#4S~WB^yMId4n`PFUlIEE4hNW9;q&+9HuXsx*5eNb`QUU5&ZiQvstq*F2!OEg z2$H@5BviFr9Ysn0}d9MPEIVXIaL~T z3JVJppEoL3o4Y%lZXAOqnXs6cPOqnL%&o1p0jN5Uv9h!48Xb)|-5h#!*827IUx{od zT*%kd9UKEZxk=W^ePeCSOEhZ*kRE@4|G@~o^z`>|#wI49g=Gy`Ys<#tqZtiqsf9injz3g;Cj}a2IAN{C|QC#BKY`SCHl`cMi_oH#iE;Q$)_0c1G9?4{<*UtsA7 z7V>5*sQ4S|rv}uNiicU>cTMD#Q8vhV+5N24l~@3JO{RrD|g^IS}L$00Lpv z2nOF>7{Id$0J5&Et^KT90DuVihB{ylsFkb30LRI)lLt~f%%WlV4%UnXPN6%V`=da< z#3MKNBdi%}wyMSYa3PsQz~>0`A6Z=NDS)IL3i^tG73l%EtK8ri4a?;wv{R#5Vj@yf zhhc$NfR6bC@H>kU7EE90>k9;Q3`(wJ=6fJt0pdp!fE=Jt>cKRqy_qr~U9=Ak6eVF|!u1FVFv>U{j|;db$n(P)wyl;dAPnA--E2v8o#^`}6{IE9HbpeQ_z zZMw_4SZOfj+&>0rQ;RjxVIyAes*CU8$Kk8U%AM}}F`wogGN^ zZql`&MM@XoUl^3`B6JD@`t9l_czC4ux4>Ix5b)*YlK(n!5_*X!!o(B*_ zrn|#qOC9!@3=2Cuy|b+mKs_D-i3lcR((4bWL6ccX3@g@4sGgSp%eWRPana@cB(=d; z?@m)6wRa~AVJIFn)e47wv*rXCWeuQHBa22@Y3KE_>DOq+dQMnf=@--ySIfP(|9VrC z5eM?G&%x`jDB=8p{~x^iF?WD|M>$^q_vb%X`p?-7Ml-(s*Q<0-;n0}W^wJaCP5%FS zGuiJ<|JA=72fVjM{Q7@`R{_vu_eHOAUHAa73&Qk*YRn%oz9pV1{F z{8)w{)=j9%rrP`8Y6e(foNM-dT_3>xhQxjSh1GxKZz$`FN%S)tGRA&yeqZul>lMb& z_~&!_^fNBnX1p)PtrmBl)Mx*Sz8tSa`|7IEw=&TXKc4k)l7kmhm*7?%BBAv*)5R*9 zEo4iipY=1gQN7z?_go(B6_ib8s%kj8&0y}*;)4{;wm_!RK)cab>b{PPMqXn)xt?tB zD9eY@0UP7mk4G04YdxRlQLWQEYT@7brz-1=VSjLz)9;-8A#yZ7AIH`C!lq%JQsj;} znxe@I7=df;qo-8c@Bj%j% zGnIdwJ(}(rhNu(6kkx)SV@dsxy4MOA=U-!bBSZ*1|-Cw2dP+3CFO5w+{mHj$pW4sMhf*7SGqammz57S*vMPVmc zL!~s_t{2_V%Igag!n94K&j!DB#-aCN&JqeOs`Mmpe0=wdhYEqazw;itCTTb2a~_tB zJ^mifMyn?1t?iKMQx649hTHu2`yTZOHtY9Z@R&|;00DYnm9?rB?yFkuMKkRjmN;5Y zX%`USORM=P>bC%+&0fjx@&v>b{@rD5t0$w5w(S4JRWw&=RIM@tr2X}Eckt`hV)$wx zT(wHh$tq!m`!|yOpy@^KUrid~FJCw+R)Ykd4nD^D>eCvo@e1jFn-t?UJBHfQa>O%R zU@_iF@9q0j=C`uOamRO*l+4ci(yqjAO#+h5x3tv~tKPO}#!(hH#@TULB%jV;ho(#% z8dL%bi=u!1L5IDr{4DFc_uwes5NTb)&;t-?9deeG`Vu_np754e&uwk*OB*=Aigs>%a+>vx|Z!>1ULp;==#hKxgY|&x-#jvMRjQ@e;*PQv@ zcI^|3#OWjjstn7X)vhqOddQEnVPeo1*zI^B^VsgmY`R+-tmF#Yyr{95?EsGqdw|eg7uq z`i@+~_Q$XGm%FjwmWz=622uWBNg#m+Ukgo_>M8A2V-ewbIh5_Nv?_jmK_fSH`E^t9 z?fuEDjGYyUy?@pKfwZ+imeo>d)aQ8Zt!DKD%_euLr%x&LV}#R=z?kt2KBZ049eJ}C zv$;QZR@WTXIHgkOi1D0wa(4-1#ned`W0BFw9XL9hYF|*U>c1K>*o1G{TNogSBB+5$`3EsjlpJCRq1ob zn<#%Bq4!TO))IQ#D>bIW*o+h@33=cI@d|OAtw-NtVPntfs?hr$Lof; z8(j%;Uo6a!+(Y76ZDLk>EbkQtWr-roOp(n$(8n5a`0LrnQ%28mRZ7o^!sA3(tkbh>e#l6bfleriz9A;kV-# z{bUVyx-{7x${l7*Y-8|giUjVDXd1jKVdlgq&e0Y0QFG*Vyq_UM*?}li5>9@IWE$)o zRKFg|Vw%CI3*i3i=bJ!yX`;Y%3pe<1L0*)}ZVM!gV4!lOvqQ(PE&TfK&^?i(=!#2V z)g?}&qnoq9nvv$FeMqIY0K|-PgZ|?WHvUY03GB0M`zk|NAz}&#FHY}(S8T^Ba`Hv0 zg3SZ8X8}2&9eG9=vx@U_KEJ^PmU%<0o9YiP`(wmE`I;gGBuUBnCQ0j*#I@Xdvv#za z5B%NK{8~eroHB(3K&TSnZdDuJxZS$67eBz|_nvYa+HCqDG}kuA>>hV1^0`nIRfFzt?jFXF*N!8ABW#t0 zppgv8n{b)(4&NDFDU#=(lw^2k@*%UBKrnkYkKNN#3lo7!ALn!Z9d|Bn+Z=O~T!ryrX#1?OnlN3mad z_xt0+lXmj;M;FWUqa>N<{ucXeP(vLs?bvWmGF3=lZ6vA|{-zSc@hK4QtisXqJHxdv zT+t{!EP;vs;a?S@t;@va1Y9oHlETU{ZVdfVq^8QBA*I(ejE43`o(OQXu*eFA%2r!t z0J8^mTfef;@#!qLMYoB)0iQbhb!z+Aq1EZl15i z_}N5f+H2WeFbgdX9O`O`xy^w7st8F|?d^R-WqUv8{VvDO*bYxM#ICU@Ndc_C6l#xl zmb9!1iR>Sh>?I|aZs}{Lyln0nmOClaO!hBhy`5=G2$jw z1b-V#kURsx<^8*O+=t5cG9)Mo34?@#uG9{lUw%sE54p1iiNHEdlDlm(JEg6d(-+43 zhKxHwt#)Q{URI`HdaUCPCP<1nR-{wK!zoYbOP}}YL~n<}DFeG!Q=d&t_VSM|qTGR0 zDLNf9EkFFk#PAu^@RhbXe?;byC(hIUY9rpTi^XfoeBUgLGY0dDHdxJPg}t_M-)Ra> z=iI2ItSl_Zvo|L6^srPsVr@|ZE3A(+p>Bt38H>*Ys5t#9Q)dy%AIP`9e@UWg2f?t~ ziKYVNSuI|K5(`ZW3-X)hcYs}!UsZGa)}*73ouJiA(OC;9;xh7ky^p?xKGadNa;E~4 zI85^U9^I{EEOAZPd?;(;r#)VGEK@*{B|+crompdY&jT1QjQ)1Al@_-Hj~Ms;2X3w|AC= ztCK(sy^80vLc_7Ri@VE(sD@jN{&b0o|1+D1wyg}!wrq<4SGfF$XbpW`KUkmrdq z*)y5jiw>o!s&)ygN};N%?@PHCM&a~k5u>G4CfK!)uTn2zrN^5HVlDf1$EU)TfRja= zDkywaRlJwk#{DI00M%Nbg)*;oRpE`({t-oB^v2uzw`}hJ&IKSK*qZOfvebH@&2q~KN$L&xs z=yp{mFZo0b9lv>koC-Jt-gj60NK@Z>gfu=m12Ed*@N-D71zoY&%wru`&|luybB{LRZ)uOr-MRF-jj8MNb*PL-*$eJucIbjA zu-INBLV%4!qj4~j=eo7=^k!v?D)gO$7ZOKTyUqL&o6{|uV_s(p$c*s1Hj&1pDS#N2 zi3*go%~fy{3IPwwEtR7j_kox&ujwaV?yk|b;%g6MF_Muu#K|xCor7a;Hp^BKKM0O>6TE=?GiwMLmvU zDD*_=R<{SHly>5j#0fNT50~WmB#;KZDwW-gOuxu3DdIEEqfUO(z;EJuteK$6PnZ&< zd?bT>pir&bJSv>s`CXi8yKotNiBr?t_rw|s_k`lhncr<*Yy_|U%RlFURy>W1#Y_r* zeP5`j5mTjH1R+z0IO=wFGK1+!PejVOj*j9Hum?7@n!!GNSuVGjV~r5B1Pg-f&ecIZDs@VW=P#-Ug6mWqpL zOUmW4mWqTUC6l9;Yh_Hh{a3W?`=N{&OIoC;$Cnd@wv*#EimXWNx$j-jtKFfyN7N1- zynxuxN-{Tjx>6$Bv8)DJ;IGk%;|6dX?VLR}xWl{R*Vo*E;D*KY&QcROfA2JfOR%)l zVoRn)$$VB8JSH^-OxUt*Q2(#eI4XbSUTiehWAF$Q;YYf=YGQKWwKnB{Hk(~x6hbZ7 zNC&j0XOtp2dYrVKU6-m5TOFTg=^wid&l&5iq6vvk>7n#ZnWv2ct_ zySlFMEN@*djN?$Sd!ANp{RzJG+>O_fgSy{(&^KS3?MlWZPjV==TjR?f@U7AxvQCR` z0AG;iSw<_agETis&Ky2?hZL2`JXY||UC?>HMXQR}faa7lV|J5UoWMPV=T_MohO~Va zSf;sJY^b2;cm~=@xAAR;_McigWRzHm$P%LC?NxL^>E((NybQT+e9VS4i31W(~}b2V5m5Oqa){Tsvbz!{Y#RdF!32!FZkZ z%ip*-^qUULlarIL3Ol@SXL=df<#-Ng^#C z(psF;eW{I~M&h+9tICSQ&N9H8__gp*HF>Np8B@J;-1HdcYWSP>JhZW@L2enLUgp*e zNkdm!cL&AUGd22SjqY_GKt#MU-rRnwqf7lqdUmvZsa-3Yr@DZ%z?4yREda&^-f0RO zHQr*-8o=7~;IL~#5(ZCqMZDXyp0+frqJr8)8;>G~5r<=^?@f~NpwF+b2_pQebhj0K zV`|6WUB#TPv*^fd(8z-R#}}(2$f-03ZLO)bd%4CW*eKJgKJl7)K)M#Vou7Fn_-73N zbNDB5`Cvyo=!sN14{T($fXfnCWfFwLkCNS3Fsw0h&kG>Wx;)b_TFbQdjdG)%R-029RKX#$i_ zoWs#xu?Q#+vvnVJITTnIZ?4J$apA4Wc~)%gMyq|I?~&5$LLI!+;p74D)^&gc<&eolQ6W<<7o{n$LrI% zBl@=8lUYwWTbU(RNl9h{8VQPR!E2obMAO0QQsVW-g+CA#i;!_jBkn{2lMP;Ja?&$R z=1i_g!l$cujhOr*u=rWMyyC36J=;Al{P770`<(I+s=yf}Si`^S@UM@yW?=%bmzDb_ zSpYJDrNrD_$m!U=8ua6o49Jul15|cjhS93QI^#!6H2DKo7ZcZ)K>{UZB?syWlKs>C zer#*FRE~OdK#{Amq8fZj%J3&ixUv4vZ^e0m4B)84zG*4qSs z{2?{4oVb3-qk$l^3B94@wVFO{O+MT6zof;qjDVec*F;?BOp`=xRQ5;CiOspusD{5dY!gi9z*F|fpuZ9he`<`jssEM?Ekha~u_6G;iKj(Fp6 zjfJl&)=qm8dTLNO9Lf*s3PQj7`+;|@dZzzwQq4ckB|F--41Q7<$6Ocwol&wgY#!ck z8$;E#ju+*vFHDp*{g$3;7xWhIz3d_tP-^X74@rrNOAuUH*r$bmDp9d83uH+o&8%!B zEO|M(Qpq6EEweQ|LxEcL7KY>L3O9z5-8(hOq$qp5{f%3v;O7*)tA9Z<0-Hv(5j>6~ z{ksXCftYNY#RGt3SZtnoBxes5FeL9x&i!Y+t*q_Bl&acT83LXcG-z-cPtxFAe%_hy z=Ca!A#R_d6Tj&ImR}z;m0XZiu^H%d5+Ez`j2f07IFLm<7+0nmR=WKThVRi$Oi?(U2 zs{T1hV?=_Ij2$4^d{{Oax z(ZmbcBrGO2cs?2Ue+9PvApOt-uqxEN+v@%+qY3m>H^Dqz{*w^+Pe2+Jpw9WznNUPHic6RVVZKE7S zfBjqf0kPs(?%fr;b=Z5|Vw(DX&fQ59D2m;?;zSM4sEijfO4P(F-Q^|NXg>6~>A!gg z@cqgKY)b5fj_>$Dn|i#RWbs@k)xevY6vv~Bt&L=FtAq6*Put28q>(-^6zmMZY*S`l zNG~^O6Z1F9v+m^zrt*Eau-l%+d_k?VJJWp`K ziTs+_r*}M;R0?;l<7b&nGWM1|VNU=7NvGU} zv!_fPmrxCahm*5AkGd0?R9GN?-Zn&FMk<~u8MbmW=2!A zQmJ;>`;by=_(jtz6Iw5^+oj9I-1Dbgx<{wjUYl@3qc&J!+snE_=3I@j{}gPB4*Cv7 z4GjFPf!TKwZWr4cn)53N(Qoz7(<8DIh@W@W-lQ?_j2)R|M7K%91JEn3*+u6le{b-xuK)obCm}c0d&He;df741$MemXki?IfYom(X zPoG3FJIgfnk=qDs{Ge)W_q)Oilivo<;`=}p{ce!PohM01HuTKymJc$~jiGCmDdH1p zcyhuiEN)};FQ8<3r?lku1FX+MPg*}c-8JLtZ zOC-dQv)zu(@*@_Ea+C+K?sv+>6w7$09faffL#j+qY5j>8qsdaA-njeP$YT}M(pu7r zjTtB{-PY0(lqdW}dTi2tVA*CWA$!3l;n}+W5;N zqVk`&15Kmshu##W21euPBB7~oc}bmPCnb7U_dd|;gh9LSJs5s|s8y<(1Rmpmh^1%d z?MAo;8$k=X2yRav11*QFLYQa z@A3YLqbz=`0DgSEwrrTyixBVfD*#aSQ2nU^pDKn)^wA@e$%dg0Ww02J*OU&qsk3*2 z1O@aJL*w`k``)<#;^YSBlEx>}`Wc)!D__x1Z7pB$6Y%?Ef}HMlS6sap_o8#vew9V2 zZI`gu*p)^~E=8BRxed=!z;_z&(V!~^IZ9@B;*fM=W8$`I}Bc0!gW%oV)%i z#uNv8mHSZTHI0s2wilM=yCv2qpkVg*&WNPbQojNxlUKi;xf?~7+rFWmFAYN#2d6Zy zk7Z}W3)^1&A&5&%dMUYNyYc5|pOlGj_%yALD5Ne*usp8XT8aO@k)J3|eAI2alaEyflWOS?t ziDsKCI@lrXGSZV89Xnn{8PuAiwLPdl7Cygxa~$ZA>1?`&`g^^`HGAO~`L~=dE=#e- zblWOA{a3HnPU@umEG)MH4m~ZIBn*g_wJiMGyuN3(~ zWlr>Vv6slk(++8*1xB-;DLQB08V^d7I@);VeJYM`k3OynS7MDwuIFZCd_x!L-K!$; zwuIWj7!~NO4J*(DFkQpD(^G=}Dlik?40KfWWr)~ad2T`9Mh~(a2Ib6xQs)2Bh|*TI z&+cu4QpZ91uA>B@r0n<}jo&rP8u#Wlo)}nDLvDZS1qcdyBa15}Z9MxC;CE95nFDcr znaY~%3|Fcl7DdIXDGSUhgyR^g!!?Nd>fC9yr8;*tPEwdIMSG!(r=i8`JO&l!aU@on z!kf|bi8QM-1{C|KKb`Q!89=pQR1||thQ1thvNb8jhS1j7d>kQyc;%XJqei4b<&qx$ z_;64Qx3o^fO-Q6S&joaTHq?cT?hae!;h}e%cILO7i-3%VlzoK4?M(k*TgOzeJ)eds zTXS|mW=G0CBYzK*Gv69=;m&(E!Z_|>xD@s%0;61yIykQ58n+evUiiS6CJ*nIFxIsd z|Jv;%YA-Z5yIq+jg@ev^P$xTaKI?*(@6x6BbjE+OQl<@j+6x%#DsiK^L!-yu4sbl^ z%rkAL7SLtki`hF1?8~aujr!w77NLlpqy5~IW@H*rpYhUNnAp6qC0_#=EcO<(<7|iJ zRTsPQ(l22C_@g&4jmuc=;RUv69#hS~65u#RXZpND1yB)@pUC z5Yi85>h8^Znet-tw>{(vA4xan@}BZZ0-lB{9gAHBQbSV_kypN?=^o=t_4Dgdr?-D7 zqw(EphPHfHd_XjtVci|!artH91MA-%`4`AL0v(4!^mi+31khwp8Y1+Sk9Pt_ynsyL z5qdX1T}+GFfOx!Cem6YzAOwv<4}FMrIYmrMmQIK}ueblxiA$ny|$JFwaJ$Je?MrWLL~13dlut{^CIHp@$I^kK%OY zlxZu#fyn7ifk8xW)7jPGnP(Avb&>=+gOrG8Rd+4g>iHEjZ zZfw|)CqhYSm?Ug&B-P>)zNf7W!bS(z%N~cUzLXM@0A892_ipbHUx5n>mBU-$@s;C@ zIj`4zmVk8VL_s^S7Z}qy34L>G4{gHMNd|XPB5au7bLmc$a&!BgG&|wbY=^m=CL2DH zR^)QJ!SgIp?X=X*|8Ja=q6o+>nm68SmcGT8i zYm|uJfrjoc7;L9Mi$IxM4J-feauKL6jJWcr$+1$!p7xQ#aEEH>_wzz=b$}n>mST)} zj|0Uctm^=1RY5sbKd^l4E$%l`OB_6Slg&Zj>}!`8ZRg^=wgUz*G?sh%H( z#$+^5o;u-)DdREkX8tb8GGoKL9x0uJl$-(Q*W{zR>QyG2ep|l3e?A&x3HNm-scAr$ z)p*6%Mp{0)_fpZ#JRulgu*kqTLb#V@xZKJaOem?!uGExQ%neBBpw(z@n!KwN!bpu^ z!olDwJ`HBgXotg7y0`D^q#=6z$#O3!&h^k^)tGEO4gA`>Y;XxJ{aqok!0G7+DYi3W zf_54cMnZl?(@*qquLvnsiwwVYXHMJ7G9`YmjA<8JN|cEORdjm+r91pFvPYubW%G26 zYZ8}7BB`sCufy>o|L%>u^w2C?qB3;6w%Bj!Co56xFknIDg!Q!s%jw_=IvgOb{8C0b z%U15S5TROn=vs?1vE$4anVw5bNRbC>Ok>IR22ocT3-9mol(=^Gb|ju=+1%u;50|l5 zEKSlgV4VWQ)YBO3xV{HzW)eu(oA+VjcNP_b8?&71MfM$D5S{6K1=$$!C4^!yuGae> zsfl8Z;j5mO$C}d*B%BVlz6sr} zVpZvNgCJA<%HjK6U*)fOuF{g=lXj`XO34-BD+DVv`x$YZNN8rbOb58tOEiwtaC2dI zzI)$v9Gq_@+~e1|6m~orsP6=R{`kB$hfJpzJY#9fE1!M@p|KKq=FNHE!j_vB|47o( zEpWLo|Iyc?VmzOA(p`XSbOA{kVmj-?C+aoSV^_E8N`Az+ZlV?<5g~9oNo>@mK0cOu z8hZU|hm!o~9KNG2MMT(|m_U;-Xj5BT<|X)r4>fxCLX_^64T(&_!;Cf(%Z8#tc8UNe ze62ZjcSQ`a;z;Lx`;DJ66fFnrij>cX>Ds=E%vxnG2C3ml3p`}Olj$I9cWY3W9M_WI z$|4bE8wHWlZ-LaU00*4R^7Ui%ttmeJ%rov`V6s#^1Ymilg(sr4GAc$9wQ;8Q1nX@x(+tKK>4#^(Q)eo~iQe?+ z63Dafc-Vj0wmV$DS>@SbF!|$p@y$9bb*gf#g6iJ6PVHA`F>E|;^({%xrs@s~MXV*5 zjF(c(#o_Wm=({N19Q2nh2Z5yJNU!dnA0=c2WAkW7`h?5WQ(JrLB}eutOgaLCHOgP`1MU*u0!zRok&7_Nv}`TL%tjZ%cFcS_uC{QB5c+B#9wWr0rv_d z;xy~7o1*D2%tn9zphFQm=B2d?dBtcjTC2_-UzQ4Gx8ZU>5r}%~FC^-^29gaC-s={u zzEm=}U(~rTr@R>g-HWDkj`M?8lX!Ih)nENi52?3kNxFzOu#+Gi3q?ANv@NiK^$U0Z zYzK%+6B+zSMM%7a{8_c}D?1R`B>=Y@(mmU7|1Y?!{R^Cbcmg&Y~fE?b~GN&bVA>^5!XG5W8O}5IfAXL z_*U4wu)d1yN}yydm^I}d*xh}Rw%)DQsc1siW&56HO0uT;EXBr%^px=E|5eE7KwtBr zj7x1&vfp)$sqkmT-asx5mxrr}WqM$b@nG&sT7R0o$a5D0Q8%Bpfa>Qk>9hRhHDQx6 z!Na%Q0N>Rr#CBp*tE8~Uk87GP{>$7LKWdb5&$u6i3UJg>I8VQ2{bhCt-f>>G;`vza zZZc<>jwQ3++@UYKYC!0yhb#++nG$ff_{rX zl;izkSmrdXC!Oer?k{!J^0|MWEC}8JZGS1SzA;nPQE^#1Qd7}G@WIvSzF`c!1?w)I%JI=B7-Pk|5sGgFME~*GO#*F7vCzA($etc zvIQn`go0M}pUj*&{)kha8yn8(SG9{ub1vVGfzv4!ICFKrU$Ao~G5$_xi)8gL_n%YY zl5tn;5JM6FtzhdDI@( zpJO04QP-h$Yn*&E-abUBcDfyXsc{Z&mYdHqIJ8cGDt4oek>PZ6XZzQP3a_jDJ&i@> zA8t6|nO9yv(hd7Bud}ZF1`jCGlSwX#^ID%XT6w?xr^BFu+=20v&g3nfw*7C{W?lb>%Q#XZ?|-hL?yBXe7L!Ac3!Y7~_9?@qd@?{of~2lwQ^4tP>0pUOxz^GFRdXf-}g0 z@Q5=7*Z<0^?%1Mz!^?q{CJ&|0fSZ#iufwVAf3(gfW@a}a!8Eu7NIeX~%n!DE-hu?@ zm#PsOzpb~%?eyMn!J+vZ07*?0AH>GsuV@(`+GS%y|v??xK0uRKWIg+EQ zE(V#6kf%h`6u=cGFP1ps+?NQ{MAJ;fQH5Q8MaFwK{b`vJZh=&Be`4|)%^z=8kJ&lZ z;rMVB{J2eGHdb&S@{IDJv(c@?j4TTAgft%xiE6g=pov)N;1AoWjc7&iQ${t+-M#J% z+!ISDD8TUXL5uQaDdcS}9#;d2u#;0#QpSk9&OzTm%EDU5T`>;Z)qW5$yVCC4PV4S- zW6GH=HvwH)_kwiLJWhluVcB-73eO{|H#u=P2cmVo35R4c<^7;pLPJJzW>|vXY(pv*6>WRP; zQwnltD>e{OkC~o!(ujpjcK-zrS;d!iAENrH?m$T4>x_rBKpiL|GOd~%`zS4&`1djP&L}BV2l9%B^0_o+E(8;ChzLSD%g_KjJbOK6BP5UQfi+7!GqciR zQ@>{{psh}JsGE9p<6+^5q?aBhP?sXs9Us3%=pjGYPZ^Fgid@-!jPXjXyl-&8cb0a~ z4dE+a*^pi=^IW}fZD zt9)-~mW87-3T!$v5nd;sOk8vL4vo&{%tr~uq!KpNl0Irru;mH}$|f+FzCxARG_AY1 z=cBR4ui&EwU`_$VHPfV58#@SIvDi9|;a-msL)WV-?$|w02m?8{t_i@p9h%_g2)DkE z7ywK25k0MNx7}$S&ZJF%ZYU(uW+Ep%PF7)C=R88ko>xTNK`Sv)qE%p%+QV{FX8x&= zE|2@O!R`>xz5!ftDAyjVc)5wUfj^P$@ z^{>8Nd5J813H}*kt1#jv{oSaSG~Ls=Q;r{Ro<>GS3?HAp2#o*m^YzYn?m!>4Ao2!? zK8ySVgwzEg&EoBT@`n@!vTg=G?x9kq-~WQk{@f+4815O#i2CcRfc#@MElNe8Eq0`X z&ZIMWq9;Bv=i2=44z^e9D2F_VePrmWQ(MS0H8l1x+vo~A^{>B2Y&b=FA8tJ zPeoXsC@Ygg>onmC+huhKt0aB#Q$2kZx1|_ZYmC!1>GK^zh2932M0CTqd|M1c%)$xY zUgKkVROLwD&GXQPZ^7Ic_n=9u{zVhfWN-ZW{Ib%JxV$cs@|7rbj`eWQNNUQ|wxPTLiBy`9v(BK;12ZHw3XWY+Ky{6X6Ik+5=Hy$|eW$_3oGVgHGfDm)FO?J6-ZV$ebtxjTXF~~8 zoV=K~k)g~cuCb0yDgY9tnA z=LqD^rQ{np{(D~bMgBYJ2`jI1{^tHmeXd)$z>kXFWuya9!n6E6pwwp*5_G@{s?Q zZRvBBShR4=nZ1NfP(G^IAq{&KZcAMU%V+>-%kghIJp;am>0>fKV_yBTt9AV z2O7wtki6nP;$hPb43+IDU&Z;>EkYr(N94cevurts!6#5UMMjiVFHKz(^s#Zn>gx z>i)P65R%E_Nh0YW;1ZZ1yM5#4Yf$hhhL|X}FaunRE3Spj28AaisGu4pK-&wiBVq)Z zp`tH@o#}e7yc`0HFK~L7j}3znm)QAJJ&v!gmxNrur>;qDUoeqU9yy%R9#}M>80HG4 zyaY}?8$}3mjWSOaw_>qyq7N9zxR+6XoKWvCs1nfMZuxc{@1)R21mxqKUPkr$Lko!x zm?RVQ?dy;D(IR^C1zz`I=FlE)Wk=R%^mG*gyvZtAiTLbLs8y16nP~8271jx5eqK>y zcvQFB_T-`%ee~sD4F(?$`^`#4Z>KQ@=M3Wn-U%GpLj{fe(6fU|EWTP?NZc%{B8p0e zkyact&8Xm)@~k2W4wE-afPW*z0-Yt!;!R9V*`GJp*4h#&(ktsMX7ZwKf2?o00DM{S z+)U%!$o>SL%ick=yim{u!$Qi%aUsdo2Esrro#TN(Q!vl?4I?~Xwa}#sk*~&$bk^XlT!tut~oYm z&v(AQ2}TqXCeYc#*I>b>3Qq`+WTDdC^_nxMt9J?hltRVo77X1kwW93=P(%R@_-p&v z?eeE1#UbAimyS-j-8w<V9xM)G{jB^$8fhjw-KcvJ8AZf{d;_i$K}ZxEG~h$sXZJ>ksUdgyj0FB14$JnD!IN+8~x>7lOa z$sie}P;BmXKFj2h*YfRLhN4m{M-7sl9%BaK2uTVof%=5CBTEYg8HNj){ALaEerz#t zQgcC=MEEy;BBcRK9VF$g#egF6$1P;-rd8&p^sFchL?RBHgzyUq{Yt9VyRffCb{u7aU1<*U4MQTnVd-bk2fyFdCIWfljwB^>(W7LHOzLsz?1{dAR z-!5N(R8f&#*CUJ-p^9pd*itX^bgr`yCUOyss6LWw6d{JkCUGcdH?DL(mzLng9m*u- zc$TEyXxZMw?6#m8^jFsV3c0T9dPo0V;@-0`LX*RfC|6#LqYEN=ji0csjn=J&UIAzW z1KuQFw5KODF$iG@F0G-HYBVqR=a2=7T&1sDRxB~nr|v3cuVIkliJ-dz3+(h}-3zow z61C;?@p}8_WC^^e!rnW6wH4!oon_icUBXkj^=RB-u9Qn#yaxv3IdEn#N{bM)A3+>k z&Ht5tFTkYnJPbwUgn=3Oe8uvN82Kq^CR{+=`!uw*hi$*$8pF(~yQ&%|`$DCP=t-AR zbHDIQ3{r(m)DJib^@*dl!wLn5rWTO2q-8sGv^f^An1{z< z$~qbv%Cl@9R=1c|$Evnm6T(0lx;hQtP}#RP0>aSS*4(pTgvAIa2GOACa$NjVwyzs> z=<)zjP$VQJEmm@eJAua57$4e9;ktcV{|&oUfVSDl=}zemv)eHBKT)lo(87|U9a zkQh1zF9X^zwz$O$AlaI91tP-BxZ>-5kq1AQSj-SlL>zDICCdsgT3b*OvfY2&&dBq) zFckC3@d357yWK&?^V+|ihbdup__{X zEw`!;>CjQh@KNxigbWO?K;F`YcM*}}fWp_{BfYr8lK{5I$#4DGeAw}g417cmZ8SBB zSntuVwHgc3<$???F|dC08roHKgdy zKEK7}GeCv5rBSHpijQnG5{LP*<+~(i@HxiCFG{^25{LL##h-m9hun-hClIerH2Np$ zWi@wb7Kbves|W11Lrwri7?6r#JfskYpUQkT@Jp9m5hye@&>h&A`HB;NKVm;v%6rBF|=JOF`3Mxs_0|KE9*?Q zNa2frwnPEN2^4f6**0A}1JOYXmY$)jK24qYWh=M+Z%TY(y;dlL0qjPD_z2KA_ibDe zUVzb_=tmidUcIn$2f{b18IoLOJ6%YhH8AQ+=+`_82)n4gT& zce$wWEJ?WnL#J`$T*JoZaW>uZBjod{r+D;cc-?y2LXpGL-dt(g$EKeny6q-LNkV2r ztY^fTtv*rl&d&GczOwX^%MYJz`jdLa6K2Hon^4DI+=7p4d8zggNZ+Z{`A`9=1F!yc>C7|EspQ4vVAvvPMaO5Ind;aJLZLoyOgr z;1)bMB)Ge~yL+R--Q8UpcjtEU&TnSE=g$3}nS1Y7e|6XCI#s8t`s}^e-e)aDK2jnI zL!V^H`i+Rgu!-Nt2 zTWuJe<-3@SV?n!q{l37pEZZ*!pD=_29Gw8Z>Tx4-&cp+gvno_948*8S3hN$@ zUz`;=r6p~?OY-?y=urNn8XJo9U^arxT1S>LG1Sflwj6N;Mkd;u45wvy-)M*qC&;vRq0=+2pd@7#oPZQY#I=Hp+N;s1#p z3hcP)Nwp)Q^9`m>=ytqyAU;mRa-P+lX6&$o{+EBqD!kxPw_oT>}53oR=_5oJpzYEvv28tL>CY~KsK(}4`aOGAbeo6U0Ye* zg#Q;_yhYQz3pV9gE!;t+`2__5U?xeI2T(fV2S_j-V!Eapn0l~wvE^$<1Q%F=0jx8u z$Au5nt=z}zxc@_{*)bITH}CZ4y4YdNC#PT$gG2tL4kq=soq*k7RtHOMu#_}pTMUo66 z95U`!jFQuR?N^r5?cEAK61%z#j?|Ge$Q3EF-+4dR!GS@~=3K5J8I!MYB!Dpx!=CV| z$V%BO+&^!BuBtTqNTHbdK7zvW^nJnFw3!yKgvO(7P-DPlf3L6OD_)gC-OFd)?LxyN z7!G)i4wCdtIvuGd+xZ^z(PuZ}&1u-r?0ZQhd^$nrm_hfq{h(X?qb$su>&*Og7 zLle*QriE@98UO$&K(VM+46I^GOwp6kNl&w*4ZD=phpQfvW4<;UWB0HCjCo-*>lGwYjXr++zd#WWY@oTlWvjM`2BMMA)Yg;<_LOEXA3eUkgBN1p_c{j7 zS8+_*Gf$Q(n=>OIl3fQ={q&6gPV)4Y{Kx7yq!)>d*e?G?q~H&3xvIj7B#aQj)q#x6U7+%S((I2 z=#FN)vJ7*xd;v=G<=BN7&!}xAdG|<@r4?wu)FV)K4SvkpNLE!DYTY|&536?yvEfer z8mUf_%e&4L33GGQlFzJ+SV`&`pMEv7PfS|!_~25`jf0MgNSvrFy-nIVN=Lbxsvo(E z$_ie+^KrWc(0n7uNbOtS8F$y`amCbkAon-AOwSHasa9pTmrH|w>VyCpJu*!m=!^&&}(l*bqdAWwD_4R_t~Tlb;X%(c@C|E z8DpCko@rGA>qMuA!-PrigL>imLhJsQmYJQya*>Y%L8RqWo_nkP# zHr*g8=(F^RM9wZ;g7uJ$h9D+qyKjtHGwQDEP8w?tWn^n@m*4H#&o7ok65dW|rw3ub~-mWvpjvh|3rU zcE#nE)K_X*{OZ?=S9Go*NlNq zdjRyD{T$Gvta_}lkZkBj>#&1wzhF*^H_oH9>SFW4s4TzqXH;_Kv_aGOrG~~=b)p_; z9ltC&RXnP$skMKl+;$M)|J7XmZr z%4Z%!kc&hYTS28)DEQ_&6lK8Sgp}Y6F zrRuD!k`^9ZUL9Ie_X6KDM=5Vc9WNsmzFR_mLS_^OYCv`v(l-n1vO9UYE*6(_>CGUF@(m1a*Ux-btDb7MQmBATj zU?8U83lPYUjUfQn;l6$D_me(01q&vRdhG3-`_R1cxLO8>nT?Gzt%CalEV(deI}boKFI zUX`v+zfHNB@z4czt@K{ggHjyTT&C}Fak{o%4 zSrW>AG+m6Mvt89naE&d5po3A$%-P&iL02I+H5aIl=}TIYe>PMRggZ(xtk!~4PrwxS zr`j>ZMmDIaTTbIHcboUNjrJ23hLe5R@7qVfGo1!{I`sB{0K&RT<13D>{b{!=`YOs$ z%wd19H$TyGUh&sFZo1%VvUHYh5RYu~XvFd-iEqd6DQ*jU&t^R?I4qwyY`l0h`Bw%L z3%+9>XhlxDjfEdZOZ;q$_lfZt6ufUs{56ZTw?sm>o|442isfXhZ${Pi4mj|%B6cs} zvV5bZwcB7nX3m1C!gs;=&G7lGUWARzNC#7Kou&()FFGeo40e{S;$j5`Z{A5vNKacX zPYeJUQl#Vms(BtV2IJJ~rr=#()W^XPmqoydPEhO1@AK}eO}?oxNMbr4vug~}ok}^P zb7g($F>*%qTiCzMo_D%KLixBzl|pq8a-^COH7?LMCxj-V z15I$3$fTNTTakZ?(Vnl@_C`Fdm}5lh4!jhLXv)stYUBH!P=NV z^3!j-0y2Wa%Nasl+#hLj9ntT!{hDavEM}~~_Bt)oR(q?7T%ILd9&hEBEhdQu=Xw?7 zz6X~6Y@Js-Ki)FcxOgJ7AL2TnnYQka(Fz)!4=c7!^ax?tZOB8-G}(WB)0Hzc#J{?R z0l3jd2BeffYO(Vtw}mvRp{a8(3vA*6cGySC>T>eZ2%%3sjj@}r+hD;x_7bk*wPcs>wV)RgHQ@EI1q{}NhOn+u!1pjt2|asGSP54o)g zlRV+eOaaRM&4>L5$tE3l>HuA?I$X-zv!&4d6MJs7Q2X<*8Lx|9-{aouxZr5m?q+*` z3F%x;^}J;}Qtf~t)i@6-w&AzQjZlpU`}QzSscQjnsDK)7Y!5q-NR)0&kKuKVEAqGi zmTo>xqH-+yu~NcV3SW7eqPWA^8gG$x+zz*{T_bJ0UbrC@kViR9gw%czklI-3^^^0y zyyTkEkeIRr>OV@NqN1t41jV$n$1pmbmDnj>l1o3$y2Wf^8Pu3WMccw0?~vJi*25So z2?vyU-+INZt4>7`nxCZ!`J;6k(E`+oel4o>B!p{l^fMZ~;DI!lRl;9ZSYOvF@MJ?? zjk{dzKleo|eRSN5)?0Ig1u6~K?a!m$?Q2EqQcMhGt(DabZ~li2h>P4phSplXa>L_0Cws%V0~JqkH^;f6gTVH^epo{K zjvf!g@y@;`(+3!XGV|&z2J$~HF<8OC?5a{}tX*!%hCfFy>DRh-)@8W|5uuc2;Bjx@$3E7of9lMLa)tXbq>|gBQ|~$|CK<{z1>({?O@LJNm_Ds zSfbEluHud9Z^j%~fj(Q59CvK7Pds*T*^|Q>&0k}D95i}5k|WUs%zJo@NxCBGO?E>= zKe8lL?aqFqqu&!v-{}!W!N3rm88_6Z%}vSb|Ha(kCOqvK*RG`T%FirKP~^9!Ibw9` zYiqp#lH1UIfn-7~0~Sq0z>_y+`pZRrUCDOaJaKVn}!rxUA}18_!gsb~=7pb^ifv0eM31TZkMAXZX`rV=W^dSaJ8DynR6^ z$5@u`%!)*upsV#_)K)1Cy*)GVG22{i#&g2!bFfV2;}=`iRSpsx)%OqIZ#|VeGJX19;Wp1R1UuX>P9x${FFwO z*JR_z-Y^dyFpd=#2R)%N22&+DNV_>@A^1Za6>}K#_I^dDGc)OyzquPnftO_5%SaN; zukznWvhbpTH&EkneQM<*i~Ld4xrkq{v&`<&zD!6@NI*)GH+9hE1qqP+em_AIZzlc$ z?Eo|@RK@Gl7L}$%Q4ppeY^(Q^Ncr-jBc%a2` zHeoT(4Yc*p%PK%g4Iq68ix7#RaFQcar}+@Z{J2eS7gz->IaHgHdO>Lx zjm4|V$I<{L&YkqH%qQ>YXXiJ9104yDvMYwL>DSYC5g@TA4)Rv{sZ#tq7um-)aLxKE zCkglWxgi>KBnuoV_!Z47zjexeaJ0}N7MWLkgqgn!g=YHnAOh>}{TPROCo+Nyos$dAKNBfXS#UeUPXxYPfVLOwO)!*}e|(vySJqu{u_Z39f&$`w zUo2LYwSJ(;ZNxn}`93gtY2BchD|S-W16!^g)l{A7lG85ba+p)n7~OezBbU1(i&W4% zk4PfEs`TAO|B0x}ym7m|8`(2Al=+t~Jd70<+NQOR`x5*W6^lP=>8XG#t7aNM)uaWU zr%+pRaV%)wTKjuA!BeAb$eOnFOlo++dUm%iq>MB4FlIvES&u5DZhLgus}7YC7DF}{ zY3L0j*~KpkpH6X-V5?eI5%Gr7o{gHQ7CXqmGTD{3RSwz`^Ap$98up1Nv5pHn#U!nu zlkX@}-pR`BhwHK{to|c-yw$y)^%w0c%r-+`wimy_e%@14V*c8}%uydYf{JD^NkF7L zV7@5yoXYm|%^lkJh99W-Zsuod-%}lGCB?EOcS6Dt`02~=>tPPQO`%<+3LFLKSeJ~p z+(`D9msH2pGH2j-^QiL9_1%lzjgX$YWY=*`i6Az)CnsHI#nd;8`XRH%#Jb~8lZGMBo9cFN)V4vCq}I8WRpi^e9h%Y6 z$1f+V<2uAgrD%(EKF=m;wj8$PShn8QIq;cHEK48v?MhqSkg9H1Od4jO4kYy8(?yEp zj0|=YHbK-Dq>#AWU?Ast=aWrN3G2i&Yn~pDLma0)d}u1Si771$B1t6Ldxexw=N!{O z#)_ryA0G2*=ZDN%O`t8u`Cb^oQaHYm;}DDst`oLXO6WiVxVxcoB_CJBZ~ZnY?oXm>sA9fo^6kEuo_$ ze7JELvL=59&+xn5+gN&=GT?Uby6MiL-e`ATbJ^FBwec=qI~3otljvcusHOZ#HszSj(n*;cFIVb# zf(tFI2Sr^)=&!!S&Y;3-&xW{2pn86~(jD-mNH;5cthX2I&{Q+2WK6EBJFC2up2#Ywn)34_ zS!CFWu@k+4>~2(wrRnt!QmbqWU1n>^=byN3^?4_kVNf4%sTbq@dy$%~(QU#_y8~5A z-ZAE5&8{yNe}}||P1}$Hm{@pTd9pV^;#e)}1U%Ikr`jb(-4rHD4ApOam}xA%I2!Fe z6E21VuC5I!-LW-*ob3-S8^G6&B)U7xelYzMQN6csfcUXzMJ`lT>ur8qdV{xraL~3% zxcSnv+1J|k{RNRla--F|y#$7jV|!6f0^@bX?+Dx;4;Y3?yo^x1`1R};Io=<+kKSjj zbXSa@_~3y8fmAKCVXpE|)paU1riNYS`3G4Tl=`o(@4e+@DVkpyPX{4pageFm* zdNFBF(v@(PkPv&08NQhc>MSklczp`J=>yf>7&Ui{kdE`dznTzpikp+z;2=$C^T#5> zT!=tdbc|@Z8Uu31A+oWwKtdijx*yNSRXgE zBT1)KRi>t}vYijR4EB;?VNLTBUUXp8G+Dh$$+`3ADB=-7NS)BY$jzdg_NeWfZ z$hSD%vQ^9pY}9#)9L2zH)vs`T>9ya2+i|p@r5jQ}C^+OeYIQ2&pR6qWe!B?fRMTgu zSPo#mN~9*^TO~ReZwcc_;N?y<@aBMYS?ee5a7#qo5h!NJGd(S-<3*}h?A70AOH0lw?IL6RJppy=pHg%BY^9mrks_*l z9}I+_A{G_+rFq~LXppAp_|U>)8~whuAvB&oEo6DJ*Le{A)|wnyuQ~Wg?iwD#Ub_)b z4rRHj?tGkMI5G`hU}3ae9iXRG@YOREMfP$HkYDs3sSR~_EMTy07V71TZxXXo@WY}x zo3*awH77VzL~)I^33YA5n1F4TyK){v8)^Jb!^*4nP%BV#T6IuJj*i$O57kUHP|WZ0dgsRK!IKV0k~Eiy&FG8fQA^Is>|8*dbXdfuqY$c;_n}xh zD{9uXE`DzQs)M8v4a=2bxs~KIV)a?kzLa+G$$PwJGY+l(Oa!xM&MDmT>B*u}_T4^Z^3DuYHCfdnXDwYkhIb9xqLq&h zD1-hRLABr_4QA^y(=5F3fc@6qhfgTnk$LRw=f_X76X2N=Pq@hCsoF20QQ@>FhcO0+z@79+$>mKB){q`N*j)%W|v zo6OChu|VKeri{a_Lt^*N_r_FvcY_4Vf|ry`g` z>EFervC29XbkQ0tiPdc*&>6K>k#alJ*-A;5v8PDVABk=3C0XFN$OlPU1Z8lDu)2C+ zDmP`O!#{<7+Tz;my9|bY`6W0nXt?bbl5ZMaA)F4D2L`JiHZ2J4O3t4!{1G5~Sbuxb z`?D}9d-u;`B_%mtr}*5*Xb&O-gL6XF00jM04QwXjl<+|*918aa@N#=Qhocjzo)A{5 z+4(M?&+|%jLO~!u)M>O*Sb3dAsqo4O5OqR^XbY0l@4eAf4Y0B#IKK{FW(3ZqgB5P~ z4hu6+{|^)#{BKJWz{&I`%s)f?Un&m{P=XT#e|>Or`S|Z82M6!|te5-OSCRh@YuThI z!5XMIzq&f&;#Te+Uva;i)4^uIAxe((E{X%LY#wz!s|F*EE=56w~h%>-yGB4y%BU(A)UoD z+_u&ebWq+&fNN4FJ>yIaQ4`QSEOX7L;Qp@D%ju8l`YxJU(NsUYcv6l4Kh(hi_>+xVWa`>u&gN-ZXpx1IC&bE8itl{NKYM1Wi1rrYBp51b_9qjgMJXh(OaIheQK3k{W z^7nOV3Lu*#X_?SK_2x`0Z=^RKFP4nx;Dw(pX8D>Y-hRJLmxIhFu(cnr?0KO^c<+G& zKkqI0mf10!yeh@Kjw85L++7C$UTsX$H9lP6@r!X=vcd+#(q$frj+NpKm>U!^fNl}VG!RCfJW*jSu|CNw2|9I; zT++?i()~W~(L`MfGV-;B1yr7GZB-p%$Rb3RlNop-n3w}d{}kU$o`B!{1Fl=%=eOHa zj)Ib>*SGsn>OI9H`@vTBmF58VRKSOZ;Q8mT{uZ(BGCCnAUx-zX%7=%_%jqq+s(R}s zaN%EfxT|D*WmhYbmMopZqeg}_a^gl+&|ZEJbF<_Wfa?PRK|lo% z5mas-sSp9ct5wXmmG@e3;>A;%t_4AgU_5H6kIjl|W~5M=XY;tw&s9f$xO0B47tLI2 z*X2%7kEb%fVC1pqwG+b%o7E&XU!%7vZ}L3H_c^>@F;cx(4j(_2?_TdGiuO>8zO}ZO z(*xX_gkh>+63sl#_v10ior>!!PY&%Imce~C^9^PYM~{}O$P8;+He{YrPAJ^aGQf#3 z)IsT;i*P7QjYWTWake(+D3_3)iVreO_&u)HfAEVG?slidhMXCm$vVMWWkbF-G|3lr zb;&JD#AWTA;55vD>Oq_o@>A(?g9uI{BH)(s!!6#I*Hk*7br=vCaP-hfyzLkcw}w+~ z7a?_+nS6)tV|UTqUsfe=naNvr(Vk%Vq1H_q^}GiNr;q*f z^+Xb#U%BpK8QBEPI7E%br?YImhQc5X!%?`j?*n(8el}2u5Ysd-V;D8<^F;yh0eQNj z>zoDi+*7;F-Co@izywB@qi!YJgYKj}FJUYp1H{HrCu90~8Pmw(&1d~zE2WurN9t87 z3b^ay8oIQlhq5ftO zSO^oSeN7DOmWoGV?wvQe${6of5iny`bU&M0(aV0Mg^^>2MW$Kwp4P4-1+B4}-d4^H z&1FZf)!znYs2lLU*@Y8 ztxC$u(td{gZS9oq48i>S2_m*C2l}6VWKi_~?4lqxd-wMf6RhCh6G8X@K5G8cCM`4p zehT1CKc@MDL7z*z#gTfA{O=wg4SiK8dUJF03xb0&+5Z~nQGWCNR4_tbp6|^taWPCp)TY;XS~9;%IKig-PtAAMyKo3tEYO-sIr_Rn0P+Z$5KcLh|Zl0 zy(NurWl^FrTwGkzT*B&3oQoDsXLYi?dtVNdV!!7DkQw0zp62YV)jxH7ff#w8`PHI7 z!szJW?Q+lm?gUI($jiqH9?j>9kKkE%XndT=;i*Rz*c8{uU35Id5kMCchW0L9cTWj} z7~bbF>R>MSNph#zyoXIS8$7TP&9B|PYAFjAi3|kZG;+&$z`XV-$yKD?conMg6ZxrU zbmKkM(vzWyiT0`pE3JGjrI@%a&HO+;L|V2jiRwtaI$lbphzEfEN=9J_JCF>=Vl9EX zpYc7Ml%k#lh6c5!CMGU(qf|d~<1mm}+=#9Z#)q2u3<+iyrQhVi`((Z$ zoz?B-SE&(E7Jtc{@VI%ZckZ)R=Je}ak(>B2+nBdq+E$2~qsaly%-USr(*3u5i;QK8 zx4jp*n@Cqj@HnJNe_~3f^9dKON5jea%}x`>HMVK*RyqS>mNM^(t9tWGYI#HaEaGR` zNz8)li=SVG{8c~9tWD=m8&kt!q8|+ym$m{+>I&L~@++N+U+$JwFld!mr)@L>_Py|D zq9r0c2#2wu-*tXHGMiazaWNiU&iC~7q|xA&qi38cF%DDJ$z+>7+JFWUmT?q$y2Hh- zt(Swkx!-PDERKX~_Rl8U`ISpMAF`1Me+Xwbs+_gcJTXeuSMDh^YXHD+!6z4OE$lG5hb^7^^U1(uFRp&mGLx|A_b^!oJE$PpI>L73w|%+K7hs!9)FZl z?B!c}_R6lNa+Ry}>e))LzIx0eyjf|Lr!%5cRo_^PCYH^Q89S3pYBt%oom$hY4lfq* za9)Ywe=eC=|7~BvFm*WtHn_XZmemoSUz-}YE9oDvZ*P{WdrCwAq28O(pkS63{jxbY zz?F@iW$($aeF*9PeZtz`g%%#pfw-@HuR%M&kUHB~_eaU!>_&A(HTPL-9eis(uJ-(w zIU%YPa;7Q}g75{C+5k`H;!3ILVb$g|BX8PJC(&$j%pSq@&>NH^sdsyUM-8#>#XbfrGEVT?A8I zpM7DnQ;n2-pYcQOU6|0s&qH>0l?Z5Ne@471>~v*1__CTc)v|)xUHixjq!YJtZC~0& zd%X&!hg7~z!N?Lpn9%!niDr(_`H$$B04cH;hcS9}r0qgD#Wi_u= zYLnv?lDIEejXMvji*3*)w~U1K7WsFXN=n?|SDhk~kUj`9(cU5P=-RiXYp=;u$KrLE z6Gzycp4L;-fjnz!e|ct>^3Xo@D1$~tDKW3&0|x&p#o5}n#X@@a_Oj%xhiD7}D*+$< zT^~=i8&0Qml-E9-#=50)H?*)~WzHG?G>G8va>by-AWvsFk^5$|nEl#7TCpP=KD#Pl zd9S4=0aQ@iKl9zIO7L`6PSc5Qp@b^j7CZ%+kg3*vX3*ApD>^#wzNCkffLGjgE*xNP zolePJ>a(|IyreZ!Q`d~jP7^PQOSCB3R9l`+Q>mEXRn0Gv%)gPU&!ZR-5*8s#srH#avm%O{c&5=j%?V5`{P&bPJ;o~^()lRAb8ynQ+& zDUkFAi@9-g%XGBWuG*-%xZLIKEm^UN<|-(G{tgdi zi9ywAaWtQCE}Smrb-(p^Lc8`?KDwo81&Vh)wZCjaY&;E5;9>N-xwzIluUQkcJw1C_ zBaxLBJqqTJC%+znuYt)GioSM0oj8=t$8i=4okw(H* zHIi`|(uQg{us5MUmxII5KGmpkg35P1U0%Th&4>Nm3>t;oZ6=UR&deE^U7npFK5SE@ zm(j>?8OsKEjxN;<5U*PXl|`fsK#g-rnepf?ZFMgTNvDc`Qwbazzdg{* z(|B#yd>BeW$KxCA7bFPY8Q8DxIdpyBsdn&x%m_kFLZ;6|2$s)a;TQf3@nn(b{8zEx9EW2)Zg1{r1` zV6@{a>W-9bs*_*a%g@h2$M*uUlL$>McPhDaLEGgiNr@FV7~D>_M|G+g-fhIQ_g5+` z&$ZU|&h7G9J#&p1IyJi7iHqPMadYUVrLkU}-Zb}eX9UmAr%1>fez>_sVps`{oIY;9 zqL=G-a$_x`qv2qBdET-gwG@?{{?%W+f^zKOXSF6R*(k8L9HS9A1Coj0k15G4xmYBy zxPQ7QjX9&4YL_`Zq=j7%o6H&7`sMca_yclp@MR#BMl+cwUF97VJyU9SK?;`!Jp=v8 zlc8lEOHPHFr=+WO&qTA0v0lQLxjpJ_Z(PS#QmyEY>jA9<7VLr*or-N>sq)PVZnGD; z@!Ix03os;}22jlgjih zIAx}#n^`hNwzO^??(EUvrGfpir31|bCkQWX676!wIlI=XvnCF=YYk7st|Ffem! z^z${u240P3d5gt$k=j^xRj+&s`@4yGXu=FsEXOQ9 zOCb}M36vXdW0osZ{=lS^zuqh~cZWOsy(?;_^nknn+D*KL$7R75+kF0VSJv~#5uzt{ z?2PS!5LMY`LvuyhZp+~@Giw@=Rh0WptSSL~1C8Xi7I;?03C5sLA}Jp7yols#n<@;< z9G@$u9CmunKUq?YqZb#K#x!ks23qXmy1}%}?a=^_a}>|UA3S=c`sT8ZNVMvD({s)- z2IF_tHpn~5blyP=Ezo&6^**AePkrHoBgYa^3g+ad! z%ikes$wxik+oqwUhXw8q0s^fwB;ijis)WU;n|7W?ZR$5$2bA4(FWGrX0f$BZ7}u&Z?SqX9L`?BlqlGv3h{m|NN4`?cZa_e>cYet&sIUtnx^>%e(2# zseGyRA66;ToKF4_cHfJ0N&kstJIk19e=s`U5{&UtOzFHEq z-Q9A%yu2J8AEzyxSO=cXTw*YW{+p4us9CfM5zCEDftMa&|H1gzs*m)Zq*EGjd`mVH zi;s$8I`rv7ASWkpaXg$VI*~0@a=$$e78X@1V$4%)RNGwTg3s@_nngb4l z;W-=7!Rr2cQ>E(WcS;ND`8%)?=!OfIFf%_iZ>8Ypqdgw*C5k=8yZrpDmJdhEWTl;k(L5L;G`K}Bev|luXIZfkd$mzDIH2NMi^yTt4Lr3spjY9 z4MbOqEz3C~o*uv#&zww@yw6l^W^pR*&d%>BQ92kp?_pE1Ri_b`jETWd*1S^w_1jZ# z#;8vDKgG`0Ki1---bYqWl{aL&ii)F00Ngr+N^J&}vS`a%>XFJHb%12l&r8nbLlO$$ zaC}oKD_lBtqE1A}ClRb5$DTrc_ec^-wu7as{E{bu zn8~c)Fh_aTh3JRD2aeIAUE(3LO!y(!I3X*?O6SL-FWb2kyG{v1jof4ai{%qFm66K5 z0oI$k_@T*z`CGL>;i#msHb#t$kEMmYRJQKTLwYAM--WLVq6m#&P8rm$T!kg$XQ&6a;@=MOn{5&t`*Dp6KcFK? zJr=9&+GZqdn-WnWhGHU{ zNWwV$%UMfol?b6XS8lCZnK&)al;WJjc_*7ejt^bRf!arP%T;;A|4ohF21`Y3_g|Z zTJD+iy9;r$b(K8N)Fu&+K4wj24G;MwJs2p_C974caO)T7V zh4Sp3=>U<#;8Uq${2QC;^VLmnUIl~bPRuZ;;kul*y^gu!PDmb}Ekup}ulJO0%CG$X zLtb2TrQCA>|p;+g$Z~uu2R5M2e`dT_9dM%8hy=jVQB|Cw}Y`yI}efbuU+nvRj87 z^16p?VS`uigQC)|yhyYxfFEyZ4o7uiD{6bMS{7S%;YdkEIJ@K#!QbmlZEWep-t$`A zmEHgv4CR?7swGr<`a+CQ{1>2vfN_M%9MLV!6_iZbIXPpMvC@}llo2y!W{pw(0 z0iNSKcP4Y8_kz<^Z#+wtIc6Z{TRORZn9HrtkAP02nZHsvH|xlFn@uz)<)QG(3xx}h zS^!g2UJYxt?{)`x=O+dWYhmy<`p80Ov(ZBxPe5ahpXFZNf0ry{$Uk8qvdyew#O?Yb zUTTt212BhKMM?Vf5zpoa_b-Ycy%EhTL?e_#V;;XQ?A*1H!g=k*o<#uK3?bV4r_QvA zLGIxeP5Kf?D%a^oZf&GG8QjP0VRe=d_Jw>rHvxQMfFpKCV)VK1%i3yl_N$J!Nw{Ok zYy)kNfYJzPEsXpNaA4jUCNlB}}bE6B@Lni*M(7f>f~)j|}%JX^GvYxcV!mrEvtRCNUlQsA{UAH9XALhPYkIA^YX zq`<+X{aJ*0cbEOHdR_ymV7}GDXLieOh?Rk6Rnb(;((MVPhnG|pugex5t;PW(Jl>ht zEAjfthjxq1g#v5t+oLzngtEA7&*0Fx(t*s12ylksVcrX)qK4Ce&w(RciRy4_e##t@X!)LfcJe&1gB}}` supports taking backup of the resource YAMLs using `kubedump` plugin. This guide will show you how you can take a backup of the resource YAMLs of your entire cluster using Stash. + +## Before You Begin + +- At first, you need to have a Kubernetes cluster, and the `kubectl` command-line tool must be configured to communicate with your cluster. +- Install Stash in your cluster following the steps [here](/docs/setup/install/stash/index.md). +- Install Stash `kubectl` plugin in your local machine following the steps [here](/docs/setup/install/kubectl-plugin/index.md). +- If you are not familiar with how Stash backup the resource YAMLs, please check the following guide [here](/docs/addons/kubedump/overview/index.md). + +You have to be familiar with the following custom resources: + +- [AppBinding](/docs/concepts/crds/appbinding/index.md) +- [Function](/docs/concepts/crds/function/index.md) +- [Task](/docs/concepts/crds/task/index.md) +- [BackupConfiguration](/docs/concepts/crds/backupconfiguration/index.md) +- [BackupSession](/docs/concepts/crds/backupsession/index.md) + +To keep things isolated, we are going to use a separate namespace called `demo` throughout this tutorial. Create the `demo` namespace if you haven't created it already. + +```bash +$ kubectl create ns demo +namespace/demo created +``` + +> Note: YAML files used in this tutorial are stored [here](https://github.com/kubestash/docs/tree/{{< param "info.version" >}}/docs/addons/kubedump/cluster/examples). + +### Prepare for Backup + +In this section, we are going to configure a backup for all the resource YAMLs of our cluster. + +#### Ensure `kubedump` Addon + +When you install the Stash, it will automatically install all the official addons. Make sure that `kubedump` addon was installed properly using the following command. + +```bash +❯ kubectl get tasks.stash.appscode.com | grep kubedump +kubedump-backup-0.1.0 23s +``` + +#### Prepare Backend + +We are going to store our backed-up data into a GCS bucket. So, we need to create a Secret with GCS credentials and a `Repository` object with the bucket information. If you want to use a different backend, please read the respective backend configuration doc from [here](/docs/guides/backends/overview/index.md). + +**Create Storage Secret:** + +At first, let's create a secret called `gcs-secret` with access credentials to our desired GCS bucket, + +```bash +$ echo -n 'changeit' > RESTIC_PASSWORD +$ echo -n '' > GOOGLE_PROJECT_ID +$ cat downloaded-sa-json.key > GOOGLE_SERVICE_ACCOUNT_JSON_KEY +$ kubectl create secret generic -n demo gcs-secret \ + --from-file=./RESTIC_PASSWORD \ + --from-file=./GOOGLE_PROJECT_ID \ + --from-file=./GOOGLE_SERVICE_ACCOUNT_JSON_KEY +secret/gcs-secret created +``` + +**Create Repository:** + +Now, crete a `Repository` object with the information of your desired bucket. Below is the YAML of `Repository` object we are going to create, + +```yaml +apiVersion: stash.appscode.com/v1alpha1 +kind: Repository +metadata: + name: cluster-resource-storage + namespace: demo +spec: + backend: + gcs: + bucket: stash-testing + prefix: /manifests/cluster + storageSecretName: gcs-secret +``` + +Let's create the `Repository` we have shown above, + +```bash +$ kubectl apply -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/kubedump/cluster/examples/repository.yaml +repository.stash.appscode.com/cluster-resource-storage created +``` + +#### Create RBAC + +The `kubedump` plugin requires read permission for all the cluster resources. By default, Stash does not grant such cluster-wide permissions. We have to provide the necessary permissions manually. + +Here, is the YAML of the `ServiceAccount`, `ClusterRole`, and `ClusterRoleBinding` that we are going to use for granting the necessary permissions. + +```yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: cluster-resource-reader + namespace: demo +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: cluster-resource-reader +rules: +- apiGroups: ["*"] + resources: ["*"] + verbs: ["get","list"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: cluster-resource-reader +subjects: +- kind: ServiceAccount + name: cluster-resource-reader + namespace: demo +roleRef: + kind: ClusterRole + name: cluster-resource-reader + apiGroup: rbac.authorization.k8s.io +``` + +Let's create the RBAC resources we have shown above, + +```bash +❯ kubectl apply -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/kubedump/cluster/examples/rbac.yaml +serviceaccount/cluster-resource-reader created +clusterrole.rbac.authorization.k8s.io/cluster-resource-reader created +clusterrolebinding.rbac.authorization.k8s.io/cluster-resource-reader created +``` + +Now, we are ready for backup. In the next section, we are going to schedule a backup for our cluster resources. + +### Backup + +To schedule a backup, we have to create a `BackupConfiguration` object. Then Stash will create a CronJob to periodically backup the database. + +#### Create BackupConfiguration + +Below is the YAML for `BackupConfiguration` object we care going to use to backup the YAMLs of the cluster resources, + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: cluster-resources-backup + namespace: demo +spec: + schedule: "*/5 * * * *" + task: + name: kubedump-backup-0.1.0 + repository: + name: cluster-resource-storage + runtimeSettings: + pod: + serviceAccountName: cluster-resource-reader + retentionPolicy: + name: keep-last-5 + keepLast: 5 + prune: true +``` + +Here, + +- `.spec.schedule` specifies that we want to backup the cluster resources at 5 minutes intervals. +- `.spec.task.name` specifies the name of the Task object that specifies the necessary Functions and their execution order to backup the resource YAMLs. +- `.spec.repository.name` specifies the Repository CR name we have created earlier with backend information. +- `.spec.runtimeSettings.pod.serviceAccountName` specifies the ServiceAccount name that we have created earlier with cluster-wide resource reading permission. +- `.spec.retentionPolicy` specifies a policy indicating how we want to cleanup the old backups. + +Let's create the `BackupConfiguration` object we have shown above, + +```bash +$ kubectl apply -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/kubedump/cluster/examples/backupconfiguration.yaml +backupconfiguration.stash.appscode.com/cluster-resources-backup created +``` + +#### Verify Backup Setup Successful + +If everything goes well, the phase of the `BackupConfiguration` should be `Ready`. The `Ready` phase indicates that the backup setup is successful. Let's verify the `Phase` of the BackupConfiguration, + +```bash +❯ kubectl get backupconfiguration -n demo +NAME TASK SCHEDULE PAUSED PHASE AGE +cluster-resources-backup kubedump-backup-0.1.0 */5 * * * * Ready 18s +``` + +#### Verify CronJob + +Stash will create a CronJob with the schedule specified in `spec.schedule` field of `BackupConfiguration` object. + +Verify that the CronJob has been created using the following command, + +```bash +❯ kubectl get cronjob -n demo +NAME SCHEDULE SUSPEND ACTIVE LAST SCHEDULE AGE +stash-trigger-cluster-resources-backup */5 * * * * False 0 49s +``` + +#### Wait for BackupSession + +The `stash-trigger-cluster-resources-backup` CronJob will trigger a backup on each scheduled slot by creating a `BackupSession` object. + +Now, wait for a schedule to appear. Run the following command to watch for a `BackupSession` object, + +```bash +❯ kubectl get backupsession -n demo -w +NAME INVOKER-TYPE INVOKER-NAME PHASE DURATION AGE +cluster-resources-backup-1652164800 BackupConfiguration cluster-resources-backup 0s +cluster-resources-backup-1652164800 BackupConfiguration cluster-resources-backup Pending 0s +cluster-resources-backup-1652164800 BackupConfiguration cluster-resources-backup Running 0s +cluster-resources-backup-1652164800 BackupConfiguration cluster-resources-backup Running 69s +cluster-resources-backup-1652164800 BackupConfiguration cluster-resources-backup Succeeded 1m9s 69s +``` + +Here, the phase `Succeeded` means that the backup process has been completed successfully. + +#### Verify Backup + +Now, we are going to verify whether the backed-up data is present in the backend or not. Once a backup is completed, Stash will update the respective `Repository` object to reflect the backup completion. Check that the repository `cluster-resource-storage` has been updated by the following command, + +```bash +❯ kubectl get repository -n demo +NAME INTEGRITY SIZE SNAPSHOT-COUNT LAST-SUCCESSFUL-BACKUP AGE +cluster-resource-storage true 2.324 MiB 1 70s 54m + +``` + +Now, if we navigate to the GCS bucket, we will see the backed up data has been stored in `/manifest/cluster` directory as specified by `.spec.backend.gcs.prefix` field of the `Repository` object. + +
    + Backup data in GCS Bucket +
    Fig: Backup data in GCS Bucket
    +
    + +> Note: Stash keeps all the backed-up data encrypted. So, data in the backend will not make any sense until they are decrypted. + +## Restore + +Stash does not provide any automatic mechanism to restore the cluster resources from the backed-up YAMLs. Your application might be managed by Helm or by an operator. In such cases, just applying the YAMLs is not enough to restore the application. Furthermore, there might be an order issue. Some resources must be applied before others. It is difficult to generalize and codify various application-specific logic. + +Therefore, it is the user's responsibility to download the backed-up YAMLs and take the necessary steps based on his application to restore it properly. + +### Download the YAMLs + +Stash provides a [kubectl plugin](https://stash.run/docs/v2022.05.12/guides/cli/cli/#download-snapshots) for making it easy to download a snapshot locally. + +Now, let's download the latest Snapshot from our backed-up data into the `$HOME/Downloads/stash` folder of our local machine. + +```bash +❯ kubectl stash download -n demo cluster-resource-storage --destination=$HOME/Downloads/stash --snapshots="latest" +``` + +Now, lets use [tree](https://linux.die.net/man/1/tree) command to inspect downloaded YAMLs files. + +```bash +❯ tree $HOME/Downloads/stash +/home/emruz/Downloads/stash +└── latest + └── tmp + └── resources + ├── global + │ ├── APIService + │ │ ├── v1.admissionregistration.k8s.io.yaml + │ │ ├── v1alpha1.admission.stash.appscode.com.yaml + │ │ ├── v1alpha1.metrics.appscode.com.yaml + │ │ ├── v1alpha1.repositories.stash.appscode.com.yaml + │ ├── ClusterRole + │ │ ├── admin.yaml + │ │ ├── system:heapster.yaml + │ │ └── view.yaml + │ ├── ClusterRoleBinding + │ │ ├── appscode:license-reader-demo-cluster-resource-reader.yaml + │ │ ├── appscode:stash:garbage-collector.yaml + │ │ ├── cluster-admin.yaml + │ │ ├── cluster-resource-reader.yaml + │ │ ├── kindnet.yaml + │ ├── ComponentStatus + │ │ ├── controller-manager.yaml + │ │ ├── etcd-0.yaml + │ │ └── scheduler.yaml + │ ├── CSINode + │ │ └── kind-control-plane.yaml + │ ├── CustomResourceDefinition + │ │ ├── appbindings.appcatalog.appscode.com.yaml + │ │ ├── backupbatches.stash.appscode.com.yaml + │ │ ├── backupblueprints.stash.appscode.com.yaml + │ │ ├── backupconfigurations.stash.appscode.com.yaml + │ ├── FlowSchema + │ │ ├── catch-all.yaml + │ │ ├── exempt.yaml + │ │ ├── global-default.yaml + │ │ ├── kube-controller-manager.yaml + │ │ ├── kube-scheduler.yaml + │ ├── Function + │ │ ├── elasticsearch-backup-5.6.4.yaml + │ │ ├── mongodb-restore-5.0.3.yaml + │ │ ├── mysql-backup-5.7.25.yaml + │ │ └── update-status.yaml + │ ├── MetricsConfiguration + │ │ ├── stash-appscode-com-backupconfiguration.yaml + │ ├── MutatingWebhookConfiguration + │ │ └── admission.stash.appscode.com.yaml + │ ├── Namespace + │ │ ├── default.yaml + │ │ ├── demo.yaml + │ │ ├── kube-node-lease.yaml + │ │ ├── kube-public.yaml + │ │ ├── kube-system.yaml + │ │ └── local-path-storage.yaml + │ ├── Node + │ │ └── kind-control-plane.yaml + │ ├── StorageClass + │ │ └── standard.yaml + │ ├── Task + │ │ ├── elasticsearch-backup-5.6.4.yaml + │ │ ├── redis-restore-5.0.13.yaml + │ │ └── redis-restore-6.2.5.yaml + │ └── ValidatingWebhookConfiguration + │ └── admission.stash.appscode.com.yaml + └── namespaces + ├── default + │ ├── ConfigMap + │ │ └── kube-root-ca.crt.yaml + │ ├── Endpoints + │ │ └── kubernetes.yaml + │ ├── EndpointSlice + │ │ └── kubernetes.yaml + │ ├── Secret + │ │ └── default-token-7lpm6.yaml + │ ├── Service + │ │ └── kubernetes.yaml + │ └── ServiceAccount + │ └── default.yaml + ├── demo + │ ├── BackupConfiguration + │ │ └── cluster-resources-backup.yaml + │ ├── BackupSession + │ │ ├── cluster-resources-backup-1652176500.yaml + │ │ └── cluster-resources-backup-1652176800.yaml + │ ├── ConfigMap + │ │ └── kube-root-ca.crt.yaml + │ ├── CronJob + │ │ └── stash-trigger-cluster-resources-backup.yaml + │ ├── Event + │ │ ├── cluster-resources-backup-1652173200.16edb2d9e21556ba.yaml + │ ├── Job + │ │ ├── stash-backup-cluster-resources-backup-1652176500-0.yaml + │ │ └── stash-backup-cluster-resources-backup-1652176800-0.yaml + │ ├── Pod + │ │ ├── stash-backup-cluster-resources-backup-1652176500-0-vmx94.yaml + │ │ └── stash-backup-cluster-resources-backup-1652176800-0-5v4k9.yaml + │ ├── Repository + │ │ └── cluster-resource-storage.yaml + │ ├── RoleBinding + │ │ ├── backupconfiguration-cluster-resources-backup-0.yaml + │ │ └── stash-trigger-cluster-resources-backup.yaml + │ ├── Secret + │ │ ├── cluster-resource-reader-token-rqf6n.yaml + │ │ ├── default-token-rbrqt.yaml + │ │ └── gcs-secret.yaml + │ ├── ServiceAccount + │ │ ├── cluster-resource-reader.yaml + │ │ └── default.yaml + │ └── Snapshot + │ ├── cluster-resource-storage-5085e316.yaml + │ ├── cluster-resource-storage-6034bdcf.yaml + │ ├── cluster-resource-storage-706e8f46.yaml + ├── kube-node-lease + │ ├── ConfigMap + │ │ └── kube-root-ca.crt.yaml + │ ├── Lease + │ │ └── kind-control-plane.yaml + │ ├── Secret + │ │ └── default-token-69n9s.yaml + │ └── ServiceAccount + │ └── default.yaml + ├── kube-public + │ ├── ConfigMap + │ │ ├── cluster-info.yaml + │ │ └── kube-root-ca.crt.yaml + │ ├── Role + │ │ ├── kubeadm:bootstrap-signer-clusterinfo.yaml + │ │ └── system:controller:bootstrap-signer.yaml + │ ├── RoleBinding + │ │ ├── kubeadm:bootstrap-signer-clusterinfo.yaml + │ │ └── system:controller:bootstrap-signer.yaml + │ ├── Secret + │ │ └── default-token-jqv4n.yaml + │ └── ServiceAccount + │ └── default.yaml + ├── kube-system + │ ├── ConfigMap + │ │ ├── coredns.yaml + │ │ ├── extension-apiserver-authentication.yaml + │ │ ├── kubeadm-config.yaml + │ │ ├── kubelet-config-1.21.yaml + │ │ ├── kube-proxy.yaml + │ │ └── kube-root-ca.crt.yaml + │ ├── ControllerRevision + │ │ ├── kindnet-5b547684d9.yaml + │ │ └── kube-proxy-6bc6858f58.yaml + │ ├── DaemonSet + │ │ ├── kindnet.yaml + │ │ └── kube-proxy.yaml + │ ├── Deployment + │ │ ├── coredns.yaml + │ │ └── stash-stash-enterprise.yaml + │ ├── Endpoints + │ │ ├── kube-dns.yaml + │ │ └── stash-stash-enterprise.yaml + │ ├── EndpointSlice + │ │ ├── kube-dns-m2s5c.yaml + │ │ └── stash-stash-enterprise-k28h6.yaml + │ ├── Lease + │ │ ├── kube-controller-manager.yaml + │ │ └── kube-scheduler.yaml + │ ├── Pod + │ │ ├── coredns-558bd4d5db-hdsw9.yaml + │ │ ├── coredns-558bd4d5db-wk9tx.yaml + │ │ ├── etcd-kind-control-plane.yaml + │ │ └── stash-stash-enterprise-567dd95f5b-6xtxg.yaml + │ ├── ReplicaSet + │ │ ├── coredns-558bd4d5db.yaml + │ │ └── stash-stash-enterprise-567dd95f5b.yaml + │ ├── Role + │ │ ├── extension-apiserver-authentication-reader.yaml + │ │ ├── kubeadm:kubelet-config-1.21.yaml + │ │ └── system::leader-locking-kube-scheduler.yaml + │ ├── RoleBinding + │ │ ├── kubeadm:kubelet-config-1.21.yaml + │ │ ├── kubeadm:nodes-kubeadm-config.yaml + │ │ ├── kube-proxy.yaml + │ ├── Service + │ │ ├── kube-dns.yaml + │ │ └── stash-stash-enterprise.yaml + │ └── ServiceAccount + │ ├── attachdetach-controller.yaml + │ ├── bootstrap-signer.yaml + └── local-path-storage + ├── ConfigMap + │ ├── kube-root-ca.crt.yaml + │ └── local-path-config.yaml + ├── Deployment + │ └── local-path-provisioner.yaml + ├── Endpoints + │ └── rancher.io-local-path.yaml + ├── Pod + │ └── local-path-provisioner-547f784dff-jb9tq.yaml + ├── ReplicaSet + │ └── local-path-provisioner-547f784dff.yaml + ├── Secret + │ ├── default-token-bnk6x.yaml + │ └── local-path-provisioner-service-account-token-fvkxj.yaml + └── ServiceAccount + ├── default.yaml + └── local-path-provisioner-service-account.yaml + +77 directories, 776 files +``` + +Here, the non-namespaced resources have been grouped under the `global` directory and the namespaced resources have been grouped inside the namespace specific folder under the `namespaces` directory. + +Let's inspect the YAML of `kubeadm-config.yaml` file under `kube-system` namespace. + +```yaml +❯ cat $HOME/Downloads/stash/latest/tmp/resources/namespaces/kube-system/ConfigMap/kubeadm-config.yaml +apiVersion: v1 +data: + ClusterConfiguration: | + apiServer: + certSANs: + - localhost + - 127.0.0.1 + extraArgs: + authorization-mode: Node,RBAC + runtime-config: "" + timeoutForControlPlane: 4m0s + apiVersion: kubeadm.k8s.io/v1beta2 + certificatesDir: /etc/kubernetes/pki + clusterName: kind + controlPlaneEndpoint: kind-control-plane:6443 + controllerManager: + extraArgs: + enable-hostpath-provisioner: "true" + dns: + type: CoreDNS + etcd: + local: + dataDir: /var/lib/etcd + imageRepository: k8s.gcr.io + kind: ClusterConfiguration + kubernetesVersion: v1.21.1 + networking: + dnsDomain: cluster.local + podSubnet: 10.244.0.0/16 + serviceSubnet: 10.96.0.0/16 + scheduler: {} + ClusterStatus: | + apiEndpoints: + kind-control-plane: + advertiseAddress: 172.18.0.2 + bindPort: 6443 + apiVersion: kubeadm.k8s.io/v1beta2 + kind: ClusterStatus +kind: ConfigMap +metadata: + name: kubeadm-config + namespace: kube-system +``` + +Now, you can use these YAML files to re-create your desired application. + +## Cleanup + +To cleanup the Kubernetes resources created by this tutorial, run: + +```bash +kubectl delete -n demo backupconfiguration cluster-resources-backup +kubectl delete -n demo repository cluster-resource-storage +kubectl delete -n demo serviceaccount cluster-resource-reader +kubectl delete -n demo clusterrole cluster-resource-reader +kubectl delete -n demo clusterrolebinding cluster-resource-reader +``` diff --git a/docs/addons/kubedump/customization/examples/filter-resources.yaml b/docs/addons/kubedump/customization/examples/filter-resources.yaml new file mode 100644 index 0000000..ba4cf9b --- /dev/null +++ b/docs/addons/kubedump/customization/examples/filter-resources.yaml @@ -0,0 +1,21 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: cluster-resources-backup + namespace: demo +spec: + schedule: "*/5 * * * *" + task: + name: kubedump-backup-0.1.0 + params: + - name: labelSelector + value: "k8s-app=kube-dns" + repository: + name: cluster-resource-storage + runtimeSettings: + pod: + serviceAccountName: cluster-resource-reader + retentionPolicy: + name: keep-last-5 + keepLast: 5 + prune: true diff --git a/docs/addons/kubedump/customization/examples/multi-retention-policy.yaml b/docs/addons/kubedump/customization/examples/multi-retention-policy.yaml new file mode 100644 index 0000000..08be02b --- /dev/null +++ b/docs/addons/kubedump/customization/examples/multi-retention-policy.yaml @@ -0,0 +1,22 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: cluster-resources-backup + namespace: demo +spec: + schedule: "*/5 * * * *" + task: + name: kubedump-backup-0.1.0 + repository: + name: cluster-resource-storage + runtimeSettings: + pod: + serviceAccountName: cluster-resource-reader + retentionPolicy: + name: cluster-resource-retention + keepLast: 5 + keepDaily: 10 + keepWeekly: 20 + keepMonthly: 50 + keepYearly: 100 + prune: true diff --git a/docs/addons/kubedump/customization/examples/passing-args.yaml b/docs/addons/kubedump/customization/examples/passing-args.yaml new file mode 100644 index 0000000..48e35d8 --- /dev/null +++ b/docs/addons/kubedump/customization/examples/passing-args.yaml @@ -0,0 +1,21 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: cluster-resources-backup + namespace: demo +spec: + schedule: "*/5 * * * *" + task: + name: kubedump-backup-0.1.0 + params: + - name: sanitize + value: "false" + repository: + name: cluster-resource-storage + runtimeSettings: + pod: + serviceAccountName: cluster-resource-reader + retentionPolicy: + name: keep-last-5 + keepLast: 5 + prune: true diff --git a/docs/addons/kubedump/customization/examples/resource-limit.yaml b/docs/addons/kubedump/customization/examples/resource-limit.yaml new file mode 100644 index 0000000..6984a5e --- /dev/null +++ b/docs/addons/kubedump/customization/examples/resource-limit.yaml @@ -0,0 +1,26 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: cluster-resources-backup + namespace: demo +spec: + schedule: "*/5 * * * *" + task: + name: kubedump-backup-0.1.0 + repository: + name: cluster-resource-storage + runtimeSettings: + pod: + serviceAccountName: cluster-resource-reader + container: + resources: + requests: + cpu: "200m" + memory: "1Gi" + limits: + cpu: "200m" + memory: "1Gi" + retentionPolicy: + name: keep-last-5 + keepLast: 5 + prune: true diff --git a/docs/addons/kubedump/customization/examples/specific-user.yaml b/docs/addons/kubedump/customization/examples/specific-user.yaml new file mode 100644 index 0000000..ed58cb9 --- /dev/null +++ b/docs/addons/kubedump/customization/examples/specific-user.yaml @@ -0,0 +1,21 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: cluster-resources-backup + namespace: demo +spec: + schedule: "*/5 * * * *" + task: + name: kubedump-backup-0.1.0 + repository: + name: cluster-resource-storage + runtimeSettings: + pod: + serviceAccountName: cluster-resource-reader + securityContext: + runAsUser: 0 + runAsGroup: 0 + retentionPolicy: + name: keep-last-5 + keepLast: 5 + prune: true diff --git a/docs/addons/kubedump/customization/index.md b/docs/addons/kubedump/customization/index.md new file mode 100644 index 0000000..391cd6f --- /dev/null +++ b/docs/addons/kubedump/customization/index.md @@ -0,0 +1,198 @@ +--- +title: Backup Customization | Stash +description: Customizing Backup Process with Stash +menu: + docs_{{ .version }}: + identifier: stash-kubedump-customization + name: Customizing Backup Process + parent: stash-kubedump + weight: 50 +product_name: kubestash +menu_name: docs_{{ .version }} +section_menu_id: stash-addons +--- + +# Customizing Backup Process + +Stash provides rich customization supports for the backup and restores process to meet the requirements of various cluster configurations. This guide will show you some examples of these customizations. + +In this section, we are going to show you how to customize the backup process. Here, we are going to show some examples of filtering resources using a label selector, running the backup process as a specific user, using multiple retention policies, etc. + +> Note: YAML files used in this tutorial are stored [here](https://github.com/kubestash/docs/tree/{{< param "info.version" >}}/docs/addons/kubedump/customization/examples). + +### Filtering resources + +You can use a label selector to backup the YAML for the resources that have particular labels. You just have to pass the `labelSelector` parameter under `task.params` section with your desired label selector. + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: cluster-resources-backup + namespace: demo +spec: + schedule: "*/5 * * * *" + task: + name: kubedump-backup-0.1.0 + params: + - name: labelSelector + value: "k8s-app=kube-dns" + repository: + name: cluster-resource-storage + runtimeSettings: + pod: + serviceAccountName: cluster-resource-reader + retentionPolicy: + name: keep-last-5 + keepLast: 5 + prune: true +``` + +The above backup process will backup only the resources that has `k8s-app: kube-dns` label. Here, is a sample of the resources backed up by the above BackupConfiguration. + +```bash +❯ tree $HOME/Downloads/stash +/home/emruz/Downloads/stash +└── latest + └── tmp + └── resources + └── namespaces + └── kube-system + ├── Deployment + │ └── coredns.yaml + ├── Endpoints + │ └── kube-dns.yaml + ├── EndpointSlice + │ └── kube-dns-m2s5c.yaml + ├── Pod + │ ├── coredns-558bd4d5db-hdsw9.yaml + │ └── coredns-558bd4d5db-wk9tx.yaml + ├── ReplicaSet + │ └── coredns-558bd4d5db.yaml + └── Service + └── kube-dns.yaml + +11 directories, 7 files +``` + +### Passing arguments + +You can pass arguments to the backup process using `task.params` section. + +The following example shows how passes `sanitize` argument value to `false` which tells the backup process not to remove decorators (i.e. `status`, `managedFields` etc.) from the YAML files. + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: cluster-resources-backup + namespace: demo +spec: + schedule: "*/5 * * * *" + task: + name: kubedump-backup-0.1.0 + params: + - name: sanitize + value: "false" + repository: + name: cluster-resource-storage + runtimeSettings: + pod: + serviceAccountName: cluster-resource-reader + retentionPolicy: + name: keep-last-5 + keepLast: 5 + prune: true +``` + +### Running backup job as a specific user + +If your cluster requires running the backup job as a specific user, you can provide `securityContext` under `runtimeSettings.pod` section. The below example shows how you can run the backup job as the root user. + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: cluster-resources-backup + namespace: demo +spec: + schedule: "*/5 * * * *" + task: + name: kubedump-backup-0.1.0 + repository: + name: cluster-resource-storage + runtimeSettings: + pod: + serviceAccountName: cluster-resource-reader + securityContext: + runAsUser: 0 + runAsGroup: 0 + retentionPolicy: + name: keep-last-5 + keepLast: 5 + prune: true +``` + +### Specifying Memory/CPU limit/request for the backup job + +If you want to specify the Memory/CPU limit/request for your backup job, you can specify `resources` field under `runtimeSettings.container` section. + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: cluster-resources-backup + namespace: demo +spec: + schedule: "*/5 * * * *" + task: + name: kubedump-backup-0.1.0 + repository: + name: cluster-resource-storage + runtimeSettings: + pod: + serviceAccountName: cluster-resource-reader + container: + resources: + requests: + cpu: "200m" + memory: "1Gi" + limits: + cpu: "200m" + memory: "1Gi" + retentionPolicy: + name: keep-last-5 + keepLast: 5 + prune: true +``` + +### Using multiple retention policies + +You can also specify multiple retention policies for your backed up data. For example, you may want to keep a few daily snapshots, a few weekly snapshots, and few monthly snapshots, etc. You just need to pass the desired number with the respective key under the `retentionPolicy` section. + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: cluster-resources-backup + namespace: demo +spec: + schedule: "*/5 * * * *" + task: + name: kubedump-backup-0.1.0 + repository: + name: cluster-resource-storage + runtimeSettings: + pod: + serviceAccountName: cluster-resource-reader + retentionPolicy: + name: cluster-resource-retention + keepLast: 5 + keepDaily: 10 + keepWeekly: 20 + keepMonthly: 50 + keepYearly: 100 + prune: true +``` + +To know more about the available options for retention policies, please visit [here](/docs/concepts/crds/backupconfiguration/index.md#specretentionpolicy). diff --git a/docs/addons/kubedump/namespace/examples/backupconfiguration.yaml b/docs/addons/kubedump/namespace/examples/backupconfiguration.yaml new file mode 100644 index 0000000..f60a9d1 --- /dev/null +++ b/docs/addons/kubedump/namespace/examples/backupconfiguration.yaml @@ -0,0 +1,23 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: kube-system-backup + namespace: demo +spec: + schedule: "*/5 * * * *" + task: + name: kubedump-backup-0.1.0 + repository: + name: namespace-resource-storage + target: + ref: + apiVersion: v1 + kind: Namespace + name: kube-system + runtimeSettings: + pod: + serviceAccountName: cluster-resource-reader + retentionPolicy: + name: keep-last-5 + keepLast: 5 + prune: true diff --git a/docs/addons/kubedump/namespace/examples/rbac.yaml b/docs/addons/kubedump/namespace/examples/rbac.yaml new file mode 100644 index 0000000..52ae310 --- /dev/null +++ b/docs/addons/kubedump/namespace/examples/rbac.yaml @@ -0,0 +1,27 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: cluster-resource-reader + namespace: demo +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: cluster-resource-reader +rules: +- apiGroups: ["*"] + resources: ["*"] + verbs: ["get","list"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: cluster-resource-reader +subjects: +- kind: ServiceAccount + name: cluster-resource-reader + namespace: demo +roleRef: + kind: ClusterRole + name: cluster-resource-reader + apiGroup: rbac.authorization.k8s.io diff --git a/docs/addons/kubedump/namespace/examples/repository.yaml b/docs/addons/kubedump/namespace/examples/repository.yaml new file mode 100644 index 0000000..3c703b0 --- /dev/null +++ b/docs/addons/kubedump/namespace/examples/repository.yaml @@ -0,0 +1,11 @@ +apiVersion: stash.appscode.com/v1alpha1 +kind: Repository +metadata: + name: namespace-resource-storage + namespace: demo +spec: + backend: + gcs: + bucket: stash-testing + prefix: /manifests/namespace/kube-system + storageSecretName: gcs-secret diff --git a/docs/addons/kubedump/namespace/images/namespace_manifests_backup.png b/docs/addons/kubedump/namespace/images/namespace_manifests_backup.png new file mode 100644 index 0000000000000000000000000000000000000000..5d2d40502ae334667f967d247a4da7e870002531 GIT binary patch literal 74373 zcmce-1yI~u&@VW+2L^Wt9-IKdT>=DmfVrL?943NLpM()h%^@$x{dWs$S@Lqyw67agmxTAnErf^Gze7 z2pTO9DF*c%%?%{+$niz-31e~|B#Z?*wlIVroY^;dmNb3B%x8DTE=h2>zi7CGj%EgC-kG?Xrhn0${bHJabfy*|T^b`S{&(0B z?1LbGM+h>F%)fsZC)2&8_%kYvvV;D9+$X~`3xxp&23pVpO`YM16BIap$^HzjRPprl zOE8$HT^#B8+eo+8@Qdz21J|a@??{dMT&yoO35cseuCjnZm>b&A&Q!G*Y9m(Ezss%UB2 zs2dMD6=n^{AE%gR9Tz8$_O5WS5lJ@SK?Q6-GJjDFD2DwJ+dR=&SX{j!soNtdS;Up2 z^R3(M8n2arj!>Ht510JLr(ZnFbo?`uWnq}QF?{Oc9!56FZ&Nn$3K{$Or~L+v(Jnu( z*bqc^ILg)8zIAT3Zq2_e85hR;6;<(S#rZbXwl?Chd|xyXE_nNE`Gu5s3heBU#r#|z zJxzigIDHZS3A~}?<_m{b+dzPt5E|f!xNWzWP7y?2aB!EzT!sp<5Mb*-5<)OqWhPOg zrb8n#5&9&L_u|R|oU~(8`QgL+7wE*<9;tNpF0u1Oy1Iy0q227TR@&<*AcxZ|scL=U z&`2eU8yj1ykrT-h=??kO5A9NM9K9$%9h;y)`7B@Uej=p07~0StFc>+U99ywdfveN)@qQ>VHRfVILwc`)*WRrT`8{qtHam*GLnv zCk=;*)t`FbMbx}eNJr{lo3Sna+6YK}J0%}abtR`^D3ME>tzQ_>GXY0*c+p*UHH9jg z;KWH;nJtd@%SIuN|3Y3a6#4ni-17T^Ampx|rv|xN{9-X!BH2N2U5NM=myU5PDtxk{ zy}5_&CLh;Dcc4xOrVH2#<|WBU%7_uVej*HUQE;IfCi6xtdg;vU{@^^F$Z zuNS&8ch0^D2YGkiYrEO_lPo5tG%LAXe68c;w@Ghao#bWXlM{`SeqWEb{O-JSy6VM!H`_Gd1hBY5U@hQ9u=4O|4F>TyKoNawQgU^v-yTE+HVFptC0v^Jwrc4p4-Z z9oEl;@f=3+RDedEbO;C*;81t9C~uyJH}p`g{j9ZIWuOcB$Qj1Y7tLt^@bJ<&VaBV~ zsb!9Z>-!yw9L^-J&j!?REbVYZ;liy<9b23R(asC3TjM$n_XITPD3X~gbPq>iR?xoQ1 zT6Kd^Rs}i{l3v(xUL7^1j`g5xzvsrqZ}hOB$RIQOU=E``a?vx!t_DLwuiFhNqC+Cd zsn+j0Y|G<9MEj-O ztidnQ)tzF}!(Yc?EFz7J%fMF260=|3XV*$URp8C?2#$1Bb0&(z+eo^#(N`66tqIG! z!z;TI6L5@QvO2gU8Tt#E=(uNso=ubSSWCh*+v6~4mB3+L8uw&{wR)PnlPaba?GJ>LT^XWmW+^m)O;>E8 zzj-$@cXgPhLQ%tX(#;)t_UI|!@NXzm$va{8KBd>+ z#sgON_D=LFytoz?#QaUOo52EV&(^Q3h0FM?-Q)L2--+-29?|N?T0mz$k-cplvO*Iz zt>58`3*r8yY!Kant*2~*Vud6DfWT0>-#l23QQ?1Cyl5L`(s12ds^`G)PqwTj^$Pg1mu z|IpQqkxKyry`^^f-9*iHDqtEbSQlYjA4-3$EWW$Cqp(Y0_VkdX!$YgWr*u9oZv|py}(dc)K$Gmnok1M{s9tCiD5(uJZp7}w3$ByMwR@Q3a zK+D#T(%Pibw(__X6ud@X>|G0APb(f2skVOO>1DS!WK&Q#9xx+lEj&$&c6rhLlyvVC zap~MXlf*cCYN(sC7pL9Z`0@g8x$eS*YcdRT`A(;+2gdpGYJY(#=VUgcbe7>I@Y2?+ zI3Me{a*&@`Ia~>onEOa90fE1k3_G&aKK2lSc|4w(HeQ^mncI5xISrRQf7F>-HJ5q{)2?a=U5KvI;iWz-2dt13S3UV4 z+8`HeuLioS2$0t?*qx@B@IQ$#J?gIA6Iue`gZ616;wVk^gt=K)_z^GCy0mrqNk<&G z&}&1#$_eN3Rebwr&wCp4?BbdW>5g%*XKOyFrflUqcJjyY_Y#e?>MwlD2s0+bPDzYS z2fT35W*Nc3g6$K(ZcI~g57itN;qX;A%);l0fU?Z;mSGYGN`W%o%PAN8mi&SvW9C}m zfdX#JLgMEm0s}=K3Cq$^IE0*w|6_B!;a>2%mHxcYHx!57($Fd3Xu6^rVMFhzgXX;w zoLC2=?BeEPg;@yr*HaY5a?JK%|=!)#vY``VHD@4*xx;A=@R-HYW@$mBg84&bEug}X3+oz%4 z`TAI{g&ES+O>&fueUd?s(qZc&Hr;8F+W4Voy7MCWO*>j^*kuT;L8G4F%9vXNxl04` zojfF&r<(*&)U-{vPB?6zd3((9tm@}Nea)hN@IqV6-Y$#vy4IJODZ*#vj@J6y6VD8)2L?(3jhmo>s)`O7?GB4aU> z%QOso*8+re-POpTeZth1*$BXNHr>V$I@aj*v@#5i-ZmPo7!x*mDtA>KO&JyU-~ebj zxHdHVZD;U&FAi}*mv(gj-Iu0(_}T~;iQ9E0v)3?&Jb)i=*0Vn!dT>3f)@LmnpMYKT|w6O4B?-p%o7Tlkik3t=cw(??=TBTfgvE{8KrR7WQBY{xP7=SEOh;fOX~jM>?1bBT5Fp=Ta0QS8H`1&h&On0% z7CDsqx)HpMce@JsBEbCr*a@t>uoFNY<}^&mY(qiu23$<g##D?aGDJQvI- zWYb0`;twEV`B2u`Sh51~Z)&R6{4C?e*W}S%j_iSG`GajVxu<0T1KN zS9q{T1b7wiA`VS{G2ykDA%U-Xy&8(oYv{18S+d1?>09PQ9+ayvai@9p-#A<6^dDahGQ1dwLB3+`%2AH{=>gmbf%%n5Jki_$F4+ z(8D0`9m^D0xN>-aj&}ZZt@WDN9{nEGjO4MgWCXsDJMEqm1E;&ubzqsca%}`ZIFBa1 z5zUHWP#w{Df2?_lQ!OQYh=diDzYNh|eziKQA?LPT2XT!Gzb>feoW{euS$8Q(dEn0* zV_d^y(a0*)YdKwbfDmH(>6;J&2mu-oF6Jqh%tYS4mR4q$kh<%GYEG7P2SNse{rL_N zhEEld-d(l63rR}=G~oN!wl@QWo{BEqNcpEALf+FJhc{h}EKLvS@ed|jNh@F2;QrU6kD~IY|+T#M;KHtmrP=6VGBC7jMCrZL0%r|6(ViJ+vK5S3Fb@k|qDh)1L z2&FI;-`n&|D5EWFmiD}RyL<36IKAg$QDB+wW;#Od#z9Bl$F#?6g%=i~e};$Q=yYFY zQ8z65yldf!)o_OP)Kec=t>8QB!ORQTR1vOMSqqxxW#n2nw>bCSB|?vP>O4QMW@TBL zF3n+79^>=>hUz^|g=oSXW7cxP^EeQ2^w|XdiQR`BSjWTaosB~Z^$k``)ugC zdm!y9k^3gYgc#7CE6fMGb6Kp%%a4>V?yD*meh-POOC2i81^IQ zuSoI0Sfw4NmJcUM6Oq?@twbl&D-s;qGwjZ(n7&*bwR1<%mYbak!XIm~s1G)74gD}P zp7QI5UTd#s3#}hUghMAg|WCNBw)mxdf4{kZ=q6{abfM55Zb+i)NS7k5= zwvN`sb*jHY>%&nk6XZs|O(4n?nt)JJ%aMfG%+)pYi7heD@DR8-hWgb;r=A^eKc5r4ii8Y_HTnx& zjQ{(X)ZI#dF4tPkP+H`VNPpdk4A6T4Q+tAgolLUsUs;HIzcd;&!osm}hB5@mchjU4 z{WpKbp}i?&drr2l!QS!FC?=1iB$lVC==PY4{@)n(Kk)&#I;r+k zqDp|$Vqn+Rq$#7w`?r`Y%ebY)jhL0C-i~MDzP@W!)q!q>PsRML!amdMwHA^oAfNOa zfS1lU-IkWC^E2sWGaYo6t%(fZ+UrG!Jv1ZBD{P)qSNY4|+X37ML{QaN{#iv6aP=EN z6mjrmr6wFT#qtKo3^f*W?+)Oxqgew6B=wTfC@u&h835R>AhK zuZAXh-7CA$X%gBN^B%rlx$9Ft#}vN9w3|~t_Iqy~R>>s~Eb}u8{rkg~sHvQXpKtbt z>fdb@(MW^Zte}Pg_W)p=dB#?;y^vD|Tve{>)kSKQ_f+*+W~RG@+N%d+m#NDq$-Xyf z1VD7Z(3By_>(8hDFo=@3Y0~6SP0B_vMaR1m@wP;5N8sWJnO(HE zKVEb;r=ws(@AeXwWe=H7Guu1o*DLVckk6H+_<;qw{VP*>l%! zxt5ZnlKBZZA^Z~YpAzg}nJ`=Gt=gmKyIW706$a7H{6wMnu@2CH!1cxbyDnP?%i{rA zN|R7Gax1HanOU8}A8jK=2d3s@PVV?R-8kDB=DxN`Hq^mp29b5*NTVL@HEtmWWQC*Y zWtqa$ou|5fX=DSND%8_Lm<{AtFFIMRq!G09{0_p$Ds~viY4t^W`&zj_PT?kaG0-yM z%4s;e>1j;i*L>&=rbh|Lcpz11(Vf_Nvrsie8qcw?SExU_(P;L@r6D{h+<0O!z4%Eq z@%}A&$Ilj5oOix4D@4@GJT@JUM>9qv_U@W09(YwRE>wMqtFmmo8&_Uw+s28>n|ye` zP36A+8zHA`Z_Jlc@9qOqJe4>{T!IeA2JoEmQ%*^GzIlaiHg5VDSMU|yQfoPMPX-9x z{~!e}HukC2M^j*is5N~raxnBQ6zDP?!_XW`@3DY%nH2e#z*Z;_0X?U7o1W_6pUzYi zlD|?XsA&VwPS@vw-?li7g)7@t7Ph)pS05eDk4vMVV%Jpfx)UY`!!^{ee?H5Vt#-4M z_x@BK3SGiYbnoaB5POwVjAJcaoEFn3?Y%$NtALpLt_5mKGOXn&uX2qoTNla+K1CA% zo(|(lKOG2lF@cp79u|8yml;n}kWUOuZtgpDun6=g8z(kyJ3jid$BsYH!QTPU9^G4S zD3ghKC<8ah)b{meSrfby281+qVtY|!5iZ?HD|5p*0v?lh_PzRh0LuH6bVwHb3QFcV zf1toH>1LAdrH8w^_vtyEpmzvvan@Me*LEc7{U1KcY2 zF$*|E=7#6lK?j1#)@$WYDiH>vZZ8QZmPmag`WS?TJtp=hV_j7zWYMXM%y&5tAcOiF>Ed;Pns#V`1z*z{zgU4H=y znglP)kh0Z)(Fz$)^cX-vFR`u&_s)xeOk0I*BH1($00HqNu7bv#sZ0g6nv2h(pTxwb zP*)2*+$DAxe!hJ-5cU8GfoCI$qK4a~@}c8XBmcn=zpKw8NWUHKrv^dm5qD!>4Rub8 zdodKS3t1VSP>^`mm1>t<1bXUJrG4yJ2~7b^PA? z463H?EH>v9a6L9e)lmMyww*Ja?wqq;87waZb`XpMgBIgyJU_kwJ$rm6paO8Br6<+0 zfRd4J-IJvfdD-u063%bg58T1*QxMtLLCn)uvo4euooUY(B?Lf#BkJolQx^5?RV%E= zs}csOh*QyBmL?@#mbH;5%!*C18~ob>o&Ch!rIVqLD4!q4Ae?8-_Q%pflUzU9n$GcV z8ZYuFo$Z{Vd|Wfo@0)e)vI^lwS~M&(wl0CP7PW72PXnAF_k98=N4mq4R^tBBV9)go zfE-p@`{9ed9Cc>ZtC7%HKCkQd3@^8tznqMgS^(BLu-C+6UD+DtA0qEdTJ+a1m0l@M zNK@Zx0})HaJkG*~qzIII@}Q}HEe-K|s#X7Di~AK(vi%z}G%D$IJ-)3(i%D&wik1g- zET9tdoPIXbclTILEYoifv;B2(zZ=QmW|)QUpkBCEs+xJ8O@RJ^fbW3Q5zsgvfe{pD zWcNE)vrQMow=!wyDKl{OKz_1UUM$>5)eGJZxx@6}_o^G=HLg{|fgDP&t}^ zp|8_Os^n@Gp~WDhX<8y$4%9%}0KtUI(m89)y{-4)QhlQuJqH`! zzcr1%aB}yp8fu!*1JWL@Rt5W0ye!`k&N&$gVU6P$;Q3&Is^+cBz;BVgvTX)BKx5E> z%7wgXZO-085qhE0%Ix^oecb$4%z~~^g=N2t7R|7;#LkVaudCmL+u0vAo6F$e%5$x^ z+SrGd$@t&1q&_{i*62i@B{5l>U}k3-c5ym7I{~-zBF&-;;0>r41Ty!b0ghFtz@j}% zCHuj~*Au{BQw{&3JH@@gfHJR}{+B zbMAiq$kL|TG;W}9lRgGz%Gy+>-u5jgkOx5|$_Xl49sjs^AaLV?w#>t9^dL&+S%yWl za9QdSdIgke6zxh0fCT9Q5|Or;R&Q=>$tP1_N|QlzOeqev=UlU~%G-s}0-V_NOXUW@ zKpN?P-+f&%rNK$_vjt5%cyuS+q^otyt8s^H+OVl-inm%^-p_fPD!;MUio0?MWAagx z#|43wf+BmmKMry4Se4=}P=%3nq3vXo`sT+^a%3kR2lD%_)!|4sX|x1Q=5?y3l9Wgx z^kqMaEYh(P%T|}54e@)UhmMk{06S3RIEhWauIV>o@rV6IAKxj>b?$NbdAZB5u`V%Q zV&)KCzJT+);}1RJmVl1sk&ks(2X*PQg&9`2w*)2Oq2w9nB1uKS<*yukYFzr6vvD4w5W-L7e&6Vk3!0S0#cfF-~n zjD0rkIeBuk*c*JaS8emZH|O%Wfhs)mH-nRi}k1A|J;wD z#TG69x2XT2`_GZUr?EKyDfRz%@}G7CV8MsH`%Z-?wpq6GqNCO)Qm!SZ34_qTq80Cq zQ7%zOcR_uS!Ip@q_I~CN7}@?=#GDqB2EC(YgoK2w6RvnLUtq33YXKe;X)(O`5Y+>97My#9EcGJFXmqDVjW&$fyL zO)qw*(gZI@#n4}JaA1QJRaJuoJTI%=7l(#QXxC7Y?oi5BehIVJbC}9c5uK)uTSiu+<``}YxTp_g1b-x;YYgMz+nAf%mCnfHdZ@D? z95Poemqz}?@@`7MdDFgOR7E}6oQUi?p@XWX2rVNc zGtd7fHDsw;A&zl0lJFOVH%GFo5|%3H2eY&uX@r&vR_qT-GV`h=LrA_%2-!#0xHAPx z_wtQD7nQ9?aBNaaO-)TlPap8}gGH5B9hFRoLR>D^21RBHA_NbWj%y$sStC^V<=|WO z6fh5k11^eUghJ5retBIs20`?&s8l9MWYl0hLNoV}Q+VGfzK8Nv@>Y(pfh;cSr89w2 z6Cd1JCrs7}7z3Xlg+XsJ2k3C{pt8VG46+rj&z4BxW(l0eg#x z0WHS57si-c>_{j_R>ROy?hB(nh$NCJ>6eMrRqd%9>EKj?cvKLt zp?6UpR0!jvR8@End8IbxzHQ$!mzs43jpbLyCMUpL^vmWljf(Q+#n;iF#d5Q}(875y zUM4G{nu(N$z(szN45cW^BRP?OpuQj3Tl~>o_ya#CS14thW<+YzM1_$a4@Ykmc*6cF zt!RSM-i7gX7a~>ha)4bTIGAUl!cYqvb<5}j%faD4y-+{{R4dvS@t=xibOhmr(JebLO7x6dQnM-QX)MBOqeh54DMw2BHl0NUAN>Yh0*xf=rqGj7Vot!NxY<&iVgwGlvV#xoHudjqm_LD|s^R=u z)vI49B8}~2F2_c97?Jzvp|A74N4D4DUq5o5g(!zZcHXzWR2r{6fF~E+=2%}~QZxU7 zs0uxmI3?`L*J3s~DlERkCV+a?BU}W%N)kDUg890!7XA+p4U!?U5=go*GEASFn@H@j zN`z(-bFK|=Yl_1Y7VqXx|>ZWrJ(%eed&Xz_(v8V%uS2a*9=ge8mf_%Ns*9an=2Y#%z(z^Kpm&jR!F7 zQ>&g0nL};O;<5-5m!zCGoKE>IQ87Ag4zA@vn`3YUuLRcC(sI)EGzg2cjEefQ!kzGC z+ZiNwjuNngj_7hXi-U)M%5bW9#xf}umXhjc)G%b*r7f;d8L82~o|X%|l*BRU6J1;{ zCWSAOoa~7`%B1QOG)jx-3G2DP*E?xnl3ir6}MLTcOU6Z5mWPsKb zXvuqc_a*sQ;K7!du@`2Hs?m}!M?d)a*uFU(fsUFegDsm62ogApZQ(}VROouyuP=V` zi28v<>E+hc2XP+HI~rPpI}-s4QaQ2vTRLp3NfAzVoCUIrNEGrwgTpZ~1S&RY0yOeoK1Sa3X%eDLHNc9);Va!A z;^rQdfD&F_ZeLh8f|FaxK|G!+7+{r8$#ysqy=O7rlb|ui4o&NQd`()XXd24hA@N+M z+~`5 z$L==@`<*T@<@aoG zb)@Lu16}+=?6RJsJUBT%EcXA4W5B^w(#m(iX`GG+mf2k=7gJMHv(@JD58J+vXBqf> zE{uLHatilDTq_10K}gL$-U{6EMEC6>Kk*$qkEPE4C=)o=5$63bePv~%GP=K*tGzts zlDJ4Jnd)yZGvT90LfY@b_qlv}z7NhpAt9m|un7qX)$UexsEy{fQZMTNPJBi|ucI!J zFjLmP{@Vzh9c$bti_Slp4-d4dJ&){I+de88&HsrO0*7{rxjN^BhdsppVrj~OnD75C zry#WY53pwYpH=^70m=Va^uq1?*u*g_a*h|?4XvRu)BfVQ2l#n}yb7MPB2@~DJ3Vy( z@VsHU*uRV$O8rDe{lgyx1%c;3J=4#SR_p&Q#d%HR+O2@;)M&QU0K}xXoTzfwTfV_HCh$#+lE(v<&bSzID$hxVv^|m z6(}cvDl}<2eZ2BsLj4=;jB(Cve~R;{fCC+mO}~;S%Sd#B$59*l?}T2`|HUq{v3K}n z3f`~`??e%ri@N(b86z%=MNvz45E54D+?zia1Tp(%B=Ju#J#a{@S{W9#USWD`HCNf+ zd!ituYaZ6QcdMN7YYO>yN#;4Pl7nRoEBSwCDI~~V?w?rtyq?OhP06u&)eWBp3KsR3 zmJSXik!{6@{zgHe7}!>TMu&~SNBDZ^Kbd97)T?V_j#*+H|4!8zCT}+GQIX ze0FkQ?H8Z+{QTUJAQ`2k`+g1GnhC)XfjEAy+@A$-&<;44^>&ug`uJcBWKgG>k!x7E zyuQ7)4+du|MaSbZ% z#HF1LUyM)hyo`G1cX(oEc6TmaPYCYzoQP@A2(pO9{TUvRRVj$sL=U6YCvo$OyGxKY=yInNA7~VpV8_3u5|_6U;Vp&n*+fD z5Vw%q?J^d-v5~=pLE^udurlpZf+Jqvm_A^|XDXUu)V4a4^kg&U3UZ^o+~CB3g(5uQ z81$t;2~IqyH31M7cGoVA$OfhGC@cjP{fqCO@79`}-*O_m(ilxo3cEMASCy|{1+(f| z=gV8Sad5%W2xKMAXn*$CvOz{{K%;Yx_(q5DJ)9B)lTP?}%pi^#_f=y!U$H)aMl{;M z!oi9$!Kj92^jee_1~&BiWxwak!^ptZQRD7w6GqrzXk)WGqa z9ZfJ!fG`=9r~#shz~|ug1{aaZL<(AS!EffA)0!LQhONu(-0y)VCG-b_4!*^f!@wXb|{zN-6ot zh)uj8Grc&tX4r2$hiBG~kt}%og8SI1&btm7l+a2LS|F1n5Jr(cM#=CBe(JHiPnU4? zCh9vhhFAUzItGao_niB)lJ^CHF#CIDv#rod1C_t(66p&Jg4U||bA7+P^?ylrd%=5C zZ(4=HswAm3q&*{>kD4%nBjg<1c^2QEE1v+<96a3yC*-ConeAAQ>MG1{$Zs@A|EBkLW@QR4H#0 zi92C-tJF;S4rb;?j!A@w@OChR2Z6W_^bqC?-9?bu8 z`#{DZY%|Wm6TC_me$b1oSk9nl^ZWgm&|kfkitqD9uM2fjOW(AAD3olUHiM;$r1N4U zATZrj!)a*{k&g?a-k=oYkx%l8Jl$9TAD}}_t72;!v3DgFloU1nCcijzhywTvE*P%Q zyO5~UnqCgk{T9?xnnLVz7+Lub`YTW!o87lm| zM*6?X866h4%u1wWlQ4ikiS+}qe0tL?>D$Y*DcKJ#mAGTN*w&gEkwFie1ud#*o$0W! zo&)dH4A~%Gp+S=PGH9owIp8T1(5Nt<76UD70uIz{Kd6h!sYjJOYUSOj9ZQ$aY3 ztc%(Meg2yLe(|lMg;M z7N!&_eV<|_9cuebGS|n#7@XCCIQBB^<)>*jYOEY^(L1pF3)b#MnU$pzu%JX92wK$J7UMuHHI5qJ*zjxSIR1PTh5k~w++W`*y{A7i zI36shQ6WBy|C^JPFVD`^P#rB9>Gh8sz&K>dJ~zO9!w(MCQh@>ElZK+bZ6sbaGMyy} zKjsOOTG2*j<0d?bF6*8*T?ccPE@36MOD)GoA4LDgFnA;UWWuXVni_3BFAS9MJ~f>+ z&mmxS@m6%UmWHtsmUQ|@z+?L=LqtP;^QPgeX~tkdiX#hA(U-*%PRYnP67GGPNs!q- z3|I@wa-+9ggaemfkQ_>-;UamDzuHFragrfIG%_CV2>c36EA3B3dF1yTW9tQ>##AO* zebNIbJ&j^~w&=_7E~NA`LXoSG*G7KZ-`c&Yv6T~>@A)7O$8FBKTPD^~3Z0PT8ySH9 zI`&c(wPQ*$;c&&T4(=6Q)BC8L&f9hSHY$-g;>Ry9oV4Vi3o=h@E->c;%JN*wY9ASV zsrw(j4w}umk0p5eTdxu4Sjr^sWtkM!A;q-W;MPV@q`YOU%*q#K-%E>HdKUh?m+V+S zKqt6ULeYv;Vk&uIg0l(R*^M!t_FahS2IH{MoV)vk91^L7KfaP-0MSiBlD}J$bQs|p zVlJ2n&`0G`Qon+GwQydbXqlyr5&c8kQR&#`bwJ{2#2bXt&&fM4@7mH_9%KXZ;RnRr zqP8iYyc+SoFen->SUbLQn9e1qeucx6uZoBm-ci{*5%Zm;?Glc@%}V@H#G6)y=nCs2 z>o>R}5QI*kFf>c9xUOd54?4~^37qw42-Y>#M8vTdnr~Q?DN^d#j8g43sh!6)= z7(eAeVdtmA>=Fl9=R7*W30}sxjdY|+kD%RiDc!FDP3)%*6|&J02ss%1j=}ucQb-A8 zL&CQ;Xi|Df{>pdQEt{-5m4`{K*8PS!lcyp9*HhBiL=upPxNb#Ck63=WayJgNu$1#t z)eazVbf+lkl>Il`FPm^KDNH;*Eg@3EA==6e?Y|+$YQ0MZ8$v5;3#&ST6;s*vwO$dP zQj|8@lx;sXT395ou9*Tz`E(_&DMGO}5rj$;!eM`vhIm(So+#_mUfn7VX@^&P!hkC9 zcO0t`QPV@r+xqK;B zZ*cbdH%(ENa$#mVaqx8s*~>F1o(dy=6-IPCB@1wdN<_4tyzpR}zp&OTnE`QF`Dn=w z1`q5e3JtmQqVf+PtRq8hvI*&rK(H&AW*LT(jT}U9y{}`Nq(WCgI0ou34L-dXNFNS* z)O=%9JY+V-KB1_X9QgxX{N-#TVF)|CswV>Fu0O{wQa-<5<ev|+JrEIc3N(WpXG zQTu|428fqtvqlvuK4GX8zEL6A7=#xO%FiAxmgrb3tMJ}3fP4D~N{Jyc$e4Y=3a@y{ z3wx%qojJ?vU7`7{HzfDqR90jo8$-ZYk@BDN9!2&`@#o*w>Z*LCRXR?Dy3Mgqu3;jz zuoW(@dNZj8N9kipnB82~fcwW9G|1CYNfRoG+4lGMbDxLI13rIx`k-&V?Cp*_rT7or zwb(I;f{es{+Qafv@L#LP_Mcz&&gT5j&v`%nDa<|Z%kZBW|NGzm{(mtUo>55|sOL-- zX`oMT{S8|n9#+Db)DjXBvsI=e!d8Ei*pPymTPCG(t=C=lH`cXF)A}itf7qwkb$y7V ztDqK}r+qh1EB%>KYn%-DF5p_75w_M`>cOj=k^nX%kGxAxc(GBQlpT-Kxe&TzofrZ` zivJw2jUCTyi%XmS1e;37WoKu%*w~mA40d>l_{U5I!_@rzL`g7vY($DWoq+<>IM_Mi zg14Yh{6i=K{K(b)avc{9R>W`XGmya;&*`|V=ZOzJmm?TWLbFJi$?M3KR;0r&dGdk= zzorEfNc8wDMcF?g%OXbz-+uSeWkMs$o6W?U_nHoB!x;2nCAs~yTvG9HrBwFg?yhr$ z9-s{k$6F?$S|Nl{uW5G2K|3zUTgGF=j+Nwl%9)ZybK8_;&r2J7Z0LkQB0Mzf?v!kB zV=2a03GJA)q)4WBoOC)uWMe6xHfg;Q!>gSM`b@Jw*cCWQ4fFWHkP!p{o)Ej5bTqf-bGA)@y+0|(kbE6NbR6C+M{G? zh0I4CsAHNH{C3Xn(t7>j_I&5^L)eA`Xhtng{GJ~r%uzJ+B=%^v?ArU~{uM+5<}_}L zl1kBU6$@fMFs`I&?)}?}R5@D=<2R)+Vrs~&oCm(4xO{{k#2Vg`I-GxU^}PL{&yAA| z{!FdLd{``1(mw`4rGml&lOw=SIyS6tBlyI*4HDn`?xlQ$$nLFM*I>BF{Vk)F7EWZ_ zyS!^RZP*}B2Lp~I3SC-*=_541dg$Ay@NSM0_y7fR(L-sGW%s>Z!FM8%6nJpBG1wu; z@1`*_&C8@@c?a+697hfe6RUFlWVL+-2`e{p*u4#{3_dbCqkAe6d)}L> zBBb=-gl71BF&X+7Hp2T6!u1X&yI#3XmW?Y+*>2m&gAEce|J1#>t+*{B$1m^PaxSh; z(p7(DxK^H8N(P#rWrLf^3E85HC8m4u3nD#;xnCqau5i!=-PD$882;M}&{q-Mz*X9* zNZGlJ0~tle;D~2scs25P)fTIn8h*ZFTD$z?=6-zT2j0zB1S1MwxI$lq{mnwP3H<7A_vjFUN;zBPpBcl_uP%CSYfx#u&LIzKi=1hn$X-q`JJO ze9wT83&UfX_uD=OnzS#mFhxPeyta^P>Kyjfou+@nU4*A^ zv9DXN-xu0^&W%=wlfq9T_n!1hw0^TKGcXy$%KZNQT@TbwThWQKooU4cPheN^}}LSWlFF!9N*KIea@XAa*mV9OEh|8@($tBD)zISl60Z= zj0_x&bR2Sgo&h!0RLMYYwMJE5^sv|Tj;VUwqmbtnsfJqOmHoY#!}0GE2UZDel6Dk} z-|-(_e^nRFi+?|2M*VF)L3KVs@Rcs(g!$y@YnjOTpvahwlJW!&mhVWM^q=!ILwGgY z3LyU7()zRona>;q1+;3m|^6|_RvCe%%?Nu-5$_0K|Sq0Zg%}zVfDak z{J7B`GDmDByI_eAH-JE3GGbtC^vMvP;4G4rL9!PT-1C`aFT(ulmQWLcV88*bQ|gNe zY)XmbY_4<9AX4AM=@P9=cHrr;!KAi`J%4enGk6!$3-S?c;K6iL`hCY>1X`Wm-YNPz1&-`w@aghZt@TWsR6Sz}bmW6S633x~5 zW1`J;*3aQLWanle8k1qg=*8TxS(lS}E~ci}P~q8YL%BqvitluoD)q(8i9j31MdSSo zIPHl1_uPT6_byF{;NaYWQ=KUJo@5gGF8T@RUTMz^GId0R?dghy-VMU*ej~Wk*;L;Y z=%#ZNa@cp7ZuT68!*^|+9b>(Fe%nP2+XQ)KLXvRKKgRjFVW_tbCl>uy9={>5jE0G?uq;=o)dTB zO41wMm0Oxf_v7<Z$AP3rhHFLOWQm`sZM3? zykbs^E#Qu~xtd*xkZIFp<=$@_DIw~0e|oM`b{@iuNIYbe6K`}Bh|2sbOG)J{L^pQ( zp+QgPw1`l_`vjw)twar}zGr*3Nr(zFTZ%6q$Li5uXZFx!qisxoS803^*!yAl=3cO& zwWYH+R&mkXWW^`3mwKn40_I{_qGQrzI_n+sDxvU&t1guSIKGKBf@ zuAnf=%&PklKLKOj%KhJ*o6=nE#h8rgmhK!6XmIBjLk@V{vw9A1qHiri!}nwN1n*Eujd8(r zqPjYrI%DEay5-2tDV49B`E!X*-WO|iNXws@n_eg5b1-E#~Rf(rE?r@vBxV{JQUB+oQ*@IKg-I_1zYNV9AhsJ&v2-{&R zt^RD6f(Pe@PwNu+AIxCH)Ut)kbe+B5=zv=PH!|d{vRu|BChm0)hDYm~@dtMNzFVgK zKEVPJf@b-pMOAKpuX{z9Qk zzxe2mtMHFw8|L`)80T|j^Z9PRyK7?Soy{AbIaiovbXkfeWsljCB#c}RY=^xbc6Zz1 zb$^z;t4e;!UPPW}d>UaKTi-4@TC4lMOf<`HUiFkKcj9OV^_D@~-rmCEGfS<$Zpu5m z4N~i!N4fvXpXwAWxOY>pPgEQY#`{W*27LDL9sY5X%sT(msY6CMjvA&H8} zuAC^bu2SGfHud=RP3;d@YdV}g!(?s0BG`Q@l_HI9>qkhhe}Z$CEJ^QH2IHrZFwkIg zy4vq>_867u9&LX3EGRTB?uh%U7!l)P^--5A8tc{%i`=;99q5+2Ts?>GLBYqOMBPW# zq6F3<0kc!iLk>qX?DKTW30Nzfe^*8pCkUy&%Il;Rd}BXzuvzLJf7;_rZ|U@9erdrX z!2)Y@Ya-Yx(^K@X|G}P5#G?(4D8Z>_^qN_tGb^duBL}roq zb!>lv3#*wm@M5y9iKaO)IH>oIQO+N>13LZLDQ%;J#IQz<==Y8kd`Co>#^7+ zUbvL(6g`DM`bkn-NOca}*auerG&x+f=RP0M)E8Cci^-8c-DOPgnpYj-f@!l7Bi2RU z$ei=$E6SiRbX4jEDd4ic8;65|FU$D`*~`(n?#PVo1z?rAU0P!=jhmH)YRz5@%%esA z+!In-@-*Nn4q{TcL)3VcZ@Z0e(le#T-XLRmERZ^Jm}#z=CxD9|D9_%;E858iCqTiA zv!R(4E0ym?)N+y+*+~`6|Q|wxP1)g+nD(YCIduLuBQw zd41+bR6^<8O~?yS?B%@Qe9>7DdXtKx{t?%(unkH7BT@FvKRS2Am+o;2hJGAz48PE5 z&q?3~6NAdAWL9SRH;o%gmL&H(EyDHvYJ`1WnTeg%R)lf4(~1A@s6d5!ogau)zxaq3!z|GYBAps+-W@LdX0#Qv zPqcOzgui%n0Xb6$=j=Kt}t)kK+}gphjf&jNjw#&*fnqXLP=~cyAS3$IHBE3I{V;P{(6YNF>-e zRMk)1M0*1%nT_t~Tl%JPFBKiF7#a;8G5ML*J;@=)wLPk}>2cr3WIPTumX#)DE5K^M zu9u3bq+Rqc`@6F)7%%UI)nv;{lC>x{edV1-ZC+L5J1X_PROrVkqIQLZGrFRJ$LP%+ z-E-?Zm}PwH-vlj4%*u@wRaq9gD&CGMMyKyT5e-6btsgctPwTS#b>XlSeec9qK5z}s zSrt+7^UTwpM56uTLs)5$MSEY;>=V0ItQ29oxnsG$C(O*jymGhnwK;rlCtaQSU3 z>}u=l=h)f4{KXM8$HBAB|M048{XHl_lJji+$wx-!HYag1Q7S3eR4kX6D=J`nJYf+>y zmKZOpHHq@dH^|t)$*fYqQoH2wpkO%R*kGlmyAKBWKtO_BSt#H0n0o;}J#x{72EDTE zUbZ?WgW)?J=&oGcv!i6a9k`D_Kkv|!Q@STt&+9K+8M)njS}f#8dFK1FB@n}V^H1QE zx#5d$#xVMhg3AWAxhM<0etG_kuigj5T>i6~3H#D7YgfX^+X=28fAd-o$gvz+e!{?k zDYZO%aNzXSIrs6Mdsi=Ta`r-sIgHpbh5DPd;yXv#OalGML^`l}H#ClLb~{ZL9;&0S zuzw5<_1NL&uXbzUJ$qn|5PfHglM(gwv#{XT-%EYJ*vnh)mDtj#;*j$>9JhN;y>?7* zPvZ$c!BCJmTz~b)J3(bDsX48#(4+I_TzQ6W0g1TyJs$Lm0km}jrT1eCFKlq6k^1 zECRQu&%bRrcJ%DtaUzFsRFvilhxs#9zKU1hTO9`;q>RPHzfvl~ZM+n#DsVH2TPm5^ zpj{Gr@FsGkPmd%kXI^Dbf?hRK=42A)CFG#B>{+(EN5K=HSVY;&?LUFc{!giS!*BS+ zx0ATtCASa~>Cc4T>V#E|*u$~Tg-!m>)k(C1Z2y{+^`r0i+?i>T9WdPaoIc6Tf7|AZ zoPA7BPsDGsKCe=xi%XO#eKPq_@+5Wk7I)Jalj*CwH@tGC#=j;Q#2--?Zqv5mIz|P} zkIK#ww3ckXzy1xgH9`)8;nT!hqX%75tJ)J_im{#_sl0^>{2Dj|vA;Z{3`fB%b0-jPXO= zDIjn9$=xsb5#KOfcbzqCm5r^ZVx;BhcsPnYJcY+6u$lTM-&u6xlqHXyUfVsr8)Bvc ze;CX!JSPP7^p{y{I?3i9S@Dm278(ieC)cJnnxg&mcnE>^F=bn!GmEzVD50fy@|Kr# zY|JQO#sPQHW|GvX>cGO}f?UJ4d0P7A1FK}2TMoG13+XKu5>)MxX!TQ+M1$MZuSEL| z&%VE4eAyh!-+%f$rj+l;?Q3j3=KjTUza#f_Daj7qDoWD* zlNnaD&u));qEsf$(*5HQ2`qC*|M;-I>fdbtpsVM}241O?hM%2%FZC3%$r8fy;tY-< zqQqeAtHn{TQGCxuFk(uk|9P~R~CjDA2O}Vuhv{>Cms@Yw`t*}GH?i1tHr<>+Q zY-43bfo7dnK*7i5)6l`&($=@Qn$I=2oKKPI)VfTIQVLZkW9CJ*@3Aiq;{N%dmd2y;;DXUl8JMF^HvATmT(juREJ@=9J72fQ=MRc(h_iCd>=tLvA zhQ7v<=Gt~LTKWo=aB?~zO=Q=wYKCXgJXY?2=HA(bMpR4BlNyP;`^(hvX73dbm`q%1 zo%#5JW0qa#RLJ`?Qa@4#y|-!!{iFNPPH#SD@8cH>tJWe-{a!#(9h}nMVZ_Ew-IyC? zq~@6ozSgco-&7Fw9m-|#}GX&Je7h)VRE1|5<3u(D%|IZ@e!<_^o~A-Y?8b{&FdjpI8Lp0}{$TGE8izVH5# zZVL|9GnKx{AHtVJOqvCU)~vK9qkSs;(J(jdyHlOJadDhz>fpV*x83?N(NjhG(M6Sg z6N|9#gsoQ(KP~-1)4M;YvJ&~1=Q~Z>Vt+EzF-%o4w#IQh1&;B_3!)ki);4@P?Oo2_ znt1lU{9G^a<&U5Tt8P=K8S9N;4ciHu`JPi9@;xmmZ>oh@cl=ooHK%mWc~*7 z3~%KLh|dqYVGSk`z0mPU_PqC$+a)~Qjk!Q*^3Lzf(%a!asr78spA)G@yxJ|W`lQC2w$as4AF^M=s(OK5JI`J%a4D&2Iu@}w zn9lMKlcwSB3&Ja31@T^{TIr?w@QyY2e2q_AxKvLBzbKLzm?MJo)=`Yjg4G_~JjXU( z&}7=FYN;cNwk1oqm==|de)-0JzfrOK^YrE{){Y$Is+98M{kv%+wJ%kAsTnu#uqN}T zZP4+5uy{Yx$LMI;{cLB-`xZC5_gKj9ry=ag35zM8EP}1dLf6P8#VL~|C*37^(`Y9`GeJPHY!CTYK)J(W^RjmJnSDINmZHIdAbtp{rTEzXVDNbiz4kD zX?n-9vEGfa#&4IPobm74#m;d-yNOL z%7i7H0H>Yh_@1r>LD!D)E26E!(4$kex#=I$ZQtku=|)O1q^bGcl-?i{jAMgtck_MQ zsSC-0!evAeSFw`7HAS$WdJ#4PBcO!T6P2DR&N8~V0>TcPOfOZ1KkvW_{}{j>z3Vv>sH_pkmbxb43sf)#9p2uRv zuZ{=v?rd{^mGEf@jeB*mzOSm2*q7!xH8h=BrNqcXOMk1Up=gs)Gghnv4;B6Sjl)X} zq61pq={LKrWF*ks60;Z2#3^|;y1X!+?2XUx-3PB^ zzu5j~3FRMsD5?{xWIVmOJ6mI)wOX{;^wXZ5phAQw$EBfQ_>z^BIkz%Z(sS3*k=fr! ze^S0?M~zj8T3lTqYGsf>whLj}Xjw9kRUT>6sBfF7rj(0Ky0Czltuhyzv;C)db;@xjlB`+kT{WUBI@NTCLlbUIX` zkqN(YJqbUOugT#L@QK&NV4RHiYu0Vway?WvC=Wd~d_X4_pn)h1-=qe?r} z7C9#%>N*$PD`=CZZvQ=QEbzoprP9xu7`?@g_f5Slp~oHVA%DkM+#AU#Zcoog0Q}K) zNifzElG^M^Wht%{NHkr2b#A!3dvx%Af2CH3+Af#%%p=h;|GjTCfff!)SrSX>`!A7+ zmu_>T58DScc}D{pL*pcy{GXXWeuZBAv38+hw!xDzNTw5wE<5e8?aR?WYO-O-v~;(U)eoB7oDv(BXvo_BP%a#kHdG9D~r8u+LaMT+B9!Guk;`^D#D{j91vg&D-wa zV!bClUd&t2O?NW9AzP7T=E?HD^RUsK2ji3YjI@&ah_8y~UvM^7%~a2MZ#gmW8%g1h z$X=jh>{40`s>Mqz6xz8w-!C_ie=~Nbr8azIVQ~BFy@?M0p|vxUhtlHJSYc(x-c&Jl z$A1ma!>G)K&3*NZD;Y0&Q0wy>3DB9}drV%XpB|F5Hr%1x=wXbVd)@Ka+aNc<*f_u0 zWhzfY$~0W-psFExFaxI+omrZ~)8j`;fW9YjTvTiL-um^u?|_NK)BmQV@%23Yj4Soj zRrMhyfhzh6abSN?{tcp@MlA9;k%{8iK&=S0!^@QcuZO6J$mu}sdbU8iK>f~Ne|q>W z!Z~^(|Jw`Dl<9!(BYL9CevT(Jr@mAW)3aju=w{W|2cu)Yxe8njA-_8^J6&iJJ5!f+ z>l@=fexD7jX+KTAZ!bnWT**P`!T4zvk6EB0Sv~K?r%$BMNIO2^c2HPdK!6p^tFM7HDJ2-_6mw(fQ8gSPKXEPIPAAQrw^g4{oKNEQC8OH(Th7=wRs2vzUt&TPN0+o>`-ED81eniUYy7 zACM~cdgCzreVOTqCW^f$*OXiI=33=*^iW9hRw^OKZ*mkfYZg}z()KhqF+vVwtlF<{ zb~X{1-(0)A<*E}8s>+7{3G|d$-M8-1|Ll}AGJ)kRafRV zE$m)qy^ekM)2elPy2eGcSEIIjCT!0m-$#ZF`n7)r1nLTZ#EGLn`7AQr;4A9d6zoKHMM`? zSN|T#D<&4TMq^0tlu)^{-{JLSo}6VaK?LvHMW=VV3&B~S%Q){>1?HK>5OR`OKBGIl zC-)|vR#IF58<&U~}u?3eTv^uRcW-_;_WpAWv_a>jzp*GY`4VNOt zj(C^cP>ClZTO(uQS=1GxE4lG*SO@;QjVJ3dK@Z~69~mJ*iqks@{6%DsoQ zq5CoD#Cy+mT@a&LSBsoIFHPSOCyP;dTTR6qC%R;0aCyl8JrqSgBD|Qzg34&= zFv3ts1zmqpb0g_K@@3nqIjn3ooU8g;SNAELEs&Ox5fxXj*LwF@pk%D)@_5>dxAVUT zLTJbj;Y7G!Umlwy%CJ8c)SYEF8P=Vx<-FVf^y$-w!3-IP@Q299fmdZp_T-^a?+?!C znm#dd55>uae?0{Jm0w|sCTUrFIBYwpR&LoFz*5%%f5g{^^SXPt$4ku|!twrniTjmv z*^g-}FOLwF+jZxXGMKoy?Fa;km6cUfbF)-0iGVX}`Lw6o|MmT*2RYnEC6xm%w{PF( zjE(q@YAzm>VRjqMmb8&H5SX?a9YxRG(FLbs-c|23_@429$s23f&T9Xmc zt~$Ls-;NdXa7|w~pR9`1s&#$OE%Ben3T4P1XOi5izrK>vGTxbK9FqC(NgWIRIgSBg zTo&WMbCg-`-o3l>Hw$mt^PCBGebbjpkK}7k?%&14G#Sk3H8fWF&wMOM?y_Pv|I7*! zyuR2^_e|n6QiP5XsL;Wr$prDP`m7ji$0mh0f2OeGxG>L8Ne{qCJ0_mimRw4!1}@skTV~cjeD_ z<*UE(a>omJ<+D6Q?fyS4_GW^wv-+Qc5g-_cYk4IMD4IXoGunZhDF5w85|6CrwNnA`d~#K+*72)s28Q9 zzkhkRo!oe)!TYnX?|y;TWdJq_SA>)>J-vUbSjgU1_4ZyHiPg;dI_3*oTXu5Klcx}7 zR2U!eIc@d){^#}X(Gj(vU_!K(s~=6G^QXc>*5fkKAYu_PRF~N=1d{2?v$HRozhYzD zy{k7`sQcXXZ%1u#uhD$J*A>TOen*3WGzk<^0q5VB*Zw_m+#w4K3$`v-C-Wg=6*iR6 zm6s_IPJOV6h_3TEuL`jDd#*h8o^^tARkY#uzOTg(PwMf$*$^g6O@r6< zxpsrgM4l3ZW|jTytS@=SOP@QD!#?*ZMXiCuJs=`lO;oCOwD`egA$fguS-IcGKiPh7 zW=L5(T_%nzy^PIrf~UBo#O2_R*ear&B}ch{`Mszw&f_^~gIb(v^x+}J885f$-7>`b zI7RNKwy+)fT8BOM!*rb>tU>e0Nc8Gp=KkS`wsOTK|8`AyH3V1xp#U>giAo^|K@+y! zOzBIJg3;Mk+#87Uf`N6Bde2K%EFVs@;X=diM|*pFFsOgzl7x_J0(P>4w3nYhX{#L8 z?=-}67$f&SKMME)rPLdWRYLI$IU)g%bh+XfCfbW3>MJFB9F46#=0WD*??96ehJR@2 zjgV)09e;f@VMkd#u+ihXO-QrRDllAM2jicGEG>C*YlL~ZNOi3w}FE44wLopw9$FvYmI9iVj0Yo%k(%u3M6FvG%=wuoTuI%N-5^N znjXEgvxCwwYrS)Xu;OspGdTX`A4tO8_xKqKa!tV-nM!*S1>Iu!otVK>Ij+y^ue&?L zX;e#1@xj*g+5(B9e}(9`2e%rq?>6HK??65ZkB)9%=nS9S7rs1D=t~sr29N0I>}+gr z_g(6Z+rQZFM=i9P78=gi>;|ti`IB-R1=fc#y3Ze} z@eVfef)+CaL%`?Hx9;GQxl5eeFqw@1qHFfWMSH@}9~a4>yazXr;DZqNva{&+vQJxr z)0AKH?98B?@M2#1REo`f+sXNPb+m+}Bt1SYuk{QH%vR)5R$<}yEQQR0*qE(`Zj zgf4bo!=yElSk-uEW*SHCcb}auC&dc5uv3ToL6o}J%&JoD$P`X3qj$71mi~z}fPiIb zDb5P%x{GDuQBk7y_Rkv|8ouleG_9nxWQPC=cdz5Oq@ zs|IgWlgTPh8o5LRIGG7zg%6x#pj)JpEl}=yv>^drdc&C2aC@p&;CR9gW$Oj=$ASVD zO3^^t$jl6xxUjgmZtbf*f|}aeNr$7<5TQ8;4Tf+7WNh8?T>{V%_Z6Gu0T~%iLlF0r zxV*f4mc_7Q?Fm!%$`mX>-QDF#4VJ6J0tLK4iOm zL#K0zoY$-&##`u@<<>IIh@j}Z zcMtN^%c+Hg5@D%BqqRMWprcUrx%ue#)&PPMuWL_aU_|LL;y6FvHim_m@Hn1~%y8N7 z<&JjaP#!+tt`7+b!DXr0xyd~-BhXe?R|ohDKd#qN;@r8Lsk~y4-+tvDqTH&T6-z)s z0K!sQ+OtnSJ`yrARCIKHJ3H18d(N4DPHvgoJR~F(2Unt(Zni9kG)D|e- zwazS?B-Fb$l(RZrUk^hb>p}i|sL+lUB_t#Od)H|E&TILTD%J^U^&eld6y*Y~ zkNYoAeQBGO;$N9EH87o9hqNTT%e#sZiIs(%qJ>B!5x0r<~Gmj z{7DfBe9T{_Q8zF!08J{2Px=hli|m$V0YkDl=W8(Z3F9(7!bGC}X|L;AH&0lSiRE}- zUoodBD5 zNi&zTfarNeYK*m2Q)!R4$A6Vcc003wFRA&<;xMnObyQ0PUQDfJa*+0>?LNaikN(>Q z>nol#$%GwuP}DG(zjY}y|)s+R>O zdD2hgXCs%Mj*&5~u&{6fp@P!P$^*6s6lv>;1Z0K;K8LwZnxvYAa)(U0q>SX`j|T_# zN1F(-fJaOdxV7g;oAbWpo=+GV17~J*gw8iOAY!{oAka<#PVv|+VUcsK}gzyPuq#ATx$OVH;JZ0~3$iQEqi0?qj|;rl$1BSbq3*de*wat1q5c!Ss^D zxbLlsN{1gFjkvV*E$eb(loObJqZD?q~>|-$l9Q535xCin)5?Z8+21zCmpuGNy^^})4cCy+j8X+6athuwd zH%ESbf(CZhG;3`=qUp3d7r>&${qg~i)6_KpHstM`ot-PHQ$CgmJ$&>iEIhn9_%T0g ztn|s*nbtt%d;Dfr$)QTHXqK7<%iX2XiE_ZK*zwST)525a@|!|9IE{%WxW-M zXa87T2|5n<_s&O9b zEovjaYtKx0qDrkMe;r$&`$U=-H?ovKaN(zF7r#tk0Jin=dJEfS?~3|wf!k(?yzSaw zx`xxQ$L>_Pzkp4mEdKZkUrV*O(D`mqERe8qMB7Wo+?)}xb3SXYe5z>WHKg2g+sj?K zL;*;i*4*;KkSGgk_Wa$hfcrX2=yS&>X(8eA*=puwJq;C=e5UN;JjEta9IQ z`iC&U=&fsRh)IgvfykT#e+W_Jv|g5zzvfy%V`wSU#4M zRY-Pxci(_LHiq5sF1h>8jqYd`0MAoTd3a*LtO%ndqgoVkithQ|jNuGaryH&F? zSsTvWtC8<(Qu&~$)hTtNO^gm`PeJvBKgv!pjt|Gn6d01q#9 ziyM0O;!<8na7Nss_3UD~Y#Uv=oBW)IW%PHw+v~5BL*F=zXXg`y_s`CSf7hkQs*exV z{`{raR+>^4U6TI7B7A?^)ggX0sW8a_&6xSU4kpJRFUv*@H?}yZgqdDkyRqx(S5q#H z^=gQ7&Mfs27xPU=w=b6q>qB;qula1|-ej$wo}Q*JCDmV0h6prGUtc*nZj8$7{=lP= zwZDF<7Unr707I)7JUBjHE*;UDM_APx0?8wo$Sl@;MlBov4FbH^Ib!<5a4u1A9JkZ< zK9U3h7L$aa1kuUa#U(T*#<|lwtSeZdbKCIx-uCZ*P@SedxOaDV(|^oqv;5$;>cf*0 zXvF58c;Ryg8{oW6ISxIW$-pzPDU^xpsEW-p#L8eMu6ns86&qX8MBHUl(<@}w)NeSwysC&UHY z!TtUHNmSybZ9qE9mCK1ag*fG=L;lN&Zo%+@V*PfUDYtFGfx*F8J_plC_!7BT@Ov#S zt-pEd1mxsN@A3jrzT!NV)X{l@#D+llCfxUX8`6{1BTc4ic;$pn)6S2>X2c=CvG9%B zvY8fZT?{KaSp8gawYj>?p$DS5;B~d^bpohzV!m6W>x_Wi{lprW-1gO_E8%BV=sSC- zaem2||4H`BVJCO7ao9?-UIKBoDPbBXfNt)xm6zajsdlUExt#(7NAtF2iz@0noJ5LK zM7RKe%i>`ExL=8k_IFg*hUhNe+K1Q2_T6w;A${xH@ThO|&gsaFnVesCUg-Fb64IAr zP;1I^_q@rakX%QuU+~roR4FF1ism@sqvB%j)Q>e6bC|i8>&kmZc?)?=JaNJyz%G#I zO2tT1-@JJfcAbV)XYui%so$2ov{6AWh5hDu=>Us7GOFV|<^%Nad$)b%=lh&TuvuU> z&Z@3))>?-v4nT3K8|lr4%eJEnW+BL0OOOfD>pm!iX=TbLRKQY*%gQ>|H%`@g@Zxvm_z?Bd-jOPS5E9sU8e2lKAtl7PxDX3L`}4wXlJz zM=`xdeD*6ZV7UOpEq;17BVYv2m<$ruSp zE22ta(jadS78`ckzIk zS!NQDl_5#$!u_Lbk~rV9cm@D#RmIhRGeYIhu{bAk;e_>Ghb3u|kLjv#)r! z8}E7jAH~f_^!3!>PN|07Q7vt4dL?5YMhl-Nd7ja=wzeK@O_F?s72+@(W<*AXt%`XZ zBw|JqJtV|Gevxk|A}aa-AOHQPyC4uJBntyZXxlG%j8f>bZ`3emK8--cfwdNTUb-St zyO|&WM+aO<^ ze8Xwdfq;a|T<3T4%k&>5ZqCm4h>5#^GVko~rvkGFBwaCZFkWWS-Sh=BR@h7Ec*>0> zF)`76w9p&m*;&9#Ha0eq`%-H1kt@^n!bu)SL?8+{jYI$ff4=W+ zh2S>}egMXjSlPy)0fWhl>w*S|}2M7Rn_ z_zcSVX%!VnhO-A^=I?w>eiUGVE|6zb!Dxz#iXdx5|Ni}!%=2VcQW$mOr#vN4_BL3- zoX7%*hp`xV)P=T-l8=}*koh!EtyJ&gWOu8)c)mSk8FW5Fs9ePJIru+fQrm&xGf<@8 zezzQ8*6Xdhb4xDs(H8)o0BJ1%zoS2-ii7a64{0qtBEnw6`@u&fK*|~F0uvquwgt$H z((7z6sRE3EL324u-Ey`JVM)o$dkS%qEMl{d-FZjn*jT0C2`Vf5Kq-(9MnOp_)r*OZ zy$G}sIK;*$Bx=}=uD|#K(nkf_fCYdna3#{Zy1oMK_nh_S$!P#IrDNH@fVU!LKVZj5 zUjUIk@(vIDfW(S;)Y8^+)gb*;&VD6PDYtyw+1dFwUlaNG)oAe-Os+HDXfc9rT)<DUAzl&z1yV=|=DG{c7=7je<&ecY zaQTITw~rlf02A5xDqXqzm$+sNvW z1zDTJfuH}scVN8B@2vh$5vQZ|H{t&*XfWUXZ=vH`1?^jiq5pc#rM&oWrRrM%Y{&S| z>;J@?=UhrTtf?mWT(5`vJ}J)T!~`qzWB%v*`0oP#*X9dc*dCLU;P>O5hDHwvf%%SH z|1HrFJ7_xAnha$R!4>{9CJmqeRi67lw1wmU>!Ql<8~B3%?FB%N{C{@~%Kv=+-I{Tt z@9TlS?L&QV&@r`Mkd&5r&dms z%|R+A1*k4lv1e6hO`f0L2O8iE0v*OfbHA7b|Q2k$$@WY8ox9Qk8oW2F=L z4*i8HG+4YJgm<>Yu<7p{9@cJbY6WU%yPI~wU{=Ntug9v73xBR%c+Xqud?eC+`{Krp z$MTY_FW8FkrSUX4OP~MMV5!W>Fsd>&RGJ#^>2b&_9hNdNRW)4_+*f*;;)J47$^;T7tXrw?}EOYR3 z3z5jGdlR@shTU=>N?Kal4k+R!j+<%+u7Xe!nVAm}ZW|tc^byKQYz}LRH&IdPXlZo- z;6R|i>*nSLM})kF>XNFes=)b1Nv>w~BQ!L$DX(jfckkZCa2VqN6b5WsO9}@7nzrrSD6K(O#$SSh zupjf;&!k6dQ3wksA%(T04b_d!O(Iqu6tGj3+EoK%<9*0fd&ozcX}E!P2levoP=Dq3 zKSO&qo8z317*$?)dI}K-eQhWAiU;6kH{XVh6wTA6kd+FZjnSf$)6*OGNJzRNZFO{Y zr9jazkX)FIgd`3z;IdKFj!YoeXCw92*48sn1~CM+a$~ACuBoZX^t7|Lcd_<(ic(03 zjD>{-P>~3TP>?pte_9Yv2puAe52C4na!4OMc<^DYmefS@geTn=~w z3Z$Ky>#Or;G&F-XE_PtnuiJwkGn`v!8hS#769XGtBxk4?V4lCfzqP&n0^s~5$iH(i zAaEa{r<9aF00@&{d1vS5-WkUgXjFy)sn&T;Y%-9B0pErp1h}=7*=&^`e@iLhrgV}} z0@U?)p~WHm#}6d0ga(FYFc5GDhy$XEiVvYS0epl5NV~a(1<3^2;o)S}(KRSjNl~TcF(40t-4;A&H@AHNu)hnmg_8w7F0Zd6;pgt* zArb?=5fKRu3u{V#>4ThE;-EVpku?br6axkZ-XU=gXa+&GwU-u%=}J2qmih~Jh L z+$jcN0cLLkE5M+XI|ESTmJV15NOpzpr+aE6MWv;Sp<-lD85l5WXlS%tSE;mI7V(+2 z>v{lo@pxYF0F`6Zu8RjIxDRzzWMOz9OM%95bNq{s4=P;p2^Uw?^~JLA=-3z=5Cc#F zRIM)GZ?O2MsQlW#NE!6wcQ;0V3jRBR*G2yA&j)DYthALYyM)777@%6C_)tV17B>Q< zX9lD?mO|?v_Txu37P*iH9UWbkhUZ+1Ul&Xhye)!CDvB0)e#<)*m7fz8Hm^?s7w1E3 zi(+R_kK$Kc@_Z228K6{D#18d3Dq&%5`G+E>psYp$38Bx*%JSDLPzK>Cb7P`X0e&SR zEv*RBuzY16m@Na?=Q~)hNRT}YL51%^O7h8j>6w`f5T4#6uU>O7AQgF9A#=KFnXn3~ zy}atL520{SR2uSGT$W;uBVu9*MdTkYYG0p47XyvxGSr3xoRM(uZJ=ms*!S2Fl7iV84*!Y^q}x} z0X5A7k(K_-moHrav?3wu(HR;Vc7ZKLK&}m#d4@E^kycakj?HPhV=%4a;+6lN=PR-TXdgSWg@{MiPOt?BYp@LC=VxEDK5j_Z(icmF7 z0ilN*e$@pyHImnEiPp7N3nI>Yqn?<5kdm{1%JW>owe{-5&1;aK68Atbr3Y2kztiBI zQh`=p&C$3S^3yPn5rE_Aq0p`%DJ2yNxseW}BqgvWF!5ZZVE7)~J(Dm<)DQwsyzF2NC?9WP^$O$_4NhDwbtbV!c-TqP6lCIFitSZV6fEzpdsnn^`4SyYCpna zVt(GbeVYzSBMNYX;R5Y~UnYa1mG-M)VX?7UaF92>Rn2aj1)>iI0?{QBD(I~rp3@`W z5A`6Vg+mLMC=s9i&lK9lX@cP3;4XmQYno#657VK8s0+X)@=b7T{bJqumI9K4r&m;{ zoPq)2D=RBgv9QRg)_d0K85?JAjF;x@oi~n;t05os-P^ax&~5P+NRm8!5tNqI+1Q9TRRCz_e8g0=}6^v`lD`D+luU6n7%sVhLgu21^j(H0$FngBv`0;-wYD< ziHjovZ+Vq7q{Lj}w5=6PF5CxYA%^X2Q4tX~ody)39uTYz8b00t9Y1B*Vsw1`osyEM zni}!Z(GiFO^JVuRISr(UU@rA1$-$K>Y!~msp)*Q8!v#9V#=ea@Pbeu-xw*Nopx%b0 zVQSHjK^_L%Y-(%!3X$hev7r>y8JHxE0Y80sPK*?tz=oh8SgSwPmn19)ZEc~Up+6Pr zp+qSPzp1pIy~)MJ1^)qMHCiSnDt7iTC^V>RY>n^fKPTpOSbGTN@Al44KPcu8=BaZB z4Cby`mdc5XqXRi^Yi#uX{{0@*hFx|V(Td8;GeIOxOHcoY_AY&-|A>}b5VXJK=H{Yf zVx~e3d}Cw7wcDM>7neK(B8UCP=zVo{b>McqZbyu8ejN51KelQavr~@j4Jf|{1_WS& zqPq-K3Q7RCKLS_!4BGB}$Pe-H@#t7sxf}C3E^dEEoVI^m3-2_bekfIgTM@Dwpu>4p znNWdJ%2O)>FNdd-&r-ZtmGjE(L4fkx4pFBAipd`VMnDCCCq!TmJv}}Buxz&W=XD&n z)j*~kd4_C47aZr!s8yhMAPo{<45!&6XlX&wLFOaq3xNvG+}vD~UB93*Zvj1w0*toO z{gfSYYEJ@xG>8f)ta>fz;G$vxg`g%54_5^SvCYTnalTm&O+BpetwJy#ghK8-pp5}! zMMnXs1T^t;YAPkASa6F0J2Gkfcy974Nyx+6(Q#=YT?#u-7HN>*t}(LR61;`O2(+BN z!ATXAl-eMWs}vhxAmQ-3CJhS#P6)dYsePbQhWfkOX&a$M_9HaZTdTkr z3_NmBni>z9B9J)|ioMWdV}}F@AR;zH3lV77E0`EPcX>j7Y%OmwWIHc$iZyM|tZ8IsK(kd?Xy{9b1N51Zk&%FMJ|!e*mKrjg$qcQ6*Fuuf z)}R6S|M{Mm!2{Y;?9tKDdk-FbQp;P~TkMA7Das;E5&kx9*38`8r^rZrnD>gx${UN@ z#Iy_yuk(~pS%D2f*6D_KLomcqQc|j@szMe5pgX{&{bHiVCA^{G1+q&7;s&zrWj36f zCGe-b1ssz>JNM_{sxyq3QL8)~%2Ri+2pgaTiCiEUCJzq}t4_m5M3g27R8TiJ0zv^J z+aHi(nPf{i6E%1PdMFW*>hgs@{}r-*z%nj#WZedkY%76wT5fJ2d}a@-69934bOp43 zg~Gkb;_bBb?SQQANmFvE^o)#uwc@Si6bt|%h5k}PVb6;K*^$=PFQ7QZK=;rz*EZ0~ zN5=_Y4@#;o$Q;f9rRiB%^dj4CYHJ0_Jr3>zTELdgtgAzOzq|(gg92sWK)_K^;DD@P zo%x1mXcg-&mv+ zV#I!^0qJIMv1e*(iczEDdp$J3lru%c$4K-4V2 z{Y(h5(4*yFQzMXk5o`-V8mV-GG?<&q2t@=n3-Mpo)%-Ak=R`zAk(3m!2P=)>!Qk_a zAD%zJ!)t~le&cP

    gg&*T-(iFGzI}?0*!2n4g*Xom~A3%IGzR!|IWXp#5I4cor=J zKRQ`S4T03r`sYv4xHwU%T5k{uH}Yo#_RyrH5Xtl=9aihP77R!*^kP(hqh(+J99rwL zzr4J>Fy_ zkKjK_fCSO?q`6>|yk0qBX=zC*xC}7o3~;6k5eF6R>Ds|7ud@RaWGZB4HiEkeKwbe$ zR$Rh!ZdL7{C9FVIVaF!q$(312DP;@Dz)Q>L>JeJ{$J0SinAn13(th z0q~Z<(hSgbas0p(0CICQ8}b3z0*f{<82g#WdAdJPV}Q>Gu1n0oP;n*HP-aK{b%Sme zNCbf>Qcg?^5

    r2~|rMSQI|OUtnRG1RD2I&I*tkSiCMQA4}ro@hy;jUa#1W|Iq4C zlGz7Jb1R&lKL!F&1)>K`Ej8wg(LlVwO7(8-xZJM*WVQSed{0y#b9A1NErwbwY`Gc5>^BJBc`GLV(y1J?&o zg$9>fY9L5Cu;ZeTOCJH|rH>f{pb+(e6hl=_ZFbo|{)z7BJ;^won2Rg9{q@x9qkIYI zPS*egvI$fi13kvdb>|B}u>f-vu#yM?;Lb-bEdO>E4NMnLx5wfxE?ggj3}7GYEzSWf zp$HzZaW?p%6Y4Bie`32GP36G>?KcGIk~n+YeET=x!7>Bb(Z_fMstrFffFw2x9I1HP zEC6sayw;e;v}xu+elx&t*c z*Faup4LrZ*x2}zKA9CkdfuN7E@H* zE1-%0$J_fqaI3;Id&sv))M=*|?ZpT9_6SFpO!vz5}jhc!!cKQw$L3veJODzjf$JMEY+VE z@yqaJra-a~3}n8YL%<4py@EUr|9qhz4)bhe+C^yD8On!fQcRbR{44<))9y=|ac!vl ztZt!I>S1AVaWgYf?g*ET_+8&oJt)|6m>y&faYTJ3Sy0yT%owBI-om+X5{ibC>v9ZL zslz`T1lye z1@?V3{rFLlbg|Vs!Da{kv!Q!GHC#CJEdiQ_mC|@hDMI?1jMJ43lGro5PkFfyT8XPZ z?j;2~$=|Wua>qF5zXphH&xqf@P`hO~`30?7p7#1Pr>M0Y(tdR}W@t@Vwm2kj5M}sf zs%?iZ%2S`Tm_asS|H1>g-k&!8iQzCP;?1WZ=8|kbUa#0bUo#&X5-1hKM7Q=}F89C+ z$P$ZE5+qe+;A$8e6y*9ooPc7u8j&=9*O8}J^#*>twjwsyJ)QJefC03rCG=2E{Le3l&3bAH$=^5Bn;)c52d8AZS|i+vf>xtR*d@iHgJasB9ehpCi=cu zG&h?KEMqh)or<}QGc@T4k5}kB6A|}LXw~8g7JKo1Od*kTdAlEo8@F>&z@6hyga|!~ zd1LPBchj&i{l{>`Rp{h@hmTrW5*1F1XtmMDtMG>kUr%uSMY_z%mPEUwHM)h7>ucfi z_u9I0GxU?u-2>4a)$k=wLenPPS!g7){9I&xc}L!`FF^8A)ICv4KH=9n`D*yMlGeaP zHvIM&jJst?YBwmEyy?7Mb8gS)N(2F*MOw!Rj>Y3jvn;Ve0pskRluy-&PRO@48Q<51nOJkq_W}RW6o7!-nB3d7_9roU3!=8|m~3d+(d7O1vFI z@G$?od#L->DLxMM)thqt4+828*M3B)gCJ-6a2I@xAh^UwrrVR=g*fnR{m!pzS&WC>QW zzilW1RuZDP zC}F2%Z8%)OibE)vu3>EXN?9N72*i-isnufwvnud+OQB1_zgM`>$XmY?cuGKtb&!xAVJ4}6M z3m!GQ)%o?*4rVbS;BW8H8R_oV(5-#pp~t09fz&70opwBsh0uh7Y)^*`W@$38^;-|) z^Kqlw=(l-9>ThxsiCG}R7Yr^1aJd4(v;nL}{p5suy`22=4g(+qP zB_^*6{Cwi)9BxST&p*e;81QxMsmBH+NyVz=e@ z?k(;bIP~O}+8whk(h6CVYw=Kh%fk=(0P}e z+T2Ac(QB|JFnWEno*;BGpVSj?n#kIlLOGfQQ6G3 z`vv}Yn|sY_>&Dim*jl6N7Ssc(4wMern*pBl=&JQ_flWOpcldOI)FlEe(eVrC*4KMs zNA25ky|})3+yDogg6_{GN2V=LQKZo`X zsK)FG1O@icqv4bu?hd6QWPf%b@ncfGKEbLb36R3Xnxxu4*iU@=1paK|WbFJID#Cwj zet9&TYpQliCsdAP@pEW7vG*S(^_nGx=&zK*Q20+f22~}k&=z?YkDRMAb>T{X})@_ACg~9 zvw~PXs-NX}-h|STq&NiGIPljFP$%`IVkkc?=^ihSpX39A<+CqAYU}#Fy@s)$X%4Cp zPWXQbSe15FJG)c9lczo|LKB4laaKw?+5HwsL-uA)G|ltn(uBa+eC7ssPv}oh)Perf zQ~QNF=j1RtDjF=!bc0M`P_$m&)j1|Jb!=?>yDmZe`J)%9U|p}<%Xg-Xw67%9pWR$s zF2|H2xWpP*6euPzX<|PoL?uP{drOH~*W@|7+xTU`aVVOKexvNCri`N&B9PZtG2a-e z4Q~2s=qXK1P9THLFAyU4>r=D7)UkxBs8a=Gvk;hg%#lg?&`a{W^hBhGQ6txtUehe5 zq@>wSC6kpH>i7Ni&r1OX;^z)`+i_u`t0QR_pVoKbG4pY}(Den!=fD z@z6~7WHK~6&J;ys7nUa1N^QU;1pGogiQ4*{WYd`W2lN6d&r-eF1igQp$tFngWA~%G z9kLL8=C{Bwmg`%;dkB%*hZfR|30ksEyy03ZS+ko``1bWjmf8H?+$wSmYf#mA-eWS~&h zndp>67DtG(x*VAhE5Kzt#uW zGrP#`@_JIQC0!(#lTlxf*5(lBr3o?j*u9Rdzc)&0-T%Z5ra?P|kufMYdHjYI^{dCH zn#!@Q-&GPi(%vC-|*!CZQ0hmb5YWH5D!gS1m(b_wOyt+W0c{zEbtJ-G5q`8#!u zOi5+Gh*qVu&`-o>Ph}H+0jX!@iDA+Z`+nPRhqKvZ-@zP`uUKyU;&5*4Ku1?~eJu52Y73c+DYO)Filigv$mA_GzL&H7V^>v4n=#LXrJQG> zDXeZ|Ep5TAc>3(nkoQ_eY>H>>)f52(-0l15LA&#h@U36)lCvIvY9e%x2RW*^0`#7z zVYV*yt)UPq*Ok>KVtaz72PZ74-o`Af4>yEH3Kdglp<>%TvwbARd-St<%ER>L8TtEI zODj9M^AycHydc$^ugV{8tduLv+aF1m_`HCm0U2J0$y%@5Tvo|)KB1FdhOB1q4rF`Q zw}ttB!(w`M!ZEaKd2WA>lFRqSTAooKQr6S9#M&NNk|VX11pN3EKYwDZ>m)87t3ymU21n3My%ur^{xb#`H7N|`c=YbZ zaL2QziSd=NEk*dkACH5VqcTUCS(dZMPt6#n2&T9LOjzDmSx$X4P-)iQMEguRvZkj=v)iEFKs|p+O*AonfnRJx}9#HF6Nwy z#DxV~<;6+h*B0dx>Qw;ChT-Jo%J3>IVANOM-JVp>iVwqs;j5+?A!$r z#yO6p<3~N|ub7p_8eVkdc@w-H@%GyLRWya7x0rUyS?sa-S*69LMLU=sYibB{0O!h6_Q+6lEaa>l-1kDuJ-pUpQW*XdWv&p>zp5d3v}lb*S|U7X00|?3KM6J z4|T|P7G36=y-ZK$y0Zv*GSvLk&@{s_c96BEFJ!ppCM{wmwHG7Ax+xg8W6=hJ#TZ`% z4G*)o@x-w;^)itvEr8Ad$=__CSI__tw*B5~^Htc-Dv>@J^}_T#V7L-3l`lqgzTyb% zjrH`2@gd7;&ixgFF+%CRs7;^iuFix({-++eQiC0KU+gnH8R1$-9o!Gps<{nz9XymK z^^Db{Bh~b*P;8A|cSJwq$E}#|-A~9sSLKf56j0p#f)(>gI0~hPnq^``C#bRj84QO7 z9rFs2O9(2A^o9}a@Ex;%lOCzcc@#l1KP=0Pt~1Sb%%DSF2fP$A%+LN$HDa37m;LB1 z>&Daol|cHR?7XMRJ=Tv`=#o}GUvu|d4U`&qc@hINl#y#`U}dC+tBlQ5Sc!g{xfp`< z5>Rmr2f?}2oPtg2_9*X*bIafvdvXkewCfz#ph;cElCPD`ECepV=S=|ViL1so?Urchv?KzLs}L>R(PBGU2~ zGITEmG;BYe^6#rIzew4f9=TX9y2isZ*{C_9$0t+hE()C(^?&k-Gj~#c^QAGw3;aTa z<~LHxkJfZMx0D3TnkS0l6PrH?)(w2dePxbXE~Z^LkawQV0$P?gX6uX^hXdbssLgC^ zMm*~{Pg54qrmD$hlORH$n!FZHFdkO6G1*O7*%p$52M2y+Zq57s4l_vX7@vfshU8_h zBrRwa?$+WfHuK3SOdaYOX)s>Rl$L+{TTwHW*so3eLXPow# z$(K2cuJL|;@UF(n5Udg+wQz}@{_oX8yX__R<}i2X9ytI>UD|`FsN7{pZ*R9c!>4R0 zIcF)UJTmLs2GRLPPZ!>#rMsB*`QhCevu{gC-9fpc0~X@9y+7|Qq@H#~;ZVzq`fUET zAk8{R7ev+HDL=pu=)b!*mOPbl7Q3uo%gPtl%mfx`GIWm0A>Z#}E>LiytjuGEeZkHt zB$3x6dQ-wvqaan|#$ z=g;*emJjHJ$?ChEu-4<`8T*Z3N1By)uOfWRnSmiNUp+6&Z3Sg zI8WMI%Z-)th|I`z__VG`?fcz*S%O;4cN0dW9(AN*52iYz}Xz?f- z8p7P>NWs-`^(rFswtdeRpZyt7#u!fVscI}^J9yBqjPFe8MmjDHF1^&gzBOlOOsT>7 zc;dB-@bUYv)ydj;M*!Xy(VvDMr+owAso`0ojxk)%t?HSKW7uc<+Gl{OS)?cbEe0}7 zXtX7Me3IIcqJ|D1=4d*#BIZ|#+dU3>Yps)l^v(RDhWXY&*BZ{in9;kOp~-7XwShp) zP=~anG_`HSeie5XC-aE$PHz%qcsgTNd(!xsFDDrn_oeK4(-{}L2zC(vA?MFZ8#5Z7 zWv)5CagDF-%51rA37tN28-=oWCJ3Ut-rj!^A6R_Et!e~+3OQg_m`O3EyQgdkGd?5j zMIRmvG6{q|SJx=evu~JAX`?@EgjgF03t%hsXl^;Q~87}{uE8ule8T|HA zPpo%5J2nobl{86Cb`Kf%P}P|@|I)T@vu!VtKdu~VbHP658=LWvhAxW2x5(dvx5_i#oySf+T*Cr2 z`k{IZjd-^;@n(y~`^;2R3p-UjGM};ABMO%6<;^oItim}&Mq^2n(jKwhGYbtl7bI2nk;QDEeM*o?>WGsYK$*p;_mAL28HdB9zlWKg7UBYmKi5h^P(G- zFz&WB1W&lgGFOgI`Sms%Iis<6&^>9msl0fi(ZV34Ld9(l(*jp{;5Bgp$m*#r_CNM| zb1KJ3A6FO=GZ?p?Re>GeJC+d~2zNHvSnaNRd$}Tp`^U5E9r{b1w>je&_bAW^tvV9Z zI)be98#brn7*~hdt?7zM(YewvQzeOpYoXdK_kOi;U3qW>RQ{sks$Z%vy$aW{R^>S- zl=R05fYP^Qx=fI?O1t^Ba(Rj@D3{^XwovVD@g)C}93Sn*m7ECA-gJl5=VynQ(c&}7 znwZrsT!?io??UQt!99-Z$`w+^J9>zj7lTX~p{UDs*^h)0Q%+c9Y4wPE*YI0M-qm1VvU_!#hq^t%0-KfZ*kYB3v-+|s_vY+a>DVL} zkf(YOhV7qhA&HJ2d|8V%ZyYS+9duJR@GBNa6N|9lUnGKCrvvd4I$1m3BLtzH_xRvB zZ1=Rs)hmCCW2igiW{dmDJsZ*DoyhVVe|uyK$jPHlKbcOAq;?GSO--rfzN2{7zXA}Q z$C?pl_9PF;8ri!Ch#H;QjlDlBVVQpl1Lfwl_G5-%sMFof+OF=CR@ln3HMClcW5$Mr z7hkR$P+G$f_}WGjF%Jd5={FGlb}-spM~}A{*E^+jxmnnluKRNRc4V|Dx2s%`V`+q7 z*3B(rRdHm30T-TF;rIiM;Bd6s9j~H$!2A4alHEqfj^Cn|`;bA8Lbdsj8Y z`OB)mVRM!0vjl<5@zq;}bvD$dto5^$MhW!Mwvg%w0v}&wf5qmmq8Z&g3;J_R)@#lv z_Dq|kdu^@JM3&ne{`jUIq2to}FQ@xa9xZJ(R?@w;xwR>wC1eFFU{v*278&0%%{iwQ z9w%Ba%h<4XKLO>(e=EU9ifoVZq*D$IoERSJ?$Hd=_+*4C;j(nI9_kuzXN%2nBu@%8 zQ@N7_+WG493lAB*ywgw@tea-8?0!CHyV~Jx;~}BqwxKI^d)5fJ=S&Dk3(_o@*xWxa&C-{qo*Cz_FTC92vzR9M(yM!P3XySGymzmDRsQL0yAq8HMq;&T2cn z9g;!XT5l6GHH*yZq&?O^!-c#X4P>aAs`$?|M8{+BD>rwV=cvDF^cG6{4cXJP*Jp6( zP5ekiH(OkY#`DqT(?8-_>TM$!(Y|{+N9wPiZYiNO)ZCEjNo$k5uvot`P?q_stV1`| z6{4p7Dka%jP($qNjee2T0YCw4pPx&7G<(1%V;?h#%QFN6go0P9Vo1G9g_SWt9?059wznQ zQi>Sj(0_BJCLBR3aQ{uP{;$)s{{wXA|0)ywfA>}&Rfp?B3JO!LV?O`IQ3FXC+$%8{ zIak`5ma*W!x#f4i4-);~6!QNWt^NQ1WqJrz|358xQHlCLXR!SMNvmslHPOFX{17IQ zxl<;oFG^@kqMWz7Y7k~Kf?#Jflir+iLMSGSN7LswmGwhv2~v!~-gfJ}?y%u8&4!@S zH+$V8u=)2#2#MOc z;;0?{W!2X^y?76dfUGvV(EWvrBW{sdn+Dmn_E;5u-uvTgntz)0c3kj5dedO#B)MpV z)08P?l$^E2UW=0~&hy9ONAx1IswujA*O(}~r3ycUL_NG)CcUoPnh#R#X$2c>zg<3H zp$&eoZ<$wn>VD26rTOq7STa7r_PgFr87O32+;7D4@Oa}9ZW{H2U^MqE>I1#xb}}=j z?v#@uUU|keEbP4LSH9jG0}q}3YkI(S#_GRxrgzDP^|YnqW>%8mK@m(Nn`LLAxXp3N z4Qx~vt2yVJ^r$+zqBdsz3eI?_b#rnu`_LvZrN3ZLguNPQ6Kb;C)mr@PpH6bQUNV`s z&!#ns_3lhf$WzqDI;i0)jA21G(+yQ%W5z_6Tq}k8>rsR3O<}q{3J-N#@$#HM`0W#) z*Ldq#VTk_Oud; zQ!J-;+@IL=U;gyI6iiwW0xCQ$B^-uNX64Xt3WogYTGd6=6 z-Q@i213z0rZE-$wDnr6pYdGVZ`DewJFNCjK{J|%pmwYP(IMDFG9|4W*1AwRBGR zuoO}tm^}s&*E&}qaDyb6_YGG+`^X$2M!-0}K+6?5-C9M9H$TtlqbLtbdv9>=XZf`sZwYXZDDf+YE z*-1zIe@@7Q_FTqw`@azyxtQwil3vc`eKPpPP%f0&5p2%WDUZ(iKKCZn?=I;FZQu_*KoC~g zB_iQvNCX7TPn`r=|883h7>`!E3%BT_&nqfbi$<(=#)Wq;9128L1l6WpmNxhQ)ZL5T z;$Z>8+-E1M9z7P++8oGd3*kG2-%j9*{ZfG_;{ad09xnRo6`TtP*(94Nv5q51z>db2_kZHDbcs_wYN47bA89POGCz3lz) zZ{>*fnj%9yU+K*XVP`1NxHw&j=!}5eP^k9!y$zu2k%?053`Hxy=G_Gh+fW_a#>%GT zU#_+TWd?+HQNFFWhh`Sz>I{)sj{=%TQ**jH6rZoGPaSqH^$Mo z$q^Nc__{vJL&67lsF+EVqyDoDhY4;sgFgFSBvz!&lxq<+IFp%`$3aO1dWL-0zuT&& z3ZF^AR9*Yx{{>A&{!uK9X7Ql~Rn&CrR1lSF>*Y3n)^g?vbsbGJ3Y3bl&6>`BAPnRSzM~_ zaB>1>vPAgyq;JL!t{9OX8O`7Ok_P&_3I~^#k^v=sB~SwgXliPIzJGYY6@1UZF^t@) zH=r8IqG~UADKB`dkF3FN_En@I{a);b)qeOHH{;4X)x?O8Ex7i{I^J?=pv!Wx1dBbm zev4*qi1;iz`FqIRRaf`XQ*^s)i97bg3l02PrXVJtpR;~bcCWxoy1fV{_{B_#=m_q5 z*wi_j?M3vXcX}01C><1&{#fX;4_U5ArS33is*9ZNn%OlLrs;4{1iLNCGEX~g8tt=u zUu%t*vwpMQizTk>IBucDd$%&1o0Zgf(6uUy8MucU)FNIQyuj1ss5#%c(0UMv2=2MAcP{RHCKHcz3jXjcVIf&GP`Zr zA&5~+Q=s!U7}b*l?spYSx+o7$>;yi=#QTV(8;kUg&I4O4?;FyTMf*iR?`aGMt3I8d zDOFUZdC9DTq>1cJ%u9P&p()o)!eB~{WyM90%Z*7K%>>e^tzIf(5ZOb6#VfMz_7IWz z^Aq+X!y~x(p{I|&=3%zk>opLx$?QSMits7zq5F3j|BA-KX5Z(2ER;ugFTE+NswKUf zb6<;rtzTo->(cGN^ThZ?xMV83BJ-K?r0L(IShVdaL&59JWVp-EyS)CTaO;AzyOz(n zLo`0CdCNUpm%@7!;XCXuOk0)!+qyd?eI6G+I9HW|O%uE9g7!=h9#(hPcYjQ}2tJAGr%bjIRonjajs zoD4L`{DmWVY#Iagu-JcZ)k*g^N8$6mO;$W=Ej+eBy%ESLw5JD8+V)-Lxl5cy_^E$D z4$kkpN(W=+zVQqpYi4<Q(JC~0R`iq|0h=eJSUH^`Bb zpn<1$N{WTG;WPBpPkq1b=0cL>P9xq~6F;rXZE~q_qUKC6f~djzQZh`bDv;Y5yS$ z4~o2Pk3ZzQ;57F9JZ33t0T0-(eN!TuV`YI}@=VICH5?^}ui$IvevC9BJXLQQtjR_o*a-TlI25#x`k z%=>O*``3IK)U3Cgr|KK&)E}DRPrlaUb<1M z@(xZVEzalq1_JV4`3X@9-c#4KE^P13TMMLZq1gwjUT=Py26V0-q#nO-v#Ydw0PBi zGHAozwm$t^UCu?P*8$XI75ndBpKbow3O7}d;c;oZY?p<(%LKX4uixHARpaFryJuAL z>mDJ|)JJVn>v3Vs;@c}G(kmK$wk=xyRX#N=FI*i+keQ-6TZtnqy`&v%F=K7&XUIW` z5IAjo`tYg8m@e}p8Whc+V7in$uQU+pNNQI{T09!Kw4$+YqWP9qKsw7kdT2Lw?o>@6 z5F9cQL&g%`E4L56O&KZYE}y7-tB*R%XctOTTPWVqqt$U6$SRXG>_t7~dzU_iMf`p6|m*NmDx_A@em^4Lx$O#!o z-ECzq_Y#j9eR1*nveTWcR{hz&1joH_p26?%9yo~YWmHUgxJPpAT za`6nTR+QMjwbmqYP*1rIEm~%?i@>b z23CK|pgz66`TlnLe%W(iG|c8MWBDX|be=YtiY-W0aWR=(n|SDz;jeD_Tk&4Mx+N8A zy}wAUVuu0&=VZatT%VaQ0^M!($f|xeyz0J{$7SBhq(c7cZ8`T{xO?lD*duJjzs8@C z|C)wm5s10<^NGxZl$@S>4fObYuE6#Hp-E=Lev>ZDFZ!qZ5qFq!KA}@dzOq9zf^u2!*OV9 ziTv@14=!P?aCL<@2Tn_7Z%aKmw>#pVvz3~s#Hg4k0y+F%501ORlQA9;hM8x)JAcD*^-X!Q;@{f_n;1u4qK+eiM4YlM(ZPkHvy|fs z;3IL2z-AYO$HVHWl;hho zPSr8nl<&7J(OQpeJ-f_ENV{iUI&4epcGTzP?Glde-cJsq4ORQdz#R~Q}ZVX-Gs%q`p3y(!IWBFgSWZMLp4G1l+y%CLJ&TOvoNqma>v zmrvRE08#P;L<>x(OYOm&;WF^#j02P5-Y5RUklOrh&XE&f3rsz8s1T3@Ug~u zcyb}uul9nqyGO9XEL|gEAf$`vt^Y9SmA>LU`CDtoD=@X@`t9rNyv-O^+DO*|9j!BG z(k?ImzVA9&bn>+d#+w7W)Zg5#mPSJTeEQACHtGe>U)5VFK5N4MS&NB%Rp;9ep3LHU zsVu%vo;%TR`}dr^bO+C?!Wv2f{eFTMt7BVxJ>7jmGxjB9om^i@ZdD(7mc^^72 zG=mjbKPULxe}8)ucwn|uwt8NDCkm&C!6&KIm81Gz8CE;Yrf}{E_w)(rVj@u48~XiI zXvBN6V_m7?BGjjYXM`M;3`^CcQ@a_(+~tCIva+*xr~SNffl@$-?4{1-y5Npqj4@va zso&MDy5^n{=V^zQ2}5#&5q6JH-WD;-*>69S!((^kK3-|&Wl7xa#K9=(67vrdsUhrf z325nF?edsyDp}aru7GU^rT|rKIA+`0Ozu_30q@9{$K%I)szy);zQvfvB3i^eJ070h zr7QAcF}baWkTrUIOzb2cuzIKM7q(|8@Q#(d||YnwU$%hwNY2wZ{8@N{%+k|5I{A|DTd0 zCje*;JWgyG`0-y*?pVZsDuG)5H!kyUEVxVRKb1>b|EXNMP|!Gp*MR+a!c%JhdYb

    RxaaekA|zv zD=fIfO2xomb;A*JbxO>ZjqaQ5_u4Xp2p!F4)p|a@N?(dEFRnHnwwXBjp008>02g;Mu_F3n;9Z-8aK9Um|Gt78&y*ZdP1|`V{BL}+thh?WRASOknZH!|15t9)m5w$FEB3udHRQzRVU9gV= z-IkCrJi92?$CDbS$r#xilSY85OvsYw7`X?R5G1^qZF65tgejaIp^W*6 z{MWMuXq&8D2zPwNhs8yJ=qHxzLtS}F0Q{P_Uq?T?Yld(WVF`~Ipq?X&e2*Wky3xO3 zGc90?(^v6laNELS$#dRGP$Qn`@KvN_K2Yw^l=@|f;hgtlhQ^06REEe#q#{*GNQ3gI zh>iojH7K0}&lmKdxchX$`}Pn1OGMRswfoHxVaTQu0gX0&&(e(fuGS^3haSh!6(|$? z`PRXGCJeshi>EBnRr2X>8F7OZS*O=>E0R|xH$0Xlgrgc8O#%V&Riz))c3Wn7&4 z3b64ce2Q}P`e%uXYph*LVy6vo3VxPY0SN0U5iMl`SDMqzL8Og z#qdxZrcGGTKF@!_m>}mqfz!afCWE>eRP(`l>zz6N8$x=MqY;MR4+qd2NFPtyJT8`` zUL-%qD=nS;mu_=5PnX!Ajv&Nfl#ve`nYK8y7Fv$=#hF>bUH4T3{2C$4{E=&p{NK9V zH%*pOJg`0dL&{q3!tNIgPdS5U@dd2cO}5bd^%iSFPnf)Tl;0MIO8hSWq@D@R$PXJU%%-W)iGHuy63bG#ki}Gx1MT);2Ca7ouXm(YxEtHjcJ$4FpJnR-dwZ%TXcB<=LaB>mRr zpjP^W6e?o-n?4Dfy8^tA;c-$`NERbHNj>;_=wysM5BglLVQ6f!%Ctkm*%|#TJqoKO zVCc~ov|D&^Bse6ujU}LDyhMP`@7zGaj_J=r?qFzJZ8Cn!6_u5lNd$6&MD3zaGXSEE zy10O^-Lt$`14~QGDck+M1B);PGWWNDYikTED^4F%6B5NO_y(!!ffaoSM^5MSo$qU` z$zR@Cld|5#2Zq-~?Z>gA^AW}O^Sdr4rlr}6mgKgZg{o|28oKqry+jaGo!rTu143|@ zkWDr~%f8#;4fe5@&&Os_fQ=sDljULb2G~OEK)kS{z9T;c6c@aag`~<2SF(BSjX6aV zh8Ru+VvhvFd}_C*;NkS$Y%+yi8#E}-VXu@>3`D4{zF!Ud?6xmcJSbVp9i137c~dq_ zx&7+P-~?O!H(c!A;?p9b^U|_p07!q z5r~49_5^B#^NbvqzvRZB)Ahf-+0%Af)P&Nl(_k?%MlD#g?-E*)?K@fN5z6XZ$Y2EX z(Pm???=G`PTYw6$e5MeG(p`*`*vnV$2>K;O;kSN>g~Oht+6rfe8<)9;W{gId<&{23 z#-G-);k9SG%+G(4VHj0AF1v9cf+}uO!0&9iwAD4({eG+#G1(KrP}xQl&}X%~N|HQMewSb}Zg>lYwwOd_Vn~KT%YkW>@RcnE zi8ZmD%`BqRdv}C|pWenM$nt`Q_#wV#@Jt5TZ2hBD8Y__cWf=hz_=r(_=~kftAut^D zi*gXVCfi|NFXU}3f5ZtdPtN9{aHfMcM))aVYkOi>{#u27zM(7ynkHSvKtfdbo4;*W zqE%86I)s0_Z)(w2E1b3hAcPe`b~6&DpO^`QQ|!{+X3Qp5iv%Zm5~t1{H_3La(JkF+ zgYFT80zM7hRaIVJ8ccedT~Z^b{UtIO0rw|xN-$S& zi=%=K-yI9g(VP_5m-S@P@9tzU5lG@tO3SAcN>XD(`vaWSsXkATW!=pYK5MToIb5n@ zYK1YsjfsTey#!ML zb>ow}<97F$)30sbYzCeCN_Qb`3hMIawMq{n>o%}=4}^shlxGwj<)!oZ^%;Hl;V$w} z)2ED*ItFN%uE{AfD6``K=Q^Ov>os)u9LpJ*u8HVg}*j25pi~ zO6M7AVKS2&pGV$KINzI;pT#UH{VXU`L5F=e>UQjV31a*7$mIEc{nB3Mnj<*-%|S-=y{TK3tfOus0!7^Gzy;qXb>9Ma+=5KGYt_cGS6GO!4O8AxIbkmxI}}AH^P9!XuK$O&w~VSIXtRZp1cFOKa0tQO z-Galx-Q7L7LxAA!?(TAMcXv3r1a}DT@SWuS-gjp1x_9o(T6g+aExNi+cXd%us75MKxA46c(>fDX;aNzY={i6&kY;o62b}3UK|#5k z+7hZ}AL>5Wcwc#cx*Oke$@44OXwOU_Y^d+Qot4Amg1T`&TGOhtyZfW20+zYk1`ED` zrStOo+x}#8TUNqaFC9w)787>vZ-a;f2dwWluqAWr!xIP-9p{?@JaP*2&<$mWZ)jV$oPr!4{QZxKgto{Zj6(Ny&+yS*0a92j4|jK zo{wHmci4H``cA=tbC}^dA7D~?I3APB&uW&MyZ2T_pbdB=99BGF=BstaTt<0N8mrl} zvYC>cwTu14`MUaPCLzwqT|EzZUq7i`5iS^w;rasoo}{McLROIIiZCSIC<6k>PNdUi zr7)favF3DxKuY5BZun01Vw59mV>+6HW$;9m?{WN~yKCu##!fvL6H*qR^ohjM;r&_~ z;e)xr5s(}GZC5wqjCu)|ib%o|;M<$P&nM-YJHwBld9G5FGrcSR(MhB>9eSmhYZPTY zeseJgv7IH%9>}xHua_uz-SJsMIqCx9!nR6lNLVecoV7*K#Pv>d%BQ5Z4n&{|YJEX1 zQ7%Ik|2fc3XPmTtNXQH?rxAuq-Vt{&7J;TvtrhXT-?IxXJAzKJtlgOLBe zdCQd%?I1FSyqt!YGwT}!)OST~6+l9Q^X!y}F#4+FPrnSZ(kQ~5gRrA{Y_kQhOzd(x zpY<{eSS`^>Cc1BdYm4g>R`}i=nzON~qU)~@V#uFs^ZKA#zWF^1999YY1`rqQ&N;K{ z9q3HHR&aj8XOgeuL{SuC@Q2OhP9FvRf;y_vEM@d+@Xw_>N9;s>+{o#ER7ZAul1g^Q z)Z<#)tX8~(!q|NA$Sb8GF--~~CUrCFh!c`Oc7c9uIxFQL{=(|TETZg`epZ%yF!Op{ zrtNiu7KwNJN=;ofzvTTipxoi#S@05(4h>pN`+bdkp=e)-xmH3Y6;#H3gIw>hEV<4m ze`?CPbIR>!uKM}CF7*dOqi@>_X~En|NZh0#jh&RjFq8RbIH^nva*t8E+L<*9o73^%O_tZvj~TgNYi&P-)@pox z3aU#lkXLABj`KSw`Yy+Vf;{V+6}eavXV;k}_R3w*1nR~T9V8}fM^l}XhCwHk{Gulb z`EY*TUowRT-Z$#D^+jnPkrW#ALzsZOIVD|Ny{%o-m(Gad;~CPsweMu%e1Q2(DK-Ll z{qI#@K5Z=3EJJ4a61{{CJvcJIU+Ya_EN^GYP2s6Y4L`+I@1&1j?>w15v^fU5T7Z>9 zkJArdp6>3NBbx+@5lQ&?QrapWKAD{NujdOE5lZ#=^tt=3q6uN)CHJq>a({qN5jn{V z;n-LaSm%C{KM=&?qKskW^;L<`iLisJF~%L9ToZS5f!^d*Qd+851b^W&>0`-p>YqBY zBo0s8r%T%WnP2?4o#>|!CG;-umUcc__08oI_azVQ$aCFSE(xx!w4Qwu9+V|z^I+zF zZJ2k^Mv*k?`H?ogHa&k`_9m)SZ%J&M)!gTV=wqPYdWt(Ld|q`iH^ z!r*_-b=`%J-#titQypY*H$2k`ONl~AQrT-CUh45qaAfFDL2s?vl3?o9X>PLmU!++W zcco0ltuP86@}RN0EO?5we%MWqn0}ukxy_6z1|EVs;8>+L@Ay+9pG9=hM?o#JKaQ36 zzc-bXmFtr`OeYB-z&cyg2JT>;GO$?arJJ7JVN(W&e2xOd8L?5vHJh@~UiI(SNL?11 zpH0t32N7U8@dC(M!l%@?=SNKOgp><*+xyv++v0pW0#=1uKivHzK@1lgELrM&x1knS z<3CeNd@}xm8mA~`BrG>b4IU3a{DT_hS5;(vYS^*sv!%GW69r775miFviA9-!xtpIq z)A8Zi4f=vVw@U~L3NC^jF2H9x(A7V&qiVlx3b#lurC+dd26Z#o!GG-8wIKq}Y6Px3 z3jP~=$c9<+FI|AYOrqLxmGR$2#=)b1yy^0biop5{9(%xUushXPI=V=(44b6vAIYfw z=x-9_;L|{(;n*wW#8u}N>pyzb;Pbk3&;MdDw`QXM{j%7kw!D9*DfOQ)v$6mFss*Qq zi?ikBW$KLg|60_m?7Z)HdqDt~#@RR8W|sbnZ2e)1g~?yGz3x;9G1ckwCYjFs&u7^>BH;ya zZ8~Oef?MRO@)=)fM}NIc>P%m_1?z{pfiI=gkL0TQ>Oq8p)qCjX!QsN&6v{h6ok0xN z)o`R@#*Axg!CFX|2nN%?lBJjD2;w@Lo@ffS(XBKoNqn{1KkI&?R!~+t!t@n5fK|J% zboK!-&J!FpF#)nhIWLMZ+=g|F9d_u2Ei)=Yh3Ak-uCd*qA-Gl)aOE(rOMh1k2~$Bz2dpY6Nh(FN&c_{KRWfy<0> z7*SfTevy}+4Qai>xcH%$U+Gp-n<>(mPB{!7*OT|>0%~G94G3^s#*9GBjArx-rIo1$ zZ0+?SJ-wgtM!tL%C1r9rqPYG9d>l^Ph5J!P8T`|@OdQ^pT)>p{0sC;rTP3i+MASBz zh>{b|kbTl>^o(V`voWofYif-zxd|KWg6e#gd&05S;8eQ`ZS@3{7+no4S%zF@$R$V~ z9#cDSJ_TA?x4)exP4hKQ^U!lAGSY(_$>hqE%;Ao3MOKMtL*SHq*q3N@+Cm5olWLDt z167VS7heb8=X)7jIq+9m+%h$oS{bZ#FwxMl3baS`k&vO8PT9*~Q&j@??l6I_mRMK1 zDFGJ-^%%?Tx7Jp=H9s5`g+_PNzE~Ym=_F&#$@n3UH00M1+45sJ%Yk)GpXX9Yu-bOz zjQPxMjTN=b-&?=SBS;;-W^}hz|5b)}nPKAr{y=~nWtS&E=`;ptbq2?LX_Kzh`7*`S z#qyx9Ff*A-h4BYNb+NgdBTU+i<&5+0YztDeSCE8xIU@2m1t??}NI??i_l8h8+RKak zK8wq%vbrR4_Wt)^k@qu)SFmxOeTw}IoUYGAQn=pkHQKczqziaj1nTC*9^ zL)~rMTj$0~X~~}B<3<)}Su*1lb1*1nm?-qd>__s=ke0N$`98>l`oRJ^1XxdTgGm_| zk?`rvx7Fw4BQVx39wWAuaKMR7&YobjVJEkiBI$XG0xmv1>PYa?^7@^ExV|)^9WR|= zYD9ujdu?WI>mG0m8~UilVCJDdd^k-I8+q(yu#8b|};>v2Cwrv%8WOU$<*sRh#Sf(mkegUEC=>N8i@>7&25p0`nW z6&w?r8C3w$QtzR{2Hmb!MM546RS+I%%5E~~k8!A%u2OBHMO|FI0>R1b6WlO!NV7Iv#OF}vb)#8wV>KMmPozjg6YzDGK=s=}t&tOCHP*CH z*reKPZ{{?G+7C~?@aQ(Ms^d0n?Fk~A`UrH^@8mCLQ{1Y^A@l(m(y5j_qMAexWC$ZG zdE%+uQOUnd#5TVZ^@I1jt)0EBh`F;YGrSN-T%$-QzZD4ksNymEuo7rKLd|2U+p(xz z&b2X_6pVcZ9A;Zt;^6Wv%JxTD^aPSK9IH+zE3RlXfaquE6`QBo*l2a6y(6FpU-whI z9C4^kn$%v#WafIGDW6sa#vJ|((w41^nME2-q(+_XA=bLdc9b_*XIT^FL5RiR>Hj*8 z0Duq+-q5~Y2Kr01aA8zHhRuW6e(pSEvUXMm7ZvOJwXDKBWo5REvRC-f#bx zcM%?&=|%pg>eU=K;ZaeNlCXR$`Mrze8P=)AJLW4}U*+r=E?Jjr&ckFVP<1AlW z9!3!OW_gR+xW~ns_m?{}-9b{8E@oVXX;Nw^NSCTvBEp-C2C z;Z&diUk8Lg-g@(y;9{i#7`$xto?mi`TOqu*gF_Z&HZeb=+qgW?ZFm-}obe9&j_-Xn z)5FrRKDM!Gm2hK&eetRKLRsx!+Y)D-Azwm%)(j#skB>K|>AE%qzMnky{?tz`4 zUHCU$b*Zss!;OZsYLg#tagcY54+w1yciDZ6bD=tTT%E%va!IAU8vH_1Fg%%X06LOn z7eC`-Frz()gkj^4oZWx8Hd(1y6^-S;Kg>vSqi?)nb!+->)W^$Kcpr?BO8aB$XyUT!(ho3Zg-BmU|w!D)-?=?A^ke`__9$ z=gnzK$!x1?K&>%(Wt)#S@4=VH@+}WKjViUkCp~ChS>kqdRPDw4U707Mwq1g0Osq!t znrxMUJR!wOZD71AaH>jN@FnWgJYj2^2tEB*sE@d>O@4J1FgmUjz6F-V;%SWpZ$&!B z8oFJea=%|JHRj4(7`=Nn2ELF5Zros-&1mP*urZvy5{+bOjPSQ}Of}4t?B5alOYz!L z*Xb0tvdEaQE(zI$^>d1pr(bxl8bIaixC7<8R}AY$L~jvEYC!qP(xs|Pg99e-M*dXQ z_Q6S&>dg44xiL>0eEB2zT3u;G!c0<8z$<+d5SRwJA zOU_R=@V=UT!I3SY5RUeb;6X?wE!7-B*Vx;|Y4l}Yl+nR%ZmAP@Jb45+I5>iX9YJ?D zR+Bk7CC^hte$q?=sDltx_NyOvU^I|p!#8I6A)#C-85@ud=exSIE zZy&t6ulgbgH{vTnW3m3yT8TJ&mxCpX0(U9j5V#iCCnc6#q#72*)RJd?zf&vU0E}i* zrkGyy<;s?qoWr6`yS!wKlK!^w{(F2i@SaR`{6nu}Q|`876`A(eCJ)yylqtvH00W&_ zE~+IgvAE<4LOi$~XpDVCL3Ro{WpIK!7Co%?u1nqD5GU_pnEY60?I?GPG4^z7v1b>3 zy=ytNjz6C3LB#Kb)T%tI*20F<-v0AiHPrk!41lYpNbdNH*#P?d4U*s?jsDBB7T(>2 z=?%30caE@l)qA&glqz*(03RC~7a8137eg-7?4mYrtIVDvmS1cJq>F7~mGI+188pY= zLNsP&bSAdFztdqR(qB?m&Y-0hL-TAm-t-!p4J{6wwNMN=L08wbcKzft;d(@2x9iXs zfs0@LLMIUwn~E~Dh$ebzs`#N5yNNS~v`XEriXi;~clf&u>Gng-wH$>1e)V$*qG+M5 zzH!edh#vIMOs2)3rj={^@Kf5-c9RWlr0PK%dSoxWScD+fvJ9XB?FnW+2h^-<7~ z#tecn?<-?CPIxBZa&}hSO>(f*El-a625T@!;nT@Lc4 zs&o-*_HckCHei*RF*EdD8SHNpDe{&lN_gM~WsWxk%S5|~!<(S|Mu3K8b2sN&*Si(G z^vsh*=*(z=^@BeLIwF&tTw5?C3}5Q(iByRXZ~5$&3f{#K_mabIoroCiV-cgGdI(sf zWngT(fANbS3j|E=<1t0K^_#?)Ih`U=K&9E9^d( zWst1$(7lUtdfo7uUBT_iJ+*SVMV8z#Iu!i@3BppzQ8i%D`*=09-6VCyMn&@(-X-Nj zs}F`eZ~V7+cH4+nqjcRo&3T(_fajNPeW2bGYc5%v$ZR zd~UvqT1UHVs@Kh4)+?pfx9 zydcJhBhnm(v?141>am98=DVDIhg-{5JXRr{vAG!?CntSOyNbj?wAlbZmYC9a+|JsO zZ!@u&Q|~S1p#+4&e_D?X8bCuqJ~OUn{W^Vb-nWR$Hn-fRU$`Uph0!ONXiifm93QXm z?7Y4C;2_h!HRixKQ%8VKk&#rGk)E%|;S?#Hh{}<>aP)g!C0B#NWhW!*-A|mB;*e%B ziIG8L5+3`8mRw)cIE)k{kL1iBHWY=WPUSG7Vu>i}vPMFym+L0^)egeP3f2oF zvNzNy;O=e*#5?gl(D_4}(de(89F`wL{fep-d*@#?VcH^a$g4w#Q#T#Xz7u;>lVXQ* zxS8e&UxwH>K5x%(?s-Mx8;d(YdMIz78@PR)ZwgGai8?UagJ8AA8+2=psWvfHQ!|rY zJb?>@&>G@SDrckS^;x>|o5v8;(i-`Vb>1ZR<4Y_7W#0W{mf{{xfV|-so50PnS^>p4 z4z+7C(geMO6)sX%Mg)ZvR;;c7V_h!FGR4IXE6Qz8UhHOcrPoDgt1lHzh-nDlm(AoN zEuSbwFj<#1e`T*tnKNk{@~7e(BrQ^DznCCpB}; z6l~?1_OoBKYO+Bhu2wguqL4#)qDg;s_NyAnt7wV_2;l)i8RAv)VcTM)8rDEwL>4BS zaF?|`IQHdguk-Ak3O6aAvZZTHr$wB0>zG+7T(#(0BuV1?AhL@d!YwRzQ$D1n=5lYg z2trmgVcuxr*va(|8B3M1Uy4GcEf>B|opgcv1M(VtZ!=veTOqWcS5iDGzRPLJh40G2 zA!JHjNj)Y(s~R%S!bDkIX<2*IxkQGIq<@-E`0= z)oJS71lz>4DNflds#vS7hS|HMEZ>?t3UzroK|x*KhxZs*1j&+eigcB1IL@m4tT}nH z$?Q~cCkda<7yAM+RrH>OaPKndUiBu7wJqQhR4{*a&7l6wsW9qh=E<&sJW;WFhc>s) zFmu&Z#IlIrWD{W~Kfhi~leObeJs{QpcIC}mJnSo^9&D~4ywa^4@tGDGuZXJ?DQlr) zRQT*xBbOlR%oDY(GWn*gb~8sriucxvf)zU2fj;wexS&<; zxTeXhuRfjFf-6+EE0lzjjpbJ*{!iWJ+Tmk5t-b&GgV*2CN1g?( zQa476p(_JQI{s}@W?o%Ie2W27HJ;*qzB`NFz^-rchf-c}KR@31Um6QmAx(Kd+ zGIz&bfv(u_2RnHq;}8()J`mA;#!P5!)Sr(sojcrQ(Uw6OgBVnO*vVo-W$)8Gy}c4! zDnXf{hQq-d|Bt%>gE}5NpT|4OVq>4`75$S_$=v^w;Nf1<#CDfHX9CHRU zneDL=+c_dMn%QC@DJKP!4iQL99Q^gIOXiUV>!T9F=^Z9%Ba7F9eEm*&!RC2MGFJ}G z+j=1gSCO9-ZV%j^8)q5PXK7aihG8F?M8`=>+v!#+6rZWm;@PPfCQ@Xz?w6Q^R+M4M zR+iS~q*bh(Wg&pfZszoBx9O_Q3ugLvEuZWYBxq8xLFF~OtyaABr#9Pyt_=iS?lg}D z4<~dpiU+|4d#J3QS3vX*CJSfaCNH(TY@b`;2Q$GCfG6Il?|aXdje({`l~JEKNq`0E zbXXD-y%N%`r;a;U=k}?Yqgjo9{j7=bv*#J*D-J6ls6s^DL&&1s$VDI8ZnE6qIi;c9 ze~VqmV4n{*u)&>Vk!BGGB)ksgxTTDNul>}p*8FLMDY5{XTV1Rssak&*#_EpF;5FF< z5-tO|A`dF<jmMFc)dsA54UDbZuc*#g=fM0rT|OOG{Hm*! zrsz6|c&|b9JdN&&HFpXH^eav15rmT~XMt9dN?xD0r;U~8JK(kJkG^D~{8!2_c=F$; zGKoA~F}oh=#Ri28A&7}@ws34+ZVU;e=B!elo->mz^0TLUXJ=wLZNAODo+Mz-j;2!!wY>&+2cbTEiH_#`U_ zU0U(75*eA*(Ph-)P`|#X+rYGZpNp?~iK{aEo?+d=GKZIcUk&|TpKi#Yaji?+OZHq0 zIw9+HU<=BMtoBOk-MaDhk~Eu@@TViMW-DqJ2;?#D`KuYt0JZNKb`)xHRqb9wP0IhwRmC&;A zRepN%imq@3xsBX`P6X4)AO$$Kw2F+Pb-spU`|r05E5*+=S+Pffme+@F`^het29d!% zi_&2#$1e-x;!0WYmo8a0`sr`Yo~gzQTncf=sz7a=hBq8b$Kuz!e^EnG;oJEMdyT8QFoz831C?ATGLt)y4$UWt7n_4>qdMd~!ZOtsaR@9e2BeX$Jj48HlNzE-CRQXe^5QZBj#_=k$a}2zN+Wn?}FNwYV z@pGHa=WR){#zsv?r*B}V%TXa?GpXL4`ZFW8?{=;HhtgA zLNZoHzC%P-HN@!_ns#Lf;P3aVwwyk&!;00;E-D#a@Xd`F7fFml_!CsiH&5fdu8mr;@-UesYRceYWJ1W+3&!l zD0V*II`l#J$cZwIrv=r^t0SIGYZ$Ee6M-eV_ntC?Cmc4tQZx^9xHA8>(M}%m2SqKj zw@*ZUlQ}+m1hcXQHQwHz6UkV?J6y-4Z@sx@qx;%|X2dmF(^zm1{9r$_n`&@pl{-Xt zZlPU5wopv3^Zhtja=<2Bov&3*d|f~6!nXjp6O6 ziB{?d18?3ad5yMic%QilSoJq49Ah@pM}3JgZ-%-3+jy_oWPa9+I#z@szC%G=zR>(P znXiH+BquS4c%ELo2zyN*j+jFaUZJNl>-3@Pw0nYa^2m+X6lp4TMndmRLP`;(bU8Av z*;RqRyl~9~83!g!_o^dt{f%1@Q;eF|Q7_%=Yx3;U@KjsnIO6FgCy5u%w znbw?D<2u*et4I}_>vJ1(D2(awWGj0sAfez1?ZeK5&u+M>9S4>%F`ZH}n`6^6KG9N} zT_bwyeTMUbh{rk$5qLU+H(8L{@84nbUbt;2gC{i~5STaOn>;~e)fX}d#=`pfFgU@Y zR3#8$ymQ{5m&}r_T%ak@hYFo|2Va8c!;WcB=P^T1^i;8yj2mB`sk=zyM$D|6DH}c? zV1Ddu5yT@SRhEO2STTB^VQw{Ab?__u_nLJ4Tu*nBDe&}qht485OKY&4Xd4_t*s8zn zLB$?_!{r@?q>|J_W!WbDL*uF8gIKk81p+QNUeB1h9WNK3L znBt^{mwm?gqgZT@*()2}OgWHj;Nm_RWOcu7Rh!@rvtino&F&Ux?|4^FM4K0DdU4vq z@|ovQumbckXV%{RhfdI4{GO6%;W!(R@5arfvrKe_*ze2f`)ih#!e$ONx!_TTNe6uP zy!P2(zO^gPD~4|s4GQ<2vNe0Sut!t!W9g^Z8hcN!PD+J8w%;0E1{sw%?p_CVr5Fbl zl7#j+H^*4Nr%J$7h73Nl_*;C8oGw_T`)EUbGiS3qcNCh6Y_;iZhV#D4N-ymzegn5b z-QfHU{IGI!XI4aXxrk=_RkB)vc_V%@$56L+hdOKK2lD6FUvly}Py`$wCdCACIyTPt zue`Em9e)4by7Kaw#FIBPtGUEnyR|hLCBk@_pDG>kb(xN#V{a?U(|wnpNISy2+UXQn zJ_@hA2~e4TG_7~pu(9THmQH0A3)4Ej?z=nJ8U6TnpXf$-gQO9*^_kK|@ten;E$H#c zGIps_gcG;kqLQSyXxSyoLPj7!h1WAF3)K6ferJ6+uKmV)KmR7bF_QkOIL_aus^OlL z73YFByRx$4fwD~=FGrEz(7;AYMkeaG4z@p*m=Vt^osJBPpAICxYnw6RsaG~XB(5L1 z%#hPjs0)K+NN{4m!}Iu;F2L!`7( z(|nJ|BZU8xR=mzAZN11cs9w~zIp_qQk<=3Mdl5qB%`$FURp@@818jnLhGP{Qez2nV zVX1yaWg1ic>R{8g2|BK{-lxN8$}J6^k%`sv$HeTp*&MJ|a>h%H;sl{^D+5IGjsgD2 znuxd`#fN%uws?JDxP31<`67q#11?t+b3!Y6x2FH&m*iye`qd3^gIF}5!??J)JJpGp zW@@G{ZQpKfA1B|QW$POnkdN>C`h;J=^Z8iYrDyUp@Vmw=#jYvRmB_=1dnzDbsDj@B z7zjQ4)WrPq+|$sAGzcU{G6h-)vS79G(WOG8+24=Y5fvdyqc0JXwt+c?g`!~Z#-o!H zylIZG{#>vHJuldn6|Djm;?EI|M9M>|hb z`G^3pLt>sb)Zafeq1YWF{VjdN5`gZ!=cOoVk+%9L4IS*Pg;|6Ylx zC}j&i>cWEm@zFE{ZxAe6)RzK*4oZf!pTnShzX=~h{;g_g=w64=M0g!ULOdRCU|=AM zUo9-Cub-o#sd>Jb86TgY!R-<`%;{BCFtVhQTlu1H$ixq^nuUl@PdjBAMpb8=@-VTs ze`nTCF7tpfN#(YDuL|z6A88)|WHsG_=n@v@=GYs8FtgLyrO<)tRYsJ?B-?yz<#P*G zT=Q~Yp431v5JJsLMY*{`7I14VZWD1UN}GU48ENp%1ylINQc{tVn@*h?HZSjd#z(q* zo~K`_0>(3)sOrlhJslhS6#7QL`*z*ORae;}hmC@`I6#F8{&fj|lgg(4VAV9oxiSuB z7+mV-OasnTBl%1gX?%5PxO3N%L(Ag(IhF zJ35_W9aGsrXb6a31gP=92pos5VkKb-Y2TU_+05uP_Q$ma(MsCSWNlfJqHF&nq)E<_twS3oQWo7ES5;r5Gccq5EmX6vk z3!39uxpAT}AkK0NWLiu4;y69hN_jz4T6{tgwr48aUn)xJ7S89_5mb0JTU0^Z4heWi za}lo@Zyco~R9WSm+{!OD0rqhnbL%dV$7v0}G8T+p+-gdx7lyk5pTRvIygh>(o;jWU zDB8M8*t*Lg$z(eG(xkoK(6M&A-_G?!-FgBf1-l(0rnPx@vWTmq#}Ug8@Sch&gOHMjp|X`C zfJ-FRQ)eU1LL$2Z#>#aF)Rn6Fs9>1^>9~3=K$Zog_(JL%b_z3$6l(POq&F$; zKSxVF+QsXA@E?Pl1}~M{=NY|8^SdVzTK9R<&%cH8P0WJG@G;p+*` z^`mr8C@>q=OxUFxskG;V-q^8z_^0rdcm|cQrll`;Y4tg``OE&Xl?~KpBTptyp&c9) zwyKGxiKuZ9+a{Z$Znq+>!EhAwIT7cdj;2@m{4>}P`@z#_KlBqp=+xVxM8ob^UC~6_ zx^}f1FwIX9`ISC6Ofo7|ce9YVMN0|KPCEop3?%D!$>@7#yT`CBbAt*}dV7c%?o7Gb z?+YRR+@w{Sm4)gPhJ=gfI=fOUrKGY+RAk0*{2EEdh>x1ODr{EiwsunO8@2R}7#$U@ zzzkZ_mTqhFM&n!cb)71*P7MSZ1#qd{QZ%V0;S;hX;(M-E<4l(olp%AIl+Klku7w4X zwFk_qCUq0_jONnsldXmz@w<(|LTB*5^{Q|bdU)m%_*>{~vt=EMCfSZZ;y*i=M^{SH zzsAR8nY%a?aKl-_IDv~|9gnA6%(;#1$ZHL+{2iGc-kGiddMf&a7`PDk4tIysAnrH? zZA}~tVnF#aFU*)vwP+auOyj=iG#AyVN#Ni09d{G|J*&tgFM@AQa1p;^~J|dArHqE9W zaX&5Y5m5Df#axhIZBg^i$oG-?=}Ke?IR3F%%M`IRMFr5auFvdQ{qC}-iGS^$inxSK zbEfmiG@g>G96TF=l2E85sgTwdG{i^28NhB;drqpCi2a*w<5ma1?kKyBT;T46PzAqs z5vwon@{4^Q%V>FiK1YAhUH^o3f#;n^=~AciF?TD5rG(1B?BpnybmJ=aA9OM#E^KUU zWM38$22gxb(9}!=qY5#Xt&~(aiFv*($ZSvqAR{wTJm3X(R7b1a(ZS-ncWjB|bx>JP zxF-J#0^ziD?J0c1c29R3)jy>colWMRh9VPoe# z1~tXy4#Xped1Mz>SkVbF{H6RFHELSJ__f{b8awM?hNx;ER zD|mGy`1nq^HG})N^n>AF;QXHzV)ctlN@743%2HBe!5!r)Wfm3|x!Qbxo4_he1{*7{ zn_;3+=E#X#TU(=b@>YYZnwstx4`|SQeh=jvJP#hD!N*AV_iP{e)b?y4{;t;f{$Vng>2n_HwRJDu4VPUKcF+M;*bma>$tF9Utl}U3s-h-^H zE03eyJ*k`*C*BBPUbdCuvwu zNF`X$ODz!$s~n2q$0D*?0TND42_8sG28(9uTxl1Na2Xnef>2mSo5>XYX-r^$Ff#s+ zAm|r+cf^cmr4jBeRaKzs#2$J=+Xj(@g?Dd3n`rCEq+`iiqoz48v|sEm$^@PS@(uK; z)YcY9d&{=AW;ZU^ewzIT`wBBU<%=MEi`N&E1lTL3n^d8~*BYOTBR!8oE$l)8c&HzC za|%V;%2~td?b4u33k~Yq%Z^yGE63qyC10)98K;x&Y?Z1p zr3bpA&sO$S+-9*)y#@tHL&BaGiRCjNrQcide3TR23y1vpZs!T8D=~Ui zPeG(IgJ;acCL7dow6bzpB&zLgln}a?hCyw0KE7Xod$`#=D%f?yCa>kX>}@+m7PYN_c4SN{Kld%hj>@YV(;y(b$Gsz!ez!b z(&jok z4ktQY`^T9^kH(Y(Jl65cL|fkY*y{hpi)8NcdU%To3H9H|H%g8y&z5I%0^j(kiQ5+H z`U)^qd8xd&v0Y*By!;j_@?VU)=NNr{%yqbMlT8@1pkRoW<0_ zMLUFTzcrzDoPJzJelKiyM211>Y1M=^KVj&uNga+#)ovWhdNH*CSoOGjQ9yl;f93?O z=O?aF@?6iZ1gsK2dplKGz1z2Z7(g1SUUe(JDLSqrs}^h3wTU-LNr?YcbpN|!vAHb% z+*_9QsnNpAw9x<@3b;PHsTUn4a&Lo2a6PNO>)YE~(biybxBx*5OG`y?-Xpvp5fTzZ z5^-IEbJ`>hcIL(gHKFj`f9XjO&U}j~(6B2J#&jtVY5nvE1G-3hLSrRpSXq@Z>2>ff zlAnBE7RXs@#bExPT&u}7!UE$9IB^wYoj0hVK>Z+GNATwq1OuDd9v7mqv2m>$O!Lq) z9XP!OdzlYpfBnbV&ua4jfKSwc(0}He{~4tHuXU;qr|I-)>KYpU4J1?J1th?a_b(JB zqHF(e!7+AVYATL;g~}hKI~WCr0)>TS%e#M}@P~fr;pypVgfm(UI()#~{QT#O6==;0 z6(?usNQ?4*1Nkqg!DhUFpG?n63Y-An`M*XR<)m;nR`tVJjFGO6_BoQfKS>~RN#}E%KmjAJdR=TPzTh8`!eMdf zr#&;S4|)3`iLwIReaJn3ii`pSTs5V)N}EEGt%`M6zC*tTYNwL2^`-zX(lWyW*+NiY zJ~GHwJ4b0nYCPR|)~`qsG{yKE5ueL5TYZ8x1;=QU3nDxXdqZBAW9ALRB)x35GWW** zZKgt6lgjBj%+g;L6~5Sf!`a%tD#l~m`P3Y~*rUs4`+3|A9C!kDx@=60tI3But_^Aji1Zh^XQ zrJ9+f^+3P^59M}d)!`hO zwS$d^sJznh%i&a@BIsO&g8fkP)N8+~!yIAVO?o~Hv#iBF1Fzf&{8EBB=-Rt^nfd5c z=6!)9Jd4>I&siO)y^R}rVWR-YlZ$sLB%HcVmffowtXjj0^Rvzg3-~I7RhM%*x>c3N zq$8ekvBUW(0-evg_0-8Rxot0e#<1f@Q6m3`e}#R6`zgqID?M9a~%=1}WLVc&#cXtEDO zccz`OiTjrFg5~*~Bd%7N$X=kv#$DNnmggZVjB$2qm6^6Im@0{T2asX;pdblF@=+W}4>8$};GpL-K+UnZvO~=ukC39=vn%!MXyuF~97kvvp@R zbqO<&hI)Dvf0t^bL-2M#e{OK?al8SFR9xYAe4EpSJ-!6?f*7onIRg6#kbYT2>RS!6 zwP%rB)cP&I2|=l$8A$N7)*RP2yEQ52vhK zLc*8+$%f$$=SI4Y)42@Hk#d#Ws8QwC(Y#7(84UVk?yrk8bc&)iZI*!ivT?2^O3kG- ztIIdLdZ`Ek(28mqk$E~H0R&>)lGQwGp5z(;K8Q3BDr1dlvXvG!#U$~ebq(IrOL`{5 z=OQ%CI1!Xm27lMatrFq*=4E98PL;Z(uPM5DnJ71dC;{rn@}OA75sztNpQs&IF3G(X zg9OhVRk_%U2LX&ucez&riCSuEOJAAS4!|k)l2_82_@&Q*%A+Ew7m}7V8)>q%!lcu` zq30ojUM}GOA$kgn`_-;L`peMS9R{$^IBg}M<9mAm*>;LX=h5RSDYeh6Ta8gVw@#>m z@f|n0=$RwWCjAm4qE)5K>}LMNIfo}TW2Oee^*bLk~JUsHWh4X(364lq&Q!+9#=3Wi-^@+!dJ}N~xYvu3k z?1Wpa!V-F-ZUSJYH>X2Mi{kg6dfCBA<(7|OiHa80bicN_p)Mx4IS4(lJHjwYVrpt> z7$$wB>sT`LbLoaW>D%_M{W>X049QcKteH{NUwHg6O+L_CMIlEg2NrH>a5mU zSS|Jm6lDF`IBJz`Cua#?In?r0|1=Dd8)Q=XCsSoB?dtt!mf8{}?PAf`Dd}TL5#!(t zX3PIn{H1dJ&lJ^A+BLNHz($WBvo}D@sd7wv3_2bPUGM z_kVu)M{Bm&Kii@P!1U_AqDho1{dv|OPcYPgKUE+gdOrMH;V)ke=6t~|6F=5!RFsyK zgg8I^t)`a@elO&*LXm%`3mT?32%0*R`mAL`{{M8guuhEz{vA|a8EjlHY8CaLYr6V` zm>2Z_ZyBv&@nDfbkm4)8_9Y+osR6_<=fKFM&j&yejOE%f&;7G2kGl1bMbDw82|U)% zW#9;*OZpvY+@cebje=2-asiMV&rlWTN67B~ z6{uxLKx8hn+o~^>@F|}ozfc@r3_pocwgyJOOSb>tC$#xx(ti6q?)t;Mp;@eo7Y<1l zLefCL*g1uQf(z=p2N${meilXMZNmAP3M8hU?QmJD9e{`0#l=N!LHX1kF}@e~-!!<6 zWuc%TQi<0JXx{Che5rj(=nB9n!yNj|ugGj&qH$qS@yyG9%!nfijtI>6%3TXgln<2N zn#%axbTmqXXgBR1V0Tdfk8Mhlgd>SXy;Y?NY_u=hK$79NO%qz_kcBbz3wMt3g3>oe z7P;SsRTkUY8ZX;uyxI_CA^$Vs!Ckhxa_2IQ&z}B6Yh~Gkb&$-StsF?Vr_~>cYw0Yu zv03s|Oy&3yx4-mJFjl^-&9pRMntW~@R2la`=B7&{XYErwZCLywkkn>McVw#zqHe8F ztHkG%m?^=xNq}9mFzc+WRP3(>HP=79yrL2p1G6OE#Ga2VZbz21a%1nfNw7=3C^ZYL zQ!d$b7o4)h4)@{f42~(^`#j@jG&!oBy=%QZS_Th#pGtc3kmy;5E*f+fTAwdXoQv-t z>>oPdjQlJ(0C6>pmq9YR4y~!wGrgx4T5JCZ$QGK^mXD-Yb>0x|uRK zl#x_93@LhRUEQe)v*fl)h!E{gt)q0oKIG=7Axmkw zUKL*_;~XUOj_U>OE`12@WGMq28hGYoF#*gj`*Bn4Xe5&xI=9qbN-ABBp=M=1>RQiA zD>yW-(t}192;%2ReWvL4QB4`as)KFQm2?sl6@xnu+BH;}fEaGGq^o9dVC%6rwSNo; zz{j^p(!R}yeDc;yda-CF+0RvXks-+IzG7NE8<^8{j)cfCR;yuPti?#8ZcBj0Wb{le zqcZx7U%2Jfe27E6WK|Z{D&0i&av{d!Lszuxh9Mw1FQJNXYQ!wbH-_1?cq$IhRS$sp{LRf+0_B3=9MU+Ni)_q6+x;?dHl7PfKMdA}RjI-kkX ztWc1h1v{Tjl141Al-3Q0?mQZqRBaMp%J_%OFGrs`bW>K+nbvOLpcoSVH#`JX%zu^7 z*ZG}Km8n(Q_8nUF%F1D*fRWb)dtr%`*i-5^0C==f0b0t=hvfa{>9lE5hL1$$Rwi&u z&b*s!bFgT62o9+HV~4F2+ay}N8?VME5})ikOB>wgJe9qW^c&rb-A(G#$s|%K;|^Pv zS0Xxa_^M*5dkaF}81oOwme8eAm-0Hu>i3aHp6Vqlv%-(Cp&3F*`CHWX9Gptq^~8@< ze$5JTE&qR;w5Df%M85T6F#4!ppN)W`$k5{Z-4La?2sP^*=*OkMb8&ro4@YztR?5S{(kCvtKtmLTm}Y4;9^I|kdQ6j|KGocPcD>iiuwjzq7c6; z^usmvpieQ8nRmE=Ej&HU7G7bA@R1{5{(j%KTt#h9E#~w>3Ja*lw0L^|qU!s}7qycE z4p!wBgq*xs;qz{y$wui%rQr6?jEaarqt2zvmi3*Up?P@9%DZQkc|5_bm+zu_3KH0w zcHp6v2X#lfCM9ZUYfFbdNZc3^0<{!6>lVNb>}@9QfOhG*=aU_B%* g3Lt3(0jA==^^YvMFK<{Y;t#Ui)78&qol`;+0Crfo>i_@% literal 0 HcmV?d00001 diff --git a/docs/addons/kubedump/namespace/index.md b/docs/addons/kubedump/namespace/index.md new file mode 100644 index 0000000..1bb4e45 --- /dev/null +++ b/docs/addons/kubedump/namespace/index.md @@ -0,0 +1,399 @@ +--- +title: Backup resource YAMLs of a Namespace | Stash +description: Take backup of resources YAMLs of a Namespace using Stash +menu: + docs_{{ .version }}: + identifier: stash-kubedump-namespace + name: Namespace Backup + parent: stash-kubedump + weight: 30 +product_name: kubestash +menu_name: docs_{{ .version }} +section_menu_id: stash-addons +--- + +# Backup resource YAMLs of a Namespace using Stash + +Stash `{{< param "info.version" >}}` supports taking backup of the resource YAMLs using `kubedump` plugin. This guide will show you how you can take a backup of the resource YAMLs of a particular namespace using Stash. + +## Before You Begin + +- At first, you need to have a Kubernetes cluster, and the `kubectl` command-line tool must be configured to communicate with your cluster. +- Install Stash in your cluster following the steps [here](/docs/setup/install/stash/index.md). +- Install Stash `kubectl` plugin in your local machine following the steps [here](/docs/setup/install/kubectl-plugin/index.md). +- If you are not familiar with how Stash backup the resource YAMLs, please check the following guide [here](/docs/addons/kubedump/overview/index.md). + +You have to be familiar with the following custom resources: + +- [AppBinding](/docs/concepts/crds/appbinding/index.md) +- [Function](/docs/concepts/crds/function/index.md) +- [Task](/docs/concepts/crds/task/index.md) +- [BackupConfiguration](/docs/concepts/crds/backupconfiguration/index.md) +- [BackupSession](/docs/concepts/crds/backupsession/index.md) + +To keep things isolated, we are going to use a separate namespace called `demo` throughout this tutorial. Create the `demo` namespace if you haven't created it already. + +```bash +$ kubectl create ns demo +namespace/demo created +``` + +> Note: YAML files used in this tutorial are stored [here](https://github.com/kubestash/docs/tree/{{< param "info.version" >}}/docs/addons/kubedump/namespace/examples). + +### Prepare for Backup + +In this section, we are going to configure a backup for all the resource YAMLs of `kube-system` namespace. + +#### Ensure `kubedump` Addon + +When you install the Stash, it will automatically install all the official addons. Make sure that `kubedump` addon was installed properly using the following command. + +```bash +❯ kubectl get tasks.stash.appscode.com | grep kubedump +kubedump-backup-0.1.0 23s +``` + +#### Prepare Backend + +We are going to store our backed-up data into a GCS bucket. So, we need to create a Secret with GCS credentials and a `Repository` object with the bucket information. If you want to use a different backend, please read the respective backend configuration doc from [here](/docs/guides/backends/overview/index.md). + +**Create Storage Secret:** + +At first, let's create a secret called `gcs-secret` with access credentials to our desired GCS bucket, + +```bash +$ echo -n 'changeit' > RESTIC_PASSWORD +$ echo -n '' > GOOGLE_PROJECT_ID +$ cat downloaded-sa-json.key > GOOGLE_SERVICE_ACCOUNT_JSON_KEY +$ kubectl create secret generic -n demo gcs-secret \ + --from-file=./RESTIC_PASSWORD \ + --from-file=./GOOGLE_PROJECT_ID \ + --from-file=./GOOGLE_SERVICE_ACCOUNT_JSON_KEY +secret/gcs-secret created +``` + +**Create Repository:** + +Now, crete a `Repository` object with the information of your desired bucket. Below is the YAML of `Repository` object we are going to create, + +```yaml +apiVersion: stash.appscode.com/v1alpha1 +kind: Repository +metadata: + name: namespace-resource-storage + namespace: demo +spec: + backend: + gcs: + bucket: stash-testing + prefix: /manifests/namespace/kube-system + storageSecretName: gcs-secret +``` + +Let's create the `Repository` we have shown above, + +```bash +$ kubectl apply -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/kubedump/namespace/examples/repository.yaml +repository.stash.appscode.com/namespace-resource-storage created +``` + +#### Create RBAC + +The `kubedump` plugin requires read permission for all the resources of the desired namespace. By default, Stash does not grant such permissions. We have to provide the necessary permissions manually. + +Here, is the YAML of the `ServiceAccount`, `ClusterRole`, and `ClusterRoleBinding` that we are going to use for granting the necessary permissions. + +```yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: cluster-resource-reader + namespace: demo +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: cluster-resource-reader +rules: +- apiGroups: ["*"] + resources: ["*"] + verbs: ["get","list"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: cluster-resource-reader +subjects: +- kind: ServiceAccount + name: cluster-resource-reader + namespace: demo +roleRef: + kind: ClusterRole + name: cluster-resource-reader + apiGroup: rbac.authorization.k8s.io +``` + +Here, we have give permission to read all the cluster resources. You can restrict this permission to a particular namespace only. + +Let's create the RBAC resources we have shown above, + +```bash +❯ kubectl apply -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/kubedump/namespace/examples/rbac.yaml +serviceaccount/cluster-resource-reader created +clusterrole.rbac.authorization.k8s.io/cluster-resource-reader created +clusterrolebinding.rbac.authorization.k8s.io/cluster-resource-reader created +``` + +Now, we are ready for backup. In the next section, we are going to schedule a backup for our cluster resources. + +### Backup + +To schedule a backup, we have to create a `BackupConfiguration` object. Then Stash will create a CronJob to periodically backup the database. + +#### Create BackupConfiguration + +Below is the YAML for `BackupConfiguration` object we care going to use to backup the YAMLs of the cluster resources, + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: kube-system-backup + namespace: demo +spec: + schedule: "*/5 * * * *" + task: + name: kubedump-backup-0.1.0 + repository: + name: namespace-resource-storage + target: + ref: + apiVersion: v1 + kind: Namespace + name: kube-system + runtimeSettings: + pod: + serviceAccountName: cluster-resource-reader + retentionPolicy: + name: keep-last-5 + keepLast: 5 + prune: true +``` + +Here, + +- `.spec.schedule` specifies that we want to backup the cluster resources at 5 minutes intervals. +- `.spec.task.name` specifies the name of the Task object that specifies the necessary Functions and their execution order to backup the resource YAMLs. +- `.spec.repository.name` specifies the Repository CR name we have created earlier with backend information. +- `.spec.target` specifies the targeted Namespace that we are going to backup. +- `.spec.runtimeSettings.pod.serviceAccountName` specifies the ServiceAccount name that we have created earlier with cluster-wide resource reading permission. +- `.spec.retentionPolicy` specifies a policy indicating how we want to cleanup the old backups. + +Let's create the `BackupConfiguration` object we have shown above, + +```bash +$ kubectl apply -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/kubedump/namespace/examples/backupconfiguration.yaml +backupconfiguration.stash.appscode.com/kube-system-backup created +``` + +#### Verify Backup Setup Successful + +If everything goes well, the phase of the `BackupConfiguration` should be `Ready`. The `Ready` phase indicates that the backup setup is successful. Let's verify the `Phase` of the BackupConfiguration, + +```bash +❯ kubectl get backupconfiguration -n demo +NAME TASK SCHEDULE PAUSED PHASE AGE +kube-system-backup kubedump-backup-0.1.0 */5 * * * * Ready 8s +``` + +#### Verify CronJob + +Stash will create a CronJob with the schedule specified in `spec.schedule` field of `BackupConfiguration` object. + +Verify that the CronJob has been created using the following command, + +```bash +❯ kubectl get cronjob -n demo +NAME SCHEDULE SUSPEND ACTIVE LAST SCHEDULE AGE +stash-trigger-kube-system-backup */5 * * * * False 0 25s +``` + +#### Wait for BackupSession + +The `stash-trigger-kube-system-backup` CronJob will trigger a backup on each scheduled slot by creating a `BackupSession` object. + +Now, wait for a schedule to appear. Run the following command to watch for a `BackupSession` object, + +```bash +❯ kubectl get backupsession -n demo -w +NAME INVOKER-TYPE INVOKER-NAME PHASE DURATION AGE +kube-system-backup-1652247300 BackupConfiguration kube-system-backup 0s +kube-system-backup-1652247300 BackupConfiguration kube-system-backup Pending 0s +kube-system-backup-1652247300 BackupConfiguration kube-system-backup Running 0s +kube-system-backup-1652247300 BackupConfiguration kube-system-backup Running 17s +kube-system-backup-1652247300 BackupConfiguration kube-system-backup Succeeded 1m11s 71s +``` + +Here, the phase `Succeeded` means that the backup process has been completed successfully. + +#### Verify Backup + +Now, we are going to verify whether the backed-up data is present in the backend or not. Once a backup is completed, Stash will update the respective `Repository` object to reflect the backup completion. Check that the repository `namespace-resource-storage` has been updated by the following command, + +```bash +❯ kubectl get repository -n demo +NAME INTEGRITY SIZE SNAPSHOT-COUNT LAST-SUCCESSFUL-BACKUP AGE +namespace-resource-storage true 407.949 KiB 1 95s 13m +``` + +Now, if we navigate to the GCS bucket, we will see the backed up data has been stored in `/manifest/namespace/kube-system` directory as specified by `.spec.backend.gcs.prefix` field of the `Repository` object. + +

    + Backup data in GCS Bucket +
    Fig: Backup data in GCS Bucket
    +
    + +> Note: Stash keeps all the backed-up data encrypted. So, data in the backend will not make any sense until they are decrypted. + +## Restore + +Stash does not provide any automatic mechanism to restore the cluster resources from the backed-up YAMLs. Your application might be managed by Helm or by an operator. In such cases, just applying the YAMLs is not enough to restore the application. Furthermore, there might be an order issue. Some resources must be applied before others. It is difficult to generalize and codify various application-specific logic. + +Therefore, it is the user's responsibility to download the backed-up YAMLs and take the necessary steps based on his application to restore it properly. + +### Download the YAMLs + +Stash provides a [kubectl plugin](https://stash.run/docs/v2022.05.12/guides/cli/cli/#download-snapshots) for making it easy to download a snapshot locally. + +Now, let's download the latest Snapshot from our backed-up data into the `$HOME/Downloads/stash/namespace/kube-system` folder of our local machine. + +```bash +❯ kubectl stash download -n demo namespace-resource-storage --destination=$HOME/Downloads/stash/namespace/kube-system --snapshots="latest" +``` + +Now, lets use [tree](https://linux.die.net/man/1/tree) command to inspect downloaded YAMLs files. + +```bash +❯ tree $HOME/Downloads/stash/namespace/kube-system +/home/emruz/Downloads/stash/namespace/kube-system +└── latest + └── tmp + └── resources + ├── ConfigMap + │   ├── coredns.yaml + │   ├── extension-apiserver-authentication.yaml + │   ├── kubeadm-config.yaml + │   ├── kubelet-config-1.21.yaml + │   ├── kube-proxy.yaml + │   └── kube-root-ca.crt.yaml + ├── ControllerRevision + │   ├── kindnet-5b547684d9.yaml + │   └── kube-proxy-6bc6858f58.yaml + ├── DaemonSet + │   ├── kindnet.yaml + │   └── kube-proxy.yaml + ├── Deployment + │   ├── coredns.yaml + │   └── stash-stash-enterprise.yaml + ├── Endpoints + │   ├── kube-dns.yaml + │   └── stash-stash-enterprise.yaml + ├── EndpointSlice + │   ├── kube-dns-m2s5c.yaml + │   └── stash-stash-enterprise-k28h6.yaml + ├── Lease + │   ├── kube-controller-manager.yaml + │   └── kube-scheduler.yaml + ├── Pod + │   ├── coredns-558bd4d5db-hdsw9.yaml + │   ├── coredns-558bd4d5db-wk9tx.yaml + │   ├── etcd-kind-control-plane.yaml + │   ├── kindnet-69whw.yaml + │   ├── kube-apiserver-kind-control-plane.yaml + │   ├── kube-controller-manager-kind-control-plane.yaml + │   ├── kube-proxy-p7j9f.yaml + │   ├── kube-scheduler-kind-control-plane.yaml + │   └── stash-stash-enterprise-567dd95f5b-6xtxg.yaml + ├── ReplicaSet + │   ├── coredns-558bd4d5db.yaml + │   └── stash-stash-enterprise-567dd95f5b.yaml + ├── Role + │   ├── extension-apiserver-authentication-reader.yaml + │   ├── kubeadm:kubelet-config-1.21.yaml + │   ├── kubeadm:nodes-kubeadm-config.yaml + │   ├── kube-proxy.yaml + ├── RoleBinding + │   ├── kubeadm:kubelet-config-1.21.yaml + │   ├── kubeadm:nodes-kubeadm-config.yaml + │   ├── kube-proxy.yaml + ├── Secret + │   ├── attachdetach-controller-token-w68zv.yaml + │   ├── bootstrap-signer-token-j6q2c.yaml + │   ├── certificate-controller-token-d5dvw.yaml + │   ├── clusterrole-aggregation-controller-token-77x8n.yaml + ├── Service + │   ├── kube-dns.yaml + │   └── stash-stash-enterprise.yaml + └── ServiceAccount + ├── attachdetach-controller.yaml + ├── bootstrap-signer.yaml + ├── certificate-controller.yaml + ├── clusterrole-aggregation-controller.yaml + ├── coredns.yaml + ├── cronjob-controller.yaml + ├── daemon-set-controller.yaml + ├── default.yaml + ├── deployment-controller.yaml + +17 directories, 131 files +``` + +Here, the resources has been grouped under the respective Kind folder. + +Let's inspect the YAML of `coredns.yaml` file under ConfigMap folder, + +```yaml +❯ cat $HOME/Downloads/stash/namespace/kube-system/latest/tmp/resources/ConfigMap/coredns.yaml +apiVersion: v1 +data: + Corefile: | + .:53 { + errors + health { + lameduck 5s + } + ready + kubernetes cluster.local in-addr.arpa ip6.arpa { + pods insecure + fallthrough in-addr.arpa ip6.arpa + ttl 30 + } + prometheus :9153 + forward . /etc/resolv.conf { + max_concurrent 1000 + } + cache 30 + loop + reload + loadbalance + } +kind: ConfigMap +metadata: + name: coredns + namespace: kube-system + +``` + +Now, you can use these YAML files to re-create your desired application. + +## Cleanup + +To cleanup the Kubernetes resources created by this tutorial, run: + +```bash +kubectl delete -n demo backupconfiguration kube-system-backup +kubectl delete -n demo repository namespace-resource-storage +kubectl delete -n demo serviceaccount cluster-resource-reader +kubectl delete -n demo clusterrole cluster-resource-reader +kubectl delete -n demo clusterrolebinding cluster-resource-reader +``` diff --git a/docs/addons/kubedump/overview/images/kubedump-backup.svg b/docs/addons/kubedump/overview/images/kubedump-backup.svg new file mode 100644 index 0000000..2eac1ce --- /dev/null +++ b/docs/addons/kubedump/overview/images/kubedump-backup.svg @@ -0,0 +1,914 @@ + + + + + + image/svg+xml + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/addons/kubedump/overview/index.md b/docs/addons/kubedump/overview/index.md new file mode 100644 index 0000000..7030d3a --- /dev/null +++ b/docs/addons/kubedump/overview/index.md @@ -0,0 +1,56 @@ +--- +title: KubeDump Backup Overview | Stash +description: How KubeDump Backup Works in Stash +menu: + docs_{{ .version }}: + identifier: stash-kubedump-overview + name: How does it work? + parent: stash-kubedump + weight: 10 +product_name: kubestash +menu_name: docs_{{ .version }} +section_menu_id: stash-addons +--- + +# How Stash Backups Kubernetes Resources + +Stash `{{< param "info.version" >}}` supports taking backup of Kubernetes resource YAMLs. You can backup the YAML definition of the resources of entire cluster, a particular namespaces, or only an application etc. In this guide, we are going to show you how Kubernetes resource backup works in Stash. + +## How Backup Works + +The following diagram shows how Stash takes backup of the Kubernetes resources. Open the image in a new tab to see the enlarged version. + +
    +  KubeDump Backup Overview +
    Fig: KubeDump Backup Overview
    +
    + +The backup process consists of the following steps: + +1. At first, a user creates a secret with access credentials of the backend where the backed up data will be stored. + +2. Then, she creates a `Repository` crd that specifies the backend information along with the secret that holds the credentials to access the backend. + +3. Then, she creates a `BackupConfiguration` crd which specifies the `Task` to use to backup the the resources. + +4. Stash operator watches for `BackupConfiguration` crd. + +5. Once Stash operator finds a `BackupConfiguration` crd, it creates a CronJob with the schedule specified in `BackupConfiguration` object to trigger backup periodically. + +6. On the next scheduled slot, the CronJob triggers a backup by creating a `BackupSession` crd. + +7. Stash operator also watches for `BackupSession` crd. + +8. When it finds a `BackupSession` object, it resolves the respective `Task` and `Function` and prepares a Job definition to backup. + +9. Then, it creates the Job to backup the desired resource YAMLs. + +10. Then, the Job dumps the Kubernetes Resource YAML, and store them temporarily in a directory.Then, it upload the content of the directory to the cloud backend. + +11. Finally, when the backup is complete, the Job sends Prometheus metrics to the Pushgateway running inside Stash operator pod. It also updates the `BackupSession` and `Repository` status to reflect the backup procedure. + +## Next Steps + +- Backup the YAMLs of your entire Kubernetes cluster using Stash following the guide from [here](/docs/addons/kubedump/cluster/index.md). +- Backup the YAMLs of an entire Namespace using Stash following the guide from [here](/docs/addons/kubedump/namespace/index.md). +- Backup the YAMLs of a particular application using Stash following the guide from [here](/docs/addons/kubedump/application/index.md). diff --git a/docs/addons/mariadb/README.md b/docs/addons/mariadb/README.md new file mode 100644 index 0000000..a5dc0c2 --- /dev/null +++ b/docs/addons/mariadb/README.md @@ -0,0 +1,43 @@ +--- +title: MariaDB Addon Overview | Stash +description: MariaDB Addon Overview | Stash +menu: + docs_{{ .version }}: + identifier: stash-mariadb-readme + name: Readme + parent: stash-mariadb + weight: -1 +product_name: kubestash +menu_name: docs_{{ .version }} +section_menu_id: stash-addons +url: /docs/{{ .version }}/addons/mariadb/ +aliases: + - /docs/{{ .version }}/addons/mariadb/README/ +--- + +# Stash MariaDB Addon + +Stash 0.9.0+ supports extending its functionality through addons. Stash MariaDB addon enables Stash to backup and restore MariaDB databases. + +This guide will give you an overview of which MariaDB versions are supported and how the docs are organized. + +## Supported MariaDB Versions + +Stash has the following addon versions for MariaDB: + +{{< versionlist "mariadb">}} + +Here, the addon follows `M.M.P` versioning scheme where `M.M.P` (Major.Minor.Patch) represents the respective database version. + +## Addon Version Compatibility + +Any addon with matching major version with the database version should be able to take backup of that database. For example, MariaDB addon with version `10.x.x` should be able take backup of any MariaDB of `10.x.x` series. However, this might not be true for some versions. In that case, we will have separate addon for that version. + +## Documentation Overview + +Stash MariaDB documentations are organized as below: + +- [How does it work?](/docs/addons/mariadb/overview/index.md) gives an overview of how backup and restore process for MariaDB database works in Stash. +- [Helm managed MariaDB](/docs/addons/mariadb/helm/index.md) shows how to backup and restore a Helm managed MariaDB database. +- [Auto-Backup](/docs/addons/mariadb/auto-backup/index.md) shows how to configure a generic backup template for all the MariaDB databases of a cluster. +- [Customizing Backup & Restore Process](/docs/addons/mariadb/customization/index.md) shows how to customize the backup & restore process. diff --git a/docs/addons/mariadb/_index.md b/docs/addons/mariadb/_index.md new file mode 100644 index 0000000..a1b72b4 --- /dev/null +++ b/docs/addons/mariadb/_index.md @@ -0,0 +1,10 @@ +--- +title: Stash MariaDB Addon +menu: + docs_{{ .version }}: + identifier: stash-mariadb + name: MariaDB + parent: stash-addons + weight: 30 +menu_name: docs_{{ .version }} +--- diff --git a/docs/addons/mariadb/auto-backup/examples/backupblueprint.yaml b/docs/addons/mariadb/auto-backup/examples/backupblueprint.yaml new file mode 100644 index 0000000..967d2e0 --- /dev/null +++ b/docs/addons/mariadb/auto-backup/examples/backupblueprint.yaml @@ -0,0 +1,19 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: BackupBlueprint +metadata: + name: mariadb-backup-template +spec: + # ============== Blueprint for Repository ========================== + backend: + gcs: + bucket: stash-testing + prefix: mariadb-backup/${TARGET_NAMESPACE}/${TARGET_APP_RESOURCE}/${TARGET_NAME} + storageSecretName: gcs-secret + # ============== Blueprint for BackupConfiguration ================= + task: + name: mariadb-backup-10.5.8 + schedule: "*/5 * * * *" + retentionPolicy: + name: 'keep-last-5' + keepLast: 5 + prune: true \ No newline at end of file diff --git a/docs/addons/mariadb/auto-backup/examples/sample-mariadb-2.yaml b/docs/addons/mariadb/auto-backup/examples/sample-mariadb-2.yaml new file mode 100644 index 0000000..ece057e --- /dev/null +++ b/docs/addons/mariadb/auto-backup/examples/sample-mariadb-2.yaml @@ -0,0 +1,20 @@ +apiVersion: kubedb.com/v1alpha2 +kind: MariaDB +metadata: + name: sample-mariadb-2 + namespace: demo-2 + annotations: + stash.appscode.com/backup-blueprint: mariadb-backup-template + stash.appscode.com/schedule: "*/3 * * * *" +spec: + version: "10.5.8" + replicas: 1 + storageType: Durable + storage: + storageClassName: "standard" + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + terminationPolicy: WipeOut \ No newline at end of file diff --git a/docs/addons/mariadb/auto-backup/examples/sample-mariadb-3.yaml b/docs/addons/mariadb/auto-backup/examples/sample-mariadb-3.yaml new file mode 100644 index 0000000..6c25e93 --- /dev/null +++ b/docs/addons/mariadb/auto-backup/examples/sample-mariadb-3.yaml @@ -0,0 +1,20 @@ +apiVersion: kubedb.com/v1alpha2 +kind: MariaDB +metadata: + name: sample-mariadb-3 + namespace: demo-3 + annotations: + stash.appscode.com/backup-blueprint: mariadb-backup-template + params.stash.appscode.com/args: --databases mysql +spec: + version: "10.5.8" + replicas: 1 + storageType: Durable + storage: + storageClassName: "standard" + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + terminationPolicy: WipeOut \ No newline at end of file diff --git a/docs/addons/mariadb/auto-backup/examples/sample-mariadb.yaml b/docs/addons/mariadb/auto-backup/examples/sample-mariadb.yaml new file mode 100644 index 0000000..491738d --- /dev/null +++ b/docs/addons/mariadb/auto-backup/examples/sample-mariadb.yaml @@ -0,0 +1,19 @@ +apiVersion: kubedb.com/v1alpha2 +kind: MariaDB +metadata: + name: sample-mariadb + namespace: demo + annotations: + stash.appscode.com/backup-blueprint: mariadb-backup-template +spec: + version: "10.5.8" + replicas: 1 + storageType: Durable + storage: + storageClassName: "standard" + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + terminationPolicy: WipeOut \ No newline at end of file diff --git a/docs/addons/mariadb/auto-backup/images/sample-mariadb-2.png b/docs/addons/mariadb/auto-backup/images/sample-mariadb-2.png new file mode 100644 index 0000000000000000000000000000000000000000..8806af218d81fd7c71a5fa82fa5a66a975045db8 GIT binary patch literal 45600 zcmdSBbx<79_b-S92ni0sB@i5fy9PqAV8PubxP}1+C%8j!OVAJ;f($aaTX1&^?k=-E z`M&qIcDL%)?~i@E^}1?`p6T1S&zyVYbI$z?;VMcpm@i0QARr)M%E?NpA|N1b12637 zsK6)U<76bjpJ%R;a_Y~4!~3~;81SCN?SrK>T~OFqqH7FjUZOh6rp?mYLmjKsRt@DBoO(qu<=Z5jC5P`*CX zJS5C8o;@Nmcdh4vJPq@hjC_BU$)+FeH!%4cUSif`R{r^3&QOZIuo{tnB#C^Jw6aVpW+5M+uPgU zH(~sn(eHB7j17J^jzo|e37_>h0?PKkOK;x=K;R$9zEm;(zYX#CAx#zk?S&t{U^JJa zQ&%TR0LqYHv^_pfP>Hzz%#D=Ka$iq=8zz^5OJDC7NexU_J$hKv_V8mWqv7;Q>n3(8 z`s%2`JBUSR3`ZHb*1%8K#wpo^7d_WU|P6wB5-cBmM?P-T#;Xwm)yfCS7ultm) zTrs3&mj3)RT4WPl5gu^_&+x6mt}75HTm;=VLy7^H)n{98PHs-Y-|JO>IKKPHxm_^) zJi(fD%`_2{x9I<;XQIFNc$TXXP_8= zp~>nMYFPe@ORiU8Uh|)Yw+N^I44P>{Q|kEGtJeEGXOqZJ<&wyE654>y zYKu1$rI40&V;gpRh@#?|u!nxiE-r-N%5v}d|FFq6pN;J;oyilI649cprThR_8V~p_ zhxlrc3qpwkmtl;x59>l`L*H4 zXB>seJAQU+iX&9I%(>eI0%$B+JF2(iB zsF&5_-TX@96ia5Xs}Q+0}ZNPEc&O1ixl&Yv?T5 z$;4BTNHCsMpzx=1@3iHS=VO2T6;4*KJ&6Udtgg?#;P)qoW9Zs=G&dL+>kvj=l6q13V7I39+_2 zf%?DHnOhn}#H2}gt9Q<787=T=$2}vqUXbx!^3`RD_KYK~D#z()(`4S!9uK>7El|D2 zd4Z3PcDiS;4=B!)Xl^6Gb4B|M+0h#k&W>aEA}Z(y4&`7cUH`MW&oO;U&jN)fdZGR9 z+*UE69eJEIy9l>Gi#$=Z_#<7>A3AAmj^y2JqMW@t3`Xkt#6;tMt;f>KGWd8XATwKc zgdFY+fuDdrjPdOT+c=glbUV{0`J-o@|AMpmo-|GR;lB z&{$|YJjIW>LzfAVPp*XFsh(ntncDTKq5rd{F~f|ctw8RD+oIcv0A2s5KYNN`mXemA z3O}?_Q_ymX>bfo(oG&#QF*C15nN=CDv1Ui!b8L3k(!X!y;P_gR5dBPmJ2RKZxOm|Z zwNpkU!yGFXHJjy=OI$kkma zaiq>X%$<3l39XB^mpJqzeQCSVg{C<{{4D`-c^@;L8G8{^+&4DTaKTdRspS(~WX<1N zy{S~%qC14a3ZxTiu+LhI=G=>y0z-{L(m$6E_t8U6o62eN(M_a+JW9E4^^;|C5QXm4 z&ZX6)Y9t&mQGWKkd8U|Q%JyOVQxIfu{aFZ0AcMS6QZEehEMCgrbUYSUHZD7d!3|98 z$1Bfs(D{?FzmS_C`Z-htzhS~PvQd0>7gb(B=p_l4YV ziU|$2$PIT*Js@@?@gFK^pru!xRLr<%WZJ>xbCM_-hNXM6oz{LlN}z3dy!O{q+Qd25 zY9mE*;#f6AXfnH(M8H=RY&(c7Hq!OE>za29=Yc`yvqp4WGf_Tj36r6fwK{A`S}AFT zZn!`)uSVuZ7K2$b3(n^=3O~A$_c~8kxF?SsyEh8y#|%y#xs7D+uMrxTbnfjRr9Tn zg1Gksv`-VBNH_f}M+-la3w-?`@gJN~<1_sqEJE{U!M3Ivet%fsEE5M@VYt?aFNWaB zOiI@u=|7N$@Ozs+{DXWH#{V@#+8T%qJxu&kB;ZfktT4>j5Eyx4`}$8TBVkMnxLE&x z$o2o30{$lt^6L)pOv_*SURH*wT-wn3vPNb$SirYFTsSWO^YQWcKOKz_*SEg>Qz|Kz zRA3$?OiZ`VeGLle>0-8!-6=7?dEOi7apmH>rJtZrauO02+8n)=WEwCYqIjX}DL*Cf z)M9`G*YBK}E*r-vo#QGRnZ8@b8ZrY1yQS>n32_U>%ah~Fw#CA4a!#GdEe+dVVZqJB zmyXS2JS5fXEx0t`dK`F6t`4o$HfC$;zQB#SzXCDAm(rZ*poVjMN;3WPpU_?&4h;Ny z{&%!VMW)EJn;oe3_EzUXmp+z)?jBTeb$+xE)~_Aznfh)5C+jJIf^b$rXFE&M0adpAuxHH;n8=-nbU4E*r25qEX?Cn(qh`~C zr1WX*lf4^cU#o>nU;R_!s}ZqE-)`@siC|=b@))I}lA2EEPxp(QptPD1=gjQjrICX< z10@-sma7pR;B;xEW2%;iuUvoCZK}0%YR%2vUEuJNN56(hsHFa4tFC(&;-x9-lQOY9 zx8?Sw!DeCX$c^1|ytu4!T1TX*ZgFaPnNb;L6v_>{y&D7B0nlpsU~Z&zE>ll_M`us9@aSPaI)@f;t7|1Eig1)!-?97h%go!H9k)Q_tdXgb`{_exLbpkz zwxfc5)cmUQcVd8s)$ z*fOTmVjeSrh*dr}l5pq1hx8YKrP+7ob~;UyX%mJkzNhnExq6vfuKQaVP0iw!Aa|V9 zi8VKN{oT@qb%BwdS^#cdZbjcYWnK<$PdmB`Wgc~lMt@0R|JyqD>0ixO4LS(=!Akh5 zgzuu`!oz7M#j8V(YcRRWPA4!9yjiwyi$AP2*WmmnNuR*+(O#yLh~_WKtW<$|v6af-sG$P z@Pa5lRME!kymJiKhpMu>mrb(O6DdDtX?2oOCmHlqTUf6@EqUX*YeuPah4msRu*ZLn zQ$lExEI=}jAKjjN*3h_Nz8=uixTYQ$XM0@@kNojthe0XgK40J0$gWg}@YX*&NtXO7 zDG?Ze@Fe@SjaZFS0ly@UK5Zb5J-OI!R-J6dz-r;LeLVZMiC53WR^;=zLF6wtkVDWB+G}cUQDIq z3N>86B`)~o&cqU@ha!8Ges;mR)kOPC5%-xgeb;`^Os?T*eqsi#xg?*;szXCBFxtbM z@Ewu&fi$~7hN1EBM(p{Gf2$SW)Xc9UGt>zJO;&TIl=cu_?2{m}^36o6Z2yHrs)fj( zO~Zwn1Vn|9P8s6=M90HC9i7Ez>pJpN%(h_7O1o2}ZMWJQ>tTaM9E^D8V`JB*cU-3k zWKNv6CIK$gABB==)1vU*u(^9WF7Ss5iZy4dytcRqjYLy)4l_Kq$Ml|~nF+%xOw)1C z>Vh^fZfef+u9AZSOr{&t4VFG??_kVBpR^RwNcX{#a%Wr2`!iRS-n)|9AW%n0FXVCH zb^Oq*gRy&7z$dD=6AeG$86e)r@)&J9iM(GsN}E-2jPDdxQfl4$tQ+H8_-Ay@@}~-j zMxj0m$0-^b7J60H!E&KSNiabbF!98Uff^)42lnXJnpN}PJ;6Ji&M4QDN z?PV1>WqcTK+Y(gm4}i!iBF#$3pvUI~M*f;7#}!PoE68Syf2(iuwV3jnfZey^<==u# zcAnU>`nf?*c%P(i8G8sbQgU0N$P4^55h}nOG$855UtDt&` zIC~vk2K_g3ODrySZ(q{k9h68m6xjngzUNQ64fSwY{jwx$cHtrs%7Vtg5kDOy-07!VdUTBe zxe3;wj*N-gu99z(WxYBVO5YyMZt{-Y5YWqx`6^ z$Mm@QJ)XN?E2qrPi5r={4W_HH-3MW%KRMCD>t@su+~wLop4IGSTj!`lW-$Pay@NH` zX4mA3QEl{O2R~Z>1_>F|G-i(UcyBF@B-B36l^O9B6|>!4`TX9+GpHdFMow_bWFQhU zSZ!l1;>6FZnbr|1GE2Stf+;|m&h`l&#~o)G*!}KIJ>^-5xcx?07u|zh3L@6hh8Igx zKC#lC^7jO$epMwQ9NEoX+RAOIaol@{?8mI^+b?1XssjZ2e7tA*lt7t0T+#AqopfKw zcY)KN^jD|RA5ycV!lYI{+h8?p(msyVtq>==Xo9s&oHqI3H7E4fMq%Q4wo|gHGl|w{ zmZDbZOOC&P(}$aZhca4{seMQfpzR)aAspE+9IX8LjYV6UXz84=CO4IV&p1W~M5|~i z!Jl==rhk~_AquvcCtx4b57^QgHPMt2X44YRs@bXXutrX=3@@Sk`%GQ9L+=2_N)=k|C}ORC`k8nkCkQe1!OhzC`F#oE`Gpd?fg z#9kw1AxgecKw*b_dXtRk_IO1C^rEv*G?0C zHX?+VL~Q1dcbAJUgKrfw_%MMl;t|AB-VmtldzLtq!5_Qe*qW8ZqJ`BDo42jlO42ek zxjoy;S7lms;72IYETc&otnz*IqE}4sLK8bdWP@ztVF@2_WcxjNLhq(3&brxs<6TDt zi{dqTNG-O9()9fvFBNZVYiq}rmq+9nvbwCq&PfWDvgT(kH+rHU9#>$Z4A~wuM)&hG z2p&g}otwLvRx#5oAK3kh)zmMI_XC-uJDwL~GMjZ&JCfuw1u?tS8TjpeHDn zL#Yy6Y32_%rwAfXHyf-v)nEM{dj0Hvog+_m1i$oL3nuc{ZJ~0XH5p3hjdT)F0E6$t zcG|a6jFdniexsWXBGN%XDGv1+v3?I5Zop@IIIG(kj@z?lvG(#C>9*x2fUdlcTyxAu zG6h9W+K?4{|8^4@nFBfzxn6W_2GmdP_i(E3K4;OqBYKQTe0dLbHC+|dD$|5)#0Y!r z6&HQB1zH>U%9}MgkE}8jUkKir8Nr^8VcD_Xn{T3lQisLJWW6hV(PJYT;o;g3#t+et z5q~<3RY>IsP*WC78ui}hR>&6dRHjINw3InKX@%Xl-X4Kkh0U8Ll*O~k^y;fEhto|a z4v&tu&j#5Yg^cbLG6mvu9yS?-o7u9w_KJn=cHk3w?iQrn%=kUd^tjZX>k5nCtOngq z*F$+Xo4O;3`1kDcH^9rDJI;X0V!R%{PxEP(YPS!vw+?+{QWMyS;%>NEj}!#%3GX%q z#7Wb0fD}|6j{07419p>x6WI+|STitW(Q_wDLwf zt9p>lmbtUdc39Q|e~#=*&KP>pt_3-a7k7oWW{vtDIAwcSa<4#22FM)kH(=R*Qf4jw zj$E#zT%IK$Vc1jTOv90p(Rx5e?8XU`*-QUKBN5V>hPs}evAJ1(wBz>_YR=Vv+DkPG*w#o%1$3YjTYLzvKCRX}jrn<-FHctsj^~|JPjMe2 z33-z-cL3Y6e$YlF2Om^5pAE1m?thb~d%Demk>rf_E<#*A&xiRTu%~;t3Cq$a3fIPJ z8GL!Q(Hm>k8G^Y8IJVtlLp*#csNX?V?<~|uSXuOv!0&D%M_}(~UaFXn(2S9vD1x&1 zBMdf5@ z&KuH?zLkm@d{v*vXy_GE+k%M)B9mZ-_C33wWyNd7Qu+{ zvB=X|N^7NQ_X|VtAuse{i`{kX1JP*^)q_6}y8Q4W>$3BH#w_vxfi~G7E&8`kdB~jkXjq zPl8^hic2hIVh~QN_t}@_y(KZ)R^(xPWs&ytQSs3f=mnkF#Sd&mryde3r|wr;e+`oNLtzTUxSmo-T??4VsdHn{g33IkcPH-@*Vx?uYDT3!7%w zSPpk^M130kGAergXKbwfa>i&>0&Qw<_R#&j#OU$GV70pq6=1uQ(!T7_8yXRgkW_BwMt!9n z9UaZ)oOUFP44RgXdajPaEB6h1ze+r|)2v7XZhu=(XxG}j%6UAnB2%`9iz4Q87njj2 zR?&R+qN4Rl2Q$3x82Fzo2wOlU`vQ#v8{Ku@FRIX1tvCn~&a+Y=M9ZJG&iQqIY z$ABB#3r}j0la7~U`wmNuN${*&Qr>7I3(5Am(y4P?Sth`Vp%TxA`^;=zOJ|+Scj97- zE5WN-GctPz0epG|kAefI@_!!a}~+%V2hH%c0e~{R+q5 zt;@@Xa9`)MpO<=#vl=f$Nu4t2Ja1ie3aCFq%g84Q5Et(!JV6_-p9;uOdeW-cPQV|` zlqB!HicB?Y0+A7}m%0jRq11RfZhYHZgV|`sE1vM!hemJKdU!JQQ7^>qd^`E@LgZGc z=LSGSYoxA*j;$Minrg4=FSF)RVArEF<2jbEzb1Nye5TbTJyRa~r{8rE7>2}BSZnr3n(@c7U1_lp^CY`7wf;;4Z4Sth8 zz8$#(qIa9{adYQxQO@%3xT93I|IP(?_&uT2S!X|8rZ=NKy|gq8=(r!-@20b`ZF8y1 zIkSh;_q3bH6Tku-iZ!@W@84=4-h+3tKf*ALi(L(CU7mpdZN%7_IQ0BY4i}tzv7(;K#UkNhlYTSSaILb73@0q zL)}8fjOphCh$58O@JOfDgz!AHvsAY>V&(A&^nU#G)*B8i3O=Ts0hpu`uF!4Arx0L{ zH3R%_oqrE;YCiwfX&7F68e_Z=#)^Q^MH2BKV>+Jb`_!m$24-dBh7_^z6 zsAMCgECz(z#D4QsE{hici9p|Lw*ZcfN_A>N;9(vBF|}hl7mKc=oc8m-rB$$MGj#-;e^5^l8NM{74dO@K>{l) zBS|>|5&ihs4{gmAy{6;&+eLUjh?70hWQc&c@)OrSIrnwPu5jbB943WBnM&jKK$COw zhUSuz63&sj(F{juKj589eR=w9iL$h$D=SW&n8LhQ?#8~{RwJ8KPis`9Ibbg@fz7!0 zC%4{kLO&fw=O=(2I4#)MJ9nTn@c4j$sB|9f=p6(;f`rn2Oy)4@cqVohAL|4dFt&9H zTJ_jGHHSI5i%=Hjx#G>6Sdk9kHGbngrJ?0Ktz*S27Q5BRLuj+p<7DVzMR(cz8y4j@UHhf-=^-22SUI5UI<8L zC%G@XZU*_B>C*p(-I3=yOviCrtX_E!+hO#&-gS3H!D7L^4`zwK(qx5f&`X@@wb;eE zl>{xspSjU(J4{#kc>U+S4Gh+^ZBNeUInxtD;rBc8_;HETZoWA>NBmR>=6Iwm@))RS z`NJw@+?EcXVS3N~e0%u4uN?xG=x@H#9UxIT>OKL=M0n4h9!lxO7%%%(&#~o8SMOKY zO)PAdSZ^@}w#r4}_D8~Q{x|y1OG)2-y_I!8*tH+LDg#+wlfvtsQ+V75{Fc+l%U*U0 zDA{fSa4|ug0R$rkE-#_oF>Ne()xq*pUWql!}x}WX6nX2&ppsYL^w_FBdK{ zI3MB$2|T$Dd}H!{I?vgGS0b%ImDq1t^ABM8UN@x{3hrG8QF#6R@jixsGRAXdunpP3 zx%-tjP@a%nkslo#Y&PzfZw&LVC4)40}xPr@QHeo&T57V`}(xv206Nfayu@I5Wdyz3Kf4? zD`c?6XHX)axXPOwgV0qM9bU4nB#NMJU<5{Jl%)+B+j-rcMbZLi!LwP&3MgWi{{_T+(^Z?-&;|3z+a~_GhW`x zUdPl34_9+fJ=U!T8B<%^epI&~s>D`CG;c%ojGle>8E@CW8S8xR^OxfZv_!}Ut+KZ& z$=kYUi8=?62XFG_)s+hnF3$6)9>Y#Ide4`yp((1xU3K=4_j=4p2ccH zHG+E2io^;Z2{aqB!=Xx53g7`8@UU^+3KIn|b2kTuDbvPzRyt%CK8wLW>@ZMBOxD*YmcBOy)if;xyyhmpQ zRtW(JfrQ_ITv_B)YT^tK>?=Bcx}olYE3g1Ae}9C!0O{jc-4G3_ljFpz1zx*0EFDox z2u|)D0KU2byz**lZa?e+RSrN@fB+R8iMX%G^%BTv;`+Gx91HHVf@ghi{#Ca?y)Lkm z>6$(=)=mjN;QZGBC=!1R2lV0!01Ri~nbn@>mIGU7SglkCHyg14Kj%`>Y~ILgmkxl^ zwI&PQpJXVyn?28OfWARHfSTvEp>}iCJwt?Whug^pvsvZ%@Bzqiu`&P_V3Y4YYXt>tB6*3&dovq+ zL`{yxpS>*!i_Aw3Eq!Vh?^bPDsh176V{1(oOxxgPl+qP> zpx~{s@8e{~?#DYxx{*bysFnvVwKs> z*-PGOU%wP$q4T@GUX77pw$5H}L-8V#9h&Oscfa5b4@ZERGFG%)kpf)>0H0TJCOcM+ z`aPZNgO6b^cHHHCoD}U?laL-G zDSH)`JG@o|!bjBoQBy2{S0ez34sYgMNG`)`U7(3#1~&w;({SY|NHcs5sbDv~a3G$> zVS>bv>4aoEQ(mCW>H<`?ro=sQ*%|M#1i!L-ue~(OrdVCt_5&*EbgzLTpcu^WtpaKb z*HO_Fpc{2otnBlP^Y@SAt)-e#v5cl;Xa)eK|4dDF12jk;Q{R7p{jhG~CdKcT2wt!O z3BGqAi3RQnl(C^ebryZ+V^r}u2PkfGdMUwC@Rr9&65x$-{fP|cRk1#Hvs{^=WluO# z0>Tk?v<2Ktfr8m$cf7#+B#3GgXs?@I?oE+i zh5;~LYpvT|S662O?g3o`Mdh*`fGy2_T~m>^>*l#y^6cdJiNP+7VBK%)7dv{zpPT^@HUh6~aAn8?Mt8_KVSupwLV-PA4&et( z_vVdV>^^6VSUFrVV3_S2Y;h?1_2j8O*cmM)b7HaPc93CZHANZP-Vn6*_YFNxYuD0q zDE@g-jontx?Y#0+7 zf0@6ty9{-+$T~rfmou(F9C8I<2dDG8)QH%<9neTjz%BZa zDfERo#n6ih-mn4{>jR*ShB6jD_I!g1mReWGCnPL<3l!sv9^|Bv-F=odA{T$&!!ZPa zZh~wpTHO1Hm&JS}48?NbpvZWs@e90zq1eK2U|;~?t^}Ydk@aHeU)xe)Vsl3vCfEve zE&nwZ#r?zpOuihpkO}n6GQUjg0JdOLbmqlREF!YG9?9yfEeislBSK>T_ zM*+!?fQqjWav;NH)`J00XTX&u59;GovzRp?W!j2lQy$*82i#5;t3h@PGa3MBK-N+T z?|G&exX)Ei97r6>_`s1N04t*{mX?;_>0Shgu%(7A>FD_MJlndy{G_v3XiDrJKp^BP z1D*9V@IM&@P{m+;gh0&`~iSk_y6Dk{}*V&|Ais`b#Qv;!LejtpKpek zi67BFvdtCZ<$oh1``5`Ar^hR4!jXY&6>PQFhI`42(pzd~33FUaw~)sU#RopXRR z&9|4+mwk4GK2(O(|2ZMIrS+u?!l$g3K?1oC8=EBui&bw6!|2b{ugyO#C+#GE5F??x zJ(@2DrEQz3k4S}E0UT}Fw|VkH#(1*FW697Qby*aJz%*tRnj>EHoohn}+v(CdaCjs} zH5Jl1SDJRJQ^ONcINry6CiSa{*erv>IQGM;@0*1g4uId*0Ek}n+xp3`0+DVXT`R&Z z?|?H0D?vtzCMh9JZ2Ic}pD*6-GQ2sjli7ZpIL?qi@Aa6OQ$MrDs{*k0x6dMqz6@kr zh@ZsoZyGt$k#nI~>cNbZ%HKM~hQ`Y`!%$k_G?xp!Fw5SDrfq?dFh3gbfbSkBKRRu- zd5unW8o{TE4}3`l&EgTJNqsvJU{;QmW>4-U`Cv!y4Knbhq#@I0UrJd^@{@{21cba` zsr;wJF0rBH7^Cm?QK2y3{oc(17U;Dk&t~`R3X0%63P3!qxo(Vpk!Ks$TxkTS{vX(q z=8A21{x1?f3C!7%!^8$FrDzC#{Qam_ZC|R2r%WwLD|$uvJI~~85m1g9vbH|(!f8+l zsLS86K~SkF)QTjAct(7M-o5BrNxtNcn8Gj*#3o7VL~5;H#%n!95jdDwSf+LZY0rvn z{G~*~$TH-q-_vX5nv!{Vo8*2Hx8(f5s@75cnxYIRi~${NH!w$#CYkoje)TFi44^~y z64Si}I;lXzwb+>&2JEnm09!)tWi|&dZWYq?izA}R9A7K&*u}*bF{-~URSoA=zxuvSfZguY8N-^O-ZI7r_JmYQ_|a$n{X*4Z3qTL^_2p9z~?BZ z7O?~QYz2DdVw<2{YMf#}t5>o;XT-iiF8%azvUrU7aymZu7M}(R`w5xVIZtjRrScH( z){|^F6`9rYBgiUNfQmZRjtB#_e5+TX;m^Lu4Sy=tPR&MG(|*=Er`7E_o<_dKObpP)WWRp5`YWdOmduDz zA6pw!Bmf~>KRW`&(3NT?Hi-e3WeuJ5+x|`}KLNEJVZUYMx3YQPUecZYz8x1qd^&^6 zwK{qAMO;8OkZ^p(I-Wy$o0r>4bD1<$Gat~ z|G`Y+K{P@I&F1Sfs?}mVRPm&F_)`~!8qniMCiD?jVX(J*q`M7?n~SoLbtLkHdkmVp z7U=pG(*~FZdNjU6!4B{Uv1^9f^D1+ZGH5WGkr^UYsf)t!oE`lG`NIr`OnL?hyyZG@ z`_#vuRWezab|nbPzapEUqEA!ejj7R4zzwJGPiZH^SS#kE+Oc7i=1Bgb!g&&cXTEni z)2xazNI{KTk&~E>Gxj}0r5MSh*Np(gQ(B~cK>=fuW6dRz(nUuR46DMya%YZZs;eiZ%-o2R8366O6I(Z~6=DzA&=S2{>dr4w_ zml$zEkt4etWlOz}enQ>*lWH19f29OqG-dtRov1@~Z#)(eRtIgA5O}mFNf?b7#N*$V{K4X-Pd~Rzz2}X05S_V${a0M>x z_Gi0p>E?ak;|Bit-PTo#;;Qb_u1RR94l~GUc}uBTa}_f#%ZIqFoIlDZs~1MFC(|b? z;kfGsWk0A_?b*{&RAk}5$sU+`Q75j+0-nvE1+mJA*1MO99);P@d32yB6!R1pR!0p} z3ir6DDKLjp{1q-lo%Rn^e`BDvx1w4rDuq|OvCU*9YdLU}E60^aYf>XiuP07CCDN~s z$el@>C5MkKNu8D}Foevh%puM5$0*VrA~kifPG+V8mDxx0f1y#cOm8MuY8Ple_MUdG zenqGHGKhZ)F`raGO;9?n2!#lcJ8Um!14PO{zV_sVfXY z`9lK1zdq0r<)??m7bB?mOLdrwGRY?^@>2E4OUn|FF@534CA!(?BRO8DFYp1im{RVkR) z8Vw13*T#JSZ9wKssCrGAmmITVH9e~Mli;H^RHa3xzYQOQXJwI;66unfGlW6554&Lf zBpw3%nBrn;@CX~1XOQ3{UtYFe(mKrf~v zj$a-TSZ3xGvg3D{{v{Z55&GJ<9@PkwQ?K{nQ zx57YiuAVyHwrm?@qDPRtCU;U}(z@g8q6ot| zBd%?He*5|QLl}xEaY#5jL6=(DACIlR6FdyBJs1f!VW6agN}SD>+>SzSKciSpouSCH z+XIevR%4I%Qb_;0o zO74}3X%ywn`F>K*_Dy>n6|==Je}ka}1}U1OiX9TV#YqYWoUrbbCQJ;_VZT0a4%weu zPVz`e5y^RlxEIG=S!I2ObvYr`sn6D}b1yw+n5|?BRT~nWk@D;}&qPG{mCJ!oavQfPG%W7*#^;*oE>FSl$G4o(mz zXGkAS_}Kk(*1@}-V+}Wih8SS*{d)RIL{?(MKhVs*d-1k(8=toNl^w=nyFkCwxlNsg ziB=@-o8gKMuss=u_*jD?TMB)4v8l(ySDG~gGWK~bS@7Sg6$7w$L<#jPn`^&M!wDnb z_V`5!H5P_vQCDZbRm;7wc$uNwa&7-vk8oQ_J#3fnhaIM9T{g9?X}a-3ZJT$Ot8L2s z#>lS%N1fX0gVH6zo;nROKF$Yg;kz#u9A<4WEV=$_4n@$!d?6XDEpoScrrR899v|(G zfHrYrG`wh8{#67qHQ^_cc- zByP2K;>AQ3#E>!A+~;p?ZNFc1neE;=*HtlJ&Gy7)pia3(eXi3M z7IS~K5XLw1YJsASJJ}7P^RVYPYpEoLBcozBYG+EmcGQ#~k-dB|PJCdFf|$^@+lQ-Q zLSi$lLVo{I1=aF*ZOFzmy0@#5vA}Q0W+*kTP>?l~BJ8KVOipm*yH2<9^VLwAPZ8)* z3$53&i^4D$7DU1<0@xKMsZf6rOfach*YL%Fqwdf5N-Fp$LGJGEF2FW!jPszS`&18p z6dpE`W||$>hjiN0)m7tC1^TpZtX{dhrFTi*G-Dprc3p1L5Z%Tg^zrs>5mYV({7wKA zU|>If`u&!*Q(1uUb(CUl9DRJBabaGQTael)4t|OI0q8uqQuK>=PiZfFuC@W*4HEP>9LMa!hv&?I~_%MP#jg}eM z#6I5h^{A>rE#8{^P`sx^FZULfi zMXFLkVu>#zJ~dUL-@V3e>B7iM$HE`D?cW-#b-upkuq?gGGD#=a3}%jE3acy8V4Vme zkyWiz4QegO#KIl$klRsvHmSq*wvetTRV&g{UW1>K-?-6P?T32xUF-f!F$^k1$6(1i z_5H6^gXU`Jq!W{*^py4C?09s>7IIs*>?OAklmieuGkTnoOojzwS$or2LLVLVNNc=) z=x(ArG!(u!<9*$@ViNaiJ%q-9bs|3pu}IPya;Iz5H@-cvoYeVN?9B z%4TMULNu$2n**as9OvTM$s7vTt^C`!Kux7rQE!v2PV)h(+tkFRXx0|n@!hQ_6QFI( z{2Kmlrk0^t^!waw=z8&V4t?5xnYl?GqViMJo$~#feTlPi70ZXS0>s!SWU(RD@>3;$ z4c1HXk&t=L{v=ybr6~~z%?(oL3h7*uq$nT;r_A!%`t{UZyR=BXd$DNXuCv-(qWv!_ zg(^RJG=dG@e)@GRTbo+&+4J-er0i&jg-5j-wJk>QhdAKD3%NQ#Vo{QY$s!VYE0`UxaeDGQI?t zLzyAZpHyps+`(izO&+Uf-v&}ca(YI1(yvckc@ZfxNWl0vco zek53HX;csw5zlvUCJ|7b6MnW{&C2NMT_sFu3E zFg(E&D^H2-M6hsrXt9FG$R*@es4;1l{Gq#in)0fX1xz-71wZpINv%xej}_kEcUw0_ zEsY*> zn|1%43xIcaD>sF9()i#J{hGQp_BVR^aQGbBzT(BkmPU%| zZcRi+b@hweZn>zWrv)uM)5517htE1NZzNwdE(H%4#t&R|U}lV@&KpyNek|f#En1#< zmp2$vvHX#dpo>Z==$8q|)0xr#sQnld&*lQ3@7&MUUooFD6FZmd!~X(8&O%lgWe$4=Zn>KRS6J8gn{XJOJpek0CN z2s|0`G}_7>_q^oCj7E}2U!Vhn+b{7IZcpYkR8jw8vHyr8dUe8s8s^n9%Y(nP*1qqS zTQEU&#tkLy+IQyZl1n2kzvGA=31El|VIXKfxpm%$+TE)tx8375#lGT?ZfDH)LQ6O5 zKDt_S+M|tjJq{lx`Yv|VS%&rww0~wQ(u*XHSDC1KD6ucqAgEGdXwp z2d*;9>|*p+vJfv?@`CpIc=0qkkBep*#E3{^u0T*~1U0*RM5J{l9q&;yz`gSY3P=XF zb(G@?7LqgkHW?=j_ML%KCZ|&b=+EeokSY}A+fCwFg#jx&G0m-{7wf-eP6~6qCyDhi z%C1F&en=L@Z=-YS;-yB$Mw>Uprvf38;x)yaKRD8-C?}YA+GRJhLf8QioE%_?kyD;0 zqIL)K=_i7&!5qn`kl|fg+!y8{Bj!{sUUZB^lFyyvhjPUIy8O&PKRw(Maq_Px%6bh2 z<48WI{>q4ea-u;<{q^6QXWQ_Pa3l#3(ErC}ywsQfu6{zGG0y1jcPQ2R9Ke&8J{oGsEG)u{7uS0cX>Wp=oDuadqrmxE7F#CNWe=bbY%um~{YjAb;dO+j*;Xvc#^G+q~jpHP`a= z_Gk&q?|hZlyQ1zm^_pcRckt)9Jf!yM#nElEWdC%%Y;;t=>Y1rD72%*z@4JbD#?>gYmXEWF?`gqRs91gzk}x)ek$^`>VYAtNL@1% zYL&4+G24R}8l=qp+(zKx1`Jx1#f$EdrJYD+{LCk;l=4!~y}<2v{5$MQ0xjFOYgMQTrU)6=POT{C zfLBJ|_a+~K1c{FR0Bg$>r<>1CBy(40Z3f6_rFF~7vW_2lhOff$Z+o=ZWqQr`2M-@Ml$FmnLQ0AUQKm(^3`OM_ z{xp|lJsOpnF8k*f4rTRpevA;Dat~Z_5bS6fF1o2dHtPRBsC&zxIHK;|H-rGeLvT-k zpuqycHG}}cEd+OW_aQ)V3+_&EcXtU45`w!A&H#fAHm7;t|M_sMZk?)Ib-vsWQ#CWt zJw4sK_pH6v?|GKI1ZwZr_wO152b#XbYp><~n;r|bHO(6A7+6S``{MYz|slD-L?9u-03wXY0}I0Z}sHpGYAD7Xqaej1J+*Gz-)GTJgpTjkdsc(6(nRMXF&H~~z!qc_%!yd2k<6USJ7E_6TT(iYS<3}%?38IaY+6vH@ zNdHn={_Ng*y2orLApV|+#^SbkVnCzKKOU(Og*XR}&nh)r4*Zicv7tlg zDA?_wiJTv1(&5olTfM>J%y_g!7{8qE&iJS0ZgV+g2K>RsKyHnOj8glSxW`=dP7`1% zQKKpNKfNc~0&q@pR?ex$XGAo+k zMX{y12YNmVKe*2veim%@Z;jh2&is%Qt6E&~pn&gY3KYxV6tLuUw}*PdSRBmQ6(VF6 zm5GIVu9E6#UqH+ksD*o>ZC^c3b5oZSg}vOTqjxK*o6f+jy3@WL+*~zd2C7^>ZYQ6$ z){YFO$fr`>brDn*=&D~G7a5QUr)TsA!>OBKFjm#({W6IrCsngV=c#VJnm}r!t|}I4 zg8Qzfse(lGD@C(vKTFh5V^oV1^1@bTqv--?+d;MbrL`_NG z8WOeOAbYxkDyUCgsJ2yT3ctnUgV*)a{T4L(RaskF>(Qh8(T7l1!a5gVVxCkuGV!$2 z`%>tWiSIv=ta^E~gBS&C04|l@F$`dF6+<19dGKN3v8~ zx*MDBg9RET$j_HWWeUtTk#cl`~4@Ei;UOh+zD3RZPri=|$*TALsQ)G<7 zxWoHG<`Oe4>T;Pd&g%V%$-WeV=`%+Ob|G-X{?|Jz-Y%pV9Cm;PI zfs3w`hFH_W-(0TUh)4T3QTbWR>0y7ty7Q9?5-@GF4AhR*=N;^M z`KztV7I0{tmrt#j^Ue4sMH}ndtjtIhEKU#X@5i_7mYI$o@ekX(V^jS6RrPWg`?uWQ0nOFP=};Lh z)WZZ-IYSqD$v_--6d{%;aa{R=YLo%Jiz+&RJL)t^g#1EdZAWz}H?;5x~u41)7 zjeLm5wUMK~VbvqMgEs@Fdm8e4ynf9OqBG0mFxzCusWCD?=M_GjV=Hs_YZ7OHMVM=` zv-k9+6IQUb`IixM9(&3mh0|q)_$f*J6ka1iPfn&{9`e>yy2(4aMY-3CDHc5BBR?V< zVngG<3~e|Ws7BgUx%-u_1WCx_NA#24{PI!TFHkLzM_DPn)|PT^cDz2sGa*><_r<)@ zo*qTm{`yMFm{x(PemxUh84&w53dF^a!P6FPR3Kf5G!`u%sKzbF9ox$>eBt0F+_%=Q zV>B}}Q(QU%5W^^9va*;!#50Dn^9+bw#MISQN(g?TH!EiF0fX458yKPT%F1{E&(DR1 zYv$Fx>U*ur%)(MqyyvZR@g&%z5Oj-V)ozSr^6RkF1Hio&OG!z|(JbL~i4Yt^&2M%s z02gHk5TiCc+LhNne8BM50pQA~;o8ED5oJ}E&xAUx2AUVX(z>0TBT!NjhA?Q}DREhQ z`w>N%*R)~SfBeg{EMRVV_?(_tdDi~cRE`Oy)qC$npdRHcM1pAu4K# ztVO!h)bk?6uig_%&HTkPKW(IZm^Iokv!1a!eoG&CoutEQQ)MySeUm2Xre4k^cN-rEz+IVeY zVIFTuC6Bo;-Ds`WWY#vPv6i7h`07L@GMC0DXThBNYvU$ZQ}kGgP5)kZo>j0oD>7jO z7!4Ul;77mXu)#?%$)MvAa!dR!+R-(U!QThO`$_~sK(Z~55rZc^3NUJ^^+SNt($j%i zRN`Iw5)^_aB^AgoD zRPCifPH2)$g1f{qc6>_h17EsZCM23&frS2eBj8bQ>-$k>xVP1isUNZLpXAf?EApIX zKHmQP_SQHks3;DaB{XoNYb#U>_kFx_zy$(sLh5Ydw}o<$p)z$df}WpY1EVC8xb`w< zeDn@(N;%G@ckhcxlQAP7r(H74=&NsAjTBr1VXa29T|OD|Ays>bPx@KW@#cJEd?O)( z-#p6SR~h|*}qvLdnvy(*%)X1u8AvEfZHei7g&3YwDEDs+h$Lt z`LcCmv0C;mKHnmRTY^%+PeX~YBBdiemv=LMlWG~Cfwis)mASPWxs{N(kfDM5MGPC^ zO3+dk9YNG9cP3-mB7HH;(!Rh6v$*J>mkf8dDCtYd-U-?01tAOaWBzkfh@A;(#w6@! zZ{$-scCS_I%7q`oT(+Y<@E_z@1lS=<5q-8s1+V*QQaK@1T}6l}d8GZlJ%fYkQBqN0 z0Vp7d=5Cq6=NJGeDv*>kHN#3vpAr_KLlXcp{p3100M5LvutC7>*tThTyEtck+YIHqd%jPXr) z-Z|N>#O7ll;wZEurmd~G25Fu6>-L&n?)`!HaKzbO9eot%Uq-Xl^0QMbhNZ!h{iRFZOpEH?Y4^HHbJNJYv!R9qW$bK@@8Z1g-*x)uZh@Fd;0d{%e~+)+G6}cVfq)$*?d{(8Jitj=DEBc z0;>|_O4^)Md&6=ptY&)01vMSz0@knRh+J#E=g@O?iGnebEikC{L8f~GQE|yFY=Ge~5!J|-%1Je3vQ))EGJ3%_*-fi^J zGE%chSNm0~i0>T_Z@T845*{MVIiPWViKfpRW|Dix@sB2|(#N2VL+sJ{Yp&QaqZ4fW zEkA=k#v6Mm18!Y4Cu2PCIw zBP-c(Jndo%^>|`v&U}y;Q%AF+mWh&{PLMb0?eWk8nb3ItQqg&T+$W52q!oW%?6}Y` zZz~Mk4;c&o4E{FJo0T&#F#1eZ5_3^uHHc4wvzt>>(F%?dCZ!=m;UYeXrlFLVQr#?g zEhCqXEvY=o%@NYPUX~Wj6VCWanVVZ4j5*rSZlEnWM>y&cSFl0n9%EP_O`0R%GDww` zN{7!RCplE;ANvwNnuSlu?x-}NRM4SqiY^d6j;Wg10Cx)z5(XNQw1{cVxjtzc9k&0( z>b%KPDB^cJBH>+jkgyZhoqH02TUuL#eJOVUx%dVkDMSWRE~L}OI2@pRkCS$o0+sKD z^5W8xRALuEpg%tav|UbHQM}I`Afu$KUWcr}khgk5;a5An_W^$ZK+^OiYnrI=UhhT% zNa{P3iw=cM0ZC_Pu59?IISH@bat=JGTbf=vo!PAe`fgO*)n}T(MPB0W*Y%t5w1tzR zg&^F~hT&z<4BCC(zAy+-{EZKrTiRJ|T?=ou_@4E13J2R;^Y=8~vlCjxr|hN;Zt7Z6 zJq!qDRHn-j(rY)7a3?El4!QnzD9_wo1mcg4m&p zHu2IbpR81CAdpHK%w>v)H?_hXL%f3_yaMw{ZGWSU2g_>>A*NSlZnGY%cbCebW~y&% zN}u4vm2z(cJZZd;F5;3VvPXNzEVKM>+4q{t_A)l%yD?MW1j3efiDEHFCoGF=OV+an zs2vbxP)EOgf=*@a&r9jlr(j(oF8kDQXPS(!^>vpwd?Mc9M4#(mn`bjq@%xg?Gvg;! z$ve-Bo(|;OvIOi3_hu)(`gEKHwf&73TXJSwR#dYna`dH==P=IBUPYj9c&a-ka)QIq zv1vJbO3u*-yVA1lI>DtIIIUl9eq|)7aM3)Ou!8kIU8kU5s99lNfHzUoSyL62>C^^B z`vSwF1QfxSW&eR+xFz!AS}TQc`tm*ydaPC{o-SXhmODh{z1u%9yC$bBaKisEWH!C4 zI?!@xTJ?6Rbk!%j?kQbDazj|+bjRK4sLl{WG>WYyf*qnuOC@h$#U|uCcZbC#BV?I3 zzv7YU>tBk8iyzJqT9nz0`sGDCTa**aH0fRyt>X%Y`EFUV` z#E~-UA9=Zcp)Vzzo2wamKT89l2a*B(^LE%kcRoS7UtD862~#Q zvQVYFNA@}Ia~}quZE?8xhopWbwfg4=hBo&045@PGk9Sb~h=CL!Il;S<0KeG>^k$=# zx@{f+^8SRbKLZ?`fEZ;b$zRSOOPa2@xYz)Y13h~Rg@wJZfCOPb$aos2>pG);KcoLZ zC@(KB0XckHpPgI-z-#q_&0gy`pdXQyl0qvjt##g25D*af-s1G`7kpDzQW6Ewo{vKC z^2~{3r|L;auFeHsOVG0Sx5bCQEeoVC@6__c3(KfC&91f%X|PO{n-3q$_#O@shEtI1 z8{0X)LOJ#wa(C-x_Z7yW;O7Q4-r%;QaqsN>MmwUeN2_gZXpc zPPeKQiz=V5-suW1c@M&Pn-onA^>F9gF%s8KgnDN+6dke!xhjswXnl6&8PkRQt*g=p z@lQ(L3$crzGVut(*~p!`hG4w7vu0g9Tn>6rknRBf02H-+r~7 z?KzXe?7A`rmev?9?m53LC#DK)Kl&Ag?yd$cwpuPLr)%haOm@73DpZ5K1^t{ZqkE{t zmmEPi(vQ1xb*>d|^@99aLA0}Ay}o+&ri-#h>Doffy`y?8Xv3%Q=@t0!J1# z+?R}m2EpZ&!eo^Drlyn7 z@%FH0cPxU1xwLTW)a$O(xKiNkmLPAEZ_)ws`@4GG#ziy6!OjE_qQC$_suGaa05o&O zWo2OOUEn5IUs`+Qc`{F6@3?pkxa#B=76t>0$`1VrXZsirTidm;#UJ2=6ENglG%ykw)7k4*7UMVRh>6ckTX^Y6Nuk zejDt5aLlGvFYB%eE+9&ZpVRY>0%Cl~b6CDq%=vb_;)kaU{aD%nAiOFmExmOJ@(?#U z^n$vNW{PBtBPlxlbL{Q8PyU2DH#T1kVcKI8?G#5ecK?n1{L_HO{!`brmY?pF#l68LYAfd6L|lo2TY|NT84_&?vyYwJC@md%y^ zzeUxX`uN=U|F`O@wcFH7uYsNQ|EBx@UT1VNM)<>Hx%TMpTIf}-IF+C7V54{Y=&H(W?!m^oS3GFYGvR&|_;eW>ng7b6_-urIO zOi%k1U*b>+@m)j~qg^&eQIKdU% zk->g>OF+?yy8PJ!E3jxaO2j~zmX!9lK(#gUVps$tA^I!j@J2{ zVnUX_6ag;m%W;tQ@lmUGu?_X|UgIy^<5419rot`MMMib8FYM(O%IH39_weU`)|&2> zjqLgti$RYaD>2c9=8I09{=aS=cdt{d)V4`3RYxNkG@SHr9{yFagGx5@uIM8{ukw_1 za=Ix9vPw3$W>;2Op1S=agb=4R5%Nv>b6=EJ> zBQ3G~)hs%a==g8P9>{nBC!>;!p=hUYbQR#gLLs^FiQ?2QtItz}tDwXh}+oSg$-z@+d9jD~|xL zccD{M-Bj|g92iOPaCxX-yfzd($V}Z>h@_^bwtjslr2|nR zZQQ-1{da7qgUkYAR$wG~kxrf6VSk?cBM^=_l~O=LtQiIMZ^;;mP;#a6C*^uzxS*{L zzCvokaTIMFcssqL5c!=z_!s>FC54tBT?t99xG;n%&!5AwuU`(;Lay!1`-qW*j>a%A zjJq(;$l1$5keh&3f#a1_15-g9y<0Z*T+S^S?d!03ZaIRn;Hl%mSj-!Fl^Twk&#(K` zYWP>0GX*eyg@?RMr#e^>Fo=tm3hj>r5}QD|d8^Ufo<~ll=4Gr0@UKd?3PN^hU+QBW zdi&`<85?6Lc95s1(o>=1%aWyphugVtxGkWr)dN3Lu`kb#oOq=4I%%RlI~Z`i?pH+( zx9Z!uG|)i8ii_ol{Y<7hS-sRvv5C4Y7mWTho`n7dIsW|0WwY%rbJ-(2BAB-2cu9?` zYM8pSTqX8PuO;P}T--mQX>XT*lfc%@+HN?@b_}h{OfTPxRFuO`2oG0N31<(IgVW}$ zggfhdwQfBQe;}IPTSFyg@52*kA*+(O<#kC4`X<7sDrG>X)vDvXo5uR~-%te+xVDw& zebd*kM4GrA|BPH+v6lz+4s)$#%lBOm%a1E`ziAw@%t}Nsms?ZM+iA`sSs&lG+uHec zx4PYawTAuR{;;oaU9sxWZ3VSz!YS9bQXlo{UbNFpn(187;`c3VaFU3aF?H2sRb*`{ zye^!q9oJI(uu`hsv|`v1U_~;AYnq9qOD=RatYw$7)YVeWpF67SAvXk#} zYiMZs4X#~m(zZ@kXo85=yE}xf3a*rXzxdVAu~PfKY{hHGAO3CNpX;{>Q_XMSt=WG^ zJlbuo@4;40dRoF$X)X7T*7j|tu9O}lS|ZMcu27a#PsJJa?-8>NCaSA873C@R6~ceD zw`D8#BWAU{m-K5-GWl1uI&)o5-yV4lc&#t)&;AS1tI=wEU*-$lnmteDs+dV%x*GxQ zYaJ%e0>^y$?r_zbrM$IBt1iT&Q@zHi?&%9xEelSibpp?y&c$V1gVU|tp}$6ODOVC; z>})rdExPtR_`a;TxccgZQpe6X@#}99ColDz$&K z+`C6I$PE%l^(`xWtpYEj2OHIKb3u&w8`(zSszx@ITbX;yJLef7=y4@G0A5%4Or0WL;g zafO^-;cA^-d)0Vd**55P|C^``Tw7i_dpxV!v9FahbN)}u+V)CnZWViW(KWpS`8dhc zwLz;&sB>29TBT60$=+{StL@|+i|Xg&*;Q=c!-l6fVAHEQt6KV6<`pZySYxh`XCV#N z<=AMbkaqCm-87lCE{}ey?{{lcUh@VUJ!|25x4;HrRg%d>)?k6;J(GN zS$~@a+X)uIw?A*VTgBM@sEmOoL?pbG*Aog`Bx{&oe+JNHUUIi`6G-+gtoLPwz5+-8 zP(HG2SD-ZglSPP9v=$?ws>IEJeaZH3@+G=Wv#>yz!%yyCp`ST3sDeox1C6d#pf$P7 z%sk1M>9I7X&r0J5zi0fCk`fnpZ>dRVQrTY)_h`palN1N$Gpi{_c>BCMiX2I`7;;T}DCiZ$F>Tv&eoGno1WrCiUxV}5^cKNg3vp;0(_jPssPN$J=3M8*L376?&SQv>V_tCx-?$~C`R zSy_F#0k+bNy_%?NKtSERz}{vnYus>xdGPzxC(pGfNtB5v%Bm9%`7!YXI&kd>$S=RbosZPeMYs zY3ZV2&t4V2lE_rGffHg$LK2K#irv&jb=@sx!Z^PS0=mF-{ymykRuKW1U*P3BkF;}={jI=@oNT@HN|lCV6>;$VLyz7;B) zC_@@1w31@~x}J~Wn90vuz~#?}zqEHUhSj5!6v+AhRZ0VuK~AV@5g(uZD^MAl-<(oD z55CN?EHK=5yebV2_Kyt~pXi=q`Ug4Wo+l)8!dJ{~j#BnX?E@&%f{ijqA@PY{w11;q z$W+}g(u)qsKC2Xjj5It?k+50V@2O}-ANp53Nm42pY5X(e5_MOhh>N#;XNw>q+mCR% zBI55aa@qnMvgfXB`)U~R5Cwc3DE=7)e~pVCsJLbP%4i-BQjT5R}nY@U&UK^n$a5UzjeR`ssaLJZ`5 zGfXlp_&G^o_=&^D$STRU>L|gaLx#!X3pu%b1o>MDYC`-zwZ9_U&G*X5iIxUAhSW}6 zw23pXT!{7DBfoQh9{uy;m@Qdi6@>T6$Li^EcSO|T+$^Ctg^)#!_!L6XMbWU;}oE;-k7Fbhg88TaWdZ=VOLF=uvY zl3=1yC5H=6|Aj;oeT53wYOq=yQWxQbiV;?jX&qM*%xLOR6m?44rLc&s_cl-o10g;pu={zFk@B}H$O;L~ZbSgKImm~+7)dY~7U$6~+SkcCBLUdxKfCqBxi zA%*)e25DTbNYl^z+#QtCg|T#GSmvF9LJ<46OCR7CiQ0`v@-#v4TmZ4dv&6&mz4?ZQsz6mH1mt|65 zw*!#C*Canuv6QLhw$59ImT3=8Tb1(_UkwJCCm@;GJ3KmKj$j7l<^7_^3wx!QTFl0N zvhPQ;O!6k_YrMi2%L{l|0h{X=E-YGYb3$^QbaA1yH&a3>1)Iv7CC=F{X)Dojk*~+t ztm*Rm|9P$cjUYI)AvZ4E>W?$1J49Adu37r1GRfGHFA%8~X(6=2%T7dFhaPCc{h2Y# z^V4re43q3xf0+-j-w+Jr94aLk25+Xegvb?I#wiTS6o!CKxjC|V+P*LoO`x99muz<{ zs)G`0M^s#ncxW~3QY_<2mc)pGAFTL2lvDqhA>&1$Bo>IUy zd1fvwUWL}BnlE0nao*;zXjFh5{CKkT(&mxFa4KZ2WP_8?r7b;p{jacOX&U|Z>=_-F zT3d+0yy)nb9=0N5zy@q<*0*4?y6q6%gG<=H@9T@xk7+l?A~xZlB)X$kwrID*H^3B;A>>k^+|Jdwty5)v z;@=|czr___UACZ0X7@tv3sxz6)ol5Mu~RuGjD470JNI$WtQbEBZuCN34V=9>Y4AQp z;mHwjx8XPG^1B=7@Sl0f(ZoK(?$9SYGwCugdS+o^@|gP;nJ|3{tR#`49zq-gXg+P; z*f1BTVQXAbV$Ey}82=1=LH0pH=18HvW2?^==ctCGXONq!3$1NPR^av9`B&p7A>`LN zL(h10sK_^@e+-5On7QXHsr}2}L)W0BTHfc#9pqzVZY_-Lj3O^7zg4bo5iaP(dmcp} zo|n6e?N3@#9z0St6lwy-Q5*9gGEQD~dfQ(#%Ll|svYBBKY?Qq_p&N?9gR90M^nM>Q zk$0ayoZ=0#5){xOg`}&!fq9O~9{`FjxC|5QU?SIl;mxGynj-MX=-~RVC z8z<=q&Hw(u|MQXkzrpmo!W@2pSJ(G;4^99xB%4}$G8hKl7gBmjPM{} zCN&5+eh)uAo}L5m1sjqi3wVDbNPs<3!uXvbr+~YXPqAxN*P|EUP6QIEqXqWh<3zd8 z+uDs&s)4}QFYB02B`q&0K?jVC9S|uS04Ifx8VLCHZqw|_`4~0W8Ls4e7kAznc7Ag% z;o@?W+!gFu&AA7Z5XM^e{|aP|mYSeG=DW*_eiO8!OJ8@})o+BInNV^PSr4g9wP%#4G50~3ji&nU;V=P!Dxw4&WUEvP*;9Sm>P8u1JvesmQMvA@{R7C2ThhtV9a#~@b! z)Uis8rH_SEduS?o)xhZbCI8NhQ0sg67b1sndW9>MRTbI6lUqQGo~@r;D7Iska8yBC zDv)nkF)x-ZLAGee>by0@g%r{ESyBOl#hMR@>Z1c#>|@Kvj~^WY7o#1}nh$Jj8F)Nv zzda~>dH_FNmIg!o8 zR%Tp8{244tw_w%pK36aM?l{FAZR4Hx7aH>{akTZ(3!P9p5ZJj%lC#&qEf-DYR(Iq-Q!xr$5dN+`F783 zq2E%1XlZHlZaG}Ay7IKcs;(@}-FJJUynr7Z+^1!2?QZot^h^G-;}GT3<8!_;2=J5! zJpFt`NN1gxqCCb9A%8lPEf*b0U@E&X)%Eu46h9q8Lf6{e)Z~`4PJvQXw;wJPCg4Kz z`AMe)DoNvUR;q9B)4n*u{La}Aak&nicj~Dua_frI$dgwBT6aGFTBo|e1OpRHSa(I`BU7Oj47uy1&EG%s=4E&yrNyRn|D0$rAY`ZS(g zrR(h1M2Oh+u(|=<0S@8q8kWEne$kyP5%OdWIpBM}avh7CeDf-}1M(2$!PxEWhw2fV zT_HTufy-W0>xr4JH!lvJq)IsOoUZsj9$-1}_dfd`d`nbnMm)KwGG1|6R>FUZmEL%? z>tK#|P)@GdSz8I!nQsoW4G~l>g(%H5WX~S7dEQumS(VR zGMmVvsj@IKTcpqD*I^x0?7}lQ!MthV%ylg0?TjfEVdm&-&+BDQY|2~F>waCK)&Mn_ z;=0?5bC&SIa%pIEN+=mEJ!#`6o_oIwkWQW7(y^5VV+<5@d(YWtRc32Kq7?0S{?u!K zZ#no@y3|y2mg?(*?JmsJ6=Yx0iANa3&vIX`qx4k+M*nHzG4&q`aJT!gt=#d}oHe-Z zfkGzK2zq=#ds@YX|u)9KC(MkLi8v1z33AJ#+%z^UmUM zi#a^v$?7>FK}?Ms_((a;-z0}7=(p0RDJe>R;kF~AWd&`18oD3b6ANUqG&_H$<+H=e zXmk!LaTks?29Pu4~I%GbzdS4fKgAJU#K*8x!hGE`7^8f5*)hM%lE4 z65H={Le(37?(lXFqKcP8mDr|=i8uwKK29x#7Tzd~{}!oY6OPV@mDLEe}SS)0ZdIsI%$8 zc`mrR&0$LM%UOb;IqQTfCxyneJ94w#p~(iP33QA({fyGj$6qvk#>W&60LVBql-`!h zxAd$l&cU5oE(x{8D!DI}MhcbnmdDZsasKjO(zm8)c><#9M$Z| zkZc&>s7Mq>bHf@X*_j$)L<#@OQu3bN%;5rLSfxwb!FBcI{`+Ld2UyEpq<8uu9`U9K zi2q8@wL2v`q3ki`*VYoi8anDPM$HDo**TgBAW04X?)ycqDD)H{y5N%c-y0*@)sS=( z%bTygn9E8T*(=S&FTe4SO6@(ndT7CS?O{%0ZzU_+9_s(Y|`I6lcOYL4?{@frQ#rS$bqfv~P9w3J-KN#B;Cm>5c0 z`2xZ(spAX&Akt(ntlcT15_u;wc#8Ry>`|MK7_kZ0lxs)I<*mj>~=;W{ON=& zM5ZC0E(ZVl{G+ga{EVSal4`DQeGDGIzQC6~)jDoy&{loo^ZJCc)FoKa-~7P27N`@?n+okHZ~>0EosL((C)fLO_= zV_zQ~{=}~W`$tE?tLbyAd$skU;}7iB`};(Z<5_a**(fgVMpt6+>9=}bBr}&&1${@k z#pOb6!$zeJ=o@nb9)so^wl%V&4L-~)$@aos}tmaMK|h=aiv_=xFw=`$@)&#j1hwTkZRKomK_+vkYey_fni`=ohM ztZWiY$gWq+?VkE)j4IQxF5Jy_zVjh{yjAVt+O}k6Rjq;L-z*%6d%yWy#sXMb}nUe#frT8Fcv}~ zxa6C&Rn$`yb?8&?)7?v7*@dX8g5mIbLXuR_PuRgH%M!Ka8tWAxv;F36zhI9V^Ff9DD30o5xq}+m-9nX zj7UIC(zORv!~Q&;dTm2u-Dc)X_7+^59>%V>)8OZueZ6+4q1Wb{ZoG3;%QZRy3f{@g zcD&o6hCu-F)2=?KTXEI@si}z+#0Y+@eZPK1?sJ1SaoP?S>3Y1Zf?u{lVbE;fVC`9{ z`|}}DNX7N)?t?pM5ZA72q>aIM>ijz#tEtoAY%+wp_WJ}y=GAeZVEgSBz=}d}n;&i? z9brV-Q|1zt0TZAw_OW)V?XcvOY{-Mm0cH@7u z08_T0o7s?4H2rPdFCL7Rc)v@xq4F`n7$Kns@B$Es$4x7O*pq~L|W6ZP3)SZ;v{G$ED_MR>;k1zw}V0iMd1u5N5_9~UGDGcc(Yr= z&dM}e9^%IwcXpEPV2iqQq8X1jP*|PDV>IGAks3DJ9(6UhaqH@F-H?3KcFu!1A1}gOUhaYJx_j@Ev0KH-5VVLuzQ7wTiUT=>PZ0UUd_UwYLeUi)QC)#*PL z(ajY_(TS$Ks`C(rU`u{Z}aMq`mBY0WqS&^_C63I{oCH6o3RNy zSiU~1&-pAb{0bQCOLO`g-s~N{*3_V+T~P#q&!*+$k+$F9?kWP$Pb1-e3N3qk`|PmD z^AXJ3@;GkY4yc94`BLh4H$=19+fSb>iu&FMq&+oNVR-zt4%kZaQD3{-8)8jph(B(;t2mJTa@&=|4EGS+SGaK}1eZN56!*1Wzf1K^} z1FnfIa)V8MjxK_TvOi0l0Ci93d8RHQ)}+z}+EnR#!Z{ywlP7$X~_K$D< z&h)R@a9+m_t*nT0yf_LuZ!@=;#KjW!e|%`VPf|P|R(ytdBvQW;UiExLYhzuPxq`%mbF{etRqfb zJb!sU#J-~62;kZ7`}hb&fc(e?%(Fa$pDe@MfetPyg=|-#*QrgNqq}}^3A?U~1ISS0 zV;`o^W&dI|1Gpu*7Vx*$Uk7aaFC{AOo*JZ89*)=XKlR_E(dY&Kd_T5!kNu>km}p;p zy59N^Gy0kC&QET;pDTYlQ*-{O*L7^&)Ij!sHWC!;`A?5)6Ew#E8sZ*3L-}v-JxYfM zz>T==i07$mU#QSoCEyC*HC6upKbs}X{r>Nh|HJk<|7j3QQ;R$!9z7=;qljJxPpk8!8W5pO~`Ug$y*e-EqoJSSIu|2i7VI2vhHO z^dH{=Q6KQ4Kqc-^yCE)TWj)htvHVkP%Y z4b|Onx>8P9_$+Vg5Xw^X(HCJhqQcyKTR|^lNh1D`lfysx`3&O0pxd$BPQ}($E?Oi3v6YKy?+1J`g7@+-i*^`+_3`yZ|;82wIi0nKGQ!8!LgU+ zFiXgE`S5Pa`+E{{9n?j)9(0|Pw#2&k-pM8QB=XcynYAXWk*hkZ&)b>~M-ADf2?bf` zvnZ2&(CTOJB_x#_v8J9U1yT?Gtn|!wB@3@zEjM0lE=!qTv)<`d+DSO>{^`F{9=d4& zOEoaG`8rYvIK5Z%JSeV{+#P1EqOIl&8%wFrTx>;B?$E8u+$~!^n2ct;OX$TdXRM;V(1~x>iJA!=!X=QS2}Kl?*g`$ zj-1+l+Nw)UaxDC$(=96%JEkBM*Yy-N{n5%SO+LW&i-q&vYJAGgVZgk92eL($#&>F# zUm~a(gfi!j?z>@?m7EmRL#S9G>J-KqOODQYwmpg>5Y*kQ!Yoc|I-6|Mg|@&*|aTB+LS?L*;Q7;`41%(I^UiJ7lZW6GzfG#S9o%-&Oo z_qyV%>HV5v*5fV%Y3=oYjEP(0%KaHxPs@X9hKJ8zw}m>M%%NqOS^cRcVu}3DfCDLE z2U|WAAX)nRc})J!m)53$-b8RDpu-I|w78~h9J$9uZS=9g)5;KjQtMf7^K&qy<0>X& zf!)P+DAEx!v8|wq8eVRK^SZXb$0V-`^W27h?9)-(ovNn^!KmWtpMdLS<$iR{DK1hR z@i<`Y5miSLTDBKjNfCjK8^)Pvh><_BfC6Oxh9CVO~n->L%kz1Yj(LzE1KL9GpjMli?6A}gviWrXYQ;R>dANzzPh`1_e z3wk~$YVaL);K9Nw-l zHZeiDOpJ&A=+(=Fjsymm{4xt%6H5KGpjK?vJK7ur0TDxrO)Lg>?>TY_Rif#K{(zvZ zkp5ipcu4)!=yFw9NT^Uv$<)WdomwnP2r~mV)?i~nx%c2ex0}S~{8A?`m#?}~11&yk zV;jwCr@aK8>Zb7onTHCLp+7n}C}xYL%8s&e6jTn5!>5&H7X<8F_G zkC3(CrX4xf!;k&Sg=O1K6e`zQ&P}6H%oFDRx@TB6YeSXfgQOHN5#RMNqSo5Mmt33p zWJ2GV7U~y8cF~{=MU93IpYo3X*v9|9I7#EKcIb`lfsJ=&3;O;P z_Hk6}rvJ7i36MZ$kd<1}Za(RExrMl`34IvnVex~SjPznld~==<;xSoRc_?ws-VzJx z_&|CPjfX!JBhx!({=+n9M0U~eIk@j5@%)dzd>4KpRV|W_qIry>~Ql>ljJdN$_ zv%2~U47wqwHW|JwZBZ1|qHUb`*70M{zc^I%4(-1an8uVJsx2Hdg7fdO1Kc$gz%2QI~kSQ zJi}#g%j7W6REvlNIvMG@xD$V`qoCaV6dU&<34U3{)Q_*qnZg5XO#edO-4OXbGzX5}ZJWwaEnrD@!WTV@|BR5bGck^2 z{5fI*M-N~~N4!|8fB7%q;`{N)Cw&vOc-gq*1kXspB$FAB>V7^B0X$9RUnr=$np{+i zy??L1KZ>7r&RrGKGuX4{wdcH_Ew}gsM(UGgoJDHf$0J_K5&pRC8A7;|zH5R@APIK* zSL;rC7~qBeo%o$;WA72h$T&WZx?=M}&IP!4KDF zRv*GA-;Dz=2T5ha1ECM8gDC9dOe2whkA~;oIsZ~gKskK2SlhXnYYM*dJ?i9F>uvn| z@d4t7vy!x1|LwD00)ch*Z?@v0z~j-n8qyRX&_SAddz$&M1nK;(uOpN`#sAjQ$3hS+ zExOR0e#;6WmAm^})5Fb~no3+9xUDpd`CekeMBqq$JmW$3hd+p$GdO@dI&3SUob*bn z##WR@&sNcjsy^}y`y_u~$>|JB}ihBdjZ+kzBDiXuppB1M{%Kqx^VsB{UTNiQpu z0FfGyUZhCx#Spp_5fG6kMS3p@AiYFDx^w{nsovZ2pJGPJoAL~agFW@+J z%PFS`K*Y#!yX=qIvqvBR01H;t(#~g9(;0#ikeeoqFy0-q#k8K?=ZUXZ=Un0Ok)N9G@T)B%tkEyQqr)^(J{zoG?lEb0RG#&Cx}1^E;-3+noD?6fIGf4F@M@*|?-0mtDWh6CUN0(c0Fp zR9Sr(3~B?z)=ogDcP5VBm!ZLd#yanDE}=!QSWNXIROdDYZ9aD~mLeQyuVFgHH_oXy`_;jv zZr(35ij%8Y4JpXw%ob-keP-WttDBXVY-^pkJYv7>s;m|3xqC7{_u9+C$QmF&+}4RU ziWGP)=4vrWfRTE9as)eH`ZV@!Jo1ZX9;AD@)#a=FVP}B(G|0?%Dc?WUA*hAh!JBTP z9p>5}MqkIU#c1|A(~7zTxLJ@pKoi;7c5q4WO(S?g=t!0dM10p~A3VhxJ0&_0Ff~HS z-RfO$+J47b@WYn((S}{DuX`7YHIA#SraP2i(D53Ss+5;xpGGE;Y2VADt?k}uoq?GG z1!TFy!bkZb-Z-aB7TsE8y4J|%l2tCSku(0{v`mJ|ohSwHZLKm3Z@BJ!r7hTTE{fx% z_9dHCj>KSx#jdjUN+!)pAz>&vOrhqiQwk3P|z*y+XC9jYX ztrDIDqTMWG8pXUy0wpURK=j9X=lQ${PPI&;pToOW;KrXphlfU{p*g*{`?^*o2v z#w!y6j)sTX)#VhAk7s)p+hhc7K3I2L1@<}X3@5Kn6_}khA-r-iKqKJ2!U*uP7qd?= zDvRUIZHSy%?@$|ed_*A2604fFfdL1r;bfI_@{t2RD`_4XTX>79xty8Qk(T+`m@A};ty9Miy; zQ#Z|X*3E~`{+tkvPN$;-j^vnc!#CIHZ%tGH3g&yRd1qfoSm|oK;FE1^o zeh3|+nmmwm3-=*a6uf8P)#fy$hwvonq<@U-KEo=uSlQL~ab*@0-QwK0IXbg`a6=1O$jX*vON& zP6u)(`8qy&hXUN$myq?WG?SYYd%1sKGR<@Quxey?cPq`^0OU34@=Wmq$7_j)!;`Y3 za}4N}6=3b0VLxzx{@jGr~pPmpEhmrtN|+suhZ8DkBrGyZaF@>jY_Bn6~Z&7tzD65zvdVrh^f4s z;pVpv#;|olL+;S(nFgv;@k35iNe2yWrgeW~i;B9W@~!GT9FdzW?88y2dB-j?CHBc_ zkdUQ(Q|T8Qbc%YM0|7>6xS9y#zequ0X%0qQ`Q%LYDWYIo!q9^eQB2oS z{fRAUnhxp2DbTM+hO0t0rYPJLn`fL>b8?>4ygQyH5+cV;4#`Zu2#Dh&mn&PtB+gQO zjoWI#T!3o@$aUt1)iJ?-Hf7&N6;uKq}08s zd36bBIwDfPZGGLAv8WAJ-s)>BJ{b$)Fim_tr%qNkxKu^~m~nLeUNwn874YyOr~N z?L3y~H8?(M6;gF@I2{bnXQQfiD`>Lzv9~>3hZSU9JaCU@c}oEgbJ$6G0t@8n6$<8)+5?B7=mD;<|LyAri+H^C7HZU|~i=Zu%*Lbn*c(W>?Wf|osl8PIXvIA7tOq!i}LBc2=ijp5k?^veu=uLiPqlY$&?*N-o1bjA(l2LZl5~JGx9_upi9s5k&0Rc9W?2yx4Lk{0re@e)1<qR4BA<<%A!JuaNqL6IOLl&mY+_St4{%T?`)q*9?- zk4MG;=e*>X0tVfkE8aizh zPh;YGbs6U(Ax%z?1j) z2LDjWSh0#fMZBfW$Cg4rHMj~Q+TWkJ2L#pql+t>rGy%WVy(z-0EB{5@GkJEpRU=$a z`RlQUO#k18c-;5v$$v7|=TE_2rV~Hicunwa;2_T=oo4e(H})N4f6e{Ed3)r}baj9G zK+N_BA-v~gmzRX{uk}6x9l`v!ro{;cK1_v~?ld&ueIR+VG$*UoQSi7Wk<-yuHsH#W z1C?sw3cCV+xNI10xzE`^&TS#cuuMnOS5yREsB79tnF%mOPV@c%#nR*AlOTeM;)^_Y zGb&3a?tqHaN4T%vbBQJWsk^Z>jyZGexdnJh#oVB#uG^! zhJqM+x^Lu=<*S&%))n-^0M!dk~D{~+TN&Tk!Ym9RQ1y6QgX0r@(WtS=a|-2 zLZ#vo*i*~B3NCWW>4uj$W0(;@-!75^Z0wctb0_KWVH8u1*T=cHIZS8(`W=Dl;*Q(Z zd6D4ia&?02k2Qs%)X;F2(DaW_xnms&=vw=NpTaIlEG}}oNnJ1Ti;nVijLUn)sdjby zf@2{d@YX8VY|_cq!K#gT_a8qbw6dtNf?Eqo&j+mMDt+5t!e086CuEhk;Zl>gfcBF8b zv0`hH6)dTN@H7KxdP%1kI`Vn#I+_laY7qS$R)s9&UA-Cd?%GFrpv-Vv{SOz7k|aB9 z3X&8v{}tbYh#L!3CfBuI>1?Tj&MK#PS*PBsD3o%kugvfsz3%n&&l47ebasff?;`G6 zuX`#wqQv|H9PXz~;=LfMi6DwS#fOFIgmahDt^=iNn}zR&^Fz_`(4_>tHNZ+ld;PK4 zAPkLm=FLb)lS1|{@%X;8M01C-lnp$L&BVCJ6>Q3Vr7{vhxH{JIQ&gZQJR_ zwCND9StS(QdYwP=P_yx^xrG4DNL3x&$uKy?Ym>Jx7VgA_MDRU{;(fgQ*5p!mciyWf z)u%h7TH-**&$Bn1)nx{)ZH<%&=tBKvCRZKUJP>^8TMif%W8I_gX}WksSsw{M4k^D9 zl?aYRmXM6Nd=;>}r6FDBV7S6{KoJ^qtDs|hR|^RYk0=O|acmJQci8`o;c91x za`si+F5(6Ve!Bf|IfjE{4>ThD%rR3!|M>i|uG@g%G03|3g)+;*6kZA7 z{cUGH#JjNyCY7<$_WcCH(wF#RMvcSiXm(9=Hs0A4)wDDC_d-Y>ldoDE|AQFYt%}SEqO+6RpowA zobMGi`6W7HQ*~Q2GvE^cE#4&Y{-@vc+9P@<2&doT-#2S)&@s`K_OBhdL5VcS%07M> z47kQ!Ho8ve%cpRYHB~Sj%`?;M(kU}k_)pdyW(_}P7?4N}y2OOM z9e~u6nyF}p7f*IeP(pA#{K_bKW23G#F6S}|B8*|edm6w<7nPo71wvP2CAAju%yuT? z1M^qQm?wRlV*eIXf%ZpBLOhRvkpk?oV$)#sfwAhr`1O9>|wNQ8g2GR#8NK-!(;9(fgKj_fpvQmSTyNeu-v)t|D zyS*1f!^GvnN?KfERmF+NO$}KTf8LiAOEsuER0^$NsG6Wy3kidADE}E)K_IV8I_y|l zZurp4Mtl)X=y9J5g5pf9vxeZ3o)A|%v4EIvT>5Bchn3#$GIH|2&mmv6&^fZyEJ^c{Hc{{tFw%T zBV#QRx*%J`BL&>Lmp}8PSv}c?*j26mJ6BGn6noWwfm+%L;}VE|)d~=q*91w5P@-2zK&%7!#JP-U+_0xy zXLNh0$`lWF6-8aXtCJ-UQyiPK+;iWap5M3hq;54yTw$SU`J~0QX1)HQh+9?qtf63l zc^&l1l)yTzqCG~xTRyhO%f(m5sMy+A80_}AKl)a!N2e3bU?pRkyHELE+efw!sJ267 z3aVmiwmP~>*DdayAs(kn!7=Ea+tPf!Vc{QzTB@8)_it;a6Dn4w_O_`imoW!{cxtTI z0XYYvCoLTuHm0>52$k$u+D2vVVs3p_@i5*9UQ9-QR%;ouJ$X_V%YXlja3~p6I1g$(c+I@s{gU;Mpa$k&grJF6Vk$;IfZ{wO8#qrt-UCdBjx%B7Hym~q~j?So>bk*IDHyX?XX|wnpaOd6*pO%U3tUFlf=qo?egz$Ib&84`VRv5TD&OEQ9#3C7o-isyJu#Uylh z-%l+;6y((~K^2;)K9+Lh1D*5V*r>mM-dbFj3H?(?h0=Vk)q#%R=sO1BHS+lVxtn8X z2o8+{rh)a?s~dBfC4OX2N58N$XX1{{){MKKy^sd(yy&q~vp0TzKmid$1XwaMgof1j z*~Ue~prgwHY<9#tLX)4g;Cx70Y92;K$;|58rl|=XxaH~N()!cjt$eBeGJD4zmt3*D zo*N6bFwcAqCH%Y#yy)L*LyBUrBu3PhhBL!@$l95tH&Ryu+qS~c_6n?jbV(xW2BmQ)}9qpVMXFlY!4<;=D?shI`_9&K`C*m zW!Me)9Ywl%QI^f-=*NbwU%K%16*{IWuLm_XEmg46aazS_(k(@WC1j2^id;gH?@cjJ zp^>%+P1?<&>rH$asE!s}MN(akd)mxm#7n`~sIyHEOq6GjzB_PoTzG1cNhJxHa zA`QZiP-SiPB|P3^f-HvG0Or9YV^YVABu|a?h(Sm_72@cJ6U{PX>!)EMu<954Lq!Y^ zh0(af;DWdE_)a~wvvB<-mNRYhWGek?9u z-|rFI7P_Dq;P2?=Umvoxw?1<#Ba`u0%CxcC2(TyM2{*JMqiY$~8t2x^EAI%i_RJ4~ z+Ce>BVva=zU{dMl&KOa3v`s8sF%}yYh{*iZE4+^tb+giPU2?aPIw)k{`%)+u-<^55 zo0$Xi&$-~as4003pgH5^{=%b2k<9BWjuW6fL>vwprN4(aitjvK$v}g-Z%?Tr;vta zhA2M-6U^ix>hZ||Tqou@M6`_gG7mprLoA4&kxL>XV)3$`iV=Fxk#T zPl4m?i#%sDEZ1i@y9ZNj^{+)PL|Q~gm?j}faZ$XOE3W)}-f{Vl&)=Gm{(DTt-u?qq zi3>t*DHJx~F^$#cWO?xI$O?aRc5(4Q-5nnEqf77ZF!r5O?~g>+X#lJ#>YjA|guc=n z{{XMbj;x4rDa-i%+d#Hy)i++5e@$HVP1Nu`XgARn17CGBe?r&ZmJ?76SRDLd7VIXeh_lrSOg#7Sd`1mh0gnu4jyS1Uz4sWa=g>P`?UeKH_ z>7+ez;3fG--oJLk0k>kls^npsB01~1DDwv>`v98Vx0ncQW;WYPJZ^3Do4a zOI!Q$Hk2me9T66TNXBoX7q4L#1Z@DB-NSBIv2%Z=b%FM;12?cfeK*=3<(%!B<0S!$ z)e0Ot{u_M%SR%mIZm2wx(!{lA4{2|y@>_6$5i*eb0&n-q%V1gn4rf*H*-}XlsT>>2 zG;S14{N^>?!~D_^wvg|o!48JC<`0@T->I;EFenH#mm*f}pQjsC@9KLGprEmNF(P^)=sC+dH5;Ge7mqB z859|w6rGz6HI6UEsw`}|Z23;ioVU6UXIM{ezchs=ThkgoWTvNx`__x!6DG_g`{Y2) z4zk5!YZJQA;a6%Fkw~AT;o%tSF%VFkT`fzSqQ!*for{W5fmf~?WifBg?6o0a61CO= z(cAED1!$QmB8_I%?A{7FhV^26JfhXsyjd=M5TBSYnmB#!ZWs394 zP9mKo9V%`uJ#8y$A)3o-F@KH}NasC}Ao`8CB6Z%rEH$;4Nn!GG8v_F=cCkmS9^|hi zjfD|%!oGKG5a0+JZf5CZ{_M;d0hhXE;d|M+j)tzN{`^Ox2A26uym8oyy$5w)}|1TD< zC0=iG{owLm?FhIDh!=>W)lJ3(Hljbqq^ig1rX_^DCe~a0C>I*d>-gn037U~UeS}*_ z1VZD=no9U=MstO4s*l~s{>)Pyl~qwdC_oOOp^>Qe`vS(anms94cCN3+##f{o+K8Cl zv-of~QGjzA{I*DF?L2v}7|z?yDcEo-eAIETuFIFvri__tXAFgClX0!mgj<_YKsJ`3 z{;4*oBF?BZ&KhYo66(Em_Ks-NZ3Pixf1fW>W z{T|!UB{#?bNu#B_T1`@AK7j9j9lf6{z^HSyd(e_k+7hY%3(`9 z0>WU1UDjV&UcTd94Oiir*P!}cj5%1)Q69tA2KwlqN$kp`=OAk6xr8asJ@&ZN@56&OH$<|gN4{?XVT8QT?T>hU0-f&9> zx@~WE0pKN~4;3BJ55-g$k~-KQag>00A}kk5In z6_UyPfJBv+`ZY=Lnqz6}b^Jkutfk1+K-1rx`4<=8TSaAbQvC>89ll;KWro|FNRPs! zP|uo}MU&gc_*-(r)d+K9+Te#jCF`Exdq+`nPI!UlXNy6(Oa63&;L}Yn$<@H~gWrA} zyppZ{71Z$eJXgIgGzm}tmU;|W4&1rrUKaf`oGJ`#ezN;-md5}34((s(Eq|@m|5Kd( j-$DNQa`J!MJ30F?^D0#5N-)140sg0|2vsP32n+f@%0&i& literal 0 HcmV?d00001 diff --git a/docs/addons/mariadb/auto-backup/images/sample-mariadb-3.png b/docs/addons/mariadb/auto-backup/images/sample-mariadb-3.png new file mode 100644 index 0000000000000000000000000000000000000000..3253bf52f4c3d1d679036317179ad506d79944ea GIT binary patch literal 43310 zcmdSAWmr^i^fn5pgmg%Ugn)E+sDL0TASE$$cXv0^(k&%QH`1L0%Fsi14KZ||J-_q* zKfl-caISOSx#Uu353`^B?6vN7-)r4F>a(&e_Dk}YNJvQ7pX8*~kdRPTk&uuF(NTeS z9`j)2z+cZ@K79Iu4!nHPO(TK-lex-hyQ({wyLuQon;}`)JJ^}AyO=nenc2HoI=CJ` z>y$u3dX4l+`u!Kr?87CWYzmEs!Kc~OM$z`8bCj&c)qxMt&t0h1eEE}smLZYPUu0^A z{*<&lVa4N^TrGZ1gnk=>dV2N7pt}2*BvMZvsQ@{p1YV8JLjKP3c_*J<(Od1z$<*=7 z)D@axb3vb##v-DXi9wSTQ}gj`VT%$o^_a|zM1l{z z%IIIL{&&!=2uTldq$rLkFeVasO(mi@B0iBQqK3rr->=KQ?2puE_8uNbRuq_u)&zF2_}}V0P>&C=rbd#Z8Hc_ao;^Pi z1^eX`_`fyZ=u>;am3^Fe9;+ntJekor()K# zE$p@^35EY6##{YYNCR#z$l9vt`FHXxU3tjYOoiC*l7e|PMfD|LSlB^At$a2!^=d9= z?Io#X#X5E7X~dN*r8P$L!ISkPJmgsl?Cjv;5_$62I^tAKJ3AT^-)2c9|SQ6 zvw%f9eHDw<%Ie+cZ(uhiHNF0s@^!#j?O+KrWMJ5!pxsx6va*V?uj8EJ&5d6cPF8~_ z%XN6=A(<=({7S6gbpGG21HcJKcXN41_5{J~;@Y3wr;FLQ+_H3knL$shw(iY}v8SJX z)&Jw?uAb(WUo$nQ{rJRtWChYiL!odXC$8_PeCeoWKJ<#Zi;5=>C5^OPi zeCZ@bOGe*&<#2;Pit2+5)LUC#lT$4RlLSaDj4;bt0D>NAh1EK`L7mzB6p? zSs8DzG(Ghps-egUnpi!OwinzhkgiNRI`-YhA>L_1>z_(a@&RbGMJoa~6Kh4pLihT1 za^4@7Sa@AB3dWU_RLzDA!UndkHjXS_u-5VojoR+t4%T)4ks~6>Zu3;g#)r{oGcWCb5wT z>nUuFu;r<1(t z|LPM1#QX^*R2)~IPn`p?nXeg+m)3LS0ClJ zUY6^(XZzTLhHmO~4VNH`UWsS{Z2=@KtrJ~8$DGRyg#O!0gR4ih)f}}Y-(T-eb@beH_0^w&_y|J8lw7KJW zSrBwvh7`rClb8MN{XwJu(Cd>Fifwi}blWEGh=I_&nK%X3^)b=)UemsvUz&MABBh6g zh~*ebkPF<1H}g|*(Ed%{u&QNNh}}Xp8Pb7VKfxBPTx{4da8Awj^B_|6_qiR5^fx4JN`?VwdM|`IV*7HRjBX#B;nuAhgQZCf;df`B5z6( z;+zgD1o5%@hZ2WG`_A$z=w=AgW_P zF;c7Wv*Se6#RvFfr=^+Aox}Z4HnJ8riRz&292^T8W^%a*HQ&{+(z zdErxgJ23ez?szV@vHHBJvHmCnx+cE*ot%OK`sA~)I2n?1MQN|yQ7s-@k~&#W29al< zzVe&kU^iImXl+o~p875Wt+~1+?-|e$Och~JWqGhOvLgR(__6FZymxYc66TWG`gUai z=b~U1FB%cXQGWoCz$zKyXiYrZ8S66N8s5Srz0}Ee+9TlEL$BPY#36Lx8}AW@SX$c_ zl@-HMd{HYcqo>we#;mP=)YK%FSk(y!oI0mwgZy9CrQ7(JUljKZNLjst8In=YGh z;zlwTZAYI>#l>C&Y9ut-1kdw(`Q^+EO}_`)IX?`Zj5m7T18gPyf+(n9h&lJw3 z_16iCE)&Hr>Hij`O-u;c>$aUYYSAselr9{kFeC1q&yRvHEGd_6jGNE;YOApd1;)l@ z9EGd4_hyKR*(TKe?7#e1@yeAQ-X}f;r@UErTE$=-(%jC~4dY8R{9dXXL@c;WZBYCl z(R?VxceF~2-*ECv8JtDto1A(+GcW^}WSkO;JtMSQ_j{@*#I3N9vX-I!pVFQR{~T2hpyK2h;t6fM(~F4TP0~ELB*<$P8l0~itai+e zeY#q9W61R_9raGjTN=ApiQihfazEWDKF~frWGuI9P3IXl?A}A;IXJ=hJsYe_^m0;Y z@_KCh9aSAbw|B^Rq~J+S?Y$lXjTyKeK{QR~ep=<$P% z4J$i4d$!w*4yD_a>a<&~&yny^=aWDDMvVUBx2`ScwX+*bTifS`YdvA*`mL#1_J5)< z2pN&8tssmX&8sNmVrPom<2j=_9?QeEW}|-&pQ2eSSHXfSo4_~GlE)g?%_C{IIKLS- zO=_^2^8b@Yz=Elytd!?}F{3IW^I&c}n!bO}F^m4_n_WY3$ew43Ftj#-n8C3mP@ zxn4`HLaurlQM}}%(7|k##r^f^SO#x|u*>$B(VGL%lSne75*70`aGZ(>3( zkQF=OcjPjbE8hAw9BCF5ARa;OZK*__rteN>Gh4a!8}z{9vOTs|5JCN`tZ>%AC)Vev zB_a*vpFt(+&gHiMWnBD9PXeA8k97X04VJy@IsWS9i=#gW90s0iFUZNs5f=!$8PO8j z%@0BPHFyhpx&Zm^tLOdNKGR*fCGL&D-C3}yda*hY@W>17ZotC<2#ZSOyGfjIIA_4k z=r?kHYX^-{35b^H{aN1A7;sA#&06CF?l){#I&v)X{2HOI78AK(ubmt%myUWe316X3 zV3Y3-)8d4;(}j0;CR!x0KJ^TG+f-lJyHJaoR_C z4^Qi4AjMjDZt;XQ%pzjZYp*zsRLqkLCnDtLY{#T-{+HXu%|t-1%Y=9nBQDilW-gqu zmT8|LaOLp?x_CO*DGZ+O(~=O4vv{ltqj~t#RdVGHf65l<_>&72j^TNY6u?kTi)LcGM#}T@sS#e0*U`-sM>#wzwxOf7sC-z^ z-?Xr*G8=1^<`71l9W`-Sd$%eV8Z{Bmze$QmxoGGAgFXMWHDC% zO5tt+cd}fEDGLnWpm`!Kg$$EfWOr|avvmHrzOCxGWl5AXeK+Vi{3Z<%;WHJwgAZ3L z6XDnt+Vz&IZa2}dSmzpSNI2V0P#oGXh|#EA@d%leH-G)EL|N@80c{F)-e8~YOzf0_vXlQhatL@9~_;zGaIzPU6;58Ayd?uN^9C-;?(3GMIKls;8s1?Ynv=i{8HQfXmOZ6UaZF`f+~D;YaQ0K!bpk3Yd%Jb00YE@h{4ej zP$GH1hI^NCygbgHD1O?3wu&ekIq^?f!o0FB6#;Ze7XFi_2aWoDG*5yciQ;xbanE}^ ziHn-Vt#4F+yL$54yCt8@xb0nMRZotx9sAJ31!u;8dBGjBhT6?fL#mW|Tox^n7I{CO z?Xf;~_Xe;LWIFt=w866LqV#&lkBjtl2EF($?|7Pl=Cs=fw>RC3%w zSH#Z7c-!D3ta`qu{l4pjc}RxaV;Opm-7nZc9oYbSp8)}p>9jF$x^(QH)*Uihs;I6` z*m*l$rQPn$4=Gha>*B)FtTF%}2R!*G3vYd=z7jSWz{2X? z!z2qlpspe=Q=?7!mz&yUjC=Z_{c^zu!1yG!GHEHPXT@q!Tcc?%K=z#VU~*Rb-Z&$Q zQ6xUS&~~~>AY2Z;3rI32A#dTS*D%F_f z#|i-uJQ8SXXvi8!+J5{-+6@$r-+8mZy(Cl-dv9Z7bJ2P<4n%U}yzMj$SM-pJqh*ue z@iac*%d-=pC{{af$#=k0s=gfeAa){(kjcFz-R5jN%K?7Wdh9%-V{tmH;!nT~VqOe* zdT6`Z&iY>g9nvIA7ejIdEKuAdjPaWkK2+J zI9iGnIt;w`-XH>&@EV(pCsgubPenU*+Cq08bUuXxrS#q{m=>7LDUgcbv7Y*w>9#PQ z7J?)4bI{J`AZ=>=ptSWC_WKc0lw(Y$ z^f{~%yO>gMd$@$^x&D)R*Am;<*hug)Oz5QRS&(zqV>hnovz1%T)TPpdx_e-i#EVh`}C?AJtYs&u~rN%>3$F4a9QzZ=zuSRRD*<$RVjcz&yEGeE37qb}>e%}1o%PlTUveaG-B>JxSC001Q zq`JDg^MBj`t^$9_*>Oz=@P}XS+lYT1%v5Y_CaY}k7RFb`h2u^Et55+*O821T<7wt` zJdp2fqsHJ&{^?_Lpwb4RQ4ax-UYCiq*<195MdRSQVb)+HjKrXe4{TkHwUu8Fa~O=H z;)fnDwh)fidIGuN1s`TY7TQdZ`ZcQ0K>}^GqfZ`2s&+fj1c=L?_3C1d6pnBxBJu#F z^}lLesqs29FHy|snbrbP^nw2xwHgZhMj=>PqK|a#E1_AbHw=2Z zo#ogQ%25u-p&9|8Xqv&wuE-Z}LRJ9M_%TlVk5lD()GLiujoSpYP z6B2i9xZ>w{gOo0cZl8And^GO~#Q^Tp2+8oNXZA*%XeH=>;^+?jdVpONnN;+byOzmE zoJuwaT=&N-kK>chPMhP`RYIj1r-gTU{pyvTWw$HrU@5QF1*!Ra1Fxq-5%8=)_@$W4 zk3uOXfm+iw*(mXQV$6VBkyt4-r_A3`F&&P0h2h6f$evL2zDWEA53&W6Vr&WlBrfms z-OMe!JZPhX3xMONhjkNhfFdWoz$A8Uorqge$r7j#!EFQswRXPIPS=g5MK8`#NKfDY zVprb9P5F#lvXOd z+OQj?viKp5yzAP9`9F*_#&C9@=c@YxmpM zx3mjdd84AxHZPYZl8{2#_@haVMSH;su`?{7RepF?hH05tY@0F(+P zR2C|@ZIOIX3;3CH+|eIHGV9xMP}%zHX-WT~VJU2P5fw*hH89iaHGqA5vXoBGo0i-u zj@z%O0gCM9HV{a-+YwzU8-K8a2JDDolk-Ia5Q?&;+D~EM9Mt*raJ=Yu zwe(E5ZT}I-gX@3s{(V5YrVG`Gy|M=C(fyuEz^`$tY=G%YMc`}=Gv!e_B1!ypb{3+{ zb{=_qe>>Y*nepqyh}&sh8X=KTvB~>({}l=Yir|+A?}G2K&x*V0BzlllSliicAF-H{{Yh38SrjvNC4 z+t>QYEQby<2%nGs^88RDee0Cq_k%WA!D1Xj=5<_DIJo)XG}YHTZl!3|0x-jqffXek ztYzR8hKP@L>WRmqQun#-MVAS)g?g*$iDxZCkDE-AIytO3u5X_n&lMgD+&k{JC-Oip zOl2mzu*$~;e|iznn7hT%VhiHzD*o_fevgrGT$<%7m=9#OA5dlK27&wm&F9D4o!2%_@x-x`x@ept z3zo(C{ZNx*FDPUU=Zeb|`&NdQChHh~y~~C42v_r=uWw9Q`QiNVba~&UnMK3+()Vm; z7Ri#_3CSWy2=$n0-~>_4s;ze3#cVt)g%zZe7I15IC&z;tQFX|8Ownl`c4ddn z>kb#^{oCekiSxJ7>cFRiG!sA_a00eB*ZxY_Y=nps2Ms5p5ZaQ62HfRjCY5dAh{@e0 zj5NG^b2!<`-ae0q&s^~aTZGEtZBt`otressQ!u+8c05EMzsZ|-gY{dpVjaM25+p#x z(Et!c0ld+3d{qa)NFyK@5O8jNvH}7~408w??skSnZrP1Q7MRC%_ittd8gwjAGB1%{ z7GUL*$S|7#LsC>gZI!8)0uuet^OesWb#K*6xPWzj{c25PNiFKm1{_8xH~^`Df{#1J zwo+q)CQIc;guo|2$&es09UxK8VBv*%Kvy8N3s~2oy+46gO6YRVBm;nb-9}s5w9$)} zwmRTMwE$(w6yB-od=vqM`EjE@rR(4KV>zN}2px}L8PmsUY&vRw$$dcl0lZLMXs;+4 zA@5tUPp-7Y8+ru*sZySct6ri=_P5u*#A?PCs(-Sq)j36Dz0-OONS4aWyPTal53PW3 zBQC2+1_OYgW?Io8NTozxmA41+0?qEB(Dd_>3k_x>Ykww$()N|0L2M^LwjZ-~=~_4Z zXpkL%+kd7)HdvLb9nWowH>gN84gz_{uROUCl4J|yuEmDTof`<}`va0sv!go9PSpK0 zOJfUZSMH8$Ocm{95C~F72S7kNz~}NtM)e>zvJ{W?-k4Gm^-q5TioBSQ$O?sAjp+rK z8&U%t7Q5$EL%dAQ5~)NLeAhxd92}^ZdA|8TD9{I2Hj4^n>%0z>bFW7~0xhIkDE&SS z1Fyw6KnQTw;zW<~wb>@8rlbMv2NdTtQ|E;64yFHfFO73AwxHvB6jQDLgLl#}13*s* zTP`b$(ma0=6|vLjxMC+rX?o5Wi28OoSHq7x(0)2V0m#5kLqOyDu3>_9J^W<>WxOMC zB~0yqZG@l}YY{Z#01X*79&(m?;LP%kd+Gx>?h2`COcz+Ej-${IMR>RjGp(o+pMt-56Ny4yl2{4i{VMX1DALv+a~cVSJk9+TB2FLR(x5v8<1=FFHu&L5ZkMh!g~J;qbC@>ao&A)V9tX zoSB*LGxbvy(Df}Ks}3NF`KwrMEiHH5i+oh>-ZY$j)orqeX|-Gxm)_n1`!rWBZ`2;SEml&xTq}HVh-2+>d<_yq0o}k(P*<+NrYMH39ndLw%cOaf79kDuf13k zXr_n#>ecm)!?O9HvXHGBeUtwgJte=FcAl5y!!;u+f7eoHKm^kx9ChF?YIX$nP7>$E z1Jcf;;mK;ZFTg{$0v>k)JXeFz<^V2Db2B8X-RwvUq%HD@%VFi8eHKJNfy!gC`(&+G z7|8K-K?j5QDhf&fa}d1;lFsXX`z;%wK^Xdh7V%L;D+;KemR444@KMgHl}Vv#~5e zTnOI{%pqVDke2<|ryIgg_h-U@(D7LWL}T0-iQ8@#Cv?OuK`F=vnBzzV)gBHAG5q-x2 z3Wsw4qq4=jN%aRmKT0oYnWJF&$2_hGq&n zPy-#`p9XAh%TI~2)Wc?J`ZG4m(wASPKEh!y_-+YR%-9~=BX zHuuQkW-BvcV`H~JMqy1wFd=c4L_Mc7E%(bwe25%5lwy?P!=uwMG<3^~B0w)?J_MKh zGEY>{mB|GTMI7Wym|7n&li=dXZ(iA@N^rgGTVy<%GqBsclgs@H?IYww()oZx2-<&u zLILq|_xOh6spj%MQZ7C9`P!Mr<2`cl8tLA>#I0(bbCLRdJFzdKy$NJ&BcM{!)D8`3 zv*^@kd02t5=P>M)L$uh$Eb0a8dlRau-~N}}!Hsx4K^90@l+;X(Us8i##2H6B3Pmsxm-CH?MHv#Y;`JXRm5c3pW}6DA;8Q49 z+4|}FP`nlk&?Q=BIPl-( zj;mH<*(!5B2BOJI78U?4Ql}-iSq;&{W4~jcZ$Lr6iXH%bR)ccpnA&rW&3?~)QOiDm zcP)_PreI7sBgFp0RZdx^oo!l)H0S8bmSzueGDguRZgKtgg-42-Fhca*-`O%T%(rxF z3@yg^bja{!F4}nPXdQx@=X-j{w#sdfNV)RwU)5n4NAb0wq`NaM2hs@c*-ySrh-7pO zrT6^Cm-rdAb(UdP-@lwP%CfCilEmI8mrueN*`hPX)nQtNgZOnEg%7usfY$R?%+3`h zZZf6}_Q1U^D)jZ=-y>2~@Z(E|h}pPc%?~MN{lGl(Wv^Mn=-1|6{KY-ef5uR!SHq0P z43l0jN#}A5P>==foIcSK(vweo?h5ZU8{8MNwbwCCR!!Pt3!{e0Lw|Wq)^P19b|@_G zZ7h;o`mhb4^ntnXK{w3hilK%JGJKl@L(&)w-Da#wqa@7aR3pFgF3ld`7rceI^?5Ir{O{I!?}*E;TEKiPN%koE_^ALbCu?^VdvF&DN0#F zo}rjhhvoXo^QeIj&2~s$N!>^V(&24p>*t}7{m+E3^eQc^ zb&oJ`O9@Yoqf1EkopCQ}n{K=hPGp#G3)_R^N6GxY&>NFJMWZWnUOn-wA+bJaNx)ji z82Ge84H^TEnRxX&9UM{>&`Iy7gpgkk^0J%HxX>2q(nda4 zi{9aHel<15SMx+4T<@co7<2uuU2-YQofe4)7REpopF?6Lq)$R|5c()a-ly@6P>G03 z@4c}Rt~+2%A?~(7b9VYcMhN0l7NZ`JO0sNwGC2c^({H97O|A5L@aGHLvX<;Y>uVXe*naq>VRokbj&C;pe>4mBFTAq!%+rm65e1k}w*7%gv2)Afs z7(P^#@`n0T5R)PsG5tEfoa{!u2SkRgHP4bQxJo^dNDbfEiz&$Rn0J4hn$ zH96-h)j>m_;6Crp50q1A0Ic_+mPy21Ekwv>}b)unPTHhcglp1O-nEw65 zjn9}=vk_lU6~;_5)Xz8J{^##~n8t&L{q_bC4w2don(bUZhNqx;#6bfdkF zUWdI)@~wF%f^=$F-!576ay2dyyfs`Zg?B-y=w|;;MhzKvEjZqE`9}hdv5a5nNYP3FMzFB-^RWwwui9*1a2JG&51wQx>)zx+D@H^b)bA;wZ!eYx~4J6(u%*73~Y6MlFO>~e44-i0COW|;(msnCh%Van4v;rR!V`M0F(C6RBGP!f@p z>)H&4Fw3L`-?JJDwOubY?mtp0aoi&d3ILaNxnBE<*R|1jLKcA_Vm>T zSmuoq3X@%tTK{#W_dYXSQvG1Bbe(()l~w<&xL80MB(JAC)*mHZI7dgj*lwrErqhyv?yiIhbw{T{YhIGkJub*jP^G>Ik9jvlm+=ihnuP0+qs@Qi2)tuES~T5obTwrV;PxdA zrD1`Dh@fwMexzS1G1#myKv0amHVS=D4?o7arOD3nRZRLbW;}@bhswDIdzk)AA76Lv z2(oAV&WwG-U=T|wh%NPu=d+L6pk|HOQo$Xh@yfrLx3Krg{ZpBCADN+(&xp9%?#aM^BVc`flfZYobqKZGDg%XUJQk>bCYbGdD50xI^ZGZ_Q&G zY>41Q-WK|wl-gf9nJE^JlD zbRV)d?8u3X-=jn+w)mH$q~ia~WlaUgwoC3Ig@eO&*whr!oIFi7*}1auc`^)Ja+*yx zD@ZjZWQGm~Nk$WJ&IR2P+c$vXOsN<_QA$RehSo&Y#nJ@KYQI?-8>cvMH$Lo=U~aP4 ziTw(uau5oof5k|ww1M8j&CR7mn8qnz4gI&F94+H`i{9+}E=ZA0p3gjWN9XFybJ_n6 zwr@9*no3;RydLduuQSS`JtvO*fjU2(9zTkJ{=*PNco(Qj4As80bQ~0)U%$f9qOpc? z=NNd)WHBj@skg?*VL|$;eb8ln^#kt9>12AtIClrMFbI0qgv{Bhb>Dw5i%2ILb?c14 zHHTH)?lpagmSc+-rDQbZ?Ha+uxZKInA)faP{f^H-^mgUd5L2);3v#SgW=dCm01&^V z=CglbJi8hk7QI}%7mEuOmvjEM4`ci{bm>dq(l5*%rfQ7HQ!pj}kQp6SfQGNc;4`t# z;_hNK?9nf{a=^_WYBE>*N6d!E$48i}g21o=K;^K1ZnybMTZa?axj9ytmWdK%B`RR*6vfv5+EHI^UJOc}AiS7e( z2e$o86u2Ada&6A#;Zatur0V=E$Qou#jSacf1oJXUJUc{kg(2 z>CgP4c9?WHTjS2r6L(>xtLsPl1YV2;~Ms~+5}AXZWa z8djR$VNpwaOrOaf+?$uu|Dgv3=gAEL#(#!PbizoAxg2Ur9EzKfpI_tmuzprGY{2KD zq(ee|jp(S+f)esP#XfSWB0<6-8-r#@?lkWMzIigp{Xh=~2Z_!J+%5^{Ab*zyRzgls z8L6>Nm-Xz3@55CK~d=-8CEM5Js~X~`}dV#0<6@7+DU33u_pIY z@jrgowN7+FM01qQhm8vtN<&P&&jBGSvRxc-X+R}dmn1S zpFv~6Qq0;6#JB{^sXJXh!SDY>b#jX%qx6%Wer^fifhmj8J_UYsz4}D4yP+&}n|HiMU0IAveIXQO$&$~R2XeFP_rzvD&*G02Y`4;s}~xB6Z$ z+1rNo*mqFRqGsS#Is($Pmrx#Wk7sZ`oHMtG6n(t`jpacq@@D|<&NZ0lGt*w;!HFw6-9rZ&iHufbO zADsNwzhzBkbUAO4(jGo?;M3ZjrR5E97Da^o9^%*)v(HqIBp{ZcYNuzI#KfK@aHri}T1vOj;jraXO6U}r+YGc5 zI%nSKcI(|!D$zqf*s1H%Hu2xdeME>eS?T&yd@D{v6{Em}75CNiZls z!rHmz`I;xS#p}>n<(0kfX-O(fpUj+z*t)o!gv33?a1;Z5gB{sorma|e_m~b{T(3*y zM2O$SMi_R3S_< zg)Ygi+5IFq|SLscpdMNY4k>;JeM6xAt9K8F>|$18v|2 zTt5SRt;Rsl37BRkBl@_MfH_AogC`7O2F&2KK)7zTt`Zd)bpVrnqFm_AjAmuaHo3Cc zsk8*(PVgA^0K5uiU!r$%ed2&)2qT<@#2Fc25>u;N24+g5*n*2)fc>E5qzBU`Ri;pN z+4oEd2{2(OD=1(B_I0E6z9^pp)2raPoj*o~nF5r`xPa_-mPng8{nFuL!`x(J(U`Ym zmlCu@(UlUDIOL{WR~ydyZce@YoF<1jlLLj8^Kwaa0kx;>dwWt*t6Ge*XaLjrK7Ct*II9e$F}yNw%F+=YGs=h#cYIRPqsBud&s%^aSfU0 z9w&w8;}{0z^xHBg2=3-SVZ`4*{+J3h0a-6N8{iwqitC~F&z4c+a(IKzBo`j(p_aU> z?H*|Uiy%pKkBHaSQ?wygeq~+#9=4%-8_l<4M&G^>YX5QMc3x?4_&cMi$J6vqtE1IDhGF*|`{bl8+ZhdK z^e#Nxg=KlZ*2U4*yf?zsQly%G+su)6jB)t-Db3@0o~jCd<)M4MS1NizIej0uohk2+ zOv;m9ri8UBcA&K4^)@dg7OUbY09_WDbNahk)CH&QYGdh)^JxODnDclf;GAme5!Le= z70IO$Pr~dJi^G66o%U@UpXBJe|0R`p?qSy81Q~R?h>ETDW16VC74%qsApa)u?L-!u z>Je~n2M<{8;uQ@{ixyKQ9rdM9OrIZ%w`&d5Z#&=o>JL|=-$5I2Ve2}fohzU`cQ1pY zGR75Bh}Xk{veVjkTl4lhR8}wKmz8t7+RDD%4eR>fbAHqZb;#WtGADpHPhG#oVd~U| z9nCZhnK^4~6V;NvJi-Zbhmwb3Mb#(gx1J?EmY5`}3`AP69opkcv_@$RB`FU^=^%fY z_9dSamk_(e@e4V9s`Gg2R$BB}f69AKHe)z=fMS$0^%}B{UWymC`L2lMZ^UxHyqxt? z3%m6&)}In3S4jQomV}^FfG^Y0VpD|AEcLB#GM4-f4?gc2-mFVvGT!qXf_|%N6bxoZ zO&xb;K%H<4EgT~LFi7daI$nP?fi+)u)7>1o=Dkjgj%d}V7weuOWhbF~9 zgvJq16-#s~XKK5r5?JNC#k%M;NL627j~DyV>*?VN;r0i-rXnyHOzhztqRp0?i_}_K z83&A*GY6@Cz9I7ZKMO}+RPH%q!p&jOCI`4&n--lh0e7^ko10O?SD)?q&Hzb-X%6%V zPaFKM1>y4o%tn^h*6Wq6M;|mamc0+ybNw!LIshBmSuv+ynZ>f;if=ODhKB=l>odTh zbQZ?xTLAi6XECu2yt4ziou_7J5p(4;z!+i(f4(N}Ms+ToZOQlU^;U6@Nnz=}C61WA z&#@BY%U=WeSySDgEcWeIdgZ1+R~Yyz2NKnMP7hu0+ZZobnGSSatz200r1Xmyb^9y4 z_LVyd#St^c0of?hEsp<=blb`eV=i{8cQEHv5kn+oD}czWZ@RF`(dnLFa)?-adq zxSxNnJHN-NvNy%or6q6v*S9D((__2#I`xtL3&h-PqkiH!oSD5N4i2h^AL!RLpE-mB zZYP$Jt?{4=y+IC>R)=9KqRoKjmHZ4VF?a<>p*qL>N0Ymn|is&5YI5b;F+5|W?BTzU_GXDfQbz2=Dd`ARHfa@$e$^5 zJG}^ylmbKbg%l=Nl(P8iEbg)~Ip8xYxmZYS$Dc?s%b$yxC^#U+&? z$G)stdv)f{JLRqtp1dzo0oOcXmwVdE=R0>xDQak`E~h@HY~p3{1g}&c;Uu!q7|VEn z#xNA-`uWfNYDGMUbHMWEuIf)~@{e>MQCOGk28XpNr67ORo_!rW7ph^7uCiZ z-H{BR_6)Na@JC5HPF~2%Pog~qzrgeaoY7u@Wm^Y$q`=M1EnCzh4v{&4?Gjn8De&&W z|MF;Q6!FNENyFEhyr&zQ*Gs=10V7gUR@Uga8&6-5M9wt) z6HqgMdFD7Cyn(&rJxSW;oqU!<;`7J>#j{%URKNk%_`gMmSiC< zk@1IHAG8hKjALdi=4|(eV>&+Yna9>+$HFL&GJ9Yi=P-NYHTTw@`bwPT+x*sS2_p}E zw7jwQ+=xfUh#UQ#>!qw`qPXW~-CnW+5D}3`f3EvS>w`MUNh*qupoxzT&28WGN+-Pz z=*S$lDj-}6SpxYAB84 z8|RVWbstY`KYcC}Q&O;Xoe@7lUu)hQ3JhbXXJB(FGDp>!4Q@4Ur)J7IB5_FcQl7QP z+Glm?UT##0MQRO^GKRNO-PU!Nx*uJdovv)wOo+ff?Yx&+)4O*%Oc_(Ee7a9ZuYY0x ze(B94d^>&qxq7~W**i)4<=?|OKDmz{q}M;WhPcKQ&+^_Yjc90UYe)Y2h2VQgd;$VI zK9`5Nz>^AqYe!l`12F3);FM3~ijNM`1dIW38sBfc2B7)+T#c*3EE#XF)g{XIQln8N<|LM2w0V;=icZvp31IN1Ea3Y%v9 zd=JtBOmh$w$Y(O$_DdF((!Wm(cj2=pRmFM!!xL$rrcnIju;T@*3+@WdSXdWdc>Z6! zy=71&!K3Yo4DRkQ$PDi8gTvtN?kMrzeEU79;62(C=>PFVLLth_z^WW1WYol1T1HpmwVh`l+dS-RcNx- zZLp+lo-Ib?OcHF@+kTG$WUxWYaxTBwKz4cwO#Q==kF9~K>IJ;MUI|{^oW}ufmahRZ znF#h-=bDOb`bdPCm0=W%&EaXwlGh8m&{?z~eWJY(Y|-? zdF#&f%;AxNk0c7C7pKCPXysNwXGUMTTv9El?_n(oA67PSF;cEB<4DoqlN+crydWr} zRm-x2i7*IO7!S2qAUTjOGRDQF;_vSzM%s!q2{agvZT*vES_MH_LaS=%`qW*iQa zC(aVs%ffQ#MV}OFhnq)rtFIz7VY1Tzfhi^gqASc=J3V=qCBW8$v@;suMC=$l_p?6= zB`0SZXk-B4aDS><)BFA`bn~A`=fNzDvZCVij0Pyv6%!Lfr%~q*QeNu;2Xd3yyd$70 zI?XEI`sseJ^*OVCeShd3v1^Uvv0pzqU6ts5xd}nQ;qrUui!7+~`|!mS>j&A;u6D$b zNd#m-X)caT+cFccmKRVJ#tjv6y|>6om17bUgL-y-;YdWQc=_u%KhxT|02}=!zv8Fx zdM-N-7S^Pq8@ZI&n~Jy>OX#|Gi1}l|n@pxC_@nc}hXcc;%~xw0DB!@Uv;aRos>Or1 zA2SAO5oE~?5>KbRtl`yh#y?l#Dn!1jD9F!d|hs&#oXQXMiTD?{@b;{|DRP`{Tn_qKu9$^YT zopGCOI=vOSlj4-bXCgW45$>BcFIH(ETr(EWaX)FX3RdS1oY6WxPY9mg=kkikzLIgb z{=3FvV5#OxTctN&)?O6P)FoP1_HXxiwer!EC%Lrr7<5S{dR`({?Ir}EZhY`1)rbt{ zVt8J+Y(aE>oQSlzQmy%nIULkgk`jGgA#_bP$ZE3_iTI{?s#o>1;iGC4_bNGXKEW5U zdfB$Do~ynsc6~-LQl*Mv?fy%@WO}+Zo;J@Lgt`JKCdm<`!X`;IV^6=d){`S~dF1br zKJk~(o&QaL01>7zqpyQ^TCO$n!DF2bBfYej0Dvm6B@Q7rxP8ClKyWz9HRI5M(pEY! z_W^B&ZfR|8e1Ce2CI|`=uB^gv>SpnKrGg^gVDY)RaTOI=T#kXD4i_bCuz#%`Fgh_& z40<;Qg+^h+2AQdlKp9$4uI2I55emx1h^MsTv6|gh2~w6mRQR2*ahJ$t{{eNKM~8=7 zAirvIa<7QfEi2>u#c!*Dkp~b2y4;6G^<nL~{0m3VK0U zT-Sz4slVG+J0tG$A>O4*0_E1`I)zsWTluq_H;iYb*Ri{TbTkPXP zM$%#9$c8MgEPEY8SFNirs1V$h8oXC8kMBct9T}Ec*H!;(#}ijCw-3Mks|5$=RQlu@t^L1|azNE8AhlI4 z=#Hk>A%)kNW{ztr%$z~kE#A2#O8JN5hDsjoo31N%RFrw_S@BFk#+r@gK{e;ptl89U z^B%;VJ%P88V%uBPqL4W+yM4(EiOsthWabN9PiIYb*aDKv>fhmwXJmoVNi(q-rWf1a zudyXLLN^*Mjs|)xy3{4Qf-%Dgp+}JG*{wzhCns@N7oBoW?!z&3J;#N4GKFoIJWGD5 zgFYu_gJEkQ7v^=o2V;C5)@GpSBH$%3gUK43@k}0V%@=sxJ9Pq=7q50%@s z9(@w#^RpvAWxZ7Oj|70vM3YL7siTAIUp+t2bD1e}=mp;)N6LQr_rZXUEp${=?V#r- zo-54crOKO4jwW|TphMqrUk!A)1X;XNU1v2F#pqCOkv=fG&^RxwvK;Y&!D?vd5cwdl zr&KMCz>7?h0zzC~gE!KdjTVSbjwf%hWJ47hSrWiJ6rwxN)}$zk5Lu9Ksg(<+bAq7) znkRx6rxOx(n*}iDQ%W7@@l-|gBeF^kCE-S5WkP%MiBgqpUAEO%!dJ`(tY(v;g(pb{ z`k=Sq=5RSe=q`Fem{rdIA^CWe(9+WKgg95B89tgTZ3l(sJX0IBstLKBf%}CK;ZgJz&`DB_KtoAX|1h6lR=z*@7`dsgxmulU;|j2!#2dHv;Ag& z!uU@zH6fpS{N$t@XkOL!b8a=qG>(}6r;{-=s2}0s0vbCMFFSOkq;0fI z%3aa3qJ_G_TmqWa}m;<&T4C^yX9DJ z{YI(L9v@@3bExt%YkTdGusoQrlt_v!F-rAgI!Vtxso;3daBCEO7SAx%t7B26=5yCyop9-;I3%U+g~iks$T{ zb|s%M=uU~R<$%9uJ*Ugn*X-K76=sa@hJ8UDh;#Q|kA*JB#w~87;Gf zcBed3=fClQjpo;Jt;mkR(XriptkTEMMLDIpuye z_Iqycm#8y7c1ydV=UIm(cB2HY(EWiqFI{<7^dWTU$n}`TWrFzQdenZ6ER8=A)>|q1 z^*h%~QeTX^!5=MVXHMG)6(MGrgoY#LY65aj&k8rfa%AqyN&E{8yQ3wA0c~|7BBFt$ zh~{R=i5AI4Mi+}6FwmnW4f11!fh!o^CM7O$f#{rd9jt}Y8tkwV;lY>=D+*ZIqHF;* zWfnBg<&ALsL8B0-tv>M2NtRj^5B*P$!P8jptMu{lap?FWDAZq?GX=`ofMi~f z(BiQjf@5KAEuyM=f3YdAtxW(Lazo9MSN+@DtG8S4$T0=MMtWb?FWf=%(4gEg7%0#6 zi3I?m9S1=%l}S*m0R_Fh1jM9bd!2PTXAAR8a+K}_-oOVXL9#7ObRY{zR9CToi3v0! za_MHfr5N=U`C4J2cE@6;McE5?7+7$bP2!s%|9dm#QF4kd_~Q7r(e4CtUuAjjAiXe-21qo^YdnFP_Rj9lRc%k z+n%HK!E#0`tMt0_jsDd4j4rNiZZn%_b|5bH$K>5y+fynx-)_#t*)IBNj`>L=NnP{7 zjmrCd{m%Fy17xX-{UVOX_Y?A*=fM%1vfdw^dp!G$zjq_-t=0ta7@9nuUdK>mecx8& zo+kEDET*DgUWXp`W1S>>>_pNgr)R-+`k|nsbi6H&J}o%^5PKQMxYX zmQy(a4?SzX^dSqgb6t<8npQiy?k^>|cwR57C>ui}evWuy*HsB8%f&6Fn?1y&jO#9S zVc){^ZL?UZczuFuTh-Rw?@oeUA>{?kM*oJf^51Ra_|Jy@EwbA2|3q=3Z+#5IwwY(`BA$KP6Rm#@)ioWp5wI-xGajQ(lae z=uA*<_ZjkBwoM1jAHT11y?U6X0|xR!1wyW0oR)Y#+ln%gYm)^$;k{5?-kp1NQT~nt z*CFp#z`nCVOxWBYZU=Pf@*LJTfl%i)HMTUAT6|LUDD+5zqmdmo7~;63jbBDVq7*+i z^{68!M2Z&$?xT9GMs}4!4)dXb{Bf==Xtr z`wOnE3XEELQuGKkxMF=dRdxcoIBTWuV2{U3!%r@S69Ayu<<4AOT+F}DbbWpO2+HsG zjWPC)g9h#yET-@X*mPSxFXtzViEHZvx;krKd9JO&+SLna+9}e~(jZQZ8<$JPN0dnz z3d#QE_C{+wHiOP@P=d*)2UPjdBSe=v-55g+9Y7S5>re2*Cxqq|6sp?)1k`}y!*0EX zCbe!K0A?9P%D zi3We`V`=QL9vy2144hXDu%BLf6`9*Lgt!vWzx9&eU11r{s;b?CCk;jwhIK>&(iyA6 z{pa&l`&aNb&_2)?3`q!w|Li0E9{*+QKf8owzQXl|{O9NNAL#xF|M{6YfC3EXKR+8m zNP#hY9+7nDOCp%g=Rt(S;VAxpIp7{Bm88y#@?XXDwv%C&o$Ff3_^&hBxe@Nj`%h_L z|KAt(cRWck`sXQ%#{Zw6qB=8}JeorV7i77k9H(5d>@Wu2fk`cvXO{nBfb3k|O4g(B zD4e!S*KF)DoUzOjzTm}<%1TLIn@Cdcc#>g7|#(@~ySJrPVM)Slp7XlH5Tf;(u-Z7z?IH|69}|G z;3+&5k$Rqkv|RF{<#o~S~!)C_(Q0hf&U0!M2{qq8t3Hz+wAafC0oO2IdIi@Pm}Ubz^i ztlaMTjXoGPS5W;c7|d_uw@FN)#VzHIPM%0SY_tVTu7JcFO+(W zh$$&5d_QFx_2r7GLgsvFV;b2bL(0TN>wCI&(yj}G}-U~+XTK9GUnp5EuJIxs! zL_RL{eC#60_boa7=(}_h{g7NqVTl<+_gA4;2Bbt^!WO1`_!JE$;eooHDntcSBt=a; zvee@w9H<|Z*q4fmM5Hy9OY5p%AoXk@BN>k8F2Ct6-Em!+zz-gm@L={CLnVS|wSZM< zlVZdeJ6#*+TH3;pe#7&>H`To*pqsTqd6cG$XDizENwQ z+37&i`m%^Kp@L~c33y#Bj=Uk;y@hddp}gi|!C%S36$sFZlXWu&fi!j^_sXEhb+vF+ z18p=>dO(2$xyBnc*+xIcN!TD8zXym+R$hK2O^KMF?0`pw6SC;)b>pG0F z(xeTj@F&uYLeh$uhF?u70d?D*McEa3&5ly7og7tI=VaXRA@b?+l@IVXnP0-5nW?sy zQOUuM^4Mz$gdyRypU}3pyU4ja6bH<&?d=!xW=_P$n%$&Gq-6rsZCMCp=T4Wj%;a)= z*1TU+#2X8Zw|J0&ahrVWS=t>lRrcphyg+?s68#+WjaQ3qOQ6IAQtQ2@`CH-s1Yi-k z3R9FI_hANjTPQTMmZzrpw7*gvV-~h-$RVI^HhCsj=vdh9 z{jAgIY}~!PGGoZmdtK&n;ym7NnmHa+O=Kpq>k4>#HXHK?Ac}KY}oZZZq-=r=fxXm*kl_WliFz-C--BK=h(C- zvQG{&Z^k$>V6u zl$MrePRz&Ew)TrAL&o=*?fcMVvl+3+{>oXknS_MIRIVj3$W(hG zcERlCu!IG`b2D+L9S5AKF0pLsF%sY-VYPo6+z0TsW@avIT7BNmHTSy)M=5 z+wIl+v@t=*O^Qcln+PO@e-Lu^)VashkLG6at z-OFo+pt~ppI0;4CzZVBx(31&Sc^jtON_&p5al;$h{SrzJ;A&jSoE3k^`dZsI_l<$| zLxX&JrYi@KsKnBhZ83AorPLZ|wmXTmA37cu8>BsfM9`Wkp$)nu799G^P5owUB|Eu;m5C;q{$apjnv$xv253G4Q8%*+!2Tk!C z+KvCC?M5OPA3q-dbw)5g!fC^PG8dAdx4BT*eR48t?zw_N;0hEW96e&$TryvgG&Kbs zLZBXW9TSmnwiYPIk+f0F?ne{>FTW_qDOo&l%d7BP?SKEPE#yQYXvvgdHC5j%Jq-8A2avlVxT}va?zH%T2e)ZHvS3YC;kpRYA;w?ch6Q!Ce{9l znT3VL#Req?P*Oc2!-B&Y30*b*Mhu?>v9k@^F*k_HZ>n&rN5jvdA~wA5WH^^Z;qt>p zi6{o`Rzp#tu48Q}hGJA@D$u< zump+2;_9mLKl)1S`@&1Kp(-n~E#S*sN#+G&9GDW1F7vjks)ov`selNrM2Qgrwf@vx z{C0nDK^VsWULzpcBD@S)oJ~~4an}(!n^9FYLcDOz^Q1bcWN&W|Ek+y!9}uDAZU<@O z1}c7q0HCd3lDw;{>$ChFD)A9LkLsYAs)B+-H3u73w1xll)suV0o4c-^_xn$sAvm$b zjF6Ju8hE9nyRBC?*~C$%dC+s+?ETkkLrww(wz@+bp#^;2isK3?+QnpP=(>P2PMiu~ ztQ}yxrFb=6H4~vUl_K@Cy-}vK(Q6^MUg4d0kA0*J$xrg%@NZ1v(9K8h@jp4VTTj?IU@L>h}u{7>;K98t2<& zxRH^sDKb|x94J<87p<;YgIytl=wfpUE<{8Q9sElb zBEd<>iD*RTDb|=cR8XD_rSKFLSI=Za%Fua9Y*j%WeYe_82MnY)wa6fMHQxk7E>^L; z8zEZ^X7n10-u(3Rj55>VvI~vWANNd}PGQxlv;)PpXDac5y6tKQr8`b$KJck{{-HY+ z(D>nybHZx=YZe8&N)1*YuF(YO@i{L`1r&}ERa_?}B>z{%3+u*{&A+ZFAl?7)I9BLv zoL-UB!+)GtBb}D`^E)$_+;lPexVPK;tB0Lj$>BQQ?lg|UlE7A>Nzt@a!lgRe*&Dh| zTFp#HO<|eOVpU$n&t8KTP@Q2`f-Ef#+7xXAR`eW@i-}2$FkvS5(1TZCg>_S=y;(3Y z=74b7({XlX8bk~_83g`4nB-CvnB)m8V2~mgAHRN0dkz2K#B3TnF9J9kp z76yz1g;<+C{}{~kkJP-v#3s4aqvOktJGr8;E7t8-25SQwOR&5GOOIq#N;t1yxWJ;s zB19}z<8a!p(2A-7lDM5lWSvWNH%9TSA1;`yG%*gU@qfzfr$ZFx*^*TPF}uNqSTg>s zVMd2Q#z_woRS8GXwh5DmY-YGTzzrmg{xfHIB);g`0!~Ei&JJ_Xsm}RlUWE>*+^+G0 z+8}hqG}k|eEGim!H65&;apgRL+l1WHvWm!=3uq>yuN8x9)rTD$g6VSRU}CCuytG${ zT5^=-_=llF@)|aWMb6Vr{Ugo!L7?0g0Kzj-l1Wmsyl>HdFflj?4KXbaUjCUV!lF;` zR3Xskrkn5jpx(Vi6eC8fBv%~60#{{uR2p~g zmm>IY5X%iaa-*qI3Oa>;Ph*HeARq6U!e4wIQ+@^}eAVlQ*Z<0G!7zL@ zEE`VaM@YnkE<^)Ktt0S|uFXZH$7%HsPq^(enkD`ec|g#*|DhpT}$^(ErFauGUOg%4J6k~(jpWk*hVV{!XJLLhsL+ElP?TXBe!1&A{dQ z@~@P-5^*?kz2qU8Ks-{kp)_a|)|5Rx2X-4poW*oemw55I?^GBzfx|D`_ zDA?pr2t5=mxfq(^(8__3IqYx6theq~Nv&8Ixn)D-)?rpCVUrr2M7QYEcb?aibBfWOjoNn1k_tmmskSTc`+~;u!i=+l@efMyP;lb!k^i^ zf2Ie2DBp6XC!;?S*(JW;)+MR0UhR&6SX1v<`ctY1eZ%P#2QwoaUf_RkhQ&njxx_sU-ReZnWfp@>K9C9bFxH3v}keG6zQ-2a-aw# z==0~k!w%o(M#>>o=JQ>DMiA-^gz?f@Xpl~&%kSy&0|2z8~x3;Hv55X)C&jqt9*9JbOsE2DHH zC6BzYjDM`z#!`JyN1^PYF81GnZ^^0aV~O0m&LI}OzX-fCf9tkHCca)t)}@3lKFnx2 zP>$jJ6CSJN!&@2&y!#jedh8~=7thbnJ5KRG-2MlQ*akubfqn9@KQ}IrgXdulfWqr` zp8WNdhTt6tLm#HM_d^|xHf>Tw?rK-$+26d0WTXGwI9r{Uz^K8(C&*U&*kV%mCkR!V zyvZGw+N})>T43g%a+3*M6at{em7z9JC-OpXs>9_(L*1945!`lp<@VsNm@b*MvF&@a zqrs}*<-iO>q*_{IjW>IUEzAdt>lCU1Xnw_0rC4V$P!>5HvI%YH;@yxj zxC+#g?ruQ5Yns+K0rFf?#)zql4GeV% zo+^DaBfdf(LZ{t`f7ge6-&HwyDwgcQPd5s~qs^tFJs3MEi;Ep2=H?f4y$3bhA)wjJ zHnWy8m^fcdrwgVKJlhk~eMaw`=kTvj0I2axo!;xQ)%!np~Blc>{V~S(60kxF=`uZwTWWRu;H=yQP42iQJ)Vc2s!+_<*!6nd3;+c zA|PLo724X86ZdKT&OG0r4qjY%pFWj;kmW%G)Rw{S?(RO*{(K-F85p6UZ`LQA9E899 zr+mTSh!@(u|CXUKJr#8U(KTMnk@atzBrRdHE(%EWV!^i@qSTf?d(DzMIT{%Hv7gJy zsZ=*D3@~PJQ?D`apV6{%B`PUj57cUkZfGv<9vNuCzvpN!#H1_8+hv*vLAl}ZKC@Eb9r&}j>@ybDm7Hw{)>I%M7$3X5*2*xz!XkD8pZ z8ar&hA;_I?KLHEtoQY6s^`(3PMC_fjE|rEO9LGSc)Q!$m_NWdE?&a>+!eM0y)DGLiDw#2LBN5@0kY`2MZGNiB_1CR3>|$ zRVI%Iy#DGY6j1nm%q~q`64T=2<&m#jioxZ6NWmRN@^7OU;kR)9_H-i~Ta$v;rN@cL zD_(-GaJxNGr?p$Xd1G!`$}*jnrucFNxLd#G)3|m#O7=)uwPkQYt#S_^3Ft9a3x{1p zZ|)(5{g2aet6YT8E))vm?}yWlX`_Q8X(~?a>~u?Vm0M;#=Em57%`CX^Bt$Ahh6MPH zMx!&yyN`qgSy-WyO}JD|Wh27xfda(z_<72z3C*GP%|{vp{}xWy%NoVsi(@@Mr5G?< zh>AQP(C~S2kbL+p$ILu>0-+R~_Tw|>M-zM`EOUJ*H)g+K)`i!Q!z{TrCB#BaupPoj zEu__VaUtxp0k#f%0`SP)V%a?8}|BY6TOHsyVM+ieO;@Ri1dwnf{hOl4k>F|wCRyGG0SfKXazo< zApbNd{hN{MD`#bVaY$$RjJ5?Na`$R%hcl7s*a7$x+Zpd4QvX!Q!Zu&mY4<#|!b813 zJzByH2%~4gkeZM=Fy+!=ntmnkuC6mFDN{R6Bx0U8KV2{Kjhr>9G+I(6B3FfoKFk}? z{U7R>?Ca3oq)ujXvmZ#1baE`qJw0AhBdM(}#RAgXSxf#q?5fy*;gPQaqC*aXyI-(kG5 zh>UM49m2Fw8u*}K*g1dA>K(@x1*6JGGLENm{~`X_-B4b0H-g;4)nEA&&)$U<3;UD4 zub}Je$QLKG)qFxJ_yqS!-TVY+gJ5Q$1?<>HTogE%#Rv6o%pNjpb?qUG!J1zj9o}uO zElaz*F*@v(It#~a5YEEf6dH@sy1Qw0=cD{5U85O(XY&t9!xeV;;y2;xYB)KuR*n}K zc;H!s0bkZ$ky?G7G_};^DqL|^b5>xuL+BXjOKp(HHP5zBs+&)jcS@1j-&m}cA30&A zz&6xfnTxHl9i3N+kv04w{LSudyfS_TI(Z9f|H(??eQYfi$E_~54hLAOA^$`!Ls;BC zW3>tuQylRl7;3Zd*!2*GxzW7Y!pAnjQD~?j++F`j1BMzmrDES^wiX(~u)iQ;r=~SF zz33!nM+FKSK0Q#;p9+lAQK@e+cq)z3n>qF)oNhG2MCI2zrEe3i$hQP4g(uRFgr>hX zAi$@~lE=u}RsoY@`*`E#cl_>ALr!Ql*$v*avTW)w9Up>BlW%V|m4A;CpWTU)a*jZ( zun^zUoy0uRbB{CM#|H(>Ku4R)FikGje3MSS1g)`x^!yHDx98Q=*eP7DcSpDJi1+N@ zq4WX%>M&_pUVt?OEF?80iYUr0AdIrb~&KNGr6Hu-?X|&wuQZ+Ws)*X1X{Qaw-aQpR} zEz$VXil?s*@`QxjZTS#V|!crppMKaDG~bLBNi(XXD#a7f2aErK)s14#=r3l zk=}ZF9{eRmulW0AX^n~&r=1}L@pTpOny4HLcA1`ofmj{rsFP9p!6k z&7zt4jo5tpBf%`K7qnwNe&NA^l&X93;!wY4n;8lqMN*=E^i?}idZICR-a_=h6YG}@d=e;%WH zA+yb`tOyU1SS`;_BZHQK`(b-9oukgZur{91jfBYW8V(f&wUUYASk!L&o15Y6I&KPt z%e4P}A^r2`Gm2F;+K*WfmqjA4RDd$=^t1#BgqeSX$>td zuJxK&hQ7Qr6IKc2Q!{(zhh*VY%)LC4GSiU&azc+c6vCsL-=NlGrrcBnTU;NzvN*Sx zVykVn%)9j#yuG;jrw3^M6bDqdoMt8Mf}+E=*ys!~4{Gk3Nj?uv@%X`ZP60+jk-KND zR(O|u522PuZ!9;a2Ld+_D@udYK%bo%dwfY74)p3yW(*8X<81U;B?f|qu0(8Wk?C{| z`_=wAe->t; zfvz=zUz?-Rbdfn(tX1)GndHk};
    Y9(ZF^)C=b{HTUH?a*NHX#7UNEavD9Ub}Z6W zM*P&Z%SpQ%Dcfm{q4WeX5Rlfe;Khg#T2b*drrG%}x8L+vvC#ve8K#3uM@{rxaxv)@ zJ(d2?_P-vjdp3NNwB*M34Kg0&zjYqcNM5T58d`iX4f~D{E1lFf>w}E}U;Qk`%nt7l zJ?Od{VWsEvtn_U0jSCf9#{>mP+_%8@CkS2#q zIz%yd4;`RCulQ(if#S<{vGiLx4Eu5`u2X*&4Kzy${f>$^%zwOR5yhO1kjSSU$rcuvILlLh0(q|mB201hU7 z>9=Xsst$3yr!qO^123k^Q@b-gti~9S+1VWOTyZ3jQg*}|8N0XGh4lt7g`<SMf6tmfU8gDPkrzN&uvQyuV+3s$r1j&Ws_pHnf8rrh-zhqo_W(HQ!}m4_=)4H5M-Ue4)vvIuxy>g&lg4b5_8s>f2y^`_dmtLsow7p~6;4 z)VdgTbJK%?Aw&bQb>mg9>v?W?NI~Z4z*A4{j|PIE3}|V_NE77Rl#r=Dx{%E0$S351 z@_p=e?WZ~{DfQ#LKWKx;_H749X?HrR1x8Fd{(`Vtt_@ysh;h->dADN%GlO4`a~hm!m=@ z14V-X7c z$^7JWGnrUfLu8xPh!w>QOpdY(k*=cx+T|TwManpoIAw8VTSdi{#u2Lv70qM?m;iyZ zKHcj(>Pjg*UoAKXCl*$23r}fy$RHI5B?oQZlEaHP)vl|L3|dTJK~{_)9=?bxe5!z3QjHb`$^Br} zp5b}5n=CWFV=6Ci!Bs~$acBrzag~o1K})LH8hP-33WFDoB6N~2U%FDj34uZ^JEbcm zL-?15oqxFTHQCwnWJU<5X0(xgb z?h-ha7dX)>mG&m-n!?_m10yCS=0IP;c@@QZpAoyFhvvpjqAnpid=Uw}8)oiuTsVk% zA!l`{c`ObUrJ+Ia*Lj|ldEzR_snQ+gBrtDSb-KO<<1gM=DiS+Im;^QOf&o7%@eL?M zRGuqf#gcG=kZvit{+vFEp9-)zREvV_Q=N=YyvZNg28WPjVp=nXjYygG%WH zsk>Nb`3JXl^k;`DD>|hqQ@J)?v`Mf5lQ7@h&i<|1Ry}o|MEU#2YG2c5^Fa3{#brwW9kf=jVEW(xWP)1$YbRr6W@H zgX4MTZ_&YfVne<4k?#y+`eHA*8^oJCDw-Q8Yz9Pi!M>WYyD82e$maq&UYaT^<=y=B zrVT17=H*p+W+eoD?kc;6k?BHxO@MS=n!@-V8krc+ThC00(R0CjBPN#auS4^UR45Pr zB*z);o$3xc^M9kT24PciP$}WSr6ZpLeSvwBcxHfWiy~@*uBU9`%LG;3xhl`^gk28e z_%KUgm5I)ltN@AB%A8RrxTLHh!Q0|n`fQ@a3(j}qlfh|5+GDXPSg!YIwg`ug#H#c3 z?`5+AOq;O3~FEu9eHQ=rQJ!hD45f zmxxUi5cJ=}&P}{ui2^S9HJXX)-B7n=78@G)yblznYL7J4*rR;EWQq7ePA^i=AMVN! z1tlpEAK|%P?gl$F+H33i+qd45m%>~+e(`JhcrfrF4QMKg$fzSDho0Ha%D8q%f1`+j-)LI_DB+H1lMRn+f^5ca(k*F4#zrwROjya1XGQ?4Gk zC2)kB{M)!Z^>j`=esaXIxV#iO)q>hKxxZVfL*X3GZ-^hvxWQTdgf>vBP;jwpE{sy8 zpAQvaA~a`Qk$VJLa(X&$?D28Gr)eG|&AD=##?!OHpD6D)1^UN}~9Z`+3%N~zKxiaWf5nR~MQk^eD>np0*8^m_N= zB9~<;Y+_lNVXEHea*HDLoRg>b3SosN zJL{|(w`OVr4tpgG4-3KbUgXT(l*{8U=fA_~1>CBtisN)E4Q9Q8Q!-n{m|{}wx%~wN z8;qwMGHQ})n91{54pvkbJ*GaVZ=S~mhVU$ZI!a`8o-1@V8O{kJJ;{F4RCG|(^B#MK zIFen{kT($(bdd?F0gMhS0?lqm{{TB=uEKx?c*y&>p3sc>Wi*k$jZ_(Nk*o9Vd9yCR z8f;qo>^2nH5G6Jg)a;LIC@t`-#Vbyb>+pW9<_PfAQA(xFD$=n}T2)r1-!JmGV4KOsg_6;nEWg7%n&JpK6X!b}HSB}iUN z?XPJh=U)|=hZ8&)k@!><7a<$B(>fL8HUZL3v=9T z)pVBG!3`DV`=n-yj%`3AV3iBZ__`@xiv*_U%UnrKF{?np*ilzHAAb`u>vRmmd&haC zCB!Pfvt6C7&G+w+cF9CEs^D{O(Jdp{k!iJy<@Or%+NV@2A2w@Dq}fjz50*GGGIO52 zV~x>tj28E`U^ao8f9M?guBEOYr>~rfE|79AHr!S(tWPyuF(&iR^~O-(s<6)TuLtUN zSsu~)yDNhy1xF~IVSrW`W#E_Lv$&v&?(VsH^Fv-R#6(p#1t#58gckx=O%-$(m^Zu3 zWHH<}u6##;tfzKs${nxzPtaYDRsf_PBGs`MRt_c%hS_prNZ^a{6;_+fv&rRL;(gwY;EM`A8EK^&+x7Av2LRela3ilk(9do?}d&B z-g)u##5Eo+JJZy7bwj5y)e{@|u!g$!WtwK@ZJ`cPm$WhwGRoqwruN5;a+VKdinVD< z+Y1MJ`LSkh6en1+amoGAdQ4YVP7c9=uIl|2(Q@W!zW3d`U7|OWsSq|>b}C(BYqcp; zPaJF&g>#JiOMo=%ljzBSBH`wUUR9j>foE?I$VMtc<|i~~_XqV?s_SKjDaZQtq&K#& z*4FC%^NWMGw^#ipd3O%x4sU7cYW?Ua4&*N<*g5WZNSN&e(`5s*2P#eOV%%6uF;$c= zN8Y@fb8QC9j}%Awp~PUnzt4E1w6n*aiXF>z1OcA+H(nofA?xGnp;Q3y(V_Sm+$ zCPnCJAGW^`oU03$D}*9H6i)XNpsQM;}Vx?OY$t;#6O@sd&?#(V=L9b z!#6)HxX?JKSeywHK%d(*4!e`(41get4k8&IN_YSp@sF^~I;==8;^{)V-|u90mK9p9 z^{N-iO<)7Og zf^z9%5ThA0(w*|zRN-r&LD1smF4Gh+<&E_bDk-GF55J*Lfye6*LzsC*bh|-r9UF++ z37VplOmD^;v-{UXSvF!SHSbmA;V#T2c*KA1daL1m-2lxSewi8SiU>QBni}42&Pa+GMO6eMQd})rsYJYgh+gAx@ba@gIhFv?;c&}W4Hi*P}yotfbLy7Set55z?(zDMN zCM@Dgp|u&0hi7+(7kOccIUr=pWJR@0Y2;jKxqV`vEX-V>7)P>#sYPBof(iR)h!O= zyGAO~oIAxpM!k6h|Ea1}yVL0Y@U!TqdeI%E&0x0nOjxIBX#yI-OOO77=&Iaf7(>H( zw*bLvs4vfLnuU1i%z#UreY@!@m!h!8Y&eDlGPHoDY7#NfNIa;MJAmbmO-xEmh*6=%?~~Ml zcWB<+xq?fVK;7~20%t7zXYheOzq@e>yNp{F%!UEwL}-%{5UjwdE#OWGR%#X)<6EuE>*P|sDy|H%5lqzo@L`6kpZaI`9J9NVBIpyiDDC8n{CZqQjNtz{46iF|C>D%*0Rufei@;PRb6 zWjE3l9&Q~*H#dlc>vjz4&CKuUIMK=DpkUw^3ye#--Ij4RKG1i?dx#cjc9XHrexVpz zlcW6iWEXaU$6_sGzQF)rUU~xAcWagrzhlCe_f8trfIktm4#`9mRZ+6M#>@gLMV;dXw{uZ`EdsWgcnbGyErJ5|AX_7;DV%z)R#mC1OnOAKIoqM<>E|5XDYGz}7JYTo0jwG@= ztBrhKGIa6#>elxlKzZ{w<)!$FSZ~feqVrpS$E0)Bauz|V+p+qu*z=~&>VtSsP*b%K z7jl$54rQKz&B8VI5Y-gP=JFS5ry8BbwHK(#{g=a7W~P4wWJsUGgp)c|!Vmk3?C`(Z z`|@zMw)SnRs%k1Vt7vJfgQ=yaB5iSK6*ZKmhSXd|j5Re92Q^R8Hf9c0sslCD+?a(5 zs%i{k9vXybNCf$9J@0v^-}PPZdwt)(-~K1LR#x_~l6^nVbFa1UJ2zG@4+NI}qF(^ewwP)&-rd{C-O3T9PaC$B#Bi3f)!8Mii;(9{tvo;GFWN z=3E-p2>C{@H4@`I$r(RFt%wirwdaUSy!dWe+AAz=1+hIOo1~O$a*x&3smYs1>y?7t z&@lh9kEZ(VrD^VfmPCW&wfs)Mf%-1wOI>O=Ucmi`mHcpdq{i;1AVCG8SSjnDMtIWi zMWU#g7y)aTAax8!WKJOcYD->YfstZl!!jXeeulgM`B?z4sRZl zE3K=WjrCPN6KsX;Q(2eO?q(@)rkrqcH2=Q&g3oLGVI!L&5M9d87&LDjx=CqkIE(tCC#$l`Ywu{EuW;d0fd?L{mm#KRmLgq8(X)JKMi+j^=cvCc zBiDa1iDaetJgmG}u1(QKiiRP#WeJTODyQ zDU5ntwf4esf~bk%mOkSnB$KtyNue!foj@%L8k(U7rJk30Y34$5+~o?^v~ng%8eXDt zr+S3HWXN0{sS1C(7{vZw5#*+kB9s5t=UYdIzx7Fa*M&g*j&VP<#)~<$qGZc16_1YM znt;~3z*9S7zq&=&qrZoYC!mVHIa7;2;*z!z9+9WBQl1V%aso7;V45;>D?=ocO!Z#M zZS=Npo?a}Ll{7y0@(=eFKt|0mJzMm#vq^`K&1Osao27=Or4PQmYAi_wcd6(J#diYX zLOF5MYrSSxIyvT6JW~NTmw`usdw=pw0Zb?!*2@AYFAn$ezuDf}0*vidKz4CeK(d#Q z3R-$-1%e2fULCF2ZwvCl20VMZ0}7Tx$`Kn9A*|9G{#7 zIYF*u_Ee3Y{NqKO>{w3FHR3z&4t4Z9HN$B9s=xNsf)R5;n4y@MkuD)@whq?4T z?wh;?QkXFJWe!XfYXRAc^nFdh>r6&4&O=4- z*FLRBcN8K@h~$qBadb={u=E4dv+&DEE9(+4OhR(jOjGaQg^bKs&AR|@c`-uVB}7yH zcB!B~x$UD-Va4g1DU`S@6^G}Fx%O|rgZJ&BC=2Bvk=eBdC*btzHxsZEp_?<6wsbpT ze|+-uc-ec3yv~XZ6*ARd)_qc)GB14X6r_9~&6*GNdpm#j#pY4^hSF`|Qe*O%_L*i> zwY+y;t%!r|txbE_vJ_dpw5{a5pIb~@ftWMBY*9JOu?I@H*I)esmvvbamq?vMMR`C} z5qCz@TiqN`x`BxaPW6YqbzL65cTu(L0wX`2^42I92+ezEcC)X!3aF1>FZc9sXQ0hL z7+>+lO#T*|HCUN{!ROnV(>;I&L*Q8a`yXL46S!fcfY0ON@1^A-lcQM6v$t&T3W&Hq z=m&pGIQSK{Sl6>fiU-m?S6^qEeuHq@9ph!WTNRP5mtCyC``u`{Lt!d6(=;?utYLSuFVEx5RS^ne;wTV6xUc$fy67xq{XL@P#HvQ&1Ou5`AQN4P9*S@*tDfA>N>+WG zUM=3ilPE*@aAf>El%Y9wJOV_?URy!b+8WQ^Ux!MGfbZC zXa_yAxNgh3ol8o8;=@%Va?VSGo3xPV(W>NK+2m+{MX<`3to68%U9seR$~g=^5Cd{R(@YYV%<_$Z^bArq9-%23dY(8ZOx z4Gq3>t&fiGEO~PTZn=`Idh$)2zxd5Uf$lA%o_BT`%KdG3;@?HS)imdE8@=!Bcyicm z4d-T;7AbJ=bIbU$h?4AJ%juYVBA1eW7vlT+O-6-Is>z2KQBg=sTowDFRK(~NriV-Q z(+_h4wBZA$@+t$k>v*N@8qJH6lH|F&Jk(y*wtI%D1%Zjp{u+m{qY->jHRmDc*mE4b z!qd)hdUtr+46pX+=f~nGOK6sR4^m1^onh=S{j3P;XS*v8$1;Wt&MQ%4Gz3An(07N= zj@lpUZcp+xWdzDsi@!eOpqnn&T;**;pIS(sM=h{Fu|Zvx8sSE~_=Bv?%Nr!Rl&YX& zBu1noG73k13^0i?&VnEH)icsl4%`Aeg9`XwB&6B~yGnO!JW$@qx1VW=M?_|L+5L6Ed(wBh z<(cB%Q(ze#L`Dz~OZ;^PwdEAMqc+3yc38pfklX_^)6AX&gy&VWtO7O3Th}l(K`iMX zyFI!O?B7qwpR^u+eLfcZHD7z|uyh%O^KA31M@;AN6=k)}3x&7$X63g8T%De$US8|9 zIwvVvevJ?~&ZP?I-hGmYv@;+n+|_07ao5ePvwEs8Tm9CH`-~o=eC72vPa1^+RbVNrf>G6(Gg909nqI4%t6#jVqLhsRoettFAlw@bt!N(dNzgaxFfrc%(71i6WaSuID zm7(|KG+ewz4tv|FKM=c*g2e+TvUMR8Eaz6>fs4xy>@xX2{5G_s;Df=aVZ4p* zBW_l&3VSVs<(7=eJMWKWsvEhU%lvpgW=D-?Ur>7G*mKjKkoVWRxw$C9sE8qUF22#o zoWeIE;}PX07dDv&_|3D`loxAcil1f{yeW=7oV)S0edfBEIVa*aWSGB9*UExTsQ6WL zPEYY${wFPQz_|Q&_Iy%;ZrWl5_w_bh)O!i$*7D``3RcD8LmDYcXP_TauXyNcwkrjN za*b4E6&$@^85t;OVsRQFdPPyN%ihTAyj#G%gcvc+PTDD4tmM0;q{R*{4zO%jmA zKBOt$bTJy%X1Wi%zO<~BxDuVnMy?#t!uTGWT71ST%o5M}Jb|b#-RsvU#Kh<^9k-gYyDkw6F_CvqdA-9S5iO8xS!b>`(RFpoIjw0!wP9Nw0KT^VL(gNn z?vM0#vH2<*rg`h4WRmV|)S`E%VcM$QJs9(Rd6&@#WM#s$1wnUh@P~aZA zG%7+&$dMNN(fZ?g4MA5UH>PuF$}w=ZIFF(ve(u@fN~LZ?&Fz1~Qy558`R7EQi}?6) zLgn}F9wo)E$~~H}BmlBB)V{MIxN9MXqtb0K)~aw4o~?N_@eP`Yl4^i6VWn;x+;*|& zb*a2@Lugd>1@2O=QqnT{_qQCKj|XvIUM-*;0f0=AJ@?UiS5=ylwC#g8xqZdr#WJ6} z*zhNwHQIfUYtG$a0f=G=gFFB5ONrR%&VlQV5w+f9_X*nrN57m!<3fEsCzSJgM#5*lxjv!W_6O$-a&ei6$}6 z2Je}ltCU2r=s-de6`WeSf#E~BPv~N{t0l+_97*-!z~vc(62iz=;n|ZLR=Ew$aq|1g zL}&?vu_XbXifZ13)8#Qe-TnCS8dmrQcXPFr))>ikSIYAUEfhZvUqq70o5*J9 zZu{n8@NOs=w2W%#0oyWEFxyfT{V$1zxf@+IaeU@EkJgNFDq-%Re*m1)L7ts9;4%~d})7dtm+zETq593;Q7VDXpq>v~gqbi8j zok^rvPqZF--wmD`G-#ZQLxx*2xse2HLvC#QJN|PzU0h0qN`$oOx+S$bTp!;b@YpAS z8=9+=IKvU?mePUK^wQ02p8ci-t5PrGLfboVV;#40DW;o5V1)AQBRbeTn>Z|yZ3N8r z2|4DpzMB0c>pmv(<@+hDTR=0v@GiI-}AW>XL~-pez()E}1;1=HZ|jxut# z>a>S2%+4`ix}p|!qep50s!)_8t^*Pm=b3XY3V|>3HwFC2gp($aGnQL;9ps*hwFh{C zEp=+eMwS@8xGgfzxB2wDp&Lfkfv1lPbn$9vNP^-1!caov0&;gfmB=Rl!N9t_k$qQ4!FzLu zF-^`SfI-$epie>=>?QaY2^j20ttYZWTBUJ@JlGx3?w(1)lw%twcKs@H#W1@wLpQjn zliM}B&|IIr1?P;~b_pUZgPtE4E81ZR{pXlQ!r)goO`{ z?6gMMo)BT2E;l^6=f%M4Zz0x2OLu1s$RWA>a-eaIaMt?ic2Sf?Ar0*=4=^#)DAvY*p4_4RS13(MdCM1`nd7VUA#}+VJ-6!Cq0)lS3@j1ThsV zpnuraxZB;B<$9pImIyqIlq<12#fEqPd$#^3Ya&@Rpb&9znE!@H`8(4>p!P9#`>+#7 z4gwy^r6W?!i_FAyG~$-d4fAIVU`g1J>fgASd_MkPef|r=XDpZrDkIpiOYR0l8>jCu za*+E$f^qFtnE)6|O8S(zhX~&sep35{IHWC0q-*6O_i4(1|4cLVpBc5>y%iT}Th*Ep z0~7wFJY9e#j zYTL503yHeNDHD6>lBxj{>5W^o*fUa5l%Z;={%7n2_d(aB-)_)Ed&jQ9>N3uFmC178 zxo#0bEDGik{yG*NhZCPU)kg$%S3+P9Ubg)n=YdzX)u|#-Mo@HaJH8V;ppw}stU&fC zH2KPww>wAoMszuAl$C}ohchPJX*94R<>jd7`6r??Yx2Vi!hgsg%@(1oTA8D??{5JU z2PocPWuS^Va`~Q$cbco4p#RPHAGh4oER=MOGR_o0ZhR6o&II_+fZd2Gi0^mi|Jdt&2m==7kiJwWjTjC>1LFs z%2U}dlRw1|bY84}loH>LxSu2ZA)=5d5_xtb?L^--CX3C8mV(Mxb`N^I1=%6K(sROf z+~xC4N=gxXSwV`2PQ*EOz|;CUj|>b(*!=dQRKeEhnw-AeDoRdo3>RK@&hWwRXb-CQ@Uud~^j z#n9w3^#VXIwF!Da#I4UH{$h_z{cNOxyhQZnA1m?CoSKz5`&{t3L zl0B8it9o^hDe$yzeaps4nWhA1Dx_VZMZNz4wc;pS6S=EA+8$GI2`4e1-@LMtTbiCm1KoFP-52 z5n9Ab`67Lx@2&y@lqR5S(J#@LAO=iXr?3VfPxZyd_=5)47>x#|f;wgfZa2$ES`T^M zoO$Ck=`RdcEr(Z&dc8VHIO28mX3~yPfPbTPskBcSQ+F<}x^ErmP?HbKP2<6Zaw&CC z=YSEN+Iu0C6mKvlqp%q^Vw}Db3bDQ0R&>~m_!aq+^;TVh7?;9j;naa6@@4K~Pes#0 zy)XrGzOm_g_SP+aMyTBK0-(m4?Tn5if`WTCyn4d=Pr`;H#m(fU7j$nY^Nj4rzdx_9 zoOxC5ah*aD;#+wNP-8XkEk1S5wq}7vvY$+9efr4(uV8pmRv|qt{@H34TtQ_ZLd23E zFm3kh%L?{C9_05=gjsqF!td7Gvmy#5$7UXNj1w=c2^i5+AY&*QD^WsZ@j0J&0|cj& z=_^cPt*XMi@AG<^ISt5=JN8d1M>Qw=yuE})*hU(w!CRc@))Ru)LmAi`-qGH19Pt7X*?&Q##cO2$mrC=m&Gx%ZnZ}r*PAOEP& zFqfQldBrsXUGZCWI&%o|;MvZ~bnG2XKolPASlgJD=cdeaD^Yeczdb<`ehv-!h*Qu_|Glb5wD&neix0guy@Wxd)UFE*_%}333FFF(wGtUpEw%OeoH4J?=d!N|r7g~~+ z!^dZ14!+iq9Ex_XEnWm!Ds{7i$)wm(DIxc)CrDU=<`KP#G;Y z5X?#$XFHivXQ$jdEcLENQPB3*%ew6#?M%q0Gu0O*u^n4{XhfHNqYz%&NONqYU0(g@ zv5XeG%f4kYY)Du%F|0G}o{fX_Wl{J#WCkb+jVx1MUvTZWZ&xcuHl*ScP5G){-BB!W zc&IkY*2jHN6HfUFKvI$y1U|2p=Aw=Ryjsihzwm0kGbb7OuOTTrXK&Pxm$LnuJD`M; zo-V&m^)JUMw#L2*e&%@)i|Rf0PUAj*)&w+3KM`Jq2m&SGsJ}00L>{pbhuxYyh$Q5d zkzX7ek3a!1)sfb>2+Vz$^%gDl+0g+07+{be6R-Y1@oYmMtdi=v4h|*R$N5)zsQurU mhyQs_R&ADn;n7phw5>az_0gC zLXyg`z&~$T<51vl9A{B=XC*sRXEy^!69_X~I~x-^CnHA_6I&;9JLglV4n7D7VhBkQ zL1p)hqZO}=PczSVuXA0x!C+*p1<2_rV(T6RL6Kb5u-PPat1#8i@-!BYDu!CDy3|!= z*k#G{FF)0nP$n$Hp1r515yZ+qmbrZAgFhF-tCQ$KKvVwk<*PQPY17WFc=dwJ4Kht= zdv;8JJq5GV?ntT=#VM!Lu6z>6v<8;s2dWS(3A`u4KH`5~pPP^gR=>UX1NAex1m?dN zxj)_y{(B+xGnQE6-{(R#{pz(i3`6dxd`)@drunP0o3<`5KDjJ&ZO)0|t zktOW78>?7+1l_SVaB)g*GfEaQ zCk~1IvmvgPsnKiKcjE+Q^1s(|tct9lz%diiL53>NZjsPjEnfHbdFg)-;(dJFPponD zX(o8dj(fc6-;>{I?#D3=dXh%YS#;-8Q-z0{x~#+X4yHg*Ff|BiEF3JiAm_yOCKCv1 zq=s{^W(3EDue)(qT2hDS=4e`Tw4ud|9jqcMq7l)zK&vRoD*%S06V5BqY;ssc<(o`UlEm#Au@b}(Z<*Mh z8usbxC!t=-k1U4nN~ru&6y_|;_c`Z9I9C=-1&g80@3R!^QK3!GuENJz7wHmBYl5wT>^2 z3hTn+Vw$xJUsUm+Q?*nB`>~Bz{man#{Z&czOr6U@b6WATtFl?)$fFxu!(sT*ae~vD znu;3M#nh8pLgvlDVl;~NOyJSgU_#B7RSCjv66I=)R!1*SEMP z0r*l|ySUlfwB4uBNx z*_7jfn%o#)s+{XVVqKGql_i47(nW>qZ0=EC7i8JMXtv^tCBdH|Rh69=zeO^T)xWUz z&OA1XZ6)PqAc~xo_4~Sn?pp3?>{*XlEuY@zXff4%y|BRAq;Ea+q(V2Tt|F1=dH8e` z?rq%kyw+e=sJ!!TROqbULD1FmrKRXnZTtIp-NM6y3kY)iM!P*N(72e=tisz-)YXVB zeWm?y@aU-7`;5m$us(s2Gr8qn$Zw;?TYEK3j^8B*=j`*bvY_;k}yF+kbO`#4bR{Zha?iEnJi4HsWDD4SYC)ne%d zd{HB5i@xW}qmYMjjTM&k@S6LyapAJAp89Rv0*Ia9ztVa8Xv-eqdt@9QVU8xP`Mn+8 z32_`Wf_f#fzm%09_-WC7iwlq4mi*JDA*iFMU|yS}3?hBt_t*OsoO=UAYRr<)uZrox zWT=D34BMTW@t$Se5(6fp(C85e*^~`pMiio^6)|{M>M8SFIkUo4+e3R=y(b8pI4CRy zp}oxa)_aaR`5IN*Yii1+ghCV0wCbpRc5D5~*!_>N(3$G!0(G0`Tt(1~%*J0KKAf9p z$Oz1!^P_d-RhDz3|5d58Yr%R8=ey#Ceym&TMx8CVwQ~x))s4StjvJ1g4qW*2yoC5V z(xM6~ks>MjR6;zd6g9R=w)pm07P~NWni-A9kh(fgXt!Ktzjd0PIq{K~3B9<(Xg(8R z6#I)!jYJu+aN*WDxt16DO?+Lp#4hZ%O1G z8-w{+xwP51-1OCvgV&vlAxl=}3;HpU3dqNHgow;S@jyFFGc$S!i3|ha+3(i|uexJVj4J<;j+2#6Rviz(JKXusSw1W?TdGF7( zN!GGELxdojM#X5#J zygjd*gR0Ro=Xg?3Y#t4NpwzH`v@V!csW||3IJQlRQmqW`ng;5xf0i*VQ|_Eb3QgTJpDp- zk46x*uKRByYpvD-x1}R<#zMxhC@hNA3FvuV7|)G=Xs~Yg?YPdSTmO~>Lr}Y#4I3a( z1TU!97H7e3T;87recUgGZkhVdk4}cu5zm!#z9Mp>R{|D1juNX}ENwEt8^pf<)lcUX zuFG-6qR@eoJtoIemZL$?*d|CCM!r#`@|R+>N`!lA?i!uO)e2)=f-8%PFv8{n`c&)f zwl>#m>;$U~V?&ogD{hbHA!#80Q#F`FR@Sq`yY3vQVhcjHCOz^mI=w zyP5{4j7iX1bb+NNAGVtO<)hUIxg?HE zH~CFs_|!3Z@(RSN{=1d;k?0C`{_aL*OaDPa(9zO1_EODj7JI&j>{eRy(Or@gM2sD0 z|9Rh0!jx6`?j8W)H`Z(|ye+kiw+>5wtTo_Ei_#(b6ji19_5xdPS8p8|1NfReGsgsf)n{j8?k52&Ox$%gmE9Q*|0= zJ&My~*`V4%T;s{#%oK}vMI%|+#5fL<-2{XB*JyB{p}n%;=B{ZceFt$#3M~7b+QI1= zWk`5dmxNT`op&Dx%?%#7XVAz~J%4ac70MT48&BdO=0|^-vfCRp#@CDR0JF%Y3>TH>a$mq9Sv=eX!h4HBj3%ZkKxa?>XP)(58b-QJg7y zd=1l5!WHr13%}3X%w1X<(ba&N(N|f~{~;wVIADRUN3c^G%~{joA@}!%(JvWZ!Evn3 z8L^z%fRfCjf}l4-)NcEm@*Yh3sng;WZL9+7Pi`~rh)h(IA8LMaw8q5yxY1V+kv9q$ zS^<3^`O;kJ9$J`Gy*_jxU9RMG**-JPH zzpwnClhps~gAI9+#+g6w@o09SJzr)b5-D~DMR!W``=CN-)gNzMm8{W~E)^C>PIP0m zP9b;tDtD+_u%3)K4((Xbr+f|NWM+Bk5T8TyIk;2>>-Y#FF?VpLfR=8~9)rN@PrH~S z1YX$8iUv2FA&mEbe4n0fOC;N;#!a(2tSTthaRf>0f?zP8lU1zn6sSEN4jrDGE}n3w zecQZp&5;{}gFg`Z-WjaAZz190;T4sY?L1wM?adp-(3M`!YT2FNZN(%E8t>0l5V^Jx zG%U%es9-<<%E91xv2NL+p8%1F58t0otKNR_bF%$O)81E~2WLX>GeJx`&1uWmIc+DT zY~P13F+3NrzvN+MrXbX-jp3@)BkQc@CM)##qq$EwOh-~Wa|FNNopqz!?=bic<|pe8 z;h1G8NDPCozgkXHmA9NU=RPMUCMxLYfF{I=Kq$UvP#;hTwdYN@`l6nW%=nF#8y%h= z<~lyCx81I81>@P8H;e$cLYPFWF-bjk?w+xi?U#jw$HwTqFJB;=IW%3Qgs}6Jkp1){ zj!gU`;)kL?e<0Rp)bvbNTRol*)jFuDFTc-Za5~-X=f(JIH=*FNgr0BpZ@IP8v&%{A<*4dXrhOOO(Q;D)`9|xYg}+b=h^v zrYvd2_whLBtJUdKmdmV0hTqFQK^Ff&T@+=ucYF;0OG*F~%vXy^a{AUYAMsASd#wpBv?b_{4bVXl`<_hrO~pfFBkXqPZmCcC}ygxn*)YS?+SPX*w(} zf#=7E0HSJlN{*jSlQQw!`QzFvVLGU<)?#YD*@XrHi+(#VhL02*(G`qc(YOguO--%d zU`qfj1P4IUjZc=Ff_5UX7)-~qcxm<8GsgHHBMrKPnGAbif&AivSoPQ=c)4llU~<}( zM&`YehbS&7(K_A((#>R}D=5Qt(IUfXloN;^Zd&z9e*iN^xldcWJhQzo-m)2izA;Cu z-+{5HsOZbneyL7NQV;@Gwe3oCt|LPkjEo6F6NJUk&o6H=Cqml!bbpD%xe&Jue)kCd1a8{t*QPr|i6iOkDCwZ!;T^;7U?iT0{XFlR z1vAkdmr8Icf$!_%8Ut5$adEZTSeDS)eIfsI*jvB?=mimsh@+@}+w)1TXTu(y@AhQn zDScwXMRM`}Mak1Q-In~<^X2WLRfWTxjvJFf*ZWZ}FfHHflT()Wg(REx{9gb_K+ss) ze*r8St~MD?;cy^raXZ~jHOtxG?H1}oV6tBslqiw5DaK$SMxTR+ZV0?Wd0zE=?M*L(PR4&>WO!=7 zF3Wl)Gwrp6_D0X)qka}Ge@~j)A<0lNe>nZ7Gl_1Z|%sc^DZqOT! z5sAl+3?ZtZUS$aVde_g-aXG@gw6b@1zNLVk-|fwNGjB9KJ#D|@GB;78RvyVJvz4f( z+sPPdOR#m`Poy`$b~sa_0o05I>!j-Huhk2**Vot5DU1O-!^ui|dSh1yQwKn4>L>E! zi3KY_U~{|Ds+QD&d{|gm&aS59oQA#>o=s)Hp!+kAazIV7csv{way}l_Ab_dEyOiX3 zd$$J@5O`DcSf3xRjeutg8pC6=UJt_3&8e!YI@8g*&M7Kom7%fr+l~`=?8Q(!J83z^ z4BX!64yiF7{OEhvO@x_c`ZfuMJ)x@X+A@64S4wPlt0VV&*<`bj zpAcsG>j?zm0+6vCk1MCxoQ~uW;zT|yz8%?bHR^JVzoYVGG?UxotP`ebGn__q#|jAK zqlKD6Dvpvrf7a{fbh}wVvP(mqxoxiV##j3jL2PqLLqp#_AY#kc$}0H)MMAx0$<7V!!2coHTB6f!xGhq+sX!nFe1q>N0g&42JGD z`-2M!*&&?7licR4?dm|Y$6kM4Z%u!Oe-(=z#5MPrItX1&*sl)P9YdXW#h*f|o1bW47O_=bcmn@UYTT zJuEV=NAnYw9&G6*pfpw>9?MaQPgmR0jiNb&hv{1oRa9DBBBP?Btk>Ezfs13^Ry{%h zVt`5Cc-nf244y69iew(u@A?53q`PzC`TBgjP-lfjnPD$9ar=o<78qW&OjG5~763SW z#{rUMKwyaqcBx6SrPF0>&6KFs0A*ZRh3N(+-r0w|sRa#D%` z(th3`1S4tb*cG@>!LOl`*`7>A0>?jP3#sU%x*j?XA#8cYhf@W=+o>8c9_)C@R`SEk|C&-G`8TVkjy4nQ{gx|cvyf{}T1u86h58#~8i`^K_4501gV$Z8rgw+}j8tGVKh6e#1o^ zW>ZGT?ExS#7MoqH(%G$nHL{+e$47>F!|(tY!u3CS(bSr*`@cdi($}7X`w6`wJuY_@ zG&BZ_3bTd)=$kLrAsped3=t@CDA}-Y9A@ts2Pw0)@0Jt6ifR(v zYhIVTAex6KfURP@v;a{uovyd|0ib(2EZYV^#^C#0O)NW&@mep{N0n5xH&>Sa`t@rj zHnqAMUHAp?e>#0boh|=Gc6_4aEb;zB(Hn1F-j{CRaNwM6FQ=dE>7+71*gVvIPwnx>N z`yN@s0RFIU{;kPmgI&2b9xkq?&K=~#?HCg8LaT?<#I07nHKeBA--p}NnEtH|0NrhG z6=o}ZuS>errwg8wcZ<|2bgdU_;RdcpR{+uraMsriV75<2H!yD0R8{)`;=v6B`DiFw zlL0>x5>o5UqE%3pH6Tp#s;lFZbv=ug1RdRm2QBLy0S0gZBxK!w)stH9+qz#(N*&CU zU;ztcJYQ)LRQOKDwsGSFH4P0U{Oj5_K;(A;KEPJddI1mAyfRN8K%Q{|P}F!_zog#c zN(a1|;XEms8I6U{VNcBeavpQPf#NryW!EOkf@=a0zGaWS%s<788yAYtkGFO%?Idoa z>AKt22SDU)V0GMyrn@xO*C$z3v?Y~kHN;C(go)*O11jWcm%ZcQ%pIBHxUQQ5OUD__ z#lNtZNfUhimD; z8u!gmKdq0D7}uOt+}59uy;}F)hOl}+tu2!^eqf$^T<(xNN7>|v=&H(lus{047s<;q z_sR1L%?HBW$izvQ$!*)Tzw!EY(QmMD&@PXQzr%|aV&>V?>BZu^edgED*V4t&KDw3` zEqpyL83sjw2e+Q-7#Wda>3K7~)s{a%N`;a|6DNMF@^ZU8FHrpApG#CnL7D0N5rF%5 zfQXeyf5c}tMN}=pD4AK@Rc~8u^LpbytDayw04>9EsUmS%!_(4sH<-SE*fABexWB8d zs)_^TF*-rgzvn-N;8&hUV z6M7()rUs}FjHV;lmR1pZfdoA6jH)Gx2n?;U04imCV-+9HOiSQ)c{yE z-l8=Y@XP4o>fo(9mFji0pFIacBfvAif4fEIF`fiKuw(*Kw*o}`q(7s}ZT%IXN>U;?~X>xrF2M+y-x`|_kRU}eGgJj>qoPJ*~I6J2dZ(Qd1$v$3~%t# zF+I=DkKJSlE#wma<@-sOwtY9l`-`2%72B8lF+bNYYdS?*n_!!4&-jwZYt!9S;k#i3 zJb9q!@igE5WVOTga$Z5F?RX>qpn7dMT(3R;co3XPtFihwTF2{dX;M4ZF)|0Wh+aOQqhl6tHyNz0T-&3o=;F&s$EG`~ocilQDSUqFi~J3I!S!pDVhgo9WW$FCQvv41^@gn6pB9f z2Y@M)e}n@hqmFytZ5IN=c0ZzY6Ld_E6nK>OtPu$_kAOzZQ_k|^&0z(MS0KB)mc8bIj`0(FlAU{CNd zYw5bJJkM8C9#<3MH~`%Rz@${8reNinz+*d(=j<;O(An@?FRdBPZEejEjlfg@Dqydn z0ie1F=atQ`TmT;qOjXxs68Bc$`j-*FiAA=Ut`x-`ISM%aVpc=7x zMc!UFlOMOv-yAQsD4%3noIYg&q4!q2038{VAj=i@`f}UB1BeHJa8`{gOvcrW@ues0 z`KEH8G=6{U{{RFkq%hkz?U!(fVa>wg%Bw#l6ny4aoiZRMt+EUKTb`B;5OLH;w;1fU z7u48)A(gMEAy}n2h&jZp0XnVgO{;CX2f+Qe7r?`g!`b}v3yvlUD)IDFYp*YEZ@8y=nUv-GaKHn|F;ORz2D9yf zxRFfmWI%n@o_(D$2qEYL#Fdu&kHv|LNn#HmJC?mKK|D`q-9f8^4qJT=K##7D(*=9m zS0CsYfUf8C^!`!)tHYUyy)3V20KpYCG&E9%uS@=za9eYlECPt7TD!{BkFS){(8^rV z{y+`HQjX`K!TD(J$L{J@InmD+?b zBTEO>KT?XwJ-qXbSHTaUnlS%qPX1%g5*0~Q^7bj3%j|b(e>^WHIXeqW?4a=-2#~Eo zy8g^z*ypw9LHTQGvR^UD>c*f|;-d|FcdiZRZdg~!7xebb^vsb_bdxc51kARHT^KXA zvRviyFMVyn1e{buV11L@Pf-t5MEl<3_u~<8pD6J6X~Qf0FBsT7pi8ELG39=x>$7gY ze`k?lpw}K}68a#NvWiMbqi-r9LfWHISbnEt+J&$k?L<9OF)2XH$tr0 zcOzYa=j=|y`$kY>euU*aOS6V?0-nN2FE_!OCv=&2!DsDG*s}ATTb~hw=Ax`mY2UlDOn=mvQSx9^H)l zz^{r5T@&vu2$Um`lIOmE7r{H&7ZFw{4Iq~NEI6Lsv#BWAkVwQV!-76|Iu_j>PZE$` zIXAmQdR%mwfb12v{@0LPG9RgO{@fiOy9&1ICvq`H$Xp1w9-%3PEcr*u{PY}6d-sds z$oGPJ_`T(^vZ);J1o6WdN%9UF5fvvGCqzCFKu3Ur=D;~$M#mEjgyP7#a8+BNYfNry zEaJn1LO(0+AJ-=qs4$avL4F*RE@_>TTsgG$V(HQ)we-*7c0)J)8p>cmx$TxiF6?fk zKZgix)e2iEsOn57*o=?#z=b%myQG1lP0=yz)8{av5EcAlBWEBFwDHD|Y`?f(@0(a|y%ZmUvse3|+{ z1b0Qg^07l}LPHzGzljR5(P#q(n#oIyih<-Kxz9EZhJU^fwke%R)% zxa1+cs+zw9U&p>fpf3L}5nQFJ&9fl*M>%&^9t#*%UfD@piY=-28v*i9eUR9LsJeQg z?u!BwM~%X9%MLrq9<73#7L{B&>Q|e4W}YJT=39+d`*CX4xMpPwfvWP!(*{RxRN!64AV9=c0Ji0?@3 zhrF_Q)gvrShPpEMsy%80w1hb9XO-n&uyGO)luSZ#<+l#E;JKJL7AFw291V?WC#fnC~ zSz_8!_?X|;oA$|XK16uN{-L`GA{B8$KP3_*MfH(nUsd8qR}<48(|CK1px#fUAK^A? z@I-`}uGpr&7!*i0q-HNOQD9&N6qw+&EeU`0ym;Ej`P9NL!tt@EtN<386kC>mLn6ih z)5kdV6S$yM(vOkfnFToTDfSg5evq>0Wg$sNgvfJ*w)~d3a*ws|3uZ^B_;_Im5`kss ztr!)76Lq$3XNU7b_OuD;g z6B!jT2o7T>-^%j{Kiz`#7j{A3K?XH89pP%No6aDEC_A0|yQWK1NpV=Q$@x}6(l}yU zR!QSmcidL+HowwailrDsT*g%yo`(yGk;)_w##3#c1?GpQ6!GWO5TxdcVgMC zP+f(>s7Z8Yk25hVXyfpo2zUkPr$z2k#xV`_Wb6k_If&Z)P~;NhiljTBL}iA^4DFYh z{zz()vhTnyHZDxOVA#YuFXgS>&ge9<$%)z%^Hs%MspU@`gDT1^FoN@nUrc zm_YZ-mEdAfG&Dh5Q3eJAa!5YNXab)vkdG4cb8_@b!7iA>IQ|P_I?dW}vAzRWxE%`y zLiAH5QtxJuNr-awF_lIYhyCJ(M?;H!u|@os1fc7!Th~AOB@M}{y_%|CTUYTI`u2D~ z&M8AOwoCWVR`^U<+jz^;f{SS9p?P_UYe}G~li?h?K(}dwe_YGpF!{%QHufyf_u35j><{3%jubz7I5<6GzTAz!K4mI=9wb8|SCIcjk; zbWzw;zGyRiO-0PvL@W%2aq5@|2L(+T##%UJ(aECFmn=Tu7I48*#EUFrqNCHwVzDs` zi@`ACe2$LrUyClFGDl`O$+b0v4jBv4QIfA+R-)o1%xjC)3x(Q2z_$Ihc@}cMYa~ZT zK!Oeb3;LOZYjK2;QC>mo36=)a%QoGc7$c(OPjQ)O#rJ?;c)z=Jc{Y+X=@kw0>Orl?ZK_7f4Wns@M6_F~7Z z`jTJ@cIv3`^rp^Hg|=j47|;7bR`i4v8enVbY!e$QNsUV$H+ua$HCS*exWFLCHBUfU zCa8AeVOdkNEUY-tVmENx^^cwB--3}$SOcd2#fBCvM5vdy(D87 z5!Ds*H1D&hiUO_dJ3%)vaTg0CI=5{$6g!0{sWdUFAd=VZp($C1uyW*b(^@~4A7DRr zP9>zo9$klhe`X1vA{p3TK4N1WAO1d!hVQ9U`_z--kSygjQC@|Wh{rYR7hcYvvN4+y z%9JKYRrH|$Wd5!Z*sy#MJEwRBA=YaXpQbn-WquJ}g}b@jxOrwNkvoQtratV~cT2FY zf9o39h4Q+_h+w*;pni4ckyNQ);P@gToPt+D*Hld0;eBZH_a=vFT`c+vF^XOC4Hq;; zvL2c(L5NWqyI`Xroch~_Ok}()T zEP^d<*Cu&%2dMOR@NztY(*=QOofd;DD%8c{hQ{N+qynmoz}Uqm47PYdcZNP2M)B9i z89&PnCLmOV$%Ls*SQxC}-=pIpTLp`-B(|ipOo<3X!Yi3lQ)9~X?w)Tl=Kk1h!V>xA(CI|$qRiFf%>>!X(6iN8& zllzs1hZooGrz>9w%K5GoVAV@ciO7AHI5hQLiJm&(f)-^;|Nb=sDm|6>TfOjHOXAYQddS&nB#R%7;=N9uoP~$ae-_Ac#SQR^ z9SiNsT237us0Og0hn@ygP|v57A=d@-enlUovz z>kGwGJ!1RMvWm;o;d*kVGJIzV6DjyZCCw{J?MLkS_1k2nA-HcvB_`7di1}1&!kckY zy-Yo|=Fv_2oPu1D%S%$+BG{@(=)yKIRyLGk#X+O5Yqd$p^^olhf(sV2FtyIIRWaoj z`6X{ck$Fa>Y4>83m5W@W8pUqs3Hmn1$s1JA%?yxHlKEj!6#&WE0jS$y$m9{=G>)TTuX7h~onl!m! zD(d3wVc^`=>zb?6ZqjK!(I_?A{q>v0ufKJ6@qgx5e`U>6BFHDWzwFeEd z>^G>1AB0&6PomkAAD5C=n4rZ}&KC^~hmPWav}5FN35vN1o}@;EWO>~b!IYo$c7uK6Q){>LjER=qw?4i-7(1pXGoBpj2B4S0Dd{Yp5xf9hP2ByT+u&U*p1K+&4 zJ$Wk1GWN;{g?umtSJv-mPM%9%aN*R305ZQp3|_V{S&q8HLk34_*zzNGc!KHP8%64Gs=|z7xK_PK>^T-T1s5g+;UT19h6ufhl&;Q#}dlzW-U;VYs_5Tmfbp4MzTd*Ym z&jGRj{{|De=d*d<&>X!l3ozNmKH)6;QdG9=x`O-S`ls(w4UzP6{G0F9&oD2Aqb($+{efA*!t>NposW zqfkhZDW309vP)PP=4;~?oSc((_*Ich*XQ$8=v|OZ3|;X0e`ES-Fw~@g>F zLsdRnHq~oBxUaFNz12@VjJPpLuZpjcsR2mJ&0=T{reVv~;r!mqtuiLrtC0jHj`t%5 z(xnC6)d4!RkNsRHUKTWVc0-C9Izd~J2HKY(UqmWRJCtEU@9YJsjn+_{X| z5J&>TR|#3$ht>@z)3wIv2JxA*tC{aO@Wz`&j=rT;$I?g&8unn~q&g2 zOg)$BdcW})S+I%tTrs`28CNR>qJ~;V!-Xy)e<=g=D8cAR)uU_b37ToR1mm~GY5O~G zj=CfSm(5?Oa5|lv7h84gdVV11pZerchgTa;f669@{~)*WQ3h>KD!hwBWUC-b4jP>r zr2Cu@iY8YuAtRtrwV1(?sjBQR{ZoJ=NTWK@@DkNtOUv6R7B)m;y=SjZXNk;Aso&BnGTd%kEoIZ>CT0+ma-9#w_iB2)PmyK|LZ za2!!j*LlXjEc?N31`92DD-1VNGY#>Vrbs*6e1C7mvhJ7mmVL+QsiEpJrY21B*e-^- zos)oPjC6uA>f8=WW^+6y;BI8K=TJfrJfZ(sVQoZHc@Y)W>T_ZrO($tN&?wyaQVWmE z&Qf`He?6kRFmUR}8lSL)_ziGux^UD)o4=5hPNL7(H$C=0Cm3*OzUP8MrYUsDAKgK* z4s-x6UgkrbZw(qq0H^w(@bH;Y>BaBPHjz9xy#xjzLgHSR@!T~aY5U4C5WZZGBeN}b zFU9!w>@XY~9!Y+0^tI;1OR^)sn8#JMEjQ_G@=5!?oT=qbnutJ+*|GeW)d=S2`@c;W zys0|It9KcXgm}e z^lSziNwobmF^-l&OH!}H-%%=p1H?aaZt0b;BCKdf%GKl!0UP zMVs>U;h7S#k=2dtb|)v{o2h+$r2aMfm$ot&naM#G3JOo^uoH7MME0^@lwlOsclh~I z&1un+KzA^nrHUh?k&e0`i!?42m96a#;a<6tV}*l`t{mx`_~Q{3w?*y-tVM6|%E4cu zVCAopos82vHUB3MVc$w0CpC6d4 z=NVNibaf<7f!$AFTaXv9d4&Tu>@?tbLp5Lyqs5dm$eh#j%LMir>;Vg@D@_I9V}(Y* ztTYAT%JN<-E323Qp1ikh@HaPYBq48eMXG9BtZvT+O-$o10@<+Z<<|>D<0r zZ!K0FYt@iWsdGIn(SD?{ zz0}7HL5{X!V?Hm!%ac0fs?z`rqs;7L&Cu=#7CZ6wg{911y1_6TK!f6Fs%_ZsZsRz~ zgQN3d4gGBr*l*FyXJ!t(MO)qeDoBlwlSF--lTV4+oiiGsEpGeo* zW?}y57M#xJur|z%ZQu24nb}I9JmlnefV!(MVE9*;Gd$do1`)j`u_Jz5qDlFRj9JJQ zKhKs^NlU5L9^L-;HzZ>AD`dyRk{P+|!|OuJ>pH~=_xY<_Ad*$(mPTUxQJa{J{4}nZbO}j|S z_ed#8V7WerPx%XdlwW^WJf)9TSarcVEoFW7G5zQkWw4(1_3wvw6s?5Jgt0esUTcr5 zJ{>o0r#@Dz0vdQ}t3oH0$=fSGq;oPnuH;1j+Y1n75m{@zhfVvvsX94-xwTe~(uJkB ze%2|&n8Ikq(ffgK1GGZvQKPo;xK@KJ#N;G;n;x=Up!k_0io1tvI z??#TU^+im4o)TYt_2uPx9qLDC$QUf^9~+-v?$&!%L7OrIZI^4LI-iN*!dLH23&bvD z`;ieW#YMT>W}md$H{tg;Gk9m>+^5CD#T(3aeau*>T@ggFs!wUX-=O4?=i>D2D@qGa zjZ6?J>_B3}kkhxs)#R#39F#zn3$Sf4BLCE*R8CUX4H5oMj8UcmDF2+Ajyuhw%p0)B*P5e2xVB_wzg!i*IjOua z)7M((OIwdV3^m&dt0BFMgJlZIeo+!pU~$%=eC_NBy=@joOj`PNWt~|Os|>+f^AfO7 zoopdGGjT1c=-+=3uH(Uf!aLTqD!0$I(w)WbxnJOap00B)&NMoh^aeQPZ@L zp*3|cOMPHWb$iuJE7ga?E1EsMMZy8aAm^g))Kg({2K@Zc~CMQn=H zB>oDsE4;9h(%js4Dk}E?*MkwTvZ4W;%Y?A8khbmjrphXx6Td;GuHTNNGXJwvt+=h_ z=j8YUF_ym7&s?VPW|jwd&+TrS}z!$}4;3m-HS#hHO)F}7{js;fS?D*-OjY`{)K0XDf(6UkYR)ImOj zhfT8(-JsdRojL*@Og&d3#))Gq#^0ier28LAynmyh(NXSSKA2)aw)r?i)p(7K-}UuN zm!u6BYcP-7r4KRav4>{T6KtWGxDuGvfU((D49BMEj&SaH60&)i+LM0&8ok)+_Z^OT z`l0mNkY^64Gq1xn*pI>C@mLz&CBl@%7)f-*DQtB?WHZ%2mBAal%xZbLqYA zYM)U5Aj_k5ET7vnvd!VJ!UlezW;JKC#OS?}N_mNV6^2n{+`Amipx0NV#3;T8s!jnu+=oy?>^$^8~|GgNX>PXERe zM{KcJx%XizJbLPw7$^K=^wJp;*vTv4I)#E_NWkB=C-8mlf`CfZR@tqwR;$b=3IBP< zaq}}DJ{gY$i;}{-m;K7qx+71-srRA=|BJS_45}mS+BG2r_dsxm-~_jgyE_DTcL=Tt z5(w_@?(XjH?(Xhx)A`=>o}V*kYHEITRYUFF`)PY*t^2yyVK$rv8!F~kVM;hS^8BQw z=#c}VFwr0}-(LACD`&0pp(zSCmT%v_0q`W$Z$LR}w-d&Wlwt}fR#SOWIFqPpm?ILG zmzT|~t@D7n6(INfC!rrt=NWmq=-^|J>qxO_4g&P2BmXGOZkvV(F6+0I(KF_?k0$^c zOXYGw5>apk&<6!{NT3S^K*Mf;(=anP2ekNMwaY$lyuaSL^UW2NS<(x_RTF{trD-j4 zOgT0nm8l%`vxPjYOZrRs1KRmVX;Wc|LwL)GFbJcQ5LX<_*_J1Ls>WHdQBdI8kg zTpOBQEqV@H8l#c*2s5h|^TQD}&gSv-1H*iIrsb+(3Hr|3=_CG&#^I$zIr9Fbc=ZO$ zS1XxcNv%HWP4pQiGi)tq=zNcT>Lwe`JGrhwX!-JrpKraHh7tEN)f*=EGUlZZc4^LD z?LN@Y)fBjm-W47`PQ_Trd9xntzq}{PCDvE^bHR;QRy2itZvnN>-!|pFS_vKTXY88i zF)sfGnwHNy;+0m?E@TTM${(iP9M=xdKGpgU`FI<-P=q{%wg3Dl-+ggDvjy zn=pwE{{ur2Xa$+F!hYGvi8dQvostYuVR{(i5hYKH`+5)ElQh4Vs)}CI<*?rZ3q9=C z#Ty*ZbJn-T#;6Eu5G9>qB$sA-DAP|iJvY~Px|GE14agZCU65^cI2`s70KgeMv$PaI zgWN9K9v*={H?U_*575*DlYq(T>23g5{oAvJRgY9KGX%h3Pkr>>U9E06{c-jG*40)W zjjomRd>;3-N(HjUfHwN}_SSB95EWo5Ie{k>Ff>5N!1xJB`xyOp0hr@&ky1hSE}vu) z?WlA^4)M?k{m#x=M#UjV+j$pLp>(NSmBqv6m>XWU^maOTf ziu%f4^H>~V!x;AGD|_dODMz#>ndd?^J#Wb^s4C-E2Oh=R<}r{SC%!Ucn^LdEw* zT0TROi{^s=GO|-(PVcni2)z3C5@cSJMM<3uwGR_l zQEYCuQ#kciL};cql}LRA)>Fk%yDOAJ0!J2V+ly3W7;G+!`AU9>EJ<9S8pMVO7}(fp zb#2)js(w{o^I1tF$Ci$i_VM~s-wFu(J+J~8QD%>u#{uyiE(ipI^4)d>jRA;86OhG% zj-PQ#1EAuc0G#flK;C}&hyL;(69foPku4>l5%Qp11j8_4nR`nt|P6av_Q2x|mBm#B-&L*!=j29PTQdg-l* z_rr)pCgb7CqZpqk=}0z})8|ci$DZNGMykW)0OzO&h~VU<^Sa$>U!yb8^N&};$A*36 z#{%^lyY)v{y0HS+CR^%c8`Y|oI`?qxs5f0{>M-<&TQs4q52A}~!LF4YIc2Lo z)H9hG4{g(%==oyQ{-3fAu?}6413dcHOVom3lb^qwz##;#A;V(X^SE2Lkv(7HkRP3= zXxrN>e=CW7bar&;Gyb}>N@d>E%8ub7l-Y_<-RR!fNJ2Duer77Ov~|4R*Zqq8nUT)c zrK+MbBL3~y=0-#}zHSTE#a=sn(^mJM)#%$0*F0(7x0SWb4g@6NrL*2m8i#nmtTCSc zEDlU@lbPNh@04Co&^ih%Wf<8X(hTKpNtZ)Rt{)mA>|m+r_O`wjJZ@B^=2n%V+uj$Q z48HLF!AzFnZLdlk=y>A1Jw4|2{s6{`31;q&54^f^do2lfcek6f?}`w*M&VClRV+%y;D&S};vbYfAzUNT&u*#7 zfjYzy&KB;0g984x7gTdO%E76|=bb8n9=W0Y;i;r<32KgV=d_c>pWpt+xcc zjQ@C>f9@NpvJ_zX=KmP*_&9(BGd|G7fe=UO&uMufRJ_ zle$ZrL_FV!!^CWHO?3sqXxCTYcy0G@`*a)gqd#6ln7r>7(bHcml&oGVoSPGa+bd%; zUgxytW4oa{&W(O;D8FC7FRez+Fx56H?Go=g z<02g}Tv;3X>$$$K<9!?X^(Fq{XgoaR<&pg$+<~LkoAh7|dH#f(@kA)ybq}4-yU$>` z^oXP5-i_exS~`Db;C!Fi5p%55pq)~1t*aGBS;K%1>CzNWu3 z*7J*dr-CocyJ`_p@$XC=nVE?h*2&DYoK4` zu|6rk1=uSe-zTaJJ_7x9IAqRrP22J9KRT2;Z!UVeSsh&U^kuzO);ixhczfdC(q8B1 zHcVX*3V62%O`cXo#jdX3DI%vJsYwZH+F#v}N7<#adEQ zQmxgM(Q>{N`|zi{hQ@G1`yHK*=amS+Gxx<(DHQ^+>if$D;WWw0hGMJT)@IQ1Mt14R zb7ENy@SUx*hK>E%qAYqge9oW#q+(DT!RnQI;JVVh9-rgQ& zLQqDqmHGuC#nMsF(Wpl^pyNQ=Zx?20wd(I@l@V~6+rnjYei{rF_SYjh2qC^el$KR0 z9eS3`{||kjI%I^cDgGaJLPF@jW|r6g+su;SzYN9T|IVVi{g)3QiTJNG=5Ew~oiVxp z3phlH{r`NhbYFl)*E(bQpSHs=7D-ppjx;X^{pYj{n4-@A!(a&he{0(U#$u+!FM5f(30HUoq!DCGCt6uZ$tn|ucJGYg6%<_iN&r;3|l$RV&pn^#`w<4RcBRvj!V zsw3ghMw59P|9n<{n-e@E|Ho&PaOB6?_N`K*>QP=ZqG*x#{dS2 zDCMtoBFA=ffBxp7Tb;WL5)Syn2{>P@F5J=P0Xz z4hG;aV%kEn{#gbt3utieReQ$TqXk=1O_jK?Uy4}r&-01#dUGI(h-5WU=E_haa9j-~ zaI7Q*op_IX>=F6`MhMB&3Q(OnF9&2DK*#(ck3s!bEM|9$JFu^kCKrayg@jmyq3{bLbF zmL7_g)8nb1ZUziTCzWL|S@Rr> z1`4V#c&YYA*x*m3GKhk?I`w1|lWitJ6t>f2{?e-i6>QP7cc-Tcju0Ki5Cwn@ zQ7c)-IU9RTYegGK%s_sim%_i8=--rVG^NKcf{*@`mrK{TJcP96!O{|qQOi7XEo z0Uf8OfNxW$xFD_CP&5ml3I4VG!%9rA9x+N^$99TiuF+EGrcwl?z&zGJ=te-diB29z zAWN~2(g8O0lKt-u?JXs1$4BN3I?v}nEzgU`ev}xi^Q>5u9?c|ZMzqaZ+}-Zl?nK@# zmd%tkS+c3Wtay~B-zSs~#3yJpc)N5Ms}GchH5^zue7KZp9+cNO@0O9)yla*ru7s4@%%VpW}RPscdE6ij+e`@EL*DGI6gh9 zTGo9ocY1LwZDLI+6H4RxA$Njg+4HJcVxnnE&YoUWwZGonwLGo>~rd}3rtX`HO}>r@GzaM9Xr{kY4?aCw|V&tVV_TS9_hl*n!@9#j;u3?7HDy?L{>~Q{Ak_jkL!- z%7#r``HDVp!t+uQqYeAOzLQ40@!e_lziZ+3kQX%^YV73ftkJOH-2xfZsgc=$lZwd$I-P|sj2f>C7W&IS~9O!Q{7Qw94C8cviA$fa))`PG(jUU z%?wjnUETcdbi<0L-R;*t$ARUVzV&J&sb;vtyRG_sm34$>ite#)@qooz)zosMb;sPg zq56*lV#}5Ou=(&GBh{b>%@o27GoG4`H5|r2XY}g8Uq)vf@#?AvRrvGyVH0YBpqB)% z)#cWbx#KF@k^--eJLwO1x)F=Dx~b*Fw@C-Hlsfwvq!YCQ;L$sqmr7yRNO3kEb~<<; zo9~xtDV4@>(g>_a{JzlitLE;JIS^`kzTGmW&R&y^4-}!!#l~x6%@v<i>F479cS zX!x{8l%|EV#A!hEq$+Hs^et(0(8_kDs_P6fmznwODy*dxb$nMk-F7&M?S~HV09!}c zRx<_W4uERU>@9cdg_d^gN0+OP>`$(&aQcT!=J9cBj!v+pd;0O`tE|?~CWg3xVGBd6 zH^if0>E{J{zVy*Y%?v}A3+PK0kwifTR6;tEs}^FMa9xH8YbSwMNwA0> zvEF%pq7GPW2E(NJx@RbgJJS8QE&^bUpo%TXTKCg6%-Wq z{5OPMcA ziI`o!T$z55zxpO5k)+GpHR74UWiHz<6DJ+Y6$GsD{&Wd&B=OM)GX2KO7Ah(51@R>5 zrx(H5JA?I;)X5M9bS`ag2w$$ql4t(NK%yfSC=E!HGct(x&K#D%&&z#np^4GW!AF{5 zU_d}q#ytn|oxh5SQ7*1JJ!&O6W-V0}nV2Ne&Yh3eUluP~X_%y8k)fHhi2VYooFc6> zwkT?GR6M&7i7)|+nWdV6o`9bD4Gi8NI>s|L4th!sO2&G*i2Qw9MJ>6!n}RU*dD=!9 zMt<_|Ih(NJ1=F65YkoLGZ}Z^}u?-~y*=9J!`g&lp4bYlGiQ>Zo)E1kiE@3%e6!bEO zm57#pFJOL)VgvV!EkZsyXEd7f5$AoW0FNY(1C7~agh$WZeU>3bG<+EO!ODUV%7Wk_ zn<5*Wg?<#JSO&Ha zqv`B!S7Os$#bUt{aE!ErMQZ%!Q$2Hpcj#_U2RWFaOJ&I>Qb>3>kd1Vb??8N{3>Smu zuSK18>T)oiwllAs+~sGFo$e8_OyQO~$^vB`?c;9Xr|Wyx{cV{60iD%l1g^Lk0hYs| zs5m%jJR=@fJ|+t4*r7r!c#{5b@V{DsU>_fIYRV>;lj86m-pFBMmIO>WT1gi4P6idn zKzLO)@rk@ds_ZR}p<39)#QsTk7*Sqoa$rQ(HsU+CKZrBe%hV^dXExlMgK@;vaS2sp z5gr}cC{wcK@{0&Cb)#AgYpv>xiu%#2k|Nk=RJ#irEeDbNvRK6XMV zq-VL_xhA_+WDt#Bu&q;A`YmvxFbM>yiy$!hsaiz~97SPnGz7wFs_FdTVn#u_(k$u{ z7&3#$+gC_>yFh(%7`EQZvgyCGftLfGJ=8QRGxF0C(+EG7iB9GASsd zJ8C(#pU%YM^)JeaE35S3{fvo+-JVrAr$p$%!nrj0@;jS)G0mI1C!Sfnh&;fY38gt1 z${d2l`q9lACzF%sG4*#82@V|UkK;?kr7H9&dGwjRobi~W8bWv|QT%>7_OxPy=wX?W z&!Jou=wH7=81{~Z#;GC@Zci{MIARiHgh>B7M#=gcyutjAVF&bv$>pOFL6p=0sgq{i zSLLxDO_O#MZ}?H$X^L$6Os0)Bo{@HSJIa_ zZT^h=Lz+~A1#3LC2DDZ6!#c^4H2I2)lp?^LOyuCkAkml8tAxpW#L|NQ4f|Vi+Jd-fP~KhYIXKn! zl4WR8IGU92SouMjNT1DuxJb_J12=;rWA@eUX02N2C^9l| zZ+WtnJAMVxqwgk2+@64Qnj@1e6VEk7(yQb0DNd0ZH?Dk2ZuC>ng|?)QF%`%;g)!1L z(LB1yXB^#dcg{|fNty_KY+w7Aw`V+bIfkI;yjD`YQ3`Gajd+?3DXI*rBO40r{1(87 zDUt`Dcdnoao8l$Ni}dJAZMm2&p?<@GSwI%mZ(i~1$q>E?FDMZqD9FfM5K2?Z(W%-h zcG#-z6UPnZj-SJ_a?Ob%Kg6IlTSGdy}HQ5D_BmszKTdC`zZ>{i5I#4nWfNK z>kifTJSbrB_nO}d2GRCy=+Ybs;9t4m_!}@4-jTCJ4+Tded}md71*gAr_br@|p?pSg zazcDuBbJ^Em{H0&BIW8TU`fj^rB>fg~Yx=z9uf)^)#66SZ1=V z1To@d{9Ye_5z|k_QJ{VYi0+GtASheO(vvy`so?8yoA`@YrdJkaTCiy?@xB!Igbcu- z!OogCb1kO1zPzBV;4K>J`y!fiI}w}`&>xBW>v?gs5ZbKvBoA0OaOlbwno$+l!Z_#UYUbh)eWn$MFtj;E;;c^70RV?Q}!@ zJeZ-LFTkWIH|fY6emD1LX{Mo?cCTA|$zZ3Z^Q~Z$}Y^$Wsum5ThF!6e<(fMO_#U0z&w>8eU{Erbl=1*f$ zK$!2DFa8@Sm$F?W`+plHqCfxFRza93F^&J_ef|F-427P`VZUurAn?C}UB<(Ji{I{m z@W0~|`wtQWZT-*Q|Jy*9DUd@4d@Lt|ztSWErDgozfvl$+;2gwP=JoG@y()m|(Layj zCLlT0v=^`0_-_ODp8yA^aD6OQE;m7~XxOlrR_*v}u^&vt>1GGuY z1>{^qW%oN6@q=Ag+qDjjSqo5c@n%F!dB?|$pkJufn;Z##1`!@NAI7YD8ButIKj@qp{T<4_ zVXe2d&TliKVm(<<@>swF-CKXV{Ru5Ex)=S8ww$tkxu_LRQq6S&3J}9iJTKET;ZDYv zjd-qC20;G2L(h=V##?q5Jb5=d4+vj3p@nl42wXS8|7}3@m+$RJ4m$tEllREo zo;6JU;BMO9m3|C*nW4fNM3DtsN2Xf>2iMHGSesxRQJ%%!p`Ure(Sn=8G3g%7D`Gfh zfm}CoAisFM@wyYwM%|$%_)_(w8J=3L-kJ5dEA7;4;P+BU;g!3ZBGj$3U1L#Hn%FV} zJPXF!jfzD=f)vf2(cF}%hc2Vkj|zSBul(O6ADr)mrB~ z?t?2fALt5lPbj$>E_U@a*$d-JOSK1z-4?vj)!A%`jls0jSR7#T48Z5+L?#^)CwJtg z-4=3Q*OISK4L7}F%Wi7&=>}s0L)7HwB`i~d6suyB?^u-+hzUvhI_p(ov_SeXVb?I__&bMOM$Kn58!kq)U4)tqPeksxz$suR`uyO;3Ieg z$da!C_c(C7?Oxb__R9o-#iJCj);39~#=%>%5(uTJStgEr$? z3RJ90WUXVR1)PcKKF0WL%=0`2z|YFQt?q2_&sCA*xDaNQwSd+A#AZF2M@WZX!ChLI z4^wRad!0^NtIFN`(4hgjQ_R=G(cTi34^ftSI+99S$0~*O?AeeI?ni3d(Xc}#v$cjN z;i8oJquR)tj&;s>@`a$n#@6V9i{gkTQD(0i$6`TQfk|>+8y2x3x@#qn6_qZ-0 zw7Z+_M2!{Sw3O4ByF~)V^|*uneZB6I7do1}!kF*24bla|jfE664|gC@AXldoXCy}zyNPC}Qd&#XiTSjIiaB#8YK_k5;ZL&l zwUe-p^|e2%Go!z~jg74Fpl{R>YzRHbue<&3&+oY%Y$7fP=Q%q|HDZhV>NjVkuY$Ny z@o+QuXUVRr1;XK8(xSaJa=YBmYNI(YoU=r|;hlgQ^ib7y#K4m?NAa!XX+OZYkdn5z z%y4a*#9adimgfOUM9NZKS4rj~O0>RX8Mf`B%JhXm10KVEqq&YYJLFuSs@$l|7C$6J z;BDLec>X&Uap9ZeNjavDtN!2t;7Dgo#7}U+v<-(-H(ui)W{s~~L=#yfm7@eF~zZ46f7XNA^2mVH1~K{C*7JGN^0R|Fd#0rj(w()OQ~MN*`}aLTmQ)G zM6IPTB0T18B%5#4=+0_7B2ABoR3 zHAINv=mInH^YZ*y_ZBoW<}HO4SnJyFPR*Cc*6F}?luc^Pj1gH&uFuKgM-o+4pxOq^ zEv)_wSID=tB7mG7G7&LKON`x|h-2&QFNb>Y%ma&QW(hBcX$-ou;o#D_M5PuK;Wo?* zGPij#(4&faLx7?=Mg)7KhG)|dpONtL!VJQPnuy7p+ShqABR_q!71WnKRB!$3(f<6c z_;>k&^L4m-m#Rg(uoJAZBYw92go1_#W|&rnfxXG34quH5wk3vsx^;5VqM$PkrK1^MlPQh$q+_BUwffegOq+<8OZuB69iGnk`FR zLet%ksen$t8_1}0@4f(D)1ghWS5!D9<1`9X3cuS8hKGY0ba{j=H$GWdb_hG6Dq}Xx zT+iww)z3w`$=R?;EtKy`?eWWD*G14~mA0lvcf-a1IL(?m%!KE7m1RGkzMG}ZfR3GV z-oy$72O)*$yq{*>>Cu?%dChtjC4a$?pN5Bqzez7CloDI=u7AD1pHfxp-_{_E6D5?K z+AK1-|0>^Zg&*<#6w2w=lwv_FQX2f`N5x)9U_+&c%eOg*4b1G@`l=RlF3n}cQQqGM zhq(4%f3vxufw`v5lZdYL!x_7RRJHQ_xeM956QEZHfm<;;U#1x-T~lh0 zocoOzGH1c9CUA7Y+R;ZbeECDI&Wg?0ab|4|{*68QEy_>MTdNU;N<%oao?mV)d#n) z4;E`&=ppm_hZS^YE_jzbDnkK&7&S=tIHZ{+xP8l z63W8e^gxS3g2RkFc`cUpXW^{eMzC6A?p<{@tOQJS=7CiyMsgEOJ5IuSt^H=pq3Ca| z*TXbD?f-ZIa~m51459~m((>@Clh!POpH&*4OeofP_)#a_qGf}NXusqA`0I|uUgf2W zIYRK%p~fY*WmlMf=4CV-|LKgP1>5<6v;0{pOPDHi;J?uW78a|@E9|6-?9krobFlzSfzr5JytriIyj!J2y$cTiO#>^8 zhBVHL{M&sX)`WBkZcf$+$$q#imtJTGgCih6;oR89o!ne2i;X)=L_>23ab78Jl7l;EPyWm>b{-=ZwS z1rV&nhs%OikSc46lJ29@`91Sv723peDq3)rG?^SJOU`pxIsjmxhszvfmZ|(hiTEI( z5hIpbo?^A{gr*7Xoc=_qTC6CIq@o^*#@3r3Zc$>twMC!Vf9uM7pR}U_+hdPGq zL=;GLbbgl?{qTC1Fphyg+OJP;fLmq6qnDG@U8Me2e@*D)ZJ74KS4DYwu(UEfYoPmm z4pF{FYQfdrJDl=kX>&ypDl;+fyS%%`xCfGYH z>DV{>B|xD1rY^h}Eg3s+lB_c}OS96zRz+XY@p`y&vCF?R^D4G8Qj4|3&;kYrm+7_f zBOQtLN<%Y$MB!dwq_Dh%2zywq-I;ZnKU}%0*#z4GbYJE5ViW!~HpgIkjVEeA=8y8) zL7p>eZENEnx|N6N^6$n+mHI5bMhYCZbQ@Z~FdaY-Q;o*(nh&i)TiGvax;1uYra|>R zc+8m>yWsTzsVT>E2W%}7&co_Ao1pl(+A5b5jQVrl@an@5Wvv%KO)Yu#yDuzy_uYSl zaGPTdTumu78wfKU#+fWEEa|+d!7U%)qupLcxg+_q-(cK#x?jo~^o~B{dKJ zfPahoT-^ovYnq1}2y1&mTO@R~oGT*FMMZJ4KB7Nig?zDc=3;wd0vf2U=XMj&@w@8R z$2;mT7Av5H4>y3$Va7??AAMIoP+6}F4Q_W?oN$Wa;Pb z*7bF4Eb?W_OpZ*Q(UFOJT}!o^qP1I`5zQ5Jsto!f!Q6oB^My#a09f>G4VATUu1_ai{`PiU-@&*qP(mgjJUTz|6e7FjgE|er3#;Klj3Cde+n&OW~rFKZ9^b8(t)Zt1We=+u5q^bofA%lv1Gyh{im_P+vF zu-dZ$fXTEpH$g|C@qa3RHAa)qu5JG-Fr?nFB?E|A%s(B>70ZAmPVt z%#J}o>O_94s;(|U_T{Pe{(l8eMl1w{I**#ifgsa&3n75w0%%R`+3JMj!>JtLflRsz zhvhLH$9uoG{fIw4K9=J&{ug6GF1px!;XHx3yxekh>rdVs1n z!yvey{%cW>@xl}fehUr%YU?u9mu(U!*;*{H= zDBFoNILB#?R=~*y>yof^&$^Ko`Y9<=~T;(4lRjY4utwG z4`i=(VSJKpG@;TbmD$BgdoiQW=Y$HO>VJ;&dblgWC(1*^!+(OH1t?L-_W1%rf$kbgF;A{3>@{_{>X6~sumHzFP> zPZ7tKoxkuf{{vK^L#X!tsO#@$JseXn2m+p)G*o2N&|ZmrfwoSkDQOBo<=Lx*!`ne| z@R%C}E#!|TfuQWz0$;JfDu|!tLMJLP=XeS@ekLG7ihpin>9v0RvcyE(qaplxI0Z+EW ziqTI#49njj12e$c*qxjbG*V}JNm0>L&{B{n*;aW8hmA{mrh5%GOIv!s;=pF3LO5~z zTnO)v#RQA|T|VWwwQT&-QH(Aw7DTS?=3^Ia#*H{^{1-12%ZLBd*aH7#xdD04EVQo~ zBI#!nq4*#~^?YI!qEgdxJ`-+nqO5I87=2a5?JoCE#9_ZDkgiY=6)vCsI9OtoS@?yB z{0VOLTP9iUSdJ(W5gAz`5}rZ0$A7B(LebzTd{XgQ3_c4<+%|)GrwD@P`Mnr?*Eg}9 zWyAxHVaQldlLeM183Ls(iHsTxksqgGS+4jY0Qgp~SC8*O1Hl9&ONo-{<9_^dQ9L$U z<&4xc!WJ~JjYWyZOF{9KS)!8If2%krYdkbv#WDsQ(&SaJs5mJJMy&%vP(2I zvm!je%(vE{M+KAU&?Ot(ggSIXRgNRRdls+p1mbg>Gdj`!%w>{O<212g6?*WPj1WgC z`&rLE($&h$=9JTF*XQ?KG_mY-$Hg#T36jG;O+sSxV~$qYSi4WAwBaAk;hp_LJ=%o5 zIsAZijsC6-8-lcokZLTduP$28WTpA==M$N4GlEz$k!(q`E+;0`l9cG*qO6;Kx}RJw zqB9t8h{EjFlO5FB?KYI> z?GOt_aTKvovOyD6U_vY49FvkELg0AjuHHRrn|J##)IYz+@3LIU|Fz=|@&TNK`VZ`l zijM*HlyYBLK~R4T7Jz`A3|LNZQVwCk&ISDt$?RP&HNtQ z$v|`{wRLL>k>V3CAa506h*G;6CR!k%Mvv{WlN54|v*h6Zq3) zdv)a$YYfSE3eUm369lO-NYEuBnZ7!KJPqnG7uIN{$eg~&Ed6lZ7(xZxk5xBwOO?UJ?_DbN?N{HX?fJ8K1MdB_g9<= z(Twu|j7*5v*PJUkiYU(wc9!#JIWdlN1g2@d6%8A-Gpi`m*rC8r5Tf%#=TqilDo3rA zRBd^rG?~KLoe_BnhZYhEqP^mx0s>mgik}dK{A8N!t$1uKINRN)g-+C@UZIa)9xm{- zRQDAg@0zIijE#ORjoEW3*1^t=0wkznn@Bd1jiPD%BvD#{MtITo;#xQCA9{FajW*g1 zyMIUD;_F;gjPJaQ%HKRmoQ1!_?vlii5n}ND20S)++olH&^a zP5&_Fws5jM~Z+PUZDE0!_3ukC9#u&h8w{!B0d(p zM3KCI?RxCB=b_gnr(JKaKk)4@{P5{5cBc)3^+YTFrig!en@jlZAHy-y4E+0`a$I%f z%Wjy7R`0f>7TixZSON6!UKxJGa^`8#PnC&z{U^-9TVPyD-@aKcR^g2Bnk0hqur9(S zKQ>xXSl|Pf%zTrI399S|*uK7Id_*zgaRDU*3~dvFOP7NJ@f}84-p8MzxF-4LFd@nr zv1+Clz8b4fIikIcNm(L?@+7tdSJM_Hr|+eNr^j1saJ*gyA`LDArO%0qj+(>Cof22l zSAv-=i73sI$}Hs)L>qka z*@XeCn1%NpKGKfx}Gwpa`Y z?c1QYE#gY+cApFJqtppke!TPj;7WLViA0jw3nB&e(edYvFv@0!Lmu*F=dO{J8MY@} zZFWP#l!tC!=TNq+bN6TRK5fu*AB838dh*+#MY9KZA4kFckDw53P%`XvbB?VP$;?JO z`@rnv8L`O9R0Cw!`plYk%Kjpq!qoH~Vp7ZWJP&!%;d401r-|@m34B|9d%o+xT7c0A z!&j$fRTE?N{5zI3kD2B8r4jR%bYRJ8IMBFJHh^_7D{)Ok1YyJf1-fBo6jZYuIe1_$ zAgZ#e8L_60oN=ja=+C(M{Lqf8g^B4`wMntpR*g`(GQ0(~s_de*!P#DQ{(XF2;Va;> zIVHVfeNj$$fPVCb7Mi~GcPJ(h*DMr#q3vP0v9Y`>ai$}umME;Xf@QiZ;!F2RaZH*U z?`8I72{`s|Lt_oZ^)?$NiqN3cKTkSTYm9QI`hvGIG;cm`#8n;4jt7(Q{QQbW{_ms% zGZo&*R#xQsr|!+v-Leoj;CkxK@qH3S6A_&KtLLP;T=U$Ir;B0j_*GY9RsEb7q!m&; zLlawxho%_@W3qSh-jZv$qVUe=*jD|MsUEZ4zWIki&#*D+%h!x$l!BOc5;2k0E1Zwl zdxuVm9MJ*f_jbPvDgPcnKQ)~3Tnlb<5QPeH%eJ}5Tufu2A`$3+*$QCvFl^ZQ6lF4;}@AM{}1-Yf^+OuhHlgCMotb+f~~QJQp_k}h_z~aYAc7! zoD`JJC^F)m%AZCV3vTPnCKwdipo@Xe*dn}!V6Xng_Lo{a#*o| zC(og`#H5GFT1WMQlqbCIY~of}Hy!cA@CKfi0tv>f2ggr50l^llRpDY|%$~2E%C1He|zK7cbf_s6St?!m`uKAfhHn)zjRGA>*9`#&(#%8JHXy(y+|R2XNI$ulu>WqUw)!sNrBi_x?N2b` z)>MISN#N;xpA`3(>1tvF5jKi%1M*Jw`dsijWR@(&4+8mO{a_~KC*0;Caw#DXOl$i^ z*HZ{&I(Mnp6IEE(P3wimkM{16#uY@tYFZQPAI>D7D2Rs6x9wsNN<{{mZ^Y>mq_o!N zx{}HY%vb0ah}t=!!+py6)=nV;dfYMDzpdNzK)0+65IW-FdDywYyr$Mctp+BDwH@vY zcXy2zFp)v%AuPKiEsVG6rXE4{ z%8}_9BAD0=CA=tkbx-*ANUEmV5;zG4*OLuX2j3*D+VFIfkxKd6azJ5?>Z`T*wzhO2 zocs<`iDpDIX?e}UQ+8k{r0`;(V^gBI_yig zz8){hwxJ1m782h5k?G=qwr_5xWG4ac&7u-}K(lu#+D`L@Ps<4Of#F`vhV2I66t=It ze>G3Baq*q3LtL)tG9S#V>u!i*J17axH<1XJT(LLd>IN_kuG% zXicuMY1`%IlcubT^8{PtnMBLOrD~Ia^dXxSSFbJ{vF%Z!S#w%rITbhbsi2aq+_;Ui z-;JwVq<@N;F zO3bonP(6!JY;l(-t!P`M9LrJdd=nQ5lh{Xg*4!H4s~zcbVidk^we5uYouu>nH9*rC zGCVvuv@oWQ7#1Je_J^fR`1sI!7mkhAo}NmHc%R2q&kLs2m>|}jq_4Qu;P^3~WBSe+ z(!TsWzCy(7y!yKxnYALDhP_ee1GuG&@w~Nep3-F%N3B`bkdhCRdFFxLX)wT8i_zP) zS=!cR|GXUODY0NCjOTsfhXrt(?=By+potn)`2u(r_n&S-tMf(|v?KPs`iWQz4%od% z0{3p556?ECKn-bc=+wC&;=NVNK*xs8Ak!9{kSaG`IE2hA;;^yb!li%SBj; zZa;G^*`}Fu>7G!u0o{*lZVVGNw3m(M_8CN>6_)C>hlDy?^MaJki|tg86!2HdUUjH| zu~gmdKl&UUCYU$8M(Qug`F!|dcCrG8CO-zi9k}DHc)ABoaiQmLye;d4^m#k>+2zdW zoOKi1&%T#u#EPXpmU>MbQ+Rsct*@W^&1-}^nQ)#q+~uvrRh?jutLmIqF5(ur-VW-wfD;+}I zN>$9Z;+EL#Urc!T^8Tud+QMtTHbX`ri?VfrHgg2g!x&L&+GEhZ(%Rdqg)AhOT!iOS* zk_--M|4OUG#%2D@Mq3r%a(n}EMy9O4s@i)b{AzSI=9QNF+Iy2yl7zko1TMijc|fo^ z6;5Xyg*pq}NG!oKo%iczm9iK+IhFgyyi6=sFSVYXW;~&S{=jQ7ppbT{CB4{8&Kkxc*n$2h%0Q#F zko_)81cL1j;IV=4r9Js6oiJ*@pe*z{wa%If{?hj^2g2gTFNt<$*;o`Le6k4bdgP(& zNasQ-cW6Fom`@RFo<)U+qa&0z>FqQ_$adTrl=Ktq<~Fy+5lY&zI;W&>wGJHkduuUA(*M|ozPJG~cj;E{9`r?{O>56dW)eT5QL$-Kn09SdI2 zrdt&B?~4k&7@GUgRuf4!j-I2pIU+W+au4i0DsS;EmHB=Oo%hrWiv%4(CuegZPGRJ_ z3>rJxO(B?N+*8xui=<~5@ zTeTtMQ{iz-yS}SS96sioRi6Y@11Y9rH4ZQL-`+m4#_8zddZEF8^B1(~STVu@|waTMEIs(4Q zIHqW*0~;bQNlFOV+^?Lud-QlZ?B~DGMA)1Jwq*KWI**PEaRl!I<)TnefV^Xq16Gc<(Im+M4c9)Kiw>iY5p_llPHl z5|!=h+gQ>i+Ad(EMX$^#bQh>af%2a=m%tLDjB*6wrEFi24$puvy$Rqrv#VVx72vt2 zy>%YqrsKJp;A4Efrt9Fzi{4*4h*V}@>+@?DOLT#_&AsZE&UN#WU6(fyr9|MTBDhu@ z31v?!bm%}F=*^hQgu(WHxGxmba=3kcmF5|JsO<{<*H)C58L8HCco{W!o^6~r1wJu3 zc0Jh%7LivZPRxGwXg&>J#C3NsvQnv6F)J==sA2P#G`3r{xq908>d>=O8tAQ8Ji>~dpWk2h?q-_z=M@!jo^PY>Kne0DheP`KPf z!<5ekpHRV53Nd&_y`A47zg1$OR}2)_D83k3Xus_-+6*rhTJGyB-KtVfEGn2ZBNoD) z+|^c9nadS^CTSKWgYeahB2l@bqX;l7<+oF4@IKL)0d-4p++rhJ;SadUh(VPV_OQ9 z^tvO^kt-qSGg77>=bM__BkOuHT*-t~Bx4K==Bxvwfd}=*b*8}lEh?-wEO)&|)>0QY z{91)$srRy6aL$)X#nzw{VmdKRnO@;^Zlq|XKCYLItbEMV_V6H5gM35H zQi?3Pu`tI+J&bQvy)YlK-4O=?vdb@>y=|M{ zl$00(gZEpkqzp}w_NHusv}prk7ZOWomFnX?<2m6^hp7u0kc|O>E3_T7{9HEL(;CVM z`dMI_U{30UIQs3d%DAOgD=CnB6AEh13(0diuc}gJW>L5T+q=j^>#WgD zIeKiMQMiNrEU!Qb&g6Lgu0>EG{_Ai!UP-qOHq`cDD*|!9ToL@pyO0M=)OnssJRX)2 z4YRsLXhFBjakYyyMz_ltOjqeDs8FOij}x~1AZM!;4m@-1d}gh7+6yiNOc;XaPTS*> zy}(WuEWYeR^wA&!FE6OF(DtJTRqt0#E3U~s!T_@gJO}ZxC@t)hYg=L` zF~hBj6Ueq<;n~;1O*^vaIxyMIt`eHm3Hlkvr*Lyk?_CU&1o)igA1{5~Ume$A7kl}e z`(ATCFOwUPifGQb0q=HUKaQ5#?N25h_Z1jW3dm`K9D~EVj53CzfhR|B)Ar|>VF$WD zj=hmuuQaQK8eKjDksr;SO_BX(^0YoEq#LgP!enT(A?@@Ld;D~PBS>cquoDrS0{m*% zaA1defj@}#i-?3O1@qN#~@b%B5 z)JlpZ;yZv!Y&`(|5PSPT2SG0MT0zZ~@0h-8e&JX)VLuS4+GNE^1lm{z4^@8WaM?m} z5($T*r9kkR?gpd>$bKznjb}4J$M@h3t-HxavYQv10IfpH`wZ)4Eno{gjY;P({FBd(x0clYGg32tTECj zjW$xK++ehY=DJ?wU@r4nDl#oxX%v%{_8aWGAga+{(KP=7xE3JYGrOWDsLIRAD;Yt8 z6ON0xQ)g=~=4S+r4!V`_RWxy=tf=L%mq2^%7`5>O_B7$pn5;CLH$@-9OV2qxx^gE< zNfEP3eUO}l?h$5W^<(0>imlpLcAmuEKI#2%{`USzHu}?mtBfBOdqMdOx{0kmCvRaG z6$Uts=cDRYR`o=fVP zxC}>SY1_Gk2^$9EC-k)r8WZaARifH#qcUfu9vChqC0^)n0yTPrFYW zuJiz|OF{g^(upW5gu?6?d4JmZ>H|AF9wWQ9h3T$8VKlan=3DgF(8I!ezFB%pT7kT+ zCyXAH*^LWQ@j`@{Ji+P~F$uK9Dy-_^_^Fip;nXJdyvrZnZ#QY$SD_#8ItfDSX|dMU z6wHc6;$Miy}HX45nCzJd^y75pS{fsFlj5VjYO^B3`YgE+R0I;$^&&PTJO zZ(>KH-CT?2;$>7zQ9XRAFN}6&M}7U~c!y{_+(HQ8cuMs9h=402@4cqv*mpqUDu_6| z*eBf&_V73irrI2MtD6>U1skh6uvdQhe4oDy@6RKXEiNVxHg0gE$cR9c=%Ju|!nSW& zkiyn%a_pz8XykMb)J$H#pk+#)JM~Vzive5Lyko+7_G-ox4ufIQ*uWYG)yapBBcB7_ zZU^f;vM2mGv0wQPPfucl5VnR(u ztJhl4_UdR1+s#|bL6Zhd=mn3Y>EC$u)YXGU2wyq2bGhkvog%G#XVX9}O;5G9B1?^% zl8>n5;l}~)1W3tq)Ty@2V)jL=to>8bbHEcNb|DtEwt~o=FMJO(^8mdaN=)xCF_q*fzRvS0b*|%_ zyMB*0Y`Z-{*^9@NopWBA143~k&gW!GiwLGt6ArmAyN;2wMzhXV-;gFQABjo2iF!UD z$gZ0C_dqzp#(BckNCJFgY=Mmak`&30z_Y#+#WR(h&f~$3Zw+^!YSz5SJ!M(UO4Zv2 z1+`aO1@~3?$ZhdJ^K!v{wsuwzC1XKwai01aU&m`{&3RHi>)o?oahon+V@&l3cB4SF zjJv+@wfLnPj&V+4S%(9{=p06VR%GUiJkvB~`CFTj=*bdZyL@_%*hXt+kMkk6oV{nP zxc~*0Ry$lIBml}BwCvWoqJ3L;I14^PyC-}mF-LJ!&+o;*)sP7d2kHNWKob``B`FtE ztQXB<7yHR%ByklZotp}i9Iz7QvMc^}%5tdLI*zCC9g6a6z2FAzY`$Q3V5Zfy_%8|2 z_IHdi)JjYV<0D9F9@}MYpu_!*2bDI3xpy9M zf=zu+RKPky9ayNO*ixh?T zAWs}xLw4?y^&|H!Gvu#;pTuwcMNHyAt=J`;QSHzad2zZh%H$W5(eTg!= zuT^UZv+B2U^yG85e03|w8GYLvAfRn2F`aFXvH$GV?QM@Lv>-h!N_PEPi0`Tk?JA%?ru-qzxV1MSuV3fXnmL=Q>w zb4C3LFxsn)m$SAs0`gC^b^;!+s#V8J=6rn-)bIk>UPSqI2s4L}taNlt z23Mg+&{~C@PNduk*;nP-r*b) zhNqMI$Quiz3AM`>vl~I$%G_>&?Io}1AOvae)G*Tg!?+V>9FsnTYY(7Qv666t%10c< zkg$&XEhaG`AxMhPT3mqs(+JW9lpM%In;*I%(yvpui3E4*kBnv5xDJ~RvL8vs#@9am zsiZO2mNlU1^!}o)MfM16F%9gno7Vq@y~;)tDPQ^mP9liM#yF>__R8w+ep^?+)F zz+vtBFj83XqiEwRXO0Mq`Y!#hn-7te?vv{mwE#=u`dH0t2Y)Z>AJiH%{+Xxcf{5co>KsAM}61 zeyj+Wwpo8)5u(EJp(8#_Y^?7X*X>%Vy<1}>fX~t?Up?zs8u1p4c9^A+{pLmi(K>-i zI0!Xb^rXWcV{Sbmfq7DxYm&u+rgZY&8fQ7iHO_6#yIli@8s})AWgTGoxI$4ipeys< zkhPBDq;YD00iOq3vQm21%#@|_Rt_pseXt|V<4(HcwLMW0*D`U-!;`}ih0DXLz25dr zR{e(8(q%gWtTLA3celu@eq%`)u#peX?uJrNy|?Mq0hbNS`InRGmv^)@=Ba$up_fCj z(v7#rN{tvWh%h?mcsRbrm zwlg@U#*$GJu0yb_e*MULiRfZJMI8z6NKQ!#ies%>>Q`=MMUootqKB(KoIZd^_bQz< z<_HRE_F4Kvo)7+gd489(1|>!~dt=IkyHccp>0+iVO-HGy^lhSp9i6!xIA#)jAccMm z6*iMXyPUv0uA^$uzvXakwWMo?BNwQCtfb^!+msOWXgL9$@AqMO+2xuFdo|~088NLJ zq$V+M@5o>=hp)YrZ%Nrl!rrpBA=B+2Z4rKz^-HDbqooR8h3%NJ9hCu0Kj}fh=4t2? z@ljl=Lj*`h?U41qZotPCV6dIbKa!;GxzWNO%FQ`}9>jrfRbyH`jm-}Au zG5M1UC{Ki}Dtlxn%UPVpDeo8|piW?~VybD4SIZdWAfvBm1M8PL4vWIkr&9qSw|Joj z*fy-A6;EW^fUNd4s?>k6jHaXZ6-L^88ArnfJ_DsdJEv!dJBbln->)gmzRWAT+A2(- z9mrRGnt_AIU(vp^bKg%by*lf+?1Xn7(C}=DM_jG};a4k#EPDdm?IM1&dI|riYk&?>^LLsT{9XZP#z0>9! zB4nU$Nm*rA15U&DME{t%gTAK(fzNapn(4dV9+J(@!(y>VGn=e_s|!M8Ixt z^5Qv4Q`CdSxy62(-5;gD@A*s9`uAn?FJ1B9C-^JZ`~L^{8y_wFZ-W>?7Wiy`SL}}/docs/addons/mariadb/auto-backup/examples/backupblueprint.yaml +backupblueprint.stash.appscode.com/mariadb-backup-template created +``` + +Now, we are ready to backup our MariaDB databases using few annotations. You can check available auto-backup annotations for a databases from [here](/docs/guides/auto-backup/database/index.md#available-auto-backup-annotations-for-database). + +## Auto-backup with default configurations + +In this section, we are going to backup an MariaDB database of `demo` namespace. We are going to use the default configurations specified in the `BackupBlueprint`. + +### Create Storage Secret + +At first, let's create the `gcs-secret` in `demo` namespace with the access credentials to our GCS bucket. + +```bash +❯ echo -n 'changeit' > RESTIC_PASSWORD +❯ echo -n '' > GOOGLE_PROJECT_ID +❯ cat downloaded-sa-key.json > GOOGLE_SERVICE_ACCOUNT_JSON_KEY +❯ kubectl create secret generic -n demo gcs-secret \ + --from-file=./RESTIC_PASSWORD \ + --from-file=./GOOGLE_PROJECT_ID \ + --from-file=./GOOGLE_SERVICE_ACCOUNT_JSON_KEY +secret/gcs-secret created +``` + +### Create Database + +Now, we are going to create an MariaDB CRO in `demo` namespace. Below is the YAML of the MariaDB object that we are going to create, + +```yaml +apiVersion: kubedb.com/v1alpha2 +kind: MariaDB +metadata: + name: sample-mariadb + namespace: demo + annotations: + stash.appscode.com/backup-blueprint: mariadb-backup-template +spec: + version: "10.5.8" + replicas: 1 + storageType: Durable + storage: + storageClassName: "standard" + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + terminationPolicy: WipeOut +``` + +Notice the `annotations` section. We are pointing to the `BackupBlueprint` that we have created earlier though `stash.appscode.com/backup-blueprint` annotation. Stash will watch this annotation and create a `Repository` and a `BackupConfiguration` according to the `BackupBlueprint`. + +Let's create the above MariaDB CRO, + +```bash +❯ kubectl apply -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/mariadb/auto-backup/examples/sample-mariadb.yaml +mariadb.kubedb.com/sample-mariadb created +``` + +### Verify Auto-backup configured + +In this section, we are going to verify whether Stash has created the respective `Repository` and `BackupConfiguration` for our MariaDB database we have just deployed or not. + +#### Verify Repository + +At first, let's verify whether Stash has created a `Repository` for our MariaDB or not. + +```bash +❯ kubectl get repository -n demo +NAME INTEGRITY SIZE SNAPSHOT-COUNT LAST-SUCCESSFUL-BACKUP AGE +app-sample-mariadb 10s +``` + +Now, let's check the YAML of the `Repository`. + +```yaml +❯ kubectl get repository -n demo app-sample-mariadb -o yaml +apiVersion: stash.appscode.com/v1alpha1 +kind: Repository +metadata: +... + name: app-sample-mariadb + namespace: demo +spec: + backend: + gcs: + bucket: stash-testing + prefix: mariadb-backup/demo/mariadb/sample-mariadb + storageSecretName: gcs-secret +``` + +Here, you can see that Stash has resolved the variables in `prefix` field and substituted them with the equivalent information from this database. + +#### Verify BackupConfiguration + +If everything goes well, Stash should create a `BackupConfiguration` for our MariaDB in `demo` namespace and the phase of that `BackupConfiguration` should be `Ready`. Verify the `BackupConfiguration` crd by the following command, + +```bash +❯ kubectl get backupconfiguration -n demo +NAME TASK SCHEDULE PAUSED PHASE AGE +app-sample-mariadb mariadb-backup-10.5.8 */5 * * * * Ready 7m28s +``` + +Now, let's check the YAML of the `BackupConfiguration`. + +```yaml +❯ kubectl get backupconfiguration -n demo app-sample-mariadb -o yaml +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: app-sample-mariadb + namespace: demo + ... + spec: + driver: Restic + repository: + name: app-sample-mariadb + retentionPolicy: + keepLast: 5 + name: keep-last-5 + prune: true + runtimeSettings: {} + schedule: '*/5 * * * *' + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-mariadb + task: + name: mariadb-backup-10.5.8 + tempDir: {} +status: + conditions: + - lastTransitionTime: "2021-02-25T05:14:51Z" + message: Repository demo/app-sample-mariadb exist. + reason: RepositoryAvailable + status: "True" + type: RepositoryFound + - lastTransitionTime: "2021-02-25T05:14:51Z" + message: Backend Secret demo/gcs-secret exist. + reason: BackendSecretAvailable + status: "True" + type: BackendSecretFound + - lastTransitionTime: "2021-02-25T05:14:51Z" + message: Backup target appcatalog.appscode.com/v1alpha1 appbinding/sample-mariadb + found. + reason: TargetAvailable + status: "True" + type: BackupTargetFound + - lastTransitionTime: "2021-02-25T05:14:51Z" + message: Successfully created backup triggering CronJob. + reason: CronJobCreationSucceeded + status: "True" + type: CronJobCreated + observedGeneration: 1 + +``` + +Notice the `target` section. Stash has automatically added the MariaDB as the target of this `BackupConfiguration`. + +#### Verify Backup + +Now, let's wait for a backup run to complete. You can watch for `BackupSession` as below, + +```bash +❯ kubectl get backupsession -n demo -w +NAME INVOKER-TYPE INVOKER-NAME PHASE AGE +app-sample-mariadb-1614230401 BackupConfiguration app-sample-mariadb Succeeded 5m40s +app-sample-mariadb-1614230701 BackupConfiguration app-sample-mariadb Running 39s +``` + +Once the backup has been completed successfully, you should see the backed up data has been stored in the bucket at the directory pointed by the `prefix` field of the `Repository`. + +
    + Backup data in GCS Bucket +
    Fig: Backup data in GCS Bucket
    +
    + +## Auto-backup with a custom schedule + +In this section, we are going to backup an MariaDB database of `demo-2` namespace. This time, we are going to overwrite the default schedule used in the `BackupBlueprint`. + +### Create Storage Secret + +At first, let's create the `gcs-secret` in `demo-2` namespace with the access credentials to our GCS bucket. + +```bash +❯ kubectl create secret generic -n demo-2 gcs-secret \ + --from-file=./RESTIC_PASSWORD \ + --from-file=./GOOGLE_PROJECT_ID \ + --from-file=./GOOGLE_SERVICE_ACCOUNT_JSON_KEY +secret/gcs-secret created +``` + +### Create Database + +Now, we are going to create an MariaDB CRO in `demo-2` namespace. Below is the YAML of the MariaDB object that we are going to create, + +```yaml +apiVersion: kubedb.com/v1alpha2 +kind: MariaDB +metadata: + name: sample-mariadb-2 + namespace: demo-2 + annotations: + stash.appscode.com/backup-blueprint: mariadb-backup-template + stash.appscode.com/schedule: "*/3 * * * *" +spec: + version: "10.5.8" + replicas: 1 + storageType: Durable + storage: + storageClassName: "standard" + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + terminationPolicy: WipeOut +``` + +Notice the `annotations` section. This time, we have passed a schedule via `stash.appscode.com/schedule` annotation along with the `stash.appscode.com/backup-blueprint` annotation. + +Let's create the above MariaDB CRO, + +```bash +❯ kubectl apply -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/mariadb/auto-backup/examples/sample-mariadb-2.yaml +mariadb.kubedb.com/sample-mariadb-2 created +``` + +### Verify Auto-backup configured + +Now, let's verify whether the auto-backup has been configured properly or not. + +#### Verify Repository + +At first, let's verify whether Stash has created a `Repository` for our MariaDB or not. + +```bash +❯ kubectl get repository -n demo-2 +NAME INTEGRITY SIZE SNAPSHOT-COUNT LAST-SUCCESSFUL-BACKUP AGE +app-sample-mariadb-2 4s +``` + +Now, let's check the YAML of the `Repository`. + +```yaml +❯ kubectl get repository -n demo-2 app-sample-mariadb-2 -o yaml +apiVersion: stash.appscode.com/v1alpha1 +kind: Repository +metadata: + name: app-sample-mariadb-2 + namespace: demo-2 + ... +spec: + backend: + gcs: + bucket: stash-testing + prefix: stash-backup/demo-2/mariadb/sample-mariadb-2 + storageSecretName: gcs-secret + +apiVersion: stash.appscode.com/v1alpha1 +kind: Repository +metadata: + name: app-sample-mariadb-2 + namespace: demo-2 + ... +spec: + backend: + gcs: + bucket: stash-testing + prefix: mariadb-backup/demo-2/mariadb/sample-mariadb-2 + storageSecretName: gcs-secret +``` + +Here, you can see that Stash has resolved the variables in `prefix` field and substituted them with the equivalent information from this new database. + +#### Verify BackupConfiguration + +If everything goes well, Stash should create a `BackupConfiguration` for our MariaDB in `demo-2` namespace and the phase of that `BackupConfiguration` should be `Ready`. Verify the `BackupConfiguration` crd by the following command, + +```bash +❯ kubectl get backupconfiguration -n demo-2 +NAME TASK SCHEDULE PAUSED PHASE AGE +app-sample-mariadb-2 mariadb-backup-10.5.8 */3 * * * * Ready 3m24s +``` + +Now, let's check the YAML of the `BackupConfiguration`. + +```yaml +❯ kubectl get backupconfiguration -n demo-2 app-sample-mariadb-2 -o yaml + +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: app-sample-mariadb-2 + namespace: demo-2 + ... + ownerReferences: + - apiVersion: appcatalog.appscode.com/v1alpha1 + blockOwnerDeletion: true + controller: true + kind: AppBinding + name: sample-mariadb-2 + uid: 7cbdf140-5fd1-487a-b04f-1847def418e8 + resourceVersion: "56888" + selfLink: /apis/stash.appscode.com/v1beta1/namespaces/demo-2/backupconfigurations/app-sample-mariadb-2 + uid: e85dd3db-fa41-48b8-b253-5731ee8cc956 +spec: + driver: Restic + repository: + name: app-sample-mariadb-2 + retentionPolicy: + keepLast: 5 + name: keep-last-5 + prune: true + runtimeSettings: {} + schedule: '*/3 * * * *' + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-mariadb-2 + task: + name: mariadb-backup-10.5.8 + tempDir: {} +status: + conditions: + - lastTransitionTime: "2021-02-25T06:10:14Z" + message: Repository demo-2/app-sample-mariadb-2 exist. + reason: RepositoryAvailable + status: "True" + type: RepositoryFound + - lastTransitionTime: "2021-02-25T06:10:14Z" + message: Backend Secret demo-2/gcs-secret exist. + reason: BackendSecretAvailable + status: "True" + type: BackendSecretFound + - lastTransitionTime: "2021-02-25T06:10:14Z" + message: Backup target appcatalog.appscode.com/v1alpha1 appbinding/sample-mariadb-2 + found. + reason: TargetAvailable + status: "True" + type: BackupTargetFound + - lastTransitionTime: "2021-02-25T06:10:14Z" + message: Successfully created backup triggering CronJob. + reason: CronJobCreationSucceeded + status: "True" + type: CronJobCreated + observedGeneration: 1 +``` + +Notice the `schedule` section. This time the `BackupConfiguration` has been created with the schedule we have provided via annotation. + +Also, notice the `target` section. Stash has automatically added the new MariaDB as the target of this `BackupConfiguration`. + +#### Verify Backup + +Now, let's wait for a backup run to complete. You can watch for `BackupSession` as below, + +```bash +❯ kubectl get backupsession -n demo-2 -w +NAME INVOKER-TYPE INVOKER-NAME PHASE AGE +app-sample-mariadb-2-1614233715 BackupConfiguration app-sample-mariadb-2 Succeeded 3m2s +app-sample-mariadb-2-1614233880 BackupConfiguration app-sample-mariadb-2 Running 17s +``` + +Once the backup has been completed successfully, you should see that Stash has created a new directory as pointed by the `prefix` field of the new `Repository` and stored the backed up data there. + +
    + Backup data in GCS Bucket +
    Fig: Backup data in GCS Bucket
    +
    + +## Auto-backup with custom parameters + +In this section, we are going to backup an MariaDB database of `demo-3` namespace. This time, we are going to pass some parameters for the Task through the annotations. + +### Create Storage Secret + +At first, let's create the `gcs-secret` in `demo-3` namespace with the access credentials to our GCS bucket. + +```bash +❯ kubectl create secret generic -n demo-3 gcs-secret \ + --from-file=./RESTIC_PASSWORD \ + --from-file=./GOOGLE_PROJECT_ID \ + --from-file=./GOOGLE_SERVICE_ACCOUNT_JSON_KEY +secret/gcs-secret created +``` + +### Create Database + +Now, we are going to create an Elasticsearch CRO in `demo-3` namespace. Below is the YAML of the MariaDB object that we are going to create, + +```yaml +apiVersion: kubedb.com/v1alpha2 +kind: MariaDB +metadata: + name: sample-mariadb-3 + namespace: demo-3 + annotations: + stash.appscode.com/backup-blueprint: mariadb-backup-template + params.stash.appscode.com/args: --databases mysql +spec: + version: "10.5.8" + replicas: 1 + storageType: Durable + storage: + storageClassName: "standard" + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + terminationPolicy: WipeOut + +``` + +Notice the `annotations` section. This time, we have passed an argument via `params.stash.appscode.com/args` annotation along with the `stash.appscode.com/backup-blueprint` annotation. + +Let's create the above MariaDB CRO, + +```bash +❯ kubectl apply -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/mariadb/auto-backup/examples/sample-mariadb-3.yaml +mariadb.kubedb.com/sample-mariadb-3 created +``` + +### Verify Auto-backup configured + +Now, let's verify whether the auto-backup resources has been created or not. + +#### Verify Repository + +At first, let's verify whether Stash has created a `Repository` for our MariaDB or not. + +```bash +❯ kubectl get repository -n demo-3 +NAME INTEGRITY SIZE SNAPSHOT-COUNT LAST-SUCCESSFUL-BACKUP AGE +app-sample-mariadb-3 8s +``` + +Now, let's check the YAML of the `Repository`. + +```yaml +❯ kubectl get repository -n demo-3 app-sample-mariadb-3 -o yaml +apiVersion: stash.appscode.com/v1alpha1 +kind: Repository +metadata: + name: app-sample-mariadb-3 + namespace: demo-3 + ... +spec: + backend: + gcs: + bucket: stash-testing + prefix: mariadb-backup/demo-3/mariadb/sample-mariadb-3 + storageSecretName: gcs-secret +``` + +Here, you can see that Stash has resolved the variables in `prefix` field and substituted them with the equivalent information from this new database. + +#### Verify BackupConfiguration + +If everything goes well, Stash should create a `BackupConfiguration` for our MariaDB in `demo-3` namespace and the phase of that `BackupConfiguration` should be `Ready`. Verify the `BackupConfiguration` crd by the following command, + +```bash +❯ kubectl get backupconfiguration -n demo-3 +NAME TASK SCHEDULE PAUSED PHASE AGE +app-sample-mariadb-3 mariadb-backup-10.5.8 */5 * * * * Ready 106s +``` + +Now, let's check the YAML of the `BackupConfiguration`. + +```yaml +❯ kubectl get backupconfiguration -n demo-3 app-sample-mariadb-3 -o yaml +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: app-sample-mariadb-3 + namespace: demo-3 + ... +spec: + driver: Restic + repository: + name: app-sample-mariadb-3 + retentionPolicy: + keepLast: 5 + name: keep-last-5 + prune: true + runtimeSettings: {} + schedule: '*/5 * * * *' + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-mariadb-3 + task: + name: mariadb-backup-10.5.8 + params: + - name: args + value: --databases mysql + tempDir: {} +status: + conditions: + - lastTransitionTime: "2021-02-25T11:58:12Z" + message: Repository demo-3/app-sample-mariadb-3 exist. + reason: RepositoryAvailable + status: "True" + type: RepositoryFound + - lastTransitionTime: "2021-02-25T11:58:12Z" + message: Backend Secret demo-3/gcs-secret exist. + reason: BackendSecretAvailable + status: "True" + type: BackendSecretFound + - lastTransitionTime: "2021-02-25T11:58:12Z" + message: Backup target appcatalog.appscode.com/v1alpha1 appbinding/sample-mariadb-3 + found. + reason: TargetAvailable + status: "True" + type: BackupTargetFound + - lastTransitionTime: "2021-02-25T11:58:12Z" + message: Successfully created backup triggering CronJob. + reason: CronJobCreationSucceeded + status: "True" + type: CronJobCreated + observedGeneration: 1 +``` + +Notice the `task` section. The `args` parameter that we had passed via annotations has been added to the `params` section. + +Also, notice the `target` section. Stash has automatically added the new MariaDB as the target of this `BackupConfiguration`. + +#### Verify Backup + +Now, let's wait for a backup run to complete. You can watch for `BackupSession` as below, + +```bash +❯ kubectl get backupsession -n demo-3 -w +NAME INVOKER-TYPE INVOKER-NAME PHASE AGE +app-sample-mariadb-3-1614254408 BackupConfiguration app-sample-mariadb-3 Succeeded 5m23s +app-sample-mariadb-3-1614254708 BackupConfiguration app-sample-mariadb-3 Running 23s +``` + +Once the backup has been completed successfully, you should see that Stash has created a new directory as pointed by the `prefix` field of the new `Repository` and stored the backed up data there. + +
    + Backup data in GCS Bucket +
    Fig: Backup data in GCS Bucket
    +
    + +## Cleanup + +To cleanup the resources crated by this tutorial, run the following commands, + +```bash +❯ kubectl delete -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/mariadb/auto-backup/examples/ +backupblueprint.stash.appscode.com "mariadb-backup-template" deleted +mariadb.kubedb.com "sample-mariadb-2" deleted +mariadb.kubedb.com "sample-mariadb-3" deleted +mariadb.kubedb.com "sample-mariadb" deleted + +❯ kubectl delete repository -n demo --all +repository.stash.appscode.com "app-sample-mariadb" deleted +❯ kubectl delete repository -n demo-2 --all +repository.stash.appscode.com "app-sample-mariadb-2" deleted +❯ kubectl delete repository -n demo-3 --all +repository.stash.appscode.com "app-sample-mariadb-3" deleted +``` diff --git a/docs/addons/mariadb/customization/examples/backup/multi-retention-policy.yaml b/docs/addons/mariadb/customization/examples/backup/multi-retention-policy.yaml new file mode 100644 index 0000000..aab328d --- /dev/null +++ b/docs/addons/mariadb/customization/examples/backup/multi-retention-policy.yaml @@ -0,0 +1,24 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: sample-mariadb-backup + namespace: demo +spec: + schedule: "*/5 * * * *" + task: + name: mariadb-backup-10.5.8 + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-mariadb + retentionPolicy: + name: sample-mariadb-retention + keepLast: 5 + keepDaily: 10 + keepWeekly: 20 + keepMonthly: 50 + keepYearly: 100 + prune: true \ No newline at end of file diff --git a/docs/addons/mariadb/customization/examples/backup/passing-args.yaml b/docs/addons/mariadb/customization/examples/backup/passing-args.yaml new file mode 100644 index 0000000..398df8e --- /dev/null +++ b/docs/addons/mariadb/customization/examples/backup/passing-args.yaml @@ -0,0 +1,23 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: sample-mariadb-backup + namespace: demo +spec: + schedule: "*/2 * * * *" + task: + name: mariadb-backup-10.5.8 + params: + - name: args + value: --databases testdb + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-mariadb + retentionPolicy: + name: keep-last-5 + keepLast: 5 + prune: true \ No newline at end of file diff --git a/docs/addons/mariadb/customization/examples/backup/resource-limit.yaml b/docs/addons/mariadb/customization/examples/backup/resource-limit.yaml new file mode 100644 index 0000000..696cf0a --- /dev/null +++ b/docs/addons/mariadb/customization/examples/backup/resource-limit.yaml @@ -0,0 +1,29 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: sample-mariadb-backup + namespace: demo +spec: + schedule: "*/2 * * * *" + task: + name: mariadb-backup-10.5.8 + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-mariadb + runtimeSettings: + container: + resources: + requests: + cpu: "200m" + memory: "1Gi" + limits: + cpu: "200m" + memory: "1Gi" + retentionPolicy: + name: keep-last-5 + keepLast: 5 + prune: true diff --git a/docs/addons/mariadb/customization/examples/backup/specific-user.yaml b/docs/addons/mariadb/customization/examples/backup/specific-user.yaml new file mode 100644 index 0000000..709123a --- /dev/null +++ b/docs/addons/mariadb/customization/examples/backup/specific-user.yaml @@ -0,0 +1,25 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: sample-mariadb-backup + namespace: demo +spec: + schedule: "*/2 * * * *" + task: + name: mariadb-backup-10.5.8 + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-mariadb + runtimeSettings: + pod: + securityContext: + runAsUser: 0 + runAsGroup: 0 + retentionPolicy: + name: keep-last-5 + keepLast: 5 + prune: true \ No newline at end of file diff --git a/docs/addons/mariadb/customization/examples/repository.yaml b/docs/addons/mariadb/customization/examples/repository.yaml new file mode 100644 index 0000000..3bfd4ef --- /dev/null +++ b/docs/addons/mariadb/customization/examples/repository.yaml @@ -0,0 +1,11 @@ +apiVersion: stash.appscode.com/v1alpha1 +kind: Repository +metadata: + name: gcs-repo + namespace: demo +spec: + backend: + gcs: + bucket: stash-testing + prefix: /demo/customizing + storageSecretName: gcs-secret \ No newline at end of file diff --git a/docs/addons/mariadb/customization/examples/restore/passing-args.yaml b/docs/addons/mariadb/customization/examples/restore/passing-args.yaml new file mode 100644 index 0000000..4c75636 --- /dev/null +++ b/docs/addons/mariadb/customization/examples/restore/passing-args.yaml @@ -0,0 +1,22 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: RestoreSession +metadata: + name: sample-mariadb-restore + namespace: demo + labels: + app.kubernetes.io/name: mariadb.kubedb.com +spec: + task: + name: mariadb-restore-10.5.8 + params: + - name: args + value: --one-database testdb + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-mariadb + rules: + - snapshots: [latest] \ No newline at end of file diff --git a/docs/addons/mariadb/customization/examples/restore/resource-limit.yaml b/docs/addons/mariadb/customization/examples/restore/resource-limit.yaml new file mode 100644 index 0000000..2cd84f7 --- /dev/null +++ b/docs/addons/mariadb/customization/examples/restore/resource-limit.yaml @@ -0,0 +1,29 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: RestoreSession +metadata: + name: sample-mariadb-restore + namespace: demo + labels: + app.kubernetes.io/name: mariadbes.kubedb.com +spec: + task: + name: mariadb-restore-10.5.8 + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-mariadb + runtimeSettings: + container: + resources: + requests: + cpu: "200m" + memory: "1Gi" + limits: + cpu: "200m" + memory: "1Gi" + rules: + - snapshots: [latest] + diff --git a/docs/addons/mariadb/customization/examples/restore/specific-snapshot.yaml b/docs/addons/mariadb/customization/examples/restore/specific-snapshot.yaml new file mode 100644 index 0000000..fe64cce --- /dev/null +++ b/docs/addons/mariadb/customization/examples/restore/specific-snapshot.yaml @@ -0,0 +1,19 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: RestoreSession +metadata: + name: sample-mariadb-restore + namespace: demo + labels: + app.kubernetes.io/name: mariadb.kubedb.com +spec: + task: + name: mariadb-restore-10.5.8 + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-mariadb + rules: + - snapshots: [4bc21d6f] \ No newline at end of file diff --git a/docs/addons/mariadb/customization/examples/restore/specific-user.yaml b/docs/addons/mariadb/customization/examples/restore/specific-user.yaml new file mode 100644 index 0000000..899617a --- /dev/null +++ b/docs/addons/mariadb/customization/examples/restore/specific-user.yaml @@ -0,0 +1,24 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: RestoreSession +metadata: + name: sample-mariadb-restore + namespace: demo + labels: + app.kubernetes.io/name: mariadb.kubedb.com +spec: + task: + name: mariadb-restore-10.5.8 + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-mariadb + runtimeSettings: + pod: + securityContext: + runAsUser: 0 + runAsGroup: 0 + rules: + - snapshots: [latest] diff --git a/docs/addons/mariadb/customization/examples/sample-mariadb.yaml b/docs/addons/mariadb/customization/examples/sample-mariadb.yaml new file mode 100644 index 0000000..a0821f0 --- /dev/null +++ b/docs/addons/mariadb/customization/examples/sample-mariadb.yaml @@ -0,0 +1,15 @@ +apiVersion: kubedb.com/v1alpha2 +kind: MariaDB +metadata: + name: sample-mariadb + namespace: demo +spec: + version: "10.5.8" + replicas: 1 + storageType: Durable + storage: + resources: + requests: + storage: 1Gi + storageClassName: standard + terminationPolicy: Delete \ No newline at end of file diff --git a/docs/addons/mariadb/customization/index.md b/docs/addons/mariadb/customization/index.md new file mode 100644 index 0000000..42df964 --- /dev/null +++ b/docs/addons/mariadb/customization/index.md @@ -0,0 +1,300 @@ +--- +title: MariaDB Backup Customization | Stash +description: Customizing MariaDB Backup and Restore process with Stash +menu: + docs_{{ .version }}: + identifier: stash-mariadb-customization + name: Customizing Backup & Restore Process + parent: stash-mariadb + weight: 40 +product_name: kubestash +menu_name: docs_{{ .version }} +section_menu_id: stash-addons +--- + +# Customizing Backup and Restore Process + +Stash provides rich customization supports for the backup and restore process to meet the requirements of various cluster configurations. This guide will show you some examples of these customizations. + +> Note: YAML files used in this tutorial are stored [here](https://github.com/kubestash/docs/tree/{{< param "info.version" >}}/docs/addons/mariadb/customization/examples). + +## Customizing Backup Process + +In this section, we are going to show you how to customize the backup process. Here, we are going to show some examples of providing arguments to the backup process, running the backup process as a specific user, ignoring some indexes during the backup process, etc. + +### Passing arguments to the backup process + +Stash MariaDB addon uses [mysqldump](https://mariadb.com/kb/en/mysqldump) for backup. You can pass arguments to the `mysqldump` through `args` param under `task.params` section. + +The below example shows how you can pass the `--databases testdb` to take backup for a specific mariadb databases named `testdb`. + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: sample-mariadb-backup + namespace: demo +spec: + schedule: "*/5 * * * *" + task: + name: mariadb-backup-10.5.8 + params: + - name: args + value: --databases testdb + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-mariadb + retentionPolicy: + name: keep-last-5 + keepLast: 5 + prune: true +``` + +> **WARNING**: Make sure that you have the specific database created before taking backup. In this case, Database `testdb` should exist before the backup job starts. + +### Running backup job as a specific user + +If your cluster requires running the backup job as a specific user, you can provide `securityContext` under `runtimeSettings.pod` section. The below example shows how you can run the backup job as the root user. + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: sample-mariadb-backup + namespace: demo +spec: + schedule: "*/2 * * * *" + task: + name: mariadb-backup-10.5.8 + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-mariadb + runtimeSettings: + pod: + securityContext: + runAsUser: 0 + runAsGroup: 0 + retentionPolicy: + name: keep-last-5 + keepLast: 5 + prune: true +``` + +### Specifying Memory/CPU limit/request for the backup job + +If you want to specify the Memory/CPU limit/request for your backup job, you can specify `resources` field under `runtimeSettings.container` section. + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: sample-mariadb-backup + namespace: demo +spec: + schedule: "*/2 * * * *" + task: + name: mariadb-backup-10.5.8 + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-mariadb + runtimeSettings: + container: + resources: + requests: + cpu: "200m" + memory: "1Gi" + limits: + cpu: "200m" + memory: "1Gi" + retentionPolicy: + name: keep-last-5 + keepLast: 5 + prune: true +``` + +### Using multiple retention policies + +You can also specify multiple retention policies for your backed up data. For example, you may want to keep few daily snapshots, few weekly snapshots, and few monthly snapshots, etc. You just need to pass the desired number with the respective key under the `retentionPolicy` section. + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: sample-mariadb-backup + namespace: demo +spec: + schedule: "*/5 * * * *" + task: + name: mariadb-backup-10.5.8 + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-mariadb + retentionPolicy: + name: sample-mariadb-retention + keepLast: 5 + keepDaily: 10 + keepWeekly: 20 + keepMonthly: 50 + keepYearly: 100 + prune: true +``` + +To know more about the available options for retention policies, please visit [here](/docs/concepts/crds/backupconfiguration/index.md#specretentionpolicy). + +## Customizing Restore Process + +Stash also uses `mysql` during the restore process. In this section, we are going to show how you can pass arguments to the restore process, restore a specific snapshot, run restore job as a specific user, etc. + +### Passing arguments to the restore process + +Similar to the backup process, you can pass arguments to the restore process through the `args` params under `task.params` section. This example will restore data from database `testdb` only. + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: RestoreSession +metadata: + name: sample-mariadb-restore + namespace: demo + labels: + app.kubernetes.io/name: mariadb.kubedb.com +spec: + task: + name: mariadb-restore-10.5.8 + params: + - name: args + value: --one-database testdb + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-mariadb + rules: + - snapshots: [latest] +``` + +### Restore specific snapshot + +You can also restore a specific snapshot. At first, list the available snapshots as below, + +```bash +❯ kubectl get snapshots -n demo +NAME ID REPOSITORY HOSTNAME CREATED AT +gcs-repo-4bc21d6f 4bc21d6f gcs-repo host-0 2022-01-12T14:54:27Z +gcs-repo-f0ac7cbd f0ac7cbd gcs-repo host-0 2022-01-12T14:56:26Z +gcs-repo-9210ebb6 9210ebb6 gcs-repo host-0 2022-01-12T14:58:27Z +gcs-repo-0aff8890 0aff8890 gcs-repo host-0 2022-01-12T15:00:28Z +``` + +>You can also filter the snapshots as shown in the guide [here](https://stash.run/docs/{{< param "info.version" >}}/concepts/crds/snapshot/#working-with-snapshot). + +You can use the respective ID of the snapshot to restore a specific snapshot. + +The below example shows how you can pass a specific snapshot ID through the `snapshots` field of `rules` section. + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: RestoreSession +metadata: + name: sample-mariadb-restore + namespace: demo + labels: + app.kubernetes.io/name: mariadb.kubedb.com +spec: + task: + name: mariadb-restore-10.5.8 + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-mariadb + rules: + - snapshots: [4bc21d6f] +``` + +>Please, do not specify multiple snapshots here. Each snapshot represents a complete backup of your database. Multiple snapshots are only usable during file/directory restore. + +### Running restore job as a specific user + +You can provide `securityContext` under `runtimeSettings.pod` section to run the restore job as a specific user. + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: RestoreSession +metadata: + name: sample-mariadb-restore + namespace: demo + labels: + app.kubernetes.io/name: mariadb.kubedb.com +spec: + task: + name: mariadb-restore-10.5.8 + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-mariadb + runtimeSettings: + pod: + securityContext: + runAsUser: 0 + runAsGroup: 0 + rules: + - snapshots: [latest] +``` + +### Specifying Memory/CPU limit/request for the restore job + +Similar to the backup process, you can also provide `resources` field under the `runtimeSettings.container` section to limit the Memory/CPU for your restore job. + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: RestoreSession +metadata: + name: sample-mariadb-restore + namespace: demo + labels: + app.kubernetes.io/name: mariadb.kubedb.com +spec: + task: + name: mariadb-restore-10.5.8 + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-mariadb + runtimeSettings: + container: + resources: + requests: + cpu: "200m" + memory: "1Gi" + limits: + cpu: "200m" + memory: "1Gi" + rules: + - snapshots: [latest] +``` diff --git a/docs/addons/mariadb/helm/examples/appbinding.yaml b/docs/addons/mariadb/helm/examples/appbinding.yaml new file mode 100644 index 0000000..8c883b6 --- /dev/null +++ b/docs/addons/mariadb/helm/examples/appbinding.yaml @@ -0,0 +1,23 @@ +apiVersion: appcatalog.appscode.com/v1alpha1 +kind: AppBinding +metadata: + name: sample-mariadb + namespace: demo +spec: + clientConfig: + service: + name: sample-mariadb + path: / + port: 3306 + scheme: mysql + secret: + name: sample-mariadb + secretTransforms: + - addKey: + key: username + stringValue: root + - renameKey: + from: mariadb-root-password + to: password + type: mariadb + version: 10.5.8 diff --git a/docs/addons/mariadb/helm/examples/backupconfiguration.yaml b/docs/addons/mariadb/helm/examples/backupconfiguration.yaml new file mode 100644 index 0000000..154aaba --- /dev/null +++ b/docs/addons/mariadb/helm/examples/backupconfiguration.yaml @@ -0,0 +1,20 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: sample-mariadb-backup + namespace: demo +spec: + schedule: "*/5 * * * *" + task: + name: mariadb-backup-10.5.8 + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-mariadb + retentionPolicy: + name: keep-last-5 + keepLast: 5 + prune: true diff --git a/docs/addons/mariadb/helm/examples/repository.yaml b/docs/addons/mariadb/helm/examples/repository.yaml new file mode 100644 index 0000000..2c6ed55 --- /dev/null +++ b/docs/addons/mariadb/helm/examples/repository.yaml @@ -0,0 +1,11 @@ +apiVersion: stash.appscode.com/v1alpha1 +kind: Repository +metadata: + name: gcs-repo + namespace: demo +spec: + backend: + gcs: + bucket: stash-testing + prefix: /demo/mariadb/sample-mariadb + storageSecretName: gcs-secret diff --git a/docs/addons/mariadb/helm/examples/restoresession.yaml b/docs/addons/mariadb/helm/examples/restoresession.yaml new file mode 100644 index 0000000..ad150d1 --- /dev/null +++ b/docs/addons/mariadb/helm/examples/restoresession.yaml @@ -0,0 +1,17 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: RestoreSession +metadata: + name: sample-mariadb-restore + namespace: demo +spec: + task: + name: mariadb-restore-10.5.8 + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-mariadb + rules: + - snapshots: [latest] diff --git a/docs/addons/mariadb/helm/images/sample-mariadb-backup.png b/docs/addons/mariadb/helm/images/sample-mariadb-backup.png new file mode 100644 index 0000000000000000000000000000000000000000..8ec12b62b6785f127d52bf49bded3d1b593db1e1 GIT binary patch literal 50457 zcmbTdWmr{h*EWhEpi;NeEg&FBccUOBCEZ=pDGf_NO1c}QyE_+)S~Sw#-QBVFT;9*~ z?Qj2k_dAcnLzrASu5*lWjxnwo{8df@;}y{>1Ox;ODap@@2na|72ndLDFHnFt6b$Jz zz<)38BsCln5HP#o|DMHtz$8XMc#9zQ`IEA1>cOI$r}AYh>~z{Vg-|5=r8?Vl)@+5~ zfG^6C5LLqYSCy*4xD*z}>#Cw2T2xCGCv`-RlSEc=f1bRl%YH8DV(d(=D55s~)8G1! zMF|8E1(!$_`*l^M2~D4|H%P{`*BI-$$jPIpK-M6y+3;;T`~0<|&~kSqu8T4-&k z_-FXDq5c!Y<=MYKUc4Ut{>jVh(Jof>?+ZDkMa0ml#+1Np5=!{vK=c)x?lt@&WP8Q( zw~2A@`}Tj}Z=xu&5&rEJ5Q>Nne*-jH6pwlX|0(Kg)GA6=7z$-41?Aw!2AlEgFV6yk zfJc%U9VLj>|FsdDKEY8(=s*7%)%~B>m`2&1LFj7VSP8xy!CMAh=qu-Zf^@Tf{Xqd= z%b1w*PalHnqJF4|nk;-NIUx#B1tZ<8ivRt)@z0JBquhTNl@lU486Ag$SxF&)MO!2{BxEM!>{>|t4@p@ZVn zs=d}Nie*pw1e zC|+6_dh%cm{xTgOj;Fw2VUiDDEBhcGB{WM=<#}wt%xv{-%^yP+VsZ~kYtKt#9Mn-| zH-?gzOyhO2Q}O(yNlIyOO~B|KdF;eKomY0o^uOGcjix5TXK}kWB6p~#(Q0@f5<&s?9I@) zF^s;_1HfZjbliM@)MlvMTXn2$yupu8=w={_JpwB&OfX9)0JeH2*qj94MS+E>a;%R= zAx%{|*^tsP*Pj^&t4{%J1UlO3B)I5IM|v8|j8qlC$RCz1x6U>S^mFf>*lm+}2|g}1 zw#0{}(XS&^ZlRE6uqRJ+^%~Hxp6(~dHEj2Pb0{Yt3K`}(06(lXT$8`Z^LQ0tn{0uy zvS)^wrYL(T7XWPdr$Czk?=QkW1&U|O38T@2Jd_2D+nB^S*#2Dk z9YhQ&<+)#|UG(Z!440H0 zE12cYq_?1$QeUr4;#`avjIug!Ajg&w9(s;rG6MFZ3^C-7BtMFpoYS?IdslnL*BzNC z*;0=h$ClYPPPrp~DlaVG{y}P|n(nq6i5nHTv3QjF5L3S>;ps$x@;0*gqy}OO80(o);q37xb?_!$V{j0uye6?<*X@l|KJ3|-u;FgOa*zkE&{ z-pbs$*{3iQlPxJ5sz2|;rORk}RLMrTlbV)HuzHMIQS8sDB`9d)GCeK9>gEe-RvTDI z<)ukwU+=s>Kz%a<+w6<7T3qg#vre~}4Jtc2+QB~oMCP6H3M1!@_qa0qwKgxkdgX%i z@33vyR9CTyMEP-tM)oszfrRuaxE1Iq&Q6LV5o?_fv@E905$>%dl6-TLS7^E=&u(w( z$#ZYfVzn^ak4BvAJ5Bj@DZPJrzN!6g7)sE~Ij^?fT|3zcA3%V@*NaoPDr8TC$C4wL zUu#Bd-DGugRE7jwPNzBopPQr7-c0)B4mlpIxkWbhV^;qU%a8mb@ra0RIfo|Q&l^s- zMrW|4%UE1>a5i$8->E&V%a3Vc+v}6g;w(4)t8Y`sCnu|Issh#(_kTv+E$6x!7^XKSh{8(p^Ed*4D)Fga`3X@|PR%*4+E$7nFQ>&`FFLqE$%%AoW9d5Uq@%#Xk5 zQ}_Y)da7K2gmVT~8hcww=I>nei37SWdz6Af@yN+{ef|Q_4F#*Y*^V^-?~rwuMH}%d zkcL+^Gr@}sPbQl9!3gRps~uNe96+$Y0Fa+t%q`uAJ*TfN?hgldG#Yy|05*nq?Ftzw ze_$kxQkXq{Acm?Dlq)QPb#b|~tKC%A3}_U78lK@0%GIPRtCQ7uE!Ca=qL)8d1YF)T zzi&y-Lw*95pb3Au?X&TIOO}(>vd>^IW!`V|u<)U^bl=n4uhBHcx$gM@#&e`dz<90C z5kUY55uiWG^o4G`7^5X_EUpNrJ~v_|(BFSj1%8*xu-eEoIebLPfLf|(u)DatN=2*+ zc^LB5)nW-C?2|}Y9MVx8w;eCsu!rjx1ABCKfu+s%=FrfCdl*df>7j{0vE((0eZAx6 zt$4Dg=f>mdi}KcEvOjk>3MlC}HVkUH1oriJuIuDB>8{%^mcr{Ldb(-wbOnb_PB8b)}rm^jT51b->G5LG1~+V z6Dyyt&hFQ%o9KE0iZ>K_u5x+!ur(4^LT|Z6o$o(OnvwkomRq^Px4bPG9+>ktN_yDY zp5VB1<@R9Mrx)N|SQXa&SCL{1OQ?S4!bwKZNV)MjmUqK1Iso zKtH2AJE%7SLTz@rTq7_#cD^D)+du55>s_1YW7%dwdCtau&dgqIVrwZ$d#q6?{-n9O z`WP;^V_EN($i^CNUMH!o^~ha54O-~PM1f&#WYjeV&wy6irTBxR#`>DMTjOAPCY*ro zy(!r_Dn32i*+T(90H|sopuT;r-W>B+^;LjYNecfpwdQ6YDz{k3QrMFLV=W+L#xW~) z3EBFBV99qh22JjC)mP=fzxp%r?(IK2&k-ZHxjC@SxK5(SJAlCe6{?-?-v~7ZMSgD? za@mqScS&ASTQ@nXN?v(_!>|_lbTGx#bi8cpQXCAA@-Y7r((5Ht!8HHiSWd4o+EJ+L;+xOY-VD_4ucXzWvd9|4V^ZpdG>0=`t$P5)5n*06hy8 zFa5g)gx)ml&I2Lw=~wI@N3nWN5+Ve&Zzn!k8Bw{8ny;=GaV;&Zfyu5Mvl=|aFo1(( zhq19sv#q}`w#uzqAC}SECm#ti(U##^z8#|I>Hc}%eB5n+5|m&ivzTDy}5M% z;!aq~fZcldX7Dyhj(o@!{|dnAb>0iCNpu6w`Gy6zdGM)%6cK zX-|Y+S$1JJ)PMbPdNp%;?-qKbdUSL5-W#MQpf|!VS&aYcICMJ#=5)TUws)iHfCEm( z9{?N+!;L88bbgZSMUy&{$J*N?RdW2$<0nDK3>Xv$N21WJ5QK(6U?s>+HR0@f&hTHTq__VTPs69x|HJ z_}ZWX+>>F=JMm|D5}zmu0K9rNxG^qSk~F)W^niUmLOj_=;TfMACQ@9Tf3`KOH(VQ9_woGF`ynl4r%TGqZ)z6XVdSl5Id2cEzd0S8VZF6|Dwq>qxZ7yT@ zQ+FE?GoU`FJ1G+G7$tyOiSh-ENQP&%%?kgTSya1NsMoIu-%P%ocqzOx${q0>_V}<& z)YrPS{BD1@HVlGbKIt*UkVH=0;^>uSJvTeHj^X<-*kCh2Lo3c=Ta=_?A_$g1M`?H zhH{*&+kQUp-!d(eXJ54r%xKe;D8{clvR(gm9^OV?-rW1Mc@m0kdq1G=);r*mmzWr1 zifL+wn5^YlQ|nhxn#?DD*I;JK0efsqnTD-`Q6gI1egfjwc6P=gKQK4()FuGTBM>~~ z?%1(2>XHwY3JF;MS(E?#{CYA5@b72h(6)@_KfS;B*I5Zx4k}jxZrVL5Pi}Z`_C&e~ zD~t*(CtcicYkJi(^@vRPis`fQJNJ80Zh#tYY)^Nuc9gzlk@Pz>bQ*oWsYXV?YMS*u%tSh%Cf5#13O&VcRccqa z4L8^8?>Z6wZlA|IQoUI$#mh^@m2!%Grj+B81->S$u@U|wuE^{-@1z5p2XmdIq^vhg z;B{xzH`4(KF#G;A($%<5dGna}r|o6Z$lbD%V}9~XRe4;zTmtC4Ox61-%}yrD?n!o}U9m zm3d}{U*va7vos)lvm}2w3HZ<1=G;MTK;WU~a)R!1o4s59qoWTJr`{4P_F4XckO(m0 z(4K>fvc_R*$2GU5H7*nAqqin4PB`d7bM0?CR=AsI9T`&rgJ*!*!(J zO!UGM0MhGra5oCMIucCcp%Iw*O#SDeP*{S`I}yoCbA8Z@dv{jN(P}7mkB`39r+sa* z%2c&=o9rvKC%~%#e**-kt|F$$!el=CD$|~8!cKy2fV(JRU2Unz47Ns{OC%u28^r8u zzu>~^p(@^Y>ob2j>pbsMr(2D`0(1D##GRhN&F!eCKnlbk>CHo9`&S4+4&ZK2Y02%e z8Fs;PIPN$2g_G5zDhiZA+KB}#jt8iFjjPvE-tTEyh_YW-1xjSzx zu-a@t(g)EGqd=5otxH}ke1aOpxU_VA+7TfBWT~`Md!LnUeSm$;aiW(y1Pp!lNN7sd zWXeGZyJqnSuhz(!Muq+(e^F5XRutkN6zT*7kHOKTWIzB-dJt3jw2rqlySA17A)6Nn zm`#==j3A(?w3D};<0#a)jN11q*f%TVBlAHoxb1Em6+*d)ZuBF-Bi+fRWHz-aysljX z@vYXO!I50Wg+(EhimI5&i%I&>ZzJkj3Mkgf~2nonMkCp)Yi+KY&X;#%og2>v| zeUCK(at8Ph4{zbLWrfnKs&IPy8DumOPnT4-r17|3!nQiq4<=Uub6reXdLDl{?Nh)1 zgygc}@oMXie&Fi~nCo?kXL*u@8o9xw$J3UX*Y`y7lFSCv{HCQXhXW(wb*Gc4&k%LM345@P=1SOz-2!6Cz;D|&ja_d4Xbm{=eWj!_z<;{IfSNXN$= zb2>t&ABJXx9$UitutknX81AmV(P&W3C`|T}LzWf2OIn0SVrQ@s0^WOm*t{IJDRD|@(L7Yy^rtp9EP_UZed5IRH}jR@U@-V-Bo3M+uj zU*k`@xRknQdz&pSFZLIk49$!LudP~2IG&rBa(S-3oYMOB zwDeiWkza#7yV1NTDJ-Mz8_jWs@f{e$ONmst;J$@ZnXIqeep< zAYySfwRSDXT?Z^VghEA6>z@%F|5`z=+LwbDi{r*W5k_pk8TLJ>1ArQ;d$fj7*eYRD zX}H#cAAF*U5QnP9Xj4Rzj|WqTh|o*v9mx*|#!Pa`mwX|aY^-e_2-udGXz2rA2?jZd zgYQyMjgG21{pOZ^G?~-68jiKH-7KZqtCeJVXvF-D1p!0D3QA4_a&3bdrdtd4uS?v^ z>y|GWb#Ho*#fPiKPrBwMSi}h$HcBLyme;XPbRV>^%b)DfLCcf0jsH&kWMYA*%=-?FXhG=c`{(f^KLGni{8Xu@@pjJMN3f^@a|*V5>4=wK z%Bc5<0W-0X&Fb{Ip_|p^>p^j(Yp?wqA#$H-hn_|Sz{_vcOs||qU1rqccrH6AvJ>Vu zYtk)FUc0n`zQ(85^DgXU|9)39TahezsSlj%1oyqG)$lji*Bn9R9X&?Nt*FUNQYLa8 zub;uEtApuQ@4!kHu%LM;RdK}g>K6di9AN$KWEt4lB)sqShg9Vy|2S-)@tv_7@r%y} zzdB<66I;yff;WW{IC$tO;R)m^y|-_67Fb&@R@v>WFP~RaR?;Bt#)Ls$$GPv1RPME! z0-@gqkoth9>J&9FojzhcrvdVqrsB|EO|zcB%K9E@_aasvZOh;6_e-5i`v25lJ+VUi zo$rjP%)(wCUni49l%me@0I|QH$cdU9V|ItTz!6|hfjsQloUbbY>8sfVCViG^t9QQ+ zbEQ@)hyCmuMxg-t-!xkeUX9;1ow7OqTG1B#b0)jckMUl!@nPXTS))+E79P2;_v zToU!Xx#MfmMpnLx@`G<3k(iwq^uJx)G&EPlcXRig!BZ^YD$c~k=OA!^Rz~qEY~i2I z=2;`Z&f~WEPL|pg7*i9|P*+h2>!9n|Tk<2z^`+(MGktgTS+xk$5ejBukL>iK@T7(` z=BbnF<1Tp022T5{zK69ezHWdgQed8Q9cTOuK(s=NYJoa!WwF}NcV-)IWHLqItXzAV ze@IrAGUhT>BMeyFdnWFEVq<^!uR=k7kxB}*pIT& zKCBuzvW%&W7 z#wF~Df`XLuaNr1MXiLi29+q>>Dj%8U!zsUuysM;nHz#ZK!{E${n+w^Ox_Sc(e!Y;VG7Y`^9qUE? zgp3y{u=NkAgyeG_qtLnOpdhiPbJyoL8Va{>EP8oaS_}7~6{*vBfsf)3`?J!)U->y5o%7`GiLw8D@-`(Ic_{Qr zc#^303F+-+Pkq)SnNOpbU(sYro|KRj%u1N3|I%oP3#-yp)b6Y`W|9nayoyb%?8Nm4 zUE1qBIKxddK-czMzjt>P$fTZ}?;GA+&$4=s{uw?eCenBU14iO=n^i1?r#qKM{A`TW zelcrDZ6LXiX%DOehF3Pw)7c21a)hBu3qV~$`*F|!r1vZQCQbsPJXQF_Iru^uAm8OJJfu-^ zq^Q+@UYowvuHW_eZ*hjaRF}L~w%-W-ry(=ET=f5=yrh}&{bxV`N;nCxh_p0XX=&+= zr;w)*sQk7JCYb)UQxBq*!9i5%eL=Z!V<+c&1C@Fn=dwc)y?k`@T-Ji)uy(S|g zL$CO|FyoUZWC9ewOelu@_MrdYb)bjovJ>cB;<={Ep`&yrtO+!$;D{Nka z|D0QIB%vL4p-O`M~|Qgdl%(aB%2t zs;H=V&5d*oAJVG(+0v4-#4J>{Qz!MGOd?0N2 z@w1?m;gu+_@ytWSLfj?}KCT1EoesB5@fAtD0izDMNE?TtA8OdwmE`{2nL*&B3!o(rdI-5nJDw}tl5qm`1+T2t&iP96qXqaYr z8gvo~#%8&zk{TZk+Cl^*X!2cySP^q04~yP<{EHw55^))9x)U?j{{DWu=0%DDDoSy2 zO4E(!_^lPQmGkXN8dASAmCc=Bp(yeBQ!wT);Fu(`s8_$=ZD}ZqMa=iZDSjE#=gY|G zm%8>vL~rP8E%j_p61qA&A2)GPZVOAw1;+=xn3tBnkj%WLB$B@LRuQsjwdwflP?wS($*agZ_xaK% z#j5Xs^T$lIh92K7$=NDCeE-|X+x&*Ck^T38ia1n-79eDEQ)LEE1Yt2DSbQibK+K-x zyEzcEemRSYiuTJ=%5h66GDEZ}H}-+}z!>jRJIy&^J1VL&w!em!j>*CBoH>^R>hl;* zX)&I<=*C#Bn?fCHd7Tz5`%N2)IdKq zGcA&q7?Xx{y%Xb*J!yT>Oz?WL_7}UzG`)|XY*6CQau-(Z6a^A(7?0jmkq|P_b4I1_ zgTpbuXn6V|nK4f*0NB|uCL*kVy0@b<~m3FN$4=O=b z9FAg5XIHA)FS_0fVd$<5(mW>)Zc{FICFh&jfo+iAnMDjH4(#hp^& z+2?PtsCnh~_5`|yhTjV2n8&2_pS?P9Rd+gd#rw`5Zf_U&y{Mq%Lcb<=R12*rli!AM z)4y>8ui<@ZK~B>!w&&5svv@oN4<>)CxR@jmk{LcV>*7&+R8%lKdm7GV6F#serS?cv z0+%H>vy)}BRQsN<$88eFV3?42_UqzF_kNSFh(np;y4ZAR=HVBSue{yGQR*~_xwkhJ zV^sz}YF#4u5jocmTbo>25mQ@M+2irpeNWpR=82&Vag5+f+0))LDl|z!;bAynC7)gf zbw=s=3w}uOZQ-!O!&b(NbQ4{Di)IOlQWG&zrRy#;)GmATtE$|<{z!(5o}T7dnOsO6 z?m|5BWl=hf`M#TB?vNNiM+}R4ZR})1LEVi~{GqVm`B*z>cJVP(-?-D16Gb9pPaD}; zElx?-oU%K8ta73ELIA(4MDvUU6K|8J&m}f84NRv6+c+kYK6STgmy*UO z=;rP9cwaR>=RKO9Ilk(n zA3BPshTl8kO_B>y$Y~c&xh_0tBD5E9_n=(C;#itf<{qTx!^4e@RsAt4o;(EZGORYd zP*z-WYnYr<{6a5~mTpERNQJx}FY@XOUm&Fl4ln6o?_hq*xMK0-t2_>eUuTI!?hdJL z5CfxewlS$QD;nYQ#K^{~V(pFXW4rHh*Y_5jb#6XWIUnk}aP+4N?kv&$UdKTiPCC$7Q--YO z>q_Uf38)MT=Az>I3UYHQ5JF1VGn=EMvqV&F0_d(yVn*$Wm*Ufd7aM+vn4#pAI9b)= zHv9@vuSSyOX{wJc@vQnarjfk*n;t6F)GcdnFXV42GpLd7mz_^JQ}w>r#Q;o&Z&v0v zCcsZ4!Gv7j+^ZfH+)5u(GRPsLl8b|jqiEp}y(I&+cxJ_AWlyG!%)7Ayz*S7%Pb$}V zbCp3R|1CR`k`34HlxBa(S+9-;Mo)I(uXX;iw9wG!s%3*c=?ZcIi=VBfSjDL08cx4z zah_DPr^j^;b|7!$tgZ%z4<*G*oxdNw+4~-Y%<%e38Svy`9CGPOiwyjd>I&Yb31Gl{Rq1`?^x) zDB2ctZ~-`MyfHNC_m$hxF?yfnRG+~)La67Lv#JWzIdToQ-hmW(6FJsfw>WhYjSHUM znC?$L#RSsMnEo1s8z~RiE4Tv6q3puOo$EYhaf68XHqu;fV#piK3^_b(bnm}^O-_?G zx5h;}N=}dVFP;#wkrNVY)WB(g7*@wLmi%mC@W%&4!1jP1j6HJoUAF=>Qno&4V4Kzw z!QH;|@Q|ELlKpS4cdE%mptc-=Uq-(NOPnUC^+E@1s10;=%uGI2M3j*IUg?xl57$<>y{^+oSZNp-iE+8jqY#r zOk7cM%r4ew#;sNN>Tv!#R}cgrBP#Q^+|u9fY{vh~#pTTl5PX;IR0v(2Ua}!LqJ&Qv z6zck)z^ga%f4SBFkv#t2Mw9{PE1MZyr@d#b99;F+4MGMo?}U?M+Naxy9HXUa{%#R! zsLoCh(Kg{>_w1`zLmaHW>F!;;nx?Mmi*h( zfn);pznA_f?AK=7hSBQO4)|74AGbOp!gt+TP51&tfDr03@G3es)~O@>@5wtfDWUwQ z*I>nSf^1no;e$#6iN6!dl^GP)%JaHRNV$dol~}5FC$|1OiHz9ozrXhOaT>A_BwHPS zE`B>=)1l9zKfpwK)PereMGDio7`d1#Lh;%z0e-b{W57Ut3&P{#8~pP|vd9vJ3o0h! z`EH6einc*HKkJM3typX`BstxmeTZ!VnJ9AZOyrfeivAZWc7D?NmqNN?_GI0-AHSgR z64F67<8rBE)uvYqzboj*`8|Hd|GU%x+pN}_4TTcAV&aoJJ-IlXZN{}(3o3TTBr4kW z_l)mcM%@KoUK(It4z0yxLqT;7QR)QwSmLR^O%cAcNKJUW&8=CW>YyDu| zY}t8+N}x2X1ViIRiRWN*91Cd1feTuXzLV=}KlYO`HA?lNq=Jg#M^$$st`Ims=j`@j zUlz+HZkM&sd+E1IpI(Y`QsE7mB|yhx(~-DV(9)HZ%LBMPa!lXP?s#!`Rf^nNod{KF zHv=w0XJUZB$8>-BMHQ2}_R9Sz`Kz?K0bV#xF$heDnTnk2G;ghj>y|@^p4zG}NcLmT ztg&Ce-FPHB>wIY-q_?jk#_%$uc_{spvw>UvWAg`{4c_K-y=T-aq|+7cK7IOITa#o6 z0>!pH3x!xx)(R*ze$V`Y83b6WP1?bW`< zrpYA_jVVmYoM}^&KB~wV<6L^Ez(wAs9Kh&jK#J`qVzwm|r-I90X;!9Rj~e`*Ghsjv>EhCb-+w?Cye|e!%7Hp-)2&U5+~A44vN85b3!8v?V_HoX#6l+=}jFn-TYoh(f0#C<4nnm-$g9g z5;|$Zk_ZC)Q`Lr_P-^2HezBLfW+e7~>A%?hssf2${H`yfub7M>{fn~!MxTH!(enz_ z$ZD7qzL=s`?d13}7nkYF*};?b2eiJLWyqcd>{hl)qo8P^BiRi9>l%G-LCrsboc=Yt zwG*mV1`?$Ia0k=T;aPDhF(V7~D<%6;d2vtr#FQ*S?#zzgc3J~*7%9x8?DyNnVc$y$ zcI#&Da^q3XZh|nf_L*b*zcRDp@K}^m`=p@zx>+!i1BO9gOkY?~lC>6h`|jCfv11=I zvV`u-++1X1b%fBIO&ldnO_6lc-_aclBF?UFZLZjaib}Jps(uw=r5oqH7Dz$s{czM! zt*iA}7lJ3y#pR>tIVD3}v@*&{J=TwHe+Fw)F7`jV1SDIIzFMI94c@lV5bamk}zPJ)LnK0K|ImM;}K|1z`hfo}bAARwk>c+wT`Bka? zMnbj)^i01Sh$J1NGcraMY|yR_1X7g{z0_;n3cS4QRBr{2;lv zcXrK)mi5-<rnVT<9>V${$ty<^h&B7UW8c>^xGl+%=$!hz zH}D~BFq965VW}g&8&k2Ly|-7Ac5$`+$Z3sWMOOw7t(F>jV-tUkzVvrh6Vpas)BGZw zLCWO`CJgPnoLjlS!X+B-J15+u@}Bc1#gvJ%`<3#BtT#K}hM%!hw3VZ#SCF zRuNi{k?g>`@|+QI$xm_qggH93KXQu)?DKQhTaGEn+;^N!X`B|>{0|KA2W&Fr5Sul? z4s_Sco*4KM_0iGkqV}7WseZ)u^M26r-I2v*8RsK?Ro|vXtJ#*Mp|mGwCnv`j&&A^} z5Wg(B2F=FEDBEfbRfpi&b%vr4w4s-#fSIhcBm$2mmzl>1Z$|1VeRb0>$PsMVKDVEIG=t^;lN3%Kh)?ggcX&zuc zaKok@VaTR~=8dsP>S;JQgJ#jM_qdoh1JDK&WoQQ1%MBs@qz(2iIl_u|TPEz?FD8re z?R+N1zi7VV+V5sqI`C;o+A!w#g-T1;-v@RtR>cyYnp(|Li#n1exor%|Arxs;@6h+8 zU=XY^Z*Ae?66L~k`8oKnSmgMy&1aeVm%XCr&Ez3_S0jD~RkCKoUITO(a*?R|6jb2I zKvQ|j;cxGl=va)4UwX8mO-J9#$p7m6#_@*RoTi>x19~?9_)N-LOkYxiczDfWim^F? zcf9ng#wUQv?8nY7G?)AwTgh<{eNUaz@i5QdAK#v{a?+qbz>rnr#CtuIG@SFCN}tkT z%xP=6J~etQYvrF-JPESg&GM5!4@oj?lZqM&Ql;i^*tdoIh;x~$_`^yqzvF#%J(h`H z3nf^OmLzQd?13cky6Ts->t@@mj8stPw@@ncJI{1a?g(B;855D>7x-q`;RQ9XG<>V_ z8BT2zLe;~=!wK>^X?Vv-nA@tc&mNSmh4lG3hTQwp%Y)t0X00?}%?ym~5{;fUOeL#wLT;F^0F#*fTbYrw2b^C~ zJ-V3uz$Dh+;f;+6;?c$RhBDkW%Yd67!1M1LdBR`A5zS0Mt_^O23}%43`ou%w@83Ue zZd^G-{vHouW&m}2BHwrV?Nmq1f94*{r^|E%?hmRLOWmyge+iB3FcPj#|gb4pNBqkT_D`x~%cg z?W-%atmeak@x66R;j)#yq*DQ>>NvgfqP(5*z-H_Elf36Pw_5~zDRZ|&`;#Th4$obr z`L|_R?2o_e8QdX{KFr%*eQj#3gtCF4WD;fUQPF2qEjLH_5Buy`dA%%U4c|Dfhh*E| zkP3ZPGjrwS;yODUU{+F94S=pw(9s1q0wvhVa&OLtp+Iu)Ud!@UaT62j(b3VFLuWR2 zcA)lyAaLW>T0BD%ncA z4^qon|A&q3ZKGPvXEP1}JF0x}ra5(_MWxHZ~%?7C^8^_(m7(p`?T9f+>^5 zYJn}{z~rlOYPzd2@-hkP z{z?ZL^Tz!$P=o6ULwb?E58rcH!`d%>UeMim2Ajpidoqs$R)i&wW5Hh`A+unRu!4eu zwnHEFg8P1HS63JMOn>*bbX@T@T})skbGstgMtt;R$U;VT9VFLSoW z$>y*l6Ljj&rl7i=M(Ej<3Wgt#5Dnb(6Wvbs(}#1oHQvv$`_A)@874Y5`qRksgKo|# zo*rF1G#Va#e|Mg%?v|Xo|9+9e9I{%^-ct*v}V-XK{?GL{~?EH5$`t~!;V&S zQAcR@@5))0SIe!0P6J1RA~3cCr|&DGyes$=SRXb z(O-=g6L3P0fmJ>|fGscZNks*hkdQExkUijXf4bWB)Q}AHU_Z>eP4aX*0*X#ZfZlFr zj9Aw%_CWkl-L}(Q;3C5keqcfIgC*D3)SN6hj-2*VMLbWq+<3Y_#(LU8d`C;`2&hw} zb^pM??U1dvsHP^7{ncU1-u;(-3X{}BLMc9HZT5x1m^t8$|yJ-Act4S%kuX2tlW!Ek`5|WSQ#3WGFc(_2I!2F!XoY%PKlLq!9vVF93WGrt#xvj6nI1 zTRN#C1UkySFN-5rR<6M?L3|x2g^1&n2;rwhYU%jM_;_(~ag;zzQp3q275EhZifPN7 z{bNTsOaofd@k0EsuCDaEAA#eb<>HFJJ>N!RaXy$?sY}ptCd3S+y5SLc*s&GYTb8~{ z%@EMhTmJYDW-Hhm1iN1bBxTlcvli00m2Ao5dBbAca{70o)eip!r*T=hZ)kx%-D?At za@SVfCHH;CVZm$d1806zEV6gp+zEhdX}fMcUOm5c-7l?oT??jl-7CyTQ9f#0(xObm zkp3}x8zwLVig1!hp3|t@LNk>Q*<>}NMBw&Z6mgX1_qS|YnX)B)jN&;Dm4ushgx9Mm zWbQWP8AmScTy-8mS~ekHoV}l5?$uE_IZ38rM2g-5ug}GR;WIm#;LQ}QgOwpzDfKp< zrJa^i?6ZNL6MaI2r*rwhliL+2cPJI_D5zeDo-!2d{Z&3DzjgjpJo$PVl%dn?e7a5! zODy*~v_ybwxW`dr;P?G0IJheuHox?QlMak{U$IkCK9FZNH1K!>k~$xiAh%!j$4As> zOS;*~j<^}nd+MlfyDZg>-~~*p42@F8ru*fj8UUdc0Fdt(20>w^svn5CtbW(kIe*=D z?W0b39#L;LLdIpY5Hzygsn4=8gT$VZY#z1thU@MjQr^&5W#buc)9)1`5buZa9BHyQqP$r0|(pgcs}ZJ zYKBc#c6Jh%wdTobrf8sgvoj-E1Z_h}{`IF7O|8kFe+LuyR#sSPM#r*RnX24tQUp9JqG4DEhpIuzs zU0vU`0_H#_k;Mm<+>_rMxVePspW$Dm$;Z~_t+ zB*Ov*_uTxT_v|5KSMOmBKQS18o6|}o zTgUos4vzZjBR_YUD3oYg0#whEcrNmERhXV-3M_EHQ|IYX{&-@d--_d8+Kk2?Cj0X7 z==^MAlz<9jql~BhjuE4#=Jw_Y7w_p6+iBYU(L@SAY!DQ;=`A;bHQ z&fMG_vVyn*copOamoTI^*w}EZ<#xN7!0XxI5mSp00ri_d>^XEE9~&F9ZXMY+I$mnk zc3t&{taR*OvbmiZ<1wiJ=r$yr;B^-uOHN6dt+m9TueUYp`1uk-UVJ!TucV_h1n?3J zrnZ|keJ-O4p~nlQxw$!j4_fq|Ni(3@wIy7SYa$0YD1oXs?fq{_<)P@-}Yk~l=fR`_I zye>v1Ldk`N2(%GqthfM;BtC0I=p7t120-xuob*mzMokR|kULYavm%5Sk^!W7o~JAu zk7kMG%i2Bj0%1a6$u8dV=;9t89=(qIpfZ%ZR*rw}QpuZvdr~VdzVnBe8q?$Z+o!HG z)n-`0W4VL2F=g>AcK7&_g2ABeje|EBERy1Mg_>S>SNq%Fu}0&TK0|c1Ob$8Ps!C)@xs1{47$IZe8J#0PM;ZhUeL0v&c7S$`0VLrna^c zAd_`gvmM>|dIBqtsQrU5v*V-ARQlsC7#MYHbr8Lign$e)n&b)iN!iI`zB-+-CX0pAWTq>NIxX*>#SE_E?k$mGg?XY+6pVku6s^99 zW&I`zp+XJtVQ+6gjxc8H6JYg=BD^?nVq%gV9``zO%wWIX_U1A8cB`zQ0Kwp1XxDLB z>;^!h$1$-!Zn!^HdTSt#5JM}!)kAE{pt%h&+5s5I$cPF{@Z#&!Ih>r5*X!x(hC|m^ zf#9ld+X$dF=UYQmQId9mIj?d))Wjqg8syzhWnYozq^GBE09f@+H?ubcpg@r92%&z! zuMb62OY`jJ#Dq7s)VF$EUlAXKlMAtOKAm5INx-nt+ zFKk1PRs+eI?jCN|Ber2+@c#5-$izJv0l%}=C`)ejh)@a;0#sYgvH|ry=n(gEs@@b3 z-Iyh6X=uz=AYNz3F;X;1{jg6B8&NqBwqUl&GW16U1yH;F za&S5jUaMDfTXpZXHDSVGC|L~QQp$X%#0T9gn@{U zoZtCiWivs~^y%SNf|Ohk7^1B8O7rRH_$i!w$<^;0M?a~{0>lqXD5$8&kLlQYp~2p( zjN7=}?K%f0GOgo63cH3qEqf2xDJfysFS&p4xIUszl6ey*?sk7z-v}HxieLtI-^Xi% zdca!lr+VM*-i~ydf95%EIX`pc{2_EJ9J@XCwb#r0Af8D_a{^o4wfxHEu?Z%AfjM>W z2=EI>D5;CxlG`@!rPI{J1iJY>grwB!<>+CTt%DF`a0<5{+Fryx7t*FzZO*KMYf>X~ zY%Z0^V#AOxua-EOb5bi!#N+V%=_J9cD=~Oo# zdi`;#6=HTiYPTFqx(n3&@x}hw$K|&xA}6nS=9!dhI*0YJ@BHH8(E1x_9Y|;&vw;wq z$#4Kcp%h(Pn}0w3Yav7!&4*QRw%z7_{QzVXYv;_S;~Al2CcP$gx4azgCkr)foSfId zw6?q05JnfvZEj92RrCz5mr057hE(5-2^k-kU0PlaUqhMmZeyL`iwE|w1aM{sat<(nith>Q@HsCz|WfR%=4-BV>GZ3XJ=;(|GBjSa1$Q3F8V*^u0_N>9_ zP+=evZ*WFVkpGuqCM>#Gw@Ka9^z@G+bMGJUfA$tfQ(04iWK%|_pHVsm*uyx|Bm2X# z6oHiqfDFQth=3HG+i{Nx*o?us((6@nr`=^g7FOcanvVM}1~^o{obP;13=4zX8_yh> zF8p?Qa6p_XOXTcsOHWS^oN>O{_#lwpm|0pL-*=?27{jURdb5K!<;7-4)7NJSB5$@g ziY)u>0efIKvI9bx%jC|N!gYu}QT9pig^HRQW?e#)@eJ-?L-l24nAXd>b`JIb8BnqU zk2^1po%i_3ua(((R2fdwQf-fW>0-Tc04If-k5I0|mB51{0t+eV$H^@VLjJ*dA20(i zfDj9axkSF+e;-alA?C*()b>7AOVR<@Q0)uB3e3Ts=B1m+>GzlEg7uE8Sd{XL?7?^5 zi+-D+hJas-v)%q8A?_~L4L@9qbRso4ljb>23s0m17{^rI&+ZqEqtyE=#5&&;VG=R; zF;W$aRJQoaqZIMVo8B%7yqca-(2j@QO(KVKE6KdfyQhFy(X4E5sE^@&?0xgW$>quF zdVlz_D{DpWR*I*ncszieg#ZC?o!6s-^h`lVN0un5u&S!+>ljWr7UQ1o+pTW%dB=0p z#t(Sl`jTOWGh6=s^`bVv2A<+J?YDmoW#^SuwZ)jQcXVHOb+6D^fhnpB`5g$GfY274 z@wovYQAtI`SSRS{Pb}Hv&`~=*5U~JjM=S=dirtJ1=Oq9{vD$C-<%Ko^q1V2t;4@BD z+ZCMd({yrh#u{+jE`u1o{1a(a6@Z-q$26lm`}Kx0ZirkLbfhYeUMTlX!`YdA{bi3+ zP?^ygI|_h*0Ny8%p;XAh+W~<%c&VEZeB;x799F#&F=?SZ)ODH?<9pnR2j5NbY61jk z)?M3~E=%Tgx*Zu3gzkYOjGY-kktWOc)g8#Xr<^k@D=USQT^ki#pSQ3&|Ik*o^?>fz zvl(e=RVxcBE2BmjT7RvxY56?v{!*_C2Crdn+CbpO*mm(=@Nr0v>wd*?5lHkc=PQk` zc7{NAG+758>mjQEtycqG35dj}R#x~5yw6se>kgb707w&br{uM=AGfmK4`$bzFUkJpdDUik=4Api*GI#N2|5!^Fy?!Ms<^U#CU(Y4tdqTcNA zIi5nM$EFe4?WLuq#Vg?N_mLzNRJ{m4yiUHL;LF_?gEQ^Yh0hh=>b+1tH5J85WWU7_y>y=E%KX|Gx5Q0dR^V&f`+IShH_^c; zv!|(>(kIuk+$SQ3^Ri#Z%RLKKoT=0w-Qfu5m{uO0b|-dyjH3uG_p(Q(qt!`JSc~v% z&c5QbJ4N|38x{<0fDu67w|n0@gMK)mt6aMYicO~t%PGLp5ks*3B=>eB2Zpi0w+J9U zF|-_z0>B;1#<3ZtY{nm8Rd`&S@NtnoMpw*(+Hp)H>+Q^>M;*AmY%KYH84$!GC2x z2*5tN!9)6u?|TQ)n9%&WWA-z?L=?XM?r*JYgC$HI3;6cSN`=^LJRfx9xvt_cxq)z}e)epp9 z&j>OoUtmcBQNAE#j&}d&Z9>Ec?0-M}85av7^3R`PP!uiPb&u4)spUK_@|Jzia5qZ~t-{>w`rr(rF*0~&6<_G4Vx0|fuJRko#wgJj? zz<)KJT03ya8inq2xz=hMt)w9iAY0(nkm%6p-yYe2i6>EL2gX*U6Y9Tx;L;yLq5g0C z$ZD~t7x;x_&G*e40uYK^K7+_INdNstpIu}cVZ_-+-u)Z=zn{qBll={-0iYGS5reyv zMXROy(upg|Y%i8hX?gUHn?lA&A)26nPqder^xXikHn;)7&O5bEAMeiNU%H(gW{W3_ zb=XpHxt17ETOUk2idC$IUHmC@72^>N@O>*#nL)9~rv zI}*V_hN=h7HNE$gw7hTUz+l2hGzvT5Xjt@`ZEnl}khyj#o%e5Nwy-188YQX2ST$pQj;rk2e6)2JhVh4eT zIYQeMKJk^3U|>Hw4(HIxYmfZnqedv6r285DrpUZExi}9&Va!F|p--G2hI2m8kAjfq zZ~%1%#Y?85e1QP=k@x1LKFEY}XW8>1f+!TRIJp}Bi4>pY^b^cnUDv%i0f52D$tl4s z8pNt#A2-N8Aw7Nh;V|0!kIr+ALLjIaZp$8AS0P9~W=+GdVtKU3zJz$S3yY0Hlnrd- zu{VZoWy{zc{aLgHgbt9eXkUIBettJllCy;%8Y-SIN=D+v5pPDtbAnkK$E4V2I1~qk zO+Y|k#DW9F99eSpadA?8Ka0oYtlqqF$PJklhUh+I2GT=^;|%pBT= zcLsC0+aFdq5OKIF4k3F*YW; zuAgWZL6UpPrazxRqAmHzv?8SVUFX+Zx4%)til5DI>m?;LE}^!YySho^VbLz0FP>gL z^ep=Id=0*U+ALk*5vE95Fa{sQkE; z?q+AY8XVGTCGSO~{pLJ=SRMV>F2QaxTgH=EnkAmrb#-6iJM=H<47;vq0K1*ns2-I@ zxoJR!gSi047_MGlPoTjnXLIUE^w~4J{49hXc`v^^hLk=grrHQ82K;XF{hQar&NW=u zSFsBoCnYiAxy%Preskt{53f6Gu6#)Zul-%X~Aa~yIF>y0!p;r^V(c$xU?}DrYT=b;gxdz>xWC8I`esa zoxGtB!i@yBj&bH|!d#?I3 zO6bai@^(5gBu9>U<%`?yWT|<_W~tOYgc5>>IBEHa$zKbD@3nw+^dplvLAVoNXzp?i z!SBauQXC}IK`~-{64aX`2fI&X=r|thU#+d_!67F*J3A4e1_%ubRbSmd5|;@M zC3oiQX3}X58$%;Lam~?-MF^5K)A_OqyXl8Ui%F4$V21Peu) zQu)I%w6C_?FOd{AB7jzi3!maZMKX}|Mrm1^ZuJ`#e&0+vHufd)W(0vQl{EQIZ&E1A zxN28^AStwqZ;B+Bp9HJttpILH^S($EyC)IC_8q;xPT|Mr7o!zsmLxGA1IokuPva0K z2-&)XRsTcX$;VM$?#QlDIR{pC-5H?4Ovum|2R1 zdtg5K{zTXNtYP1X>t=u>O)DcAy?rg=St&IjicHSL@=2@Rk?LR|-2qi9T`d(hs-8%f z%Clyg1i2$nmdeid97iMf=BrVi?i2UhlDcIQs3>Zf7p8Zi(0FycNt=HpGyI7bI;gw)I^kB2| zJE^3*&)`unc7jvPTu#b@^wlKRqYZj@8)C#k$8O|P|w89WVOL?ob zIadZ$uV+*eXBuR&%sX_pRsxwh`@IHLD;KM>P<^8b?koj6ckKhX#oA+ggU?&NgtBU7 zETv1C&CfEuo0Ia+lnm)?8-$`2TLSwbk;B4gJ3LW5lg44Pq4Go|;QAhzP{oX+PA zYpxTEGoL_dmLPN2?V;W5GY3pgX)2!amG87-uA44GG~8_~G%`BWRB$P&2*DrISS3jb z`pY59;`K(&qNsh`ZSy*Lo zA`=;S-+xA#6|qrA?H4?9>L;C+rD(tHd_)D(0$7NjF|JK#DtRus*jWw{Vn_&O^zUKp zj~8|Dt0ttn4GH_ty3fap2KNv*X3+XP?n&WD`s~RC>p5vkxHNko9By4$2}rQva-lTs zks4CX4f66ZUkc@&BwW(9KC@w}$}4*cTPBB^rxf%Ev~Bi~ml%os)UhJeXlFL4A?`pp zaG|uR3f~OERwugu9gR@ZbbXy&)= zcSNf9w>UoKg`wuuB^qy=V>#|KjD`Dr^52OyePqzk5PvhRDiM1#W2lg zQ{#t^pxTtA!KzNfP73yxv*&H%j6e#(*NH3AWe}#Q6ciDN`AW>|_v2#w4Uk13GC7Phlc2FQrd&RTMS#WP6#Z zdIbU+M^S7(-5e9XkaSSwJhL20Bj!NF`9ktl~}nh^~k>G@#peEUk4Mu8e(;I8qJhpmg45Ozni z8D=HgaKq5D5@ItCSI(ZcIW@B)Fp*hOS!vp3$ zh0|04Wx~M(#!^XQ-cWW|n=*w-fnPf`a?Q@Ic!TsKJ(8a#aaC+qyYE?@;KB@UmCl?f zU1)_1JipW?l6)H5P5(rR4*Q9-7Q;?i8Ln)z{f>2~ciDbn^aQVyuGaSLE21xwxOruC zSZ{886s3dVD*bfn59Y0a-7z~V7cH0keR@-sU^h1ZEhi+}@3h*f_|P+SDH*mgvgCh^ zc;};rS+0X{XyeJVj!LO5WqB=VlCmj{C=}7#D;9@iei~CMYKmv5p`MKA?yC%44Sz*- zx|KdrQN|D>@yx~*e|0xZHQ(Aab8)z4?#Sni|7j8;s*Ype&qN)PzBZGN9)gvOlgpk! z`^}`5yeee;4%hETP^uJa6nPEwNhz(-Zeu^-j40m|diJb7cv=%bI-$uT*{2|u$)Q5? zl`5&bR(d)XLcce3kQzwF40a@u2TJtfVBH)9AqsPjI5K>E&!Y1PqUU9qwg&N3CJ9_- zy&Nlk^zIKvh??C7K_Ip+XP>50y&UH+Ts*9Pcu$hoKunlSB&bjNj)+8PhM=jvxw9*c zpqO8_Z=Z4ox99k3o4r@`MF0VwEgdb}_MjaLobv!>3E7V{4sb}F+0tB|m6$XwtKp3E zp8AeF@*=`s!O42%Xh09BaJ#VNCr=ryI3lGhn|-@L2$nlPqk0R`5FX8MKftzFJ!rIx zlIp+6Ln6bG7LxW+fCdeMZey@Zk_akHsjE$`1BshPo+l(*{4`ssAlu3)ouxO@sWCPlDD`F z`cq>RrE%U8e_+1PjR0*k>|mWOS>11w+QZ8rSnts_p>#%3%jpnJWdF0iZD#{HP5gF{ zP%j$7r+beYbIg|BfcZmFRs;m0dkNUWcDEb5yVsg>G4=d~(-L{k7Rty%?hEleZyn6Z zbmf0&`ebflfqPisRkq@NzY650_?=-ZrfNJ}l!4I~OcpT!B@VA^ zvT{P(wL6v!1=cG(NCl_UBqKnMV`auoLYDG5Wl@oi65)Q{hg15vWo0Sv(Y zM=f_|0cq|@H5uE}^i8&3eZ2$SfB8Al zAo`x6&8|R^BoMpsA8cVP)78XR?VHa#HCTYgb4BL)<>xyo0DHscDg6!x!M3Q3kp8zp zxBrQG{2xT}{;xC&h6g7y8eOXobY*S|S=C*HUGL6!JA9W0>L@MS>}Ec&MBDD+mA85{ zP!sjmA8udh6xthKt4UfL3O7L(R|P$vcpLV~_U;tRHC&$T1=OoX2xl{A9b?ILmts^c zcbsWs(x2zpZz5zp)K1sw-2<*OV|pTIhPw}Nd!s7NYy6?jx1bC~3q1H9PwvU%WApv& z9@gu7^vv^tLC)*QIpvkd?`Yu`Ve{(?&uxz5ZAVI^*^HERXOM(m4Vj2UPQuPm^mWQM z>O7&`?A{#QXKT@&W61^*53(CdZ5n6awyWq6>*Wt^D7JXM?C3UJ{khAsrYRqsp3ZaF zo~9nHFr94k7qNO6gL%1W^jvIuhE2Rx=3>n1q0g==tTb!ywQ@V5w^4)FZGL3yn4fkW z3%_dgLYS$yV9?|WI-Za(IdT+N$-Xg}v)hN1p(_*g;KsZ9ea1-NKCGv6>-GxTgyy&( zAGu5%o48lCV9Eze$y21&gP&MBgg)1ZO#Sq z(bCxb65vK9+Vg#Kwc-Jve?pg*;4`*Ve#^^4rbRZ$Scy`gGyLUjTK;`3f{QM#O=kW% zWov>osW@NiKsAI|zlrOn!{YaMEb{L+(N(G{&|8!J230O1rAYBf{oy+&gkPze>(h_~ zU(e7uXZp53DwspULyegX9y;icSR3^P1jga6sW3MD5R`Z{{>YjPiy<>p!>!$91+{Nn z@UtJSfE7rW%4`OA&lcY#mjKc)fXY%r07VXRFThsZH}R7<2{&@EO2;sazaiR4K6%SE-p#| zR1)w30BSUyhAlvWS^@S&pf2qQ&`PoB;e)<_`H>I+Lv?a?wy!4$-rUNHPIx>?NMBtQ zT}inYxPnec%~u)p+n3Vktt6hh%Zeg&jqY$Q%OPY06lrJe6Dzn#MDLPQJ$-I8N_Z}Q zw@gK!T1A)3U!Y@x%6Dkzr45AHt2^UOvp_$elL_)zCj0WbIV_j^?+KaIG!=W}80AC< zxBA!5w*JB(+1YNOW9~r)ijb?E8!}eAgBUn`+;JT}PRsQF8rgK_{1|UQ%JR{tau4+=gcgO7)~_UZ`U&OT?R-6SUIIc%60TccJhmk zynI|)Q;=OQ(iY8H8rb8P;d|OW%7WO`Y|tW>>-8C!?KC#`!W^J#e@ zcx@^UeS7e#qBIm}-)?42)`6fIHZL{B-nC+qko(qvpdz0t=mX{GHzwxp9@rq$s@C8E z!>OWlF}k(X5yG<;5#4l~i@d<)gFo+E;cpIue6a;jbO{PUlE+AiVr|su{RItN3^*j0 z8vD}_zPr9wrdPK2tS!m+zOSn+$1XLSDAkKQVuqyO*i&4_m0q=Z5%5i}ZCx+^?9o(S z$`~*R$w2WK(cXGjTH{0_-Wd9MdUEYLph)uI#ubDhfL@7mb>2JMO8Wn6DI}fii7Aa@k?( zo#+I`gF%S#(lo-PsHEF>+m0oRAc?#J3>b!J0>l6%K7lq65e!fAVo)J?7UHe7Hhuq&;GPkhvi zi5QTimE}8Ixl}^@15Hu38aXKMwqEL;^)VkP8|15SJC2tPraqJLcDBR^Z6f`(;pda| zvrmb<%xtUe3`@7QG%&A3XRyE-nf6?MID~&zZ))OsHclT38?)Q{h3nF`I36aWn9ADP z6jW22i(A}|Sz@X`f?e6>iiO-U+4Y0*{;l37MSk$dT1A2_QLp<%20%LN!CCEQb$coW@IZR;tFYvC#RscvtNrl zW!*_yi`B@*%jE$~qusHsOPrb;9K7THddC`hP3I4I({9>QZSuRh-DG3q>v?s^48_6v zY^%-ZiPyxw7sV^%3a)mH(ckm8a2vt$3Ef|sB|P+XmdgLMrEczP@;=6B zK*P@qxQ8rW^n_S(mDoMY%rvv8n!8$rJWPvts$D*jWYpEJD|5{5O-w9$r68`a4-Hhn z=!xH7y^eP-`(&wm``Od~&Ukf!p;b9GJ>0S=!?jSKjFEvkMx>fpReXf=aDBaXwSJyI zZ*TXUpBmXkx%0l+mwuZFwDNn0Nbk($Xr4aegDGHAvl-A!S4KoY=BF&v`;}5Ee`fVA zTMDqAK^!}nYcVg9G!bfCW}cyr!%>y5`rw!6m-;id`VpIH0NYAXB~5f#$o}D?#X)z; z$}H^5G!rw4Zs@cV9+dN(p$Yj`0Ubf(M1TlXwSFCSN-o!BAX>U5l`;jC_WTsaq%{ZI z7g1FEX%}P;)&PB)141mM^!En`G-{UsFxDWiK$Z^he(Fq&ZD05HOu!rlKwvZg&?H9z zz5-YQ!MX0ms#qlbu9hD=_xn$P2yJ&*n4EXa;|s7>{jIA0JfC;U0U`ik%ZJZ9736sygnUeV-eB;k$ssW)ra6xC0Gdy&H%n zlK|7l0SXdOSF8reo0trA9oHCQn*bFNqRXc7x(gEd9}Px@t@p87UG2`5v36r_IYq8o zL|}g6nWm^bo0E32YlvFs=?5{7VQXgodrn=F3J43Ax5qh$Xmhc-satskzYudLK7X-J zB>a=S>ka)S*Yo}U+vmk^+%ve)twu15O~2ubq6~%g-7|CsSD@WYk9`D2y%W`crwb;j z)*M(OYH@Xh_m#OU!F(IN@yI~D7~k`L^uFPL`NV@vIR3_K0y@dJzvCLG6BODpJ+C1( zzT6a^WaJ7p=9Iz9kubio5Ohl!57729JK0Me(`M?33+^7*Ki1(Oq%k~e>)HIiJNlbe ziEwEm_;mHr$q!5QbiZr%QtNHko{eB>aOT((*@jvv%29_s@%cV}LEz%ng0YEk(VtU< z(Nu)h)eZ*XJv3;ik(2)f--sRig~snYXPAc6KS$1V^By^>+Rp2W|vN zepBdgrVQ4nt-Nj~nf?A(U-uB6GWfF4mC_Mczs4UC9_tlK716P!BNnO__DX+dp0sbm zUqEM_hnJWB-D+0?9jX?$7Qh%>Pec}=Pkq4AZiY9uIiNlJWdtS7)Ki5{V~*ysLpVP7%duA&X|e5mVR7kqDy!IHeJA*r>yMi zucqz0YUg7W3YoM7z<~~^;ma#0N>e}@L54&{AqhMkkO7;+7k77VKx!iZcokU>Ed%ly zGz#gQj*jBzv$$^z`hdEu4RCbo{i=H}0H~lc-zwYMGQgqMIPW>2sf&H_u(r0&0Mr!= zRt;XZ144i*j0@nsfK^*QMEQ{xb@|j3htm2FOfL#gmyLWiQUJ#BJNnsnc@(rtG&0Dt z&X0KRlw+M^jWp9hgsnT?ly^Qj`5h6TuTMvBx*JL5m!OdGwGx9>iEuW5Qt^B$xyw8< z%P-=_Xzyn48+D&RtYq80{+E4?Gi{D~%u$2qrsD=dN7ehmQZ%<0hRB&>IsHXzjF+2a zYdUz_-PbF)y)4$)^s2N!hm;C_HSLjAt7>-d%FETRDoW`}{30Q(rrj@KVX%9fboSL% z`GdbkRlDk*!S@>V|0Sz$8gzVevXfoyH!PQ4>(m?etC&@0H!R(OJ$;5&%T@JAXZWjL zlR}bMw|T@!&#Pj)?O5(9p!+a3<9?CxI;|o;qaOdbsk|M`MzuY3ydIrfWKvmz08PO)n5eXHdPh=R z@thLmDB2?E>g+tVxEPv8^-Hr6NlYG)Z-L_&fMZt+kln2~G<{pgvRwgYOp>v@Hh;p} z*|xO2ynl~57SR9doQU$Mp3T63>S^afr%x{P4SEC<IpLIt%LuUB!S7w3D5WrQzE_dDE+zK7_c9l9!+}K7yZ5NwLH3ZWTH8S z!7W*PYv(U;;65SFf8dU%7l9N+yE3;t+v=xW-`{`6U`XemWVIqUqV3`cA^03eYP|G4 z4hOvzOM3{tDorYm1sy2rqy(BY=29qf*wd>|X*ZpklU`y=C9|}F(3MApo!u@L z=^{h}%~}qq7FIf5P-3lwn7Yg@klM1gq}FOANwK(`U{DuzB7Yp7Gh`0?`XCZNNK^63W0|WNPHxTY;Uei*)_LqL@@JKmU}mWq_Co>hytJtZ+pBR zoi8^=*BB0hL-JS9^CF-(t}_|SD=!ZR0uDf+@BljZ6*Tj!0if`# zJZ`=<0@+z0E^qs$#dA1^rHvcCY&D=U2TvBK|DB^Psvf>Aup&V&Eg{8Dyas63p9T!4 zU1berM2Ka}^NzwPLOGg51kHJ>&u~Dsx9;iH*EJxfjhC6AYPVHeFk0j1o|ZN~t|;Fc``ejGM)kA~RV@#M~jJ+&AXrwda{-=|Nl)Vy zWpPP|hI-mCc<>{8d-v)$lY}>g#Wg3tR?@c1Q^5!*nr!I)9FDcR**6X+iZl}ed8#>~hWg3<8sXRG6~4estfSkEp{&J?i5~D3 zqBoqZTIdbm^{$AbcjLx!iG;c&{T+CF%WGJj*$e*q; zgkIFUXnN9k=3po%@pG_ySamt1nn*@MG0sTAoGu+vOn!>3`l+<3BrTXDa49Cw%q&d> zMb8XMI3TQ&R&9vQd`3z@g@x5f`a1znZv-QP1Lk_E$W#cudcbBsn$F4CnOS)Z=8Xd)q22X8 zrzP{^%cJtDX@Cz|3jt3S^3jfR0{ZL;{jE zv!`0=#ACwfSisop54w|#2=9Q}SNXa@{!f73rOkZ1d21)y&1~*@Wq#7n@kO7b%3?cF z#IV`GXRJEdwch$vPi8Y+xn5(hiGtO)y_*cVeZ)U#J2kjJoH50!vT}DVXs+55Yr=+S zv?&Ri&}n`TGVT7K)$G1{>r`qbuAGU`YPSRQ+go4A$}P4QYgJf__j4V_(Iq?Z$b-3-vtO5^pu+CD=*|$I zpfFj=34zv-h9iy26lGa~F0QiItD>yqec!&w^7Z|JBj}|1gqgcNi5Dl(r!O^UUZWN>%(Rk zr85pFPju#6I_r0WVV#q^2{A@fWf+y|S`6@`Bh!X=u`%f~x>Apq-0T)T>lyJSwsU25 zA^_&EGks&m+=O9c2hgX+%g8yRS_4h~wH3+G*NM&uQ&n|*Y{4krPWDgyjjfQ&%MWX4 z1blT3@wD0^ZgD4qe}ZLBjjnW!s>Wi@i=Xn7M{Ga>b#f*{L!RzN zvmere*zjE0wco0@)HCte`-#rPn)>7F9Tn~q^K1fJ2)rlFS3cB!hrP9{1j!ir z6S0aqz1SfmIE^TbS+8B1#$V6$3e@ncnV!7SmBMtgd}V$!!DT50Xy(#lVt8Wo9jz{> zq?xkUfTA}>k~{@~Cg3rRba}i15q6yq$RmkScN}m9hZQ1?1ysHqok&KI5lS>-08?MF zSQbhTP>h2GCjb^%WQHV>3-~3Z0#@YF%H=Az>6LK#>V_I z8bHyO-`<{CUe$s7rz5uvP%(gI%8%BFy&C|D+XVD<3+x>bbR%0}-6YtG;rF~weqCKW z!0di8+%Y;d9%)JR4p*v7t|`7pq8lNOAG+}fSE{PzR%@pB2u~2$aWGHCVG*nPqdetw zi~ZwjTkd_twygePBp}TX?X2BOKEJ+sWdVHd>vqy{*HiiXYGxqt^?Tu$7r!&vmK%ei z{;Ll@ZkjmJe2W7U*(<`lhEtkH&90Y9n16epI~V(xL<}E?G2&A+CrP=Bb#@P(dEM=u zVb<+UJ1spODLLCeZV#wBJe>@^gm|Jlep5(2-`O8&yuN-Qxuy|1goZ>au|LId-?I5?YJHIjpn2)LjA~ zJn7MFdRwuTqkG(w(()Z=<}1U6W;B)H&Cavrm(*w((bIY4@_D$}5g4NWrDc<{&UIz{ zCB3IMeZ+BBU#^31n#c=&|<#{MV} zsS6?Ws6RJx&s?Pt6V7Ks$5X+<}#gY`(yP0zl#GE$cpA}}T>v(+BI`Q(o zbe8FE`|p&NK$}H|8;dZTv2lp?0TLe}C4VFc^Uy7&M_w^(Or(5X;AJ?{VsKmW=ioNE z;nd2x9@j-nnC^NgP@!oN!FmN0l8< zHri52=4uUyPXM)79v~e7q)*j$n>{Z~xld0X9e_sf8f*aph}Z#d7I7d}SJko?la~{6 zMHc(^Z6b1MH9q(FDX0BCJQjn|Op#3eZw$E|Ku<@8$9XsUJ_FE7fc13qI-c~GZW#cM zqNk1-85ybNdHOp8khin}Rv_RPSjs0>)o*QKu?0*7u!#N# zWC19dT&z+bLjNS*o~?J=J=yVi-u}Xo%G>ObQuH1%F_0WVcS(7Rwcf$MPEYkOYZ|*_>WV?|KUC{tzyJSe|NqyD zg;RR~{~hO${6E5go;Zm7WMKV@mHqKAE1i-KhxGHmC;$IZvG9Mg>)VP9n=@21UI4k9 zL?V#_7dDpZTbm}U6c-AKaiUx2pygXO6Ky;(F48B2{vmv0Z8Abq6q)-@CNwha2*U&( z|7=nd9$9j9a%=?DF!Ik;zE7k~!@^wH+6jq5(GfF;?7@k#fY9zTBhottlP?{;C<(1C#sRQpi65ImxE{ods) zT-1Bi+?NvZUV7wqqVx=tOBE1sS>YB|st^g{x-`PfM!Q0b(+Dfn`M!S_9BOW{aI!Qg zlgEY28sHzbTxop%EtCO#3BrJA3Ljws?UK2)1u}VL>UbIb@*)~`5&r`pRJTMK#_}Ta zg{j~9xRBHfKI@*pQ-X@FpCk)p3#2X6mp>IE)6v#GA8y~cn9=NSVuV*bPk!h599N}& zi1qPc3hv1?{Vy)SbPe%TLXcR59#cT^TqGhq84g*Jq@fyI+G^0CwM0KLAzb{Fm0BuW z*i3Yl+=WrBl&Dm}bV^d#*x|tGY)zd07b!fSPFBrzRt|&%IbHUq3Yjr9kl^iuHzJ_i(mzX*Prt=#Ns|+6|Wg>G8 zI>2X%Twc?KHH(W93oVQ|@!+V21AOXyzFTvx*krW4Kcw<+3X)-#Oy_88uk@zCBoBs6 zPbE!dmRG`KsDf!t<2B(E=S%FaM+aCpjf4KsYKK(aO+Q3fB@64!9hz1TQn@aTpwTc^ z54*QVckhJ`X$?@2#r_=d7$HcHe3{C0a~K@$`yq-*F!nWmim%?oDn<$={IgU#X4ziX zuDw31VIV0r0z7Fqu}dRS@h1wSCRjHomKrAcnb3)J`iW4xl!UY1bDmhwbMS3X8p4l2 zOA9hrS8MhSs0F>9ta_KMxMb}=H+JhAEtwceHaT!c?F!Xi`E!MBQXCOdOpOUCtY$5u zH<36?5&s}``F)~gb4uje>f&KzOJ8UA8=0xa3OPTRK-~X>(SlI3>9pc1Q*+p}i$bPg z94-ugBxLBzq@gx`HMHl?;Dw!6dFL#^t}cT|z~#lg`*FLZAiLw1`0#%2T$n%j{6&`! zgmB^r(O7py(n zIglnJU<$|}1y5$qp}6K^oSGIc%La01POIXyAe5Bc0^0@JC-ZTP5xy~LW0e!KW<@=h zg#TE&Q>m|?-HvejptF#_em>0sKh0LWmh-ZUJ1pE&ZU523`zaUMokzPW7rP(=A-j6L zn5cni04Ja)Z|-!;9>J>fo2{6GJ!=g+n@hTluav_(J&zCVNKyJTM|TuMP@j99gv@^* z-aX&EPc}(mp;CEmIFc7v(Wr0rep*FxsdKuJW~UxJn>@Y$s0qDo)%AthIbad)uxgqe zDTk(P=orL6Uv9*e@j`se_nFq3XH@{C1JjDjqQ+xZT-gPGaO)XJ7%?5_^^|(|K7@xz zy7L%ut98@U@&dL++oK(#kuZ+_ag{yNAM5786+gm5Gz}x=lmX-u-Js3#M|>9O@PR%K zgK(9Er@AXQWb52OX)r=~um>BlEg#QU;DJp$3`HNdIXn(>Lu`)DO+c$}pw4R7c?Or$ zrT$874*ibt;o#6yHEckkWWB8hEt3_K$uC41_EE#Sr%585dGX8X1E<-&qKB|)Vry&q zBzggeuzl@@5!Z?<$E`W-vZU)ulZ!%6?V&?P5gi`GeA!XG6(%-ve;M0P-~9mzeH#@4 zYoZb-+A^mITXmt*QRH(+5q6@Q58gamiW015JnzXI^e*Ew!dG!a$f{kLEjDd0*A^W` zCK_oz-=&H%Co|`yhL~TVW-I*kpyM?o&N_$DCVTVWnCst0SaG7iCC#@}W+(2B`4Ul7 zHtsmmO2j)9RX`POZ>K@Q6NT<>ELt`Or&dODKE~MLhZj|rzMFwRfPUS%X0_59%&AN! z$4&|`l@ov&ajr(dn@I1#TJGksD0`yVYW3e;nz=XGd`5DXr;DIwAwV`=>imTpSz?|2 zmkoOPzPjv(L;gnygmjg`Tzv8Z_kelxiY4psz}2?NWl(Uffn{Wp})tfp^rBi!FKs^KFE^bbiIey2yN5 z2~lsOi6g*EdKWi>7SC2J2GQACj{&bh&j6SGw&17pu&#!*n2gw``{dDsIlmbpMMXmc zhEhkoq>;$Xb(JMAtK%eH-mH1EmRe;Q|!(%ipd3_soGtanH42z z%c|+`2s2Xm^f{$?xUTIA2ndFkzK})B6=>_??{J~T73(y{CuiAjx$--$^6258DNL|g zt$=584@F{j)WU!I)I37n-4toUkJ(#|&u6=BaiAeR^8OV^m_v_5uDh$6j;dBYkc$jD z*nH!uUD?F2OwDj>mVM4SlDWbiH!7U}56&)h;%PfWk(yrvI*OcoX^{EJNu6pD zq5d-Ec(o2cB?F{{wd=SZ8Y@efYW@;)>voQ77mKIU;ptWJW-E4P_x>!d6bH@Vk4vaW#^c)=^RFkD)qY zp=#v)PJwY_K99|0uO05dRggl&D8Gjwfj7H^nGkU$#hG1%8;iBkbmt_2l%>duTk)6Q zqSkiscj?umH)ld`#K1qJmyY1AhR)+tg zBS3$a7yn$tcp_oV%U}6K@R{x~s?FN~jGN zZ4lXP5#BS698)ZyRh)=n=9q51aeMmX%jd+=+hN_6=ozFE7|3Zep#cBgr}|>D;Z>Iq z4<_P6(;4*w9;c$J#jKFjqMKvP)h^AoAoJb@j@}}IdK@F1%WCM}9&;#8gs(a)wyndG z`BO$-(Z+NXB*8MgR?L4`^7IjB)N52^729y2ZOX-Bjr-&S%$u8{BGs$bw9P?z99Y>? z=tlA!nT6%Q?;xzo#U=?^u*q+Zp?mA?HBS*u3aqK1A-}fD%yTfAZSFG%2*up9pkCW zPA)ruZR45Py{)UjPZ}CB>k{6TWjzIUBz0wRj!kRH)Gh#Qz5ti{GPZEAXY0?OqYNh&=~69g93fBZ1l9|kyq-;VCaPLTEMjoe#8OJyT3 zU$YqR>prFLad;v88Ud(t8Dpg3Kes96(UA#>fTs_zAhj`H?hQc(@SgKgHbS7+%@SHq zIKHTzBd^JCavjfqTwv;^hvF$e_S%hw;1hA#`H@S3z4L4wjjoJOUv2^46qmt^M2>8& zmu-NcQ`GRhG~Y2$s#x4WT5zlF6aIFm>pMOtp2{ST4zUeo!V z#OHfIT2r5aW81bt%50sW)qBT_Kk`xh_pqK^gLrSd7~_JUPz5Sr^efNdI-kxz2|gPA zo+sQ}AcDeQbZ#|7ZHDo3iPdetgr*ealk>Kw+lsQ?<=Doj{Xg zZFI$i(%BnjT;ILwu)W+7@!Xi!d}-X#CiHlG+c*fQqw+PRl*`%yyhZPN-a0|cony9u z*%ahOxbDjjun$`Xzh{!I@ALA@t?t|JxQNz>7RjNqN}mg8!MBI&QzVfyjAY;b%XwJ` z`-x9kzL#QA-pB74+CjL7n#q3c_7N|lidNY75B@9?GHf|8jt{B(TvsSv!V%?z?$1Y`1$sAbJkK4nC?6^^ZLf5FUN}Y= zSfAgx+b^W;9apMbtkE&Zu}iP+X1p4P4O`rnp_Bvz?uGkBH*UHYI~Aq%+ZbTL1fj zEZv*wotrpb(E@AGxu|zCQM*rCTc^e5((2_=lCQHHBZ6{Cu8!t6r)j{=Gb*l5nCR-V zfmed4_qEVL8-fx+K1i9bAN5%vOUGz4#R3v|Ci%QqHYAQ}GZ-yqDXDFY$@y^2w(di_yB*) z@E;b~#)giEM^dvr^!``#PD^dIITi+@6)}22WZjHx9e9e7!e7sX;>) zA}ftPH<= zA=N|V>B^fH*CBoJr>Be#MaPHrzO3WA%u|@-?I!>6m^itYG1kdEed#AR`3?U~NLq$ZV)5oa8XRYoT)2B-rP$M# zO1Dk>gn!fPeyVua|CDK&pQCRjf7IFXqBxVEv#!yg3AURK*Sw^WI@ewMsbPEvXbPfN zwV$zT*y|p&w+UU2i3`B5(({Hz2Ihh+tqch*z_2&R)CaNHk z$p!Lm(}9bK*M)fH(mje)j^OY@!olHbkK_mfhSWA6bsLA-d7CS56Zr=!n#<*((cNChEo3Mq0C-J{EajC4mRmw1_wHJk zMeOnAH;v1=Q7jHf^^HjM=;%ouexKL6v4RVxA+N4Z!_!&*ds z=IOG5?qazpEboHGBN%Z$;>48(|6@VKf4jeY2+gQET+WCOI9Z6X@rU+_`ek`!gz>xY z4p@17eZ{2j0Fg4KE7N86Zc%}5 zM6Doq(v98a-~|G<+ikVliwoydA1N=(8Ig@_k#{HK0c&TRR4!LdenY=*cZbPZ@9cYe z`eL0-{okxs3KJ9Wik>5cAOUyvjrcvP&Nai?Ql75MN|#p|4z+bPp4Ks2mX-eAB+<9T zEw1H}wx%=fehZ_FzRq{gltjS;V3GSvl%t#+~^DDKwYnEBv=U1w)sWp53+T& z&kQgqnCH7o=)drNt4?~273*AhvAG;-GeS3>frn%+%zar!0Wxj}AbzOM5&&=v`Mi$T zBG-)l$$)q=D!JTdbR}QN2d9!XQ%eLs&;9+E?&<_%@#VTsanm!~$})t1?C_Tf44XYQMXmy^L}5 zymC#|P;xo0n9SrqLuFhlW5*h)F#zrj=(%tg1Z#gSpI0B=Tczl9J@wk_w%2EB!zi2Y z`!Pdbc2ggJzt@tmS9({I8!?kq0D2ZQ#b1r&Y@C6I=*;CNBpZ=?FPq+35$Y6X+wZq!v8> z2)16{&<+XmWr_X>c!q)#XYdNhvN+VGNN|jO{x07BZN1-P8u{k_bjMP$h|Xf zFP7*&kj)Ev5MzA5PmoGk{>|myBjs>7f8^10(}_>+a|eF7!4^W=gsxVHd^e5wPEKaL z_Re^lzHdH#jk3IwJB{_ZP3gFMXn8eAj?wG(^9|@AW?V z(oKQU%mTaq-H4co&w-o1*Ph!_dvhG1cKzr=xWDeT(9qqG!||rf;Ii)AkL^8lZ09u{ zG~j^;PH^Xj!2xfiL(APo-+Zr zGeg=O4`BqG92=k=AVyE*!HjuKh}*>IJ8}h4I^4KI^W6SqF$+0DrJ>OQBKquAprf)f ztzocUb+=tbSX3qa@RT81I);E#3$e2P5Ydv*EUjRtM)XZQ49f{nPScq`2h^s`xJZBg z%^YwODhk*>=Ie@)XbcaPL)Ncr$-9P;6&&^}j zH*-OCW4!gzAP3>uVmzk~sJU+fFU)Y}6#Z(n8_5>-k%Ki?4gvIN(MeDHUx0qtRh=lJ zF2kR#9~oPyv*TLhKC-E)i8WUKAt&88weFfVJ{bUr*SXI^2jaRBt)L9tzIO|iWPDUdWiIO?__zZc-3O}Ucle30L-R5@8IVRT=pad<#_HB_(=KK7Yl3enlf*y7= z%usHxfQnBqW?D8_nCau5Cb6F=lZ8gCd)5a(8huOG~OgGTk}P-%@oG2oN3HRJ@RfQlZ+q9se_xpG9%qM9!Cn@{JCN!1*&R(rc+;+ z9;p(yvF1X?B2%(qe`q61P>B?sQK}_h5eK>UVj6IlAt`(r$3U2R$(VT6BiLoY{7&n+ zlC!Q>YRp#p#(Z{pEVLzWGu;Q5Z;@SXGu%0fG%h{iB5J>&UyU+RP;QYVP2f*N-tj<3 zrA}2_7R(9v{NMHka_q2II(Rl!TFGO;!0Jt&+*1voOh||`nsqGY_qnk9R58gGyjohg z*5kP-II@>+PlDMf`T_+Qx7X9M#k5qX8iFRVp6XyhPe1C+vnA83>6v_|XwL1Zt@({gD7H6>T-C1R$n5DBD@uo=7uWNi5ZCwb zky2m`AZ<-}n!P|#B{jO-%~HK{gQEw5d|xrXyJO_^OxsG7Q5pjXN`OfiyG*@H4Dw<3 zQd5aTgh;+wXdpSgex4$y5)Fp2x21@EDJ}?RH#0G8q39mV@aN@*vrrGoy#(1p6!>nJ zBI)RU^i@hlN0Hjby*T`a#vJVQq$rq5F@TB#Khz5TL~q+ahs9z1MB%H}CPL@-0@Av= zV93YXt&TDDsM=9D%2o3NTt1+Wx3q*T%H6_=tZF^Jh@OB_ojtE!$F+F5Z5`rNm#jS9 zRr$&hhS68Ea_OlqVx?S-8R-bls2HGZxMIUp>~-%nVxYjSSIeSvaqvskR4ilmPof6qSxMYy_osEw(lhnT zhGrFrXE4{liZ43gV-b!%3P_D}%)?dF!{O&|y9#gj`w!Z^6BcO0 z6MglqEVG}DWaeTc>yzMk^MIJ1%8bc`f1Eu;DjCGQ+0k5-XaDlJKnemYBr1$9bsN+k zdk>OQZA5&QWwV49jN@qgCDKt_ldU-oc86CMp)%4%8YlXbp`vefcSeTJA8x(Fb(-j_ z;#{>2#;#+Q&X1no!7FBVGE|{EDrk{Tz%As~=cSf0dF&#e9&1@n*j5nbpk42c-bUb; zM+%jZP;YXDCv#yr4J89^XERI~vWzce@$yo-m?++}G3WO8Y2Fz>uF?0J1~ZJXe&nN8 zxUMI`D}E9>L%#*7R)_Cvh3A6;iT8%4xm?(+imz9>{ z$zq~*RLE4!DG)TUvMz~{X>Ci90dORAY@e~fiKt4Es6E4)I3bzMC^H^Pt@tGoMAQK( zwLR=kql@{IX0qxpySSZDfPPE3wiTEmU}}obqT5$Mu7p*2*3mH?5HLhCtB>K48}>ma zTSGIu<()HoL>Gon{q7I?_3yooy0%{{ZNNY20g}RG`8S)+tuc&L)!!M3PG)e$Yt9cd zhVydgw&`h8*R;YHlIH4keV4n=^jH`?g7T;6u!KP@3n^h+*L>>Y?9$Tt z&t0bNmAJj0gCARxlJ*oW>a1hkE)F~XIi(#QV3m`f=`ok)&dDJo+`l3Cb!_QHGEidZ zT*y@|Y~gJLv24&qol7g7)JAZ=bbc2q<>0Nm;`%f=leE)*JPO2u-`ROa-Y;w2dM0{e zKI~{awmrK1qru9}H*`Eck8>;0a8|_5p;l?gtp@eUBw6NIbiW*#DA+!)mB&nfwZ3Ii z0;ms$aD5W%8QdpR%T{To@SZH6vVv5%@Jqts756{o2d!Ujmv+?(b@vx))uovHzFayT zaZ$)7n%(o%=C4f+;Pp@KhkzLk9%b7krgF=RnoXV+!?ZlJ71Uemi@0fr+}P2QPBt~R z`Mx6)7a`Ge?f3_bI_V?<=?^-*VKV=WTsCV%VQoQU$@Iixztf zI5V2Q%wG#^TK9BoHBkD)+igmlbD<1>!uXOwsqO@InbUpzQ?!Zoy%-3{x!~&$&0VLV zrACHxY+3r%1%j%$*q>-PG3o|NnorrWm>IWF4#cXpKLyno!CwC)2D_tX-I1z zPRT?h^gM+gqtUMGl;$a~$4i}>p=M}pxz41Vpb+Mk=)VaJK#Z8C6N&znSIKwW>UfbeXJgo?i>S)4GkJs zWl>ktuudl(Uf1JdaS*ZMEIEyC8pt=`O(mpoXzc?znhtVNa-G8usmN(Jw)x_O86M2jsH z+OjODhbayfF$o@_InFCWN^dq_94~m~UXrp!C zwcEcyqcmE@Qdr8| zRFijwAMY6P_q{8mb)JgGp%)Y?tL6SlH6%$AB(C0&B?3nQRFj`W63CcX6@;fJ>~?)L zR4L#0*cgI+j&W4}UI#+ZWOrVX_QdX3vI#UM#zu=+t)^TukELvjXTe#e-Rz61nHy)Z zSW}N`K6T+@`gx(*3WjZ95qSddNH@hC{cDGQS6^MuJf^PuQuzaA%!ow1j%CJrkmWmx z#g+838MBxgsNQK&rB!spwTBXMD7st2?)9ANlZGwBSmV_M1qhYGOJvEnX-mC6X$ST- zr;Xlv%0|Zam+QaQykc4kXzKjE7>dv(+t!B1RFgjk*;V;&hFTdne4Ix6#U{w#6e1)0 z-Bd<}d$uB8AEN}LmWhEnZ)TpUg&VAZUxhz;W`FaD6l&Ew_GcoBVOi~qTZH}fe!Xo> zq?59V7uHz$$*o#4?-{~|Ny>!OLm()^XyuAc>w~;~eL0aVKb@j%tG&k@2xyKgCOH)K zc`E2B#iAA6$0eo(jpssa4;zE56h|m97}uMNmVRF@EIeEdrPWtEpEZuvhOD2}TBUYo zL-aqMnkkF~rp$Cxf=FU)kD(dS7%fr=Dr-=vt!1Oh>!NZ(ijEgs*bIJ*WtsZLk^xhO zmq>OT*GFljmXXQ&AI6`-cGO*YRvTfOJ>mZP<6H#!bmN>H`-ERzlO&K+K}Zr5I)KZIcfkqep88pkVgvr7#W;$Q{^>Uel%K0# zA=B+>)kM(KW$A2ZFB_^AyMiDaJy(nAx1m~YpF3scV7PB8Yidb>5r~hbQ zZ`?GF=BUlf_V1;wwY~nbSiSFz39na5RvfV*P8ytDol1SLVPp1$u+l;W!~vaL_R<3l z9B)~Obo3PEGE0FR%zI01zZ9`CeuhKy;Th%kw|1up9o3i*iLTdVMY+T=R^{CL^RI2W z=pv6Rs z&M-zj{uryUpy^40jnHpva7?Yy*83VMX5!wV9J}O4Tn`n$lKh zvL7qXVvsPB4UX7Da}^{rs2mdNJN4nEliW$QXz+I3NvkJg8}6RMDAG%1AzG$L4AmRd zm;deh=M#y{JZ*Ve>#`!>H)jepiA&znQ_=mJyke+p`n-T9dA{=nv$PL#=AHF{(pp&=>3Mi5ck}*YPfh>1 zG7+=ZbOoJuo#KdjrMwlS8N}#UOZ*Pqq`0B=)u-@ygbJByvur@+mU3P zuvdU$67^G~*#mgv2B?4ZQTo`zR__3{@|JHQD-Vv9fFYp{@i=IfwYeg)-NA?yYq3Tt z(d}SMBoUw)KqWDk7!GD%a z03{>?p+1PW1A}0q5&)RenSzOJJud$qaYikC2Z8NhV5?k+kytc^`!Jj&1Q z21NRV(K@0_>dsS=U(@WA)l%Lzi{mxFGGM{$?kynlsCMu%1%{Xx2!qPBfoFnc2u9X# zU7AT(cGO~*`O}tnd-c>d)Juba?&{eq=@!4x>Epsse4GoNG#EZWvse%ZDgs4r0$FOQ z4rV)0j_LRU17o|FU6%cm)b8=Gn&N!|BbJq(@_r5ixE#Zws9rxDzh|(~+ zCb_Z3_Jxe+O|WU&+7c;Zl#s=6Q`L$FntZN2GR2vp9Ws5&*C~@xBqLNV`DtH?5+wAx z!MU>&yui45(9jdtD!iPi7B@fbFH3hG>neGK$j97B{e z^k*b@nUTD98j7+k-jnYvlsWGcCD9AXfTT~k??oK`yOUR{nC2}?i6I#~P$n801N3bg zdRYDl$r{fJQzti4ox*JGz~I1;dptXqoh^Q6Ftv}Agcj;qYO0u3#eM71ZLJUhi)%1m!vrZ%`-W(cR%c2iusbQK&~ z)2#LtsL1peDROEvgT+bFyO;6ui_{$YhPk%$=MgIoTFns$t~4H1h`=8Ubyf@eO3k${ z(7N8?X^EkS+Qv2Kbwl;@`x1?&Kt6U8tp%v*rFmL5&difvWt&6h!b_3TBcV@;4jKtb ztQHxL+?+d1NGRKSVV=TGGG%dHmV=}$VTEB?X6f%|SPmYksqmr}HC(e#PH`)6(>x0u zN)ZJ78(0#m*s?k#)Zc%khV|4}my}p*@>eMQd|`{9!QA770Si=~DblO@fc2i9VjelJ ztGW{sXoObRa(T`7^F_a=*{VWxwk5|Xo!C9f zf6C~G@W=6Ay?~do2X;(X{GQRZ>rEopAmitB?_O}u0etcO%w(yeib@PeqOZ)oLr<^e z%TnuFQ-8hS&}Q<40^0N|!EXwR9Mw++w$a%>!r=)?n8kf6+%#mrzO!D0a&`Bf*hU&D zqQ4PmXCsOegZ0@tPpr6VsU%v=3FrZp;5Gd`LeLxoVHTYkc?h3+uob^&3U|etrfXiB z5zcQ-%*Gk&L%;IU^yo6jd6bHf$~`b;3Z0R>!}EzolWISKpg0|_DNHUe*?km=bRk(3 z$EVFmR-}^@Q--tOvnX?0YCm_|enL@uOODmWRb%H;Q#0=P)Cb8beeCB;FzbSPU~^hj z_|wk6ZHQgm$qtc=BljP*6_o}ZBcCvc_#A(C$`38pn4me@C>^(d-ZM9=u+X!m8>%Id zIyRd!wTlx2GuV`EJm8PB;6szm+TMP@(YCHZULg4Gz^4a7lHK3hKLE!7SH?Y8(wGyl z%B^7y|Fdy(7$&;V==Z?r>R*&&CDvhyh3m*Ze{g5)SkCc#^A`klq)os@jX*34tQFqh zCc*lDN817#BVGT0qqew&+!~U)AqSI5>t2k++N;7r@6#PDnLm}jHPTPJ7 zfRU6y4=uN@P*1I8v8WGAELcxykXp+X&gXCtbQ+4XpWq z8t*6n4PgG5{;$AY=?3r!%{)_t>%QAd3QH3=A=Oyx9e*}ny}*BK(E`W8P4G$hi`tsT+`aIJ|0YY7^AdYIz2u2dZ7JK7YB%?SRq;C zjRK{BW<|1$stL_#?_Nx*tq!|1#?5;Vw{^-7as7FeMmRX`w28_Mzapb2!tMF=URODI zdbMgQzBbpCk1JP}AB&RCV>3#7Z@ZNN@bm-|@IXzRT-^D%u3_|UUsj0xuICC?ReCA9 z7Z@mKRN*KcT8V~SwAXv_H8~%E)%xl7LQESXsD9K(inNJICb&kV#}^zJ4?F0X7pO&b z@~Wdtua%X&i25Ka_(D--HCrl4k`8YEBONHJvC4mBqK|m2TS`CRB|}J`Y%iTzBta1@ zq)6!S?4K}Rf-5Ppwv^BI!8r_k=p*cl@l_J`$zB-=v&S|XMlsfi*-8D>&pUrW9blIK zqNvRdLr>eI6kB8OCllBsbXtXnitIsO5T72Utl`1w3b#y2nfw_alGPAnGhvUxPE3>L z?8L4Nm81*7HH>>0ijzdy$N*W6ecuCFt< z$d!W3lo%vpd$Q$iPPR^D5Uj^zijC>w=|9ocg8|u+^lM(Zf-Owjt)Zy2WYoMq+H}sj zqY??DZkm=$@7i46VQZj`BmqnQWA1*{5-uoCKTp-cU7ad;JegY)OD>LKh%2{JYYC~e z$Q~qbbM{PGWrk}yoQarCXP?XFSG7cY^FL>fg%uXtI_fGLO|ya!qc3T3ZX~g^>R&XI zUhX7uQQDJCjtbJ<6+|;A5ziw5O|@X6rhMWebhjT9`QJ)y!1D5%iKc03sH$$rmd_0q*x$hmgKRY>x`18|Wny4+mi*CYs2#CHWnflM|V z*<%)+;s^9vkem8Q?IF~Xfk%WyA&4~D?e_CWZ>Mbnh>>%VuMLkSOr02ChdWp?bs>rv zBF|!c9U(Wn1K$5kXA);$DzfTa<@CS7Y|MXQcIklA+_U#YF1WZzvkyeuRAJ-mnN5+U zO3lV;z~s8gapf@@7I~Ug6W{~*$bL^|2~xXQUVc^{6=SN!1D7_hiuThslfW$-Eq{R1 z@^4SX)wy|j`+#O8Z`;qs&i#$_3i+-xj7m=~~;5RlfE@iHCsw6mdI;M)x-m{ltZ8VqFIP2cP!u=={a<|3ez>>DM;0 zhdJZl_jiM`ga1-;op+`rWgiYg;y*{pO*XWx=`!qu$BB*rQ8CY%2jIwu8rRdBu8{}z0mjH&|$e68ts;k>$r7i)*mdH{*_FO{@3npSNhQ2Y)vrG!6l$x zOa@$m5oHYT8tw2U$3f@dqRq=>Cxu_>Voo&2g=$)H{)^P;i=ST;q8k}cL&)!RZFM)?gUWg^`E>;^_-YfE8w^hV4^d$6mowys7x| z9?q3}NE^xul;;uDm01ZI)O)cC$(SYG@z&sib6RawLt+W$-zY)W>EEGmcRKUu9MV4cye%{CJfGM=NL-LP1kzy8D{w}kN>^W;af^@42qfam$(0r=-@CNw1d7EzK} zJ59|Zq@)UxBHD%OwptoG080N?@GZPg8tK%;huU-Ql#%Jmr}ry)O{-Cn=z-Xt3Q%VD z9}(`+(O(Fl)JQGG5Yy>(kM+DH1Hov+6F-Id%f(zXz+LoN0hCrlg+%&EGWK|lW=#oe`$ zFALY#U87ucpO~-f{wo*0eWY8mI<@b50w`Tnr40g*s&pY%Qi#ki#+0jbQI-0k8~dZ zwlM?M%b|uZ)`3|WNCzI>`UjjNEl&F;))o!Z`eJ^2;NCRRT7iJ#O3XjroA^7P55JT! zH{axKzdPHD75n?OoyPs{`rzKb#pECFS5!UykE$^L3fV(gk20KE7pePMufyy;{xKUg zS;>O!4?p{2K?5$a5AP7a5ip7fTR;)c=AZ0TX&3%B+1qPfa9qM!=IJ`SNBCy4! zPspnE8bhb2^NsjxPA;8%wZY+EV`E_8GxQiaSaIJ<>6l$SNez2=SN>iel9gR-<cp>!ghOnMBGIIx(o z1rY;_M01nQcwoUrh784r?Ya8`-f6mkdF=Kmppn=ESjW3wJ*=Eh49?cnO373#mWta! zWD~vC7ZQ_v_{ZcCM}yLC9N9&i_gdk*s>(_c=CtAU;v9eP!=hj(a+R60CojEa8A~N) zm!oYpQY$5!GmUg=NI2(dyesr)Iox?eb zmKdquO^Hh#9htV`88SZq*1dDlE8g8OUMfsN{-5TOo?r6lWJbf0#N$%T=7Qtyxixr2 z3M@2cP=@+YqVe_6=6*Tm7ULz_Ye)Vl+=-_XmO3}Im78HJ1urF8t(iP=s6-UO`r@~Fd^Nm;4HB!`7qK*nX?q+5qAm1wH~m}&ttx*QkF5y#o?MAD2h52l~WRHMn0bx}5^oC3 z&F{yivm50)vzTdp0(@Oa|s&38#zB0L-v@VRhLTD7zd z)+R2^SG14G#&tAUf$QmJQ%?IqlCpk$c&s#!UjW^d!4&_%3=*F=wfeY7DClNQc}u(e z)97N4CTAxvXrmND3XQL4-)g$6pHETggDXMPoTI~6!mDXQkD(Ya_>4#fAk0?SVlrjRpl4=)gFXgRhBGTwuqXGQ)cl-8|10Dko2bcrP8bY}hF^%eyx zNUy)&D|`SZOb;fvshv*$xhj8ak#ykF)6AD}fNh(E1C3Q%XusDB4Pw{D<6u9odd2lRFNXVgf|5J2iVrbZh)1NyiN0ACyM}9^b&XBgJLq5Wt&w0`e%< zNA9*#YJZBp8r_pu1fzQ+v1F%(osscM<%f-XRA^(k=wT@Jj=K^;eR*EIV?v!0sk=uR z4!Ty&@Aw~dXXq*1FacvoEc(ZAQ_ci8?y^U*dQxc?o=)0&BOhCbBNQ>sl;2OGeJszD zUeYUks`13jH;-9%u+&^M^rB6o>to(vgd(e1wu&n2Cb((qOCp`HkH-DwCa=SS@wMpv z-Ati%Q^|6`eb%x+B4%f2N6X-1d;8gCy`WdX;CHk(PoygSF7uOd@g Note: YAML files used in this tutorial are stored [here](https://github.com/kubestash/docs/tree/{{< param "info.version" >}}/docs/addons/mariadb/helm/examples). + +## Prepare MariaDB + +In this section, we are going to deploy a MariaDB database. Then, we are going to insert some sample data into it. + +### Deploy MariaDB + +At first, let's deploy a MariaDB database. Here, we are going to use [bitnami/mariadb](https://artifacthub.io/packages/helm/bitnami/mariadb) chart from [ArtifactHub](https://artifacthub.io/). + +Let's deploy a MariaDB database named `sample-mariadb` using Helm as below, + +```bash +# Add bitnami chart registry +$ helm repo add bitnami https://charts.bitnami.com/bitnami +# Update helm registries +$ helm repo update +# Install bitnami/mariadb chart into demo namespace +$ helm install sample-mariadb bitnami/mariadb -n demo +``` + +This chart will create the necessary StatefulSet, Secret, Service etc. for the database. You can easily view all the resources created by chart using [ketall](https://github.com/corneliusweig/ketall) `kubectl` plugin as below, + +```bash +$ kubectl get-all -n demo -l app.kubernetes.io/instance=sample-mariadb +NAME NAMESPACE AGE +configmap/sample-mariadb demo 5m59s +endpoints/sample-mariadb demo 5m59s +persistentvolumeclaim/data-sample-mariadb-0 demo 5m59s +pod/sample-mariadb-0 demo 5m59s +secret/sample-mariadb demo 5m59s +serviceaccount/sample-mariadb demo 5m59s +service/sample-mariadb demo 5m59s +controllerrevision.apps/sample-mariadb-bb8d8865b demo 5m59s +statefulset.apps/sample-mariadb demo 5m59s +``` + +Now, wait for the database pod `sample-mariadb-0` to go into `Running` state, + +```bash +$ kubectl get pod -n demo sample-mariadb-0 +NAME READY STATUS RESTARTS AGE +sample-mariadb-0 1/1 Running 0 11m +``` + +Once the database pod is in `Running` state, verify that the database is ready to accept the connections. + +```bash +$ kubectl logs -n demo sample-mariadb-0 +mariadb 10:44:37.29 +mariadb 10:44:37.29 Welcome to the Bitnami mariadb container +... +2020-12-03 10:44:46 0 [Note] /opt/bitnami/mariadb/sbin/mysqld: ready for connections. +Version: '10.5.8-MariaDB' socket: '/opt/bitnami/mariadb/tmp/mysql.sock' port: 3306 Source distribution +``` + +From the above log, we can see the database is ready to accept connections. + +### Insert Sample Data + +Now, we are going to exec into the database pod and create some sample data. The helm chart has created a secret with access credentials. Let's find out the credentials from the Secret, + +```yaml +$ kubectl get secret -n demo sample-mariadb -o yaml +apiVersion: v1 +data: + mariadb-password: ZlFSdzA1ZXRvbg== + mariadb-root-password: Y1ZrUXA0TXdENQ== +kind: Secret +metadata: + annotations: + meta.helm.sh/release-name: sample-mariadb + meta.helm.sh/release-namespace: demo + creationTimestamp: "2020-12-03T10:43:43Z" + labels: + app.kubernetes.io/instance: sample-mariadb + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: mariadb + helm.sh/chart: mariadb-9.0.1 + .... + name: sample-mariadb + namespace: demo +type: Opaque +``` + +Here, we are going to use the root user credential `mariadb-root-password` to insert the sample data. + +At first, let's export the username and password as environment variables to make further commands re-usable. + +```bash +export USER_NAME=root +export PASSWORD=$(kubectl get secrets -n demo sample-mariadb -o jsonpath='{.data.\mariadb-root-password}' | base64 -d) +``` + +Now, let's exec into the database pod and insert some sample data, + +```bash +$ kubectl exec -it -n demo sample-mariadb-0 -- mariadb --user=$USER_NAME --password=$PASSWORD +... +# Let's create a database named "company" +MariaDB [(none)]> create database company; +Query OK, 1 row affected (0.001 sec) + +# Verify that the database has been created successfully +MariaDB [(none)]> show databases; ++--------------------+ +| Database | ++--------------------+ +| company | +| information_schema | +| my_database | +| mysql | +| performance_schema | +| test | ++--------------------+ +6 rows in set (0.001 sec) + +# Now, let create a table called "employee" in the "company" table +MariaDB [(none)]> create table company.employees ( name varchar(50), salary int); +Query OK, 0 rows affected (0.018 sec) + +# Verify that the table has been created successfully +MariaDB [(none)]> show tables in company; ++-------------------+ +| Tables_in_company | ++-------------------+ +| employees | ++-------------------+ +1 row in set (0.001 sec) + +# Now, let's insert a sample row in the table +MariaDB [(none)]> insert into company.employees values ('John Doe', 5000); +Query OK, 1 row affected (0.003 sec) + +# Insert another sample row +MariaDB [(none)]> insert into company.employees values ('James William', 7000); +Query OK, 1 row affected (0.002 sec) + +# Verify that the rows have been inserted into the table successfully +MariaDB [(none)]> select * from company.employees; ++---------------+--------+ +| name | salary | ++---------------+--------+ +| John Doe | 5000 | +| James William | 7000 | ++---------------+--------+ +2 rows in set (0.001 sec) + +MariaDB [(none)]> exit +Bye +``` + +We have successfully deployed a MariaDB database and inserted some sample data into it. In the subsequent sections, we are going to backup these data using Stash. + +## Prepare for Backup + +In this section, we are going to prepare the necessary resources (i.e. database connection information, backend information, etc.) before backup. + +### Ensure MariaDB Addon + +When you install Stash, it will automatically install all the official database addons. Make sure that MariaDB addon was installed properly using the following command. + +```bash +$ kubectl get tasks.stash.appscode.com | grep mariadb +mariadb-backup-10.5.8 35s +mariadb-backup-10.5.8 35s +``` + +This addon should be able to take backup of the databases with matching major versions as discussed in [Addon Version Compatibility](/docs/addons/mariadb/README.md#addon-version-compatibility). + +### Create AppBinding + +Stash needs to know how to connect with the database. An `AppBinding` exactly provides this information. It holds the Service and Secret information of the database. You have to point to the respective `AppBinding` as a target of backup instead of the database itself. + +Stash expect your database Secret to have `username` and `password` keys. If your database secret does not have them, the `AppBinding` can also help here. You can specify a `secretTransforms` section with the mapping between the current keys and the desired keys. + +Here, is the YAML of the `AppBinding` that we are going to create for the MariaDB database we have deployed earlier. + +```yaml +apiVersion: appcatalog.appscode.com/v1alpha1 +kind: AppBinding +metadata: + name: sample-mariadb + namespace: demo +spec: + clientConfig: + service: + name: sample-mariadb + path: / + port: 3306 + scheme: mysql + secret: + name: sample-mariadb + secretTransforms: + - addKey: + key: username + stringValue: root + - renameKey: + from: mariadb-root-password + to: password + type: mariadb + version: 10.5.8 +``` + +Here, + +- **.spec.clientConfig.service** specifies the Service information to use to connects with the database. +- **.spec.secret** specifies the name of the Secret that holds necessary credentials to access the database. +- **.spec.secretTransforms** specifies the transformations required to achieve the desired keys from the current Secret. You can apply the following transformations here: + - **addKey**: If your database Secret does not have an equivalent key expected by Stash, you can add the key using `addKey` transformation. Here, our deployed MariaDB Secret didn't have any key equivalent to `username`. Hence, we are adding the key using `addKey` transformation. + - **renameKey**: If your database Secret does not have a key expected by Stash but it has an equivalent key that is used for the same purpose, you can use `renameKey` transformation to specify the mapping between the keys. For example, our MariaDB Secret didn't have `password` key but it has an equivalent `mariadb-root-password` key that contains password for the root user. Hence, we are telling Stash using `renameKey` transformation that the `mariadb-root-password` should be used as `password` key. + - **addKeysFrom**: You can also merge keys from another Secret using `addKeysFrom` transformation. You have to specify the respective Secret name and namespace as below: + ```yaml + addKeysFrom: + name: + namespace: + ``` +- `spec.type` specifies the type of the database. This is particularly helpful in auto-backup where you want to use different path prefixes for different types of database. + +Let's create the `AppBinding` we have shown above, + +```bash +$ kubectl apply -f https://github.com/kubestash/docs/tree/{{< param "info.version" >}}/docs/addons/mariadb/helm/examples/appbinding.yaml +appbinding.appcatalog.appscode.com/sample-mariadb created +``` + +>The `secretTransforms` does not modify your original database Secret. Stash just uses those transformations to obtain the desired keys from the original Secret. + +### Prepare Backend + +We are going to store our backed up data into a GCS bucket. So, we need to create a Secret with GCS credentials and a `Repository` object with the bucket information. If you want to use a different backend, please read the respective backend configuration doc from [here](/docs/guides/backends/overview/index.md). + +**Create Storage Secret:** + +At first, let's create a secret called `gcs-secret` with access credentials to our desired GCS bucket, + +```bash +$ echo -n 'changeit' > RESTIC_PASSWORD +$ echo -n '' > GOOGLE_PROJECT_ID +$ cat downloaded-sa-key.json > GOOGLE_SERVICE_ACCOUNT_JSON_KEY +$ kubectl create secret generic -n demo gcs-secret \ + --from-file=./RESTIC_PASSWORD \ + --from-file=./GOOGLE_PROJECT_ID \ + --from-file=./GOOGLE_SERVICE_ACCOUNT_JSON_KEY +secret/gcs-secret created +``` + +**Create Repository:** + +Now, crete a `Repository` object with the information of your desired bucket. Below is the YAML of `Repository` object we are going to create, + +```yaml +apiVersion: stash.appscode.com/v1alpha1 +kind: Repository +metadata: + name: gcs-repo + namespace: demo +spec: + backend: + gcs: + bucket: stash-testing + prefix: /demo/mariadb/sample-mariadb + storageSecretName: gcs-secret +``` + +Let's create the `Repository` we have shown above, + +```bash +$ kubectl create -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/mariadb/helm/examples/repository.yaml +repository.stash.appscode.com/gcs-repo created +``` + +Now, we are ready to backup our database into our desired backend. + +### Backup + +To schedule a backup, we have to create a `BackupConfiguration` object targeting the respective `AppBinding` of our desired database. Then Stash will create a CronJob to periodically backup the database. + +#### Create BackupConfiguration + +Below is the YAML for `BackupConfiguration` object we care going to use to backup the `sample-mariadb` database we have deployed earlier, + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: sample-mariadb-backup + namespace: demo +spec: + schedule: "*/5 * * * *" + task: + name: mariadb-backup-10.5.8 + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-mariadb + retentionPolicy: + name: keep-last-5 + keepLast: 5 + prune: true +``` + +Here, + +- `.spec.schedule` specifies that we want to backup the database at 5 minutes intervals. +- `.spec.task.name` specifies the name of the Task object that specifies the necessary Functions and their execution order to backup a MariaDB database. +- `.spec.target.ref` refers to the AppBinding object that holds the connection information of our targeted database. + +Let's create the `BackupConfiguration` object we have shown above, + +```bash +$ kubectl create -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/mariadb/helm/examples/backupconfiguration.yaml +backupconfiguration.stash.appscode.com/sample-mariadb-backup created +``` + +### Verify Backup Setup Successful + +If everything goes well, the phase of the `BackupConfiguration` should be `Ready`. The `Ready` phase indicates that the backup setup is successful. Let's verify the `Phase` of the BackupConfiguration, + +```bash +$ kubectl get backupconfiguration -n demo +NAME TASK SCHEDULE PAUSED PHASE AGE +sample-mariadb-backup mariadb-backup-10.5.8 */5 * * * * Ready 11s +``` + +#### Verify CronJob + +Stash will create a CronJob with the schedule specified in `spec.schedule` field of `BackupConfiguration` object. + +Verify that the CronJob has been created using the following command, + +```bash +$ kubectl get cronjob -n demo +NAME SCHEDULE SUSPEND ACTIVE LAST SCHEDULE AGE +stash-backup-sample-mariadb-backup */5 * * * * False 0 15s 17s +``` + +#### Wait for BackupSession + +The `sample-mariadb-backup` CronJob will trigger a backup on each scheduled slot by creating a `BackupSession` object. + +Now, wait for a schedule to appear. Run the following command to watch for a `BackupSession` object, + +```bash +$ kubectl get backupsession -n demo -w +NAME INVOKER-TYPE INVOKER-NAME PHASE AGE +sample-mariadb-backup-1606994706 BackupConfiguration sample-mariadb-backup Running 24s +sample-mariadb-backup-1606994706 BackupConfiguration sample-mariadb-backup Running 75s +sample-mariadb-backup-1606994706 BackupConfiguration sample-mariadb-backup Succeeded 103s +``` + +Here, the phase `Succeeded` means that the backup process has been completed successfully. + +#### Verify Backup + +Now, we are going to verify whether the backed up data is present in the backend or not. Once a backup is completed, Stash will update the respective `Repository` object to reflect the backup completion. Check that the repository `gcs-repo` has been updated by the following command, + +```bash +$ kubectl get repository -n demo gcs-repo +NAME INTEGRITY SIZE SNAPSHOT-COUNT LAST-SUCCESSFUL-BACKUP AGE +gcs-repo true 1.327 MiB 1 60s 8m +``` + +Now, if we navigate to the GCS bucket, we will see the backed up data has been stored in `demo/mariadb/sample-mariadb` directory as specified by `.spec.backend.gcs.prefix` field of the `Repository` object. + +
    + Backup data in GCS Bucket +
    Fig: Backup data in GCS Bucket
    +
    + +> Note: Stash keeps all the backed up data encrypted. So, data in the backend will not make any sense until they are decrypted. + +## Restore MariaDB + +If you have followed the previous sections properly, you should have a successful logical backup of your MariaDB database. Now, we are going to show how you can restore the database from the backed up data. + +### Restore Into the Same Database + +You can restore your data into the same database you have backed up from or into a different database in the same cluster or a different cluster. In this section, we are going to show you how to restore in the same database which may be necessary when you have accidentally deleted any data from the running database. + +#### Temporarily Pause Backup + +At first, let's stop taking any further backup of the database so that no backup runs after we delete the sample data. We are going to pause the `BackupConfiguration` object. Stash will stop taking any further backup when the `BackupConfiguration` is paused. + +Let's pause the `sample-mariadb-backup` BackupConfiguration, + +```bash +$ kubectl patch backupconfiguration -n demo sample-mariadb-backup --type="merge" --patch='{"spec": {"paused": true}}' +backupconfiguration.stash.appscode.com/sample-mariadb-backup patched +``` + +Verify that the `BackupConfiguration` has been paused, + +```bash +$ kubectl get backupconfiguration -n demo sample-mariadb-backup +NAME TASK SCHEDULE PAUSED PHASE AGE +sample-mariadb-backup mariadb-backup-10.5.8 */5 * * * * true Ready 26m +``` + +Notice the `PAUSED` column. Value `true` for this field means that the `BackupConfiguration` has been paused. + +Stash will also suspend the respective CronJob. + +```bash +$ kubectl get cronjob -n demo +NAME SCHEDULE SUSPEND ACTIVE LAST SCHEDULE AGE +stash-backup-sample-mariadb-backup */5 * * * * True 0 2m59s 20m +``` + +#### Simulate Disaster + +Now, let's simulate an accidental deletion scenario. Here, we are going to exec into the database pod and delete the `company` database we had created earlier. + +```bash +$ kubectl exec -it -n demo sample-mariadb-0 -- mariadb --user=$USER_NAME --password=$PASSWORD + +# View current databases +MariaDB [(none)]> show databases; ++--------------------+ +| Database | ++--------------------+ +| company | +| information_schema | +| my_database | +| mysql | +| performance_schema | +| test | ++--------------------+ +6 rows in set (0.001 sec) + +# Let's delete the "company" database +MariaDB [(none)]> drop database company; +Query OK, 1 row affected (0.268 sec) + +# Verify that the "company" database has been deleted +MariaDB [(none)]> show databases; ++--------------------+ +| Database | ++--------------------+ +| information_schema | +| my_database | +| mysql | +| performance_schema | +| test | ++--------------------+ +5 rows in set (0.001 sec) + +MariaDB [(none)]> exit +Bye +``` + +#### Create RestoreSession + +To restore the database, you have to create a `RestoreSession` object pointing to the `AppBinding` of the targeted database. + +Here, is the YAML of the `RestoreSession` object that we are going to use for restoring our `sample-mariadb` database. + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: RestoreSession +metadata: + name: sample-mariadb-restore + namespace: demo +spec: + task: + name: mariadb-backup-10.5.8 + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-mariadb + rules: + - snapshots: [latest] +``` + +Here, + +- `.spec.task.name` specifies the name of the Task object that specifies the necessary Functions and their execution order to restore a MariaDB database. +- `.spec.repository.name` specifies the Repository object that holds the backend information where our backed up data has been stored. +- `.spec.target.ref` refers to the respective AppBinding of the `sample-mariadb` database. +- `.spec.rules` specifies that we are restoring data from the latest backup snapshot of the database. + +Let's create the `RestoreSession` object object we have shown above, + +```bash +$ kubectl apply -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/mariadb/helm/examples/restoresession.yaml +restoresession.stash.appscode.com/sample-mariadb-restore created +``` + +Once, you have created the `RestoreSession` object, Stash will create a restore Job. Run the following command to watch the phase of the `RestoreSession` object, + +```bash +$ kubectl get restoresession -n demo -w +NAME REPOSITORY PHASE AGE +sample-mariadb-restore gcs-repo Running 15s +sample-mariadb-restore gcs-repo Succeeded 18s +``` + +The `Succeeded` phase means that the restore process has been completed successfully. + +#### Verify Restored Data + +Now, let's exec into the database pod and verify whether data actual data was restored or not, + +```bash +$ kubectl exec -it -n demo sample-mariadb-0 -- mariadb --user=$USER_NAME --password=$PASSWORD + +# Verify that the "company" database has been restored +MariaDB [(none)]> show databases; ++--------------------+ +| Database | ++--------------------+ +| company | +| information_schema | +| my_database | +| mysql | +| performance_schema | +| test | ++--------------------+ +6 rows in set (0.000 sec) + +# Verify that the tables of the "company" database have been restored +MariaDB [(none)]> show tables from company; ++-------------------+ +| Tables_in_company | ++-------------------+ +| employees | ++-------------------+ +1 row in set (0.000 sec) + +# Verify that the sample data of the "employees" table has been restored +MariaDB [(none)]> select * from company.employees; ++---------------+--------+ +| name | salary | ++---------------+--------+ +| John Doe | 5000 | +| James William | 7000 | ++---------------+--------+ +2 rows in set (0.000 sec) + +MariaDB [(none)]> exit +Bye +``` + +Hence, we can see from the above output that the deleted data has been restored successfully from the backup. + +#### Resume Backup + +Since our data has been restored successfully we can now resume our usual backup process. Resume the `BackupConfiguration` using following command, + +```bash +$ kubectl patch backupconfiguration -n demo sample-mariadb-backup --type="merge" --patch='{"spec": {"paused": false}}' +backupconfiguration.stash.appscode.com/sample-mariadb-backup patched +``` + +Verify that the `BackupConfiguration` has been resumed, +```bash +$ kubectl get backupconfiguration -n demo sample-mariadb-backup +NAME TASK SCHEDULE PAUSED PHASE AGE +sample-mariadb-backup mariadb-backup-10.5.8 */5 * * * * false Ready 29m +``` + +Here, `false` in the `PAUSED` column means the backup has been resume successfully. The CronJob also should be resumed now. + +```bash +$ kubectl get cronjob -n demo +NAME SCHEDULE SUSPEND ACTIVE LAST SCHEDULE AGE +stash-backup-sample-mariadb-backup */5 * * * * False 0 2m59s 29m +``` + +Here, `False` in the `SUSPEND` column means the CronJob is no longer suspended and will trigger in the next schedule. + +### Restore Into Different Database of the Same Namespace + +If you want to restore the backed up data into a different database of the same namespace, you have to create another `AppBinding` pointing to the desired database. Then, you have to create the `RestoreSession` pointing to the new `AppBinding`. + +### Restore Into Different Namespace + +If you want to restore into a different namespace of the same cluster, you have to create the Repository, backend Secret, AppBinding, in the desired namespace. You can use [Stash kubectl plugin](https://stash.run/docs/{{< param "info.version" >}}/guides/cli/cli/) to easily copy the resources into a new namespace. Then, you have to create the `RestoreSession` object in the desired namespace pointing to the Repository, AppBinding of that namespace. + +### Restore Into Different Cluster + +If you want to restore into a different cluster, you have to install Stash in the desired cluster. Then, you have to install Stash MariaDB addon in that cluster too. Then, you have to create the Repository, backend Secret, AppBinding, in the desired cluster. Finally, you have to create the `RestoreSession` object in the desired cluster pointing to the Repository, AppBinding of that cluster. + +## Cleanup + +To cleanup the Kubernetes resources created by this tutorial, run: + +```bash +kubectl delete -n demo backupconfiguration sample-mariadb-backup +kubectl delete -n demo restoresession sample-mariadb-restore +kubectl delete -n demo repository gcs-repo +# delete the database chart +helm delete sample-mariadb -n demo +``` diff --git a/docs/addons/mariadb/overview/images/mariadb-logical-backup.svg b/docs/addons/mariadb/overview/images/mariadb-logical-backup.svg new file mode 100644 index 0000000..04faf0a --- /dev/null +++ b/docs/addons/mariadb/overview/images/mariadb-logical-backup.svg @@ -0,0 +1,987 @@ + + + + + + image/svg+xml + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/addons/mariadb/overview/images/mariadb-logical-restore.svg b/docs/addons/mariadb/overview/images/mariadb-logical-restore.svg new file mode 100644 index 0000000..c930c86 --- /dev/null +++ b/docs/addons/mariadb/overview/images/mariadb-logical-restore.svg @@ -0,0 +1,857 @@ + + + + + + image/svg+xml + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/addons/mariadb/overview/index.md b/docs/addons/mariadb/overview/index.md new file mode 100644 index 0000000..2ab64b0 --- /dev/null +++ b/docs/addons/mariadb/overview/index.md @@ -0,0 +1,85 @@ +--- +title: MariaDB Backup & Restore Overview | Stash +description: How MariaDB Backup & Restore Works in Stash +menu: + docs_{{ .version }}: + identifier: stash-mariadb-overview + name: How does it work? + parent: stash-mariadb + weight: 10 +product_name: kubestash +menu_name: docs_{{ .version }} +section_menu_id: stash-addons +--- + +# How Stash Backups & Restores MariaDB Database + +Stash 0.9.0+ supports backup and restore operation of many databases. This guide will give you an overview of how MariaDB database backup and restore process works in Stash. + +## Logical Backup + +Stash supports taking [logical backup](https://mariadb.com/kb/en/backup-and-restore-overview/#logical-vs-physical-backups) of MariaDB databases using [mysqldump](https://mariadb.com/kb/en/mysqldump/). It is the most flexible way to perform a backup and restore, and a good choice when the data size is relatively small. + +### How Logical Backup Works + +The following diagram shows how Stash takes logical backup of a MariaDB database. Open the image in a new tab to see the enlarged version. + +
    +  MariaDB Backup Overview +
    Fig: MariaDB Logical Backup Overview
    +
    + +The backup process consists of the following steps: + +1. At first, a user creates a secret with access credentials of the backend where the backed up data will be stored. + +2. Then, she creates a `Repository` crd that specifies the backend information along with the secret that holds the credentials to access the backend. + +3. Then, she creates a `BackupConfiguration` crd targeting the [AppBinding](/docs/concepts/crds/appbinding/index.md) crd of the desired database. The `BackupConfiguration` object also specifies the `Task` to use to backup the database. + +4. Stash operator watches for `BackupConfiguration` crd. + +5. Once Stash operator finds a `BackupConfiguration` crd, it creates a CronJob with the schedule specified in `BackupConfiguration` object to trigger backup periodically. + +6. On the next scheduled slot, the CronJob triggers a backup by creating a `BackupSession` crd. + +7. Stash operator also watches for `BackupSession` crd. + +8. When it finds a `BackupSession` object, it resolves the respective `Task` and `Function` and prepares a Job definition to backup. + +9. Then, it creates the Job to backup the targeted database. + +10. The backup Job reads necessary information to connect with the database from the `AppBinding` crd. It also reads backend information and access credentials from `Repository` crd and Storage Secret respectively. + +11. Then, the Job dumps the targeted database and uploads the output to the backend. Stash pipes the output of dump command to uploading process. Hence, backup Job does not require a large volume to hold the entire dump output. + +12. Finally, when the backup is complete, the Job sends Prometheus metrics to the Pushgateway running inside Stash operator pod. It also updates the `BackupSession` and `Repository` status to reflect the backup procedure. + +### How Restore from Logical Backup Works + +The following diagram shows how Stash restores a MariaDB database from a logical backup. Open the image in a new tab to see the enlarged version. + +
    +  Database Restore Overview +
    Fig: MariaDB Logical Restore Process Overview
    +
    + +The restore process consists of the following steps: + +1. At first, a user creates a `RestoreSession` crd targeting the `AppBinding` of the desired database where the backed up data will be restored. It also specifies the `Repository` crd which holds the backend information and the `Task` to use to restore the target. + +2. Stash operator watches for `RestoreSession` object. + +3. Once it finds a `RestoreSession` object, it resolves the respective `Task` and `Function` and prepares a Job definition to restore. + +4. Then, it creates the Job to restore the target. + +5. The Job reads necessary information to connect with the database from respective `AppBinding` crd. It also reads backend information and access credentials from `Repository` crd and Storage Secret respectively. + +6. Then, the job downloads the backed up data from the backend and injects into the desired database. Stash pipes the downloaded data to the respective database tool to inject into the database. Hence, restore job does not require a large volume to download entire backup data inside it. + +7. Finally, when the restore process is complete, the Job sends Prometheus metrics to the Pushgateway and update the `RestoreSession` status to reflect restore completion. + +## Next Steps + +- Backup your MariaDB database using Stash following the guide from [here](/docs/addons/mariadb/helm/index.md). diff --git a/docs/addons/mongodb/README.md b/docs/addons/mongodb/README.md new file mode 100644 index 0000000..81c0084 --- /dev/null +++ b/docs/addons/mongodb/README.md @@ -0,0 +1,43 @@ +--- +title: MongoDB Addon Overview | Stash +description: MongoDB Addon Overview | Stash +menu: + docs_{{ .version }}: + identifier: stash-mongodb-readme + name: Readme + parent: stash-mongodb + weight: -1 +product_name: kubestash +menu_name: docs_{{ .version }} +section_menu_id: stash-addons +url: /docs/{{ .version }}/addons/mongodb/ +aliases: + - /docs/{{ .version }}/addons/mongodb/README/ +--- + +# Stash MongoDB Addon + +Stash 0.9.0+ supports extending its functionality through addons. Stash MongoDB addon enables Stash to backup and restore MongoDB databases. + +This guide will give you an overview of which MongoDB versions are supported and how the docs are organized. + +## Supported MongoDB Versions + +Stash has the following addon versions for MongoDB: + +{{< versionlist "mongodb">}} + +Here, the addon follows `M.M.P` versioning scheme where `M.M.P` (Major.Minor.Patch) represents the respective database version. + +## Addon Version Compatibility + +Any addon with matching major version with the database version should be able to take backup of that database. For example, MongoDB addon with version `4.x.x` should be able take backup of any MongoDB of `4.x.x` series. However, this might not be true for some versions. In that case, we will have separate addon for that version. + +## Documentation Overview + +Stash MongoDB documentations are organized as below: + +- [How does it work?](/docs/addons/mongodb/overview/index.md) gives an overview of how backup and restore process for MongoDB database works in Stash. +- [Standalone MongoDB](/docs/addons/mongodb/standalone/index.md) shows how to backup and restore a standalone MongoDB database. +- [MongoDB ReplicaSet](/docs/addons/mongodb/replicaset/index.md) shows how to backup & restore a MongoDB ReplicaSet. +- [Sharded MongoDB Cluster](/docs/addons/mongodb/sharding/index.md) shows how to backup & restore a sharded MongoDB cluster. diff --git a/docs/addons/mongodb/_index.md b/docs/addons/mongodb/_index.md new file mode 100644 index 0000000..43aa8a1 --- /dev/null +++ b/docs/addons/mongodb/_index.md @@ -0,0 +1,11 @@ +--- +title: Stash MongoDB Addon +menu: + docs_{{ .version }}: + identifier: stash-mongodb + name: MongoDB + parent: stash-addons + weight: 40 +menu_name: docs_{{ .version }} +--- + diff --git a/docs/addons/mongodb/overview/images/backup_overview.svg b/docs/addons/mongodb/overview/images/backup_overview.svg new file mode 100644 index 0000000..1c9ec73 --- /dev/null +++ b/docs/addons/mongodb/overview/images/backup_overview.svg @@ -0,0 +1,997 @@ + + + + + + image/svg+xml + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/addons/mongodb/overview/images/replicaset_backup.svg b/docs/addons/mongodb/overview/images/replicaset_backup.svg new file mode 100644 index 0000000..206eb76 --- /dev/null +++ b/docs/addons/mongodb/overview/images/replicaset_backup.svg @@ -0,0 +1,673 @@ + + + + + + image/svg+xml + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/addons/mongodb/overview/images/replicaset_restore.svg b/docs/addons/mongodb/overview/images/replicaset_restore.svg new file mode 100644 index 0000000..ad6cd40 --- /dev/null +++ b/docs/addons/mongodb/overview/images/replicaset_restore.svg @@ -0,0 +1,673 @@ + + + + + + image/svg+xml + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/addons/mongodb/overview/images/restore_overview.svg b/docs/addons/mongodb/overview/images/restore_overview.svg new file mode 100644 index 0000000..09dff9b --- /dev/null +++ b/docs/addons/mongodb/overview/images/restore_overview.svg @@ -0,0 +1,867 @@ + + + + + + image/svg+xml + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/addons/mongodb/overview/images/sharded_backup.svg b/docs/addons/mongodb/overview/images/sharded_backup.svg new file mode 100644 index 0000000..5f3b4c5 --- /dev/null +++ b/docs/addons/mongodb/overview/images/sharded_backup.svg @@ -0,0 +1,2107 @@ + + + + + + image/svg+xmldiff --git a/docs/addons/mongodb/overview/images/sharded_restore.svg b/docs/addons/mongodb/overview/images/sharded_restore.svg new file mode 100644 index 0000000..03884e2 --- /dev/null +++ b/docs/addons/mongodb/overview/images/sharded_restore.svg @@ -0,0 +1,2107 @@ + + + + + + image/svg+xmldiff --git a/docs/addons/mongodb/overview/images/standalone_backup.svg b/docs/addons/mongodb/overview/images/standalone_backup.svg new file mode 100644 index 0000000..0807874 --- /dev/null +++ b/docs/addons/mongodb/overview/images/standalone_backup.svg @@ -0,0 +1,673 @@ + + + + + + image/svg+xml + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/addons/mongodb/overview/images/standalone_restore.svg b/docs/addons/mongodb/overview/images/standalone_restore.svg new file mode 100644 index 0000000..3306a4d --- /dev/null +++ b/docs/addons/mongodb/overview/images/standalone_restore.svg @@ -0,0 +1,673 @@ + + + + + + image/svg+xml + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/addons/mongodb/overview/index.md b/docs/addons/mongodb/overview/index.md new file mode 100644 index 0000000..14e6e62 --- /dev/null +++ b/docs/addons/mongodb/overview/index.md @@ -0,0 +1,159 @@ +--- +title: MongoDB Backup Overview | Stash +description: How MongoDB Backup Works in Stash +menu: + docs_{{ .version }}: + identifier: stash-mongodb-overview + name: How does it work? + parent: stash-mongodb + weight: 10 +product_name: kubestash +menu_name: docs_{{ .version }} +section_menu_id: stash-addons +--- + +# How Stash Backup & Restore MongoDB Database + +Stash 0.9.0+ supports backup and restore operation of many databases. This guide will give you an overview of how MongoDB database backup and restore process works in Stash. + +## How Backup Works + +The following diagram shows how Stash takes backup of a MongoDB database. Open the image in a new tab to see the enlarged version. + +
    + MongoDB Backup Overview +
    Fig: MongoDB Backup Overview
    +
    + +The backup process consists of the following steps: + +1. At first, a user creates a secret with access credentials of the backend where the backed up data will be stored. + +2. Then, she creates a `Repository` crd that specifies the backend information along with the secret that holds the credentials to access the backend. + +3. Then, she creates a `BackupConfiguration` crd targeting the [AppBinding](/docs/concepts/crds/appbinding/index.md) crd of the desired database. The `BackupConfiguration` object also specifies the `Task` to use to backup the database. + +4. Stash operator watches for `BackupConfiguration` crd. + +5. Once Stash operator finds a `BackupConfiguration` crd, it creates a CronJob with the schedule specified in `BackupConfiguration` object to trigger backup periodically. + +6. On the next scheduled slot, the CronJob triggers a backup by creating a `BackupSession` crd. + +7. Stash operator also watches for `BackupSession` crd. + +8. When it finds a `BackupSession` object, it resolves the respective `Task` and `Function` and prepares a Job definition to backup. + +9. Then, it creates the Job to backup the targeted database. + +10. The backup Job reads necessary information to connect with the database from the `AppBinding` crd. It also reads backend information and access credentials from `Repository` crd and Storage Secret respectively. + +11. Then, the Job dumps the targeted database and uploads the output to the backend. Stash pipes the output of dump command to uploading process. Hence, backup Job does not require a large volume to hold the entire dump output. + +12. Finally, when the backup is complete, the Job sends Prometheus metrics to the Pushgateway running inside Stash operator pod. It also updates the `BackupSession` and `Repository` status to reflect the backup procedure. + +### Backup Different MongoDB Configurations + +This section will show you how backup works for different MongoDB configurations. + +#### Standalone MongoDB + +For a standalone MongoDB database, the backup job directly dumps the database using `mongodump` and pipe the output to the backup process. + +
    + Standalone MongoDB Backup Overview +
    Fig: Standalone MongoDB Backup
    +
    + +#### MongoDB ReplicaSet Cluster + +For MongoDB ReplicaSet cluster, Stash takes backup from one of the secondary replicas. The backup process consists of the following steps: + +1. Identify a secondary replica. +2. Lock the secondary replica. +3. Backup the secondary replica. +4. Unlock the secondary replica. + +
    + MongoDB ReplicaSet Cluster Backup Overview +
    Fig: MongoDB ReplicaSet Cluster Backup
    +
    + +#### MongoDB Sharded Cluster + +For MongoDB sharded cluster, Stash takes backup of the individual shards as well as the config server. Stash takes backup from a secondary replica of the shards and the config server. If there is no secondary replica then Stash will take backup from the primary replica. The backup process consists of the following steps: + +1. Disable balancer. +2. Lock config server. +3. Identify a secondary replica for each shard. +4. Lock the secondary replica. +5. Run backup on the secondary replica. +6. Unlock the secondary replica. +7. Unlock config server. +8. Enable balancer. + +
    + MongoDB Sharded Cluster Backup Overview +
    Fig: MongoDB Sharded Cluster Backup
    +
    + +## How Restore Process Works + +The following diagram shows how Stash restores backed up data into a MongoDB database. Open the image in a new tab to see the enlarged version. + +
    + Database Restore Overview +
    Fig: MongoDB Restore Process Overview
    +
    + +The restore process consists of the following steps: + +1. At first, a user creates a `RestoreSession` crd targeting the `AppBinding` of the desired database where the backed up data will be restored. It also specifies the `Repository` crd which holds the backend information and the `Task` to use to restore the target. + +2. Stash operator watches for `RestoreSession` object. + +3. Once it finds a `RestoreSession` object, it resolves the respective `Task` and `Function` and prepares a Job definition to restore. + +4. Then, it creates the Job to restore the target. + +5. The Job reads necessary information to connect with the database from respective `AppBinding` crd. It also reads backend information and access credentials from `Repository` crd and Storage Secret respectively. + +6. Then, the job downloads the backed up data from the backend and injects into the desired database. Stash pipes the downloaded data to the respective database tool to inject into the database. Hence, restore job does not require a large volume to download entire backup data inside it. + +7. Finally, when the restore process is complete, the Job sends Prometheus metrics to the Pushgateway and update the `RestoreSession` status to reflect restore completion. + +### Restoring Different MongoDB Configurations + +This section will show you restore process works for different MongoDB configurations. + +#### Standalone MongoDB + +For a standalone MongoDB database, the restore job downloads the backed up data from the backend and pipe the downloaded data to `mongorestore` command which inserts the data into the desired MongoDB database. + +
    + Standalone MongoDB Restore Overview +
    Fig: Standalone MongoDB Restore
    +
    + +#### MongoDB ReplicaSet Cluster + +For MongoDB ReplicaSet cluster, Stash identifies the primary replica and restore into it. + +
    + MongoDB ReplicaSet Cluster Restore Overview +
    Fig: MongoDB ReplicaSet Cluster Restore
    +
    + +#### MongoDB Sharded Cluster + +For MongoDB sharded cluster, Stash identifies the primary replica of each shard as well as the config server and restore respective backed up data into them. + +
    + MongoDB Sharded Cluster Restore +
    Fig: MongoDB Sharded Cluster Restore
    +
    + +## Next Steps + +- Backup your standalone MongoDB database using Stash following the guide from [here](/docs/addons/mongodb/standalone/index.md). +- Backup your MongoDB Replicaset using Stash following the guide from [here](/docs/addons/mongodb/replicaset/index.md). +- Backup your sharded MongoDB cluster using Stash following the guide from [here](/docs/addons/mongodb/sharding/index.md). diff --git a/docs/addons/mongodb/replicaset/examples/backupconfiguration-replicaset.yaml b/docs/addons/mongodb/replicaset/examples/backupconfiguration-replicaset.yaml new file mode 100644 index 0000000..e9be3b3 --- /dev/null +++ b/docs/addons/mongodb/replicaset/examples/backupconfiguration-replicaset.yaml @@ -0,0 +1,20 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: sample-mgo-rs-backup + namespace: demo +spec: + schedule: "*/5 * * * *" + task: + name: mongodb-backup-4.2.3 + repository: + name: gcs-repo-replicaset + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-mgo-rs + retentionPolicy: + name: keep-last-5 + keepLast: 5 + prune: true diff --git a/docs/addons/mongodb/replicaset/examples/mongodb-replicaset.yaml b/docs/addons/mongodb/replicaset/examples/mongodb-replicaset.yaml new file mode 100644 index 0000000..b6cad02 --- /dev/null +++ b/docs/addons/mongodb/replicaset/examples/mongodb-replicaset.yaml @@ -0,0 +1,18 @@ +apiVersion: kubedb.com/v1alpha2 +kind: MongoDB +metadata: + name: sample-mgo-rs + namespace: demo +spec: + version: "4.2.3" + replicas: 3 + replicaSet: + name: rs0 + storage: + storageClassName: "standard" + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + terminationPolicy: WipeOut diff --git a/docs/addons/mongodb/replicaset/examples/repository-replicaset.yaml b/docs/addons/mongodb/replicaset/examples/repository-replicaset.yaml new file mode 100644 index 0000000..02c7d4b --- /dev/null +++ b/docs/addons/mongodb/replicaset/examples/repository-replicaset.yaml @@ -0,0 +1,11 @@ +apiVersion: stash.appscode.com/v1alpha1 +kind: Repository +metadata: + name: gcs-repo-replicaset + namespace: demo +spec: + backend: + gcs: + bucket: appscode-qa + prefix: demo/mongodb/sample-mgo-rs + storageSecretName: gcs-secret diff --git a/docs/addons/mongodb/replicaset/examples/restored-mongodb-replicaset.yaml b/docs/addons/mongodb/replicaset/examples/restored-mongodb-replicaset.yaml new file mode 100644 index 0000000..7248711 --- /dev/null +++ b/docs/addons/mongodb/replicaset/examples/restored-mongodb-replicaset.yaml @@ -0,0 +1,20 @@ +apiVersion: kubedb.com/v1alpha2 +kind: MongoDB +metadata: + name: restored-mgo-rs + namespace: demo +spec: + version: "4.2.3" + replicas: 3 + replicaSet: + name: rs0 + storage: + storageClassName: "standard" + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + terminationPolicy: WipeOut + init: + waitForInitialRestore: true diff --git a/docs/addons/mongodb/replicaset/examples/restored-standalone.yaml b/docs/addons/mongodb/replicaset/examples/restored-standalone.yaml new file mode 100644 index 0000000..ba49736 --- /dev/null +++ b/docs/addons/mongodb/replicaset/examples/restored-standalone.yaml @@ -0,0 +1,18 @@ +apiVersion: kubedb.com/v1alpha2 +kind: MongoDB +metadata: + name: restored-mongodb + namespace: demo +spec: + version: "4.2.3" + storageType: Durable + storage: + storageClassName: "standard" + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + init: + waitForInitialRestore: true + terminationPolicy: WipeOut diff --git a/docs/addons/mongodb/replicaset/examples/restoresession-replicaset.yaml b/docs/addons/mongodb/replicaset/examples/restoresession-replicaset.yaml new file mode 100644 index 0000000..3ec9f81 --- /dev/null +++ b/docs/addons/mongodb/replicaset/examples/restoresession-replicaset.yaml @@ -0,0 +1,17 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: RestoreSession +metadata: + name: sample-mgo-rs-restore + namespace: demo +spec: + task: + name: mongodb-restore-4.2.3 + repository: + name: gcs-repo-replicaset + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: restored-mgo-rs + rules: + - snapshots: [latest] diff --git a/docs/addons/mongodb/replicaset/examples/restoresession-standalone.yaml b/docs/addons/mongodb/replicaset/examples/restoresession-standalone.yaml new file mode 100644 index 0000000..f64157d --- /dev/null +++ b/docs/addons/mongodb/replicaset/examples/restoresession-standalone.yaml @@ -0,0 +1,17 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: RestoreSession +metadata: + name: sample-mongodb-restore + namespace: demo +spec: + task: + name: mongodb-restore-4.2.3 + repository: + name: gcs-repo-custom + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: restored-mongodb + rules: + - snapshots: [latest] diff --git a/docs/addons/mongodb/replicaset/examples/standalone-backup.yaml b/docs/addons/mongodb/replicaset/examples/standalone-backup.yaml new file mode 100644 index 0000000..1fed8f4 --- /dev/null +++ b/docs/addons/mongodb/replicaset/examples/standalone-backup.yaml @@ -0,0 +1,47 @@ +apiVersion: appcatalog.appscode.com/v1alpha1 +kind: AppBinding +metadata: + name: sample-mgo-rs-custom + namespace: demo +spec: + clientConfig: + service: + name: sample-mgo-rs + port: 27017 + scheme: mongodb + secret: + name: sample-mgo-rs-auth + type: kubedb.com/mongodb +--- +apiVersion: stash.appscode.com/v1alpha1 +kind: Repository +metadata: + name: gcs-repo-custom + namespace: demo +spec: + backend: + gcs: + bucket: appscode-qa + prefix: demo/mongodb/sample-mgo-rs/standalone + storageSecretName: gcs-secret +--- +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: sample-mgo-rs-backup2 + namespace: demo +spec: + schedule: "*/5 * * * *" + task: + name: mongodb-backup-4.2.3 + repository: + name: gcs-repo-custom + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-mgo-rs-custom + retentionPolicy: + name: keep-last-5 + keepLast: 5 + prune: true diff --git a/docs/addons/mongodb/replicaset/index.md b/docs/addons/mongodb/replicaset/index.md new file mode 100644 index 0000000..93d99af --- /dev/null +++ b/docs/addons/mongodb/replicaset/index.md @@ -0,0 +1,761 @@ +--- +title: Backup & Restore MongoDB ReplicaSet Cluster | Stash +description: Backup and restore MongoDB ReplicaSet cluster using Stash +menu: + docs_{{ .version }}: + identifier: stash-mongodb-replicaset + name: MongoDB ReplicaSet Cluster + parent: stash-mongodb + weight: 30 +product_name: kubestash +menu_name: docs_{{ .version }} +section_menu_id: stash-addons +--- + +# Backup and Restore MongoDB ReplicaSet Clusters using Stash + +Stash supports taking [backup and restores MongoDB ReplicaSet clusters in "idiomatic" way](https://docs.mongodb.com/manual/tutorial/restore-replica-set-from-backup/). This guide will show you how you can backup and restore your MongoDB ReplicaSet clusters with Stash. + +## Before You Begin + +- At first, you need to have a Kubernetes cluster, and the `kubectl` command-line tool must be configured to communicate with your cluster. If you do not already have a cluster, you can create one by using Minikube. +- Install Stash in your cluster following the steps [here](/docs/setup/install/stash/index.md). +- Install [KubeDB](https://kubedb.com) in your cluster following the steps [here](https://kubedb.com/docs/latest/setup/). This step is optional. You can deploy your database using any method you want. We are using KubeDB because KubeDB simplifies many of the difficult or tedious management tasks of running a production grade databases on private and public clouds. +- If you are not familiar with how Stash backup and restore MongoDB databases, please check the following guide [here](/docs/addons/mongodb/overview/index.md). + +You have to be familiar with following custom resources: + +- [AppBinding](/docs/concepts/crds/appbinding/index.md) +- [Function](/docs/concepts/crds/function/index.md) +- [Task](/docs/concepts/crds/task/index.md) +- [BackupConfiguration](/docs/concepts/crds/backupconfiguration/index.md) +- [RestoreSession](/docs/concepts/crds/restoresession/index.md) + +To keep things isolated, we are going to use a separate namespace called `demo` throughout this tutorial. Create `demo` namespace if you haven't created yet. + +```console +$ kubectl create ns demo +namespace/demo created +``` + +> Note: YAML files used in this tutorial are stored [here](https://github.com/kubestash/docs/tree/{{< param "info.version" >}}/docs/addons/mongodb/replicaset/examples). + +## Backup MongoDB ReplicaSet using Stash + +This section will demonstrate how to backup MongoDB ReplicaSet cluster. Here, we are going to deploy a MongoDB ReplicaSet using KubeDB. Then, we are going to backup this database into a GCS bucket. Finally, we are going to restore the backed up data into another MongoDB ReplicaSet. + +### Deploy Sample MongoDB ReplicaSet + +Let's deploy a sample MongoDB ReplicaSet database and insert some data into it. + +**Create MongoDB CRD:** + +Below is the YAML of a sample MongoDB crd that we are going to create for this tutorial: + +```yaml +apiVersion: kubedb.com/v1alpha2 +kind: MongoDB +metadata: + name: sample-mgo-rs + namespace: demo +spec: + version: "4.2.3" + replicas: 3 + replicaSet: + name: rs0 + storage: + storageClassName: "standard" + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + terminationPolicy: WipeOut +``` + +Create the above `MongoDB` crd, + +```console +$ kubectl apply -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/mongodb/replicaset/examples/mongodb-replicaset.yaml +mongodb.kubedb.com/sample-mgo-rs created +``` + +KubeDB will deploy a MongoDB database according to the above specification. It will also create the necessary secrets and services to access the database. + +Let's check if the database is ready to use, + +```console +$ kubectl get mg -n demo sample-mgo-rs +NAME VERSION STATUS AGE +sample-mgo-rs 4.2.3 Ready 1m +``` + +The database is `Ready`. Verify that KubeDB has created a Secret and a Service for this database using the following commands, + +```console +$ kubectl get secret -n demo -l=app.kubernetes.io/instance=sample-mgo-rs +NAME TYPE DATA AGE +sample-mgo-rs-auth Opaque 2 117s +sample-mgo-rs-cert Opaque 4 116s + +$ kubectl get service -n demo -l=app.kubernetes.io/instance=sample-mgo-rs +NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE +sample-mgo-rs ClusterIP 10.107.13.16 27017/TCP 2m14s +sample-mgo-rs-gvr ClusterIP None 27017/TCP 2m14s +``` + +KubeDB creates an [AppBinding](/docs/concepts/crds/appbinding/index.md) crd that holds the necessary information to connect with the database. + +**Verify AppBinding:** + +Verify that the `AppBinding` has been created successfully using the following command, + +```console +$ kubectl get appbindings -n demo +NAME AGE +sample-mgo-rs 58s +``` + +Let's check the YAML of the above `AppBinding`, + +```console +$ kubectl get appbindings -n demo sample-mgo-rs -o yaml +``` + +```yaml +apiVersion: appcatalog.appscode.com/v1alpha1 +kind: AppBinding +metadata: + labels: + app.kubernetes.io/component: database + app.kubernetes.io/instance: sample-mgo-rs + app.kubernetes.io/managed-by: kubedb.com + app.kubernetes.io/name: mongodbs.kubedb.com + app.kubernetes.io/instance: sample-mgo-rs + name: sample-mgo-rs + namespace: demo +spec: + clientConfig: + service: + name: sample-mgo-rs + port: 27017 + scheme: mongodb + parameters: + apiVersion: config.kubedb.com/v1alpha1 + kind: MongoConfiguration + replicaSets: + host-0: rs0/sample-mgo-rs-0.sample-mgo-rs-gvr.demo.svc,sample-mgo-rs-1.sample-mgo-rs-gvr.demo.svc,sample-mgo-rs-2.sample-mgo-rs-gvr.demo.svc + secret: + name: sample-mgo-rs-auth + type: kubedb.com/mongodb + version: "4.2.3" +``` + +Stash uses the `AppBinding` crd to connect with the target database. It requires the following two fields to set in AppBinding's `Spec` section. + +- `spec.clientConfig.service.name` specifies the name of the service that connects to the database. +- `spec.secret` specifies the name of the secret that holds necessary credentials to access the database. +- `spec.parameters.replicaSets` contains the dsn of replicaset. The DSNs are in key-value pair. If there is only one replicaset (replicaset can be multiple, because of sharding), then ReplicaSets field contains only one key-value pair where the key is host-0 and the value is dsn of that replicaset. +- `spec.type` specifies the types of the app that this AppBinding is pointing to. KubeDB generated AppBinding follows the following format: `/`. + +**Creating AppBinding Manually:** + +If you deploy MongoDB database without KubeDB, you have to create the AppBinding crd manually in the same namespace as the service and secret of the database. + +**Insert Sample Data:** + +Now, we are going to exec into the database pod and create some sample data. At first, find out the database pod using the following command, + +```console +$ kubectl get pods -n demo --selector="app.kubernetes.io/instance=sample-mgo-rs" +NAME READY STATUS RESTARTS AGE +sample-mgo-rs-0 1/1 Running 0 16m +sample-mgo-rs-1 1/1 Running 0 15m +sample-mgo-rs-2 1/1 Running 0 15m +``` + +Now, let's exec into the pod and create a table, + +```console +$ kubectl get secrets -n demo sample-mgo-rs-auth -o jsonpath='{.data.\username}' | base64 -d +root + +$ kubectl get secrets -n demo sample-mgo-rs-auth -o jsonpath='{.data.\password}' | base64 -d +CRz6EuxvKdFjopfP + +$ kubectl exec -it -n demo sample-mgo-rs-0 bash + +mongodb@sample-mgo-rs-0:/$ mongo admin -u root -p CRz6EuxvKdFjopfP + +rs0:PRIMARY> rs.isMaster().primary +sample-mgo-rs-0.sample-mgo-rs-gvr.demo.svc.cluster.local:27017 + +rs0:PRIMARY> show dbs +admin 0.000GB +config 0.000GB +local 0.000GB + +rs0:PRIMARY> show users +{ + "_id" : "admin.root", + "userId" : UUID("0e9345cc-27ea-4175-acc4-295c987ac06b"), + "user" : "root", + "db" : "admin", + "roles" : [ + { + "role" : "root", + "db" : "admin" + } + ] +} + +rs0:PRIMARY> use newdb +switched to db newdb + +rs0:PRIMARY> db.movie.insert({"name":"batman"}); +WriteResult({ "nInserted" : 1 }) + +rs0:PRIMARY> db.movie.find().pretty() +{ "_id" : ObjectId("5d31b9d44db670db130d7a5c"), "name" : "batman" } + +rs0:PRIMARY> exit +bye +``` + +Now, we are ready to backup this sample database. + +### Prepare Backend + +We are going to store our backed up data into a GCS bucket. At first, we need to create a secret with GCS credentials then we need to create a `Repository` crd. If you want to use a different backend, please read the respective backend configuration doc from [here](/docs/guides/backends/overview/index.md). + +**Create Storage Secret:** + +Let's create a secret called `gcs-secret` with access credentials to our desired GCS bucket, + +```console +$ echo -n 'changeit' > RESTIC_PASSWORD +$ echo -n '' > GOOGLE_PROJECT_ID +$ cat downloaded-sa-key.json > GOOGLE_SERVICE_ACCOUNT_JSON_KEY +$ kubectl create secret generic -n demo gcs-secret \ + --from-file=./RESTIC_PASSWORD \ + --from-file=./GOOGLE_PROJECT_ID \ + --from-file=./GOOGLE_SERVICE_ACCOUNT_JSON_KEY +secret/gcs-secret created +``` + +**Create Repository:** + +Now, crete a `Repository` using this secret. Below is the YAML of Repository crd we are going to create, + +```yaml +apiVersion: stash.appscode.com/v1alpha1 +kind: Repository +metadata: + name: gcs-repo-replicaset + namespace: demo +spec: + backend: + gcs: + bucket: appscode-qa + prefix: demo/mongodb/sample-mgo-rs + storageSecretName: gcs-secret +``` + +Let's create the `Repository` we have shown above, + +```console +$ kubectl apply -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/mongodb/replicaset/examples/repository-replicaset.yaml +repository.stash.appscode.com/gcs-repo-replicaset created +``` + +Now, we are ready to backup our database to our desired backend. + +### Backup MongoDB ReplicaSet + +We have to create a `BackupConfiguration` targeting respective AppBinding crd of our desired database. Then Stash will create a CronJob to periodically backup the database. + +**Create BackupConfiguration:** + +Below is the YAML for `BackupConfiguration` crd to backup the `sample-mgo-rs` database we have deployed earlier., + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: sample-mgo-rs-backup + namespace: demo +spec: + schedule: "*/5 * * * *" + task: + name: mongodb-backup-4.2.3 + repository: + name: gcs-repo-replicaset + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-mgo-rs + retentionPolicy: + name: keep-last-5 + keepLast: 5 + prune: true +``` + +Here, + +- `spec.schedule` specifies that we want to backup the database at 5 minutes interval. +- `spec.task.name` specifies the name of the task crd that specifies the necessary Function and their execution order to backup a MongoDB database. +- `spec.target.ref` refers to the `AppBinding` crd that was created for `sample-mgo-rs` database. + +Let's create the `BackupConfiguration` crd we have shown above, + +```console +$ kubectl apply -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/mongodb/replicaset/examples/backupconfiguration-replicaset.yaml +backupconfiguration.stash.appscode.com/sample-mgo-rs-backup created +``` + +**Verify Backup Setup Successful** + +If everything goes well, the phase of the `BackupConfiguration` should be `Ready`. The `Ready` phase indicates that the backup setup is successful. Let's verify the `Phase` of the BackupConfiguration, + +```console +$ kubectl get backupconfiguration -n demo +NAME TASK SCHEDULE PAUSED PHASE AGE +sample-mgo-rs-backup mongodb-backup-4.2.3 */5 * * * * Ready 11s +``` + +**Verify CronJob:** + +Stash will create a CronJob with the schedule specified in `spec.schedule` field of `BackupConfiguration` crd. + +Verify that the CronJob has been created using the following command, + +```console +$ kubectl get cronjob -n demo +NAME SCHEDULE SUSPEND ACTIVE LAST SCHEDULE AGE +sample-mgo-rs-backup */5 * * * * False 0 62s +``` + +**Wait for BackupSession:** + +The `sample-mgo-rs-backup` CronJob will trigger a backup on each schedule by creating a `BackupSession` crd. + +Wait for the next schedule. Run the following command to watch `BackupSession` crd, + +```console +$ kubectl get backupsession -n demo -w +NAME INVOKER-TYPE INVOKER-NAME PHASE AGE +sample-mgo-rs-backup-1563540308 BackupConfiguration sample-mgo-rs-backup Running 5m19s +sample-mgo-rs-backup-1563540308 BackupConfiguration sample-mgo-rs-backup Succeeded 5m45s +``` + +We can see above that the backup session has succeeded. Now, we are going to verify that the backed up data has been stored in the backend. + +**Verify Backup:** + +Once a backup is complete, Stash will update the respective `Repository` crd to reflect the backup. Check that the repository `gcs-repo-replicaset` has been updated by the following command, + +```console +$ kubectl get repository -n demo gcs-repo-replicaset +NAME INTEGRITY SIZE SNAPSHOT-COUNT LAST-SUCCESSFUL-BACKUP AGE +gcs-repo-replicaset true 3.844 KiB 2 14s 10m +``` + +Now, if we navigate to the GCS bucket, we are going to see backed up data has been stored in `demo/mongodb/sample-mgo-rs` directory as specified by `spec.backend.gcs.prefix` field of Repository crd. + +> Note: Stash keeps all the backed up data encrypted. So, data in the backend will not make any sense until they are decrypted. + +## Restore MongoDB ReplicaSet + +In this section, we are going to restore the database from the backup we have taken in the previous section. We are going to deploy a new replicaset database and initialize it from the backup. + +**Stop Taking Backup of the Old Database:** + +At first, let's stop taking any further backup of the old database so that no backup is taken during restore process. We are going to pause the `BackupConfiguration` crd that we had created to backup the `sample-mgo-rs` database. Then, Stash will stop taking any further backup for this database. + +Let's pause the `sample-mgo-rs-backup` BackupConfiguration, + +```console +$ kubectl patch backupconfiguration -n demo sample-mgo-rs-backup --type="merge" --patch='{"spec": {"paused": true}}' +backupconfiguration.stash.appscode.com/sample-mgo-rs-backup patched +``` + +Now, wait for a moment. Stash will pause the BackupConfiguration. Verify that the BackupConfiguration has been paused, + +```console +$ kubectl get backupconfiguration -n demo sample-mgo-rs-backup +NAME TASK SCHEDULE PAUSED PHASE AGE +sample-mgo-rs-backup mongodb-backup-4.2.3 */5 * * * * true Ready 26m +``` + +Notice the `PAUSED` column. Value `true` for this field means that the BackupConfiguration has been paused. + +**Deploy Restored Database:** + +Now, we have to deploy the restored database similarly as we have deployed the original `sample-psotgres` database. However, this time there will be the following differences: + +- We are going to specify `spec.init.waitForInitialRestore: true` which will tell KubeDB to wait until the first restore to complete before marking this database as ready to use. + +Below is the YAML for `MongoDB` crd we are going deploy to initialize from backup, + +```yaml +apiVersion: kubedb.com/v1alpha2 +kind: MongoDB +metadata: + name: restored-mgo-rs + namespace: demo +spec: + version: "4.2.3" + replicas: 3 + replicaSet: + name: rs0 + storage: + storageClassName: "standard" + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + terminationPolicy: WipeOut + init: + waitForInitialRestore: true +``` + +Let's create the above database, + +```console +$ kubectl apply -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/mongodb/replicaset/examples/restored-mongodb-replicaset.yaml +mongodb.kubedb.com/restored-mgo-rs created +``` + +If you check the database status, you will see it is stuck in `Provisioning` state. + +```console +$ kubectl get mg -n demo restored-mgo-rs +NAME VERSION STATUS AGE +restored-mgo-rs 4.2.3 Provisioning 2m +``` + +**Create RestoreSession:** + +Now, we need to create a `RestoreSession` crd pointing to the AppBinding for this restored database. + +Check AppBinding has been created for the `restored-mgo-rs` database using the following command, + +```console +$ kubectl get appbindings -n demo restored-mgo-rs +NAME AGE +restored-mgo-rs 29s +``` + +NB. The appbinding `restored-mgo-rs` also contains `spec.parametrs` field. the number of hosts in `spec.parameters.replicaSets` needs to be similar to the old appbinding. Otherwise, the replicaset recover may not be accurate. + +> If you are not using KubeDB to deploy database, create the AppBinding manually. + +Below is the YAML for the `RestoreSession` crd that we are going to create to restore backed up data into `restored-mgo-rs` database. + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: RestoreSession +metadata: + name: sample-mgo-rs-restore + namespace: demo +spec: + task: + name: mongodb-restore-4.2.3 + repository: + name: gcs-repo-replicaset + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: restored-mgo-rs + rules: + - snapshots: [latest] +``` + +Here, + +- `spec.task.name` specifies the name of the `Task` crd that specifies the Functions and their execution order to restore a MongoDB database. +- `spec.repository.name` specifies the `Repository` crd that holds the backend information where our backed up data has been stored. +- `spec.target.ref` refers to the AppBinding crd for the `restored-mgo-rs` database. +- `spec.rules` specifies that we are restoring from the latest backup snapshot of the database. + +Let's create the `RestoreSession` crd we have shown above, + +```console +$ kubectl apply -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/mongodb/replicaset/examples/restoresession-replicaset.yaml +restoresession.stash.appscode.com/sample-mgo-rs-restore created +``` + +Once, you have created the `RestoreSession` crd, Stash will create a job to restore. We can watch the `RestoreSession` phase to check if the restore process is succeeded or not. + +Run the following command to watch `RestoreSession` phase, + +```console +$ kubectl get restoresession -n demo sample-mgo-rs-restore -w +NAME REPOSITORY-NAME PHASE AGE +sample-mgo-rs-restore gcs-repo-replicaset Running 5s +sample-mgo-rs-restore gcs-repo-replicaset Succeeded 43s +``` + +So, we can see from the output of the above command that the restore process succeeded. + +**Verify Restored Data:** + +In this section, we are going to verify that the desired data has been restored successfully. We are going to connect to `mongos` and check whether the table we had created in the original database is restored or not. + +At first, check if the database has gone into `Ready` state by the following command, + +```console +$ kubectl get mg -n demo restored-mgo-rs +NAME VERSION STATUS AGE +restored-mgo-rs 4.2.3 Ready 3m +``` + +Now, exec into the database pod and list available tables, + +```console +$ kubectl get secrets -n demo sample-mgo-rs-auth -o jsonpath='{.data.\username}' | base64 -d +root + +$ kubectl get secrets -n demo sample-mgo-rs-auth -o jsonpath='{.data.\password}' | base64 -d +CRz6EuxvKdFjopfP + +$ kubectl exec -it -n demo restored-mgo-rs-0 bash + +mongodb@restored-mgo-rs-0:/$ mongo admin -u root -p CRz6EuxvKdFjopfP + +rs0:PRIMARY> rs.isMaster().primary +restored-mgo-rs-0.restored-mgo-rs-gvr.demo.svc.cluster.local:27017 + +rs0:PRIMARY> show dbs +admin 0.000GB +config 0.000GB +local 0.000GB +newdb 0.000GB + +rs0:PRIMARY> show users +{ + "_id" : "admin.root", + "userId" : UUID("00f521b5-2b43-4712-ba80-efaa6b382813"), + "user" : "root", + "db" : "admin", + "roles" : [ + { + "role" : "root", + "db" : "admin" + } + ] +} + +rs0:PRIMARY> use newdb +switched to db newdb + +rs0:PRIMARY> db.movie.find().pretty() +{ "_id" : ObjectId("5d31b9d44db670db130d7a5c"), "name" : "batman" } + +rs0:PRIMARY> exit +bye +``` + +So, from the above output, we can see the database `newdb` that we had created in the original database `sample-mgo-rs` is restored in the restored database `restored-mgo-rs`. + +## Backup MongoDB ReplicaSet Cluster and Restore into a Standalone database + +It is possible to take backup of a MongoDB ReplicaSet Cluster and restore it into a standalone database, but user need to create the appbinding for this process. + +### Backup a replicaset cluster + +Keep all the fields of appbinding that is explained earlier in this guide, except `spec.parameter`. Do not set `spec.parameter.configServer` and `spec.parameter.replicaSet`. By doing this, the job will use `spec.clientConfig.service.name` as host, which is replicaset DSN. So, the backup will treat this cluster as a standalone and will skip the [`idiomatic way` of taking backups of a replicaset cluster](https://docs.mongodb.com/manual/tutorial/restore-replica-set-from-backup/). Then follow the rest of the procedure as described above. + +```yaml +apiVersion: appcatalog.appscode.com/v1alpha1 +kind: AppBinding +metadata: + name: sample-mgo-rs-custom + namespace: demo +spec: + clientConfig: + service: + name: sample-mgo-rs + port: 27017 + scheme: mongodb + secret: + name: sample-mgo-rs-auth + type: kubedb.com/mongodb + +--- +apiVersion: stash.appscode.com/v1alpha1 +kind: Repository +metadata: + name: gcs-repo-custom + namespace: demo +spec: + backend: + gcs: + bucket: appscode-qa + prefix: demo/mongodb/sample-mgo-rs/standalone + storageSecretName: gcs-secret + +--- +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: sample-mgo-rs-backup2 + namespace: demo +spec: + schedule: "*/5 * * * *" + task: + name: mongodb-backup-4.2.3 + repository: + name: gcs-repo-custom + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-mgo-rs-custom + retentionPolicy: + name: keep-last-5 + keepLast: 5 + prune: true +``` + +```console +$ kubectl create -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/mongodb/replicaset/examples/standalone-backup.yaml +appbinding.appcatalog.appscode.com/sample-mgo-rs-custom created +repository.stash.appscode.com/gcs-repo-custom created +backupconfiguration.stash.appscode.com/sample-mgo-rs-backup2 created + + +$ kubectl get backupsession -n demo +NAME BACKUPCONFIGURATION PHASE AGE +sample-mgo-rs-backup2-1563541509 sample-mgo-rs-backup Succeeded 35s + + +$ kubectl get repository -n demo gcs-repo-custom +NAME INTEGRITY SIZE SNAPSHOT-COUNT LAST-SUCCESSFUL-BACKUP AGE +gcs-repo-custom true 1.640 KiB 1 1m 5m +``` + +### Restore to a standalone database + +No additional configuration is needed to restore the replicaset cluster to a standalone database. Follow the normal procedure of restoring a MongoDB Database. + +Standalone MongoDB, + +```yaml +apiVersion: kubedb.com/v1alpha2 +kind: MongoDB +metadata: + name: restored-mongodb + namespace: demo +spec: + version: "4.2.3" + storageType: Durable + storage: + storageClassName: "standard" + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + init: + waitForInitialRestore: true + terminationPolicy: WipeOut +``` + +RestoreSession crd object, + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: RestoreSession +metadata: + name: sample-mongodb-restore + namespace: demo +spec: + task: + name: mongodb-restore-4.2.3 + repository: + name: gcs-repo-custom + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: restored-mongodb + rules: + - snapshots: [latest] +``` + +```console +$ kubectl create -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/mongodb/replicaset/examples/restored-standalone.yaml +mongodb.kubedb.com/restored-mongodb created + +$ kubectl get mg -n demo restored-mongodb +NAME VERSION STATUS AGE +restored-mongodb 4.2.3 Provisioning 56s + +$ kubectl create -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/mongodb/replicaset/examples/restoresession-standalone.yaml +restoresession.stash.appscode.com/sample-mongodb-restore created + +$ kubectl get mg -n demo restored-mongodb +NAME VERSION STATUS AGE +restored-mongodb 4.2.3 Ready 2m +``` + +Now, exec into the database pod and list available tables, + +```console +$ kubectl get secrets -n demo sample-mgo-rs-auth -o jsonpath='{.data.\username}' | base64 -d +root + +$ kubectl get secrets -n demo sample-mgo-rs-auth -o jsonpath='{.data.\password}' | base64 -d +CRz6EuxvKdFjopfP + +$ kubectl exec -it -n demo restored-mongodb-0 bash + +mongodb@restored-mongodb-0:/$ mongo admin -u root -p CRz6EuxvKdFjopfP + +> show dbs +admin 0.000GB +config 0.000GB +local 0.000GB +newdb 0.000GB + +> show users +{ + "_id" : "admin.root", + "userId" : UUID("11e00a38-7b08-4864-b452-ae356350e50f"), + "user" : "root", + "db" : "admin", + "roles" : [ + { + "role" : "root", + "db" : "admin" + } + ] +} + +> use newdb +switched to db newdb + +> db.movie.find().pretty() +{ "_id" : ObjectId("5d31b9d44db670db130d7a5c"), "name" : "batman" } + +> exit +bye +``` + +So, from the above output, we can see the database `newdb` that we had created in the original database `sample-mgo-rs` is restored in the restored database `restored-mongodb`. + +## Cleanup + +To cleanup the Kubernetes resources created by this tutorial, run: + +```console +kubectl delete -n demo restoresession sample-mgo-rs-restore sample-mongodb-restore +kubectl delete -n demo backupconfiguration sample-mgo-rs-backup sample-mgo-rs-backup2 +kubectl delete -n demo mg sample-mgo-rs sample-mgo-rs-ssl restored-mgo-rs restored-mgo-rs restored-mongodb +kubectl delete -n demo repository gcs-repo-replicaset gcs-repo-custom +kubectl delete -n demo appbinding sample-mgo-rs-custom +``` diff --git a/docs/addons/mongodb/sharding/examples/backupconfiguration-sharding.yaml b/docs/addons/mongodb/sharding/examples/backupconfiguration-sharding.yaml new file mode 100644 index 0000000..8252a27 --- /dev/null +++ b/docs/addons/mongodb/sharding/examples/backupconfiguration-sharding.yaml @@ -0,0 +1,20 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: sample-mgo-sh-backup + namespace: demo +spec: + schedule: "*/5 * * * *" + task: + name: mongodb-backup-4.2.3 + repository: + name: gcs-repo-sharding + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-mgo-sh + retentionPolicy: + name: keep-last-5 + keepLast: 5 + prune: true diff --git a/docs/addons/mongodb/sharding/examples/mongodb-sharding.yaml b/docs/addons/mongodb/sharding/examples/mongodb-sharding.yaml new file mode 100644 index 0000000..401ac10 --- /dev/null +++ b/docs/addons/mongodb/sharding/examples/mongodb-sharding.yaml @@ -0,0 +1,26 @@ +apiVersion: kubedb.com/v1alpha2 +kind: MongoDB +metadata: + name: sample-mgo-sh + namespace: demo +spec: + version: 4.2.3 + shardTopology: + configServer: + replicas: 3 + storage: + resources: + requests: + storage: 1Gi + storageClassName: standard + mongos: + replicas: 2 + shard: + replicas: 3 + shards: 3 + storage: + resources: + requests: + storage: 1Gi + storageClassName: standard + terminationPolicy: WipeOut diff --git a/docs/addons/mongodb/sharding/examples/repository-sharding.yaml b/docs/addons/mongodb/sharding/examples/repository-sharding.yaml new file mode 100644 index 0000000..fb69d93 --- /dev/null +++ b/docs/addons/mongodb/sharding/examples/repository-sharding.yaml @@ -0,0 +1,11 @@ +apiVersion: stash.appscode.com/v1alpha1 +kind: Repository +metadata: + name: gcs-repo-sharding + namespace: demo +spec: + backend: + gcs: + bucket: appscode-qa + prefix: demo/mongodb/sample-mgo-sh + storageSecretName: gcs-secret diff --git a/docs/addons/mongodb/sharding/examples/restored-mongodb-sharding.yaml b/docs/addons/mongodb/sharding/examples/restored-mongodb-sharding.yaml new file mode 100644 index 0000000..b5e9d1c --- /dev/null +++ b/docs/addons/mongodb/sharding/examples/restored-mongodb-sharding.yaml @@ -0,0 +1,30 @@ +apiVersion: kubedb.com/v1alpha2 +kind: MongoDB +metadata: + name: restored-mgo-sh + namespace: demo +spec: + authSecret: + name: sample-mgo-sh-auth + version: 4.2.3 + shardTopology: + configServer: + replicas: 3 + storage: + resources: + requests: + storage: 1Gi + storageClassName: standard + mongos: + replicas: 2 + shard: + replicas: 3 + shards: 3 + storage: + resources: + requests: + storage: 1Gi + storageClassName: standard + init: + waitForInitialRestore: true + terminationPolicy: WipeOut diff --git a/docs/addons/mongodb/sharding/examples/restored-standalone.yaml b/docs/addons/mongodb/sharding/examples/restored-standalone.yaml new file mode 100644 index 0000000..3c8c2dc --- /dev/null +++ b/docs/addons/mongodb/sharding/examples/restored-standalone.yaml @@ -0,0 +1,20 @@ +apiVersion: kubedb.com/v1alpha2 +kind: MongoDB +metadata: + name: restored-mongodb + namespace: demo +spec: + version: "4.2.3" + storageType: Durable + authSecret: + name: sample-mgo-sh-auth + storage: + storageClassName: "standard" + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + init: + waitForInitialRestore: true + terminationPolicy: WipeOut diff --git a/docs/addons/mongodb/sharding/examples/restoresession-sharding.yaml b/docs/addons/mongodb/sharding/examples/restoresession-sharding.yaml new file mode 100644 index 0000000..ced0ce7 --- /dev/null +++ b/docs/addons/mongodb/sharding/examples/restoresession-sharding.yaml @@ -0,0 +1,17 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: RestoreSession +metadata: + name: sample-mgo-sh-restore + namespace: demo +spec: + task: + name: mongodb-restore-4.2.3 + repository: + name: gcs-repo-sharding + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: restored-mgo-sh + rules: + - snapshots: [latest] diff --git a/docs/addons/mongodb/sharding/examples/restoresession-standalone.yaml b/docs/addons/mongodb/sharding/examples/restoresession-standalone.yaml new file mode 100644 index 0000000..f64157d --- /dev/null +++ b/docs/addons/mongodb/sharding/examples/restoresession-standalone.yaml @@ -0,0 +1,17 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: RestoreSession +metadata: + name: sample-mongodb-restore + namespace: demo +spec: + task: + name: mongodb-restore-4.2.3 + repository: + name: gcs-repo-custom + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: restored-mongodb + rules: + - snapshots: [latest] diff --git a/docs/addons/mongodb/sharding/examples/standalone-backup.yaml b/docs/addons/mongodb/sharding/examples/standalone-backup.yaml new file mode 100644 index 0000000..6683daa --- /dev/null +++ b/docs/addons/mongodb/sharding/examples/standalone-backup.yaml @@ -0,0 +1,47 @@ +apiVersion: appcatalog.appscode.com/v1alpha1 +kind: AppBinding +metadata: + name: sample-mgo-sh-custom + namespace: demo +spec: + clientConfig: + service: + name: sample-mgo-sh + port: 27017 + scheme: mongodb + secret: + name: sample-mgo-sh-auth + type: kubedb.com/mongodb +--- +apiVersion: stash.appscode.com/v1alpha1 +kind: Repository +metadata: + name: gcs-repo-custom + namespace: demo +spec: + backend: + gcs: + bucket: appscode-qa + prefix: demo/mongodb/sample-mgo-sh/standalone + storageSecretName: gcs-secret +--- +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: sample-mgo-sh-backup2 + namespace: demo +spec: + schedule: "*/5 * * * *" + task: + name: mongodb-backup-4.2.3 + repository: + name: gcs-repo-custom + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-mgo-sh-custom + retentionPolicy: + name: keep-last-5 + keepLast: 5 + prune: true diff --git a/docs/addons/mongodb/sharding/index.md b/docs/addons/mongodb/sharding/index.md new file mode 100644 index 0000000..e50740e --- /dev/null +++ b/docs/addons/mongodb/sharding/index.md @@ -0,0 +1,790 @@ +--- +title: Backup & Restore Sharded MongoDB Cluster| Stash +description: Backup and restore sharded MongoDB cluster using Stash +menu: + docs_{{ .version }}: + identifier: stash-mongodb-sharding + name: MongoDB Sharded Cluster + parent: stash-mongodb + weight: 40 +product_name: kubestash +menu_name: docs_{{ .version }} +section_menu_id: stash-addons +--- + +# Backup and Restore MongoDB Sharded Clusters using Stash + +Stash 0.9.0+ supports taking [backup](https://docs.mongodb.com/manual/tutorial/backup-sharded-cluster-with-database-dumps/) and [restores](https://docs.mongodb.com/manual/tutorial/restore-sharded-cluster/) MongoDB Sharded clusters in ["idiomatic" way](https://docs.mongodb.com/manual/administration/backup-sharded-clusters/). This guide will show you how you can backup and restore your MongoDB Sharded clusters with Stash. + +## Before You Begin + +- At first, you need to have a Kubernetes cluster, and the `kubectl` command-line tool must be configured to communicate with your cluster. If you do not already have a cluster, you can create one by using Minikube. +- Install Stash in your cluster following the steps [here](/docs/setup/install/stash/index.md). +- Install [KubeDB](https://kubedb.com) in your cluster following the steps [here](https://kubedb.com/docs/latest/setup/). This step is optional. You can deploy your database using any method you want. We are using KubeDB because KubeDB simplifies many of the difficult or tedious management tasks of running a production grade databases on private and public clouds. +- If you are not familiar with how Stash backup and restore MongoDB databases, please check the following guide [here](/docs/addons/mongodb/overview/index.md). + +You have to be familiar with following custom resources: + +- [AppBinding](/docs/concepts/crds/appbinding/index.md) +- [Function](/docs/concepts/crds/function/index.md) +- [Task](/docs/concepts/crds/task/index.md) +- [BackupConfiguration](/docs/concepts/crds/backupconfiguration/index.md) +- [RestoreSession](/docs/concepts/crds/restoresession/index.md) + +To keep things isolated, we are going to use a separate namespace called `demo` throughout this tutorial. Create `demo` namespace if you haven't created yet. + +```console +$ kubectl create ns demo +namespace/demo created +``` + +> Note: YAML files used in this tutorial are stored [here](https://github.com/kubestash/docs/tree/{{< param "info.version" >}}/docs/addons/mongodb/sharding/examples). + +## Backup Sharded MongoDB Cluster + +This section will demonstrate how to backup MongoDB cluster. We are going to use [KubeDB](https://kubedb.com) to deploy a sample database. Then, we are going to backup this database into a GCS bucket. Finally, we are going to restore the backed up data into another MongoDB cluster. + +### Deploy Sample MongoDB Sharding + +Let's deploy a sample MongoDB Sharding database and insert some data into it. + +**Create MongoDB CRD:** + +Below is the YAML of a sample MongoDB crd that we are going to create for this tutorial: + +```yaml +apiVersion: kubedb.com/v1alpha2 +kind: MongoDB +metadata: + name: sample-mgo-sh + namespace: demo +spec: + version: 4.2.3 + shardTopology: + configServer: + replicas: 3 + storage: + resources: + requests: + storage: 1Gi + storageClassName: standard + mongos: + replicas: 2 + shard: + replicas: 3 + shards: 3 + storage: + resources: + requests: + storage: 1Gi + storageClassName: standard + terminationPolicy: WipeOut +``` + +Create the above `MongoDB` crd, + +```console +$ kubectl apply -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/mongodb/sharding/examples/mongodb-sharding.yaml +mongodb.kubedb.com/sample-mgo-sh created +``` + +MongoDB [recommends](https://www.mongodb.com/docs/manual/core/replica-set-members/#replica-set-members) that there should be at least 3 replicas for a replicaSet configuration. For a sharded MongoDB setup, a secondary configserver is locked while running `mongodump` utility for backup. This can result in various issues like sharding commands get stucked, primary-secondary syncing issue etc. So, ensure at least 3 configServer replicas by specifying >= 3 replicas in `.spec.shardTopology.configServer.replicas` field. + +KubeDB will deploy a MongoDB database according to the above specification. It will also create the necessary secrets and services to access the database. + +Let's check if the database is ready to use, + +```console +$ kubectl get mg -n demo sample-mgo-sh +NAME VERSION STATUS AGE +sample-mgo-sh 4.2.3 Ready 35m +``` + +The database is `Ready`. Verify that KubeDB has created a Secret and a Service for this database using the following commands, + +```console +$ kubectl get secret -n demo -l=app.kubernetes.io/instance=sample-mgo-sh +NAME TYPE DATA AGE +sample-mgo-sh-auth Opaque 2 36m +sample-mgo-sh-cert Opaque 4 36m + +$ kubectl get service -n demo -l=app.kubernetes.io/instance=sample-mgo-sh +NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE +sample-mgo-sh ClusterIP 10.107.11.117 27017/TCP 36m +sample-mgo-sh-configsvr-gvr ClusterIP None 27017/TCP 36m +sample-mgo-sh-shard0-gvr ClusterIP None 27017/TCP 36m +sample-mgo-sh-shard1-gvr ClusterIP None 27017/TCP 36m +sample-mgo-sh-shard2-gvr ClusterIP None 27017/TCP 36m +``` + +KubeDB creates an [AppBinding](/docs/concepts/crds/appbinding/index.md) crd that holds the necessary information to connect with the database. + +**Verify AppBinding:** + +Verify that the `AppBinding` has been created successfully using the following command, + +```console +$ kubectl get appbindings -n demo +NAME AGE +sample-mgo-sh 30m +``` + +Let's check the YAML of the above `AppBinding`, + +```console +$ kubectl get appbindings -n demo sample-mgo-sh -o yaml +``` + +```yaml +apiVersion: appcatalog.appscode.com/v1alpha1 +kind: AppBinding +metadata: + labels: + app.kubernetes.io/component: database + app.kubernetes.io/managed-by: kubedb.com + app.kubernetes.io/name: mongodbs.kubedb.com + app.kubernetes.io/instance: sample-mgo-sh + name: sample-mgo-sh + namespace: demo +spec: + clientConfig: + service: + name: sample-mgo-sh + port: 27017 + scheme: mongodb + parameters: + apiVersion: config.kubedb.com/v1alpha1 + kind: MongoConfiguration + configServer: cnfRepSet/sample-mgo-sh-configsvr-0.sample-mgo-sh-configsvr-gvr.demo.svc:27017,sample-mgo-sh-configsvr-1.sample-mgo-sh-configsvr-gvr.demo.svc:27017,sample-mgo-sh-configsvr-2.sample-mgo-sh-configsvr-gvr.demo.svc:27017 + replicaSets: + host-0: shard0/sample-mgo-sh-shard0-0.sample-mgo-sh-shard0-gvr.demo.svc:27017,sample-mgo-sh-shard0-1.sample-mgo-sh-shard0-gvr.demo.svc:27017,sample-mgo-sh-shard0-2.sample-mgo-sh-shard0-gvr.demo.svc:27017 + host-1: shard1/sample-mgo-sh-shard1-0.sample-mgo-sh-shard1-gvr.demo.svc:27017,sample-mgo-sh-shard1-1.sample-mgo-sh-shard1-gvr.demo.svc:27017,sample-mgo-sh-shard1-2.sample-mgo-sh-shard1-gvr.demo.svc:27017 + host-2: shard2/sample-mgo-sh-shard2-0.sample-mgo-sh-shard2-gvr.demo.svc:27017,sample-mgo-sh-shard2-1.sample-mgo-sh-shard2-gvr.demo.svc:27017,sample-mgo-sh-shard2-2.sample-mgo-sh-shard2-gvr.demo.svc:27017 + secret: + name: sample-mgo-sh-auth + type: kubedb.com/mongodb + version: 4.2.3 +``` + +Stash uses the `AppBinding` crd to connect with the target database. It requires the following two fields to set in AppBinding's `Spec` section. + +- `spec.clientConfig.service.name` specifies the name of the service that connects to the database. +- `spec.secret` specifies the name of the secret that holds necessary credentials to access the database. +- `spec.parameters.configServer` specifies the dsn of config server of mongodb sharding. The dsn includes the port no too. +- `spec.parameters.replicaSets` contains the dsn of each replicaset of sharding. The DSNs are in key-value pair, where the keys are host-0, host-1 etc, and the values are DSN of each replicaset. If there is no sharding but only one replicaset, then ReplicaSets field contains only one key-value pair where the key is host-0 and the value is dsn of that replicaset. +- `spec.type` specifies the types of the app that this AppBinding is pointing to. KubeDB generated AppBinding follows the following format: `/`. + +**Creating AppBinding Manually:** + +If you deploy MongoDB database without KubeDB, you have to create the AppBinding crd manually in the same namespace as the service and secret of the database. + +**Insert Sample Data:** + +Now, we are going to exec into the database pod and create some sample data. At first, find out the database pod using the following command, + +```console +$ kubectl get pods -n demo --selector="mongodb.kubedb.com/node.mongos=sample-mgo-sh-mongos" +NAME READY STATUS RESTARTS AGE +sample-mgo-sh-mongos-9459cfc44-4jthd 1/1 Running 0 60m +sample-mgo-sh-mongos-9459cfc44-6d2st 1/1 Running 0 60m +``` + +Now, let's exec into the pod and create a table, + +```console +$ kubectl get secrets -n demo sample-mgo-sh-auth -o jsonpath='{.data.\username}' | base64 -d +root + +$ kubectl get secrets -n demo sample-mgo-sh-auth -o jsonpath='{.data.\password}' | base64 -d +JJPcMxNKJev0SzgX + +$ kubectl exec -it -n demo sample-mgo-sh-mongos-9459cfc44-4jthd bash + +mongodb@sample-mgo-sh-0:/$ mongo admin -u root -p JJPcMxNKJev0SzgX + +mongos> show dbs +admin 0.000GB +config 0.001GB + + +mongos> show users +{ + "_id" : "admin.root", + "userId" : UUID("b9a1551b-83cf-4ebb-852b-dd23c890f301"), + "user" : "root", + "db" : "admin", + "roles" : [ + { + "role" : "root", + "db" : "admin" + } + ] +} + +mongos> use newdb +switched to db newdb + +mongos> db.movie.insert({"name":"batman"}); +WriteResult({ "nInserted" : 1 }) + +mongos> db.movie.find().pretty() +{ "_id" : ObjectId("5d3064bf144a1b8fda04cd4f"), "name" : "batman" } + +mongos> exit +bye +``` + +Now, we are ready to backup this sample database. + +### Prepare Backend + +We are going to store our backed up data into a GCS bucket. At first, we need to create a secret with GCS credentials then we need to create a `Repository` crd. If you want to use a different backend, please read the respective backend configuration doc from [here](/docs/guides/backends/overview/index.md). + +**Create Storage Secret:** + +Let's create a secret called `gcs-secret` with access credentials to our desired GCS bucket, + +```console +$ echo -n 'changeit' > RESTIC_PASSWORD +$ echo -n '' > GOOGLE_PROJECT_ID +$ cat downloaded-sa-key.json > GOOGLE_SERVICE_ACCOUNT_JSON_KEY +$ kubectl create secret generic -n demo gcs-secret \ + --from-file=./RESTIC_PASSWORD \ + --from-file=./GOOGLE_PROJECT_ID \ + --from-file=./GOOGLE_SERVICE_ACCOUNT_JSON_KEY +secret/gcs-secret created +``` + +**Create Repository:** + +Now, create a `Repository` using this secret. Below is the YAML of Repository crd we are going to create, + +```yaml +apiVersion: stash.appscode.com/v1alpha1 +kind: Repository +metadata: + name: gcs-repo-sharding + namespace: demo +spec: + backend: + gcs: + bucket: appscode-qa + prefix: demo/mongodb/sample-mgo-sh + storageSecretName: gcs-secret +``` + +Let's create the `Repository` we have shown above, + +```console +$ kubectl apply -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/mongodb/sharding/examples/repository-sharding.yaml +repository.stash.appscode.com/gcs-repo-sharding created +``` + +Now, we are ready to backup our database to our desired backend. + +### Backup MongoDB Sharding + +We have to create a `BackupConfiguration` targeting respective AppBinding crd of our desired database. Then Stash will create a CronJob to periodically backup the database. + +**Create BackupConfiguration:** + +Below is the YAML for `BackupConfiguration` crd to backup the `sample-mgo-sh` database we have deployed earlier., + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: sample-mgo-sh-backup + namespace: demo +spec: + schedule: "*/5 * * * *" + task: + name: mongodb-backup-4.2.3 + repository: + name: gcs-repo-sharding + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-mgo-sh + retentionPolicy: + name: keep-last-5 + keepLast: 5 + prune: true +``` + +Here, + +- `spec.schedule` specifies that we want to backup the database at 5 minutes interval. +- `spec.task.name` specifies the name of the task crd that specifies the necessary Function and their execution order to backup a MongoDB database. +- `spec.target.ref` refers to the `AppBinding` crd that was created for `sample-mgo-sh` database. + +Let's create the `BackupConfiguration` crd we have shown above, + +```console +$ kubectl apply -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/mongodb/sharding/examples/backupconfiguration-sharding.yaml +backupconfiguration.stash.appscode.com/sample-mgo-sh-backup created +``` + +**Verify Backup Setup Successful** + +If everything goes well, the phase of the `BackupConfiguration` should be `Ready`. The `Ready` phase indicates that the backup setup is successful. Let's verify the `Phase` of the BackupConfiguration, + +```console +$ kubectl get backupconfiguration -n demo +NAME TASK SCHEDULE PAUSED PHASE AGE +sample-mgo-sh-backup mongodb-backup-4.2.3 */5 * * * * Ready 11s +``` + +**Verify CronJob:** + +Stash will create a CronJob with the schedule specified in `spec.schedule` field of `BackupConfiguration` crd. + +Verify that the CronJob has been created using the following command, + +```console +$ kubectl get cronjob -n demo +NAME SCHEDULE SUSPEND ACTIVE LAST SCHEDULE AGE +sample-mgo-sh-backup */5 * * * * False 0 13s +``` + +**Wait for BackupSession:** + +The `sample-mgo-sh-backup` CronJob will trigger a backup on each schedule by creating a `BackupSession` crd. + +Wait for the next schedule. Run the following command to watch `BackupSession` crd, + +```console +$ kubectl get backupsession -n demo -w +NAME INVOKER-TYPE INVOKER-NAME PHASE AGE +sample-mgo-sh-backup-1563512707 BackupConfiguration sample-mgo-sh-backup Running 5m19s +sample-mgo-sh-backup-1563512707 BackupConfiguration sample-mgo-sh-backup Succeeded 5m45s +``` + +We can see above that the backup session has succeeded. Now, we are going to verify that the backed up data has been stored in the backend. + +**Verify Backup:** + +Once a backup is complete, Stash will update the respective `Repository` crd to reflect the backup. Check that the repository `gcs-repo-sharding` has been updated by the following command, + +```console +$ kubectl get repository -n demo gcs-repo-sharding +NAME INTEGRITY SIZE SNAPSHOT-COUNT LAST-SUCCESSFUL-BACKUP AGE +gcs-repo-sharding true 66.453 KiB 12 1m 20m +``` + +Now, if we navigate to the GCS bucket, we are going to see backed up data has been stored in `demo/mongodb/sample-mgo-sh` directory as specified by `spec.backend.gcs.prefix` field of Repository crd. + +> Note: Stash keeps all the backed up data encrypted. So, data in the backend will not make any sense until they are decrypted. + +## Restore MongoDB Sharding + +In this section, we are going to restore the database from the backup we have taken in the previous section. We are going to deploy a new sharded database and initialize it from the backup. + +**Stop Taking Backup of the Old Database:** + +At first, let's stop taking any further backup of the old database so that no backup is taken during restore process. We are going to pause the `BackupConfiguration` crd that we had created to backup the `sample-mgo-sh` database. Then, Stash will stop taking any further backup for this database. + +Let's pause the `sample-mgo-sh-backup` BackupConfiguration, + +```console +$ kubectl patch backupconfiguration -n demo sample-mgo-sh-backup --type="merge" --patch='{"spec": {"paused": true}}' +backupconfiguration.stash.appscode.com/sample-mgo-sh-backup patched +``` + +Now, wait for a moment. Stash will pause the BackupConfiguration. Verify that the BackupConfiguration has been paused, + +```console +$ kubectl get backupconfiguration -n demo sample-mgo-sh-backup +NAME TASK SCHEDULE PAUSED PHASE AGE +sample-mgo-sh-backup mongodb-backup-4.2.3 */5 * * * * true Ready 26m +``` + +Notice the `PAUSED` column. Value `true` for this field means that the BackupConfiguration has been paused. + +**Deploy Restored Database:** + +Now, we have to deploy the restored database similarly as we have deployed the original `sample-mgo-sh` database. However, this time there will be the following differences: + +- We are going to specify `spec.init.waitForInitialRestore: true` which will tell KubeDB to wait until the first restore to complete before marking this database as ready to use. + +Below is the YAML for `MongoDB` crd we are going deploy to initialize from backup, + +```yaml +apiVersion: kubedb.com/v1alpha2 +kind: MongoDB +metadata: + name: restored-mgo-sh + namespace: demo +spec: + authSecret: + name: sample-mgo-sh-auth + version: 4.2.3 + shardTopology: + configServer: + replicas: 3 + storage: + resources: + requests: + storage: 1Gi + storageClassName: standard + mongos: + replicas: 2 + shard: + replicas: 3 + shards: 3 + storage: + resources: + requests: + storage: 1Gi + storageClassName: standard + init: + waitForInitialRestore: true + terminationPolicy: WipeOut +``` + +Let's create the above database, + +```console +$ kubectl apply -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/mongodb/sharding/examples/restored-mongodb-sharding.yaml +mongodb.kubedb.com/restored-mgo-sh created +``` + +If you check the database status, you will see it is stuck in `Provisioning` state. + +```console +$ kubectl get mg -n demo restored-mgo-sh +NAME VERSION STATUS AGE +restored-mgo-sh 4.2.3 Provisioning 48m +``` + +**Create RestoreSession:** + +Now, we need to create a `RestoreSession` crd pointing to the AppBinding for this restored database. + +Check AppBinding has been created for the `restored-mgo-sh` database using the following command, + +```console +$ kubectl get appbindings -n demo restored-mgo-sh +NAME AGE +restored-mgo-sh 29s +``` + +NB. The appbinding `restored-mgo-sh` also contains `spec.parametrs` field. the number of hosts in `spec.parameters.replicaSets` needs to be similar to the old appbinding. Otherwise, the sharding recover may not be accurate. + +> If you are not using KubeDB to deploy database, create the AppBinding manually. + +Below is the YAML for the `RestoreSession` crd that we are going to create to restore backed up data into `restored-mgo-sh` database. + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: RestoreSession +metadata: + name: sample-mgo-sh-restore + namespace: demo +spec: + task: + name: mongodb-restore-4.2.3 + repository: + name: gcs-repo-sharding + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: restored-mgo-sh + rules: + - snapshots: [latest] +``` + +Here, + +- `spec.task.name` specifies the name of the `Task` crd that specifies the Functions and their execution order to restore a MongoDB database. +- `spec.repository.name` specifies the `Repository` crd that holds the backend information where our backed up data has been stored. +- `spec.target.ref` refers to the AppBinding crd for the `restored-mgo-sh` database. +- `spec.rules` specifies that we are restoring from the latest backup snapshot of the database. + +Let's create the `RestoreSession` crd we have shown above, + +```console +$ kubectl apply -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/mongodb/sharding/examples/restoresession-sharding.yaml +restoresession.stash.appscode.com/sample-mgo-sh-restore created +``` + +Once, you have created the `RestoreSession` crd, Stash will create a job to restore. We can watch the `RestoreSession` phase to check if the restore process is succeeded or not. + +Run the following command to watch `RestoreSession` phase, + +```console +$ kubectl get restoresession -n demo sample-mgo-sh-restore -w +NAME REPOSITORY-NAME PHASE AGE +sample-mgo-sh-restore gcs-repo-sharding Running 5s +sample-mgo-sh-restore gcs-repo-sharding Succeeded 43s +``` + +So, we can see from the output of the above command that the restore process succeeded. + +**Verify Restored Data:** + +In this section, we are going to verify that the desired data has been restored successfully. We are going to connect to `mongos` and check whether the table we had created in the original database is restored or not. + +At first, check if the database has gone into `Running` state by the following command, + +```console +$ kubectl get mg -n demo restored-mgo-sh +NAME VERSION STATUS AGE +restored-mgo-sh 4.2.3 Running 2h +``` + +Now, find out the `mongos` pod, + +```console +$ kubectl get pods -n demo --selector="mongodb.kubedb.com/node.mongos=restored-mgo-sh-mongos" +NAME READY STATUS RESTARTS AGE +restored-mgo-sh-mongos-7bccd5d684-2z5xs 1/1 Running 0 169m +restored-mgo-sh-mongos-7bccd5d684-vvdxb 1/1 Running 0 169m +``` + +Now, exec into the database pod and list available tables, + +```console +$ kubectl get secrets -n demo sample-mgo-sh-auth -o jsonpath='{.data.\username}' | base64 -d +root + +$ kubectl get secrets -n demo sample-mgo-sh-auth -o jsonpath='{.data.\password}' | base64 -d +JJPcMxNKJev0SzgX + +$ kubectl exec -it -n demo restored-mgo-sh-mongos-7bccd5d684-2z5xs bash + +mongodb@restored-mgo-sh-0:/$ mongo admin -u root -p JJPcMxNKJev0SzgX + +mongos> show dbs +admin 0.000GB +config 0.001GB +newdb 0.000GB + + +mongos> show users +{ + "_id" : "admin.root", + "userId" : UUID("a57cb466-ec66-453b-b795-654169a0f035"), + "user" : "root", + "db" : "admin", + "roles" : [ + { + "role" : "root", + "db" : "admin" + } + ] +} + +mongos> use newdb +switched to db newdb + +mongos> db.movie.find().pretty() +{ "_id" : ObjectId("5d3064bf144a1b8fda04cd4f"), "name" : "batman" } + +mongos> exit +bye +``` + +So, from the above output, we can see the database `newdb` that we had created in the original database `sample-mgo-sh` is restored in the restored database `restored-mgo-sh`. + +## Backup MongoDB Sharded Cluster and Restore into a Standalone database + +It is possible to take backup of a MongoDB Sharded Cluster and restore it into a standalone database, but user need to create the appbinding for this process. + +### Backup a sharded cluster + +Keep all the fields of appbinding that is explained earlier in this guide, except `spec.parameter`. Do not set `spec.parameter.configServer` and `spec.parameter.replicaSet`. By doing this, the job will use `spec.clientConfig.service.name` as host, which is `mongos` router DSN. So, the backup will treat this cluster as a standalone and will skip the [`idiomatic way` of taking backups of a sharded cluster](https://docs.mongodb.com/manual/tutorial/backup-sharded-cluster-with-database-dumps/). Then follow the rest of the procedure as described above. + +```yaml +apiVersion: appcatalog.appscode.com/v1alpha1 +kind: AppBinding +metadata: + name: sample-mgo-sh-custom + namespace: demo +spec: + clientConfig: + service: + name: sample-mgo-sh + port: 27017 + scheme: mongodb + secret: + name: sample-mgo-sh-auth + type: kubedb.com/mongodb + +--- +apiVersion: stash.appscode.com/v1alpha1 +kind: Repository +metadata: + name: gcs-repo-custom + namespace: demo +spec: + backend: + gcs: + bucket: appscode-qa + prefix: demo/mongodb/sample-mgo-sh/standalone + storageSecretName: gcs-secret + +--- +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: sample-mgo-sh-backup2 + namespace: demo +spec: + schedule: "*/5 * * * *" + task: + name: mongodb-backup-4.2.3 + repository: + name: gcs-repo-custom + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-mgo-sh-custom + retentionPolicy: + name: keep-last-5 + keepLast: 5 + prune: true +``` + +```console +$ kubectl create -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/mongodb/sharding/examples/standalone-backup.yaml +appbinding.appcatalog.appscode.com/sample-mgo-sh-custom created +repository.stash.appscode.com/gcs-repo-custom created +backupconfiguration.stash.appscode.com/sample-mgo-sh-backup2 created + + +$ kubectl get backupsession -n demo +NAME BACKUPCONFIGURATION PHASE AGE +sample-mgo-sh-backup-1563528902 sample-mgo-sh-backup Succeeded 35s + + +$ kubectl get repository -n demo gcs-repo-custom +NAME INTEGRITY SIZE SNAPSHOT-COUNT LAST-SUCCESSFUL-BACKUP AGE +gcs-repo-custom true 22.160 KiB 4 1m 2m +``` + +### Restore to a standalone database + +No additional configuration is needed to restore the sharded cluster to a standalone database. Follow the normal procedure of restoring a MongoDB Database. + +Standalone MongoDB, + +```yaml +apiVersion: kubedb.com/v1alpha2 +kind: MongoDB +metadata: + name: restored-mongodb + namespace: demo +spec: + version: "4.2.3" + storageType: Durable + authSecret: + name: sample-mgo-sh-auth + storage: + storageClassName: "standard" + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + init: + waitForInitialRestore: true + terminationPolicy: WipeOut +``` + +RestoreSession crd object, + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: RestoreSession +metadata: + name: sample-mongodb-restore + namespace: demo +spec: + task: + name: mongodb-restore-4.2.3 + repository: + name: gcs-repo-custom + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: restored-mongodb + rules: + - snapshots: [latest] +``` + +```console +$ kubectl create -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/mongodb/sharding/examples/restored-standalone.yaml +mongodb.kubedb.com/restored-mongodb created + +$ kubectl get mg -n demo restored-mongodb +NAME VERSION STATUS AGE +restored-mongodb 4.2.3 Provisioning 56s + +$ kubectl create -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/mongodb/sharding/examples/restoresession-standalone.yaml +restoresession.stash.appscode.com/sample-mongodb-restore created + +$ kubectl get mg -n demo restored-mongodb +NAME VERSION STATUS AGE +restored-mongodb 4.2.3 Running 56s +``` + +Now, exec into the database pod and list available tables, + +```console +$ kubectl get secrets -n demo sample-mgo-sh-auth -o jsonpath='{.data.\username}' | base64 -d +root + +$ kubectl get secrets -n demo sample-mgo-sh-auth -o jsonpath='{.data.\password}' | base64 -d +JJPcMxNKJev0SzgX + +$ kubectl exec -it -n demo restored-mongodb-0 bash + +mongodb@restored-mongodb-0:/$ mongo admin -u root -p JJPcMxNKJev0SzgX + +> show dbs +admin 0.000GB +config 0.000GB +local 0.000GB +newdb 0.000GB + +> show users +{ + "_id" : "admin.root", + "userId" : UUID("98fa7511-2ae0-4466-bb2a-f9a7e17631ad"), + "user" : "root", + "db" : "admin", + "roles" : [ + { + "role" : "root", + "db" : "admin" + } + ] +} + +> use newdb +switched to db newdb + +> db.movie.find().pretty() +{ "_id" : ObjectId("5d3064bf144a1b8fda04cd4f"), "name" : "batman" } + +> exit +bye +``` + +So, from the above output, we can see the database `newdb` that we had created in the original database `sample-mgo-sh` is restored in the restored database `restored-mongodb`. + +## Cleanup + +To cleanup the Kubernetes resources created by this tutorial, run: + +```console +kubectl delete -n demo restoresession sample-mgo-sh-restore sample-mongodb-restore +kubectl delete -n demo backupconfiguration sample-mgo-sh-backup sample-mgo-sh-backup2 +kubectl delete -n demo mg sample-mgo-sh sample-mgo-sh-ssl restored-mgo-sh restored-mgo-sh restored-mongodb +kubectl delete -n demo repository gcs-repo-sharding gcs-repo-custom +``` diff --git a/docs/addons/mongodb/standalone/examples/backupconfiguration.yaml b/docs/addons/mongodb/standalone/examples/backupconfiguration.yaml new file mode 100644 index 0000000..e494763 --- /dev/null +++ b/docs/addons/mongodb/standalone/examples/backupconfiguration.yaml @@ -0,0 +1,20 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: sample-mongodb-backup + namespace: demo +spec: + schedule: "*/5 * * * *" + task: + name: mongodb-backup-4.2.3 + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-mongodb + retentionPolicy: + name: keep-last-5 + keepLast: 5 + prune: true diff --git a/docs/addons/mongodb/standalone/examples/mongodb.yaml b/docs/addons/mongodb/standalone/examples/mongodb.yaml new file mode 100644 index 0000000..bc20508 --- /dev/null +++ b/docs/addons/mongodb/standalone/examples/mongodb.yaml @@ -0,0 +1,16 @@ +apiVersion: kubedb.com/v1alpha2 +kind: MongoDB +metadata: + name: sample-mongodb + namespace: demo +spec: + version: "4.2.3" + storageType: Durable + storage: + storageClassName: "standard" + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + terminationPolicy: WipeOut diff --git a/docs/addons/mongodb/standalone/examples/repository.yaml b/docs/addons/mongodb/standalone/examples/repository.yaml new file mode 100644 index 0000000..9b22491 --- /dev/null +++ b/docs/addons/mongodb/standalone/examples/repository.yaml @@ -0,0 +1,11 @@ +apiVersion: stash.appscode.com/v1alpha1 +kind: Repository +metadata: + name: gcs-repo + namespace: demo +spec: + backend: + gcs: + bucket: appscode-qa + prefix: demo/mongodb/sample-mongodb + storageSecretName: gcs-secret diff --git a/docs/addons/mongodb/standalone/examples/restored-mongodb.yaml b/docs/addons/mongodb/standalone/examples/restored-mongodb.yaml new file mode 100644 index 0000000..2269cfa --- /dev/null +++ b/docs/addons/mongodb/standalone/examples/restored-mongodb.yaml @@ -0,0 +1,19 @@ +apiVersion: kubedb.com/v1alpha2 +kind: MongoDB +metadata: + name: restored-mongodb + namespace: demo +spec: + version: "4.2.3" + storageType: Durable + storage: + storageClassName: "standard" + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + init: + waitForInitialRestore: true + terminationPolicy: WipeOut + diff --git a/docs/addons/mongodb/standalone/examples/restoresession.yaml b/docs/addons/mongodb/standalone/examples/restoresession.yaml new file mode 100644 index 0000000..231b31c --- /dev/null +++ b/docs/addons/mongodb/standalone/examples/restoresession.yaml @@ -0,0 +1,17 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: RestoreSession +metadata: + name: sample-mongodb-restore + namespace: demo +spec: + task: + name: mongodb-restore-4.2.3 + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: restored-mongodb + rules: + - snapshots: [latest] diff --git a/docs/addons/mongodb/standalone/index.md b/docs/addons/mongodb/standalone/index.md new file mode 100644 index 0000000..68085fb --- /dev/null +++ b/docs/addons/mongodb/standalone/index.md @@ -0,0 +1,579 @@ +--- +title: Backup & Restore Standalone MongoDB | Stash +description: Backup and restore standalone MongoDB database using Stash +menu: + docs_{{ .version }}: + identifier: stash-mongodb-standalone + name: Standalone MongoDB + parent: stash-mongodb + weight: 20 +product_name: kubestash +menu_name: docs_{{ .version }} +section_menu_id: stash-addons +--- + +# Backup and Restore MongoDB database using Stash + +Stash 0.9.0+ supports backup and restoration of MongoDB databases. This guide will show you how you can backup and restore your MongoDB database with Stash. + +## Before You Begin + +- At first, you need to have a Kubernetes cluster, and the `kubectl` command-line tool must be configured to communicate with your cluster. If you do not already have a cluster, you can create one by using Minikube. +- Install Stash in your cluster following the steps [here](/docs/setup/README.md). +- Install [KubeDB](https://kubedb.com) in your cluster following the steps [here](https://kubedb.com/docs/latest/setup/). This step is optional. You can deploy your database using any method you want. We are using KubeDB because KubeDB simplifies many of the difficult or tedious management tasks of running a production grade databases on private and public clouds. +- If you are not familiar with how Stash backup and restore MongoDB databases, please check the following guide [here](/docs/addons/mongodb/overview/index.md). + +You have to be familiar with following custom resources: + +- [AppBinding](/docs/concepts/crds/appbinding/index.md) +- [Function](/docs/concepts/crds/function/index.md) +- [Task](/docs/concepts/crds/task/index.md) +- [BackupConfiguration](/docs/concepts/crds/backupconfiguration/index.md) +- [RestoreSession](/docs/concepts/crds/restoresession/index.md) + +To keep things isolated, we are going to use a separate namespace called `demo` throughout this tutorial. Create `demo` namespace if you haven't created yet. + +```console +$ kubectl create ns demo +namespace/demo created +``` + +> Note: YAML files used in this tutorial are stored [here](https://github.com/kubestash/docs/tree/{{< param "info.version" >}}/docs/addons/mongodb/standalone/examples). + +## Backup MongoDB + +This section will demonstrate how to backup MongoDB database. Here, we are going to deploy a MongoDB database using KubeDB. Then, we are going to backup this database into a GCS bucket. Finally, we are going to restore the backed up data into another MongoDB database. + +### Deploy Sample MongoDB Database + +Let's deploy a sample MongoDB database and insert some data into it. + +**Create MongoDB CRD:** + +Below is the YAML of a sample MongoDB crd that we are going to create for this tutorial: + +```yaml +apiVersion: kubedb.com/v1alpha2 +kind: MongoDB +metadata: + name: sample-mongodb + namespace: demo +spec: + version: "4.2.3" + storageType: Durable + storage: + storageClassName: "standard" + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + terminationPolicy: WipeOut +``` + +Create the above `MongoDB` crd, + +```console +$ kubectl apply -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/mongodb/standalone/examples/mongodb.yaml +mongodb.kubedb.com/sample-mongodb created +``` + +KubeDB will deploy a MongoDB database according to the above specification. It will also create the necessary secrets and services to access the database. + +Let's check if the database is ready to use, + +```console +$ kubectl get mg -n demo sample-mongodb +NAME VERSION STATUS AGE +sample-mongodb 4.2.3 Ready 2m9s +``` + +The database is `Ready`. Verify that KubeDB has created a Secret and a Service for this database using the following commands, + +```console +$ kubectl get secret -n demo -l=app.kubernetes.io/instance=sample-mongodb +NAME TYPE DATA AGE +sample-mongodb-auth Opaque 2 2m28s + +$ kubectl get service -n demo -l=app.kubernetes.io/instance=sample-mongodb +NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE +sample-mongodb ClusterIP 10.107.58.222 27017/TCP 2m48s +sample-mongodb-gvr ClusterIP None 27017/TCP 2m48s +``` + +Here, we have to use service `sample-mongodb` and secret `sample-mongodb-auth` to connect with the database. KubeDB creates an [AppBinding](/docs/concepts/crds/appbinding/index.md) crd that holds the necessary information to connect with the database. + +**Verify AppBinding:** + +Verify that the `AppBinding` has been created successfully using the following command, + +```console +$ kubectl get appbindings -n demo +NAME AGE +sample-mongodb 20m +``` + +Let's check the YAML of the above `AppBinding`, + +```console +$ kubectl get appbindings -n demo sample-mongodb -o yaml +``` + +```yaml +apiVersion: appcatalog.appscode.com/v1alpha1 +kind: AppBinding +metadata: + labels: + app.kubernetes.io/component: database + app.kubernetes.io/instance: sample-mongodb + app.kubernetes.io/managed-by: kubedb.com + app.kubernetes.io/name: mongodbs.kubedb.com + name: sample-mongodb + namespace: demo +spec: + clientConfig: + service: + name: sample-mongodb + port: 27017 + scheme: mongodb + secret: + name: sample-mongodb-auth + type: kubedb.com/mongodb + version: "4.2.3" +``` + +Stash uses the `AppBinding` crd to connect with the target database. It requires the following two fields to set in AppBinding's `Spec` section. + +- `spec.clientConfig.service.name` specifies the name of the service that connects to the database. +- `spec.secret` specifies the name of the secret that holds necessary credentials to access the database. +- `spec.type` specifies the types of the app that this AppBinding is pointing to. KubeDB generated AppBinding follows the following format: `/`. + +**Creating AppBinding Manually:** + +If you deploy MongoDB database without KubeDB, you have to create the AppBinding crd manually in the same namespace as the service and secret of the database. + +The following YAML shows a minimal AppBinding specification that you have to create if you deploy MongoDB database without KubeDB. + +```yaml +apiVersion: appcatalog.appscode.com/v1alpha1 +kind: AppBinding +metadata: + name: my-custom-appbinding + namespace: my-database-namespace +spec: + clientConfig: + service: + name: my-database-service + port: 27017 + scheme: mongodb + secret: + name: my-database-credentials-secret + # type field is optional. you can keep it empty. + # if you keep it empty then the value of TARGET_APP_RESOURCE variable + # will be set to "appbinding" during auto-backup. + type: mongodb +``` + +**Insert Sample Data:** + +Now, we are going to exec into the database pod and create some sample data. At first, find out the database pod using the following command, + +```console +$ kubectl get pods -n demo --selector="app.kubernetes.io/instance=sample-mongodb" +NAME READY STATUS RESTARTS AGE +sample-mongodb-0 1/1 Running 0 12m +``` + +Now, let's exec into the pod and create a table, + +```console +$ kubectl get secrets -n demo sample-mongodb-auth -o jsonpath='{.data.\username}' | base64 -d +root + +$ kubectl get secrets -n demo sample-mongodb-auth -o jsonpath='{.data.\password}' | base64 -d +Tv1pSiLjGqZ9W4jE + +$ kubectl exec -it -n demo sample-mongodb-0 bash + +mongodb@sample-mongodb-0:/$ mongo admin -u root -p Tv1pSiLjGqZ9W4jE + +> show dbs +admin 0.000GB +local 0.000GB +mydb 0.000GB + +> show users +{ + "_id" : "admin.root", + "user" : "root", + "db" : "admin", + "roles" : [ + { + "role" : "root", + "db" : "admin" + } + ] +} + +> use newdb +switched to db newdb + +> db.movie.insert({"name":"batman"}); +WriteResult({ "nInserted" : 1 }) + +> db.movie.find().pretty() +{ "_id" : ObjectId("5d19d1cdc93d828f44e37735"), "name" : "batman" } + +> exit +bye +``` + +Now, we are ready to backup this sample database. + +### Prepare Backend + +We are going to store our backed up data into a GCS bucket. At first, we need to create a secret with GCS credentials then we need to create a `Repository` crd. If you want to use a different backend, please read the respective backend configuration doc from [here](/docs/guides/backends/overview/index.md). + +**Create Storage Secret:** + +Let's create a secret called `gcs-secret` with access credentials to our desired GCS bucket, + +```console +$ echo -n 'changeit' > RESTIC_PASSWORD +$ echo -n '' > GOOGLE_PROJECT_ID +$ cat downloaded-sa-json.key > GOOGLE_SERVICE_ACCOUNT_JSON_KEY +$ kubectl create secret generic -n demo gcs-secret \ + --from-file=./RESTIC_PASSWORD \ + --from-file=./GOOGLE_PROJECT_ID \ + --from-file=./GOOGLE_SERVICE_ACCOUNT_JSON_KEY +secret/gcs-secret created +``` + +**Create Repository:** + +Now, crete a `Repository` using this secret. Below is the YAML of Repository crd we are going to create, + +```yaml +apiVersion: stash.appscode.com/v1alpha1 +kind: Repository +metadata: + name: gcs-repo + namespace: demo +spec: + backend: + gcs: + bucket: appscode-qa + prefix: /demo/mongodb/sample-mongodb + storageSecretName: gcs-secret +``` + +Let's create the `Repository` we have shown above, + +```console +$ kubectl apply -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/mongodb/standalone/examples/repository.yaml +repository.stash.appscode.com/gcs-repo created +``` + +Now, we are ready to backup our database to our desired backend. + +### Backup + +We have to create a `BackupConfiguration` targeting respective AppBinding crd of our desired database. Then Stash will create a CronJob to periodically backup the database. + +**Create BackupConfiguration:** + +Below is the YAML for `BackupConfiguration` crd to backup the `sample-mongodb` database we have deployed earlier., + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: sample-mongodb-backup + namespace: demo +spec: + schedule: "*/5 * * * *" + task: + name: mongodb-backup-4.2.3 + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-mongodb + retentionPolicy: + name: keep-last-5 + keepLast: 5 + prune: true +``` + +Here, + +- `spec.schedule` specifies that we want to backup the database at 5 minutes interval. +- `spec.task.name` specifies the name of the task crd that specifies the necessary Function and their execution order to backup a MongoDB database. +- `spec.target.ref` refers to the `AppBinding` crd that was created for `sample-mongodb` database. + +Let's create the `BackupConfiguration` crd we have shown above, + +```console +$ kubectl apply -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/mongodb/standalone/examples/backupconfiguration.yaml +backupconfiguration.stash.appscode.com/sample-mongodb-backup created +``` + +**Verify Backup Setup Successful** + +If everything goes well, the phase of the `BackupConfiguration` should be `Ready`. The `Ready` phase indicates that the backup setup is successful. Let's verify the `Phase` of the BackupConfiguration, + +```console +$ kubectl get backupconfiguration -n demo +NAME TASK SCHEDULE PAUSED PHASE AGE +sample-mongodb-backup mongodb-backup-4.2.3 */5 * * * * Ready 11s +``` + +**Verify CronJob:** + +Stash will create a CronJob with the schedule specified in `spec.schedule` field of `BackupConfiguration` crd. + +Verify that the CronJob has been created using the following command, + +```console +$ kubectl get cronjob -n demo +NAME SCHEDULE SUSPEND ACTIVE LAST SCHEDULE AGE +sample-mongodb-backup */5 * * * * False 0 61s +``` + +**Wait for BackupSession:** + +The `sample-mongodb-backup` CronJob will trigger a backup on each schedule by creating a `BackpSession` crd. + +Wait for the next schedule. Run the following command to watch `BackupSession` crd, + +```console +$ kubectl get backupsession -n demo -w +NAME INVOKER-TYPE INVOKER-NAME PHASE AGE +sample-mongodb-backup-1561974001 BackupConfiguration sample-mongodb-backup Running 5m19s +sample-mongodb-backup-1561974001 BackupConfiguration sample-mongodb-backup Succeeded 5m45s +``` + +We can see above that the backup session has succeeded. Now, we are going to verify that the backed up data has been stored in the backend. + +**Verify Backup:** + +Once a backup is complete, Stash will update the respective `Repository` crd to reflect the backup. Check that the repository `gcs-repo` has been updated by the following command, + +```console +$ kubectl get repository -n demo gcs-repo +NAME INTEGRITY SIZE SNAPSHOT-COUNT LAST-SUCCESSFUL-BACKUP AGE +gcs-repo true 1.611 KiB 1 33s 33m +``` + +Now, if we navigate to the GCS bucket, we are going to see backed up data has been stored in `demo/mongodb/sample-mongodb` directory as specified by `spec.backend.gcs.prefix` field of Repository crd. + +> Note: Stash keeps all the backed up data encrypted. So, data in the backend will not make any sense until they are decrypted. + +## Restore MongoDB + +In this section, we are going to restore the database from the backup we have taken in the previous section. We are going to deploy a new database and initialize it from the backup. + +**Stop Taking Backup of the Old Database:** + +At first, let's stop taking any further backup of the old database so that no backup is taken during restore process. We are going to pause the `BackupConfiguration` crd that we had created to backup the `sample-mongodb` database. Then, Stash will stop taking any further backup for this database. + +Let's pause the `sample-mongodb-backup` BackupConfiguration, + +```console +$ kubectl patch backupconfiguration -n demo sample-mongodb-backup --type="merge" --patch='{"spec": {"paused": true}}' +backupconfiguration.stash.appscode.com/sample-mongodb-backup patched +``` + +Now, wait for a moment. Stash will pause the BackupConfiguration. Verify that the BackupConfiguration has been paused, + +```console +$ kubectl get backupconfiguration -n demo sample-mongodb-backup +NAME TASK SCHEDULE PAUSED PHASE AGE +sample-mongodb-backup mongodb-backup-4.2.3 */5 * * * * true Ready 26m +``` + +Notice the `PAUSED` column. Value `true` for this field means that the BackupConfiguration has been paused. + +**Deploy Restored Database:** + +Now, we have to deploy the restored database similarly as we have deployed the original `sample-psotgres` database. However, this time there will be the following differences: + +- We are going to specify `spec.init.waitForInitialRestore: true` which will tell KubeDB to wait until the first restore to complete before marking this database as ready to use. + +Below is the YAML for `MongoDB` crd we are going deploy to initialize from backup, + +```yaml +apiVersion: kubedb.com/v1alpha2 +kind: MongoDB +metadata: + name: restored-mongodb + namespace: demo +spec: + version: "4.2.3" + storageType: Durable + storage: + storageClassName: "standard" + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + init: + waitForInitialRestore: true + terminationPolicy: WipeOut +``` + +Let's create the above database, + +```console +$ kubectl apply -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/mongodb/standalone/examples/restore/standalone/restored-mongodb.yaml +mongodb.kubedb.com/restored-mongodb created +``` + +If you check the database status, you will see it is stuck in `Provisioning` state. + +```console +$ kubectl get mg -n demo restored-mongodb +NAME VERSION STATUS AGE +restored-mongodb 4.2.3 Provisioning 17s +``` + +**Create RestoreSession:** + +Now, we need to create a `RestoreSession` crd pointing to the AppBinding for this restored database. + +Check AppBinding has been created for the `restored-mongodb` database using the following command, + +```console +$ kubectl get appbindings -n demo restored-mongodb +NAME AGE +restored-mongodb 29s +``` + +> If you are not using KubeDB to deploy database, create the AppBinding manually. + +Below is the YAML for the `RestoreSession` crd that we are going to create to restore backed up data into `restored-mongodb` database. + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: RestoreSession +metadata: + name: sample-mongodb-restore + namespace: demo +spec: + task: + name: mongodb-restore-4.2.3 + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: restored-mongodb + rules: + - snapshots: [latest] +``` + +Here, + +- `spec.task.name` specifies the name of the `Task` crd that specifies the Functions and their execution order to restore a MongoDB database. +- `spec.repository.name` specifies the `Repository` crd that holds the backend information where our backed up data has been stored. +- `spec.target.ref` refers to the AppBinding crd for the `restored-mongodb` database. +- `spec.rules` specifies that we are restoring from the latest backup snapshot of the database. + +Let's create the `RestoreSession` crd we have shown above, + +```console +$ kubectl apply -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/mongodb/standalone/examples/restore/standalone/restoresession.yaml +restoresession.stash.appscode.com/sample-mongodb-restore created +``` + +Once, you have created the `RestoreSession` crd, Stash will create a job to restore. We can watch the `RestoreSession` phase to check if the restore process is succeeded or not. + +Run the following command to watch `RestoreSession` phase, + +```console +$ kubectl get restoresession -n demo sample-mongodb-restore -w +NAME REPOSITORY-NAME PHASE AGE +sample-mongodb-restore gcs-repo Running 5s +sample-mongodb-restore gcs-repo Succeeded 43s +``` + +So, we can see from the output of the above command that the restore process succeeded. + +**Verify Restored Data:** + +In this section, we are going to verify that the desired data has been restored successfully. We are going to connect to the database and check whether the table we had created in the original database is restored or not. + +At first, check if the database has gone into `Running` state by the following command, + +```console +$ kubectl get mg -n demo restored-mongodb +NAME VERSION STATUS AGE +restored-mongodb 4.2.3 Running 105m +``` + +Now, find out the database pod by the following command, + +```console +$ kubectl get pods -n demo --selector="app.kubernetes.io/instance=restored-mongodb" +NAME READY STATUS RESTARTS AGE +restored-mongodb-0 1/1 Running 0 106m +``` + +Now, exec into the database pod and list available tables, + +```console +$ kubectl get secrets -n demo sample-mongodb-auth -o jsonpath='{.data.\username}' | base64 -d +root + +$ kubectl get secrets -n demo sample-mongodb-auth -o jsonpath='{.data.\password}' | base64 -d +Tv1pSiLjGqZ9W4jE + +$ kubectl exec -it -n demo restored-mongodb-0 bash + +mongodb@restored-mongodb-0:/$ mongo admin -u root -p Tv1pSiLjGqZ9W4jE + +> show dbs +admin 0.000GB +config 0.000GB +local 0.000GB +newdb 0.000GB + +> show users +{ + "_id" : "admin.root", + "user" : "root", + "db" : "admin", + "roles" : [ + { + "role" : "root", + "db" : "admin" + } + ] +} + +> use newdb +switched to db newdb + +> db.movie.find().pretty() +{ "_id" : ObjectId("5d19d1cdc93d828f44e37735"), "name" : "batman" } + +> exit +bye +``` + +So, from the above output, we can see the database `newdb` that we had created in the original database `sample-mongodb` is restored in the restored database `restored-mongodb`. + +## Cleanup + +To cleanup the Kubernetes resources created by this tutorial, run: + +```console +kubectl delete -n demo restoresession sample-mongodb-restore sample-mongo +kubectl delete -n demo backupconfiguration sample-mongodb-backup +kubectl delete -n demo mg sample-mongodb sample-mongodb-ssl restored-mongodb +kubectl delete -n demo repository gcs-repo +``` diff --git a/docs/addons/mysql/README.md b/docs/addons/mysql/README.md new file mode 100644 index 0000000..142f24b --- /dev/null +++ b/docs/addons/mysql/README.md @@ -0,0 +1,41 @@ +--- +title: MySQL Addon Overview | Stash +description: MySQL Addon Overview | Stash +menu: + docs_{{ .version }}: + identifier: stash-mysql-readme + name: Readme + parent: stash-mysql + weight: -1 +product_name: kubestash +menu_name: docs_{{ .version }} +section_menu_id: stash-addons +url: /docs/{{ .version }}/addons/mysql/ +aliases: + - /docs/{{ .version }}/addons/mysql/README/ +--- + +# Stash MySQL Addon + +Stash 0.9.0+ supports extending its functionality through addons. Stash MySQL addon enables Stash to backup and restore MySQL databases. + +This guide will give you an overview of which MySQL versions are supported and how the docs are organized. + +## Supported MySQL Versions + +Stash has the following addon versions for MySQL: + +{{< versionlist "mysql">}} + +Here, the addon follows `M.M.P` versioning scheme where `M.M.P` (Major.Minor.Patch) represents the respective database version. + +## Addon Version Compatibility + +Any addon with matching major version with the database version should be able to take backup of that database. For example, MySQL addon with version `8.x.x` should be able take backup of any MySQL of `8.x.x` series. However, this might not be true for some versions. In that case, we will have separate addon for that version. + +## Documentation Overview + +Stash MySQL documentations are organized as below: + +- [How does it work?](/docs/addons/mysql/overview/index.md) gives an overview of how backup and restore process for MySQL database works in Stash. +- [Standalone MySQL Database](/docs/addons/mysql/standalone/index.md) shows how to backup and restore a standalone MySQL database. diff --git a/docs/addons/mysql/_index.md b/docs/addons/mysql/_index.md new file mode 100644 index 0000000..8f8894d --- /dev/null +++ b/docs/addons/mysql/_index.md @@ -0,0 +1,10 @@ +--- +title: Stash MySQL Addon +menu: + docs_{{ .version }}: + identifier: stash-mysql + name: MySQL + parent: stash-addons + weight: 50 +menu_name: docs_{{ .version }} +--- diff --git a/docs/addons/mysql/overview/images/backup_overview.svg b/docs/addons/mysql/overview/images/backup_overview.svg new file mode 100644 index 0000000..dc71cd5 --- /dev/null +++ b/docs/addons/mysql/overview/images/backup_overview.svg @@ -0,0 +1,997 @@ + + + + + + image/svg+xml + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/addons/mysql/overview/images/restore_overview.svg b/docs/addons/mysql/overview/images/restore_overview.svg new file mode 100644 index 0000000..de6898c --- /dev/null +++ b/docs/addons/mysql/overview/images/restore_overview.svg @@ -0,0 +1,867 @@ + + + + + + image/svg+xml + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/addons/mysql/overview/index.md b/docs/addons/mysql/overview/index.md new file mode 100644 index 0000000..829615a --- /dev/null +++ b/docs/addons/mysql/overview/index.md @@ -0,0 +1,81 @@ +--- +title: MySQL Backup & Restore Overview | Stash +description: How MySQL Backup & Restore Works in Stash +menu: + docs_{{ .version }}: + identifier: stash-mysql-overview + name: How does it work? + parent: stash-mysql + weight: 10 +product_name: kubestash +menu_name: docs_{{ .version }} +section_menu_id: stash-addons +--- + +# How Stash Backup & Restore MySQL Database + +Stash 0.9.0+ supports backup and restore operation of many databases. This guide will give you an overview of how MySQL database backup and restore process works in Stash. + +## How Backup Works + +The following diagram shows how Stash takes backup of a MySQL database. Open the image in a new tab to see the enlarged version. + +
    +  MySQL Backup Overview +
    Fig: MySQL Backup Overview
    +
    + +The backup process consists of the following steps: + +1. At first, a user creates a secret with access credentials of the backend where the backed up data will be stored. + +2. Then, she creates a `Repository` crd that specifies the backend information along with the secret that holds the credentials to access the backend. + +3. Then, she creates a `BackupConfiguration` crd targeting the [AppBinding](/docs/concepts/crds/appbinding/index.md) crd of the desired database. The `BackupConfiguration` object also specifies the `Task` to use to backup the database. + +4. Stash operator watches for `BackupConfiguration` crd. + +5. Once Stash operator finds a `BackupConfiguration` crd, it creates a CronJob with the schedule specified in `BackupConfiguration` object to trigger backup periodically. + +6. On the next scheduled slot, the CronJob triggers a backup by creating a `BackupSession` crd. + +7. Stash operator also watches for `BackupSession` crd. + +8. When it finds a `BackupSession` object, it resolves the respective `Task` and `Function` and prepares a Job definition to backup. + +9. Then, it creates the Job to backup the targeted database. + +10. The backup Job reads necessary information to connect with the database from the `AppBinding` crd. It also reads backend information and access credentials from `Repository` crd and Storage Secret respectively. + +11. Then, the Job dumps the targeted database and uploads the output to the backend. Stash pipes the output of dump command to uploading process. Hence, backup Job does not require a large volume to hold the entire dump output. + +12. Finally, when the backup is complete, the Job sends Prometheus metrics to the Pushgateway running inside Stash operator pod. It also updates the `BackupSession` and `Repository` status to reflect the backup procedure. + +## How Restore Process Works + +The following diagram shows how Stash restores backed up data into a MySQL database. Open the image in a new tab to see the enlarged version. + +
    +  Database Restore Overview +
    Fig: MySQL Restore Process Overview
    +
    + +The restore process consists of the following steps: + +1. At first, a user creates a `RestoreSession` crd targeting the `AppBinding` of the desired database where the backed up data will be restored. It also specifies the `Repository` crd which holds the backend information and the `Task` to use to restore the target. + +2. Stash operator watches for `RestoreSession` object. + +3. Once it finds a `RestoreSession` object, it resolves the respective `Task` and `Function` and prepares a Job definition to restore. + +4. Then, it creates the Job to restore the target. + +5. The Job reads necessary information to connect with the database from respective `AppBinding` crd. It also reads backend information and access credentials from `Repository` crd and Storage Secret respectively. + +6. Then, the job downloads the backed up data from the backend and injects into the desired database. Stash pipes the downloaded data to the respective database tool to inject into the database. Hence, restore job does not require a large volume to download entire backup data inside it. + +7. Finally, when the restore process is complete, the Job sends Prometheus metrics to the Pushgateway and update the `RestoreSession` status to reflect restore completion. + +## Next Steps + +- Backup MySQL database using Stash following the guide from [here](/docs/addons/mysql/standalone/index.md). diff --git a/docs/addons/mysql/standalone/examples/backupconfiguration.yaml b/docs/addons/mysql/standalone/examples/backupconfiguration.yaml new file mode 100644 index 0000000..84b6ad0 --- /dev/null +++ b/docs/addons/mysql/standalone/examples/backupconfiguration.yaml @@ -0,0 +1,20 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: sample-mysql-backup + namespace: demo +spec: + schedule: "*/5 * * * *" + task: + name: mysql-backup-8.0.21 + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-mysql + retentionPolicy: + name: keep-last-5 + keepLast: 5 + prune: true diff --git a/docs/addons/mysql/standalone/examples/repository.yaml b/docs/addons/mysql/standalone/examples/repository.yaml new file mode 100644 index 0000000..f08f305 --- /dev/null +++ b/docs/addons/mysql/standalone/examples/repository.yaml @@ -0,0 +1,11 @@ +apiVersion: stash.appscode.com/v1alpha1 +kind: Repository +metadata: + name: gcs-repo + namespace: demo +spec: + backend: + gcs: + bucket: appscode-qa + prefix: /demo/mysql/sample-mysql + storageSecretName: gcs-secret diff --git a/docs/addons/mysql/standalone/examples/restored-mysql.yaml b/docs/addons/mysql/standalone/examples/restored-mysql.yaml new file mode 100644 index 0000000..e4dafcb --- /dev/null +++ b/docs/addons/mysql/standalone/examples/restored-mysql.yaml @@ -0,0 +1,18 @@ +apiVersion: kubedb.com/v1alpha2 +kind: MySQL +metadata: + name: restored-mysql + namespace: demo +spec: + version: "8.0.27" + replicas: 1 + storageType: Durable + storage: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 50Mi + init: + waitForInitialRestore: true + terminationPolicy: WipeOut \ No newline at end of file diff --git a/docs/addons/mysql/standalone/examples/restoresession.yaml b/docs/addons/mysql/standalone/examples/restoresession.yaml new file mode 100644 index 0000000..6f1acfe --- /dev/null +++ b/docs/addons/mysql/standalone/examples/restoresession.yaml @@ -0,0 +1,17 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: RestoreSession +metadata: + name: restore-sample-mysql + namespace: demo +spec: + task: + name: mysql-restore-8.0.21 + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: restored-mysql + rules: + - snapshots: [latest] diff --git a/docs/addons/mysql/standalone/examples/sample-mysql.yaml b/docs/addons/mysql/standalone/examples/sample-mysql.yaml new file mode 100644 index 0000000..5290438 --- /dev/null +++ b/docs/addons/mysql/standalone/examples/sample-mysql.yaml @@ -0,0 +1,16 @@ +apiVersion: kubedb.com/v1alpha2 +kind: MySQL +metadata: + name: sample-mysql + namespace: demo +spec: + version: "8.0.27" + replicas: 1 + storageType: Durable + storage: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 50Mi + terminationPolicy: WipeOut diff --git a/docs/addons/mysql/standalone/images/sample-mysql-backup.png b/docs/addons/mysql/standalone/images/sample-mysql-backup.png new file mode 100644 index 0000000000000000000000000000000000000000..242b9dc718149eb3c5bfa873e3f59e5e0c15b00c GIT binary patch literal 59072 zcmd?QWmp_r69yREJ;2}rLU0%$xF%?DcX!v|ItdmSoZt?@-GjSJaCdk206WRu``w$n zyT5mzXaDs~cUPZNa?V?C)%hYXD~^Uti2UNk3$zasB8o3wz<^)8fTlx)hx}uA+qL!L z#j6(|MBXX8=^id2sVl2IBb+inv>?$P=ZnT^Dyy0k)qdc$3Do>zqnH?_v8HJFJtI+} zR-b-aFFQ4^&b)VDWq?7_Q<#ye&i|3S!yQJqEz3R&I{`enuoxc~D~1~vr%aF_e@&zBi~+)(gh%lQ9#@b{&@svjtd z6aMd)|Go_bo|FC~@?}O_#miGi*H5i^IE&gT;U;Wuw#e!XZCGNV1#YkY{VosnkA;;) zg9;~quevZe0Kf)yWJ2Me;eFHtJ-uUEx>U`*0C>FOBQy_<<^lZtQ0o1>k#1XY!gTkUtVY!S^st zd~L$~ZIXN(ef`anRddMKo%!*0xBM%pJyvrBN)a)fMc+A~)o!X8bcRd*tgIThy{`$1 zz{yQH`b>gQbo#^$uQNZz+y@8qNn0M}m6;jUK+)!Ng?!sJL{cs14gu{in+xed?CI^T z(Rc+JGgMdFUVwPnrLbRojK-R)4~PErgSdjK!{KKoH#;@22Yp~=t+M{OR8WbFICys_ zWG?>BKskZPi;s|4a=@y>(wjEU1TVX3z^y@V=SsvvlyOAY>xbozot>!Q$R3iJ*($gf zqxyC_oow%m0MtmB?uu(Qyx@+C;W2`EMQeWUQw{&12W44?X1rCBV>oB2;1Uk?wL|AM zj7t4(|EFu+QejfxX-v*0U)PBH+Op?H?3q^ke4Uw&wpk`7Qt96gjQ%P^O`q?^&2`Zy zjT8Rb9#q$eb4^b9m8NGzcxrz%KK&4MAbayEJqYLcsg?3}m(yG9a^4B#0o#Mnb4Rg8K{h!Jt@l_) z?E6y-jzITt?ZAJQt!Zr!-g;Rp;Eb8LBdSs}2pOFDG}5=c41Dk9Wry#7%d=tsfwAWs zaaUSr&yRdH{S+4vhN;eWs4!KHo2wCl&w|PquwKNY_hg!9DP=DYFO=RWYT#m7?$&lZ z#zwOC;PaZH{$a4ditz8*UNdBf>o=Kz@s9}(jIJwJ)b#?*T4^iHuxp1$;2NCu`8XFz z_FUl$m?ZBCVdZ=^z{p0b#mu_LvRux7MAMHpcR||x4~z4lvs?*ghVRQ{cj8t+gDnH= zB{fd4x+@kdoXc3v6IW?GeX08~W(aCHF2M7a%Sgg-gPFv*%kCYRjN?h^OOYx-yom<~ zP{S-fcD_aG)n03vpLsS9_0oMvKkR9K<_BTM$oOI&|!a+sj<4y9W02 zi{;gzmY}msOKKIjSZkD^X9sG&xgBm$&`%ZGu}`CdebQuax5m=)i{Y81Xyuhywdfp+ z{Y7cR-%?F!>&IH%j(YQBvb3R5k}gGbeybrt2Q!VdjeKkVI$Zw!A^Ge>!dqo1;bebR z?~`aFy~b-%k%>4Uko2L&0Oj}6xH^jr8LWV-(hD&($IcXtkV$El35u#M<2jX)Qb}p= z$G(bY`?MtkxCR@2KBsabf%-gzLMuO|XmDm`vuMZr#kpm!Z>~0smtd}Ss6|M$9eu{(MSjEJb zCfx|jY}R(j$S1U_Q(o;%na&fCZT*3Op|>9z@J!otv7#xUlKHI-;8aL$%il|shvBFc z%lheNALCnCuD*c%mokr|e&hr#OE0m4=87z-RTRF}?X{M*$I9RAarCrhuo5@IO< z`ktK|gwElqf?;+rBV3PM?oC?(j21eWwUXGkg_DV7?@PHp{#EGpV;FqXl~ZC;1HEXe z=(K`lqe)4g*I9ttEHHwqWkKbIMZk5-rcu@DPYmlXiVP zC9X{5Gp7MsaaAjr=^@@Joj<))qZ$yLozW;s=d&v3MUS6a9X@3J`7^?X!(qH7lI3Vu zOP985#y4)GxzSUo1#4=+d6dlZt+V=rXE?C-rVcyeFX!^aFL%-ZxewCs!+%ha!pJJ_ z7d)$s7w)Mh%`XHoJ-nT5WM42N0of7(PD0Lm7U_SUZd^-hKX^TGtYdoUVNf?YsbQon zww@6(y4%=_Vd*}!14wfg`KJ-8m@fj9V)&hnlMZB+7;ooa(j#g<*;wuwQBNSiaMtvzVjzu-Bw0K>>(5H zg3L<1-Yds;yT(Gy-J{91wtSiR*hpuK5C@o~TqQ*rnBnWsQf}fM#_Lo=dJ95sb*Ic4J z7wzgiAyv^stZ(Eocpf7(G0TT7)m6xt&e_*_jTw@y+OnVtLSiQEp`vzQtZK5&+GKzq-B!$E7*#_Cf>&e17tLCl#?|8c@rzeOFAM zp`~AaBV)I%eO&Y@1w7x^be!A0h@R{?RLw4a+RhBmhfCylmd!WSw|TJ=t1tczmx*T# zhBIyL+o!cnHRQ9Y^eq6}B+1F5i8eLu$;0Ry82BrDg`K#ubPQki{HQFScO$pt71WD5 z8Sf7Zoxjn&lxh5d?+ufpplvGvgm>pPSUOCj8|tgpB-o11IA7-HpX{5pu?Xl}Ty*pJ z!gp1hdmQ2yoPUx zE{A-cX{K!%)f&_L;YH?06a6cabp?vWhGg0NKx;{Jsi)Ro%i zK`eJXzF?B=<^9-6vRajDo?!jq10x+Bxr_yPF(hkjLf?6X0uCn&&FN8ePD5}wRDPcS1oP7H_b2~X(fHpv;QHV2(8Zhnr8lBYdq%w9}qWwmOcFYrGV z#J}ulUnfk7o;=@>xctf9+cv8`6aAyFJby>0zu}j5XH_BEJ?j!Em1txy@0PJMe(~Ov zq~A;l5BZ~rP+i+>RL|@=|B+5-zIR)M`*CE_J@o;ZjO*OwJd+YkYa&5$u4#Be9obx! zFfbzsg-Jsp0mDIv&k}Z$v!|hSopd=JlKMo%aPcQ8ibTu&QyIL!6aRLWLb z)U~C_3{Eq-kB4BX*vQPd6M&nl#yd00U@Y#L^;G*;&T;u`sgK1Q)WvWrJ5^ze9KyY0 zpi1X7aluA`o2UO_1CuTEp*+U#X5IB$!n49)W6pqi2AHA$W9wSPaj(YbrSkjmSM2Y< zm4GHzP5e(Dx-btJi`xlM(1pb4wx9~*`E@d;mlNYI3*JQr6%Sla9f-NF7b@|c4b4zl zD#eR|&eBM^D$4HK>Q@N`rMVYwi9cKscMA@ltq%l2(1mZn5ca`b7NL9(^698B?M6I zO1+4`iYIbWF3g~@5;eJ0e_x?pWMOV~5<7XFWT6zD%p(Du?5N+fYE0iP5i3iE7uKMr z%l7g>=&4QXygk<82YQ%y=5khstLGYWGU|9s7Vcdo5m^|kS6@Ol%xnl6TjhfGfED}h zk*LCcXKhzwREVnDS4lhPWk0T=i-=~gs@KN$mS@D

    %6v8g!Pjv3RyU`HFp=;$U2{ zg+Y~9GYKyd`@ZMs9RP2?a9XXOhkmY)in;)QF(orMA}O4B*)@YVF8AL+TQa{FImSyD(f|T*%LkXnQT|{O?*3c?MXg^RIRhGbNZe8ayi+UuG?WYyc~880&Yi7!VY5ff-8F_quIeENZ`sA zS-i+W<~eaz!WM~0Gez5^l|ed?0#QY6m-KrBPnc|fyYC3$D*BsF03x60pJJo_D+!5s zkIS5BVW^>aQD?7yrEloekc7k<>3y6^zanX%SWu(NVQzZ^oS5gzrPu+~onP%wF<*8< zN?wOtFBPyax~h?UFp5~f_qBl-{;A{G%FvB1IWom;O~tgPF|rCXw}OHcW-qNQ-T0ai zMLlfkp*1-3 zIGQ!|LWG#9A?OAF@w4XgrP%xSIyPZob$sZ&@^+Z>H+x6;W1bZR>~mv}B55a^f<=ck z&gjx}C8FuRZNW;}(Q3DP=)oR@d^Dx%CB0;LG54O)&^p+{HutM4xT|)h_h&&9gmxa; zVTH0@d-mQhzFt^lr)ok_O?{w5JXyCJO5A}s>1+}uVG)B>TTz}kN+Osl8NfHELceT zAp;;KOwSl!0VynZ>$!3ec=I{?Dm&>sI9zT0(`0Fu zW>lE;r>2y(edsHFH>Xhp;`s^DDQ5D)YOmS?;t5s!!eMt!`g1od_o3jI?$eov#Pkzd zCOTPQeaZ5#OCr?GUg`l>7|0jzVC>6jLQ5_aL0f>0 zJ~PU4Y@1YDDjncHXD&|qjiNDZdUBE@DLTnP4r7YRJyz10vHUcK;)>=aEhC(myG*j| zVw{FJ^u|hmvq~SoDoCNUtY!zOc^_KKEAydd(!cjN)8c1@LLAygW0;%iupA`Hc${@I z+hE;H3JvjHe!?Qx)bm%aND-a)^@XXg>wanl93J%qWhK+I($O}4h9q)9$)PdGN@P!} zxg1Rvn#PuU-JSfH>j$3-lQjE`FnyNhyoTeXXZQpcNj`fvWHnXdoilVhS9xS*HK_8} zzRMMr41_z{OmACsHU@s6r?ahwf4~N(8A>u%)2>8wPIJ& zhQq2!M3f=sBQpaWps75BrGKZ_aW@P>|9Zmnn)=m~#grh01?3%e_@215&e^ndBlwGAd9)R&M` zTV$UW4>RwF=aCWL=ka1~iGoI_fY55MNV-iGf6;1w-H?~@l+J{BvGnz;W5Od%`zX0} zLr|1?E0f|NczP9*y&dL%vqpxqri3tFL}qCLzgabFYRE5MtF(TeUmtg<)?}{(= z%&aTY%&v2>`aW+T7y!Mb0HMHmuX)N6AukEd;OXlh&Oa{TmW6{V=&$L@zCi1U2tgaE z(ZoR_pI)234D?&JCO(7~BU%4Ni-k`cSu_8O;_E~P0(q=woEHMwfG!KAI|2XV24^)P z%--}mpPtz-j*hZ+ulRSFqBNUge62Ea9&2OocwPh^Z%Zy`_1 zRE=NpMgQbuGcF(!Q#p;%{xzUqmkl`(Iq`?8x-b7DXavG!x-3Vs|1-qjF1Q;Fk)u)hr3-Kf(94PcIgvI8*c3-6Co3w3f!(a1Gdhw! zJ_7KlfFC+c@iQO(d^BSTTDH;kr1WcsIZx#*N$$7fxhjOu@MxBtfR$g=w4VvBU5+*t%vj9 z(jbC&nV@CiKWBPchtB7SLn3I9apWN9x26C7E)N~VQVQHH5x>3hf2J0~$G4|rX5K+G z!ap(ACH>FG!x6bul$9Zt5eYx}7q$G0BLC41amYqDgp2e4$@=SiAC)2Dk?rV3_8(bH zOg{?RxSaPVJ<=j0F_YzO7VEJ{Nl6jW(7Fe{((`)B9!Jj`@IYeu-I9U*WMbIm=y>Q2iLx`k`6kXU1Z~<|KoulGO&lNz=no~^)4JaWu4QV zblA?4BRGGHV%&37N#?~Lp61{S3eY&TIcv{BOp+xd>)42-E zqE4#4Q*4CJBH|qZl7z&l-6WpesE|K;=zD2x1`1(kOH)~F3Zn_EsOZp1^VAUogPQNO zEWsbpL=;sC4X+xOO>O!`Ewzcq`EjDs2w}KwTnu5?S+gROl0VU)ER1wsV%_d@!sy-} z(qNaNbP@D69yno7Th2fSP_g&TTeoqx5}h7|Bj37nlQ)$S$r7%HBkkPh3re}4g&Hop ze>q#B#rw4mb^9EU3^S}nQWLRTk z06cT+aB@Km?zy=>VOZ?(aV)Y-VYU(iz{NOLdIG4eUir27jE)Fz(&Ad%Y{A7gIlllD z0q9IZCOoh@2~k&*D%9 zxlPuMxuN5uBH#Ge-qchq6V^+S*y7GsHx_CnFFo>O9jnZh9*kA+@+x1EHPW#>euIux zOY-%MEMqg(BlFXHDs4+%iC+!s-fp$9EJ`PAElnLnYALyc_cSoJx5@S#U7CVxZztW= zS}7}8O4cM(Gdh`8wB}JnYkk2CMxA+Tfk$xtx~5l8?j_X852tJ}s0xF57=ZIB`R9U) zCGb0b%Ifh}NVz=5?bM3r)@)@qGHJ6nCSHb4-lC@o&FOVlpZpB`E+xG6qCwlcdJ60E zy8dR%rd$f=$N9UWC~9X3EuzPv#Oq{~dsG+k?o!s5Z;LHixZ9B0!{({c2@{wlQ6zHI^-o;fyQ}FnEg=ilKw!S2S|D&k&)qY=*U9Hm?fqq8bC-M;gZ zpIvqKEo+wUBcHj7^%Uz4AMiT@l*mSUdveR%?luzhK2G0wYCFj24e^W) z0uF1RL+Ru3D6H4d+%i5=myQC{$~2JByR1+i+PJt^)HzC)LugmjIC&=dXAv;EZhDHIv0FmpsbU%-h+UJkY18tXAG>VQJ%+Uk5?;Vms7 z7(rJ%x#=&TzpEc7YKx*wXtrl=vA^hL!?@~9AZY}?si}9@=PSS%@4zrHXZA;-ItVe9murQqLZ-IJ>&7 z1qZgk^#(NKpKcPbj+~B#yu3sM5fA5nX7D+RE zZ76*(F#1l+1HSSC8T12Dq_>BHPMX46pmJh7DmD4@CD__ctcUy!>q~_S2ecgv7aUv) zYDzQ$4R;z;RAJ+fsDUQbucjAcCr46dB14P8(#BhxnV2BNQ1ClzY5y;Bp^O2RhSVnu@?EH5|Yea^TY5A zEmVkR7;GdfMU(~4FL+;A^>}uETrUjL5`7Fho?`nnRyX8VEO%bv=8Y@1!tqirZEb#2 zxY}vST$ORU>>h>9sj1xF!dGM}?1x*u1?8t)&=^cr++{EBvd~y5^pJ*vpUmfn)r&n4 zjU^ip`h;-~)D5?s;A|(T&DjPgx^T0xyajj5nI$ODu!NzdLQ{eQwl$H^dcsH>zG(v! zd8o?r{>CLpzCKWZTL{GRQKg8g?dK>sGnXQH@c@rq2mco8?l z<69xFWL-@i;S*WLwv*?#sDiZ+%RcNO;^iH8YL>k!P9qBm;W082OiJk+CLm?J8?cf& zX&#WY{;AJt>ZA8%td1mtx-+6s==+Vf)6JXm<1L$nw2eRu42<`SFYseec!Ku^G4!R} z$h^Gbsh1Dr^(T+vGSw3-2H(uPq#omYH?jH-5K@oLyAvBaW^)cGJWwuHFmIAwz57d-m zjSGu2F^)-nm#?8eBNFEF&eZ zXe=;}6CIV99(0)E60 z7#vQzLpELfWPfX600m_b`H#q;!$WNV1q3YMso~c;MPieLPX2gpoY!3oq+%yaJgboC zqZ3g#e%&D-ym&~wi6BP7!jI;#NYHE9syOpx(3Wk5e2|yPlSs-!sTLOL@EXC4O8xJF6qqM!@DYErrV4sFsFDSEC)(9C{Q_N2M0;ZZU^OUCXeHaE*`*+8servl%!HyHdG5 zRb`2pS<(ZiBgR9{3T+ZvmQhgDP(@bilCQHr)Rf#MHQpejQ`n9`y$nO?^uz}c1{C!$ zOx^xWv`MJyL>Oft@nhMS`a)()!R+ji;X!i++jQ@Y{U>dCfTcjtn-&? z`A&rZPJmTu#r@vuU_ZP^0z_YJ!tG8Pbs1YvYM-XFV7~q_YSOx@#%2u@crhq{e zm}6hQ1S@2_z`xwydd0?%rV&WnU!ApnJK1M6#KSa26=jzvK(5akQYSs$X* zdsR(__e5|#UdFGxC|D+NSPJ$e!V9Ic0}_KHWQ9h`U+3g?PkS4sgig)^ayEM@_=}h_ zG`ZL(XGLZ-}^fx*%)v{8*W6V;m=_Lc%5}&Sl20|5^w@yhhCaX(OpbzV1AAL zygNyplTTv9fCveP;1C&Mbwj-IYWDzli{Q`?VzSC~l}cH~f-18uzH)oxJaentkWz|5 zHY1Y1!_hh~#?||>dv*g;S)H3qZz;D|$0S=Cf*rH2ZkVzd9M5ac8-*na4ec-}@#vOo z!qp~Fg8+bzeRr2W__|QEefoXzeG4|FElOvMS$!Qhm9xpN09b}mc(S?IXw3e?VAKtr zQ`_?$qrhD*^cstSI>FH#5L*e~ykqnz-~fJ-ik?#qOuVIb1J%OhUpQ7g4O7lUvH+5_ z`@kK1^iX(un94uoqj0)E(`_kfIbrCa&%oFoBjvI_TqsnmJDbN8+qfD+irf-@6qu(`QWzW&;%p4Hb5T9n%p$Z|!4 z{K?yX2@a~>FgCqkv%SHyZU|wb=Z;*xadzA=$K+*pRyS<{6=LhFmpJe+xNuZ%7Z((< z;+Mkn#)7wrkB(g*B@6MFW0?6CJ=U|olcP=O%VgGA2~c5Dy5g^+Ov;3n>fuUNWu9S;KbnJ5OJ?SD24t#i7<cXac6xfcC1uj5@V7!_JNEnHQ59(S3g|2->iwSo2!P)KF`9xfHz%nSX5su=FX1u_#gvf%e1JR@ z)=*6ioPNbMi`!E9bZU-^yx0U}Y!Q5e?qIiPc@8;;2G_5T*vTQ z$~)u`!r780c+Chc5*=&S1y;bfJfSI3ED3w+2Y{0jweS(i*jc$tt8E{P<5BM220sp3 z{`9QI^OoHU!*zutFP`$800>~%@&}s<(sto%(JMfi`A6)3agXs_g{^B?tyw^7e|n?$ zMtNE&_Yl6WGH`5ZMdrE-YM}5;t^kFJV1?|$_|YI4G=^j0bY4EtO3g}!Ua(?Z5am1J zoLHKc!0rkxEqZ1*Z&_;3zBd?li_z&P0PuQhT|7c4Fir>sR&BVGEGv8@QN!r1wG`Db z?;-aXI|)YZvdSEi4^9~}eobYX0epj-*xwVyFbHjg9-VC%g%<}-sZNL!Z`+49S}ix| z8y$wrN{&b%n7M?bVCBKi%yrkA#xva^m-KucBno0d=pU<)Kq(y_E0LLn6Q~PHcl`WO{XX8d)H&3 zCf%L&VJ?6a5G=+bvR{q;}f)sP`ByVCd#5!2;$>|hAfl6)Lp$YJnBM7sz0+9Z#h&A7|U2VH&WB`U*rnOUw+8boMiaH>X@z3XAwz{uWq^X`CDmbh&Q2 zOGFBm>4T*(!orgyc&H03xV6*+*k_4`iHA_ z7^}@!-`w`Ivxk@M#`?0ZORwR3#wlJ?9rfU6X5N~MVZJYJ2&}NRS%hb1@Unc>Q~Zoz zG^1?TA>6wLB6mhxZopS#63lWj(P3$lFL9;MUvW?jFX-qUeD3(^<=a$S&HTfBA{o0_ zy&R_~{9fN+TnHS4)x}gFc-CWrP@b1TIJ!6nlZR&Uc$a(*?)hGX;xI4o%IDPR(0iQw z&EZvXPec5(YVz<mMlll48Iv#ObtC_^=1zS~i{)a)j&}pRo!cr4KJdzM6?B%G4 z@wZ;~dG?yIW_5gk@Wyyl+Kbn{T@*{0VUu9Uz724Sroc)TK<($Y2)3{hD}w|iMnT1x z1k2mQ`@)($3;n}I_ZqC}z+vl2cOF)%nmLRzD0dB7326yoTM^dEal=VdZiXWqV4cO6 z$seWVGHH9IufJK!&lmyC`B0ffNTl`{R&b!h z!f1iGzVGsq-Pf+ca0$iNXoSqR-bK+)n)vWjmQK*wX5stIex`y6-WI7s7iQ(yxV2EQ z@NL#)<1tDgYjHw+kc!E20?T*&p4%Dy3CI2n~B*S*%gKK*dhYja*@25avRH8P-;0x4@nh|7AK*IT`mlx&$}8!`<)?P%$> zSFQB$ietG0n~WB2=-G|&C>`(*1|96p_FH}pJI&5Kz$Ct) zu_?Hg5DakHoUK)CX95~5t^z9b8E6COZXBbC{7&?24p1P|90Je$#8mS@ab}2%2>87Ns z)$&j@ck%WceTNCcXgk6@7Jv$I%KHPb2}2-FJv4DU4Xf~Y7%I4sq0`gqsXLT=%Ne7} z^?mxO&`<;8OQYg*VlnE=y_3&K8xQ)1ZcC4<^1-6aC%x3Xg<+$|myW$uYW{}P0RmSC zhRMrSEzREcJDWb1I;C?KwYj74sW{-0!DPM%<)u5OdKWP+Q!717AW(CSleXwrai<8v z-H55FsinBBe<_rE`gtLztisOctd^T|y+0)daU@-s?COP&9+p7@vHM=)mW?@LRIevb zqAh8L#9d4YSu0Vnu$U?RdV)+|Q4@?+SkQpM;*RfMLZjXF$;!QxG$q9}KUWX?iQ3is znu7N&{Fg5d!KiOvani%})6OA+<-`Lg&9=G0?t2cw9|qdX{Xgau!F_d?2n~Jb=t7f) zjg3Wy3orMXuZV@9fE!C%z;+B?g9MRg!{ZWnct*Z1Vh;UAF z{LQZbkw1&yzNRwkz)TJ=&S~%&yCdC`oJwaKtQQ-up4}Mz#y&h4p`6h-j7wh09WtjF zmPJ`(k72)6wQEf0wWO?+Nw~Ox%LzVHpbUTfq*Hz)&z|;BEWw|y#L=zsQ3;bm&VG~n zb}D060&VqZzT6>--A=&CSw(eCzX0baw6QVE80@zaT9g zK$7g|pJ4EYXa*1&Lm1&7YYh-|@uXm2MOTmz*0crpI{{1ttl+U@qNAd+YrUZOg2?Fv zkowQCdMsj1p|ionrf<4lktddLMtpww~nI}nF?_yV}|vhEeh`8sfydo)m3`cs$kOb}rcYW$z|wxthkOfW`Pl;C7eJ5}Bs z9!Y&`Lc*D$-7g^igK1XhJl?Pw$v>)&T)$kPq6)dB#9*<(ncm|PXlrteNC{2~0KaW$ ztB?tI0~5On!G6YkLn^#MyOvWT#rtpO96=@ z0l@h?nL6zsWjG;_2UHLW7$QQ6H-{B?&h+2+%Y^cvvs+{)>aJ6HT@81CWZtLw*ZiwW z_N(A&uMeqrBOLQ_r2bJP% z015$;Cw*KUF`D=tk^hu~cOgae{5+?U(;3MhEfZAeI;s*z@|Z9a1?y%EFmN{LkdBX&_Ax5zQSO|2nYr zYm((KkXi8V!gBo8zwo~*uOB}|8}mkGxJT34)TKfOr^Ro=Vr|J@DiG9*dgWJl7jw*Ka374 z{nehJ;yE2SqoS@J3~3N(Iv=1<;B&7;8y!;m(=$DgcS!*?QJvSiB2tu5MD+fJ&h{pspEV%J3n%lX{a)>g}Nh+0nPt;)zbIPlVapST?z9e*^s+AX>) z*g#qtYHk7C<+ZhVWIng#km@G_1_p-q$1zc^=bsluV~0zP_(f`EJ!$-&lS~!4Hc>G2 z^z>)PjVFekfoP}K*F7p~Ist5>d{qi0Dk>@xQc|6Et&f3_?Pj&%ptKW-I^~D8q@}7V zp1{K)+f?Zwb8C}^R?_txWY<31FDiTg#7RK`ZPXjyyZn+&!IQ>8qeFtH=4Pv}3+Nr#mxPc=-1no55I=n0R=BK9BbW<+sC}D{T`KN+gt-W6?&N z_tY{;{&Iqk$^lKCK^R5l9G=(KL+OHgXFqQ@BI*w-2PfUd!UzMNpKe-#08~2tft9au zafXZa4!0}MPeHr8=9@b^Mo05C>P>Deq+X}(9_#dFP1t(gS6`8>6kl^mzF^nsy!|1J zVbC3dTYtY_q|!Vdw>22QvFv%mzM%5_^iYPJi;c+qeG|Jcz0PJKaH-LC1G0T93MfYS zuR`{iLaW$o@1JMA>b2Gc5F4~yFGBxUH$o8I+@?bg3f+oUz{yx}ZH`EJIo$1~9eK!k zqSu<}^X;TKDRW7E_@E#YizR?0I4bbKaNKk;au1||vVt^m>;sS_@={%rJajrD@c>%9 zrjYFq5d)()iQNk5^V3Zw0#+2slQo1kJAl=4rpinXmu_isQC?LwkZptu#;6C}9?IMj z{M~71eJ?Lv^__|s>Nf`Mdikj;hYc|>F?Xdv zIGJ}2bm2>jUK}|-Q0wy((Ytr=h8qr^9!|>0YKXb)Gdy(WV^UJIA&+l5LAqNa@4Mv( z_-_`o#Z;)&EB}n(Y1|+Dz+)cu01IZ^+M=n^WvpN*^3uOGFgdTHr1aVQ;X1Rai8v}M z%5tE;k zy>E3oA+1Ep>>l6UFShTEjFs*CBFS&pLzyS@x5G(z_w_hxl<7gUo26|6O? z^uJDhsC<28St{`=7HjhG@bErNV+qH8K9Zu9m0y$v|(!km0R0K5Nv5pEbqsowiNgm*~CZ(Sn?KF{@-!;BeYo zs4Ls&)?lWg1eL(`1d;iu%P=q1SgD1A#x4Ozaghq5i2`(#?xXxSDLi@pY#E<=N82vs|lR`1Xd4*z^zc~^YhcmvogTN!2tv-kr+47X5OraT>J-yN%}R3cy4&U zheVSDK%UNiXei|+32mi{J|Cpd@BVTx8#?^(6P+lBb5v{0)t6k*8N}Vxh`yVPzE72| zh}}z{M>MkP^}5@NxAa$-7K8K&=3Q7?q4+*tsnsMGNHc!L5+Mkfl(e)goG;%#>m^eI zDTeqY0b6{mjvQXM_Iy{9N|yYY{vva8PLQe6xmg&d%gPMHdfqJLO(|QlX+u~ zWI`;Oi*Xg%cUzW7tEh{^hd zPNV$zE56UoNi+GpYJc|v%+qHlR;G=;O>wzgUVZqV5`O6e1P_%AE9MDPr=lNw5QkMk ztCX9+q+qfs$I%#-K{=tgrGTReh}C~X`3bvklMBg5Dvm+nBP7Cl`!$6$d}(%~DcX-A z=245djHE~&mS~2o@C}4}u{(f~1QwVGzVl#@$)K0+GSJzO1GVSG;&ZU#(*R3R=rVsE zB#YzYW4h}8hWAL0tW&BX(x9(?4Hgq`uFMEjz8*vkJ8RO7qZ6>i>N7TeADEoxTz1PA z07@oz%jND%M#*>>!;ra0BuFBf{&($wKurEYJgaEu09HdhOiX#fFeTply+97fl=O7H z>n<_)nzg_DuFRRvqbYU(T zPkReX@n$5Ybw?W&FVH>Ymq7aSXT?$GkpG)ooeeL-M(yBPme~$*T{rrFL`L=?rtgPBb9ZzRx_UpsB&kzvk zQYW=@^}F5tpSUjnOG%^>ei?DJ3&Y87#nYhDA3wqdh7hK34E zA7fBc8+qdkl;f810RqeAZ^Wp%w3Wly^~gH-S@?N<40+wn+}*ib9Dk%dNAGECtvsSmds>*h!Lack860eucmk-i6d6_{DstxGuX#KCtrg61B9nB(NBXHIi(i zksz565D@HZv#_v)jnIw;Ht*#opANB&W|)nR_Mc*>067 zp-W+{irsJ@OJfB|1q-y&lx8&MVbspENB&8~jfordwh?b!dne}(cj||B$ceOXTkL&L zdPq!MQ*zCt@*1JVdZF?vN}*Lj4-|c629wqo;jBNuPxyhF7agX*2=pzefg+x?g3Ell zLp;m&0zzeP)SNeu-wK7Jp}8nIn`fu+V6Rq<3UorSd=7M$>azEZ4leOY>$A@FbwXH+DHhiIxAv<- z&H|s?Ul2q^M+r2C!uEtRH6TLpcR0^i{~&*V*hTl9)L;GCbG4k#n4LBYwFL*uP3~0< z0xW}rgG#>4*%s8PAEOJOA@Xi-R(x3?+v}AX%fmrgtFk;6QC*P@~#9$$5J_2w#Y?gzoa{K8ob0#*?_LkP+f`<~aO zGSL1R!C}SwW(|T;)gBqiHHp6w3wQw)YP=ULhnuO4Im^eJjSOj zsTqDV%ZKzgn9vb}kXgN@vGy)2RgI@tF>7HX=RXFPxZH#BZ5y~CM+|h|m2w@3=>5Et zBe1jr;gbRUbsp&LFS1DbB)Ore0tpuz-eOQ9c(%_B66o3Rg;Z;N##%oKQAx*N-Ea;F z7GQfJxE-f&pU=w_f!ej85mfFVMOzwy+;J2iuo`nnDe-XliiwQG&)GLN!!?5*Z*f|# zw}?|UH6;bCB*%{nDKHla#(QD(V7sA}S!=-3`*+4N7;%oa?J^ z{bpv(pR;DoS}qrHdG7O^v(GtufA)9pTUmzl@Zobi_LJ$?BeuZo6mD$-=T}x3%Yq!y z#K>r&4d1#2xE1*V=QuiUX|p%Lsa$Ht;PtK15lBL``Ek1tf`jK5qf3!yy|>s(gKUz^kopvav zlse0fvD=;I>dC@{W@;x6)*{0S2z>Hxy!o!D)pai~cIrp^ybtAUZJ9x6eUo*7gov2= z2hH|=YoMDP$xwoI^;Vg%*FcFS*8Fdj3^W|BpbTp&eWcf*{-PGQ&ty~NJUvuI)-d>M zM)lJ#I#UvN+Kl$DY}fZ@Gr!)_U$tmnDnAw!eQWNnE7?ugpyPT^)h3&Hp5E1*7{N`; zX6R*Oh12Szn&f8>+EUlp#7^-wqijf#^A}UYd$I?3o4ZYB86#+{ixc} z&=YKIY-ZgoJTQsOm|aTZL1NcUW-c(RG`^y`F=K{rB+yu~P|1NS8wp*Dl@mgt zQOJ;1;^!AOopsruf5=B6TD#YVPs61JqD@OJ{S2M>1}c6T?>Iyx6e}#%cm}Pn-f@*> z-GQlDJ~Q(}dBVK7CqfzoA?@+Y9V#1B+>eqjhsghF8f8 zzOyK&i6KP9++42l2Et&9>7nm8z~tmlK1qKgPaY_78ly|?B_|AR1rf(1wL~^R1g7oB zw4A=D1t|8%ICOjNx4xZyiIA?DS|TWr>=sF~6(LtS3Ow1TYL2vCQo++YST+>w;<_<> zbZPS2_LZLMRddVTfg{-}*&I)#-VcAb(?ElvJ))E4MZ;owE`j2qPkpijh=3gLS8AOW zQCAA|MDxViww%;oPMKF8D1XZ|NWDHaL3wmNSAS}{U<>w=@r|30juF|Y7E)}r&NeGn zFud&$xrNyyue}8vM}uzZ+b(x1vs~^IWHs$F$w=0bBMzmUA*C`}a(Pp?yWP0jrZ-Tf zCl_na`go99eZ9`^yD#)M{5r8w6gLWEY%;*oED<&+Y7;5@gm{vIq$|J%uQhUsT(b*F z53h9p@KAA#jw}RJ-mq_1EESjzKp(BaC-DLgeI{QMxn zii#`(izL-$ojS?=c!H)x+$Lh_bC2D9ltP!h;^9fgwdkxOyIQPc!&hnVI!gxQCK(db z-*Je3kBZ2x6#X9amYmE`-td9A_eVtXAyDRy*Q)j9s7tXuGn49JmywW)h2hsP$0scM zX6rO$ugQdA4HWU3AA3pjJE?Ld_hLfbB-wl+Dkx^<({>?`m16D%NwY5?KDSgBZnr38 zj&u^81Bhd*%N5iQy(&2XM}p#slmrp14T|2=aIG`cumay*h%yr;t zgOVRtu9GuIdQs6MY@)fmFS)GrfJfA5Yu$dnb+mLOvfEvTRr9p3!a=5Q9|Zkb9<^ty zi5oIxWGXD@6hoUO7~@3@lGodCUX>=+^d6CSOR$K5@|Jj$F&Izcu#>H+3}F;twDs@r z;-B%+R~L)p4hENqjf!=N!X(e4%{=xOG)7eb2(gz%h^7y&q|Taj)_7H|nfe?dJxQb~ z+Sd{#wy0NHIHv?^PG}VR(P9+pr6}BA0%;o_Rvh6iB9aM~)QT;Q#{wX%?W*5VSKp0paY=^*vHzu?BEXQ(87!(&0|oC?#xS^eS_j7erl? zSEG>)RBJdYmbn=gk11}%*ga1d0`|IS^Pi=gXIZ-77km5;TB=gsY9Yewx3ZW>$V6GB zq;~YP8>q&Z5Bz3!4{e%iG|sbSu$h6GdtXvG(zUY0m?9+W8z1^cXZ8DV(3vh7$;J8CfsB`;>odLDe- zI(=iy?r~B5pnJBfz4{3X<+bfbK1vOrFeZOedr4Ko8Q&QTf_5(FWeL)nH9rCmfyWf45r+d@@$@t_`DSJ z)ni53Q zAHi(p48$;+lNU(LO}n4W0G6!~?u6-xGGCMyaw`5kUP`N^fl5J^_jLaD^YbUSH0w?y z8TAcw^@p@LN+H4tcj-==q9`O3b>lh6--r>q#KYTfM2hQ3$i|q*$Uad>H1buNq&*3O z_16LDw_X>y5icj7;Nr58TRtiy7RyJeV71bXUU@va&1M^0np)J`UsA$Kp|l=XnvP{* zG(`Ht@du-tIW51#VoT6^AB#B66?OU%SOi}zho;^g{mvHlA0YxrV-y?*`=eB8`Sw>y znP?0F7iqa-Bi)!I@9_FUoQ-QL|A6e`Ngz+AzOvEe#b_nRjD0(uyLHaja7P(W;lWIX!>dFQ7VFJ(1l+o>(Yl`L;7% zd+0%V^GuJJRM5zmPv_1r4CWSSBrBgGvS|&c=Q0#_ZLr*tAH63YNgY;nD=epe&|xX& zI>O$v$oy;B>raS0XS)oX30(osD2_#VA=4sYI)`cb<%D$&lixi6>u@JNG8vBDX{f}< zqijeNct4B&5wT0N@qJkpZzjggvm77jK9>iX9aBVlKE+MXoBw7u7&zADEqUWkJpK3iM|oSE(b9lG6O7ZP`9rmcwyS zg(!Ts$TvxIl9HsuiV#&mu>vASr6K!L6Fu=Ma;9KE7+2R#S4Uhz`k*HCkb z&(^@1PS(T0RQvZj-IQr~0?u2^DTU?R;hUIQDuqV6!+B{rHIG)5o+Df6 z&3s7vsLZ`8fWJ3YS&tAM?KnTRa&Jg#g_%%9B72~DIr6dkRY1tsg|#IFm1vRs%E}{O z+h3cSKQw>kB`A_ToN81u6!+3Q9KJ+aw$51i5WXD7KPNI~I1)vUz?ctHKD4Ml4D}`b zk@%(BR6JD-*UYl2qC~1G*n-^9EOMTVU-7)@8Hw7tM{QX2MnnVE&2##FP^HB}KNdA8 zpW0ca<;ike5~^+o8-k}~`RMt5gPy@wu9IyB|4K)DZIkH&nbe~U7++WM zqE*F$|2dLp`B6%5jnxil0kduAR=Gz7LV<=4vu#L|#s5wgJSZrI?}bMjW7#G(6R%#q zuSF8pm_y|HPc87R*9fflU`2OD%2MM)#llw9@c|!Y`p>0IH9+c6jwqi*qpN!r9r!W2 zx)#;ePKdwboMyn;(q5`o$dFI@h5|u5dwLm%oju)Z;-8Pj~+Q}Pj^0t%`C4j8vPsp zgwg93H&96y`2*bG*^*$A0$NV489Xt`hP27;c@hdpJgWzy51}Z=rq%T|P7O8O{GA^O!Gy%MGUN zE!h7xT70+MfhywY$Y|@I?*QzK0JKmY(5nu+_n+&0$OqZ`y1JbIYBYXzIVfEC&vgzT z>go=U#s81iLlrzjz!nE<(!U=4!`nJ=o9E|64!@W6FD`T+Jk|FCt#`2Rv1?10nu@uJgMe>Cbwce_Sd6Jk^`= zJcH){T<8C*gReW(z-~U8xrX8Vdz#q;!R-6Id64*@mJbc1 z2&`zZvbuuN-gfG&<6(RYw0|ug-FyUA(D7|pQCh5YOv8H%ULgGsPOtj_nEsx0W=;+e z)Dv}eciVGGjD4LP8o~x`BfJw6HLm;y2F~3jO*RtWkDB(DfBAA3={^CUl2U9P<<4qp z_f8mqn1I0!ORyK!R&M-Q)%w=`=W4`98|Px0JU#!G(yOc>4^My3*19&&&CL-pOp#97 z9DbMEoGQlv+m4&N>kreby!7HDDJk=3YqTe&fZB0!aUF6yv*l~meW0bGk*{|xUF(LD0F`x^_5jVBD z3c}gh+4r%0om&6&DYjZ7hhN)qLmXJi9Iu{!e}f*+|HZ&+%N-|qigvVa2@iK_&8R2+ zA2N{-)o>K*gaj!1|KrzoAhj(t2W&X`=cyeLdtMHh(l8Pp{V?I!So%6LIXpIy@p3)e zXl4?;%SPwq&sq84`V+X`XiUrFITRixqd2@VH^fJ{8+&>=Px%H6u z7IXT$;!Nbsz>oTW@VESNS2FO{Lo$6nX6Rj}w2vfEVo}8+k{2e|2M=_1=Fp!O4^XOj>NWBJPMR-{^fuaP8gfZ99Au=_X%mz=G&y zQn-H9dVHUgVDb-RU%gF^TO3}SLWck)L4ZbFAd52jt7iN_5tiO|-L72QOmW>7qiqGW zWV5iHs2FetUaL;4svl1r-_+d9eyiyM+|v?xyT^cRZN~Qi)qp{|NO+lkYcSr;_E>&u z^%t|DFUO!o#yHTKL?nppI9kh+9stl*mAYs;@>NM)8-VSyrPqUEl&y65iy!S)y4w02 z$Z54~8t)vZ-dwilRc}|h7Xe{mcCy=kXW5${@+##ZZR+t&q-{~$b-h2$hhDpeox1g2 z*Mut-@56)rZpNu1qwdWJ!TW^_T2-n*E)gyN1!lYt{%8^q;Ki0xBw{z+(pMwF@0Dse zFcPhyM8dPT7tqE!4uRcP`1#+x_t@}(g6WC-)zO&pXYq&T;{|$6eW!rCSO86f!+KW6 zwqqX*@9DHzCuNG0e$&|*BRUQ4SgwXiQk&%B8as_*=KL&Wtsm0)bAwgjjwYwsJ#mS? zUn>?9lZSl^f_V#q?DH1U09WxQ-o(W_a%ZZVw8WQS*tS&y6h-Dw?)_BUuWRc^`Vk8`+J&;Zi>E1di*Q z(EcPk+zhG2RbNJEq@Bn4j|~5av*Ri2=*8zVfLlMenjUwO#)M2}t1z}7MT!swO{KrC z(!E@cmPwM;=TCFmTQuA8{@@J!lH@>s+_jRJb#Dms4UpiB%ZU&gO_f`h13f~;@pPG` zMmJE1N=^r%wq+?~dL}0Zoe}}*RVBl4tvS5q61BC zc`FF^0OsV%#EOE~`r+i}n9LvZr1*U2q+*Y35%+6ga<&#)&b2Z!Qj2@ zKR?;o@m&JxkX-wX(QTsof{9|2aQD4d9EQ}TFitCCndTU31&hH?V!ddA0d%!W7avmc z4-uEZpXvf5dksazV7SXxKk$f}$SHua{&H}&FV(u|{qxst>G2g9_ceV)T5b-I1AhSb zu6L{24XAfc4w#~d1y;-FJc@y=ND!J3k)2 zb#MhavZ^(0p#B=o)8af)dR7-{pAzeay~i{d;5;{3YL2g2D|Dk)Vj77(kfJM;1Ef9u z%y}S3^1k5<#vsq0@eu2)(HyhOQ%>qpZnt*arX7(*`!(wti@+!Ql#FfAeR{2`Lyw+L zY*@+jy!3i!?=er$O1l*p?(ke~D~7hAMFp7x`mndwP|2$Z3S7aY z%-B-oz_-YOd{v0#xI-^v_RuiR1_Zim2+mR>XwgX-7xb2ilq*x6SMgluy^xY{u)Gcc zFB#|DA%*nL|JDN3EN$~M={p^5O^pRH3nAYk9pGZIDS%kX)of!g%F&#-Hb zKJmIBRAJw{?%@s+uDUzBnR4mV`j9Q`#tMfm^|4gUIJdrv#%eOEAI&yCNFPIDX1N2+ zCtsY|Vk|WScxQz~_$I=9Dey%b_9T;g&kcUSa=5N9ebd7MAss%qfjqnrR?Erdiee}E zd~I&Zrb}cV$Ic$h=G zZ>g8OaH6`{z2{99{2k}7dfAuIDO*r#DGEV9z#yih`cy=Nwl%#O>OYSHaeaD13!lW2RO|5KDb`2JSy z*lg;1RXV1f2+BtQd%i#xu5~~gw4N!M>h5LhE1bef ziWG`jA3qE(#l6{~8;kWY2jQvk_V_#Z@_QE&!2SXdISQA22``u0?x%YsC72c^FA&k8 z-Pl$zG-Swie}LNI2SO4HQ?y-vL*eQGo*wQ%{5BLs;*)}grh16m8ffHykh#E}J|pDc z3dJ?UPf>~C?mK+3%}+3}HjW=?v&^|Ki0JH!tJa_9mV&u_9Qo^@iNGYj}IhOq)N&r$gT_ncFq+F5@Ov zV=zg_t42|(ytSid+F;uN+`X3D`bj6AfEx}5`^%kwPY>rHi*v?EZS(SWONOvlq*JsJD>{m+SW z+S8M|(TntUSlcpBVY5y#zwP_1DWa^w`?h|_c}6cDBc>}d`#v6!-e^qgl9Eqym*7k? zT@6btH@?QC@x>Wp6+;$1XFFPyiFCz9q5mQyn<_*^qFd`LQUR)0q-%iP-D-vUviYB3 z)b1fZvJ5{CL&7J0#7H5?B(LKOBeQy;8gd8yk(KDKv6nZKs|=HiwldcTa`ruGWYK!v zYZq4S4`WO^z&@0Xkp?khKp8z~WDNPG%xCL5`B zbzF1bMH5D+LVt`dJP0zftJm}PeEnQN4Q&;UpMC5EVPe@6UM!q1z?3&eB-`;C5F*lU zN}Nwt3>pwerZj>k4RHPeeRTdo;I0hmj$J#U<0qpak=xc-DLtZ)_Jya&Ij%dkY*JjZ ztW9>@)(m)!4`pzL>6`HK(NdnGi=sOtk}Wg`mZXRCOmcHV8Uy3+$_2)EOohC}rLgx4 z=*Nb|KyGyxi+S)12QulOfTK#%)dXFgk^DJ&V}}p&!?q(8jo*Uk*e28qJy6!#F`9d7F|Or zfKDn}L9S1eqPsk6dLnC0C*II+9-gB6DYVFjUuPf7Kxw&dT-6&A{(;i1_QLtmMbedb zq^(!oiXVqaN>ni46N1Ddl9b)`c8N|*STv=KL)zT%Eqkwyqn$ZJPpJM3Hf$K1v=R1F zTYrZt_3RGW(K}>?n+q`}e|9-qbGR3a>GcLhl<7+d)e?^G{1RSZER#1T#pScR*%z0o z+^>;2U^Ixhv$xP8$AP4>nEFmuyP}XUFP$hCAxk0d8n~vul2CMre2z_D3ip(=FES^E z%zpbHk68=@4}>Di*R*y86l+z#wqewb7T1#6dt!j~P;eC~rFI z^FB_Cb3$eEg*0W0-WhGuov2@xqGjOPkk(X_ht_9*}B+8n1D^a3XEP`|RG_JH55YQ1sJ7E*Sp{ z1)Um7y;2Y%7GmF9ZbU%ZYBqO`3HOx^9A&7v?eeiyV%__M6yx|?tE-IX1wZ@2w(qC5 zr4ZGl^&}HRia8SR$bR{ngFv)No-KsFJW5;$$?lihfiK+QL}P9HOhvd4w}>WDE;`lu!j|s94`5YZTZqv$cHp)`(Jx3L8on;B2)NfN0g)$78-4aLTPFgs z68iHyM(Nv^q-B~ov_`^APz1c@Kz6>QgZs$plMibkBf}wUMkk1526qg2mKdQa9zAm~ zZn}4kL<^zFQodR6b5#5HIjRZH(ax1h87mMpGPLbBZ+Oi&tG3NIXZvL!+nxZ&xPpla zokIC5%39O>5t?uddI~PO&3w#;U7)I9ERz;snpWZ@}1)Hp#enB;bN=2x~N@(-w)lN;B3)|f(vKCKjO({tgr5J zGBu7T)A_CkM0qs`DbMHLVqAn8jDxF~0MYl4)`%kkmW3A1<~SS98p36nt6f59zvuUR z&KH96XS~|_eVl<_VSgMo`EWOOJjKjHR)#4HJtMW7?R@8?xF9_vKUTv#8_INtj5NsU zvzpC^&?3sMv;ZQz3qx*$32a!6Nsa>~TdN6kbXQN$yWofF4xR*4+fuh4!%wG){|?y} zHtE_`i@y$&-7czoe3{J5K|sH}uMwE2Q>+al#780bQ$*0EXH$eHd6ym#J>S=dsbbHd&sWbBkcZ|#blZ~1Ci#>Mq%I(IZzR=$%a)1Wh(wRH?H@v&l&F6IXL zuv5-c5Iije?h$S6CU%(oJnbmP6v7LR1<0SCr@RQVhI%vC)-Bu+Ntc8=&7PauL$-)` z((ggP>-IK5DDhog?>ImD7^?VF?OgWJ{_2bqqqPNklOkzW&}hW}#P67mxVg9~y0F7@KhjGpu_y%iV&h*RUyOEO$r7?dz8UL<5Jt z2;FZC`!0Duqo6-P5F}`Ul<*L?`Jzdd{cJf}kj|*Ln`1(t?c&z4dTH@; zIgM@c-R1g&wdJQrYq*_kl&-kV6p=@j5=_S2ues&mC$JF73GkNC3#}+{pWamwcw#W^ zJxkHcA9SZ$+nX6T-%y*r@tx%RE{UJ7o#&&3zY7|83S3Q;1eh(FOFTOg#iLCZls4U( zDCbf{0~RwH#y`)D+sS}^1k%4vt(J-?OtY=ow_(`3Dm z`LT{Psxe)lW0P^kXAUO2HD7t@`J+^Vq^`~M+CDG2Xcvh;FPJ322h8{V{4l>Xfnk%1 zIP4FRivta#>(m6y_LlKGmEuW0{iq(6&+0Cx5kg2yOg`@-?_PvP@`gmiuO#Di7*qUn ztllDT%J6y1ZaY8YD-g3cSJ^uCGKYp{%)YY7+{f{5~`H~>)jz<_vaHIz0UwJV=a#OxN zQ%$M8NUoU`F-*><_~<{Es!ZW4LvE{cznJVz<|Nb%Lnmg^<%{!<)BPqt?egx|bHQV4 zcz7L*)q&N>?s8}fz)k*0uErR^Sq9Nhq$ZJ6Kt^Zg)-&+`QxC?Cq}RPD4>J%AGM!>8 z|8ofjQp_q{%?g{ed-$w$n0X*-R11Cl9AO4~Ss$g1q~uNRzhB?rB~J3D@$_&=raH9% zISNojW4LD;p@E=93pSZ}hDZMzPY637iZ25$rQ|zZP^R;lbg*VPQ;uu{Fusc&z961HaE;9p^?)aSm`_)1Yy>=nwN*aQ=NK9TbQ~LQL1-&RLDWy?bT|Ku~oowL;sK zC%{ImPP_9ZJMi!lz&N8!Cjc>8v%mf6yZ*8nK14edul_p*B@x4d_g}P3mRs*&hT*gI zf{R7^Kh>#ob65e()HKTz@}}!N1MROH&Ap9Q&K^vKlo`wj_q2G^dP++XbXIiU@k|y{wFsqR$fX9EJ~Rl}i9sGp6Q2X`^e+4G8+vK!5-LiOS0Y z0-NX&_hzm(=j;2=%!u9r{s!sj;QmVY77%^k+e7J6|HqOg$-t!2sjCS|QNZ$=7J_dL zlSw@8RfG=XdZax3zs|TnA7uFfLeZ6-xKt)VCplo1lJ6nTX8p*JyrRFY(u+WtuT1BD zHs(W0YOpUydo#N{dHhVkH#_I=*(M2qL~O-3(+IVSq25Ai`=lGAiw;Tu=S5;jz~!+< zJ_+0f?}Lk}8qvLU?=c8g!moh-vkY+hcq2gAa*TW4D`&}nCJFB^{pT`&;R|-m`&q~j z$+Fy)Q3&e-H@Xbe@6jsfyj$r>WGhU36Z`jC^yLEs zftcCFG6g(#f7Lq!ckg)^F99N6#^t=vuBVzVd{4z2NL)D}L4R<-@uYwsDoQMD1E9R( zt2}NHzlP2wCOtI?BLu3l<3=Q6I9AUE<#{M8iL)Q$r!*=B|3pLK;aRY1`Jb@o!oZAIJ`a6Om!1&y>zoE=>YE_63VVDtjtvA^m=%bUh z0IEabCYyZuf}g1luvF!8D=ki-;k5+faODqtUg-7VRuBGK=3d{x3HObTeXoqj4xq<=r<9I!<-BWtk-1^qsQbqR>mu4L2EI*6KPOilP1dT@|B@|1E8_vFn zd;#Rt7Lz4r(uS;nt;ggAXx~=;G{Ekbb9FP$JR2j~@p1LQmp7M) zXD9^-X?&}GIpLC+Uvd)UHx80q`u2D<3Us}u%7dIUCDLT8#JmrS`sm z-VKUSxtH8Ks%;jUwh3R2d|jy{liAOh1}HONBu{H97>6+hSze3m?}G>rPT@%{s;C37 z;pe&cB1#)*Z?Bdn;CJlILDa}tcM3K0hRCtoE(&dcUG=>#IeJ{*u5p>g#2~zgQlrQ) zC={2uDU4&CYVB&eK+i|ZamId|qf5}qqS&}6DPvFq04c!_q`jDFz8S!JTepFLzxtq; zGuN;)iq&k8JdwlxtNo8biY@K?m(Cy?k=&7^ocmrXfu&Ww#B`x+ab<(MSS&8P zdYav9&2#m1Zz*(xvFbbYB#GIejUB^as?5?7)Qt8@h@aAb1T0{dvyeB&PRn(xl*661 z#UbzSjpG>DpQ6O?W#AMryQ?Zh#QT{aDikd%j+Igey4O=G0{8w1q_i9bf`wGgKt(e4 zBNz~?e7JF zaC2!N?@bLhOnV)aX3n@B^hkd@Pdx+5`4{{@{HCxRf=Pt=+OT0D*Ivl)b5|{q)e`Ie zjudhQ1J>Uw1{bW@k!N;fV3)%*e-6$Xep^ft0vGJcc4l?Cr7b&Y9}>k>SF z6@zBEGOWS~>C*Tp6jb3283<;J>Q@%9dm*MI_V*6b1m8!WXssk`!S@hyV(WgsXQV~S zIjRfdZws>2OTYG{^3H9wODH}w7GknPzNa6YnnqF!Dt)*45`b;?q0k=&x*+dJnX8hoZFNJ|bO@*ND|$O= zHwpDu$BB@*NkF3<3+@Fh?{cZOg1{UpdS}EY$bDz-S>gJ1$6Zu{d z&EH2IpD@^VjAN3vyE}hwgvl`U$4N2b>?R*SGLv~nM#~VpAIhyYwiLJD?A?cI?;Vr2 zffHH3oRKL-w*|ifR1~hswQL0N9SDd(96(O12pk1{sE_C>QgsdcpnVGyffd~h)!&j0 zALFfyJ7c;Bs`x^Y#xOm)Q8Eh=$?AIoPdN|1J)NO0Bq(T3W2+&qR|}F&2K7Xf_0-Lv zGNOQ;L2QSlQM~H$Lop*FWABX*Vg@SH6MNP01F-TbwLEVk$|K1_hBuI+ObVlQp zWw5Jw(Hc zl>$^b+bDQILXDel@{ylRsN$c_i5>2(36B>!0*XnWFae836$V#g{^vzRQGjnlEhj}| z$Opc-<#ngh4J7Qh9sh{^%dG@o*ztM+=O<%Y&#$sx`OrTBJoGy??<$?Y$K=mf+fjpC z)l@HZq5ro#b_>!$2Y&MnYxwH#3I5Z0j*tLGxjGm;V*az1-;fvDwP0ks9hkUQFOo!SmE>DN)s>T1B)Cghlz6qhEGDOAPu2Bi;`|v%? zYnc4Q9@Fy;sn5UMJ1=DLR-G1DED=#+3h=9aV!0I>kfrHLQ~m3HJDMvDJF&7sX@^~+ zH~OdLeMKv9zgZG|OM2_0$>I#Z%!3DEpXo{Qiw-{VCsHdEKt$1n_>Aa_-B#A-@2A5^ z=Yp-@fq#byg`3acmeauj|Kn(TU#}9^@QHp5+{0{i1G0r%APHH9#!x{b5(DhpGw02oo5Kv=3O0j`v?~(oY?>g_#$0`U zDJX|nIO$kN13TVUo6p(7+RlY3N?T4ID!0rp3lkuPyURI{yMw(m#`INvB}8kA1yL^# zCW=NlEr!RkEysJ1G}3+0Oul#W-&q>na^0N1KG>YOw$HKQH#A=z1RYGaVicqc!HG1D z`sf?a!28N_rfxHDX5_IXDqMJ?msT+|LJOo^6LQ~wnofl@z8jk52a8IIKjE(!#4rlD z#ZPW+zjj4$Jni&3%F$1_+#Yn*QG4~U`$0jTNnH8dszn*95vuBl-JNMi-kxzo`>zj* z_CFs?<;@slXIPi4m^-QtalFj68WGrjT(5iSdgh=};#Pg29%W2F`O5R#oPH?{PEqP!iCsUPK{q=Qmx$2 z4})B~C#9-46SMGP#5iW|PPVivb~~=&H?mF>F-N`9+u=>~M>A(eo#LS<*N*Af)t2vLN}ztnk60fO*Cp0EB}yfhPkfD` zHEk!7r`x)6*k(!Gy|_D7_{vWqseAMJdh0A~8>^B9_*J7po-@ zr?EWwj`t%sp1sR^GsO70PLVYZn`y1NP75_&U7p}bol3N>Gc)Rro7t($_ngv|T7OUq z{`}ec{3kMr3YQy)$-84jQv`B@rc63gYCB!u=`H$=!!mWAStW)l5#vE%d$W2V=s5<` z6x_7U&~N)zTEDdb_-tkHRQDG5UXD}}`+#^ngC&q_IHFN+jOCYiMpJ44mv0MzfdZfV z9360$aC5ce3F=Heid~M@KRe%pcX7zptSstDdNBk<7Uq_dC51qkRC!6p4SQ<*&E_Q9 z8laLBgDU_tCfY*rEl;**jscGt2cD?0R3d9BT=p^eSz_kti_H+b&FRXa_s`50_fLVV zVF~tghCXlbgs zk5z|UUT&oandeR=Je=kR40w&GnzyjwTuZxEok0E@al?R6{7Mt@C=JFjIrp{pq~ z=UN2|>#L?$_{IluDDC32Y;Kcr4-_dntq zcRtU148-htTEmY=s4P;Y)J;r?Roe1ilqQkht>Uh0;3%W9yvdne@a@HS9CPr7K1y}0 zS2M^D(=f^))|m9Ogo+1f>dXYS5y{Y(&`+I=FO&w4V+^rPzQ4zrtUFy|Uv5uyS$;v# zc(}5B#Jbq4Zl*uxI*@8&Rm7>Ix><2uZI$7EaB;VKVH4G1d(UXI&@pZbc1L6Dw5`>0 znsFnyHLZ2iKkOlvmDXNG-VAW3Dn086mFiX1&raD$vpg9lU)83l8D^AHS%xTEl#k#$ zOct{dTNLA1mu4f~Y$2+oKYqD6lsY!i_z;bwP`h4T5C7mwz503+HE&Dm#x-Py<&8Db z2HQ?iXEEzUNcmV%5k-2)YDfGzs1V(XRncbVdNUxOm{Odh94p|USo<+g8gmU^)v=@x~%Ld1Qmm7teZS`SG60TmR45?zdK&aD_bN~`Kk zA?Q-nJfl!#DCP?C=bNDF+0n=Y$TBtoEOG2h1#}81t2%kEPYq}lzQ7O-nz*%af`2(F z>i{iC8Yj16!fxPBrRK~Q{dgHq&b;1S$Q#KuU8s>33dh%+LtXA$s_{uix-r7`e^$cGn`5h; z-=3epz3+O}Ju-Tn8P%KpIJB=;MY+_Wyr&3KYyLup-c^*b%DT>;GrK01A!TlxsBXM% zTBmP+?Rg@Hb;!*1CKS+y;n(q2rC!M=sB0p^^yTuc2NNq>-IK?Jr{X=q54z0RxGEdC ziM>Rt7J~dnR|B!OZ_?{EHtJ~Ap5-50AGw3fGF(Rs znqNICjNNcl513jT|9;C}QzN<9DN*C}baCPQxN9wYv)k7S@{5SK8L76~ytNTO!nQ)=v$NL|Uy#P87GTR+?>?#!ve_1;Ur*ib)X zxnr^ApX{)cEwQz${xY}w$BI5`8wG7SXXJMjL{A7r8_`HPTee^LFz-j5fFubFGhG`> zevl0OFN>^8pdb>E+aaiH@oOyODyc{w`C5XOElIv0mIV%>g?k}!yDm^Zh%=|dc47U^ zgz*gL_EE#j?OM=p{iTEc5SD{z5A=eN$ESgCqPz^-tem^L!}$*lLgndR3$;n-PE5{$ zQxet}9jo0UH#a1Sjn-F7$KlFcnQsqhcn0lv__?pSVYR6`7R8UO>=zozYXSmB={6C2 z-vyb^m~e9{m3WZFO)9XB7PyQY`y-t^F6;2K-uGBO**BrJocKz}upEooCxkI97H*!3 z6F;s8wtK&u7aiPV^#O&J`4bE!?^^#Dyfm6hGKuCcV&kb~%0+jIPQ@#3(yq^rtKLp0 z9-B~!9-CTXQ!Hm?>$5|mCM^=vk($sYtJk({w&rG^F)q|=zPmAAm>vpP{r*bGY#1iU z?qseA*sIZ*+ApP=q2WrXY!w{rB%93fPV_71%$Oyg_mtZD;IrF$j8L!S9O<=coxUky zok}}NdUpg7VtTTFA2}PeRQiTO%jE@cUjolxpa=>P>rMLRVli+yY^nlel&A%8h%{3a zvdPLd;7AoWOMc57LR4_|##p|#+uln`(Y-%_SU5si=tV%c6AB}-B~myPrH@2gsB0Gh zm8!nG7(|-_GCNfp3@0~mz2o{={!Yse04=v_B5H z@OkZPxhF02O?px>!3Qxjn(JIw&H807Qfn631!ytpri5-PxTc!Z5-RHQVvyk!+*q%A z(@Q^-OepT0{h>msh3Z5!?&Bw?20%~d81{V*kM+B2C=?|_jF~`0H=9aD8pb=5Ii6W2%Q@%;TXr1n_hY=U ze!yBIp z_`?kd>!*pD07D!PWt;uZ<>537iAV|Tg6RsqElRbSZ}2knE(COUyMS7N?+Rt-%grve zfILv(IZ;9afGy<^g1&{Lpn+dWj!LfjiVzv}1i*2d*;c^BIrNg&JQGtWaEAz4?Y({l zvdgGHH;^{qJGz!5hvc})@>d^u2Rqzsbmurlx;ZFhptdbA;9w-}+|O9xi|Qu6?4I3J zm?Dg8*5*5A=5g$9G)t+vJlh|Ch;g;j^n8!Uex0q)*>F7CA7`x@xRyhEM$qg?;y~p#xPwhpK$5ww{<$g@QtN526?QoKBs)FEw>2AI^WE1f6bQkJ-L89B)ZyR zr?4(w#WwBBFelO+olY^CUZW^7OL{2sZYLIgAVy3Pqm?R*o-(Isqwrc zU%~?B&fDqz8xkI5_drq8M?_>B-_3G@#vX$xY{#_9nX-*rjO3pVlO1PmXO*~uE~RkS zfM2zpw?y)egh-ex5Lrm*$BVV3r6&0a+V9S|D8w%dAoAiJRNgUb*vI05+40`U!Zkqz z1;wDp#M&0Q%Uevvnv_6OM5c?_iSBVw46vqVluwo-dB29gp-F%=>&Fq6JL50D@oOu< z0V0qhqdG2U^y=+*!mXQOAvByA1Q-2zp88(cp~!p!c-GwYQJhC_zG0YKjtAUK@>A?r zK6F2}hX}8q4BO%&L$^Y!%_~zkN!~D9r*M^74M{sPg_N^Jx?8<|WG!`|iZ!e9QB<2! z9+D9MgakdW{@SG)WO0(&pvsFMux61kp16J=PaV(kV6Lt+a8|LpUrIXtx^@F?^1=1RK5tW>{k*M9vv<%1i7 zA-UsWoBsjId;elj;KkgTaVT0hIbykXY18q=bdNL>miWb~Yq#a*Cwt|O-)F1dIxg=R zLHYJj$?PCjn}oF$Tl@^Gs#1-f+KbvvYeiCje%}z8_@b0KGNBq4bqp~|_ zq~4B#+VZmIK})mfsqMv-@l-V1sEy^@Wxr3tWfM+Ek(mL^1CAu*N1(vdF(VmTfV@Di zcmUeLyqQ&!7R{AQ_rC%mgf!o4EzHJ1k?>vR>jITX?f_)gn>028n2)X?3B0}_sMR!J zmV8~$mmZDJ>G2DK0HM=Y^&VH#+T93uP*n@{TQ@7bU1!=?fKndV~TtWY;%neWO}(R2GNJ<+QJhXMX}#NKE!3A}sJ zSbnIhVpADw?l|EX1i=rxs^>09_Z_wtF%z%m5>wsgWBL!Bq8+n7o^6hr+<0P;83~9& z$FZ+!yGb-VJ(osj@~j}=B7;m0wCSV`pG6`a1&qs(hZ1p5`cYzkP0DG3-b#6WAAP^v z$H|ga*_~Ye3&{?jJL#hrwZl6jOMl>ccz;yPs?8uolA0xI1FGY>Q|?|>(mCzAz*bO^ zqq@+9cR{b>c?K^}xxcy4qT;!j@xqC*<~4prK}`7DVW zd^a|vyG{M12PAD~{X81qef!!GTyyFAta#D6@(OS6vTi`wqqK{V{7q};#Z3xuVpG2! zL7cx!x$GpscFxW)1l0GEJdP(!lxt3B=j`r9k>mRG5B^RYN5BgyqSYL+V9aK9CtHur z$8usWCQv+^I9o7EQm^V${X~uJeUrz^hgj8Pi|*uDjnrm@&=`d^T+HooN5;*~T+UU} zc(F*1obTQ|6ZwGC+tLd9Big35Y{utkxz05gVf7q?gUco(v+XeF6_@0L&%cCGm|g@w z-G&je+tdlqV&egzrNQoZde>E&QS?hf!1ow#Fsyg+L_0ra)c{Z}pYXP=Suu}0R_oXJ zkmI6s20N}&x*Y?AHJv$5|JPSp){6;{tNqE2 z1>o5tsODeLUrmIMsLim5XHTdY1^XX(xc^J&#OYp^nnUd0f&!v8S)kxi{S9(|Cj@}P zq@(#=2#rEM^!JZ`J5Il}1b?lNzsS8E1U$K>VuH)V|KfPjC-5;DRMh@Ic^iP^KXwgg z|Ajq&eZj{9aQu_#FF(=tUl}?$=GOcvdgub82baLgUrOD7yZ|{KVABe>*x!u%uM2;I z=LBMMIUZ{Mw$tAvzX_gIVbEFm&Ab1)OKLdZH_Dd2^FKKO8*q32-71y;(TxQ1b-^kA z#8-vJ|Ka;^8R^2l()M3h|Mf*g5in+jvUNq9{|?*#|0w@2o|UCl(9YnHPlk81pcz3c zKjeSr`ze^#r-F>pCs17Q0bcxhJ%)vE{>LcUfl*A1V|oWRkc=5G(f%0t%Q`B38$btY zb9`2d0zh!rqSyw_m!Bbk&m$;Icxo~UBq|mlTRxTH1U}oo1jO>6OB(^~rCM0bS1oK} zwVt(jZayk`N~DFG2$lnDSr`eFsiSn37SxiCr?~Bl!9&1Opn-6Qw>_HzvIIRJB#hoR zwz2e=BpWF3k~(;wucaN(OlHz7BiT4ty|f4}9szk+eISeJITvVkUIZ=I4Lm`MHxCur zZER_FQju6CKgcaepv*kr#-;GGMv%TSQu?Y`2>Nl41ApHLRC+S6t^+`)p2Fp9N6-d( zNRClm2x4%@EOmWBXnit2;R&a3N|~~x&6&#i+LjOxVK@t)>eN0^t3|9LBU9 zUo^6Vo{6p?4V^2SCSav4d>Tum)J3oUW@nbWc5|?f7<4oQLbh&jaHZ~YSIK(Y5+i_y zf<+V(ajHOpQ&eh+2my0)r2Pu?)%&wV@f5U@D_v|2nQ95b-U3oC7LKSWWCAKg)y5jo zKTivp-P;^=Fl7a0+ia0Bj5@RL9=x7JJ)f?8JtNf9wE;R+Zo*@f5x+vQ1b8-6-sg`t z*PYqgEzs_%6pk1H4_|ncrP^(i-;=)8KWDb6zS0Xr6aY`F~ z?}W(!l=tmnu!iLVz7rP7h;cRMJ;riHI=48RWV_FSf#@`2-pCh5F zy-!5Sq;JfaAr%wh#_!AUK^TI{F}flh{R$H3WHWwvgQ?Qlc&OI5s?=$)M?-d9ca;p& zwgJ5YPH*GIc7gC@A+0g-r?$k%-}CEG#S6hXC_gUElYDak<0Z3?YbJxZgW;JTIi7oF zR&w8gzu0h)z8OeAr8*u_IE-*II%Y`jQ$5 z;&(Q!oQM=0+Ck1VHhjgZMis8s<+h5+;7v|OytK}>4U3N!yx1^Pk6qC|v3AAv2r{kx?njcs25k9|EMa+KYIIyi)u{OEv~Z_pcDM6OY}vqqfx_hCqN zd#@8m$FGh4$R{F{j-4R6{GNynTSt7wnlO>%TV~V=*Ci?IHrn1RN#RLNFhQ@{^wog8 z<^2n-65Gz)W3_1<_(U=X2x!QpgL{h1+<~I3@V$h3(O$K7WlQ9cc&Mn6s(ua+DgOBD z2`Wp9ABB>^R92=}sS~Aqfvj|v(XaBzLqsK&H)bb-`FGO`edvR_k_#9wqjSCF0uOZ1 zPO>%Bk)2a6DGnnKh*UrG=-?!0C*@%#vBCsRxqcF}W(>JcTgxV_Jg$?xWFA7Mf+3ph z_sqC0zPx6*GE}gD-aHHqUrTic8o)*B2&{*Ov8$$)tzg6LQ(*@Kj+H@$u1|TEomd`> z&@SE=^V{B7SIX!S_Ja~xw z+HS~3V~SdGOi!Ao)ECWq>hpkVeQTX&ixu4r zL`}OU&?FodJfGWKn2}hIAKyBCLsU;Di2$v-QeAi};1UP9I?hq=~Lmx0>h>k7D9o^J*Hk6o{~YXv8rBia=Jkc9Hzpk1f?iCpX*m)`T_v`-7!@>?Gcz;Zn89H4OTdZKx>w>d|UUUzl6V~JijE94O; ziaHUSa;`6e_|)FmIPWt;B7!swyH7=o+V-TN7(hOApU=8I`eTE*E3+%>Rx9|GuT_x$LKRGTe z%p&@tfJbn|sDmnCNYP)}pbU%krP2zcvJ$yp%ft_=NHW@EW7R&mv$%7_CpFQW2IGX}X09{R8RYJ5&iP#p-UvmR&E zr0P_uKAG_iR}fCy_V_xVgQ2?&rDaLkS?V-YSKt zNU=pnEoPvS4<+JF9AHjJ8+&@>hTiV1APU2BCnTfEkAhycm{XYs$1>m!dS9u@=nrW6 zK&*Tlt|+u6;De6d-pa$#0BVbuV3Q(F#|s-mmroFKm&Aw!`$Z9j9y_qb zJHmv!F=dIfZ|2X>DB$YeAyW)qrC#@+`An;dvuYNS@xR%;j?=^$%x`isan}4`+V=m( z&RdO^YapX$8~Gl-5*yGV=iGDxf6PW>XXlR=;Jx(HjV1RHuW6|cTJz_9_~C8PQ=vYB zP?5ersJUh&iFjN`zA$}^1Vev#r8S;POUMu7AYF2DUUGnBm1`Z-%I`+BKsVSaZ^J!d zZe>Ko@lhsy*{V#g2-U#yc29*~?t5A>r^YVF(-j$~?w!E7WwN6mkt{UnPd$u}q!X<4x_j_C=h^qvA@dPd)D93J<1A$9!oZnOczMcd zOL9C%Nt;{rikl>fH8+R8RCQ=k2lG)z!4*kPViNZ+%WMP!f%qJCFB>Q5IKpuWpId6h zn_2x7AAy=^d-uKR_ch9PK5Ss;{)W&E?I*CBjJV97892H?XRi7E*nUfLi*XR%s&-~z z=eAcYcm*oMS<_-S89PpAbU8j{w+Q>@9raK~7)-8C&GsGP=JYnU+iT1NX#|$8TY%$T zC9fW1P%?{aiqLtZ5qz79A}(pNI!P@2R`0CMn|#(U_Z{(3VnWvnUvcDwMW3VPI>9&J zXl|YUhAyjXJNi<`Ln}%W5|PNhJtKEl$JR?O;B;v&xe`NwVTsl5#yVy*mQ9 zxWit`dmp663w8(&{CJVrbneMWVjc4ni7O||%xIdJ`1JibbLCxcMqIi&5?!P+snJtj zuCIyv!pxu#9%)kM2aWtQ3u2rpcT%6#MG2E@>pr{G%v*O4xM zZr>5M;QD6LJPH0SS*i?r1;mH(Srs4kMTyOc9Pz);Wq06%IFYAcbMHSze^&S4D_2Rr`u*oQzV-1>0c;-}+(Hxo zA?^NcvkLe>j!cknUW7fAa&4`VLRx5i4&tEg5&Z>VExsF?Z*KGCfm|JuhwcXF_bUHu zV1NCkA{{xe_J{62a24k{6kc~DoedD~{MY9Hc^qajAi)j%7l9`J`b43x~uDI*RFUywz5K%8!i z)9T(H^AC-ctyR#c*daZ;svg^RW`ZGPSZzHIj4qWTD}bLaQ?U| zM|EiRIM+ra zn8Z*&<)+-FyP_MuV=cq9iEbmHV;gG6(cp3=sU0iz}B|9;C`a~ zP8nXh+tFQfaQo@O;l*LJwkEk;6v`0j1fA z(bhG{MS8jC2^O-&)lVr>Zn&GV(3q{H<7pUhB7@OLI(}4S%w~&T_Rt+Wu@S`j_ZU6dfi!wt{9%*s>ruJ+)5Kp*_7f~oK7*pBoa?OJ3Cd>lo+u>sDNBG5PmJq8DP$GqN0=lhm z@R1PIFEq<0*IKGT;4sHmhfmM$s%mXiO+jSU^=3!!KpL*pZeU!3(`kN;kc{S#QQH0_ zFrX_}H{-on$WD?I(q~}>!v}Nu1fx@YVCU%j$@OVS_pX{oj^vEp?JrQtYehJ2+y*4@ zEZBU%%3aXv1GM>>mHpM3t|zfHbbXhQC^ML$mCB03ozBj$c0IC=a~P*V4EUyOR2ISj zAb~+7a>7N4Eh$JyuwkxO@7ot}y4S1mcK4Z#mN1sMDFFixq3s!2|F% z*&}U#jDk5#pf!WD&?dbbb!&Bjyhu5^1A^v@5Z??OW*-kuU;Jb1KgX6&2rI4MJ|(a z=TxJLO!JRtfG@FuMWJ$)xCUmO$3kiE0JQfrwprFYKST8h;Z@ufYbRY!OCJoqO{{=N zeYwiRsh5qB7UC+-#op}#%a^;nKDML^WNSd$;Ye=#DJ6=fNgbgf50Xr{q=#jkwaLXR zW=PtrYf@-1vn+;*6Ce^V`o_z50^aWH&);BGlD@}+foZdRbnMZni1|m)b85%b)NX2+ z0>bb}SMia<@bywKpK4!er1HN2gjZ^SLSR1xiVZ~y_>LIiWjd-Y<7`m$sQeMqf|gCh zJcJy>zXT~v8l<(vUvIq7+14(NB$l7JqSpm7x37BjNizo4)BS33kjeIhrk%T)qhn@S zf}py?ZTdY(Pd&{_Wxmyjr1kGd^ChpuRC{^mH|pT~6r?sizkowE%aT)JU4@qvea(oM zZ$0kjLD1=w{E8_i>CbUzKbjsoctn^h>JloaM13HrTs+86?N#P2FKYbwg=)y<+FrAf z=f~-D@>Rb^4~U0C3y0d7sj0OA!ChKPYB%8t^YyQvLJ!OzZ*BTIH-dUy3XZ{RzO8ew zinam?EWZs%p6Wd;F*G(M@RhLueUm!ORPoLSwi8wJqCT*|4^8k-a?I9jj<~r;J5BL$ z)>C0{=ZdCGnn9X(YqV74h{w?=PU2*JSoBJ02IMU{z08cfqe^k3ed+CI+5_6(mdv&` z`J6m;l7j0ql8MxNf5z?d72nbq(n+so_}cA+9!`uSq-CoA2HzBQTD_;K#epf%9=dO? zhE+W9`n1HOBGwq<$Et+hO5(6c;({9SR*B7vb#mT4nIf-cS0t>*OL$liNf;?Pg05>AqrgX!4wleub$9LAaO?tvLt zps$S(DWYaduy$ZmGlvbTTcqoA8T;#BC_90Gpim8Br`UdWaQ`!dwT0@nk^9lmm7y0HyIoEmNQUeDM)G# zwq&B=}!G?Gjw;Gb9rcG`0{ zlJIhMOt^Xz-+Ep3>rC<8V@ZMWo@dooM@%i8E!kE$pM00mMq3!6DLIRaSQF>=SJU?& zNw>gu+#7gyNABk;t4z_=7+%HFc=w|0X@U_YUi?Eoye9})F|4V{5pnf_2goL)NJz6b zKJ|(1XR9;cr=yty zRA=&?Z1-^dT;3rrGcOea78+I>Y2O&p&6&=|ytd*8GmLlr>RU}Qdbi))S5hTAbOK|Q zJN@GHTT))%G`Ts6wZt1D*cvK^T1(~o%G_zA(4UlV1}o1iN}uw5(xn$^?iD!gJ$NI zXw*%Fh<7+@dV{!Z07^$636ed1KUYUZhhZ~omW6@^ZrRSwKDKpx=}DQUz^PYF%t_zV z7puu=fHlu=dC|i1?&f`+R-s+%rBS&|A-O(c;s&6yLNmk@&tZVQcL3MwI(Ir>Vh@*BOR{=+pEkjSU#aK z59#}C>S$lvs26@8G8i4|IsA?yB=|i}q7^3iUp1o@dPFAZ?O7$F?8!obMIM~2o`y)y z_m~4=!JW-b=VtVP*=V+}mTNNfA?YB=AOVa1sdn0Tr$?+B1m-_lF*H{Of*lw5L*VQGey z-CwI+k!~F)!u-75?<`Yez-xYC-Fuf@zb1Tgdu7I*!nnjmav&mJsg+{#aL1VvozYH$ ztXFJQo~S+3#N!F4d|p$<73qJxhYh`aAL~p-(ak`@7Vb!pt8IT|nSiUA7jt4Eeyh1F z{EQ|_oGqZ8v>Euax)}RyZk{j<~62_Z0tt3TKfSZy@?ri z?)!wQ8)IDGuqsEQ!i3g1v<<8_j=0e-1$<~Ai)C*PT8#d*CO#!NbxLL>TyN`ey4F!i zo!k5Znq& zjKiAhDo*5ZeNBouZkS}g$bdr~&rP%F^Nt`nlI8~iKKc6WW-gpwRAr3>$&i?eXJ&iR zS$O7uVhD!L~$j z>6WShHK|bdgq;QDjogjM1M2BKOhL4e0yQ@Wj$1cuF2V&?m$6jb|G->@l8=~CpyHI& zS6e<3csm?T@pL5}eO{k`vWPEd=P{1w8x@C4*h)gpm{3pl{Rt8b0c%6opw63@F~=;m zf;#%`CsHXQ(UU$)3e0Iy7n?B3GCmPrDL?2=t)0>A7VTxgphv#*@{ z@s&Qeg~)@w;BpadbVFDN{HtI4dfyKAOAW0PB^TSpuN`DvUksHvWv;!%@{4kRlAdo_ zT7UeWkzr?=K&j_Gfu;9x$$#M|rRva5C2McKXSXF5Z$Y3ikqA!zlNC=WSBQaE{jrwR z4pK@%;ata}^EA5XEzP@`XUFQ-G|F#>{oaF;9jnhI?~-B163JIsiW+7XQeV3TGsK=@ z7EY8`20A;Q{8{iFFQUfa5VEYpT0z%eN6I(gciiVg84N42i&7VRcMzP(Va%L|XuTWb zQfe$}N_Ubjy@ttfNzX;|NWuv=UEaeohDB*hUPL0C`lV~k-aE;3hP;*=E@PdqpDW~O z2-Opx<#n#k7@45bB4c6sb#f}^9F~-Ji0j^HCVkFBNizoiJ$St=NlX9ATB`WB>e@F=0fj_@89$a zqgK9t;IoTbv!-|53G8$su&A?Kn=pu_#qD{d<(LH%@6xysIh}?DLap9xBU2=CkdX`= zW-D9XLiMWQ4!@?$si;;JD$#7w%h>TdLV9KwIG*ir#uUX##a|Z|ZHh0tuiVp`9{jMR zNQrHd-9yllr-7)0ew8|1#hbsTJmwz5Zt#y*>G0;{wq_ zx0-U9lA5<`JNL?R?@ zP0$P#8qAI!>*Sz%I>Ppbed)1-n|y$6!r`#v9R9>F>XuvjHhItLt>~9F9Skny&}|_z zS+niT?_U~YJ@>AZ#W*02Sem0PaXyKb_;r0&=m%@XI@F}^a_wqZL<0IGuUr$UFLf-} zEi_)Df(5I0-Q`xeTB2fL^QT&+(Qa8 z)weWDV)(vY6JWOrA2V0m+&JJWV^Ih%mH4*IlK=Ajk-%P#a%NiN@?GIy|<-I892CA3mH4uZ2w(xOWd1)`jMl0 zpS@P7^oAx=Ns~?U*vDE0U0tr0OeZiHQ>zw6l?l8#&)>`aE&16_3B^QA*8rzZ_36k< zSKGcY4w)L*9js1H=MpT&3GVp{jI8oYPf~1t=NniXN#6GIY-6oB%1!@v?JH*Vs6IiW zkqAo{^L@@iFATr3LxD{CkL2RQ<mj%vy~1r&nAyVa{E?`va6x+1 zq*uaDLtuzE#kn@e2I*Em=}h?}>bUYfS8c!MUE5XCRfdI6`zD`vSLP4Y23_*rJ<(ZA zRP#RBB`_^qo%JOB#g>Tfr>~4hSkhDtcu+JMcLIA0zeRJfaGRTXZHEL7F-(;;57)uE}_%BrlKKRP~qXL`%B1NQtY`nxE zK^5g+q5OYB-9SP)kHkTxuB|)%mr6xFR4UxAeaW%?4_clxE)~A=BB3_zUm*m4^q^9S zz}Qpdv(Tyk=S>$Uz*jsz_P+Qp+Bl-0VLh&T`NoVEi~mfJKng<&1pmhgGDlxlKp?*C zhb~I#`NH6WE08(_qN{fxor&}Kt01!48S)<^Pjmu4U&mY@0?SN9!dLwflxB`lO4zP3 ziRVFR8$lX_9;%Fu;vWQ#-4QFE zkUD~$JdDuKpMWCmHxQJkZtWxhrJE)6VCwO+cI?WIzLak)b+sQFS$I@|JY@kCWc^DI zkmeKnd%JYjaaj(gA;0HXK#DR*W|`->epZ7q1YDa|-P?&dX5i-`VqK74sy@l_73lvW zFbobrbgVh_T2Px|GvUUs2tkqt=Mk~og%cG`P^P`NVTg1X09B)Eph&rH$;jE?^UGE8 z=ZHM~DQRS+!wq>tIfGBh3R18(KtwhG^@}_Z9(vRhGCcA^AqJw_#!8Z zRAKXK`r`ZccsbIvV{C61EcTL=*3iy&;ZcIdz;r*B;fY$31(58viq;>MIpdOvv4PiT zK4fSSPJkBEWdE39Ne&06!7_)kH_GOHirw3L$6tVmv3qM{A$iLD(XC?CD)f0agoec* zt79NWN_0cI0|I;2off>_tLL3x`lG3?hu8g(&Ak%oU;57wGZ~=0Q}rD|LlL}=PS%|fXF#$F$wfA$6k=Motjz3xemr^kQ4}xBEO3@ZN zS-2b|qEMTJxnjf&vBRu>-^b5c=HryuFA+D<;K1PTMuvuH=oF`+mz@yXXO47=1wPUK zXnkwLJJ4`B9XBi~gyg)w`TiG9kejbT@bM_p1q1|8*LGK-&G&WlS&)pqtjgC&J)Q4T zoS5~mJeg}_NCB?7l9CfY$e6jzYzICU;~bVlwm?2d?@uNvq2Wh9A$dkkN1p<3rNLqf zJ?q}b@f>E8>D%3fOx?bU=`;sumQfTz!#6;8*?9aL_xSJ_t2Q$zh<^(NIqcnp-0+p^HG(% zj4skUy!3>k6QjB4aplW8{3pRCSOWnCI9$@hCU>BNX&# z#-?o(uUYbJP`O^zO@y8m!PjUw&szv{Sx~sJhxIPIK>aWw<;klnul(%TFl}JOB0FjN zjiM%Fsq+@x^HuYSH=v>a;n-=Ue!0AlzB_pqzW90Lw%J&jZ%PeC&m1~$+4QqwPK zbh!v8A;~ijgs#q?=!Ci1SQ|#Ea5uy1x1fGoDRW0@Oo5w9n7dRZmaPW}vF9dLWoK7m zRjQQ764%J$=2;gZI&M`C1Bas@^MV+xH^0kBwO)oIu$~8tie^)PFK_HfIFX|x+Zhl+ zI5g7ZummJ6T)4wQbn)Q~)J45jo-Wf*v9KBpN7_SyF7?2LV=T?N)341&>DZ_?EXKcJ zp})pF@P8hgR7_#Vd?ClLxX5G8mb%pxe}#aHGmc7!-U7*c+|q=%c8Eg<(j?fKH%O4E zEW-y3SH9kN>%VSc{X-_B$A zzZ*od^S5@`lS37Tm>J?Ra;5Kt)`Svc2*#jij|HkKczz{pH2UmCS55((PcgA%bF^_pg7IE4Ll>9PS7c!zw?b6$IRB%BY`AJm#5E>uY6-9(ZToLqdg^VWHR zuwHgNm`n3pUo(}Xj9*!6a{0tcMI>IkOn>dP=b|I5e2)kw0|v&{Mt<)z5a9|1_fv;q zM3oY+W|FKxhYB%EVLeU~^A?hbd1f`Sq9u~0(0z%Cm-l^fJ0%!Ma@=?u`OU1m*d{1A zs%7cg41>O?rnM z-=>VslCLQNl>*)Y_+t!n0H14`0H2uMAMam(C`95DU^K}8e9zBs#5;g*sifc#BxbEM zYKJ-V``>

  1. iS?HRk<){s0EWX#QE?*YElB{ncdXhMD2W2Y>%QMG`6$&9f>g{l9)? zT@_wHXBC||^*=8W5PXCk&8zF_R`}N?{5=ogXL$mEunP?(cE>fBVvnX?>ukD5$yoO!tl3E_fG^vhX|@_}-+yNtG_Y z1VN3FwEPoZ(z;6jx>W_dfF?S4w8AAiR86RYyt}(9ywHX4whZ040SfRJJ$Xhg%Q^kx z|C${zPlAy#YE1h^gTLGTiQ^qO7klHswB3ChEk}RcaP3~YwA&Oe8p8ifeb+C&y~E#i zd`?B+2Cyq^KJy|-9OiV#BVDBR3PkFfy^Z5&WOWLo7uXuKgr z$Eh+u8p#_DA*FME)&+~C=Yr^4_B5ZgGLE00G}RS+f@ai4SUT0rlf?xBjBoSY%p`cE z=b>4B4bpAr9)#O<1bT9z0Z8@uZB~u;@BCPmUAiAh9IQ14OBEQZZ6L=v;R`J0Kd7GR z<=KO8ga;j3q+@sT*CTV#BE!?Q6AXjnB7y$uM(SQJz#wdj7)%TRUM+w%BAe<-avx%& zfUSH1Xcbp2}m)O!kvDWa5Ji`!jp zq}=FzwfBkXl%p*Gz#H;qKIQbeuKM;=&#^vN;^0(_e$TUE8U zR;Ti%nYtMwDEeSC&Vy1g;OD~6)R<^97`IOl!8nm$-Y4ud>-#COxgXZ4-L0@S1n zp)Xv;tt%jvN#1()v=G2#&ft^ur-kLiXKqpjphzFlp+M{6K*Ot62o2f#X1ks^flvY2 zQ{N`=b+`vyhdEJp^M|Xa@8U?!AY__aPqxH*a$Nh`{d6%v6Q-*ZOv9cm6-tTYz5oL9 z)7XYeAkY&&XNI$c9?`#-xFUMw6D9ijiDt2)+`B4o?fXdxhaQSkBba|{E_WJ}VA0GC~F*}S<8nRF8*kP;Vz$f(M&D;7w0)b>t$(#hfQ z$319mDq?MgtWi)osk<`(*mwaWNZ3yhMSzKByZSz*f8hd0zSCgYDM)1A^v5h*OcJpS z^$7<6a{qH(j>CoC5jfEdt!F1407aHZ`lm()lPBJ`S$1E*`gAR88_=P9KoQt=dmsf| zAvQLeEAALRz=%>9u_xXyy^l5KCMiiVXS$`NxOHCFcvM4$vg{l5Q+$|S*-3#T4cua) zq#M3L!6@3a_oL&MVZ;%hd6!$;$;_n}BXZ4iue_?gRA4&1=K09h@OgHNoxrn(Cw>7) zbLXgNsCjjMw(nTK@rr)&k;cNvadWH*&Z=%!J~XQso0WTsS0%sAjo=>;&qBQCWLl zSU0WIFn57rsX(Y~b3S!=nu4K@_V)Um4Fs=xa;*wfo>)`i3XT`YJvb$IZA?L83u|fC zy{4OYyhogl-+QjGhm;1D)!Q;p@^d2yKocW3cH!rZtsFsZugy-@ZYgHb8wx(Q%SJL; zlX;&oT&qU>D!!ADwl}Pv*K_JCAq$glck3hPo8szETt;i1yS1}o!4(s09$Vx=> z2d-KCH%Y@Q-|Rvh?Lxmzx_iJk7*tOVZQ+{E%BP4R#?)s)T;iENwC+Nz4nrQ0hinVy zqcu0xZe{iod^Fuid-T&COibWP5Z`hx_k6gguA93&cY&lZpN zPU_AzcrkS2a*d=4rR7>-XdP-mCp47n*GeCb7a&5V=fZpm?ztqt)uHo213<>a9t$si zQa3{f{SsR(;ZMGwIt>fEYb7+ywai7o-NoZ~`VPV?(V7LVxuRpl?92Q3OsT!SmXF+b zXQpjB(rOl~Sh$QnbZ9_xOtz-)KQu0F{n;6hsQA|v;=?S zj)8l-zV(1h`Oi=P1Oqn#*7#o6V*CpmsItJ&PppZnME-S&?*MDICNf3;xy`c2Ny6^d zH0uyU``0Cw0oJU&R<`~pxM*yV>#{l%~0uzhzY2@WboaK6t~jps}& zKdb!D`%*PVUXpFofKG>BuZdYbK9a$$u5$ml(J2Rr6C{s)VDf8r{(_wf`Y=W!^ZfE0 zA2dx^KY~W{CaXcdamCP#CFn6-en^!*hUNp=TI~qe9|Y5-^uXO^~+D;BIM#)NrCXzSpjr}$KgOp&^+Tw;`0j;vU30y z5SjNt9$D57(|I1lSlXa#00)U2*n`iD)T@%1B9j2HnKjz z?zK2AQ02K)2K$o%5Iyrik~nY8gTy-*z>*$h{(RoupO)V*+E^GI+*+S=>E{(-j~gN2 z47d(1Oa4Pmu$vD8r+lKB?ji9k{{D^(ENDm;J+qi?9MFJWgl}Q#LlD_j z*wx)7UI`#t&?+rIpe7c1r3V$+X<@Z%hW&aVn1p7iG;7Y`zr`-dG2iFn3x{6FQu3=N z3xIU8Qh`KF$MG>0$=upI7e4WdwKEZX!4>TF*?kZf>}$oLQ?|eHz@u zLu*pe7p>avyg}NWx>T=(`XW+Wr$>s9o#jgRzJj`2Vwh?!bQ7MjNXVf0 z-9@@g!0&l1wR<9TxFx@1kx$F!hJt&KU-0du7T~YneIh7r42$JzRrO?m7yxbdCiw-%r3@sPw zXFY6!SWF}v9-WYWTpcQ5}jFClY9hQPno0ZP(KV0M{6U11!*|ZbwRR( zS4$$_`|&Fbz4*5ku=7wK0nxuk_Alv3h6C zLT8Dg&1QZDcr`{t&gPjT;qE5VVu3mF7&d6krZbbl*2#vU@H5miub{1*~#`w`vc{VU_$(bUmU+Lk2|YRJ`i_sglItL%IBsj zU67c$xh_u7tRy=r>HKSB(MC=l%kAOS;@u83oDK(Tx{=+8`AwIhkg&43x{GRe>u4%{ zG_U=Gr_L9}Z&ULlP|=8aJ?hHNM5ReiG}Cb{-@Bkl?aYftiU&(2{5RPGZXCb1x8o(@ zee}oq=sOg8^1a>@4zJ#dXlu$#dwqNKr9G)DM4j{xD7cn|7ZC5pdF_BNQA+j)yLVY5 za*S(l74hZSJ^n$RC&$ZjT@)G+1M6s7AEe`qPXXp{c$p*%oJg*w<&%g51+C8Hvn5S_OHWEhmMpfBrZ?UP8qIU zPxOf``}eaw5?gc!PfD+Uy^S{3YC zJhyl~7l)8$>4Msi!lxH5c7_3dB%;6cZ?>(0y^h$j#GC(a-HbSafU$Sp^RtE^)HeZm zlbrvKz}pU?7DyllxJJhEHqV+>mr{$%kO5@*bhRVRS7-MRn>73$dN}8S z(;i6lkmRpx^Zi|z7?w9e2RmvM{y;x=G-i$^e6{XaC^}khM8izRXCoI%ef_}O*aJ89 z%DN+6+VedUUwc^|@{!7OT?m?un6(;T_-DU|;pqQ^ul9`p;44hW?LUNDfHXBbdL$w( zy(5$z{q@@E8#80GIkdH63+uoe^i+Gf32J2qZw~=Ql?PA<96_QwW8M%9aU2S2i#CWG z={Tg2h`D|&w!Q#q=@-A*0P|sqw3|e*Sr3SHH_Ol4Z)=(Dw8-z7BS;L)+E>bt`d$V6 z>Aa7W4v{k(bU~TgGXkb%0VKqwP!==*Ul!Cf)ysg1zB~=suH2_vb6=3jq`Tt^obNPw z2{0~d-QRerNN_sYYUf1Q+2s9(Qq#S^XZ%l4+Uf4bI4+eKeW<1+sIbD=*cmQWyNt>S z8WeM9#g9}*8UFgT9~r^&T~c|96^@G0Z~)9k99Kw38OS+#0DZ~3hf4%n?;bbm5px1c z%Y6f4E&KS=Z(3B6d>VLzG^#GW3l*%|s{T*ir+ufukc6}ps<6vuQt#YwE=@=5Yyf2P z2VqE0 zevuHEeG24tM8x?K0@xP7lvPSX!~4=vXm0&Bt@&Kol-|n}Ee<9YoXW7t+P-Za;r=KXA7G{D-dE8oP^RzfV>caK6Lc zyLp-vM|!JLYZppQL%QnG0``$97<#(B5IYb(Eas-TRa834*;i-MKDV^-&lAFKdY9Zos~AQ4>c@% zgtL)&f9reWQDiI2_hmBCiZcc;;pWNUx|v~t_YTe@)%~(cs(CYKlp!G+Up7+JtUD+X zrfroke-jc3f{A5wLb9VN)pU`}>;sCqb}S(U;Z`7miYNz5Ht*O{f_w6!+-lr5jF&GzbH!hkBC zIw{X`?tTp=WMOsVfJvin-4*@BImZY(3t9#?ZHvQ0@IrOZCqIfv&HW0Kq=Hoc3_ywk+4?3A8)TzZrC#AI^UzC7q{?oGTQ+o zjj?Tai8O0i_H#^6D8Hn@{4?J)vVhK$m#Qy!{|1fI5vH_sRuKdk*$*FRwdkU21>5b! zE(#ZP%0IU?T!&|NY6_iSv7vB`E1AMA66giS-VV#sfjn> znx`e8dg*px_dSHMTm&#&@(p77{u?m-U|{2;mKlyE6GL9Qcv0dh)9bEqCHnv^7oTp` z&w#^b8nSv$2|RjCixRibWVRsGqLbf7P@j+VqdmR;SGQgzyFQ_&%d@LKh5kBS$=^Ez z$GYz-MsUd6UOca!_37{`w8U8)_*y}QlGV{#>A|;CKey0ZkPdxgn1 z;=&nn<<2Q&#Y!B)sB3=ukv}J-Eo#+j1`IYgdZf}JC*bFHsDM;>vOW#Z9zzR!M+{-k zPIt2FWg(Tu`FIwFT!#!-P`mYvxgHBi55oz1c_+K0^DqMIjOs+YZ#4ZTdJOFBzd|+5 z`T_lnr@W!?Q+{kEW6#V~9LHHT;oU@NZq2ORN&K!ph-g@@G=EOw)sJY|^=_RLckD}) zb&AzIb@A{Hojj*>Mpvga<{P*{3ZbgsG1`B|Y;9V3K@0(TqyY~so)MjZ-b!Uqpst+5 z2q#1mU}{>gLWv)m0Z2bLD$n=9W-2_j8?1D8cT&Rei<2SU*A^d`1;^9S{C;us0U2QC zZic&>;i`GMJI1|s4G#}Lgu`xcp4UevjQTsB@NU}oKuuk?>&YG?dCq! z(CJTCWE(j=*Z{mbQ0Y0m?@x6S?o-r3Tb z@3goQ`nMOf{JWTsaMicHwJC9mcAdd=U+5fAA#8zd>&j)>Bci2j7r2gAR@9VzAC8rK zo@^UUKk`zz^h_52*3uT~VRd;R%w2{>j_rKKmQZNx=oaio9u{tC>9xmdXMQxH{czem zwJW}$Th*>>tD@F^YGBC~*WLAtqRT(#sQm}f1TYh#%yB(Z^)oupKK90($2^zD@2B)- zAr@r*Hw_n_3aHF*BRE3$acTYvVs+|LIcqXAdC~Le@A3z7f_Q0wEG91k(bUIh`xe6F zVxYzQucHO>RbphRA$A~T=226+aN1)#Bi0hA!+(PueAv?uHJms5-$Gr_BY3lxB%-!@ z?ZxaY%3Q58wfK5gzWOj<&Q;B|oU;A*Z~It^$Az1%^pTSMCs(B~wgJGq+@*!@-`@!X z1!n`Ofc6f*t^dXQ{(<=A!tnX}O3VENfx>(G$N@HD|Ka32cWB3Y`o;cN;q5?v*7zUX z_Ummg1Tbsn+kg7+D;UDnZL4B_^SOU+r5-SC(7N^9-&e4Or^#42&Ga{#{(lIM|KA&i pv%>!!;oq|}7&)T-cT-}Y=ycEn>rbWZ5qR+5Ib{u{d_}Xs{{dI?U Note: YAML files used in this tutorial are stored [here](https://github.com/kubestash/docs/tree/{{< param "info.version" >}}/docs/addons/mysql/standalone/examples). + +## Backup MySQL + +This section will demonstrate how to backup MySQL database. Here, we are going to deploy a MySQL database using KubeDB. Then, we are going to backup this database into a GCS bucket. Finally, we are going to restore the backed up data into another MySQL database. + +### Deploy Sample MySQL Database + +Let's deploy a sample MySQL database and insert some data into it. + +**Create MySQL CRD:** + +Below is the YAML of a sample MySQL CRD that we are going to create for this tutorial: + +```yaml +apiVersion: kubedb.com/v1alpha2 +kind: MySQL +metadata: + name: sample-mysql + namespace: demo +spec: + version: "8.0.27" + replicas: 1 + storageType: Durable + storage: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 50Mi + terminationPolicy: WipeOut +``` + +Create the above `MySQL` CRD, + +```bash +$ kubectl apply -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/mysql/standalone/examples/sample-mysql.yaml +mysql.kubedb.com/sample-mysql created +``` + +KubeDB will deploy a MySQL database according to the above specification. It will also create the necessary Secrets and Services to access the database. + +Let's check if the database is ready to use, + +```bash +$ kubectl get my -n demo sample-mysql +NAME VERSION STATUS AGE +sample-mysql 8.0.14 Ready 4m22s +``` + +The database is `Ready`. Verify that KubeDB has created a Secret and a Service for this database using the following commands, + +```bash +$ kubectl get secret -n demo -l=app.kubernetes.io/instance=sample-mysql +NAME TYPE DATA AGE +sample-mysql-auth Opaque 2 4m58s + +$ kubectl get service -n demo -l=app.kubernetes.io/instance=sample-mysql +NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE +sample-mysql ClusterIP 10.101.2.138 3306/TCP 5m33s +sample-mysql-gvr ClusterIP None 3306/TCP 5m33s +``` + +Here, we have to use service `sample-mysql` and secret `sample-mysql-auth` to connect with the database. KubeDB creates an [AppBinding](/docs/concepts/crds/appbinding/index.md) CRD that holds the necessary information to connect with the database. + +**Verify AppBinding:** + +Verify that the AppBinding has been created successfully using the following command, + +```bash +$ kubectl get appbindings -n demo +NAME AGE +sample-mysql 9m24s +``` + +Let's check the YAML of the above AppBinding, + +```bash +$ kubectl get appbindings -n demo sample-mysql -o yaml +``` + +```yaml +apiVersion: appcatalog.appscode.com/v1alpha1 +kind: AppBinding +metadata: + creationTimestamp: "2019-09-27T05:07:34Z" + generation: 1 + labels: + app.kubernetes.io/component: database + app.kubernetes.io/instance: sample-mysql + app.kubernetes.io/managed-by: kubedb.com + app.kubernetes.io/name: mysqls.kubedb.com + name: sample-mysql + namespace: demo +spec: + clientConfig: + service: + name: sample-mysql + path: / + port: 3306 + scheme: mysql + url: tcp(sample-mysql:3306)/ + secret: + name: sample-mysql-auth + type: kubedb.com/mysql + version: "8.0.21" +``` + +Stash uses the AppBinding CRD to connect with the target database. It requires the following two fields to set in AppBinding's `.spec` section. + +- `.spec.clientConfig.service.name` specifies the name of the Service that connects to the database. +- `.spec.secret` specifies the name of the Secret that holds necessary credentials to access the database. +- `spec.type` specifies the types of the app that this AppBinding is pointing to. KubeDB generated AppBinding follows the following format: `/`. + +**Creating AppBinding Manually:** + +If you deploy MySQL database without KubeDB, you have to create the AppBinding CRD manually in the same namespace as the service and secret of the database. + +The following YAML shows a minimal AppBinding specification that you have to create if you deploy MySQL database without KubeDB. + +```yaml +apiVersion: appcatalog.appscode.com/v1alpha1 +kind: AppBinding +metadata: + name: my-custom-appbinding-name + namespace: my-database-namespace +spec: + clientConfig: + service: + name: my-database-service-name + port: 3306 # my_database_port_number + scheme: mysql + secret: + name: my-database-credentials-secret-name + # type field is optional. you can keep it empty. + # if you keep it empty then the value of TARGET_APP_RESOURCE variable + # will be set to "appbinding" during auto-backup. + type: mysql +``` + +You have to replace the `<...>` quoted part with proper values in the above YAML. + +**Insert Sample Data:** + +Now, we are going to exec into the database pod and create some sample data. At first, find out the database Pod using the following command, + +```bash +$ kubectl get pods -n demo --selector="app.kubernetes.io/instance=sample-mysql" +NAME READY STATUS RESTARTS AGE +sample-mysql-0 1/1 Running 0 33m +``` + +And copy the user name and password of the `root` user to access into `mysql` shell. + +```bash +$ kubectl get secret -n demo sample-mysql-auth -o jsonpath='{.data.username}'| base64 -d +root⏎ + +$ kubectl get secret -n demo sample-mysql-auth -o jsonpath='{.data.password}'| base64 -d +5HEqoozyjgaMO97N⏎ +``` + +Now, let's exec into the Pod to enter into `mysql` shell and create a database and a table, + +```bash +$ kubectl exec -it -n demo sample-mysql-0 -- mysql --user=root --password=5HEqoozyjgaMO97N +mysql: [Warning] Using a password on the command line interface can be insecure. +Welcome to the MySQL monitor. Commands end with ; or \g. +Your MySQL connection id is 10 +Server version: 8.0.14 MySQL Community Server - GPL + +Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved. + +Oracle is a registered trademark of Oracle Corporation and/or its +affiliates. Other names may be trademarks of their respective +owners. + +Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. + +mysql> CREATE DATABASE playground; +Query OK, 1 row affected (0.01 sec) + +mysql> SHOW DATABASES; ++--------------------+ +| Database | ++--------------------+ +| information_schema | +| mysql | +| performance_schema | +| playground | +| sys | ++--------------------+ +5 rows in set (0.00 sec) + +mysql> CREATE TABLE playground.equipment ( id INT NOT NULL AUTO_INCREMENT, type VARCHAR(50), quant INT, color VARCHAR(25), PRIMARY KEY(id)); +Query OK, 0 rows affected (0.01 sec) + +mysql> SHOW TABLES IN playground; ++----------------------+ +| Tables_in_playground | ++----------------------+ +| equipment | ++----------------------+ +1 row in set (0.01 sec) + +mysql> INSERT INTO playground.equipment (type, quant, color) VALUES ("slide", 2, "blue"); +Query OK, 1 row affected (0.01 sec) + +mysql> SELECT * FROM playground.equipment; ++----+-------+-------+-------+ +| id | type | quant | color | ++----+-------+-------+-------+ +| 1 | slide | 2 | blue | ++----+-------+-------+-------+ +1 row in set (0.00 sec) + +mysql> exit +Bye +``` + +Now, we are ready to backup the database. + +### Prepare Backend + +We are going to store our backed up data into a GCS bucket. At first, we need to create a secret with GCS credentials then we need to create a `Repository` CRD. If you want to use a different backend, please read the respective backend configuration doc from [here](/docs/guides/backends/overview/index.md). + +**Create Storage Secret:** + +Let's create a secret called `gcs-secret` with access credentials to our desired GCS bucket, + +```bash +$ echo -n 'changeit' > RESTIC_PASSWORD +$ echo -n '' > GOOGLE_PROJECT_ID +$ cat downloaded-sa-json.key > GOOGLE_SERVICE_ACCOUNT_JSON_KEY +$ kubectl create secret generic -n demo gcs-secret \ + --from-file=./RESTIC_PASSWORD \ + --from-file=./GOOGLE_PROJECT_ID \ + --from-file=./GOOGLE_SERVICE_ACCOUNT_JSON_KEY +secret/gcs-secret created +``` + +**Create Repository:** + +Now, crete a `Repository` using this secret. Below is the YAML of Repository CRD we are going to create, + +```yaml +apiVersion: stash.appscode.com/v1alpha1 +kind: Repository +metadata: + name: gcs-repo + namespace: demo +spec: + backend: + gcs: + bucket: appscode-qa + prefix: /demo/mysql/sample-mysql + storageSecretName: gcs-secret +``` + +Let's create the `Repository` we have shown above, + +```bash +$ kubectl create -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/mysql/standalone/examples/repository.yaml +repository.stash.appscode.com/gcs-repo created +``` + +Now, we are ready to backup our database to our desired backend. + +### Backup + +We have to create a `BackupConfiguration` targeting respective AppBinding CRD of our desired database. Then Stash will create a CronJob to periodically backup the database. + +**Create BackupConfiguration:** + +Below is the YAML for `BackupConfiguration` CRD to backup the `sample-mysql` database we have deployed earlier, + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: sample-mysql-backup + namespace: demo +spec: + schedule: "*/5 * * * *" + task: + name: mysql-backup-8.0.21 + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-mysql + retentionPolicy: + name: keep-last-5 + keepLast: 5 + prune: true +``` + +Here, + +- `.spec.schedule` specifies that we want to backup the database at 5 minutes interval. +- `.spec.task.name` specifies the name of the Task CRD that specifies the necessary Functions and their execution order to backup a MySQL database. +- `.spec.target.ref` refers to the AppBinding CRD that was created for `sample-mysql` database. + +Let's create the `BackupConfiguration` CRD we have shown above, + +```bash +$ kubectl create -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/mysql/standalone/examples/backupconfiguration.yaml +backupconfiguration.stash.appscode.com/sample-mysql-backup created +``` + +**Verify Backup Setup Successful** + +If everything goes well, the phase of the `BackupConfiguration` should be `Ready`. The `Ready` phase indicates that the backup setup is successful. Let's verify the `Phase` of the BackupConfiguration, + +```bash +$ kubectl get backupconfiguration -n demo +NAME TASK SCHEDULE PAUSED PHASE AGE +sample-mysql-backup mysql-backup-8.0.21 */5 * * * * Ready 11s +``` + +**Verify CronJob:** + +Stash will create a CronJob with the schedule specified in `spec.schedule` field of `BackupConfiguration` CRD. + +Verify that the CronJob has been created using the following command, + +```bash +$ kubectl get cronjob -n demo +NAME SCHEDULE SUSPEND ACTIVE LAST SCHEDULE AGE +sample-mysql-backup */5 * * * * False 0 27s +``` + +**Wait for BackupSession:** + +The `sample-mysql-backup` CronJob will trigger a backup on each scheduled slot by creating a `BackupSession` CRD. + +Wait for a schedule to appear. Run the following command to watch `BackupSession` CRD, + +```bash +$ watch -n 1 kubectl get backupsession -n demo -l=stash.appscode.com/backup-configuration=sample-mysql-backup + +Every 1.0s: kubectl get backupsession -n demo -l=stash.appscode.com/backup-configuration=sample-mysql-backup workstation: Fri Sep 27 11:14:43 2019 + +NAME INVOKER-TYPE INVOKER-NAME PHASE AGE +sample-mysql-backup-1569561245 BackupConfiguration sample-mysql-backup Succeeded 38s +``` + +Here, the phase **`Succeeded`** means that the backupsession has been succeeded. + +>Note: Backup CronJob creates `BackupSession` crds with the following label `stash.appscode.com/backup-configuration=`. We can use this label to watch only the `BackupSession` of our desired `BackupConfiguration`. + +**Verify Backup:** + +Now, we are going to verify whether the backed up data is in the backend. Once a backup is completed, Stash will update the respective `Repository` CRD to reflect the backup completion. Check that the repository `gcs-repo` has been updated by the following command, + +```bash +$ kubectl get repository -n demo gcs-repo +NAME INTEGRITY SIZE SNAPSHOT-COUNT LAST-SUCCESSFUL-BACKUP AGE +gcs-repo true 6.815 MiB 1 3m39s 30m +``` + +Now, if we navigate to the GCS bucket, we will see the backed up data has been stored in `demo/mysql/sample-mysql` directory as specified by `.spec.backend.gcs.prefix` field of Repository CRD. + +
    +  Backup data in GCS Bucket +
    Fig: Backup data in GCS Bucket
    +
    + +> Note: Stash keeps all the backed up data encrypted. So, data in the backend will not make any sense until they are decrypted. + +## Restore MySQL + +In this section, we are going to restore the database from the backup we have taken in the previous section. We are going to deploy a new database and initialize it from the backup. + +**Stop Taking Backup of the Old Database:** + +At first, let's stop taking any further backup of the old database so that no backup is taken during restore process. We are going to pause the `BackupConfiguration` crd that we had created to backup the `sample-mysql` database. Then, Stash will stop taking any further backup for this database. + +Let's pause the `sample-mysql-backup` BackupConfiguration, + +```console +$ kubectl patch backupconfiguration -n demo sample-mysql-backup --type="merge" --patch='{"spec": {"paused": true}}' +backupconfiguration.stash.appscode.com/sample-mysql-backup patched +``` + +Now, wait for a moment. Stash will pause the BackupConfiguration. Verify that the BackupConfiguration has been paused, + +```console +$ kubectl get backupconfiguration -n demo sample-mysql-backup +NAME TASK SCHEDULE PAUSED PHASE AGE +sample-mysql-backup mysql-backup-8.0.21 */5 * * * * true Ready 26m +``` + +Notice the `PAUSED` column. Value `true` for this field means that the BackupConfiguration has been paused. + +**Deploy Restored Database:** + +Now, we have to deploy the restored database similarly as we have deployed the original `sample-mysql` database. However, this time there will be the following differences: + +- We are going to specify `spec.init.waitForInitialRestore: true` which will tell KubeDB to wait until the first restore to complete before marking this database as ready to use. + +Below is the YAML for `MySQL` CRD we are going deploy to initialize from backup, + +```yaml +apiVersion: kubedb.com/v1alpha2 +kind: MySQL +metadata: + name: restored-mysql + namespace: demo +spec: + version: "8.0.27" + replicas: 1 + storageType: Durable + storage: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 50Mi + init: + waitForInitialRestore: true + terminationPolicy: WipeOut +``` + +Let's create the above database, + +```bash +$ kubectl apply -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/mysql/standalone/examples/restored-mysql.yaml +mysql.kubedb.com/restored-mysql created +``` + +If you check the database status, you will see it is stuck in **`Provisioning`** state. + +```bash +$ kubectl get my -n demo restored-mysql +NAME VERSION STATUS AGE +restored-mysql 8.0.14 Provisioning 61s +``` + +**Create RestoreSession:** + +Now, we need to create a RestoreSession CRD pointing to the AppBinding for this restored database. + +Using the following command, check that another AppBinding object has been created for the `restored-mysql` object, + +```bash +$ kubectl get appbindings -n demo restored-mysql +NAME AGE +restored-mysql 6m6s +``` + +> If you are not using KubeDB to deploy database, create the AppBinding manually. + +Below is the contents of YAML file of the RestoreSession CRD that we are going to create to restore backed up data into the newly created database provisioned by MySQL CRD named `restored-mysql`. + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: RestoreSession +metadata: + name: sample-mysql-restore + namespace: demo +spec: + task: + name: mysql-restore-8.0.21 + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: restored-mysql + rules: + - snapshots: [latest] +``` + +Here, + +- `.spec.task.name` specifies the name of the Task CRD that specifies the necessary Functions and their execution order to restore a MySQL database. +- `.spec.repository.name` specifies the Repository CRD that holds the backend information where our backed up data has been stored. +- `.spec.target.ref` refers to the newly created AppBinding object for the `restored-mysql` MySQL object. +- `.spec.rules` specifies that we are restoring data from the latest backup snapshot of the database. + +Let's create the RestoreSession CRD object we have shown above, + +```bash +$ kubectl apply -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/mysql/standalone/examples/restoresession.yaml +restoresession.stash.appscode.com/sample-mysql-restore created +``` + +Once, you have created the RestoreSession object, Stash will create a restore Job. We can watch the phase of the RestoreSession object to check whether the restore process has succeeded or not. + +Run the following command to watch the phase of the RestoreSession object, + +```bash +$ watch -n 1 kubectl get restoresession -n demo restore-sample-mysql + +Every 1.0s: kubectl get restoresession -n demo restore-sample-mysql workstation: Fri Sep 27 11:18:51 2019 +NAMESPACE NAME REPOSITORY-NAME PHASE AGE +demo restore-sample-mysql gcs-repo Succeeded 59s +``` + +Here, we can see from the output of the above command that the restore process succeeded. + +**Verify Restored Data:** + +In this section, we are going to verify whether the desired data has been restored successfully. We are going to connect to the database server and check whether the database and the table we created earlier in the original database are restored. + +At first, check if the database has gone into **`Running`** state by the following command, + +```bash +$ kubectl get my -n demo restored-mysql +NAME VERSION STATUS AGE +restored-mysql 8.0.14 Ready 34m +``` + +Now, find out the database Pod by the following command, + +```bash +$ kubectl get pods -n demo --selector="app.kubernetes.io/instance=restored-mysql" +NAME READY STATUS RESTARTS AGE +restored-mysql-0 1/1 Running 0 39m +``` + +And then copy the user name and password of the `root` user to access into `mysql` shell. + +> Notice: We used the same Secret for the `restored-mysql` object. So, we will use the same commands as before. + +```bash +$ kubectl get secret -n demo restored-mysql-auth -o jsonpath='{.data.username}'| base64 -d +root⏎ + +$ kubectl get secret -n demo restored-mysql-auth -o jsonpath='{.data.password}'| base64 -d +x*Tw66CEDZ_kj16y⏎ +``` + +Now, let's exec into the Pod to enter into `mysql` shell and create a database and a table, + +```bash +$ kubectl exec -it -n demo restored-mysql-0 -- mysql --user=root --password=5HEqoozyjgaMO97N +mysql: [Warning] Using a password on the command line interface can be insecure. +Welcome to the MySQL monitor. Commands end with ; or \g. +Your MySQL connection id is 9 +Server version: 8.0.14 MySQL Community Server - GPL + +Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved. + +Oracle is a registered trademark of Oracle Corporation and/or its +affiliates. Other names may be trademarks of their respective +owners. + +Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. + +mysql> SHOW DATABASES; ++--------------------+ +| Database | ++--------------------+ +| information_schema | +| mysql | +| performance_schema | +| playground | +| sys | ++--------------------+ +5 rows in set (0.00 sec) + +mysql> SHOW TABLES IN playground; ++----------------------+ +| Tables_in_playground | ++----------------------+ +| equipment | ++----------------------+ +1 row in set (0.00 sec) + +mysql> SELECT * FROM playground.equipment; ++----+-------+-------+-------+ +| id | type | quant | color | ++----+-------+-------+-------+ +| 1 | slide | 2 | blue | ++----+-------+-------+-------+ +1 row in set (0.00 sec) + +mysql> exit +Bye +``` + +So, from the above output, we can see that the `playground` database and the `equipment` table we created earlier in the original database and now, they are restored successfully. + +## Cleanup + +To cleanup the Kubernetes resources created by this tutorial, run: + +```bash +kubectl delete backupconfiguration -n demo sample-mysql-backup +kubectl delete restoresession -n demo restore-sample-mysql +kubectl delete repository -n demo gcs-repo +kubectl delete my -n demo restored-mysql +kubectl delete my -n demo sample-mysql +``` diff --git a/docs/addons/nats/README.md b/docs/addons/nats/README.md new file mode 100644 index 0000000..550cf96 --- /dev/null +++ b/docs/addons/nats/README.md @@ -0,0 +1,48 @@ +--- +title: NATS Addon Overview | Stash +description: NATS Addon Overview | Stash +menu: + docs_{{ .version }}: + identifier: stash-nats-readme + name: Readme + parent: stash-nats + weight: -1 +product_name: kubestash +menu_name: docs_{{ .version }} +section_menu_id: stash-addons +url: /docs/{{ .version }}/addons/nats/ +aliases: + - /docs/{{ .version }}/addons/nats/README/ +--- + +# Stash NATS Addon + +Stash `{{< param "info.version" >}}` supports extending its functionality through addons. Stash NATS addon enables Stash to backup and restore NATS streams. + +This guide will give you an overview of which NATS versions are supported and how the docs are organized. + +## Supported NATS Versions + +Stash has the following addon versions for NATS: + +{{< versionlist "nats">}} + +Here, the addon follows `M.M.P` versioning scheme where `M.M.P` (Major.Minor.Patch) represents the respective NATS version. + +## Addon Version Compatibility + +This addon with matching major version with the NATS version should be able to take backup of that NATS streams. For example, NATS addon with version `2.x.x` should be able take backup of any NATS of `2.x.x` series. However, this might not be true for some versions. In that case, we will have separate addon for that version. + +## Documentation Overview + +Stash NATS documentations are organized as below: + +- [How does it work?](/docs/addons/nats/overview/index.md) gives an overview of how backup and restore process for NATS works in Stash. +- [Helm managed NATS](/docs/addons/nats/helm/index.md) shows how to backup and restore a Helm managed NATS. +- **Different authentications:** shows how to backup and restore NATS using different authentication methods. + - [Basic Authentication](/docs/addons/nats/authentications/basic-auth/index.md) + - [Token Authentication](/docs/addons/nats/authentications/token-auth/index.md) + - [Nkey Authentication](/docs/addons/nats/authentications/nkey-auth/index.md) + - [JWT Authentication](/docs/addons/nats/authentications/jwt-auth/index.md) +- [TLS secured NATS](/docs/addons/nats/tls/index.md) shows how to backup and restore TLS secured NATS. +- [Customizing Backup & Restore Process](/docs/addons/nats/customization/index.md) shows how to customize the backup & restore process. diff --git a/docs/addons/nats/_index.md b/docs/addons/nats/_index.md new file mode 100644 index 0000000..a5179d7 --- /dev/null +++ b/docs/addons/nats/_index.md @@ -0,0 +1,11 @@ +--- +title: Stash NATS Addon +menu: + docs_{{ .version }}: + identifier: stash-nats + name: NATS + parent: stash-addons + weight: 90 +menu_name: docs_{{ .version }} +--- + diff --git a/docs/addons/nats/authentications/_index.md b/docs/addons/nats/authentications/_index.md new file mode 100644 index 0000000..f58bdee --- /dev/null +++ b/docs/addons/nats/authentications/_index.md @@ -0,0 +1,13 @@ +--- +title: NATS with authentication +description: Backup and restore NATS streams using different authentication methods with Stash +menu: + docs_{{ .version }}: + identifier: stash-nats-auth + name: Authentication + parent: stash-nats + weight: 30 +product_name: kubestash +menu_name: docs_{{ .version }} +section_menu_id: stash-addons +--- diff --git a/docs/addons/nats/authentications/basic-auth/examples/appbinding.yaml b/docs/addons/nats/authentications/basic-auth/examples/appbinding.yaml new file mode 100644 index 0000000..7e4a9e8 --- /dev/null +++ b/docs/addons/nats/authentications/basic-auth/examples/appbinding.yaml @@ -0,0 +1,17 @@ +apiVersion: appcatalog.appscode.com/v1alpha1 +kind: AppBinding +metadata: + labels: + app.kubernetes.io/instance: sample-nats + name: sample-nats + namespace: demo +spec: + clientConfig: + service: + name: sample-nats + port: 4222 + scheme: nats + secret: + name: sample-nats-auth + type: nats.io/nats + version: 2.6.1 diff --git a/docs/addons/nats/authentications/basic-auth/examples/backupconfiguration.yaml b/docs/addons/nats/authentications/basic-auth/examples/backupconfiguration.yaml new file mode 100644 index 0000000..3e1fe9f --- /dev/null +++ b/docs/addons/nats/authentications/basic-auth/examples/backupconfiguration.yaml @@ -0,0 +1,29 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: sample-nats-backup + namespace: demo +spec: + task: + name: nats-backup-2.6.1 + schedule: "*/5 * * * *" + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-nats + interimVolumeTemplate: + metadata: + name: sample-nats-backup-tmp-storage + spec: + accessModes: [ "ReadWriteOnce" ] + storageClassName: "standard" + resources: + requests: + storage: 1Gi + retentionPolicy: + name: keep-last-5 + keepLast: 5 + prune: true diff --git a/docs/addons/nats/authentications/basic-auth/examples/repository.yaml b/docs/addons/nats/authentications/basic-auth/examples/repository.yaml new file mode 100644 index 0000000..dae9141 --- /dev/null +++ b/docs/addons/nats/authentications/basic-auth/examples/repository.yaml @@ -0,0 +1,11 @@ +apiVersion: stash.appscode.com/v1alpha1 +kind: Repository +metadata: + name: gcs-repo + namespace: demo +spec: + backend: + gcs: + bucket: stash-testing + prefix: /demo/nats/sample-nats + storageSecretName: gcs-secret diff --git a/docs/addons/nats/authentications/basic-auth/examples/restoresession.yaml b/docs/addons/nats/authentications/basic-auth/examples/restoresession.yaml new file mode 100644 index 0000000..9c5f524 --- /dev/null +++ b/docs/addons/nats/authentications/basic-auth/examples/restoresession.yaml @@ -0,0 +1,26 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: RestoreSession +metadata: + name: sample-nats-restore + namespace: demo +spec: + task: + name: nats-restore-2.6.1 + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-nats + interimVolumeTemplate: + metadata: + name: nats-restore-tmp-storage + spec: + accessModes: [ "ReadWriteOnce" ] + storageClassName: "standard" + resources: + requests: + storage: 1Gi + rules: + - snapshots: [latest] diff --git a/docs/addons/nats/authentications/basic-auth/examples/secret.yaml b/docs/addons/nats/authentications/basic-auth/examples/secret.yaml new file mode 100644 index 0000000..d83d02a --- /dev/null +++ b/docs/addons/nats/authentications/basic-auth/examples/secret.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: Secret +metadata: + labels: + app.kubernetes.io/instance: sample-nats + name: sample-nats-auth + namespace: demo +data: + password: MjIy + username: dTI= diff --git a/docs/addons/nats/authentications/basic-auth/images/sample-nats-backup.png b/docs/addons/nats/authentications/basic-auth/images/sample-nats-backup.png new file mode 100644 index 0000000000000000000000000000000000000000..b3f603de785e2330c4b53a5b71505174aed01cec GIT binary patch literal 45342 zcmYg%byOTr(Cs2YLU0J~?v~&VK^J$o0D<5d9DYD>cUcIwi@SSpx5eFIakn6k?>pzc z^ZuIYK7D$sXR533y;T#Tsw|8Ck@zD306>?QlU4@+5MTfRJRb_ed(YILBk=nL(ON=D z0syFqLwh#+@ZP4hkW*Iz0KDk|fWQy{;OV_9@DKoS=L7(bOaTDFbO3V5s}-OlNg zXW7yD?W;k-$of7ST+IxHXq^GB4l^6esuzCGA6vsyZ zClIy!_BQ461sO{4dn6lxGCBO$cci8g2k?)7FWG+ z_u|Tc@x0!UYpcnHh4zV%L(eXz9`-y}784#Pd-8lGB{6b5X(etTO+`q3N~7M3AR zOm4mOc3ko$d+~871;b-{D#h98hhu$|NBQxSHzPqr)r|ev13hmDz@Zm#pI(Iq^O%!3eTknhe>8$5jUNY18#c_`52UOX1*2Ntf{R=u@w7~Lf>-&!x&Gy4g}x?q;is&EdV!&4sBVPXPSoo4`o?^?7Rid1CZNiZ{|J z()w5FNJg+(gk7P(N4|IDEB~zqh8^>AO&75)L>Dh|Wi@xVZ?o;DG%tQ%? zp4;6LCka2a>1c3Xlu7x+MR3MTe^D+=wEn+Q+(g*!d9jL$Dx)ZLnOrtRGsguyJcA6a zR{U~o(!Jq?%1#;aKRoKfYvl$l;UeodC3qwnPi!%~e79+R89OGaNs5ub3`f8$$|)3F zgUWwt(;>^Fdl}_sqe(pNcKfDhi&`oy&r%i+51~dFWGq3ci}sSE&CCQj|CUPg0EQ-p zvNMtY7XB&Xu=FMd=-Jr7($flh&AmN5ct8Ja$A>}z**OGW--i2~k#PqkaHRC-AS~`) z-s1Vz*1++xNg|5$FG-S?t?$#TkVF6nqg7e2rg#2J>x_mGb*ISZs$eF;cF$=!r~BNr zW+Nz>EkcQzGp75*<8#OriZ5{oWwPQCuxm3#F}m9?Ev_!2(8a@^VT;@36w%gH$2Z@t zy@%2XBj+k5dTzMb`L#qy$#QO$18Tc}pn(kxsPZTg)XphO^NB3YyTasX}mJ9Esw$0u}2W@tr!J!A(^S@OE2d z_s)z>F{*C)a|uvI;>(@@xoN5M5O7ppBcC)WmB+8v<%@`r2oH^tQ%{I#66c#?_q6Et}9a zZzYG+V3B`!{Q;~p$rVa?5Xp;DCuEEL!M;_`P{`>rrCX!tz(Wn{C^Klu8JPyPHy>Uw9JX8!~JUnD|$)!#` zquI|k8L&rO`dy3jpn;?cRS`A@*CW~!_V1>~(OHRnsfFno;PtV|iS*x6Dw#5paaoem z88X7rz-2rvunHY;FhaSzM0q?tQNZddc^DeL>BYYe6W}uU&itb)3tj(uRLk;xn7o3l zC9vnlnZ5CiJ&UK-#tzn)r9Kyk8H|3r5rMD$#?wtOJ6$Z(L&<8V8W$WG zAuVrhC9$fR6#7BWxI}{c&_%JzJVlfaqNiO^8t_FAJ3bg@xfog>%qULuO&4h~=EF@wN z&xJ6cJYYx?RdJ6>4CMiDBGK~r!8fe)aET1Yl0azrQyBN1aqIcz&C~msq0st}t1BC7 z3vTX`3{GASS&JwBeyX8insJ$dbhlOAO)(3(C~nbUm{WX;MzMeEfEyi8uQ(^kGAm>Cw9~qE9$#9ba0#pwxfSL+K|t# zjI{+rfF^mms6zF6%aGyD;Vmgn;^Fb9c%G4u3UP+?kR^uwxM4TT=n>?M0)`;e0&v0D zG?8xL%_?d}`bq|+#fclg_iW$I<&IPFbmdJ65&wMwgL1C8BzECJH2GI@D_}Z?{C5i; zCmPA}`%B$fR(^*gyzGA`tH4z}LYH`L9Ht_Y#L08<(CA))%vDRJT#UglOg)K&It!yMEe#B zQOT%GaFR6kzDquFwy=o`lCR*ukG!o!oM5Q^eh{6JnUlop(4(6Sq`I08X%>%6i%morX zEK=J4o~g@4eNby8wMu4leJ+kzDnJCgCRj2rz<6#1#U)Bdr8A>>Q3Dz8vwh1)FC9HH z&7%&$X716r6nv3~=V}^Yt7f^Zq$2*!Mej*U^l!1|J-a&$Gx9%oM@W?lhY3|GJikFK z3INfW;>#hQ=JO|2z0R;igoosWiJG|w;>Lq1#jO`YfIVF$8r<}z!GspV``7iTJ6uJK zdDqtigx=Yff_V(|2Z*51o1-tjT2Po5%oax>Zna+iQQ+fO=nT&wa0pc1M4quE9l}H; zvw8D{dPEb)*;x7MSH;&nAcc^UnV?lO4p}1-Sh*l?FitTmaT16T4i<)R`+M^aX|}Ci zXaN&1kNWNUH7B*xb1+<7!ViS?eZp_Ahj(nF3rf%{4L>Yu6BdvWQ)TpWNq4mwnkIL< z*?jNW0BmN6iXubet2jxM8Ur~+#r$UZlRF<@ED@JI|DG-vQ>&;JdTHwa`q9-h@5RKC5bulXWs+o7VA6-aiEYB6YO zx0*sZY`M$bgDu>)`Z&;(W9JSh#O3)3UBJfQMd zwA)0cVc~+~GK+Qoa&;HESH>YbCEMm&fFZ8HNrt20i@0kzA^V9$7|b@DrD;>gTaekOV324o>94~MDbO`vnK>~M>dXJ z$gI5Q2KL|!-^oYCL8AOe5X33M7k6|Av|EVF9J`;f1cV)K^-7u@n4h!JumI);ca?_I zGc!^_0v_C=gkf_I{(>;QcVK;4@_xp}^nT2>@b*}rb=H{CblGmx-~mrzG+%05%MUIl zJ40t`8DcWxbHu*#ko}v0LV0TRa=F-e7~+@>v%8z!I+%tT#)oGwlXO9%?(djm?71D4 zNMk?=6fN@PtZQ#^Ne>)S$xY3u;u5ilT&9t=LS+0;Wju@9-_9;QwuKW!9zD?$Lasz+ zZP#&N>aZWDUhcVU|C6agfo!ne};Yh1&+&;jOOB5 z!_zAk1i=!ZnRMpg<1!Pg4qfc*RdfQN)smBw+D}Umm7epo z1_KZ#%;R|RjM8`V& zKP3yhC&$FQ+R0#GaGCY!J{vyK=Bq=&ySrP~^zmxEGhL|}!3{!042l|0{qo|8foIt9 zYK_9~pV)JiuZL-`?*`&Pfw-9xvMYE@PQ<#>F)#}l5DnXm8ba4&%!X2Fk5X4lula8ax3)f!Li1V?x=y5)Cf zh95{_vnq;@p?kp zQ^L+1IH??lJBWQxCZ72C$uimAw~=?`w^gFCpi3q1&z-u>AKZkphEHRxhtz+ae)1a6 z!9rjbb!HBoJOkt+@JR?d!;4B1qiFV>hTH!O&PSD1prSIPK*doF;<)LgnHjuMPd6+5 zfgfo1H(xo$3`2#3#-3U2vQr;1QHrFtcup|5#-pLVptTG?X^!fiVpzgd@)ChmN z_fCX}eXT31X~*~8W=equ?{@3I$m01X;Rwjik|>68_lQlXREDSrPa#;jF6n3gmv#L= z`t`pzL4PVHczB0izRT8UP4)}r7WB5~j8(^b&6h8w{@Tx2g2O)P6zD7GlthkMB^7gh zigvM$3~AwHxOuStkRl@en2UN70&}Ro`48=j;^#;(GfNiA=o=9fI&xV~$rY*{P_H_P z_zs_4ee>Gux^WQGIO?yscKzuKrxHmfL!Lq`NelLoy34H(CSvwQkx0yq1D&oVqgBY? zgf+}mi7oxFjQ8c+64ml~%g)^a{P zUd%a>HtxCC81b(pLD;`O&Mvs&;DXhtRk{a?Z>TQ@#iUFO4!7&nFDg`?Mgbq+;)6GY zAx1O#jAlKATLjL-L=p-QeHj*I4;he_!p}9s>^Lqmj$`OX{-Sv}FAR8(w~6|8eY(_4 zIC(#kfA-V$kX^n~Un}j!QSx<+pcv@hM0U4y=|Im1}n4=H9Ml%Cw58SVLU|Y z=7%uXmpVp;&=l0B6@M7QAEl34We>7QI344}{4 zg?^yeyJR(2tsVNb^mWJB%#3mC6Duz{3hLi&4%ScE4uP|uKmW$+lK0Ou{7*!SkhUvF zQlt?JZGd@AwURMSa+=Um)Fjwc;Z?|E=WKi^+`0Y;)`ZuOD?FqW z*(-5=fv=#l1sN|9b--yi@n;SQL`vaqUVDmtE+N5FX$1pS zqf(;`UI<`w-%b`#} zaZ$>Jz*zA%)H_TwRHZF^Nb>Feik1Vo(w#P7X17{_a49BA3Fn95Oz;Q0;HmsupRF17 zSK)0M?!oiA&r)$?as=}KHSb+!aY$TWi=O_*#z5VQk*z;yI9|1o%pY?5BOTj(#b-Gv zOQWT}HPRQqW~iwE>o0!BX31#5di0f`Qod{9+}k4m4TRb5Q6?9wiUrZC)5`Y^4j=@P z<_%eR&xMP9%@2A~gpPjFOA#{D_d zBDRDje0J@ANSI_)rT_Rs#Mox?Y0*?vuO8>|@uo#~i8Jv+lwO7+OL2Fn4#SdZcnjCz zDH_>#hA{fr&`j3wRa8F<0cCJsX1GCjhsZ^IM-9zOoYE`V8#Tt47)HgV)Ci0xB>MtF z%P=c*O~0bd5Ecb#$i;lhRFG!`QU+YAKl+8h5^dS$zx44DJyZQ>$9Sn$HqRm65~YKF z8qMkwTfURPxBQV2>TW6jf{izFy&o0iLPQ)**vD&Lu?KiwyZEjKB{#*SOrv$+$ zWiBax&+I4Dr#+=VfdYK_SQTP@8&<)GOic9Q6Y_Y`8S_PBp`qI!zCVsoS+^f~kZm5r z3y|ZtvrBO~P)Vb>4++YeX^Io7GnW0LyI*?-RbOH2vsijXz@|+GS9FpkC+T4MmxwPSD{V73}AnY+VnXKY_cnr;Z9i z2*()5{-*I7RM)>DYbTtab3oIW99HF$2mjj*8!1ZCVO53$Gco5w8CJHm1T)q#q+q6Y z#zm3!@$_2%$ktxM?E9F$GGa*Mm+!~y$tTFI=dsGZGRscmaD?h8ct-J@{SjJ^B#9C* zbZm28bGkS)BiA(eFss&?8}hF-hQJnPLY^o_1zEP|odENDcVVY3*drWXg#IVgT!R9BkS3L3 zHyU*jgpG=pR@sSA2aI*YJ9 zc8`j}*K(gQ6uoZh=|GSB!q9V3tL|FOhS9 zZ%)}vF3ptyX4;+gAFnV01y%I(-~ziLh4#2Crlv{3-}!UXQ8i!>`)W!S6JxqGV~%1S zV{ffy$Mz~+RS}H6s)o&NR&+Gy@h7&=S0Uu@R*dLo`eTF!&OGM@epU1PcXlGgzb zwdi-^8k9NVVh-p)`i(`RnYjC}%bZ$e>Q~=Yax%v!PI`(;Lwc`xE0U-+*YNXdBr0CL z)LRR@m5bEWGqgX@4OYv7LhPsY(lzy#pGGfH=;<&Yc%B#gJ=3@SG?R@6$Lmq#K*#gH zQj$#F={N9<84V6@4Lwc<1A!6mLaG9b0S1TB^4-Mfxx%@E+tVuzG{oF2qch-It{1Yh$A`WkVsVHKEY_c}LPL<0?BOgxgIw^Y0Qwl6u zVmeUGj2HE1Fs_N13=9=+=H8h8I6jL9lF8XopBxqVe6rCFK>%zZH^@p&!*)^M*3&lb zD68K<79jr-xAp&;MpXFwQT`*5Q%E{${Pv0>UgQ*;i2+MqIHpT(@Nmx4#Dn|?dB^~oNvFa%m zYuwA9rfQsn2FBqqG`d8Qa(FPC`fuYSDmlsO9r@P^e^}G?u4ToV+H`z`w#A;iR<&Z0jf87gueL` z%HVGp)QFQe;yW<>BJkzS9X_PwC5C-W$9q?~^ICnfzm6>p(1XF~a2G!B@N&4fkXBK~ zFoM=4{>H*_z=SDwKlVG#m=Qirr~Ub9#=SvDkc&Zoy*bmBRJO*=XtYhb*B++l(MZHF z?Qf5U5nK?%7P*%eRcVnQrajFF_2XOri#|V+Ru8W5=}lemtoZr(sa&9Te&OFlR9JY* z+rZ5I(Hr3N%^Z17$~TJs{;S7Y_wl}xJkOtRn+8*H=e!TCwhJ6acN2CvD+_-0>%|~MQt0UJeA|ETGFc7#!oS&Y_^Z>k|5(n>44Pez@F|`v z$rq;f7VyIGf=DPD+POBVt5h$cV%_+Q$3{yoBy9~k7jsSX7WN)HAd8`{Z8~592?gk^ z+l(FV{0yHXC(3?(tu|`b4O1(x+|H}%*L0{mhe^K7Cv_fRX31zXcAx)Kj3>rA;^xDC zL3jv%x9)jY@8j8xiH{Bb<-}!DVfVaU&OXBH{p$`EmlK#t5Ttu<)X+V3#fe3t#~7+Yq^K+hTWpIES-1Fl>abNGeYWRO1RHQA!*F>gHcZxz7yS=#<}qr-QlV%5l1`hNR0R#~lJB2@Wcs{#_tsYL9o zwz*DSi7Zj%N0-ZT{$z$Pht$kb{x6yT0yM~ni+|qX@r31W8iCoy3{Qm6&DKWv85(eZ z^|Q`O?ArL0A}`U5W4JnzCK@DbD=&*UQA{0htuF=H$(O3vU7tUjPin&jIIk=uTo?3t zpZ5vA*l+%uTu$XfA`w?GI7cG&A4JIe2kUyN820Wec!K4KjZ1$|R+`iO85=#Q^$=*D zTZX?usKOvVxbfFRY#O#mPX}@gff>opZx>XKQ*?2j_Xvf+Xu014KxewI(=fd{t8viR zCe%JWho$~0q4l662+g_im`tXbnEi5n&coLRwl2C#G{eWMZeP~7x)xnXS%Doto@$ik z-e{TiI7sNHc4hvh-+TC+)c>`QLN@V3-Fo7=CBW!3wSCb_Oz%$&5n67+lt$PMm(-Bo z`J5s%(C^&1=saVpA>z~gK(6>*k2n-qyh1CE(kM-+>woC7I7*3bB0GV<9TTwZO~d6c=-*P zPY>^6!(S+zn2HCKbzf=rmLSpx_Kk9**s_IfD1v<(s`!85CMbWI>IiaEO$eenXR&qf zyqty^ihJj%c&auAW9oCuCrw|mn+f*49xL(<^S?xaXt@!ce>G@e-c-h3Ml~J!U`my- z(AszX)>GzLZQa@|b~3r$n3o z{=700C1^ga+XNrIpZc;2rTjxN7Qw1ke1a$xdAjFEV?;|jWsY-|=X#Bm{*wYl1rHBG z2HqZiGgleNq#Ny>kW)JzEARW?x4~%ZWea!<6U%H>CTnh~7bICFD^6`wF25#Py}3tZ ze0Jrck9m^_hZ#v?;g37_Nc1r{*4%c}SsJ}O4c1UB_Q$r06w~}>d_PQm!Ym>3e{3jn zORn&!Kt3sd3m)vMecUM;<;`{I`(nJ|nk2g1u|=oO+H7;vq5gK+XlZ?!#J4W6n6%?p z^cr*IetR3B3MRujeoySDd8c+R_|B%a>SJ6c$zVAl%~^aJX3X**8UJ1JWS^l2K`>cs zT~58NGON21e(Bj8=%itD{1h)_WS!OI`|aNv-!^4fnho&0z1qh01wxTjvR!d}RKwd= z_l`;uHNGzIs+nx;@86aMybVxsyMp~kf6k5=#pdRfyu1CVP@Xzy!l%k4pfqXJ>E0&` zCQPvG=5^oci)wTxWbg(vGaqYr|2}HJx1_DkIx?0a`h2)0!@=t$r($^ze&3m|K5J&h zli6?#3uI~<@*R3ZxdRJ;zEMl-;Zfw!O!Tj?bn6?{>jVGYA z^*9EogBczjWd?T?Pb%aseKom-B22o>~>~SUmF3z4gCeo!RN?|3!>}#49DN zJ;Faw8%V85aP|eloX?~qUM@--GYf_0vBT2H!j4nLPq5m8(RX!88 zaM~yCQhp9ch3=fG_N%^d37Pf(+6Sh?28FFl5ba-xAivCi>qgf~;N71UrFS}4e8iU} zQTx(Dqz5ADjfm&V1lAETD6V|wK*XX1MO2B^ihhB(?d$op%b5e6tK zp7YwzbyEWn&sjc_8bA+OJQO!FYTjX~AQdgR7oj&mf{^}EkIJrT zB&6|}_aXghpFLoJGkaJJRh*w!`@e6-JKgMs&MoU4t^xVoZn6}5e3++170rAYFF%G>;^$g<_J9 z2oaJ;o9hC4zoYN=>b?xH_?KPe4Tw#Hn$30gk@@%Ag3W^MD?D}b-304Inh}tDk$gCf zDwo$#Sv~F7NRTmpBNxECP#K;{lac=>5@q(nnW15@BRKov@otLGp_>5CZD`aq-ND7` zU#GujPfiE|Cf^0+0Er>6OLDKI9#FT7&hQ!k5yo#+E(>qTW<;`-AJ<|uQKv+cP z7Ps9cL!bA8cDA$K``RLDYu3XkP_xj>f?q_*2FwcNkueAtQ(={T2Iu1Gk~=p8Lg5sw z=@_nO4v=PpYie3 zV+cU2Ts4~t6}FnrTZIGuDGoYzb|!xaAk8(n+WE5J2{ja3GZMNy-y!MDiZ{3#rz7Y* zd);q5Sh;LTm?l<;MG;oxSp#j>S{u0@o)DZ-R>t$Zuq)oQrJfkxoZcR|G7Qp$0zVX7Q)8*^Ifl_SjdIr#>RN}6L}NT z%3!jukAZTNS?!wTu(Vyr;OypS>&gEqYZ}TB1zA41{p|Ej3adDD!ZZI=3$!k$gS614QuOF4)0OmW$SN~Jy^$873K(z0pMp-K@RsYZkpc3B0$n#A# z;9M)fUgBZ1S@^lCZ#^t#Ne0zH-BbpJ3w(Bw(;|b!q!f8(I9Uj~8-}G%1z?LPGp6vvIs% zP+k0Xz%(~4m_ux<+$VPaFsez;w6A$l713l-!h@;+F~W1=O~Q z{B>tM4N?^r682N+#>ag!UtQ(xuT$xoV4*6HuTnP~WBSagQ$72DqWFm?J!o>S0n~j~dG{{q?VeZSSL~ z(SLg^nQ?Q0pa!<{|E@{GZ_iAo+aYi#0mw;DNUu6Q@b|={?3*?9Kf2Z@lZ#3bnQ#! zdrf5)i~rNaelQs=&Z1M55vo8ddclAM@Pj?hsD26 zOVj~u-?p+wFTY9OqoFcjl}@^UEcZ+A9?6fJgAE&x|JgF3pbQ5QlKHpKTenZbBW^u^ zF>Q|*($c!5iq~Gq?`n=W(j}}Wu)uE^btG*&at784#LlvWzUs$51ykX#1fEP zQCYzYebK&Y6+o%7r)Fy~zoh9Cis7gLIS_g3I?mEM>s@}yh6s|Ct&33>qW}3vV7DBt zc{HhVOb{AAn@1)=%+wiU#s97iLqlmp_hvOX(JH8>?h{k8Ly03`{i5Sd$?y4%v zxgR|@@0ssxKjJQc;*YL0;kvF$JuRzD0xHhQvh!}1nl`9Co>|5rHJ%&~u!r`&INbB+ z&ZTJ>#x~k-SYz!fLgoFLPgHdNLZY(!8_Re|C`%T;Aza%%??RH#pdb-r z@}gH^#;4+{01CGR>^quq15w)L_nIGra}+mhut}%P;BMCOf}lfd@Gt6g<*;5izvdaU zt^eJwvPbXu9o*MYS+?ea>Kfqs^0ZK0vWEEVXZ_P4HM?}W)9H~+2%*u@bu`BnFiqrc zk}%4!;HTfU=Y%cV+76Q&wGO<6@-=ND{qckDKk<35+jw~IlJ?=hzmyNP!l-+2FiS$p z%$FNE?|V3hgrE(%IGQ8IieB;L!Gn$hfRDtaFr{9uJ%F>dUTpKG4JR_BQ~Z> z%8!D}YbEG}`O{WzyF{q7C3x$Q zK+fuYq^Rduz6;?Q<&v2JI9T@yrs}fWEy4ZQ%)35tMhY1t5v_OdX174XPG%|oGRarZ zZBxAef>T7`p44@amHs{Zf`BX^z6s3LA$O-fIv^b$_)j-rG}Z3Wb+cPs6+Fojmjjdk z=m|7e^TN1&kJ5=)^T1rbuva#YTnnP_kFpS

    u^=7v?Y$Oo!l#F-Us)#{-IT_~B4O zn44^h5FuRk_g2ZvKxyPrzWR1Wf6;s~L8rOcEV(g zWfPPKBm~IAXe?lhNQ=ZtmZ}_teLYd%*Ch8rr@1rzfIFNYZ!ZaKVUu2M%8r7ymfYH# zZ|B;6FFBbGz8=kRCx%^Tn*m}EPLCA}lk?{=$}-MM6HnG@y*Rx%(%rO#_sl!0+20$l zYIX?C2g2dei0enB3c z*~pV(zkKd1pkexa!0WTMq&8=%?F@3<@!>Uw)L#C z-f_7p1(+v2S$s6dU3|On8*?-7V9}u3)+g z_ozTvN7^WpvVJ;8d4~X+X;9@BFSv}(E%k+`*c6?KfSWV_^3}hWxf|7g}17 z^8mRZs^{r;~6jgjs`Kb_MYCf zyFVdQ%$}9}6(l*=3c;jCH@4IRbM(1fSple)_$fYl5L+lnu z%4odsW_ysZv77n0`I!x&^Mp>%Kf33d5KsGc*UFa;6)`%$b5iJB=e@K}>Y>b%8!T_Y zUIv5^gI+TD)VIqxWkrM``Cm#dIS#a96Z3QT4gyOR?H%Y_HBM-GV$vf#dG~@?dg1l6 zMW|WEV^sNsdh3s!@McaCl=inrDW!9vwEQ?mh2{#!y#T+LDkztAljDZ}d6?ba@+}-^ zHON%ZNvYL`z~psny~Agv$s`xi#lP9pGf@%s^MtH@PEnEN9NOjIo-#`<#Y;yoJybvx z^M0TJKH{~N&gON?o@J3DLC|)j9>4TEUclR+B9I#@1DNQjUVTCpZYwP(4ZGG%wxHVA zV*S*nIbw4{o~iJy-wyLtLtB(UR#&ZjHRnUP=2=;hrOqY(vw`;<`e&T2)iwo1Pcx!a z?J+v4vKqjgC2gfs-flJGs7m#5Y2x1^@+S>&aw5b$Hs`ubOMLjzF4Hx8b5+j8SSi5i zyF#mL@{NKGZ>bY+DGI*T)>s1YoEa$;-%US*oV6qY1st4oY}@oam2p@ubxhtuwxWU$ zS{5bqYE+qEdOG$PF`K-TH=Vh=$;&?LinIFr}Zwp`>8P4>2kyd-{pcrF9 zgo@7<)g2hKu?z^8R}zn4GD}BG z)R8>Zk{|(9v#hA_Ae++j8FyGc#0i&TTF9ONZAD`WX94sJtjw`y1wX7 zZLO5S0xl!e)Kw?#{CI%+{HqgYfAv6U~$uorj_RF^Yx>p-FW<%lENt|+P873&V1 z#>{RbkF?EIbfaK3h+O&*UaN~Ta&I<(1?sH-&sH*Dq^ztx-As{yOOOn(r!qHJE1)2a zW@FlvHgjo9ROx3~pAcT%xwEK+`oo^Rwi)A_mTl&6`Ga+c{jTqWTUehWDrUnJPz-^4S-Y-zcaT+Oq69IfmgEPJY5H^WKB4&c(bTkUq*W)Z!ji{ zoH{#9bEgQ9^|??xjSY}fYhA3&0jH%^_fh_$bViRBx6iu@Ja2+;6KSP0Cbc&j*j6q` ztp(YQ9}=4^NH%Zjxhc}5H&n2U5@v?VW7H5^xyFvt>mQS~v5-rep}5ie6c>pjs&OAp zJ8H6$!HHD8D-6~1u<#$wAsNQI)DDjwFaV{L=Pi4evQAcR?AFExc)?MXO5Pp+^}0TptB{?^j}t;ey#?0erg2 z83akJ?f!|_S(U0{{o+FPBK|zfKE|B7GUPF4*RuIGYa5#ncayO5N^=TqWitf3p-OM03R4pw7bAiB9r9U+T+C~Oi}%x_Eb zn_?$p_e6tjC3HFR=M(^ z07n$-!A;oF%~C%aL1H@r0fCQc=(;XjVc4AQLP{Q#0H-FAq|ws*j~ef<7i7#3hBL3t z4mbe4LvD^AHCl7!IY0<6(!yRP`%yl9Xx2M7#K^7QqOCQ}_OMr6lM0t!M`z2MyUmVj z?z65V78oicc?pHn(x%hRnwjbg9(W=Vy2A^#^^;8xB-h9F#1`|5UC_`XZb4VXv4Q8|!wZ`nt+}GLrzq+IPm%?5vj?=6)59=}OZLI065sA&I~Y9-%X3=1ey~!H@-& z?*yQp$mb`_Zw!@_ee*uk$=TUB4-0M3DE~iX?#Zxk_u2<|YaKs@YNu8dC zItN;Yes`gfmI{^znj?2Z32@~{Ev_q0;~n}k-bVyD6$`*!kG#G+ObNsGS!+I5a-+=;C%B3J^_j!rY)%cqQ zWWH_0jjp2wzippc3MI0`SY5l*R9gV%v+>n&tKIymj`R8EHvzAeci^SlmzVdS1qI2b zFK~VNHnj%JKFl%yvsdhH&B;_$F1l#CXF?BynNj0uf&B(PnliieJl^?B_cQ|I ze03~CkKqV&BQsZ-3ouq>Kc0-;3@v1%a--}F`I%?Bgb5W51YTIGzeqJ_9a=(_fuXHXq`!8pX+x_M(irK2v{i#%`_7-Ph6utE5BXBBhRcY z`A$h>tvY_<3J1FqeL&~pHvMbe%50Umj{%=vm`I279+!Xn_((UC-{D3~{BYZBshs>c zb52K;s9IPU7?W}4icDKGcPX-^jIxCTf`%)EJx{k0^jlV@bPa!}b7>BhGEviH~+b`X?5SpLDW$0Qsy7WiEl{qLcD5u7<;Vr-49E2YDecy?l`ZE zP(NW|*k-`H4dLSsN;7d^HU0+fawEl1eQ>a&%5W(iGZrs-tdRKh{x!nZXdqh7?jTe= z{=;wzExt)2&a4ahk41ccw}gX#q*v+$7y85Iofz~1@YkMaM=4ts-~r@=__l7$T&bvI zRAibqH3yXNjG5jmulf(vR;|8#TL}n+dl=DN_@O0WLrb#X-i#%u@t_sQkpHeAxaf8D zH)!5T_2I)zwfKYhh^9}KS64>7GijgRzY&0F4?Q zEgSth)K)BSZ})N-r+1pAOrhS9^MYye;Xtf4ru~}uM?7tAO8gi9)*ib&2A}{DQW3(E zfa8g!wy?ydlwP&81gHOD$rFfdLuk-FfHr8e7fk@_nZi@;F&`)9OX8J=ISz2Q{wXF} zUDxQZIJxwcI{8lDs$b@ht+Vb);a@i>mejp3;sc=jsl6IFARX*8X|!%hPYU#Iv$DAO zfAgs?l{qV7pE>>XDfNc(6-K`%dk-R1HRY)e+^HRQN5WiDd(+sN4Hf(=8dHN!A0zo9 zi@8k_w@g|NNT*?=6ss}^6nH0{4F^`ozil>ygL#%s1lFb-UakH$SjcNt%YW~X%0MFP z>@n}`H+vklanW||q0MIdBgb*2|MrtzCH*^5xESlRo8;{`0Bes}P-Fk?eeT-T998ud zA%M@{-)Fp6XX`O;{ev{5O7|F{%GcSe{|lfMgSXtPnYdmB=w|$_8J7(JC$tjX6dm@H z76q=8U{uiPPC2}7wvS?aqH$_Q5JF|o-wCD!Kt(=65l%lx`I_$daCo%O7@C;8U4`jF zdiRA0NwmG#2^0S&v7)F*3V_BX&GynR&RgNM&5>wH#YA zZdGeE?EdXq6Y^G(wr+eqDeSbR27RZ$NTYm))PjEZ6^hc30!(EKu@}=p0|`4Jbjl{8Q zw~*un+Tu?A@7pPD$_AB+MolrFj>(9)kFDgl`zd%4a|Lim*e{NT1QL0{Mi3z!kfOk9 z#Ak81@5uh&;(qCNyXjmP_99?x-lW!XZkxoeg zX%wZE6r_=m776JPP`Z1JloAk;k`h6NG)PHz_vqMY7&Ur~vF+RM`*+v1?cJXDdG2$c zbMEu@CJs6EzTui5uj*wxUZ~=gN%Q6%9%J^Qmb~JO&D$~CJfhTz|10ly9)?f#-l%Fv z3FT}_A&}kqb(y5=^0!i_Cl`sdb41JV_v~a%is$`$+4_W6(q9 zeWyu#djH3fXC>1#cj@@&X}`sw$7Hx8W{MNNE2~D(8Hco<&q?XSIylj4>W}e$VbNZC zhE9mAk_3cQzvR*6LVI?1XzP9RSSq&cE3CF_yRnWq>*TK|@Fv9a0MoayNfMaHFCDAU zqX#$ex_X%pH}0W90_?Hf2hrvFZ&YJi|n)Y7Ix)QBnG(kC=^MYDVbcP*M(!pZotNc3fA zWF1!@q3hRM4h3@}k_BypLAvgXfkZniBrVx-X;`ls#e$7}N$>W4s^JIxnX`lSA97Dw zvm8}MOo~%;GoS2tiHXA|vv^cX5}~6isUt_3*CeDVOGG$aRJZTTZmXL~nnbxPVZUg8 zD$WISL59WY}#l)yfOG`1ueMnk5!eu6^I9k4)2J{eQ;9 z&KLNzPVz?RN&!Sf!k{T14$qXf5}87}a8-P`1dJ5vRdLWKaTOg%Q7NA{3%s)4bo>`P z;CmJl-B9-K7>YVZ$%fCwPrb6P{3zFKmkGY=s<$>jnkdy^ef5&d)u>Do_$Q z5-@i0uQugPlL(lH)d6*(uYRPuA2y~sP=TiX!D!S$&$#G$r%9LgI_yk!)bzmx-V1BB zUGr~F4yWH9#}-o$%Mj=Ae2_sLzvN@?%%_?io$mw4;x3X}(r2La&#%pkkw+WOh%J?| z_o%-TC3{uht`Nn|oWfCS2|R}7KRlG8f(>%yw)#z$S6GC04h?1=EKZHSu#7gS9Hr#S zZg8ZycT?bI!|~Q#Pyi9FNda#lotF}!AgN`hH+fK}>m+XxL3?wG`2l7qmgY}~vjcFY z75njiYx-*vtDvp4WiS?Ph0dVxyi@A`2E^2+nZhCRp=lYDXT;d1e>?7c`{-hS08!xY z4&-|IC=^Hfo4VwPf`bU;A1SbT-*-&85ji%nQGXKiAE!;@E3?0Xu1Xd` z-ogPrVm;~-AGty}g|nu=zp3e6K@eQnXnuPAva=qY-TmXF@ZMAtiwSDD)NeoB>Ci=D zO}b8}+)}E{`}-_p0BfAK*b+;1bC5r4(V;+a#NM*h4pZGrDrA;M#s{4I)h13HAvt>} zIcwxEc!DY$u2u!3f@Mlqr0}FNpnYzJjQ>W+-yhq$++{DYwgW(2!y^{fP|lVwVr`)x zKNF8~ZC6AmIgD$GEkj!)!w`1rho6hq)4^iP)eYN7sLYzzUEXBZFmdLcKuJX2p_4Cm zfkR_|3;xLc0C2OBL|hQ0AbrC>56iRJ$@h_xH!B}d%dTR35Z&#&OJ@{j_Nb_S?zxKa zmm;uRM7Ynkum^wnQ@{n@Vw~UY35vKSwk8z`8&}KI863NS3z2|+GwKgO`gXe#s5RQ0>nA7Zi6rmNBT|(_1n!VO8c*C)g!h`HDD+JXjR;^|!22@m zmY{e#RbgSM=dksct|Vd(yOM?QbWq~drm{pMNjAGH*0+JDr{1?>jlQ+lm)wHgjBx5~ zWFRR)*Tcx-{6xp&+l7w9L%oRxS}9CVU6~u@QQFB&0=qCjJd(@qm3xs4iPU+qbT4rdvAuceWYZ{BW^2Z=XV>GYtuCFXE+0i% zKQ4_d{?p`Y{Vcg8poXZynEmYs1>S2>8m`eL2vV$^v_BQW;kIMcC!7^guwTtGwnI(< z8cI*CvsFiwJl0CKn9jy&b!extODNlg73<$nf~Bji-wsz-Ci~nQ1s3PNl_=lg(ehGV zgoteGj>NcYoEpf`^r%31&5dZ;y(Aacla1+l@b&%EKDx3{Znz$l!asGg1-HN(bj#$Q z$LU(HhP#~`YUgoD3Rjac1q8!aCwb(&k8hODPd9Z#o1=U`!Dhg%7Mj=G7w*ADmM zt{};kh(R{qu{^HaJ7Y-jAgs9yd*FKdOa`6Hq60S(c1`(eT=vs)8s@t9OH*Tp;;Mt_ zpu<^lut5Al)Gtx;n}cRy^)s&7d_v*QropR`S|SyY)PoX)d?@RU)xXH>u%Lc3+Sx=E zgx#%3ryuO5cctTkT3$682IRlL)>LoRs*yb*l;Z$VSgY@PWHT`1*5@bt-|@=_fHRf3 z(|TXa1G^Ri?lnL=*W_lW!xRW+<%VCgCUy;ssD&#Xz<&~Zx>`Mw1 zTVu&yF-fjH(TT!_<(E}!(tLY^nsT1);5_`Wqocj}dGs=&1T2?OFwxhtILl*#C??HC zmi<9voVTr~a7Jd;@KH2hTR7b}Ph+N)kX_YUZ1D z-=csWc5H$`qOfaoWToFsAtbu;(j>(LGd71>|Hg!ZdE^P7&*yPQ+P{W(Yg=E`tWVSl z5w1ru$=-!ji?6+Zt~PFTDYJH4hS^crj$9hj!Ie&>8uouW3=9l?#Be}IJ?I#(Svz=~ z%b>Qhc(kJI@7=ky!`q~RITa_aRw~lR!c#_fI!ln<*2RZkFzK9{IPT$ox~^u zK&N*$eb?3}+kXr}m2Sk&Y4Re&P=W1ez*Yl_sxxFal%Ze^H7_6e1Vz1|r5wHN*DJt= zh98?7vO6B)_(MIJTAPB-)6)0^L#cOW+3vw{{oW3}$y-h?(8YStZn{8=t^($#-38+e zB8;BCBc^xiV`)Ly;Wr>SRS1h1cJtgSijp#4nDf>mR`2swk}_nVj&Zn*LEgLDHVx?- z(55~n&s1EKs>`+-6;v<#r+I9AHCBh&aGI!@Zw=l30^TKs~xYQlT9FbVeCV17bV-nDgKMA zn!V5JU;Up>a|(k8Iodd+UnhR&Vb?RU@ch7Tw569MEOVk{{vQzHng~&EBU7uxizwHs z$uIcYk;j{XrqUG5a3!HHuk}~S<(Gjurrcjv7q%Ts1t&5w@9oa5B_Rfdv>p_!^6?#w zUV3&qs3asW^}my%crf_*>45u>G9?uJ!1U3^yOyjOv!3Lx}8yi)8S)?JQXKKyHh z!;(koPwxRIA0^5VI2`5?M)dkt9_^d2k5J=>#k@q*J#^oB`QOhWE)g^>6)tz$1g1h!<9OnsBDqloJu_l+Z1*kCS@Ob4G;6) z{ZU7EE<-ApQ-UjwcW*_m^v}i{bO|u}0V{-Xx#D)?pbHCtecLGEKU?YhkrJzah;i7g zL_qBzqwr>j-X!}o$nle(=^;mWRuG|+atXFxk8PnYRP`6_z)J*z-jVsp3y|w!xGJ%@ym}iVErs{oZoZ~1^mYY!_ERhS~)5KqS z!PfT{q_QTzYpFKwLH{{?lWJ(?(7C6Ma{2A=veALD?`UwP8u+O3QGM@aY4=#&JV4>% z9dZNp=IyG#_I`lYzy9>TGp~;$FIZ>Xd-r84dx}iq&qb-S+O;? z(V^zYeT5K$0kf1|8H1R=dJ+qH29DFA{5cgg@{e}s1NKk`+8sIvy%X9gNd@j_l=WV= z&9V?7=jWTRZs;RBLaFFQh|O6!8i|11{!<;l8c01lieXb^sGv_xj_la+h z`2w$xRmr!Vto|eLE(e`>V=vo{Tll0a_xv>57c+(1t^3X0N8B3Q_@WX|g~vq{XV{i$ zzCBtY@plaVqPAoT&xPN60g#eAO0!K8FZ`3nZ`9#oD`r0-Qtw^xmLJ8{HK83q?crTp zYNB}wXlR})3vGve%naP<)FZWu?m-AD5fC$IX#4dwQe8U)??daJi7e3Vmw4*5eLQo$ z|AJM0=$&3Va_#9)&^lou_fyJyK#I@WX#2SLSrQ)xVwD9Oo9%T}t)pMW5Es2af6buB ziR+1<-aiDKExKTxC%4zfD_AF@8yLiGX8>o%MCIhbUZb$%Wc_tLQUpyjt;k zb@{Jz^>bopr*6TZR0jt*`gI@QLQ{&Iy6S2NfMHxx)Ak4V&av*>cg2_)k^#T{7{w?Z zIT~^FwKe;O1s)LSCojB{Huov~=)=p!_!N#bkY3~OX-}pq`4gl$pY+Rj$+bUTO{+`# zyI~!OsT4q!ZldJjE$Y65i!JBp`EIY9^-nA;u0NU^lW>1Gu|}J7X$DTr4T@|>UR!(F zE?ngjWCGu}*9PNFXMK9ZyGH1?vl2IiE75e)TM*FBPKwnK6GTw_jl+UZb213((9&Hmng>ZO*ro3(#?zljCG=95)r(hABg8Iv=k9<@=n0`4!TLZEep72! z%>v?571VQiow%}V-7LKrjx6=uo4$)NUm;Tr!LE-5Z3oj7IRvdJo~>fKpUgr!-7t}u zZlb!sjZN@r{HfbOH5c<8in`Q>0bgtD$vXwh(CF$2h;tpH3bAQ(){|KOkL(NUs6YLd zASV>u9n4uD1Ys#d9~qz z@A#1jk^4Kl!-J-m5Op#7?ucpOKN*=#)>3bOMdF%{kvH_6T=T7mIYn78DY^X4wGfmP z0`hnP_-G|s2<*YzCFT4@jp!R^)*lktL5Rno zc$We|PN zs7~cy%Gv`BGx=CpYA>5$_%CoLGZ@L{r3JS{Yf>4J=htd8U)CDipFQly;avT6hC<*=VxY zbVGW*OPd~=a*AsW1)y5j%>_rUurLyC{2t`52Hh*TnDck*)fO8g-C^xzn)`r0I8^t% z>I3Sw-1Lp=a?wiJRnp1caP{_h_vPec{RJClQ`{66(N3QFnct>9CmJ2P& za5)n3@HPN)kjyms_ggVx;QbH1dECZNO|Oj>WQ8zohN1AD~Qa6s)Q$iBoLBtH84!06{k zU2Vw)XsysKo&OuTVtD~dJXldqcKY#V1tJn>iqP=*=d`h4ALUSDh=-8@J6B8gpDD*>F z1*DgAesqm^;ML?+q5-rR-}Hz(K3}_1k)M$hC3H%91AxDsAIsMGL{6zbShRmx+g!^V zqZsnMF|{g*v+KT0P(!VUx|Dx~IR}%C&U?l5qxnJd8g@P>)-$6qsr6?|xBIKZ2ltvn z9(*!u($6Yng#!y;X0L$EfAr4%WPxwpj6E-Z~6-X5PJY3gd|=7$BCuN zsBMaD%TGW8m88dotX;`y=jgOS9jmpXpVc|r__CygF@PxR7Of|Cd@2o!2}8_Yq(r5n z1h{aVD$%kg5**-e)&*%J?DY(P3)-N4k3zZ2N*hxu3uOScyC6gI0#gjs%>*`8?)qS{3e2=XH~M7;bj*Iy}m7%|CQC`QJ@w~9lEa`3|9XWADU2rL7P=2;;}B5 z73iQZJybZC|Eg-Qnx>XA0>vn&DeSn>@hpP8s7d~L)WsphYS%xivp-P-%i z@@XhwRu6O%L=2nZp^_C+@9~As=YJ;m@y3_=qhLcivN2!&=|<`36x#hD)jcYw)O~?x z#@v&xq4Da~r?=UqD?}r6nec=qdbzZ-L8Q^`M;)!+JTrmu53p3y2 zo7Pxb`j^;=)e4)IviI0@&drm!@IV*~VZsi^kWd!@yk6p`3?QWY`%yNfDadJZYyu6l za-10Rhy;JR44J&!4KCVKZ)hb~uof3TfbLpo`ddU*RHEF^{G}u1K=jCo_=~VhnyEehSW(k z?^R0WbteR+WyN=M#{S7b)cWiyB)}-sM5<{x@K#4AGzq;yJv@o6*@D@-;9Zl+D5u(@ zX4M)F?@-TUE|DRx-?7@;-#w~@Xx5q5hZNIuN;nJ^v%SdAU--kopm}q$Z6QRLS&F?d z^dyed_X{$Y-w(@$qDmj!n_X-C@nWs%YWjuj6ryrJJ0{wp|O2REB;}?-!7D z+Z*(m%r6H4)`m0RDLIhNOOhw|!qz>u8R``(PYRO(E-QG<0Q01&VM)QBldu^c_0Qe4 z4xQ`HSB=jW!JJ!n7*JFUU~b1mg+#PmVDAYv@Y}ugtVXy$GkDaoMdncyeM-VF%t&`YJAb6cc&7}P zjKRT&Q8<`@`@OM6^2fARRy;~s-P}?y%_jQP%2bo@Ee@M`VKb8Wt3N92 zCj1dUFr#>$oN1XfCqrNFN};UOw?p*ustT|q6Pb}-WG&RMXo~BwCFeuJZLqHPtDki$LJY$>Fu%z$*ktd&FC|{!x-hRFv`qhNg#;&+Yp)GgS{0FjPa>gzb zUrfIQk}cxb2CGnkkBM!WW@ZQCq-Jctc-xql46f)o&1jY}j9$*ozjbSUqSdt>jGyYD zRH<&zCMt`YPW26*sqFpnVUt2DOkEV$baH>hsT3QQ&tD*&SvrLQBiu+b`BydO`!D6Z zQ*8qsCwR?u#I6G$o=H}^(a@=nHfnRoAIiZV*?ssck0=hoPmSkr74Is z6EQLwT9hTSSm-2?g>aJ4hN-xQc_;CygEo5?Tu zi}9HkjgXD$sEZ5rC#}FnNNEXSwWZ`}J)wMjJ_&&~a6}C(9rcu+ikx-#^C5Z2N zR8n>o3MT64;`cJ{aV~;Z3)fx$xDq}(*y5a?VrucBF~q$PJ_j4PwjSOpi#48G;+@`=N5GU4yC)7+7ZKoD{E)$zCUhA$e6`7l?bH+9YoBhrR# zCPN8!Jo``I&dNa9=;Zxz*Y-fx=d(G>6HS`sz&hEFB%?=zx?>+)xY;yto}=S#j_ucP< zZjQM3sO$(>#VoU5+P{13<>Uo#DEbCkHmOL`JQ#(p+)Z*+FxQvaENK(xeHBOlyomI9AxsR{K$F7X5*f>U60py(fHI52vd7G* z%>mhhV~8h(>+0M`woe{@K|#o(9M&d@4Q%&-;QNOb9|JP{r+Qo1dfHEZbt#u?!y)NK zI!R~NuEiesVr+Gq(s9g3W4=vD+CJ@0RXxo2*SLtD*y@Av@LxbuFku>FK`;y_z!+4! z`?%O&ic{D>|JsFVS8pJHJE!H_@-$cQXB!-C_{R6R;M*IM(T%0QP7G_zBi0?Z)CbQ0 zCH2vcel5cIE4;V9c^%S;olym#p!#>CQuHO|3ipqhSYaY_FvYiFRKIX% z9M!v$asSV=5>WB4nu$NyxW@@H^&6-vOT(ggOY4|YaLCfT)*a%> zhUHr@Htclcj2IqSl?maqb+5pwrew#E)7zz6IkqequRj(d@U9dW{}7UKRc~ay_IO-{ zb6@+U48$ypnV4Q)C zA2JDNc#INuRHlUNu3r2SVIfdSuwxfM55lk#^vT%s(CPJM8q_5tSms)zW11G%?iv zjk!N==3&XK)ba$f3!TBC7fw}GJR#m5q2iRs779hEWsV^g0X^tt^(xrwJWqjf6S}(P zB!aBz_QZ7apUx*@G5cb)+jo^A5=`yfy z2tYQ~A{?B~<+sT%j3p5}*r7%*lmt~L;hJ@(G^({5Bsx#zZD!sr4Cgt*DbPuFwp)kI zN`cTrwRIxn8ETVfN&S!_oGnXd>2-k_lF+zBp%d_k_1+#wXxwCVAcFmOY-Y945?C?g z$6C-S4W0*E$jQ7JN8k>1pWa|g$KlUqo%OgEk8+%Zre@`mffpVfNn<=a zW~9{3@Wy&XML(yrrX6cgXhhO+t4ZOLLuTe zJN?Wf7X&n{=dJ$ZAP#~6g}*K)D-^hXWw=|J_QRGW(-{}A)-6tK4mXd1XIDpsdr-T%15pqgu`1hVe9CX#@h zT@h7OL!sDH$tPk)E29cQnW6whLW5axwMDn%MO2f=I?=|!Wcd(7e=wHDx7xHWwvp4a zMRy@9*)5DVm28ssFN{jL2681_S!Fh$hj>r|cV%v>X2xm7Q)b8R9&Xg(L%V=J+83Tc`r*49wztUuu5d9G!zUrD zSFR29DZQF!2$%n8+%l+1?s?aZa>2a!+^ftq$t%{zP3wl@9@9`&%8N0nDd-5$Bltwr z7J~4-L6Oy5CD#<3gt$z0ntb7#_Vu`-u)_jg_FhV;>vFs(wiMUPh@IMNuQtf;K<=L~ zgy=7%_9jWm%b=l5z%X;W_5%IvQc+x%X_MVtFc)f~kt(>;Z-K(o*5oA5x|TRO{=Iq| z++xZsIw$T4c3yM;o})KZk#FJ&=h^`>e||9GD(o)0I>4N=jP>1?g1Xvr+$fN_l~|e$ z3!alswm9A6UKLe*jecU-|_gcp7TP1@-aUc7@OUJnos{3V%g46NP} z^9{8`XY@)~I_6a&hEfe0lic{e0uONqJl)lw7p$LRgAi3qDbzFYt}gE@ej3&6{)9-i_UkHq^*9_?9Zoa3?4KFOUQm;MzKjz4xa#wj7pH$+E!B9LS-v{@XmFpv z@Iv-TlUTMA4NZwVXne6sYj|3IQPpW8`vQR!ZxktT0>c4)IGKWxaU z<%dgY$iUHDc+7@lf-d6>GI^xCruW^>&5vi*dxe}vS?=^Px8(t!-=7@ER0a$+eP8|i zbm}i|Oq%)&!Trhu&qWEJKCv~M`V8R5>#v2rASzhIu^`GC= zUV$GMHGUbl4}Hl`Iy{jIj#5t4V3U5xu2|LLY$UEIM@`9-4^yjpk9bt$Nb~*b?}lO1 zXS}ACLcG{QRbXnxKcMSP8%_7l)l6#SKui`@cOMY@iOYJDr zn&2THpL>ZYT5%gIGbT>QT40_(Rp{7^=1+P0Ls0&oYDp0d1RCcgvsw9QhgJ;825Zvh z+3ja1raFpzFzK5#zFEWa?WtFo1?@jN%Nv72(dm1t@vq|y zv1(68+xE%#Z=tU1;Fs~CFH>!Ko2W&tdSVSQn)+d!R9+=`V0$eh?Yy0p7ixGyKp(u@S?qb}5T6Nh?smj$c`HKHig+%YU!BVAFaIUaC#^-WIbg zenC5N!+ctH4PsKU3HHG&VPb4-Oy3L1KOFQ$G|wi69ZL*eOC;gZ%LBwktFZe1Wt_|YIshT$6uT^7NKU#|gCY6e}hqfa{z`DO3OzdPa&bLS)l zVO9>xwN581vfgCh)86Z_QmWu%|8NWZu8jzk%*dpcq$z>^Gewu$7%zrN6nK=Aibc#9-qQ~g>!2va&E{;OF`hf?N3lMD|!7H6C+G`q)*^qa|*M5#RM z@^jl5PmZw z{Xhr;z)pt-04MJf<^Hv&Uod@VdbNNsoAQe z6c|I=^yO>1o<7k&-Tn4&eEj0gX?K-r!pqI<392d>$L$%LXIwUXV&Yf48K|j|!L{-( z0Q=13EHj_n4aryTC|Gp}J4F<91$Xdnvu9;-Tl{8IG5mGPF!l%E8>Z;ANk8v}abavvN9Ozub#Vca2q9bMSbgNJZTdN&P!&PiaGbL=<(XJ%+t%VQqKyz z*93JB@G@3*u@QWbP!e)t7Xdm|3ktJza1R0MMS*HOzJ^k;JHF`)=1b};%E45obmYeA zlvwN1GcjfIdSOvMow?_Mq9K`dyHw*M!d^`B$HRcC0#U%`Kp~rZ6Y3u-?NtDM9wucZ z2Zxt9^H@wlA~Nsg2y*1zo8*g2D9(*TMuzl+6jKu)+uu^D4+ zN9?;{IH5g2nn=4^m1LXu~MX||u@ zPlEH2lN;pN#cKzgf=%vLri*3u*T5mp7T{6@po1AzPP8kxR+zLTSg36+ort-gGuF-I z`gKN!;lDGzwb_ohlZeS~(ykCJ7sKl1)>d;gJ<}LTj!RCk*{eUD0GFLde8@AP<68|{ zHl7oMs@y{2mCW>SQX0>@MS8!e+6Eue%md9igaqKjSAt=0ZfoiC{wbb%xCy|sspFx? z|9ooirWI`wb?Pe_8_v^`i=Lp)Hm9!F7%GE2$eP|Q7iz-qH?4yu_fRi0E0R5QoY zNWD%j5a08{J>NrKgP|k`PlvJfd`(7d_vHUo9v45-(=jvl*<~63zej*rX%LnWuPUr% zT_@krP=VPNNpTxhCP3&~Z;$m}UszMwaSGqkdCg+zfW^-BhJd91RoWW$?JK&vMdgI9 zg~YWU$B5O5kp2P3*s}y{tuB7{i?FEBe@x~U)PL?4g@}2c0pEv3Hx~&iyjRAb)LD7< zIXAfuNYw$y;1Mp&*gk(tv>W@I*oH3 zsfhX*vDj$Z`XTbqy1K;%4?Sz-+dUjZ`&<%-#ax_~a`2p%6)dBqQwD_EC*)skmYJWc zSf8dKA1Pr^N$QC2_`^wQ#kJ1|beTt+XusUUl~95ee%{ zcXoHIK6P>wRULds&F{Rhq=((o|269JP%&|3@R61>$puHV2o(}=r7Qm_E+wmDJ(M(0 zZ^R<$;q*hY&NlIUjbGaMCFP=&VP#?Ln;tIgKi%8ON8fxNydk-_l$?$=&I8jISQj}HF01dso|s|d;(A!~1PHks4OJ?of@VXyEzAhKld z&o}_QC1{By+tz!I{`1X5HAzC-$AeTfPBm-=&Vknf)!)2bEWPWLBr{koJ(|ilqVl_} zOx77d5&aEiDr0ewvVe5Z9SmnLaLRl6HL>CO={dK=o_7xyB9!2Jt@~-t&jmSx!-z<= z6AnKh@vWhxfpvF)-yiPKzrVwr-snwVv~;tqFPUY}wZpDlLzi1bcCx7=j|<%IZ@C!O zV(yD&u=C_W(2!IiUvVos$m7+G=yVLDIn9b6 z(jLcmfjnDIzF*%v=;*n%s6NX`p|deEeo3%!VYy>OFa!jetXxFtWWgwzYINZzA|Y~Y zg^;5lC)*$o><9oIZmv@CpB67)eZsp zwo& z^)UxO*+kNHRn0e`+xr)MQd`ZEFYc50q8=`+et*nm_U$oxs?uF&Eh88}`u+QA7_!?}L5dMW1(5DN&yG8> z)ZiS+JjCc!~v`B=L?l0x#w$=xlqt)JU&TP!aIw{sj# z)TSE)5+`Z%I9T(-2+Cc33x6Kk5aT%E^7lc6;dvsG$G}CUtPXGLdwYgDAUfZ)1XApC zC}0DL=#E)>&-D4DMDs?=RyMNxOMNw=m2{$ybnjh$b66 z1!d>Q&$2atsYI-)ysUTYmf>)D(|mTuRdcssp`EAZeLRXHBx#sbm*Qs?ZKr9uXjb_P zIVAc!G&(RZtJwnu=BU92Y1hO1Za6>x?Ohq~)n2GB>`WYC`6lBfMn zXD!zhYHs+uQ}7fTT-a~;SyzfXAypSgq8goFbmtQ(pZQelmn=M$X-_-F+(oU#3pXtm zwH}vvUn90vyvNT0J8qNHvC*L{A5tm4x= zq0+sFlsXm=5ZoACg62+GiZx=a^^}8eDN4F^S#cR>za$86EXtvM9W7&N(*lI2$FCJ=%K{I@0&%v`$q|v#tEv}( z@oy`bCM(_7C3JbZp~v%u1RWi79}(!e;=aQUff$mIIfoXldfhypP=SLGZLE(N`gdbhPiG@hskzhnfTi zUn0xZe=J2o79Dh3y zxUBiP@U((i_m?p^)pTAq+{4XX^Iu26z2AwSw$K10Q_2QJrt!1jc#69)`G-S{^Lz?! zYX~H{8*Zx6-w4n_5R`e$!p|1{VV7e1OJ(P~_Izr8+^j36r^x4Ll{ox-ihecn6?RvV zvg%H_LX6t)8Nmc#GLvem<8t!M0f-x+>WV3>JLlHdpu%T3_R;Q1Gm47oOTKomiCE6*h3}zU-zU*y926?(lFF7^0*bYe!+QU(qUgY#e`%;19{p>hBrIl+fHE3U@A6j;y!-q`>Co<8brU{XNB5?#m*4^Kz*$t8`^>d(nN`&$F%R^4?gq=pdgk zmIWC~$Qy7^1!(q{#b|?4aZ~m_(rQ=x)auK}=bPE?UBNhjli9m`@K!tUXfSs0(mP{+ zhl?z@ZnFfq1Ct&+~+eX&&epG^mGu#+^7n=r+=mC-}Tl_=kkMlLmgZ@XkThRa6kMB zcTj#FNHcga1}<2i`ZK!1__r;ta{NuKhcBDjYZsgd_fX<3B&t8pS;=%8J~B-_Ts)%9 zl5FNsdq_@F^b|^!a0)rK!4Y-#e>yxPqL(ywpE3jBih+*!#U5OLpi=IGmUS9^?66v*Zhv*`>B-xXq({s9ew3*@gf!@JX`dsG zjkb*0!NBlG{#Vymg~ibY+Y;L)4i)|SJhgpw&jB?%%{q93ph+zq__GmN@9u_h=NH2?itbQ3Uqf? zgs#%PUaD{W3za-NNX4QxExHHnhfdtyI3VD!9SjxD}QQ7EjTccd_n=` z{zLI*T7ajc=I7CJIewGVul)JE3dpMcjmPyzLnYt)L<-w-%>C!IHHbBjNitzf?Kt$^ zKP9qR$fE))1wGjIy`mA~dqmKG6FS^WfznNa4nWHx2Bs0toUM14x)oaLE^O$&us|Vb zplh>ha(qRH;V2Abuz*A&d$=qgphYk?uejW*k7-FCg2}3PM`!!WM>O{j9#Wi3N}a?t zS(qOB$BKLPDVmhRV|P0m|6|!LFn9dOHC;IatZ+x$p9hJNtXi^Q~+g@ zd^=O679vJU&CwIXW2P)X^xm-LRpy_<4!PMbggceQo&4M7C z>nre{%g<8Y)@NfOezM(s}gvNDI3w?2b1IrkMa3>mLnB8(v%G7#J0?Tq}U!YQMJO z*k)o5=s3&v^fcZ&XOCSA_vZecqG4dJw3cv%o>yjJ2o8Drb<|od<95thnPU9)@zMHy zic0yeb5a8Zz{nuh*KNfwdY->_dpYXxe1z-ux>SOO7J@Umn-2a|Ofo=(Y&CGQFYiHO zYh`kP-~dd*wAQhL#}T~%0n}%4*4K~g2%z2hIDIK_;x-0e*7b3>^^fTp4Ci$&o9;wg z*9*-0EyABS0W}LGeNP6dIN8_td6iXFQ8p@9$;Q@F4URuecS?Ib8VMO38meWMF(cou zxmWF)!_Q3C3}!1kFJ%5Ze`)xZb>7gRGB=7Z1-xB{hAp*^e)mGf?*GeI&ey5+d`e+l z^?t-!d2^5|xF&V8P(c|W$?d5+;an5Y6mPYu5}2#8soI$Bv?nW>w{0l4a)hPsez6BY zVw!i|vUiFGl4)mt`(G1F7KC{>kz9>SY6Ua?dXHi&`(iBBXr4DUzDyzia*43x^z3T* z(L$4@On_$sxcd9zU?4|QLP+`+k z%n*S#_~c^dQT>99A2{nx&#>}d?#vXmZlna>UVw1cwdB>xlb~HajQm}KkeySm8=2Y?Pq+;?m{5}F5YM4X=8Mh@b$5S>w%C!(i^Ikx! z4kLj8@GA?T!#?#oj)gFpe>JZE058>F2e}y&T6FzQUIKJ3!z>Tbn$|ylN0dQcXZLZh zb_0ZkrC9;6o*~eS+Ue1L;RH%({G73{V|2YM0FgMg7CLj@tW9?N6%SpHMVIja;QT7z@I^mqyQ;Hc7eQdRS_@I7fx#n|Pq0*s^tga~`>@U&$Q+z{hqboX?xtIyJif4;1O%@FnUFs^G?Ga4EH%9(La9d$o#~ zcK7@KXP8I?1%i)xg@S>vA52q)SDUKq{Zo(CijN;x#|14PRGWk%mwqiB;;<1g=XLt` zOvl+Xaw;~Gkg}5~9=pS!*RgL(aPDCedY4bT+6xslbNStfc z$X2bJ8$?&FxjdkXWbXj9w6fTpw%SEMVfaipTqj^>v49AZd94}{w}E}Vc=RoINdUN2 zX;Hw7_60&3AG+0ZWt!stX@>(PSl&7~0Iz61ERA>vaH)ZwFANY6wazyKs)6_^zz?)) z0dE2aZ1y@_fC+4*4SW&={wMN%)2$xT%?bCms1Omd$s8%}m9_1Y7|y=q_ow8;WN(7J z3h055HhKq(>c@qBM3P@w!x|8x^KLO9!YL-gAmzg8yc7v#817Jt?^Ww*g01| zv^9vD9!i>NaEI;B!6ERuk&Dz;{X4}pY{d^K4OqCm;V*=Wc2JX2x}i^QmZ!ywvDkw@ z^2(dj<`w^UTDc&8?iGe6d;3TLYsz=Nk?)=)vKFZ%i-X{l^O1;raTZ|4JH=#4_=pt$ zWQIwLK>kH4RBH7Fu^8gqbrYArth^3TEN>Q%N*kS-LDSbuoL)*P9I>#Yva$GCqETZ2 zK3d!|_G9ldy;gW&wRT__Y12r(Eu8ZTDLU2gVUh)szZKtV8stw6h^D?feo?>Dxm{ZF zywL?4IV{Ew1+UNnga=6+0A7J0|5y`t2TWC^PNI|;yNpQ zldXDoIT|8; zHn$w-k`=sQGCydXJwPK0Eda&1PK+&^UOp|^n&k-R&3TEYOBeC)WpP^9ocUCy9q=bG9BrfSIbF*VmSyX@B$N9P1>0bt{oynwYF<5fHvUHZ)f#p;46%8Drf4Bql`xFD zem?%6t7ab39+We1z~uRIjbMcNjolzkiBQ4rtdKocsw;oold)l1ch-p2UrJItnn?qs)a1Y zfU|~`22@+V2iQYr$Q;uO->4Z55HWtj*LhX{J7TbGS~ttATi-SpneZc0=_QiW8E*HuVWE~3_IXtwoj;HK3~L%} z1vX&5Nq1N%_B<(NH3uT~CZpb{VyYfyB&5ca;LV~MF#vn}<@-`VPh>XCrj)9lX|i$yF9sz-cl)yjNI{*VJj zh>)){sn#YXG=SQ{sTX6KE>mxibRQ%ASkDaDxO1KYtOI=1`U&i@V<-`LtQ9hT_c`be znHq2!qW+7;X^MF!+uV(l6Vxh`=j4tTwH)a`?0|4BWfyt;OtXI(ICzx=!}<6-;X2yt z3!s#mLwihOMTRDBj=!ran$RmH;e!HLyk-p)BTAkBwU(9d)<0-Ap9$MeHFeLkRGXxQ zZGj0GM%wceCu&(%d?Pjp8?#vjV?I5$M?$txJURFdXU&b9F&$KDe>iUcG9IwH-JrR? z-jLQlDcG;aWA|Uo_DvRnC7WOM$`0=eLFO>U5cV_gy=!^EzO3m36ZzRlCeZ`>KS$nh zPQosZdxiD(_!f%$_SKn>4++MX?*e?B8WeMjQMKfS2@iO8B10&wwED_(rJCC;R*Zrh z>%7sEGB=S8w~ha}LNMfw{i65AZ$FHbRtn{{_%-rhPi_dvoj*I0w<)x8j=pkzd@kJl z_eBzj<}P%Vw_E8?0WO{&;W+>hkLWM|JAL>MTE5NNKTn(KQE`P!B7Iu_{Vy^Y%4J?< zHj@U`<^rAZ>%F0j723Xpx;Mk`NV*!3B6mrTSbbRu77&glDR&P1|lPt&YBHjE@w)Sl6 zdvS@+Fd?9>6-rE2z3F4EXaeYVzG~d$^DL9i_ zwUvsqKi|^5+RrNy8lH|qCStaD%&D{`_!82OE1UuMDfi-xyYRAH0}hbPrXlN!oxYOQ z=NVvpjl1hV^{zMBhfw}5&o{624yg6&&j_jo<{gd%sbp{A!2Epk#to;V7Va4HExdm# zgKBrn+-bwRl>T1AeSMnHuiT4xd#%{2P56#Uc<$360KPhFu3%0uGcOrk@I3En0l&}z zEP~elD@Epq4&Nt8DNC>X)9`vIX_; z>!jWZGqO5ALSlp${g-s4=+46xMqNCBfRk$PPRN)O-evzM<@aZo#4nsU=`jW5g&oWE zBOp6!2MC)#5R(^=;rmpe za2N62>TJE8si&16L@*XW{%be?j$o?C*-xHodj`L|)#203hh-dI523fa*kud&WgJKe z*6;*619#h{VRKMB?W+aDN41o{wxS7W@sN{*AW$5{LC1VS6tC`j>OHuAx#Ag>P`b;k z8bQiJC2YbO0Td5;p0L8eL7o2C>=dg@>s8I1K5bW1l)Qf7@e}k*ad|vvgX60WY^Gl> z>4<*i7ZIE zS_R$IqtH~Vvi8qtZ@~b=fOKN5jxo*W*T)h>M%u^aeD{R@897XsZZ``+a6gUozcotl zm=_>9N?x9^9()ut<~NT0RWCEtwoOTu8Z}%18rYE_RJ~`tqjQQgEZc5f@k*K|aY4hF z`Yk(5;g!%g!v9&d#F|*$N|CR58Re^tsE_WvC2}Hc1&yge$uSW7I=>Nc&}@9kXh7$R zjBFP5AJi!(i z%6e#imEaVtW{Jr}Wf9gx6cO&hw0)m$%7IuMUO~GcZ#wLV$=CST&{P9U``P0NRI zE0io1#U;%j^~-yP3Ybmz0U=#h<68<6%4fg%E7ovu!UA4w2-=^+)NwAfD@Lq!V@qF( zx;Xmp54>_=+QRi0mKE=4%f!z7`NAT)t!gYpI!$$d=Y#-sYi^C0Wj_Tw%FcUc#0)p!?V}OJs!Pl!`N#;SJaBd6 z(h6EDpSL|vOib7;z%!HSaBThpnQMw>K!TzugQw)rhBKnYl0PYVrjtbNq+5p$yKQx3 z1?&WT8N}v&?1M%-x225G!bLjYcQu%nH%76@zLZGnn^NsWkbNi!zEr5%t*4zdd{{(9 z8#l-*N)4MXWbD-?`E~xDNkn?z#Jr?4nQUeue$7gnH$ZnXB28A12TgMneTe2}`4jNV zR^yf&uY7BB*xd$(a8G<^uMEi~N07?S@AbqA?3tW zygiU&XbF0vA4ZDAEvTX?UCXcf!gyH1PqF;+c2sr;*%ir>36j#r|Jop=sCKj2kWRsN z>fW7ip(T4dat5Y~6{wV_5`fnwhr)g_JE(n>ITy+A4y!7iwr2fr<-@=)7Bz(}E5m(> z6LF=BqkHLL_cjSC=stv8oKhx5-YTIw0DBnpp==<2Wj=jUO}}jE@`uzx3#XDGyS3y+ zGUIV}6;L9@5(EljBXyNLd+|8zgu9c7bufLaw2O zO_sR&Rc$vw^h~E1WVTvY^FYLiLa!+(wr*;K@MDfRReqn|!jP#Khi^4*j7lQy^1{)P z^qp7K3K)z()vy(!Ed*qz9o$tzy~fOq^dZYrB{b10ucr|$T=PL<463`X#H1}fH1Daqni-R#9B{vC ze%ec|kC}Qf`tWX!nDfdEyx>0i#Wy;5>LEE9(@WfEz*mmv>-e;uc}GItL#QV8N*TE| znUjl>^G-3|u6}t1^nB&1JV~IZTzOAKEG{I`!3VfLI5^J4ZQ9tL*5MHP^)7j)cS1KasVKS4ExZRd< zm@zY2*g_I@KMwvxG}i~P?MH9|7Ndv$F@=9w*Vbx6 zp0rPFo3zNSo(K;+3tm6(zi63FT)D(k$LnXdmqm|ZDY^nYO0FP^#_>f{E9N8_)ZkJg zdvU95+4IV)iOIpT{ztEkPAGRvnE#y-(uTJL<_E;X8ii!s&? z!shIqhtl=D=RWsV1|CIqK?_ptn7w$3b+P}3x|@6H$}g=zP8ONo0WXs%S?Rj{cVNP$$N_&Z!b`Un?XQn4sI*Vi0pvKtZ6C1 zZ8#b6$qEaUG`k2itF*Y#X$^fJ#-eA(_PSATL*k>u^)d`Bf?MgyK9dTtlT?7JhEKSP zynwRylrJ4RI=lk8C0B@UG2CMtn@Kn^-L=T$;GuKRbJ&f=~r3*;;ucTC?qmY?rzE4Iwvm$DN;ly? zkY`cA2k;U{Kzi7orcMe^))#j4u}Mn(Bkz5ajl0-FpwbKg>rkV>qcLNtG!UxX~;THg1x&dEa<( zgF7&I9zb(`g3Vx*_o8fdzLYV3I$E0q6=)Nj>>BoQ#nkp~!Rq0ehbD!;p>QK*narV5 zRs|_I3ZHnyj4hqqJbtFW%!j2)$*)!jPfp};ZGi-i%u=MTZ21hAS>g^wVpX^ib6(hb z?T0@dzBtd^@Ql7M^Tw009d|Bv;2v3McEtAK*{sHO32uI1I2AIEqU-s}cD=}V`g017 zr&l?=s>78#-T4H~X_E@95-NIjZL+RQP*e;fnz!=@1?ebts?q-*w`D3m*?|79j>$$Q z3nH6BksCT|f{d)j>@Q;?Fum-qm)}AM>_94tZgV^#D|ib9*L?PB?rb#%5{0N*Wni>n z&{HDz%4ZQVR_7%DshUj)W9TaqjK;pH+Nirod3BcM=t%i`gzn9h^T%}Mvd|#0Z&yzu zDX_~ZM}v-G`x;(x$alBPMtxN`p{I)} zvLl-&*}_P6o1vGka8zv6eZ4JPiFn1eo}}~5?c>EKBCk~&wTKxC;*3ld`wEtCyDHxU zA0|CL8;C{EQ1`JUVCM*aznIYu<(E$SSsNy$Gpaef20TA`{Mih5utY#3OZ~%#gv@ci z&M&+HQ$`Ww@$bg|_#lp9vUi);=cjhFQ2PSr28nmk(G7zYcYliUi!}?1h@5Y;;e=6I z68dZ4iPT+^kOafxzcK()F}&lmn27zJi@j0h68D`@t1jml1DU8hDr4hsP?7GmTizmi z;S0oxs%_LPxk6>mr8Q(p5n*UO66>_M7i_#&fl{&pxRk7px zsN51=YNR18!X&haokX+6Ov{Kl?RACC#3r)WJ8?;wRUbuTaE?xmgHm8|K-ey*xESLF zhnw;}s{7Hg@hOWg>S&jz4*giH(b|w$naB6;9#d>iG7SmRFL05;`-`%Sa``H%7szQn z5it8fC$`^ z4;CYo{fh0QTkVbdj^oOwJjuK7q_bqWnUUje)jos9erflSL*EHd_nq({-O4e4FeU zH_R|smkn#|+vM4g$7O6C+2q~U&~U0ziD%c0Ry4JkMV0d%jcYXrZ%7ZHD6D9CTE9%Q zJ>7rS9af7~zILEMFwkSP6n6NB9271&TGyf8L7bT+pJ|p@-UIfkDx;PGN7fVJmXeK2 z__;ITRD`1OIBkG!9ps%(bUt*{5vMnYh_l3kHMsKdmr2R_ugj_0W#B%kwxYX!Hmmk5O!hA$aymZrL68sxH;7VA0-S;c^hMr9+6S{CK zj~^fLY}zllyR_)9p|?x>g{@_-W*wO+Fo%)lhMmT3Uv%4z&#V_?r#6)~ToNJlAlTA) z34+N)kqssaJ#{78am>_~6Cp4|E~Ce5%4)3oZS3k7Llbdh)e>L0>rVEFCEb*$*qLsn zKceNA0~3Q)#Dja0jV*F>99oSXb{lb329};!d4|XUMM+y}}|D*l(K@wOR|O)Igt3&|5_cJ2M$5IualK6xEf5Pk-DRKdZAt zegP^s^B86*fp?991#4#@K@|xbsgp|R?3~sD63h__ia{(OFt#jaMtew^8d`&-!ToiUGgf?zw7pUSglUV*Zdc~6b zXGb|2V%7@w(h2#VoGsEx9j)+DYAV{uSRSw9oSe(5OV?rJxfeSM-#eV0d6U=gIXTMw z4O=k(F(ycf{K%yf9Sm9KFiGleQxwQ-;p^>^3A}kE_oT~0Fx~$Z?P96*H3~a_-*{3a z1;Z)2)}*V;@opjmUfj^hTdtx?IRjP>@wpSLTEV(4;1y2B9VnulI989ybySc&tXfe_WcByt7s4Fk!s_}u6p!3ubp5|C&Fn}jpa0eZ* zS@K)uAJ@dJ_OUjHcpgbCmiLN*1}vP%Um>2G3vWCVUI4lbD#P@`hrBUj z;vFL1ff?cd;AI_o{~+x@p0HO@oL(c1*T1I|fn;vrL^Z`1%E;`I2KwJ}I}VLjp0%Z@uKzPyJ*h!bzY=sE&yN!i|&a=Q$` z>!`{|4BDC`q|`!C+NHQjCYL8xk;FfD(jK|+cB)iujBqR zSHfe$MjB%i^QZ+>v9%3}OEHbb*@?g83Fg1&ErSHdzfYy8U0mY~G>O3;y8J27VuX-0 zMNN?jr#XKfM1TZ@SVd=JoA&iLw-iN3)@;^)xV`!DFxHdd1ZDT1Ij?<-uTWs?ARhz| zhfU_|cZicBXjlDUzE-xo_>!9!Nq(?Dz5?=!j^A^jVRLI7*|Q$ETTk_>2Erm?lwI@(q)!SEv8BkhaTCNV0R> zcn6pMbmHr7$r?llqw;tT^7}P?&ux;I@&6Q^}Rl$lCUsbJ|fmj zGs@tH)>Lfy(D3uuJ+9W~=kmRn9LYqlPjRasdu_T%*p^MN`LW(~{T~@TqaN3#uI__N z=#rP>6a9Kg`hLFCMt5*pZVpwq8F>EgU=u2 zx8Z}k{rF9Eq<74zIMdI>@}=cYm5yo`Um+dDhE}7t^?v-qXY?#2D6Ot2`$mji-qi#3 z_R$`)9ZOi#GIlR+V;QwoT^S=1a$nI*D0B|xC>t@z62`5kCU(%x4_JS*_>^}YERz84EX6E7EqMQyH5d1|woGcuSBNZkXqn~> zpvXt-HctD(9RH%FXnpkVds#qt`bq1NXr9OMZeoEw&DhnDX^VKrii9jQ5tUsPUqxk* zyz<_|DgzH?;kP7k>rTe5esNV(!N&>giAh`yH3;4i`0u(?1Ca-uILDd#NV+6Dk?Izr z?E|RleiX#0bs5OS-~BwOhX6i2mg9_oOF+f~7E}=vulI<_@@IMPGjt$uoUzA6#ha2N z-y#5%NZXJ(@jhXQ#aFSKY63ez=U9`LG#u6NEXZ)5pvNRJUE9rh@Z?s@%lXA_Ah#S5k~ynPDzx)vaBq>*GCyxSljGc zW1*r0X$Kclgct)2k%Qw8VSC%+lf8*4)viXG_Zf2UoM@AC5>dwotxHRCz;gIon>s)Zh z#RGpCb_~^ETfp2Jc5EXK^EnRKt=J3&TEU+Xm5s;lKZ}yL#|~*sFH`?vaFs9qYmB_z zcD+>{j;s{5os@Hu>5;FSo-(3~@Lc6arK%I&^^F{&=c~?$azjd`z{i68rf(YfT>%B^ zzt?H+U=M|Ph~GR6y_B1mtzus|p56Z)BvZj6UH!74RV(4v&XkG^nqBrf)DeG7(sH}_ zu++uFz05*Ml)2$kHf)qInSk&Si-iMP-CP_-OMp#AX1t60ANFzgTJpPF_Bg^C+S-#& z4+e*uR`SRkI;jID4pVZockJ0eo~Q64EzrrvF0Av2gx{zVM)6OC5)AN;Ym>S})Oq&L z<>Q6%(=gIISS)p;u>zemYy^J}ncB^-rmF?4SbY0YlA^`B&ROnJQs2CEQ50}XOo$qU z2{!(qV@<(2TzZ%+tItX_jB~J;Oe?9?PCn9R8l@PZ-0&oNRSWHLAc5JyUgu}GBvO{G z=6ms=9kJh=WUSp2y3UCX&NmJ0l7S6zG&vTk%*P_!9y4%4V6(?~A7cNF6YOqE z-ps0_q?n5mrY81OmeJ9F?2=4WeE}S+acN}|s1A^$WbqjuCv1uZJ=(Fp5Nug3Bvd9l z+1*1phtu39UGTXUgAub)%Wbgk^Ax(w`lq>$fL%-&Sq`yYBK;Rh?_{n~6QizZ_mauJ zq)cu80!10rrZkTsM|*Z5b(Lphc`%x;A@BxB?f?J?@pizqcKWeS{0Z^!#w~NiZ;N;}0jPY~mhS@i3UCu{buvy*kr!div@5{)-&qY-a=PUY0e;&ww zs?D>VKJU-6k9=h4c~5J$ZLxqwW(S-f>Zhuw-3~&HOgbKjJuS>eDlYv?&>5$`6_z1YJJz4MA5g#>FB#b@c&t0YY(}}` supports backup and restoration of NATS streams. This guide will show you how you can backup & restore a NATS server with basic authentication using Stash. + +## Before You Begin + +- At first, you need to have a Kubernetes cluster, and the `kubectl` command-line tool must be configured to communicate with your cluster. +- Install Stash in your cluster following the steps [here](/docs/setup/install/stash/index.md). +- If you are not familiar with how Stash backup and restore NATS streams, please check the following guide [here](/docs/addons/nats/overview/index.md). + +You have to be familiar with following custom resources: + +- [AppBinding](/docs/concepts/crds/appbinding/index.md) +- [Function](/docs/concepts/crds/function/index.md) +- [Task](/docs/concepts/crds/task/index.md) +- [BackupConfiguration](/docs/concepts/crds/backupconfiguration/index.md) +- [BackupSession](/docs/concepts/crds/backupsession/index.md) +- [RestoreSession](/docs/concepts/crds/restoresession/index.md) + +To keep things isolated, we are going to use a separate namespace called `demo` throughout this tutorial. Create `demo` namespace if you haven't created already. + +```bash +$ kubectl create ns demo +namespace/demo created +``` + +> Note: YAML files used in this tutorial are stored [here](https://github.com/kubestash/docs/tree/{{< param "info.version" >}}/docs/addons/nats/authentications/basic-auth/examples). + +## Prepare NATS + +In this section, we are going to deploy a NATS cluster with basic authentication enabled. Then, we are going to create a stream and publish some messages into it. + +### Deploy NATS Cluster + +At first, let's deploy a NATS cluster. Here, we are going to use [NATS](https://github.com/nats-io/k8s/tree/main/helm/charts/nats ) chart from [nats.io](https://nats.io/). + +Let's deploy a NATS cluster named `sample-nats` using Helm as below, + +```bash +# Add nats chart registry +$ helm repo add nats https://nats-io.github.io/k8s/helm/charts/ +# Update helm registries +$ helm repo update +# Install nats/nats chart into demo namespace +$ helm install sample-nats nats/nats -n demo \ +--set nats.jetstream.enabled=true \ +--set nats.jetstream.fileStorage.enabled=true \ +--set cluster.enabled=true \ +--set cluster.replicas=3 \ +--set auth.enabled=true \ +--set-string auth.basic.users[0].user="sample-user",auth.basic.users[0].password="changeit" +``` + +This chart will create the necessary StatefulSet, Service, PVCs etc. for the NATS cluster. You can easily view all the resources created by chart using [ketall](https://github.com/corneliusweig/ketall) `kubectl` plugin as below, + +```bash +❯ kubectl get-all -n demo -l app.kubernetes.io/instance=sample-nats +NAME NAMESPACE AGE +configmap/sample-nats-config demo 11m +endpoints/sample-nats demo 11m +persistentvolumeclaim/sample-nats-js-pvc-sample-nats-0 demo 11m +persistentvolumeclaim/sample-nats-js-pvc-sample-nats-1 demo 10m +persistentvolumeclaim/sample-nats-js-pvc-sample-nats-2 demo 10m +pod/sample-nats-0 demo 11m +pod/sample-nats-1 demo 10m +pod/sample-nats-2 demo 10m +service/sample-nats demo 11m +controllerrevision.apps/sample-nats-775468b94f demo 11m +statefulset.apps/sample-nats demo 11m +endpointslice.discovery.k8s.io/sample-nats-7n7v6 demo 11m +``` + +Now, wait for the NATS server pods `sample-nats-0`, `sample-nats-1`, `sample-nats-2` to go into `Running` state, + +```bash +❯ kubectl get pod -n demo -l app.kubernetes.io/instance=sample-nats +NAME READY STATUS RESTARTS AGE +sample-nats-0 3/3 Running 0 9m58s +sample-nats-1 3/3 Running 0 9m35s +sample-nats-2 3/3 Running 0 9m12s +``` + +Once the pods are in `Running` state, verify that the NATS server is ready to accept the connections. + +```bash +❯ kubectl logs -n demo sample-nats-0 -c nats +[7] 2021/09/06 08:33:53.111508 [INF] Starting nats-server +[7] 2021/09/06 08:33:53.111560 [INF] Version: 2.6.1 +... +[7] 2021/09/06 08:33:53.116004 [INF] Server is ready +``` + +From the above log, we can see the NATS server is ready to accept connections. + +### Insert Sample Data + +The above Helm chart also deploy a pod with nats-box image which can be used to interact with the NATS server. Let's verify the nats-box pod has been created. + +```bash +❯ kubectl get pod -n demo -l app=sample-nats-box +NAME READY STATUS RESTARTS AGE +sample-nats-box-785f8458d7-wtnfx 1/1 Running 0 7m20s +``` + +Let's exec into the nats-box pod, + +```bash +❯ kubectl exec -n demo -it sample-nats-box-785f8458d7-wtnfx -- sh -l +... +# Let's export the username and password as environment variables to make further commands re-usable. +sample-nats-box-785f8458d7-wtnfx:~# export NATS_USER=sample-user +sample-nats-box-785f8458d7-wtnfx:~# export NATS_PASSWORD=changeit + +# Let's create a stream named "ORDERS" +sample-nats-box-785f8458d7-wtnfx:~# nats stream add ORDERS --subjects "ORDERS.*" --ack --max-msgs=-1 --max-bytes=-1 --max-age=1y --storage file --retention limits --max-msg-size=-1 --max-msgs-per-subject=-1 --discard old --dupe-window="0s" --replicas 1 +Stream ORDERS was created + +Information for Stream ORDERS created 2021-09-03T07:12:07Z + +Configuration: + + Subjects: ORDERS.* + Acknowledgements: true + Retention: File - Limits + Replicas: 1 + Discard Policy: Old + Duplicate Window: 2m0s + Maximum Messages: unlimited + Maximum Bytes: unlimited + Maximum Age: 1y0d0h0m0s + Maximum Message Size: unlimited + Maximum Consumers: unlimited + + +Cluster Information: + + Name: nats + Leader: nats-0 + +State: + + Messages: 0 + Bytes: 0 B + FirstSeq: 0 + LastSeq: 0 + Active Consumers: 0 + + +# Verify that the stream has been created successfully +sample-nats-box-785f8458d7-wtnfx:~# nats stream ls +Streams: + + ORDERS + +# Lets add some messages to the stream "ORDERS" +sample-nats-box-785f8458d7-wtnfx:~# nats pub ORDERS.scratch hello +08:55:39 Published 5 bytes to "ORDERS.scratch" + +# Add another message +sample-nats-box-785f8458d7-wtnfx:~# nats pub ORDERS.scratch world +08:56:11 Published 5 bytes to "ORDERS.scratch" + +# Verify that the messages have been published to the stream successfully +sample-nats-box-785f8458d7-wtnfx:~# nats stream info ORDERS +Information for Stream ORDERS created 2021-09-03T07:12:07Z + +Configuration: + + Subjects: ORDERS.* + Acknowledgements: true + Retention: File - Limits + Replicas: 1 + Discard Policy: Old + Duplicate Window: 2m0s + Maximum Messages: unlimited + Maximum Bytes: unlimited + Maximum Age: 1y0d0h0m0s + Maximum Message Size: unlimited + Maximum Consumers: unlimited + + +Cluster Information: + + Name: nats + Leader: nats-0 + +State: + + Messages: 2 + Bytes: 98 B + FirstSeq: 1 @ 2021-09-03T08:55:39 UTC + LastSeq: 2 @ 2021-09-03T08:56:11 UTC + Active Consumers: 0 + +sample-nats-box-785f8458d7-wtnfx:~# exit +``` + +We have successfully deployed a NATS cluster, created a stream and publish some messages into the stream. In the subsequent sections, we are going to backup this sample data using Stash. + +## Prepare for Backup + +In this section, we are going to prepare the necessary resources (i.e. connection information, backend information, etc.) before backup. + +### Ensure NATS Addon + +When you install Stash, it will automatically install all the official addons. Make sure that NATS addon has been installed properly using the following command. + +```bash +❯ kubectl get tasks.stash.appscode.com | grep nats +nats-backup-2.6.1 24m +nats-restore-2.6.1 24m +``` + +This addon should be able to take backup of the NATS streams with matching major versions as discussed in [Addon Version Compatibility](/docs/addons/nats/README.md#addon-version-compatibility). + +### Create Secret + + Lets create a secret with basic auth credentials. Below is the YAML of `Secret` object we are going to create. + +```yaml +apiVersion: v1 +kind: Secret +metadata: + labels: + app.kubernetes.io/instance: sample-nats + name: sample-nats-auth + namespace: demo +data: + password: Y2hhbmdlaXQ= + username: c2FtcGxlLXVzZXI= +``` + +Let's create the `Secret` we have shown above, + +```bash +$ kubectl apply -f https://github.com/kubestash/docs/tree/{{< param "info.version" >}}/docs/addons/nats/authentications/basic-auth/examples/secret.yaml +secret/sample-nats-auth created +``` + + + +### Create AppBinding + +Stash needs to know how to connect with the NATS server. An `AppBinding` exactly provides this information. It holds the Service and Secret information of the NATS server. You have to point to the respective `AppBinding` as a target of backup instead of the NATS server itself. + +Here, is the YAML of the `AppBinding` that we are going to create for the NATS server we have deployed earlier. + +```yaml +apiVersion: appcatalog.appscode.com/v1alpha1 +kind: AppBinding +metadata: + labels: + app.kubernetes.io/instance: sample-nats + name: sample-nats + namespace: demo +spec: + clientConfig: + service: + name: sample-nats + port: 4222 + scheme: nats + secret: + name: sample-nats-auth + type: nats.io/nats + version: 2.6.1 +``` + +Here, + +- `.spec.clientConfig.service` specifies the Service information to use to connects with the NATS server. +- `.spec.secret` specifies the name of the Secret that holds necessary credentials to access the server. +- `spec.type` specifies the type of the target. This is particularly helpful in auto-backup where you want to use different path prefixes for different types of target. + +Let's create the `AppBinding` we have shown above, + +```bash +$ kubectl apply -f https://github.com/kubestash/docs/tree/{{< param "info.version" >}}/docs/addons/nats/authentications/basic-auth/examples/appbinding.yaml +appbinding.appcatalog.appscode.com/sample-nats created +``` + +### Prepare Backend + +We are going to store our backed up data into a GCS bucket. So, we need to create a Secret with GCS credentials and a `Repository` object with the bucket information. If you want to use a different backend, please read the respective backend configuration doc from [here](/docs/guides/backends/overview/index.md). + +**Create Storage Secret:** + +At first, let's create a secret called `gcs-secret` with access credentials to our desired GCS bucket, + +```bash +$ echo -n 'changeit' > RESTIC_PASSWORD +$ echo -n '' > GOOGLE_PROJECT_ID +$ cat downloaded-sa-json.key > GOOGLE_SERVICE_ACCOUNT_JSON_KEY +$ kubectl create secret generic -n demo gcs-secret \ + --from-file=./RESTIC_PASSWORD \ + --from-file=./GOOGLE_PROJECT_ID \ + --from-file=./GOOGLE_SERVICE_ACCOUNT_JSON_KEY +secret/gcs-secret created +``` + +**Create Repository:** + +Now, create a `Repository` object with the information of your desired bucket. Below is the YAML of `Repository` object we are going to create, + +```yaml +apiVersion: stash.appscode.com/v1alpha1 +kind: Repository +metadata: + name: gcs-repo + namespace: demo +spec: + backend: + gcs: + bucket: stash-testing + prefix: /demo/nats/sample-nats + storageSecretName: gcs-secret +``` + +Let's create the `Repository` we have shown above, + +```bash +$ kubectl create -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/nats/authentications/basic-auth/examples/repository.yaml +repository.stash.appscode.com/gcs-repo created +``` + +Now, we are ready to backup our streams into our desired backend. + +### Backup + +To schedule a backup, we have to create a `BackupConfiguration` object targeting the respective `AppBinding` of our NATS server. Then, Stash will create a CronJob to periodically backup the streams. + +#### Create BackupConfiguration + +Below is the YAML for `BackupConfiguration` object that we are going to use to backup the streams of the NATS server we have created earlier, + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: sample-nats-backup + namespace: demo +spec: + task: + name: nats-backup-2.6.1 + schedule: "*/5 * * * *" + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-nats + interimVolumeTemplate: + metadata: + name: sample-nats-backup-tmp-storage + spec: + accessModes: [ "ReadWriteOnce" ] + storageClassName: "standard" + resources: + requests: + storage: 1Gi + retentionPolicy: + name: keep-last-5 + keepLast: 5 + prune: true +``` + +Here, + +- `.spec.schedule` specifies that we want to backup the streams at 5 minutes intervals. +- `.spec.task.name` specifies the name of the Task object that specifies the necessary Functions and their execution order to backup NATS streams. +- `.spec.repository.name` specifies the Repository CR name we have created earlier with backend information. +- `.spec.target.ref` refers to the AppBinding object that holds the connection information of our targeted NATS server. +- `spec.interimVolumeTemplate` specifies a PVC template that will be used by Stash to hold the dumped data temporarily before uploading it into the cloud bucket. +- `.spec.retentionPolicy` specifies a policy indicating how we want to cleanup the old backups. + +Let's create the `BackupConfiguration` object we have shown above, + +```bash +$ kubectl create -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/nats/authentications/basic-auth/examples/backupconfiguration.yaml +backupconfiguration.stash.appscode.com/sample-nats-backup created +``` + +#### Verify Backup Setup Successful + +If everything goes well, the phase of the `BackupConfiguration` should be `Ready`. The `Ready` phase indicates that the backup setup is successful. Let's verify the `Phase` of the BackupConfiguration, + +```bash +$ kubectl get backupconfiguration -n demo +NAME TASK SCHEDULE PAUSED PHASE AGE +sample-nats-backup nats-backup-2.6.1 */5 * * * * Ready 11s +``` +#### Verify CronJob + +Stash will create a CronJob with the schedule specified in `spec.schedule` field of `BackupConfiguration` object. + +Verify that the CronJob has been created using the following command, + +```bash +❯ kubectl get cronjob -n demo +NAME SCHEDULE SUSPEND ACTIVE LAST SCHEDULE AGE +stash-backup-sample-nats-backup */5 * * * * False 0 14s +``` + +#### Wait for BackupSession + +The `sample-nats-backup` CronJob will trigger a backup on each scheduled slot by creating a `BackupSession` object. + +Now, wait for a schedule to appear. Run the following command to watch for `BackupSession` object, + +```bash +❯ kubectl get backupsession -n demo -w +NAME INVOKER-TYPE INVOKER-NAME PHASE DURATION AGE +sample-nats-backup-8x8fp BackupConfiguration sample-nats-backup Succeeded 42s 8m28s +``` + +Here, the phase `Succeeded` means that the backup process has been completed successfully. + +#### Verify Backup + +Now, we are going to verify whether the backed up data is present in the backend or not. Once a backup is completed, Stash will update the respective `Repository` object to reflect the backup completion. Check that the repository `gcs-repo` has been updated by the following command, + +```bash +❯ kubectl get repository -n demo +NAME INTEGRITY SIZE SNAPSHOT-COUNT LAST-SUCCESSFUL-BACKUP AGE +gcs-repo true 1.382 KiB 1 9m4s 24m +``` + +Now, if we navigate to the GCS bucket, we will see the backed up data has been stored in `demo/nats/sample-nats` directory as specified by `.spec.backend.gcs.prefix` field of the `Repository` object. + +

    + Backup data in GCS Bucket +
    Fig: Backup data in GCS Bucket
    +
    + +> Note: Stash keeps all the backed up data encrypted. So, data in the backend will not make any sense until they are decrypted. + +## Restore + +If you have followed the previous sections properly, you should have a successful backup of your NATS streams. Now, we are going to show how you can restore the streams from the backed up data. + +### Restore Into the Same NATS Cluster + +You can restore your data into the same nats cluster you have backed up from or into a different NATS cluster in the same cluster or a different cluster. In this section, we are going to show you how to restore in the same nats cluster which may be necessary when you have accidentally lost any data. + +#### Temporarily Pause Backup + +At first, let's stop taking any further backup of the NATS streams so that no backup runs after we delete the sample data. We are going to pause the `BackupConfiguration` object. Stash will stop taking any further backup when the `BackupConfiguration` is paused. + +Let's pause the `sample-nats-backup` BackupConfiguration, + +```bash +$ kubectl patch backupconfiguration -n demo sample-nats-backup --type="merge" --patch='{"spec": {"paused": true}}' +backupconfiguration.stash.appscode.com/sample-nats-backup patched +``` + +Verify that the `BackupConfiguration` has been paused, + +```bash +❯ kubectl get backupconfiguration -n demo sample-nats-backup +NAME TASK SCHEDULE PAUSED PHASE AGE +sample-nats-backup nats-backup-2.6.1 */5 * * * * true Ready 2d18h +``` + +Notice the `PAUSED` column. Value `true` for this field means that the `BackupConfiguration` has been paused. + +Stash will also suspend the respective CronJob. + +```bash +❯ kubectl get cronjob -n demo +NAME SCHEDULE SUSPEND ACTIVE LAST SCHEDULE AGE +stash-backup-sample-nats-backup */5 * * * * True 0 56s 2d18h +``` + +#### Simulate Disaster + +Now, let's simulate a disaster scenario. Here, we are going to exec into the nats-box pod and delete the sample data we have inserted earlier. + +```bash +❯ kubectl exec -n demo -it sample-nats-box-785f8458d7-wtnfx -- sh -l +... +# Let's export the username and password as environment variables to make further commands re-usable. +sample-nats-box-785f8458d7-wtnfx:~# export NATS_USER=sample-user +sample-nats-box-785f8458d7-wtnfx:~# export NATS_PASSWORD=changeit + +# delete the stream "ORDERS" +sample-nats-box-785f8458d7-wtnfx:~# nats stream rm ORDERS -f + +# verify that the stream has been deleted +sample-nats-box-785f8458d7-wtnfx:~# nats stream ls +No Streams defined +sample-nats-box-785f8458d7-wtnfx:~# exit +``` + +#### Create RestoreSession + +To restore the streams, you have to create a `RestoreSession` object pointing to the `AppBinding` of the targeted NATS server. + +Here, is the YAML of the `RestoreSession` object that we are going to use for restoring the streams of the NATS server. + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: RestoreSession +metadata: + name: sample-nats-restore + namespace: demo +spec: + task: + name: nats-restore-2.6.1 + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-nats + interimVolumeTemplate: + metadata: + name: nats-restore-tmp-storage + spec: + accessModes: [ "ReadWriteOnce" ] + storageClassName: "standard" + resources: + requests: + storage: 1Gi + rules: + - snapshots: [latest] +``` + +Here, + +- `.spec.task.name` specifies the name of the Task object that specifies the necessary Functions and their execution order to restore NATS streams. +- `.spec.repository.name` specifies the Repository object that holds the backend information where our backed up data has been stored. +- `.spec.target.ref` refers to the AppBinding object that holds the connection information of our targeted NATS server. +- `.spec.interimVolumeTemplate` specifies a PVC template that will be used by Stash to hold the restored data temporarily before injecting into the NATS server. +- `.spec.rules` specifies that we are restoring data from the latest backup snapshot of the streams. + +Let's create the `RestoreSession` object object we have shown above, + +```bash +$ kubectl apply -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/nats/authentications/basic-auth/examples/restoresession.yaml +restoresession.stash.appscode.com/sample-nats-restore created +``` + +Once, you have created the `RestoreSession` object, Stash will create a restore Job. Run the following command to watch the phase of the `RestoreSession` object, + +```bash +❯ kubectl get restoresession -n demo -w +NAME REPOSITORY PHASE DURATION AGE +sample-nats-restore gcs-repo Succeeded 15s 55s +``` + +The `Succeeded` phase means that the restore process has been completed successfully. + +#### Verify Restored Data + +Now, let's exec into the nats-box pod and verify whether data actual data has been restored or not, + +```bash +❯ kubectl exec -n demo -it sample-nats-box-785f8458d7-wtnfx -- sh -l +... +# Let's export the username and password as environment variables to make further commands re-usable. +sample-nats-box-785f8458d7-wtnfx:~# export NATS_USER=sample-user +sample-nats-box-785f8458d7-wtnfx:~# export NATS_PASSWORD=changeit + +# Verify that the stream has been restored successfully +sample-nats-box-785f8458d7-wtnfx:~# nats stream ls +Streams: + + ORDERS + +# Verify that the messages have been restored successfully +sample-nats-box-785f8458d7-wtnfx:~# nats stream info ORDERS +Information for Stream ORDERS created 2021-09-03T07:12:07Z + +Configuration: + + Subjects: ORDERS.* + Acknowledgements: true + Retention: File - Limits + Replicas: 1 + Discard Policy: Old + Duplicate Window: 2m0s + Maximum Messages: unlimited + Maximum Bytes: unlimited + Maximum Age: 1y0d0h0m0s + Maximum Message Size: unlimited + Maximum Consumers: unlimited + + +Cluster Information: + + Name: nats + Leader: nats-0 + +State: + + Messages: 2 + Bytes: 98 B + FirstSeq: 1 @ 2021-09-03T08:55:39 UTC + LastSeq: 2 @ 2021-09-03T08:56:11 UTC + Active Consumers: 0 + +sample-nats-box-785f8458d7-wtnfx:~# exit +``` + +Hence, we can see from the above output that the deleted data has been restored successfully from the backup. + +#### Resume Backup + +Since our data has been restored successfully we can now resume our usual backup process. Resume the `BackupConfiguration` using following command, + +```bash +❯ kubectl patch backupconfiguration -n demo sample-nats-backup --type="merge" --patch='{"spec": {"paused": false}}' +backupconfiguration.stash.appscode.com/sample-nats-backup patched +``` + +Verify that the `BackupConfiguration` has been resumed, +```bash +❯ kubectl get backupconfiguration -n demo sample-nats-backup +NAME TASK SCHEDULE PAUSED PHASE AGE +sample-nats-backup nats-backup-2.6.1 */5 * * * * false Ready 2d19h +``` + +Here, `false` in the `PAUSED` column means the backup has been resumed successfully. The CronJob also should be resumed now. + +```bash +❯ kubectl get cronjob -n demo +NAME SCHEDULE SUSPEND ACTIVE LAST SCHEDULE AGE +stash-backup-sample-nats-backup */5 * * * * False 0 3m24s 4h54m +``` + +Here, `False` in the `SUSPEND` column means the CronJob is no longer suspended and will trigger in the next schedule. + +## Cleanup + +To cleanup the Kubernetes resources created by this tutorial, run: + +```bash +kubectl delete -n demo backupconfiguration sample-nats-backup +kubectl delete -n demo restoresession sample-nats-restore +kubectl delete -n demo repository gcs-repo +# delete the nats chart +helm delete sample-nats -n demo +``` diff --git a/docs/addons/nats/authentications/jwt-auth/examples/appbinding.yaml b/docs/addons/nats/authentications/jwt-auth/examples/appbinding.yaml new file mode 100644 index 0000000..7e4a9e8 --- /dev/null +++ b/docs/addons/nats/authentications/jwt-auth/examples/appbinding.yaml @@ -0,0 +1,17 @@ +apiVersion: appcatalog.appscode.com/v1alpha1 +kind: AppBinding +metadata: + labels: + app.kubernetes.io/instance: sample-nats + name: sample-nats + namespace: demo +spec: + clientConfig: + service: + name: sample-nats + port: 4222 + scheme: nats + secret: + name: sample-nats-auth + type: nats.io/nats + version: 2.6.1 diff --git a/docs/addons/nats/authentications/jwt-auth/examples/backupconfiguration.yaml b/docs/addons/nats/authentications/jwt-auth/examples/backupconfiguration.yaml new file mode 100644 index 0000000..70b58a6 --- /dev/null +++ b/docs/addons/nats/authentications/jwt-auth/examples/backupconfiguration.yaml @@ -0,0 +1,29 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: sample-nats-backup + namespace: demo +spec: + task: + name: nats-backup-2.6.1 + schedule: "*/5 * * * *" + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-nats + interimVolumeTemplate: + metadata: + name: sample-nats-backup-tmp-storage + spec: + accessModes: [ "ReadWriteOnce" ] + storageClassName: "standard" + resources: + requests: + storage: 1Gi + retentionPolicy: + name: keep-last-5 + keepLast: 5 + prune: true diff --git a/docs/addons/nats/authentications/jwt-auth/examples/repository.yaml b/docs/addons/nats/authentications/jwt-auth/examples/repository.yaml new file mode 100644 index 0000000..dae9141 --- /dev/null +++ b/docs/addons/nats/authentications/jwt-auth/examples/repository.yaml @@ -0,0 +1,11 @@ +apiVersion: stash.appscode.com/v1alpha1 +kind: Repository +metadata: + name: gcs-repo + namespace: demo +spec: + backend: + gcs: + bucket: stash-testing + prefix: /demo/nats/sample-nats + storageSecretName: gcs-secret diff --git a/docs/addons/nats/authentications/jwt-auth/examples/restoresession.yaml b/docs/addons/nats/authentications/jwt-auth/examples/restoresession.yaml new file mode 100644 index 0000000..9c5f524 --- /dev/null +++ b/docs/addons/nats/authentications/jwt-auth/examples/restoresession.yaml @@ -0,0 +1,26 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: RestoreSession +metadata: + name: sample-nats-restore + namespace: demo +spec: + task: + name: nats-restore-2.6.1 + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-nats + interimVolumeTemplate: + metadata: + name: nats-restore-tmp-storage + spec: + accessModes: [ "ReadWriteOnce" ] + storageClassName: "standard" + resources: + requests: + storage: 1Gi + rules: + - snapshots: [latest] diff --git a/docs/addons/nats/authentications/jwt-auth/examples/secret.yaml b/docs/addons/nats/authentications/jwt-auth/examples/secret.yaml new file mode 100644 index 0000000..7e92b7e --- /dev/null +++ b/docs/addons/nats/authentications/jwt-auth/examples/secret.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Secret +metadata: + labels: + app.kubernetes.io/instance: sample-nats + name: sample-nats-auth + namespace: demo +data: + creds: LS0tLS1CRUdJTiBOQVRTIFVTRVIgSldULS0tLS0KZXlKMGVYQWlPaUpLVjFRaUxDSmhiR2NpT2lKbFpESTFOVEU1TFc1clpYa2lmUS5leUpxZEdraU9pSklRVXBLVDFJeVQwZFBXRVphVUZOQ1VVUk5OVTlaVnpKYVNVVlRURXcxTjFNMVJGVkZWVmhSVGxRMlNUVkZUMWxFVnpaQklpd2lhV0YwSWpveE5qSTVPRGt6TWpReExDSnBjM01pT2lKQlJFWkRNMWxNUVZVMU5rNHlOa2hIVGpkVVIxQlhSRmhSVGxwVFFsRkZXa3RSV0ZCUVVsQXlORWhMTkRaV1NsbFJXRFExVXpKVlNDSXNJbTVoYldVaU9pSjRJaXdpYzNWaUlqb2lWVUZZVEVnMFdUVlNOazVNUmxwT1RsaENVVTh5V1VaWk56SlNRbE5ETms4MFZFNUpRa0pOUzBOVlRGcExNell6TjFGQ05GTldNa1lpTENKdVlYUnpJanA3SW5CMVlpSTZlMzBzSW5OMVlpSTZlMzBzSW5OMVluTWlPaTB4TENKa1lYUmhJam90TVN3aWNHRjViRzloWkNJNkxURXNJblI1Y0dVaU9pSjFjMlZ5SWl3aWRtVnljMmx2YmlJNk1uMTkuMFFyeW11Mi1HdUVYV3hOaU5MNGRxc1JMdlJ4VGNXQ24zRHN6UTJIbUhHOElEbXhwUG9oeGRGMFU3aUQ5WGdQU2xSMVBOakJ6bXFxMHhFME1lWmRTRHcKLS0tLS0tRU5EIE5BVFMgVVNFUiBKV1QtLS0tLS0KCi0tLS0tQkVHSU4gVVNFUiBOS0VZIFNFRUQtLS0tLQpTVUFCUlc0Sjc2RlpCTjVTMlZOR0MzWVdLRlRXR1FVNTI3TzVSQkdPTVRQNkRYRUpDSUZSS0NKSUtVCi0tLS0tLUVORCBVU0VSIE5LRVkgU0VFRC0tLS0tLQo= diff --git a/docs/addons/nats/authentications/jwt-auth/images/sample-nats-backup.png b/docs/addons/nats/authentications/jwt-auth/images/sample-nats-backup.png new file mode 100644 index 0000000000000000000000000000000000000000..b3f603de785e2330c4b53a5b71505174aed01cec GIT binary patch literal 45342 zcmYg%byOTr(Cs2YLU0J~?v~&VK^J$o0D<5d9DYD>cUcIwi@SSpx5eFIakn6k?>pzc z^ZuIYK7D$sXR533y;T#Tsw|8Ck@zD306>?QlU4@+5MTfRJRb_ed(YILBk=nL(ON=D z0syFqLwh#+@ZP4hkW*Iz0KDk|fWQy{;OV_9@DKoS=L7(bOaTDFbO3V5s}-OlNg zXW7yD?W;k-$of7ST+IxHXq^GB4l^6esuzCGA6vsyZ zClIy!_BQ461sO{4dn6lxGCBO$cci8g2k?)7FWG+ z_u|Tc@x0!UYpcnHh4zV%L(eXz9`-y}784#Pd-8lGB{6b5X(etTO+`q3N~7M3AR zOm4mOc3ko$d+~871;b-{D#h98hhu$|NBQxSHzPqr)r|ev13hmDz@Zm#pI(Iq^O%!3eTknhe>8$5jUNY18#c_`52UOX1*2Ntf{R=u@w7~Lf>-&!x&Gy4g}x?q;is&EdV!&4sBVPXPSoo4`o?^?7Rid1CZNiZ{|J z()w5FNJg+(gk7P(N4|IDEB~zqh8^>AO&75)L>Dh|Wi@xVZ?o;DG%tQ%? zp4;6LCka2a>1c3Xlu7x+MR3MTe^D+=wEn+Q+(g*!d9jL$Dx)ZLnOrtRGsguyJcA6a zR{U~o(!Jq?%1#;aKRoKfYvl$l;UeodC3qwnPi!%~e79+R89OGaNs5ub3`f8$$|)3F zgUWwt(;>^Fdl}_sqe(pNcKfDhi&`oy&r%i+51~dFWGq3ci}sSE&CCQj|CUPg0EQ-p zvNMtY7XB&Xu=FMd=-Jr7($flh&AmN5ct8Ja$A>}z**OGW--i2~k#PqkaHRC-AS~`) z-s1Vz*1++xNg|5$FG-S?t?$#TkVF6nqg7e2rg#2J>x_mGb*ISZs$eF;cF$=!r~BNr zW+Nz>EkcQzGp75*<8#OriZ5{oWwPQCuxm3#F}m9?Ev_!2(8a@^VT;@36w%gH$2Z@t zy@%2XBj+k5dTzMb`L#qy$#QO$18Tc}pn(kxsPZTg)XphO^NB3YyTasX}mJ9Esw$0u}2W@tr!J!A(^S@OE2d z_s)z>F{*C)a|uvI;>(@@xoN5M5O7ppBcC)WmB+8v<%@`r2oH^tQ%{I#66c#?_q6Et}9a zZzYG+V3B`!{Q;~p$rVa?5Xp;DCuEEL!M;_`P{`>rrCX!tz(Wn{C^Klu8JPyPHy>Uw9JX8!~JUnD|$)!#` zquI|k8L&rO`dy3jpn;?cRS`A@*CW~!_V1>~(OHRnsfFno;PtV|iS*x6Dw#5paaoem z88X7rz-2rvunHY;FhaSzM0q?tQNZddc^DeL>BYYe6W}uU&itb)3tj(uRLk;xn7o3l zC9vnlnZ5CiJ&UK-#tzn)r9Kyk8H|3r5rMD$#?wtOJ6$Z(L&<8V8W$WG zAuVrhC9$fR6#7BWxI}{c&_%JzJVlfaqNiO^8t_FAJ3bg@xfog>%qULuO&4h~=EF@wN z&xJ6cJYYx?RdJ6>4CMiDBGK~r!8fe)aET1Yl0azrQyBN1aqIcz&C~msq0st}t1BC7 z3vTX`3{GASS&JwBeyX8insJ$dbhlOAO)(3(C~nbUm{WX;MzMeEfEyi8uQ(^kGAm>Cw9~qE9$#9ba0#pwxfSL+K|t# zjI{+rfF^mms6zF6%aGyD;Vmgn;^Fb9c%G4u3UP+?kR^uwxM4TT=n>?M0)`;e0&v0D zG?8xL%_?d}`bq|+#fclg_iW$I<&IPFbmdJ65&wMwgL1C8BzECJH2GI@D_}Z?{C5i; zCmPA}`%B$fR(^*gyzGA`tH4z}LYH`L9Ht_Y#L08<(CA))%vDRJT#UglOg)K&It!yMEe#B zQOT%GaFR6kzDquFwy=o`lCR*ukG!o!oM5Q^eh{6JnUlop(4(6Sq`I08X%>%6i%morX zEK=J4o~g@4eNby8wMu4leJ+kzDnJCgCRj2rz<6#1#U)Bdr8A>>Q3Dz8vwh1)FC9HH z&7%&$X716r6nv3~=V}^Yt7f^Zq$2*!Mej*U^l!1|J-a&$Gx9%oM@W?lhY3|GJikFK z3INfW;>#hQ=JO|2z0R;igoosWiJG|w;>Lq1#jO`YfIVF$8r<}z!GspV``7iTJ6uJK zdDqtigx=Yff_V(|2Z*51o1-tjT2Po5%oax>Zna+iQQ+fO=nT&wa0pc1M4quE9l}H; zvw8D{dPEb)*;x7MSH;&nAcc^UnV?lO4p}1-Sh*l?FitTmaT16T4i<)R`+M^aX|}Ci zXaN&1kNWNUH7B*xb1+<7!ViS?eZp_Ahj(nF3rf%{4L>Yu6BdvWQ)TpWNq4mwnkIL< z*?jNW0BmN6iXubet2jxM8Ur~+#r$UZlRF<@ED@JI|DG-vQ>&;JdTHwa`q9-h@5RKC5bulXWs+o7VA6-aiEYB6YO zx0*sZY`M$bgDu>)`Z&;(W9JSh#O3)3UBJfQMd zwA)0cVc~+~GK+Qoa&;HESH>YbCEMm&fFZ8HNrt20i@0kzA^V9$7|b@DrD;>gTaekOV324o>94~MDbO`vnK>~M>dXJ z$gI5Q2KL|!-^oYCL8AOe5X33M7k6|Av|EVF9J`;f1cV)K^-7u@n4h!JumI);ca?_I zGc!^_0v_C=gkf_I{(>;QcVK;4@_xp}^nT2>@b*}rb=H{CblGmx-~mrzG+%05%MUIl zJ40t`8DcWxbHu*#ko}v0LV0TRa=F-e7~+@>v%8z!I+%tT#)oGwlXO9%?(djm?71D4 zNMk?=6fN@PtZQ#^Ne>)S$xY3u;u5ilT&9t=LS+0;Wju@9-_9;QwuKW!9zD?$Lasz+ zZP#&N>aZWDUhcVU|C6agfo!ne};Yh1&+&;jOOB5 z!_zAk1i=!ZnRMpg<1!Pg4qfc*RdfQN)smBw+D}Umm7epo z1_KZ#%;R|RjM8`V& zKP3yhC&$FQ+R0#GaGCY!J{vyK=Bq=&ySrP~^zmxEGhL|}!3{!042l|0{qo|8foIt9 zYK_9~pV)JiuZL-`?*`&Pfw-9xvMYE@PQ<#>F)#}l5DnXm8ba4&%!X2Fk5X4lula8ax3)f!Li1V?x=y5)Cf zh95{_vnq;@p?kp zQ^L+1IH??lJBWQxCZ72C$uimAw~=?`w^gFCpi3q1&z-u>AKZkphEHRxhtz+ae)1a6 z!9rjbb!HBoJOkt+@JR?d!;4B1qiFV>hTH!O&PSD1prSIPK*doF;<)LgnHjuMPd6+5 zfgfo1H(xo$3`2#3#-3U2vQr;1QHrFtcup|5#-pLVptTG?X^!fiVpzgd@)ChmN z_fCX}eXT31X~*~8W=equ?{@3I$m01X;Rwjik|>68_lQlXREDSrPa#;jF6n3gmv#L= z`t`pzL4PVHczB0izRT8UP4)}r7WB5~j8(^b&6h8w{@Tx2g2O)P6zD7GlthkMB^7gh zigvM$3~AwHxOuStkRl@en2UN70&}Ro`48=j;^#;(GfNiA=o=9fI&xV~$rY*{P_H_P z_zs_4ee>Gux^WQGIO?yscKzuKrxHmfL!Lq`NelLoy34H(CSvwQkx0yq1D&oVqgBY? zgf+}mi7oxFjQ8c+64ml~%g)^a{P zUd%a>HtxCC81b(pLD;`O&Mvs&;DXhtRk{a?Z>TQ@#iUFO4!7&nFDg`?Mgbq+;)6GY zAx1O#jAlKATLjL-L=p-QeHj*I4;he_!p}9s>^Lqmj$`OX{-Sv}FAR8(w~6|8eY(_4 zIC(#kfA-V$kX^n~Un}j!QSx<+pcv@hM0U4y=|Im1}n4=H9Ml%Cw58SVLU|Y z=7%uXmpVp;&=l0B6@M7QAEl34We>7QI344}{4 zg?^yeyJR(2tsVNb^mWJB%#3mC6Duz{3hLi&4%ScE4uP|uKmW$+lK0Ou{7*!SkhUvF zQlt?JZGd@AwURMSa+=Um)Fjwc;Z?|E=WKi^+`0Y;)`ZuOD?FqW z*(-5=fv=#l1sN|9b--yi@n;SQL`vaqUVDmtE+N5FX$1pS zqf(;`UI<`w-%b`#} zaZ$>Jz*zA%)H_TwRHZF^Nb>Feik1Vo(w#P7X17{_a49BA3Fn95Oz;Q0;HmsupRF17 zSK)0M?!oiA&r)$?as=}KHSb+!aY$TWi=O_*#z5VQk*z;yI9|1o%pY?5BOTj(#b-Gv zOQWT}HPRQqW~iwE>o0!BX31#5di0f`Qod{9+}k4m4TRb5Q6?9wiUrZC)5`Y^4j=@P z<_%eR&xMP9%@2A~gpPjFOA#{D_d zBDRDje0J@ANSI_)rT_Rs#Mox?Y0*?vuO8>|@uo#~i8Jv+lwO7+OL2Fn4#SdZcnjCz zDH_>#hA{fr&`j3wRa8F<0cCJsX1GCjhsZ^IM-9zOoYE`V8#Tt47)HgV)Ci0xB>MtF z%P=c*O~0bd5Ecb#$i;lhRFG!`QU+YAKl+8h5^dS$zx44DJyZQ>$9Sn$HqRm65~YKF z8qMkwTfURPxBQV2>TW6jf{izFy&o0iLPQ)**vD&Lu?KiwyZEjKB{#*SOrv$+$ zWiBax&+I4Dr#+=VfdYK_SQTP@8&<)GOic9Q6Y_Y`8S_PBp`qI!zCVsoS+^f~kZm5r z3y|ZtvrBO~P)Vb>4++YeX^Io7GnW0LyI*?-RbOH2vsijXz@|+GS9FpkC+T4MmxwPSD{V73}AnY+VnXKY_cnr;Z9i z2*()5{-*I7RM)>DYbTtab3oIW99HF$2mjj*8!1ZCVO53$Gco5w8CJHm1T)q#q+q6Y z#zm3!@$_2%$ktxM?E9F$GGa*Mm+!~y$tTFI=dsGZGRscmaD?h8ct-J@{SjJ^B#9C* zbZm28bGkS)BiA(eFss&?8}hF-hQJnPLY^o_1zEP|odENDcVVY3*drWXg#IVgT!R9BkS3L3 zHyU*jgpG=pR@sSA2aI*YJ9 zc8`j}*K(gQ6uoZh=|GSB!q9V3tL|FOhS9 zZ%)}vF3ptyX4;+gAFnV01y%I(-~ziLh4#2Crlv{3-}!UXQ8i!>`)W!S6JxqGV~%1S zV{ffy$Mz~+RS}H6s)o&NR&+Gy@h7&=S0Uu@R*dLo`eTF!&OGM@epU1PcXlGgzb zwdi-^8k9NVVh-p)`i(`RnYjC}%bZ$e>Q~=Yax%v!PI`(;Lwc`xE0U-+*YNXdBr0CL z)LRR@m5bEWGqgX@4OYv7LhPsY(lzy#pGGfH=;<&Yc%B#gJ=3@SG?R@6$Lmq#K*#gH zQj$#F={N9<84V6@4Lwc<1A!6mLaG9b0S1TB^4-Mfxx%@E+tVuzG{oF2qch-It{1Yh$A`WkVsVHKEY_c}LPL<0?BOgxgIw^Y0Qwl6u zVmeUGj2HE1Fs_N13=9=+=H8h8I6jL9lF8XopBxqVe6rCFK>%zZH^@p&!*)^M*3&lb zD68K<79jr-xAp&;MpXFwQT`*5Q%E{${Pv0>UgQ*;i2+MqIHpT(@Nmx4#Dn|?dB^~oNvFa%m zYuwA9rfQsn2FBqqG`d8Qa(FPC`fuYSDmlsO9r@P^e^}G?u4ToV+H`z`w#A;iR<&Z0jf87gueL` z%HVGp)QFQe;yW<>BJkzS9X_PwC5C-W$9q?~^ICnfzm6>p(1XF~a2G!B@N&4fkXBK~ zFoM=4{>H*_z=SDwKlVG#m=Qirr~Ub9#=SvDkc&Zoy*bmBRJO*=XtYhb*B++l(MZHF z?Qf5U5nK?%7P*%eRcVnQrajFF_2XOri#|V+Ru8W5=}lemtoZr(sa&9Te&OFlR9JY* z+rZ5I(Hr3N%^Z17$~TJs{;S7Y_wl}xJkOtRn+8*H=e!TCwhJ6acN2CvD+_-0>%|~MQt0UJeA|ETGFc7#!oS&Y_^Z>k|5(n>44Pez@F|`v z$rq;f7VyIGf=DPD+POBVt5h$cV%_+Q$3{yoBy9~k7jsSX7WN)HAd8`{Z8~592?gk^ z+l(FV{0yHXC(3?(tu|`b4O1(x+|H}%*L0{mhe^K7Cv_fRX31zXcAx)Kj3>rA;^xDC zL3jv%x9)jY@8j8xiH{Bb<-}!DVfVaU&OXBH{p$`EmlK#t5Ttu<)X+V3#fe3t#~7+Yq^K+hTWpIES-1Fl>abNGeYWRO1RHQA!*F>gHcZxz7yS=#<}qr-QlV%5l1`hNR0R#~lJB2@Wcs{#_tsYL9o zwz*DSi7Zj%N0-ZT{$z$Pht$kb{x6yT0yM~ni+|qX@r31W8iCoy3{Qm6&DKWv85(eZ z^|Q`O?ArL0A}`U5W4JnzCK@DbD=&*UQA{0htuF=H$(O3vU7tUjPin&jIIk=uTo?3t zpZ5vA*l+%uTu$XfA`w?GI7cG&A4JIe2kUyN820Wec!K4KjZ1$|R+`iO85=#Q^$=*D zTZX?usKOvVxbfFRY#O#mPX}@gff>opZx>XKQ*?2j_Xvf+Xu014KxewI(=fd{t8viR zCe%JWho$~0q4l662+g_im`tXbnEi5n&coLRwl2C#G{eWMZeP~7x)xnXS%Doto@$ik z-e{TiI7sNHc4hvh-+TC+)c>`QLN@V3-Fo7=CBW!3wSCb_Oz%$&5n67+lt$PMm(-Bo z`J5s%(C^&1=saVpA>z~gK(6>*k2n-qyh1CE(kM-+>woC7I7*3bB0GV<9TTwZO~d6c=-*P zPY>^6!(S+zn2HCKbzf=rmLSpx_Kk9**s_IfD1v<(s`!85CMbWI>IiaEO$eenXR&qf zyqty^ihJj%c&auAW9oCuCrw|mn+f*49xL(<^S?xaXt@!ce>G@e-c-h3Ml~J!U`my- z(AszX)>GzLZQa@|b~3r$n3o z{=700C1^ga+XNrIpZc;2rTjxN7Qw1ke1a$xdAjFEV?;|jWsY-|=X#Bm{*wYl1rHBG z2HqZiGgleNq#Ny>kW)JzEARW?x4~%ZWea!<6U%H>CTnh~7bICFD^6`wF25#Py}3tZ ze0Jrck9m^_hZ#v?;g37_Nc1r{*4%c}SsJ}O4c1UB_Q$r06w~}>d_PQm!Ym>3e{3jn zORn&!Kt3sd3m)vMecUM;<;`{I`(nJ|nk2g1u|=oO+H7;vq5gK+XlZ?!#J4W6n6%?p z^cr*IetR3B3MRujeoySDd8c+R_|B%a>SJ6c$zVAl%~^aJX3X**8UJ1JWS^l2K`>cs zT~58NGON21e(Bj8=%itD{1h)_WS!OI`|aNv-!^4fnho&0z1qh01wxTjvR!d}RKwd= z_l`;uHNGzIs+nx;@86aMybVxsyMp~kf6k5=#pdRfyu1CVP@Xzy!l%k4pfqXJ>E0&` zCQPvG=5^oci)wTxWbg(vGaqYr|2}HJx1_DkIx?0a`h2)0!@=t$r($^ze&3m|K5J&h zli6?#3uI~<@*R3ZxdRJ;zEMl-;Zfw!O!Tj?bn6?{>jVGYA z^*9EogBczjWd?T?Pb%aseKom-B22o>~>~SUmF3z4gCeo!RN?|3!>}#49DN zJ;Faw8%V85aP|eloX?~qUM@--GYf_0vBT2H!j4nLPq5m8(RX!88 zaM~yCQhp9ch3=fG_N%^d37Pf(+6Sh?28FFl5ba-xAivCi>qgf~;N71UrFS}4e8iU} zQTx(Dqz5ADjfm&V1lAETD6V|wK*XX1MO2B^ihhB(?d$op%b5e6tK zp7YwzbyEWn&sjc_8bA+OJQO!FYTjX~AQdgR7oj&mf{^}EkIJrT zB&6|}_aXghpFLoJGkaJJRh*w!`@e6-JKgMs&MoU4t^xVoZn6}5e3++170rAYFF%G>;^$g<_J9 z2oaJ;o9hC4zoYN=>b?xH_?KPe4Tw#Hn$30gk@@%Ag3W^MD?D}b-304Inh}tDk$gCf zDwo$#Sv~F7NRTmpBNxECP#K;{lac=>5@q(nnW15@BRKov@otLGp_>5CZD`aq-ND7` zU#GujPfiE|Cf^0+0Er>6OLDKI9#FT7&hQ!k5yo#+E(>qTW<;`-AJ<|uQKv+cP z7Ps9cL!bA8cDA$K``RLDYu3XkP_xj>f?q_*2FwcNkueAtQ(={T2Iu1Gk~=p8Lg5sw z=@_nO4v=PpYie3 zV+cU2Ts4~t6}FnrTZIGuDGoYzb|!xaAk8(n+WE5J2{ja3GZMNy-y!MDiZ{3#rz7Y* zd);q5Sh;LTm?l<;MG;oxSp#j>S{u0@o)DZ-R>t$Zuq)oQrJfkxoZcR|G7Qp$0zVX7Q)8*^Ifl_SjdIr#>RN}6L}NT z%3!jukAZTNS?!wTu(Vyr;OypS>&gEqYZ}TB1zA41{p|Ej3adDD!ZZI=3$!k$gS614QuOF4)0OmW$SN~Jy^$873K(z0pMp-K@RsYZkpc3B0$n#A# z;9M)fUgBZ1S@^lCZ#^t#Ne0zH-BbpJ3w(Bw(;|b!q!f8(I9Uj~8-}G%1z?LPGp6vvIs% zP+k0Xz%(~4m_ux<+$VPaFsez;w6A$l713l-!h@;+F~W1=O~Q z{B>tM4N?^r682N+#>ag!UtQ(xuT$xoV4*6HuTnP~WBSagQ$72DqWFm?J!o>S0n~j~dG{{q?VeZSSL~ z(SLg^nQ?Q0pa!<{|E@{GZ_iAo+aYi#0mw;DNUu6Q@b|={?3*?9Kf2Z@lZ#3bnQ#! zdrf5)i~rNaelQs=&Z1M55vo8ddclAM@Pj?hsD26 zOVj~u-?p+wFTY9OqoFcjl}@^UEcZ+A9?6fJgAE&x|JgF3pbQ5QlKHpKTenZbBW^u^ zF>Q|*($c!5iq~Gq?`n=W(j}}Wu)uE^btG*&at784#LlvWzUs$51ykX#1fEP zQCYzYebK&Y6+o%7r)Fy~zoh9Cis7gLIS_g3I?mEM>s@}yh6s|Ct&33>qW}3vV7DBt zc{HhVOb{AAn@1)=%+wiU#s97iLqlmp_hvOX(JH8>?h{k8Ly03`{i5Sd$?y4%v zxgR|@@0ssxKjJQc;*YL0;kvF$JuRzD0xHhQvh!}1nl`9Co>|5rHJ%&~u!r`&INbB+ z&ZTJ>#x~k-SYz!fLgoFLPgHdNLZY(!8_Re|C`%T;Aza%%??RH#pdb-r z@}gH^#;4+{01CGR>^quq15w)L_nIGra}+mhut}%P;BMCOf}lfd@Gt6g<*;5izvdaU zt^eJwvPbXu9o*MYS+?ea>Kfqs^0ZK0vWEEVXZ_P4HM?}W)9H~+2%*u@bu`BnFiqrc zk}%4!;HTfU=Y%cV+76Q&wGO<6@-=ND{qckDKk<35+jw~IlJ?=hzmyNP!l-+2FiS$p z%$FNE?|V3hgrE(%IGQ8IieB;L!Gn$hfRDtaFr{9uJ%F>dUTpKG4JR_BQ~Z> z%8!D}YbEG}`O{WzyF{q7C3x$Q zK+fuYq^Rduz6;?Q<&v2JI9T@yrs}fWEy4ZQ%)35tMhY1t5v_OdX174XPG%|oGRarZ zZBxAef>T7`p44@amHs{Zf`BX^z6s3LA$O-fIv^b$_)j-rG}Z3Wb+cPs6+Fojmjjdk z=m|7e^TN1&kJ5=)^T1rbuva#YTnnP_kFpS

    u^=7v?Y$Oo!l#F-Us)#{-IT_~B4O zn44^h5FuRk_g2ZvKxyPrzWR1Wf6;s~L8rOcEV(g zWfPPKBm~IAXe?lhNQ=ZtmZ}_teLYd%*Ch8rr@1rzfIFNYZ!ZaKVUu2M%8r7ymfYH# zZ|B;6FFBbGz8=kRCx%^Tn*m}EPLCA}lk?{=$}-MM6HnG@y*Rx%(%rO#_sl!0+20$l zYIX?C2g2dei0enB3c z*~pV(zkKd1pkexa!0WTMq&8=%?F@3<@!>Uw)L#C z-f_7p1(+v2S$s6dU3|On8*?-7V9}u3)+g z_ozTvN7^WpvVJ;8d4~X+X;9@BFSv}(E%k+`*c6?KfSWV_^3}hWxf|7g}17 z^8mRZs^{r;~6jgjs`Kb_MYCf zyFVdQ%$}9}6(l*=3c;jCH@4IRbM(1fSple)_$fYl5L+lnu z%4odsW_ysZv77n0`I!x&^Mp>%Kf33d5KsGc*UFa;6)`%$b5iJB=e@K}>Y>b%8!T_Y zUIv5^gI+TD)VIqxWkrM``Cm#dIS#a96Z3QT4gyOR?H%Y_HBM-GV$vf#dG~@?dg1l6 zMW|WEV^sNsdh3s!@McaCl=inrDW!9vwEQ?mh2{#!y#T+LDkztAljDZ}d6?ba@+}-^ zHON%ZNvYL`z~psny~Agv$s`xi#lP9pGf@%s^MtH@PEnEN9NOjIo-#`<#Y;yoJybvx z^M0TJKH{~N&gON?o@J3DLC|)j9>4TEUclR+B9I#@1DNQjUVTCpZYwP(4ZGG%wxHVA zV*S*nIbw4{o~iJy-wyLtLtB(UR#&ZjHRnUP=2=;hrOqY(vw`;<`e&T2)iwo1Pcx!a z?J+v4vKqjgC2gfs-flJGs7m#5Y2x1^@+S>&aw5b$Hs`ubOMLjzF4Hx8b5+j8SSi5i zyF#mL@{NKGZ>bY+DGI*T)>s1YoEa$;-%US*oV6qY1st4oY}@oam2p@ubxhtuwxWU$ zS{5bqYE+qEdOG$PF`K-TH=Vh=$;&?LinIFr}Zwp`>8P4>2kyd-{pcrF9 zgo@7<)g2hKu?z^8R}zn4GD}BG z)R8>Zk{|(9v#hA_Ae++j8FyGc#0i&TTF9ONZAD`WX94sJtjw`y1wX7 zZLO5S0xl!e)Kw?#{CI%+{HqgYfAv6U~$uorj_RF^Yx>p-FW<%lENt|+P873&V1 z#>{RbkF?EIbfaK3h+O&*UaN~Ta&I<(1?sH-&sH*Dq^ztx-As{yOOOn(r!qHJE1)2a zW@FlvHgjo9ROx3~pAcT%xwEK+`oo^Rwi)A_mTl&6`Ga+c{jTqWTUehWDrUnJPz-^4S-Y-zcaT+Oq69IfmgEPJY5H^WKB4&c(bTkUq*W)Z!ji{ zoH{#9bEgQ9^|??xjSY}fYhA3&0jH%^_fh_$bViRBx6iu@Ja2+;6KSP0Cbc&j*j6q` ztp(YQ9}=4^NH%Zjxhc}5H&n2U5@v?VW7H5^xyFvt>mQS~v5-rep}5ie6c>pjs&OAp zJ8H6$!HHD8D-6~1u<#$wAsNQI)DDjwFaV{L=Pi4evQAcR?AFExc)?MXO5Pp+^}0TptB{?^j}t;ey#?0erg2 z83akJ?f!|_S(U0{{o+FPBK|zfKE|B7GUPF4*RuIGYa5#ncayO5N^=TqWitf3p-OM03R4pw7bAiB9r9U+T+C~Oi}%x_Eb zn_?$p_e6tjC3HFR=M(^ z07n$-!A;oF%~C%aL1H@r0fCQc=(;XjVc4AQLP{Q#0H-FAq|ws*j~ef<7i7#3hBL3t z4mbe4LvD^AHCl7!IY0<6(!yRP`%yl9Xx2M7#K^7QqOCQ}_OMr6lM0t!M`z2MyUmVj z?z65V78oicc?pHn(x%hRnwjbg9(W=Vy2A^#^^;8xB-h9F#1`|5UC_`XZb4VXv4Q8|!wZ`nt+}GLrzq+IPm%?5vj?=6)59=}OZLI065sA&I~Y9-%X3=1ey~!H@-& z?*yQp$mb`_Zw!@_ee*uk$=TUB4-0M3DE~iX?#Zxk_u2<|YaKs@YNu8dC zItN;Yes`gfmI{^znj?2Z32@~{Ev_q0;~n}k-bVyD6$`*!kG#G+ObNsGS!+I5a-+=;C%B3J^_j!rY)%cqQ zWWH_0jjp2wzippc3MI0`SY5l*R9gV%v+>n&tKIymj`R8EHvzAeci^SlmzVdS1qI2b zFK~VNHnj%JKFl%yvsdhH&B;_$F1l#CXF?BynNj0uf&B(PnliieJl^?B_cQ|I ze03~CkKqV&BQsZ-3ouq>Kc0-;3@v1%a--}F`I%?Bgb5W51YTIGzeqJ_9a=(_fuXHXq`!8pX+x_M(irK2v{i#%`_7-Ph6utE5BXBBhRcY z`A$h>tvY_<3J1FqeL&~pHvMbe%50Umj{%=vm`I279+!Xn_((UC-{D3~{BYZBshs>c zb52K;s9IPU7?W}4icDKGcPX-^jIxCTf`%)EJx{k0^jlV@bPa!}b7>BhGEviH~+b`X?5SpLDW$0Qsy7WiEl{qLcD5u7<;Vr-49E2YDecy?l`ZE zP(NW|*k-`H4dLSsN;7d^HU0+fawEl1eQ>a&%5W(iGZrs-tdRKh{x!nZXdqh7?jTe= z{=;wzExt)2&a4ahk41ccw}gX#q*v+$7y85Iofz~1@YkMaM=4ts-~r@=__l7$T&bvI zRAibqH3yXNjG5jmulf(vR;|8#TL}n+dl=DN_@O0WLrb#X-i#%u@t_sQkpHeAxaf8D zH)!5T_2I)zwfKYhh^9}KS64>7GijgRzY&0F4?Q zEgSth)K)BSZ})N-r+1pAOrhS9^MYye;Xtf4ru~}uM?7tAO8gi9)*ib&2A}{DQW3(E zfa8g!wy?ydlwP&81gHOD$rFfdLuk-FfHr8e7fk@_nZi@;F&`)9OX8J=ISz2Q{wXF} zUDxQZIJxwcI{8lDs$b@ht+Vb);a@i>mejp3;sc=jsl6IFARX*8X|!%hPYU#Iv$DAO zfAgs?l{qV7pE>>XDfNc(6-K`%dk-R1HRY)e+^HRQN5WiDd(+sN4Hf(=8dHN!A0zo9 zi@8k_w@g|NNT*?=6ss}^6nH0{4F^`ozil>ygL#%s1lFb-UakH$SjcNt%YW~X%0MFP z>@n}`H+vklanW||q0MIdBgb*2|MrtzCH*^5xESlRo8;{`0Bes}P-Fk?eeT-T998ud zA%M@{-)Fp6XX`O;{ev{5O7|F{%GcSe{|lfMgSXtPnYdmB=w|$_8J7(JC$tjX6dm@H z76q=8U{uiPPC2}7wvS?aqH$_Q5JF|o-wCD!Kt(=65l%lx`I_$daCo%O7@C;8U4`jF zdiRA0NwmG#2^0S&v7)F*3V_BX&GynR&RgNM&5>wH#YA zZdGeE?EdXq6Y^G(wr+eqDeSbR27RZ$NTYm))PjEZ6^hc30!(EKu@}=p0|`4Jbjl{8Q zw~*un+Tu?A@7pPD$_AB+MolrFj>(9)kFDgl`zd%4a|Lim*e{NT1QL0{Mi3z!kfOk9 z#Ak81@5uh&;(qCNyXjmP_99?x-lW!XZkxoeg zX%wZE6r_=m776JPP`Z1JloAk;k`h6NG)PHz_vqMY7&Ur~vF+RM`*+v1?cJXDdG2$c zbMEu@CJs6EzTui5uj*wxUZ~=gN%Q6%9%J^Qmb~JO&D$~CJfhTz|10ly9)?f#-l%Fv z3FT}_A&}kqb(y5=^0!i_Cl`sdb41JV_v~a%is$`$+4_W6(q9 zeWyu#djH3fXC>1#cj@@&X}`sw$7Hx8W{MNNE2~D(8Hco<&q?XSIylj4>W}e$VbNZC zhE9mAk_3cQzvR*6LVI?1XzP9RSSq&cE3CF_yRnWq>*TK|@Fv9a0MoayNfMaHFCDAU zqX#$ex_X%pH}0W90_?Hf2hrvFZ&YJi|n)Y7Ix)QBnG(kC=^MYDVbcP*M(!pZotNc3fA zWF1!@q3hRM4h3@}k_BypLAvgXfkZniBrVx-X;`ls#e$7}N$>W4s^JIxnX`lSA97Dw zvm8}MOo~%;GoS2tiHXA|vv^cX5}~6isUt_3*CeDVOGG$aRJZTTZmXL~nnbxPVZUg8 zD$WISL59WY}#l)yfOG`1ueMnk5!eu6^I9k4)2J{eQ;9 z&KLNzPVz?RN&!Sf!k{T14$qXf5}87}a8-P`1dJ5vRdLWKaTOg%Q7NA{3%s)4bo>`P z;CmJl-B9-K7>YVZ$%fCwPrb6P{3zFKmkGY=s<$>jnkdy^ef5&d)u>Do_$Q z5-@i0uQugPlL(lH)d6*(uYRPuA2y~sP=TiX!D!S$&$#G$r%9LgI_yk!)bzmx-V1BB zUGr~F4yWH9#}-o$%Mj=Ae2_sLzvN@?%%_?io$mw4;x3X}(r2La&#%pkkw+WOh%J?| z_o%-TC3{uht`Nn|oWfCS2|R}7KRlG8f(>%yw)#z$S6GC04h?1=EKZHSu#7gS9Hr#S zZg8ZycT?bI!|~Q#Pyi9FNda#lotF}!AgN`hH+fK}>m+XxL3?wG`2l7qmgY}~vjcFY z75njiYx-*vtDvp4WiS?Ph0dVxyi@A`2E^2+nZhCRp=lYDXT;d1e>?7c`{-hS08!xY z4&-|IC=^Hfo4VwPf`bU;A1SbT-*-&85ji%nQGXKiAE!;@E3?0Xu1Xd` z-ogPrVm;~-AGty}g|nu=zp3e6K@eQnXnuPAva=qY-TmXF@ZMAtiwSDD)NeoB>Ci=D zO}b8}+)}E{`}-_p0BfAK*b+;1bC5r4(V;+a#NM*h4pZGrDrA;M#s{4I)h13HAvt>} zIcwxEc!DY$u2u!3f@Mlqr0}FNpnYzJjQ>W+-yhq$++{DYwgW(2!y^{fP|lVwVr`)x zKNF8~ZC6AmIgD$GEkj!)!w`1rho6hq)4^iP)eYN7sLYzzUEXBZFmdLcKuJX2p_4Cm zfkR_|3;xLc0C2OBL|hQ0AbrC>56iRJ$@h_xH!B}d%dTR35Z&#&OJ@{j_Nb_S?zxKa zmm;uRM7Ynkum^wnQ@{n@Vw~UY35vKSwk8z`8&}KI863NS3z2|+GwKgO`gXe#s5RQ0>nA7Zi6rmNBT|(_1n!VO8c*C)g!h`HDD+JXjR;^|!22@m zmY{e#RbgSM=dksct|Vd(yOM?QbWq~drm{pMNjAGH*0+JDr{1?>jlQ+lm)wHgjBx5~ zWFRR)*Tcx-{6xp&+l7w9L%oRxS}9CVU6~u@QQFB&0=qCjJd(@qm3xs4iPU+qbT4rdvAuceWYZ{BW^2Z=XV>GYtuCFXE+0i% zKQ4_d{?p`Y{Vcg8poXZynEmYs1>S2>8m`eL2vV$^v_BQW;kIMcC!7^guwTtGwnI(< z8cI*CvsFiwJl0CKn9jy&b!extODNlg73<$nf~Bji-wsz-Ci~nQ1s3PNl_=lg(ehGV zgoteGj>NcYoEpf`^r%31&5dZ;y(Aacla1+l@b&%EKDx3{Znz$l!asGg1-HN(bj#$Q z$LU(HhP#~`YUgoD3Rjac1q8!aCwb(&k8hODPd9Z#o1=U`!Dhg%7Mj=G7w*ADmM zt{};kh(R{qu{^HaJ7Y-jAgs9yd*FKdOa`6Hq60S(c1`(eT=vs)8s@t9OH*Tp;;Mt_ zpu<^lut5Al)Gtx;n}cRy^)s&7d_v*QropR`S|SyY)PoX)d?@RU)xXH>u%Lc3+Sx=E zgx#%3ryuO5cctTkT3$682IRlL)>LoRs*yb*l;Z$VSgY@PWHT`1*5@bt-|@=_fHRf3 z(|TXa1G^Ri?lnL=*W_lW!xRW+<%VCgCUy;ssD&#Xz<&~Zx>`Mw1 zTVu&yF-fjH(TT!_<(E}!(tLY^nsT1);5_`Wqocj}dGs=&1T2?OFwxhtILl*#C??HC zmi<9voVTr~a7Jd;@KH2hTR7b}Ph+N)kX_YUZ1D z-=csWc5H$`qOfaoWToFsAtbu;(j>(LGd71>|Hg!ZdE^P7&*yPQ+P{W(Yg=E`tWVSl z5w1ru$=-!ji?6+Zt~PFTDYJH4hS^crj$9hj!Ie&>8uouW3=9l?#Be}IJ?I#(Svz=~ z%b>Qhc(kJI@7=ky!`q~RITa_aRw~lR!c#_fI!ln<*2RZkFzK9{IPT$ox~^u zK&N*$eb?3}+kXr}m2Sk&Y4Re&P=W1ez*Yl_sxxFal%Ze^H7_6e1Vz1|r5wHN*DJt= zh98?7vO6B)_(MIJTAPB-)6)0^L#cOW+3vw{{oW3}$y-h?(8YStZn{8=t^($#-38+e zB8;BCBc^xiV`)Ly;Wr>SRS1h1cJtgSijp#4nDf>mR`2swk}_nVj&Zn*LEgLDHVx?- z(55~n&s1EKs>`+-6;v<#r+I9AHCBh&aGI!@Zw=l30^TKs~xYQlT9FbVeCV17bV-nDgKMA zn!V5JU;Up>a|(k8Iodd+UnhR&Vb?RU@ch7Tw569MEOVk{{vQzHng~&EBU7uxizwHs z$uIcYk;j{XrqUG5a3!HHuk}~S<(Gjurrcjv7q%Ts1t&5w@9oa5B_Rfdv>p_!^6?#w zUV3&qs3asW^}my%crf_*>45u>G9?uJ!1U3^yOyjOv!3Lx}8yi)8S)?JQXKKyHh z!;(koPwxRIA0^5VI2`5?M)dkt9_^d2k5J=>#k@q*J#^oB`QOhWE)g^>6)tz$1g1h!<9OnsBDqloJu_l+Z1*kCS@Ob4G;6) z{ZU7EE<-ApQ-UjwcW*_m^v}i{bO|u}0V{-Xx#D)?pbHCtecLGEKU?YhkrJzah;i7g zL_qBzqwr>j-X!}o$nle(=^;mWRuG|+atXFxk8PnYRP`6_z)J*z-jVsp3y|w!xGJ%@ym}iVErs{oZoZ~1^mYY!_ERhS~)5KqS z!PfT{q_QTzYpFKwLH{{?lWJ(?(7C6Ma{2A=veALD?`UwP8u+O3QGM@aY4=#&JV4>% z9dZNp=IyG#_I`lYzy9>TGp~;$FIZ>Xd-r84dx}iq&qb-S+O;? z(V^zYeT5K$0kf1|8H1R=dJ+qH29DFA{5cgg@{e}s1NKk`+8sIvy%X9gNd@j_l=WV= z&9V?7=jWTRZs;RBLaFFQh|O6!8i|11{!<;l8c01lieXb^sGv_xj_la+h z`2w$xRmr!Vto|eLE(e`>V=vo{Tll0a_xv>57c+(1t^3X0N8B3Q_@WX|g~vq{XV{i$ zzCBtY@plaVqPAoT&xPN60g#eAO0!K8FZ`3nZ`9#oD`r0-Qtw^xmLJ8{HK83q?crTp zYNB}wXlR})3vGve%naP<)FZWu?m-AD5fC$IX#4dwQe8U)??daJi7e3Vmw4*5eLQo$ z|AJM0=$&3Va_#9)&^lou_fyJyK#I@WX#2SLSrQ)xVwD9Oo9%T}t)pMW5Es2af6buB ziR+1<-aiDKExKTxC%4zfD_AF@8yLiGX8>o%MCIhbUZb$%Wc_tLQUpyjt;k zb@{Jz^>bopr*6TZR0jt*`gI@QLQ{&Iy6S2NfMHxx)Ak4V&av*>cg2_)k^#T{7{w?Z zIT~^FwKe;O1s)LSCojB{Huov~=)=p!_!N#bkY3~OX-}pq`4gl$pY+Rj$+bUTO{+`# zyI~!OsT4q!ZldJjE$Y65i!JBp`EIY9^-nA;u0NU^lW>1Gu|}J7X$DTr4T@|>UR!(F zE?ngjWCGu}*9PNFXMK9ZyGH1?vl2IiE75e)TM*FBPKwnK6GTw_jl+UZb213((9&Hmng>ZO*ro3(#?zljCG=95)r(hABg8Iv=k9<@=n0`4!TLZEep72! z%>v?571VQiow%}V-7LKrjx6=uo4$)NUm;Tr!LE-5Z3oj7IRvdJo~>fKpUgr!-7t}u zZlb!sjZN@r{HfbOH5c<8in`Q>0bgtD$vXwh(CF$2h;tpH3bAQ(){|KOkL(NUs6YLd zASV>u9n4uD1Ys#d9~qz z@A#1jk^4Kl!-J-m5Op#7?ucpOKN*=#)>3bOMdF%{kvH_6T=T7mIYn78DY^X4wGfmP z0`hnP_-G|s2<*YzCFT4@jp!R^)*lktL5Rno zc$We|PN zs7~cy%Gv`BGx=CpYA>5$_%CoLGZ@L{r3JS{Yf>4J=htd8U)CDipFQly;avT6hC<*=VxY zbVGW*OPd~=a*AsW1)y5j%>_rUurLyC{2t`52Hh*TnDck*)fO8g-C^xzn)`r0I8^t% z>I3Sw-1Lp=a?wiJRnp1caP{_h_vPec{RJClQ`{66(N3QFnct>9CmJ2P& za5)n3@HPN)kjyms_ggVx;QbH1dECZNO|Oj>WQ8zohN1AD~Qa6s)Q$iBoLBtH84!06{k zU2Vw)XsysKo&OuTVtD~dJXldqcKY#V1tJn>iqP=*=d`h4ALUSDh=-8@J6B8gpDD*>F z1*DgAesqm^;ML?+q5-rR-}Hz(K3}_1k)M$hC3H%91AxDsAIsMGL{6zbShRmx+g!^V zqZsnMF|{g*v+KT0P(!VUx|Dx~IR}%C&U?l5qxnJd8g@P>)-$6qsr6?|xBIKZ2ltvn z9(*!u($6Yng#!y;X0L$EfAr4%WPxwpj6E-Z~6-X5PJY3gd|=7$BCuN zsBMaD%TGW8m88dotX;`y=jgOS9jmpXpVc|r__CygF@PxR7Of|Cd@2o!2}8_Yq(r5n z1h{aVD$%kg5**-e)&*%J?DY(P3)-N4k3zZ2N*hxu3uOScyC6gI0#gjs%>*`8?)qS{3e2=XH~M7;bj*Iy}m7%|CQC`QJ@w~9lEa`3|9XWADU2rL7P=2;;}B5 z73iQZJybZC|Eg-Qnx>XA0>vn&DeSn>@hpP8s7d~L)WsphYS%xivp-P-%i z@@XhwRu6O%L=2nZp^_C+@9~As=YJ;m@y3_=qhLcivN2!&=|<`36x#hD)jcYw)O~?x z#@v&xq4Da~r?=UqD?}r6nec=qdbzZ-L8Q^`M;)!+JTrmu53p3y2 zo7Pxb`j^;=)e4)IviI0@&drm!@IV*~VZsi^kWd!@yk6p`3?QWY`%yNfDadJZYyu6l za-10Rhy;JR44J&!4KCVKZ)hb~uof3TfbLpo`ddU*RHEF^{G}u1K=jCo_=~VhnyEehSW(k z?^R0WbteR+WyN=M#{S7b)cWiyB)}-sM5<{x@K#4AGzq;yJv@o6*@D@-;9Zl+D5u(@ zX4M)F?@-TUE|DRx-?7@;-#w~@Xx5q5hZNIuN;nJ^v%SdAU--kopm}q$Z6QRLS&F?d z^dyed_X{$Y-w(@$qDmj!n_X-C@nWs%YWjuj6ryrJJ0{wp|O2REB;}?-!7D z+Z*(m%r6H4)`m0RDLIhNOOhw|!qz>u8R``(PYRO(E-QG<0Q01&VM)QBldu^c_0Qe4 z4xQ`HSB=jW!JJ!n7*JFUU~b1mg+#PmVDAYv@Y}ugtVXy$GkDaoMdncyeM-VF%t&`YJAb6cc&7}P zjKRT&Q8<`@`@OM6^2fARRy;~s-P}?y%_jQP%2bo@Ee@M`VKb8Wt3N92 zCj1dUFr#>$oN1XfCqrNFN};UOw?p*ustT|q6Pb}-WG&RMXo~BwCFeuJZLqHPtDki$LJY$>Fu%z$*ktd&FC|{!x-hRFv`qhNg#;&+Yp)GgS{0FjPa>gzb zUrfIQk}cxb2CGnkkBM!WW@ZQCq-Jctc-xql46f)o&1jY}j9$*ozjbSUqSdt>jGyYD zRH<&zCMt`YPW26*sqFpnVUt2DOkEV$baH>hsT3QQ&tD*&SvrLQBiu+b`BydO`!D6Z zQ*8qsCwR?u#I6G$o=H}^(a@=nHfnRoAIiZV*?ssck0=hoPmSkr74Is z6EQLwT9hTSSm-2?g>aJ4hN-xQc_;CygEo5?Tu zi}9HkjgXD$sEZ5rC#}FnNNEXSwWZ`}J)wMjJ_&&~a6}C(9rcu+ikx-#^C5Z2N zR8n>o3MT64;`cJ{aV~;Z3)fx$xDq}(*y5a?VrucBF~q$PJ_j4PwjSOpi#48G;+@`=N5GU4yC)7+7ZKoD{E)$zCUhA$e6`7l?bH+9YoBhrR# zCPN8!Jo``I&dNa9=;Zxz*Y-fx=d(G>6HS`sz&hEFB%?=zx?>+)xY;yto}=S#j_ucP< zZjQM3sO$(>#VoU5+P{13<>Uo#DEbCkHmOL`JQ#(p+)Z*+FxQvaENK(xeHBOlyomI9AxsR{K$F7X5*f>U60py(fHI52vd7G* z%>mhhV~8h(>+0M`woe{@K|#o(9M&d@4Q%&-;QNOb9|JP{r+Qo1dfHEZbt#u?!y)NK zI!R~NuEiesVr+Gq(s9g3W4=vD+CJ@0RXxo2*SLtD*y@Av@LxbuFku>FK`;y_z!+4! z`?%O&ic{D>|JsFVS8pJHJE!H_@-$cQXB!-C_{R6R;M*IM(T%0QP7G_zBi0?Z)CbQ0 zCH2vcel5cIE4;V9c^%S;olym#p!#>CQuHO|3ipqhSYaY_FvYiFRKIX% z9M!v$asSV=5>WB4nu$NyxW@@H^&6-vOT(ggOY4|YaLCfT)*a%> zhUHr@Htclcj2IqSl?maqb+5pwrew#E)7zz6IkqequRj(d@U9dW{}7UKRc~ay_IO-{ zb6@+U48$ypnV4Q)C zA2JDNc#INuRHlUNu3r2SVIfdSuwxfM55lk#^vT%s(CPJM8q_5tSms)zW11G%?iv zjk!N==3&XK)ba$f3!TBC7fw}GJR#m5q2iRs779hEWsV^g0X^tt^(xrwJWqjf6S}(P zB!aBz_QZ7apUx*@G5cb)+jo^A5=`yfy z2tYQ~A{?B~<+sT%j3p5}*r7%*lmt~L;hJ@(G^({5Bsx#zZD!sr4Cgt*DbPuFwp)kI zN`cTrwRIxn8ETVfN&S!_oGnXd>2-k_lF+zBp%d_k_1+#wXxwCVAcFmOY-Y945?C?g z$6C-S4W0*E$jQ7JN8k>1pWa|g$KlUqo%OgEk8+%Zre@`mffpVfNn<=a zW~9{3@Wy&XML(yrrX6cgXhhO+t4ZOLLuTe zJN?Wf7X&n{=dJ$ZAP#~6g}*K)D-^hXWw=|J_QRGW(-{}A)-6tK4mXd1XIDpsdr-T%15pqgu`1hVe9CX#@h zT@h7OL!sDH$tPk)E29cQnW6whLW5axwMDn%MO2f=I?=|!Wcd(7e=wHDx7xHWwvp4a zMRy@9*)5DVm28ssFN{jL2681_S!Fh$hj>r|cV%v>X2xm7Q)b8R9&Xg(L%V=J+83Tc`r*49wztUuu5d9G!zUrD zSFR29DZQF!2$%n8+%l+1?s?aZa>2a!+^ftq$t%{zP3wl@9@9`&%8N0nDd-5$Bltwr z7J~4-L6Oy5CD#<3gt$z0ntb7#_Vu`-u)_jg_FhV;>vFs(wiMUPh@IMNuQtf;K<=L~ zgy=7%_9jWm%b=l5z%X;W_5%IvQc+x%X_MVtFc)f~kt(>;Z-K(o*5oA5x|TRO{=Iq| z++xZsIw$T4c3yM;o})KZk#FJ&=h^`>e||9GD(o)0I>4N=jP>1?g1Xvr+$fN_l~|e$ z3!alswm9A6UKLe*jecU-|_gcp7TP1@-aUc7@OUJnos{3V%g46NP} z^9{8`XY@)~I_6a&hEfe0lic{e0uONqJl)lw7p$LRgAi3qDbzFYt}gE@ej3&6{)9-i_UkHq^*9_?9Zoa3?4KFOUQm;MzKjz4xa#wj7pH$+E!B9LS-v{@XmFpv z@Iv-TlUTMA4NZwVXne6sYj|3IQPpW8`vQR!ZxktT0>c4)IGKWxaU z<%dgY$iUHDc+7@lf-d6>GI^xCruW^>&5vi*dxe}vS?=^Px8(t!-=7@ER0a$+eP8|i zbm}i|Oq%)&!Trhu&qWEJKCv~M`V8R5>#v2rASzhIu^`GC= zUV$GMHGUbl4}Hl`Iy{jIj#5t4V3U5xu2|LLY$UEIM@`9-4^yjpk9bt$Nb~*b?}lO1 zXS}ACLcG{QRbXnxKcMSP8%_7l)l6#SKui`@cOMY@iOYJDr zn&2THpL>ZYT5%gIGbT>QT40_(Rp{7^=1+P0Ls0&oYDp0d1RCcgvsw9QhgJ;825Zvh z+3ja1raFpzFzK5#zFEWa?WtFo1?@jN%Nv72(dm1t@vq|y zv1(68+xE%#Z=tU1;Fs~CFH>!Ko2W&tdSVSQn)+d!R9+=`V0$eh?Yy0p7ixGyKp(u@S?qb}5T6Nh?smj$c`HKHig+%YU!BVAFaIUaC#^-WIbg zenC5N!+ctH4PsKU3HHG&VPb4-Oy3L1KOFQ$G|wi69ZL*eOC;gZ%LBwktFZe1Wt_|YIshT$6uT^7NKU#|gCY6e}hqfa{z`DO3OzdPa&bLS)l zVO9>xwN581vfgCh)86Z_QmWu%|8NWZu8jzk%*dpcq$z>^Gewu$7%zrN6nK=Aibc#9-qQ~g>!2va&E{;OF`hf?N3lMD|!7H6C+G`q)*^qa|*M5#RM z@^jl5PmZw z{Xhr;z)pt-04MJf<^Hv&Uod@VdbNNsoAQe z6c|I=^yO>1o<7k&-Tn4&eEj0gX?K-r!pqI<392d>$L$%LXIwUXV&Yf48K|j|!L{-( z0Q=13EHj_n4aryTC|Gp}J4F<91$Xdnvu9;-Tl{8IG5mGPF!l%E8>Z;ANk8v}abavvN9Ozub#Vca2q9bMSbgNJZTdN&P!&PiaGbL=<(XJ%+t%VQqKyz z*93JB@G@3*u@QWbP!e)t7Xdm|3ktJza1R0MMS*HOzJ^k;JHF`)=1b};%E45obmYeA zlvwN1GcjfIdSOvMow?_Mq9K`dyHw*M!d^`B$HRcC0#U%`Kp~rZ6Y3u-?NtDM9wucZ z2Zxt9^H@wlA~Nsg2y*1zo8*g2D9(*TMuzl+6jKu)+uu^D4+ zN9?;{IH5g2nn=4^m1LXu~MX||u@ zPlEH2lN;pN#cKzgf=%vLri*3u*T5mp7T{6@po1AzPP8kxR+zLTSg36+ort-gGuF-I z`gKN!;lDGzwb_ohlZeS~(ykCJ7sKl1)>d;gJ<}LTj!RCk*{eUD0GFLde8@AP<68|{ zHl7oMs@y{2mCW>SQX0>@MS8!e+6Eue%md9igaqKjSAt=0ZfoiC{wbb%xCy|sspFx? z|9ooirWI`wb?Pe_8_v^`i=Lp)Hm9!F7%GE2$eP|Q7iz-qH?4yu_fRi0E0R5QoY zNWD%j5a08{J>NrKgP|k`PlvJfd`(7d_vHUo9v45-(=jvl*<~63zej*rX%LnWuPUr% zT_@krP=VPNNpTxhCP3&~Z;$m}UszMwaSGqkdCg+zfW^-BhJd91RoWW$?JK&vMdgI9 zg~YWU$B5O5kp2P3*s}y{tuB7{i?FEBe@x~U)PL?4g@}2c0pEv3Hx~&iyjRAb)LD7< zIXAfuNYw$y;1Mp&*gk(tv>W@I*oH3 zsfhX*vDj$Z`XTbqy1K;%4?Sz-+dUjZ`&<%-#ax_~a`2p%6)dBqQwD_EC*)skmYJWc zSf8dKA1Pr^N$QC2_`^wQ#kJ1|beTt+XusUUl~95ee%{ zcXoHIK6P>wRULds&F{Rhq=((o|269JP%&|3@R61>$puHV2o(}=r7Qm_E+wmDJ(M(0 zZ^R<$;q*hY&NlIUjbGaMCFP=&VP#?Ln;tIgKi%8ON8fxNydk-_l$?$=&I8jISQj}HF01dso|s|d;(A!~1PHks4OJ?of@VXyEzAhKld z&o}_QC1{By+tz!I{`1X5HAzC-$AeTfPBm-=&Vknf)!)2bEWPWLBr{koJ(|ilqVl_} zOx77d5&aEiDr0ewvVe5Z9SmnLaLRl6HL>CO={dK=o_7xyB9!2Jt@~-t&jmSx!-z<= z6AnKh@vWhxfpvF)-yiPKzrVwr-snwVv~;tqFPUY}wZpDlLzi1bcCx7=j|<%IZ@C!O zV(yD&u=C_W(2!IiUvVos$m7+G=yVLDIn9b6 z(jLcmfjnDIzF*%v=;*n%s6NX`p|deEeo3%!VYy>OFa!jetXxFtWWgwzYINZzA|Y~Y zg^;5lC)*$o><9oIZmv@CpB67)eZsp zwo& z^)UxO*+kNHRn0e`+xr)MQd`ZEFYc50q8=`+et*nm_U$oxs?uF&Eh88}`u+QA7_!?}L5dMW1(5DN&yG8> z)ZiS+JjCc!~v`B=L?l0x#w$=xlqt)JU&TP!aIw{sj# z)TSE)5+`Z%I9T(-2+Cc33x6Kk5aT%E^7lc6;dvsG$G}CUtPXGLdwYgDAUfZ)1XApC zC}0DL=#E)>&-D4DMDs?=RyMNxOMNw=m2{$ybnjh$b66 z1!d>Q&$2atsYI-)ysUTYmf>)D(|mTuRdcssp`EAZeLRXHBx#sbm*Qs?ZKr9uXjb_P zIVAc!G&(RZtJwnu=BU92Y1hO1Za6>x?Ohq~)n2GB>`WYC`6lBfMn zXD!zhYHs+uQ}7fTT-a~;SyzfXAypSgq8goFbmtQ(pZQelmn=M$X-_-F+(oU#3pXtm zwH}vvUn90vyvNT0J8qNHvC*L{A5tm4x= zq0+sFlsXm=5ZoACg62+GiZx=a^^}8eDN4F^S#cR>za$86EXtvM9W7&N(*lI2$FCJ=%K{I@0&%v`$q|v#tEv}( z@oy`bCM(_7C3JbZp~v%u1RWi79}(!e;=aQUff$mIIfoXldfhypP=SLGZLE(N`gdbhPiG@hskzhnfTi zUn0xZe=J2o79Dh3y zxUBiP@U((i_m?p^)pTAq+{4XX^Iu26z2AwSw$K10Q_2QJrt!1jc#69)`G-S{^Lz?! zYX~H{8*Zx6-w4n_5R`e$!p|1{VV7e1OJ(P~_Izr8+^j36r^x4Ll{ox-ihecn6?RvV zvg%H_LX6t)8Nmc#GLvem<8t!M0f-x+>WV3>JLlHdpu%T3_R;Q1Gm47oOTKomiCE6*h3}zU-zU*y926?(lFF7^0*bYe!+QU(qUgY#e`%;19{p>hBrIl+fHE3U@A6j;y!-q`>Co<8brU{XNB5?#m*4^Kz*$t8`^>d(nN`&$F%R^4?gq=pdgk zmIWC~$Qy7^1!(q{#b|?4aZ~m_(rQ=x)auK}=bPE?UBNhjli9m`@K!tUXfSs0(mP{+ zhl?z@ZnFfq1Ct&+~+eX&&epG^mGu#+^7n=r+=mC-}Tl_=kkMlLmgZ@XkThRa6kMB zcTj#FNHcga1}<2i`ZK!1__r;ta{NuKhcBDjYZsgd_fX<3B&t8pS;=%8J~B-_Ts)%9 zl5FNsdq_@F^b|^!a0)rK!4Y-#e>yxPqL(ywpE3jBih+*!#U5OLpi=IGmUS9^?66v*Zhv*`>B-xXq({s9ew3*@gf!@JX`dsG zjkb*0!NBlG{#Vymg~ibY+Y;L)4i)|SJhgpw&jB?%%{q93ph+zq__GmN@9u_h=NH2?itbQ3Uqf? zgs#%PUaD{W3za-NNX4QxExHHnhfdtyI3VD!9SjxD}QQ7EjTccd_n=` z{zLI*T7ajc=I7CJIewGVul)JE3dpMcjmPyzLnYt)L<-w-%>C!IHHbBjNitzf?Kt$^ zKP9qR$fE))1wGjIy`mA~dqmKG6FS^WfznNa4nWHx2Bs0toUM14x)oaLE^O$&us|Vb zplh>ha(qRH;V2Abuz*A&d$=qgphYk?uejW*k7-FCg2}3PM`!!WM>O{j9#Wi3N}a?t zS(qOB$BKLPDVmhRV|P0m|6|!LFn9dOHC;IatZ+x$p9hJNtXi^Q~+g@ zd^=O679vJU&CwIXW2P)X^xm-LRpy_<4!PMbggceQo&4M7C z>nre{%g<8Y)@NfOezM(s}gvNDI3w?2b1IrkMa3>mLnB8(v%G7#J0?Tq}U!YQMJO z*k)o5=s3&v^fcZ&XOCSA_vZecqG4dJw3cv%o>yjJ2o8Drb<|od<95thnPU9)@zMHy zic0yeb5a8Zz{nuh*KNfwdY->_dpYXxe1z-ux>SOO7J@Umn-2a|Ofo=(Y&CGQFYiHO zYh`kP-~dd*wAQhL#}T~%0n}%4*4K~g2%z2hIDIK_;x-0e*7b3>^^fTp4Ci$&o9;wg z*9*-0EyABS0W}LGeNP6dIN8_td6iXFQ8p@9$;Q@F4URuecS?Ib8VMO38meWMF(cou zxmWF)!_Q3C3}!1kFJ%5Ze`)xZb>7gRGB=7Z1-xB{hAp*^e)mGf?*GeI&ey5+d`e+l z^?t-!d2^5|xF&V8P(c|W$?d5+;an5Y6mPYu5}2#8soI$Bv?nW>w{0l4a)hPsez6BY zVw!i|vUiFGl4)mt`(G1F7KC{>kz9>SY6Ua?dXHi&`(iBBXr4DUzDyzia*43x^z3T* z(L$4@On_$sxcd9zU?4|QLP+`+k z%n*S#_~c^dQT>99A2{nx&#>}d?#vXmZlna>UVw1cwdB>xlb~HajQm}KkeySm8=2Y?Pq+;?m{5}F5YM4X=8Mh@b$5S>w%C!(i^Ikx! z4kLj8@GA?T!#?#oj)gFpe>JZE058>F2e}y&T6FzQUIKJ3!z>Tbn$|ylN0dQcXZLZh zb_0ZkrC9;6o*~eS+Ue1L;RH%({G73{V|2YM0FgMg7CLj@tW9?N6%SpHMVIja;QT7z@I^mqyQ;Hc7eQdRS_@I7fx#n|Pq0*s^tga~`>@U&$Q+z{hqboX?xtIyJif4;1O%@FnUFs^G?Ga4EH%9(La9d$o#~ zcK7@KXP8I?1%i)xg@S>vA52q)SDUKq{Zo(CijN;x#|14PRGWk%mwqiB;;<1g=XLt` zOvl+Xaw;~Gkg}5~9=pS!*RgL(aPDCedY4bT+6xslbNStfc z$X2bJ8$?&FxjdkXWbXj9w6fTpw%SEMVfaipTqj^>v49AZd94}{w}E}Vc=RoINdUN2 zX;Hw7_60&3AG+0ZWt!stX@>(PSl&7~0Iz61ERA>vaH)ZwFANY6wazyKs)6_^zz?)) z0dE2aZ1y@_fC+4*4SW&={wMN%)2$xT%?bCms1Omd$s8%}m9_1Y7|y=q_ow8;WN(7J z3h055HhKq(>c@qBM3P@w!x|8x^KLO9!YL-gAmzg8yc7v#817Jt?^Ww*g01| zv^9vD9!i>NaEI;B!6ERuk&Dz;{X4}pY{d^K4OqCm;V*=Wc2JX2x}i^QmZ!ywvDkw@ z^2(dj<`w^UTDc&8?iGe6d;3TLYsz=Nk?)=)vKFZ%i-X{l^O1;raTZ|4JH=#4_=pt$ zWQIwLK>kH4RBH7Fu^8gqbrYArth^3TEN>Q%N*kS-LDSbuoL)*P9I>#Yva$GCqETZ2 zK3d!|_G9ldy;gW&wRT__Y12r(Eu8ZTDLU2gVUh)szZKtV8stw6h^D?feo?>Dxm{ZF zywL?4IV{Ew1+UNnga=6+0A7J0|5y`t2TWC^PNI|;yNpQ zldXDoIT|8; zHn$w-k`=sQGCydXJwPK0Eda&1PK+&^UOp|^n&k-R&3TEYOBeC)WpP^9ocUCy9q=bG9BrfSIbF*VmSyX@B$N9P1>0bt{oynwYF<5fHvUHZ)f#p;46%8Drf4Bql`xFD zem?%6t7ab39+We1z~uRIjbMcNjolzkiBQ4rtdKocsw;oold)l1ch-p2UrJItnn?qs)a1Y zfU|~`22@+V2iQYr$Q;uO->4Z55HWtj*LhX{J7TbGS~ttATi-SpneZc0=_QiW8E*HuVWE~3_IXtwoj;HK3~L%} z1vX&5Nq1N%_B<(NH3uT~CZpb{VyYfyB&5ca;LV~MF#vn}<@-`VPh>XCrj)9lX|i$yF9sz-cl)yjNI{*VJj zh>)){sn#YXG=SQ{sTX6KE>mxibRQ%ASkDaDxO1KYtOI=1`U&i@V<-`LtQ9hT_c`be znHq2!qW+7;X^MF!+uV(l6Vxh`=j4tTwH)a`?0|4BWfyt;OtXI(ICzx=!}<6-;X2yt z3!s#mLwihOMTRDBj=!ran$RmH;e!HLyk-p)BTAkBwU(9d)<0-Ap9$MeHFeLkRGXxQ zZGj0GM%wceCu&(%d?Pjp8?#vjV?I5$M?$txJURFdXU&b9F&$KDe>iUcG9IwH-JrR? z-jLQlDcG;aWA|Uo_DvRnC7WOM$`0=eLFO>U5cV_gy=!^EzO3m36ZzRlCeZ`>KS$nh zPQosZdxiD(_!f%$_SKn>4++MX?*e?B8WeMjQMKfS2@iO8B10&wwED_(rJCC;R*Zrh z>%7sEGB=S8w~ha}LNMfw{i65AZ$FHbRtn{{_%-rhPi_dvoj*I0w<)x8j=pkzd@kJl z_eBzj<}P%Vw_E8?0WO{&;W+>hkLWM|JAL>MTE5NNKTn(KQE`P!B7Iu_{Vy^Y%4J?< zHj@U`<^rAZ>%F0j723Xpx;Mk`NV*!3B6mrTSbbRu77&glDR&P1|lPt&YBHjE@w)Sl6 zdvS@+Fd?9>6-rE2z3F4EXaeYVzG~d$^DL9i_ zwUvsqKi|^5+RrNy8lH|qCStaD%&D{`_!82OE1UuMDfi-xyYRAH0}hbPrXlN!oxYOQ z=NVvpjl1hV^{zMBhfw}5&o{624yg6&&j_jo<{gd%sbp{A!2Epk#to;V7Va4HExdm# zgKBrn+-bwRl>T1AeSMnHuiT4xd#%{2P56#Uc<$360KPhFu3%0uGcOrk@I3En0l&}z zEP~elD@Epq4&Nt8DNC>X)9`vIX_; z>!jWZGqO5ALSlp${g-s4=+46xMqNCBfRk$PPRN)O-evzM<@aZo#4nsU=`jW5g&oWE zBOp6!2MC)#5R(^=;rmpe za2N62>TJE8si&16L@*XW{%be?j$o?C*-xHodj`L|)#203hh-dI523fa*kud&WgJKe z*6;*619#h{VRKMB?W+aDN41o{wxS7W@sN{*AW$5{LC1VS6tC`j>OHuAx#Ag>P`b;k z8bQiJC2YbO0Td5;p0L8eL7o2C>=dg@>s8I1K5bW1l)Qf7@e}k*ad|vvgX60WY^Gl> z>4<*i7ZIE zS_R$IqtH~Vvi8qtZ@~b=fOKN5jxo*W*T)h>M%u^aeD{R@897XsZZ``+a6gUozcotl zm=_>9N?x9^9()ut<~NT0RWCEtwoOTu8Z}%18rYE_RJ~`tqjQQgEZc5f@k*K|aY4hF z`Yk(5;g!%g!v9&d#F|*$N|CR58Re^tsE_WvC2}Hc1&yge$uSW7I=>Nc&}@9kXh7$R zjBFP5AJi!(i z%6e#imEaVtW{Jr}Wf9gx6cO&hw0)m$%7IuMUO~GcZ#wLV$=CST&{P9U``P0NRI zE0io1#U;%j^~-yP3Ybmz0U=#h<68<6%4fg%E7ovu!UA4w2-=^+)NwAfD@Lq!V@qF( zx;Xmp54>_=+QRi0mKE=4%f!z7`NAT)t!gYpI!$$d=Y#-sYi^C0Wj_Tw%FcUc#0)p!?V}OJs!Pl!`N#;SJaBd6 z(h6EDpSL|vOib7;z%!HSaBThpnQMw>K!TzugQw)rhBKnYl0PYVrjtbNq+5p$yKQx3 z1?&WT8N}v&?1M%-x225G!bLjYcQu%nH%76@zLZGnn^NsWkbNi!zEr5%t*4zdd{{(9 z8#l-*N)4MXWbD-?`E~xDNkn?z#Jr?4nQUeue$7gnH$ZnXB28A12TgMneTe2}`4jNV zR^yf&uY7BB*xd$(a8G<^uMEi~N07?S@AbqA?3tW zygiU&XbF0vA4ZDAEvTX?UCXcf!gyH1PqF;+c2sr;*%ir>36j#r|Jop=sCKj2kWRsN z>fW7ip(T4dat5Y~6{wV_5`fnwhr)g_JE(n>ITy+A4y!7iwr2fr<-@=)7Bz(}E5m(> z6LF=BqkHLL_cjSC=stv8oKhx5-YTIw0DBnpp==<2Wj=jUO}}jE@`uzx3#XDGyS3y+ zGUIV}6;L9@5(EljBXyNLd+|8zgu9c7bufLaw2O zO_sR&Rc$vw^h~E1WVTvY^FYLiLa!+(wr*;K@MDfRReqn|!jP#Khi^4*j7lQy^1{)P z^qp7K3K)z()vy(!Ed*qz9o$tzy~fOq^dZYrB{b10ucr|$T=PL<463`X#H1}fH1Daqni-R#9B{vC ze%ec|kC}Qf`tWX!nDfdEyx>0i#Wy;5>LEE9(@WfEz*mmv>-e;uc}GItL#QV8N*TE| znUjl>^G-3|u6}t1^nB&1JV~IZTzOAKEG{I`!3VfLI5^J4ZQ9tL*5MHP^)7j)cS1KasVKS4ExZRd< zm@zY2*g_I@KMwvxG}i~P?MH9|7Ndv$F@=9w*Vbx6 zp0rPFo3zNSo(K;+3tm6(zi63FT)D(k$LnXdmqm|ZDY^nYO0FP^#_>f{E9N8_)ZkJg zdvU95+4IV)iOIpT{ztEkPAGRvnE#y-(uTJL<_E;X8ii!s&? z!shIqhtl=D=RWsV1|CIqK?_ptn7w$3b+P}3x|@6H$}g=zP8ONo0WXs%S?Rj{cVNP$$N_&Z!b`Un?XQn4sI*Vi0pvKtZ6C1 zZ8#b6$qEaUG`k2itF*Y#X$^fJ#-eA(_PSATL*k>u^)d`Bf?MgyK9dTtlT?7JhEKSP zynwRylrJ4RI=lk8C0B@UG2CMtn@Kn^-L=T$;GuKRbJ&f=~r3*;;ucTC?qmY?rzE4Iwvm$DN;ly? zkY`cA2k;U{Kzi7orcMe^))#j4u}Mn(Bkz5ajl0-FpwbKg>rkV>qcLNtG!UxX~;THg1x&dEa<( zgF7&I9zb(`g3Vx*_o8fdzLYV3I$E0q6=)Nj>>BoQ#nkp~!Rq0ehbD!;p>QK*narV5 zRs|_I3ZHnyj4hqqJbtFW%!j2)$*)!jPfp};ZGi-i%u=MTZ21hAS>g^wVpX^ib6(hb z?T0@dzBtd^@Ql7M^Tw009d|Bv;2v3McEtAK*{sHO32uI1I2AIEqU-s}cD=}V`g017 zr&l?=s>78#-T4H~X_E@95-NIjZL+RQP*e;fnz!=@1?ebts?q-*w`D3m*?|79j>$$Q z3nH6BksCT|f{d)j>@Q;?Fum-qm)}AM>_94tZgV^#D|ib9*L?PB?rb#%5{0N*Wni>n z&{HDz%4ZQVR_7%DshUj)W9TaqjK;pH+Nirod3BcM=t%i`gzn9h^T%}Mvd|#0Z&yzu zDX_~ZM}v-G`x;(x$alBPMtxN`p{I)} zvLl-&*}_P6o1vGka8zv6eZ4JPiFn1eo}}~5?c>EKBCk~&wTKxC;*3ld`wEtCyDHxU zA0|CL8;C{EQ1`JUVCM*aznIYu<(E$SSsNy$Gpaef20TA`{Mih5utY#3OZ~%#gv@ci z&M&+HQ$`Ww@$bg|_#lp9vUi);=cjhFQ2PSr28nmk(G7zYcYliUi!}?1h@5Y;;e=6I z68dZ4iPT+^kOafxzcK()F}&lmn27zJi@j0h68D`@t1jml1DU8hDr4hsP?7GmTizmi z;S0oxs%_LPxk6>mr8Q(p5n*UO66>_M7i_#&fl{&pxRk7px zsN51=YNR18!X&haokX+6Ov{Kl?RACC#3r)WJ8?;wRUbuTaE?xmgHm8|K-ey*xESLF zhnw;}s{7Hg@hOWg>S&jz4*giH(b|w$naB6;9#d>iG7SmRFL05;`-`%Sa``H%7szQn z5it8fC$`^ z4;CYo{fh0QTkVbdj^oOwJjuK7q_bqWnUUje)jos9erflSL*EHd_nq({-O4e4FeU zH_R|smkn#|+vM4g$7O6C+2q~U&~U0ziD%c0Ry4JkMV0d%jcYXrZ%7ZHD6D9CTE9%Q zJ>7rS9af7~zILEMFwkSP6n6NB9271&TGyf8L7bT+pJ|p@-UIfkDx;PGN7fVJmXeK2 z__;ITRD`1OIBkG!9ps%(bUt*{5vMnYh_l3kHMsKdmr2R_ugj_0W#B%kwxYX!Hmmk5O!hA$aymZrL68sxH;7VA0-S;c^hMr9+6S{CK zj~^fLY}zllyR_)9p|?x>g{@_-W*wO+Fo%)lhMmT3Uv%4z&#V_?r#6)~ToNJlAlTA) z34+N)kqssaJ#{78am>_~6Cp4|E~Ce5%4)3oZS3k7Llbdh)e>L0>rVEFCEb*$*qLsn zKceNA0~3Q)#Dja0jV*F>99oSXb{lb329};!d4|XUMM+y}}|D*l(K@wOR|O)Igt3&|5_cJ2M$5IualK6xEf5Pk-DRKdZAt zegP^s^B86*fp?991#4#@K@|xbsgp|R?3~sD63h__ia{(OFt#jaMtew^8d`&-!ToiUGgf?zw7pUSglUV*Zdc~6b zXGb|2V%7@w(h2#VoGsEx9j)+DYAV{uSRSw9oSe(5OV?rJxfeSM-#eV0d6U=gIXTMw z4O=k(F(ycf{K%yf9Sm9KFiGleQxwQ-;p^>^3A}kE_oT~0Fx~$Z?P96*H3~a_-*{3a z1;Z)2)}*V;@opjmUfj^hTdtx?IRjP>@wpSLTEV(4;1y2B9VnulI989ybySc&tXfe_WcByt7s4Fk!s_}u6p!3ubp5|C&Fn}jpa0eZ* zS@K)uAJ@dJ_OUjHcpgbCmiLN*1}vP%Um>2G3vWCVUI4lbD#P@`hrBUj z;vFL1ff?cd;AI_o{~+x@p0HO@oL(c1*T1I|fn;vrL^Z`1%E;`I2KwJ}I}VLjp0%Z@uKzPyJ*h!bzY=sE&yN!i|&a=Q$` z>!`{|4BDC`q|`!C+NHQjCYL8xk;FfD(jK|+cB)iujBqR zSHfe$MjB%i^QZ+>v9%3}OEHbb*@?g83Fg1&ErSHdzfYy8U0mY~G>O3;y8J27VuX-0 zMNN?jr#XKfM1TZ@SVd=JoA&iLw-iN3)@;^)xV`!DFxHdd1ZDT1Ij?<-uTWs?ARhz| zhfU_|cZicBXjlDUzE-xo_>!9!Nq(?Dz5?=!j^A^jVRLI7*|Q$ETTk_>2Erm?lwI@(q)!SEv8BkhaTCNV0R> zcn6pMbmHr7$r?llqw;tT^7}P?&ux;I@&6Q^}Rl$lCUsbJ|fmj zGs@tH)>Lfy(D3uuJ+9W~=kmRn9LYqlPjRasdu_T%*p^MN`LW(~{T~@TqaN3#uI__N z=#rP>6a9Kg`hLFCMt5*pZVpwq8F>EgU=u2 zx8Z}k{rF9Eq<74zIMdI>@}=cYm5yo`Um+dDhE}7t^?v-qXY?#2D6Ot2`$mji-qi#3 z_R$`)9ZOi#GIlR+V;QwoT^S=1a$nI*D0B|xC>t@z62`5kCU(%x4_JS*_>^}YERz84EX6E7EqMQyH5d1|woGcuSBNZkXqn~> zpvXt-HctD(9RH%FXnpkVds#qt`bq1NXr9OMZeoEw&DhnDX^VKrii9jQ5tUsPUqxk* zyz<_|DgzH?;kP7k>rTe5esNV(!N&>giAh`yH3;4i`0u(?1Ca-uILDd#NV+6Dk?Izr z?E|RleiX#0bs5OS-~BwOhX6i2mg9_oOF+f~7E}=vulI<_@@IMPGjt$uoUzA6#ha2N z-y#5%NZXJ(@jhXQ#aFSKY63ez=U9`LG#u6NEXZ)5pvNRJUE9rh@Z?s@%lXA_Ah#S5k~ynPDzx)vaBq>*GCyxSljGc zW1*r0X$Kclgct)2k%Qw8VSC%+lf8*4)viXG_Zf2UoM@AC5>dwotxHRCz;gIon>s)Zh z#RGpCb_~^ETfp2Jc5EXK^EnRKt=J3&TEU+Xm5s;lKZ}yL#|~*sFH`?vaFs9qYmB_z zcD+>{j;s{5os@Hu>5;FSo-(3~@Lc6arK%I&^^F{&=c~?$azjd`z{i68rf(YfT>%B^ zzt?H+U=M|Ph~GR6y_B1mtzus|p56Z)BvZj6UH!74RV(4v&XkG^nqBrf)DeG7(sH}_ zu++uFz05*Ml)2$kHf)qInSk&Si-iMP-CP_-OMp#AX1t60ANFzgTJpPF_Bg^C+S-#& z4+e*uR`SRkI;jID4pVZockJ0eo~Q64EzrrvF0Av2gx{zVM)6OC5)AN;Ym>S})Oq&L z<>Q6%(=gIISS)p;u>zemYy^J}ncB^-rmF?4SbY0YlA^`B&ROnJQs2CEQ50}XOo$qU z2{!(qV@<(2TzZ%+tItX_jB~J;Oe?9?PCn9R8l@PZ-0&oNRSWHLAc5JyUgu}GBvO{G z=6ms=9kJh=WUSp2y3UCX&NmJ0l7S6zG&vTk%*P_!9y4%4V6(?~A7cNF6YOqE z-ps0_q?n5mrY81OmeJ9F?2=4WeE}S+acN}|s1A^$WbqjuCv1uZJ=(Fp5Nug3Bvd9l z+1*1phtu39UGTXUgAub)%Wbgk^Ax(w`lq>$fL%-&Sq`yYBK;Rh?_{n~6QizZ_mauJ zq)cu80!10rrZkTsM|*Z5b(Lphc`%x;A@BxB?f?J?@pizqcKWeS{0Z^!#w~NiZ;N;}0jPY~mhS@i3UCu{buvy*kr!div@5{)-&qY-a=PUY0e;&ww zs?D>VKJU-6k9=h4c~5J$ZLxqwW(S-f>Zhuw-3~&HOgbKjJuS>eDlYv?&>5$`6_z1YJJz4MA5g#>FB#b@c&t0YY(}}` supports backup and restoration of NATS streams. This guide will show you how you can backup & restore a NATS server with JWT authentication using Stash. + +## Before You Begin + +- At first, you need to have a Kubernetes cluster, and the `kubectl` command-line tool must be configured to communicate with your cluster. +- Install Stash in your cluster following the steps [here](/docs/setup/install/stash/index.md). +- If you are not familiar with how Stash backup and restore NATS streams, please check the following guide [here](/docs/addons/nats/overview/index.md). + +You have to be familiar with following custom resources: + +- [AppBinding](/docs/concepts/crds/appbinding/index.md) +- [Function](/docs/concepts/crds/function/index.md) +- [Task](/docs/concepts/crds/task/index.md) +- [BackupConfiguration](/docs/concepts/crds/backupconfiguration/index.md) +- [BackupSession](/docs/concepts/crds/backupsession/index.md) +- [RestoreSession](/docs/concepts/crds/restoresession/index.md) + +To keep things isolated, we are going to use a separate namespace called `demo` throughout this tutorial. Create `demo` namespace if you haven't created already. + +```bash +$ kubectl create ns demo +namespace/demo created +``` + +> Note: YAML files used in this tutorial are stored [here](https://github.com/kubestash/docs/tree/{{< param "info.version" >}}/docs/addons/nats/authentications/jwt-auth/examples). + +## Prepare NATS + +In this section, we are going to deploy a NATS cluster with JWT authentication enabled. Then, we are going to create a stream and publish some messages into it. + +### Deploy NATS Cluster + +At first, let's deploy a NATS cluster. Here, we are going to use [NATS](https://github.com/nats-io/k8s/tree/main/helm/charts/nats ) chart from [nats.io](https://nats.io/). + +Let's deploy a NATS cluster named `sample-nats` using Helm as below, + +```bash +# Add nats chart registry +$ helm repo add nats https://nats-io.github.io/k8s/helm/charts/ +# Update helm registries +$ helm repo update +# Install nats/nats chart into demo namespace +$ helm install sample-nats nats/nats -n demo \ +--set nats.jetstream.enabled=true \ +--set nats.jetstream.fileStorage.enabled=true \ +--set cluster.enabled=true \ +--set cluster.replicas=3 \ +--set auth.enabled=true \ +--set auth.resolver.type=full \ +--set auth.resolver.operator=eyJ0eXAiOiJKV1QiLCJhbGciOiJlZDI1NTE5LW5rZXkifQ.eyJhdWQiOiJPQU5US0NDTkFQTUdCNE9YRE1YT1ZON01DQUVKNVZGV1ZXVEFVVlVXQllBUFhMWlpHU1NZVTRLVCIsImV4cCI6MTk0NTQyNjA0MSwianRpIjoiWktRTllaTlNRTUhNQzNHREdVRVpDUFlDT0RNSjIyMzRPM0pGTjUzWlZYWEZBUFU3Qlg2QSIsImlhdCI6MTYyOTg5MzI0MSwiaXNzIjoiT0FOVEtDQ05BUE1HQjRPWERNWE9WTjdNQ0FFSjVWRldWV1RBVVZVV0JZQVBYTFpaR1NTWVU0S1QiLCJuYW1lIjoiS08iLCJuYmYiOjE2Mjk4OTMyNDEsInN1YiI6Ik9BTlRLQ0NOQVBNR0I0T1hETVhPVk43TUNBRUo1VkZXVldUQVVWVVdCWUFQWExaWkdTU1lVNEtUIiwibmF0cyI6eyJzaWduaW5nX2tleXMiOlsiT0FOVEtDQ05BUE1HQjRPWERNWE9WTjdNQ0FFSjVWRldWV1RBVVZVV0JZQVBYTFpaR1NTWVU0S1QiXSwidHlwZSI6Im9wZXJhdG9yIiwidmVyc2lvbiI6Mn19.jxs4znpE50PzRFfKOjENlFQTfsRHH5VqIplnTgAziUJuYBSNmBQeYsBDJTOgLJyADgtqIWkAQF_G5K7xuVXpCg \ +--set auth.resolver.systemAccount=ABQBM7PTUNWRWQRWFFQGRCVRQ7ULYSZQLCMGDK62WYRHRO3NUN3SUONF \ +--set auth.resolver.resolverPreload.ABQBM7PTUNWRWQRWFFQGRCVRQ7ULYSZQLCMGDK62WYRHRO3NUN3SUONF=eyJ0eXAiOiJKV1QiLCJhbGciOiJlZDI1NTE5LW5rZXkifQ.eyJqdGkiOiJDRTZHVUdISEYzVzRGUU5VMjdVWks2SUtNSkpQWEEzUlEyNDVYTE5LWEVIS0xaQ1ZaT1FBIiwiaWF0IjoxNjI5ODkzMjQxLCJpc3MiOiJPQU5US0NDTkFQTUdCNE9YRE1YT1ZON01DQUVKNVZGV1ZXVEFVVlVXQllBUFhMWlpHU1NZVTRLVCIsIm5hbWUiOiJTWVMiLCJzdWIiOiJBQlFCTTdQVFVOV1JXUVJXRkZRR1JDVlJRN1VMWVNaUUxDTUdESzYyV1lSSFJPM05VTjNTVU9ORiIsIm5hdHMiOnsibGltaXRzIjp7InN1YnMiOi0xLCJkYXRhIjotMSwicGF5bG9hZCI6LTEsImltcG9ydHMiOi0xLCJleHBvcnRzIjotMSwid2lsZGNhcmRzIjp0cnVlLCJjb25uIjotMSwibGVhZiI6LTF9LCJkZWZhdWx0X3Blcm1pc3Npb25zIjp7InB1YiI6e30sInN1YiI6e319LCJ0eXBlIjoiYWNjb3VudCIsInZlcnNpb24iOjJ9fQ.DM8U4Ld4OWmd-hk9fobMI3fWMDZdLr-Q33Uq7h5eoM-RMVKN-5nuUlmaxPffYRwE1egVIn9mQuu7YYmwX31wDQ \ +--set auth.resolver.resolverPreload.ADFC3YLAU56N26HGN7TGPWDXQNZSBQEZKQXPPRP24HK46VJYQX45S2UH=eyJ0eXAiOiJKV1QiLCJhbGciOiJlZDI1NTE5LW5rZXkifQ.eyJqdGkiOiJEMlYzVE9NUTQ1WjRGUFNTM0hCMk5TR1dLV0xITDVNSUpVWENNSTRGVEtYNTIzNjdWRUhRIiwiaWF0IjoxNjI5ODkzMjQxLCJpc3MiOiJPQU5US0NDTkFQTUdCNE9YRE1YT1ZON01DQUVKNVZGV1ZXVEFVVlVXQllBUFhMWlpHU1NZVTRLVCIsIm5hbWUiOiJYIiwic3ViIjoiQURGQzNZTEFVNTZOMjZIR043VEdQV0RYUU5aU0JRRVpLUVhQUFJQMjRISzQ2VkpZUVg0NVMyVUgiLCJuYXRzIjp7ImV4cG9ydHMiOlt7Im5hbWUiOiJ4LkV2ZW50cyIsInN1YmplY3QiOiJ4LkV2ZW50cyIsInR5cGUiOiJzdHJlYW0ifSx7Im5hbWUiOiJ4Lk5vdGlmaWNhdGlvbnMiLCJzdWJqZWN0IjoieC5Ob3RpZmljYXRpb25zIiwidHlwZSI6InNlcnZpY2UiLCJyZXNwb25zZV90eXBlIjoiU3RyZWFtIn1dLCJsaW1pdHMiOnsic3VicyI6LTEsImRhdGEiOi0xLCJwYXlsb2FkIjotMSwiaW1wb3J0cyI6LTEsImV4cG9ydHMiOi0xLCJ3aWxkY2FyZHMiOnRydWUsImNvbm4iOi0xLCJsZWFmIjotMSwibWVtX3N0b3JhZ2UiOi0xLCJkaXNrX3N0b3JhZ2UiOi0xLCJzdHJlYW1zIjotMSwiY29uc3VtZXIiOi0xfSwiZGVmYXVsdF9wZXJtaXNzaW9ucyI6eyJwdWIiOnt9LCJzdWIiOnt9fSwidHlwZSI6ImFjY291bnQiLCJ2ZXJzaW9uIjoyfX0.oXatnt7Tqt1iHDpUAKGroac9Sv6G4kbAPIt75BrBRh6B9MOFa_y8QLsUnIffI4-aG31cVYjECs7QlsNTPJ-oCg +``` + +This chart will create the necessary StatefulSet, Service, PVCs etc. for the NATS cluster. You can easily view all the resources created by chart using [ketall](https://github.com/corneliusweig/ketall) `kubectl` plugin as below, + +```bash +❯ kubectl get-all -n demo -l app.kubernetes.io/instance=sample-nats +NAME NAMESPACE AGE +configmap/sample-nats-config demo 11m +endpoints/sample-nats demo 11m +persistentvolumeclaim/sample-nats-js-pvc-sample-nats-0 demo 11m +persistentvolumeclaim/sample-nats-js-pvc-sample-nats-1 demo 10m +persistentvolumeclaim/sample-nats-js-pvc-sample-nats-2 demo 10m +pod/sample-nats-0 demo 11m +pod/sample-nats-1 demo 10m +pod/sample-nats-2 demo 10m +service/sample-nats demo 11m +controllerrevision.apps/sample-nats-775468b94f demo 11m +statefulset.apps/sample-nats demo 11m +endpointslice.discovery.k8s.io/sample-nats-7n7v6 demo 11m +``` + +Now, wait for the NATS server pods `sample-nats-0`, `sample-nats-1`, `sample-nats-2` to go into `Running` state, + +```bash +❯ kubectl get pod -n demo -l app.kubernetes.io/instance=sample-nats +NAME READY STATUS RESTARTS AGE +sample-nats-0 3/3 Running 0 9m58s +sample-nats-1 3/3 Running 0 9m35s +sample-nats-2 3/3 Running 0 9m12s +``` + +Once the pods are in `Running` state, verify that the NATS server is ready to accept the connections. + +```bash +❯ kubectl logs -n demo sample-nats-0 -c nats +[7] 2021/09/06 08:33:53.111508 [INF] Starting nats-server +[7] 2021/09/06 08:33:53.111560 [INF] Version: 2.6.1 +... +[7] 2021/09/06 08:33:53.116004 [INF] Server is ready +``` + +From the above log, we can see the NATS server is ready to accept connections. + +### Insert Sample Data +The above Helm chart also deploy a pod with nats-box image which can be used to interact with the NATS server. Let's verify the nats-box pod has been created. + +```bash +❯ kubectl get pod -n demo -l app=sample-nats-box +NAME READY STATUS RESTARTS AGE +sample-nats-box-785f8458d7-wtnfx 1/1 Running 0 7m20s +``` + +Let's exec into the nats-box pod, + +```bash +❯ kubectl exec -n demo -it sample-nats-box-785f8458d7-wtnfx -- sh -l +... +# Let's create the creds file for our user +sample-nats-box-785f8458d7-wtnfx:~# echo LS0tLS1CRUdJTiBOQVRTIFVTRVIgSldULS0tLS0KZXlKMGVYQWlPaUpLVjFRaUxDSmhiR2NpT2lKbFpESTFOVEU1TFc1clpYa2lmUS5leUpxZEdraU9pSklRVXBLVDFJeVQwZFBXRVphVUZOQ1VVUk5OVTlaVnpKYVNVVlRURXcxTjFNMVJGVkZWVmhSVGxRMlNUVkZUMWxFVnpaQklpd2lhV0YwSWpveE5qSTVPRGt6TWpReExDSnBjM01pT2lKQlJFWkRNMWxNUVZVMU5rNHlOa2hIVGpkVVIxQlhSRmhSVGxwVFFsRkZXa3RSV0ZCUVVsQXlORWhMTkRaV1NsbFJXRFExVXpKVlNDSXNJbTVoYldVaU9pSjRJaXdpYzNWaUlqb2lWVUZZVEVnMFdUVlNOazVNUmxwT1RsaENVVTh5V1VaWk56SlNRbE5ETms4MFZFNUpRa0pOUzBOVlRGcExNell6TjFGQ05GTldNa1lpTENKdVlYUnpJanA3SW5CMVlpSTZlMzBzSW5OMVlpSTZlMzBzSW5OMVluTWlPaTB4TENKa1lYUmhJam90TVN3aWNHRjViRzloWkNJNkxURXNJblI1Y0dVaU9pSjFjMlZ5SWl3aWRtVnljMmx2YmlJNk1uMTkuMFFyeW11Mi1HdUVYV3hOaU5MNGRxc1JMdlJ4VGNXQ24zRHN6UTJIbUhHOElEbXhwUG9oeGRGMFU3aUQ5WGdQU2xSMVBOakJ6bXFxMHhFME1lWmRTRHcKLS0tLS0tRU5EIE5BVFMgVVNFUiBKV1QtLS0tLS0KCi0tLS0tQkVHSU4gVVNFUiBOS0VZIFNFRUQtLS0tLQpTVUFCUlc0Sjc2RlpCTjVTMlZOR0MzWVdLRlRXR1FVNTI3TzVSQkdPTVRQNkRYRUpDSUZSS0NKSUtVCi0tLS0tLUVORCBVU0VSIE5LRVkgU0VFRC0tLS0tLQo= | base64 -d > user.creds + +# Let's export the file path as environment variables to make further commands re-usable. +sample-nats-box-785f8458d7-wtnfx:~# export NATS_CREDS=/tmp/user.creds + +# Let's create a stream named "ORDERS" +sample-nats-box-785f8458d7-wtnfx:~# nats stream add ORDERS --subjects "ORDERS.*" --ack --max-msgs=-1 --max-bytes=-1 --max-age=1y --storage file --retention limits --max-msg-size=-1 --max-msgs-per-subject=-1 --discard old --dupe-window="0s" --replicas 1 +Stream ORDERS was created + +Information for Stream ORDERS created 2021-09-03T07:12:07Z + +Configuration: + + Subjects: ORDERS.* + Acknowledgements: true + Retention: File - Limits + Replicas: 1 + Discard Policy: Old + Duplicate Window: 2m0s + Maximum Messages: unlimited + Maximum Bytes: unlimited + Maximum Age: 1y0d0h0m0s + Maximum Message Size: unlimited + Maximum Consumers: unlimited + + +Cluster Information: + + Name: nats + Leader: nats-0 + +State: + + Messages: 0 + Bytes: 0 B + FirstSeq: 0 + LastSeq: 0 + Active Consumers: 0 + + +# Verify that the stream has been created successfully +sample-nats-box-785f8458d7-wtnfx:~# nats stream ls +Streams: + + ORDERS + +# Lets add some messages to the stream "ORDERS" +sample-nats-box-785f8458d7-wtnfx:~# nats pub ORDERS.scratch hello +08:55:39 Published 5 bytes to "ORDERS.scratch" + +# Add another message +sample-nats-box-785f8458d7-wtnfx:~# nats pub ORDERS.scratch world +08:56:11 Published 5 bytes to "ORDERS.scratch" + +# Verify that the messages have been published to the stream successfully +sample-nats-box-785f8458d7-wtnfx:~# nats stream info ORDERS +Information for Stream ORDERS created 2021-09-03T07:12:07Z + +Configuration: + + Subjects: ORDERS.* + Acknowledgements: true + Retention: File - Limits + Replicas: 1 + Discard Policy: Old + Duplicate Window: 2m0s + Maximum Messages: unlimited + Maximum Bytes: unlimited + Maximum Age: 1y0d0h0m0s + Maximum Message Size: unlimited + Maximum Consumers: unlimited + + +Cluster Information: + + Name: nats + Leader: nats-0 + +State: + + Messages: 2 + Bytes: 98 B + FirstSeq: 1 @ 2021-09-03T08:55:39 UTC + LastSeq: 2 @ 2021-09-03T08:56:11 UTC + Active Consumers: 0 + +sample-nats-box-785f8458d7-wtnfx:~# exit +``` + +We have successfully deployed a NATS cluster, created a stream and publish some messages into the stream. In the subsequent sections, we are going to backup this sample data using Stash. + +## Prepare for Backup + +In this section, we are going to prepare the necessary resources (i.e. connection information, backend information, etc.) before backup. + +### Ensure NATS Addon + +When you install Stash, it will automatically install all the official addons. Make sure that NATS addon has been installed properly using the following command. + +```bash +❯ kubectl get tasks.stash.appscode.com | grep nats +nats-backup-2.6.1 24m +nats-restore-2.6.1 24m +``` + +This addon should be able to take backup of the NATS streams with matching major versions as discussed in [Addon Version Compatibility](/docs/addons/nats/README.md#addon-version-compatibility). + +### Create Secret + + Lets create a secret with JWT auth credentials. Below is the YAML of `Secret` object we are going to create. + +```yaml +apiVersion: v1 +kind: Secret +metadata: + labels: + app.kubernetes.io/instance: sample-nats + name: sample-nats-auth + namespace: demo +data: + creds: LS0tLS1CRUdJTiBOQVRTIFVTRVIgSldULS0tLS0KZXlKMGVYQWlPaUpLVjFRaUxDSmhiR2NpT2lKbFpESTFOVEU1TFc1clpYa2lmUS5leUpxZEdraU9pSklRVXBLVDFJeVQwZFBXRVphVUZOQ1VVUk5OVTlaVnpKYVNVVlRURXcxTjFNMVJGVkZWVmhSVGxRMlNUVkZUMWxFVnpaQklpd2lhV0YwSWpveE5qSTVPRGt6TWpReExDSnBjM01pT2lKQlJFWkRNMWxNUVZVMU5rNHlOa2hIVGpkVVIxQlhSRmhSVGxwVFFsRkZXa3RSV0ZCUVVsQXlORWhMTkRaV1NsbFJXRFExVXpKVlNDSXNJbTVoYldVaU9pSjRJaXdpYzNWaUlqb2lWVUZZVEVnMFdUVlNOazVNUmxwT1RsaENVVTh5V1VaWk56SlNRbE5ETms4MFZFNUpRa0pOUzBOVlRGcExNell6TjFGQ05GTldNa1lpTENKdVlYUnpJanA3SW5CMVlpSTZlMzBzSW5OMVlpSTZlMzBzSW5OMVluTWlPaTB4TENKa1lYUmhJam90TVN3aWNHRjViRzloWkNJNkxURXNJblI1Y0dVaU9pSjFjMlZ5SWl3aWRtVnljMmx2YmlJNk1uMTkuMFFyeW11Mi1HdUVYV3hOaU5MNGRxc1JMdlJ4VGNXQ24zRHN6UTJIbUhHOElEbXhwUG9oeGRGMFU3aUQ5WGdQU2xSMVBOakJ6bXFxMHhFME1lWmRTRHcKLS0tLS0tRU5EIE5BVFMgVVNFUiBKV1QtLS0tLS0KCi0tLS0tQkVHSU4gVVNFUiBOS0VZIFNFRUQtLS0tLQpTVUFCUlc0Sjc2RlpCTjVTMlZOR0MzWVdLRlRXR1FVNTI3TzVSQkdPTVRQNkRYRUpDSUZSS0NKSUtVCi0tLS0tLUVORCBVU0VSIE5LRVkgU0VFRC0tLS0tLQo= +``` + +Let's create the `Secret` we have shown above, +```bash +$ kubectl apply -f https://github.com/kubestash/docs/tree/{{< param "info.version" >}}/docs/addons/nats/authentications/jwt-auth/examples/secret.yaml +secret/sample-nats-auth created +``` + + +### Create AppBinding + +Stash needs to know how to connect with the NATS server. An `AppBinding` exactly provides this information. It holds the Service and Secret information of the NATS server. You have to point to the respective `AppBinding` as a target of backup instead of the NATS server itself. + +Here, is the YAML of the `AppBinding` that we are going to create for the NATS server we have deployed earlier. + +```yaml +apiVersion: appcatalog.appscode.com/v1alpha1 +kind: AppBinding +metadata: + labels: + app.kubernetes.io/instance: sample-nats + name: sample-nats + namespace: demo +spec: + clientConfig: + service: + name: sample-nats + port: 4222 + scheme: nats + secret: + name: sample-nats-auth + type: nats.io/nats + version: 2.6.1 +``` + +Here, + +- `.spec.clientConfig.service` specifies the Service information to use to connects with the NATS server. +- `.spec.secret` specifies the name of the Secret that holds necessary credentials to access the server. +- `.spec.type` specifies the type of the target. This is particularly helpful in auto-backup where you want to use different path prefixes for different types of target. + +Let's create the `AppBinding` we have shown above, + +```bash +$ kubectl apply -f https://github.com/kubestash/docs/tree/{{< param "info.version" >}}/docs/addons/nats/authentications/jwt-auth/examples/appbinding.yaml +appbinding.appcatalog.appscode.com/sample-nats created +``` + +### Prepare Backend + +We are going to store our backed up data into a GCS bucket. So, we need to create a Secret with GCS credentials and a `Repository` object with the bucket information. If you want to use a different backend, please read the respective backend configuration doc from [here](/docs/guides/backends/overview/index.md). + +**Create Storage Secret:** + +At first, let's create a secret called `gcs-secret` with access credentials to our desired GCS bucket, + +```bash +$ echo -n 'changeit' > RESTIC_PASSWORD +$ echo -n '' > GOOGLE_PROJECT_ID +$ cat downloaded-sa-json.key > GOOGLE_SERVICE_ACCOUNT_JSON_KEY +$ kubectl create secret generic -n demo gcs-secret \ + --from-file=./RESTIC_PASSWORD \ + --from-file=./GOOGLE_PROJECT_ID \ + --from-file=./GOOGLE_SERVICE_ACCOUNT_JSON_KEY +secret/gcs-secret created +``` + +**Create Repository:** + +Now, create a `Repository` object with the information of your desired bucket. Below is the YAML of `Repository` object we are going to create, + +```yaml +apiVersion: stash.appscode.com/v1alpha1 +kind: Repository +metadata: + name: gcs-repo + namespace: demo +spec: + backend: + gcs: + bucket: stash-testing + prefix: /demo/nats/sample-nats + storageSecretName: gcs-secret +``` + +Let's create the `Repository` we have shown above, + +```bash +$ kubectl create -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/nats/authentications/jwt-auth/examples/repository.yaml +repository.stash.appscode.com/gcs-repo created +``` + +Now, we are ready to backup our streams into our desired backend. + +### Backup + +To schedule a backup, we have to create a `BackupConfiguration` object targeting the respective `AppBinding` of our NATS server. Then, Stash will create a CronJob to periodically backup the streams. + +#### Create BackupConfiguration + +Below is the YAML for `BackupConfiguration` object that we are going to use to backup the streams of the NATS server we have created earlier, + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: sample-nats-backup + namespace: demo +spec: + task: + name: nats-backup-2.6.1 + schedule: "*/5 * * * *" + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-nats + interimVolumeTemplate: + metadata: + name: sample-nats-backup-tmp-storage + spec: + accessModes: [ "ReadWriteOnce" ] + storageClassName: "standard" + resources: + requests: + storage: 1Gi + retentionPolicy: + name: keep-last-5 + keepLast: 5 + prune: true +``` + +Here, + +- `.spec.schedule` specifies that we want to backup the streams at 5 minutes intervals. +- `.spec.task.name` specifies the name of the Task object that specifies the necessary Functions and their execution order to backup NATS streams. +- `.spec.repository.name` specifies the Repository CR name we have created earlier with backend information. +- `.spec.target.ref` refers to the AppBinding object that holds the connection information of our targeted NATS server. +- `spec.interimVolumeTemplate` specifies a PVC template that will be used by Stash to hold the dumped data temporarily before uploading it into the cloud bucket. +- `.spec.retentionPolicy` specifies a policy indicating how we want to cleanup the old backups. + +Let's create the `BackupConfiguration` object we have shown above, + +```bash +$ kubectl create -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/nats/authentications/jwt-auth/examples/backupconfiguration.yaml +backupconfiguration.stash.appscode.com/sample-nats-backup created +``` +#### Verify Backup Setup Successful + +If everything goes well, the phase of the `BackupConfiguration` should be `Ready`. The `Ready` phase indicates that the backup setup is successful. Let's verify the `Phase` of the BackupConfiguration, + +```bash +$ kubectl get backupconfiguration -n demo +NAME TASK SCHEDULE PAUSED PHASE AGE +sample-nats-backup nats-backup-2.6.1 */5 * * * * Ready 11s +``` + + +#### Verify CronJob + +Stash will create a CronJob with the schedule specified in `spec.schedule` field of `BackupConfiguration` object. + +Verify that the CronJob has been created using the following command, + +```bash +❯ kubectl get cronjob -n demo +NAME SCHEDULE SUSPEND ACTIVE LAST SCHEDULE AGE +stash-backup-sample-nats-backup */5 * * * * False 0 14s +``` + +#### Wait for BackupSession + +The `sample-nats-backup` CronJob will trigger a backup on each scheduled slot by creating a `BackupSession` object. + +Now, wait for a schedule to appear. Run the following command to watch for `BackupSession` object, + +```bash +❯ kubectl get backupsession -n demo -w +NAME INVOKER-TYPE INVOKER-NAME PHASE DURATION AGE +sample-nats-backup-8x8fp BackupConfiguration sample-nats-backup Succeeded 42s 8m28s +``` + +Here, the phase `Succeeded` means that the backup process has been completed successfully. + +#### Verify Backup + +Now, we are going to verify whether the backed up data is present in the backend or not. Once a backup is completed, Stash will update the respective `Repository` object to reflect the backup completion. Check that the repository `gcs-repo` has been updated by the following command, + +```bash +❯ kubectl get repository -n demo +NAME INTEGRITY SIZE SNAPSHOT-COUNT LAST-SUCCESSFUL-BACKUP AGE +gcs-repo true 1.382 KiB 1 9m4s 24m +``` + +Now, if we navigate to the GCS bucket, we will see the backed up data has been stored in `demo/nats/sample-nats` directory as specified by `.spec.backend.gcs.prefix` field of the `Repository` object. + +

    + Backup data in GCS Bucket +
    Fig: Backup data in GCS Bucket
    +
    + + + + +> Note: Stash keeps all the backed up data encrypted. So, data in the backend will not make any sense until they are decrypted. + +## Restore + +If you have followed the previous sections properly, you should have a successful backup of your nats streams. Now, we are going to show how you can restore the streams from the backed up data. + +### Restore Into the Same NATS Cluster + +You can restore your data into the same NATS cluster you have backed up from or into a different NATS cluster in the same cluster or a different cluster. In this section, we are going to show you how to restore in the same NATS cluster which may be necessary when you have accidentally lost any data. + +#### Temporarily Pause Backup + +At first, let's stop taking any further backup of the NATS streams so that no backup runs after we delete the sample data. We are going to pause the `BackupConfiguration` object. Stash will stop taking any further backup when the `BackupConfiguration` is paused. + +Let's pause the `sample-nats-backup` BackupConfiguration, + +```bash +$ kubectl patch backupconfiguration -n demo sample-nats-backup --type="merge" --patch='{"spec": {"paused": true}}' +backupconfiguration.stash.appscode.com/sample-nats-backup patched +``` + +Verify that the `BackupConfiguration` has been paused, + +```bash +❯ kubectl get backupconfiguration -n demo sample-nats-backup +NAME TASK SCHEDULE PAUSED PHASE AGE +sample-nats-backup nats-backup-2.6.1 */5 * * * * true Redy 2d18h +``` + +Notice the `PAUSED` column. Value `true` for this field means that the `BackupConfiguration` has been paused. + +Stash will also suspend the respective CronJob. + +```bash +❯ kubectl get cronjob -n demo +NAME SCHEDULE SUSPEND ACTIVE LAST SCHEDULE AGE +stash-backup-sample-nats-backup */5 * * * * True 0 56s 2d18h +``` + +#### Simulate Disaster + +Now, let's simulate a disaster scenario. Here, we are going to exec into the nats-box pod and delete the sample data we have inserted earlier. + +```bash +❯ kubectl exec -n demo -it sample-nats-box-785f8458d7-wtnfx -- sh -l +... +# Let's export the file path of user.creds file as environment variable to make further commands re-usable. +sample-nats-box-785f8458d7-wtnfx:~# export NATS_CREDS=/tmp/user.creds + +# delete the stream "ORDERS" +sample-nats-box-785f8458d7-wtnfx:~# nats stream rm ORDERS -f + +# verify that the stream has been deleted +sample-nats-box-785f8458d7-wtnfx:~# nats stream ls +No Streams defined +sample-nats-box-785f8458d7-wtnfx:~# exit +``` + +#### Create RestoreSession + +To restore the streams, you have to create a `RestoreSession` object pointing to the `AppBinding` of the targeted NATS server. + +Here, is the YAML of the `RestoreSession` object that we are going to use for restoring the streams of the NATS server. + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: RestoreSession +metadata: + name: sample-nats-restore + namespace: demo +spec: + task: + name: nats-restore-2.6.1 + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-nats + interimVolumeTemplate: + metadata: + name: nats-restore-tmp-storage + spec: + accessModes: [ "ReadWriteOnce" ] + storageClassName: "standard" + resources: + requests: + storage: 1Gi + rules: + - snapshots: [latest] +``` + +Here, + +- `.spec.task.name` specifies the name of the Task object that specifies the necessary Functions and their execution order to restore NATS streams. +- `.spec.repository.name` specifies the Repository object that holds the backend information where our backed up data has been stored. +- `.spec.target.ref` refers to the AppBinding object that holds the connection information of our targeted NATS server. +- `.spec.interimVolumeTemplate` specifies a PVC template that will be used by Stash to hold the restored data temporarily before injecting into the NATS server. +- `.spec.rules` specifies that we are restoring data from the latest backup snapshot of the streams. + +Let's create the `RestoreSession` object object we have shown above, + +```bash +$ kubectl apply -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/nats/authentications/jwt-auth/examples/restoresession.yaml +restoresession.stash.appscode.com/sample-nats-restore created +``` + +Once, you have created the `RestoreSession` object, Stash will create a restore Job. Run the following command to watch the phase of the `RestoreSession` object, + +```bash +❯ kubectl get restoresession -n demo -w +NAME REPOSITORY PHASE DURATION AGE +sample-nats-restore gcs-repo Succeeded 15s 55s +``` + +The `Succeeded` phase means that the restore process has been completed successfully. + +#### Verify Restored Data + +Now, let's exec into the nats-box pod and verify whether data actual data has been restored or not, + +```bash +❯ kubectl exec -n demo -it sample-nats-box-785f8458d7-wtnfx -- sh -l +... +# Let's export the file path of user.creds file as environment variable to make further commands re-usable. +sample-nats-box-785f8458d7-wtnfx:~# export NATS_CREDS=/tmp/user.creds + +# Verify that the stream has been restored successfully +sample-nats-box-785f8458d7-wtnfx:~# nats stream ls +Streams: + + ORDERS + +# Verify that the messages have been restored successfully +sample-nats-box-785f8458d7-wtnfx:~# nats stream info ORDERS +Information for Stream ORDERS created 2021-09-03T07:12:07Z + +Configuration: + + Subjects: ORDERS.* + Acknowledgements: true + Retention: File - Limits + Replicas: 1 + Discard Policy: Old + Duplicate Window: 2m0s + Maximum Messages: unlimited + Maximum Bytes: unlimited + Maximum Age: 1y0d0h0m0s + Maximum Message Size: unlimited + Maximum Consumers: unlimited + + +Cluster Information: + + Name: nats + Leader: nats-0 + +State: + + Messages: 2 + Bytes: 98 B + FirstSeq: 1 @ 2021-09-03T08:55:39 UTC + LastSeq: 2 @ 2021-09-03T08:56:11 UTC + Active Consumers: 0 + +sample-nats-box-785f8458d7-wtnfx:~# exit +``` + +Hence, we can see from the above output that the deleted data has been restored successfully from the backup. + +#### Resume Backup + +Since our data has been restored successfully we can now resume our usual backup process. Resume the `BackupConfiguration` using following command, + +```bash +❯ kubectl patch backupconfiguration -n demo sample-nats-backup --type="merge" --patch='{"spec": {"paused": false}}' +backupconfiguration.stash.appscode.com/sample-nats-backup patched +``` + +Verify that the `BackupConfiguration` has been resumed, +```bash +❯ kubectl get backupconfiguration -n demo sample-nats-backup +NAME TASK SCHEDULE PAUSED PHASE AGE +sample-nats-backup nats-backup-2.6.1 */5 * * * * false Ready 2d19h +``` + +Here, `false` in the `PAUSED` column means the backup has been resumed successfully. The CronJob also should be resumed now. + +```bash +❯ kubectl get cronjob -n demo +NAME SCHEDULE SUSPEND ACTIVE LAST SCHEDULE AGE +stash-backup-sample-nats-backup */5 * * * * False 0 3m24s 4h54m +``` + +Here, `False` in the `SUSPEND` column means the CronJob is no longer suspended and will trigger in the next schedule. + +## Cleanup + +To cleanup the Kubernetes resources created by this tutorial, run: + +```bash +kubectl delete -n demo backupconfiguration sample-nats-backup +kubectl delete -n demo restoresession sample-nats-restore +kubectl delete -n demo repository gcs-repo +# delete the nats chart +helm delete sample-nats -n demo +``` diff --git a/docs/addons/nats/authentications/nkey-auth/examples/appbinding.yaml b/docs/addons/nats/authentications/nkey-auth/examples/appbinding.yaml new file mode 100644 index 0000000..7e4a9e8 --- /dev/null +++ b/docs/addons/nats/authentications/nkey-auth/examples/appbinding.yaml @@ -0,0 +1,17 @@ +apiVersion: appcatalog.appscode.com/v1alpha1 +kind: AppBinding +metadata: + labels: + app.kubernetes.io/instance: sample-nats + name: sample-nats + namespace: demo +spec: + clientConfig: + service: + name: sample-nats + port: 4222 + scheme: nats + secret: + name: sample-nats-auth + type: nats.io/nats + version: 2.6.1 diff --git a/docs/addons/nats/authentications/nkey-auth/examples/backupconfiguration.yaml b/docs/addons/nats/authentications/nkey-auth/examples/backupconfiguration.yaml new file mode 100644 index 0000000..70b58a6 --- /dev/null +++ b/docs/addons/nats/authentications/nkey-auth/examples/backupconfiguration.yaml @@ -0,0 +1,29 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: sample-nats-backup + namespace: demo +spec: + task: + name: nats-backup-2.6.1 + schedule: "*/5 * * * *" + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-nats + interimVolumeTemplate: + metadata: + name: sample-nats-backup-tmp-storage + spec: + accessModes: [ "ReadWriteOnce" ] + storageClassName: "standard" + resources: + requests: + storage: 1Gi + retentionPolicy: + name: keep-last-5 + keepLast: 5 + prune: true diff --git a/docs/addons/nats/authentications/nkey-auth/examples/repository.yaml b/docs/addons/nats/authentications/nkey-auth/examples/repository.yaml new file mode 100644 index 0000000..dae9141 --- /dev/null +++ b/docs/addons/nats/authentications/nkey-auth/examples/repository.yaml @@ -0,0 +1,11 @@ +apiVersion: stash.appscode.com/v1alpha1 +kind: Repository +metadata: + name: gcs-repo + namespace: demo +spec: + backend: + gcs: + bucket: stash-testing + prefix: /demo/nats/sample-nats + storageSecretName: gcs-secret diff --git a/docs/addons/nats/authentications/nkey-auth/examples/restoresession.yaml b/docs/addons/nats/authentications/nkey-auth/examples/restoresession.yaml new file mode 100644 index 0000000..9c5f524 --- /dev/null +++ b/docs/addons/nats/authentications/nkey-auth/examples/restoresession.yaml @@ -0,0 +1,26 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: RestoreSession +metadata: + name: sample-nats-restore + namespace: demo +spec: + task: + name: nats-restore-2.6.1 + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-nats + interimVolumeTemplate: + metadata: + name: nats-restore-tmp-storage + spec: + accessModes: [ "ReadWriteOnce" ] + storageClassName: "standard" + resources: + requests: + storage: 1Gi + rules: + - snapshots: [latest] diff --git a/docs/addons/nats/authentications/nkey-auth/examples/secret.yaml b/docs/addons/nats/authentications/nkey-auth/examples/secret.yaml new file mode 100644 index 0000000..71bd6e0 --- /dev/null +++ b/docs/addons/nats/authentications/nkey-auth/examples/secret.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Secret +metadata: + labels: + app.kubernetes.io/instance: sample-nats + name: sample-nats-auth + namespace: demo +data: + nkey: U1VBRDJRWlBJQU9aRTdTQlZHUjJQS09YVkEyTDYzVUQ1UEVWNkVVUTZPTEdUS0ZJV0o0VTNaQ1NDQQpVQVdHR1ZFSFhJRU9XWVZCTjdSTzdJSUtJWEhJT0s2SldXVURKT1dJVVo2TDNYTUlXTTVJRkdQRAo= diff --git a/docs/addons/nats/authentications/nkey-auth/images/sample-nats-backup.png b/docs/addons/nats/authentications/nkey-auth/images/sample-nats-backup.png new file mode 100644 index 0000000000000000000000000000000000000000..b3f603de785e2330c4b53a5b71505174aed01cec GIT binary patch literal 45342 zcmYg%byOTr(Cs2YLU0J~?v~&VK^J$o0D<5d9DYD>cUcIwi@SSpx5eFIakn6k?>pzc z^ZuIYK7D$sXR533y;T#Tsw|8Ck@zD306>?QlU4@+5MTfRJRb_ed(YILBk=nL(ON=D z0syFqLwh#+@ZP4hkW*Iz0KDk|fWQy{;OV_9@DKoS=L7(bOaTDFbO3V5s}-OlNg zXW7yD?W;k-$of7ST+IxHXq^GB4l^6esuzCGA6vsyZ zClIy!_BQ461sO{4dn6lxGCBO$cci8g2k?)7FWG+ z_u|Tc@x0!UYpcnHh4zV%L(eXz9`-y}784#Pd-8lGB{6b5X(etTO+`q3N~7M3AR zOm4mOc3ko$d+~871;b-{D#h98hhu$|NBQxSHzPqr)r|ev13hmDz@Zm#pI(Iq^O%!3eTknhe>8$5jUNY18#c_`52UOX1*2Ntf{R=u@w7~Lf>-&!x&Gy4g}x?q;is&EdV!&4sBVPXPSoo4`o?^?7Rid1CZNiZ{|J z()w5FNJg+(gk7P(N4|IDEB~zqh8^>AO&75)L>Dh|Wi@xVZ?o;DG%tQ%? zp4;6LCka2a>1c3Xlu7x+MR3MTe^D+=wEn+Q+(g*!d9jL$Dx)ZLnOrtRGsguyJcA6a zR{U~o(!Jq?%1#;aKRoKfYvl$l;UeodC3qwnPi!%~e79+R89OGaNs5ub3`f8$$|)3F zgUWwt(;>^Fdl}_sqe(pNcKfDhi&`oy&r%i+51~dFWGq3ci}sSE&CCQj|CUPg0EQ-p zvNMtY7XB&Xu=FMd=-Jr7($flh&AmN5ct8Ja$A>}z**OGW--i2~k#PqkaHRC-AS~`) z-s1Vz*1++xNg|5$FG-S?t?$#TkVF6nqg7e2rg#2J>x_mGb*ISZs$eF;cF$=!r~BNr zW+Nz>EkcQzGp75*<8#OriZ5{oWwPQCuxm3#F}m9?Ev_!2(8a@^VT;@36w%gH$2Z@t zy@%2XBj+k5dTzMb`L#qy$#QO$18Tc}pn(kxsPZTg)XphO^NB3YyTasX}mJ9Esw$0u}2W@tr!J!A(^S@OE2d z_s)z>F{*C)a|uvI;>(@@xoN5M5O7ppBcC)WmB+8v<%@`r2oH^tQ%{I#66c#?_q6Et}9a zZzYG+V3B`!{Q;~p$rVa?5Xp;DCuEEL!M;_`P{`>rrCX!tz(Wn{C^Klu8JPyPHy>Uw9JX8!~JUnD|$)!#` zquI|k8L&rO`dy3jpn;?cRS`A@*CW~!_V1>~(OHRnsfFno;PtV|iS*x6Dw#5paaoem z88X7rz-2rvunHY;FhaSzM0q?tQNZddc^DeL>BYYe6W}uU&itb)3tj(uRLk;xn7o3l zC9vnlnZ5CiJ&UK-#tzn)r9Kyk8H|3r5rMD$#?wtOJ6$Z(L&<8V8W$WG zAuVrhC9$fR6#7BWxI}{c&_%JzJVlfaqNiO^8t_FAJ3bg@xfog>%qULuO&4h~=EF@wN z&xJ6cJYYx?RdJ6>4CMiDBGK~r!8fe)aET1Yl0azrQyBN1aqIcz&C~msq0st}t1BC7 z3vTX`3{GASS&JwBeyX8insJ$dbhlOAO)(3(C~nbUm{WX;MzMeEfEyi8uQ(^kGAm>Cw9~qE9$#9ba0#pwxfSL+K|t# zjI{+rfF^mms6zF6%aGyD;Vmgn;^Fb9c%G4u3UP+?kR^uwxM4TT=n>?M0)`;e0&v0D zG?8xL%_?d}`bq|+#fclg_iW$I<&IPFbmdJ65&wMwgL1C8BzECJH2GI@D_}Z?{C5i; zCmPA}`%B$fR(^*gyzGA`tH4z}LYH`L9Ht_Y#L08<(CA))%vDRJT#UglOg)K&It!yMEe#B zQOT%GaFR6kzDquFwy=o`lCR*ukG!o!oM5Q^eh{6JnUlop(4(6Sq`I08X%>%6i%morX zEK=J4o~g@4eNby8wMu4leJ+kzDnJCgCRj2rz<6#1#U)Bdr8A>>Q3Dz8vwh1)FC9HH z&7%&$X716r6nv3~=V}^Yt7f^Zq$2*!Mej*U^l!1|J-a&$Gx9%oM@W?lhY3|GJikFK z3INfW;>#hQ=JO|2z0R;igoosWiJG|w;>Lq1#jO`YfIVF$8r<}z!GspV``7iTJ6uJK zdDqtigx=Yff_V(|2Z*51o1-tjT2Po5%oax>Zna+iQQ+fO=nT&wa0pc1M4quE9l}H; zvw8D{dPEb)*;x7MSH;&nAcc^UnV?lO4p}1-Sh*l?FitTmaT16T4i<)R`+M^aX|}Ci zXaN&1kNWNUH7B*xb1+<7!ViS?eZp_Ahj(nF3rf%{4L>Yu6BdvWQ)TpWNq4mwnkIL< z*?jNW0BmN6iXubet2jxM8Ur~+#r$UZlRF<@ED@JI|DG-vQ>&;JdTHwa`q9-h@5RKC5bulXWs+o7VA6-aiEYB6YO zx0*sZY`M$bgDu>)`Z&;(W9JSh#O3)3UBJfQMd zwA)0cVc~+~GK+Qoa&;HESH>YbCEMm&fFZ8HNrt20i@0kzA^V9$7|b@DrD;>gTaekOV324o>94~MDbO`vnK>~M>dXJ z$gI5Q2KL|!-^oYCL8AOe5X33M7k6|Av|EVF9J`;f1cV)K^-7u@n4h!JumI);ca?_I zGc!^_0v_C=gkf_I{(>;QcVK;4@_xp}^nT2>@b*}rb=H{CblGmx-~mrzG+%05%MUIl zJ40t`8DcWxbHu*#ko}v0LV0TRa=F-e7~+@>v%8z!I+%tT#)oGwlXO9%?(djm?71D4 zNMk?=6fN@PtZQ#^Ne>)S$xY3u;u5ilT&9t=LS+0;Wju@9-_9;QwuKW!9zD?$Lasz+ zZP#&N>aZWDUhcVU|C6agfo!ne};Yh1&+&;jOOB5 z!_zAk1i=!ZnRMpg<1!Pg4qfc*RdfQN)smBw+D}Umm7epo z1_KZ#%;R|RjM8`V& zKP3yhC&$FQ+R0#GaGCY!J{vyK=Bq=&ySrP~^zmxEGhL|}!3{!042l|0{qo|8foIt9 zYK_9~pV)JiuZL-`?*`&Pfw-9xvMYE@PQ<#>F)#}l5DnXm8ba4&%!X2Fk5X4lula8ax3)f!Li1V?x=y5)Cf zh95{_vnq;@p?kp zQ^L+1IH??lJBWQxCZ72C$uimAw~=?`w^gFCpi3q1&z-u>AKZkphEHRxhtz+ae)1a6 z!9rjbb!HBoJOkt+@JR?d!;4B1qiFV>hTH!O&PSD1prSIPK*doF;<)LgnHjuMPd6+5 zfgfo1H(xo$3`2#3#-3U2vQr;1QHrFtcup|5#-pLVptTG?X^!fiVpzgd@)ChmN z_fCX}eXT31X~*~8W=equ?{@3I$m01X;Rwjik|>68_lQlXREDSrPa#;jF6n3gmv#L= z`t`pzL4PVHczB0izRT8UP4)}r7WB5~j8(^b&6h8w{@Tx2g2O)P6zD7GlthkMB^7gh zigvM$3~AwHxOuStkRl@en2UN70&}Ro`48=j;^#;(GfNiA=o=9fI&xV~$rY*{P_H_P z_zs_4ee>Gux^WQGIO?yscKzuKrxHmfL!Lq`NelLoy34H(CSvwQkx0yq1D&oVqgBY? zgf+}mi7oxFjQ8c+64ml~%g)^a{P zUd%a>HtxCC81b(pLD;`O&Mvs&;DXhtRk{a?Z>TQ@#iUFO4!7&nFDg`?Mgbq+;)6GY zAx1O#jAlKATLjL-L=p-QeHj*I4;he_!p}9s>^Lqmj$`OX{-Sv}FAR8(w~6|8eY(_4 zIC(#kfA-V$kX^n~Un}j!QSx<+pcv@hM0U4y=|Im1}n4=H9Ml%Cw58SVLU|Y z=7%uXmpVp;&=l0B6@M7QAEl34We>7QI344}{4 zg?^yeyJR(2tsVNb^mWJB%#3mC6Duz{3hLi&4%ScE4uP|uKmW$+lK0Ou{7*!SkhUvF zQlt?JZGd@AwURMSa+=Um)Fjwc;Z?|E=WKi^+`0Y;)`ZuOD?FqW z*(-5=fv=#l1sN|9b--yi@n;SQL`vaqUVDmtE+N5FX$1pS zqf(;`UI<`w-%b`#} zaZ$>Jz*zA%)H_TwRHZF^Nb>Feik1Vo(w#P7X17{_a49BA3Fn95Oz;Q0;HmsupRF17 zSK)0M?!oiA&r)$?as=}KHSb+!aY$TWi=O_*#z5VQk*z;yI9|1o%pY?5BOTj(#b-Gv zOQWT}HPRQqW~iwE>o0!BX31#5di0f`Qod{9+}k4m4TRb5Q6?9wiUrZC)5`Y^4j=@P z<_%eR&xMP9%@2A~gpPjFOA#{D_d zBDRDje0J@ANSI_)rT_Rs#Mox?Y0*?vuO8>|@uo#~i8Jv+lwO7+OL2Fn4#SdZcnjCz zDH_>#hA{fr&`j3wRa8F<0cCJsX1GCjhsZ^IM-9zOoYE`V8#Tt47)HgV)Ci0xB>MtF z%P=c*O~0bd5Ecb#$i;lhRFG!`QU+YAKl+8h5^dS$zx44DJyZQ>$9Sn$HqRm65~YKF z8qMkwTfURPxBQV2>TW6jf{izFy&o0iLPQ)**vD&Lu?KiwyZEjKB{#*SOrv$+$ zWiBax&+I4Dr#+=VfdYK_SQTP@8&<)GOic9Q6Y_Y`8S_PBp`qI!zCVsoS+^f~kZm5r z3y|ZtvrBO~P)Vb>4++YeX^Io7GnW0LyI*?-RbOH2vsijXz@|+GS9FpkC+T4MmxwPSD{V73}AnY+VnXKY_cnr;Z9i z2*()5{-*I7RM)>DYbTtab3oIW99HF$2mjj*8!1ZCVO53$Gco5w8CJHm1T)q#q+q6Y z#zm3!@$_2%$ktxM?E9F$GGa*Mm+!~y$tTFI=dsGZGRscmaD?h8ct-J@{SjJ^B#9C* zbZm28bGkS)BiA(eFss&?8}hF-hQJnPLY^o_1zEP|odENDcVVY3*drWXg#IVgT!R9BkS3L3 zHyU*jgpG=pR@sSA2aI*YJ9 zc8`j}*K(gQ6uoZh=|GSB!q9V3tL|FOhS9 zZ%)}vF3ptyX4;+gAFnV01y%I(-~ziLh4#2Crlv{3-}!UXQ8i!>`)W!S6JxqGV~%1S zV{ffy$Mz~+RS}H6s)o&NR&+Gy@h7&=S0Uu@R*dLo`eTF!&OGM@epU1PcXlGgzb zwdi-^8k9NVVh-p)`i(`RnYjC}%bZ$e>Q~=Yax%v!PI`(;Lwc`xE0U-+*YNXdBr0CL z)LRR@m5bEWGqgX@4OYv7LhPsY(lzy#pGGfH=;<&Yc%B#gJ=3@SG?R@6$Lmq#K*#gH zQj$#F={N9<84V6@4Lwc<1A!6mLaG9b0S1TB^4-Mfxx%@E+tVuzG{oF2qch-It{1Yh$A`WkVsVHKEY_c}LPL<0?BOgxgIw^Y0Qwl6u zVmeUGj2HE1Fs_N13=9=+=H8h8I6jL9lF8XopBxqVe6rCFK>%zZH^@p&!*)^M*3&lb zD68K<79jr-xAp&;MpXFwQT`*5Q%E{${Pv0>UgQ*;i2+MqIHpT(@Nmx4#Dn|?dB^~oNvFa%m zYuwA9rfQsn2FBqqG`d8Qa(FPC`fuYSDmlsO9r@P^e^}G?u4ToV+H`z`w#A;iR<&Z0jf87gueL` z%HVGp)QFQe;yW<>BJkzS9X_PwC5C-W$9q?~^ICnfzm6>p(1XF~a2G!B@N&4fkXBK~ zFoM=4{>H*_z=SDwKlVG#m=Qirr~Ub9#=SvDkc&Zoy*bmBRJO*=XtYhb*B++l(MZHF z?Qf5U5nK?%7P*%eRcVnQrajFF_2XOri#|V+Ru8W5=}lemtoZr(sa&9Te&OFlR9JY* z+rZ5I(Hr3N%^Z17$~TJs{;S7Y_wl}xJkOtRn+8*H=e!TCwhJ6acN2CvD+_-0>%|~MQt0UJeA|ETGFc7#!oS&Y_^Z>k|5(n>44Pez@F|`v z$rq;f7VyIGf=DPD+POBVt5h$cV%_+Q$3{yoBy9~k7jsSX7WN)HAd8`{Z8~592?gk^ z+l(FV{0yHXC(3?(tu|`b4O1(x+|H}%*L0{mhe^K7Cv_fRX31zXcAx)Kj3>rA;^xDC zL3jv%x9)jY@8j8xiH{Bb<-}!DVfVaU&OXBH{p$`EmlK#t5Ttu<)X+V3#fe3t#~7+Yq^K+hTWpIES-1Fl>abNGeYWRO1RHQA!*F>gHcZxz7yS=#<}qr-QlV%5l1`hNR0R#~lJB2@Wcs{#_tsYL9o zwz*DSi7Zj%N0-ZT{$z$Pht$kb{x6yT0yM~ni+|qX@r31W8iCoy3{Qm6&DKWv85(eZ z^|Q`O?ArL0A}`U5W4JnzCK@DbD=&*UQA{0htuF=H$(O3vU7tUjPin&jIIk=uTo?3t zpZ5vA*l+%uTu$XfA`w?GI7cG&A4JIe2kUyN820Wec!K4KjZ1$|R+`iO85=#Q^$=*D zTZX?usKOvVxbfFRY#O#mPX}@gff>opZx>XKQ*?2j_Xvf+Xu014KxewI(=fd{t8viR zCe%JWho$~0q4l662+g_im`tXbnEi5n&coLRwl2C#G{eWMZeP~7x)xnXS%Doto@$ik z-e{TiI7sNHc4hvh-+TC+)c>`QLN@V3-Fo7=CBW!3wSCb_Oz%$&5n67+lt$PMm(-Bo z`J5s%(C^&1=saVpA>z~gK(6>*k2n-qyh1CE(kM-+>woC7I7*3bB0GV<9TTwZO~d6c=-*P zPY>^6!(S+zn2HCKbzf=rmLSpx_Kk9**s_IfD1v<(s`!85CMbWI>IiaEO$eenXR&qf zyqty^ihJj%c&auAW9oCuCrw|mn+f*49xL(<^S?xaXt@!ce>G@e-c-h3Ml~J!U`my- z(AszX)>GzLZQa@|b~3r$n3o z{=700C1^ga+XNrIpZc;2rTjxN7Qw1ke1a$xdAjFEV?;|jWsY-|=X#Bm{*wYl1rHBG z2HqZiGgleNq#Ny>kW)JzEARW?x4~%ZWea!<6U%H>CTnh~7bICFD^6`wF25#Py}3tZ ze0Jrck9m^_hZ#v?;g37_Nc1r{*4%c}SsJ}O4c1UB_Q$r06w~}>d_PQm!Ym>3e{3jn zORn&!Kt3sd3m)vMecUM;<;`{I`(nJ|nk2g1u|=oO+H7;vq5gK+XlZ?!#J4W6n6%?p z^cr*IetR3B3MRujeoySDd8c+R_|B%a>SJ6c$zVAl%~^aJX3X**8UJ1JWS^l2K`>cs zT~58NGON21e(Bj8=%itD{1h)_WS!OI`|aNv-!^4fnho&0z1qh01wxTjvR!d}RKwd= z_l`;uHNGzIs+nx;@86aMybVxsyMp~kf6k5=#pdRfyu1CVP@Xzy!l%k4pfqXJ>E0&` zCQPvG=5^oci)wTxWbg(vGaqYr|2}HJx1_DkIx?0a`h2)0!@=t$r($^ze&3m|K5J&h zli6?#3uI~<@*R3ZxdRJ;zEMl-;Zfw!O!Tj?bn6?{>jVGYA z^*9EogBczjWd?T?Pb%aseKom-B22o>~>~SUmF3z4gCeo!RN?|3!>}#49DN zJ;Faw8%V85aP|eloX?~qUM@--GYf_0vBT2H!j4nLPq5m8(RX!88 zaM~yCQhp9ch3=fG_N%^d37Pf(+6Sh?28FFl5ba-xAivCi>qgf~;N71UrFS}4e8iU} zQTx(Dqz5ADjfm&V1lAETD6V|wK*XX1MO2B^ihhB(?d$op%b5e6tK zp7YwzbyEWn&sjc_8bA+OJQO!FYTjX~AQdgR7oj&mf{^}EkIJrT zB&6|}_aXghpFLoJGkaJJRh*w!`@e6-JKgMs&MoU4t^xVoZn6}5e3++170rAYFF%G>;^$g<_J9 z2oaJ;o9hC4zoYN=>b?xH_?KPe4Tw#Hn$30gk@@%Ag3W^MD?D}b-304Inh}tDk$gCf zDwo$#Sv~F7NRTmpBNxECP#K;{lac=>5@q(nnW15@BRKov@otLGp_>5CZD`aq-ND7` zU#GujPfiE|Cf^0+0Er>6OLDKI9#FT7&hQ!k5yo#+E(>qTW<;`-AJ<|uQKv+cP z7Ps9cL!bA8cDA$K``RLDYu3XkP_xj>f?q_*2FwcNkueAtQ(={T2Iu1Gk~=p8Lg5sw z=@_nO4v=PpYie3 zV+cU2Ts4~t6}FnrTZIGuDGoYzb|!xaAk8(n+WE5J2{ja3GZMNy-y!MDiZ{3#rz7Y* zd);q5Sh;LTm?l<;MG;oxSp#j>S{u0@o)DZ-R>t$Zuq)oQrJfkxoZcR|G7Qp$0zVX7Q)8*^Ifl_SjdIr#>RN}6L}NT z%3!jukAZTNS?!wTu(Vyr;OypS>&gEqYZ}TB1zA41{p|Ej3adDD!ZZI=3$!k$gS614QuOF4)0OmW$SN~Jy^$873K(z0pMp-K@RsYZkpc3B0$n#A# z;9M)fUgBZ1S@^lCZ#^t#Ne0zH-BbpJ3w(Bw(;|b!q!f8(I9Uj~8-}G%1z?LPGp6vvIs% zP+k0Xz%(~4m_ux<+$VPaFsez;w6A$l713l-!h@;+F~W1=O~Q z{B>tM4N?^r682N+#>ag!UtQ(xuT$xoV4*6HuTnP~WBSagQ$72DqWFm?J!o>S0n~j~dG{{q?VeZSSL~ z(SLg^nQ?Q0pa!<{|E@{GZ_iAo+aYi#0mw;DNUu6Q@b|={?3*?9Kf2Z@lZ#3bnQ#! zdrf5)i~rNaelQs=&Z1M55vo8ddclAM@Pj?hsD26 zOVj~u-?p+wFTY9OqoFcjl}@^UEcZ+A9?6fJgAE&x|JgF3pbQ5QlKHpKTenZbBW^u^ zF>Q|*($c!5iq~Gq?`n=W(j}}Wu)uE^btG*&at784#LlvWzUs$51ykX#1fEP zQCYzYebK&Y6+o%7r)Fy~zoh9Cis7gLIS_g3I?mEM>s@}yh6s|Ct&33>qW}3vV7DBt zc{HhVOb{AAn@1)=%+wiU#s97iLqlmp_hvOX(JH8>?h{k8Ly03`{i5Sd$?y4%v zxgR|@@0ssxKjJQc;*YL0;kvF$JuRzD0xHhQvh!}1nl`9Co>|5rHJ%&~u!r`&INbB+ z&ZTJ>#x~k-SYz!fLgoFLPgHdNLZY(!8_Re|C`%T;Aza%%??RH#pdb-r z@}gH^#;4+{01CGR>^quq15w)L_nIGra}+mhut}%P;BMCOf}lfd@Gt6g<*;5izvdaU zt^eJwvPbXu9o*MYS+?ea>Kfqs^0ZK0vWEEVXZ_P4HM?}W)9H~+2%*u@bu`BnFiqrc zk}%4!;HTfU=Y%cV+76Q&wGO<6@-=ND{qckDKk<35+jw~IlJ?=hzmyNP!l-+2FiS$p z%$FNE?|V3hgrE(%IGQ8IieB;L!Gn$hfRDtaFr{9uJ%F>dUTpKG4JR_BQ~Z> z%8!D}YbEG}`O{WzyF{q7C3x$Q zK+fuYq^Rduz6;?Q<&v2JI9T@yrs}fWEy4ZQ%)35tMhY1t5v_OdX174XPG%|oGRarZ zZBxAef>T7`p44@amHs{Zf`BX^z6s3LA$O-fIv^b$_)j-rG}Z3Wb+cPs6+Fojmjjdk z=m|7e^TN1&kJ5=)^T1rbuva#YTnnP_kFpS

    u^=7v?Y$Oo!l#F-Us)#{-IT_~B4O zn44^h5FuRk_g2ZvKxyPrzWR1Wf6;s~L8rOcEV(g zWfPPKBm~IAXe?lhNQ=ZtmZ}_teLYd%*Ch8rr@1rzfIFNYZ!ZaKVUu2M%8r7ymfYH# zZ|B;6FFBbGz8=kRCx%^Tn*m}EPLCA}lk?{=$}-MM6HnG@y*Rx%(%rO#_sl!0+20$l zYIX?C2g2dei0enB3c z*~pV(zkKd1pkexa!0WTMq&8=%?F@3<@!>Uw)L#C z-f_7p1(+v2S$s6dU3|On8*?-7V9}u3)+g z_ozTvN7^WpvVJ;8d4~X+X;9@BFSv}(E%k+`*c6?KfSWV_^3}hWxf|7g}17 z^8mRZs^{r;~6jgjs`Kb_MYCf zyFVdQ%$}9}6(l*=3c;jCH@4IRbM(1fSple)_$fYl5L+lnu z%4odsW_ysZv77n0`I!x&^Mp>%Kf33d5KsGc*UFa;6)`%$b5iJB=e@K}>Y>b%8!T_Y zUIv5^gI+TD)VIqxWkrM``Cm#dIS#a96Z3QT4gyOR?H%Y_HBM-GV$vf#dG~@?dg1l6 zMW|WEV^sNsdh3s!@McaCl=inrDW!9vwEQ?mh2{#!y#T+LDkztAljDZ}d6?ba@+}-^ zHON%ZNvYL`z~psny~Agv$s`xi#lP9pGf@%s^MtH@PEnEN9NOjIo-#`<#Y;yoJybvx z^M0TJKH{~N&gON?o@J3DLC|)j9>4TEUclR+B9I#@1DNQjUVTCpZYwP(4ZGG%wxHVA zV*S*nIbw4{o~iJy-wyLtLtB(UR#&ZjHRnUP=2=;hrOqY(vw`;<`e&T2)iwo1Pcx!a z?J+v4vKqjgC2gfs-flJGs7m#5Y2x1^@+S>&aw5b$Hs`ubOMLjzF4Hx8b5+j8SSi5i zyF#mL@{NKGZ>bY+DGI*T)>s1YoEa$;-%US*oV6qY1st4oY}@oam2p@ubxhtuwxWU$ zS{5bqYE+qEdOG$PF`K-TH=Vh=$;&?LinIFr}Zwp`>8P4>2kyd-{pcrF9 zgo@7<)g2hKu?z^8R}zn4GD}BG z)R8>Zk{|(9v#hA_Ae++j8FyGc#0i&TTF9ONZAD`WX94sJtjw`y1wX7 zZLO5S0xl!e)Kw?#{CI%+{HqgYfAv6U~$uorj_RF^Yx>p-FW<%lENt|+P873&V1 z#>{RbkF?EIbfaK3h+O&*UaN~Ta&I<(1?sH-&sH*Dq^ztx-As{yOOOn(r!qHJE1)2a zW@FlvHgjo9ROx3~pAcT%xwEK+`oo^Rwi)A_mTl&6`Ga+c{jTqWTUehWDrUnJPz-^4S-Y-zcaT+Oq69IfmgEPJY5H^WKB4&c(bTkUq*W)Z!ji{ zoH{#9bEgQ9^|??xjSY}fYhA3&0jH%^_fh_$bViRBx6iu@Ja2+;6KSP0Cbc&j*j6q` ztp(YQ9}=4^NH%Zjxhc}5H&n2U5@v?VW7H5^xyFvt>mQS~v5-rep}5ie6c>pjs&OAp zJ8H6$!HHD8D-6~1u<#$wAsNQI)DDjwFaV{L=Pi4evQAcR?AFExc)?MXO5Pp+^}0TptB{?^j}t;ey#?0erg2 z83akJ?f!|_S(U0{{o+FPBK|zfKE|B7GUPF4*RuIGYa5#ncayO5N^=TqWitf3p-OM03R4pw7bAiB9r9U+T+C~Oi}%x_Eb zn_?$p_e6tjC3HFR=M(^ z07n$-!A;oF%~C%aL1H@r0fCQc=(;XjVc4AQLP{Q#0H-FAq|ws*j~ef<7i7#3hBL3t z4mbe4LvD^AHCl7!IY0<6(!yRP`%yl9Xx2M7#K^7QqOCQ}_OMr6lM0t!M`z2MyUmVj z?z65V78oicc?pHn(x%hRnwjbg9(W=Vy2A^#^^;8xB-h9F#1`|5UC_`XZb4VXv4Q8|!wZ`nt+}GLrzq+IPm%?5vj?=6)59=}OZLI065sA&I~Y9-%X3=1ey~!H@-& z?*yQp$mb`_Zw!@_ee*uk$=TUB4-0M3DE~iX?#Zxk_u2<|YaKs@YNu8dC zItN;Yes`gfmI{^znj?2Z32@~{Ev_q0;~n}k-bVyD6$`*!kG#G+ObNsGS!+I5a-+=;C%B3J^_j!rY)%cqQ zWWH_0jjp2wzippc3MI0`SY5l*R9gV%v+>n&tKIymj`R8EHvzAeci^SlmzVdS1qI2b zFK~VNHnj%JKFl%yvsdhH&B;_$F1l#CXF?BynNj0uf&B(PnliieJl^?B_cQ|I ze03~CkKqV&BQsZ-3ouq>Kc0-;3@v1%a--}F`I%?Bgb5W51YTIGzeqJ_9a=(_fuXHXq`!8pX+x_M(irK2v{i#%`_7-Ph6utE5BXBBhRcY z`A$h>tvY_<3J1FqeL&~pHvMbe%50Umj{%=vm`I279+!Xn_((UC-{D3~{BYZBshs>c zb52K;s9IPU7?W}4icDKGcPX-^jIxCTf`%)EJx{k0^jlV@bPa!}b7>BhGEviH~+b`X?5SpLDW$0Qsy7WiEl{qLcD5u7<;Vr-49E2YDecy?l`ZE zP(NW|*k-`H4dLSsN;7d^HU0+fawEl1eQ>a&%5W(iGZrs-tdRKh{x!nZXdqh7?jTe= z{=;wzExt)2&a4ahk41ccw}gX#q*v+$7y85Iofz~1@YkMaM=4ts-~r@=__l7$T&bvI zRAibqH3yXNjG5jmulf(vR;|8#TL}n+dl=DN_@O0WLrb#X-i#%u@t_sQkpHeAxaf8D zH)!5T_2I)zwfKYhh^9}KS64>7GijgRzY&0F4?Q zEgSth)K)BSZ})N-r+1pAOrhS9^MYye;Xtf4ru~}uM?7tAO8gi9)*ib&2A}{DQW3(E zfa8g!wy?ydlwP&81gHOD$rFfdLuk-FfHr8e7fk@_nZi@;F&`)9OX8J=ISz2Q{wXF} zUDxQZIJxwcI{8lDs$b@ht+Vb);a@i>mejp3;sc=jsl6IFARX*8X|!%hPYU#Iv$DAO zfAgs?l{qV7pE>>XDfNc(6-K`%dk-R1HRY)e+^HRQN5WiDd(+sN4Hf(=8dHN!A0zo9 zi@8k_w@g|NNT*?=6ss}^6nH0{4F^`ozil>ygL#%s1lFb-UakH$SjcNt%YW~X%0MFP z>@n}`H+vklanW||q0MIdBgb*2|MrtzCH*^5xESlRo8;{`0Bes}P-Fk?eeT-T998ud zA%M@{-)Fp6XX`O;{ev{5O7|F{%GcSe{|lfMgSXtPnYdmB=w|$_8J7(JC$tjX6dm@H z76q=8U{uiPPC2}7wvS?aqH$_Q5JF|o-wCD!Kt(=65l%lx`I_$daCo%O7@C;8U4`jF zdiRA0NwmG#2^0S&v7)F*3V_BX&GynR&RgNM&5>wH#YA zZdGeE?EdXq6Y^G(wr+eqDeSbR27RZ$NTYm))PjEZ6^hc30!(EKu@}=p0|`4Jbjl{8Q zw~*un+Tu?A@7pPD$_AB+MolrFj>(9)kFDgl`zd%4a|Lim*e{NT1QL0{Mi3z!kfOk9 z#Ak81@5uh&;(qCNyXjmP_99?x-lW!XZkxoeg zX%wZE6r_=m776JPP`Z1JloAk;k`h6NG)PHz_vqMY7&Ur~vF+RM`*+v1?cJXDdG2$c zbMEu@CJs6EzTui5uj*wxUZ~=gN%Q6%9%J^Qmb~JO&D$~CJfhTz|10ly9)?f#-l%Fv z3FT}_A&}kqb(y5=^0!i_Cl`sdb41JV_v~a%is$`$+4_W6(q9 zeWyu#djH3fXC>1#cj@@&X}`sw$7Hx8W{MNNE2~D(8Hco<&q?XSIylj4>W}e$VbNZC zhE9mAk_3cQzvR*6LVI?1XzP9RSSq&cE3CF_yRnWq>*TK|@Fv9a0MoayNfMaHFCDAU zqX#$ex_X%pH}0W90_?Hf2hrvFZ&YJi|n)Y7Ix)QBnG(kC=^MYDVbcP*M(!pZotNc3fA zWF1!@q3hRM4h3@}k_BypLAvgXfkZniBrVx-X;`ls#e$7}N$>W4s^JIxnX`lSA97Dw zvm8}MOo~%;GoS2tiHXA|vv^cX5}~6isUt_3*CeDVOGG$aRJZTTZmXL~nnbxPVZUg8 zD$WISL59WY}#l)yfOG`1ueMnk5!eu6^I9k4)2J{eQ;9 z&KLNzPVz?RN&!Sf!k{T14$qXf5}87}a8-P`1dJ5vRdLWKaTOg%Q7NA{3%s)4bo>`P z;CmJl-B9-K7>YVZ$%fCwPrb6P{3zFKmkGY=s<$>jnkdy^ef5&d)u>Do_$Q z5-@i0uQugPlL(lH)d6*(uYRPuA2y~sP=TiX!D!S$&$#G$r%9LgI_yk!)bzmx-V1BB zUGr~F4yWH9#}-o$%Mj=Ae2_sLzvN@?%%_?io$mw4;x3X}(r2La&#%pkkw+WOh%J?| z_o%-TC3{uht`Nn|oWfCS2|R}7KRlG8f(>%yw)#z$S6GC04h?1=EKZHSu#7gS9Hr#S zZg8ZycT?bI!|~Q#Pyi9FNda#lotF}!AgN`hH+fK}>m+XxL3?wG`2l7qmgY}~vjcFY z75njiYx-*vtDvp4WiS?Ph0dVxyi@A`2E^2+nZhCRp=lYDXT;d1e>?7c`{-hS08!xY z4&-|IC=^Hfo4VwPf`bU;A1SbT-*-&85ji%nQGXKiAE!;@E3?0Xu1Xd` z-ogPrVm;~-AGty}g|nu=zp3e6K@eQnXnuPAva=qY-TmXF@ZMAtiwSDD)NeoB>Ci=D zO}b8}+)}E{`}-_p0BfAK*b+;1bC5r4(V;+a#NM*h4pZGrDrA;M#s{4I)h13HAvt>} zIcwxEc!DY$u2u!3f@Mlqr0}FNpnYzJjQ>W+-yhq$++{DYwgW(2!y^{fP|lVwVr`)x zKNF8~ZC6AmIgD$GEkj!)!w`1rho6hq)4^iP)eYN7sLYzzUEXBZFmdLcKuJX2p_4Cm zfkR_|3;xLc0C2OBL|hQ0AbrC>56iRJ$@h_xH!B}d%dTR35Z&#&OJ@{j_Nb_S?zxKa zmm;uRM7Ynkum^wnQ@{n@Vw~UY35vKSwk8z`8&}KI863NS3z2|+GwKgO`gXe#s5RQ0>nA7Zi6rmNBT|(_1n!VO8c*C)g!h`HDD+JXjR;^|!22@m zmY{e#RbgSM=dksct|Vd(yOM?QbWq~drm{pMNjAGH*0+JDr{1?>jlQ+lm)wHgjBx5~ zWFRR)*Tcx-{6xp&+l7w9L%oRxS}9CVU6~u@QQFB&0=qCjJd(@qm3xs4iPU+qbT4rdvAuceWYZ{BW^2Z=XV>GYtuCFXE+0i% zKQ4_d{?p`Y{Vcg8poXZynEmYs1>S2>8m`eL2vV$^v_BQW;kIMcC!7^guwTtGwnI(< z8cI*CvsFiwJl0CKn9jy&b!extODNlg73<$nf~Bji-wsz-Ci~nQ1s3PNl_=lg(ehGV zgoteGj>NcYoEpf`^r%31&5dZ;y(Aacla1+l@b&%EKDx3{Znz$l!asGg1-HN(bj#$Q z$LU(HhP#~`YUgoD3Rjac1q8!aCwb(&k8hODPd9Z#o1=U`!Dhg%7Mj=G7w*ADmM zt{};kh(R{qu{^HaJ7Y-jAgs9yd*FKdOa`6Hq60S(c1`(eT=vs)8s@t9OH*Tp;;Mt_ zpu<^lut5Al)Gtx;n}cRy^)s&7d_v*QropR`S|SyY)PoX)d?@RU)xXH>u%Lc3+Sx=E zgx#%3ryuO5cctTkT3$682IRlL)>LoRs*yb*l;Z$VSgY@PWHT`1*5@bt-|@=_fHRf3 z(|TXa1G^Ri?lnL=*W_lW!xRW+<%VCgCUy;ssD&#Xz<&~Zx>`Mw1 zTVu&yF-fjH(TT!_<(E}!(tLY^nsT1);5_`Wqocj}dGs=&1T2?OFwxhtILl*#C??HC zmi<9voVTr~a7Jd;@KH2hTR7b}Ph+N)kX_YUZ1D z-=csWc5H$`qOfaoWToFsAtbu;(j>(LGd71>|Hg!ZdE^P7&*yPQ+P{W(Yg=E`tWVSl z5w1ru$=-!ji?6+Zt~PFTDYJH4hS^crj$9hj!Ie&>8uouW3=9l?#Be}IJ?I#(Svz=~ z%b>Qhc(kJI@7=ky!`q~RITa_aRw~lR!c#_fI!ln<*2RZkFzK9{IPT$ox~^u zK&N*$eb?3}+kXr}m2Sk&Y4Re&P=W1ez*Yl_sxxFal%Ze^H7_6e1Vz1|r5wHN*DJt= zh98?7vO6B)_(MIJTAPB-)6)0^L#cOW+3vw{{oW3}$y-h?(8YStZn{8=t^($#-38+e zB8;BCBc^xiV`)Ly;Wr>SRS1h1cJtgSijp#4nDf>mR`2swk}_nVj&Zn*LEgLDHVx?- z(55~n&s1EKs>`+-6;v<#r+I9AHCBh&aGI!@Zw=l30^TKs~xYQlT9FbVeCV17bV-nDgKMA zn!V5JU;Up>a|(k8Iodd+UnhR&Vb?RU@ch7Tw569MEOVk{{vQzHng~&EBU7uxizwHs z$uIcYk;j{XrqUG5a3!HHuk}~S<(Gjurrcjv7q%Ts1t&5w@9oa5B_Rfdv>p_!^6?#w zUV3&qs3asW^}my%crf_*>45u>G9?uJ!1U3^yOyjOv!3Lx}8yi)8S)?JQXKKyHh z!;(koPwxRIA0^5VI2`5?M)dkt9_^d2k5J=>#k@q*J#^oB`QOhWE)g^>6)tz$1g1h!<9OnsBDqloJu_l+Z1*kCS@Ob4G;6) z{ZU7EE<-ApQ-UjwcW*_m^v}i{bO|u}0V{-Xx#D)?pbHCtecLGEKU?YhkrJzah;i7g zL_qBzqwr>j-X!}o$nle(=^;mWRuG|+atXFxk8PnYRP`6_z)J*z-jVsp3y|w!xGJ%@ym}iVErs{oZoZ~1^mYY!_ERhS~)5KqS z!PfT{q_QTzYpFKwLH{{?lWJ(?(7C6Ma{2A=veALD?`UwP8u+O3QGM@aY4=#&JV4>% z9dZNp=IyG#_I`lYzy9>TGp~;$FIZ>Xd-r84dx}iq&qb-S+O;? z(V^zYeT5K$0kf1|8H1R=dJ+qH29DFA{5cgg@{e}s1NKk`+8sIvy%X9gNd@j_l=WV= z&9V?7=jWTRZs;RBLaFFQh|O6!8i|11{!<;l8c01lieXb^sGv_xj_la+h z`2w$xRmr!Vto|eLE(e`>V=vo{Tll0a_xv>57c+(1t^3X0N8B3Q_@WX|g~vq{XV{i$ zzCBtY@plaVqPAoT&xPN60g#eAO0!K8FZ`3nZ`9#oD`r0-Qtw^xmLJ8{HK83q?crTp zYNB}wXlR})3vGve%naP<)FZWu?m-AD5fC$IX#4dwQe8U)??daJi7e3Vmw4*5eLQo$ z|AJM0=$&3Va_#9)&^lou_fyJyK#I@WX#2SLSrQ)xVwD9Oo9%T}t)pMW5Es2af6buB ziR+1<-aiDKExKTxC%4zfD_AF@8yLiGX8>o%MCIhbUZb$%Wc_tLQUpyjt;k zb@{Jz^>bopr*6TZR0jt*`gI@QLQ{&Iy6S2NfMHxx)Ak4V&av*>cg2_)k^#T{7{w?Z zIT~^FwKe;O1s)LSCojB{Huov~=)=p!_!N#bkY3~OX-}pq`4gl$pY+Rj$+bUTO{+`# zyI~!OsT4q!ZldJjE$Y65i!JBp`EIY9^-nA;u0NU^lW>1Gu|}J7X$DTr4T@|>UR!(F zE?ngjWCGu}*9PNFXMK9ZyGH1?vl2IiE75e)TM*FBPKwnK6GTw_jl+UZb213((9&Hmng>ZO*ro3(#?zljCG=95)r(hABg8Iv=k9<@=n0`4!TLZEep72! z%>v?571VQiow%}V-7LKrjx6=uo4$)NUm;Tr!LE-5Z3oj7IRvdJo~>fKpUgr!-7t}u zZlb!sjZN@r{HfbOH5c<8in`Q>0bgtD$vXwh(CF$2h;tpH3bAQ(){|KOkL(NUs6YLd zASV>u9n4uD1Ys#d9~qz z@A#1jk^4Kl!-J-m5Op#7?ucpOKN*=#)>3bOMdF%{kvH_6T=T7mIYn78DY^X4wGfmP z0`hnP_-G|s2<*YzCFT4@jp!R^)*lktL5Rno zc$We|PN zs7~cy%Gv`BGx=CpYA>5$_%CoLGZ@L{r3JS{Yf>4J=htd8U)CDipFQly;avT6hC<*=VxY zbVGW*OPd~=a*AsW1)y5j%>_rUurLyC{2t`52Hh*TnDck*)fO8g-C^xzn)`r0I8^t% z>I3Sw-1Lp=a?wiJRnp1caP{_h_vPec{RJClQ`{66(N3QFnct>9CmJ2P& za5)n3@HPN)kjyms_ggVx;QbH1dECZNO|Oj>WQ8zohN1AD~Qa6s)Q$iBoLBtH84!06{k zU2Vw)XsysKo&OuTVtD~dJXldqcKY#V1tJn>iqP=*=d`h4ALUSDh=-8@J6B8gpDD*>F z1*DgAesqm^;ML?+q5-rR-}Hz(K3}_1k)M$hC3H%91AxDsAIsMGL{6zbShRmx+g!^V zqZsnMF|{g*v+KT0P(!VUx|Dx~IR}%C&U?l5qxnJd8g@P>)-$6qsr6?|xBIKZ2ltvn z9(*!u($6Yng#!y;X0L$EfAr4%WPxwpj6E-Z~6-X5PJY3gd|=7$BCuN zsBMaD%TGW8m88dotX;`y=jgOS9jmpXpVc|r__CygF@PxR7Of|Cd@2o!2}8_Yq(r5n z1h{aVD$%kg5**-e)&*%J?DY(P3)-N4k3zZ2N*hxu3uOScyC6gI0#gjs%>*`8?)qS{3e2=XH~M7;bj*Iy}m7%|CQC`QJ@w~9lEa`3|9XWADU2rL7P=2;;}B5 z73iQZJybZC|Eg-Qnx>XA0>vn&DeSn>@hpP8s7d~L)WsphYS%xivp-P-%i z@@XhwRu6O%L=2nZp^_C+@9~As=YJ;m@y3_=qhLcivN2!&=|<`36x#hD)jcYw)O~?x z#@v&xq4Da~r?=UqD?}r6nec=qdbzZ-L8Q^`M;)!+JTrmu53p3y2 zo7Pxb`j^;=)e4)IviI0@&drm!@IV*~VZsi^kWd!@yk6p`3?QWY`%yNfDadJZYyu6l za-10Rhy;JR44J&!4KCVKZ)hb~uof3TfbLpo`ddU*RHEF^{G}u1K=jCo_=~VhnyEehSW(k z?^R0WbteR+WyN=M#{S7b)cWiyB)}-sM5<{x@K#4AGzq;yJv@o6*@D@-;9Zl+D5u(@ zX4M)F?@-TUE|DRx-?7@;-#w~@Xx5q5hZNIuN;nJ^v%SdAU--kopm}q$Z6QRLS&F?d z^dyed_X{$Y-w(@$qDmj!n_X-C@nWs%YWjuj6ryrJJ0{wp|O2REB;}?-!7D z+Z*(m%r6H4)`m0RDLIhNOOhw|!qz>u8R``(PYRO(E-QG<0Q01&VM)QBldu^c_0Qe4 z4xQ`HSB=jW!JJ!n7*JFUU~b1mg+#PmVDAYv@Y}ugtVXy$GkDaoMdncyeM-VF%t&`YJAb6cc&7}P zjKRT&Q8<`@`@OM6^2fARRy;~s-P}?y%_jQP%2bo@Ee@M`VKb8Wt3N92 zCj1dUFr#>$oN1XfCqrNFN};UOw?p*ustT|q6Pb}-WG&RMXo~BwCFeuJZLqHPtDki$LJY$>Fu%z$*ktd&FC|{!x-hRFv`qhNg#;&+Yp)GgS{0FjPa>gzb zUrfIQk}cxb2CGnkkBM!WW@ZQCq-Jctc-xql46f)o&1jY}j9$*ozjbSUqSdt>jGyYD zRH<&zCMt`YPW26*sqFpnVUt2DOkEV$baH>hsT3QQ&tD*&SvrLQBiu+b`BydO`!D6Z zQ*8qsCwR?u#I6G$o=H}^(a@=nHfnRoAIiZV*?ssck0=hoPmSkr74Is z6EQLwT9hTSSm-2?g>aJ4hN-xQc_;CygEo5?Tu zi}9HkjgXD$sEZ5rC#}FnNNEXSwWZ`}J)wMjJ_&&~a6}C(9rcu+ikx-#^C5Z2N zR8n>o3MT64;`cJ{aV~;Z3)fx$xDq}(*y5a?VrucBF~q$PJ_j4PwjSOpi#48G;+@`=N5GU4yC)7+7ZKoD{E)$zCUhA$e6`7l?bH+9YoBhrR# zCPN8!Jo``I&dNa9=;Zxz*Y-fx=d(G>6HS`sz&hEFB%?=zx?>+)xY;yto}=S#j_ucP< zZjQM3sO$(>#VoU5+P{13<>Uo#DEbCkHmOL`JQ#(p+)Z*+FxQvaENK(xeHBOlyomI9AxsR{K$F7X5*f>U60py(fHI52vd7G* z%>mhhV~8h(>+0M`woe{@K|#o(9M&d@4Q%&-;QNOb9|JP{r+Qo1dfHEZbt#u?!y)NK zI!R~NuEiesVr+Gq(s9g3W4=vD+CJ@0RXxo2*SLtD*y@Av@LxbuFku>FK`;y_z!+4! z`?%O&ic{D>|JsFVS8pJHJE!H_@-$cQXB!-C_{R6R;M*IM(T%0QP7G_zBi0?Z)CbQ0 zCH2vcel5cIE4;V9c^%S;olym#p!#>CQuHO|3ipqhSYaY_FvYiFRKIX% z9M!v$asSV=5>WB4nu$NyxW@@H^&6-vOT(ggOY4|YaLCfT)*a%> zhUHr@Htclcj2IqSl?maqb+5pwrew#E)7zz6IkqequRj(d@U9dW{}7UKRc~ay_IO-{ zb6@+U48$ypnV4Q)C zA2JDNc#INuRHlUNu3r2SVIfdSuwxfM55lk#^vT%s(CPJM8q_5tSms)zW11G%?iv zjk!N==3&XK)ba$f3!TBC7fw}GJR#m5q2iRs779hEWsV^g0X^tt^(xrwJWqjf6S}(P zB!aBz_QZ7apUx*@G5cb)+jo^A5=`yfy z2tYQ~A{?B~<+sT%j3p5}*r7%*lmt~L;hJ@(G^({5Bsx#zZD!sr4Cgt*DbPuFwp)kI zN`cTrwRIxn8ETVfN&S!_oGnXd>2-k_lF+zBp%d_k_1+#wXxwCVAcFmOY-Y945?C?g z$6C-S4W0*E$jQ7JN8k>1pWa|g$KlUqo%OgEk8+%Zre@`mffpVfNn<=a zW~9{3@Wy&XML(yrrX6cgXhhO+t4ZOLLuTe zJN?Wf7X&n{=dJ$ZAP#~6g}*K)D-^hXWw=|J_QRGW(-{}A)-6tK4mXd1XIDpsdr-T%15pqgu`1hVe9CX#@h zT@h7OL!sDH$tPk)E29cQnW6whLW5axwMDn%MO2f=I?=|!Wcd(7e=wHDx7xHWwvp4a zMRy@9*)5DVm28ssFN{jL2681_S!Fh$hj>r|cV%v>X2xm7Q)b8R9&Xg(L%V=J+83Tc`r*49wztUuu5d9G!zUrD zSFR29DZQF!2$%n8+%l+1?s?aZa>2a!+^ftq$t%{zP3wl@9@9`&%8N0nDd-5$Bltwr z7J~4-L6Oy5CD#<3gt$z0ntb7#_Vu`-u)_jg_FhV;>vFs(wiMUPh@IMNuQtf;K<=L~ zgy=7%_9jWm%b=l5z%X;W_5%IvQc+x%X_MVtFc)f~kt(>;Z-K(o*5oA5x|TRO{=Iq| z++xZsIw$T4c3yM;o})KZk#FJ&=h^`>e||9GD(o)0I>4N=jP>1?g1Xvr+$fN_l~|e$ z3!alswm9A6UKLe*jecU-|_gcp7TP1@-aUc7@OUJnos{3V%g46NP} z^9{8`XY@)~I_6a&hEfe0lic{e0uONqJl)lw7p$LRgAi3qDbzFYt}gE@ej3&6{)9-i_UkHq^*9_?9Zoa3?4KFOUQm;MzKjz4xa#wj7pH$+E!B9LS-v{@XmFpv z@Iv-TlUTMA4NZwVXne6sYj|3IQPpW8`vQR!ZxktT0>c4)IGKWxaU z<%dgY$iUHDc+7@lf-d6>GI^xCruW^>&5vi*dxe}vS?=^Px8(t!-=7@ER0a$+eP8|i zbm}i|Oq%)&!Trhu&qWEJKCv~M`V8R5>#v2rASzhIu^`GC= zUV$GMHGUbl4}Hl`Iy{jIj#5t4V3U5xu2|LLY$UEIM@`9-4^yjpk9bt$Nb~*b?}lO1 zXS}ACLcG{QRbXnxKcMSP8%_7l)l6#SKui`@cOMY@iOYJDr zn&2THpL>ZYT5%gIGbT>QT40_(Rp{7^=1+P0Ls0&oYDp0d1RCcgvsw9QhgJ;825Zvh z+3ja1raFpzFzK5#zFEWa?WtFo1?@jN%Nv72(dm1t@vq|y zv1(68+xE%#Z=tU1;Fs~CFH>!Ko2W&tdSVSQn)+d!R9+=`V0$eh?Yy0p7ixGyKp(u@S?qb}5T6Nh?smj$c`HKHig+%YU!BVAFaIUaC#^-WIbg zenC5N!+ctH4PsKU3HHG&VPb4-Oy3L1KOFQ$G|wi69ZL*eOC;gZ%LBwktFZe1Wt_|YIshT$6uT^7NKU#|gCY6e}hqfa{z`DO3OzdPa&bLS)l zVO9>xwN581vfgCh)86Z_QmWu%|8NWZu8jzk%*dpcq$z>^Gewu$7%zrN6nK=Aibc#9-qQ~g>!2va&E{;OF`hf?N3lMD|!7H6C+G`q)*^qa|*M5#RM z@^jl5PmZw z{Xhr;z)pt-04MJf<^Hv&Uod@VdbNNsoAQe z6c|I=^yO>1o<7k&-Tn4&eEj0gX?K-r!pqI<392d>$L$%LXIwUXV&Yf48K|j|!L{-( z0Q=13EHj_n4aryTC|Gp}J4F<91$Xdnvu9;-Tl{8IG5mGPF!l%E8>Z;ANk8v}abavvN9Ozub#Vca2q9bMSbgNJZTdN&P!&PiaGbL=<(XJ%+t%VQqKyz z*93JB@G@3*u@QWbP!e)t7Xdm|3ktJza1R0MMS*HOzJ^k;JHF`)=1b};%E45obmYeA zlvwN1GcjfIdSOvMow?_Mq9K`dyHw*M!d^`B$HRcC0#U%`Kp~rZ6Y3u-?NtDM9wucZ z2Zxt9^H@wlA~Nsg2y*1zo8*g2D9(*TMuzl+6jKu)+uu^D4+ zN9?;{IH5g2nn=4^m1LXu~MX||u@ zPlEH2lN;pN#cKzgf=%vLri*3u*T5mp7T{6@po1AzPP8kxR+zLTSg36+ort-gGuF-I z`gKN!;lDGzwb_ohlZeS~(ykCJ7sKl1)>d;gJ<}LTj!RCk*{eUD0GFLde8@AP<68|{ zHl7oMs@y{2mCW>SQX0>@MS8!e+6Eue%md9igaqKjSAt=0ZfoiC{wbb%xCy|sspFx? z|9ooirWI`wb?Pe_8_v^`i=Lp)Hm9!F7%GE2$eP|Q7iz-qH?4yu_fRi0E0R5QoY zNWD%j5a08{J>NrKgP|k`PlvJfd`(7d_vHUo9v45-(=jvl*<~63zej*rX%LnWuPUr% zT_@krP=VPNNpTxhCP3&~Z;$m}UszMwaSGqkdCg+zfW^-BhJd91RoWW$?JK&vMdgI9 zg~YWU$B5O5kp2P3*s}y{tuB7{i?FEBe@x~U)PL?4g@}2c0pEv3Hx~&iyjRAb)LD7< zIXAfuNYw$y;1Mp&*gk(tv>W@I*oH3 zsfhX*vDj$Z`XTbqy1K;%4?Sz-+dUjZ`&<%-#ax_~a`2p%6)dBqQwD_EC*)skmYJWc zSf8dKA1Pr^N$QC2_`^wQ#kJ1|beTt+XusUUl~95ee%{ zcXoHIK6P>wRULds&F{Rhq=((o|269JP%&|3@R61>$puHV2o(}=r7Qm_E+wmDJ(M(0 zZ^R<$;q*hY&NlIUjbGaMCFP=&VP#?Ln;tIgKi%8ON8fxNydk-_l$?$=&I8jISQj}HF01dso|s|d;(A!~1PHks4OJ?of@VXyEzAhKld z&o}_QC1{By+tz!I{`1X5HAzC-$AeTfPBm-=&Vknf)!)2bEWPWLBr{koJ(|ilqVl_} zOx77d5&aEiDr0ewvVe5Z9SmnLaLRl6HL>CO={dK=o_7xyB9!2Jt@~-t&jmSx!-z<= z6AnKh@vWhxfpvF)-yiPKzrVwr-snwVv~;tqFPUY}wZpDlLzi1bcCx7=j|<%IZ@C!O zV(yD&u=C_W(2!IiUvVos$m7+G=yVLDIn9b6 z(jLcmfjnDIzF*%v=;*n%s6NX`p|deEeo3%!VYy>OFa!jetXxFtWWgwzYINZzA|Y~Y zg^;5lC)*$o><9oIZmv@CpB67)eZsp zwo& z^)UxO*+kNHRn0e`+xr)MQd`ZEFYc50q8=`+et*nm_U$oxs?uF&Eh88}`u+QA7_!?}L5dMW1(5DN&yG8> z)ZiS+JjCc!~v`B=L?l0x#w$=xlqt)JU&TP!aIw{sj# z)TSE)5+`Z%I9T(-2+Cc33x6Kk5aT%E^7lc6;dvsG$G}CUtPXGLdwYgDAUfZ)1XApC zC}0DL=#E)>&-D4DMDs?=RyMNxOMNw=m2{$ybnjh$b66 z1!d>Q&$2atsYI-)ysUTYmf>)D(|mTuRdcssp`EAZeLRXHBx#sbm*Qs?ZKr9uXjb_P zIVAc!G&(RZtJwnu=BU92Y1hO1Za6>x?Ohq~)n2GB>`WYC`6lBfMn zXD!zhYHs+uQ}7fTT-a~;SyzfXAypSgq8goFbmtQ(pZQelmn=M$X-_-F+(oU#3pXtm zwH}vvUn90vyvNT0J8qNHvC*L{A5tm4x= zq0+sFlsXm=5ZoACg62+GiZx=a^^}8eDN4F^S#cR>za$86EXtvM9W7&N(*lI2$FCJ=%K{I@0&%v`$q|v#tEv}( z@oy`bCM(_7C3JbZp~v%u1RWi79}(!e;=aQUff$mIIfoXldfhypP=SLGZLE(N`gdbhPiG@hskzhnfTi zUn0xZe=J2o79Dh3y zxUBiP@U((i_m?p^)pTAq+{4XX^Iu26z2AwSw$K10Q_2QJrt!1jc#69)`G-S{^Lz?! zYX~H{8*Zx6-w4n_5R`e$!p|1{VV7e1OJ(P~_Izr8+^j36r^x4Ll{ox-ihecn6?RvV zvg%H_LX6t)8Nmc#GLvem<8t!M0f-x+>WV3>JLlHdpu%T3_R;Q1Gm47oOTKomiCE6*h3}zU-zU*y926?(lFF7^0*bYe!+QU(qUgY#e`%;19{p>hBrIl+fHE3U@A6j;y!-q`>Co<8brU{XNB5?#m*4^Kz*$t8`^>d(nN`&$F%R^4?gq=pdgk zmIWC~$Qy7^1!(q{#b|?4aZ~m_(rQ=x)auK}=bPE?UBNhjli9m`@K!tUXfSs0(mP{+ zhl?z@ZnFfq1Ct&+~+eX&&epG^mGu#+^7n=r+=mC-}Tl_=kkMlLmgZ@XkThRa6kMB zcTj#FNHcga1}<2i`ZK!1__r;ta{NuKhcBDjYZsgd_fX<3B&t8pS;=%8J~B-_Ts)%9 zl5FNsdq_@F^b|^!a0)rK!4Y-#e>yxPqL(ywpE3jBih+*!#U5OLpi=IGmUS9^?66v*Zhv*`>B-xXq({s9ew3*@gf!@JX`dsG zjkb*0!NBlG{#Vymg~ibY+Y;L)4i)|SJhgpw&jB?%%{q93ph+zq__GmN@9u_h=NH2?itbQ3Uqf? zgs#%PUaD{W3za-NNX4QxExHHnhfdtyI3VD!9SjxD}QQ7EjTccd_n=` z{zLI*T7ajc=I7CJIewGVul)JE3dpMcjmPyzLnYt)L<-w-%>C!IHHbBjNitzf?Kt$^ zKP9qR$fE))1wGjIy`mA~dqmKG6FS^WfznNa4nWHx2Bs0toUM14x)oaLE^O$&us|Vb zplh>ha(qRH;V2Abuz*A&d$=qgphYk?uejW*k7-FCg2}3PM`!!WM>O{j9#Wi3N}a?t zS(qOB$BKLPDVmhRV|P0m|6|!LFn9dOHC;IatZ+x$p9hJNtXi^Q~+g@ zd^=O679vJU&CwIXW2P)X^xm-LRpy_<4!PMbggceQo&4M7C z>nre{%g<8Y)@NfOezM(s}gvNDI3w?2b1IrkMa3>mLnB8(v%G7#J0?Tq}U!YQMJO z*k)o5=s3&v^fcZ&XOCSA_vZecqG4dJw3cv%o>yjJ2o8Drb<|od<95thnPU9)@zMHy zic0yeb5a8Zz{nuh*KNfwdY->_dpYXxe1z-ux>SOO7J@Umn-2a|Ofo=(Y&CGQFYiHO zYh`kP-~dd*wAQhL#}T~%0n}%4*4K~g2%z2hIDIK_;x-0e*7b3>^^fTp4Ci$&o9;wg z*9*-0EyABS0W}LGeNP6dIN8_td6iXFQ8p@9$;Q@F4URuecS?Ib8VMO38meWMF(cou zxmWF)!_Q3C3}!1kFJ%5Ze`)xZb>7gRGB=7Z1-xB{hAp*^e)mGf?*GeI&ey5+d`e+l z^?t-!d2^5|xF&V8P(c|W$?d5+;an5Y6mPYu5}2#8soI$Bv?nW>w{0l4a)hPsez6BY zVw!i|vUiFGl4)mt`(G1F7KC{>kz9>SY6Ua?dXHi&`(iBBXr4DUzDyzia*43x^z3T* z(L$4@On_$sxcd9zU?4|QLP+`+k z%n*S#_~c^dQT>99A2{nx&#>}d?#vXmZlna>UVw1cwdB>xlb~HajQm}KkeySm8=2Y?Pq+;?m{5}F5YM4X=8Mh@b$5S>w%C!(i^Ikx! z4kLj8@GA?T!#?#oj)gFpe>JZE058>F2e}y&T6FzQUIKJ3!z>Tbn$|ylN0dQcXZLZh zb_0ZkrC9;6o*~eS+Ue1L;RH%({G73{V|2YM0FgMg7CLj@tW9?N6%SpHMVIja;QT7z@I^mqyQ;Hc7eQdRS_@I7fx#n|Pq0*s^tga~`>@U&$Q+z{hqboX?xtIyJif4;1O%@FnUFs^G?Ga4EH%9(La9d$o#~ zcK7@KXP8I?1%i)xg@S>vA52q)SDUKq{Zo(CijN;x#|14PRGWk%mwqiB;;<1g=XLt` zOvl+Xaw;~Gkg}5~9=pS!*RgL(aPDCedY4bT+6xslbNStfc z$X2bJ8$?&FxjdkXWbXj9w6fTpw%SEMVfaipTqj^>v49AZd94}{w}E}Vc=RoINdUN2 zX;Hw7_60&3AG+0ZWt!stX@>(PSl&7~0Iz61ERA>vaH)ZwFANY6wazyKs)6_^zz?)) z0dE2aZ1y@_fC+4*4SW&={wMN%)2$xT%?bCms1Omd$s8%}m9_1Y7|y=q_ow8;WN(7J z3h055HhKq(>c@qBM3P@w!x|8x^KLO9!YL-gAmzg8yc7v#817Jt?^Ww*g01| zv^9vD9!i>NaEI;B!6ERuk&Dz;{X4}pY{d^K4OqCm;V*=Wc2JX2x}i^QmZ!ywvDkw@ z^2(dj<`w^UTDc&8?iGe6d;3TLYsz=Nk?)=)vKFZ%i-X{l^O1;raTZ|4JH=#4_=pt$ zWQIwLK>kH4RBH7Fu^8gqbrYArth^3TEN>Q%N*kS-LDSbuoL)*P9I>#Yva$GCqETZ2 zK3d!|_G9ldy;gW&wRT__Y12r(Eu8ZTDLU2gVUh)szZKtV8stw6h^D?feo?>Dxm{ZF zywL?4IV{Ew1+UNnga=6+0A7J0|5y`t2TWC^PNI|;yNpQ zldXDoIT|8; zHn$w-k`=sQGCydXJwPK0Eda&1PK+&^UOp|^n&k-R&3TEYOBeC)WpP^9ocUCy9q=bG9BrfSIbF*VmSyX@B$N9P1>0bt{oynwYF<5fHvUHZ)f#p;46%8Drf4Bql`xFD zem?%6t7ab39+We1z~uRIjbMcNjolzkiBQ4rtdKocsw;oold)l1ch-p2UrJItnn?qs)a1Y zfU|~`22@+V2iQYr$Q;uO->4Z55HWtj*LhX{J7TbGS~ttATi-SpneZc0=_QiW8E*HuVWE~3_IXtwoj;HK3~L%} z1vX&5Nq1N%_B<(NH3uT~CZpb{VyYfyB&5ca;LV~MF#vn}<@-`VPh>XCrj)9lX|i$yF9sz-cl)yjNI{*VJj zh>)){sn#YXG=SQ{sTX6KE>mxibRQ%ASkDaDxO1KYtOI=1`U&i@V<-`LtQ9hT_c`be znHq2!qW+7;X^MF!+uV(l6Vxh`=j4tTwH)a`?0|4BWfyt;OtXI(ICzx=!}<6-;X2yt z3!s#mLwihOMTRDBj=!ran$RmH;e!HLyk-p)BTAkBwU(9d)<0-Ap9$MeHFeLkRGXxQ zZGj0GM%wceCu&(%d?Pjp8?#vjV?I5$M?$txJURFdXU&b9F&$KDe>iUcG9IwH-JrR? z-jLQlDcG;aWA|Uo_DvRnC7WOM$`0=eLFO>U5cV_gy=!^EzO3m36ZzRlCeZ`>KS$nh zPQosZdxiD(_!f%$_SKn>4++MX?*e?B8WeMjQMKfS2@iO8B10&wwED_(rJCC;R*Zrh z>%7sEGB=S8w~ha}LNMfw{i65AZ$FHbRtn{{_%-rhPi_dvoj*I0w<)x8j=pkzd@kJl z_eBzj<}P%Vw_E8?0WO{&;W+>hkLWM|JAL>MTE5NNKTn(KQE`P!B7Iu_{Vy^Y%4J?< zHj@U`<^rAZ>%F0j723Xpx;Mk`NV*!3B6mrTSbbRu77&glDR&P1|lPt&YBHjE@w)Sl6 zdvS@+Fd?9>6-rE2z3F4EXaeYVzG~d$^DL9i_ zwUvsqKi|^5+RrNy8lH|qCStaD%&D{`_!82OE1UuMDfi-xyYRAH0}hbPrXlN!oxYOQ z=NVvpjl1hV^{zMBhfw}5&o{624yg6&&j_jo<{gd%sbp{A!2Epk#to;V7Va4HExdm# zgKBrn+-bwRl>T1AeSMnHuiT4xd#%{2P56#Uc<$360KPhFu3%0uGcOrk@I3En0l&}z zEP~elD@Epq4&Nt8DNC>X)9`vIX_; z>!jWZGqO5ALSlp${g-s4=+46xMqNCBfRk$PPRN)O-evzM<@aZo#4nsU=`jW5g&oWE zBOp6!2MC)#5R(^=;rmpe za2N62>TJE8si&16L@*XW{%be?j$o?C*-xHodj`L|)#203hh-dI523fa*kud&WgJKe z*6;*619#h{VRKMB?W+aDN41o{wxS7W@sN{*AW$5{LC1VS6tC`j>OHuAx#Ag>P`b;k z8bQiJC2YbO0Td5;p0L8eL7o2C>=dg@>s8I1K5bW1l)Qf7@e}k*ad|vvgX60WY^Gl> z>4<*i7ZIE zS_R$IqtH~Vvi8qtZ@~b=fOKN5jxo*W*T)h>M%u^aeD{R@897XsZZ``+a6gUozcotl zm=_>9N?x9^9()ut<~NT0RWCEtwoOTu8Z}%18rYE_RJ~`tqjQQgEZc5f@k*K|aY4hF z`Yk(5;g!%g!v9&d#F|*$N|CR58Re^tsE_WvC2}Hc1&yge$uSW7I=>Nc&}@9kXh7$R zjBFP5AJi!(i z%6e#imEaVtW{Jr}Wf9gx6cO&hw0)m$%7IuMUO~GcZ#wLV$=CST&{P9U``P0NRI zE0io1#U;%j^~-yP3Ybmz0U=#h<68<6%4fg%E7ovu!UA4w2-=^+)NwAfD@Lq!V@qF( zx;Xmp54>_=+QRi0mKE=4%f!z7`NAT)t!gYpI!$$d=Y#-sYi^C0Wj_Tw%FcUc#0)p!?V}OJs!Pl!`N#;SJaBd6 z(h6EDpSL|vOib7;z%!HSaBThpnQMw>K!TzugQw)rhBKnYl0PYVrjtbNq+5p$yKQx3 z1?&WT8N}v&?1M%-x225G!bLjYcQu%nH%76@zLZGnn^NsWkbNi!zEr5%t*4zdd{{(9 z8#l-*N)4MXWbD-?`E~xDNkn?z#Jr?4nQUeue$7gnH$ZnXB28A12TgMneTe2}`4jNV zR^yf&uY7BB*xd$(a8G<^uMEi~N07?S@AbqA?3tW zygiU&XbF0vA4ZDAEvTX?UCXcf!gyH1PqF;+c2sr;*%ir>36j#r|Jop=sCKj2kWRsN z>fW7ip(T4dat5Y~6{wV_5`fnwhr)g_JE(n>ITy+A4y!7iwr2fr<-@=)7Bz(}E5m(> z6LF=BqkHLL_cjSC=stv8oKhx5-YTIw0DBnpp==<2Wj=jUO}}jE@`uzx3#XDGyS3y+ zGUIV}6;L9@5(EljBXyNLd+|8zgu9c7bufLaw2O zO_sR&Rc$vw^h~E1WVTvY^FYLiLa!+(wr*;K@MDfRReqn|!jP#Khi^4*j7lQy^1{)P z^qp7K3K)z()vy(!Ed*qz9o$tzy~fOq^dZYrB{b10ucr|$T=PL<463`X#H1}fH1Daqni-R#9B{vC ze%ec|kC}Qf`tWX!nDfdEyx>0i#Wy;5>LEE9(@WfEz*mmv>-e;uc}GItL#QV8N*TE| znUjl>^G-3|u6}t1^nB&1JV~IZTzOAKEG{I`!3VfLI5^J4ZQ9tL*5MHP^)7j)cS1KasVKS4ExZRd< zm@zY2*g_I@KMwvxG}i~P?MH9|7Ndv$F@=9w*Vbx6 zp0rPFo3zNSo(K;+3tm6(zi63FT)D(k$LnXdmqm|ZDY^nYO0FP^#_>f{E9N8_)ZkJg zdvU95+4IV)iOIpT{ztEkPAGRvnE#y-(uTJL<_E;X8ii!s&? z!shIqhtl=D=RWsV1|CIqK?_ptn7w$3b+P}3x|@6H$}g=zP8ONo0WXs%S?Rj{cVNP$$N_&Z!b`Un?XQn4sI*Vi0pvKtZ6C1 zZ8#b6$qEaUG`k2itF*Y#X$^fJ#-eA(_PSATL*k>u^)d`Bf?MgyK9dTtlT?7JhEKSP zynwRylrJ4RI=lk8C0B@UG2CMtn@Kn^-L=T$;GuKRbJ&f=~r3*;;ucTC?qmY?rzE4Iwvm$DN;ly? zkY`cA2k;U{Kzi7orcMe^))#j4u}Mn(Bkz5ajl0-FpwbKg>rkV>qcLNtG!UxX~;THg1x&dEa<( zgF7&I9zb(`g3Vx*_o8fdzLYV3I$E0q6=)Nj>>BoQ#nkp~!Rq0ehbD!;p>QK*narV5 zRs|_I3ZHnyj4hqqJbtFW%!j2)$*)!jPfp};ZGi-i%u=MTZ21hAS>g^wVpX^ib6(hb z?T0@dzBtd^@Ql7M^Tw009d|Bv;2v3McEtAK*{sHO32uI1I2AIEqU-s}cD=}V`g017 zr&l?=s>78#-T4H~X_E@95-NIjZL+RQP*e;fnz!=@1?ebts?q-*w`D3m*?|79j>$$Q z3nH6BksCT|f{d)j>@Q;?Fum-qm)}AM>_94tZgV^#D|ib9*L?PB?rb#%5{0N*Wni>n z&{HDz%4ZQVR_7%DshUj)W9TaqjK;pH+Nirod3BcM=t%i`gzn9h^T%}Mvd|#0Z&yzu zDX_~ZM}v-G`x;(x$alBPMtxN`p{I)} zvLl-&*}_P6o1vGka8zv6eZ4JPiFn1eo}}~5?c>EKBCk~&wTKxC;*3ld`wEtCyDHxU zA0|CL8;C{EQ1`JUVCM*aznIYu<(E$SSsNy$Gpaef20TA`{Mih5utY#3OZ~%#gv@ci z&M&+HQ$`Ww@$bg|_#lp9vUi);=cjhFQ2PSr28nmk(G7zYcYliUi!}?1h@5Y;;e=6I z68dZ4iPT+^kOafxzcK()F}&lmn27zJi@j0h68D`@t1jml1DU8hDr4hsP?7GmTizmi z;S0oxs%_LPxk6>mr8Q(p5n*UO66>_M7i_#&fl{&pxRk7px zsN51=YNR18!X&haokX+6Ov{Kl?RACC#3r)WJ8?;wRUbuTaE?xmgHm8|K-ey*xESLF zhnw;}s{7Hg@hOWg>S&jz4*giH(b|w$naB6;9#d>iG7SmRFL05;`-`%Sa``H%7szQn z5it8fC$`^ z4;CYo{fh0QTkVbdj^oOwJjuK7q_bqWnUUje)jos9erflSL*EHd_nq({-O4e4FeU zH_R|smkn#|+vM4g$7O6C+2q~U&~U0ziD%c0Ry4JkMV0d%jcYXrZ%7ZHD6D9CTE9%Q zJ>7rS9af7~zILEMFwkSP6n6NB9271&TGyf8L7bT+pJ|p@-UIfkDx;PGN7fVJmXeK2 z__;ITRD`1OIBkG!9ps%(bUt*{5vMnYh_l3kHMsKdmr2R_ugj_0W#B%kwxYX!Hmmk5O!hA$aymZrL68sxH;7VA0-S;c^hMr9+6S{CK zj~^fLY}zllyR_)9p|?x>g{@_-W*wO+Fo%)lhMmT3Uv%4z&#V_?r#6)~ToNJlAlTA) z34+N)kqssaJ#{78am>_~6Cp4|E~Ce5%4)3oZS3k7Llbdh)e>L0>rVEFCEb*$*qLsn zKceNA0~3Q)#Dja0jV*F>99oSXb{lb329};!d4|XUMM+y}}|D*l(K@wOR|O)Igt3&|5_cJ2M$5IualK6xEf5Pk-DRKdZAt zegP^s^B86*fp?991#4#@K@|xbsgp|R?3~sD63h__ia{(OFt#jaMtew^8d`&-!ToiUGgf?zw7pUSglUV*Zdc~6b zXGb|2V%7@w(h2#VoGsEx9j)+DYAV{uSRSw9oSe(5OV?rJxfeSM-#eV0d6U=gIXTMw z4O=k(F(ycf{K%yf9Sm9KFiGleQxwQ-;p^>^3A}kE_oT~0Fx~$Z?P96*H3~a_-*{3a z1;Z)2)}*V;@opjmUfj^hTdtx?IRjP>@wpSLTEV(4;1y2B9VnulI989ybySc&tXfe_WcByt7s4Fk!s_}u6p!3ubp5|C&Fn}jpa0eZ* zS@K)uAJ@dJ_OUjHcpgbCmiLN*1}vP%Um>2G3vWCVUI4lbD#P@`hrBUj z;vFL1ff?cd;AI_o{~+x@p0HO@oL(c1*T1I|fn;vrL^Z`1%E;`I2KwJ}I}VLjp0%Z@uKzPyJ*h!bzY=sE&yN!i|&a=Q$` z>!`{|4BDC`q|`!C+NHQjCYL8xk;FfD(jK|+cB)iujBqR zSHfe$MjB%i^QZ+>v9%3}OEHbb*@?g83Fg1&ErSHdzfYy8U0mY~G>O3;y8J27VuX-0 zMNN?jr#XKfM1TZ@SVd=JoA&iLw-iN3)@;^)xV`!DFxHdd1ZDT1Ij?<-uTWs?ARhz| zhfU_|cZicBXjlDUzE-xo_>!9!Nq(?Dz5?=!j^A^jVRLI7*|Q$ETTk_>2Erm?lwI@(q)!SEv8BkhaTCNV0R> zcn6pMbmHr7$r?llqw;tT^7}P?&ux;I@&6Q^}Rl$lCUsbJ|fmj zGs@tH)>Lfy(D3uuJ+9W~=kmRn9LYqlPjRasdu_T%*p^MN`LW(~{T~@TqaN3#uI__N z=#rP>6a9Kg`hLFCMt5*pZVpwq8F>EgU=u2 zx8Z}k{rF9Eq<74zIMdI>@}=cYm5yo`Um+dDhE}7t^?v-qXY?#2D6Ot2`$mji-qi#3 z_R$`)9ZOi#GIlR+V;QwoT^S=1a$nI*D0B|xC>t@z62`5kCU(%x4_JS*_>^}YERz84EX6E7EqMQyH5d1|woGcuSBNZkXqn~> zpvXt-HctD(9RH%FXnpkVds#qt`bq1NXr9OMZeoEw&DhnDX^VKrii9jQ5tUsPUqxk* zyz<_|DgzH?;kP7k>rTe5esNV(!N&>giAh`yH3;4i`0u(?1Ca-uILDd#NV+6Dk?Izr z?E|RleiX#0bs5OS-~BwOhX6i2mg9_oOF+f~7E}=vulI<_@@IMPGjt$uoUzA6#ha2N z-y#5%NZXJ(@jhXQ#aFSKY63ez=U9`LG#u6NEXZ)5pvNRJUE9rh@Z?s@%lXA_Ah#S5k~ynPDzx)vaBq>*GCyxSljGc zW1*r0X$Kclgct)2k%Qw8VSC%+lf8*4)viXG_Zf2UoM@AC5>dwotxHRCz;gIon>s)Zh z#RGpCb_~^ETfp2Jc5EXK^EnRKt=J3&TEU+Xm5s;lKZ}yL#|~*sFH`?vaFs9qYmB_z zcD+>{j;s{5os@Hu>5;FSo-(3~@Lc6arK%I&^^F{&=c~?$azjd`z{i68rf(YfT>%B^ zzt?H+U=M|Ph~GR6y_B1mtzus|p56Z)BvZj6UH!74RV(4v&XkG^nqBrf)DeG7(sH}_ zu++uFz05*Ml)2$kHf)qInSk&Si-iMP-CP_-OMp#AX1t60ANFzgTJpPF_Bg^C+S-#& z4+e*uR`SRkI;jID4pVZockJ0eo~Q64EzrrvF0Av2gx{zVM)6OC5)AN;Ym>S})Oq&L z<>Q6%(=gIISS)p;u>zemYy^J}ncB^-rmF?4SbY0YlA^`B&ROnJQs2CEQ50}XOo$qU z2{!(qV@<(2TzZ%+tItX_jB~J;Oe?9?PCn9R8l@PZ-0&oNRSWHLAc5JyUgu}GBvO{G z=6ms=9kJh=WUSp2y3UCX&NmJ0l7S6zG&vTk%*P_!9y4%4V6(?~A7cNF6YOqE z-ps0_q?n5mrY81OmeJ9F?2=4WeE}S+acN}|s1A^$WbqjuCv1uZJ=(Fp5Nug3Bvd9l z+1*1phtu39UGTXUgAub)%Wbgk^Ax(w`lq>$fL%-&Sq`yYBK;Rh?_{n~6QizZ_mauJ zq)cu80!10rrZkTsM|*Z5b(Lphc`%x;A@BxB?f?J?@pizqcKWeS{0Z^!#w~NiZ;N;}0jPY~mhS@i3UCu{buvy*kr!div@5{)-&qY-a=PUY0e;&ww zs?D>VKJU-6k9=h4c~5J$ZLxqwW(S-f>Zhuw-3~&HOgbKjJuS>eDlYv?&>5$`6_z1YJJz4MA5g#>FB#b@c&t0YY(}}` supports backup and restoration of NATS streams. This guide will show you how you can backup & restore a NATS server with nkey authentication using Stash. + +## Before You Begin + +- At first, you need to have a Kubernetes cluster, and the `kubectl` command-line tool must be configured to communicate with your cluster. +- Install Stash in your cluster following the steps [here](/docs/setup/install/stash/index.md). +- If you are not familiar with how Stash backup and restore NATS streams, please check the following guide [here](/docs/addons/nats/overview/index.md). + +You have to be familiar with following custom resources: + +- [AppBinding](/docs/concepts/crds/appbinding/index.md) +- [Function](/docs/concepts/crds/function/index.md) +- [Task](/docs/concepts/crds/task/index.md) +- [BackupConfiguration](/docs/concepts/crds/backupconfiguration/index.md) +- [BackupSession](/docs/concepts/crds/backupsession/index.md) +- [RestoreSession](/docs/concepts/crds/restoresession/index.md) + +To keep things isolated, we are going to use a separate namespace called `demo` throughout this tutorial. Create `demo` namespace if you haven't created already. + +```bash +$ kubectl create ns demo +namespace/demo created +``` + +> Note: YAML files used in this tutorial are stored [here](https://github.com/kubestash/docs/tree/{{< param "info.version" >}}/docs/addons/nats/authentications/nkey-auth/examples). + +## Prepare NATS + +In this section, we are going to deploy a NATS cluster with nkey authentication enabled. Then, we are going to create a stream and publish some messages into it. + +### Deploy NATS Cluster + +At first, let's deploy a NATS cluster. Here, we are going to use [NATS]( https://github.com/nats-io/k8s/tree/main/helm/charts/nats) chart from [nats.io](https://nats.io/). + +Let's deploy a NATS cluster named `sample-nats` using Helm as below, + +```bash +# Add nats chart registry +$ helm repo add nats https://nats-io.github.io/k8s/helm/charts/ +# Update helm registries +$ helm repo update +# Install nats/nats chart into demo namespace +$ helm install sample-nats nats/nats -n demo \ +--set nats.jetstream.enabled=true \ +--set nats.jetstream.fileStorage.enabled=true \ +--set cluster.enabled=true \ +--set cluster.replicas=3 \ +--set auth.enabled=true \ +--set auth.nkeys.users[0].nkey="UAWGGVEHXIEOWYVBN7RO7IIKIXHIOK6JWWUDJOWIUZ6L3XMIWM5IFGPD" + +``` + +This chart will create the necessary StatefulSet, Service, PVCs etc. for the NATS cluster. You can easily view all the resources created by chart using [ketall](https://github.com/corneliusweig/ketall) `kubectl` plugin as below, + +```bash +❯ kubectl get-all -n demo -l app.kubernetes.io/instance=sample-nats +NAME NAMESPACE AGE +configmap/sample-nats-config demo 11m +endpoints/sample-nats demo 11m +persistentvolumeclaim/sample-nats-js-pvc-sample-nats-0 demo 11m +persistentvolumeclaim/sample-nats-js-pvc-sample-nats-1 demo 10m +persistentvolumeclaim/sample-nats-js-pvc-sample-nats-2 demo 10m +pod/sample-nats-0 demo 11m +pod/sample-nats-1 demo 10m +pod/sample-nats-2 demo 10m +service/sample-nats demo 11m +controllerrevision.apps/sample-nats-775468b94f demo 11m +statefulset.apps/sample-nats demo 11m +endpointslice.discovery.k8s.io/sample-nats-7n7v6 demo 11m +``` + +Now, wait for the NATS server pods `sample-nats-0`, `sample-nats-1`, `sample-nats-2` to go into `Running` state, + +```bash +❯ kubectl get pod -n demo -l app.kubernetes.io/instance=sample-nats +NAME READY STATUS RESTARTS AGE +sample-nats-0 3/3 Running 0 9m58s +sample-nats-1 3/3 Running 0 9m35s +sample-nats-2 3/3 Running 0 9m12s +``` + +Once the pods are in `Running` state, verify that the NATS server is ready to accept the connections. + +```bash +❯ kubectl logs -n demo sample-nats-0 -c nats +[7] 2021/09/06 08:33:53.111508 [INF] Starting nats-server +[7] 2021/09/06 08:33:53.111560 [INF] Version: 2.6.1 +... +[7] 2021/09/06 08:33:53.116004 [INF] Server is ready +``` + +From the above log, we can see the NATS server is ready to accept connections. + +### Insert Sample Data +The above Helm chart also deploy a pod with nats-box image which can be used to interact with the NATS server. Let's verify the nats-box pod has been created. + +```bash +❯ kubectl get pod -n demo -l app=sample-nats-box +NAME READY STATUS RESTARTS AGE +sample-nats-box-785f8458d7-wtnfx 1/1 Running 0 7m20s +``` + +Let's exec into the nats-box pod, + +```bash +❯ kubectl exec -n demo -it sample-nats-box-785f8458d7-wtnfx -- sh -l +... +# Let's create the nkey file for our user +sample-nats-box-785f8458d7-wtnfx:~# echo U1VBRDJRWlBJQU9aRTdTQlZHUjJQS09YVkEyTDYzVUQ1UEVWNkVVUTZPTEdUS0ZJV0o0VTNaQ1NDQQpVQVdHR1ZFSFhJRU9XWVZCTjdSTzdJSUtJWEhJT0s2SldXVURKT1dJVVo2TDNYTUlXTTVJRkdQRA== | base64 -d > user.nk + +# Let's export the file path as environment variables to make further commands re-usable. +sample-nats-box-785f8458d7-wtnfx:~# export NATS_NKEY=/tmp/user.nk + +# Let's create a stream named "ORDERS" +sample-nats-box-785f8458d7-wtnfx:~# nats stream add ORDERS --subjects "ORDERS.*" --ack --max-msgs=-1 --max-bytes=-1 --max-age=1y --storage file --retention limits --max-msg-size=-1 --max-msgs-per-subject=-1 --discard old --dupe-window="0s" --replicas 1 +Stream ORDERS was created + +Information for Stream ORDERS created 2021-09-03T07:12:07Z + +Configuration: + + Subjects: ORDERS.* + Acknowledgements: true + Retention: File - Limits + Replicas: 1 + Discard Policy: Old + Duplicate Window: 2m0s + Maximum Messages: unlimited + Maximum Bytes: unlimited + Maximum Age: 1y0d0h0m0s + Maximum Message Size: unlimited + Maximum Consumers: unlimited + + +Cluster Information: + + Name: nats + Leader: nats-0 + +State: + + Messages: 0 + Bytes: 0 B + FirstSeq: 0 + LastSeq: 0 + Active Consumers: 0 + + +# Verify that the stream has been created successfully +sample-nats-box-785f8458d7-wtnfx:~# nats stream ls +Streams: + + ORDERS + +# Lets add some messages to the stream "ORDERS" +sample-nats-box-785f8458d7-wtnfx:~# nats pub ORDERS.scratch hello +08:55:39 Published 5 bytes to "ORDERS.scratch" + +# Add another message +sample-nats-box-785f8458d7-wtnfx:~# nats pub ORDERS.scratch world +08:56:11 Published 5 bytes to "ORDERS.scratch" + +# Verify that the messages have been published to the stream successfully +sample-nats-box-785f8458d7-wtnfx:~# nats stream info ORDERS +Information for Stream ORDERS created 2021-09-03T07:12:07Z + +Configuration: + + Subjects: ORDERS.* + Acknowledgements: true + Retention: File - Limits + Replicas: 1 + Discard Policy: Old + Duplicate Window: 2m0s + Maximum Messages: unlimited + Maximum Bytes: unlimited + Maximum Age: 1y0d0h0m0s + Maximum Message Size: unlimited + Maximum Consumers: unlimited + + +Cluster Information: + + Name: nats + Leader: nats-0 + +State: + + Messages: 2 + Bytes: 98 B + FirstSeq: 1 @ 2021-09-03T08:55:39 UTC + LastSeq: 2 @ 2021-09-03T08:56:11 UTC + Active Consumers: 0 + +sample-nats-box-785f8458d7-wtnfx:~# exit +``` + +We have successfully deployed a NATS cluster, created a stream and publish some messages into the stream. In the subsequent sections, we are going to backup this sample data using Stash. + +## Prepare for Backup + +In this section, we are going to prepare the necessary resources (i.e. connection information, backend information, etc.) before backup. + +### Ensure NATS Addon + +When you install Stash, it will automatically install all the official addons. Make sure that NATS addon has been installed properly using the following command. + +```bash +❯ kubectl get tasks.stash.appscode.com | grep nats +nats-backup-2.6.1 24m +nats-restore-2.6.1 24m +``` + +This addon should be able to take backup of the NATS streams with matching major versions as discussed in [Addon Version Compatibility](/docs/addons/nats/README.md#addon-version-compatibility). + +### Create Secret + + Lets create a secret with nkey credentials. Below is the YAML of `Secret` object we are going to create. + +```yaml +apiVersion: v1 +kind: Secret +metadata: + labels: + app.kubernetes.io/instance: sample-nats + name: sample-nats-auth + namespace: demo +data: + nkey: U1VBRDJRWlBJQU9aRTdTQlZHUjJQS09YVkEyTDYzVUQ1UEVWNkVVUTZPTEdUS0ZJV0o0VTNaQ1NDQQpVQVdHR1ZFSFhJRU9XWVZCTjdSTzdJSUtJWEhJT0s2SldXVURKT1dJVVo2TDNYTUlXTTVJRkdQRAo= +``` + +Let's create the `Secret` we have shown above, +```bash +$ kubectl apply -f https://github.com/kubestash/docs/tree/{{< param "info.version" >}}/docs/addons/nats/authentications/nkey-auth/examples/secret.yaml +secret/sample-nats-auth created +``` + + +### Create AppBinding + +Stash needs to know how to connect with the NATS server. An `AppBinding` exactly provides this information. It holds the Service and Secret information of the NATS server. You have to point to the respective `AppBinding` as a target of backup instead of the NATS server itself. + +Here, is the YAML of the `AppBinding` that we are going to create for the NATS server we have deployed earlier. + +```yaml +apiVersion: appcatalog.appscode.com/v1alpha1 +kind: AppBinding +metadata: + labels: + app.kubernetes.io/instance: sample-nats + name: sample-nats + namespace: demo +spec: + clientConfig: + service: + name: sample-nats + port: 4222 + scheme: nats + secret: + name: sample-nats-auth + type: nats.io/nats + version: 2.6.1 +``` + +Here, + +- `.spec.clientConfig.service` specifies the Service information to use to connects with the NATS server. +- `.spec.secret` specifies the name of the Secret that holds necessary credentials to access the server. +- `.spec.type` specifies the type of the target. This is particularly helpful in auto-backup where you want to use different path prefixes for different types of target. + +Let's create the `AppBinding` we have shown above, + +```bash +$ kubectl apply -f https://github.com/kubestash/docs/tree/{{< param "info.version" >}}/docs/addons/nats/authentications/nkey-auth/examples/appbinding.yaml +appbinding.appcatalog.appscode.com/sample-nats created +``` + +### Prepare Backend + +We are going to store our backed up data into a GCS bucket. So, we need to create a Secret with GCS credentials and a `Repository` object with the bucket information. If you want to use a different backend, please read the respective backend configuration doc from [here](/docs/guides/backends/overview/index.md). + +**Create Storage Secret:** + +At first, let's create a secret called `gcs-secret` with access credentials to our desired GCS bucket, + +```bash +$ echo -n 'changeit' > RESTIC_PASSWORD +$ echo -n '' > GOOGLE_PROJECT_ID +$ cat downloaded-sa-json.key > GOOGLE_SERVICE_ACCOUNT_JSON_KEY +$ kubectl create secret generic -n demo gcs-secret \ + --from-file=./RESTIC_PASSWORD \ + --from-file=./GOOGLE_PROJECT_ID \ + --from-file=./GOOGLE_SERVICE_ACCOUNT_JSON_KEY +secret/gcs-secret created +``` + +**Create Repository:** + +Now, create a `Repository` object with the information of your desired bucket. Below is the YAML of `Repository` object we are going to create, + +```yaml +apiVersion: stash.appscode.com/v1alpha1 +kind: Repository +metadata: + name: gcs-repo + namespace: demo +spec: + backend: + gcs: + bucket: stash-testing + prefix: /demo/nats/sample-nats + storageSecretName: gcs-secret +``` + +Let's create the `Repository` we have shown above, + +```bash +$ kubectl create -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/nats/authentications/nkey-auth/examples/repository.yaml +repository.stash.appscode.com/gcs-repo created +``` + +Now, we are ready to backup our streams into our desired backend. + +### Backup + +To schedule a backup, we have to create a `BackupConfiguration` object targeting the respective `AppBinding` of our NATS server. Then, Stash will create a CronJob to periodically backup the streams. + +#### Create BackupConfiguration + +Below is the YAML for `BackupConfiguration` object that we are going to use to backup the streams of the NATS server we have created earlier, + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: sample-nats-backup + namespace: demo +spec: + task: + name: nats-backup-2.6.1 + schedule: "*/5 * * * *" + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-nats + interimVolumeTemplate: + metadata: + name: sample-nats-backup-tmp-storage + spec: + accessModes: [ "ReadWriteOnce" ] + storageClassName: "standard" + resources: + requests: + storage: 1Gi + retentionPolicy: + name: keep-last-5 + keepLast: 5 + prune: true +``` + +Here, + +- `.spec.schedule` specifies that we want to backup the streams at 5 minutes intervals. +- `.spec.task.name` specifies the name of the Task object that specifies the necessary Functions and their execution order to backup NATS streams. +- `.spec.repository.name` specifies the Repository CR name we have created earlier with backend information. +- `.spec.target.ref` refers to the AppBinding object that holds the connection information of our targeted NATS server. +- `spec.interimVolumeTemplate` specifies a PVC template that will be used by Stash to hold the dumped data temporarily before uploading it into the cloud bucket. +- `.spec.retentionPolicy` specifies a policy indicating how we want to cleanup the old backups. + +Let's create the `BackupConfiguration` object we have shown above, + +```bash +$ kubectl create -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/nats/authentications/nkey-auth/examples/backupconfiguration.yaml +backupconfiguration.stash.appscode.com/sample-nats-backup created +``` + +#### Verify Backup Setup Successful + +If everything goes well, the phase of the `BackupConfiguration` should be `Ready`. The `Ready` phase indicates that the backup setup is successful. Let's verify the `Phase` of the BackupConfiguration, + +```bash +$ kubectl get backupconfiguration -n demo +NAME TASK SCHEDULE PAUSED PHASE AGE +sample-nats-backup nats-backup-2.6.1 */5 * * * * Ready 11s +``` + +#### Verify CronJob + +Stash will create a CronJob with the schedule specified in `spec.schedule` field of `BackupConfiguration` object. + +Verify that the CronJob has been created using the following command, + +```bash +❯ kubectl get cronjob -n demo +NAME SCHEDULE SUSPEND ACTIVE LAST SCHEDULE AGE +stash-backup-sample-nats-backup */5 * * * * False 0 14s +``` + +#### Wait for BackupSession + +The `sample-nats-backup` CronJob will trigger a backup on each scheduled slot by creating a `BackupSession` object. + +Now, wait for a schedule to appear. Run the following command to watch for `BackupSession` object, + +```bash +❯ kubectl get backupsession -n demo -w +NAME INVOKER-TYPE INVOKER-NAME PHASE DURATION AGE +sample-nats-backup-8x8fp BackupConfiguration sample-nats-backup Succeeded 42s 8m28s +``` + +Here, the phase `Succeeded` means that the backup process has been completed successfully. + +#### Verify Backup + +Now, we are going to verify whether the backed up data is present in the backend or not. Once a backup is completed, Stash will update the respective `Repository` object to reflect the backup completion. Check that the repository `gcs-repo` has been updated by the following command, + +```bash +❯ kubectl get repository -n demo +NAME INTEGRITY SIZE SNAPSHOT-COUNT LAST-SUCCESSFUL-BACKUP AGE +gcs-repo true 1.382 KiB 1 9m4s 24m +``` + +Now, if we navigate to the GCS bucket, we will see the backed up data has been stored in `demo/nats/sample-nats` directory as specified by `.spec.backend.gcs.prefix` field of the `Repository` object. + +

    + Backup data in GCS Bucket +
    Fig: Backup data in GCS Bucket
    +
    + + + + +> Note: Stash keeps all the backed up data encrypted. So, data in the backend will not make any sense until they are decrypted. + +## Restore + +If you have followed the previous sections properly, you should have a successful backup of your nats streams. Now, we are going to show how you can restore the streams from the backed up data. + +### Restore Into the Same NATS Cluster + +You can restore your data into the same NATS cluster you have backed up from or into a different NATS cluster in the same cluster or a different cluster. In this section, we are going to show you how to restore in the same NATS cluster which may be necessary when you have accidentally lost any data. + +#### Temporarily Pause Backup + +At first, let's stop taking any further backup of the NATS streams so that no backup runs after we delete the sample data. We are going to pause the `BackupConfiguration` object. Stash will stop taking any further backup when the `BackupConfiguration` is paused. + +Let's pause the `sample-nats-backup` BackupConfiguration, + +```bash +$ kubectl patch backupconfiguration -n demo sample-nats-backup --type="merge" --patch='{"spec": {"paused": true}}' +backupconfiguration.stash.appscode.com/sample-nats-backup patched +``` + +Verify that the `BackupConfiguration` has been paused, + +```bash +❯ kubectl get backupconfiguration -n demo sample-nats-backup +NAME TASK SCHEDULE PAUSED PHASE AGE +sample-nats-backup nats-backup-2.6.1 */5 * * * * true Ready 2d18h +``` + +Notice the `PAUSED` column. Value `true` for this field means that the `BackupConfiguration` has been paused. + +Stash will also suspend the respective CronJob. + +```bash +❯ kubectl get cronjob -n demo +NAME SCHEDULE SUSPEND ACTIVE LAST SCHEDULE AGE +stash-backup-sample-nats-backup */5 * * * * True 0 56s 2d18h +``` + +#### Simulate Disaster + +Now, let's simulate a disaster scenario. Here, we are going to exec into the nats-box pod and delete the sample data we have inserted earlier. + +```bash +❯ kubectl exec -n demo -it sample-nats-box-785f8458d7-wtnfx -- sh -l +... +# Let's export the file path of user.nk file as environment variable to make further commands re-usable. +sample-nats-box-785f8458d7-wtnfx:~# export NATS_NKEY=/tmp/user.nk + +# delete the stream "ORDERS" +sample-nats-box-785f8458d7-wtnfx:~# nats stream rm ORDERS -f + +# verify that the stream has been deleted +sample-nats-box-785f8458d7-wtnfx:~# nats stream ls +No Streams defined +sample-nats-box-785f8458d7-wtnfx:~# exit +``` + +#### Create RestoreSession + +To restore the streams, you have to create a `RestoreSession` object pointing to the `AppBinding` of the targeted NATS server. + +Here, is the YAML of the `RestoreSession` object that we are going to use for restoring the streams of the NATS server. + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: RestoreSession +metadata: + name: sample-nats-restore + namespace: demo +spec: + task: + name: nats-restore-2.6.1 + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-nats + interimVolumeTemplate: + metadata: + name: nats-restore-tmp-storage + spec: + accessModes: [ "ReadWriteOnce" ] + storageClassName: "standard" + resources: + requests: + storage: 1Gi + rules: + - snapshots: [latest] +``` + +Here, + +- `.spec.task.name` specifies the name of the Task object that specifies the necessary Functions and their execution order to restore NATS streams. +- `.spec.repository.name` specifies the Repository object that holds the backend information where our backed up data has been stored. +- `.spec.target.ref` refers to the AppBinding object that holds the connection information of our targeted NATS server. +- `.spec.interimVolumeTemplate` specifies a PVC template that will be used by Stash to hold the restored data temporarily before injecting into the NATS server. +- `.spec.rules` specifies that we are restoring data from the latest backup snapshot of the streams. + +Let's create the `RestoreSession` object object we have shown above, + +```bash +$ kubectl apply -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/nats/authentications/nkey-auth/examples/restoresession.yaml +restoresession.stash.appscode.com/sample-nats-restore created +``` + +Once, you have created the `RestoreSession` object, Stash will create a restore Job. Run the following command to watch the phase of the `RestoreSession` object, + +```bash +❯ kubectl get restoresession -n demo -w +NAME REPOSITORY PHASE DURATION AGE +sample-nats-restore gcs-repo Succeeded 15s 55s +``` + +The `Succeeded` phase means that the restore process has been completed successfully. + +#### Verify Restored Data + +Now, let's exec into the nats-box pod and verify whether data actual data has been restored or not, + +```bash +❯ kubectl exec -n demo -it sample-nats-box-785f8458d7-wtnfx -- sh -l +... +# Let's export the file path of user.nk file as environment variable to make further commands re-usable. +sample-nats-box-785f8458d7-wtnfx:~# export NATS_NKEY=/tmp/user.nk + +# Verify that the stream has been restored successfully +sample-nats-box-785f8458d7-wtnfx:~# nats stream ls +Streams: + + ORDERS + +# Verify that the messages have been restored successfully +sample-nats-box-785f8458d7-wtnfx:~# nats stream info ORDERS +Information for Stream ORDERS created 2021-09-03T07:12:07Z + +Configuration: + + Subjects: ORDERS.* + Acknowledgements: true + Retention: File - Limits + Replicas: 1 + Discard Policy: Old + Duplicate Window: 2m0s + Maximum Messages: unlimited + Maximum Bytes: unlimited + Maximum Age: 1y0d0h0m0s + Maximum Message Size: unlimited + Maximum Consumers: unlimited + + +Cluster Information: + + Name: nats + Leader: nats-0 + +State: + + Messages: 2 + Bytes: 98 B + FirstSeq: 1 @ 2021-09-03T08:55:39 UTC + LastSeq: 2 @ 2021-09-03T08:56:11 UTC + Active Consumers: 0 + +sample-nats-box-785f8458d7-wtnfx:~# exit +``` + +Hence, we can see from the above output that the deleted data has been restored successfully from the backup. + +#### Resume Backup + +Since our data has been restored successfully we can now resume our usual backup process. Resume the `BackupConfiguration` using following command, + +```bash +❯ kubectl patch backupconfiguration -n demo sample-nats-backup --type="merge" --patch='{"spec": {"paused": false}}' +backupconfiguration.stash.appscode.com/sample-nats-backup patched +``` + +Verify that the `BackupConfiguration` has been resumed, +```bash +❯ kubectl get backupconfiguration -n demo sample-nats-backup +NAME TASK SCHEDULE PAUSED PHASE AGE +sample-nats-backup nats-backup-2.6.1 */5 * * * * false Ready 2d19h +``` + +Here, `false` in the `PAUSED` column means the backup has been resumed successfully. The CronJob also should be resumed now. + +```bash +❯ kubectl get cronjob -n demo +NAME SCHEDULE SUSPEND ACTIVE LAST SCHEDULE AGE +stash-backup-sample-nats-backup */5 * * * * False 0 3m24s 4h54m +``` + +Here, `False` in the `SUSPEND` column means the CronJob is no longer suspended and will trigger in the next schedule. + +## Cleanup + +To cleanup the Kubernetes resources created by this tutorial, run: + +```bash +kubectl delete -n demo backupconfiguration sample-nats-backup +kubectl delete -n demo restoresession sample-nats-restore +kubectl delete -n demo repository gcs-repo +# delete the nats chart +helm delete sample-nats -n demo +``` diff --git a/docs/addons/nats/authentications/token-auth/examples/appbinding.yaml b/docs/addons/nats/authentications/token-auth/examples/appbinding.yaml new file mode 100644 index 0000000..7e4a9e8 --- /dev/null +++ b/docs/addons/nats/authentications/token-auth/examples/appbinding.yaml @@ -0,0 +1,17 @@ +apiVersion: appcatalog.appscode.com/v1alpha1 +kind: AppBinding +metadata: + labels: + app.kubernetes.io/instance: sample-nats + name: sample-nats + namespace: demo +spec: + clientConfig: + service: + name: sample-nats + port: 4222 + scheme: nats + secret: + name: sample-nats-auth + type: nats.io/nats + version: 2.6.1 diff --git a/docs/addons/nats/authentications/token-auth/examples/backupconfiguration.yaml b/docs/addons/nats/authentications/token-auth/examples/backupconfiguration.yaml new file mode 100644 index 0000000..70b58a6 --- /dev/null +++ b/docs/addons/nats/authentications/token-auth/examples/backupconfiguration.yaml @@ -0,0 +1,29 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: sample-nats-backup + namespace: demo +spec: + task: + name: nats-backup-2.6.1 + schedule: "*/5 * * * *" + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-nats + interimVolumeTemplate: + metadata: + name: sample-nats-backup-tmp-storage + spec: + accessModes: [ "ReadWriteOnce" ] + storageClassName: "standard" + resources: + requests: + storage: 1Gi + retentionPolicy: + name: keep-last-5 + keepLast: 5 + prune: true diff --git a/docs/addons/nats/authentications/token-auth/examples/repository.yaml b/docs/addons/nats/authentications/token-auth/examples/repository.yaml new file mode 100644 index 0000000..dae9141 --- /dev/null +++ b/docs/addons/nats/authentications/token-auth/examples/repository.yaml @@ -0,0 +1,11 @@ +apiVersion: stash.appscode.com/v1alpha1 +kind: Repository +metadata: + name: gcs-repo + namespace: demo +spec: + backend: + gcs: + bucket: stash-testing + prefix: /demo/nats/sample-nats + storageSecretName: gcs-secret diff --git a/docs/addons/nats/authentications/token-auth/examples/restoresession.yaml b/docs/addons/nats/authentications/token-auth/examples/restoresession.yaml new file mode 100644 index 0000000..9c5f524 --- /dev/null +++ b/docs/addons/nats/authentications/token-auth/examples/restoresession.yaml @@ -0,0 +1,26 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: RestoreSession +metadata: + name: sample-nats-restore + namespace: demo +spec: + task: + name: nats-restore-2.6.1 + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-nats + interimVolumeTemplate: + metadata: + name: nats-restore-tmp-storage + spec: + accessModes: [ "ReadWriteOnce" ] + storageClassName: "standard" + resources: + requests: + storage: 1Gi + rules: + - snapshots: [latest] diff --git a/docs/addons/nats/authentications/token-auth/examples/secret.yaml b/docs/addons/nats/authentications/token-auth/examples/secret.yaml new file mode 100644 index 0000000..3726661 --- /dev/null +++ b/docs/addons/nats/authentications/token-auth/examples/secret.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Secret +metadata: + labels: + app.kubernetes.io/instance: sample-nats + name: sample-nats-auth + namespace: demo +data: + token: c2VjcmV0 diff --git a/docs/addons/nats/authentications/token-auth/images/sample-nats-backup.png b/docs/addons/nats/authentications/token-auth/images/sample-nats-backup.png new file mode 100644 index 0000000000000000000000000000000000000000..b3f603de785e2330c4b53a5b71505174aed01cec GIT binary patch literal 45342 zcmYg%byOTr(Cs2YLU0J~?v~&VK^J$o0D<5d9DYD>cUcIwi@SSpx5eFIakn6k?>pzc z^ZuIYK7D$sXR533y;T#Tsw|8Ck@zD306>?QlU4@+5MTfRJRb_ed(YILBk=nL(ON=D z0syFqLwh#+@ZP4hkW*Iz0KDk|fWQy{;OV_9@DKoS=L7(bOaTDFbO3V5s}-OlNg zXW7yD?W;k-$of7ST+IxHXq^GB4l^6esuzCGA6vsyZ zClIy!_BQ461sO{4dn6lxGCBO$cci8g2k?)7FWG+ z_u|Tc@x0!UYpcnHh4zV%L(eXz9`-y}784#Pd-8lGB{6b5X(etTO+`q3N~7M3AR zOm4mOc3ko$d+~871;b-{D#h98hhu$|NBQxSHzPqr)r|ev13hmDz@Zm#pI(Iq^O%!3eTknhe>8$5jUNY18#c_`52UOX1*2Ntf{R=u@w7~Lf>-&!x&Gy4g}x?q;is&EdV!&4sBVPXPSoo4`o?^?7Rid1CZNiZ{|J z()w5FNJg+(gk7P(N4|IDEB~zqh8^>AO&75)L>Dh|Wi@xVZ?o;DG%tQ%? zp4;6LCka2a>1c3Xlu7x+MR3MTe^D+=wEn+Q+(g*!d9jL$Dx)ZLnOrtRGsguyJcA6a zR{U~o(!Jq?%1#;aKRoKfYvl$l;UeodC3qwnPi!%~e79+R89OGaNs5ub3`f8$$|)3F zgUWwt(;>^Fdl}_sqe(pNcKfDhi&`oy&r%i+51~dFWGq3ci}sSE&CCQj|CUPg0EQ-p zvNMtY7XB&Xu=FMd=-Jr7($flh&AmN5ct8Ja$A>}z**OGW--i2~k#PqkaHRC-AS~`) z-s1Vz*1++xNg|5$FG-S?t?$#TkVF6nqg7e2rg#2J>x_mGb*ISZs$eF;cF$=!r~BNr zW+Nz>EkcQzGp75*<8#OriZ5{oWwPQCuxm3#F}m9?Ev_!2(8a@^VT;@36w%gH$2Z@t zy@%2XBj+k5dTzMb`L#qy$#QO$18Tc}pn(kxsPZTg)XphO^NB3YyTasX}mJ9Esw$0u}2W@tr!J!A(^S@OE2d z_s)z>F{*C)a|uvI;>(@@xoN5M5O7ppBcC)WmB+8v<%@`r2oH^tQ%{I#66c#?_q6Et}9a zZzYG+V3B`!{Q;~p$rVa?5Xp;DCuEEL!M;_`P{`>rrCX!tz(Wn{C^Klu8JPyPHy>Uw9JX8!~JUnD|$)!#` zquI|k8L&rO`dy3jpn;?cRS`A@*CW~!_V1>~(OHRnsfFno;PtV|iS*x6Dw#5paaoem z88X7rz-2rvunHY;FhaSzM0q?tQNZddc^DeL>BYYe6W}uU&itb)3tj(uRLk;xn7o3l zC9vnlnZ5CiJ&UK-#tzn)r9Kyk8H|3r5rMD$#?wtOJ6$Z(L&<8V8W$WG zAuVrhC9$fR6#7BWxI}{c&_%JzJVlfaqNiO^8t_FAJ3bg@xfog>%qULuO&4h~=EF@wN z&xJ6cJYYx?RdJ6>4CMiDBGK~r!8fe)aET1Yl0azrQyBN1aqIcz&C~msq0st}t1BC7 z3vTX`3{GASS&JwBeyX8insJ$dbhlOAO)(3(C~nbUm{WX;MzMeEfEyi8uQ(^kGAm>Cw9~qE9$#9ba0#pwxfSL+K|t# zjI{+rfF^mms6zF6%aGyD;Vmgn;^Fb9c%G4u3UP+?kR^uwxM4TT=n>?M0)`;e0&v0D zG?8xL%_?d}`bq|+#fclg_iW$I<&IPFbmdJ65&wMwgL1C8BzECJH2GI@D_}Z?{C5i; zCmPA}`%B$fR(^*gyzGA`tH4z}LYH`L9Ht_Y#L08<(CA))%vDRJT#UglOg)K&It!yMEe#B zQOT%GaFR6kzDquFwy=o`lCR*ukG!o!oM5Q^eh{6JnUlop(4(6Sq`I08X%>%6i%morX zEK=J4o~g@4eNby8wMu4leJ+kzDnJCgCRj2rz<6#1#U)Bdr8A>>Q3Dz8vwh1)FC9HH z&7%&$X716r6nv3~=V}^Yt7f^Zq$2*!Mej*U^l!1|J-a&$Gx9%oM@W?lhY3|GJikFK z3INfW;>#hQ=JO|2z0R;igoosWiJG|w;>Lq1#jO`YfIVF$8r<}z!GspV``7iTJ6uJK zdDqtigx=Yff_V(|2Z*51o1-tjT2Po5%oax>Zna+iQQ+fO=nT&wa0pc1M4quE9l}H; zvw8D{dPEb)*;x7MSH;&nAcc^UnV?lO4p}1-Sh*l?FitTmaT16T4i<)R`+M^aX|}Ci zXaN&1kNWNUH7B*xb1+<7!ViS?eZp_Ahj(nF3rf%{4L>Yu6BdvWQ)TpWNq4mwnkIL< z*?jNW0BmN6iXubet2jxM8Ur~+#r$UZlRF<@ED@JI|DG-vQ>&;JdTHwa`q9-h@5RKC5bulXWs+o7VA6-aiEYB6YO zx0*sZY`M$bgDu>)`Z&;(W9JSh#O3)3UBJfQMd zwA)0cVc~+~GK+Qoa&;HESH>YbCEMm&fFZ8HNrt20i@0kzA^V9$7|b@DrD;>gTaekOV324o>94~MDbO`vnK>~M>dXJ z$gI5Q2KL|!-^oYCL8AOe5X33M7k6|Av|EVF9J`;f1cV)K^-7u@n4h!JumI);ca?_I zGc!^_0v_C=gkf_I{(>;QcVK;4@_xp}^nT2>@b*}rb=H{CblGmx-~mrzG+%05%MUIl zJ40t`8DcWxbHu*#ko}v0LV0TRa=F-e7~+@>v%8z!I+%tT#)oGwlXO9%?(djm?71D4 zNMk?=6fN@PtZQ#^Ne>)S$xY3u;u5ilT&9t=LS+0;Wju@9-_9;QwuKW!9zD?$Lasz+ zZP#&N>aZWDUhcVU|C6agfo!ne};Yh1&+&;jOOB5 z!_zAk1i=!ZnRMpg<1!Pg4qfc*RdfQN)smBw+D}Umm7epo z1_KZ#%;R|RjM8`V& zKP3yhC&$FQ+R0#GaGCY!J{vyK=Bq=&ySrP~^zmxEGhL|}!3{!042l|0{qo|8foIt9 zYK_9~pV)JiuZL-`?*`&Pfw-9xvMYE@PQ<#>F)#}l5DnXm8ba4&%!X2Fk5X4lula8ax3)f!Li1V?x=y5)Cf zh95{_vnq;@p?kp zQ^L+1IH??lJBWQxCZ72C$uimAw~=?`w^gFCpi3q1&z-u>AKZkphEHRxhtz+ae)1a6 z!9rjbb!HBoJOkt+@JR?d!;4B1qiFV>hTH!O&PSD1prSIPK*doF;<)LgnHjuMPd6+5 zfgfo1H(xo$3`2#3#-3U2vQr;1QHrFtcup|5#-pLVptTG?X^!fiVpzgd@)ChmN z_fCX}eXT31X~*~8W=equ?{@3I$m01X;Rwjik|>68_lQlXREDSrPa#;jF6n3gmv#L= z`t`pzL4PVHczB0izRT8UP4)}r7WB5~j8(^b&6h8w{@Tx2g2O)P6zD7GlthkMB^7gh zigvM$3~AwHxOuStkRl@en2UN70&}Ro`48=j;^#;(GfNiA=o=9fI&xV~$rY*{P_H_P z_zs_4ee>Gux^WQGIO?yscKzuKrxHmfL!Lq`NelLoy34H(CSvwQkx0yq1D&oVqgBY? zgf+}mi7oxFjQ8c+64ml~%g)^a{P zUd%a>HtxCC81b(pLD;`O&Mvs&;DXhtRk{a?Z>TQ@#iUFO4!7&nFDg`?Mgbq+;)6GY zAx1O#jAlKATLjL-L=p-QeHj*I4;he_!p}9s>^Lqmj$`OX{-Sv}FAR8(w~6|8eY(_4 zIC(#kfA-V$kX^n~Un}j!QSx<+pcv@hM0U4y=|Im1}n4=H9Ml%Cw58SVLU|Y z=7%uXmpVp;&=l0B6@M7QAEl34We>7QI344}{4 zg?^yeyJR(2tsVNb^mWJB%#3mC6Duz{3hLi&4%ScE4uP|uKmW$+lK0Ou{7*!SkhUvF zQlt?JZGd@AwURMSa+=Um)Fjwc;Z?|E=WKi^+`0Y;)`ZuOD?FqW z*(-5=fv=#l1sN|9b--yi@n;SQL`vaqUVDmtE+N5FX$1pS zqf(;`UI<`w-%b`#} zaZ$>Jz*zA%)H_TwRHZF^Nb>Feik1Vo(w#P7X17{_a49BA3Fn95Oz;Q0;HmsupRF17 zSK)0M?!oiA&r)$?as=}KHSb+!aY$TWi=O_*#z5VQk*z;yI9|1o%pY?5BOTj(#b-Gv zOQWT}HPRQqW~iwE>o0!BX31#5di0f`Qod{9+}k4m4TRb5Q6?9wiUrZC)5`Y^4j=@P z<_%eR&xMP9%@2A~gpPjFOA#{D_d zBDRDje0J@ANSI_)rT_Rs#Mox?Y0*?vuO8>|@uo#~i8Jv+lwO7+OL2Fn4#SdZcnjCz zDH_>#hA{fr&`j3wRa8F<0cCJsX1GCjhsZ^IM-9zOoYE`V8#Tt47)HgV)Ci0xB>MtF z%P=c*O~0bd5Ecb#$i;lhRFG!`QU+YAKl+8h5^dS$zx44DJyZQ>$9Sn$HqRm65~YKF z8qMkwTfURPxBQV2>TW6jf{izFy&o0iLPQ)**vD&Lu?KiwyZEjKB{#*SOrv$+$ zWiBax&+I4Dr#+=VfdYK_SQTP@8&<)GOic9Q6Y_Y`8S_PBp`qI!zCVsoS+^f~kZm5r z3y|ZtvrBO~P)Vb>4++YeX^Io7GnW0LyI*?-RbOH2vsijXz@|+GS9FpkC+T4MmxwPSD{V73}AnY+VnXKY_cnr;Z9i z2*()5{-*I7RM)>DYbTtab3oIW99HF$2mjj*8!1ZCVO53$Gco5w8CJHm1T)q#q+q6Y z#zm3!@$_2%$ktxM?E9F$GGa*Mm+!~y$tTFI=dsGZGRscmaD?h8ct-J@{SjJ^B#9C* zbZm28bGkS)BiA(eFss&?8}hF-hQJnPLY^o_1zEP|odENDcVVY3*drWXg#IVgT!R9BkS3L3 zHyU*jgpG=pR@sSA2aI*YJ9 zc8`j}*K(gQ6uoZh=|GSB!q9V3tL|FOhS9 zZ%)}vF3ptyX4;+gAFnV01y%I(-~ziLh4#2Crlv{3-}!UXQ8i!>`)W!S6JxqGV~%1S zV{ffy$Mz~+RS}H6s)o&NR&+Gy@h7&=S0Uu@R*dLo`eTF!&OGM@epU1PcXlGgzb zwdi-^8k9NVVh-p)`i(`RnYjC}%bZ$e>Q~=Yax%v!PI`(;Lwc`xE0U-+*YNXdBr0CL z)LRR@m5bEWGqgX@4OYv7LhPsY(lzy#pGGfH=;<&Yc%B#gJ=3@SG?R@6$Lmq#K*#gH zQj$#F={N9<84V6@4Lwc<1A!6mLaG9b0S1TB^4-Mfxx%@E+tVuzG{oF2qch-It{1Yh$A`WkVsVHKEY_c}LPL<0?BOgxgIw^Y0Qwl6u zVmeUGj2HE1Fs_N13=9=+=H8h8I6jL9lF8XopBxqVe6rCFK>%zZH^@p&!*)^M*3&lb zD68K<79jr-xAp&;MpXFwQT`*5Q%E{${Pv0>UgQ*;i2+MqIHpT(@Nmx4#Dn|?dB^~oNvFa%m zYuwA9rfQsn2FBqqG`d8Qa(FPC`fuYSDmlsO9r@P^e^}G?u4ToV+H`z`w#A;iR<&Z0jf87gueL` z%HVGp)QFQe;yW<>BJkzS9X_PwC5C-W$9q?~^ICnfzm6>p(1XF~a2G!B@N&4fkXBK~ zFoM=4{>H*_z=SDwKlVG#m=Qirr~Ub9#=SvDkc&Zoy*bmBRJO*=XtYhb*B++l(MZHF z?Qf5U5nK?%7P*%eRcVnQrajFF_2XOri#|V+Ru8W5=}lemtoZr(sa&9Te&OFlR9JY* z+rZ5I(Hr3N%^Z17$~TJs{;S7Y_wl}xJkOtRn+8*H=e!TCwhJ6acN2CvD+_-0>%|~MQt0UJeA|ETGFc7#!oS&Y_^Z>k|5(n>44Pez@F|`v z$rq;f7VyIGf=DPD+POBVt5h$cV%_+Q$3{yoBy9~k7jsSX7WN)HAd8`{Z8~592?gk^ z+l(FV{0yHXC(3?(tu|`b4O1(x+|H}%*L0{mhe^K7Cv_fRX31zXcAx)Kj3>rA;^xDC zL3jv%x9)jY@8j8xiH{Bb<-}!DVfVaU&OXBH{p$`EmlK#t5Ttu<)X+V3#fe3t#~7+Yq^K+hTWpIES-1Fl>abNGeYWRO1RHQA!*F>gHcZxz7yS=#<}qr-QlV%5l1`hNR0R#~lJB2@Wcs{#_tsYL9o zwz*DSi7Zj%N0-ZT{$z$Pht$kb{x6yT0yM~ni+|qX@r31W8iCoy3{Qm6&DKWv85(eZ z^|Q`O?ArL0A}`U5W4JnzCK@DbD=&*UQA{0htuF=H$(O3vU7tUjPin&jIIk=uTo?3t zpZ5vA*l+%uTu$XfA`w?GI7cG&A4JIe2kUyN820Wec!K4KjZ1$|R+`iO85=#Q^$=*D zTZX?usKOvVxbfFRY#O#mPX}@gff>opZx>XKQ*?2j_Xvf+Xu014KxewI(=fd{t8viR zCe%JWho$~0q4l662+g_im`tXbnEi5n&coLRwl2C#G{eWMZeP~7x)xnXS%Doto@$ik z-e{TiI7sNHc4hvh-+TC+)c>`QLN@V3-Fo7=CBW!3wSCb_Oz%$&5n67+lt$PMm(-Bo z`J5s%(C^&1=saVpA>z~gK(6>*k2n-qyh1CE(kM-+>woC7I7*3bB0GV<9TTwZO~d6c=-*P zPY>^6!(S+zn2HCKbzf=rmLSpx_Kk9**s_IfD1v<(s`!85CMbWI>IiaEO$eenXR&qf zyqty^ihJj%c&auAW9oCuCrw|mn+f*49xL(<^S?xaXt@!ce>G@e-c-h3Ml~J!U`my- z(AszX)>GzLZQa@|b~3r$n3o z{=700C1^ga+XNrIpZc;2rTjxN7Qw1ke1a$xdAjFEV?;|jWsY-|=X#Bm{*wYl1rHBG z2HqZiGgleNq#Ny>kW)JzEARW?x4~%ZWea!<6U%H>CTnh~7bICFD^6`wF25#Py}3tZ ze0Jrck9m^_hZ#v?;g37_Nc1r{*4%c}SsJ}O4c1UB_Q$r06w~}>d_PQm!Ym>3e{3jn zORn&!Kt3sd3m)vMecUM;<;`{I`(nJ|nk2g1u|=oO+H7;vq5gK+XlZ?!#J4W6n6%?p z^cr*IetR3B3MRujeoySDd8c+R_|B%a>SJ6c$zVAl%~^aJX3X**8UJ1JWS^l2K`>cs zT~58NGON21e(Bj8=%itD{1h)_WS!OI`|aNv-!^4fnho&0z1qh01wxTjvR!d}RKwd= z_l`;uHNGzIs+nx;@86aMybVxsyMp~kf6k5=#pdRfyu1CVP@Xzy!l%k4pfqXJ>E0&` zCQPvG=5^oci)wTxWbg(vGaqYr|2}HJx1_DkIx?0a`h2)0!@=t$r($^ze&3m|K5J&h zli6?#3uI~<@*R3ZxdRJ;zEMl-;Zfw!O!Tj?bn6?{>jVGYA z^*9EogBczjWd?T?Pb%aseKom-B22o>~>~SUmF3z4gCeo!RN?|3!>}#49DN zJ;Faw8%V85aP|eloX?~qUM@--GYf_0vBT2H!j4nLPq5m8(RX!88 zaM~yCQhp9ch3=fG_N%^d37Pf(+6Sh?28FFl5ba-xAivCi>qgf~;N71UrFS}4e8iU} zQTx(Dqz5ADjfm&V1lAETD6V|wK*XX1MO2B^ihhB(?d$op%b5e6tK zp7YwzbyEWn&sjc_8bA+OJQO!FYTjX~AQdgR7oj&mf{^}EkIJrT zB&6|}_aXghpFLoJGkaJJRh*w!`@e6-JKgMs&MoU4t^xVoZn6}5e3++170rAYFF%G>;^$g<_J9 z2oaJ;o9hC4zoYN=>b?xH_?KPe4Tw#Hn$30gk@@%Ag3W^MD?D}b-304Inh}tDk$gCf zDwo$#Sv~F7NRTmpBNxECP#K;{lac=>5@q(nnW15@BRKov@otLGp_>5CZD`aq-ND7` zU#GujPfiE|Cf^0+0Er>6OLDKI9#FT7&hQ!k5yo#+E(>qTW<;`-AJ<|uQKv+cP z7Ps9cL!bA8cDA$K``RLDYu3XkP_xj>f?q_*2FwcNkueAtQ(={T2Iu1Gk~=p8Lg5sw z=@_nO4v=PpYie3 zV+cU2Ts4~t6}FnrTZIGuDGoYzb|!xaAk8(n+WE5J2{ja3GZMNy-y!MDiZ{3#rz7Y* zd);q5Sh;LTm?l<;MG;oxSp#j>S{u0@o)DZ-R>t$Zuq)oQrJfkxoZcR|G7Qp$0zVX7Q)8*^Ifl_SjdIr#>RN}6L}NT z%3!jukAZTNS?!wTu(Vyr;OypS>&gEqYZ}TB1zA41{p|Ej3adDD!ZZI=3$!k$gS614QuOF4)0OmW$SN~Jy^$873K(z0pMp-K@RsYZkpc3B0$n#A# z;9M)fUgBZ1S@^lCZ#^t#Ne0zH-BbpJ3w(Bw(;|b!q!f8(I9Uj~8-}G%1z?LPGp6vvIs% zP+k0Xz%(~4m_ux<+$VPaFsez;w6A$l713l-!h@;+F~W1=O~Q z{B>tM4N?^r682N+#>ag!UtQ(xuT$xoV4*6HuTnP~WBSagQ$72DqWFm?J!o>S0n~j~dG{{q?VeZSSL~ z(SLg^nQ?Q0pa!<{|E@{GZ_iAo+aYi#0mw;DNUu6Q@b|={?3*?9Kf2Z@lZ#3bnQ#! zdrf5)i~rNaelQs=&Z1M55vo8ddclAM@Pj?hsD26 zOVj~u-?p+wFTY9OqoFcjl}@^UEcZ+A9?6fJgAE&x|JgF3pbQ5QlKHpKTenZbBW^u^ zF>Q|*($c!5iq~Gq?`n=W(j}}Wu)uE^btG*&at784#LlvWzUs$51ykX#1fEP zQCYzYebK&Y6+o%7r)Fy~zoh9Cis7gLIS_g3I?mEM>s@}yh6s|Ct&33>qW}3vV7DBt zc{HhVOb{AAn@1)=%+wiU#s97iLqlmp_hvOX(JH8>?h{k8Ly03`{i5Sd$?y4%v zxgR|@@0ssxKjJQc;*YL0;kvF$JuRzD0xHhQvh!}1nl`9Co>|5rHJ%&~u!r`&INbB+ z&ZTJ>#x~k-SYz!fLgoFLPgHdNLZY(!8_Re|C`%T;Aza%%??RH#pdb-r z@}gH^#;4+{01CGR>^quq15w)L_nIGra}+mhut}%P;BMCOf}lfd@Gt6g<*;5izvdaU zt^eJwvPbXu9o*MYS+?ea>Kfqs^0ZK0vWEEVXZ_P4HM?}W)9H~+2%*u@bu`BnFiqrc zk}%4!;HTfU=Y%cV+76Q&wGO<6@-=ND{qckDKk<35+jw~IlJ?=hzmyNP!l-+2FiS$p z%$FNE?|V3hgrE(%IGQ8IieB;L!Gn$hfRDtaFr{9uJ%F>dUTpKG4JR_BQ~Z> z%8!D}YbEG}`O{WzyF{q7C3x$Q zK+fuYq^Rduz6;?Q<&v2JI9T@yrs}fWEy4ZQ%)35tMhY1t5v_OdX174XPG%|oGRarZ zZBxAef>T7`p44@amHs{Zf`BX^z6s3LA$O-fIv^b$_)j-rG}Z3Wb+cPs6+Fojmjjdk z=m|7e^TN1&kJ5=)^T1rbuva#YTnnP_kFpS

    u^=7v?Y$Oo!l#F-Us)#{-IT_~B4O zn44^h5FuRk_g2ZvKxyPrzWR1Wf6;s~L8rOcEV(g zWfPPKBm~IAXe?lhNQ=ZtmZ}_teLYd%*Ch8rr@1rzfIFNYZ!ZaKVUu2M%8r7ymfYH# zZ|B;6FFBbGz8=kRCx%^Tn*m}EPLCA}lk?{=$}-MM6HnG@y*Rx%(%rO#_sl!0+20$l zYIX?C2g2dei0enB3c z*~pV(zkKd1pkexa!0WTMq&8=%?F@3<@!>Uw)L#C z-f_7p1(+v2S$s6dU3|On8*?-7V9}u3)+g z_ozTvN7^WpvVJ;8d4~X+X;9@BFSv}(E%k+`*c6?KfSWV_^3}hWxf|7g}17 z^8mRZs^{r;~6jgjs`Kb_MYCf zyFVdQ%$}9}6(l*=3c;jCH@4IRbM(1fSple)_$fYl5L+lnu z%4odsW_ysZv77n0`I!x&^Mp>%Kf33d5KsGc*UFa;6)`%$b5iJB=e@K}>Y>b%8!T_Y zUIv5^gI+TD)VIqxWkrM``Cm#dIS#a96Z3QT4gyOR?H%Y_HBM-GV$vf#dG~@?dg1l6 zMW|WEV^sNsdh3s!@McaCl=inrDW!9vwEQ?mh2{#!y#T+LDkztAljDZ}d6?ba@+}-^ zHON%ZNvYL`z~psny~Agv$s`xi#lP9pGf@%s^MtH@PEnEN9NOjIo-#`<#Y;yoJybvx z^M0TJKH{~N&gON?o@J3DLC|)j9>4TEUclR+B9I#@1DNQjUVTCpZYwP(4ZGG%wxHVA zV*S*nIbw4{o~iJy-wyLtLtB(UR#&ZjHRnUP=2=;hrOqY(vw`;<`e&T2)iwo1Pcx!a z?J+v4vKqjgC2gfs-flJGs7m#5Y2x1^@+S>&aw5b$Hs`ubOMLjzF4Hx8b5+j8SSi5i zyF#mL@{NKGZ>bY+DGI*T)>s1YoEa$;-%US*oV6qY1st4oY}@oam2p@ubxhtuwxWU$ zS{5bqYE+qEdOG$PF`K-TH=Vh=$;&?LinIFr}Zwp`>8P4>2kyd-{pcrF9 zgo@7<)g2hKu?z^8R}zn4GD}BG z)R8>Zk{|(9v#hA_Ae++j8FyGc#0i&TTF9ONZAD`WX94sJtjw`y1wX7 zZLO5S0xl!e)Kw?#{CI%+{HqgYfAv6U~$uorj_RF^Yx>p-FW<%lENt|+P873&V1 z#>{RbkF?EIbfaK3h+O&*UaN~Ta&I<(1?sH-&sH*Dq^ztx-As{yOOOn(r!qHJE1)2a zW@FlvHgjo9ROx3~pAcT%xwEK+`oo^Rwi)A_mTl&6`Ga+c{jTqWTUehWDrUnJPz-^4S-Y-zcaT+Oq69IfmgEPJY5H^WKB4&c(bTkUq*W)Z!ji{ zoH{#9bEgQ9^|??xjSY}fYhA3&0jH%^_fh_$bViRBx6iu@Ja2+;6KSP0Cbc&j*j6q` ztp(YQ9}=4^NH%Zjxhc}5H&n2U5@v?VW7H5^xyFvt>mQS~v5-rep}5ie6c>pjs&OAp zJ8H6$!HHD8D-6~1u<#$wAsNQI)DDjwFaV{L=Pi4evQAcR?AFExc)?MXO5Pp+^}0TptB{?^j}t;ey#?0erg2 z83akJ?f!|_S(U0{{o+FPBK|zfKE|B7GUPF4*RuIGYa5#ncayO5N^=TqWitf3p-OM03R4pw7bAiB9r9U+T+C~Oi}%x_Eb zn_?$p_e6tjC3HFR=M(^ z07n$-!A;oF%~C%aL1H@r0fCQc=(;XjVc4AQLP{Q#0H-FAq|ws*j~ef<7i7#3hBL3t z4mbe4LvD^AHCl7!IY0<6(!yRP`%yl9Xx2M7#K^7QqOCQ}_OMr6lM0t!M`z2MyUmVj z?z65V78oicc?pHn(x%hRnwjbg9(W=Vy2A^#^^;8xB-h9F#1`|5UC_`XZb4VXv4Q8|!wZ`nt+}GLrzq+IPm%?5vj?=6)59=}OZLI065sA&I~Y9-%X3=1ey~!H@-& z?*yQp$mb`_Zw!@_ee*uk$=TUB4-0M3DE~iX?#Zxk_u2<|YaKs@YNu8dC zItN;Yes`gfmI{^znj?2Z32@~{Ev_q0;~n}k-bVyD6$`*!kG#G+ObNsGS!+I5a-+=;C%B3J^_j!rY)%cqQ zWWH_0jjp2wzippc3MI0`SY5l*R9gV%v+>n&tKIymj`R8EHvzAeci^SlmzVdS1qI2b zFK~VNHnj%JKFl%yvsdhH&B;_$F1l#CXF?BynNj0uf&B(PnliieJl^?B_cQ|I ze03~CkKqV&BQsZ-3ouq>Kc0-;3@v1%a--}F`I%?Bgb5W51YTIGzeqJ_9a=(_fuXHXq`!8pX+x_M(irK2v{i#%`_7-Ph6utE5BXBBhRcY z`A$h>tvY_<3J1FqeL&~pHvMbe%50Umj{%=vm`I279+!Xn_((UC-{D3~{BYZBshs>c zb52K;s9IPU7?W}4icDKGcPX-^jIxCTf`%)EJx{k0^jlV@bPa!}b7>BhGEviH~+b`X?5SpLDW$0Qsy7WiEl{qLcD5u7<;Vr-49E2YDecy?l`ZE zP(NW|*k-`H4dLSsN;7d^HU0+fawEl1eQ>a&%5W(iGZrs-tdRKh{x!nZXdqh7?jTe= z{=;wzExt)2&a4ahk41ccw}gX#q*v+$7y85Iofz~1@YkMaM=4ts-~r@=__l7$T&bvI zRAibqH3yXNjG5jmulf(vR;|8#TL}n+dl=DN_@O0WLrb#X-i#%u@t_sQkpHeAxaf8D zH)!5T_2I)zwfKYhh^9}KS64>7GijgRzY&0F4?Q zEgSth)K)BSZ})N-r+1pAOrhS9^MYye;Xtf4ru~}uM?7tAO8gi9)*ib&2A}{DQW3(E zfa8g!wy?ydlwP&81gHOD$rFfdLuk-FfHr8e7fk@_nZi@;F&`)9OX8J=ISz2Q{wXF} zUDxQZIJxwcI{8lDs$b@ht+Vb);a@i>mejp3;sc=jsl6IFARX*8X|!%hPYU#Iv$DAO zfAgs?l{qV7pE>>XDfNc(6-K`%dk-R1HRY)e+^HRQN5WiDd(+sN4Hf(=8dHN!A0zo9 zi@8k_w@g|NNT*?=6ss}^6nH0{4F^`ozil>ygL#%s1lFb-UakH$SjcNt%YW~X%0MFP z>@n}`H+vklanW||q0MIdBgb*2|MrtzCH*^5xESlRo8;{`0Bes}P-Fk?eeT-T998ud zA%M@{-)Fp6XX`O;{ev{5O7|F{%GcSe{|lfMgSXtPnYdmB=w|$_8J7(JC$tjX6dm@H z76q=8U{uiPPC2}7wvS?aqH$_Q5JF|o-wCD!Kt(=65l%lx`I_$daCo%O7@C;8U4`jF zdiRA0NwmG#2^0S&v7)F*3V_BX&GynR&RgNM&5>wH#YA zZdGeE?EdXq6Y^G(wr+eqDeSbR27RZ$NTYm))PjEZ6^hc30!(EKu@}=p0|`4Jbjl{8Q zw~*un+Tu?A@7pPD$_AB+MolrFj>(9)kFDgl`zd%4a|Lim*e{NT1QL0{Mi3z!kfOk9 z#Ak81@5uh&;(qCNyXjmP_99?x-lW!XZkxoeg zX%wZE6r_=m776JPP`Z1JloAk;k`h6NG)PHz_vqMY7&Ur~vF+RM`*+v1?cJXDdG2$c zbMEu@CJs6EzTui5uj*wxUZ~=gN%Q6%9%J^Qmb~JO&D$~CJfhTz|10ly9)?f#-l%Fv z3FT}_A&}kqb(y5=^0!i_Cl`sdb41JV_v~a%is$`$+4_W6(q9 zeWyu#djH3fXC>1#cj@@&X}`sw$7Hx8W{MNNE2~D(8Hco<&q?XSIylj4>W}e$VbNZC zhE9mAk_3cQzvR*6LVI?1XzP9RSSq&cE3CF_yRnWq>*TK|@Fv9a0MoayNfMaHFCDAU zqX#$ex_X%pH}0W90_?Hf2hrvFZ&YJi|n)Y7Ix)QBnG(kC=^MYDVbcP*M(!pZotNc3fA zWF1!@q3hRM4h3@}k_BypLAvgXfkZniBrVx-X;`ls#e$7}N$>W4s^JIxnX`lSA97Dw zvm8}MOo~%;GoS2tiHXA|vv^cX5}~6isUt_3*CeDVOGG$aRJZTTZmXL~nnbxPVZUg8 zD$WISL59WY}#l)yfOG`1ueMnk5!eu6^I9k4)2J{eQ;9 z&KLNzPVz?RN&!Sf!k{T14$qXf5}87}a8-P`1dJ5vRdLWKaTOg%Q7NA{3%s)4bo>`P z;CmJl-B9-K7>YVZ$%fCwPrb6P{3zFKmkGY=s<$>jnkdy^ef5&d)u>Do_$Q z5-@i0uQugPlL(lH)d6*(uYRPuA2y~sP=TiX!D!S$&$#G$r%9LgI_yk!)bzmx-V1BB zUGr~F4yWH9#}-o$%Mj=Ae2_sLzvN@?%%_?io$mw4;x3X}(r2La&#%pkkw+WOh%J?| z_o%-TC3{uht`Nn|oWfCS2|R}7KRlG8f(>%yw)#z$S6GC04h?1=EKZHSu#7gS9Hr#S zZg8ZycT?bI!|~Q#Pyi9FNda#lotF}!AgN`hH+fK}>m+XxL3?wG`2l7qmgY}~vjcFY z75njiYx-*vtDvp4WiS?Ph0dVxyi@A`2E^2+nZhCRp=lYDXT;d1e>?7c`{-hS08!xY z4&-|IC=^Hfo4VwPf`bU;A1SbT-*-&85ji%nQGXKiAE!;@E3?0Xu1Xd` z-ogPrVm;~-AGty}g|nu=zp3e6K@eQnXnuPAva=qY-TmXF@ZMAtiwSDD)NeoB>Ci=D zO}b8}+)}E{`}-_p0BfAK*b+;1bC5r4(V;+a#NM*h4pZGrDrA;M#s{4I)h13HAvt>} zIcwxEc!DY$u2u!3f@Mlqr0}FNpnYzJjQ>W+-yhq$++{DYwgW(2!y^{fP|lVwVr`)x zKNF8~ZC6AmIgD$GEkj!)!w`1rho6hq)4^iP)eYN7sLYzzUEXBZFmdLcKuJX2p_4Cm zfkR_|3;xLc0C2OBL|hQ0AbrC>56iRJ$@h_xH!B}d%dTR35Z&#&OJ@{j_Nb_S?zxKa zmm;uRM7Ynkum^wnQ@{n@Vw~UY35vKSwk8z`8&}KI863NS3z2|+GwKgO`gXe#s5RQ0>nA7Zi6rmNBT|(_1n!VO8c*C)g!h`HDD+JXjR;^|!22@m zmY{e#RbgSM=dksct|Vd(yOM?QbWq~drm{pMNjAGH*0+JDr{1?>jlQ+lm)wHgjBx5~ zWFRR)*Tcx-{6xp&+l7w9L%oRxS}9CVU6~u@QQFB&0=qCjJd(@qm3xs4iPU+qbT4rdvAuceWYZ{BW^2Z=XV>GYtuCFXE+0i% zKQ4_d{?p`Y{Vcg8poXZynEmYs1>S2>8m`eL2vV$^v_BQW;kIMcC!7^guwTtGwnI(< z8cI*CvsFiwJl0CKn9jy&b!extODNlg73<$nf~Bji-wsz-Ci~nQ1s3PNl_=lg(ehGV zgoteGj>NcYoEpf`^r%31&5dZ;y(Aacla1+l@b&%EKDx3{Znz$l!asGg1-HN(bj#$Q z$LU(HhP#~`YUgoD3Rjac1q8!aCwb(&k8hODPd9Z#o1=U`!Dhg%7Mj=G7w*ADmM zt{};kh(R{qu{^HaJ7Y-jAgs9yd*FKdOa`6Hq60S(c1`(eT=vs)8s@t9OH*Tp;;Mt_ zpu<^lut5Al)Gtx;n}cRy^)s&7d_v*QropR`S|SyY)PoX)d?@RU)xXH>u%Lc3+Sx=E zgx#%3ryuO5cctTkT3$682IRlL)>LoRs*yb*l;Z$VSgY@PWHT`1*5@bt-|@=_fHRf3 z(|TXa1G^Ri?lnL=*W_lW!xRW+<%VCgCUy;ssD&#Xz<&~Zx>`Mw1 zTVu&yF-fjH(TT!_<(E}!(tLY^nsT1);5_`Wqocj}dGs=&1T2?OFwxhtILl*#C??HC zmi<9voVTr~a7Jd;@KH2hTR7b}Ph+N)kX_YUZ1D z-=csWc5H$`qOfaoWToFsAtbu;(j>(LGd71>|Hg!ZdE^P7&*yPQ+P{W(Yg=E`tWVSl z5w1ru$=-!ji?6+Zt~PFTDYJH4hS^crj$9hj!Ie&>8uouW3=9l?#Be}IJ?I#(Svz=~ z%b>Qhc(kJI@7=ky!`q~RITa_aRw~lR!c#_fI!ln<*2RZkFzK9{IPT$ox~^u zK&N*$eb?3}+kXr}m2Sk&Y4Re&P=W1ez*Yl_sxxFal%Ze^H7_6e1Vz1|r5wHN*DJt= zh98?7vO6B)_(MIJTAPB-)6)0^L#cOW+3vw{{oW3}$y-h?(8YStZn{8=t^($#-38+e zB8;BCBc^xiV`)Ly;Wr>SRS1h1cJtgSijp#4nDf>mR`2swk}_nVj&Zn*LEgLDHVx?- z(55~n&s1EKs>`+-6;v<#r+I9AHCBh&aGI!@Zw=l30^TKs~xYQlT9FbVeCV17bV-nDgKMA zn!V5JU;Up>a|(k8Iodd+UnhR&Vb?RU@ch7Tw569MEOVk{{vQzHng~&EBU7uxizwHs z$uIcYk;j{XrqUG5a3!HHuk}~S<(Gjurrcjv7q%Ts1t&5w@9oa5B_Rfdv>p_!^6?#w zUV3&qs3asW^}my%crf_*>45u>G9?uJ!1U3^yOyjOv!3Lx}8yi)8S)?JQXKKyHh z!;(koPwxRIA0^5VI2`5?M)dkt9_^d2k5J=>#k@q*J#^oB`QOhWE)g^>6)tz$1g1h!<9OnsBDqloJu_l+Z1*kCS@Ob4G;6) z{ZU7EE<-ApQ-UjwcW*_m^v}i{bO|u}0V{-Xx#D)?pbHCtecLGEKU?YhkrJzah;i7g zL_qBzqwr>j-X!}o$nle(=^;mWRuG|+atXFxk8PnYRP`6_z)J*z-jVsp3y|w!xGJ%@ym}iVErs{oZoZ~1^mYY!_ERhS~)5KqS z!PfT{q_QTzYpFKwLH{{?lWJ(?(7C6Ma{2A=veALD?`UwP8u+O3QGM@aY4=#&JV4>% z9dZNp=IyG#_I`lYzy9>TGp~;$FIZ>Xd-r84dx}iq&qb-S+O;? z(V^zYeT5K$0kf1|8H1R=dJ+qH29DFA{5cgg@{e}s1NKk`+8sIvy%X9gNd@j_l=WV= z&9V?7=jWTRZs;RBLaFFQh|O6!8i|11{!<;l8c01lieXb^sGv_xj_la+h z`2w$xRmr!Vto|eLE(e`>V=vo{Tll0a_xv>57c+(1t^3X0N8B3Q_@WX|g~vq{XV{i$ zzCBtY@plaVqPAoT&xPN60g#eAO0!K8FZ`3nZ`9#oD`r0-Qtw^xmLJ8{HK83q?crTp zYNB}wXlR})3vGve%naP<)FZWu?m-AD5fC$IX#4dwQe8U)??daJi7e3Vmw4*5eLQo$ z|AJM0=$&3Va_#9)&^lou_fyJyK#I@WX#2SLSrQ)xVwD9Oo9%T}t)pMW5Es2af6buB ziR+1<-aiDKExKTxC%4zfD_AF@8yLiGX8>o%MCIhbUZb$%Wc_tLQUpyjt;k zb@{Jz^>bopr*6TZR0jt*`gI@QLQ{&Iy6S2NfMHxx)Ak4V&av*>cg2_)k^#T{7{w?Z zIT~^FwKe;O1s)LSCojB{Huov~=)=p!_!N#bkY3~OX-}pq`4gl$pY+Rj$+bUTO{+`# zyI~!OsT4q!ZldJjE$Y65i!JBp`EIY9^-nA;u0NU^lW>1Gu|}J7X$DTr4T@|>UR!(F zE?ngjWCGu}*9PNFXMK9ZyGH1?vl2IiE75e)TM*FBPKwnK6GTw_jl+UZb213((9&Hmng>ZO*ro3(#?zljCG=95)r(hABg8Iv=k9<@=n0`4!TLZEep72! z%>v?571VQiow%}V-7LKrjx6=uo4$)NUm;Tr!LE-5Z3oj7IRvdJo~>fKpUgr!-7t}u zZlb!sjZN@r{HfbOH5c<8in`Q>0bgtD$vXwh(CF$2h;tpH3bAQ(){|KOkL(NUs6YLd zASV>u9n4uD1Ys#d9~qz z@A#1jk^4Kl!-J-m5Op#7?ucpOKN*=#)>3bOMdF%{kvH_6T=T7mIYn78DY^X4wGfmP z0`hnP_-G|s2<*YzCFT4@jp!R^)*lktL5Rno zc$We|PN zs7~cy%Gv`BGx=CpYA>5$_%CoLGZ@L{r3JS{Yf>4J=htd8U)CDipFQly;avT6hC<*=VxY zbVGW*OPd~=a*AsW1)y5j%>_rUurLyC{2t`52Hh*TnDck*)fO8g-C^xzn)`r0I8^t% z>I3Sw-1Lp=a?wiJRnp1caP{_h_vPec{RJClQ`{66(N3QFnct>9CmJ2P& za5)n3@HPN)kjyms_ggVx;QbH1dECZNO|Oj>WQ8zohN1AD~Qa6s)Q$iBoLBtH84!06{k zU2Vw)XsysKo&OuTVtD~dJXldqcKY#V1tJn>iqP=*=d`h4ALUSDh=-8@J6B8gpDD*>F z1*DgAesqm^;ML?+q5-rR-}Hz(K3}_1k)M$hC3H%91AxDsAIsMGL{6zbShRmx+g!^V zqZsnMF|{g*v+KT0P(!VUx|Dx~IR}%C&U?l5qxnJd8g@P>)-$6qsr6?|xBIKZ2ltvn z9(*!u($6Yng#!y;X0L$EfAr4%WPxwpj6E-Z~6-X5PJY3gd|=7$BCuN zsBMaD%TGW8m88dotX;`y=jgOS9jmpXpVc|r__CygF@PxR7Of|Cd@2o!2}8_Yq(r5n z1h{aVD$%kg5**-e)&*%J?DY(P3)-N4k3zZ2N*hxu3uOScyC6gI0#gjs%>*`8?)qS{3e2=XH~M7;bj*Iy}m7%|CQC`QJ@w~9lEa`3|9XWADU2rL7P=2;;}B5 z73iQZJybZC|Eg-Qnx>XA0>vn&DeSn>@hpP8s7d~L)WsphYS%xivp-P-%i z@@XhwRu6O%L=2nZp^_C+@9~As=YJ;m@y3_=qhLcivN2!&=|<`36x#hD)jcYw)O~?x z#@v&xq4Da~r?=UqD?}r6nec=qdbzZ-L8Q^`M;)!+JTrmu53p3y2 zo7Pxb`j^;=)e4)IviI0@&drm!@IV*~VZsi^kWd!@yk6p`3?QWY`%yNfDadJZYyu6l za-10Rhy;JR44J&!4KCVKZ)hb~uof3TfbLpo`ddU*RHEF^{G}u1K=jCo_=~VhnyEehSW(k z?^R0WbteR+WyN=M#{S7b)cWiyB)}-sM5<{x@K#4AGzq;yJv@o6*@D@-;9Zl+D5u(@ zX4M)F?@-TUE|DRx-?7@;-#w~@Xx5q5hZNIuN;nJ^v%SdAU--kopm}q$Z6QRLS&F?d z^dyed_X{$Y-w(@$qDmj!n_X-C@nWs%YWjuj6ryrJJ0{wp|O2REB;}?-!7D z+Z*(m%r6H4)`m0RDLIhNOOhw|!qz>u8R``(PYRO(E-QG<0Q01&VM)QBldu^c_0Qe4 z4xQ`HSB=jW!JJ!n7*JFUU~b1mg+#PmVDAYv@Y}ugtVXy$GkDaoMdncyeM-VF%t&`YJAb6cc&7}P zjKRT&Q8<`@`@OM6^2fARRy;~s-P}?y%_jQP%2bo@Ee@M`VKb8Wt3N92 zCj1dUFr#>$oN1XfCqrNFN};UOw?p*ustT|q6Pb}-WG&RMXo~BwCFeuJZLqHPtDki$LJY$>Fu%z$*ktd&FC|{!x-hRFv`qhNg#;&+Yp)GgS{0FjPa>gzb zUrfIQk}cxb2CGnkkBM!WW@ZQCq-Jctc-xql46f)o&1jY}j9$*ozjbSUqSdt>jGyYD zRH<&zCMt`YPW26*sqFpnVUt2DOkEV$baH>hsT3QQ&tD*&SvrLQBiu+b`BydO`!D6Z zQ*8qsCwR?u#I6G$o=H}^(a@=nHfnRoAIiZV*?ssck0=hoPmSkr74Is z6EQLwT9hTSSm-2?g>aJ4hN-xQc_;CygEo5?Tu zi}9HkjgXD$sEZ5rC#}FnNNEXSwWZ`}J)wMjJ_&&~a6}C(9rcu+ikx-#^C5Z2N zR8n>o3MT64;`cJ{aV~;Z3)fx$xDq}(*y5a?VrucBF~q$PJ_j4PwjSOpi#48G;+@`=N5GU4yC)7+7ZKoD{E)$zCUhA$e6`7l?bH+9YoBhrR# zCPN8!Jo``I&dNa9=;Zxz*Y-fx=d(G>6HS`sz&hEFB%?=zx?>+)xY;yto}=S#j_ucP< zZjQM3sO$(>#VoU5+P{13<>Uo#DEbCkHmOL`JQ#(p+)Z*+FxQvaENK(xeHBOlyomI9AxsR{K$F7X5*f>U60py(fHI52vd7G* z%>mhhV~8h(>+0M`woe{@K|#o(9M&d@4Q%&-;QNOb9|JP{r+Qo1dfHEZbt#u?!y)NK zI!R~NuEiesVr+Gq(s9g3W4=vD+CJ@0RXxo2*SLtD*y@Av@LxbuFku>FK`;y_z!+4! z`?%O&ic{D>|JsFVS8pJHJE!H_@-$cQXB!-C_{R6R;M*IM(T%0QP7G_zBi0?Z)CbQ0 zCH2vcel5cIE4;V9c^%S;olym#p!#>CQuHO|3ipqhSYaY_FvYiFRKIX% z9M!v$asSV=5>WB4nu$NyxW@@H^&6-vOT(ggOY4|YaLCfT)*a%> zhUHr@Htclcj2IqSl?maqb+5pwrew#E)7zz6IkqequRj(d@U9dW{}7UKRc~ay_IO-{ zb6@+U48$ypnV4Q)C zA2JDNc#INuRHlUNu3r2SVIfdSuwxfM55lk#^vT%s(CPJM8q_5tSms)zW11G%?iv zjk!N==3&XK)ba$f3!TBC7fw}GJR#m5q2iRs779hEWsV^g0X^tt^(xrwJWqjf6S}(P zB!aBz_QZ7apUx*@G5cb)+jo^A5=`yfy z2tYQ~A{?B~<+sT%j3p5}*r7%*lmt~L;hJ@(G^({5Bsx#zZD!sr4Cgt*DbPuFwp)kI zN`cTrwRIxn8ETVfN&S!_oGnXd>2-k_lF+zBp%d_k_1+#wXxwCVAcFmOY-Y945?C?g z$6C-S4W0*E$jQ7JN8k>1pWa|g$KlUqo%OgEk8+%Zre@`mffpVfNn<=a zW~9{3@Wy&XML(yrrX6cgXhhO+t4ZOLLuTe zJN?Wf7X&n{=dJ$ZAP#~6g}*K)D-^hXWw=|J_QRGW(-{}A)-6tK4mXd1XIDpsdr-T%15pqgu`1hVe9CX#@h zT@h7OL!sDH$tPk)E29cQnW6whLW5axwMDn%MO2f=I?=|!Wcd(7e=wHDx7xHWwvp4a zMRy@9*)5DVm28ssFN{jL2681_S!Fh$hj>r|cV%v>X2xm7Q)b8R9&Xg(L%V=J+83Tc`r*49wztUuu5d9G!zUrD zSFR29DZQF!2$%n8+%l+1?s?aZa>2a!+^ftq$t%{zP3wl@9@9`&%8N0nDd-5$Bltwr z7J~4-L6Oy5CD#<3gt$z0ntb7#_Vu`-u)_jg_FhV;>vFs(wiMUPh@IMNuQtf;K<=L~ zgy=7%_9jWm%b=l5z%X;W_5%IvQc+x%X_MVtFc)f~kt(>;Z-K(o*5oA5x|TRO{=Iq| z++xZsIw$T4c3yM;o})KZk#FJ&=h^`>e||9GD(o)0I>4N=jP>1?g1Xvr+$fN_l~|e$ z3!alswm9A6UKLe*jecU-|_gcp7TP1@-aUc7@OUJnos{3V%g46NP} z^9{8`XY@)~I_6a&hEfe0lic{e0uONqJl)lw7p$LRgAi3qDbzFYt}gE@ej3&6{)9-i_UkHq^*9_?9Zoa3?4KFOUQm;MzKjz4xa#wj7pH$+E!B9LS-v{@XmFpv z@Iv-TlUTMA4NZwVXne6sYj|3IQPpW8`vQR!ZxktT0>c4)IGKWxaU z<%dgY$iUHDc+7@lf-d6>GI^xCruW^>&5vi*dxe}vS?=^Px8(t!-=7@ER0a$+eP8|i zbm}i|Oq%)&!Trhu&qWEJKCv~M`V8R5>#v2rASzhIu^`GC= zUV$GMHGUbl4}Hl`Iy{jIj#5t4V3U5xu2|LLY$UEIM@`9-4^yjpk9bt$Nb~*b?}lO1 zXS}ACLcG{QRbXnxKcMSP8%_7l)l6#SKui`@cOMY@iOYJDr zn&2THpL>ZYT5%gIGbT>QT40_(Rp{7^=1+P0Ls0&oYDp0d1RCcgvsw9QhgJ;825Zvh z+3ja1raFpzFzK5#zFEWa?WtFo1?@jN%Nv72(dm1t@vq|y zv1(68+xE%#Z=tU1;Fs~CFH>!Ko2W&tdSVSQn)+d!R9+=`V0$eh?Yy0p7ixGyKp(u@S?qb}5T6Nh?smj$c`HKHig+%YU!BVAFaIUaC#^-WIbg zenC5N!+ctH4PsKU3HHG&VPb4-Oy3L1KOFQ$G|wi69ZL*eOC;gZ%LBwktFZe1Wt_|YIshT$6uT^7NKU#|gCY6e}hqfa{z`DO3OzdPa&bLS)l zVO9>xwN581vfgCh)86Z_QmWu%|8NWZu8jzk%*dpcq$z>^Gewu$7%zrN6nK=Aibc#9-qQ~g>!2va&E{;OF`hf?N3lMD|!7H6C+G`q)*^qa|*M5#RM z@^jl5PmZw z{Xhr;z)pt-04MJf<^Hv&Uod@VdbNNsoAQe z6c|I=^yO>1o<7k&-Tn4&eEj0gX?K-r!pqI<392d>$L$%LXIwUXV&Yf48K|j|!L{-( z0Q=13EHj_n4aryTC|Gp}J4F<91$Xdnvu9;-Tl{8IG5mGPF!l%E8>Z;ANk8v}abavvN9Ozub#Vca2q9bMSbgNJZTdN&P!&PiaGbL=<(XJ%+t%VQqKyz z*93JB@G@3*u@QWbP!e)t7Xdm|3ktJza1R0MMS*HOzJ^k;JHF`)=1b};%E45obmYeA zlvwN1GcjfIdSOvMow?_Mq9K`dyHw*M!d^`B$HRcC0#U%`Kp~rZ6Y3u-?NtDM9wucZ z2Zxt9^H@wlA~Nsg2y*1zo8*g2D9(*TMuzl+6jKu)+uu^D4+ zN9?;{IH5g2nn=4^m1LXu~MX||u@ zPlEH2lN;pN#cKzgf=%vLri*3u*T5mp7T{6@po1AzPP8kxR+zLTSg36+ort-gGuF-I z`gKN!;lDGzwb_ohlZeS~(ykCJ7sKl1)>d;gJ<}LTj!RCk*{eUD0GFLde8@AP<68|{ zHl7oMs@y{2mCW>SQX0>@MS8!e+6Eue%md9igaqKjSAt=0ZfoiC{wbb%xCy|sspFx? z|9ooirWI`wb?Pe_8_v^`i=Lp)Hm9!F7%GE2$eP|Q7iz-qH?4yu_fRi0E0R5QoY zNWD%j5a08{J>NrKgP|k`PlvJfd`(7d_vHUo9v45-(=jvl*<~63zej*rX%LnWuPUr% zT_@krP=VPNNpTxhCP3&~Z;$m}UszMwaSGqkdCg+zfW^-BhJd91RoWW$?JK&vMdgI9 zg~YWU$B5O5kp2P3*s}y{tuB7{i?FEBe@x~U)PL?4g@}2c0pEv3Hx~&iyjRAb)LD7< zIXAfuNYw$y;1Mp&*gk(tv>W@I*oH3 zsfhX*vDj$Z`XTbqy1K;%4?Sz-+dUjZ`&<%-#ax_~a`2p%6)dBqQwD_EC*)skmYJWc zSf8dKA1Pr^N$QC2_`^wQ#kJ1|beTt+XusUUl~95ee%{ zcXoHIK6P>wRULds&F{Rhq=((o|269JP%&|3@R61>$puHV2o(}=r7Qm_E+wmDJ(M(0 zZ^R<$;q*hY&NlIUjbGaMCFP=&VP#?Ln;tIgKi%8ON8fxNydk-_l$?$=&I8jISQj}HF01dso|s|d;(A!~1PHks4OJ?of@VXyEzAhKld z&o}_QC1{By+tz!I{`1X5HAzC-$AeTfPBm-=&Vknf)!)2bEWPWLBr{koJ(|ilqVl_} zOx77d5&aEiDr0ewvVe5Z9SmnLaLRl6HL>CO={dK=o_7xyB9!2Jt@~-t&jmSx!-z<= z6AnKh@vWhxfpvF)-yiPKzrVwr-snwVv~;tqFPUY}wZpDlLzi1bcCx7=j|<%IZ@C!O zV(yD&u=C_W(2!IiUvVos$m7+G=yVLDIn9b6 z(jLcmfjnDIzF*%v=;*n%s6NX`p|deEeo3%!VYy>OFa!jetXxFtWWgwzYINZzA|Y~Y zg^;5lC)*$o><9oIZmv@CpB67)eZsp zwo& z^)UxO*+kNHRn0e`+xr)MQd`ZEFYc50q8=`+et*nm_U$oxs?uF&Eh88}`u+QA7_!?}L5dMW1(5DN&yG8> z)ZiS+JjCc!~v`B=L?l0x#w$=xlqt)JU&TP!aIw{sj# z)TSE)5+`Z%I9T(-2+Cc33x6Kk5aT%E^7lc6;dvsG$G}CUtPXGLdwYgDAUfZ)1XApC zC}0DL=#E)>&-D4DMDs?=RyMNxOMNw=m2{$ybnjh$b66 z1!d>Q&$2atsYI-)ysUTYmf>)D(|mTuRdcssp`EAZeLRXHBx#sbm*Qs?ZKr9uXjb_P zIVAc!G&(RZtJwnu=BU92Y1hO1Za6>x?Ohq~)n2GB>`WYC`6lBfMn zXD!zhYHs+uQ}7fTT-a~;SyzfXAypSgq8goFbmtQ(pZQelmn=M$X-_-F+(oU#3pXtm zwH}vvUn90vyvNT0J8qNHvC*L{A5tm4x= zq0+sFlsXm=5ZoACg62+GiZx=a^^}8eDN4F^S#cR>za$86EXtvM9W7&N(*lI2$FCJ=%K{I@0&%v`$q|v#tEv}( z@oy`bCM(_7C3JbZp~v%u1RWi79}(!e;=aQUff$mIIfoXldfhypP=SLGZLE(N`gdbhPiG@hskzhnfTi zUn0xZe=J2o79Dh3y zxUBiP@U((i_m?p^)pTAq+{4XX^Iu26z2AwSw$K10Q_2QJrt!1jc#69)`G-S{^Lz?! zYX~H{8*Zx6-w4n_5R`e$!p|1{VV7e1OJ(P~_Izr8+^j36r^x4Ll{ox-ihecn6?RvV zvg%H_LX6t)8Nmc#GLvem<8t!M0f-x+>WV3>JLlHdpu%T3_R;Q1Gm47oOTKomiCE6*h3}zU-zU*y926?(lFF7^0*bYe!+QU(qUgY#e`%;19{p>hBrIl+fHE3U@A6j;y!-q`>Co<8brU{XNB5?#m*4^Kz*$t8`^>d(nN`&$F%R^4?gq=pdgk zmIWC~$Qy7^1!(q{#b|?4aZ~m_(rQ=x)auK}=bPE?UBNhjli9m`@K!tUXfSs0(mP{+ zhl?z@ZnFfq1Ct&+~+eX&&epG^mGu#+^7n=r+=mC-}Tl_=kkMlLmgZ@XkThRa6kMB zcTj#FNHcga1}<2i`ZK!1__r;ta{NuKhcBDjYZsgd_fX<3B&t8pS;=%8J~B-_Ts)%9 zl5FNsdq_@F^b|^!a0)rK!4Y-#e>yxPqL(ywpE3jBih+*!#U5OLpi=IGmUS9^?66v*Zhv*`>B-xXq({s9ew3*@gf!@JX`dsG zjkb*0!NBlG{#Vymg~ibY+Y;L)4i)|SJhgpw&jB?%%{q93ph+zq__GmN@9u_h=NH2?itbQ3Uqf? zgs#%PUaD{W3za-NNX4QxExHHnhfdtyI3VD!9SjxD}QQ7EjTccd_n=` z{zLI*T7ajc=I7CJIewGVul)JE3dpMcjmPyzLnYt)L<-w-%>C!IHHbBjNitzf?Kt$^ zKP9qR$fE))1wGjIy`mA~dqmKG6FS^WfznNa4nWHx2Bs0toUM14x)oaLE^O$&us|Vb zplh>ha(qRH;V2Abuz*A&d$=qgphYk?uejW*k7-FCg2}3PM`!!WM>O{j9#Wi3N}a?t zS(qOB$BKLPDVmhRV|P0m|6|!LFn9dOHC;IatZ+x$p9hJNtXi^Q~+g@ zd^=O679vJU&CwIXW2P)X^xm-LRpy_<4!PMbggceQo&4M7C z>nre{%g<8Y)@NfOezM(s}gvNDI3w?2b1IrkMa3>mLnB8(v%G7#J0?Tq}U!YQMJO z*k)o5=s3&v^fcZ&XOCSA_vZecqG4dJw3cv%o>yjJ2o8Drb<|od<95thnPU9)@zMHy zic0yeb5a8Zz{nuh*KNfwdY->_dpYXxe1z-ux>SOO7J@Umn-2a|Ofo=(Y&CGQFYiHO zYh`kP-~dd*wAQhL#}T~%0n}%4*4K~g2%z2hIDIK_;x-0e*7b3>^^fTp4Ci$&o9;wg z*9*-0EyABS0W}LGeNP6dIN8_td6iXFQ8p@9$;Q@F4URuecS?Ib8VMO38meWMF(cou zxmWF)!_Q3C3}!1kFJ%5Ze`)xZb>7gRGB=7Z1-xB{hAp*^e)mGf?*GeI&ey5+d`e+l z^?t-!d2^5|xF&V8P(c|W$?d5+;an5Y6mPYu5}2#8soI$Bv?nW>w{0l4a)hPsez6BY zVw!i|vUiFGl4)mt`(G1F7KC{>kz9>SY6Ua?dXHi&`(iBBXr4DUzDyzia*43x^z3T* z(L$4@On_$sxcd9zU?4|QLP+`+k z%n*S#_~c^dQT>99A2{nx&#>}d?#vXmZlna>UVw1cwdB>xlb~HajQm}KkeySm8=2Y?Pq+;?m{5}F5YM4X=8Mh@b$5S>w%C!(i^Ikx! z4kLj8@GA?T!#?#oj)gFpe>JZE058>F2e}y&T6FzQUIKJ3!z>Tbn$|ylN0dQcXZLZh zb_0ZkrC9;6o*~eS+Ue1L;RH%({G73{V|2YM0FgMg7CLj@tW9?N6%SpHMVIja;QT7z@I^mqyQ;Hc7eQdRS_@I7fx#n|Pq0*s^tga~`>@U&$Q+z{hqboX?xtIyJif4;1O%@FnUFs^G?Ga4EH%9(La9d$o#~ zcK7@KXP8I?1%i)xg@S>vA52q)SDUKq{Zo(CijN;x#|14PRGWk%mwqiB;;<1g=XLt` zOvl+Xaw;~Gkg}5~9=pS!*RgL(aPDCedY4bT+6xslbNStfc z$X2bJ8$?&FxjdkXWbXj9w6fTpw%SEMVfaipTqj^>v49AZd94}{w}E}Vc=RoINdUN2 zX;Hw7_60&3AG+0ZWt!stX@>(PSl&7~0Iz61ERA>vaH)ZwFANY6wazyKs)6_^zz?)) z0dE2aZ1y@_fC+4*4SW&={wMN%)2$xT%?bCms1Omd$s8%}m9_1Y7|y=q_ow8;WN(7J z3h055HhKq(>c@qBM3P@w!x|8x^KLO9!YL-gAmzg8yc7v#817Jt?^Ww*g01| zv^9vD9!i>NaEI;B!6ERuk&Dz;{X4}pY{d^K4OqCm;V*=Wc2JX2x}i^QmZ!ywvDkw@ z^2(dj<`w^UTDc&8?iGe6d;3TLYsz=Nk?)=)vKFZ%i-X{l^O1;raTZ|4JH=#4_=pt$ zWQIwLK>kH4RBH7Fu^8gqbrYArth^3TEN>Q%N*kS-LDSbuoL)*P9I>#Yva$GCqETZ2 zK3d!|_G9ldy;gW&wRT__Y12r(Eu8ZTDLU2gVUh)szZKtV8stw6h^D?feo?>Dxm{ZF zywL?4IV{Ew1+UNnga=6+0A7J0|5y`t2TWC^PNI|;yNpQ zldXDoIT|8; zHn$w-k`=sQGCydXJwPK0Eda&1PK+&^UOp|^n&k-R&3TEYOBeC)WpP^9ocUCy9q=bG9BrfSIbF*VmSyX@B$N9P1>0bt{oynwYF<5fHvUHZ)f#p;46%8Drf4Bql`xFD zem?%6t7ab39+We1z~uRIjbMcNjolzkiBQ4rtdKocsw;oold)l1ch-p2UrJItnn?qs)a1Y zfU|~`22@+V2iQYr$Q;uO->4Z55HWtj*LhX{J7TbGS~ttATi-SpneZc0=_QiW8E*HuVWE~3_IXtwoj;HK3~L%} z1vX&5Nq1N%_B<(NH3uT~CZpb{VyYfyB&5ca;LV~MF#vn}<@-`VPh>XCrj)9lX|i$yF9sz-cl)yjNI{*VJj zh>)){sn#YXG=SQ{sTX6KE>mxibRQ%ASkDaDxO1KYtOI=1`U&i@V<-`LtQ9hT_c`be znHq2!qW+7;X^MF!+uV(l6Vxh`=j4tTwH)a`?0|4BWfyt;OtXI(ICzx=!}<6-;X2yt z3!s#mLwihOMTRDBj=!ran$RmH;e!HLyk-p)BTAkBwU(9d)<0-Ap9$MeHFeLkRGXxQ zZGj0GM%wceCu&(%d?Pjp8?#vjV?I5$M?$txJURFdXU&b9F&$KDe>iUcG9IwH-JrR? z-jLQlDcG;aWA|Uo_DvRnC7WOM$`0=eLFO>U5cV_gy=!^EzO3m36ZzRlCeZ`>KS$nh zPQosZdxiD(_!f%$_SKn>4++MX?*e?B8WeMjQMKfS2@iO8B10&wwED_(rJCC;R*Zrh z>%7sEGB=S8w~ha}LNMfw{i65AZ$FHbRtn{{_%-rhPi_dvoj*I0w<)x8j=pkzd@kJl z_eBzj<}P%Vw_E8?0WO{&;W+>hkLWM|JAL>MTE5NNKTn(KQE`P!B7Iu_{Vy^Y%4J?< zHj@U`<^rAZ>%F0j723Xpx;Mk`NV*!3B6mrTSbbRu77&glDR&P1|lPt&YBHjE@w)Sl6 zdvS@+Fd?9>6-rE2z3F4EXaeYVzG~d$^DL9i_ zwUvsqKi|^5+RrNy8lH|qCStaD%&D{`_!82OE1UuMDfi-xyYRAH0}hbPrXlN!oxYOQ z=NVvpjl1hV^{zMBhfw}5&o{624yg6&&j_jo<{gd%sbp{A!2Epk#to;V7Va4HExdm# zgKBrn+-bwRl>T1AeSMnHuiT4xd#%{2P56#Uc<$360KPhFu3%0uGcOrk@I3En0l&}z zEP~elD@Epq4&Nt8DNC>X)9`vIX_; z>!jWZGqO5ALSlp${g-s4=+46xMqNCBfRk$PPRN)O-evzM<@aZo#4nsU=`jW5g&oWE zBOp6!2MC)#5R(^=;rmpe za2N62>TJE8si&16L@*XW{%be?j$o?C*-xHodj`L|)#203hh-dI523fa*kud&WgJKe z*6;*619#h{VRKMB?W+aDN41o{wxS7W@sN{*AW$5{LC1VS6tC`j>OHuAx#Ag>P`b;k z8bQiJC2YbO0Td5;p0L8eL7o2C>=dg@>s8I1K5bW1l)Qf7@e}k*ad|vvgX60WY^Gl> z>4<*i7ZIE zS_R$IqtH~Vvi8qtZ@~b=fOKN5jxo*W*T)h>M%u^aeD{R@897XsZZ``+a6gUozcotl zm=_>9N?x9^9()ut<~NT0RWCEtwoOTu8Z}%18rYE_RJ~`tqjQQgEZc5f@k*K|aY4hF z`Yk(5;g!%g!v9&d#F|*$N|CR58Re^tsE_WvC2}Hc1&yge$uSW7I=>Nc&}@9kXh7$R zjBFP5AJi!(i z%6e#imEaVtW{Jr}Wf9gx6cO&hw0)m$%7IuMUO~GcZ#wLV$=CST&{P9U``P0NRI zE0io1#U;%j^~-yP3Ybmz0U=#h<68<6%4fg%E7ovu!UA4w2-=^+)NwAfD@Lq!V@qF( zx;Xmp54>_=+QRi0mKE=4%f!z7`NAT)t!gYpI!$$d=Y#-sYi^C0Wj_Tw%FcUc#0)p!?V}OJs!Pl!`N#;SJaBd6 z(h6EDpSL|vOib7;z%!HSaBThpnQMw>K!TzugQw)rhBKnYl0PYVrjtbNq+5p$yKQx3 z1?&WT8N}v&?1M%-x225G!bLjYcQu%nH%76@zLZGnn^NsWkbNi!zEr5%t*4zdd{{(9 z8#l-*N)4MXWbD-?`E~xDNkn?z#Jr?4nQUeue$7gnH$ZnXB28A12TgMneTe2}`4jNV zR^yf&uY7BB*xd$(a8G<^uMEi~N07?S@AbqA?3tW zygiU&XbF0vA4ZDAEvTX?UCXcf!gyH1PqF;+c2sr;*%ir>36j#r|Jop=sCKj2kWRsN z>fW7ip(T4dat5Y~6{wV_5`fnwhr)g_JE(n>ITy+A4y!7iwr2fr<-@=)7Bz(}E5m(> z6LF=BqkHLL_cjSC=stv8oKhx5-YTIw0DBnpp==<2Wj=jUO}}jE@`uzx3#XDGyS3y+ zGUIV}6;L9@5(EljBXyNLd+|8zgu9c7bufLaw2O zO_sR&Rc$vw^h~E1WVTvY^FYLiLa!+(wr*;K@MDfRReqn|!jP#Khi^4*j7lQy^1{)P z^qp7K3K)z()vy(!Ed*qz9o$tzy~fOq^dZYrB{b10ucr|$T=PL<463`X#H1}fH1Daqni-R#9B{vC ze%ec|kC}Qf`tWX!nDfdEyx>0i#Wy;5>LEE9(@WfEz*mmv>-e;uc}GItL#QV8N*TE| znUjl>^G-3|u6}t1^nB&1JV~IZTzOAKEG{I`!3VfLI5^J4ZQ9tL*5MHP^)7j)cS1KasVKS4ExZRd< zm@zY2*g_I@KMwvxG}i~P?MH9|7Ndv$F@=9w*Vbx6 zp0rPFo3zNSo(K;+3tm6(zi63FT)D(k$LnXdmqm|ZDY^nYO0FP^#_>f{E9N8_)ZkJg zdvU95+4IV)iOIpT{ztEkPAGRvnE#y-(uTJL<_E;X8ii!s&? z!shIqhtl=D=RWsV1|CIqK?_ptn7w$3b+P}3x|@6H$}g=zP8ONo0WXs%S?Rj{cVNP$$N_&Z!b`Un?XQn4sI*Vi0pvKtZ6C1 zZ8#b6$qEaUG`k2itF*Y#X$^fJ#-eA(_PSATL*k>u^)d`Bf?MgyK9dTtlT?7JhEKSP zynwRylrJ4RI=lk8C0B@UG2CMtn@Kn^-L=T$;GuKRbJ&f=~r3*;;ucTC?qmY?rzE4Iwvm$DN;ly? zkY`cA2k;U{Kzi7orcMe^))#j4u}Mn(Bkz5ajl0-FpwbKg>rkV>qcLNtG!UxX~;THg1x&dEa<( zgF7&I9zb(`g3Vx*_o8fdzLYV3I$E0q6=)Nj>>BoQ#nkp~!Rq0ehbD!;p>QK*narV5 zRs|_I3ZHnyj4hqqJbtFW%!j2)$*)!jPfp};ZGi-i%u=MTZ21hAS>g^wVpX^ib6(hb z?T0@dzBtd^@Ql7M^Tw009d|Bv;2v3McEtAK*{sHO32uI1I2AIEqU-s}cD=}V`g017 zr&l?=s>78#-T4H~X_E@95-NIjZL+RQP*e;fnz!=@1?ebts?q-*w`D3m*?|79j>$$Q z3nH6BksCT|f{d)j>@Q;?Fum-qm)}AM>_94tZgV^#D|ib9*L?PB?rb#%5{0N*Wni>n z&{HDz%4ZQVR_7%DshUj)W9TaqjK;pH+Nirod3BcM=t%i`gzn9h^T%}Mvd|#0Z&yzu zDX_~ZM}v-G`x;(x$alBPMtxN`p{I)} zvLl-&*}_P6o1vGka8zv6eZ4JPiFn1eo}}~5?c>EKBCk~&wTKxC;*3ld`wEtCyDHxU zA0|CL8;C{EQ1`JUVCM*aznIYu<(E$SSsNy$Gpaef20TA`{Mih5utY#3OZ~%#gv@ci z&M&+HQ$`Ww@$bg|_#lp9vUi);=cjhFQ2PSr28nmk(G7zYcYliUi!}?1h@5Y;;e=6I z68dZ4iPT+^kOafxzcK()F}&lmn27zJi@j0h68D`@t1jml1DU8hDr4hsP?7GmTizmi z;S0oxs%_LPxk6>mr8Q(p5n*UO66>_M7i_#&fl{&pxRk7px zsN51=YNR18!X&haokX+6Ov{Kl?RACC#3r)WJ8?;wRUbuTaE?xmgHm8|K-ey*xESLF zhnw;}s{7Hg@hOWg>S&jz4*giH(b|w$naB6;9#d>iG7SmRFL05;`-`%Sa``H%7szQn z5it8fC$`^ z4;CYo{fh0QTkVbdj^oOwJjuK7q_bqWnUUje)jos9erflSL*EHd_nq({-O4e4FeU zH_R|smkn#|+vM4g$7O6C+2q~U&~U0ziD%c0Ry4JkMV0d%jcYXrZ%7ZHD6D9CTE9%Q zJ>7rS9af7~zILEMFwkSP6n6NB9271&TGyf8L7bT+pJ|p@-UIfkDx;PGN7fVJmXeK2 z__;ITRD`1OIBkG!9ps%(bUt*{5vMnYh_l3kHMsKdmr2R_ugj_0W#B%kwxYX!Hmmk5O!hA$aymZrL68sxH;7VA0-S;c^hMr9+6S{CK zj~^fLY}zllyR_)9p|?x>g{@_-W*wO+Fo%)lhMmT3Uv%4z&#V_?r#6)~ToNJlAlTA) z34+N)kqssaJ#{78am>_~6Cp4|E~Ce5%4)3oZS3k7Llbdh)e>L0>rVEFCEb*$*qLsn zKceNA0~3Q)#Dja0jV*F>99oSXb{lb329};!d4|XUMM+y}}|D*l(K@wOR|O)Igt3&|5_cJ2M$5IualK6xEf5Pk-DRKdZAt zegP^s^B86*fp?991#4#@K@|xbsgp|R?3~sD63h__ia{(OFt#jaMtew^8d`&-!ToiUGgf?zw7pUSglUV*Zdc~6b zXGb|2V%7@w(h2#VoGsEx9j)+DYAV{uSRSw9oSe(5OV?rJxfeSM-#eV0d6U=gIXTMw z4O=k(F(ycf{K%yf9Sm9KFiGleQxwQ-;p^>^3A}kE_oT~0Fx~$Z?P96*H3~a_-*{3a z1;Z)2)}*V;@opjmUfj^hTdtx?IRjP>@wpSLTEV(4;1y2B9VnulI989ybySc&tXfe_WcByt7s4Fk!s_}u6p!3ubp5|C&Fn}jpa0eZ* zS@K)uAJ@dJ_OUjHcpgbCmiLN*1}vP%Um>2G3vWCVUI4lbD#P@`hrBUj z;vFL1ff?cd;AI_o{~+x@p0HO@oL(c1*T1I|fn;vrL^Z`1%E;`I2KwJ}I}VLjp0%Z@uKzPyJ*h!bzY=sE&yN!i|&a=Q$` z>!`{|4BDC`q|`!C+NHQjCYL8xk;FfD(jK|+cB)iujBqR zSHfe$MjB%i^QZ+>v9%3}OEHbb*@?g83Fg1&ErSHdzfYy8U0mY~G>O3;y8J27VuX-0 zMNN?jr#XKfM1TZ@SVd=JoA&iLw-iN3)@;^)xV`!DFxHdd1ZDT1Ij?<-uTWs?ARhz| zhfU_|cZicBXjlDUzE-xo_>!9!Nq(?Dz5?=!j^A^jVRLI7*|Q$ETTk_>2Erm?lwI@(q)!SEv8BkhaTCNV0R> zcn6pMbmHr7$r?llqw;tT^7}P?&ux;I@&6Q^}Rl$lCUsbJ|fmj zGs@tH)>Lfy(D3uuJ+9W~=kmRn9LYqlPjRasdu_T%*p^MN`LW(~{T~@TqaN3#uI__N z=#rP>6a9Kg`hLFCMt5*pZVpwq8F>EgU=u2 zx8Z}k{rF9Eq<74zIMdI>@}=cYm5yo`Um+dDhE}7t^?v-qXY?#2D6Ot2`$mji-qi#3 z_R$`)9ZOi#GIlR+V;QwoT^S=1a$nI*D0B|xC>t@z62`5kCU(%x4_JS*_>^}YERz84EX6E7EqMQyH5d1|woGcuSBNZkXqn~> zpvXt-HctD(9RH%FXnpkVds#qt`bq1NXr9OMZeoEw&DhnDX^VKrii9jQ5tUsPUqxk* zyz<_|DgzH?;kP7k>rTe5esNV(!N&>giAh`yH3;4i`0u(?1Ca-uILDd#NV+6Dk?Izr z?E|RleiX#0bs5OS-~BwOhX6i2mg9_oOF+f~7E}=vulI<_@@IMPGjt$uoUzA6#ha2N z-y#5%NZXJ(@jhXQ#aFSKY63ez=U9`LG#u6NEXZ)5pvNRJUE9rh@Z?s@%lXA_Ah#S5k~ynPDzx)vaBq>*GCyxSljGc zW1*r0X$Kclgct)2k%Qw8VSC%+lf8*4)viXG_Zf2UoM@AC5>dwotxHRCz;gIon>s)Zh z#RGpCb_~^ETfp2Jc5EXK^EnRKt=J3&TEU+Xm5s;lKZ}yL#|~*sFH`?vaFs9qYmB_z zcD+>{j;s{5os@Hu>5;FSo-(3~@Lc6arK%I&^^F{&=c~?$azjd`z{i68rf(YfT>%B^ zzt?H+U=M|Ph~GR6y_B1mtzus|p56Z)BvZj6UH!74RV(4v&XkG^nqBrf)DeG7(sH}_ zu++uFz05*Ml)2$kHf)qInSk&Si-iMP-CP_-OMp#AX1t60ANFzgTJpPF_Bg^C+S-#& z4+e*uR`SRkI;jID4pVZockJ0eo~Q64EzrrvF0Av2gx{zVM)6OC5)AN;Ym>S})Oq&L z<>Q6%(=gIISS)p;u>zemYy^J}ncB^-rmF?4SbY0YlA^`B&ROnJQs2CEQ50}XOo$qU z2{!(qV@<(2TzZ%+tItX_jB~J;Oe?9?PCn9R8l@PZ-0&oNRSWHLAc5JyUgu}GBvO{G z=6ms=9kJh=WUSp2y3UCX&NmJ0l7S6zG&vTk%*P_!9y4%4V6(?~A7cNF6YOqE z-ps0_q?n5mrY81OmeJ9F?2=4WeE}S+acN}|s1A^$WbqjuCv1uZJ=(Fp5Nug3Bvd9l z+1*1phtu39UGTXUgAub)%Wbgk^Ax(w`lq>$fL%-&Sq`yYBK;Rh?_{n~6QizZ_mauJ zq)cu80!10rrZkTsM|*Z5b(Lphc`%x;A@BxB?f?J?@pizqcKWeS{0Z^!#w~NiZ;N;}0jPY~mhS@i3UCu{buvy*kr!div@5{)-&qY-a=PUY0e;&ww zs?D>VKJU-6k9=h4c~5J$ZLxqwW(S-f>Zhuw-3~&HOgbKjJuS>eDlYv?&>5$`6_z1YJJz4MA5g#>FB#b@c&t0YY(}}` supports backup and restoration of NATS streams. This guide will show you how you can backup & restore a NATS server with token authentication using Stash. + +## Before You Begin + +- At first, you need to have a Kubernetes cluster, and the `kubectl` command-line tool must be configured to communicate with your cluster. +- Install Stash in your cluster following the steps [here](/docs/setup/install/stash/index.md). +- If you are not familiar with how Stash backup and restore NATS streams, please check the following guide [here](/docs/addons/nats/overview/index.md). + +You have to be familiar with following custom resources: + +- [AppBinding](/docs/concepts/crds/appbinding/index.md) +- [Function](/docs/concepts/crds/function/index.md) +- [Task](/docs/concepts/crds/task/index.md) +- [BackupConfiguration](/docs/concepts/crds/backupconfiguration/index.md) +- [BackupSession](/docs/concepts/crds/backupsession/index.md) +- [RestoreSession](/docs/concepts/crds/restoresession/index.md) + +To keep things isolated, we are going to use a separate namespace called `demo` throughout this tutorial. Create `demo` namespace if you haven't created already. + +```bash +$ kubectl create ns demo +namespace/demo created +``` + +> Note: YAML files used in this tutorial are stored [here](https://github.com/kubestash/docs/tree/{{< param "info.version" >}}/docs/addons/nats/authentications/token-auth/examples). + +## Prepare NATS + +In this section, we are going to deploy a NATS cluster with token authentication enabled. Then, we are going to create a stream and publish some messages into it. + +### Deploy NATS Cluster + +At first, let's deploy a NATS cluster. Here, we are going to use [NATS](https://github.com/nats-io/k8s/tree/main/helm/charts/nats ) chart from [nats.io](https://nats.io/). + +Let's deploy a NATS cluster named `sample-nats` using Helm as below, + +```bash +# Add nats chart registry +$ helm repo add nats https://nats-io.github.io/k8s/helm/charts/ +# Update helm registries +$ helm repo update +# Install nats/nats chart into demo namespace +$ helm install sample-nats nats/nats -n demo \ +--set nats.jetstream.enabled=true \ +--set nats.jetstream.fileStorage.enabled=true \ +--set cluster.enabled=true \ +--set cluster.replicas=3 \ +--set auth.enabled=true \ +--set auth.token="secret" +``` + +This chart will create the necessary StatefulSet, Service, PVCs etc. for the NATS cluster. You can easily view all the resources created by chart using [ketall](https://github.com/corneliusweig/ketall) `kubectl` plugin as below, + +```bash +❯ kubectl get-all -n demo -l app.kubernetes.io/instance=sample-nats +NAME NAMESPACE AGE +configmap/sample-nats-config demo 11m +endpoints/sample-nats demo 11m +persistentvolumeclaim/sample-nats-js-pvc-sample-nats-0 demo 11m +persistentvolumeclaim/sample-nats-js-pvc-sample-nats-1 demo 10m +persistentvolumeclaim/sample-nats-js-pvc-sample-nats-2 demo 10m +pod/sample-nats-0 demo 11m +pod/sample-nats-1 demo 10m +pod/sample-nats-2 demo 10m +service/sample-nats demo 11m +controllerrevision.apps/sample-nats-775468b94f demo 11m +statefulset.apps/sample-nats demo 11m +endpointslice.discovery.k8s.io/sample-nats-7n7v6 demo 11m +``` + +Now, wait for the NATS server pods `sample-nats-0`, `sample-nats-1`, `sample-nats-2` to go into `Running` state, + +```bash +❯ kubectl get pod -n demo -l app.kubernetes.io/instance=sample-nats +NAME READY STATUS RESTARTS AGE +sample-nats-0 3/3 Running 0 9m58s +sample-nats-1 3/3 Running 0 9m35s +sample-nats-2 3/3 Running 0 9m12s +``` + +Once the pods are in `Running` state, verify that the NATS server is ready to accept the connections. + +```bash +❯ kubectl logs -n demo sample-nats-0 -c nats +[7] 2021/09/06 08:33:53.111508 [INF] Starting nats-server +[7] 2021/09/06 08:33:53.111560 [INF] Version: 2.6.1 +... +[7] 2021/09/06 08:33:53.116004 [INF] Server is ready +``` + +From the above log, we can see the NATS server is ready to accept connections. + +### Insert Sample Data +The above Helm chart also deploy a pod with nats-box image which can be used to interact with the NATS server. Let's verify the nats-box pod has been created. + +```bash +❯ kubectl get pod -n demo -l app=sample-nats-box +NAME READY STATUS RESTARTS AGE +sample-nats-box-785f8458d7-wtnfx 1/1 Running 0 7m20s +``` + +Let's exec into the nats-box pod, + +```bash +❯ kubectl exec -n demo -it sample-nats-box-785f8458d7-wtnfx -- sh -l +... +# Let's export the token as environment variables to make further commands re-usable. +sample-nats-box-785f8458d7-wtnfx:~# export NATS_USER=secret + +# Let's create a stream named "ORDERS" +sample-nats-box-785f8458d7-wtnfx:~# nats stream add ORDERS --subjects "ORDERS.*" --ack --max-msgs=-1 --max-bytes=-1 --max-age=1y --storage file --retention limits --max-msg-size=-1 --max-msgs-per-subject=-1 --discard old --dupe-window="0s" --replicas 1 +Stream ORDERS was created + +Information for Stream ORDERS created 2021-09-03T07:12:07Z + +Configuration: + + Subjects: ORDERS.* + Acknowledgements: truee + Retention: File - Limits + Replicas: 1 + Discard Policy: Old + Duplicate Window: 2m0s + Maximum Messages: unlimited + Maximum Bytes: unlimited + Maximum Age: 1y0d0h0m0s + Maximum Message Size: unlimited + Maximum Consumers: unlimited + + +Cluster Information: + + Name: nats + Leader: nats-0 + +State: + + Messages: 0 + Bytes: 0 B + FirstSeq: 0 + LastSeq: 0 + Active Consumers: 0 + + +# Verify that the stream has been created successfully +sample-nats-box-785f8458d7-wtnfx:~# nats stream ls +Streams: + + ORDERS + +# Lets add some messages to the stream "ORDERS" +sample-nats-box-785f8458d7-wtnfx:~# nats pub ORDERS.scratch hello +08:55:39 Published 5 bytes to "ORDERS.scratch" + +# Add another message +sample-nats-box-785f8458d7-wtnfx:~# nats pub ORDERS.scratch world +08:56:11 Published 5 bytes to "ORDERS.scratch" + +# Verify that the messages have been published to the stream successfully +sample-nats-box-785f8458d7-wtnfx:~# nats stream info ORDERS +Information for Stream ORDERS created 2021-09-03T07:12:07Z + +Configuration: + + Subjects: ORDERS.* + Acknowledgements: true + Retention: File - Limits + Replicas: 1 + Discard Policy: Old + Duplicate Window: 2m0s + Maximum Messages: unlimited + Maximum Bytes: unlimited + Maximum Age: 1y0d0h0m0s + Maximum Message Size: unlimited + Maximum Consumers: unlimited + + +Cluster Information: + + Name: nats + Leader: nats-0 + +State: + + Messages: 2 + Bytes: 98 B + FirstSeq: 1 @ 2021-09-03T08:55:39 UTC + LastSeq: 2 @ 2021-09-03T08:56:11 UTC + Active Consumers: 0 + +sample-nats-box-785f8458d7-wtnfx:~# exit +``` + +We have successfully deployed a NATS cluster, created a stream and publish some messages into the stream. In the subsequent sections, we are going to backup this sample data using Stash. + +## Prepare for Backup + +In this section, we are going to prepare the necessary resources (i.e. connection information, backend information, etc.) before backup. + +### Ensure NATS Addon + +When you install Stash, it will automatically install all the official addons. Make sure that NATS addon has been installed properly using the following command. + +```bash +❯ kubectl get tasks.stash.appscode.com | grep nats +nats-backup-2.6.1 24m +nats-restore-2.6.1 24m +``` + +This addon should be able to take backup of the NATS streams with matching major versions as discussed in [Addon Version Compatibility](/docs/addons/nats/README.md#addon-version-compatibility). + +### Create Secret + + Lets create a secret with token auth credentials. Below is the YAML of `Secret` object we are going to create. + +```yaml +apiVersion: v1 +kind: Secret +metadata: + labels: + app.kubernetes.io/instance: sample-nats + name: sample-nats-auth + namespace: demo +data: + token: c2VjcmV0 +``` + +Let's create the `Secret` we have shown above, +```bash +$ kubectl apply -f https://github.com/kubestash/docs/tree/{{< param "info.version" >}}/docs/addons/nats/authentications/token-auth/examples/secret.yaml +secret/sample-nats-auth created +``` + + +### Create AppBinding + +Stash needs to know how to connect with the NATS server. An `AppBinding` exactly provides this information. It holds the Service and Secret information of the NATS server. You have to point to the respective `AppBinding` as a target of backup instead of the NATS server itself. + +Here, is the YAML of the `AppBinding` that we are going to create for the NATS server we have deployed earlier. + +```yaml +apiVersion: appcatalog.appscode.com/v1alpha1 +kind: AppBinding +metadata: + labels: + app.kubernetes.io/instance: sample-nats + name: sample-nats + namespace: demo +spec: + clientConfig: + service: + name: sample-nats + port: 4222 + scheme: nats + secret: + name: sample-nats-auth + type: nats.io/nats + version: 2.6.1 +``` + +Here, + +- `.spec.clientConfig.service` specifies the Service information to use to connects with the NATS server. +- `.spec.secret` specifies the name of the Secret that holds necessary credentials to access the server. +- `.spec.type` specifies the type of the target. This is particularly helpful in auto-backup where you want to use different path prefixes for different types of target. + +Let's create the `AppBinding` we have shown above, + +```bash +$ kubectl apply -f https://github.com/kubestash/docs/tree/{{< param "info.version" >}}/docs/addons/nats/authentications/token-auth/examples/appbinding.yaml +appbinding.appcatalog.appscode.com/sample-nats created +``` + +### Prepare Backend + +We are going to store our backed up data into a GCS bucket. So, we need to create a Secret with GCS credentials and a `Repository` object with the bucket information. If you want to use a different backend, please read the respective backend configuration doc from [here](/docs/guides/backends/overview/index.md). + +**Create Storage Secret:** + +At first, let's create a secret called `gcs-secret` with access credentials to our desired GCS bucket, + +```bash +$ echo -n 'changeit' > RESTIC_PASSWORD +$ echo -n '' > GOOGLE_PROJECT_ID +$ cat downloaded-sa-json.key > GOOGLE_SERVICE_ACCOUNT_JSON_KEY +$ kubectl create secret generic -n demo gcs-secret \ + --from-file=./RESTIC_PASSWORD \ + --from-file=./GOOGLE_PROJECT_ID \ + --from-file=./GOOGLE_SERVICE_ACCOUNT_JSON_KEY +secret/gcs-secret created +``` + +**Create Repository:** + +Now, create a `Repository` object with the information of your desired bucket. Below is the YAML of `Repository` object we are going to create, + +```yaml +apiVersion: stash.appscode.com/v1alpha1 +kind: Repository +metadata: + name: gcs-repo + namespace: demo +spec: + backend: + gcs: + bucket: stash-testing + prefix: /demo/nats/sample-nats + storageSecretName: gcs-secret +``` + +Let's create the `Repository` we have shown above, + +```bash +$ kubectl create -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/nats/authentications/token-auth/examples/repository.yaml +repository.stash.appscode.com/gcs-repo created +``` + +Now, we are ready to backup our streams into our desired backend. + +### Backup + +To schedule a backup, we have to create a `BackupConfiguration` object targeting the respective `AppBinding` of our NATS server. Then, Stash will create a CronJob to periodically backup the streams. + +#### Create BackupConfiguration + +Below is the YAML for `BackupConfiguration` object that we are going to use to backup the streams of the NATS server we have created earlier, + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: sample-nats-backup + namespace: demo +spec: + task: + name: nats-backup-2.6.1 + schedule: "*/5 * * * *" + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-nats + interimVolumeTemplate: + metadata: + name: sample-nats-backup-tmp-storage + spec: + accessModes: [ "ReadWriteOnce" ] + storageClassName: "standard" + resources: + requests: + storage: 1Gi + retentionPolicy: + name: keep-last-5 + keepLast: 5 + prune: true +``` + +Here, + +- `.spec.schedule` specifies that we want to backup the streams at 5 minutes intervals. +- `.spec.task.name` specifies the name of the Task object that specifies the necessary Functions and their execution order to backup NATS streams. +- `.spec.repository.name` specifies the Repository CR name we have created earlier with backend information. +- `.spec.target.ref` refers to the AppBinding object that holds the connection information of our targeted NATS server. +- `spec.interimVolumeTemplate` specifies a PVC template that will be used by Stash to hold the dumped data temporarily before uploading it into the cloud bucket. +- `.spec.retentionPolicy` specifies a policy indicating how we want to cleanup the old backups. + +Let's create the `BackupConfiguration` object we have shown above, + +```bash +$ kubectl create -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/nats/authentications/token-auth/examples/backupconfiguration.yaml +backupconfiguration.stash.appscode.com/sample-nats-backup created +``` + +#### Verify Backup Setup Successful + +If everything goes well, the phase of the `BackupConfiguration` should be `Ready`. The `Ready` phase indicates that the backup setup is successful. Let's verify the `Phase` of the BackupConfiguration, + +```bash +$ kubectl get backupconfiguration -n demo +NAME TASK SCHEDULE PAUSED PHASE AGE +sample-nats-backup nats-backup-2.6.1 */5 * * * * Ready 11s +``` + +#### Verify CronJob + +Stash will create a CronJob with the schedule specified in `spec.schedule` field of `BackupConfiguration` object. + +Verify that the CronJob has been created using the following command, + +```bash +❯ kubectl get cronjob -n demo +NAME SCHEDULE SUSPEND ACTIVE LAST SCHEDULE AGE +stash-backup-sample-nats-backup */5 * * * * False 0 14s +``` + +#### Wait for BackupSession + +The `sample-nats-backup` CronJob will trigger a backup on each scheduled slot by creating a `BackupSession` object. + +Now, wait for a schedule to appear. Run the following command to watch for `BackupSession` object, + +```bash +❯ kubectl get backupsession -n demo -w +NAME INVOKER-TYPE INVOKER-NAME PHASE DURATION AGE +sample-nats-backup-8x8fp BackupConfiguration sample-nats-backup Succeeded 42s 8m28s +``` + +Here, the phase `Succeeded` means that the backup process has been completed successfully. + +#### Verify Backup + +Now, we are going to verify whether the backed up data is present in the backend or not. Once a backup is completed, Stash will update the respective `Repository` object to reflect the backup completion. Check that the repository `gcs-repo` has been updated by the following command, + +```bash +❯ kubectl get repository -n demo +NAME INTEGRITY SIZE SNAPSHOT-COUNT LAST-SUCCESSFUL-BACKUP AGE +gcs-repo true 1.382 KiB 1 9m4s 24m +``` + +Now, if we navigate to the GCS bucket, we will see the backed up data has been stored in `demo/nats/sample-nats` directory as specified by `.spec.backend.gcs.prefix` field of the `Repository` object. + +

    + Backup data in GCS Bucket +
    Fig: Backup data in GCS Bucket
    +
    + + + + +> Note: Stash keeps all the backed up data encrypted. So, data in the backend will not make any sense until they are decrypted. + +## Restore + +If you have followed the previous sections properly, you should have a successful backup of your nats streams. Now, we are going to show how you can restore the streams from the backed up data. + +### Restore Into the Same NATS Cluster + +You can restore your data into the same NATS cluster you have backed up from or into a different NATS cluster in the same cluster or a different cluster. In this section, we are going to show you how to restore in the same NATS cluster which may be necessary when you have accidentally lost any data. + +#### Temporarily Pause Backup + +At first, let's stop taking any further backup of the NATS streams so that no backup runs after we delete the sample data. We are going to pause the `BackupConfiguration` object. Stash will stop taking any further backup when the `BackupConfiguration` is paused. + +Let's pause the `sample-nats-backup` BackupConfiguration, + +```bash +$ kubectl patch backupconfiguration -n demo sample-nats-backup --type="merge" --patch='{"spec": {"paused": true}}' +backupconfiguration.stash.appscode.com/sample-nats-backup patched +``` + +Verify that the `BackupConfiguration` has been paused, + +```bash +❯ kubectl get backupconfiguration -n demo sample-nats-backup +NAME TASK SCHEDULE PAUSED PHASE AGE +sample-nats-backup nats-backup-2.6.1 */5 * * * * true Ready 2d18h +``` + +Notice the `PAUSED` column. Value `true` for this field means that the `BackupConfiguration` has been paused. + +Stash will also suspend the respective CronJob. + +```bash +❯ kubectl get cronjob -n demo +NAME SCHEDULE SUSPEND ACTIVE LAST SCHEDULE AGE +stash-backup-sample-nats-backup */5 * * * * True 0 56s 2d18h +``` + +#### Simulate Disaster + +Now, let's simulate a disaster scenario. Here, we are going to exec into the nats-box pod and delete the sample data we have inserted earlier. + +```bash +❯ kubectl exec -n demo -it sample-nats-box-785f8458d7-wtnfx -- sh -l +... +# Let's export the token as environment variables to make further commands re-usable. +sample-nats-box-785f8458d7-wtnfx:~# export NATS_USER=secret + +# delete the stream "ORDERS" +sample-nats-box-785f8458d7-wtnfx:~# nats stream rm ORDERS -f + +# verify that the stream has been deleted +sample-nats-box-785f8458d7-wtnfx:~# nats stream ls +No Streams defined +sample-nats-box-785f8458d7-wtnfx:~# exit +``` + +#### Create RestoreSession + +To restore the streams, you have to create a `RestoreSession` object pointing to the `AppBinding` of the targeted NATS server. + +Here, is the YAML of the `RestoreSession` object that we are going to use for restoring the streams of the NATS server. + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: RestoreSession +metadata: + name: sample-nats-restore + namespace: demo +spec: + task: + name: nats-restore-2.6.1 + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-nats + interimVolumeTemplate: + metadata: + name: nats-restore-tmp-storage + spec: + accessModes: [ "ReadWriteOnce" ] + storageClassName: "standard" + resources: + requests: + storage: 1Gi + rules: + - snapshots: [latest] +``` + +Here, + +- `.spec.task.name` specifies the name of the Task object that specifies the necessary Functions and their execution order to restore NATS streams. +- `.spec.repository.name` specifies the Repository object that holds the backend information where our backed up data has been stored. +- `.spec.target.ref` refers to the AppBinding object that holds the connection information of our targeted NATS server. +- `.spec.interimVolumeTemplate` specifies a PVC template that will be used by Stash to hold the restored data temporarily before injecting into the NATS server. +- `.spec.rules` specifies that we are restoring data from the latest backup snapshot of the streams. + +Let's create the `RestoreSession` object object we have shown above, + +```bash +$ kubectl apply -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/nats/authentications/token-auth/examples/restoresession.yaml +restoresession.stash.appscode.com/sample-nats-restore created +``` + +Once, you have created the `RestoreSession` object, Stash will create a restore Job. Run the following command to watch the phase of the `RestoreSession` object, + +```bash +❯ kubectl get restoresession -n demo -w +NAME REPOSITORY PHASE DURATION AGE +sample-nats-restore gcs-repo Succeeded 15s 55s +``` + +The `Succeeded` phase means that the restore process has been completed successfully. + +#### Verify Restored Data + +Now, let's exec into the nats-box pod and verify whether data actual data has been restored or not, + +```bash +❯ kubectl exec -n demo -it sample-nats-box-785f8458d7-wtnfx -- sh -l +... +# Let's export the token as environment variables to make further commands re-usable. +sample-nats-box-785f8458d7-wtnfx:~# export NATS_USER=secret + +# Verify that the stream has been restored successfully +sample-nats-box-785f8458d7-wtnfx:~# nats stream ls +Streams: + + ORDERS + +# Verify that the messages have been restored successfully +sample-nats-box-785f8458d7-wtnfx:~# nats stream info ORDERS +Information for Stream ORDERS created 2021-09-03T07:12:07Z + +Configuration: + + Subjects: ORDERS.* + Acknowledgements: true + Retention: File - Limits + Replicas: 1 + Discard Policy: Old + Duplicate Window: 2m0s + Maximum Messages: unlimited + Maximum Bytes: unlimited + Maximum Age: 1y0d0h0m0s + Maximum Message Size: unlimited + Maximum Consumers: unlimited + + +Cluster Information: + + Name: nats + Leader: nats-0 + +State: + + Messages: 2 + Bytes: 98 B + FirstSeq: 1 @ 2021-09-03T08:55:39 UTC + LastSeq: 2 @ 2021-09-03T08:56:11 UTC + Active Consumers: 0 + +sample-nats-box-785f8458d7-wtnfx:~# exit +``` + +Hence, we can see from the above output that the deleted data has been restored successfully from the backup. + +#### Resume Backup + +Since our data has been restored successfully we can now resume our usual backup process. Resume the `BackupConfiguration` using following command, + +```bash +❯ kubectl patch backupconfiguration -n demo sample-nats-backup --type="merge" --patch='{"spec": {"paused": false}}' +backupconfiguration.stash.appscode.com/sample-nats-backup patched +``` + +Verify that the `BackupConfiguration` has been resumed, +```bash +❯ kubectl get backupconfiguration -n demo sample-nats-backup +NAME TASK SCHEDULE PAUSED PHASE AGE +sample-nats-backup nats-backup-2.6.1 */5 * * * * false Ready 2d19h +``` + +Here, `false` in the `PAUSED` column means the backup has been resumed successfully. The CronJob also should be resumed now. + +```bash +❯ kubectl get cronjob -n demo +NAME SCHEDULE SUSPEND ACTIVE LAST SCHEDULE AGE +stash-backup-sample-nats-backup */5 * * * * False 0 3m24s 4h54m +``` + +Here, `False` in the `SUSPEND` column means the CronJob is no longer suspended and will trigger in the next schedule. + +## Cleanup + +To cleanup the Kubernetes resources created by this tutorial, run: + +```bash +kubectl delete -n demo backupconfiguration sample-nats-backup +kubectl delete -n demo restoresession sample-nats-restore +kubectl delete -n demo repository gcs-repo +# delete the nats chart +helm delete sample-nats -n demo +``` diff --git a/docs/addons/nats/customization/examples/backup/multi-retention-policy.yaml b/docs/addons/nats/customization/examples/backup/multi-retention-policy.yaml new file mode 100644 index 0000000..0e8dc27 --- /dev/null +++ b/docs/addons/nats/customization/examples/backup/multi-retention-policy.yaml @@ -0,0 +1,24 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: sample-nats-backup + namespace: demo +spec: + schedule: "*/5 * * * *" + task: + name: nats-backup-2.6.1 + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-nat + retentionPolicy: + name: sample-nats-retention + keepLast: 5 + keepDaily: 10 + keepWeekly: 20 + keepMonthly: 50 + keepYearly: 100 + prune: true diff --git a/docs/addons/nats/customization/examples/backup/passing-args.yaml b/docs/addons/nats/customization/examples/backup/passing-args.yaml new file mode 100644 index 0000000..549b462 --- /dev/null +++ b/docs/addons/nats/customization/examples/backup/passing-args.yaml @@ -0,0 +1,23 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: sample-nats-backup + namespace: demo +spec: + schedule: "*/5 * * * *" + task: + name: nats-backup-2.6.1 + params: + - name: args + value: --check + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-nats + retentionPolicy: + name: keep-last-5 + keepLast: 5 + prune: true diff --git a/docs/addons/nats/customization/examples/backup/passing-streams.yaml b/docs/addons/nats/customization/examples/backup/passing-streams.yaml new file mode 100644 index 0000000..9057e8a --- /dev/null +++ b/docs/addons/nats/customization/examples/backup/passing-streams.yaml @@ -0,0 +1,23 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: sample-nats-backup + namespace: demo +spec: + schedule: "*/5 * * * *" + task: + name: nats-backup-2.6.1 + params: + - name: streams + value: "str1,str2" + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-nats + retentionPolicy: + name: keep-last-5 + keepLast: 5 + prune: true diff --git a/docs/addons/nats/customization/examples/backup/resource-limit.yaml b/docs/addons/nats/customization/examples/backup/resource-limit.yaml new file mode 100644 index 0000000..a9f4fc5 --- /dev/null +++ b/docs/addons/nats/customization/examples/backup/resource-limit.yaml @@ -0,0 +1,29 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: sample-nats-backup + namespace: demo +spec: + schedule: "*/5 * * * *" + task: + name: nats-backup-2.6.1 + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-nats + runtimeSettings: + container: + resources: + requests: + cpu: "200m" + memory: "1Gi" + limits: + cpu: "200m" + memory: "1Gi" + retentionPolicy: + name: keep-last-5 + keepLast: 5 + prune: true diff --git a/docs/addons/nats/customization/examples/backup/specific-user.yaml b/docs/addons/nats/customization/examples/backup/specific-user.yaml new file mode 100644 index 0000000..4e4774b --- /dev/null +++ b/docs/addons/nats/customization/examples/backup/specific-user.yaml @@ -0,0 +1,25 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: sample-nats-backup + namespace: demo +spec: + schedule: "*/5 * * * *" + task: + name: nats-backup-2.6.1 + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-nats + runtimeSettings: + pod: + securityContext: + runAsUser: 0 + runAsGroup: 0 + retentionPolicy: + name: keep-last-5 + keepLast: 5 + prune: true diff --git a/docs/addons/nats/customization/examples/restore/passing-args.yaml b/docs/addons/nats/customization/examples/restore/passing-args.yaml new file mode 100644 index 0000000..c637f1b --- /dev/null +++ b/docs/addons/nats/customization/examples/restore/passing-args.yaml @@ -0,0 +1,20 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: RestoreSession +metadata: + name: sample-nats-restore + namespace: demo +spec: + task: + name: nats-restore-2.6.1 + params: + - name: args + value: --no-progress + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-nats + rules: + - snapshots: [latest] diff --git a/docs/addons/nats/customization/examples/restore/passing-streams.yaml b/docs/addons/nats/customization/examples/restore/passing-streams.yaml new file mode 100644 index 0000000..3bb16bb --- /dev/null +++ b/docs/addons/nats/customization/examples/restore/passing-streams.yaml @@ -0,0 +1,20 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: RestoreSession +metadata: + name: sample-nats-restore + namespace: demo +spec: + task: + name: nats-restore-2.6.1 + params: + - name: streams + value: "str1,str2" + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-nats + rules: + - snapshots: [latest] diff --git a/docs/addons/nats/customization/examples/restore/resource-limit.yaml b/docs/addons/nats/customization/examples/restore/resource-limit.yaml new file mode 100644 index 0000000..86a71af --- /dev/null +++ b/docs/addons/nats/customization/examples/restore/resource-limit.yaml @@ -0,0 +1,26 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: RestoreSession +metadata: + name: sample-nats-restore + namespace: demo +spec: + task: + name: nats-backup-2.6.1 + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-nats + runtimeSettings: + container: + resources: + requests: + cpu: "200m" + memory: "1Gi" + limits: + cpu: "200m" + memory: "1Gi" + rules: + - snapshots: [latest] diff --git a/docs/addons/nats/customization/examples/restore/specific-snapshot.yaml b/docs/addons/nats/customization/examples/restore/specific-snapshot.yaml new file mode 100644 index 0000000..32ed0fa --- /dev/null +++ b/docs/addons/nats/customization/examples/restore/specific-snapshot.yaml @@ -0,0 +1,17 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: RestoreSession +metadata: + name: sample-nats-restore + namespace: demo +spec: + task: + name: nats-backup-2.6.1 + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-nats + rules: + - snapshots: [4bc21d6f] diff --git a/docs/addons/nats/customization/examples/restore/specific-user.yaml b/docs/addons/nats/customization/examples/restore/specific-user.yaml new file mode 100644 index 0000000..7ffa618 --- /dev/null +++ b/docs/addons/nats/customization/examples/restore/specific-user.yaml @@ -0,0 +1,22 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: RestoreSession +metadata: + name: sample-nats-restore + namespace: demo +spec: + task: + name: nats-backup-2.6.1 + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-nats + runtimeSettings: + pod: + securityContext: + runAsUser: 0 + runAsGroup: 0 + rules: + - snapshots: [latest] diff --git a/docs/addons/nats/customization/index.md b/docs/addons/nats/customization/index.md new file mode 100644 index 0000000..2c5469a --- /dev/null +++ b/docs/addons/nats/customization/index.md @@ -0,0 +1,380 @@ +--- +title: NATS Backup Customization +description: Customizing NATS Backup and Restore process with Stash +menu: + docs_{{ .version }}: + identifier: stash-nats-customization + name: Customizing Backup & Restore Process + parent: stash-nats + weight: 50 +product_name: kubestash +menu_name: docs_{{ .version }} +section_menu_id: stash-addons +--- + +# Customizing Backup and Restore Process + +Stash provides rich customization supports for the backup and restore process to meet the requirements of various cluster configurations. This guide will show you some examples of these customizations. + +> Note: YAML files used in this tutorial are stored [here](https://github.com/kubestash/docs/tree/{{< param "info.version" >}}/docs/addons/nats/customization/examples). + +## Customizing Backup Process + +In this section, we are going to show you how to customize the backup process. Here, we are going to show some examples of providing arguments to the backup process, running the backup process as a specific user, taking backup of specific streams, etc. + +### Passing arguments to the backup process +Stash NATS addon uses NATS CLI for backup. You can pass arguments to the backup command of the NATS CLI through `args` param under `task.params` section. + +The below example shows how you can pass the `--check` to check a stream for health prior to backup. + + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: sample-nats-backup + namespace: demo +spec: + schedule: "*/5 * * * *" + task: + name: nats-backup-2.6.1 + params: + - name: args + value: --check + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-nats + retentionPolicy: + name: keep-last-5 + keepLast: 5 + prune: true +``` + +### Backup specific streams + +Stash takes backup of all the streams by default. If you want to take backup of specific streams, you can pass a list of streams through `streams` param under `task.params` section. + +The below example shows how you can pass the `"str1,str2"` to take backup of the streams `str1` and ` str2`. + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: sample-nats-backup + namespace: demo +spec: + schedule: "*/5 * * * *" + task: + name: nats-backup-2.6.1 + params: + - name: streams + value: "str1,str2" + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-nats + retentionPolicy: + name: keep-last-5 + keepLast: 5 + prune: true +``` + +### Running backup job as a specific user + +If your cluster requires running the backup job as a specific user, you can provide `securityContext` under `runtimeSettings.pod` section. The below example shows how you can run the backup job as the root user. + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: sample-nats-backup + namespace: demo +spec: + schedule: "*/5 * * * *" + task: + name: nats-backup-2.6.1 + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-nats + runtimeSettings: + pod: + securityContext: + runAsUser: 0 + runAsGroup: 0 + retentionPolicy: + name: keep-last-5 + keepLast: 5 + prune: true +``` + +### Specifying Memory/CPU limit/request for the backup job + +If you want to specify the Memory/CPU limit/request for your backup job, you can specify `resources` field under `runtimeSettings.container` section. + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: sample-nats-backup + namespace: demo +spec: + schedule: "*/5 * * * *" + task: + name: nats-backup-2.6.1 + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-nats + runtimeSettings: + container: + resources: + requests: + cpu: "200m" + memory: "1Gi" + limits: + cpu: "200m" + memory: "1Gi" + retentionPolicy: + name: keep-last-5 + keepLast: 5 + prune: true +``` + +### Using multiple retention policies + +You can also specify multiple retention policies for your backed up data. For example, you may want to keep few daily snapshots, few weekly snapshots, and few monthly snapshots, etc. You just need to pass the desired number with the respective key under the `retentionPolicy` section. + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: sample-nats-backup + namespace: demo +spec: + schedule: "*/5 * * * *" + task: + name: nats-backup-2.6.1 + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-nat + retentionPolicy: + name: sample-nats-retention + keepLast: 5 + keepDaily: 10 + keepWeekly: 20 + keepMonthly: 50 + keepYearly: 100 + prune: true +``` + +To know more about the available options for retention policies, please visit [here](/docs/concepts/crds/backupconfiguration/index.md#specretentionpolicy). + +## Customizing Restore Process + +In this section, we are going to show how you can overwrite existing streams, restore a specific snapshot, run restore job as a specific user, etc. + +### Passing arguments to the restore process +Stash NATS addon uses NATS CLI for restore. You can pass arguments to the restore command of NATS CLI through `args` param under `task.params` section. + +The below example shows how you can pass the `--no-progress` to disable the progress using the terminal bar. It will then issue log lines instead. + + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: RestoreSession +metadata: + name: sample-nats-restore + namespace: demo +spec: + task: + name:nats-backup-2.6.1 + params: + - name: args + value: --no-progress + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-nats + rules: + - snapshots: [latest] +``` + +### Restore specific streams + +Stash restores all the streams by default. If you want to restore specific streams, you can pass a list of streams through `streams` param under `task.params` section. + +The below example shows how you can pass the `"str1,str2"` to restore the streams `str1` and ` str2`. + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: RestoreSession +metadata: + name: sample-nats-restore + namespace: demo +spec: + task: + name: nats-restore-2.6.1 + params: + - name: streams + value: "str1,str2" + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-nats + rules: + - snapshots: [latest] +``` + +### Overwrite existing streams + +Stash doesn't overwrite any existing stream by default during the restore process. If you want to overwrite the existing streams, you can pass `true` to the `overwrite` params under `task.params` section. + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: RestoreSession +metadata: + name: sample-nats-restore + namespace: demo +spec: + task: + name:nats-backup-2.6.1 + params: + - name: overwrite + value: "true" + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-nats + rules: + - snapshots: [latest] +``` + +### Restore specific snapshot + +You can also restore a specific snapshot. At first, list the available snapshots as below, + +```bash +❯ kubectl get snapshots -n demo +NAME ID REPOSITORY HOSTNAME CREATED AT +gcs-repo-4bc21d6f 4bc21d6f gcs-repo host-0 2022-01-12T14:54:27Z +gcs-repo-f0ac7cbd f0ac7cbd gcs-repo host-0 2022-01-12T14:56:26Z +gcs-repo-9210ebb6 9210ebb6 gcs-repo host-0 2022-01-12T14:58:27Z +gcs-repo-0aff8890 0aff8890 gcs-repo host-0 2022-01-12T15:00:28Z +``` + +>You can also filter the snapshots as shown in the guide [here](https://stash.run/docs/{{< param "info.version" >}}/concepts/crds/snapshot/#working-with-snapshot). + +You can use the respective ID of the snapshot to restore a specific snapshot. + +The below example shows how you can pass a specific snapshot ID through the `snapshots` field of `rules` section. + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: RestoreSession +metadata: + name: sample-nats-restore + namespace: demo +spec: + task: + name: nats-backup-2.6.1 + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-nats + rules: + - snapshots: [4bc21d6f] +``` + +>Please, do not specify multiple snapshots here. Each snapshot represents a complete backup of your database. Multiple snapshots are only usable during file/directory restore. + +### Running restore job as a specific user + +You can provide `securityContext` under `runtimeSettings.pod` section to run the restore job as a specific user. + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: RestoreSession +metadata: + name: sample-nats-restore + namespace: demo +spec: + task: + name: nats-backup-2.6.1 + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-nats + runtimeSettings: + pod: + securityContext: + runAsUser: 0 + runAsGroup: 0 + rules: + - snapshots: [latest] +``` + +### Specifying Memory/CPU limit/request for the restore job + +Similar to the backup process, you can also provide `resources` field under the `runtimeSettings.container` section to limit the Memory/CPU for your restore job. + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: RestoreSession +metadata: + name: sample-nats-restore + namespace: demo +spec: + task: + name: nats-backup-2.6.1 + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-nats + runtimeSettings: + container: + resources: + requests: + cpu: "200m" + memory: "1Gi" + limits: + cpu: "200m" + memory: "1Gi" + rules: + - snapshots: [latest] +``` diff --git a/docs/addons/nats/helm/examples/appbinding.yaml b/docs/addons/nats/helm/examples/appbinding.yaml new file mode 100644 index 0000000..0c41842 --- /dev/null +++ b/docs/addons/nats/helm/examples/appbinding.yaml @@ -0,0 +1,15 @@ +apiVersion: appcatalog.appscode.com/v1alpha1 +kind: AppBinding +metadata: + labels: + app.kubernetes.io/instance: sample-nats + name: sample-nats + namespace: demo +spec: + clientConfig: + service: + name: sample-nats + port: 4222 + scheme: nats + type: nats.io/nats + version: 2.6.1 diff --git a/docs/addons/nats/helm/examples/backupconfiguration.yaml b/docs/addons/nats/helm/examples/backupconfiguration.yaml new file mode 100644 index 0000000..3e1fe9f --- /dev/null +++ b/docs/addons/nats/helm/examples/backupconfiguration.yaml @@ -0,0 +1,29 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: sample-nats-backup + namespace: demo +spec: + task: + name: nats-backup-2.6.1 + schedule: "*/5 * * * *" + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-nats + interimVolumeTemplate: + metadata: + name: sample-nats-backup-tmp-storage + spec: + accessModes: [ "ReadWriteOnce" ] + storageClassName: "standard" + resources: + requests: + storage: 1Gi + retentionPolicy: + name: keep-last-5 + keepLast: 5 + prune: true diff --git a/docs/addons/nats/helm/examples/repository.yaml b/docs/addons/nats/helm/examples/repository.yaml new file mode 100644 index 0000000..dae9141 --- /dev/null +++ b/docs/addons/nats/helm/examples/repository.yaml @@ -0,0 +1,11 @@ +apiVersion: stash.appscode.com/v1alpha1 +kind: Repository +metadata: + name: gcs-repo + namespace: demo +spec: + backend: + gcs: + bucket: stash-testing + prefix: /demo/nats/sample-nats + storageSecretName: gcs-secret diff --git a/docs/addons/nats/helm/examples/restoresession.yaml b/docs/addons/nats/helm/examples/restoresession.yaml new file mode 100644 index 0000000..9c5f524 --- /dev/null +++ b/docs/addons/nats/helm/examples/restoresession.yaml @@ -0,0 +1,26 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: RestoreSession +metadata: + name: sample-nats-restore + namespace: demo +spec: + task: + name: nats-restore-2.6.1 + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-nats + interimVolumeTemplate: + metadata: + name: nats-restore-tmp-storage + spec: + accessModes: [ "ReadWriteOnce" ] + storageClassName: "standard" + resources: + requests: + storage: 1Gi + rules: + - snapshots: [latest] diff --git a/docs/addons/nats/helm/images/sample-nats-backup.png b/docs/addons/nats/helm/images/sample-nats-backup.png new file mode 100644 index 0000000000000000000000000000000000000000..b3f603de785e2330c4b53a5b71505174aed01cec GIT binary patch literal 45342 zcmYg%byOTr(Cs2YLU0J~?v~&VK^J$o0D<5d9DYD>cUcIwi@SSpx5eFIakn6k?>pzc z^ZuIYK7D$sXR533y;T#Tsw|8Ck@zD306>?QlU4@+5MTfRJRb_ed(YILBk=nL(ON=D z0syFqLwh#+@ZP4hkW*Iz0KDk|fWQy{;OV_9@DKoS=L7(bOaTDFbO3V5s}-OlNg zXW7yD?W;k-$of7ST+IxHXq^GB4l^6esuzCGA6vsyZ zClIy!_BQ461sO{4dn6lxGCBO$cci8g2k?)7FWG+ z_u|Tc@x0!UYpcnHh4zV%L(eXz9`-y}784#Pd-8lGB{6b5X(etTO+`q3N~7M3AR zOm4mOc3ko$d+~871;b-{D#h98hhu$|NBQxSHzPqr)r|ev13hmDz@Zm#pI(Iq^O%!3eTknhe>8$5jUNY18#c_`52UOX1*2Ntf{R=u@w7~Lf>-&!x&Gy4g}x?q;is&EdV!&4sBVPXPSoo4`o?^?7Rid1CZNiZ{|J z()w5FNJg+(gk7P(N4|IDEB~zqh8^>AO&75)L>Dh|Wi@xVZ?o;DG%tQ%? zp4;6LCka2a>1c3Xlu7x+MR3MTe^D+=wEn+Q+(g*!d9jL$Dx)ZLnOrtRGsguyJcA6a zR{U~o(!Jq?%1#;aKRoKfYvl$l;UeodC3qwnPi!%~e79+R89OGaNs5ub3`f8$$|)3F zgUWwt(;>^Fdl}_sqe(pNcKfDhi&`oy&r%i+51~dFWGq3ci}sSE&CCQj|CUPg0EQ-p zvNMtY7XB&Xu=FMd=-Jr7($flh&AmN5ct8Ja$A>}z**OGW--i2~k#PqkaHRC-AS~`) z-s1Vz*1++xNg|5$FG-S?t?$#TkVF6nqg7e2rg#2J>x_mGb*ISZs$eF;cF$=!r~BNr zW+Nz>EkcQzGp75*<8#OriZ5{oWwPQCuxm3#F}m9?Ev_!2(8a@^VT;@36w%gH$2Z@t zy@%2XBj+k5dTzMb`L#qy$#QO$18Tc}pn(kxsPZTg)XphO^NB3YyTasX}mJ9Esw$0u}2W@tr!J!A(^S@OE2d z_s)z>F{*C)a|uvI;>(@@xoN5M5O7ppBcC)WmB+8v<%@`r2oH^tQ%{I#66c#?_q6Et}9a zZzYG+V3B`!{Q;~p$rVa?5Xp;DCuEEL!M;_`P{`>rrCX!tz(Wn{C^Klu8JPyPHy>Uw9JX8!~JUnD|$)!#` zquI|k8L&rO`dy3jpn;?cRS`A@*CW~!_V1>~(OHRnsfFno;PtV|iS*x6Dw#5paaoem z88X7rz-2rvunHY;FhaSzM0q?tQNZddc^DeL>BYYe6W}uU&itb)3tj(uRLk;xn7o3l zC9vnlnZ5CiJ&UK-#tzn)r9Kyk8H|3r5rMD$#?wtOJ6$Z(L&<8V8W$WG zAuVrhC9$fR6#7BWxI}{c&_%JzJVlfaqNiO^8t_FAJ3bg@xfog>%qULuO&4h~=EF@wN z&xJ6cJYYx?RdJ6>4CMiDBGK~r!8fe)aET1Yl0azrQyBN1aqIcz&C~msq0st}t1BC7 z3vTX`3{GASS&JwBeyX8insJ$dbhlOAO)(3(C~nbUm{WX;MzMeEfEyi8uQ(^kGAm>Cw9~qE9$#9ba0#pwxfSL+K|t# zjI{+rfF^mms6zF6%aGyD;Vmgn;^Fb9c%G4u3UP+?kR^uwxM4TT=n>?M0)`;e0&v0D zG?8xL%_?d}`bq|+#fclg_iW$I<&IPFbmdJ65&wMwgL1C8BzECJH2GI@D_}Z?{C5i; zCmPA}`%B$fR(^*gyzGA`tH4z}LYH`L9Ht_Y#L08<(CA))%vDRJT#UglOg)K&It!yMEe#B zQOT%GaFR6kzDquFwy=o`lCR*ukG!o!oM5Q^eh{6JnUlop(4(6Sq`I08X%>%6i%morX zEK=J4o~g@4eNby8wMu4leJ+kzDnJCgCRj2rz<6#1#U)Bdr8A>>Q3Dz8vwh1)FC9HH z&7%&$X716r6nv3~=V}^Yt7f^Zq$2*!Mej*U^l!1|J-a&$Gx9%oM@W?lhY3|GJikFK z3INfW;>#hQ=JO|2z0R;igoosWiJG|w;>Lq1#jO`YfIVF$8r<}z!GspV``7iTJ6uJK zdDqtigx=Yff_V(|2Z*51o1-tjT2Po5%oax>Zna+iQQ+fO=nT&wa0pc1M4quE9l}H; zvw8D{dPEb)*;x7MSH;&nAcc^UnV?lO4p}1-Sh*l?FitTmaT16T4i<)R`+M^aX|}Ci zXaN&1kNWNUH7B*xb1+<7!ViS?eZp_Ahj(nF3rf%{4L>Yu6BdvWQ)TpWNq4mwnkIL< z*?jNW0BmN6iXubet2jxM8Ur~+#r$UZlRF<@ED@JI|DG-vQ>&;JdTHwa`q9-h@5RKC5bulXWs+o7VA6-aiEYB6YO zx0*sZY`M$bgDu>)`Z&;(W9JSh#O3)3UBJfQMd zwA)0cVc~+~GK+Qoa&;HESH>YbCEMm&fFZ8HNrt20i@0kzA^V9$7|b@DrD;>gTaekOV324o>94~MDbO`vnK>~M>dXJ z$gI5Q2KL|!-^oYCL8AOe5X33M7k6|Av|EVF9J`;f1cV)K^-7u@n4h!JumI);ca?_I zGc!^_0v_C=gkf_I{(>;QcVK;4@_xp}^nT2>@b*}rb=H{CblGmx-~mrzG+%05%MUIl zJ40t`8DcWxbHu*#ko}v0LV0TRa=F-e7~+@>v%8z!I+%tT#)oGwlXO9%?(djm?71D4 zNMk?=6fN@PtZQ#^Ne>)S$xY3u;u5ilT&9t=LS+0;Wju@9-_9;QwuKW!9zD?$Lasz+ zZP#&N>aZWDUhcVU|C6agfo!ne};Yh1&+&;jOOB5 z!_zAk1i=!ZnRMpg<1!Pg4qfc*RdfQN)smBw+D}Umm7epo z1_KZ#%;R|RjM8`V& zKP3yhC&$FQ+R0#GaGCY!J{vyK=Bq=&ySrP~^zmxEGhL|}!3{!042l|0{qo|8foIt9 zYK_9~pV)JiuZL-`?*`&Pfw-9xvMYE@PQ<#>F)#}l5DnXm8ba4&%!X2Fk5X4lula8ax3)f!Li1V?x=y5)Cf zh95{_vnq;@p?kp zQ^L+1IH??lJBWQxCZ72C$uimAw~=?`w^gFCpi3q1&z-u>AKZkphEHRxhtz+ae)1a6 z!9rjbb!HBoJOkt+@JR?d!;4B1qiFV>hTH!O&PSD1prSIPK*doF;<)LgnHjuMPd6+5 zfgfo1H(xo$3`2#3#-3U2vQr;1QHrFtcup|5#-pLVptTG?X^!fiVpzgd@)ChmN z_fCX}eXT31X~*~8W=equ?{@3I$m01X;Rwjik|>68_lQlXREDSrPa#;jF6n3gmv#L= z`t`pzL4PVHczB0izRT8UP4)}r7WB5~j8(^b&6h8w{@Tx2g2O)P6zD7GlthkMB^7gh zigvM$3~AwHxOuStkRl@en2UN70&}Ro`48=j;^#;(GfNiA=o=9fI&xV~$rY*{P_H_P z_zs_4ee>Gux^WQGIO?yscKzuKrxHmfL!Lq`NelLoy34H(CSvwQkx0yq1D&oVqgBY? zgf+}mi7oxFjQ8c+64ml~%g)^a{P zUd%a>HtxCC81b(pLD;`O&Mvs&;DXhtRk{a?Z>TQ@#iUFO4!7&nFDg`?Mgbq+;)6GY zAx1O#jAlKATLjL-L=p-QeHj*I4;he_!p}9s>^Lqmj$`OX{-Sv}FAR8(w~6|8eY(_4 zIC(#kfA-V$kX^n~Un}j!QSx<+pcv@hM0U4y=|Im1}n4=H9Ml%Cw58SVLU|Y z=7%uXmpVp;&=l0B6@M7QAEl34We>7QI344}{4 zg?^yeyJR(2tsVNb^mWJB%#3mC6Duz{3hLi&4%ScE4uP|uKmW$+lK0Ou{7*!SkhUvF zQlt?JZGd@AwURMSa+=Um)Fjwc;Z?|E=WKi^+`0Y;)`ZuOD?FqW z*(-5=fv=#l1sN|9b--yi@n;SQL`vaqUVDmtE+N5FX$1pS zqf(;`UI<`w-%b`#} zaZ$>Jz*zA%)H_TwRHZF^Nb>Feik1Vo(w#P7X17{_a49BA3Fn95Oz;Q0;HmsupRF17 zSK)0M?!oiA&r)$?as=}KHSb+!aY$TWi=O_*#z5VQk*z;yI9|1o%pY?5BOTj(#b-Gv zOQWT}HPRQqW~iwE>o0!BX31#5di0f`Qod{9+}k4m4TRb5Q6?9wiUrZC)5`Y^4j=@P z<_%eR&xMP9%@2A~gpPjFOA#{D_d zBDRDje0J@ANSI_)rT_Rs#Mox?Y0*?vuO8>|@uo#~i8Jv+lwO7+OL2Fn4#SdZcnjCz zDH_>#hA{fr&`j3wRa8F<0cCJsX1GCjhsZ^IM-9zOoYE`V8#Tt47)HgV)Ci0xB>MtF z%P=c*O~0bd5Ecb#$i;lhRFG!`QU+YAKl+8h5^dS$zx44DJyZQ>$9Sn$HqRm65~YKF z8qMkwTfURPxBQV2>TW6jf{izFy&o0iLPQ)**vD&Lu?KiwyZEjKB{#*SOrv$+$ zWiBax&+I4Dr#+=VfdYK_SQTP@8&<)GOic9Q6Y_Y`8S_PBp`qI!zCVsoS+^f~kZm5r z3y|ZtvrBO~P)Vb>4++YeX^Io7GnW0LyI*?-RbOH2vsijXz@|+GS9FpkC+T4MmxwPSD{V73}AnY+VnXKY_cnr;Z9i z2*()5{-*I7RM)>DYbTtab3oIW99HF$2mjj*8!1ZCVO53$Gco5w8CJHm1T)q#q+q6Y z#zm3!@$_2%$ktxM?E9F$GGa*Mm+!~y$tTFI=dsGZGRscmaD?h8ct-J@{SjJ^B#9C* zbZm28bGkS)BiA(eFss&?8}hF-hQJnPLY^o_1zEP|odENDcVVY3*drWXg#IVgT!R9BkS3L3 zHyU*jgpG=pR@sSA2aI*YJ9 zc8`j}*K(gQ6uoZh=|GSB!q9V3tL|FOhS9 zZ%)}vF3ptyX4;+gAFnV01y%I(-~ziLh4#2Crlv{3-}!UXQ8i!>`)W!S6JxqGV~%1S zV{ffy$Mz~+RS}H6s)o&NR&+Gy@h7&=S0Uu@R*dLo`eTF!&OGM@epU1PcXlGgzb zwdi-^8k9NVVh-p)`i(`RnYjC}%bZ$e>Q~=Yax%v!PI`(;Lwc`xE0U-+*YNXdBr0CL z)LRR@m5bEWGqgX@4OYv7LhPsY(lzy#pGGfH=;<&Yc%B#gJ=3@SG?R@6$Lmq#K*#gH zQj$#F={N9<84V6@4Lwc<1A!6mLaG9b0S1TB^4-Mfxx%@E+tVuzG{oF2qch-It{1Yh$A`WkVsVHKEY_c}LPL<0?BOgxgIw^Y0Qwl6u zVmeUGj2HE1Fs_N13=9=+=H8h8I6jL9lF8XopBxqVe6rCFK>%zZH^@p&!*)^M*3&lb zD68K<79jr-xAp&;MpXFwQT`*5Q%E{${Pv0>UgQ*;i2+MqIHpT(@Nmx4#Dn|?dB^~oNvFa%m zYuwA9rfQsn2FBqqG`d8Qa(FPC`fuYSDmlsO9r@P^e^}G?u4ToV+H`z`w#A;iR<&Z0jf87gueL` z%HVGp)QFQe;yW<>BJkzS9X_PwC5C-W$9q?~^ICnfzm6>p(1XF~a2G!B@N&4fkXBK~ zFoM=4{>H*_z=SDwKlVG#m=Qirr~Ub9#=SvDkc&Zoy*bmBRJO*=XtYhb*B++l(MZHF z?Qf5U5nK?%7P*%eRcVnQrajFF_2XOri#|V+Ru8W5=}lemtoZr(sa&9Te&OFlR9JY* z+rZ5I(Hr3N%^Z17$~TJs{;S7Y_wl}xJkOtRn+8*H=e!TCwhJ6acN2CvD+_-0>%|~MQt0UJeA|ETGFc7#!oS&Y_^Z>k|5(n>44Pez@F|`v z$rq;f7VyIGf=DPD+POBVt5h$cV%_+Q$3{yoBy9~k7jsSX7WN)HAd8`{Z8~592?gk^ z+l(FV{0yHXC(3?(tu|`b4O1(x+|H}%*L0{mhe^K7Cv_fRX31zXcAx)Kj3>rA;^xDC zL3jv%x9)jY@8j8xiH{Bb<-}!DVfVaU&OXBH{p$`EmlK#t5Ttu<)X+V3#fe3t#~7+Yq^K+hTWpIES-1Fl>abNGeYWRO1RHQA!*F>gHcZxz7yS=#<}qr-QlV%5l1`hNR0R#~lJB2@Wcs{#_tsYL9o zwz*DSi7Zj%N0-ZT{$z$Pht$kb{x6yT0yM~ni+|qX@r31W8iCoy3{Qm6&DKWv85(eZ z^|Q`O?ArL0A}`U5W4JnzCK@DbD=&*UQA{0htuF=H$(O3vU7tUjPin&jIIk=uTo?3t zpZ5vA*l+%uTu$XfA`w?GI7cG&A4JIe2kUyN820Wec!K4KjZ1$|R+`iO85=#Q^$=*D zTZX?usKOvVxbfFRY#O#mPX}@gff>opZx>XKQ*?2j_Xvf+Xu014KxewI(=fd{t8viR zCe%JWho$~0q4l662+g_im`tXbnEi5n&coLRwl2C#G{eWMZeP~7x)xnXS%Doto@$ik z-e{TiI7sNHc4hvh-+TC+)c>`QLN@V3-Fo7=CBW!3wSCb_Oz%$&5n67+lt$PMm(-Bo z`J5s%(C^&1=saVpA>z~gK(6>*k2n-qyh1CE(kM-+>woC7I7*3bB0GV<9TTwZO~d6c=-*P zPY>^6!(S+zn2HCKbzf=rmLSpx_Kk9**s_IfD1v<(s`!85CMbWI>IiaEO$eenXR&qf zyqty^ihJj%c&auAW9oCuCrw|mn+f*49xL(<^S?xaXt@!ce>G@e-c-h3Ml~J!U`my- z(AszX)>GzLZQa@|b~3r$n3o z{=700C1^ga+XNrIpZc;2rTjxN7Qw1ke1a$xdAjFEV?;|jWsY-|=X#Bm{*wYl1rHBG z2HqZiGgleNq#Ny>kW)JzEARW?x4~%ZWea!<6U%H>CTnh~7bICFD^6`wF25#Py}3tZ ze0Jrck9m^_hZ#v?;g37_Nc1r{*4%c}SsJ}O4c1UB_Q$r06w~}>d_PQm!Ym>3e{3jn zORn&!Kt3sd3m)vMecUM;<;`{I`(nJ|nk2g1u|=oO+H7;vq5gK+XlZ?!#J4W6n6%?p z^cr*IetR3B3MRujeoySDd8c+R_|B%a>SJ6c$zVAl%~^aJX3X**8UJ1JWS^l2K`>cs zT~58NGON21e(Bj8=%itD{1h)_WS!OI`|aNv-!^4fnho&0z1qh01wxTjvR!d}RKwd= z_l`;uHNGzIs+nx;@86aMybVxsyMp~kf6k5=#pdRfyu1CVP@Xzy!l%k4pfqXJ>E0&` zCQPvG=5^oci)wTxWbg(vGaqYr|2}HJx1_DkIx?0a`h2)0!@=t$r($^ze&3m|K5J&h zli6?#3uI~<@*R3ZxdRJ;zEMl-;Zfw!O!Tj?bn6?{>jVGYA z^*9EogBczjWd?T?Pb%aseKom-B22o>~>~SUmF3z4gCeo!RN?|3!>}#49DN zJ;Faw8%V85aP|eloX?~qUM@--GYf_0vBT2H!j4nLPq5m8(RX!88 zaM~yCQhp9ch3=fG_N%^d37Pf(+6Sh?28FFl5ba-xAivCi>qgf~;N71UrFS}4e8iU} zQTx(Dqz5ADjfm&V1lAETD6V|wK*XX1MO2B^ihhB(?d$op%b5e6tK zp7YwzbyEWn&sjc_8bA+OJQO!FYTjX~AQdgR7oj&mf{^}EkIJrT zB&6|}_aXghpFLoJGkaJJRh*w!`@e6-JKgMs&MoU4t^xVoZn6}5e3++170rAYFF%G>;^$g<_J9 z2oaJ;o9hC4zoYN=>b?xH_?KPe4Tw#Hn$30gk@@%Ag3W^MD?D}b-304Inh}tDk$gCf zDwo$#Sv~F7NRTmpBNxECP#K;{lac=>5@q(nnW15@BRKov@otLGp_>5CZD`aq-ND7` zU#GujPfiE|Cf^0+0Er>6OLDKI9#FT7&hQ!k5yo#+E(>qTW<;`-AJ<|uQKv+cP z7Ps9cL!bA8cDA$K``RLDYu3XkP_xj>f?q_*2FwcNkueAtQ(={T2Iu1Gk~=p8Lg5sw z=@_nO4v=PpYie3 zV+cU2Ts4~t6}FnrTZIGuDGoYzb|!xaAk8(n+WE5J2{ja3GZMNy-y!MDiZ{3#rz7Y* zd);q5Sh;LTm?l<;MG;oxSp#j>S{u0@o)DZ-R>t$Zuq)oQrJfkxoZcR|G7Qp$0zVX7Q)8*^Ifl_SjdIr#>RN}6L}NT z%3!jukAZTNS?!wTu(Vyr;OypS>&gEqYZ}TB1zA41{p|Ej3adDD!ZZI=3$!k$gS614QuOF4)0OmW$SN~Jy^$873K(z0pMp-K@RsYZkpc3B0$n#A# z;9M)fUgBZ1S@^lCZ#^t#Ne0zH-BbpJ3w(Bw(;|b!q!f8(I9Uj~8-}G%1z?LPGp6vvIs% zP+k0Xz%(~4m_ux<+$VPaFsez;w6A$l713l-!h@;+F~W1=O~Q z{B>tM4N?^r682N+#>ag!UtQ(xuT$xoV4*6HuTnP~WBSagQ$72DqWFm?J!o>S0n~j~dG{{q?VeZSSL~ z(SLg^nQ?Q0pa!<{|E@{GZ_iAo+aYi#0mw;DNUu6Q@b|={?3*?9Kf2Z@lZ#3bnQ#! zdrf5)i~rNaelQs=&Z1M55vo8ddclAM@Pj?hsD26 zOVj~u-?p+wFTY9OqoFcjl}@^UEcZ+A9?6fJgAE&x|JgF3pbQ5QlKHpKTenZbBW^u^ zF>Q|*($c!5iq~Gq?`n=W(j}}Wu)uE^btG*&at784#LlvWzUs$51ykX#1fEP zQCYzYebK&Y6+o%7r)Fy~zoh9Cis7gLIS_g3I?mEM>s@}yh6s|Ct&33>qW}3vV7DBt zc{HhVOb{AAn@1)=%+wiU#s97iLqlmp_hvOX(JH8>?h{k8Ly03`{i5Sd$?y4%v zxgR|@@0ssxKjJQc;*YL0;kvF$JuRzD0xHhQvh!}1nl`9Co>|5rHJ%&~u!r`&INbB+ z&ZTJ>#x~k-SYz!fLgoFLPgHdNLZY(!8_Re|C`%T;Aza%%??RH#pdb-r z@}gH^#;4+{01CGR>^quq15w)L_nIGra}+mhut}%P;BMCOf}lfd@Gt6g<*;5izvdaU zt^eJwvPbXu9o*MYS+?ea>Kfqs^0ZK0vWEEVXZ_P4HM?}W)9H~+2%*u@bu`BnFiqrc zk}%4!;HTfU=Y%cV+76Q&wGO<6@-=ND{qckDKk<35+jw~IlJ?=hzmyNP!l-+2FiS$p z%$FNE?|V3hgrE(%IGQ8IieB;L!Gn$hfRDtaFr{9uJ%F>dUTpKG4JR_BQ~Z> z%8!D}YbEG}`O{WzyF{q7C3x$Q zK+fuYq^Rduz6;?Q<&v2JI9T@yrs}fWEy4ZQ%)35tMhY1t5v_OdX174XPG%|oGRarZ zZBxAef>T7`p44@amHs{Zf`BX^z6s3LA$O-fIv^b$_)j-rG}Z3Wb+cPs6+Fojmjjdk z=m|7e^TN1&kJ5=)^T1rbuva#YTnnP_kFpS

    u^=7v?Y$Oo!l#F-Us)#{-IT_~B4O zn44^h5FuRk_g2ZvKxyPrzWR1Wf6;s~L8rOcEV(g zWfPPKBm~IAXe?lhNQ=ZtmZ}_teLYd%*Ch8rr@1rzfIFNYZ!ZaKVUu2M%8r7ymfYH# zZ|B;6FFBbGz8=kRCx%^Tn*m}EPLCA}lk?{=$}-MM6HnG@y*Rx%(%rO#_sl!0+20$l zYIX?C2g2dei0enB3c z*~pV(zkKd1pkexa!0WTMq&8=%?F@3<@!>Uw)L#C z-f_7p1(+v2S$s6dU3|On8*?-7V9}u3)+g z_ozTvN7^WpvVJ;8d4~X+X;9@BFSv}(E%k+`*c6?KfSWV_^3}hWxf|7g}17 z^8mRZs^{r;~6jgjs`Kb_MYCf zyFVdQ%$}9}6(l*=3c;jCH@4IRbM(1fSple)_$fYl5L+lnu z%4odsW_ysZv77n0`I!x&^Mp>%Kf33d5KsGc*UFa;6)`%$b5iJB=e@K}>Y>b%8!T_Y zUIv5^gI+TD)VIqxWkrM``Cm#dIS#a96Z3QT4gyOR?H%Y_HBM-GV$vf#dG~@?dg1l6 zMW|WEV^sNsdh3s!@McaCl=inrDW!9vwEQ?mh2{#!y#T+LDkztAljDZ}d6?ba@+}-^ zHON%ZNvYL`z~psny~Agv$s`xi#lP9pGf@%s^MtH@PEnEN9NOjIo-#`<#Y;yoJybvx z^M0TJKH{~N&gON?o@J3DLC|)j9>4TEUclR+B9I#@1DNQjUVTCpZYwP(4ZGG%wxHVA zV*S*nIbw4{o~iJy-wyLtLtB(UR#&ZjHRnUP=2=;hrOqY(vw`;<`e&T2)iwo1Pcx!a z?J+v4vKqjgC2gfs-flJGs7m#5Y2x1^@+S>&aw5b$Hs`ubOMLjzF4Hx8b5+j8SSi5i zyF#mL@{NKGZ>bY+DGI*T)>s1YoEa$;-%US*oV6qY1st4oY}@oam2p@ubxhtuwxWU$ zS{5bqYE+qEdOG$PF`K-TH=Vh=$;&?LinIFr}Zwp`>8P4>2kyd-{pcrF9 zgo@7<)g2hKu?z^8R}zn4GD}BG z)R8>Zk{|(9v#hA_Ae++j8FyGc#0i&TTF9ONZAD`WX94sJtjw`y1wX7 zZLO5S0xl!e)Kw?#{CI%+{HqgYfAv6U~$uorj_RF^Yx>p-FW<%lENt|+P873&V1 z#>{RbkF?EIbfaK3h+O&*UaN~Ta&I<(1?sH-&sH*Dq^ztx-As{yOOOn(r!qHJE1)2a zW@FlvHgjo9ROx3~pAcT%xwEK+`oo^Rwi)A_mTl&6`Ga+c{jTqWTUehWDrUnJPz-^4S-Y-zcaT+Oq69IfmgEPJY5H^WKB4&c(bTkUq*W)Z!ji{ zoH{#9bEgQ9^|??xjSY}fYhA3&0jH%^_fh_$bViRBx6iu@Ja2+;6KSP0Cbc&j*j6q` ztp(YQ9}=4^NH%Zjxhc}5H&n2U5@v?VW7H5^xyFvt>mQS~v5-rep}5ie6c>pjs&OAp zJ8H6$!HHD8D-6~1u<#$wAsNQI)DDjwFaV{L=Pi4evQAcR?AFExc)?MXO5Pp+^}0TptB{?^j}t;ey#?0erg2 z83akJ?f!|_S(U0{{o+FPBK|zfKE|B7GUPF4*RuIGYa5#ncayO5N^=TqWitf3p-OM03R4pw7bAiB9r9U+T+C~Oi}%x_Eb zn_?$p_e6tjC3HFR=M(^ z07n$-!A;oF%~C%aL1H@r0fCQc=(;XjVc4AQLP{Q#0H-FAq|ws*j~ef<7i7#3hBL3t z4mbe4LvD^AHCl7!IY0<6(!yRP`%yl9Xx2M7#K^7QqOCQ}_OMr6lM0t!M`z2MyUmVj z?z65V78oicc?pHn(x%hRnwjbg9(W=Vy2A^#^^;8xB-h9F#1`|5UC_`XZb4VXv4Q8|!wZ`nt+}GLrzq+IPm%?5vj?=6)59=}OZLI065sA&I~Y9-%X3=1ey~!H@-& z?*yQp$mb`_Zw!@_ee*uk$=TUB4-0M3DE~iX?#Zxk_u2<|YaKs@YNu8dC zItN;Yes`gfmI{^znj?2Z32@~{Ev_q0;~n}k-bVyD6$`*!kG#G+ObNsGS!+I5a-+=;C%B3J^_j!rY)%cqQ zWWH_0jjp2wzippc3MI0`SY5l*R9gV%v+>n&tKIymj`R8EHvzAeci^SlmzVdS1qI2b zFK~VNHnj%JKFl%yvsdhH&B;_$F1l#CXF?BynNj0uf&B(PnliieJl^?B_cQ|I ze03~CkKqV&BQsZ-3ouq>Kc0-;3@v1%a--}F`I%?Bgb5W51YTIGzeqJ_9a=(_fuXHXq`!8pX+x_M(irK2v{i#%`_7-Ph6utE5BXBBhRcY z`A$h>tvY_<3J1FqeL&~pHvMbe%50Umj{%=vm`I279+!Xn_((UC-{D3~{BYZBshs>c zb52K;s9IPU7?W}4icDKGcPX-^jIxCTf`%)EJx{k0^jlV@bPa!}b7>BhGEviH~+b`X?5SpLDW$0Qsy7WiEl{qLcD5u7<;Vr-49E2YDecy?l`ZE zP(NW|*k-`H4dLSsN;7d^HU0+fawEl1eQ>a&%5W(iGZrs-tdRKh{x!nZXdqh7?jTe= z{=;wzExt)2&a4ahk41ccw}gX#q*v+$7y85Iofz~1@YkMaM=4ts-~r@=__l7$T&bvI zRAibqH3yXNjG5jmulf(vR;|8#TL}n+dl=DN_@O0WLrb#X-i#%u@t_sQkpHeAxaf8D zH)!5T_2I)zwfKYhh^9}KS64>7GijgRzY&0F4?Q zEgSth)K)BSZ})N-r+1pAOrhS9^MYye;Xtf4ru~}uM?7tAO8gi9)*ib&2A}{DQW3(E zfa8g!wy?ydlwP&81gHOD$rFfdLuk-FfHr8e7fk@_nZi@;F&`)9OX8J=ISz2Q{wXF} zUDxQZIJxwcI{8lDs$b@ht+Vb);a@i>mejp3;sc=jsl6IFARX*8X|!%hPYU#Iv$DAO zfAgs?l{qV7pE>>XDfNc(6-K`%dk-R1HRY)e+^HRQN5WiDd(+sN4Hf(=8dHN!A0zo9 zi@8k_w@g|NNT*?=6ss}^6nH0{4F^`ozil>ygL#%s1lFb-UakH$SjcNt%YW~X%0MFP z>@n}`H+vklanW||q0MIdBgb*2|MrtzCH*^5xESlRo8;{`0Bes}P-Fk?eeT-T998ud zA%M@{-)Fp6XX`O;{ev{5O7|F{%GcSe{|lfMgSXtPnYdmB=w|$_8J7(JC$tjX6dm@H z76q=8U{uiPPC2}7wvS?aqH$_Q5JF|o-wCD!Kt(=65l%lx`I_$daCo%O7@C;8U4`jF zdiRA0NwmG#2^0S&v7)F*3V_BX&GynR&RgNM&5>wH#YA zZdGeE?EdXq6Y^G(wr+eqDeSbR27RZ$NTYm))PjEZ6^hc30!(EKu@}=p0|`4Jbjl{8Q zw~*un+Tu?A@7pPD$_AB+MolrFj>(9)kFDgl`zd%4a|Lim*e{NT1QL0{Mi3z!kfOk9 z#Ak81@5uh&;(qCNyXjmP_99?x-lW!XZkxoeg zX%wZE6r_=m776JPP`Z1JloAk;k`h6NG)PHz_vqMY7&Ur~vF+RM`*+v1?cJXDdG2$c zbMEu@CJs6EzTui5uj*wxUZ~=gN%Q6%9%J^Qmb~JO&D$~CJfhTz|10ly9)?f#-l%Fv z3FT}_A&}kqb(y5=^0!i_Cl`sdb41JV_v~a%is$`$+4_W6(q9 zeWyu#djH3fXC>1#cj@@&X}`sw$7Hx8W{MNNE2~D(8Hco<&q?XSIylj4>W}e$VbNZC zhE9mAk_3cQzvR*6LVI?1XzP9RSSq&cE3CF_yRnWq>*TK|@Fv9a0MoayNfMaHFCDAU zqX#$ex_X%pH}0W90_?Hf2hrvFZ&YJi|n)Y7Ix)QBnG(kC=^MYDVbcP*M(!pZotNc3fA zWF1!@q3hRM4h3@}k_BypLAvgXfkZniBrVx-X;`ls#e$7}N$>W4s^JIxnX`lSA97Dw zvm8}MOo~%;GoS2tiHXA|vv^cX5}~6isUt_3*CeDVOGG$aRJZTTZmXL~nnbxPVZUg8 zD$WISL59WY}#l)yfOG`1ueMnk5!eu6^I9k4)2J{eQ;9 z&KLNzPVz?RN&!Sf!k{T14$qXf5}87}a8-P`1dJ5vRdLWKaTOg%Q7NA{3%s)4bo>`P z;CmJl-B9-K7>YVZ$%fCwPrb6P{3zFKmkGY=s<$>jnkdy^ef5&d)u>Do_$Q z5-@i0uQugPlL(lH)d6*(uYRPuA2y~sP=TiX!D!S$&$#G$r%9LgI_yk!)bzmx-V1BB zUGr~F4yWH9#}-o$%Mj=Ae2_sLzvN@?%%_?io$mw4;x3X}(r2La&#%pkkw+WOh%J?| z_o%-TC3{uht`Nn|oWfCS2|R}7KRlG8f(>%yw)#z$S6GC04h?1=EKZHSu#7gS9Hr#S zZg8ZycT?bI!|~Q#Pyi9FNda#lotF}!AgN`hH+fK}>m+XxL3?wG`2l7qmgY}~vjcFY z75njiYx-*vtDvp4WiS?Ph0dVxyi@A`2E^2+nZhCRp=lYDXT;d1e>?7c`{-hS08!xY z4&-|IC=^Hfo4VwPf`bU;A1SbT-*-&85ji%nQGXKiAE!;@E3?0Xu1Xd` z-ogPrVm;~-AGty}g|nu=zp3e6K@eQnXnuPAva=qY-TmXF@ZMAtiwSDD)NeoB>Ci=D zO}b8}+)}E{`}-_p0BfAK*b+;1bC5r4(V;+a#NM*h4pZGrDrA;M#s{4I)h13HAvt>} zIcwxEc!DY$u2u!3f@Mlqr0}FNpnYzJjQ>W+-yhq$++{DYwgW(2!y^{fP|lVwVr`)x zKNF8~ZC6AmIgD$GEkj!)!w`1rho6hq)4^iP)eYN7sLYzzUEXBZFmdLcKuJX2p_4Cm zfkR_|3;xLc0C2OBL|hQ0AbrC>56iRJ$@h_xH!B}d%dTR35Z&#&OJ@{j_Nb_S?zxKa zmm;uRM7Ynkum^wnQ@{n@Vw~UY35vKSwk8z`8&}KI863NS3z2|+GwKgO`gXe#s5RQ0>nA7Zi6rmNBT|(_1n!VO8c*C)g!h`HDD+JXjR;^|!22@m zmY{e#RbgSM=dksct|Vd(yOM?QbWq~drm{pMNjAGH*0+JDr{1?>jlQ+lm)wHgjBx5~ zWFRR)*Tcx-{6xp&+l7w9L%oRxS}9CVU6~u@QQFB&0=qCjJd(@qm3xs4iPU+qbT4rdvAuceWYZ{BW^2Z=XV>GYtuCFXE+0i% zKQ4_d{?p`Y{Vcg8poXZynEmYs1>S2>8m`eL2vV$^v_BQW;kIMcC!7^guwTtGwnI(< z8cI*CvsFiwJl0CKn9jy&b!extODNlg73<$nf~Bji-wsz-Ci~nQ1s3PNl_=lg(ehGV zgoteGj>NcYoEpf`^r%31&5dZ;y(Aacla1+l@b&%EKDx3{Znz$l!asGg1-HN(bj#$Q z$LU(HhP#~`YUgoD3Rjac1q8!aCwb(&k8hODPd9Z#o1=U`!Dhg%7Mj=G7w*ADmM zt{};kh(R{qu{^HaJ7Y-jAgs9yd*FKdOa`6Hq60S(c1`(eT=vs)8s@t9OH*Tp;;Mt_ zpu<^lut5Al)Gtx;n}cRy^)s&7d_v*QropR`S|SyY)PoX)d?@RU)xXH>u%Lc3+Sx=E zgx#%3ryuO5cctTkT3$682IRlL)>LoRs*yb*l;Z$VSgY@PWHT`1*5@bt-|@=_fHRf3 z(|TXa1G^Ri?lnL=*W_lW!xRW+<%VCgCUy;ssD&#Xz<&~Zx>`Mw1 zTVu&yF-fjH(TT!_<(E}!(tLY^nsT1);5_`Wqocj}dGs=&1T2?OFwxhtILl*#C??HC zmi<9voVTr~a7Jd;@KH2hTR7b}Ph+N)kX_YUZ1D z-=csWc5H$`qOfaoWToFsAtbu;(j>(LGd71>|Hg!ZdE^P7&*yPQ+P{W(Yg=E`tWVSl z5w1ru$=-!ji?6+Zt~PFTDYJH4hS^crj$9hj!Ie&>8uouW3=9l?#Be}IJ?I#(Svz=~ z%b>Qhc(kJI@7=ky!`q~RITa_aRw~lR!c#_fI!ln<*2RZkFzK9{IPT$ox~^u zK&N*$eb?3}+kXr}m2Sk&Y4Re&P=W1ez*Yl_sxxFal%Ze^H7_6e1Vz1|r5wHN*DJt= zh98?7vO6B)_(MIJTAPB-)6)0^L#cOW+3vw{{oW3}$y-h?(8YStZn{8=t^($#-38+e zB8;BCBc^xiV`)Ly;Wr>SRS1h1cJtgSijp#4nDf>mR`2swk}_nVj&Zn*LEgLDHVx?- z(55~n&s1EKs>`+-6;v<#r+I9AHCBh&aGI!@Zw=l30^TKs~xYQlT9FbVeCV17bV-nDgKMA zn!V5JU;Up>a|(k8Iodd+UnhR&Vb?RU@ch7Tw569MEOVk{{vQzHng~&EBU7uxizwHs z$uIcYk;j{XrqUG5a3!HHuk}~S<(Gjurrcjv7q%Ts1t&5w@9oa5B_Rfdv>p_!^6?#w zUV3&qs3asW^}my%crf_*>45u>G9?uJ!1U3^yOyjOv!3Lx}8yi)8S)?JQXKKyHh z!;(koPwxRIA0^5VI2`5?M)dkt9_^d2k5J=>#k@q*J#^oB`QOhWE)g^>6)tz$1g1h!<9OnsBDqloJu_l+Z1*kCS@Ob4G;6) z{ZU7EE<-ApQ-UjwcW*_m^v}i{bO|u}0V{-Xx#D)?pbHCtecLGEKU?YhkrJzah;i7g zL_qBzqwr>j-X!}o$nle(=^;mWRuG|+atXFxk8PnYRP`6_z)J*z-jVsp3y|w!xGJ%@ym}iVErs{oZoZ~1^mYY!_ERhS~)5KqS z!PfT{q_QTzYpFKwLH{{?lWJ(?(7C6Ma{2A=veALD?`UwP8u+O3QGM@aY4=#&JV4>% z9dZNp=IyG#_I`lYzy9>TGp~;$FIZ>Xd-r84dx}iq&qb-S+O;? z(V^zYeT5K$0kf1|8H1R=dJ+qH29DFA{5cgg@{e}s1NKk`+8sIvy%X9gNd@j_l=WV= z&9V?7=jWTRZs;RBLaFFQh|O6!8i|11{!<;l8c01lieXb^sGv_xj_la+h z`2w$xRmr!Vto|eLE(e`>V=vo{Tll0a_xv>57c+(1t^3X0N8B3Q_@WX|g~vq{XV{i$ zzCBtY@plaVqPAoT&xPN60g#eAO0!K8FZ`3nZ`9#oD`r0-Qtw^xmLJ8{HK83q?crTp zYNB}wXlR})3vGve%naP<)FZWu?m-AD5fC$IX#4dwQe8U)??daJi7e3Vmw4*5eLQo$ z|AJM0=$&3Va_#9)&^lou_fyJyK#I@WX#2SLSrQ)xVwD9Oo9%T}t)pMW5Es2af6buB ziR+1<-aiDKExKTxC%4zfD_AF@8yLiGX8>o%MCIhbUZb$%Wc_tLQUpyjt;k zb@{Jz^>bopr*6TZR0jt*`gI@QLQ{&Iy6S2NfMHxx)Ak4V&av*>cg2_)k^#T{7{w?Z zIT~^FwKe;O1s)LSCojB{Huov~=)=p!_!N#bkY3~OX-}pq`4gl$pY+Rj$+bUTO{+`# zyI~!OsT4q!ZldJjE$Y65i!JBp`EIY9^-nA;u0NU^lW>1Gu|}J7X$DTr4T@|>UR!(F zE?ngjWCGu}*9PNFXMK9ZyGH1?vl2IiE75e)TM*FBPKwnK6GTw_jl+UZb213((9&Hmng>ZO*ro3(#?zljCG=95)r(hABg8Iv=k9<@=n0`4!TLZEep72! z%>v?571VQiow%}V-7LKrjx6=uo4$)NUm;Tr!LE-5Z3oj7IRvdJo~>fKpUgr!-7t}u zZlb!sjZN@r{HfbOH5c<8in`Q>0bgtD$vXwh(CF$2h;tpH3bAQ(){|KOkL(NUs6YLd zASV>u9n4uD1Ys#d9~qz z@A#1jk^4Kl!-J-m5Op#7?ucpOKN*=#)>3bOMdF%{kvH_6T=T7mIYn78DY^X4wGfmP z0`hnP_-G|s2<*YzCFT4@jp!R^)*lktL5Rno zc$We|PN zs7~cy%Gv`BGx=CpYA>5$_%CoLGZ@L{r3JS{Yf>4J=htd8U)CDipFQly;avT6hC<*=VxY zbVGW*OPd~=a*AsW1)y5j%>_rUurLyC{2t`52Hh*TnDck*)fO8g-C^xzn)`r0I8^t% z>I3Sw-1Lp=a?wiJRnp1caP{_h_vPec{RJClQ`{66(N3QFnct>9CmJ2P& za5)n3@HPN)kjyms_ggVx;QbH1dECZNO|Oj>WQ8zohN1AD~Qa6s)Q$iBoLBtH84!06{k zU2Vw)XsysKo&OuTVtD~dJXldqcKY#V1tJn>iqP=*=d`h4ALUSDh=-8@J6B8gpDD*>F z1*DgAesqm^;ML?+q5-rR-}Hz(K3}_1k)M$hC3H%91AxDsAIsMGL{6zbShRmx+g!^V zqZsnMF|{g*v+KT0P(!VUx|Dx~IR}%C&U?l5qxnJd8g@P>)-$6qsr6?|xBIKZ2ltvn z9(*!u($6Yng#!y;X0L$EfAr4%WPxwpj6E-Z~6-X5PJY3gd|=7$BCuN zsBMaD%TGW8m88dotX;`y=jgOS9jmpXpVc|r__CygF@PxR7Of|Cd@2o!2}8_Yq(r5n z1h{aVD$%kg5**-e)&*%J?DY(P3)-N4k3zZ2N*hxu3uOScyC6gI0#gjs%>*`8?)qS{3e2=XH~M7;bj*Iy}m7%|CQC`QJ@w~9lEa`3|9XWADU2rL7P=2;;}B5 z73iQZJybZC|Eg-Qnx>XA0>vn&DeSn>@hpP8s7d~L)WsphYS%xivp-P-%i z@@XhwRu6O%L=2nZp^_C+@9~As=YJ;m@y3_=qhLcivN2!&=|<`36x#hD)jcYw)O~?x z#@v&xq4Da~r?=UqD?}r6nec=qdbzZ-L8Q^`M;)!+JTrmu53p3y2 zo7Pxb`j^;=)e4)IviI0@&drm!@IV*~VZsi^kWd!@yk6p`3?QWY`%yNfDadJZYyu6l za-10Rhy;JR44J&!4KCVKZ)hb~uof3TfbLpo`ddU*RHEF^{G}u1K=jCo_=~VhnyEehSW(k z?^R0WbteR+WyN=M#{S7b)cWiyB)}-sM5<{x@K#4AGzq;yJv@o6*@D@-;9Zl+D5u(@ zX4M)F?@-TUE|DRx-?7@;-#w~@Xx5q5hZNIuN;nJ^v%SdAU--kopm}q$Z6QRLS&F?d z^dyed_X{$Y-w(@$qDmj!n_X-C@nWs%YWjuj6ryrJJ0{wp|O2REB;}?-!7D z+Z*(m%r6H4)`m0RDLIhNOOhw|!qz>u8R``(PYRO(E-QG<0Q01&VM)QBldu^c_0Qe4 z4xQ`HSB=jW!JJ!n7*JFUU~b1mg+#PmVDAYv@Y}ugtVXy$GkDaoMdncyeM-VF%t&`YJAb6cc&7}P zjKRT&Q8<`@`@OM6^2fARRy;~s-P}?y%_jQP%2bo@Ee@M`VKb8Wt3N92 zCj1dUFr#>$oN1XfCqrNFN};UOw?p*ustT|q6Pb}-WG&RMXo~BwCFeuJZLqHPtDki$LJY$>Fu%z$*ktd&FC|{!x-hRFv`qhNg#;&+Yp)GgS{0FjPa>gzb zUrfIQk}cxb2CGnkkBM!WW@ZQCq-Jctc-xql46f)o&1jY}j9$*ozjbSUqSdt>jGyYD zRH<&zCMt`YPW26*sqFpnVUt2DOkEV$baH>hsT3QQ&tD*&SvrLQBiu+b`BydO`!D6Z zQ*8qsCwR?u#I6G$o=H}^(a@=nHfnRoAIiZV*?ssck0=hoPmSkr74Is z6EQLwT9hTSSm-2?g>aJ4hN-xQc_;CygEo5?Tu zi}9HkjgXD$sEZ5rC#}FnNNEXSwWZ`}J)wMjJ_&&~a6}C(9rcu+ikx-#^C5Z2N zR8n>o3MT64;`cJ{aV~;Z3)fx$xDq}(*y5a?VrucBF~q$PJ_j4PwjSOpi#48G;+@`=N5GU4yC)7+7ZKoD{E)$zCUhA$e6`7l?bH+9YoBhrR# zCPN8!Jo``I&dNa9=;Zxz*Y-fx=d(G>6HS`sz&hEFB%?=zx?>+)xY;yto}=S#j_ucP< zZjQM3sO$(>#VoU5+P{13<>Uo#DEbCkHmOL`JQ#(p+)Z*+FxQvaENK(xeHBOlyomI9AxsR{K$F7X5*f>U60py(fHI52vd7G* z%>mhhV~8h(>+0M`woe{@K|#o(9M&d@4Q%&-;QNOb9|JP{r+Qo1dfHEZbt#u?!y)NK zI!R~NuEiesVr+Gq(s9g3W4=vD+CJ@0RXxo2*SLtD*y@Av@LxbuFku>FK`;y_z!+4! z`?%O&ic{D>|JsFVS8pJHJE!H_@-$cQXB!-C_{R6R;M*IM(T%0QP7G_zBi0?Z)CbQ0 zCH2vcel5cIE4;V9c^%S;olym#p!#>CQuHO|3ipqhSYaY_FvYiFRKIX% z9M!v$asSV=5>WB4nu$NyxW@@H^&6-vOT(ggOY4|YaLCfT)*a%> zhUHr@Htclcj2IqSl?maqb+5pwrew#E)7zz6IkqequRj(d@U9dW{}7UKRc~ay_IO-{ zb6@+U48$ypnV4Q)C zA2JDNc#INuRHlUNu3r2SVIfdSuwxfM55lk#^vT%s(CPJM8q_5tSms)zW11G%?iv zjk!N==3&XK)ba$f3!TBC7fw}GJR#m5q2iRs779hEWsV^g0X^tt^(xrwJWqjf6S}(P zB!aBz_QZ7apUx*@G5cb)+jo^A5=`yfy z2tYQ~A{?B~<+sT%j3p5}*r7%*lmt~L;hJ@(G^({5Bsx#zZD!sr4Cgt*DbPuFwp)kI zN`cTrwRIxn8ETVfN&S!_oGnXd>2-k_lF+zBp%d_k_1+#wXxwCVAcFmOY-Y945?C?g z$6C-S4W0*E$jQ7JN8k>1pWa|g$KlUqo%OgEk8+%Zre@`mffpVfNn<=a zW~9{3@Wy&XML(yrrX6cgXhhO+t4ZOLLuTe zJN?Wf7X&n{=dJ$ZAP#~6g}*K)D-^hXWw=|J_QRGW(-{}A)-6tK4mXd1XIDpsdr-T%15pqgu`1hVe9CX#@h zT@h7OL!sDH$tPk)E29cQnW6whLW5axwMDn%MO2f=I?=|!Wcd(7e=wHDx7xHWwvp4a zMRy@9*)5DVm28ssFN{jL2681_S!Fh$hj>r|cV%v>X2xm7Q)b8R9&Xg(L%V=J+83Tc`r*49wztUuu5d9G!zUrD zSFR29DZQF!2$%n8+%l+1?s?aZa>2a!+^ftq$t%{zP3wl@9@9`&%8N0nDd-5$Bltwr z7J~4-L6Oy5CD#<3gt$z0ntb7#_Vu`-u)_jg_FhV;>vFs(wiMUPh@IMNuQtf;K<=L~ zgy=7%_9jWm%b=l5z%X;W_5%IvQc+x%X_MVtFc)f~kt(>;Z-K(o*5oA5x|TRO{=Iq| z++xZsIw$T4c3yM;o})KZk#FJ&=h^`>e||9GD(o)0I>4N=jP>1?g1Xvr+$fN_l~|e$ z3!alswm9A6UKLe*jecU-|_gcp7TP1@-aUc7@OUJnos{3V%g46NP} z^9{8`XY@)~I_6a&hEfe0lic{e0uONqJl)lw7p$LRgAi3qDbzFYt}gE@ej3&6{)9-i_UkHq^*9_?9Zoa3?4KFOUQm;MzKjz4xa#wj7pH$+E!B9LS-v{@XmFpv z@Iv-TlUTMA4NZwVXne6sYj|3IQPpW8`vQR!ZxktT0>c4)IGKWxaU z<%dgY$iUHDc+7@lf-d6>GI^xCruW^>&5vi*dxe}vS?=^Px8(t!-=7@ER0a$+eP8|i zbm}i|Oq%)&!Trhu&qWEJKCv~M`V8R5>#v2rASzhIu^`GC= zUV$GMHGUbl4}Hl`Iy{jIj#5t4V3U5xu2|LLY$UEIM@`9-4^yjpk9bt$Nb~*b?}lO1 zXS}ACLcG{QRbXnxKcMSP8%_7l)l6#SKui`@cOMY@iOYJDr zn&2THpL>ZYT5%gIGbT>QT40_(Rp{7^=1+P0Ls0&oYDp0d1RCcgvsw9QhgJ;825Zvh z+3ja1raFpzFzK5#zFEWa?WtFo1?@jN%Nv72(dm1t@vq|y zv1(68+xE%#Z=tU1;Fs~CFH>!Ko2W&tdSVSQn)+d!R9+=`V0$eh?Yy0p7ixGyKp(u@S?qb}5T6Nh?smj$c`HKHig+%YU!BVAFaIUaC#^-WIbg zenC5N!+ctH4PsKU3HHG&VPb4-Oy3L1KOFQ$G|wi69ZL*eOC;gZ%LBwktFZe1Wt_|YIshT$6uT^7NKU#|gCY6e}hqfa{z`DO3OzdPa&bLS)l zVO9>xwN581vfgCh)86Z_QmWu%|8NWZu8jzk%*dpcq$z>^Gewu$7%zrN6nK=Aibc#9-qQ~g>!2va&E{;OF`hf?N3lMD|!7H6C+G`q)*^qa|*M5#RM z@^jl5PmZw z{Xhr;z)pt-04MJf<^Hv&Uod@VdbNNsoAQe z6c|I=^yO>1o<7k&-Tn4&eEj0gX?K-r!pqI<392d>$L$%LXIwUXV&Yf48K|j|!L{-( z0Q=13EHj_n4aryTC|Gp}J4F<91$Xdnvu9;-Tl{8IG5mGPF!l%E8>Z;ANk8v}abavvN9Ozub#Vca2q9bMSbgNJZTdN&P!&PiaGbL=<(XJ%+t%VQqKyz z*93JB@G@3*u@QWbP!e)t7Xdm|3ktJza1R0MMS*HOzJ^k;JHF`)=1b};%E45obmYeA zlvwN1GcjfIdSOvMow?_Mq9K`dyHw*M!d^`B$HRcC0#U%`Kp~rZ6Y3u-?NtDM9wucZ z2Zxt9^H@wlA~Nsg2y*1zo8*g2D9(*TMuzl+6jKu)+uu^D4+ zN9?;{IH5g2nn=4^m1LXu~MX||u@ zPlEH2lN;pN#cKzgf=%vLri*3u*T5mp7T{6@po1AzPP8kxR+zLTSg36+ort-gGuF-I z`gKN!;lDGzwb_ohlZeS~(ykCJ7sKl1)>d;gJ<}LTj!RCk*{eUD0GFLde8@AP<68|{ zHl7oMs@y{2mCW>SQX0>@MS8!e+6Eue%md9igaqKjSAt=0ZfoiC{wbb%xCy|sspFx? z|9ooirWI`wb?Pe_8_v^`i=Lp)Hm9!F7%GE2$eP|Q7iz-qH?4yu_fRi0E0R5QoY zNWD%j5a08{J>NrKgP|k`PlvJfd`(7d_vHUo9v45-(=jvl*<~63zej*rX%LnWuPUr% zT_@krP=VPNNpTxhCP3&~Z;$m}UszMwaSGqkdCg+zfW^-BhJd91RoWW$?JK&vMdgI9 zg~YWU$B5O5kp2P3*s}y{tuB7{i?FEBe@x~U)PL?4g@}2c0pEv3Hx~&iyjRAb)LD7< zIXAfuNYw$y;1Mp&*gk(tv>W@I*oH3 zsfhX*vDj$Z`XTbqy1K;%4?Sz-+dUjZ`&<%-#ax_~a`2p%6)dBqQwD_EC*)skmYJWc zSf8dKA1Pr^N$QC2_`^wQ#kJ1|beTt+XusUUl~95ee%{ zcXoHIK6P>wRULds&F{Rhq=((o|269JP%&|3@R61>$puHV2o(}=r7Qm_E+wmDJ(M(0 zZ^R<$;q*hY&NlIUjbGaMCFP=&VP#?Ln;tIgKi%8ON8fxNydk-_l$?$=&I8jISQj}HF01dso|s|d;(A!~1PHks4OJ?of@VXyEzAhKld z&o}_QC1{By+tz!I{`1X5HAzC-$AeTfPBm-=&Vknf)!)2bEWPWLBr{koJ(|ilqVl_} zOx77d5&aEiDr0ewvVe5Z9SmnLaLRl6HL>CO={dK=o_7xyB9!2Jt@~-t&jmSx!-z<= z6AnKh@vWhxfpvF)-yiPKzrVwr-snwVv~;tqFPUY}wZpDlLzi1bcCx7=j|<%IZ@C!O zV(yD&u=C_W(2!IiUvVos$m7+G=yVLDIn9b6 z(jLcmfjnDIzF*%v=;*n%s6NX`p|deEeo3%!VYy>OFa!jetXxFtWWgwzYINZzA|Y~Y zg^;5lC)*$o><9oIZmv@CpB67)eZsp zwo& z^)UxO*+kNHRn0e`+xr)MQd`ZEFYc50q8=`+et*nm_U$oxs?uF&Eh88}`u+QA7_!?}L5dMW1(5DN&yG8> z)ZiS+JjCc!~v`B=L?l0x#w$=xlqt)JU&TP!aIw{sj# z)TSE)5+`Z%I9T(-2+Cc33x6Kk5aT%E^7lc6;dvsG$G}CUtPXGLdwYgDAUfZ)1XApC zC}0DL=#E)>&-D4DMDs?=RyMNxOMNw=m2{$ybnjh$b66 z1!d>Q&$2atsYI-)ysUTYmf>)D(|mTuRdcssp`EAZeLRXHBx#sbm*Qs?ZKr9uXjb_P zIVAc!G&(RZtJwnu=BU92Y1hO1Za6>x?Ohq~)n2GB>`WYC`6lBfMn zXD!zhYHs+uQ}7fTT-a~;SyzfXAypSgq8goFbmtQ(pZQelmn=M$X-_-F+(oU#3pXtm zwH}vvUn90vyvNT0J8qNHvC*L{A5tm4x= zq0+sFlsXm=5ZoACg62+GiZx=a^^}8eDN4F^S#cR>za$86EXtvM9W7&N(*lI2$FCJ=%K{I@0&%v`$q|v#tEv}( z@oy`bCM(_7C3JbZp~v%u1RWi79}(!e;=aQUff$mIIfoXldfhypP=SLGZLE(N`gdbhPiG@hskzhnfTi zUn0xZe=J2o79Dh3y zxUBiP@U((i_m?p^)pTAq+{4XX^Iu26z2AwSw$K10Q_2QJrt!1jc#69)`G-S{^Lz?! zYX~H{8*Zx6-w4n_5R`e$!p|1{VV7e1OJ(P~_Izr8+^j36r^x4Ll{ox-ihecn6?RvV zvg%H_LX6t)8Nmc#GLvem<8t!M0f-x+>WV3>JLlHdpu%T3_R;Q1Gm47oOTKomiCE6*h3}zU-zU*y926?(lFF7^0*bYe!+QU(qUgY#e`%;19{p>hBrIl+fHE3U@A6j;y!-q`>Co<8brU{XNB5?#m*4^Kz*$t8`^>d(nN`&$F%R^4?gq=pdgk zmIWC~$Qy7^1!(q{#b|?4aZ~m_(rQ=x)auK}=bPE?UBNhjli9m`@K!tUXfSs0(mP{+ zhl?z@ZnFfq1Ct&+~+eX&&epG^mGu#+^7n=r+=mC-}Tl_=kkMlLmgZ@XkThRa6kMB zcTj#FNHcga1}<2i`ZK!1__r;ta{NuKhcBDjYZsgd_fX<3B&t8pS;=%8J~B-_Ts)%9 zl5FNsdq_@F^b|^!a0)rK!4Y-#e>yxPqL(ywpE3jBih+*!#U5OLpi=IGmUS9^?66v*Zhv*`>B-xXq({s9ew3*@gf!@JX`dsG zjkb*0!NBlG{#Vymg~ibY+Y;L)4i)|SJhgpw&jB?%%{q93ph+zq__GmN@9u_h=NH2?itbQ3Uqf? zgs#%PUaD{W3za-NNX4QxExHHnhfdtyI3VD!9SjxD}QQ7EjTccd_n=` z{zLI*T7ajc=I7CJIewGVul)JE3dpMcjmPyzLnYt)L<-w-%>C!IHHbBjNitzf?Kt$^ zKP9qR$fE))1wGjIy`mA~dqmKG6FS^WfznNa4nWHx2Bs0toUM14x)oaLE^O$&us|Vb zplh>ha(qRH;V2Abuz*A&d$=qgphYk?uejW*k7-FCg2}3PM`!!WM>O{j9#Wi3N}a?t zS(qOB$BKLPDVmhRV|P0m|6|!LFn9dOHC;IatZ+x$p9hJNtXi^Q~+g@ zd^=O679vJU&CwIXW2P)X^xm-LRpy_<4!PMbggceQo&4M7C z>nre{%g<8Y)@NfOezM(s}gvNDI3w?2b1IrkMa3>mLnB8(v%G7#J0?Tq}U!YQMJO z*k)o5=s3&v^fcZ&XOCSA_vZecqG4dJw3cv%o>yjJ2o8Drb<|od<95thnPU9)@zMHy zic0yeb5a8Zz{nuh*KNfwdY->_dpYXxe1z-ux>SOO7J@Umn-2a|Ofo=(Y&CGQFYiHO zYh`kP-~dd*wAQhL#}T~%0n}%4*4K~g2%z2hIDIK_;x-0e*7b3>^^fTp4Ci$&o9;wg z*9*-0EyABS0W}LGeNP6dIN8_td6iXFQ8p@9$;Q@F4URuecS?Ib8VMO38meWMF(cou zxmWF)!_Q3C3}!1kFJ%5Ze`)xZb>7gRGB=7Z1-xB{hAp*^e)mGf?*GeI&ey5+d`e+l z^?t-!d2^5|xF&V8P(c|W$?d5+;an5Y6mPYu5}2#8soI$Bv?nW>w{0l4a)hPsez6BY zVw!i|vUiFGl4)mt`(G1F7KC{>kz9>SY6Ua?dXHi&`(iBBXr4DUzDyzia*43x^z3T* z(L$4@On_$sxcd9zU?4|QLP+`+k z%n*S#_~c^dQT>99A2{nx&#>}d?#vXmZlna>UVw1cwdB>xlb~HajQm}KkeySm8=2Y?Pq+;?m{5}F5YM4X=8Mh@b$5S>w%C!(i^Ikx! z4kLj8@GA?T!#?#oj)gFpe>JZE058>F2e}y&T6FzQUIKJ3!z>Tbn$|ylN0dQcXZLZh zb_0ZkrC9;6o*~eS+Ue1L;RH%({G73{V|2YM0FgMg7CLj@tW9?N6%SpHMVIja;QT7z@I^mqyQ;Hc7eQdRS_@I7fx#n|Pq0*s^tga~`>@U&$Q+z{hqboX?xtIyJif4;1O%@FnUFs^G?Ga4EH%9(La9d$o#~ zcK7@KXP8I?1%i)xg@S>vA52q)SDUKq{Zo(CijN;x#|14PRGWk%mwqiB;;<1g=XLt` zOvl+Xaw;~Gkg}5~9=pS!*RgL(aPDCedY4bT+6xslbNStfc z$X2bJ8$?&FxjdkXWbXj9w6fTpw%SEMVfaipTqj^>v49AZd94}{w}E}Vc=RoINdUN2 zX;Hw7_60&3AG+0ZWt!stX@>(PSl&7~0Iz61ERA>vaH)ZwFANY6wazyKs)6_^zz?)) z0dE2aZ1y@_fC+4*4SW&={wMN%)2$xT%?bCms1Omd$s8%}m9_1Y7|y=q_ow8;WN(7J z3h055HhKq(>c@qBM3P@w!x|8x^KLO9!YL-gAmzg8yc7v#817Jt?^Ww*g01| zv^9vD9!i>NaEI;B!6ERuk&Dz;{X4}pY{d^K4OqCm;V*=Wc2JX2x}i^QmZ!ywvDkw@ z^2(dj<`w^UTDc&8?iGe6d;3TLYsz=Nk?)=)vKFZ%i-X{l^O1;raTZ|4JH=#4_=pt$ zWQIwLK>kH4RBH7Fu^8gqbrYArth^3TEN>Q%N*kS-LDSbuoL)*P9I>#Yva$GCqETZ2 zK3d!|_G9ldy;gW&wRT__Y12r(Eu8ZTDLU2gVUh)szZKtV8stw6h^D?feo?>Dxm{ZF zywL?4IV{Ew1+UNnga=6+0A7J0|5y`t2TWC^PNI|;yNpQ zldXDoIT|8; zHn$w-k`=sQGCydXJwPK0Eda&1PK+&^UOp|^n&k-R&3TEYOBeC)WpP^9ocUCy9q=bG9BrfSIbF*VmSyX@B$N9P1>0bt{oynwYF<5fHvUHZ)f#p;46%8Drf4Bql`xFD zem?%6t7ab39+We1z~uRIjbMcNjolzkiBQ4rtdKocsw;oold)l1ch-p2UrJItnn?qs)a1Y zfU|~`22@+V2iQYr$Q;uO->4Z55HWtj*LhX{J7TbGS~ttATi-SpneZc0=_QiW8E*HuVWE~3_IXtwoj;HK3~L%} z1vX&5Nq1N%_B<(NH3uT~CZpb{VyYfyB&5ca;LV~MF#vn}<@-`VPh>XCrj)9lX|i$yF9sz-cl)yjNI{*VJj zh>)){sn#YXG=SQ{sTX6KE>mxibRQ%ASkDaDxO1KYtOI=1`U&i@V<-`LtQ9hT_c`be znHq2!qW+7;X^MF!+uV(l6Vxh`=j4tTwH)a`?0|4BWfyt;OtXI(ICzx=!}<6-;X2yt z3!s#mLwihOMTRDBj=!ran$RmH;e!HLyk-p)BTAkBwU(9d)<0-Ap9$MeHFeLkRGXxQ zZGj0GM%wceCu&(%d?Pjp8?#vjV?I5$M?$txJURFdXU&b9F&$KDe>iUcG9IwH-JrR? z-jLQlDcG;aWA|Uo_DvRnC7WOM$`0=eLFO>U5cV_gy=!^EzO3m36ZzRlCeZ`>KS$nh zPQosZdxiD(_!f%$_SKn>4++MX?*e?B8WeMjQMKfS2@iO8B10&wwED_(rJCC;R*Zrh z>%7sEGB=S8w~ha}LNMfw{i65AZ$FHbRtn{{_%-rhPi_dvoj*I0w<)x8j=pkzd@kJl z_eBzj<}P%Vw_E8?0WO{&;W+>hkLWM|JAL>MTE5NNKTn(KQE`P!B7Iu_{Vy^Y%4J?< zHj@U`<^rAZ>%F0j723Xpx;Mk`NV*!3B6mrTSbbRu77&glDR&P1|lPt&YBHjE@w)Sl6 zdvS@+Fd?9>6-rE2z3F4EXaeYVzG~d$^DL9i_ zwUvsqKi|^5+RrNy8lH|qCStaD%&D{`_!82OE1UuMDfi-xyYRAH0}hbPrXlN!oxYOQ z=NVvpjl1hV^{zMBhfw}5&o{624yg6&&j_jo<{gd%sbp{A!2Epk#to;V7Va4HExdm# zgKBrn+-bwRl>T1AeSMnHuiT4xd#%{2P56#Uc<$360KPhFu3%0uGcOrk@I3En0l&}z zEP~elD@Epq4&Nt8DNC>X)9`vIX_; z>!jWZGqO5ALSlp${g-s4=+46xMqNCBfRk$PPRN)O-evzM<@aZo#4nsU=`jW5g&oWE zBOp6!2MC)#5R(^=;rmpe za2N62>TJE8si&16L@*XW{%be?j$o?C*-xHodj`L|)#203hh-dI523fa*kud&WgJKe z*6;*619#h{VRKMB?W+aDN41o{wxS7W@sN{*AW$5{LC1VS6tC`j>OHuAx#Ag>P`b;k z8bQiJC2YbO0Td5;p0L8eL7o2C>=dg@>s8I1K5bW1l)Qf7@e}k*ad|vvgX60WY^Gl> z>4<*i7ZIE zS_R$IqtH~Vvi8qtZ@~b=fOKN5jxo*W*T)h>M%u^aeD{R@897XsZZ``+a6gUozcotl zm=_>9N?x9^9()ut<~NT0RWCEtwoOTu8Z}%18rYE_RJ~`tqjQQgEZc5f@k*K|aY4hF z`Yk(5;g!%g!v9&d#F|*$N|CR58Re^tsE_WvC2}Hc1&yge$uSW7I=>Nc&}@9kXh7$R zjBFP5AJi!(i z%6e#imEaVtW{Jr}Wf9gx6cO&hw0)m$%7IuMUO~GcZ#wLV$=CST&{P9U``P0NRI zE0io1#U;%j^~-yP3Ybmz0U=#h<68<6%4fg%E7ovu!UA4w2-=^+)NwAfD@Lq!V@qF( zx;Xmp54>_=+QRi0mKE=4%f!z7`NAT)t!gYpI!$$d=Y#-sYi^C0Wj_Tw%FcUc#0)p!?V}OJs!Pl!`N#;SJaBd6 z(h6EDpSL|vOib7;z%!HSaBThpnQMw>K!TzugQw)rhBKnYl0PYVrjtbNq+5p$yKQx3 z1?&WT8N}v&?1M%-x225G!bLjYcQu%nH%76@zLZGnn^NsWkbNi!zEr5%t*4zdd{{(9 z8#l-*N)4MXWbD-?`E~xDNkn?z#Jr?4nQUeue$7gnH$ZnXB28A12TgMneTe2}`4jNV zR^yf&uY7BB*xd$(a8G<^uMEi~N07?S@AbqA?3tW zygiU&XbF0vA4ZDAEvTX?UCXcf!gyH1PqF;+c2sr;*%ir>36j#r|Jop=sCKj2kWRsN z>fW7ip(T4dat5Y~6{wV_5`fnwhr)g_JE(n>ITy+A4y!7iwr2fr<-@=)7Bz(}E5m(> z6LF=BqkHLL_cjSC=stv8oKhx5-YTIw0DBnpp==<2Wj=jUO}}jE@`uzx3#XDGyS3y+ zGUIV}6;L9@5(EljBXyNLd+|8zgu9c7bufLaw2O zO_sR&Rc$vw^h~E1WVTvY^FYLiLa!+(wr*;K@MDfRReqn|!jP#Khi^4*j7lQy^1{)P z^qp7K3K)z()vy(!Ed*qz9o$tzy~fOq^dZYrB{b10ucr|$T=PL<463`X#H1}fH1Daqni-R#9B{vC ze%ec|kC}Qf`tWX!nDfdEyx>0i#Wy;5>LEE9(@WfEz*mmv>-e;uc}GItL#QV8N*TE| znUjl>^G-3|u6}t1^nB&1JV~IZTzOAKEG{I`!3VfLI5^J4ZQ9tL*5MHP^)7j)cS1KasVKS4ExZRd< zm@zY2*g_I@KMwvxG}i~P?MH9|7Ndv$F@=9w*Vbx6 zp0rPFo3zNSo(K;+3tm6(zi63FT)D(k$LnXdmqm|ZDY^nYO0FP^#_>f{E9N8_)ZkJg zdvU95+4IV)iOIpT{ztEkPAGRvnE#y-(uTJL<_E;X8ii!s&? z!shIqhtl=D=RWsV1|CIqK?_ptn7w$3b+P}3x|@6H$}g=zP8ONo0WXs%S?Rj{cVNP$$N_&Z!b`Un?XQn4sI*Vi0pvKtZ6C1 zZ8#b6$qEaUG`k2itF*Y#X$^fJ#-eA(_PSATL*k>u^)d`Bf?MgyK9dTtlT?7JhEKSP zynwRylrJ4RI=lk8C0B@UG2CMtn@Kn^-L=T$;GuKRbJ&f=~r3*;;ucTC?qmY?rzE4Iwvm$DN;ly? zkY`cA2k;U{Kzi7orcMe^))#j4u}Mn(Bkz5ajl0-FpwbKg>rkV>qcLNtG!UxX~;THg1x&dEa<( zgF7&I9zb(`g3Vx*_o8fdzLYV3I$E0q6=)Nj>>BoQ#nkp~!Rq0ehbD!;p>QK*narV5 zRs|_I3ZHnyj4hqqJbtFW%!j2)$*)!jPfp};ZGi-i%u=MTZ21hAS>g^wVpX^ib6(hb z?T0@dzBtd^@Ql7M^Tw009d|Bv;2v3McEtAK*{sHO32uI1I2AIEqU-s}cD=}V`g017 zr&l?=s>78#-T4H~X_E@95-NIjZL+RQP*e;fnz!=@1?ebts?q-*w`D3m*?|79j>$$Q z3nH6BksCT|f{d)j>@Q;?Fum-qm)}AM>_94tZgV^#D|ib9*L?PB?rb#%5{0N*Wni>n z&{HDz%4ZQVR_7%DshUj)W9TaqjK;pH+Nirod3BcM=t%i`gzn9h^T%}Mvd|#0Z&yzu zDX_~ZM}v-G`x;(x$alBPMtxN`p{I)} zvLl-&*}_P6o1vGka8zv6eZ4JPiFn1eo}}~5?c>EKBCk~&wTKxC;*3ld`wEtCyDHxU zA0|CL8;C{EQ1`JUVCM*aznIYu<(E$SSsNy$Gpaef20TA`{Mih5utY#3OZ~%#gv@ci z&M&+HQ$`Ww@$bg|_#lp9vUi);=cjhFQ2PSr28nmk(G7zYcYliUi!}?1h@5Y;;e=6I z68dZ4iPT+^kOafxzcK()F}&lmn27zJi@j0h68D`@t1jml1DU8hDr4hsP?7GmTizmi z;S0oxs%_LPxk6>mr8Q(p5n*UO66>_M7i_#&fl{&pxRk7px zsN51=YNR18!X&haokX+6Ov{Kl?RACC#3r)WJ8?;wRUbuTaE?xmgHm8|K-ey*xESLF zhnw;}s{7Hg@hOWg>S&jz4*giH(b|w$naB6;9#d>iG7SmRFL05;`-`%Sa``H%7szQn z5it8fC$`^ z4;CYo{fh0QTkVbdj^oOwJjuK7q_bqWnUUje)jos9erflSL*EHd_nq({-O4e4FeU zH_R|smkn#|+vM4g$7O6C+2q~U&~U0ziD%c0Ry4JkMV0d%jcYXrZ%7ZHD6D9CTE9%Q zJ>7rS9af7~zILEMFwkSP6n6NB9271&TGyf8L7bT+pJ|p@-UIfkDx;PGN7fVJmXeK2 z__;ITRD`1OIBkG!9ps%(bUt*{5vMnYh_l3kHMsKdmr2R_ugj_0W#B%kwxYX!Hmmk5O!hA$aymZrL68sxH;7VA0-S;c^hMr9+6S{CK zj~^fLY}zllyR_)9p|?x>g{@_-W*wO+Fo%)lhMmT3Uv%4z&#V_?r#6)~ToNJlAlTA) z34+N)kqssaJ#{78am>_~6Cp4|E~Ce5%4)3oZS3k7Llbdh)e>L0>rVEFCEb*$*qLsn zKceNA0~3Q)#Dja0jV*F>99oSXb{lb329};!d4|XUMM+y}}|D*l(K@wOR|O)Igt3&|5_cJ2M$5IualK6xEf5Pk-DRKdZAt zegP^s^B86*fp?991#4#@K@|xbsgp|R?3~sD63h__ia{(OFt#jaMtew^8d`&-!ToiUGgf?zw7pUSglUV*Zdc~6b zXGb|2V%7@w(h2#VoGsEx9j)+DYAV{uSRSw9oSe(5OV?rJxfeSM-#eV0d6U=gIXTMw z4O=k(F(ycf{K%yf9Sm9KFiGleQxwQ-;p^>^3A}kE_oT~0Fx~$Z?P96*H3~a_-*{3a z1;Z)2)}*V;@opjmUfj^hTdtx?IRjP>@wpSLTEV(4;1y2B9VnulI989ybySc&tXfe_WcByt7s4Fk!s_}u6p!3ubp5|C&Fn}jpa0eZ* zS@K)uAJ@dJ_OUjHcpgbCmiLN*1}vP%Um>2G3vWCVUI4lbD#P@`hrBUj z;vFL1ff?cd;AI_o{~+x@p0HO@oL(c1*T1I|fn;vrL^Z`1%E;`I2KwJ}I}VLjp0%Z@uKzPyJ*h!bzY=sE&yN!i|&a=Q$` z>!`{|4BDC`q|`!C+NHQjCYL8xk;FfD(jK|+cB)iujBqR zSHfe$MjB%i^QZ+>v9%3}OEHbb*@?g83Fg1&ErSHdzfYy8U0mY~G>O3;y8J27VuX-0 zMNN?jr#XKfM1TZ@SVd=JoA&iLw-iN3)@;^)xV`!DFxHdd1ZDT1Ij?<-uTWs?ARhz| zhfU_|cZicBXjlDUzE-xo_>!9!Nq(?Dz5?=!j^A^jVRLI7*|Q$ETTk_>2Erm?lwI@(q)!SEv8BkhaTCNV0R> zcn6pMbmHr7$r?llqw;tT^7}P?&ux;I@&6Q^}Rl$lCUsbJ|fmj zGs@tH)>Lfy(D3uuJ+9W~=kmRn9LYqlPjRasdu_T%*p^MN`LW(~{T~@TqaN3#uI__N z=#rP>6a9Kg`hLFCMt5*pZVpwq8F>EgU=u2 zx8Z}k{rF9Eq<74zIMdI>@}=cYm5yo`Um+dDhE}7t^?v-qXY?#2D6Ot2`$mji-qi#3 z_R$`)9ZOi#GIlR+V;QwoT^S=1a$nI*D0B|xC>t@z62`5kCU(%x4_JS*_>^}YERz84EX6E7EqMQyH5d1|woGcuSBNZkXqn~> zpvXt-HctD(9RH%FXnpkVds#qt`bq1NXr9OMZeoEw&DhnDX^VKrii9jQ5tUsPUqxk* zyz<_|DgzH?;kP7k>rTe5esNV(!N&>giAh`yH3;4i`0u(?1Ca-uILDd#NV+6Dk?Izr z?E|RleiX#0bs5OS-~BwOhX6i2mg9_oOF+f~7E}=vulI<_@@IMPGjt$uoUzA6#ha2N z-y#5%NZXJ(@jhXQ#aFSKY63ez=U9`LG#u6NEXZ)5pvNRJUE9rh@Z?s@%lXA_Ah#S5k~ynPDzx)vaBq>*GCyxSljGc zW1*r0X$Kclgct)2k%Qw8VSC%+lf8*4)viXG_Zf2UoM@AC5>dwotxHRCz;gIon>s)Zh z#RGpCb_~^ETfp2Jc5EXK^EnRKt=J3&TEU+Xm5s;lKZ}yL#|~*sFH`?vaFs9qYmB_z zcD+>{j;s{5os@Hu>5;FSo-(3~@Lc6arK%I&^^F{&=c~?$azjd`z{i68rf(YfT>%B^ zzt?H+U=M|Ph~GR6y_B1mtzus|p56Z)BvZj6UH!74RV(4v&XkG^nqBrf)DeG7(sH}_ zu++uFz05*Ml)2$kHf)qInSk&Si-iMP-CP_-OMp#AX1t60ANFzgTJpPF_Bg^C+S-#& z4+e*uR`SRkI;jID4pVZockJ0eo~Q64EzrrvF0Av2gx{zVM)6OC5)AN;Ym>S})Oq&L z<>Q6%(=gIISS)p;u>zemYy^J}ncB^-rmF?4SbY0YlA^`B&ROnJQs2CEQ50}XOo$qU z2{!(qV@<(2TzZ%+tItX_jB~J;Oe?9?PCn9R8l@PZ-0&oNRSWHLAc5JyUgu}GBvO{G z=6ms=9kJh=WUSp2y3UCX&NmJ0l7S6zG&vTk%*P_!9y4%4V6(?~A7cNF6YOqE z-ps0_q?n5mrY81OmeJ9F?2=4WeE}S+acN}|s1A^$WbqjuCv1uZJ=(Fp5Nug3Bvd9l z+1*1phtu39UGTXUgAub)%Wbgk^Ax(w`lq>$fL%-&Sq`yYBK;Rh?_{n~6QizZ_mauJ zq)cu80!10rrZkTsM|*Z5b(Lphc`%x;A@BxB?f?J?@pizqcKWeS{0Z^!#w~NiZ;N;}0jPY~mhS@i3UCu{buvy*kr!div@5{)-&qY-a=PUY0e;&ww zs?D>VKJU-6k9=h4c~5J$ZLxqwW(S-f>Zhuw-3~&HOgbKjJuS>eDlYv?&>5$`6_z1YJJz4MA5g#>FB#b@c&t0YY(}}` supports backup and restoration of NATS streams. This guide will show you how you can backup & restore a Helm managed NATS server using Stash. + +## Before You Begin + +- At first, you need to have a Kubernetes cluster, and the `kubectl` command-line tool must be configured to communicate with your cluster. +- Install Stash in your cluster following the steps [here](/docs/setup/install/stash/index.md). +- If you are not familiar with how Stash backup and restore NATS streams, please check the following guide [here](/docs/addons/nats/overview/index.md). + +You have to be familiar with following custom resources: + +- [AppBinding](/docs/concepts/crds/appbinding/index.md) +- [Function](/docs/concepts/crds/function/index.md) +- [Task](/docs/concepts/crds/task/index.md) +- [BackupConfiguration](/docs/concepts/crds/backupconfiguration/index.md) +- [BackupSession](/docs/concepts/crds/backupsession/index.md) +- [RestoreSession](/docs/concepts/crds/restoresession/index.md) + +To keep things isolated, we are going to use a separate namespace called `demo` throughout this tutorial. Create `demo` namespace if you haven't created already. + +```bash +$ kubectl create ns demo +namespace/demo created +``` + +> Note: YAML files used in this tutorial are stored [here](https://github.com/kubestash/docs/tree/{{< param "info.version" >}}/docs/addons/nats/helm/examples). + +## Prepare NATS + +In this section, we are going to deploy a NATS cluster. Then, we are going to insert some sample data into it. + +### Deploy NATS Cluster + +At first, let's deploy a NATS cluster. Here, we are going to use [NATS]( https://github.com/nats-io/k8s/tree/main/helm/charts/nats) chart from [nats.io](https://nats.io/). + +Let's deploy a nats cluster named `sample-nats` using Helm as below, + +```bash +# Add nats chart registry +$ helm repo add nats https://nats-io.github.io/k8s/helm/charts/ +# Update helm registries +$ helm repo update +# Install nats/nats chart into demo namespace +$ helm install sample-nats nats/nats -n demo \ +--set nats.jetstream.enabled=true \ +--set nats.jetstream.fileStorage.enabled=true \ +--set cluster.enabled=true \ +--set cluster.replicas=3 +``` + +This chart will create the necessary StatefulSet, Service, PVCs etc. for the NATS cluster. You can easily view all the resources created by chart using [ketall](https://github.com/corneliusweig/ketall) `kubectl` plugin as below, + +```bash +❯ kubectl get-all -n demo -l app.kubernetes.io/instance=sample-nats +NAME NAMESPACE AGE +configmap/sample-nats-config demo 11m +endpoints/sample-nats demo 11m +persistentvolumeclaim/sample-nats-js-pvc-sample-nats-0 demo 11m +persistentvolumeclaim/sample-nats-js-pvc-sample-nats-1 demo 10m +persistentvolumeclaim/sample-nats-js-pvc-sample-nats-2 demo 10m +pod/sample-nats-0 demo 11m +pod/sample-nats-1 demo 10m +pod/sample-nats-2 demo 10m +service/sample-nats demo 11m +controllerrevision.apps/sample-nats-775468b94f demo 11m +statefulset.apps/sample-nats demo 11m +endpointslice.discovery.k8s.io/sample-nats-7n7v6 demo 11m +``` + +Now, wait for the NATS server pods `sample-nats-0`, `sample-nats-1`, `sample-nats-2` to go into `Running` state, + +```bash +❯ kubectl get pod -n demo -l app.kubernetes.io/instance=sample-nats +NAME READY STATUS RESTARTS AGE +sample-nats-0 3/3 Running 0 9m58s +sample-nats-1 3/3 Running 0 9m35s +sample-nats-2 3/3 Running 0 9m12s +``` + +Once the nats server pods are in `Running` state, verify that the NATS server is ready to accept the connections. + +```bash +❯ kubectl logs -n demo sample-nats-0 -c nats +[7] 2021/09/06 08:33:53.111508 [INF] Starting nats-server +[7] 2021/09/06 08:33:53.111560 [INF] Version: 2.6.1 +... +[7] 2021/09/06 08:33:53.116004 [INF] Server is ready +``` + +From the above log, we can see the NATS server is ready to accept connections. + +### Insert Sample Data + +The above Helm chart also deploy a pod with nats-box image which can be used to interact with the NATS server. Let's verify the nats-box pod has been created. + +```bash +❯ kubectl get pod -n demo -l app=sample-nats-box +NAME READY STATUS RESTARTS AGE +sample-nats-box-785f8458d7-wtnfx 1/1 Running 0 7m20s +``` + +Now, let's exec into the nats-box pod and insert some sample data, + +``` +❯ kubectl exec -n demo -it sample-nats-box-785f8458d7-wtnfx -- sh -l +... +# Let's create a stream named "ORDERS" +sample-nats-box-785f8458d7-wtnfx:~# nats stream add ORDERS --subjects "ORDERS.*" --ack --max-msgs=-1 --max-bytes=-1 --max-age=1y --storage file --retention limits --max-msg-size=-1 --max-msgs-per-subject=-1 --discard old --dupe-window="0s" --replicas 1 +Stream ORDERS was created + +Information for Stream ORDERS created 2021-09-03T07:12:07Z + +Configuration: + + Subjects: ORDERS.* + Acknowledgements: true + Retention: File - Limits + Replicas: 1 + Discard Policy: Old + Duplicate Window: 2m0s + Maximum Messages: unlimited + Maximum Bytes: unlimited + Maximum Age: 1y0d0h0m0s + Maximum Message Size: unlimited + Maximum Consumers: unlimited + + +Cluster Information: + + Name: nats + Leader: nats-0 + +State: + + Messages: 0 + Bytes: 0 B + FirstSeq: 0 + LastSeq: 0 + Active Consumers: 0 + + +# Verify that the stream has been created successfully +sample-nats-box-785f8458d7-wtnfx:~# nats stream ls +Streams: + + ORDERS + +# Lets add some messages to the stream "ORDERS" +sample-nats-box-785f8458d7-wtnfx:~# nats pub ORDERS.scratch hello +08:55:39 Published 5 bytes to "ORDERS.scratch" + +# Add another message +sample-nats-box-785f8458d7-wtnfx:~# nats pub ORDERS.scratch world +08:56:11 Published 5 bytes to "ORDERS.scratch" + +# Verify that the messages have been published to the stream successfully +sample-nats-box-785f8458d7-wtnfx:~# nats stream info ORDERS +Information for Stream ORDERS created 2021-09-03T07:12:07Z + +Configuration: + + Subjects: ORDERS.* + Acknowledgements: true + Retention: File - Limits + Replicas: 1 + Discard Policy: Old + Duplicate Window: 2m0s + Maximum Messages: unlimited + Maximum Bytes: unlimited + Maximum Age: 1y0d0h0m0s + Maximum Message Size: unlimited + Maximum Consumers: unlimited + + +Cluster Information: + + Name: nats + Leader: nats-0 + +State: + + Messages: 2 + Bytes: 98 B + FirstSeq: 1 @ 2021-09-03T08:55:39 UTC + LastSeq: 2 @ 2021-09-03T08:56:11 UTC + Active Consumers: 0 + +sample-nats-box-785f8458d7-wtnfx:~# exit +``` + +We have successfully deployed a NATS cluster, created a stream and publish some messages into the stream. In the subsequent sections, we are going to backup this sample data using Stash. + +## Prepare for Backup + +In this section, we are going to prepare the necessary resources (i.e. connection information, backend information, etc.) before backup. + +### Ensure NATS Addon + +When you install Stash, it will automatically install all the official addons. Make sure that NATS addon has been installed properly using the following command. + +```bash +❯ kubectl get tasks.stash.appscode.com | grep nats +nats-backup-2.6.1 24m +nats-restore-2.6.1 24m +``` + +This addon should be able to take backup of the NATS streams with matching major versions as discussed in [Addon Version Compatibility](/docs/addons/nats/README.md#addon-version-compatibility). + +### Create AppBinding + +Stash needs to know how to connect with the NATS server. An `AppBinding` exactly provides this information. It holds the Service and Secret information of the NATS server. You have to point to the respective `AppBinding` as a target of backup instead of the NATS server itself. + +Here, is the YAML of the `AppBinding` that we are going to create for the NATS server we have deployed earlier. + +```yaml +apiVersion: appcatalog.appscode.com/v1alpha1 +kind: AppBinding +metadata: + labels: + app.kubernetes.io/instance: sample-nats + name: sample-nats + namespace: demo +spec: + clientConfig: + service: + name: sample-nats + port: 4222 + scheme: nats + type: nats.io/nats + version: 2.6.1 +``` + +Here, + +- **.spec.clientConfig.service** specifies the Service information to use to connects with the NATS server. +- `spec.type` specifies the type of the target. This is particularly helpful in auto-backup where you want to use different path prefixes for different types of target. + +Let's create the `AppBinding` we have shown above, + +```bash +$ kubectl apply -f https://github.com/kubestash/docs/tree/{{< param "info.version" >}}/docs/addons/nats/helm/examples/appbinding.yaml +appbinding.appcatalog.appscode.com/sample-nats created +``` + +### Prepare Backend + +We are going to store our backed up data into a GCS bucket. So, we need to create a Secret with GCS credentials and a `Repository` object with the bucket information. If you want to use a different backend, please read the respective backend configuration doc from [here](/docs/guides/backends/overview/index.md). + +**Create Storage Secret:** + +At first, let's create a secret called `gcs-secret` with access credentials to our desired GCS bucket, + +```bash +$ echo -n 'changeit' > RESTIC_PASSWORD +$ echo -n '' > GOOGLE_PROJECT_ID +$ cat downloaded-sa-json.key > GOOGLE_SERVICE_ACCOUNT_JSON_KEY +$ kubectl create secret generic -n demo gcs-secret \ + --from-file=./RESTIC_PASSWORD \ + --from-file=./GOOGLE_PROJECT_ID \ + --from-file=./GOOGLE_SERVICE_ACCOUNT_JSON_KEY +secret/gcs-secret created +``` + +**Create Repository:** + +Now, create a `Repository` object with the information of your desired bucket. Below is the YAML of `Repository` object we are going to create, + +```yaml +apiVersion: stash.appscode.com/v1alpha1 +kind: Repository +metadata: + name: gcs-repo + namespace: demo +spec: + backend: + gcs: + bucket: stash-testing + prefix: /demo/nats/sample-nats + storageSecretName: gcs-secret +``` + +Let's create the `Repository` we have shown above, + +```bash +$ kubectl create -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/nats/helm/examples/repository.yaml +repository.stash.appscode.com/gcs-repo created +``` + +Now, we are ready to backup our streams into our desired backend. + +### Backup + +To schedule a backup, we have to create a `BackupConfiguration` object targeting the respective `AppBinding` of our NATS server. Then, Stash will create a CronJob to periodically backup the streams. + +#### Create BackupConfiguration + +Below is the YAML for `BackupConfiguration` object that we are going to use to backup the streams of the NATS server we have created earlier, + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: sample-nats-backup + namespace: demo +spec: + task: + name: nats-backup-2.6.1 + schedule: "*/5 * * * *" + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-nats + interimVolumeTemplate: + metadata: + name: sample-nats-backup-tmp-storage + spec: + accessModes: [ "ReadWriteOnce" ] + storageClassName: "standard" + resources: + requests: + storage: 1Gi + retentionPolicy: + name: keep-last-5 + keepLast: 5 + prune: true +``` + +Here, + +- `.spec.schedule` specifies that we want to backup the streams at 5 minutes intervals. +- `.spec.task.name` specifies the name of the Task object that specifies the necessary Functions and their execution order to backup NATS streams. +- `.spec.repository.name` specifies the Repository CR name we have created earlier with backend information. +- `.spec.target.ref` refers to the AppBinding object that holds the connection information of our targeted NATS server. +- `spec.interimVolumeTemplate` specifies a PVC template that will be used by Stash to hold the dumped data temporarily before uploading it into the cloud bucket. +- `.spec.retentionPolicy` specifies a policy indicating how we want to cleanup the old backups. + +Let's create the `BackupConfiguration` object we have shown above, + +```bash +$ kubectl create -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/nats/helm/examples/backupconfiguration.yaml +backupconfiguration.stash.appscode.com/sample-nats-backup created +``` + +#### Verify Backup Setup Successful + +If everything goes well, the phase of the `BackupConfiguration` should be `Ready`. The `Ready` phase indicates that the backup setup is successful. Let's verify the `Phase` of the BackupConfiguration, + +```bash +$ kubectl get backupconfiguration -n demo +NAME TASK SCHEDULE PAUSED PHASE AGE +sample-nats-backup nats-backup-2.6.1 */5 * * * * Ready 11s +``` + + +#### Verify CronJob + +Stash will create a CronJob with the schedule specified in `spec.schedule` field of `BackupConfiguration` object. + +Verify that the CronJob has been created using the following command, + +```bash +❯ kubectl get cronjob -n demo +NAME SCHEDULE SUSPEND ACTIVE LAST SCHEDULE AGE +stash-backup-sample-nats-backup */5 * * * * False 0 14s +``` + +#### Wait for BackupSession + +The `sample-nats-backup` CronJob will trigger a backup on each scheduled slot by creating a `BackupSession` object. + +Now, wait for a schedule to appear. Run the following command to watch for `BackupSession` object, + +```bash +❯ kubectl get backupsession -n demo -w +NAME INVOKER-TYPE INVOKER-NAME PHASE DURATION AGE +sample-nats-backup-8x8fp BackupConfiguration sample-nats-backup Succeeded 42s 8m28s +``` + +Here, the phase `Succeeded` means that the backup process has been completed successfully. + +#### Verify Backup + +Now, we are going to verify whether the backed up data is present in the backend or not. Once a backup is completed, Stash will update the respective `Repository` object to reflect the backup completion. Check that the repository `gcs-repo` has been updated by the following command, + +```bash +❯ kubectl get repository -n demo +NAME INTEGRITY SIZE SNAPSHOT-COUNT LAST-SUCCESSFUL-BACKUP AGE +gcs-repo true 1.382 KiB 1 9m4s 24m +``` + +Now, if we navigate to the GCS bucket, we will see the backed up data has been stored in `demo/nats/sample-nats` directory as specified by `.spec.backend.gcs.prefix` field of the `Repository` object. + +

    + Backup data in GCS Bucket +
    Fig: Backup data in GCS Bucket
    +
    + + +> Note: Stash keeps all the backed up data encrypted. So, data in the backend will not make any sense until they are decrypted. + +## Restore + +If you have followed the previous sections properly, you should have a successful backup of your NATS streams. Now, we are going to show how you can restore the streams from the backed up data. + +### Restore Into the Same NATS Cluster + +You can restore your data into the same NATS cluster you have backed up from or into a different NATS cluster in the same cluster or a different cluster. In this section, we are going to show you how to restore in the same NATS cluster which may be necessary when you have accidentally lost any data. + +#### Temporarily Pause Backup + +At first, let's stop taking any further backup of the NATS streams so that no backup runs after we delete the sample data. We are going to pause the `BackupConfiguration` object. Stash will stop taking any further backup when the `BackupConfiguration` is paused. + +Let's pause the `sample-nats-backup` BackupConfiguration, + +```bash +$ kubectl patch backupconfiguration -n demo sample-nats-backup --type="merge" --patch='{"spec": {"paused": true}}' +backupconfiguration.stash.appscode.com/sample-nats-backup patched +``` + +Verify that the `BackupConfiguration` has been paused, + +```bash +❯ kubectl get backupconfiguration -n demo sample-nats-backup +NAME TASK SCHEDULE PAUSED PHASE AGE +sample-nats-backup nats-backup-2.6.1 */5 * * * * true Ready 2d18h +``` + +Notice the `PAUSED` column. Value `true` for this field means that the `BackupConfiguration` has been paused. + +Stash will also suspend the respective CronJob. + +```bash +❯ kubectl get cronjob -n demo +NAME SCHEDULE SUSPEND ACTIVE LAST SCHEDULE AGE +stash-backup-sample-nats-backup */5 * * * * True 0 56s 2d18h +``` + +#### Simulate Disaster + +Now, let's simulate a disaster scenario. Here, we are going to exec into the nats-box pod and delete the sample data we have inserted earlier. + +```bash +❯ kubectl exec -n demo -it sample-nats-box-785f8458d7-wtnfx -- sh -l +... +# delete the stream "ORDERS" +sample-nats-box-785f8458d7-wtnfx:~# nats stream rm ORDERS -f + +# verify that the stream has been deleted +sample-nats-box-785f8458d7-wtnfx:~# nats stream ls +No Streams defined + +sample-nats-box-785f8458d7-wtnfx:~# exit +``` + +#### Create RestoreSession + +To restore the streams, you have to create a `RestoreSession` object pointing to the `AppBinding` of the targeted NATS server. + +Here, is the YAML of the `RestoreSession` object that we are going to use for restoring the streams of the NATS server. + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: RestoreSession +metadata: + name: sample-nats-restore + namespace: demo +spec: + task: + name: nats-restore-2.6.1 + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-nats + interimVolumeTemplate: + metadata: + name: nats-restore-tmp-storage + spec: + accessModes: [ "ReadWriteOnce" ] + storageClassName: "standard" + resources: + requests: + storage: 1Gi + rules: + - snapshots: [latest] +``` + +Here, + +- `.spec.task.name` specifies the name of the Task object that specifies the necessary Functions and their execution order to restore NATS streams. +- `.spec.repository.name` specifies the Repository object that holds the backend information where our backed up data has been stored. +- `.spec.target.ref` refers to the respective AppBinding of the `sample-nats` cluster. +- `.spec.interimVolumeTemplate` specifies a PVC template that will be used by Stash to hold the restored data temporarily before injecting into the NATS server. +- `.spec.rules` specifies that we are restoring data from the latest backup snapshot of the streams. + +Let's create the `RestoreSession` object object we have shown above, + +```bash +$ kubectl apply -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/nats/helm/examples/restoresession.yaml +restoresession.stash.appscode.com/sample-nats-restore created +``` + +Once, you have created the `RestoreSession` object, Stash will create a restore Job. Run the following command to watch the phase of the `RestoreSession` object, + +```bash +❯ kubectl get restoresession -n demo -w +NAME REPOSITORY PHASE DURATION AGE +sample-nats-restore gcs-repo Succeeded 15s 55s +``` + +The `Succeeded` phase means that the restore process has been completed successfully. + +#### Verify Restored Data + +Now, let's exec into the nats-box pod and verify whether data actual data has been restored or not, + +```bash +❯ kubectl exec -n demo -it sample-nats-box-785f8458d7-wtnfx -- sh -l +... +# Verify that the stream has been restored successfully +sample-nats-box-785f8458d7-wtnfx:~# nats stream ls +Streams: + + ORDERS + +# Verify that the messages have been restored successfully +sample-nats-box-785f8458d7-wtnfx:~# nats stream info ORDERS +Information for Stream ORDERS created 2021-09-03T07:12:07Z + +Configuration: + + Subjects: ORDERS.* + Acknowledgements: true + Retention: File - Limits + Replicas: 1 + Discard Policy: Old + Duplicate Window: 2m0s + Maximum Messages: unlimited + Maximum Bytes: unlimited + Maximum Age: 1y0d0h0m0s + Maximum Message Size: unlimited + Maximum Consumers: unlimited + + +Cluster Information: + + Name: nats + Leader: nats-0 + +State: + + Messages: 2 + Bytes: 98 B + FirstSeq: 1 @ 2021-09-03T08:55:39 UTC + LastSeq: 2 @ 2021-09-03T08:56:11 UTC + Active Consumers: 0 + +sample-nats-box-785f8458d7-wtnfx:~# exit +``` + +Hence, we can see from the above output that the deleted data has been restored successfully from the backup. + +#### Resume Backup + +Since our data has been restored successfully we can now resume our usual backup process. Resume the `BackupConfiguration` using following command, + +```bash +❯ kubectl patch backupconfiguration -n demo sample-nats-backup --type="merge" --patch='{"spec": {"paused": false}}' +backupconfiguration.stash.appscode.com/sample-nats-backup patched +``` + +Verify that the `BackupConfiguration` has been resumed, +```bash +❯ kubectl get backupconfiguration -n demo sample-nats-backup +NAME TASK SCHEDULE PAUSED PHASE AGE +sample-nats-backup nats-backup-2.6.1 */5 * * * * false Ready 2d19h +``` + +Here, `false` in the `PAUSED` column means the backup has been resumed successfully. The CronJob also should be resumed now. + +```bash +❯ kubectl get cronjob -n demo +NAME SCHEDULE SUSPEND ACTIVE LAST SCHEDULE AGE +stash-backup-sample-nats-backup */5 * * * * False 0 3m24s 4h54m +``` + +Here, `False` in the `SUSPEND` column means the CronJob is no longer suspended and will trigger in the next schedule. + +### Restore Into Different NATS Cluster of the Same Namespace + +If you want to restore the backed up data into a different NATS cluster of the same namespace, you have to create another `AppBinding` pointing to the desired NATS cluster. Then, you have to create the `RestoreSession` pointing to the new `AppBinding`. + +### Restore Into Different Namespace + +If you want to restore into a different namespace of the same cluster, you have to create the Repository, backend Secret, AppBinding, in the desired namespace. You can use [Stash kubectl plugin](https://stash.run/docs/{{< param "info.version" >}}/guides/cli/cli/) to easily copy the resources into a new namespace. Then, you have to create the `RestoreSession` object in the desired namespace pointing to the Repository, AppBinding of that namespace. + +### Restore Into Different Cluster + +If you want to restore into a different cluster, you have to install Stash in the desired cluster. Then, you have to create the Repository, backend Secret, AppBinding, in the desired cluster. Finally, you have to create the `RestoreSession` object in the desired cluster pointing to the Repository, AppBinding of that cluster. + +## Cleanup + +To cleanup the Kubernetes resources created by this tutorial, run: + +```bash +kubectl delete -n demo backupconfiguration sample-nats-backup +kubectl delete -n demo restoresession sample-nats-restore +kubectl delete -n demo repository gcs-repo +# delete the nats chart +helm delete sample-nats -n demo +``` diff --git a/docs/addons/nats/overview/images/backup_overview.svg b/docs/addons/nats/overview/images/backup_overview.svg new file mode 100644 index 0000000..6d54b9c --- /dev/null +++ b/docs/addons/nats/overview/images/backup_overview.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/docs/addons/nats/overview/images/restore_overview.svg b/docs/addons/nats/overview/images/restore_overview.svg new file mode 100644 index 0000000..e76fdc8 --- /dev/null +++ b/docs/addons/nats/overview/images/restore_overview.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/docs/addons/nats/overview/index.md b/docs/addons/nats/overview/index.md new file mode 100644 index 0000000..c6fe8f7 --- /dev/null +++ b/docs/addons/nats/overview/index.md @@ -0,0 +1,81 @@ +--- +title: NATS Backup & Restore Overview | Stash +description: How NATS Backup & Restore Works in Stash +menu: + docs_{{ .version }}: + identifier: stash-nats-overview + name: How does it work? + parent: stash-nats + weight: 10 +product_name: kubestash +menu_name: docs_{{ .version }} +section_menu_id: stash-addons +--- + +# How Stash Backups & Restores NATS Streams + +Stash `{{< param "info.version" >}}` supports backup and restore operation of NATS streams. This guide will give you an overview of how NATS stream backup and restore process works in Stash. + +## How Backup Works + +The following diagram shows how Stash takes a backup of NATS streams. Open the image in a new tab to see the enlarged version. + +
    + NATS Backup Overview +
    Fig: NATS Backup Overview
    +
    + +The backup process consists of the following steps: + +1. At first, a user creates a secret with access credentials of the backend where the backed up data will be stored. + +2. Then, she creates a `Repository` crd that specifies the backend information along with the secret that holds the credentials to access the backend. + +3. Then, she creates a `BackupConfiguration` crd targeting the [AppBinding](/docs/concepts/crds/appbinding/index.md) crd of the respective NATS server. The `BackupConfiguration` object also specifies the `Task` to use to backup the NATS streams. + +4. Stash operator watches for `BackupConfiguration` crd. + +5. Once Stash operator finds a `BackupConfiguration` crd, it creates a CronJob with the schedule specified in `BackupConfiguration` object to trigger backup periodically. + +6. On the next scheduled slot, the CronJob triggers a backup by creating a `BackupSession` crd. + +7. Stash operator also watches for `BackupSession` crd. + +8. When it finds a `BackupSession` object, it resolves the respective `Task` and `Function` and prepares a Job definition to backup. + +9. Then, it creates the Job to backup the targeted NATS server. + +10. The backup Job reads necessary information to connect with the NATS server from the `AppBinding` crd. It also reads backend information and access credentials from `Repository` crd and Storage Secret respectively. + +11. Then, the Job dumps the targeted streams and uploads the output to the backend. Stash stores the dumped files temporarily before uploading into the backend. Hence, you should provide a PVC template using `spec.interimVolumeTemplate` field of `BackupConfiguration` crd to use to store those dumped files temporarily. Make sure that the provided PVC size is capable of storing all (or, specified) the NATS streams. + +12. Finally, when the backup is completed, the Job sends Prometheus metrics to the Pushgateway running inside Stash operator pod. It also updates the `BackupSession` and `Repository` status to reflect the backup procedure. + +## How Restore Process Works + +The following diagram shows how Stash restores backed up data into a NATS streaming server. Open the image in a new tab to see the enlarged version. + +
    + NATS Restore Overview +
    Fig: NATS Restore Process
    +
    + +The restore process consists of the following steps: + +1. At first, a user creates a `RestoreSession` crd targeting the `AppBinding` of the desired NATS server where the backed up data will be restored. It also specifies the `Repository` crd which holds the backend information and the `Task` to use to restore the target. + +2. Stash operator watches for `RestoreSession` object. + +3. Once it finds a `RestoreSession` object, it resolves the respective `Task` and `Function` and prepares a Job definition to restore. + +4. Then, it creates the Job to restore the target. + +5. The Job reads necessary information to connect with the NATS server from respective `AppBinding` crd. It also reads backend information and access credentials from `Repository` crd and Storage Secret respectively. + +6. Then, the job downloads the backed up data from the backend and restore the streams. Stash stores the downloaded files temporarily before inserting into the targeted NATS server. Hence, you should provide a PVC template using `spec.interimVolumeTemplate` field of `RestoreSession` crd to use to store those restored files temporarily. Make sure that the provided PVC size is capable of storing all the backed up NATS streams. + +7. Finally, when the restore process is completed, the Job sends Prometheus metrics to the Pushgateway and update the `RestoreSession` status to reflect restore completion. + +## Next Steps + +- Backup your NATS using Stash following the guide from [here](/docs/addons/nats/helm/index.md). diff --git a/docs/addons/nats/tls/examples/appbinding.yaml b/docs/addons/nats/tls/examples/appbinding.yaml new file mode 100644 index 0000000..71b54b3 --- /dev/null +++ b/docs/addons/nats/tls/examples/appbinding.yaml @@ -0,0 +1,18 @@ +apiVersion: appcatalog.appscode.com/v1alpha1 +kind: AppBinding +metadata: + labels: + app.kubernetes.io/instance: sample-nats-tls + name: sample-nats-tls + namespace: demo +spec: + clientConfig: + caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM4RENDQWRpZ0F3SUJBZ0lRUDZ1UXIxQVlFWnJzREF6ZHBRR09HekFOQmdrcWhraUc5dzBCQVFzRkFEQVMKTVJBd0RnWURWUVFERXdkdVlYUnpMV05oTUI0WERUSXhNRGt5TnpBMU5EWTBOVm9YRFRJeU1Ea3lOakExTkRZMApOVm93RWpFUU1BNEdBMVVFQXhNSGJtRjBjeTFqWVRDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDCkFRb0NnZ0VCQUovelJtSE1CUVdGMTNXZlJubzFsV0ZJajZmNmhyRGRVR0RTMXBrY0hmMDlqNS90bEpYSHpCbVMKZSs2YS9Qb1MrdkMyWEtyeVp3UVB0NW5BaUxXR1NxM3VBRnJ3TUJncVBBQktOa1hHL1hjamNvbU5lVTFaQlNYYgo1WmlJa2F6TUZPOGFqRWxYb3RmYnQ2cVc5MGNCTVduRW9pcnUyWkFyam50WjJpMmpPeGRodUJpRTkxamRsZWMyCkdZWGFKVlJ5RkF1eVdXanVEV3o0NjFKdXBMdXcxVWJyVHpmMExUenQxdk9ONnZNU1RQT0Z0S0tnd0RGenB5ZkgKVjFFQlZ5aG1KSk42QW13SkErZGEvMmsxMUJCeHFEWldsOEZMWE1TWUcvU0hKak5sQ3VsQTFvVVJWbFI3MVF6KwpTanB2bkxKVm9nL01sYVcvTzB5N0lRcTVQNUZGeDBNQ0F3RUFBYU5DTUVBd0RnWURWUjBQQVFIL0JBUURBZ0trCk1BOEdBMVVkRXdFQi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZNcm5ZN0Izek5VY1AvN3hHTzhkTFIwZVcxUnIKTUEwR0NTcUdTSWIzRFFFQkN3VUFBNElCQVFDQVZPQUZhTjRVOUQ0U1cxcWJUTDhkcWhFbklXTFd3YVBJdXJGSAo1MVVRMEUxenFTOWcvQ1gwUElOUmJ1bFpseHVKRGFBZEwweVYwYmZYZExLQnJacDNwS001eGRyaEoxQ3luNjV5CkRML0RTd3hTOHlxT3NwTXF2SkoyUTBhQ0JQTXhDRFZoOGVFZ2krOG9ISmdobkZzaTkvanNoZ0dUS09QbVVWdHcKTyszS1B0MFBiNVRDSVpJdlA1cXBybkU0U2hDWnRRZ0UyY0dJTEJPZEt5VEl6QlpuM3ZNZjc2Zjd4NU4rWEtINgpQN3Q4Yks0SUFSbzR1WUN0cDQ0K0dkY2FlcjlDL2RVNlpaMSs1Nm4xcUo3a3FTV3cwNFZqbi9CVWt5WnhIdFZPCkFLcUNCRWtnK3NBQytYUmNiOFdxTHkreEEzdmU0TmxqalE3T2MrVXVzanNrSndOVQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== + service: + name: sample-nats-tls + port: 4222 + scheme: nats + secret: + name: nats-client-tls + type: nats.io/nats + version: 2.6.1 diff --git a/docs/addons/nats/tls/examples/backupconfiguration.yaml b/docs/addons/nats/tls/examples/backupconfiguration.yaml new file mode 100644 index 0000000..ab6e7a7 --- /dev/null +++ b/docs/addons/nats/tls/examples/backupconfiguration.yaml @@ -0,0 +1,29 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: sample-nats-backup-tls + namespace: demo +spec: + task: + name: nats-backup-2.6.1 + schedule: "*/5 * * * *" + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-nats-tls + interimVolumeTemplate: + metadata: + name: nats-backup-tmp-storage + spec: + accessModes: [ "ReadWriteOnce" ] + storageClassName: "standard" + resources: + requests: + storage: 1Gi + retentionPolicy: + name: keep-last-5 + keepLast: 5 + prune: true diff --git a/docs/addons/nats/tls/examples/ca.yaml b/docs/addons/nats/tls/examples/ca.yaml new file mode 100644 index 0000000..3ec8c1e --- /dev/null +++ b/docs/addons/nats/tls/examples/ca.yaml @@ -0,0 +1,14 @@ +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: nats-ca + namespace: demo +spec: + secretName: nats-ca + duration: 8736h # 1 year + renewBefore: 240h # 10 days + issuerRef: + name: selfsigning + kind: ClusterIssuer + commonName: nats-ca + isCA: true diff --git a/docs/addons/nats/tls/examples/cert.yaml b/docs/addons/nats/tls/examples/cert.yaml new file mode 100644 index 0000000..45639bb --- /dev/null +++ b/docs/addons/nats/tls/examples/cert.yaml @@ -0,0 +1,29 @@ +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: nats-server-tls + namespace: demo +spec: + secretName: nats-server-tls + duration: 2160h # 90 days + renewBefore: 240h # 10 days + issuerRef: + name: nats-ca + kind: Issuer + commonName: sample-nats-server + dnsNames: + - sample-nats-tls +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: nats-client-tls + namespace: demo +spec: + secretName: nats-client-tls + duration: 2160h # 90 days + renewBefore: 240h # 10 days + issuerRef: + name: nats-ca + kind: Issuer + commonName: sample-nats-client diff --git a/docs/addons/nats/tls/examples/clusterissuer.yaml b/docs/addons/nats/tls/examples/clusterissuer.yaml new file mode 100644 index 0000000..220c657 --- /dev/null +++ b/docs/addons/nats/tls/examples/clusterissuer.yaml @@ -0,0 +1,6 @@ +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: selfsigning +spec: + selfSigned: {} diff --git a/docs/addons/nats/tls/examples/issuer.yaml b/docs/addons/nats/tls/examples/issuer.yaml new file mode 100644 index 0000000..fea695a --- /dev/null +++ b/docs/addons/nats/tls/examples/issuer.yaml @@ -0,0 +1,8 @@ +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: nats-ca + namespace: demo +spec: + ca: + secretName: nats-ca diff --git a/docs/addons/nats/tls/examples/repository.yaml b/docs/addons/nats/tls/examples/repository.yaml new file mode 100644 index 0000000..c1a9d7d --- /dev/null +++ b/docs/addons/nats/tls/examples/repository.yaml @@ -0,0 +1,11 @@ +apiVersion: stash.appscode.com/v1alpha1 +kind: Repository +metadata: + name: gcs-repo + namespace: demo +spec: + backend: + gcs: + bucket: stash-testing + prefix: /demo/nats/sample-nats-tls + storageSecretName: gcs-secret diff --git a/docs/addons/nats/tls/examples/restoresession.yaml b/docs/addons/nats/tls/examples/restoresession.yaml new file mode 100644 index 0000000..243d012 --- /dev/null +++ b/docs/addons/nats/tls/examples/restoresession.yaml @@ -0,0 +1,26 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: RestoreSession +metadata: + name: sample-nats-restore-tls + namespace: demo +spec: + task: + name: nats-restore-2.6.1 + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-nats-tls + interimVolumeTemplate: + metadata: + name: nats-restore-tmp-storage + spec: + accessModes: [ "ReadWriteOnce" ] + storageClassName: "standard" + resources: + requests: + storage: 1Gi + rules: + - snapshots: [latest] diff --git a/docs/addons/nats/tls/images/sample-nats-backup.png b/docs/addons/nats/tls/images/sample-nats-backup.png new file mode 100644 index 0000000000000000000000000000000000000000..adc8598059166080f54f2f931670f991c91f1a80 GIT binary patch literal 81495 zcmbTebySpJ_dW~^j>OOcgQRrB2+~L+NJ=AJqI5_}&Cm@Jf|7~~2$IqbGjvHycc*l} zH_z{Ro{xUN@9&TIU2E22);;GwvCrQ7?0xO)5U#HJ1P|vv4jLL7o}z-R1{xYB2n`Lx z4GRoBDIgW@0REu6YCMrfE9|3MM?<4SQ}$=1V+6NKQj$|CLK~}a;-2A$np%N7N%y2Q)Kui` zzZI*HGSZnoMb``x7_xZrCgtX+u2V2Uk&o~F`yS(#TXUNbfC zO_VDGgE1B0|LbEqOqiPu<+WM)0AfNXru&~CIk-6*59a@VP7JleWCcf+Vy`+W{_jqK zmx}&pPq%&ie|#yI5YZMQqC7D2u>>8eX%ZT8j-%aUbGwMF7GQKOC~H2$AHzU>F*i2g zisx^X2gg1-9O7j%FryRaN@3gs**Fc3Tm7*J#Kr^OujoSd(&9)C_`k$r6O4v}KY!15 zobZQ)ve>beN5{;53$=l?mY0e(86`2MiL;VX&e1x=>xk4JOU?)z1hIrHZENmn%^1T}1Y_=T5W*sbe5% z{C_)dQeXxa$k@-_E|0;G+LTKI+9KbazgUtD`)KsdXE7(#c~^}<8&%M_TUX*~d3Mjv zzZ!3>VA`bQv0{DZ)tu)z&!}6TW>DPjV>j6=HI5>GUwPEz?xv()u@BBlh9H@>&nw5u zoTn0zkx@^^r!UG{jbt;LsfJW&)5H9)=RB2ZbVDWTovCQ6PqrKIliL&iGqGVpL^CmH zW@swR|9s9fO~L}gyuP`2O8a~tNn3i_INe(2X(3!oL@N-Bit5A@a{ol#dFU+Gz!7=% zWFpkQ;;|0`pEl(YS>@H~T=CJz+K^N=TeuJT%>H7a=jK4?w@ni!(Zi!n=Eb{ev~rh8 z^VI?z!tZ|S=*l7C8X!1(u7$OBR67P@`d9i<$k5Ebh4MOVg-F`; zESidjcKrEf6Y4_Q1kg7NUL=|qYp2kcu#)?}0{PdCVGQ(%9jBSzi&ez5_*CNI&HQQI z!9(OQ$rWu5db*d(*(W=jdp^(t7`E=bH}7PON~1)?*l}h-#AdExA4phLuUqWZawSjY z`~(h;9%!Ai|KGNcXlCSvnm0+@OnWk6CbE~lJeVsIA$I_~+C879SH28%OM7@NhY6La zz^AQOh^0u_bnZ_Gb*i%W#6XhyltO*C)}?EQ-+p z@8z!`rs*A&y>ZMCWNAMAer|)-AfF_O3{tP&*%xeHOiD&^vyIF0Z7)3ERtv&PmUw-( z%gm}qxKCW{x6Sov3K53>VNd&MRfNCS2V(8d={7im6cL-JIfChLCaTPFA7T+tHbMz;op{mNm9tqS51o={8B?tv-eAL|RL-F8)Yw|p7}Ox?i-%&ed&!py@-6BB2Yr} zo`Ge*dv&sgv!FgZk0z3bHs}1TGLWUjwjbuRHGLk#i|{`iz^wC{3;L}*+Vx#mrR7+6 zVsB{m`AFv1sG`=K8BzS*w8!9fwTeZ8BIPfMK%i)>!)>iRpN+GoG-3Me;;JBq3P z07c`u3GE(&r>++RUkXpe@Ij9B4l|sEE`ET205)yXI6k`k=BDZ=pAEiw%v))Np_dL`4W)klhAYK~ zb#btFZ*l6)j9xhgd*NZMnD37zoZ@$S za^^R!=bg(1r5rZU1>Y=nm7XE@W7vYF_IVK(OUZVy&gFc$1$A4QPUv!h zyrDlzh?Jdewmja#v{_EXXPYH7QExBrWGU+NO*rkd!W~-A9DG{ORlTX}aVaL&u#eY@ zku)Wi9DXOs0&YEt`$wk>0pa5x>`=R!?WT6$+T*+1Ia>F0c`EW;3qNG*g6n+__@ndN ztyf~&i;V41YS*3{m6h&wK1C7DqC;^PWaJiV=Ul)+6Zm9ue{blCcH^v=rv^6qm_fUl zD}CgWN$g@eUz_PqrZ;v|Z%H`sZ@>*6!>})6moV{RHPp#bnzJvS_rYh7@DjYHZ?P&G z0SIW8xmcub5wvCD?SqUE2Loo|+J~{rVd$tUVo}F= zrZ<;+>)EH>lPtqW=OrHNiChe`<@H93E-HqcW2f#!*%P9&1(P(Qbx^RYZ8A(8ZF)$K3O#hC5I24i{>#1xiM+&rbRGnGZHsaeClEZawk zd@`GACMk-vI391}$lryb55|OHwmcOR`|RJM&}A*dwNVq-*p2(FJDJY;q8?i=$usxx z9`jz{vL@`Lt}W(87d9=S;PK>RVf|>C;f38@p@<^KPPT&^zY)fiXbUG^Z(@Is2K*-z z6Z1EnQkQe@(*|cIcR$rc8f4eiElF|l^weeug^_su)VVjE`uHIcAKuYZyILlfESd1f z9?t_sbd8_B2O_++Jcd)%f}tUWa}JL4-zC3?Bkf;OB~0eY;F83V-a9kWIvG33M2i0m zWRlRyXmqX7Xes~Q$J3bC#>QS$Yo&)8yxf;_B^{5mEqxuCVI~RECw2S}F7Z#W#MZXE{1S9IVL+x*) zH-=)aQ4j4bmuq!P}153C71D? z*(y1;`OHT#7thfqr8Bk5wYQPv@evwJEXcFkBN&VNo+>)KXkMTSH3*%n&^%yI#NjB; zn9Oak)xDa7Z)Ap{n^%$fNqoN^m#w>8+2_tb&rHj1Pb;HLD&dh|kZ5qELarqQ-)CFR zn1Pe}&%T!|7KBMQa3RYi+jw?;*jANo)j4`+FHvSk=^9kbbdBD?2Azm`5f)jy&_4W4 zJ@BTk-V&-P>^eZAMwGpy$B#XGvHdfK)Z^?q(F*Jr1uTSSh+u1Yd-zdB#y^v`1qH?4W3ZGe#iQ#zyVckjgv0yS54{3LI zd*c|UP;#+Na@wn8zqWlp`RtYG%*@*;qlRT9NDj%>d+>Q8!;_Q<^i3RL>S!+MaWw{E zv)49)bQuWJYP5ZX3Qj~6yBnGrW5D_<8-0{1+$y=!a-)=bbB7F%QG2AZ==z9vi=Q(; zIO{%z#96reczt-7^5yz&rbxtBXSWRtlfKQ)z0D$A?~?g~aA=Ekln9rAaT{YmV3cNe zr+OhYD_RNitHlt!@N>VlU+o!vV4@2W-oQ+lSb;i_OjP4i3;6M6`F>pWTkI1%DKjRqCZaAz(>{2ZsG|wC<8}d%$Ee7?XjuSv5s9ovOQt5Xy7f$ zI-LI{7-JztP|G2Lkb}9#E@R1G~UyZ@D=gSYiMEGCTFi-8DN|isP zt|!gGyU@Vi8xd{a0tM#vFSK#gQirGT8^?{s<&(;^LY=2eAAE1TESyiu6H4|ZPNb%| ztiCLd<})w;uD$+>8HYOqTe%05oPsnSDnz=Z8(x(tcA*X|PF5fDGkJ6dl^j*M9iXqZ zkIwJpv*a&5TaG}V_KHocVMh77SXI@ya6(q*(MV>anWE3j8s`Uya<--fp1ga zL$h;NZ}g*6{G0WnYztcbWeMihE2wAnral`^s*z!yciU7H97g2wa1YZ~tLH>9oL$Ek ziF(a;iXOxkEhFIz>F5sUYnXNC$Km+Rjh=O1`l@#{#AnQ2HeE?bJmRbx-lzBMW-sT2 zgneWS`OfLk`Ly;PMPQVDt7GizU!77jUrIIn4;Z+*(yt<1+u6+|IZ(o&HzXig!>YX~ z*xt?O3!~l$6q*_9ENI0e>KP60ZwaDTHA-vanZm3~dEo@V#pBq<9gy74VTyxKmmcr>pWx{+JERr^58XT7my8K?V2x9}^D=_U2)~kA0Kr!}# zNT=?bG3UdV98ReGLvvQ8sTydxMreUf_f3R2DNZa06ZmC_$;aF*!~O$yDGG~M5=(oyGpIm4M6%UyfuYOSGSNE~`g6DXsy9aH z($Q%4vyK`vi#+fYm-YkP>*RHfufu79lrP#VV}f9@2v@K|hty_?yQhE3K^@W0B{dJ_ zc54}mFMW-kW3Q9cp9(1ujTnj9GP;)vS;P0Zjv<~KC{^athh_6^Y(nj|BmlX8)*nxV+O+Nd4Wv%davZT`sO>yoN zVRP%@<3Dedy7kHJ@p0t>IUgYi_s`>PXs@s4p#4xA61S^H5gLXbpZ~F{WA`>1i(wqCo1=~v@|Op3TCa++H(um3 zKuDkkceR9%jvraWS2T+3qeqS8Z(81<)JNj)kvUl892FI-J`+Z*aV}4oq;M7qDbvlR zL15R9PB^&ir0$ggXTqoJLR1yG>(7mC+rA+4eze{uPVLy-y8c<`8k?E{--bjYlb5+R z8RXN!yonaW$5x^61&d`ABlmHz0Z{}UogD730ng(n5GdqD@WG@}X4kw<-xXh+#W@35 z!MpV7cD>7|H>Z*LnT(jk9+I#iC5nsRPVYv-{m=ZAiW*JMxTzbeKP!r_`CsR7(u9`OW;nk;5$Z~_@!V`zJ*>Y5c7=cuV9jGgF~YMziY8px^HT~L`n(hL6BAYu5Nt;-=tLDpJ3Wcqs zpH<^9=4DpInTdQy=a877V5W0rpYbBTTSRL1do$Su8&gi%=^HNsME$AzQ1R$=?#yDO z@@XC~;#V7tohb92`m>D@;>Dy1zgu->1uHDHi;}Cf)Ql6Aqdx1Lvx61ViHjOn!ux^} z=|#fHzxu3%;k~X>iRWFJh||89q)yl$S}g@qtxdPbOKIMP@1vf0&}e5&Xap_mK8EEf zVKke^1{e95)4SKdQ8wy-{`L-W=MY__;J;Fg4vc8B(vR5ECb2Xc!j0cbw2*vR_wVXV zvFI-+g}Rw3d*}H@nz72)v!<*V%xpP(OQ=8wVn!xd%fA`0f(3#~#yjc3n2GPBE{G%c7*t!5X=YPvg?n-$bLCkvpPm+AxyJ4iUZ zOtGG|VXqNLZd+!*@Ps&5U%ma}U-3)C=h~l--E!61L`P=(O!(@Rn5H<+%E#oFfX4~*h9?y^XvUL51tf@lcEJX;o(gP0aK;)p$ zvtKaLanQ^6$gF6Akf4SEfFa>On7G@Cd}eR{L9YKd`#&5Zxadb>4u&78s|Lm2g;abxXf-VZePFyVy6|XTG#o=ftje zoEmo(lY{y$O2SXiG65Z9N@)B6U_`E;qyhEydg91NQwi$H`sSiOuw^~x?CblR_b)n?6IL$s<^KpY&`*ev`g=#;CCC^w_ODL zq#%4|BM0clCePYn;t}Za5(}EU6gh==6zNzWe26cbm+*Ji3;uNM9^GA;#TbytI79sH z0WSMfp9!Dh$${v3ztWidFiCUUo9>a%p54J(xmY#{bR3iBKOz@$DK>)hr%@c&&r{$l z8ATN3DCd=6VGPS7gYyLd`(Hk0ycvyPmVF6+Spv9!Rg;u)RZ-oIEjHIW9gjTMNFHfn zo$fp8c9yo2he^bwU3es{G&yZ0T5D4KCDYTqSEQgH=Sscr!=xt+Uv2|FJQtJiRbvqi z+Hx3c(i=4Ghlni3hF_(>`I*|n3F+jH4c-+K00&^`LHu12-8uiWFGE@yqRy4%{fHgE zo0Wcoc_mzC^VVYqc0^`kk*`hZ)87mn=kd*FFAYQ;x>%YMXP2#*c>I4omG3K`IjW3- z3O<{axM;?%+Ujd$dt@>ti0h#ar1!=<#LRmHqt5L6Q9%@z2j(?MBb)palyukM{h0lDZSe>Wh5U;Rv7Prol%#$p={)9uGDj0L3(Jj6f#vYeAaMXC#+VW*v9X zVTs5pn82f4##g0-Y_m47oXZ)Yx;BBk9T{;^XpZR-D@>!z+KYYhbIiu!sy0cP;&D{YwwO|7~qn5gB1*t zGly~^CPc!P2x*;M+yn?P?XDxb#z-k{Z1P7iNitE!{-43SFSU#V`nMi`wZlIv0tB$0 zurb1Yr_{#p5>rdMt)nlSdInrNxb^17a~ZFCg{9guc;a1Xj#_~(IOi!mxx+oYeQYHM z@avr5mq7Ozp+2n&s#s!l2EtW!y zW(ysYV}j0`)Y$a|tJQF4b~|a=$l1$k75hoOs&dmjzh5t6QFRAyU7~tH?-#i6yldK) zXD)}mk9a95VPDZb8C<2YMg9HCMCvhutN<)+hj{Pk=;M^8vZu)=yPJ<0*dOM;%%El7 z%CfmR(#uL)^>F`_vEOIYWeo#u@-gRdeX?v>2S}b;#0s`LRDh0vD9?ljYayQD$OfE) z1(B$I_3d0`VH1TiIj55^f#zt`OsYuoahBVkd^YZ+7%&=_dT_UQ?Ol?7INvDby2U~k z$cu3j(8yK~)Q`)NU?b zmy6si8a*kQqZeoV8MOo@WH5^I{RLK-I%V*H$R<}^IqQFo8XCUaV-!mp z83`|Uitst^n8-#SDdpr6kO8sgUh?>bwMP41bS90)O@qh2C6npB z_8x2wB7DoEg@c=fXZ?(w`g_QTp<$e;D%_`bbK+zC^9-{c*b$9qzt_K+e1a=!(CmLb ztqe6t%umf7q?8bp!)A>i(Kn6)(zqHD5VD@{vYIU=tEkmJmB2i$a2Fd>>2WL%b!c^2 z+e3ZRYC&);P*=`PZ#tNG!#{A|^+_k00wx89b=>@$l8)X9+1w|t1Ypz=VJPOjW zFGVXJ5Z23jPjBusm0?AqyU4w<2q=O1r7gu?d1Iu@#;?~|?)N`V{D%wBIzYOpFNXbN z8t`R|??dXefJr??Rd!dS49ML*%57$Ff$$7xV$`?vC>T1e;cupMuEDYMocj4EaTN%m znY5BaZV4GeGKOUF3554Tt|rDFJNWI3m$m_s%!5mPV{9i^(#+G*`HdOq=BGD1977@% za*5}1dPIWx8rwEwh`o0WHj}JfUg8wLmmlWK!6YXeN<1AbB}QAce>aFpF-4Ycjd9e9 zg+1rqaU-T>l`n^0ls+=q_)cQeudmN0)3#abB$&q6l@g)K=!k*DJmS-_CUiyAh+1|X&n5-^0 zH7T^EQNm#4eTWSSh0-zN-a&j+X4UI1Q-Ec?vySzpg&?qMigS^*HJtVW> zFw%_Nx8l3Sms+ih(ujiXWIsBNw$~L)8#U0Bu5QW9d^uv>#EDI#n1uT0U;4x^)Yumd zEASJ!j*)WDA+Gz9akDsg?&fKpyZoex{uVuRZX`w~tQ)l}{XjZ~2!F6o5a-xsyRU=n zr;Hf!50M{?A*d@(vL~{VUVFO2AUQ~3i}uMv8rEPY#qa4O#v42v7FBTUVv>#vOS{Gz_TVZ2tE zl#-gRrF{=SBVThG5j=@zhEQ?b5&;q!c@53s%vcIkWlJQc>*)aBV1{Bp?5CXRa0Gg* zaIg7NWNI0s!B2=qFYDF1il*8x7pLNL_A4RVr`()UI@?OYcv|1=VV|t}2Q)q@m{ER^ zr1#(49)EfieFRC9bjFY(YAVzh6$&wTZ1Zz$B=Gr>T@<3S!xqM5pxuG6+h?dI+`0Po zF+QB^2`zO@3XnSgAc3mFOn;QEo&vETSRPR}SbpMLFnh^6BM%cd?9`d39`62rXXYN!n z%N<)C0{vQ@kn}tBoj~3tTJRU%6~C04wikcWHM#(HMwYU=SQJ1v*}wu`Xk#NHKnE~V zJ{GLQN5}rq+P<%Uwnr;pHVWJdZj-)cay$YiEg7u>tpzmhA8LmJaD3At zo-+UgjJ}Av`jdE*dmp1zyv)C@`JE^Ws&32IcKr{j0u5UW4*@%Biuwv35X`dq z8bl3r#+m@^*+Z#)-akk#z*9NXPlfm)`-k{*Be$Tq0YI7=9`z}y{AWs%7}^S^=Sy#* z?6dqONmcP`Wic2B@Bm5G@&8FTQ80!7!>xf?n!-7~M6lzU1_-mDy!>guaQ>l_#5J+f z4UDUYV%Lc93!qtSYz{Q7A)fJWQqf}%GXwpW3p;K-`lI=OI2nhjzzY1b7sLOY+rPi7 zr`}F{rLJV`|K-O4M}WU_9v#E-r-=T|ZjrPH=sN1D2W`gx<$nD8ms{aB0$Q*pD3YP@ z#}@r(ugVp(cEVXQUM3e-R_5QlzN{1oZN2T}9*O5cuOQ6#{B^+X9{%}3;A6O{i63c^ z!{By+?BvN1uSM{(e+rd?Q9u6~^;x93{bVj$aHgr} zJzsvI$rj#K`( z3U$!~R7SjHCid2^vb)ylZaSI$i`f4|hz!Y+(?7GHtW)s1tR^!spx2#m`N z!6f<@$4dljm|DUw4Pb;}5ks3X-FIiAS5{Vt#H8_~|8AO9gt?)bA@+V!GY+slQ(0ga zcHNUmk63uSJ+y5xc zzwG0mEi9J;49>oX#9Q&N-IP%ToQL}03j;=82%tm|&})Ie8)&O$*}>-8C>^(;T|Zt8 zg;?tKiyc5-i%>_&Gtj(Q`}p8hLUde{0${49pLHl&Hb*)#5*0gF@C_3~e5;^81H(5?Iu}LYul%0M-~VVTtB_{=c*c5bHN-NY!2o zF3e#{NbF?Fwc|w@brqAc>G|RMhF}PG)Led?45b#J^I%dQ4wkA3)QVTN_9=3BS54xIpT_TWp4+_Xy>&)-NJxkoA!uRm!z#V0VWd_Mo<&i1 z!4x`n(Vb*Wh+b+`v;8;2`hr)liJ>;Ix%Nqey`IR>`C7A;HB4hM8!x{eg60}nV3?*v zf%3QIU&L+{PFCYFPs+@MLXxm3|Ctoxr;_P73N8&ZyScv7D|?~RZnrg6O#&$5yK@gF zanN81n$I=ir+vmjeQ^jg?iM$X4~?iY_3Xw757;t+2-62W$Q=9gLw#rzncghN-3yVZ!I#bbA4kk&|(uSbW{ z&{#q&SWtz@+ei^cM=is9FLY)nq}zPWmFI#B49T6wywst@2tiwTmiz|%46=4Gy#EK` zF;@s-Mh<%O8{&EV%X&l=BZ&l5ssN@g=9&%Y*}CH-Y{yH9(Bh05STP#tuO%qSz59X* zOREwZr*djm_FZ1u{|=Sv-2!Iu!A|I>`QGs_Ch(&YR>Kz*Psq$d(Ulgs?NsiX<)1Pk zaq`of)Wgw(rJKGB_8_%gQ@`P;s6skSo7s7&ytFw}pVATIn;A?5S^X3WsA!-Zug5Qq zHTNv#Fc`pVphu!7t$hr_ zRxn0`UE{if>rNLUQ$*ZsmXYw!v^w23jNgT`X9wr+#K}E04Ry1kdKVMBWkUuU#QLS8 zcfZoy{*x`MlmG>Mx|A6ELjE(oDiq*hE)aiT7YUJuJ4m8E8`xB-6y(4}2ND=*uGOQnD+e`yS=7W`Jn+8qQgh9xZYD|yKG1HuaaW{&m_sw$f8WKUX zPAKQ2-}W!LPK_!}#Rs41_RV!N6CHaIVYR!wAdey(1n)MwvE)=7Udy!;n1$lMtJs`xMS^TG}$d-%RFe`l=;*n||Qs z)#jQS#3lEqdFaq;=xpCyh~LyCbq=Hgs*Woy8EcLvvYWF?VjQMAkn9az7YZ=u!FcAy zyk^EfId@1pb(aYVSMC9&Uip3A-Xw}$GF(MKh#%0_A$S)$A&1NyTP_lB?0BVR8_)DA zYxka}M3YV?V7;D_G%AY!oyi4yB^as2PwSqf@Bjqr(P0romoOA2&yP3OVM4)Q-}8$l zXnrXj?6{o4;&)25!rh;Mn8FoH{=*e#B}i&VqI(~2J);375rN|O47i&%ws7p!z#@19 z_+6J^EV#LpA}Z z9fT2W&~zyktQDh5TvZS93K`&MH*SV3{f>=kFDyexdD3E2OR1R6>)I5>_~|3Bc^=u1 z4?1oU=)W*A+$nXKmG!pVn_plM&!b6CqOB%i2W^p>6j49wM>GSRVmYj}XONDdd0sB5 z;ToE}T&3!gWPgJ8xsnNI|A{D+LuF0q;@ReC0}K&1l+qX~LW1=)EY?Wcr^l8s+RIG4 z@+p~f5oty3Q1R4UK=%u2W-@708H_ek7!vg2vn*UWWX`w&JH%>p-Xq1dbi$O|%{KAM zjzX_?LD9_U9{Ni4oV&hR50dD2QL6xFTXs0FODs||^Gi+``Y-4dndqq1cfA$omT&zM z1|DdUg3N?uF`R#%`=m_jBj!yr_1?EGjR<7!M7hdfX&hbyn@+v218dJkeXq(&aO>&hYQ&}ocCw$3gkZ^q970x8KX^J~99rc3qMqb}W=zNOP=ypBK*u`+mzH6fz2##qoo zG~7xO{d&hU4!_yqc|_HL;%6E6wU5Dk%ENSX_+fjg7~a?@CWhAo zDQq$w4xcv?#LltLORUyKZ#lg-idbv+K&5&mk4A}@<5W;YhtWZ4?x%l-k%Y6t-*nTg^2&-L0Jh3#Maj%P)b90DYP*UFytVpKaGZ+C$~SWy^i&ECO>VoSl;wb(#PlVO1X;$lKnZAb%=CA7A;m!& zji+y^bY33D7bMzud%=pFh&sll*_EUYPj_iZM4Gi^_2ehiJgir4AdNsS&b}4$CFKjz zkN3r5+nwIvmpASfww$Y9zb6Ithj7R++bKW!_zSDPm&$+lsVOfKF8v@&qAnBPcp!5K z{8}|{8q(ir8YFWt<1PLtOF+^zp zgkE;tR3$>=tj*XuXa}BI8S|Hj;}8iSiie@Ed-68QSzxT!f2Xd-7WqxQ6dYV&o%7IL zM5zQy7}(BFd*Tru$}ME*ac4&fr^uKk`fehfB#h3{Y1M;7uTB6f*`3R3NI^DW&rzYJ zlsV+3pLT;-KirVYzhh8oq1h)_r6LcTi;L^!^J1D#A0g>NYyI;34KFp#++$n9ht1~O zUOS-bIAK{+)=Eqhy~~t)ce2A+G{+}DMN5Tp>}&=?;Sh7~Eypth~XA0Vz1kQ*kOM57_eUr^C^w@57!| zL3HUk%_Tp3!{|udS~sxJ1qkXKM0=P)hYC%OCJ|xG4_}(YcfA;EK08WiL)7JyobR;w zJqfqld6QD0Q%LsCbqMknO4mF5B1JNM8Z#>x?H6#EBRngTIly6Iq`(%A=ch*B5fC>w z&?x?{LN`(J$aID^RxOuU-$#MXc zN0$~U&3mW_>FB1<6Qci#_30N2erl&4at~Mda3cG zp4(Lmr04en1j<~JX4#}=Ops`bU8_+|YmxMWCCEJOIH_?5WPBA!?L|v*@;%UR2jp{Q z*ZGktBIaUh#m4efUUXPSlwQ1(ne9U?E~Lp6qBaCuc8;H0df1ri`7=)N()4$}Gw9}9 z7Z2@DA#f|7B;|81Y>a6KF1_OIxo_#%NgUZz-g>ws1MUyjswRi988zOde18G`J@bee z7Bl_caG~$>ofDMBKw6Z`LLmAH(*m_Whu2x+GKKnenU(4GN?jOz#gn%< zjFMW^1YH4aS6ryvRP#7IcY>f;sP9p9acdM4%y!JulbxfHG+$FyjI9>tGvEbhG&xM^$=na_mahSr0nc0bF3vs45ey^*^eGjsnm>%@ zv8r!EETMsH;0`n!Il?t#NC(Sh1kbWl~o!|^!EIkoBZ^6(r%og~NMSrkBC*M}QgIFR?;a3+RQnL}{D3IMU zh}B|jG-CT#qQM>8JaxApt&@va@Fns?keG+)FxqfkD4zkwuIA84SFxdqK zYXfxK)fhaWJ*y%?>jR`mHOvy-FP`8a69?{QzzWgnCP(3bgLyV z=)8xmM5y4nx#V{&3}F~u;GO(Br`Jmmg$HE#WRdg{4c;4{YaG`f7KkXqTge@7SQ_b2{W0L&^zgha?-Eb zXN;c#dhk60hD{fwXa#$(yI5?G?LwG0u5Zq{7sKA4umFM^6U+&oa_twdr>{R-Nv#!M z388dok|Q_z?B{>Jp0mH#O5i~R>JvLqF0VJWLZan~0P%jDl25Y21BSx97aVrn1U@w0 z&F=!4kZ8i9KytMCMCgO$eQ*k=dsY2o&xnQ&&1XDQ8HDC}kVAP~J5`=7Hu87vY1A3$ z!t-=EMeUL5{NYhESdr79ST+n@G_1oPt;$bAKJrHt_)lK`Or>Eyq6w|4Sw=H$dHPmfed-ayYLJTvdAzI@wM1%9|qDIcdi_4lYL07W?TPH67^F^g91pPi zqW|DHDHsF!3&m)SqLuYx7tMxLwTD*yip?b^?H*T=%=q5P>obGaQi3_W*kc*oy7*+j zZjbvPBm^iYL2iKr98}QN#fe4lhey;5lhv*)eIlEjN4s6&=t=19&%x4?@xssNhA!gb zmLfrU5v#{fO>>cObE&zK+81UkucGUZWAFY?C{g@xeBvG`9K~K?BYo%KtrK6>6%8Ei$A&k2*epDHr@MmxeM5*duZnaIz+>n@=&I=uR z%F{!!w-Cu=zA>B!@?%+N>Mv(qo?2{doyWy*lE zSrqsy6~kW;=CH`W()_^FE{>wybj;5HIY@`6oHPC{nh%1|d_S=((zHT&?&xBkbE@y7 zPN**E>MK+olz`;^3)gKTB+0dbnf7OhcUi#An+Q!v?Hpupal}tw69WH2WDyaBw=H*P z>TOs6+?n*ftc>h^Iep?fGMy9$8oeF-mp{13tb9G1Dhx7Sep@r5yn*WRL` z(2VK+49|e?C;&Iy`#^^vQU#WUm1&9}`_};HxA3M!*8V->T&CNeUR8|i{xtyfKJYjs zgwNms!t55T93Ln%`>O#^&b$Zu=58|%15^ zl>T$b{|jbh1#WY~$1rcpEx?V@Q%qOSzt%8706acNkIspcquz2mwHq=p)Suf9(hWuhXEv0Y}vdFNY~) z1;WG7i|UW>e@IPL{9l)xMS#-H97+;{AqChXBC%?!`+un=pfjSxRnw8mt6yyJ;(!o1^I|l)?Q8kQK1z--mE!IPS_khCOco;f4 znP26<1+1?L4J%CyAkxju1Ofm(`f!Wp|CHW+U_=Icd0`r2Rv=x0CxiYHN}MDcFi}sV zxF)RI8@!lm+@XJj$H2%S;3ZSEJx_LQt=qEN$YYtUf88+tuXBPB0FPT+)4#_z#oZQ( z7*l>>{WZie70}?3pw$*HcA^@f+h+xyjDIzVV!oBtkezEmb_}pZ&jgpLc>ijU2;5DV z)KBpw{J#~JAOgS;fhs9S2~E7W6^N+4U;KadpalaOXp0F0B7-CXV<3o^&i)cBP%8#@ z?)^d6v$t@1KuqKqf4%?zTTHX`FG2s|0{kH|gcK2on1{MqcWk$LKAS};#-?pp-p6bn zQg>sN5Mn)SmxL*QdxbmO@{_RgU&g)0aQiNq-`O3iu6JY@Kd!^+_O1+G9F^3Hr2%e@ z2T-5GV6xah3ypM$pE9QENI1dlVIBQxq&E+%Vrk{<-McprraU%j#QfCr>+$(ss5Xs^ z^&m&ShBUv5FOP5HB?08vL(;VJmp)}Z#g2Lin{%V8SxG-V@fZQMPsDjHJo5C|m~XUV z=8V=Bk=Y`{{>Re(3xxn*cmuGtv;Y$N z!7miKCc8$>286$u`(i1&;_pY+z`MxmciCZ50{a!>3k}5Oc@K_lg_lvrE=b+vEBK4? za8mWo<$KhHvkCUKbm<>8A$+UW`^b8d-%t`PhEfiFi;=Oo?>x_xv$$fLYMOW)YgMv* z*U_}KPhg93D6Ct;4%tha0S_07xVt+ZZ8X%rIIzQzaysw2_nlyqJuo%gCcHIv>i;U@|M`+gul@|U&5T5#(o=Ga z+EUQVejpQG7a!fWkOcW)lQhQFZFxR(&hu|~ z4xCM-q@afL0h-H|UoyVZ$Jdc83&)iG8$-fZqE$l5bBu%j%B{5}q`Lm=REELyFv(y- zDpY*!2bf7WOBQBeAbWvna~0W?^X6kcowS%_8c#~{!ju@@#sl!)`}a-$jWGhNoIcHr zAJM*_9s!it?DQvlgZuJ&+@g4yCIgs@4TAgCwX<#Aa)GbvJeg@~ojC=7BJ(W&K>;^l zgL?u0^GKD;`efcjP`TaeA+Wnmvfj^=hR9!4+5XpTW&6;m+A4R)1M4$|Xe$MGIkqYG zPzS}9@(ps!6iyg`a9ft6S&H4JmBt@>i49&b&&}{CqZ-1ht~Ox;*q1|G)=h(+#23dE zAMHzN+MEHFPvGe>sAzGydUehqnW|02Jz^gIDL=(pp>+pcoG?2VCgYcq#oLZ-vznhO`r~Nk;ZUJ)R8mpoTKpO1vr#DBb;_> zJgDSl>pREB06fiEgm=-afc?{FVyD~Fr&mm?a|nVlv+kNkQ<=r}D&J16p8G=~$fB8+ zgI>O3OC3rS{IQXoSd}QC$v}02ORqkgw3nlTfwXw^5)}`??XKXr550-P-Jjy&pu>MvrG9wky}-rv9S&(t0*0ZHTvSxZtgD^rA?W%4fICa>{U z0JlQ;J^3qBo4~)Yv$`EH&Sti}Np2P-g3hS(FND&*{@foj($0aH)-}6IQ`{APV+)Bp`@RL8QvT40U<`W!T#>n6&8;{n5?@7H9^EKX&gEQYFOIwh@HUU<3 zx0WGLSYhLX2!54x3G=-szXVGO*(=8__0LH)F{{28($`Jv60 zi0SR%e)~|xOgZGMrcWy0<e*d_2gFKrNuAP;{H-=8O{*Tw6HK4z z0%beyn(zkb(MK1|pe3Ndq3w4~+9SL^LiZS3-eJ{UV=Vw_Ff#`gjRb}R#~X;2!ns+s z=_7a2qvsx|`-}_5FYzzm%R>E3(B4)Z8W3b3qP7G3t=2XC1xV$ZR-dpw7kVsM_gK(Q zo{suQGb0U_-1aMBf`?{zqm%@)%U{80dV}WC2v1UYPp+rCBI)K8TXz$L6&_gdHgD|F z6FN0(q!`ep%8qX$B#58akHGBw4x0Fm*rboR5M%M~w#fZJQ*JLN6et-s zBplB!$9_qC)eQYnCZT>pnHCG4M&iCKlVI8oo2bO*?0MNpX2p;6X~BmsP`>e*79H`) zCc(x#yb~RhmH-mHTxs=c^e$TrPK7U4ZOu2P5#DUW`Rb5iK0ZWtc3HV|2-|#`M2GdR zzq2}>;Act3v6s8E3whUkbEZM9yK;hSZ@z;@)ktjPu)h0Cqf+Ue?D4KdX{vSHPG*V( zup)=MJsmH6_9p&iysM3XUWo1q7FxG7taAZ&v)aSxv4TS8IcD3>O=0W|#yip({y+*P z8%Rr>DVruv*`Uahp*J6j#(#-yr^U9UMLGB-Sa~XHQi}?xu{2H0nElt)w|Icq$xp6} zKq1E+4f2^ZK?ZKq`s&wg%cWY!yE8r8B^W{7lMEQefKH`YsKN7xeP?jbfrY00SWs<* z{5;oAplusYlN(=MEkA(EYuI-R69g?Z5bEn?z>MuE@#;GUi|}0LjNe{J*-wa4g-I_x z1?T+1C`Ai(HUfP`6Ln{v{4tEN5Ok&>Yxu22EZN=#Y)*n|KTNI0Zl zpGd05GW=Zz3OV4%Nx=>87A3i8LFm`5B|vX^qQV@i!xBb_@L>QYqt|!I52@9bDY%p} zPXIo=GMN>!>&heVjijb^G zE?5e}EEt`61`{KbaLB-RX9fdRzO)p3$@eGEZI!^eZYT=y_dtdIU|aDcDL^S%4!Ax1l~s>x=b2dwqeGK7sOue!1R$LL;BUgbWM1#>uaP0 z4#XMFvIY(Ds_+D{qG6F)h_O_ zW6Q4-6WV$NVA6^xrCb&Bi9Em6C8rth7uTdTzT#cw)ib2Uz~6=7M zgA7q5ca&U++bPiCC0fm2Tsgr7QrJ4F_FYC>!=gioO&uFMV-ex}#&brx9a9|$zj#UI zhgSnRoAYVqj6%=^ZY5t(_G0F80#XXzs$9X1C_33u=d@sRJSS3^m5WnjOSyJy%sYKe zATv8sk@a=-37*cwM_P-r?;>)%Mnd@oL46HjG0&FjHzcJ5dYIDp4bT6Pv4bB;fUQjZ zfT9*DI;4y=2a7k@oGr{#G|G`BlgC?Re%uEaRK?vea8hYskL{w>i940FA1UcjX?#{b zS#ByJ@A9-`mAfMkFGM<{@^yN~52Q*Npftc0NHj;ch@dCb$&-`nwLQp_Gj`U}v-h+6 zx=Mk0HKH>wBCH+FVXjP+mAG7mp57kq4nn}v$0HHyLb$;^Ec}YwnAAa&{~w2{^dm@< zz+f57$mNP0rU+4xUB>B12qRN&5y?J!t98KO_=&^>SmTT-t-Piqhytn!4|{jrB$-Yf zU+mzazmr1?vPaACAF_lvl;!vWgbyI2_%ep8xBUBo@AmI{+5IO5k#AGPJ;A5X*{SsJ z2Xw;9MyGC%sPcmBsVAAt9G}G_mlY%`Q707LgQrCS8Lt_y0p4WqU3_<6w3ZHymKqg-EAmFkf zK=Uzhv|F}E3ieZ}^8fGNS4<4-1K-{;P2=E`A|pvNfoY><;MjA$cD+_p18G>*bkQ2X zX{3j^kf|BbdFK@$2zjhM+0ACqRNB5{4){=ZQ3_k&1Y7?ZwPq{Ab=IkLtsc*9kD0L` zO_Vzh{bBRId4qyp0Vool0t?`9`@vs_t)%kx&itTUyEe?LC4g+Gr|#$OZ|=>*;8Q%^VC)jEu+30QHlvBryFPzJYeXBT`Y|8R85vj_*dh7J(j4Knvw} zE^f^n%s0C0Eky&i>KZ_EcSuDF_%H4pm?#05szRDRz3O;hpHA?vmwf554LMLcMpS`~@+tnO-^9#q%ib4@Zv>RG%hUH2v@H4nTde zz&4V|pHGQ{PKZmY#|_i{Uq{vZZ?u-u12Iul|Aa-hK#xHJ zv{U+J&LjZa71xqc1l?N@9L`Zi=-r}SX7-v%A5$P3D3_)T2X0Utnm5EQ?6aB!d* zVOU#MFeW4rboz~K@eD0Q%-~@L46sopK5Ge02 zA;d}`*NmC|x(-)B0OSfw0C4x8|8fX{AvSX;7$ZN%;6co((*OK1Z6M+!V29u-nvDGI zu@%53o9_H?Fgh$8`18ujpw>%cg-2);zu)#>(nlx$-fJex;t`nM6lLzdxIKvqm;QjyOA$tM1Er(4}Gy>V?k=j0+DR7?t*BAaeD*m&3 z{qqXn9`Rn*EK2uSWbiBC9unxszW;T7AP*<~^f*iXUhBmQ5&&Ke$NU@8SNMN0O>kHg z;{OnDO&-g4?L6K9jLeV;JQ<#ND<$<`XyWMyI4lw|9hVj;d<+lGtXeY;V?HjF%s)p3 zd!E5ghd{a{@n1(8g&FXwqEN@*rIw0KUf)31Mk-x6b+;g1wxt$YMY zYNq=3L=**5y=+2_0OKlIm{i^1V)z&*b7r^_QWv4-dSZB2gOp$6=a%ApQg4X@)9~p7 zJsrT|VlD-vNTpw2j5CJ|Gp?$12cbQQarCC-LX7a~hsp0nFo8(ZsUg3(W)wQn3-Hc- zmNDf30&1>+p0URb-r=nA$GRjuWO{2I1N-T58k?f=M$-SuB0t03c(~@aq0GzSbEDB7 zhBO^e+i{fWXXq+y*eU_8*R$Ulr^o0RxpH>uHC{YBV`D96rV48RjdJTGV{m+K4phxZ z2Ocp3!irlG41~}&Xb3jM4yiShH0Poz@la-2v13__#@iZsk2quxQ76dAJef2>vco!% zc~w#;X3v(=zX(M48X2A2RYt+_$qGak*O4?4Ti6&&2UiKjcn=rU0p&c0uoNxwijHvk zY7v|chlDnh8rRXApRQkrkc#p%zgc9=VC&*<$9&&aEtWLtu=>!aOT;e{|;{h9JH=*=s zMo9ZwIA2PiI<2g@jonjk@abw6salanG(a{FSw6bNiz`CNN5OVLK&x&@JZrdnbrq;Tau&mhiVUwG1_w6(?CSU6-N2^)QGg%?VA;< z23ih3MjI^}h#tZ!oKpib{q%-KJ;$~8%iW9j%q~9}nScHIzMi?(d?G5I!s#+|Q$MxK zv$OENtgJCT*OL4&io@uQ$I;=YA2O&<7!k+cENFNbR~W3wDU)PfT-)d?U zmb&=lNl&Or<5oAB>U${{C@U(Qyw#ID`JCFDl5=U8d(IBH;x9Xrx; z)Yqb`$9|{M1+pk-DcIdE!$v`E{Emg&4QxC4BCey+{v;Ff7b8DKwN00P>~41*$W}!6 ze*Zo5jTS%bIxTrGPcRit)KvNGO+YJ0?X*<&pS-OGM^~&|yS6^JkV+8+lxOj55=BQEGO?H|=~!!lC_D(ef?;Iw zrP58>_ivGgO6jZI3~>3JK1ED^y=8Y+aD7c1Yf2M8`l(T7mZec9E62g@X#6$blgmGMWgXDyL@|ktPuMj*fnI7c zT@+@gvA(4i@HA4@&jT){v5NOqhYL!68GLPyjgOyy= zo_x0BjCBnAEKB_D$B|H3x(|aXR3?T0Fs32!#1L~p6l!M})$Af<+7heS0mU>O&)#p_ z*TVY_=D?t6kohTa;UguOptdIca(N4H+67R^MoYLxsMTyDgvDb0u0zJP^4{wr;4d5J}>_NdYT%W@l&IJGN2&KcOpE? z8c?UvG&!CTwOneKn=eqnX6Mr=cVC|&rGdQjQDkI$qVRT@+x0l+)5;#tN@9YkA$&GCxX-c7da>z zQhwY${lgDbznR~}NldCyh`+UKRO?N1R%p?&G`Q)(#p#G{X^z7eZsXBt_C=ryJX&{s zRzeq1CF45M;hm_}5$WHxIVKqwh8hsZ_h`acI_bebr(|RKK<7)DT5IUxk`U4mGU}VO z1l)C_`XCoG0vhFX$66P>A)Vw@n8DaNE)&@?Qp1tlGGYadp!!J%bX#jE6Bm@(cv17Q%my$T4EFN&oyzEU)rET!2?ARtdzD4XLrS z@5sFQeAH2HKJm}FG7nM_fgm02{y}Y;qu>P7K6G6FMyUI_0!Cm+(HxU)OT3Cv*-AgEhlvk|Yb4p?W`6&7 z@s`azhS^{($ugrQN9PZr9Z+Y1K)R)QN&MR70bJ1O{n{;W$%ksM!JqQr7Q^7&S!3n# z=XfKg3H!Wm{rc72bn&8TDZz_3FT#JH(nxi?#uLHkH@ScBSrSb5`pf#3>l1mlYo1*N zP*Cx9Z{&HMC*`aUR`DdO3mc)n(|}kt6n|dL_qwVi)VLBa|AdmsC?%4H3(~MrR^*0q zBB7V!1&RUEyqHKF^azv&=1{iY)8R4-XezDhTdI6h=q+_S50>B$R_$0jRDiLP9vxEEUenG1++m)ww}G5@JxgjR4|nf#p!L8gGg{n;4_cb$g`ur&ap} z&mNb!)Zd(8?sIY?B7Fznin0uN&57o&Cd&O;m=RBcs}I@&|2NjEE(vi1-38(2#*;kn zVJzU?j?BsBbX=`Isd3j~51E`~>8P&Bqs;j(W>d^q>qNxZz69`UBH~^j&t-Dt-mWvv zXI=g|G8r(Xejr6WMB$8;dck2OX;{3DBCIg?dF5}B2uQ;1m6gsIlPsx>M0K!*E8BDU zAY%}n%uW@qe?3^KZk)ouV=fs@O;0jkGdx8Ot&}5cq(r*yWKK5(*{z10$lM91uDpGU zvf~YnNjAH&-r(65gDk{qdcv&aBkQb5L-KE!1$>YmRCw}H^WvCPCPZ;lC<2n^9?y^Q zp8h#)^f0E&_?%tAMk#j%(yth&t@^}np>MHFHVSyx;Kre7Ab1H~S`28l$W}7`;?R7tR#4J_sKlIVCC00fKCWO6 zq`t{@YW!Kqg?Q8I+{R5vaOX~F{yT&>goT)IWhD*;8P?GAT3;3A=+9i*po^ zrZ>Ly2)`-H3yzYB5@VFO^QDO!2_voet8>k2ot#-j^0#YnLy4Lv4%i!$z~3pE>F(AM#li=iryO@c-S8jt~^qA z=TZx3va70(O~^(lb*Wt3&-W{NEfvenILxqWj_pl3tDhs`3!}Iq*QyXS)#`0eg^Dmt zKN3LiUge-|tgy`X;KzXNy5cW>c&*EgRVHUAHfC}_z>&Pow=8%LG-n(l=)g4;!qFd{ z*J%UpU;YEZJbtC}E@M$wbU_a~7~`Y!DXt4R?mr*cjYAq(_Llu3!!3B<_uKVkg{ybd z4d)0bnp5HYoRPqr-4f>ng0qW_hCLDccP$@G;l^qTW^|vC zXOE>H3QR#1(i>E5z=UsVE=&vdfaVq(uqtG_j{Oh`U+0mvsAXMaQCBNrRkt#+ASt`j zAzlAYdM?6SCtA6RK!g?s^kEp6mfls06St z(_ca&?PdqZ5xd&VP@Kep&Pax5gM-t@tPOit9HWBKm_yhCBOPO z5DmNMnlmKCB#pOVL8Q800+pMBwnotg>MhZPLs^k68vQ!5pQ#G@IO5cfL2X5tk~@RZ zvN?D&7k1n9Y|`PE_DHLSD$6^DI+8)nvl8`RbEo=}aq~K$S~z?^LYqlwwOqn5m*y7j zk@7{m8%Rz(ZOod`W0uTJH^VGY>-6{Wxh?xQW7>_igC(yuxaZ$>R)_I%POeZHj)>dp zLrC|%d2Sq5*9s4 z{0e|JrI98*+bQp6ZFcIUO7hwDv62TT(@zr@ro{ulL?X^PkXO(K=F8{wB)(5>*kEA=sxFb9e#jtu~2C}^}z`_L1P0msv zxFJhtQxUHj$AR--oKEMF!`H_&xS0sY2Z|Ir^tR$r$aS=|D|dzKxy*P5_={yChnf5h zh5}0A|ADQRX&-NZw(ZM=&K3#mH%|gL%>KgAj5~oZ=u{$_xx6$M0mf(>PW+!2VEntE zJ~03BZ7L&V@6S)s0Op`0GU{hT;9WBRCGP~HJYE3-UxhAE^9ewO)Rd3g`}+%bkADuh zI^Jh=%mHpe$>J{#F!BC@aALCqBMW!8n&!d>a`7m{Cd(d?zbII6Vc^!Vxcpx6M0f%~ z8BYISM_$4za+zFg+zxeb0o&$x>me&_p2NoHIev-Lhg&M9@`vd! zf~x@f^l%NX2{%2hSVol?!&cR!o6?%UFfSU_Zp*h|?pq)LezD>)K%w7o6m{V+|67^FAW}c83LfQ04tK`qRRn#$ zK3|N#N<>7dVwC?Pj+^N2&UlE0lfI7K(G_VHVCxj!0~M8xBDWDC7DP}Sv>aPD_nTIZ zKuT`C6*_Ka->hk81AB46y9K62M7Q9zDZZ@Z>3@BQ0_Y6Syb*^XHts zPgdWu3eglvLRX|xQ3~0DHc@QW$&-cC4XLijlc$iZx7rUn6)>@CPFh`&y(r^lD zK%W=76rErJ)pE!yiDnSRr8+eVw0I(&Iceez-gdd>A_fAb=Q$nG7{axXyQh0Z;d2)^ z5fiH*>Cx_32v`ax^RK%1VD3h0@(7Fkp)! zn?ylOKTwg%y_Pj(v8>$6NemC>uHetj=z^9#_rWQrp(Dt!om35Znm$OYWX%5|usTJ9 zf+YzpIS#V~OXg=d?JHF)H{NZD%<(wIba-qwmQ(CSLgk3)kvP@7TEI=p$v3^SJ%Qzz zC?#FAilSUI-oznKPQ#MWae?J`O5=D8%8z(mW7pxrQ+h#*h{E@|PsXIF84iPTsd$G+ zV$JZRb&;12=-%+ZkuQ0lqaV9GEyfs3LUR^}^l z^G^py@SmgJmg#Z6O6($3B@Yd>TQ+WqOl-SX=Ft6jR^&{l z7ARgzp$pj?w@(fsBwU+o4@`)P0@B_5Bj1Q4#4wE(sY-pLNtf5H^nYjek=);k_Y;6D z>gpp_K8fedaTRbTV)jiLe^kS5kBEl-X?tTdaZfF~+j{(*_mo3;;F?L^#+i?QM<2FI z%yuT3MGK>1WS5ssk03Sfc6(RR#(&I4bY5!1YFnzHkL#jv!;wiVFW&*}6=nL3s}o@Z zX8VDT-prCu20jQCM8<9|K);C?hg|+HvAMLr7n-kfX0msCWyc`3%)9C*xKcXl8~lqw zFll>ibYzd0JBhuZJmbPBigcL~i!wjvtK^kIMa7XaLtF2iyUV=q@3`Q1iT3h&^4aWuKvX!Mc;M(Y$bT(lTP06{& zEGIz)8IVOkG77TQ#_6~{dICw<(>j~hXTmU-l<>7M#S$HS>C@J9`BFXXvJ5lHkW03{~tjpU~?| zoK{h=vI{J)F`1N0OG1@Wn@4Ia(F&T_19d%Kph3&A?k2ES_~DTMM?sg6zM@ujDULK} zF@u^sABANMq42{q6Fau{fPEhWX@@H4a!+PLybRbD!+{2amR(!ko+cw;0$~lkO-5S1 z!Tt%Dk-8Lyu0KJ6hc_TM?;M7LMUpnQ5ry~@|HWLPj70=oH;09n2vWBs{}kNdu79WG z{2|aWB+*M9eah^ljrOi|2{*8ET4Ua+U0md;flD*O*M8Z31;TFsi}(wGXriM6#8;Cp z1~bp_Rgtm7f%gR|jo^5rt!jh{35XcFW_;3{h{Hfg4>9*h&?EM~f=4b1vf2@08xG}3 zCW@l-g$t?+ZHEa!R)+8{K&R3#Ig9f~_VebbORx8JAk!bOxlA-L$9uKa;VkkZB#QxOxyxhj?Y z-i#{<97yv3RuP4MDnuZx1Yx_2Huim@ke&Si^bIT)uShk>PX4WFy2Lcl8%OjqxtcMm zCoHRp0ts616ouiBsSWWGE>SI+DHNqB8D8gGU?!&}@xIrfMxd#Q?H2z?24HB{0u&76 zvak=I=>naQUK4=$%kttUAuI{+P*^8=bM$;>!*@c8f1#e~#9bQmv0JAKUFZ8HHap|U zPLXdc$7k!ClSSFMEr)EPBYjm}ayG7gCPD(@*J=$*L`({%ShFI3cfSFzT+pd4yUwt| zE$)Fflt~?$?#_*hp3&|ocE}2E<)6w$4r58)5 z=4O9xoEO(-MN>yY#${Wvb}`GXR~K0qHJe66#-(;){MN_<-Eu#7OF`$M5|zb-VF%8W zL0}3Ev3NbAK#(Gio65uhvH(Q4^svU|+djy5AoQC(XMYYS58#XgW?LWKe>IrI0rIf` zx#z)ek0x%9(J@o&Q`3a;>;%hAuLN7i8W7N%6=jv<2n&D5`8YARkWMhNS-a=hRmRN%_xmFRFfMym+58m&Ahf zON3@kcjF~a)>L?*4{Pe134-ERac-bwsk)MCJiaHpRY;m#$~*!A!}hv7w34*n_bp}y zTVJUdOqul7nWxuqLO11#)8DYDiCY<(mr2?ovs0|OrtpC}zSiXl+dB0o<{UJl4Tl!l zfFW=2^%h~IGvlxuYf~t)VUIo1Q}V({h^z;-~aa%QZJL z9A;~cqs48XDH%^2IqA$3+Tnp%g_4HDDG0X|(xJ{hvZ{EN+IgbHwY#6Qw2Pbd1sv=P zKK1~S<_;a6-MWl7s%2H?o?eIq?jdK;o9!$3V?D?8%5QP zLwYv3XAJhl4*IZBv2^Ot)ZWkzgc0yfHd?^zE25mvb`C`Nhd=OvdTAUka!ype@f$nWT^X?hy|HV-#wHfL*5%O!n2 zU~)2O`<`Nty!n~EyM!rp6vQ_DgV0L%6$Bb}7%{BsM#{VP?PrJ80D=!2#+D9-rlzdM zDKAyww{=wy*{Il5DR&E#l8;H4N& zLY^>j%8%{+10e9|tJ#_;UU^b(Ws!rhV?PcgX|92Z2|O_Vdf%u+&Hdac7bns96?E><4aGQ;dq;iyb^6$>d?ZqUYr7d14mt-dl)l?O)l}hW~ z+rg}rDiH~&5u-IG3UBR!FNxt-OFBDFFbYe4GordXL65YjJyc=keV%6Dc*BgGx@JZ; z5gBc?hmAlWtz53AYS~MZ@3uOE_S7G&^;^~fi!Qj7La9v;m%*`z*h6azl;Mp5-kp2{v0 zSECs;ebseq-Jbc4;`k1oGG-2IlQn63(C0Tgqk#kk#jebGK7})R{R9+Eg&L|9enZUi zUK>7a=j*iZdDUd-l6>#&k)GFkN*24*tJ$S~#vOM@`hpd|Ta{bSueH{_Q5{QIXwv)I z!&N>-vi-|ep6=xH85?DS@Y#gG`I%+ndU z77OeS1fphQ_=$8f{})XPE06G|5r_u?sS-MQNfAB$hl6~Q*S)E?pLZmt-et_)?U5WP zBQe4jfn=ui;AvQIE~!C_qnu=?E$BU z$*+eNwDcMMB-}}KW`Q>(vF)|q+~oW!L%F!HZWj4BKqLtOT8_gE@XZf!@kgA^rvcw$ zwuIEo2YPT{-W*JyQ`a3eQWG0#h~KlxLXbvG1Vf8&YChkPRi69c5~Z>2Y#zJ^nv&}z zC%o9vOjT^{EQ}XU;G`{{F{u)r}8hV0bB? zQNP25$2yhPXXq~dVOhy^att14Lc)O#T zID%QT|E<>Gh>Lt~2yrwd(Kd8T-ku|~%tRdH#mUPCFi*;tKtL9^2CM$NMI81d(2oRU zbo-kmp6@qbh1Wnz?C(b@Sf59%W6^QV@SotMg7E^{?sw9|L64sVvTDoX7vFKj&%Uax zn9J={~YSf__Ei>{!*Hq+}6SL{>Mv~aOg9hrA$tEp%0W=n zo&J&D!EV<-p>D*Yh&6(|7gCFQZPtZa_K573i22)!{l$XZC3!6QiQmi&{Z?}D9;=(Z z-nD!|0Vsw})|JnU{PLplmX^0cK71E%RIoKCdd7B=TBCon7L(QF6*6l9h_Dp3Lo$_AG%jGt*wNp$6 zCGpzQc;mT1yc-oi?%?vU_e7^hSUkuSE*!^t11LuSqg}L#8CGNp<+Xf++prvj>3IB$ zxg^E^tmJKHD2Y+S$Tstft6vG^NUudOex22?T>Ht$V(pcq_ig8?A)1!Nxo^{A34^*t zE=I~xwwV03W{9nkGCH8dZv^CrsZUFn%HXA;3Yi%57F1$lvR07P8(G_7K4f}u2zYye z&|Ud73H|k2@!l(rFof zmuHpoKYEt?8wu4nXpG6m zOYt4D)qip~t{t1IG9GKi3MCb-V>ZA33=ge$LtK4vP zsL3N&PfBhup$QWim+%H+apwT^mSO0Uho&LIl2vj&c#0HgL+ieHY~YB6NxsSIEwFmsC?k#5w*%3gEcIKvvCv^VZ`K9;YZIb(cw% z5M|#b`({}^`hC6TFh@BkIq z&u%1>FBtzS6iqP0HcjD-NhB?oon{ZG=~K-XXJ7a7P`y;-i>AUh-PAbg1wZrO%HdRs ze9>y<$ZCK6QUX}Mod4a9ugCy9FokYxC%)t^s14kk6-!3H18i%Q=BtW zx#A^EJ}-7?HPFz*x1sFQ+~KQPx7lpB8xB zCb8HZ6p>H?Sq^w>Jfi+Tyc_WJa6rBW+AhdyOMt$M2MpN(roAD}Hl{&+Zc1^1QzrRfdlc(h&=QKMH#;g9VH?c!3le`||SKFZgi zwtrT668PnD843G+|JD{Mebg3tCSY#Mh0gZasr9?mlj$#`qkODJ$BkN5SI9qhDliDF z0Wu{2EWWYH06&vT^TbCleH5)P5wf@aTeN;x0QmEbQrZP`AP5j5SVmYm8To6NjuAk) zQm`Yqy)Y4O4}6?vmo!rOYp2|KlqUC%d*&mH6a|#`$p8PB_nu|_t&J}KSUt_>o!#9@ z1eSEU2TMrg|JHN=WfYi?RW@9vEE%Md$HCadQRx4pOAeTi8$b*R?oY6B_i`EGaXut2 zegBqVp)>_n0{dtgX3YrG2R^#LPMG>j6A1487@cLU_8R?Lf+g&4Yh>gCdVLUPQT~ZX z{&OLBAJY;;`05u%$LYrh*k$NA|J&SJ0TXiMn!nP(*TDeR^mS{0_&+a@0PlSqq_cDv z_yhd+W4UZF%JT0GUJU?BmRVx?Z@kw4(-m}<9>o582vUzf3yEY-gxfq0CVjO_>+di4 zKYGGah*toR;EL1yJ&)m!%`DQQg0|%7yD7lO1^l(MzswDm^%x~@HdJXd=Ag0Z zL(mpI*cY#VR?s({&ozuu#dm+uFIs+zBcxlqzO&Sfj^lM-Bp|oZK@iuj>oIC9dc@0n z;5Mhk;J#Y#&;<(MYgG}uG|zk(XEnN*EWvBOm{r;odni)wR(Y{Y=)0F8u!7~#M1JtF zHl^mf!!*A-NS<|fId%y3Ss-pX4jW>)9@;6=>s(FufR<$ka@`BxUmkO=_Hr(w?Op0G zcLyB03m&{I%6FdAFAwE247fYHjBdHa^xZY1X$Rhb5WzDfN}%FB`r#1t;t)h}cT*p5 zBXB$M_Ks+jx6{tSN1r!C$+gKa)3FVGJM(1d1?Ud9+RKx52C7aPbhMilY5zL$|Fo zx00ejnA`b_IXmWAc>_|*`TLfzx3`^dJEUo@hhu%n!vdQY_Ut{6qTh<1H?PKtV0$#Q zQ#oee%%i?I;dv3Pt}OI!HN66ecP`i8-oKl_S-j|aZFG!(cJOew^bni+^YjZ(_l1Z5 zriaE2)7<>Q#nDB;!^LH<_Rk=76)~cC@A3TchhKD=0V^c_h#o&rKCcL3$Gy1sJUgJd z>XARZo@$|Px!-9K@AB1*eQmn}98j4yKOIw#u5)Rw>E3ZZ2UqVdZ~E_V9xkK4(BWpq zspPB#+POElx9gK~Z|}cp|G;<*q)7`m#SXlBjk1nnELrvsJiA4@y0%WTADXY1p8s6B z8uV}+@>wKM@tGZSoN8LsT(Dd`_@WduYmoBp^5n&Xi|@92_8UJUitCx|J6+$Q3*Y$0 zw=>$66*Lb=G)q=H(MG5A^Bes2t$lCrozEN|jyWIlZ0{cK4;~zM^q0slnwIW9eqOvk zuYaq_Gi`OT=DD=*Ua!8&bl_a3rSA7owsc(gNMr=0#w&q&A$%PUOXp z6SwbDTLhdPt|(3zUK}%gLqA^3_E_}VzVjJ)Zynfm(?NQ$G;QvS8vnyYv^AGb9#=-Tl+vR1z+xQn=M;9xF84g|AE$4=A10{>M zvYEc4>_@LvNPT6s*Zn*N?LQ z&L-T;--rCly%#66-;vFvFV+=%+#Zvqqc!FiWG{{gUT|;p+^?zJGx~2A z`M+9t4=6+Av3&f%9xk}q_GQh;|59Z(5Jn`g+JSJDMl8QGw{%}ug@u>jq1@^8tP{zp zEeo(S`xvt%Mwp%c-2nhfPRC6L2~N|i{-TR35X7aIiX;#`@c7eRJm#_BHYJ(q?X>v1 zNMa(0bf7qXWZMdP!z-dUg8)dmhDedwOtBT10G56Gsc?Tc@>7ri~x^IKIoEO6|1)|E|L5Xnw!26-Hw>0kRGa#WXH~BI!0HzEZsy_tadtF zBl(|f9>ko-XBGH2t#oA^!AN|`RW2(rO0%f}#{G!buZLyjBIg&H791zZf;A88{b;*=UL5f?Z_IeioHlFnG{*a%=5GhzY6qNY)6q;g_sCb5Zl#vg zROxZhY*cx(V}GCwxbO%Ff82I72ct^Edc%_i=YAtc1vACXvH=q*Ke2{UUYgV=-za)Q zTu&PFwRF&L8APM{tnfFSot%v8y7|#`wVz!FoLdF}g#N2T0VM*~udRwEI| z--Km^+4O^h?<$2rp88tLyH2${#llF$rP~dG zS;0N8ssK&i%hxsGl=wnsx+zhmi4V`HOvqexsgnJBxPdQ-Edm#KR+&SX(P5J4p-!3e zYobRp!|W9}f7Nid8HV2qRNqI4%<-V2L+S_f7ybtq_E+}Fc(0DLBGaCl@p$*#@>+jb zKNv0dXt`N=BJ2S`b{f12P{j+__P*Ud@TIQs-}rpgbAyxVB;@^&xhn9m8-1Bik`-A! zINa3%b(nV~$ZWaH!x%dFvAr*NRuBl%qpt3NUffQKIsGm}jay}p1I4vWI5|FCzxF(7 zY6?I zcXx*bcMlH1lHl$nXcGu7-MD+O;1URK0fK8FI01sYTX47g^xk#Od9zQ|{p$X^KfbE2 zf}$VRv({Wb#~gF;QoE3id>?gi-jCl2)Dpx+b57Q(lDrO-)L=Izk8)~p?nX5&2z|?I!}ewX!=)Q`igl z7!S%+%&J*J#MHBB*_-Kn`q|8JLJJ?NblnLe8O0U-_9{(IY{*hna%#iDWTcsVx zPaNq6wnqs@#3Z$7KtM-ZyQz@!)ZY2__X}02A3K76>w*Lp&RfgJA%ex9Or2*2W9{@Z z*(r^j>v~B!dm##vx8ur5@me~#S(YC)ekcYpo3WJkn>Q4```C>s$WpX|rtT4-FPFuH z9EL!HRg}RV(^Sx;*ze^T_EzNR>gSlXGn||$38r(3w~{g>jBt%B+4qx{va_plsJkY{ zbr*44jx4IP7h{0zFEe?18*SehR??)S)~MBO}d?dJF#1iS3znw?($1=qnvi;J}$y85u$!A>4;eTP^)mzL#!Vr=S|{M;8hE+^HZ%;ZRf^A_B}F#$Vx-j zS!?66xFfGNZ;se5lDY(?y6;Z)!k^P+;;*FOt=)znChhmn8HK`*aULF9!KEiTP}Ox_ zK;kx0;w+eawe{@P^_ag80`tNx5!>Rbu=+LC!lQt}!m)-yM~*WcykbS6PX@5MC99?o zdN|j}ch7AKIv4k>CVX(FoW5XslpG;oI!+i)_f2w@Ct&9i^BdH0{42eyienE%qb6K0M z6%#20kC$vn^}$I`m}py_f(Tf&rVP4P3YWXoGA2LbBMhX27*X_82}SX2{Pg{*qC!#m z^Z7voc5)0j+eW{12bK#TA!S{I16g5M=G|-duP8xg;-%IQp>#Ynnyy$OZ#<^w0@@V^ zqj$bUPo7~}3MHjw zmVLpY_0}+wsuZ{C0gHBE>#S?vTn_O(3vTJ-33bwPlKZt}=_7ZKUtJzGrnhk`*8}UQ3AW|?a}vNCU#K358@$6oPXUvSzwI^9bIozRAz)>;4m9Jd-T0x%6S^! z2hVy}YI)w!5k&#(3LGxQz$ZWFxg*aM{FTS4DUUPnibVoaF3jQQ+&N-bP5bSU?oa#E z$KI`+t3wm&5Pv_1O$U{(L`D@)9-f?o)Usr?NDLCp#pJ1>ajpfP=Wn~Jt%89Fk{qAL zPwdQVI7-F$#Xy)rzS!FjM};&w1yo`9jJeHtkIhEhQd!LGqiac#_{Je8kru32B|>;~ zhG8x&?LYSlP|4S^5Qk)|y9 zwdvFt8X8otSR^atgmC+Gux_5-G}gFY`XBW9sRW-!;?R#1u1Q6jYCLiXFy1UB*wRWz z6!`Za(a|W890ObHWCf#$%p0PL)=T|wJmR+}9EaKWMz&T_A%Ua%AfjreXQR>b$YC0^ z(t)Ui=F@cGXdtz2GXp!9_29dJJincLB%$v0EkUAMzxo|1cXpGceA6#xz$pdpj2UBMAj=FZt zv#rQj|NHflif&8G4nAWZoqkbq{Q|f6ePUb$O9|qWJTY0RPL%%AnUsO`K}l@1faaBT^#JrcS+=(_L+TM%7e*7|wZ#^Sb+~J9xB-m+GWD zkjp~}H!d9%>)Anhysu8K*_L9FP6Fha?%u9^B=WmzdHKy*xF7^FiI=J(t}BH8A8iz1xeJ~ztn#|5h=7AqGb>L{Df_XcJ>K1K#AKlJ{`2C7@o+)evznk zRVYqJ6Gm^cW&P@N!6KcM;$!jTi`4rt{8bt0kwJ>18tlY%CTiz3!{pv2AW$KWklC4! zK~pQE^AyMWw3F35vc&~B7gxncOyJpaJhiHsca+`RukswNd%@~*Kgedxx|Y-~`FIkm zgG9M0h>OcmBBTA-GoAs!sz|hjRjEQ)R^Oh+xy-7wJ=tfVxcJNZYY`3W^R=YpzOwU7tqhB;=!SC}AdwFxUz#^VnZZ_8 z`BFL0q9rpwf@~6gr_vj}0VDZ=^W1TLwqL)2>D*cqsYS6rE&yx{GeFFZ*yzct_VZT* zYVs2^8?6b;vMkSIC2#X3yS$gqvZ`4cwlj$;9g#bH29+V-(s7*+=db^ z9A!0h_DPQ#f}83{b*=&!GGN9p8lE+YQI}(&iim@ux4Z8 z%Sd&O(9n%P@^$4%!i#e0D!j6^7)sr??Er*hPm{WLmd8pGHTh3ZI7LseH*`%H`!ZJi zY>&1P|HGH@!FyJfrmx-S*6V&8-R>INoY}}dFwp~X_q`Trx&Kv4Gmjy$(Z;+=F6cwt z{uINxO4J~Pb>ua*sIw$(`AsFmP6;JW6V4f8)vGEI!Z>Qw_0VgUFhz`ZlB}ir)r~`V z0d|1<8Z1m(NwwTf8#nK(BM7~wDs z>CZ8g{zwEyjP5{Rt5EWqtaAG+n_3FRpUcUy^3HsWPlhqT$wUt=xftnd0EYqPz!@W- zR@d~aPIGCLKiqD6Sx^eVlOe)+p2?2uY$w(VrH{0hzGwF6qf_XxV(R*P1Yys3lp?j;!c!l@Zhs2IZ-= zzi|8%1)Mf&ZaKe^%VVc?ZwS*_CmZN0SA37kmkm{vxP4dhgU-Cec(%7B)*Fx*xqqH9 znE(7y_?Bb1HvY8X{aJ9B*Bfuy9*Q(xOF82_M@x55I7cF1y(d6~te?85&EoV;ptP`D zN;}9esCE{FYBiYFXPd)007u$?0q38ckRR8mD|<~ICUoMB?i@7Lg{jmXGh1F`=MW$$ zZ!|P9f>Yi)MgNge?@Xlfskz;5kFMxuOz|f*p)js&Q14wICAFWpXlgKyUTK|nB;yWe z^VqUb(~3uIe@ICixOp0Jhc++YAl|R7tI3=#t=}}({zBZC{q@KWAK5fel)+hn6Vx6~+5%biI$nW>O#62W1dJ&MiGR$x}LC(>cHY-i%nNvt3+kiL?MN zrczn#0T5tQ>h9%E_@sH$h##ti^}ZqK?V#tHRJaTadyUoOaUHhGEa;^KfgAyjf{esk zLFFdx2oV0ehLcpP92o)nP%f16ChZ<@O7W-xBCUjb95F={6Tp?JJeYaCg}=BBi8}?f@1Mx@3ZbL`tR}0ifg74#M#{)}R|tgC0ub5~NQx*V8S_%y!6% zcZ|Mr6k5*DHgGysq(e6KKB&~be4j7W{HCL9=q)jMVljyI3p2bD;NZ}kH~+Mq3S3jH zaDRQUNdQ)ugi$wJ+XnQUcO$Ed~_Iq<^ zJv6W*t9<6PY)fg^J9U?qv{H^-?{JIkoQ=otE>K`?KSe z%-Wt5vzPg*ka&=S_x;3PL~Jp0N}MF13$9FT_n zH)`|=h8k^#L}4;PdjU_qZU*7#-$+_M43l|H=5Tq@4;-e!8zC8#e^ai40q?smD!w`$ zbP9lEO!@nw%m04h0hY|Z9qsIq0Sp0}OF`o!@pn=wELc!;s0Vn44{ruW&uV7u2T+=S z(6&s)VO1M-wyOMB&L}CF|DlBa3-wC{WS`*<1At2;u+j5V83M_t{ux%`2B;3<9(*)0?3iSv*~s^ zxzuz5afog(#B5~tMES1{*0q84yQk}H13m1~ctH^SUrqlPS8$9A=JEs#wBBho{m*tQ zni2!{K7gmO?*2>I z@$7+V=q|AX1OPQ)$nnj)zpNnC0~?OPI2Pc<;~8@g1<7&s9fZH$eJrC_RiQh)ZJWcCrIAwQFCN_%apr4Mt92 zwYa0$XT)Sx$kAR+_?ag#BlcB*XGLN;?%XzD7~Uz96dXDp@E{EfpxTC_0z3%9hNA}1 z)vEu!iV@LEp;&OMiA5q}rNb>x1yX?|fc$2rnXoZdG;V34XbK>NaOsF>&*dRlKg=^c zh|nnbKy9Tc;_yBa07Fg$c5zqB|JeqkV9vpz9fZMAMp2rr%P~~B!u#l?#AILt%hW%X zMN>=ImivEvEwCQf0dPAmNQ6YR>qn%b=`P}R1qY=tHO#30!|3ejhrRUwTsL}zcL)qs z^zg1+Zb8w+@g2X=j*W~&K1cw9+W(xA|9Yuz6wriTp_Au$LhpbkV0$561DWxlA7RrY zQ$Ep`79@{6hOB6+fVg9NfJ)9u2YrFYM~3NhnwXv8y)-Pi+_LFAfDhCbMjV8(2$O+6 zw+|0vj_cUN(`^PAcR?0%@4geI&+WwwzA;d-Pl{jizpg}^YyHP^!i z)e-r2oqCr8G*Qw%UvErE~lko2=#9lgAwmTlwu$4~N1-8ulKxSL>RacI~KyarL_Pp|gwPOiS_4sw- z_@}LC1*j^x*oHfK1O%+o%L<%o@%a(*3Zdf_GUP7y=nQR`f_9ztbH#a5WVgrO+`pt{ z%EyDv_+Ez_rus#Rp|E{o(@zd`bf8hYHVY^l({OOjAwLY(>8@;l^y)9!%tD2ii)cH_ zCAMJ!Xp>XH<5Ob|hCzBU6oi^&B8IhS<%(lhKIeF7-;48%KfLxDth?jWz_qpxvu%i| zBc_Gr-2&AbP@8ZM-GUFO5ZW&K2n5d_rn(?-3?d86>^C@%{UwP$N`hLmgm+bW4AKpYfTIA~qk z>(~)!*z7qh7@e^0>k(WbrsO*XTVS|ONV$-V$IG3@$SLwll?skeedOa_bo(-=@bTp1 zUh7_B(C*a>$}iM(!|cTks*OC@UnL56(vZt&r1dq&-WeSGAYfwd>}#dU5f7Jz8YjK9 zb6sr`dD9m(udbo_d8`$#qJ{ZusCKu)H-ndS78!Q$(y4q(g9pCwK`G*GI$UqV&YqD` zlD8E(W%*Bvd%v3@lvTrael0g~JnpiQB}Mg}ONID>AynHTZ~qoNPk4SVa!%9zaSR-4 zi{iJI|5g@^iJ&G4W0&rU950M`G`(8OnficZG;Z~V5OS<3~dQ&5<#^S$Z#Y~ zjl$4iZ-K1#e-aa>7;n<#9ZaR2& zl8Xu;VSZ3Kw`H<--uQI3q~OpPA$cazHFW;Et{e&%hYUVIRPD>ctC9TP^qH=TqTt0V z;R=9%c=F8E5Z8I5O?*;?d{HFs(n!b*vwlL3F!3t9uNRVbNP5mq665UetHueppz~xo6qEw=x1c~lFc@&f+5s_;VgK}Q8 zU8%XX1%299`ZL9ud6w_<^N6pBmwD=PCJMuFE&Vb@30?d3raC?ae&k;#q-vMt+HG>f zajZ+Di^=J0_ICCOUDr4QvLe+!f)`zGwKAsnJKt-?HB#2yGu?&*G5x+LiM*_Iw^FQj*w`rnaD2C&VVkoHjxo?T_dv=@&2 z!H~SnhY0Cec}NUnOg_`n_(4A;T?p5guSbv4uZZYo4;0=7j&mvi zM+ta#g;R(0es*+Eor}+PnpYG}c*O1G_a1Y__o{uS%8kf}c@V?Gjt#k(%^WcI*xV`rXeEg7YhpD${h4=QYb-W5Dsi57bPas?kKYzzbdw{w++wZR`(59M5o>Om`n`8@l!#e{TP<{> zadukvSd*#r$eIYQwgP;Dka>rklFfbwwqpG>gB0M@czKX%1B@A|}Iz z24p-PB$agy?g6WU!sl_*ETOu9G#ZI#a=xR7GDfOrHV{X!Ni!|(`i9&sE)No7YoMJMSq->UQOO(w zescPHehK4{Bg>mc$5j%C=;KqiMt(WvsAomSn77abc(SjH^a4Zx1%>A#5}$#T`2+3X zIaCr-T!a#rnbhMiVIbaL=3i#->i5K=)Y<5elYAx4hInByQVw>%U%!W+t1b=#sK2)U z=f3CCO3S$TL-FrnoJoP`@0JxqHL(u-O5vc$nDukf?JxwCm}!|*xQlwweEbeFp&j;U z%_{btrX}mCn!51g+g`Z#Xdwzh1iBeLrxKDl#mSfU^yok`AUAwPv)?0~y|ZXSW_8tC z2>zzB9u<_OSJl?%@rwFWsU0|-W$tm!bjSpX-U81XGO#}syvJ1IF~W%B%geIsypUm# z!+g;lV!@A7zt1K8`h;x<`NQ%JKf-B$;NkU-94lKimP#MAEszg5tlA$@uFS%2&Q&I` zOBu1=QVJp#2-?knT-*e=X82K@7@F>oyVS6{ zNh#EwVW?NFHW#RMs@hioD1rA2X!r8SW|f{6Xc<2StTU|+CR?%6N@Z|_Kb!eE0xy@G zTda+8v+5bp;T&I2p?f$GM8c)3%F#rG@u@>xw~+Hr>`Y?V!(8+StJ)v=>>^p@>&<~9 zL=tC27fh|qd*Xg+Y`2_F&C*#>Al#OV$FzB!R~%p-Hhlfr4X@qHBW%s}1#r#+NqZWO^x~Nmzs+%-GQBi) zHH8I)lbbbQm9FI<)oWz~3~^mu43@EJJFYrYAlX;wggqTkQSgpBIE{!D$ePEG60MEe zO5H(VBL;-u4@Y3c!Dq2X=o?*BE8bO!81;BXX>_6fi1CaEv96T`ghYH9!1WfHb3=N$ zmyeN^CQt(uzp&)_uQ=Q1uzR!>{`Q%oX*eQQEC~(!iG(3%_mj<$FC>#~RP3?xf(``< z1AWqPzVy5Ocg%B?FO9v5Md!~)z_ob^9Q6fj7_;N!2T`sT-{x8Vq^cE0zbK#WQn665 z=~i);VYkz$hLYaMQE>kve0xn;I~GiD-&zg1T9Fg(FMr$;-`-ea5d1m(@LBTebJ~dJ zhY|0ktFxA)@1AW(XJVCQ+a*P~xJq|RI6ibeMo%1=-Zb!);ySz?p^#BfBnt~Og{2M& zv@IP(*De^S%M}%6uQ@-;BrWgPu#6sB?46=S6aTS;zWzxz)ve>Xaj^|6BCg8pDt4F` zLS7b>MOL?!ga#3=`Yo&5a|Jp?RA&831k(%J6+(+)I^1V;n;5h^H8hmC&2@f37bOt^ zdIZPF=b1wM_zDaOkPX7-b2|S96;T;HgrPWJClZNx|6D5^w4mGwpzxVYmID&?&OL$r z7t+r*a;P~<3#Rc=!}{HgFj#C+$VC7p&Aqmu<k|9K>lZAWP zNxw3Fmxd=NbY{mAcAmJf@Y)XAh)tFeL6p zjBGy|Yob)gw%h{uP(PeEPBOTw*eU*5=V3$#)hG=e@o$X&Aglh@qIA_<3)ZdCRcq4y zI<6R|jNDSE-CH9a*-@R$&$Q(4kCC+yWz!+WZ)x99bP%m5ZcLQPFTn{wFQSPm9= z{SBbj!+#@02v7{mySh~f=(P?#IO((qNs0hZXz&$o)68dJDW+kR`4*vB z#*L}tbCqmGP9U}*sNwf-nlqb?X5z$!(U1{O&4Eg(>i_VU=0ws#X=NuM6gbR8#frUj zUX8V3jSX{F9zIkUc!zT~-xlI+=<(r)wt{AGxl6X~s?IY5a;Q%-!)XcBXzb4RaB*<* z!i_HsGm=*Vj9y7s-$j=^ZO(m-W6~%w&Pzb0C3tIkf{2TEX#F-!e%*@=?m1m_XI*ed zb_5OCEBbu+1TD>>D^h-1S@GZiH{>iPnybxGVmY>*A~e}Jf@pn8ur5KtizV7jCN7FQ zO$k-0s73hCssRbrFDEs|uHFt-b!yNdoKNu9C|+i=m_b$Dy7!&QE|C9gBm{94Wn0t! zF05)`$xBIEK_l%8CK}CDKFd!xi~gM|8|L$TMMk5HlCVm+6;-YqJf9P(YwUz`5{3ME z0-;joCExx_o-Mg1&0&agJm?bjITbq(TD5#R7%49dx#ufRuL8PtJjTrmc4VAyb@C#r ze3!3XQLHK>cgH8Wt|O>PiwvWvp&v2Mt1coXS_WkbON-+Hi5^X2^E8r$bQ}@*TQs&G zXfIyM(izuoDYx+lN$m!RriSpR%Fb18WHRN@QeJdYN6|AT2N{J35^yi!Yx%JeqFI7E z*=SFBVAov|IpDf0kIVF#4(dg(A$xrxtS{re5N_G-FQtHYJcmrVAJBp3;LtMU zdh)86D$zKjgH^H^U9B+)?kP{%rpWAH2Kp!)bL`sLq{{^i}W2E1E2X=OjFVSc<3pzDdC z8G+nopFQz`!(k)-_59n)m^{u-*1PBGF+IW zT>`3gIq|@$@}1>=^$`OXD)8qFI+)r1@hODWsf7m01RxJN;n9P+e{&B|fv-tGVoS>K z7l2n>s?{Lu;cwJr4zQO7`5zxPv?$nX*Z&u45(1zmIjbr^uo9(U5(}E65jua96J%jt zJvzP57MWn+dljL?|I{8P1j^MiTa#lLO9dX_`?5G=2eZL{e@N^AWBf?xnrDWR0iIe7 zng674Ou|5ukM=O34SAT*h9cVOKQwk==2U~3bE1NR5N!u|1(@zHegzy_5>Q3RSpZ@> z3^ZX9_)o22dYINQ;;{!i+9XVC_`>l&9=3%~|rsc!$N z5MBlh1QNS0`)ov8K%iL)^FQf88ht=L)um~u|NS50W3WQ|F#2_buvKQjW@dJ; zxJf*hXGhLA&;vimcZygEzZZ_JcqH~&S`Pbfd|A^2eHTCTP_}!RGsO_pX84g-v^z3U zT_+>eD|J_|>?}{X)R2GnyOS^$zT_TR;cavqab0lf)7l}}2X|a^bWWxv(z@%Pbo^pX z)powm?oKdtA8m>CruM}S-7*Z`Zod;uMUqmY=sr9_FGS&+2zZ*|LU1BF;pNB*`nKN= z`RL%;pshb|SJ9DkR`aX5B;rb?*S%}#>e;gBt@r5%pF8sM#(erKM@rvj?Zv!gc|HOe z`C94AyVZeK;&bF0#h`9QYsQ%c&~?Vck;w~u8J2Wt?`Eh;{ki0by?S;3@r}`r9S6P) zS4qbzdWXYcbBm$qEhAZyB}KR`wD zd2wR&hJP;kd6m9H)gVXX2f=;fLR@u*_}7}PzLCSAl;-w_l0yL^;>%$qU%0sEL^B6! zjfQHvXMOtN@k{a)B@2?AHQ`)ctmtAOP6{tk(w>0VELha=F-eXxKX(I{9c2D+E7Juj z4j?;?A$YTjZpNAn(q*d9q-p2a;yu?Ur{EB@G>C`R5zyrd)d*n28!If=!ddt+5LhrN zb-B5rWYl0NbawQ?dwp`)8vUpg&}%+59q@d9=*Cbe@hx0N zJA~NShq}^-4=EP8vbVgCJq%>ibkbp=*W!1xd3{;4TlKR0k2st0)6O${RO7%A37a-z z&ii}y>&|#}(BjK?y#W~x!_>P2_p=`Fb{PzX&S)R)ruABc-;4NFKf36?Iq>-`c}?tE zZ|>mTekMHYC0y~e!zn`mtHIKRUcV>SVqHD^m@`x4JfMJ`Dv5uEYO@LR>2AC;2ps}=c6oR*99Sj zQW1UdR_tQf<7vF9~@+SkZ~TjHhNBEjfGTe6)VFI(GiGv5z0KoLKV5AETr7PmwyN z7FC$1ax&nzTcbTPub2^tpCV)`vwtLaXRi@06XV!Fb=(`5b*`Pf@`aB}xHeg!BIa4J z^br(7ao5eQoEB8~gI~d?n4Jh7R$#IycOt4FR^-SILZTG*>#c7^)M-!;e&O${qd))q z6>@fpRv75h67P*m{dH#5%0~9b*RGv4+CI(nN8+At&!`qnQMLIWHiRKWMc7aub@9(q zEEz!&=G;;;B4j)nh@}|*Z4=AWS%{^BD8Rx7V(f)HJ4B_Wp?b+z*vT{qo_ju4^PVB` z{kyJkf`>`U0*o>aY{Q$FY|G&CG4FCUj4__D;QW3?ETK%SnH-u-W!m!D)eCReZGR1J z8Y}35b0-#|vPih4e(=;`=;(XU?Hn;yJ%YAnyc$E?fL%M)mh|sGA$>p$h$7=#4F(iI zc-FNikmpT20er$#AfyiqjqOc5*V?m{W29BwB{KmiSO}?95H&Ul-?a>U>jVDmR%VRB zH9xAqf-}-A7nq>D2cJAKznryF@`VnykMLarreiyH7sHP}*8+YNF-H`J7m+GF;hMkU zXSdn$`fV+91HNMwr|~6x<>PB6_Dihgc$aFild>JOVi_!u8usaPgQveaVx(?gg4Kxn^wciD?g(PDIA)8f-QaJC#xO2c) z_tLivBJ|Ye;bF*-6M7F*%MNCtx(oH|A{~QU3WUX5=BEHrfsD>zD*^kbWDR1t3}MWp z+lh{Q)*TTakYL3fe1HiLrRM~$x6Z-AezSjG^mA>89b}RDYH`U3DIc9(6#v%@Ju6t| zyT#BqBlR^`qt|-3yw{hDJ)F1_Fr_jS*p4a#`ⅅ+ zL<$tyeYNiDyp)~B4E{Im9>=k7t5%t(b0%C@yo~)(G7UJ^e%y4hD{!!1JJQ@4AKY#} znLos{&NQx)^&`>6vLX{)On2xnijk+6N8Xx?3?jKyjeaS-b)%9rs9cdOG70Xvil#iB z^Bq#(%e4EiSb&|VW%Vu@$#;Ehx%a3i+x^XrhuhRS7Kg-D@BL!`91usTnGcPu>f4(^AX%yikm_A#4%O zSWO&`Qjby1sASf0L5oK_-N(i6s9SQqla?H*Bi_HwgTLslqIty4ztvfzl_f+=E_=o* z$s?soi>C(XCOR1f-z@0VAW2M`(+tvHO#5{Kd1Ed`cxdSo(~idcIfDMvx0i0BrreYa ztCm}KBnZOV#H6MNrmuoy^3o^!O47y=0wX~;uMx<2s=4wahH>yUyV2@B;E%}+HlzfC zb*0CVqB9)dBzn?N>D!`6e3lhTKpe_^v?U4m#Q!-HooUAVhK4@Srmil6_x(9DB|F5;=LR&4^{msMHr9j zYsOW$6&m2d5>Pi44Vl*SE~@V_6zstyR5O9&Fh~>5G7t;|6mjy6ZnyJr8Ix)V=Dr-FDjFkFGOUH$T|69FOXd#aMr(-sPf*eNmWE zz7TubytVeakI|Rc;j~~Bt{WGD%BlOq1ozZDPIjU{^y-9Hqimx3PjcGzZ3@FsNg^0L z-kKW*GH91X7x0P5;@v(jHED}{5|N~ApE(v*xl<+Ort!u5poTi|3jL?BM1zleMH<#I zcfF(^hUDXpQ`N;E_2Xk?!rDKnfy^mncYB2trReRF(02b@AGGbS%VvDHc7DLgGx7DJ z*ghE_V}auFz|o+VjjBx}=BQt(Ng>ykjPtU@%W3MTfY5A_NM4io-Dh@1$%@`2qr|5E zPg%YU{*>^<9DeYqA-;BHn4>=X9}L}2=pNgRj@FcvDf_XAmL|kd62WgqUK0f3o3`Hjije$uWh-%bU-Q{YlPc zN*GgNZq?^DHGLKU(jaE|Wt|Q^!A6zisq*v%7X(YK2T8`gvS2+_#D15bT+hnrv$<8t zF{x;M{_5nOU&JUnY%2T5Yg-`X)As%2n$25`VrIK4P6n<4L^1$t9msV0P9V5+DtzDn z5$VgP#d7xTDif*mYKxhuw6V;@Na{74PW%~(w;QAe$1(lfPY)Z9V{-}SQo<-)KoVO+ z-j!$eGp?8->O{X4Nqia_-!142cl@T-J&}W>L%Gu#&Fn-E`!77jgrAlZAJ3)QRa#mch$ ze2n!EY59sWeJ65U8*qzXXoqZAs*sWs#ic1UI#48@^ffkaImJx|qkpQrzZI*^Z<_d| zw$jHiFRPQW@v=z|wW2(f4Db6#A@cB}Q8vm#jT)wo!p7<|Td~{duc=yJtRdWfv|;yz zKZ_oNP@X)51s)49r;FqsV$XEf?%@448Yg@B!${(E+NBq`&VC3S=!>hKgE*C$IUDcI6E& z8hadqF&6Aucu zLShhN3-{2%NJ-HId?gUxAiy0UwH^+7q1*h2t)H&M|5xF=Z(D~!DTD|^)W3v_+DEg3 z={oBqA4wY=_MnHK53hTFDP3PH5<4!RgY++?eN!++c~-oxww=`#ICyf9>V*@z9s1)z zp6f&p*?ee}4k?6x&i!0LPLEfl_IQAd#YhjYTyy2O)E`<3$Qju{_U9LkO-PLgr%H`; zUV0{v?s~ZeLs$pF%k35si1L;lPxo8uy0zPQWkycj;@T_yE`2BJ-eWoh6`FT>VU|T< z7`lQDlB%*OGbX$=(g;ZRK&@|K3DX~fKH4P5V(c_C>EN$6l^*Ah{1keyCH~#+r{oVBXghip zP2HiesC!kZM{)axJ*(AQ5q9P1+Hj0^%Q0o7a1k;t0*7&Uv|Z)oz79$Kr{mr< zVcO1ng)^hK9~^XeITaXra)v}{+nrnqi247F9t^#n{~PgGsok;z2j;#(^aT z@loXb2x5M3RlaV%$}J!HoGp)WKF_j5Z?R)y+Ui0Rd#=O$j zeK94AtV`p)Xbn}Ug|mJ+qrBM3WhJP?!zzTnK+HO?xtvjq{E(Rsd z9;juZ)p?^@)?P0OzqcT{$9N7y+UdS;Qr_UkwWu1Q9Y3O#mC+{#LvtE;kF zk8;k^(1V+=6qe++M@RE44h`*_s;6g$Inn~1qKe8$z?Z%Y&5zwy3LeCk``A$y#)ZX1n{4}edFMeNf(&{j4YzGQ=bD*^96CL#}|gSKMo`0-_)Gj{Ge zcgL3=YpaU%csxk40x3wLV1`dRyry9Jyyi4r9PVCtC4>w=$sQ8=Z3p$MB-m|*CR-3XTvYSj&o^6eAqLTYudbcvjd{gD3bX2fVar+07= zR{FSpcTR_kGItH#8tNHc&^gz7@2|6*hS>H{>2lnm;-cgBXfNh9VR>%pT_U2Iv++8V zksd++_^{b}{YTreUw(w=s0$rKW{kE5sN#g(G@~N zy(DIFdHi=(*1^2QLu5H-2Cj zX%oO-CMrUs@S|?`daxKWWcn~tIfg{{+Vofbfs4n=(U1swYwHik-L$XQz3OvA>4?^M ziC)ed7i?9kyA@)iw=v3PUB3%&6Wr4wseupKEx-u6)pn0Dz2rQWu%2veEOKG1 z_|pnm48N+rLpb9Dkrbhw6XOs_FLB>bl%}k-UHGFPoiDsc_(ArZ;)!vFc3zL`H0<#bYAe=1q_O~`Qf|R4!`{qiAe%|!mSm!RZMgi?_U1<01gdgN zsXns*Xp%Ah4^dk8bSeMk54iLn@hCMm;4XvLx4VL-#JD@mG_iCJ96dH4EmkHqFdJP+20=JRMYoUPICx(*H?3 zbcff!^OBx;?BgTeP>b!et!!vjR>(jjnsTbG9X>REmGRwYpwQspt{^qu1Cr zi3R9LAVhqCII}*UG*dQSTrr*o#*h=bnVk)8gLj@DBV1mrEnL1o_M3<>n7@tX zE!(Wy7rvD6yPUs@7xTp3K6lxad#dOvcc43O(&x_M`y49jbz;3HZtrzL5tDI4kP^9D%;uG zd1vrG3r#dhg1#-N{MALF%7~c$7xQ)e+FUVX3ajxWR0+}{&ODuF($}^U3ofBrCZUXx zu35g+`@h>!#6?zO)Q?TW)6s6P+b054C3U!kC7Tqfw><5=G&_kl_Utjrt>K0~UW2nb zbWaL!9@0K-ZPFZ-SZ$;4Nhf)YCS}QNiRL~`Lf&faDHD)YC323K6Z69ltskHEz+vZk zP7R)Im3{ZF*qd652He`Uw{6a!zRP5Va3F`xAwFo04c6sTW19-Og=@;I<3fa<7OjsY zpISAC;c!>&IelY%ehu9nojEBV29=UB;Gq@pvhgW;skLXMOjK?g6L0Hu!_QK4jeHPn z$G4e^Jo|H4gU;do^wLRRAXt_zI4Whenc^(M%D;Je;V@pFY>hyl$SMG5r-GTbA%C}l4Jfyy zt0z)1ha1)!mFDW{za|9NZy0LJZ&t4k&kuwBL;jO?RSY8??#%#R0kkL>n&NH+rkkY$VFnN;KDJOJ)P_>FO9bcB_M^ z^H2D;3%q}ZLK%=*oP*3E%qu^xhveaGpT&cbM(Sl`dn?@*KaOl_kNQ3eM@1AZxWI|92}t0t_!HN)o6M4YZn$ z%gtO0Phx&~{ipjgZ;6`_<~XJA@nB(Gm!i0HrC@U@fpA5Y-~)FHOG#!{WX*KmuMot4830_^R#ZaU(t&`s+4Rr}ZZ(~pDu8t|lzlpvZU>4j3F z2vC|(*U57VW9p6Z$>jkIwWzye-lqr+L#Q@58nK8IRqzxMLI)`7Fy!iHfOY%8j#zZa zEGJxR3FLm$$D3#`KFceAldg|NIDX?+%z(VJuHLzIAziOeqa~}#Z7O7!dIgILkfMk6 zeE)BYWhGM_cnfyq#$36YuqNckrlBv1{rXlyWpeSLT{w!GfE=F&!VnE%{#`zbchh}!1qECQcKD8mM+rutYOG`V=c7T6lv0c-vsy9aa-2Q8R5D% zjO{%MZkj{L@^()LrWN7rbJK77Koe;2(dph_bnDoXdkJN-ejGK82iX$o>C!d{F2trs z&}2B%t$d8~whUR?RyOaTd5sWk@r8tILAc`%Hb!$^!^XJgVD&PC1`@QI7(r7OC1`gW z9d0KQBTPv`=pL=bov87YjT}fdr1z6a=J*Bxqxp0*jf3*c8XX`+F5P&OEA`fK{rzE9 z`8)new8#aPoCTHyN^${@KRR@Ahq$^6 zcyG`Mmn@NKy^&wHV|VI4E3ph^$9dV~Bsa7vOLIdtvZidfiAob+M{kMQ6|YQBBS$0J z1!nk#D#|Ecw(tj`YnMb!?sIxNo=gX^?DMZuwIZunA-Ln2nSAhA#5^35aX3DFGlnl^ zE&PNSbJQ`y^j8|1b3+IdnzgZxI*T*{gq?->jf?(LH>TGm8qsnB8ZWDiuHOx*0=nxXa-9EM>q=7M5wStk+h?>d$Vp9#+ew~ou z?LO!G3EzAGoqr!}`Nz@V052&DIdl}en&3<_JwaA1OIm)4M(;3g(NRdQ2kPfUrd@=j zEP|kgf7rB|?9jAc!65zraQ9YWaW&1qD1*yj0fGeg;2~&$KyV4}65O5OZo%E%-6gmV z5Zv88KyV1b?JVBU-tWIJ&N+ME?TgGaPu8%yy1Kfm`qw4FX2h_t=%y1w2XXj@>_{p> zD8!9D*j#M15)>=iv%*Eh`7aH4pV2WC&JV6V~rfTGE5z}OOm5rJOT9>di}!>< zP!fF7Mv~RCurUh3il8`ZAb(@mgYQI2mhQ=p76mk-#Jp6CiE!Hhiw6gD)Cz(TyIzG- z?Ai-R!EJnf}ATuEdTwC2-vW6 zv0}#jDg-0_HI77Q`Lpwf{UB-QC%=bpE%WayJZZ!+<8XTY@K;0aQ}D}z*U)iP39 zq9_9p9*qRC!bJ0Y6+4U)g@F(n!88>`Zl=bk-E{oAIE5?M4ySg!tn&@|ChW$aZh8e! z?b{!@5^BP&4S+J0>c^0gv~^#tmQtt8lh3!(zWJgOy!s4;nnaDmrR9?og^`lslMC7z z`V3S=mCD@k%BanNw_@-L{3tTGH0Ep+qVAkXLrXWEbd^yT z;uS=fqrM9T6_-C=$RH}erY#^a`B(BcD6FK7%d|^ax|-UbVW6!Pvd0wdMj_{;?Mb{T zl_(%SLZ9l6So!G8A{9c+|`vnv*k|7|onB~fE**`-^OXQm@-?^|Nxy0)4t%WGj$>nxHAZ#GU z6JK^+AyzCu?5~iNGqSipWSS4)X+cp#0qy$~jPx<=hfv#0Wlw}Db50_3%mm#i2o)ji zw@nAi4aHY19P)~1%PVpe+(pvU8Hd>vAr26~>LY<}3$CFpiaRru57D1-Bc-Ci(OUyQ z^;^FSLSZn(o|);3@uS(Cq>ztxzxGo+x=Krd>OQ|Vm8ZoN6L|+UK*}&2YzTC>AXPv* z_0hLZz2VG)dq)+%LhMET^V|EKpjV9)N=j|-Hfta@Qsh`)e};gp#RUh>3^B)kY)Il; z^#v>_7$?MI!HP;DVnh*Hyvtr%0{N?K09PTpza@E#`ZnkG`T*yu-A7kG)u)50BgSv< z8AmW?;cZlx6%M%^{96;et2Y$3yfg|@fsN9dmBv0l&j@%10PIXM7^DGTBd2%XVoCn3 zc%eS&J5CrB!C0e|b9_Y9rfJcU*UeE1==y+Xo`vxCX#ffZh^$~8gKBH83;ztx`G)hc z6K3BQPhB-rsESVf?JGhw`np^;Q2Rute$YGx(4SLJ+MikiMi?xu3<~RgaK;&IGx_Bi z--eh>hN1BxRBi~Zb3F1hWq2J0R2E|IAos%#GUDqH5RN+c_eVI`0)?vq9E>^@-FBFD zzJJ96PzmA4qsEfu{<)S7II`<8!(x_3O{GRv=*+HsiU&%00N&9 zjKL05DvL!+1&>Jco20=knU{NA0}VD{I)gYBk5n+z${JOElXgGS6MD@7FLW7>idJwI zB_qREUqG$1zlw6BCiu$`DfA}nlsYC}=Wk zN2du*o^G&87O`(M2?M_Xcw*};`0UA$03;QIN7}dNg1GOe!YuHWKgja4Xt|)F4=H21 zsAh-1TAf<0JnoS^=ahs_mfXbnaDZtI-bOvd22&n?4A{wtR8Eb=o*PnJn{oP&`eF%w z5L0AO1dtQH;Xxj$JGSo+=TtVTu8 z5d&hdWz3&e;?vLIj|RT!PmGxQZI$p;8~cQQX7$Y{er@ABy6-2|fchD0pfEecrV?;N0v`D~nx_}FvuZFt8p70NsRFR$~ZX@MMqs4lKJkQ6x6iWmKRd2^C{K=`L` zt8p*SHC!~E7(7=t>5&8J$(cYz8RF{##Na|YpnDw#;n!Dd!eFnM{4y~HrC=~EP?!jj zJ45_7BHmXr3#9LZfpTQ$60Z;g%H@}Dn$9KehMLd+YUqnq7`ZIyH4{OV6scPsvbo5W2KO4vQ^Bb7$SS%W?5^ zIm=f*;A2P`UamzrRyAybca~8|UPcgr83t5j+OAS(2)qFHm~b9&w|IjLUr5RX3!j8e z+>Rlz`FjryFT89jJR8Xq-4lW%1Vl)naOw83w0Id>p#6svhzIO6kuv6jSf%n$} z=TsOMJfue9sjv!M5y{%`1zygF@995;=Gp^hBYQrinujDv{}GpxJ|7XtxKqN6$O&%} z6|ifSW`+-Td*e;w|9CI|&4Y=H5y|CfU7*{ES@0A3QTIL?%_d_1#=JT3tJPDj^N!C9 z;jrPkp1Dkcv8*ywb{bPS6fn`!kO zR&K;?#rULzOI#~wVaKkR-C1>Adr5li0m1pbFjdQFVbtd6!qIlvVIXpTezYb}+hwXp z^>a1k*ky4=T4s1I(Bya>k#^QOFBRq|Hmj-@V*zy)AOp(5U7Yx4g+qLo>qnEYun3h( zujhPkY#pk0M#iF!vZw$v!65oyLEQq3!0D%$%JX9yY+tg#Y6xh6bjztL3#ttX4paTx z#oZ>B@(m8^)&iRitzYyqhwWa6PeQTjsi>%vP=uJ2(%HE326{JvDh9pXgWe9CFT*P@ z^oL38+FXUsb+{j~)glUr>Os`-Q0kOIA8&dj4B3!4g5GqAHx&a7VShl$iUyV!M2nYI zbMXcgAz=rD?(7hPZype-rtT(9a}`{;7@U+v4n$L+{WK6|xZ#~y3rJLps61_5uwfOD zT*A6xzOigy!(E2%RC8?%@k{H{>ic-z`C!>`bDM@j@R$+WZ_i)B49%k9)u{-eb=y(^ zJFMH96Iuf2D^~>yANh}!Q*^RKg>3bsXueOvg4PRDxjxy&_;P7%AZZCwy1C?0xX$?! zp0N@a!oklf{6>(2=uM{(eLr$TJ{S`LM4bYYkWxyFsG^*oGFY}D4}Wr}VSh+Kk33)ee{dC;%{A`JPGz+hSM`aI`kFl{An$V+77xw~$VpD=G^9T$}VNf3%P znJu>C7wiw=z0pE9E_kjP$ zs=qY-;Nln04nYdfz?*=Y5T4{WdG+)eo2t&I^v3ou z;dz?s0CQ%EsUUMbUf+k>iN(`4$TGM<2yZdRC(ocBSR>J*#>;g{gD_Cvx$9u=mj9(} z2H!uCHQ&jXJQ@eCTAWwKQqWk6U<{GV74Zd+;69<~HaU_60CM#ooCzxo@&m}cNsQoL%6Z9kVAJ;h zvf2c6HKo|T{^yJ)9$s9A&Is;qq?f`wupA$Qv}1v+85!_@aB!BF#Fo#0OKd?60{|~Q zy>01#z63~udP#)9B1jM-_kHQdl8!vZwT(?i!SWT;y@AGQ2Dw6YCU_6@yFADrQiry z0TU@kb^e$D+ZO=L!0vyx{}AW_xHMr)Z4e}p?e+p>n)K5D8=)Zf(gtG(eF_2C^juSwAQA}k2vn<)cOJd9i4zyNLXbP%mEEv%x zwA248I|by}Facwy4rdagB4J|yK=F5zaccbkA_I_uUqG^uPn_@nHHkL50T< zT{_D4Y@>@T;$+F9s&_kzKT^}C-BJAdT>rmW@IOvdRPZBdoai(%>3DN$xJ+8X^E%$1 zYS+L2Eqp-koh)>J^>)AP_Coi)?Q`f{X=`yQU4!*%D6Wo2jZK`$gG$RzqGq-6D1jP7 zV(Ic$K!i~CUOl29vvlvlMur+!iPK{to*d7W2P;xIw{OiWn98OtKG9(cr{d_OOCY1WC)>F3Q=h~`CyTF6^v$mW#nwy#m(%@Me2LY%$DLi% zlLG#Fsx+j&7hG3MXh&<#*k8<<^VN^l>hy6w@DxV83bQ73wc>BlOxg(K7BaK{1#|># zci+6YJsaaWjX!D)E)EwaS8H+Dr;VsMPka0P1TRD60f*qWT;njwzH8HdM+6l4zN<%d z7loDvk|%u3Bo)B}-G05!w>4iQZ6DvlvyBSx35e^`!nUkK6gT(mO0C|0NUF=(nE@Rw z*<(-D-dCR-zCt@)@;_-FKA+_dv|I?!3R|VIZ961%n~Z?r(e9qam#T3ydowZRhi^q> zYPFWbna54Dk}T8ys%v+3)l{<<9JWl8WAQw^;I7rJu>Qe8rISp@cX=YiEw3hLmFAld z(E7mp*J1yB#}#|S%*f01}6l>*I#XMk9NfGMbI9LbCKv;eGs^q?C?|l z!FE`p&fArsW$k06J)@Ocn?61Rf)mh+6(^Y;oxYuz0o&V=DYLtaXu0NMLc)|$Wkl19 zM`d+lsMz0F?K7d!1;)huA9;qhL$dO8iaPuj|_bWIIoZG8fSCrUj4~Dd$s>thOSiBbdut}RK#+(dikM7Q|xNS@(33p)OH9xpl>Vma|Tf zUL30_SP{WV_r6ky%e4|N@v2v?xkWL{09Td>61l)cIFueh;15-&3$l=T}vn`kM1vk}pVv*C>{P5{IqM3j&?h;PKMj7)`s?PaaLvL8yOe2p{E^z zwQfSr4fpKA939^hm7_LJL~fy1M6`ZTDnh(b7>}i@9VWFL7?OP{WRoinIeU)+i}`)Pq5@capDnh zechX>$W?9iK9j!_)_JuV+lnigF)d51(Yo<1*WGWKqxsicOwW>^7aw6cPI-bFn3;RF zZtW+QzQe>MG3ig1CaBqZF*ope6Izv#{K!C&)!UQJ`tg(qr{*>7v2ixM;3?j#^#v?f zcB5&FDVDh!%m~oC573L#iF)m1FxkG|GZp8`4kPpCbm^^>>h|sx)6rVPo1#DKiQmur z6yKaHoa&c1yMo4!mjjP&8ucA@sm5#=FHfEIH!&Q|fV<+%1WO;-gCxK;Ab+QONulP% z>PLe<0x7-!U`Ll)hR=e#*U~aUG1|xez7UGWX{$(~ccsmOE+DC*qT`rt2QV(kLKbre5dF~hAzoM1h z(7)C@TB|`ph|CP69_?-`ps)FTXwNdL)!2d;9md(=0_N$K-QEaawq0N4)a@(z;zHhr z{#}*dk4I#-i0Pc-gmic1p0B*EaIzR38^-nk#}fIpD|{AI{>uyb&Gi^06_Sxm=EX~r z?%ztRfrKfSGf%Xz9$Nq0fM;{DI&T_iv+{IsXv1t=j@GSNdXS1gI#2T>=}VOtLx$4s z=@Wav<`bU{Z@>i5MS*dn2X)#flan0rxItH17ZWY8;n&vY^&fF4#n0uyv1fRPP8^1o zLmY@x&c~p971CF~N_*M%aDT7=DODhB!F8Pxzq`;jdUW0C*qQHJRR`mmiB;2K&hq8; z;_V3*SAn#U#Uc1}H|7toCb*)+yPC>vfh^L4{bbl*`ZLy_ar7Zae98}uTz)3rvP52kGA6In*s;{wS(hqvW=TttYIS?b{M(MeqS|P6Rkpu-l81>(gBA%{nyKuC@i7h7?c+FcA zvY;SdWxAm9XfFljeW7Ek!3i!=W9SZc5BmY!6XWSVfViVzWcdP*8OzQFQeRu5TlXxB zV0G2rXnRzh^L}$nA3MTA3jgSP@rA4H+30A+9-C3hqp9=4!`sk@2|m5QhA8d)PuHTF zV-{|h@W`(klk@GO_3mcBwL0CdRIv?Ay*$**w`B0imr7TSmEE=WJk^>S0gw!ooCCf3 zM}417(t1Ez!)(vq0XuQ%C}L&tWWL<Pm5Alodj#Bm-uFdyqVI+?jbScs?0_iw)EA zWBm~X$GKcXSB-}tv^?Ri3FVBEpo_>3Q`vE6p3djqkWZEA@mpfWbuXi7FVp>xBK%hp zyHcNE(v5yfmW@ZgG5~&bdcsaaclv{r{L2+aHXu`M_<;0-tTmHMR?Z%t_F@gzePmW2 z_qG_RG2`X-Q*+fuKd_f`wc<@W@JNsG9&EaL{e$5z_QX3ckuBgIw$H|h797vGX6)PD zgb9{_rGm*Xr)jFFa$JfIV=Igh1v{D63=*LK0 zU#B&;MJ$#*oH4PMg&xL0-M@36UHxTg@lI?SdXN<+qH#tl1Vj#fP_*EYjjQO+URMc* zw3>#d7%Vfx>8&N)2s;Bpn}q421w^wm-338)+}`F;n_b6A_%5$lJHu z?Z$Sb66ojrT<&jG7_CIEeZMSt7UQCvxFI$sg@S2;uHpjokt~@XxlqHBn0wmHR$biJ z$;5}}b1w*hiWD7lTpfL6w&y=&zGbaMCAtpVPH(ByIgtDqW^NC#znI(lBpc=>)09bF zU57Akz2+yx7*=Dxlca~~^-PH=TByMdiE=kgEzLc=45Mk#h8 z*8o&_q}^5Be_Zw5t|8GMK6hGaJD_Gr^@P^!8P9XCRDZ8~Dsyx?ScX4=yKh*Co1Pw) zrpnY;7ngh0BQH+Qntjox{(fV)sabIbybzGIHZ%+7`eJOo^UT;3Oi>fD@O1@fIoyuU zfw(BVR}1Z84r&S3{SNqzwL!T zC&in$m#3n1!*U<7VFCri=3@o?Uz{@;AU+tS!%sS9m8(Jwek91r1)<@D%ZEu`#7Udp zZS6zp-iTX41`r`A+@uRMzQ8Qh;thb|Y1rNoqRG*xTYBxFKRYCnEX|nRrGnPFd<5Hq ze%d{jguY>VMd(&gVw%>9%~|z8SD6y4Dp37JiOL(rSl$jM#0cr+aSd5(+7pkb@pPt# z!@Wo&A{9ob;@Q3eVW~bGPxr+3B+Jfz9rKH5d;IGWt6AHJn`TfE(%I_#QCVST-@HFX ztCQ}$Z{9#AOyQV$e=ZLFiRi^LS?!%9(I$UsHs`vtaoy7ghXw=}Z7vO0C z&X0J?`T(IBo7T z-cL|5_I+8`)B`ZLBkJEry=Kt#s`~O4Cv3h?;xzI#-tLw(Yadb7cE@_cD;pFn(@t zn!=8LtQff^H%`9d{ER$u;0Cjtwd&t^Imjf_%6cM};!ScOD+APYD*vc01dR$*8xim) zh+O@v+-~YC4DwH~V!}7y@$JnCduN}wn+sRBdnB^Ekb?8zdIv#Uu)Ysbw1l)Dn-$@{ zu7||I{cz5;hT`A;yz$_wmCoABMcpEmA44p#yyWd)WRQOUPBbbHk402>kpXE220&;o zb>Xi5D(6iQ1nE7&a&dpQK3bU%D|mW(Pz(h{7zka}y+b@&ZFLs-Ai(`@1893el*sgD z2@l4iRQqZ}fX(mmyG?g(Gb2}v3Bpx|d4DRx=|~yLMcVdPDNB(&qF7tF-Hitk^zNeD*K z!3F}51jM%ZocO=MAXBdw#B9Bfa1-{WEdcbJETR9x)O?X&z)80ka1y}Nq%P!$6g&Hu(oU%tq# z13#E)^jzS1h4<1>o1(iv?Y|JlY%^enrW(^&@?V^qd8xd=WV@#*p{s=$o`8oD)qn0!@&L8( z;3mFZy=dvO6+*M&)EeYK@>gB!f8efved2uqUMQMGqejw-QmE1To`@ zeLzto@)F+i;wsSN?0@sZLtQXpKIT=gE_&cbZRDp5%h(q&Hy0*-gF;&DhH=go;;my=bp?@8Qde|Y~DiP6Tg(865j}gx(hl9$o2zr_$ zX79E%?Z%vl9?g&bTo|3Wg6Mke3afzV-Xm`I_)N*|5e#c6E(g>$!<5+b-WMi45ZfH@ z0p~uEzEb~=ItX1h3Tm83S)3c8(+1*QBq&}5cfH0-VTqQe$yPJuawIK~8#D!n z09l^WezPY&M_1kKTn`6(;i;kwuY_3R0;tvXoLe?8Kj?`NVCrn%e_|^&Q)%iUa~Vn% z^^XlEPZbxE2MwCHq2Jx519|-+WQ-kk3!8sjHb)nmEpv}6NFa??Np(?zgS7}1=(8?JFK=*RIVSW#^AgikZLzSxMkBVkhwL__rf zjKzZ(&~NcKeX#P_9^lix2o%Wp^Is0mFQu0yD_o1IjA-^9q$s)ZLSF(CPAG%c9>TEaDNkgoaKMv&CZ~h11P>YhqGpn7GC9*nDe=zJ11ZLaik|jr2}M zruFd5Zs_nQ3-^+ojGwzDZSzGMMc#a$HE|>=C&O@>Eg0F0%TRDuH6&gSOday;j5}ts zY;co3@jxS{r$gyMw)G%n{*H2ZEDdzIYKw)_)oR0G7q=m~u4*hPG;;E#rTgp^gtumu zs~l#cI(|%2+8>{@UzJ7z8F+CO^x7u$grSjPVkdSey5k-Iqb(3|9;(P1r6pz8b3K}H?g!;J5QyyGjrU7(^@Ik}(o36RRgpuIJ%m$e$^JBVjzt!p68u`S!+J}M$$1-iHidFHN z=H}LB@~alcFiNPeh|ws|9mjr9U*ymaLWH z>%pgAkLiM;7pHrc*O~>2w9{(kR#8(&nworbAu2jQ=rjy!Ccc`{4^c17 z_VvdQe>i>GomgQ@>g%raKBh$!N(majKs9QQwm>ys^73Lm4)mQ{mQ?;e%c4UPqd)$^ z7eoJf5gEm^Y%X&~xd7h%Isb7k&S6w`BX1S!hC@|JYRr75frO38y0YG#WS~Sb#b)Qn zy~W@UALVk(@Dnf95g3#15aEb4K787gwC7QBxt}Le2!$%@Z7~@IzY8O#9O$cpcRcuv z%lkNRSRSXXQmCcF0$w*pIS=YVs^w!Heuw>>Q+Q*WmJ20879*6~;aGjliY#pTk% zwZkl@LZr4N%KlFquyBYl#ON@YtzF(NiV|tM17P~**a|PX(#dHqw#d0>*H+w@q^0#V3@A>=Q-&^2ib0i+u z|31)2$>YX5i~D3Zj|n8an#59PBtrc41XOA1+|=pK@SHi5Km9VRRLCMQlCLmppWyne zBjwpywd7UIN~+l57+)C0&&QiNcCv47)hjtVdai4&z*)OXv%D)|m}{Lui|V`yp_ZCe zE2-6G4+6QK(nTRoW2~gd-CTidgB{?wa-8%gC7uSd@P< zus1Zve$6RfP&Qtv04ML75pe237K|ki3Iwr4%j+zL=T`C4SV)=JT?d(>}a(`qL}-v&ZL-zArUchi1; zjc>F$tsYEBY%ga~IT|IBOSO{SExBlrjCW3am`G~XUPYn(92{Tb9LL?3+#;y{ZgAXy z`%7hYI(A{m2w(H9jl{dREYHV-KGqY|()E{4+qQe---2%Q&mf^$w=2eOp-4oH1zUol z)-CFW1gbC(7{2kkgveB$`eNr*-uN;2%8} zhEX#Cy$b#!0Y}KxnDQ%kdv?JD%9Z>N<<% z^pnKZNztF|h__)JoO@$jNeofDgNM?NF-YQcQf9kmYzd$+P0qK}q#>Hz%_S}_lwh?r zH{=#?bMDKErNPA3MA3^s54&QI?P;m~JwA3FpAOp|=CIV?XSGhTj$$)7C4j8GE?{d^ zaZCt0WmZ`Z(G3Y6EIaf%n+M&FTx9H@2hXxA_v^oo^8Rk+BwbIy8uv86vT|(+cU^02 z#0lz{>-)Joc&c?|>zoSFDzLL)$mFf+TYb3OdD=B2o-UYTn3z(6x13w|EA8SfIr-^X z|9<|$qp_4{*rILo&V9Mk*j%7usr+^_t*Ew=cRh|TsWO?xri2UqYTC|;bG%)LHubAW z<9&1I$^C{?Lf2zr3WQ#9vQ-ibYj@>od6i`?v+sAVS473{x;eTfZ;}x`h`#m3=uzIi zK`YM*mQ`~qi|$iE{&Atgs>4B1f@Oc)DbIb0&^5o#^!7Tl+ZIo^c|yN4?rrPEZE9e1 z_x|p-L+jU{PYcIS8O`lyq$r3TzwEn35lPRSK;1q7`}VBQbd>R{M-6!@Vslh%nahbK zWe=xR=Y@5iYqIEc%2wo;sR>5dd_^jbef0#eDzTY6kHzrLuEtTtnuvW7dVKCzv$77t zk@uS0ub)TidSKRGD6ZS7~$-dyN|7$ zaR_>yIBj}Eq@muIE-Njqto(BEg&rS?@cIaLxoeASNKUgTEgdhdNQP~dWT6&1$mX>{IB9`+m-!EBBtZVRfg zd~&WAzpjUc^dO_oKMstKlWmkKoO^tp`G`yCaj&OK2P5hF<)WTd_khPSj;b}vs8?!s*@K^EBL1F-m7nEa znoAYFjT*c_ZPCn^0167HSthroI0HPSx;K}JoJkqu-uA9H#gK0x&oX0;;blfmD`KIK zwYDoT7Vsls=*9$D9>}icHH&=v8Ggc(E0fCw{p+gmN4xP=B$Z%1&Y>-tv9{OUiV2{I zBZk|CrbVveti;+GS_#0>*+-^%u4E^MJyY(u13-B|rDpD!x8ohR?+tLv>`|!76y%%BTyB^e-c6GM zs&!;@k|Jv`XE5GMC3Nb{w^8`>((8~RqX&Vv&lFh(?-BSIXWT<#)9PV%Pm>>0K{`eB zE8no!*HX_NG)Go{UC(m%-*Is7x)xd$)PBcVQ@=NGwr?LAStdO3?AV3u#+)VgLrWomtPV+}xRW)wgsr=;PBPIe%IO*wc!!d9}p$4b{u6HA61gJxT`SH?qp@ArC$CrIdR-GgB`p-!+&j%TfIr^F z84vq(Qo(%~)Ogc=#Ugt#%KIps(>~Kwp^W{8v0HGESDIAbM5Oih@dEX8<=9h$u|R`k zLjJDAesSf1QaCdZAW1mAMl`+hGxgQ8Q3coOP6~@IxA}7XP?^NjTFHC+BHZ(*zPq(l zP@(18N;y@|(N5*JyTcanJsj-mXRI3y{A%Ttnc9(+b4_I}d;BMZ{xo{wJ5N)+zK&!Y z>`}qEL?pKn>~AcphU4^#Cwqu#0T@ZFRj}o622ltZPi@>y#IG&5%gL#7?3OC#b+rqU z-K370p811Xa`#OZAHHNwqfR}L>SlFcFlTYG zv?a4Wv=$&zbjOK66QQD)Kk*JlW34SkFUJ;5@x=4>UOg-Et(U7Q-Q@gf@Z$#>Y8Ez& zqT~R+@1JMs6!0r%jbjd!b1AFq@IEAn{YT?ySp8#c9^ z+8^@Hr&iE~e^%Q7v%pO5vS9^{9tfg~x3nxce^mW*EV)m@yT*HUKYKH}pgH!Cd6R}5 zyA~g(+Mf8SbVPI2^}$7fyA1Q0DTh znw^_#Z_rQDuXm3z`@HKD51Hz%UL)7a&2a-718rBMbk;#L1y_zi#e#d+tpz_^^E7Av zE7kI{j)hfab>?m(l7n%;O|OQvA#~a)f2T-%Y08y_m&YSsS|iudP+y}_xqfK;x))=~ zqP32MgSW_<5tmJO_KA9TWTTp~BxpOy4*U-Ev_%$c9GvaVYqzuVezqm@kM!kQ_KRXE%&!6wMq7Vx;1h9a{cz;rTu%3 z_w%*4x81Td##z<#UDe%wQP#(Tc4nUaZ0e|lpKnr1`xCI}7)SY^ig@==jra`cVKHvN zfDbh;x0f!4!6k^NtNnbvS_Y1ss7H{s6O_JXfF8SV1K@}YQA=OQBC>}Po?Ke*!IYBs z{qqO5)PRyOVU=UU z@|{NnoC(ng&%eF7$pd)tFo}ViOE2&nT6mX7i68JwP3K$@d#s1a5_zO@zCIc|> zC@>tJ;_NH%G)c3D>R&7bm^n`gNUe09v`&@GMqam1OXcOVO=rnri~ncF;VBaD2eS2R z^rff>%)hUhCqU@hd|V!xtpYR&4t#Rj9kWhHTWM8;)!{h*v&U@5(YOEb6AJp20+4}^ zk%Vx*ao8_15JcjYe1Ctv?oBdtI)CCkA(6RolceM2%JPF{Q#8@&)G?K(e?PW<<>R!P zJnA_agb*798%bZyh=Z#TAEe>!ysP4>WRYR~TczLXwaH&=!=(jG(f0k7z=kETJSS+% z7_d>1UzC+eSSy*)U;;%&*oPt>5xjKyC+j%oKGf8i>8q1W!JvggK_}5p;N;XAw=CBO zR5XeIWXSyWP7gw*jrIo#1Y4;Dyj2n*(^@A85Cp&w^;ZTrs-U)Ufq%VPw61a}|MQ!` zPeR&|-k!ipkhtede^IJ7`PoNkYH)F4N$my%FNS5q6W%B9Wi!x_0&Ir%7r?@}p#>J9 zF$lDah@gxLenX{Kp1WVKcK=(Y;=rgQi+Z9gl7dRP%u8eF>J^SrzVgm+Bwji(k18@z49l%*WtY}Iu}JT$+6-b zlztEQGbPC-Ws(LKgUb#e7mI{6H3*^!@HUbN9!&RGudq`(EO2O-w}7rxNiUsHWo10P z2)i^BLdYKaMb>JfM0#$jeaNRIq#n(UO1i+5uM~|aK&bSXdS=vSH|Ng|M@-Aqw4!pm zO>^J^E(n%M@x`H5P^F|3leIe^G?P@jNE-MvbzH6v-0<;!sv>!?ia7W?frf{_G0r?;`E z--Ssb!YLDrX&iOwT|au8?JJzg>tW3fcSWv^bGVx)FK7F1A7`2!AH?)XKonzod_E=_ zaE9LBSu8$fu*3AJh{Tp!x<%~5d;em;tM3cyhC(&36*ikSXW?X=&i29_)$=iEF?zCL zDg9;L?K|CkVu}QS%N>xs1dws5VoQR~kJeLy3zMNc8|$@u8yhS+%o42=dU)WRwnQr} zdFh;aFPmyJ;|Iv|A7)IAU?^zS7jcI3|BPFu3ha>qJ%|>5^zbo&$gnqe1b`|JbSn(i z&Ewo_U(2cj7p7&7`=*K}Uq{+}q_d4I&Ay`pAw?>6r89lJk4sN39ZaHft^?SHFQ8o$Ke{&}ogv2ETRLue6FNY;ibVKI7|?5Lw18R>6>t*U zhzImhBq6-1+|KflN{rVK*Gz@786|EyKB*LCi#To#OHRpLx%&1hFbn7Hm8f2) ze4WP89Bwh6)q&DsiDCk5sHRRt$;V^@5hv=_cgvZ-am1G~1U8i5GPU26s+7n{{4`}> zEyu^8e~$vQqWxa?1-WZui)oGRYmn3U^ZUvIzRtDW4U-OysNywn2G?k>*HlX|gD!G2 znqY#(Xrcx-kp+R(otq;dnEhxll*jATa!zrHW%cRGRceq*GU?=dZvSVpQ5q}v08IAjUQ0<8v?#G z>(nf$=0k#xoTgI>iHG#y^wq5b^mgg&12)D)4fVuA>u7sLWtL0xAq7X1LQzJe#g6WY z1oqWbCjldfFGc?@V8|7GqV z0mvBeTE8GujIiN=P_7rSHc>F)5;ef7J)S(_pzKyD5wgzqt2 z{2^iiphTm6z(cAsUj*z%dF7#YJu}bWEIdHYi(!wV5c{-23HOl>TzsfumU;m6s{K&B z{^C>p=1n@iM>y{9`xi|wX6LK};PL6<;3NjuTi+;T7@5*IHu(RTSr9DRYrxY;4kyCk zA_11=0-s(3Fa-a41LWO{FqMopV{p~JY_%?KqJKYwf;J%s=%MH#Xaq{Ee4ERSe;HmuzH$Ai%W)l)jQFC{@4}v#l4B?f*Mb3II_ku>Xfd0qjJ6PxI+-UeXaDJY&`arYz9R08d<+ zaWu*Q=D0}%3pCHR^yl&b_8*Jd`FNGqQpqzgQ_Jvp-cRz|^Evx*0q;MP05dL4TqWc&2Yv1Y{YQIVYb2(SsS#l2)WVir2}m7~pP(`4 z%wcdGB2-OSE*`Z!Cf-G*<5RVoDzVLSYwM>0c3GwR#y*R#oMvL_QiW(mos*}C?{^g3 z(*Tf=CM~ljsxeRh)Xbl+wP|M1>yhuxsFtI!-4b6L8JlcP6_5Sd*A#vh#WUT3kb7sFBLLEgcq z*uS{gxs^|BW=ZqmA0Tq3-X`>d`HK$e@A)EmTgo?sX zPK%|s&cm=Wh5DqI>+*oiv`rO)M?R~rI+bMq*_`4+ zYXV4pWnl2tac6D^`;}7@gwS^$o!tFJyV(FD>Ow){VrUN~}Mp9A#5q z{hU3q9`%_lN5L=;wn(UXKVHu`rJ)i#s8|6Bsi*y5WI)UFrQ`s)IZWPhqZnC3`Qs@D z*UmVVmCyz@?EkJ4vNNn%uLPgoEh6v+5W@q&vQ<94g4&1$zQ}NbqpxhRirvkcW38BH z>i?hi&O9FK_TA$eYw=Jq5lR%rSf;W@k)jZ7W+r27J&){5%9eerC?xxmrO7g;v5$S3 zR1c99#@NarloXFJvYz`})cl^a{LXouKYp**c^&_LzjH6weckuh<^?Bx_%;`f*LQP7Xhn89tc&BGiJ6%Out3WH7pp4l4dWo9!?DfQyh^02e@ zhL*xzabXkAuODU0(lA1*H4*q*@1)MTr|d8w$r@Z#X|5v3B;8Q5CRBe?N*U?dpbiRy zT61?lClof!p$t)2Y5q9<4A?3l$MAg@W+n4m?XlFs3luS?_}dOPkjDOJ0jKD9!5qHu zzME=TD+pK~5#x;f04^y#vH)sCrXO?Y2)YOYkm}sFhkhW+f()0XwPbd*H4#Ie9M1?q z)7%UD5+5*S=vs6?=vZ%x!S8Xs4<)x(TBeMGhH@qD5F6X zcIc&PdWRCznBM_{pXSi;(4luh-ryH%%WUTiXhGDzq``ymTmzw-PO0r=4(}{MrO=>K zvmRz~iOK_d9J(?Y^lQ2lC9o55PY-l95#eA^eOb99%!85!gJKWY)FUp&4!0AND2*s|zE1|6IDF40Hv2n;Av< zk)6O#bAKBr&Rc`@_?Il=1;Hfa>iYv+X^$Wu&|IE=IxyI@Vl?yY&xYlh z))4WVn^j6=eQtGL*Y7S^^fex>dpe}b2Atg09@c;1s<@7K-khhCL;NXnx1E%WyZvvu zN57ko0oJKf>W4g36C%R)1dlgEQPpvqGq!S^5ef4UFC@Wb2eY_EVIT}^XCkz%+pbp> za+_X_X*SU~4%iP)<9u+ECFm0bgi%*>5;0I&eFjM{Hh5o@A2f1n)9<6LgcIa=g_1zT zN@k}Mo4NQpSv-C^FU6z!@(!REmLPrzpNF1g*>TmPfJ1(^3RG)sC31YZxycXSY$%nT ziXFlVr<^&TM(j1hs%4cNO4O7pd5eBieqJ$=svPlH>-T!p=-Iw~S;HmgHRZ|kmq&FZ z7!Kb)XLekpNdMs-HY(8Wb1Ztcr7d+%w*^CO#%nUc<81Fg7%Mv)lm3>x9};?7g+NQLgDgTzQN)+ z8`PF^5w&bN8-Ba~lfuqUxl$cRKEN?y610xX!ir}MNC`C=ugoqZuxR_(sl>k)i|$0Q z?sfeFyGWFkFRN2ATQ#lNQG&<)70W-~zU%lRsEl+@X@_@8-*M=z5ZpA0c;1_rce|_} z&LNu*?uF&uo;=!2VrNSv%`AMm9P9^gKW^s?Ykw4Z^vtsHo(Uhv?GyZu3WqcRV}Ua?r&OZ0ino zZZR59!ApXzv>O(U<^by2N3{R80HW$4>lGE1sg;U~&3U(tlsFY>G$!moO0?ST>8_kGdrUEz9wd^5Pl}CJZwoz&#`cz7}X#2=MCdN z%pns>mkU)vmV_A#a75|UKRk%C;KVv=_f`?F@JA5JX)9{E3~+?g-ykjhXUbz9rG5(3GA%bum!m?E*v;&JdfhrS|hOI+Id*d#0TJeHh1Ynrg)L+qu`S9eV}ya zCU7O}P=LkApr9L#fOaoz>DQD=y@AquRAx_&zVH5(BUnee9YPIf<+@jhH1oZIVB4nq zrcxC1q`9eYGxZEi3JQ^~9;nm*iNZm1P;4sp3(G<{R4aW3Suu@QdUs0^<~m*~Q$%&oujcxklCx3M6itYs;n81wPdJ#Hv_t zk-)-8I6={YwTO*k&3m{`dxH;*K&glRj3abx&vg3VfMnqRfn+`Y{sWM>%EfP58(f=h z5RH1eJ41fjVznt?X;%3)%SO1SW5LoFxWE6%KtZJP9GT&?e>3YVj}Nx0>#T_j1WwG( zBVndRKN#e|&01Nd5#8QsD9JhEzI#Lmu}&8BL!ce`YdD}em$F!~2sTQC?U^>5_gZSb zr%Gk81sp`KF8ZJVonVv(Y&uOE150{Q9q$c zfyYjJjRFew|FJrw!Bm}@s*0?t@-_NUwyHkjjvYDfu<>!y1BNSnlXah~SoP zIYDaJYqt(GVS?Y)lV3s?M53;O3S7abl!*B^LT07EEG8f`X;Oo>+fKUiEgWxX+r@q& zOTILNO`J#d`KK^tvs5iiXiLgR=L*5{VTqVhFYOQ{y-yy#2udH!_Vn@=n(m>x)uUKl zHnR%r5YOGI#(b%rz1AgNyjPBhe!+<5o)Qg3(zA0MZ&8{yCm}PjIW4eHMX>-b$DVgX z8qa2cl4;ZQ*NSZKAXxgYquk36A|T*8gbC++=&0bbbGr-3AGoVL!9vv}U`y?4ml8 za;D2tj##G?JM7BZ9LaxS{l$m`36m4q&5?>%>LxNX7zhjjG?aIKl4By4q&%eUZi(1E z@-`q9YaLYBQ9vDy+EI)fXk#$ zERJ0N?8pYLDoeTRJan5CXiAq&wmXq5jOaye8z|uUfROA(d!!w>WUwNIK}XJvgG*lJ zr;X3l-*2Y2uqB#gTgM@A$;iz6!6%D1bH37zya}cKiITv5O-A%wwpKzq>?AT1Gt?*3 zot^)Zc0%2(V*AX(hc+^3bBmP~Uzq%dS{IkD6yUJi#?JLKxepPG6 zoY?I06!{p!3r|xER7|s}f>LD2pU?G)Y9}je0_jqhWXgq|VvW+{TbVuLVTP~;9NqP+gF?J{a%UbZueTZuLEBl769Leh%(Tu($aZmG^exj`uqLKCG>v9AayHBA1x^r)B!DW^=BfhpA2N(o$xW} zogYGKGLDc)Jk}T>$CsxO#8`t`Mq!J=N6%^{=FehbtMXzOJwbDPGIhkDoDeED2~~Qo7t0dwbel{4MP*S87!DJY{-w0kdlk0&keJig}Vfb8?PH*&e{AJNQ$c2$~t=-90h#p zg$vIol8kRSSfdG%CW@{N=~}z4+h=THogsq?;H6|`>%6%x8HOL+BU@hOEW`7n&`n=r zOV>(8arY|vjVM}Hu`4UB`LW%(mcySol4Qc)kh)Q;zCaF?ZL zbQsznKI`9S7q2{VpIm+DLR!jKgH|#TiHP$idT)CAtS>J-!{-*Iq8Q}SG#7zBKfMhR z?fEh~Zk=ou75HvUQG>tsv*jCgUM9p_+f8t&si4>|7UsyJJnM9?iS}cJs!MWAJ9+bX zDj&5*)Pq$`2J%>1Z{Qmo8!sf#_=79+3$>2@Q{$@*jtzSqm7D~6tJ1FE1#3^z9YTOD zkjiO5Eck&7UO-(6G*~YMsaO7j+~Hr4>pd8GR+Y!g`qXAt^UY1p8>$XP9dJ+WUa4E! z^e(8PQzUC(QSa-G@?5`>l83(oU10AFGVD>34-|v*tb-SucgS^eV`siJn zccdU`U11Aq1-fkI%d6QKu9uM0bLE1%v1Dk9A6fhr->Y8C_18DF{ zp6!7R8iaNUJDP_pm%ary#ZX1mjbPBdW)h5@KP|GSJsbg_pi4M1>7be zq^TCD*qor}!N9jn&Yx|0!IWNT(cc5lHuAr1y9ZV%n0bgk=P?QL*bO^VBq9B8=0isX z5h_qF8nFB%VbJkzU>2b_V{;; zrre~Mg7@CZG_Nvun*-XjjzZLFTY@x@uKi2B1Jk($daacI*ImB?0cGN58ZT7$S|9SX z1elEA!QySOaUhzyrjO_nnWnm63!X;r7+c`-eF&ztfB2d`lRp_jXco$OD@S}94c@ER zQlh!hECel3d&wjEg`M$wMUKB@%my-wRs8WGyo)#ABN znbxfqincmu978GIP=+;L`G$F_$FSfjK1}TxECad{626co%+&4QCJS!$0=)))g8l1?7ZG<&2fjb9=3K@+ z)o9?<3$|8K(UkpQTD}s;a+&u{C|GGDFIQV(mfyoh_2m|V>@8MK$ERxrCI2-F|~ qxi|f?AUGmGuk`BwJ4Zy&niy-vU+kqWq@66_Pfy3_WP!G2@V^0i-09K) literal 0 HcmV?d00001 diff --git a/docs/addons/nats/tls/index.md b/docs/addons/nats/tls/index.md new file mode 100644 index 0000000..12ee7be --- /dev/null +++ b/docs/addons/nats/tls/index.md @@ -0,0 +1,802 @@ +--- +title: TLS secured NATS +description: Backup TLS secured NATS using Stash +menu: + docs_{{ .version }}: + identifier: stash-nats-tls-auth + name: TLS secured NATS + parent: stash-nats + weight: 40 +product_name: kubestash +menu_name: docs_{{ .version }} +section_menu_id: stash-addons +--- + +# Backup TLS secured NATS using Stash + +Stash `{{< param "info.version" >}}` supports backup and restoration of NATS streams. This guide will show you how you can backup & restore a TLS secured NATS server using Stash. + +## Before You Begin + +- At first, you need to have a Kubernetes cluster, and the `kubectl` command-line tool must be configured to communicate with your cluster. +- Install Stash in your cluster following the steps [here](/docs/setup/install/stash/index.md). +- Install cert-manager in your cluster following the instruction [here](https://cert-manager.io/docs/installation/). +- If you are not familiar with how Stash backup and restore NATS streams, please check the following guide [here](/docs/addons/nats/overview/index.md). + +You have to be familiar with following custom resources: + +- [AppBinding](/docs/concepts/crds/appbinding/index.md) +- [Function](/docs/concepts/crds/function/index.md) +- [Task](/docs/concepts/crds/task/index.md) +- [BackupConfiguration](/docs/concepts/crds/backupconfiguration/index.md) +- [BackupSession](/docs/concepts/crds/backupsession/index.md) +- [RestoreSession](/docs/concepts/crds/restoresession/index.md) + +To keep things isolated, we are going to use a separate namespace called `demo` throughout this tutorial. Create `demo` namespace if you haven't created already. + +```bash +$ kubectl create ns demo +namespace/demo created +``` + +> Note: YAML files used in this tutorial are stored [here](https://github.com/kubestash/docs/tree/{{< param "info.version" >}}/docs/addons/nats/tls/examples). + +## Prepare NATS + +In this section, we are going to deploy a TLS secured NATS cluster. Then, we are going to create a stream and publish some messages into it. + + +### Create Certificate +At first, let's create a ` ClusterIssuer` that we will be using to issue our CA certificates. Below is the YAML of `ClusterIssuer` object we are going to create. +```yaml +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: selfsigning +spec: + selfSigned: {} +``` +Let's create the `ClusterIssuer` we have shown above, +```bash +$ kubectl apply -f https://github.com/kubestash/docs/tree/{{< param "info.version" >}}/docs/addons/nats/tls/examples/clusterissuer.yaml +clusterissuer.cert-manager.io/selfsigning created +``` + +Now, let's issue the CA certificate using the `ClusterIssuer` we have created above. Below is the YAML of `Certificate` object we are going to create. +```yaml +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: nats-ca + namespace: demo +spec: + secretName: nats-ca + duration: 8736h # 1 year + renewBefore: 240h # 10 days + issuerRef: + name: selfsigning + kind: ClusterIssuer + commonName: nats-ca + isCA: true +``` +Let's create the `Certificate` we have shown above, +```bash +$ kubectl apply -f https://github.com/kubestash/docs/tree/{{< param "info.version" >}}/docs/addons/nats/tls/examples/ca.yaml +certificate.cert-manager.io/nats-ca created +``` + +Cert-manager will automatically create a Secret named specified by `spec.secretName` field with the desired CA certificate. Let's verify that the Secret has been created successfully, + +```bash +❯ kubectl get secret -n demo nats-ca +NAME TYPE DATA AGE +nats-ca kubernetes.io/tls 3 24h +``` + +Now, we are going create a `Issuer` with the above CA Secret. We are going to use this `Issuer` to issue server and client certificates for our NATS server. Below is the YAML of `Issuer` object we are going to create. + +```yaml +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: nats-ca + namespace: demo +spec: + ca: + secretName: nats-ca +``` +Let's create the `Issuer` we have shown above, +```bash +$ kubectl apply -f https://github.com/kubestash/docs/tree/{{< param "info.version" >}}/docs/addons/nats/tls/examples/issuer.yaml +issuer.cert-manager.io/nats-ca created +``` + +Now, lets create the server and client certificates. Below is the YAML of `Certificate` objects we are going to create. + +```yaml +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: nats-server-tls + namespace: demo +spec: + secretName: nats-server-tls + duration: 2160h # 90 days + renewBefore: 240h # 10 days + issuerRef: + name: nats-ca + kind: Issuer + commonName: sample-nats-server + dnsNames: + - sample-nats-tls +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: nats-client-tls + namespace: demo +spec: + secretName: nats-client-tls + duration: 2160h # 90 days + renewBefore: 240h # 10 days + issuerRef: + name: nats-ca + kind: Issuer + commonName: sample-nats-client +``` +Let's create the `Certificates` we have shown above, +```bash +$ kubectl apply -f https://github.com/kubestash/docs/tree/{{< param "info.version" >}}/docs/addons/nats/tls/examples/cert.yaml +certificate.cert-manager.io/nats-server-tls created +certificate.cert-manager.io/nats-client-tls created +``` + +Cert-manager will automatically create `nats-server-tls` and `nats-client-tls` Secrets with the desired certificates. Let's verify the Secrets have been created successfully, + +```bash +❯ kubectl get secrets -n demo nats-client-tls nats-server-tls +NAME TYPE DATA AGE +nats-client-tls kubernetes.io/tls 3 24h +nats-server-tls kubernetes.io/tls 3 24h + +``` + +### Deploy NATS Cluster + +Now, let's deploy a NATS cluster. Here, we are going to use [NATS]( https://nats-io.github.io/k8s/helm/charts/) chart from [nats.io](https://nats.io/). + +Let's deploy a NATS cluster named `sample-nats` using Helm as below, + +```bash +# Add nats chart registry +$ helm repo add nats https://nats-io.github.io/k8s/helm/charts/ +# Update helm registries +$ helm repo update +# Install nats/nats chart into demo namespace +$ helm install sample-nats-tls nats/nats -n demo \ +--set nats.jetstream.enabled=true \ +--set nats.jetstream.fileStorage.enabled=true \ +--set nats.tls.secret.name=nats-server-tls \ +--set nats.tls.ca="ca.crt" \ +--set nats.tls.cert="tls.crt" \ +--set nats.tls.key="tls.key" \ +--set nats.tls.verify=true \ +--set cluster.enabled=true \ +--set cluster.replicas=3 + +``` + +This chart will create the necessary StatefulSet, Service, PVCs etc. for the NATS cluster. You can easily view all the resources created by chart using [ketall](https://github.com/corneliusweig/ketall) `kubectl` plugin as below, + +```bash +❯ kubectl get-all -n demo -l app.kubernetes.io/instance=sample-nats-tls +NAME NAMESPACE AGE +configmap/sample-nats-tls-config demo 9m40s +endpoints/sample-nats-tls demo 9m40s +persistentvolumeclaim/sample-nats-tls-js-pvc-sample-nats-tls-0 demo 9m40s +persistentvolumeclaim/sample-nats-tls-js-pvc-sample-nats-tls-1 demo 9m17s +persistentvolumeclaim/sample-nats-tls-js-pvc-sample-nats-tls-2 demo 8m54s +pod/sample-nats-tls-0 demo 9m40s +pod/sample-nats-tls-1 demo 9m17s +pod/sample-nats-tls-2 demo 8m54s +service/sample-nats-tls demo 9m40s +controllerrevision.apps/sample-nats-tls-76dfb9c75 demo 9m40s +statefulset.apps/sample-nats-tls demo 9m40s +endpointslice.discovery.k8s.io/sample-nats-tls-6lxps demo 9m40s + +``` + +Now, wait for the NATS server pods `sample-nats-tls-0`, `sample-nats-tls-1`, `sample-nats-tls-2` to go into `Running` state, + +```bash +❯ kubectl get pod -n demo -l app.kubernetes.io/instance=sample-nats +NAME READY STATUS RESTARTS AGE +sample-nats-tls-0 3/3 Running 0 11m +sample-nats-tls-1 3/3 Running 0 11m +sample-nats-tls-2 3/3 Running 0 11m +``` + +Once the pods are in `Running` state, verify that the NATS server is ready to accept the connections. + +```bash +❯ kubectl logs -n demo sample-nats-tls-0 -c nats +[7] 2021/09/06 08:33:53.111508 [INF] Starting nats-server +[7] 2021/09/06 08:33:53.111560 [INF] Version: 2.6.1 +... +[7] 2021/09/06 08:33:53.116004 [INF] Server is ready +``` + +From the above log, we can see the NATS server is ready to accept connections. + +### Insert Sample Data +The above Helm chart also deploy a pod with nats-box image which can be used to interact with the NATS server. Let's verify the nats-box pod has been created. + +```bash +❯ kubectl get pod -n demo -l app=sample-nats-tls-box +NAME READY STATUS RESTARTS AGE +sample-nats-tls-box-67fb4fb4f9-gtt9z 1/1 Running 0 13m +``` + +Now, we are going to exec into the nats-box pod and create some sample data, We are going to use the client certificates created in `nats-client-tls` Secret to connect with the NATS server. So, let's create the certificates files inside the nats-box pod. + +At first, let's get the certificates from the `nats-client-tls` Secret, + +```bash +❯ kubectl get secret -n demo nats-client-tls -o yaml +apiVersion: v1 +data: + ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM4RENDQWRpZ0F3SUJBZ0lRUDZ1UXIxQVlFWnJzREF6ZHBRR09HekFOQmdrcWhraUc5dzBCQVFzRkFEQVMKTVJBd0RnWURWUVFERXdkdVlYUnpMV05oTUI0WERUSXhNRGt5TnpBMU5EWTBOVm9YRFRJeU1Ea3lOakExTkRZMApOVm93RWpFUU1BNEdBMVVFQXhNSGJtRjBjeTFqWVRDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDCkFRb0NnZ0VCQUovelJtSE1CUVdGMTNXZlJubzFsV0ZJajZmNmhyRGRVR0RTMXBrY0hmMDlqNS90bEpYSHpCbVMKZSs2YS9Qb1MrdkMyWEtyeVp3UVB0NW5BaUxXR1NxM3VBRnJ3TUJncVBBQktOa1hHL1hjamNvbU5lVTFaQlNYYgo1WmlJa2F6TUZPOGFqRWxYb3RmYnQ2cVc5MGNCTVduRW9pcnUyWkFyam50WjJpMmpPeGRodUJpRTkxamRsZWMyCkdZWGFKVlJ5RkF1eVdXanVEV3o0NjFKdXBMdXcxVWJyVHpmMExUenQxdk9ONnZNU1RQT0Z0S0tnd0RGenB5ZkgKVjFFQlZ5aG1KSk42QW13SkErZGEvMmsxMUJCeHFEWldsOEZMWE1TWUcvU0hKak5sQ3VsQTFvVVJWbFI3MVF6KwpTanB2bkxKVm9nL01sYVcvTzB5N0lRcTVQNUZGeDBNQ0F3RUFBYU5DTUVBd0RnWURWUjBQQVFIL0JBUURBZ0trCk1BOEdBMVVkRXdFQi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZNcm5ZN0Izek5VY1AvN3hHTzhkTFIwZVcxUnIKTUEwR0NTcUdTSWIzRFFFQkN3VUFBNElCQVFDQVZPQUZhTjRVOUQ0U1cxcWJUTDhkcWhFbklXTFd3YVBJdXJGSAo1MVVRMEUxenFTOWcvQ1gwUElOUmJ1bFpseHVKRGFBZEwweVYwYmZYZExLQnJacDNwS001eGRyaEoxQ3luNjV5CkRML0RTd3hTOHlxT3NwTXF2SkoyUTBhQ0JQTXhDRFZoOGVFZ2krOG9ISmdobkZzaTkvanNoZ0dUS09QbVVWdHcKTyszS1B0MFBiNVRDSVpJdlA1cXBybkU0U2hDWnRRZ0UyY0dJTEJPZEt5VEl6QlpuM3ZNZjc2Zjd4NU4rWEtINgpQN3Q4Yks0SUFSbzR1WUN0cDQ0K0dkY2FlcjlDL2RVNlpaMSs1Nm4xcUo3a3FTV3cwNFZqbi9CVWt5WnhIdFZPCkFLcUNCRWtnK3NBQytYUmNiOFdxTHkreEEzdmU0TmxqalE3T2MrVXVzanNrSndOVQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== + tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMrekNDQWVPZ0F3SUJBZ0lSQUlnc1laWkI2RU1MQjR6NGRnZTI2ZUV3RFFZSktvWklodmNOQVFFTEJRQXcKRWpFUU1BNEdBMVVFQXhNSGJtRjBjeTFqWVRBZUZ3MHlNVEE1TWpjd05UUTJORGxhRncweU1URXlNall3TlRRMgpORGxhTUIweEd6QVpCZ05WQkFNVEVuTmhiWEJzWlMxdVlYUnpMV05zYVdWdWREQ0NBU0l3RFFZSktvWklodmNOCkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFOZEdselNWRTBGS1cyY1M5V3VqZmk1Wk5oY3I3dXJsUjZZSGR1dkwKQ2ZDRGdEZTNBUVBpWG92YzI4elgxY3d2cVVQU3l2WXpGUFN4dUtVRXpoLzBGZE5kMGk2SkVRQUp4dVgwU2JSdwpjYXZXMVR5MkZFWExtYTNiMnBWVWJ6dUE1VVdGQzFwd3hZVCsvcERHNmI4YnFuQVJiaFNvdUowQUoxTGNGT08zCjg1V1RtWUFDRHY4dmFyRFQvM0xmYWtndXJqYWc4SWdMMURyd2hxNFNjRllveElYbXJJZjhMTVVERkN4Y251aE0KNnIraUl4OXFhWkJjMys2eU4yNXNvc2J6ZDlXbXRlT3J3Z2pKUzRLdU9ZaWl2VzBsSDNzQTlOSG9HU3cwSDVtWgpjcndsMHZxV0JvaWFoMXdWSjM5S1NrWlRvLzhUaGpMQUV5QUZKdzRuNzk1eHFwOENBd0VBQWFOQk1EOHdEZ1lEClZSMFBBUUgvQkFRREFnV2dNQXdHQTFVZEV3RUIvd1FDTUFBd0h3WURWUjBqQkJnd0ZvQVV5dWRqc0hmTTFSdy8KL3ZFWTd4MHRIUjViVkdzd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFGRTE0OTJkdS9HSVpKS3BuMEdRNE1STApHbDI5bXc1Wi9nUWxwTTN3NGdYU1hxbmNGczREcHJFd2g5R25PTkEzcXpta1NIakFwWmwwQzdWZi84Y2RnNS8zCk90UVZSSGkxQVJFcGFHMlVUMnFJSXp1SUVLN0tRZE5maXpVYVVaMFgzb041Kyt4YWU4WSsxa3dZOXZxaXdWRlcKbS96T1JzSmRtcnRqNGZRSTVaVGRzVG1jRkxqUXBOcktOSWFVU2pHOFM1Q3pOMlJBekZHTTBCZWYzSWFzWTF2WQpDTWpOZlBxaUNtZFNlOFFxRE1UMURwRExjaFltQlQ3UjdyR0JBaEFXWEpEZlVMRXlXUk9XdmRrWlhnTk5ZMnlJCkhmbktUTy9TL1FpUUs4N0Y2SWtEM2tKalZPVDhUNVBmYjBwYTJnaDlnSkZmZUJPVW9FUkYrdG4zYWI3Z3BkQT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= + tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb2dJQkFBS0NBUUVBMTBhWE5KVVRRVXBiWnhMMWE2TitMbGsyRnl2dTZ1VkhwZ2QyNjhzSjhJT0FON2NCCkErSmVpOXpiek5mVnpDK3BROUxLOWpNVTlMRzRwUVRPSC9RVjAxM1NMb2tSQUFuRzVmUkp0SEJ4cTliVlBMWVUKUmN1WnJkdmFsVlJ2TzREbFJZVUxXbkRGaFA3K2tNYnB2eHVxY0JGdUZLaTRuUUFuVXR3VTQ3ZnpsWk9aZ0FJTwoveTlxc05QL2N0OXFTQzZ1TnFEd2lBdlVPdkNHcmhKd1ZpakVoZWFzaC93c3hRTVVMRnllNkV6cXY2SWpIMnBwCmtGemY3ckkzYm15aXh2TjMxYWExNDZ2Q0NNbExncTQ1aUtLOWJTVWZld0QwMGVnWkxEUWZtWmx5dkNYUytwWUcKaUpxSFhCVW5mMHBLUmxPai94T0dNc0FUSUFVbkRpZnYzbkdxbndJREFRQUJBb0lCQUZWZ0NvRnhDY1RmLzJYZQpiL1J6VDR5RUZ0NlRydG43ZWpIUFRndHZaNDY2S0RSd1lIZXc0L3dsNkFuU0kxa3FJYi9qTGxqN296ano3cDJMClRWQUExbE1RSjFZTFIvR3k3dTJ0dHpsWFNzMXlrdmpUNFRCWThhYXd4WHhwa3YrUE85NFpTSXBpcFFMOHVlcWkKNkhyQk54UGc1YjVOdDRHVVdRUVVnamhaY01JRm9DUUwrRmNkZGs4RkQ1UFkxNnprWDNReUpITlVkZXRoYmJKdQoveVAvMTk3b2l6aVdzbWJSQ3Z6Z3Q2bEtOUk51VjZJRitMdnM4RWxGUlAyeStLcmI2SXRjT3lwRjY5TGE1N1pZCjY0enJWSVJnc2FYZVBTTWpGVkN1ZHFDY2QrL0FEeFU3YVc2TzhFaXJBQ0pqcXFYcnBYamd3MVNUY21WR2ZYK1gKQithRjIza0NnWUVBNXFsYnJGaHhWQlZBVTlMR3JnVGNLZXRGUEJveTQyOWxVTnJXMU5xSUxEaExZVjgxRGZIQQpXQVdYK1l0NGJUTXZqTUd2TDhDM0pXL0NiNDNHSDhmU2lwUTZDUlR2dDBYNXlyNytWL0tVdWdpKzV4ZmVoMlIzCldiRUNBVWNKM0UxVmtvRkN2ZEFtbHZBMlNROGlRVHNkV3JuclJxWFhEVkFGQzlCNEtZQ0JiWk1DZ1lFQTd1eU4KNVVGMkg0dmZmSWtZQUZzS0k0YlM4blQ5UGw4dmNPeUNoTUFLNUlnSHQyQUk0RTRVa20zeHFiblV0cDdjdHoySgplbUxJaTJ3M2pVMXdjWittc0pIYnRyMmxDdGVMNjJjMENLYXVsaDA1YWhLZ0VZUjhlVzcyL1F6Skg1WDhPTkZsCkx4eW9vRUo0Vmo2T1VwcTZKZmJTUW03YUFKMWE1dVBHUzhZWmxrVUNnWUJhcm5oSThGaFZpeWxJQ3hScTg2UXUKb3IwTVhPeG10N09vTHZESXE4VmZSUjUxZ0gyV0p0WE1oUjV6VDk2Zlo4RW80RGhrV0twb0FHRDdoRXhBMEVrNAppLytvOUY4dHVVZno2bFNKOU9kOW45U1ZlNi9Ub0s2L1J6U1hsZnNOYmlYWFBCUW1GWUFtVlBleWowMlRRWTlQCnpNbnZjMkZ4YldVZWVPM1V1eDJuR3dLQmdCQkFreDVuSjR2WnplZ0F3MXN5MWl1NGZoejBERTN6MTV4TTJrd0IKYkR4RGJKTHl1MmZXcDl1V0V2eENvYytTV3QwMEdHZjAxRU4zcHdlN25zeDcyYkRsR3hjQkszcmpVcWMrcS9GeQp0U21NNzF6aHkzV2xsM29ETEZYbVNzQVZTY1RycVlCYzZMT09FZlY3NTk2Q20rcjlNU3hIc2hpY201UmRKaDM5CmFid3BBb0dBQmZKeC91cXk3RGpubnZPLzUxMW1CSEh5bS9pdG9TNzNVL2FOd1pqWmhyWlpzZGVxUUZNcm5xSTQKQU83S05ldE9oa3NmQnVndTg5Q3dXTjRYMkpYWjd1aFFlVWlKQWNhNFc4ZmJLdTNjYytsZUVMTisrVEZ5Um91MgphRlpRYnZSazdYU01nM3d0ekk5SUtoNzIyZXRPVXJPb0FaNWthRlcrRWt2WjBoNmlTTzg9Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== +kind: Secret +metadata: + annotations: + cert-manager.io/alt-names: "" + cert-manager.io/certificate-name: nats-client-tls + cert-manager.io/common-name: sample-nats-client + cert-manager.io/ip-sans: "" + cert-manager.io/issuer-group: "" + cert-manager.io/issuer-kind: Issuer + cert-manager.io/issuer-name: nats-ca + cert-manager.io/uri-sans: "" + creationTimestamp: "2021-09-27T05:46:49Z" + name: nats-client-tls + namespace: demo + resourceVersion: "386072" + uid: 89931f0b-aa0d-499c-b7f9-d3b6ada4ab08 +type: kubernetes.io/tls +``` + +Now, let's create `tls.crt` and `tls.key` files in the local machine, + +```bash +❯ echo LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMrekNDQWVPZ0F3SUJBZ0lSQUlnc1laWkI2RU1MQjR6NGRnZTI2ZUV3RFFZSktvWklodmNOQVFFTEJRQXcKRWpFUU1BNEdBMVVFQXhNSGJtRjBjeTFqWVRBZUZ3MHlNVEE1TWpjd05UUTJORGxhRncweU1URXlNall3TlRRMgpORGxhTUIweEd6QVpCZ05WQkFNVEVuTmhiWEJzWlMxdVlYUnpMV05zYVdWdWREQ0NBU0l3RFFZSktvWklodmNOCkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFOZEdselNWRTBGS1cyY1M5V3VqZmk1Wk5oY3I3dXJsUjZZSGR1dkwKQ2ZDRGdEZTNBUVBpWG92YzI4elgxY3d2cVVQU3l2WXpGUFN4dUtVRXpoLzBGZE5kMGk2SkVRQUp4dVgwU2JSdwpjYXZXMVR5MkZFWExtYTNiMnBWVWJ6dUE1VVdGQzFwd3hZVCsvcERHNmI4YnFuQVJiaFNvdUowQUoxTGNGT08zCjg1V1RtWUFDRHY4dmFyRFQvM0xmYWtndXJqYWc4SWdMMURyd2hxNFNjRllveElYbXJJZjhMTVVERkN4Y251aE0KNnIraUl4OXFhWkJjMys2eU4yNXNvc2J6ZDlXbXRlT3J3Z2pKUzRLdU9ZaWl2VzBsSDNzQTlOSG9HU3cwSDVtWgpjcndsMHZxV0JvaWFoMXdWSjM5S1NrWlRvLzhUaGpMQUV5QUZKdzRuNzk1eHFwOENBd0VBQWFOQk1EOHdEZ1lEClZSMFBBUUgvQkFRREFnV2dNQXdHQTFVZEV3RUIvd1FDTUFBd0h3WURWUjBqQkJnd0ZvQVV5dWRqc0hmTTFSdy8KL3ZFWTd4MHRIUjViVkdzd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFGRTE0OTJkdS9HSVpKS3BuMEdRNE1STApHbDI5bXc1Wi9nUWxwTTN3NGdYU1hxbmNGczREcHJFd2g5R25PTkEzcXpta1NIakFwWmwwQzdWZi84Y2RnNS8zCk90UVZSSGkxQVJFcGFHMlVUMnFJSXp1SUVLN0tRZE5maXpVYVVaMFgzb041Kyt4YWU4WSsxa3dZOXZxaXdWRlcKbS96T1JzSmRtcnRqNGZRSTVaVGRzVG1jRkxqUXBOcktOSWFVU2pHOFM1Q3pOMlJBekZHTTBCZWYzSWFzWTF2WQpDTWpOZlBxaUNtZFNlOFFxRE1UMURwRExjaFltQlQ3UjdyR0JBaEFXWEpEZlVMRXlXUk9XdmRrWlhnTk5ZMnlJCkhmbktUTy9TL1FpUUs4N0Y2SWtEM2tKalZPVDhUNVBmYjBwYTJnaDlnSkZmZUJPVW9FUkYrdG4zYWI3Z3BkQT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= | base64 -d > /tmp/tls.crt +❯ echo LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb2dJQkFBS0NBUUVBMTBhWE5KVVRRVXBiWnhMMWE2TitMbGsyRnl2dTZ1VkhwZ2QyNjhzSjhJT0FON2NCCkErSmVpOXpiek5mVnpDK3BROUxLOWpNVTlMRzRwUVRPSC9RVjAxM1NMb2tSQUFuRzVmUkp0SEJ4cTliVlBMWVUKUmN1WnJkdmFsVlJ2TzREbFJZVUxXbkRGaFA3K2tNYnB2eHVxY0JGdUZLaTRuUUFuVXR3VTQ3ZnpsWk9aZ0FJTwoveTlxc05QL2N0OXFTQzZ1TnFEd2lBdlVPdkNHcmhKd1ZpakVoZWFzaC93c3hRTVVMRnllNkV6cXY2SWpIMnBwCmtGemY3ckkzYm15aXh2TjMxYWExNDZ2Q0NNbExncTQ1aUtLOWJTVWZld0QwMGVnWkxEUWZtWmx5dkNYUytwWUcKaUpxSFhCVW5mMHBLUmxPai94T0dNc0FUSUFVbkRpZnYzbkdxbndJREFRQUJBb0lCQUZWZ0NvRnhDY1RmLzJYZQpiL1J6VDR5RUZ0NlRydG43ZWpIUFRndHZaNDY2S0RSd1lIZXc0L3dsNkFuU0kxa3FJYi9qTGxqN296ano3cDJMClRWQUExbE1RSjFZTFIvR3k3dTJ0dHpsWFNzMXlrdmpUNFRCWThhYXd4WHhwa3YrUE85NFpTSXBpcFFMOHVlcWkKNkhyQk54UGc1YjVOdDRHVVdRUVVnamhaY01JRm9DUUwrRmNkZGs4RkQ1UFkxNnprWDNReUpITlVkZXRoYmJKdQoveVAvMTk3b2l6aVdzbWJSQ3Z6Z3Q2bEtOUk51VjZJRitMdnM4RWxGUlAyeStLcmI2SXRjT3lwRjY5TGE1N1pZCjY0enJWSVJnc2FYZVBTTWpGVkN1ZHFDY2QrL0FEeFU3YVc2TzhFaXJBQ0pqcXFYcnBYamd3MVNUY21WR2ZYK1gKQithRjIza0NnWUVBNXFsYnJGaHhWQlZBVTlMR3JnVGNLZXRGUEJveTQyOWxVTnJXMU5xSUxEaExZVjgxRGZIQQpXQVdYK1l0NGJUTXZqTUd2TDhDM0pXL0NiNDNHSDhmU2lwUTZDUlR2dDBYNXlyNytWL0tVdWdpKzV4ZmVoMlIzCldiRUNBVWNKM0UxVmtvRkN2ZEFtbHZBMlNROGlRVHNkV3JuclJxWFhEVkFGQzlCNEtZQ0JiWk1DZ1lFQTd1eU4KNVVGMkg0dmZmSWtZQUZzS0k0YlM4blQ5UGw4dmNPeUNoTUFLNUlnSHQyQUk0RTRVa20zeHFiblV0cDdjdHoySgplbUxJaTJ3M2pVMXdjWittc0pIYnRyMmxDdGVMNjJjMENLYXVsaDA1YWhLZ0VZUjhlVzcyL1F6Skg1WDhPTkZsCkx4eW9vRUo0Vmo2T1VwcTZKZmJTUW03YUFKMWE1dVBHUzhZWmxrVUNnWUJhcm5oSThGaFZpeWxJQ3hScTg2UXUKb3IwTVhPeG10N09vTHZESXE4VmZSUjUxZ0gyV0p0WE1oUjV6VDk2Zlo4RW80RGhrV0twb0FHRDdoRXhBMEVrNAppLytvOUY4dHVVZno2bFNKOU9kOW45U1ZlNi9Ub0s2L1J6U1hsZnNOYmlYWFBCUW1GWUFtVlBleWowMlRRWTlQCnpNbnZjMkZ4YldVZWVPM1V1eDJuR3dLQmdCQkFreDVuSjR2WnplZ0F3MXN5MWl1NGZoejBERTN6MTV4TTJrd0IKYkR4RGJKTHl1MmZXcDl1V0V2eENvYytTV3QwMEdHZjAxRU4zcHdlN25zeDcyYkRsR3hjQkszcmpVcWMrcS9GeQp0U21NNzF6aHkzV2xsM29ETEZYbVNzQVZTY1RycVlCYzZMT09FZlY3NTk2Q20rcjlNU3hIc2hpY201UmRKaDM5CmFid3BBb0dBQmZKeC91cXk3RGpubnZPLzUxMW1CSEh5bS9pdG9TNzNVL2FOd1pqWmhyWlpzZGVxUUZNcm5xSTQKQU83S05ldE9oa3NmQnVndTg5Q3dXTjRYMkpYWjd1aFFlVWlKQWNhNFc4ZmJLdTNjYytsZUVMTisrVEZ5Um91MgphRlpRYnZSazdYU01nM3d0ekk5SUtoNzIyZXRPVXJPb0FaNWthRlcrRWt2WjBoNmlTTzg9Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== | base64 -d > /tmp/tls.key +``` + +Then, let's copy these files from local machine to nats-box pod, + +```bash +❯ kubectl cp -n demo /tmp/tls.crt sample-nats-box-785f8458d7-wtnfx:/tmp/tls.crt +❯ kubectl cp -n demo /tmp/tls.key sample-nats-box-785f8458d7-wtnfx:/tmp/tls.key +``` + +Finally, Let's exec into the nats-box pod, + +```bash +❯ kubectl exec -n demo sample-nats-tls-box-67fb4fb4f9-gtt9z -it -- sh -l +... +# Let's export the tls.crt and tls.key file paths as environment variables to make further commands re-usable. +sample-nats-tls-box-67fb4fb4f9-gtt9z:~# export NATS_CERT=/tmp/tls.crt +sample-nats-tls-box-67fb4fb4f9-gtt9z:~# export NATS_KEY=/tmp/tls.key + +# Let's create a stream named "ORDERS" +sample-nats-tls-box-67fb4fb4f9-gtt9z:~# nats stream add ORDERS --subjects "ORDERS.*" --ack --max-msgs=-1 --max-bytes=-1 --max-age=1y --storage file --retention limits --max-msg-size=-1 --max-msgs-per-subject=-1 --discard old --dupe-window="0s" --replicas 1 +Stream ORDERS was created + +Information for Stream ORDERS created 2021-09-27T06:27:30Z + +Configuration: + + Subjects: ORDERS.* + Acknowledgements: true + Retention: File - Limits + Replicas: 1 + Discard Policy: Old + Duplicate Window: 2m0s + Maximum Messages: unlimited + Maximum Bytes: unlimited + Maximum Age: 1y0d0h0m0s + Maximum Message Size: unlimited + Maximum Consumers: unlimited + + +Cluster Information: + + Name: nats + Leader: sample-nats-tls-2 + +State: + + Messages: 0 + Bytes: 0 B + FirstSeq: 0 + LastSeq: 0 + Active Consumers: 0 + +# Verify that the stream has been created successfully +sample-nats-tls-box-67fb4fb4f9-gtt9z:~# nats stream ls +Streams: + + ORDERS + +# Lets add some messages to the stream "ORDERS" +sample-nats-tls-box-67fb4fb4f9-gtt9z:~# nats pub ORDERS.scratch hello +06:29:18 Published 5 bytes to "ORDERS.scratch" + +# Add another message +ample-nats-tls-box-67fb4fb4f9-gtt9z:~# nats pub ORDERS.scratch world +06:29:41 Published 5 bytes to "ORDERS.scratch" + +# Verify that the messages have been published to the stream successfully +sample-nats-tls-box-67fb4fb4f9-gtt9z:~# nats stream info ORDERS +Information for Stream ORDERS created 2021-09-27T06:27:30Z + +Configuration: + + Subjects: ORDERS.* + Acknowledgements: true + Retention: File - Limits + Replicas: 1 + Discard Policy: Old + Duplicate Window: 2m0s + Maximum Messages: unlimited + Maximum Bytes: unlimited + Maximum Age: 1y0d0h0m0s + Maximum Message Size: unlimited + Maximum Consumers: unlimited + + +Cluster Information: + + Name: nats + Leader: sample-nats-tls-2 + +State: + + Messages: 2 + Bytes: 98 B + FirstSeq: 1 @ 2021-09-27T06:29:18 UTC + LastSeq: 2 @ 2021-09-27T06:29:41 UTC + Active Consumers: 0 + +sample-nats-tls-box-67fb4fb4f9-gtt9z:~# exit +``` + +We have successfully deployed a NATS cluster, created a stream and publish some messages into the stream. In the subsequent sections, we are going to backup this sample data using Stash. + +## Prepare for Backup + +In this section, we are going to prepare the necessary resources (i.e. connection information, backend information, etc.) before backup. + +### Ensure NATS Addon + +When you install Stash, it will automatically install all the official addons. Make sure that NATS addon was installed properly using the following command. + +```bash +❯ kubectl get tasks.stash.appscode.com | grep nats +nats-backup-2.6.1 24m +nats-restore-2.6.1 24m +``` + +This addon should be able to take backup of the NATS streams with matching major versions as discussed in [Addon Version Compatibility](/docs/addons/nats/README.md#addon-version-compatibility). + + +### Create AppBinding + +Stash needs to know how to connect with the NATS server. An `AppBinding` exactly provides this information. It holds the Service and Secret information of the NATS server. You have to point to the respective `AppBinding` as a target of backup instead of the NATS server itself. + +Here, is the YAML of the `AppBinding` that we are going to create for the NATS server we have deployed earlier. + +```yaml +apiVersion: appcatalog.appscode.com/v1alpha1 +kind: AppBinding +metadata: + labels: + app.kubernetes.io/instance: sample-nats-tls + name: sample-nats-tls + namespace: demo +spec: + clientConfig: + caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM4RENDQWRpZ0F3SUJBZ0lRUDZ1UXIxQVlFWnJzREF6ZHBRR09HekFOQmdrcWhraUc5dzBCQVFzRkFEQVMKTVJBd0RnWURWUVFERXdkdVlYUnpMV05oTUI0WERUSXhNRGt5TnpBMU5EWTBOVm9YRFRJeU1Ea3lOakExTkRZMApOVm93RWpFUU1BNEdBMVVFQXhNSGJtRjBjeTFqWVRDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDCkFRb0NnZ0VCQUovelJtSE1CUVdGMTNXZlJubzFsV0ZJajZmNmhyRGRVR0RTMXBrY0hmMDlqNS90bEpYSHpCbVMKZSs2YS9Qb1MrdkMyWEtyeVp3UVB0NW5BaUxXR1NxM3VBRnJ3TUJncVBBQktOa1hHL1hjamNvbU5lVTFaQlNYYgo1WmlJa2F6TUZPOGFqRWxYb3RmYnQ2cVc5MGNCTVduRW9pcnUyWkFyam50WjJpMmpPeGRodUJpRTkxamRsZWMyCkdZWGFKVlJ5RkF1eVdXanVEV3o0NjFKdXBMdXcxVWJyVHpmMExUenQxdk9ONnZNU1RQT0Z0S0tnd0RGenB5ZkgKVjFFQlZ5aG1KSk42QW13SkErZGEvMmsxMUJCeHFEWldsOEZMWE1TWUcvU0hKak5sQ3VsQTFvVVJWbFI3MVF6KwpTanB2bkxKVm9nL01sYVcvTzB5N0lRcTVQNUZGeDBNQ0F3RUFBYU5DTUVBd0RnWURWUjBQQVFIL0JBUURBZ0trCk1BOEdBMVVkRXdFQi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZNcm5ZN0Izek5VY1AvN3hHTzhkTFIwZVcxUnIKTUEwR0NTcUdTSWIzRFFFQkN3VUFBNElCQVFDQVZPQUZhTjRVOUQ0U1cxcWJUTDhkcWhFbklXTFd3YVBJdXJGSAo1MVVRMEUxenFTOWcvQ1gwUElOUmJ1bFpseHVKRGFBZEwweVYwYmZYZExLQnJacDNwS001eGRyaEoxQ3luNjV5CkRML0RTd3hTOHlxT3NwTXF2SkoyUTBhQ0JQTXhDRFZoOGVFZ2krOG9ISmdobkZzaTkvanNoZ0dUS09QbVVWdHcKTyszS1B0MFBiNVRDSVpJdlA1cXBybkU0U2hDWnRRZ0UyY0dJTEJPZEt5VEl6QlpuM3ZNZjc2Zjd4NU4rWEtINgpQN3Q4Yks0SUFSbzR1WUN0cDQ0K0dkY2FlcjlDL2RVNlpaMSs1Nm4xcUo3a3FTV3cwNFZqbi9CVWt5WnhIdFZPCkFLcUNCRWtnK3NBQytYUmNiOFdxTHkreEEzdmU0TmxqalE3T2MrVXVzanNrSndOVQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== + service: + name: sample-nats-tls + port: 4222 + scheme: nats + secret: + name: nats-client-tls + type: nats.io/nats + version: 2.6.1 +``` + +Here, + +- `.spec.clientConfig.caBundle` specifies a PEM encoded CA bundle which will be used to validate the serving certificate of the NATS server. +- `.spec.clientConfig.service` specifies the Service information to use to connects with the NATS server. +- `.spec.secret` specifies the name of the Secret that holds necessary credentials to access the server. +- `.spec.type` specifies the type of the target. This is particularly helpful in auto-backup where you want to use different path prefixes for different types of target. + +Let's create the `AppBinding` we have shown above, + +```bash +$ kubectl apply -f https://github.com/kubestash/docs/tree/{{< param "info.version" >}}/docs/addons/nats/tls/examples/appbinding.yaml +appbinding.appcatalog.appscode.com/sample-nats-tls created +``` + +### Prepare Backend + +We are going to store our backed up data into a GCS bucket. So, we need to create a Secret with GCS credentials and a `Repository` object with the bucket information. If you want to use a different backend, please read the respective backend configuration doc from [here](/docs/guides/backends/overview/index.md). + +**Create Storage Secret:** + +At first, let's create a secret called `gcs-secret` with access credentials to our desired GCS bucket, + +```bash +$ echo -n 'changeit' > RESTIC_PASSWORD +$ echo -n '' > GOOGLE_PROJECT_ID +$ cat downloaded-sa-json.key > GOOGLE_SERVICE_ACCOUNT_JSON_KEY +$ kubectl create secret generic -n demo gcs-secret \ + --from-file=./RESTIC_PASSWORD \ + --from-file=./GOOGLE_PROJECT_ID \ + --from-file=./GOOGLE_SERVICE_ACCOUNT_JSON_KEY +secret/gcs-secret created +``` + +**Create Repository:** + +Now, create a `Repository` object with the information of your desired bucket. Below is the YAML of `Repository` object we are going to create, + +```yaml +apiVersion: stash.appscode.com/v1alpha1 +kind: Repository +metadata: + name: gcs-repo + namespace: demo +spec: + backend: + gcs: + bucket: stash-testing + prefix: /demo/nats/sample-nats-tls + storageSecretName: gcs-secret +``` + +Let's create the `Repository` we have shown above, + +```bash +$ kubectl create -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/nats/tls/examples/repository.yaml +repository.stash.appscode.com/gcs-repo created +``` + +Now, we are ready to backup our streams into our desired backend. + +### Backup + +To schedule a backup, we have to create a `BackupConfiguration` object targeting the respective `AppBinding` of our NATS server. Then, Stash will create a CronJob to periodically backup the streams. + +#### Create BackupConfiguration + +Below is the YAML for `BackupConfiguration` object that we are going to use to backup the streams of the NATS server we have created earlier, + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: sample-nats-backup-tls + namespace: demo +spec: + task: + name: nats-backup-2.6.1 + schedule: "*/5 * * * *" + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-nats-tls + interimVolumeTemplate: + metadata: + name: nats-backup-tmp-storage + spec: + accessModes: [ "ReadWriteOnce" ] + storageClassName: "standard" + resources: + requests: + storage: 1Gi + retentionPolicy: + name: keep-last-5 + keepLast: 5 + prune: true +``` + +Here, + +- `.spec.schedule` specifies that we want to backup the streams at 5 minutes intervals. +- `.spec.task.name` specifies the name of the Task object that specifies the necessary Functions and their execution order to backup NATS streams. +- `.spec.repository.name` specifies the Repository CR name we have created earlier with backend information. +- `.spec.target.ref` refers to the AppBinding object that holds the connection information of our targeted NATS server. +- `spec.interimVolumeTemplate` specifies a PVC template that will be used by Stash to hold the dumped data temporarily before uploading it into the cloud bucket. +- `.spec.retentionPolicy` specifies a policy indicating how we want to cleanup the old backups. + +Let's create the `BackupConfiguration` object we have shown above, + +```bash +$ kubectl create -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/nats/tls/examples/backupconfiguration.yaml +backupconfiguration.stash.appscode.com/sample-nats-backup-tls created +``` + +#### Verify Backup Setup Successful + +If everything goes well, the phase of the `BackupConfiguration` should be `Ready`. The `Ready` phase indicates that the backup setup is successful. Let's verify the `Phase` of the BackupConfiguration, + +```bash +$ kubectl get backupconfiguration -n demo +NAME TASK SCHEDULE PAUSED PHASE AGE +sample-nats-backup-tls nats-backup-2.6.1 */5 * * * * Ready 11s +``` + +#### Verify CronJob + +Stash will create a CronJob with the schedule specified in `spec.schedule` field of `BackupConfiguration` object. + +Verify that the CronJob has been created using the following command, + +```bash +❯ kubectl get cronjob -n demo +NAME SCHEDULE SUSPEND ACTIVE LAST SCHEDULE AGE +stash-backup-sample-nats-backup-tls */5 * * * * False 0 14s +``` + +#### Wait for BackupSession + +The `stash-sample-nats-backup` CronJob will trigger a backup on each scheduled slot by creating a `BackupSession` object. + +Now, wait for a schedule to appear. Run the following command to watch for `BackupSession` object, + +```bash +❯ kubectl get backupsession -n demo -w +NAME INVOKER-TYPE INVOKER-NAME PHASE DURATION AGE +sample-nats-backup-tls-prszs BackupConfiguration sample-nats-backup-tls Succeeded 35s 84s +``` + +Here, the phase `Succeeded` means that the backup process has been completed successfully. + +#### Verify Backup + +Now, we are going to verify whether the backed up data is present in the backend or not. Once a backup is completed, Stash will update the respective `Repository` object to reflect the backup completion. Check that the repository `gcs-repo` has been updated by the following command, + +```bash +❯ kubectl get repository -n demo +NAME INTEGRITY SIZE SNAPSHOT-COUNT LAST-SUCCESSFUL-BACKUP AGE +gcs-repo true 4.156 KiB 3 2m2s 97m +``` + +Now, if we navigate to the GCS bucket, we will see the backed up data has been stored in `demo/nats/sample-nats-tls` directory as specified by `.spec.backend.gcs.prefix` field of the `Repository` object. + +
    + Backup data in GCS Bucket +
    Fig: Backup data in GCS Bucket
    +
    + + + +> Note: Stash keeps all the backed up data encrypted. So, data in the backend will not make any sense until they are decrypted. + +## Restore + +If you have followed the previous sections properly, you should have a successful backup of your nats streams. Now, we are going to show how you can restore the streams from the backed up data. + +### Restore Into the Same NATS Cluster + +You can restore your data into the same NATS cluster you have backed up from or into a different NATS cluster in the same cluster or a different cluster. In this section, we are going to show you how to restore in the same NATS cluster which may be necessary when you have accidentally lost any data. + +#### Temporarily Pause Backup + +At first, let's stop taking any further backup of the NATS streams so that no backup runs after we delete the sample data. We are going to pause the `BackupConfiguration` object. Stash will stop taking any further backup when the `BackupConfiguration` is paused. + +Let's pause the `sample-nats-backup` BackupConfiguration, + +```bash +$ kubectl patch backupconfiguration -n demo sample-nats-backup-tls --type="merge" --patch='{"spec": {"paused": true}}' +``` + +Verify that the `BackupConfiguration` has been paused, + +```bash +❯ kubectl get backupconfiguration -n demo sample-nats-backup-tls +NAME TASK SCHEDULE PAUSED PHASE AGE +sample-nats-backup-tls nats-backup-2.6.1 */5 * * * * true Ready 4m26s +``` + +Notice the `PAUSED` column. Value `true` for this field means that the `BackupConfiguration` has been paused. + +Stash will also suspend the respective CronJob. + +```bash +❯ kubectl get cronjob -n demo +NAME SCHEDULE SUSPEND ACTIVE LAST SCHEDULE AGE +stash-backup-sample-nats-backup-tls */5 * * * * True 0 2m12s 5m4s +``` + +#### Simulate Disaster + +Now, let's simulate a disaster scenario. Here, we are going to exec into the nats-box pod and delete the sample data we have inserted earlier. + +```bash +❯ kubectl exec -n demo sample-nats-tls-box-67fb4fb4f9-gtt9z -it -- sh -l +... +# Let's export the tls.crt and tls.key file paths as environment variables to make further commands re-usable. +sample-nats-tls-box-67fb4fb4f9-gtt9z:~# export NATS_CERT=/tmp/tls.crt +sample-nats-tls-box-67fb4fb4f9-gtt9z:~# export NATS_KEY=/tmp/tls.key + +# delete the stream "ORDERS" +sample-nats-tls-box-67fb4fb4f9-gtt9z:~# nats stream rm ORDERS -f + +# verify that the stream has been deleted +sample-nats-tls-box-67fb4fb4f9-gtt9z:~# nats stream ls +No Streams defined + +sample-nats-tls-box-67fb4fb4f9-gtt9z:~# exit +``` + +#### Create RestoreSession + +To restore the streams, you have to create a `RestoreSession` object pointing to the `AppBinding` of the targeted NATS server. + +Here, is the YAML of the `RestoreSession` object that we are going to use for restoring the streams of the NATS server. + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: RestoreSession +metadata: + name: sample-nats-restore-tls + namespace: demo +spec: + task: + name: nats-restore-2.6.1 + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-nats-tls + interimVolumeTemplate: + metadata: + name: nats-restore-tmp-storage + spec: + accessModes: [ "ReadWriteOnce" ] + storageClassName: "standard" + resources: + requests: + storage: 1Gi + rules: + - snapshots: [latest] +``` + +Here, + +- `.spec.task.name` specifies the name of the Task object that specifies the necessary Functions and their execution order to restore NATS streams. +- `.spec.repository.name` specifies the Repository object that holds the backend information where our backed up data has been stored. +- `.spec.target.ref` refers to the AppBinding object that holds the connection information of our targeted NATS server. +- `.spec.interimVolumeTemplate` specifies a PVC template that will be used by Stash to hold the restored data temporarily before injecting into the NATS server. +- `.spec.rules` specifies that we are restoring data from the latest backup snapshot of the streams. + +Let's create the `RestoreSession` object object we have shown above, + +```bash +$ kubectl apply -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/nats/tls/examples/restoresession.yaml +restoresession.stash.appscode.com/sample-nats-restore-tls created +``` + +Once, you have created the `RestoreSession` object, Stash will create a restore Job. Run the following command to watch the phase of the `RestoreSession` object, + +```bash +❯ kubectl get restoresession -n demo -w +NAME REPOSITORY PHASE DURATION AGE +sample-nats-restore-tls gcs-repo Succeeded 15s 55s +``` + +The `Succeeded` phase means that the restore process has been completed successfully. + +#### Verify Restored Data + +Now, let's exec into the nats-box pod and verify whether data actual data has been restored or not, + +```bash +❯ kubectl exec -n demo sample-nats-tls-box-67fb4fb4f9-gtt9z -it -- sh -l +... +# Let's export the tls.crt and tls.key file paths as environment variables to make further commands re-usable. +sample-nats-tls-box-67fb4fb4f9-gtt9z:~# export NATS_CERT=/tmp/tls.crt +sample-nats-tls-box-67fb4fb4f9-gtt9z:~# export NATS_KEY=/tmp/tls.key + +# Verify that the stream has been restored successfully +sample-nats-tls-box-67fb4fb4f9-gtt9z:~# nats str ls +Streams: + + ORDERS + +# Verify that the messages have been restored successfully +sample-nats-tls-box-67fb4fb4f9-gtt9z:~# nats stream info ORDERS +Information for Stream ORDERS created 2021-09-27T08:23:58Z + +Configuration: + + Subjects: ORDERS.* + Acknowledgements: true + Retention: File - Limits + Replicas: 1 + Discard Policy: Old + Duplicate Window: 2m0s + Maximum Messages: unlimited + Maximum Bytes: unlimited + Maximum Age: 1y0d0h0m0s + Maximum Message Size: unlimited + Maximum Consumers: unlimited + + +Cluster Information: + + Name: nats + Leader: sample-nats-tls-2 + +State: + + Messages: 2 + Bytes: 98 B + FirstSeq: 1 @ 2021-09-27T06:29:18 UTC + LastSeq: 2 @ 2021-09-27T06:29:41 UTC + Active Consumers: 0 + +sample-nats-tls-box-67fb4fb4f9-gtt9z:~# exit +``` + +Hence, we can see from the above output that the deleted data has been restored successfully from the backup. + +#### Resume Backup + +Since our data has been restored successfully we can now resume our usual backup process. Resume the `BackupConfiguration` using following command, + +```bash +❯ kubectl patch backupconfiguration -n demo sample-nats-backup-tls --type="merge" --patch='{"spec": {"paused": false}}' +backupconfiguration.stash.appscode.com/sample-nats-backup-tls patched +``` + +Verify that the `BackupConfiguration` has been resumed, +```bash +❯ kubectl get backupconfiguration -n demo sample-nats-backup-tls +NAME TASK SCHEDULE PAUSED PHASE AGE +sample-nats-backup-tls nats-backup-2.6.1 */5 * * * * false Ready 16m +``` + +Here, `false` in the `PAUSED` column means the backup has been resumed successfully. The CronJob also should be resumed now. + +```bash +❯ kubectl get cronjob -n demo +NAME SCHEDULE SUSPEND ACTIVE LAST SCHEDULE AGE +stash-backup-sample-nats-backup-tls */5 * * * * False 0 23s 17m +``` + +Here, `False` in the `SUSPEND` column means the CronJob is no longer suspended and will trigger in the next schedule. + +## Cleanup + +To cleanup the Kubernetes resources created by this tutorial, run: + +```bash +kubectl delete -n demo backupconfiguration sample-nats-backup-tls +kubectl delete -n demo restoresession sample-nats-restore-tls +kubectl delete -n demo repository gcs-repo +# delete the nats chart +helm delete sample-nats-tls -n demo +``` diff --git a/docs/addons/percona-xtradb/README.md b/docs/addons/percona-xtradb/README.md new file mode 100644 index 0000000..f0ffeda --- /dev/null +++ b/docs/addons/percona-xtradb/README.md @@ -0,0 +1,43 @@ +--- +title: Percona XtraDB Addon Overview | Stash +description: Percona XtraDB Addon Overview | Stash +menu: + docs_{{ .version }}: + identifier: stash-percona-xtradb-readme + name: Readme + parent: stash-percona-xtradb + weight: -1 +product_name: kubestash +menu_name: docs_{{ .version }} +section_menu_id: stash-addons +url: /products/stash/{{ .version }}/addons/percona-xtradb/ +aliases: + - /products/stash/{{ .version }}/addons/percona-xtradb/README/ +--- + +# Stash Percona XtraDB Addon + +Stash 0.9.0+ supports extending its functionality through addons. Stash Percona XtraDB addon enables Stash to backup and restore Percona XtraDB databases. + +This guide will give you an overview of which Percona XtraDB versions are supported and how the docs are organized. + +## Supported Percona XtraDB Versions + + +Stash has the following addon versions for Percona-XtraDB: + +{{< versionlist "percona-xtradb">}} + +Here, the addon follows `M.M.P` versioning scheme where `M.M.P` (Major.Minor.Patch) represents the respective database version. + +## Addon Version Compatibility + +Any addon with matching major version with the database version should be able to take backup of that database. For example, PerconaXtraDB addon with version `5.x.x` should be able take backup of any PerconaXtraDB of `5.x.x` series. However, this might not be true for some versions. In that case, we will have separate addon for that version. + +## Documentation Overview + +Stash Percona XtraDB documentations are organized as below: + +- [How does it work?](/docs/addons/percona-xtradb/overview/index.md) gives an overview of how backup and restore process for Percona XtraDB database works in Stash. +- [Standalone Percona-XtraDB](/docs/addons/percona-xtradb/standalone/index.md) shows how to backup and restore a standalone Percona-XtraDB database. +- [Percona-XtraDB Cluster](/docs/addons/percona-xtradb/cluster/index.md) shows how to backup & restore a Percona-XtraDB cluster. diff --git a/docs/addons/percona-xtradb/_index.md b/docs/addons/percona-xtradb/_index.md new file mode 100644 index 0000000..3388253 --- /dev/null +++ b/docs/addons/percona-xtradb/_index.md @@ -0,0 +1,10 @@ +--- +title: Stash Percona XtraDB Addon +menu: + docs_{{ .version }}: + identifier: stash-percona-xtradb + name: Percona XtraDB + parent: stash-addons + weight: 60 +menu_name: docs_{{ .version }} +--- diff --git a/docs/addons/percona-xtradb/cluster/examples/backupconfiguration.yaml b/docs/addons/percona-xtradb/cluster/examples/backupconfiguration.yaml new file mode 100644 index 0000000..4744b21 --- /dev/null +++ b/docs/addons/percona-xtradb/cluster/examples/backupconfiguration.yaml @@ -0,0 +1,20 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: sample-xtradb-cluster-backup + namespace: demo +spec: + schedule: "*/5 * * * *" + task: + name: perconaxtradb-backup-5.7 + repository: + name: gcs-repo-xtradb-cluster + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-xtradb-cluster + retentionPolicy: + name: keep-last-5 + keepLast: 5 + prune: true diff --git a/docs/addons/percona-xtradb/cluster/examples/repository.yaml b/docs/addons/percona-xtradb/cluster/examples/repository.yaml new file mode 100644 index 0000000..4e237dd --- /dev/null +++ b/docs/addons/percona-xtradb/cluster/examples/repository.yaml @@ -0,0 +1,11 @@ +apiVersion: stash.appscode.com/v1alpha1 +kind: Repository +metadata: + name: gcs-repo-xtradb-cluster + namespace: demo +spec: + backend: + gcs: + bucket: appscode-qa + prefix: /demo/xtradb/sample-xtradb-cluster + storageSecretName: gcs-secret diff --git a/docs/addons/percona-xtradb/cluster/examples/restored-xtradb-cluster.yaml b/docs/addons/percona-xtradb/cluster/examples/restored-xtradb-cluster.yaml new file mode 100644 index 0000000..eb3dfc4 --- /dev/null +++ b/docs/addons/percona-xtradb/cluster/examples/restored-xtradb-cluster.yaml @@ -0,0 +1,21 @@ +apiVersion: kubedb.com/v1alpha2 +kind: PerconaXtraDB +metadata: + name: restored-xtradb-cluster + namespace: demo +spec: + version: "5.7-cluster" + replicas: 3 + authSecret: + name: sample-xtradb-cluster-auth + storageType: Durable + storage: + storageClassName: "standard" + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + init: + waitForInitialRestore: true + terminationPolicy: WipeOut diff --git a/docs/addons/percona-xtradb/cluster/examples/restoresession.yaml b/docs/addons/percona-xtradb/cluster/examples/restoresession.yaml new file mode 100644 index 0000000..7c70b25 --- /dev/null +++ b/docs/addons/percona-xtradb/cluster/examples/restoresession.yaml @@ -0,0 +1,32 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: RestoreSession +metadata: + name: restored-xtradb-cluster-restore + namespace: demo +spec: + task: + name: perconaxtradb-restore-5.7 + repository: + name: gcs-repo-xtradb-cluster + target: + replicas: 3 + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: restored-xtradb-cluster + volumeMounts: + - name: data-restored-xtradb-cluster + mountPath: /var/lib/mysql + volumeClaimTemplates: + - metadata: + name: data-restored-xtradb-cluster-${POD_ORDINAL} + spec: + accessModes: ["ReadWriteOnce"] + storageClassName: "standard" + resources: + requests: + storage: 1Gi + rules: + - targetHosts: [] # empty host match all hosts + sourceHost: "host-0" # restore same data on all pvc + snapshots: ["latest"] diff --git a/docs/addons/percona-xtradb/cluster/examples/sample-xtradb-cluster.yaml b/docs/addons/percona-xtradb/cluster/examples/sample-xtradb-cluster.yaml new file mode 100644 index 0000000..1c1af21 --- /dev/null +++ b/docs/addons/percona-xtradb/cluster/examples/sample-xtradb-cluster.yaml @@ -0,0 +1,17 @@ +apiVersion: kubedb.com/v1alpha2 +kind: PerconaXtraDB +metadata: + name: sample-xtradb-cluster + namespace: demo +spec: + version: "5.7-cluster" + replicas: 3 + storageType: Durable + storage: + storageClassName: "standard" + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + terminationPolicy: WipeOut diff --git a/docs/addons/percona-xtradb/cluster/images/sample-xtradb-cluster-backup.png b/docs/addons/percona-xtradb/cluster/images/sample-xtradb-cluster-backup.png new file mode 100644 index 0000000000000000000000000000000000000000..e4fdd3fae38c4dbcf025fb3830adcbbf98b69df3 GIT binary patch literal 35388 zcmbSz1yodR7p~t(qm&3Lr2-NX0@5`gf^>JO)X?4KsE9#GHw+-4z<|KerGOwkbc6KJ z0s~0jchv8{vDRJxx_1_99XMysd*1V&z4!C%XYa!s4K;Mk)KveV_Mxf1rlyCkho;8+ zC6cVC4`e7Q{xS8_e~aa*f3zjpUqB6ihMiWt7!8Gdh*9%9+gf00cG>DyeMSM1=v~|G zuy?aw>RL`sN;&RouXYcPTWNW~@PO#~&EG#7A`?5s6tKU4K@r5b->Q&VmLuqdEB~&DFsi ze-C;j|4n~@H$7a%-6`!u1&r#W0FP4WgeT{spPhj>S9^M$(V)F=Vfk0jVe|JIr@p3C zWDEt99@$SDA9BQEJsPsE4CoHM`7vm`MslC_*^}kVQmS||6hs~}S&QqKi*SyTgwkm} z6vABdL6#4($C99?L2(HgBVVp8acX=H|J&(K3yV_S!pd%$cSxu*z3LT~2qQhN@f6sO zG-K+H!vXr~ZS?q;m!4F}sGT+SUXSNSk{byxvqbGfu8Fzs+Z&HOXsA6oN)JBC|FwM{ z6fEsLfhRLb0Fm5Fz_Z!bxaIZeCR#u2L{vTFy?2n{>CNDj$fbwoFQBz`7rM?V-nz}HX3jK?DPVS|*7Uz!ovt8$UNwYYv$zgB<%p<_oes7# zDStxA*(YnVuYsl2=DGbEPg}&Tu;6>H9d!+~lQ#RxfK{)rs-Mul$tC>p8(#GUjoyY6 zNPihIQV$A1YOks-gQobQaw@!c$xm&^&Mi2XXWza zZVll>5!&%xj~SITh^~`bM^^otTnz>%qdeI(rGfMPXxa0Tmz^B+`_()>BNu+(!3(_c zOG4t*!$-H4&4-C@yXKLiN{XJ72Xvt5r9Lj-QylkY*KDwA&)7BEeIslGkIzWbJq$|i z6Va1d;ub;a@WAc_6-vi{xOXL&)|$>z=9N#}=k|N-{N3L(CI@}&{=u)&-=~hasjn@f z;*`t6er%4%Z`)axRtyyu2-tDVC3~_`P6^}2aHY5gcG`De*L=fTj-Qkp;K+3Q{^?_0 zzNvT6D|j;0;m}%YE4<{#WFAtGjQ}nSW$P+^CAKvFdGvmH{C46k6-SGOURY9+eWv+{ zO(e_?$!bFe;nu!yoE)XU0juz^b->>u@mCJ-xGULNSN^zE(EaNaDXJYUwRVJ@jpD0r z-CCkv^J;pTLQa_+A&Xj@gDf*4PX30@%&4d+OfJ$5Osf3-LE zVt_1$K1|Q<>-WlLmhfx(%;?rpu8j)D?xp_GB2`3pVnMS69Gu>ixSN@{PZAdzY8F4CC}?zM#;6_BC$w*TN|NkYFk zcUXy(94y^t`SB3mS9+K?QCn;86D>KjS9VSWsmtM2w6Ftht981M*2nDSn@ok(Jo>EY zk+H4+6$z@*4dzrV(Bw3adN@p5mZdz@Sy?>>>$qTy@2?+F!xg!|g|L9}L*>kFm*S3cnGILX;pW?27=&QjgGHkPN0rO1 z_^egdul<%kQM(hZbvCDkR)!xUL9FmYZL8@INYk^J6>Ul6H5Hah-CO>7OP2NV)Fs$# z;l_Zc_4+{3_hGg>+}Y&~^XQj?vkPMQ;~pWbXt9)Vv64*QTONB&qrP=Fwdy3)+}OC#D~RZe4Ma83X%zmrI3@gICLQL_d~6 zJ2f`W8-xocRXi&0h$iM~-}SioScR|H`S$(VN88;Nd|_+G))oXyx}yM3E=~JgOC8!+ zGHaT2WAFMvS|B>YjP4lr8%_1?LAiG?aV56d)+QJobaP2*i_r5lK9^vQY#XHn?otn( zU`QsXrt;pTCL;`wC*ABglfBHnus0R7^p6(~Ptphj7lS#4=|t?`4<}D`heEoWe-!39 zil_*o<8$-t_+3XwpD;RVR7}-q8Zh*Xe+y9SdxG>7K;W-+D$%#jBP}=-56nMk{REFn z_YU83@#HeX?n>iX?}iPAi6I@(V|KTn+N^_htfVw+`5U9KI&FEWS=Y^ z8P@E&_<&?*h!a0R<4sDRhP$*zl{tqj^*tPFzfNIA z=6yKy3Xi-yLvGEEE$3YF{Q2ow?>BV%dE?Af^QT)lu%>|F)x2-Z>{eNW^f>&c2)}p! z;T``wfsp@0LI6F$f&9N%|A%+{&y!x;zfL%Q?1qO6>M|5~nm^db1gS&8b^Z+boP86_ z33mki{QVAYqJMV$nKtgwf4;V(sieNbre^XFAZZsg z9#KC+1O^0c(tWvS>e7F{aq;5CMRZ#vleEvzAMlHW`%_vN zo>>aqVdyQ*oA3sgSy>GY4Jh;(Ab6h~)TYH8#!6X#A4j}re-Bl7_%I|iH1yT0S1(_t z_AX9xH>FGZH{njdK=KAc>|tVJ;^5$b3V&BgrVv5@h7fmvorQ!2{br1Xg=O+Bw}k7Q z96xUF@5`wvDb;v%&dtxq5a9NKd(c5Rn+6014*b3++>lsq$=1!~<%GXCc@vHM;sv7n zkjuDj<$I`b$Kr(SVz}_M&vKf#4)>q^-;5C2MbUI@=yJOut#bXiuJ#xq^Y_v59EWzTZoQmo%tZz|&5aTpx-R0H5{0qBz4kVxO7nz{H~4@si)$f}<(Zk8 zdb26c4Yv99E0B6?^SLh}eGlEGEHhXgVmY;|t+RQwD-ON{EIgzXYVr0}5m$?G>b$kNq#Zo`A}-C}OJTlXd*6Zx|g>hsm(d~*GYH(W;y zcgsn!+i<}QPF?5y>LyxDLB8lWZ?|k=yPz`8OK_fhHL&iXf-jlQBtc&}qOI4s3^b3A z@1-$}mBp{HUbujFbR&t+;uSE6Kr(D7Q;^R9{&?x~?U+ahc#v~yF%q+m>do*k)On}N z=UoLgCx)c)E;A2c-Jum(98!l;U9RsiudTW3I_{T0Y;zayr^?$Ge-ea5PZysh?%q{f zmS|v`xBTg^T0icrC|$ogc-21%L*vG^;WnkPbZAh(=^-%|;P*jYR?iom9AjmanjR$O zUHgM{&&Ws6FebV@HNMVqXiR?QFxGk2bWi+z(|(S*FyAQEFzWG{1Z&UrRny$?bL_LO zuv423^Q7iA3yV6^_r`q_?jwepM|4yviAC>)E7Px8CD<-A6k{aQLQ0;9Hwn;psNOeB zSehhf>ZNE zxl__6J}Yk#f)>5=hp>?1RBYzvXM1uxi;%_8afJ5pM_7A zDZ;|lY`-;^v8aS-k|cIrKGIf_J_r7W?S_GTJ4_$%W8*_ zdiyI{IZFCRh{Ml)C~cV1I`LGw0}=8bbh%y*fXM>eag9#4PbRIN`bRBF&d z#0abQ?X;f}4!G5K*Byc}+Vj=& z?fiT9B!0X#>wc3xd%frMv#^Nd!NRKof?i3=`PN_YwyOi@kL4NJBnSM*6dln4vk!Y; z@O9GQ>p0I&Js!&`pv0u&NmQmf?;}S#C7S~VCP}b|pRG6QIkCj)6?=2z+?g|82b=>O zKJM#RA!*bunVNLP`45=O&Iwo+%;KwUncnQGKiU?hi7BsR{pb~MqmU$jD7Vu?cES5I zG)2K>k_+CzvA=GFV5Sk~-i3WS=N6hvjD#vUZF|#{bJ95YSW*2 zEW*rr^u-2p5*yO$IWL93{Y>n!8NV`->mO%(wN8{(fE>SzL8#}G0RLz>G}I<(jBt0( zeJdcE_LAfi`3U#?x2n>m>pF+IQrto;6ZOb8nS{U}Je65bj(WFO&xfyMr|MtsI<0(W z46pFxt>xx^F`Oe3Yg4mE7#c%&WBg;tNM0w;qHF&^e7J;WZf8iK=scDqWeFdZawV{5 zQuV3|0*P11vP*-(O1gtQjl_gHy=p`Uz*%%6?^%$n{*(;^Pp8k|G{u!lp8# zk;f0+?f`wok@2gmHr|o-n0paapQ%dn_Ig0#-1=9+<{PJZExTKnC*uT$SIrQot&N7O zpH}PLgnN>OPki6B<&%pg+FgO2`*wGn7wGI2r685+6o$EUSLaKnt2d)j_1 zPQ0NBvhZke+ZbLLw_8mz3{S7-LhI|hV4x&s}tf3d3ciswh0$q0?X49s7m=S?kdaNn@Oi5sdxy zwNBYd9w9&`W{A+LiFMKy3~EkV<*r*hxyH2i!|_Od7diam?ogzl*wddJ+&c{K1ma_5pUDW;T_mt=C_VLBc0jb)ziHy zc6?w=>)Z|ZO1E5hB12^jt@KGbEkpCZMXm+SEp9P0@6_B;eZ}x%_@P-0c465%WY*V&u-COu;rLANph<(0L_*Pry6tTyC%Uqq5QzAE-RVjgk zn~nEW`WWNTpGyPCuQSU<2O+K3I_@G80Nj*4)>sr6WYPGR^iEv5^z z@j!~(c(sHo=Wg(cZo(6H;f%2AE9PDLHoeuQS{7Q^zJcwrD2mh{c6feAf|1Z;^#e7m zXp9Ti;8*30Rrf_#fspzBuc@;Obq=MizrN!SoOYl@M6q(O0)Ld9CbvwU@IL%7B@dZu z3T}#enXMq3T;3=8_FZ`blj?Wdout?gou?GR*bi?$jCQgK+ikV~5)=q5JCYdfR;)Y~ zC5kjI6G8Zq7OT^)nz7o*o)~StOzj{~FGy%3@;JVn;87H))~dp=lD62;r!Nc%41rc| zGnKOz%<3x0;pdIXBmB*NVg+p5j$h_6qc6DFlVZb%GdR$QiMmH61grSsr(5sA2zN$jyUl#3@&yh^RSeg5HfSV zM(XX`ubtHv7@U7N*LelK9N>H>+@zBpqwEhUJ4@?^^0z@`*zSy`S$4E&NOOH@ zLa0tx|G;h$-nh!__dqj+p4HtpGJ1)tG2(<`%JRGnr}U{+5Zk)?tO(UwwdCX?5Tv9al78xX<>@Isf~!B`1m@V2I)hG{ zCQVBwyhFU#EKc*JtR_4%3X=$wdHpsUt9~e)16ZIdtXg;+o}iXdJfbA3ps?U){BF@T zVVC?7hZMw7N^aCzOUH~3rfX)iN}^e@Qe3aEN`JYV{Yxm3JNJo-8Ji^Q+V&l!nwQbl z`cs3#<(e{pmi2s6Jo|Q1a*6J@y+RI#L>=Al7)M-Lx`gE%m=6A)o47%kog1+?aJUi7 za?C{ZbxeKqnvc_FQDJDk$J(dPo5u~9x2TwruvD(KB&$pZdr%GTo*(7g&28%BB9s zY@hVR=s zn85imlvW2(>?7pzy=Id9<+pUQE%BCOrMnwz+BPjASO2MIqE@a(*_QZHm*}VW!h2K> z%&gMCMa`X@%u?{-7*7&^MmEsM~ilS|3?)Ug*O@3}38-zT8 znr=Y;pm@FajhJw=LF_jL<@%|h(GQ~OJuhku3Cy()FBw<)wk=s{*9@}pD@y~`|AuPll`kL>T`>b|alWWQI#mJ{qpB|!`=2YEZEO$l zw!{|%1H$(&2{W#x+?-H(D;9gqB6D>q0O?&!(fEVfkN5&WoUY=XcxVdS*p#dJho{Tc z{c+RI{qCE$j#=i*=o*|&=Hs*s&9Cn$mPM`Ec>9d+(SCx>h;6(=dY?YzEFBVLFe?vK z^ufTBrdE^eI`xZ3EH>et8Nup1DFda}NqNd~$Ci_t`ig{(U5B^h_~WEEMH~-*s%JFJ zz0)bmT}sR*tqImsW$m>JeAn@|+5RZ_Y!k$=H|+X-03ZMa@Eg8&pIcI z83&&Sd5XGU1gZmOjR7tc`J<{D;^>W$Xbi{I*}&ecjEj;Mt(VBj$&cwV=!~ zYGJYWj@^L&t&I>nBWZ_D^vjKz(-?{8U1H27yigG&!B$} z{I~4|{afhSzV=GkOZi*BNBXZP{Ck;jC|FiNssGFN|CEm!pw3dsKlO^=lbG^|$RTAi z3l3WUovJzIkbli*o6gKXf)Er@Of=tt&#UmC6?NvK{_Uvm{qJPiD!3*>&>=2R~_VKo}Sq z&%V)`pRlGBH=c>{@bp++T<%KJF12h2mpv{YF{9&q`qGYwi0EFyaIv|0$V8}*m*jh+gQv4<1%9E-EPRO9CWhX zHd18j|MSP!;)WxoMyH92?$i9(Sn9Y=rQo9#wxl)b^FwvT3Q;r=*@BNJX1unh1Azj! zF;O|fGj6&FbjpM#y<)S#Z*Q*xq4Q+T{2bik5Eko!d>a{=Fs_tlW0{SwjEISjR!ZPG z#SWR|jW@a1Q9w3<7a)2|gvvQBMNjZy;ASC@5&SIQX#BoPeCs!LSrN7;9r`DRF+X z3ufWgxH?*55r3W3wxCOdhez!xGI^rh-i84)D+L*)XtXS(a0$!bv6rRy2UvC4SabG|2R&h1(Sus^#bnS8?2YKfARGAT5Yas ziWD&AGV5-!pp&Yuovq+=e=~^W<1f#Ep^uz$-b#r3bvAQ;I{rJ5$?`ki2DEJW4Z&&OWrhUEX)B%c$@m)%?c9&<`-{=h(QXG* z-sIQ$TXLYsM@Q4%Gl6?+BQq6_DQq{YU10LxWPzTeL2 zi^&WHN$)VySbDqV%BH^IhrGP4$?CGF-`?U3b#88Me{-t9RLF6BA+`DRV8%HDb}MrW zo%w>M;bf;1cw7}V=3v@?D^A~R%##(Uz+`dK`=b_V;@(~yXi5M5fQ2Xpet!P0{5MzF zZvPH-4_VNp6-xq_jp(S=;bi3G34&_r5@RR%$-pO_YN5R;!o7t`s;btkgZ!Dok~qXuPmz@Eo7l;9*RZS{~EG6we#a_IU04-DB>k z{%5tWz!TnDL$KkAO`1g})i}+!|AS(-LSzuQpCDk`-?@O>|NKhGTDUfh^glm6D7QP_ z-`Ld0Cm_JBKQLmA!_}dJyE-3#VzMKX$%)9W-TP5gySX}$*9*+TZ-4!8V&=?ir9X#L z+5_{RtJ=CdSsHkD*mVIN$2d;iu#r0~EbNs)?Y97tMcjL{Q0G%LD;fmifVnqpENhI6 zxH#lAQj``T28=q>b6mMPaHpMZZKOCsaw4NCv)Q)#N%Jc}wu<$O(}f0#;|p=XaT6`9 zfq2JHVv0CDJ)QAgPLn=eQIC{9`_=O1iuCb%*&WqngZRk;eO|?%z`c>>WW8{&Y9;Ul z6gqIR8E32+ljEJ8okoIg3y*dmEzz0>^!dFG?VId~yL%3TuMe=N4_o_eVoXv2RlraA z*O$}%)%>{eDu!Xw60|otb#Afyo0M-pC~#WAa}28+~Y=3vLe%2>;+1K%zgGcoY52 z76Yfxi<9nm1W$QuFfv4RJjviLt@rzX;48Ev>>Qo_VefhcikZsfn=TCTmI! zNsEscwN@N8p82Kgw6?qP3-J?!s>3^SfOW9dtI^gi3Ebl7tT5wxer0`mc?1|7Z^N%F z(^{|e^z;y2M->&7cQoA5G0x+ra-cLO)tMV~dXy&SIo=q2zBl3v@aO9b!WmA<$IHNV z?$`GrWL`K;)tC+yAfEB~v!vWLXRsA}YG7~;2ijo40+YV(K4>_RLLWHvSN|N8apxV} zSj$MCHA3W!x1C%eHQTMo-o8wLH;E~uy8#qJP3Cqb9i741=Fk*D`wIJ!q5>p~q~uif zJ!ar)e^Pt0rWNaZ*wcgInuP#53l`X2cN(O3TczD#<50h9%7YdAG%pF^q z`VzNAr75nfHJv@}1UOa(MNCm9B%awRZM-kJ{xkE*ignslJB zW2&UT*L-XEq8TAM<6wT7O|RV$I`e^XrIVy}S0Vt~6ealx`f9I@@x;Vy?J*oG4Q-V1x`WEGL2&hou|&kZBpms`r`{6ENafq!OjlwBgN(! zNuW1i?^#}+O=moJfcGb(qS5UTB54T1&&UtO3CuX%gJI{WU| zdgxjez%VU^PeG<^!{Mo7dbM{6-Dj&Me%o|lCn?HAkI{j5g>P>Xo6!^wB|qk4;o~?> zXm+KVN&IzR84-EN*02|D{v%}JH3nrQskX5fq5q^==ARh-S9u?-3n#8vd>8`)!{hys zSyEXRjJrI$%0%TB2$hBAy&2Nx#b%P+U5R`avrQqb_T8|>w^#3e5ZT_|j+S`y z*u*4tungFF>65*DtN4Cq#R`vseg$c1X<`i*m(O*ox(wo8Dt5ny^vxB!%agDkI}7dO z>vt%-y@31bv04(k%y7C27IYN4C*_k(LDZ-E{-gl8Y z;?9eU66CFh5Xly1%k^mboWznlPg|PMpWoRQmt)mbJMV>%N@Pbz3#>!9X}9<}MpZtO zg)4Ell!1D?jlczm_g(EifKI5Tie%~vntISSTyNCO&zV1xm9nsA{8{7=Jiv|>-+DRX)&G0mKBnPVe zx;wE3U7lG>mczLP+^?QSrMlDI2=KGhVVxC0`{9pto)2%%<2?!h+ zB=F0~6cNy7Oxf^xr``IfFwSj+an2h^tB2o&q$Kk)c1e}o81*YiQ2|Ejr(SH*aqHWh zT^#iNGRu@O#V3A#e!x>cyy}P9>J2+WWA11zw2s|(7}f9}8xj!kUup$JYf-B}4_Qiz z{rsf4;ny5#*?fX|kS&3p)njQuxIu!TTkZBcg0ti@-J zO&S}x+GRt?4UeDwl+$52VIWo&bm}){{YVj)X!w&qY7ll9eO#gV=#fU|$*5GDKEECP zeHIqEDV+JQxNO=ufIh_(N?4j9YvBWS$pi@UN+7V{;|3*N(Sn(-r0%s;8V!W!RmG0( zQm5t`@2#RTXZh_ZCTaj*@SY6Yf!r0zv*F~6r!tk=;*o43L>}2+;ro;r03_B$Z$6J) zVMx$xi1Rk;xhPR;{p!O9Gd{?MzYvG0pnZT}XJ%FYM&N(|$;Nt5n)t{QGSuO6L!y{x zeoK*RiqO&sAOuH8N8<;c6d2%+N@wFB&3M_~uaMTZ*qI_ouF!+3;sB|#&d1HEpnoJhzd4!(I6vmkO1&2oqPZY8t-DOjS@ygxe?HU zGl0U$i#VG}T4g^b!U86X)$)}39sJUy`GwjiGarP$J=7Mt5y<3oWa0+XS*3`4-+OeF zXC>V!13{X1(_=auixV$8wjxh^+1PR{eH_BZ()X8Oza4dUqFIm2vc;A$^rPtQ*j%iU|*j7 zQ!>_-E-8Ndc9RTZs4~AJT1}a0@j)pHfw)PW^|C!|q_wTBz-@jrKhLb*Z#ecD9Vfb{ z-6RFtxe?D}%IQ43I0%|P+B1NoncU;xP`vCslpp6Lv|jdQs6^~z4GbWPb$(?Tl#PYu zBd68J=(xN3`IP`olQPrQ8$K<0`jvweYS?W%?>v&gJ zuo@s|{?|p(p@|h=Lkb=^|Ve_NBQa5>9KKz!zcXZ7dw@J?onVm zFENOrvW-bx*^lHU2>q~gpH~5Ea+u%kj_ZY|mvYW+s09hurcb(k-{zq2tS}8Yuhkx3 zoY+ZGi_F$RcVou+>J&p$S@rLT%&v;}UEk-QJE7iHn!E4cMfapm^m$77D`zO(6% zKc#zU+-6NFQD1(~a0c>%GWoP2e_XUT4?5i&0gXl7-@m(1!1w}wx!6DMKf6StI{|=+ zxA8>li2YnBr1ZA3i&ZLFBt?VFAA9uh@u^x(cm)`enpCo_zfXvrL7h*@19Fft@vfRp zJr1K2R-?^S293nr`5M(LVbq(S3-;(?Qw0X$$!+TNm16ka;dDN&FA<%x>EY zm1zyJX8Mn_D#uqzw2 zC9%&E_#=f?RzsP@JU;p#Yy$L^`%B1sf`5#iGK+wm`_*4oown=w0^c``;m=7#*hO+u zFEFccNpc1;>c3*$5&x}Qw?IZ`MfO|w16Mw*_7v7Zbl%^qG5qQYBvlZ)Y4QIEP~fO4 zA`&;lFAU^=M*Z?{7uA2;KKnDNn}4;e|F->q75)DIG`z~^Q17m94Gx6=hjf|DL62K^ z09rTUUZVY7|K9$;Ta{Vd;S213aO;0t!2WJAbj;|#M?q&(TjuqD*Lj~Bri)o#_Fnf= zkc>}G_RA|zp03IddZesOdinC@R}O<$SKmLK5G7mr=fW2xH@b3?nk-3MMWxFz82@8< zLqmhNQNc=h!78DsVL(8@4a@8zB4T2WinRInj5vFF$cgLh8|V!S3!6C0vt3CWw)4yW zaY{i?A0|AZ8A`p}Q<4W7>4-cuNwEx1mB~7M*d_$(XG@tt(<10$qrenUz&hES=B*Me zio739q$Q-`AJKH26PRB8^IVCrL&R9eNM)-!i%j8v&sn3wV6oV>!!Z!+r|bRACmN(r zem2`=1TJYv0qX`Vu*R}I8f5dGZs_W6a%c`#4Yd=v5C_Z4vpA%k# z7(4?~djab%m+Ay}a(Yp>h0IV!&O7y*2GY(?r6;K%^&lVvKv}Le1eDZFoGe5kk`Xl1 zHFs0N5;$-|FA)~WiRPJ--6|)S`1wqCZf)%tXnkV5q_!a3;vJ1&l82a9I+^;v$;ik! zQQX2(WxpUKH)}*DXOMLyCUgg5`xNxrV>z^^edfdKR_hq^gdvW+V^yy6^O4d)0LIhi zAV)PlQ7zl8d#?^feRnLUx+X#14&Za9A@Er6pmCvnVnTd|8%(##wFRJPSBA8-px_Xv zrXR>~%z)a*z=O8wNll9FM%fMw(gD94xr4ST#YyoL7-N4tqa99og%V3S6(;LCe0aj8 z+HH}fPmfe;$qsLvlMiBgpBcRq2?Tv~x7mo$4rlMZ=9&>9h$I*?_;k&@@nlEY!C@T; zl4nOFjp@?C(?<53ypIb&0#hK6vK22}!UQBLCzj{WpBGXE2M5R9M3gMKM3Eg;IA z?<6!zoc)>yFfMcqTAmksH^-2MV0!2Vi1b}+j!OZ#D zfmYT#THcQ7{q-@6v3wdV&oLNXp&F;M>g7cPSQz@KIp1)+SvJ_g+G9}!WG2VY@`#~+ zg3CARe$BlD%isc%^e&^jIY8)5;Lu*`4L&RD$LY=X!j9uQ`8pis55+#d`X~q4K3vWy zU^+XVIoB&R=nI3=E#z{ZH#40f^y~%7KLTmUt`ErPmSj()C)K4-bxJK29mnc?-I*hv zwuW6_y_*BlL22!s%Er?TAQWn_ig}L=)6Fd=n8#BYHZ}lxPV9YAI3ZJj#)cmdk4(~| zT3T8_(wW%#`0I0gPR%CoDbEC@!DgN^ZnD!KW(d%Ai*&c6HHVf02RSQ8 z-wq%;OCTHb-*;eQV$x>EKi_U+8p;7efG+PRIo{=PI$=&n-JEyk5%wn9ogl*;ab*b5 zX`2F7fM`}_)H@yt?T-;g01B02wLCmfFOZuvjppqbISf=D;hBueSv9Y6$viFk;fFW= z8N_>_?Il_{J8ywr;C$oQXAhKWE(;LfW!-xw=4B*wG!(dtD_G#wTq8yaO4)EL6Mc}= zt7b(54Jk@!1*vRXce+0TWQY+VDp+=0KL!X?pr3cOUV8@xlm}#-i5)LD7Ss1YDj&aI zwZn&uQ3A8Ibv|xid>t;-*58|>oDk1zK25LB&%#`SQoO_IIbiGz!WvLpbTTW>kJgGo zaibu;&v*|f4G+zui|S(g8gh0}ct)&Ln0(y=yTcfDsVLt3_R`Ba*xg=fd!$xBU9g{hSn)ANTY6THLJd;jis^c?8hIxw-YyS1DFXHMK+wc*q@#Mt z<{`hjdZrO)uV8v@{2LK!ykLULF*hM|Sd0i&s2^X*`2Hzqo-Ob%&jxW#%*1nbF+1L< z0%)Ly45r;9JVsV{MiB+?G*a5v7pp?p(S8r_O72pjUE@9^=k{pc&{JByf)w*yjjfg) zyhz53c1n%}I1OaJhln&&?apB$6o)VbX(ce<6kBXuspjSo4lR%y&XUz`2f3o%2x#tj zQ|cyE^b=^r1#+?jAk*zML{h@EpW=;kflR1VZ*SV6dJouWSD$VQ*#~dfuGeNiep+1L z7>DW_ONZVepkm?M1wr$*bD(Y%Gh}#&?c4|O!fwv`MO@~tKhl2HQa0BGgU+;$J^&8L zE^x1nUt47T`l^9EeU3TKyHL%s1upBOB}*==|9r}K5-oJMls6kXH?8sDn>g5-nfbux z8arEEmw+zqoFEPj(k2sISrU)gSR8gOcSxh;Hnx%DXDbnyIA2i@-r3nH#T&mh@y|s9 z_KCF>LS}5w>EoewG&vbJcNKK)VV?bjO2+$94#KfKkmflFY~CF%G_B{p&ay_vDNv`<@IsCnM9~M!-J9~is8p6fWUh?TjYF5M^On`EPKJd zW&&`)4d?My@A7S&nprP>+u}Gmu5ct{o2t3-ncM}z zHTpE{@y2&d7d3!d)VZP%cJ0Z@Xkna;QYMP4q{yHo%Lv(`5-ABPGOhU=@=nt6t_Oj~ z`zu1tocaSSA$sJ1mKUj|i4BYLpBjP`-G8&X&7(8$U}^**bCDU%rj}ZjKK;Joqmgaa zZuyf4d%xzxu?;${krn9+W^t3uB0 z(X5=p%mZHVcwuGwD^ygdLM0Gkin=Y6TCKW&el|ty6>Q$NUby|@{+_;36@EDe94oIBY{u+< z0DxVGY&0C=s362NOdes{AbPs#-S{ptQW#g9+yH=AOTz`H(fa2wixu6<(TydzRqh9> z7%?$1=Kz{Je7c~qlxe^xk}2&&Nsz9B7Sr)i!4J0eH=yb4Qbj%gq?O^3_fwqzQgY@02PQD zaj-2$-?V)%Vs{HD6iS>E_ZF#+K+(c5G-f+d##MmK?x^hHI~t{-Om6E1L0)0bN6xSH z&3wP9NZcU>g3%|p^1Hln8c?(PwUpvab>)h%)8xkhOVQ!k!Ht?*ni(JKR{_=F z#IetC|CNS^WcmgWZegtlfInxFMG5Asc}AHcOw%a^4NWue+5q7c@DS%ndeJOd(`(uC z;rtob+HI;b3#L7u7}h@&dU@V=YgRNvS#G$oRIH6-``2c$frJUbcD-IF0* zytLri>#GYvGOsoPq4t!{L3V`Jlv=9>?b$;P0O`D1q7 z(P{zchhSm?t{|{ri)Tc2vR>Ake|O<)E?Ppqb{(v|UcXz|iv@sI{@xJI-UJIXCS4;}F2R5E*E)b4#*4{OE*f{M$RIOy|b^ouEB_41Yr)_yPc@FMH* zj7Wj%gDz-28zlk7IZV37Q|nb z8D^Pc2U71$z2Q(SAOBwn-Sv5n@9F~cSwALdGctNQ41NZ7hrKf{84}JCb{Yw);+TrP7$;!vgmA5U!0?lay|e6!5;VmotXgfm@H-k+~W_?-OO2C<$a2BbM^ zAYyh4fR41^;3SWr1i!$0lFv#&3E{ecbybEc{C7=}2+PfdW@oO4LuYQ``e{IxxuJ&8 z-Ece~FucC?Qg46`e~a)>ClOu^0^)f1a@Nb#OQUt7p?)(V&3}Hl<6Pe4-`vy#{&RQt z-P^Y{8%Rw@9pw#VL|9mz#fBkhiwZYhyHO>h|M1bH*L&SEh$4+p>WLoLN94Ga_x4rH z!h)q}OUVR7xh8l0fRU=RiLUf_#y1{9s+G^X%Qjy zcyd|#PYKrrRFayhBV6ZOlQ`&&J|{R&*ZnI^)F7B{ua6Wn{gsLCN0$6^kpzw|+?t=2y_RdbSkYlnb4k$oVk?ADf5vcrPfBq!8d|9_=Wo4z#8cYLD0L+vJ zZ9m#I`Cf8@bgv+(QdmjYCpYkpzDF_RBoRC#nrYxqK+7km7eQmzL5Agz#qfbvi}_-= zMerEILHVb-xtRwInwnBU7f?m2pnbgG&3pGWI&E!jjn>xI?Ck_hs$8A`{n~x0tFM>O zqV;7+h^T%oDA@ou382m!jB?}&dM}g|-{8;})P}6T2LPs_oWL{Gbhx_=+MG7gJb%_2 zyxhu;C$`%`2?Ns2_Iz7G5V0%Bz^SOHENhHJ{Pznb39o{77I6^~5h*FN(&GVjX)8<1 z@6Wos)~}9@;@5yNttkRQ*?PxX`-LttVhB($AijeN@0(hXxd^>CKK}I!_LT~TjMK6g zcykOyV4tf%YJ^hT9zag#1cIn!^ zo40RgfqdSYClvg%hX*f1LnrJLMcs3OmYScPqR7C5Z)7?JQe9AB4oRTE88ohy&$r=~ zda6iC$5pW4p3)Tlmm!j%u=nN5mpYR%tIU_vVbHw1yo1dte^8CxAL}QBAR7PyG^_FW zv>ST~l$2h!fi@PGA74P|GJA;g!Hb|bWBKq##Ov3egQJvSu#fAa=Ak?YXiAjDZlP72 zO1gxoR0<$Sb~AN&<5Glvpu&+G0JMo6oMX@s!*cCa##2bQQnzc@Z}i4_fWe^h!?RBWteM}1vgjn{_VsU0z@Wu&?Jfi&ffBpKW`FzIeQhxn6&k{to=R*%d@93QP(IdOjg! z%}NFL9=2Rm$aFxI0MO5#{0YT>yIubPB5qE91N{GG3&IJoMi2)7?H6@UhMxbju-=*m zgNIx>iot~q>;@Owui$v7nCSUU5&;*SP;=x(gPE=`o8HLRc`_Py^R+C|DPLa(HF%#F zgqRf4`&(WYG}wQ#fme!uN8Ddv9NcXQFHCJVG6Y=YWtp)Z8CY>|cMhD_SBW;nT;H2o z_%V@fA+CPOY^U?vT(IdwdHHyD&8+Wa!uG?3pweoe>ASlGbUN-|5n#t5U|G0UASi;= z5HZj%0Llma+ryPX%rvj8EvZYPdAU|9X4i`{M&ccS$a8XX@^)xXrv>Cugl`QH-s_`% zK-38kp4f;(uq(kC`JT3Pm5B%Q`tVwiwdc^Mw5qU&F-~Hpx6J~rPH)LNr)wEn- zoLcA_#pexJfc5_8InYt0?=U~$YNFv`lFTYb^^DA-mn<<*hE=mLTT0KKRk&@3ADWBFiE>^G3gzXG|=?0jScCLym&%x-mL$F%TUOyRXS-P|i zLB&^UHE8v8OYO`}qzC5IUBp(aMix}r+0ILVpGvIQ?zh$ZebCz3<0o<(Ig{0`X>Gpj z#i2g%wkGhD{MXV#^{&qe;gp(UT4RPc2&sGh;%VxfNwx*dsay0OSk8@r2F4qs0WH_F zU#;4m8dax7`t9ks^a~z*0X-%|Cz1Z?n?kIkM5tsTw^=J* z&AoM8lxy2Atb`IGf+9*-gdindq9Y*PDMKxTp+OK(dW{Mw64E6wbPh;|gbNji_iHJJ;BlXF5ByQcwgfhu3PX6}i z4qNOl(5eBvDi#In;sD0(ow=7o(#^R(bl?#u&VOB6EqD&d?W!S_axTt`lU%tnR;_oyr;=9N}MS^APj| zvxBwXMGcNyktgLEGVaJ`=*~@B%NoVBm_(($+tw918x_s#%+*)7vz#SMr)JE2IjOI1 zP>MgWhPo>J?Ki#!>nWDcPX>5}_vT8E-M-i)EuHFYe2?p5`4z5qT?qU0SiFZ6`os34_Di|`JqySo) zwegE?BUh#H9!7~glI;nM$=qf=J8Rlzob!H9lPC-uXIBh;% z;W9-A z2?)ysB-lZdvYB23*&k2kXD>jdp`)YY=2rPwPts*xqt(R3vT^czUQS z?)tqt7{Fx@o@5fk>Gb$DX;10B< z^8AvJE3fl*hBwevX!&+zDYKTjTC2hXrv54)tX4}rp(L>WW&G_>+FCaSc_Qboiw6NB z)}Us#l~Qi3-_sX&Wxfjb$_Cth`Z?7{edpJbM2MiFcsRtTu%yeCy>a-d&$qATI z3Q_$A?E$nOw+x9!pmYbeXq+xo*mFZ=`7$SAd=r_0UYWf_&?{*(XvDL9!r;NR3sO^; z?eo365(Mx-X<30#1>=AP6P$H-CcoG2FZfDLWi_agakH;pk7S#sVi3~E!3zx^C_))R zvfajjjU;(;j#0?Vpj;Un`Nw*+OIs5AD>a|q(a@`ci_`Ss!s7;M@xkQeYcX#gLL-v& zFvkALigvvF%FY{v5P6o@Xxb?6?Nwgt{9Bh$a(5vU6geuoM%lifzOG$i74Ki-6v0MN2guN~VGK#xouPFW1R z3u(^P-e?tFQ9It%!vod39~)tNJq8ppml+!?-?{@Ne$XaIkwb+@KzM?gB_~aA@kKBS zjaZLSfI_@vu->a2lEHBjlK!|Q6C8qM0_GoO;-(mxZ|1kAGXzV)K6V4apL!0_Vz4|* zAg*>ZU+a@04rIvd_wqs6OPm^lJgj|%@ur(Z$IG^$2S2r#1XnL#6EU8RbeWJ30H8EY zS*=yz`c~QtKB*;jb;a&%J^VGx$0owwGO4m-0jCV_Tj}Sy?d<{L`hzbGxV1#gOp(Io zEWn7%>vcPB;%KMuWQ49bJF3VTC6Al3eL3vG(Z-NjYIWhpt%sAbFRNmg4NSeQwfq{j z7jzRaZLdb`@=K5V@{z?;u>UJF?&r{f2fc}XifzM?i+2*50h$dHJFi_FLu;P1Z; z+ayCJCNwgV-BjpfF#`V|!{!+jrF)W~O>TPaJ{7I#!5ePE^e;4{lExy+V11^`90rPZ zB&5&8Pm5++y7uV>s#=c~nXn^V8Om{-iqFI|g7HL#^CTaOzSe&AQGYdIJT zoPM~~RpvFB;;!mP8e~ix85^18xMe0M*L%51WOId5sWT`v35qJ6r&qpeMOsZsl{fpR~utBJuhDozUeNQ|3O*FYo+NCi_dY7)1xyUod+I;HiksA z%U?^$n?D)`+(^0EeN4D;3Z=Xq(U}zX3W`kPDU+u~&-3Go#?y~?F9%m9YL(?wL*>cO zo}KF?Mt7~-B)-do)NOJw*RpH2ag`?PqRXw4d)~Qm9;x?hYVuBBxW4nOtt2*!w^KD- zi5*YYw;mQ6dyn2?LZfI-kh$6(>XtRmKs=zj>np z@-rcQ{m|S>sCK5>6Qfu_L193<3prvFRA+nDR%`8rYT8YoXJ|3y)h8sw3X?7U*X}bz6_Cx{STG{ z!Mb>QWGZ<;@<|Myfp_SoC`Z3 ze3<5vQm^DL>FJnQTt7a3!}R{o$k#o!Kf~13jp>rIb7Ok-dx&EO)W1D_A7%=?{r753 zt`vSY&QKk)rRSXslai4z#YVc!-n<>3-ipD$e)L!ZkSP5kjA~R)&~YOz#@6zETm`+8 zoXQke^~nd%=ZWy{)XwoQes$g4Z_OrZAT?KfLxq;q3-6Y5HkO?e+C3h!AcR=6muu09aZND z1qB6zz`OA3Sb?g^?4#m<$FFaGP_kEj{80K>5BW52jswW<IqR#l4?$~tFq4b)>2j^kgbq+X0T z9X*^@(M%8d4XNOge*H!dU@akHn&1Bb0M+g|g8l&{1b-qJFn|$^*gP#ZYwRVm?-DZJ zDo8U;vMoYC{pvJy^+==7zvc(+`>E+6JzSuSppD!q*?XiLC*XgM?f*Zb)5t6S{hG*M z{`p^Hcd<7QQHLitem~>LKZ4W$e~|Rx+947^WIz629}m3Ur-;t!^@S+HYlEG*Bnu@`y8#l>l8Xk>g(yb1`o@#yQH zz2OlNo*<4D78Wk6V3o*hLIn<=NKcf4|1`Fq4TCt0nOTX#(d?WY-9G`*%V7nqTUS@t z+1dG`$1*k&G-^>ihP~q#iVHfqbzi~a%%d_?&8(_o!ur-m4Gs>5u*mb8RNbxK0qQug zu2Mh1#BaFI)Z0_?wZlv&8#BVY(O*ljMzy{f#9rh8`k^*!bCR;M@|gF*9!x>c2RkWo z#htKuMMLCiPFCFJ0i8`V#TqcY5ULvEgV~=Y8b(F|@WNzHf}|2RZg>C}ObvU}d*9>! z{bbrrm@^{sNMVpJE<&%Il9B?xgIx^gpq2yP3{+bw=4>kH$d>@?0ksJmU8Af~%WFAW z?vUbI4&x};oBbC=L71#Y&h@mIor{YL=HMZ#ZIVk0HHM|v+rEuK6rrm`Yxwa${Bo*s z4}gMn^~4KIOuH}^oSd4P%ZiO6qzE?r81^}W*7JRXMe6qg9xZWg(iYo)|c#czUhb_#=kxnx=7I4{aMU^or z570^~tpV1n(-PetWgDDRiaU{~v9`LZ9l+Ti9@{f>;g*-tZMLBrXCh-Qtz@%-s-T?b z*{lL5oNu5N)YbL)Uja zZQF_^RYXtn7%)9SNdA}r8KbcnX7f-jrtR0QvClHBg{LNFSB0Rg1C@mpgPiLS^ksN> z_~px&{{9r3=PhhgvUO^-7BZV7d94#c=O#!e1mdyJ&y%Hv(|!hjmyItMz`HH9#)(RT zD(UGo;WAHV(;6@#7B!QSV*OLAITfwCUm#1rc*+;=#C@x+v5}v`@#ptDX$n*i0pWkp ztAOhfn`7ktEGToAryazaeBN8HwMu(WSfcP~*SFC%IT~)dw-}h1xG(Bjxp+!1bERkROPsAMjL775rRQ#o z8xi5Z3YA)sqVHSfPY??4-<^H%@qKBjUVX~3%z1n(tWv+$Xnq-@5rz6*>jjxW=`@W} z@tnp?N`hUQfuk@U5ps{4yS>DZf)rR;-k~Xx^QvnXX;n>j2X^7D6cbXYmL!d|+K&9Sp$+ zRq`H5xvr$rO+(vY@eO3gZh9#ACs&=n66=w#N2${hW&;HvNDQWi>I9!zJkv^@x(m(0qP+{j)^a zC}purT2o=s5xFSg^3WA8sAxloX-*`vnBG&|Xo!Vyik?6GtT zO%6cRo2yxzoJPX)I_DtLeuL>Xg}rbxY=k={MtXTEZ$x;lNzqzq%e=h2`_SzM#ANX; zudgFhGr-v&@P4ykebC(2gHcT(cnSR~ZXNL0xfAbmVHP(#FD)(o(0*_z*Py6dJJV(m zzkS9sCcMo^kFqo|BFV%8wMD3og;|5BWoIgE{J5AubOWzBL9ICXeTAJAO$i|eRJ%Gl znN2P9>SooG+PA41W6xM@W@@CuK-clkK+N%B7c^nUhl_wFnU2LKK;*e|uAtR@8N; zX$>FM*OWOsQV$_n>_ak%Hajn8W0PCyF%?AyuyFEC8Hau7aWoX^x~M%iv74grPP)vvJ&;j?S*mzr7CKz zvRY;gKDKR8t^)cWyhz>bZQm{XRb#oVh%Izd6OQVkJraEqC9w8%lA zS_uX;3T=UcQ2A<2el-H=#}}Zv4ERy(LlFzoI_h0sw0-9vXmo5-dY7bm8&iCbT=vrU z&#$e52M<7c0^^WvNurT?D!WjBe}7<>W)v2N@)ijT0_i(CI(mBALh+rTHrI|(WspJE z;^kYn#&R`lTxh1dyLGxkIF54`m5E^WDxWAe1g1ph(a+XK!m!&N7$+DePhb^q%)82f zE+4*Sw`PMT_SSFYNq2wV%R+D@GiT1iczSwP(^xRFUXVc(*7TXmBGSL}<%j(hg;^zNKa$a4&x|lQjOc^Ld6l z=dgO?4WB<(Je0<-$>A10UY7BN!E60Z9sXiad>f(P=pMtARK*7pK6 zoZJbhc0#B0A92-MC<}`S2LR}^4ib?8^F&oe#Uz=%Q9A8|i2HAe@bg8MUF=ajX`g{4 zvQd7Ti|`$Sno>BAB(dAq4@a4eJzE&JX<))P0E1_3iEIlKSo)MNNW*i61_o))kc`-HP_9b|?6} z9TH-Io%adWDR}e%#%1cc9-$0}9iTE4_R1<%oQDRJMrS}CW$$#qN6q8pQmqrQSj(Ijm}Apm@0su@4Gk8l#$UuXY?#_G9;{D?IxsR33) zf1qv$3^|1@|8mNb4y^{MIZr0fPy}p6t=BG%SE0nxJgKQZduAH(eQ~Ko^Iwv8;!Ab( zVJLikJm(q|#b%La)q}yYwR9GnL8#jTpaR+UrT&!rmDjLTWzu&306a`E6VMXGC*FvA zR~BkjzqMi?&rce0g)o~xT3Dx5Q9VFptf`rVxnDb$_EgWYl(b7y>$>Dv2gt2dG_u=k~2qmHd1*F+5iMb3GyGFZPRnmH?9B6=FQ{H%%)in5SCUZ{v$4<~$T z9!4wDTc8SfW6MIolh9-J=<~k45eOG}-MB6-m$t7fZamPyMrnxE%MNXm@Y@k>2i<>< zx$^OzBN5@MmHOwq&F3DiI7f7?8BPj{rAf2tRm*w?yhr6kX}!E=5%FHP?d@Bp;GHLJ zKhReR+Ouzqb3#LD7e1+w%;G2>2>U@sJId@EK*nennLw6w7j(RvzR+Be7=tz zHQl?EK~T`G4Ot;hZr0%#I>Xo)cS6xKVr#zBz%ibU?(SZJTYiakU-q_>T6afw%j|<2 zH4Y_R;KmcLO9x#;(rnQ>t@Ef=of|n%S{e!Ba! z2~)G1if;sFU&PhttXj@h;&30>63-ctKqo#-QS3X6Ikos~+sGixN{RS_@Z+wx>IpY2 zs~-;*TMF2lH;zaW(REJH(kMO~4QcK%b7N8RZ8JP0Mv88~#;#f;K!kr{E_umW?%JOl z12))RH$YUg+2Qu=&e_gBy7tcZD84n7X8PjtiQ?~yl{S$*=gv$tC4iPHzxw(Qa20!d z%e$rt5t9^60*wr&qMLyv+flW<6CiGFi3AY?EzyVsDcU(aJ|2J55$r+08_C~;GnO{6 zu%Zeas!a5zt`I;onQgY$M;MFywRVAOw57)pW744V*EQn7tPqfoX-tTo?=@NDWC@8X zrz{TWYAerF*4W-C_YNjvrlGmFLmrKC5#Y zCMJ1b`Z8&u1T(}ObA#;ZFEYj8gMoR-!bhmNuO;Q&K%j5yZYRjft}NJIj0mVo@Om&( zV^K2aon$qI!TFjPG5$p6w(|jQnO)N{ib^H=`aS5?{1xeibs`f*?Gs+37&#s2EsAOy z_uS7|te@Sua@OFbgONL7cGjx;QvgqoO1DomPXx|ZGa|nvuypP2i8(np`B^<;M#60X z*WMCULs=EJ*He+Lt~-*|?}oQD5CwWn{9wdDhKY61;(mQR5nj|Hzfte}ygALIRU)1e z;dG=e*KGv`UHFN(%Y@komFwp&mkJWHO#?66>#S$rch|(eM{blkw?V<GK{#W@?qVGDRI~mG&c$ett=)gK}8zijVUb>POcr>0f?eyqU zHOG(XXqqrcxfOFp7mWu#Avs1xN+;rCqQVhSQa^F+W|XoRx5R^VR!pU_gV{3;uVEW3 zAY$)gMqO^p_lYokn1*o-idhdJG+R5M-I)|y&;ayY)^cJEC{_t>vz$Y+2=J&m2)=<2 z(%dD9@tLSq|2tD7oqkzrW@#93X#8XM)RFCWhsl~ArR4}7xo6DQo>n&`rE|8+7?T`Dn zRdB3_Pj*+(f1Ht-qNaV5Dh|&UBK$4 z(bLl_$94C%d@j_(>5^`&Ok+&zl18twvVJ<}>)ykKo|k7@BwFBa8-dDa_Y%RSvTwsq z!hVt|GCaIrQ`PgMt;vF!W@BR`=9%epCa!1Mx4Wj_ZhcBY8FmZjh%D%KtAR<#Yk;y0 zu@@v=ay^yUgf1FI4;Um7xzCf$E9+di6J)Rtqsj%=;(8q@w4T(uqF9J*Yg8>{!_=<%1#@Dlt_TjqcUqSQXC5PXF)6GiAvv!_ZgasWQ6{Yq>0 z{FyTk^Rar0I)hbJRUrRytvZHQN=iV{+||_;2E>X@J9wv$QL{KMKgaMYAWBE(a7wL8 z+nCq}U{Ts;&pW+rOR`a%Yt>)7arR?zP)mzS{5@vr_Yo6WtHbJ#%ussvD#+Jyo?VVMtk&YFq8^r5u%9uB?onQZY zZcH+GOfk&#icWbAxGY`BG10uL8OG1miA?J0u^Z>6klX8Z%A$x{zxPi){OGXHM-|4I z7KPIb8`&vGpe2vYz5i?8fRUqo|!x^W-Hn#eoWnlzVZ*btItzI0>5x zNj9S?W3l2i+Ujj*?PI}DzFprm*WJXpxdrct3Z4#)gZ2%69{#!&uf7nUG(zeIvTcmq zuy{|ZnskO8u)Q}X&3Hd&+LzZxRE;^^k+9Rz38%mvOg>k3cAhmew)>iW0YJ@G9pTA( zmbOsIH2E22})4moi@Nqr3Y>3-QF&L6Hhvx3=Z&ID-O_%^ru*~BY82;7F-x?Y zf0~hTt{N5h%4MO8`#ojxCpQoXQZz%mo=xpoL0f+ZSMn3G`I=h9A9R(0W65e)P5rcs z%jyVsaB;wjJL;|F5s`bsTqxYqmA};>|6P%C*^a0i#wwK3uyTVaQPn||Hg5C>v&+ES=mFeW?GGFjEB)xT1G~Gc^kA| zCBBbH;J3s3Rl(LYQoZO(z{`w1%&K&nkw(enm_bJcE^$r<2rK|xa0leAAeZLsG@Z$% z#tkoYr2}@f9~CA!1I@tu??;5{prAhH74_^H5dsS#;J^;ebgeb=ybEKfAMRpsdK65F zEoccRus1=(7G@}7h_kk~7H|JOyc?w`w(z(GI4J;_Q4+PF64S%MY~?*PtDxV_%;b<_ zg0SpK^=oTu<{MOMu$|_9{OAI-1*U96#t?H_Vg&uzkBagUU^EBd2UsCIy?ZxWy88|e zkOjumr%#_d7abd$eE@z2j$j# zC+NGiPBkTM&JX-JGu_|c4JW>wdUl<^q@AUNaN;0Q=_mYI}P{I{h1jASZ0}YMk zZf*6B3yasmX={GzRc>x>B;EAoKK_gMLBhk)(sB$sWd$XrLZm7D211p|=(&8;x&rVz z0I;Sg9j>u}KquK6@OLw1%i}G+OcgYyrlvk}%+!FH_(_^+Qp&ScD@|OyM8?|Mf@V$O zz(ZW0?)ccyU=E@QUZVJ@DA7MY9Ff`qchJF{o2lH8ER&>AtDs;#CUNP~SLjqR20w&Y z8bG7k4B(23GE4z%Zr!T=aBOYx-Mj1mteZ%(HGtQ_-*)K=K~Yf=Wc@~FW@(X#jV(Pk za&Z?lhyWVqM1qvY+(b)XfAb4VFqjI4Y#iaaLU1&5cdZ^54Ah4xOb*t+k3vB|Mzw9Y8r|tEEH&T2;1;r z^cvfNs}3H-Z?@2vk+}0)BljQ2|Nqbf{-a3mzi{bd$_eE6Kk9o9jDPsLPW&I7zoC#m zeB!^pBc~j?=~}njVUnCYJgVyIrVjDo5o}HMjSPM%@H1kFJi{2tGNcUsYMjlyfRzHY zONH`}n_pn&j96n7LTC#Cb?f(Wcs{&_C=Y?F3Kcr?tJulFU;vCw9#_v9UM4`p0DbE+ zL;(v{0-66C>{uEOcPJQv0K4x+QrT!ZQ(0LFOT$%r5<}*MMuXu-wH)P9dy;K1^;5Nj zRy+@npSS^^0ba$Oi;x@=A08Do2KRIFB}BVKAxkZ&pf0-47u3~B<8!mKS5{Y7fBu{q zt35c_Z9h1NY<-kD8j2vbm+jiDnw6fiMXnId%*}$80T)#hnKaAEsVt17~87%$5HZ0qHGx zVCO5urg0;@96eC-ts@Mw-0{gtL;@^KwC8=W=?$fMEu=$7$CcCSHTT$K>paX>CbQ1Pno9=$^kiQsF6TJZ2M$&WJDYk(+9tOla?pL_Da?D8G zzBo^|#H2(3#6J1pQ~}iL06%aMC~kpysr$E@iWi7iF}OBjRDmu6myBi__MPUdN0J?H z+8=~Lc=|T3kp$xnW)1?{XzN*v ziWLC;TMPg9*vR-o4)^%+;~&r#ZUi8E41V#L9X1G5_oB`A;9y)2+xKVd2DXAyUQ;u~*9GvF?R#;&MwKx{kO(GG%l5K^&Fa;a6|m<& z&u~c2`iHIc&$#UW{&>hP`yEXVBNklG|LKvj2^pGw&HLK}?T=&sQZD{i_4Y5{|JO2d zT91q1z5a~-iI$#TWI{sCcL^B1^)b}Zz;6cyxghB_yXYx3_tKLi0inPs@ww!Ckp$@R zl24a$%}r2ICrCK^hryeKI6hL0%3mf@botTM$-|2%0FB@MaTHHfH3iv(xK{c0?W4%m zfG6(l!C6L!Pl91Ybi+lD;}%9ZU`zCkN5bugxmKIt?*vyy#8X8x4UYJJ7u+nM0Y#6N zSnESI20*+hoMH;a5ad#DeTiQ9%`+-_XVH-inssNOZg6m9rl;56*g=jv0FRht#Sg8N z#m}t%ZCv9xqphvIK1NoIw);D*sZ$wPkJ?;2}1<%LJI04h{vu!N~j?{1^@pe{*1aVCE4Y9OaWiHc}NQ&VM6R-3n9$UrsJ*QckYSvp09g&`ITLcXaeds_#CoJGOP#%6%+ zz1!B;*Vn?|XIlF|hC0oJwf=`-JSHZt!vVU+DY7-h%{>2LJAb3|HC(}caOAM-`x7n` z9ABU@w%mi7cnz}MO^|2_#+jL$!;!6F0NR59dKwpV20=ubOa9{>+ z90Vfuyj|cUHzfggC%RX;_|gny&)OIPrW;R}VJK`#O}IkDqd!{fU271@bd{aGR}zDx zv)O2JXCc7M4+zV=?uX43RNeNkP;q=TAi~AV_?-lb!tTb9y`=MOF{YJ)ya}lh;iQ6S z9`O%g`^$!LM zDYl$mX(-(D^Yi~>B&?#bK-4I=-~?_v31*AtbVd&vNI2!H|{&qS&Fbw z0AA)>50T&4mm`jA^GV(eW`5@#> z6FBE%$_5EFP|rG@hQVzL;(HtS4Efe?+UFtG%kc?tf3@J4Zm?;Yv25BqqM?ZvZ)RpxuX|Fg<`c^KM(WJ%%lgKu39 z7r$Y{TuE0i4;K@RK3||dwhGz}m%}W*G8gexga{!9p8>fhsz7Jpd-KqHsjJh3!U=9I z$5%g*<^5rVW>pO zCwYxLaXf^Ql9InWSqpnov`|eV_zgjxMOHI3UCM^Ka;lppNx0Q134L|IJ@ zdPr+1hLe+%bI$|cP-^81%b+8?kHC3b7(PMb#XYtMQ-}Rc?}H}`wlE%m`6VX@$21(Q zL4rPj78m4`G01j=;DqpFK@Dj28n}tqfjL03ZFkCo6p?WHQD4kE_wOsxl3|$OOTC40 z14ChN)c{ICLBYjEWa|83?N@0=QdwT!-_S4xX2BqBI9Rav=E@gtl6?5(4UjjyVapYo z;6pCnf<|5IEsP8CkZoQMa6=!Mm#0Qu5(XXp(+W{>2WZJDC@J|&s>I;P5@3h*c|SRZ zUV+im<$QFh&0*DVI0yw?>A2rInG@Gpq-<4%@)zDag}8XJudW(W9;qrT=j7(LG&Y`x z`BAd;$9G@9eg&i##vxQ2D*ep~C1Eg{XMXli-Vq=&hOPjjS4&F^Fm`5gJw9_R0SP6I zl-xfAZR_&=6ZvW=7#M=xZ zGcsPeX(3WwYF$TJ4i0-Hg@ZFTHf8nn^nmL7W-glgywJ1GQ_VIo<@mdvrG|DWNYz$4d2faEZjHo{>w?gDEgun><$tzTI1X$MDN3u1% zdi82O==?OIBIKIKqoyV&feQ0}{?N1qvXGrC7O2iYkUR(Hr5hU~A{Yiz2mR51haa?J zpm7*vmy)W6Ju%qQT#cxv;pz*svocdtQQ_@>b@m5)t+8wsJ7t3e0$f-#@%Yx}X5=U* z9X>FQb_MXkP|T5LT92E+APKx&PH8Baz<*?-VLiwiw;rC0ri9E6BUf4rTh6ey_V&Kf zGk1`^ei+TcB+cRAGF>nbGK6X_D$4zxCSLJBZdq({hwTbweTik)B)D^JY;LM6C|r*t zB_&n#VQcMVUfN8b0LAsq-Q|xE1OPaS9#8=v6UC@BC6J9h1%f#Tu_8WZYM8Jo&Gl~BKK6G|!9fA*YUJ4VXd!N3-in{1F zoy6|_fb{R!8$>rP`Mh_BaYP4+>{ag0pJ>$g46;qz2Uk@!wD zGDuQsKUT}L+(&VsBYX%#Tq58VaP+*pafv_snhqGeA`e}Mv38_HwoI|FMtgVtq>!qe zXrvOsN#N@@po>CEgDB)DAB_L8VLtI6#1ZiB4#gAy@94;(SmeL4^!~|q|NikmB+w7k baR Note: YAML files used in this tutorial are stored [here](https://github.com/kubestash/docs/tree/{{< param "info.version" >}}/docs/addons/percona-xtradb/cluster/examples). + +## Backup Percona XtraDB Cluster + +This section will demonstrate how to backup a Percona XtraDB cluster. Here, we are going to deploy a Percona XtraDB cluster using KubeDB. Then, we are going to back up this database into a GCS bucket. Finally, we are going to restore the backed up data into another Percona XtraDB cluster. + +### Deploy Sample Percona XtraDB Cluster + +Let's deploy a sample Percona XtraDB cluster and insert some data into it. + +#### Create Percona XtraDB CRD + +Below is the YAML of a sample `PerconaXtraDB` CRD that we are going to create for this tutorial: + +```yaml +apiVersion: kubedb.com/v1alpha2 +kind: PerconaXtraDB +metadata: + name: sample-xtradb-cluster + namespace: demo +spec: + version: "5.7-cluster" + replicas: 3 + storageType: Durable + storage: + storageClassName: "standard" + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + terminationPolicy: WipeOut +``` + +Create the above `PerconaXtraDB` CRD, + +```bash +$ kubectl apply -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/percona-xtradb/cluster/examples/sample-xtradb-cluster.yaml +perconaxtradb.kubedb.com/sample-xtradb-cluster created +``` + +KubeDB will deploy a Percona XtraDB cluster according to the above specification. It will also create the necessary Secrets and Services to access the database. + +Let's check if the database is ready to use, + +```bash +$ kubectl get px -n demo sample-xtradb-cluster +NAME VERSION STATUS AGE +sample-xtradb-cluster 5.7-cluster Ready 7m46s +``` + +The database is `Ready`. Verify that KubeDB has created a Secret and a Service for this database using the following commands, + +```bash +$ kubectl get secret -n demo -l=app.kubernetes.io/instance=sample-xtradb-cluster +NAME TYPE DATA AGE +sample-xtradb-cluster-auth Opaque 2 9m2s + +$ kubectl get service -n demo -l=app.kubernetes.io/instance=sample-xtradb-cluster +NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE +sample-xtradb-cluster ClusterIP 10.103.37.141 3306/TCP 11m +sample-xtradb-cluster-gvr ClusterIP None 3306/TCP 11m +``` + +Here, we have to use service `sample-xtradb-cluster` and secret `sample-xtradb-cluster-auth` to connect with the database. KubeDB creates an [AppBinding](/docs/concepts/crds/appbinding/index.md) CRD that holds the necessary information to connect with the database. + +#### Verify AppBinding + +Verify that the `AppBinding` has been created successfully using the following command, + +```bash +$ kubectl get appbindings -n demo +NAME AGE +sample-xtradb-cluster 14m +``` + +Let's check the YAML of the above AppBinding, + +```bash +$ kubectl get appbindings -n demo sample-xtradb-cluster -o yaml +``` + +```yaml +apiVersion: appcatalog.appscode.com/v1alpha1 +kind: AppBinding +metadata: + creationTimestamp: "2019-10-30T11:41:20Z" + generation: 1 + labels: + app.kubernetes.io/component: database + app.kubernetes.io/managed-by: kubedb.com + app.kubernetes.io/name: perconaxtradbs.kubedb.com + app.kubernetes.io/instance: sample-xtradb-cluster + name: sample-xtradb-cluster + namespace: demo + ownerReferences: + - apiVersion: kubedb.com/v1alpha2 + blockOwnerDeletion: false + kind: PerconaXtraDB + name: sample-xtradb-cluster + uid: 79d90fc4-f5e8-4a8c-83d7-3eae7c12f01a + resourceVersion: "12319" + selfLink: /apis/appcatalog.appscode.com/v1alpha1/namespaces/demo/appbindings/sample-xtradb-cluster + uid: 977cb8fd-b5e5-4830-a50f-58de9eb5d82c +spec: + clientConfig: + service: + name: sample-xtradb-cluster + path: / + port: 3306 + scheme: mysql + url: tcp(sample-xtradb-cluster:3306)/ + parameters: + address: gcomm://sample-xtradb-cluster-0.sample-xtradb-cluster-gvr.demo,sample-xtradb-cluster-1.sample-xtradb-cluster-gvr.demo,sample-xtradb-cluster-2.sample-xtradb-cluster-gvr.demo + apiVersion: config.kubedb.com/v1alpha2 + group: sample-xtradb-cluster + kind: GaleraArbitratorConfiguration + sstMethod: xtrabackup-v2 + secret: + name: sample-xtradb-cluster-auth + type: kubedb.com/perconaxtradb + version: "5.7-cluster" +``` + +Stash uses the AppBinding CRD to connect with the target database. It requires the following two fields to be set in the AppBinding's `.spec` section. + +- `.spec.clientConfig.service.name` specifies the name of the Service that connects to the database. +- `.spec.secret` specifies the name of the Secret that holds the necessary credentials to access the database. +- `.spec.type` specifies the type of the app that this AppBinding is pointing to. The format KubeDB generated AppBinding follows to set the value of `.spec.type` is `/`. + +#### Creating AppBinding Manually + +If you deploy the Percona XtraDB cluster without KubeDB, you have to create the AppBinding CRD manually in the same namespace as the service and secret of the database. + +The following YAML shows a minimal AppBinding specification that you have to create if you deploy the Percona XtraDB cluster without KubeDB. + +```yaml +apiVersion: appcatalog.appscode.com/v1alpha1 +kind: AppBinding +metadata: + name: your-custom-appbinding-name + namespace: your-database-namespace +spec: + clientConfig: + service: + name: your-database-service-name + port: 3306 + scheme: mysql + secret: + name: your-database-auth-secret-name + # type field is optional. you can keep it empty. + # if you keep it empty then the value of TARGET_APP_RESOURCE variable + # will be set to "appbinding" during auto-backup. + type: kubedb.com/perconaxtradb +``` + +You have to replace the `<...>` quoted part with proper values in the above YAML. + +#### Insert Sample Data + +Now, we are going to exec into the database pod and create some sample data. At first, find out the database pods using the following command, + +```bash +$ kubectl get pods -n demo --selector="app.kubernetes.io/instance=sample-xtradb-cluster" +NAME READY STATUS RESTARTS AGE +sample-xtradb-cluster-0 1/1 Running 0 39m +sample-xtradb-cluster-1 1/1 Running 0 38m +sample-xtradb-cluster-2 1/1 Running 0 37m +``` + +And copy the username and password of the `root` user to access into `mysql` shell. + +```bash +$ kubectl get secret -n demo sample-xtradb-cluster-auth -o jsonpath='{.data.username}'| base64 -d +root⏎ + +$ kubectl get secret -n demo sample-xtradb-cluster-auth -o jsonpath='{.data.password}'| base64 -d +CZYWy7MDXiedL2EG⏎ +``` + +Now, let's exec into the Pod to enter into `mysql` shell and create a database and a table, + +```bash +$ kubectl exec -it -n demo sample-xtradb-cluster-0 -- mysql --user=root --password=CZYWy7MDXiedL2EG +mysql: [Warning] Using a password on the command line interface can be insecure. +Welcome to the MySQL monitor. Commands end with ; or \g. +Your MySQL connection id is 275 +Server version: 5.7.25-28-57 Percona XtraDB Cluster (GPL), Release rel28, Revision a2ef85f, WSREP version 31.35, wsrep_31.35 + +Copyright (c) 2009-2019 Percona LLC and/or its affiliates +Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved. + +Oracle is a registered trademark of Oracle Corporation and/or its +affiliates. Other names may be trademarks of their respective +owners. + +Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. + +mysql> CREATE DATABASE playground; +Query OK, 1 row affected (0.01 sec) + +mysql> SHOW DATABASES; ++--------------------+ +| Database | ++--------------------+ +| information_schema | +| mysql | +| performance_schema | +| playground | +| sys | ++--------------------+ +5 rows in set (0.00 sec) + +mysql> CREATE TABLE playground.equipment ( id INT NOT NULL AUTO_INCREMENT, type VARCHAR(50), quant INT, color VARCHAR(25), PRIMARY KEY(id)); +Query OK, 0 rows affected (0.01 sec) + +mysql> SHOW TABLES IN playground; ++----------------------+ +| Tables_in_playground | ++----------------------+ +| equipment | ++----------------------+ +1 row in set (0.01 sec) + +mysql> INSERT INTO playground.equipment (type, quant, color) VALUES ("slide", 2, "blue"); +Query OK, 1 row affected (0.01 sec) + +mysql> SELECT * FROM playground.equipment; ++----+-------+-------+-------+ +| id | type | quant | color | ++----+-------+-------+-------+ +| 1 | slide | 2 | blue | ++----+-------+-------+-------+ +1 row in set (0.00 sec) + +mysql> exit +Bye +``` + +Now, we are ready to back up the database. + +### Prepare Backend + +We are going to store our backed up data into a GCS bucket. At first, we need to create a secret with GCS credentials then we need to create a `Repository` CRD. If you want to use a different backend, please read the respective backend configuration doc from [here](/docs/guides/backends/overview/index.md). + +#### Create Storage Secret + +Let's create a secret called `gcs-secret` with access credentials to our desired GCS bucket, + +```bash +$ echo -n 'changeit' > RESTIC_PASSWORD +$ echo -n '' > GOOGLE_PROJECT_ID +$ cat downloaded-sa-json.key > GOOGLE_SERVICE_ACCOUNT_JSON_KEY +$ kubectl create secret generic -n demo gcs-secret \ + --from-file=./RESTIC_PASSWORD \ + --from-file=./GOOGLE_PROJECT_ID \ + --from-file=./GOOGLE_SERVICE_ACCOUNT_JSON_KEY +secret/gcs-secret created +``` + +#### Create Repository + +Now, crete a `Repository` using this secret. Below is the YAML of Repository CRD we are going to create, + +```yaml +apiVersion: stash.appscode.com/v1alpha1 +kind: Repository +metadata: + name: gcs-repo-xtradb-cluster + namespace: demo +spec: + backend: + gcs: + bucket: appscode-qa + prefix: /demo/xtradb/sample-xtradb-cluster + storageSecretName: gcs-secret +``` + +Let's create the `Repository` we have shown above, + +```bash +$ kubectl create -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/percona-xtradb/cluster/examples/repository.yaml +repository.stash.appscode.com/gcs-repo-xtradb-cluster created +``` + +Now, we are ready to back up our database to our desired backend. + +### Backup + +We have to create a `BackupConfiguration` targeting respective AppBinding CRD of our desired database. Then Stash will create a CronJob to periodically backup the database. + +#### Create BackupConfiguration + +Below is the YAML for `BackupConfiguration` CRD to backup the `sample-xtradb-cluster` database we have deployed earlier, + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: sample-xtradb-cluster-backup + namespace: demo +spec: + schedule: "*/5 * * * *" + task: + name: perconaxtradb-backup-5.7 + repository: + name: gcs-repo-xtradb-cluster + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-xtradb-cluster + retentionPolicy: + name: keep-last-5 + keepLast: 5 + prune: true +``` + +Here, + +- `.spec.schedule` specifies that we want to back up the database at 5 minutes interval. +- `.spec.task.name` specifies the name of the Task CRD that specifies the necessary Functions and their execution order to backup a Percona XtraDB cluster. +- `.spec.target.ref` refers to the AppBinding CRD that was created for the `sample-xtradb-cluster` database. + +Let's create the `BackupConfiguration` CRD we have shown above, + +```bash +$ kubectl create -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/percona-xtradb/cluster/examples/backupconfiguration.yaml +backupconfiguration.stash.appscode.com/sample-xtradb-cluster-backup created +``` + +#### Verify Backup Setup Successful + +If everything goes well, the phase of the `BackupConfiguration` should be `Ready`. The `Ready` phase indicates that the backup setup is successful. Let's verify the `Phase` of the BackupConfiguration, + +```bash +$ kubectl get backupconfiguration -n demo +NAME TASK SCHEDULE PAUSED PHASE AGE +sample-xtradb-cluster-backup perconaxtradb-backup-5.7 */5 * * * * Ready 11s +``` + + +#### Verify CronJob + +Stash will create a CronJob with the schedule specified in `.spec.schedule` field of `BackupConfiguration` CRD. + +Verify that the CronJob has been created using the following command, + +```bash +$ kubectl get cronjob -n demo +NAME SCHEDULE SUSPEND ACTIVE LAST SCHEDULE AGE +sample-xtradb-cluster-backup */5 * * * * False 0 49s 2m22s +``` + +#### Wait for BackupSession + +The `sample-xtradb-cluster-backup` CronJob will trigger a backup on each scheduled slot by creating a `BackupSession` CRD. + +Wait for a schedule to appear. Run the following command to watch `BackupSession` CRD, + +```bash +$ kubectl get backupsession -n demo -l=stash.appscode.com/invoker-name=sample-xtradb-cluster-backup --watch +NAME INVOKER-TYPE INVOKER-NAME PHASE AGE +sample-xtradb-cluster-backup-1572439801 BackupConfiguration sample-xtradb-cluster-backup Succeeded 4m27s +``` + +Here, the phase **`Succeeded`** means that the backupsession has been succeeded. + +>Note: Backup CronJob creates `BackupSession` CRD the label `stash.appscode.com/invoker-name=`. We can use this label to watch only the `BackupSession` of our desired `BackupConfiguration`. + +#### Verify Backup + +Now, we are going to verify whether the backed up data is in the backend. Once a backup is completed, Stash will update the respective `Repository` CRD to reflect the backup completion. Check that the repository `gcs-repo-xtradb-cluster` has been updated by the following command, + +```bash +$ kubectl get repository -n demo gcs-repo-xtradb-cluster +NAME INTEGRITY SIZE SNAPSHOT-COUNT LAST-SUCCESSFUL-BACKUP AGE +gcs-repo-xtradb-cluster true 304.165 MiB 3 97s 13m +``` + +Now, if we navigate to the GCS bucket, we will see the backed up data has been stored in `demo/xtradb/sample-xtradb-cluster` directory as specified by `.spec.backend.gcs.prefix` field of Repository CRD. + +
    +  Backed up data in GCS Bucket +
    Fig: Backed up data in GCS Bucket
    +
    + +> Note: Stash keeps all the backed up data encrypted. So, data in the backend will not make any sense until they are decrypted. + +### Restore Percona XtraDB Cluster + +In this section, we are going to restore the database from the backup we have taken in the previous section. We are going to deploy a new database and initialize it from the backup. + +#### Stop Taking Backup of the Old Database + +At first, let's stop taking any further backup of the old database so that no backup is taken during the restore process. We are going to pause the `BackupConfiguration` CRD that we had created to backup the `sample-xtradb-cluster` database. Then, Stash will stop taking any further backup for this database. + +Let's pause the `sample-xtradb-cluster-backup` BackupConfiguration, + +```console +$ kubectl patch backupconfiguration -n demo sample-xtradb-cluster-backup --type="merge" --patch='{"spec": {"paused": true}}' +backupconfiguration.stash.appscode.com/sample-xtradb-cluster-backup patched +``` + +Now, wait for a moment. Stash will pause the BackupConfiguration. Verify that the operator has paused the BackupConfiguration object, + +```console +$ kubectl get backupconfiguration -n demo sample-xtradb-cluster-backup +NAME TASK SCHEDULE PAUSED PHASE AGE +sample-xtradb-cluster-backup perconaxtradb-backup-5.7 */5 * * * * true Ready 50m +``` + +Notice the `PAUSED` column. Value `true` for this field means that the BackupConfiguration has been paused. + +#### Deploy Restored Database + +Now, we have to deploy the restored database similarly as we have deployed the original `sample-xtradb-cluster` database. However, this time there will be the following differences: + +- We have to use the same secret that was used in the original database. We are going to specify it using `.spec.databaseSecret` field. +- We are going to specify `.spec.init.waitForInitialRestore: true` which tells KubeDB to wait for the initial restore to complete before marking this database as ready to use. + +Below is the YAML for `PerconaXtraDB` CRD we are going deploy to initialize from backup, + +```yaml +apiVersion: kubedb.com/v1alpha2 +kind: PerconaXtraDB +metadata: + name: restored-xtradb-cluster + namespace: demo +spec: + version: "5.7-cluster" + replicas: 3 + authSecret: + name: sample-xtradb-cluster-auth + storageType: Durable + storage: + storageClassName: "standard" + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + init: + waitForInitialRestore: true + terminationPolicy: WipeOut +``` + +Let's create the above database, + +```bash +$ kubectl apply -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/percona-xtradb/cluster/examples/restored-xtradb-cluster.yaml +perconaxtradb.kubedb.com/restored-xtradb-cluster created +``` + +If you check the database status, you will see it is stuck in **`Provisioning`** state. + +```bash +$ kubectl get px -n demo restored-xtradb-cluster +NAME VERSION STATUS AGE +restored-xtradb-cluster 5.7-cluster Provisioning 4m10s +``` + +#### Create RestoreSession + +Now, we need to create a `RestoreSession` CRD pointing to the newly created restored database. + +In case of Percona XtraDB cluster, the RestoreSession object contains some different configurations unlike other databases supported by KubeDB. To restore Percona XtraDB cluster, Stash operator will create the required number of PVCs and mount the data in the data directory `/var/lib/mysql` with proper ownership and permission. After completing the PVC creation, KubeDB then creates AppBinding, Secret, Services, etc. objects. + +Below is the contents of YAML file of the RestoreSession CRD that we are going to create to restore the backed up data into the newly created database provisioned by PerconaXtrDB CRD named `restored-xtradb-cluster`. + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: RestoreSession +metadata: + name: restored-xtradb-cluster-restore + namespace: demo +spec: + task: + name: perconaxtradb-restore-5.7 + repository: + name: gcs-repo-xtradb-cluster + target: + replicas: 3 + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: restored-xtradb-cluster + volumeMounts: + - name: data-restored-xtradb-cluster + mountPath: /var/lib/mysql + volumeClaimTemplates: + - metadata: + name: data-restored-xtradb-cluster-${POD_ORDINAL} + spec: + accessModes: [ "ReadWriteOnce" ] + storageClassName: "standard" + resources: + requests: + storage: 1Gi + rules: + - targetHosts: [] # empty host match all hosts + sourceHost: "host-0" # restore same data on all pvc + snapshots: ["latest"] +``` + +Here, + +- `.spec.task.name` specifies the name of the Task CRD that specifies the necessary Functions and their execution order to restore a Percona XtraDB cluster. +- `.spec.repository.name` specifies the Repository CRD that holds the backend information where our backed up data has been stored. +- `.spec.target.replicas` specifies the number of PVCs where snapshot data will be restored. +- `.spec.target.ref` refers to the AppBinding object for the `restored-xtradb-cluster` PerconaXtraDB object. Though the KubeDB operator will create this AppBinding object later, we need to tell Stash operator about this AppBinding object ref. Because the AppBinding object name is identical with the corresponding PerconaXtraDB object name and the names of the PVCs directly depend on this name. +- `.spec.target.volumeClaimTemplates` specifies the template used for the PVCs. The important thing here is the `.metadata.name`. In KubeDB side, the PVC name is formed by following the rule `data--`. Since we have created our restore database named `restored-xtradb-cluster` and later KubeDB will create a StatefulSet for this database, the PVC names will be `data-restored-xtradb-cluster-0`, `data-restored-xtradb-cluster-1`, `data-restored-xtradb-cluster-2`, etc. up to the number of replicas. Here Stash operator will create these PVCs by following the same convention as KubeDB. We just need to provide the `.metadata.name` as `data--${POD_ORDINAL}`. You must insert `${POD_ORDINAL}` at the end of the name. Stash will create the required PVCs by replacing this with the corresponding pod index. That means if the value of `.spec.target.replicas` is 3, then Stash will create 3 PVCs named `data-restored-xtradb-cluster-0`, `data-restored-xtradb-cluster-1`, and `data-restored-xtradb-cluster-2`. +- `.spec.target.volumeMounts` specifies the mount path for the volume. The `mountPath` must be `/var/lib/mysql` as expected by Percona XtraDB server. And the volume name is form as `"data-"`. Since for restoring purpose, we have created a PerconaXtraDB object named `restored-xtradb-cluster`, the volume name will be `"data-restored-xtradb-cluster"`. +- `.spec.rules` specifies that we are restoring data from the `latest` backup snapshot of the database. Empty (`[]`) `targetHosts` means snapshot data will be restored in all specified number of PVCs. And another obvious thing is we want to restore the same data from `host-0` to all PVCs. During the backup procedure, we took backup data as `host-0` from the Percona XtraDB cluster. So, here the source host is `host-0`. + +Let's create the RestoreSession CRD object we have shown above, + +```bash +$ kubectl apply -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/percona-xtradb/cluster/examples/restoresession.yaml +restoresession.stash.appscode.com/restored-xtradb-cluster-restore created +``` + +Once you have created the RestoreSession object, Stash will create a restore Job. We can watch the phase of the RestoreSession object to check whether the restore process has succeeded or not. + +Run the following command to watch the phase of the RestoreSession object, + +```bash +$ kubectl get restoresession -n demo restored-xtradb-cluster-restore --watch +NAME REPOSITORY PHASE AGE +restored-xtradb-cluster-restore gcs-repo-xtradb-cluster Running 3m33s +restored-xtradb-cluster-restore gcs-repo-xtradb-cluster Running 3m51s +restored-xtradb-cluster-restore gcs-repo-xtradb-cluster Running 3m58s +restored-xtradb-cluster-restore gcs-repo-xtradb-cluster Succeeded 3m58s +``` + +Here, we can see from the output of the above command that the restore process succeeded. + +#### Verify Restored Data + +In this section, we are going to verify whether the desired data has restored successfully. We are going to connect to the database server and check whether the database and the table we created earlier in the original database have restored. + +At first, check if the database has gone into **`Running`** state, + +```bash +$ kubectl get px -n demo restored-xtradb-cluster --watch +NAME VERSION STATUS AGE +restored-xtradb-cluster 5.7-cluster Provisioning 3m36s +restored-xtradb-cluster 5.7-cluster Provisioning 4m4s +restored-xtradb-cluster 5.7-cluster Ready 4m4s +``` + +Now, find out the database Pod, + +```bash +$ kubectl get pods -n demo --selector="app.kubernetes.io/instance=restored-xtradb-cluster" --watch +NAME READY STATUS RESTARTS AGE +restored-xtradb-cluster-0 1/1 Running 0 115s +restored-xtradb-cluster-1 1/1 Running 0 77s +restored-xtradb-cluster-2 1/1 Running 0 41s +``` + +And then copy the user name and password of the `root` user to access into `mysql` shell. + +> Notice: We used the same Secret for the `restored-xtradb-cluster` object. So, we will use the same commands as before. + +```bash +$ kubectl get secret -n demo sample-xtradb-cluster-auth -o jsonpath='{.data.username}'| base64 -d +root⏎ + +$ kubectl get secret -n demo sample-xtradb-cluster-auth -o jsonpath='{.data.password}'| base64 -d +CZYWy7MDXiedL2EG⏎ +``` + +Now, let's exec into the Pod to enter into `mysql` shell and check the database and the table we created before, + +```bash +$ kubectl exec -it -n demo restored-xtradb-cluster-0 -- mysql --user=root --password=CZYWy7MDXiedL2EG +mysql: [Warning] Using a password on the command line interface can be insecure. +Welcome to the MySQL monitor. Commands end with ; or \g. +Your MySQL connection id is 275 +Server version: 5.7.25-28-57 Percona XtraDB Cluster (GPL), Release rel28, Revision a2ef85f, WSREP version 31.35, wsrep_31.35 + +Copyright (c) 2009-2019 Percona LLC and/or its affiliates +Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved. + +Oracle is a registered trademark of Oracle Corporation and/or its +affiliates. Other names may be trademarks of their respective +owners. + +Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. + +mysql> SHOW DATABASES; ++--------------------+ +| Database | ++--------------------+ +| information_schema | +| mysql | +| performance_schema | +| playground | +| sys | ++--------------------+ +5 rows in set (0.00 sec) + +mysql> SHOW TABLES IN playground; ++----------------------+ +| Tables_in_playground | ++----------------------+ +| equipment | ++----------------------+ +1 row in set (0.00 sec) + +mysql> SELECT * FROM playground.equipment; ++----+-------+-------+-------+ +| id | type | quant | color | ++----+-------+-------+-------+ +| 1 | slide | 2 | blue | ++----+-------+-------+-------+ +1 row in set (0.00 sec) + +mysql> exit +Bye +``` + +So, from the above output, we can see that the `playground` database and the `equipment` table we created before in the original database are restored successfully. + +## Cleanup + +To cleanup the Kubernetes resources created by this tutorial, run: + +```bash +kubectl delete restoresession -n demo restored-xtradb-cluster-restore +kubectl delete px -n demo restored-xtradb-cluster +kubectl delete repository -n demo gcs-repo-xtradb-cluster +kubectl delete backupconfiguration -n demo sample-xtradb-cluster-backup +kubectl delete px -n demo sample-xtradb-cluster +``` diff --git a/docs/addons/percona-xtradb/overview/images/backup_overview.svg b/docs/addons/percona-xtradb/overview/images/backup_overview.svg new file mode 100644 index 0000000..508f350 --- /dev/null +++ b/docs/addons/percona-xtradb/overview/images/backup_overview.svg @@ -0,0 +1,1002 @@ + + + + + + image/svg+xml + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/addons/percona-xtradb/overview/images/cluster_backup.png b/docs/addons/percona-xtradb/overview/images/cluster_backup.png new file mode 100644 index 0000000000000000000000000000000000000000..1e70ba44263df10bb1ffd3bb0d10e5ebf22c851f GIT binary patch literal 19439 zcmZ^LbzD?k80MuBkdTx{rMo+ol$I_>kd|(c25C@{P)cBs4uv741`$w^PU-G$7-A3K z?*6g++f`<`bLYmn=e+Tp_dE|V+M3FD@u=}22)e7P@u;-48l9C7bEedYM3DvApMBeUnRWZKZ3H$H0=cv#JHgG&uH574{ z(C(8l-<_hfwgtQHc)QAj-xx>;LZ^lLnfOQ{NUcWoiM*cg#P+nGFRA_{&fM&yp-0n0 zckybp|D~1azvakyL0ZF>rKP2!+in38 zNCtb4HG}{%g)e7apc(OMND{!XA&ZI87f@bJ4^^5FT;*^V?X3}apc15|V(+K8gP{bj z?Y4$Q|M>zs4Z{j|ubSI?BNRv);xTwB6_P(#KR;+I9fDq!nS_m0ggn|}S9emrXkdI! zxsDz5M-*}V2*Bq$d!*K_<)QjqJOl%>X_q!4QNXpA_bkFA)|6Gt**JU>Lf+7fbsBp| zx?o*r(3eEc46$rgQr>Ovg>XVcl2v_Pk_fJu!YM&4E^9(e@DZ`)1L@6sL%vW0WD~j^ zf3Gb}r`4g`8QP-@@q|p#Uf*ThzBjpzgG7f#cGtUBAy=u72A5^z%IUBkDMS|zgh@Ld zU{uj@^}l*6qq&GgAEkow(WHoAXd!8i#yQwXeyDh)GXo;~(_9V5`|p$(3{Dw*1$|_H zgL)Erw|Eau)njT=8l+&6G$S1b45#XkwHZN(4osYNfvIRhl@e52xa2Q^5KL;^PvE-6 zdShPAVT>Qpf4#%TSJdIc447p%%+-FW+P+GT*HMgc9J3kmYKFhik$Vs!R1AkdO6ahR zF<>JblcY_g;^nP$MDwhh+};+V*2r#c4UVa-to$)HW{68jxKd+MUZ<3=;~+#W!^kLy z51Eux;3-beZi2(vczCcOGBPr=vZA6nwWm+Z3knLzDS6C@|NQxLc5vWc0f+x=&C7cr zm#dwLwU@?-t1Ol%i94s_?d|RF;K0$WG8xUrNTNWUrCGQ*S?40FQ*JQpQa9-`;DE5s zlJHV^`SPV)qxW{x_xFRGCTpjs%1!GwQ779pROIAX*)Bmnb|&Qp;PP`_ z48dG~dwXjoXcK?xml|vr-F%99b|}e-%haRh>bkcc5fSmZH%qcR>w~{e>B!o@YF7V~ zt>WoA7Y316<1ln$7N74X_Z-YphzE;ein+&7kgMBm&va-L~ zIXRVF92~kIdu;S!u+PjwLVD5h@kb3i-#0H878d3f7xUkvjA~z!y~SnH;9z8gngdRi zc4wNKAz$$>N(u@GI1w-tZC%~4t*uwNa5(&jbDf8^wY8<9Vk9~Qtf`rnP&td!nmt7= z3Ya4uH0*$ApPbA%JUF;_b#)~i8X8&>5(4Q*5z-M;QQ?*w#DP!HUMk86A#!_9dil~3 zh0+lNhVl0yX@Z6d}bUR7ytKYVwNA1-su3G2m4H4(QZ0WU`=ElkTqa)Aw`+{GLYcs}7 z{_{u9hf48s{{G)hzfN~1(2!74u8QPLJ9jx&Hox(i4K&<&lq`{VYt9C*U%%$_-JAPk zDOoxaYu@NRUpwjSk-^Ktf*p>1_q}Ap65fApl+0I7s^F@fYz`2;IN9EOWgaSI^6z%xFh?c?6w@8W}aWVO+CwTNl8Sf2M7LPtLMH2y7wvQ=`Du8S}9i&(n&DqN|uC8J=PdTdWR8%0^ygrHd-?iVomcXlQ5~z@eD<`1ty}yPqEI z@83Dy-$#QmF)`(Gi%_IEjnj#PgSwEMs%lJ+17gLLi{fidO${3_ua=Ik?t}Cm8)Y4x zcXj_>5!Os@nDpTn$Oej!$k!x~!wCE9y|nWl3zu$ld)wFTAaaRIXy$Ihc)^xj=8{=-u~x6K^oi zPbsB_s1x1$A?Dt^qQ|h~Q*RajQyp5qJI)9BD+zYTE zc*#G6e&3f>HTpylCVno0zCf{)#e%-&AysrE46&{la{Ns$9>pt0n+GTc;i*%%p$#0RQ^$ zRX#0YlnfJ7t}W>1dkv=vdbzY9G#Lv}CpbcID5UyN9lotbW2L!rg;~Sk`^?OyftLc( zAoZtqf>!-*W`N@@-#!9Gm)qtOolI@%D9pKNFct|)RucuOUNRmJvcug~Zbzy>*9k*= zLwA`53itxoW>ZISC%=75oIkX_W;2EHUqmw1<*^M1H%tcRRPs*wz@13N_x@e@%G4q!%*w|-Rr@(fY7K?S+e7N!K`sAzn6 z{2;=&>12D7XjN>-Mu&`{RHo;p0A1Op|NG?Rx|qCiZgFwH)G5>xhub)}@2ksrpDA`> z>B2y%{z-3)FU0ZfVT2GqOR{~`ls#iY9C(WV6~9$Vzl?2qVTaG(Z5Wcj4P{b#y1MVb ze64%IN2MU1IEgvO>@cetbnC42tnBQnjtG+*ekuYNAsg6x6YOAmc*Un<;yHr~ewJ0D^b@l>J*=7&(WhJ1ZQK3l4oZ z9dU>B`+-yrXs=ANBsWVkyFOV5iBi5B{C}VLk`?!dT*J^@>_ks8&MmCnidS0XDA4ue z4oO?q#D7OL@_^~*W6#|g(VC~H&h3f?4{Dpr;7N?QLDtM2*BppCpBFDGM4t?pdPe^V zyTqr~%+;1i^AN)fFv>WgkSE@f+ST7-AbyE3`lE&srl2OS!`1JLDxjpuy79ZI$ZADr zO9_zWweI;O+_l+CF_;O=10G{OwD_H#WLq+xyzQ8ilYPfnJAIOAci|lAA4&7=bLL*Dnlc$^5T;Lj!@W zfYy|;uJ+}(y1L3D-O_EQTqk@)TQ2Jebx!LO9kF_!u@f>#+?|0^D>XfxYTi|BN0d5Y z_g7YGYCLew1m32bkQb!o6y43nwwh1UC{`TE-sza>rO`*Pjbmjs9xFX5t~WsR~{sULu?;V zpZ)N%G`j#+Hiz<#`~y>ezr4`h5klwz!?O4NRMDK@72tTuQ2#c0q_w7=4aqB4N+se? z<-8_KrIQu#E4AuvRW0rv$2c0RsQSc}YncmWf-r2Jw#{z*+lmbny~u8X5>1f;U)sY>6PhwEoG;PK__!jK>a_H#-UQipVBRFN0?qHFti)^&@pwpqWKhdb2Y+x`_7*qvpJ=Ew>V_zN97g)*%|F zXFy!zeiv{Pz4{r%O~W@tcN`@VQ)btl8W>T2TA2r7c?DRXpXw9~N7IO+xh=BzW}Ts; z#}0^A`oa?D9nYZGfd!jSRaNazgi)RnbUB|sP0aO;nQ#KYI6U1m@wp1IJ>e6Z zzCVE~*=epwla&6pKG;lT5zK3RjB0tVu+n-kPT8Rt$xA`GtcB^SzEdNN)oj7g;WmYr zxaf_M&g|oF66;U?uYm5Hl&03Hv!xy91;T_z%FUpZ-1gh%HNmmEck1M-!cGUaYLq## zD~lw)x4hk6;G-UeA`v#ve33_7UKgA$-WJ&hPfH1vDxBl#!YXU8##RUHt1tWlP}e() zi>D-zY{Sq9W*$UvPm!NpMy5r0%O$zKB*c^H^ue2HAJ&CJ^`GvG4(cEG2`*-G+gsZ8 zuk6bwn@CK3oGT3%2(LfBX{p=XkP4oi^m5Kwo3ERzjc_|ARA24Qc?@=m`COYdk3RlX zP$AQD9pysfF}qFUO{<^O(#`1OFO{hK`(e-zy^c4-t<9*Jyr;vys4YxK?#A~ZNgw+M zW=?@v2tr)SV*MjX6hMC8SDTbQJ^EO1@m(IdjD9}at8+-CT!?8qYC7GuFEIV+@>xnl zG-CF3WZwG)mf76n?y-d*3;^3CEsC8SqK$8RHy!^*X=D=)KKSX2I@<}jY#5u672P!F zbz%5U(n9N`jXQJgYmSt@Q1&m@+j!pQP6CAhbfd8#wj&9EjLD9t$Oiy15K8&{z%^y9PREtc^fU3Ra;=&6{20~SwwdNMMNLK}{wyJT zh}pJNJNq+#eVBT8*M`?@MbdLvtYK)dOg+Fa*TpVlua$&ovFmU_m-F!ICBYUHV^w{A$b#SAqQcF8hPA7 zhj(rgq&_U`Bx?*IXZ2rkN3j>Li;0*PJz2^OI6E~opL`C6c3L;-$*&3GV|tqDIf4DEOXJ&vX(jdgRT-!^ud@+GxfPv66Zh+c zBwcKqpY}caC@P1yWwpN}r`}pez$=92Ur+n6(f>biDxY$Q=9pQaaZy0>GKcH?jd3ZGoMql{_ci7-5 z8M3<#dd`Zw@EjU)oJ&I&0MPJmd!vMhw+I_DOaCxw(7MQ>YUho<+c49AIRd|Hm{<*@2eGY>XHg~^+wS>HMVoR!VR@U26A;b*6GG7-SV zka^;jR)3=hyksm6Ei#Q8dOcP>_GS(W5Gzg5%DDQ)LZz}6SK%xYUs?h97*(2*v3Mx) z^ZiZJp7ytP=hlh>S;v8O&)1+L(@CAs$ytG}m0nt5E$Y6fU1s_nugm8u5%_0b;H2wM z*$YMiP216Q(Jy_7wV{006>dM8dZBN(D+M)*O`eGLQd^A3i5oql|M)CI!)QpxV)gfKCh(U&btgT`;?? z3bpf-LHQaJ8G8Wyu)i=st1d88tYw4g1pm;c&AHA>u63MK!T{sKzQl_{tG_8IzZ8yeo{*H6(wlX`9oL*C*pn;{$R4&yvLx-c&^Ovtoz`BX1joGHMy zC||c8D&P8@V4-xlHRMx4DQPSH3}4HhZI9`ti+U6i4f=okur+Wr*$?DAL6q%>n8?UZ30W+v4iB`jUnLSLvLG?gbGcz9%geO@9 z(~xHSleN-KMYW7|ARQ13h0lZA-e%zF$#C8w#QPCdn%c&L8@(RLy~5*1D&6Rf1C^ni zF(xA3v{_np*!e|b^~+xKIVaGC#0!4>#mj~4M+@KYD^51dtTlG&eGEbw^to&*zUE=D zWv>VCLlERcuPpb6%P9A+SD%70#viJC{!omqNT5!1^GJ~?K70%b! zy*SRBF0&%E9@zo+1!ps(+P-4&J@STDxPwTwZfvo`5b|f+b26BY;Zv!8>&J%gL{79a zC3C_xWSu)MmL09H>yk~5@bBQC(n$$vGJ~4{`8qu(92tY>vt@B2+X z3Gynirx&w6l2z8L-Y;`xaV&mY{g6Iw(6;xxx;;zNQl7p?^mw!MOb^2jq^B z_540J78KXh5ZxH=(yRAlW=Agbz*5+g%QTqo9~XWjO~Bk|bw0WKu<|oxy=^m@wZXlsH__WB!X%Z$ufkQd%} z^C2v28^M_z6iXPQ4GQ_`wy#~P2YOr1Gs)s?y;NiTn};NDICX|V9;|}7Kc26@yYdG~ z))Sdmu7^Dref2n_zbaU|^R~e2=`LE_5@_X8@I{O|M)!CAknpto_4#IBi(MO9%rMb$ z)bOtfvsv<}TKIQqK@a_A*+h~1g!UpV)(j>3Se{KB3PfKdGGF#9`SX{Xz zeqs3W<3=hWe?4k$doc<{pB@X)H1UuRw3Bo82%1aV&e%Iw#&;FUBBzOpKtu*DJoDWf zSVe;*>&m0tmQiao0h}^7Yj-`@XK;48uCRTGwnJI7bE0}?%Q}mbgXL++!f*zVDHCP zhjXRU>u+|17U|7YqD1sDIkn|o0r(bSNl6Ty>#X@zj6_<@)1ek)Ctj1+4b>W`t>)dH zx;KG{i~Mw!>7sbJ!<+{i(oU#_%g6r{2A)d77Qk*dUi8_k9*}Qb-kQPhpD?~?_rg{L zA9cdoV6#?!SwQo;AV770O^>iL$ysJD`LKM5N;m#A)zsr!?FQf`$r|e8@n7A{{1ENz zd;4);G;^fi$pGJm`>f1;{JtKGrXSkkQ8F47LnIp>oOm57+)eo+Gf1E|&@tkl*_(#l zAha8Z8-mT`jnoI&4S5&LpeBNHX}hKwW6Kw72#JW2(DtOD087h-D95pig1kS$@@T&? zqVuSF+@|!Pq>$qu#aMHS<{6@N2onzp&ci1!!KCtT%g&MPN&Xl@^atX^LdD3`bKQU( zaskjB%=YH&E|^|s$;A964W75V*hN%Sg5yT1e5|&JPv@`eEW4E+s>R~F30)C?_uPDT zKOXvQ9;F$*F;#=Mz9f6Yc~5a4EEx<-rK^7l2eZLG58Aq--&oX*I23y|)m6GIpL*B|?*D~1y0RQ% z=6yesE9{ka?S4C16|j0LocfHz@%mK?UIB`)Z-t$kUEzg%_GE2lSo?&?fsU6CY`3=> z8vNv$FYr`T^9#LOrCjySk4trLgRF}e9D*4%WiIf}51&3cfEoF7R#w&|V#R&xhM}QP z(RuZ@HqcXHUl##Iy>?AIV} zHzb07TaHLXxswOr^db&^6u`^Q>kk4N8pvp#8NmAcB_XI?DWScg`s10f*VARG)-TTT zGaZK-Ua!!gLd|P(^tmLKX*PRy`5T-mL8Z{5zzVxCzbw^kX#?3ZzX z3leX6+l4D|tTu4($Z(zYC8vvD$v^ShNz7kwU7Y%-9ua|199<{9`JO-;%+Ll$z4`32 zRX+apm$t@oV9t2c3qhN-!PuOl+63rT1vz6=n(QgvgRNk4}Fcu^-iu|{*~3T)m( zQ77{ws6B#Z7r%z7^?f037RDaa0}&CY*)U4_0BUG&kfw5BZNHT>3ZPuv=M2x)1*Afb zOqpG$_b8>Y>)fS2AnYQOD ze+VW`Igw%p+zU}?7+Pd!qcS(C{=-ymo)gCZP)Wab#k_%3%{t+eO7F&8?*s8MnHWfp z81w8x$f%gW-Z(WaB~@R_b9XL@f_HK*0MwI?Enax4-(XjA&HoOXxJckbMXEB3lv+!L z&>{W`;31##w0l=68CFAFSi;B&4&hST!AzeSWOg_T?ejO=2@$5-c@=oru8KhYER5@V zM^^MJjDGGCL1-@NVXy&qu|W0xR{E)^ps{JjQy%kTZ76x8A(4Er@M|>Wso^EJF=qn> zz&-V$GZMM6VAGXf6aqA%Px_C^$m^Z}!JS0q4o{he6U+L>Q=!yh-6LrrpxMmiVZgfP2XV zWhR@TDD(IA3RayO{vs&RRE0hUs4eMs>i2E;i_OxVDhB?M-r@{b$Q0>+&_q|(Hj#w( z3f+}^-28m`6{l!geCE}Uc2oKQn_BP7h_3#A#IDJ`jFB)cidKhn3BPr}(t_7QAy!^S zTO$tbhiEUMbX-{O6l$0Zlru9Ga-%`ia3)6uh=b+|q5h>+&E2dpehb8rLamYV1s?e= z*F+tY!Y0_3dh>WRijzCm;QC^ZsipOju9Dxh)`E^(y-#4ggCOVE)#^*Nh@kUB;; z79~W*!!3vs=#Izgjs(N3Y!Y=y8;b_R#E-rY{b_S{F!LCZfF#jAs0@`>w)TR4BI|Oa zd7@+Xd2G`(&~UJ4!#l~4!|k-F{;B3}fH}d11?4lVOJO?6`A>;k%yMIzn9|x@A$OrS zVdPd3=x3xzwJHYtd*h0}tRarbAh7~SNo7$PszO&mgQ2~}_nx1|PkrnvQbK`o@>q&l zLko+TSAz(vTmA^MvFPYS=WJq$_pg;Ogk>fn1+k{;kVoluUo)&B*%q0NPgUU5FhjnJ z&WD5KsKW2YtwN@3e%q0BG!{jo|C5C}q45=gAfga0s0jlmIOU4w9mv-{1hgQDT++i+juB?eHgK9&4!L383=~%cxU0RebA~vUno`zcu1>FWbdpm6bNx)G~V|& zzL2EfQevmyqHdr@nnInSSs57+7xo_U_^va_xC_sLn$PG4%>Z75z7-~guU{Uri9}Bw!nGGO{B){S#W3}3@W{@7ip~BCLXjk4 za@Hk5ji#>&%j#cZk4MVf;~KYzuRnv-6-V0Fat9BBU}!LGqn-BO_v2ZhvkSb$Hb%(j zsl8VP>TXqPe`z-s{v4?``CIHz^Zv}MpR4tM`@+qoYM*v(#C}L2uSBbwPntdDif8cJ zUV?X7=yhoM{w*ip9nAxH*fEXQ9bR@l{%8ME%0qP^@c!yLz#P3OQOTovNp27>WLV)env9*A^N+h3MRY>`}RE@cf>4{p^+GO_xcU z+id978k#{of?%t{RmP~{>RuHLvx>ouuq1Z7^Xa4~&vQKQ)inpk@g#473N9-72};{J zE-cj7)`SU+dr0>rmZ~^I_Hnu+gL<3?Dno`UT{SYiHy>6qdtRd>^E94Unl&seMv5l2 zJgscvl)2NKhZ?m)^tA7yg4zH${|Rzy9SX}~EG;cf<8hBwAhWJ{%Ou)gjK+ql@M(2> zWLW5?X{+>n(6&1_y(a}4LrLw-`rv5=Oq9POD7ALcgv;m8a=;73zGIvFp>%;(DX)Vg z8`)baEzqKjJ6m0T8_!pG%S5(t4B(?g;C=F7edJA2J_pPg=`Q(D`*^D>ti+)nQC{tj zdg+1W(Uqu@oaWTI`qzFZt;V_@eg~$=Hwm{Aq2M}OZ`&y{kHj$IEnj6B-bFWQ=qnUV zBtj?7zV5m<1c|5TXYID+MPg&{d&?v93yKs+4z6GAE61f@+iGZ+mkT<;YJbnc!8fAr z?ruC9*m0$W&8NeQ8baZ?S2PR3MuC#45`Ss#dRM1odt24%n*^C-d?_4pFi4>`xkF#3 zvPBibIv<2~EgA$F?hOLJgd zwdz6ABRzet`r%r~NgTt_qVL*LyyZjZzf%UA@0E@7Xj0E?eS57{^*|Ya+#~8uP%HE5 z?#SL8^`OWYt8DwbPGmXNPk*x8 zYFu6S>}8`qWnT`yQ~-;I%%>H_F;BhboSHw&q_IzPl#OAcY!(0X>9=fbxW;>iK09<1 zM4&Xrmet>{&=44Wsv;5Qd@z#H2E#4CG5N&shsiHn6dB|?7ADPRj&{;i$g_NS1-G`% z<)G9v-Od?+DTaGjdB`P|d>$g&Lf_?bI7}X$&upROnzPd;XUnwrrii>^?zur57yRnj z#siCVC8{DRy6@^$#1VvHM3U<@e&^FL*-m97$0I2mZ_!kI3R(kXGkWNdd=Rf%{v^J6zA7bCe${SH%Sr7|E4x7gQJzUQmXPs9X?kS?+)R zz#{E1lOo|r!t+=kD=N3X$x8RTvYsT5mI^ABvtVq*Q^;bsKs@RME`xE>x+FYPLc)42 zae%yj?z8qyK&xhR2IXHdh6p4XX~20P;U&LX(LC@$_@pQ`hwP zAgv9(U9F0yU>dfnom-Ph&lTNt*WmIJtz^cJqm0>HyvSb@#bi`5d0uh z=oGXo;nP{0H43Nxfz%FPBQ z-ee^~H74wIy?&{A8&P63TwU&J)bx)EJYqhKqS|(xv$~J5N=q_WxJxk_<>KEB){=Q` zK2~Ne??#+Fd%!cz5$;Hx@!n>w=ISWBY%{=H^MZt0vL52 zMkc$uC__y~ZFOCZOp8XS*;1NJS%WlJd%vYV{cByo_CEH`;X!YHQyBrk<#XyQcV1>+ z;)6wVGpIYC=B`6^V%SxLJMtQn^fO~XtlYcS@H|8oRE}m?ijFXUR8Uw2YfZvJ5 zHVD6+8~15n92<6vezr+jk^q6G_5k%y@cyx;I^bj4f;H`+JT|cMQmpz65F(_0D`~Sj ze*<)_Q^2ng2yq2uEkeIo5mnA7BP}tks^I~oa!;_?+1U%c8$m5u^|nkygGmGsSw7%g zkh&MOKa{F~W+=0-HhHg~i1yKs$vP^(x001V5@DJMs2g-5#VMWdx35?{ag& zFzRxfVsI}kdZEQgw^>6QUb?L~zcs&F^w~(8re#z|h1gzMb zh!-)mIDIu|mNW`)nuqo5siQfH{0S*Jna@;o;tfTpFc6OZ9VV-qu{>2d zyo5_@mP*>>+&{Re_S@ zg79>QMK7KlRfr-)_!o!ij@^%lJLZ7L<%6gxnd9d9aZjOQ>Q4$MzD`}ICe5Tsm02u> z@T{tbNPwsM#S_)V)!dR;f5WP|nxEFwzroOiOk4QP55rzZ?w2@yu+6Lq)ranm6#DFV_&Fr_{1FpM(W%CfN> zCSKg(Wt57uN%YtAqaPQnp>nk?+wJ$sdk4VgI=HCps0Ku#w+3vtjKOyLSRbtJ-(1jU ztDWe$2OO*DTz%F3OUUwjrMwblLk+sLEX>iU@rmG%TAYE@-)Owh0b6o#W6e`yX5O{T zWvn8r6Oh)r^?D{#u*-awJnId=W@C-6=aJ~AkZ!?7+C7l|EEPLsMmVo~>CMfbJ1^_# z(-xN2nh_W!+R{6CPl-(~OY-*E;s}=y&#^^;K^@9{9ObG*hJY@I9gf)>hA>9$t(Y9V z1$WEvvN7f??5EJHED@}2v3$%`rPg(KkoT+Rgmgdk{WH$57RJu%E+pgX?{POy zt2Q(pJI4+s$C?TG)J)f{Ryefp-z=lK<2j7u)z2!p@j2-i6Ch$ev#^*s2K2WwpR~y* zK@wSsL_|ch%p*-SAR&r$XMHJ^SM-jkQQ$PJs6k%QF$~5ReEBkQ7rR}eDlM|FJ1e_X z5qwWPhz|J8&N0)@tzhCnS9UY8BoFK!*B%Xi`fkbLqFDaFK4)ZNVq#%uFRmELx$_PS zP^e7m0Rg_8E!MQmU{ePWGypFnx`{3IPkZRGs7eWDEkYUBzizdmy> zOcF}C<;}Ojj9&6lWqZ)^;{G5Y3Sj?!@Aiss!B^Zyj#w$9WyT(tQw<($yQ5o}0rLnZJDuYo-8jpyM%d`S*ht#-CRcA`Hy^ODD&?NT&PXyC zrl+TOgvr-(aW*`x7oesVTPW(~!E3}A3pobt_DuUW7H$-;Bhakyro0i%hM8e9YdDa+v1@(2Cld`n-47cLnP6- za2yc<93kR^XGKaA&T-a4)T^L?TPPkSo;ZXNqL91yi&i(Qo5Zg`zy(k)nQnQT2S<$t zgH1=6kUa4Y4&SVo0{BN@!~;J9lv%^UFz;t7n2q#3mDUrIF!6#3iJuuvSLSO1&LlkMcHk6*M9) z-d?bXeJc8LqB_-$zsO9}XbjtuBgH<{7hPLz z(F3p_=YYIor+f^XT8oXk@adj*6}^QA2>E(?G29o$Dbos1#tKhU|Rt$??)uM0Q?Yr&?kvN<%l5WEro*r>@S3o`5h>aZ3i*AE$Zva zhi-(li>F!YfOY6mw#82FbQLr*B&A+gq^(S|2iCPWYq1zN@>X&dhmK?*!^&wA7r*;k zj<^8sQVp^0-Nud7<)tM8XKdju!Z7nA$I@4A;p7D)h;G-hSiB6hC+NNeWo*tYMjA5P z%&FX%-DnL#^pEv-aP5>5(!grJ709`LWOxpTgH>SilL-s377g7JAEs&sfM2g%Qa#N7X`I27H|#QMM{(^m&4Lbh0sCpu+KD*^wj-L$>5x`_(8R9m?zlswEhgHJOdgOKJk z3EDEx4LA$h^7gnkD7!enr26{m15?7}L7R45JsJ>ty+U69m zl0(mQ03kFBcR_LM&dGdvO~4AL_IgWN%oJ@4V&M<5R<5Jyx%6JaA91o}X} zvnRF7iK`&V%ggH$)jsc7H;I8JSFCrC$L1c!Smc-OQ~GbsRSZ*yOfh@)kQ^^^#JP@= zlPoq4P`E#&rP%^T9fpD9e$%wG>`Z?j3kV_$XmEr2e5htwOmlN_amYAV+jH;W0IwEs z$iel?b&G|TmzU+=I`pBN#tyZ8>+$B-N*1h8MOL22A8kqpIRy;P2rKks8>W8*+k zyRfP0(nW_1A1%|6jjV9A!hCWouE0bfyp5P6*0QXw?zG3k!s0Qe{F=>IqaVW#UW!0h zGBP`xgHJ%9hlz!Cj)R3IpR0|Won?^fdt7eNJ~md@JITS$F0ZJF^-6^1Rt%z}6AGj} zODij>WaQ+zH8px%Y;4;9w!I@w%3J1^m%WovW>_EiWl4NdSnK$bn7-h+c|D9E$Wx{=~%? zl!AvneeVqj_~5qC)&r}$NgWFd!s>tVKn4Je(x}I#Iz1<+4`^I?6O^8v1F* zm56Oa>kXIpRL zLGPpR@$my9A|u%)ytjTuMMdRnWQgG2y{qWzS~c|>6T%G(2@699y|w`4M!)|2Q2_cX zMGK2;Dr)MB=LNbSn|yX>PT9qT6AH8aITXqbZUzgravbyW^GWXCXZLx(@q`%jrHzdx z(B_Ew9~B`?>zuV(&lcixMy-uO@DO@mHyb1=Br57-2n17oo0YBfIyySvW_m2Rfe0l& zp5XGJn-{3DM3kRAk&^IO`HOHbEG@{8@N!TERP5)4npsPlfAl3?=b)CWlgV#=GN`|m zJcpc{0;Eh!f4p|4#8+ETJDYs2b8?tCIL~!-GFa#R=yP*(*Cy+D!TLWSjf)-t*$Vz< ztBt$(^mng-EAR=u?@+&`+)T<-e%dgZ8f!-`L% zl8T^?p5D^UdSQ-)bIbY4CDY?K5&mieQzP}R^XNgS?Yhic`B76-Q~1=nJ@*&&k9kwo zwnP+MM%we6n~pK@@m#x84b?7PiFAQLh6X%iS@Xf4?(TO$ZvvkEaDAw-hgB>4$W4s) z&)S-uwWX!yPtZjct6sN6X%gw<;b*ZJID`>F7wd&5KoXY=L@J8!-n|?B^-EFTxlZd3lL|-egr!K!5`X&I)^bdq=Txa6F^~P6$M)2z>vi&Z`vY;Nt7+#jMTD zG6f_hCpm#E?B;BLQAI<8{NUh#3`FXk)m20Kd-rq!7xW>Z5dqI*N0^lV=1auM~czJkMs=s}k$dnDHZ@s?YS%7L|bt({#P~zd^ z0}E?QNli`t)MLXhDw@X2&8=_3MbT1K)!zs-g_EyD0;RJMpNkLZ^Ou*G- zWMteK{uopSqE75)Tbezz??6D1XmNgie)~cL+A_Y3o?ksZif(TFw1haI8<=pz0EYMp zdQKwkKI-BEPpXd-n1UDx5_?h%8>_20U<*v4896xcfMO2FA-%I{?&{KOpvAmpxkpSK z0<10{cvr6uEks5^Q3BV385`ffHIH}iLV>0SP#J)HXZ)22RMgZzOx|}0o*g4ZggOBm z{BWdj{O#((0XjAiAi`T)WzjJ(az`9Uh>5j7@+_QZ%I8^iC8lL0w5Qx?Sr+3QMjTN#ancRrJ0er$HzSU)N*mwRhMq!AxQw`EvjtT0#4Gm+-UtaP z^!^6p1j1rRme0((NYLR*kMk~n^Yz8%oF9F_=}sij>OCfsj_8xUq1BQ(f0;}dd>c1O z=jZ3gzk8LM%6&5_2M+2rnur1Y%@il~nf5YVj$8^Sl0jDY$;5G+)(YAA^N>VjCTopQ z#NWGjuM>TZHFiM+C{P+xy)@m$Xv4)4O@m_A1)u290xC+_ttbki9{iN7V;{=C zEj9|Q<^OgwOITouRQUR(mNtwnR>J;c3!>bRtivvG@jZ_)9amH?sUrV{!0)*CGQuiX z=OK&rdlO#((6NHiUD)#oN+&Fep_sqyV!!n-UZ?E}1pTC@LpG_0uLQv;72OJSi?>pM zGHS`;nisJ?TudtAvlCAz=?z#O*Qi~$F>{}Wp2D%sfl@H>Q}P^s5$O? zDS)}-rx@qy@43$kHOHF+e5`rwH%H580@?ZH^S*#RSo*)JcRRB}ku@z5!|Z z2Bj{y(k=MZuW6WcsR0-)tHs4dN(0^#z%F|jqL8>4RN>T2+f@$O_;-;E2n`=GS_bs- z_!9aT(*T8>Q^YMl2GGK2(i1>vfvJETuVm1EV&o5h_2-0h@6Eet5;`kMNl8!dgt-n| z*MNZ)mg?(sDN`c^W|RgLqqRA+CN|@??vMt{5WCp}D%Ew4h$tU^9^4;Yv|Z=9chKJr z(fLe;cEnM(zY@9i&b9trj34ceJ&!DBn*7p5UFc{0R_Ub9=EBeBqZmGw^+*9}7yN$1 zVxlBR+_v}DI9isb&+mf4<8_jdQ}>%+UZs#75Bt?N7jkq|akVLo2(_HgNy#uT#{38c%MwC?V71C+h( zm*c8b*$LVv1oX<~s_czC5F>LIf;qH4p;ndz`E;XC z7YMCrP-XLpNrKM|H4T^*eF|lN_JtATRfw}TV7K{niib0Kx|KqxJhh(e)%(TW@J~H2@0-2gvWSpP8Ax&Rq4=xEgzMoxm3R zOy+X0-6uakA0I?uI{N$fi{Ixb<#Fl***gGq^W$HwRy8xl_6ytRRf;yh8BX*`Fu@ZE zu-ieV{0bgQ;Ixy*g#cLRV`cGK{O{C+Q5d&>RN&7aiDU350mxoj|BpJ(G^nX8i{m%M z$R^MTu_3aEc9bQ72$~?9kxhuo1c3xu^tB3fkR1e~2r-BtQM9`?-2*~95*7*K8=<9x zEWw^g*+}SyVbdTq0vQE^Z3GH1FqfH6Q#14By{cDr>eYSq?z#VS?*0E_-a*ymG&r~y z%gGK541~RUH`cw-5|;ffAKU?*_lt|oP#4(d^Z7ZNPoHk)=H|k+0HP7VOpRUi1SI zFM?wK%8ULXw~SLuIwItPqHjkM;JctJ9Tqha5yfx@Ogwz(d?+cYp|ZaIa7^P!t6#8( z*5ImQ;YCZ%wj&4QHFseF9_<^vX>or3+61@Vp;w&<#|nr17AhnJS4nbk=!ZsEal0Hg zM+#w4HSl|i4%h(C?2o6oCV2EJAw@wA6WXPb1TT4NR0*`>%756OSMNnmgT8dp72?jF z{xIGaM1xCd7Bykw0Z(p4vOZnRv~5kGMw)e{G77vqp}Gr$41l`!m#{3}QlWJ44K@YC zP?mkb9YF1F{gPAGBaDRQO#{Or&k@Y0Du{=Jgd}f`c0ga*m@6yNj13#Tm`QBjJ zSx8ONc0IxGZD16&PHUNwv$h9__u!=25|iJH32fru%D2pB1?%0h2Kv1Gz9tFs@sTU_Vz@5 zfW<~V|sR;MBocfO?e@r&gUCZUFi=%&eP0gUBru{H@FwtGtVYrW^-({ z-PyOhU03Xec;($nQ3tVanG5=XX@J_jw~fhZ*9t8c3+fWPC052#Ux|^K4S6&HwQdU{ zSQ#$7PG7yjMXklbrCz$T+7^xmY6Npiu;-J-Fz)Fwg0aCueu?lh`;I*wGppT!n>{&k zdu*?CpA(&yKRR-h{TaC{0Zs2&I=tJTuxcE(7B`fBhBPeswLiwvA5|OlopWpjXXOIA&9Kq=;*T^-UdPAgmK0PV^G5G_2dFP-BmC~1dx(r!6E(eq?6ZaE zR5i!xJ7H3{+RH&?F#yF%e?(+0^sui{mpeBZud6TO?uP(A{BDmwU{h#3T&;bQ7cueW zyy6fRJ;sRp(r3;Crp@@Y3#+e5JDLZb<@@F|wf3>y^Z`p-P_Knoo{OA+f%Xf)2|WSj6*eY>_wcceVvrPmApMg93-nM(AVX8)f?4Qf~`Z<8U^ikRUS zo^krij2O35X)*8yoGH!}GG#Z}nHoxQc5|V+?WQ?UsBRR>CH!c>e*`2ZpXS7J|2u%< W^6!A2`vf z{wW#ohHdp!?kgpE8PN63e|jS#7C3_MC@1Fv0%6ht`{$sv`+Z+;4mv&80}g^re{Z|C z(u2Sbo~we2EZ!;x9Tg_oYsTT9z#)7$r>9mR5LOFN03&FKg`WZhV)s&zd8*|xvpw(S zt$8%xvZt0@g@R%0-+BnOpbV`5Q+ks*rXZh%s;&v>n*|Xw8M7mwt>egf4&m+A5hDa} zzF`%tm{(Uc@%F;xPS$b6l48c%%lO`3fp8R+R9 z3W|$&tSa@1@$vD^bn>YpI|4giwZ0bk^zq}6wH{(r!QP(d$zSshh@2dY=boNt$cTst zW-VP^sb8+(BvD7>`Shnj5Nw^td+ijCxbOV1o&tA(2)X>|V@~e>v7VKcg%?97$S&~s zF;hza`{6e~hu;)T5is#m2+PFO70NV1j z8|JfsfGFLi7r1YU{u1cii42SMd*Zwa`fB2>x#B^^b&!iLtRR zPgPV@lB9aQeomEs-=&aC@3tnpR0CU{PY2Weo$Ik`pEigF#db!)&$OR%UKf8o!)O& z+QXxmrP2Ze12>+9lK32``JpM;W4}O$(w{~vC@38D^z=mQ7MldOnr=9j zzO1WzqHd(A`Q1s3k!O5-JSHN7;297RFSWI`y=7%XYAY*+e~c*cHNF|iR>;oH#U#sX z$g+SWPOeoQjF5zsC7Ht*8SdXl-rHjEaiN`DT-kVO(Bn4N8^tydB#1 z)X2yPu@)`IYFRE$ewUXw28n!7pu;7S5 zWEP$rM)+exUR9HUxqfeofM-ws;&Yb)c^cu61#yv|nP{{JkD9;0t!(T@fiQLDl1mT6<& zjJy9PKiXcpvRq{-lmqhsqh5-D8>KAm@vwa~iBp64oW6tv3f5Z^@!{coUig+l7xWsl zc(b=Ln>4|-yfC*svCHdSEoug3-Xy3hOnA#2W8;4m9f zLj2#YmhXSOZT?in21wSJ(Pbwg>{o42C{#v9CY9(AWA}Fwt1e{9M#fBSyEQvhwG`ug=N>AO0^SFcuP$;rvF+Gp9h+o=the(93~3% zegJ({INDx>c~r3h8n=AyGNAj`M!+%e7})nOoduOHgx42qlbnKI?41S+O;l1=m{ zNyFBA36>dH(grA9%gV|siaL97KrD6SKy0zxB-wvw(SM9B>iBzjeYch+-oo{qHUzMi zx}?y~dk@#Yj6I>@{YxfES$=YLl?dNeJouKj(Xo}=H&4zZ(GNT*R9!n=pFtJBI52+Q zqx4X;`Ya;IQpbWw@`;qZ$xsEbrql0H>%WuPb1an%<6~T$@T;j3v&rDlP!p7s*a%G3 zs$morB}gB=40OMreY9AHT5d3}$CC1bQq6%ji#qwoKweqL2c zNy!Enk1PNYiv_yP84T-#Nld2w^;boGWhL|o2s-Kgr|i6GBS|+J812%7lPd1=gOuX- z?KD7LOO1Wc)^ZOIUF}2+5=gnlDe}iRos-*^(<>^*QsHnvC12kw9+&lj%C62%NR2CM zq%r{F*0l8H+7I8dm4hk_i(tOfA|29;S?$c~&z_#$wx4zAd~D3A=2%=jxOcov=f2>% z9=x%!p}SMR15r{`j2Qf8C6M%7Nr{z*C;FjguDX`iYv0SGNs|;|+X?^F)KnTwx1|eZ zUJy3i5v!J|(;l}9N?VOfJKM3(mx)Q%!i8M&;GLUX?;%^V=bM;kSR2*llw& z!7Yo4l4C`oP<=^)2-(q!kN^m7)6zpgr1f^sK-yaZTW!|<6xtGX(#$k?Q5Xwbugt7nkyB`0Nplf)xRi zo2isj9K`!^3Dp#d@=%vi&Y-#c_{szb;eUR#%;j&TA)IT3E}_!);>3vv5WiC;g?U;J zStPkTY(K-eMB#HrU|I!%Oxhc4e6LR)G}2w0&2_A%Jk4n)IjzkWjAj%c`3nYvHP}s; z6<6EO>bx*9Fgr@Z8$%gmJO)*!0!jLK#Po;bEdf{zv9YlXg*vt`wY0R9udgn@3#&v{z2r7By6ZGC zHl`&aEF3a9HYUc&#RUU`_Pu#mOoxt+&atDteRRXmvflS<$wJ}4d7z0x1DcKb6D}aq zP(G&koDYmJl*hZQ(lLj}k?BA7!7x7Tn#gCc5qliV&F_l-Jr$&u;ppR{(NOm+8-I|6 zKaREwLt#SeTt^k>;9H2hI^=@8}?>q6!(e>98z+^zQJDod|=ovva^g zzkjSLb?R{@=A^s2F29ke@-G>fjb%D!w33SGmJ5tC*_x31+}aOHsWsGQ@AYe^zrrYZ zDsp|vv+4k9h^y5<((y|tE&Wybbjh?`0Iyv4C!n-s^?;@I3YcnOp5AV-~O+gcfb8Ukzv%Q6F3YDf+wj?P4|n&n{VS{vx~Q=`fT z6Xt=jYq^ZT9PP!4c)`BOM{EdsD2r)E)4ZWi{TJluiY=zwp)8!WmD{6GwoS# z4(OCJW#+|kC+baOA&!#U-SV(p9W0uyt(`Y)PP9;}Bj}}e_MlgJlQ-R_^w%S#X6x;- zkO&r}eiq^kj9dN%sfl8*-uA`Q)~rt?Ytqp5U`HuuAZ}9)foF!yP8$V@Xoev}+lXzU zU&?NyO)3Kx#aC~qSC6kQ%Tou9@V95jB<&{=tHYK)k%%aw+Ck+o2alA2`xi<#qX+Ui zIF`)#GeYo)=koxi{tFbOb~fcG`iT(~8*1fCxp}AfSCz2%ldjgr1_-N~6#>cZzQ9pC z)0ce3I|fK^d0pRi60LOFkWIR_SfUw+;$6{`{fOUf>x#8qOp=zrGjf)P2q>?Y@Wb4+ zG-AP21SCg6W}b#RWYhEBH~SgOG1%T0|F4|b6Cm!zPhit%3)7^8FX@LV+|S1y-_OAD%% z&zVocA&y;FbHN`?se=uLGZZhODG&%TmHKh!uZl%tA{^W-RT`s%oJ@y^MoOsKH1-Ta zW?2Nj1!*ToDhE+6F=_E*Q{AP|5N(#raG3HjT+HP%SfbbZz$7)fK2I{YRt2j+bS~Er zZ6lGLC-aIms70i|o35dS>Teym2@L12sM9eQXMmqSm#7|xssK;yEY;DMQP^k$F1bS` zQ|7;zZeuK{5zu*wi>gGXSfm^tHBR=6xR1ESZtWae^dWsm=djEIuHI&1j_PQ=^d0{T*odjU#SloKx`R4Udy2C%jJ*3YoWRBt{Vo;h%1$o%RipB3R%0gWdK}1 z|M3>Dxj%ekM>NxSF1&?XE19fCa_P}b-3BT#e)X^fqLw$mQ2(wd>{-r(#_^5{!7~D? z)ZDE$&v%|87+r^Z#hIA9!f2EF*?rI3V1l_S1fTbGxQNs|7y))OC-z2 z=H#8GIxtatAxOw;{$`O!jUq3r-AV(aH!it?h-xYqvv+UKWQum6Xg&N<#pQQ~AOZ&q zBq5$x!_uR_W-}lcb71P zT1vD{5cGs#m#`Y8jnvnrO7mi02;ICMc>EkJ9vbnNBfaH<1uQ@Mb~M+fCFyd<_R(Q>>2YQOmF~H&@?wv_MAU z^KI_X4AsJg;RMUB?7G`v3hiEZXn5L(O_ELRv30}DK?y?bHu{iF*qY^-``7XByI!tM zm=1``^|$~VgT^FdcH#1+7lG){wX@Oaw>2jdmEW(*y*vEvXG9q2%+W2qKBRj0M;hrRz4`#QFkjh%H1H3sTXnKD2jO@%h-^g~_Yh z=_u+`SY0xdFb{qmGrNG236*Dxft2p%*UJhr_?pdYIdU`M@9+dYsyo2>WDoVC~Y z2KbomM0rKnRE=n-& zhK6hk?YfOolspk0E0(W>HOd-%oDH^N?R_#nB%e`~XCkvMQcg5RwdLg>R56Zj%JeC3 z6W^+`JU%V!_$g5WU*y$Oy{eb!x#}=qwLfExGOKm=kD08BWMMi#YNBTeC6R+BQ8sv9AB#p8f24D&6mK2W84n&G$G92@dYu%{dU&D^ z423PZK@Y1~#C(@cdmPg&dRW!oHq=GLQ*&qwj|&Nj+-9H%D$fZC3MJJrd>5SYaB*oC zMFTJD5I4~8zCHy3CuN&>Xdq?`fsSDQvBSza(q8k(T#aus&cHG8NrZhjYB?yB@T@n+ z-ca!P+vs-!66TeI&wSuGtfk<~``2P0)x5nW&H0!{*Q#u`wvhS7=DX>wW8;%%LiE6W zK>lsZOCBn5V0IEb;p12$euJsKWnOMe!7RSo!>BcyOwv<=aSthMswuEBjQ7bJ%B|uy z)kXnQ(@#yel6lAkm^Jb?feBRww4(FnVRM|92=?ds5xyr^j|)#Iq!sMvgp z-6U)$<~}D33&8sPyp-*r+J{*{@+ig5xDq3@tu@+xp%qjf(i&9IXHxc2T+sLHGxtTj zCue(#4p+mJ?~QkfN$x;oBJ6La=-P|r`wtCGJ$FWtJ2WdizCctp#TZyw0Ik@zo6+_X zJra2s`C%1cF+)X%*?qIGd(KqyXyk%njZ7{#@K(1TYeV0XW>bw@riw+*dux>k=D;U zUOF{WfG^&9j8M&nff5x0d$%Mf8I4DP4=*Kx4?%40nH)Pg~{l zoA3NAPvbP6SlV#WoKNes_rUlHzK-#LhtK@5e=+CcC0j?1yqK9(&!WgBj{n66!k6ck z1_Ms0VFAe0Az>jm*NUk9&(>QLbOt_*!Q zHLBlQ$Ug05z1U`E-d~nF*=zYKKizP|G|_abh&bCh-?L*R!3%-=N-Lnq2}ts}PI-7# zc}v(vho)MX$`LLHrwp}w$y=w}e%14NLie_%-;-+3yB>)e&`Q4HCpHm%$30spy3hwI z$ML5>S1>j{2diEF5U1`-89bE871+j$eQ7vC0hY z-lkv|I1F^;zu8Nz z5T`8Ob?jxQmOP;RUR)P{#AS>nHct($0#_wXU;|Z$#p}jKt*7}#Yk(BGyfe9DkWAdN6rckrysAkF2#7mg;^=5^ zuh+PMa^2KDAUs^M>@^Fs9l96wWOisuM-wop9jk#KQ`&$(qs$)L)O>x9ZTg_}cIz^u zLn0K+ND|ufI^yW9XE9)n0!EMX$l@$#{yXhcEZ;XQh_Fvnv{+&eJYBP-_BB zQ1UE3x(-$~o}1Xc88mXZj7?969IFhj)dc<8m!9g}v?-`fv$w(5n`DcKn_&2Asp z_Rh777^7s9-J=eZJIjE)^vsrpCux>pUeZOj^z;r4@K(-l`_8}7)~4!B;FB7jo0AkC z!fT;vP__DYcEr_Cb_`uOJuqM_E@Bs9f4`?|LibZWRq)b`d(J~>`sn;M;mZUdY@cgc;pe>QM%*#xwaY2CTcm~+R`rbqwf@-X6n7V zcGj;^gYy+G?(_LbM7_Z4db3)6-Iyv5M^oK|65R4C zY-NPCFYOvs^;G9hqx&7M$zp5WDq!%sdvFCG0TSfspxL~liFfz}FvMYFLWO`^_|r#a z)Qv8>GYBy9ujgi6bAeyC@HffFt6xJ1*Eu*iM2)?+E8~@TYwzFVX zhoX$od@A3+;^J~pjwu*;WTaytEKW|&dw_#EJ=)X+N))z@udS{1eEag{lznpUJQ*F` zw1CI%QZe8cu)fgL?8m|-x+@^?`SjES)MqK!$?G6r_AfW`%a@Fbii+HVf`YS+;jB^~ z9vhJP5M`1B;d)pY9C#f#C3+m2Xt zPgGT7n8w?>IQ^|hb1l60I%rUAY;1I1$3N-l$;lrT02W(Vt7+I{=;mKJk(Z9)0CbuV zQUMIW8AHv3lfObF4?)_C0#l_=dKRmRH1Eq zaRA~NP8c)g7aFeR2o@X>>i=S`|G^=7Oo+Il#!P^l+pap-`Y{0!Zcs*9Wo4y&LWrfF}GdvzQ(CK27@P_r~p32IvW=Pp# z&UXODHk+#oOWyBfa7;D$TzZQZh57sz47+TJ{Wr7=yqCyST=YVhAV0qj=6*AGeAy^4 zBug!Q8m5a<_6fi<$1WS6eMU%tA2rl^ivKJK|i=e2dzu(w|Au_-#Z59?V(0MdX!>;U4> zcWznkxg`;Gy-a#~`9Adtjoz(cB>+|781ZufV|S~d(#z%*VV%b(w|9!XVuur=R`x8m zuRX68nMKOqo)!0ac?wSt^5tA48X|8m>>Yk54_HQF2tK9hJ7((Uu-_;do%g^}ZZ_xi zo1HyAZBHq#-*a`O1q4b~ai8o;<0JD%X5?L}6~G3d^ASlLpO}P-Hx)HqxrRpZUiQbk zZCf(cfBEHD^}P9&bZ`v>7?w?Zrcq68hKMjMy!)R%rz$Ta;1z_%q1Q(3E$!K(Z8>Z5 zYR&FqS_v~>9@1dHO9&=|j9CRu1Ctg&^eF3(eYzvYo2`H$E>W4i=(3m#*8tASWcWNVRvl~z zm?~HI{>i71!OAzE0oTSysrv@bI09A+h-Qee=(LGs^=`NP-J|9L8!`X8nKsX$=FO?}uDtTqjPv$y}l+5bDHyQ#p+ zL)NyT@oqZz0kMV5%KJEVLmBty-W2Fn`}({}@4Z3jVUQ;yNx{3Hvws^*0JXahdnopI z?)QgSNP7T)z5VO~7nf~&iCJ3_J}GJQ$g)$m1Z=9=2*F7Pn&rZ@Gm6eS2#?fwZffeZ@%?+; z$Z;Ft`)q6>dWAaN)Pw*(i0zS)mX=0Xz*IQ^1py7a)x!XR8Uwt~UO=YV$0sIM0G2J` zUiA3kLu+?i+pSI6NNRhM!z=V>z)*WeI?3AZ$pP@xPt~NtN&kO_z#x}ZI{9tgN$dd+ z51W(}{NlpVOqH4+1K8QR zzrWwo&tcL8h~4fRsFZQ-(O@IUApSP{p@f9Qv}L)^<9CM}=DLQ?ve&1lr`V1YP!1 zS6p0N=hanJa>j1c7Hu3V$uhuspc{_d$O#4~1BCsN!<-oCTW@b0Q0DEMO;J(t!Gi}& zt39#6q;PX{6U^f%ME@wIf4SvjO^sM)W@d?g;gp?-+=n~S{g$k}yu3s8bWT8tyMljk zwd*747+{&e|D@9Za0b#X4M<22MV?qwb{Wxz{$9!}wwtlxALx2C2~F+!4@VUT@82o& zZzdPaCrQ|#w0^Pk$~25mMR;l06QJ^=J?oZK zl7j^`gJ_#N$TfkM)BY;YT?X3Wl#oA&`726!Q4WVuVpn2`S4$<2$Rnm|DK3IQF|Oss z(jC*s>ev@dyJJcE0ZnPp!&mmoH@WyC3?aBJgHv|d!isz{j=h>;V+s<~Xzl%?*395x zV)AR$p@=|-Xs*n9H!O)!X7l%<; zi<*CzI-+v@U&ZItHL77lCKmxW>WesXbV&Nrk-`*eU@4MkDKfULJz>Ux(;}cHF)JSX zPflKqr3>8g_82N#iG=gkT1~VU#khkdF8ju4e!%VOg!0I3$?YwsPp0hcXZE6-ifbgM zeA__-xLSoaL9;bp8p0JuEkOXkA;e;$%D_yC+;Vl{$a9d&e1G?&Yw13@hYOX>jS zU%v$s_6!{R8)Rqp{S#!jS7FHlR(exx0t{wkQ$2fGH=LKp8P8|pn+Z(nY|=^n`8>XL z^W)Z;N*_X#l9D0`2nnS&P;UXs=qN8EbGTURvYz-s>S_w$#MIWMFQfhivPl@loH#{A zPo@CkW6Ma=6-dk=a`9-WYk-Eg>2w7a5)uNl>3#nPkaKY<_4fB4p{oUKC%9dJ>ECKe zNy)5`NKr&Cs-KSm&}LOtd~!0q zqLPv=Kwy)5dwaj9s&dF>?ezmZdeIT!xsK@{lK4E)lB*L$EZ*E499=P+&{tF~71pBy zKz$+)0VEss*z1@mIxLKKVrB;1Zpz=D28MncarV4n-Q?sNh1SWILiF2(g@wX^tT6-9 z-qvCk)T*ACl41ZX>md>X;_Y<0Gn#==qfy1|{O@V_JCy<>UcbHtteDslG5E7c zi?3(&W|&E}Jm%T|6H_;{ls{`tfS}(nw$Rau{{fL6t+3OTvbyPo0WGgsPcNSZ#lJ1| z3MRYv=0fUPp!-0xv;q@Yo5toU`_lEbnX3iZ{H+D>1`^;G;OF6g#3LZ0#V-iv=LZY( pbMcD+J5itSUH^{@>>XcQTYCQQ7hDb|KLaiRDafkI6iJ%~{y#1Zn*#s< literal 0 HcmV?d00001 diff --git a/docs/addons/percona-xtradb/overview/images/restore_overview.svg b/docs/addons/percona-xtradb/overview/images/restore_overview.svg new file mode 100644 index 0000000..5fbb115 --- /dev/null +++ b/docs/addons/percona-xtradb/overview/images/restore_overview.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/docs/addons/percona-xtradb/overview/images/standalone_backup.png b/docs/addons/percona-xtradb/overview/images/standalone_backup.png new file mode 100644 index 0000000000000000000000000000000000000000..7803c9cf93f79287cbc33a454dbf024e2be4148d GIT binary patch literal 9535 zcmbt)bzD?m6z8Km6cD6KKqZC}92$ucl#&MNknXObyX1!mh=52*H%K>#v?JXh-BMC} z+5KZb`^WyXJM(7VoBLwUz4x5+J?DFFq>7R}5k56O1VKbE5i)8JgoXge9=O=x+gN$( z7VI!BrCv)xP(?h!l`$6h&1i~HdksO}Y!HMDfuMh&3Aq75ZZHViGJ+uZM+l;H{PbN_ z6r8{|QIwZ~Ztvb%&G|{71bH$AkBu^&$Z#}ye<}gwXdn}0G^jJ|OElroMhEpu{LZwl}YKiyFcn(N;H+ThYxd}95dKExD4 zDvkTUzZ$kNxn6$~a2oT9Mt#}Z$zb7fxmQoVcWy6_u-wOCB7v(al5uH9TMvp1i1;i- zkR5AsWi#+d@1ds*&7(=WeO3NLVJnJq@?oy+8k1_lFk@1 zYgJKEu_v89qQyb(E|@-eKTvWJqm2&2M3>Tv?q)tbIyx%X=De|}(s`1sFt@e6-H011 zEyqEA6tK=Y@I8IdB62skt-D)x^0!~PZpniplrV`z7mp8n&c< zvkL8MZf-7EuIhCrXjUM{b! z_?2kdC{t3VK#&;MgXnzqCqxwZq0WJlS=HK{^O{AdK_l2XeyDU+dU|^M+}zxgL_{%R zXT+LwgANBd-`?JyNufGElrXSnM1>74uB~BFQuZo*(dG;b50?)=YtGBVmdhD6PU|-d z(k#M)$~mK_r*$D@yOHGEw{$UbIZFBC4FUoJS*4{z#S`11*uhe?3=BLLRC&4_GM_{1ltCt+Kck!CJ{djvriCSC?foQ5q8-9xjuuBFUWCHa<>fZ*QNVkb7`+ z6r{pI-l1vIM0x)2U#+EJ{-vR+>QaAYalTUiw&t5R7$3}4b#(BW4II7|6u@TdojUd3 zz8&o9?Nxkqzn>^u#k1SG=D`FCm4V~CikE?%RMdmjxAO^tzpA+oHDM^sE~X?uG{d(0H>v#^gPgr|QG@>(IN znu_`M?Hf0BY+kfnPGmuGakaX-`i7#SBF&E2LQH`UCotO_swoov&Wwfx(96x?1u zVO>N20m1rEuhzEEVc-%>#+V!#yAmN~q)bwmiBk-M^$3rMs7Cy#kEJC$JKNEt)zZ2( zz#1sd#$2P2_u1YqI#PLbY;0_V-*O0ZZEfu}Hy2m3at2(mE<1ZkUQ27DL`dYN4BAV? zQ#R$#SLHIyI)kvE2OAsj&it?cMb1oN%fnw988M<`V3_B~$A3VRw6fYPkBNzy?~P{& zupImPQiO(@T9b{P-O%AXJr?UGVKih03D0*lwL{Ek#d|v$m`I%}i`@?cYl)`4aVK~r zBn~bqRL%|rgoHBs`ucTvWNeG)hbvBxA3ru_f1Ors*BeK7TW%N!k4hRkAV-FO`svg6 ztaZHk;!k>XvV!@~_m32>IA|GOnN(19hLfD>H8`7>>vLy5q@-a8E-#{ zqaE--p%6awA37D%x`u;rU zK-3#GHTbp&vq$2TZO`6ZW9)-Eu>X%c1EkkZU&%V2^W(V6W|C~x|+1C}GMJ_l+hPZ^8yGu%wQ8@wo9P9JAgyPb#vKXQ zG-~~@>ysq0YA=*T?(t}sOFI4enL1`SQ~TJAFV%OoFEJ<~fi$9fS>)eZg2;dojFFuk zC!Cnh`rzQ8AOmI`)Z}xv7nQ`W4Cj*fvoRHlFkM97wQ@weh~7PM zha7?kTJk1-8dw|8_}Si0dz1Uf-8Tn0$! z;30$QLOxhnSdrjQVu2igH%2jLlaZ?i<}fP9z1ioVL_CPWX|@mMu}_k}dH2LT^lxct z5g+=UgJiXZhgA;plGBW3~GBOYp6&>x?(9obE;=ZHuPJsGsanUFRxD<|L1+ckp|Bhu4 z2%3FMK|!HXgsS(yhL;*NN4>`akEFM5CCIAZFkAM}c4Zpro}`g695xW?FGyPpw?FP4u>X&4qCE_to8Qj#BH<5(<7PZCFDNi$Ooh+DIVx zK!Pk`$fvCaXKTcnf(FV%ioEgbtesb09QqF>%C95YQPAZ`un%kfBUAO_Vz7TNlA%0RahWEwl@C*d=C!~ zfO9ZH3}t2IJ~KW6V$)O05n&nKm3QJA8X7Pv!h&z#q|MDA2~ZOOI8o8iz*1Ho#wH<& z_ioTP*x%h9bl;suJ>uh28!gcj@(8;;Y2a#=Bu@xXDiiQ({(1VY8g*LEj;@8OO@WNa z>hBw1(JGqypt+)XoSxsW=N5_$n-Ob;O3A0`0z#}<$m*Z?nznZ5p^T-HCfZ*ckT@Lu zvvGW+fk!(dwvQVS5O98Z>EZKtR6c#MsIX89bZ{`1M#z;qwntl6_lW=%A#;i5Q$gxj z>1Km{YZz4*=Kwyn;wSu2bbuTn)F>@2O&DkpttA=jxqudTcZmYq4q5I;cLNls6Mt5s zIkV-N0H-_CpeDrLIPr#NjqY;}939gbYN@MBvfkGL;Y*}3Rgw&|)t#lLAXwRWczALE z7|Y1XefRS5@i;s@M1!pMl-`}+!1I0diT?~IVJLhuY!g% z^mM4HU}esY)id@prtj~=NTok*sNhxBuktw`9UDDMAH8Iv=(r4>tDxg5s}EE=(GWdN zIe5l3T*+B^d`z2nadFO!n7XcYujqT894=`NUHR_UP?Iu!&6%c1V5@pKej|?4`jswd zto3P#^gRWX7U?_>;mm~nVyDUNXy=H!mho8qR=!kDeH!ufIQfwp$rh-?b(J#^lY;ncnnS3r53 z>?MXIT&grGBzRdK9Zni{jIJ+{`s+HXkTji4+p^v^Q9>%(zW1i5ssH;{#=NdhZzw44 zvm~lyc1xMIrBD#W&@tXA2UqtB7=Q=vyzx@$6FXQN0LeCcRhcp3K;J8O9{Wk3r*ZD`oCRA#vUP@$h`frZnL2CMR6=TT4_-lFnqgDFI|O z*DAEsAGwl{oE{72xasy#KEj(9n{yym2}@bYdLkc8D2ux>F3?ooX!lQ;INN*gR3ucgEY+^dCwY^A|nf7hR=C%$;J$)ZWuE@IQ6~cZ9CX z#kXfK#4)cO_>WQihKF5*F zd*@HV2|E}6Cf-7eL8ZX3Z?xKoaN_doMP}OGwXFk&&L9lWD_TN;{uj`8FOb z;X?7(k7(JIEaqGdFV8lkfo0$R>+0v^)Na8PYs6t{GNiI-76AXS+!M^j-4H{N60M@6 z(H(BCD+k982^CRKnkYH{nXSWkvcW_P{}879!Piw0Jay^1gZ6i%k2|`7?={6c8=G?@ z_7K-NcZ~`~lvY+*QE**8S*G{#0bB& z$D5q`1jr8+iiTgj#7n;iT#AiQNpAw)D3!1~<|%{N&tXe_hi0FlXx^0yqd)pL6_(?~ zqO`LFMfY#;klW${7qP8U7w;Tm(u9e(Yi(WMJsX)oF~Qm@=&G%Rvj6@h1U?SeR^dvB z;neO?()Z_0dsAY#(8MQ6+)e#m{J!2yn%I52-FK%3vFYg0$RyUQoQ~yaPt$(sSJ9b4 zW4AYPF$^REPpy8;&X%8cqJ({RSc(1XaQx_r+i4UZ%%27m6Yrq8J@i0LH5Pry)_1|s zk)V@WI=t=t{91(epDwsf#T#`PbGGS%b>8mIhYx-DsTWaVctw!ARdl{CgeT@j}+^R*o2a7Gb{cnKCF$k6^~+IYd--u~e9Z-+d=La&4n>mu+> z{@(NZ7ruo@JE6ye3KRLmpO;c_?raKXrow7wZ_gOwTIyaS#cg;%|I2)W*LqnP6Xygu zR`&E({$}kcerdOVF70dl6HLALtuHj~pS^FLkCHU^5S3Ulm$`9cj8f!2M*UUHeROAo zJiSUXz>)A;BgmmeBX8>YjAPAk;_}>~IP6)r`cP;lbbvl*o!0~w~4lTELo2mHe`z7|fXCDzb!4BnLQJ;E;-<`n?pTrH3M^Q8?SP~&i@e)gpChca=Om9bD6jv5&K}vwRpUi#rG7 zt#2AOE0M=36cHUw0|KKz7@ovj3qEP2W5nbM864aeqF?A4#!B5xO-<(jkwFMKKnL=@ z`{(l0g-uPgCns?pqsjedu^4mWFc9AU^%e^X3Q8Ls-#!6hyvmbg(nvV{Q_g`e#l=63 z(-5pdYK6A7wu+gpt*y6q4{M^)E6K2)Gz!^}*v0mnp+gZeUu>XR5Pv=;#XY~p1F_)m zA@Nd)bdZj(04iWGuSop~D=Vu}8&a>)bJ4)<-(Ra38X;nkAat+xCtYlMH`C|H#Y(?> z$MMX57Pmw*I#)5pWH3!|*S`$pg3N4ec~h={@%fo4!BAy6{3pNW??to>^Q%-otRk(l zJr$!jlJk~3Ejva&eHB~Z1#(AbVxx#At5nwbQuoF%+1Zskxf^XLUrO?R7Zz&OIm7TB3h(O zP(cAlcq4TsXEY#Xq;f_<(9XoiSJ`cCn{zhrLjpLM&cB=EiD_w3tE*-^(=`M*B=jM# z*n%~Sy1^`6tl$w4fa6fG$uLW~yFX)QVYx?6j@fJw51w~;41UtZ5kVmR>sCmo**X2l#UN-H3SXt)AsJ(|<&AY8Xm+$;zh7(*}^rqt}J9HOLFpM!#g$KRy67 zScUBrUktq%HRpiI-fY8UxiLmh9327jDHajEC>6-P^|h+T^D8U{sf%@M@H@kZg8R)n z^cRhKd(`d!j5H!P=1~Xrls#6J&gUw@?J@ z!!DGMzvkz64iA&a%F0GWMg~e}OUlS#0xp2pV^4o)stP95_MVkO*+foO7F5=JsvF+YiNnU2bh_J;%grxvU$`N| z6;20c^?V{-Yj{a(bh$b@I}<;BikYgiWMN`Llai9U>%f^$SHwMpl9D@h0z^tp9kn)) zV!G53O2uzMcxwQWK6nrYhJlfd4I7Au(Wa3U9TjzMYN_)8m?U61Fd6dLlJF7}6TuVg z1sOG-P(YF;n#beB4B|T@7CJy)Gz@Gbz^TyvGhq0LWc|ty<}{uJ6Y_QQJh9%hhy#3~ z@5?e?1PcpGHp<#*XOdS&ULFH7@La+I_5rr9xw+X|Wd^>&==v075U2sD7#Qq1R!Zlp z8UOsqdk*-mixFy3Pne;d1_wDV5mBg8uUqop>9N?i1EZ^>GqvSY_v`ca{(gL4AL6E_u1<)URu~B~ zZZ(>({Gr{HPJg=`V5x&tR5#kusQraXB}RTB8W5Jjt`3>5lKDes@h_7wx!mMci%=Yo zA6vOwJOk!$(ReRwcBiy`V$*f7c3gYRwz%bN3pHTu5BS)l<6A10>m!`%+z5%GTINImSu(xFs$JrDA z0XE<_WjTP8hYug(5)xvzVU_tsd_!4#`qbI67Cd+P(`LrE1oRk}XpMU!Ha@;}6An!A zqlgFhpW)1S)f_n{pnOhFPE@=mGDX|d>EeEHFck?OKJ;j%>TUfVfB);3I*f2d#l-gI z?aj3@Uuu?S(F|Pz$*SL7oO{r2`Sft}a-iZQ^R{E6s8w?8``}$BBB4tPdG@Ude>`XT z?O#ug(>fFU=}kkOF9DA9w8@zwXvC61_p5$IK&4UQ@>XMBmhP8757`Td_LKp zc#*9l@YH-E3a1j&i{o0$vrmjxsZEBMD&oN3_yd8?%jM=Bkl2(phk-F^TUcO#JUV(?98AW~3@S{pfJ1AmGP1IVfhGYp(bp~Rn;mX;dO$dA68f0q_2JIm zUK{}L08sn-`>kr}2P!ufS|xz7jTb+bVoPG;<-IpGHO0Zh6RwaeZEgKz=(8AsgoFfe zOgRn} zY-VQW<-FXVwe=1d&OKi)JmFjY4-|dGKhJZ`S4uh*tn_}f^|ez5tV{Urp4bb7-ejh^ z{a}_<@F(|dr{7^7Rc-+FXot*%-tJpmKDi$Wv!4|Xzwr0>=hA%nFs#9f1`u+~MFU*B zF5_yI2v%uZTidEL``NI}OvCgU0f)8YR*f?|ny=q?;A+Iz=tvq5KCxp=iT4*tFT$h@ z^F8XhWaQi*c!YN`bzWFWTvewq>^7F4GXq+Jm$}j}Se{gxUi8ck&v~!Z_Luh=xTLm5UnJD?A;i3KLF&BcsMYmj>q$&h0P$Vwc9#x; z)XLNPyl+TcK)O$CxrL~YJ(DV~I^!{77><^x62cx%=tA{y-61J&xt~33=ATsB!5^Ed z^U;1Zqs}cJ(gMP^{q^DHzf=4X0q*Dl686%#XnQM2Or$tTxNwNU8xZH8>pd4hOs8`+|c406YjnSWPVr zja}teuV&39_FL#l-Y1AWe*XLdjvPrb^!MrlcGJ2AT=+FksQLD~@46S%PK1Oe zKBlF86Qm++;2hw-+H2fDO5>Ja;A1M8{O-1W&r#~(@tnuPU{O&K4Jj$95eV^))eF^u zrw$o$zcg}o;G-hs;Nh>_o zNg%e@X#yKRlAjLe<>rd@R@x4?wY7!Oi+R^SPF7H@v!5HOv6&#Ai%+f21aUSvR?*Z9 z8%W{VR#Z^#M89%}qQ92M14YZ#7T%1i%`DO|wYW%}wx^ zbxlQeb#?ZaFC7}J_fdR=EdbDFO>+Ti46vX;>@BEP)6>&i0BcVKC6}W3coH+dhvfKJpp3l) zgb)%ELgbDOi8nQdnd@x0!hik#{iUUa9(44sZUE{apl;L9)YK$Zg!&H7@qxOzhDk;J zY;345M z%wC8m$){wvnEn=3&-<)v6kf9>rHsD&?_sQ5g+8|>khTO+{b1Qa2aK@Ggm=~XIV6l( z*w`on#6^P)3=ABdoOTMBA4D%LEsZXjf(k<5=sVYs764OG&U3h+;+r+@^c>W|RJ62k zppoqpBb^5z{maYiDHz`@#tv>*d-H|`tctJ*Gqw(uHqJn>-mQ_)g4AhZdt3ws1+f54 zUkTP4jQ!p^+?50q%U+(r)Jn|QSYy5dO8L4anrBf__=eC8s6#l1O5d~POPvLxJ%auN z%P=&U6YDEDx6LcG^}9`Yb0)UMAl$e5`se(JlarH}(Rbt?uD9JL6{^gM2hAHLv^lTX zig?op*&yslnJ;$l-obD&(SyNCjbh-*A4JNyK|kzg>s7I{es*`~PMcJy8@Bpi|0rv{ zvEJI*&wYG1%uXIvT{5()@=nsYPC@AJ0a>4gWDOx@2kODpg$J(qe`|i{RL`Fst=Qe9 zq3A2(vyK=D;pV2uXeRkT*WCQC)i=_&eb9b%?`#)~5b1<{A@cO^sfWw0a2RA@3WtC(~ IrHz9A2Sb3-#sB~S literal 0 HcmV?d00001 diff --git a/docs/addons/percona-xtradb/overview/images/standalone_backup.svg b/docs/addons/percona-xtradb/overview/images/standalone_backup.svg new file mode 100644 index 0000000..d842883 --- /dev/null +++ b/docs/addons/percona-xtradb/overview/images/standalone_backup.svg @@ -0,0 +1,273 @@ + + + + + diff --git a/docs/addons/percona-xtradb/overview/images/standalone_restore.png b/docs/addons/percona-xtradb/overview/images/standalone_restore.png new file mode 100644 index 0000000000000000000000000000000000000000..301a760d92ec6ef804fc4439a85aa82f567fd5b2 GIT binary patch literal 9287 zcmbt)bzD^4_wJ!PM8T16c*&u=OAsVQT2eZsW9WVX2PG9L5fJI_?h+6wDQW5M@NRzJ z&;8?f@BQcAJA7t1v(KEf_g;IgXYKVoCtBmV5&37`eXSy9mqf=~&;@oPvPhFf#r=<-w_G(x8T^**qd9RUYe z?#gNkSgR;c9>GNhD7|_>6ON~gj5P$IwSgN@LZfu>hY-YouPiU4u+!S1^P^)2GcwkpvuU+xomk=+C=LmAw);>y?JBRD2P}V zn=b6XefSt0l7Hm!7)Uf%v$9H?X+J@%Uzv3!)1X-(+RQq3goLRguLm4-R=xEbEY!#TZ6R@&D3nb}S@=?UP8) zz%Z|$?6G|4y}&VuOGQc9l&e+10v%l5JV!__qCl$5<9Oi2B|=iYbgH(nnSdI}GHO@N zrI@2RIvQ|+Xd#C5k_E~+?Coqs#KgqXHCT0~W?FP2FU0cjh6e}w$DCpZaHXD9&NLoPw z!(EgLlFrp?x8#*6)_wU>SGQtqZSC`$m7eyov2t0~M|S9_GWE^PxAR+DTUwCNiSI3E zl8Q&h$i`w#W#u3eiR5-HK931`AFpIOSNCQ?F{eCVk7I9db@fqO#SR|$YW(6wk`j1V zf>(=LnqYjtrKeWGBTr9H7cZ~K=4Od5a~?(#99Tp!823S#|MU6z`LsqH&0%g}1Xgx- zx00`4T_!i(O;mC#VxH%R8Wcwu6!*+Gda0f7%@^tx=yc#bWKIQ!P}$kp`S$`5P||MN zr^%MIp_kmOqod<~`LjSfLdj!D{U?QV-}vhvUzAHk)4yk$rJ9!OQJTYHzV_7y&hMUv zo$byZH#Ifwe9`)6Zf=e?q5t>Rmcc`Q&tl^Fooa)0TYhrBgoFe!Sku&^#JF4}r~ z^Uo|%px`l^Fxl+*$7Ey!&I?TZD1@9~Eb19XyUWW*_R7lrlEKn0J7(&O|FGhe z(}|1E4fgljVs^qUz7-bwH@a_jTwPy_dF=ioH8C*>%I%ReKuXj8maX#IUjW}qvc3)7U)o%?aa6}7tH2oF@8Z==|%24SX=;|K`}ootR{`CpwpKp`e2Bl8puyt^sN47~Fh2*JP$7#bcB$y{=l3s6FxpZ?Sq4Op;$zoeSLi}kL9lD*5OR4zt?|n zHl$X_?eRYoZiM}O@Z^ce*!;YN!{(3N3>g`jNAE{ygQbJwQS6o|fbf*4GAN#pAfQk=K0Y>VWL~m!4qowu!DF<2F&F$?6r}+jPF|R$<_RFxsk`hHHC$18s z`jAhbD0e{!ENyQWQuDoz{o=OqUG0vG8H35k;1q52aob0wW(H?xXVp)_V;B(VC_W(} zN9xV8yseW{NkU{~WVUwxb5F`!h)``<^}J&@<4^-Bk5S}k55j*^7HfOgHX_R091iH zFf_SsyycOSYUStSOL)Qh$UL;2_TcD<_wwrM-(OX>XuwhS8W)mfxccP2efuV>tc;VW z!lc7Sy0_4b7cOhoVR}?C|gbl3L$yQ*qpPiSjWN<>iEIZ5U_x^pC6v@`QEMpU-P$bxVYi68sPOp zN9Rku`zA?gRh7;c-NGl;2E%pr^)H^~Y6YYTI-(2E4Z!g&d7lV9GT5aX&%h!jB?ZW@ z!Im_->HhWWS7{#~5inX66%`F5Bco!if(wqpj{bh-jrH}sgnmm!A|j%I)_~hDV63El zmb{QR$)(P_!nwQaK3E?ou%z0jg69XfH^S`V#@ zPYW1{u>mBT7TiX0B7OBclx&{dOzLTAX}yNS^paF^3yX?YD>>|&{I6@;Z1|6$GLXdZ z2P?!O@g$XQ2txL*G(fsKI@ko5a+Qtfy!aOGE-qh{Rg$grbs0&@pFe*t3K8RmE0*gy zlyTU*dU~#-1gSEwh>42g?t)i(dO8&oNp!p!tgfK}b^Y8VDzYx%LRdrN{rcA+kx}S( z(b|UR;E4O6`b#L^R5F*^UO#|xDEk|R3tpQ}s(n0*S&16z`bP_Eh^P9j8l!Ey*nbom zqrqB4^$ivJG0Bw>-gfkL`vaBXThUJm>t9Pf^NWuw6~%+FQ|<8|z^8aojthK9f<&Ma zl)jMqJcDtMoHLJpW}+B{r_VlTF(RL#4i*1&?l5W`DpNhjD#HP`l!Q;gQ&vVaiX=+( zHzp;qj}Z4i9OQ(g(DVr0b}M?=pl7Bn_&V5boYhs6M}wTlO{Oh(%6%5+8dI!;Ki4j9 z3WqN?Pq;_7+{>(C_?uG1`>kRRNvt0`)mQ32!QLdDqsO3JAWInCx=CN1} zJ=5-q|G57zAB!$vsw1sIflnqa0i^SyUbf}C5=?d_+>>yque4IN#mYBM0$v-nUo7B= zITRmeBWFqrS=1Ccv#+|6XUoR^ z?!71Z%IoGBDxUI->%|CxMx)uYo)zx_b>S+1=gQjCL}jc4t>TSZ=weboZ_kYdVlkz1 zNkKVrGNlQJOo~qt^g+tWi>>A2*gmV&!mQjT{W9y94qtYp1}65dFe6P(GgF9p&EWx; zyZjMN{KN*$CDlj*YF@7<5!cv>Dlht;`yuX#)U_&v9LaQCi%dRgV}*_(`5I3%Y#$9G zMBMxGIfvWi<(dii#WN}wn`@Jkojv5x@l0xsDIrArX9A^9Jd+@FENZ0nS8QAM?eDQl zKEz!u7CkV|vY!`9s=Xhd)Cau9))s7JM*3Kw11#X`^l_p8%{fBw3P}*EH1Zvr@)yzK zEn+#F&|qu5XFib%Dp|V?p2}AXy9sRQ*a-A99ca=ws)tOEOLh-vZeDty?BM@x5A1H> zTyKwWy}m@R*^O4}33otm7KQ%(EDMWOM3h^w*CIv>(aO#>cx#It{Z`6t=2hf}5Licl zH~$Soi-v-zl>O?am|bk7oUZs}vE5n+kfwWVCuQH;udbNsklkolxtY!^vD9Z?s;PWb zrRr%>+@1~!20i-V?k5CNsk|+LM`(xSa-&a7W>(^)1QbVi|r@n4j0)k z1f96KUbX(q?dgODIV_My#=LZmKifstU1mOm@mRtZK8WFwKO+i+rW=H)**Cc5*AKN} zKLUwgBY3Cm0*nos357^&>w2r3q{@7zJZ};|hCGlPvUa!Ha*fRprEZa=a^Yd3vPNcv zJ0VzTx$LPOeczeW0Z*Uv0uX>MZSQu*6S+0bqfZ2^l$;-;JI3 zBN+I(7T?fdc9yuADq@BUi;$uCaQU$jIY$AF7AMdMmj1g$?iFH!FQ56Fc<*QR7afdj zX((q5iZFxw9q~7bx1F13 z^i2X#7=*FP{E=E{>A@lBn3O?Nxi=I-)_uCemuRezJG z-UpI4J+rBsETxH`mAC!hIO3x@zdz3FO=klxdvc$ABq^}oQuP2U5sQhMFK?f}ioo3@ zjm-?W#fX_KmJePgyLXJH5Q-?602y?!V3^<{zQ%IzzF;Qsug-xWIPo7dL!&vmw7B8x zn{mbr_`W>Evy(+w(CQ*bTdevz{hw}WRqVf&h{vTjV4oOuaLznedv|(c6iX$E>mMoy zKWoOhH@e2+9qe{%aht$eL6c5J<%RAVdeB~aO`&lBQ-&hxLxDWwH_ucA4?un7A$wL zbTTttBb1T0Kih)F`!;`h@rm`jk9QOS;^`r~(Ty$+=P2lB*xp}53ysH*-}zaL^f+Ss zU3)zJWL$RB8R$BA**9yp5Idv0{T=Q1d5Fm9d%^v-we6ROalhb=DcM(yjI%wN0@SD59NF&W%ij*s*IC{9anfTR0^| z1j6nYYC`GR!FnIh!Tv9*siV8L;n{VAagZ05)Aos0a^ofSU=l?CTq9+-n7d1@1MSO0 z33eU?oiE08OiGBo5gfefCjMIzxb%GS8Z$D>*#-N?AIh%1X*&K=+Rk-5kRW zu8Ur=aTim2R7Ile#uqfhAISoU&IRNBe3xotD|N4jg)<5MItAL68G$9%$m7~LTNDyT zzZAkVIGM(wBiauRzk!+{q^lhtT zQ4a-ZhA7*~1iK`d7=n@UJJ&sagA8@==&B#iiB^qT|2=bcu6kE*F`JQoVcx52GhGrN1kr77dxZA`Snf8+W0;p z<6NJc0krO8uM0+7r0MCX9;Ea1E@DuAAWMGGmcM}C`5VOFbQ3#auXcd!2Lpm^ji9U` z>6^NJ;v0k*3KW8ddU$o9Ih|2OA-Vg@Y_}uOY^)&(c8)x!^>mlN0B0Ul;`kBnVL?Nw z!lVEy?OW%t)vTCSGfbwd1MmQtpquU$>R%g5#ZtK~R{a7irnfI1VRkU{K1q-2S_EXn zm-rMHLX>gp9RM;9GjgA4FD}sO3HwolazAitZ@R`4O^~UJPEzE7xssA8hLX6+P>phalw0EHotKu?|;{!y`3;_+N^X}0*O!-oiu&yq7ljGWxn~(gq??J7N znAdzu{Nzc$)32(6>KG;J9I(Szlv3ws#q@F7bZ;QW6^*+vZTr zOiM$u`+gFWT%CMv1b}rSSU$eIb{92%qy4hU_mu7P=g+h$gY`r%`ua}*=WuW|$ZY{C za^je7wfVV+&p5~!1O!N99&;-i7?6X4s?LXphiAIpjpcc!;5lk^OiZX^j*PqeiQK;P z?bT`Dz`(aBGwFV6Ypx>8%ge;%|H9ZF7W&GuBbD4)tajtgM;l?r{}9U{w0a zR;9<@;&hoK8)(xGa2QFL>{2?`%=dDO-q99+zrD*3eAe*SL$I#yZUJ_91|#VE&ulIC z=bW5(sW#M+v|wo4Q>98;S|pD%l-^RxEVlTkHMeT!DAEZECi|6Wuo6>I#R1CXlY}2x z^0gaUS->p;CfeQQNZ@iPkz`xnI|joY8d6YHrW5w}_XC@R$kVs~8Oy2HUi_%NR#pb@>g{C^5_;V1cdjTekN)zQ7ltqF zd&0`g%d4TO85|S@74A+kk;Rl-4U)xDijcf{^9CCaud~W_9B%!cvgzh%5V{k$YVkg# z2kQ^F8Knihf%(Dj_NchHaL`kcekCn2w#%PUI!kM7A=^c$?w6&D3mmLRnfKwcZ^}d5 zaBL!?-j}cZF>A`+lRfWgrpAFv1^g}JZ96i z)ETL%p%KJs2pIPD;j~Eb-ECy!dwL95+#=&fGW*FQ6lku+p8~Y4bO?xxQvyOt5rGhg zOec%~d4)smjojg835;|;^``Pe6X@PMXz?h;`0WKP2f(1&!k z1}$(G;7bR`$7m2fIX||UnHei9Ygt3A#?;N_@tcbSGcaucDV^WmFo}wi14FJpAG5!> zynNG}0jvzVSzWbsl4@^nhe-v9gE)5(>;Px!z!i1|dU~*zgyFI%fC0-cd z`oK4LeDA@E@A<61o6goa&bgKA#R33vy`~VbOPsJ>yEt4acbMTds&ff0R6gBb%uL(g z-yex@UZ;X`6m&#vcSIqeQU1h z=;(7^9C2Xrf=f$JsT37sVP>aSO7ilw{QQqVWJg6u+aA?W9IIljskh#RtZh%-ZyD~l zq&KNThnhdHiN)?NskT5lq<7kF&H6IMLSr%I5Tr-~!X25u(D(h8fO<&fvnEtTQV*+* z3=ccHO8|r4+#pW2r;uqiw&TnvJ2MZ>%VB^T)g64*=ox1?k_<>#3osWz7cx#k?(0KO z3U$}7R5K;1KyZMyiqPZeA(FZY0`R*GC|TX=r5;8mrlmCJmV3uNN76GfVE~KN)R)L+ zw-spTms$3|SG)(7_@|6>QU%EeLxSs{h6mcZ{%oc`x+6Qf^QXqD+3P^&YacBAtDrkb zb+HH6I-^nOIn+rk7_5IcjAM%fMp)W(gbTRQ>@gcC)i8I_dxgMZx-7f>R56Y`93bkO zZKFm{0(RXZX)7xx#kZ8vosmRt0y?4XK?D?nS^n2&YFj7Z(-Dpz`j$$}b$iMP&#@11 zuP$JIAcMRyYYMpa#SWL1S5VOBG}KqB% zo2e42g@9|vLMu|-@QDh*?aAuul9~9dC6W2jWX@#G)d*4F%3Uv~M;(IYy5H*;-Fg25 zcC*u40m9p4cX+Pq+mDYG3_VWR-#srQP92^W2ab-kBL!(Plq1ahQ zh3@VCJYP;jgZO@KcemFo^InVHquFwRt&SF2@D8;P!XY5&zBe}@Y?%d2f4X;Xf^2v{ z#;}Np4gi_5*~C+&i-A)=K}ISvswa7t%u$YO{y{Y&jzVa8wLihgLQPs40w#U{gX!(J z07xT?=UVp$8O* z12R9N%o*){P%9sR4WRD0?_D=d(4}sTfZZap@%3sBIFZqN?Vf=3v(d{LB%#@zh~=fF z;GaKrEUm1Tj@AbMOcqo4o^EvyXG;2uG6Ml(UvzVGv(D$3+1%W`sD#03x(sD(Y)sf| zj}izf0RQV}^ZM3~t_NOd>$Xw4eE9I;shZkahaOi715g1Gd=YZBb>l+%92OAh5R{{J*t2cW4=Z{SZ9Sav1p+WJf9ux0}otBCT z$-G~7f!g`G;?*+xd|#d9&J!Qt?n&`GK5Xr@AAzeGycJ)BMc7ucs{vD-R^axL$5o$1 zL`1m0nkg&dcYb9;Q?57n zrzOp|`B>)F-*s<0_2y$-r{B$&V|BLmrLpZc^7Rdr=1Rwb=^25Cz0Q9}8m>nIxh>^b ziS_39^UiEN)x5Gleq^BwgVf)|Rrqai9k@7$620W;`C}HS1gH-iHUXIB6I!qJt^yeO zCAqG{#UtmplyU5VMxB5qO}hf>XacUx)Sf6 z#RB&R;oUvD>EZ41o0uc^uB@5}6y0GycA+HjMUEXCgjVRWoG->o+hmyU#svC5LD%H| z*mPfN^3TYbfKJN=)D~iMGz@S&EiI#rO(&?KK_VMP@PE;)MP&RC%ZFLL_2|eIg!VRt zA)t@rMfH+zosQRseTElFe0~5ib7!u8oHj{iL!gEd^yUGJ>*)jH-8M+umlE9E>hr(W z=#V`$fj7aY+f$FpNJ*(;qN6WAms@3S9kSy1JbIsyzz*TZMMc4gA3m(?>+a57nJ%|5 zzP-IQe$tTnLt70QRyN8&UBDA9HnmeHq+{yWacoGteq=)tJZCF+G|LnwyP(Roi1dew?zt z8!w&+^xH?Iq}f?nSq0szYd z)8$E99ts*Jwtn&{5cDJ}fMOgjyA%V302Mr5C3lOEO7vjWwLU?W+0DhnBV3g^6cG6K zG#%Q-KsaGb!ewG&V&&uvm(6Bv_Bqb0DJvT_$sdmf+kMhv-D`@VLDXPc?b4}NRYoed zWI)uS{sCYPAFAL)HVcfisC`^DFf!VCrK9sRVPvC~_7UzaP->MD`WZ`0N|HrHM3R7p zzCBxI+j$H&`-v*Kg!rA(Y)K(zFkul98Txn9tcU=~jC&zw)BRqE**^V`5L2K1_3KkN zkO#Nkzb6ScDE2hfCqqcKMvZK2Y@c3HLYK@5oAg1?l$Dh)k>3y_BVsar79=z@uW*0I zu9;c21)<1tb8|aa8{BrJi+PDc2V~gjy9)H0hLV}wLgaB;)X0sZsqI|o_n$vs%WG?e zL`6kq>E9gyrQ-r<2J~Rbp`e6>hj#zbQqWQVr}qAwQ-E&H=s&87?l?Xs8rZKvkU=q7 zQc@BG#VMi{>*7Ime&;2>EO`&v*w{`$J1{OO5a98E+^EO;NcZRxQT>#Wt)!%c%Ub^| zqTN&@RW%O*Rv531Alb^9iJ5u9KJGjb#71wQ7T$2JIJtoB4@SRggWX)+!g&LvP<;X$^dcIicW_)r>g=tnLK_ly|xKxg3MZs9#O>b^BKi!6Om@3c#I< zCj(wNP`lYb4kFfS1!qiNeBiwIIn)`C9@t%_FO#i~5 z{qK*Q{I5@-l-vdi(;sb?c=W}Ahh>=D74+OK&D^a-EnKa@KZqC33+IIMaPkW3zK*|cw +  Percona XtraDB Backup Overview +
    Fig: Percona XtraDB Backup Overview
    + + +The backup process consists of the following steps: + +1. At first, a user creates a secret with access credentials of the backend where the backed up data will be stored. + +2. Then, she creates a `Repository` crd that specifies the backend information along with the secret that holds the credentials to access the backend. + +3. Then, she creates a `BackupConfiguration` crd targeting the [AppBinding](/docs/concepts/crds/appbinding/index.md) crd of the desired database. The `BackupConfiguration` object also specifies the `Task` to use to backup the database. + +4. Stash operator watches for `BackupConfiguration` crd. + +5. Once Stash operator finds a `BackupConfiguration` crd, it creates a CronJob with the schedule specified in `BackupConfiguration` object to trigger backup periodically. + +6. On the next scheduled slot, the CronJob triggers a backup by creating a `BackupSession` crd. + +7. Stash operator also watches for `BackupSession` crd. + +8. When it finds a `BackupSession` object, it resolves the respective `Task` and `Function` and prepares a Job definition to backup. + +9. Then, it creates the Job to backup the targeted database. + +10. The backup Job reads necessary information to connect with the database from the `AppBinding` crd. It also reads backend information and access credentials from `Repository` crd and Storage Secret respectively. + +11. Then, the Job dumps the targeted database(s) and uploads the output to the backend. Stash pipes the output of the dump command to the upload process. Hence, backup Job does not require a large volume to hold the entire dump output. + +12. Finally, when the backup is complete, the Job sends Prometheus metrics to the Pushgateway running inside Stash operator pod. It also updates the `BackupSession` and `Repository` status to reflect the backup procedure. + +### Backup Different Percona XtraDB Configurations + +This section will show you how backup works for different Percona XtraDB Configurations. + +#### Standalone Percona XtraDB + +For a standalone Percona XtraDB database, the backup job directly dumps the database using `mysqldump` and pipe the output to the backup process. + +
    + Standalone Percona XtraDB Backup Overview +
    Fig: Standalone Percona XtraDB Backup
    +
    + +#### Percona XtraDB Cluster + +For a standalone Percona XtraDB database, the backup Job runs the backup procedure to take the backup of the targeted databases and uploads the output to the backend. In backup procedure, the Job runs a process called `garbd` ([Galera Arbitrator](https://galeracluster.com/library/documentation/arbitrator.html)) which uses `xtrabackup-v2` script during State Snapshot Transfer (SST). Basically this Job takes a full copy of the data stored in the data directory (`/var/lib/mysql`) and pipes the output of the backup procedure to the uploading process. Hence, backup Job does not require a large volume to hold the entire backed up data. + +
    + Percona XtraDB Cluster Backup Overview +
    Fig: Percona XtraDB Cluster Backup
    +
    + +## How Restore Process Works + +The following diagram shows how Stash restores backed up data into a Percona XtraDB database. Open the image in a new tab to see the enlarged version. + +
    +  Percona XtraDB Restore Overview +
    Fig: Percona XtraDB Restore Process Overview
    +
    + +The restore process consists of the following steps: + +1. At first, a user creates a `RestoreSession` crd targeting the `AppBinding` of the desired database where the backed up data will be restored. It also specifies the `Repository` crd which holds the backend information and the `Task` to use to restore the target. + +2. Stash operator watches for `RestoreSession` object. + +3. Once it finds a `RestoreSession` object, it resolves the respective `Task` and `Function` and prepares a Job (in case of restoring cluster more than one Job and PVC) definition(s) to restore. + +4. Then, it creates the Job(s) (as well as PVCs in case of cluster) to restore the target. + +5. The Job(s) reads necessary information to connect with the database from respective `AppBinding` crd. It also reads backend information and access credentials from `Repository` crd and Storage Secret respectively. + +6. Then, the Job(s) downloads the backed up data from the backend and injects into the desired database. Stash pipes the downloaded data to inject into the database. Hence, the restore Job(s) does not require a large volume to download entire backup data inside it. + +7. Finally, when the restore process is complete, the Job(s) sends Prometheus metrics to the Pushgateway and update the `RestoreSession` status to reflect restore completion. + +### Restore Different Percona XtraDB Configurations + +This section will show you how restore works for different Percona XtraDB Configurations. + +#### Standalone Percona XtraDB + +For a standalone Percona XtraDB database, the restore Job downloads the backed up data from the backend and pipe the downloaded data to `mysql` command which inserts the data into the desired database. + +
    + Standalone Percona XtraDB Restore Overview +
    Fig: Standalone Percona XtraDB Restore
    +
    + +#### Percona XtraDB Cluster + +For a Percona XtraDB Cluster, the Stash operator creates a number (equal to the value of `.spec.target.replicas` of `RestoreSession` object) of Jobs to restore. Each of these Jobs requires a PVC to store the previously backed up data of the data directory `/var/lib/mysql` from the backend. Then each Job downloads the backed up data from the backend and injects into the associated PVC. + +
    + Percona XtraDB Cluster Restore Overview +
    Fig: Percona XtraDB Cluster Restore
    +
    + +## Next Steps + +- Backup standalone Precona-XtraDB using Stash following the guide from [here](/docs/addons/percona-xtradb/standalone/index.md). +- Backup Precona-XtraDB cluster using Stash following the guide from [here](/docs/addons/percona-xtradb/cluster/index.md). diff --git a/docs/addons/percona-xtradb/standalone/examples/backupconfiguration.yaml b/docs/addons/percona-xtradb/standalone/examples/backupconfiguration.yaml new file mode 100644 index 0000000..8590296 --- /dev/null +++ b/docs/addons/percona-xtradb/standalone/examples/backupconfiguration.yaml @@ -0,0 +1,20 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: sample-xtradb-backup + namespace: demo +spec: + schedule: "*/5 * * * *" + task: + name: perconaxtradb-backup-5.7 + repository: + name: gcs-repo-sample-xtradb + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-xtradb + retentionPolicy: + name: keep-last-5 + keepLast: 5 + prune: true diff --git a/docs/addons/percona-xtradb/standalone/examples/repository.yaml b/docs/addons/percona-xtradb/standalone/examples/repository.yaml new file mode 100644 index 0000000..05f180f --- /dev/null +++ b/docs/addons/percona-xtradb/standalone/examples/repository.yaml @@ -0,0 +1,11 @@ +apiVersion: stash.appscode.com/v1alpha1 +kind: Repository +metadata: + name: gcs-repo-sample-xtradb + namespace: demo +spec: + backend: + gcs: + bucket: appscode-qa + prefix: /demo/xtradb/sample-xtradb + storageSecretName: gcs-secret diff --git a/docs/addons/percona-xtradb/standalone/examples/restored-xtradb.yaml b/docs/addons/percona-xtradb/standalone/examples/restored-xtradb.yaml new file mode 100644 index 0000000..e58e377 --- /dev/null +++ b/docs/addons/percona-xtradb/standalone/examples/restored-xtradb.yaml @@ -0,0 +1,21 @@ +apiVersion: kubedb.com/v1alpha2 +kind: PerconaXtraDB +metadata: + name: restored-xtradb + namespace: demo +spec: + version: "5.7" + replicas: 1 + authSecret: + name: sample-xtradb-auth + storageType: Durable + storage: + storageClassName: "standard" + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + init: + waitForInitialRestore: true + terminationPolicy: WipeOut diff --git a/docs/addons/percona-xtradb/standalone/examples/restoresession.yaml b/docs/addons/percona-xtradb/standalone/examples/restoresession.yaml new file mode 100644 index 0000000..051c952 --- /dev/null +++ b/docs/addons/percona-xtradb/standalone/examples/restoresession.yaml @@ -0,0 +1,17 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: RestoreSession +metadata: + name: restored-xtradb-restore + namespace: demo +spec: + task: + name: perconaxtradb-restore-5.7 + repository: + name: gcs-repo-sample-xtradb + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: restored-xtradb + rules: + - snapshots: ["latest"] diff --git a/docs/addons/percona-xtradb/standalone/examples/sample-xtradb.yaml b/docs/addons/percona-xtradb/standalone/examples/sample-xtradb.yaml new file mode 100644 index 0000000..9ea30a4 --- /dev/null +++ b/docs/addons/percona-xtradb/standalone/examples/sample-xtradb.yaml @@ -0,0 +1,17 @@ +apiVersion: kubedb.com/v1alpha2 +kind: PerconaXtraDB +metadata: + name: sample-xtradb + namespace: demo +spec: + version: "5.7" + replicas: 1 + storageType: Durable + storage: + storageClassName: "standard" + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + terminationPolicy: WipeOut diff --git a/docs/addons/percona-xtradb/standalone/images/sample-xtradb-backup.png b/docs/addons/percona-xtradb/standalone/images/sample-xtradb-backup.png new file mode 100644 index 0000000000000000000000000000000000000000..67855bb9b6527d608ca4b3d955d449d5969c6c9d GIT binary patch literal 45568 zcmc$`WmKD6w>C@-+EPk!hZZmH6mMxL4#gdcyAvEj1qfbBad&suP+HuJyF0;Mzr}ve zbIuv($NQb}{&~|qMo8{tWvw;mn)AA@Iqx0tQBEA=De+Sj6ch|e35X&J%7c6ql>5Yw z?}K+F^<}ES6RLr=c>GY} z{*&{YH-uC#89v-|ye-mg{NX4!dzciF<1#C_CdB0bdgCFO1WF3;v(35(cYmSS;$gGh zJ+BkU>A2kek&?v0Vf5sji6vfTjO-rSZ^FCFZ;xNV=2Rq_?>;c{{>n@3)xEo~`*^>* zk9zms^_Pdw?w&6mJt4e%K0^QZsMMeCUJtPT>$@p>vxy!p$7aUM=Iu~6)9jV}zYZ$) zr?^D5dDZ2X0@5d+DBigzG4K~HLnpBgFs6}w5Nc+HxgPoaeK^slljn|JNTji>+sC#2jy~R|NBXYOWx7ku@yF&#-e%@lsy)+C9^kea~ZYV zYG!}OXoF}`flg$1BYW%M3KqTzoJA#m-{6BtKr7vy;rb*QBQbR*H&E^ z1Ok@R^EH%35RIbmBgK-BUKx~IRfxM|IS3_OxoFldk6!4O8Dn;+8kmt|nsog=J<+x#UQ<0y{RbmyVp2rpUj?KpG zA&qxY!_t@$bgVv_qeHEk`d9&r&t9|CoCRUG^ENy?QJ?Ij5F7bwR$)eV^@MYVZ8Gif zszA-!|GZ0igK^;d^ESxvR&+tNYJD2xSI>t@RoX}zunCs-n!uuDOO&g@8y1QgA6Y|Q zzkw<#WPCh5;klq}c9Kzx7}q+;kTKSA`B=R1^4^vOS2cdrb56RnO!h}A-Iy6=2Nx7D zB-6ywLkIzw$jZkWSfc^Aye&IUq03CUs1<(A|I%iR;UK1b) zJW?HoLm7wAbJ%ol4a@N_?g&`FY%(#tmTj74&h75oXhao6-L`2rHc*0WGb+zr)Dd6Q z?g?7g@{&i1>Corm*2Y*)f|urQd5)*JFr5fBO@X}pfM_yaX8GDvgMh|I?XzEWtaI6i zS>dS>5s~mvep>Ee#kt*PLfy5Sj)|N^q7q4&7-mdxRRK? zi*)RganyDr{m?>n`Z_v|VbalecBnWx7BXo#CtbSr#m)R)drlD8EMC#3dsya+tV_eP zkB(_bIGxF$PZ_x8ACe9Pir={*Da~X<;*^$1$Td~p$AfBr3O+UoA zgx+R&Va;|EPV|lsMa3r-7q}n9Hen6cQu}_T@u&+jGedhf&l;9l=8%OMd7%VN%}Qn! z?75rX4c><1t{6@EUQS^_L=aYxn7Lb5C`$ua%pl2Oi(hQHx|2{NR|$lL62akR701V|QnW;jh zCQd-!cp-la0uG28Lx+*?Rae-GE6a^`6OFis+s~#O{}S|xzgi}N1eY0t4mng{wLA7~V!jGP_E2y#qFZ zy1fjC=c#^QldZMZK63GPw$YMPYrfY7yX zS@tU50n87?Am=EnEbRplcda1g<<3r!B4u6KSIsX(KEwMbJxX0C!YRXjxW~mm+4c=q z6yq3P$->S0nnY!t`Z`pu-Ib*v?*$&~o*n2G217hYi`jkSAl{tmR?2^Z==L_(TMTcc z`_=dP~ciC@TAcX+$7Vk>Z32ve28TF^Ftp}-P}hR-gc1M@KX{qtc$zC z);=#D011gD^C$jmi<&Id*#Z!JJvq~Zi53$%-zppe*k ziqbB>4}LhtV5pHG$p4$jbL|8&GBri(w#NOEV7PlFhkIumwB=_%Wm?M*-s5bW-)7RR z9=}1R%R=_(5i7lLZ2a~*z}sI1OtaYXz)@0O1nPLgy^ZeuA5&}y#wZn|8eP$rDm)`t zShhY7o;i0Z|Jhqui}2NCd+_@s9kJbg+BCk)rvYX;Vf!u*WEcyv4={LwtEkhC>Cgk{ z*>xl#WIC=p&hoHO)1piP4>dV?o70r*rJ6*V_}EZhA$jOh>W`!zjeHF)q|a7JFbAbn zw~~9GJC|4ewj&fKZMC-IJ0U$(S=H(~FbaZgkvo`VS8ei8q$ zifhubbos-F*p80op-_@-!=7oq=-6-X7#K~x1I7h%2Tw1lH_p3K$sYFnd_*FLhc)Oo zzW9nPxZQ~xi>UNOo2is{t%u?h?P57k0z+4a3Q|aqBP+l3>m%T{`N!FTkPoOs4}3?Q zUxV2fAOifEPscEO!AG(8G1{EDH`ZJ7o%!Lwk3q0wy)SbrQ$>suuC-C^v8rnyX>;-p zvL%o2i@|wI`8Fm-w@rDmZpt3<_yzVL2r5SzHEE`dO{>|ruY~2P&SufezyOHHxJigh zC*lykYetxF4w*-g>5q!Z$Rj+XKjRd{U%aCERScb+HyfV3E{!+t~aofo$Lh zVp~!yUAgGSTd$Q3*&AGDE^xSp$wsni*h6hd87TSPmnT511SPTvf^~kJJp6{Qjt7c{j-@GAi3>l{0Y(yFtyp)7vpZY%9Yo&8>{CKm9aLuF~hr+*I^+LSmQQ~cqj+Un@@$w(G&33H+J%*=C8GxTn2?l@1! z6cZz^o;_i$CCCbVDI}j6arvNr%3kdL=poBP+ye~3ZN4LHoOgintkY?sPd6ZEhUfEN z&W5&NL*d1x18`&0w$NG@oPCVdV_q5^f((=8P1-YyVZjro$VjS7z&Cx!TL|~M9jcc; z1eXrnaKnH@ZcLG!FsXqdKRyV)hsgi#qxbo{?fhETVTB=1V@(|axI)ZNJ@4`_LiqOh zyU&~o#%1U~d=91f>HnG7jW8h_I7?1BUh4?35lkPy}PY zX!E%T-gt}n*T?=3{Bdi0qMU|?#-Ua_S2-#=dJGEFedp|46%rz=b9%?8QHTkjC->7) zKKEDB)h$vLN!)#ZX@5-}(Fvhc`0t-sbEwVC%(SSi(+{~9{qtu`Z0rb>_3ryApBD&8 zNEjofKEG}LGj}0!l&_$zZDnJlJJxu2*$36n(8%b|u!tF|4~f)c{KpUPe@-d#xSKr+ z#xwu+C36B1uAgVpkPja|{EOS}<-H+&E?%h0n=+sOYr(EY+vdOK5!7l>st%nAnfz2f zVZ~GbpW|eIZquW*sF@(U8+P->ze)2n9?{(!|HY#F7_F~2vXeP53knLH#skjIT*<@e z@Poz*G}3>Y{4=M#JXUBkm4&d8{Yd zzBUopR6n}=jRvw}RW$99FOSfZsyE|pn{w;y&h{3_$;ly38-Fv`*Ufqz-oO7nw*5p9 zdQ69yFD#6nRiC=-on>D>DNDVEabDaEN9ix}s)u6p4zY4|tyO2>&CE>;gOT4RHz3(R z(cWN(M??$_$q^C`N7UDo-Bi2&N@}PsFP`f5s~T8E&WRjt$*Rr%oy}LXvmT4%zO;=T zhIYG*`c>?nDL7^AT<)_7T-n+WoD%upG8b)yuCwOKcu_aGjz%RE>1CpMC9}IBmqK88 zQpR|v2{21oH3~{IdgBh^UcQu!jFITx_2nry`j+IAKMSxR0%RXuT8eX>O~01XIre*;-P?6m)vnxgY={2H?>iAOQRA*}wlYM_kB`kd$(nQLWKNN_N5kXS!{ z*V_=586~!4-PPO1DUva0*iqk%zj1PLCyVzFmmuTKe91uY9~D86DMsZRY&}wtGUHS6 zp;MA5D4!Z^?iW=Jr=m_(+n(<2v2k#KDGoCgVA8yZI}_j>zhZ9Hqr{IrKgN7+UqBdu zNw&&Yw&mjCEx>N6Lvj5aCM!JQc@|N(19@;juQxFoOE94O;?VX9mbIX&I^R8lW%-yS z^5VvCtWUMf6S-Jl3(Cqu{5+j;OczR;7BS=O1K>MCo7HUX3+bzRkr@~PQ7W^^nG=4= zWST;5&O!&HIT6M^hVO;P$}?98s0yYZ7Kn@Q90#e&ot2(TWJ%C+di<%@*nZci_2nTX zb1hU*)1_?PCN$2{czkf~BIuL0o%{aE>$2B;p@a@i(7iea;v%?A{(m*Dx8ZMHnP*6{R6kwXnvlOSfGXHV~>e&#Kw*6?U@7w zQX4%a?zt|E2BF~Zof#krMMsweK^QSdJ7 zN43cj#>xbuYVV0nuTr%g>5dAqt)}Fjc)pay?zb%m&EL60Op~YhrwcasakbSsO(%-R zyJH=a#;2<1vi0P*Mhi~X8Ws$N8#%xBBA!&eOpAd@e>lcgsn4ucOV_x$3T$XzsiKym zRMZM+!o+`K92n7l=&i2p0P{Os>rJ|G!@V45!eI>P+P%4EyUJRCcZN*m2R!tXi=5)w z=9QaH)Jk$ee7auf>93vsN|o=nmGn_(@+Zeia9Id!X?J?Owfaz1EL)bYFX|;y#66Ra zH}e|}$wRNzH-A6B=Y#w?*s&(rJj&4Sk{W8=fktg1Tuh_@wY^AOM^g&@S+()%W-vs@NekPX+Ka>9`MLW!;u|CX zM@{vLtxvNq`OipU6}Ae$S7Y7unENEyxQQ-HBV{!<_Nn;hSXB?aorYPq)G~}=wLFLt zjr0*J=0XWMJPK*f?m!!oam_=#h`5v2N=o|r>KTw7s-)Rp1K&H!G#byYU!V}D@rNb_ z*A;%rVcn006uhF;w$*)K$gs)sml8#)55ZmW6#C6WrUO;NTqo;BYg)nk>?AY<77wk(A6dMQG=-+r#JI^92@1 zG%T~NOLN1(()W}cu^aw%x8wCpYi6~9TCd>kcQN6(lb-`)HlKZ=81ClrB%+ zaEF)so5Yc6&CV3825n-mJ_?(DZAl?`e97~{ckR?x=W?UuXUXqwMzYG;0Z;eXTNsWN z*6>X&x1e9t7aQw}-=zs~c)#^n+jLZp78=gQ#m$b68%3W@LG1!Y|KFMj8m!2278C5~ zp}#{FN|iA6k%TDSG`aiul?!XMxP?-YYuG}kAwA6Mun&Xdh|a(;88^tXp{ThFe(S0Z zI*0c`tddTc-1X|0E`dMxy7Admo>6jXa@G~MU5ic1bF&RX+2|n9tM&;Z&$`u1=yt{S zqa}LHH>^ixn<+W)Xb5BjBIa1AJpS_M6X!xy`rqHf3Qx^^a=7a3m?f^Hg}924OV(Zl6X@52025};_7fYC4BF@!%OB)Sbjva3rM2#NcC2Ge^X`Ld zquV}p$$^w;KJ#6|-t6d7GZ$|XQ(X*hK?_C3uCCa2L7Pb1H`?!tqY^}x0&kctN!7c_ zBiE)o!@M%^UGUX`>C1|T(;gZ$t{Gotr29QU9IU_pLscgSfnfG!6$?{VpSYY=if3Ye z&ALTxxZpZ*xu^?<`#H1cR(Jy75);G$@oG>~q01j=WV_)9NiNgR)XP{j>DWclc!S`&S|k2XuL7 z{19bzRo#7SMGalYWW3tHA~uY*vJmD++@6-qvJxtJ)(|8UV->qo`3yo+M*9H+s0UOk z;x{p@x#rGK6>sy4Ov#yR)GkgKK13NvRg-SE94qpAf1QH^6}jkkFQLg8ipuVn^)kIt zmPNkfE;BI1(XdJO6P&4$MC6Ke_1Pz*{%TP=6h7y#YUpmM4B{6iQg8HH9%qK;_t#HJ zQDd6~7>e7@78$PDMq#e2A3Bk0l&;y95uairi-=arPEMTD=$@S6Y4ISdw?B#?A1!9_ zSSU(RL%5r;K4h6t!|ZlEO$K1C5C|E58x2cA>D+Ff6bMQtsPR)VV@GuSmqwc&bd2OK zL}LcI@|nk|QJy@Jxq(u{k$UH%1wSZ65I0m3{vR`0&g$b4&((<-fV(Z--5c)e;s zNy*{-!i#q{>(QaHkIKQ)(VxI_2A;42dY+HBjdG6U!E43lZJs)v!m$@~fxOX35+ji* z|L$N6HMgN!p2Rq-Wz$0bm|LVgpM{cc*vqX>A(>bOn5yPZJB~wT{b)_xPTuWvgvS2F z0^#%PG=&gjI*Z(338R<8ni+{^<^4vxl$65V-*0>7JPInNQ{~+aW+z@{Wu+0L_)O*y z7&b#i1>Q1EChEPGQHE|3c+9wnT9dKaF0f^tsU$&H)_1r?Ffk)-=LCNpiWT?BbuwkI zhECp|#JHVa4_|H!)rbu(JK!PSzjbNPzO68ttxMCs-KxvmJm(5?7`sPFR1sw^~RdCo%qyiPHafBUAB$AoN-RSab( zzG_-sbkn1oa7_*<-`;$C&>Vki@x=A&Y`^CLWB%qXPk!RRiP>B!`znD!xCXk22!ig( zNU@erM8?+eNcU-owm|dxquXYZMzaJtmhzJ=`Zur}|JMT7RnI&$N17Q<&po#)Li?+1 zm(P9-C692upJ1%)!Ns`r;xHbR!7L5OG8U63qd4avGZTXTKL2hhZU`Rz$YfrNUXJ8_ z%TXCiCGo@d5#LEbB{*>RHF@%{q_35XTib13*UBm;`( z&C)oe{_(h9hO2rGC9NwSy< z{txP>crh8&+1r{Cv*w|Or*!&i^!OE4suYL{fhoHkA;qLRmVEwaJ)dUFRQnoKl6mq> zD&vsrMt>DQ3FbQf%8B4ph{eY%H&tdTzEb=A(MtPRkT5WKlAH5Y_Xq#Qztxa6jGG=s z_0p>e-o^s65mro`IE~`R>?<0?r%y|}Wt+;6+!wrPQx0mG-0)!^2qgCiN}yPeWKW#mOa2 z{{q#R$}9vjn%Js$5k#)AvDdM!As(Epi_y8lWox3?>kAYCenq_-K6dvlM+8SeYLoT@ zwO<{jzEp`FQnkgjE>YoFL0ltlk=*!GgaZ*8R16X}dXnr`3&=kSQoF^xHsmS|Jj=h0 z(M_#4Yuqx@?_tFTkinNfERN2G7HevbjSnt6yh{6bFF=4SrqT{hty=X3o>o(htx zIMUMOx_U8WE$E!}aH^h~QK=6nNb8Yb#nWf!31y-3TfD|IEs4KRg7Fbosa!^tp$Ld_ zoR-5$-6~ObW;B2w1xz;|ekI;-?Ofu6MG=NRF3pkM{*=3;%__+FDRLFxrZz))DyGi9 z^UqX;_0OZdQLgMJ{LqZE!%yBUbFP8euVUjujyq!=IIg9a+P)?{J1AN!M#%QPTP;i) zzK0VHx8yKSP`O%c58_#^NEn5mwRorqJ3x>K3KL+riq zGi=JunWoiUb5va~lJmsej$(*>KSQ~unc?(-uMRsm+1UC1or{>SQi(xE8a6&K7j{** z3C9`dk#09L_x6OzsgP7Jt0|q`dg9qa0+)R{%ItqUc&2i zc}Ypi`J*WgIg!(|vZLVcr&>{(xYT7T451W#us^&>o7NIX6{3@EbIz-o8Mc@i#deN2 z39%Dms`#+0Ik`RKe;749o+8JPl z$Bt|E)_H9;#Z8vL;kaXc*=DO~l{=%ohWg{bbfW15b4ggr>n*Llq)Q=YjT4JBn=-Rjc!kgQ~i zDeljm6QhLW{Km8Fo+$|P9#M}L5o`1t z6p{_oW~zN0MnI9H3ny-$VDDQPELabSs-mTejdhbMfELwfEvz<|dT zUiBGS@x_R^e!Hh~m?Z$E*f5tJ= zQx+3ty1r6;l#K^2S)zB!H{(~Um}Fx{WpvSSiD}mrwQW6@HLG#;4$o(+@?~2#T?So0 zli9YpyLOhZhC85`0$y`5NuEr}1;(fGgNyO2K=DhFF8E8_wVyX2iTAC(zCJvBus5D} z0SdguM@4r%vw6q&hkEr8LuNL-Jr1Q z-Q<~2I6b3<(b#TZfS0I0l%Sj954n(?FyOGHitH36ivDozAx^T7v+UAnT zdZKrBIeE|7>AzIDcv*-Bn(*%FG5h`*@-n-U>PLGo=|SgBeP|Pf|Fb=|t_EkPv7$r2 zuP)>XV{LG;Km_fXjPR?S^NkWY@6W%y7fo+F6}02WY{%s^F6FbmCS|o__d!mqVrUMm`$S_#LE8+1iHp`V57Af(2;HEq4?QR3t=?-Rl~7g z(2coxWK7HX4U2Y_`Qa7e6ZviA?Z#$tej}A16hYxFZ0~p#H{n=!CkgK9R9Hu!1{%lT zs&hH!hifS9`q;Yk5s&)4o?SVP;mhw&7lRdPB(@%sY4Y7W)a;#T=ycji)8P~^Vh0fU z)@U$$b;x_j^DBpYWR&a!@7cZbiL{Z+>LR|^77J6h3!jUNnYEoYD8o5_xAqS??PXnO zbrV=mS6iK!)J_)U+TQXBm^>c}I@5ZxXxsRAG`4zs=z|EduRbm#=EqSF+58LGJ(SJV zF|r5VBM%EEghfPPoj+)Lmb#-^1>U?FVC<{P%4h%dVWvMAb&oQR{gbEE7G17P0t5aVbiNss$(WPKrq}>g6Q@Pf)vAu^zieM@!3L*nGM>H^x*j<q_IwTG)KArTP`Ev*IqsQ#00 zJiRHzpnwLnS%HG*X-Uo}h3gNqo2cck%I@06_WJS(PPK|LRbGG>C@FNCV)u*a{^JFv zt~CqXU98&i-Q6{xq&t{=_ZNyS#=q6_|Jh>p{eN3y_@4t5WMpL2?Yy_nQD)$YXO8IH ztfRX7rGe%WDQW4gI?T#c#as>!j)cU-t$$xhdHPQ=;=h#o|LtU2UjHoJ{AWn+4x77P zy0?k{YPAEMc>mim{?|=+|K1ThrzvgGKm&!J8IY`^iiU7L4`s|$J#?y>o#%H8ombg# zedf9_Yq7|RCDf;8eI=bY<@HZ>VfagEyN|I0Hx}|zPTTz4hk}D*E#ImBpF)a{=36qm z-&EleZ%F&1n6>_6(=dMYwfUf3eb+!PZoN&;3$?1jaGN9f*Vos*Jw4jm+FUDW+y#_r0xmm8$f>cv zfB%k-@^Eo+F)~V*TO4nWfQp4^YKiq!)!^V@+{*s`exv&_2RCTX3$s z)9vNlt?2vrGcz+_LL|h*b!LN&tn3SambgZNHpIq>$S>!Tt0WUrG6Op&X%kbC#; zx$I19l$*$Y`ZV9*c1X-?z%aocB79^2a% zO4eO~7u4$ioNRM2-T(9FdsxOsMxLiLE-Nc5JxXBNJ}zN>ilJ%|(ScP>HiCDn2Ig@9 zb+W!hfvJfJ4NXmaTwDoi>|RY!OceZ7st)EqR-}{f78wx{q0V%3bGZxlI6gUfE?Yi1 zCWa6PCjzK6!0N(Y7iPLm=0jN}C2W)zYsoOw=cFBf^eFG~8|j zWI(GtE6vsAE&|vrF)?uk6h~Qh$4k>S3q!-gD7ehNcj9bpY^W7!Z%kFQ;=lsHjLbF7 zCM$B)naJ4XE!kdPop{}|ZY*sx%Mv!e#MxLv&e~;rF z&uc3OadUH%j%E?M{Z?5C0F(1lTS&h3-S+C#I~$izY>gJy+by&dXp~zB$^(O-U?i~| z=BO$CRu3px#c-+-AXB8r1>@+J8nm`kzSpEaOF1U0Y3uQSXf!Zf`TqD zwu(KD*1<^;Qc_Z)G;k>70kIxCz`?211P=1Wu9`k~}0N1cZZngVv`= z-`+Ux{NeYOmRorO##VDpI@H+KGj)-z23QIhgP_|FWqu~5TT{L`YkF)trAQ)EF;lS< z@|IFcO3DD$lKbh?r!i{OP9dP92^~$fL*Gr zUgJIuBjrnTJI|1e`118@K*!u1?Dpn5ZgD1pPTs`Sl=DfA*X0Q?^Wd@}l8^Gv6;F3` z#KpxCbO{Lwd8kKK)>GvCP7;NxYSynrM3P$#%vE(7T=((h$-y+=K1g3;pTC=aeby{Y;&aS0*#%|?`>#{1+i23C#Ec(=N&2S5 z?Qj(YeKP`0w#02P2e5o`4IFH24)-IoN=>iBRau^RA=ADD;BklN zo>^6&-6S#chb^Gm+S9O`LyFXoX2!-N)wXkg{y=*3z+qKWQxi_!MIswb`^kF`%1!$( zE-%p^-q+Ha>WrY1&Q$EpV^k}0+8pj2A0O}Twj9cm6(pB0FRrMl(EshHp|1Yew*@4J zWU%PT2h&Yn_4)bv64aZsjh6|0j^kD*V8dcn7*z}G92_{<**C_D=YUN$D=nb=i(-ih zDqv|o?(j&ZkE&y@8hDf$BDq*+CMM2hch^Di)78~Qdrmr#)V$!EzgfG!z7C>uMh3OG zczfN>-GOhO^5fIH%j*BF3j^<;+XB`Jg8y&Z`u`JQKs=#3r>S60l@&#o;77nw#rj`2 zePHjQA0_;VIgn5QO&9~8V`5_P7**GQ%YoTiwB>F+A108(yFT$)T_|@uP=unnL=aJJ z6UVB+92CoO^@==8*4kHDCl0>Kv}R7VKDc6b8k^XhY4mUbM;N4Ve0+RxY>=~!^>T5{ zOiT$v9?t6Ogwfq2l3$B0cBX5Ab!kC6iJ_?}uTjT$XXIp~NqjV`p0M}TSuhc&uE`R= z$b-o{2ezFPrsUw_atxhw>A&aTLn4#EPT8nYkg$k+Hv{F&<*DL$LX{dXxyRT2T z!b~AsE)l>fe2|z;`;!jW`VkgX7Etbp_vpSYk`c5c)@Si=>=%JsP*PF?m{4IclDECR zP0UktLeF6D=!pLOxp!ydm_KJqp~vYCI6%`S`d^ci^;}(R`ljS1?j8ef<-k10Xl*_L z@C=$2w43O9OYcM4Q9-~FrfmiarU-C?t{Pfa$HVX6zXKd~d2t~Z$F3sqfLi`TqIyCt&w#o53dvGReYT0M>zk4v-j5 z00f6t=8fI_TTxL_fMx+MvM@J~{r=q!q|e=^OF7E$0^P<75MTg$B<6F-sIT{Mb30${ zjqgtsXkT$adqy|_;z(K=WiJshEX2vlNkbzxEUaIg!pq3a3}6Pw!`0q{gM+QH;`*8z znRuR%{=4C0fDL3R^yg$Pw?^UZXfw{uQ=~ay8&O9$^;M?I#FgUQ~C?6CM`Xk zfJyzMre>Y}QX2@qp#KRC4b5fauh`)vShl~fuh%8A`sCy!Qf>*vRp*74N0eRt{mESB ziWp=cbCm_0x8JxOWW0U3K2z`V>C;OrV^h;&oq8TVzKPLM=bjjLIXStJ9pyDsz-Q(o zKRt_quiM1+Xm{uX>{5!6lgTN2(nHy?W^vLMhMSGZAQ zIbqemUy@~(i89T0EVByAd1L9jwx=6n@=b(rc*fx-hPLSW)z=`c7lV^?<)qfZHyRtq zlDi+~ils*uUQyH00U^dRsjjwm1_1+U4+CNeRpSO;UMNjBvD$-C>JFO2aY-rSZxBwV8=Xu!M;){NJin!H5 zc+YfqZvh9isN@H!kCAcfV5J-4ba`UU%F0Sc9_J^OSqDM~a9<=6neY7Jk{(Xa%R4qR zadX4Ut^2x#=(=fe$&F6K&g;l8A=suA0 zj)ceRMNn(KGtwQ$^nI@K&GDEXSShL8@tk3LS{gNWXP!#FNly$G5m7GR_nw{}a8P6u z-jq%b0mu6TCU6(!RzYtY$RiSRa?jDxM*>eN9XcZto#MGvHDa7=!;v~ZDF z?kbDZfl!ii!iFjXp^nV$`PQHCl=D@!gsK86drf?%kLmm_v&Bwx7(!*+LJ#X_SVDBe zTx-jqpEzXKh2wHg#axLbUBLVRswd#cSAe3YB&iVFa1^Vz>?SyBC~2;n$}uojVC{%Q zMlLET8Ss&QSP<{2uT-XD>c_K-3qUWRd-K1dS#%Ee_g|$AWy^zood$Uqgo4h_4RF9l zM@O@=vUVF!$+6r#Jb=em<>b)Q(6j<70c_7uSaW*>SPs}O3rkCB2tb^Tp66wNQb|xt z$;%@g*W>^mi7EXJj>sJ;@%R4#S@`Ec`n-K|(jE9c;1=;b)_KFRU@qpNU*IybvI5Xe zQ1j$>s)5}KD~(LnK`m+LED4E;SJ&1EaB-b>rYC;?{;C0h_z!@|0nh`-^XbF;wc15| z4*-pljpKTi2Et&n_k}s28Ia*DSrXuGlnyQ~rVL!qFfcedIlH^Mgm2CaV`Z|Y%Iy!9 zJHf*9l^Gs9_*xA3jaxiGeD>2d_V+)(efc7oOrWZvApySZaK6|Y1WrJI!gq_gq3G>4 zu1%!F*Ei_e78P3$-~>R zJVo>f)QKyQyy--yD>;_Dc_gf?Q_Ej4y?D%}5DCvveC_|6or}wAFwGZ2+1cCM2-*)p zRtTVHWwkv&SYg5sf&-jWTwGjPS-I-#=jX?)Rn_2megKe?mzP(iOL%fJ49Ear=|S+W z?(WzHeOA_DfF;3MKH8lV0Y`?L`xpcQK;uV7?Ae7cw>gm%`^jUm7VIlHJ%$e+JfMAS z@$K6;;Q4Ey4N_l9oQa9a)6+91RVh|x6wvIHl$WyiS?KA_Mhl1zYXHUZ_4NgvrIUq3 zgoHmMBe4d754miQv%4J_si}<(415fiII7Ej8-zgI*4Qr%TO1#6jR81u)9?i+SJ}eG zrccmju1N?B%ul6N=kEA-XhK{U{N3d{Nv;~L=h$y4)C16cR*-! zdP<@hVB9++9iH3j>s1a-e@p zRVNOdoaLV%pq*@u$$O-N?%h~UQ$;1E#Ds)~#>OymA+UTKgS74iq=gDnCNtetGB!5$ z)vH$kIKjih^nmC9Bo1;B@9nj_;CrQAf?8~cMAegR{HiO8y8o> zq=~tCt_*EFKQvDHz6o95CkjpiX3Qd^s^Fe6y6cz!v;Lo27#WFfdbaZsk`+^@7 zK+nw`DY;NoR752ndbQwBF+n75xMm<`W z?j(v)pmcns|0enhU}^H&?Z27b;LX27Ln{t$%F4rsfkHo}R;FtmfhfaA8k(D%tC(Bh zTt1een0o`%E)akP1Oylv8FQ80K|X0{5Hxuk4F?DBIk_NxbT^1|1k9Ss%E}Oks;Vl$ z7XZTRfV3x-nRmi<;MxF01cY5j72ucv?l7{j0Kc#YIwD90-$YY`g1Uk5qr#v9h6A|w z^XGRXiA@3J;1KOeIq{)37_X3M#(!a3Z6TEVp)Ec6YlUs01jw_XTq0{3_wVhoAL}uW-wD({W7*y8pGZjJ z*Fr$1OYXnjh27>KYTTdYFy^BXQH&v8dMbMNF+ZtjNx4gLMQacwfu=yrVFX|8I`Z2} zhM{{;{t$L6sVNfpr!G*L(aiu~<8xdM?(_HFD*0EjfS7Bh|Iw?6PQcx=8Z%PW?waLM zn(HC$#|0pcC=9gHu>89hKtX{Y@dW?wx=+!1!BbJ-sN&+5Sz38fAtAko7QT9Tc`xs- zrZ_wCppxR@9k+Ps4znr!!{(c(Qp@@0@74^CS@F3I0S^yP-Q+)a8oWiWyRyK+$p_(b z76F4TwD|H{RWT^PyBiB!1b6EI8U{#0BA?@j>fR=EVMFXqi!lP8ih_KdyJE#U-AupV zhnSmx#QaV6>6vJ_*^;uV4)WsScnex-c{k4Ww}<&_ncF`c`YKGn-1|M~%xVXc4N zF_EJ8Z`t7g_jZu~S*rPeH$Y#!*-=j{C$Lm!XD4L1K!cNxF8d$Z=!&=WUj-4h76xYK z5q(FFSgY%cW03FiDiZqFV8i4hS>%F4KhKQ$~t42}@`$IpgCpJUs3 zd*5_LG8%Klp0of8f&o&oTfviG3JMB<43}0`dR-^}`?Gm3fr_X6{%XV<2!;&~D^fq- z|MQDvf8X72g55TqD1kEo+|#1#RZN#Z7|fgpV3;;N*!A(nK$} z@b>cb6g=b-7S_Fdy#(ayVuaq^a6Xy?@9y((a(awJo9VHk-MzKP1McHj6L?(=p_Bw` zl9P*)pjH{<=i_U<@djZT$UN`R9N%35rUj}&172k+vuv)8tE)%?4*#Ldq|HtR5zIc+^uKNZF2Vpb04ZilcLYb91r&;Y^qO$WZ%uXP z4hw-c4!1f`ednau1D>Bpwm)KGXgE~sXo^H%vJkI6{Z{XBS_A;51odA@%VSkQwNzE3 z^79!FmE}V(-0XM=Bm3TicRtcD@4G^$^4$S!2GGFL(sI?@OMox34y=(?p4a6Mh_que zZlf=NlIsN*rVIyIL*>7X@fA!@G?@=1c{nvKJiV;hQgc6)$zRz~NHY?d0f$Hm9nPL!?CxVT(jKs`JzC!r~`Ep9mz zKty!};w^y@So4h^=|9{9)et~=#XT~BTH^@>7V%Kh+~2w*XhcNdp1`{YK=(op z%YdND6;5?_bPQO}fvwTZ`I3_jXxIoS!QEc1i9lzb z7zL%jnb6J}lwi;vK6C;b3=}*7c*VrTCM^Mv1Nu|N$X&Z@@mXZSd z0w5TONwYu<&GW?v$O`J{SYBPNS8ftwvH(yyDH$2~MSLdpW+tqlRsg#zN=j;6c6AFe z0gqb&$_NZlbO2fWF-Y!MG7!9gn+XWi15^Vf9R=tvTr`!C*M{_v9oT`A61X|o0Kf$O z{QcFYrrf>B;T@x+svgfS0nG!9JT9BpW_lbfEtE`vi((A07dmQcK<`XJ`9M-qvZn>i z5Eua9EhHeCJ)X-zEdwc%gX5qhoCBDbUUK`9t@z&eP*0I9)4LxH?t5(VT!QX%&{lY`v>g{Q%-1bhtg zu(32TbO5k>llK9&+yMs@Y$vGb_@t8H{lP+`)=!M1yJ z?5M0MCXf2}M??e=BiumYCs(=7b>9G48HCS#A>wgLGypl^LGct7eVK|QwVvXn40!=j z4m5a=i-ot1w+q=l+IG)2cqjkIeZ2llAiaUw&$P#?Z@*JY>{1_LOH7^qo{jIOc%fkK z;^v+FV`5^$lrDa`b9;Lg@N7^C0!tMEq2~YN?LEM;{{OdOmFfyfB3qG^70F66E)Bb3 zW|JfliHwYrM6#1r8Ic{8y+@KHdt}cwIIo3sK#2bc_+RX1-s6XVL?v{wS5-!tP`^#dYqxp)%usmK! zySaP};y_V~i0#QZv)#eLVQOlM#K;{!jCshV_B`uubIe*A3!y9&_gG)0zCD(9r`Ixg zrlqj35NaxH%jYs4>!>(AgHlsdfvgr{hYt-6flH}>c09CU3}6kQKXi@-pqb<12GOE0 zdgF;_B0!<{>*!#J`NY#1gfv1bG6CP}=qSXU|Munibz|f6`ufG!JC2|}Y;L|-@hvqi z4S0JA_*wj}oQbRJDwZxOz@oB=jg7^>4f>6YjJ$pOc7A@oG*jG3%FxbkF3Y5f{2&;F z7veVT-X>JrE>Ezt)*E-US8A%fH5e2lU;@c1zeN z8Jm>!aQXldSTnZT_lb!iKQO5+EiE7cCcb@p8X3v+ktZ!RwWp`Ydne29Z}lv$8K9CS zB_t3MZWi>kwrY4aKHRmBnT6$~loY>!029@=(jhERFxa@_jI=aRu-&{Nxay;qKjaq{ znwy(zX=~?YXP-KCDk3_%AxczPQ&Ut}_@Yx8v@Uq#8bnJ-B34#hiiJ2hX(*mK(L*8Q_g-v>13ACT3<*6N7tmhJgCh z90)u4W|QUwMWF3OLNBs4uH@UdZ(UtoD8DCGU&Tl{$0sF;gO#Ls@YZhh)An8L`@Ig+ zDPfa4I~Rn9Ym57DI^cz;ewI5FnBdsw$OFY4f%{}2A9*J2R+x}5f++ZFZVurVOoCCd z(^0dJG&^?qqT<={+XcJ?)*RvqaB-uq^LSA!tMtrF!3RVp8F!>uHyxb_<7*lkPq1wf z-u=(~!JzI;B|_7eXz_;5P90TMYh18X-hMAEq%$v@BxNqd(eL%E9-gJ6qw6|y@xle5 zBLPpIXcT3B1egr!mlKNxyyVfNZ&p`b2OY}jtYap(vqq|DsjJu3*2)n^M@B5JUk_E_ zlCuF$VF(OSDUp|lXNR{yeSLkc+1uP)F~8~|TM6tC5D}=DIB9*OqN1E~(0)N4Lh%4X z7teEV%3H1j4dD#7u(bSSCakx1ClMb3@e27C85gJ;xKz}KFJ7<*E3hI#%FExM*-%Gl z{_*2Si-icnLB&4B5QT(SuebpelzD6*sjVsGWuq#ZDeFM=6B7~&3J*`Zn6k36g6;1q zSzTR?7=TR;2>SD96{ibVZzHai@A7mmmr+72wl$>J#x!?EhQCaEQ`3$eJLCwW;^NSf z;i^Q$#fM+2V?BdcTL}Z-{UvK)deVvn}EdN&q{WB*>+)2Bxf z1U!@QTe`ZsOP8hI@$mAJ64lIL6>c>|FA*xQpdVT3|1vI%wGt8%^5hBKy2jbFNdSGa zvg6~4S;z0;yNAxbcm_2P$NS+~?sG3zFBdI|^M)zKoySh_%Jj7=8qdunJRn{ICJw@u zw2O0?Eho*g-IDg%O0hRIHqPL>K79Ca>Cz=+n5B`uUO`@7r%X*vFI?E|ZL+YikYRYm zb?#_PLwHb7a(X(_;X#zOZ*-RIvH8u>G3b}2r0l55LQvWf9#lJ`wR32f5EbeeELl%l z-mtFDPK2`=+6r$kyhRBhXDKOtC8bXYXpOZp0oA619&8ZAUqIon1@Fc!YXlbBy~U!^Nm=R zka0-u#uH)^wbZ}@M3GGNQA_gZ7ag{j?5(I6gea-<0bo6#>T`>W0MWld;(*ZNduqs0 zB!C8sGBrJ&PU?yfqX=_`=5wt(87V2CtgKg$2G;QL@?HekqoB|UjK1;bQ99@!5J3p7*cVQAt87ibpS#mgkB`=c$H;hmvz4%yGzi+1l$fZg zsfm&-NFf2C*8Q3TcPQArfuSMJg9pQ+q8@Fy02l`eiJH*U64uRTPHTEaw`6fOh-@ebzD-O_R904^5=2=v=x12!8VU4HUHukV zkR5xtjfuy+Po6xvwz`VA1yM;L+lgXC-bz<~ZeIa#RLLvg;LMI(; zQk>YHfTj(#4SFeP4ltKawQJXytpxgquVo%G-X_4+ugl7k#WW>YA%} z^}Ww-MC^)+3J7J8^JTz6m39!~P?_Uu6O)oaFH%nDynA;G;2p^J==$G_i#31zD~yd9 zKMc_&&tmyvX)d|C7o`o4$qG@WrKA7@sK`UW0<`_v^bIdB?@aAmI*P3uyAj?I z9EOI6PXwsT%fCcOhWw~u?9ib@>WAqDW2{lKqq;)8hAzZ5(i{!6dkJ%xQuVGcHWLp8 zCwl>GzI*o$1e^~IpwzmLACq6d{%}=_vVUB~z@P+69>Si6F$M;P;b1IKZ|`mFfr}YM zyMTJ>$!%Mu$0LEF3birRgvfboP;<@Nq5j^tZy%_RD_2Hyu6IymzI9o!N1{laJ zY6%nwRXk0xoD@@)sv)47k7R^uMT#l=Cehd%&gmX?-2cJ<49hT6Ki?(Xgrl9DcW?ojrp zsGd2)&Cmb2zduGT>FlXfpkZhTUMN%^v!Cp$tTcsG2h_lTtpp(smmN}T=H|ABx_)AO z+=1o;{vhqKo}QB8+mN_d`ab`mLyq_$_-<5W$l$0L%`|p&VE3s&bN0Yz?%Kq2i zNFgL7G+l#>z?C6m z8x+_jD(CivVi`iCa93u%z2rAAXB54^e^0$=bg2lO|KQ2u-kULmSIW=?1n zQ1wB$WVEYh<{*}hC(HbAr7?RI33xA(J>L!y_g%x^cnT0yQB{#P79U^HYNjmy@vhc@ zk_4HoU`u=ZhjXdt57VJ@tuSCC{mYHbOf&tZAbYe%$ki< zibI@t)($qZf>KsI@w)|dle)M z^?$#p|NCzht{Vl5TX%WMbiTV9IPfM5J-Gey8N4RGzH>4D`-4qw|BJ_xol*|3_p~@M zxXE1Z@6X(oCj9eHWKEmj?f=L3EXIfK$Pv!nxqIoa>Yglim*+qKB%A#ocdc-J-_gd6 zh6n%kPZ?AF!zIXP@4r9e_*1^Yb%)J1VFs?{-zN`~-gCFGNBrBs6D4^s$v7!U520}B z?(DbE<$VDpT#|;PUHKv&Qpwi;xK^gWJ~m`D0zrRuX=J$kUw6xrK@tITefyS{)gHdq72csudv!4di+e4= z0WD)>c(^ze5Bqk+UIz4sXoW@wiJEdRf6$XBKTECu-sgFIvhE9z*6HXRK62!Sg@r;= z%WfiyT9i2W5@DW9J5T{-4ud1yr!8tH%SD%DSQ8PS%)sd!-Id zCWv2`6Rf1Gy?bL5lkExc2sA_l3D8hZzPO6~d?&F=MJK0(qtQba{ts%2#xE=(kgoNnih3AS(o1_`Qa;w&rHqBMB|z;NO!aj!rn!?o?lo%tx;E3*YNE4JL_&S&R{q!p+u=iFE=O(XbZ@A64GN#jNpL- z!=s~#>FGVGUm;otOh%~6f~Eur@=9xpIw})LZCIpT^F2K)k^I2=*)L3JDk|2ds3!q; zVn1=)3JP2VuKuqXf1k12mLAG@hE6CjoSpHhtow?YIOz850XUAD;1zl*6pYWSO*y=f zm0v+7bNK_+AU&>#TkRPM%ti-^&X}ZbtsVLK)5_~Sx^g^8+tI>8Nq|lu&?2Iu`tomX z5u_8*JAWRv)fO9@X%YkuC5p{#3&MXNHr{*c1d^6E1ZF@MfD^hNWF;!-=@lI# z5xj5O-uF|twznG=*lmr8s2iSzyl}ovlT-*WGt&?une9ti@;YDUzSe1V+srHhxJrc1p93o> zp72F_-vFj#A0YKf8?1i+J~=I|=EDbo1CRXtJls6~E|nFrh^t*jmc02UQJ zO~5sv<^-6OJGuV`#E6!byn!`-K0b|YZPpIA`sMC#tFEa5Ds@ZZ86W^xuc8dR1T;yY z0-?y2a$BL}cyIa!)%k;c#*9ycgEwt#AqBy^9+V&Nmie4{`L(MH;>T-1JxFs4yuA3Y zK^Xau@83Uu`n0mV%;AM#fZK>PTLw8QN`gz5z6xfb;&y~m9Pk|E@D($Y<@dJuo-*w& zn?NK}QB(W9uuxxH8worvEfI@&-!b#gsFTp?qtX-=747aFLSc=2LQhABO~S~)pbZ27 za3^-FSJ1#FziNsdJFbb={biA28#uGR{_G1Fyffoej1_=>&r$I@LU`XZrq0MHj9o}e zm*(bzvj5WFo;zvp^I}7L1Q!iQvB9!#Sps@E(%27L_LEFI@W~sUpKr`=WE`758dxp*jV#Pc?wWJmkiod+5Y|(#`uI~LigGFqAOhf#|&8sJ< zIR3A^WfN~_^N{QmL(i^%=DDX+%v+?vJzTrSL&S*ZWVn(0_^W?}C9;`}!t3lpFV-n! z{$34Ptl;-gM+X4&=4NLjq`XQ@+!6lJ+k5B%HVxz_2KlG|@pGk`;aAGh6F^2oh{J=; z)16;myCWBulES0X_m^}dD@m?1m+L9>D5FgKNA_=2E#%*V*QIk$O-jmh2iy3g;|I#( z^E>~(=3VyoD@<9>pZ7vwMt%-m>}xdgv9UsKEB1167zcU&+(6rU_dkAgy3t_K6YIoE zuM;SvYV}egHfQld z14glR!UI})cainJ=Gho^TO#+l9o}+g#%)Kr2VwOUK1kzn12M|V>gvQ}Z8P^w{_){m zl*9cu;X`{s?dIw6o`#*4^r===xApwxZ?I+)4}s3C>yt%ctaQ&NhjPvDTF_ z8ThWO-bA0;1|0)?cMqv!SsrEZYDA5F-_z5@3a0L4>!F2qR5}rPd5+>aJ#6`|B0VRz zdZ>gRl+@!(k4oWgPh@Db&F@_PLr-a-@m{gNWeU`=<7C$rW8=oKqibpNDeOLeenl9) zYI=G0#OvRZIh#1lE_3%DkmK-bMB9aYfkB7f%X+KS1qB6=86v+;{9Wljud&3|Rpn@5 zp!kn70>lf88b<0P? z45L1oQ65P7Ib`nDI8o*NGGm1ME6;wfZdo62~ z_sr5SGwR+FIj5-QTDRFh)uk`s)&t+jo!+`nGAKnaSy_$VWA$om^=EphJ+(_=I_JN3ScC8sFi@C$q^ex{B9Aic;A9U)<)H23q z8*L0Nf8W0%!yvwK`*25kS!>PDGf~g-r)dS)3dsWle{T<$a#k0RqtzQp9U4@SC*<@B znzK1}EXTk9ylv+dUs1z}r)Mq_;_{!kY{b%PQ8rXuG^D9532&>Z`n2Twxk~ZcEEoOY z{%GB$6AcU{>pC{EsvNXU7Rm+JsI%W%PPMCVz4U-zK+_kWXhF1ldE?2K`SOB0^c|cL zcEVip8D)9{vrWM)iH=4ZJRf~G#MJ9=1bt50++O(7xvGBjMe%E`C-nV=3co7vKN3&D zouMlmm9*bV8~!k$=Wxm5Tcs%Cvy)oazA+{S+&6jm73-j@;8v2Y$qmK2%HEjFNs$D; zM>Y~qGt>7Qc9i?6C7&i7wUnUL*KqwkM)m#dntm(odQ#J$$7jmws@oh`DdlR+cTg zOrRC}X?;46qDl!UdWdgt+qZau5xuHlxwoN2#i*K`JPG zzaj!fSd{2>$tjXjCRTuP%MF3D^ic<;UYe@k4f@(0zr@%Yj3!gqZ+5Dj4tD+S;%nS= z@A^Rjfz_S2L}`fK4ST<*D4t>!yY==-w{z*o^UA_jnMa9-tuo)dp&lK{urm;?{rGar zw{seOE)zfAX+x#Pw;I@zACXWP-K44Q$h>u0sQ6br@1Xht!`H74yWh%d$~_&`-9Xna zKD(RvS$FDlQ+Clh_ksE=js}N`gww?t%Npf{V>T-tx+Ue&S00QCOip#Qhi>gkr48H_ znGtcuXi=N}U4UNy`+mE(#t*iybsae%$Hnti)#Jg_ZLh~2oudcuFGb~z@2tG}qD=dO zUPDPqgIO>CLeEgy2A%C>aL-XKyWq3+-n*WB^~fQ2Q!P3fhfr`&Egls;MNi#;g4 zoYF3GwhR9|Vq@)f-r;0JtIF-^6kR2)1?WMzK0dJAgTMcn=Wupz8yQNGaTcQh2~4-{wo!pYh@O{$mcUTo0pi zV>XqkrHQx4by5d$hZ2+zr43cZ6XLSQG-vm*{9gGU;*(tXVo@x^WSmY@*jMOs_C;Ox zw0qSIH%<{f%acvC+iuo$e~jr}4LkM+ngk3Q+Dn#bE|;%g^vGxm4d>*o4gNfz?3sP7 z)%eopO*@ZozI48I+e*dxR>lksl(@%L{W%68W4}8RMLoY$J%`jM2_T{#^Z{hBvWpB$`w=^l{ z9J&3-TQ|i1^z4o*x^-&qQuB&a^h~LpvFjQK*py7ow-6OBcuRcIRa3h7`KC|$>!<|( zND)oq=i7HxE}W)h-!RqIbiNi(ZD882lX&N*CR@!dFzvUKWcef0qh?ZW))Z8Rv0Dna zwomh)W{UUAkUH%t8%A>?FR|L2^yl#h>i8kM0!)?zlDwv=#vQusx{mdgn2>P9sPu6|a3@N#q@+XlWD)GZ zdwsZ$_5<)EFl=;^SUjlP(UR+6?C)X&U`-kVIUrRi^#PAjI{G|(cos!FN&&QldzqMc zSnr}UDlJ{d)EO%)E6CjLGtyVTutI$RMlkon=~JgL{8JC$%)r16G_$8Bgh0stW|)SA zT2!GCr6ItoOEeq#qgT^Y6;iJc*~sYGPTXF$b8O3Xu$(9mSuQ)Fdcpg<m>?mibTK_OU|8bR(@Ry$!}cb7 z{CQ_wuYKa z(~-F>M8L{Tdwj{8`!i`dAMIXp^`c2l9Zhb2zqM$2#KC%dMQd9dFiAAZIR;z@dBkq! zS7vO`cd1k1Z68$yB zgXYv{XI?%>hJs$?dV4zR_OIF3_7Ia36GxL`+(E8gN8kEqbCAMDu_5dhYp$RC4TlMh zOP6?@bPWxWNPi6s00j%Ixpn)tGzN|US|?o?<+pqLqkkd`E4xE6ZOo=T0YuU!O-`o`7Wfq`0VpL_F&jy`d%sG%~q-|FsP&Rn<~^2|x~PQ_}e z?5*=2sj(yKo6_$8-c3w>H1dcy;E2KIepTm7rrX2zNjV9*uR0O$Y?SJ?d@TACuOxqo zlfTfeaL=T&fZ52qfL{I+?=Bggeqk@_85z>+MH8QsCs@gAnNRVSE%75XH8&j{ZS)K; zT>_@$jPMPp9z&?)Tek}6gVv~gfNYYLo2#a*te0ghx4k|$Ek8fv%%7{IQeNw|{xXOb z%8pApmSF?4faJlXxI&zdxR}3xKa^We;9;)E?Y3Kdnw9BZ2 z(Ndj;7?nypyYB}}^zu|||;|&k$ZCY5ITb^wr(mD%UX3ncu zIG%LCvbu~g>K_w4 z__6NNwc$6bzSo<*85Mt|Dsp<6C7XI2=|EMO5YZ(3S;f5DRG?yF?&5oaUpco84vTb% zcfHZL(~uZ{Gp#ux<^5>OcT;k%GqUPz7RsyA8#%fCQ&+n5&e7|;o{!@aEWH&eHePo* zfNezY#TTWrn8Oj-V)Z?;pOBT+fAu@7IIwkC%NI%nXI=KqrP53&oL{zXZ~!b!d4 z6wWu7Q}z-qeA6cS>Z)n?^QyHU7N$NpxpVWZ6|?#yRFRsSiq1%A(LjfJ6Z2(0ybjqGkT4TfM5x z<*iKdpRM?)$gI(e7@ z1BF3HVj54d=#%xx{P_LybDgWcT;8tX7PX3Qv$DQEKA_<_X}eQ|&<$;++^Z5P{Gi@^ zI50(n_$TlDkE!P zG~6pGy|ts`&+_u}pFiq{pE&$zx9%@p0|GDaO?5#_3l1Tt?CjpgnipLlfsdFQfmRoc zLgixRF>&#jV^^usXo0*%vOBSdMB?p#TyFmE&I#}7is4yct7lw{|j^$?dyBj?;LX0MLh|IS`;oR`g$ zbe`k7C;R>W#_zWvT_M@siGiFyVkXzFG11b_y`0XUYR~I$!h5e!Gj5qG`e^pnr++*p zbD{#4@qd;dj$KUt4%f6XOh)CGU zC=~mT>n0;RN&f%ITjPEHzT^MQrTzc@E#kx^*-AFxb@!YvcQ($C@LcIq;B-LEf?4}((K%z z|N7Wqe=F#}{%kE>-7aX-3%SUsAA+_Dg9a=*y2y3eZm-`1lTL6PfJ94C4uEIR%q8*9 zK+YW%h2qJ~<>sG3{(>z8Mc%^g{R1+d4P!v*Jvy^Y%3w19;ia*0EOY|^z!B5WdCzv+ zltIA>>?7uc;}Ibt8je$m7w-s@k-5kk8ur0W#A9Xr5PD8EvXHV{LtC39WPCsbSzQG26@XhLm=n?;${p`gPaek& zMZ2mGWp->rVc`luOQ`B0$3fAVmz4!eT33vH6O$7X-q+SbcLvb@^y%t;_douSc!A@A zikfO$6=ZGT;Bh$1bVQDfm6cIeU%JFpCB(!OiLM7d^&}n%^v$S-om3&+ zz%G>r;fl||N_`c#1;XWt)J!w{k{9r2I<$Kic5~PR9|B(j-5dl!PLKfHxdXr&^xa;1 z`e20w}nXlm+pN=jsCD4r&} zS0m=f&cU$g{CPaPt*ENa%(CsrFEab*y05uhyEcxID8$7Q0O@$dQtUPefoOIJaVVOg zZF+L%Wv~JlxK9wA4l_GQHW4WBY$cwdr~CZuxcd1QVPOs^5r>9MG2IUeSn~Ocs3@29 zRp)K@O^l7RuzYYE!H7M0_z>s7V8#YlzQ^}H`*g7f-;r<@Iy$b^%2}skMA>5ZHQkFB z?LIx>0g48p6Qj2^X6*2WOS(X-r7_Wi*$Rk~jqzn|P4cgijwv&%rN!;%4h3dLl2=MT zFEy^%jHLtRAu3SRClwB7K`@XaHOkaHtFN9k6jW58a3QK4gRl%j{%-a|=wqN2*}Z4a z%O;B%y|iB-3medys6iM+Bznd|Ppzr0{tF6g+-*4KR8T@$^OXP6(D=ABh@#E+vM$$9 zg8<*XyTbe({Cftzf6vFQN9&3`Hs9=iw{&v@o1lJv7T8xHiD2ZwI8`*`wv)uZbx#FO zao)toh87E3?Dy>KGN#usItrrxtJ^()*5hv>tAT><;K9=>DxW`nqTt{AtR)^F5uuoK}Yt-WTFN{|po zEj@^+f=4qoJp2ym6CUyoqk8~J5g=$784p91glFW{hzAbunE+^fA#`SAgZRt?GmZG} zG(d1ZKFXNlO_C|lu(wenbQMAPK8er)O&nNqOmNydI!7?UYAvLzbPz?_w4L${`ya! zKr2Q`IlqPU8}p+;wrd7$X^5!EVGhUWjRe3ZVM|se1klpK0kQxT-#Iy=Lk>WsSj9u6~e^S%4_o#PC~utFCmEUBsh zp~Ec0d)K~Fld5e_;cj~j3=E)Z9Ar>Cd-mZePJ?_~6HH0CySvj-B=*unCL6>dPeTNp z2Rt3O7JC>CDJ%7%lPBHKmBLmGfeDQP2}S_1hpB*9@Q{j&y9q=nK;H7sGfZCQWM@O_ z4=Pw)9o~A<4$d;G+R(+k#5FN9FdWL~A`PD4BZ8a6UWPPt+W0h86)MZWFvQ(Jp}TxM zJQy)~4v-!pzqh9c9qw04vqgaTpnNf}EJxT)AO}E-FukZ^1uXcnuW!oh*M@J+d~FK` zqBu6+6M{JxX7CqOq{vod(Iw%dz&im2PkCRTI}{(7V%yDMowRr0Q0!5v>!NfFK*s3l zF~lS-99ayDF;`vNw0CW69+i}+aQTKsZ(_ z!{LKq=PM{FxnMK~tOKfLXbB2a&#nLJDz&wjJh^}W0Jv``L1ChHyT+);+ILN6mB-t} z=|=DJ@lxx+P^2KQAV}@RPj9CA?D^dUpA=p>bo!QEjg94lwh=1dkPXTTUxSiQPq$J~ zAcWQy{|vq8@NZ2s;Ne>;jFMye0k zso*l8&(%7AzA@tsY6jQ{+7{?T3S7)}^5pXhV=31q*!Aej%U{OG5jGSWPW%RZk}PiA zm}+;zC2@qq}45Ji) zQexmBmOE%iXc_QdDE*SF&N;!j0W3X6TTpOe`WpSHV*ZuAewxrUC&?jSV^RyN7M1`Q z7C|MTj&aDqz`&4@W-JhFP4Jg433=<)6F+_+E#M0iDcz;E2xfnfauE8Yq@-Zafq(mG zW(Q0iDBM-%L$tmKUYO`p;r<2UNrP7temtF>5*!?Hs3?T8`|st}>~MFPBn3|afteNe zJ*fV#LBInsz0;=?)?L|`_vv})KEcAs+ejHY?i>vIvp-^-*MyLQ z^z1OuiW&s79@v5z85vt!Sf={RAOfCs-i_-=p@q`vrjwJCt!);Hnn#b6@;-1MIB?m@ zN+qdfYj`i@+&100{<8b|^>S69uSAi69DsERKMq(xkyK-U9}R2_@pPcX#lPa6VdsWv zi13gQVIiTJU%#OF9ss$9Oi07d{yH;r17fTlnb&P>VuFHZ;9-cV9AyOs$Z!x;F);zT zDGJKqS~Jez&Wc0Dk&$0fv>_{WH8*2{3S(l$HJ^ba8wSbn=XqaKgF7r7se)V%(Gnw_-XgByu3xozeqpuvPmmL_jKY#+)1dx5FV~sS*^Ck_2kz0W@pcX z3?Y#qnC_Q+zJ9+*@FD^F>b%QK>{9HRpiJOu*jq@yq-{o4x+T00HU#sFi~YsU@8G~m zw1AcYqTdL(6xcl6CL2>eYKKA6^o$HhE>WdniqQD#)sAktP5X6`s15}6Zk}O-Tk8f~ zSCRjR#|6n^>7`?gAUbDeR^kjsYD4Jl>)yR-zukYxKk{k+s*=e5C*9(I2tocWW&DqC z<+Cso2@u&V-u{QGH1?tFHmF6oxw%W&{;FcgzH^}4{M*C)cVF{Adz*c>XGykmZIaMh zea|PNXv7rRLdv?}zq9~QO-UxpCtk$r1@2fX@Yh0sY-ZA!YKd=~eey8@SJAc81mxlp z=U=b*hOGNh*kfunJ12)EoSo{XAnQ*pE$yqTOM@6QR&UjhdKy0gRm$(%bY$~~vAu2^ zsd|*9bS+-WGOmDe1IZ)RSg6p3FZP5nBdPwuoG%2*2*brfoSZ{Q2%eIt8aZfv!6Eww z2G%IUwI$c4|41?oWG;L6dXp5lh-6SzHgDI0*&0el$Ujn3QgVt!jvr^@KtUH9z_L4FH9CH4iC@hy z>?W_aCSRx=CP0~qogRat5Zb~Mh6c7X*>{p{fOkM?M&RHLOU=xbvFVfAxzk^58%S`* z-MinQ=(p)V)W{rNk3Tt>nTRF)}z%5>A53Px&j1;QrKw z`VOwqn0zWIETm{xQdM%DjnX`K<&mouz5J!cnaFZOu+HPRFIS9h~GiNX(l~-7(tE_w- znhVr!MlOjMU)0g*#3i6uK%cRgXvuazaNxx;FkQFnxm+W4IM`t|x`UjIyZ{^X$)NDDCi_pr(tt}I}u zAb7cBxl0mWE9TXY=%1^2>?WeS`ByKifVW&OwVH#33A4#RT-QE+RM@)pf#8*LB%$P6 zOj-NwP+Q4qGTUQmPkSULXd3&GX@A8FyTd^PZ}=7 z^Ju9J!g54ic%qClb_-&mh_EmWoNI(s@}Je3L1}~$IOM`t2?@wzD8_)1L7)1utu3r( z7|m-Q0u>4~5oT4VYP2li^hnju*ca=sZ%@M*9Nuu?YWlNGdL{Iy8>Le8oAvw@4m^ccN}9TGT}7Zei~*RDC3znt_$nZIiMiUm6WG9}m#qAS8C zLFI?IFJMqOkF1MWjC2(X>qR6-m=BZYp}u`)Lg5Dn3!z`?Ap9_;U>1hS2{d5PVj%68 zl$7i{>0)MLBA0j()1+g=!!4&zP!u*JDd6_Nwunn#2Zd>-kqm$Wtp|WrGbr>(M%C}$ zA(en{HIUeb-R^?t2T3jpC^Xa*4`AWPAsqP(QySXZq@H2du3cV1d3kvm8P*uR3#>t) zL>C?w3yZLAMn*=i#sgUN09VFlouJsoz$kR$8C{vl$>qQ917Ni7%;J!g)ID?N1MJvp zhPQ6tUi1F_`IJ`lMsP)9@Ba=HZs=ipnwy0|4WZ>4&_k7VQB$+J2%|s~e=!V_2^{tl zG%D7N0GZ5%Bk`Q0(W65cjFA&p+$r?`CMIvtEdqrY+7k)+H%SDu8c!NMId)9_(j{lW z2B>=^=4NJWsj4udc=dCHiH*%Z^lfZx0*4NXf4{7p9LIqJF!D3SU>oWJ ztgR7S3A6){-54x*dI~mmbf6}yDSPKEWr$%_h2X@C@ax zs5s`jWLpu}w-*Dgh_zUS%dXPI058a^iPf5+Le|hhi`g2n`A8s=wRq zJ&!w&F&BIo+kzgZW9EpSsCeKv28&${@F-``ZkHiU{``sAFt|LJEWp;%g8T|V|=ljDrxk~9gAJARA%#hcErUttG0hl^M$ zh2j;sid;QHF~A9S3ESA=>7q^n)4W9#XwTvGJuns#zrKw zR&*x-sBo(YanGKyIyfx!^yp*9%E-uEy7VuF2@|_55c^DnR#z%WZLKI${ z+-4xFrIl-Kf^ri2XLy35cZR@Zwi0y!z#@L5(pBIw_}9tY52JRNlSX>$e=u$XWJOlC z9M~Tq*S_ZFIcV66i=mrDIgWS+XPBj>!$bu|#c>FQ(R2SoUPmD5&c$#o2}#A&(^hhF zST{*|tQTAV!N?k(IgtQYLxpqa&Sl*|i41u!qB@3C<`LbYKrfbpFFu^ZpJ84f^ORe| zfZOJQW$XAcRQUj5C%tcCE3>gZ$BzZFh+{|C060TTC_ zQ>U=NDxvj31OrrHgN87KfzH1C%NMnv!_fU;R)P@oY?*fOe$sFhdJEjADU=Nn5jx%S z@t7I>-t-bP9|*JS>;}luySkVK zSLeq=0do)$yj7KyEJ4Hoo`E6nUaCx#iZB`TImHPNXxPV=wCSQqbK>@=2?-C+L`E=E zK%>7DQHhdk<|`ep2$>g&nlxj2uNl<`=C1LbWo6~$B=N5S_cf$6q^Ly9j0b*Gix8^l=vY+ViKyy`X+Ka)_%f3GC>tXR z>s!n+03Jm)1XPWY@gN1R0A^9r7_yq$5ebPUBq3nnelxrftYf=j^if5{3b)6A@iCwn zl23=I=x!n!JI}|i7`T8>nVg&nhB|RgK(bB|V6;z5AV*ro912Fz5CpX{O5FZn^X}f@ zGJt0?-aNd^hEGiFc7^9wR73beN9F{Ot9F~yC zN6b=H72xLn(A0Fn$ztN{Gl)u1x8nW)9|XCOTp|w^0q?tuMU09A<0=qq@(u1SwO>VO z9d6-5L_;=$3+0Jr@6Gv`&L(A4byfKNVmr?oH6bCQ3zIG{gYpZ#@q zGujdG@Tg$Gr&lzj<)-dGbSNAW`P{7DdlRs`sL*urob3(hW=PJ+sD7vD74-J4oxVQn zI-`gBz^zs%DRv^sIu^Alk+|6?4YquqB#8(nQ;JLon8<+Dzz*qKDH^FW%@FpA3w^f3+lK*$2( z_S&%rs|o1_kmEYrq^$%ix(O2U`T;mB4H1!r<)|t73+sUz#ct9nakM2kxURn3kWnag z(Z8n!O(IXk$p^}+s%QnjA#co_qo=BZcW0oZv@}~2+J9_Bm>n#gbw@vkY=IClTTp2x z%(NjvB+M?a-WI(7<1yeY?oi)-Y7*>$j!QEpU>Wd8r?0Csy6;r%o_p;gIPlR7%NheR zRtwc4Fc8FyD`FN&pwLsWha(|27BCjZean_P6m%2 zIG{dzW@TZ4QweG@tFF$1rm|$t2ds>do^Rbc7F|D;@3x8AU+dB(-wiD@Ax3L)UK$pb6PB%q2Xn|Tz~Nmu zvPX<+(C9JHSulB^$}RJ5q7YqWJxDw(BZI?JZhd)n9KBvmrqc371z<{eN_#%Do__va zr;!iEJPL3$jUXFfAwfPZO6%LYypIDZ1cB2=Puldo4`zB1-$32uK70>!w$%PLtHa9D z!{Lc&bl(`wgQ392_31Ce@r6?xfiXPsA2~n1ioNMe%;4Ch$dN$1wdp&Ze`Qtj1xuCP z`thwk7g{r;yev{hHwna$|7zxJo{7d*=PFr;^z|Yr^u_=Vi;j!l(s=p$FlB?lah|_Mc4AFzrTNG zb{OCt&YapOYWW29XV1|0?@pti=$FR;>em`AyJ(;+J^^kDiiF2o=Fv@`u>U?2be%uu z{o1+!BkC+b8I0_Gu$x_4vrLthA}*`FRYmT16$KNZVwUy++uP6)k;Jc+*Fp* zY>soqfCT#BZGwVi?ppnaD+CSz_(^S+2Nki#5XvRoR)`WC-Bn z6jWy3zoh1*rbxAaW=`$;%tIMhoN|OtV+rP((P3c+&j~O!uy%BG)P=tF{=rV*z``Jn zwS%fEG4w$4e;5;lGA&3Z5BfV3d~#r#AN;lh!_@@ya^(}9{1VX9hT2-^pZ&6XrWS1~ zViA-v*NBh_;-=j~1l_#%1|>7X5|1hC<_cd)*O~~vtX(o0h3`8*z)B$Zde!k%7+EM&#kc6k$iq4 zIbuXng7Ww0NNf=XBUjv6b67#cezbNh5UizErlEnM;nd(@(^5j%>d_R`sDPng0HYeN z7w>6N7A%<`@)IoGSpS113lzg!c>?q(n2IHk7%=rN929H?M0VNK6rIGcsiJAvzA&EK z^%1`Dq}gTwPPi~U0dFrak^=!dymd`cMPcP%%D0UhEC4%*ggwU~*J_zltpE0n$J!4g z*fx7#+XC;aygrxf01og2WgBbLIPuB0LD-At{S?QTpf96gx7% z7lA;~K~6)h`dIMmG0;Ki?oeUi%sDis@-LFE=@-zL;t7KI2U-%wg?OxBIDV(Wi2pOH zK_?&-jv1!fX>9;QaPy`i*%&?-;Vs^M;IaF|P+)g$6O6`YHLg^aPy58)Ss zPmcWAaNjV#dCpPbUT2<7j8@tj4*8-IfC_hc(#8XkIvGPHN+EQ#v_oTK+FDw#I)02+ zw-bFZ*@g}rb||$!UV7004SU>88cRGtP|z2EVHS5kx3lV=)D2o@V9TdkUZSj_0?2oD`fCwR|a)S?gr=g{`HT2^5Czn<`oW- zn}F=4zaFyx`9I|!dPYNh^7Ls`5ou&Jn}!zRRAjv9fBscV4&VJRU*Laz?H`-ON6|j) z`UxpfoBj3-tvev40iQ0%VL_Lbm7$?H){5EeyJu@yXSO(rj+>kj3MeBIN(?ibEM6oe z0G@S3GE_W6_SqD-0ZTGJ?Wm+=VRG_E{sl5JI=|z_p~nKsgi8#|FoQq57sVN%Me(}# zGmiakhrAet%@kUCakdGtVg%4XBX_(i6+>Y4Y|=x^zY3XebC{YYHvaNrcw%l!#N7 zM4=fl38Y5I31~-P>ozhr7RYprTSB6fwPq8U#dDqQt5!=;P653vv-4G4 zgoYw+MM6V~S{0LQB>EiWW-sg(XgK-#tuWPw-H1Jo6EL0*`eNU+oVcCNM7`w^W}j{% zV8W{g>H@?rK^(&3bRDKKFc}1|2h<;aeO@%+{?PTnP3fGXVlWrafdleWmkbTr_wAE0 zE+;$2x`ixu!IXOGYY+%M^dz9JC^;|&k_$t^ziAqp6wt9=G=OW6V_1PW&Aw~TG{QM@ z`@)n&Q7J+0(P8^{!!rWj3Vm}6v0rCt`F8GD`U*Cu2Z%utGoT1i-oVj-)M}qUPs7aY zqWuuX4NOoO=;9qp`tCKOLBO@(ojyW0yXGC#ZUG1y)cFOs)*qk?z!2;z(zp?jJlzWyIJ_87x@7BSz+K}f+DUM^ zqL57iXht6mi)fHLfF_-3$`f!%`DqMS^s{+}_l{r?!P|JPvqpTzj5V&9Goq>x(BDU#x}k*H8kBn+bL`{!T(nJoU# zdEuY$^m=>G6U1bhtUx@97Pf5NNg$_KqN5KHuyA|}K2H64I2)3&v)wA+HPDvukf}mq zoq}WDrR2=ZqnAoZz&+R)(cY!<%hA{pID%@*@^L`G5x5g7!=<{~l)7`|@o=U}W(Sl8 z_4$CT-hzWtRiOf4wY0npkO68*(K`W!|!8xM!DH$yM%CIK8!IB#$`C_COQqq zMeGRE8UQoeEJOe}lo@TmdKJ4}Jem_1goueCLKqT!LDGJMuJhdnj1)&baWk`$#mc68 zI_Z92SmDlniepM)<;L+PMrL|^97q3Esy&xPgAUa7Q-eRm>h|_nurqks(IktUF7PB0 z5)xFb5;N%Eh&~`wzMvo^1V=}A!=MJAy!K>Eb90}|4}nm2wkN0)@QbjTJI>Ah4M?=3 zb(>`l=*ED@k5@tGA5;usf!LN6UT1){;FD=!AmD`{p`xG=fx`_jfvTJDPA2=~%x3rB z5F1njLYCQBJ_o;RsKUKyAiFrs%e#U~2WD)L4v*ZJF8=jp+I^8k;=!;QNqE2Lb8UFi>Lt7+TbCxHX3duHoQA-0Up!&7~B8`jQtPM7*HeYVo`uW==ae@ z0G~myC;9-`LDK+JVvxEDAy3dHE%L+r4JUL88Q*0J*hJRo@`hsQ>+ro3(`Y&%u>jvc#&5a8bp=>$fsqi&u>nHu6TGdmjz4=Fqf zocmyQmGqUQmG{&eyU^Cn;Yd6eG=M$b?Z?jgb=%<)Hief~N4 zif}2SRS?haf!`lYY~Tck<6?1)2RMg}o^_lj334?t(ekV^aPy}f4H3F1YiA_~;LI&= zhum}=-S#Xuj$5BWbjPK)gBTo!e{C?kAv;D?EV{j~w9f2OGf@(S_? zDo-H&*fQX2U>{35T9ssL40BZ)n*DjAYc8^(%Wc=;q z#0u7ha1(q7@CC1#|4X}nRBxP&Y^yQi1_nl1jA--U96CPv2d>~CnLtIqLnDqy{)7e9 zfe2C+4wHhtBD|IRSHFpSEY}%fhO`+CE!rk162P0_%rkL7rtUx2HZSgBW=5_!iWyW6 zFWn4k0zs&cv`PVC;Wu2IoG`m6M}Sc}z~&-YGLMXyIXW&vAo8nqC)xRJnyRY)1=pQe zL%2}8mEc2j_bT7&rN8vDNyP2Vv3EVZ_!9(6Ft5)OC?K7-`|iL$BEHUFJG1{rwfey(RgOU=& zLD)WBJ-t7F{y;1%CQmZebF%-uN#?G0D7!iN@DiUFs$^#WZx`xF%6cp@_JvF3>R0~z zm3-dF`x%^e+z2fQLPKsRdz0?}seUi6{tbcSZvb7{ol}hy2M-;B+hUZ(3~2E%r7Q6j zo5(2M^ZFz`FwFFbxS^ZTUR8A&UOYq}6u%{KqsPMcSZRrYmn$OpPA1akM8Qk+5iDJb zM-7I$3@v9$T3Tq{`b^a>2z~8t-xjNnBP0I5iRH{O?PTaP$yfPPQd1%3Vu29_;BTlN zfIO~`d8{Wv8I4vI;t>qY0pdZZBKkm-R)!`KiXX%*3<%)FLZCqy#SN8Gb8%S#omlU3 z*kTk^&}*3M!?ptRBDga+yO703RZ($vejW#O=OiUvg<^&#J~h=6RXtuF#C8Z5&Vl|& zayLUE3-3c?@5^Wg4UrX}!jcrHfiIxFrXgZyCWDv!AFZ8xP|ax=$4}NOv*EZ!$>rFy zL*$myB*ZC~Hk8Yrl1?Q|ZEhumP_`nbY{hN~8*9|kgb3N9vsofhX|0_)C=$Cll2x&F zw4YaIcFgRB+4`rcQ|I#gz3=;cpYQkkJP!)LA_@|pFJ@RDr|toawVt6Lz-#<-l=RK> z@=B)J9MlF|yWn9QRbqJh+77(i%-fv$ z0|__Yx#FzboJp{H!@RmA^&OFMBQ`AA7zZd-AW%N>;g6AS*d=rii;#kl={Ko};@Wd! zLoLwH@-hlIt_KKR3UEXPi>`Xlilc5BCe$^Ya1SP#sWhiYO8{v~k8Wlws#7FDDDCS%nTe+OK#(Q2$Qu zXWQ_s-#Sj)1RHYh_v^OQY)@bUJ&6dP+=`y_7*S}wJmraSVzaxiBpCI>F3OwN>2!D| zwip^S=WSP366LCoRt8RsUj<)B3Bc}EBd)D>T@*8=^!df>Np;FA{Wm_3 zi;0=Re~&-Yna+dscLy{$pZ^&C!?#Drtom5_VN^0ej~&hwtP0muooNz2XZvb(dOka= zqNb(^;M6UYBq2#{D$3e+McR1tZSY4OMSrdWMY|3>*NNA|h4!1v|M{V1g(~%&1GqCZ zpef1z$k?z*X&!@=TgJN_E_98`v$Rai#?86kL0%Ce+kHwh;dB0M^n$*vulYBL#@jqo zrN7?{8%~=KnrJj@b$e3UO{_#YFf0P6XlrX3pI2sB&&Q}J8KvJW@tm%TWVbF&b)EJV; zrgn~ml45;w)q{FH^X5i!t4hEQd#0%g+c$q*^`qBh#`gTh11%qDAn}{>9+leyoT8^kkAo1zme2d0p^ z?)oXBR-AvC!Yf`nnC_K(URXY$$>~}LyoNGLO-+^Nm6ndSwQa%#U4Loqgf3HWk~ms_Ka+7QWz3}$AB@kJV7 zc}gTeU?>-HGe9Q^`#Gk4^U}dgi)OYw^&u=&94`g@AOn1blwDm_ zC4R}MNz&|s3o|ifkSQ$Qh0}6kAZpm<}h8iBvyWmGWpz^JNqyi6=s3@d{N~;x} zG9xG}X{@hTomeDh9uUzORDrzYV1KHWe_HDFYSYuqwoONhk%mEjxc)h_Fy$5pOcAyT zJnWb$aaz%q-q64RqE9p@k>(W@)#BE|l+i;G-Fp-SeJ7H=$X=e925=~@O)Q}b;m*2; z`w~3YI~oY%8@dGXAusC)S_aFPUc-28JnzIw2M!vPkNFDdKdj;Er0%bSV8H(gg7V~m zcj2!t1o&J_WH=(tCg-2;XKC9SY5I7mR7~-#gNex1HI$2mDBD(0DGH|yX1TgPeDtU{ zon6VraWA8hA@N_jPr|#^G(9WpmsocO9nErgAL4w=nA!klnNEf&!F0lhqh=>fI*{TW z`md!leO3|IoqJg_%sS_NS33mDFtz-hSE-lC6_=4^m=9wzfhWB zIIbPqFRlE8T=lx&`$TD?oHVXaru#C;eQ}oJBIFKY?$n%|PrV)}j=~D=p^J;l{m$&D zuk4>*h;GmX6(J-R*oi^3RL%j0F7>6CKEU)3rfr+M9ruRciwjD-A z6JEF6wRrjPtwd;r+pD29sHPYUZ|S^3Tbl09&-9Rl<$)(U!AgR2hMSvb61&fwNyr`a zQ=&2rWr33gmDPq((y~QVrPZ^#AwhCjCDg_ATbT)&0-^hg(++^wf71&w9z0UY_QQB> z*V24a?#SkAW@90H!T!OtA%u{vGL0kVe&=0gBS!|HgpJ)t2j(jLW~8ZGX28JFxsXWR zO|h2|N~xtCWn3xpTUx*mbDT{%%{Svi3YB9e6ZPCaT(A<2BW6TLjazBzMzEVjQ1$fC z&=%ZwGW#vquDQCc&J6B%39Es{t(-geverHQG^ZFTEY`<^;o%qTcNj^f$6=hoPHYJ4 zJ8KtWYEwi(TR2Ren%hve1dUfiT_Ii^455|C7mKe7_8!*FX0Ux_+p=zHFSjZWJJ^Re zFZ?V0+IeRPgyT%g6}6?QUz&BWR;pCm2M_8QA2nv<$>^5F&qIi%evXAG7_!%KNXV}6uEEtR6o`l3M>andsHb|ZB6&RTDI=foCedN0)a9Jj0=f0a;eUzt?q$t`g zkCuXo3baHt==Hs PfW&d~OoyWi?=SuY90Wiw literal 0 HcmV?d00001 diff --git a/docs/addons/percona-xtradb/standalone/index.md b/docs/addons/percona-xtradb/standalone/index.md new file mode 100644 index 0000000..6eab121 --- /dev/null +++ b/docs/addons/percona-xtradb/standalone/index.md @@ -0,0 +1,656 @@ +--- +title: Backup & Restore Percona XtraDB Database | Stash +description: Backup & Restore a standalone Percona XtraDB Database database using Stash +menu: + docs_{{ .version }}: + identifier: stash-percona-xtradb-standalone + name: Standalone Percona XtraDB + parent: stash-percona-xtradb + weight: 20 +product_name: kubestash +menu_name: docs_{{ .version }} +section_menu_id: stash-addons +--- + +# Backup and Restore Percona XtraDB database using Stash + +Stash 0.9.0+ supports backup and restoration of Percona XtraDB databases. This guide will show you how you can backup and restore your Percona XtraDB database with Stash. + +## Before You Begin + +- At first, you need to have a Kubernetes cluster, and the `kubectl` command-line tool must be configured to communicate with your cluster. If you do not already have a cluster, you can create one by using Minikube. +- Install Stash in your cluster following the steps [here](/docs/setup/README.md). +- Install [KubeDB](https://kubedb.com) in your cluster following the steps [here](https://kubedb.com/docs/latest/setup/). This step is optional. You can deploy your database using any method you want. We are using KubeDB because KubeDB simplifies many of the difficult or tedious management tasks to run a production-grade database on private and public clouds. +- If you are not familiar with how Stash takes backup and restores Percona XtraDB databases, please check the following guide [here](/docs/addons/percona-xtradb/overview/index.md). + +You have to be familiar with the following custom resources: + +- [AppBinding](/docs/concepts/crds/appbinding/index.md) +- [Function](/docs/concepts/crds/function/index.md) +- [Task](/docs/concepts/crds/task/index.md) +- [BackupConfiguration](/docs/concepts/crds/backupconfiguration/index.md) +- [RestoreSession](/docs/concepts/crds/restoresession/index.md) + +To keep things isolated, we are going to use a separate namespace called `demo` throughout this tutorial. Create `demo` namespace if you haven't created yet. + +```bash +$ kubectl create ns demo +namespace/demo created +``` + +> Note: YAML files used in this tutorial are stored [here](https://github.com/kubestash/docs/tree/{{< param "info.version" >}}/docs/addons/percona-xtradb/standalone/examples). + +## Backup Percona XtraDB + +This section will demonstrate how to backup a Percona XtraDB database. Here, we are going to deploy a Percona XtraDB database using KubeDB. Then, we are going to back up this database into a GCS bucket. Finally, we are going to restore the backed up data into another Percona XtraDB database. + +### Deploy Sample Percona XtraDB Database + +Let's deploy a sample Percona XtraDB database and insert some data into it. + +#### Create Percona XtraDB CRD + +Below is the YAML of a sample `PerconaXtraDB` CRD that we are going to create for this tutorial: + +```yaml +apiVersion: kubedb.com/v1alpha2 +kind: PerconaXtraDB +metadata: + name: sample-xtradb + namespace: demo +spec: + version: "5.7" + replicas: 1 + storageType: Durable + storage: + storageClassName: "standard" + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + terminationPolicy: WipeOut +``` + +Create the above `PerconaXtraDB` CRD, + +```bash +$ kubectl apply -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/percona-xtradb/standalone/examples/sample-xtradb.yaml +perconaxtradb.kubedb.com/sample-xtradb created +``` + +KubeDB will deploy a Percona XtraDB database according to the above specification. It will also create the necessary Secrets and Services to access the database. + +Let's check if the database is ready to use, + +```bash +$ kubectl get px -n demo sample-xtradb +NAME VERSION STATUS AGE +sample-xtradb 5.7 Provisioning 54s +``` + +The database is `Running`. Verify that KubeDB has created a Secret and a Service for this database using the following commands, + +```bash +$ kubectl get secret -n demo -l=app.kubernetes.io/instance=sample-xtradb +NAME TYPE DATA AGE +sample-xtradb-auth Opaque 2 85s + +$ kubectl get service -n demo -l=app.kubernetes.io/instance=sample-xtradb +NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE +sample-xtradb ClusterIP 10.108.43.167 3306/TCP 111s +sample-xtradb-gvr ClusterIP None 3306/TCP 111s +``` + +Here, we have to use service `sample-xtradb` and secret `sample-xtradb-auth` to connect with the database. KubeDB creates an [AppBinding](/docs/concepts/crds/appbinding/index.md) CRD that holds the necessary information to connect with the database. + +#### Verify AppBinding + +Verify that the `AppBinding` has been created successfully using the following command, + +```bash +$ kubectl get appbindings -n demo +NAME TYPE VERSION AGE +sample-xtradb kubedb.com/perconaxtradb 5.7 89s +``` + +Let's check the YAML of the above AppBinding, + +```bash +$ kubectl get appbindings -n demo sample-xtradb -o yaml +``` + +Output is as follows, + +```yaml +apiVersion: appcatalog.appscode.com/v1alpha1 +kind: AppBinding +metadata: + creationTimestamp: "2020-01-26T06:57:35Z" + generation: 1 + labels: + app.kubernetes.io/component: database + app.kubernetes.io/instance: sample-xtradb + app.kubernetes.io/managed-by: kubedb.com + app.kubernetes.io/name: perconaxtradbs.kubedb.com + name: sample-xtradb + namespace: demo + ownerReferences: + - apiVersion: kubedb.com/v1alpha2 + blockOwnerDeletion: true + controller: true + kind: PerconaXtraDB + name: sample-xtradb + uid: 279e90e5-7596-4cd2-b971-99e9a3dff839 + resourceVersion: "16218" + selfLink: /apis/appcatalog.appscode.com/v1alpha1/namespaces/demo/appbindings/sample-xtradb + uid: 5aff9236-e886-4a0d-b767-85d639cfe7c4 +spec: + clientConfig: + service: + name: sample-xtradb + path: / + port: 3306 + scheme: mysql + url: tcp(sample-xtradb:3306)/ + secret: + name: sample-xtradb-auth + type: kubedb.com/perconaxtradb + version: "5.7" +``` + +Stash uses the AppBinding CRD to connect with the target database. It requires the following two fields to be set in the AppBinding's `.spec` section. + +- `.spec.clientConfig.service.name` specifies the name of the Service that connects to the database. +- `.spec.secret` specifies the name of the Secret that holds the necessary credentials to access the database. +- `.spec.type` specifies the type of the app that this AppBinding is pointing to. The format KubeDB generated AppBinding follows to set the value of `.spec.type` is `/`. + +#### Provisioning AppBinding Manually + +If you deploy the Percona XtraDB database without KubeDB, you have to create the AppBinding CRD manually in the same namespace as the service and secret of the database. + +The following YAML shows a minimal AppBinding specification that you have to create if you deploy the Percona XtraDB database without KubeDB. + +```yaml +apiVersion: appcatalog.appscode.com/v1alpha1 +kind: AppBinding +metadata: + name: your-custom-appbinding-name + namespace: your-database-namespace +spec: + clientConfig: + service: + name: your-database-service-name + port: 3306 + scheme: mysql + secret: + name: your-database_credentials_secret_name> + # type field is optional. you can keep it empty. + # if you keep it empty then the value of TARGET_APP_RESOURCE variable + # will be set to "appbinding" during auto-backup. + type: kubedb.com/perconaxtradb +``` + +You have to replace the `<...>` quoted part with proper values in the above YAML. + +#### Insert Sample Data + +Now, we are going to exec into the database pod and create some sample data. At first, find out the database pods using the following command, + +```bash +$ kubectl get pods -n demo --selector="app.kubernetes.io/instance=sample-xtradb" +NAME READY STATUS RESTARTS AGE +sample-xtradb-0 1/1 Running 0 6m56s +``` + +And copy the username and password of the `root` user to access into `mysql` shell. + +```bash +$ kubectl get secret -n demo sample-xtradb-auth -o jsonpath='{.data.username}'| base64 -d +root⏎ + +$ kubectl get secret -n demo sample-xtradb-auth -o jsonpath='{.data.password}'| base64 -d +5qtWP192NLD-nwgd⏎ +``` + +Now, let's exec into the Pod to enter into `mysql` shell and create a database and a table, + +```bash +$ kubectl exec -it -n demo sample-xtradb-0 -- mysql --user=root --password=5qtWP192NLD-nwgd +mysql: [Warning] Using a password on the command line interface can be insecure. +Welcome to the MySQL monitor. Commands end with ; or \g. +Your MySQL connection id is 48 +Server version: 5.7.26-29 Percona Server (GPL), Release 29, Revision 11ad961 + +Copyright (c) 2009-2019 Percona LLC and/or its affiliates +Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved. + +Oracle is a registered trademark of Oracle Corporation and/or its +affiliates. Other names may be trademarks of their respective +owners. + +Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. + +mysql> CREATE DATABASE playground; +Query OK, 1 row affected (0.00 sec) + +mysql> SHOW DATABASES; ++--------------------+ +| Database | ++--------------------+ +| information_schema | +| mysql | +| performance_schema | +| playground | +| sys | ++--------------------+ +5 rows in set (0.00 sec) + +mysql> CREATE TABLE playground.equipment ( id INT NOT NULL AUTO_INCREMENT, type VARCHAR(50), quant INT, color VARCHAR(25), PRIMARY KEY(id)); +Query OK, 0 rows affected (0.06 sec) + +mysql> INSERT INTO playground.equipment (type, quant, color) VALUES ("slide", 2, "blue"); +Query OK, 1 row affected (0.01 sec) + +mysql> SELECT * FROM playground.equipment; ++----+-------+-------+-------+ +| id | type | quant | color | ++----+-------+-------+-------+ +| 1 | slide | 2 | blue | ++----+-------+-------+-------+ +1 row in set (0.00 sec) + +mysql> exit +Bye +``` + +Now, we are ready to back up the database. + +### Prepare Backend + +We are going to store our backed up data into a GCS bucket. At first, we need to create a secret with GCS credentials then we need to create a `Repository` CRD. If you want to use a different backend, please read the respective backend configuration doc from [here](/docs/guides/backends/overview/index.md). + +#### Create Storage Secret + +Let's create a secret called `gcs-secret` with access credentials to our desired GCS bucket, + +```bash +$ echo -n 'changeit' > RESTIC_PASSWORD +$ echo -n '' > GOOGLE_PROJECT_ID +$ cat downloaded-sa-json.key > GOOGLE_SERVICE_ACCOUNT_JSON_KEY +$ kubectl create secret generic -n demo gcs-secret \ + --from-file=./RESTIC_PASSWORD \ + --from-file=./GOOGLE_PROJECT_ID \ + --from-file=./GOOGLE_SERVICE_ACCOUNT_JSON_KEY +secret/gcs-secret created +``` + +#### Create Repository + +Now, crete a `Repository` using this secret. Below is the YAML of Repository CRD we are going to create, + +```yaml +apiVersion: stash.appscode.com/v1alpha1 +kind: Repository +metadata: + name: gcs-repo-sample-xtradb + namespace: demo +spec: + backend: + gcs: + bucket: appscode-qa + prefix: /demo/xtradb/sample-xtradb + storageSecretName: gcs-secret +``` + +Let's create the `Repository` we have shown above, + +```bash +$ kubectl create -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/percona-xtradb/standalone/examples/repository.yaml +repository.stash.appscode.com/gcs-repo-sample-xtradb created +``` + +Now, we are ready to back up our database to our desired backend. + +### Backup + +We have to create a `BackupConfiguration` targeting respective AppBinding CRD of our desired database. Then Stash will create a CronJob to periodically backup the database. + +#### Create BackupConfiguration + +Below is the YAML for `BackupConfiguration` CRD to backup the `sample-xtradb` database we have deployed earlier, + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: sample-xtradb-backup + namespace: demo +spec: + schedule: "*/5 * * * *" + task: + name: perconaxtradb-backup-5.7 + repository: + name: gcs-repo-sample-xtradb + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-xtradb + retentionPolicy: + name: keep-last-5 + keepLast: 5 + prune: true +``` + +Here, + +- `.spec.schedule` specifies that we want to back up the database at 5 minutes interval. +- `.spec.task.name` specifies the name of the Task CRD that specifies the necessary Functions and their execution order to backup a Percona XtraDB database. +- `.spec.target.ref` refers to the AppBinding CRD that was created for the `sample-xtradb` database. + +Let's create the `BackupConfiguration` CRD we have shown above, + +```bash +$ kubectl create -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/percona-xtradb/standalone/examples/backupconfiguration.yaml +backupconfiguration.stash.appscode.com/sample-xtradb-backup created +``` + +#### Verify Backup Setup Successful + +If everything goes well, the phase of the `BackupConfiguration` should be `Ready`. The `Ready` phase indicates that the backup setup is successful. Let's verify the `Phase` of the BackupConfiguration, + +```bash +$ kubectl get backupconfiguration -n demo +NAME TASK SCHEDULE PAUSED PHASE AGE +sample-xtradb-backup perconaxtradb-backup-5.7 */5 * * * * Ready 11s +``` + +```bash +$ kubectl describe backupconfiguration -n demo sample-xtradb-backup +``` + +#### Verify CronJob + +Stash will create a CronJob with the schedule specified in `.spec.schedule` field of `BackupConfiguration` CRD. + +Verify that the CronJob has been created using the following command, + +```bash +$ kubectl get cronjob -n demo +NAME SCHEDULE SUSPEND ACTIVE LAST SCHEDULE AGE +stash-backup-sample-xtradb-backup */5 * * * * False 0 38s +``` + +#### Wait for BackupSession + +The `sample-xtradb-backup` CronJob will trigger a backup on each scheduled slot by Provisioning a `BackupSession` CRD. + +Wait for a schedule to appear. Run the following command to watch `BackupSession` CRD, + +```bash +$ kubectl get backupsession -n demo -l=stash.appscode.com/invoker-name=sample-xtradb-backup --watch +NAME INVOKER-TYPE INVOKER-NAME PHASE AGE +sample-xtradb-backup-1580023322 BackupConfiguration sample-xtradb-backup 0s +sample-xtradb-backup-1580023322 BackupConfiguration sample-xtradb-backup 0s +sample-xtradb-backup-1580023322 BackupConfiguration sample-xtradb-backup Running 0s +sample-xtradb-backup-1580023322 BackupConfiguration sample-xtradb-backup Running 36s +sample-xtradb-backup-1580023322 BackupConfiguration sample-xtradb-backup Succeeded 36s +``` + +Here, the phase **`Succeeded`** means that the backupsession has been succeeded. + +>Note: Backup CronJob creates `BackupSession` CRD the label `stash.appscode.com/invoker-name=`. We can use this label to watch only the `BackupSession` of our desired `BackupConfiguration`. + +#### Verify Backup + +Now, we are going to verify whether the backed up data is in the backend. Once a backup is completed, Stash will update the respective `Repository` CRD to reflect the backup completion. Check that the repository `gcs-repo-sample-xtradb` has been updated by the following command, + +```bash +$ kubectl get repository -n demo gcs-repo-sample-xtradb +NAME INTEGRITY SIZE SNAPSHOT-COUNT LAST-SUCCESSFUL-BACKUP AGE +gcs-repo-sample-xtradb true 3 82s 17m +``` + +Now, if we navigate to the GCS bucket, we will see the backed up data has been stored in `demo/xtradb/sample-xtradb` directory as specified by `.spec.backend.gcs.prefix` field of Repository CRD. + +
    +  Backed up data in GCS Bucket +
    Fig: Backed up data in GCS Bucket
    +
    + +> Note: Stash keeps all the backed up data encrypted. So, data in the backend will not make any sense until they are decrypted. + +### Restore Percona XtraDB + +In this section, we are going to restore the database from the backup we have taken in the previous section. We are going to deploy a new database and initialize it from the backup. + +#### Stop Taking Backup of the Old Database + +At first, let's stop taking any further backup of the old database so that no backup is taken during the restore process. We are going to pause the `BackupConfiguration` CRD that we had created to backup the `sample-xtradb` database. Then, Stash will stop taking any further backup for this database. + +Let's pause the `sample-xtradb-backup` BackupConfiguration, + +```console +$ kubectl patch backupconfiguration -n demo sample-xtradb-backup --type="merge" --patch='{"spec": {"paused": true}}' +backupconfiguration.stash.appscode.com/sample-xtradb-backup patched +``` + +Now, wait for a moment. Stash will pause the BackupConfiguration. Verify that the operator has paused the BackupConfiguration object, + +```console +$ kkubectl get backupconfiguration -n demo sample-xtradb-backup +NAME TASK SCHEDULE PAUSED PHASE AGE +sample-xtradb-backup perconaxtradb-backup-5.7 */5 * * * * true Ready 13m +``` + +Notice the `PAUSED` column. Value `true` for this field means that the BackupConfiguration has been paused. + +#### Deploy Restored Database + +Now, we have to deploy the restored database similarly as we have deployed the original `sample-xtradb` database. However, this time there will be the following differences: + +- We have to use the same secret that was used in the original database. We are going to specify it using `.spec.databaseSecret` field. +- We are going to specify `.spec.init.waitForInitialRestore: true` which tells KubeDB to wait for the initial restore to complete before marking this database as ready to use. + +Below is the YAML for `PerconaXtraDB` CRD we are going deploy to initialize from backup, + +```yaml +apiVersion: kubedb.com/v1alpha2 +kind: PerconaXtraDB +metadata: + name: restored-xtradb + namespace: demo +spec: + version: "5.7" + replicas: 1 + authSecret: + name: sample-xtradb-auth + storageType: Durable + storage: + storageClassName: "standard" + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + init: + waitForInitialRestore: true + terminationPolicy: WipeOut +``` + +Let's create the above database, + +```bash +$ kubectl apply -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/percona-xtradb/standalone/restored-xtradb.yaml +perconaxtradb.kubedb.com/restored-xtradb created +``` + +If you check the database status, you will see it is stuck in **`Provisioning`** state. + +```bash +$ kubectl get px -n demo restored-xtradb --watch +NAME VERSION STATUS AGE +restored-xtradb 5.7 Provisioning 42s +restored-xtradb 5.7 Provisioning 74s +``` + +#### Create RestoreSession + +Now, we need to create a `RestoreSession` CRD pointing to the newly created restored database. + +Using the following command, check that another AppBinding object has been created for the `restored-xtradb` object, + +```bash +$ kubectl get appbindings -n demo restored-xtradb +NAME TYPE VERSION AGE +restored-xtradb kubedb.com/perconaxtradb 5.7 4m6s +``` + +> If you are not using KubeDB to deploy database, create the AppBinding manually. + +Below is the contents of YAML file of the RestoreSession CRD that we are going to create to restore the backed up data into the newly created database provisioned by PerconaXtrDB CRD named `restored-xtradb`. + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: RestoreSession +metadata: + name: restored-xtradb-restore + namespace: demo +spec: + task: + name: perconaxtradb-restore-5.7 + repository: + name: gcs-repo-sample-xtradb + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: restored-xtradb + rules: + - snapshots: ["latest"] +``` + +Here, + +- `.spec.task.name` specifies the name of the Task CRD that specifies the necessary Functions and their execution order to restore a Percona XtraDB database. +- `.spec.repository.name` specifies the Repository CRD that holds the backend information where our backed up data has been stored. +- `.spec.target.ref` refers to the AppBinding object for the `restored-xtradb` PerconaXtraDB object. +- `.spec.rules` specifies that we are restoring data from the `latest` backup snapshot of the database. + +Let's create the RestoreSession CRD object we have shown above, + +```bash +$ kubectl apply -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/percona-xtradb/standalone/restoresession.yaml +restoresession.stash.appscode.com/restored-xtradb-restore created +``` + +Once you have created the RestoreSession object, Stash will create a restore Job. We can watch the phase of the RestoreSession object to check whether the restore process has succeeded or not. + +Run the following command to watch the phase of the RestoreSession object, + +```bash +$ kubectl get restoresession -n demo restored-xtradb-restore --watch +NAME REPOSITORY PHASE AGE +restored-xtradb-restore gcs-repo-sample-xtradb Running 35s +restored-xtradb-restore gcs-repo-sample-xtradb Succeeded 44s +``` + +Here, we can see from the output of the above command that the restore process succeeded. + +#### Verify Restored Data + +In this section, we are going to verify whether the desired data has restored successfully. We are going to connect to the database server and check whether the database and the table we created earlier in the original database have restored. + +At first, check if the database has gone into **`Ready`** state, + +```bash +$ kubectl get px -n demo restored-xtradb --watch +NAME VERSION STATUS AGE +restored-xtradb 5.7 Provisioning 10m +restored-xtradb 5.7 Ready 13m +``` + +Now, find out the database Pod, + +```bash +$ kubectl get pods -n demo --selector="app.kubernetes.io/instance=restored-xtradb" --watch +NAME READY STATUS RESTARTS AGE +restored-xtradb-0 1/1 Running 0 15m +``` + +And then copy the user name and password of the `root` user to access into `mysql` shell. + +> Notice: We used the same Secret for the `restored-xtradb` object. So, we will use the same commands as before. + +```bash +$ kubectl get secret -n demo sample-xtradb-auth -o jsonpath='{.data.username}'| base64 -d +root⏎ + +$ kubectl get secret -n demo sample-xtradb-auth -o jsonpath='{.data.password}'| base64 -d +5qtWP192NLD-nwgd⏎ +``` + +Now, let's exec into the Pod to enter into `mysql` shell and check the database and the table we created before, + +```bash +$ kubectl exec -it -n demo restored-xtradb-0 -- mysql --user=root --password=5qtWP192NLD-nwgd +mysql: [Warning] Using a password on the command line interface can be insecure. +Welcome to the MySQL monitor. Commands end with ; or \g. +Your MySQL connection id is 103 +Server version: 5.7.26-29 Percona Server (GPL), Release 29, Revision 11ad961 + +Copyright (c) 2009-2019 Percona LLC and/or its affiliates +Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved. + +Oracle is a registered trademark of Oracle Corporation and/or its +affiliates. Other names may be trademarks of their respective +owners. + +Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. + +mysql> SHOW DATABASES; ++--------------------+ +| Database | ++--------------------+ +| information_schema | +| mysql | +| performance_schema | +| playground | +| sys | ++--------------------+ +5 rows in set (0.00 sec) + +mysql> SHOW TABLES IN playground; ++----------------------+ +| Tables_in_playground | ++----------------------+ +| equipment | ++----------------------+ +1 row in set (0.00 sec) + +mysql> SELECT * FROM playground.equipment; ++----+-------+-------+-------+ +| id | type | quant | color | ++----+-------+-------+-------+ +| 1 | slide | 2 | blue | ++----+-------+-------+-------+ +1 row in set (0.00 sec) + +mysql> exit +Bye +``` + +So, from the above output, we can see that the `playground` database and the `equipment` table we created before in the original database are restored successfully. + +## Cleanup + +To cleanup the Kubernetes resources created by this tutorial, run: + +```bash +kubectl delete restoresession -n demo restored-xtradb-restore +kubectl delete px -n demo restored-xtradb +kubectl delete repository -n demo gcs-repo-sample-xtradb +kubectl delete backupconfiguration -n demo sample-xtradb-backup +kubectl delete px -n demo sample-xtradb +``` diff --git a/docs/addons/postgres/README.md b/docs/addons/postgres/README.md new file mode 100644 index 0000000..10db4bc --- /dev/null +++ b/docs/addons/postgres/README.md @@ -0,0 +1,42 @@ +--- +title: PostgreSQL Addon Overview | Stash +description: PostgreSQL Addon Overview | Stash +menu: + docs_{{ .version }}: + identifier: stash-postgres-readme + name: Readme + parent: stash-postgres + weight: -1 +product_name: kubestash +menu_name: docs_{{ .version }} +section_menu_id: stash-addons +url: /docs/{{ .version }}/addons/postgres/ +aliases: + - /docs/{{ .version }}/addons/postgres/README/ +--- + +# Stash PostgreSQL Addon + +Stash 0.9.0+ supports extending its functionality through addons. Stash PostgreSQL addon enables Stash to backup and restore PostgreSQL databases. + +This guide will give you an overview of which PostgreSQL versions are supported and how the docs are organized. + +## Supported PostgreSQL Versions + +Stash has the following addon versions for PostgreSQL: + +{{< versionlist "postgres">}} + +Here, the addon follows `M.M.P` versioning scheme where `M.M.P` (Major.Minor.Patch) represents the respective database version. + +## Addon Version Compatibility + +Any addon with matching major version with the database version should be able to take backup of that database. For example, PostgreSQL addon with version `12.x.x` should be able take backup of any PostgreSQL of `12.x.x` series. However, this might not be true for some versions. In that case, we will have separate addon for that version. + +## Documentation Overview + +Stash PostgreSQL documentations are organized as below: + +- [How does it work?](/docs/addons/postgres/overview/index.md) gives an overview of how backup and restore process for PostgreSQL database works in Stash. +- [Standalone PostgreSQL](/docs/addons/postgres/standalone/index.md) shows how to backup and restore a standalone PostgreSQL database using Stash. +- [Auto-Backup](/docs/addons/postgres/auto-backup/index.md) shows how to configure a generic backup template for all the PostgreSQL databases of a cluster. diff --git a/docs/addons/postgres/_index.md b/docs/addons/postgres/_index.md new file mode 100644 index 0000000..f9d5a08 --- /dev/null +++ b/docs/addons/postgres/_index.md @@ -0,0 +1,10 @@ +--- +title: Stash PostgreSQL Addon +menu: + docs_{{ .version }}: + identifier: stash-postgres + name: Postgres + parent: stash-addons + weight: 70 +menu_name: docs_{{ .version }} +--- diff --git a/docs/addons/postgres/auto-backup/examples/backupblueprint.yaml b/docs/addons/postgres/auto-backup/examples/backupblueprint.yaml new file mode 100644 index 0000000..ade06c2 --- /dev/null +++ b/docs/addons/postgres/auto-backup/examples/backupblueprint.yaml @@ -0,0 +1,19 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: BackupBlueprint +metadata: + name: postgres-backup-template +spec: + # ============== Blueprint for Repository ========================== + backend: + gcs: + bucket: stash-testing + prefix: stash-backup/${TARGET_NAMESPACE}/${TARGET_APP_RESOURCE}/${TARGET_NAME} + storageSecretName: gcs-secret + # ============== Blueprint for BackupConfiguration ================= + task: + name: postgres-backup-11.9 + schedule: "*/5 * * * *" + retentionPolicy: + name: 'keep-last-5' + keepLast: 5 + prune: true diff --git a/docs/addons/postgres/auto-backup/examples/sample-pg-1.yaml b/docs/addons/postgres/auto-backup/examples/sample-pg-1.yaml new file mode 100644 index 0000000..aca08d5 --- /dev/null +++ b/docs/addons/postgres/auto-backup/examples/sample-pg-1.yaml @@ -0,0 +1,18 @@ +apiVersion: kubedb.com/v1alpha2 +kind: Postgres +metadata: + name: sample-postgres-1 + namespace: demo + annotations: + stash.appscode.com/backup-blueprint: postgres-backup-template +spec: + version: "11.11" + storageType: Durable + storage: + storageClassName: "standard" + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + terminationPolicy: Delete diff --git a/docs/addons/postgres/auto-backup/examples/sample-pg-2.yaml b/docs/addons/postgres/auto-backup/examples/sample-pg-2.yaml new file mode 100644 index 0000000..53a4257 --- /dev/null +++ b/docs/addons/postgres/auto-backup/examples/sample-pg-2.yaml @@ -0,0 +1,19 @@ +apiVersion: kubedb.com/v1alpha2 +kind: Postgres +metadata: + name: sample-postgres-2 + namespace: demo-2 + annotations: + stash.appscode.com/backup-blueprint: postgres-backup-template + stash.appscode.com/schedule: "*/3 * * * *" +spec: + version: "11.11" + storageType: Durable + storage: + storageClassName: "standard" + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + terminationPolicy: Delete diff --git a/docs/addons/postgres/auto-backup/examples/sample-pg-3.yaml b/docs/addons/postgres/auto-backup/examples/sample-pg-3.yaml new file mode 100644 index 0000000..98ff388 --- /dev/null +++ b/docs/addons/postgres/auto-backup/examples/sample-pg-3.yaml @@ -0,0 +1,19 @@ +apiVersion: kubedb.com/v1alpha2 +kind: Postgres +metadata: + name: sample-postgres-3 + namespace: demo-3 + annotations: + stash.appscode.com/backup-blueprint: postgres-backup-template + params.stash.appscode.com/args: --no-owner --clean +spec: + version: "11.11" + storageType: Durable + storage: + storageClassName: "standard" + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + terminationPolicy: Delete diff --git a/docs/addons/postgres/auto-backup/images/sample-postgres-1.png b/docs/addons/postgres/auto-backup/images/sample-postgres-1.png new file mode 100644 index 0000000000000000000000000000000000000000..08ac7e0983c925dd03dde3ef32d9d00e3c901474 GIT binary patch literal 49329 zcmb@u1yCJP(=B>%*Wj+fB?JlX4nYG1x8Uv$0RjYf3+{yA?he5T?(Xg`cTVzuf8DBk zU%kKTy;Gq$%*@%dr+4@2wYvAocg2sAD2N1zAP@*eT1reA1cJN+erVuffg{Hdkc8F9A zqWHJEEA@$ql~Yn_X89j4Hs*x7WBs`@C*_VO@-~kGyKQ6N84caP!&87?7x22RIuL)~ z9ta?xeGdU%d?5<9>VDvNdmb0piR41e0p(n4o74gI!OrgQJ7|Eba|r$AV4)Fo;W3S) zuU)=)phJ269nDQ(r9&P<_w4#+YkXz2n?wp719)-lo-#C(`+NF92!Q`|{~$<;?~ldx zan5ryjShTdIr_j6zFdBF&wft|N8e+Ucq7% z>8~>pr@&|Hc4f+(H7}j|Bw_HFt-C?+XDGQaRDxI`toKI!M@eKPw%39r*?-Bu7y#!JO1U% z72+9g|3~LXdM!EEM&-%1%FgF#R$IPTMRfXK6eRbu#fvLP3>+w|U$liQx=QqJR+_8# zbLod8Fj(ok3j4=~Qf{1cVQw9buqHGj`)2y#TxD}Zfn{gWVxP{yKkqt0JbK;G?4R+> zTm*qiNRhjM2h^xM9&|2I@eT+X2eJHK>*T)sgVCmZR=Y2>>o^biq%iJw@E$xVR$6p@?AdqD*J?%On&;$8lqW z78lhp;m`?MM;@)9c4cSKP{0~C2h^9fWpIyd!bqjZ#4K*Z*Mx2bzf}mWu$1LElf^Y^6PJZ;pLQDIy8WQlxfLY^bL)@N) zI8Zan63Q|i@9X$1%Q-c^R1sPduu)Jny@NrxX?KkX@GN|$vHS}6RhWF%wQ3M8a`Eia z9702Ya@-NhtJ_Qvbn|pHdbI}2&{82FF!x3Ar$G%75YuGtuKBWUKAU{Lg}`Il?>RBy z6eP)Rb1mB_$9vBw5GWz`EN6!KU7vTttNkW=yf^rx>icU^{k!^YEuT#XzN*QNGyj?v zDQS4)8?2&=Q049~7sozQ^6-6Iw0exo7Pi?uj?c^KvXjnnxldG!sLW0s?q!_;yD>c<>~K4Dgux(;`r; zIbWLS-nTXA>iWG%D% z3lK&dFfouaY=l=M(DJ*h4-ZCnLxh1 zWx!C;-Jzb788U6U>~aU6`y+fc|dL9t>icdfN{i(_cp$hALCl`^=awl_Q4em*5JTS5PI;K zI1X)zu7Be3*u42sfm31ngib)W!y2k3+wQ8|{fJC!s8W;hhYi}x5=xDg<|{Y}Ww|>{ z)m~*3w5~=(AqgFL*AqEf=chMoM;Wb7%@5*BvOBC`p^37DG^&?yb8MM5JLK*&yLc!; zErE8^y8|_?(R7VCb6nE10$IX7`gMVmZV+wtNw49mdL*W-+C%+PchUb+Jzqb{hLP!d z>wN=F&Wp{YM#xn2YMhn&*R(E8KD%JQ zxpkim!ZoOyEBKBKwDc#%=tb+a#nDbqiAz~%X7}8MUU&awIrfx(jVF+lDk{;ouF?8q9y#SCK?EKiGg)BFw zQ$@w*KUzc9 zZPrQcooC+W4$K4~IfnCBAR;TaNhR5c$`dxK8h0oPjdkjDS=YVa9EVX0sc@?)Q3_jI zUjFa*T?7G_-a4nZroepFg}pSAq5G|OaeG0cFgx)46SYxq+Wmw*<>L)I4#wCRVvWML zy|-ClFP(1IE_C*?Q3p`V!>G@UTbXb>N=-xj*UBgI>m0!2yC+K3&$@n*neSi~0&B$_ z5%kS`8_1uDuz@^L>e`wt+po>ltgUjXRn_)UXFvk99zA~rP{thfdC3&6!(sR>KQ=s$ zF+j#;-w)Qrk7eFVqr8>8Hv|Yjuog|wC8H1>qd}cJP#noy$)EQU6JT@4Om7GPoyDkBT|ff87{y9K(z~<-r0>=y4JxDOuaR&ww;KyB-sf zk4L;7Ag$B}Xd2MaJ3>@JUZKH#L3N8$XF+w3Qpv}qFORBW0I@*lpTq5h)GT#X0Yd2a zQ%~rwDGY}t6&CNHB?EtN27xLKKR2ih<;t3~}H zzQyaG0HP-Oq744wiV9>zdFC9b_0%hq=hrHKd;ZD zf@T^z$Sp}(SO{=<3Ndm^$2A9l802cDI0rox07+#rcsK-q$?Nf zkdTEbmGmI*g#N<4E9`9!3d|E_GO1{TiU}l7Br71G@>trNbnoYOnQyHWS2a8{S+$Gz z?`?JSPj=JbG6BB-fCGCs`~5xBRzzlyJ`l@{sUF8jKOZ~=IKle!npo~npUoad*QWnu zF-4S`4#S27;yM0*E?)q}t8>+~W(Vv0DS)LWN%_RvoVu63y?)bw2e<-H=?Uz55AOGQ z{>?PR20q8^)g~uZ6CZMm?al*AK$p$UQzMD%pTus;o|+D$ExB3p@j|mK|0}PT=l;zO z!yO&=4tx_alE8mTI|k0+-(9wZyyAt3_ zr!YxDtG~C%ss$+~Zb}JJL((+ZGH)t4=~2ISs~7^ZoHwouFTVEAowl3KND_KQRfB z9HWa)T0JzvWrl}Y^$R(m>|51Q0GnOdwN3<_BA-Bz(bErpNl!{rZ-0bca79blyl2`y z9~0gF{g~5KU$RLdD9zwa<98{k_%oXWFD6xGVsY9sGnOb>ML9Y{ZzgJRL^AXvLIOFl z__7WQFm8^T(@(he5=2DAJhIoT{YmD-2Q81t_YH7LdntkJDn0zs|mt{ z3X{|ynyjecyXR=wx3c7NtvX;EG_7APkS+TALvC$vcUsgoG2Wi<_WeoWiSS+=CEZj2ScOW-rY=EWyuC58hay-ITxz5~|L1MIBZb=pC- zv`EtSnnlnM{xVSBhCCO`YCjpaHI})SJNN;t`g9-RfZNb=xOWaSZ7nttJwb_l^~!kFn81C$ves)Nl6dUZeYc^~5I-@OaL z*Q|AR#NeP=nAmL^dh`hW_=tXvY@nPro&EB*UJiP+O9k#P_A=wLj2x^NgZ zcLdjwOe1xL@s?tW<%rY|Ay>#7Ih<08Z3AWd4+VI2LvNpqEu zicBdem;Ga*je=JR|HcH=6W5B{rpI)yo*B^+RL7;(Xmg8=Y=*nBf@%rzN5k$K;kmUc zMxx5Y$(WqeJ@j!3jVeR~!nkm;BySEWDbDUx2BG;6?RmrgVxkl-1~?N{69#5jl{=iCKrRvI{QdwWGB5H!?;tXN+CDLfdmMy?u3ybcgzLRQU! zl#boZnS^~3@#$o*Sv4H>?Qab0Wib$Ct)eZb6}dj=P7ucA*|ziqrBP814q3yeV88{) zT0~%r-+%KP3HoFNXYi@oVT%|kQOQ4tf^f@%Npo;*zs+GNIx{2OxEiMMn|OnUP25fT z+~@)%$Z0@IFC{8)D%f62g6i$T)p$R3N3yj zij=112olvKi3O|d)KR^uzqTyRc_S>BQ)t!Ac5C9(nP)TF%N3ZuGQY#$!D5<{fuLoh zTwlLJRZ~OomO%~0bd32j;NKe?fIKPpOFpu9Fq|>(>Uv)mJVAwnIQ~2TaaU7RTcRyq zsOJ}qEw21PiCkD0?Cc77Kb#6Z7fZtT4Mo{%1Nrl=1i@J|v0hua2;+O~k=qV(a+Mvi z8bMgCBqg!oQq#K~c@Q87`UC<$Y=2EO@5AMj<1Bv(rr^>d^vFqbVfCSruiVeHfeq=u zWg?ngUi=CCTZ|;D60x#-=!NoU$jOz01I0k%_)_B|q87?Ln2z!z8L{9@UYkEQk^?o@ zK2pcxX{QXIp@j}qb@$pmi&~N_r|`f19$3NDNC8(aL?E zV(l>}6HG;Q{J2>lguoW=Atxgx?vtBOpMZ#7BQ+@1iF_m(`%XNyPMOeDDDRk6S*2?2 zLZ^}%C$B)0K%T`MEw{9^j&Ew5uqHZlSj3}jhzx{<-8d>WneR}lrZEJ1^v(Nr!}rja zR7`xKa@8RJCU~l=uP{5{BUA8*g>xx5kt^|DYofgrDdlD<(kdz{j$1K5y|8{Vc|90l z5&hVNFH^gjUklHTzdz@Jhj&?nU>|8?R!a`SbB~!vxJgDukj2apNX-D{sQ?Mz?!qo_ zNRRm*c@Di$QaTm`HXpn3bFtJagT9(3=GDp1tdD`*(~!#waRzcTlw9I)!kNgIkVqSK zR6^>pAwAGcfw9`g$&)b*c-b5TS;~-#CE2KzorWJpFu_jSwQS6j+Jl8RiNZ?LBP_+) znME(^BY_xOuM533+jP*ZR)%VCzdqMA4XvXsu;Bzb=uj0MqXNxfMay9Bt5GH^Ct~%0 zNkxcE`;JP)SF%b2CaO(d7?fxHJVk|B$ZfL8X(>y&p+r7Bh{2yMvJRqiY z^&8aQ(0~^c6Vs}L4W3}mVJICB*w6lN9RGiCGq1rC&t}Bs@@(N5aE}If9bg}If?IkN z7i9nG|H1#08Wd<Jvzxobp9E*OM+cgXD4db>aV@Ech z!XK1TfY&vo=)28fr|(HbVt^;8!L1SX)poY`ggz2{Dr9M|j^s(EgumhSwkgJD_Emo# zLAynJR;L$OYCxM24*%yls;cOfjs_uoDvrboZ!C)o+j-g9+1Cd19Yeyyk1D}UHb4+k z-2ByO81B)`aCcut`qBQRc>g_9WUUif)4z1$t8??$CvxhX`8%Qz8<-#ex`fiAM?PGp zp3C$kVoc5(vbcdP&g~nQFHPS#Xb^Z3FzLM!9ZFku{xXcVlA+7BRRIklw;~qi#5&u^ z$1_E}qAssyO)EiFXju!`i&DSAX!u;U`9*Atq^c*UWF~6AEOGw?w_WFKbCFh`^$VP)7Q@I31#5~9hky7!S*i+b@}$uVZ*BBfYl z@G?d09(XEDv{jIP*q;#~jjPPvjwwL@#irw>DzteeKKt;*0^nN|j}8qXQ;QSSXRHB6H-n?B}jN)nr`}#JaPGhcvaI_IJ9#AJ|#wFqanzIA36o{ z(q$e5s?)j5GGhDgKGG(W7$k>8 z-(HW|2>ETNg!*`R_St*`UkR&Py)X0)O(c3Z@!~hJNDP{f;n?aVRiwF2V}|yDM#Nj| zhCY&|ga6qJU~JrgxA7s!YeVK-F`~ML;N9c?yU5L<-ss;L8zFX$-hzQ4m4||Fj(=pJ z&&t)XBn1abT{qsmVIK8(6gi}Ec`F~D`9X>34L-%RWlzudjUJdAM@(_0mI~9(S`X2c zqBL~-jX_aE`COwB#C8`SN(r%0@=;5iMxiBlVJul!W*nN2M3j;6_ExxTB1G@)b3Rx; zo8DMn-7r3$i*EF$M|P8V@JzH>yX84q6TXTu&rv4I&^U=K;So+)5ehL6Zr{9)c|0!6 z{PiVls3&G_@-kQGiI{UuHOi;xooCL^naivrZn!8 zI1i+xFT1yjz+!cP{dEHOGr#F*k;0O?}Ws8b5UKhz=lU1oZvN&LW5t zlM~U2iQykU4SDj`N#x{116h!EP$sbN-A~o=zRoNNKL@OBT<%Z?$GkS$?3p5BD8*0X zG=+;pvK%6lTYE7GbW#zMLI^^N{hh`&wgwD?l1hbRgtP-}l!p|4Qk2Rnn?%=YBBnB5 z?U6xR0#%ISkrs=VOzP%YF5yf#>=Jn$T@mJwIHG5ukZf&Nr5VG zvWwtBgZcv%Swwz(oCy2U9_EXIQ^q|5&1!rAm@4T_Fa=oIYHL#UM0|BWRwB|V34SXG z5F=Q;E04W!iM>U4Ea76Y&yo0a#rqXoI5~TUjr^y}ofghiaV02Hh`lC$$1bH zBq^&wgE+CU6G4iiN$A19nY8R&+7Wn4VeAoZEc3YV46Gh6YNVMv^1WyiZe}_AxpUC( zzuhqWe7C1#3hB_w_tyhSJkOfN{Fr+ohf>|b5$ZR#R+u!JjY$e3h@cZVA?QXi@~mlP zq5@nNFsrJOvC;t{S#GNY8zW6(|SQG7?vB1wrQ7}85fC=kcRRmzcV~7o#CBPpkJ7z>w4`c z*|W2}7{y|zW5Tn=FKTlo6v4{#JCxvzp5qe%;geLHr7$SuBaQIU_*85mwKw@41@yLL zy*1!wKWT#Xz=LqH)Xc&M;>VyKaNiC=-wUXA5YuU zRbVBqb$z#LX|<=u>5+iMMKc=0gbLq3wuE=i0CmQ|P;tnCvke~>)KeMlph)NdblgC= zb_phdH&M8>iH5^uB^l8T-&LK*`4FO#1|&#k4>>|b=NE1Df;K19fb_QkV}CjhIBFRV zCs@i@iS2hFb1k3dpvfN=cXf+g!u^RN4?7*WS*kpu#+@;!wxUWlNG0i|m6^daR zoiG*6%a}?7C{C&r?Frw(P?@7ILkSaPGd2Kxq56I%zd$NgUWni!$9O;o)jdneu#%UI zAAGnaN`7-Sz89f9s3;wYPssV}8{I&-h$*`@lW_K?KiwyKNl_8M38jouTHO0Dqf@D6 z%3aa=eyvRdQgQ>r-?4>03$S6v8C2HR3WCG#wG-6Npo$@bO9VK}E z$!3jBGM)i1HinIXsDijR$lRicUDJ$%zG&CFSNu0dN^~H!^KC|sa$#`mrKezGq^eN1 zyo3O#D4g}j<~tG8c+wTWU`cv1cu1^(0)v5>xQecWy_eaJWWz2zZae!~%y8A>>^~M+ zY7xB)-JE1pIMQ!hRWoL?0*FA7HXV72FjEC-C)`niSb4+naCR7;>hj%W-;k@uE0gQ< z(Zf#xy7xPdwc`{MLNgBL-g8F3GyI+6=P*SLRY+lejOvV!qBb89os=WPFzt)?HMotS zMYbFQ#dr$Cv9e@qJE{ao-cX7H^<4}$3LK;vQ%dWvt-^|GdubEOC`M`mRb0${zrNFF z6`_9dy^@H~eA_8H*7>URksUP0llW2zYqX zcNpgih2%6`qNxf%xn}A{)AukR)!$Q zh>~C;L^L%QH2xub#{g$5$PZ=I1xzlO%)yXv=197e(Yy$%a0+0PIWG!oYSf{vI^R!b z#>f2_l19k^1yo-m;{AOZv4pH4==>YqxVidz1rugibr@L$(pvx`4hrW26u4k51(cBq z@Z|7+yKcQ`$vQ+E%Jdo#`bqI`Xx`C-ckt!B1nN17a|Ho)3#^RZm*-1XmjDcMa=+Ro zld<-ss1E-rEWG4wV8@3TiO}27jHDbDJ-w)n4a0)H=#p6Nyu!RLs{vsHCH!A995p;p zm~pWNQ_hcjFyN7OJO5h<{8K~!e<_0hLs$HEMmxK_xTrAf4L#Ih1oQeoDC+;6QjhPG;3>0xT?1t^Zmj{8?JcPMQbVuJvi||8=Bri2trMf3-nt zbnR~&sA$)z5pGon&3kiJKIz|(WBZ9%#IE~XCe`@a+1YYKe}zI*WE0U^e@~D8-gq`h zd(yV;;ees#X2EjgzveNv@8GxUmPqt>vIjcLi2;9GLSn7uTJ3uW5(zQh_$l-Gw2j)q z!d&-;Wdg|OlOhlx>}izbx}&_BQW0j+DKd!f)iyyk#zNIb^9N!}&m|(m-%)x8-RYn7 zcEpXn+#2UyhIRstUeLPi@|z%hm+UbfqtrSy7yS$ZU>JSQOyr30{q$bWEw@O@9kg~y z_eG+u!i7Hi!04`C@{ej)2%lYd#q&a)Ume-eLbWvSA6%9F{7K((J)`w|XeeOBMAX=r z%494fg7>6BbYbUmOtAmvcu`4JHPFuwwCBV_MMWjVoCF0@E7Sgtgv+ddyikkBZiWuZ z%E^HY!(r;`MiUIbyK}ReuY&QsIWkv!x!4}Ee|d6mdA?bcl9&G`lMe|Z;&Vg){P}Z( z-8v-jvfE8}HC$ViOk9d0{9iDKYnJG&#{RYd81-lPLt>*yVU(`+~&#`Fhsv@wndpV2Vz=)dRab z7_C1yN+49rwiO$ssdM@y$Nn;$5Ffub!nG z{$MWd(p-SKX7 zzcfkXbw%~PAJWU)ZW%kiZLF{7()HNSH#wa7^_fzqI&oz+<-Mul&Cz^mo3G#V%3Px( zO=wsc1`$y>!kf4HCrgcIH#b28#v+P}=rd(H49Cs3s{$?OeT1wja^w3>cMpf<=QCQi z>tQTyeo;|q>;xz~W0`0PGSsc=f)9V9&h~Pnnx?YPPg4^QB%VnD;jz&0$lLPra_c69 z>)&6n8c0b~ayB@Fsj51=IRFPMwYXm^oXqk0yM-3i%Xud?-(`~H-1P?Q64p|i5YM)0 zz0e6|oGw~K^ri*W+2vIAhg)kVA09_gm#8eYZPjaNH<8Eu_VBK*7bvLF={ze*im1}6z{>|;rT`w zOHN)Mw7tDO;H%v)&ySTZ$C@o?T}S{#(Z1Zazmii^!+=+QGfFV>wCxcUaCs8IYUfAQ zV^)43{G@q`^eR~h4OY*;*FzPg^KIFoI0Jr+!`_eMRd4GR@w@La6U#b@Nx!NSV zstS|W<){Pj*O=JYiEKx&gW|%q!^5yJTo%K}n`2raRKNpWKi-~7ii$!3t-`b8`c=cV zj;{c<>IlVV0D=0WNc#m}?-hnK1xf3d9FRa{R8)DNxl>Y7fMy?D!N>GaI8rZk;3`Q? zO#+}jd>v3nOFCHzZumUvbkGy`(Q^aL_O?oo4Ki zARuPG;p)0U6c-l*U1f7;Z z-|lqRmHivX%U)bP{pW}4af{lJu(0lY*(9J!``xzvd1l+=+SPhFIEwEgWazP2mHyB8 zI2p|74^C?lJ3H2m%}odp*RoSw&9RQ_GEA#3OY6-|+YMK4?W%0cSb1i_X?ZmUa?R6= zH-G~g^)|$Pk;Gv@2y6g=2X=mDou2uib8!UG0I; z7cHDzZ$51kb#P!45fwcLJX{1zyyfwv+3ma+_Z(bbE?Ft{t}A*y1aitlQFJ>TEl0f7(! zJa&06TYoq{lrXwx>1>_#B0334BsPOu$Iy^Z#3y=eRH6@lRaI4}>6;Dqn|T*)FAtXB zJd#5z@-|KwOWfGh)aYogl9rZM$i;;dSUe1LbU*veK8T9jEl|hVdUy68v!z6(PoKUm zH@j}0G@tg3`Mx-UI$Cd6kV>XQ!3V#>kwn*FLqjyX9CrcJ%Fi%TcmoUqz?W1x3$U8r zk2jqr)zU*t-l%D_n)%AokE=e9$8JE7*Q4uAKzl0ULN)@KQ7KZ)_Xs?Ad~RnF{u5DJ`wye5=6}F zlGV~ewmH3pbl5P1He z8(o#ckPvvebRKNm)@vMQJ(~=+ZR6^B{aQ_fT1_P_twpO=+RzWKCqzJQrG~i$f)kJ5 zgB|?5`O5Rzjy3aEMa9LPU{4`2mnVkz@y%qj!F#~8X4JNj&N<3`#zV*`fW;!DaEgBmbbqUz`(#L(kCdhqRs{A z?v72DsO#L6mzM_vu$RD~ezqP=3JD5A#-}Kq-FGS~Efu%1VFqOt6u<)XBoWfl6*%QD z8~|(3A4z<-7J#Ps`SW*!?jVEdpP%pqyxe{q{@}6SfQCgOpaKk$rB-4;DbLlogbRv} zj`jn{&c>vIptTE8sTz`?prF-K1BPTIkuU(sK4$@>`oI_@Zt39Qog<7P|zKA%U^pEL0-+-x0ck=7o1{M|;Zk9ElSg5yZJz6Qf_G6_p z)0Y2)0|mk~>h_Hbk@i1Wc1{TjG=%$l*&XAaT{N!ap)b7*`L15D;_;G2~aA)JLX(SS3jF( zdCv~a&f)@TxDVjdQT(1a4S57^e?7#U8Ds}`5cT$lgdt9VK*zoiV_U<*~#ujcJUt+U6~ zSCYj#>u!MmuJ7&!)2S4IY1_!j(95sdM|7cTKI`iFrIWs=$J6$x+f`pZkLM{B1%r#N zfr-PLCtVA)mEH7upJ$JxS=+Yzf-76s)67dcnMu!%#l=Nxc@tnV0I2nWDY>e;y3u^q zmx(5TK$w`Tv8DVHMcJ(r(3)z0*Kz8vFRAa{*i{=`_G{vWhiXkT`pJ(O`qCFY=mECl z!k&A^x;X?x6gr%6XSJ+qSeBCfwifQhLGaNY3j5|&U3Hq0y~wfAvD-GrXn8C+tK}!j zD~|)rE6br4k)WmcgN$=wr%#`%1vNqFcxDRfO%B_kLl>c;h@cVQdstZ5 zE;Dw+?jRHuQ^lCt!0dQGkaG8k10t>)ma7ep+=s4YTo-ku?0H|Jt^PyUjDyjk?UcY8O zADNzAT!2{zEGiK#e}w(R@~ICT5S^gtms5843uC!V0b)2*A|SQ7RIhLXcWI+?Hl2_)biC?_B}( z#IPp>W8yH9ed83!Vsz@HLe+<>8LP6#osTV-09!x3p!#**dT{dW_!42Zpy5IzAV30U zWc;^Fn-_UwtE=rgkM#wmV>s8g&+R|zaK%et?%W_qy>-{Cp7e#Ox7yf{NgYb5i3#>1 zzzZCTbr$z%<4+5jnensFH|kT@)vhD$%gW1K-Jr$kHJWO}%RAD19J_u+m=nC89cNlc z{NsP>=|CWNJ?-X!(%PHPZn{sBLr@oKx}&t6EL>hFAb5nczN6yokY--2{?Vzdnw+-W zq}(xkR1bPu+UUf2D^744nX55>14u#pMeBNUAiZ5*&yI2dzd_nBWW4gJ><9qHgLT_- zBDd8Xs~I~1@UOnHcx7b;OnJaopPHT)Mu$cw=D}KDpH==TB6|FumBVMtrg~mcNok!; zG_tw{0Ef+&$J737(cm*c-+@3cKjBaWketF41fNwcv}@E=Rk6Ih zyub`HX&a#YXP1|b_(TWnzAs+Tu&{C~y0PR0CWuVP zi5wGC1~t>&)s^+fjMeo-`|jak17ODXpM9?nJ}uez6F1!N{5S`)`o>hT3OK9j2;|Bi zueOtp2|O~k0UJqy4;Vh(ohJ+W3IGACsG%_jph*xKX(XWk8@8S@0bQ8HtmELR2kbaS zKR-VQr=+uG*H!7E$%%=)6e&n3D0_fL7%bG7e{epCUxXF&od!G#3j>4PnkP1ey0cHJNw!|BBPS;p_Gm)Z zCahTefDKpCu18Hx&Fo79=oxT^1Dv+~_@}EUfG56{aP3GUkS*_C+kTwYdnb|Ic^E9& z`FcHwbG$s8!{G3?*PlYt;$Q#zb#GmNl9XU!u8Qv=k9On;?*+ z=Jh<1F3#>tG~Oh7dF3Gbw9P_(*Xn-GB7GBB1kXLw;tsKzq$jQsjkdzC5ma(bL6W+3 zv$+}*gJ`@HPr?1nR}g_B@kO5hW;?-XT)r*chhjWQE}0cVGzj@G2v=3H0YwEe8X7o& zf=moUIPQ-24zaX{C+T`1s1$ze1&fx1gl|f@64H&4@=QRCkMUi~6&`Y!juPeN<*lLl z-UYC;o&=x?fIvVV3JeM|-1;5k_WFDa&|tEW7s}8ac8!K&uyzB4U^nk+OF&_U2O>b! z0b%Nhf2X0X9X|4d%josx*=;X7ctK~iqeJKkV0b+z%gx|q0Az^`fD`{78RqJ!i)(h;$ zCMJdeiNbql2tAt4J8S4(zv{!Q>-+5dbU)_XH=Oc*eRDGa_*6%KKb%D^0bq;LGS{04 z9{#fqV9S)RAh^`vt>$vN5|Ncf24Lc{HL=NP+IKLg0jw3Dhynzi=j}-^P_(e0)p5;k zY9at4stX9Qqnlz)-`OhxCmzS0a9KrCEG#N-C@-zH#}nS9efBSGDT^5oWiPrL-X}i` z3JP>)TbYB7~1rYGJJZ9k9PxYVnfa=dq7V@!S1IBMb(f;1WmcCcb0k z&|y!oO<$ZKkza%?Wu=W40_XE3uXZV%4Jl)PklsotZxH>$ug8Emku_?lm519eM?(xj zYcv5jF1~!%Qj1Vdk5Htfq)#{X?Y#iTyS7}8@)nhs_m|eMgaY)_aIV4tbi^GAhy$>G zKLbiL;Of$3fqZw1`=w?Y>U&1UzvOObD^#S7e$My$a?f~(yUVlJYtpSUk{N6ND)^;KUgR;VOj06yJ zuCyI+e(sk$!o{i^dan<-VCe_gRKL?7CYjsOBF3aA4y0^HWLQ7ofBUWOMb) z{?A?j{gG6TiNnM)Pc2Q4*ORtK8=#H>C{ZJTD#N3q_5qV$;J+@C$?tL;;}7Oq^?GA& zZa&eal$DoD0`;b9$xU#BR4gNs`~UIl z0{?@pME`?JygZsA`RU%Ci`lAw)r>JEng6%v=;FhFZ#iO9!s=Zq6LT&3H#J-J06-Uq z>@{8PVWk69W2FodT*Ck3+>1s0w`~4@*^1C=hUsK3j@M4&L93EpjA1 z&eA)*Cw>2`YJZSO@&wqh+oF~N*t`$utdSX0V8suCBqEB&KSkX8x4WS9MhEpwAyXjY z^=VfS_M_)E=F0ZaPt!Mz~RD^Pz!17PI1>d4mjkr2=+N}8IX;4dIJH@luD z!fyY2fZKx$MxGOsQEu-Cb^sSAHv|BJsGo`owxtr~{_7pD#XZoK*( z!F;)EAKPWr`c2U~%-U1CUunD$=fj3UMMhd9F-oCF2Hnw>G?MVM`d)E%& zYBZUQ**=#Dih-b>Ua}eC=)TkauDx*)f56bK7Wf5?Fa4brx6Wvi#GRB^(MRy&b-wwL zjQi)~_@iESl69+10QBPTHEZMOg}(R&YAe{2+UeQITxo3WzVqJjb5a5tRNi``U+!er zM<3dRjdm+ty%;nup_|$5`Qw8G4dplBEa~6Q2+{u$>p9|!!9r21=%d&Ffmprx%tQLwdf6JZW5CzR0CJ{1yUp@?!NPI?)6axWtM(k0_@Y6wE%J5HletJ~-wY?l zEiL+7cQU;x%-hG`;=9N|f>HyLQ}M!h!q%YRPKw3r`_n;|=39m&5gz%@Rxj?eOAI;Q zk8K+pYR^aqDq~zayKge@dct?LT70Gae3i^K3<$e#&mcP(Vna=7xssZ<-XJ)L{_$N? z9xRaRG3wcnX6rrp5FwD2DvPOrOZe5(Pirt%rssR_o4l%PKLJ|PkiyUgpA;)T=@o0M z9}02d{UN;@RPTGuBQ*IR_HvzETt% zPB1KJv+;6j4F54YUgc*&CreL4iK7rb8l{q<8{@<$I&e!{u$dPewD^p8?-c9CD8ZMK zJ*TYbL#@DrPs4c?*oX91s!&ECF8}CHnnf(j$LP$gg{pSO`=hHut>L-*lq@-hdFTOc z?Dka3nBU4{=?c`DZ}CZg`sS|_4i1c>tf_|@6Kp3BW7*RTD+uLB7tb!f+x3lY5*DgW zHs50U$fjl70w?OjElUxTeI%^-@r?p*@Z~}Hqifl`O}eT^_5owVwCD8I;kxV? z=K|J^wZ2na(9ih~16CPUJW8va3He8ygYR%CGo<2dkMW)^&U`SOVLQ+sCFng}hiF9OL*~SS}C8$@WVp1(=X1r!Wq?gw==pVC*O%GRbi9Km9B@o=* z2X_fha6+)bA-KD{1qOE?U>Ka?ZGQK?RlBuYwYT=K-KwNA>1lephjY5m`97cLIVWWr zgCRH>^0oSC3+6D=Ov#K&f;W0LTb)ywpAUvJqjXm7T+Q1Vay84f<{4Ob<1XxDz#6$f z!;LIe#A3_F`1A^u%qNy=bQ z;o?&5XE^UXR0YCkqYS~Fn?GKj%5SQ_1b@m;Bwwnib8##F(8`mK=2o0lPCct*^=H0S zkE)dCa-#XOi;JDw9eR>-t!Qmcp`42yw1VwuwY;gh4*W2BWTU2+4!q#WPdw0Qu5&If zUmsB%1oTcJI8cXITLwKofSa3jfO_uHvmu${w&P{6)o{6IBlab@ESVeHRrD{FyKB=*#9b3ZsM!~<1Fwke~lDU%( zR3OdGs^ep#YAUigC#zuKjEYv$l)-Z)o=r`&mw`O_stWMqqi=f4ki$EggfZXR{F3Ij zaT%D3Sf7H9ry9s7)Kce4s@A~@HlncbcTDM_-AHI>cW`WU4fqOXr%T9ZmEh1Lbv+Rw zH3J1EHKC$9H#_UB=J4r#4M;N|xI8Np?x_oG1-`qimBqbM?x8X{IQJN+til&jk6Zgo z=0FOxxkPC_bG1^IK2uPJPH|UJKfQ=312>lxYOz_iihxVZ%vy1Hr;bh*mF*+~fvf3L zu(Yx>wg6QuPK^xDjLK7huSf`Ie+}LS2kJD>^qttie?ax_tCnfmO1OA> zxyjvJL6voQZIpGcVx7uaZ#m`<6|U;~Zqy&>Vyr6brJsI>tq<@z4|}gG`&FS#R~_KI zZOLsPYXc!_O7neE52d?C({oad*@dNyR&ptIN4Ve*ZhuSQB6qVnK>L|zsIBv9U7RXZ zwV7v_U2v#a^sMyt7UFdUU*bRxJWe3LPs|U$Qq*05JGIN&^eDiaD`l3Ch6=N{u0_$A z#|JCNfwIL9U@wJq?P(s>ojbMhTi4oxW_`vhw+gl6D`-)6bD+-5ZH&-NLFNNk{ZONs zcR5#Z&Q8t8_*}#z%?H9;6vJ~>VuOyJ1csMnrq6*dg*<0~wtKKz!27pCE!`D|IUh~U zZrpRWt)SUKWGTN%P;j=OueV{YS*FaQUBYHjZCnYOj04WIDLWA0&j=m6t1o^Cj83aR z)}O61&0Cz*P_eAkfR{qQS~XuOX^#<-FO~EDUFEnD{D8zm)KrUj9Gs)5HC*yF7!lxS;v+i@?IHBcflQJtzU+->jPdGhb>uFxmlTbTnh6v|AYu*jTeL?;o0v-nS-s# zgnrSQ?&pvNO*3`b#^^qu;O2fNJl~7uEI#;bRyqEx+&#&gfGvamcm_ro(NE@)#w}iT z%MmCis?nub5S~iDNBa^Jy+ZSkpo{>PL-AdmhPIiNMq^Y$?HTt_9P! z*w~nrmlIZ|MQsXn7%W6C&dauqmABVfN^dC`lWj%=6h(q)dL!baUcDol>d|Aj3H`z% zY#Zt(3WclaN^#4yq!#{^Swll}<(K8Qj;5Hg{FLNf@TC{a4`~%E%_B=uP(sYJm#DZ! z&M$;OF+L_n_rs~rvkG}Zb;`5mSExC`VT>p*f>{PLLQO-$dVZ7ej{Ck#==|sOsE?CL zxv;jL z3Ahx9N0G*fnhSv`rXYbO?ETCeG;`DUao)$9hP`0L7DWtc*~D_x;k>%8U>S|!a%E_Y zK8p?i&y?gbe;f6ic=?1F@*FGo1=KU|M$shhQ;fgYJ$&}$ITjy49g?qr%p~X4-cW+= z{YGlL2R)+JiKe<}n7V%vRsI@^cB(ZGk4&0qd7)A22gYw)94>hCC`a!ae=9LlF(x`s z9%F<%r~TvKUApqYHUw``krccfQl(2~@Jr97K({_PQ~>n^>#u|gzwJ&F2EiNn!(!~mM_I{9l(SpQ9$w-EF z&wS$?!eSA>KAAGh+~}P3I*p!+6DjsP^Q^apN0+lWAryj9I1sa^D;?8e*%V_MB9otI zjFQ^XKQAsxi2LnXi*m9mb7)qy!9=vOap)fQ^EV`EUzYb^Frdz)C=^|soem6^6u!y* zl%LO*Z@59Vc=X_Ci>Vj% z7SOv0&*ZbAHH`tX9g3c{IL1Yo8It?i8m=i9Uw04ROPLic@F&Yz?7c0`0S4NZEtFX1 zf(5z8{TuwgS@M%8*hfEQYJb}KB6n2~5AtO@9hiTj!$4|rOjh;W>#f<3C8ZJb%>d+l zYsu3F_p=Qw<`h}h&w}&(>SewJ)CY4sWduDub2uUT`Y)cf$c9&w{B5D+br4hm?t;jO zub+P5x_*75VeS2a!JcWGVteP+;2%z+*4zA#^R>xXT}93XEnewAx98j4iM~GGe(O!Y zbQl@A5qNCGB=5xImJ&h^@ay=XQhKc-Yv!rt$n@%f4g6d`PMplT|ND89kzpt{xK}){ z?M~H^jI%e_adtuhg)Z^6t=gdJ(6ygws=0o!Vg>lDU(JKue?e@k>SZIcO`+h~~ocA5-h= zB%&^Q74_RWqMmwe!APqg5=N6S1F$TMXR`OU57}zG-YW0EH02k*_*yX-BQ=2~qa4lV zcrzn+zibTdG%LyoIc3lqN=zX_(+Q&Q~-O>`}J@G?tHP#A`g| zT(0y1-{cdRJy89n1=2IO+FOkX!WR>#WnRqQCP>t$GQ^eP%PWtG>stQTD5Ch?+Z<|1 zP5x1VHr~lp1;Lcp$+PSduETUcqQ46JXAj3knIWMF#TUiCs1-%bu>20kC{_(=Nn#*Z z{P|jr^%WxuscG221lO1DzN*Nr4a_Bz5KaD1BjfRMJ!j9@Swh{t5Av>7Z^qo7WH+<5 zH)RB}^!7DyW1I<&W74y}qU3Gz_|Xd{=S&*{IMcYsT4=V$4PIT&1@I(= zgs=bTGi8286?_T(urWy5sGBUgg0kF!+kfE1Ir=VKGg(*g(+c`%5y+vFoG;TNQCiqP zeGr%gQ#cL6EyVh=f5EtJ8YitoztT!`p2QFIVD^4jtCKe(%paQ=#7aN!yc^Q={u?+)|2#PG5BtrCJ7Gb z+7Aq!qz-SKi*~+j>j^s_eF@m(rd}Q~r-)#*=Ms2%hNQ>Gu5%E@q1Dd*fw)RCN|#mQ z_gbLocj<(l zia<_sz;wC?W~j*kgmt63@Z%7dWal_-*mQcCrV%f$FYQyVb2t7Jg6Bk(|m-7UBU9C z^0F!J^hDjfuFJhzdcKvJ|`_(o_+ZCv7Y?_Z$7#3aP z@OX)D;B#_x$_p#sxTQ$JZysNZEZGs?b~zcM?hmin@w)tXSC)`99{cF)SBRInvv*&@ zZl~QBXwZb)Puh4gDN^AuPS~&2xX$2v{@ljBbNy3OlgK3xLbuXdw0;>3GcP0ZkN9}fl-ijCr5K>>M%Rfx{_?a(+oj{lB3q#^ZL!l7x0(rt@t7uWs}|I!2*{zQS6B*o%5m#d_Ov$Vr#F z#rP<-Noug&uXppoc1uFXZ^F(q-CoU8VBI|6%%80>@+|gIeq(27cZvLW|DbqcAqEmj zKX0UFW6L`*obLK@4^Q5vB-cwGCa$zScBHWw#Btw>d^2m;ZK} z<)rq`3B>7B+oW8jOlGm`UNAfzFe9#Zp4xoGcf)xQIc3#LU)|^c<097Atu&DvdNr5Y|H)mFp~Ec9nCr*!|bG4m9GOjwD%okbqALHDBOPK)sEir zWB>pZlTiSmANu_{lHco+1$0IN>MRt6Gubw76K8p!%ZT0#Dmele0?*aAcSP=pn_Zd0 z=?r0yctG}s{TlZU0SHzv`8K62VVNq;Eda-Q#i*2JvOSdKjeuqEChOReRjmLb`1Q(F zTR)%$x}SEUOS24{aJB&O1QGzfhK-FW0>DKFz1wZ)|gmHa0YiADc#JjIX`&XTEeyJmid5FSh#; z(i-soPYHkfw%qlO&#)$L#zoB8)-;On#kJb~7N{)MB+rTR`cA`R&tRlO2g`yra@u-Y?V?m#wffw>hr2dFM`yqIPe@x=v%YsA%CL&yb$43-C| z`oYRf(!5~_);lWQ*wUEkAAACN7epC{6_dPqrPXRMgQ?_onYTF`OO;p%s0c};@UhXd&BFNJj8 z$+@|{D&ziZpeyzOYJVE?JwSlmJpB)F_B{2>#*?PQC!jrTzZHPs08>azTbrnDD_s5d z?oPmI2fM(6cOF2N@c^lY@rf)dOw!0F0t) zyg2dgVec2o4{2)s7zEM(y7{Wi_t1=O1Ns@3i|Wfpzwk|rk~*Mwts$JeUz76_CkBoTB5eu2C+vH|-bYm4B3^{V}yc<(^xt6{8@yrHMJJ;8} zoGCm}^!%zcYZzsfYOQ~K=HF?4Fq{V6J4+Ci=JDT~TM*EW^^ex-bfjY{KWMh$_v>T- ztucbDd7m{03SW*mp4@g_w{D-OCp*sXeQVNSU2Cw@6Wn3g80EoAk^gTNKm_@LWlgEw znd*uZNsi;2u)09B*E4l}dI)LPTdadWe&3|wU1;!z#xgd-l;gzn_^A#g{tY}x3Qh=>S#=vnv1&X8f*q;1gC@f zy6x~EZSV`|yXBj8Q$31bt2d=JDKSm{X;LETGxQ!7r5w8GIy_A?bJc$#_MqeHRwzBR zGIh{4g|*G;$ZLn{GIQ>FhtGB^GCF60W9)PlWFJ(h&mRb@y0ybfX0xTvt~sE*YlHKm z-zs)0NDTK2A!vDg5lc+TrTQaj8Zoe$6LLIn3tF3D5~uldPtkveoh?%7mS_VK+k7jH zRI3d(cc*JNhucI`q98FY-|Vk=r$#pi`TWr>WqExej3~fZA;xR5B5L7JlM%k^uqp=` z`JLmmhJI|nf5M}!hb5MuH9 z{$;^d$UC~Zp1}T&J^lNwdW)fc@t3#k;XQdl&PZ6pQ>R>?Bi^FF7f$;5xtm)-9!Gw- z>$OC=>K{w#DsPhUdGgyz6=TLH@n%pPY<#Ji}UQqo9vGd#T|f|W^gKB&I9NR zjR20~u^D}9+z1#cifDb3}*koaJAo@$(U-{kOS3*E`o8~5a_-MX#cR>(xc>Kk5Gp*v=EK+NhuT!lQU)erG zfyX}cY0{*XFH(k}PjW)xxWk2gwAs}hf1hx7M$%V|w&_(Z7^!EydWs``=H-`gZ|Eyrgxipgn~FqQ*`nyTbO%b8b!llz7Pj-Iw#Q5@(-YwuS@;?g`O+`r5>AQ826N`oAe5M>#(S~2<%cP&q6s4K$vDIZ zi9#4dH7KhrCvNLw4{yywcpRIeY>f`qnonljrvDf%Fr-11;Yi(moE;x_nACOe{cgjo zSOm`$CVseXM)UnX6nuh=k$il7N;Ru~lP#f?>NdXAn|IJ7DMCL1fP-BC^W5G}F)#)E zo8Gt6**i%Z2Xq#Ibr22Uhk1^VyJIVSp;x}K015>I_+t6@API{nW_olLK*jn$)Gu|F zRJ27XgBw>mI*_t&X9_D>N(9ox;_B*n0j8xJXthi7o3eR2ydgU(E;`*;`}0#*ZQJ>b zbk`|8n4V2|lUx_OEsaZLjamPqJ31sG8OAwiEb0C61nmaB=fNHOT$Cv48KPqQ*xIq zZ=pTVo6oO}lB~xA_Rg_E40O~yHqPJJjc%q7XHtmv@QDeK;Nr2-c-?Cto9!?AB>D$O zUi)|I32hJu<+;kNsU?_Yua zgO@$&a(?m0;m_*Ec`v*XHI2FPn8JMa?C;KKu)$C~6K{a^C_{1tZx%OdqLa+fhr4L{ z&7eLHKZ=IWoP!&wtI<+|zW9Cx9F8hDt#RR4FZ{T1qWxYML76CH^GG5Sv9x6ONRt)# zy?=~!W)A>2O99_|{wMRI8Q?20p3`b^=U`Nvp#Xd@voy!8h}**pIK0YomRS@SLR35L zDk^61cT(83OzN5qxXkPI?}}atAojBnn2@@{jQU)kx;8rYiz{FhBj9mPpH@%>V2Ruc z-PJ4rwA$~Fg3j-}hoAf-I>j2+0Nh>W@KITG`I8D;Q&J1^P|BuHQ0l)l<;NW6&h1+# zV1Tz&WX>f(6h<#G&4#9}Ta-ggihpq&X-4eze7?&9R0)~CRcE=l8NnU*jkYr`=g`f=DnzD@^2Qxp|Dadx_+bc~ACc2J~PsC#5Zn{P<=eZ?W`A{HZ; z?G0yJ^Eb0?Va-Z&(f5Vy8%w+(Tr7S*217xQTgt-JY3xehnmde8&5k~uU8i$y{`#@q zL6AU~N`(R6dG8>xv{J@4k&~w2WTWLETSvep@7hJ;!NMP-->H?uQ=9`(jw>Rog%DLr6lb%~b z>c?<8VKssNc%77Uhp{R{xbobn&={;a)^TR8@RBGmFSC8|-%3VcdydcV@S)B6W2V_* z3-lYhyI-DEX$?x|J2tagSr2!73;NU74?2to-K?RWNS49Ye|3W+>~fRzxP?NB8|gG$ zhE;`exKu&%cK?Vy8^s$pj6*APuCBcv%lfGcn#SJ^Gbz z&UT1`JwJ+e8j;g}pNwN$Aa=}`S`#H2n3sm@=rh`)BH*h9R9mr4-#&3+eEuE;RI7Ay zRg1T2-7)$*~c< z2;SS?*>v9X!4|5Cy08Mq^osY+O5$ zN=X015^Cr9VJH*M$KB&d25ik_^2i38SuY=M(G`d6{EMxU`|DFqUXbx~E8^O!6R!6+ z1#STq_rngCRA?~H_OJEMle)zA@qDovfw`}b2FTF-W{;ixx!|kBW4m>;k%d>vrwWl; zTu{=xOX}UC<K`8acVDf18vQHFxJLihc0$CQc z%)xS9{G`Pq0LE+UTc|vq0}|}#7i5brX244RuvVu=IP!^R2;eWQk9>k@gkiYoC%S_+ zDG%=ju{3=))hc)S(X|hEa`_r}(WTjG8h-W9^Umqc^);zQ8r?W%t!&0Y98%d3 zz__5jX5MU-j2|v8wjQc2dpq%ZoOV@r+P(7Xe$=e|&ubcXiGQBSvQ-#aAygcb_7*+$GX@c5YlLeg zQ}kHf>1f+8dz^v2DNobn; z1^~530iyxTiWh*JxgIa=9{YfsZhzDo%1EYA3SbG21x(LDb=c{@UAu#+I7|x9iJ<%Ck$}=l0BAo*4)Rkor1)1W(@k!BZp#q*14X;RIG)Mhc>SW`cc{$`Sb5Z=lSE1t*|1KtPS zu@sGQvYKSqrFb_yAm|y z?cH9v*)*iZLdn*u`a#2!IC7dEJM`nku@mj~9I>TTg;+LryPZPl*9T6})0xBL9&)7v zz$_vl+$yv-Q~lN&vB;Aey`|X7(UJYQ#V-aG86@de*^{v>T)5i!wzPu>cjDTwfcWyMsyZ6GcK#_XfndFr{t43+MKJVoA=}>GnmEb*irm1^DZb+l208K4Pu9=p3Nu zkfoB~7nA0)yS`Q8NMW=mH)v!^vgh&Y*`r5oD2H%5f^+!-)BCD(EA~{MjeOZWq%S}Y ze$(56786{4qbjH7tke5#B9)|KsW#;m8X z0;ELQx5RAvOS$iDf?xvj04F)_gG4k%_KHpLKteS$bTwR`m-gu-^M9Wnnn1XOAI zN9XN)Vd*=oPkx1J7WwHd8pJxylc^Obxd20$7;2Frz`=qy(>^i1vNER8cAm6Tm$iFV zll>6Y>UFijkBjsP{}f0*389mYIUP1Y!~-6Sb9B%tIy9HwOuw}p9bN%I-_LBns!gS+i48%RNM$Wi9w*7-NwTG<)rb#VI;<8~Gx79J0U}v~y{`n-G`*ViOM#7}#=3 zG(|l`gjUa@_~#S0eiY&Ij_Pz7*fhGzyJ`nE`?!_2+`Du&#Pri-%@^TGr@_~oAE!Gk z3O!J`j+kwm@5oP%d?J^oLvJ=v;0FC72)mKZUAvA0oO#FbgXD8`uK7E*I9d8`FjeGXO}sw5k0+w{&9->k8Pz?0)#<=E`pbqy zM=jZIiVgbse;#@|7D<;17#C%_X>VfU}nAIRg0^Y@QqJE!8e_d`JsS$+28F}zL?yCFpE#UjGKR}BE>Y$beDV2T?r zcAF=*0azk;fVheePx%!$537$41lik1M@L&J?e}k=vW?KLp)D|6CE+tvVEnaFkZ!vH zcsh3hw^Vzjc*{F-7oR<$YemX_GPud$`-JhjHg2vu+vI}3^4-{sVX-%MDpBJVL<8#D zzNBYaBO~c~GK$L8<>JsAuw9f9^fWfa#RUi&@xA9P^E8NW9o5 z!CvfQZ+Ppr8U`(El}CyY3Y6{b#tvxHPRhrj@;K&$>M%jXI{wXYlKSdIG@&O*zN<9@|N0Bt&_8pi?(WYPi#Gf&P+7 zQdnk?^DlAhnHRIqeg%Y5MQ-Z;o~BN$`Ga**wDygTNQof#qafa-398eKt8Z;kNoZyC zw}+m$Tg041e=))ACIpYC<7dc*|pLn5Pl5w3H zNW0$AGbOW3Nxf*+r7iy9aD?qzCC>0?o#eNs!+`3!q;xO8e>x+XQXE?&s#Mq)W(i)? zyl=D?p~WGDUq`-{qNT1AHF^hpJ>+=)c0(OiY?F6rxe%X6hV=PT6j#9<(TnGRA2Jxz ziu|LOmr%Im_bC_F6in%jRl4aId}_V3WzI%x;!;!xuj^e6F4{Q+%_9w?|Kpuv^w1o0 zeuK={vg~2qh38z7ESYqK9Jv`COLY{K=!S+2Vb?cW*dItRQ~GWTo20lIleFkv{p z?^T}stgQ*eo2%i#~5$?w`3gtNENy{U%?yC$wR0Z$g3#$J|No`f6UeG z#p8A!rX|N*Cz;-QkBt0$$|A*_GvJkbB9@1&TK30jj$`(?N}kId!1nX%MIyzaR&KKQ zt0^K3BS26nk1fy%GX7>w)lsNDpi<K*9Tear6X--amLa zLA~C&jUYKZ?WX(i;h_(I2E7=hzV`C`rq5&0=TOSs;2mO>q~9|Q2tso0pvy{ z9yXECZtHTD1XikjYh8SrwcBe!Gmjdw$53@E2vkETL|vrea~ZS&pz9YZENgvh zt){8K#t-VVg^6IBc8%KF<=iGWc(Jz4h3I9;36BlfxSMzuVxUrs&;#GaxYnAgR45n5If?8N5#Fr_4SCYX zG)u)zf8;1Nd0=%FP+9(A-zTC5wZL3$C@AXEs~{9UmWC zJ|e2NdG$yNMRZYxpc==2OYYpT!P;eW_l1d;Goie-zE;`bY&=y+D@4tv(tv8ov%)e@ z#b(L(D;y8-OSl!6E2`d6=~+U?s4NfrYQbg4xV76k;CdV&R12yh0;wy}^D!o0Oq}to z2aoD_9qxMkZKDDgnn~wT*WZKkXF8A5XXo@JbY@joW2k3qS~Y-cR1UnGz09Jn%~N9H z`BzeBd-4t9c{kf2aI~6VXS?#-m9n&u$K5`3ajHh)n1*uEwPvxYMrk%txfY>cYx7Po zUv+hidUpCcuMX6Fuuv^QMX4$~dplcRCSo}}1_Z?%ErUJlj#S}q$W`y^@$C5iHLKaI z)V2SrM`Y@#j$cZ7U{k9KdGeMVqf76$6kOUtO6$1K)x<)mXa8j$Kqm8=yy{9;JdI|q z>L1ol5otH2Y>=fImFVgC!yj$=KNd`WmYBKWY}2 z2D(jt%+}`>#uACBJ$ad5aOJ8^Y&D;jAhH8J$2*)!h7On&00 z?w;e}=8~sJEkAt5dZUXe^o!xUWlrc9ddimXac2=j7@slrkpva1^@)4G-Ejj7FK_Xq>StAsK1d@9>&M%Wzw|Z%nLp7&rzkBmCvWb#&H%>1XiXSctt@d z&YfZMvVUSCik*OB>0nReo;$-FwJfo4OXBO0%G4Xl%rjX2p&%gO1C2CBYi?ylu~@aM z?%1KOrMgtR)>8JdV22%a6)` zzE&NgHgz|j(dx&YAGZ2EO>iyRM&oBoAVVJ>|OS zlYh)i_Y`WMv5QOG%v4FtB^It`w3mk9cI0c%Vg?`g-Be;|NsPZ{cwZv5Qih+rlJ=fv z6^0BT{AXD!9stC*|C32@dTy*QQ?zk%8oi*?No3`=`JHDjT!X?apn_jsiVNF$wI4m> z3(@<`!nF|lNKr**;b5#Bw9(;Ov{~*d_qYfWBvD(#m|t(WzfbSzec1&0AmPo6jBq&+ zmi=gY8RCzg&>osYL3({n9pzC6ZFKL%`ePlf3hPfWCjh-LP_7DlOQ~$|j&M|}KQkBV zMeR>UUNypv^RB^tb6XoFzyTwy((b=mfXgGv@I8X_w|K3Z;;~zp3h_0$uU8#1cAPV> zRP4oIiwl+cAHf1wGBjMZhu*^TZ`afujWTsN>w)=tbswBml#GjA<9nCDwF;5@wYw@8 zlWezGfD3~B_)au!rO6COZ(a&@xXf9P@l=Yf1bu#1JWbUK^k@J28r45!PH-wGJ?O}k zRhqqv<9Gg>UR^Y?2@VOPu4sxVb?r6fk(6RjWPJQEaqvs_ou?% z%cba~>WM{34B2BFUbw|)Ay7t@QT%X?uvcyQ9XZEz5jB~Gf^RmJoau?Ng6>Q-0V64Y>Q26=|o5n+qd>1UYvj&EXG|eBp+Ua&ve4 zS^Ac5YqYH$4qD?sCKxAH0)nvw& zpkIIb$aRG4Elh)LY~76O4csgo&`R3)YC zW~LUYo`-FkeY<+f+1dNv!Hr8xi{p~3$kz{We)VVDgvdX!(aR(qWdDPec*KX_6SXH$eH}7+=Y{OA@do}_22D1#jOe`KqNG{3VAW*O9=YI8f|AuvQUO#W;kH~J?L0WHsIwUb_%3Cnz zGP!@swZNgrCuG|hdG;NHEF%RgnEBj7PEm)0@{hb=s|yL?GecL*miRx}92S0c1z+C8 zkD^uTPjSkKzsytO9l}UMHqtIjA3A;JxrH5%i8GN*_VBlW;<8RR_ZU@VWYTKO`OJ>} zo1XkRv~CL#W0*=hBOfBsrxv+@v-dFl_=%d4NKHX6CagQmsCL?4k!SRX&x+qUBjn7y z%NaJI94#GHa#-P8fuVuEX)e#6W7!6a|Ntp3_#1Qv}c zxuy8~1>$(^0;7p3?wFlS?T`Kldo)HjuKMive^dedy*p^Uk0GD?i}&107Y2AZZVUwi z|9XjL`i8$+`rx$?{%G`}V(;6d@ygV@)~uvr9czc1D+P%~Gvsi5hlBmQoU)%m#6HWu?a7OWnho#drGc zWMiU2>}9xZP_QT4oBG~zAPh}^dH;1C1Q0-m0p4y95GmXQ6Co92d#*2jb3#0ygV2d` zKbvDSB|s-)9i*9M1Vz9mf-DD$LO{LAMvKOkr8DJ2vD8_F5$9(~la-rFJiD3B^_;@@Y|~BjM=Z|5@#oQ#x_& zKTD{N5WKzqPxy+HBxc)FmdgO;w*WRryou*^z~(F5|GRge_Wyr4z<=%H3Ux-Rp8{kc zH$l{=ER#5hWjWzJkX&V7DDj`gnHtMx{zvEYfB8h6(|XWd{rwuc*qYbs-AXcon3(t) z0;p4&xCTJ*h=~rM@f$qM8l2_PJcL0(k9XdWcdNV7Vz&e!xCZF+G`A4diiq7j5Y}07 z;*1YD20Vb)!zmt(=m=0?bWnj&3pfU?KAgBg$YX&oW+WG@eS@Tvm4TJ6~+IP;4*$8g1mhd_}eBmi#yR8pwXC#PcSIdYZlNi0*EsYlVCAv3a_QyXM zQfLhI<~1y~I)%;suDxZfkx`<{%o(L=RBz+zQDlcC+wNkCj`A_m5AZ6Tq)P7mo8P^8 zfY>=5Y&vmkxEfRQcfr{1Q|a(*r&rFV%Y6 zUCsCP7e3U!+mAc{Bp_Ayhfmk{L~14@9=pZvB@m~0kNAG8_d9&RpZ0aY5p%yMEw%v# zbm*ilD1PnU5(+Emg0~%Ul%9zzv9sK}>a;PclCkQQNTTlsTSu-`{fG-)@1xc)jWY;ijvGGn!#K5rQ4FH}5R=}#$qJP~+WN|^ue2Xwsod2Spd zQr3sZT@Ye7N{a43kgC{Cf|wCE`B^q%8l>$hiY-xlc!aNZ3Po;qGuR1C0N~+lk#R)r z=Ww~~vyytnbHuKJLvJPjed+jFA@x?95<(2oeYnei(W5^Gx)(@sqgfj?9{=up$_w>g z>_7?ipgk3+#=G8mR;bk03!%x(TefkyZp^m7FMbddvae{gkAZ1i+HWoF3f!`H&_)e2 zx}nl%Viz%4Mt$INv6Xx5SSen4>ZTMzjPtkLQ9?8MJEieNyU$3nw>pPu&Mw8g(Y(7!+I<5FX?(i7u-F{# z_k6r>BQxB_R#&dxx%r`B30LoO7Osxn95a$!r`>s6XnwS}t`e~}eZ=zsV&=Aiq&X%w z5jPB!KnW$`A$`_U2%pj^A|FNgY9ms(6)N2B3p+k8`Lld{0t%uFb%o6`X4?}qTo3Mg z1M#fV#KX5K?WW^+25;{7osQbCMeQ<$N9Uh@VQ}~j%)1wbQn1o(zv_Ob2TPDP zD?ZuA`imz#iUqoO=f&#N5zYttU)6nOSXlo(0;RYGg1e+>@ZiCMyUPuGe`kN^KIfe8KKIA{asTivRuJz6_-tmqx z`a^KCRyvb1ku9C4qK*fG#`ZNlvzMIy7k%JlN?K|9{iWf{^9wMf$8VqgltF4hnTK<) zU(w!i2|}@$#&dQYVSISL(|&c=T8@sl2G-1FjD``g+1 z>)Apy&RwIq?o$!**ctjad%F)VvsOb`RRJSQG-KdF0jbSGnZ0Aa9TuvS9Zr#I4pxQCyA2KB|h85q$RH(d(%sF#l~_wEKfSq z&K*9^@~N<0d$wZdczdtAJxLULD!JQ`xyNwZZhX*HpXCVJb~)WfW`{AXE@JJWF0OZ`MWCxj6TJA1Zn-9IW}|0$o=9=*4^jW{%?5+F8h2@={cp{L62gdE>i;uhO?{zmx z52l>n214dNGj8WXuQt~v)Xs&nt`E58>=_o%_VX>c*psa4+PYb>ueLgtT1?qPZ1U~&=$tUZl-oX%= zuzuzR4nN}CC}U2ZkdwaX9c2SwoF4!wl&^;U0Fs0WHos&FPTS1|>{g$js zH>-j;MySKzsi@PfItDj}rMj%9mNw1#?AFXndl%!6W$uG^Wtq$QH(*#dS^epr$t9t; z6^I8DAvQEAybFn?6>GZ_47kQNqjRj%#a%xdIyH;N&iH*Ct_$0ea*A3bZ2kJ9`r5kW zLm74~p&s;+1?tj_QyVMo6aa=ht*Wc{f0Gx7XEsoY(o-H3C(yzX?idMB?7H2(8 zL)MGl&M9_m>_>pNE03Ho&mG7Bfj3qtzpc-Giy~ z!*tJGQek>;3lVg6!Ii^&F=szRtYre|`F0z_?LLG3*;!j#TVb|6>O)h*SGddR{$4Cr3`3~8-??~cmPgp(szyu+ zO^M>_tS=EAQr-B1k;up=7GmU|A>x0{eoA-4$J4mCzJZC`UPQ~jz1BfsJ35xNWRzdJ+_4Vh{}5b4)Hwf zxcuO=rxerd@aeMJFY-gXbfy>TvES80pMy<^$6>L%X!9u>54OzeVzf@YuloKHhs<&- zUcSfXv544t>tjMm&+x{H>7*Tlh2D1WvyE$T!=Wea8n4@Pr915GA{gRv-48*VDSk21 z7f)tR9}PC1(c*A7wa@2L-8!KBgiG>eI))kOO;77iJvL{Z4LEza?nd%1PvI3&F@wXc zd-LUNsK}uYx*Y9YR*?PkH|KUPtO%~V3_P5fndlNb3u)qbSMKY~qvp(|7WE{18|Rzt z=H<0~hSmJrlLz#3Q|ofTf#SyD$7Nq;O6fEdMWEASg=i0EhMC*fG1VRYkfqnP3?p17 z-Vn!s&Gfqf-JrFRe%j2pI5KCgh08bDVf30#&FwDn#o;}Mi!=j`?g{P#Qax}UY1qx? z;FG6L%97Vd@T(p7X0%j(ZejOkXE!l)P!in~-T$iF|2O)lM1eL;Z!&VpGq~<#Z^l0R zovQtplV-7e^sx{j`aiv!>d~Ca2e;=kx0dwYTjgAXr$euZ?i4v&I|AcY9Kvz1fq$+q2s9AvV~5u`MKnQ1GX>~Q2zwL$*ApT>#sO$QF3$g) z=av}{4-X>Be|Ixec7+S}t)@=sa@1p7*O)3SV7kxV9KBL1_K!~P4ukOK(7Y#j1}%v; zpQ@ex*-ToE4HO@mx_a4!fVbp!|JO9 zPHNslihRCunG|@ytob}GRG{`eZ%)9iMlbSaX~WOJKZkD+qjkV1g}%$ zCT|JxY?LE&I#JLM?(7CBZqZ)+Is8)M7j$#-<2LFR_^eN;T=*a>LLa;Ix*R@eLa-B& z#Bw(-8QDLm&4J%>wXyQHm%gU3n+7LoImLAG`8@?HVc!b9;lJwGS7^A%q)bR2!Hmlo?}U$&picf@xXjG zXl3D?v8nz_wfgu|4jbira=`q&hg6B;(f6p2`~K}66?s`>E_#*oA;fVVv#zj$L+RnN zY>C&nc79l1F!t8w?qyHE{x#qEX4Uwa04Eitu#R1o_b%S~SP9m@dM~k9@;=Y%2wFoT zRbQF8gpWALkJ#~|U)|AYCHF^2M3INvGnTn0%q}L5-EmA}_ai{2eqO}mYCYrUeSI$ zVEVp~&4h(lm@cYDHH8HouQuaL4XTyNb)}1f&H)kiEQx6m&A)rQwhLDv$S*)sk}j%} zDPA=krWAP+=r5$z9|^#q$6dK4N(QU=31l2Q$dtDh#7dw=eF9fA$9_`IP~|TtsNaND z8%k;kT|>q*I8<+ADZkDNDf#qTeF%13W9Z>P59Cb6{U$1KDDl44OIuNw@1Lr60hqR5 z;Y2vg^77WM>jWetCeS7FZ23tAm(8f60^W3b$4t^uMl~L!{}s=kZJLpIwy~EB3)V(M zm@JHm;34*_zVSR#56biVrIhgZiI7*EUcqGZ0nc{@K;x3Lf>n7Twv;qmlKQD#ZRJs1 zb|TTBYFEK*yQ#7zXOWM;i1ma`H6bR`9*U`BKJ3tG)% z?4x=i&jchsIma3NBS4xPROZk?pFN+VBj1g?*pq8H5!J;U4M0Bdz31LZp-Zl!5__Y$ zH=#?{3({zgn~2l2tGv1RMo86q_^@6VJ3u~vGtT_65FKZGHU+dY5)wG(SRTr(4YRp8 z-pK3RK36`R%nXyF)eu^!BJJzSMpWlHPD(-DfTj``{( zOBE7=a-CvDW>1}^6LFPL7|LCYoo^Nst{S71j{s1{{&aBcb8)NT>u7B|#%h?V>2(mV zwUE^dwhTgc=Z0dMze%3$q0#kvrfWwu7?Woyy@gssit}=_oDCcVDoC(X(h!zt+c(up zeDd1c<@3xmKHOa$U6zgQ2xr?!w2*A+^J!}ct@$<|om|Tf&ig@qAs9@*=pc4^$ zM^uKYeMzvu4HRR9byevk`B5*Xkk9(P@i$aggE2+-S|_pf_9Q%l^o1XO^o%Ubb-K4C z$h<=xRk?V;?);6DMR(5Wo`3Pm*!NGlWe*d+aMBH#$t8TH%m{ZG>J*mvgyI}7P-N<* zF-&hUlnDhL7X|hSx6PV2@u@)oe-GVmE48cO|3$H z@wne8`zBG&CDjI1|5K37A9IpB;x6mEp49R4LBw@byrKa#hJI z%v~(+7e%gzb^sJuX@-yT%4xTbaScg%QLctLRXMBE+gM;9x!LH5M$nHO(oh%d;B9~V z3SUl&L1zakiq9Zs!2y+ovf#iF#I^~PK4wglP^&_;eWq+XFFPEo3&U2~dh+Ok=H1U- zozP&Ja6U_BN%*#jK#q|li!kR*XQtM#R}e5bM%h87rDcb62ZIZ0m;{i{KAAX;=Vr(2 zQV6@TF>Kq%4GzL?*%^r?$h(xpf*@ZQ4G-0wtj(%Xs^UX~cebEZX(hXSk&0h#s&>cA zq`Wdv*7`eD2k#*&`S#spU!y4~MamlJwKW!xa`a4r!~3tMN4}Z+roA^Ldsm|FpC~WZ z$nEy-Z4G^fwZ8z|yjnMzKZSu#g;7?wMhJhme>9=IeZagX4?Av4W(GCTZ`VObKmtpZuG;%Ifs z>Mtot>y}(#>RW1IBm0_?DMPOe;@;Z(mWNtBwkZiQwn6ARZ3OZ&tZC>4LRoZu#$(rC zfTjPr_@YUtdozp1{PJ3zBd3U2g?F$IsGkcu8_{8?3?T^gSC+^h^}adP2g%> zTsP^F0-~x?&VM=1-PdAeov77$JniPiH`fj0-)M=bjKn=LJg5IXZmLOr0bwHYXPAKPgL{(R2@)E_l&Z6n)#epp=(|<2n#fLbmC${MqhIl!QN; zK!D-5rEK+(u}@0YNPThz!;-?D_u5ivVQJFEHhL_s+QyawPuvr{By%e2VQ3zi+%m9+ zTB~Xx65c3s)0i3)X5IDWvB$)l$Q|f$tja z_KdU$s*3x)tm6J|l>+2@_AG}%z4_Pk*l>}-$1B3TDx~c@{FCcJ!vsxfd3G(6%kFQZ zUynqpkrh(|3c0#f@ZE(E5&~B|MLh>{vDfr*tql^;Gj+icR>a5ky9Vf~om|~qG+AOt z4(qQSK11xsx>j>CG9B7 zv6F?D|*eqF<&_mW><(u$AILfa3c9%&lo ze4tldUEIBVz9nEFu>Fw>Z1W;r6=F^azYlcOY)@wPq^WR_5MFUey=tji6XCJQI$y%8 z;j$I7sM`6%wQk#n2*TB)Fm@zi#}O%+b=`&L(_ttt-B`+))?;CDD_UY!vn}47dW(l+ zHP3rSe17iDM|FRhteuz^tEsfcYLND|?@zU@6SYv%cvrdos<6VKy~x z7TMR)^y3v=-@`CXDUq+dzUaDV7l;ltnA!ESiIdAFYK0Ng!SaP@p&DxBx&iY1D&a2~ zEZ+vBM(FUByyux4am29>M4#;0CXDAG-OF54rs(=N6z;1kP_I;$$4KRL;*rp0^{6W$ zPAK`bj69<$0c(?K!a3o0-*+h0VuzG_uo+)*&SZYJE-var`zrVck<_FRit-Oz z!o10G3RLD;I^C?$xjO51#;w!W@MK=w)`}z5}uMjD|#*T~7umZjz`BVNe-N922{i zeN`r?bM?*;7}ZBzDBY@QJJ7Om65&fD^T%uWC#y-d(h1zQshWN9@(8Bc$&{>MnJ)vo(o2H6EXBeF!KLmL@lw2C#sVHfgriJ!GI~3pmiwhwj@f8LPR|q zQTIz6+s)9hVQho;9GwGsj*df#dF(CJaJx^G7-HBQKdYZQuYvWm9M9KP_)CnjXM&OH zf4ub04<@dYzjIK#l!Z6wG6=y__aSyFy9T99n?#P-6C2Tw>u|nMX;=(3cO@U30y&-9 zM{}HsYE!T>wxva<-Lw@-Y4}o4?(;=zv8cHpgM5kWV50ZS6TIV{KA3vCcdeVaYjQdv zzuXZoBlYOgduZb2uKAe+`Kh|!0ho(<3x|k)`RjY5x)5Spta|0qVk!^vyv0YVk|UBM z87lH}%Oz{~g9&zc$^~|Eb(gz-%3I!XMZvA;MiAZpGb29e!Alc`SFg>$Kg97>7R(Oe3e&0iynOdnp=>UN-zE`660_o{QaqB#Z%`z zrq9?>8)LE5YA^WLO?On@K7Hy$p@BB04t@RGyY0UrdbgLNkMTXbRKD3O07_CD*)ZLXDlc309f@s%%E->c~mjUWGbi2a|6Ug{?4O zA#bTkbP0zkznLe5c*KN&k|&K`8`ba5K zy7rsu8+AzqMJVbBS7|HcM?D0Sa8PPe5Xatv>Gcc~T)uH#99;$wlU+ti(kkegfj^WUS>`$hzz)Q5AA6>2)-ft2 z5?^A=C-57kf3xHB#u^cv(cer*k2*10K{9Ws#mi~a<``go&my+W8vGufzx~9LWO|YX z-Bej`+57=bE@3DQA9Wf!3sl#|n{GX6w57_(nD6%+C>9aYtwE&DaXVS`jh=U#c}gG+ ziyWP=^Tfnke4of4x3)n{c?dGJF}^GTpKo4SbjQQ){4~B@lp6qop*vS z3?{152ujSTM?rGQu|EyI6@#K3>JD^QfvT~iaO~3P;BSjichBc zu0(+da0J4wg>?zv=1VsM!WIiUDg)wUskmfhdYv9R2~*yG3*4bXpTECPyV#DJS4BlP zemN}}dsG#VCVi9tPs=LYcbqOM)?RfB{n%a>;21Yaz}rusSJWo6Q1&Nlluzy=Mg%LX zzS|abi-F2>C?t8@eU56w4Hxo=nW>}=VtWE3$pK)6MsJ?t&K_%fRnm}*vMY(+gLl;QuaMe=zM3TJ zsrbTH+FIpMkNHuEoH&ID3f?B4DR!@zwJEyX>^<~Jdv?xEeP9#@;APxp$GbzXsVIGy z9n3pk+&t3&*1?eYX6KI8FM0L&imS{v4Gn&CqYdb$qN3nlpaJsk2x2{D^k=UVK6Nwr z`@jzABt7CNs)v{?`S6$Af@7yJ(}S??|$V1Tl)f5UtSw@wgrB*7T@ zr~Ip@QGrYRZs*hgP5yPa@LkAJ6e>9^Tr}5Dex{LoAWvIj1f}(>6 zV;O{|^}gt?nm*`A4?1|BSVI_z!Z`^mg|o0rtSEM@SbhK2@z<*&;9}N zciPperElZiB$gZblXsS3}u7Gfrqz&V1b=keh!GFEu^(WEoCXQ~xRY!w*YA`i4UU(_g zUZ5yg6o~6PkuwpCsv{2tEFF<_ZI2}Mz9K>h^4i8e`DOK<^Jj6WoFNX3w+v1BYG4t_ zuba3ETvv?mq{GROc!CsgV$;tAECH!%JYCbCr zhGLECo0=9>dw9VIq9qPxU*Yl=)09b{3 zLn(5icpLOdf~6Dl}GGIlR)?(s?+mVdeIJvM;A6` z#P81uk^==>0Zg#h7j)B-EE!dsc}0r2dLWVxDiH00W~u0tk{;xjJ_4nRs7VpF1efy{ z4SxZ!94oP$+>Z3e;dq0Vmd(?B&H!#Hiku2;eTDP;BGe<51TBmYr7n=D54Q0MLeiei z!MMqd(y}uE-Kw)jZl#UIQ2NI4CzOQiMLjF5Acf5}=v#NzYO^J_A0M);2PkU+FGq)E zCy#~5u(C{1{%KDlP{I%7H;K;&juyrb_Ua!5o4(w1)9II?dOtZUU4m;eyiZ%v>Et7p z%AId*h7pQruf$e)vyKru+v@DXt+JY4qsQO`e)uqx zMX>Bm!67CH(OOJ`9iqOWnlwz#{!HSV{rt#+yjwaTb!fEcL-0l(W_!n{$4X5Rpck`M zEf-AlysG&1uqP*a?zK`)Lgk;)5C3<1pSoxpuO^ts&k0B#rCMSF$#>ErTmFmQWa@8J zV1;XxL*Q{-0ov#c#WxEBOy*l*QY%bRifk3Dzmr>yMh<5`Vd%d=ZStKLv~EMKM?Ao4 z-FdW+EAik4eZ7&JhJSftmEF^kPX|kf3(LIE#Lh48P#b4UeHsk%(~nn`850;u=7U_y;NKR_LY=zWbBiOh2C*!VOP zyQI*~Uq==qOa)pA4)^mSY|~(C{rF*J3~}b{8b<09opu5G(eiSu!8^eE2kx60HX<~e zH(m#l^Q*6GjK6xg{7UB6VEBQy@*Wlh`K#;d>fSYl! zvI$IgX0k!%E;_1;k7g-}Uf-F5KmzUmiok~d9j*N*W$b^1#{UB7lue1Lxh>V7cc+ru z(Q(dLu%`VB9w!Rq74LTbn^^C^!|wT@MTZ_zb;;He!}^*d_w^yh(Dp^OFrK>`I1MmF z%a0qOa9JA&y5wgfPxF-%A`DHQU*>g>yBj7E$y_=7y{zEgkl(dz4=DBnib%}6d7?|% zi%9a8+op-eKo%df9MQ!-2ldn=%0!9l*j?u=ht6`d>u-AbnN?ITB4T|J&q&d-T~LX= z3$s>QhHF9L#tC*s#x!wY+6W!det!m`0#M>Ba5zAt@j{~=_cgZRkuwEx{N~>lEu<9c zZ!OsVrJN>?4G~`lTq4kXX_=3FL>ylq&t37Az&B~b@9X8HTWnGKjWGqE)I^)03N4SR zE+$yI1QpM%&5rjH(Z(SBqQ79ivm9N^rfs{E>{nrmP1#bNV8AVuGxnWve8RjRVDgXS5A zxtmnJg2xQ+4NhjCvR7#RkM^r_V*{Z^d^h`7ngk$Kx&2!vc4Q~+26?5(6V+EPB(ieL zJKxFariA+o)OoUo`tdGy1kW>p>^~?3HuNb2L>@YBr{@r&&V?PNa|vH%qMU(X{tODrepySn&I?v$({ug1On98OuJgmMVa4m;A`p#l+2*ptB`k_hO#q zwJB6pcGyd=-h;jZDQLryJB0|E2J6;nVNG;ZykB`0Bap zIcsQt-@e2~;i`Y;9^d;}?3PaJ7Sy?@<3QQQ+i2FL$td)!;YqH<07}n9 zpB(2_{!NNkk-CtN4=YQoR_e6bP=?yDj!>w`lT$M*<%2Rso~nXSX@z+H3apD0TR-oo z?ilTY**`%hs0(z3;1*s!fP8|zDfL?sE}ODds=Nq*J5|R`VekWtE(nVodiD1m4dy{~ zv^deGKY6wtg&Q38hr>1fYT4ko0;|Bh-zY_~#~8v=^X6C6)}xt&oXz>v*e+hdsF3Q= z5OZqYj5H15E&}gOFiE_3;C}>N*Ww@P?_g4AHDL&HbWVtwt$h62gq8N)TN3g7tfHUO z3#2f-kDEX!PbQ%9tgS3qyPDE1?1@^EU6t9XkN7nS$2vDNn_4nhhcVk)Q^>^qUIk}M zk-&&j7@L-T+03v1gPE(5|2OmogBIPeMn7^sg@R{diDxtwPz8?+4ME?!LiPp~*f8vzu-$O~`@S({P zq+ie;wfx_v@p;jXv3e(O44=4x(jF_2>Z~rodrIwJ3}c;Nm)lIw)+dug13})O^px=4 z{_wC!V%taQVuyl|$9SnzKK-JtyOYUz5i2eciG7Kr7bPJSXC5WNwtBUGeYu9I@g45v zDp>7K>k6-Q6lS7Ky-Gp=$)b&Dfe;y+-a3G%KS`_l1r<_Hs^Zo&vC4XpdF9BNQo$o8 z0+2jOm*p~2rfC4g@5eBXNS@*DPnO&v#l{4XfnzrNS%B%Ca*H<59KFLMpr_dNCk-(J zrLKRsAP~G6;mz3~_&J@(?@Xo02omy!a#6m=^c;H|>oc9Ju79sTt}N-rySE}j$R=5O zIsBxA{m|)$J*>>yLT#m&XTi7_NZA)Np=7Sg0`w*XSUEm?fuIzXC)C=4+A;45DVK$Y zc=5gP3+X+_M%4Hll;j{Xd9D{^$8if;^h~s4Wbs(83Y28EAbEt&a${-}gMgmbJeRz1 z8?M&|C=rp%6f5vt;z=)mf?t?$tWr{pPZB!3T_lLR6eURL@KZ0d@M)~pa}lOqe$)AH zuSZs}7NMP61h3(b=;|ZGXME8V38JNi_uJ3s8(p3IrjZqxcm){k&uCrB3BJLR=TTJ#A~sDiDY-R9ndzgFJGetJZM8JC31X07HA(9B50TxQ zr^rVojk=>-GO8J>ivE>vp~OfGo9Ch=Bh`mge!S_eZQD6y;%p((Jk_Hn>Vfq;gR#CLL)DoT7BU4#8 zq{FWipUa;Y){AqcHzBmo66JHrQQG(7~0F3I-RkbI6)*C>X;M?qB zvn>5SU(98GyHu-IdYZ$YE6uaorU|#>hh<&a@%EK9t0VlqJ`8Ti6XtUxEWY-xCVEK@ zLO~TiH<0PeSKM$_Lh*Gaptx)rL3*`8=>ox?cK#H$k#KmyaY=*E|2pj?vEjFb zRcW1euupj~)WGieY5k?P8_H>lM#FnkDC#0ev&Qqil%|ndegvRM?WAZwX#4cGF5=$i#}BU3p)>N}cKssdhD#QO)+W z<}I^@OEu^3mWXY~s(-dJuGw@JljaGs9h?$g!?&!Ag0EC%N^%u#gA4usI1=fm-}Ka} zG;l+-!&N2CG=jhRk$>&B+o%!=O4FLInAG`P&`OK|()%jjU;pbDGuFZ^Sk{!!z`7Cf04LG}L~pY{19AFK^mXxIim5Q7qcM&YvoT z!LposrGe67=0k!K*i4}3+9$b?8rZO1DJqzv-P^tx=T#S;W_I8lUGafOpmwXmsJPy}#CB!3U#{b6EcqojwSKwO=GA%@4pWwmA1tb;*7Reu#(OdL5Qj_% z`@MSU-jizY+2$1wNx!vc=j6?Mq@YVJ9i$=48XV^1gArgHLVP9Df^Jjp*C*^B^)c~U zdj<=mndP%hbL;G^Aw2_wvBGk5CtAzy-$HyXz##2&Hh4mS(K2X$|CVOUt^Sr{ba!W` zV%Dzt7W1)f`sxLq+8`#zS!YTx5eCKszM#9m#Ag^7ZyyEzyUn;92AAWrvom9cdl(p3 z@8ofsE*G#c_VW4UaWF9cc)Ev)@$JbyhX2ntJ$zL;F)%P_l;mXJ{o8x@$IL$tX8dSC SBZmGOhLXIRT**t5p#KHKf&M4} literal 0 HcmV?d00001 diff --git a/docs/addons/postgres/auto-backup/images/sample-postgres-2.png b/docs/addons/postgres/auto-backup/images/sample-postgres-2.png new file mode 100644 index 0000000000000000000000000000000000000000..2331644c8b6de444ab51006cce69f4c7b1bb9571 GIT binary patch literal 49530 zcmbrm1ymi))-Aem2_D=f5Zpaza0vt_xVyVUa7mB=!GZ^OcPF^JySuyG-uccs{~iB* z%s3F}aAri%(+l{4 zU?=&-5d=c%27e&p=}-tjAX1Q&sIaozucKvOFQw^c!85f7I#yM=l3GCI5d zQECf&2mWHJtj|a&bS(f)7&a-7ZW0-H?Jdx@LfiW8nU%MR>L90Kx+sPG8a zBfi)p#>H`v9>!|akq9cU2h34FF8b!Eimu;#)FlXm$HHHx3v(A71F1-Y(z6D?syf@& zScY$Tt8#5uqQS+zgd>v&yFRwhTL*jh))4Y+>$ecD_<;7$bl^#!;4I4bg}zrGrM!l9 zXHGgNHe?Q2Z@W(4h^;50z4a3w)v4fY9VKRCUv*k$buPL z7Ev_+WANr~*~ZtJge9F|F5cI|fk_oot}qRagMC^wbocH=GhaRq8niC*XEgG@v#3#P zw^K(t0sg}zlqmv~GtD=pr4pVHzdj5R=e0L>e+HGq4d1KAaYMGv3BRcGa=-(9&zzt& z*p!%F*1(bf!peaQoPhvErneyuve1DZCn38eA&N`_^=`OfOl+vT;upl_Rj(Tfd9~j^ zdw!G!!Aejwd;Wq{n$b=eMw%QxbmgO#WW;IiI0p@aRTO zEA5(*w_stR5<>K789uT{EP!D1b>u>R64J~07cnC8YReMf{7~sj@gT)^< z3Z%Z~SB9xKl_5UL&twizZFDqksRNTD{|Qm_M2bL8`>0_~i0j>257g7iiMwk^P2`%- zacd#xq;}~Pr-!wjAa^HD5iyEzj!Jj7FO6jl*Q2yGg=~@u>U~~ykwR{;LyAwfs29Rh3+aaBoY84D^wbObdJlvd| z1EXnhFDgVg#8owo%dxkx23w?$E{hi>^&Fizb-|CdA5hxepTbyPxNnA4j_9gu_P*Pm z&`9XqEqJRC&XT?S*_qE#|(gyifOzI01N?K`eE)>T^jonOL%|l(yNJFbR zUTT90r7?0jVU>PAlrSz&A1d${v$0MG(0Jbm?GQ&}Wc3RnG+2qdtSr^;LpTe&GpAIi z=U;<$+nW3fdhz`az3fH+(zFG^-?X`Y3h>N(et+l};`ddb|AYB9T(9*C$r^z;EU0|f zR97C=CchKz5JN;8HV0pPpu))lP0>}YVe61<_|jE_nFlRIZdTt%JV@E+@|dc7E00kAS?OR}cylH4Rf z6R{szSb9hz>J~KfN3>pNMsn^O!&o5Pmh-_2`9~#eAK@Z93H*|Z{HIE|DPX+Tt+ykW z5J%}T9q6s<_;3B@?ICkZo4(Q2d{^|=Eb`SnOit5PE1d_hL$L)y64@_DDL{{BCj@9S zy8lQXk*fQygIO{1JsT~!qpWy#M=2fv`sm}*^cEw3C*pjuQC9U~NVAx*vu8C{1%Yar z!rKEAEzNb=xZ+rxLjWl6NnGTWvyN1(6=;xg<$2Z?dBrnY{8@V-XeojRSS=QE80a-$ zTM?p~1py0L4~a}JEXDP@9;S~{R6yRL*2UB8Nl|C!P4)`%|Pq{}mssYJUc-uJC3Y&RPM$MO#9i zHk5BR4rL3>)rukK&?vQQ!R}!XbAqECCuw>z=G-xa00_8oVtavvS3621?+}a?l=X0a zQ+Q;FJ@Y{i@$>eG#WIM;ZX$CZ$goXoecCY4uf6?SH#-bdx6k(na;7-=}HEzzj9Kci#g)6Pi*y$!*G{shZ+jUiG zV83;GPJjUIOX)Mz65(x!%tu1>PYD`r&l=d9^fu%norL8x zJ@oG0w9U5pQbWgvz>uojoF;mmG4fyw>d7xI`&Jqky11TSLfDY39X%nBz zjlCxjCc5dWG+v2rr?!L$c{HPFHBH4~S8#Pn)@B8fE?$VAIxnvk%bp5D0v4BD>;lW; z$j9f`Cgu-M2$gVi%>;9P-@o-ADYS!59eFwc%$vBq=RNZ9yLP#~L z?4%ACEsI06AUJGpl&F=v=wjVqYvkCYOjQ6jz1#66&q=qAbV`kH(zsc`PHUru@tkU_ zo{k+|OACEy{7y2xR`JRB?&{DI59+ZkzpK((&F;VeDp>46ziU%p@zlq)QX9r0;-Fcu z9qwo!-H)Gy_j)~Awa$LWA8J;SB$5Zx(DXoDX{4hGuC1C2`WOGj@FY0^)6$P=be2Nv z?w)>vMPHKrtL(?IO{0BI9H35~o?QW8kHIGkjycZz!)==V1pxMsSjTPK*4~3mdcGQZ zOl8I*9Sz0V5OKp%r$;eqa{~=^YB;XtZCpNc4^j+it14l|@<;pf$H?j@w60oJE2Smw zXSc*v>tp7#SNVX;`#+TJ2nz&wl3!rwF>>mSuhKEU{5fR-J{4ArSVyl}DE+=nr{|=; zw+fc8xJH&dCVw_cSc_$l{s7U9`CA+X-D)^s9C$1*Ac(%-t|t-nRY5!hqPldHb}bWP z?|^nZc(ELD3n#n(!Q-=i%Ety6#SNjSaB#5~9T4XJykYx@Rv4{6`4t~bGE35@05*YW z9=+WI#R0UcG1N1mHS@kkotXxWBI^l&>nRp)wP2W7NER|Gkmc=tEnZ?;(-P^Y{d#W& z?zAClTaM|j`%iTx-gvkmE56SG06zeSL&UZQ+U?q2@q5F5sGElmrU&-9FnHpKjQbSB zm%~*TC1AD!VD!3PRZ`@F#kYpRwX>hdp`U}IoET5W;w@)zoY_%Z*+|m+`tPAlJBc8G z<=A(qGB5h>wS{n}H(oKiZSNFoIjwZ_deVq@eo|euI2qk49kC+b&qLFPLG{ETb>{qD zJ06$tB*L6xThjK2poTeCg@anoRD_OOD{(}fP6sd%zmt@H0i2_O9e>BRRLDaypPh8d zy%~rkG_P$Omuv$$G#^rK-~n8nT_=1kJ1P3PGdAjJ1ETM>no#=sSs1oUvVlEYR`dSp zOZt?7!8bvZKQv$(DN}wx2s*ODwc`C8fe@J#1WY?X>S1vWwkMooM&|9opog#Uh%F)6 zQL6u&uukmG#qE<#cg3Zef;m=>I3D0>*+^IBHA^kMR*8TvIF9JF2b2JNi?L^;!|+2^ ztzr^4szA+qy0)JM8lqFS?5G#L;*WK_wyhuBpGg;U>3ffKUkq_+0BBT8w%!I1M?G@7 zhG%gAKxT=Bul&uq%OnmXz_VR749|i!=a&r>F6BobN|M*RCB%TBK zHn?jPIojc2G=AQ5c{E=8a9qH3USN6yU~=6k7ZUk?E{Ds%Xf6>e1u6`tzeQtz55$mg zC(6m2Qwli9c@NiK^R@L8l*+DBERIQ_Bn@G_YDNE%$ZU@Y_atXpGA1=gv-AM|*`Dq| zxrMl09n2jNzH?ZAAy@S z2BY-o=rP@RTeqTisG!RHoSZbgw zSeSai!QSx?C1GFmjCPjmIgnz@w%)*~c=MB_fOQ~W6htc=CJ^tSESVM^_lb1%rsK6d zz%urrF<2bERbWLB9U96DwLx)l5BKVDKN$^7y-}T!h2V4%wy+*LXfVLS6XII!v3H5} zsN+3()W#4UKsS{v4nzZ~LALS}`ltfnORnFj5qu3#?uq0&+Wfc7RWN?5FuS%~!255( zdS6TZ+Na_mc7K|${SIWJ$J?BVREtE2>#qqx6s0iFr;YxuUaGrKaB zv!bFRbYkL@|2o~?E(Dy$LWF^Yg5uXk26rxtcs=hkbu(`}4m1Q}Q0L?{DfsLGy3fnY ziw@D+gwu$ofZ&S;m2w%D`WEV_WrLXmdE+QPgW4zd>`A-ryXKL8QZ^hyekRr z{8l&df6q$XIh$nPU+&7h5;N-w)v4qbP)I}yF(!!QD6W6!TG@+X{hO+b1+1YKNS#>B^OR|=4lu89}!qMs5Mw#P6P#_%!$x_qC=AvQDl2gLH? zcAwmZ)qsj{ICl1A{M_fb2&0V^%$o{ zMaic>!Y;U?s_0Gsyu9npMBMUK*xWy;r$-jex&IW^nR!wY;66Rwh26E?cQA>lmL5g z9lwSOfAVJ@sj#)LF$1HJiwP_?!Nq5z{(vuKS7yh&$`)VU#dzZe-r?5ptIrb9s`+Io z3+G_AlWhXMo_cFT-EPbDoXb{gHSa$+r%sKDNch2J$XHufdeoeFNsygvsEflQ0>i_Q z^#{l7&%_@!W0u%t6wChX-WVS4p{sD_dX<4T~f6?}BTkC;U#dvoF;aej7M2>*;g zjTFDQBZKB@}VL8rJ=kXU=cM+roP8nid9e|i?{Twh?FS{TQZYn=bH<= zOOE%E?hTu9p%+g1SHB~glJ0e$q9mnk%3nSN`{@*Z6x^Nl{u>%zZvj9lT##eNLpsD4 z9=6H1AL|i=98CL=4$@z{Pzdb)FrNT67ep@QgvV~r9=Dq&+KZw>2 zv=fRL8I00m7Z2IPmX0FZKTQZS)6>GW_VlH>x_%{tj5|D@WNk%V)PgzG9b<~++r#-F zf|VbgrzlV@iO0L89W=^E!ipDQE$3ldr;_Ne7X$)m; zK8=`p=u0UM?47NS;yTkrg4nki3f7@uD`+Xn2-3j>D&BbYMEtvMSLtA0UrWJ7xwFN|zAB1~jI6MI+%~5&J233CSo8lX>&l zDlzux5%;@>5I<289(EiRUenVGfM^P@(*>YcFfg2WT+sm80+4#mcJtt2IZP<7{BqcAdfHMdJ&xDJelU|#ldn#;*(EV z1axXJh9>CWhJPYjAS*j$G&d9O9kHS3U`VSg#HB=R1VZP-fB;X=A!p@vg$A!?sj}ma zyc4wV-N+`m(~$`?ikLz_t=)@;gQE<9q5JC$?Etf7I~ zlrSi|{O$Zc!t99dXOU>vW67BbgE$SC{3+gdl!wuANEzI3r5br8<@<#k(hB}4VE~rR zs=ZqH;skoEo4+wZ{RH22d6@;8gL(!6fLp!zY&Lv@yO^IAa>+ugXo0G*4V}2~ zWwfS|Wo0^kFf{U(1e@N7^#UffSgt}8g48~>S*3E0B7{FSO_F(H@UtXKuGFNe#apD% zS|V`|4Nk3Ay4orKD<_%Qead6~>YC-BA^08v*cY+$eSMC2(0&^Rvv}q<`C3I-GY;)9 zB<7j?QLX#N2Z8?V{5G@iNL%vv&G#~t2KB2nv=7C>U}qVF)2x3OG3UXj3!2}?FFk6{K$x9`WVat@v#!(;DTJelC9$Q zonN1&#N@j?3Z6;7YXpzDTwMLn8Zil}k>6S%O|0a;w${+*$Lh<~3EfsH<0@VE$xI55 z<#qCn`Uf&djm1+@@JPMMWJgWfLE1tPH~S8o9|xMU$nUZ$PgIJA5F4a;L1caEm#%XBnj}RD6kOPiYF-e+8bXL?% z$6o5CGIGLRJ>$+-S{u<~!p!_w{IqS%-i?Qcd(utNn6Xv!LUv8?5p zb9=nQzZIjLWEk0LXe8yi$eOhLq%Hl-P4N}qPFc@G zNa7sn3K{F9AsaRh26KHbMU*mmQ!M>y0@vC8PWJB>G-9FFo^~e+<7%LB$ z_yqcD%gf8Bw|#tw%kaT$P9c5LayRoRf`%7tF443ZOQ@&TWO9!B(h2MD2t6=8|5e2MAN2MA?h>C9 z0lkg{4)un6!a_>|O>Gjq^(ftu&~AP~czf6Jzr%Y@Tl73j_su?DBL*?*l=i+ZI*%{^ z`K!Fp8#CeB1}sodUTbbfRA*o9`Vq96wN6hA{?dB*AwZD<#|3TWg@uAs?^mDtt#0Sz zSylPA5A2+r8v{9xp^=d%wXFXP`t850>W&Ub;f{~9sLuS4e`Sus;u5xgR3k;X#0?p^ zy{y^>ruHa=gBb6>H|ARtA9w5~Xgk-D|K5l0Gh)sECMZjH3OTE5c28&vnbM4u zd&ca?aGwyBG>15DQym6)=DmMtLOm&n1n?5AMd1%Tc{ZX*GyG7jPAi20ub8s!8FyL< z=S;O$y2Tr;oCcG31l6DEVBq~RXulKpIK2rk0qKdk`~W3cA?h^2gE)_Lojw?`QvRTy zja1Ny{u=iVVC9t1!hVV+L1a8o?%TsMbP~eB2nf6!asD9T0)O%Jz_=sw>a=8?$mVZG zdmOZn_8cC#!|rDGb35S^8S(vgk6F*<5bb|vnZ>9AGGs&)CbMyj$SH;4z7P1ESZG7a z;=wRP+A`FV4$nP34fQcNYl&15`^$diX|e)=7E5_Pv*U?;PD=s_Qw7K-1zPp8T*_Ji z)`Le#q8|7ZqEPl#8jUoceeAtyM#eo%1vc5Fk)LXb(-a4S`A@B0Hy8+nBqALwusf_2 zHEUqDT<w4jJ=rK9}Mjg&GxcTRNGbAD= z^0+fgB5bp_H)0TVK1!k1G?RO&0_8%Ig_l!%P+YL zV-C77V)jOnP@>~D{T4=R4s&=wYc@Z65 zr1&ZI-s$5K8p(_Sfe_=s_RZ_4+vCE_UtdCo@~Yz|D|LjP7!Ug(X4>bqb1ce&kM`B< zJV|84+Oaz*=0=Fsrz?r7mz#o!!fFBbJdlF6^x3Kgm#GeJP;u=`?U!FW>YUbH2ofM~ z;h`_wPa0>MmSqWS?Gkft=SivWyIB=5Ek}~PEF+;qd*Ya|-JPQNFFE5TY# zThCwpR#(P>){O$`B^rJ{cpGYJA*Mk8fy_qEi9Vq;gj#2guWQ^a9CK4`S8}nn~F&5+W3j~OC7a@eFJ|EK+Ht8)eGgMMS6CI=bCx25DIH=U97$v$v zovK=X8;1h68SIPSjv_!=-zDYc?WQylQfZKT6hKxmeYKb$3a!g(v~s>Ku+*xL;l`vj z;H7Y-#AG#fK=fwIO3JedF@Qc>=*e=D;)9C+P&2~%IjFNTJx&o-@ zF~fCJ?Qzx}!S0*rVO4W&&ivS;Ns;4FDr2~c(b``8yLv&>76HRETfGb8TvA_hbljDH z{Tc5Hv9IqRmFf+Y9tjSc&=Wry*-qrtYX6hnbhZ#K=4RBH`nkX?tGHZE3?-+s zOX6=p_r?I$ih^+Zk1+oU#b15%VZ%i@1`B7*%7n||Si#W0ah%JWIB?7hn(WXWzGBG<7vM#)e`IpFa#VVZzoz!Sp83h`~Uws{m1V0URyx8r|nQQ4; z+Y`qdg2%4kl5$u2{SHO|Vn9rSzTYXzpLt2PBt6!o7*myx+46oYe~@H!V0Xki(?V7h zn0(yP!=)jF5K=SE3nQ?$RZ|9Ya~k%UlVq85cC(ZVf=Bd3r9C(==tuRqL5uxbk9F;h z3YvKI_$57Q2eApr5{2HA$yv(0$K*!2iF&L#q*aoB(%BM<4*0ANmwIVbaGxP$Tx!6vCq^7dE#TmiMiBV{adVJM&clF{qYB!F>64WU z`ZF{B0vGZG-J$e=FYqHKGZ7T`nFUzXaA|+N_wz3aWD>#$ZBb+Z>s<4`OZ4 zLl$05$a=te)csu!nYG3{zlgae14LL_qv)Who?i@NdS2iJ^@<+^c#S60Q_of5U*>-I zAJF)gwV?=qaGrQRWU{rLD-6`#sAHnjzHUzjQ^+z(s8>4T=Mbm!&DHD4aNO}=>l>g*#uB4r z1V$C=B#{zwccG`GlKKW0znPkR>phd?0YSuc^-`QC4fhQX#^u7R985;5opJtr-(y(+ zIdUV*Anr{UdU`$nhf8{9j-*8;V|EHdeZH)&t>_Rjk!+V)b}syPrn?)*rn&mcMz~uS z%%V~9-3R>UiDbymYjI$;G3DAnP$V`!8NbK){rmTNhke4V>}-B*tbO#>p-^{Mv~1;kJ&h@J?7DtVOT7ghA6}ulyxm>wpj!X z=B5vjKI2%|OgS)p47?G~kGpzT9u%FOAj_cPG+!o?NcVknW@ZsEHa;*XQG3{i%K>sj zT3R|WOQcl#GCJlbN);uJ*q`lk+Uc7->cVJCFOURIx zk{Gk=G>D^pt(L@-5EHKyJTZ8U>lQ0$a!3))O-Ts){ADtfMn+D0k#>u<8woR-Z_{M& z1j)jlUb7|C(?>h-%lW#xfJD%1e`DwnDpTE@O@FcE(6c^t=@k2hud7z~OLlzu42QuU zDa0F+M!d~aq|UOJTgxq?GMkza!I>bkY22VCf9dAdUC&<)dI4*v0aC6on@LGApJDGC z_Yd4uot-&WJPsMQc6Yl>s>pbG@!3pAx>0@3pv+T71z!ml>ue?L?OFW&{WB)_qvPVB z8?;bB>aAWpj9T@69F{YBYwce_eggy2^y=lHD837LjJIzqj0drg=Bx6=?qw1f{{ZEh zbD%0k!Ou@b8;=OGJ6jVrGBw@o40;2Ph}fy^x*WvgxI@avN2u$4jg{tk!t?aBE7+8527MMSN{6NFTp4r)5 z3wxg?Uvgp^SExcr$8ys?)pFliGUL+ivI@Jrs2 zcRMMzXlQ7DEQUR6d4kV0A3uIvx~_GTmAGAhpYG+art4kv$H(5@KEJH2cRX7{livnB z7Pk$AgwY5kJw4JDx6SV;zD(co*mAoby(V)%al4)X0WzUYa?m|}@zhaQSGW0ULWW_c zM5jfg(Zsr?Z8A^3cPNQ%(fbwj*izxRD;F0RN6OBQx!Lo*3-E>Y!^1bR{ejWZXvJTu z#1~vwTfKotZ~-g>aH})$bd=PsbmHiGK?n*8nz7>#rGCJnjhFT)^Lg4N*{tX#b}SH? zT;;Hy{{FxSduLOrf9vY@{Cs+z!H5(k-+~|^r@9$ml9OL--mZj-5?woKDZ*@+g~3rP z{~KTO26ulAAO&U(iuYwm_EDeFy*n0E+Z*9_eG zhniZu?q#mstfi_6%6^!#v$L=L!O;~pH>bhCzyMMOU!Nau4TqCC+}49|n2q|-o^IP- z#WXbVgOLe>->11ju6o}Rt$3dD1GBc)u$vYjYtpvk?CgAZsQVfoPp2k5s8Qv1Zm=Ik z3lGw__YPV-8y!?`Im_65*7*j|Lm}zux=n{EMfv&d1Mzg| zfQu)wnSR6+Yrb9a1cpbc#@n4Ex2Ky?f;|g0mMk7uX0qu5LAzG$ zSD6fVT9&m017&Kxqqzz*Gqd)l)7FR&C-qRgsVHEpD=H}grS`~PVo#(j>WyXB)jttT zt)U6JJ`GCOHm6l$-U*A4Pq`$&OJADGii*vM%Q0h$>hlIzFrVWdA~n zdx8Q3+LH*{2$7LDxb+=~VO68Fri1RwK)Q)P0D*j8cPT^3&kiMQgk|Ge>Ui5n;YfU3 zU^r@fu(z){Bq9kr02~R@eSMg%-%axbfxt`MALdPTY-|7!g!KR4d0Icr*dM)C2v zStO^YNAi7KT(#TiM)(F45J05xkaEAczxqBO>ej!$JTB5ZPUS10L1!*|STEKh$Hc?{ z6aml6>u6RTsP4Cag`#F+I-TH&#A6euJv}UI>*)x9BMT=tV#O0x5S5cd5sxDN4phIl zwzfzC;|U83rbjTTdIvK=+ivqcw`MkJ!YFF?)~c=nS^rNRe?DxPV+C8U{_WxP@Z^kU9yKu z^La4;#pkYwcm{_;7#aYFx^do1l8{Ee4RnK+wouG)d>>e?^$y#JCL_PXJWpG2{94E= zy&qkE3HlQI`1l-`+7c7C0^XZnSlCHd*6c4F0BprKFf@$$@x#Bx^VVQzC~2bh`ucjV z()bPVuzl?7hm8oPvAMZD4E2Y{$4$Whf~PHx&vf?b78+4g4Gau^dzNxQKtRAFAlT3M z+`Bhy|I}Pqs%u%5X&&{IvpltxI9JOs9odz##X}u_M`GNC;4s_9omy|DBinMr!UTGVsi(_ zg4b%tzT5(@13pjZpA@|@9q&K4;<2OiQ*q{~poq%ft9F2ipC9O{vGG;XzG(Z);!mt;z{5F|aOiWDwVyoZn zu%yoJ-eE9~=6%XAY|%7g(R6rYVDfXk7( zdWq^U9!GHvY!Z?v@O*(?TpNU=-?lF@rIvUz06GyD+OYO(|p~&_w@X#OlrsD z)5G-atW4Y6V%4I-#+entl;PmAwio=0iVDW`SP2quOgub1cx2=tS*ot321omYDH=k4 z56mW)&%&{_&*ggUacRfaa7di&!r*Z6WY_6gpXH0vq4l zXvK>L^R+LDR?n-q-7(JD#C!}c+QNO^`b&34OoG3^v^JxSxgbg@ zu_!oL>G*sYYHIs)F*_nmycPiGtgn7`#sH6S^a#;f1xHEUcTE$$s{5_{+TM6Jn3a^zJB{ALXg506exrY+H}Fc3>{ zh)wy)1&-tgYHdGscDJ^KGCvCyO@sXaFcWhmF@HGV9)4dDD`?fGSw1| zAb!uA`rr6&5dhJaG-m|aT@G_?&bGbO4067~rjLFh!omuwv7D7IyFHqx*tQ1tQIXNm zAOPSRTbixKD50fA=-}vx4tSPG2ufx}1v>DJrK2L0udi>hMhzms*LyW>TY`pDxD2oM z#uM30QDBkrr`8{K3JVK0tgV8BgKO)Vt~~f733>cyb$y9kSKRXk8-ZJ}eDAtQ%B>eU zi#6*|0Q^W~H^(p;Obj*)$C-3xm2D_*8nNFA=D+D$A`#EXL@)Q!`dYKd zXmFQfVb=G2{I!X%-DgQJ==n8%8W|q7p>?T2ziy!71}8v4VcE}@xWWH5 z;h7;ay@uSd;h`~dHU%1Xq0AcKR}q35AT&ZNd9_A|?eM`1K*oR=eD7i5;JVD%4W1va ztp#45j%|JEwsk%X+UmR~At6y#RtA;dhPMLjm)qqC7m!XRrN7dY(*S=5qxV-RIC9#7 zG+I@F97PGfs1Ga?0>m8>67p<4gv5oX{q(?j!i*gp?kb!QRTGp^Y|#O8r@ub!o}Hfy zo0(DDG;CwaL~A_owwp#a$WUy+s{b= zToncgd3v3J2t+%*fOQRk4H|Aw=e_6myXh2cY;Wn*O1q27S`l*;=T9DX`~w0sn^*mw z`CU;OZ7e$cVeW=)eI^e~xdGufD)2}TI7xIuLdejNELhwE4)HQ}a(_i>y&NJ37AV1} zB#bR5(iATMSB-bLhN!N8Nxg5G!fPHaTLqT8c3L1ui<+kA>n~r5WUil@v5ASH0DIj4 zu6A~xz`@0xD|lX<95;=4$ZcKaUwqSD2&4i)B;Gpvl}~#5SX(cwNCaLbltjcw5$gdk z-$Jp^CLeA6sUg$T3OjrwRXVPA9jWhEUgl~SEKaXcRqJ0^NHVd{0>}`b^gXs^^i%`IuJ?Pd%hE_pPoi7+O`qFz`&T9)w{F;KS663aP#KCJOeP_1$?(` zkp!&3Ao1+4;@RdLTmUTMfVJvwx^Lveg9p4nI1@q2dZ8f=Z0zuc&CQKkvgRb9rK8g} z>9haI<*+5mch(NY?X-v1dcQ*eYWID)B$=9?ULVU8VaERs#tHy)&i3=trN2jvgolNF zO;0BQ*6c=Qb4CUTSe}dlBB?tgsS#^yU}BjqV|)$cPb!o>t~Xb%4{XR`@b_%@84gAv z3eOY?A?ICiZubxsg=WV`29`83fECS`BOe$K%XC`8NuJi=>hE__&H>H1F;$=h=0sWo z*~7=HZ6u@ow}fDoaQFCV2s|b6gDWGzp%j#r!GHqRE^lxc>$jfLKe(bKFlt*|x7Gt> zBO0(eI4l9|HnrO8a%Xr#_FYFu2iWOZj0Z3QiC#DjE2=v^$xZ5X>efjn@|Z zmU9cZ{hps`85o@JKPafHhyMQk4#*(9?kl%^xSY>w4dK7DLBrmPXt-SsY&&j(?pTF0 z42Id5WU@Fblc%d#>wtidd(5cpAudmEQ;rGeN zKZB-Rd7W#OlW>=co=?j*SbMV{_*MTq{BhW8twe7 zJCfve1+PR%)do+IZNzY3?=!%H^mKh-U{|($m*t^7V(mA3^nqyZ25kEayW)RM{15}0D<<#vv!{8wlI{|faxvo2KE##X>;cjHk$fy+&<6r`je;EwlT#@^h_H}s3=tv_k? zo|GarrrSmT`xcAO-fCb`>%8AU!fmG)K|BVGWy$yTd9KP7)#oBMU6O`iM0i3eS5{b6 z6&q~I^{$Xj05hzAy7m&et^p~4UH}G7!5Rvn#o)W1o}MyPi^j*s#!fs;nMx)DPz6H4 zGWz;pdcxHB_GB4gxE+AQYL;|e?N8bRc_lAkx+W^Y;^TCs1y~1AC#{b*Q&UrGz@h@X zxTbgE%q&M6YU;=@o=uFYkibC6RnTe-;P4~Hyq}U}XDsBOzrW~gc%Ky3*48S`woq8N z_zK?l%b$Ux7C1E&i17C8`F3@)<#weDpvXCLX*Xcu02YzuCd2qodlG^l4Gk$=PFKDI zsV0CA)PC`ilnkB9oSFy18v_vDwq~Q2{8K(Ymp^B-HoMkC7Q*||rxJzn+&0`)``mq@ z6nHAe@M&!?fr5-?m7s(iQrAg7B(cp*Qv= zJ`iUt;sA-*b=S5>qL-K3w#`)66=8scf|F46K;{boHyFK9do4hOfr%!VD}4R>HIdaA z5s)O4J5Gr}-Wm)DoYo6Y+Sm9%c1%%GvD~m1#cH7%fi($fe0&@niWZSF6+Ga@i09_6Yb=Wzuj(g-jwq2&8v~<>cfNAiY3f{t_om z`Eoz%y8%c*TxLBGka`H&pUkUk7zG$5v;BrBA)i~hjIn#bjyY46>8Oi4=E>EV2H}j@By(h;dw!~`^qM~a- zI6CbB9iqHO1aET#qMmxuBpu|q-VUxN?-pA5U|zqii(=XL)7yKO%I{-*%{ zX=P(~AMq-%e(P;oDP#@Bs#o4Wd+)b6<^ulpo&tEYSX!y5tGSt(kd#zdUeVw8?57ML z#KPsAoT~r5SDykXR)CZ8TVnr5P2snu-@$rT$g8BlXMb+!cF zaH_X`u>}&tz{VM3o8ykv7EdlfQ30eAhzfHC-hjoc<(WAFQL zW&ZTI`U(pIa^Q81pL~2;2OEJM?%@1w5hA#CQDDcCq7yg|L_Ghu5D>bsQwtJgWGwyj z7i|87V*!o<6O4p6QSi?eqP>R(hW0i<)oX4|y{Dog2eR7$981c|I(^~tys=sW@&G5a zf4dMmHe9s_??1M~TQt3pDhB?C3Fy}{HgC>=B(|?10CJ3jFE@2)kjtq>7?aWCxNNaVx@=#2j_iBQAx=*;opDbAZkPPR!rfjG=NF7c4+&0kg07+ zTdbxqGZTW6k`lbZYTV&(jfO8r({$XN_tqQW#ID%D>-4~}w?phDZ}_iwWVn_W{xQBN zf5d;POaFdt<^Qnmf8K1dU*wv{P#~d-b#H_POq=3bOM22oRB@u0PE2R ztRKhz$G`q*(4D44^$mdJC#dcuuy@{4?u-*ZCZkQSox~o{bgFcUF_UQenQ@#ACT-kF znm+rGC?+TQ8##UjywRx(QL*|nm2p5@tL+dV-T1X(EiQ+gwL!td@f9^vG}M{Le$ArW~Djx9}4Iz7_F8SI7baA8~Ul` zgVbH6N^1&azC2an9q(Wiaaz$!S{HL5WH;5$lI!692}*(`%tb(&^ig@dUJ}&E9v?F6 zVKaH^-0~{SEuSg@Y@6=*Fqb1_pK2VtZWYKHh|gUI7uTly9D?~GZ`p@a5$K{#Xc^X~moQKvtt;}|DVhJ_M} zkhN)ia)fyG4SNmd&fg_%OdSlU=n70O<;mp@j=#LVYY=1I=TmdyYiEkBVLL&Q_*62quQ&`91) zzVC$2kxU*t{G%3mNh|pm+x@%Jhl`{g0p~{TY2#a+ZS1~xWn(;qpmYPikDX!BMR#{P zG4($v@CW4zh;_^wM}UmRx=bzH#5N_=)8NMr_!P6Wh(jowufJ1sm32>|BYOK$t_fR3 zSYqGV^oGtOOaw{C3Jv7__@tMISkrU7iOKeElau9x9P8U(UQdenAHKAoOB)@D9=|(O z>d%p!V=-V!5p877Q8)zh9&tA}H~TzccPK%!kWIB^1zLDfhz)_CYL689DJv#(^j@D4 zgPh7s`5U#8bJ?ng@)U=ns|~x4xC^vmFPz@|K4KRe&55p*LPm~oGj=EtWyVO7R5GKc zF8f6hUmk|MoN51TKT!}ZV@lmHm6yDQxVhC^#%{$V!pL^Lk3H$))k8DsKqW`6*->N^ z*2@Ona7n$Z`0gn4L5)ygU)ISAR7Uvi24z~zbm{3X?s7k4C6edm?G&;XZIBa#EoYeQ zR}-$_X2oDPzEAxyZE>A)SizV3*phSmdb%y-G#{j>QpjUMx#m}bKG_oBe=)tFa4B_f z1AXqFd&kPdTHtoJXcYWIiLO^2=|dX%>>P_*&iZk;l2K1nz-FVKcxW;$C|nkx3v@z>%41|r^PgxZ<8=IKH1HDu+Bj5Mlq|}`6c+=MZk!`Wbb@-y_Qpwqf zzeSdW@-q*S_$?965=N3yv(Cso%?eG*NaOa_rh0IAR{mZlb<)M>h%*{fYkCn86=kQv z(pfAf9AOT_?rbu4G2v;3jeCrHQCty~&&mOIh02zi#u&N5SP=$Eu#LI;;%srf1++FS zV%A`|BJi7 z42mQAw|`+0LP&6T3GNcy2_D=nSa5fDcMHMY-Q6w7;4lg9ZiBmXo8LL7>O57?|Gv5} zZr!SxsevG6wsjLSGqp7AnC)=$kLOC22rP;+4D(cUHt4g$1+PTN5g*7=2c)8H*G^`E1i29LW)wUw^>j;dEKwy1bqMq7+toiTtkSgca73PT!56Rst+8GtZ*sbg$T4dhNRrhOx3*JXx z$t29PG|eu7Bl&o1i=IiSB_^->N%0s}hcGj*y_q(sB%&)*CojLAcm5^C=_az0Fte9~ zYD~T+Hof^K?B!>mf#)7&t-03oknCbYto&KP7^S-7ZM>Yo7MVi)RW}jGKpV=7X$NtZDcU%k!>Sg~t8ZXHzDo+} zsW~=Rb1|~Em0h=1OY|JJkV zO-1f+PtmkEZLyYaIJwmf>*mSYc-s1_df}@V%{)e^N(?iXES*KJVyOdrvlzkPR@tj7 z*yEPwcE^_Ntdi*16XnM?F;h@d9K@!q@%{%9hiy3_8Nf^)VDmORg;ixf3vu7Nz+PWS zCFs1m)aE)@&UaWUeELf5(KZ`7JCkY9jgr@9S#M_BE^h@vTs)7FJo2B>g_%);6(<6CB#h=R8aA za*Y+-grk><#ysb(nDzN<8%)U32}Zi>O{7Jm-qE60v6)u4>{axH>l#OGSD}tog)`L5 z>hWe*lS{3+sluK25@%S`4F15)st`%pv%%hOW8U=yBbY9zM^#nuLY_N^LZr*0BxEgWaGld} zC5#n#payC!{q_Vzo=3Gb&pupKey5wQ0wp9zDtNpFY&!oMl*#kO&+y0lRh}P8)`JeH zKW>BxDX@_s%nYQCjb%&u=h>ouhEV%ih}Sg0?Tpy1@=x|j2qA+csmQPey3lt(Ov(-_ zf50d|YJ~n2iP!&a`2_~;@vhxZB>YQxs(m*e5g!o>PW<^QT=b({4_iv2H!3L5qXH+$ z>1>dfDpNd6sSKF0}cX-2`TnC>hKX`kV&x+`py}+uqO&M>R+a$tw|hv_V9zX8>+5^`t>; z$q}sD946!h3FQW8v7z?xFygUf$@RFjY5^)5B8qGk1<{%l|E|uF2EGu?TE0f1#(w*% z_nvl}m10aZEhRS~4^@uhGp}ad&Z590qujuNI>M25s>7niB5blF%(7iT0_HZA(Nfet z5oWv@eM_Xj`j>e1T4jzRylom(f8nYRBA{h^JN~H(i~*^b6oK;%dw7o84oRK`KHuNu zuM+BS9kijJbDJjBzbO*s@(a;4(4WUH&lD8#d7Q+MVY*9U{ODr(-bNJ*;iky0_DZGMoz zJPFA`P*tS`?Q|9xr`yKOO`yc0?^G3kJ-N`|hdf6oVVf^z(15;#U-DWdVEkHNUoBiNG;ei+GHMP7!%{WZVaI#kEDxm_ChP zCi*~^;xmYBDl>hTP}UdL%eQ>flAO!oF_96Nv0Hl=1?ae5179%0(K?4<-Bx8EC8B>b zxREP!jy ztITve>`dR=yt82DiI5{t?V%%Uq1*}pRo6`C(0l+&rg~ro-$KW z5+o8&^!ZJ0J-p;yT3T}7j+3CgAC2>xlR#b~|Kq1lk}MTZB1X#hV5CWsKC&T!ULcIO zuJoM}g3K44E@$>+ZMi|7dNyRurlf)?h8!;=268#;3M~!_8)V44YZ*WoHo{^z)SC`g zvJNakfWgL2|Nisp-2DnHQJgWj9UCprot~G|FIf=4i!R3~H`1=agKo7P_Ird)+unWP zYq?t$Y{W>vGg-^eGB?ENaaVh77#&yz=6o6hizFk;$ke*85Nz#uCc4RUg@oazte%F3 z++3c26-=$)x|tIn5hH-JCgxL{HWT%$s^KE4p9FBs)uNK~yJFGIa_YpaX{YXY5&l2Q z@h8ImIG*!is_IKwYpbgA+14?ANZD_>Ysm`1lt%gJRs4-7k+QfrOfFYGCFUk}Z@onE zuX{Qh(T+@%9aqeW(bqaf(tDJ9VHjy>IK}C^X-=?HeN|*}2+qoANt(E)M2M8hQJC|l zuQal+9ZP=F0~aQ?s;c7D6nl2SKZSU2SkS*Il`}%@0jb}SMFFN-N1sr&`i3Py+Y)n3`j1c*5<_*c@h$68V z+DaT~Oydjc8ogBm&>;%in9F5EJ|&~o3}@cN&DsUq45m~%hCNHa9wR?u)X~dRs1!q zB?LQK*^K$0noA;^BAry*(L1;_4!#Qkr?2_zTig^Z3us-wij`^WCwh!-XDbZ9WiY{g z8@c#?&L(UDY4X1+Iy*9 zxW=hP;kw7k{mzndlW%5b(bxG=OzeE+p+SKaO^B}GJC=^uT4BO))a&bkLSKIc+<_=Z ziDj4cS3)YCs~)B}IAlSM@-mC5ZVt&&rs8nX%ajGa@F}*{!$cEu?f~CmH;j12h;JyO zI2za7U6kMyNm_iWB*iHalRj&M;9rEGQ4`5|^KX4o{ef{=gYQTOzTn0Fk|`R-rODgi zvS%@h=P>{FPejz9k%V}>p9S9Nm`jdSmY#rW*LY~qTAP@y?@tqzpvNm9=cWVPk~5xM z2VAZj0TudDd2EEuV2veNe~58zk@CDvl*%7cJXXoQ-}9OI9i*c0r{L25$PH)QMTqqiRUJ8K+52XQ0*&vI7NZaEI*HxlL5>xhT};|z zGM&QYEKU&MVndOMi#j`>rA&>*?}1Y7I3U*-ZS>RWe5b&tik3BjLl$y%ad|Iue1|aZ znAN({dvzXBfJRZ_6fis%W+~p38!oGN-?EJ+*)e~1sgNA3M~=yaDn(KB-O}EcSJxM=UOsVj8#91uO~C)VRQ*SveFvZ#W;6kwJS&wngA1iE*bR6@8eo z*&5sqRQc`XtStM-Bvt$G;I+j+&CU4q81hbu1O3g7_n)Q74g;_v;)Vy9UMS#`hXGQO z>M2{NQm6ffWmmi{VH<-`^7l4_hU9PZQf_x2H~HVT;5c$%PV#pFuIR_Rw+Z0I7B~c@ z_utbdDEGfA$tC-?(=p#x9`MTp$NXRG{vwb{oKZ;rww3txUpx5UYk-#j*H&plMt)5H zJ9v{7&&WWzGGpZlWC`SQZKeJTKjfBYp&%s9KB-Rj#covf~8}9=nG*c z&Z11Q2voqUWrj))iRa#_zJATNI)EcXG`p1`RS)U8Y z76BJ&%GzSUbvVR*J3dl_#h~-@$n(OO$77v|s4KWzlih1fBH?s-VL69kofW@ouQ!&u zA!>olSH=e#e&OQT<;1$vjz9gX)+Q-g(YeN^SLwwD!h#gTI9hnA+3bQF>!mA}&1qs< z6=qnCd~r9qy0NCqJq}fGuGg9XOKfHs$k9IhGH!5QhgE@y7whHqPMUK0_16A&YR}(w zfBu3JR;}rL5?OE5p@*j9kMCr*MOLXX?NYZV;$s@olDpNzE(4#Fa-TYS<1rKCX27*W zUY7;h^H`AgpE^#7UF#Don-+5ty}KhszM4Z?E}eVhx>5p6y}k(0XUk}K9k>HFF?FF> z@*0u8=W4y-xDhplKKsoi9!h?R#+oht!(mki@_MAA%rAM48%_a*TmyW;N-%S<7?^zs z=t%e_P;xOwMNxu>>JhkPxa@dc=hP;DF+QU=i%d5wjh16apc60JR}1GV6lmL@D^4Mx z(-91oJP$Dxd{1UG2*(lcJ1FU@*q>p^%`@i-!KAceJ4)7~)T36i=kvl)Ss^FDm3x&c zQ!BSxsDtqX6yRE;VKjleUSu?+P|XH2Mek03|93AtdN09%8vX9fAKA;#^Q1KtAgYt% zspKyzZM`Gq0iTE0p>p>7_2lj+igwr2U9bePF`(6E@VdryKQDFf~?OpP{K3x_l(a2@;3;_8OcK~rd!GF8VO1V}nmzk$P{YEaw0K8(Y!2q1V z^MSl0FsO;qI0Ya!)2)2PX;eVe zry||QZf@RcgYy^@q`16~lpSsLe5b%az?9_^S_PV95nPz)M1QvW`K$ZBOM3E8u-8WY zT;A5@Q8ny6o)9$gPAZf*gaP97nPYy9-eQ&Zu z4AiUqw8FUtT9Ji5)T~&tgHE?05(sZLgUjIKxqf~bh1B8&G*EDk?@S9Nhh}lTZ)VuS z&(`Vroevs1af^%rZM+_9PpJM?)t;{#@Y;GQq=%Mk1-V}wyd(1P;t+h!9;LbiyCXgQ zE9bj{)K|1Y@VaU(7@?Vvem^fj2>2E!ZYCLVkftUHwn`mPP@b1g(D~{thD+A@sn^=M zBkOMoeJ=XTpZ35mFE8==9z`BL$#sQEdVu_ItV*X`Vv62sryIaC|L5u9X3w72&Q4Sl z?xQZj_W9m}yV)wA&-uNWA*XX|>*?8?pjSM!H1_2>cCvk6>Oa26Fjmr4yFrlF`WQFTRmXU|pf_UDs_?~b?#}qFZ&Kl4Vd(UiXRDY9G*SX~Fi@$3QZ zxtj_V=qGet?gh{Xv09C7fS9pb?MO{Z!ipgloQU;(G6Y~VE#!6A)79~}IU=7seJq9_ z{Q$Q!30#h9@}~dD+)7rLAgi4v;XAiC@k_-$3-D1a*=R0E)2( zd~VN>_z|b9tPTL{->gSn4>Q#lz!jd;b+X#&$?f~X7m7r<2|y_uilrbsT%(-0+VJTApU(Z(q;2{J3GT`4tu2s-!zsDu`b&DGWeWtrP2 zKkOn9Q_-)kGPA$*2u}L{(R$Kq3=ZX8a?eqNKha?ih3(?)kIz5 zW2eb*N@N)4&D|AicK5^6^>X<;dLfB3jeCR%Nez33}$Jds1FDcfZ~%L<@tnBO9^tS+Hp?Un3Lru(ZB5 z5{MzsSjq(dVaJl;gFsyneiPwly8LV0rp{^gTw~mQCWyyzxCFk0X1e~f?62fSygug| z#Y$;wdg*$YJ&MqiF6EAKQpz^%wyTNy)70h#SMd#ez3%YInE(@M-cjGj4aF>v4fI??gbX0B@u8FV$-F`{Nku9E@ zzmRX*n44#d4&PlU+_UpGjk8-XNql6|W}=F_34To7^%h21@2gXluCZ{}l1N09e>n2I z6YDcs z#_`Q_dV(9Mi$tpn54P09`;p8t2 z{_{zm(nxX2nNa853iH(Wcm}MJ6h(x|-fN62vy@-CP&{pLKE1uyJuMihV6m2)Ma$OX zrkwL??bhEQV&9B40N(K0M9=;SkQ{(bHjYuzpy%YWf0EB`1I0QUSVE}Soqu)1_R80-{hI_tamW>C- z0*_CCqi>r|?|x(eYp0=n&UxjVI{)8$z5#`RT*^FZytXRVhY*E-kSo*>$nkfN~-CaK_)74Z6b-J%G?+*7FUV}0O9AlJCCmfHyCz{@>aZhO5XmEh_x%&LO9H*L6 z+VLTMveFvO2)f7R7cR$irnjgsjyCYOKK8hfjg6d;` zMnIoASr>kjd&&hnF=4Pm82!(Fw{Aiu#kXmst50OdDb3VXoqMGz0ama*<))tM{(co4 zPlq=?&}R7VvRpMH6eOq%!i$k$J~zC$wz?P`9qo6f9a_@NxcKrI)5Bu@QbHrG{>L1t z!w0EBtilop)mF1Hz}LqMQ?RAnzC!fFqum9@qYH7LKF34!r35{(?W;T?!S;dw!t(Ri z=xzeT+T?Xw6nwQGDqPp+8IJY2Hk(UOmCa9LY2KCI4gA*K0lNSN4DG6;wn z!ZE@Ny_cWGwGF}NOaWCj={9YjRaM;qmh#;`1Y&r9v2(pn^wy;*DT~50ytt&$j^CNg%o zYM#bEXDxcB-P0{;bX$=;q;Wra#Y&uihkR&mv^3ACDEw;Dy1qb#bYb;;N!s;zw=I4q z&NJN1<2%_LBG9DMC+H<@cr813>9)t`Q)lQ0V)b?!&jhu_YLE8a>Wv=WD*5@k`7sGh z+d*MBoCQ}m*x&MTF;B?LWuj)7a70QR@BN0UPmNu_8(ze&0x5e3sKymmbbYR963SXW zJ|6^C6T2of8E+8ml5x2>WMGQ#G(V&B$a`l=&eWG$BqhJ>>F#y&aXz^}>s9U6#OmekL)$qzVr{*QkO**f1zcWD zq4)L|yrcYK;P0cjvz_UU&f!6BhXalkta~zy>7lT9r-&ez1s%@wu_7=x(oM1EQWK>X zQ?ZeeAUaO5yjfB+41?DO-D&w6dn+w9B}u+$mBt{eFm)mtCPH43RPA(2o^g!1O>J$>45}1VuNqXGM74tJ1 zWAp^PCVa{HptR+l>&*8DqWWXEKNtunZ-o?b?v-I0lfon6{4ii(h}V#tFq*8Vh5eNT zL{KrunLmeC$8g_mY1SEi252X!b)bL@;G|AtJV5<;b9*@F>x!47o#iRezbLM*js@HY z7rn?nzcP7U9WJ&dk%$Gf^-PD}IxSR!_mV!><$C&Qy9JjV4da8RA3_8Gko~R4pGyt* z#-J)higcLvf z$4i?mD0Q_<8V_ivblVZpQGVTAX0gS(Y4sSDdPfT;tRINDZ4hS;T(H<@~XN z{nG7XPQv~08X_UUwXi-v?3iJKB|XTihIkJHjHusdq^j_zpT$g(U)EVw4kB|P%nUEk zTY4#UBsK3;BcE{!@(y3HOIJt0R_S9&V?mit#5#WEvszf>=xWXlZqA16rSsQoxXx{& zLSoxrsbViw?)f6;=r=?%Okc_Jqz9e0W!a%A#0jJd)+F%*dusnGa~d-0*{Fitw1hLy}8A0 z9C7~>$%l=I(B0n&lN&G!jV8k~_yD6)0zm;6vu)s{)plKRhSGK%XD=xm0Xoow0A?ve zjgePb8BHOb^cIq^>UAkAoI91mMnAgw#%K#ZE=;<;KCTItb}(qS)O0-$M21d2P|0T* z0rYf3LxV!48aLn&YF=@{-)(@HQI^oF%8k8~u7$GfE>q^@F&!v1P#~dM)p23^5>C)-*BWWLF<`0s zPRnVx{;+7FX72+m9%Q$dv*k8a0!-Wz44Rvr)n5G5mKgbSfhB8o>-UO%(ByOMtcRb# z>PvU$oZ*@#*R!zTMkt=t!}^y=BE|bZ!+(c;&vy;-u$ z*oag)v2+>H3WB*Si_uQEDEal*bhqF?v*)$#~$98t;}_ z6ZzK=0;Om9X;IZlrg)${?HI{*7XPnGBxs{ z-YPkOAwCtbmpqT9u>-+3x4^lKtLwG_1H6MDY&|_axqY7Q!r%i*fYQz8dT*fDIyCXm z*$Pd=Bt66qDcm{ruh$!)I-u!uN#!Ya#ADKGV+{8BlR`@9r-K}Zoh6|>t*Sx zd8@c|_Q~JCEeh5WSdwJWB3~SVHNE!HPq*TDE&Kt#u(xD)Rp`ds$DSXG_ipoRR<>(W zAphxEeDcqg=ebx9lv`mFy_PK57Qy@&=lYK6q7sCeUj54!Z^ZltyHoy1_lvU6Cnk=! zA(nSjS?`EEpO6WbYEm#w<`UN)|?I)a$Pe87_uJROnYp2a2J^C zu_v6u->{B927zs#e;DY3uxz(aZUz z+{2=P87oyAP+VfB4#vpr?G*wNZ*05nDF+PVc1DvOZ&!MyZ3Thua;@vB?pw_R2opp8 zR;ytI&J(+K{_^Q;bcdy~va+GE@tqw|Y`h?TJtwBuZn5hpcoFAZbtCh=G4&k;oFVDE z5a3$ye!k2Ti)2QC1}?fi-xt#uLf(+FG9YXv6v)V}1#&FDxQWPHTGHt~ZDK>ZopqAm zY^Fym?bxGrP-ouRYp*Z2fHyngZHNkZ@*)IZF9m(EDY%~l+D>3?!KEw4_+6ebU8kE| z6D7_2QDy1qGfSwpU@(;qllNpV?sHvz$`Vg~ zx}p&)&j!1Z{yMrK`Pxr9%(6!ft*n+^T=LtVA30Lpm4825>5;ZQzfS&n{`bB@*OAbd zSaYJy{Bw~!__<%d4U)ZghK*cZ)=6k~RhRqR7T2A9ODXs;=emE$4LWZH%JB;$NssKa zI*3#kvzB+OA^{+u8ze#Z3uchzDgW9KU;pPlMb&Gq zHa%Q&pK1C;sb8MUSu7txucG6^nL+w^bI@)rs}3dwTL`Mw4HEb4@a?GYbl z>u<=Y(LWH7T^?27aPdr!-vF_(3=g~9G*Rnd;oNUD+2x(Ef}-?%7uWuGNCQ?On`g+i zo1e!*j48y#W}Jj;=g&OPR3lR=6{r)aw*x|BRmXcGLaNI`t&j=0dVt)Mq2CnJEzdVg z3pM&8-f2>AC-39p+}#e7?=TRmlFDw01z5MXfsiQNuV?~n!rc}#b|Qp$!*kBwe-zJw zK$$Zj8iR$I`9i1*8WzcJz2{8%=Ue4p@A**u9;kK5a8xUB-r*`6u+P6b`9_p(cZ~01{|O!Pe<`R&Cy5h1J7-X@y$|&t#hTp^P8t0z|cSeu0Gn8nh z^3X`s8^GSM^580`B$Ezc0IWNG3dABM?!p5onc%BLOw>c0w+ECX;C;f-O#xTOhuM8zz{9G0hhkf~Q`@2uR z%vhTj@Ki>RpddnF!ulRktUwb@`%y8eG$LXa%S^NZsjy$UI^ORZ_BLrg z7BL2TO8$On7=n7$F?SiU8wQbW=V3;;^ffPhGU@0^m-teI+kb)im&7iT=EyD0U_b(X z;JfiZQKvIU)ae3w(Q<_njqPRn4Y1Y-=rgDugAj)7H+g#FSGvzKd@l=232LxXFPU1!FBV#(EskOB&+=bCQLz|p;7xeG3HOPR{yz00={uB}-%zu8%}&GWk;h&Ihu zOn&Zyos_6zM{Jwdzu$5KVOBI(`ouT*{A>080#U!Y@K(ZBeQxP2|);K4LM}8d6l@Yj{}V;*@-is`Yzda}t9C zYCq+X-Bpt#L+6y2mdD$>tC*XGGm8E3OPd5Fl+AD&O1fg1H`25XKL?2Q5-c99# z`@$Go56lca20?r1F_GXv8)h<8rYs6q66GtSiW=Fa`p^z!iBqLJca*rhBEu^pqdfl} zlYl{rv}_B@VS7}r@<>>e6sxUc^B4Jn659Xxev-fJ07jQiRjb7XE6witrY_ZrwOPT# zHQ})5Oap6(c&(w?%xa~9_Yz=jnD9}oyouCFKgF-8l_yn)kz~MN*aF{N*u}MFjKYie^DcS&3!WM9)9x1!hX;8yM z?a^F?U3r`?7KvF)N;jK#Y(NlEpfupv`@pT^U*bKeW)g>ZJ zh$ILHqn)D~vl7xAAprQAmMCZEnil@IGsD{8H3#KCevlg%a4nrileb8Di=(9;!w#W= zA>;>mhF4`9BDR#NWAM5z2L`WFo|QzS^*r0>8w~AQ zj^3|5A!%~4#(sni^=TKg zT3VobvqAaB&I=?|q2$?`ChwPdmz1erz0ZtpyH*3x;Mbinw;q}i+4sfG$@uvtg z!1P1(vI5N48b7{xtUkEfVCt+iUf>*I^0qaFovebnt0SJ5n!_p^y$;wv-5lN{Bv~IU(xf$P=ZrOT(5IJFh*s~f)~S97Eug(|wMErgd9(!O zs~^p`iCLBI=;zfPE`e1?^_;nob$CT>D~~+zM&tngODPU{LAQa7?|!d7h23(0lAL{D zuXn{suv3!gxk>gGV z!HnF$&%!JmmLbJp6(_aGp`{h)irV1jBFgzu5J6F=2!z4#6ZBpY5;VVvhE9 z(pN^;5ca8HV(`n5e~8(FLTa@_WsM`vqss{i12HTM`VPWnDr`yjyBrk|BOferjicJ+H45x*1i-M~*3*3`Nw3P z0c6t?D&r=xEYO89Dn#E)D=RcGqoQYw>`OdhRG57zOv&H(*Bet*Ar-CMy;o9AG^iZ{ za61sarL}dT2E9R=NxYt}j#`yAcWL)9_a8x@8$2v}4V0%+#S3(Pic$-lHX!b<4Bw3Q zZUCWGeJQ-?Z~q_EBc}jnV+WYxn|v(NVft_l49E&XDUZ8S_=oVtwFKh9D?%ybULYNGMl3t}Hav;4_5v+X!l}Zdx{N~uPyuQo&?`3; zr;PZiNSwWLai}dq-%KdYO=X1fhZ%J?t;tZz)m1ut^2`(xmkKRyZjB}{(MJ-)eWHF* zW7W}i)ISRNjyoHzL^)^?gKIOa$Uq+@9_VdqH>hzOUk$}%2{6M{ZC&gNiYs15ucc{h zbqwf}Mik|G5E1y)Ns?Ujn4H28t2T5pV>g-G#$I*7}|Hq)QO1@fPfD)-iE~rJC7S55G zd)ms_MTA!?Gsix}+cNG@3FQ;dpruG^5u^M zuo{oAnDkZx$sD)+dd==^M@(FjyX<&n=URrdW@RC-klE5eBBvt`%fAy-TInMvg_d;o zG*Mm;`Ggjh6ROF;%Q@ZE!rA!GaT05+Yif)!>Zd0Tj7tmV_irJH37(YvGl=LIoS9V< zkp+YAB+|c;g5Fu$_xw1b__4YEC^qAM;a)R2>>dVr60pOS*O;3l_9mP5W9c;y(gr+yyK13_E!uea zLaE67uS#Rb95;_dizWfKYy>r zh?!K#LRg-KUr3Rz4`}RgO-f`1M9rrN*wm}s+&W?3F{VneH`iCO8>VuVRn%?lpi^cZMZrk8bv!_5^4Ui znI~obltWW+jIPgZt4gMV#6vO5K+i!os#B_q*zgaF^hu6wEXwfcEq8oYrhmE%6bbIRhegIUHt;yA0SI_7G|?%c~fOu1!d>qc*FiY75_ zs33!-fJD|d>^38o=*~eiY%cZjImo`ee$zx4YK+5Q9pzSOkbO#J+dkQ?@?8ZsTh!LC z`TaN~<$yN%lmxmWmJUB8+-El#L^d%grc$%eOvKx%rU0bfGfbAnJJ*zw395TnEr-|2 zpD8#hQLxbB#(@h+`%jUtLRbUa#$u`n;eQwd9h#vtOCSffvvy|O?D-ohl9y8oF(FYS zOQ%jr5CaU6kbmY7gYUWv(m=$D_&<)KQt@pVt}5?QB^m9xJOZTDYPHhQjE#~XUQCmz z6?sKCMFsi8n5=!wKRvEd@FIj{cv6zeaR%`yLdO4yRTr6;M4*Z_J_OfjZ8>R2vJlJ4 zf5aQvoF$R!9&SowvC=Nqows4b6l+!RtDk84QOd}&>BP0-a=B!fL@e`#bnW9|@0z4s zXinx-BjI4*@BT;}a-Bal!KxfME|FiPYFYz#*J{kTDLRwb30o;iAxtK}TtLM$bTt9I zG?T5tb7Y^r+Oovf?95!3+~nj`>mS^FA$D!Jn&^M8>7NFBTzIeIXFRK9>Pe61@3!#% zT}#%T;3d~GJUM+MbUBzO!NjsDmLQPvct6J$^Ep4nhG-M#<8wQ;7vFDx7tB16TLcKHOxEuqNqfs9Y~$@bt$O7XKJDU5np1EG{JaI&uvf=l z`)WjZo?iD|$UHI=2A$5HUJ59^0@Z=vW5q(hh~~LXmeXv*>HT4^9~<7(&!4SCgmW$4 zhCkgu`1Jim`Ik+MJD45Ar3|g1Aw%S*YPjk4t~}8%y%MS$m-+jHQMA7~cSG@QNeZxF z0;m63GCT@`IyN`S%dpHx7Eb$A6$^n?34A9hnC=sUl!=*4L9o~*!Vwn!@nh1`9~YT2 z-u+ZgErCp0vS{(2Df3D8d)CVyOBT4$#aqfI(3>T_%=AYTh5Qg}APn*v((AP3Z{B$3 zt=@S{T330q(&2u&YXe)W)AjOTDe(H_2;@YzE#)3{&=#(Y9AF&`dY-uo5&Z}n^do)w zc#X3r1!G?>f-4^)wqgy0jxNVN>(8NiE&Ou8VZfzS78NxK_Bb;dmU048U5swcFbLlgW#Vx2KIpyWycmU0 z_hP>-NhOgw`%mPKfeI6Tir_}Z}VYCpAz@~Gx2}7m;XOs^g{Xc zy!Oh!_PBa`H{se z)}F@K6y~mNLYqyG+kyXZdIo|@^AJtECu%80{kGE9C`oeRd zjY9}+7w|7UKFMTE&)rY^8!JdAg^qg@s399^$Qb;9Dl7T>Y&%~5#LlRWipZ&PW;g!v z^||}?He~k^Xkj0a^43gN07UDizdq>s3|~v==0GOxnV^#I2lQSOT#>qavhN+2>n|0D z5!!FSOm17_w|7^O5W97Om`uKb15@JNFWKk2zCMZ4v7tfo2k)FL+Xro5wfZLobdEbi zxt>kmQJtb_tsB7|3be73jXJdR8KdV(ga>lG`mRF z1MjOZz}0Izha0Dt{eiF>BTG+n+d4#E2d^8`&|0-mOT2(3Mi4-_v0h#~*B<$OPH%mX z{oX3DZ(Q0Y@UQ;o$9dnL2t7 zPS++AU3ICvAK~o645{SKhT@>x33r;8g@}B1DgL7Xay{eRzMI{elz;I(&?HiFV5$qQ zI$uqF9h?;C=&dc5zx;Dh%C>2SSaAbO2A<@T~H?r)U88^AYpzx~J5qOU>VySR6Se(N|X@tWD~c8vxi;vL#S z7TkGwA>;EoG#|TN-L8zaY&qqcgb|=ZdZ(we@wC9{b{Qzm_Q((;cu6KFXs@9Tdy__& z+~TzbMU~}~6p#F#ps&Rz#I;IqLmGjxJJr{+wptb zEcf_ZMjhBo9QiDttYV^hEzRRxSfX8&p2qTwE$=8Y$CzeL; zmgcjDbh%wqO}`#a-sMx>INmqgo~^At{3`p(bumPf^$PwB{2V?v9H#$QabFn~SGR2m zAwUQgAi*WL1S#Ah1TCN-NN{&|_XL7F1PJ;C4-UaKxCg1Ag?r)d(uZ7m@AbRg@Aj|$ z!5B3P_O3dEbJm_~&AHb6mA(qyx#7PZrA&Q==r3_jP<||i)O@0Hzgk0Z`J;gKXrbxA zaV^gLYg6-G@7|Q2x2>k;ueQ6ohoqCuk&~7KU+jRz+YR34%aw@c+v7n5oo0_X;IE=Y zuM$MBdi0a$h|ZP{D0^EUeD{kNmv@`g?L9Z;er5S)IICkhZ|6~*%!y-C+}<)D=%)F% zZ45-MrVHGa^R+(U9;EYkqF#u0!#625?{_E;H$;7(_;j1M`9yJ2_;k-XvpHO^3H#js zh^%8h*fmeI|48jDa8-?uJWuz)i6En-}!adz%q4A}dS|XE};jMi1-? zL+*fAKs?f-|Hs4L5r@m|re?=;A$=?09|lcMW;;Q?aNO-{|2(ztdB}e+-qssKo|)e` zRX#d*K{Il9-$`13PHwLEK&!s*pSr2<5lpSVxI8p-;?po$dAbC>9g~YOHgdRiN#0ak z7)+*U5xf2o({Qn7spnxAT`uAg$l2EVT;I2cZR9py@q%JAWF%{aZ>qkPYQ;GHdDdne zl7YzilX(^F()d{W1IHVR`(=uxyNCG$KX=N8HmIkGH)H#v9F}Omb4;3!*ADXm%iz(4 z^V)^}ivGixbGpx=n1YB%i0A6_i4HD0=eCEYp<&^673YhOj_C!887BK(2|{j!W%}h; z;d0IX_vlzcPT>@p>8oAe&H4P6&_%8-2Fs)e=2sT@6++k?j+aaqytp?+@4EF*W?@+l zdz0{e{w^eJk-k9brB!#)&&DGT*J0ug>%t2yPqFXrEi+TnR==AoIxU_lUcK$#`rRVr za{KJ282f5#mRscRlH(?ZRG%5ffB2eSQRwF~s(-Qy{Xx#v>67GY|L_uck2-IF_q6@o zagVUv_y$t1=Z19KV1GmBT>T+A1+TQnaYMi3(eDIl3z3$e1^T6q%q?zgAy`DasF6q) z&WD-hm#6dC4StKO>0akgo$3AiRIuCgfCw_kCbE<>yL9<|)5B>0siLs=ryDg1A8gbE z(Vs0p@4c}dx0bB#_F&#~dIx?T>Uy4^fr;RU2f)dqe}0Wh;o|^XADC1M`;}Rhg_~5XM7ypW*jc;1j=sujg0vgL^#t)-$GuQnV}gkp+SEWS`>`UXMD@P-sC` zN>Z*)&N2!`Cj2CU^8~uLd3aX-7MT`-G~GL>Q}ltKLa+Yky&Ny!?P(`z&?{lzV9ytT zpj&P)i^_V&f5dM|&W`J6driKUjW^I$5Wse+d5Y&(TmLeZ#NCV8w%+Rw#m6x^>wax+ zWpI+aO#dc67>QJ%`m^mk7J1#nsp3N-U@sCUdcP{V0qFnq&lfPTXD>^0pZb?KTo`5w zyQX80G_S_j7xjH?x>;U9zclyo!{`YW!oVz)Vyq3mIgdRi?h1W-e{w;6&`R#$iLcWpBtyh?h}yuq)1~uMC!Mm;op!%&`%L2tzHwTxAT2+EI(I_ ztC{n@1YI04X6ZHds9Y#=+?I>*%iX$f@*gY56xe;e|M}6|@PR$^>d1MB%ufP<1HJXc) zlfGZTeL?PW*u|L1kHU+8e$Lk5h-Am5UVjYt^t(GpE<+-D<0;b7&!2GJ>D+wM|DjCp zD#-m;rm18@+mO)7A!VxEfz$aAEd61Nn)UV^;^&KoHRmrn*z@b^n0i6zMr7(hupNBD zl;wL)l%?A`pdO+KGM`^sty|p4d86Lo1=n2=@{S%X)>WGQ0mzHzR(j5MxF*BaJNI?l zem2yx9gbb`^55u1Iod>1&x%S;x?MW9`rC+7v|S09`+H}iZ~70Dm@nq=C>~x`ej!6g z-6UTnO!l~#LuS=)8CXYeTiO-%9f&%M&bz^OVB@X7UG@}ddXAmp^DIYTMEgK@V|(I_ z vMRk!ria;vn*X!EbDx`mB|!Q_U+U(zKa=R`r3Rdnt1 zCb^!Tfiql)V$xwX!kz!bz5HzU7{&{9y$zay7=$#2z!- zSvzDy!2t0>`1bHPT4WW$=a#NK%QLz7Li87WQ^Dc!26H7{2_w*33BhicZu1G8TJ(q* zL{&WYITRbu|O6wRyWoAKjdeyMM@m#==I@^q9mhC=iw!9nJFsUpdK zhTyQAs8CPxK}&mad0V^S6t?s6^38H4s>jBaIiJ%R%RMXjs=)f9%FF*6DgE}I{aoKG zgm$UaNBm)1EtLGbjqEKXeBqm9%35ygX}rsDlY>qUzxQ02fD`fJTEd5caP zC$4EgUB_#a* z9csC4c0d0YZU%(U@0Jg^-)HhSe1UN&gi%u3#4(TgOP|n}Et?Mgy9xcHKI#}7k5*K2 zkAO!{9oUPwKfe$1`bTp0&lk8pk7?JxO2oX4NN)jo#ID;PYi%k)BSo4^=@|0)y+4-a z5^h0%aycMr1TwY%(;okk%-uo=F;E^ybL;}`TH^kIwU9B0aM$fmUdPe--xApq7799O ztt~4sg!a29Ap8TewZ(Cd{l`(amoT6WQ_zp~C-B}#+ZFFaa6?0bZM6Jj9$6dib;xTd z($EH^RKfQMJ*!7$-7RrzhxgRu+HtOd zDlhFVAu3;8mKP>>w*y9Ih%v%&N^Y{@1=Z~2WRNE2O_!_8ntvcN53=XNQnjvKQ(~07 zcZ8KtE|;*@HQ9osouy(v2L0>(I`%pfvR64=rXZ$5Vx+;NXN~tJS>L{q=I3^@n_}kg zt%OjPy88PJZnBqvZ>HSx+nTH-;!Pq4iRD9*C|)o#JG5vZScQ*;3XQby;MLk)XfNp8 zO3vnpI&IM}SKl>2&;2F@ClLNQ6RjuJAQ|2~}(-5$)b+N|O zZ>b17Tvp3!OuCTR)FK|s3u>P<+Jmy5t{wUytheHE-Cd5sXHoGJ!aeZOJwK>!kr5Z6 z0UvoZCLvY^sB1cVjhyM2w0WOb$3WPOuaNzK#&WT*x{l!lQM@+7WxOkgyxa(FX5A3#1Sh{NfZ>OHG_R65dPXwpM<1V=Xnf$r!?}lx{>%iSLo44o`|jWokpYp{WhkB4r)%(q=mPAm?`HG0TH~g!Su>~_I`1L@W;M@ zongI80(mJsOpW_jXu>nE6L!M)m_+z{+VPj4mJ6S(!n~=_;A$rv(8qa zKSghOjQHYv72v|LO7nUPn}Ik@ZOPEYxYo^f$xr(go)0>ira_TgcB&MnQyXGSl z?HLTK=X6PZmNk*~gRXJC$o#0bX9WvNmz?)uF^;8xfvTzjzlR^+UjHYn#CR;J#8-q0 z=%UXo*lD)08McYDW2>MAQ)PWC7zLt>fueAhAt_{T{OBplQ|$!3F(r9EF8K7TP9-th zX%DfOpSs7$`25DuoVpjc0)si<2X7{hNGbOo}l>#8nV%qTWvdLRXhuA;tABt>Tt3Q$1$VNpWp zx)@?p>Ls6KvL=a~BuD>@zjutpv6&?zxJZpcgl?C zu|KW59q#V04TK2Kh?F7a_(UGmqc2)>{vsm6D*I5{Qm>m&d@IZ}SmpY_Q$U3-&?S}J zY*i@jTk@NJh{?jqYme2K*HDKy5h<&2k&={o|LX%a#j*r-QR8bTC$BrisO0w;;`i$Z zmnI*;vzmUD)kJ59-n4pZ%If@ax*TO6UNpcaA-{G~8_5&SyGXD3yf*&m|0;4&V!c(x}3j(_2bam;7B%$k{xLQfNJ6z_+Mf(Gvx ztN+F$)TktpetNVW$=5U-Z1a4aA;-=&44TMS!5HtMT>IWc!V*%P7Msidk)IAC&83#6 zH{Q+3GTRcg5T2SI?1&rpfpwmbHcEVsgLYt`n{nXNI9h0YP@yeI7BwPy=pz+{v1bI@ zt=C|2FuS82P8XWxctK|@9}7rJH{Oo~W`jcqmB=B+?WHbxo#{i@^cw7xI+5QZ$uC35 zWqS>lC3Xc#qrv-nVsM{KbsgQ%%ujL=SrkTrn_FtZoU)<8qj36M$7Hn(Rv+F85EY|t z2OnjWcsd8IrZTVc7tB%+9hln3S$)T?m5ZU1#gm+(!7GQ-MDIHUBuTVVG znHkwj3cuds$7f3aun|o+AA9ayy+Z!bdZL*!Ra;4wZPd*am z8fq&0ah0*>;#zn2lm0w20!a~@{Pmd;-MRE!vXGUE&mTX->(uP# z)5ScILV$=HPrG;(pDHhwVxYEB7%DU!%GZ4!jbkN2!q2(?;t8?cx>E(`s)q(b$c)FUP3s@eFUA*^AD!q3Ck<=7@k4^?R_#(zlQlh!3sjmH z_*SyI@eeJ)R-eFLn_+1kI9c1Btd2M#2(h0_4O-Yy>GV!KCQj)}eI54hFN)i!5x{ZqJm7(%>J=%@%lF3`N1hEXo zflaG`{CsvHJMYqxvhS4u7yP@rfj;B;vP*2z297KRi;X=K6f%j<(KK%Eo^gNLNuYO)Y%4}bemko_SR62ZyGgbCRNQ; z)UsC1dNJ!6g9+zDIo}5GvKd-_+=QjFgA+e4HsuKwYu;OHtTVgsY4EHntg!Wuvn!11 z-#ObB-sun8PF8-BtA8KZmKuzLG-Vx^&o2qo0$w_}U004?&PbFGIq zJ0|Jux11bIxCrTRW;3*FvoSVmtBPmmcI{lCu^^@5D7o+LXE&CxPi{%tZKw7)Ozz=u zVc>0BX)2GZBG^ehj|hOR5wnED-s&|Z7h!f(pt>1gIk*MW&jHS0iAYG{k`C^53Om9MeQ1^?(ea} z65`eBnrwo;=M%E?%)$HQP?9#6O^8;Xr=PL*av{%D%NN(V^btclY@Xx0e-3U$aRxUv zsxhZI798>BAbM(!Ni3hrg2kb4U%vEcAzYmHx$!U9nLf4PRY>FUJ&wcVufDV3G7rFGninMGKV7O`^S74IPI&wij%0|*Uo}uC595B z!*Sh zc0;sEylocWPxw|PdCjxk2sQtsA=mF>*M1UK+d3mYLWt8wzDdeDVW#`dLXDM#p7)@Y z`;>m>XIK?OFj6?&-a5UftMe)WAJ2Gp5ZjiD!ERk-1qeas*kaY~+G#N00Plq+U+f?~swE!CMgZ zVlv$aGi@9A%)~O2q34w58d~)yVJ8BWHa*uzysDC7mNAd#_AiS_+Px>gO6%i%+H_sq}5kiT(Q{9o1K@M)igbIl^q{0Oo?ot%V?t< zJAz-MfnUb|Hqc_t*w;$_o;*23oKhQDhuosHNURVt8UencL}H$cj<9Cg`@;E625wIK ziq5WJ(8#>*V|z+&n(}Xh8lT2G67dCxXWnG-G*t4$6}#PgaAcS8L@+Z2E6)xMwmOOYND+L4HY2SeYwt`i+k@{ER`+3_=K`g^K1N!LY#o0dBm zxLORf1dJOz_G7trmCucy^cE19(OAY*7#(}wIgBq?7|pJ;S2yYo(Bu*HBoNL8ILvw< zc#xZs;;12xF^PL>?y>6Pj{C`AXt+fvfUXitUmKA2x`H)@gN+&k&79g4UMRqNU|m%U zWerly8(v4e##NV-N-mQXz=?+?gD*8ULnc)ml}0;iH~;Dt(v96OQ6pCr-@lWpKyQ+Z zTyhgI9R`7?5zZsHs5WDx{1D}R?ymf0iJ$16kG|SnkTA|xc~hbVN3U6HZ_6ZQNMO2^ zy`@fHY?fr{bgDS&)eKU2qMg;Kwz>S3Fj2%@lB~;l>~Q*)%~}6g(i;_lJ=RVz6F{#s&gLDdeP!Jwmcw*vp8yOx#;YilW!W9<1)0XaHdK;4-yx54d7g ze+#+;W<^ni zRN>2OztG$O6SGM!Z@W(gF2`puq`%tM8*04MR5o~X(AM^c{03-#l}~MGz!pdbIcau3 zPHevbeVm>XczCeduxtzMN&bC)4^xQ@*ILsnsw(9#XIoPu;H@&BA2QGI67+VB4?Ik$ zsH*VJy8_Ehj7p2KOf~myUKf9NiZAKeadY6|SS*Zy{vg`WrG3L;{CwOl%dqD5Lnm73 zjqT7pnyiGx{u9|lWQ4^FbzfgW?~CN`!8CWc*5YV>;+a^Lfja#yLkxK3SugCiO4KDJ z&IRU8-t5de9QXmX6E_eh(%@NG@9=mY`&O+ZGhS!4O#-diU+g1Mv$Dta+Tb zoqU)_r07skWlL;{MN)Y&dHfoySnstNh4Px6YD`}?x#5c!Zq)HgHIqS+3TyBexfAZPg_E1wsC{ex@-Li0r7#X?4c?8hum+9W~Y6{sZLAAs;^EgJ#k#0 z^^jXCK@%BEv*id0G};504vx1DTx5zr)gwa|a-hYBsI;ysFJR&wc0J=S^NDjKwGqiC znEEnRVkH^#$X*mMI+jZ&NYbpDbtg`M=vd@GG0=uR(ZRm}GxTQ%jbj2iTOV)VYS7s2 z(+`0&@C2IW9@$Mm;i3LrLb_HVgR{@JLn*-eiCIX6ZNis?y1m!Nq_fj>0U-yPCX#5y zxmdw4Q$7wy8>9*gcdgMkg#loH-~QJu78k;i8J9Lrn*bEyU7kc|jlh@#<-^8#-M#-4 zWOh|p@Nn@pKfb9Gx^+_!rGVC#nx4c+)4DbB&d^s{cw)hQ+(0($F7L+zd>k87OeXArO7yHqSP>^qjA#Z(l zm;2p1)k@+eMsmwOm$jJy)eq@^e4IRbM0io~7jd887#&!ZUpYwYDlrLNZ3WJl1`&(8 z3OFs;3GqGfL8t6Z5eG3)j8BmtP!L~!^$Z5~uXIr_-X_Mt!%L#MqRU78F#nTjsu2U) zRRKGt&U&@Ep0gJQh;M4MtPV|gQpj7?+6$#IPOiKbgBvsR$siE!0hwdknxDa8 zW2&kXYhSJ`F^RXGB;unjHoRY@rJESwToye~5*|3Rh)cjMxOvY_MKW1$dy&MokULSu z7|c(LfZ1KIGk0KvUDpo|fldMVWpI-5!waCu{m~1!|1>Yb1ANaMOHiOr7Mhb>%N2(? zDTXhWG%(!;=?{fUic)`12$FqrdpG4qh%FZn%IAF!pJtyX_gh-V$8<%4WX203#-WVF z2@g_kq2yZ1yT1=KT)h^4=Wfc@GJ}Oy6vRjR$=$4`X-_H1VSX$aucC3$G)eVt{v`4aW3Hep$||I&s#jO z_kH`gj7sH^5_pWfl>dD3A0_bru}a=|KaXWVZ*%@l_0MMRX~Jm!F4=b&fR-wI$&D9VeMznbfr$};?FN5SCB+fd9ss6yyzYXbd&dBEc>=UB+Fyab z*4o;8+4xSmdIGKUbzJ0sBDbe3P)-N7K(KLv+Pbxt9v=^~m3tW(!FZHj?!A+cTSHVc z;9xM;Y9a~i(=8wHI;nSe`P!rWsZps|4Y!blCYDas4oQ<`BfRj1j8_Gbp zB}t={43cN4J?jLR7&YZjY_NjwL{WbUGJhY$DBpsP(1B%eZh{&hLS^53(DZ)LwA)La z3Q`)gPK?~BGkhc|U-Vhzo5FX2opC13`QBf)~= z8MtVPM^A3IHD-zNNi1tJUdJyzm&-4o#MNDelWLppAg(AE%wKalG7A0_hko0BG zv85T*yVxeK0KtUcLG$c;PLp`*heKTqa4{yP>Wd@sTOP_WEFTlEOb)DJSd0{l2{e=_?1l~KnafTq($hG967m;GY(D$E7-n$P&c(C&FD<8L zf;5G=D-O@{!)((criL*>DhOip(dJ81cO&)?z7R)*&dop4srA}fCQXwX7j+4yGx*X~ zX9LqYx>7GIw;2FQr-{7^_B}ZVFK;iv;qeHK%>UfqAT9tNafzpAOZMTmFhEM>sB$85 zy_FN$yUG&vH^7={S2Z8R7yW3+z$>%}*yzD8ZnP<4|FD^f|0FU0`QqPUBL5zStLQUL znr1?j|9B71*`7;$DtG+Dj+&GMPs*PU`1e$%ZI2+lm)twj_vYMo>j1EE#Xt$1$NHmd zHJfft1F-Gf-s{>y!0~h#aC2^5?=+dMZGl&w{gc-G+pz-hXFMS%+PiJl4z9M0wQdA<{b`E~$zMdxeE+ysEh{C&<8V@HfqXH0p z(&Aa`x-twpnIp}}4#)n4Sj3=Q0vciJsxSWq)1EpL;KbDcvRee7Mg6n0(w+H5^0U{5 zYbad14ho_nFBQ=TYe*kM)K)MQetex&*Bdbi z@5YEQJHGyxLG-V0#80c6UM;_-b_k&Axj>yBODSTNnZq%Recy=KDojTrpO7#X(0p_V zqZ_V}j@6V{P0jy>7Ix$si{pu@@jkd=#MJfX25@URC39UsWM3GWa#(x#H`NGUtAgbR-KvY4Q zSTv_bn?hA>Dl)VYt$RSndEh6eaU)Ac%Df(A;i8}5z7B0A)GZ@{mt1%8>n?Uu$RePr zFea|6vAI7g?6SLXfFML9Z8Gb8$RSing4VJlbnY!_`t~4KBXrs=^EZmn{S(G^-xIXS z;QIAeXbSjAe^9#};S|}Z>P4vc;N~NvpdTPiWEn7wnzC1n$7eHoAuVyoqlBm+m`mYW ziI9o||4Bnwq<^H{YcVG0GF!u~R^DzuK+J4j#U}snhE)8UHV-D^gcRN8*SW$2TN(!c zXpJe6=l1cTr;5Pc9>`hDlpjlc6+A_MLT&N9szRK;ngLZrDic(V<^{x4y;wpcFsE~SdhnVwp2c3#KW=}}H!B8GNP_c+WYf`EqzG51C zgscCxd*Jbnf2C`AgtQ>S!)fD~O8doD%sVncx5##b3fS`FmG@!5+yOOyS`%59+tu|> z`PJ>oNS#lLJgk;ixVCktu^AZl{ZF+G?PXfUf2t=vj<{48X0NnOV+ePn%--Y5-}Fdy zgiJ2%X-K%K{d?7jMK9V;kI>~1kI9UY4_z#`OopVT@v31q8e+41oFz$ZR(yz#ZBY$^ zVqu|ux^K~15teT5i^@mL4(|67F|wcK)WkjYmrwna#n_NsYO->M_s+a-^)VR>v#a{z zYFq8zMpW>Wg#-!$*~WlaED#2sj@Uq>e6^B38qRvOqOIIR_{lYylS`g+nB%a??Kx#5(;8_8=ov+NnaC|Dx+cSDjh9ECEk_E z%dg90*_n3@{(^q1FkjP6MhrhM(d}(|epd@V1V4^B{ff0HnBCG4SAr4za!I+8@5BEF z(mVbR(goaK;WT&yg}U0RWRwdUS{Jk%puQAkpHoW|zP30Js+k=5i6c#B# z6&F|dUB-llgQJQTmxzc6EJ%avDRJ#GQd;ovb-RK6AjgS%H<#&qO!sWs4hB2uiJ^E4 zo6M6~`~FqxDI6Kz>dvoxQD|?KZTj8FR-e{&k@nRhv%l?|-g`dlJCZm23^B>mgw%Yz zI=9ItMf{X269N^goq1`)Iju{d!sg;D;kytgjld7l9=8ruvpO)Hw zzd=pt;_b)<=?KxpvLNyKlnp<0U!Y9iY*_kZiAcqu=tK5d-d96?4xxF)LM)bUArLc( zo2e{9C~so-Prv#KlPh|d{x53qSga%h`xV{#<%830O3x%+nFwJR`tG*v1>NU zO?Nd;_vV(LF)qEt(azwRri;pE+|G$VY_(>OKQEDpG&;=fj9$(I^v_f7%2Uf!ng&_3mTnCuwLx4x>cMk)y!@tFmZ3Vmk3YxF0_ITtLRNr%vFaax}gkCQ#>@V7fimq>g_-FZ}q zLy9)!CKZV@xh$K(jb=3tLdZ`h9qxA0?fCKZM-am&Pos@1`Ejn17gSW23~SO7i1}C6 z(q(lQXyEo%ma7%e?X7bUEBN|qw|xqx`K!A7q-&NT+>V8-{1s9`*wqpDpika`LLInT z5yqmU5R+g~@X=Q=_9ZeA=N)Ssq(t|%L|wqW)gJq-G68kS-I1HDn~1Z8LQs_v-qNI1 zH3$;J4)^+NE|HX#^F`>YgCG%t1HWVX8>R@+>o4P&{741&m05lQ&fDfyR5#2$(rca_ zH5BCZS-_m`)f0P~nOGL2-ut6UQxm?7*0G}3;A;}X!!x&c?aO|sx?-eH9LI3DrO(Sh zFG9rCSzOXm_*nSkE5U|dOyVfnc?Gi6@02-mS$cg@x>S4dV3z*cU+HI@vdFi#*S?TR z*)(O+xx93gNK`wW`FK;nQt!1re+~NuEa-(%)!jQ!8^$N;G1A#ZUESQle>-ZGGE?+!Bgs{U5(|192OJXL+_d@AHmllvPY=>wns@X8hH7*z!m zA_9-=55AeX4`@4+tz|29eMp7EPkX4Z$o&srSte%+2*zUHsfYq5G2;hj$PX09z$iBT zs$o&;moDm^Ei~ZkAAJ4isB`o4M~8=ps&NnG2a9bFXw=vCB0iUguyYo`(?-AZ`8_rt zDVFHV-v|5q(+3y!qJMoDv?%vC@Qwzyr5GT8bg8kFEcxRt^Tz0p3yoUWAHSN?P{c^=-#S6E2scAxTbj8a>dD9)iS>f@q^=h`m7 y0HoYk?Ello|FIdyqx;TyIN_r~&i}`S$D)H7GjYS_C+5KQB7h|oB+A|yeEMI)PPB~x literal 0 HcmV?d00001 diff --git a/docs/addons/postgres/auto-backup/images/sample-postgres-3.png b/docs/addons/postgres/auto-backup/images/sample-postgres-3.png new file mode 100644 index 0000000000000000000000000000000000000000..b27d7581e9af9b94ef4a6f32d9db394d15f8a31e GIT binary patch literal 49637 zcmcG$bySq?_b!eiA|jx4qcliJNQWYw64IU0DIJPRclW4tcMdQh-3rn%bi>dc=N{kB z`}yM+Yn}By>#)`=WafG9=Z?MibzOV!G5D>b6xKu1hbSm0STfS$Dkvy-PrwWF!F}+~ z=bec)@C(C1TFV&)1-l*jx)c8#n+yfzDT<8vYc=<@?O88xwd3^L{qbcUJhq;DzaPC$ ziDnFYMaLNTk?4Nm<1OZLG~A+iwd^mhg?CuL*oFR94|e@pHVeny`Z`fUdWXX>{uPui zj`a(vt;6d~LM;EsYSKShxjvct`pK_G^$15j=JXJyiez-QgCqF47|zp%&eIS{#*}QQ zPpOeV!rE`$++K+ze+D6Uy`F%dXq0a)`p7qEQ5egJkndoiJe!@p^Y^n|d{UbqrIX_C zUwpZj{9yNczCGFra-8Ak$@0J8xZ-}H7^-e=Ie7ov8LiJiOU$-GCjQ>x>6asY;Ume< zLExvmehbg)Vcs`N{E1NTr!+erq45tt_xZ1_pK7I$qfr;HfQL)A(tyL>kpxoAwpNN@?-Z$bo4sEV`KM@Yf1 zo!t_WfJYC^J0~2l)&5jmq;D$1eZ}1$)0i|;eKr}TJRujF-LU;T@e&wfiEPUb0+{$iOgb zN@jA=R4+KzIz`04q@K;sli2CGW{pfga6yNZe{dsO7HSvLotxEr{A7c0yffgSCESOY zkV4EaG+4A5v08kp*I0}ANvkNxT4v9dCqPt;W|wZXTIZ0!Acf-odBvCreG|1g`tutP zcUc4E z{DXzYP!E`ECyb%}D~IVTKCZ5>TxOHM*$9tp4VtMBZG>6)yb+vd9OmgZ_}RvsP|gk87Sy`ag1 z+)kC#lkDwyS-bC~ThVuZC26($mdwvKQ|C}`|Bh~&>|QI%lLZEMZ*5V@&M&U2I70?Y zELUl%7cm|dqWaR|vi^$nY2-r{fWod|c<#<=Ymh_OIq`3Rr$o?_jwR%{F z>8d6sjj>pRH_UrQuZcAe!p}3~uAcdQrRPby69*kNwG&6Gb8Ic{;yzZ_pkAwzgIaw z)+`@{xs=rRrq!<2py{^$pvokf#H3Az(qiEt&k*TbJ_ySUxN9#TVe<{o_-(@K`6{nX zrf}ExD+yLK=qyWJHGAg$K!8koNbZ>E(85o>^$p5EF?x%r1m{(UdSAlz+Ayw(zD$Xn;J*7-=@6X> z*%Qk4gXIUXKm|OhWTeG&@}}(-cG+uoA-L9ZM7Ae%+I;HYNnVC0raoRvcP*MSxi>$6 z2>l8U1o+VaMVDqORaG|EaYLYm&ald@MNyIAX>OWg}f$XFyeKS`}eEjbrOF5m+k zrH#HIb6HYvZzAI6mfL#UQSpFOcaG6sf2Qk+@>7@4*E3)E5FG>O3Bmp3Yd*xsV3S5P z)QP9bz^PXs{z&3yOQV2f?EYdDd9v`jG0LjLRKTmh)hl=9m`aL7D+SLRpaWA#*^sK-@r%fuSvOL1HQiOnNlL%4VS3#{d4RWdW`mNU;@N_ zRDzqr>R3`&^oS8#6nO;0DB&1UY4M0xC$;Pd1=dNT;lVR=cyGekr+c%3Q}?U_D}L*9jOZ^@%i2k zdyj@}`6OO*eYg^7-rhJDd9}Ia<*YUDKWmr3Fk*Z=J!S6v$wsPTU`>GMI_gd~odPZoH& zQf?_uTNHfU-Qbprb<>B-@cNCHB$r^@$+XV8cDKhjD?p?q%YM9r#q6Wy3a|8!UMNnC z;BKb*rT^}@HK)|qQ^D~i*JkBFAw1vir6JsTFRXmGqtmU?`_k=uQ(T6gDk7@$tn7G+l(2-qlOfQWgplHAFO@jy$_fi39moa&hZ}(-VCrU6&?pv z(qTilP>l_OCEqj$I@R8ec-@)rYvE<{Bj$WMq3Px)!Rm$WiF!#A-uuLxh=6q;ZS690 z%;}gNMlFm;a@>#RD>yzNg0FL8+U>}RyKmY1$iaIt=b)%_Cn@?*&vL4d4NaGJE;)bU zrB0rXT?~^nA`~8!HmME(kFC6*uuoRC#-Vmovmmbw)stJAu%Fs7@6x~J%##|YlJYF= zY(=gO10OX_kQ_D z0^3i4zNow$B5V*PJDXhsBFHN<@`@d|eU4A4MVbY9@Jb%3zGbJrgZMK2W{Qfr=ls*? zgWa|3?*$`$PM!k}i6V1O1UMjyuTcz_CBH(NqTJXe&d?c%f{%h9ngjkkiM9DA5-P-^ zkj%#(j-UU2F>aCt-9M+T*S`4m+*(& z*`s!pZ>#Ad-Rhw$v}yA8qTR*0?d>ku97J)Ep_=>yyhX7|17)dJJ6=IQkzaX}aD#<` z3PdSiYU`ZeA3@VaKn^6avFUz_6<*u12qTCK;g0(gRW}N3*w}w+$JI$fYVWOAIp(4a zinL6>cy&BW=i#mGm#MZ?*EeFw{k?KX@T`{$NueEEKLF~4xYj@eXE<*5>AHMVAQKDz zbpjoI2!P$;&IMaUBavyDrIG@aQri~6u@#JrCH%a{D+i3XxTP*;#uDPv^T?ITRC&BAoMME9*a7lFD2rR`n^Ska)&>$hflQpf&A3%?x z`T3c6w3m_7$uZ?I(U>Xur88?Q|5;dZWdq&p)76E8-Ch46>B0tPt%+GrJ*L5q9|coy zdTW1f*mH19khbRt+fn~i=uA}C%k$j2mV)vm+2=L6;YYl4yXMW7T{{dnVFv{*{pP<$fZV8lYrQ=f@Hm}y<47Htu;J17-tWL1&Oy#jT4{ua^8~AF>L0kIy@>ZhRm0{qfzjQh$=mg ztzhRyMn-Gnt#*5>5zKSfXSB(cCJoT%M1eoKZDO5e+^b`*;&xe!nR|jPr|WX_Qpp9vnI) zLo~%LUq9hjw5~lVQCLA+W*O|XQh4_A=I+UH<5aa_`Ba$}>$9|u^Ab$`arVC;oWPSV`wT65 zWbj&1xdAnnE?O7%kb=lVhETqS`yrVk8#^__XmFc(t8uw;q!Kj^?9r{;h=G}rz&;^f zO;*4PQ+(WVPAsu~n^n1?GoQ==TMDcy?b5=AW9O*N|0aygl3oncuSASWxs(RefV#1gx zKJMap794gptR9&OHvWOG_$MDZPcbINNSw_(%yLYu=#>Lw`!+si&o&ep4iBCOD-F;y z2!0l~elqDs7Zo$^O}xe2L(OD~X0|WaGbGosn=Y#y5c`E{Rha}LtFFkifx-50l_4fc z|4XR*urqIkqZwy;%X)p`L>)&LV(_yc?4h)C&Ys$*(6cJ}3eK3aMDv&$V~wS`G!5v= zc|Ml}L|W4QN0d?w5<(vmWB(9FAQuoc zBmu#OO~^TVn!iQ-XlzV7xOg!4PF-BlTwqHt(}R%)O$WVJJtbCgP|9`Hj)}T!qxh+k zg51xAFbiLELJ6ixT5jF%EQxXL9r%;xu@J~>|I+nF?$oMnmBmCt<)kNwVhJS$y4FQQ zCq;S>60|G`OH}3I8(}s_z$Yk$?$8~xGmFQeZ%vHQEaMmXWAc}#gQ?QPp5u^7)#G{XX)y3m`l8B z4CKw2H$!lV*h6ovEmx+@s+n;9xrnCU>hHd zyH>jQKPBX~?3yWmn(WluJCn4tU!|5m;<2Ny5|b)pu6Rcx+l;)#iEJyv-opNlbT_S= zG6vJ6o1=t2%MxB1U#yC>f=v7O++=_}Sy&Vgw-Hc;$PyeC9eev|kb7;`4c=kHV^TTE z)*yJlxgs?~BgBMmE_t0ulYySjsI-df`SaMuD(@*B;kz#H&pMeC!}C>l@a<$7UUtd6 zUa}A3R5G^oU7b8g3uqEaTpt@AT%a4O*R%I&=7Oeusgif9SS;6JeVg#6SFfI8yNJL- z{h67i#4^#c>f5){`WLoB@%+IO9_OZd+ig(*j-+chpOAQkt}IfVLya5|n0sE54)7#` zz&7lyK1Np5#a6EgJ=?Hu<1RZcvdj(cN5Xn5ba8Q74zzrmxv3az&4dF!7ev24-#cVr0aoIRu|X_n(zjFd$e z${fn=0L8o6nM`M8StDhpq@DKZCeE@1~nttSp_*maL$eS`cv)(+`u0 zK((6|%a-KBx~`N(>Lq+7ZsOw4BVRb{?=$P!gQRQEHk)$H%4Ff*>|DvsyKI+6^Z4Q zWffByI+2%8QVGhY%cUBax_h3YG7M&Mr;w3%MJGsD*-`T|$!Kzp$W*;kiAj`LwGM3c z=6UJoyF(uphd*FlnjIUZCZ^*5wfCp@!NWd>g`A4U>jif)?fbD#YthL`(jJ}<_tlBA z(fF6QzwFE5>C|r_D7`IyyRv^qZ#aZ#qPlvz3N0 zc2CPU@;z)0nz*HKx1hBs-U z-yTaz-k+S@Sk}-k>tKkvkt9r(IU)2iQW|)c`}7mELRChIg}Td5PEF)icsGszBRKT7;8=hQeGfflNfb?pEHEOFaCNUBl-dMmuE@t( zOpGms?JpnItzz4Cq}@o)=0mz0HPMs=)x_x^m4E0XX8xPZ#UoQ9C$<0lz4K$}Z;dEO zditN*QqVn=f0#V=omc;Gerc4qhJV!pF3SJpk`^^}_0^4CMVIQSDQ*AHpZ`m}JD2y} zJtYkN=3DLUoVtc{XO$6jg5-1Ym7wRyjzHw2Cv}lG^WV%-tQ5;(Z+x7{6YGka-(5^(8j*Y z>U~(#e4Dd&X?DM_MP6ay(nR!iduOMs)<2SGR)*w1m;c)Mg$Talyd!Zn5c&F&C z81}r7$gQ@V#R6CMX~FntNOh70PHM8L!Uq2*A7!@W(Avd_3^}nx^bHH6NaJ{3TL!e>4q?q)vC+L*a^sBxE2v&5*A_wa(xZEQb}PK zF3n=(#ma44oh@mTu~K}Zz%#9BNw`msr_nzhLN>owDbJH!Mr*1(<*-HPVM;2>-^uEGQt!K3`xvNpGcy+XQMQVy=%-2{ zwe|9%vd8ce#t|g5%UamX%q#L>3!usbT&EXbKowN@rKL-vctQ2e@EQ2lYMF-->$6K^0&pQ{n?(T zQWheqWALQWv3n`s-K50g>g;#MLNu5!_GuWU=p2{rxoBh8`l#jHjugGuTpoNoBG9<0 zPqK@&t7buIdpkVip-G^~QBfNHq$$Y@uYPmHZElmNt0mBa(V^+hBn7JRF^TbABE0SN zu-951B-v&wam^|6EDr8I^pg_v{mfZ;jDfVzKPI1rd545N?2$!bq~YaCjGTGQ|ACH5 zJwa7nUGZErfwSk)ZaTl|%D6?$^TY1m$*-x>IVCLL8;jzG4>)W3DI$`YYs}4+e=*AK zbiSS#nlxr&;axUZ*RuRS)@A{seGwjZf>lGDk@2 zL@M-93-){>D4U3tRyt-|V0-?3JMEOL_t3dp^ig|GOnSN+-2OSnhE`U@{TaGtqPS7F z>1pfAflp00$wr|x@!O5>inQb3NdEK?kron2-!2m0CT!V!`jRzT6Gel>%nT(Sf0^Jd zS`vdl z>)B{r^RD%cFVEvWXeU*#xvmq$on#MXY*&6{Rh6|*clF*KPRHQ3$*y?RqM&8TZ^-bB zE_fnQ-xxmTg1d+*ExS)iV`0pkZ%dWIlgxTn9XYz`vr__>l4W8#rc{>tG2&-Rb=yV* z4rADa(FC5)LTgI!wv0RZ_ir|lsUuvafz*!WLUf~0rDug@qsByUwCr&AW7o=!eK6Rh zsPl1Hjeq}`ln=3M%=&zEbyt0mQi=O=;$rII>QF;C$7dTpT&`|*!9*X21*dvPDA`rr z)WvxqeO+05tZ<8mgfjWGR*1|(<8C`mKC7tGS@8O>t z*9N}UJ~uBKsGMTS=0OeEJUmAc!qZb%a|tCls6Pc z74;vJclNJKe2pVqjgC#1P*=YnTw`t}UWAdgLa3~NLn6piV!ZKYgqT9BLn<|cnvSDs z3Epd^klnJU z{tSG~K(~Y8MsXGAX}3EryDXZUg+5`JxX36#srbpqg1L|3xp4Z?5qXHNI{6^23YQZj zW3QPj_ng3CO~pxkc3c9gri`?W=J4W=;gwr83lAfnjg5^g3nCS}>e#3xSxHwB2{arI zatA-P_3N=Q#Xl<9AvALftQ$)TFjjvBg#xdAzfq4FCrCbXnKe&1s&+! zLsw6mT*yBEEY4c4Z;6ri+>nsMbFpT2;*s6I6kbKGVgkVXt5(}Qx%+j%pV-)lKWfV+t}aD zeL(Md(qn=M;ifX@6B@eEqWs@2Mm($;{ofq$a`HI(J@eHv^^p2KGOMLoRVzq|{hR5M zin$U+_`nK9*PJocP*tG1vRaaazjB{39g|?9glZt3B@Z6S7TLvbF)`OWXnnCHRAj-E zHuO$swC3#ap9Pb1n4fx8;J@NrRSxAQDxBCxI;Xz@G~pzw`K_7^t%&+DBQC&igcIT7 zRB17O%9^s!`6AU&sV6h}861CdN0TL#dkR@(Guj>G z=*+Us)U*S*m^_&5@d={l48s(4tg!2y8J>_?c9N5Xw#{j^jqyqMu`iDX=5PuK;8ya- zOziit%qDekFDc*0ibjSa;lTWZtgeyS^mVHbA3l%^RzM~uCU$p2bmeu~bO}TK&h%3x z#IB588%&a+*^iby4E|zn8t2KdV7+X&tV>igRY;5Moo1?RnXkb5{M1TCX0b0D{yO*7>eH}C*YE7(YgZTxYt`QR9&vwW!!XNnM(K&oMB(!-i0Hu-;Y`5dO${P5 zeP%nAO{+Uw+fy@>E3A7vqGB!|V*Hzh?6&#hg@+&ilxaO0*N^(kX;ePff{0s9x1?fd z#8N^2Qb8->>YO9fQt56V?51lC-^Zb1Qsh=nj5ax+13!U$?Q6Kf;p8*kgkMkX8gr;{ z6e2sPc_4rogo4<3SaN8PL)P_4-#J_7KoRo-y3Ilo(Mks8mUVUI;Yr2%xHDY~lE_0~2iK=-*~fLAu`106sF|5VKy4-ta(lIQwJs&P zxSDFuQxl(%&Cz>7XMxVu|gGJ?G46n5)#{}Hia5nxxXO1=kpl3~QH?7sV$ zC?e;}c)sU-1~u;ezL(SR3NUGUA2vot!;u^Xa(<^TpHR^`KWwVyD5hJHuU#Twkk-%W zvGMT|@82_`2)gZ>o*%4SO~bBJ;T(v3LRRheW}izGgkxk#i1E?-@2sq>$0Q_^i)-_9 zUI??{ESVX<+v`s5%E_<+^Cdy}Id&|)0%ydt7Ca@P*SflCaGuqnzso#Z!13$;ldq}; z^KF8A9i6X14mS%+4|*6N4y*kn0a#?6!lyHByv_SqAJx|`MewjhomW;?8m|ueKq3k~ zwx>Pl3C&q6j&F-uqTYSO?JeYr?HczbGa;gvlSAtxxj2!+C&Va-#zXA$^K(!oBl`07 ztK&}f_`x;84{~#T={7b!Y&#`@1NT^?$naQArr!z&COnd>RB1h4VqPm~IZV6TbgB;< z3RQxL__%`srmvb@zyLKK8KSpWhud%%00cs!GCUMNp4Jb5PBb z7#lN*U(>BiWH@%rM(x})(Xq@qmh@m=uUM9-27Xx#rfzF zA?VW@yhxSPyyD`OV1|rupwg0+MGFkIWvp1oV>3V3{c699M8Jjd_SElIN?o0>EdXl? zn9>Sxj>Y2IxkXU&yt-Nw?J_-}JWNR;^*x2c%T0T5O|+eXCD~tf*AU;#N%KYi;-@Yt!=4zr z&Z}abS``hAt_)$Xv;UNmgMx#N7Jhz3@!o4izuJ%VTi%5tR>5cJPdPa&WCRN}O3h~* zKFqj`D9ku^Q6R4>(yk7PWl%bpMfi?u?uN2AKNS^)kZ_s1ychM1Szmv@gtG!%TeH@V zA`pk_L~u7;6usF5bMBiRaF{d^pOl|J#nel5d%#-Dr*}Fzb!u$(F}LO91|K9rymtA4%}OgO-k*<=W8+A;9;LrB!1?V$vD5P%~|}wEjD@5!gO5%%EWszA)*0l;LxtHRp4x2P)A5 zR@T-YhXcIz2ffdcHV=-Rnu{woFOPAzevMLy634#zoL)(2{~oeH4ZWD1vXJwPP{i3L z^Zh7rfymfB%NNj}I(n(vC9$Vz^$5jn)-byvCt^my;P6^!@W!dx+mMl0e+1`alp$WI zuiHmI--X4Ppd78sReAEsL=p2_*#g+r5??k1dUovdS>{Up9?IbFC*GF}krR8hvYfj$ zBz@XH}L1?9JeK~>JS6lE^Rs?P1JS5fSq-)Kfu_}pp1@=zPdSut+nBZnu17%qRB!i za<%v7X3g&=P{*!5yMsq6k}|x**s|KddaUS~fI!MuOd?$TW#LYq)NtGB8f7i5$?ram zCsWqpCnC33&NcRMaO|z7oD2Kz6BTBdVEc`RGK6g=E50r-n_isk^i_}RW4d$kq5$`5 zTX5i>?(B(Wm@G3w9XIe37QNYzyi<3+n(A1uYco;yY1$q(t2t&|jx@B+NGf~N5L5+t zvkwWcUE2Ny$WYtNHImd$+sa$-I?oG^@uUuD-u6B(U2a9ETF#6V;ktwI6Magqwk2Jb+A;f5s7+$TFbvyW#+R()W%T04t>Jffd+h zJQtRbTl=mA;Kp(AB?Ajf7zp>5tV@@Tx~`LEtR>U`Fu z+UWrhGV%%ver~uNoJ`vzG5N!|URRCn^cjGsBwl;Ud10wpJ6;kJ5?#-Y?2o5uH^-%Z z3NkVn0J9ZRukCg!>4c?*BL1*(LPZN#RgR06Doy6Ir_cynmBBw-agqb{Nl&XFt)bEm@SNVZc_Ad=kewFStJu zyW+z*2DtugH(dSZu+{$P>>Fhx9m7X>u~Fq@zw?lASJUZS-^NJp`I_jhjJJ2=lRv1s zZnGag^2%-E;o-F@@XoeBFKzt!J5xa}(|g8_mn{)9u}?xlK_T{>GBWV`@{|koh|uJf z78jfS$y4r6<;5u+o%-(M0-aUU&^X-4g&crGe&N1nxD?qA!fDGwTVOq~8xZNjqMHzT zem94ZG=ArRa+9tL1sLEx4)wa;CzBSPRWh;kj)4ChK;hSe>}43Vl#yNTkpM=WL1E#T&K$fAgbKUfZQebFk7Ho4k9D^;f&tBgd0h!)e1(0n4T4#JAvB)60yt)cf2A_IN z7m?@@t0ZDHUZPiI0L!p0Z5os2@c~o^ki_l>o2_2^>8YuGwav%HuE)^op@buH=8g^V zcMR5dh=0Lv%OsC6^C5mbK^F*7sucj;Cq#%gu1pf*-#4{O34x+KHxy(Pom-I|j*D@% z*Eivt3#>-0i6PwhL?-5=Kc06_?$L#2%trFF1Wn^nC%dhg9U(>zQN0X0v+NCSq14SN zML&Mr1v=^h?7Vrr`Pc_ZdR%v=Isk}u&(u4o+Ey+cfnz57&?&;8nD#9vr}KSgRaIPn zzr4xKVn?W;n%7KO69Bh^Qox2fw^(&*KxdSqx3`eRV4Bg|VEXn{bts2PXBGJBiO8GF z2vy*y&TE4!F znQVfzv|qr%b%v8!kV^q;2j;=V!eR;lbbF%wGdLaa$@ron8tB9lI+-vj(t{>w=zDy9 zSE$Zm-cM{kkkSE2!gLyZA{dV$rKvkCDCoVDK3}>b^3?U+7tl(YFRWl5015eF7o(+` zmF8G|iR{SWL1y0=oy=vy!_V$jF*f+-n+%1kqM{;{eG%?^X*&mAOUED>b%UT4KE8AQ zALBS!>ATj40k+x+OZB?-c2gjQpaP2My8<9E%m`S?)k!UE1@K=M&9asxw}a&#`V}?$ z*!(v{{kA?eSr%^%;lb3KsGFHx*IZ8V42`8Uml;?Q_DVs^yY@KWYOo*P=yz1S3?vb0 z|5>eZY^kBce`vxH=!xp;oa6?*{@HXZ>RXYJceAEW#=Gsr)#oepr69KYYGc;q3U@?M|qFTENuXt=&Org`}?p5VE9 zm3!(T{ALFpHf3dS8Geb6k1zi29l`v7KTsF3+jC8+V6(GnpcYjYoXKYc_P%YvFN1>j z6TYMidBnhOuMv{AtAMgUz{Ff)_dAyhM7@llWB{y|wRYww@Q787iYJW5#>QvABYnl+ zzD2gxA%k`2ED^-u<{%Mx=pEwQ(_}tJYSkQhqv;x30BzYat^+%+&VWE1F2^c4t^axk zkmlzX47{l#KOi>en=f~l&_&PgAYiv59v&V@hGdc9aUVpq&8yCf-z|=U9Y5u z@BGfIdzFyuqRAl#8yl8Lp@RoVThGf2YHSqx3+%^*2GtFs!ZH9?hLFN!Z=o%GoTABF!R)ZM^;FQ0h9{YJ} zUwG^t%XuUqt=b@!i`_M)C8-y^LsuxIq6_oUlYk%w8j_I zw^#dS#-CR!s(LeI(;z$ zcyO4dU2Q6ej)`j-UJ-yXm((pjl$DjuD;9>r=;-KBeEoua=;f1IfD3vYk7}ga9u^dq z{9JIDci>AY7RJKHHedhsz47+u5>Q*x(2k!#tp-Pk=m-!HtWYTDFBE?OFuT9hbuHPr zU(IXvhtaO-SlxAdqLs+N`%Vk|=7bkSdN4M6etv#`x?mz;{Xh^1Fa7w@w79tV00UzI zNTK6YeH9fkP0b|u8;FP-+=myKstI7_6jp@{WtuE}6$cc0Uo)_tHb0>VaCY%qH122dIe%=Rk#6+r_VL_|eowMCj+>&* zB@bd0bhNV-J>@!m8rvoA@S`DNpyS=62HK-E1d6Ua2;W^%&)&E%d?m^&Dx&4&i~*tu z2!!xx6!XEf9?*y~06??{NnyYacMlC&0OBmkYGMLR8QYIZF#pNjka+t@G*Q&Za787E9KUb|&LfJ&587QD_pK+Fe? zG%0}ma(SOQoFL$EV=oXy>DU|h?%tk5ZhLHNXC5 zJsrr_3YQI)rOFDUw)@B|LL8H7%1#@&sqbO&KLlK4UO>9 z(e}J;zMMrI0E0?c=}Y7?`gyPU=E8c;bBh(J*UR+2iu3Bp=m2QvMpqD@dXF`$_pN>R7l|hBe>qs+CN3dcHR#-z9=rn^2dRl( zR5(d@?|C_kj_RPZ-&F`#wZn=b*YlfWG7uTvQ+;42VzjU6-Bz1q`jFWtWWwv6h8~)`H8ByJZZ}W|NDD>gmw^A9 zj}>XLVq5crfP#$r8GbkC&YR;v^Y(Oi8-iejw4o$jr_k>jMO2vf0NgaO&Z`@ID>jGaGJw(`yleyYotZ7kH(x z8_!tBY|!P7OnzK9_kE)SVhjmN$Zjt8Z;pUv11F;C+&Law<;C7c2N@cWdm03C!PxW@ z=!9zpus5>(B6uF_;p$*|AE18WmLRuB&Bz#33-?W>5OjS^NN65bO%X(z5r`ESs9R|s z4tL6w4Cidt_`!j+!P8URbs>8I6K_~RzRZ1g*wJ224go(NHvs)s zMnI$%>DI>pQcACsF|+&Zsnw#vKK{t8%f18t#J!Sv4Nnw-o{rWfK&)HOf&%nb|^KUy7omvR8cJlvKb(r`6 zGhtz2;k-Bh8U@fMX(c7ty@u14l)zRVDhQ)j4^ZMNq%MIWj z;U1%-qoi$ryS0{ul7%QEa|_9kDR=l*F2uK?F!cx-Ab?>7g@-qN+xe#*kCDh!EiJ%g zysN!kH;Df4*H=8_F=NURcD?`n?+o9dPygxEda|MYztMh{egnRjGu)OeKRb*1o1&-!Yct-^4_1kqM2fS@JZtT;C-j+V+QzeV z^8Qv-DBwtVG=*5lfhMlO*%Cgu9Z9cc1+4@OuXjrhL1Jg)bvlFalt4ila* zKe$v=Fp`-CdAp-Sp=+>ZcC=+gVh^5uNm{X)2BC>R_9hrd1Y=t?=<4C5X@ZqQHrK%& zYBN`YL&lugP_XZ6{|NIvTxaANd*O5S@ihPTZl zj+_!99n>9S5m_s${RE}*x%1gOUr@mB>Z~EWW9L;EVsP#&CTqMp2oa#wEh2)ywK23a)zjCOS z^E+d;za)5t00#WBM>9X+WEM8H~!u)XM`ALmgDM=8b%^@eiuXfAa z_Ik*)>;9g#nbUxi{911v-YUa4_1>??uKoLvEW5{V+1FA$q>pU+Hk&Uj-pFf46kg$Or7N6t{9Ay+@3kRzWYiTLYvMWGnDi5 z1D8jET_rglMod0S$4NwMDYiXBJe}wQ1sSSf##6g3l=tfQblmclXdY(NA7JF_m>qgl zY;fnB#<+OR(zdYT#4E+Pl<@svCoc_;gy;He^we&e*JwUX?dL`efA#2I{t2%%gY-mT z>c@N2k20_Q7U$>w%s$P?uGXhng&lU@USvS^iZ&m zc#sQ=36XTv$UkbMPAINA<`)^&O$*A;+_>*rbZuAgzo>i5ptyoIY!gC)1Pj3j3m)9v zlHg8ocX!tTLP&54?h*(dJTSORaA$B0?mp=3;eEevx3;#vt=j#y`-3XxOjn=NbNZa_ zexCcfTUvmumy?@&q$9?n#Cr|jlt?KiB_>gZh@ix_7USH-o_dL%K8eOw;_qyR&$zwm z8ES}QTm|CCtWTVz4p7Vt?}~*%H5H~GVX3<#=W+ynVmo$mc(?j*_2^02BXnSOd&>e% z<9{-B6${V&jZ0QvSdC?CR2&!vu~4Wk@;Rw4Vqy9_7K;nj7c1&{mIM?e?ynZq+b@** z>J8nLkY(_d9ffvT_(2?1mlu6!a#iIp$yFAc`AW)LF$<8r%CZ$jN+A;pm42au)7FkZ zy~-A*TNTNO)a7{YrYo`)OZ}t+VPsbH?xYiQ_hw} z|DIzc(^_rk_;tXzG_$;19z!7(fV1^WeKp3h&gS5_N*~#8rha6^UqkN7arsyMq3v<7 zZSl%;?fsPamVPPw^M7=XcAGy41~+Sr^+nqb#fUR9r<2(Z^|6#D9ioO#U)OUd?W+kj z@s(s7_?P}n1PNCudN=`XB#|qTs@$KSF83t0eO~}7b<&Cj8bH1DlD}Tk4 zs2VM9D}B>9Tb;q56;PM&mk%6g`rQv4^}C^)nOama!#LIyAptIE`^@R`dw<}fN=Di* z$4kE0k)M|SC(HFZ4lAC;jgM7Xyjb>X%Nf49S9ueQ`Mg($uNRHEMvfKrx_P-9^sele ze%D{|1|FSg=;`^SHKo~zn*?%v&Pw}j#Q(=3VPURSP24e zkfcDkW1Yu^W!+H+f4^;FC(@#ZS6Mqy0YgqzjE9rcEar?@9tN@>(6nQRQizy+f2gNB z_RUm6-Pwe{?dtOl9r|m*$GZsT!p?y3#Kxr`He8k&=KDik6f#){aMTx2?>NjL$`!R~*76BiwejliN zxrfsF<@!bMFI8~~dxqARdN3V-&hWY_lgc+bS^>xERy$_wlVqK=IoKLVr!0&gB7j2c z%TTo3OQM^*x=t3`49gqLf)@g;RZ67V7wUYX_gjjj$yDWdJRQ`Tns`gI9x)3*q0{v! zTE+MzUf&nR#>;2j9aV%fGHfm#HND(dfHq=XOf`G7>P}QkU6FzYyI;>PV_dn=)F!_?<+gr- zlpE63b{(i(ufLc=J&L}uPfLA$B9tS?`;jW{9ggx31{8jmQ1sD0R9p3ZWF_IRShbqxIdS_Z(-%vpIm|}3xD%|Wv;WB%ilc*tp(q%c>M{CV>9Z@#KzI!d zj5y{Kd6EqkLxALfqx>q=?Zr#-Ho`CDlxZVzQP!KRHuSaT8=4IE z-igX5GtEm>$<1nhd3Jjt2EVW=;bzICX^*;KQv7`4Ou;?L#E>Q<~vY`gVShk6)PIJnF1VY-63CUd+^C!s^LOeT8P z$<>zpJ^6xlat>WW_=X&cROIw&WhQ-_b5plr&J!@JOgSYqbAohAGWSlf^2oVruSPe{QhXW@4_DRioCYDHpohJ;RZ}~F*AQ#^d#~v zFLKaSIf@fYKV+%4MP!Y}Rk@F2P5*`0?ql6&N!O*&FA0zdlKQQ4Dyq&raZ%F^Ayoe))kJxx zn>WfZq;z3o99n03PlF)TGhcz(OIkW10%9BCpL5|X_mH;BL1IqH6a-A_bUG4>M(wrx zmxf99dBPihOsF3se<+|N%K1#b!XAlwBj3a3NdBlo7hK){q>4#K;emrKtyrdjR*YY( zzAuVsGH+s}AZVgH9r?@6q6LAQONoxh(`I@6=PgEGk4JYu_6O+VER-b^^$QAYdeFjs zq$AT4t!_t>y5TQMD_aTXD^bzDmmZeq0Veup5dzkZeJI_ai4>wHthTXr*ATd$gb-)< z>ZZ}19SKvH4Z_nLH>t zbB&6vWp3in`WQ&T`(yE*VAIJ4(h==`Be@e?k+gNX?N9Ut`1OIE&k_Q+kbE6~eI>gB zSv!GYZewV-c=cj`t*yp^W)_a0FwT6rIy{#VJ~zu^C*gTp$vtlJ#TsI zRKd2va;BOI9Z#H7EGT+os$QKOh+nI$NS2v)1${5RP3_NsvH8ZkCsY(n)3`MS#6`6_ z<%D*vcbk-GvZ;AG!}d|zust))X|TN2F9ckDvh*1_wL)3WZniroQb-(5=+tjQog=S&|Y` zgiZ{Fhj&B(ZxoKW}^2qx5uO<R&;65wQcYCcEAhe8)CmjP4K6*|;(dnRK)3 z)F!L=zbUeahCK4ZAZoLjfn@);4nrD|7BA?@lN%jzlqF>88K>hq4F7i5rs#apVo|%m zP(T{T#L&0p354;r6H8k2#%!q)`*yGws|{P|Vq5>*OAU$1lG%Vsx>{hfS5eblsa9Xn z5wsf?&NWGw3W)Jh;A2i{ifT7u7Mjy~c)(}laQ zB86mJSNW_fwr%jCg}U_WLDkl4tIn8aNQP&erbXjJm|Qg@Zjm z(o;>z3|EDz=&U6%Xmolq(^Zlnd-miSvho}>E0_PE)*@%r!d&KNr(%fL%mQBo@s6-h zw18$#Kd4lypMH(=Dbeia2JUG|p^0>1fGnSxgG_C>wqcn*s=n<=GacbEVPU6hn95In zbw|S_)A|0Gg-wie==&{nybLe)7nO3oGaMr&C|6w2{tvKR+q#*YWH}G_#l8>p8>tNi zR3;vn#f0+H81$szv_H|YhicJb(S}Ss6z?#dhZ0(U7}soWs1BOzVh`7|5)@4sTmC-W z7uZnB)E`0N#xV2#<-bcMMcv_5_77d->sp>J&-!wkDeObD7G*-Yu~fb|--GUWKKktgX#==X-^ z%JB+5bo{P3Fo6py={j;qQt`MSU%w}0f@%KSKuPHNP4(X?7M;>7)L<0!BA!qvU3S#~ zfhx^8$g;<=nd~=?Y~d;TtH}XUW8;3+^}kB@Uw&BPDEIy~cf~7bKC_O%^Ld>{BhbN4 z-Sc+D&bzy>dI&F`VaYv4f?Kj{OihON>;*e>sJZKY{uPk6gFGivtk%Aj;m8&^U#zzw z@1}ZwHFuMkb0xjhPyUtiF2gg7-rltrW8iCujdV3L5=5Xy#6)n)SFcc(#x{PWK&GF| zJfC2|{p%-6<+(ferzhs19|(a8$*8lc#-;3y(Ako?1kNoI+_|MD2jZ0J8En^kJO6fClI_3Z zlqAFk6rxn3(X|Ir^*_yD^J%?H!Wj2Jsx2QSO1MIwGL4g=eUIn*OHS09&Qn;?wI%#Q zDpNi017!{skTQ^slZe>H$YMxqJP&f-myQOPepp7KeoH??`ZSw`SCadIGJ%HTo0q2A z-ZuDTU;(x(Iunr)u`{q0pEyxXMbJl+HP+ML`z|g<^}V_5_G8spIBj^E+Ug=PQ?pF6 zDX%P}W&CwljVzw41kbxPY6Hc$TyDmKJ-Aq&BF0T-#FUsK?-Q!x)kQFwk_&zi3pwdW znlo&v(Intt@O|K-rm49_D;y_QQN$fkcR>oaZjzZrJ19+KR=HIBMH>9A(nJvLb%DD# zWgK(7R|1U#85D&pK37HNTmF@1lmxf(;Gg0ogL9=2Q(!Xh7>|xYb%whA%|HEPi%OSr zVOZLLB|M2PW&C4gJX3*8VIGkzHb$g%(+A7pWy>t@wy+F2T%Nby-<*&c3EmQtmbVv| zXm21{#oV#*PXZ}}O&|>mgpdy8tSmHdfr#D+px>}u`^Loj%TOkcS~dWL&FAIig`@z7 zVT@R0KN@rwoH3bCX=LiBmkfhRV*mUc7}3A=#+xF3=sCSmN|98d%qV?3P+0W1c2Ll? zdmSh_Eu)9!I9kNNh4=&A`GVgw{F@$~i@?yz(5ANJ#-ZLr|olBnMwun+?239_{4A3FOZYoG731S|Jq=GW&BXHM1l*mNUkB{ zCTMgElR4wpqY<5Bkamp}XAZ6HU1F_|t!8G6PXQM%57(1QQ^N)jCEZ{&7r?6f#F}|G z)nbs5dhGY&`?DU;SIxq3nVEb3g+=_Mk*W&7uFN3WwVlxsMy^iVzvl4 z#O$K7v&DlU7JMc}YWA~8}Iv6(@Q51kYD%a>=NqMz1l zFPv}MMsUZ-&EShW#_M3s)shQX_fVtVM5+dBGi0#xj6yy_Yy|x6+r-1x!nL3@$1 z2rI1AL}xd*EY!*Dbs7@emztuw^M_pbUd&eL^lchVbL_;p6>yclcFZ`i_{mq zCm_cr3ml`n2SwqQJ4SwoS3JOM`l_Qtwjd02B<7pwCcu~-LM)#Ug>lpVu~nvCMLM=n zM&K^>Qh%8;En-rx!jMMIxjMndl#Wn|{sAANnx|jB`RYrd+5G3c&*)?wEb#+SRH^cU zc{EO!vLlilIZ^5F?@P?T&1$CmTv0QqiVGb>8B&<0_sJ1KAr_kw`Pw5%Ew0J>GwRVI=qY7l+fn&qdl77 z6on+kZS_;GOGJ*yJ-LW-w#CQ7NEA9f2jd@N_u0}Xd6MA03#i%K(+4rEbE7t|^b>Q@ z;X6&^faF1RdI2ob6~4cnW2-#|`SH5f)g-XHq8&HewU=W4$7H-@qP<1|o8n7+j_*W5 z>kgbuH_N-}Pq4&;6QqmUR|DOtmGqqJ|0Vlm3Lc*As!6Yz4Z-eq2y6cBa=aE=HJM5{ zg?qB?Fz!*Y+RxX4AAc4wBPsdx``pbVlKY>70v?P~lxrq^u%3<%gzsXlbo@^|!2Val z$cE&4w}i)5eJ8ly`Du``rJfYcseSr(cuKp;fLFD7 zbHV@A0(3==l?6+e@4t13ZE6MaIJH3_g@-D%N2YOm5F!UQtOWD3r~0O59Xccr5{qtGHv@{P#Z2mrl1dW(C;nE zRQMFQZ=&V7TsA&4gO_x_%Tb1s$j3$Pn%sS-@?iPI?P#|4nJJ|x<;mg{AVo5tg<-&| zJyfos3!oVW0d>*d?(Q0(rhEW&CFUzFKII+$fH430)4yj4?Ab;y!0tsq;~kC#H-L)X z`RT#u?(VMPVpM4FsmhN<$<&v76273{y8sAG`+t*dIl@N`)WC#pdNsF z=$Rtwea2rd;$p$S>J9-)i$Cy5xU%hz@uc;J9FVy^hW$xqGa5z07VenHm)<)%+6onW zpbR{x4|KhHc~jnm70@bG5Kn(XE7QxOtI;3!CU(A?u+n-L*^D)ypKkd#+jIl z9eT9GF}JD*Eco>9TJFVa zIYYCkrKbs)^}@{9kOg(x??7#*Ss$~#9f@!J10D=r=gZ|AoGy!(>tu`vV#9aaPZWzgYBs}G%l&IPw!!L3tTvAX zuZN&IFTtj0d=7p|PQv$2>c@}HWfjrGC*auyc_{;a#r$kV+xQml6rzgYqjUosKb-}# zhIaS)39kq*oniA7*^~B*!@y&M>zoPL9n^6heZ+X4WAvP&JuuPAP%!eM`n37g5CP{(EHt;S#Q{Xs0&;*7VI;^ zJM%g!bkM2AOsLIe@j9*(9XiDD%YQw<@9T1KV$gwS8PALEj#H`V?OUEw*3|lFqsq@7`P5SDh}@VDa^Vq4=3R3EHSR!` zJw22_Ha?8E{SPySV*dUuZ2Yw$##A1QRExD?fdUJAIPIo{I|BO9iXR6mKGftBP%b?o=(z?o8w zXRhvHgRp&#E9VviFymVPH<0iw@qT`AKJc673~fErdACbDqM#PO>v9fO~k%1UgTZ9U%C0u@TmnT z$0Jz=iJ_$jh2Kl=|H;uZ#&L@)N=#uWOqpL|=DJjlNfT8-sMAK=+N2DSF4-SvO-CGc zrxX?3wwX?6CWM{{1pT*3i$*hd=HigYPVAgBeU|>%*L1st1pDt8_tq^z4Y3_{x)v-> zeT{;>GK?DiVoobB1ijaWhO{Aarg41JScCkmw?1u$K+@+5VzGOmf*=km!XBA%Ga>ztcGIH3G*hi6Cz)K8CwFaEy;M#mH;hbcd~M^3qBNkF%3Cq~p||zOjFxdJG@)p&eTRq@YP`~7+;f6^1TX0h78Y{Gyzw7g!#>XJKDbAo z5421d$g=e#t8`FqG*s%AcpNsrwckFPi^F}eck0;lL2s~|3^;e49A`o2Dpn(DDk7gQ znSFsV^ohiy=EhD#Sb=H+HF=v)dRcn%=snJIzG^Aw9UVMz@=U+wL-(IyoCBgbqG}xK zcm)%FSMN@oNaUj&e|@Ml*YCI~Q+ISVlvR(SwlpAz!8-v?X+k05O-6KVlxf`FK>0@f zI~>+SD5f^w~sjZ*cH>iOZSyomzq%7dZD=-CcAU$1j8&hNo6t`LN*~uzD0fv|UBgpFL zL1lZ4YH8h4M+ZXA!$10J<}w~%vACERtmB4FEJHx6stM8}S+3#W&S_dCuUBqQHoQwe zp&+hqr&5}n@=wkF8GEtq>U2o=7J`6;Tke(}gk0rL4vm35fs$EXj%IH0S3L})WzT!1 zzbezLa-63c7TP(VY86eQ&PrHnb1ZbJN$X2p#UB&%NZrxPA-u?0$nzzMf`&{VUhadPH{yb>h491&l7wAZ#a1i=}E(Dv@ z(sEt}^YeEy7LC4Fa>IniER4~jSDGM3Y|>{Kd5ex+GHCWEyY{oJ{U-XiCnDq^*82 z997OZ?N)5YERhY@1!lq*=K`|}Zbiu>d?+wwhknobR>U}vBXOA>B$+b zEC8D6c@@F83a+gi{_zaSj0IfRJ^(sBk$MMZ0VnZA`#@yl-HS%I9e$5}y!66quM;3K z*ImOrnj6$jjnHJFE=D;uURrVMWOv$jV0y8e;P% zbWlfFy?X+4jiVw}tA+Y!Q>1nq2-K_2fze=*| zhi~_R=kLd+N8OIH$R_6Er^?ylS@7ZCzq{&O`8|h%-(ACP)iVqQsb83mQ@g}#e$ir3`5im= zT9bJ`J>m`W2JT@Y4kZr7?WuieO;Zd^PE~HOeMo-_L-n?FAsuzX((U%~6Q>CITHiFS^abqYkx;!G^kq zuPH|P$_IC(N46*AAeXmQ;Jk^9e!_E6HsdF{2HK(3WL_gPA~N#mB;x|t4iP^ZI>87@ zfJ{tdDugxLGM6)_*)a>9jdZ6sh=e0_bZ&*i7bVwjIOQBo^M@`j&eQczS+^+ee*5Yv~jPc4ydW;j{_i-kACT6=He@?R|TlPwK8-#T` z#;1S2{p4l;;kLfz=)}D$Fs_2^oZ65_Nq5rx*M*~s+TBu%7BvF{#$3p6&%IO3tbD2= zoqONW8*gUOVip^2v*bjApY{$n0ej@4L}u-#FU^{Y?ET>PPGvjQ)i*qC@TF$b7B5;a zgEPnmv+)%Rv||OA)V?w!baf->grXM=Dg3?E$ldK#3i6H5=@Uooe5i>HUoc2S3KE^HaRHPJE>~XgBuf zZO-A2&aiG59b5qfEX2Co;APP}ocUH_PQ$3RC}5 z+8=0`0vwI!ull$&cK7-io{QUd{4*<)7csgYC6c6}i zBp_r8dBr?GBG`ej?%_19P{8T<*?q&%caIkME0}Ex#Uk4P7O&K-s3Dnx9uWYM@VvVG z2HKyG<+KnRA|gT`%>2D|PpkBo*IWbIgO7ae{Wmu)yg_$95s`>^G%ClMYM{xel`>~e#%>Im^g}oqTwl;9K*$PL%-4c$W zQGH^&z8J37+z$W4IftQrR`E{N`K%p1jAf~E1~R%;PSHLD$qtG3@~Zl0PK{xn!rImH zTFNHnx6a@~7WvrIl@t33ltZAmc8uJ@c-{0EJ}0aj^!O@Ti#JQy^~6v3u1in2$(h(l zS0pybsI5QtnxRRwmedL-vlR3EVL|}>z(uif)|`PjH($H{e!K1Cb>P{8=9&j=%dCYT z&K&Bux+&fMtqyyce;;uXy>Ywi%6{^Z*yDHqkh~k?pb8l&Z%*^Ec_J2h16((|&Gu`P zU4zr32N-;Upe%e#5>wuuoMfeZ2EKj&h)#F`OLu9S9#tZ5^!ifSa>_c^G9jDiBOUPY znA2VB_dX%Cp3)KcWES+y3yKDoaZk=?|&Hxdn5yrUB4RdZAZLbNI3 zeMe;>=l-3~%S4k)y_V!TzSDw?*o)w@?H83T>R;i=GWXltr%a0BjE_ zSGAuj&W?*oC*j9=df zv@+nTY<3607|e7C3T@7x1Ei!vo)`wu`DQP+{unYdfJFEJ>&pV_YXcZ{$n2GHY|hhV z(cvNlyWa%?_3Ia-$9*kQU~n)37Ou}v&ME*fw111w^f58O?t*M^pOj**mVbSB>TKXO zt>+>&GcvG$6b9KyRjWt|I@yTvo+*qm*(Y@25RL~PB)QFXX{YVWSa`IRXIrl_iJNx4 zDW%aJb+A~gTZEe#q6!d6P`rkSVAuLSmOsEQpl5{3Zm`Z(tg20?dx1Xv;h8M(P9&4| zDw@+{_q$fBopY2MHYdWpJHV zH(JYuVB3B1MtDw3e{6O@!sf_LveWH;1Vh`M%U_tqg_RMnkL&!R@NE~us_(~YV;z)H zalVV990LUuD<8)(v=}yhiH#>(YAN24D{0ug8ohU+XR?If-H2Cz;9jg~4|PsM7^~_0 zzpKMf_gov=%JC^b1?Mf$Z|7Pp{rMM4u~%=$kd^4m z(Nj#I&d^7wo72f6UbaXVAvsn%nHRjBH#Vmgtqi)_fmF6QXg9;N1jnZLZu0tJBpJG$ zt8BXVe$}_;(c{lZQ@wAgkU&aZ!t4+w?xjW!abqm*4Hxbuni(=3Pn$Em?y$j@^;Bw- znpdhfI80<)v&E=v16eRm=G!%)F_F^CTFuu+Da2$MmUePV4xqgrg(&OzZ-#~XxvlVPIc`Hj3vT9Z-L=z9%a!qpO02gcXF=u*Tmil^M1FYGzdD1fk4Qv4t z3DD1w!hCm6PayhtPXCOzS^*RK=P>{P=3U^AH?c&wk6qy zooJJA@MxA$e}+@reA6S%f3uSIZgnku3jfJkqPn2{4;bZ*DZ!5p!~eUC=>NwG8m}ac zc5Gb&c%soB^M4z2)&?toec0U81OPGrY3es`qrd8;|JUU1|GTDyt$sQev%`H(6jS^k ziQ@kUb+t1KpU1=`+*tB2gKXsK4YSwHt(vT5ZF@tnwA=?H|ZW)Q0~R z!*GA8jm9y|vawVG`DxKKuL7>qPEAUiCzL1K=?o;H<9WGOP(Eq2N|Z(kOth*Ga0k*MxNt3<^=6Z&}ml)WmH8R7YOAx7)zFdD9&_i-$rgvq)|>#~h1*Yb})bE6N81vQarG8;sKS{1*(zu9=C4SJ+KFyCa2 z{p5aFLY2(&mP3I^B;+4J^XOxs9j;1?Ixcrd(1z*KMWGe-ph(jn_`d#iw9Z?YMz9O2 z_Rj3!{qniH%rR~lYDbefL^y|J+$Td%y=xZWEJI`5^4q)awMKVaUQp{^Pk3xba|!wq zW0LQ;FbjSEpxTplJA!(Kk3g2+God3uD$1+$^nHOT-lhlRK)n+>$Dw)}B=$pBl}zIP zKdLp28X7eL#w!Hs_;-4Lakwbo_la{FVS2McHgMOB&J^vwU1V>cn$AyXnHqA5l42cQ}QG)D$fJDliQM&OspBQJO z@kL`XqGL>$Mwil_I=aPvPJu9A z$g+G9N6_L%@*rYry@Sr2o3NERr+XxGBI90&SVlb zDT6e-oXsG9 zI`a7Zyewl^P*-^ zJU80@dNs4U0Xv}2dF9H1Tgvd;4}BL~5SGMgIhvnIM3Qdw7V^ntIILA(KxNXvsIQ@ zAn|et$Rzl4FH@z5nH?aAUa7{Zj!=(d*rR`SVOTrL3>%$RIz##qm|J0*9WA?`%*~jt8RSiDSxvqE^BE?G2agBLT2e$8T4I z8-E!efLxg=;XMYOKmzI<42pCi<$=@fNvbGKGwGw4wmai_{|lr-4Im_hivFXNH}d_hWi>}KB^FSP^nW{wiwrC;)~?!WB}bFgjMqNv0!@5v91Jt#%GMK&L65& z=dcNynE*%{UzzU?Nb3FRn59ao@KUZqK{q|HF2wCMJyi*e}we3Kg4Goo}ibL=2u zdr(njh<)v-CIWDNRbj|8L1f(rn80VfdJ5~U@<6EOOl`gnd2s0TXf}&&|IY~lr(&c< zNOAcH`1}2MetL%5^F?}%Va<>bNHw&Qg@!<&gI2J`7ubzmr{9IHX#~hogS1RYYLT9Pv`RH7Lw}XnCK&$pKw-Xpb81G zb~>|>i*jrZ^+BV|AW_G%~HG#IuI~p z3n6Q0Ftn502uE!KI1m?7vsV-5FZ7_}!|$t68!FHn@X+xO-IG&Gg2*Y8Tu%or`j{B0 z-%{rx?egzcF%Ra~+gO8O7U#5C=DgwM!Irc?h|vT7rxrk_KUe>^VbyTCdiI}WYI0fC znwo!7*fU5UX-RvB&B-t@-GyX%ZB!T&GjPSYGu=V`gNRnWf#p_?VE}8PgpFHHv zr)(xi+HJ(li5t}IKylVD#gW`e`a^sj-sd3Ki#(|lR%&)b@_K$dE9gV=_(SCDM7b3Q zXeLR~pi!tXGug*)a&+rr)+MUlKX5sdCgd9S_ZMkivFD5D4-0y7GgpRVNw3|*0uY)c znUm;v?+D01n#_`%pl$T-zR6(cEV^aSbm~39WQ%V$8)}t4L~%dC`*S#UgMf}kUsGIY zO||ksBG2=}TU+AyPd_Z6<8Ym5zLa+wONu?Y{Q~d`O~0%_K+h58#NUbcsBuYAHo4>u zvN_d{g}~`z3~k}FeQ9gu7zq;?NXs{8i1Y;gg9HqXI7>CL3E@iXJw+c6xXV9^$W!SQ zZom2xOOk3<_##@n&f{w0p%NP|=66HE2+3N#hub*A7=J5T$iN1fW41oHZXvng!Q+M< zZKzabETKmu;ImIJ(Il!0X11=;-QX}@x8}!dtjnjL_ehKldZisKMz7xfSV!(#v=q{@ zR%x;K`CXj<|`>F zE_uHpdb=Uv?D!B_aRBPpzZ*p^v|*NyPvKNdC~SJFlT|gqpt_S^r0xdnLTxaj3Pdmp z6^9JMT#3ub)^@~0Y!sGL=gN7H_QHErrPMfwrSLS6xVf*+g-kW!nxOr@j;7xGw~oGg zJUl!E$E8lSEA_hHm+5x@{p(I_$)i&)w&`#~+>e})jOV!Fc6izm#Fyt&QJN|wgj z1bFjw5)HB#xJVhEe3^!Ix_O3hxkQ_E?ja>+`tYL0J{=VU=upC?ECNws(81NI7PFRG zI;O`|)elEL9u3UoI@fkb+bZFlaisltlk|9EgDwk--{wECY!)aD0$s5IvvfNwoknh@ zDeLzseKm-Dt>qZF3F*Ew5FIDIYFGZLrp~HGm`TRKBO=3I$FH5$ha_a2IFio{qn_*v zQH6Qw*U60mC~o8VIm#h}Wsy;ae9Z$c6(r~Umg+p*8cJdyQx8D})ejjlC!D@VJf%E? z&a)aC!(PTb9-Zt1beqOb-puw^Z>6WrR1`E-u&A2`yk|6$e0UjJZRC(2zqypvZqR*1 z80HPqdUK=N$1|?}&n3mX9I=>?J8JXC+-@9}+SexK)I_Fj&XzA&#E;$znB0%U@cpYm`n!1&T~N9k{FbX5bj*cC7s`+^bkYdY;w+@Hn*sUl6!Yw{RFBur91 zHZBJ#OkhXxDHs6M1N}c-r z1u3-6k%g|p?lV^CuvWpe#i+A7OIz}e!b)BtQQ@!r0esGGc4ObVH=u}*3WBN01w?(I zf^Q>Tk`;wE#Su7?b$8z@4>sNPBRMG)m0y4cH|~B)Ia%o`67yE5vDx#bN95_h|D$82 zSFTP->>`-y*nE4$F@#O2?RCoWk!be zHD+Y8+N7P%RGc+c&6DZ2wHH{o^#xNy8fWH#w@7?P(Sgn-W~e75dgq@yPg(3D1gj_` zj)&4+tc}L$4PNB zmECrCn=-~^JXWY7KxTpbEwev$H#K>WyEsLWQPAGxF}92#iQ)kwv}m&jLpX35IDJ~7 zk23w0-OPm3%&q{sE@kUZ=;g+jHW5oAPnl3S#j>MBWx`}CR`zPnG}!61bk4F?k7by< zzzDL3%#x|}L4@ds6cPx78JfQd;&a4cj_q(F!Z5wNpl*dt;h5VZphpe_m)a_jvKiOC zb*jZ*<3mE0&H2s2&JuckNsb2`fD#8ch%tP35&3$1=UwzY!;0qf_th(x$1k?*@Aj;w z#wLE&Zg74RU-bHm%rVi?;i@+mBkO@Ha%MSHq-ODJ0u=*yk<+m)TF*(3#ca(TJZS%c zl!qwfd+V=nR;>pyJ@9-m(;3r3Jm{b1oMuqwth+yKGx%bqO=kZdbP>q)PL}#Mfqno>5-dG*?_@B@D>^@rB)riO?}T+S8k_vi^-GrEza?8leo; zIXVJA7fq}~e+4J;Z4G9rCfxFxOyuQUH+n_dn)7O4Y<|PR%F=K$2fX_I!sT2fJadIK z{^Q}}6(iOAAB&naM7jTNY;5`E?SD7zBF^pkkIjrZ^80GS`5^br-@u**ho4RV)T)js6aesA!ce>&9)ywaNXXkA`EB5JNMX!dky4xY0GJTzI10&ceo zW6c6#rzUMc>`+hl8pv)vDy@4vtkqyA1?NMTD9ZYaGF<sQw_PFNf*7GGg18$4us5bs7E1Q82H%87|)hWAo zZcEr5uU2k{a?YQgQea$xG55z{b_iZzf!1?k?h%DhR#{J!kcAt9(C4blKyM4!DBx&!b z?-Z{8Iu!*44WFV`TLQCNl|{Rk+D5e3X-A*-kywx5qRJvIgsg4-a2e6Hb*(3g7?D53 z2kq6s{?uo|6c5Jh@YUO_)pf6c9WMkJ;DtNzY@PWW+r$nyMS6NVfg27y5~wkZV!3Z^ zLT-DlR_(orI1gAKLvWq4H@a5xTTUnCN#Rey`e3-?owacGZwyw{2 z-70|sY-f{a^xgp$RtvT~^Fz=Wuj*($Q6KLBN+_5L+QHaLYI4)eJ-T19iY`m=i83DXN>>O*gbi7Cxoic=;%{EhgL^=v(sSf89E_d3%8-CgLv^d)VBwvqKVvB<-_a zK$yB1d955*r|+F}BicGh-EXuZEq(Li^lx@0?7>OtVtq&K-;;7+Q-hKJ#s5~>SBFLQ zzuO8Zh!P?SNJ@*+Ak84sEg}Na&Co-4NOy;Hw;vvPOf8MY(IfY7`Ra})LMjvx`=CXTEq79o=~C>U5bi;ifMac~NWO{K&Q`GAaepfK;U8Vap6&*rtI2`DN5trc(6mB3y)PkT2m2zo%6zS91V;^YuD44 zI>6y*V!BcTl{xh$rObh1smG1`Hm+>?=qBN@=QZgSi+h_oy~0s7aJ}BUyDy?@A3O-a z+15;Sn1{0LQ(Osp9RK0$Y_^G7^Uil(bfhqZt>W??tg+OcFH|<2kJ^&f9Rq&JX=_{6 z;kmBqtGHUu&+&br-HlC7#~v-9D}oIeX!SO`+j+x}x8>rTN&b5Cx!cjBR-S{Wpn3O1 ziWa9(sK#1fa3C&((JiX`)a&B6j9r9ag)~)5b@xu|Rb#9A=^X&ANWYw0qlBoz+}|Gb zGk2UU0$`h4WQXj81n&slcO^@~5pD%;N6L_z|5-BJ25h!adDMX(VJCtKBm+>v%e6L=cV zQ1@EM0bkQ47U$(=Se@IA+u6=?W&p+7BHI22MmjWeo#%EORCi8EkrE)`amJ%CICwB{ zB;mZ!x9(O#W4Gx+&gcKZPnYHr&_3n1*bJrx)jp~fx0Tby5;8o@9D2|=BA z(y7cEE(ettKn^7EX6yNAJ7<_~+SQ1at(~Qi3e2r1e-I_jL)S(_;PeU=H%cYlZ9pc|3)w9&SbSIimSx=3jce?o~XZunIR|D`P|K)m%QRSMMu&~Lk zQs?%l)a{u2Sm;{{vZQq`3r6Kwd38DnVN6_}f)nx_wF~W^HkKU;B}d-vU!T}|3>pi0 zhTtYi@OWGof;V~%iAxWAgFr&OY(n#vr`i|jUwBa4=IXnr?vB!rdVg?igFNGIV4yxN z)saf$MAuBPNz3FdLq$CDYzMt%%@l20)2y_!W?kC-)p>Bbn9!neh*@U6OJ(<{zl=(0 zhf4nWhJrkkd=0bh>LHwSTX()i&U|Zk0dl2qcdT%~_V;&55Ad%XG%VZkYA33Vdw!L= zc`M<3JEaTaJz%ETML$K;SU}TKApTI_?0sawD58?a9+qP@n#lXBW$ydjc}7bIc5@60%w>qeI$O zr+t;*^KBOhYr!~Afx)!beqhl5xZzGurMXQWBX!E{=70~j8pCdWT|I-{oIhG4*nEn8 zI_p{44YXTb9ehq`gig~n1QMp212B>ur$t0;Urh~oL%A;M+<`B|eX34r;w=yjV!JtB z_)_ZTn!UpQOK_#nj-XBGI!^n9U-PwDsg_^ypcu1SVT zxap3oSow4O(CINN+e0Yv@-Qhzm1l5?#a)cs-LNId{Yp;$c8$|m{w}yy-b2!Ye6d&L z9si5dA;EUap`-Rf4vjjypr^)jiz`BILlY=WT8tMJ_Hy1F?mq8iT$^>6C;ZX2Ch*4Zp_8Z(!?v1^j5onyY9 z+q;=78e3mmi^ukM=IHNP`=r;Jy|Y}X57T4PsC7;>)^>`M>B|Z1`3%@Ra(V)e$E_vnx30i6L`BYRW&mJ5 z?HTZAO%14oM!8cw?`ZbYJR|e9-QsV!wLXX%$lP=Gzq}%hdv0Oxc6X1!zg@s)<#Fqo zYil=PwH*rHq`To4&gH3H++T#=2RPMMZRvuHKdAt~>-4KxoTi<_blaI*e) z3HA2>tAhJi4P^z@VO;|fI z)XMVGI-$nG7N}9xzfIa}f-e7L%Z05Qr2=Uht+!jPEgO&K|H)I-YlRxB)$DGy z?9FFNT7G29$`ISGrQ@$_MxyjyzOB$oFW=DPrad|NsjI0(!qgyDN2A7_ScQDAY%#hk zan2>9r5P3kS9naOkt@w;LTRK%Pj?{PSnrm%yhv z<5E$Lc!gs+kSsOH4V=3^x3*yjcsjWTWhGp7Ce6HsDonDN>!vQi@Jr}YAWuz@D-%(^ zsK{d%Os3*Y;;!RmEdE3I_09Y2)&5v$;v4z$m}ddOjPixeAjtf8cIx2g{toFi)gFxE zfC3zyv(!gX*{rG=-dPcK4hP>QD}EHDo&LC!IoPpEsJ%TDe z>O$J0mi_h!Kvev0CXe#f%vwzBvo>+mk4_7C#AztbvK_NZ8#a+O79sV$7biJ@KzA%x zGdIUMXwfdPA~fR(gpc9w7`A}mN;Qxz+cycj`l5#6;}3cM>=@%knB2R4)(SQ)P*(o7 zWwNT>C1wkX;iSHX_L+_5SRz4CuPc(*KJnE3iShz_HJ=yS|>+>;Zd#yF2uN@{i zhLW9y+TVTz1;bu`$&R&S%_?cL{&p_>A%s%V^MfM%nO|%wsM$e`z?kReg8WKqPlxMm zLAiAkPUd{l@%M1Oj!dcUQljuDrqHgZE)RF3S$_4rN+xgiTY#%kV0W@olD+uiwd(NL zhij52FFCx>OtRy-mCLZ!_6ge9!9LJDRCS-*Y9aCmcj#!0=qx&cGObv*J6DwD1b6WX zP#|!lVZd>hS&pq^`}gq-x?x&0PFHN0_s*rSuGuAWJhal6k)@FJ7ZPXj*!5j>Nk$JQ)nHZs&_zh#^mT1MRde~3;{5P)ODck!X4hZAR1#w+jb4uF5T`#Id z8ZG3Oe(_iBFkjT=AuT7vI=R&CVtOaWbUoc{Xrw9DTfMIbDYIZdU7TWsJ~iCP4;w14c8wwjV6_e4K-~5`uBNv30Ocg}GiYX=@J6Y9$DMgH*s6T2as$ac9t0^#+ zg_Qa8v!EGFM31MoIvS=l%JZ8^DXT;yC7bb0s@EH-z!~&xyI)RV(l>`}@wJI{WwkA) zMEL6j!YPq-?tEB5W2o5^v>UbMg9N(la;!y^5P^;-OTESwPort_0sGIbSRY^EvAp!0 z97PP<*vN46>o=6va-^*aqZV>8Uj8$QzY%81oY}r6k5fH95<7w?HaZ-Yu&JX*X+!aW zLt#*grahrlo*sUpAI;gp-TnI}wgE{kg@0+$Glt@*ki_;*y5dcyoyZa=?IHFdkJ@MH z&x#xuOf-TKM$;ZVu&kG-CJ32HK4vyj!elAE8Hcq9izBFS3xb1Jkk--c2vqW-0cvE*9IYkwJfto^lltHIOO%+mI%1kzc{Ut=f@qBdMR?fbrlf!lun-E=oju<dSGxV_w!`v zQ^XBUEv?|`L?mY|X7_Cl`rPiYf*CqCr?d3rxxq*kd>A{ZBlas_&aSK;@6-lf1D(z& zxX~^qI{2jjVb^qI5gDFyOj^)aqS4JW?z_s~wQ>ysSo?_vBb{KnqUrMhCM?ETho@sF z)+PRWk&)sIYelQ?-#foxMKvKNhUSf_=c-(48S&-zRKsM()jr>6fkiPFWpEm6W3ywurZRt+qR=f1-7*gCZvV(2mYson^i z*Y66!KUrGWo0EkOVK-hL@|be)DdJKm75 z{dC1hKi@tZ&4Kou!IU5F3*kk*SD=fIJ1$|;kmnK*U)6CNy?5L2&^;`D zeY1QvxO$2E7m{{MtMbNCMQuGg1KTW2?i*VuN0L0Q)u>p6Sw0qq{%l)kfjHJ-w9%le zRu_%#2X=R%u?mRKTy#aUf7h`|BU(jMhnf1P)slJy}76tYJzd57ZfSFutiRF=Om+$Tc)fR%Iga)M9SgV+-$!t+K`n zsA-*Ysr~K+Nn~aIF>b}8zjQ)irnf~!8?0Yq(&F6;fAz_bW@E*lv!IYTWCF+YL7w3- zqsC>OhcddjQh6d(={RRh@^-u>U-5g-EQ3$$G3@ok8HHf12of!lVlz|5fm|!oZ>q5+ z?z$ESenu%ud}JLLWNt_xn)FoGR?19=&&kYS!(LNqovqzu;|s~zidJ$hQ7t?0UZF{|!;koCf|HY|PAi0SkYNTSo~Bfbs(~ghXA57UkluEzW7;U^W@0og zqD5}Y@fyue)y4ZMzU+5d=&wj(hB9e`Y8YdRN-XQH`jOeh*bF5l{3CyDbGbBlos9hPq;`4` z_@g2V7&|Grg8kP{T>31lT#3VnrWtF3eqx#gRw>K`S#S}0BiX1Kn!PYVCynUw3^!jk zC#zgcJjIx1loV&^SYYNzE}>jYG5gl@pQ+S+WIBm-{>Z%6&9IDj>t)5nq3=B~RwH>B z!1j&(;-RL&c>2)P@EijjXL9*?w$e7Wy+awLNV)!U7a0k6Hl~3*9f(R|d_5yr1s=Tm z)tu(G8gU1%|D;yAucxV0HvM%xG&<3Hajfxn?OUbayct`s&0GH)yrGXw!%Q|aRU0u8 z<~^B6#|35*PSy9o?_+IpQbEnat?cy%F5P=uWqFv@7{z-ctq%dA9s+sjNmRKBU#g%( z7TC0F4t%Q6Ko6}E&X?IVBZ(c3jePWS>sxQl#C_PRcjWunlcELGN`N@x#T9hgEAe+0 z1>z!Iah(HL;-BFmQVvRrD;EaIOtTT6*ol?L@Utj=4yr_r4yg=5NvEZRSm=-PTz&Ag zNO5alMagk{DB%QMy;>&TG>UE~`k<7s;@qwmkn63>IbLkvPQq+atH(nmXS14Tkhn^e z=D3{JV=AiU%E(V%)(Co9Yp95Y@nUR#k|!)E;E4VmU00O~MVnI(CQ z!O~>MdVk0ay)?bWt1g;@#PkW)yk2Ax<7~VfTOy4hYvIP=;RaW_Cp0gUK>|x<)|uHc z1yBw1Zv0Ad>z0#BGaQ?rI=&NTo5n4s^ueo}Go=p^$#U`~a{z0r5RAt1f}@%2j^WvO zkGOVSFuIMtUG1Ixafa_q$A{<>tT^*pP}unA`thevmErgQR291QFM2}&^9C3h89bL9 zn@FzgQ@B61spGe+`7bXzuUlq6<>2|`iLhui8Wa}Fh=T{ba8eO1G`fq`7G2=JDNEZM zx>k~cZh-nHDMA>(b7ntjtYS>>0?0qdXd5cylCUiIG34@PBJ<9zSB@<|Sa5hVMhwN< z3ZI*Rsnzc%qI=i$YopAkd>W)V-`8>p$6Ilc?))u!8b!&^KHz%01~biYt#9~dIx{$P zbjKj%`xKl^!kAMLbk#aCLio3tr^X+nMq$!#WoP9RI)^OKeAuM8a|_x{FYK&1(VG^Z zo$}F0i6(ODOot%Gp8k2kpvaRF8o$gtwR)ZFk^B`w7uO_ zG6uF45JRKe+0?IZV&51mCCw5_&sK-BSXDcBATYo~Rf3wO?7vnqquD@{a}!DQYnvcd z=a4~NxQ!=#!(WG&NdTUy;qsl{F%39m)KSjNWVurI#vPr{4I>Zy!#X29h~y+XH%i&_ zoS|=0QwClt_H@{DLo+7i9wR7qQzK75(xK_pSGl&YY^uhMY{4H&)s>Ky9LDM@3Qtq3 z{)yrEH6uth-?fKMBPHuNEW6u{*#Sm4`KV4J-opbsHCS$qWC>WpgDWks=AZnDX9Kg) zpfKi(IJR)NkVXzf1S{c42GGVu4QqZLGnxY3c#wny>$bu&xaciD?4h5bB5ATGx(1({ z)b92@@z#W|QTXveTW(I(TdogffY|i9!YyRA8Q}vGq;GA*tWo`h!EKG};a<+$c3bvq zh`foFBP*49&QOpGb(2%|%y6%Dg8eUheH*Lh?^WDw8)Yh2Z!6GVFd)Y>YKIa}`Pm87 zfF2Y7@XwS5^HZsjymv}`JIqk29bD)e-R-J+qzxb5v^oWI(Ge|4_@ z+3>%TC$wVww0qH~IeouhzW=iaq&H!q`|RLo-|xbx=l{@V)NepFXKLL0^_Lq<`z0vc zs|pY9J8L~dxxm>2azUSZg;{o}Yg$$|U2YZ^r$tWH$h{C#KTKOr^HC8WS2LEGWTASe ztQO(16XUzvM;PME%C^x7Iwgyc6&0=N2zU7qCtG44m&w@APts#rltNQ{&_I?F#>l<7 zbZqYLtRfXWkodP9#guN!g92#{s}~dw3hdF83~FXvzPc?MtF7Sn{9!6N%2Li1JH@@S z@r=JGZoEH~{ooQ4$Ru(Q6E(;m8LYHX;+jp?#@?tVlZCd~xGzB}?JTewEJ*u*vs!%f z=&194yQAaGc6Sa#L+#JxM>QeJr%cn=C8nz(jD9(IcvciZQ!g`IZn-BCJR7o!r#4QF zh1y{$%3d^?6s1T!f}MY~dScHKK?olUc{Q|WoSm3K7$vIN!J0WWiVNfx)rtf)n|lXy z9`}ZlJ1Z;UxP=z!fyh|0aN4J+nM{+|bCvBdmr>sleOlEdzx#;;R(@8S(d%mG^71w# z$MT7utK`(6YEr`&pIFGdjO?U`(~u_>Z*r^9fI?}v+N2`TV74T&lDI3!PwH7NjiOio z5(tx4E%s9bB_!$j1-f$zYf^fqDJ#EwG|jAPP)cCntm50ws6mx=ESqHO7Yj*V)0E~2 zgVhy7{vM(Lt{TjRMOOkf#g4ZOK8p^o!evPj4;W`s367t<)fpAiW|w?A8fXj2Y4piNXW`$amIA>H6R9aw~t6x{Wg(3LnOv}!lf$<$miOs+ zP;tOmv}WwH%@|`iaq+Eq1tVfb z(o#Zh63q6v%Ye*~;vUrAc20Y*t*!0$u&ej~rg$N}d5>Xv_q}m*#2TPi0G18_j2?0l z_(xK7zjP3BV-dKVc<-wY?I#m(iu7o0y+8@Nho|sd@_#9_{{7-VNVNW6Fu6Uq`(QUm z-90h(FW4b1C1_8HyZ=hOjN$-I*k7>xuh8{xK;3_oUtJ+siLjiOg6OA!#RC6Z95TM& zI;>Ow2(1kKw;O<)PxTItUa>o1&*%m$&L)Fqb1e|H0$eRy4Q|IH63N67_lK~pA-!z{ z1teDwrvA`1O{{YD17<@Fo0vfs2vNlbC@oOoRw zUb3tvRMW%ZcGG;>EMoj>+1WX#-int#Rc%ivvKcr^$)m&sJ6^xu7N^NJ{rT!uE*{dF zPg_g-?9d4!*qo@#hD;V`6K0_bYVg(lSe{EEE-Gpn004=L+@Q%rq^^{vk&{@u2bUBm zc#3|&VhJMmUVcA`HprbLYaa8JD}$I4N3iT?A(~>jrZ;(-#~avhgL7oYeQDeY^*yH9 zsejHqOe>fEKvkLbI^?r7|7&@rC9M#;5Xr8=VBTU~*>8yt6{Vj)s{0}%?<@14T3G@p zWyAyW=`@%lVrY0#jS13_6&%)m7eRri8FJlzmWn9YQ1eg(*>E{_8|7m`m+aopa%qv1 zAhj|-%*0f3;c>l4?(q?_#%<^s;dSiX;Df>MYBTn5MIW;ehWUas=h)_uky7o`*A&5Sc5g9wvYTkciuxsRh!eBwl{|H!248)p?|R14qJ(FV+(K>}AYm6@^jQ!+dCQHV1g6gK4%?k5U$K2d+2PA2j3{`pi6>Rd z{pz%gcz7ple+k8>NB7xj4~bWjE?);W|2zB_QEJOhRXx4_V=fn_qFf~q#IF5Dqg1h> z64ucM_BwW_Q|}F9O#osg2f9&}M+2*{mwqlPx?-6_?mGR|ft!{Y)r}uztiyh=(|6W9 z28%x1iKqEFV}Jt@zWRH#R++hAqFOmdy~`k(siRkC($SC*%OV$@X-v}ZmLHP3fORP% zuF`pGJC)PEaL>JD8_y+-snMcZ|@ zuBnXa z|3vF5A?SSim4c4;{ytz+i%<+|?)poZqttT$M;g~#E-ZAkG^ZuZdsxkE6$!v$Bf_fT zcl(R?l>dcf71t4rIAw|m+iPH^a6cZ&>-rlr$)E823h~Pf&isI@0n^I9e(-R!xUAIW zqaK1w@dc2_6S~1mZm1Dc&8=%sWg}BmBGGy(_0e%PMC@Z?;;|mZRk#El6_vU!pk$S% zn{4R&6u+8^ZNTwf1eH5eka!^(K^EF$^j5Ob-GAb+&>#QV8RE}6GZocQ>{LH{%U&6u z`;p60t+=2hQ9Vj|1?dkdIxQheyBdBRpzcWCSW~NKs2xkzHUiZkDVgZ*RGdY-t68z} zySLcictddE$C3mtw6-4+9TejqI)A~t$^i?TjvdjJeixQ^=wNTcqO;Eq87`s(Cy#x+ zevw3l7F8P=#ERQNH{6`vk^Re^C&zmJVjMp}!I&<1QscB(_`ys!tiV;_2ab-wv;ZAt z$5M=^=P_wU;K2=w17}{*)8~$&L^QFMURDvk=wmqsoUg3}u4|+?w($%IM(XkkZ9nQ= z&qW&DTJ(ihnc_Qjakd=MbZc;hwuY$qj2%F-LWQTZNGF|cPHEH*sL&yz<5u`D7pg=q6$zhayo$n+ z{hoP=_m|mbjr|-fcL{S>n$+Qqao6o*mn$%fC!84{5Az29OpD~SmjkjezAsj6$X6Qq zQ?t8{8};5R%+*)!7Jit>>Ny;Ik34;ot?vz1BfZY{r8-dkq4)10pH{&i*$nTn$`sZl zhF=)y2FRNz0)>izt_jBRHvjd3=q{>1_@kyGwBv^MKVz+`A&f&7A8I)kacxMC`5?50 z&H)gsyA_ouFzM;=;>brvSBd)yOJmmkGZ>S=`9ag*xZxG;11_?8!{ZsVFKIB&vV78q zReU$S*p>c%hQzFD{~LB=@S;-N4osqAu=7t2Cj!k?murw)qmD6O`}2s_#@v5q5+#JZ zKmBiDSC1f-hSuuhAta=UgiR741W$|2S+@y6+3mP~E85`TAY^Ue2R2LPDln2HlxN;OJJ1scAaWu=x~Qm>?s?z6PX|!_ zf5g2Ozeiv7XCs4u!^$jN_o`QYEdw&iqH(@9mVdp6;>qlPV7fLo15m#FLy3`N0?`$D z1JnX>10evJG*2}B+d2?6^19ap0gwNBkm0{!$-lD6KiLB!mmM78`)v(mwhMl1E&s*; zo|4ZD;eRRf|7Eh_KMX&3lA!ybCM-89x9h0Uw2 zT5sZkuxOjHfW|6|tN89NN6iEvK-xrU`TiKAQe}c}EC7Q2?}m~ykQJ{YNLg-?{3f`D zGV3R2-nvsPL~e3!S5Xb_JveQv(r}SJ_6Um zetiQ?Sfeg^kl4C@e-2Q($mgzVfXkP1KFrAKHY^q^>v48<)Nc>jr0?krg$aWOODFgr zjT@Jr0ss2LGA%B-Vr1^xDCK#TIna-&66~nTKzV~NP$|cK3RXk+2QQ!4Y;M?`yy>!< zPRt8ht=eF=QwraxC(v40uE(h{T)f0wHqsT=o9|@D#_G>RlKtXbav>UlFaZ|x8^1%7 z{60vD;JWJ8hgP5jKZb2a-tO7bSUhE6rbFlsciIA>pT8|HXqJ<5lLQQP(9fmYR^$sM z3=|_+A3tuy>n-?ZCN2&Zqd9=lDn377H6k$ODh(4(A(q>M5ie$0!M3P ze_mbrH;_-y9~%G!N#e~^KgraqE&uE~YbO|pRwFs-pssaWrBtHRjc5DwQb0TeW7e;M zC_}A$$i@QOcEZ~E$s&%~+ck@I9s+5^X9to8@Y1Za_r)i5W)en{tIZAi#+dtvoFZRzZs1U@5r@;~GUtKdV=h05|)RKv|MKyoYEPJ0}*y@7&({?tR z1h=Z5srb3XuM$rGxC){!BFYQOlsmA6opUa`8zp#yaSJYk%F85w30T>)o>5DD27u2U ztQv6OjA||@Ji-?KKB+P|@VaF@nA)mM2di$mt-+UPOU)63()s~i_O1;TTFxUdPdUYh zl#w!(4xZl+6tyBbsRR7fKXcKD$v@V4o$C#wg+3{;$s_&lGOf1Em*eAoj zFkUM=9_+a_>}ukmIr$LdaT^iO!aG@N;C{)UMeJfzTX7kh7s~cPSNunr-Il+?sKV)d zDTd-)^uq^~U;>UCO^^8m#MKHOI;)g0frB}Jj#tp<3RUE_jm_myH2$Yw3Ea;VVT5jQ zCA#;_k_? zJ(%;UR;9}NlMU}k?9u*py9_}-q8(fMbD2~n_&EA|-d^Euz99>~`XoEU-E3m4gRJ(v z{H=G{+0+$OnCR$${v8&ob+`hF1?dpU_x&yJ-~0i!Dwn1gD;HC(iPoY+67y;{s83E0 z(McP_3cCEzf5Fq(S^g}g-l}IhQoPv=GgbQ$^I%q#JdA~+^P5KG^M&#Nda%(X!FBmC z0d3s0YO)n63l?Vi6k6Kl)9oSMk1a`_v+a1XSP4le-CSQ+oJH(p4c2tha1KFNdZ5>b zUuBUFaV?JKUwx)PS^lR6QV-j(d_$Gf#rX|rsd)^4BLJp4#yR|$(p1H7e z!U1$)YqL1#pXbI*yDedk{QW%h1l^#W_35>%rLT>nC+`%~Vir`Bj%#!#eK0NCuP46g zfBLkJA;OLHaIshMcj$_J`NLaXCaQbJRbU3Auf$-AROhjX?YmnvbB>tef-l=q+6+UI zYCjTOTbr8MS;A=)Kp}f5VB&I?EqBFwh0|z{Y7mNWLF@ zQPZdirhi-a8%>|A*{01)Ps3zTk{taZq%#@|2zK7ZG$gBx$CGLmp5Zv7OrYvWjLbQT zRZ_5A;FEi(9K>wH(E3$&;)^c=SRx+331-NBrrr7A0g8f@sPGr{&6WNlw@CPxk*-hN zoEEU9@9QU&ba|HVIxKPu-)=e>;6@|(i16?(V8f}#o^75dLzOI=#kcQ|1nyR%+#=@B zaVk7A<HcxB?&$NO_^P z`|50OUPtt905BcBt=7N4b@m`Wb>3oNLH9i$9R~zpG?ZRlpz&4vdfZ_ntnY7z9{B%T zrOJz<{Ligb{zLoUzR}9V7yr*UZVO1h2!cSjh<_&jobf%s{DRy6-E5@<0F`?}aR05o mf2N|((D^%F_&<4LpHLS3Z4e}9G4ud}}/docs/addons/postgres/auto-backup/examples/backupblueprint.yaml +backupblueprint.stash.appscode.com/postgres-backup-template created +``` + +Now, we are ready to backup our PostgreSQL databases using few annotations. You can check available auto-backup annotations for a database from [here](/docs/guides/auto-backup/database/index.md#available-auto-backup-annotations-for-database). + +## Auto-backup with default configurations + +In this section, we are going to backup a PostgreSQL database of `demo` namespace. We are going to use the default configurations specified in the `BackupBlueprint`. + +### Create Storage Secret + +At first, let's create the `gcs-secret` in `demo` namespace with the access credentials to our GCS bucket. + +```bash +❯ echo -n 'changeit' > RESTIC_PASSWORD +❯ echo -n '' > GOOGLE_PROJECT_ID +❯ cat downloaded-sa-json.key > GOOGLE_SERVICE_ACCOUNT_JSON_KEY +❯ kubectl create secret generic -n demo gcs-secret \ + --from-file=./RESTIC_PASSWORD \ + --from-file=./GOOGLE_PROJECT_ID \ + --from-file=./GOOGLE_SERVICE_ACCOUNT_JSON_KEY +secret/gcs-secret created +``` + +### Create Database + +Now, we are going to create a Postgres CRO in `demo` namespace. Below is the YAML of the PostgreSQL object that we are going to create, + +```yaml +apiVersion: kubedb.com/v1alpha2 +kind: Postgres +metadata: + name: sample-postgres-1 + namespace: demo + annotations: + stash.appscode.com/backup-blueprint: postgres-backup-template +spec: + version: "11.11" + storageType: Durable + storage: + storageClassName: "standard" + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + terminationPolicy: Delete +``` + +Notice the `annotations` section. We are pointing to the `BackupBlueprint` that we have created earlier though `stash.appscode.com/backup-blueprint` annotation. Stash will watch this annotation and create a `Repository` and a `BackupConfiguration` according to the `BackupBlueprint`. + +Let's create the above Postgres CRO, + +```bash +❯ kubectl apply -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/postgres/auto-backup/examples/sample-pg-1.yaml +postgres.kubedb.com/sample-postgres-1 created +``` + +### Verify Auto-backup configured + +In this section, we are going to verify whether Stash has created the respective `Repository` and `BackupConfiguration` for our PostgreSQL database we have just deployed. + +#### Verify Repository + +At first, let's verify whether Stash has created a `Repository` for our PostgreSQL or not. + +```bash +❯ kubectl get repository -n demo +NAME INTEGRITY SIZE SNAPSHOT-COUNT LAST-SUCCESSFUL-BACKUP AGE +app-sample-postgres-1 25s +``` + +Now, let's check the YAML of the `Repository`. + +```yaml +❯ kubectl get repository -n demo app-sample-postgres-1 -o yaml +apiVersion: stash.appscode.com/v1alpha1 +kind: Repository +metadata: + name: app-sample-postgres-1 + namespace: demo + ... +spec: + backend: + gcs: + bucket: stash-testing + prefix: stash-backup/demo/postgres/sample-postgres-1 + storageSecretName: gcs-secret +``` + +Here, you can see that Stash has resolved the variables in `prefix` field and substituted them with the equivalent information from this database. + +#### Verify BackupConfiguration + +If everything goes well, Stash should create a `BackupConfiguration` for our Postgres in `demo` namespace and the phase of that `BackupConfiguration` should be `Ready`. Verify the `BackupConfiguration` crd by the following command, + +```bash +❯ kubectl get backupconfiguration -n demo +NAME TASK SCHEDULE PAUSED PHASE AGE +app-sample-postgres-1 postgres-backup-11.9 */5 * * * * Ready 97s +``` + +Now, let's check the YAML of the `BackupConfiguration`. + +```yaml +❯ kubectl get backupconfiguration -n demo app-sample-postgres-1 -o yaml +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: app-sample-postgres-1 + namespace: demo + ... +spec: + driver: Restic + repository: + name: app-sample-postgres-1 + retentionPolicy: + keepLast: 5 + name: keep-last-5 + prune: true + runtimeSettings: {} + schedule: '*/5 * * * *' + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-postgres-1 + task: + name: postgres-backup-11.9 + tempDir: {} +status: + conditions: + - lastTransitionTime: "2021-02-23T09:38:19Z" + message: Repository demo/app-sample-postgres-1 exist. + reason: RepositoryAvailable + status: "True" + type: RepositoryFound + - lastTransitionTime: "2021-02-23T09:38:19Z" + message: Backend Secret demo/gcs-secret exist. + reason: BackendSecretAvailable + status: "True" + type: BackendSecretFound + - lastTransitionTime: "2021-02-23T09:38:19Z" + message: Backup target appcatalog.appscode.com/v1alpha1 appbinding/sample-postgres-1 + found. + reason: TargetAvailable + status: "True" + type: BackupTargetFound + - lastTransitionTime: "2021-02-23T09:38:19Z" + message: Successfully created backup triggering CronJob. + reason: CronJobCreationSucceeded + status: "True" + type: CronJobCreated + observedGeneration: 1 + +``` + +Notice the `target` section. Stash has automatically added the respective AppBinding of our PostgreSQL database as the target of this `BackupConfiguration`. + +#### Verify Backup + +Now, let's wait for a backup run to complete. You can watch for `BackupSession` as below, + +```bash +❯ kubectl get backupsession -n demo -w +NAME INVOKER-TYPE INVOKER-NAME PHASE AGE +app-sample-postgres-1-1614073215 BackupConfiguration app-sample-postgres-1 0s +app-sample-postgres-1-1614073215 BackupConfiguration app-sample-postgres-1 Running 3s +app-sample-postgres-1-1614073215 BackupConfiguration app-sample-postgres-1 Succeeded 47s +``` + +Once the backup has been completed successfully, you should see the backed-up data has been stored in the bucket at the directory pointed by the `prefix` field of the `Repository`. + +
    + Backup data in GCS Bucket +
    Fig: Backup data in GCS Bucket
    +
    + +## Auto-backup with a custom schedule + +In this section, we are going to backup a PostgreSQL database of `demo-2` namespace. This time, we are going to overwrite the default schedule used in the `BackupBlueprint`. + +### Create Storage Secret + +At first, let's create the backend Secret `gcs-secret` in `demo-2` namespace with the access credentials to our GCS bucket. + +```bash +❯ kubectl create secret generic -n demo-2 gcs-secret \ + --from-file=./RESTIC_PASSWORD \ + --from-file=./GOOGLE_PROJECT_ID \ + --from-file=./GOOGLE_SERVICE_ACCOUNT_JSON_KEY +secret/gcs-secret created +``` + +### Create Database + +Now, we are going to create a Postgres CRO in `demo-2` namespace. Below is the YAML of the PostgreSQL object that we are going to create, + +```yaml +apiVersion: kubedb.com/v1alpha2 +kind: Postgres +metadata: + name: sample-postgres-2 + namespace: demo-2 + annotations: + stash.appscode.com/backup-blueprint: postgres-backup-template + stash.appscode.com/schedule: "*/3 * * * *" +spec: + version: "11.11" + storageType: Durable + storage: + storageClassName: "standard" + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + terminationPolicy: Delete +``` + +Notice the `annotations` section. This time, we have passed a schedule via `stash.appscode.com/schedule` annotation along with the `stash.appscode.com/backup-blueprint` annotation. + +Let's create the above Postgres CRO, + +```bash +❯ kubectl apply -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/postgres/auto-backup/examples/sample-pg-2.yaml +postgres.kubedb.com/sample-postgres-2 created +``` + +### Verify Auto-backup configured + +Now, let's verify whether the auto-backup has been configured properly or not. + +#### Verify Repository + +At first, let's verify whether Stash has created a `Repository` for our PostgreSQL or not. + +```bash +❯ kubectl get repository -n demo-2 +NAME INTEGRITY SIZE SNAPSHOT-COUNT LAST-SUCCESSFUL-BACKUP AGE +app-sample-postgres-2 13s +``` + +Now, let's check the YAML of the `Repository`. + +```yaml +❯ kubectl get repository -n demo-2 app-sample-postgres-2 -o yaml +apiVersion: stash.appscode.com/v1alpha1 +kind: Repository +metadata: + name: app-sample-postgres-2 + namespace: demo-2 + ... +spec: + backend: + gcs: + bucket: stash-testing + prefix: stash-backup/demo-2/postgres/sample-postgres-2 + storageSecretName: gcs-secret +``` + +Here, you can see that Stash has resolved the variables in `prefix` field and substituted them with the equivalent information from this new database. + +#### Verify BackupConfiguration + +If everything goes well, Stash should create a `BackupConfiguration` for our Postgres in `demo-2` namespace and the phase of that `BackupConfiguration` should be `Ready`. Verify the `BackupConfiguration` crd by the following command, + +```bash +❯ kubectl get backupconfiguration -n demo-2 +NAME TASK SCHEDULE PAUSED PHASE AGE +app-sample-postgres-2 postgres-backup-11.9 */3 * * * * Ready 61s +``` + +Now, let's check the YAML of the `BackupConfiguration`. + +```yaml +❯ kubectl get backupconfiguration -n demo-2 app-sample-postgres-2 -o yaml +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: app-sample-postgres-2 + namespace: demo-2 + ... +spec: + driver: Restic + repository: + name: app-sample-postgres-2 + retentionPolicy: + keepLast: 5 + name: keep-last-5 + prune: true + runtimeSettings: {} + schedule: '*/3 * * * *' + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-postgres-2 + task: + name: postgres-backup-11.9 + tempDir: {} +status: + conditions: + - lastTransitionTime: "2021-02-23T09:44:33Z" + message: Repository demo-2/app-sample-postgres-2 exist. + reason: RepositoryAvailable + status: "True" + type: RepositoryFound + - lastTransitionTime: "2021-02-23T09:44:33Z" + message: Backend Secret demo-2/gcs-secret exist. + reason: BackendSecretAvailable + status: "True" + type: BackendSecretFound + - lastTransitionTime: "2021-02-23T09:44:33Z" + message: Backup target appcatalog.appscode.com/v1alpha1 appbinding/sample-postgres-2 + found. + reason: TargetAvailable + status: "True" + type: BackupTargetFound + - lastTransitionTime: "2021-02-23T09:44:33Z" + message: Successfully created backup triggering CronJob. + reason: CronJobCreationSucceeded + status: "True" + type: CronJobCreated + observedGeneration: 1 +``` + +Notice the `schedule` section. This time the `BackupConfiguration` has been created with the schedule we have provided via annotation. + +Also, notice the `target` section. Stash has automatically added the new PostgreSQL as the target of this `BackupConfiguration`. + +#### Verify Backup + +Now, let's wait for a backup run to complete. You can watch for `BackupSession` as below, + +```bash +❯ kubectl get backupsession -n demo-2 -w +NAME INVOKER-TYPE INVOKER-NAME PHASE AGE +app-sample-postgres-2-1614073502 BackupConfiguration app-sample-postgres-2 0s +app-sample-postgres-2-1614073502 BackupConfiguration app-sample-postgres-2 Running 2s +app-sample-postgres-2-1614073502 BackupConfiguration app-sample-postgres-2 Succeeded 48s +``` + +Once the backup has been completed successfully, you should see that Stash has created a new directory as pointed by the `prefix` field of the new `Repository` and stored the backed-up data there. + +
    + Backup data in GCS Bucket +
    Fig: Backup data in GCS Bucket
    +
    + +## Auto-backup with custom parameters + +In this section, we are going to backup a PostgreSQL database of `demo-3` namespace. This time, we are going to pass some parameters for the Task through the annotations. + +### Create Storage Secret + +At first, let's create the `gcs-secret` in `demo-3` namespace with the access credentials to our GCS bucket. + +```bash +❯ kubectl create secret generic -n demo-3 gcs-secret \ + --from-file=./RESTIC_PASSWORD \ + --from-file=./GOOGLE_PROJECT_ID \ + --from-file=./GOOGLE_SERVICE_ACCOUNT_JSON_KEY +secret/gcs-secret created +``` + +### Create Database + +Now, we are going to create a Postgres CRO in `demo-3` namespace. Below is the YAML of the PostgreSQL object that we are going to create, + +```yaml +apiVersion: kubedb.com/v1alpha2 +kind: Postgres +metadata: + name: sample-postgres-3 + namespace: demo-3 + annotations: + stash.appscode.com/backup-blueprint: postgres-backup-template + params.stash.appscode.com/args: --no-owner --clean +spec: + version: "11.11" + storageType: Durable + storage: + storageClassName: "standard" + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + terminationPolicy: Delete +``` + +Notice the `annotations` section. This time, we have passed an argument via `params.stash.appscode.com/args` annotation along with the `stash.appscode.com/backup-blueprint` annotation. + +Let's create the above Postgres CRO, + +```bash +❯ kubectl apply -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/postgres/auto-backup/examples/sample-pg-3.yaml +postgres.kubedb.com/sample-postgres-3 created +``` + +### Verify Auto-backup configured + +Now, let's verify whether the auto-backup resources has been created or not. + +#### Verify Repository + +At first, let's verify whether Stash has created a `Repository` for our PostgreSQL or not. + +```bash +❯ kubectl get repository -n demo-3 +NAME INTEGRITY SIZE SNAPSHOT-COUNT LAST-SUCCESSFUL-BACKUP AGE +app-sample-postgres-3 17s +``` + +Now, let's check the YAML of the `Repository`. + +```yaml +❯ kubectl get repository -n demo-3 app-sample-postgres-3 -o yaml +apiVersion: stash.appscode.com/v1alpha1 +kind: Repository +metadata: + name: app-sample-postgres-3 + namespace: demo-3 + ... +spec: + backend: + gcs: + bucket: stash-testing + prefix: stash-backup/demo-3/postgres/sample-postgres-3 + storageSecretName: gcs-secret +``` + +Here, you can see that Stash has resolved the variables in `prefix` field and substituted them with the equivalent information from this new database. + +#### Verify BackupConfiguration + +If everything goes well, Stash should create a `BackupConfiguration` for our Postgres in `demo-3` namespace and the phase of that `BackupConfiguration` should be `Ready`. Verify the `BackupConfiguration` crd by the following command, + +```bash +❯ kubectl get backupconfiguration -n demo-3 +NAME TASK SCHEDULE PAUSED PHASE AGE +app-sample-postgres-3 postgres-backup-11.9 */5 * * * * Ready 51s +``` + +Now, let's check the YAML of the `BackupConfiguration`. + +```yaml +❯ kubectl get backupconfiguration -n demo-3 app-sample-postgres-3 -o yaml +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: app-sample-postgres-3 + namespace: demo-3 + ... +spec: + driver: Restic + repository: + name: app-sample-postgres-3 + retentionPolicy: + keepLast: 5 + name: keep-last-5 + prune: true + runtimeSettings: {} + schedule: '*/5 * * * *' + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-postgres-3 + task: + name: postgres-backup-11.9 + params: + - name: args + value: --no-owner --clean + tempDir: {} +status: + conditions: + - lastTransitionTime: "2021-02-23T09:48:15Z" + message: Repository demo-3/app-sample-postgres-3 exist. + reason: RepositoryAvailable + status: "True" + type: RepositoryFound + - lastTransitionTime: "2021-02-23T09:48:15Z" + message: Backend Secret demo-3/gcs-secret exist. + reason: BackendSecretAvailable + status: "True" + type: BackendSecretFound + - lastTransitionTime: "2021-02-23T09:48:15Z" + message: Backup target appcatalog.appscode.com/v1alpha1 appbinding/sample-postgres-3 + found. + reason: TargetAvailable + status: "True" + type: BackupTargetFound + - lastTransitionTime: "2021-02-23T09:48:15Z" + message: Successfully created backup triggering CronJob. + reason: CronJobCreationSucceeded + status: "True" + type: CronJobCreated + observedGeneration: 1 +``` + +Notice the `task` section. The `args` parameter that we had passed via annotations has been added to the `params` section. + +Also, notice the `target` section. Stash has automatically added the new PostgreSQL as the target of this `BackupConfiguration`. + +#### Verify Backup + +Now, let's wait for a backup run to complete. You can watch for `BackupSession` as below, + +```bash +❯ kubectl get backupsession -n demo-3 -w +NAME INVOKER-TYPE INVOKER-NAME PHASE AGE +app-sample-postgres-3-1614073808 BackupConfiguration app-sample-postgres-3 0s +app-sample-postgres-3-1614073808 BackupConfiguration app-sample-postgres-3 Running 3s +app-sample-postgres-3-1614073808 BackupConfiguration app-sample-postgres-3 Succeeded 47s +``` + +Once the backup has been completed successfully, you should see that Stash has created a new directory as pointed by the `prefix` field of the new `Repository` and stored the backed-up data there. + +
    + Backup data in GCS Bucket +
    Fig: Backup data in GCS Bucket
    +
    + +## Cleanup + +To cleanup the resources crated by this tutorial, run the following commands, + +```bash +❯ kubectl delete -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/postgres/auto-backup/examples/ +backupblueprint.stash.appscode.com "postgres-backup-template" deleted +postgres.kubedb.com "sample-postgres-1" deleted +postgres.kubedb.com "sample-postgres-2" deleted +postgres.kubedb.com "sample-postgres-3" deleted + +❯ kubectl delete repository -n demo --all +repository.stash.appscode.com "app-sample-postgres-1" deleted +❯ kubectl delete repository -n demo-2 --all +repository.stash.appscode.com "app-sample-postgres-2" deleted +❯ kubectl delete repository -n demo-3 --all +repository.stash.appscode.com "app-sample-postgres-3" deleted +``` diff --git a/docs/addons/postgres/overview/images/backup_overview.svg b/docs/addons/postgres/overview/images/backup_overview.svg new file mode 100644 index 0000000..68437a3 --- /dev/null +++ b/docs/addons/postgres/overview/images/backup_overview.svg @@ -0,0 +1,997 @@ + + + + + + image/svg+xml + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/addons/postgres/overview/images/restore_overview.svg b/docs/addons/postgres/overview/images/restore_overview.svg new file mode 100644 index 0000000..b9adb0b --- /dev/null +++ b/docs/addons/postgres/overview/images/restore_overview.svg @@ -0,0 +1,857 @@ + + + + + + image/svg+xml + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/addons/postgres/overview/index.md b/docs/addons/postgres/overview/index.md new file mode 100644 index 0000000..6764be5 --- /dev/null +++ b/docs/addons/postgres/overview/index.md @@ -0,0 +1,81 @@ +--- +title: PostgreSQL Backup & Restore Overview | Stash +description: How PostgreSQL Backup & Restore Works in Stash +menu: + docs_{{ .version }}: + identifier: stash-postgres-overview + name: How does it work? + parent: stash-postgres + weight: 10 +product_name: kubestash +menu_name: docs_{{ .version }} +section_menu_id: stash-addons +--- + +# How Stash Backup & Restore PostgreSQL Database + +Stash 0.9.0+ supports backup and restore operation of many databases. This guide will give you an overview of how PostgreSQL database backup and restore process works in Stash. + +## How Backup Works + +The following diagram shows how Stash takes backup of a PostgreSQL database. Open the image in a new tab to see the enlarged version. + +
    +  PostgreSQL Backup Overview +
    Fig: PostgreSQL Backup Overview
    +
    + +The backup process consists of the following steps: + +1. At first, a user creates a secret with access credentials of the backend where the backed up data will be stored. + +2. Then, she creates a `Repository` crd that specifies the backend information along with the secret that holds the credentials to access the backend. + +3. Then, she creates a `BackupConfiguration` crd targeting the [AppBinding](/docs/concepts/crds/appbinding/index.md) crd of the desired database. The `BackupConfiguration` object also specifies the `Task` to use to backup the database. + +4. Stash operator watches for `BackupConfiguration` crd. + +5. Once Stash operator finds a `BackupConfiguration` crd, it creates a CronJob with the schedule specified in `BackupConfiguration` object to trigger backup periodically. + +6. On the next scheduled slot, the CronJob triggers a backup by creating a `BackupSession` crd. + +7. Stash operator also watches for `BackupSession` crd. + +8. When it finds a `BackupSession` object, it resolves the respective `Task` and `Function` and prepares a Job definition to backup. + +9. Then, it creates the Job to backup the targeted database. + +10. The backup Job reads necessary information to connect with the database from the `AppBinding` crd. It also reads backend information and access credentials from `Repository` crd and Storage Secret respectively. + +11. Then, the Job dumps the targeted database and uploads the output to the backend. Stash pipes the output of dump command to uploading process. Hence, backup Job does not require a large volume to hold the entire dump output. + +12. Finally, when the backup is complete, the Job sends Prometheus metrics to the Pushgateway running inside Stash operator pod. It also updates the `BackupSession` and `Repository` status to reflect the backup procedure. + +## How Restore Process Works + +The following diagram shows how Stash restores backed up data into a PostgreSQL database. Open the image in a new tab to see the enlarged version. + +
    +  Database Restore Overview +
    Fig: PostgreSQL Restore Process Overview
    +
    + +The restore process consists of the following steps: + +1. At first, a user creates a `RestoreSession` crd targeting the `AppBinding` of the desired database where the backed up data will be restored. It also specifies the `Repository` crd which holds the backend information and the `Task` to use to restore the target. + +2. Stash operator watches for `RestoreSession` object. + +3. Once it finds a `RestoreSession` object, it resolves the respective `Task` and `Function` and prepares a Job definition to restore. + +4. Then, it creates the Job to restore the target. + +5. The Job reads necessary information to connect with the database from respective `AppBinding` crd. It also reads backend information and access credentials from `Repository` crd and Storage Secret respectively. + +6. Then, the job downloads the backed up data from the backend and injects into the desired database. Stash pipes the downloaded data to the respective database tool to inject into the database. Hence, restore job does not require a large volume to download entire backup data inside it. + +7. Finally, when the restore process is complete, the Job sends Prometheus metrics to the Pushgateway and update the `RestoreSession` status to reflect restore completion. + +## Next Steps + +- Backup standalone PostgreSQL database using Stash following the guides from [here](/docs/addons/postgres/standalone/index.md). diff --git a/docs/addons/postgres/standalone/examples/appbinding.yaml b/docs/addons/postgres/standalone/examples/appbinding.yaml new file mode 100644 index 0000000..93a5c3b --- /dev/null +++ b/docs/addons/postgres/standalone/examples/appbinding.yaml @@ -0,0 +1,22 @@ +apiVersion: appcatalog.appscode.com/v1alpha1 +kind: AppBinding +metadata: + labels: + app.kubernetes.io/component: database + app.kubernetes.io/instance: sample-postgres + app.kubernetes.io/managed-by: kubedb.com + app.kubernetes.io/name: postgreses.kubedb.com + name: sample-postgres + namespace: demo +spec: + clientConfig: + service: + name: sample-postgres + path: / + port: 5432 + query: sslmode=disable + scheme: postgresql + secret: + name: sample-postgres-auth + type: kubedb.com/postgres + version: "11.2" diff --git a/docs/addons/postgres/standalone/examples/backupconfiguration.yaml b/docs/addons/postgres/standalone/examples/backupconfiguration.yaml new file mode 100644 index 0000000..5c4862e --- /dev/null +++ b/docs/addons/postgres/standalone/examples/backupconfiguration.yaml @@ -0,0 +1,20 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: sample-postgres-backup + namespace: demo +spec: + schedule: "*/5 * * * *" + task: + name: postgres-backup-11.9 + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-postgres + retentionPolicy: + name: keep-last-5 + keepLast: 5 + prune: true diff --git a/docs/addons/postgres/standalone/examples/minimal_appbinding.yaml b/docs/addons/postgres/standalone/examples/minimal_appbinding.yaml new file mode 100644 index 0000000..c30d5f4 --- /dev/null +++ b/docs/addons/postgres/standalone/examples/minimal_appbinding.yaml @@ -0,0 +1,17 @@ +apiVersion: appcatalog.appscode.com/v1alpha1 +kind: AppBinding +metadata: + name: my-custom-appbinding + namespace: my-database-namespace +spec: + clientConfig: + service: + name: my-database-service + port: 5432 + scheme: postgresql + secret: + name: my-database-credentials-secret + # type field is optional. you can keep it empty. + # if you keep it empty then the value of TARGET_APP_RESOURCE variable + # will be set to "appbinding" during auto-backup. + type: postgres diff --git a/docs/addons/postgres/standalone/examples/postgres.yaml b/docs/addons/postgres/standalone/examples/postgres.yaml new file mode 100644 index 0000000..674fb77 --- /dev/null +++ b/docs/addons/postgres/standalone/examples/postgres.yaml @@ -0,0 +1,16 @@ +apiVersion: kubedb.com/v1alpha2 +kind: Postgres +metadata: + name: sample-postgres + namespace: demo +spec: + version: "11.11" + storageType: Durable + storage: + storageClassName: "standard" + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + terminationPolicy: Delete diff --git a/docs/addons/postgres/standalone/examples/repository.yaml b/docs/addons/postgres/standalone/examples/repository.yaml new file mode 100644 index 0000000..025191f --- /dev/null +++ b/docs/addons/postgres/standalone/examples/repository.yaml @@ -0,0 +1,11 @@ +apiVersion: stash.appscode.com/v1alpha1 +kind: Repository +metadata: + name: gcs-repo + namespace: demo +spec: + backend: + gcs: + bucket: stash-testing + prefix: demo/postgres/sample-postgres + storageSecretName: gcs-secret diff --git a/docs/addons/postgres/standalone/examples/restored-postgres.yaml b/docs/addons/postgres/standalone/examples/restored-postgres.yaml new file mode 100644 index 0000000..d47082f --- /dev/null +++ b/docs/addons/postgres/standalone/examples/restored-postgres.yaml @@ -0,0 +1,18 @@ +apiVersion: kubedb.com/v1alpha2 +kind: Postgres +metadata: + name: restored-postgres + namespace: demo +spec: + version: "11.11" + storageType: Durable + storage: + storageClassName: "standard" + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + init: + waitForInitialRestore: true + terminationPolicy: Delete diff --git a/docs/addons/postgres/standalone/examples/restoresession.yaml b/docs/addons/postgres/standalone/examples/restoresession.yaml new file mode 100644 index 0000000..bd6e5d7 --- /dev/null +++ b/docs/addons/postgres/standalone/examples/restoresession.yaml @@ -0,0 +1,17 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: RestoreSession +metadata: + name: sample-postgres-restore + namespace: demo +spec: + task: + name: postgres-restore-11.9 + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: restored-postgres + rules: + - snapshots: [latest] diff --git a/docs/addons/postgres/standalone/examples/secret_transform.yaml b/docs/addons/postgres/standalone/examples/secret_transform.yaml new file mode 100644 index 0000000..0e28f36 --- /dev/null +++ b/docs/addons/postgres/standalone/examples/secret_transform.yaml @@ -0,0 +1,21 @@ +apiVersion: appcatalog.appscode.com/v1alpha1 +kind: AppBinding +metadata: + name: my-custom-appbinding + namespace: my-database-namespace +spec: + clientConfig: + service: + name: my-database-service + port: 5432 + scheme: postgresql + secret: + name: my-database-credentials-secret + secretTransforms: + - renameKey: + from: POSTGRES_USER + to: username + - renameKey: + from: POSTGRES_PASSWORD + to: password + type: postgres diff --git a/docs/addons/postgres/standalone/images/sample-postgres-backup.png b/docs/addons/postgres/standalone/images/sample-postgres-backup.png new file mode 100644 index 0000000000000000000000000000000000000000..333d66982732d8f600496c889ce59158fca031a0 GIT binary patch literal 53750 zcmcG#1yEekvpz^50fHuh;F3VF;O-VQ!9s8y+})kv4#8alL4v!x+d$C4-Q8_~*-P?% zuin_92^|_XGzg-aBv9zaB%P>$cVrv z>)joNz@L{kl4|yFa2VZBzt7@nF$m${-obqq6;^afJ6Lr0P`vcHJ{{fQV14-ktJwfq zPdw)ha(vdi4jlZNPYc??B|_CDdD>e^TnsvPe0MGa)qeLo_^kBlLa=x{r$J=J9Jgu5!vt{tzTiz~r=ke;cr5(Szw?(2Mj3EL-j-vJNx>WFzG1?ca^-Spjy=1c z2maXChv6{UYI30(Cvj^+1_GVcgFIjrTTI`uJQ=<9ixLaT4@JDt{;nQ>_S45#M$+uj zuqkF~BHX3zyG(0Sqs@f8(RxMCR6Np=u5-N^+bl~-gw@Ld`2}98lk8nuK*K8Z>Ri{JW9m^E4_Rj&W?YxxV&)xXwC3w zXXDapBiFG;G6BoEe&3)fXJe0;NQhM2y+c> zMXWA^csufCGFBNzxGzb=^k!AZzT85omQ#(1k)e(Ff>`;DtE4DlMk#7FTsZBxl^->U zj!;m3W0ASKXrp0{hOPP!4OMwt3FI5%GdvBq>dFjvz(4MzABB1{B@P(vbjG)WF2!`~ zirtZ|HnJ773$TKZ_o!^7-WnGxFm7_)*$sEuGf!Z+p~fY_(Uz&s)y6UBhmpyH4QdXC z5KO)$udIjwKjZ}oFDriBo|sXgwXTs>2H)WR@+MfI31A80>VqK_!rQYc@eKE(0Atv~ z_$cdWgn10vtx;q0lK~DbD0l|jn-#Gd>cUrzt=YyFI6Qtb#d%!!;ze@0Q@gtFXxyRK z{3v+eEWrKo6=Gtk^?}lQ?Sl~E{<7)j-9~|sB+oLi28`!R?$gs%EgCNH!R(x;H@?ij zD8(@pUXE&ys<%O{gWto7^lu!Uh;{`ZE{d;@VP`pIjEp!VOb9kZgZku!yQjvh6)*Jt zNI;oHJqH^FS>GAR$m|3fS>C5Xw?rp4t}5-Mu;#Do#x}0ba*HD9p7wuBRH1em>|T?( z*dlzlDSvQV;Kx}c_ed<@(40)wiZg_!@nL?6_^xdfQKw#iOOm?F#Bti^L=$p=9uTjk zYXkVGS1O33)@@{-i3@P{C{IT^DoyRy$Du|6^C1Ea{*45-H|7|G@il&)u2-XAx)fc# zFM8eFf{fm*8(&fV!iUXGVYs&@7Fw*m-NW)@a zgq>&bQYXO=r(^fX(1=S%BVO_Hy676CmI@HqEdu^MJVfRSneC_!iB8Hv1B{h^Xsv?%_?m~nvHA2$M?Qv(yTGBaAm88hOQ7S?{&+XMj^KE$~u6(+dQtj zbmy0eE_caGo_rb2*3^7|+tM24xCD8XM=6eIHJ$0XKU`!{CKpM@&mB71ja(S%aPm#e zJd+dl*rD?ci`?U3X31LrJYxyhd#&E)=;0Ha0@Y2e`|r*kiuKNh4+8gb4|osIHUaJ! zep1Ks+`+}7+Om9T<6TY3!nng+UM#{(82|tqV1YYAuL^j^JAhDL%?*u(IL|gS!+B;% zf%YjQQH^KmnTKT~v&S}jD*A{gGf$<_H&U|$ScmB{OxI#=Y%m~>l@CI^K0UA#ZE;XT6Oayi)WG@t91JgOfVzH|1tt};y&KWkqw@w#)v>Pz9HlVr8Mq=>$E zc17(=<@Z?qLVi6GvURE=_x#glJ+p4Lb0_2DWcR5NW{9mWT}5Ac%^Wz4SEHggz_!nE z%)w=4R0~2SKp9TU7`ZYl$cbf)v93{-(?HYHzwdp_TcE1n<+{JfLE?S*JOpRC#eT~H z)bIdo(CpW-!HUvWZ`K&H2G+&lyf3&@61?>+fK!0XvrD?9dODms(NEF|^$N^SPligs z{z1Z94(C~=wu)T$=V1Mt`ifZCxe-?MDk2V;&3?PsBmtiy@8IIN8+69on2o+HbBC!FzeB$<-x&CieQ?$Q|{Pp2SL;`3?RO zl;p4((;r_U2Mz?QWc~dzjf*PN^3R!BFW)tU?Qih6uC{-6=bT4QEQ z2Y@{H>KUT%(WQ#0eA3&Y%YkS*tz#(S@Ulupnf-3V(cK2MSGwi5K9%$MlERtH<+a%kBn%f0F>LF@}b9u1uU?F@;5K4ca`m*1A3?9A=-l&7%Km z_3jlOX$G#JzT9&Nm4q(SjTxCSmBbI`ss5H8^kQ|QunstP0W&K7!szhd;y9(JX;(wO zRW(1eEbQ5noPyWv_N~*({?vre{?M_fT9OIBqnPFel{iPSz6MUf#GWzw*}DxoBVI z!Bmo%YpBlbAbGZz!he4(=y8n>$b_|-b-giZRz_HE{8gz3G^piBC>hS`Gy6BMEHG}r z&s;A@uUL@n{uJd$jN0=CDYB3-j;}X;I0WjRkoC>B>a#z%er+3q@upbhA*_Tqw_D2U zjduoCF8T4pyOf<>SzQPuWykqB`#2W>IEsql&3G21%cb&p%x(N^nFwpjIo=ENX+{KF zS+_y#!^hg$KSu+OMe8nbW(iy7RsWni1LY@V@f*CzZ#!euROkaR&qv3uzBHE9+AO8!03REFa|8fyJSr|Sx^9|Jiy;Nbhuo>9oLqlFsPNsN@|_YjzD<`EbZBm z+Wep63Mv5hj-xSJmn`2AdoOndZTFn4%TU1|gIn)jWtb78J*I$xSpwn*aIF@z8lM<2eO^HW3E3Vfc60vhl1h_B9pW5bF zOAu$o`g|lqE4E#=C`Bo?^*CO~u*%Tu#(Rd_7YOJ|bbn!Fh6$nYDAerYn`!;7pQR&aL;db8r#;AkBiQcC3A(4E@CJ#_T6FEz!tbMxnVI`BkQ8Kp&_ z=~o{n00LC2e4Y?)5Cn_~sJioSby>DNiy|ukVHFDOt@M>;>~JD;*1Gv3W+$f;iRl+v z$IU{wE*3eh%11U*F4=dYmZL!Y+=}M_Wm3Y5TCJ-9;NyN}!r44ASlClBEI33k?K5Ya zRWi!xfKs*QMxUC3*O85H#Gx2||GLh=+jg}Wx{MRa;SwDBJ(K?6!MUYrq*T4ao`!7LIdcKz=mXi` z7nucdlQpJDIXPr#3G+5f7l(XSIl?OR`#Ps7rwoIqXPl`w0y3 ze80;&_xg(8m%)($K3_bzW-pf~Sm3J<8$apopI9ZYO_dyR3wJ-bd-)@R+uk z>#AO@Cdq5ayV3J%YT1(M*|qdGP8z^&N@4nbgNrkl5n~4%Rn}{^l#m0(?L|;MKL|-Q z=Dch7)6dSV;BaMc?j1tsl~(RCzLxUiW!vk;SK!jpESJ)NppI+nNL__o+5)4>8e&ai z?d(p^j>8E`%=Pt7zglMTS9rySXE(@$S54gGD^1qnpM)Z-7}1}H!de$F1|)>g!#_Tn*% zy}|Ry-JWgWZN?+_OAK@_>MyoDv04AcG#uS(j%sr{!?dOOR%{ofvU&aZS z?MX_kG>}KY+#JhlVRR2X^PPYo1#(wZDG29NVv<^<>Eo4R=k_FRcLd+S3qGnZN^oA1 z$d~L%2ALs=Oa_K3CnQ{W$x)+)_M2QEWNO@O**o6nYQW82SrHC_%z*jJmVOD=0oSeJ z>GNG*;~Zg77g?=KWwJ6~7gAHIc1kwBOXD?4#@A;%ft0dXEv;`g4v{su+F|2HzFaT# zM^?U{m=SsrR5jK$Jd|C3pKVhrjl7+~c%#mDYrb<=3Fx)l_0HS;QTzrI3%uAq37fv+ z4)p191rKRF*abH^Zum?6J%8jaIreXlUhY{i9gsGxDQq8D&iz|?O#qKBhRBn72l`2` zZ$HXi5glb!Obulxx0(YqbI~aAc%n-6J0x0~YMxx*b&(d^RHm}8$02asd3dKWTNOUn}Bk|fO^f7PN=lHgH8_M!Z>SjVe$m?Ahy z%(H}#cd%igCY@jW{>e}wS! zU_hg$AVfd->xj)-A(Xz`OJ=Kmsj|=MuSaQJY6I6&A{-vTBK59OsQ`KV-Mw~d8+qgA zHjVueaDm%3V80XYRgRa9n=on>F6gD+VKdy81=?#X-0WH5l4kB~oU4eQZko1^v13j- zo`ngrpUbyUeJw3Ot_MVQVkyVipS8`B>xF~E#$`I!rT{Tk@Wyb&&(^6f(!vE%f7`*Y z(9@TgZFAF|iTTO(u9eY1eyCA2KT_}XDyy}}uLEwmjV90}$9gVA#+&~VcgS0Cq2tb3 zy#XM^GA;czm#QF@$2F9NOlLRG>$|Wr*4Q>3Iv_E)-_+raZ36db)h^3?(!_HHkw!Fi z4VC&GauLcdkvhArBwNxia4d=*H8VRnbS`7mDa@5v09kwV!>tL){Tg0|$HVhu&xHYN z=jyW_MRJe~>)66p?pc?UHq3qb`o#E*;Nk)ZzA)pI+r(Ra6Vvl=@)JwO7|0>QhD7d~ zbXwLrQ)^EN^_;W4_G&f|)D?L^O^O`e^WutR7x{Tjud>`bX-myFqdBRvHh`)UW0m%a zrg=~x=Ywu51C9W_Lry`nD6p~p?7ji!4 zHld{9?p?0{^qBxu85NNKm4GV&l!^R&W3pQ^VR4PN&HICbH|tb}uHzV*!ilR=z3f%b z0rMM+M-@N6-mj^6%e*$dDP8c}EZB(lVDX#@u!svZWxea`NBn{NpEg%-uIeL6^g>=~bAPn2~uI>=gje4fj=-g)K+-_Z42Tyez z1S&yW>Z79KyWbmqkc)N#LOtrTz`u}dMz*Izp^d@oY15iBN}W_8>wMbti_nxHQS|qJ zri#ah^ig|n@^E&@zqbI&BPZ2&xf>9Bz9FZp!dG=|EC`oOfkMJz zk>x=l^1eAwFi>js@RT7|z#>mdCmQ(4gBi(h<@C7HDU{hQ;@GO*BH~D8K8!(pEu&@Q z37{VqSqQuBpxt$x#(00AvnF4yjz!s5*ZO^z{FKo@ZBd6va|rCQHg-CxM;*N&TIiF( zDFc8twl8=rQrTQ{k~dq+I=m|&E#2SPZ!2C0N^&D=?<_1XpGU4@o&a*h#@cqd?=r{? z^dktYWQjm9Y?uYHU~@Yv!Fj54Nv-)ck#84nNdU#`c2bnLh=w0nJ_sBTWsLECngmqW z0yMxxpz!*+j9Dg7bxtr`A91N3W~B*g8`$_+`qiWK7v&x0G2fyPKahpwW#}o&;wJ;q zc9{}n!z3dXb-&=o5K58h(;bxFrS<%Ev@o{{h$SrC=>3F&!!Hw)%NQW*te`}|qSLh~ zwF64S&nb&w#dop9JYH5JI?f0s9l$!Mkt06=u>7}PPo4?CYCOCweR^x%XA7k93*I6Q zI*TU9a+FU6bF!Q;_*EvL?lVG98wI_Ccaq@}Oltl9bcMwworG}}A+1m5gJJ>Z-+H>g zKWeYPZlvNn>|KU~i`2g*_HeI5;zFd?yPyA4otH|*75fye^PloO58t0ZYupckWbZ}) z>kjeQc`1$jy_aJ5*#9~JzdYt74v{coVM?HRWBlA?Oo9Vm!DwGIA9d*a`yK%*e;zq7PEXJKVUDInnWKL!$&kjRAi{ITG`A|~cv==nEK zd|R?%qjOhcWEn~PnjLf&czyE){_BD=^mz)?L35l$W%MH-*d1`@( z8gz5FO=SI>!Ub)o4ilO){s@gNCMR7sf(rE#KG^+v<^c0kM+UImKyc}Mwq)ri2mEW@^XXs=|7~a- z-oL@SOlPnlaWo3`S99jjV)RM>vwxp&k9@y-b+v6Q2%R;pQ)~5bZQDO;g<5@6P<( zdEroh1v-eEXcotceqiOT%FE;~mA@UC=+%<<7eT_`H#Ro19CdYd{eyzMr^R?^%MMLe zDjX$l79$ZqE?MFqtv&xeEQLBeumfXOv-o9bprE=%bhL&ZUKO703m;0mFEM6IOCwpQ z1E$V1Dj1@8T83T1NMYcKg_4rei%+XQ2uQxu5w%;{k4(rX>rGh6wn`UFi3N~E`Phco!yf!E}1W%GBfs2KI3+lSogcVwiC$PNxrG;o{F zC?tH<+{tRs=s}M1&-sed5NT!?)bwvNJn^oC4GRkk0Ry*h+P$EU3dWlr9C}8`uUk%9 z>o9J)Qu@1N*`}J0^MxOc-&$6}FNQBHGI+(@agLw^x_s(++0ZHf0fUZ&gwNWh=pAK7 z<#&~udt{w-)l`xP`z!F7q`gBI>t|~>SkMBo?S`O& zfkk<7&BJWPlvtGJC|7BEAE9)UvqTWFh@9^h?xAIffAlEm$rIQ1j*vc5G4^~P(C(%o z+~Og|Hptbla?t9#kUslTByqFn*r8ZUQ5F3D}S8beW;iHm9>cs2^4w4yl z+2}=x2m>!wEVes=)Hy2k=*JH&P%N|1fk9Q_hD)n2Qsq@ zjXt_nFH1xbpR~25@GU_i<@jLWi>+=`jX#+LfATCs_>5ss+yQ6BO3$~@N{`Wj5m|)! zk~nN$8zV!^yPCf+fFJzqMdx;=_oHT_zTz$k;xiHr=MOulyNcK{0=PW{-ye!wZTX7) z5-6CQm6%^#bzr!D^UJ9wxUTlF^UX;8r0n$?V623rL*jkn4TFvHkQc@D^prUooxkbm zbvaG>l67;JTr0)tdNO1eSTP1azUS3{wP~lgE;~p`RplOD8J%I2V}R!;DecP-;r$fw94WB(Zc}Ds>jh|kA;+oH)@KeBTgon=%eB#E9QEko( zw$OlxB*qSolc6Nc4cNr5o;7{VAYja-+pH$Cp5Tl3`JXX}!Q`hDesby`h6YA@MRm3k!U7cBxoFk#}14eWKdszQum~ zOSdX1D=)ZsJ`_n!74^!O#msJy#xZWqCQd%aomOshbTc~U8;bay!@DO;WHF1_A@~$) zx-qga&5wQOx4MHIz^^9xxuPSFpwRp~+liJF#8kY#TDOV-At%-;ijKjUBA%V{+qgnw z0%5Y!N_(_|oX_G&XtM>%q2WdzTvEBZ<#*IraOA_}lpBH$MUPRpmVyjq_hQ{5N<&=! z)Ji(J?5lc`>)E{whjeep;lO5b$1aO*O>S&_tgJG|SA|c?cf{CRZ(|iQ=8JHYpLW@R zI($Z6{8?wGxWnnq-~pGHhcnp7|l<^=}=o}WCq z4X2K*MysNulYMQSnZ*njb8=#1EO@J`P<|iOPMX#D(nK`Jz;9JWG#~i3v%NA+#{baZ z{7v=i7tiZ#Zena4o<9*@K8?i?#i%M70CR2o*O7t0 zsl-)ebomW?#8fS`Ftym@;<2l|sHEMg6NgL97&OFjc6%wXjg9pN2ilcE5joZVV5pCO zth>|z&4>ICepAU#X|A&ds+w_$INzFQyM1e1XP_T_>4UOAA?+@YQ1LFyx(f49x(kRo z^Y&{diZ!wZr4_SDkJx<)4W;2Uj7>=QnS!6Om|0uk3O(!ZisWYvYDFZJ8K8OB#O0S= zEG>Q8V4%AHn~vt4w)HD@&L#gLpR%HxxiP7gjnV^4`yGZD!D)Zr>dY%r{+Pv)OyzI&O z`}c1+MMcGO-LAl_OLEV>mu+KMD43PEzbP!P1lf9{<6=e-%+F~0KMT%ok0glLnxbQ?6Ij(#+fk#RbyM#td|h-CS8c1BG%oLjx*&ra{Rpn}prT79X3qT%#fEYiV> zc9@bgCylHrAbgEwaQu9LmhL@cK5}f2xVq7M!x!AYp!53bEHu=r(lXjK0Wa8954bP5 zkqdfcqjRvOtVnveld)4guzGR%zkPAi{S#DxZ%t z^URG3fdqw$0!gAF;J*3Omos~6JD;8e+36G(6gzCBCkEVDV0LNIKHlZnv;LY~h3>zY z2~tt%iqk@vs)b?3$ur6cD)3d?-u9n>+`%DC>;eW>p4yPpNcojKK zne+D%vYejp;`qd1fgySEe{xbh_O-^pWCZBtCj2j={9mr{f0L>-ul|kgPyN3fK>9x_ z{J@kHf@2%pHO<|FgAaUs9{;Ve$?%)Cj{)h8Nh%=y?c2Bw?!Va?bj!!eKSA>U`y}Fj znXedIHJbD55#p#mrUkM8()ty^QKY{nd6WHrobmrM-2eCGzZPlf8uYF{*_jhzt8=^4 z%w%GSIi{CfInN~IoeaYHw@_icGlEW1!DVl}=LP&rBd|q9;M&{&x<&w8qfBH(doI24$s6LVP3Xu;K6zNs^ zf1L#=#23DQI@$G8_az~=6|uTT{=0}4@m|VcqBQtXI)nV*_#*l{@Va)x#%Dx- zpLvZ>(4{U?Ft9sXV}>#=gNKG_(XiR2mGpk~;}H3xS%(>8)&l!N?%#Xy7XvLwI%z4B zB!i=V)mrJ;qfvHC=n>;`D+ZB@nb}|`eBFgN7sr@2O;~04^Lh#U zm#N$ramolZ$s2}w&l4bViSlam-eAOCJ*`S)^p$mHuN0brBO{+<{DGS&~7mNP>}Z zi}9*y+dt^N{vRxGaM_`C6;`_(M26-xjNo29DdTB6D)xBjZ$}Z$akg*8I2KwZ;`_wh zzl;UCyf}5F-wl{$KdxAD2%cLGek`J)rG2;fd?lL>BHO#SSkL?>(V%OqP#0Ev$yWmw zzAa=SYB2RNN`M<#qdP!HZ~cl?e{HS57$dz$A0KC=1{GwEjgM2SYF7gv`JwAb>wHT= zmkMPs_s%CLbl>6uH8AV_^6}&4tZ*~N-<-l2L>c#-pT>@jf3)P7x*M^M0sB@Nai(Uf zeM-(ri#gLfn8qGAnoTVbs)zg$;#_KeJ3Yt=5v-^4=KBuuqK;)Cw@YBuBRxVr(DFQ682-;VwJK z8QIUh^iy%siFsYnBY)8DTBuNEsPIi&)>J!%@uM0G%}2)kX0CZiRC#OM!hz#~Ghy;o zJMDqFo7SMp3! z=O|VKVZQZ72*szG?g?|=kYOVSiSn~wwzBC~%$`8%W-C#swVM)Z%+Ck-#3(c&(;HlA zlT%aj3MnFAR05J{=wrjNzayG`G;hRES)Rh4@TKpWR#GtT$p9VjYU^^)@Ly%bDGBKs zq2RO|41M67uM23(i%DS>u(nCSkyl6kV5p#)G^=EVy4&!=Kn`IcK90w%G4znOW-R4R z!CUrRph!^(ygaO5N^t0zQ{Lt`)gM0K=c?cOM+V-#Y*!MIK^NkWe1nAk-4;+Du2=1~ zY5}(fg?9fA#}5DCz(?0IH87OT+4;SA;58`w#gH;N8Q);$@RzZ%KIw|KG!E*ep%^wc z&N_8jUS93{g7Lx4y~3?Z!yoY(qa&6`u9V~fd(z9N2Tr_dv%3!m3zO?VUy`plHF$Vp z>`V1m8zMpIQdp=987QFGy0wkP<0`#wNDWsPSw@AI>~L0Qh3VfTE{dgNrc2gWYBk3v zhzyKwOQZS8Qx7IU851li$UFi#VaF9s`$WILOSv5cUSZd|=_|ANQI{P4AB1v#S^zcZAuS)M_9XKO=Dn+3Dnbk-NDo8$Dl`g-e z@-I_zAJe?Tz^A=xe)BP1_R7*Tphixh{r=k=(h13jT}R)PkP=YKg%D z2HKwm<==gM`B;iQs|~Av#VTkG$*|l6HMs#iV z>>pmO+oe@Hy^>C%Yb|77Ur_Q`IXt~DB{h!bFK?l*f|IC;&4JdQt))oRyIZ}PJTh2} zL8}Zy!buxVdl~Bum+2Pq;jfU(7UIG-`$E$Xrr@j#wo44acBhcunN~z+M9XOF(riWsB|WddPLy|RgyWHX zs40;CEOpAxPtTZJRHSnqvxb)D#7^Pbu(7oz|IM;9MURR$|NB~{UFa5}4n;e&KC zv*I^NIc9jPLSn-XPb#gnb^X7m&cpdo{6#tx<lQ%T5d?BoZfP*^z#}4C^8N zEv>b9yD%B2vVL*BTBTZ%0%vB69e1%9Lw^Fj#)yJgrrq zP)^p6*&u)C*iRKCV^~A`2W>JT-j5%{#+sawHgVic1=5fxA7@C_lR<3KxkpE)>eOp z9RJB1qF?0z7A{u9-Wa8bM64}IikM3Iq#lZHKKG`U{kyF?hHLVpe}XUnB828-rBMUl zy7q_C8oUBx!|VhTJQ8HN!_Wu;@!W8s){W{B|9r3MTQm)MrtgcFD@))#LQ7SJaY?BP zy(WGB8obYggXBXT)%hl$>(+}j=X=KojD}5b72#E@Xg;bBe;{W&&;(n?f|H~vhu5tQ z2JRl}Z5)*t^L}Xk7-A!zv{LUhD2j-y#8-O{@@GwMsN z*i1kNyBfUx$|U%#!0BD_f`XLo&Xs;brM ziY!yBM(1Kezv=UG^BJ814$gW1{pW7{h;EA8d>y7}?Va`tGv=z8H70_HZkd!Jpt)6f zWd-_PTy`b*T9>@3I;O;&M5lv}c2ZG6YrT`lQUJ4+BB(~pG#$uEl1Xe~J(wlA#myg>HUoRKg&`?QG4kye6|%2xBdJJO-JwUSq3t9u3_`dACEkWZe1XsWHV=$Yn5;J z6;hEw=l&ZyKRdoIA6#NMzaM$~-{KbCS>E7-ZG%m+bVo&570Np#6XLD182&KI(5Xv0?c0i%i#hC0NOh&Lo6@b+>`j1 zbFnlB76+avf`y^#rA+_hqw+F>_M<3whJSO5USwfloPi~Km`iM09NKOJfjb*c z`Rsz?VKZN)22%UnE$b|F;hmTGB71Q#VYhbl^G=!VQ(LQpFDXfG2E~R`h`Iz}+d*;1 zmPb{?AlWE#LEh-fL9F|`2)Wyp0zw4?Jo{3TE|EGaosgHL*+s0)DXFQhs{y!Ay@Erh z*todv!@A{>ZGr2Cb`Edo{PIk_Ezpo)@9ysYk&z**tc)X`^ZL64iK~B(MAX@&f*iBg zy$hUd8dt}|_424?-D2-rPncSr6|r^msd(AC;QdJ#5x1Q`F32Ogv-4B2GA-PEoppY7 zbsX^c8!W7@DHRZy*m*(N!-Ma*4JIIX(}8(2;@sLL!?}n(qarJdkqGkQ9!g}y4$^~-?~piN;+C?I?+EkNXEcWx_sTC<-FLl&|u$iz2uHC6fRD#Tomtp zm+!52w9w#Vj(pOMCHEsOji@>*S1Qr&Vn@F9;n14Z`_Y5Lat`}~!1HD`sQG3stQmOP z!NI|1N=fAuZ0!{*#n^(q61V?w9CCEboj);P?G4oc>V8akXwu0n0oI=T8k!!bJ#aqu z4^K-@rEWy+B1Z4qA&>LaWwehX*URh=@iL;H{NPt#sh#gp z-QQix-F|Z;T266()^x>re&I$%rOwlEEQO0$Ta_PS*l~%YzCiK_jq1Be1d-@XV5!&% zAGG_bbT~6~;OQdswepQg1|hX-xcm?ytvfx`VEpi2z!y@>dGZH#`(ry1BtD|Ts8_Lw zi;;12oYUPGc)nP6XSMaFSF92$L<_qc))f$RM7uW7l(h8Z6-yOZ?XPgkP)lI*S21;Q zaB?~W++f9lXJB~PV4>dDV!k#aKf^7wkJLMDh_NlL4fb#hc;3_Q+d{OQPY0+nPoT@N zjIJQeb3f91IKK{O@ci7|%~Y9J53r*Is?&*pHz8WZz{SMIa@%c4{^5v^kH6pcexx!r zHKkK6|DKmesqJ-Zh(W?9DJlXY#^coP;oK#_{3xV{r%g~r^j+6TyHlMf0vY? zHy-gXBR!gUzEC{1nxIjSP&8>;Melu$XBFHi5{YMZ9Uk6Qk|%vJ9yu z11Ah9Q(+;ij|xEPDk>`Iw43q1qcYULD?fCEXay}=Ve(;M3f^+AE4C$GaKjERJUkyj zDMGNa<$3Ei@L)V`vVbQ~-I5z^Uli$fyo&bfOocw3Mr}A?le1yg(QtPL~el3(%Qci9gDB!*q6wJK2acR8;Td!TZJzaEJ3!%E19rfbKvdi3Sp&^$>ME97iCBVZ!?ceS6%B$y>w5re6uznxRrMn$u)!D}AJPM_lZi6~#ysAhf|XDm%bM$G zD8xM*N;(n3hkM+|>^pH=h1O|F+hvz=(0wEe=Y-8khRsjxyX1gNwVGT2{=0p=ZX4Ye zgt@{Qjie1cQNVPGM#KHtkXoA;Kdz?DGr{{+%#h#{Pr9|WwHpBCx>`M64(CtZT7cqTvo<5(K!$f0yMRwuIPNRsFltLnOQQk!g}wsK!&@mVDkYG>toF4ou})4Ri03% z*2@y>7iPcftQNoM>FJd*;@(FRaeva+C$C%f;sxDw;=+M!76DR~h$I3In5@O^y9b6W z!yd2M*x64nCgfOkJDDWs0bzTCY}RSOM&NoiYuvD3+GJvF zy-f`BZhY8sR2qgGcb^NyOZc(fHRm3N9i6lK<^oNWdI<4C^*feNX*VJ69A78q0 zJM6qt$di8Q-!U>Gn}BLOVf+?@7FmbhOZJt+mB)Gz@2zG-L-0rI5# zVs`?eCcy79%KP3gG7`gRIO%ou{hWDO&!*iI^gd4j1GE~(&=?GQ*i#Ya?B2#IgAlqz z0Fp=qpmpFCJ|~E+KQ>^yJ3Gj3UdF~$42faAz2ZwA=Q41VvT1m#nSkKZ&>-C0+=Q#H zt*x}*9ufMnKhzz9g)ivE$Jlny;(fnPYHDV-Hb`4$&=dMr({V~EUu$^+2r)cCFAw00 z7c&+d4D~C%S)(t60ObZKuWf)$rOFtPA`?e>A-F&9T92d|53m)g-V%3VZ=9hjp zd!z4fw9k)@LplJO5FR~zY#`V<&h`1TeLq}NSBK<9Rj*l^<>=YsWmT7oDR}>5a&j{3 zdH`rcIfjOX0hHgP!(;sT2LcRxq&h%EaX8xz57O$`HOFWw!alK~i^6Mbm~TxjAV=c(#h*R&cm-Ump!a{Fyr zr{g6s;2}uO-rmW&IuIIwh=Fmx_mQ}Vb1u1%7wpd8uK8gKAhR_+uiwcIy8(cdv>FT` zDCv!}o*o&kN+}wj*Lnme{KE*KhydxS2Pi4u{?Wt#oCWaNH(?`424tL}q2Vy#X@JaI zIdw_mwl`|?a}g64Kbz5ys<2%be{%ilQmr9iG7amIyh%*Dou-g$VACeI6R`lQYZ1V8 zYDxzVeVy)uU?~H!R7fRF0Quisd&8Wy-F7LIOVq^_6|wENhIPlX#aaXsb7p@F1PPUS z8HtIBAv~UKUqV1nznFYpCml!)k9YeBQAlU*rtdDe1?`KJOHkbI=a(NjPL5l(1-
    q?E+5GF(pl)5{>FGojk!gkRH9k@{~yg26qL-3WBFxo^Yu%Jlp?(RnTgZ2$7@h%+)ODme#70&o_Q>+Agfbq?u6Fp#9d zMwcG?xRn+|VBYA%Oo=|a3}~Hidm6&w6jpYE7%$UV1Qh= zfUw^L+RIO$(rMP8{5rmtPGa&&wQ3A$gF)M##L;_#2s=RX+5-9^r_iizzljh)tEheS z2J^{v&=GR)y<_Rd%QV28b$b5A3$Ax*|!Tg{zFl{S5`J&`~B_hGv>Qm?FQl>gDI{W=T zmi+}yOh_8O{v!eWY&wIRz}8*BK`Pz}<69*a_xexet^(hLf266hDedNI-7$zR`S-LDb9#lxC$) z2RtCZAp6Y5BWWREqb{SW%R4LZ&REXxva0Hd5B9^DG%CD}R zfDrs*^y-jrsRtJ{3>?-}BOoMn-7l$wa{&?rZnq2Sh=>T_2!e94Y6qa~ZznPz6_Le} z_U_L|^P8K~4(IC<>Ev?1h2yj48L-634kge(0X^SoHn| z+l%3uTLc2E9n2Cc!Tlp4q}7dy{t%po{NW<&syKFLHCEyuUsfG4@5a|sqcxs^;RN6A-G zK+|#;4Dc!{(a+Y^>6{si=KB1A-cP0j=Vb%7y{?_v+?%{Yvu#GWw@(1iPe7aSxIgVX zb>Rybqy57!EOYwjYrj^R1&79&v)=Ydx(gqPHlW3xZMwg6ltMl|rR4V)$ue3nNzhUl z^5%#5e`5}9OI7O0bRu1K_BLCc2PH`>ZBna8ZooI!rAAg58q-QdWv=Y@YWm&ldD59( znrJV$CRO%Tdf5IPWQC<_Y}XfD%+J6Urv{TkO9QuE75Y}vRKT|rAJra;5SpD&xMB;3 zT+PBdPBFq5wVlpZC2^-CHY-F~(WC1c_OP(H7N$Gw=P~S@EPH6KxiF~yFY4YhDz0wZ z7KM-i!4o97h2T!%7F>b`cXto&?he7-T?^OX!7aE$(8Aq$i@o=E?`iG5``-C;e!L&m zTGgytYt6aVm~)QNNAIJOG=IFGE|T5d2qx-hL^3xw7bp7&>}?pv${MwX@A>ZrWt#v1 zqZtTgOwG+nvBK>pMLuD!&g>l*rde+SvzBAqW5u=y`K`ae^Oep^J>!So*SinZA4Tx$ z!Ze?DBff%X*zDGtdQOVNwFvQB4vj8n`kC&>oU>Ir<2M~QyqVt5uH@3Gip-M(&rc6` z+YH`=uTTF|=WQSKt}|d@9?ut9CIE#Pu)84On;2jhi&mvK!kTl$V&@gS^&PmYPsALTjjA$6G#$}5&uRD@Su3E=MB>B$2b83 zZW>@fSFUY99Owf?9LaD*9x)bG?TJ8E@im}!b>(cSoSvMVJh>m!&X##~?SX*ylWM!0 zV@{>ze6{bvfjI!9jRP$H*Q4k(8cqT45HoRRZtmg`JbpeQgle~6ko4p4?+?Iad$o19 zqxzR(h!>I5Vym-_1e&Urmb9nmlh2d~5X64-%FHbg1g+ly9{}*txwg7jG^9cb3tBij49(&vGvRT`dECJIX+D0(^Q;?JG@&c6(>-gq;YbWe zA?V4Ey2JTtkRtz%l9GX8H|ymt>ke=RZ2;4d6%&I4{7XW>MKT0@qOZpUktg0S53h?2 z4*)j;L7?3$r~>#-*LN2mYZyJb)$a$Ot_4O0+g-{^!@th5vbr|2mDGr1!VHv1de4{K4Ly?#uHN zZ;<(Wk^nS8c#?n^XZXN>y+PCOjq{NMT3$biQojFR%>n{%W zh&nEXVB&vup*Mt#H{i90K!2D76VwuoGWMlBRJpjg<~zM#QpSS*-D^RlZ=dyln`&vT zq>TCf)5OhesQCXel48^=f^Ip=ULdAN{srL8rw>m=I~)JLCuo95-NB1O^EgOOFE;MW9wPSkETf~NuPgHx z2!P+oB?pN9bC!K}LvX}38+Z>G+w0Ps^#II2wV+6Zf1j=whuM%fAp8>p;Uyn{W8jqb z{Bs@bd=d!BtC#u;SAFwJ?r^W#@Oy`d00CmXzwG~*+9nb;n0ENS`XhkQbn2YnQ2-lX zuw${dBM{|zzjy%&2pNdof2?&gZ(S(EsP48Au1GrVT8~ijpFRR3=&>@x(ibU9%+3zbn3E%90{r3ND_Jl+;wXVphsi}3o09TLD{D|iD6Z^ei2eHJ3 zl*!-E!b6sO`8~If^2{b&M1q(75gW=!Z>LSTKKG0RkK5y4(?cIS-se;(mVEPO{p|0H ztLH6VHyN`DB{kDD*(O!3(9h)+=QU|!wCwtN$B^%bT5OmUuIj@h#00W2&%c5X6Qfc{ z4^h#GN)c^80_!>t-JA&rrl^-$?2bgO^Lqpu4;VrPHJ?5~Hv4mouUG7`T8A$W##EEi2MWLoM? z_q1TwPHi5JS}l1@U*Y_f26s-hckav-f#^A;Tm;1QzDDP20m4?JU=i`MbOyG|}o9;d=Rk7?)XY4&xwg zAW8Y83(+0Zw8#J=Ix^g8pn^a3R8A`&?4URrFqm;7vh+QyiA#AlW9FaZ?n2fX{NkVl zk{PvK4`{zLsY%w~SW)qOz~_p|>G9T%CVnv8_wz~Z z>}pH5o2km~E}O+%i_&bE5?%#NqLCULn|hftk1i`#!y@&_QRQ+&Bx-rJGT$Fl zR*gg>)=t9;t>$jG?3&Tq)T~D3Dpf1ihV5yM=CQ?@M1H|7nAxxdR5b?Rr!x(6i%o8U z^*>g8mxo{=I@4P>us)Xt40GPt`80ap&)%U&r`7UD zz4=Fhm~lqE`5kpxjAf|S>|!p6&Z4T`dK=DV*Qc2Nrh&|(BgbL_ihql%S?;om8gYHnv$aPjk-T8 zhU1U9MNHt)Kz_K^ES76Ql+|gJZAMnYXDgREcOkkum-g^W)WT8T^;o@eNWJF%PBSxTvVGYFVrg-Z zL|E%ozkP6Z-hvDH21%tG=F+XuQZyKCWp(y$Xs=srsVy99sh_N+Et^#5Y@I6AXqjD{ zu~f5i&#FtDQ&LX=C#gf6ST(GyTFdKoQq85cIwsA*w2(VYg^EXDmovCW7RP)}D1T_JyqAGiAKE}J|#H*{tc@;lffrqMU zWd&EhYx9)PdNmYW-kxYwZ>4E14P2AgHG8yn(Mb&zGeK4ds_bIi^UV9EQL7P?Hxm_b z#rXL0gHMGFV&L6?WRMH5Htr_5OmuvF6fQ`CYzkK<8V2)g{nnXlO_^4jp+1Qq6|#;$ zTv{BzGHK-Tm`%}MlcrOIqRt62HD#dyn*kKAjCV-P99uD%8;Hi5fUH7sX(?&^pe=w@ zp_;!`rb8KHeYWsB`1J{C!=AF;+U(|?+3Ea`2UDlRQVBMTOdf*1pkb@eDj*a~^Td&_ zE!k6c9}CeNzllLBw&E2fk|!Jwwd!FfQ|{68=fK_!R@r#pF)5I-P}4`l&^dqAbc$S+ z+%jy@$pZ2i1O8H7#0ewWtz3|wK|N-Wq2a+HQTz2eDjz@N#=H`)vB&4I(I{!w-^TX4 z__9<@ZS)R-nk!cvOz39cC-+h7J_ON#--k z%V99qsv)6cqy-1X5EU&BL&Mr;u(qPNCTheQ+;dy=T1~wfywAri3yKIcX^>We~$H zk~J7l?06%DWxXde?8=3IPAVW2n-KR6iXw)CGgMV3apGS4LtPapJ{BHF1%{+C%Fk~U zolIBuW0X<$MXCw2A@W4Jz(+vJ(w+o^{a#;!K*#@6YbkIg4|YrNfA!j-C;`v@_V&9SZ1?TC70YJ= z5^RK=cQ70eOQVd8a`NH0abd^5kK$2r_3bc~>OUbjvoO}emQJ-DHk< zyT+tad8?k_W?VhX1!QscbdwQEXWd!AYqk3cQ;wOGlrd$ULB760>YCQ2L87od0Sac@ zDEk=qVPRpufF=)TRQU(LS*d!HNro4{F-VjWtzXfSW0{brT`5FB+oXq)@gqsw;AR1r zlfRxL!xG-6upqRbHJ-M@z`g}BwkjJaxyj!x){+urR44ll22)lp01&9 z?l}mo7Qvp|^wV~5N5+8t!yM-AM{-K)Oj9fyelugRnxYm%X%KEpWz47{G+c)%5||`p z;J8PQpb196FH^g+Ird9jAulhdgc(c`&^fnSZ;b?VNa%rr8uJAQByNQvSbwi=Rxh`jx7L~OzB>BjiF zGrKORSHjJTGXFgnK2l-oB~==UMQMQ!B~(~p?$`yo?7JH0wE>HtZ+$~m8?Qvn%u|D6 zN3nQI!G_G_so!9brql>*IHHJtll!}9TH{)p`K_RqnwuKhw{ODSl75{59ViD#1iN29 zrlin@fqjc9lHEVe?Dii`|L*01kx&OF+nzvBL?#ybf?>L%vd|pmrBD8M(K)WqYv9~@ zyG3R)E(#H*X<;E`t$2J&>Xt(Nn|oVadBHQyZ;Qth5(Bw`DRhwz>85&x(3pLoJsx2; zoI(=pQB+Pmk7z|8CwsHz?JZHw1aQCBpAV3R2(5#~v=pe`-_{>K)QIOcbtoSv}kg< z^f7^VvqCBqBxwiuQD!k=TN8fX|D(=_O`Oii3`!Bm`-L8}&FvOcqU4q?Mvw zapXr;CjT&s{DGCF7q>ef-&%78MlkqO(gzZ>p*fn*3n#LjmkEVE5Rq{9iJ0GS$Wv5( zbccM$EBsT)_72j;VHK4|k<;i}b{3?bTS{ek#%MQ!;LUn^M|$CJxYSgmR<=YV-_Y+U9lR*3Ul`h%dKivg|6GYF+ zFm4XuDNhhM{SkBy@$1*>-Xx)(WE!J+~N4{EeQ#J~|wO{TSueBmp0SF0o`4skD@R}@n zI=2cs=E`wj(g{HwXGU=jaYuQQ?yt}R3knRYU!UYBj_57fBBeUg3dS8^S+xqHdJ52y z?%uoL!nau7zR@O)WqdZpQUsRia3N?1R4KP$J-sOXq78Cs`A;?Tw50_km`o zffpwdrT&DhoQiW|j(4ZVJpmqea!L+bM+d%g_f%;D^40Emwqo6HJ!6;a?cL7YVduuV z92`Gl%n*OLL?23~Y=Nm-OW?P`)9y?XCkx;=_Q^H4d3(B@E7Au2DOMa!Xa09W@KUhG zc)>zDAP?q(5WeZ4+z^M-!J2SLC)A;r?b*?uJr&K(_k_kzg@ZwEq`u)RED$y6gvb%`)_NA2 zp`wLj-+DOxDGxQb--veVpx7hDxY)XAo$y##W_t4h7as~iChODak>GHEc%P?B_lNJ= zL@1-d`t}=B_g?&}c5g!ipKd)+>c-r#k#^7jhJPHpJzY>@hTTJ9hz$X7(ylI4oKFBO z7WY$)XsZ*0fPmm|tuw2orG+IUAv&S;q$6#1b{2SwSQJT7x9>MT^Mr&7DpzX0XKaE@ z-#yQZUD`1!Ix-WSeUN|imiKm{XxGNYhYR=Wcg)FQ$STB%FKSWK7OQQpPtP1r zZLSwG2G+pdg#`C6*iWcC0L?Rg*B?#LqkNDy?|(sv{|B^ZFrQg4gr4~#`xRO14I%w6 zprZt84w|4bDuy6@3^lsVKU@F+49WTLVm+^*l>YxHfcifP&iUgDrPxej8atM50^X{;HZ^;Ae{fc(We%N;5>=10O3 z)EajAqf+F$mN}`}TPavN3zO_6kG5)0^`e|KJg$qzw@LzoCC8ixs+=w&M-$5L)d<4N zBpcTzpV}_yJ2pH>v#2P*R|Lo2ErCZT4!`CRj7R00Jr@jjl&|Ku>)g4YxpX4bJQ_DV z+SI-Du5D;7O!XsLGed?+&#T;BZN2CC4Em#tXK52O5~cOLke?Ef@l761RyRI%@{dIM zV;PuJ+iCL#F7dNO9mE~UR6oVesZPS{G#|b3Vl0ECCjGRzqa2&UW(2D9wA%)oAR5VGJ?=_!SJ-KB#7Lw>W zTJHMjsqOMaDIJkp>Gg)4A#I4%N|9k#rT=zOGCdq*-KkGI^OX6*sX2Ssyzi-8?iNgN zrLbVTL`DviatrZbon3V=G*_BkWr;m%*Iq(Md^vq%ouXY=-0A*cvBhE5et4qB>a#1= zIUca+EP0{K7X~f@vN=iP#tY?or@KQ^AKr^fq~XeR5+y0OF@NL1AdOX;Sb_G4s@$zg ziTW6kFR$hGC{r)yhBFg7ev%ub$t5X7=D+gkSB3q#!w-u=GX36ovs&`(;`u{*O?o`) zujG*J>fuFQPhPU+rT5#Y|YHI53Rh9QBfL}v#yu#4{DJmIc_7UI*Ziw;U ze*lUfm^AOCT0p&Ka9+8vuh<}<;spWPzm^;gm>09HWY->7XW8$Vs&*4NHg3Xn(z+;3Hfgg+yE60 z$mud%U0uBr!oENRbI@!$pV**)%K>7?8q-PALLf8#_6zshFi1;ob}24fD`Jtt_}s20 zL9|KB8glc)VkWL`JDuFb3LpMH%p89`EGI1^O4kWWM;w= zJ8)C;AV*-)$kh5+N^VDc0VD z2zMF3NhghF$Hd^Fn*fX`ksg-&7GzOzJqF1R6P9?XUB`` z*kZJ{8I!@|G}~=bl`u z$tMUW1LDsAB9l@vYRQjs$mT-N9cqM|?m4LVti=tTt_zS@PuGtn6CcP~h_XxH5d08O zjkeI}uTyuM9BAiFc3X&!=QnZlCa-45YAhSy=~u(ZjOTy2X)NxbxGCs6jro!=vQ8Z} zTTAtQVYPu(f?_&3*-$~Eb}aW-m3_EnoN0H|+Jfik*J-A~-frPI@|Nj9F%>2-)yGhH zy=k%R7}<9#+g$~pc=3KdM=j_$O$qmWm7Ovs}M&cLU|S7wmEH(pzF1 zet-Wl77eG7C`)LxfG9Lh8NZ3g2~?ZEdDd0njr+=ZeWk<$dw!BIX%{fHnyzLwO3KUs zo^JF!KJM}Zq?I@N1>`8Bs1yoMchYRIrrZJgD2LtV+gIKvzySg1 zBtBaM(RmOzy|fCA#`92F4?lnupeyHEPa6&}NosA@`1k-pL|!TNE5{OGOzgZ;-T*G4 zm)?@qQiI)Q@B3G7*uzQZc)mouIOj+L_1^0!8Ocz%M}AITtl>D? z^1;O##qGPg0olKR>ou>pS6^CY$BK7qkK3WDvbtTzOO8J{bhOX>g)+E3j-#TTg({t_ zY2tT`82OOQhUE4h&d~A;;t}f|R6~%NbcKh3Jt8-X%<%(Wr$5|XUtyji14k0;aG5(NYgVr+ZRw?uF`4{+C26*w6-q$~Jgyan^W_?^>!!@iaOnn6?tECj525M0`)| z9}&lC{?t!BDl@KWuh6X%3iCo#_+1BWCY9jAw_o0VN-AiN8!5w?J+j*6?Vr?fdD`Ia zx;9xecwh?T?qtt^TnHp8aF2cRb_%&-AR2I$w_ZqIvN0*GA%rhy~mnEif+VLlCdh1| z`!#2>Y@aPmKU^VEx>q8F%Q_1#7(utkSb zLQB!0@|z(Cg*| zuqF(Keo}p{3}(bYs4*JG;(J&a&xLRS43jKh&8jURjV?D?_;=1AHjSO1#f7mq%$9)S9!}D;1!``n&-@ z;TldE7E}pwII%sxa?kjvb=B}Q^Chh+Mj47V$x9FXXrM0d=-`>Gs7rDlG@vv0;qP7z z%3^dz_O>qGxRu2g<952%(wY%Re^fgGqa#leCO?0n3QH%}>ikl_`<+ONG~AuN>zD9O z<>3T$E^$lqoPy2~sj4nDM4Lmt@8Ws88+5?QC?C0v+Vh#L#$4#>`6d4*+0^hEov$)Y zRB;5eu5q_U6Ao{bZO^}7jCMTLz9yDEI`(;QP<(WPe@$pSaK^mDKuJibKIYNdoxEjb zxwfVzBj#$YfG1WYv%bR+U37f=A#;A#vs$O-M>_EL0fiNjz0Vz0D&Horej^LxyYS*Q zb(~LmXAEs0ail1+ETIZkuoW($EwXG-a$h_8utnX8@LDH;3v2X7X}wyiZ(CVuoKeIU z7dlD;k@6aY*tihX&X?I z66$cJH3?wleDV|UF`F*TDWy)4g8lu@4WJFSy*xhvb&i4oTG#6$esK?Jw$Z*hSsMpv zY9%H62ZWt~_r>9IO8m+k%RZk=*#We72*X3e!><%ZK<5aXXoT5d0r2przA*r1is^>< z@Lf%95IE-o*hH2jaznI!VG_gNp^#%4&x7u1-5r66M*?-j%rRhw#u?mlVQ^=P)iU1C zO<;Opk%bPbhejX5(W&*os5kI67~n*b;+q}1w*p8}{0TG`WfQv*JE0Y@q5iB-NZ_F& zJF+a%=qs#o-nO(|gscI(@l@X{w4Yqv(aO((M2=qRT(LS&;s)23ROM=FT@0C)`qC~8 zWy3Vd-h*V;t$H89{F2Zc&*U9W-zMMTYYaxNr4AWkR_8@)Ek>*18)0miZhXw zZCp94U5T<5m#^-IY{qt;zqt)-;5c54Z5FXd5KS=lp(crZ!(-G_Y&`cJ3Y+@6{cFcl zQ;DNxm_^;+x!ir9K`_!7O{mIt!+tiC zYoXC<%Qa4alDV~fcj;uq4X4fkS8&N0KRv*b)7TbS@weY5Lt!t001JZ~MI+9XG*Hhz zJ3l_ZW}~KzEUpjFSfa2to4cljt5o_+iexOC)qFUNn8?7sQ%qEED7n?GTia*nI0q?o z^a8X9+)&0G7d}dbLl-=ryG*HgL$a^6drikasA3E-!Xr}Ya>T0!&55!DjM8!#lFmwU z7bzSCu;AQmUH#PN&&?iue_YZHX{Fv^jv5ba;}V{rT^F>pq|VMNL#bx;RA=F`3jR5%(o-E+|#R* z$RGl4M44pb8Z+juYPLSe!~!8+mTNIjV_ikni*)VlDC_!?Gak>JV*hg4fV?M?F&(y; z)fUOD4foLIc*OqaqYl4O86#SUtl?4c(0SIdtlf|3+zZ&^VoIcf@=U(irB3$PrRX}a zrv|!3rbn>NA@>;IcyH%j_&FZEJyxq^uE6hCRARJ(;#CLO*%2GU(XdVrHR$*SGsqve{X_SJ8dNQg-Jxzqa191GM7HID2v>^!&XpukB=wE3uzp1 z^>Ho9C_0-K$#DFEQQwFDdHaIRRR^8lo9Z3LZ2AGc&_qXTy-;UZ!mRpPC zZrF&{gCl_egQLUnfp7ffH_2>~45OC}>nD3ZCU9wr&gxL2G+o{NjPF&POvOggum!>i zT2#qCM5Ju>W;NT%e?ze^~+&J$w8)OlKkG-hMWIiPZQPmQKTarv< zs5*y?h0=+kC5~zZ6i=3*G(pg;XOOxQlqwY~g)>i3ARn3AYP&QoyvYO+ zE}mOUAR7^2+VYojez~JNrdbneZoteOr7d$x!bm?>m~R4t^!TGaNMw5VFHGNZEzp;h zHyRko!As#iR{DnD$@H6@;d#Ae&A#$R)Ya87y8bwhswyo7+>K0~g8GJrAG2yE(2RDQ z!iq}UqwH&c>*ut4Hf$Lk4-`ww$`;z)*-zRoP*8&N#BgPb;#IU=17DS|fU?x)t7}W>_UG7aPDl1RT&b~5qU&Szcdwba(9hpGQfM-C3(zxbx3OLFUguJ)~ z?w{^#^>%_}k_@Zd35fO{>cXO?A;+cuL+h*1ibsTPA}h;7jL&{T5%?d`Py$OQ6=9^M z2dFUiYfw_7ekGTlR}Oy0j^r~~CdO;R9LZq9Wg{~FHjQyPmZ;qj*iT-Z#-2C`{P9R( z4@htF62K}B&MMo}*l-N_rp0XQPl!Xwi#6nCOkf(-%k-_E;0Q`*mRy}c_^+1b7+ z>tIh=P)Zo-)W>x;jy|nlYpi`D-ZOD|6M9fO8IhCGh??OuCi;-G1%d{fi^2@p5BDoG zI?pzBN&B%F;Dd)z0b8e`yMAm{cbK@X9i03Tc()tnXArE`Nyn~z8td+KAwGFLZpAe+ zsso{m;2%ruXNv;3)ZI9qnvL2Q+%ayjaIp4KD;IG@_Z-IE*gLZ~XDC`GtHuf7wlhbs z>qGZLRgTDJ6OY76rjb-W1VB)h*JOR{mDb149nf+3W_D!QhBGJb?rJN$A+e~@IF!dV z2J#{+O_B|PJgzMnS3hy!d)`4+YJ^F;IkSutC^mZ$-w26tf)C)7Ke@Lz!hL6OMkPMe zU&&-?W`Vq@sa7a4InPpFLQu{$Z_!ZMWOn!~v1J5Evbn3v^uC{Q7-Ak;69gjNxr8i} zF;XE(MX1JnEw@l%N$IxbaBpkPZ(W|B{;+Ash^RLUH8tq~`XWJ|&|kM8hk+>#15OGm zEHyKQF>R*~3o0}dfzDCJ_*=5q;+G;7&z6p%ukl%^A8ICt<+l14S;mkqH5VIlgyK)r z?_C>q1}d0}E51t^UkGGk$9#Z7$;EAVJ89TK^6={pTDz#;w=gF_#(@NC#2Adv;}Y`@ z5ewsb+A%{#$1|a@u&~=Q>s8e14Ui}S8{L}}f@gHQG<_8q5_+5p0E%e1pPel&Tu`rq zQu_AG?@$0W)a5mn1m*%I4b2vyY~2Lb;WmJA`1%U;bUs?_1BCM5-VDn8TaBLvi0`v% zYikK1!7!gQNG(d|uPO(%-2R+FD@?E=A7L2ih>Q}bglq`E>CVZPUT?8q+cimB-C12! zPe+%jc2_`Wz$Y4YL@a}4U9K>*q0tC4S)J}@nsdZLY&3E`HL>~OF!^?@|8KJivQsp{ z0B?AIcb9SIs;l1_*t~g-w-U{#qx}ww-;$^IevZQ4y~EeLt|XFyI+Jl339@p(^8ZnA?7Jr9V!e;`_wT`m$tT(SW~~uQI=k) zvbOtaiT0o}GXjjTs4&XoTpSTz#TUHv=`Y^#K=iJgbOS5cbMRKs-}7b+t3eUp#ChxC zaZ@STyXU7h`grx za^jGM*}Uk5#h&S&3>Q5538oK(?-Xgs6IjxG>QK*OKLQ%83)Oeta&&qpF3K!PmO`51 zxOuSpQOQA*kbB>@mWCK#oGX9YXGhtIhjc8jcx%vvWLSWL_*x%beNxc5|bmaM^u z?$nYzANw43OrQZK2jz9#Dk|fkA+rcC3xatLQ@YL^=dkIJu=B2o%^%i~zECkt+eJA{ ze+SaYoMO|SVzGke<`f66QJ_+U5NWLL`QJfJC$(cS!&lE3Y_-Hj=yj`C*>)}o^)dAA zR(~XoB}}sqV}hi-f0TNcnp9I-A3nhp3jrI zckQc>#bR`4Zkw=0kSes zF&iqma1c1bClms%UO*Ek?(WVFh?I}uCR34$Ey%VuMw&Ikut=pPWeE00L{C8}!bqVs^jH@zlwsa<(GnZIRK63^BRq|4n8q39w+vy^&xzZKRN!>&GS zu|y7tT_ixrSvvRdUYc2{Wi36EcG()wwVbWhrpr#w+g0=)1DHlK?Xg}qGDjXs-ghjj z-JE*OV)8}r&@_$?jb|=;YVEpa40|iK_4orSh?z(Ne0m}gEl=b!>xpE3d|WS9^yV9^ z@CPFAEFGTOte(5I42`Rb5}3#LK{D-0qo^H);KFNySxf6pu{65=KgyeJ8=4&tDRzoK z(oNXwf4Ep;u0l$`xqZJBfpb0BP@XM{+M<);e_8To_qxEh?)Z!GT=(Z%XI#dK@5@|E zR-40Ym*4r>foQz6?Av(F$*vU9cmN>*3BsHXd!}R0PPp&)(w?Zq-+n!-2EUVm z$dO429|f)t9l=}%&W$?pVF5v99E2z&rr<9=P?6W{;WEQK)50|^ zHFd_=mnV*y7VI;}ciUfVKCq<_GO$HvF!^|b#&y~vS+q4U5)%?2;cyf(P4r8_Mc0O9ScxCGGMwLmIq_RS!N(CMsY5YeMUsy~kHYub$>;aD|*OgJ@Fl7jTr zHRpD6Xz$~*-;sJP7Gpmx&Hf>J0MM-<7Md|zErP6D_Q?Sy_nTEW2;J-JRacboI3fZR z^t6+euf=BoaeS6Ki5KO$WBY|Od`_K+*asO*I!f1Zl@OM^5!^}zL1bS**M5Dnrh`rX4_Q5T z*fwQA;~!$X896kNj{MiB2)U2{(A#_Azx@BSS;?!A#g?lL(DImYA^wx4J&XwPsjjR% zmNF6e&$xpKaG0t8pJ@93hkWjTuQ`Gkz!LiZk&IxAk`V)0-q-sc@y%%wL%}x7>ZpB)f+ZUS&xwTrzXbl0qrQ3sX^BEo8iVXOF0VA+@%yju8UC|Qw8wz zLvqWL8#+5F*j>62Bl|psv1H3=B&>&syD-0d;bFHfuYQh_8w3am2-aLm9Ehiy3WWqr zigBHxAx~by4VM8{z=V{LwU6Wh`f|Fjaz?abd|LJR7bZX6dXpYb-Z?HnmTHAKjToQR z_I_nvM#oqz-EcyP_=r69G$#!QNrZb^?S8(js*1nh34j8xR#kd=i|3yCQJge1oh?46 ze8p|#h3X<>vS~z~ViK&Ob*e($HETIEW|m@1+{dz{w54z$w2U@xy4@?@7@GO;=DN~dYSJp3 zx`~%isuk7&GBzk|*2EGx=X(D}5XylaIt!+L0D(fA;W9D7l3L(9IBU{J&e`qsGPTv0 zg+=0{85~L)+v6Mh&*3@q)sT-!uksMjSf5jv{ff}oFFVfYSNRgRVTq#4^G|lGobcMC zLF|d-e|;=TL&k|nW7#J0wf$nztO-VnZ7VDP{=)^ptMBTqC zh8UK|u%sV|t{tFSSwa~yeiaE+vQPVekVJQMW>pz2#-q#sP+jz1EZ$IwdsQx?ntP4| z6i4FmjCNM%o6C6`KpLQlYbeNJ$#m$IU`Qsj_y^!ng7)O!_)-p9%4=gl`5Vp$^J7yO z70<6A3wLW?PC1x;M8fq^5}goX4RD~gs0R?zec-u35yZx3URHzBmNn-xj#$J z#v=cw12#7lsc`4l3L5EQeO?Tyu5+x@9SI?6CflSIvT&{!e&4Pk`RT$kc8*lXGO|7) zK_}K{^dHy7tTn0;fD);BJQY?>LBW6Ra>1691S)y}c%HiazK7TeOxX9!Q{+xr zL@Lqusl-^{;@G4xMuVo0`sLw4(#)Zhp^CUYiZz@oO&MGWF%qI7sf5qo*T;N{VcfEh zPZ}I?aq_ezad83_pOdLjg=w@WGLiB`u=FX$M)rwN=5>Ds(Z;Jg(NFU?eRDIujtgqn zJ%Y*KNa{j3j6o3o-Yq+2Vw_Ru%Y+$hI>28y=QE4@o63N`h#sK`Yy5}#SwM@oL)NZ| zy~p7=B1)*1?3&xHvM2wQXR)LJ-1kl63^%loMF^=WMXHS40@jike@fVe;uHl~X~P2X zC3?DS3iAKhrHAMj_{8>uAbbMJG1Sy8DMc~t#&E-C!g5v9ha)C`3-im4r6%8 zhndGPU@|HB1XLd@*!1Ox1(|*28VJtBchf3TVuury?eAOMUWFdvnR9I? z^1sxC9iVuX=M|8|D(8Ry6N<-orTmA}i4)-+q86zlFq@*o4&So@MHEEj9f)QhC9dyh zuNEewcT(AY60CLdEqQyG_P>~@Io(BC&fWJc1aE=0-D#FyMph41h>(r)@`M&BIv3M; z!7nas$wmu%a8C;gvPYw7K3AQN`23eMRRGy`fqnvUf6pm$8M@ zt$&v#2yYa2?Pxp`M`vJNV_~%@a}cG?kpz#BU^IyDPN@MxRcmq|ZITo$2A=Ff1?OqZ znLH68HAeThJ}t2DbEJB5aHJabe5y5g$QpENw{yMz;Q5qd`LxPji`WCGK6+jUlu)tu zq6`d3jm?E;X>DO=V$byT8!@p)V~vN`bAv4}7hBa{W-AsTS#?G2?z)~0Hx*rDsr(}- z0I7|jmCft-jmh{SZ=x3AGo`yHghlNIP6#Z!u}85`<#j66@DeFon=?s^*WtkfS!-eC zzTY_gTeId(`(S7a!Xvn+bbo?_fMHHh9A(ZbEuS_}!IPGthrd@93oOC>BSC=PPLzKL zg&)lNFhgOl#iGW>!;^lrSWg49^QZyT$Z)zlKiq22yrJMvn+5Z6KW^Bv0ipI; zl9Af3n+rAYTp2C0P-~0s`G1QB2iIB*Jb;VlQwg5d)!9JlMhmAD3lNRL*%MD*_nSOa z@Rpdfkt}aLyE{aEb__3uw;p2abhv_AD+>!$Rr-R{Zp-6-aT|E;nrU|0b2wjv$~|}X z^JTpDa1qYNcz_>A#~g(Bc&h4j=#RKC@p>ndz^DK)!-qdoYk4c^^f+p;(E2H;mQ#V_ zQUdtYSc_U!Kga5E)N@#2aAKSkJdotc!u>p{%a#h5*hJvr%Gs5%8r$t;&7tZpQC<@N z@2K`GJtr%U;o8ZZ!}zU%+D1Neow=S*Q6>Yc_mmbyxf_S)aPh;)IvknpcgNeIb;zEV z%0O?%&agWYJzWk*5B)7z6!=oLylzGhD`Z+0A8ctMmh`WEzV5F}gyD=1IO@ zjsffKMvct9D8;nxVb7uZ?z~p=kHc5DMa&n8+J5{w{zhB7uT*Kvn|zFU0MFEwK1Zo* z&;rQHDb+J+IQq$aQ|P0Wt9AIvxkg5#y3NcfEig%2n!sb1CxhrOC||Ta7wW6rE})N@ zl4nE{rk491B!`LlIcq?iH219>U3zw?${%^TiHmn5Akr`jtbEm>9BPDArQWGb5}PDO zrFSCZ3cm#~M7{=`yi3Lm_N(+s&C_fM!9(8RQdF<}D)UaRhWf~0GPy=tTAtW!eOAeG zpkGmdNm3DE;xsLs&_3_*ySzDuJ)2`s4jb4UP2At9LSm+70z*z3Z(z3AJyHfn)A@NHzu;vs+9sMJx0lUr8p-d7lh7;iHvex0nQ%>W@uh?}w+ zTt2!~B!;Ef5LMmDh^3N|Ng$L8E&^d*!CDnF&hG9Lw*0@;*4u7FiMHyNEAgVBegVuOa>}J zv*t15-tyJ!p^;9FSOs6C*zJ7(RSM&Y!o-rmNb*7r z6p4*>ELLJ}N=C*sVs3#Y*1O-Sz=~Ol&i~9VNut&*9uHekD{|!xqH5{mbjK#QlPcXU zl%94(KKO8^S)%OY5JjgUf?y8KA0m$jZQe!E_!S_42@cnir$+P1bgd6*jQchoC{iqL zmV#4p8OWnZzgw?wE47W;ygaSFjH2cy560KLvAWqg5^54QlM<9tE&C|-4Bx-0;t)qh zdGLphrnr=ut|?VgNomSur_PBHYnGr?;Y2JDY7e~-J9o~E{^Iw~-( zK>hYDax}3ST=<=bj2k=P^|}~}f4xO3N$sDV(-NFZRl1eX7}ik19Uv=RrH{cC2@CQ+ zX(Fo;ajZP(3JhRHa0>ta`4_vAIL~=YYnvlfcCHy@-4FD}+Nyo^^-P&b)ZY z%e(?gBdd9xbkbq5+wo1r6Yf>1*q3S(%n?Otp->@xa>QbJ3}?ST+rQ;U$}rlfCBKoJ zFkqlKHSm6+jL6-qL4;LlVaPF7{fotKdGVbU`4;+1r;ICUqKX^{SqU+)l5pP?IWI@wqsx)A`n_h9`d8l!@x%o_XyGLzmwAr&X zivHIzR}y;)R1e=CWz;0)$|fTerZ}<>Kobb>7IXY%a!jW@b_q6JQ^V;gqj0?SGRaAh z=WM(OEEm?8Sr+$gssHp`Bjg4NEm(~3>_#Tz|($%tlh61TLY%Yzq>jD$#G9EN{jr6Nb(*uMl~YpCi^6Ik*&PGzYaU`R-3Y z_w8RQdZua|R0N_%-P73YV#?mS1IJYPuv7+lmmU7o3|s*W^k8KCRw-V$`S(`e;>K9Z zfax1xoG0>d9rKYD50ux(l3|=mspl_hvPx!&)_ebxJnF;f7%zEb+FKIrLOugJ>cWx_ zthf=4nNqnvqAZ!|Sa0jtW6{`n+Khq!pq0nitCR8hS*_hu=A0@^J;WouIvpx`1(FW! zA=l$^7I_$Pz%3NT0C9I2NMejV{vB}UR3-?EG9yDDhy;;GkmCl>+m;)D6U<7T+rw`? z+d3oj#{LfQq_;%P;fcudzEYihpG8)WgrECS+-hXW9gI~#=@u2Yl?x8o^vjK9A*JT5 zV5u$g*U5uAVqi=c1 z)O*IhrQA1Zc1n?F2wZ*2e&$$qPv<ob>q&m$hE=2C*&{6*lXEvR&6sE=x)2y(*ml z#T9y+PF}3c?*&B^(ErulTgJuFz1gA=BxrCA?(VJuf;8?HoDkBu6Pys--QC^YgS%_+ z;KAMD6z{z6{AcFQoOAB)e!Kmp=<2FscXjP&KYQ)r`QqT# zmyD=xBzGO^d`%`JY?+=bKC9W2L&@)5rDh60+$TFL=577}$-fx4>Tk-K$D$@OzlDDL zPC8%wOF+bdyol5tof0j~ER06K+ZD;@C$)Mq>Rd@9 z_&cQov3s`E`VG(5n+z4zCeSOovH}$IQ_Fi>Vt?J^((|}B;QTEDIt}4-O3eAA=HmX| zE0|hEHfLw5CzHigQWrR0)BzF9M)wiNMNv-TFWrZpO%Xuv|8Jy*>0ii~1MR;nE@aF6 z3jxx7#d4Yhk!Z;O0+90mMQCsSm*B%>-oH?u|I17Mbv55TWkD2vNR%!>nTE&-{onSX z{*Ic)g4_Uz1;qbh7x~}K_eK4GwC@hSd76x7SFV0@MX)t@6K06So7J#}|N9Zw4^`PFj09cBTNGSH@8LYWk=Fa}yMP zw3}f-Bz2g3&AsOL8tF2Cis}PckRW3V0F*N6G*)KsqXGB12V-vzZ?#zW^Tp&#N`~-5 zB?kKv0K!&UrT`Db2(JfVq1sqJ42WP7*$nx9>+~Nxom)y+c>GmycUK>fmbiToj51wO zduDLj@qEw`U$^|KG*zzCWG5V5Te+cdr~h)!N^>dtu(#7Yd?%kI^rvX2k z@-25K))E%lc0>w5fz%6os2LeTqfO@Apgvbc?vt$#FZ74YjiL(u{Q75icPXVyH5u*5 z^i^Gk8qZ50Zq7Y;1;_4UIT7)#2p}Tfzhq5C~@c!b{69cJdvGWrZVaA|@^O9M$n>w`>ks8duFv;4)GhBL7f zTThJDt-X9YPya;o$|W&xR~8PJ-N7S#tAaJ;`@NN>m|d<4kA)(4pu}h~A^cUWDxAPI zy#Ug3eB-(!g2q}Sj@4CPpeIU(4m79WD)5hnV=xK4nEItx;~M?^hiRwbNla+ zB1oopt6yX%7tV~L#N4<6y_%OD;?)+=$;AO~GuMFB_?K$}ceJZ1@R(;(=QRHwGuC1g zWTRUMJyZeDQ?J|`s)cVyPk8NSG3e`$5_9; zpSwQJe>oLN*X>^(pOV8Vay)iySbJa`9Dh#lSY7I#*e$qSGp#@?KuF2pAK1t^`3%K! ze^rnw;1d2biipc{jYZP%mhV}(wI7Gp=Gk(!)!w&b%_~L*hq>ym3F;DgzPIA%7 z(p$x}eSJp?#q5OW9)&n@B!^nT_IU?xD4);*|H&t7wBqa_!}z~^>kn;UZ>ewW}H{nam}yI|Lw zOZ&Y}t~tR-3{p;C-Mkw=oNs)*#vuQTa;Jql5GG|K3|puIcN8%^*!<>kLL zxKR>#!*x^TaRjF!|KRTQgq>5mvG{{h`t3tL_uazfn*e>cFkpoWW7zn>Nu2SR_%ofb)$W#rzp;Cu6!XSzLTJR^T*TuUZu`g5F5LR@iT%Ut zlav4S0I1$Se`IN#G4W08Xf-(ZBA~mdStXjdK1+T=Pw^Mt-5Rt{bDvjOTQN^fRu9Rr zF+bGOJ6!9pUov%hnc-aU@STr1HtwF_l}`ifU(73HY%NE29c#R^x9P`iu!>;rsIBf# zqc7mGJ;r{oFEBDGzbeRCqa(<%c70+4Ht=RvKiL{MsIa%WV8H=;?hwr~pIfjna=G!^ zq`uu{FEUaZ|6tNv&C@9SE~{!V@snHm`Pd>P(-mPNTUNlRmt*XFT$sgTC9LcH?Zq~I z55|0h^qT%tV0&1l;i-VW&aaV>x6T&~&W-kG0$#YFMns) zwX8Qfy>D^0GQ{}A)A&GE7oyQLs9g>Mo(Xwl=YH?mOB!~n(scAMWh*~rgkR8>y!kUS zc7`3;g%4iPJPr&l(uR46^-WHX!<#bloaZW?e~6-FmaYsm&pJ1`p5c=#bbQ$Fl;^7Y zQB{(_<6;>(X(^_ofayeVWO`ClVz`N#P_CPr#4=~8GmM{UItt5G`f2pA@a$Qr0S6yt zBh7i$5YWg3WN?z}CB!RUgKk$_L=FJB5H94$;&bQ^13B?Q}>-O`Vo&u3Ry`_!%1o5Z-< z262ay2N_bsuPVXghMsqaaD^!4$Pv&$bO>N%Cfd5AKe64BW%j`6sE}xKi(!YNcCn@* zC4|yMG`25)ZR zseFb3J%*IPlQDe0){41FkJ@@?lOoL1 zv5gXAPD=RcPYs93x6epc8JkCI=_!v|E!_iYO3HK9hTRCO2Sn@k58NGh$bi5*9U!>L z4AjH))PfaGGp~R110D7Bvi43Qnm^M*l+fC&b_2}C(ls!ki|dudPBdG(Z@3jQoyx~5 z#l|)_=F`@>f;Ppfd2>mSW|^RRE!7kgK3U_WYZ?QT5;SD|fDlvBiymq4n5$}eK?NRu z`F0PqIjfx}sDQmSxcB-D=QSIUW9fyq@9G2_?!{l;+NL=^M12v-dQ$|OG zmkZQeeg1)Z&Xm0+ufWUUmjIRd4x`)7eDFoMp73Z<2<;LIq0!CllglU{CMFm0z4eg=@h4+_l8ZF351ANjxe)tSfNGpK1c)W5A2Y*k-o$NO>bB|Sbl2n_S!W7`O~DU2S9Lt2*`H7!2H-8hGU)W+Vh zePiyuv4m6;zgkyfs=J({0n6j^{LW49rGuwYd?Q$6dkgo-T z0_EpK-E^zhIR#W3mNY-{$SwR-KqX??l1pTQtDyxMR2UlI_#3a%fL%p6Q@vmA+UDHxqZuO2w+yoFj&8!*J(S)D}ZH+ zD&$|B=6?{M0eaK^HWkjeuF2PLiCHD4xVIN1#)yJ4ZgbWCtp4S?8wZ99?QZPLBU)9w@t1df$6XRU1luxKD0!Gnf0_lhQf@vg?n7@ zWML0C(r)(}RfE}MD!;1$Acn;rgR6wg?^zerw{6^=yWC5oP5f97D4{?g14Fr? zvp`J_}m3I;O`^kK2@)V$ji&lMjQrs*^1%VtHzz%3t;cSNUDyNgcUcOp#6L z(j7_~2!NcRwX<*IBGvUoP~QEKvc$QyE9%*_fcv)9#m^i*bftY@aIK^J)qIHmB*QdN zj^NuBi`(4F)?v^MkL?b9Ea7-fQwuDf?u>tX+SktMaUuRTG7&9A{q&ul!4M?tE47$V+z?pSus290EcL?)+v$mGIsBHFv2vh3J@4h4z=eGFBo7__4;SFf&H7@jlf?X* z;P*OIF(I^OoZ!!}=8mW9PwjU*@42jW7P%VN9#(I>-5yw;+8C&PQEQg(2yXPps_yCr zQIt^9JVP2PEH>-(Bb=*oL<1j;cLMgm2N~Gx1m>I@x}FU*@(30|+hm>G2-NO}k&YQs|S3UQr$ZyJ*CDJ>XS|9^+N~ zzB*wEpks9a?5q>9;J=X-qq|)HfAlw-V`u&$K>csYOtV;Pq=0F}T(|r`60rhy z&159Y&5j5EaaZnO;ok(S{~ez6-y$}rL^B7DuM*mTgF{_u$LgxypR4>K&PM7An9`ICO+4{TmozN~^U}B>sm6LCV zyA-`^{XU&d(!X=DG>OLJE}lVuUvNvPp6CxP5*)>?<-jRXuS+b;V(P%E(C(R2 z+!vT3E=X8k1oeA7$RQ0A&ON+-?)MsC zM<*#vQjjXy#p=3AM;1)9&r|mV0pDA3CW+0FiB5gCmkUB!v_qn7C&!~;J%1P%W@!5) zInOBhiZ9sEaL?OFvC=XY3jvmt3a*pRs~?Ms5&sI>kyd2YZYPZt;SUE=OlrH)+YbV$ zDks$R%$9RBZmj-A(LJ>62k6lhBFsFhh%xhF)gK^vEM0k!Y1DM=w54YXH)aGJ=KDzc zDqJYkZIoXm%Qz8h1dv|F>EEa=n~r74O*mPrV9uu|u4)mhE*6tzH8B8_se}KUj|kKrs=}oh1fJD3 zlNar!%^r7e4}6e#)5YYt_NF~I$UMOopV6q7M8AAPoq>ZS%$?2&OE^%fj=;|hx#4p* z1b~7Un4DJy;C!T!fb74a?d6jAxhedN5!@{Q(^3hZ(XNcHO8*0C-gZ2V+JSG8eEH|B zTgK8%ka)IFz{ea#M_M}6J1p(N&_R%BvDscQTmKI}N)QKd-vdDMY#}5f*xNS|l>Hx~&Q^FB2u$DU=*amHnc5x1s$Z8E3QEqHba4B&8Q@&i;_H zW+uTLDif8dSKjn$-m3! zU@5==lt0tUei&Dx)1q*UaHWTx?X2dX575*CA+BA)cj0oxhz_Qg2Fa*sU*TV6iii61 zMxhj_$fhKhWai4HsvGwK3y+YaGYRf%Au*UWin+S9`I(=vUE4%ry`$>kFn+kVVWFrm^DRLC;h-DE1~Ubq&lX8i)vKgFDKk6pm*H82e#?4#Utx}P)`nUWnWLs} zrXmD0%3!d+?KGORDkPK-IhrXx$wED5{tMwN9c(`Kcn4oqBL$hX148`wUrj`#Mp2?u zWI^~mV1Tvis@l#FC$ zAInmI6n;OL1NUYo@z!pgSur61Qv>t6_Kx+nwxBZ^7&GZ45_wRv8b?LoQGXbZ$_ zz6?Dm=#O}`8DxtP9^<3rM2}5!4=B(WTD90wd6?2-;nBbYO*s4%VR|VucNC#l+IL%$ z!qz)SvNqj2^sez!rD6=gP(ZBE&eADgZ$!>MQ;F}R0L!kc({nQvUQ!FGh7(#dcV;Sfc&6a*{57?l#|T z6{u-vW7cA1p!+OmkT*MWfM%nSNnS5&f0jDM2GVdsw1x_*-ER(u+id1dnDS_^eF^4Q z#S76`9lVBQNe%l2E9%aW_cLa4waR5}3a)_%u(|f5{9>xkMFlR!d3NKQby?FX;VllB5F%@k(p67 z^jlZ7ZVSPRNHx>S23ZbclMCs+)rIiEjQ;8Y%o@`oWF>r;c;CBMegBn~g7P*_Zas@Bp5%`hUi%_iE7sU(M~ zKirs<>5gP4X}bEJIK2^oKst9qQ_0x8tKPF`rI2M9Di8QH7{%r8gZry)oHJQED@Mbf zChg!IcE=4>&{X+4&934UYK1y=UEfI?!eH0pRTT*U`u=I3LG43s{m^fPwdC=5`9_U7 zD_s=-+btMvZGT2Nkt_Tt>H?p_&q=!;n{FW=p%C+&%7mNj%f^lcV~0qpvrXxBN>{37 zOo_UN=UUIuq%6a5XRR#9FHXkr0_7Teny-m>1jS&(ue63Mz4ih#yeZ$Qpyh+8J|sue z@%arA)EPw3_hxE3D)Nu!tFi~k|M>R!Gv{k!+AscEg1gj+B_yzOtKx+HW*sK}T`OqC z8V$$v=0_4LEJqwcoV;EajZwlIbO=F(UOeUj+C*Nc$3WlZu6};Y$*;6qC3o^2`f2Wy z*&7^iAxA=j!B$EGbqz&HRN8_R^5F3dE_gD+l3WHu514F{E}B?=W*81T@e~eKsic)d zo_BA^YNYZmV1LqVO%6jEnniuO9dTIY>Zh;`&fl&ijB!|PAVKhtJDBOCfEEeVE3892 z-kTl|Q|qg$9ZRwMky?cQ@kms_+e|xco5PNmP?&YFf&W)#5|vq-$GE%Ec_&mHs%i){ z#>*V-EWtVG2T2{xt|R6LRzywhICVH)LPdvCQR<3)7lbC*x-W2jcFBc>d+~mGJ1oe4 z9HpCc1U3ZmGnQQ7->zu9EqvR{<8X&NO#;&sy_SDsQ{AkUW2ivc| zT(|3}^y93>XjlgaJ=r;g34*l_0@ z6Jhga1P|MT34aSw;=$y5dbc7JKwSI8Ar|LeSEJWUVQt32Kg{TKGAnCd4R4P*LB?&X z&^Zt@4Taq@MdXN%>QwYF6~Gb{G&zwk&{?Yk|30uSQFUAn@z_E4hddmY^5 z^v+2I36Y3)IA9!^t6BS%myyg4H&~>d=Wb>^PP*12LA{6I>8)z%(C3T{ic1@_I(gEq z_LE+y%nyf~u16x|B&70ncs~wgl{x)5k_#I1XlTGATbq{k9F{0!ELRiYrZb37r0~B+ zn=rgNNYzSR5S=lieW8&Z|467IhXvlzpHoxkmU$1*7(|$!!ptW`=4KYF9K#lW=TvY= zpnwM{=FFttmxS{k$XO%KA0zqXCN9*mH5tLQsCWk{BeU!0@<_7(@mWiRO1C zo*8Qbf$!dlEO^?dQNdrN+azx0)0UARuPl4OP1BHurSRnKQ+ko7J!qCBBW&1}AYz6- z#(s%zLifv*&B3bK8;}Jf&YxvzCQa&mlMwFZT@B97irA#mj6)bMl}bs1!|cxHc{ZZf z=rL3M>PI^l3JKovvYg7_4Nm+16Ejp4Qt<19bfU3$^4&Fa*NrxA-XHXb=#&Kv54hdc z227agp$!*E!}dUQXo@EE{5PWxQ9{8+@T#G$a+D}w0`wWdVtLUzzInuvZ9yFBrCXZ4vjo9C}6Q;d%fe->-j#$h%o?I;WIqq@PIo&Y^6ej`1F7o03j z&}%;j5h$s$Y=OG(LIvylzTy#bst^>3k5NaYLd7i2$sjvR8rrE{i2BqR_@2kgSFOy* z905o`&L1msVrWE?3gYSH(3N{NZE8P?E0G2jU{z1?P$(hKdQsz ztcn%q``N5c4ILvVo5|G(!-wQ&>bZ}>##K=vo$p|5iwHhOFG91B+c=h*_;5nuD5t=B z?fdAUBi98LPtYc2n~FCn{8<`4)4Mp{0JYS5HB~iAjZ&p_wKsBLmv_i{vc2Gpk^$yT z0Z6$hBGcgF?7h1t$(Gd3WeVFjLu_kOd88s3c5}BfFfg%{zBk~&H87V>5?@z-aaKNQ zj8@i)q*9ulKBbwWJ-OZXxib;6=03-RtU(l-mYOQ1p>(fI%NHdzrLWw?gw}I>RmV-~ z5QvBRzb@gj6KAUU>)L3+2=cT&#WTkq9E#)$>2xA00TAbEP+OaVYg&AIDNFmi1z%zB zl)q1uWAxlDa&8T~Gs!FRjfe9hh77md&=pU?v*5I>5;Fs-j7*uu+Rt~43X=%7C09-v zl{}fsBPy2pH0nWbgl4rvprynjg5Sq9Ag^X&wNVDPdy6yC{m-6f}>m!P`E=z{skZV%degjf=3QB#ghA4bg8N97$wLl3NkoR zDtakQOiIe6k|71w!4%do*BV0OJTzqC4^^eTYpeZoK0SXf1+|CnIYv??778((%FE(4 za^`SR?9^iA8OglU*_D!oJPWv}!%}WNcN0ewottChHG0o}-LS8RLZch1j`NQy`vx314k;c>VYZ4`*y~(T@UyKS#MNl1&Q6R&lx(QI=Heuz< zf~*n-D|&X7kU|I`J$G^Q4AV&F29pqu6j1%r-1Cf+5z1UA20KWvNUV0nKh!YH#77X< zTRRxGi4-OseVGEw;yRt5zj-Lw8ft70*mZnPeba2Fbk;7$0_W`?HxG6pViX)75o0*D~{jXQG<3b=TvRl&VglhIDR1T#*ZjU*{TDt=m)Bmzlg(;<()9?A{Sw z@|&MhT0Bj=IEsE}!bHVz2^2ABu^;Wc6P|YLL+=(GAK)6&6Fbl z`c6sF5y~89)k&Bw^i925cge4rNftz^e6FjqMuaTM*@!?TRzwpj`e{r|?M9Ob7BKe) z9rGL>h_#X)MrZz~lgh;9;3hbZ#+N93nIn>)L^F;|YQ#%e%u9FSfiY~czG#vy9Tu&W zYxK~l2g9G=)*;^VA1_~@E*OR~#skF84z#hHnM`cb}_zd!592k zlT|ll>1~1XPd~5KROKX9h+kkI{yR!s`JSsrnKn$P9m+}@Q-ks`C*0#0X8?-wp%I=? zuex`c@L>;}ZH9yYe7%|dl?T|%iHvro!@79Ii&QT!TuHakIs#RfA?{9SVzms6 zCR$1ZX8R?6Ov$3RZ{XT1PUPpFB+(K^huoiMvQ@y%jv*@W1xY#_`iH3RDC(#yhlGM> z>=c==rWQKt>W?!LFd$|*d=K?XY6sB1S5r9?m~Q~!w+)z0-mr?(e;8L8>sMt&R%4}U zV9@Dk?V0QaFv>v51f}A!Gmr6rO(p3NR3j5m%%q!Q#e9)^$>Rgy4q6?*)a*!KryVAm z^*7h+^&~gaf3GHWpar;he`BwI5$XP0;PYRI?7urG{U<`*>_sKUDG4CHxoJrKPe~^c zuPz$u(7%kwxc)!@qu4%7E!fGYzj0Y7B4GFGo&y_LEe>WVWbf}uaZ6T;pzy05U z_!O*{L*Md)n@3BrX^tlMyYt|D$ye?ifUh3=LHphqyefw>+)S(-*wJr?ajzz_N6tDD z_S+s0bA7^sqPLTJ?DEj+KsBmgs8Ey(Zmj2ZGukt1p^MW-d-`4=`+B8_g>VUZ&M|re5x_6dNHVa=rzDS(_U(!=yhg9R~r<6Ian#+ z!o$Hp^cvZYt(}-2ZE)B^HQ;A4(v!%-x5B#8Mj9vzWT}=GhqRS8Q2d1m%TWIq3WQ;7 zxn{9a9DH9G?DGY?sBWsrJV$TL_$ys-aSVNPt#V-7n`E`kwU-)s5IYSwq_TE;n8{bb zj>l^8){xKR69|f%g%+#!q&`MeAUv9?UF9cJT;=dPEB172iR5&##p4ki3U;ans(F>7 zN!)SMQT)8%9|y5jmImG&n8>dIpNHMXO5{vd%kg{w(MEbKBN*wW9-8XZBa{ts%5M zCMQ;nY)+BU9ztdm^HwH0I@Hm9XJ9ihYxIH-_%U?XpGPJ3HYs6rWUSC52q-0cM;V1OG<}*LQ1g}EB>$W# z%`c*(fS-QvOGQ!SQ#_icFh%iK_TE>!7Ur;8P=l&K)MN^OW+S!g2Gk?asD~G4pZ=att1EjhJo~1_L7Hq&+#}_rUkd(Z(!; z8;Ab|GnES>$33ZtjiyL5GD}9~_EX!OMW6-E^jsz9Zq{Lgy+6&< zVC8AV>?!+;heLEs4vN`gbVM2KjN%z)NHY~+aJ?aeQ0`LaNIG#qWJf;5Pg|P;(jT0! z?XQI2K13pp$iT#+3@j0U@qRH8AbI>}k2dDt2Y_q1X2?BK^sl**|y_Y!*%>UmqR z6-Sq1jS`YqAk@U?X9p47dppZxPX!XHiGKj|Q5h*`WFR19yZzT7^d3-FY|cK=tuw=d z7#4H@9E_xsPCoqzIrH%HQ#seAxb-8rQbz0`$y5Kg$kYzdpnr+q-`^7ru-zm`R}o3G z{F`%K4?-kMD-1Bl7U|Hupczh3?N_d!5)yj#BWhfM`>)ax(**KeSu0quKE_)kfFB2atu zk1=1u{mW9zr}e%`CxuOo;`%>Aavbyy2Ve^-pA07Wy!{*T*J zc&8S^j>mIE4Go|e_-?--1CX|4)@=vQqJXq<1f0Zp|!VJ)Zp{#}9<1p}HCxhPGwTLWfLu#j3qzmhHk$*;TSk*dt)RnWK|Rf- zn$&0_sMVVD1UnC$(^#~&xTt-!F8nNB_4zIfRa%UJKHgue^8ZL0WHV!bEQwz#4p$wH z%oXsgKO86*jKX$OyzG;E+gzMGU>__eZjal+Nghydq_R9Zui)i!dkYpc8GUwW;3hOX zug)&w!W8e`*UAV5+CmE}DwyH&+s1p;(*U1uYC7K1*=@qLm_1l1Ur0W*-{0Yx0d?$c z{eh41FS}&wcWP28SPm*u+OwtdpN3WjiWU_|VMe(~Z|xVeatJlHz^5NXraswbmuUO* z6j*)wV>h_0#?gOQ!rSj5=Y}v?5}!W=!WDjaW0F~d@1L7#^{JR4vm!-7e>s$W!xa!D zTgZ*2*ta~7RT9kcu4Mp`dt)6ya}}T^E;>s_kA^!EKp>uzYZbz=0?&HyV{tv4qh9ol)7!Vgop-3uH z1d=FYToL5c58-MP?yQ1oR3v0NahQf(T&1+aUNMO%wJnkE*36sYFfv1ZQl3O85u~XB z@YygKCn8F?T^wiI@L3qs1gH`yUWsGVJpx39=TA7(I2YW)X?YF(Hw^nGjVEpRu%d0= zfjp`E1@J_;`#2v-H(HP%jC-MQMokavIWD3<7cO4o$+@d{ZfZT^ydP=})MjQTdzh9cnCZhyA_J2xV-#cY z`t34#nHFoqou?=@BdzUz)qkl;AqfOkN0Z$(BjT1LoL6NrU8DN<*xnW~6En~ZrPf<6 zIBXuZHxAi0`cr@sHvjAZue^|NOvJ*TTipRDI{Nw(yN3V7)?2kxGqZAuEc-`ZR+$@kbkZn?du0xDiQUOeYqUys|T zMe~G}dn}U~*;x$R-CrM7Y9@i;MZXvBP6SVzbis)J-+ha;foJqJi#=IXI7! zjvq{wTgv{MST6}^z9rM|zRTvTvhp1kB;oo<`{bJ~Q1_ooazy=R-2GJf+7!lzv*Dtj zWCg3`ryVU6AilRySr7x&hd=js4~T>!!1Fdzc4iUbS5$tvOa4Y@Q;t&6xeY@hLwnXw z^ef$2!-1QeNBh?|RTV(&HAJnJ;y#33*Npb19reJ;EeIs9UV#oh9L5TvA%P={b`*aR zZ}|LqK3xj2g|hj>^!IW)+VfN+l}Um=>(PO%vIR`%i>qmUA|X$01+5z4(S~UhP8Y37 z)%U^K8<(XD62Jh136+)pbEI)t%Tgj(SF#;Ko>QxyygWQ~I*5u_aSK^2I;K~$d1dA2 zp`oO3!RL}l7yW2wv{_rDbXNqkYP<2r-7o&(PC8KqKM@5L_VZHrisMPgik9M=b=aJ- zMs1(X#%%Sc(?!pV^NQ@y`xG8fp>$_iC}13yluaN#R%~wV{cWjqtij1|Qh@a}*?$(0W&EE$HtVhsZRKONG-v-RFO;v;#Ih(sM(cFXT=Cm- zd%&)cugtXw-QPVs#qDxQB+*_zMs&_*@df`L#t@~>=OqaxdS*#02yzin+f}hW7 z($bt}OeEpsAd{fRlCc-ec|c~gU;^#YEi^{EN&I-3t3mP_gQ*&ch56+%ph-#Hu@S_& zAo{@mZ?9WPkl=q~Ezv!Y>AbP|mi~(pG)&A zfZ{lX(Ms**aA>RElr^2xsDHL5Ix@RRD@8@}!+YcYgHRI}vLTI|x3wYJId}-c6rU4G z^mb}3<$3Bk`YBW9s^pqg5zpo1m*y;-FrZmM>dF-Q&XC<|B0^jwi8s(VMRdKC|KplW%o7cb#%SkfVl(gzV9|8go)ZlYEodY zmy!+DE)qw7bQr%y6q|Ddc2DMEA_;EGR*;iR!ZG|WXb z`6r_PkBRVqPLyZFmlJ_OARkVc#k2(s0uS|qf_KL+~guXm7Ht&^_ z_$`|_&<^gt4>S+}ykv8~bV%em-dSD@7asxdEBOn%dW@ye9s$&V-1|H4Ad&)P9fuP) zx#ntdV-3v!N_s<;eaYbN3j6|0Z`& zn+(cdU@3J*x)>>v1AGjUH;y-&c3HL@x_cVO6Az+ypk?`k9g$PgZSi?yA$8jgorzbe z`bY}+({cR;7d4|TBOnOsd1rMdBG{)5Wom~P9lVH6#|R=S7g1!zBwc@1A4wP(B~&cF zGjBHhB2=H-k6d!z*-EqDPk8szoWBrpnF15aD83rQ0d*lTQ6@Q5`up2UtLeSdIGH{_ zm5lH}P`Mf2@6=|?qG3vVjmc#%mGi;I3a|pH%j}dYFFbk14*p)TKPheDQal~v-oef^ z4)vyNgC%E3p$JP`5b@k+yB2y9w4 zFB0vK&>vd0V=VCf(X24kKUC|XK|;f)j0T&v>}pa%Lyk;$vdA)EJ@j=B*`w|=*5efz26`m4yOW2SVVJNWRl&G1pYVv3 zw1Sv*{gg2UMK#5LdVXU1QXUgQ-3sKBGR!LDoh6>lB4+M$ypt|7F z^FS&?hvxG)+&~RV5FBciEKaRg{e%3&(p9O^8xpCx+{yS&`1lW~%pja_^_lm(Zt<6F z%Qt$+P+4O%`Fl1y)LmWGhu zwHL^UCTgqOUL2K$lB+aQeEvf4C0b5Wzf0hdb{@~gCU@;|^g25*Fv`~Z;bOfHLk#t7 z-S&cm#TW0YJoC%%g{@Nc_rJ3!kzt#i4Ak=Ux25)*pbg;w$ISxyD;_yiU*A(L8YFlq z+=77i{YG5{)QSalJbe#K`~NU@j=N`Sdo)MN;`%ofICxepvV_YzUyMu#c}%b9aqM_D zB^f(APbO5Ee!A)@!Ggzl7(KrhWn+ilu*`h0vL@G2DTV!G>E@Q)<&eq5@54Ziyna11 zpJdz0Un(^F87$$E>g`Q~V3iUE(I4(KH2CBrBRoZB0#az`c#pzEw0Dg$NOvc5h^WP6 zEdTI)Y$U^8uz3n54*KuLS(2GMX!<`Zu*q0TsHkQ5UDYNJZI!X{9CxxY5+6fC<9!_< zH$76wNm6gNfG{$)hl6#*1xa>ZZ!BnKU7>?tvB+qaO!hnmD>gTp&h}MPoOFZCG-KxQ zxWye_t15HcDEbfFaBz9>LYc7-3EASXx&&_1|&1Cy#@(;Y}p#2cHNnwnhp$?{_-5P#_&I3} z@U!i$XM7z3ud0Aam!qyQ?Sihpe$9&2xc)>+ykeT(#(wteu>F1=x2vJ23j9L!$p3nH zT&39SSPjA%V)eD2#OULCogOs{IQ?rpl_3CFG{BK)hyP{j)EuZHvDV@BGDRu%dgT&( wwC|@z$NzS@h;`Z=U}v;L7LxD(Kex}q-5xRA6Jc^x5Wov0F8{Gy)WGL|0a;ep4gdfE literal 0 HcmV?d00001 diff --git a/docs/addons/postgres/standalone/index.md b/docs/addons/postgres/standalone/index.md new file mode 100644 index 0000000..e626baf --- /dev/null +++ b/docs/addons/postgres/standalone/index.md @@ -0,0 +1,644 @@ +--- +title: PostgreSQL | Stash +description: Backup and restore standalone PostgreSQL database using Stash +menu: + docs_{{ .version }}: + identifier: stash-postgres-standalone + name: Standalone PostgreSQL + parent: stash-postgres + weight: 20 +product_name: kubestash +menu_name: docs_{{ .version }} +section_menu_id: stash-addons +--- + +# Backup and Restore PostgreSQL database using Stash + +Stash 0.9.0+ supports backup and restoration of PostgreSQL databases. This guide will show you how you can backup and restore your PostgreSQL database with Stash. + +## Before You Begin + +- At first, you need to have a Kubernetes cluster, and the `kubectl` command-line tool must be configured to communicate with your cluster. If you do not already have a cluster, you can create one by using Minikube. +- Install Stash in your cluster following the steps [here](/docs/setup/README.md). +- Install [KubeDB](https://kubedb.com) in your cluster following the steps [here](https://kubedb.com/docs/latest/setup/). This step is optional. You can deploy your database using any method you want. We are using KubeDB because KubeDB simplifies many of the difficult or tedious management tasks of running production-grade databases on private and public clouds. +- If you are not familiar with how Stash backup and restore PostgreSQL databases, please check the following guide [here](/docs/addons/postgres/overview/index.md): + +You have to be familiar with following custom resources: + +- [AppBinding](/docs/concepts/crds/appbinding/index.md) +- [Function](/docs/concepts/crds/function/index.md) +- [Task](/docs/concepts/crds/task/index.md) +- [BackupConfiguration](/docs/concepts/crds/backupconfiguration/index.md) +- [RestoreSession](/docs/concepts/crds/restoresession/index.md) + +To keep things isolated, we are going to use a separate namespace called `demo` throughout this tutorial. Create the `demo` namespace if you haven't created it already. + +```bash +$ kubectl create ns demo +namespace/demo created +``` + +> Note: YAML files used in this tutorial are stored [here](https://github.com/kubestash/docs/tree/{{< param "info.version" >}}/docs/addons/postgres/standalone/examples). + +## Backup PostgreSQL + +This section will demonstrate how to backup a PostgreSQL database. Here, we are going to deploy a PostgreSQL database using KubeDB. Then, we are going to backup this database into a GCS bucket. Finally, we are going to restore the backed-up data into another PostgreSQL database. + +### Deploy Sample PostgreSQL Database + +Let's deploy a sample PostgreSQL database and insert some data into it. + +**Create Postgres CRD:** + +Below is the YAML of a sample Postgres crd that we are going to create for this tutorial: + +```yaml +apiVersion: kubedb.com/v1alpha2 +kind: Postgres +metadata: + name: sample-postgres + namespace: demo +spec: + version: "11.11" + storageType: Durable + storage: + storageClassName: "standard" + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + terminationPolicy: Delete +``` + +Create the above `Postgres` crd, + +```bash +$ kubectl apply -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/postgres/standalone/examples/postgres.yaml +postgres.kubedb.com/sample-postgres created +``` + +KubeDB will deploy a PostgreSQL database according to the above specification. It will also create the necessary secrets and services to access the database. + +Let's check if the database is ready to use, + +```bash +❯ kubectl get pg -n demo sample-postgres +NAME VERSION STATUS AGE +sample-postgres 11.2-v1 Ready 50s +``` + +The database is `Ready`. Verify that KubeDB has created a Secret and a Service for this database using the following commands, + +```bash +❯ kubectl get secret -n demo -l=app.kubernetes.io/instance=sample-postgres +NAME TYPE DATA AGE +sample-postgres-auth kubernetes.io/basic-auth 2 2m42s + + +❯ kubectl get service -n demo -l=app.kubernetes.io/instance=sample-postgres +NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE +sample-postgres ClusterIP 10.96.242.0 5432/TCP 3m9s +sample-postgres-pods ClusterIP None 5432/TCP 3m9s +``` + +Here, we have to use the service `sample-postgres` and secret `sample-postgres-auth` to connect with the database. KubeDB creates an [AppBinding](/docs/concepts/crds/appbinding/index.md) crd that holds the necessary information to connect with the database. + +**Verify AppBinding:** + +Verify that the `AppBinding` has been created successfully using the following command, + +```bash +❯ kubectl get appbindings -n demo +NAME TYPE VERSION AGE +sample-postgres kubedb.com/postgres 11.2 3m54s +``` + +Let's check the YAML of the above `AppBinding`, + +```bash +❯ kubectl get appbindings -n demo sample-postgres -o yaml +``` + +```yaml +apiVersion: appcatalog.appscode.com/v1alpha1 +kind: AppBinding +metadata: + labels: + app.kubernetes.io/component: database + app.kubernetes.io/instance: sample-postgres + app.kubernetes.io/managed-by: kubedb.com + app.kubernetes.io/name: postgreses.kubedb.com + name: sample-postgres + namespace: demo + ... +spec: + clientConfig: + service: + name: sample-postgres + path: / + port: 5432 + query: sslmode=disable + scheme: postgresql + secret: + name: sample-postgres-auth + type: kubedb.com/postgres + version: "11.2" +``` + +Stash uses the `AppBinding` crd to connect with the target database. It requires the following two fields to set in AppBinding's `Spec` section. + +- `spec.clientConfig.service.name` specifies the name of the service that connects to the database. +- `spec.secret` specifies the name of the secret that holds necessary credentials to access the database. +- `spec.type` specifies the types of the app that this AppBinding is pointing to. KubeDB generated AppBinding follows the following format: `/`. + +**Creating AppBinding Manually:** + +If you deploy the PostgreSQL database without KubeDB, you have to create the AppBinding crd manually in the same namespace as the service and secret of the database. + +The following YAML shows a minimal AppBinding specification that you have to create if you deploy the PostgreSQL database without KubeDB. + +```yaml +apiVersion: appcatalog.appscode.com/v1alpha1 +kind: AppBinding +metadata: + name: my-custom-appbinding + namespace: my-database-namespace +spec: + clientConfig: + service: + name: my-database-service + port: 5432 + scheme: postgresql + secret: + name: my-database-credentials-secret + # type field is optional. you can keep it empty. + # if you keep it empty then the value of TARGET_APP_RESOURCE variable + # will be set to "appbinding" during auto-backup. + type: postgres +``` + +Stash expects your database secret to have `username` and `password` keys. If your database secret has different keys, you can map them to the Stash recommended keys using `secretTransformation` section of the AppBinding. An example of such transformation is shown below, + +```yaml +apiVersion: appcatalog.appscode.com/v1alpha1 +kind: AppBinding +metadata: + name: my-custom-appbinding + namespace: my-database-namespace +spec: + clientConfig: + service: + name: my-database-service + port: 5432 + scheme: postgresql + secret: + name: my-database-credentials-secret + secretTransforms: + - renameKey: + from: POSTGRES_USER + to: username + - renameKey: + from: POSTGRES_PASSWORD + to: password + type: postgres +``` + +>The `secretTransforms` does not modify your original database Secret. Stash just uses those transformations to obtain the desired keys from the original Secret. + +**Insert Sample Data:** + +Now, we are going to exec into the database pod and create some sample data. At first, find out the database pod using the following command, + +```bash +❯ kubectl get pods -n demo --selector="app.kubernetes.io/instance=sample-postgres" +NAME READY STATUS RESTARTS AGE +sample-postgres-0 1/1 Running 0 18m +``` + +Now, let's exec into the pod and create a table, + +```bash +❯ kubectl exec -it -n demo sample-postgres-0 -- sh + +# login as "postgres" superuser. +/ # psql -U postgres +psql (11.2) +Type "help" for help. + +# list available databases +postgres=# \l + List of databases + Name | Owner | Encoding | Collate | Ctype | Access privileges +-----------+----------+----------+------------+------------+----------------------- + postgres | postgres | UTF8 | en_US.utf8 | en_US.utf8 | + template0 | postgres | UTF8 | en_US.utf8 | en_US.utf8 | =c/postgres + + | | | | | postgres=CTc/postgres + template1 | postgres | UTF8 | en_US.utf8 | en_US.utf8 | =c/postgres + + | | | | | postgres=CTc/postgres +(3 rows) + +# create a database named "demo" +postgres=# create database demo; +CREATE DATABASE + +# verify that the "demo" database has been created +postgres=# \l + List of databases + Name | Owner | Encoding | Collate | Ctype | Access privileges +-----------+----------+----------+------------+------------+----------------------- + demo | postgres | UTF8 | en_US.utf8 | en_US.utf8 | + postgres | postgres | UTF8 | en_US.utf8 | en_US.utf8 | + template0 | postgres | UTF8 | en_US.utf8 | en_US.utf8 | =c/postgres + + | | | | | postgres=CTc/postgres + template1 | postgres | UTF8 | en_US.utf8 | en_US.utf8 | =c/postgres + + | | | | | postgres=CTc/postgres +(4 rows) + +# connect to the "demo" database +postgres=# \c demo +You are now connected to database "demo" as user "postgres". + +# create a sample table +demo=# CREATE TABLE COMPANY( NAME TEXT NOT NULL, EMPLOYEE INT NOT NULL); +CREATE TABLE + +# verify that the table has been created +demo=# \d + List of relations + Schema | Name | Type | Owner +--------+---------+-------+---------- + public | company | table | postgres +(1 row) + +# quit from the database +demo=# \q + +# exit from the pod +/ # exit +``` + +Now, we are ready to backup this sample database. + +### Prepare Backend + +We are going to store our backed-up data into a GCS bucket. At first, we need to create a secret with GCS credentials then we need to create a `Repository` crd. If you want to use a different backend, please read the respective backend configuration doc from [here](/docs/guides/backends/overview/index.md). + +**Create Storage Secret:** + +Let's create a secret called `gcs-secret` with access credentials to our desired GCS bucket, + +```bash +$ echo -n 'changeit' > RESTIC_PASSWORD +$ echo -n '' > GOOGLE_PROJECT_ID +$ cat downloaded-sa-json.key > GOOGLE_SERVICE_ACCOUNT_JSON_KEY +$ kubectl create secret generic -n demo gcs-secret \ + --from-file=./RESTIC_PASSWORD \ + --from-file=./GOOGLE_PROJECT_ID \ + --from-file=./GOOGLE_SERVICE_ACCOUNT_JSON_KEY +secret/gcs-secret created +``` + +**Create Repository:** + +Now, crete a `Repository` using this secret. Below is the YAML of Repository crd we are going to create, + +```yaml +apiVersion: stash.appscode.com/v1alpha1 +kind: Repository +metadata: + name: gcs-repo + namespace: demo +spec: + backend: + gcs: + bucket: stash-testing + prefix: demo/postgres/sample-postgres + storageSecretName: gcs-secret +``` + +Let's create the `Repository` we have shown above, + +```bash +$ kubectl apply -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/postgres/standalone/examples/repository.yaml +repository.stash.appscode.com/gcs-repo created +``` + +Now, we are ready to backup our database to our desired backend. + +### Backup + +We have to create a `BackupConfiguration` targeting the respective AppBinding object of our desired database. Stash will create a CronJob to periodically backup the database. + +**Create BackupConfiguration:** + +Below is the YAML for `BackupConfiguration` crd to backup the `sample-postgres` database we have deployed earlier., + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: sample-postgres-backup + namespace: demo +spec: + schedule: "*/5 * * * *" + task: + name: postgres-backup-11.9 + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-postgres + retentionPolicy: + name: keep-last-5 + keepLast: 5 + prune: true +``` + +Here, + +- `spec.schedule` specifies that we want to backup the database at 5 minutes interval. +- `spec.task.name` specifies the name of the task crd that specifies the necessary Function and their execution order to backup a PostgreSQL database. +- `spec.repository.name` specifies the name of the `Repository` crd the holds the backend information where the backed up data will be stored. +- `spec.target.ref` refers to the `AppBinding` crd that was created for `sample-postgres` database. +- `spec.retentionPolicy` specifies the policy to follow for cleaning old snapshots. + +Let's create the `BackupConfiguration` object we have shown above, + +```bash +$ kubectl apply -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/postgres/standalone/examples/backupconfiguration.yaml +backupconfiguration.stash.appscode.com/sample-postgres-backup created +``` + +**Verify Backup Setup Successful** + +If everything goes well, the phase of the `BackupConfiguration` should be `Ready`. The `Ready` phase indicates that the backup setup is successful. Let's verify the `Phase` of the BackupConfiguration, + +```bash +$ kubectl get backupconfiguration -n demo +NAME TASK SCHEDULE PAUSED PHASE AGE +sample-postgres-backup postgres-backup-11.9 */5 * * * * Ready 11s +``` + +**Verify CronJob:** + +Stash will create a CronJob with the schedule specified in `spec.schedule` field of `BackupConfiguration` crd. + +Verify that the CronJob has been created using the following command, + +```bash +❯ kubectl get cronjob -n demo +NAME SCHEDULE SUSPEND ACTIVE LAST SCHEDULE AGE +stash-backup-sample-postgres-backup */5 * * * * False 0 30s +``` + +**Wait for BackupSession:** + +The `sample-postgres-backup` CronJob will trigger a backup on each scheduled slot by creating a `BackupSession` crd. + +Wait for a schedule to appear. Run the following command to watch `BackupSession` crd, + +```bash +❯ kubectl get backupsession -n demo -w +NAME INVOKER-TYPE INVOKER-NAME PHASE AGE +sample-postgres-backup-1613390711 BackupConfiguration sample-postgres-backup Running 15s +sample-postgres-backup-1613390711 BackupConfiguration sample-postgres-backup Succeeded 78s +``` + +We can see above that the backup session has succeeded. Now, we are going to verify that the backed up data has been stored in the backend. + +**Verify Backup:** + +Once a backup is complete, Stash will update the respective `Repository` object to reflect the backup completion. Check that the repository `gcs-repo` has been updated by the following command, + +```bash +❯ kubectl get repository -n demo gcs-repo +NAME INTEGRITY SIZE SNAPSHOT-COUNT LAST-SUCCESSFUL-BACKUP AGE +gcs-repo true 1.770 KiB 1 2m 4m16s +``` + +Now, if we navigate to the GCS bucket, we are going to see backed up data has been stored in `demo/postgres/sample-postgres` directory as specified by `spec.backend.gcs.prefix` field of Repository crd. + +
    + Backup data in GCS Bucket +
    Fig: Backup data in GCS Bucket
    +
    + +> Note: Stash keeps all the backed-up data encrypted. So, data in the backend will not make any sense until they are decrypted. + +## Restore PostgreSQL + +Now, we are going to restore the database from the backup we have taken in the previous section. We are going to deploy a new database and initialize it from the backup. + +**Stop Taking Backup of the Old Database:** + +At first, let's stop taking any further backup of the old database so that no backup is taken during the restore process. We are going to pause the `BackupConfiguration` crd that we had created to backup the `sample-postgres` database. Then, Stash will stop taking any further backup for this database. + +Let's pause the `sample-postgres-backup` BackupConfiguration, + +```bash +❯ kubectl patch backupconfiguration -n demo sample-postgres-backup --type="merge" --patch='{"spec": {"paused": true}}' +backupconfiguration.stash.appscode.com/sample-postgres-backup patched +``` + +Now, wait for a moment. Stash will pause the BackupConfiguration. Verify that the BackupConfiguration has been paused, + +```bash +❯ kubectl get backupconfiguration -n demo sample-postgres-backup +NAME TASK SCHEDULE PAUSED PHASE AGE +sample-postgres-backup postgres-backup-11.9 */5 * * * * true Ready 5m55s +``` + +Notice the `PAUSED` column. Value `true` for this field means that the BackupConfiguration has been paused. + +**Deploy Restored Database:** + +Now, we are going to deploy the restored database similarly as we have deployed the original `sample-psotgres` database. + +Below is the YAML for `Postgres` crd we are going deploy to initialize from backup, + +```yaml +apiVersion: kubedb.com/v1alpha2 +kind: Postgres +metadata: + name: restored-postgres + namespace: demo +spec: + version: "11.11" + storageType: Durable + storage: + storageClassName: "standard" + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + init: + waitForInitialRestore: true + terminationPolicy: Delete + +``` + +Notice the `init` section. Here, we have specified `waitForInitialRestore: true` which tells KubeDB to wait for the first restore to complete before marking this database as ready to use. + +Let's create the above database, + +```bash +$ kubectl apply -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/postgres/standalone/examples/restored-postgres.yaml +postgres.kubedb.com/restored-postgres created +``` + +This time, the database will get stuck in the `Provisioning` state because we haven't restored the data yet. + +```bash +❯ kubectl get postgres -n demo restored-postgres +NAME VERSION STATUS AGE +restored-postgres 11.2-v1 Provisioning 6m7s +``` + +You can check the log from the database pod to be sure whether the database is ready to accept connections or not. + +```bash +❯ kubectl logs -n demo restored-postgres-0 +.... +2021-02-15 12:36:31.087 UTC [19] LOG: listening on IPv4 address "0.0.0.0", port 5432 +2021-02-15 12:36:31.087 UTC [19] LOG: listening on IPv6 address "::", port 5432 +2021-02-15 12:36:31.094 UTC [19] LOG: listening on Unix socket "/var/run/postgresql/.s.PGSQL.5432" +2021-02-15 12:36:31.121 UTC [50] LOG: database system was shut down at 2021-02-15 12:36:31 UTC +2021-02-15 12:36:31.126 UTC [19] LOG: database system is ready to accept connections +``` + +As you can see from the above log that the database is ready to accept connections. Now, we can start restoring this database. + +**Create RestoreSession:** + +Now, we need to create a `RestoreSession` object pointing to the AppBinding for this restored database. + +Check AppBinding has been created for the `restored-postgres` database using the following command, + +```bash +❯ kubectl get appbindings -n demo restored-postgres +NAME TYPE VERSION AGE +restored-postgres kubedb.com/postgres 11.2-v1 6m45s +``` + +> If you are not using KubeDB to deploy the database, then create the AppBinding manually. + +Below is the YAML for the `RestoreSession` crd that we are going to create to restore backed up data into `restored-postgres` database. + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: RestoreSession +metadata: + name: sample-postgres-restore + namespace: demo +spec: + task: + name: postgres-restore-11.9 + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: restored-postgres + rules: + - snapshots: [latest] +``` + +Here, + +- `spec.task.name` specifies the name of the `Task` crd that specifies the Functions and their execution order to restore a PostgreSQL database. +- `spec.repository.name` specifies the `Repository` crd that holds the backend information where our backed up data has been stored. +- `spec.target.ref` refers to the AppBinding crd for the `restored-postgres` database where the backed up data will be restored. +- `spec.rules` specifies that we are restoring from the latest backup snapshot of the original database. + +Let's create the `RestoreSession` crd we have shown above, + +```bash +$ kubectl apply -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/postgres/standalone/examples/restoresession.yaml +restoresession.stash.appscode.com/sample-postgres-restore created +``` + +Once, you have created the `RestoreSession` object, Stash will create a job to restore the database. We can watch the `RestoreSession` phase to check whether the restore process has succeeded or not. + +Run the following command to watch `RestoreSession` phase, + +```bash +❯ kubectl get restoresession -n demo -w +NAME REPOSITORY PHASE AGE +sample-postgres-restore gcs-repo Running 4s +sample-postgres-restore gcs-repo Running 15s +sample-postgres-restore gcs-repo Succeeded 15s +sample-postgres-restore gcs-repo Succeeded 15s +``` + +So, we can see from the output of the above command that the restore process succeeded. + +**Verify Restored Data:** + +In this section, we are going to verify that the desired data has been restored successfully. We are going to connect to the database and check whether the table we had created in the original database has been restored or not. + +At first, check if the database has gone into `Ready` state using the following command, + +```bash +❯ kubectl get pg -n demo restored-postgres +NAME VERSION STATUS AGE +restored-postgres 11.2-v1 Ready 11m +``` + +Now, exec into the database pod and verify restored data. + +```bash +❯ kubectl exec -it -n demo restored-postgres-0 -- /bin/sh +# login as "postgres" superuser. +/ # psql -U postgres +psql (11.2) +Type "help" for help. + +# verify that the "demo" database has been restored +postgres=# \l + List of databases + Name | Owner | Encoding | Collate | Ctype | Access privileges +-----------+----------+----------+------------+------------+----------------------- + demo | postgres | UTF8 | en_US.utf8 | en_US.utf8 | + postgres | postgres | UTF8 | en_US.utf8 | en_US.utf8 | + template0 | postgres | UTF8 | en_US.utf8 | en_US.utf8 | =c/postgres + + | | | | | postgres=CTc/postgres + template1 | postgres | UTF8 | en_US.utf8 | en_US.utf8 | =c/postgres + + | | | | | postgres=CTc/postgres +(4 rows) + +# connect to the "demo" database +postgres=# \c demo +You are now connected to database "demo" as user "postgres". + +# verify that the sample table has been restored +demo=# \d + List of relations + Schema | Name | Type | Owner +--------+---------+-------+---------- + public | company | table | postgres +(1 row) + +# disconnect from the database +demo=# \q + +# exit from the pod +/ # exit +``` + +So, from the above output, we can see the `demo` database we had created in the original database `sample-postgres` has been restored in the `restored-postgres` database. + +## Cleanup + +To cleanup the Kubernetes resources created by this tutorial, run: + +```bash +kubectl delete -n demo backupconfiguration sample-postgres-backup +kubectl delete -n demo restoresession sample-postgres-restore +kubectl delete -n demo postgres sample-postgres restored-postgres +kubectl delete -n demo repository gcs-repo +``` diff --git a/docs/addons/redis/README.md b/docs/addons/redis/README.md new file mode 100644 index 0000000..d9226bc --- /dev/null +++ b/docs/addons/redis/README.md @@ -0,0 +1,43 @@ +--- +title: Redis Addon Overview | Stash +description: Redis Addon Overview | Stash +menu: + docs_{{ .version }}: + identifier: stash-redis-readme + name: Readme + parent: stash-redis + weight: -1 +product_name: kubestash +menu_name: docs_{{ .version }} +section_menu_id: stash-addons +url: /docs/{{ .version }}/addons/redis/ +aliases: + - /docs/{{ .version }}/addons/redis/README/ +--- + +# Stash Redis Addon + +Stash `{{< param "info.version" >}}` supports extending its functionality through addons. Stash Redis addon enables Stash to backup and restore Redis databases. + +This guide will give you an overview of which Redis versions are supported and how the docs are organized. + +## Supported Redis Versions + +Stash has the following addon versions for Redis: + +{{< versionlist "redis">}} + +Here, the addon follows `M.M.P` versioning scheme where `M.M.P` (Major.Minor.Patch) represents the respective database version. + +## Addon Version Compatibility + +Any addon with matching major version with the database version should be able to take backup of that database. For example, Redis addon with version `6.x.x` should be able take backup of any Redis of `6.x.x` series. However, this might not be true for some versions. In that case, we will have separate addon for that version. + +## Documentation Overview + +Stash Redis documentations are organized as below: + +- [How does it work?](/docs/addons/redis/overview/index.md) gives an overview of how backup and restore process for Redis database works in Stash. +- [Helm managed Redis](/docs/addons/redis/helm/index.md) shows how to backup and restore a Helm managed Redis database. +- [Auto-Backup](/docs/addons/redis/auto-backup/index.md) shows how to configure a generic backup template for all the Redis databases of a cluster. +- [Customizing Backup & Restore Process](/docs/addons/redis/customization/index.md) shows how to customize the backup & restore process. diff --git a/docs/addons/redis/_index.md b/docs/addons/redis/_index.md new file mode 100644 index 0000000..fbfddd8 --- /dev/null +++ b/docs/addons/redis/_index.md @@ -0,0 +1,10 @@ +--- +title: Stash Redis Addon +menu: + docs_{{ .version }}: + identifier: stash-redis + name: Redis + parent: stash-addons + weight: 30 +menu_name: docs_{{ .version }} +--- diff --git a/docs/addons/redis/auto-backup/examples/backupblueprint.yaml b/docs/addons/redis/auto-backup/examples/backupblueprint.yaml new file mode 100644 index 0000000..de4f5cd --- /dev/null +++ b/docs/addons/redis/auto-backup/examples/backupblueprint.yaml @@ -0,0 +1,19 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: BackupBlueprint +metadata: + name: redis-backup-template +spec: + # ============== Blueprint for Repository ========================== + backend: + gcs: + bucket: stash-testing + prefix: redis-backup/${TARGET_NAMESPACE}/${TARGET_APP_RESOURCE}/${TARGET_NAME} + storageSecretName: gcs-secret + # ============== Blueprint for BackupConfiguration ================= + task: + name: redis-backup-6.2.5 + schedule: "*/5 * * * *" + retentionPolicy: + name: 'keep-last-5' + keepLast: 5 + prune: true diff --git a/docs/addons/redis/auto-backup/examples/sample-redis-1.yaml b/docs/addons/redis/auto-backup/examples/sample-redis-1.yaml new file mode 100644 index 0000000..27d4628 --- /dev/null +++ b/docs/addons/redis/auto-backup/examples/sample-redis-1.yaml @@ -0,0 +1,22 @@ +apiVersion: appcatalog.appscode.com/v1alpha1 +kind: AppBinding +metadata: + name: sample-redis-1 + namespace: demo-1 + annotations: + stash.appscode.com/backup-blueprint: redis-backup-template +spec: + clientConfig: + service: + name: sample-redis-1-master + path: / + port: 6379 + scheme: http + secret: + name: sample-redis-1 + secretTransforms: + - renameKey: + from: redis-password + to: password + type: redis + version: 6.2.5 diff --git a/docs/addons/redis/auto-backup/examples/sample-redis-2.yaml b/docs/addons/redis/auto-backup/examples/sample-redis-2.yaml new file mode 100644 index 0000000..ae2240e --- /dev/null +++ b/docs/addons/redis/auto-backup/examples/sample-redis-2.yaml @@ -0,0 +1,23 @@ +apiVersion: appcatalog.appscode.com/v1alpha1 +kind: AppBinding +metadata: + name: sample-redis-2 + namespace: demo-2 + annotations: + stash.appscode.com/backup-blueprint: redis-backup-template + stash.appscode.com/schedule: "*/3 * * * *" +spec: + clientConfig: + service: + name: sample-redis-2-master + path: / + port: 6379 + scheme: http + secret: + name: sample-redis-2 + secretTransforms: + - renameKey: + from: redis-password + to: password + type: redis + version: 6.2.5 diff --git a/docs/addons/redis/auto-backup/examples/sample-redis-3.yaml b/docs/addons/redis/auto-backup/examples/sample-redis-3.yaml new file mode 100644 index 0000000..aecb738 --- /dev/null +++ b/docs/addons/redis/auto-backup/examples/sample-redis-3.yaml @@ -0,0 +1,23 @@ +apiVersion: appcatalog.appscode.com/v1alpha1 +kind: AppBinding +metadata: + name: sample-redis-3 + namespace: demo-3 + annotations: + stash.appscode.com/backup-blueprint: redis-backup-template + params.stash.appscode.com/args: -db 0 +spec: + clientConfig: + service: + name: sample-redis-3-master + path: / + port: 6379 + scheme: http + secret: + name: sample-redis-3 + secretTransforms: + - renameKey: + from: redis-password + to: password + type: redis + version: 6.2.5 diff --git a/docs/addons/redis/auto-backup/images/sample-redis-1.png b/docs/addons/redis/auto-backup/images/sample-redis-1.png new file mode 100644 index 0000000000000000000000000000000000000000..fafe699957c3734cc43e1325646c9d6479bb5f1b GIT binary patch literal 51457 zcma&N1z1#F*e(n&3epN9ASF`L-6aYrjdXW+NXH;ZH$$g1NH@dK-AFehFo1MPNzB>c z`^A6#=X~ev>zZqZ?T)pcxS#ue)-qI4{sT6~OAI6=By6dV;z~$JC~ind|ByXF1cQ%IwK+Bbl-oF6BuzwkdR&>Nr{W8xTo(edw9p6K@f;pleCmld_`ja>-R^0KODZqll@u2+jPJ<~pPTKX6N2b7b^Z)KXi`SB}sB`KRKt?$FbT#eXk; z^tjlG?)``V8o9^80&}tzH9bpwXq6agsjKsm21$Mv7x1;H7`(~rD9gq>#^zkq6nS>Y zgME3IJ0eEi;{n5Skt07RwIe<|4+VMFm$Sz)~S_Xpqss8xg2EXjKat>o3&ch z#LLc;jJEZm(pdl0kJil@ud~t1j;~lb5_t%h+rv!Tds3(?|D8nmJsxhmOVUfoP7WKn*X?CY&kyirRR>cV#Q>|G z=xEZ}ftcXvH)^-#WsR(`6}uI*&YTo8HI^vUBU)Kgd7L`fZ#uar8y#2Ag!n}L*X41? zT9(<0s<0AFPpLc{d>wDNSh{e#$OT+Tk}?UNb6+Eb zf!T)|4>P4&n%#vN2k51E19uKBz(mLFt>KDi{ZQXRE7x~KfSvwO*u!RrM+#$vC}77V zQTFOiylWn>tfKIQp2aHH!FL=EQb@=v_ehe6uX;@-Ghs9R&i1_LN5dVC9^P*n@{_M7 zS?CC&Xgj;Gh7~wsU3{q9d}}g;HnU}pMrmPfwEo7}b{H`JPrv!C8SmY96S|DDyVIo7 zS$}A4whWaUmU?nZCzLw^m;iL*Ih*>j-tFU8q@0m6p;orIyv84tVMo7R%6pk10{-dt z5+}hCL`uGA8n0Fdu=Ke!ICiTSF^_|AsYGxqme4y?+ zY!}1Wg)19|J)55O2et((8>_oX#F{*!ae!Nut7m)qRLu|cs7#fJprY0rWnuWBSs=82 zhJqr^f|%pWD6nr}UMOr+^y>~G*{lI^OW3YGwy#Pp6!z3?$`7kTjdj6ZQ?#!5eUDD( z8glp!ejn|_RNb_DzFRwiRW&};@>__j?Khn+En+jJ8X8IK^nc4rswh63Pn=^;H9Wsq z-m}z8Wf3ak*_@hs%i@m#09dDIsjJFO?m)NHJv9yT*3{iEl(}Qi8 zRCGaCX1h>&&`?PwJ?tw!~3CP5#;}!%aiMpjkKe*YM6y0p8WhcVIT#(T?QnZu=-}wyvsm zPrUs27jN#|u@q<8g}eUZoC6BNGcYB53^RLrfA#i#S+m+o_gu)UM3}=``0sgi!<)Tn z0bs=D<{K>ZEK{KM+ogKtLnsd&Wkmc}wz#!-bIy$kNkgekEwLBaU*nz=uI*o(0nc`Y zHZ30GfOyx%@@Q1IeI$F-JPxnFc@7@3bV0ucfp2VPIeo=dYqFn`P9or1O zmGZO8G&CESUcF2EBOI*laj-9`$0F$HlQa_j=-0VUllDE(4V6b502$>XkJ|&)MZQJI ztAbh`As#^~J)Cms6ePphJ3K(huL6j5XT2KU0KN3m+R}y{6Wv10g1;}mS=l$5KYJ#d z@w5}Tuo`1m1BlNFpAphhJLCKFr1-M7;9yZ3Ym@6%GsM{`GYB%wpQo=zg!S^Jmbf_F zL?WdbBnmAFvRz)pg8in&GoR2GbvVAYe(mlcMy-9(xJ zxwTyM4G?~HI&60EJ(Cpvu)EA8%i}nIm3^abN!9mqNynus7P=L5dTHHvi@uiJ|4M7& zX9K8YOCunyG5J;E0@a+->RNt=oQAP~UNR|#C~gJ}p)Z3RG$F8+!*()}n*x41h_c%ZqrUoc z?&8LhF*_plWF43I1yFc!R2vK}UYjZ3UMLm5l*+JzZ%!YG;3FpMT1!K{1gOhIGz069Y%~Od=F#a=|E$zDX^n6L z2;}K-_1MQPI<)4qDBDki`3ngW1^e$?K^4g#+a`wB7)SO5=J43Q4c<^w*{e3XSNOCi zjd2vMYU3`X$wwMM>wwOaWjwin{(UV z6t`Gus&3Kt?qTsEJd@J65sM$wNN`l4^UjTdn4Uy@&%QNvj3DkNy(pXjLeT@w0P5Ig zLL2Y+L}tm|21=4Bt=}#iw9w4iF zPAK2-R+O6oi3W;u1h~rw-WlatxS8v_H$$5r;!evxo_o)9p8Jd--~ItgfO%gl;7c)~ zdbT(KnC`1qX{P`PU&>Ezf4bPh`6&=v2GYDEi{9Q+1*}(IcG~#tW+<#C8utlKcCF>v z9GjK#Q_ex5Vc=&@$_lbH5EPD+J64E0z0M5>;pt&D(X6oF1FVxuo>Zb!E?0_vKqM~92h!6MA>y8Mo8mNd{ zOIZN8&8!B$6R1)SZeq4cgW5pw1E|_aXvi_kEjh~}`6bnLsE*6<2_Gm{k> zL*4Igr?g&&w%$^`DexkfnoZD4bX?9DA@+D{7VPzo$FV}XItne5@6&0LPjdnq&nNKp zhl3w=m`|@TtdD#0&ML5T*c!bVH?zlA@QcCm(9kYioH}L~BjtP9c(gA+o0m_pAm9x; zv^r*^%|RrLp!6*~!QpsH@~nHyWreJ+Nul-{1N|RsS+=zEM{56w-Zdxe77(!qwR?<< zsqlKIIjs2ByJrXxvHXDv1}a=6Ie;U zwo3-k-emsfNqvRgx&168tbWS@6Qs$Lm}Z{rVdfmr7Mj%wykxC*QbhPDPMCkuMc2`+x3R5o~LY*sq*?e09l6r zRDa2WehQ+4Sud;m7k0~wKLYqI7;qqb3l`CN`p5CEwXH|=+aSuU7h=>l1qc%O z?Yo6fi;~KiTs&TLtraOCQj5*1!13YK=e;nI&#UL|?mkIiVBDxeu<0E+HM^$HVSv?_ z-ohlKrkc<(zv#o3&P1|v>(8yG4KUD8R@^RBq>tR2eQ>9ySJDlU7 zM-GWNMM}-k6w}id-h*ZA@8kS;*fPeq=#%MR@#O>r>7I~XU|yEk^*~YV2LaY*d|}SK zl6_?yaEtzatH6@1VOL%$owwi(xM5<$y85zXRV~x2EOyQA&)L=G_cw)tMIo%`2YAtI z%PeXv1$~#-3+8UOUGlV=!qbr5`}_l_nP21XLYqfQhQpr`a=_SUt}DVc-*a8qUJ;Z1 zkv@u_3k`9<^=WH>A%vZ~JpODRfXr8%UHA^`=zId0`JVWG)_p`Wlz~jpRq(>0-t!6O zIjy1o43wAxpR_WP{So3VO;QwYwn;^JSKZ3>kII-kKOPJ_AN)oEu8#cA+CWx8S(@n+0y2pI13?Y!Dub+P7nl~i056nCrwK*IzG#Xod zfurhWA3|}hc4(_l7lnS#8@_9AWaa`O+t z2Tg>Xa)s1lW>?wW77lOg?sQeW5A7{wSLYOZHlWR7(PpNrjGTqj&iQU{U*_8b=ySQp zyM80uYPCy60*!*#Z8?;DcQr3QGnErkoI4ZF2Evf~2cR*W7Eh;dTHbS1o#mP(w(0cs zsoLsruza0v=zD5OdgDc)&KR%4b$V8joa`n=gwG__9gV%2sA={(67_DJe7#_qr5xa^ zy8zat_rGExChY7&;BBz_^6e}EJT^jV3)T6!(cqwIaItzooqu;U5rdF00)11z)d;>+ z^ooUyqLaBs-tJr6s1cR_Wl{wZF$r<^6gnkSvQ^%1@Cy(KdH`@5`AzDt$J61Re7p=H z@lx5tX*Tc*3QtT%C~lq7EZlHh_K-W2oup~WnSyUY65u(2uMPcaLhSVoU(?=*TdDb0 z1}@O@HjLoVvGgw5{+fBtX-wsR6RO)XH1gQkKQtWuHQ$pZyRrF{r7sOqr0&>h=%I_?9H8XrZh}s+r>a|8lnW~GW+C)TK(gI!kpskW%d;nGAMC_&4@9f< zRJz@0OM?cg|3w|TA)wZTnvVH)VP`xZ`?e0LVD6{0HjTTMnNT^X?%o_BpTKS|Ni>yt z#VC3vp5U|C10S8~-U&ph=?uO;$8IRA=A9Fnwx|{Dsi^g+yZ^-k3th!cODJ)@Vs&{m z+)F(e-!^!sjEI%rriT~^|w;S?Xqy6?7%Vr{jkgv^ zpb^nNXf-;^^TE;x#bikMtQ2e}H-pR@c#M#$H$PNQk$=gZ8KH1XC*t?rT`?OrL_N6H zqK=hBp#X_|^f{31^kV=xj8NrhJHX2B+2vHR&gUw~<@*KtaLS;n*=U--X#40X>d_?!ZbX$IsVqnNSmlvCRRM!pMVmksMDd zG_y%j4+2QW0ZY+#y$7uNYDG-EDeV{8Pl#kbqan;mZ|VHQAo5xw|=`QY`A)%l^u_e%*{v7x`~2* z3TD+GjTQ=LA!4<7Ju*;5x93a;r!hcFE059}+kDG}94Pcj-A=C?yfRU35aT@LUd%@_ zCpDgL3G62&aHE+ce&e{o1s z0Jh`H&NqlBp&|f<`UkHUAYgGx7}9_kW3~#Uf)A1Iq6Of3SX^ zn1(dS69>?UcUA_q1KJ|zk)-p=h!&t!v(r(=18icxl8finr(^8%H5rU7*i84{`7`mc zXzVou7m{KrNklwS>lb4ja_dvNA88as>j=dHd2XkUxjS1`W(V~=S_6ak1 zpT@O6d*6@a&!Xa}SnOuk@eS<^HMX1!gOo2`=)7tpe(8Gl0B0 zwo7WjnA7{VV;ANR2;|H29jk)gKsG_j_<(7aDhplZ+$`bT~(bdecveq6_hYD>T=w?gC*JKougoH_g8zraO!S(tfy1!3K?V!P-*GPo^e?-0r)`9PaT;*eI<9eyrZS zK{V>YH9(6F(G>JDezi^6_2bJIL9YYe{%s2PBYk)Cu&`6Ul^+$Nc^L0&l)dnEyPb5a z9D4IaRF(U_^fO`u@@O}f^#Zg1LyucZCM`Hsa{3TH{KF0Hp>_T`*Dp@+;ojI!|Gw(~ z(>YfJhW%h245Ag^Yg+|pXHI5jW_KZSA@V~Dkqm@rs`uU1R=V4Y$9uA%zg=fP^w6-d z90(+3W@g3?3>_~jE)GpjPR_=8|6oXy_OId+5?3Xzb`2!2UJZ~$z9b>3(qQ`Uw?{DDs^&e^Tmo6QKV$48Y64-Q719~zc+nkTVrse1zQ%qfBM&hu97-VZanhK zf0r{Rk_=PmVDF`1f+un)4UOI!%w%xg8Ei&o1Hut#zE})Z=l0u44 zNT~9?{o{9LXlPhS`17f|&j;p1pQ*Q_8IJGC29FfuLeEnFQPTUK{l>>4Z9dVQj#GH7 zb0-Xs!}dMl2gjg55)5UJY0ZxdKLQ^NL^W4gvUG(f==b&OS3egqF|kKzXj$7a@_ZJ&j4VFJz$8F2(A(6LmMiD1{#dQ>44mIz1 zKc6?>9G#x9@tokr(OWBef}VW%BJ=x~x>=+>aMASOo;Z2Q6XJ-o+9>NzlPaUS=mY%~u`6B~tt>5OJ)EmLoB`dN z8)Z7)B-Vz*KyG(Vr7GyepGgT^rXfpP8tTe%BE4YDKsjmF&UQ=hx@xpLfyqvUH^8ue zMKn72x_UCMDpfYQG<1#=^UWbo(IkI4cyLXJV=r`NFuh0G$?C;p0y10`Y1bTNKrQN# zvSqha%6-rU@w@zfqk~4UTD>seF z{5})&cS?S$=$mF6CFXqia`HP*!;9jG8lj}xT2&QVQK?Ucs62;C(lz^e-VHISa4e_O z(|&13rJJ`5#hUqiQnV#MCvwGasWGU2tm}m;K{pvWuKBJ&I5Jp9E^pJlA~!=R zvuRvj5_k5~ePWN=QRP0Lv1{ZVB25X+zz^>Fk}DkUtdik&z{Pk5YHC?Z>YCLb17Ep_bjuB4xev%()v zCqq9Ve||1E)c>j{zMuPw|G60<*ieCHT*?12RicStadExg+F*f0TVPK`qGIxlubO5` zULI{tZQgoNp|cKJPvA!K=7yq1oLu$Ao|M98BWQNa&DzTejz1|ZNzWAQ9`l%#8FrfL*f^V9Q3lsum@q`=TYrhN?bM&6p9o04!rBw$**?Pm>+Fq-%SBoo-q2Y0RSXS1$ z-Ao^;xWDn|g9lGA93bxQf85CroJiLPXr%dyNKa!`^tz4~G*fYkiVZ zEgM2CY2HS>@QWwKAZMTxK9po(iZE9TBlFS{Al@#fw)*;D%-eP`#hHCy~22Zkv{d5P0{ z9wl7m!89D=I*=9+ZnoU6%zx@$R2j0gDk2ehUp~?usmh(qIj~_V z9RjrOtYIK#Ql0x0pnd zlAtZ?Xod}O6~r|+k1=PZWPH~Cb=nFgJ=w-}uO(^mPlt5QNJvSw|M}#0$2NJx*BgJ` z~^JS7|oM5p)f7g}HdalV7J3-+7v0Y^S_6rQD`(h)L3YYi6mIv{Upj#AV4T zixea=u`WTl{b4O<(Nb;+`2fRVy9=#pq|(u)BU7fvm>f62GHi;hJuupTrXUxS zo+#aHP3HlTnEH%0@<~=t&oP+(Q8Rsf&1~spkT5s#`pRnzX%vCmPnyJhCvZ!$+3jvk zloiA!q3898OS9~)Vy5+0XE)aggFvPv20afIOCcv4&wXw^3$om>8;qw<9x*%Lo1Zi- zhsLszb@qS%IjyJ^6Wud&_d`=k$`E5xEYN zF-pX!(Zoyvc&(qBQ8{c{JkF*>ywRxUV9TE>oJrQBg)x3#uUuL3|TYwp@*=F3Q z7-?V6mj&reN@d*fgqv|Sc^j6vFzM!|<$jeVIqNmTP%)_H&u_C=y z7*OJIr|HoYABgYw|{2a4xH0AhLSEC4@LzK zsp;v_{i>@uW-9b4Dt#Ljf`4*4;Wgjdcv{h?dE-X1cheO(9PW@haVpFI{#0YCq^Kfg zriOgQPm^3aFgJ;*p_}rIFTt-zUe6IdbbcPbVfsnMxHC0fdZq*d&ztv*=uC`N@O8xC z-879!(2{OlerF|yPD9UcvPBS=krF*%M8(e>9k(Q_VhK-a28VBns)$SKwFebC>M(9!_3$xk!e4BH)om!pGv$4YGbTz& zrL9SSdl4mf%ZAA?!%en6C4;3}@tNwMPpBuwq!mv+aQ7w-fXj{*3sn^&tIG32b}w&s zcC0eJPoxm*pqq6H*>t{Vd@aR9=Z7!_Z|@s=QH06o^w+C(bS$s!_Kqrq!tN8Jzn^n2 z)${>P7{rhN-JlW@@z1~eV#Fnp|J57+d#PYh zR9gBQ%jK!LlD0NUM@Pqh@p!*9v>gSC;K~}e!ovOvJWr&zX^{2aZq1k z7J9RBR)?LS*zd{w@4XPx@29-+9~*xDOSb%vPx+sx_Fwyl{^!S0ny`n3tWS^b8+_ur%H(nA#=ZWWiL0aWF`{=wqLCLc4{ziBe1$ecL!{CdTjpa}APmMp^ixnxB zv2~DxPTSiPq@=ps#=i&rFe1YjNT$SAPI$gWpmgxa+KQHVATb-KNZ)D@v!B(~k3Qvh zsfta2cXL>dP8fqhjLe&g?>(x@vJk4Y_zs-ERwH`(TWT1L-#M?Mws>ee zCZF(pLu9x{RdQ2v;)A@Cy4Ks#E^Wt1Xi~hG!a;gGA^hk_lCU?Br+Na9y{D|Ea*{``=Gvvl>$T#+iSr^y&1#x zRDrqFS;JE%HZSmL!H=zTG9sFd7&4IL!zSd2ux5{J2>im!WLUcmDr5A#jVQP`9-9;{ zO4VwyrO0a74CI-;P}G{dvH&pKBsS5g%ZS6UT0^R~5Ui^rcA-0N^@h2>JJaIqfEVDh zzVy1Ti<%NF1E?s3EX!e--*z<1*@@Wl;Y#CCL{;j=Eu&#A_3fimdRMCSc#v*7A`bXO}h-(45S(Ja;T%R zyk4t;(ZSr$yv&d{GFU@u{5wlk;%pPoH6{m`Su78;EMAvYj+OjHqCC_VCv!6VL71A3 zz+5nKBB=y%US5T18)n4%T9szH%E9vB0$RP2PIb^k4i*5ZW+P6DnypC;gx%c=RO411 zGbe3Rl%Fr=lOq}Y-9=m)C7O;&^~5#8O3mHdqJ zP!}=#uul z-N6?%Fu=nUs)o2D>mi<-obg=m4T;q{KV0hno6)s-gTg_#I90Ft zKYMOc&RX=WAA7t~82c6E47X?S2{vy9XOEAtC5R$f+UK?$A0jp=)eMV*i{Sa@i)z^8 z<8b}_iBD1z`2k@`FYs|yY=AK>Umgo?Aq=e`2=asXM*)i2l z4I={vrO~25LIXlnjjo$u?J2!a-|4A&L4+(u8kJ3?A50$;L`l~#2@+G)*^CV2H!9Z+ zO1w^~@cmfV_kOal!s*b2N>Rd5j6G^aek4)M(2`zaeqg1xFHX|el0N@2@rth-w}gpl zscFSff327PMi(ueyaKnN8jAsG-QMuf>$VAK$wV`$y%Fz~Z#^HWii*nG8~qV~B8Poe z>cVgT$Y_b==jX%cTBH)kGv8YRPuIM)2-Do4X5W<)u|4@&d>6wVzK%Snuku#v`pn_E z3Am;11yNr!UBhLA&-RM=O-jW*a`dwm!tH)cDQd2dU@`HKv z@jRY)MbvM5@aGjy1(%b33<_gGkGF!3SFyq=>mXuB^}RyH0Q_dCozKC*R{s zwr_m)y#6))JkD(BN$F*Z(m=(V*SSgEwK;i9B*t>=n&d+6kXRTPN&O<@e{-$P zmYX7Gn3UqerDQJjsJyIDiGB1lMTq4dky3>BT+dDWMyV+3t+wQZ7N5626TP-Od+1_u z*c3VOTFB2tKBBGGPOK0XLSU~t(^oQG%Y;dze@mpc9oi6x}Xuo$(|5# zO|h08d|r>Zi%BWTVZb!(&B5Qb(4`LexUMqOa0tm472^|O2X^Qx1}rQ@G&3#l4tr&_NkTgC@?awujOGR=z@7rCJGct}CINf%3t* zK2d`BFTz=cIqKX%&Yv{3zI4rQjTrS<{Zo{~*Y@LD$ecz(GX;K#EtKA)DZlz%wRCV4 z!{S6!dHaZb(cQ>15Lr+{KdU7bV~{cZt{}1gx9lFfpEcwBw&rtHzQwVYuQ#6sL(j25 zoS!~OiIk`bOQ^Yu5VXn;Zhyc-VfTi;5w&h;Z8H#rDh`nx3eJUv&v+EZoNOquHeGsbao&Mzkc^u3HRt z%~KHrCY?feFB8ib!|~0%=2>GSmY52Nv#r*ZSn3u&%F1_}WsE8d>OSR+-eZCy+y{#3 zSBeQ;%Zyx0iM7=R+S5OHvOq9G1J`OSd%zg|GWq%nOdLf5t@S3I~c`YG4g@7Vp z+=ANdMCd>V63Ff53GPV6fYm3TQ?KN z$$?F@Eh+d`naz*6C1zrRd#TOg1-OqG8GoI2%m~;9`G%hPw*rb`)s~Xh9Ud-oW}k^N zb^<}dR5C56{V}*%OG{QQ_==>I`0DwRVDu#sRd2F8-Zguuhp58W;T$}@CJ^#uZ;t_2 z?^980c7@iIp?9EJN$iXVSn5j4F6dY%-gz}j{a+N<{o9efR^5c*#H7r58 z5wEgmzB{9x+{zG;Oyn@r)O@=i0fun0CaKg7J_nu`YdHGzI9+#yV{u`D@AI#iR8#3! zALt)LJm7>$ik~zCCIQV#lQ6tT%AthX+>rC|Xg}ruTrw#d`~Uw}g#TGe{6C7W|D7_y zDuI`mmPP<-9@mBFfyKS18m*K%7#tkbX!E`O&-ISi8RPKs!bj!nC&Zj)=>swUYK*`b zPM2?^q02cE;Z00g?8ZSL$o+IeLVm-Dr49t>Tun_)kz`Z3ie-${)zk`h{+*fB%im@x z!m681+U34~m!)18nkh26wQxiB>>$8yh5I8`nX@PXdcfdJM&YK%@^@^7W&W$2 zLOvrFGSBrLy|ac7}VlKecMRMOL>4pQkDIW_Y5^@6cYQ(t0LyRXTnVQ7Q&rBP{swYE$pU zz%6fN7v3|Wx9a8=z%tg+S~#ncnp)7%#%mFg%rv{E&J2Z{S$mw0@Ipxu z9cUErqt&kF-xD(MjSa&(E#$dYA3+HT2~vKiuOT5%SfG0xc94x1M#jchaInJVwgPDI zqV+H z7Lvoz+?E{CPB%x^51@zVteh_+HOkcPHuUcTJx({TDk$6W6@-2H+~T3tv~BG0}8(H+}-)2h0lqQ4qLBT z0K#Bc;eo6`87EBv=fu{_m$W7$q?(|sq@{<>6r7;Pch#MDC{a}*ZJT!9Ssfbv_${* z`%n{ImiGi`#M9HqzHt@Ru4%hKPha%Nmq*X%OcjSrK>YJ(E>81Nlkpr0U|kNJkRYL= z@?1gqEFJ+#lC@2<{^#TMQ_3OBRQjB*36?i!kT&DMLrR$J@ii+Y?t)z5f2 zpj*79s5<%Xu9ub1yEf1~sR#F`>dTk5wzfjY-S~W@I1>{SM4V<=+6{Ia#f6z`fXB@z z@}zD6*HSSJJ3DJW8D!jpwPh_WErA94t`DHm zKYl2F|Nech(hy~OdRpkDpX%-m7)j5*YmNCBxd`IM8EC8ut*xzTw0iR+QFtFAgZ@lr zHJ;6A^CNCfkwZd5x1G|@c4toq87mylrqxeJ?0vzwBA0&L)-ykT{Ah2x+im;PaJ^SE z_J)CBZ8ObYr1+Fb3W)KoHcbI1_>+p}6AV>VRpi;0)9ZFO+YT>dQTr7kEiJ7#^z?>j zJJY~&2mhQ64}wR#-Uj{S0RsaApA-CJG&_HWyzkYJJ{|#qgrp=Y5(%#z955UmD{FL2 zOpM;Fo0_)v5LL9$I}HsY-sR8u}SA>v{A*w=OJAzg{aTDP01n+dnWs z$-|QfggAC|U)OF$+b94Y9TlM4UEiMNMK2lgpa!5zCUA$xKM#uj+()upy8N34(@gSI zLy{DUSI;!NcwVjp*ke9AD}VDv1d*-?fIIrzkCk77eL*20-%S&n&$BzaZkyB+PwlX5 z46kQIqm&)n2UrhN-|i%gBh3{`I4=iydF+F%`&*}XU^CCn+VP0@qLF`!BAlK_qxpVb z_n_|fC{Zz_6l*?<7I>+9z|u!zx#D#wECN(N-`}|u$I}(Q1b!);=G8y}sJEH#%##9Z zG}w_D_eE`(i(V5`Qm#Zx%gSQix2&&@x^PoCOfisX!J)XKH!*Fu`}W@Z*8020$pF4~ znQ)xFoE>6q8*X%5zmG{Vu@!5ZI<5J7TM}+=ZaSB!Bz<29!W|8V)ZqGjA83wap`rlZ zXV$J~^ZD}`STE^HWY*Sbc4r5Qm5%S#hTjE=j-Lz*vi{d&xBI{zf%67Z(YN;7fN(1!lZ zG7!pTWojjeD?;7R&n}kTD7-EX&gk5L3TO@tYRUI{|8D0P7)MBW`0k0sm$B8Z;Np^! z^@23JweKb6|1?Ye3c@Dg^S)%Gq@-*qKTIdO&-{Yc*37~z-&CL+A;rYUi@Un=r199U z0XLo4FHTH!0tFQU;CoZ|+4u*FRaYoVTo{ntD;`^9>GI}TSqZT@g=5(Y@80<%IA=2| zE7@{#a{j45ZqWx4yqP>}aq*DGXLKz6Ko8cc*M?2P!)Dm|D3MkF0C5A+VbSy0Ah5Ew zu3Fr0KJF!XPC($;L!e%1yU5dexrUj@qKn}!n#+aaKEFm3d>E~?+8kC2~}+w7dA|Dom8zWWqRKlQfr zk#Sq}^wLhp^xCbZ<=F~XGa}RtQ6s>0$VGzPTxZ0AyChUT<})f4)=gyf%6#9j{@{Bd zWV)+uwC;%FLYHj~U+{=W^wB@5=){qdnO+C{2aW4E0Hj=Qi6W$&oT^2uP#V|57?JGj zy6IS0qDm@SQwjCGV~zWoc)(|l5FNe@`E+@@k&zMI880Dn9CD$4ptb_LZ-E5@P_ zt{&gk*4Lu~JEqI93n!&?b;;~o&R!tl)5-s?P>_QhOZ217tfLUEPG9Vp~ilp|wU5rt>>z_s)hJx?IEOYVL zc^U?jxy>HCDz>(?JVwX^Geq8P^19VwAp{cf6+J!uPoI;0dr+Fc|35jox$Hz(_to3` z=D2Tfp)NdP+J%0RH$73VmHVoQukr;wyZf>6NdxH)=4hK?HhwM8kxjP1Q{V=A5c(k zqG8^rav;&Nn3$)4_fq(s3lIV?BPH*No0Jqf5M2Pik~J>dnT@8;uOq2tXJ-qY&l%gy zRergTcc4PwL*hNNrj<<*Ti% zF;?GWOg-N#Q?+s(DWJ4EZ;hG))J<0;iAvKx>-{&Gw$huM8(&cDX)lTW5%9UBfB}SZ zIEAwh(J0!M^yhunsd9tU#-LvxKwJ^~2sgKitP0PCE6%5+q@+K%oc{dYrlz4e1`2Ls zZ?7bPkem9m0FB7EEbB1fD`u7Z<7pq-f0PfmixF?2Q|*gF^X1f6KJ+2QcYH1O2k>Kq z9&Zp2@AEe0p|GTqWTEly4Z`4yU5zW;Zey%7TH9W>Ltm?Q)?^% zEbF7~dlHaGMU=S|&i;Sw1wg3(=BLh3U3f{H8R4$OEWMYbFSn=G=14F?r@&Mbt zuYktOO)khI7n0$PjeM;aEr-vZKfmYCTN!SdZ5X?!0L-KVIg5lq_-qcRblqH?-WNrH zH*KFVLx(oj7OX2afVxKTA&S&+D3N(MQy4mS$2LAbzT`5idtZ~95qH16r(l^>oM?B=huUo)2lX ziRO)4aHSqc2%lrEU8z6@a}(vWod0~@74ng%XgPdjbjbe&F(=aBevnq1T<9B^J zCJJ-6g|+(J0Q!;!aT$&12b|Bp9>M8A8l0USdm<2p!uFk$#|DTW9fyv`OF&B6UU}BF^?Vyh6gWW}`_W-qRlN#?@C7pAuI!nH{7i~@ zrj)umAs{Wt&YITwKD)U^YdtZUOHkJvh@+8l2dZXaZAHUB5}(+x0;WsUb1fH=+i|R1 zT!BG40-y0&UQfpyfc8G?V!PKWr(0v@02|D$rx0?F0p_0tmKO-6xcP~8bKustetQT) z6!9$V+{>vU{X33(TA3mW5&?EEYydjNWGqv-vD|BJzwExgjb;db5MI9k#P&E020L%& z1L7ERb24;w91R)Ny+gVDlYoEfW=kmg5D!!*_u!vNQt9BIJ zr_p^RHPQwqj)|MwNs5Act%uQnGTnhK$)SDgH#b|NSt_k`ll5Pp)_^0H$f$(Fw;VUn zysirA{(RaT+fYzvU4zx{Z_pv?(-4QbLz=Y)EYOP?|GK1W+@rlyuQ|}s(`dVLm-4Ym z!W@>2zOgJ2nE&G1+dE?r7ol&f4No6;lS07kFMbGv^6;;s2$nUh6P-2(A20n0$Y`$L zeMQHzzZPqbf`g-abtw^?b#hwX8n~oS{wf2MB6DX#Y>$I;+?}YKJ|Tz*`S6c97?ZU* zW>P^k1A5RD{_4rE?d@zG7EUg%DGf@St{`mhU2WJJ3G5Q}&+rBpgUM->e~T;A z*5YgybUUj9>~Q;#UNOW1jgY17g555|xL=4}0$#vs?+nD`U;T>jJ_}vxxv!=`|7b~L zqeiQY=S7gE%XWU!NjJVirR5}TIb`$Y{q7feKwEzb*V&t^3IJl^`o0I{4Fo~fXWt|M z!9IwbJR|qLG;D%GJ?63o|_#05QkI+VXp%@!D%k z5H_Iew%l{y+Yz~0#hsj6`!x2{;*fA6pBgl4>pIN+k*&kISl}o`wUtoc8PSb9k0d zV$%=uJ|iH=maZe3weQ@Q$a#nVHE&kzx-wi&<}ZPj;;Y#*C%1`}3a7p=T*-(SE0Qr~L5 z1DTatbmk05$9AZ=>nu8}f5Xd|3-o3~xZ&P?KuGAF5Fq?#LJ9Lvm%uy1gkHm+YWFT@ z9Ym*t?hXO>42s6nuSb~yj}xNW*GGK}gIB6kfaL!=b#ISZ?`bhz{XFZJ2$g{8 zIKh2Fn|&wUm(+PfM&R{F@Vxbe9)nJ^|1ao+#8vW)9VQJD@)IX;5A5)~cLYAGBj5}~xffb2+GopC zCp7=*h5Ku01D?@RaoexI+VU5glLLI^cz>Sn00i(+Mdfii+NYmolD7|#@KUn_3E|tH zkfGPHthb{q$7xZ_O8`%iwb0ARb}8KfJVh}XUmVxJqX4iGLxIjkKCYGgb!mMclYFsn zwL*5d0R3+P9Jdx=g~yH1PWO2_`a9YpOH@&9>^`3ZqebMe83@>)>x1S~00P>l_cEYY zuOmcgiQiXN*&2>(+njT`Jbb6mwOXHpRjH_ z0TZU`vMny;IzsQo|F1+MyACEYR$QM>rgf9PPF$M;5bEx{mYvNDpKb@?gxk;s--SEk zoMl1?p-(d4iN=|XCOQB!tn||X8LP~HTw*AJ2QXmC0`07}0^SqgyE~8|*{!|1A7l*u zHML}uIf(jCIf|axwLV&yn}_1_xc*2%APYnif+h+?vNO3F%lNNbA?FV;=l?v;1^;GG z@y|W}SAQPh&A+c7en44;`LBBssGpm%e@g(KbASH?`cG*>(9>X~&8Yu%ABym$=YJ|X z+p3U-QHj3VmuFT333V~nb3xin@IR%7Hlbm+{C7!=MVb|=X56Slvr|(@Jg%q7N7nz; z-CysqB0G9|a*}pL``?dZEK>f5_I%%Y8`EJ=+uKXhgVYBWDAKs$oeYS7yU97^y=%)^ zZS~sqk7z#=56#yF>1=f0Z+PZ%~0RBO;?5G!D(nXD${Uh-0v-4y~5GG)Y zBrm8|XbyblSnd9M0X7HuE%rZcL_*~$>{$brigl*RDIEZ*Nw@EX`Fs6EZSopz051mE z1n3xI{_j@BL_J%kgy;Tfql53;Nk;v*uXsbO&CdYxKM2fNyvGf`Pes0l`ugAf{J_q; z-rp2ffKG1>ex&`UZ$#u5$(4yqwn1YX?{D{i-P9eQeV|7%CI3pCNp#40_Z+YnGOo;k zjSqWxN8*3_m2s9FwVL6+pVAIk=lHiI`xSZaKraQ2RyH@YUk3lx6+Az#Im-qQUeH4U zgSW-+jg6=Irl^B+Y#bazz+bz$y~SU6h5fJA_t!YDs*PH|*|a6ls1aPO!Tr}`5pnKw z5)g}w*uUzWao8OFui^$K`wTe?q7(INEsk?cIwJ%kZJ!+#rkQd>357OM{v82EYhEn8 zkEH7J(gz~YMC-bl9R(jTWBApBM4OJ*Kg}7%;OGlpE$gDV!B_pN@siY2Dk;tlu@=-j~Kdnguz1?CI z`9lJ&YiqxPu@wgQQ!7SaK0QUBL`v}`@z8bcaX$QSw@c3RntdRe=+m&f}rYMYLRr7Yh)c>6e~xnWmj4&HoOC`9|}!3C?T>+NaB(Tn_yGs(A+TlZjG8pb3NmKiOy&N$u_9d zQS58OJOo2#Gp5-ub<>yJcBcMmadA33eDe!vtEXOqoNCi=6&f|`=P*?ORl-O&?*0dV!P0BpkzQs-_Gh({v6OAvgkor#oPk+zQF4&m9^O&DOs{P0#GHRiHUH;v zIO^R~v<3}ZB3mNi5!s*L7V~Qhs3KL@+;$=XZI+P}C%d8CQ(U~QHHAe0qYsLgS%Okx_v65YNn>vSm=%o%2(| zfC6Q)gtnkC95(%9O1zAroAEs2ki<~I&vAuI3u#ok_`zYhL-sQUaiXN&2`;75nImp~ z+ja7k;TVafNF$_HvRW!!9)q|MH2YLTyRO)>1}Yv=@(UzZ*g565W!&L{xCUl&mR*`1 z@!1?T@}!auj+BYn7uBxVsy#Y`xUnDW>|WNVPc;^85mR|T8zs=Sg?M49(zIvSFe%L9 zs2?I*znM7h&QK{f>Wq$}UGPXBxU=}^u=u2Xmdr=Rz6v`1WhO2&**Z3wCri6>O<(46Q0< zVJ=pwe=d#)OW)8Uk%^^x7-ynIwiS*kZwSl8eW2b15{uO{YdNWCl}@3Pdbk8FfuPc7 zMTD93^nb0JG}vr`;uWq3e!>^06UK5I8r1-V$M{<-GKHSl|l zA%kC3?(9b)V#Tql32nm*ccjlW>42$2%D)X8bvu#zp*1WA@2w+2I~YY_riJ%W8m}Rp zjN>?`M$fo1IoQOZ~l7BRcM68tf^c=J+y|6aaD(_ObBySo; zmKd3M@sGxD*vW|DiN? zbSso$&!Rw8qcn4BIJobHZAlNv{1rQCCLsolU}B#YXU#x*+m)B!BkBr<`5{g2Z}H-S zh1UPVfFv@5kw;5{H}-3eJzNV23*7yKQ>!o4M1cm+vC zfl91Snjd)!9CCxdKr^AH48C2pJdMLQeI+MElGwLgQ4aCy^g-=r_&MyJ>`Iq4{Ov2h zR=3r-ID0_eQvMEP2p^r_7v-=*W@ASU>%7FIl77&vt2TN03Cyy!cU#r`irNe*W&W_T zGfE2HV|nB`2IX%YPFZ^49u5i9>)kr`!Xyfob(Wta#+LSmvrD#@!oSs1wI>FXi)Et} z+V~3huCEuvm`x{0;Q3&gvXprPzytTtYU1VE50L}uH97(_@KVTeJ?O)A`r*7r*mni6 z$;t{Tp8*vO&ytP358lArq=A8ria1CJeWuzzV(*DaBO_qQHN$)9CNop5Mr}#Fu848( z{f03F`jxzSfZAURTT&}`h#u6tLDAvx>(jxNo^GK0JzEzQkxAlN8Uql3>$%hM#LIgTd_b8l;-KeMCK2P&mZ_Csf~;*8d%3e!TiKOxb4CEVUv_1 z9+3Iz2n2t%G3HIn$tV4`yq|xf#zuSyD`Ns0#2?0*bWZ0$oxe3$rVWoWnQNpH`=q48 zl&6~4AqxK|;Db;|Y#x$~h?R+|bFM=~wKjL5(rD3HYp!_p50AXmY}qK4zbd1Ih9=}S z*@vh?TtaNi6$D0U8mmYaZA1B8j1>cH(#8vsQtU@yK@KIgDQ);PDv^PfdAPsnK&Ux? zC5NIZi)x#DsA5~pVUlEhFi4g^#H!$z2pgJcpX5riY|ZOoiXn>JZ!v_Pyq^q4h0OiV z5Wk^^^MmxLw;)ZzP4Ic*x|Pw<_}HKDY%8LthMc^G2D<4vIW1c@PCdrZn%$X~Xf?@$*rtd4zkfh)D4ESZj9E522K!o*pId4=n=$;o8`0j8JxtpP zL)mgm3ywsVS|MM3Oy4s*4WmXRz9b05Cf){Lk0ED}1dCQD(JtTjV=zp7B|4unM~X&DB+TmNnZ;55W#aEo0nJN&V(bEak+Nl}cc@jFCDbWnW%i)a z1HRG9^5!ZIlMc5KQNqR;+n&1Tniqd+C>bvmlAnlUSop}@`(3^Ux+L;0av~zwA`&lo zibe@m8SRx)bwWW|`D1S*#o`wJxI3z>`~qs@lIwED7qHutpTW!8>?*>2B+&Sd!`3#t zQcN{<63gq+T(Gk(?JpuO%nCYD?7D4ywNMh#rCyflUQ}N)YQpk)m084? z3^A!2u1RlT&^^c)?|J&)Q;f$>}c$GiE&(v#KxHyz-hpp4S#xiYQ9^xqIevh z77`GNUe3?`x~cffcsPa#-R8``WtRn_*DYLH1l&vV$k_ea+`7m;D1 zRz-By<3VIF56e!1jWSz7D;>!2R2Y~UZCF6n&(dI)c!tHK)kkCM5OCU0hyi#aoGFQ1 zMnW%=FhdKLAmS5HH$DZ{68mb8yfkfJ9&h`XZ-LQZIOqFTPY5IYWd<|4KzSEv+nHQWP@y+wBGc9&*yM_=sxv!6yhXl> z16biR3U(KWomEs)x!LKCq&@D*kx7axtZ@{z_I{^4v4CblUShK(KlSBFPnTU&H`LYeqtSUc; z)M|K~%g3*RvtnYamKA3XNtlfsPE(qWwvD;LHzX75 zRLi+19{h$KON>DW*kTzqKyv5nu-OdZ3LJ>ZPuS3d1F zOq?}QWQN+*IAw6o)||Ncpp2O$4bHJhE_aG`tTL|*xut#)%I-B+ECiwQXO`4r8Nt~d zQdF+16w;s%Xye_I2+_+8g)Bi&)p2f1cosZrzLoMBS9K(SB4{2uD7yM-^9P-Qr$(VS zS#iuaXnGs7umgO&S(o395!P6wiV9bc@UHa5a~5Odg-sg;rp25sXj}|m=jc#wAp)yW z`d4|e+difGnP4C4@+~d^6}w+8kq&%N<`d$@HXEa_ryOn;rq1eNnynveFN(iOK`yg=T_Hp%k>z9LA;hDVAuz zt3`UNOCDgwXodOLaF+d0hULe|YR;gS|FpymNAhhfGsZ%|=E%&Jw(RG9jEJY`3fO!@4%K*FTe$?%Kz1W zOCl>gkrw9S@!H-na`2Oxw%z)x!3;+c_lC$MBjM%sxZ^9j5FP{o%FP;bXKtXJwFJSN z&?#t5PcSHz1|~Q17qE6dj@uEWjfLeAAB^{NcldC3c-c|RwroZt3E_PPaFgUc_|e{B zGppI5DMlkI6eag+DQKd8rW$}P1mpY5Ydn>0h=~ILngH0aE(?PwGaO0ag=fIQnAFkO zlp9qDkAoZ=B#B7dMaLe~lyovi#q`X1`aaOmwfz!|}A-Xn{Q?m^lnR2P5{SdF=oM+d~VS zXg#No>xhk)YLoDhUWHclMd_V^{U)Zjnn(X~0dTT(*$~r{nkk#0Ms>$I#%dg%_ysmS z@9(b<8^KRA1u$QKn0VRt4XZC7-k-ni`8plxc&fL&!Joh8GuIj{d{EQ5sB3sLyRUsr z_pKZ`FdWrbnJtu_kkXF#jC-YH$hs2P=pi{-$5L58@TrdM@-PMC@Ggp$!i@BJcdFQ{ z-Z?6&Brw0dIb zcf1={zIGcXMtN)yHLhRlX*Xc=-wuGT_U1^2yp&&E$M?`|hzK=(nX}sD4SJGMf{d=T z>O#{xmxc=XLhQ`q_~*~AW@aF9G3a+L>@G~StaRv4OwUqvE7!7fCkd63v1^_Sz|P$^ zT{1lk1YXAq?BbG>07NB@nl8nxl^cRt>4Uu9Nd{)aL!@hbd|YpFg=s!-vcCr6c5a7uGngXU_y`-IyH z!R(I7mP%?-Vl;ED49A0A5RzHuSjVnT#a6_wE2N3yBNzf-u(Ahh(ECT zP6!60MQAL7+_tP8DDo2~RH$SY;^wCXnG0WHNx8KDbQdU7?=;Qb7S9ppS0b$ziz?C^iLEH^SAvm-=q~sHg2=PL<r`|@#dvB-1>N5B@1x275yR^wU z(3!uJN6S_moW|3j?G<9jhzh8?OS>yQL1}gL$B|C&=Ons3%*BJQVZP`)r(1ldmiw|% ziiatp%(i#Y%C{py)hZr8TvgEY`^$$%C|$!9T<_J_;UJQpCBHRmN6U<@qRjQahO(r_ zPqqzD9iahkTDk|GppIX@?bAa7Ui#?_%j+hq%99KquG`et`p}k_L=du)G;y`Rf{fm; zxd<28OXG6!s4%($7{O8Ro9< z-jtdR*&2?~4zt(71N8!nxpP9t8Pk^3o4hxP}qL!h1-TBI9 z)K3BwtU#6Y%bg#FC%BR^jC*EUh4Pu7h#D3w6Z0$9=9B*M_lqsS*vJ7#|KKkf6KjEL z_4yY9O?K?0!i|bFjhOQ1OKKCzM?678XAi%f%@8CH^z?4h860^lr6y=Vt@y9BPjV=R&vw^qoGAoeJqbfxEm7Nalo8db>lnyi6z1;b>YX&^QmPs9M^6y@cNklwH``5U# z`--3Sskl{aoe(z9f)eWVZ)_DY==C#}ln}){)t9!bZe+jrj(=>!3BOUDExPM_rHM{hSUAIFCfz3xRhJUVgo;zNVs3wQHVuv$r7K z@!;ZdB+oa${Tx5Ck)6BiTEmLo1}3v;YJ!|qQ1|!(%OYU>Sg&Z@#e%;3IdaH*<^B>U zB85_!{|=$%_Htp-J`^0b*Jv!S2XsIE|^cbLC`CO>cQ1FgOHkdp4kqKXieWk{T9nh)Wl z-QCecVrbKc_kDw1v&U=!`@~qtr-gbJH%Loxz3Ge(jH-(O^hOWhmnxwF(`! zK42Z@gq#GF`X4-HTLpH?Wt)qL8G@scbyFoW#Z3c{kDJK|L9#=dn~geB-|sJJd5VtJ zI3x}H3E_yrVOuTA)ci4tJ0+Ajt(AGXMp!t;j>?kgR!T@vcRHQ%swXt!I3Ud^^G z@hOt&*iLG-SQpzju>U>^6XBcU>r-H}A(g zh@qHOtwABwTy!H-1FB^9aH`NW}GBBVvm1wRb zY;%EIuR(NZf<{^AQmV5Kba6h~Fj=LE^SH=`mmBBIPo8LNJ@)t8cr}oVb^+8`fI*j$FAQc67|hN6h%_+CXPp zF?zwL7svZAFja9wasHOT7mi@z?V@%r;Ur2m$gX#O_*mp0ElY~iBk%uoxME(4O_uu< zAAzn(;UzCr{ggEP=XOQE*d64+-(s35mzUt1DTUZrmftp81LMj`#-|j72n9ayVj_amjfQXZySgYUXF-erx5OPCPp>CbBn)elXTsnk z0sgE!3?HJMBp0`ja-WFONA0Q>QYE_r@plQLLNT#((~gc+k5_hE{I@zQf)m4{pPcxI zgcmF!hlHOJU22Sfp8ys$G#=-#wC*c#&&7HZfweMKdxs0+8>fTIO$P9hHV^XT5oI|e zJHAM!l`>w31@=tymyYDB4W<^J`@FNg{gd~&w2*gghmQiy8at=6a{Eyy2iF}TPc0-( z8Cq@ob$7j}kJ}~`j(1vA%`4NBW|g+w-{COr2R6z#b07b#auP0qvPXROYx4`zr7$N7 z(x~muE4ntJte167T&%IpvJmFO!Oq>eH}~!{c+U^V{6()13rEg7cG`2uy1XwImg@Z^ z8tO_claewf+xtB;u^*qeCo{)wFdIi#@Sf(=`1&l$f8ml~^X&a&*=)=r_Z=xEh!=xoIfLk@JLd zPLZ&X(VF}t1Xq=*)KWJNl^ndL=-^ev*_5fH0&sC|4@!b(XKM_RSG~djIGx~HddXl0 zMp!6bOdmVm$yn<4gA|k1q#+oR;&4$h>lsI4ZCE|FB}@m(lCs6vi6&ph7kEJhO)(3! z-yY;q#n)w&l!1W;HgdpW0dxt)Xio7Zd@JaY6R~FJ%cV&I@Guk_;-!Uo3cc6Dtdrm* z;TDj}BLuowNKZtEgT)q};ikw<+O>Nh$yk=K`1sQq;d4qdSZ9>buqr_iyhCL2R$ysS ze%tkg4w;mZ8sZ8He)~hGLRBJ#C6Q$@`&477&^oY3XhBJ ziDkTMp%mKBzS(n}(CP2Y(Ntr6ygqOUFRXs4h7+y-|NiCXGkb^g)uAYJ>ghU9zt4WPbGy-8yx#Zo zOo;BkY6m0kPmz+e&W5w0E3is_FtgH5DbHs&s&{-aig;@B*fMH5u+7aFQUK=%9x~X1 z%$y4vhwZHK0juJxi>tEE>|1t`66^3?y}IxYkeMJ#OmB<7<`lUJDU{C=ilMN12BwQ1cr(?luWZ^den+x z)Jjrj%JQEqNuz86ANF`5K)-bv4PA{iHR-0Xijp-0MZ9kOsRz7T2VupMH)!D+8BjcPsFc8B_<)Ok6GV?r@s&;5`RlX{{6J4hvxtk)YO_sy zx5GTN)oh&jUR6V++})#+=#XT;*m5>=gW0|^i)^mNgGNdN2Ti{iaH; z6SCEf^y-=8sj%>?7iLUYz~~ZR{fGOXu{7QlU*;$Ks_~8SeV;?Ex}SUSmk+ac zGja)UP`aCZh(Ekq-;X|AfbV>gWH`%RMfAp`#c8T*Ro3c%EQ@mGR&H}dROmbq?QF8b z=Fq82ufwF%KYLbn4CqRld~rt90{QXxMNrV{utwY7U0&ga=r@DE4GKQ_&GB7-4`^7x zm^gTuizsURFoqq$)pjD&XuH&BTlZ#-Ds27c^6QO0sG(>)2;8pLLdr&VolkFLkWYrt zcl(Iran)=&Xcx-e_4>;*CcW_*_6}ZC<70+2Pe6tem64V1@hn_hl8e(@sY50g?!?M5 zJ-e-s-vy9zVzNSO_>rYk)0Cr3E(@+}wa;nX#%X0#`zeECs>+K3R9@2MwDfVlQWL(T zgZD`)>qWTj;pY9=;*;4(<_ zN}NT~3VDoMT_T{5#;AI5NtO|uzPH*p(H%XgEgTQ$`+F~a&!$S>p$?Iy*+P`4{i^f_ zozZxYUtKNXvN=Bmej0!;+5RQo7cPucGst_ACvKE%o2dxXE5_l0a%9e(s@UVCE!0JU&IDsZF#0q6CQ!9P7-1Bi9q**rHFukPa4v~B{Vv| za6mVed@-fSHj}i9;2cT6A;0ZJ&uw>lBnf_J04`;5q95}S_skSqF(-PuJeeY4A}c&) zJk58>{Igyv993HXxH872rIggloJ1XMhJI`5@f(MZ52CZv->0Z{f|0o0XJltX)4CE%1)Ev%@u4s*vJ{01cf^ysVkkJ>Ze+ z8sqTrtVzT-T$z34b+IQP)M_%9R2q3|y4YIUN8haoLp6<2i*qgcJnAqtFbm}Q!@~$f3;`kdX+G4SA7(;r>%8SesMv#yL5n9v$8QB z5Ph*dux|45`gGJh$KKy~0J^r$t78vIFr&pb)2h%en@k=Wz3&_xzwaJ|!>D$?(5Fk* zXoU90_%TnbQ}?3*@sal_Kp@*!TGWg%n*Ry%6%O;d#;Mi(6DVY^($?c)wRNH8DJ7}J z!+=4p{5@a zcRoFEoPI*(yhwUobsZvH?C^o1K|J3Ho54NRZcesZsBd|>yZO`N^7=BzQdM(QK!7r8 z$$+CWmonOu8)aq!HF43HR7k>(L%UobJ%*|%!ZoIYWD>LCH@+j|w&8ZZu z5h=<3Zjwz6X1hctuUxOeI)e;Jkco-%M4#Xo^p#EGH%ZIzd`zX)rrW2|xn##uY;J=A zB4rYp$(4qw+RtOz9JJ4Cp@v8F140C3mIlQ{x&&L^E z&x+@mZzY;WnT8T8! z0$BFQ{1B-6_A*9IwMrnsQ^5V>MyC(LMn_lH^ZCZG?S4+x`PK=pYIP@+?%VK(G{lJ= zB|@!<U%lznfs#id`ccQv!dbxs*vUYZI!;qtT7*4b-> z0$`{6)6Maxi`2Cn4jS^ux(|KJ3*$)wc~0UNG^>}=0vrNL1#KX(d6S~cM?_jvFevwz zBfj<)d*rZaI()X?oT`lh6404JoYPMcr>EPE#J26aqN^6T=uN9!(6*~<^VJXTdDLB# z=FjZTbXzM;S*+wd=q<2WQKnTb0UR$iCAuZtcyX#9dh|pogv!UFZxh&W8Euqd=Elb80}}HwxhKVLfrG#5 zT*52!s1STcuU#wZ&3}ZZ72OssSUy@Vi@$P;qp(Ysh_q;T!<@LJhR*vO09#I%Un9hr z(n!$9i4|R`RHz?fJe&{ID0itNH(DZwXvZ|1wQ+2`A3*1{xTBWX3YAF){fmtnnZMZ~ z_)_}`u2R26XE|5zopZbYGv#HWq|{P z(0^IV{};&e|0ni({=XD|=W%C9(-9zT2q!?k|1W-bsKs^T=W~G0Vag5n596E3##poP zpP&Dab$Z+89Eg@k|A(?4YVrSHuKlc<4VH8NL<`s{p{(MA__?G8MjmI=D}_ho!;%WQ zmSmARcTtexWrR6sPyIowu4nnuzujW~G@o6bO%R!k35KDY`et~FGN%x)U#^=))CXN53YYnj=p$~FSbYzs}E}%W~_jGng2ZU3o00b*!JH^-B zN9fbuqgd3k(aJ-@1cvOdrF4EJ>kT^tBxg6 zy3zay6%?95E*2vVwq1hdF?#T^=|_5}(_r(MPbprB$p{8S!Knyg7W8Bb zxtj-JjprrFq^V;{cW6J$4D zsL7x#5x1yUo5?mKy^jFRx8g;>UktH&t zW`Iv|Boy?ODYVdWHx?(zJW$ykvrQ7Y-Y{Ho=}TS#6Ac0tS%`@#lN7>IsF3^*qs5;t zu>D$3O*v{`Op2)D`Gn|%Xfw!?7!~Zlr6{bLqeyB<+J+Ly#4(VDu_jT`8sReem#bCX ze>c>oC_%rholjO(qQ!W;t@7mq4tE9O35imqWgjwAn9reC6=ueXX(0 zdlGtMV(QmTUHXK7x)!K7L9OvN8B-Pbqh15xd_u%=6u7fFvHj{v;;(_C^7J`o-jZQ8 zTT2R;BfCRCR^8)kA*cnv9hwe5FvU8c27M?}&)$6q3=cOL2oq(E&laNB5@bW;<>;@E z6B(*sU>-1p;DA3L0=5sUG$u($9JN7PY+`a`uH8sA%pVR0ccNP-V#^nFF)K3k}Zs%`v`;>g0zC3opB*Lhh zB3niif_A7cwPS%oBq;aD1i>r%)Ox7s$+_$poi(17ue&?Q-EQ-M8eh6JE8dQuj#D#7 z%Md?z-8MC;G3Z{NA7c`%XyD_mYItA4T~t;!KTI6oSvGLHZBUfLVYIh-yvD7R1q4() zKd9V3)nO{Dm3MWtx*zDf*dN5roouWr@jb((mCYU7l{HmbEFbJMC{OA-xZma^vRWQx z>8!bJ*p-0?fX{8L`#3ZdUBJza1CcY_f8=kk(7oqIFIIH%%MnzYHeSPy!?#!)H*~%4 z{n6)co9rqP;1N_o{EtD$sSwI)UfUDLRgjQn0V{;1wx=g0KHHssnl`I{|5eAKO1R9g zUV&g;x$bcpew=#Z%ho7XrKxb{et$bR4*s_~d2fz+6v%(M09SBUrF@thx@)>XhL@F# za$W6>gNdG=|GZ~yq}OnP3R3lDldnK{yE{LoczP;T zZF+NU9$~1gbi1#Z)BDV;+EHpJdW(90hUWQt?X|1g&^CwFtJ z!oknVsCbXLq3P}T9|0Q8l}((NRCalqy&_eW+-bkbyHsH1^b#;#O>01vOcP_Cf_vHW&&boBVX)b=jVb?i0yKG_{p!WcuLahl@esRq*KhW%5Zl-0fF1uws?x5UR|f&t5f)C0O7}C z3U&kfpjKSO@(y94U10uvcfR4r5(Z>N%({GfiNg!RwS!$!u7lllx7fJ!YmaVhiZz|N zi^}uLxAv3QM<#CP!{wbuZH|LydsMGKr-x84`ZuR-X5t5vSy`{Rkz#R^efMI~U9MiN zJ_17%;5>BCcjD4)*AX+(m@$HN7}b{>y2GsH+B zOiWy?iU2>d3zzX}U3fA|_wjZm&zIL{9P_Ld$p6OA{k~+Cm!$V>{lc$z_Ry9GBy<8@ zab;e=i|0*GH|Y^{+(ol!Wf0=~-X~1c*!i+^d;75BWbm|QeYx=eUS;FkeuAyyc=xN*A3 z4#Y#&ecW$GRzk=xhNh?6sycZ++)?@rhmIfGs-(Ahe7S!F)3kcCvjIQ#aN>+^hcJxEX|6 zVPhqVx2Y5z-eW1|ZLPq!@xkgZo+x?nU*8Z6*r(RN;1n7tmMxSdaJj=I6J$7l-Cn`M zTD*mnO^Cy+!`X6B@Un!~&$zCNWzJgcH_13||m&x||@wRzzLxE4)>F4Xrpp@22S+f4= zc-&!@iDQ*<2e#%aTQ2^Fuv(;Ub58JTt?T{`J0yFh8}F)q-`MB_a-j|R7RuSxU^7Wa zq}u4~>o2p>qL#82dK%*TP~>XZA&Jl(!ynyU4~uQ&P0O0IdA9@S77cqkYtm`Pb(zSu zE9}7sL)xwlFn^fsar%Ng(QmQEc@6TU4Hh2J%n-BD#$~Z`;iWPAIqs~{;6Q=S)aQ6< z>2%MNXUzGlx}BR1m64WrvT%f1QZhIIAVVtIFgqOY>@-ZRC?t@XX!vR5Avc<9>y!>< z&qKo;?=)BAS(>t~oAx@lONfr=tJV!Z=ab@MsGm!xlSgT3IVO#s5SFE2{){srw_QtV zCuCb)mOgW+F=7kr*jHpZ5K~daAk*J|+5+M1Py%Px39m7${YHFPf+8E9(-}<6`33jZ z^~!GwY_1@zf2?bu8?2@stIhw^9xPWeTaeVY`-)PfqbIa8^nIx?6-*<7y13Rd#~S%bkC+U&n_%=XEW|S!g-6fKS`{SrmWumjh}y6Y2Um` ztNHl4gMsJNB%&fHA&Ai+!LR|{aN?UgTHDWfz+dNQfulw$>6B6^p`z`*!C5onfxqlD zDIN?Qg{FdyRq#g#`UEYerrZ@?H}_=wMH#zjA`g#)@Lf6p+M#w+o91F zs1M|cx8QfKjvjB!X&s`n3Mt7L*YyN+(mM{h29o-E9a}EUJC@&8B}({gr>!XJXEsyC z5-l{aM8$gc22C?D;{u(yv|m~!NGy!tKOe6RD7FndO-lT^;_cc&X-gpRG@IjHJt1s_ zNJ)fv(Mnw-*s|8O)mO(bUPBMH55gjcWWQxhR<1gr#H{+3Rw&^zFc9Q$WkCNECdtIz zB$plGLm#VsJH{K^O2V$GsD{c|p|*;Ig1?E*b4R6QHE&io_(-}>>=c`jKaH-sEW?q~ z9Jr7#FF9Le9z+sLGH#KD@~)GSMlcy6O<#Y0e)_!y29K(C+iy_~gGHB@>yeB(+muiAqI9!TXr}YJ?WN@+;DDz{Hm~RQrb{u#F501qM|DK^*r9? zVgU{~`m=xVA*;G%YrZCpiK0WWVAhr~=MjR2PK@b1E6SHSqhup=+1CZvFOUZN+(8LN zYYrS^)I|$X*sYOPpBg(P)I(en}O_ z){TSIS)TrhQd}FTsx6O*Gg>*;JPv94?$Y}EGATKKjMNRJX$aC{l!k{5?jQ(g?=9!B zcu9Mg0gijzhY+1FLJhpRnnQ3dr=`f!$P3n@!M+LkA%}?mm_7NW>n&-*5${L2obS~l z^GO`WUAk=`SHLh=AvI(^_HVrB(vD=#DADx`mRaGNF{P(~?JIAKkq0WtS|1^1EVYr( zecvUjz>0r)AWPWIh)y$N9IEP$W3-i(=Kg{-9(aNHQ?^sih2hSfOzMyB?t06Nwy~!! zgT*dekT$9E{VCB9gh>YB#qTHfo(*QZ{A#J{Zb?0PQ zCCq>T^AVG#iqSgBlw!~nM&LC#NNd!hW!^Y=1YzxN@3hDEp}7LStR)c&0GYd`b-@QsLq^?+8u)q^jVFfWFlV*0i_Rr%sqq~I5=G)cetT}LcsoxN;G=m*YBwIp zXDQfUUWdnG$-V~-xG`O$#HB76cM|CpuJl)V+-$S2jda&r{-!WelxYgnb3GD0b7=ZD zl*h%QTe-iTud^-dNBG3)6PLR{Vhf_E$`jm4bu^A_)yrFnIJ|+U9U7=iL6a)}l~O5} zcNpsosh_-u1O=)bM@1nX?&Az{IcD?z5DJ$HPd6xdBpcKn3gr z>ppW*fQVPqqsc>}|X7Y)Nz|J(8TLMT6y&4w3S^-DpH=At-McQFSVHu-UkbkoB z|FrkjL2`GKXOO{N0|XBqToOVc3GOmjaG${7FgQ$b zciZOo`@Vbc-umwDt^IGewyV0jtLyF4e$M-z^YruFPkSQ)aY4D4B~}0U%+QJVeK^&_ zxbUw1&M1$%c@|6q`E(*mqDk*g&1kk>2w3(!R5QI3QYe)FTk15thx*_6t?~a!mtBDc z2>IxsgwpO*gnFj`iv|FjBr&lL#y>@jiqQYbr#+7LPZ1;Af73e^Hnyq8(B@%N&eYx} z`kMt?bD%+KN5o;Sahef03@{Z@y7m7}O#R=s`fn<#z*Rs${KcmP@JX%$Y!5dTH~9qx z=g3|E+UdopJM%qs(Es!-Me-rWxrZHv+6TS2w3ED1ZaHwNC0XG3P1-mF+`-5YiHBJGMpgnl_JElE7{c z18(3IHJ3n3nagi=--d4DZ}|5Cv!itne2Afb^u>jZ2)S^xLxImG0a3Y7polB z{xWig^ANsXIdNSaFp>7&C8U+U!5>TNP0orf_t<@6r}G8t_XmX0-u@zoyG(Ty83%{& zrPa;RI(TR95QI2wtuqQ4=GsH^^FBHkZjUn(a-z%r-sjO!U22eARfI{42nFpIAg? z*L32Xhq91vZF`}l`07u6PWk1MJm>~{?xJexSBrnBfk*pjK98O5_L&@%0@bpV6)*`` zU6#$BynJ-34{BqOx!~#TgrW40ZlFI)TNW06anwkbM-6ff5B!YTU;hQ4YVgaPrP6Z; zCCMByJ06XtJ3<?g-v}fk zS5ZCsx(uGy4^cT7WvlNY`Md9NjjltDZk8w|4A1oZy>AVCFAD+|Qd*jN5*G=@$hT2j zF?5axp!u>0Iu%K{OMsZPH0t*1)d>TrXWzjXaf00PJE5Z2K4np>NBH@inZ;yRdM?T5 zbc%%8C^7)%b0Z!lXic)q{&*(F!LU8nOu+*gh4Gu{k_?`^4g zI1xJDY^s197aqTgiu~c@vDeY;r^s-N?SHO{-gWD%y~Tuk@X~?=?HM9R%m;mE zt~!MxL&eFWAo$~!=NhJ==OQqhFc4-0iVf}*i&LP_R{K%Rd~~6e@umjB_s!Vqt+&m+ zM|Q+LoFw3lXZPScPeC^~D`&o!n3wYx;er`C3sb0U^UW!hselE3l-A*g@S;FOH{5Z! zF?QR<`TL;CwNce=b8iVa+hsq)VX6uR$@V^@9||}o=yixKcRH2Mo{<>*z&CGl%VxFM zmgBWsd@AODY9@JlXf-9}7JWJ|rchnb3ul;lXop(A9W{rq$q&7-l3o>Uk?QN*Rw;9s zr_XPe^005!%U)pJ+r*(crH4av&gE`P zj?a+qui+7McymGhEpJv7TAi%~%$+jHh;H@hLn5u1Kk?@K^(g^QJ^I-}480w*351Mk z_oyiC?V(Py)B$Gq&tl0M58vj1wesS3-La0oIQX*hGZUD+hK&!@yM)IsVQaJe)yuE8 ze6EPykyegZhhH;c9)xho>Zo<3%HbIS$O~{yyVC>9@as&9oa;CAbq?taI}H?lf|*$j z89oCX#*whyri_nKRS`q}Zb_y#*fP_nAXq-bVj2UqNn`~k;tZFnrwI7`IOA@VZYGc=5_9y<% zb|W?>9S~Ir@ZCxGP0hDdNuuD(T%K`p-1&W*>-XoNeNb(}SKd5rXS!{tiLc^v-2w2! z>Hz7h-^~OK5tdJh-`14O{?M!LsiXFs!=r1D_e1ie9_4=C5?v`q`(r6&-Gx3=O}2uL z8ihN&!7zM~fo5jL1^HR%yu1G|2P+1C;Tt7wA3t3SWL?yc9~^bsiXzV6Lx z?ZWolNXw!{-U=8gqU)h4AMW3riZxp>{F>jjJQUsCpAV?+Daxim^<`Y8VN(^G94A@Vkw*Tm(aWe){o@zzp(-aW@LnaE zl@DyYG@=@=yy?|W-Mlr*+b9Gf+-YdGbBM=LY4hYtY)I3w7E%`Rk-s{N&1ka!$gUk> zjEEF|F0a|WR-CceUn=HLzLT+HYISoa6E5AH;aA+GB{jXUqoi)Uy@(kAU)Av{5Gg<3 zLUmv_n{V_6jvGP0TrjVtFbp1sL}i5$ID~BI{oF)p%_F;D0{oK=yYku7;w~qdZTt>b z5w|UMv0+QEOm_NA`QJ*-N?r5Mi1nhdV;wKHbd(v+<1hk1(hh6{@e;jKFoxw{ zN|+2S=QPq{z9H=a;;jcw>?@`L(V5Fs78;4#|0^S-{z`qCmL&I07V2^Nzc9X z4rn>>d8#_Ik)H1L2&xzl8s2NkVLRC|IZRWTYPo$8qip{xZ)vuE)zz#a>M{pf;lSp5 zd_&V%eru+j0h?-4!|e(0xhQi=_v4f9FM+8z?`7@RudH-oPfhq9M6TQ)Iv7h~t5@hO zKb>Cy{&z*)%}r($Zos=2PbX3Pw3F3c(sQ*gTZyJ+HSzk=>y~oMa~c)F(<&9aw*~j_ zSrf$eLVc_S?RCo6>`av$-(MZ71r9dow>9UP89VP4bfEa5{+zK7@N($a>=1>E^Ib+}A_HcaJUU(aE0 zJS?DV@|<5Uk|zgy=N>ODD`Xe7WK`?9PyEfE>1j&^x7X3|tMiM^ z($c!?O1Lyeou%`qJ1Gpf^rhk(##z&!vk}0^2^S^ix1vIO)-I6mzGHdm&8;8VgDf7{$ZxX^A|0^n7o)UoxvNfSUGaukr>2|UC;CnY128om+QLZQddPlQo*Z)-FW;5WrwBHcE+s@#3##JxD&fj=_#9@8r0}GS)`OrwMRGPWrNeS zCcA8~S(rrCHSoZQBv~kNm2Z*QDH)R7gfGV>3fx48C_>kH{(DD#sD1(}=XzD|6Uezu z)bXNgJ?cF~cQRXLK_XRjT^RWz(mz9a?lUQ9cJD`Rp8_IM7fIEUqVt^c1(EQNVud8K zVC4*xuP^rK+_mv8SMtMPAq;6hDdW~e+$I`!%u3%S9EUA8Vl|Ca#wlqxj@cWb~<@cfn?)A7wZqur`{p^%-bh$mOHuaP`DeN5ky2Lz%=5em! zritvX6jw#>fXaaqcT@ z@wWg&>O!3O**JvO0(e4SP}WkSO36CQ-aPX7EKC}VE}!GC*~0n0{|{m0hX6jP`s*F@ zaiuqNedta^BkP15(bUKMOi-`oF7>%@WL4|=VxLw=tY38u?tfYkDtquV&O1IXPwZu} zY{ASoo%^HIIJcKZt+n>l`*E6Uiv%-|kXTq`?RDTva5-quQ2QQJ#;L({HI2 zowLGUaRhh@TFgO~ej^#V=93?R>%hdSK|FpSIUp;SipTLLJean0>{qF`oC}x7Y9Ms> z$>2kNTOfVeTAd0xB2&f)l?v@#5o^C7i!c#T;K(vQso~rtWs|D77hPCLprM@3d=x6i zLazK3{5Hξ3rTpGn4JTV?8{bpi4T*PB20S3ZjHh<+tK5zr5|(_XBWI2*r$OF&C4kCsCW zHPOa1Pk9PvHsU5Ed%EDZ_0md&BhXk`L(^$`|H%#wuZxOY6&Qa3Is*nIC5C;zBvv`z*fX>Zodh@B^-povkO5TZTD} zA?ay?v_Uj=%TZ5Wehjr5rpEiB?=!4zhhT}8!h3zO%{Y}116DQ>zn?fV4@yqT4Wh=# zEeiu612a*btEO*NlgWkq>rQ;LIukeip5aHml;{$Dyjw$=tR+>${X-FVM*Hy>y}0+Q zLVH_rCWgu-tU4fJ%Dfj>)2nk2#`rCaM;(hK3JFWP{_&a5f8_WhLL>K5LHAu!u!!ao zsVnYxHQnR5FQkIpTnE`IQ&6HK-hkj+5Ao0ARBw~0vUFb;BEKG(R`|EJT)$VT?EzD3 z-7skcllyaZZ>}ZDzwREQN~UIGa(<;JB*4Y-hW&z0*F<4*<98Nhp=%hoRSb@3-RKw<()Ny4J*keWdbpsAxn&$oEw>Hwl*pXAN_)(HQ|Sts0lNYbm8?R$@MuAu=5&K{?6v zf^La9Un8uFRDiwvlDdQLVieMi1Mcote6sZZ<9q}}oK?6*i8h8NUuX7ScX+wsqc$X+I8HNPH#+rqzUiyJ6B#@?lPaqWQBGLAPnVDv>_DK<@Wy7YKbL#< zvplld_l@*`fX&brW+>N?Y3K(q*xzmBX_x^aPGdhyAt#MmsxU3-=e#1kA~B`M2%&B; z+|5h}`uzSRLAA4j4A=WeNhJ<$t687ERQ>N|r4$rz$&xf=scRp!$7!;e@Fz-4;Rk(o zI``!9p627|X9UCKDQo_8_#Lo_9QPH$AB&c+-G}(lpOncIWLR~6mZ6<*u0qa1Q}uYT zoEg*!+s1?WMS6$Di0+UtW1&M~O$Vh)a!^v%8q{JMukzsMKJN}yY;ihY+=28ctFb+O znn-jci0P?#RioEyGM(p>TldH`F!O0f+;@t2#U|Z!v(magyRG)c%Jjt{-(`9wARnX>9`e^foQjWwb1-mJ_l+C zLf;&HrxPbE>y@Y>3IT7Iys03Ti*B<{wFZb^gz1MWBO3VYg!miw4*JC9`qa=A>p0o% zi!p;>CzkrQwvsTpIbYk6Gu8`_JMZy{qw&&$XN(KkCAvU^?UEb6KpfwzsO>NnJ0wS-Ae9#qrCsvxY;erFOQ=)&)1@y~k2sE&UlJLcfzx65&dDgXZY=h##i{N4m6lrH@y z-Dg!CZu^c3`5j*NJutH3JNcG^-N3m~z1Yv9H*CE7x;&Pp_+#lIA4BR$N7_5~ZM3np ze0Rv_7USv=m@UFP&!x(L!$7AeUS{>gUMb2H)L9`7QacxP@&cM{b(SqrT^6I?;ZzSc zMKbV$Q%#zCg!9g|c~dgJ5j5`#Y~l4fq0YA??pK=atf{M-EO_#Q6B5S!qJ_S>W`MBp zes08Ebg}>av04G>i$^Yf_8QXW+Ebw9531%`@0Jc4Q|;RAf@<}XE!0*p$u7=GbSQpC zyP}n7!DbzWEz>VpbY$B1W~Zp!K7Io<8@cu2tm~_fMoYA88|>df|Cf!r^28{{xbVulaVhDAywkSijQ|gUCGx&McVn5*l}N{ zX5BAff5Shp3D?)f?-ta=N?8_Ba>?u&{Na^^nHqzWA0b9nD+W8PcwDMzxA}7dnob$| zq7q@++_p<*Bc0_rv}>cGM#<~{XHi`>Phi_UNGy%kOf^c{;pND>+BuJSqCmv8yANdf z`*?AJNsG$r0JwxJb-M(V=D8e7P2!cqKIGIMcR|L6j{&3q{X-?2HwuEEwFy5muyCEh zv1pRtjO0RR%@ZG@zHC2B2*}( zKAv7BJos2O7Ac!ETVmvYYpE`;4Y7J_gRQg*#+G+L{@_gZ%NyBA)*LE zrX$Lj7F}6*APuox8s%>NOv~EQ)C+=few~MRCzk4a)QUmU%_dLi5+~7<#?C;L&otKZ zATNbcwAy4ZLKAKD1^zr`w@sn3(ik%4Zw6_u`gym5Ylkp(Kqd0yyYU)mEbYup8!9IP z>cmByKYgFwM(PkNM%(D0!(I-yvwV}7BJ2!=wsib33RwT(9H%zg$VI|BbI2cN&@jck z%D{T$oY7z#w74+lJhJ1cwm$IZrG3M>r(Sz%^i0T9_X!LmavwXgX#ShbRH;dHVa(xL zseI0Nx?#R9s$j?v-Kn`Tv@u_rosY zMPkhOx4tb$Eo!{v<0%6uSj@rY+*y#RIDE_QZVjEjvZ}Jdw234o>C>ogi+5rWU$0Dq z_>=C$g}b5qQA=e%NCrkO-IKHh0Y|O>Gi3#$V=5W!{v^mf=Ei$#BOT%SRc7P4s5my% zRXpRG8<#wvzwAtA7LRh<%OFs#Rf?mWRL;^JWa3MC%Vbc?y6ctsn}CF~J<}Iz#Y-O@ z3t_{7bYazOa%&@-i%jEOsmSBpSeHl8@GwN9yKQ+a1!S$lbzJs>PF9aMB6*A5!G}LN zq4BIomG=(F2d8Yeu{4|HyK8@(Gk#>wr(=$W+XL6tz|v6>hiNL1$!a3?Wd=v#b!)|b z5Lmv9dgP;}WxsiRU0}M(pYD#Vz`FYgXX}teD(6FbCrLrQwWT6&g-XTnc3#Y7x2rb! z^ zUkg~sWzQYfK6rfx(*UN4e@A6}{|m?gAQ}EE%*J0?uzv}j2>dZdU|gLEax$%c0pL%7 zNk?E)q#hyucdD%-`TxYWrb6k&@|^$>AehvDF$3ttG#NTnw^Q7ikC&JY1+>9*w;w|R z;LKeH^aq*I!(TPqG=>uJe`d-4%Bb~Re&`}~A>CaL@OAoI`DFVkjiy|c zLc?|;0A|ESt?6?5lCMa;QV|c)b!-+&_6Us8A9aQbSRbyk3Bd@AG$C0S<5q0%IJwuL z}ZjOZNKeD_yNVH z$ne>Q+6By2JJ2w{qDODKiZwBRojVy#CDKuUc(FacSVeEG+I} zUl=MkC}yx(EWZ6cB0m37j0#W&La&@<{V0?t!|t@H1(oSh+_0zUN5cziFjGosO%NI^ zqZvMHj8SUZ`MpWNaka0^-Q8a9%9=bg$#2+LVK=%b!L!kz&Fw+S;sKm6CZ@>Ay(VV- zuX*z}K(>kHEg9z6^F-@(EO}ZISL{b*Z^_=hbUg3KbOZNcl^0-r=$STEbzmDUy?vHe z-kJ(C(J@VTQR%_T$F%U$STEt^DCbAnPbMeH_wo~1cey}Clu9_zB4eNeRbcHlJ%v=+egcKmh`r7Ro5_<%%5o} z(Hng0kc!GLh3YUd;g(Agx=dzeMgOGztKZ@?HYVEstC%dW$<9}~#5r_oAXNglySmrg zAT-g$-D12TgB);D8)~b{(5JXE%9J7)HkuzGV~#ww&Ww|7yK+YvO2CHg3n3}OLiVoZ zKQ{R3$Em+d1b}j(teh>;@3JRlQdjw5i5f{{?;y{0ZAXTg(}1(6+^A|x0O8=g=I0Lc zrgV0LVq-yx5?dx&&i!%cviMTHRZ=jsUE;_*FAuI=9I+)>7ZIBKtI9CW=GL!| z0)S)=y&|G15%c{?lR&v8yr&_*5Bad%J_As;o&8-yD0M^xWbpsJl<^5hMj}rPZ2nzQ z3q&uPZFiql43fXxqMQ6D;J<@A2PypQ-`DYcVy^yZerhXW+`|s)o^ws|r z&Rml*S8Rk;6Ootls;-bGBD_bOpZQ_K=rrBNc=ahcl6-rFjUZExAw4{tySKrhL%)ms zr^uRD^K*C{>4ZVUM|6mB>2GO=XJZBH9i!M%zCbsNh`4?|Qo5L*v1P*&$ht4j6cWV& z4w@6lF3UFW!hJ3eetL_1RHm4y(BdwkQ9UumQchHe$OB3j{mhJSqkWuKIQl}oBmzM_G*$CC#oSYtZq=QsVopOR=Q|mZ5JsE3qD(2d_hY1T z)aNN?>&~MRPks69uB!GxOQMk&>_>?{70i#fI$U+pWrd92Hvw@@34mQfi+`H)2bSfi zuNgEJDZwP5B>z*m7#$dVh=hE9fN>Eoyu z;u_Cp-BX*4vpm3&;z}whW%A}(To@~obN3$Yj3m5X=VcPSxI}+QeHQiAKn9Me=5N6 zaGg+MKorMg*q&62SDAiT+0WFWF_!b=`izq9i4wk{+)9jb`Wkb526&IN@1A0JNd1pA z6H_%cO-K8d*BA&Pr|WRXY%0Bq43c`_JNW?QtnJ(K7bWm=J)i!1Ejvv!BqEGg3vN=h zmQR$uTnz--4f6%&zM7<7keBk#qHg*uuZx~^l!&hU+xW)&Gf=uW^`T!Ydm~EY@scYH zr)f5S$Iwl6(9zKr6T(O1p;!37bni6osYDh^z7kl7Hm8ApaGDO=j>m&w)@n@x&5zzh z#5yceGR$rgc$=)`#M_gM*5`P7V*9^Y6h}=AuDsyp1B*uNd-|qZ9j8O~aZoGiS z=#@l-MV1dS$yl=^hW`u;>0sUtd{AbW@=`rzSWZrJ=09~RIRJNFlY5B-WLDAor7}eu zkgs*Dd0?CC?l3Oe-oE}PvEFlxQ9_^Ykj&vlem`f6U4Q~Tt(dd<)XXf-7XR2J;hk^Q z5d~oRjQ_0So_q`1tNu383m42c>($lj`(n{*R*TDfYYH!9O7*GsvRuACtC|IQ1 z-uMTF1j9t!pMQF9WSYE}y^c6caphlB>yh zAK~|@BJy6)W2Pw)+WfE_{_;(@UF4(6EavNJ=Q)HXro7?Xak@(CRm_rB5*}5X0{<<$YG-o8BZC1}-X>nww0o=B>(=)AVSy*0c1x zcML{Aq!BEyA{)&Voh!~d%3!c}pdAo5O@)y8l-9}%IhS;uH4IE1o$A~3B@@~|1xdck z+cw~fPY@LZ{e#NTlHKoWAR(Ua^Fw@!7=wO+Ni`2CgKE}P)TPU|^Op5VS+T@Ljk(lm zRXf~cdQI#xk6wfGM=LY1w-iDDXkqFp+03GxIPLd@{+tW-d8av{Ekrolf15tV*e*tysa$qm=DfR9uxIDdw}d zIM!i<2bp5DLme~8{ZP{pArsNe)QW!PT=N$sRGUZm5^gQXO4_2H^vF?@XBUYAv+HD6 ze76XHqMsWY|yi`WNPCxoE#cJ z4E*5gfnoE70eum)q-G7U>;#2_!H1(QJP&Wo+pYi+wuUnEM2fub_xATq9ywha(V?J+ zA50{urhb}Oi?2amWEs|IcSRVh3z`pFNGp_E=*dOHq8EOb$GZGH`_z)nd<_mU@uXOh z#%%oH6~vFTXd;CB{JG^CroUeh0Z^%O8&~r;=}bP1ddCaCpdPA6a6Jgu}RHR@6tOfz&@)XQPTBKpf^QU(9RAN~&gY{7g;{qsT z>pC z>{K(^71|Hl!$DVG{w_($Nv=n3vbb{l>GnIt!eDP(Q3e_RtFv+W#(Y8s>Ajn4AE<*v zj$4bUs3@A`vE$9KJAAd=YU(=MgfhE6fiKm2_an8wVLUf!Qx- ztNwE6das@E3ecK@0xNM!?S=TvjKYhe{cDI_k?i`I1!&slDqxZr+jM{hfuS? zD!4&l>=urO_P`b_C;N_-pg-yF1JwQFK>y{^hZTm5X}LKrot>SPT%R|(IiPTdA@x%D z?(D1VtSxuPGR!xGPaG|_W6!k&+-}7_4_`hbl#$>AlK?+j1W4LS0Y^`0<_m>cIlH)E zw5k)L80=5=Z%%4k`~;G^oD>m44sVCwh^rQhL~jqoHM{X792JWVlVcP%Fn;vE-Vu5? z>he;Hxzs3~dA-oLmQY}#)2!*^GN>8KINuoW2V?7bC}LFi$7`V8AW?~~peu?ITxve8 z{z+=tim!Vnlr?Jp^JDOcE#L}Nb&~z|k2kl*E~TEp@)@;dSZ1^S`1D`}XXR;;Gbb5z zihFK8X9kz{Vrm?jt89INwHerwd?6n1ZTwL3RQ-=Jgq#lPB*09K_P=h&g26CD=Qz}*v-&>(TJj_0?7+n4|K z$HT~zo+m!Qj%e*!hLdR}>{PW9T^5V8Y_$DB&_*90F-KaLP$$c2D{gyv53Du1&YBMg ztwJiag@KHGQ%LOcG>#rBWvebH6%h^dW1K*Z2N+<{3hpQE?zw%` z%BS-_i@$euR`r&&#D)@%$nvF>d>#)_H#C2Jz4*I|76lj82f6cf8^1vwyN;zBXYU42 z|Ib0nb>2H0W2E96*Tke3JGivlB+c6dT^8*S^mGuXP^o=U^2Pn=XJuc$t1qExJLtTU zLJ@1*TNAv>)sRE$SWnK|qGYSf`xa=PLGsJuOf_v})JIwAIZ^A=*y!Z}n@_`8A_KCX zM)3TfJE5BScBJfZ(gC&xKLsaloiH@ppR8YJ+-cK=*HKz*vd>!Egklumv^7jS4J{%H z_;>%r;&@$#;CLs{3zU~~h3@b31i8s;O)B|2hz+k1hK|4DaLXX2B~S#v%+epy92U3o zVV`2K8eiv|VSqD2nphtOK4w(Pg%N>VK$#J>JSoVIJV+Z9Bw&$}CD$9u{B(Ss#(l#d zW+kQ_FH8nGo5UKa?R6}mAXmqeNN!+!^Ki{^u*Sx^;?;ANy@fEB7lvD6O1S)jyaKU2 z&Qu|ci;_<82t#}yOP9JBAkTnH7%CjPhAHV+Ea(fZIUQ5Tnl5%w_INu_$QCzv$sKvbG9GCVc) z9d{&Y-6M!~}rD3q8elyS4@+f`d64~pW4e!`J(rb|IeH7#T$he8#neebE=!Kvk> z3Su?)p7xsHCA5w^)p;JeC^XCC`IPQ^28L650)HjnM2h@7@&|2iK$l3I>&0XyI>=`B zVVi|&vd!ZjXAyM$&=g)p1hNxe&oX0PRY3J1Ja=IP=Yb>jA5^CAb%z-Xn2&qT?tuzM z`?<4b=08HLdo7QGb}1_X42D^j9FG8qv|!=pbS`uFnLGJYgD9zXljjLXH9*%wNA@+0 z>&u&npg{KR2Zh-er$O-i+6v~EB{Jp;_OSHn`(lhl!dC=7={_qoX3(p z1YDm+wGq_FZtYIG-zV0Ua5N5;24eGmag?VLgS79$_2ud8+?@2LzXKGC=DD$W^>sVD z-wa-HDb>y|>B6Gol&fn`Ig_@iml0CA#gUMFY!V=Idlx0W@lR&`P=FqGm=@#^`9Q6q z^4HzwQaGl@{~{jO+=V@q865eaLU4)hbC(;eF!R@d35OmrkGq)Vin;aAIQ(CR$NxEe z?jfZ+u8=Sf2ZJDBe`cwSU6I-IOo_YrJJDg1_P0^Ie;EINeR)HOLHKiRF;89_bv=5poFM|Af+N*(hU|}(jeX4or6-+($dn>-7$2BbazR2!_2ow-}n5! zKhA&Woaegc0-kwd@4eQ#*L|c`?ijDCc0|^NUTU_j;JQC794J0I#XAjW8nQz$I zi{QsY8!a1+Q(Ff-9zgvi6`dK@VyFX|#ICizkiF5HQplG(dG zeu6k6%9#vGh+n)y9Ck(WOHcovefSiW>EG8c!#Vfb9k_v7W8?O4WCW;BRIak zpqu+yLW!Y)xbc;-`o|w%o<#7D6a0HI7#1B#==9UKUnCJ1uN7e8D9k-&{_mFz8phKj zGS;a7X29_JBR!|;67B_wEoy1-gLg{$gqV*tnlDG# zt|Tvpm^Ui%>?)GpR`+>6SYNuG03>p-IWg4yKCL{kOLeiTrdXz`=~`u zrcu&sUX1>w6d&p}VZqpE4D+A3nhUoVrY=8`CE^ZDcuE^{*bGPoEw!l0WlD3R%|Vu2 z=$S38ma+!0VK8=(s?3GM7%&FV~wa_8+|*3TP$b3`Xy;1|VgG*JdG^8X{pE|w!+yu2&x{R%33J6Ahl%~%@{sExHZQNm zILvuZ9-GYyF(fNBHw!UGY0?L>1H?~k+>PY#vqio_K`8-oa%y$^>l0Z5zHstv+X%L! z#mwkO@SCN|b2VU8U@N(@u7QP&d(K4>yi8v;13tS{udFSe-Rs(M-O$#LH^Md^?J|ZR zG$Ir35>761-siAEt!H)QWU$0hm*g5dn-Vzqs6Wd?T-6zdwVqoX`g3A^c?X)eT{UB$ zUK+Zaj@vHckJY!W>tP~NY8lcFb==G15f(uI~}D;Xb9P`=fpdR@i2ZO>6t^o%k4 zu{oDTL=3+qDKuR#OtumfoI!bO@?eg4x|`kn{;%wjWd3OTFUiXV1tQn1Xur8+ID2<~t}UKGePzJdIxM_81akqfG(^oBFiB zFJHL5n|5w1j4;VeWf61Q+MsC!LxW&1Bwf?1#_t(?rrCT}mTa-ZUJt2mK5joYl$5A< zMLj(}0 ztDM(%{g0F@SEkmDju?lf$Z$Jb@|4ShWlCIRu(ECvxIc{}o=gPbEkOhaIz87M3u10{ zvmRc#SM=@{5KHLn+UuGNXwi;oBN?e(WBx&{K! z6K$)TVfxfVJ_?=w_LCeD1zwBpUP;GUHe@NJ9kPo>tE!sBC-PDnuHxKKddnpjPvXf? zuH&TwniQ|{3Gx|{PT${i7|>fu(ypCZv2U2V5dsOJ_*Po;6W=JAeCvw>)3dN)GhQCR zrwAdogaAuYYPuiqCqL;3<)pBNTTj|sBS~7&BnnxrY*m|yzi}Vx7|n5;-HS?kJeaT- zN|Jw)f-WP8wYfhgHW5?%i+iN?Qcl<7&J0(Yk*w;#nraMbu}<*%_K}8Z6a~`3Wy)x- z4G4!4i+2{yuW?PILiqvg%yI3YbhYxYpm3dX_)x*m&)YAS`GV#K`Rh&pR=HM4X z6tVH*%lvgSH=)7S1**v!vZj;jIjg5c$_%Rb*#WVLJjr8HhJ~ae0)>FIU`1YFDs zeRxD--BH@t0kTg6>>b6x-qn$8{XC2lc`ni-(?L6m>kvg$mYs!_&R4ydz0?!JrlRpw zMkD%Nlu?p|>>ku!7$1brmFz8!a^>-=qhpeZg}#V9H^@@oZz>6UaX88iwH2DVOS6c# zr|OF1r@9}fBs^;i$$Wsoe5c`ukPAWYvpuCG@C72FXIj-6U0r@nW&Yk+QyWnuc8}RO z0Ri72N4xXarbMh^CmYYqTf!U;UgH5<*6It#z^}k681ALJAhO&J^}t<%5(_7*@1j8h z3!w~|{h?R=q0nO31!Q#e87Z~Z;T~J_J$iGuxpQFtUBS85Nj@pO72=ySU}mp|q6zrI zt`*i~ZtOdF_%s-$nI;(-L&27Onna?7!5tG94xTc4#R*ruE%MD0<|)oV5Qf_l%H>hr zjJH12QJW2r4HgR8S1&A(*9M7OGzJ!2wBm&rBMpg48;iePNT!Jf*TEZtz9r!R$WNRt zVrO-K|1pkkayM|no_H}3{?=}yqVyQf@fctC1%O^I4YC%15H1UHqRD+9zVbu|>wl;@ zI*!tg4e)DDqqFAN2dGdj#mWk%4@A->Et50P866w8ed*!Ea5xBc;-wm3{5`YG z=jdD>5HajojO69i5cB)-y`$lm9$u|C9~mvFZ$$n4yeXNY&(^=-mp7(X+l;=Z=zLSd z&FPzmHgu)Ayp5ynw;FjFRorA9`y-6HuPJH@psOlBbpj)O!tIV@5oZj!)rM>^^Adn! z5Uq_+_tffbrFp}~6qL@dTM_Ld&s{9tDWFrI4h}y5G2eNcq;Ye8)U~sX(mMNPwGeSf zbtK!sSaEX<=d_qb<`)D~%xHVn#G@-KpL`C$y;^X-S-mZdracK{)+l`)FS#6MqYqd|DbZcFqqUq5>Fi5-x9y0U2YCHSZEW zj0>NuaOH2P92LGwi}miRS8rHe56h=OJQNJ= z?hEsylQ(4H&RFWQdk-+r1k18Gy1$tJl1*5i8gF0WS%})&r;_DPO0HLO)F|fbdAPtC`o@+1ebc^EJx=xE zN+LFQ9TD}$YCdPuR{N8tD(7ctB=vI)>TkpM4)%EJiLJ*{kzDI0C!T}h8e;0*oAFE^ zzR699aM+-{8Rap`nK?*lU9II^4o)I=!_>r3fAva>eD@-Z0%D?!H?%l?chDbD6s{-g z{us0B_v6cb>EQx;dsM}V=ZP)jD=%M-5r@FkCOiMs{PuPX(Y>V3sPS+hq;#JnDLP6C z5b-@*@aa(-?Tll3!2e8A=7GMVg;-o5+jZW_;}c0{tgOm`wxjF)p>TD9g`yDgXMXbM z(><<_BbhL=@|r^3ssl2pKi9tK>~0P#AlB=};j%C3b&tFro79u3-3L(*W76~#m@am7 zUEFPY_J-+r%=(44`gMM`!2Qe4O+ZZ|_*4{a`$qH&T%kwN@A7VKg5jkfLJwT7&aHpm zQH}Pmu`D-K)P50FN!8i%=bebFzg=C+bOtn(8%PQmxwg`AkE5pXCpw|I^z8{(vw?FF zGRE!eluuJnpFBKW(I&3h%%T(gWAhcdwMs<>*}Lx^Ud0Mz1pR&}MJM5{J-#z$v?9Ch zEIyTy>^Ged9^ZD%_q97SVtOHHu!V)rv-&v=dsA*MO|lk0mX}h5_??juqGe_=ZrKW! zyO9T-ns~jJa%ucF$<^rJi(AK%0S#zkXN`u`wss3syhkjvvnH{t$PF$zX)9DickSzs z$5i1D_4f@ZvQpV^x~v^H_u!5!Y_wmQwFz3l9b%-<26qERV7C#~Q>8mPnAFe5v%ZrT z=dS_~L?mMAjDR_=daZ~VuGj~Mvc9GH0>Apj5JZn($6sjCfJA);eZdk?#^ljg@qE*S zk0$_HpJ~r-zg41N4^Xegz176xD{{`;{?5!!%Du3i+P`d|E|pVYbJ;|z<{`-*rn#@+ zUk>!2dqFw^t~2i+e8f(!$G&dWu*Q8Avd8{?xVmt^=*xubeEGo5jPDU3aRA3Tm%J7o zD+kA>xs5((%1$nShV}umIDoub!%Jq&19vELptT76=3sp=tW0p{Jh>Roch03?Q#?&x z2mX})O|NOa?{MU5Nw3|+@U>X#XmHT^XI_jpEGy;1xFyU<*tZ4nrfN;o^z4?ljYcb{ z>QpE}<76|)p#}qC*>$C%LNWCZF_)v$j!tGcy&7}B0OpOz*C3s6Dzhg$Ib!~-OT+d- zZgSUWmlHXtINX7GZ8Lv`U+7@wFIum~ii^O`=x_m-b6LF?2ls%EuMRxgyvrmC(_|vk zwA7jYstU-_y1>=^e)_EqTWR)VK(%l6Gl3>NLQlgDwS<+FImz+M7Ud(TEf6EOY_nI{ zOpv4E&^aE)5k8SV1DyeGo%7*upwa><8aoB%v>Eh(v+{Z#1^=A8a* zpXm|y;mQUYpmTKxRyfw3zrd09FqlVDDoQuWLg zqo#DHTI#RXqtyXE0B=gdzT+`!le3;&uG8;0dS?=YW!UtaW3}voALEkJ=(LMCd zGPQ%T748Aj*FCD;Kf7OA&ER-vr1j`l^OIvc9G$!}6>`^Yn6|riH~B`TRQCW`h7sMk zJ;$lqKnP|(dmwrzn1XN~;50oH@OZbEH4xfwl3IHddHMK}Vr68k#i?xgej>?Q^N}*- z*ZkohF*rIU;G@i;SbJwbk^(gY)WINcUlKKpOW7-mRnKaIKmel$kK6>ez#aB;MpE@T zNzTU3uZxn031LZ4LU7o>YFvH7dmUD?YHASK|^0w7jip{sf54tQzfb5=2$ozPYYA4o-_sL zY=r)KI`gQ?`ap5=>qE)&GO0%FLoqJkJpOO4@XD`yezQ~1ruRA4$mG!L?oFgB)UR(E zmzzE{pfK`CeZmG6ni_cggowT6T3*$k+>w^#z1edC0}b4s2T@;GHXeiA5*W&U$?VVn zY1Q=+3653w_OD|68W7+ZpW8kGSVL3~d9*=c>SdFa1v7*#3{((Gfx3d1EeocI{;lMB zWHxiOM+5(i&FX5@FP&jFnM*BIMbrRUFF()n`=+dXmbZibCS-a-M8NKE?lOGI_=IOs z^D*vwgBp~$U#*m{+I(e}gg+W^n_3;w*gQmf*;tIY8|d2M-)ryYyYJ)GAYSxwur8MK zm#N8)r!dbZtxX`Ja(Vw<^6UqN{B4a*zW-DbUtFbEh2k1m(~FR5M@w?@sAW z)jJpG6cvTd%zRErNHDRo>RdfqI&v|V+q#9@_iUy@20NZ<^CJuZjtF~2)sG+VQ$;=W z&d#R#{P}Yow#H_9XQ#-@$_iRN(cd@Qg<-Hg4@L3~2)M~tx3siGLT=g782kO(d)k6* z*9bA;Z{0j}{RXU0oWQwEQFzMe(=k0YD&4hylk=Z|9eeRMk{#S18nRwl`3Ae z0{g~Rd?F%oMa3~4t`GlKQcibydD+*`@2dU@ist*t+FtNTA|jsu-%w3VXx_eE+Ww>Q zNJCdw7mNtUiS6&bYb5v^H=<(QSI*)^zkh%7_@eOdv;`&`A=W$-cN{%nYKY_B%YqzK z0n}3az!n{D=JS7-p>H1Sm4`z@o-Iyo9!>?WQXvZR!nC8(VU$qQa&dg z_UEOl3=Ox(efP?w5o`D)0`|NLpDC(`eMe@9%9y+k-AxDzaYZ<*8?NgR9{}3#(-}2hh~DH3Ot7>&3wY4s(=P;LS;D z_t0C^)y=1lYz1mBsIiam*ITuPG@}889C{e96x4@H5dtWMSrWn?nAhlYl}F3wVug zNh0n~2I>xoH0xq`j|C+qW7O@_O&zXc>m*9NwRJgFWr2_?brG#RBFWD$V~p!H5i832 z`hH=nV|H&}-(8ydVv{FwpTD~Ed+jNp5APmIB|hfpX55x}WuMypa(=sUJ&z%y=GS-8 zQHfleXn7qj9J3v_b%#$SugS}KeEOr2Ep~`3Cw+S?TJ$*6Xmt<<8I*p9sgbkIH1#ZB zx$qSaPkeW`nA6@2eu)LQBlRvxRTD3T)pzwVT(T16))+UVWu8OHF?*V zgIy54j4KJkw+u`ON514!x1~ugm*A))jpHkFx0sZkLhFUHl?-SMgbx=%`p9Q-?6d zwBNzuU=ZqS6a_M^9=-#-`-2tU0cu8FYKl?zZx7Y61Wr+|yh9Vtra(!cM+HKbe(HoMXBs z?L}NV33~iFyT!)SenOUBABeNHDe8FQCcmy#H8b?x9JMD6c z{-#b$!jwFjE*B|SiI_Wu!g$l!bVZP zSRDFyVo7X|G?<~c$I~WVJQ?~^C@yB>%ign%(^@vJZxY7Q-BrEXOk&aJxPqqpFnY=_ zoFxJzNILLqa@Hd84^@eYYEf$>q<`?82jn|_kBRNz-6$=q`CjqpVR}K$x8%%2iv&Nj z&7PpJffR{3%tsQvFW3sn_v{pxWcpvzH|k53MkeTG=|j5NW{dp#(=k~2=FQ7yN(j^H z>YiVJW@AreSxryR^zA)$D4=SN7D*fZpu3pz4iRr?!zBea;%{D;=?EjoPn;(*Q5$xk zt_he?4=8Cy0m7yCQ!a7NG{_V z8mui2W(fysB${=lq`Wf{dCobY_ZMQ;l5LmVmcF3h!kZ3TF^5jKt_`}vNC`tl7zp~l z=a*d7;XHye`5DRYnj(LpW)vVbuZ*cbwxjK(%PwwQ^7fLp*IF%m<6IOIc{Xi8FlFn| zbX;P~IYh9TvTHO|I-V27E9IHwe^*hxLkc$>a*j-hk$k6xpSK+4ixe6uF>f(kaO(5ph>iG!0J=OKz{$;-)R)eOA$uCn2O}$ zGYRqvTCH$S#@EOZj5nXf0UofZGZN0nL^~!eG}J{$VmJqMsfkNg>&~f(y%X;;*~p|B z9SjNa=;fU=FI8=helH_OWX|}>e=krP0 zsGs=mpD{WGI`CrAuwG@9vD$P(*=CCR{PLeSz>gNUNCU=?-kiNtOG%cr+*(s{mKr$QU3W{EfI#p*6@7)_dW6~!k#{1z*>e^n3?L({N7P@_5X#1u4O-Oa zX6A(Joo!plkM@bla>!}QOUa2-GR-OS-H=7em)rf&tob%q!Jaftl=(wbksE_%3T;v_ z(J6>7`7fTJf(TWxJTkidc57jQjxDA-2ruxET{ zAFO&%ZyG`|9Q)SLlJmd40KIMWc0GL(0z4Z%3BtOzlxov{cx$mbWtlodGzP+kMoSgj zMtoOcPc3+O);5h5G%Q;qBSp@MUDvYJ-7Wk$%DquU>8dx4Ba@XSzRXK~)_q8sTf4UQ zEFwzD8$lNYQX?A}eH)(u(>4`kopQ7_W?tx}9hln3*qBYR>m&p8;awK)qX_ zuOzAauPNa6aYeIZ-nNoj^%`lCaRtYh~~dukWFr-e=_Rh*N^{tFh0H(`;W5ve|4%A%}(DC zZnD%9gZ|6fV#n#~SH!Z1@d8bgN5{7>7P0?k`3cL!Z>Nj-f}{#5jLdoiUc|@i&G?_L zl@#PcoAKHP-5q90<^!iI>0qIiKSvv1EF%Bi`r8ESzqTXH+Yw07v0lsWAWxoHb<6Wj z#s&f^iQCD$y}kXX<$rXKb>2VG_w9a<_x&P51vr;IZ}{J3e?laI_Ig~Zmci^T8O2|x zVU5O;T9ODN``-2UW#6zUKUB451(Tzzqq^o&VWHid*d1xH>Q`H)>v=h@*Qqy@F~%`f z_)l;A+_BN*>}>yaX%nV=w)b2;W2LP$1PjM5-#=Y~iG>Qw5-CnEQ6yapER1sUJTpm-!$A&Fp;PpN$3~i{_(;KSa8BL2DW65YVU6O^c-+)_2P}EWF zB@dC41pyn-yyYBz6$S4l^7*U_6UtgGMidHvNK;7}VRE{o@pRxj2vy`JjI=WBat2?x zS~{^}N^BihBrB~&=)JMoN|&xd4r^-0M!T0i#!ts9=&tsJXDfG#VZpOHJ3C5Kbz=QW zGv?7TE8l@OGUed8zN$`_!MC*{M=PYco&8s3ZG;uu=?+q8_t5OoI`)Rt5-dA(-sng$ zr>DP8m8!=M?(yx>YfDiQQ`@|^lJ}E_FBC7owy}_CjYndpt3F3 z$z+Sc8BApEUfgOXN|3w7T+)S2C>mkHBG(9^-qF6KqBO*hj$Vr}L$Q&Iw4}DYl9?k6 zl&sKmR4OwbHA|UY`{|(eFl-kO!o`ndtc!M@@Z8!2WzLcAJbI(V4*0E%DAoC?(t?wIyBPLOb)o)M)l&(2lIXQ8x5+|=*A!=o z1$^7{&_HFj!QSKoi0%{0F!>+}%u;oWObvBu#}1kEF(g~ucs(}#$^6nXq)&xJgF0;r#V$>7Ey<(929pO6ZYkfa?HKN5Lj&x@Ls6-{8| z)@7^oEGoG+NWh9hfy~P%{JCZgzmkO}XPn$v38PTrSBV3Kn2k-hwu$zG(&4Sl^z^63 z(-<3_U)&*2YW?tkjAGI-GEz?NV+)G7Gi7CE;Td0~5iiR2F0i|l^abP30S$b)L-CDne zy>(-~ozvYwBG8z(y?n}RyjL>b>QP-?ZSC!GMkOSRZs0X* zij-!QHBK)m6Eku`l!grYUPDbN=~W26N4fdqev|5<5@N>AfB0s$yI+FhNwbo;A>~_+ zuvh3D-nLGU{CJ$;bwpRSnfWz;n+9`qo9pmWpz_^fsqb6t`KGUuNY&MNx3)|(r}r|A zjPwpx%YXD6t!f7bj!|k=m(pFZ?0Kx?o}^@=!`jpN2>UrG1xN5a9UQvRAT`8G(4 zY@hBWvoonE3+sB|Q#y$tn(iSAX668PNiI;w&NaY~U2*X0op4q@-o4mhp)B$j*h!_J zU`!lYD3g!d>}y{>UOIBPwB?aen@7Q=Dz9cYNNNm`6-Xvqgsn1^+)P$yZ!Z6`v0KXs zZKzv$xSyK*K(rd*((`yfPt5F`A>SUZcjA>suMmTcDF5(b>RTh!O>o z`;$;evi#vw`sk!3C zM$5mMd@!~|!?dLcP#4^ zYR{9rH@U>B%X#xEIMX`{c0H7J(Z z*j2{qt#ik=M2_=pXOzM~YNh6BC~|($&w|$V11gh&?p8AN8m@?_2x(ite9uKmn(h+) za^vfIZeB?Y)uvmXGJA|)hgrmNQ9z&+=t+vVD_DcMR?Ei$JHROJaubJ0Q+%DTlbC|?kt zD<1qTxXZUPbjXYkdG+kaNcUjU*C$iZYbK^pcAakx(X(;ZZO$FPw$I0OCHg3>7ieq_ z46d-18LIH)EeHyn3pZ#)p0e3>m!!;Vvggbk5d?4^{aKIrn7t;Crqh%8QwJG0^i#Pd zPqj8#V2{BoyHjk2&yDEMiq4OJg!VUBWD_p`sT0<)D%F!L)vc6TueG%LmMAS#H4kl! zu24K+Kjn*KqY!**?$k3q9Uj7eyb*>HR_4`%9TElxm)fhDPsdK*fXK&51gJ$n*&-tM ze(ok4*FyI37?=(mYosR3<1ZRxqOX}%v2>^epx>!CWL^)Nyk;8a60Qpz^FR+X#H`_D zd6Y3MHrGBq2eqJ}Ke#}v*v44I+gD}{?whJv(cREA|I&*=N2jTp-M_w!PYE7&>`pLU zM%xdCHd&q&RzM^i9b2^Keo|z(LPMdWH`Z>hb_m`ZO>mXd&NX{N!{{DEP0(+Y zo}17cB#|eL8{fF3wm{?feO{NzUD62I4`+yqW$+sd(-U=aCXcx;(wF%)zA8|zINFSr zH_una8k~@anxeY+;h%V<)&6Q2Pvc)j7cOY^Pkhn}3qx_c9)17ugL_IkBCUPB)sPjn zGcSl=ULm$*Ai2AZnEq(!TJBQA|g(S*+%`UzF4@QKx!<&5?%R z>t6qcY2O0A4=aBh^!F)A%xDh(QA42lx0%_)qls?DC5eML--gWE=oEFizdGEY1^WnT zjI+YFZAAd)ND+z_DU#To;QS;vPSn|z2{dpqL#n^>8F!tuYZ7=hZO{lGkR6mQtni82 zUPx2$4FB$gGM1U6?P?fb%}Nmc?T*Lg zazKG*eQa;9M0!SsxU@7S1;xFL;RnsQvivO(6rwKswVQ+jZtO^vm6Z${HQ#5gp~zSPukM@B_mb#gVebVpF! zg#-Sz!nb(!D2hsYMF_Skgamc~nT4*0!`=9epttMH(`AN|ah!Z4k0y$>hf4LkYCs7! zp3j-desl1Qd=s7A<2#Ff=l8fcQ5P3(q}eJLmq*Pfbk?*&_PIyfb;Z@z6#KI{E3M@!wss+dk+mCOCIa{=wTg#nnGEGt+z1 z<#bq-$8PPx;_U_(;=MZ)g_tg(f;YQtTApW0=lk=Ll9HIXR8mVR?)%G<+SgB;Y2$7d za7h>KWpbhxK^-SLE>8aq;SYAxrxy$E%+ItvSiB+H(39kYH|7%z5I)GE5BXz!{0@+H zQJcXAnk-n@fJdYtGQQ>))dg95tP+P1vaDD%GWcXy4=sZ$hM2vMf|nwkFp)oOrUPWG8dk6~KfnHDYIsAFt(a|vn0{(6$ zeA!^^mmCcD2ZdX9V`?h+p#k5r&u9hQ^om2i9O0lY(|wxK*B;dzS3 zu{iMa8h}-xZ1;EZ!2H(0oNyjULhtshYma;B>pd4eZjZVc)T=_Gqwz*YM|qrf3C$-8 zmQRL+aJaSFG_6zHiXnG9$i+F+7TJY`1LOu;9!J7@`ub`mI><=RG;F>==FN+0(dy^- zp`_2~w??w0l6hm)ts7%jyTVUE0NCtKu@Eq8 z^(Q+o^ne`E97f7lbG@B!3LK-bdSRukkBNeVBZj%@^6T83#>(ny?PiKQm`B6eggXC8 zKiloDvCxh}z3kb-(}*VG@6F>!KJ$wZ9Op`G%Yx5v*$tWS_1ymZNLJ86DSZWEza4lF zmzCg^=t(4ITfCzo7LslnTFT|wJD6>E2WqKizQ%lfJc)EPOG(_HdPs5B3fnUwR~;JDfTZL2pA)z~7MHyk#~!cTU&zxOOEdZ}>Zqp#oL{-W&f zC99pX#$_Y02jy|xL+x=xofbe*R5mI6$Qsh2n!D&)v(X$^LU z5+iIkJUp!7IIiS#%T4q-i7#3y(01P$@W~<-kj}6iz+;hGW$D?aTuk?}}GHn=l z)J+jyVmw3!S$YogAQ;o~g8RXliW-;IoY?#K@8b^l?Jo~?WsLj3G#0K5?!qCr6poIL{P5e85F$1-Z%}Esv$Io$dI>ns*#kwqkd<|GT2MGfWYRgxQd}LUJee9sXeC!uN%vt;NV)| ztJ4jxY}y`2sKEq`C=ID{)w9wvGLN2VIy_mrlY*~N3#Anlgn;y2HtCeQ-AMV$ldEAU zHsFh9D(A=uMtRPCr_gxE^#>Z#WalI%yT?E3IypIEclWbx?uqM%crGX_1fx5bU*yzw z+yvaV$u0ohvuit)?=rl1rwz8~k9DgMg?qNC= zziUz{%Di3B$AaTV=Q;8CNpLT8Iy?&lUv zb$?zVP#itUCPk8;EF8`O+btiWVP@{K;Jj&j;_~6!K~7c{<4 zRH^=5pMrvdshL@NMFpNW=u4`yoZY~Ym?z?MV#p8;-vHCv9D=~ufa8Ra3#Cv>#=g;Q z_0@`VJ|7k(XK_0y&4>#p+h@_?i2bOhn=PL=uq z_p++nqKaiuvm5kf81s-3Ew+{0tLs>LrV4LIEuO&dUImyb+H)* zc}$)t6ojdN1A97uJJkh)P=^IAK~f~ri(2aMo+Njw$G>vhKc0}2{~8e^t0B>nn0nHV ziT*~!*GAopB)G|mg(BS_vUKd(Mo3DkDtwwusG_8V{Fs=SxMa?G_QECgX1_i>na}z7 zxR3edunot#ejw~ZHi>&!D69j~PzF*loRf}@u6tnMj9I(PKpfgxA&MmE@nBh(LwS_j`j1MY8*ZH=R? zoYd?3bz}{PVPOQ0Vyhwm6in^)>k@}8dHA05f@_!1J~abF2ryo@Z0f#Hm`Fwh5Fm2$ z@~ykm0MZ=k0TM{13O06$2er1fxo+p?sDjuoZaBuES1B^s9?P8rkON#ddvZN_e0%_lgCcf9$=kV;R*6Y;G=~@J9IJe4|$r zo&M&~TN4wLx7AG`U?P)}`k5hDlFy$%S8Z@9g{XOYdd69$q4}g~Ya5)NBeI>`5=Pn7 z`A_=>&O_qeZQg^unmj<9LWcs=g{3l$oe^xQ6;fgA*N@)1@XcY#TbUWcbwtVM< zgOkpWZg6e&MTy&QqdV>b%TFmJp#rf9*UGSp)%)=3OM9mSXSqw?vx*dJn!uoAvf1nF zYbNR^NGvQ1`!UoqNe^nERaFFkuDjk)QTg}xOT{v4FX%gmBFNfB`23M2)IJel`mfwv zT%?AsB z(|Vy7!N{l+2RcE@>E9mDzgL%%O#k%h)60qKCSftL2c@N@8h{MK%(8~Uy-pGPUP!m_ zi+CP;D*KIo-II+0km*YMs)wzr6A=)E7y}89oiA`dRsiT)T`KLJoyX1haBKiAIbIGR zmseD52LRRsSU+aJ(FtvwGXXB{==vGjf%$&o$E*xL%xA|wy^xwyGPqb%##9gepLIFfX$NC;*R!Q_6&ePliajTCXt8Y*$ z{n6bVl`pQ0s}d5t7GxVCRnxAXCf>yU)O(LS^)_qA?0C@bvj4!1Oy}Tk#Hi!Hy#OcW zuc+Zww`@o&=^tuWuU$rKFks{dm7Hw*dhcpI~SKe zYdj&B6-kCj@-E7A@`L2%GW};SK|%%5+l=Mgv?rayAFpmz>sP2=ZTIK*OC&&)pu=Nh z?GuISJ^lS_z>wLwxq&!>m(Aqo*L1YBfh8qxoOY+4*g(|Oh(NMOjuN;;NG7ngiXhz= z=IU)!Ru-dvLZ^cT(%+#60J113DB2cpP-JA9hf8-}xM(xyj1nC>r#Cbt0q8`m=2`B% zr>k|K*n#3QMp@0DPy0<*C|>o;gxQCWixM7ppp$bQ#^IQ$xy<@~B>Dgoa(5GAtdk*N2l-3sO{{F;=$nB2n;mc|I) zrBarE`G+aDERvY4-3ryA=Xt(&DC%@O%CXLRCtmW(Q#VcGIR>pc2CUJ}sZlSYi<1EM z=b<8ODJ-#FoKV@Ae15a7Q=S~z>cQfnEsFE~V)ReN*d!~{&n|2a51)`NDjytb%%$u9={-hI4bBp1lp_HLRzhSAKLh9J#jYA2Y5D~lt=a8t7x>K zKGSFhjwSl|{^|L-e4#QC8JSg4zXMR3CyfW5;Rha@d>*G6j@XVO}YFev;6YAyH&Rt&!`MnY5s*oOF{a6JEfxCPFE$a@3h_!%^2 zOt9ho1oNV0Amt1|oo~)uN*13BI}uKuLDO5qS9r2Hvj-{!5-97Du1_Wi zZaW4H@b~}@I~bS*8DKtgZO=W7}V6DwGkvlhpJ-=4mJA14Z!7!NF0?Znxxc6Ek*yxqQPM0`$@kPp;(*A)%ms+%&I-+Ks)B2PBu3Av%uKhBYYi#MjiZ3TF z-crF&W#R3BcoUM5ZQLC|gb-Xa9QG&N`P7;a#8}oeqVj7JKfQ517(!IV8yEw(Exrbi(d# zcz{By-K(1I6rf`1V9 zJyGp)*n*yzL4_z9LXMt6hHZIle>qS5f6RRaP#sOQChpFK5HtjLclY2f!QI_mf(8xl z4i^g$+}$05ySux?-u&|R)mFXTs;yVGOVzEK8fJR>obKuA{?6Cm`7`jIfl!k@E6`FJ z>ko*zFYwOw2m3r*X&PHc;3lZc3N0Tgeg`2Cc-QUH3~jZKE$$N6Aa{rSficHA%qFr{ z9gg-|+UNr^_RB$I@K^{kUYei0%DDu~)aCQEz^if|cht@Aeg@eVe<_5xD$^1a_-Ve%D+-!(`4o-7;_UrpZqK^#j@PY-B@ zWwoM0NF0PF3`ZQqsk`%${-5Im4EV;s&!Xi?lWt)A`9GR)7=5h2^j}AC#Lc1*|E(7v zrXC`V){dMen{p!>Vk{#Pr5)1#{V0b~|`B6U3Eugars zvEF56D=npJV6mP}+YR0XId4VGsYeoubL33oP1?-dP|}0@?q1 zoF~San@{;G`akAYq*S3-#Ojy5zW;NpLo=rViFOSC6Qu!;;}BW$1!(;rz5E7R)NnLV zg?F2QXq1?VZ2$T&923L-braQZW4_~!?GKw0B;^2#pu{Y?{<$>()q6wKSpHvkZUxCu zd4m9bxk0mk9KU7kC=5|C!qDNpVl|S?un&TOH$XrA$E#iCr^tV8l#=_>c^ez!ZM?$r zm1D&o5(JNv|M`KAds1vb*dia%Sh5yLq zaW|Qx0T~&2$nM{!k@Kj@qYO7S9Qd>L9e8;KeGt!s&ivfnQ*>Hfr`Ff~gzstoF46rw zrAie+%g^h$^?E$L#QGnPiq4NNz|G6VqyN)QMH|Kz;FAA!+u48W)Lg`600d$=Cbw0# zX)e$ORlct>`+{%|_+L87f^d#2TJ(?Ae*H`x2l=Yi4fN>|MK`Wt$;2e?Z6O6uMl<9c ziDU2}4oZ=9TUA8`y){L=9wGnHU;l63k}wNq*?3UoPWB1ZI|LyrrX>`}%=U|eSu$gl z!)6wdN@5#WR9=kayXcmTrPdrq(820>UF*AB2InLXR_E(*h+Vj_e z$VVvbV_Z6(SI^}h_=C}k$l)91IFk*zC7Bl=lB*@n5LMbf9^Ho0&xSj#aHswm-3E=B zPnH|bISUt3&sB;uC%F;rX;fF-+D7V~g+qm(dR?|alV>;K=!t~PjjQaRax)$*BoLuW z^nsaDvDGX);dK^zc5>}c@Wp%9j3D9b za3yTDObz$)=H^k}R;EdISaT7pE6m3swN6jDvz^Xt#&qxoTEh(cF>@>KkA2@)9>%i2 z1w0zY8q$A1!lsmA>E?etk|0ZxiVrUtAghb7^e&<&Ni0gKOPPzkL?DePtF=ZJKyrw{ zwk4MYvfq+Mv$tKuyg$SgX#t3PEkq$IJ{IZs%GP!cpn`V@&yBNqX5Ld4P6H(JswVR_ z2jl9G-6F2B8hUgZ(Hc^^#-n6n5H3rht1Z$KGRd`yVKoel5E4JkP%eBtVyP8gQHqYt z{G3=lv_mtEJKF>rgAUKn1^6>VC-apC^*M&qXtC_3p(s;=uiA4QU-+TV0r z+H|>rEY)L_l8PxxfVWE0>$<1#&MV?9XV`O2>2(20G>LVVH zN&HZvz2=rdhgxw16^}^80U9gftkT;P9+mO*Ei=#wV1?;6DpDy$tnO#WtyOSa?pv-g zp*2jNiPvJYv#=0lH0|&qSAxnao~kLx9b`vv63=J3E^_6obeGs6EJ|Y*W9yczWQ#RK z&aC~hUYD_68}{NKvb&T?SNYlHjqY`yo1EJS%n)Xi@L2fk3@bbch7&C_B>=+N3Uyz| zkpN(`q_(9GYd6#fjkEG}^3?HV4R|dI9YbtG9=r}ZAv56~;Uw3wMN_sdn*5zKMO8>x zVv18nk_cm%OubY~8X+O2#Ro~UC5m%734(0O1@TO*VnVZYzjtwWW$;B*6;uMHV=A}aY;BduQalOu1Vzb{1 z!}Hh0e1m0H1XTg7ERyXe`?hQ3vE}R)>HLYHqLmc@$Skq>OPiBHS)p-*KV%Om{Y?wM z;PS7rE*(w*KX8xVRLly8O-F!U3i{sinF|+85w0gMt6+SrEn~!}mcCiuU?x=JSx8{3 zRh-aZaPwD}p^@2>< zyYa)wnbgn^8U=`A2&p&*g{*IgUnAnF3aV71+<}7R72t%0+TatlLmwh`;t*!NbKiJ1 zH1ZYfCzUfa1=9)S4$5tajvgEO69Q*RZSy|LwB0Id)S4Xx?l?p*7yZjb1sau$6 z_ysQ}iILq`SDr}bsK z*AWXP)TUh|NPJT8*)q(bkU_IZ-y`L#Ptb$tJ=(ry(zA^KJn6%A`VqZL*#QC{C@M{h zpTKpwqO)a{Z^YN|H)yD&q9gWIzdU`6TSNg5PNztv&ELm==`7Tr`=uOQe_fvH(XBx^ z;5L}L@j;pN3L&*r{vh#-JIV6})sm#t@RzkXO5c4e1C5~{)D}A#{*1+j@f4{gkzSRC zyTyQb*2+QOsBkk3fe>_=R5i+=gFmAjy24oDmqMk2II8MIG#ZPk+-E+u0|ghhpTzZD9+6n7Gve)1nZ9SC~(h}owpp~J5vvu=%C4vaNTm)emZA)52vUd zj`KfTpMgHoru&;9>?dn(U&09@h(Cbn8*b0|Zk17Ha|Z%26Ymt?iX4c$^}IPXt%$S* zALu#T%czn~wL0TWqaqR^+UhHz!iK4l76F=O^T9y~18&^YyxARYwt2q#3Wuf@VaWGS z9`TUcS}G&JEY%TZgT5CXJRvHAEOavES&$u?eJq%y$j}Om7!J;rA$Z@^o!~U<4;`$& zr6VGQLj;^-2Ib&LRzI@NLHQ7lMPinz!Qx_|?#)FffV z?7fX`E%=2ufL0vyY2QgD0bsG5;rLoAj--=YcrqU3_Cn#vJDx6i{6uMkEjCbnvd_!&Kij4v7N`_3o&8E zoh5boUGBO(dqstSK-|8+8A@Fx^RXeV3k<*_Td3B{4iF^C3Jch0?|=o62o3*M0AR78 z4;)0rR?~rovl@(ER-$=4x|-DD^+}PE^_6QHtR)fpB8|>E=AA9v@H_((8=0aNhXnXO z($vzJUjY&&8hxWXUk(t8nSNU!b|`frmnM{PyV3`jP*Zvuo^Y+`66MD1KLv#c=s4P6 z&F$>F9Q=?sh5zlL^fXhd14kSUGy}3+tQ8oVAS^_2lG{h@TzS-L!&p_vK!bx*TaJ8a z${RS!ws0OE!NO8y(>mLLhVu1S{w0Z}S(BrLTC#*A$y~y`>xi-pxmx?BU`vK!r_`%K zddqSM$+b|FE4v?&ZPY!^xb-?L5TiNa3Jbr(7nc8`$26-beta;(mrS~T2R$#Rk7Xy$ zXdN2{JXen-xir#a6;4FKa3S@FW0N58Apd{~qhzOwuZT5n$o{3uuR%O|;<6DE4+>m} zP2O^p1(n+r%n~g}j%u4)jaycOI(`BGhZU&tS&|v3G*U>_NKA=Pk<07stLVr=*Vj zk}1!j^EW8g3K3jOt3?%L*;a4jma+ zH{)C7xq4ZnlDC&#l}Lss`dg2aCtWIxK^5zZ3jy;Y z-^x3KNRGlw^Vn@IYv)qVA6wr#;){*2(O9dpWQqs9iV?=FJM^B3qC ztZ;pEHuCf3b3L(WB)GCklB43Cy26%?oh)iCaY?4C-!+>reKwV3$SDszN>fYL?a_t9 z@?-svNpotw{j$BzJxSR6gkO`YG(2x$XfJO2 zdB#96r}qnxE-vU{7GlvFy-uG^CpLT1lpeZLW!(8V@ z{Q|*8OO>@e*~*D<*I27m2p*ZJgRlAc(~UQPMw%+MOaRh~;>!ZAE>{fR&hpx+q7?Zc z6&H0M)%X|C(w{1hDi|~qsZ_Q1F83X%a41@E_%>xjqW2X3-Nao*0^0{pN9vJwOo9S{ zrK8NG%&w;JS+C?iY&0cWi=IurA8`eta4!P|iwr3ZHSoC(Vo|%~(*Ej3LIp%p8~|}* z_<$@O_M6>Cr5}n?$_0woDAP+L*9^+#H$VE|c<+$=;DkKLC8iOvukm|9knf;V1C&(o~1U)&adSQ7B zEhF3^RcAx?alM3XJQb`+rH@5s)B*~7;J8snb3VRq@lZi#3niBY*kK;V%4%C6TjiA$s zhYGP=iAp7EhZMWISj+&^@|p=bX7Mi4qGg*eWP>RA>f5L>1cMD zg=+?&s8~WI{*ZebD|GnRbl#jp(6HP8$}`r>OanM&)g_mw&LYPGPy%gU&{%uA>x=lC zZ~yQUK~cY5PUmod;UTMTuI?Nf)~bvFhj;_hi166{uU9}*q!_bF9D_+!1VZ!20Y=u= z{xAJOhcZ^VteG0x6v^`OlBPp_$R{%4hE;;iJAtJJ{mQq8%ARq~rGiY!K!AVVM~%bS zsq#B#pdyhgE`#1Ds}HynB_-2YSB@{y@_2lb{q%~IroVgyr>o*zUtwz1Dr3CIfj^7Q zo1;sehns|`F^e=t4L*GH%p|wQ@Z8t23<*~rRJedpS^Ye#K?*}7)=d{zLzDASBPrmF z4Z@yJl3TSPMP3<2aMp-)nt)qFGsF2eu`;c`sf}R?X`MGA4|J)4p}Em@Wij}yc3SI) zyaOhs!-rbn7(v4}^H&|3_}WE_+ZL=*l_b$B!EySz2`U;f?nSB9+2yI#vzwvy#b6HtHiEMihq^3oyAqcJO=^q}+}X7FP=ZU{&!@v&%6Uxd6Z0DzqZh z;)%oH?%@R85+D(&sla#CV$g%7X}Zl)d(PV6B=CLs3P+4ceFZByamRn%DlQc!xc_ zUi%w9t<8zo{o9>D<6gT@M#G*k;Y$W{v%$nCj>>C~ip%{KGN;B9j6?>Cr0UWJk<<+J zrs@k6*kxV*dr%x>K&^uh*vjzY4D0te$~*U-lWm0^>GO_wx@+5b(~PR{;*Ppzr?-DL zaDTOO+{5UHLPM|EbP6oguGe3YkZYW$X1HE->{YKO`c%lKd-EQVUJW@aOIw5!L;3b9 z=i6v?!{W4`-4%{S-LT?}Qs$XjYrDZX0g}P?eJOKuH<0gLS@X~!;t5^mZ~xI}wB{DH zPx#u{J0_2 zhN|w~#0V_6S*iT)n_c#h6G6-={+#c2;EJQrh;)4BvYz&!;_|NXd?}T-8F?G|O&dSE z9bXOC{Ws{9hbE^ci$2K<)eqbNC$bfV9;u@5R^@m;)Q`NXdP4HXzl`$d*C**>X_|{K zSuLaqlCz357Y;ecc2+PJ^Fl4mz8v85Wj?8aphKy#K2&hAKF00dZ5V2Q_0L-NaLfFK zDOA;x`MZh!mc;UjoEALdP7G14FjcIFvEN|n6Q!^QZs8RtkuYfp2h6<(D|ZIxS(Q=& z;v@5lPFif{#=>IL&PX(JE9O+m=L!`n4sHHu(5f8YDa5C<702qqa&n5Po6$)KV{+?~ zT&lSd2*R6~1K2!yU!_1ZNU~H(18Ok(LThvoZj!=Q4Gl|X8ZUPcdD36DLpkHDv`8vm zw9QJs&M#LdJbMWz46QoNv<*+&b_y2EhS0>^o<$nZ{Bc#&jtHxAEe;?i#v)^w6kJkQ z$fT^f+?@%DPj8Mt7Z4!8-D9i>xnT%NXWB{7YUf~B(o27}h& zq?0k_wOdf!@a@69Go!oLR>_XL-uee%F??^>cxQa0E7k(@GIv!0LT`61{L9$18~qcR z!E%G~9k@Gp=Y%`Ui}y9akBkJsr%~TEa93-ho#2Vg5fdB9TODt9H*aSYSeU!ZK}uAWA9**(-;b`!2TD5YnhuBCex2q%7CPrGlwxisi9_xe8E*z1Q*(A}Q~L_9Zc zJ6(T$xzi0#U*FjC+RUD(+ikTtGwHvf+loF;nuNu_Sla9wMOe#Bq1{u{EJy=cXAcLwoUEgW%WFFUu{ZR_4paL>J5A;i?nLs`*Kk(GppbJm6iw4pINTh|>{~%pvR~a*IW;*z zj~(xzzHJJ8eK~!S4TuknQN9jq5Ep3=+;;P{3)6Cfhri6kZJ))^h-&SrR4h#^C`TdK zp(@1ON<;)$5jSH|l#~Uvi_~crpe-4vJ*rG@OKz2CTA5V)$R!aZE9HijrSxuLa}&yy zi&vrjkfIoHQQ=W?{%MRK2sTloM7MW|VR4e8Dc_;dt!mgCPmaqkSIFFUBM&w!^CPk( zs9mC5Gk4>$-~_6<8*ubRLOu8BIjEQt%3T-C!2dX~1hPGpi25J|Wd;n+(u5i)o5%Ns zyVPH^N^nt~sT|6It+!0I1b_%tQgsL&9Y`d6Fl!GHui^EhtnUlCOv2meT&lbd2qI+uG&1=`XViw}5)+4P}}{2doI= zyea`z$fE$wwy|2Z1n#r6PjYe?_L8+ZSLSLejUlO4D{R8(*0`zS<4(m zBie8`)uw&c?H8v)XTEtcGy?OF-K%b!h85Nw5wBNF3D0qT+uxe!eetT(o4j|QoEpU; zH6rDDSI3E4U+vc<8Hd@(uJ@~!PHdpU+A=tP#dLU^GBBKc<-Q~+cL72n#HAxlM^8jlR!hd&lH`#Csi>9qNlLw90DaJg+0 zJ@jwCi@DrBr`y5;E)K7CO+JX}yEREfn@ynIEQma) z-G4fLqF*ms44=~vF&b>gsgdV}n;SF^9f52QAH=5W$}H6S=gDc#qBQW4FCb~^`b-zz zhI=H!HXS+Q(|kQMZavH+@DDfT8j-Vu%hVwn*Mfsil|-9qYw<=fZKW1Lw#XkcW2=ZO z_s}eH)7D+@dF+cla?;5Ijuo!AjKs^q0MOqoQ%en43`W_$a_36VUMd>0m$+|>^$02h zEPVyR#^eftcn3Dm0@%KF-!P9zPmJ?fZ1r&vgxZA*Ee&K!_RDjQxtk%H4RT_OG|D&9 zBqKX}Pysi_87aA7w;QBC-5G@$i z4>q52N;jJL4{&qOF)4AYrrx;2F*Xv)QVt((#Kl^vRZ&L^WUKkTLkui`FesF9YK)=F zW^0bY_Viw8Te4+qEMKYskagx2rRna^)giBTnP)XZVwH_+ zk&Ikg?U?(`TL`4>@KK@F!Dl?5#v0h@r^nbyz7`e_Il{xyKdZz@X@X_PC1(PTIBg^ zN`KII6sYccVh3dMy+?;dA+UJkF(vrTc^)UGz2x*`Oa3ihR&FpoRPg=aamDMn2{W=W zv-OUUyE{Onr}glBvx=bSmodFhe4@cVPpiEo02@N$JHS* z3cXf$vOq)FThFtHvDdTlFEu`mm%~vksX`TtcD)< z@lO+{0sJ<$%Yczo`yU^431Do9%QVF!_sThAB+hlZ?$sOC?!%8v7X1A8v(_R8tZ(ke z2x@%tu808PzicH`QFM=>cVK3=vpXL}&okG#pLFVY3UKBZ7t zv_&x}Ud2(4pUGKjkVgexF|QeS*znu!UDAO%9=$@j-?jW(cAx72kx&m<4Nr5T^m-!Wvnvzr*#@xJI2QMv2Jl(Fws@Hyi-M|- z*#5>-bosT0K#FufhMnbmxl@#Tjprt-)eeXG!R(Roogz02ZRakol@?nRfi>RFw%|Mt9SjqOz+w(DPtl@35Up09LuE_pTA^51rIM1$a31!$ADG zx-5N{Cvetkd_S6I+@CLhc_7)3opH3j=$@I;4?LT3zd9V6_Gwj@y^V8}`Z}`2#AzPP zZ_UyASxv7K(`wmCn?b(FX*tcZB_pY7KD8OX0zUJK-H(vt?e=j@u`m9cAqI}t1yi;76$9%p0jlsmr}DIWn1dJml% z`D@PhAVLZYK&|4i?8;2h#wAI&YvvgO)AN5yV1^La*2bH9hC`6tR`~BXLRs>K{bo|g z7$>QTFLd~=sG^c{TU8FKij~E-u9XmQXZW~z-%^bb4_!4%OkksM0 zj3XfcixdQ?H}cM{RU=vPGwvge&jOMNU6}mqJ4+v*V#Q&9tqJk}BH0)U_^N$Z6->(y zMMJOmWxc*(vG(=Tytnrml!ZKCG%BU{GDy-dixA|e4~Nuy!$gA{$+u*x~QW%jG@;+#?LHvyocX3?!oKSOQPVO7(b~T5yPW|*jlZNMS1}MxCeV7DgNiPti zru4dq!C83U&!feG8u@dR z$`U!71iP;c>w3$}-XT`D=c0Vs1hVhT12SOS87nz%Gt(qv4|&Yl>UU7Mg~sU(W}~KXAYRN>?cX zvDJae<0*pBGa4AnaF=CbQfDb``lKg&38kL6 zT0nigod*&)*Fi^vK8>Q`8lOoo@Jn}}ShR2|gB=$lI+T3$0tqm_((KnH7-YFW z5x|7uJS>j998QP}@Lf3j-(SLiOIE*EAn<=1`2dpg*8WMiQN4TaN-baHh^p+ff#ut3 z27hd)Gc1O<6GHSuuXO`y&(VK=jUR#}bE^TB1?=YmA0(%? zpUoRSy;haIXM{H>;veC;w%K(0ykNzim1vM+(}BpfkpJt*r)G1K$9hROTmG)I!ReK}5ctx@Mq zd~5$C0|XtowZlGECa)Cy*TXCMkm@tyL(XEn=YY; zA!_9f-6qi-evFn<&xyMO!vs5zLJjA6w-}~%S+Z4Mu-U~@pq=A9W6;#F~ zT0sGLaW?Eq?e5Ys{+Rb0fhmFfJSTsUI6->ABjV#|A0I1ZMgEZrN1M0Dt=7ubsMQK{ zM+~0&4dcag!^7oW*jo%;pC%Y=hESHb7k0AmiMMS_>l72eccbsT-}9#losQx~;9xEz1I^01xXMT3OB=;p+OCpbzIzU1X4sdV zlGBS>V~JMdJHOXa?C;y&ht}94IL|M@vwpUYojoEp*_ecm*xNDa>GE~z@n4gt>zC_$6LQg5#Y6eI9J1EQqEU%fUDyiN)ki%fBF)D zmzM&sG-nQmF(U=ALSb9~ytXzCqF+d2HYngBHv;3LO)+9rsZ>S)ScoGtpDx6+nXJ%j z1Ba;U*=XUP;)YU9mCKOyn*GLYWrSkB@GSjJh3swl%5+3u&>g?J19vbDLMC+grR#e=D-)g)$Cy~9a% z3abVqHL97S75V`JJQY?QzLFz3XL9iQNae=EB+$-|u6M)fy?J+Ib8MfHJ*Vwt)^^7s zKz1A0r>!Om*UJ^m{K}siPQ<9bXEN;_w%7vR?*5^KYh$|Of_hUU4V8NRX}a#G$${29 z-XL6cR7tIFrK`flucdsqC#$u`aRCo9Mfzd$WN)QF_f-8|{>J&EsyKe_3<#=r@i z?LMHgz4HfxcHoK`-S*wtknDOA38YaC4D9kZ%sA`z6Wu{@5` zp}W1G(D}Y}(yv*(oc(_4&}Hu<`z_&Ik>2r|H{Rw`>2%HlxpFJhyVCBVG2a$b>FrH? z%{huGf4-ghi1@|F^fDzD%x8>{u*HrjJ)@^UbK36ZZZ=AfJDWkz0V(;ceQ0@cYM5nD zLq0A!mVIHSChUCO>8|ml*0nxc%V%x00sa*K>{U}fpRaY*8g>1R2v?0^%-?awn*Mq8 z>(8}2?!E!gfSrC+=}P-v&c|DisP>a9-Ab)?X8vl?doTIfU4Qx0J2sI=zXb-Qozr|< zxxn(IxfKmibC5-Y&7uXLsjKeD$Y_M~(#73oZ(T-3 zT?)jME)@3*m9G1;h>$21B~{X%5?1EB@^rK_)@RMk?~g= z^?&%!aypHq1CVoc!pU7EJHg&x(n}DU3f!A8-c~?1Eaj#JV23u)8^BuBpqA*pb6a}N4w&}W) zWfSQ~4xtju{7}MxyfNn_Ij;fk-`AjR+iq(Ll6k&YelyKj}YJtK{zqewfJ3CcEh z_9HtZ{HDYG+(MyzKd}ZA+v>+#g-6HZa%3u?hGZbxPMrd@`jm}QG?!hrpst2JhNZqa zYYXhL3a{s4n``t-x@SSN4P&A5nHX76v#3vldZwHkhP{gzgH^)=V0*ix8?y<6NjCJ( ztHL)}cupkVzbpcRcYfeYK^Pu)m34SnDN9)1x1e8=Yw+tBuZp^f#6&t2j&|JdY4*ofHa4 zGCJSrK+U~M2ChEu{Dg2%RfL%kN3YtlJ8KBRqO*C+_v1H`l1Z{R(u*YuPiE0khC_$z$GX%hI+(P$A85dM9YNlGp5UJTuMJ7yEC?5;` zP4<{*P##l+732&Tez-}IEC(b24BhqNQyYWcl%8zTtB=>BAINa?Rm zql6G|jKPhzH9wqCM(zJy!?IZq^Om7$8#1JPyWDM~Sr=0qG2?SK*E{4ef zg$k<-WH$|2a~C#tzeJ^`CO;8mE&4~y`9$?`#VeQE$-e10 z<2Y{LLea%bT$c|dvA-tCAOIkuxbzL7%frRy;B_l~K`UExQwN7;OW}0=>QsN3XMP#` zneDS5Ky0EiLhWu1&4$q9So&U6o$lHGW|pocKR0)EYOd0kQ`2>}-`or!CW5MiHKzZhk*!z8dP4AJN`S7oL}#hYZU1+jLqsB{pIk z#@kek#Hs7AO)pC4H}rb$jQ>wuCLF$lA!&Z1C03xkrR2Ki8ac$>Y6lsydd{ zbq&+UeXZJjjBh!wD>oNZdZjqcJ~~~CtI^HNh5~D?lT&Sd2S@W=ZkMOcil0sGNnYL5 zUZx1BJh~BgRzmkHPp(8dSr1$0J6ANM>F$L+fmjZd#1*trc|SR&Imzd zS98Xt>Ux2rjz4AV1CZOC{hV$5{G6}np6Z|HZ^Vh(&CE!4$EJ|mX!4O6qEsGLr>ary z!m@}~FjiMOXhC&Y-A3J^HJ!zP*$<)#^bMeda+` znvI7xrsW}0yZIKHSI#q#X)fWi8T>(9WSL$3n8UV=Xy28GLjttL*0y##>0Ltc=C{ak zew3C3KO5k5rImQ;VzS=+Ug3}75~wx{Xf|sf#ilmu&9|SBr(Ty`B?z1vy{u{-UiqrI z2$%ll0!-~CA6X!`*K#$R^}J492a;s#5ZSC$v;1ij^ZWXPw^-+V%B3a~k=oqLfyrxB zF}$-y{5Dn`v8l;3^W%QxDL$>EQ&0Qle)AqatvpXGWbp|B)~BW}8@&A6dx7=Qk#wRkkCAv+u`E#^W0?d z`}t8bpXDcHt-SZ_wrAAD<JclHc>lcij&u&=3oRrvO5{Ad!FMA5%{NIxS>y8PxT ziNO2(B?l41wDv@IGPuoo^)P^{u_bcB2B+(e8DZ2B>&pVO^Ma!rg$}&4g4dU3Za-2s z6wW1_B}eOD^e7r4t)hW8-tWcS0|Wd5-qB9cF{jraU6S@C1y4z(N3rcs{1f?PzC-ao zZw-h^<+YU+zP`5|@3-r^nck%9+OIdDE`TZ>$2x| zUS>Rrv2C8nq%5=|h0-1D{4QxrYXdIJ-*mJd;X?~4!$FEd2eW9u6fo9#?s`cF*<(57 znoDboUv0MmYZKWjuPYLNKNQ6t(BZ5Nw20g1is8Fk$TRuF0~@-=pLa>txE{X(ZQ!gt zvU7R+PV)W?X$_*JU75iksioa^*4kTx0KRG0Uoz%b32%pdP!7UHv*a?(wK&s6Nz;jM z97}DHwiKQ3>|~*if-9%LGvCTR9D{+ztn3$>gh}8j^zDd!?(}kq^E%BVx@?5XJakLr z1tG@VblzpgDx)q9wU@v|lAf!J%;4orWfnp#4PV3oC?v%728-}-X=#_m-L_+@CNe8? z#(s474y-P+Ivo1kwfXd?c+yKaoTp*G*uEo<^f9FmaVrClyBjl5~5_WsOM{0=*b$n@!~rfsIa-HLXzvE`IIp^f%Hqw zl#;uVFLiuh($h}*&*ZEW60zRbW5Jw$T_}F=OZ{4{W~hN}s-q0)%hUP&8A&R}QDggF zvy79NN&oF;$p14C6Xl~ivVt=ET^@bZd^vYEmfX7@q)NiBz@@Ia5$%EQcN4{~;q3(( z#E7)!Z(=^NrE#T?5}p-8c5hvN{pRy!DJA2%n2$Ga_vk{nv|Qa~71X%PEw-sPT8xw> zN#RRiX=J*KsOIT5PaeTsqfE;_tyrJarJKFiv(I(iImon*&s%u!8z4Qeeb~mtbQJA? z)Y7jWW0Fp5;OMx3JFL*lhY#~h-iO4e3 zjr1O02U%s)j`~gFjf-%4Z?NknLO}AI(>OSYl`kpmSv*9$EmKM^sHVjT7N-f7kX z;n#)5m6=asC`)0?&5w>HwCP_XRl6r`4L&;w)^ys>5r!4k&dLmo1 zNR7&qilz!bf4;{d({`hru3otQKqYp>z};ltZ?&wZtU3ea>p70o2d+m&3+ zNreZwaspXK4_nA*KGN~%EVF|#R{cD`GSp^bZc)|yF*DeLSC)Ak{uEEW zRkD65QgR!A-y%YYAwNAdLe5)eq`Me_x*`)S$%IW7V!oTiJhirluzw+ER*z~mt^Mv> zK^g5x3;m+zd6jn3_V%iG1Kmh1?S|geA!^v3lL=%`bAcx0X^hxwg1_(>Xw3X;(G&dqp}ft-z<7 zfM(+qlbfipi)Icr=D`rw@*k8bkq)EN#)~DZANnnDk$1Z_=JaQuhZ&hlN|L=(6YsDh zie4-6kXpph>Qf>GMh0QXSM_fbxzN#@u1lmhGrJj?(!wo0T^5m-QUdAQyqOD~b#4yD zUsczNiiqVg#8pL$a%jgh*3nU<+%K{Tb*d-M|21vP4NoRt3#; zdpO}GBk30z^Of)6rX8nhkUB)t`P)F-2U*3$Im*q0PubKNTjlVa9=Lrpp~__N_u?vA z=oXtvaL8e>w!8cl7xnA8Yv23c3y3IoOvF@?zW0O)H7y3n&D`GbSaG_`jhStKs46>7y#$3^)z`kwgKmdyPqJTjw4kB_PU{Z~rS%rs#=?Kv zU`ATWaC|zI7;$c?f~y91!I`QTp{8ANO)g+*QfmL{AdJHy>Jesya}&pIixyWG;*8z? zV>2EJBagB3P*uOV))Vsgo#r%MC$c#YJfwg|70+gr%yes6eEDv_h0Tn0$aU+FGbfQ| z$ zPk~OjWDEUHcRqCT;da`t#7E^gkMGA40&Kt#ly>>o&S$sBu%C*V@Pw*uOcIgyLPCz* z{vwFC#7d-@Ml@IVsdk47`EK*E%x+t4NqwHlehJ*fPY{CxCnUHnhh|Ia*|Nkv(35f1 zO<$8xXrr{5?6V_Ch~O3^la)@;Yuf0zivW_IFqz2WOD7mURX3?^%_tt6)7@Nx@-Roo zg$&=(x*=*I!6Ma7XHH##(XYwm_j#&+A!Mi9Y#t-@eb{Vy;!Est@2b53scJcvscbG; z9>p0jKMvjF7d1p`76sztk+DEe4{H! z^kb3uFTLtPKB<3_HHrT9_&=J~vB-J<)-v$FsO7(xS!KQ+sdxO*nB4&>GLNUdnVOkB z&Q|)?EpGl%^A8*3Uix2~Qs@5J{&XD_BLrm%Oq$~Z=|*+Dzn;&t5&kK&>Dl`=w1eVp z7m4AP8^6)6CjYCZ&io&J)R(9Ej=hJ=?am$VyHJ4_V$ki(Knq*PAh!@YzwPZ?_GIhV z%JchAr> z+dt{6ugft{v>SaE57gY4ZjLM2J=AZ0vDtL)vBMGQcmA7TH$|fLvz;r%+BLx~;M(>0 zHr{Wbtv`Nw!p>tSD@6W&_bJXiE}xidxp5_upkCek_^I9fEgndSYAumC9r;<2=>l=x z!qDJ-AAmW!sB*l!FEPg{bCOW0Op5h(-ZgeTNM+FPD!HW)F7xrJX?hE=e<9H& zFWPQe9{72_OWux4K3$@|Tc*AU^}9e(YtE9-&jAaHeitjMjQ=RPyoj5nZR>;)SNqchiMbdPn6*x`!%);T8PlE%Pp!`qh2(f#5vBE)cs{JuG{{nk-8 z%C4tL+${Ri7;(#zxuisIv(~+Yq~`^w`3}B#TxkeipWXCIQHrvMEP{lcB1&i4n$5w> zYm$k(>2`M)Vo?+lUHPR(-3x(@7h{;>6>Ey&jaPMs!8rtMT-q z^NFhm)*pba)aik83FSoyEw#_dXxu*dmjd4t|E9%jD%>e*V1G2G5c_2aQhsq|=F*_? z4^qp+!4PhKK(!WIx)C>>($bhtjB`(VZ9ep8G=|>0=GYRa#W^gMSQ44Kc!yWl5r5Fq z8#BzwbG_0}0dl8i@|)cVbgDgRyF~}DRu4Jp8>TD{ zH4}r^0D>jpz&)B6<>TipfViH30~;OEN$vj zM8{HT5<^HD`nAW@E^OQknY(YTna}zx(*qBBNGSPIPG+jDUVWq98q~4y)MIdH<4)Dn zZ*sYn|Ge&Ia(Y+zM0{A{4rS5%P;iz@wc>UO0`_%?Q%r9fjKSq<&5=AB(mQb6zRPpJ z~S{k-L{^8Sxd_ATzEV|eA=wHs*Qfn*hRLvs1}_v*;)rwbFXLXude0m2!oA+6+3xU`j@a zpRQy#`7P%o`14fkKM^vS)47!>>Nk6nnnlWL>|Ya!b5|Z*Q}|wC;E0>pZzG56FP3P* z?)xZ}=;<3fTO^Drvr#T<&{0lFKonW|s?}(KA59!HL%%ttpSp>h9aFXPeta zMuWLPc}cU~=eUxCpJ$oem%SQ@L%kPWsoYzQ&;W+V)w`U&V=*(2?Jd*+D({HE2LC42 z;}wERii-tW*J1tjmEbS-cLX31>UFbU0+X4!$5nlxxclMD^x~Dr6AuJvJ9oES_iHVy zfLYcb7uEX;d)YUEg)4FVIGWlo@O)vefA8ej!=WWH&{zP+@Es^M( zZ?;Ze+8@t(bShhSvE`R_zEz!;AnBdpIN-> zqMrD!b?zYjWB2)8zy@_Q?gWuCqI+Ssi6q^pjW}H(yxG6|-44Efi z!hvu(#230&E9LK<1L*9BKBJ;vJP@4jP~8KRd{ZRXO|lsA`jxkMX{%~y1l$4r4}VpDq^?@XL_=bH#X z*HCrhr3_17=R3Fi;MKruk$IoP5OebR7Gty`=|(aNm>~J~0FEp8BH?7yd_bIh>^9bb zpE~zu_m&ZCpX0iD;cC>kkP+yl2xwjT(puHAL1UoQgNFLOgc3ZsPqeT{24q{7N=X(Q%QZCZ( z|JW=@^1&CRub1ZIy#daxlzUy9(Z;=N;WD?7FT`9G$e3I4Dx=ZFXvw8mE|ovaqvygN zmr`e-8%^CB7j{_d3;rf{A#d_g!ipU|l?{#l= z#NmJs-++A@LHcdX@gn;oj>MlHUv`zFxpP(f{dr>VlP%ucYctof)c%y~8(~9mU8iqT z0}i*9!TRcfZ#VGB1^_Zw$Fg|B}8>;wW zJD>J(d<6A+A~A0H@r^u%$Prcg@NRqd@=9m5b6b6MX!?P@yQKHwK6#_VD(X-ox=0;Z zsP08fG31&()X*y&^*nufW-hj7b>K{1WZvTp7W9boPp7$gof5p)ZE@*=I{e{Cjg6lq z8k`$yzHLZ^pkGrp`KI(l?HL{~$Iv%=;h#xR{~6$1`po3M)xBuEacSIm+oeZwyUN>u zyEl0|w7OsG69-R)Q_TBD;4b)np+E3@bbTK=jYF;N`1WG2GW7EB*z0mVw$=k#Tzk2> z!ifW_AaJEhinO^|eP%~_`_dKEGqCnWzwX)GIpxYIIyp$}3dF=&Vy{wl?Db^$0C~h@ z7jt(jmcplG7PtN7td%|V>;U-LM<2E2uLE0@IMck=7;zAOA-D^kfwc?Q^j&w|vrQ2N zrvN)AoRK;`HMI$#U79Sa)Ua-V$y#}9mFO=6q}hPv31{uk7taidV>oQZG>D{k))wx9GDCgqYrRj{QpGtH4kjo*o+l)Q%jf)}MjM z4ljmdor1dMn3KsI=V-+#+5#$tr&F1i<{9z8uqb{qQjLRfI$usY9+Ad9d>~!~PJQBg z-I(=Daaq)jWxmDlJ`;cElf>0#R-{~(%UAgaT~HJH375fSyXM}9dH-^21(!m&^?|4q z*r@)4!*Dh!E66I9pu`Y}(r&u%FQ})zTRw+Ud4}Deq~8(TUm4!-{JS3+!D##v7nOfU zqU-;q==y&MK26LjQD>|-0J`wq7Y}zMvr1LHMo=OFP~f{hdk9&9SpI$dU(u@nEUE-# zMyUWH2!Ir|Cby-@>ztPaOHj=FAwtB{k)JC8H+i~L2F_sp`|0k0I2vu{Qh>-mZpy_V z9*|pcHbCkW6ELa#aq~NOD{SVP9ZD6u6uMtuj;b`IRoi{neTGhGJ<&G5DN1*^39I zb>hzg=3e%)zNCLH4sA`od9yc&^9C5#7+HqkV5`Xw)tz5m;$S7^b39FF)$kl1HJMyP7Cf@6qKPodS?w|k-RIk&M=m=$#*yeD-3WIX^Nkl zOjyr0bEq`czn$X07t7coW$S*w(SdmMb;sz#J6p9l{ zS~}Kv;EZn@lpOm)KFu>J7;knx5%hmF`3*7(qs?a}i7Hr&CN2b0Qbe<5K?PJXA$W)O zN~Xe9nL$-Mswx(JAVitGB$p+7v?~|wo|3OKkZ}{lD`utdSH#LwoL2hyf?Ci%}hpKiZnjyzPJqAztR^ZjF}t2`1l^4pdUPBtN;7m zv{C&Tw7U~l(pFWj=`oVx6$kOSP?6J(D^n4OpUWXLH3`HseHwzqa~5?c;(q%KeMv_^ zR!5Co(3gqM9_yFWifz;u>33OK19IU#97w;8^J`7)_fSz9Y=fT}B)KMm0TI1FuFJ-g z&P0Eao~vJZCcjdVxP&3qs=aJ;4Lqd!maXcjP6WVpawK35UL5&6Z z-4gAYd=esQA8@X+0?;sPDaR~lUs}qD7UZ*pXYxSsR~E_^w;j@}(ucL4{f3~Yr_>4k z{ACp;-RBxzqV+;v8f*9`iO@w;LaXkT3)9B8r*MAbcOU$#mz>zP+>GCLhkiVQ#SxDj z(jMTF{1C|9BaopK|KU)YA9CXPw3xpg^=CFUBR{0#^^dGfTlU{lnEfbae{^wlG~X|` zxhw4r`fRW_sw9i|kqS}u6UG<7+HBBc7dg>t4vcX_z6%JO^}1t$H5L~Y&V(EbaJVxvGlAU~H zzo%z#ce{(x_h^h1t8hcUAyQJD5|^D@d4Ui`qOJ35wmU>pgm0emN10U(X^Cx!=_5!> zz^lBu2$BXCBrJpC$wZUj@{(?M`h8-w{R*Cj!3!}F#Dag9DoY6M{dU8n+X4nF!+Yc> zIfDS(@I|it!ju_K(rGd`8b>WX9-V@Gt6w2Jl4OOf|AhrWFw<>!opewCj)4_qP>k%z z$snkD%d|hx>b-qfy+G}*Zm~J3)f#0Q`qaqGIEXL0p1@8%*s_spTNX&=0EIqzmBr8` zh*p!|h7pbos+tawdg~fnS^g>E+bU5i1EZo>RiZvdI{Oy|#dvOoUg(Rwfj6OqA;d9f zy1-y33>laJ#!UcX1TR z2(78CEiCVVs)pgUX@yPVqwN6IYJCK$Y+YfMhr(tOG(rdabhX5b8WGTp630NYx&w> ze4d}kcyH2jt~0+I>kF9$^KnX_BU4jkHZei@;s`INOIy~v@&~&SYB#10i}X9V|%Sx&FRi>YL*{4W;}p5JvtO~9o2#a zyF0d9t9mjgzn$@m^_$>AGU%G%vT%a_Ue(-5MUoV%a@wff8JY+Kcj zv*Y{tuvbQ7w)HZW3Y~ohDqXj<8f>r5m<&W4xjS}Fr|z4=dnnsG&V0Pb;VxK7AOA_} zc+vfYC?P7;PUIpDdos*7=^IJEvjhuorV6!%1sQi!SejS73saSzGqRq52X)%%r{R0P zdVE`L&Y=^EA^W+i0V-rbZ+IkRdFX3QnYb=E-T6bAw`6UE19+t>Yl{Tnn0aRTJP@ty zCTymb8yf|ESfIC`jOgq4I;oggA&?rk#BzmqfTju;^?2Rcs!#PsmyfW!pouBAlW|@| zO8M4!a`O+~;rx03g_9;7Ft9_Khhoy*R|>3sQ7%+3XbXD+G2aSLNaBH)OBHUYmK5nx z*_5jCvbNTH5Kb7qcd#id)58lNK4NMP`Fb#{QKso@AQb7K>;x;-*LUJ3J^!c*o;)no zcr4!ilV8t07JJ!KaFr1I3tOV&P7)m><*f5c?|Hkc%^NhV+psvqyA$+Ca*I;ez|$~( zw!`*?n^N<7OnD)YuQ7XV$Dd7SM_AK0TL0ydt--Gzyk&?he~vCHYeFEY%xON6MG ziVLaUH2-kg;Ec}r6|x*Ev7ThyfN0z4lu3P=P$SS^Gif|lCN27PvdVg1#Z9WZB7?_A zci-O^tjsy_LBwNgEJ~>huF+J@$g&KT6*R%pGEjp+ID~6-!J#jHRYY{1l_;iJ&jqwG zRQ?H#N^2%<<2FB2V}99m;o`#v#O0GmdD0U@Z;)Y+UX>ge zk?Nl}>G=j4kJaHyxsBbreX3V=SVk&#IkNSE9H@Ug$n~c=>#0Crvf)fuAy`#=K1G9x zmPiC-C25uAPGAer)JMfMuP|R31jI7r+NrWOXR({^%4C;+nSF^B``z7Q+=}Bg&=F&! z+nysQqpkH+qJllo;wg!T%ASioHi^I>$Nk6e_PuoE@0WQw*gq9KHO(X}PQZMPclaDgj*#SHxX2Dx&7vBDYX$9qH6?6vptmBI@qu z7h7$EJBqjZ30V;3UdNELbHd>O#ZWP z3ys4w3k`lSlB>!^s*b80Gpfv{3%S-)ZriPy(}pL2!K3_yS^Sd{FqwTzY*|VAf97@u?|m!5Y`H5@gy}q(+qkjE_}1NXd@Gh9^esn3)JLK z1Ma%j1#&)e)lPdsK(9LV~>&e9<+`fbGni_1T_Nfr&$Uk1AI$xoz+}fT0M#+ zir7r=l^kFGH;$DH_tlfUxeT&V>Z!WoWL0UyXh+uW7S8Z;A8M!hJVT}NKMq|#t1LZU zk#IJvL(jX%BaEaZw??^`cF4M%DQE^H-Dc9GC^Irh&PY{itw>_G=b<8|0t{P>ScSbh zjh37g^2SCagB3rzei+s!-g_tKW{_<}7MN)uU)FL4=Jxbn#VSz0+G{6C*$O5cZ_hLl zPm9zlkb_TteOemQ(fdp+GA@;qlC0q48z_UwHp+5bmym<9UQqELc**I5>STrT_T7p5<^Bq|{Qz%|Ap%LVoGINddoQM?iO;1mBM@Nqn8tXNEf#X`g^khEBafF_om7C&*IZ0o~HW%|tB)BEJy~9Rc zC{+{j$t8R{i2eD7Io+=7t4X=iaYzb-46Sxl=z-|>(`>H{Nd3kBH}**828`65n(dKr z(b!%_GyxJp+Y!b_%f*}sH866)9m!EBD^#FR8D{S(nWgzs+59cvpY|}({>=~!qvaa< z%&j%o?sJ~lgtF}yZa$4=im|30YHz=W1E3HkJ948s&;m^sd7Mlywn6c(|F2kRC*Ca( zShq#57w8Fs`(LTh!K9*RkZ4`cOLy>{^`XAe+!e z&Rznk^a0{O22D>|EgG{qawxhBhNgJ8e0~1 zsEL5l?8S1G<5c7p)3h0jemH?M##p2<8TV|YJk#@65~+QUEJaguMxKX>lIoC+=C_tv zH(t6TG6`LNRo1&AIvn+O#x%*nn6>GztuD8&ra#UBIhN8Axa+>?eEw!|Buq7iX$g3%?C(KOo@7G|BP_FC9^^E7VLRUHVC@q8=Bv_r-8 zC-ah%WE7huW5hIK@J!JV!ZSAqd#Nw`CH^sZ{&Xo0fA~~IbJ`$r)K(UY$%llri^Vw4 z#Rm2s02m1AJSvBB)c3#4dfeZlaNa(*suHmV{t2YX1{rAqK@`1l>Q+GarN+|Xep6mj zSN(A{p!4Z_gQT`IlG$ms#j9rZY!0>*mN8DRqDGk3au7b`09&_ChyeVz6GEYU9&;kc zKDCfPu+1M_3P@8TB}*)ufP~mL28_M4f`bm4ziBZyVE|d@Su6ZEqg8JO% z9%h1K{)4W7Ug;o?)ZY}`zM39rdCccunLHC9dH5f9T|I;r_$XTPPWbO|ECPy-q*!Rl zl+Ax{u_((%s}$S>o0YN-0n`TV&vs{B(uo#o_Vk)-<9A@*S6g{IWYK@CT2nFV@1)oR zIXrCt>isD_1G}ahKtWW8SFOq>SvX2)RiN7dy(KdLdJlUR=zKncM`5OWtFx-8Q?bxD z9!&WyWPcA=S!R{9YR%4@ouFT1t*@f7=`(vypTf0(??jhQzh~C7JS)Bd`d#ejK)omp z>@7LcHEi6uy#(PhAzB*X$tYmN&wqIFL=n^+Gg-RxL3#`vUY#3MNIM)dld9hv7iMh` zqWInQFmezF$ffR#Ws^GgPwC$lggEQr2H9i7tiq9K3QX!qR)n~DOO!=JqkRSkq~KeKJ0 z<9od!Io-fLLYbs7-gU7^PCf+7%Iw=ueiQEH2~6Nu+^V68CXhS*s%lM=gF&CA%r*F? zflAI`xE3+U%t-aRAs)(z2TqMSDXs2uu^EZLAM25p6~vn@n8~ktIgw!C(W`g%#d)Epb&B%ibUa>N7_}tshlxcjouHllA1g%PAf%i z?2*X%II}ZUORmV%$Z1)ZJDPT0W2Q8wGr}?dX;e`ZaPrpBPUd?xSo(KHhUi1G$Vy#q zud>>+Cy&dpTJ0_Cr}%jadygMCq$>S(vDW2?m-160R1*AH4=Txt)802iIwSl}b*pFG9PF$GWZKS4C8R+%_5%vd3JE8lfx(V8w!3;e8>V>`r3FChlG!Q z_%OK|Q@=sRKd~0ZPd>^&ZZ0IU)tX80OED&_$I*JRo8o+fiK3vJG;l0;4Ph@kV1Jkr z;r&kO_iC<*{=nDe3VVs;v{UBk@KuZz#IDsak zPk0>|a253KPi0O1Q3u8vlP3CcvOP%NVc;U|HX4QvLS`oW18WGi-nM@;T;7 z7xiMu%EXyhZ^{W+65&l5X>%4cuXK51Vl{GSD)DBPwefRUkEd|C>J*2CeJ>)0qQvcu z?*Dp3gr{Ti*Ob`0zDQo~`@xnX;S~o=u0=bpwKj8Tt-5YI#U-`ixQ6Me!ISG-m#Edb zUt6^jXsJB6HC=WOS^u7O_4wD1j9gvMYKkh$l>($PO#TA$_DKrti=Be|Yit0dl8@pJ z=xoL~vK#roR!3O%ci0v1sl0Z}1xjlHli=C3aD~qBcQQ|wBP?+#`8PCgKrQ&+2*3Xm zcJ9Ad<4dM&HEWnme)$(W7dAftVD+4-ft4fRGt0dFp84wDvXXn2Sr7I#YxYp)6?qF{X#+mMWwFT>X5F@3dOP0r&7G=^0>;bA# zal@(Rv>w-kRC}D#OPje@QAp)5i_eXLlRTu~F&5V40HEU2NQHKg3RkWv2Uz#C;bhyN z-`UR30(f&X0IZ&IqILt|MdF}HRFtgK%AtHE!2H8tB>oiv{auvv|irmHR7jDME|LlT7dg4Fn0Os_JcZO9U8 zRGHW;iLCQk&}BH#`?GELthv+UBPK~%x@|rql)q$#u;Ua@H<%?gcy|M*ehM| zV!YDuIcF)92Q8kAmSuBZU&uy-{TvfGq5j;p3S9z|!ku9?Q5f8!0NL$ZhiU z8Sb|Pa&pPwq!?F;NLZR(Y_i&0@gP?&Mn$?tQTi>dW2@=E zc5~boOEhr71!2);DMxT3a2V2KPzX%$V_flmAGuVUZeF&sI1&T)xKGNddN<6ziv@e?)~~`5t3#*W;vuOb{Z^G<#ZN ze_Fr@QUeRhRUB5@sl=t1;nPWD?MZo+xZ6M6KJur7Y$no6|Xr!GFy z;f4A6<=pY&vqkxZNe*OVIx`Ia)BKKO3`xfJFo5IJ7i0Bzc(Z>Lj?($`dZl2I-bQ?$ zHzOWB`_6=1IgPhU%y|zR8!WS0VwAMbU!SB1BinwiG#wPY1%-TkuP#(pr~31=Ws#B|-ip~%jPCCc)Q4-F2I6%l4uLf0N8vWISj=Y4oEW21tk|In*xf`fr)7>&b4gA}RYPqiJHPpYY3b;ufk@7cLagsi1kUHw0Lx|AdbLcibqtPi zW?A4kN1LNXFh;lr-!nQ#F0*;w@;93~oDd|IKA&cPlMU29^SLD0;8h2+}o4)ftjFr5{{fTP}^dC;qduI)Hw9 z`MS$Kn(KEf_RkNlr}cAcLB)%4~Z7izCvo-X9!|C-KX&59}+6x;z>yQ#*7 zGzqWGQ_mghZ~yXI$^N$e7v!2(p73AO?|*=a{;zp`z}gihc~8^sJ^SA|)RFK1Cw}?# zGGUi9Wjb&ER_zo7*nCwX)x`jz&LbYLAmS>%GVpZyhYVIL$&VM)FcQ~tSgypb^@FYd z=nSnQEs2&=C`W+oMM5%VWLS@l=KqsB?mJofRSoyOoNcJggBz~#-`wzK<=mq~jMc(4%=q|?@B)Il zrbkEjMWFLrHaWiQ>r8N8nRT2O-EE!X%+?E6b+l=T(u@IhPqjBpk()X6clT%e#9a>j z!|)6B&4HoafxiAsTBNBNu?2~Rg=>fzIX^Ey{|T=&HReEhYZt0Q)kSv!`Huyy{*0ra=J zM|*c0)F%!<(|IGRYh4((v~nesy=Vr=Va>+LZ5fs#L+N&P_Pe@KZ6UCots0g#@x^qj zcw_m>P-VnuE#cPuIF97vZPJE+(Wk9~m&0AqW-T0+iNd6FJwbT5wQ!j-r({cBGqTZk z#vJcaS&1UleTn;r^-+S^49^e7aogcW+n&cX&z{A_9Ez70X?=%>58^KXoZ_%FM(Q_< z+h5+o0>XWoOi9ug=-$*iuWe7VUTt$Q{a$G+`@@`Nix~j_%+i}5+fU-p%rQg3de)uD ze{Fh=6k#Y-&qR5KU%>#wG~)|}C%TV2&MGU#G46&CsQb<;d@oX<%Zh9Mn73c+WfVy0 zQ3(*9N8V9m>3hoF_uo5H-cxmm>(6~6W4b$C6j|n?l8!4&gH-qG2%t9bn9dIu?d;+g zOkp?FWaRTD@fB4-VfkSwarC#G*)v|Fj6QmF6|nALmGtFs5&b-mS6I}XQY0_rxQEkS z960#+@RqZPllhMMownab?6>tpdP+t6vP(7IkDadRX=T`@0FQEW@nU#ghFG)c3v^ew zESx5i&i1|#IbTdo>IjW3B@4+lPMeyTHT`0m@@z^#dO?4k_&d3vX-8c@1`g$Qoe_D< z(R6IKWH>k0LHlIhNHw?Wi&wPbk&04pdIlO>OI1f6K}ewM9Fz2gjwz+@>ltn@g+mof znQ3&3wFxB*JhRz3`w5vYL+opFK#}aN-c&Q1aK!sAo@DXmi}Mz~VyFEhB4h~-Vj@16 zHz14|YiTUW$B%(UNc`x6L;?Rr>2y%u=VfowHv;LNuEt7nzEeL48L|t*;rrgCj@6MV zL+R`GvJ9339zyo805rzCk}5% zojct0x|36!y|-!Vp;f`WYNko?gsH!s6r0h7roA+^E=(*bWj247 z8B|noA#Nx2kFI8KvFJWpuZDI_s zcd5rxfHDAyn7SvefW~vHB%qgUURw|IFfpu+)agIaS(Yfl86yA2pfIKdZ#`|dwX^d$ z-$(dFPdeRPAfvT@ZJu9l<)ts|R;IiDR1(}pLVeF?0?431{pmqjKCt#&jUTfxVqxL^ z^l3lwNnTAZxp|i~{5OjZQ00oi5oa26cp3N#%~sw0*Izasd*F@~#(t300mTekZ?W_r z&O0-raXys8@KNI*$_;wm?w62mfGWES#>4q$wMCz$Bay##OFC(T|Hn4rpA{dAcLvFM7z_Z*(+4W>IM1Q2zSUDj;HA$vxNGZ%xff{JQglyq ztQHDY*quM|=)H=;jLA!x`|iChECBxb#*=Y8&1RC%_sp@;(&Fd>`#CiGAojDO;rETp ztWv+^CPPEs3M;aJ6Oqq5GKa+QU(zOZoY#zvq z7hP6;cLR^PU5nt61%nD%{xp#~cDMs>d+WxEX>m+nT-^|@a&YhysW&O>&UuNUani$_>^)k;qWVy0jeZZ+1`d`l z(1QJ$=zeu_UVgp4%%AhFyT0X!cK6L+h0x5RUk&u>Ln9l_*`Gv{Y!qez8oLAN$snKo z){m5}z6gg(V|}6_pZ0Rrt*!Ix8N zm_2_UGM?x#AFHZ&boHdQoYNu>3a{d(w#qb+67YU5jhRRA;X1~HLOb1R8}iu9wKK$X zo;wn=Ki}M^pr=MYZZZyDm30xV*LT~Iq1!g0PJ|A%HPMj^8SD_W6Gr$Q1WUJ=YgmUF zt_drS9dPei{zio?jGR)=Vc{tEJKTB0gN>&hu>>a!RBM$n)-OTg9Nkf7xXG|AJGQa< zJj&ebsbh+78XN{cJ~Aa|AN-Jhe){%t0Lr?9NfLqPP6*s1okp} z=1qtNY|McfhIgq<398Q5-;T6nLQq)d091)HMbh`(W3~_)8Y2jqd@ds`Vqci}&z5?E z+evp&rcYN8mx5}-%(Py};TA`Lv!d4TRBtse-UO zZ$)D}GE*c1RewG)MdNIOCOFQNPhfkz=M7~^wvmpN#FGg?zZVvIxt2Cwg~Er#Kb}|# zkRrh!qUS3sIX~HpGpo$h{y1f-3=l$_qOfBs5fJb=+$=R&$TsdK#D%&bFr2P#l@Q;v z=VG{L-w9xMBBqmECGt+=76__O9s~B!@94gT>ac^NWL%se1b4XQ5#-77jSlfNFCPIO z$P*_yF)vYF>%B8B7)RQ7Qtg#bF%(+DwFrCeg9MB+Bi{x~?&jHtR%h#;O6=2ZrDHwF z>U;%@>dR|XY5ey2*iJ-j^6+>EMQ#wg67uzXY>Jw)NUxgY6gpvtU%trW%&@R<%O@ZN zL;6spR7aMOL~2)eQqK5MAE~|67wtz;LA}*~mpv@533WC-^i*~yBN>XX zT=CwX{mP?rHA`7WLu;T+;p+Bf%*2g`pO z-Dln8&7`5}6K%Iqz0KjSSQsP3M2OPquAMLxX>lVK{js0LOLVd_ggN09hBT}AhhDQ5+>?i%9+E=ErMLR(c`B zaQb>d$m9{lby``E1CP6cVJfq+UNOmaLqalCzhWqQNwm z;fN4NhKOG<90TYgTWo0AbNOE;^CVp2e>SuK-DEyk&}_ELeQNKUeMCborxZ{yCbZpv zs}Bl&Ft20P!rAX0D*bO}_FrxOUt0G6yG#Cm+Z=k2YW|YKBAYJfCkpUUkX4Z>d2JN% Fe*y7No7w;X literal 0 HcmV?d00001 diff --git a/docs/addons/redis/auto-backup/images/sample-redis-3.png b/docs/addons/redis/auto-backup/images/sample-redis-3.png new file mode 100644 index 0000000000000000000000000000000000000000..6da0f056c5086894aaaf96f3c18a244ea81b72b1 GIT binary patch literal 51095 zcmcG!by!qw_cjb7sH8}@g3^t2jJHTiNP~1s4c##+0s;ck4bt7+&Cm!)Hw+y^*8ubF z@qV7)`@YBb&-cgs?chYXyH$lEK5K#709y!;_PJr;3J#p^t|4 z;Mrp=;Edpd9N+}n69-uxXEZeYZqx@omJOc@4edFa+`E6&JyP};y?vt37m>$WUh-bQ z6p!C9S4y)!MbBaWWXyW}@Z62cRV{x+GLLuAZB%2SdcSq6Fu7_3Z=hw_{?AVKerq0P zL(O*X7dus$ATxHUP>56@sW2u@bxvM(-tE0CQ4;MZ96Y-n#I=Wde=J)=>vU{(%hI(^ z+w$Pgqx=c~?|+YnQhjd(-@HQ|FumO0ujo<7vv=6~f4|WGLoDzc?zcH&{{J$sY!9(7H2`nzuwf^qd;j?- zqiA@6MVgW68=rv0H;mX4YN4gK{Y+uNAKu@Jr&OZ6F`~ILPUV#W{BXfD#3@udkXyI| z5hpaZlCkfg)@CmWQ@5_Yk4oae*5AS<_>qva0@#OlUs7wAm`K<#)Of$|Hzyo987LA5 z&KDmn*`1rY`aqjXG(6=Sc1PK0@k;8by+$Qli3f`vICOCb%w&{helx(B!0WMi+ z&8%FmUDmQ8>*3>L`N{(lnmZ5)@)ItcsKkKk&NP-q=0Hku9#3>Ezr(Uf22(15Mp7#UkXz(g<25nzr;fHBF&XMM%YF>he z)6(P3(eJPelGv0_pJ@7W)8a}Hly}IqMBO;T~2z&e4={_0^@;_4V-UU_$OiLZF)Tp2jwmLOLmg#|EJ;Ud~415J6 zaKqW2bv1~-iUJ+Fs2tipXYFiH>1V72hp&>^PpeJ~Ids^RQ`W|o>c|n^x1aaz5~Z@r z=w9$w-rQjU>vHAa*I;q~Ll%#lJk$3vEs3lP_U#DWdNpxRyXB*Y{%c^7 zSKTQbvu|$=EpKmIxyT!DzOIDtM4~M;pUwQ*&Gixx6SjZXegHgWNFn6$;|`RMR~=`) z^*owmwqB$K{K9-9O&a(HZdvGC6Xp>ERVPD+qVuW9{SE_vP10Osl{kF+(#e+r} zA|AIh)wkNeF9)a1UF$JRuO}GpOflwl zYoFH|el7j}z0aZYNW?xOJ8vof$zwjibMV@U3~4$#_cA^ACy6Xe6gf(0*RmuZy#3xp z;deJJV!g;@+F#8Tz~>$k89DZXx&*vBoC=nZn8SVZ>G1+@PoIm;!!c#lEb#l&hCXDUC)f>g|c#}tiAUwrjw1Fpl7nA24owcSx(V~ zAsqPB>Fz}|)crVx{4?ieP7$Iv9M}AKcnolum2ZRortzXiKC?T!!-B-_3K3=^?hu6C*=7Pwv291i;P6^PtsuD{K6xX;T@TX!wd<6G*(n3g{NL&bl;BEZY|EtmA_+|WkYU|RmI-s8~y zFc5UXFS)farO9~FRqbuO8}qnbbZN_lm8K%{1-tH3D(>TVyTl9twlQvn z&3!&LJb;E>vo~{w0GQR#_G_-~E_`oT;e=CkY~?s8tMsy`yArdaTbgo?mJAgl+Km}; zhIZS2)JgDnkl_nH&=bSj=Wzgf7C3s|8aqwBB825YdD&P}WHi0oJdeX@_N)y>mIT>Y zzAl?51c$wLD6hnnoEM>CLTnd3DmxEM0hV&H^`i9-9qw(m-}ix5F~sQJg~&OMX6v0~ zQCo|COZhZV3HTtgxsVHctR+#lVI z#+n}Z{|}4wq4wCE>2r{pO|9UOQ4{x0w1zfb`*T=)fR3rOdUrRgl{Ci- zOLuR&vwKkQSs5AS8@BWthgy8BuP^^8xM86ig)VL?LXIj}C-5`8z=M; zaBY?TIKXDnNWjLoX8IfegeE2uj{txS^Wg}rlvK2xohIi7+wKH@tUa`$7vTNIwAI56 zkaFH;&rc1H&gDr0BVS#9Cg2B|t#^C{q2P}atw&op=3KVm=bYp1?^r$ zTQYk3Zza0}d3rhqNWq3GJCN2221%VJ<}~14W^d%w(k*m0a{l^0ClAcR+^?QFZ7I?+O(UrPKCTp3S6bbt8IyGX&^E45Z!#`h$G8H>U=}hSHvn z70mH_XI?J!x}QJ2R31XA|6!dAu_c*M5ybEY<4bWjfjRJ>Sl*y-mQ z>Uz8KA*YVjy|^|unTaA%L?C5G)?Q2MbGh4feomLw?solC2~pDeqeXmZb^*o5Ip4BF z@Ci3><7I67Xn5UIN|WajBHu=pJ<{_V&doptLMM|di`?R?kqGn_<03KM;qT0P(#Pzikr(&9E^}X$HocoOCzT$z? zHuqtxWLrV-oW%vO^D`=|=P1~?h^GOs-N$M)&mEezG9CC&0Si8W&wm;%Xx)gH3^*DF z<8lI^e}b{#`>_ND^XJ+*ts<$WQE=ZWNKM8F9p!ZMaytMt zL*iZX#`boL(=!|KjGjA=sd0*Ok4^8-WT$N5NSo3A6_|I4H?{$`9zFdLlt6#Mt09sO z;`%U6(B{er5)GjblL24c4=-2e?Ug!rJSAPb%bd|!d@D)xN6>2qpw2ePRA2O|NrRW( zL&#m9ViB|}SyVrU#v0$FxoMW_9k`7*3gxipbzb4>bPnBl>DZI&A#q@ z+q|{7=-UH7_JCHqPKTF&fHNfPKF}hMBeD{5u%)K4r@3pvR2fc#91b*Z#5 zff8L_jN)7ssfX)-VH$iCUI(b3Xm{+>s}IOvA1J5h!Svn$?4fgvU2VZSH#4{s2=g(C8yae2yBK-KqmB zjBxP2z!%Af8&$R51e9bv(Ho|vf7`OUZCF$CBOC`$8%iDs`5N+GCP<|jI=pHP_x$uu zdsI9zWwOL)r@7s^qW_8Uj}W|_*NM{huGCI`$JZIv)m}md)92TYq0spfo}I5BaTI3EV&1KOv4T`XPdv#SmvT#uft!4h9Q)qYOpL?Zezl&*mT z*G{CtEkoV=PY8eT1pV|dV0Jg4k^3>$zC1ry4`5LdC;nFNdj=s8F$6p^QVi^4d0YvCk z-QbTDGNR5H9^;`@lWbTtBhsU^wE3KXtSXBB>f{xn9yk5B7{}G2v`;WDI!_$hCVTwZXSsAOF$kuEp7X3STE1ew}XUxOKZykNc`IWWEGtc zdCj;zGcG`Gzt<{#m_XaVz|#Ah*g(abfJ@G1rDC^Yf;k(_UYJZKPE*! zBw(615i!r{x(w?Fl$qncQ#$W2z$NGG_{}d@Ef`;UFxhX<1pFr3_DXtbY#Y=O)@tYK z8de>?cOeM3A?giH-n&NO^G53)IJMwj$iiRWeR}6(+aQojDx$A9&e2&?_=#vXqt>Od z_VN=>=zY^E97=;o?rVeY6Bq#hifogV3A#02HRlF!89wXK%Js555dARQS%&-w%_!7_ zG|_hgB0Ex-OHf50ZhUGW*fc+4h_hT|3FJY%mNIISzX#F>7rq5J46IyvDzddLs*h^r zCezS)ZMo@15_6XOz?CZmbROS<6q*^@y`-x5jEXEXG+y)2 zXDfrOoTS6+Jep^XJ2WCuBy-&OT#*7q%sB3_?{wT}jWI~tT?xb;{K=6UnR!t1cm4ow z;TJ<73v0kw5OR^R-@63tKstEZ-AIYAS<4M+><6u<+J8JHTe3stUrRi?j2JexP4&zY zF?pL|&jrTY0SgKPN%kaM@Mxtb@;;c@U`9{5m?e9H-GipYv+Ya3v@{RPiy!7VCi9Fd z+~q)iX2B>0#KfmMK5|;2rM2`W9{{Rone%sfwK>w(Q^hiiaAYx>%Nx>wTXcM!Uz-Od z-Mw&edMgxae^I+ED4ALI-W2*q2-3*n&{o@|6dtz6-DNg1{XlsWF+X!PlEEp!+ug=> zm%#KGzxwlH{>(f*2lT&4z0kciZGo$}Y}XHtyuaoQck_hcI1 z^-5iLr9BD7;KDrf>*;qz-b5z1`Tgpa2^HR^*2)X z_6G3+nOw8mI-#{5ZJM^$x^e@s7#?QlPtuYEJ3*$Yqc{48pP#!U2dq!VP3JA#Lythq z9RqQn<-|l9+kOpze0>q6UjaFB;el6q5p5rHyX`~Wv~a(xQ{4Y%mpBW;*ml?(gtESl z+$xH6YeLsB9(=QpA~4kUc67$zo40UjW=54}II@)lZt|2a70I1eJVHS;U=OowWLK0( zPal8>7aj^D-KAZ_K>6YR7w%GFt}tu%;6dr~hQ%Q<1K=gjz%7u%OSPRr9;%SWy}*J! zm;Qp{*`;6LTzdMv0@I^LUY_Q`J+JHE2M%T^_-_r2OOrR{ZGP7}^IXs6gqOZ7N;8q`OUz~3y|CXFDx>NYWY=~)m zvK>fd86>^`CZ|rs_1B5n##Xx{ym}qLqy#a>6m6nBTXz|q04D9z)=;Lcux;W6{8~G> z`ZVH192)1Vc#ln$k}{O#>v5z(mJXPF`L4KkQP{Hj z39LEcS3oI{<=@*~y*)YX8W#KT``pd9W0ES)*jLB2jIn(C05AXw?t%2Afmy<#?^7Hr zIgs!DvyKA@1^?(5t14UVLz>V1Ol7>v{Cx8Z`BypzqKP_Z%ROLLqn+*|2S=`DqQ6PS z{LKMBcZ>|AWnu~r!!;gYu|Pz3SXrpP%iD7~&($>^o-$Oe+KBJ4O-hksu(+; zbnJIwIsZdf_f%B9FLG5j!{+IctCjbTt|KZF1L{B5aH`#P@4pqrKv7pN>USm#lFg=7 zbDUla@fAAsTiC8#V($4i8Q*bbvew@|7VoLaHS<&B^#T+v z>hQ`c&^gE5QTT5K63{~*_M^i8TeOsOW>cT8yJ*hDW&3Y=Gk@wJqeAMOQ&{f5_xP$z z3_OW%qzs8Ko%mZZ9Um2=h1Y0PQR2O$!uuBVR{Q&x53yo_ul`fTd~RiZ{6VA4YuX{N zm;+dk|D(d1{r@hy{;yMk?#sT@6EiciYHCEZ5sxCEqD}HpWcqsv3FZT4xT%@F>pOKL8|8KX_ z(|1C$Opipg5)~Nf85kZlQvAJ-7x!C0K!B?!w1K*@v$OLt0Ri2%#oy`naX%$}#(T>- zNkT~}|LN2A8$ro`SNIFJf5+4E6}?i2zXjj#DR!whq;9yzTlD@N-0T->f3Lz?I@;4^ z{`&|g(*Kl(zdux&RwKLUyt`b6BQLMF(wDiycKX9{*&Yt$4PXTikBF*+1-V!~U3F^w-1n5c`b=DDaLJJ-(t*AQQgerq)P ze8G9n!osrB`t#@0w~~^hZqXxs$+|_JPLsy>^)*QcbkhVb&JSWNm=I+;n+Tr7l9zcF zKehI$w>Qtjs}gP(^swcN0)M-`?^on8mE-u8**5>zSN)aRv>Hd$b#xLz9tZPvTq~^^ zQ#HTI>e2k13?ED|y~A?|ZH($$fL6&>dD%Cx%CoStuSEWNHbCx;i=hYdO}2j$ZKtII7~*l8 zhIRXSb!C-?Gk-PT1ck$`=f_8WTc^NiT$J2$^K zJ)GtG_`C-@VtWpeDT$I`H_E9KYTkJG{!9|zTxk_E27*JF*p!KlEB!X*^-#{>b)2|= zW-D&AGfA|SvZ-8f@E>ZpW3^gmRo!g=_NGt>@Ctn^uV2f{*kO5Jc4ko2>j|YQrP%EZ zXsEpPQzG5dQ@i$a6N!_M(Dn2qz4k5^tFHLw)8yW*Ds4e2;LRHWgQ-TP$;cxfsT2Q9 zYy9?X(3hCRJbH}^rk*BaVIbT;8uK9~b)N%w#5gMnO!wnWS_GPQ)MS}mQ#>}~QDraW)5ysi3%j|hQZF`oN z%PLYIrMXOP9nk~46^6WXzTdjQO?i2vI=pZKF!57%D180wP_SZVl;XAxz(o8_6^*0; zq8;-HR@jAJ=Upj|95;GhM0Qbrdo#vPpe+zGJBZy^bLpBCgiS5AQJ=T@lj2C5YDf6G zUS1(#{xYn{>1Se6zsP1qW&YiKRUJ-VF9XstGA2c*DTS{n>h7%lB4D=MFK2mBD z8Oi6g?_~UPAN`A7{@p);O)&14l}1t$6jQayoJ=`V*Dwharb&$-U0Me_vDgEt;2-^( z#WaT%Gkkrub%txXLZbe=)`E`C6S8>Qq}!R9)zk~%I0dTVD5ZIx3y$`c?99%vu_Oie z76OEQlST|F>}NFmS9bH)tVuA^wCvE_23@v4W93+N{1m*t*7>efslrtGJrjdCNwS3i z3M(m8l|)?@A;`OXNIK;H`ffZSZGWZ$BWvt?j|qiKtbn0bXU25PZ-q*6{^w`exjDuq zl}?sm{D4HMvsxMI-+3&*i}Xo1M`~1?B|?Arh=zx2F$s)pCT6BY>*LSY-MB;r6~wDm zr(d|Wtat2tDyi~1_l+v{S_}LmC9zXSa#m4cvER_6ZWi|e#@xBeoXfpOnl_v`ydEG0 z!@nrFMWKAReV<07LT-n*dDcb8AX#gm^wDnLk70`dSCSYlwEh+G{Zd+skt&lK^1CY9 z+6YWeOO_lGMq8HJ+70Q_5!aQzV)|*YrJNg<=Y>h7EgB;`Dcee?S&b>k)w7U{eWqA? zfn=llKuK`KrKtx-w%;9dAtL2z#dNuB)?>Cm&)1MbBBamAK1DpvrzSi4kQG}_xgolF z{{ip&N)Zhr)CA2OC{?S-9(?Br5;%k^$q4tn+Ayk)vOVYI z(d8gtB#Eg_ziBS~w&vvC1l5sKtTJBEdE@7Z@Yu}e?iv|76O*6ksL^IOl4oq(C9w{bxwVK z6>3q*U;EP}?|t#dHFKiZhF%4s+uR!tAGTVd)Lz8VvNHF}?wi58y!R#VA zT)V^uGve&1^t3=0rcm|wBsl>Muwn`9-so2)eDh#zE2}K+7Lm}HYSnR71$7cK6>YsQ zID#4@OENhzL$(%V?DS0hB$k>Y{T5^!;XWsI9h0NkX_+6HP(0|b*cMc3c)La>UV1uX z8sX}_45$SttUnqZC@PBDOcg(2-oBOoZ!bVSq+FQ_&gb%V+HVTf^!>awxmW0!9gA2s zebB;COtk5*;zVL%jh~4cZ~T;a7~k_=oITJ~H+!hm0IrSRV(yJgRWvXlmC|5j?=LWG zNqeu9R5P!s&3Dr8p6#G(fTdG_;_hrxVzrbgNjHNRvx(OULz+<&C(I+mFMFolM^mK1 zhYwgQL;D6x+HFU(2m3LH-A-tv5~?a$`V<&OVJ)8=@7JZwV3@@oSo1YM)8OsqBlLCL z>0&_?$>OQE&qQD82*;=k@0_2})hbZGvT&+AWghB(xr}LHgT2ER(m$*YLkV&Ud0g5E zsIv&cKA1j?4^RJq&QM3EpKnxbz3uL@4VhYD3VmQHV19RhhmccH5IcZgN+Akh%N{q+ zo{do5#)|yaVLKrIQg35GzO;?k*e|yNy5cRME9SK7P_+@@2uw!_kV2F5-a?I{1TjzE z$jHe3xf(V==Zx2sXLZb$09zfvF%tNX*3JX_nj$u1WB4=O6F6x-4%iX0pq-vR^iUHJaKhFJo)hgh01StCBJn5>D(+8e>YQ+pSP?#e~{ z*I-ZR|4l;(BcJ~#FCzT^cq+4e_vQ<@b9QphntYoPWsvWE+?n$6f4|8-{U7Na`S$-gbbzrEh= zn3Z^GQ;0U?lbzj0cLl~vMn)_o@B)sfv!=`qhcKlF7XIt;0clln&FO%4)2K z9M@u;hABO(u=?}9i>N>-MRfnS*(3#P3-nhSGsKybbKwKdasuS_9%GCPXfo+rUjFE6@|+t7=`Gbi_p6C*N#U)! zYU6#Z%m-(;rPz-eC}=LZ(oHPqd4}ptdEYs0i3p+{y1GA`1uJ~iFs5YmNB0*_&8*#G z@2@oBCg;u}Q8h@B30w^9G3zv|Fdk+9RlSbx7^{{LD_=ReFg4}kMAKupzO0ZyQJJ_yQ^cjM zb8=EUwBd~}I2~C5BiQH?bg{}XvRI8)LGj3CB0uq{)IgZ_(vhS+IUB@eTTvzt98^-w znOv`x7RZC&SDUzMlv_?%r!B&Mnd$I^7n?!i#n3GO5xLm4ws&~2;4M&LtwO1>sTwlQ zu?SD-|9Y@n)S)vnayMy2-P3KxW|7>3yj7CHx~SGzax?9gPS zmoPsU-_R`<-Cb-8*5n%rNiBx>5%z>X!+wulu50_!P+v;pTIoU^!;vV_n$NT*snKdh z?l8)BzW^b;JKvw>J#%(jC+n=k%pu$3oiNz1tY|!z8%;8MH?LU*i=+P`EoijwDEc>$ z7RO@0`{$-~F1)>Hdg0iyr!K_CT;`y9Kk(q$m#jUfJ~ni3Fwd)3*V&2aKVDjrsi>+d zfU)0TVhUsKJ4!Arkoc%?0LnJ_6h6v5|M<}E8b(^9VN{6SKfD~AEVNn5+@qtS)KK*` zj6e~1%VZ}fN0azl*D^MI#=RMgpR-7!IO2i(UvnS-$K`b^qOQTkF|gB7^^gR*)nTF z&eIcfWSnFu4CC_ttrPYDPu_-_s_NVDMJm4^7u53d^2`IfQt_QxoVGglr&j)tls9CG z^?p8Xzt4OSG9MmP^*niBak8D+0#r5DcF0CBd&H!QLZHZr?B67>HPqETM`wmL*;*ST z`NiYE#|J##xL9?jw3+!!0kRw}>eeVZe-JNaN5G3)!ZixD{c+VrtO8;a#a=&HTx6_VDV&;jv?*Z270@8rm_C)-tuqadkeAA z1W7iO+U4cFD1(bMDw4{HeM}zWYq>0eyp|%%GZgmF?8!>U-5&0aG zv_crBqb+2AS=cLEUh8*)Y`^P@hXuNtOv6l-AIT_ZWAq*uP1q~p)P*%Qx0TZ(W?6>o z8!2`}t&qVu`QA&qtz#(M^ddjpX0DIbseG-qh@!_&pu}K=!F{Q-dW_VzV3t@TWkjOh zp<$tZ@xV_{T;F$Qqs&01B|UY%wxVQlG_BTHt+o7<(s16@IW$ppta~hV&%>{u9-QpS zLi%1F&Uh|l%Gs>QV=?e&);clZKIe^nZda%TV8fn|l2Rh=XTC5ZBb@1_>%L?uZZ zcoGn}lSC(1g=di`-gxkA^aQ}RHlmV~6$^7h{p>f1d2!?&L_p?y^K71*h|>g0t>Luu z(WtZ}DLG}&f{9b}6$j5FkGZ>g>bzp7FHfRpb?JFW40`j@@FVOIj+?-$>rOa1#)t}^ zj7b~l91C3zD}BqF*RElX{qc1vU}D0u6P8?^Ezd`cQf0D8wQcOU5PGMo%D#btyl(Se z3uOidQ92np^vkeL(b9rEYb_1o4J9-_mV$$(orZiT%#ouN_7Mg)w$S2clN1X!mI4a1 zEfSTrD+wa>%QTY^FKkcWKl*S{-OAy4#ft3jwHdkxx*-#7^Bcq#mXWcsipC93LWh;S zEI2WHUcpBBA502`gft}{wzkd4R#2b|ZiKJ3SJ-lXZMH)NAO${gJh|idEz{Ou|V=FM)SH6GmV9>V5h(% zIa$&I%%ep1K||iy0v~_)U!7|yo57~dz60AFVhpzy;7APaF=3ds=!t6nt~hCwk|gJr z#DzIqp6Bt%>cG$yCyQY?o2;=tMqaa5{YU%#q`Q-2Ho7FNXQ9@Is+CP%qvjQXnl*mI zsq`0bropm0lZsc-wpB(g&ipbwQ3+{^jWrPWu@n=i?#sDuhIr{`i7ApSpI`ak-eM}e zetTZKvEXL)k}*2CZ*02i(>bkP{oH_=0IyS3g7vqoJyOSlo)C`Nz)9XP%esaaV1Zd3 zH{?Z>np(5kAGqGg(3NblPS0Hx-A)5+ga(t^{4Q#bg2t--DJV=-E7qph1GQShrr7%b zn9>Um{ae^}pslyG=aN{g#Ro^Qu^b!zA#YdsXn-Cunkt(zCaafef8#>L;)zc^ zNb2BfLM@#YSsz^0U_UFZxwM66rLobvvshwA99!wwBRSMG_kd(0MytMDA$3raEd&_s zaXsB^C39a>S&3a%!ghKgZShV(OiVEhaawAz#>`-3@~68<=jbk$IG*?>Z%}aFnT5qS z07^Dwky#KDa)Mo`K$O_BLSew=_;V7R=KWq;0+V2vk!R#P4=1567iajwAkB-a`~CJ%}dxVSD1Be_#kno887Z~jdhu!!Pu;`@oo zO8~JXXV59&PETN0+zz@7`m5dO^2cATvAzkAi`j`ezj7vkgJ7kd3otNN^XJ;b_-yp7+# z$9Y6RtA6?R35-4CxnP8k49^CMMm><4s;Tx5jl5vUS(fQSZ3F;W$N%h-Q2x8+^1nB! z|F8X$|LI%*zi`T*)x~bPH5E$hZTsJyka2q~#qGI&^LL8>>}7mEE2^SwY{bz#h*wUR zxU&_I`>XO^=68-v1&UymUY~Bcf0XdOaX~tvj6@je+@bSCp9TX}(MBg11ncFs*Z3mb zG@Ab221_A4I}BLVsBHXL>iBOHzEkNF>zqAx{YOn7OMzWu)UlQHOS7@D(5$9y(Xj!w zK;Qcs7`GR3ns!AJ($kfFe3~2oLgn{9VXpiPo13$pA5?<)kM~8c`kB&?Zcj(uKXU#Z z2sQS$HApn$-$5K)G<*M(*x+he9<23sX{`3H7td-3pL!5wjpA6g`o6>|jd=7cw>5T; z41QcjW%c^!>$!KE%{a0RK&zc|L$a99wfDvXk7ybcUVSvkFT>)q<&k$zy37;O1g7o} zzR|qjtI4vR)A28=h&?t{5IdX1slOTjbbr?-k!9wtA8&UrFHbE@@q{>j>Zqv>*^?); zkkBbve{n+I3PCUrjb+@qxL|4O>(g+x-SW=Y*+UQ9q7xGO4(gUi%;WVp4Y#@oKxPMX zHR|f>Pibfr<>j$=c6P|aq|s<0w~pb|!kty45`)`gS?Ku%1;(qL0Sj*PcI?{apEZg! zk1yu!-RJJJA|wV@yMln-AFaN@!7h^uv~u%7(vXl4At%`5v9U2dzw33V(2&_ey`$L0j4Ap&A31J!PY;jhiCOFQusyF6OcrU%%Eoqm z=-xJ%Ef;+?io8`uyEt4NjDXy(gCl0kAa^#kwzJ~}!}vk|=X=x6`!hTvAf(UcNb2B1 zgYzBq`pY9)qoD*I*yiRlT3Y<}TDy7eT3ZU_F&&c7VJN5&N(V`~LtJ7kt<%!cjs7W6 zlT%h^;^ZuyzwBtaTpHY;t@2#?^5}N(hcp9eXaEFJ2Qj_apS?GId~`OU932xwd_)}~ zcJf#zoO)Gv`G(YaYs7r9(G|UH%rf1#m#wV1bE(DK3JkXB{Ptu4sAu`?yf=Ixv;njR zze8N6Ozgl2AXgaX=H}$MSd5BE-Qt%ET>)eUk5`tb;eMA*dfo>$_ipz`L7a1E<@5YGwJbZL;&x9sHNwKxqQ1RNWo+B4${Jok()QVih#F`mie6*DMchp_=+eh zD(){dR1I#WihB!OE_vIxBYK#C!Qu_P3ZTpHfdQl<(oe|@eIhX);U6V0-}biYr8~p7 z#9qISNk`spr5<{3CR*M?i<_n|<8;BRz>0%5_8u*b_U@Injdb`w3Jwc1@BKkBlnzS& z{rf{@WhFU}$-_|zL@~00O2Bp{C*FV_kP(2PBoO<227cG(68Bf8z~*N8tnGs9v_7!a zh_pG6E%OOzg13tP!aIOWyG#oZ3X20IQ@s|(b+xFAT$_p!I!tt?6}|X#ykO15f6gK1 zv3GrczTeM~AULSd(iDrl9^~;mO2#Pm_7dCbx!_!Y`61|k7-Jz19G^%h>8^@;B7~1T z8I~J2e58AVjyL11Tagfn^&BWC>iD?o{a)LBC=6z{Ih-tGXU9?2azTl>gfj^W)+r;d zj=BhlXlX~rvSf6c+&E%mWB(3>5VV_nXJf+#IF`@-^_HH;YQW2vFOPt#Dtfv1CHVdd z3UZp(cXu3?v<_=8Q!rrxx+0s24eqAP9C3^K^EJVG9-hT zSy|V@MGvHeVaD$4$G2>z@okkhhr>PV8WkV0zqSCZJk+PpFqN< z=>SZ?wC3a8p6xTv;?Ck8L9x}t9(b1AV zK4L&`f*@@~kl?aUbY8k&5~|qUVtrY#q)YGQ^_8-54pNV}foGHgT%oat>{+0w5KD|i zYqy(Du=-@1V|3ScwW-L2bTDx76Ph-l#dxEg{{;&1{t2OVax}2rveweFPz+}rAfHh? zOKqF}aGw~Oz6c8ZQ)Gf(t{k?}D|30&yIk1UI=E&yO>EpwO|)x|(GEdglhYFTz-w{j z6G_V9DR*&09&YXC~K2`;**)y=1fxUw=v z@5CH4$PPELhU2}b?=`J1I30Yqy85tEVw z;-JoXn132=$)Vou;3Gbrgo3vA3=16Y(RrT-x(lA0`v^F%Fo2gB?ZD1P|Hz2N-Oc%e zAL8KNH909syT+P?0Cek+=jMBR46UxM#Y))^3JN-1@`kTEHF(_?HLMct-1 zlmZ06ZPNYyv#Sq09*3*Bd>)$iAHUTqvsW%#o~y9|)(aP~a02pl%dN@tpk_M1w6qso zcRHnOucEHr9jj%~55UUxS}2!x^(VrWyC02<;L571hLx{4XmHCLOAvx0CnpER-{Q3h zbvOrr%aVv8&!_X}Rv5z^+}_qkf{8X9AE0#B z0Q>?Zz}=w5XxcC)nO-|e(R_{`aSn#AAGh_U`(980@S8Af0eSPl{^{}EYeB(BVy!tj znDK)>!9+|RK;WQ}i@Fsf?*VS4q@n^ESI~a}JxF%*wbxy$TD{>kDA9#lv#UYF`?mn{ zuR|j&`=eedByeXy5u!KSSrO#oUezE6bnOz&5m9*a=TXczUS1-)wYIDN1QOe4V*UO7 zfRB`$^kBQ~&-?>4L;-QZ@IH=R*zy5c%8m2mrRnB7?@TTL5;17!@0};-m*2N!j9%~9 zSX-YUl^lTPkxSR}n}$U&inbXv8{143iY2lVF-1~?|E=+&)6bk)Tvj{nPcnP_8 zN&z^$9~2TXLf3O$(E_mod!3mg+lXYOj@pzNRdnHt_uui?%M=I~-61wyEFFCVP%cJf z*r@02H3m7u+j{<2;ZlZ8KM7SNK`z&=RzJe=iy3c}!r9o^(7%U;;ngp@&tH0^qg*Ie z)cs`qJ=gJXNdnh~;fp~grIc;D=`}T7-S?)ZSrDp?jSUzKb_F-AG?Pp3ZLD5i0-)~d z5`uI`9smLVjDkYW$%%J(c-VHnHVhby*KV%b0Mu4C{JUwL7~o<_0`cx>Wr=8OC+S%3RdD72>qI;B}XVWS*o2#}$$?G2!e7S&Q z6qb}6oZx((nVC^a$7xy|0Z8g<5$*>Clo+MMvJ{zqw=(2L&A|6u0{}8?5m!Qfa$MgV-mJXK zxbJ7FZ?%4Q*9N4n^M6@3)0*_Mhf1a6a@OT`J5Gl&SXp60y(igy&zXs!N%bZ^>SeXD zNLl(`2m1tGX^(V4#&HBPsgZO|CdI&T{|Om|&P{5C`gG0F77f!?n^bz0cU$OJXi46= zkH4IH%;n6~@$o zqQgM}43H$ELi>ig@y08~R)7kiJ)$D5GW_j8w^CVI*_HX_dw~}(UUc{NI;{qf-4w-1 z04gy8NZHYjkjs`+#X3WYd_lv>f>n;|y-LgSO^aY~{VEn}4uEVTL{T7cfj6~1Ar;ji z(7HE@${2#^{A7)dUnq+mKWw|1EaOfd&TDSVN=QghDiicDbYAXeJ>bx*|49cV68fz{ zL_|c_9Rz-F07QB9>J>35Dd0`%M-za!ib3$jxLgXKH6RX~5``Qyk#2^q+6|jYHn*m2 zpOv6(f^G3$lIf=t?tpg0RR1v#(QNX%^MNpk_&rH<7XfzqL0>DcCD6|Sa z`+Pu`e%rHWeKz8Eb%t~SZ7*$+1t{J7UR$DdO9eS0T#vJTh12xY1wQCZj8Av*Y+qps z#K*>7#{&p=*m7xL;IWDcL|4PrS||$#M^4TL>^?3o?!m*9m)Aon!qGrLo(`~;xikzP zuR~3%W>IP*-1RXYo;i@c`dqCBz2@gP=1l|&6x3PLsr&epbnw*cN?-REb@M_Pbqr8(`26I#4+?ZmOiVlgX1J*?$!Is@HLjXX0CEh{&>S@Yb9tyheqsPu zF!As>s3rkvi3#vC2qLk%x_S#o-rKj|0obMIHfxRoq}x>jh!K3L1(k}U!^gq}?B=>7 z{LUCq?XoCaoD8rv?3Fg<7ZqhSH#Y<5k_0>mNOqr)OS-MJqXXD7wXwC zTB%-m7;@!JP#n2u78j$i6J^cw!o?O(`(WAS{Be?(j$;`Mt`nZOeqB5Yt1t9;UW5=x zlx~&L{V6}1It}Ix{GbNMQwfUTuh>9VxnKU{q<)!k+4hXB;JgvrQgwwi@Cx#bc<5v8KcI|MHq~7luW%PtR&70lof^B0KQo#O22v-A#uZuL&gb14T&Pa@b#ldkfTS;A-sp-dq6UF zeY*vMeB?;sqv2}3T1y}-Jskx>7G(c{KtOGXrnW&MWw8!RiPOX>m#WBs52Y;^A89>d zgg|TfTh0d9Gk_K+pIlx7`1tb?t;c7$FWlSbcAYM-tSkaZJ-@cLO1S7-dU$w@A24K5 zF!&)aA?c`04gl=BxdBui>||r`x@8&BQtEjHWZ5ImqvFsuB%-a(K)1>QPg&ynB}$&P z-PIv`fsA?vNEiVs0Z)%@T{e!KI&>c{HbEbL9E|6(98Tg_lRpg;Tq3WkzHRnAZ4Cd^ zGQSsVCewjGx69|-h(gD1Vz@rj4+Dx`TAwV7x6dSg+x~|*tqMkeo zbPILWwVrcG90x0-5?5N^GZoE}j{#OmM2C>;lZ}#OA2mDOx8Dn*e-#CR5oeyodSlRK z5MLkY)(12v43K>9>`5!}v6mh#b&r?Ns(VAws!u9J@{@P|Fw`7F-rv9X|qG3cqf_2?uo5L7>EH zxHnb85I=Yvoqqd`?snzTP_kgemoMn80Cv^o=9~RL#JvSjoXyuSn2+Y@nwzhVsYKj@A`|0y^pYG@M@0|1N zIt}Us__sZ25HkMTvbF=ky9jT`#)4yzJu6hVOUo(^ZqHWVR!hUPR^7L)Aq2RwTJQAI z6u|6;G#Fl5`UII1B#^x;?OQnaY@y7X{$%}S>AKeH>W8dg;}DhLsPM`_1{9sFx^71p z7J|c@Av57_(C104(PkBJ=HmFKl`k*nuij&}4Kh1#Vp!@u;y`dlaZ7u@F#6VDuCwMm zHe<8e(+q(H&i(Y>g{~JT@2fn*22nZsjw{8Nzn@>Lj}^D44ysq(k1O7Awu*(ymOY%k z$*jpY>kslw`P~zMpw&eN1X%EWUQSYf1xNXC?|CKZdAl9ET*~f1wmY1BulJK$K9gB| zUB|2wE*?5ioRiC^t8Gbd+WwMR{ErSUcRern*^j;HKE$3>uQ7mz*psL6Nt+9-5fDf( z?ak`ozT5Dta6E>nr^(?=LB+ck$5%*0oIW?EKJ4ae{wNf-x}Je_5-gCB&E)YIkU2&b zgeCGv5e(LiHf@FcefyFdM0)V$-+vRtW=s870azk;abNnkqL8l#L~#GF7B04JWMR~* ztk=str45!iq4hFrto!y~P4!U`k?8y*3+%Me<<|E|Q!X?Xb63}79*>(bXZC+ZHVtNR zcHivo?zS=&_(xoOnCQcR|55P^5bht*g+EJ7k^NhVhjn`rh!G|N=|r}7^vxSkwTmax z|EW)8G8P^MjQFUX@rwCxU(6~@inYGY>0HXK+EM!LH#5KKIYx}Y+*%1eK+fw(sbeDc zpDq*}OU{JRc{363l6>wl-#MSHEMD_)xt!tEoxWB5KzPT`Q1>4}SPF|~5ePj_YOwFa z|5IOu2dTBP{bIzvszReKufZ`Xc_yCMf+7m!D_=#X5%+}uGq6=f0t;PFqg{U?8{J5^ zQ`^@YTWmZ$BRjijF#KJ0^Sy|)a z;KZ)~N9od4_xkPeCU=m#E)uH3?;jzC{EhTk=H{mU+rtVn$l+&d{|>TADj0;Y?2~rv zi$I@zxQg(v1mUURn94=+|7cEd3hVZNKEv9R$NYCx`sgr<1c7L+_pHUV(GjAPMNMtz znWuQLL?*!>bp(UKXDy!^Z9k2so~FYR^+DV@MMRNASy^x2On$x5F>CQ;H9%S==<79APY40e&7DqIip`LFWRdj{c&Rr)p2nbXYg)2T=r(70Ms;lF{d}xPku+-mcjLEGyn)Lvt=^Pr z00P*;sokYxG!jUhr0Bc{aBzX(xZ!wNRB4+RlPWAuYh$5PIf_I2rp$kwBMth~oP#{i zKyu<8Ka`4tibxw;)H-kJo1*#U)Kbo3;4C;53j<3j%>qRlkL2#_?D6F81Xl8R{_yB_Dv%pxOhVdnVQUBUnzp;4}n3jS)$C8o^rPbC!gxg~*J_i0_686wVdr;?kWh^}!&w_H8L5p&(ebJjO1 zRrc3oh?!h6I-$K+BpC`#oh^Bq$}!qE8=DXPOAYPd94I|Nu2wE%3EY2s?tJ+0p{Vc! z>iwJ~=ZT310!9)_l;lL=NuX;2xAU}lJl{nz2JU$S*KvU*fMl7t-94l|gUHa73fP7~ zI7j(Ml3z zr5m+e#S#6a6?2ut5&*C6BDof&!q8%cA&MJYC?_tLVH}OJ-Lk<}Hx=7bd`6zUGn`g{ z1&z;kMEu2~D0Ut6$V8ul&CUW92G05T-e`Rno83r6yRlVmK+UpfWW*{ryN(O$z48Tn zOQ@K?9GR(-MH|glqLo8JwhCs8V2C2G*hC|)Tgu+^PbIfCY3&8+6_Z|^d+A>e1>YYQ zQ-jXqsf=(>zpIrtt)|1-jRed)70cU`<7rHlBc{avg33--2Yh_FqCSWRMJbWS(XcK> z=vb^Ar0#HMHq(=&JH%Xw|NS1}ygYmH-kUAVxR^3DG*ev3A|n{pW^sU-Rar!&$%=Zs zHZTFbG=(TlHk%5*)F!3^pzJ7ts3M?%6dMp@coNIPRxXV*$~wh{#G=!avEe~njG0Oz zP92y~aQrS-50cQMc=$2ZBHHo2V7g+ee`RhlAVk{js*SQZMhYiFfr>?@#(H0OnmnP3 zqbluvgZ398C3$ot7M1L^>#2i$c##V#d}#R!*2KL{>22AAkV2f+v#UywVDN0xN1ZzI zo-)pltsyz-cO9}N{1K%0iYX365t`@imMgHSp_vlwX~G|fi-dDvN<2dxn52klmC8R- zhR_yxe$kQnkp!Rb)J>xVRG#T)-gU?%RSDfK@wt5St3d1-KQgJr_G4s!JvxO5(UDX^ zC&_sH3}BA%fHKpJo8;n0cvRUMah*|l+61ayx?GEr>)kb;j2OTrSSZY@M4Bq;TdB%` z50#~aLji4KY0Ox{5E)x{ks{@08hgJ(ilAnWE-hQ;=P*1;GE5$&d~Nzz8Gq$a72nE3 zU@&)k<-K|Qw1VP}SmXWg`Xcj;k!`d<_+hIWdqiKH{#?IADn)9{;RAvK#g1u-OB(di z_a=?PE%6i;0chdnFmsZ|J;IR&Ez;BT;1OdBw5!Qp#-1^B%}1J~R1WNR_y7lSVl4|R zC7qF76FUNB%6L!dwwOsP;(YD$4VS$<^=^>W#UaG4lG_@r9NPjFpoqF`wqp#?@2BFT zkDI?HwQg+Tkxx6NvHYTXfsU6Uog>_0mgj*%9RU-mMJ*2}T?^^V+=#;@DxlYZY_Bx= zR9XTSG_sRkKWh<3y&Ls1oq&Jph!XW8RvbtoYROt|6f?et#c3>74*gzP@qG*MJ!bF` zr((-bAc!KIJJcPCOUpcg>VgNoEtC*u&YIE(AfYg>@LBN5BKBKW!AVp*C#gKMvi9fo zsu*O4{7W5Q_$qOLjtE2Z#~iU?U^PoYiMXkZ15SEqGWax?T()wn7=wXi)x!y%TkX!9hN=bt3dFg0UeC*y ziuMg2)(>{>qjOGh#=$(aD&uL7*(VJaCQ$IVVA=FYgJ@}N)>86cIWW?PUZR zE~4Y;keTA1=k~cb8Wx%-r65@@9zFtP*?pQPVJpRK{BJy+F~#_9evXN}`B? zH!BP%VRJy4JH9gst(>9v#;2CnHq9cpQUC4S6y} zeu~7Gh>>n-is=uS3?HvZTYMu5*k)MKVElQBHWu&&Sws{GhoxZJ+z@{ah&$Bq%M3?1 zj8iRCS%iQ5N@DCn(SFGnqh!A(t+_y9R!0d)1pO(*f|FM1m)5MfNo4#6D-^74Q7OnA zXBDq8Em269>u$Y8HKUtiMJ_|G)x*J@U+5z7UUt(-MD7RnxG0-M##QO+O}%HRub}Y8 zYa=A8K+aegYgE_zewIaGV^~6wLJUDdeMkMY{dHVr%Q`ua9?>P1gST=T9GB5=}&i%u0G%1*6A3#i0Y$3^hPF zR7BViXl13#Ds6eyE$p44S)6-tZqSb|B0@%bDE$8rRUsZgYn~5%*{QsBcF#qaHa}hnN0d zTUktPaXBFB5drPpef-K50Wi@QKszp>9l(^jL!~r%Uo^A$2g=ijPi_eix_VPvi0Tjj z9`Jx(s#XK990m=4PYV4xJYS|WTBOXBNzwYzr55X_hFu6esz8T0AcNSHRdm%KWlK3W z+wyBkU_i;&zn;~=pT*$Q`Fo!H(qdu%({(HTpM)jjZ6|;dPvpGBBIR(>xdgF|!H5C#UO`T1tK=x(?s_nV;H(oSqW zz>*ApCpH70D9Ry6Fn&To+>D=}F3Wb+DT^^fqA=2In7d%-k5|2tGKPp;EJOa_ZCPHl zyhQYbW_}3l5!uB(v&ArP$wotqkaEvJjZadTERZ0p%InnfoL&IuI){u!M@-~{3K?S2 zmppb1}vDCF=?4Cl8;@_=7`p_>~zHfxy~(K|`Y+8vP_(TP2kM zJ83e}kGjDYtYS!PVcKgwbm&wd#EaF!pPAxVD5BIOtcIbG^`SU!?mFMv8Q@3+GSNcB zsu*DW#xJ5GeWI8$?d|aM*#7`7j}u_~Lxb9F;gh9%$D)#xjyZ=$#>W>bv!+=y-lBZZ zoT#coDpl)H|KizrBgrZn_*36IwrF<)-F3moK zFzfR&1!uMyDm3TOk z#H@!QL6jJ=g5;uW%7ENlOKOvW0eBj8%Lv_=lqqm&!hEP(j#}PK>UvJDu>SFTa5q&9 zgL3L;S~(x1-HqRVD-bu2A>c|XiJqs#-G20bp!ayZwq)cWV}1abIsK_m%w}FpL3m@{ z-naOEZFn{X04)+C%B9~LfDNKrc-j*r;JuctTZ5Pso-vwJ!Rab0=Eruxe3sqSG}7?u zni(TuLy&~a!z3`Hb((IDh5}WvN6Ctv`D&+)X-cZRRpLvMN=-{cNF$$xykC-_tvowT0#T^fHquNwd7}QS{Hz426MR2y3ouh~rhCGeGD*sa=6x}a z3G-~SWI@reiDW#21~n07>aPTR?A;@2Q=DskQ*apBg>%XMN-E&gv{iN$e3)G{yoezQ z+1I@@1E?<9tOU>FTr1H2QO3ZKSx`u@;p7#wXVlu5h@*%-nD3cie`Tol{hFX3iim*lb3v_7#ZDR&ME++?k z0eD{vQ?yZ#taexv=TKaLLup3}1|I%U5u3x%&dNvOaM-|K5P-u);=nG>denyR^1YyoakoN^=XTh z9Eqj1vQ%-_ALg6f<2b>ULvAcBvmM^Dw-*@_vb%x|kWE<}1kM?=4>aCP42v+AH%l(T zOF88JP71+GDIiWoj>FHSRa#9pFpebt$)gYe)u3|rOTHuA425@5vVdrzuzn*8QC~O{ zmFukgx0~>dRvm9VO<1DVXb?icKfv1m9oSVvTnKi0bykkUTTB#!H2 zun0rY**;g7_0_xS36|rg*#H!SJ#EK`C&pS7(`YxaKVO2kJI?>y!~cO!-~I0assBIl z;QtoV{01J|4Ln@yRz5lhdym@My^4t;_i}k&(o|jCJ+fv#Z7tsMt@IP}aB)ARbl#`? zOfxfcn0Y#nYix9mfC~K7Z!|m2BcrlDe#oZ+!-J5o`?BhD?-q1< zhxG1^ma2V!tUY0heHF-iyr`7PC-wCmcE!EHU%i#s^}(JwoRQ(=3%%1l4-ZkkIyZd=QkT~yr=Hf>xixnbgLXl+nRZC7{k^q%&+0nPM(Yb&QymrIv5niInIB!4 z+TVrS?jADl|HJ}R7^#`+RH_d>IMK8`i(+{FZtfWi{ZNJM@EWzgb*M+EPk4!~UgyiO zQkxpF^hCd#HdvbwR?Tj)@-p2|n^pgW>2N)?{?{jHT zo2f;?h~N76wEZ@MWoWC1qfafTxs6HWTuppU@o0^s!<8yZ%@fk@GV1paf7-9d_n*QN z?JkQZ_Y)f&H)!Y`s4%HrV*(S#W9ODQVCF(aj(+)Oj_6Z}R&~Xw<;dU2$7$3i0_b`4 z8mj9gG>6?VE{q9hCt_we?Ew)Lch}TxgCxQ4MEV)yNaJ9rf9etGIfMXs3zD%f%=1nY zqTNfxGe|YK1S}cG+XF*r7h`;b2pTl;7Z8Hwrx4L-Qu@riDT^^E0XQkzFnOoP#SIk% z>?}FC=77KiQuF!*8oQGDBUf*6f8WwHQl-4Z$x>CVck=Se7^~vZ5KLid6rh1GLcc4R zFonaDDNrFktst?_oDBa{j7)EU!`h)xsBoSR)_^+h)%bRos$5+5$jliA9W#Tv3-rw{OUD8Q&Q zLiQvH8K&D|NmI4IHu!PC7{&AQHSL^lpy%n`g3L{gm*3NU6O=Q=Jvg4l`za&1$eVo# ze;v@nadB>HNMi;NeO?r5|8TOzITV(~n?(bN)pR>-S-GBu##?iV&f>m@X*vUp>G@m> zR-WPPj2S);TrL8^W`hM#<8g)247aVs zrq!9|@?d8Y4AtwMigO1~w_lbnHx4U4Pq%8*w1n3~ir-47vzr({sCd1MGqCHDuJg5< z=4rj@(_Pwn$_9enF8rCz9_CMIukuq$(n4 z+XZ6w#WMBJ)kg0DtWX*DgU$q)<@sT76Q_suqY~+NfZ6BN?y~WAuMi}L_8A7XzwsZ3>qA6;YL&?_JY#34Qq906Q2w<)Vw3dd zACS$VkL;eS3?k|5=uQgawkDTN}i!_}N4k;^g#`jW3iE{VPYI#!nC{bfB%H<5-<+UG1#3sG!rf1tVR0r0`YBpH zZ^m+pQ4rZi9^4}5Tgh1!MKgbG$i_v0`<2kd@bDX#Ghr6#0bnAmfy33^3{|hw@uya* z>7JA2GDjtxG1>ppw1qg9@Sx3-#VSOR~l zp`H(_nzysovpd1hR#u6x-4oFdQ&5#H=$X!+N(eRAmgc95^(^7+Kn@e@7c`v@cRmX1 ze_vF!aMRYI%Q=!mm^cBVs_cdY)<%W8vJR>XZ|{&ihryDN4o4g}-C0q6cXH z@a_PK9{Hc5Kfi!HeNnF*HH zdT;I0e+mzRmC=!O78ItL5Ru>^zxyRfFp6z$PB&KK9$1LiXclA+F*$^WC+e41-pUSO zSvMITj&J8|Q2ksI@49Z>Gj0W$^m#0;+_8U&12_Pad&Qz0f4ri|o#JibKYaJuH3~YT zWH=)T1dTSgKI3(maUQGn(6j})*4@Xxj(NY>t`k>2u1HpDFiAhBe85YlWx>2QtngQZ zoCHw7s`9m*J()(5E7cZmG*2$uE&oW$ZsfVsw+vOWQc1j5nYSiZ1dypB2=|N z;40Lb2qbC0J7P4G(pYDAs5d)>=5~M8?5xXq&Qx2W?9J)rejR)7xtG^vyP157mhk$w zQh;EcBdhGSZNQX1ZIFiRliSMyt0Mq(*|6Ngv+K->gr;LkK5EKh`{{;or$$d0?@((9 zBTkpXG}afwWD^s_#Vkj8VYdQ1&L|H67~~wIWXFk7eicb`e!EvO>qFNas^x95t5Hr9KVJm!689Qx$66MXf=z7$VPm{ol7+zV{$;Lz>fme85H#^VJg@&3I+D*-JEFm zV)hSGy85XcO)h)aDf+*jf+B-hEYih>2N5x?surDoxRh8Sq;Mag7I*}{{s5P>nC-mt8ZE^1p1q)AniH_xCdiXaGak1-0iI#Gg(o}K#mE{cH&ND<`m}K`1a%(} zr{{g3WAjc2I`DLHaNov~>t`6I{bg49-VyZQt&fD9o~(PYmm2d56T4yibmtuY(cpe5bw&VgH-idp{^b!gQQL)B1sc$Apb zG1)m{%g6O_%a+yU?@@J>*yM&-&Xsh&Qf(!vwB$~+*Nswb;4SvtoeOQ~_v@{6L&Zf# ze_#Zr!-9(G@0aP*?NL5LER#W&Pk)+R;kr!ejd-NgZ$>{@d6_3)?`bHF?qzyC2`ty> zv}_VXm?KiQMcrC6mgkk1ck9DDCRnBIWDXLW`oo&<<>;*<=qKPpC3@_N=X3-~er<8O zV&%&uw9dW^ycx&2g%!OV=^$OP9BHn7a10Oaoxqi80;pv9h-rh2_YtqSMA1} zmqNE3?-paioqTwQvKjCA-TF~x*XoN-AUOmXWm3bvZJn2<2q%`0k5oW{Zb%7{AFb#?w=Dd(rQyae!L!CxH76$=YE$#&T_a1+cGL54Yoo$N| zDWLqa2~Y7ZH2Z2knx|eR&r(-0J&zWW3%j%=LBk{RE5==|+l5E40ag4Ei_+#6b!m7e z*%2KB!^|g~=E4$vX{kBYEGv{NWGF9oQUUv3ODc9;Qz?@eYc6c(s3Kh7n`0Es0!$XW ztsqawZQ?agX9m4hrl@P�a-n|6RT-cCFQI+BPfBB**js%cQ!_^KX+pjz2#X0ve_} zLC>D1NyIa*WRsJ%SskWv&iiOx~4eRW?PnmG`5z3ZbvZ-uCC&nxAbWTIPADM z_);YLx$!zHQ~dUx=q!GfcZTarcuZ4h5mch7=Gg%HNL&MFZqmF13B^LO7S(RBmM z>1rqo;s|TukJro?wqv@Ciq4kqDkSfcvy(M_rQJ^iaX=0o*wPUnkt3$78p(uGe~E54 zn19m6|4kAqN}NCx6AJ5<~J z`Tao%c-0LgsqaR11k&8L&!I}DWW+%W7a@qm&BY-HWFL?RZfyYwBvz9dGgB$E(^zr` zSeKdZkFB*^8ymQ)ofbapt&{Dtjj~ADOTrj?~fEI(6ieWtZ@I{qKOW zPN8Z$iS>gIm+1lC;2CpgVobaKe$(G|=YLl^FQ>%Zm43f>KJokI6sFP7D93w={207= zyRCP*%t!Ei)oCjDw4U z_R~AIb*~E<-4(m{YGV&a0SFo%)1G(z0=ibVX>E{{*z?W^@6k^!K022fG+%4H#}(CE zVh4Rt<<}asCSRgnRHs-K?$=kaFP@mbUyOE;+FF(!>iBUt=dqW+m{0=xX5nO86dhTZM}^#ZjEXI4 zD8h-9OP|51GCNf`B?PgpWM-Fq=_}}>6>%qtISF*lBIs*T9`1;W;hsrhxQMwIC=`K+ zNPt zkh5bCT7LuvCP;21;uQi$xdHEfk2FY}iHO#3iuK#C>t1_o zoh=Sz^P$@(?k0qCgj`{AHtNh3B?^zuggY%a7#;Nm+A-WoNL(K}Z&zP8h6XUw<@%K5 z0#7vC<87_95g$LfJr!)zYPH3BC`oAvtXV?#x@BBzCdXB3_8xU;UPkLElO4eH55M1g zU+j46YP9%vt+`U$$RO1n7kuDeI1(P;_63tP`%@3W>hfpV2-_YrfP%xb4VE{Aan_3U|5pdVG8cp@K z8~bTm+^h*7U#{soyI4#%49lt$yY*e7i`Fs+cM02~m#eItBct#wSDx27hb}qjEuBJL zI)Fd-zv3A#L^j>MboD&oP8_RSZ42*ZHD}0ZW=0yW(lLx5I+0l0%|TT*m$UGNHJ`VfC z6m_{^hue$EZLleEWV!mls*eM*J4*|R#|?O&4=`lNg?zcVgI-B0B^ax0Vjqxol1>8Ug=Z1nLI{ zK_(@m^677+KDUlJfqO!&fqn{(|H}c3sddl9 zz70CkGpT!&CUMB2YHrool|AlUWWWl=2jIn|)L7HgwxK@LGVHno6R zw&M9>74&LEWwO395C70m_8?K1+^NA^lHBgz5-$Hzi9&3BnTAN9&W8mG<%;<^iSelr zyd-g%dY(y;fK;rkYy8pgW-2d|dkY0tAW2Aphcbx#H}dJA>rd+`n>RCSR6-f1}dzn_U~NXr~6su?FO&c2N=C4HT6aVq9ko+dY?GW{s*Nm8+d!0 zpKkuz9iP|TjU_Fxs~MlHuq#&Hf;kX$_dQ;pzNWb#Udpa}!pvVe-Xh@~?+fmizFKv< zX^nO8d54|z)d#txc8vmWv&u8KE)Gdr7sj)EWcObZsvKYI9-H?UlLKfl^;iG$zFfH^ z)&?7L-;W8bX|(%~Q6xoSqfT+0?bm!lt_AUk7VvFnraVfYB z;2ld`FwekfJtTrN9w+dVGH#G>FLCLUpV@OV2A}oLEE|KGv`#m1Uxj*)iZGNTQztPX z#H&bLxt z&!>EcQ&yIiMVdo(>U`#Hcuc<=jtmV)zk{7jd@XzWGwv1cPAHPVe<3P9sE9_c$@9~n z)5cxl0B{EhiHXVf%3&Ut%x(h>#9j`A%^M4`TW7^73i8OTnJpqxm5R1RBdFvcKDH$b zk3EW>vIMg%`(mt&u3lD9Pg=fpfM!J?#3||HM=e0k=}ct}3FT}N_PX*@U&J$6W*1XX zV9O9DXL;b#DHRz|h4@h|5(c11N=<$g#5r0JML-;)4r1O#G!o<~SUMn^P^bI@05xw6 z)5A$(?y*^@)D)Ooje;(Pcr)Sf>9AO|bLnQ9dm&V*L>Q=sU03 zFsX^h#~cmPBLcQTB5~HdN(kEKpxHH>Aght=c+gzG^e}V|)L>5pF+nZU_7;P!>v#*S z;oX_Tc+Q$GTaUTf4YS(N&oTZ_QSywC*RsaHasKJ=_eR`X|Bc7C*Zlt^y8plB&G~;? zIHz-QqTA}tL2SZ>@X!4PvvgzQ0+HU_iC_PRvnxdx;<^5>-+4#{lKu^8zlw(V_WlVe zpBDOG=L-B^7q$}zC^8~C{UB<6j zF?_AA#I8eiFOTV<^Ik{AxmY-As-V`2a4#YGB4xOmTB`7r(G%=Js{CO$DrzTOo(nh( z>&80Z64xSX)|;nxm1AzEnDBM|T3x#RjmZXmm3U)NikO)&gq&N zfDB5F%B-njO;{{5hlKc>et~P1E%9dOL6w({e8rK&peAL-2b_1nut~ZR%J^0iz=J#9 zkt7hAA23#y(X4Sjw3s-iq;tAQQnkJ>6{OA}XJ*SbRPU*Z?iwXC9M_(L{+UT^N+CaJ zT|H!!t)&Xp6q%P&hXXuRO$9Ej$mr~F&2@Z)6H4` zw&Ee-*f=)D289>#QrO{N!8(BEF^!I1Q;C=K=%c3HEzLjxPCsVBAY7Zv~cqCO&kPjJ4nKf(i+Tbhr$I^rw&x-9H@%B zTyc?f2~JEXl{^Y-`YLydQyJ!N#InS>4%5zs&b7nxq!ein$C@!HDG#zM`ipdFoD+fS zWmU_zFe~gU3NJ&7<=>+5ptX&F~Mb;doYWiApNN~B!4o#*oO3Ee{mX?YA? ziqh3*lim~h8$LGjc1^Bx))_;Vc%!x3ewp8tD3zoSH;kCr;}xo!V2|0Z4EX6-c&*&k zo&dY{Bs#ne2GA7Y!R^EW-$dB0b5XWbY35dbiYqXcvzGV=egVXXBA4cDc%T+$ka1Ra z%$KO*w=)V(BbFsZ{u-V7LJIjo7YK`ItZ;KRZQY zhN=!*TomFwR2d`*M_2A8&X7czhgV(+4yF$9l>;R81Vg1;1his)p`vb0Ax&T%_>>O-Z?2=zgwo6EeS;ew0}YoVG}o*Nv7rxR;!SA`amqw%lhre!IA8O8l8qf|6_q~ zSjtEYv#he3;iX!cveqNVT=8ivpS{jK2r7YJER5TePKLe$ZH`)5r%S^HPLT>hCzqed z|GQVeX)=U$rN8t1_S^0$xZ=YzxR9dNdKuTYrI4@FWOOa^bv}yW-Ua-IG{ zW#l8Dr)j$(Bcvt9wU+`X`&YKx{Zy;!G9e;w^l39ikJAO$W2j6rEfv46WRTvJVICz_z+=3VS zpE<0N~X3LbiYZ{_P4OZ(^Fd*7Nc4dFnyf zKDKUkcjUe5M&syzz8d7P#tjb&4Agwx`fk%0Bm!pBavqG>7HB_s2-?p1-2ooes*J*9 zLa}wf+jTwv0lC%XZLLqikWR6D+CW?0qD!0a|F2;^-)*+H;cquvl>zU4B8+T0CveHl zn1YZi;e9^+^JTrmSZw>d%Mv^HzVUxz0Xpc`+TFD3@SC3bBDa$WJGs_sy>^s@z-QKJ z+vA_lgCU(@&wVHO^mlI@+_-9w_xUWiX{CeH+iq~J*%JBICaP)0ORxQOS5(uF!8YuC z`RT_~&&H7Hd1MoJ4HrS^HbkW&?|#Psx4*AF_wBhlUPk3$5=3&WH_>^!L54G@1AIf5 zw*8oCR)72(Uu$dpmIsxi)Qr)4b8~tU=?o(C^9Dji`>EGfr|V_!_yd+F=h_V<5&bpC zAlvxitd z;dnE1EUvB``rHk#l=0m^wyZ~e9&m+>{KeAC*DXATN3fhXOVb#Ko9CEMquHXxpvBqF z%KGb_spEFj&fA4v1|1>Q5Odja)s) z#OFdqy*HT=#=$+xa(nhz{?lmvGD)Plk9Dk&8ts9fTNt3P?z;NUbdDnJN|H7GtM%l7 z`b}u@FU-K^#9#VuKrWdPfh<%c&Cc=Sg`$t5&+ilV>!caP5sPF7ZGYg9N0`Kks>mz< zJVZ4XQd}SC?zU;PJMzudR!8kRHNb&M+~3xC4K$e=U_wG{lNb%irTpouo4N@k)@*!V zD23%7@ArNbpL*1KGxZ(0uBj(249CeVGh#6esaM=LcsprE9BTj_)>R+}&t3#$j$z-O z4SyFZ>bm+C)RC3vbr-IiI!v-GKf3zW?C*S*v|kH{8yYZyp!{9_nDy`B>)n@HSQ=5~ zzJTKxY&uWd`)27`(otqes(K9BXy@~(ZJaT7HUdHb4PlVdD>q}28VlTa3Z>h*n zrVm$YX>h;m&Hg}wlnYn8nR6z-xSQT=h%ud-gnc`kG7`3xmsWk?Gjmb`SQDNf#}kC| zDijHsUNoJ-VIKKz4s~0%s>A#MxFYZ5-G8UUGrd3a*fkRdnax;)TS}PZg_vR>Ufx$G zv7hDp8mZIk8iJkoRl)-~6BqLJp#lT;7w6n$Mf%Ou4LJ78Sjc4^J=;~?xsFP6OD!02 z>wAzZaHW>9ST%_R9Puy{g?h^ekEN3%IZF6bSaIfE)0B7ezKmu>&Gy;jTAl%1FAdpV zq2Mo8`m6zQw|T#oldC`#&gJAa9NIX0TgB9+wNTR9d{3H&2g1TT6GdkMxJS!Re>pG? zBXqLnb7&=Bx=46Ue873gYw&fZ6$90@W2L!J?TK{+gEnN3rmzc!N1>}ySKd!}Bk2+!=}WUGp{g|zS%6VdE4GsA|j z4^^)tT{M!F9oV>2la~EVI+n^w%JDn)NheEwQ_c4jt)DgxbUm9bqGDjB! z#@qfB=VCz2Cb2*X5fL3+tgxz=WcJEBlwGHC6I?!AMsdT^r9S60RtkxA15q8u1Ek?m zoZ^zQW3eCfua$Gk4G`3Kdt=_S{3sM2!E|x8+_^kapToR~xmG|@H3F^HWENzmgc@VZ zNT%b0HCy}V5);mCi;nYmvDopls!pPEArJ4N<=tIGux`A30>SF;h<4eqq2}-4n{Rph z$?^rPr$%1O@4EYHJI5~-1lINT56v{>=gABEnN6L(7J^B^lqA)*+F){QOCI77W*j-q zt2U|(T6KpDL(Q+EDM}8fq}7xo5)g6@dhgl%1ZO5unDI3Wss*F2FfGnnE(0icVcLJP5-WIIrgv9SmM$=ZyS{I_di!7=z8ws>x&*_7 z3J52MC$1{TTo0_m9s7E7=t+m{iq06j;hf%l~f=$8S_miPS|J0RaL z-WfzD9!fUJ+|Ewt4%|k?kl&}u$j`^FpVt|-Tc#WPZFyz3RmJ3%EZ2V4=zkpfBN;0` z{J|?wBx2EO_JQLyO&2{5gUp!s8@%8{zsVt1Y{tHLFs$A5Y1JL^%)6E5##@XC7TAzRgR;ii92)l<9=S(l0r62}${IUO{H>e2(ECtPCIMwMllMry*|-q4$)EL{*&VK8fnqCBa38Wn zn?BCwES|>I&!;)OkCZDzoxOchY5Tf1#5&#v*wi#%nXfnD)ZTyrW@1l;ECWwb{jx;> zcY6N%!bJ&+X-M2%Tm**o6BZYubvl?VGKZ=%J&jU%pu(eDi9B95n8fXAhwwBGm_)JV zs>55u)=QR)`?!=B>URiXV3}ANX&l|O-9Ypd8{Dq5S-I9Lix0CFQ;<+;)>U?IP#&Sn z;OZk@)XkG?d0<%FwRr9qzAO7DcH=I&nNt~Ev9S5r3mw10_3VYHkOxRh1{~5OY|7Qr z3q>k7;(0_^NLXi6Ei;SfENy=oW({$ zR=N+oY0fyM@j%!qT&^vtVWxAbwjrkw7?BjuG^jwPwvF_3IQY!h z{}{Kda_CVfwzVH8(9tVzWjthPo{3=6DA|HkSXh`nHnx(Eh{R44@#JTH7tj~EMTgqG zQzp6%I7{zhD<*JnLXF)ACxlaA#|$4w^N`{QB#P?{-L%eR?5$pG76g|#d%|+o-N3if=B=nIW+!X z7Ha93*niJgqEejshx?jYMDpLWdJ6v+SI$itNB&Wl&gp1UC-l!5H*`Nn$#o#C5GyAr z|6CkF{#Nk6#EAL7dCmV>T1&sDBekwA@F3wngdlmo^~J>0^d3~@-LSYB_Qs(-6mOLV zc`cuOvnhfQr8%6fv>^vndEcFm8&=LSFmaP z7i73ocU4sSA*5QvZ(PukgnY>1lcrs-&*zsAR!f7_J#sPE{l)*Ix~~k2BWklG!9s8d zZVB#?;2wfD8bWXycXyZI8r(Gj0tC0<65MH^AxPuy?z%<3Z+3QOc4qh4-9LMur+!pX z-M6T!e)ZgQs(7Rp%uZ4M@=26fw%B^_YN1m6f$gjuULA^fN6TWiNpC@_$iAF5-&SXz zE|(EpllUeHoO!ZRYK^W(^tx}BE;`)p5lrm;o_!?C@_Yc1&pqJLdAzlqgkaTTIvkoH zH_otTFMWNyqopfnuC}_YzEe4(n{$N);52Z6TkSF~7amx86@5j8467_3aRndm4EJWg z;eH$36xq06DjXBwEH?UMe8lOZL9fFwvKybW;HVJ(Iji+Fvh8Z9mJ;fb_J8qZT)4&1BwBKnG}5Kg;8R=%C5Vf3f9KcAV*wwUO}td?MR-sM3&Q z&tnHpfMck!G7F$Zx-SQ592X`SvmpK+)qrhEO)nxk7tV406~;8+ylVF z9qW77>$?Wf+C8x&uJW{9f5j=6NN}>Y=io@by4nH=!xSOREmf!M6z-R$xn52;sAYus zx7jCrchd?7*LwtaZROd9>GS#_7Z5dSDcj@JA#e=`FJ?KCs)u}=u^R`(DsGQ z6Z7N_6>>b9#Ktf%e=xXu=y(#>tz3R3*nq2-1fJAb!4z4UP;0t6InO>>SZ~=YgE$<2 zPrh!;UhKXWY3^oQ5CLhB?D<^r>0GrxJAiM!xq}B7OndsPOg0|81)Z-o1pwLbO-VfOiX!kw7){k@><$3H&IbR5Un^mYy3dm>krYT6!%+FcK~14Ccuk?`1-|j z;kzR-XReGE*&wUqN!J_k#omMRSO9+urfR zHSCsHVvW@mVuP{AMIYVLJtlG&8lp63z%S`tIIJsJ zNiscH{rGeEduDNs7=iE_L7QNIVvC~v)zKT1*5(?{C9vZ004AosLB*q8A1ZP(D6Z&K zd-fiTA>xZweG^!>a2J{?7Q%OTrc;*T5xtnzh^D<1z!QBmmfYli6GY&)(t6r_xdFR7 zJ{gXl0Z8HO!O0zufDNMRjeb(!`Nwv3yxM#=E{i${$>8e*PO8kmG-UcX{%dmI!+#Sq zHN*Rnoj4{m3fVYjn}%+p)K2D9Gn2LU`-G(-1I3 z?&dG$+WtcpFPU$UuD4CEw-a)_*RFvfc*%L|>eX(V4X(d0R~A1oxU@g&R^#>33x+IQ zXWyNPJO<`nKFelv-0(ddL3TfCM{YRm=*=jR!yxlXLOxW|LijD@$yWjScC$yl$(Fs| zwauiCIm{Y)JbQj5Nz%Aj z!Rr;>qXAUk4l&H3lT7$aF=xLBj!TDZKKLQK!~4rB??lI(i0sU~jG10nOp$)SnO?U8 zfu`hOFNn)Q6GRUQV1ry+SRXhOFmYe$fBJ6!fTk}kiYIr5)udM=Z(JbS%j4a$cFTss z{HV9Bo+-U1rtT-eG6COh&g`;f$_cFW|iCcL_bZ#?01=VYgcme(m35?`~lrm zmW^toBqQan6ND8*`0*uj_I=zboyZzMYrE{*ilJ|3w(ZFF;8(XGFdTJwhX@gN!z^S; zs}E_Z_IxXR9|;jI-Bc4d4<<9 zl5vbl4qd-WR7WbLIQf;~lk z=@Ota0V(&q1IYcsrhALpGK~neB3&Gi{mr%5%WF5JX+*oM%jo9LZEy(6!^UfYHaEa# zo~oE=G*`(9yFf4^$@C69V=v;Tb}l)BZ!W_7_`M!jeO=E4Z+%8L`oWh~yT3U|Td#;j zyboU$wDCK2V$L86^PXUsx_X5qXZz@Rz5HHl)_&oQJT2rHh`HF(MRN*w>)IYyJyOnU zUm5HvA3$amlG-A8e{wp+nt?^UH(e1g7CT(&c&Tu8=BS_>h)l~j9<+Gxx^j8AZnt?& zl4Wgo7)4Zpaa`rQHOu^yLtxtdm?|ze``xM2`%Og`CEu7M=w;H(vc>-B@%~3&koRfx z<}S>K4GF0Uv#o=pX;TYAgm(JJ^=``de(LEbes`Vy$Y#UsM|f&wzY}ks6DUw@1}tVS;mG=?tJS3kRMSrO8+u*!Mrb!5NeK&jB+zvB zii@jOJMsvyX0A-L`LrYVimX=SQXC!h>V9d6zqRGPZaZq%YIb!AZV9<)zlJ=;gbhbO zW^)i>m-c#xXvwT#gI=*)cfGNkYKj&}Z+7NVK<=T#&cOYi_mS{HrguV1#(J(H9k1^( z<)&iu;Mii8PAxQ`Z+@*cK=J4(D(-Ue3Xy_Tr2SZgbiLG&rl&PvPuD?dnf!umE<}lZ z^FA8lc)Wrre7mo-aKDG6-O#blbTmmo!0Wk!d3UjDnYfzjX_B)1oKEL?!X=4N2Ham#0T(M!$FEs_Eg+mvtp~_FJzrWb#~lXB7!et{n zV&j|AxnEE&OT0vx?d_4oG?C%4>HI`C_p~htJ4;xP`S0(++R}+!Dh`)-d%x~YKhRJB zGB5%KdW+S=bU4}4&zd~?D>?fV7pkEJ|( zCkv((j}W)@BR}JUh(%$~6bj*{b=p?M;l{`dYkt{ z+6`UZvK8KoZ^&EQHlVqO_ABFzo8kg(0grpaWnOo*{fjNb?wv*^4XtLE!wzPT7_C=Z z^oQAHw#Pw-E2+skOQS8O?vKM$?x*u227A5<^Ol7=zK^$yx);X)=jv{LtnMJc)>v%= zi|S>Q$2sHXNT%WD2zrD3y#G^D@Vj)L^jh@~E;e=po-UbhKsI^ia!?dR>=G_HI^HGP zZXLqke3CNGfUTjUq9XWkwfZElF(vc>Yi`|`&`-^atp`{15`sIj^t{cG;|_J7Di|MSE%ZDtRSdoT!PGu!|CJ3o#861}+>eqw)x)mm#!EiSZpZeQM}lePZi zU+u4L0LC!Jic8}^9xLpKVbvP80i+dmHD#;3UI5EA2{A-7lh@uKV61EdpL!1h{D=Lz z59_+`1Ox=u`~J?|O7wYq_BD_x&dtp=KEO%lj^%f^WCa5Cq{N3Orb`CN8W#zXyzOcA zq_5COqCe?mv7voDD)RV<;;F=%Gdq%9q9LLUGxmM+K=+bVqvub&op+`)xAr8J)#ck& z@>J7LcwDuWGooRAoRjOJ%!7pZ_@ceNnl&YR&M$7ebEM?b<^x^e`;`3;zF3TXYQn?4 zj;Mok#>b|n>M;-UGuNEXQd|;9QTC8`Ep`~CVbm1&>tx|+aaKs0k4$S_xaH|pXT^3>qK{2-#*YR7gF+(0sZ(ii;eoaFbNzcg69HQDJ@96WR zQ7?x2>@W{+C-rSy1Yb4k0!()F`e!zfrdeN&lyNZRbt z7H#|ap)TJy-27Llx9=)TkjfUxZ6h)`_ujG3b}7Y^v^A_QChg1~_D_Awlf^&tXi-VN zZS_s3)ClmBj*{JLT1Dzw*!v=Gly<^NJ;Fj-oKwPVQ&RU?C1^f;tG4Xki1>7qMg>tJ zo%gJaMzQB59pP7Qd)K>8tz@xr`ZtvZ{8=M`1l7&lqQ>(c9f%*l5}q*)UFQ{#QKIow z@RbJ}B?dflDJF!MK)x+6&GIPb?Fi_X1JiP?DKr< z?bR3-p|Y7bpVAezUEi})`I$(mKyjaweZavwd(z^4#s+6cib4R0S!j<2WC3E6>C23% zhyE^b>#DLb>;LyI~c4Y*3r0;Ix4jq)L< zJ#^e`6wNR$ibwb-gNKtpYfH(uT5ZkwlsutUhcrZdQL=GnwnGiTAH{4*&;JbZ;>`O!ch zI$9>CBBkWlwu%Zdy?B8O>;*j?=7=@v-0nDWXiSVRJM6@)mrAe7yYq4#HK~rK6A6 zeCrAt3mwRO9MY)Y$Ja=CTLe~Re3z*56?)RU2u8DlbRJ;RGn%C!=3>{k106t4Gk5&V z<f(ouhcrOb}(7^!0%VRk$P;3wCN>+)Tafc@!WS4-HOGQJCo4a=M++`5^q_ z%60K#I}y=*_r_LNXm82&WwVZ`iix;Od*L`QLTuA)5sI>eiYQ;`R^S_bx*VRyKT)5J z5hb#1=&1Lc!jP}yWM&+89Hf&-I7x4JC4D{Dg>q^-&~f89^R1(#q01eXWyQp>L!54u zO51ml@s@@LyDy2KDZPq!(i&BiwsnwH#V}YI$|0l61100HGOer{V}q8lx=_qXfwh`( zqG8Ly)bq5p+c?xyy2n|~FFcfF^y|W)3H7U=E^{QnaTX`f0awC_VxHjbF@?Uz()SL& z+C(E0u;>clQ8NcN9>bK?ew;=KR#4v zeLPG#&L+YG3p&`2VvyqkUp+>vL%WD=a=CZ&&FOx9q&Ol)*CH#r2MS+Fd4LgI82MP4a3Zrlu|* zYNL@DMB-#NJ4MbQi745rA$?bF*^P!8AHH%U>@ZcC{>IO>v_o@~N~XG<7xQPK1-#`L zLyURaN0kYluifgtiL)+dpQ(`C5hq@0NSgDlE=cyQJ@*%Sc-$XZv5BN{*U`0<+Knq> z?T^FICmav^6nx6}b)NEt<|^SZlKkN;z&Dlfwuo#_qTE~`QzN^1tgFfWtw(dI*Y67U zN_;Xw*lC4SfW#^M1R8Sg@v0?kPyXjP4Ql?UZARq0RC)H3UNxb8{P~(3U9rp`XBOEy zoMj%%2;!pQ=@^BYtLhgu{0LDfDK%*r`ky{ld0fUT*}k6vP+#_!7(6fRn&!XyT2nfN zuvZFULY(Z0k(?Lk!l*(iy-Q}WBQCch(R8a;T%<&2(BGVXj( zRTktDufXa1&Sa?`eGBh%WO*n_l9-``g8?r~nn|+K$dyq~g&nP0Ql)m9O|(%;wL^AY zoRaFOSx|gDGwKv(p<@7XMRQDFH9Ptjq%y-e7VTpliLBU3^6w&i+f{;hCXzfPN&**G z&c8N#J2~yFr6XQ$^nO|=qJriMxHCv3De()>_ghxaahEb1v6tAjWH8qqQM%6EPdFU~ zT%5#nOj03H1(-~cs9`ZDC&8%5H-J{Pic5g~`mdf2o8Yd6ck@N~Syrp=r->z#m%9kq zQRWI!i2;Tey{meA$2ufg0y+>oI})UznJzNh7rnpUF#Xif981tr+eGOf%_sXRLQrcc zHfOpN#JQi=JZ1V>%(9fEB$(RVkHm?fRfq{J*m!(QV%R_vEZdYhwvB`a7m2iga7RcF z57V%Lak;bU>s>h!47lSfK)am;iB;tn6s2=tao9lFOK5a+tERp~*$UB7*|w@`_(q7( zEap@i%{xM=&En+@xL8OE<~2V5D)}iNoewQYPF#)PGL}^3t@#i?rU#a?02(ev?Vo#` zRA^}M|Ku#H4O-*E8Ebxm9XO*TSZj?^(5Y4oM2}fCl`t~zT1IhU#WsbC=5Fim!twfk z5MumpuHPVxTADo5Ws9+m;b>u-O0nIa!ixKiwSR@x-U7#a9($rLUjL)QklsgZ0^Ncv(~K`GP?6x`!$6g_Ca|4J)>4{8Y*9$JY)jz^ zZW?+!;OVsT%osg*AG*(t!q0W@^MQ`#tyQur%v9ddX3nThG7}ns9612M2nIa5F)Dj< z9uv0HS0u)XzwwqME%!6Fo8PoqM~{-uA-~GBS6d28T~p2}))L zNVW!RDhlZd5({<=x(aLUnNf3x%8Rw}B=|H!g1RhQm`6(Lt zh-Cap`KT#gjs9W@78~%V1f*JPb{Q%pNohI@z2_2a)S5p8CIve=zcc>STQ({!VPqdl zhfr%o_i(&Gnp)wOcg)aZDZ>6tlM;oJAI3*SP+xIelvgNkwHrKTlSUXUCa}Xyrsj|v zteC)j11@Ef>FmZ7^0F9U{tlCWYnx$h%~yQDL-*BV!Y9P+-G=q(ewlT~NRrB1Vzk0c z36L#1>ij`uKYX17r4m|b{Bs^ObDb$O!s+2Jg?uyMtWhF9o^1Dqk!@$?B9o92XQIY1 zbGb%31#GX;mIG z?lSL~WFZ8VkqUPEOb|=y^74##RdaCAp>ez3$CaA-uc`XAV}Pf#G801@wt?q9O3!-> z#F&P?4)W^qUTk#R7Yr8PhPJNc8#{?REulG5JmgBxoU_J3GHIf_mfr3es;HJ&W5Y5# zjYcWdjUmZ>Jeu+gvLL$E`W=J!N$I@ksO*K33?SckQN_S-Is7;e5N5IxO~NCr^`4^E zhEov|#z6Y0hNzLG%w_?<>(FKPsf95_C|G567NiVjCyip$ob3McU^XsfFM%Ir8H;(d z#`V6N{%aU=y!DXU=uTQA;X6W>k$SmE4{ZjmoaN=Xv2?2t2Wi`n%bd2t65d=x^dwUd z0~1g3jY285?7WrS1Rs58;;!gzbXilaGETWP+B_pz8B zXtXe{Nc%*andT}|ELTIM^((mrPJ-y-x9pJ~-QlY{x1|INi;ZOrQbe6qI?(#=(!p;d z9ODaal%e)b?EXD#E8*t)O6!+WVGw5E; zsdWar>5U)MCd-A{P9SPHSd*%yqW8qBOuq-mZN?vZ3FTzxozYrPUb&#rUgS)D!n`%& zG`F7i#%FHMAEuWlnz5vys#Ps=>i6Fs(lHxT@JtX5wY;8?3^19dvex<{@lUh^DZ~y6 zpdDH_&R^EavRObctXF0`&cSAm+eMUVVG=`M~cKTj|ekMfnvw1zSC@#2HqJJ5nMFY0%;YGIKpDeQ2?%PV~7;TCg~qZOor zrtgUZUuC9TIBQvtV!&2W=x*=`xuX`})SEvR#_6jr&$$`07K7+Yq{n0Q9NKbC2o+5B zIP3yq80EJS-s&yaeCPn_<^^x+_h5_8(C)a^i-z#ahjj$L#D$rUWzBv1Z6`SABST03 zVwI#3JR__x@aF3W4?IFuc(#mkKn+ViogQQR3QUv)ov@$)xs)jp(h|uj2@Ar zDF(71Ol#f*$?!=3M0Y%C$W+|v?d6man+@~Z=Vww4DE~>6FCibM3<1r7Ibxp6#PxoYdsx@p=puQEv`zsD_Aq?8 zgSubA>Z(;An1i9TR{3W+UuvE+ldz?H9^JuiaeL?aJrgR+5kC7GBRGQRJyu9PdNvT` z=6uO}4s`&65hB?L;r_e5pd`g<1yFp93reu@Dr?Oy9F2xZuMHxJhtiN;I&TX?TJcxx zCN9_pFu2{)U2FaU7vKZ*7plL*=4-7<;C6*F>KYd$8z#kfE!BS86ubkFN=H&eel0WY zp`lhe`f}`Mqx-BaC|hm=S8sHhXQx91v}bbTQvwHDgkuF%vT*W|GW!_r4ge6z(|7`j{8y#4|9}fIGpUB3W(L3oGyfg)F&iER0R^@>6J&by8S(KZ3I9z1OQTt=wHssN3_7Uxy?5_#e=jFwbr;2W1lbhb~um1 zLyM-;1}=anq8b?*K>pQ69IDw^v*)~}Dhyhhdl(fLKXA~x*ywv#`^mYCJ{(5U=P(eN zr?wo#LcFVCOE|tYjaG%_Df2xnbgpvXStk3B`epqlJnZWWS_DAP4~XR?S`XQ7uQ-eK zrWlZ^=bu}GL2B|z7!|No99Ha^Mzj$2?Iq%LGN2Iog?2nftKxuBo$njeN)Lb#ui{4U zbZg~OaGR^s2Ai+mpyUz{)C8?}-$6w#&9%@w-n<{CM?WIQ&(}BbeAd$3>Z3dPh1$`q zE@_(tsJ>2If2qgCs)6sY>G)Qt=0Vv~C^l+?>x6SNB~+f@htsJ4Uf{(xt=K?+oFMv( z+`vLytS&Lt>Bi8$q?|n2{1R$(FAvF(k`nqGVMz_vyBC{E5f^<_!%RDr-NR!3yuB8e z4An7Gt@D&Djs^rfC1SQ0mA>`lo3L@vYSsXcZibMOz%1E)giSj98 z^H4Hrjg*Ee8jr)cI;l;}YPM(@K)v0CMM1Sq#A;_oeyw$O)^Nf5>0z)`D5{l5#`TdUUB|4oEJE!?H zlHQnA!)QN)pFOzvTlNNLQ+&L-BRXM`B?y=l~@cp6EDbu0EwQS#N>qlaJV z?~f&!dpj#9a0bb&5=wN!xQMTmLh@Nx29SWNJX9qyVS1YB?1CdQT(m$U4e#@NaMA>m zyoDKY0!Vt43;{~GurK;%P|anvCOI!n@8pNqz13g*qKS00gk?NO55D(DN{Al=JhnyjeV{o-eyR_`NMKO{$X{h5*gyP?TkE?F*ld)X7wJmIVFNb#Eh zD<3&E@BJMMuo8wR^~|qh9YR`3@Ta6zsf}#QkIHyraZb`;#VoKXwRc2q`GEu_B@>XW zI!~a>>*XVt9JD&Sc2Az$&tAqzF*+y%pw!#} zU!S0H1sW(M8?CUAEB3S0h(|5J_j$!(R%foxRSVRr1WT$&qoEcxW<0nbn%d1i#vr`S z)PFx1)qZgVBUjK-p8ROapph$|2SSw)S2f|<4#Wcy<9yar#~5Z`>&ZYxn|qxXs@(Cd zhm*w$s!i{qF&q;USVMvZpR_-2QTz-aTjM`83Jd{uSCYngz)U@>Sm<;w-nC9hJm_}j zXwk6^pt|N~^k7N$@f0urajgAhS{+Q4E<0FkTwE?{OE|!^J|b!zf32x2wMrv*s5J}# z(rqOD@dk9<3BO8`5J&&*PR#x7D%g{r_EANbcs|+i(R~*l;n#ngBMkuD@Lvpa(f=Ka zZ*J!+@FqNsKZXE?uTk+IIKnxM9Uc0oi>Lgrp@9Duws&^x{Uj?@3*4BpHbB#N{P2=T z!0YcNr^fwzB2;L zvM>KaT3kHAsXyH7sRMYf(r%@xggI5k!(67NbdDRWkgg6uF0BxQ#ZsK?z7AsmckVr| zc^`|qE?!9z}MQfx}2i z`g&ZN;uoM#Yj|BLqIdi)Hy=TXXJ)e`C#c8Y)~=h&Ve_sGXDsnVzh<1B}Qm z6C(?86j-y8lKg)78&3zyZH*PY*(in}f9J8Lb5e||a7$DKN=hlle&3Jm$*WRY`;}z` z^3vIF^M^W9KTHzxCVUj*?L+5&0cIVe#bDi(&?bc1Y_2x+!0kM=zNIjtelm}w?rl}% z`0+OXYGd1at-0}=0R13Xv(LT0&G_EaG8JA=x-|@L8P)PGV)VO0F=eokQ2_mR+^{j6GkU_S#4u|%4rBa}$uyIxLlm6*oUXsY{a{*T2E+n{I-Es77#aw z_JP|uhe7^a*>016Gye!>+Rm=LoFaYm$M^71PW$^5yVO+vlb_;iCLqD4NW= zBDmNynm|>b^n7c5RY7Hv{)g@~=R66k3lWA*F7@u_>VcYbJAF0<)Ofj`+r6#V>|JE> z05Y(M1shu ztW`7Rg&97!dkF*QlVvnI1<>8y!y_XOD_vpE<&HcRopOe#fBypg2{f6l{@F7=po$jk zFyoy4*ElqclUtg!_bH&?)v*Pf2A~}O6%#Noz&LpEua^67-yg8G|A#?%od=cSUn3iP z{{KY?je$Ju`EnO8YbZ!?;|m4(P6JUWCw6IwZpY6n0W& zVv(bS(%iy(?oUGB_Nh5TyuBQ&0|30m@P83`_o%ez=kCy_0I#RIyat&pb!!fzc zf49z6pZ}e8K6$KjZDWthbtmu1{$T22Vydcxk50tK(e%Fay;wB|C+u77_wV16iEh;O zq7Z|vM;S+1xQ^aZaG0O_eV+P!`FU9GE2D~#7DS5iXX2H!Pvt~Zo6n=0S#5%ZXv6-r z_pkX5x2?kBxSW#0CMsQp?#Bq$*{iWc%A=|0II)J%b6(Cb?s&EkRYgAxVu4MVQF zr>9z+kNzyQ2Dzj8`>sGO5oub|>fL@YYH!&(p;cj1mQ6a&(CK}H3!e+8=kx@bw^rN&FOp)91uIL`5<0_%aTXp6vm3K$D5Mv6B4ir2qyR{X6{_`hUg`s(+zpnI>ht=uPFkZM;7wjhkdpf&4G09NdyMRwr663llS!>l`XQjPTP2QB#$#0TOHxfN^xY!+}MFiUHiVy8BOO@ zor(@8DxITFL(nw-CacOw-1bJ3zVtz_0Ef=}NJ3Y>_V0!i1XinR4<2!6blAbm;NLem z&G;KA9n^s#u?#OzQd0@8)=~Ihqlt|-|L`yZq_~`sXiaA8FutE!*mq!C zQ#Rmd!^{vLV;{`RvUTfkx3jIlpmMlm3G(=qP+4ly*qW2^CKRWtXazQe_{?16ZLN?> z16DA${nhE+41ICo*4Azue&|Yq{4xt0$YWr5^GUGQ8M_?NYghETyNZRuU~0N_+h z*^hUd)iCXO!K!kto|5&;k_U1%tqb-j&b#--KS4YdOn>&0ycgMX_KgwRCf-pYnHo4394iC{_T!u+f?0uGP$Q+-KaYQxeL7y&H%jw#T+L|fX*Z9_qYhK* z;b<8Et-OAkip;I<`{1V2(3tVlaO>ZXH(cLcpKjK%u5fwZoP|YGh_qhC9ov&WE}Qz&fI37Tj-v@m zrGN>?FWX1YKiJsVz_}eP-{tP>3;Ubl=zAr#xaU zBkY_(%=U@8CC(gDyF=9G&bPqH>3)ZV2#P}kdwj~;jBb4>pFzFQl5~+5ixH+XtCC-X zgF}7>5*PjKl)2^EhYX*br-o1cc|M8LZTAB;Xz2s-4SW_1wKl^eoRb#qd54?)OtuDG zPn2_t(l0*qS6G2>clZ6S%jUhT`k^W8Xkn^ElRk}}n_b*t>I8hdMiQhF)b73J4Ytzh zbmIE&u}b@j=G9!iHoZG(!(RBuOy;lG&k@MzmW3U{&?8apY}BPlZXWO7CrgyTPS<(& z82=QRtMMuU7B#O1 zV~GrjYGh;>2yYZPSx56ekS)s3ok>dAkEOd{1s#S1s}fxDnV5QpqwF|D=SGYp7~rK%-Vf zY#1(aLo5)L6*Wku8)J=$h`4cK&C5=YEd&_%St^xpd=gigL2aFY+9GD4yV#Vg6$dXT zOYb!dogfN4_;&iEtI#|*P0Hpi+%HmrG$E^H%`BIc11*T-d(~e~D&d*dacf5( zz~J{-zXhY@96K!L?RX(rU7r5QliQ?Z$3;KczIq@2WxucPn3>Obc%2qW<&9boM{~E zwJ~hXDLqOoKF-^75(@!=S#GtjhB^;Mw)wo(>*Zo#~{0Ki$sjg zwoFsv;s3|bVmKK>5Gr!lbf+3NxKVU#}T~h zZTL=qnURl}LX@0RfKP_j5o1T5>gU{2U|YwTj@OM-&1#vpkIMqDr=gdY5*oIOd?>-R zV%%FJShA~-0zEX{$)}!=3hWOqGN(Ui{Zq5cS6X+LRq}%XD|Yfe{_*iVly1W*b0d}A z%k2UE1y#zXZDV6nYHH}wnB(++=>`W(MwI2o_J4lao{ljk*_lk;n0nsdV62=)e}NoK z9oRq@(L~3ST@c16hoX_v6O>2HYo$+gX~n}QVYl+}eqd7q8ygq;!mB|;IFl$KRLb_x z2$f+9^gu?_L;)o1Be}t3f<4EaR|9wbuwsEuBP9xG#0Ba3#7ml@) znjnAsAZKkZuH11JiiRMrWVg);&x?NMC>kq#sty7k-7eR%xgM|XNcibbQ=T59Z64S5 zfB4mT7O$Gfj1k=pCkblvA$K0T#`GSp>`Sx|6wvr88o06Sb?&^%sIj={`vm7eSk_J5 z^L`ImHD;&XP_sm6e1%TClP?wbYwe3yfI%7IDcq# zvNs3fL@uT}0b#3!9q0E^rJXP0+5{7;|kmdJf588eoNt_^sbn^aWu<`@`EOW5nm zZqf0aR0M!!<1yZN``m07@Z4HGc{-trg597R>)VhH=>9&7Gq}x5^l=;~?bMaG=Hrux z40QabN8H;6b^&ktzx0&Xz-n_tyO^Ss^1YjD_;qNANuyDbXgC4iEbNl|}Wx=uk jiNpTioZ|oS$Il*rF)$e(#oOJ$0RtqVAYS%C&;P#x6`2wj literal 0 HcmV?d00001 diff --git a/docs/addons/redis/auto-backup/index.md b/docs/addons/redis/auto-backup/index.md new file mode 100644 index 0000000..b316d3c --- /dev/null +++ b/docs/addons/redis/auto-backup/index.md @@ -0,0 +1,726 @@ +--- +title: Redis Auto-Backup | Stash +description: Backup Redis using Stash Auto-Backup +menu: + docs_{{ .version }}: + identifier: stash-redis-auto-backup + name: Auto-Backup + parent: stash-redis + weight: 30 +product_name: kubestash +menu_name: docs_{{ .version }} +section_menu_id: stash-addons +--- + +# Backup Redis using Stash Auto-Backup + +Stash can be configured to automatically backup any Redis database in your cluster. Stash enables cluster administrators to deploy backup blueprints ahead of time so that the database owners can easily backup their database with just a few annotations. + +In this tutorial, we are going to show how you can configure a backup blueprint for Redis databases in your cluster and backup them with few annotations. + +## Before You Begin + +- At first, you need to have a Kubernetes cluster, and the `kubectl` command-line tool must be configured to communicate with your cluster. +- Install Stash in your cluster following the steps [here](/docs/setup/install/stash/index.md). +- If you are not familiar with how Stash backup and restore Redis databases, please check the following guide [here](/docs/addons/redis/overview/index.md). +- If you are not familiar with how auto-backup works in Stash, please check the following guide [here](/docs/guides/auto-backup/overview/index.md). +- If you are not familiar with the available auto-backup options for databases in Stash, please check the following guide [here](/docs/guides/auto-backup/database/index.md). + +You should be familiar with the following `Stash` concepts: + +- [BackupBlueprint](/docs/concepts/crds/backupblueprint/index.md) +- [BackupConfiguration](/docs/concepts/crds/backupconfiguration/index.md) +- [BackupSession](/docs/concepts/crds/backupsession/index.md) +- [Repository](/docs/concepts/crds/repository/index.md) +- [Function](/docs/concepts/crds/function/index.md) +- [Task](/docs/concepts/crds/task/index.md) + +In this tutorial, we are going to show backup of three different Redis databases on three different namespaces named `demo-1`, `demo-2`, and `demo-3`. Create the namespaces as below if you haven't done it already. + +```bash +❯ kubectl create ns demo-1 +namespace/demo-1 created + +❯ kubectl create ns demo-2 +namespace/demo-2 created + +❯ kubectl create ns demo-3 +namespace/demo-3 created +``` + +When you install Stash, it installs the necessary addons to backup Redis. Verify that the Redis addons were installed properly using the following command. + +```bash +❯ kubectl get tasks.stash.appscode.com | grep redis +redis-backup-6.2.5 62m +redis-backup-6.2.5 62m +``` + +We are going to use [bitnami/redis](https://artifacthub.io/packages/helm/bitnami/redis) chart from [ArtifactHub](https://artifacthub.io/). Let's add the respective chart repository to our helm repo list. + +```bash +# Add bitnami chart registry +$ helm repo add bitnami https://charts.bitnami.com/bitnami +# Update helm registries +$ helm repo update +``` + +## Prepare Backup Blueprint + +To backup a Redis database using Stash, you have to create a `Secret` containing the backend credentials, a `Repository` containing the backend information, and a `BackupConfiguration` containing the schedule and target information. A `BackupBlueprint` allows you to specify a template for the `Repository` and the `BackupConfiguration`. + +The `BackupBlueprint` is a non-namespaced CRD. So, once you have created a `BackupBlueprint`, you can use it to backup any Redis database of any namespace just by creating the storage `Secret` in that namespace and adding few annotations to the AppBinding containing the connection info to your database. Then, Stash will automatically create a `Repository` and a `BackupConfiguration` according to the template to backup the database. + +Below is the `BackupBlueprint` object that we are going to use in this tutorial, + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: BackupBlueprint +metadata: + name: redis-backup-template +spec: + # ============== Blueprint for Repository ========================== + backend: + gcs: + bucket: stash-testing + prefix: redis-backup/${TARGET_NAMESPACE}/${TARGET_APP_RESOURCE}/${TARGET_NAME} + storageSecretName: gcs-secret + # ============== Blueprint for BackupConfiguration ================= + task: + name: redis-backup-6.2.5 + schedule: "*/5 * * * *" + retentionPolicy: + name: 'keep-last-5' + keepLast: 5 + prune: true +``` + +Here, we are using a GCS bucket as our backend. We are providing `gcs-secret` at the `storageSecretName` field. Hence, we have to create a secret named `gcs-secret` with the access credentials of our bucket in every namespace where we want to enable backup through this blueprint. + +Notice the `prefix` field of `backend` section. We have used some variables in form of `${VARIABLE_NAME}`. Stash will automatically resolve those variables from the database information to make the backend prefix unique for each database instance. + +Let's create the `BackupBlueprint` we have shown above, + +```bash +❯ kubectl apply -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/redis/auto-backup/examples/backupblueprint.yaml +backupblueprint.stash.appscode.com/redis-backup-template created +``` + +Now, we are ready to backup our Redis databases using few annotations. You can check available auto-backup annotations for a databases from [here](/docs/guides/auto-backup/database/index.md#available-auto-backup-annotations-for-database). + +## Auto-backup with default configurations + +In this section, we are going to backup a Redis database of `demo-1` namespace. We are going to use the default configurations specified in the `BackupBlueprint`. + +### Create Storage Secret + +At first, let's create the `gcs-secret` in `demo-1` namespace with the access credentials to our GCS bucket. + +```bash +❯ echo -n 'changeit' > RESTIC_PASSWORD +❯ echo -n '' > GOOGLE_PROJECT_ID +❯ cat downloaded-sa-json.key > GOOGLE_SERVICE_ACCOUNT_JSON_KEY +❯ kubectl create secret generic -n demo-1 gcs-secret \ + --from-file=./RESTIC_PASSWORD \ + --from-file=./GOOGLE_PROJECT_ID \ + --from-file=./GOOGLE_SERVICE_ACCOUNT_JSON_KEY +secret/gcs-secret created +``` + +### Deploy Database + +Let's deploy a Redis database named `sample-redis-1` in the `demo-1` namespace. + +```bash +❯ helm install sample-redis-1 bitnami/redis -n demo-1 +``` + +Now, let's insert some sample data into it. + +```bash +❯ export PASSWORD=$(kubectl get secrets -n demo-1 sample-redis-1 -o jsonpath='{.data.\redis-password}' | base64 -d) +❯ kubectl exec -it -n demo-1 sample-redis-1-master-0 -- redis-cli -a $PASSWORD +Warning: Using a password with '-a' or '-u' option on the command line interface may not be safe. +127.0.0.1:6379> set key1 value1 +OK +127.0.0.1:6379> get key1 +"value1" +127.0.0.1:6379> exit +``` + +### Create AppBinding + +Now, we have to create an AppBinding with the connection information of our database. Below, is the YAML of the AppBinding that we are going to create for our `sample-redis-1` database. + +```yaml +apiVersion: appcatalog.appscode.com/v1alpha1 +kind: AppBinding +metadata: + name: sample-redis-1 + namespace: demo-1 + annotations: + stash.appscode.com/backup-blueprint: redis-backup-template +spec: + clientConfig: + service: + name: sample-redis-1-master + path: / + port: 6379 + scheme: http + secret: + name: sample-redis-1 + secretTransforms: + - renameKey: + from: redis-password + to: password + type: redis + version: 6.2.5 +``` + +Notice the `annotations` section. We are pointing to the `BackupBlueprint` that we have created earlier through `stash.appscode.com/backup-blueprint` annotation. Stash will watch this annotation and create a `Repository` and a `BackupConfiguration` according to the `BackupBlueprint`. + +Let's create the above AppBinding, + +```bash +❯ kubectl apply -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/redis/auto-backup/examples/sample-redis-1.yaml +appbinding.appcatalog.appscode.com/sample-redis-1 created +``` + +### Verify Auto-backup configured + +In this section, we are going to verify whether Stash has created the respective `Repository` and `BackupConfiguration` for our Redis database or not. + +#### Verify Repository + +At first, let's verify whether Stash has created a `Repository` for our Redis or not. + +```bash +❯ kubectl get repository -n demo-1 +NAME INTEGRITY SIZE SNAPSHOT-COUNT LAST-SUCCESSFUL-BACKUP AGE +app-sample-redis-1 22s +``` + +Now, let's check the YAML of the `Repository`. + +```yaml +❯ kubectl get repository -n demo-1 app-sample-redis-1 -o yaml +apiVersion: stash.appscode.com/v1alpha1 +kind: Repository +metadata: + name: app-sample-redis-1 + namespace: demo-1 + ... +spec: + backend: + gcs: + bucket: stash-testing + prefix: redis-backup/demo-1/redis/sample-redis-1 + storageSecretName: gcs-secret +``` + +Here, you can see that Stash has resolved the variables in `prefix` field and substituted them with the equivalent information from this database. + +#### Verify BackupConfiguration + +If everything goes well, Stash should create a `BackupConfiguration` for our Redis in `demo-1` namespace and the phase of that `BackupConfiguration` should be `Ready`. Verify the `BackupConfiguration` crd by the following command, + +```bash +❯ kubectl get backupconfiguration -n demo-1 +NAME TASK SCHEDULE PAUSED PHASE AGE +app-sample-redis-1 redis-backup-6.2.5 */5 * * * * Ready 76s +``` + +Now, let's check the YAML of the `BackupConfiguration`. + +```yaml +❯ kubectl get backupconfiguration -n demo-1 app-sample-redis-1 -o yaml +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: app-sample-redis-1 + namespace: demo-1 + ... +spec: + driver: Restic + repository: + name: app-sample-redis-1 + retentionPolicy: + keepLast: 5 + name: keep-last-5 + prune: true + runtimeSettings: {} + schedule: '*/5 * * * *' + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-redis-1 + task: + name: redis-backup-6.2.5 + tempDir: {} +status: + conditions: + - lastTransitionTime: "2021-07-29T13:59:57Z" + message: Repository demo-1/app-sample-redis-1 exist. + reason: RepositoryAvailable + status: "True" + type: RepositoryFound + - lastTransitionTime: "2021-07-29T13:59:57Z" + message: Backend Secret demo-1/gcs-secret exist. + reason: BackendSecretAvailable + status: "True" + type: BackendSecretFound + - lastTransitionTime: "2021-07-29T13:59:57Z" + message: Backup target appcatalog.appscode.com/v1alpha1 appbinding/sample-redis-1 + found. + reason: TargetAvailable + status: "True" + type: BackupTargetFound + - lastTransitionTime: "2021-07-29T13:59:57Z" + message: Successfully created backup triggering CronJob. + reason: CronJobCreationSucceeded + status: "True" + type: CronJobCreated + observedGeneration: 1 + +``` + +Notice the `target` section. Stash has automatically added the Redis as the target of this `BackupConfiguration`. + +#### Verify Backup + +Now, let's wait for a backup run to complete. You can watch for `BackupSession` as below, + +```bash +❯ kubectl get backupsession -n demo-1 -w +NAME INVOKER-TYPE INVOKER-NAME PHASE DURATION AGE +app-sample-redis-1-1627567808 BackupConfiguration app-sample-redis-1 0s +app-sample-redis-1-1627567808 BackupConfiguration app-sample-redis-1 Running 22s +app-sample-redis-1-1627567808 BackupConfiguration app-sample-redis-1 Succeeded 1m28.696008079s 88s +``` + +Once the backup has been completed successfully, you should see the backed up data has been stored in the bucket at the directory pointed by the `prefix` field of the `Repository`. + +
    + Backup data in GCS Bucket +
    Fig: Backup data in GCS Bucket
    +
    + +## Auto-backup with a custom schedule + +In this section, we are going to backup a Redis database of `demo-2` namespace. This time, we are going to overwrite the default schedule used in the `BackupBlueprint`. + +### Create Storage Secret + +At first, let's create the `gcs-secret` in `demo-2` namespace with the access credentials to our GCS bucket. + +```bash +❯ kubectl create secret generic -n demo-2 gcs-secret \ + --from-file=./RESTIC_PASSWORD \ + --from-file=./GOOGLE_PROJECT_ID \ + --from-file=./GOOGLE_SERVICE_ACCOUNT_JSON_KEY +secret/gcs-secret created +``` + +### Deploy Database + +Let's deploy a Redis database named `sample-redis-2` in the `demo-2` namespace. + +```bash +❯ helm install sample-redis-2 bitnami/redis -n demo-2 +``` + +Now, let's insert some sample data into it. + +```bash +❯ export PASSWORD=$(kubectl get secrets -n demo-2 sample-redis-2 -o jsonpath='{.data.\redis-password}' | base64 -d) +❯ kubectl exec -it -n demo-2 sample-redis-2-master-0 -- redis-cli -a $PASSWORD +Warning: Using a password with '-a' or '-u' option on the command line interface may not be safe. +127.0.0.1:6379> set key1 value1 +OK +127.0.0.1:6379> get key1 +"value1" +127.0.0.1:6379> exit +``` + +### Create AppBinding + +Now, we have to create an AppBinding with the connection information of our database. Below, is the YAML of the AppBinding that we are going to create for our `sample-redis-2` database. + +```yaml +apiVersion: appcatalog.appscode.com/v1alpha1 +kind: AppBinding +metadata: + name: sample-redis-2 + namespace: demo-2 + annotations: + stash.appscode.com/backup-blueprint: redis-backup-template + stash.appscode.com/schedule: "*/3 * * * *" +spec: + clientConfig: + service: + name: sample-redis-2-master + path: / + port: 6379 + scheme: http + secret: + name: sample-redis-2 + secretTransforms: + - renameKey: + from: redis-password + to: password + type: redis + version: 6.2.5 +``` + +Notice the `annotations` section. This time, we have passed a schedule via `stash.appscode.com/schedule` annotation along with the `stash.appscode.com/backup-blueprint` annotation. + +Let's create the above AppBinding, + +```bash +❯ kubectl apply -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/redis/auto-backup/examples/sample-redis-2.yaml +appbinding.appcatalog.appscode.com/sample-redis-2 created +``` + +### Verify Auto-backup configured + +Now, let's verify whether the auto-backup has been configured properly or not. + +#### Verify Repository + +At first, let's verify whether Stash has created a `Repository` for our Redis or not. + +```bash +❯ kubectl get repository -n demo-2 +NAME INTEGRITY SIZE SNAPSHOT-COUNT LAST-SUCCESSFUL-BACKUP AGE +app-sample-redis-2 29s +``` + +Now, let's check the YAML of the `Repository`. + +```yaml +❯ kubectl get repository -n demo-2 app-sample-redis-2 -o yaml +apiVersion: stash.appscode.com/v1alpha1 +kind: Repository +metadata: + name: app-sample-redis-2 + namespace: demo-2 + ... +spec: + backend: + gcs: + bucket: stash-testing + prefix: redis-backup/demo-2/redis/sample-redis-2 + storageSecretName: gcs-secret +``` + +Here, you can see that Stash has resolved the variables in `prefix` field and substituted them with the equivalent information from this new database. + +#### Verify BackupConfiguration + +If everything goes well, Stash should create a `BackupConfiguration` for our Redis in `demo-2` namespace and the phase of that `BackupConfiguration` should be `Ready`. Verify the `BackupConfiguration` crd by the following command, + +```bash +❯ kubectl get backupconfiguration -n demo-2 +NAME TASK SCHEDULE PAUSED PHASE AGE +app-sample-redis-2 redis-backup-6.2.5 */3 * * * * Ready 64s +``` + +Now, let's check the YAML of the `BackupConfiguration`. + +```yaml +❯ kubectl get backupconfiguration -n demo-2 app-sample-redis-2 -o yaml +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: app-sample-redis-2 + namespace: demo-2 + ... +spec: + driver: Restic + repository: + name: app-sample-redis-2 + retentionPolicy: + keepLast: 5 + name: keep-last-5 + prune: true + runtimeSettings: {} + schedule: '*/3 * * * *' + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-redis-2 + task: + name: redis-backup-6.2.5 + tempDir: {} +status: + conditions: + - lastTransitionTime: "2021-07-29T14:17:31Z" + message: Repository demo-2/app-sample-redis-2 exist. + reason: RepositoryAvailable + status: "True" + type: RepositoryFound + - lastTransitionTime: "2021-07-29T14:17:31Z" + message: Backend Secret demo-2/gcs-secret exist. + reason: BackendSecretAvailable + status: "True" + type: BackendSecretFound + - lastTransitionTime: "2021-07-29T14:17:31Z" + message: Backup target appcatalog.appscode.com/v1alpha1 appbinding/sample-redis-2 + found. + reason: TargetAvailable + status: "True" + type: BackupTargetFound + - lastTransitionTime: "2021-07-29T14:17:31Z" + message: Successfully created backup triggering CronJob. + reason: CronJobCreationSucceeded + status: "True" + type: CronJobCreated + observedGeneration: 1 +``` + +Notice the `schedule` section. This time the `BackupConfiguration` has been created with the schedule we have provided via annotation. + +Also, notice the `target` section. Stash has automatically added the new Redis as the target of this `BackupConfiguration`. + +#### Verify Backup + +Now, let's wait for a backup run to complete. You can watch for `BackupSession` as below, + +```bash +❯ kubectl get backupsession -n demo-2 -w +NAME INVOKER-TYPE INVOKER-NAME PHASE DURATION AGE +app-sample-redis-2-1627568283 BackupConfiguration app-sample-redis-2 Running 86s +app-sample-redis-2-1627568283 BackupConfiguration app-sample-redis-2 Succeeded 1m33.522226054s 93s +``` + +Once the backup has been completed successfully, you should see that Stash has created a new directory as pointed by the `prefix` field of the new `Repository` and stored the backed up data there. + +
    + Backup data in GCS Bucket +
    Fig: Backup data in GCS Bucket
    +
    + +## Auto-backup with custom parameters + +In this section, we are going to backup a Redis database of `demo-3` namespace. This time, we are going to pass some parameters for the Task through the annotations. + +### Create Storage Secret + +At first, let's create the `gcs-secret` in `demo-3` namespace with the access credentials to our GCS bucket. + +```bash +❯ kubectl create secret generic -n demo-3 gcs-secret \ + --from-file=./RESTIC_PASSWORD \ + --from-file=./GOOGLE_PROJECT_ID \ + --from-file=./GOOGLE_SERVICE_ACCOUNT_JSON_KEY +secret/gcs-secret created +``` + +### Deploy Database + +Let's deploy a Redis database named `sample-redis-3` in the `demo-3` namespace. + +```bash +❯ helm install sample-redis-3 bitnami/redis -n demo-3 +``` + +Now, let's insert some sample data into it. + +```bash +❯ export PASSWORD=$(kubectl get secrets -n demo-3 sample-redis-3 -o jsonpath='{.data.\redis-password}' | base64 -d) +❯ kubectl exec -it -n demo-3 sample-redis-3-master-0 -- redis-cli -a $PASSWORD +Warning: Using a password with '-a' or '-u' option on the command line interface may not be safe. +127.0.0.1:6379> set key1 value1 +OK +127.0.0.1:6379> get key1 +"value1" +127.0.0.1:6379> exit +``` + +### Create AppBinding + +Now, we have to create an AppBinding with the connection information of our database. Below, is the YAML of the AppBinding that we are going to create for our `sample-redis-3` database. + +```yaml +apiVersion: appcatalog.appscode.com/v1alpha1 +kind: AppBinding +metadata: + name: sample-redis-3 + namespace: demo-3 + annotations: + stash.appscode.com/backup-blueprint: redis-backup-template + params.stash.appscode.com/args: -db 0 +spec: + clientConfig: + service: + name: sample-redis-3-master + path: / + port: 6379 + scheme: http + secret: + name: sample-redis-3 + secretTransforms: + - renameKey: + from: redis-password + to: password + type: redis + version: 6.2.5 +``` + +Notice the `annotations` section. This time, we have passed an argument via `params.stash.appscode.com/args` annotation along with the `stash.appscode.com/backup-blueprint` annotation. + +Let's create the above AppBinding, + +```bash +❯ kubectl apply -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/redis/auto-backup/examples/sample-redis-3.yaml +appbinding.appcatalog.appscode.com/sample-redis-3 created +``` + +### Verify Auto-backup configured + +Now, let's verify whether the auto-backup resources has been created or not. + +#### Verify Repository + +At first, let's verify whether Stash has created a `Repository` for our Redis or not. + +```bash +❯ kubectl get repository -n demo-3 +NAME INTEGRITY SIZE SNAPSHOT-COUNT LAST-SUCCESSFUL-BACKUP AGE +app-sample-redis-3 29s +``` + +Now, let's check the YAML of the `Repository`. + +```yaml +❯ kubectl get repository -n demo-3 app-sample-redis-3 -o yaml +apiVersion: stash.appscode.com/v1alpha1 +kind: Repository +metadata: + name: app-sample-redis-3 + namespace: demo-3 + ... +spec: + backend: + gcs: + bucket: stash-testing + prefix: redis-backup/demo-3/redis/sample-redis-3 + storageSecretName: gcs-secret +``` + +Here, you can see that Stash has resolved the variables in `prefix` field and substituted them with the equivalent information from this new database. + +#### Verify BackupConfiguration + +If everything goes well, Stash should create a `BackupConfiguration` for our Redis in `demo-3` namespace and the phase of that `BackupConfiguration` should be `Ready`. Verify the `BackupConfiguration` crd by the following command, + +```bash +❯ kubectl get backupconfiguration -n demo-3 +NAME TASK SCHEDULE PAUSED PHASE AGE +app-sample-redis-3 redis-backup-6.2.5 */5 * * * * Ready 62s +``` + +Now, let's check the YAML of the `BackupConfiguration`. + +```yaml +❯ kubectl get backupconfiguration -n demo-3 app-sample-redis-3 -o yaml +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: app-sample-redis-3 + namespace: demo-3 + ... +spec: + driver: Restic + repository: + name: app-sample-redis-3 + retentionPolicy: + keepLast: 5 + name: keep-last-5 + prune: true + runtimeSettings: {} + schedule: '*/5 * * * *' + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-redis-3 + task: + name: redis-backup-6.2.5 + params: + - name: args + value: -db 0 + tempDir: {} +status: + conditions: + - lastTransitionTime: "2021-07-29T14:23:58Z" + message: Repository demo-3/app-sample-redis-3 exist. + reason: RepositoryAvailable + status: "True" + type: RepositoryFound + - lastTransitionTime: "2021-07-29T14:23:58Z" + message: Backend Secret demo-3/gcs-secret exist. + reason: BackendSecretAvailable + status: "True" + type: BackendSecretFound + - lastTransitionTime: "2021-07-29T14:23:58Z" + message: Backup target appcatalog.appscode.com/v1alpha1 appbinding/sample-redis-3 + found. + reason: TargetAvailable + status: "True" + type: BackupTargetFound + - lastTransitionTime: "2021-07-29T14:23:58Z" + message: Successfully created backup triggering CronJob. + reason: CronJobCreationSucceeded + status: "True" + type: CronJobCreated + observedGeneration: 1 +``` + +Notice the `task` section. The `args` parameter that we had passed via annotations has been added to the `params` section. + +Also, notice the `target` section. Stash has automatically added the new Redis as the target of this `BackupConfiguration`. + +#### Verify Backup + +Now, let's wait for a backup run to complete. You can watch for `BackupSession` as below, + +```bash +❯ kubectl get backupsession -n demo-3 -w +NAME INVOKER-TYPE INVOKER-NAME PHASE DURATION AGE +app-sample-redis-3-1627568709 BackupConfiguration app-sample-redis-3 Running 20s +app-sample-redis-3-1627568709 BackupConfiguration app-sample-redis-3 Succeeded 1m43.931692282s 103s +``` + +Once the backup has been completed successfully, you should see that Stash has created a new directory as pointed by the `prefix` field of the new `Repository` and stored the backed up data there. + +
    + Backup data in GCS Bucket +
    Fig: Backup data in GCS Bucket
    +
    + +## Cleanup + +To cleanup the resources crated by this tutorial, run the following commands, + +```bash +# cleanup sample-redis-1 resources +❯ helm uninstall sample-redis-1 -n demo-1 +❯ kubectl delete appbinding sample-redis-1 -n demo-1 +❯ kubectl delete repository -n demo-1 --all + +# cleanup sample-redis-2 resources +❯ helm uninstall sample-redis-2 -n demo-2 +❯ kubectl delete appbinding sample-redis-2 -n demo-2 +❯ kubectl delete repository -n demo-2 --all + +# cleanup sample-redis-3 resources +❯ helm uninstall sample-redis-3 -n demo-3 +❯ kubectl delete appbinding sample-redis-3 -n demo-3 +❯ kubectl delete repository -n demo-3 --all + +# cleanup BackupBlueprint +❯ kubectl delete backupblueprint redis-backup-template +``` diff --git a/docs/addons/redis/customization/examples/backup/multi-retention-policy.yaml b/docs/addons/redis/customization/examples/backup/multi-retention-policy.yaml new file mode 100644 index 0000000..430c3c4 --- /dev/null +++ b/docs/addons/redis/customization/examples/backup/multi-retention-policy.yaml @@ -0,0 +1,24 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: sample-redis-backup + namespace: demo +spec: + schedule: "*/5 * * * *" + task: + name: redis-backup-6.2.5 + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-redis + retentionPolicy: + name: sample-redis-retention + keepLast: 5 + keepDaily: 10 + keepWeekly: 20 + keepMonthly: 50 + keepYearly: 100 + prune: true diff --git a/docs/addons/redis/customization/examples/backup/passing-args.yaml b/docs/addons/redis/customization/examples/backup/passing-args.yaml new file mode 100644 index 0000000..90a9d22 --- /dev/null +++ b/docs/addons/redis/customization/examples/backup/passing-args.yaml @@ -0,0 +1,23 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: sample-redis-backup + namespace: demo +spec: + schedule: "*/2 * * * *" + task: + name: redis-backup-6.2.5 + params: + - name: args + value: -db 1 + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-redis + retentionPolicy: + name: keep-last-5 + keepLast: 5 + prune: true diff --git a/docs/addons/redis/customization/examples/backup/resource-limit.yaml b/docs/addons/redis/customization/examples/backup/resource-limit.yaml new file mode 100644 index 0000000..310b6b6 --- /dev/null +++ b/docs/addons/redis/customization/examples/backup/resource-limit.yaml @@ -0,0 +1,29 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: sample-redis-backup + namespace: demo +spec: + schedule: "*/2 * * * *" + task: + name: redis-backup-6.2.5 + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-redis + runtimeSettings: + container: + resources: + requests: + cpu: "200m" + memory: "1Gi" + limits: + cpu: "200m" + memory: "1Gi" + retentionPolicy: + name: keep-last-5 + keepLast: 5 + prune: true diff --git a/docs/addons/redis/customization/examples/backup/specific-user.yaml b/docs/addons/redis/customization/examples/backup/specific-user.yaml new file mode 100644 index 0000000..54e877a --- /dev/null +++ b/docs/addons/redis/customization/examples/backup/specific-user.yaml @@ -0,0 +1,25 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: sample-redis-backup + namespace: demo +spec: + schedule: "*/2 * * * *" + task: + name: redis-backup-6.2.5 + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-redis + runtimeSettings: + pod: + securityContext: + runAsUser: 0 + runAsGroup: 0 + retentionPolicy: + name: keep-last-5 + keepLast: 5 + prune: true diff --git a/docs/addons/redis/customization/examples/restore/passing-args.yaml b/docs/addons/redis/customization/examples/restore/passing-args.yaml new file mode 100644 index 0000000..ef84e8e --- /dev/null +++ b/docs/addons/redis/customization/examples/restore/passing-args.yaml @@ -0,0 +1,20 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: RestoreSession +metadata: + name: sample-redis-restore + namespace: demo +spec: + task: + name: redis-restore-6.2.5 + params: + - name: args + value: --pipe-timeout 300 + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-redis + rules: + - snapshots: [latest] diff --git a/docs/addons/redis/customization/examples/restore/resource-limit.yaml b/docs/addons/redis/customization/examples/restore/resource-limit.yaml new file mode 100644 index 0000000..cb71b7a --- /dev/null +++ b/docs/addons/redis/customization/examples/restore/resource-limit.yaml @@ -0,0 +1,26 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: RestoreSession +metadata: + name: sample-redis-restore + namespace: demo +spec: + task: + name: redis-restore-6.2.5 + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-redis + runtimeSettings: + container: + resources: + requests: + cpu: "200m" + memory: "1Gi" + limits: + cpu: "200m" + memory: "1Gi" + rules: + - snapshots: [latest] diff --git a/docs/addons/redis/customization/examples/restore/specific-snapshot.yaml b/docs/addons/redis/customization/examples/restore/specific-snapshot.yaml new file mode 100644 index 0000000..ca36e05 --- /dev/null +++ b/docs/addons/redis/customization/examples/restore/specific-snapshot.yaml @@ -0,0 +1,17 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: RestoreSession +metadata: + name: sample-redis-restore + namespace: demo +spec: + task: + name: redis-restore-6.2.5 + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-redis + rules: + - snapshots: [4bc21d6f] diff --git a/docs/addons/redis/customization/examples/restore/specific-user.yaml b/docs/addons/redis/customization/examples/restore/specific-user.yaml new file mode 100644 index 0000000..e681c5b --- /dev/null +++ b/docs/addons/redis/customization/examples/restore/specific-user.yaml @@ -0,0 +1,22 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: RestoreSession +metadata: + name: sample-redis-restore + namespace: demo +spec: + task: + name: redis-restore-6.2.5 + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-redis + runtimeSettings: + pod: + securityContext: + runAsUser: 0 + runAsGroup: 0 + rules: + - snapshots: [latest] diff --git a/docs/addons/redis/customization/index.md b/docs/addons/redis/customization/index.md new file mode 100644 index 0000000..9cf822d --- /dev/null +++ b/docs/addons/redis/customization/index.md @@ -0,0 +1,290 @@ +--- +title: Redis Backup Customization | Stash +description: Customizing Redis Backup and Restore process with Stash +menu: + docs_{{ .version }}: + identifier: stash-redis-customization + name: Customizing Backup & Restore Process + parent: stash-redis + weight: 40 +product_name: kubestash +menu_name: docs_{{ .version }} +section_menu_id: stash-addons +--- + +# Customizing Backup and Restore Process + +Stash provides rich customization supports for the backup and restore process to meet the requirements of various cluster configurations. This guide will show you some examples of these customizations. + +> Note: YAML files used in this tutorial are stored [here](https://github.com/kubestash/docs/tree/{{< param "info.version" >}}/docs/addons/redis/customization/examples). + +## Customizing Backup Process + +In this section, we are going to show you how to customize the backup process. Here, we are going to show some examples of providing arguments to the backup process, running the backup process as a specific user, ignoring some indexes during the backup process, etc. + +### Passing arguments to the backup process + +Stash Redis addon uses [redis-dump-go](https://github.com/yannh/redis-dump-go) for backup. You can pass arguments to the `redis-dump-go` through `args` param under `task.params` section. + +The below example shows how you can pass the `-db 1` to take backup only the database with index 1. + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: sample-redis-backup + namespace: demo +spec: + schedule: "*/2 * * * *" + task: + name: redis-backup-6.2.5 + params: + - name: args + value: -db 1 + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-redis + retentionPolicy: + name: keep-last-5 + keepLast: 5 + prune: true +``` + +### Running backup job as a specific user + +If your cluster requires running the backup job as a specific user, you can provide `securityContext` under `runtimeSettings.pod` section. The below example shows how you can run the backup job as the root user. + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: sample-redis-backup + namespace: demo +spec: + schedule: "*/2 * * * *" + task: + name: redis-backup-6.2.5 + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-redis + runtimeSettings: + pod: + securityContext: + runAsUser: 0 + runAsGroup: 0 + retentionPolicy: + name: keep-last-5 + keepLast: 5 + prune: true +``` + +### Specifying Memory/CPU limit/request for the backup job + +If you want to specify the Memory/CPU limit/request for your backup job, you can specify `resources` field under `runtimeSettings.container` section. + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: sample-redis-backup + namespace: demo +spec: + schedule: "*/2 * * * *" + task: + name: redis-backup-6.2.5 + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-redis + runtimeSettings: + container: + resources: + requests: + cpu: "200m" + memory: "1Gi" + limits: + cpu: "200m" + memory: "1Gi" + retentionPolicy: + name: keep-last-5 + keepLast: 5 + prune: true +``` + +### Using multiple retention policies + +You can also specify multiple retention policies for your backed up data. For example, you may want to keep few daily snapshots, few weekly snapshots, and few monthly snapshots, etc. You just need to pass the desired number with the respective key under the `retentionPolicy` section. + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: sample-redis-backup + namespace: demo +spec: + schedule: "*/5 * * * *" + task: + name: redis-backup-6.2.5 + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-redis + retentionPolicy: + name: sample-redis-retention + keepLast: 5 + keepDaily: 10 + keepWeekly: 20 + keepMonthly: 50 + keepYearly: 100 + prune: true +``` + +To know more about the available options for retention policies, please visit [here](/docs/concepts/crds/backupconfiguration/index.md#specretentionpolicy). + +## Customizing Restore Process + +Stash uses `redis-cli` during the restore process. In this section, we are going to show how you can pass arguments to the restore process, restore a specific snapshot, run restore job as a specific user, etc. + +### Passing arguments to the restore process + +Similar to the backup process, you can pass arguments to the restore process through the `args` params under `task.params` section. Here, we have passed `--pipe-timeout` argument to the `redis-cli`. + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: RestoreSession +metadata: + name: sample-redis-restore + namespace: demo +spec: + task: + name: redis-restore-6.2.5 + params: + - name: args + value: --pipe-timeout 300 + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-redis + rules: + - snapshots: [latest] +``` + +### Restore specific snapshot + +You can also restore a specific snapshot. At first, list the available snapshots as below, + +```bash +❯ kubectl get snapshots -n demo +NAME ID REPOSITORY HOSTNAME CREATED AT +gcs-repo-4bc21d6f 4bc21d6f gcs-repo host-0 2022-01-12T14:54:27Z +gcs-repo-f0ac7cbd f0ac7cbd gcs-repo host-0 2022-01-12T14:56:26Z +gcs-repo-9210ebb6 9210ebb6 gcs-repo host-0 2022-01-12T14:58:27Z +gcs-repo-0aff8890 0aff8890 gcs-repo host-0 2022-01-12T15:00:28Z +``` + +>You can also filter the snapshots as shown in the guide [here](https://stash.run/docs/{{< param "info.version" >}}/concepts/crds/snapshot/#working-with-snapshot). + +You can use the respective ID of the snapshot to restore a specific snapshot. + +The below example shows how you can pass a specific snapshot ID through the `snapshots` field of `rules` section. + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: RestoreSession +metadata: + name: sample-redis-restore + namespace: demo +spec: + task: + name: redis-restore-6.2.5 + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-redis + rules: + - snapshots: [4bc21d6f] +``` + +>Please, do not specify multiple snapshots here. Each snapshot represents a complete backup of your database. Multiple snapshots are only usable during file/directory restore. + +### Running restore job as a specific user + +You can provide `securityContext` under `runtimeSettings.pod` section to run the restore job as a specific user. + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: RestoreSession +metadata: + name: sample-redis-restore + namespace: demo +spec: + task: + name: redis-restore-6.2.5 + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-redis + runtimeSettings: + pod: + securityContext: + runAsUser: 0 + runAsGroup: 0 + rules: + - snapshots: [latest] +``` + +### Specifying Memory/CPU limit/request for the restore job + +Similar to the backup process, you can also provide `resources` field under the `runtimeSettings.container` section to limit the Memory/CPU for your restore job. + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: RestoreSession +metadata: + name: sample-redis-restore + namespace: demo +spec: + task: + name: redis-restore-6.2.5 + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-redis + runtimeSettings: + container: + resources: + requests: + cpu: "200m" + memory: "1Gi" + limits: + cpu: "200m" + memory: "1Gi" + rules: + - snapshots: [latest] +``` diff --git a/docs/addons/redis/helm/examples/appbinding.yaml b/docs/addons/redis/helm/examples/appbinding.yaml new file mode 100644 index 0000000..26c2b73 --- /dev/null +++ b/docs/addons/redis/helm/examples/appbinding.yaml @@ -0,0 +1,20 @@ +apiVersion: appcatalog.appscode.com/v1alpha1 +kind: AppBinding +metadata: + name: sample-redis + namespace: demo +spec: + clientConfig: + service: + name: sample-redis-master + path: / + port: 6379 + scheme: http + secret: + name: sample-redis + secretTransforms: + - renameKey: + from: redis-password + to: password + type: redis + version: 6.2.5 diff --git a/docs/addons/redis/helm/examples/backupconfiguration.yaml b/docs/addons/redis/helm/examples/backupconfiguration.yaml new file mode 100644 index 0000000..541464f --- /dev/null +++ b/docs/addons/redis/helm/examples/backupconfiguration.yaml @@ -0,0 +1,20 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: sample-redis-backup + namespace: demo +spec: + schedule: "*/5 * * * *" + task: + name: redis-backup-6.2.5 + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-redis + retentionPolicy: + name: keep-last-5 + keepLast: 5 + prune: true diff --git a/docs/addons/redis/helm/examples/repository.yaml b/docs/addons/redis/helm/examples/repository.yaml new file mode 100644 index 0000000..112349e --- /dev/null +++ b/docs/addons/redis/helm/examples/repository.yaml @@ -0,0 +1,11 @@ +apiVersion: stash.appscode.com/v1alpha1 +kind: Repository +metadata: + name: gcs-repo + namespace: demo +spec: + backend: + gcs: + bucket: stash-testing + prefix: /demo/redis/sample-redis + storageSecretName: gcs-secret diff --git a/docs/addons/redis/helm/examples/restoresession.yaml b/docs/addons/redis/helm/examples/restoresession.yaml new file mode 100644 index 0000000..c5ebeeb --- /dev/null +++ b/docs/addons/redis/helm/examples/restoresession.yaml @@ -0,0 +1,17 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: RestoreSession +metadata: + name: sample-redis-restore + namespace: demo +spec: + task: + name: redis-restore-6.2.5 + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-redis + rules: + - snapshots: [latest] diff --git a/docs/addons/redis/helm/images/sample-redis-backup.png b/docs/addons/redis/helm/images/sample-redis-backup.png new file mode 100644 index 0000000000000000000000000000000000000000..c646174c77154a4783bc0a6d13a6ef6045c242a8 GIT binary patch literal 50845 zcmb@u1yEdJvn>iqfZ!pxClCk(cV`k3ENFteTW}j30t9z=3GVKLyAvR|ySofNcSHVj z?yXm+?yFbzrfQ0*J$rxJy?U+wnhB7V7DY!PLV<&WLl+nO@*NKDIT#M^8R#VM_rbMUMR=oi+G?-{7MW67= z;?%6dGw@cu6e{puoXd(^hl(ctITxuvf9(h&5BtyuO*(>}-BX*i935>Lin;dg2!DBc z2`Nrn;eY)1Svtfk#sBdo<}X)eivYdHiUT6NJX~N{{^&AqJKX zV!J{UMQ*~s2YcVJ5NKD?29Hud_g!HOP9DYCe`*==(--b!Y-|zzI*JrDL4{{QkDZ`- zZHsverJxZa@ICevF;4%Xz16sqvD#pJdz|{IqeNlR3_*L=tp7A4UD^Axi9VKB+;9S2L~$%zh0-ig(+G13Nktvovz9e>|3+rosX z|7Caa%jSoh(lT7%4a#)93-Q&V`>Yi?jBM05|Ltx+1o2^Jo2Ph=?63CJobW~8_EG!2 zoig*n;HghJTyt4fM_1c0>cd~_2!3`hU%$=nKg*}5cUnn^)$|<(Km)*4#Gk-`*QO7i zxmJ49KRhNq$da0X(ky$G5Hr8N@LV~PYizoc1ojWC&dmO4#jXj+>0Z=zS$7boE{rI z^DsYLi}79y%o4MZ;X3ovVEmB6@I{m`KIsPq)c4!nX|YJ6svpyQid3_QIhtq^e?fUt z3<>T_d(4vjqi@e^?6v4j7tM7PZRFqVC!63&av^!`EfoHknWcIG-TJ5RI3>-KsFFnfpv(*P%Dg_9*6@JS0Y-wW(@9dO;iWx-Wmz;23Y2Rmc> zUWLz6iR>2QzHE#w<4zZAQX|Ic;dldEB>uS)8btXUt%>ljHrF(Vd2UC=uxzcFo?hAz z(ViN=ky#!wh&s8ag(nd)F3u8`lQT72c!P&oPj%6m*dbI=Q^GX@s}4XImz4Y(OmMz- z%5@|#C$!*YviVVKs3evtSb#xC^~;xavx;pZt$~8~nwBq7Bt2Y5&|5Q?2!?>EE8l#* z50A<3Sfdi8rl;Ain_HRkFv%EoqrZ`CVvcl*3JDHC&TJ_0<^tDWmo5cMAXB{|K88BCu4N@u zUD~Co{w`#!Uw&;-9>?~hiLp3+O5a10`91{C8e&>{{2`JTXXRuJ_EAb8G(z4ALd1k% zyue@9DhXOSyTO<|Gm|ImHmf>C|e9~!I4w0iHInnf*gb>jrI z=(}*JIR)9;HKq1r#$Yd zSDQq|)yeFn{sPIAx0fOR5fGw}OgBDCAxT*H>j2=ntJ-*HA;G2wtwtP9gIz0u>wGUn zeA?1i(ty|^{nt3^=*Y;jT003^)6V7kR+r}f+Kp?eg%iMu5ZyCPt|L;jjs=X{FcJuc zG%b zuP}OoQ8J64yWhu&gmOBG1*7Vf3;0UKSZFRTdT}rYtCa@kEIju(;0K+s=&0Mczj(BB zZd(F}!QjmX97@Xv%MnvcI8!rjH9@nD04^f2s;iPNw%nWkgSbS3zFATRlAV2GE(Y4j zxv`<5Qmb!Hbtw|BDXuPKs8#2h_NSLb>foClq|i8q$lNRQ1CE({lYa>Qwk5&EfZ5#B z2$mi#gBC5`vCg-8?HF1lVGRYrN)!Ah|3>I3$w{(Oi^4ZQD7}}{!#2gxyKbLOZxdmq zCVq?@*QH#D7d?BkVI!8n_C5xQg)V!~dj~B`!-}K&8$8Q5KQG+rsR75Nnl#&X)xZfV z2{4@L7D-*0c4+zN5x?ymx2(^gMKAz#OQgQ|Q9H%n8plVaeDG`NdK*VGpV&jQYZIvi z)Sxml^Gc(}2M8#D9T4zN?FhCG1T;9*Fo}^C?QEYlLCG<%1S!{gex1qM;GpIt#6#|A zE*MfjI=Rq!Xbm)wEd?Z3n%}BE-#~oUb_9SmH&~RJjt9lNO^J=0jmImvPvnrc1elvL z8X^E*#Dq~H`jVVB17An1Kg04>A(=idkQa(A^O3x8lMG}XgX?-jE|!`qnbe6uEO)D0 zZC`T;5U)BHe7USW0~JOZF*9E8W=iO7=pSq^9Ng#qgU9aJKQB*dsnjqt!&5iVEntxo z9H!sE@VduBi>h-IQ|-CVj*N@Cx<^6;;0o8vWu*;8C0!k+9w2aWVuJ2^G&1}&)-x+#u?z-b8wwi&C^H87AfVXt*cwx!F ze;l)%1iMdQ6^!Jr^fcnC`ZGUcWPJc((3j@GB11eNJ9cyf5%Fh}yT!m_V>kfMBzj2z zc%Gw~8|4K984xxq^bcuHTX+Hm(yGhtwM=C}%?8B8Gc~0l%C-byBjjB`d`yi81_XOioMU{cdX`JN?V@)b`~0*SEq zz<@xPy}*xoz~*Pl=7tu!sy}VqX@J%Luv}S^0PMy2k2h(n-X5{n@O_P&`J)pIuIHu8 zB87uI*w1bV8RRcqjZzWD2kA!w1s(#gECdCV$8MntK$JS}fzG=g*ihOshU|VbzrcGS^ zzz<`0uG5K(pk1R3;P69uSQNGE(EE?wmJ>+E4(?!(G zyxtkbXzxJl?D=)#)MWYjAXV?6iK4xg2!GgDppD}vx!dCKMN}{Wy^98QS6uYaA|jy-WwjfD%Q3@3`u$E5i*2u(j#c_@GYQ0Gy0Y(Hg1r#E3%%& zOk;*fxzy!gCiS!Vok<_hJnPV4C2`WTAqux@$7+GeJ-S}{WDDv^v*j3427X96?Voq! zT9d!){GsG)z>0bctpY?8xZbD4#xZ0k)W)b+5dmPp-4wBRf6JCEu|sLWMhv6pierOs zJpc^**F`BknwHyaeX)3p3fY zO7Y8kd9}eHP>S8KyIqt`B#EWdj2hO=2x`>SBJXJK$HF>vF>vY0$E{k}>*8ybN}lk} z#S%9fU8_oxI&5ae;tmyhvgmC42OcSrf$(5cV4 z%EOv@W$lCZ``7X^V2g&w2;R)hnKyrt;-GFwo#rg(7sX?APwJrc_Ck{I%Bal4bKsa; zvraA#8|&nH&Rq)xb1@P<8)RsL4L3p)jlp2V<~BSsL{Ouk?*(p2dSZJlr&YB}016bL z%!AXJfEb^wDwM^mHT_*&NJzR_Y0_u==Dk08{%cEp_LEL^$H~j4<$pV00&2k-EuB?% z!Saokodq{38Ix#|bBo~N@lE1S>NI@muH2sPd@(_$Bp^Z&uINdKMDwsHIY8bo8g`2fm$s7R*qxF~6X{iWkmturt{=c4CppLI~X zK{o^V6_O_3*wu*A)b8HzbBGygRFCj!d#oXuy4*-bNQl|=8p^p|^csLaT}CZmU*27r zs*r0e*>;uy9p4reKVM4u#KTs+Fxu`-B>=)kv8SMDONE)T)walXEH%6c7$UE!IFE4_ zEI3>q`}I$$o)@#+z#>tanxUqdzD0yJ_sgXkmYFMbp1MOuYdP88B%&#ZG1Wve_<$>orDTR+zBQ^ z9!om{U|*Ie3Ey+lh&uoj#`Qu%WS9`Qd)*of5Vcu%Yc(HX4U3J}EsOxmJlP1!enc0gqdL7r>uh`b3J&evD zFsi;yt*%@qjK1r>Za`Uxwb)FKFZ-BhYUfgCC0UoKD_GMUv1HIwuH67cGp6fOX!7sH zr76^xX#N!twpT-vp%fe}tj1r&Vd?a0e03@mYOUGQnFRgrKj8e=kKOb$svcs4<~4YC!Dh~&Ys2^EI14(+zaU*O6|QX# zhteaP6Q|EeTFu;nr7|ZWh)(G_-deEifRP^po;Je5t@gAc&EWcg216z_L7Ox8tqapW zz9IT}3u+^2v}y*jhpHZ_F9i3#<0HiUcVJsKtu)=$n}J~Vx<<1CGl891-k*TtKzx38 z+(3{K(!7H)32TBeeu24^rEnb8SarOkTxw|V9HquAy&uA@TRb|xsptU6&iV-X5OC3B zZmHWqW7C&$ZjbscV=%-}c+CP@Ve3IW+@Lo#M@r^sVavuP#Sy{hfO9~4yx7M16%uWJ zwy0RqLQ>o&M*`8{uj_6FR6BhG^{higQ%4sNKspoK#iW8?p6j^4WL@4^P1HI*`)$0i z>PV)s)Y_JafhWm^AoBejvk!KsrB-Kv(CHG&P4P_dH!6KPx;IO z6*|m`ggD~pF2PowQ%06a2d=$bz{48~HT%eb684ChvuefX;Zv8!9uo}o^>2LvvV-Jh@k95WgvD{p66iFi<=P1P zr(Qde_NoqC7kZ(v&uL@wz~%kCV~10)*~lswh}WSTcH9xRc!8l@VGBcaVX1#E?>Lri zHc$N^3HYLqQ6@QEq&6-YRz!MgrSxD;yg?2H8N^y1S1nHQ%&uqW(K`|qIuwQ$-^O9i z-)(rOE(Cr^IgsadA!lf=ogz6(>|Z-Umt9N4FN2U5AGo= z#;TK|A*Ajt)d<{Rw|i&dW6oydeS_HDjnN}~r?HNh1-REs>K7h%8|0+dIM5XkUWJ|Rjnw5b?C0e9xgui52E_5u!h(|OHySz8bsdPS$E+K)q zMR6Jd*|o%N(;LUKoJ?D?ph>~^N6nDBno6gH(y!Hv8*_?K)ly*i%hLy!6A$)^k{6ul z0KAyHx)`8GVN=E@ko0*HVTLYP)WFu~KZbO95@|8ac_!*{C?kd5_ztGUkO=SAiRnt6 zs~sNNNbIWImIU=|g&ksHV1f@zTdt4q=B67;8D!;N_8?mA5Xs(EXUPnblNuLHEuSK8 zg7}IP zQf0i|`{JkcuKqF2bO~fu@kJURNCG1xXBs`cWdAECHrh%{VZ&)^3e^pj4@p5I4GEls?P-C&yz8W$4tTol7k7s!x!bzAnOWBF-=33`inFt`$IeZTP0in28elNV z)9bA?+lT8dOb3>yfqan`{~|AsLmh?u^YP}nITv)WQATVm-s&FO2Y2Zb9_l`I>z^F?GOF*3qa!ydDXE>E-3z>AbPlkTlvHO= z&;O&Vm6a9G#DF${~j}K{9@5bA{3OsgqvX zfR~t+^!`1CU}Pip z?{uLz;ax^4f*V3JTR@vOH(ltz{TMbg(z=y+dLn`?_`j3*dzG}C9~a!93!WZnE{FBG z4fXId^|tRtGO-FL`h%F7x!>L5JUv91FI3Y#tj~(>fc0-#MSg_?3%PcV_PBmP+$S8} zF&@hjS9jWoX__21(Y1bh3@c6UP;V+u>)|x6N5g1mEZdC{vR48TlafNv?g=F=(tvOp zJITxc&BwJOXe=)dO(Exu@K9Q{!Z*;T8EA7hXW3zz`ku(qC}m1_Iu@^LtYct6$WyaI z=SMl$9zsRfxcT9&?N#90#}T|W?3|pw{!IGO#>VDPMOhhhdq;;~gIMl*h`Bv~^UW)d zX~mvU%p^Yu_ool1W6x}Fu0162h)oD*aAJA9cHM@Np5Gp3j0sV#N2P;vGGlr0DzP_LiaKhY*FgX*j zQBaUo{XXbTxFOHmPg|kpTW!~~VJCYo_7+b9Z^q=a@}%5sDRNX-;DoNwXZWY~^9ic7 zr?l7xJe8ZAIr8)KhPT8jH1ZEYvvMn6BQPbbj1}%&QBnbL*a;_XUcyuO&^*Bo4g>O7gw1|?I6gTF_yLPhS zF`+|aPGsY3eRRe9Q2xNj)t@o=f&^*)B_uZ(j%g299V5@%W?Y@>Xs%&SSP$k4k}wq? zV9d&64nvdR@!`sjQW$dywpPFiPpJ1QsLG{b=7Dl_6v^uE9+< z_=d8U1m9#Gucb?k4nOjRWW6P>Ws?Gq{275dBNERgeJZ$4Y@jdq4HLGSfgleZ*q&*K z_FzgSG3376wZAM%P5H|=ck0+cT-T{osht2jHM^Jyy^-|@8*IYs<}>5m&sD&P< zNB@balrfffvu7Ji()BgWvt6;{wFXmjD=F{@U)L8oNUeA_(igq2tM1QG54@bMvy|fz z25Vtf>?ccp-#6ip*ZSzB_;yD_OIATrv70hl?I@#)JG zvZg)R=x%>45kGo3&snlfnafERzKkf(FoDKr($=*?OauYJR8rwMbdhpIZ6>-B(t*JA zt=I9Djq%TJ127K0`D9kThDN*EcxfgHDY|2o*kH$&9K19oUDsbPOT8}oz(AcT@jai0 zK?mQ2KSn2e(y7SzLszQwye&rmhc|p{FZws~I#Z&hqz$LI^(h60M5e%5xiwmJGgLA9 z4la}W5^XX`LQgR_ zdHrW2E2GNa3+X_=uHWj)v=}if@M|uyULv|$EtR4Rr_*K0NFD9KKu*c9)O@2Pt5>3I zLta7Ni`pd7oY0L3vRjr^WwCZ~g&5*YhLC2}AF0jvli$B3%eY5)pZ0$!*qis98Ya*- zffpOey;?!3K(SoSh3Lnb%9NoJ=dn{GVIh)5Z_ukUy+BZiF`X@luRi7rW)_G zeP!f?q}FYP5rN)Vch%qQ!ZSLriuPvXPhkSymRI z?lZ9dU$p=l=az%PYvqvF@LH`ddTI;IaohUx-xW2HMTku}m)P)-7X{=XY$PTq;JA#cpg)r8j($n(A1 z{dz-c4tyR>neDf))IKp9n3O4YNm#W5xayowCTbe8O#~5-qSoO|nyECB39H{1(&_j9 zQ&3-+T~zlnsQB!6VPHk1?xdL?E#`XUjLL!jKrh8YUHt04q$CgF^bb1g=-4tHrf@4W zQ(7LM^=SPvit$i3rX;kWpwls-K(6@smJgUNmcnHlvhv$+?jhIuTXVEbVm`?z0_)1G#*zS|0y4AX->?}=Y z8;Bp37U9Xp6~rDC^i>o~cuuEVj`033??33*|Kqj5e+MW4Y)-jP;1Qg21oeH@;z z_1Vc6qT45IAdlAJzN0DPBx*T17#(0 z&ZB?%|7yTe(?e=jg)Dyg61=VZRBhsqmLDNt^pRYsoc7;Mz1qlq+V}-hEdL5&5IbnY z0tx$l0ndCiZLEm4*O46mDSff|-*ohUsEhfZ6u>_vf)(*9SNo|rh2r(Ye{#ly&|M0I_dBK6XUw(0K9GaKyOKe@*)B|L_F&|JQl_-@5ARd?uK0MQ{vBV7fk!W_T;&!Xo(0 zeBCfddsjU&Qtk^26}MbPAKARnlVb(be8$_)QGd<0tj)FY`l2){N?V+gj>)`E;z{7J zuKSuvd(ys_MRlOq^F=XI!Qvq_nWlfF>XSHpGd>sv>Trx-DP`zgvuH>^;d85nB8hYTkasMd0gG)^YLjo6v>W zRB;Py;jjZp0SS)21E`szKRIQqtT(hzdvo%_0&afKvTHs&Oxs+Xn%W!Qn<{8**gSS? zmYD!8o>d}`p6=aTs@H^myS`Lgs+^=S6nnKG>m8Rjds22~kqQoXKkqGNVlO?jEwiubF0x+_PrW8_S@_A~`K~Zv_8u~QJnukTn3q*l^wSReXHbPY zA0ZuhrCUrr5s#@w?$5oDmh|a>|p%Gr)wCo_4bJG9}b(KcUcVquW1%_tH{pB=Eo>T8Wp2P7GSC z2GIH&2NkUYzUBZ<)ZqdRGe-*+gHW5V{Xykwa$-r}B+NG$FDK!xu@fS7+YH$*zP0Mj zZ#Ye}UCJGRdUu=5+z%o84Mp-eM$3FdF*pWUm5yiSi5vHGQ^&m_*#sdLt&a2ePX>mD zH1tex`vWa4jZO=3Bwn*fOl4sIhxai|Oz)8MG}B~scmV!K!^A`}{!IHFLuvHsDJ#kt zd;!fclVK_G>Spn}x9WQZ1?glDk3b#~D@&$~^r}kg{F+~085(r~dW-!i$qIltE1b4l z`V#!NoTmj&6fiL^+V#ducn(b_hP1|RH|&s)9HF{M!w(oku~OnrJlRer&AobkS$U1g zr>kaKAjs@@n@Xk1DRcdPx6+eOL8x)HzUBj45g$qCP;F@oPR$D%nV0Z)sRdi9bEEqE zKP2PQCEz0+-czmPE9v&pXEZh@yF!?>2@kHL6>Xo2X=F|2l(hHr#U_6>ZQ0=fH2alU(-Xu{hI=if7iJes#-Y%25xD6n;?PLU#EnEq~-!eOMi zf8Eu5k82n;X1*t`f`9{fJ-lR%q)nxpXr(L?aU{AVc<@)5j+vWuqoMRqf*? zPOHYJ{LF&N>E`dm#k8KPU**1X`cM@rR~Psr>-Ec z0RMND##$DMU~BzbvJqxcl0v*p&WF86h|+&ST#*xRRLWk#nk##L&IlGTf1gbeH8_aI zx(^fiEAhZey>=H^bWdb;Rg)^PWF0LdYP;(gO@h zDcV05OWmRH3S9|V z8jyJ0Jvysw{qXzN4*t7ijY0A4WzTQkkRft0214QJrc35C>cqUo>eMYVl|d;s zrj8#{+IzQx6@#MxI+#?UKVBH2SJe z>cYh@r6|I<(KDbgP!ku@vC*}6aJpu5uBL`WEs3Y45NADXBX|OKaoY;3>?KoPidFfU zIo7v=$$4_x?^kas{aW7A=wcPEA_xiZr%Wnxlt+4^YKZI8vi=rsvnW%D`5vAmVPS!_ z!H7zGDOqtAXcdibtMshd-LR*yy0AEF3|afFK&EMw2!3_R@;8BG1E2NH%}6z6-*H_^ z0m`Jt_V4|qn9NvKM+}+gj-O6nTugjtp?0=S$5yQ3 z7AZ%FYOa)1`!MEK+G6lw;{}0;5_lny`uq>2ojXTshUK~(@bYUkA5NNv6@*PJFoa#a z9gM6MWGi$L=uU0C6P+d%dE9O}$&!Rtsz@_h!ZgjPaAQh7o_$qQ#JJ>cZAxe?QvXV) z0n}oMe2Y!NaRH~B6U%yz#)W{#$+>k)T{mo0UCXmcw9Z zOG=Qt9v-(Nqe?qH?v}E7S=t;?ZiuQv#mH`cRtgg?g&8*caMOU+yW?fvv zwh+&HN*kXBcc@WRH|fhk6;g#mSEDv18xoOK#9v{S3w_0~19pwkNOC%6W!tQB{Qy@q zgM-VUpMkYoQ@WfpFbKr{LA_FglfMY@@PcPlf21xEDFjWz(oM zrH%=H_`^CG`LPB4AAU$-CsZEOYSKA`&l!Xwnu4*qphItIhy7U?1ES$2Wd&QGzs;=* zjw6rniT=eM+|30em+^<)3bojNX#epYydnvk&3l3-kAu-Cj$ z4aD;uUxJ$?0?p%ntjX-3>iyFyy(;?e%@$qh5dgR@=!xJ`yk_;Kn!dnY zY!C#Q&sP0rjD2D)Vq$>=yQDxG92Jj#`{b_5Wc=C4KhY@$^JSm5$F%1I@55=g|3VfJ zS_mcOlQ;b*3R&SkPvTUT64fuJDuMnZI6R3Xi69S&Dwmgy{}H{tt?1$*8kQV38srWh znvb^pGY}qx&#(7$q>{RSA!GksHjE|rxMKnGbU?|~ zKas1y?E7xop7i4TzgDD6-yZ1w8wy44Qn-w)d(DR#yXfkqA68`Mdiy*P^krc>E7d1( z?CdUe;J(Gy2E$Cx^>S*P%{0*)0~Udr4U4nW4RS@Bfn-Or=868&NkzHS%TcmDhI%T` zxf1fvZk2u>9@U9M5F)E;=Q{o5fZJwkGB(Db6|IMRx&9@~-ReOtnJ`KaUqnS9qC0dF zbiH0iET>OU$wc1uoa?=I05V9*$jFg{gX3gOf~g$HsLWe%0YYuw^=!y>M?wpw=xovD zsN7E1YP6f;|UmB?rbcYE)-YS z)~>JC!mj&d+}okeP=ON2VMA*TaFi3ztn*AFjuCw}txfw4BV*{_zw*szDM!qPgYm7V zKYskUYQuDI%@U8gs`a?#f)l*irgXmGJ zv05(jZw@8lbB{phZ86unLo(CTfA;o@!PQtU4WDidTu*u2Po>+E6_B}K>0BNyVO|Zp zxVrMo*`f<*2b-rDeP31&1krARO}MbBBbq@Xf2 zzDi%(co_LIHIh8Ov)%%`Z2|Irn26q1ldQ^YpLPkb5%;bI&L^hD>yqn+3v$uEObka>+f4!M>>jrCuE;t@kPjNdQzbP*- zmrN5(K|sX=vM$mV7L1vqVUH$*(Fg|Cz42-_=#fsOrVi((x%UIh(CJ6+F81Zi3tC#* zdGMUMa`9xV%f$tNd%*Gt^E=@<7$r;Cn-dG~wJiUM;7nDEv?CfBJKo;jUhaFJ*12OBnUK&I&!RWo z=)@)ix@VW+KY4*oExGIggL=@?&@2Ovw=v9jv<{rLE{A#CQ361|{vLFVjOcxoTw7Cf zI=A!?3!HbeAFErExgNK*c3}YLo2-5qq$sMn85v%W&Aew|2)RDn8lRr-Ei7&B2XcTw z!`#318etE&0l~pp4GoEa8+-#2hJe8lDK|Tv8S;~10(rodvk}nN-Py={7M6%?iMVIS z54T5WexN(gISWV#Dq|hoPr%yAZdD*)hSKJn4^!&4=u21KT#m4Ns7mz@T;TBAbx&;x zr3eaG+&5L#eumn48=)SoudiRfeun?`5gsO#w6Yr-c()rJU?f)~3|EZ1TZ0Lo)zpX$ z3=E3Y>mzMP1n`rF@RW@JbNtj+Qc)2Jcneg8I&PqA#N)vhFkRrxi4$&bs&p&heQJ7H zSvU|8+~XXSl$3ga$$SM4_PLf^*)&VzKo2Kj{5RW~{AYt~pMLKHNl}3~EqABVv?Ktk z!Z!xuqGDr341rRPP!gSk*=kq7lRjJIv#0U)r$yVISePuQ>*F-L~`axaR_;A3={&92RwEDhwo3cw>ky z8zTS{Kbd19tntTg&I7I()BNNX5CD-w>CFW_^ha|S2ts)b z`f((wjh`QSlkyQB(WUmDD{uUZ_W?J0Ft(!rG2KIbgDl4>x;{ z1KtD%BM3L8;Xuk57c`~iky7e*VCrcvMU4$un^AW#p=V+So0Oy^+IX%ECcmJ~`b%Oi zi_QZuQtIA;?J{Uev5@2V2JqVW+oP7WCKo88*TQtU-V6}j9OkV>(I%l?%v)bKGxst7Q$=6Y1CSf0zM3|xQwNZh0kr|uq#m_Vq&Mw1S0}23lcb>1Ymt* zqgHHl$F<>kl_KWH(gr z-y=2KHU$I*>Yi_pe%iYNF>R%JxTlpK96=+Sw?60ALZOaFOAYpWkNrHxRaY1g^dH^Z z-rj!t0KDjWCiPW9;?Y(Cqej(oJwXVNXCKDyb+aWsJ3A{C+N^RsC6nx6OIMMVsh$ZLD6bc}ZrxbCTGNhne)C8Adzy@sxY* zCv;-=uxnxS*2EO5!Q2Qfx4dO*VBcXUMsI8~qrhB@w3;^`{z~e@GWPLd_p{mJgqSHL z&T^>cm>jA_aQYj=RSLs1J?E21W&|+1RKBCesG1s100BJ0fx;f3++Ru4iE6o!>O?|P zay`+sWF`Hcm)<2IyVQa;XCyKrWl#9PU>(tn`O-T>sKSgrOH z7))^wcx-IUAFz>){+LHc1{SZR<-wWEX+46C`tK*$(&yu*Ee#O%`}Vby7fm&L&>!h7 zafm`oXHip=lXzDt%Qp31u@{#Q^$Qk)_vdoo<>b5t-!DB}*3vREQgd?RdAGHi*DiDe zajUaL1ESpGE}*1tExc^F_IL&GlIOqnB@NY?D1F$LOM*}~8cMp-l6v8I36ybcbw$@Egi_p^3qbx2i_H>h1RE$hZ zBUgUtr3_1!UCJ!EO#;{{?34-i+OZLUpg}`6z+|dwYb)Ju!Qg}0uD|(mNR4hD2|C(a zw5+U=06`1uA@@kGU38|)6Q4;~jgk>WW;c4lebjh%wSwtEP&J$(9P|t(Eh(uFc%NsF zCBTf+wG;tLq@tn%P$>Z`vJerP_d;cnju zv=*bJsdIh0@kLme#pTirk6!uDnhRn7%`Mq8fg2rMTwL@k>ft2I=04y}=;#WN0XEag zqSiIfJ58dOZX+^_0EhM_19%C{VR@;k$>TwF{BX(h`1m+|Gh8lLnu>!XMhkW`#m>c5 zsoxjbT9K2JLpEfBj@W^`z|6B~B=JQA4*~KCZ;mi8l=H<>M5+0?KxhyTUTAYHS&#Wt z*zb<#p$@ysmtQ%sdy?u_Be&rX3b)(d1xGZu8U~-5J4DYwVZJ#StD zX2I=iUth%ZE%JqLnIaJ>DMNv{bT?+3r=_r)QqN|EhkFMmIb~%605^Y@;;rMiTp>Ul zjy3@w&2ng!Z-EnYo$P@|LJ#qIw5`bdnj86dOcLl)c{GJgvEo}h#{kAAOC+BxfO=)p) zIDCn-Yv~jug>o# z1wsfY(bah$rc)}fzO6`-Sn7U{3;>u8Nu%b~oaoTq$f1Z0Yz+bD}Hg9S0gWsr`9vCjA=YDuM`w<}`t4y1# zJQAfGEFM!mb4&rIQ)VhEN10X*4?=hseA=nWJMh{x1>FJD4gcA ze^2A_HSDl_b+idY28?6?x!g9EEpZ(NyTS}5;ql6#q1R}L?h5kD8BVnpu@|1`&Q|~! zi7xEnzC*E*gn!W>PNO^RekN^ne7pl7c}Q^X0BN$hI@WP^cJ}Ymowpm8dX(^w0;Civ zX3c)Z2Y+mIv<=9=_%>P2aaI}*5!Gz>q(4$(K%AT%cVNnFD<6FPhJ)6j4PcvbA}2+j z_m30}yHR0v;BDuCspY>7I7}xq+9P)yOkkU7bUG_L5Dg>SI2~ZxDyke_6$Ra3Jp$I% zG7^ZpD1_7HwD0}(>{N62BY!d+PVNIdv<_gOPynl>rDFAPckO!BLH=mVn+`3v8UwB68X;g( z4AlyK@g{-CVPdOh2`NnI+}5C=ggIytVb%}J%sXwRD774MfjXvl?`Q+t>$g$|EIn@L zbjHcaowwg+j2gRfBBL>Mj&X0iF4!8dU(oS*pX%}8lrc)va<{?M6LWM@#qhTC?^{Z+ zW%;lZTir>A#@!iq6AfGLS?<8*=@A6uw9;c~1a@{JJeVSoa*tH#IXloK>bQCRoJ7z$ zxW~DGbZ_9CClA%|cwlQuf7Y8ZO+Ei~4W_n$*Pwq@n+bE+f;Su@+5OmTdO}~cfm&zP zXEq5lW-2}4>rX)Cbv!2w%X|)>*0_5$?z%WG;D;pPmSw|adyz)JKJ);eI^7&*+hCY_ z{Bl{|1|a4(fIhN4YJ#phk)@=hM1Q41L`2-B^DI`W^gVLj;(JtttIx@=;F_A6a8M8! z>(?W1D$#}>c1s@u)qrsJ>&zY~;QGhEcLL;*ryc%Om~_ z0$aaZ=!E!5R_jI149Apu2eu4<8<4fR9*b-4tTCVC24tQegK@dh2#}@eAU_2%E~h~1 z$Y%aJ1>_+}emmXcxE>)I58&iulhZ(;+ptL(alfpj31nSOS_820_!>}{=GDq$U-*GM zP>0CwFd$d3C?6;FXak0Olf|w;BB?}Xh*M>YWM_P=O*%b>cJu3a<< z0fIXO-z2!ZO9<}n?(XgZf;$A);O_1O76iB8&cfXn&YkSN-&5zut$OR6`(3IQHJQvc zX3OZ&J)SZ8=~pX{ckO=a3u$YCta{x&L%PNRTsfg$XyZP5w%6urLK2EYQ8PHac^ zrjvB;&i?7?30w*R;~qcy0JYcwfGUIDV5C={drsFY%I~4c&j=KbbdK6j}KonJm$dSLvQQ{o9=n6@@Z zsn=NFvUY0Kc?EYw`(4mJ-y22D-*T*YpOPf|c^;`mBX_rrXO6D6C z7Rm*}`rdHMS+4~$TjA}r?Oqg&6ZmZ;x=sLwhokcx>3Li4IcPMUgN2c?yKVKF-nQ+S zoxXMNQ_ekNuUgl=$}6IG(gD%k8Ot07CZJIyj%CJ!al8z`?^<>TM?Ic}2=M;&rqk=p zFlHX?MG+W5@w*iQ=2B5NHx9kKA+>{P5A?A2civgRI`#*UGvo-siH^f`O_A=w78Clh z^0e50`%N8Q9DrZBQf(Il`1gj5wktz`#*$;szg@QPMJg^GlJmX5$nw3nz^2peTWqkp z+Y=MuKHz_~>O(4OIv|#DUY4Im9fYiMcG`d$t)`L-tZdoA^SwyOt_DCvv@RN#>lwAn z*JVhr@31}VZk884;B&$Pp0&P@U<3f_WCJ6ufxpAD{CL!VCDklz5GV}@3WZmm7`k;U zUh4Kz;N>!DcuS~3$$eUe!{On$X>LsmKy-k0y#y{7g>=gc)uY!U5^;~fO zRWxBjrvIR;i1)6snP8-W*9~7nCiFk@3wd#C{+Cb=x(@;RwJc1yfT5fRP+Ma&p?`}Z zyU629ZR+L*0R;T#R=6|>^S=~FW|74;RXP}ew{X9aNhQUKlakZW{HHpzpsUvuh0R#fQ#Qr~QKD3jpwonSTbLm)Ry@wgRxm!RbV{f6D#c+^UGI`r+x+ zZ~S#7`HG0IUa%}R*%3D$zXFxN5Eys~7yeVTMpw;3LjZ8kD>5Pe_xtV?+;sjc0P@VV z*#RJmj(}!40iV~@O^4&p|Mrhz{xtf0$IH_x@%hN|^_<=~u31LU>j$_NuwF`IvvPlV zSo7nqCI3%{+D)l~lrc^I*mRy|_hxX;~tpA0WLBK;ji39srDF!d>`pOGWlt;MTP5q*;--j{}8R z4fxNS`j*CD|8w>W!2|fJz!B_Fy4X3e%nHA6e17)5L;8=leJrvNM17y&uwDg>k6vBB zU7j_riUHz(^w!zUEqfLW|4&2pm9Sfs8L~gSuEdi`k<;M+r}u7Nd#`pd^j|gHJl?G5 zHKGufa$DtE;6nWxT4J`+IymMJT(Oh-XQmLit->ue`kTnO%6>;RJaE5|`0!4=fSiW{ zkhd85-qr9zJ;_-Y7#)+DZmLkP#WV~cw>iiBx3^G>g8wJR!9PQ+=$l2FbUM4uh#&Cs zJ}r@VZA}PO!rWPfM{=&Bi=lrON|XlC<+dEid5D!%Q>A$&CNqz`rEOfNgrl%IGn4Z( zS>^MBl;UUYd@s|L;-i5+ari`9&2vn>g|3i0x!9$iAxtebn3})$t4f}FF{AW(2QX?P z%&A*IY@&z~G^^bvepf%6DpsJL>o^r+EjiFMNG_`v^3u3u%R{$oM$M&TV!C~@j`XV?Aq=V z;4Pfdy=%|MYn=szGDXTc>RbyabHdF(5TK6|DvJx9F$2YUWyN_GoCi*wGqOvzoErum zctE?}Ly1*UxHX6^KY~2rr?^+^M+EK?1h}BZUez)fc%R!JAY>zi0v@v-Di>l9*2C)K5~;@2Wm0;wZg0`mEM#dOEm9nc4<85xVdP)Z9Zb{3N1IW4(1V;auGZxv%o5}% z!Uhcc5^%$ju(lUGrUp4{deAiHh{-bH@1&DzrF<;SJ2@qNA0>OwYq#noHZ{Dys(2oZ z#fWhwlcU9;$>k3wr3D-*9P~4oS$fE+G?7hh*}!^LkAf2NBV>EI><P8T!$pJB!S?53(@0^~?}e1bts=Sdg|Uc6 z#qi;lsIqfo=?Nf3Az`qAw2;^|;-~#7%H2PC8Byp{Dwrx1n8OX7I9wXEAX0RspCvF7 z_-8a*o7kL8dkvR#?|3jrBS0Q~HOW>q=wBlom|P3j_;4 zg7khX+V@MERgV!6jDLz7jgtvJi@1x+oPH=VlyiKOYn@$f=anT5r(Ly3&%7hI(dxiOhC32rjzsRS+31k;0Y zmA+68i^GWP9`GB&g^MT4pHii9>5@p&hf$|#jO!Zy0u3e%wxop7wpfQ3??f?EpD2#( zoPCvGZXrl*mL*Hhe+BOc4OmNw4FySH+!^-eGAW7>(^xtz18H(HCAkJ7 zLNg^_OC?x|daYA9wlJBEt)twjH4!lRBn#j@^KZCBCrx;-*cAHR1@jBrXLU{JHs&90*v?X-K1h46*}kRX zn9qV+?~HC$zQT)wg4OVIx@hm`0e{1o-_PRQQq$h1A)>5912b@6ZIp(5NwBRH014`1PSj zmN<8yT`LH)q&+Yu09!Ub8u=yV)Z^AR)w!JW$fp+~2!|$jj|s04&xIp`f)*wsca&P% zBYppQ{Am!6R{(=p@a)VRTE%JwL|A95sTe#I7VvK7=Fr34yg2H*(9)c9#v+PhqL)8$ zc+@K^L~RHaA3I?$g{U|ygu61Kz>p06_U>J(F}5Dl2a#N1xwE(J3DntmWNKI91>o=T z$fdX>ak3cGZ&Z3l$wPOCXQ;rP5mkL+xE-Z1b&_RHivfjY?u~QxDx$*^HvG6Of7$Er(8gkmwytfA~)&)r_{mz#t`jtafTHOmX@%)>LwtKr?NCWJZ4w$Y2SAobUt$s3d0?zjGmYB zDV@rIluj8_S%nO9G}fGJai;IGI}#m5Z4?CRhX$4Xdx0AH` zTXyX`5A#C6q`lwNNV3Ob$z+(9mklaorFPHrB&JA^?5PSBukCKcWGGngYZ~mst=(^# z@Tf||b3-Hw@;>u;c7_yv4<)C~1 z;icbrB%Rq*S8hk4Sd54YRe^1R%wF`i$F~>`rHjU&MN}q#)g*mhtSsI1$O~eQ^46B? z4JU(x>Qo|47>k{o7N)Szl9RaOg%yj6r|KJAH!w5$-V5hU5fT@HPW7D#rO!_p`#_zgH?OE-)qmD z%SjuPMub1Dl79^^1~trzGiZ-WLtEr^)|)Y=-pRjo7#6WsEAx%e#*eGEu`^%NhgD#z zK@6E%-z4@8@+KE~iu)`gGN(MEPB1*2K&9%{XDVK#_~P8FQ_S;b=Xn zE`RE7@e?!#F$p&S_PMS3K&o>LfZ2~inZcD_MaMZ;m0bn*ezuF-$Hv?sq^IYvHHgD8 zy2)IXkL!_hznq}Lgeek56**6Qoq zixR7Z-hC2`f(!~ht;`v>;Vr9(HuIz~OPqsoD^HX3*{-n-dGUe+ghI-|UTuuxG9}ec z$>3rvG9#~V0fk6W^&Ywnk?{OkO62J@;27?AUId*oKV4BShj6E$gY4_?w6Fuk|Kw-L zDi$k?ZDbmz3D5HT&J-IMss>3jtLcpNyHS~-8%q)uV=D}ka5U>js1>SP`Vevjef%k2 z>WPenBtvMmtN`>$iZ`<%2Nkbm2_@MZOy!ksNz&rV0t57@)O;s6Lk(y?=SqtD%Hrx>Ej2#XgmZ$+_A+6TPXa4g}({W2{iY}l~zX0(qvVrvsF z!#G%-Q*dNBUaHT*X96+8-TN`m#cjm}2Y^I2srJ6md`E}Nux=>lr*6gltczd4LW{tb zKz`CMPC=K;lpxJ7!dsM+Zh$D%TY_X4l{WT0N$n3@kjqr+`$6+?=lQ>~BIAZlB(`+q z0mBy=`)*GG9pJNZ4rqrBH`OPD5j#wqPW|H3hryXjTjJh$Ltt=8IdGm?dYKmt?pvl! zbw^Xi(oqW$W%|K%VEPqvL_J)bUWz-bEQ^Om^b>cD!?@BMdHSA0{5kJ}c6>8}IkzgS zZUt<`A`J6BC$xyjw2N|q3iQXmcmu~4*7I_;iZbzxQ2uA@jM|H!sjX=TbhONTtxO5j zVUrIuUwDOT2`F;SzBGmQ(~g9X3wLD~PvvBg{-6fm;%yjb)w9*wMha)O6H^#i2>U>< zM8*z9GY7R&J(*X2!;wRs1UH+f#F3_|Hw1~+aUH1>2wf_$1;)?pE@3DrsH26tkdu>>!LgyGp;rjV9||^lt*8A`_SH?4 z)mmM(rEYnTyJ<{O-8>2eYhdgxp)#m!mu+fg8dUBwXp=Pl+QAI#7~N%wzD7Ju8E+cu z0JNqLE*_1?K~mslZM9O6>t z0F^Rw9vnc@Vl3b&JCxMx$CdK;D_YtJZ?|dX+Sz`D^qy@;EFA|ZKw8-o)q#EIYY1O*GkN> z*#Hd`qZ#=yy-Le=zlb)!TOWPV$}kA$)|g~Hq68t#qJd*Yz|p8QStG7s>(|?suBA~3 z1o4=~Y78-nPO0UtzfNOvFvSH*Y~j34?Y3upZL7uSZ5_9nk>)Ab{OJtZC5&FeVUK8c6=}n*c5Y5GyXQ*_&Eqa* z?W_$wty~CqAxJt$mX*Unb?P?B{5z^o|zPSoYD-_`?{^M49m?a zGmBT)+v)v}l?&=+Y_@mZ1lW-p&rU6tXD+9Q%k?K%Sz4_rVx5lU5pRla-(}MgSZ0>c zCq8s~!0>2hEv1$}-M6*eJq9=Rw>AoJ#DE)zYfe&ty2@4hxPTgG1oC7-99lq1|f zN%OTxW+{*LL{fz95eQ@+sAeeo8@2=-LWPGL1jB_ODZinRqqYKb92cZ8DJtY`5XLC7 z3xzR;xrg2>SbAK4g+mX7hEQWhkR63b!~~e8sBbWe+E6s5kSooGk{NwO@{2xLlGLTc zpiV0^QaAV|D%7H#{I@8}jRB{JD7QT}w$sXEBafmlfRh|`v14#%w!=QjMr;UfXYm_nbW^n#WX8%tv zfCpZZ9Zs8azA=w`XF%zG%EpJJRp$V}w{?E2784(tifB{O7?Z1HBN3jPi%U*2{OeEJ zR0?gBjgEr63Q{kkk%ngl9|}Wn?178TBG|gg1>TcXwm6}+p9$pZ8q3Ffxf($jD-$ID} z64PA?H;Fra>D3w#^9ySXuer)Q^ouXqwUpM^@i7=6yW{3)wBlzzr-*tL~OdT&f!tIHGM>g#F<1Q=%6Iny<+!Q)$w`g7H- zh8>Mhl=1gwr3c&sosO61`T_m zF*Jn4MX_XRHDgqum2gfw{l-MuwZKOAv0!~@*LD+;rRl@z{y&m+g9cdg;9xsrpLi9|&z zxvdmxQ6@cX?%PCj4s!St7hU;v(B)h~;mn=@#XBY(p%5AHovL#1x#eNHX>cgh96pWq z%sY7eaMFOU47U*ZP{uFYBFvNwia?SZud~r6_AZJ%PW_%1XhA2;YM6UVpQsq-J=+sC zV1Xqi8{N~0tP3hs9*TD{BF*iWkJY3JT&#{MW!fB$iIbRHv;mvsTNZmpHbbu~j^Pwj zVo!=6yO+W!L;bQ$wEjb@uanT9W9M%6_MlL$aH?}0BT+R&nW%f1|LDKMltt4y zl<-t{H)ON2tloBCrNJJE-?cD|LUd|&oyIl8;l;;(8ZbVa=U=XG-iQunJPiwtRxkJq&=>o_VZzM4*sAk-~}mK&1EFFs^HQ4q`KN zih`+rlliUf_%kQ0!64?x2K;2MIt>fg*>{t&NmoSc4B4yWP7l~o&q&LiK9B1qy|m4n zyeArMIo#;AjwJVSYfgvbx&`(3I^~s#elM;uiZ9ZtI`8BbeSRR*7u%JU&Q`JEG&{cC zwSMH&^E-<9q1sutIvc#}Mou#VE#rUresLkC|F_gJhLBCQ!m*r%kxp8jgYRLr1%yP` zh{z~t(5}Pi$o-Mcl|Z5SNow~pRkPaILhNn}vZ{Y+7j3Ac=wqik*Y0^&UNA6!ey!$V z3o&TcxA!W$Ksnf*EJ9)NTi~Vl-FTCpeX!fl=9IF+7E{(*dZ*upK-geaO7szFRJNLaAoXZ66Fs%^d#;|?kN}O zF2x?u7YHFWeK9pB7LGI0n#(z6)P%hDw_Nx6Aav7Dyfq3$MZ$w`S@0+{36c94*?t>S z;nNtU0!Q^rKnnNyf#LPVO<7y>b?()MA7wS+9T+UArIrGE8S zq#Rr)V^$8{(DW5x8If-zl{2?~E#JactOT((kpXd@b`ARX1^Y^aS)j0@}(FgjYB z8^>6B@JK)&+s8Y^B-&_MfvR@rS7Td+9nmvD|o5 zP;^u0S3Z)l7B&OTaKf!FXSB5eg-pn$`r`IWGrwkQ>P~ysA!QlmrQ39Ax8ZY+-@5k6 z-4s_|3qeTyUf<&vUykV6Ju(McBDKl$w7UO%nR(`#A#j7_fzl+h~#(LNIeqn2rD+_=b>%TiD|qeddVALfrtq};c%OuXGpzz{3J21Hnt8gR)I zr?i-W-E8%7UgFC{B|p(&=9tQh7I->Y77RM}IpSpQ$%uw{+PK)nwCTupn?q7-E;NRh zo_%25ujcqecuXDcQXqrV5`t`q&Rqd~oJB)b@{K;My$I=+JlJ%InXjUOHAWZ?qo|^Nc zItkKR$@<$$aDXO~Wf>6K3ED}d!i*sfV0ENH&dN1H#6S7NbafDF#K#6$RO*jE8A+hD zm-uC?^NjGQJHhMHlww6OmMP}pVjv6J!9K11!BeWf^TAM^CC=aXORhD(XC?!Ps-j~g zuKW``i~Iw7$FSJ0jDGVE)B9;q1YASu-MOD(=i8qc>yqeARpzv>q|DCFs`w-yxCc@? zm8HP?bWvzaP+84xIC6jV#=+^3$W#1>4P?h%n-@@KAOlWzPt3`m=G(`*mfgnGM|~*< zh_PE;rx7_#C2vBNwi`K4lahW@QS$i8vi-Z=k)7Z!-4PX*jTQx0E@#qp#_7~G#)(4cZNCXpVWvzHq;TGK=A+X7M^fG)1d^S*Ij6AF_kMy0BLn zXdheWYHpjHPBWZ$7KP|m-9LhseN4*QW%9i4G`u0Lci^;V$SnN)8VYU3s;@#YRN(}!;)30bo#XMk zfBeHwyk`mohQzHEN8q zxIsEYen3q@{_OneAnw;Wr)7y3SjWL4>8`N1RtM>e~+hHcMXlZC7b#* zll;-_=TV~qrfo`U>WN$R%u`GWj(P{SKb$rmhyV^pE#Z6CfK47(-OrafMQ0+Obb#9% zSr8fxAq{tX4|lZKZ#}!({?Q7V(FtbP96lntjZ#?Yjhf$!dPSbbaVYWP_POvWEB(tl zFE)X{iP}hB*)9^hoxlhiaT=TCVjgrrCq_z${=s2ilKPq6gD?*%33t+|;>CE$KHTfoxtvTIj;S5Ozi5IU*<((@LXB?>w(vn=@W z-N-=(5&^Cn55CiT_Y9AH&C2tYnLryyZk;HEH!~NFdj-0kHxq)`I<5ASwE0le>Wr|Q zj@CaI1cROF^hTOg$9EcvAQ#tJ7Uk+(e)GFxbT2&|^VY;h&jkq0kwzn$jo+{cVcmC1 zo{l(X&Z9KxPqx~ucn-(sM-K=pLT2t4iPYLM?Cm)o`IT&h^42g8JhZsGF;F^33VnlO zw7D1gteKU0sziSa4=&7S`7650k9=(1M0_!~*%CrgDKfGs^w(^pS|T!?7Lp1lA~#h1 zjfL=|cc^a)7aP?dFC3l2ds#8s+hksW@zeRea=m3NlO$6EYR%pmND010kxm~UQMNSC z9cj4lPeAH{7Y6c4+B;>;D0xy*%1tmAd%@Rh+&1%1+`Nog%y@w<=QES*<{8KH#aP62 z`FX|s!HR{Ooa+HZc(}~Ps_)C<3zR8UiP!K#CIhMr-e&9lwDu|v4nwAF4f{DizYTA& z@{!FHpUymk`SIY#mcgBsEg0;xsyta^826LCSo#Q;YbFxi>Z7Y_;Smm&VJ#37U)UMb ze><_{_2Yh@lljZ3UbW#$HYFOLk27fR+__N)hT?v^%eii@r2aL*5iT z=xxD1VAq~VMKrsgSgU&L!!@qXf_SvPj6D&-B@`U z)mdJve!!6H7zA7vY65{F7QQEfES8W&oJhx2%^f%1W5gTT{K!#{5*ezD27Bye2EuLJ zx}J8rLw%cZ1n<-HId|J_bo%To6(+NqqsRTTL%_G0XLsuuVO#Tpdg^y`8oyYiz!@_I zO?gbrfQ-6a2W=Jx%%0`U_!#jk9;<91^A4EEFQyC|>G+nOYQ%C!N_Qjfl_9Bwv|8Mq zjq?|aL~?D*Y|(xAY%6A^WcUxd&0o@ow}%V!{5FxYes}gjys*z>h*Knc2y;RhXJ}n( zK2!$aPAb?JUoVug+k>=k1$I;to`< zUZkL+3rcQ zyAHUkL~T1G;PkTH?oNIpujh}K$u16V#=3m5-go;Q-W`Co?5YmcvLw9j?Ret7d}O+5 zd+@kD_i3MRi1kzVq3$%q*Ppw5@F-kWNbiqF*ompF(5y7U8Cl+aIy8h zH?hr{1|bb|?>!wKKI(gYfxzMzj0Oq063ewSMGf=2(>G}=9DXC_(WrW6rlyK5%v^E{+|rddpBxoJt45pM129<1wgvZG#f4&eIOjY}$OwS=rC+k7Tk$hx zKNLw9`EsjO@COe2t_-h09{r!ncI&qGNU|t9dsewFn@v0-mh8{bK4=?1vHAUXY3>o9CUHljwNy{629p1ICysz`8dFx zS==#e^so)>YDhZ|&5+bt$oCx;Z=4h}hh7i6izh0Kb&jbIsd(GDQB^@?ZnRlo$ zqAE?;NJt66r%9M!uOtd}ZuL@!U_kJ?%!K-3X1`C#qPuc&_UWKBr9t8P=j1^!^Pe?~ zN%jHDre0OhpMe#6u?&1=R-H^m7Yg#^_pS-D8~y3y;4>&cYd+;=-^pz@RN$$qn9 zB9+$;pN`AC_nR2~HfZTPuV|l{YD2M#NJF{% z3W5CRl4nmC0FSL*w9Fn|f*E!pdf~jp>U^o2(^zBaPA3HL)WyNpLsnJkAY|=bT<^o3 zZ*9b$nZ(OoAskj+T8$@FI5AH9FM<_^J674#Ek%b|CmyZIJlV)8Gi>;Wt(Ui(Av;Xz zdBA+~b~S?~d7c6r5r1Jq?G!xeg;Kr1FImp?v}iZ5a(3r*_bZX&j3U?S$kny|0+DCV zXv?G;Y1Ue(vcuKG2qok@0uZM>OO+cjoBjcJ7NR6Xt~nSK%VkKN zWR~pUohVN!41VXHhV``xVJ2JZLyUACKiPEF7j87*P&SG}Y^o%wEt@WGK4~DBqlq-G zf2SO-foEn$EqZzSBdY0)e6sm#je5TJ?>XN*I$>H~Z(t8th$6j|g}GR{FnXPVmWF}? zTc$iM`xTFCsR(VQJZ%!yPFciIahg9Cl3WQ$iMQ>`EYTxj8)J>Vxp_mM!)#pcVKL`z z|3sa0cx4_HyY2L)%V@p*cX=|gOSv+Y%NhH~MGs`qCMD=ofg;gT)r$8>E#zR{z<;25dS~U*$!>$1~yAj@F2Vv%^fzb+jgqim=25PFl*D{_^@Qh{W8@anLSb7)zL`AGQ~U46_IV4{ z$kT@mH>Ng_4spnu z>DrY+remKL023t7EAsu_KCf^B+Ew9GyCj?#l7XcRBy9ROl`$nH8oI&L_vtg8bYKF& zRXXFo9KsAo_N0w2D3R8c0fL%;r~TT6${HcIV2UX!jq>mB-E;+E6wE)U`86p;xsyq91G8gt z3cWvR1{s1ro$h?#ATEjhE919M}$z~$D15#;TghIP?khgL1(*Eve zbKIzW4U%*Qa4C6>w7+%!;vkSnu^EO43J=K*3N>{!{)NYh`&INU%TL8Itdd)9Rc0y4 z@dW7|sx~AKg*UuI3qT?&+L98}XDY{qkD^L5iJN#16p{N2^U)DiV&c1X!Y9?hX*eU8i=I$5My3N1|P(XH7+)ZST6ouo=^YELDECg6?$Basr&<)l-S!0$LMxq zGTh0x#7){c@}=wd@M*Z@cuZD3r7=p>@|0>o?%7OrsOVRB5Ua=1K+zZOV^kSYM(<=t z61kGi4H_VGgdCk+6sDt7s6;+T`ym6(^0yj^j6Z6ynUX6n=FDFN5r(C2h!VeM1sreE z;1$00jbN~Ul+2Ru4A>Q7w=oip7mfta%$z-9T?XBsBhA<~Z^!7W$&$#d&P+bSM`M%W z&NxJPz&9$DwE-?i5PjThswM_nyAUCtC#yZdE}giCmc5djS+%QGnT=OqR2g@m3O%`$zo>t61c7O? zSt7iGa1etR)*B>3+1kE7Hfmwfj2)^2U+L+uMs|5DeI>^+QR&cf3N~$#RAv*Z9o$fZ(CT@PH zSJ&?k)##9u)^3h|<8@d#Ox&$51!Q%;zDR#5IT<#yjQxFE;9nnH?GROGqFb7}fClK) zKU_S?d033=r1KGS>9X_z(#QNJy4O_sRO#y4R+>Iknv$r zM$m6LJ2;>rHY@1X+HJfkd=DKx!I^^Bi{JEb zE)D~)AvW-h$3zZ43Fn}3v{A1h)`+tiZ`zuYd=bX`}#s$n15`{bIzk83*(shc%q*Yrz3sY;^Fc zHn3{Yfm{PcvYW?KE-Pkmcb%T__2I)0bb;_`jW4ZM;0Ii%TV78#vCP-{>Qq~pIgLF8 znw@IlSQl@XX$D^l9^3bv&>aRY&Dz0xmL@9jtrlhq4FIlOtIf)NgsqUSpJs zTF;pNbSskJ^^Ysqaa&EC^0h1LWA7uxMr(DP^0IA%^47%;6CXOiCm|2@F0y%zvbLfl^+^%BlPogC%#o{|(a!=&h` zi*y}mAfX|jiZV@v8n>SgyP7Ff*yYIkElxFp2rrFf1a2OsX{7O=FDlBB_WQx|R{zNb z_}J@Y&-s^DacAYT zaL1M3;j%aJIbig7Dx z<$v-xyc`BGcRRn!?aocUp&)!gT$Y8MV`ePJwt)?w%v9p|*sP2HdHgp`@nz()Ik+Wa zz$A^_BkK~_8B6DW+_v^a?~w)O9Q!23uYGf}(w3W@cqbP9lzt4*^|(A5d0r)@KmDpV zp9eO>6|QtM{~W`py=*(r{n#}_9?DbyG5$JYQ1B(dm7@Uc)eM>bu6Py7O~{>)?UiMm zNB1_&fB~;#qbOv^Gox9qABWJ#4y*Wp}jiG5?kQEl9D9ehnOsvLSV%!x~QAotnpSt?>fHw{BI>vCgfV}_e9A4@w5kEa5cSRY> z-FhLoWb|@s;%=528EPcxtz|3=hqqrMilWR@W2L&svTbSz2#c zL}3Y`HDHX#nf)Q-vFRNpRk+_)V0VAYG#%D(?)U8h+%#-#EEPC}d;3IalP8EXVc^M8 zzhA$(8chmrjX!a#^ULTPhI4E}f3-xihLsFRnvK>34JA&*;+q4J$|KMEQFaYo!yBg& zS5c?b-=^_Ab1r6WCbot7w#PonYA>Z?ZjCWzEjb9MD?da8M?I#JB)AuD#$O)CAIoyL zZbE8cd^VE^jGDf>NQewlp2V-Meu!#&5mi$OG8pTq^|!#gjL&b8p3bK~^|r}Sj`BoX zY1xi5P*hNugXv$UkS>&&PK|OTD%%Ec``lYdtEA75Vpm8QawRL^T-CkJtA(*VuzU`k z2MHvmm9kf>a?v}0Af=VX)%MsOBaRSDG*^VK%mj$ig=NN7gQiT>GZtE$ih>~|mYFVM zML_l=*-3z;G+%p@(~OCP$s#!1q_@{f*jVAKN~<%DRi)M#Wg#Kr`2$y~(bvSO+5|5i z*f-=!*E-R{(0r#vW$h+{8tEz65q}8iq`@Ye2D18V9_u=_o1Wt6+pM~cdoD`c9@RMk zCYsoyT)A7WB6XBQ615%-Y3_6hu8W|Lc=fg0Q>}vyyQFR+3f8UpwiN@58c4}ID|Soq z(!=kbv3zGgXN(RaAr1#9G{T@&qV@K57h=IAs2*~aZfoVrOy_4o^bIoHQ>2W0R8&Ug zruyINr@%xn^=R2^ix|u*yNp`5s;K?IQlI^G>Z0Sn?fITw9_woQ$H)h`osOCS-NhnX z=QuG>(9J12@*-pPBimG=NB1S^E<>WA}Ta|iqhKP#MJY9PZ$lY6Ca*<`< zoyN`rpuSA~S($=@(A!rmH8eQwIACRT!|i-|uDm}(nTKIYqrF>79%BS!BBQh8oX4-) zHp&TIZQ+F+=(bj%or}LyI~1P^JMY4ln{5nssXp}`gv=0bU8-M!$1%X%_H`YA*9;8{#*<0=ZgM3gZOf& zE;{;qneyEJ>hxQMfKmA8BYf;pQNbb$8PnXz->pq7ux-baN0HT!iO#+4flDOkd|&5s ztys;2=$1ugHEM3#kB7~_<7yD1wqonr==0dL4sObo%G8nCEV=i>PoIm|+J~J;V(TvE z!GB$J{Sp>5eS-P`rg)LU>wm8xlLE_%7-+lPfBtStmDukj2r;=C2LpyE$`-CrsBG!8 z#hR5SEGN;isPy=C(s8f{#WX92i(=Cs&Q@49ubpz!FS|4Rne#KMvRl2WT5_!i;*Pi(bF?dkJ4i-H9D+o}-Ac&=BN6N{F zbj+$T%piRCFT-|uk06QOYYpqrgAp{09!Z)vZlX#L;SpSDuiDpNV8yDn|5_mtD=$8xMW7k9?x%K38pClu@DSHsS8= z?I2MezvstRZ(?@Z8Z9&64D^*hrzLx0PDwn#sU>kCnVLsL94dlc_)7JL%QCTl_-YTr z6{@5Zn>2dPTE&J;WnGDg!RIEyC11Y+OvQEbh7k2ZxD0k5p1+RiGJc56N{Q?&yw4+F zsUO}sR;G$6jQ7o8%n|gO^e+eK=q?x))kX$tXbOLSnk}Q*0UOr2fdC5-H!4zR7#_;| zM)CmQwl(IXs=@gCB!-2pAO9Z9XzeI@^bhSVI~SSjr*}DFf0JOdGXa16{ga-7{x1iw zjBMCH#KXVIi~9aK-qAQg$?zYh+}gqaH`z+~gx!C)ifG7Re@k=JBYNn2r4Pm@4EUQQ z__vRO+P_E3{9nkIJer*cP8pKY^*$GQWtUx^9>2O`eWhpN;P(Efrr#Tv0oJ@(QP>(Z z+tv0#Py`OZ#nJZk0J#LVtydk)13YqP0HvU>4EXP(M?w}{#yTO{9xsbDk0I+`)@ytA z*a|9Gr(G}nUH3CpoK8E4jFnB#0Fll5D92hK>nKvR{1=2DRV}IcC)v;Y*(dwWuXHMP zdOuuTwwoSfx*lV##ychUWa_ZKNqL{C34p){M8hm3@5ot&)N`IjLSuKQoI4KU%qb+p0%PkUb(6<4=q z3n4%V7D6C6!QBhD@SznfxVyU-E(r-P!3mmB1b25U+}$O(yZbxjySHE89^F0qy`OKq zJw}aFa;%Q5xz^tE%sI+Er9XA)e(#Cw_BwG9ektuLngM5A&%2j~)Xr##;kM@J!FS^- z!6|Z~^YrkJS9sntRoa(laLMb8*Tkk|cV^0cH4vGk_dxD)HF#hCv>)Opt$hVI_}z1w z`yNf+{%fpdlX z^*YumQ+hhz0QUx&&)r78!2NU9Mr3C3yOptWZQd(Nn!2uH!rgozk~Q z5-_7boOANhUDTg@P~&m@u?CIFuKh^3=e~`;=;bm`aJ{eAygnVQlyZwywa*LuCEd;M z^`L7N74cWk%O4*?o3Bux)T0M4SZ}xGeR~1HAdV;56}VT=;Q{rt(mE5{cd}{ZaKQSg z((;5h+G*4d+}5=QQ{2*(5?oJi<__(R^#;tEg<7}sIf~V^n@ZECA|L2(vzd>MOO3p$ zR!t(B9D<0agjUy>*Hks3<*Q&0 zuY5->65fPb`&?7YsWe{9lJvE&q%PZo_)`}HI6OzQyF{}Z$F7H@t1B!E4EeSW317vV zMK-ir-DdH)?obSBBNnA?Oy80^x_4c=uMVh9yQ~{Ur1HS3U2Ba1S*pc`gM`O}rF(ur ziW>%uFmyk?zH^wl0dnM~dcwe6{4`UDFqVerhdpEKO@jy`_S&Nn6uF`NLz&Xu$fb=g zVZOH3Mo(ThbAr=OKxn{QChPIaQ%1hIrEg6BQ)&8Pv(L9}gg|#68tr;jhg4KAj}5{q z!CSs!;*^b+-Qp78Ic~4xj`efjbn>$8J-2JghSTiZ8ix&@Ly5=lj}Ogq_BSWzh_`~Z zMl1lfo7}FCdFcXNr5ggz^qRq1d7;f&r9ij)2?QBZukeJ+)~`cD3zdqev@=59aJ!wn zgFe?xYJh66U6>%zG)L}&?Ob0gf_%Bt;icRCZ>90gK}V7GDgj4Z`&A?vS=oh=oxAo1 z-$OnxKw3UH2Rt^E&)xHr7uyz0plhv zF7)(nN3A*O^3eC1<&o-XEJ~1=Vpm#+&BQPyyZMoCDE*q3)T<Bxr zvC!&xAPsMtwh6sgsG#eC$2um_;}OxE?hRYB%fH;tL_=3b>;;_NBAXPVzm!~)tWILB(oPQ|tlY8sMDSL3jXG-c4k+)<9R zny;2y+q&6RcXu|uujZ;-KRCJ1&2w3Oc>Dn10#^~(n43o6@qHp5dq3gZa^d9adqBHUOMIUeB+A382*k@N`thOM#PqPCRBG_Doh!^n z|G*RbaeeOoMHbq5D{fSM%>yFM!zHq|_XE?ShXMcGCCOU1Rl?QE!dOaUJ8|%W$-}{P zac#*y)uQ|QHrTu4caM#dKJg0i;qbo3T2@tQRp^4i9>noCevDGK@b7W-X(wY+Esex! zo!gC6sWgBFHYvBpA%y2Dmhl6HlYj`EmVqT^ zaf8#B?U`&1q&d}V<6Ra&9`Wf$zbY5L^77k+xDB9 zEjg|t&F8Qu4{|y(>p#6#%9DDq#<|Arh%08 zeUnt&{E*bAmaf0l>W#OK zFU02^%%H}6+Od@O+n)s&fA}P5?s^Yo>K$&iXZYB}%UNe-#(O?j?&YvSNh7C*=b1J0 z>nRFr%{-2Z^zUFtG+qMeA_yauBUyzym23{5we`e8Nc3mx0I;}c($j8gi$hJfKWV39 zUhpG4N3T(ET5sbW^g3eG8?2fXY#kqeqs`kj!@_*LAHC`JSr8e*=CW)g#N!k!t>@iF z^A>maC8CnN3|oiEpw9(Pg4(!#(~*F@obV6{^HEQ3xptl7S7|fh-|b6jS{0`g+Q=A0 z>dv=-xL8N7QZ_E7OCNBjiZVeQ1NR$_ZZ5AWufH8zN&#wkQKH&>$822@Hbzqqsfk`a zl>peB)I!qr53PhGi%B=_eD9rv3<&GfyyKv#SxaxQYR6)TyjE?B((k@0k&>*g5`<+# zjz1zR>Xy^G zeEPC?j>y}9U%R<{z=o!{=^TkWB7F^dDZJXr6?z{SSz@(|Ez{`n#q248-6Ps)y59pW zk4`XXn<0DZ^0gPS2yei!=Vs0y8=BgA^>2`ClqWw^{ys88K_HudR z%`t4!GN&p2{Nw@GThxYQNXIdDHqXN;p^RWD_PSy93u|trBk!509uu zJ5mZlv%bQvih(mg0a3fbEsB_b@*?u~$=pHT1*jP|cz_BmuC^W7H}0t8=eNgO&()pf zUopNNLxX$ksX#Whh#ny)M#8M3atvq}o;*oz%{>6M3Wevks@w&Eq+;2WEemrm19dr9rhOUidx7&te|D)tQ&tm(Zm7&SATX0;n zfL#DL-}66pU)1f%Gz|n0_Fde1^>=-H5LyS6!cXl#)V%*)nQI$_eul_7khGJ6-l$M3z7={${4el|3;Cj)uBXX6E6Cg;cLcGg^k?wP|ozz*b zXf~9#{-pb-)=;zrD6L*qKVB@c3ku%*QT(aLqv{nx7YLHUJ5OB?^1^ViWqa64Q$i+2 zCu;rUx!&VBLYVn_h^|y$X(=ONHV#J)Hy=50zPo9u(3B(yi37VOMqJ->1$X&;a>TDs z$UN|g&~Q?b*t%q04V&l84I!AD-ufYCJTQUiFF-RSos^1EZFdJn-Ny6I}&`i|sFT9A<1XsQDvpn3^Evta(*TFdsgICc~ug0kmEsZ%_xa zLCEQbV)&binH?Z|3WtQrnT~E(sGsBSV!7*%ne)!y7pjKch}tiBK6vN$!MhubSuS>= z$EnbjeY0JUK^n{(Qi!~vw1`yD@V8j4KzQc5QC@&=!e$|qQGm{v-T0Xu@Po@bLy9pX zVD{M>AW=eBj9&CpK*`!4zVMz0cbHwPt5*@}+@Ldi_dAyME1~y9hj}S065@uN5-!;- zKIj&LiX7iZ8>5B3>_?Iv>Po*~EGR1IVl6E=t`+EdE|F=F(6o##S%|oFf4r1zIk=P< z82XxD<6U2wiQc7vT`IZ8rx8CaS;Jyp=Ci$U3@NcmO~D|PvFHFJ#W+q^u3n&Xd?8}1 z%I*<`D{SU%ZWy(}Yy0{g(-QN>Ui%j@7_taCs5cH`DVpt{%C8NJm+xXmb%Hu3wGq7YXGeCV?cIOv%0$baLHpCrwF~pRs@9~E5(dW#<>$dG-B0i)=?^(Bk|$gl!nB)r zpWLr#OJfj8)K^r|r9OYl5zYh=RJ0{#t{TF-M2(=-8M}+va9X$;z4p~UTK^>eF|eXH z7R16zV3WZJV?iL;kM+HhJhD!PuxD~OT42=2Y7qJ-8LX_jdWKmhXB`?Ei_Uw!-z4+u zB_|K%Nb%!gW8HxtDe>*f=Tt$AH)46HuFA`iMV(V$!MuxpTj`*aT%e}d`jY+vGuT5+ z7`z?+p(SJF0!0%Y?L(PdLL1}{5|%^-lFNC-J>u}T>s4J1Zb z!EuTUQ|)8YSptKWt(hH$udvT#XCYu;)(m!Q?PmYO{%hx5vg_{7bJMDDt@mZEK`%oC z=BSU7%E5Y^{ZeHq8P8#mqt9^Jzy(I8f(ZWjTaMnVT1%|Oy2kBOpweYfR7GL<~H69gw?hMsQXS$AH z(2G;*<5VUgr#LE}eXukp9(qDnT%=aNwSO6HYuYu52514vf-A!?HxQ9Z#b)F}Q@wKy z=&=Pc(OMXWBfWuy+K+mf)!L*mntb$_o;WFG)Qe!Ytu@+NH)KO@H^9utUe=(h++L~d zT7Q-$+Q$|g;?PrPtquLc`sp2pd90{}iodGW30%AFSefXFfq1@2QB#50eDu!jat+lm z$&za}yuVk_R88uaDOk#2`QM|wJUSHL0%G0@a2`Sx4Wq)SX9V}z2ao$wb z?qM*VDyR4mbf*f%V`6XQ@f)VO7(%b5*m(E0v*);NTMp?_ano*89HND%4|*nv^AR7S zt?I`(-Y6Z`0uY?M@tDR1ri-|W$V}wc7cv7Haza%n-J+a4GK*?aJV;QqP)7)f%G)*f zPwOBqc}2;AcM&~I={#U?9kUC|GK6I!sn;F_8pN}`qKfYTssF4vL0u>(7Tf+j9Lr)f zTXT=ysW?IG%wj}VakLxOZxk(pe*O)#BbqNAO(|yMFCd3M+7kNOt1ENa1>Cmrd8mq@ zU5vMakImxss+QaNyocR|!06jhY!@jNoziPL0{%;T zEMo$UOYQQ0M0#t2<1#m#S4s+*Q|=Y^HF|%5JkgS^MGn2u-4TbiA)||qpMpfJDhOtL zm&8jci(Fnv;-d0-jtq=l$J7lCYMRMP&ZPV)8ux3h&$qiQB|wrU@swZtEt)i;8TE{V zbr`wX$7iuc6M|Dh!U_?(|LaQv6RzPHnsr=e79=#coxZol72S8 zMwF)lfpm)G@%`5mqknP%nwO3@oQ0Y2!z~FSyf16^xI~6YHZ@hiCW%g(%jhyrue*4D zOvIhP=iK3-m0{eyn6a7aAi3Cd-Y>vE3tZi2;NK7U7@Ep>^j>qXSIEK^8?EsekEdRi zyKrmb<0hTPew6qsO&1Tm!naYGTjhNR#`-zpXI;-_W|;z6>1Z{YHrH8qm8!_eUGJQ; z@t=e07b<=2$jd&-SWk6uCi9^CdyG>AQv{Ih}N{Qn2 z`bUu!+8mYj-0pqAf&V9LF&>UMroL7-npK;<<6Vf;$v9D{YTwTUbh<`dI8!JuKGb^H zyt)Ji53BoHKfb;L1evyQ>O#FN|F>7GA>T$?b|n&5O_61?gJsjpKCjBD{L&O=9OwyEiNK(P*E?$w266Z3nYbzWgGyrsrpP&pP+A*nf(ufG< zaDVL6ow6MXM(aFRK**l)EBIk}_Z?3a+m)-wzC^};q37^D?56<+t@Odk_wL@OV zZ_lvAk)z{%3`h6V%fGA5kf&wj{ATh{ZkfXi)AJv#QVXD6JobMs#IjV2;SNhXUx*V%3_ zYqrM*MQ>oQHF4EtZQp8Oq;0Z?1-t=isPEgq*a)k~GhuV6mUoSUKf`2zl02Rcrp(N=Oa(Xws7?pS=9=nnlsWNK!g=ki)4#4VKUk=#h{ttZ`PXXM zq#$~`SRpA$vFEk2ng^hKnj+gWJ6rjdQDv`5qMKiu(JbGmH}#{p3-*TIuP%dY-lUTb z-|68;1VhhGR~c@n(X!)MHh*?URlm__9+>;w91jP|NF9vq%s)`SF$!cIAL!@h0%y`X zsTrgWa3f6y3Tfl7dwpcsEnhj$s|ZQg7@_G7>@RJqB%Dj@bhS7nXIc#AtQ)NHs*H89 z>3^KUv{_IL{`=OFK@GLMGae?f%L^rg&32YDhB<^1woF*bpvklaCXaL(Q%@L zw0m3E9=h4xybLaa(5a!k=sYgA`22?N)Ekso^@93^nK`o7jv1LP`w$dHgdKQ=n&__i zRk6~Xjre&g6%)gv-yF23MDs_GG?NJIaZ73BMCbK7!B7LJ)YYVzl3$)pZF zdb^YaGnN=i=Bmwp73}iQ`KiWisG>zDrY(3O(m!XEIYotjNdt{Jf=#Sk(+bn~zwgSm{W&&!= zPXw!|0BGt-K*d9uuUi6$G#8Kr)+qBBnCgP@(JYb_Sc19sZYzT?Uo1JkRB;|EOd?Pu_{SWYf3ahDEfTm9N95_~@@Uj(nfLtYI+u+jvLpusw4+mX#V zvF?#Sw`HQguRoo|&|gI1roP$vB7eJqy}X8~i6Ofs>qHtQ_x!Mv%&76(Hr~tf+^RW$qa}$*#br5v#w)R(B{LXx>syc>_vKw1L_-%Yu;~i}9WgRTSQ6fH+`w+%yf5*HJB73Q5 z31BJB8TEwV9K{)s)nuxDvfw^86>{opb-BqDks1j;CL~FHM*-%4PNhFnqsv+=$ptvp zzX^11U><2;wnrLZ&6MiA%jR|Iql-rC*~x`^0$jmS9}x@6FFx$`GbMs` z3%KaT{t20426h7VMc(x?xhFw`!>%Bok<(VFoBrTK%eU&n#&>7}XJKG>DS6wS;Jv zBPMj7Dt^65IJC?0?FM`4xM-OhJ42QrxwKQr>^qE&Ga4?U&pZv%eI}8{rm8ZG4Z}2G z!!}*?fUm2_RUE_i?5$e|`K6=|8=}4n%7G?LhgFf3MfG1dt4--=&@Tqi z%FhP^0Fj~=48I|y+v0jma>=ZA5~ z;o`s?V66m4p@{$qEm0YDVUmH0@Hm6Zj)ZQto@|5XF;VTxw(dJU6Ahzoe-$NK&F_rw zo&#=gclS$=_kzULo|m>OJXs62#TLNkfp)T`1Q2grY5q0=u0?fuVnhJ#za&5WS?WLK zJ8)Nyz*|?GZVuTwzxXp3`Q>`4{9Z-G--HNj$WF)~cXsmsoCfhP6pMdurJi$g_uLI| zW%>JfJZb*v7FUlf|FKB!rmk2A{J^TY_=3XiPd8+lbsK6n`iQ5i8h0v>iMp17t~s55 z?J=tdEOX%Oi>qBKy9(pd@78ESsWYo=u*F9ZYBx&8TA0Z53hv(z0*=-Upbse6FAUQ= zKfgt87m1YM&M>igZw;I<^2qyV>+Ds^3`PoXb_u%;ds8U$?O_+>I1wgje-RKT`;Zt4 z{}>h%BcX=1)Aa6M6QT#QZV!XFsHw5AG)O<}trZCjX*u8eTMr~>@5MNy762o4mM0aF z`jl$b=E|efwedatSrxG_aZiyh{M>~WRkNI zSPOp2%&FVNcmax);DsR*hnOxm-k-!44;X_F=u?9>zZ6^r>NQqTSlLu^iQlMo1oD%V zns5Q?;_~x$iw|q~YYuJtT*vu2Ht9UUM`zlyV#YeT3|R${^w|k>&k;zwp7(Q!^qFSK z8QkK-S~|JlwFRcg32{oKHl<-G+n6#0Rq*N+v$9)Zw4WRVGkzpQn7inJGR2Hf8Oksg z9@qzjRYPspa_7#)Ms|M>6r~ycevXp5@$F&w$ApamA>2Rn`qqZ%Dm=7YBFthoW|94P zX(LnKG==mA2#OXLl0J`(c7C7zb6G-GYwao383s(MII5Ezfb+8prKc+`O>p~cg@1CdQEK1;$Txd8`8+_59;1;yM^XcMlEw;dQ#szEOd}y|3NJ=}KeH4K&qb zV{uA;G<_UFoozS$;LGEaB=Ev!RvPVr7CRDB3@#RKtMqFM#9#FBPBi^(#)G*5+?&=y zSwOn&Qf~!Y`;;7PF<+Yxb}_5sHb|rn5VW08KT5I9h4%z5eP&Rn++^VPN-d&AY~i#{ek4iWQ(a!G$Pb+E$!5+9xuJWi9 zK|unuXo2xcqlf67tLr>CDKOC?~Od!I-Wo2hittTS)weN<T31T&GXg0^SIh3w9Q3_bE69GNk ze-o~NZtQf;y-9VVt|vUW^qL2_=i88aE7B*&VBnaZj2l*WGW}x^U|05^@BY&${ok|F zvbgyC!mDOG+W$6vC&7*MHq3VUoBU>6uJnJwLMtrQE$#wrdxqkfv<|j`K7PS7kH&Be zy+7j(TtArr9ImSz5wZS~%x&j*ywbs`chFL`uTmVo`OlGoKSL+vkwO44rcB%XJA?+} zx3C6?tkNc#HiYY42CpM&ANMv6+dz1@nAqCL|0IH2Ie-0}IYDWK*^S^CK3MzGg>(sQ zj_%>M(fO5({Nx=Pb~@=DVL9<$8RXNm?(|M9XqSf8Rb&O?)svF^t2$ zCSJ*ue&yWVi+t|``~hYvNEwjox5Bmgh^QFXK$#c7O!{v;pV!I?6wn5u*b35=<|8}L z!HaU6D6657$Bd(P(_?doScKO(dr(0sDf1Abi(uA=P;v?;t*fFNis0_mEYn0W<6ok9 z*_jT0N||CBrS?Z*L2^+ierC_$LEJDi z;e?j*?&lcM=u?LclQlw1)_Uz3REUBlk=x({8=fLBiLQ~h-z-x?XTPHWRLFh*b(J+* zi~VekYQpl1Brg5wnxb%$^d6X$NwB~U&?y3Ih1(&ZrK885)4fx$(}`E!1uAnFXB`!XSnL71`6WP7Nm-6lr zlS!)FWFB!D?n|lpW8NKspLVy-d&mS0LEW$(5L<4}2Yu?={0|>wWL5`tWb^pT8&O~& zwmpaZ&d*(T(&*FJSWzxN*&rw1N}nk0Gi-!Z?shy{daOx8h4jC$F*}Wf^5DVKKlPrO zM3!*0gnOQ4AT|DgxlJC1`0%x$%%U;?Sz08*-?e2-8PMf!#v8E9tX@6nNDS1LUZX~Z z1ZZ@oCjxUFxlW@G#(PdW-^}nSH~~_vHBaSqk7yT$(n?gM8I8UsPlP)^8HX0-{c(Y9 zxE#Eyzv?S&EgV4>N;?TOEoxl0g?6$nH#C04o)U1PC9@2cyEZs1`kpfDa0(4i@x4)ca*5I`*{7s9N-{=s@44Uhw#6V|#y!+! zjRZ;L0IG;Tv5e$h<#eG#XsXRzimroZ&zc1vC=xBmtA~4u^igFx_>i zYk#pZ*|xg=0{$ub2X#}({|W#9pb0Mm73-f2`2QeN{wM#~))I;^ZJw_qqy1;IYX--_ z5U*y}-&ABS{{M^oet}^3+(Y2;?$mmwY(35AVsA#YcxrCz=nq5~W6wGQqq|y!#O)F_ z?x)mmS#-5e*Dbo?qI7jI5Jx5UAYyAXgv0?sK?NKD{V^XRT<9*o zVK8SiI&!sSLIT8U8Cd3Wz}ZXv=~gzKXvdA5l$NR^51fyqhZW}PNC7~JPI2ORfb+p) z`vtf8&jvZM=Rb_UNqqSfN$MO_20x+biSe3`G)4V{82<9uaz z(AaAl8L1fNG!+MaNrvu>FKsA6W3k;F-K$?(t(UbF=7bzxFIxzt1$EZ}YzYlDm1a?X z!qHwwzCoUCf-DpY?u?}}R=8@y-_!W+_`?_083mH~&tn^f;s{6B;b1K}s38jAeXbW} zWc#zm)Zv8Gbd?Ds^Euq~@GKCi z&=z$LuEfHf`95c;8+AiAQ4uXbIU;ZhFChog_lvEZXedWsxBd$gAp&a(SJ8wC58x$$ z$5mtnXw3k;ehu94W<;DD4h64xF?>*A3NDIm{$lAC`c5WE1ogT z+gfQG*i(2oh>hD|h5s0Nxg|k{`(E(f{`afU~5v2?a^o;$r zh2~jb#o3yZsXnUVWYxOST-4>|^ub3hrB^p9Oobk>oUkhV+a4gYNQ%DZXg^2L^be~- z%rYsx?LvXJ>#Wfg2Tlb6$2`w@yQ16 zWv$ija{=Csg9EF{52s?XN(@#sJr3)EJqCcsJTY9##Kb<(YD0MfBT0pKV1byLg{m~( zOZoW>;87*v$;~SMxWJ1%Pno$YnxZulC8+%v!yI=PNqu0L$`5M%JbId<)z^atLDdrWbk;4sG=%ImUlKO zx5V;3txlxBl>eBB|7l(~o3m+nVCuL20`l}(pZ7EI(^Ne|ANgq-Z&dFu?cnWw@bc)} zk`KS@(@vKVwI00I){}m`FMjiUv*@|r?Y-;vg{ombD)8eS!duckTU*;fowm?hi!_(> zgVc@3yUqDuzZrz@ud|CD?vzdu?}VSj!L{_&Ug^7H-A?mHID6)&GcUVVqWcm8t4M(h z%?2j_^*&Mj+b+{oE!dtPEb!~-=m>6aZl?QALh1!wub-A?6a$VKV;=|&7Bd&VnzOsR z`!?qV@O?}3LdT(zt7STuKyzcGw_<&Me!dxEo6iq1TQPsgJnB`3sXW>79I|M&*#fHs<`|F4NS;gHgUrJ{`zX~=)*?$uH_CSF#d#Z88&XfM zP@B1vEq+?`tzI^^GQFvjkpPKqS7N{@UtcfBoCaK81STpefC<-43i$FS5(vNQ4JoimNQ7oNj8|OEu4(OKZ;z>f>?ZcSsBo6-{Wb~a zw8bw0O9FOD3-ur~Qi4fmI;?{&b0ACBSRkdVP*BFZxs zq}je2tS0m5N%!izu z`|^J#)(y_CSg@q~(BYFeGeg@e9fv76%Bgo}q(=|tM;{}%n5=R0FlUoq<#F6lD9`+{ zH4YfVn->}%zsdaCd-o|`Vzf+ZEEAk2a2RTIpt)E!QQ@UAMNFeQHbCF2oa`05D%sns z*t1Z~X+wxEQq+m%XLhopIB>7z?GWj?IW1dmTI<-vc)#rG4-4gl56Xjw51;mZ2{30eh^B@+S1o^eXs#v<1e^)i{YiKFQ+U&ZPL;*CBgXkAqT z%4fTaLMH^h!4ef;ZbO?z^gz!7O7~B9ztqOU18?Wq^X#OM4vD&dS^((0@VU6BGQ(VbG z-C``XLPsr6=`aeFFJwoqHW#NZBE=6(S*@yBthXA@fSj)HCnmq9RJL{Jnbm+(A8n zebv>93IcAuqMj3iSvGTKxGpdKPh5VKCQS%|why%9<#P2b#$3CuA(uB1&FBE?9N~EY zK;dz^F_2$Ti$|^8=u0{Ngu66tD|9qfnuX3zPELEDJVUDOmYUv+FKq(PRGQTT1|4vI zz5yil*!g)o8t^uinz{Nsi`dunm%_hUWq==l$Bh`d8Y;Y@3(0uG3gC;+!$yDO_CGNa zFT|bB=kdOzLdb{Fo8|tbuQvZ_tpMC7{H|WY@cgB-5&u=VO3%jt^C=;?GqV2Zvx46H zXJwUaT^PW3aEz|UqHK0gnEveP;~fP6@pvI9z}prGS_c5-aBzKCdry-V$LD|23Lr)J ndr8R>g#Z8Z{|kp@{t=}}` supports backup and restoration of Redis databases. This guide will show you how you can take a logical backup of your Redis databases and restore them using Stash. + +## Before You Begin + +- At first, you need to have a Kubernetes cluster, and the `kubectl` command-line tool must be configured to communicate with your cluster. +- Install Stash in your cluster following the steps [here](/docs/setup/install/stash/index.md). +- If you are not familiar with how Stash backup and restore Redis databases, please check the following guide [here](/docs/addons/redis/overview/index.md). + +You have to be familiar with following custom resources: + +- [AppBinding](/docs/concepts/crds/appbinding/index.md) +- [Function](/docs/concepts/crds/function/index.md) +- [Task](/docs/concepts/crds/task/index.md) +- [BackupConfiguration](/docs/concepts/crds/backupconfiguration/index.md) +- [BackupSession](/docs/concepts/crds/backupsession/index.md) +- [RestoreSession](/docs/concepts/crds/restoresession/index.md) + +To keep things isolated, we are going to use a separate namespace called `demo` throughout this tutorial. Create `demo` namespace if you haven't created already. + +```bash +$ kubectl create ns demo +namespace/demo created +``` + +> Note: YAML files used in this tutorial are stored [here](https://github.com/kubestash/docs/tree/{{< param "info.version" >}}/docs/addons/redis/helm/examples). + +## Prepare Redis + +In this section, we are going to deploy a Redis database. Then, we are going to insert some sample data into it. + +### Deploy Redis + +At first, let's deploy a Redis database. Here, we are going to use [bitnami/redis](https://artifacthub.io/packages/helm/bitnami/redis) chart from [ArtifactHub](https://artifacthub.io/). + +Let's deploy a Redis database named `sample-redis` using Helm as below, + +```bash +# Add bitnami chart registry +$ helm repo add bitnami https://charts.bitnami.com/bitnami +# Update helm registries +$ helm repo update +# Install bitnami/redis chart into demo namespace +$ helm install sample-redis bitnami/redis -n demo +``` + +This chart will create the necessary StatefulSet, Secret, Service etc. for the database. You can easily view all the resources created by chart using [ketall](https://github.com/corneliusweig/ketall) `kubectl` plugin as below, + +```bash +❯ kubectl get-all -n demo -l app.kubernetes.io/instance=sample-redis +NAME NAMESPACE AGE +configmap/sample-redis-configuration demo 117s +configmap/sample-redis-health demo 117s +configmap/sample-redis-scripts demo 117s +endpoints/sample-redis-headless demo 117s +endpoints/sample-redis-master demo 117s +endpoints/sample-redis-replicas demo 117s +persistentvolumeclaim/redis-data-sample-redis-master-0 demo 117s +persistentvolumeclaim/redis-data-sample-redis-replicas-0 demo 117s +persistentvolumeclaim/redis-data-sample-redis-replicas-1 demo 79s +persistentvolumeclaim/redis-data-sample-redis-replicas-2 demo 51s +pod/sample-redis-master-0 demo 117s +pod/sample-redis-replicas-0 demo 117s +pod/sample-redis-replicas-1 demo 79s +pod/sample-redis-replicas-2 demo 51s +secret/sample-redis demo 117s +serviceaccount/sample-redis demo 117s +service/sample-redis-headless demo 117s +service/sample-redis-master demo 117s +service/sample-redis-replicas demo 117s +controllerrevision.apps/sample-redis-master-755dd8b64d demo 117s +controllerrevision.apps/sample-redis-replicas-7b8c7694bf demo 117s +statefulset.apps/sample-redis-master demo 117s +statefulset.apps/sample-redis-replicas demo 117s +endpointslice.discovery.k8s.io/sample-redis-headless-6bvt2 demo 117s +endpointslice.discovery.k8s.io/sample-redis-master-78wcv demo 117s +endpointslice.discovery.k8s.io/sample-redis-replicas-vhc7z demo 117s +``` + +Now, wait for the database pod `sample-redis-master-0` to go into `Running` state, + +```bash +❯ kubectl get pod -n demo sample-redis-master-0 +NAME READY STATUS RESTARTS AGE +sample-redis-master-0 1/1 Running 0 2m57s +``` + +Once the database pod is in `Running` state, verify that the database is ready to accept the connections. + +```bash +❯ kubectl logs -n demo sample-redis-master-0 +1:C 28 Jul 2021 13:03:28.191 # oO0OoO0OoO0Oo Redis is starting oO0OoO0OoO0Oo +1:C 28 Jul 2021 13:03:28.191 # Redis version=6.2.5, bits=64, commit=00000000, modified=0, pid=1, just started +1:C 28 Jul 2021 13:03:28.191 # Configuration loaded +1:M 28 Jul 2021 13:03:28.192 * monotonic clock: POSIX clock_gettime +1:M 28 Jul 2021 13:03:28.192 * Running mode=standalone, port=6379. +1:M 28 Jul 2021 13:03:28.192 # Server initialized +1:M 28 Jul 2021 13:03:28.193 * Ready to accept connections +``` + +From the above log, we can see the database is ready to accept connections. + +### Insert Sample Data + +Now, we are going to exec into the database pod and create some sample data. The helm chart has created a secret with access credentials. Let's find out the credentials from the Secret, + +```yaml +❯ kubectl get secret -n demo sample-redis -o yaml +apiVersion: v1 +data: + redis-password: WTFZTENrZmNpcw== +kind: Secret +metadata: + annotations: + meta.helm.sh/release-name: sample-redis + meta.helm.sh/release-namespace: demo + creationTimestamp: "2021-07-28T13:03:23Z" + labels: + app.kubernetes.io/instance: sample-redis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redis + helm.sh/chart: redis-14.8.6 + name: sample-redis + namespace: demo + resourceVersion: "530037" + uid: a48ce23a-105d-4d92-9067-c80623cbe269 +type: Opaque + +``` + +Here, we are going to use `redis-password` to authenticate and insert the sample data. + +At first, let's export the password as environment variables to make further commands re-usable. + +```bash +export PASSWORD=$(kubectl get secrets -n demo sample-redis -o jsonpath='{.data.\redis-password}' | base64 -d) +``` + +Now, let's exec into the database pod and insert some sample data, + +```bash +❯ kubectl exec -it -n demo sample-redis-master-0 -- redis-cli -a $PASSWORD +Warning: Using a password with '-a' or '-u' option on the command line interface may not be safe. +# insert some key value pairs +127.0.0.1:6379> set key1 value1 +OK +127.0.0.1:6379> set key2 value2 +OK +# check the inserted data +127.0.0.1:6379> get key1 +"value1" +127.0.0.1:6379> get key2 +"value2" +# exit from redis-cli +127.0.0.1:6379> exit +``` + +We have successfully deployed a Redis database and inserted some sample data into it. In the subsequent sections, we are going to backup these data using Stash. + +## Prepare for Backup + +In this section, we are going to prepare the necessary resources (i.e. database connection information, backend information, etc.) before backup. + +### Ensure Redis Addon + +When you install Stash, it will automatically install all the official database addons. Make sure that Redis addon was installed properly using the following command. + +```bash +❯ kubectl get tasks.stash.appscode.com | grep redis +redis-backup-6.2.5 24m +redis-restore-6.2.5 24m +``` + +This addon should be able to take backup of the databases with matching major versions as discussed in [Addon Version Compatibility](/docs/addons/redis/README.md#addon-version-compatibility). + +### Create AppBinding + +Stash needs to know how to connect with the database. An `AppBinding` exactly provides this information. It holds the Service and Secret information of the database. You have to point to the respective `AppBinding` as a target of backup instead of the database itself. + +Stash expect your database Secret to have `password` keys. If your database secret does not have the expected key, the `AppBinding` can also help here. You can specify a `secretTransforms` section with the mapping between the current keys and the desired keys. + +Here, is the YAML of the `AppBinding` that we are going to create for the Redis database we have deployed earlier. + +```yaml +apiVersion: appcatalog.appscode.com/v1alpha1 +kind: AppBinding +metadata: + name: sample-redis + namespace: demo +spec: + clientConfig: + service: + name: sample-redis-master + path: / + port: 6379 + scheme: http + secret: + name: sample-redis + secretTransforms: + - renameKey: + from: redis-password + to: password + type: redis + version: 6.2.5 +``` + +Here, + +- **.spec.clientConfig.service** specifies the Service information to use to connects with the database. +- **.spec.secret** specifies the name of the Secret that holds necessary credentials to access the database. If your Redis is not using authentication, then don't provide this field. +- **.spec.secretTransforms** specifies the transformations required to achieve the desired keys from the current Secret. You can apply the following transformations here: + - **addKey**: If your database Secret does not have an equivalent key expected by Stash, you can add the key using `addKey` transformation. + - **renameKey**: If your database Secret does not have a key expected by Stash but it has an equivalent key that is used for the same purpose, you can use `renameKey` transformation to specify the mapping between the keys. For example, our Redis Secret didn't have `password` key but it has an equivalent `redis-password` key that contains password for the database. Hence, we are telling Stash using `renameKey` transformation that the `redis-password` should be used as `password` key. + - **addKeysFrom**: You can also merge keys from another Secret using `addKeysFrom` transformation. You have to specify the respective Secret name and namespace as below: + ```yaml + addKeysFrom: + name: + namespace: + ``` +- `spec.type` specifies the type of the database. This is particularly helpful in auto-backup where you want to use different path prefixes for different types of database. + +Let's create the `AppBinding` we have shown above, + +```bash +$ kubectl apply -f https://github.com/kubestash/docs/tree/{{< param "info.version" >}}/docs/addons/redis/helm/examples/appbinding.yaml +appbinding.appcatalog.appscode.com/sample-redis created +``` + +>The `secretTransforms` does not modify your original database Secret. Stash just uses those transformations to obtain the desired keys from the original Secret. + +### Prepare Backend + +We are going to store our backed up data into a GCS bucket. So, we need to create a Secret with GCS credentials and a `Repository` object with the bucket information. If you want to use a different backend, please read the respective backend configuration doc from [here](/docs/guides/backends/overview/index.md). + +**Create Storage Secret:** + +At first, let's create a secret called `gcs-secret` with access credentials to our desired GCS bucket, + +```bash +$ echo -n 'changeit' > RESTIC_PASSWORD +$ echo -n '' > GOOGLE_PROJECT_ID +$ cat downloaded-sa-json.key > GOOGLE_SERVICE_ACCOUNT_JSON_KEY +$ kubectl create secret generic -n demo gcs-secret \ + --from-file=./RESTIC_PASSWORD \ + --from-file=./GOOGLE_PROJECT_ID \ + --from-file=./GOOGLE_SERVICE_ACCOUNT_JSON_KEY +secret/gcs-secret created +``` + +**Create Repository:** + +Now, crete a `Repository` object with the information of your desired bucket. Below is the YAML of `Repository` object we are going to create, + +```yaml +apiVersion: stash.appscode.com/v1alpha1 +kind: Repository +metadata: + name: gcs-repo + namespace: demo +spec: + backend: + gcs: + bucket: stash-testing + prefix: /demo/redis/sample-redis + storageSecretName: gcs-secret +``` + +Let's create the `Repository` we have shown above, + +```bash +$ kubectl create -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/redis/helm/examples/repository.yaml +repository.stash.appscode.com/gcs-repo created +``` + +Now, we are ready to backup our database into our desired backend. + +### Backup + +To schedule a backup, we have to create a `BackupConfiguration` object targeting the respective `AppBinding` of our desired database. Then Stash will create a CronJob to periodically backup the database. + +#### Create BackupConfiguration + +Below is the YAML for `BackupConfiguration` object we care going to use to backup the `sample-redis` database we have deployed earlier, + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: sample-redis-backup + namespace: demo +spec: + schedule: "*/5 * * * *" + task: + name: redis-backup-6.2.5 + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-redis + retentionPolicy: + name: keep-last-5 + keepLast: 5 + prune: true +``` + +Here, + +- `.spec.schedule` specifies that we want to backup the database at 5 minutes intervals. +- `.spec.task.name` specifies the name of the Task object that specifies the necessary Functions and their execution order to backup a Redis database. +- `.spec.repository.name` specifies the Repository CR name we have created earlier with backend information. +- `.spec.target.ref` refers to the AppBinding object that holds the connection information of our targeted database. +- `.spec.retentionPolicy` specifies a policy indicating how we want to cleanup the old backups. + +Let's create the `BackupConfiguration` object we have shown above, + +```bash +$ kubectl create -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/redis/helm/examples/backupconfiguration.yaml +backupconfiguration.stash.appscode.com/sample-redis-backup created +``` + + +#### Verify Backup Setup Successful + +If everything goes well, the phase of the `BackupConfiguration` should be `Ready`. The `Ready` phase indicates that the backup setup is successful. Let's verify the `Phase` of the BackupConfiguration, + +```bash +$ kubectl get backupconfiguration -n demo +NAME TASK SCHEDULE PAUSED PHASE AGE +sample-redis-backup redis-backup-6.2.5 */5 * * * * Ready 11s +``` + +#### Verify CronJob + +Stash will create a CronJob with the schedule specified in `spec.schedule` field of `BackupConfiguration` object. + +Verify that the CronJob has been created using the following command, + +```bash +❯ kubectl get cronjob -n demo +NAME SCHEDULE SUSPEND ACTIVE LAST SCHEDULE AGE +stash-backup-sample-redis-backup */5 * * * * False 0 14s +``` + +#### Wait for BackupSession + +The `sample-redis-backup` CronJob will trigger a backup on each scheduled slot by creating a `BackupSession` object. + +Now, wait for a schedule to appear. Run the following command to watch for a `BackupSession` object, + +```bash +❯ kubectl get backupsession -n demo -w +NAME INVOKER-TYPE INVOKER-NAME PHASE DURATION AGE +sample-redis-backup-1627490702 BackupConfiguration sample-redis-backup 0s +sample-redis-backup-1627490702 BackupConfiguration sample-redis-backup Running 0s +sample-redis-backup-1627490702 BackupConfiguration sample-redis-backup Succeeded 1m18.098555424s 78s +``` + +Here, the phase `Succeeded` means that the backup process has been completed successfully. + +#### Verify Backup + +Now, we are going to verify whether the backed up data is present in the backend or not. Once a backup is completed, Stash will update the respective `Repository` object to reflect the backup completion. Check that the repository `gcs-repo` has been updated by the following command, + +```bash +❯ kubectl get repository -n demo +NAME INTEGRITY SIZE SNAPSHOT-COUNT LAST-SUCCESSFUL-BACKUP AGE +gcs-repo true 93 B 1 2m1s 24m +``` + +Now, if we navigate to the GCS bucket, we will see the backed up data has been stored in `demo/redis/sample-redis` directory as specified by `.spec.backend.gcs.prefix` field of the `Repository` object. + +
    + Backup data in GCS Bucket +
    Fig: Backup data in GCS Bucket
    +
    + +> Note: Stash keeps all the backed up data encrypted. So, data in the backend will not make any sense until they are decrypted. + +## Restore Redis + +If you have followed the previous sections properly, you should have a successful logical backup of your Redis database. Now, we are going to show how you can restore the database from the backed up data. + +### Restore Into the Same Database + +You can restore your data into the same database you have backed up from or into a different database in the same cluster or a different cluster. In this section, we are going to show you how to restore in the same database which may be necessary when you have accidentally deleted any data from the running database. + +#### Temporarily Pause Backup + +At first, let's stop taking any further backup of the database so that no backup runs after we delete the sample data. We are going to pause the `BackupConfiguration` object. Stash will stop taking any further backup when the `BackupConfiguration` is paused. + +Let's pause the `sample-redis-backup` BackupConfiguration, + +```bash +$ kubectl patch backupconfiguration -n demo sample-redis-backup --type="merge" --patch='{"spec": {"paused": true}}' +backupconfiguration.stash.appscode.com/sample-redis-backup patched +``` + +Verify that the `BackupConfiguration` has been paused, + +```bash +❯ kubectl get backupconfiguration -n demo sample-redis-backup +NAME TASK SCHEDULE PAUSED PHASE AGE +sample-redis-backup redis-backup-6.2.5 */5 * * * * true Ready 4h47m +``` + +Notice the `PAUSED` column. Value `true` for this field means that the `BackupConfiguration` has been paused. + +Stash will also suspend the respective CronJob. + +```bash +❯ kubectl get cronjob -n demo +NAME SCHEDULE SUSPEND ACTIVE LAST SCHEDULE AGE +stash-backup-sample-redis-backup */5 * * * * True 0 113s 4h48m +``` + +#### Simulate Disaster + +Now, let's simulate an accidental deletion scenario. Here, we are going to exec into the database pod and delete the sample data we have inserted earlier. + +```bash +❯ kubectl exec -it -n demo sample-redis-master-0 -- redis-cli -a $PASSWORD +Warning: Using a password with '-a' or '-u' option on the command line interface may not be safe. +# delete the sample data +127.0.0.1:6379> del key1 key2 +(integer) 2 +# verify that the sample data has been deleted +127.0.0.1:6379> get key1 +(nil) +127.0.0.1:6379> get key2 +(nil) +127.0.0.1:6379> exit +``` + +#### Create RestoreSession + +To restore the database, you have to create a `RestoreSession` object pointing to the `AppBinding` of the targeted database. + +Here, is the YAML of the `RestoreSession` object that we are going to use for restoring our `sample-redis` database. + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: RestoreSession +metadata: + name: sample-redis-restore + namespace: demo +spec: + task: + name: redis-restore-6.2.5 + repository: + name: gcs-repo + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-redis + rules: + - snapshots: [latest] +``` + +Here, + +- `.spec.task.name` specifies the name of the Task object that specifies the necessary Functions and their execution order to restore a Redis database. +- `.spec.repository.name` specifies the Repository object that holds the backend information where our backed up data has been stored. +- `.spec.target.ref` refers to the respective AppBinding of the `sample-redis` database. +- `.spec.rules` specifies that we are restoring data from the latest backup snapshot of the database. + +Let's create the `RestoreSession` object object we have shown above, + +```bash +$ kubectl apply -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/addons/redis/helm/examples/restoresession.yaml +restoresession.stash.appscode.com/sample-redis-restore created +``` + +Once, you have created the `RestoreSession` object, Stash will create a restore Job. Run the following command to watch the phase of the `RestoreSession` object, + +```bash +❯ kubectl get restoresession -n demo -w +NAME REPOSITORY PHASE DURATION AGE +sample-redis-restore gcs-repo Running 6s +sample-redis-restore gcs-repo Running 16s +sample-redis-restore gcs-repo Succeeded 16s +sample-redis-restore gcs-repo Succeeded 16.324570911s 16s +``` + +The `Succeeded` phase means that the restore process has been completed successfully. + +#### Verify Restored Data + +Now, let's exec into the database pod and verify whether data actual data has been restored or not, + +```bash +❯ kubectl exec -it -n demo sample-redis-master-0 -- redis-cli -a $PASSWORD +Warning: Using a password with '-a' or '-u' option on the command line interface may not be safe. +127.0.0.1:6379> get key1 +"value1" +127.0.0.1:6379> get key2 +"value2" +127.0.0.1:6379> exit +``` + +Hence, we can see from the above output that the deleted data has been restored successfully from the backup. + +#### Resume Backup + +Since our data has been restored successfully we can now resume our usual backup process. Resume the `BackupConfiguration` using following command, + +```bash +❯ kubectl patch backupconfiguration -n demo sample-redis-backup --type="merge" --patch='{"spec": {"paused": false}}' +backupconfiguration.stash.appscode.com/sample-redis-backup patched +``` + +Verify that the `BackupConfiguration` has been resumed, +```bash +❯ kubectl get backupconfiguration -n demo sample-redis-backup +NAME TASK SCHEDULE PAUSED PHASE AGE +sample-redis-backup redis-backup-6.2.5 */5 * * * * false Ready 4h54m +``` + +Here, `false` in the `PAUSED` column means the backup has been resume successfully. The CronJob also should be resumed now. + +```bash +❯ kubectl get cronjob -n demo +NAME SCHEDULE SUSPEND ACTIVE LAST SCHEDULE AGE +stash-backup-sample-redis-backup */5 * * * * False 0 3m24s 4h54m +``` + +Here, `False` in the `SUSPEND` column means the CronJob is no longer suspended and will trigger in the next schedule. + +### Restore Into Different Database of the Same Namespace + +If you want to restore the backed up data into a different database of the same namespace, you have to create another `AppBinding` pointing to the desired database. Then, you have to create the `RestoreSession` pointing to the new `AppBinding`. + +### Restore Into Different Namespace + +If you want to restore into a different namespace of the same cluster, you have to create the Repository, backend Secret, AppBinding, in the desired namespace. You can use [Stash kubectl plugin](https://stash.run/docs/{{< param "info.version" >}}/guides/cli/cli/) to easily copy the resources into a new namespace. Then, you have to create the `RestoreSession` object in the desired namespace pointing to the Repository, AppBinding of that namespace. + +### Restore Into Different Cluster + +If you want to restore into a different cluster, you have to install Stash in the desired cluster. Then, you have to install Stash Redis addon in that cluster too. Then, you have to create the Repository, backend Secret, AppBinding, in the desired cluster. Finally, you have to create the `RestoreSession` object in the desired cluster pointing to the Repository, AppBinding of that cluster. + +## Cleanup + +To cleanup the Kubernetes resources created by this tutorial, run: + +```bash +kubectl delete -n demo backupconfiguration sample-redis-backup +kubectl delete -n demo restoresession sample-redis-restore +kubectl delete -n demo repository gcs-repo +# delete the database chart +helm delete sample-redis -n demo +``` diff --git a/docs/addons/redis/overview/images/redis-logical-backup.svg b/docs/addons/redis/overview/images/redis-logical-backup.svg new file mode 100644 index 0000000..58769ec --- /dev/null +++ b/docs/addons/redis/overview/images/redis-logical-backup.svg @@ -0,0 +1,987 @@ + + + + + + image/svg+xml + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/addons/redis/overview/images/redis-logical-restore.svg b/docs/addons/redis/overview/images/redis-logical-restore.svg new file mode 100644 index 0000000..1ad2800 --- /dev/null +++ b/docs/addons/redis/overview/images/redis-logical-restore.svg @@ -0,0 +1,857 @@ + + + + + + image/svg+xml + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/addons/redis/overview/index.md b/docs/addons/redis/overview/index.md new file mode 100644 index 0000000..480b202 --- /dev/null +++ b/docs/addons/redis/overview/index.md @@ -0,0 +1,85 @@ +--- +title: Redis Backup & Restore Overview | Stash +description: How Redis Backup & Restore Works in Stash +menu: + docs_{{ .version }}: + identifier: stash-redis-overview + name: How does it work? + parent: stash-redis + weight: 10 +product_name: kubestash +menu_name: docs_{{ .version }} +section_menu_id: stash-addons +--- + +# How Stash Backups & Restores Redis Database + +Stash `{{< param "info.version" >}}` supports backup and restore operation of many databases. This guide will give you an overview of how Redis database backup and restore process works in Stash. + +## Logical Backup + +Stash supports taking logical backup of Redis databases using [redis-dump-go](https://github.com/yannh/redis-dump-go). It is the most flexible way to perform a backup and restore, and a good choice when the data size is relatively small. + +### How Logical Backup Works + +The following diagram shows how Stash takes logical backup of a Redis database. Open the image in a new tab to see the enlarged version. + +
    +  Redis Backup Overview +
    Fig: Redis Logical Backup Overview
    +
    + +The backup process consists of the following steps: + +1. At first, a user creates a secret with access credentials of the backend where the backed up data will be stored. + +2. Then, she creates a `Repository` crd that specifies the backend information along with the secret that holds the credentials to access the backend. + +3. Then, she creates a `BackupConfiguration` crd targeting the [AppBinding](/docs/concepts/crds/appbinding/index.md) crd of the desired database. The `BackupConfiguration` object also specifies the `Task` to use to backup the database. + +4. Stash operator watches for `BackupConfiguration` crd. + +5. Once Stash operator finds a `BackupConfiguration` crd, it creates a CronJob with the schedule specified in `BackupConfiguration` object to trigger backup periodically. + +6. On the next scheduled slot, the CronJob triggers a backup by creating a `BackupSession` crd. + +7. Stash operator also watches for `BackupSession` crd. + +8. When it finds a `BackupSession` object, it resolves the respective `Task` and `Function` and prepares a Job definition to backup. + +9. Then, it creates the Job to backup the targeted database. + +10. The backup Job reads necessary information to connect with the database from the `AppBinding` crd. It also reads backend information and access credentials from `Repository` crd and Storage Secret respectively. + +11. Then, the Job dumps the targeted database and uploads the output to the backend. Stash pipes the output of dump command to uploading process. Hence, backup Job does not require a large volume to hold the entire dump output. + +12. Finally, when the backup is complete, the Job sends Prometheus metrics to the Pushgateway running inside Stash operator pod. It also updates the `BackupSession` and `Repository` status to reflect the backup procedure. + +### How Restore from Logical Backup Works + +The following diagram shows how Stash restores a Redis database from a logical backup. Open the image in a new tab to see the enlarged version. + +
    +  Database Restore Overview +
    Fig: Redis Logical Restore Process Overview
    +
    + +The restore process consists of the following steps: + +1. At first, a user creates a `RestoreSession` crd targeting the `AppBinding` of the desired database where the backed up data will be restored. It also specifies the `Repository` crd which holds the backend information and the `Task` to use to restore the target. + +2. Stash operator watches for `RestoreSession` object. + +3. Once it finds a `RestoreSession` object, it resolves the respective `Task` and `Function` and prepares a Job definition to restore. + +4. Then, it creates the Job to restore the target. + +5. The Job reads necessary information to connect with the database from respective `AppBinding` crd. It also reads backend information and access credentials from `Repository` crd and Storage Secret respectively. + +6. Then, the job downloads the backed up data from the backend and injects into the desired database. Stash pipes the downloaded data to the respective database tool to inject into the database. Hence, restore job does not require a large volume to download entire backup data inside it. + +7. Finally, when the restore process is complete, the Job sends Prometheus metrics to the Pushgateway and update the `RestoreSession` status to reflect restore completion. + +## Next Steps + +- Backup your Redis database using Stash following the guide from [here](/docs/addons/redis/helm/index.md). diff --git a/docs/concepts/README.md b/docs/concepts/README.md new file mode 100644 index 0000000..72fee63 --- /dev/null +++ b/docs/concepts/README.md @@ -0,0 +1,38 @@ +--- +title: Concepts | Stash +menu: + docs_{{ .version }}: + identifier: concepts-readme + name: README + parent: concepts + weight: -1 +product_name: kubestash +menu_name: docs_{{ .version }} +section_menu_id: concepts +url: /docs/{{ .version }}/concepts/ +aliases: + - /docs/{{ .version }}/concepts/README/ +--- + +# Concepts + +Concepts help you to learn about the different parts of the Stash and the abstractions it uses. + +This concept section is divided into the following modules: + +- What is Stash? + - [Overview](/docs/concepts/what-is-stash/overview/index.md) provides an introduction to Stash. It also give an overview of the features it provides. + - [Architecture](/docs/concepts/what-is-stash/architecture/index.md) provides a visual representation of Stash architecture. It also provides a brief overview of the components it uses. + +- Declarative API + - [Repository](/docs/concepts/crds/repository/index.md) introduces the concept of `Repository` crd that holds backend information in a Kubernetes native way. + - [BackupConfiguration](/docs/concepts/crds/backupconfiguration/index.md) introduces the concept of `BackupConfiguration` crd that is used to configure backup for a target resource in a Kubernetes native way. + - [BackupBatch](/docs/concepts/crds/backupbatch/index.md) introduces the concept of `BackupBatch` crd that is used to setup backup of multiple co-related targets under single configuration. + - [BackupSession](/docs/concepts/crds/backupsession/index.md) introduces the concept of `BackupSession` crd that represents a backup run of a target resource for the respective `BackupConfiguration` or `BackupBatch` object. + - [RestoreSession](/docs/concepts/crds/restoresession/index.md) introduces the concept of `RestoreSession` crd that represents a restore run of a target resource. + - [RestoreBatch](/docs/concepts/crds/restorebatch/index.md) introduces the concept of `RestoreBatch` crd that allows restore of multiple targets that were backed up using `BackupBatch` under single configuration. + - [Function](/docs/concepts/crds/function/index.md) introduces the concept of `Function` crd that represents a step of a backup or restore process. + - [Task](/docs/concepts/crds/task/index.md) introduces the concept of `Task` crd which specifies an ordered collection of multiple `Function`s and their parameters that make up a complete backup or restore process. + - [BackupBlueprint](/docs/concepts/crds/backupblueprint/index.md) introduces the concept of `BackupBlueprint` crd that specifies a blueprint for `Repository` and `BackupConfiguration` object which provides an option to share backup configuration across similar targets. + - [AppBinding](/docs/concepts/crds/appbinding/index.md) introduces the concept of `AppBinding` crd which holds the information that are necessary to connect with an application like database. + - [Snapshot](/docs/concepts/crds/snapshot/index.md) introduces the concept of `Snapshot` object that represents backed up snapshots in a Kubernetes native way. diff --git a/docs/concepts/_index.md b/docs/concepts/_index.md new file mode 100644 index 0000000..4ea424a --- /dev/null +++ b/docs/concepts/_index.md @@ -0,0 +1,10 @@ +--- +title: Concepts +description: Stash Concepts +menu: + docs_{{ .version }}: + identifier: concepts + name: Concepts + weight: 20 +menu_name: docs_{{ .version }} +--- diff --git a/docs/concepts/crds/_index.md b/docs/concepts/crds/_index.md new file mode 100644 index 0000000..5e2aaef --- /dev/null +++ b/docs/concepts/crds/_index.md @@ -0,0 +1,11 @@ +--- +title: Declarative API | Stash +description: Declarative API +menu: + docs_{{ .version }}: + identifier: crds + parent: concepts + name: Declarative API + weight: 15 +menu_name: docs_{{ .version }} +--- diff --git a/docs/concepts/crds/appbinding/appbinding.yaml b/docs/concepts/crds/appbinding/appbinding.yaml new file mode 100644 index 0000000..f7c5cd9 --- /dev/null +++ b/docs/concepts/crds/appbinding/appbinding.yaml @@ -0,0 +1,22 @@ +apiVersion: appcatalog.appscode.com/v1alpha1 +kind: AppBinding +metadata: + name: quick-postgres + namespace: demo + labels: + app.kubernetes.io/component: database + app.kubernetes.io/instance: quick-postgres + app.kubernetes.io/managed-by: kubedb.com + app.kubernetes.io/name: postgreses.kubedb.com +spec: + type: kubedb.com/postgres + secret: + name: quick-postgres-auth + clientConfig: + service: + name: quick-postgres + path: / + port: 5432 + query: sslmode=disable + scheme: postgresql + version: "10.2" diff --git a/docs/concepts/crds/appbinding/index.md b/docs/concepts/crds/appbinding/index.md new file mode 100644 index 0000000..51b91a9 --- /dev/null +++ b/docs/concepts/crds/appbinding/index.md @@ -0,0 +1,141 @@ +--- +title: AppBinding Overview +menu: + docs_{{ .version }}: + identifier: appbinding-overview + name: AppBinding + parent: crds + weight: 45 +product_name: kubestash +menu_name: docs_{{ .version }} +section_menu_id: concepts +--- + +> New to Stash? Please start [here](/docs/concepts/README.md). + +# AppBinding + +## What is AppBinding + +Stash needs to know how to connect with a target database and the credentials necessary to access it. This is done via an `AppBinding`. + +An `AppBinding` is a Kubernetes `CustomResourceDefinition`(CRD) which points to an application using either its URL (usually for a non-Kubernetes resident service instance) or a Kubernetes service object (if self-hosted in a Kubernetes cluster), some optional parameters and a credential secret. To learn more about AppBinding and the problems it solves, please read this blog post: [The case for AppBinding](https://blog.byte.builders/post/the-case-for-appbinding). + +If you deploy a database using [KubeDB](https://kubedb.com/docs/0.11.0/concepts/), `AppBinding` object will be created automatically for it. Otherwise, you have to create an `AppBinding` object manually pointing to your desired database. + +## AppBinding CRD Specification + +Like any official Kubernetes resource, an `AppBinding` has `TypeMeta`, `ObjectMeta` and `Spec` sections. However, unlike other Kubernetes resources, it does not have a `Status` section. + +An `AppBinding` object created by `KubeDB` for PostgreSQL database is shown below, + +```yaml +apiVersion: appcatalog.appscode.com/v1alpha1 +kind: AppBinding +metadata: + name: quick-postgres + namespace: demo + labels: + app.kubernetes.io/component: database + app.kubernetes.io/instance: quick-postgres + app.kubernetes.io/managed-by: kubedb.com + app.kubernetes.io/name: postgreses.kubedb.com +spec: + type: kubedb.com/postgres + secret: + name: quick-postgres-auth + clientConfig: + service: + name: quick-postgres + path: / + port: 5432 + query: sslmode=disable + scheme: postgresql + version: "10.2" +``` + +Here, we are going to describe the sections of an `AppBinding` crd that are relevant to Stash. + +### AppBinding `Spec` + +An `AppBinding` object has the following fields in the `spec` section that are relevant to Stash: + +#### spec.type + +`spec.type` is an optional field that indicates the type of the app that this `AppBinding` is pointing to. Stash uses this field to resolve the values of `TARGET_APP_TYPE`, `TARGET_APP_GROUP` and `TARGET_APP_RESOURCE` variables of [BackupBlueprint](/docs/concepts/crds/backupblueprint/index.md) object. + +This field follows the following format: `/`. The above AppBinding is pointing to a `postgres` resource under `kubedb.com` group. + +Here, the variables are parsed as follows: + +| Variable | Usage | +| --------------------- | --------------------------------------------------------------------------------------------------------------------------------- | +| `TARGET_APP_GROUP` | Represents the application group where the respective app belongs (i.e: `kubedb.com`). | +| `TARGET_APP_RESOURCE` | Represents the resource under that application group that this appbinding represents (i.e: `postgres`). | +| `TARGET_APP_TYPE` | Represents the complete type of the application. It's simply `TARGET_APP_GROUP/TARGET_APP_RESOURCE` (i.e: `kubedb.com/postgres`). | + +#### spec.secret + +`spec.secret` specifies the name of the secret which contains the credentials that are required to access the database. This secret must be in the same namespace as the `AppBinding`. + +This secret must contain the following keys: + +PostgreSQL : + +| Key | Usage | +| ------------------- | --------------------------------------------------- | +| `POSTGRES_USER` | Username of the target database. | +| `POSTGRES_PASSWORD` | Password for the user specified by `POSTGRES_USER`. | + +MySQL : + +| Key | Usage | +| ---------- | ---------------------------------------------- | +| `username` | Username of the target database. | +| `password` | Password for the user specified by `username`. | + +MongoDB : + +| Key | Usage | +| ---------- | ---------------------------------------------- | +| `username` | Username of the target database. | +| `password` | Password for the user specified by `username`. | + +Elasticsearch: + +| Key | Usage | +| ---------------- | ----------------------- | +| `ADMIN_USERNAME` | Admin username | +| `ADMIN_PASSWORD` | Password for admin user | + +#### spec.clientConfig + +`spec.clientConfig` defines how to communicate with the target database. You can use either an URL or a Kubernetes service to connect with the database. You don't have to specify both of them. + +You can configure following fields in `spec.clientConfig` section: + +- **spec.clientConfig.url** + + `spec.clientConfig.url` gives the location of the database, in standard URL form (i.e. `[scheme://]host:port/[path]`). This is particularly useful when the target database is running outside of the Kubernetes cluster. If your database is running inside the cluster, use `spec.clientConfig.service` section instead. + + > Note that, attempting to use a user or basic auth (e.g. `user:password@host:port`) is not allowed. Stash will insert them automatically from the respective secret. Fragments ("#...") and query parameters ("?...") are not allowed either. + +- **spec.clientConfig.service** + + If you are running the database inside the Kubernetes cluster, you can use Kubernetes service to connect with the database. You have to specify the following fields in `spec.clientConfig.service` section if you manually create an `AppBinding` object. + + - **name :** `name` indicates the name of the service that connects with the target database. + - **scheme :** `scheme` specifies the scheme (i.e. http, https) to use to connect with the database. + - **port :** `port` specifies the port where the target database is running. + +- **spec.clientConfig.insecureSkipTLSVerify** + + `spec.clientConfig.insecureSkipTLSVerify` is used to disable TLS certificate verification while connecting with the database. We strongly discourage to disable TLS verification during backup. You should provide the respective CA bundle through `spec.clientConfig.caBundle` field instead. + +- **spec.clientConfig.caBundle** + + `spec.clientConfig.caBundle` is a PEM encoded CA bundle which will be used to validate the serving certificate of the database. + +## Next Steps + +- Learn how to backup/restore databases using Stash from [here](/docs/guides/addons/overview/index.md). diff --git a/docs/concepts/crds/backupbatch/backupbatch.yaml b/docs/concepts/crds/backupbatch/backupbatch.yaml new file mode 100644 index 0000000..405ec66 --- /dev/null +++ b/docs/concepts/crds/backupbatch/backupbatch.yaml @@ -0,0 +1,57 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: BackupBatch +metadata: + name: deploy-backup-batch + namespace: demo +spec: + repository: + name: minio-repo + namespace: demo + schedule: "*/3 * * * *" + members: + - target: + alias: db + ref: + apiVersion: apps/v1 + kind: AppBinding + name: wordpress-mysql + task: + name: mysql-backup-8.0.14 + - target: + alias: app + ref: + apiVersion: apps/v1 + kind: Deployment + name: wordpress + volumeMounts: + - name: wordpress-persistent-storage + mountPath: /var/www/html + paths: + - /var/www/html + exclude: + - /var/www/html/my-file.html + - /var/www/html/*.json + executionOrder: Parallel + hooks: + preBackup: + exec: + command: + - /bin/sh + - -c + - echo "Sample PreBackup hook demo" + containerName: my-database-container + postBackup: + exec: + command: + - /bin/sh + - -c + - echo "Sample PostBackup hook demo" + containerName: my-database-container + retryConfig: + maxRetry: 3 + delay: 10m + timeOut: 1h30m + retentionPolicy: + name: 'keep-last-10' + keepLast: 10 + prune: true diff --git a/docs/concepts/crds/backupbatch/index.md b/docs/concepts/crds/backupbatch/index.md new file mode 100644 index 0000000..1334649 --- /dev/null +++ b/docs/concepts/crds/backupbatch/index.md @@ -0,0 +1,187 @@ +--- +title: BackupBatch Overview +menu: + docs_{{ .version }}: + identifier: backupbatch-overview + name: BackupBatch + parent: crds + weight: 15 +product_name: kubestash +menu_name: docs_{{ .version }} +section_menu_id: concepts +--- + +# BackupBatch + +## What is BackupBatch + +Sometimes, a single component may not meet the requirement for your application. For example, in order to deploy a WordPress, you will need a Deployment for the WordPress and another Deployment for a database to store its contents. Now, you may want to backup both of the deployment and database together as they are parts of a single application. + +A `BackupBatch` is a Kubernetes `CustomResourceDefinition`(CRD) which lets you configure backup for multiple co-related components(workload, database, etc.) together. + +## BackupBatch CRD Specification + +Like any official Kubernetes resource, a `BackupBatch` has `TypeMeta`, `ObjectMeta`, `Spec` and `Status` sections. + +A sample `BackupBatch` object to backup multiple co-related components is shown below: + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: BackupBatch +metadata: + name: deploy-backup-batch + namespace: demo +spec: + repository: + name: minio-repo + namespace: demo + schedule: "*/3 * * * *" + members: + - target: + alias: db + ref: + apiVersion: apps/v1 + kind: AppBinding + name: wordpress-mysql + task: + name: mysql-backup-8.0.14 + - target: + alias: app + ref: + apiVersion: apps/v1 + kind: Deployment + name: wordpress + volumeMounts: + - name: wordpress-persistent-storage + mountPath: /var/www/html + paths: + - /var/www/html + exclude: + - /var/www/html/my-file.html + - /var/www/html/*.json + executionOrder: Parallel + hooks: + preBackup: + exec: + command: + - /bin/sh + - -c + - echo "Sample PreBackup hook demo" + containerName: my-database-container + postBackup: + exec: + command: + - /bin/sh + - -c + - echo "Sample PostBackup hook demo" + containerName: my-database-container + retryConfig: + maxRetry: 3 + delay: 10m + timeOut: 1h30m + retentionPolicy: + name: 'keep-last-10' + keepLast: 10 + prune: true +``` + +Here, we are going to describe the various sections of `BackupBatch` crd. + +### BackupBatch `Spec` + +A `BackupBatch` object has the following fields in the `spec` section. + +#### spec.driver + +`spec.driver` indicates the mechanism used to backup. Currently, Stash supports `Restic` and `VolumeSnapshotter` as drivers. The default value of this field is `Restic`. For more details, please see [here](/docs/concepts/crds/backupconfiguration/index.md#specdriver). + +#### spec.repository + +`spec.repository.name` indicates the `Repository` crd name that holds necessary backend information where the backed up data will be stored. + +#### spec.schedule + +`spec.schedule` is a [cron expression](https://en.wikipedia.org/wiki/Cron) that specifies the schedule of backup. Stash creates a Kubernetes [CronJob](https://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs/) with this schedule. + +#### spec.executionOrder + +`spec.executionOrder` specifies whether Stash should backup the targets sequentially or parallelly. If `spec.executionOrder` is set to `Parallel`, Stash will start backup of all the targets simultaneously. If it is set to `Sequential`, Stash will not start backup of a target until all the previous members have completed their backup process. The default value of this field is `Parallel`. + +#### spec.members + +`spec.members` field specifies a list of targets to backup. Each member consists of the following fields: + +- **target :** Each member has a target specification. The target specification of a member is the same as the target specification of a `BackupConfiguration` explained [here](/docs/concepts/crds/backupconfiguration/index.md#spectarget). + +- **task :** `task` specifies the name and parameters of the [Task](/docs/concepts/crds/task/index.md) crd to use to backup the target. For more details, please see [here](/docs/concepts/crds/backupconfiguration/index.md#spectask). + +- **runtimeSettings :** `runtimeSettings` allows to configure runtime environment for the backup sidecar or job. You can specify runtime settings at both pod level and container level. For more details, please see [here](/docs/concepts/crds/backupconfiguration/index.md#specruntimesettings). + +- **tempDir :** Stash mounts an `emptyDir` for holding temporary files. It is also used for `caching` for faster backup performance. You can configure the `emptyDir` using `tempDir` section. You can also disable `caching` using this field. For more details, please see [here](/docs/concepts/crds/backupconfiguration/index.md#spectempdir). + +- **interimVolumeTemplate :** For some targets (i.e. some databases), Stash can't directly pipe the dumped data to the uploading process. In this case, it has to store the dumped data temporarily before uploading to the backend. `interimVolumeTemplate` specifies a PVC template for holding those data temporarily. Stash will create a PVC according to the template and use it to store the data temporarily. This PVC will be deleted according to the [backupHistoryLimit](#specbackuphistorylimit). For more details, please see [here](/docs/concepts/crds/backupconfiguration/index.md#specinterimvolumetemplate). + +- **hooks :** Each member has its own hook field which allows you to execute member-specific pre-backup or post-backup hooks. For more details about hooks, please visit [here](/docs/concepts/crds/backupconfiguration/index.md#spechooks). + +#### spec.hooks + +`spec.hooks` allows performing some global actions before and after the backup process of the members. You can send HTTP requests to a remote server via `httpGet` or `httpPost`. You can check whether a TCP port is open using `tcpSocket` hooks. You can also execute some commands using `exec` hook. + +- **spec.hooks.preBackup:** `spec.hooks.preBackup` hooks are executed on each backup session before taking backup of any of the members. +- **spec.hooks.postBackup:** `spec.hooks.postBackup` hooks are executed on each backup session after taking backup of all the members. + +For more details on how hooks work in Stash and how to configure different types of hook, please visit [here](/docs/guides/hooks/overview/index.md). + +#### spec.runtimeSettings + +`spec.runtimeSettings` This runtime settings is applicable for CronJob(used to create `BackupSession`) only. For more details, please see [here](/docs/concepts/crds/backupconfiguration/index.md#specruntimesettings). + +#### spec.backupHistoryLimit + +`spec.backupHistoryLimit` specifies the number of `BackupSession` and its associate resources (Job, PVC etc.) to keep for debugging purposes. The default value of this field is 1. Stash will clean up the old `BackupSession` and it's associate resources after each backup session according to `backupHistoryLimit`. + +#### spec.paused + +`spec.paused` can be used as `enable/disable` switch for backup. If it is set `true`, Stash will not take any backup of the target specified by this BackupBatch. + +#### spec.retentionPolicy + +`spec.retentionPolicy` specifies the policy to follow for cleaning old snapshots. For more details, please see [here](/docs/concepts/crds/backupconfiguration/index.md#specretentionpolicy). + + +#### spec.retryConfig + +`spec.retryConfig` specifies a retry logic for failed backup. For more details, please see [here](/docs/concepts/crds/backupconfiguration/index.md#specretryconfig). + +#### spec.timeOut + +`spec.timeOut` specifies the maximum duration of the backup. For more details, please see [here](/docs/concepts/crds/backupconfiguration/index.md#spectimeout). + +### BackupBatch `Status` + +A `BackupBatch` object has the following fields in the `status` section. + +- **observedGeneration :** The most recent generation observed by the `BackupBatch` controller. + +- **conditions :** The `status.conditions` shows current backup setup condition for this BackupBatch. The following conditions are set by the Stash operator: + +| Condition Type | Usage | +| -------------------- | -------------------------------------------------------------------- | +| `RepositoryFound` | Indicates whether the respective Repository object was found or not. | +| `BackendSecretFound` | Indicates whether the respective backend secret was found or not. | +| `CronJobCreated` | Indicates whether the backup triggering CronJob was created or not. | + +- **memberConditions :** Shows current backup setup condition of the members of a `BackupBatch`. Each entry has the following two fields: + - **target :** Points to the respective target whose condition is shown here. + - **conditions:** Shows the current backup setup condition of this member. + +The following conditions are set for the members of a `BackupBatch`. + +| Condition Type | Usage | +| ---------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------- | +| `BackupTargetFound` | Indicates whether the backup target was found or not. | +| `StashSidecarInjected` | Indicates whether `stash` sidecar was injected into the targeted workload or not. This condition is set only for the target that uses the sidecar model. | + +## Next Steps + +- Learn how to configure `BackupBatch` to backup data from [here](/docs/guides/batch-backup/overview/index.md). diff --git a/docs/concepts/crds/backupblueprint/backupblueprint.yaml b/docs/concepts/crds/backupblueprint/backupblueprint.yaml new file mode 100644 index 0000000..e93f1aa --- /dev/null +++ b/docs/concepts/crds/backupblueprint/backupblueprint.yaml @@ -0,0 +1,35 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: BackupBlueprint +metadata: + name: workload-backup-blueprint +spec: + # ============== Blueprint for Repository ========================== + backend: + gcs: + bucket: stash-backup + prefix: stash/${TARGET_NAMESPACE}/${TARGET_KIND}/${TARGET_NAME} + storageSecretName: gcs-secret + wipeOut: false + # backupNamespace: stash + # ============== Blueprint for BackupConfiguration ================= + schedule: "* * * * *" + backupHistoryLimit: 3 + timeOut: 30m + retryConfig: + maxRetry: 3 + delay: 10m + # task: # no task section is required for workload data backup + # name: workload-backup + runtimeSettings: + container: + securityContext: + runAsUser: 2000 + runAsGroup: 2000 + tempDir: + medium: "Memory" + sizeLimit: "1Gi" + disableCaching: false + retentionPolicy: + name: 'keep-last-5' + keepLast: 5 + prune: true diff --git a/docs/concepts/crds/backupblueprint/index.md b/docs/concepts/crds/backupblueprint/index.md new file mode 100644 index 0000000..5122580 --- /dev/null +++ b/docs/concepts/crds/backupblueprint/index.md @@ -0,0 +1,134 @@ +--- +title: BackupBlueprint Overview +menu: + docs_{{ .version }}: + identifier: backupblueprint-overview + name: BackupBlueprint + parent: crds + weight: 40 +product_name: kubestash +menu_name: docs_{{ .version }} +section_menu_id: concepts +--- + +> New to Stash? Please start [here](/docs/concepts/README.md). + +# BackupBlueprint + +## What is BackupBlueprint + +Stash uses 1-1 mapping among `Repository`, `BackupConfiguration` and the target. So, whenever you want to backup a target(workload/PV/PVC/database), you have to create a `Repository` and `BackupConfiguration` object. This could become tiresome when you are trying to backup similar types of target and the `Repository` and `BackupConfiguration` has only slight difference. To mitigate this problem, Stash provides a way to specify a blueprint for these two objects via `BackupBlueprint` crd. + +A `BackupBlueprint` is a Kubernetes `CustomResourceDefinition`(CRD) which specifies a blueprint for `Repository` and `BackupConfiguration` in a Kubernetes native way. + +You have to create only one `BackupBlueprint` for all similar types of workloads (i.e. Deployment, DaemonSet, StatefulSet etc.). Then, you just need to add some annotations in the target workload. Stash will automatically create respective `Repository`, `BackupConfiguration` object using the blueprint. In Stash parlance, we call this process as **auto backup**. + +## BackupBlueprint CRD Specification + +Like any official Kubernetes resource, a `BackupBlueprint` has `TypeMeta`, `ObjectMeta` and `Spec` sections. However, unlike other Kubernetes resources, it does not have a `Status` section. + +A sample `BackupBlueprint` object to auto backup the volumes of a Deployment is shown below, + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: BackupBlueprint +metadata: + name: workload-backup-blueprint +spec: + # ============== Blueprint for Repository ========================== + backend: + gcs: + bucket: stash-backup + prefix: stash/${TARGET_NAMESPACE}/${TARGET_KIND}/${TARGET_NAME} + storageSecretName: gcs-secret + wipeOut: false + # backupNamespace: stash + # ============== Blueprint for BackupConfiguration ================= + schedule: "* * * * *" + backupHistoryLimit: 3 + timeOut: 30m + retryConfig: + maxRetry: 3 + delay: 10m + # task: # no task section is required for workload data backup + # name: workload-backup + runtimeSettings: + container: + securityContext: + runAsUser: 2000 + runAsGroup: 2000 + tempDir: + medium: "Memory" + sizeLimit: "1Gi" + disableCaching: false + retentionPolicy: + name: 'keep-last-5' + keepLast: 5 + prune: true +``` + +The sample `BackupBlueprint` that has been shown above can be used to backup Deployments, DaemonSets, StatefulSets, ReplicaSets and ReplicationControllers. You only have to add some annotations to these workloads. For more details on how auto backup works in Stash, please visit [here](/docs/guides/auto-backup/overview/index.md). + +Here, we are going to describe the various sections of `BackupBlueprint` crd. + +### BackupBlueprint `Spec` + +We can divide BackupBlueprint's `.spec` section into two parts. One part specifies a blueprint for `Repository` object and other specifies a blueprint for `BackupConfiguration` object. + +#### Repository Blueprint + +You can configure `Repository` blueprint using `spec.backend` field and `spec.wipeOut` field. + +- **spec.backend :** `spec.backend` field is backend specification similar to [spec.backend](/docs/concepts/crds/repository/index.md#specbackend) field of a `Repository` crd. There is only one difference. You can now templatize `prefix` section (`subPath` for local volume) of the backend to store backed up data of different workloads at different directory. You can use the following variables to templatize `spec.backend` field: + +| Variable | Usage | +| --------------------- | ------------------------------------------------------------------------------------------------------------------------------- | +| `TARGET_API_VERSION` | API version of the target | +| `TARGET_KIND` | Resource kind of the target | +| `TARGET_NAMESPACE` | Namespace of the target | +| `TARGET_NAME` | Name of the target | +| `TARGET_RESOURCE` | Plural form of the target kind. i.e. `deployments`, `statefulsets` etc. | + +The following variables are available only for database backup. + +| Variable | Usage | +| --------------------- | ------------------------------------------------------------------------------------------------------------------------------- | +| `TARGET_APP_GROUP` | Represents the application group where the respective app belongs (i.e: `kubedb.com`). | +| `TARGET_APP_RESOURCE` | Represents the resource kind under that application group that the respective app works with (i.e: `postgres`). | +| `TARGET_APP_TYPE` | Represents the total types of the application. It's simply `TARGET_APP_GROUP/TARGET_APP_RESOURCE` (i.e: `kubedb.com/postgres`). | + + If you use the sample `BackupBlueprint` that has been shown above to backup a Deployment named `my-deploy` of `test` namespace, the backed up data will be stored in `stash/test/deployment/my-deploy` directory of the `stash-backup` bucket. Similarly, if you want to backup a StatefulSet with name `my-sts` of same namespace, the backed up data will be stored in `/stash/test/statefulset/my-sts` directory of the backend. + +- **spec.backend.\.storageSecretName:** specifies the name of the secret that holds the access credentials to the backend. + +>Note: `BackupBlueprint` is a non-namespaced crd. So, you can use a `BackupBlueprint` to backup targets in multiple namespaces. However, Storage Secret is a namespaced object. So, you have to manually create the secret in each namespace where you have a target for backup. + +- **spec.wipeOut :** `spec.wipeOut` indicates whether Stash should delete the respective backed up data from the backend if a user deletes a `Repository` crd. For more details, please visit [here](/docs/concepts/crds/repository/index.md#specwipeout). + +#### BackupConfiguration Blueprint + +You can provide a blueprint for the `BackupConfiguration` object that will be created for respective target using the following fields: + +- **spec.schedule :** `spec.schedule` is the schedule that will be used to create `BackupConfiguration` for respective target. For more details, please visit [here](/docs/concepts/crds/backupconfiguration/index.md#specschedule). + +- **spec.backupHistoryLimit :** `spec.backupHistoryLimit` specifies a limit for backup history to keep for debugging purposes. For more details, please visit [here](/docs/concepts/crds/backupconfiguration/index.md#specbackuphistroylimit). + +- **spec.backupNamespace :** `spec.backupNamespace` specifies the namespace where the backup resources (i.e. BackupConfiguration, BackupSession, Job, Repository etc.) will be created. + +- **spec.retryConfig :** `spec.retryConfig` specifies a retry logic for failed backup. For more details, please visit [here](/docs/concepts/crds/backupconfiguration/index.md#specretryconfig). + +- **spec.task :** `spec.task` specifies the name and the parameters of [Task](/docs/concepts/crds/task/index.md) to use to backup the target. You can template the name field with `TARGET_APP_VERSION` variable for database backup. Stash will replace this variable with respective database version. This will allow you to backup multiple database versions with the same `BackupBlueprint`. For more details, please check the following [guide](/docs/guides/auto-backup/database/index.md). + +- **spec.runtimeSettings :** `spec.runtimeSettings` allows to configure runtime environment for backup sidecar or job. For more details, please visit [here](/docs/concepts/crds/backupconfiguration/index.md#specruntimesettings). + +- **spec.tempDir :** `spec.tempDir` specifies the temporary volume setting that will be used to create respective `BackupConfiguration` object. For more details, please visit [here](/docs/concepts/crds/backupconfiguration/index.md#spectempdir). + +- **spec.interimVolumeTemplate :** `spec.interimVolumeTemplate` specifies a PVC template for holding data temporarily before uploading to the backend. For more details, please visit [here](/docs/concepts/crds/backupconfiguration/index.md#specinterimvolumetemplate). + +- **spec.retentionPolicy :** `spec.retentionPolicy` specifies the retention policies that will be used to create respective `BackupConfiguration` object. For more details, please visit [here](/docs/concepts/crds/backupconfiguration/index.md#specretentionpolicy). + +## Next Steps + +- Learn how to use `BackupBlueprint` for auto backup of workloads data from [here](/docs/guides/auto-backup/workload/index.md). +- Learn how to use `BackupBlueprint` for auto backup of database from [here](/docs/guides/auto-backup/database/index.md). +- Learn how to use `BackupBlueprint` for auto backup of stand-alone PVC from [here](/docs/guides/auto-backup/pvc/index.md). diff --git a/docs/concepts/crds/backupconfiguration/backupconfiguration.yaml b/docs/concepts/crds/backupconfiguration/backupconfiguration.yaml new file mode 100644 index 0000000..f8ee28a --- /dev/null +++ b/docs/concepts/crds/backupconfiguration/backupconfiguration.yaml @@ -0,0 +1,77 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: demo-backup + namespace: demo +spec: + driver: Restic + repository: + name: local-repo + namespace: demo + # task: + # name: workload-backup # task field is not required for workload data backup but it is necessary for database backup. + schedule: "* * * * *" # backup at every minutes + paused: false + backupHistoryLimit: 3 + timeOut: 2h + target: + alias: app-data + ref: + apiVersion: apps/v1 + kind: Deployment + name: stash-demo + paths: + - /source/data + exclude: + - /source/data/not-important.txt + - /source/data/*.html + - /source/data/tmp/* + volumeMounts: + - name: source-data + mountPath: /source/data + hooks: + preBackup: + exec: + command: + - /bin/sh + - -c + - echo "Sample PreBackup hook demo" + containerName: my-app-container + postBackup: + executionPolicy: Always + exec: + command: + - /bin/sh + - -c + - echo "Sample PostBackup hook demo" + containerName: my-app-container + runtimeSettings: + container: + resources: + requests: + memory: 256M + limits: + memory: 256M + securityContext: + runAsUser: 2000 + runAsGroup: 2000 + nice: + adjustment: 5 + ionice: + class: 2 + classData: 4 + pod: + imagePullSecrets: + - name: my-private-registry-secret + serviceAccountName: my-backup-svc + tempDir: + medium: "Memory" + sizeLimit: "2Gi" + disableCaching: false + retryConfig: + maxRetry: 3 + delay: 10m + retentionPolicy: + name: 'keep-last-5' + keepLast: 5 + prune: true diff --git a/docs/concepts/crds/backupconfiguration/index.md b/docs/concepts/crds/backupconfiguration/index.md new file mode 100644 index 0000000..9126926 --- /dev/null +++ b/docs/concepts/crds/backupconfiguration/index.md @@ -0,0 +1,297 @@ +--- +title: BackupConfiguration Overview +menu: + docs_{{ .version }}: + identifier: backupconfiguration-overview + name: BackupConfiguration + parent: crds + weight: 10 +product_name: kubestash +menu_name: docs_{{ .version }} +section_menu_id: concepts +--- + +> New to Stash? Please start [here](/docs/concepts/README.md). + +# BackupConfiguration + +## What is BackupConfiguration + +A `BackupConfiguration` is a Kubernetes `CustomResourceDefinition`(CRD) which specifies the backup target, parameters(schedule, retention policy etc.) and a `Repository` object that holds snapshot storage information in a Kubernetes native way. + +You have to create a `BackupConfiguration` object for each backup target. A backup target can be a workload, database or a PV/PVC. + +## BackupConfiguration CRD Specification + +Like any official Kubernetes resource, a `BackupConfiguration` has `TypeMeta`, `ObjectMeta` and `Spec` sections. However, unlike other Kubernetes resources, it does not have a `Status` section. + +A sample `BackupConfiguration` object to backup the volumes of a Deployment is shown below: + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: demo-backup + namespace: demo +spec: + driver: Restic + repository: + name: local-repo + namespace: demo + # task: + # name: workload-backup # task field is not required for workload data backup but it is necessary for database backup. + schedule: "* * * * *" # backup at every minutes + paused: false + backupHistoryLimit: 3 + timeOut: 2h + target: + alias: app-data + ref: + apiVersion: apps/v1 + kind: Deployment + name: stash-demo + paths: + - /source/data + exclude: + - /source/data/not-important.txt + - /source/data/*.html + - /source/data/tmp/* + volumeMounts: + - name: source-data + mountPath: /source/data + hooks: + preBackup: + exec: + command: + - /bin/sh + - -c + - echo "Sample PreBackup hook demo" + containerName: my-app-container + postBackup: + executionPolicy: Always + exec: + command: + - /bin/sh + - -c + - echo "Sample PostBackup hook demo" + containerName: my-app-container + runtimeSettings: + container: + resources: + requests: + memory: 256M + limits: + memory: 256M + securityContext: + runAsUser: 2000 + runAsGroup: 2000 + nice: + adjustment: 5 + ionice: + class: 2 + classData: 4 + pod: + imagePullSecrets: + - name: my-private-registry-secret + serviceAccountName: my-backup-svc + tempDir: + medium: "Memory" + sizeLimit: "2Gi" + disableCaching: false + retryConfig: + maxRetry: 3 + delay: 10m + retentionPolicy: + name: 'keep-last-5' + keepLast: 5 + prune: true +``` + +Here, we are going to describe the various sections of `BackupConfiguration` crd. + +### BackupConfiguration `Spec` + +A `BackupConfiguration` object has the following fields in the `spec` section. + +#### spec.driver + +`spec.driver` indicates the mechanism used to backup a target. Currently, Stash supports `Restic` and `VolumeSnapshotter` as drivers. The default value of this field is `Restic`. + +| Driver | Usage | +| ------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| `Restic` | Used to backup workload data, persistent volumes data and databases. It uses [restic](https://restic.net) to backup the target. | +| `VolumeSnapshotter` | Used to take snapshot of PersistentVolumeClaims of a targeted workload. It leverages Kubernetes [VolumeSnapshot](https://kubernetes.io/docs/concepts/storage/volume-snapshots/) crd and CSI driver to snapshot the PVCs. | + +#### spec.target + +`spec.target` field indicates the target for backup runs. This field consists of the following sub-fields: + +- **spec.target.alias :** The alias is used as an identifer of the backed up data in the backend. This is particularly useful for `BackupBatch` where multiple targets are backed up into a single repository. + +- **spec.target.ref :** `spec.target.ref` refers to the target of backup. You have to specify `apiVersion`, `kind` and `name` of the target. Stash will use this information to inject a sidecar to the target or to create a backup job for it. + +- **spec.target.paths :** `spec.target.paths` specifies list of file paths to backup. + +- **spec.target.exclude :** Specifies a list of pattern for the files that should be ignored during backup. Stash will not backup the files that matches these patterns. + +- **spec.target.volumeMounts :** `spec.target.volumeMounts` are the list of volumes and their `mountPath`s that contain the target file paths. Stash will mount these volumes inside a sidecar container or a backup job. + +- **spec.target.snapshotClassName:** `spec.target.snapshotClassName` indicates the [VolumeSnapshotClass](https://kubernetes.io/docs/concepts/storage/volume-snapshot-classes/) to use for volume snasphotting. Use this field only if `spec.driver` is set to `VolumeSnapshotter`. + +#### spec.repository + +`spec.repository` specifies the name and namespace of the Repository CR that holds the necessary backend information where the backed up data will be stored. + +- `spec.repository.name` specifies the name of the Repository CR. +- `spec.repository.namespace` specifies the namespace of the Repository. If you don't provide this field, Stash will look for the Repository CR in the same namespace as the BackupConfiguration. + +#### spec.schedule + +`spec.schedule` is a [cron expression](https://en.wikipedia.org/wiki/Cron) that specifies the schedule of backup. Stash creates a Kubernetes [CronJob](https://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs/) with this schedule. + +#### spec.backupHistoryLimit + +`spec.backupHistoryLimit` specifies the number of `BackupSession` and its associate resources (Job, PVC etc.) to keep for debugging purposes. The default value of this field is 1. Stash will cleanup the old `BackupSession` and it's associate resources after each backup session according to `backupHistoryLimit`. Stash will always keep the last completed BackupSession when `backuphistorylimit>0`. It will keep the last completed BackupSession even if it exceeds the history limit. This will help to keep the backup history when a backup gets skipped due to another running backup. + +#### spec.timeOut + +`spec.timeOut` specifies the maximum amount of time to wait for the backup to complete. If the backup doesn't complete within this time limit, Stash will mark the respective BackupSession as `Failed`. You can specify the timeout in the following format: + +- Seconds `30s` +- Minutes `10m` +- Hours `1h` +- Combination of seconds, minutes, and hours `10m30s`, `1h30m` etc. + +Stash does not support providing days (`d`) in the `timeOut` field. Use the equivalent hours instead. + +#### spec.task + +`spec.task` specifies the name and parameters of the [Task](/docs/concepts/crds/task/index.md) crd to use to backup the target. + +- **spec.task.name:** `spec.task.name` indicates the name of the `Task` to use for this backup process. +- **spec.task.params:** `spec.task.params` is an array of custom parameters to use to configure the task. + +> `spec.task` section is not required for backing up workload data (i.e. Deployment, DaemonSet, StatefulSet etc.). However, it is necessary for backing up databases and stand-alone PVCs. + +#### spec.paused + +`spec.paused` can be used as `enable/disable` switch for backup. If it is set `true`, Stash will not take any backup of the target specified by this BackupConfiguration. + +#### spec.hooks + +`spec.hooks` allows performing some actions before and after the backup process. You can send HTTP requests to a remote server via `httpGet` or `httpPost` hooks. You can check whether a TCP socket is open using `tcpSocket` hook. You can also execute some commands into your application pod using `exec` hook. + +- **spec.hooks.preBackup:** `spec.hooks.preBackup` hooks are executed before the backup process. +- **spec.hooks.postBackup:** `spec.hooks.postBackup` hooks are executed after the backup process. Unlike the `preBackup` hook, `postBackup` hook has an extra field named `executionPolicy` which let you execute hook based on the backup status. Currently, it support the following values: + - `Always`: The hook will be executed after the backup process no matter the backup has failed or succeeded. This is the default behavior. + - `OnSuccess`: The hook will be executed after the backup process only if the backup has succeeded. + - `OnFailure`: The hook will be executed after the backup process only if the backup has failed. + - `OnFinalRetryFailure`: The hook will be executed after the backup process only if the backup has failed with no more retry attempts left. +For more details on how hooks work in Stash and how to configure different types of hook, please visit [here](/docs/guides/hooks/overview/index.md). + +#### spec.runtimeSettings + +`spec.runtimeSettings` allows to configure runtime environment for the backup sidecar or job. You can specify runtime settings at both pod level and container level. + +- **spec.runtimeSettings.container** + + `spec.runtimeSettings.container` is used to configure the backup sidecar/job at container level. You can configure the following container level parameters: + +| Field | Usage | +| ----------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| `resources` | Compute resources required by the sidecar container or backup job. To learn how to manage resources for containers, please visit [here](https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/). | +| `livenessProbe` | Periodic probe of backup sidecar/job container's liveness. Container will be restarted if the probe fails. | +| `readinessProbe` | Periodic probe of backup sidecar/job container's readiness. Container will be removed from service endpoints if the probe fails. | +| `lifecycle` | Actions that the management system should take in response to container lifecycle events. | +| `securityContext` | Security options that backup sidecar/job's container should run with. For more details, please visit [here](https://kubernetes.io/docs/concepts/policy/security-context/). | +| `nice` | Set CPU scheduling priority for backup process. For more details about `nice`, please visit [here](https://www.askapache.com/optimize/optimize-nice-ionice/#nice). | +| `ionice` | Set I/O scheduling class and priority for backup process. For more details about `ionice`, please visit [here](https://www.askapache.com/optimize/optimize-nice-ionice/#ionice). | +| `env` | A list of the environment variables to set in the sidecar container or backup job's container. | +| `envFrom` | This allows to set environment variables to the container that will be created for this function from a Secret or ConfigMap. | + +- **spec.runtimeSettings.pod** + + `spec.runtimeSettings.pod` is used to configure backup job in pod level. You can configure the following pod level parameters, + +| Field | Usage | +| ------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| `serviceAccountName` | Name of the `ServiceAccount` to use for the backup job. Stash sidecar will use the same `ServiceAccount` as the target workload. | +| `nodeSelector` | Selector which must be true for backup job pod to fit on a node. | +| `automountServiceAccountToken` | Indicates whether a service account token should be automatically mounted into the backup pod. | +| `nodeName` | `nodeName` is used to request to schedule backup job's pod onto a specific node. | +| `securityContext` | Security options that backup job's pod should run with. For more details, please visit [here](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/). | +| `imagePullSecrets` | A list of secret names in the same namespace that will be used to pull image from private Docker registry. For more details, please visit [here](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/). | +| `affinity` | Affinity and anti-affinity to schedule backup job's pod on a desired node. For more details, please visit [here](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). | +| `schedulerName` | Name of the scheduler that should dispatch the backup job. | +| `tolerations` | Taints and Tolerations to ensure that backup job's pod is not scheduled in inappropriate nodes. For more details about `toleration`, please visit [here](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/). | +| `priorityClassName` | Indicates the backup job pod's priority class. For more details, please visit [here](https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/). | +| `priority` | Indicates the backup job pod's priority value. | +| `readinessGates` | Specifies additional conditions to be evaluated for Pod readiness. For more details, please visit [here](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-readiness-gate). | +| `runtimeClassName` | RuntimeClass is used for selecting the container runtime configuration. For more details, please visit [here](https://kubernetes.io/docs/concepts/containers/runtime-class/) | +| `enableServiceLinks` | EnableServiceLinks indicates whether information about services should be injected into pod's environment variables. | + +#### spec.tempDir + +Stash mounts an `emptyDir` for holding temporary files. It is also used for `caching` for faster backup performance. You can configure the `emptyDir` using `spec.tempDir` section. You can also disable `caching` using this field. The following fields are configurable in `spec.tempDir` section: + +- **spec.tempDir.medium :** Specifies the type of storage medium should back this directory. +- **spec.tempDir.sizeLimit :** Maximum limit of storage for this volume. +- **spec.tempDir.disableCaching :** Disable caching while backup. This may negatively impact backup performance. This is set to `false` by default. + +#### spec.interimVolumeTemplate + +For some targets (i.e. some databases), Stash can't directly pipe the dumped data to the uploading process. In this case, it has to store the dumped data temporarily before uploading to the backend. `spec.interimVolumeTemplate` specifies a PVC template for holding those data temporarily. Stash will create a PVC according to the template and use it to store the data temporarily. This PVC will be deleted according to the [spec.backupHistoryLimit](#specbackuphistorylimit). + +>Note that the usage of this field is different than `spec.tempDir` which is used for caching purpose. Stash has introduced this field because the `emptyDir` volume that is used for `spec.tempDir` does not play nice with large databases( i.e. 100Gi database). Also, it provides debugging capability as Stash keeps it until it hits the limit specified in `spec.backupHistoryLimit`. + +#### spec.retryConfig + +`spec.retryConfig` is an optional field the let users to specify a retry logic for failed backup. It has the following fields: + +- `spec.retryConfig.maxRetry` specifies the maximum number of times Stash should retry a failed backup. +- `spec.retryConfig.delay` specifies the amount of time to wait before retrying a failed backup. You can specify the delay in the following format: + - Seconds `30s` + - Minutes `10m` + - Hours `1h` + - Combination of seconds, minutes, and hours `10m30s`, `1h30m` etc. + + Stash does not support providing days (`d`) in the `delay` field. Use the equivalent hours instead. + +#### spec.retentionPolicy + +`spec.retentionPolicy` specifies the policy to follow for cleaning old snapshots. Following options are available to configure retention policy: + +| Policy | Value | `restic` forget command flag | Description | +| ------------- | ------- | ---------------------------- | -------------------------------------------------------------------------------------------------- | +| `name` | string | | Name of retention policy. You can provide any name. | +| `keepLast` | integer | --keep-last n | Never delete the **n** last (most recent) snapshots. | +| `keepHourly` | integer | --keep-hourly n | For the last **n** hours in which a snapshot was made, keep only the last snapshot for each hour. | +| `keepDaily` | integer | --keep-daily n | For the last **n** days which have one or more snapshots, only keep the last one for that day. | +| `keepWeekly` | integer | --keep-weekly n | For the last **n** weeks which have one or more snapshots, only keep the last one for that week. | +| `keepMonthly` | integer | --keep-monthly n | For the last **n** months which have one or more snapshots, only keep the last one for that month. | +| `keepYearly` | integer | --keep-yearly n | For the last **n** years which have one or more snapshots, only keep the last one for that year. | +| `keepTags` | array | --keep-tag | Keep all snapshots which have all tags specified by this option (can be specified multiple times). | +| `prune` | bool | --prune | If set `true`, Stash will cleanup unreferenced data from the backend. | +| `dryRun` | bool | --dry-run | Stash will not remove anything but print which snapshots would be removed. | + + +### BackupConfiguration `Status` + +A `BackupConfiguration` object has the following fields in the `status` section. + +- **observedGeneration :** The most recent generation observed by the `BackupConfiguration` controller. + +- **conditions :** The `spec.conditions` shows current backup setup condition for this BackupConfiguration. The following conditions are set by the Stash operator: + +| Condition Type | Usage | +| -------------------- | -------------------------------------------------------------------- | +| `RepositoryFound` | Indicates whether the respective Repository object was found or not. | +| `BackendSecretFound` | Indicates whether the respective backend secret was found or not. | +| `CronJobCreated` | Indicates whether the backup triggering CronJob was created or not. | +| `ValidationPassed` | Indicates whether the resource has passed validation checks or not. | + +## Next Steps + +- Learn how to configure `BackupConfiguration` to backup workloads data from [here](/docs/guides/workloads/overview/index.md). +- Learn how to configure `BackupConfiguration` to backup databases from [here](/docs/guides/addons/overview/index.md). +- Learn how to configure `BackupConfiguration` to backup stand-alone PVC from [here](/docs/guides/volumes/overview/index.md). diff --git a/docs/concepts/crds/backupsession/backupsession.yaml b/docs/concepts/crds/backupsession/backupsession.yaml new file mode 100644 index 0000000..a244b93 --- /dev/null +++ b/docs/concepts/crds/backupsession/backupsession.yaml @@ -0,0 +1,90 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: BackupSession +metadata: + creationTimestamp: "2020-07-25T17:41:28Z" + labels: + app: stash + stash.appscode.com/invoker-name: wordpress-backup + stash.appscode.com/invoker-type: BackupBatch + name: wordpress-backup-1578458376 + namespace: demo +spec: + invoker: + apiGroup: stash.appscode.com + kind: BackupBatch + name: wordpress-backup + retryLeft: 2 +status: + conditions: + - lastTransitionTime: "2020-07-25T17:41:31Z" + message: Repository exist in the backend. + reason: BackendRepositoryFound + status: "True" + type: BackendRepositoryInitialized + - lastTransitionTime: "2020-07-25T17:41:48Z" + message: Successfully applied retention policy. + reason: SuccessfullyAppliedRetentionPolicy + status: "True" + type: RetentionPolicyApplied + - lastTransitionTime: "2020-07-25T17:41:50Z" + message: Repository integrity verification succeeded. + reason: SuccessfullyVerifiedRepositoryIntegrity + status: "True" + type: RepositoryIntegrityVerified + - lastTransitionTime: "2020-07-25T17:41:50Z" + message: Successfully pushed repository metrics. + reason: SuccessfullyPushedRepositoryMetrics + status: "True" + type: RepositoryMetricsPushed + phase: Succeeded + sessionDuration: 22.575920065s + sessionDeadline: "2020-07-25T17:46:28Z" + targets: + - phase: Succeeded + preBackupActions: + - InitializeBackendRepository + ref: + apiVersion: apps/v1 + kind: Deployment + name: wordpress + stats: + - duration: 831.018039ms + hostname: app + phase: Succeeded + snapshots: + - fileStats: + modifiedFiles: 0 + newFiles: 1 + totalFiles: 1 + unmodifiedFiles: 0 + name: b54ee4a0 + path: /var/www/html + processingTime: "0:00" + totalSize: 0 B + uploaded: 711 B + totalHosts: 1 + - phase: Succeeded + postBackupActions: + - ApplyRetentionPolicy + - VerifyRepositoryIntegrity + - SendRepositoryMetrics + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: wordpress-mysql + stats: + - duration: 1.147010638s + hostname: db + phase: Succeeded + snapshots: + - fileStats: + modifiedFiles: 0 + newFiles: 1 + totalFiles: 1 + unmodifiedFiles: 0 + name: b30beb44 + path: dumpfile.sql + processingTime: "0:00" + totalSize: 0 B + uploaded: 3.408 MiB + totalHosts: 1 diff --git a/docs/concepts/crds/backupsession/index.md b/docs/concepts/crds/backupsession/index.md new file mode 100644 index 0000000..bf555db --- /dev/null +++ b/docs/concepts/crds/backupsession/index.md @@ -0,0 +1,260 @@ +--- +title: BackupSession Overview +menu: + docs_{{ .version }}: + identifier: backupsession-overview + name: BackupSession + parent: crds + weight: 20 +product_name: kubestash +menu_name: docs_{{ .version }} +section_menu_id: concepts +--- + +> New to Stash? Please start [here](/docs/concepts/README.md). + +# BackupSession + +## What is BackupSession + +A `BackupSession` is a Kubernetes `CustomResourceDefinition`(CRD) which represents a backup run of the respective target(s) referenced by a `BackupConfiguration`/`BackupBatch` in a Kubernetes native way. + +Stash operator creates a Kubernetes `CronJob` according to the schedule defined in a `BackupConfiguration`/`BackupBatch`. On each backup schedule, this `CronJob` creates a `BackupSession` object. It points to the respective `BackupConfiguration`/`BackupBatch`. The controller that runs inside backup sidecar (in case of backup via jobs, it is stash operator itself) watches this `BackupSession` object and starts taking backup instantly. + +You can also create a `BackupSession` object manually to trigger backup at any time. + +## BackupSession CRD Specification + +Like any official Kubernetes resource, a `BackupSession` has `TypeMeta`, `ObjectMeta` and `Spec` , `Status` sections. + +A sample `BackupSession` created for backing up a WordPress Application and it's components' is shown below, + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: BackupSession +metadata: + creationTimestamp: "2020-07-25T17:41:28Z" + labels: + app: stash + stash.appscode.com/invoker-name: wordpress-backup + stash.appscode.com/invoker-type: BackupBatch + name: wordpress-backup-1578458376 + namespace: demo +spec: + invoker: + apiGroup: stash.appscode.com + kind: BackupBatch + name: wordpress-backup + retryLeft: 2 +status: + conditions: + - lastTransitionTime: "2020-07-25T17:41:31Z" + message: Repository exist in the backend. + reason: BackendRepositoryFound + status: "True" + type: BackendRepositoryInitialized + - lastTransitionTime: "2020-07-25T17:41:48Z" + message: Successfully applied retention policy. + reason: SuccessfullyAppliedRetentionPolicy + status: "True" + type: RetentionPolicyApplied + - lastTransitionTime: "2020-07-25T17:41:50Z" + message: Repository integrity verification succeeded. + reason: SuccessfullyVerifiedRepositoryIntegrity + status: "True" + type: RepositoryIntegrityVerified + - lastTransitionTime: "2020-07-25T17:41:50Z" + message: Successfully pushed repository metrics. + reason: SuccessfullyPushedRepositoryMetrics + status: "True" + type: RepositoryMetricsPushed + phase: Succeeded + sessionDuration: 22.575920065s + sessionDeadline: "2020-07-25T17:46:28Z" + targets: + - phase: Succeeded + preBackupActions: + - InitializeBackendRepository + ref: + apiVersion: apps/v1 + kind: Deployment + name: wordpress + stats: + - duration: 831.018039ms + hostname: app + phase: Succeeded + snapshots: + - fileStats: + modifiedFiles: 0 + newFiles: 1 + totalFiles: 1 + unmodifiedFiles: 0 + name: b54ee4a0 + path: /var/www/html + processingTime: "0:00" + totalSize: 0 B + uploaded: 711 B + totalHosts: 1 + - phase: Succeeded + postBackupActions: + - ApplyRetentionPolicy + - VerifyRepositoryIntegrity + - SendRepositoryMetrics + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: wordpress-mysql + stats: + - duration: 1.147010638s + hostname: db + phase: Succeeded + snapshots: + - fileStats: + modifiedFiles: 0 + newFiles: 1 + totalFiles: 1 + unmodifiedFiles: 0 + name: b30beb44 + path: dumpfile.sql + processingTime: "0:00" + totalSize: 0 B + uploaded: 3.408 MiB + totalHosts: 1 +``` + +Here, we are going to describe the various sections of a `BackupSession` object. + +### BackupSession `Metadata` + +#### metadata.name + +`metadata.name` indicates the name of the `BackupSession`. This name is automatically generated by respective `CronJob` and it follows the following pattern: `-`. + +#### metadata.namespace + +`metadata.namespace` indicates the name of the `BackupSession`. It is the same as the namespace of respective `BackupConfiguration`/`BackupBatch` object. + +#### metadata.labels + +`metadata.labels` holds respective `BackupConfiguration`/`BackupBatch` kind and name as a label. The stash backup sidecar container use this label to watch only the BackupSessions of that `BackupConfiguration`/`BackupBatch`. + +>If you create `BackupSession` manually to trigger a backup instantly, make sure that you have added `stash.appscode.com/invoker-type: ` and `stash.appscode.com/invoker-name: ` label to your `BackupSession`. Otherwise, it will not trigger backup for workloads (those resources that are backed up using sidecar). + +### BackupSession `Spec` + +A `BackupSession` object has the following fields in the `spec` section: + +#### spec.invoker + +`spec.invoker` specifies the `apiGroup`, `kind`, and `name` of the respective object which is responsible for invoking this backup session. + +#### spec.retryLeft + +`spec.retryLeft` specifies the number of retry attempt left for this backup session. + +### BackupSession `Status` + +`.status` section of `BackupSession` shows stats and progress of backup process in this session.A backup sidecar container or job updates the respective fields under `.status` section after it completes its task. `.status` section consists of the following fields: + +#### status.phase + +`status.phase` indicates the overall phase of the backup process for this BackupSession. `status.phase` will be `Succeeded` only if the phase of all targets is `Succeeded`. If any of the targets fail to complete its backup, `status.phase` will be `Failed`. + +#### status.sessionDuration + +`status.sessionDuration` indicates the total time taken to complete the backup of all targets in this session. + +#### status.sessionDeadline + +`status.sessionDeadline` indicates the the deadline of the backup process. `BackupSession` will be considered `Failed` if the backup does not complete within this deadline. + +#### status.retried + +`status.retried` is a boolean field which specifies whether this session was retried or not in case of failed backup. + +#### status.nextRetry + +`status.nextRetry` specifies the timestamp when this backup will be retried if it has failed. + +#### status.conditions + +`status.conditions` shows the conditions of different operations/steps of the backup process. The following conditions are set by the Stash operator on a BackupSession. + +| Condition Type | Usage | +| ------------------------------- | ---------------------------------------------------------------------------------------------------------------------------- | +| `BackendRepositoryInitialized` | Indicates whether the backend repository was initialized or not. | +| `RetentionPolicyApplied` | Indicates whether the retention policies were applied or not. | +| `RepositoryIntegrityVerified` | Indicates whether the repository integrity check succeeded or not. | +| `RepositoryMetricsPushed` | Indicates whether the Repository metrics for this backup session were pushed or not. | +| `GlobalPreBackupHookSucceeded` | Indicates whether the global PreBackupHook was executed successfully or not. Only available during backup using BackupBatch. | +| `GlobalPostBackupHookSucceeded` | Indicates whether the global PostBackupHook was executed successfully or not. Only available during backup BackupBatch. | +| `DeadlineExceeded` | Indicates whether the session deadline was exceeded or not.| + +#### status.targets + +`status.targets` field contains an array of the status of the individual target for a backup run. Each target's status field consists of the following sub-fields: + +- **totalHosts :** Not every pod or replica of a target is subject to backup. Thus, we refer those entities that are subject to backup as a host. `totalHosts` specifies the total number of hosts of the target that will be backed up for this BackupSession. For more details on how many hosts will be backed up for which types of workload, please visit [here](#hosts-of-a-backup-process). + +- **preBackupActions :** Specifies a list of actions that the backup process should execute before taking backup. For example, the backend repository must be initialized by one of the targets before taking backup. Stash automatically assigned which target should execute this action. The `preBackupActions` should not be confused with `preBackup` hook. The hooks are meant to be configured by the users where the `preBackupActions` are meant to be configured by Stash itself. + +- **postBackupActions :** Similar to `preBackupActions`, it specifies a list of actions that a backup process should execute after taking the backup. For example, when all the targets complete their backup, one target must apply retention policy into the repository. Stash automatically selects which target should execute these `postBackupActions`. + +- **ref :** `ref` refers to the target whose backup stats has been presented by this array entry. + +- **phase :** `phase` indicates the backup phase of the target. `phase` will be `Succeeded` only if the phase of all hosts are `Succeeded`. If any of the hosts fail to complete its backup, `phase` will be `Failed`. + +- **stats :** `stats` section is an array of backup statistics about individual hosts of the target. Each host adds its statistics in this array after completing its backup process. +Each stats entry consists of the following fields: + + - **hostname:** `hostname` indicates the name of the host. + - **phase:** `phase` indicates the backup phase of this host. + - **duration:** `duration` indicates the total time taken to complete backup for this host. + - **snapshots:** Stash creates one snapshot for each targeted file paths specified in `spec.target.paths` field of `BackupConfiguration` object. The `snapshots` field holds statistics of each of these individual snapshots. Each snapshot statistics has the following fields: + - **name:** `name` indicates the name of the snapshot. + - **path:** `path` indicates the file path that was backed up in this snapshot. + - **totalSize:** `totalSize` indicates the size of data to backup from this path. + - **uploaded:** `uploaded` indicates the size of the data that was uploaded to the backend for this snapshot. This could be much smaller than `size` if some data was already uploaded in the backend in previous backup sessions. + - **processingTime:** `processingTime` indicates the time taken to process the data of the target path. + - **fileStats:** `fileStats` field show statics of files that were backed up in this snapshot. + - **totalFiles:** `totalFiles` shows the total number of files that were backed up in this snapshot. + - **newFiles:** `newFiles` shows the number of new files that were backed up in this snapshot. + - **modifiedFiles:** `modifiedFiles` shows the number of files that were modified since last backup of this directory. + - **unmodifiedFiles:** `unmodifiedFiles` shows the number of files that haven't changed since the last backup of this path. + - **error:** `error` shows the reason for failure if the backup process failed for this host. + +### Hosts of a backup process + +Stash uses two different models for backup depending on the target type. It uses **sidecar model** for Kubernetes workloads and **job model** for the rest of the targets. In the sidecar model, Stash injects a sidecar inside the targeted workload and the sidecar is responsible for taking backup. In the job model, Stash launches a job to take a backup of the target. + +Stash uses an identifier called **host** to separate the backed up data of different subjects in the backed. This host identification process depends on the backup model and the target types. The backup strategy and host identification strategy for different types of the target is explained below. + +**Kubernetes Workloads:** + +Stash uses the sidecar model to backup Kubernetes workloads. However, not every sidecar takes backup. How many sidecars will take backup depends on the type of the workload. We can divide them into the following categories: + +- **Deployment, ReplicaSet, and ReplicationController:** For these types of stateless workloads, all the replicas mount the same volumes. So, taking backup from only one replica is enough. In this case, Stash uses a leader election to elect the leader pod. Only the sidecar of the leader pod takes backup. The `alias` provided in the BackupConfiguration/BackupBatch is used as a host identifier. If the `alias` was not provided, then it defaults to `host-0`. The total number of hosts for these types of workload is 1. +- **StatefulSet:** Every replica of a StatefulSet mount different volumes. So, taking a backup from each replica is necessary. In this case, sidecar inside each replica takes backup. Stash identifies **pod-0** as **\-0**, **pod-1** as **\-1**, **pod-2** as **\-2** and so on. If the `alias` was not provided in the BackupConfiguration/BackupBatch, then the host identifiers are generated as `host-0`, `host-1`, and `host-2` etc. The total number of hosts for a StatefulSet is the number of replicas. +- **DaemonSet:** Daemon replicas on every node may contain different data. So, taking a backup of each daemon pod is necessary. In this case, sidecar inside each daemon pod takes backup. Stash considers the individual daemon pod as a separate host and the host identifiers are generated as **\-\**. The total number of hosts for a DaemonSet is the number of daemon pod running in the cluster. + +**Stand-alone PVC:** + +Stash uses the job model to backup a stand-alone PVC. Stash launches a job to backup the targeted PVC. The `alias` provided in the BackupConfiguration/BackupBatch is used as the host identifier. If the `alias` was not provided, it defaults to `host-0`. The total number of hosts for a stand-alone PVC backup is 1. + +**Databases:** + +Stash uses the job model to backup a database. Stash launches a job to backup the targeted database. In this case, the number of hosts depends on the database type. + +- **Stand-alone database:** For stand-alone database, the backup target is identified by the `alias` and the total number of hosts is 1. +- **Replicated cluster:** For replicated clustered databases such as MongoDB ReplicaSet, all the replicas contain the same data. In this case, taking a backup of only one replica is enough. This replica is identified by the `alias` and the total number of hosts is 1. +- **Sharded cluster:** For the sharded database cluster, Stash takes a backup of all shards. Hence, the number of hosts for a sharded database is the number of shards and they are identified as **\-0**, **\-1**, **\-2**, etc. However, the number of hosts may increase based on the database type. + +**VolumeSnapshot:** + +Stash uses the job model for taking volume snapshots. Each volume is considered as different hosts and they are identified by their name. Hence, the number of total hosts for VolumeSnapshot is the number of targeted volumes. However, since VolumeSnapshot is handled by the respective CSI driver, the host identifier does not play any role to separate their data. + +## Next Steps + +- Learn how backup of workloads data works from [here](/docs/guides/workloads/overview/index.md). +- Learn how backup of databases works from [here](/docs/guides/addons/overview/index.md). +- Learn how backup stand alone PVC works from [here](/docs/guides/volumes/overview/index.md). diff --git a/docs/concepts/crds/function/function.yaml b/docs/concepts/crds/function/function.yaml new file mode 100644 index 0000000..3e25274 --- /dev/null +++ b/docs/concepts/crds/function/function.yaml @@ -0,0 +1,74 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: Function +metadata: + name: postgres-backup-11.2 +spec: + image: stashed/postgres-stash:11.2 + args: + - backup-pg + # setup information + - --provider=${REPOSITORY_PROVIDER:=} + - --bucket=${REPOSITORY_BUCKET:=} + - --endpoint=${REPOSITORY_ENDPOINT:=} + - --region=${REPOSITORY_REGION:=} + - --path=${REPOSITORY_PREFIX:=} + - --secret-dir=/etc/repository/secret + - --scratch-dir=/tmp + - --enable-cache=${ENABLE_CACHE:=true} + - --max-connections=${MAX_CONNECTIONS:=0} # 0 indicates use default connection limit + - --hostname=${HOSTNAME:=} + - --backup-cmd=${backupCMD:=} # can specify dump command with either pg_dump or pg_dumpall + - --pg-args=${args:=} # optional arguments pass to pgdump command + - --wait-timeout=${waitTimeout:=} + # target information + - --namespace=${NAMESPACE:=default} + - --appbinding=${TARGET_NAME:=} + - --backupsession=${BACKUP_SESSION:=} + # cleanup information + - --retention-keep-last=${RETENTION_KEEP_LAST:=0} + - --retention-prune=${RETENTION_PRUNE:=false} + # output & metric information + - --output-dir=${outputDir:=} + volumeMounts: + - name: ${secretVolume} + mountPath: /etc/repository/secret + runtimeSettings: + resources: + requests: + memory: 256M + limits: + memory: 256M + securityContext: + runAsUser: 5000 + runAsGroup: 5000 +--- +apiVersion: stash.appscode.com/v1beta1 +kind: Function +metadata: + name: update-status +spec: + image: appscode/stash:0.10.0 + args: + - update-status + - --provider=${REPOSITORY_PROVIDER:=} + - --bucket=${REPOSITORY_BUCKET:=} + - --endpoint=${REPOSITORY_ENDPOINT:=} + - --path=${REPOSITORY_PREFIX:=} + - --secret-dir=/etc/repository/secret + - --scratch-dir=/tmp + - --enable-cache=${ENABLE_CACHE:=true} + - --max-connections=${MAX_CONNECTIONS:=0} + - --namespace=${NAMESPACE:=default} + - --backupsession=${BACKUP_SESSION:=} + - --repository=${REPOSITORY_NAME:=} + - --invoker-kind=${INVOKER_KIND:=} + - --invoker-name=${INVOKER_NAME:=} + - --target-kind=${TARGET_KIND:=} + - --target-name=${TARGET_NAME:=} + - --output-dir=${outputDir:=} + - --metrics-enabled=true + - --metrics-pushgateway-url=http://stash.kube-system.svc:56789 + - --prom-job-name=${PROMETHEUS_JOB_NAME:=} + volumeMounts: + - mountPath: /etc/repository/secret + name: ${secretVolume} diff --git a/docs/concepts/crds/function/index.md b/docs/concepts/crds/function/index.md new file mode 100644 index 0000000..9ab7d83 --- /dev/null +++ b/docs/concepts/crds/function/index.md @@ -0,0 +1,227 @@ +--- +title: Function Overview +menu: + docs_{{ .version }}: + identifier: function-overview + name: Function + parent: crds + weight: 30 +product_name: kubestash +menu_name: docs_{{ .version }} +section_menu_id: concepts +--- + +> New to Stash? Please start [here](/docs/concepts/README.md). + +# Function + +## What is Function + +A complete backup or restore process may consist of several steps. For example, in order to backup a PostgreSQL database we first need to dump the database and upload the dumped file to a backend. Then we need to update the respective`Repository` and `BackupSession` status and send Prometheus metrics. In Stash, we call such individual steps a `Function`. + +A `Function` is a Kubernetes `CustomResourceDefinition`(CRD) which basically specifies a template for a container that performs only a specific action. For example, `postgres-backup-*` function only dumps and uploads the dumped file into the backend where `update-status` function updates the status of respective `BackupSession` and `Repository` and sends Prometheus metrics to pushgateway based on the output of `postgres-backup-*` function. + +When you install Stash, some `Function`s will be pre-installed for supported targets like databases, etc. However, you can create your own function to customize or extend the backup/restore process. + +## Function CRD Specification + +Like any official Kubernetes resource, a `Function` has `TypeMeta`, `ObjectMeta` and `Spec` sections. However, unlike other Kubernetes resources, it does not have a `Status` section. + +A sample `Function` object to backup a PostgreSQL is shown below, + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: Function +metadata: + name: postgres-backup-11.2 +spec: + image: stashed/postgres-stash:11.2 + args: + - backup-pg + # setup information + - --provider=${REPOSITORY_PROVIDER:=} + - --bucket=${REPOSITORY_BUCKET:=} + - --endpoint=${REPOSITORY_ENDPOINT:=} + - --region=${REPOSITORY_REGION:=} + - --path=${REPOSITORY_PREFIX:=} + - --secret-dir=/etc/repository/secret + - --scratch-dir=/tmp + - --enable-cache=${ENABLE_CACHE:=true} + - --max-connections=${MAX_CONNECTIONS:=0} # 0 indicates use default connection limit + - --hostname=${HOSTNAME:=} + - --backup-cmd=${backupCMD:=} # can specify dump command with either pg_dump or pg_dumpall + - --pg-args=${args:=} # optional arguments pass to pgdump command + - --wait-timeout=${waitTimeout:=} + # target information + - --namespace=${NAMESPACE:=default} + - --appbinding=${TARGET_NAME:=} + - --backupsession=${BACKUP_SESSION:=} + # cleanup information + - --retention-keep-last=${RETENTION_KEEP_LAST:=0} + - --retention-prune=${RETENTION_PRUNE:=false} + # output & metric information + - --output-dir=${outputDir:=} + volumeMounts: + - name: ${secretVolume} + mountPath: /etc/repository/secret + runtimeSettings: + resources: + requests: + memory: 256M + limits: + memory: 256M + securityContext: + runAsUser: 5000 + runAsGroup: 5000 +``` + +A sample `Function` that updates `BackupSession` and `Repository` status and sends metrics to Prometheus pushgateway is shown below, + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: Function +metadata: + name: update-status +spec: + image: appscode/stash:0.10.0 + args: + - update-status + - --provider=${REPOSITORY_PROVIDER:=} + - --bucket=${REPOSITORY_BUCKET:=} + - --endpoint=${REPOSITORY_ENDPOINT:=} + - --path=${REPOSITORY_PREFIX:=} + - --secret-dir=/etc/repository/secret + - --scratch-dir=/tmp + - --enable-cache=${ENABLE_CACHE:=true} + - --max-connections=${MAX_CONNECTIONS:=0} + - --namespace=${NAMESPACE:=default} + - --backupsession=${BACKUP_SESSION:=} + - --repository=${REPOSITORY_NAME:=} + - --invoker-kind=${INVOKER_KIND:=} + - --invoker-name=${INVOKER_NAME:=} + - --target-kind=${TARGET_KIND:=} + - --target-name=${TARGET_NAME:=} + - --output-dir=${outputDir:=} + - --metrics-enabled=true + - --metrics-pushgateway-url=http://stash.kube-system.svc:56789 + - --prom-job-name=${PROMETHEUS_JOB_NAME:=} + volumeMounts: + - mountPath: /etc/repository/secret + name: ${secretVolume} +``` + +Here, we are going to describe the various sections of a `Function` crd. + +### Function `Spec` + +A `Function` object has the following fields in the `spec` section: + +#### spec.image + +`spec.image` specifies the docker image to use to create a container using the template specified in this `Function`. + +#### spec.command + +`spec.command` specifies the commands to be executed by the container. Docker image's `ENTRYPOINT` will be executed if no commands are specified. + +#### spec.args + +`spec.args` specifies a list of arguments that will be passed to the entrypoint. You can templatize this section using `envsubst` style variables. Stash will resolve all the variables before creating the respective container. A variable should follow the following patterns: + +- ${VARIABLE_NAME:=default-value} +- ${VARIABLE_NAME:=} + +In the first case, if Stash can't resolve the variable, the default value will be used in place of this variable. In the second case, if Stash can't resolve the variable, an empty string will be used to replace the variable. + +##### Stash Provided Variables + +Stash operator provides the following built-in variables based on `BackupConfiguration`, `BackupSession`, `RestoreSession`, `Repository`, `Task`, `Function`, `BackupBlueprint` etc. + +| Environment Variable | Usage | +| ---------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| `NAMESPACE` | Namespace of backup or restore job/workload | +| `BACKUP_SESSION` | Name of the respective BackupSession object | +| `RESTORE_SESSION` | Name of the respective RestoreSession object | +| `REPOSITORY_NAME` | Name of the Repository object that holds respective backend information | +| `REPOSITORY_PROVIDER` | Type of storage provider. i.e. gcs, s3, aws, local etc. | +| `REPOSITORY_SECRET_NAME` | Name of the secret that holds the credentials to access the backend | +| `REPOSITORY_BUCKET` | Name of the bucket where backed up data will be stored | +| `REPOSITORY_PREFIX` | A prefix of the directory inside bucket where backed up data will be stored | +| `REPOSITORY_ENDPOINT` | URL of S3 compatible Minio/Rook server | +| `REPOSITORY_URL` | URL of the REST server for REST backend | +| `HOSTNAME` | An identifier for the backed up data. If multiple pods backup in same Repository (i.e. StatefulSet or DaemonSet) this host name is to used identify data of the individual host. | +| `SOURCE_HOSTNAME` | An identifier of the host whose backed up data will be restored | +| `TARGET_NAME` | Name of the target of backup or restore | +| `TARGET_API_VERSION` | API version of the target of backup or restore | +| `TARGET_KIND` | Kind of the target of backup or restore | +| `TARGET_NAMESPACE` | Namespace of the target object for backup or restore | +| `TARGET_MOUNT_PATH` | Directory where target PVC will be mounted in stand-alone PVC backup or restore | +| `TARGET_PATHS` | Array of file paths that are subject to backup | +| `RESTORE_PATHS` | Array of file paths that are subject to restore | +| `RESTORE_SNAPSHOTS` | Name of the snapshot that will be restored | +| `TARGET_APP_VERSION` | Version of the application pointed by an AppBinding | +| `TARGET_APP_GROUP` | The application group where the app pointed by an AppBinding belongs | +| `TARGET_APP_RESOURCE` | The resource kind under an application group that the app pointed by an AppBinding works with | +| `TARGET_APP_TYPE` | The total types of the application. It's simply `TARGET_APP_GROUP/TARGET_APP_RESOURCE` | +| `TARGET_APP_REPLICAS` | Number of replicas of an application targeted for backup or restore | +| `RETENTION_KEEP_LAST` | Number of latest snapshots to keep | +| `RETENTION_KEEP_HOURLY` | Number of hourly snapshots to keep | +| `RETENTION_KEEP_DAILY` | Number of daily snapshots to keep | +| `RETENTION_KEEP_WEEKLY` | Number of weekly snapshots to keep | +| `RETENTION_KEEP_MONTHLY` | Number of monthly snapshots to keep | +| `RETENTION_KEEP_YEARLY` | Number of yearly snapshots to keep | +| `RETENTION_KEEP_TAGS` | Keep only those snapshots that have these tags | +| `RETENTION_PRUNE` | Specify whether to remove data of old snapshot completely from the backend | +| `RETENTION_DRY_RUN` | Specify whether to run cleanup in test mode | +| `ENABLE_CACHE` | Specify whether to use cache while backup or restore | +| `MAX_CONNECTIONS` | Specifies number of parallel connections to upload/download data to/from backend | +| `NICE_ADJUSTMENT` | Adjustment value to configure `nice` to throttle the load on cpu. | +| `IONICE_CLASS` | Name of the `ionice` class | +| `IONICE_CLASS_DATA` | Value of the `ionice` class data | +| `ENABLE_STATUS_SUBRESOURCE` | Specifies whether crd has subresource enabled | +| `PROMETHEUS_PUSHGATEWAY_URL` | URL of the Prometheus pushgateway that collects the backup/restore metrics | +| `INTERIM_DATA_DIR` | Directory to store backed up or restored data temporarily before uploading to the backend or injecting into the target | + +If you want to use a variable that is not present this table, you have to provide its value in `spec.task.params` section of `BackupConfiguration` crd. + +#### spec.workDir + +`spec.workDir` specifies the container's working directory. If this field is not specified, the container's runtime default will be used. + +#### spec.ports + +`spec.ports` specifies a list of the ports to expose from the respective container that will be created for this function. + +#### spec.volumeMounts + +`spec.volumeMounts` specifies a list of volume names and their `mountPath` that will be mounted into the container that will be created for this function. + +#### spec.volumeDevices + +`spec.volumeDevices` specifies a list of the block devices to be used by the container that will be created for this function. + +#### spec.runtimeSettings + +`spec.runtimeSettings.container` allows to configure runtime environment of a backup job at container level. You can configure the following container level parameters: + +| Field | Usage | +| ----------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| `resources` | Compute resources required by sidecar container or backup job. To know how to manage resources for containers, please visit [here](https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/). | +| `livenessProbe` | Periodic probe of backup sidecar/job container's liveness. Container will be restarted if the probe fails. | +| `readinessProbe` | Periodic probe of backup sidecar/job container's readiness. Container will be removed from service endpoints if the probe fails. | +| `lifecycle` | Actions that the management system should take in response to container lifecycle events. | +| `securityContext` | Security options that backup sidecar/job's container should run with. For more details, please visit [here](https://kubernetes.io/docs/concepts/policy/security-context/). | +| `nice` | Set CPU scheduling priority for the backup process. For more details about `nice`, please visit [here](https://www.askapache.com/optimize/optimize-nice-ionice/#nice). | +| `ionice` | Set I/O scheduling class and priority for the backup process. For more details about `ionice`, please visit [here](https://www.askapache.com/optimize/optimize-nice-ionice/#ionice). | +| `env` | A list of the environment variables to set in the container that will be created for this function. | +| `envFrom` | This allows to set environment variables to the container that will be created for this function from a Secret or ConfigMap. | + +#### spec.podSecurityPolicyName + +If you are using a [PSP enabled cluster](https://kubernetes.io/docs/concepts/policy/pod-security-policy/) and the function needs any specific permission then you can specify the PSP name using `spec.podSecurityPolicyName` field. Stash will add this PSP in the respective RBAC roles that will be created for this function. + +>Note that Stash operator can't give permission to use a PSP to a backup job if the operator itself does not have permission to use it. So, if you want to specify PSP name in this section, make sure to add that in `stash-operator` ClusterRole too. + +## Next Steps + +- Learn how to use `Function` to create a `Task` from [here](/docs/concepts/crds/task/index.md). diff --git a/docs/concepts/crds/repository/index.md b/docs/concepts/crds/repository/index.md new file mode 100644 index 0000000..e4784df --- /dev/null +++ b/docs/concepts/crds/repository/index.md @@ -0,0 +1,174 @@ +--- +title: Repository Overview +menu: + docs_{{ .version }}: + identifier: repository-overview + name: Repository + parent: crds + weight: 5 +product_name: kubestash +menu_name: docs_{{ .version }} +section_menu_id: concepts +--- + +> New to Stash? Please start [here](/docs/concepts/README.md). + +# Repository + +## What is Repository + +A `Repository` is a Kubernetes `CustomResourceDefinition`(CRD) which represents [backend](/docs/guides/backends/overview/index.md) information in a Kubernetes native way. + +You have to create a `Repository` object for each backup target. Since v1beta1 api, a `Repository` object has 1-1 mapping with a target. Thus, only one target can be backed up into one `Repository`. + +## Repository CRD Specification + +Like any official Kubernetes resource, a `Repostiory` object has `TypeMeta`, `ObjectMeta`, `Spec` and `Status` sections. + +A sample `Repository` object that uses Google Cloud Storage(GCS) bucket as backend is shown below: + +```yaml +apiVersion: stash.appscode.com/v1alpha1 +kind: Repository +metadata: + name: gcs-demo-repo + namespace: demo +spec: + backend: + gcs: + bucket: stash-demo-backup + prefix: demo + storageSecretName: gcs-secret + usagePolicy: + allowedNamespaces: + from: Same + wipeOut: false +status: + firstBackupTime: "2019-04-15T06:08:16Z" + integrity: true + lastBackupTime: "2019-04-15T06:14:15Z" + totalSize: 2.567 KiB + snapshotCount: 5 + snapshotsRemovedOnLastCleanup: 1 +``` + +Here, we are going to describe the various sections of the `Repository` crd. + +### Repository `Spec` + +`Repository` CRD has the following fields in the `.spec` section. + +- **spec.backend** +`spec.backend` specifies the storage location where the backed up snapshots will be stored. To learn how to configure `Repository` crd for various backends, please visit [here](/docs/guides/backends/overview/index.md). + +- **backend prefix/subPath** +`prefix` of any backend denotes the directory inside the backend where the backed up snapshots will be stored. In case of **Local** backend, `subPath` is used for this purpose. + +- **spec.wipeOut** +As the name implies, `spec.wipeOut` field indicates whether Stash operator should delete backed up files from the backend when `Repository` crd is deleted. The default value of this field is `false` which tells Stash to not delete backed up data when a user deletes a `Repository` crd. + +- **spec.usagePolicy** +This lets you control which namespaces are allowed to use the Repository and which are not. If you refer to a Repository from a restricted namespace, Stash will reject creating the respective BackupConfiguration/RestoreSession from validating webhook. You can use the `usagePolicy` to allow only the same namespace, a subset of namespaces, or all the namespaces to refer to the Repository. If you don't specify any `usagePolicy`, Stash will allow referencing the Repository only from the namespace where the Repository has been created. + + +Here is an example of `spec.usagePolicy` that limits referencing the Repository only from the same namespace, +```yaml +spec: + usagePolicy: + allowedNamespaces: + from: Same +``` + +Here is an example of `spec.usagePolicy` that allows referencing it from all namespaces, +```yaml +spec: + usagePolicy: + allowedNamespaces: + from: All +``` + +Here is an example of `spec.usagePolicy` that allows referencing it from only `prod` and `staging` namespace, +```yaml +spec: + usagePolicy: + allowedNamespaces: + from: Selector + selector: + matchExpressions: + - key: "kubernetes.io/metadata.name" + operator: In + values: ["prod","staging"] +``` + +### Repository `Status` + +Stash operator updates `.status` of a Repository crd every time a backup operation is completed. `Repository` crd shows the following statistics in status section: + +- **status.firstBackupTime** +`status.firstBackupTime` indicates the timestamp when the first backup was taken. + +- **status.lastBackupTime** +`status.lastBackupTime` indicates the timestamp when the latest backup was taken. + +- **status.integrity** +Stash checks the integrity of backed up files after each backup. `status.integrity` shows the result of the integrity check. + +- **status.totalSize** +`status.totalSize` shows the total size of a repository after last backup. + +- **status.snapshotCount** +`status.SnapshotCount` shows the number of snapshots stored in the Repository. + +- **status.snapshotsRemovedOnLastCleanup** +`status.snapshotsRemovedOnLastCleanup` shows the number of old snapshots that has been cleaned up according to retention policy on last backup session. + + +## Deleting Repository + +Stash allows users to delete **only `Repository` crd** or **`Repository` crd along with respective backed up data**. Here, we are going to show how to perform these operations. + +**Delete only `Repository` keeping backed up data :** + + You can delete only `Repository` crd by, + +```bash +$ kubectl delete repository + +# Example +$ kubectl delete repository gcs-demo-repo +repository "gcs-demo-repo" deleted +``` + +This will delete only `Repository` crd. It won't delete any backed up data from the backend. You can recreate the `Repository` object later to reuse existing data as long as your restic password in unchanged. + +>If you delete `Repository` crd while respective stash sidecar still exists on the workload, it will fail to take further backup. + +**Delete `Repository` along with backed up data :** + +In order to prevent the users from accidentally deleting backed up data, Stash uses a special `wipeOut` flag in `spec` section of `Repository` crd. By default, this flag is set to `wipeOut: false`. If you want to delete respective backed up data from backend while deleting `Repository` crd, you must set this flag to `wipeOut: true`. + +> Currently, Stash does not support wiping out backed up data for local backend. If you want to cleanup backed up data from local backend, you must do it manually. + +Here, is an example of deleting backed up data from GCS backend, + +- First, set `wipeOut: true` by patching `Repository` crd. + + ```bash + $ kubectl patch repository gcs-demo-repo --type="merge" --patch='{"spec": {"wipeOut": true}}' + repository "gcs-demo-repo" patched + ``` + +- Finally, delete `Repository` object. It will delete backed up data from the backend. + + ```bash + $ kubectl delete repository gcs-demo-repo + repository "gcs-demo-repo" deleted + ``` + +You can browse your backend storage bucket to verify that the backed up data has been wiped out. + +## Next Steps + +- Learn how to create `Repository` crd for different backends from [here](/docs/guides/backends/overview/index.md). +- Learn how Stash backup workloads data from [here](/docs/guides/workloads/overview/index.md). +- Learn how Stash backup databases from [here](/docs/guides/addons/overview/index.md). diff --git a/docs/concepts/crds/repository/repository.yaml b/docs/concepts/crds/repository/repository.yaml new file mode 100644 index 0000000..511f0c2 --- /dev/null +++ b/docs/concepts/crds/repository/repository.yaml @@ -0,0 +1,19 @@ +apiVersion: stash.appscode.com/v1alpha1 +kind: Repository +metadata: + name: gcs-demo-repo + namespace: demo +spec: + backend: + gcs: + bucket: stash-demo-backup + prefix: demo + storageSecretName: gcs-secret + wipeOut: false +status: + firstBackupTime: "2019-04-15T06:08:16Z" + integrity: true + lastBackupTime: "2019-04-15T06:14:15Z" + totalSize: 2.567 KiB + snapshotCount: 5 + snapshotsRemovedOnLastCleanup: 1 diff --git a/docs/concepts/crds/restorebatch/index.md b/docs/concepts/crds/restorebatch/index.md new file mode 100644 index 0000000..4104450 --- /dev/null +++ b/docs/concepts/crds/restorebatch/index.md @@ -0,0 +1,204 @@ +--- +title: RestoreBatch Overview +menu: + docs_{{ .version }}: + identifier: restorebatch-overview + name: RestoreBatch + parent: crds + weight: 27 +product_name: kubestash +menu_name: docs_{{ .version }} +section_menu_id: concepts +--- + +# RestoreBatch + +## What is RestoreBatch + +A `RestoreBatch` is a Kubernetes `CustomResourceDefinition`(CRD) which allows you to restore multiple co-related components( eg, workloads, databases, etc.) together that were backed up via a `BackupBatch`. + +## RestoreBatch CRD Specification + +Like any official Kubernetes resource, a `RestoreBatch` has `TypeMeta`, `ObjectMeta`, `Spec` and `Status` sections. A sample `RestoreBatch` object to restore multiple co-related components is shown below: + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: RestoreBatch +metadata: + name: batch-restore + namespace: demo +spec: + driver: Restic + repository: + name: minio-repo + namespace: demo + executionOrder: Parallel + members: + - target: + alias: app + ref: + apiVersion: apps/v1 + kind: Deployment + name: wordpress + rules: + - paths: + - /var/www/html + volumeMounts: + - mountPath: /var/www/html + name: wordpress-persistent-storage + - target: + alias: db + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: wordpress-mysql + rules: + - snapshots: + - latest + task: + name: mysql-restore-8.0.14 + timeOut: 30m +status: + phase: Succeeded + sessionDuration: 15.145032437s + conditions: + - lastTransitionTime: "2020-07-25T17:41:52Z" + message: Repository demo/minio-repo exist. + reason: RepositoryAvailable + status: "True" + type: RepositoryFound + - lastTransitionTime: "2020-07-25T17:41:52Z" + message: Backend Secret demo/minio-secret exist. + reason: BackendSecretAvailable + status: "True" + type: BackendSecretFound + members: + - conditions: + - lastTransitionTime: "2020-07-25T17:41:52Z" + message: Restore target apps/v1 deployment/wordpress + found. + reason: TargetAvailable + status: "True" + type: RestoreTargetFound + - lastTransitionTime: "2020-07-25T17:41:52Z" + message: Successfully injected stash init-container. + reason: InitContainerInjectionSucceeded + status: "True" + type: StashInitContainerInjected + phase: Succeeded + ref: + apiVersion: apps/v1 + kind: Deployment + name: wordpress + stats: + - duration: 822.861322ms + hostname: app + phase: Succeeded + totalHosts: 1 + - conditions: + - lastTransitionTime: "2020-07-25T17:41:52Z" + message: Restore target appcatalog.appscode.com/v1alpha1 appbinding/wordpress-mysql + found. + reason: TargetAvailable + status: "True" + type: RestoreTargetFound + - lastTransitionTime: "2020-07-25T17:41:52Z" + message: Successfully created restore job. + reason: RestoreJobCreationSucceeded + status: "True" + type: RestoreJobCreated + phase: Succeeded + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: wordpress-mysql + stats: + - duration: 4.597812876s + hostname: db + phase: Succeeded + totalHosts: 1 +``` + +Here, we are going to describe the various sections of `RestoreBatch` crd. + +### RestoreBatch `Spec` + +A `RestoreBatch` object has the following fields in the `spec` section. + +#### spec.driver + +`spec.driver` indicates the mechanism used to restore. Currently, Stash supports `Restic` and `VolumeSnapshotter` as drivers. The default value of this field is `Restic`. For more details, please see [here](/docs/concepts/crds/restoresession/index.md#specdriver). + +#### spec.repository + +`spec.repository.name` indicates the `Repository` crd name that holds necessary backend information from where data will be restored. + +#### spec.executionOrder + +`spec.executionOrder` specifies whether Stash should restore the targets sequentially or parallelly. If `spec.executionOrder` is set to `Parallel`, Stash will start to restore of all the targets simultaneously. If it is set to `Sequential`, Stash will not start restoring a target until all the previous members have completed their restore process. The default value of this field is `Parallel`. + +#### spec.members + +`spec.members` field specifies a list of targets to restore. Each member consists of the following fields: + +- **target :** Each member has a target specification. The target specification of a member is the same as the target specification of a `RestoreSession` explained [here](/docs/concepts/crds/restoresession/index.md#spectarget). + +- **task :** `task` specifies the name and parameters of the [Task](/docs/concepts/crds/task/index.md) crd to use to restore the member. For more details, please see [here](/docs/concepts/crds/restoresession/index.md#spectask). + +- **runtimeSettings :** `runtimeSettings` allows to configure runtime environment for the restore init-container or job. You can specify runtime settings at both pod level and container level. For more details, please see [here](/docs/concepts/crds/restoresession/index.md#specruntimesettings). + +- **tempDir :** Stash mounts an `emptyDir` for holding temporary files. It is also used for `caching` for faster restore performance. You can configure the `emptyDir` using `tempDir` section. You can also disable `caching` using this field. For more details, please see [here](/docs/concepts/crds/restoresession/index.md#spectempdir). + +- **interimVolumeTemplate :** For some targets (i.e. some databases), Stash can't directly pipe the restored data into the target. In this case, it has to store the restored data temporarily before injecting into the target. `spec.interimVolumeTemplate` specifies a PVC template for holding those data temporarily. Stash will create a PVC according to the template and use it to store the data temporarily. This PVC will be deleted automatically if you delete the `RestoreBatch`. + +- **hooks :** Each member has it's own `hooks` field which allows you to execute member-specific pre-restore or post-restore hooks. For more details about hooks, please visit [here](/docs/concepts/crds/restoresession/index.md#spechooks). + +#### spec.hooks + +`spec.hooks` allows performing some global actions before and after the restoration process. You can send HTTP requests to a remote server via `httpGet` or `httpPost`. You can check whether a TCP port is open using `tcpSocket` hooks. You can also execute some commands using `exec` hook. + +- **spec.hooks.preRestore:** `spec.hooks.preRestore` hooks are executed before restoring any of the members. +- **spec.hooks.postRestore:** `spec.hooks.postRestore` hooks are executed after restoring all the members. + +For more details on how hooks work in Stash and how to configure different types of hook, please visit [here](/docs/guides/hooks/overview/index.md). + +#### spec.timeOut + +`spec.timeOut` specifies the amount of time to wait for the restore to complete. For more details, please visit [here](/docs/concepts/crds/restoresession/index.md#spectimeout). +### RestoreBatch `Status` + +A `RestoreBatch` object has the following fields in the `status` section. + +- **phase :** `phase` shows the overall phase of the restore process. It will be `Succeeded` only if all the targets are restored successfully. + +- **sessionDuration :** `sessionDuration` shows the total time taken to complete the entire restoration process. + +- **sessionDeadline :** `sessionDeadline` indicates the the deadline of the restore process. `RestoreBatch` will be considered `Failed` if the restore does not complete within this deadline. + +- **conditions :** The `conditions` field shows conditions of different steps of the restore process. The following conditions are set by the Stash operator for a RestoreBatch: + +| Condition Type | Usage | +| -------------------------------- | ----------------------------------------------------------------------------- | +| `RepositoryFound` | Indicates whether the respective Repository object was found or not. | +| `BackendSecretFound` | Indicates whether the respective backend secret was found or not. | +| `GlobalPreRestoreHookSucceeded` | Indicates whether the global PreRestoreHook was executed successfully or not. | +| `GlobalPostRestoreHookSucceeded` | Indicates whether the global PostRestoreHook was executed successfully or no. | +| `DeadlineExceeded` | Indicates whether the session deadline was exceeded or not.| + +- **members :** `members` section shows the restore status of the individual members. Each entry has the following fields: + - **ref :** `ref` points to the respective target whose status is shown here. + - **phase :** `phase` shows the restore phase of the member. + - **conditions:** `conditions` shows the conditions of different steps of restoring this member. Stash set the following conditions for each restore members. + +| Condition Type | Usage | +| ---------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------- | +| `RestoreTargetFound` | Indicates whether the restore target was found or not. | +| `StashInitContainerInjected` | Indicates whether stash init-container was injected into the targeted workload. This condition is applicable only for the sidecar model. | +| `RestoreJobCreated` | Indicates whether the restore job was created or not. This condition is only applicable in the job model. | + + - **totalHosts :** `totalHosts` field specifies the total number of hosts that will be restored for this member. + - **stats :** `stats` section is an array of restore statistics of individual hosts. Individual host stats entry consists of the following fields: + - **hostname :** `hostname` indicates the name of the host. Usually it is the `alias` or `alias-`. For more details, please visit [here](/docs/concepts/crds/backupsession/index.md#hosts-of-a-backup-process). + - **phase :** `phase` indicates the restore phase of this host. + - **duration :** `duration` indicates the total time taken to complete the restore process for this host. + - **error :** `error` shows the reason for failure if the restore process fails for this host. diff --git a/docs/concepts/crds/restorebatch/restorebatch.yaml b/docs/concepts/crds/restorebatch/restorebatch.yaml new file mode 100644 index 0000000..d715285 --- /dev/null +++ b/docs/concepts/crds/restorebatch/restorebatch.yaml @@ -0,0 +1,95 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: RestoreBatch +metadata: + name: batch-restore + namespace: demo +spec: + driver: Restic + repository: + name: minio-repo + namespace: demo + executionOrder: Parallel + members: + - target: + alias: app + ref: + apiVersion: apps/v1 + kind: Deployment + name: wordpress + rules: + - paths: + - /var/www/html + volumeMounts: + - mountPath: /var/www/html + name: wordpress-persistent-storage + - target: + alias: db + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: wordpress-mysql + rules: + - snapshots: + - latest + task: + name: mysql-restore-8.0.14 + timeOut: 30m +status: + phase: Succeeded + sessionDuration: 15.145032437s + conditions: + - lastTransitionTime: "2020-07-25T17:41:52Z" + message: Repository demo/minio-repo exist. + reason: RepositoryAvailable + status: "True" + type: RepositoryFound + - lastTransitionTime: "2020-07-25T17:41:52Z" + message: Backend Secret demo/minio-secret exist. + reason: BackendSecretAvailable + status: "True" + type: BackendSecretFound + members: + - conditions: + - lastTransitionTime: "2020-07-25T17:41:52Z" + message: Restore target apps/v1 deployment/wordpress + found. + reason: TargetAvailable + status: "True" + type: RestoreTargetFound + - lastTransitionTime: "2020-07-25T17:41:52Z" + message: Successfully injected stash init-container. + reason: InitContainerInjectionSucceeded + status: "True" + type: StashInitContainerInjected + phase: Succeeded + ref: + apiVersion: apps/v1 + kind: Deployment + name: wordpress + stats: + - duration: 822.861322ms + hostname: app + phase: Succeeded + totalHosts: 1 + - conditions: + - lastTransitionTime: "2020-07-25T17:41:52Z" + message: Restore target appcatalog.appscode.com/v1alpha1 appbinding/wordpress-mysql + found. + reason: TargetAvailable + status: "True" + type: RestoreTargetFound + - lastTransitionTime: "2020-07-25T17:41:52Z" + message: Successfully created restore job. + reason: RestoreJobCreationSucceeded + status: "True" + type: RestoreJobCreated + phase: Succeeded + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: wordpress-mysql + stats: + - duration: 4.597812876s + hostname: db + phase: Succeeded + totalHosts: 1 diff --git a/docs/concepts/crds/restoresession/index.md b/docs/concepts/crds/restoresession/index.md new file mode 100644 index 0000000..a9db2b0 --- /dev/null +++ b/docs/concepts/crds/restoresession/index.md @@ -0,0 +1,342 @@ +--- +title: RestoreSession Overview +menu: + docs_{{ .version }}: + identifier: restoresession-overview + name: RestoreSession + parent: crds + weight: 25 +product_name: kubestash +menu_name: docs_{{ .version }} +section_menu_id: concepts +--- + +> New to Stash? Please start [here](/docs/concepts/README.md). + +# RestoreSession + +## What is RestoreSession + +A `RestoreSession` is a Kubernetes `CustomResourceDefinition`(CRD) which specifies a target to restore and the source of data that will be restored in a Kubernetes native way. + +You have to create a `RestoreSession` object whenever you want to restore. When a `RestoreSession` object is created, Stash injects an `init-container` into the target workload and restarts it. The `init-container` restores the desired data. If the target is a database or a stand-alone PVC, Stash launches a job to perform the restore process. + +## RestoreSession CRD Specification + +Like any official Kubernetes resource, a `RestoreSession` has `TypeMeta`, `ObjectMeta`, `Spec` and `Status` sections. + +A sample `RestoreSession` object to restore backed up data of a StatefulSet is shown below: + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: RestoreSession +metadata: + name: statefulset-restore + namespace: demo +spec: + driver: Restic + repository: + name: minio-repo + namespace: demo + # task: + # name: workload-restore # task field is not required for workload data backup but it is necessary for database backup. + target: + alias: my-sts + ref: + apiVersion: apps/v1 + kind: StatefulSet + name: recovered-statefulset + volumeMounts: + - mountPath: /source/data + name: source-data + rules: + - targetHosts: ["my-sts-3","my-sts-4"] # "pod-3" and "pod-4" will have restored data of backed up host "pod-1" + sourceHost: "my-sts-1" # source host + paths: + - /source/data + include: + - /source/data/*.json + - targetHosts: [] # empty host match all hosts + sourceHost: "" # no source host indicates that the host is pod itself + paths: + - /source/data + exclude: + - /source/data/tmp.json + - /source/data/*.txt + hooks: + preRestore: + exec: + command: + - /bin/sh + - -c + - echo "Sample PreRestore hook demo" + containerName: stash-init + postRestore: + executionPolicy: Always + exec: + command: + - /bin/sh + - -c + - echo "Sample PostRestore hook demo" + containerName: stash-init + runtimeSettings: + container: + resources: + limits: + memory: 256M + requests: + memory: 256M + securityContext: + runAsGroup: 2000 + runAsUser: 2000 + ionice: + class: 2 + classData: 4 + nice: + adjustment: 5 + pod: + imagePullSecrets: + - name: my-private-registry-secret + serviceAccountName: my-backup-sa + tempDir: + disableCaching: false + medium: Memory + sizeLimit: 2Gi + timeOut: 30m +status: + totalHosts: 5 + phase: Succeeded + sessionDuration: 2m40.595857548s + conditions: + - lastTransitionTime: "2020-07-25T17:55:56Z" + message: Repository demo/minio-repo exist. + reason: RepositoryAvailable + status: "True" + type: RepositoryFound + - lastTransitionTime: "2020-07-25T17:55:56Z" + message: Backend Secret demo/minio-secret exist. + reason: BackendSecretAvailable + status: "True" + type: BackendSecretFound + - lastTransitionTime: "2020-07-25T17:55:56Z" + message: Restore target apps/v1 statefulset/recovered-statefulset found. + reason: TargetAvailable + status: "True" + type: RestoreTargetFound + - lastTransitionTime: "2020-07-25T17:55:56Z" + message: Successfully injected stash init-container. + reason: InitContainerInjectionSucceeded + status: "True" + type: StashInitContainerInjected + stats: + - duration: 884.431745ms + hostname: host-1 + phase: Succeeded + - duration: 769.924342ms + hostname: host-2 + phase: Succeeded + - duration: 868.694738ms + hostname: host-3 + phase: Succeeded + - duration: 792.097784ms + hostname: host-4 + phase: Succeeded + - duration: 833.139795ms + hostname: host-0 + phase: Succeeded +``` + +Here, we are going to describe the various sections of a `RestoreSession` object. + +### RestoreSession `Spec` + +A `RestoreSession` object has the following fields in the `spec` section. + +#### spec.driver + +`spec.driver` indicates the mechanism used to restore a target. Currently, Stash supports `Restic` and `VolumeSnapshotter` as drivers. The default value of this field is `Restic`. + +| Driver | Usage | +| ------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| `Restic` | Used to restore workload data, persistent volumes data and databases. It uses [restic](https://restic.net) to restore the target. | +| `VolumeSnapshotter` | Used to initialize PersistentVolumeClaim from VolumeSnapshot. It leverages Kubernetes [VolumeSnapshot](https://kubernetes.io/docs/concepts/storage/volume-snapshots/) crd and CSI driver to initialize the target PVCs from respective snapshots. Currently, it can restore only in the new PVC. | + +#### spec.target + +`spec.target` field indicates the target where data will be restored. This section consists of the following fields: + +- **spec.target.alias :** `spec.target.alias` field specifies the alias that was used as the identifier of the backed up data. It must match with the alias used during backup. + +- **spec.target.ref :** `spec.target.ref` refers to the restore target. You have to specify `apiVersion`, `kind`, and `name` of the target. Stash will use this information to inject an `init-container` or to create a restore job. + +- **spec.target.volumeMounts :** `spec.target.volumeMounts` specifies a list of volumes and their `mountPath` where the data will be restored. Stash will mount these volumes inside the `init-container` or restore job. + +> Note: Stash stores the absolute path of the backed up files. Hence, your restored volume must be mounted on the same `mountPath` as the original volume. Otherwise, the backed up files will not be restored into your desired volume. + +- **spec.target.volumeClaimTemplates :** You can specify a list of PVC template using `spec.target.volumeClaimTemplates` field. Stash will create those PVCs then it will restore the desired data into them. Then, you can use those PVCs to deploy your desired workload. + +- **spec.target.replicas :** If you want to restore the volumes of a StatefulSet through `spec.target.volumeClaimTemplate` field, you can specify the number of replicas of the StatefulSet using `spec.target.replicas`. In this case, you have to use `${POD_ORDINAL}` variable suffix in the claim name. Stash will replace that variable with respective ordinal and it will create the volumes for each replica. For more details, please visit [here](/docs/guides/use-cases/clone-pvc/index.md#clone-the-volumes-of-a-satefulset). + +- **spec.target.rules :** `spec.target.rules` is an array of restore rules that specify how Stash should restore data for each host. For example, Stash runs the restore process in all pods of a StatefulSet. You can configure this `spec.target.rules` section to control what data will be restored into which pod. Each restore rule has the following fields: + + - **targetHosts :** `targetHosts` field contains a list of host names that are subject to this rule. If `targetHosts` field is empty, this rule applies to all hosts for which there is no specific rule. In the sample `RestoreSession` given above, the first rule applies to only `pod-3` and `pod-4` and the second rule is applicable to all hosts. + - **sourceHost :** `sourceHost` specifies the name of host whose backed up data will be restored by this rule. In the sample `RestoreSession`, the first rule specifies that backed up data of `pod-0` will be restored into `pod-3` and `pod-4`. If you keep `sourceHost` field empty as the second rule of the above example, data from a similar backup host will be restored on the respective restore host. That means, backed up data of `pod-0` will be restored into `pod-0`, backed up data of `pod-1` will be restored into `pod-1` and so on. + - **paths :** `paths` specifies a list of file paths that will be restored into the hosts who are subject to this rule. + - **snapshots :** `snapshots` specifies the list of snapshots that will be restored into the hosts who are subject to this rule. If you don't specify the snapshot field, the latest snapshot of the file paths specified in the `paths` section will be restored. + - **include :** `include` field specifies a list of patterns for the files that should be restored. Stash only restore the files that match these patterns. + - **exclude :** `exclude` field specifies a list of patterns for the files that should be ignored during. Stash will not restore the files that match these patterns. + + Restore rules comply with the following conditions: + + - There could be at most one rule with an empty `targetHosts` field. + - No two rules with non-empty `targetHosts` can't be matched for a single host. + - Stash restore only one file path in a single snapshot. So, if you specify `snapshots` field in a rule, you can't specify `paths` field as it may cause restore failure if a file path wasn't backed up in the snapshot specified in the `snapshots` field. + - If no rule matches for a host, no data will be restored on that host. + - The order of the rules does not have any effect on the restoration process. + +#### spec.repository + +`spec.repository` specifies the name and namespace of the Repository CR that holds the necessary backend information where the backed up data has been stored. + +- `spec.repository.name` specifies the name of the Repository CR. +- `spec.repository.namespace` specifies the namespace of the Repository. If you don't provide this field, Stash will look for the Repository CR in the same namespace as the RestoreSession. + +#### spec.task + +`spec.task` specifies the name and parameters of the [Task](/docs/concepts/crds/task/index.md) crd to use to restore the target data. + +- **spec.task.name:** `spec.task.name` indicates the name of the `Task` template to use for this restore process. +- **spec.task.params:** `spec.task.params` is an array of custom parameters to use to configure the task. + +> `spec.task` section is not necessary for restoring workload data (i.e. Deployment, DaemonSet, StatefulSet, etc.). However, it is necessary for restoring the database and stand-alone PVC. + +#### spec.hooks + +`spec.hooks` allows performing some actions before and after the restoration process. You can send HTTP requests to a remote server via `httpGet` or `httpPost` hooks. You can check whether a TCP socket is open using `tcpSocket` hook. You can also execute some commands into your application pod using `exec` hook. + +- **spec.hooks.preRestore:** `spec.hooks.preRestore` hooks are executed before the restore process. +- **spec.hooks.postRestore:** `spec.hooks.postRestore` hooks are executed after the restore process. Unlike the `preRestore` hook, `postRestore` hook has an extra field named `executionPolicy` which let you execute hook based on the restore status. Currently, it support the following values: + - `Always`: The hook will be executed after the restore process no matter the restore has failed or succeeded. This is the default behavior. + - `OnSuccess`: The hook will be executed after the restore process only if the restore has succeeded. + - `OnFailure`: The hook will be executed after the restore process only if the restore has failed. + +For more details on how hooks work in Stash and how to configure different types of hook, please visit [here](/docs/guides/hooks/overview/index.md). + +#### spec.runtimeSettings + +`spec.runtimeSettings` allows to configure runtime environment for restore `init-container` or job. You can specify runtime settings in both the pod level and container level. + +- **spec.runtimeSettings.container** + + `spec.runtimeSettings.container` is used to configure restore init-container/job in container level. You can configure the following container level parameters, + +| Field | Usage | +| :---------------: | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| `resources` | Compute resources required by restore init-container or restore job. To know how to manage resources for containers, please visit [here](https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/). | +| `livenessProbe` | Periodic probe of restore init-container/job's container liveness. The container will be restarted if the probe fails. | +| `readinessProbe` | Periodic probe of restore init-container/job's container readiness. The container will be removed from service endpoints if the probe fails. | +| `lifecycle` | Actions that the management system should take in response to container lifecycle events. | +| `securityContext` | Security options that restore init-container/job's container should run with. For more details, please visit [here](https://kubernetes.io/docs/concepts/policy/security-context/). | +| `nice` | Set CPU scheduling priority for the restore process. For more details about `nice`, please visit [here](https://www.askapache.com/optimize/optimize-nice-ionice/#nice). | +| `ionice` | Set I/O scheduling class and priority for the restore process. For more details about `ionice`, please visit [here](https://www.askapache.com/optimize/optimize-nice-ionice/#ionice). | +| `env` | A list of the environment variables to set in the restore init-container/job's container. | +| `envFrom` | This allows to set environment variables to the restore init-container/job's container from a Secret or ConfigMap. | + +- **spec.runtimeSettings.pod** + + `spec.runtimeSettings.pod` is used to configure restore job in pod level. You can configure following pod level parameters, + +| Field | Usage | +| ------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| `serviceAccountName` | Name of the `ServiceAccount` to use for restore job. Stash init-container will use the same `ServiceAccount` as the target. | +| `nodeSelector` | Selector which must be true for restore job pod to fit on a node. | +| `automountServiceAccountToken` | Indicates whether a service account token should be automatically mounted into the restore job's pod. | +| `nodeName` | NodeName is used to request to schedule restore job's pod onto a specific node. | +| `securityContext` | Security options that restore job's pod should run with. For more details, please visit [here](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/). | +| `imagePullSecrets` | A list of secret names in the same namespace that will be used to pull images from the private docker registry. For more details, please visit [here](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/). | +| `affinity` | Affinity and anti-affinity to schedule restore job's pod in the desired node. For more details, please visit [here](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). | +| `schedulerName` | Name of the scheduler that should dispatch the restore job. | +| `tolerations` | Taints and Tolerations to ensure that restore job's pod is not scheduled in inappropriate nodes. For more details about `toleration`, please visit [here](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/). | +| `priorityClassName` | Indicates the restore job pod's priority class. For more details, please visit [here](https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/). | +| `priority` | Indicates the restore job pod's priority value. | +| `readinessGates` | Specifies additional conditions to be evaluated for Pod readiness. For more details, please visit [here](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-readiness-gate). | +| `runtimeClassName` | RuntimeClass is used for selecting the container runtime configuration. For more details, please visit [here](https://kubernetes.io/docs/concepts/containers/runtime-class/) | +| `enableServiceLinks` | EnableServiceLinks indicates whether information about services should be injected into pod's environment variables. | + +#### spec.tempDir + +Stash mounts an `emptyDir` for holding temporary files. It is also used for `caching` for faster restore performance. You can configure the `emptyDir` using `spec.tempDir` section. You can also disable `caching` using this field. The following fields are configurable in `spec.tempDir` section: + +- **spec.tempDir.medium :** Specifies the type of storage medium should back this file path. +- **spec.tempDir.sizeLimit :** Maximum limit of storage for this volume. +- **spec.tempDir.disableCaching :** Disable caching while restoring. This may negatively impact restore performance. This field is set to `false` by default. + +#### spec.timeOut + +`spec.timeOut` specifies the maximum amount of time to wait for the restore to complete. If the restore doesn't complete within this time limit, Stash will mark the respective RestoreSession as `Failed`. You can specify the timeout in the following format: + +- Seconds `30s` +- Minutes `10m` +- Hours `1h` +- Combination of seconds, minutes, and hours `10m30s`, `1h30m` etc. + +Stash does not support providing days (`d`) in the `timeOut` field. Use the equivalent hours instead. + +#### spec.interimVolumeTemplate + +For some targets (i.e. some databases), Stash can't directly pipe the restored data into the target. In this case, it has to store the restored data temporarily before injecting into the target. `spec.interimVolumeTemplate` specifies a PVC template for holding those data temporarily. Stash will create a PVC according to the template and use it to store the data temporarily. This PVC will be deleted automatically if you delete the `RestoreSession`. + +>Note that the usage of this field is different from `spec.tempDir` which is used for caching purpose. Stash has introduced this field because the `emptyDir` volume that is used for `spec.tempDir` does not play nice with large databases( i.e. 100Gi database). Also, it provides debugging capability as Stash keeps it until you delete the `RestoreSession`. + +### RestoreSession `Status` + +`.status` section of `RestoreSession` shows progress, stats, and overall phase of the restore process. The restore init-container or job adds its respective stats in `.status` section after it completes its task. `.status` section consists of the following fields: + +#### status.totalHosts + +Not every pod or replica of the target will run the restore process. Thus, we refer those entities that run the restore process as a host. `status.totalHosts` specifies the total number of hosts that will run the restore process for this RestoreSession. For more details on how many hosts will run restore process for which types of workload, please visit [here](#hosts-of-a-restore-process). + +#### status.phase + +`status.phase` indicates the overall phase of the restore process for this RestoreSession. `status.phase` will be `Succeeded` only if the phase of all hosts are `Succeeded`. If any of the hosts fail to complete restore, `status.phase` will be `Failed`. + +#### status.sessionDuration + +`status.sessionDuration` indicates the total time taken to complete the restoration of all hosts. + +#### status.sessionDeadline + +`status.sessionDeadline` indicates the the deadline of the restore process. `RestoreSession` will be considered `Failed` if the restore does not complete within this deadline. + + +#### status.conditions + +`status.conditions` shows the conditions of various steps of the restore process. Stash sets the following conditions for a RestoreSession: + +| Condition Type | Usage | +| ---------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------- | +| `RepositoryFound` | Indicates whether the respective Repository object was found or not. | +| `BackendSecretFound` | Indicates whether the respective backend secret was found or not. | +| `RestoreTargetFound` | Indicates whether the restore target was found or not. | +| `StashInitContainerInjected` | Indicates whether stash init-container was injected into the targeted workload or not. This condition is applicable only in the sidecar model. | +| `RestorerEnsured` | Indicates whether the Restorer job/init-container was created or not. | +| `ValidationPassed` | Indicates whether the resource has passed validation checks or not. | +| ` MetricsPushed` | Indicates whether the metrics have been pushed to the Pushgateway or not. | +| `DeadlineExceeded` | Indicates whether the session deadline was exceeded or not.| + +#### status.stats + +`status.stats` section is an array of restore statistics of individual hosts. Each host adds their statistics in this array after completing their restore process. This field is only available for the `Restic` driver but not available for the `VolumeSnapshotter` driver. The default value of the driver is `Restic`. + +Individual host stats entry consists of the following fields: + +- **hostname :** `hostname` indicates the name of the host. Usually, it is the `alias` or `alias-`. For more details, please visit [here](/docs/concepts/crds/backupsession/index.md#hosts-of-a-backup-process). +- **phase :** `phase` indicates the restore phase of this host. +- **duration :** `duration` indicates the total time taken to complete the restore process for this host. +- **error :** `error` shows the reason for failure if the restore process fails for this host. + +## Next Steps + +- Learn how restore of workloads data works from [here](/docs/guides/workloads/overview/index.md). +- Learn how restore of databases works from [here](/docs/guides/addons/overview/index.md). +- Learn how restore stand-alone PVC works from [here](/docs/guides/volumes/overview/index.md). diff --git a/docs/concepts/crds/restoresession/restoresession.yaml b/docs/concepts/crds/restoresession/restoresession.yaml new file mode 100644 index 0000000..9ac033e --- /dev/null +++ b/docs/concepts/crds/restoresession/restoresession.yaml @@ -0,0 +1,116 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: RestoreSession +metadata: + name: statefulset-restore + namespace: demo +spec: + driver: Restic + repository: + name: minio-repo + namespace: demo + # task: + # name: workload-restore # task field is not required for workload data backup but it is necessary for database backup. + target: + alias: my-sts + ref: + apiVersion: apps/v1 + kind: StatefulSet + name: recovered-statefulset + volumeMounts: + - mountPath: /source/data + name: source-data + rules: + - targetHosts: ["my-sts-3","my-sts-4"] # "pod-3" and "pod-4" will have restored data of backed up host "pod-1" + sourceHost: "my-sts-1" # source host + paths: + - /source/data + include: + - /source/data/*.json + - targetHosts: [] # empty host match all hosts + sourceHost: "" # no source host indicates that the host is pod itself + paths: + - /source/data + exclude: + - /source/data/tmp.json + - /source/data/*.txt + hooks: + preRestore: + exec: + command: + - /bin/sh + - -c + - echo "Sample PreRestore hook demo" + containerName: stash-init + postRestore: + executionPolicy: Always + exec: + command: + - /bin/sh + - -c + - echo "Sample PostRestore hook demo" + containerName: stash-init + runtimeSettings: + container: + resources: + limits: + memory: 256M + requests: + memory: 256M + securityContext: + runAsGroup: 2000 + runAsUser: 2000 + ionice: + class: 2 + classData: 4 + nice: + adjustment: 5 + pod: + imagePullSecrets: + - name: my-private-registry-secret + serviceAccountName: my-backup-sa + tempDir: + disableCaching: false + medium: Memory + sizeLimit: 2Gi + timeOut: 30m +status: + totalHosts: 5 + phase: Succeeded + sessionDuration: 2m40.595857548s + conditions: + - lastTransitionTime: "2020-07-25T17:55:56Z" + message: Repository demo/minio-repo exist. + reason: RepositoryAvailable + status: "True" + type: RepositoryFound + - lastTransitionTime: "2020-07-25T17:55:56Z" + message: Backend Secret demo/minio-secret exist. + reason: BackendSecretAvailable + status: "True" + type: BackendSecretFound + - lastTransitionTime: "2020-07-25T17:55:56Z" + message: Restore target apps/v1 statefulset/recovered-statefulset found. + reason: TargetAvailable + status: "True" + type: RestoreTargetFound + - lastTransitionTime: "2020-07-25T17:55:56Z" + message: Successfully injected stash init-container. + reason: InitContainerInjectionSucceeded + status: "True" + type: StashInitContainerInjected + stats: + - duration: 884.431745ms + hostname: host-1 + phase: Succeeded + - duration: 769.924342ms + hostname: host-2 + phase: Succeeded + - duration: 868.694738ms + hostname: host-3 + phase: Succeeded + - duration: 792.097784ms + hostname: host-4 + phase: Succeeded + - duration: 833.139795ms + hostname: host-0 + phase: Succeeded diff --git a/docs/concepts/crds/snapshot/index.md b/docs/concepts/crds/snapshot/index.md new file mode 100644 index 0000000..4126d2e --- /dev/null +++ b/docs/concepts/crds/snapshot/index.md @@ -0,0 +1,149 @@ +--- +title: Snapshot Overview +menu: + docs_{{ .version }}: + identifier: snapshot-overview + name: Snapshot + parent: crds + weight: 50 +product_name: kubestash +menu_name: docs_{{ .version }} +section_menu_id: concepts +--- +> New to Stash? Please start [here](/docs/concepts/README.md). + +# Snapshot + +## What is Snapshot + +A `Snapshot` is a representation of backup snapshot in a Kubernetes native way. Stash uses an [Aggregated API Server](https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/aggregated-api-servers.md) to provide `get` and `list` capabilities for snapshots from the backend. + +This enables you to view some useful information such as `creationTimestamp`, `snapshot id`, `backed up path` etc of a snapshot. This also provides the capability to restore a specific snapshot. + +## Snapshot structure + +Like other official Kuberentes resources, a `Snapshot` has `TypeMeta`, `ObjectMeta` and `Status` sections. However, unlike other Kubernetes resources, it does not have a `Spec` section. + +A sample `Snapshot` object is shown below, + +```yaml +apiVersion: repositories.stash.appscode.com/v1alpha1 +kind: Snapshot +metadata: + creationTimestamp: "2020-07-25T17:41:31Z" + labels: + hostname: app + repository: minio-repo + name: minio-repo-b54ee4a0 + namespace: demo + uid: b54ee4a0e9c9084696dc976f125c4fd0e6b1a31abfd82cfc857b3bc9e559fa2f +status: + gid: 0 + hostname: app + paths: + - /var/lib/html + repository: minio-repo + tree: 11527d99281bf3725d58cd637d1f3c19ab9d397d6cff1887a1cd1f9c8c5ebb80 + uid: 0 + username: "" +``` + +Here, we are going to describe the various sections of a `Snapshot` object. + +### Snapshot `Metadata` + +- **metadata.name** + + `metadata.name` specifies the name of the `Snapshot` object. It follows the following pattern, `-`. + +- **metadata.uid** + + `metadata.uid` specifies the complete id of the respective restic snapshot in the backend. + +- **metadata.creationTimestamp** + + `metadata.creationTimestamp` represents the time when the snapshot was created. + +- **metadata.labels** + + A `Snapshot` object holds `repository` and `hostname` as a label in `metadata.labels` section. This helps a user to query the snapshots of a particular repository and/or a particular host. + +### Snapshot `Status` + +`Snapshot` object has the following fields in `.status` section: + +- **status.gid** +`status.gid` indicates the group identifier of the user who took this backup. + +- **status.hostname** +`status.hostname` indicates the host identifier whose data has been backed up in this snapshot. In order to know how this host identifier are generated, please visit [here](/docs/concepts/crds/backupsession/index.md#hosts-of-a-backup-process). + +- **status.paths** +`status.paths` indicates the paths that have been backed up in this snapshot. + +- **status.repository** +`status.repository` indicates the name of the Repository crd where this Snapshot came from. + +- **status.tree** +`status.tree` indicates `tree` of the restic snapshot. For more details, please visit [here](https://restic.readthedocs.io/en/stable/100_references.html#trees-and-data). + +- **status.uid** +`status.uid` indicates `uid` of the user who took this backup. For `root` user it is 0. + +- **status.username** +`status.username` indicates the name of the user who runs the backup process that took the backup. + +- **status.tags** +`status.tags` indicates the tags of the snapshot. + +## Working with Snapshot + +In this section, we are going to show different types of operations you can perform on the Snapshots. + +**Listing Snapshots:** + +Stash lists Snapshots directly from the backend. This operation can take more time than the default request timeout of `kubectl`. So, we are going to increase the request timeout through the `--request-timeout` flag for get/list commands. + +```bash +# List Snapshots of all Repositories in the current namespace +$ kubectl get snapshot --request-timeout=300s + +# List Snapshots of all Repositories of all namespaces +$ kubectl get snapshot --all-namespaces --request-timeout=300s + +# List Snapshots of all Repositories of a particular namespace +$ kubectl get snapshot -n demo --request-timeout=300s + +# List Snapshots of a particular Repository +$ kubectl get snapshot -l repository=local-repo --request-timeout=300s + +# List Snapshots from multiple Repositories +$ kubectl get snapshot -l 'repository in (local-repo,gcs-repo)' --request-timeout=300s + +# List Snapshots of a particular host +$ kubectl get snapshot -l hostname=db --request-timeout=300s + +# List Snapshots of a particular Repository and particular host +$ kubectl get snapshot -l repository=local-repo,hostname=db --request-timeout=300s +``` + +**Viewing information of a particular Snapshot:** + +```bash +$ kubectl get snapshot [-n ] -o yaml + +# Example: +$ kubectl get snapshot -n demo local-repo-02b0ed42 -o yaml +``` + +## Preconditions for Snapshot + +1. Stash provides `Snapshots` listing facility with the help of an Aggregated API Server. Your cluster must support Aggregated API Server. Otherwise, you won't be able to perform `get` or `list` operation on `Snapshot`. + +2. If you are using [local](/docs/guides/backends/local/index.md) backend, the respective pod that took the backup must be in `Running` state. It is not necessary if you use cloud backends. + +## Next Steps + +- Learn how to configure `BackupConfiguration` to backup workloads data from [here](/docs/guides/workloads/overview/index.md). +- Learn how to configure `BackupConfiguration` to backup databases from [here](/docs/guides/addons/overview/index.md). +- Learn how to configure `BackupConfiguration` to backup stand-alone PVC from [here](/docs/guides/volumes/overview/index.md). diff --git a/docs/concepts/crds/snapshot/snapshot.yaml b/docs/concepts/crds/snapshot/snapshot.yaml new file mode 100644 index 0000000..2903474 --- /dev/null +++ b/docs/concepts/crds/snapshot/snapshot.yaml @@ -0,0 +1,19 @@ +apiVersion: repositories.stash.appscode.com/v1alpha1 +kind: Snapshot +metadata: + creationTimestamp: "2020-07-25T17:41:31Z" + labels: + hostname: app + repository: minio-repo + name: minio-repo-b54ee4a0 + namespace: demo + uid: b54ee4a0e9c9084696dc976f125c4fd0e6b1a31abfd82cfc857b3bc9e559fa2f +status: + gid: 0 + hostname: app + paths: + - /var/lib/html + repository: minio-repo + tree: 11527d99281bf3725d58cd637d1f3c19ab9d397d6cff1887a1cd1f9c8c5ebb80 + uid: 0 + username: "" diff --git a/docs/concepts/crds/task/index.md b/docs/concepts/crds/task/index.md new file mode 100644 index 0000000..591a9e0 --- /dev/null +++ b/docs/concepts/crds/task/index.md @@ -0,0 +1,97 @@ +--- +title: Task Overview +menu: + docs_{{ .version }}: + identifier: task-overview + name: Task + parent: crds + weight: 35 +product_name: kubestash +menu_name: docs_{{ .version }} +section_menu_id: concepts +--- + +> New to Stash? Please start [here](/docs/concepts/README.md). + +# Task + +## What is Task + +An entire backup or restore process needs an ordered execution of one or more steps. A [Function](/docs/concepts/crds/function/index.md) represents a step of a backup or restore process. A `Task` is a Kubernetes `CustomResourceDefinition`(CRD) which specifies a sequence of functions along with their parameters in a Kubernetes native way. + +When you install Stash, some `Task`s will be pre-installed for supported targets like databases, etc. However, you can create your own `Task` to customize or extend the backup/restore process. Stash will execute these steps in the order you have specified. + +## Task CRD Specification + +Like any official Kubernetes resource, a `Task` has `TypeMeta`, `ObjectMeta` and `Spec` sections. However, unlike other Kubernetes resources, it does not have a `Status` section. + +A sample `Task` object to backup a PostgreSQL database is shown below: + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: Task +metadata: + name: postgres-backup-11.2 +spec: + steps: + - name: postgres-backup-11.2 + params: + - name: outputDir # specifies where to write output file + value: /tmp/output + - name: secretVolume # specifies where backend secret has been mounted + value: secret-volume + - name: update-status + params: + - name: outputDir + value: /tmp/output + - name: secretVolume + value: secret-volume + volumes: + - name: secret-volume + secret: + secretName: ${REPOSITORY_SECRET_NAME} +``` + +This `Task` uses two functions to backup a PostgreSQL database. The first step uses `postgres-backup-11.2` function that dumps PostgreSQL database and uploads the dumped file. The second step uses `update-status` function which updates the status of the `BackupSession` and `Repository` crd for respective backup. + +Here, we are going to describe the various sections of a `Task` crd. + +### Task `Spec` + +A `Task` object has the following fields in the `spec` section: + +#### spec.steps + +`spec.steps` section specifies a list of functions and their parameters in the order they should be executed. You can also templatize this section using the [variables](/docs/concepts/crds/function/index.md#stash-provided-variables) that Stash can resolve itself. Stash will resolve all the variables and create a pod definition with a container specification for each `Function` specified in `steps` section. + +Each `step` consists of the following fields: + +- **name :** `name` specifies the name of the `Function` that will be executed at this step. +- **params :** `params` specifies an optional list of variables names and their values that Stash should use to resolve the respective `Function`. If you use a variable in a `Function` specification whose value Stash cannot provide, you can pass the value of that variable using this `params` section. You have to specify the following fields for a variable: + - **name :** `name` of the variable. + - **value :** value of the variable. + +In the above example `Task`, we have used `outputDir` variable in `postgres-backup-11.2` function that Stash can't resolve automatically. So, we have passed the value using the `params` section in the `Task` object. + +>Stash executes the `Functions` in the order they appear in `spec.steps` section. All the functions except the last one will be used to create `init-container` specification and the last function will be used to create `container` specification for respective backup job. This guarantees an ordered execution of the steps. + +#### spec.volumes + +`spec.volumes` specifies a list of volumes that should be mounted in the respective job created for this `Task`. In the sample we have shown above, we need to mount storage secret for the backup job. So, we have added the secret volume in `spec.volumes` section. Note that, we have used `REPOSITORY_SECRET_NAME` variable as secret name. This variable will be resolved by Stash from `Repository` specification. + +## Why Function and Task? + +You might be wondering why we have introduced `Function` and `Task` crd. We have designed `Function-Task` model for the following reasons: + +- **Customizability:** `Function` and `Task` enables you to customize backup/recovery process. For example, currently we use [mysqldump](https://dev.mysql.com/doc/refman/8.0/en/mysqldump.html) in `mysql-backup` Function to backup MySQL database. You can build a custom `Function` using Percona's [xtrabackup](https://www.percona.com/software/mysql-database/percona-xtrabackup) tool instead of `mysqldump`. Then you can write a `Task` with this custom `Function` and use it to backup your target MySQL database. + + You can also customize backup/restore process by executing hooks before or after the backup/restore process. For example, if you want to execute some logic to prepare your apps for backup or you want to send an email notification after each backup, you just need to add `Function` with your custom logic and respective `Task` to execute them. + +- **Extensibility:** Currently, Stash supports backup of MySQL, MongoDB and PostgreSQL databases. You can easily backup the databases that are not officially supported by Stash. You just need to create a `Function` and a `Task` for your desired database. + +- **Re-usability:** `Function`'s are self-sufficient and independent of Stash. So, you can reuse them in any application that uses `Function-Task` model. + +## Next Steps + +- Learn how Stash backup databases using `Function-Task` model from [here](/docs/guides/addons/overview/index.md). +- Learn how Stash backup stand-alone PVC using `Function-Task` model from [here](/docs/guides/volumes/overview/index.md). diff --git a/docs/concepts/crds/task/task.yaml b/docs/concepts/crds/task/task.yaml new file mode 100644 index 0000000..375a9f6 --- /dev/null +++ b/docs/concepts/crds/task/task.yaml @@ -0,0 +1,22 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: Task +metadata: + name: postgres-backup-11.2 +spec: + steps: + - name: postgres-backup-11.2 + params: + - name: outputDir # specifies where to write output file + value: /tmp/output + - name: secretVolume # specifies where backend secret has been mounted + value: secret-volume + - name: update-status + params: + - name: outputDir + value: /tmp/output + - name: secretVolume + value: secret-volume + volumes: + - name: secret-volume + secret: + secretName: ${REPOSITORY_SECRET_NAME} diff --git a/docs/concepts/what-is-stash/_index.md b/docs/concepts/what-is-stash/_index.md new file mode 100644 index 0000000..d0a9510 --- /dev/null +++ b/docs/concepts/what-is-stash/_index.md @@ -0,0 +1,11 @@ +--- +title: What is Stash +description: What is Stash +menu: + docs_{{ .version }}: + identifier: what-is-stash + parent: concepts + name: What is Stash + weight: 10 +menu_name: docs_{{ .version }} +--- diff --git a/docs/concepts/what-is-stash/architecture/images/stash_architecture.svg b/docs/concepts/what-is-stash/architecture/images/stash_architecture.svg new file mode 100644 index 0000000..04fae9a --- /dev/null +++ b/docs/concepts/what-is-stash/architecture/images/stash_architecture.svg @@ -0,0 +1,924 @@ + + + + + + image/svg+xml + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/concepts/what-is-stash/architecture/index.md b/docs/concepts/what-is-stash/architecture/index.md new file mode 100644 index 0000000..0a33d94 --- /dev/null +++ b/docs/concepts/what-is-stash/architecture/index.md @@ -0,0 +1,94 @@ +--- +title: Stash Architecture +description: Stash Architecture +menu: + docs_{{ .version }}: + identifier: architecture-concepts + name: Architecture + parent: what-is-stash + weight: 20 +product_name: kubestash +menu_name: docs_{{ .version }} +section_menu_id: concepts +--- + +# Stash Architecture + +Stash is a Kubernetes operator for [restic](https://restic.net/). At the heart of Stash, it is a Kubernetes [controller](https://book.kubebuilder.io/cronjob-tutorial/controller-overview.html). It uses [Custom Resource Definition(CRD)](https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/) to specify targets and behaviors of backup and restore process in a Kubernetes native way. A simplified architecture of Stash is shown below: + +
    +  Stash Architecture +
    Fig: Stash Architecture
    +
    + +## Components + +Stash consists of various components that implement backup and restore logic. This section will give you a brief overview of such components. + +### Stash Operator + +When a user installs Stash, it creates a Kubernetes [Deployment](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/) typically named `stash-operator`. This deployment controls the entire backup and restore process. `stash-operator` deployment runs two containers. One of them is called `operator` which performs the core functionality of Stash and the other one is `pushgateway` which is a Prometheus [pushgateway](https://github.com/prometheus/pushgateway). + +#### Operator + +`operator` container runs all the controllers as well as an [Aggregated API Server](https://kubernetes.io/docs/tasks/access-kubernetes-api/setup-extension-api-server/). + +##### Controllers + +Controllers watch various Kubernetes resources as well as the custom resources introduced by Stash. It applies the backup or restore logic for a target resource when requested by users. + +##### Aggregated API Server + +Aggregated API Server self-hosts validating and mutating [webhooks](https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/) and runs an Extension API Server for Snapshot resource. + +- **Mutating Webhook:** Stash uses Mutating Webhook to inject backup `sidecar` or restore `init-container` into a workload if any backup or restore process is configured for it. It is also used for defaulting custom resources. + +- **Validating Webhook:** Validating Webhook is used to validate the custom resource objects. + +- **Snapshot Server:** Stash uses Kubernetes Extended API Server to provide `view` and `list` capability of backed up snapshots. When a user requests for Snapshot objects, Snapshot server reads respective information directly from backend repository and returns object representation in a Kubernetes native way. + +#### Pushgateway + +`pushgateway` container runs Prometheus [pushgateway](https://github.com/prometheus/pushgateway). All the backup sidecars/jobs and restore init-containers/jobs send Prometheus metrics to this pushgateway after completing their backup or restore process. Prometheus server can scrape those metrics from this pushgateway. + +### Backend + +Backend is the storage where Stash stores backed up files. It can be a cloud storage like GCS bucket, AWS S3, Azure Blob Storage etc. or a Kubernetes persistent volume like [NFS](https://kubernetes.io/docs/concepts/storage/volumes/#nfs), [PersistentVolumeClaim](https://kubernetes.io/docs/concepts/storage/volumes/#persistentvolumeclaim), etc. To learn more about backend, please visit [here](/docs/guides/backends/overview/index.md). + +### CronJob + +When a user creates a [BackupConfiguration](#backupconfiguration) object, Stash creates a CronJob with the schedule specified in it. At each scheduled slot, this CronJob triggers a backup for the targeted workload. + +### Backup Sidecar / Backup Job + +When a user creates a [BackupConfiguration](#backupconfiguration) object, Stash injects a `sidecar` to the target if it is a workload (i.e. `Deployment`, `DaemonSet`, `StatefulSet` etc.). This `sidecar` takes backup when the respective CronJob triggers a backup. If the target is a database or stand-alone volume, Stash creates a job to take backup at each trigger. + +### Restore Init-Container / Restore Job + +When a user creates a [RestoreSession](#restoresession) object, Stash injects an `init-container` to the target if it is a workload (i.e. `Deployment`, `DaemonSet`, `StatefulSet` etc.). This `init-container` performs restore process on restart. If the target is a database or stand-alone volume, Stash creates a job to restore the target. + +### Custom Resources + +Stash uses [Custom Resource Definition(CRD)](https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/) to specify targets and behaviors of backup and restore process in a Kubernetes native way. This section will give you a brief overview of the custom resources used by Stash. + +- **Repository:** A `Repository` specifies the backend storage system where the backed up data will be stored. A user has to create `Repository` object for each backup target. Only one target can be backed up into one `Repository`. For details about `Repository`, please visit [here](/docs/concepts/crds/repository/index.md). + +- **BackupConfiguration:** A `BackupConfiguration` specifies the backup target, behaviors (schedule, retention policy etc.), `Repository` object that holds backend information etc. A user has to create one `BackupConfiguration` object for each backup target. When a user creates a `BackupConfiguration`, Stash creates a CronJob for it and injects backup sidecar to the target if it is a workload (i.e. Deployment, DaemonSet, StatefulSet etc.). For more details about `BackupConfiguration`, please visit [here](/docs/concepts/crds/backupconfiguration/index.md). + +- **BackupSession:** A `BackupSession` object represents a backup run of a target. It is created by respective CronJob at each scheduled time slot. It refers to a `BackupConfiguration` object for necessary configuration. Controller that runs inside backup sidecar (in case of backup via job, it is stash operator itself) will watch this `BackupSession` object and start taking the backup instantly. A user can also create a `BackupSession` object manually to trigger instant backups. For more details about `BackupSession`s, please visit [here](/docs/concepts/crds/backupsession/index.md). + +- **RestoreSession:** A `RestoreSession` specifies what to restore and the source of data. A user has to create a `RestoreSession` object when s/he wants to restore a target. When s/he creates a `RestoreSession`, Stash injects an `init-container` into the target workload (launches a job if the target is not a workload) to restore. For more details about `RestoreSession`, please visit [here](/docs/concepts/crds/restoresession/index.md). + +- **Function:** A `Function` is a template for a container that performs only a specific action. For example, `pg-backup` function only dumps and uploads the dumped file into the backend, whereas `update-status` function updates the status of the respective `BackupSession` and `Repository` and sends Prometheus metrics to `pushgateway` based on the output of another function. For more details about `Function`, please visit [here](/docs/concepts/crds/function/index.md). + +- **Task:** A complete backup or restore process may consist of several steps. For example, in order to backup a PostgreSQL database we first need to dump the database, upload the dumped file to backend and then we need to update `Repository` and `BackupSession` status and send Prometheus metrics. We represent such individual steps via `Function` objects. An entire backup or restore process needs an ordered execution of one or more functions. A `Task` specifies an ordered collection of functions along with their parameters. `Function` and `Task` enables users to extend or customize the backup/restore process. For more details about `Task`, please visit [here](/docs/concepts/crds/task/index.md). + +- **BackupBlueprint:** A `BackupBlueprint` enables users to provide a blueprint for `Repository` and `BackupConfiguration` object. Then, s/he just needs to add some annotations to the workload s/he wants to backup. Stash will automatically create respective `Repository` and `BackupConfiguration` according to the blueprint. In this way, users can create a single blueprint for all similar types of workloads and backup them only by applying some annotations on them. In Stash parlance, we call this process **Auto Backup**. For more details about `BackupBlueprint`, please visit [here](/docs/concepts/crds/backupblueprint/index.md). + +- **BackupBatch:** Sometimes, a single stateful component may not meet the requirements of your application. For example, in order to deploy a WordPress, you will need a Deployment for the WordPress and another Deployment for database to store it's contents. Now, you may want to backup both of the deployment and database together as they are parts of a single application. A `BackupBatch` is a Kubernetes `CustomResourceDefinition`(CRD) which lets you configure backup for multiple co-related stateful components(workload, database etc.) together. For more details, please visit [here](/docs/concepts/crds/backupbatch/index.md). + +- **RestoreBatch:** A `RestoreBatch` allows restoring of multiple co-related targets together that were backed up using a `BackupBatch`. For more details, please visit [here](/docs/concepts/crds/restorebatch/index.md). + +- **AppBinding:** An `AppBinding` holds necessary information to connect with an application. For more details about `AppBinding`, please visit [here](/docs/concepts/crds/appbinding/index.md). + +- **Snapshot:** A `Snapshot` is a representation of a backup snapshot in a Kubernetes native way. Stash uses Kuberentes Extended API Server for handling `Snapshot`s. For more details about `Snapshot`s, please visit [here](/docs/concepts/crds/snapshot/index.md). diff --git a/docs/concepts/what-is-stash/overview/index.md b/docs/concepts/what-is-stash/overview/index.md new file mode 100644 index 0000000..6f8dd71 --- /dev/null +++ b/docs/concepts/what-is-stash/overview/index.md @@ -0,0 +1,46 @@ +--- +title: Stash Overview +description: Stash Overview +menu: + docs_{{ .version }}: + identifier: overview-concepts + name: Overview + parent: what-is-stash + weight: 10 +product_name: kubestash +menu_name: docs_{{ .version }} +section_menu_id: concepts +--- + +# Stash + +[Stash](https://stash.run) by AppsCode is a cloud native data backup and recovery solution for Kubernetes workloads. If you are running production workloads in Kubernetes, you might want to take backup of your disks, databases etc. Traditional tools are too complex to setup and maintain in a dynamic compute environment like Kubernetes. Stash is a Kubernetes operator that uses [restic](https://github.com/restic/restic) or Kubernetes CSI Driver VolumeSnapshotter functionality to address these issues. Using Stash, you can backup Kubernetes volumes mounted in workloads, stand-alone volumes and databases. User may even extend Stash via [addons](https://stash.run/docs/{{< param "info.version" >}}/guides/addons/overview/) for any custom workload. + +## Features + +| Features | Community Edition | Enterprise Edition | Scope | +| --------------------------------------------------------------------------------------- | :---------------: | :----------------: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| | Open source Stash Free for everyone | Open Core Stash for production Enterprise workloads | | +| Backup & Restore Stand-alone Volume (PVC) | ✓ | ✓ | PersistentVolumeClaim, PersistentVolume | +| Schedule Backup, Instant Backup | ✓ | ✓ | Schedule through [cron expression](https://en.wikipedia.org/wiki/Cron) or trigger instant backup using Stash Kubernetes plugin | +| Pause Backup | ✓ | ✓ | No new backup when paused. | +| Backup & Restore subset of files | ✓ | ✓ | Only backup/restore the files that matches the provided patterns | +| Cleanup old snapshots automatically | ✓ | ✓ | Cleanup old snapshots according to different [retention policies](https://restic.readthedocs.io/en/stable/060_forget.html#removing-snapshots-according-to-a-policy) | +| Encryption, Deduplication (send only diff) | ✓ | ✓ | Encrypt backed up data with AES-256. Stash only sends the changes since last backup. | +| [CSI Driver Integration](https://kubernetes.io/docs/concepts/storage/volume-snapshots/) | ✓ | ✓ | VolumeSnapshot for Kubernetes workloads. Supported for Kubernetes v1.17.0+. | +| Prometheus Metrics | ✓ | ✓ | Rich backup metrics, restore metrics and Stash operator metrics. | +| Security | ✓ | ✓ | Built-in support for RBAC, PSP and Network Policy | +| CLI | ✓ | ✓ | `kubectl` plugin (for Kubernetes 1.12+) | +| Extensibility and Customizability | ✓ | ✓ | Write addons for bespoke applications and customize currently supported workloads | +| Hooks | ✓ | ✓ | Execute `httpGet`, `httpPost`, `tcpSocket` and `exec` hooks before and after of backup or restore process. | +| Cloud Storage as Backend | ✓ | ✓ | Stores backup data in AWS S3, Minio, Rook, GCS, Azure, OpenStack Swift, Backblaze B2 and Rest Server | +| On-prem Storage as Backend | ✗ | ✓ | Stores backup data in any locally mounted Kubernetes Volumes such as NFS, etc. | +| Backup & Restore databases | ✗ | ✓ | PostgreSQL, MySQL, MongoDB, Elasticsearch, Redis, MariaDB, Percona XtraDB | +| Auto Backup | ✗ | ✓ | Share backup configuration across workloads using templates. Enable backup for a target application via annotation. | +| Batch Backup & Batch Restore | ✗ | ✓ | Backup and restore co-related applications (eg, WordPress server and its database) together | +| Point-In-Time Recovery (PITR) | ✗ | Planned | Restore a set of files from a time in the past. | +| Role Based Access Control (RBAC) | ✓ | ✓ | | +| Open Policy Agent (OPA) | ✓ | ✓ | | +| Pod Security Policy (PSP) | ✓ | ✓ | | +| Network Policy | ✓ | ✓ | | +| GDPR | ✗ | Planned | | \ No newline at end of file diff --git a/docs/design.md b/docs/design.md new file mode 100644 index 0000000..7170617 --- /dev/null +++ b/docs/design.md @@ -0,0 +1,902 @@ +# Stash Design Overview + +We are going to make a design overhaul of Stash to simplify backup and recovery process and support some most requested features. This doc will discuss what features stash is going to support and how these features may work. + +We have introduced some new crd such as [Function](#function), [Task](#action) etc. and made whole process more modular. This will make easy to add support for new features and the users will also be able to customize backup process. Furthermore, this will make stash resources inter-operable between different tools and even might allow to use stash resources as function in serverless concept. + +**We are hoping this design will graduate to GA. So, we are taking security seriously. We are going to make sure that nobody can bypass clusters security using Stash. This might requires to remove some existing features (for example, restore from different namespace). However, we are going to provide an alternate way to cover those use cases.** + +## Goal + +Goal of this new design to support following features: +- [Schedule Backup and Restore Workload Data](#schedule-backup-and-restore-workload-data) +- [Schedule Backup and Restore PVC](#schedule-backup-and-restore-pvc) +- [Schedule Backup and Restore Database](#schedule-backup-and-restore-database) +- [Schedule Backup Cluster YAMLs](#schedule-backup-cluster-yamls) +- [Trigger Backup Instantly](#trigger-backup-instantly) +- [Default Backup](#default-backup) +- [Auto Restore](#auto-restore) +- [Stash cli/kubectl-plugin](#stash-clikubectl-plugin) +- [Function](#function) +- [Task](#task) + +## Schedule Backup and Restore Workload Data + +### Backup Workload Data + +User will be able to backup data from a running workload. + +**What user have to do?** + +- Create a `Repository` crd. +- Create a `BackupConfiguration` crd pointing to targeted workload. + +Sample `Repository` crd: + +```yaml +apiVersion: stash.appscode.com/v1alpha2 +kind: Repository +metadata: + name: stash-backup-repo + namespace: demo +spec: + backend: + gcs: + bucket: stash-backup-repo + prefix: default/deployment/stash-demo + storageSecretName: gcs-secret +``` + +Sample `BackupConfiguration` crd: + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: workload-data-backup + namespace: demo +spec: + schedule: '@every 1h' + # + # repository refers to the Repository crd that hold backend information + repository: + name: stash-backup-repo + # target indicate the target workload that we want to backup + target: + ref: + apiVersion: apps/v1 + kind: Deployment + name: stash-demo + # directories indicates the directories inside the workload we want to backup + directories: + - /source/data + # retentionPolicies specify the policy to follow to clean old backup snapshots + retentionPolicy: + keepLast: 5 + prune: true +``` + +**How it will work?** + +- Stash will watch for `BackupCofiguration` crd. When it will find a `BackupConfiguration` crd, it will inject a `sidecar` container to the workload and start a `cron` for scheduled backup. +- In each schedule, the `cron` will create `BackupSession` crd. +- The `sidecar` container watches for `BackupSession` crd. If it finds one, it will take backup instantly and update `BackupSession` status accordingly. + +Sample `BackupSession` crd: + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: BackupSession +metadata: + name: demo-volume-backup-session + namespace: demo +spec: + # backupConfiguration indicates the BackupConfiguration crd of respective target that we want to backup + backupConfiguration: + name: backup-volume-demo +status: + observedGeneration: 239844#2 + phase: Succeed + stats: + - direcotry: /source/data + snapshot: 40dc1520 + totalSize: 1.720 GiB + uploaded: 1.200 GiB # upload size can be smaller than original file size if there are some duplicate files + fileStats: + new: 5307 + changed: 0 + unmodified: 0 +``` + +### Restore Workload Data + +User will be able to restore backed up data either into a separate volume or into the same workload from where the backup was taken. Here, is an example for recovering into same workload. + +**What user have to do?** + +- Create a `RestoreSession` crd pointing `target` field to the workload. + +Sample `RestoreSession` crd to restore into same workload: + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: RestoreSession +metadata: + name: recovery-database-demo + namespace: demo +spec: + repository: + name: stash-backup-repo + target: # target indicates where the recovered data will be stored + ref: + apiVersion: apps/v1 + kind: Deployment + name: stash-demo + directories: # indicates which directories will be recovered + - /source/data +``` + +**How it will work?** + +- When Stash will find a `RestoreSession` crd created to restore into a workload, it will inject a `init-container` to the targeted workload. +- Then, it will restart the workload. +- The `init-container` will restore data inside the workload. + +> **Warning:** Restore in same workload require to restart the workload. So, there will be downtime of the workload. + +## Schedule Backup and Restore PVC + +### Backup PVC + +User will be also able to backup stand-alone pvc. This is useful for `ReadOnlyMany` or `ReadWriteMany` type pvc. + +**What user have to do?** + +- Create a `Repository` crd for respective backend. + +- Create a `BackupConfiguration` crd pointing `target` field to the volume. + +Sample `BackupConfiguration` crd to backup a PVC: + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: volume-backup-demo + namespace: demo +spec: + schedule: '@every 1h' + # task indicates Task crd that specifies the steps to backup a volume. + # stash will create some default Task crd while install to backup/restore various resources. + # user can also crate their own Task to customize backup/recovery + task: + name: volumeBackup + # repository refers to the Repository crd that hold backend information + repository: + name: stash-backup-repo + # target indicate the target workload that we want to backup + target: + ref: + apiVersion: v1 + kind: PersistentVolumeClaim + name: demo-pvc + mountPath: /source/data + # retentionPolicies specify the policy to follow to clean old backup snapshots + retentionPolicy: + keepLast: 5 + prune: true +``` + +**How it will work?** + +1. Stash will create a `CronJob` using information of respective `Task` crd specified by `task` field. +2. The `CronJob` will take periodic backup of the target volume. + +### Restore PVC + +User will be able to restore backed up data into a volume. + +**What user have to do?** + +- Create a `RestoreSession` crd pointing `target` field to the target volume where the recovered data will be stored. + +Sample `RestoreSession` crd to restore into a volume: + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: RestoreSession +metadata: + name: recovery-volume-demo + namespace: demo +spec: + repository: + name: stash-backup-repo + # task indicates Task crd that specifies steps to restore a volume + task: + name: volumeRecovery + target: # target indicates where the recovered data will be stored + ref: + apiVersion: v1 + kind: PersistentVolumeClaim + name: demo-pvc + mountPath: /source/data + directories: # indicates which directories will be recovered + - /source/data +``` + +**How it will work?** + +- When Stash will find a `RestoreSession` crd created to restore into a volume, it will launch a Job to restore into that volume. +- The recovery Job will restore and store recovered data to the specified volume. + +## Schedule Backup and Restore Database + +### Backup Database + +User will be able to backup database using Stash. + +**What user have to do?** + +- Create a `Repository` crd for respective backend. +- Create an `AppBinding` crd which holds connection information for the database. If the database is deployed with [KubeDB](https://kubedb.com/docs/0.9.0/welcome/), `AppBinding` crd will be created automatically for each database. +- Create a `BackupConfiguration` crd pointing to the `AppBinding` crd. + +Sample `AppBinding` crd: + +```yaml +apiVersion: appcatalog.appscode.com/v1alpha1 +kind: AppBinding +metadata: + name: quick-postgres + namespace: demo + labels: + app.kubernetes.io/name: postgreses.kubedb.com + app.kubernetes.io/instance: quick-postgres +spec: + clientConfig: + insecureSkipTLSVerify: true + service: + name: quick-postgres + port: 5432 + scheme: "http" + secret: + name: quick-postgres-auth + type: kubedb.com/postgres +``` + +Sample `BackupConfiguration` crd for database backup: + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: database-backup-demo + namespace: demo +spec: + schedule: '@every 1h' + # task indicates Task crd that specifies the steps to backup postgres database + task: + name: pgBackup + inputs: + database: my-postgres # specify this field if you want to backup a particular database. + # repository refers to the Repository crd that hold backend information + repository: + name: stash-backup-repo + # target indicates the respective AppBinding crd for target database + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: quick-postgres + # retentionPolicies specify the policy to follow to clean old backup snapshots + retentionPolicy: + keepLast: 5 + prune: true +``` + +**How it will work?** + +- When Stash will see a `BackupConfiguration` crd for database backup, it will launch a `CronJob` to take periodic backup of this database. + +### Restore Database + +User will be able to initialize a database from backed up snapshot. + +**What user have to do?** + +- Create a `RestoreSession` crd with `target` field pointing to respective `AppBinding` crd of the target database. + +Sample `RestoreSession` crd to restore database: + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: RestoreSession +metadata: + name: database-recovery-demo + namespace: demo +spec: + repository: + name: stash-backup-repo + # task indicates Task crd that specifies the steps to restore Postgres database + task: + name: pgRecovery + target: # target indicates where to restore + # indicates the respective AppBinding crd for target database that we want to initialize from backup + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: quick-postgres +``` + +**How it will work?:** + +- Stash will launch a Job to restore the backed up database and initialize target with this recovered data. + +## Schedule Backup Cluster YAMLs + +User will be able to backup yaml of the cluster resources. However, currently stash will not provide automatic restore cluster from the YAMLs. So, user will have to create them manually. + +In future, Stash might be able to backup and restore not only YAMLs but also entire cluster. + +**What user have to do?** + +- Create a `Repository` crd for respective backend. +- Create a `BackupConfiguration` crd with `task` field point to a `Task` crd that backup cluster. + +Sample `BackupConfiguration` crd to backup YAMLs of cluster resources: + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: cluster-backup-demo + namespace: demo +spec: + schedule: '@every 1h' + # task indicates Task crd that specifies the steps of backup cluster yamls + task: + name: clusterBackup + # repository refers to the Repository crd that hold backend information + repository: + name: stash-backup-repo + # + # retentionPolicies specify the policy to follow to clean old backup snapshots + retentionPolicy: + keepLast: 5 + prune: true +``` + +**How it will work?** + +- Stash will launch a `CronJob` using informations of the `Task` crd specified through `task` filed. +- The `CronJob` will take periodic backup of the cluster. + +## Trigger Backup Instantly + +User will be able to trigger a scheduled backup instantly. + +**What user have to do?** + +- Create a `BackupSession` crd pointing to the target `BackupConfiguration` crd. + +Sample `BackupSession` crd for triggering instant backup: + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: BackupSession +metadata: + name: demo-volume-backup-session + namespace: demo +spec: + # backupConfiguration indicates the BackupConfiguration crd of respective target that we want to backup + backupConfiguration: + name: volume-backup-demo +``` + +**How it will work?** + +- For scheduled backup through `sidecar` container, the `sidecar` container will take instant backup as it watches for `BackupSession` crd. +- For scheduled backup through `CronJob`, Stash will launch another job to take instant backup of the target. + +## Default Backup + +User will also be able to configure a `default` backup for the cluster. So, user will no longer need to create `Repository` and `BackupConfiguration` crd for every workload he want to backup. Instead, she will need to add some annotations to the target workload. + +**What user have to do?** + +- Create a `BackupTemplate` crd which will hold backend information and backup information. +- Add some annotations to the target. If the target is a database then add the annotations to respective `AppBinding` crd. + +### Default Backup of Workload Data + +Sample `BackupTemplate` crd to backup workload data: + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: BackupTemplate +metadata: + name: workload-data-backup-template +spec: + backend: + gcs: + bucket: stash-backup-repo + prefix: ${target.namespace}/${target.name} # this prefix template will be used to initialize repository in different directory in backend. + storageSecretName: gcs-secret # users must ensure this secret is present in respective namespace + schedule: '@every 1h' + # < no task required > + retentionPolicy: + name: 'keep-last-5' + keepLast: 5 + prune: true +``` + +Sample workload with annotations for default backup: + +```yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: stash-demo + namespace: demo + labels: + app: stash-demo + # if stash find bellow annotations, it will take backup of it. + annotations: + stash.appscode.com/backuptemplate: "workload-data-backup-template" + stash.appscode.com/targetDirectories: "[/source/data]" +spec: + replicas: 1 + selector: + matchLabels: + app: stash-demo + template: + metadata: + labels: + app: stash-demo + name: busybox + spec: + containers: + - args: + - sleep + - "3600" + image: busybox + imagePullPolicy: IfNotPresent + name: busybox + volumeMounts: + - mountPath: /source/data + name: source-data + restartPolicy: Always + volumes: + - name: source-data + configMap: + name: stash-sample-data +``` + +### Default Backup of a PVC + +Sample `BackupTemplate` crd for stand-alone pvc backup: + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: BackupTemplate +metadata: + name: volume-backup-template +spec: + backend: + gcs: + bucket: stash-backup-repo + prefix: ${target.namespace}/${target.name} # this prefix template will be used to initialize repository in different directory in backend. + storageSecretName: gcs-secret # users must ensure this secret is present in respective namespace + schedule: '@every 1h' + task: + name: volumeBackup + retentionPolicy: + name: 'keep-last-5' + keepLast: 5 + prune: true +``` + +Sample PVC with annotation for default backup: + +```yaml +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: demo-pvc + namespace: demo + # if stash find bellow annotations, it will take backup of it. + annotations: + stash.appscode.com/backuptemplate: "volume-backup-template" +spec: + accessModes: + - ReadWriteMany + resources: + requests: + storage: 1Gi +``` + +### Default Backup of Database + +Sample `BackupTemplate` crd for database backup: + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: BackupTemplate +metadata: + name: pgdb-backup-template +spec: + backend: + gcs: + bucket: stash-backup-repo + prefix: ${target.namespace}/${target.name} # this prefix template will be used to initialize repository in different directory in backend. + storageSecretName: gcs-secret # users must ensure this secret is present in respective namespace + schedule: '@every 1h' + task: + name: pgBackup + retentionPolicy: + name: 'keep-last-5' + keepLast: 5 + prune: true +``` + +Sample `AppBinding` crd with annotations for default backup: + +```yaml +apiVersion: appcatalog.appscode.com/v1alpha1 +kind: AppBinding +metadata: + name: quick-postgres + namespace: demo + labels: + app.kubernetes.io/name: postgreses.kubedb.com + app.kubernetes.io/instance: quick-postgres + # if stash find bellow annotations, it will take backup of it. + annotations: + stash.appscode.com/backuptemplate: "pgdb-backup-template" +spec: + clientConfig: + insecureSkipTLSVerify: true + service: + name: quick-postgres + port: 5432 + scheme: "http" + secret: + name: quick-postgres-auth + type: kubedb.com/postgres +``` + +**How it will work?** + +- Stash will watch the workloads, volume and `AppBinding` crds. When Stash will find an workload/volume/AppBinding crd with these annotations, it will create a `Repository` crd and a `BackupConfiguration` crd using the information from respective `Task`. +- Then, Stash will take normal backup as discussed earlier. + +## Auto Restore + +User will be also able to configure an automatic recovery for a particular workload. Each time the workload restart, at first it will perform restore data from backup then original workload's container will start. + +**What user have to do?** + +- User will have to provide some annotations in the workload. + +Sample workload wit annotation to restore on restart: + +```yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: stash-demo + namespace: demo + labels: + app: stash-demo + # This annotations indicates that data should be recovered on each restart of the workload + annotations: + stash.appscode.com/restorepolicy: "OnRestart" + stash.appscode.com/repository: "demo-backup-repo" + stash.appscode.com/directories: "[/source/data]" +spec: + replicas: 1 + selector: + matchLabels: + app: stash-demo + template: + metadata: + labels: + app: stash-demo + name: busybox + spec: + containers: + - args: + - sleep + - "3600" + image: busybox + imagePullPolicy: IfNotPresent + name: busybox + volumeMounts: + - mountPath: /source/data + name: source-data + restartPolicy: Always + volumes: + - name: source-data + configMap: + name: stash-sample-data +``` + +**How it will work?** + +- When Stash will see a `RestoreSession` crd configured for auto recovery, it will inject an `init-container` to the target. +- The `init-container` will perform recovery on each restart. + +## Stash cli/kubectl-plugin + +We are going to provide a Stash plugin for `kubectl`. This will help to perform following operations: + +- Restore into local machine instead of cluster (necessary for testing purpose). +- Restore into a different namespace from a repository: copy repository + secret into the desired namespace and then create `RestoreSession` object. +- Backup PV: creates matching PVC from PV (ensures that user has permission to read PV) +- Trigger instant backup. + +## Function + +`Function` are independent single-containered workload specification that perform only single task. For example, [pgBackup](#pgbackup) takes backup a PostgreSQL database and [clusterBackup](#clusterbackup) takes backup of YAMLs of cluster resources. `Function` crd has some variable fields with `$` prefix which hast be resolved while creating respective workload. You can consider these variable fields as input for an `Function`. + +Some example `Function` definition is given below: + +#### clusterBackup + +```yaml +# clusterBackup function backup yamls of all resources of the cluster +apiVersion: stash.appscode.com/v1beta1 +kind: Function +metadata: + name: clusterBackup +spec: + image: appscodeci/cluster-tool:v1 + name: cluster-tool + args: + - backup + - --sanitize=${sanitize} + - --provider=${provider} + - --hostname=${hostname} + - --path=${repoDir} + - --output-dir=${outputDir} + - --retention-policy.policy=${policy} + - --retention-policy.value=${retentionValue} + - --metrics.enabled=${enableMetric} + - --metrics.pushgateway-url=${pushgatewayURL} + - --metrics.labels="workload-kind=${workloadKind},workload-name=${workloadName}" + volumeMounts: + - name: ${tempVolumeName} + mountPath: /tmp/restic + - name: ${storageSecretName} + mountPath: /etc/secrets/storage-secret +``` + +#### pgBackup + +```yaml +# pgBackup function backup a PostgreSQL database +apiVersion: stash.appscode.com/v1beta1 +kind: Function +metadata: + name: pgBackup +spec: + image: appscodeci/postgresql-tool:v1 + name: postgres-tool + args: + - backup + - --database=${databases} + - --provider=${provider} + - --hostname=${hostname} + - --path=${repoDir} + - --output-dir=${outputDir} + - --retention-policy.policy=${policy} + - --retention-policy.value=${retentionValue} + - --metrics.enabled=${enableMetric} + - --metrics.pushgateway-url=${pushgatewayURL} + - --metrics.labels="workload-kind=${workloadKind},workload-name=${workloadName}" + runtimeSettings: + env: + - name: PGPASSWORD + valueFrom: + secretKeyRef: + name: $(databaseSecret) + key: "POSTGRES_PASSWORD" + - name: DB_USER + valueFrom: + secretKeyRef: + name: $(databaseSecret) + key: "POSTGRES_USER" + - name: DB_HOST + value: $(host) + volumeMounts: + - name: ${tempVolumeName} + mountPath: /tmp/restic + - name: ${storageSecretName} + mountPath: /etc/secrets/storage-secret + +``` + +#### pgRecovery + +```yaml +# pgRecovery function restore a PostgreSQL database +apiVersion: stash.appscode.com/v1beta1 +kind: Function +metadata: + name: pgRecovery +spec: + image: appscodeci/postgresql-tool:v1 + name: postgres-tool + args: + - restore + - --provider=${provider} + - --hostname=${hostname} + - --path=${repoDir} + - --output-dir=${outputDir} + - --metrics.enabled=${enableMetric} + - --metrics.pushgateway-url=${pushgatewayURL} + - --metrics.labels="workload-kind=${workloadKind},workload-name=${workloadName}" + runtimeSettings: + env: + - name: PGPASSWORD + valueFrom: + secretKeyRef: + name: $(databaseSecret) + key: "POSTGRES_PASSWORD" + - name: DB_USER + valueFrom: + secretKeyRef: + name: $(databaseSecret) + key: "POSTGRES_USER" + - name: DB_HOST + value: $(host) + volumeMounts: + - name: ${tempVolumeName} + mountPath: /tmp/restic + - name: ${storageSecretName} + mountPath: /etc/secrets/storage-secret +``` + +#### stashPostBackup + +```yaml +# stashPostBackup update Repository and BackupSession status for respective backup +apiVersion: stash.appscode.com/v1beta1 +kind: Function +metadata: + name: stashPostBackup +spec: + image: appscode/stash:0.9.0 + name: stash-post-backup + args: + - post-backup-update + - --repository=${repoName} + - --backupsession=${backupSessionName} + - --output-json-dir=${outputJsonDir} + volumeMounts: + - name: ${outputVolumeName} + mountPath: /tmp/restic +``` + +## stashPostRecovery + +```yaml +# stashPostRecovery update RestoreSession status for respective recovery +apiVersion: stash.appscode.com/v1beta1 +kind: Function +metadata: + name: stashPostRecovery +spec: + image: appscode/stash:0.9.0 + name: stash-post-recovery + args: + - post-recovery-update + - --recoveryconfiguration=${recoveryConfigurationName} + - --output-json-dir=${outputJsonDir} + volumeMounts: + - name: ${outputVolumeName} + mountPath: /tmp/restic +``` + +## Task + +A complete backup process may need to perform multiple function. For example, if you want to backup a PostgreSQL database, we need to initialize a `Repository`, then backup the database and finally update `Repository` and `BackupSession` status to inform backup is completed or push backup metrics to a `pushgateway` . `Task` specifies these functions sequentially along with their inputs. + +We have chosen to break complete backup process into several independent steps so that those individual functions can be used with other tool than Stash. It also make easy to add support for new feature. For example, to add support new database backup, we are going to just require to add a `Function` and `Task` crd. We are going to no longer need change anything in Stash operator code. This will also helps users to backup databases that are not officially supported by stash. + +Some sample `Task` is given below: + +#### pgBackup + +```yaml +# pgBackup specifies required functions and their inputs to backup PostgreSQL database +apiVersion: stash.appscode.com/v1beta1 +kind: Task +metadata: + name: pgBackup +spec: + functions: + - name: pgBackup + inputs: + database: ${databases} + provider: ${provider} + hostname: ${hostname} + repoDir: ${prefix} + outputDir: ${outputDir} + policy: ${retentionPolicyName} + retentionValue: ${retentionPolicyValue} + enableMetric: ${enableMetric} + pushgatewayURL: ${pushgatewayURL} + workloadKind: ${kind} + workloadName: ${name} + tempVolumeName: ${tmpVolumeName} + storageSecretName: ${secretName} + - name: stashPostBackup + inputs: + repoName: ${repoName} + backupSession: ${backupSessionName} + outputJsonDir: ${output-dir} + outputVolumeName: ${output-volume-name} +``` + +#### pgRecovery + +```yaml +# pgRecovery specifies required functions and their inputs to restore PostgreSQL database +apiVersion: stash.appscode.com/v1beta1 +kind: Task +metadata: + name: pgRecovery +spec: + functions: + - name: pgRecovery + inputs: + provider: ${provider} + hostname: ${hostname} + repoDir: ${prefix} + outputDir: ${outputDir} + enableMetric: ${enableMetric} + pushgatewayURL: ${pushgatewayURL} + workloadKind: ${kind} + workloadName: ${name} + tempVolumeName: ${tmpVolumeName} + storageSecretName: ${secretName} + - name: stashPostRecovery + inputs: + recoveryConfigurationName: ${recoveryConfigurationName} + outputJsonDir: ${output-dir} + outputVolumeName: ${output-volume-name} +``` + +#### clusterBackup + +```yaml +# clusterBackup specifies required functions and their inputs to backup cluster yaml +apiVersion: stash.appscode.com/v1beta1 +kind: Task +metadata: + name: clusterBackup +spec: + functions: + - name: clusterBackup + inputs: + sanitize: ${sanitize} + provider: ${provider} + hostname: ${hostname} + repoDir: ${prefix} + outputDir: ${outputDir} + policy: ${retentionPolicyName} + retentionValue: ${retentionPolicyValue} + enableMetric: ${enableMetric} + pushgatewayURL: ${pushgatewayURL} + workloadKind: ${kind} + workloadName: ${name} + tempVolumeName: ${tmpVolumeName} + storageSecretName: ${secretName} + - name: stashPostBackup + inputs: + repoName: ${repoName} + backupSession: ${backupSessionName} + outputJsonDir: ${output-dir} + outputVolumeName: ${output-volume-name} +``` diff --git a/docs/guides/README.md b/docs/guides/README.md new file mode 100644 index 0000000..25082c8 --- /dev/null +++ b/docs/guides/README.md @@ -0,0 +1,50 @@ +--- +title: Table of Contents | Guides +description: Table of Contents | Guides +menu: + docs_{{ .version }}: + identifier: guides-readme + name: Readme + parent: guides + weight: -1 +product_name: kubestash +menu_name: docs_{{ .version }} +section_menu_id: guides +url: /docs/{{ .version }}/guides/ +aliases: + - /docs/{{ .version }}/guides/README/ +--- + +# Guides + +Guides show how to perform different operations with Stash. We have divided guides section into the following sub-sections: + +- [Supported Backends](/docs/guides/backends/overview/index.md): Describes how to configure different storage for storing backed up data. +- [Workload Volume Backup](/docs/guides/workloads/overview/index.md): Shows how to use Stash to backup and restore volumes of a workload (i.e. `Deployment`, `StatefulSet`, `DaemonSet`, etc). +- [Stand-alone Volume Backup](/docs/guides/volumes/overview/index.md): Shows how to use Stash to backup and restore stand-alone volumes(i.e. `PersistentVolumeClaim`). +- [Batch Backup](/docs/guides/batch-backup/overview/index.md): Shows how to backup multiple co-related components using a single configuration known as `BackupBatch`. +- [Auto Backup](/docs/guides/auto-backup/overview/index.md): Shows how to configure automatic backup of any stateful workload in your cluster. +- [Volume Snapshot](/docs/guides/volumesnapshot/overview/index.md): Shows how Stash takes snapshot of `PersistentVolumeClaim`s and restore them from snapshot using Kubernetes `VolumeSnapshot` API. + +- **Different Use Cases:** +Shows different uses cases of Stash like instant backup, pause backup, cross-namespace backup and restore etc. + + - [Instant Backup](/docs/guides/use-cases/instant-backup/index.md): Shows you how to take an instant backup in Stash. + - [Exclude/Include Files](/docs/guides/use-cases/exclude-include-files/index.md): Shows how to exclude/include subset of files during backup/restore process. + - [Pause Backup](/docs/guides/use-cases/pause-backup/index.md): Shows how to pause a backup temporarily. + - [Clone Data Volumes](/docs/guides/use-cases/clone-pvc/index.md): Shows how to clone data volumes of a workload into a different namespace in a cluster using Stash. + - [File Ownership](/docs/guides/use-cases/ownership/index.md): Explains when and how ownership of the restored files can be changed. + - [Cross-Cluster Backup and Restore](/docs/guides/use-cases/cross-cluster-backup/index.md): Shows how to take backup and restore across clusters using Stash. + - [Customize Backup and Restore](/docs/guides/use-cases/customize-backup-restore/index.md): Shows how to customize backup and restore processes in Stash according to your needs. + +- **Managed Backup** +Shows how backup and restore can be managed in some specific scenerios. + - [Dedicated Backup Namespace](/docs/guides/managed-backup/dedicated-backup-namespace/index.md): Shows you how to manage backup and restore from a dedicated namespace for targets of different namespaces using Stash. + - [Dedicated Storage Namespace](/docs/guides/managed-backup/dedicated-storage-namespace/index.md): Shows you how to take backup and restore by keeping the storage resources (Repository and backend Secret) in a dedicated namespace using Stash. + +- [Platforms](/docs/guides/platforms/eks-irsa/index.md): Shows how to use Stash to backup and restore volumes of a Kubernetes workload running in different platforms. +- [Monitoring](/docs/guides/monitoring/overview/index.md): Shows how Prometheus monitoring works with Stash, what metrics Stash exports, and how to enable monitoring. +- [Hooks](/docs/guides/hooks/overview/index.md): Shows how to execute different actions before/after the backup/restore process. +- [CLI](/docs/guides/cli/kubectl-plugin/index.md): Shows how to manage Stash objects quickly and easily using Stash `kubectl` plugin. +- [Troubleshooting](/docs/guides/troubleshooting/how-to-troubleshoot/index.md): Gives an overview of how you can gather the necessary information to identify the issue that causes the backup/restore failure. +- [Security](/docs/guides/security/rbac/index.md): Describes different built-in cluster security support by Stash. diff --git a/docs/guides/_index.md b/docs/guides/_index.md new file mode 100644 index 0000000..1225b9a --- /dev/null +++ b/docs/guides/_index.md @@ -0,0 +1,9 @@ +--- +title: Guides | Stash +menu: + docs_{{ .version }}: + identifier: guides + name: Guides + weight: 40 +menu_name: docs_{{ .version }} +--- diff --git a/docs/guides/addons/_index.md b/docs/guides/addons/_index.md new file mode 100644 index 0000000..7a40269 --- /dev/null +++ b/docs/guides/addons/_index.md @@ -0,0 +1,10 @@ +--- +title: Addons | Stash +menu: + docs_{{ .version }}: + identifier: addons + name: Addons + parent: guides + weight: 110 +menu_name: docs_{{ .version }} +--- diff --git a/docs/guides/addons/overview/images/addon_overview.svg b/docs/guides/addons/overview/images/addon_overview.svg new file mode 100644 index 0000000..2cd2053 --- /dev/null +++ b/docs/guides/addons/overview/images/addon_overview.svg @@ -0,0 +1,433 @@ + + + + + + image/svg+xml + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/guides/addons/overview/index.md b/docs/guides/addons/overview/index.md new file mode 100644 index 0000000..b63a2eb --- /dev/null +++ b/docs/guides/addons/overview/index.md @@ -0,0 +1,43 @@ +--- +title: Addons | Stash +menu: + docs_{{ .version }}: + identifier: addons-overview + name: Overview + parent: addons + weight: 10 +product_name: kubestash +menu_name: docs_{{ .version }} +section_menu_id: guides +--- + +# Stash Addons + +Stash 0.9.0+ supports extending its functionality through addons. This guide will give you an overview of what is an addon, how addons work and a list of Stash addons. + +## What is an Addon + +Stash 0.9.0+ uses two different models for backup/restore based on target types. One of them is **sidecar model** where Stash injects a `sidecar`/`init-container` into the targeted workload for backup/restore. Another is **job model** where backup or restore is done via an external job. + +The job model is further divided into two categories. In the first category, the targeted resource is well known to Stash (example, a PVC). Hence, the Stash operator itself can create the required job to backup/restore the target. In the second category, Stash follows `Function-Task` model where the targeted resource is not known to Stash. In this case, the user creates some [Function](/docs/concepts/crds/function/index.md) which resembles a step of backup/restore process and a [Task](/docs/concepts/crds/task/index.md) which specifies the order of execution of these steps. Stash uses these `Function` and `Task` to generate the required job definition to backup/restore the target. + +The `Function-Task` model enables Stash to backup/restore the resources that the operator itself is not aware of. Users can extend Stash by creating respective `Function`, `Task`, and docker images for respective `Function` to backup their desired resources. + +A Stash addon is a collection of [Functions](/docs/concepts/crds/function/index.md) and a [Task](/docs/concepts/crds/task/index.md) to backup & restore a specific resource. + +## How Addons Work + +When a user installs a Stash addon, it creates some `Function` and `Task` definitions. Then, when he creates a `BackupConfiguration` or `RestoreSession` object to backup/restore his desired resource, Stash operator resolves the `Function` and `Task` to create a Job to backup/restore the target. The following diagram shows how addons works in Stash: + +
    +  Stash Addon Overview +
    Fig: Stash Addon Overview
    +
    + +A `Function` is fundamentally a container specification and `Task` specifies the execution order of the containers. Stash operator injects all the containers except last one resolved from the `Function` specified in `Task` as `init-container` into the job in the same order they appear in the `Task`. Then, it injects the last container as the main container of the Job. + +## Available Addons + +The following addons are available for [Stash](/docs/setup/install/stash/index.md): + +{{< catalogtable "elasticsearch" "mariadb" "mongodb" "mysql" "percona-xtradb" "postgres" >}} diff --git a/docs/guides/auto-backup/_index.md b/docs/guides/auto-backup/_index.md new file mode 100644 index 0000000..5bed1ec --- /dev/null +++ b/docs/guides/auto-backup/_index.md @@ -0,0 +1,10 @@ +--- +title: Auto Backup | Stash +menu: + docs_{{ .version }}: + identifier: auto-backup + name: Auto Backup + parent: guides + weight: 60 +menu_name: docs_{{ .version }} +--- diff --git a/docs/guides/auto-backup/database/index.md b/docs/guides/auto-backup/database/index.md new file mode 100644 index 0000000..57b8ca8 --- /dev/null +++ b/docs/guides/auto-backup/database/index.md @@ -0,0 +1,82 @@ +--- +title: Auto Backup Databases | Stash +description: Stash auto-backup for databases. +menu: + docs_{{ .version }}: + identifier: auto-backup-database + name: Auto Backup for Databases + parent: auto-backup + weight: 40 +product_name: kubestash +menu_name: docs_{{ .version }} +section_menu_id: guides +--- + +# Auto Backup for Database + +This tutorial will give you an overview of how you can configure Stash auto-backup of the databases and the available configurable options for database auto-backup. + +## Configuring auto-backup for databases + +To configure auto-backup for a database, you have to follow the following steps: + +- **Create BackupBlueprint:** At first, you have to create a `BackupBlueprint` with the template for `Repository` and `BackupConfiguration`. Use the appropriate `Task` in the `task` section. +- **Create Storage Secret:** Then, you have to create a storage Secret in the same namespace as your database with the access credential to your backend. You can re-use this secret to backup the other databases in that namespace. +- **Add auto-backup annotations:** Finally, add the auto-backup annotations to your database object or the respective `AppBinding` object. + +## Where to put auto-backup annotations + +If you are using KubeDB to manage your databases, you can add the annotations to your database object. KubeDB will automatically pass those annotations to the respective `AppBinding`. + +If you are not managing your database using KubeDB, you have to add the annotation in the respective `AppBinding` that you have created for your database. + +## Available Auto-Backup Annotations for Database + +The following auto-backup annotations are available for the databases: + +- **BackupBlueprint Name:** You have to specify the `BackupBlueprint` name that holds the template for `Repository` and `BackupConfiguration` in the following annotation: + +```yaml +stash.appscode.com/backup-blueprint: +``` + +You can also specify multiple BackupBlueprint name separated by comma (`,`). For example: + +```yaml +stash.appscode.com/backup-blueprint: daily-gcs-backup,weekly-s3-backup +``` + +- **Schedule:** You can specify a custom schedule for a target to overwrite the schedule of the BackupBlueprint through this annotation. + +```yaml + stash.appscode.com/schedule: +``` + +- **Task Parameters:** You can also pass some parameters to the respective backup `Task` through annotations. Use following format to pass parameters via annotations: + +```yaml +params.stash.appscode.com/key1: value1 +params.stash.appscode.com/key2: value2,value3 +params.stash.appscode.com/key3: ab=123,bc=234 +``` + +The above parameters will be added in the `spec.task.params` section as bellow, + +```yaml +task: + name: postgres-backup-13.1-v1 + params: + - name: key1 + value: value1 + - name: key2 + value: value3,value3 + - name: key3 + value: ab=123,bc=234 +``` + +## Database Auto-backup Examples + +You can find auto-backup examples for the databases here: + +- [Backup PostgreSQL using Stash Auto-Backup](/docs/addons/postgres/auto-backup/index.md) +- [Backup Elasticsearch using Stash Auto-Backup](/docs/addons/elasticsearch/auto-backup/index.md) diff --git a/docs/guides/auto-backup/overview/images/auto_backup_overview.svg b/docs/guides/auto-backup/overview/images/auto_backup_overview.svg new file mode 100644 index 0000000..af9643e --- /dev/null +++ b/docs/guides/auto-backup/overview/images/auto_backup_overview.svg @@ -0,0 +1,557 @@ + + + + + + image/svg+xml + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/guides/auto-backup/overview/index.md b/docs/guides/auto-backup/overview/index.md new file mode 100644 index 0000000..020c7b7 --- /dev/null +++ b/docs/guides/auto-backup/overview/index.md @@ -0,0 +1,68 @@ +--- +title: Auto Backup Overview | Stash +description: An overview on how auto backup works in Stash. +menu: + docs_{{ .version }}: + identifier: auto-backup-overview + name: What is Auto Backup? + parent: auto-backup + weight: 10 +product_name: kubestash +menu_name: docs_{{ .version }} +section_menu_id: guides +--- + +# Auto Backup with Stash + +Stash can be configured to automatically backup of any stateful workloads in your cluster. Stash enables cluster administrators to deploy backup blueprints ahead of time so that application owners can easily backup any types of workload with a few annotations. This allows Enterprises to stay prepared for disaster scenarios and recover from offsite secure backups in case of a disaster on public cloud and on-premises datacenters. + +## What is Auto Backup + +Stash uses 1-1 mapping among `Repository`, `BackupConfiguration` and the target. So, whenever you want to backup a target(workload/PVC/database), you have to create a `Repository` and `BackupConfiguration` object. This could become tiresome when you are trying to backup similar types of target and the `Repository` and `BackupConfiguration` have only a slight difference. To mitigate this problem, Stash provides a way to specify a blueprint for these two objects via `BackupBlueprint` crd. In Stash parlance, we call this process as **Auto Backup**. + +You have to create only one `BackupBlueprint` for all similar types of target. For example, you need only one `BackupBlueprint` for Deployment, DaemonSet, StatefulSet etc. Similarly, you have to create only one `BackupBlueprint` for all PostgreSQL databases. Then, you just need to add some annotations in the target. Stash will automatically create respective `Repository` and `BackupConfiguration` objects using the blueprint and perform backups on pre-defined schedule. + +## How Auto Backup Works? + +The following diagram shows how automatic backup works in Stash. Open the image in a new tab to see the enlarged version. + +
    +  Auto Backup Overview +
    Fig: Auto Backup Overview
    +
    + +The automatic backup process consists of the following steps: + +1. A user creates a storage secret with necessary credentials of the backend where the backed up data will be stored. +2. Then, he creates a `BackupBlueprint` crd that specifies a blueprint for `Repository` and `BackupConfiguration` object. +3. Then, he creates a workload with some specific annotations for automatic backup. +4. Stash operator watches for workloads. When it finds a workload with annotations for automatic backup, it finds out the respective `BackupBlueprint`. +5. Then, Stash operator resolves the blueprint by replacing variable fields of the blueprint with respective information from the workload. +6. Then, it creates a `Repository` and a `BackupConfiguration` object for the workload according to the resolved blueprint. +7. Finally, Stash starts rest of the standard backup process as discussed in [here](/docs/guides/workloads/overview/index.md). + +> Note: `BackupBlueprint` is a non-namespaced crd. So, you can use a `BackupBlueprint` to backup targets in multiple namespaces. However, Storage Secret is a namespaced object. So, you have to manually create the secret in each namespace where you have a target for backup. Please give us your feedback on how to improve the ux of this aspect of Stash on [GitHub](https://github.com/kubestash/stash/issues/842). + +## Frequently Asked Question regarding Auto-backup + +In this guide, we are going to answer some frequently asked questions regarding Stash auto-backup. If your query isn't answer here, feel free to open an issue [here](https://github.com/kubestash/stash/issues). + +#### What will happen if I remove the auto-backup annotations? + +If you remove the auto-backup annotation, the respective `BackupConfiguration` will be deleted. If you are taking backup of workload volume, the respective sidecar will be removed and your workload will restart. The backup will stop immediately. If there is any running `BackupSession`, it will be deleted and the backup may terminate in incomplete state. + +The respective `Repository` object will be preserved as well as the backed up data. If you add the auto-backup annotation again, the previous `Repository` will be used until you modify/change the respective `BackupBlueprint`. + +#### What if different target require different runtime settings? + +Currently, you can't pass runtime settings via annotation. So, if different target needs different runtime settings, you have to create separate `BackupBlueprint` for them. + +#### What if I want to have different retention policy for different targets? + +Currently, you can't pass retention policy via annotation. So, if different target needs different retention policy, you have to create separate `BackupBlueprint` for them. + +## Next Step + +- Learn how to configure automatic backup for workloads from [here](/docs/guides/auto-backup/workload/index.md). +- Learn how to configure automatic backup for PVCs from [here](/docs/guides/auto-backup/pvc/index.md). +- Learn how to configure automatic backup for databases from [here](/docs/guides/auto-backup/database/index.md). diff --git a/docs/guides/auto-backup/pvc/examples/backupblueprint.yaml b/docs/guides/auto-backup/pvc/examples/backupblueprint.yaml new file mode 100644 index 0000000..773f9fa --- /dev/null +++ b/docs/guides/auto-backup/pvc/examples/backupblueprint.yaml @@ -0,0 +1,19 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: BackupBlueprint +metadata: + name: pvc-backup-blueprint +spec: + # ============== Blueprint for Repository ========================== + backend: + gcs: + bucket: appscode-qa + prefix: stash-backup/${TARGET_NAMESPACE}/${TARGET_KIND}/${TARGET_NAME} + storageSecretName: gcs-secret + # ============== Blueprint for BackupConfiguration ================= + task: + name: pvc-backup + schedule: "*/5 * * * *" + retentionPolicy: + name: 'keep-last-5' + keepLast: 5 + prune: true diff --git a/docs/guides/auto-backup/pvc/examples/nfs_pv.yaml b/docs/guides/auto-backup/pvc/examples/nfs_pv.yaml new file mode 100644 index 0000000..582bb70 --- /dev/null +++ b/docs/guides/auto-backup/pvc/examples/nfs_pv.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + name: nfs-pv + labels: + app: nfs-demo +spec: + capacity: + storage: 1Gi + accessModes: + - ReadWriteMany + nfs: + server: "nfs-service.storage.svc.cluster.local" + path: "/" diff --git a/docs/guides/auto-backup/pvc/examples/nfs_pvc.yaml b/docs/guides/auto-backup/pvc/examples/nfs_pvc.yaml new file mode 100644 index 0000000..5203a80 --- /dev/null +++ b/docs/guides/auto-backup/pvc/examples/nfs_pvc.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: nfs-pvc + namespace: demo +spec: + accessModes: + - ReadWriteMany + storageClassName: "" + resources: + requests: + storage: 1Gi + selector: + matchLabels: + app: nfs-demo diff --git a/docs/guides/auto-backup/pvc/examples/pod-1.yaml b/docs/guides/auto-backup/pvc/examples/pod-1.yaml new file mode 100644 index 0000000..2c0929e --- /dev/null +++ b/docs/guides/auto-backup/pvc/examples/pod-1.yaml @@ -0,0 +1,18 @@ +kind: Pod +apiVersion: v1 +metadata: + name: demo-pod-1 + namespace: demo +spec: + containers: + - name: busybox + image: busybox + command: ["/bin/sh", "-c","echo 'hello from pod 1.' > /sample/data/hello.txt && sleep 3000"] + volumeMounts: + - name: my-volume + mountPath: /sample/data + subPath: pod-1/data + volumes: + - name: my-volume + persistentVolumeClaim: + claimName: nfs-pvc diff --git a/docs/guides/auto-backup/pvc/examples/pod-2.yaml b/docs/guides/auto-backup/pvc/examples/pod-2.yaml new file mode 100644 index 0000000..b8a0ec7 --- /dev/null +++ b/docs/guides/auto-backup/pvc/examples/pod-2.yaml @@ -0,0 +1,18 @@ +kind: Pod +apiVersion: v1 +metadata: + name: demo-pod-2 + namespace: demo +spec: + containers: + - name: busybox + image: busybox + command: ["/bin/sh", "-c","echo 'hello from pod 2.' > /sample/data/hello.txt && sleep 3000"] + volumeMounts: + - name: my-volume + mountPath: /sample/data + subPath: pod-2/data + volumes: + - name: my-volume + persistentVolumeClaim: + claimName: nfs-pvc diff --git a/docs/guides/auto-backup/pvc/images/pvc_repo.png b/docs/guides/auto-backup/pvc/images/pvc_repo.png new file mode 100644 index 0000000000000000000000000000000000000000..a7efdacdd25eb50cbce78b20c01ced91cc69d72e GIT binary patch literal 54998 zcmcG#1yq#n_bv<~phzjwrBc!*or-`cp&%ihLwC2Rl$3yUODPRQcjwSKFf(++&%anA4)#ue4uuU zxIa2$Y^_?ULjA~_;nRy3Tl@gfP2a6@2nzwOd!O5@-;k^Q`(2Dc+i0%5R?fe}FJa=r{{11k%>SL6-N=&G zIK!oT2EW=BzXf}I_&6&)%8Ki0Frn(wKMGfOez3PVI5A2V`BQXe-_bR}e%|Wf85_h? zc?si4h$Q@YP{kv5rIAxP&^5-3LSmAiG8>F+8h= z7Yd(bdj95F=mK4Jcq&q&6|?a$*0>-|1(({zi>B ztiG)i=Hb8AeW_+-Z+dcRF0P$`+_4Y$@A~`Il{e~au`F3m z>pgJ)nAk@fq+#E3Rz70F;2RQp{FDvSi!eE{xyq@BJFF(}aIir(XymVCIdxE#w)5z4 zky*Z?aQq5}b*tbqIY zCy~%g>%Zib%_Uret*Lkr*((D9?dDBN|9GN)IAi-HB4dVok06KGfLT_s;v{ao2)gZK zIj@<|J3kUTanQ^mYAAoJ6KGHPvAnW@{pqu3OD_XJSkhr-yN8GX?b-(yIGb$>PP_HU zJMQiG=vzgaQO4TB#bn$XiZ#`VrW{7!xSf};6|U9H!VVCFJ)sTgh@i!;5>ND;ZMvOW zHD*XFjnfpW|LS&iGu_J3Q^XUH*u2dtrNFmN>&( z*J|FfR@B!2^nU2x5Z9IMOJQo6vr%Y8W~N?I)x@;|BH_=wdpL8CVd?_sbWL-AWsM4N z3ll#){66CeZu9FCp7(ygf&^07w7yF14IVPkEJUW$&^iar`RVjEYoweKfPV;fWrP|b z&Zfk)Z5xuLr3AV5vzc2W5i&lZR_f;S8&6J^P|r}G17@Bgc07)#>H33vH!#MQIKy{r zGuJ-Srp&Xl2+VsD$|>WSnV1S3u&3(v`*uKbl_Q&#@&YXs$Pk7#)MgOxc~Y zmGJq};i#+)x<>zC=MDJ@65lsxwLcSutcT}p4S;m!L;=0M>LBU(GMCY+wW93+S5BUa zj@*)RRcA$e+1L4KRopN^O;vrkG!Pmh2bej^c!qnUqJSIQ@+$kBSHE?8JYiJjQSRY{ zQ64QR&M)%$XOWXT%ILn(v_vvAK@igiX)`M0#NrhEK%UK(H zd{kY0TVMtlKxhEZ#D99$D?M-pyr3HSXR!@ZL3W~>LNl>Mp)2G93P&~g1T;(xB}@1f zCBwc(2z@LE1*gGG2!8sj$=j(#FV@^WP<3J8wiE4YAVnyq*qF)2d_7a2EUwq`<~?aP zqyv8hTd0c!-|^MrVG2>7%n$L;PuCySm{JxjH*uysYX0(jMw*O8N2I(leDAg(XhNhd zykDvdKDRYjT|n)tkn*s%_lpx5Yyh z+%H{&_W(6-R zo{9W;iOc3;p(fEBeUqa^XnZ3yR8bx)qxDdI_;6Y|T5Wf5m|4ejvl(YeGtGD=00ZF# zgA73)#gn~o6SYyHwl$KCIl01iL}YsN6y zLfvj0%;*8dYoQ?{fDg#O)d^Ca#t(BZWn(grN+ZIv(h--mQC17fD@-k{I{*4b+v#+s z&Rd<8^i(b{vKn9~bMU4)=$76Z7s?PsNqQP7Capqm(q_e5b`WcoKIaznBrM=hHs|q! z1G{p66{lU3(Y1cE#ios)9q@KZ+sgAV)k!?<}KSZ#lYsHG5~A^ zHvK7(cxm0Txl8R9km|Xx>c*T+x$i_DjF>fA{DXi;+}V$EYZIMMfiKd!;Tjz08awIkkmm(R6-#wB&28;R;4Pq>y$&|Hzb4YJMsR-~4G!+1hE^4) zlB1@;dxcc-%_jMcElE0ebZprmQPAjD$( zXO0SEbFNaT)|&LNq6fEhH3uG~6wGM9mk)rqcIt3wJz(=Zgj1dRstr%MD}x(b zTUQR6D?YRk0<628i+pZPc z%5^YPJe!tAHstsDPD`&4^Yi;H42R>sy63<9ILgnGacryWH>(6|;u4#Et4#q*h5EuN z0sq+WO2-$2Q&8l#Y%Hd;r$o~r0-q>A=5l+eT7P=FeBuO=v1d?wffH#6I_S_?^71wj z5UtTWvRscWThpQq-Z!aj;Fo0(C~38R!B-(f10D5It;CTOUTby#7W%SyHY@wW+XT7W z(d{qg4Tjk88I~S>A+~RiAe0oI+Bxzn`hKZVi|1C-ybB$9p_r8&Zx?6_(CWtx%`QWM zXy$h-P<4Gf4M|++8RFjlT~wzSTku_1ZW>O31lWtP>Q<&fh)@^{c5TlPCsIN~#U_X7K7$YU?*`QB zf~Y~saszCN8F#!TSO~2XP+Ag;PxXj~5GK!t27KWMuU!AB}h2IZeVF~P{OvX-V z8FKUC}s;|)f zHd6Na?5&9M#(c9#Kx_4*yvW(zR*5>?4drpi)8V&n%^xn= zd>Z`A6QLZ_xP}h5_7G=zjA@&BXS<^wD-jgaLh@*n#AWi<2*MOpGOb+$%do#JA)7n3 zvr8@H(rY_MPN)itk~0Px*U#HBW$*uWU9}bXcHo1h>pJinbFd)+Gge<+L~4G5m_U!VZ9Tq z8lYn-e+l0XA4|NO(5n)WFDP{cr;Q_CH>P zRcwA6iCC{1H(d*$j_FPgIh7CJ($W;5nAwV;>jIq#=i}EQ4d14A*Rc^gQ6{T$1MTWhI>LHfDijAgQPU9t~|DtPzi7qJEX*~B^dz! zA>LUK7PVwKnpvAO;~G~{Xn~u)|577FT-7F1E^{Ikz#8_Y?N+B&{By3>)RHA@i-6uF z;;%5Sud=KVz#@u5F#x1l0aL7AjyIxwWKSW<;%DlW5@@eZQZ^rGJ{kOdM;3EFq8tp_93+gC!*gZH*V#l z2fwY;6aH{@n`*2)Ib{>W_c@`9q$fM#FVsm3lB`Ioz% z8N4^JYJOzNnCAnp7;t_!+{#XX`VGb6c6xb3_Q3++Hz0ue0{#Z@(HvP17p09gye$Cf zNakKRd$$mCe}7BM`1-t_K58}Dw-F#9zG^0Ou@bOFen4|vdwXP{Qgy#e^lbep6RNk5 z`3x44Da+7oxP;f|2Zb{Dcv@@R16*&NCVj!_>H1CqsC2PU-AvrAK`M$Vkk~F@Jb$Yf zuF?O?Jx$2n?ds1@`SOZ|Na7o-01|m?565vzx5;s<_6je32*+1eO!0V{eq$OMwlaQu zH8qPt?)9hOxQR31Y1>(45cc+4Od6XRJM+WG?4^OJMqA(Cx(Uo53#miqY@SIV`Y%Q! zXxM&(;5|6ZI*l9HG?u=)u7s!Q`ye-`=O3ozzT*{m94m>UGL#UaDi&38`pmY1o?Bv(Xp+!vRg;H%-gDftXH9j@$PDQ#p=IbY zbuwDSwr(=SW~CLo*YjQM)tPS;Uvtam68(ef#aJu%eV_nWN248#{2-J(>uXojJK0Mt zSaVk2;`@`QUGZaLjkn-75amv%6K=vO0>TaAJ#wO#>G5-E#cR7&kAPSknmWu2f<@9z zn^k%6K7+ggw(r*%4)FZ`;+J#^e4b-XmV1C$uN(z^e@i`kw*n9@ui=L6R%?wXc6-8P zDugyi_bSjFFu^JTsCZS1Q9^<2;BGDULJ3ygRG=i0A5p#!S&??HEde&QVS6}~$YQk6 z=wPLljK7$k)fKHp;8E&gnnWRyThOEmfK{R-b$eoB)DcL(>~_T*mQU~=_|>Q$tpr)o zd7bdQh}g8CsJ2^H=>WEc7a=Md5-aYRX)P$?q^cq)r%{*D0c5l>xcFq*C?#eyPM~ew z+H(hYFd&h{UkpWMn-Or*Z9gUj8PBECkxR^-c1?6l=GOn-%=?=EIxy*81;vn9Tgo=` zUELY{)n|00xdC(1Ej%PrDUTrGTTad3Zp10&B2b@%XNqCf^j2-u@2dLc3hTk&jJ15a z_kz0i=}cI$w{@8|K8GDusZU+^5n0-yO|M-Em~(%1k^pbk$(AoUQH&u`VWQklXYSyi zQm2#c`v)k}Cv1?;J^FiA&hn1SER#8=n}xOLTB$Cb)gsxZHXcm#USZdO2$>k4iuC~Ar2iIi|NjR4pMU9KRYx+b zxj8*3C>ccMd-JcdpUask~2~d=3i2p`zANzMa27Sn?}; z`T22b*OZ=&?5?i|XJi<-YyK_rzAkZ;14DOiR<()dFhJl>|E~YF_>jd5s)h!_gt$?Q zPE$TtcY%Mb@Op*H{P^?~i4@h zLv0vU2RxeTU3_W{q&@I~n6BGi6N=C0%mKq~ceX1}DMgzDb#PEuiT4)Or^3X{8n$tK zZOZ6kuYQ`(5|j8)(aMflp&D5zk7%@r0WbH?WGL&R)c+b%eC4~)N08Xlef9Kz&nH}96sqVmyzB(k|m>a6B^0D>q(b%ZU)zD8e$z_VQ2WdbA4K9 z(Q?`M<~uX9NXimdX`*g{yPHOA*_rU(P7xAW@J8s*Z@U%lhJvJ)lAn%8VG3G4sXdw* zODO-soL}{$ddRmIC|$q^B|dty?Y@5i*IFlp2NTiTmG4;XDBlbXS*6=vIGtuklgSY_ zs%mf8c0y7WUa4)DGL8L*8pF$l?|xTi5KP6L%1K`TidSj*y_%Lb z$x$m7(y~*q#w}L($;17<(3A#xhRk|YwZoHojr>!k2E+S{9lR-nJ99OqT@{7JVxC83 zO$*3O_UATOcS&LsU#oUPHDh9fVrUZHYRGXN@jZHs*Pwg1FG+;a-CZCju=E{mIL$^! zl$`e20GIjp>Flj0)NesjuYWj$3uL}M&8eYLa&L9PpJpwPVJN|e1MwRF-a@|n>0(KM zl7w^fS#pD)j$Eh2ys_P+CM->F+%NalS5Gqq13RnJG2{uZr(r|KbwgBFr_u+BL}wME zptH8}RPMx|@ZOz?H!*ssFW*%hRIKhxhGO+8?qge>KUo*%wl7^WRA7+Ik_@MvPZ7C~ zdF-;+ksv!@zrrPzIW)9A&|>Nt9ST*E|Do&jvz#(+qPn1Dc)!_{P_j#c+(BG3X3fYO z#$&+zI*C#WcFw)9ZZLgtd8?^#v#6b}<-655XLTv*Ny6LOzvJ!AFE~*+=#=nKjiC=; z0)af=6>FCAZw6OSR+&F}GLcXlD!8UxM(iDm_4tpg8nP(fd zb+?CA9DE0VuRsmR%5yU!idDW5-~0GD?(nKxtq~>5$>ia)WBpHQ1m1peS zaTe2IX6L54xv@zp@kX!MgLnpAR7;8?R&3)}tvFXZ<8M?<<(jsP+vgKC89GP98F$qeOpu zP0dEgBrNi&Mdfs>(Z94h`FM!3bs0-160s?kN5pPRAdQ84dn3S2bG&+!BteP2 zVE*hET;g&+HrR{A+$wWr-%=mpmCB+hd9``tJU!jlHl*3I6iQ1FPBkAU`?cw}xX1T( zaFj#%Jw6g`|L0bHz9;PQ^rve>N!JR5s4tH&u(Fv?S8p%}BUvWeBmDBhgwv6lAK)8= zb5c~6jt00~47e9OhtYJ5rQ&^ArDAXFZO`^&FTMGu?g%i&HD2_nrfaWuZMSUsx}D23 zg<4Npvh%?1$&Mh-PpXo#SZ9L>iOhh-{&p_&?orV9y=E^Xd{$+7S3`b!EkKIwpmWMg z?mClbnDF%1k|8CxjYK~Qtan?gd8WrSz1Z5;lgZwO)nt*4`x)6B#aPm0n99M#;qp#3 z&VFxG)^Ty6+1!*Ghpv8onx|)%v|`w=go^nJ*y9+`nzZ7hzCZlsajUUu(S40M#$TMrLbs3a53&fbCUJP< zE3p1~oiflnFvMsAdK9=Rl2hYOxBBbFZEF3EzOX7zUqt{Ty;W=gz%@rj68mGQw@R_4tOJ@q*9FN=h|b z=f?h-i}VwdY#o(bqsEZsO+V@z6h4qTe&L=~-k;+F@})1P5p`>?k`V60bzCNnM}Pj) z3qbs4VexJHS?5rIXtH)xN>kJzsmQGr>PnD+8g>7~-N4%si+ZMRpW2PSBoMP?byqKi zkdUqf+nP8^@qr`aZs;jX8S;5bzqPR2{p+NmDS;m&zwqd0^gG(vL?6}y-#lRy+lD~= zpQW-YS&9s44Ckz_+FY1RIGX3XWaZ_AcMT^v@H`JOi$a;cIoj?wHvZ_c0FC!d_$|FY z&m_=@KM{2C&^?zZ;nBlr>oIkb+R`AvWmIOW)igBZK8@2@p0@i`jH&fi5iyA{9elxZ zHv+LG1wLdnGmD*_SV~F!DgD~%j^!rh3JWA#7R$v^kUw_356l#k#Cx<;(T=ame@c=T zqcjD{Dj|4i63M{IpSF{f#3GoSBEJNEB$SSOBsC(G_#t75Y;Xmmuqwl~j9-ubQGwLlXPz zDRa_Jk#7GZuB)c#>STXqy>#F07xR=G<9%855fc*vwf;u}t~{umzNoY3+|@q1eM9wh zijChyYbILzzM8F&$;@j#$a*0lnelFv(#_-vSN||&HRirif9g}%{j)m_Df*l+$DicY zQ)BKvQt{ViP1ZH%2i}X`fx%nO(B@&!Y|~kkcJRl1Ci}ECZgSpeecQCJ$)dlXbD0k; z;%qF-dyDW?kw<{IfGgcPH z!(|D}u=&}JcM6-ocASkL3G#T>+4H?O7<^EuTv0p}CF^WsYyT0WYH$m_xc&iX14z;R zxNrmC^P8SLsom0(Frv=<0m-4@(`h7Agfv!0Hh|oJC&FOYJTC%s$hPHvB*p|u48!;s z<5y#n#iMkW-VD59$b+_Di-_#7B>xnqHZwCfSBwe??M{t*hwyu21Lg5Wdadr_>OAV> zOir|YEiW$(ZuPaiBw*&12=1KXo_kh?d0N4j8B0=>^!0wXvXMSr*L_DN>#iU1H5rvd zwl9aWo5~1=hHd7547u`OdwD;cpYuCK?Mc1(w%%Q-ITrRlOlU&vcTs)qMfJz7C6Qa> z^6lyO>;uSSd$LTiHGCr+AMIe1Sk1zdLJwDl&jIga1FCE2si5(WKWvfngOJ-{OvSpl z>%`7gx+)=7w;WuJVjItx-xL~ej^losJ=T$yVh;lygYK22P^okHU9>_`np7IjcvV|P*Q*_9h@ONl!)HM!BDl5uZ$Wj{cUtpKx7Gv$V|80%pXO9jR`aBnK~1O4vlV>K;&{0NI9S$1L3=%nI1KKj~tZeoch zk1QlO>O5}!Fvdts-q@R~n3=h4xS)EBzdr~F$y&d@%^}q zX@xqhaLK!8qoJUUqXVjG8k$>oLd07t0hq0tjT-c)&<20v8Zo;p>vL{Gvc{hkbsxrdSZ{lF~D&Z=6u zN_~`0w{9`3)L}DvV;R%=0!=Mh8u2iC#l&r$m!2Z;`1^lv>0 z2dc|cM$fj8G>PEf)&5+M!TWNH>nm>LeT$}YX*ILDKJe7{KAqsWh7<&B@$qSQw z2~Z3`QgD!y*81NZWiGo7J ze&j1;TSH~LhFFq|n6L>ZcuCX!U2~%l`p?`b{F@+@WQnP}9#Qv&=duhzPd{}lX+{4w zD<%%E=Q6dO5l`F>LPtrdvQWJ-U1>nd+%nXe%#lS3G(R5Oa0Pix$F&q8&_mI{lUfVP z5*-08<^@d4)xcj0G6a9$_Vl+`3ND6ml~_Ob`b@+v?o^UO11O;Vb!MptV3Pq)!%GE0 zQrxsO2}D!lbrqJaA8on;eIa)?&V`J{a~(-8=A)?mBtG^KY1E-x$zc84bOXOs39O4U zCvA-8tQ*Bt(61E-%mI|f`;D!yro4{hhPNQ_&uL-vM^Zh}I6)VDjIdABAqQmo`Z|M= z%LIy*UL^N^{+w98N&c{&nSqHX1-b8YDL0F0{xg_a_Pvy=aC!H7f z6-F5uF}p-^81sHa$IGf}IGKy(zvI^fQk>Phf^$Rrql02*yYE&P<@J$i-t59!`ZCD* zw==4%9oPI{8=m6>#haQhL|2*BIbR@GIAuwc#$Q@fio-8Vcy*@enU;nOpZzu(h9-Fw+4&Uf)x#YU=M&95nuuT{Dap{g%wVYuIEXt%UOVW;?+^)r+xu*}($^_>By zStrR;q(*N{hxu9NIlI+93meeVB{+^K!8v z9Fu(TUiQ1p!P|Da6tc&i4CPEiJO+`;8Wy<#_ zPx_q{rt>bfe-{|d#j{yOkjb4Ke0jp|ek#^=h>AL}v3Tw{g+thE(C&SLfKhG-bL)qv zQM89dz4JhxXMa@0e^S&OWGk}jV|!qZ9JFmo{-(4saCOze0dxAfj!U#~5TNuRS<*QW z8H3Y~bC-DZPx%T^R!VnQ$F}1xWv@}s_1tjtt!t@&<^I(3{4zi|NKV+`el_&-t5b5P zYWqrwjK=o0ZD>ds^;>N(!B6M>DG`|53}Q^7o`IpJtLeTzz?qC7C~ug7`)ORICuOIp z2n%(Xa!5yfk^)GMOTlum-TD(<67)wR&G-b_vaYezdKv~bFYoA&bQw3lw_qa(}z-YUp^JT z^k5ja74I4-rOT?=OzH*_sgW`9=jd|Od@tX&qdvkh6w zG)-Onhwqm_|D$F1ER2X9nAf*7ofJ|USa7O{#1NeG4DV#57_$)!P6jGAW~=c|>9ymt zc6D(&{pZJF+E=~=NOKqWw}pn{coqkef|TNp7^OtDKa#y2$I~Q2;Et&f&io{&sH4f# z(m{u%WW*(8x5u*}2a|&tM;`U;B>l;qVdr;MCWEEeSXtLswf^xD4PP)Iup5w5AzFku@&{l%tnV6aq)ZciUzN0E>Gs6P`@!wudx0DIJ69f`L zj{6=$izEKsmg>!N+_wi?R1=^=j_e#>qq?kAxR>!cQw7h*7EL}!m@|cuZCH*YgFDVkib0=D5?G}$f%#X-zSfp5Di^RnoEup52 zvrnYr5_33yjiX|tM=H;Ek{E{ux&-;dc79s4DkBpq#T?U-8}QBLHJcMo#g9nHp_)%`@GYkNSM3GeeB{_$d) z4%XQa20f}G;?_H8_tI(~C9vPlkmbX^Q&6u0h~j7PqIWGK9G@yy8qLVKbY~VTy!V`qwVzm>;4$HOIEY{3G52NFiK_E5}Gmy=wBLtEt|5mrhwxYW8#h4RGQW9^} zM6Hc#_F!j@Su|;yvKL6u@~EE&SDrZS$J?n!Mwm?E;C)C+g0!PHAthy3qKW7|*qVhZ zKmUDYB?fDKK1vYvsAFHwAcTo2Tej`pj6KhN%cLCa{OIU31vxt&8Iwl}1CdXqIMc2w z_(UZpbzVP8g0|)4o5iF_Mk$KjmGAtKnB3LK7`R&kln06j1vL(9s*<&C% znHSz(4OE?Vi@0nTn9DpE}1;xx6DJu#m3fpe>G?KjEl=w8?_ zPOZNm%KcRzO@KDH_bv^annfRD4(XieN_M5IEWBjC#y+DV@DeDW za>geq>hTTknT^-yUW#G)ie9H0Jlv#8xQ+I9s=}+J@YtBbpsQCOb^uOHqD#he11@!o zr_;*)uDybY=p&&vp!sHB&Uifnc%P0nA~_FT?f@<)-@0GgwE==J=ejH!mkMTCx7ykM z{h;0{13cM3IhBj9H=_%>_L@oy%~TCP|LJWH={?#01!8SU)+_nc|8H6T!fmqhKZh>5 zN{?&*-hM4E{h#xOPOSeMH}QiBX{~mUZ*{o{gR$)G?F$ME8-OLNvO&%{V+=iASlTG@55fghGch5aTd%BANDP9>LaXr$%6N?_`Ugm@i+ieNk zV5L5HE<4>b7uO^B&u9I>XX*k&Wlf%b!)^&G`d%?4W`rvLIZ;}v7^ASOvoJF=qll2x z_dS_JmVE!`{H2$)$Al9Wn~*NPzDFCk_nYZo_gS&}MfN}5r`Xq8I6V^3jdv~iNJ>hY zlan*j;_rXw&K(L7Cq^g~id?-!?e$o^sIZ!3YrehSBcY*zWWM~W?J|s1r2PC9mx#}D zjPaF>%>4%s7(_&pmV2UVo`ZpB0Z&&pG5jF2GCE_N>&yn?dHrvE5WXlq zySh~}IwqqqjqA58DpTcBR3Rc%9w7FtQXCUU{+mY1iyj4UjG zt#}0OU~in9_<)sg_WPVI2E#np(_YKU9;{2s#Ib1%<Zy=O} zrFU@9m0nFz5uZUW++q62|7P8PrpBH=!|#Ii!-o$TiHgiIv9afe1KfbSbu0>tF*HGK z*6P;N8GzBGt`>CUU%iwMDukJcIXq_q<^a9R%Nkf}AdnE&KcXwSOKR9Xa3H@K7WQJ3hKrLr#%IMZW z+W=R#vEhh_0ElE=EUQ``F){JNjq^(H!^5Maq!*SkVm4S>#ZzQ+O$Xi7-g!f^g!S(lo0yZma?wvfK5g537SC@cD7y;#I{y?2S5ZokPQOZ~tN@y9AIOrs~ zTKB(Uk-9w}hF05B0~C(&#f#&{?Z9u}Dk=SaOZaYXZW?cIF42R_)B8RK*1lUaKZJxg zU_R&M#Lm<#)#t1pE!5=3!Ke7#v6xv@6yEH6Sq+UE1ZC&s-2DvT!g#()hV#^RihZ-u z9-@i!)yYEJS4?5ot;Yii+$`MO!`Hy)lBvRuUl2{+8O{y3M0BR@-|hoDdIaqE(WpE< z5Sv%dC4XNK1G+7ya%ocaI&Yij9B;np>cIP~t*m+>5YyHExT}oYBY#+_kbT$g8%M_j zPb`aVJ}g{9Mt=TS;J9D%YF{SZ@50iq=|lq$5APlx-W>bF4PPW)01l*)Q)_F=8Irp;b|D7T|rnF}kw8UUP4)*qoPM$c`q%|3(CW!OqUk+FQVBGdoi5 zp;rP#;R``Qw^}$rlJIe4!uaU@uN)iZNd7_0I#rJstNOjdNNdZWL%@~zypAo%xb+oH zOc>l6(g2kFps6{%_VAO6#K~hx{%qBE4l z^K!Qa?pg{!n2n%8djr!y8@NPCM*#Ev(gYQ6$!BqQ?DATU5K5Hr7Hm1|;@*IQSssvc zF$xJK6ciMYtgvj4GdJPQyLTqNKb{sDw4?)|-Gc$tnUAJhZYG-|78VSV&6jrR z0O+9b7l5V`bk-8T*vN)?Z5IRk`MJ({{Sa7J{Wc{HjiQ|$SIgBZx93iI&+o!Q6TlbH zkM9QAex8}p0+@lis+wAos4H8xT!isd(Wk2(|Eu5z2s)5~Y>EacKtU`8OI{W(j`iVtrh>$PMe_E{B5dXgPqw02jSnsuHSlldyyr007EeE40&jSXsjE=Um{ms z)2_4}X9jZMP?k(EfIAz=t$*+*ME9{otJYuA_doGZy?<#dz)v~<&tAp+FDCfk-sF@k z%q?%&c7O`gM0|8{XZn|Q)@S|~3Ho25eMn}hRPP_{OS9;9AKlDiotg@#)qZ4&Ttmr9 zJ-YElH!2*i7htX4gryIWY@72mo3W-ougSU*zgDAe`ZDa>-y-^9AeB7K!`g90b{93U zT(u*v)uqynYcO%4w|O)ywO%!?pADFvPQr@^U{`1^5`_deHl|`fAS*NO!c%09l}EY$ z0X9>_VF3d}E<2jqt~LOmJbYFY&!cws0KKzX>VM6S_62Sac;RMab+u6k&dphm)SZRp zWf>sn_x1JRQ@z-zm|O%8OJXemu;UgsO-qQ2g1ghRYnJ2yc%D!!i4FuO&)yia!unIB66&fEx4yCS`Ycp$;;w?E)^ z0EmNfv3JSQNcvNmARZu5hW%Mnch}cxSdG^KB1%XL3?ks=Sp1S3lle>}d413BQWZ=oxM^xV_Mn zi=gTPpa%2a{rgW@SwsI}8h)q-NV-Hye!ACppowW@W~MhgO0pjS{mto8`t9jb764x| zGoSdKf-}(VRl&c0J&Wh~)DF<^v#r9?v#FZquGRpoy5&eQj5jJO<}+nR;k07$U18)$ z-PHCN`v~v7a$wu3sHj4sqSkw)Zg}@vZYAk`j~}9e8v_kwi2#;n%SYv9W_~6&@QGd> zNbtU*!KA>)0kYx2=_v@3$onlY@Pn4t8z5!R6?<3V zmpL{R4SF!QIa`3}R|}W!HD7W8K=iAmB+~z~#(&vd>XK4YQql%qALoC)ZSdm7i!$?J zIvfJ3&R7-6&@SUefJmUdhlE9$$719OXfRneicW%Sz|)O4NzrG|d*0;w;$&ia`UogR zMW?4DkwHz?(_DhKvz;+a?|v5-ucBIRCD3L8IF4e5WSZl0chw9c01Fq5h%FbBr5n?w z1`T^qbjAR<&s}MN?SajQkstMdfGKUc5k+S(0GeTbm%EINj2J`I+AWvxJ-|7+?>%^6 z(j86-0QEwuD>}JG52$d$=p6P#(tb#11LV!ayR8OSdj@4zby?*l&*1OD9Fw1idU`UM zohrF(QJw}j_;_?h9|>k#m7C(G>7Db;KexE0#2_mYY5(2kcjbFdjBF72na>yLfI`Wf zp>XXMbgm&bo>NdgL6ak)*E2qSdb~eZzPblJNx_hyK$GAP}ZrsNuL4ev~*cFmR4^ zZyE5vp7uXLpT9OWcPttLQ5a6ipVxIGd3)ttQBk2)>+lrF{bqn@0VqrGLk2mAg;q=| zYHGCTIXhVPx!BDA%%2lZ!P`EbpHC3n(FO>J?sAhJw8ev6gX7mRGjnpjq1y|uj)wV7 zdx_D!VQG2!9Qa9ji;Y|Jy`g2BqD!gB7SKGTnLoS@pV`_pl#kUclsIe5E5GR@vce_* z8LS}V#ucpdN!BpTq{&mRtwWAXsh&Pd+1Tox`EzduFQ75@B+T%0i zUgz_v+*mg0$QMAwiDI3EVX50xzw3)n+CD;n;~XsaobPuKp_BQ%-zBGlfoK+??s zw$gZYIG~s!7{PBov=7kxPg7{+E9rZ&--b*7BOyT^5H}bA+2RG5x)7ixC||yO=>zZ& zjXpCod>kx*I%FxtGSAFu-uNy99g}^%y$gW&S^-2D=yV5~>lFR-XD6ENsi{b)Z(5&D zsHu!*%M*DWZ+uuarZ()0VWN@n`Ux;EUJ!&rqe!a_XiLOATlh+3foK!~ri3oc0<$Zg zXkPDOM#E*53@1$EN1Atw47;MuP_f(S$$m+k_JtOtQe=hCbH5gRLGWMmXrjwUZ}cHg(z zV!P_@^!D<`e@c%wdBQRCCsm?#emwoy25TR6@e>~_1+}_=jdPS}lim0Fqcstq69l{I zYg2^TTvpA`c>xp@GXSFHle`!kwYY9M%#U^F-f{KK0CHm4{Hc?JPOKSB0gYtv?La=p2B#qs%mVBZ9n=88%;z33_9MM&j7NT)8UE&A+2bqNtA@f?)mRt zfEMZHr5pwtmqMV(O>^k%toHX#X98N$p8&7ov4aV}bN8pGrw4q{&~kEccsL)3mE*0+ z!jElfNl6L-XXa?Ryu6H!iRj1KJW&eh;Tmdo9DW&*OavsY&q#tgvU z0Z&?5UpGI8&(CKlr3gl+rA0I}c>f{00Lut{b~5=VgUo&?#74JnQ@*eu=HlY2qLiz$ zrdm?;st$eaa*CMkey z5>N|PJ{||=Za!I{4hT)1?hG$a&x5n&C=xn4{Vk7tH z!;E|0O+3FR?)!>$t+k$D^s;GbX@)qJpWmZy3{&r*K%t?grnYV8&eb1F+!$Duw~=Rx zP|tNce>K^x+18Ux*{y7a^@2fq$0aUb&a1Ab!lFSi0vhSbE^|j!l{G2Oi`tKLJl~yf z?JvkSXcZzb7b3BY-)$)Y3mN%2i?N<$b}ByqYnO~O9$54+w0GPUd)i}f(I0pq;DXZa z4FeV$CjaETnz|w;pQzUZgsg_Dd5G1(TT)j6%Hd;H+kjP=qM5pX3?u&(a<;w zbW(k3Vb=3<2RUmWLylZ!w`W>L)88T$1zidvE_Qc_ZO75&Md1<|Zcq^^Gc{JDp| zTToCHZdp1Y&9wR9%y{40;p^uf&KQnq1^Symd>FFhB)3VYL+@S{`$`$wmf_}WWqA(ks-tc&l=0wkA$xc-rHuf8?WqhX1BUYQ>)n5tm^P9C^+~H2i@GCYATHFX zb390nZqJ?)q)mdAl$4f+;8A)GHsRq{Wfvm1|7aLbl0WS;Qo(W3;55v4Mt`N@G|JW<(1wGF@r z-;LT0e2=1XJ9_2L+^>Gm`mw6XCX*_UIa|aA1n=J^#uWB{VwQcN^-o5PO8=5X^|JMp zlxoOGVNZ6r|GVi0{X#;FH5#IiqV!LX96EC3$Q~h^G>?$usrrS*#WJ#Q7ODJCDt;O* zDV7zE)zW)P$}oI+gW9wy!lbG9t)z?AQ9><>!?2hX1_ZCXu@L?!$k_STTv( zdA4@EB@<42xSk{=aID=*r=ZQ#rc=|PCzo}C!L@ho+VAGa{v6iW=UqeC!dalyvZ1jJ zGH1Pve`9>x(@%c?%+ftOOSC`{<>NZpo6UHas4a=vyCI22YicwmpT?th`D*l-9shd6(e@9NDx08=I zq2cJQ6d3tbSQsYSxNhA#dFGw}9(u3lq+Drrb@eQ&B0lp$8aD=sl%6QIOMj7}x8bt3 z-?*_ZFTAA5D{|TwYa4C{2;T&_&=UMm)wzU?aiUcKIX>rK&<^g!P5WrpDL4V-I@VI7vlc@)R;B$ z{locNk_rmt=*1XWSl$g?i=(NmtVB5K0B9-~E+{SBU7t}}W^noP2DF64nQg{P7}P!e#E;V58$1r6XLfENp83=T5v%4T&8>$H9je(q zP}7BgXFAfdUqV7+%K;&Uc5{#Hp3;#pv@rWoWamcOqQol#Xk4n8it+|wIOYg<4AZe= zZGbQ1hd6MeT^rv#%-oG+xK3C&SF(&8Wk{s0n-3WpLr{W>uqdRxLYDq+en}mZfk*w- z5ni{Z(5gxgQ19^4L5>CtZi2FLWA2YMNt>y9O>To0TAWaZ`A{jOgV94jumrQv@9o^R zOYyrMX{u4ZVRUe7v42(V2aIKRv&dcxk2r%BFws-d84+X`9rig+e{5{b24fxakF=f` zE2n5;o>}kKVmw*~_E* z8F%%%Mk7G(Z#lO2$he~I!8%N7*BnH7jzL}L&=C3*y&3e&(ML{Dt7CZy{`zuG!G3Y_ zd%SWGZ;NGU(-46NF_^#a;<6PJ;GV7$H%~K+&mw@Q;0(CXd6kW4WeE~;4EE+J>tDxi z99vQD$LoU2cn>bY*|TRqmz5pCC*m*K@rjw{LrjCdxyIe1zC3!OmoBZxXmwdMb{-2^ z>qo+&$$`3FOwbcqwrl&N8~};E z7bz1@heF^j@RQSp(;`;W-IW0Xtn(-I8r;$H$XEwxo?2d*AnTU5)rNpN6bkQW*F?&v zvH{&>Ngl*#4_Hy^_e5MKr$LJ#sw(-Pr)Dd7TN40?Vl{qjN;eTRdmn!{sJvXqZp&Y4IeRje&*yv&%@)1ySVCRRTQZRPDvTcm()uqyjWs3 z@JlMAaHcy|nq@V?XWF+76cO=&lgZ`gH^RklH>T)8SLy;7nag(06fp6V61Crr9|9DZ zC5FZOEeO7^!s&xa;eGZKO@b(YRHa~`lM%MMZhhioKpn4v4!AcQWo2~& zy#D+5z(667`_-Xy#~2xJ11&4}=XV3nkbn*|2i*$vu`W1e6nxkMq(*G9?A%<&S8LKq zbJFw}wobRRz;GMx9J)ph$e8mB3ZA>TXkuQ0Y05JUStXB$MMRji+D;!wYr2FeEjd6| zf0|L}3B+2xb9)k|8J7U#8atHbK7rgFh&alzGb*ezI=*)B^|7~BM4FE_sC zRZx(`*|RH2zpiTn={x$;Jsc_&i}TaHfXl-+eg)P7q(}mvID-KoTbcxx;ffV2z_9VY zf1g6^x`LF{C-l~&KL=ujA^xKP0SnK47Lt-XQk%{9p+4-!f!;<$+>n+143tExIpYLQ zh8;-VJNeW&al0K=w5&T*3t4@{u0xXj@WFz@hGzQoG&`tllF#bbW{;zdTJKe$ex zYtF5i7XFSHbNbq~ZO+clg4m|r&h7rZ26V_Yc~w;|uz(G`H_We56}Z{ExN&Jfc{#tR z=!w8cmK&B91?dzCV+kX8Ep!;TjuHCeG=v@?6g0SPz*z{s<5}`bK|ukmn1i4?A+y$q zZsPrj5DWz8h}l4G_tN|byBpa@@W)(_qWoo25*Gl@Zb02+Umyy<$M_CY;0;^0^gP+8 zpYY){@Hcmax$QJGmwGD$`fFnw*Qj2`2OK^61i^C^H8r*M)Zpb*{btz@cdthcA=7GM zKRc}5oDaGUL!f1TqJB%36`87V>(stP<%7#m(q0)&@HAy*WnI0Pk=THsAQ!j_G&W}D z>mhBWfyZHFViNN!C$cX`u=R0VlAw&XU6nDgM?OAp0B0+E*qirq-@T@N?Cj~&6uAAL z>g)HQ4@3ADHM7^pgT^felzD$)!RCddBXd&(=0}+E#pNzpBj6xnd@L#1z+v&&9KADc z(~rhRlV-EJn?Eud-^p<`H8qWnkLQ<_Iih$1EIaz^*FP*QlmY?*4Ii}5fi<;f&z`WU zQ-CP1_;TmrDzRhT_dZ4KF9G-%*^yhn$r}$Yslixr5AKiHbzAUZZl&rwxw%nc1<%aQ zdG=Qr<9pbhWB8<+8jqt_eBJ$G983O0vtP0a%%|}c73Zl*&%jXq=FFKE97TE*} zj;as=43R)sI(F<>!Uq=o+ytpzMoeMDh7ABJ_uJdse{4G2*WJD5qr5?Op-y~ukrQvr zB|}3Fs-xnOlRj@&tz0<+fL4rE3^*_nmS^kG;2;_M0o6d+!im5j9jEX-Po)jZ;@5C< zV`6K1di)FAKipqK6O$yCO`A7^H5T{X9E=#YUDfG?J%tGxij>tK?{a^OSI%{O(Rn95 zBLjEuEHG4`k|m}W??dK8Lgo{*R22rzl%i%&mEGmuv3+|U5*S%9;AMtjC90{b%cU3@ z8{YvijxOvrrw{O0wrL?jfxv9U(tKOMC5EP^EEb7HNXQs4vnsbenBDYX++V=FrKo7F zTgiDlJ0YMyjLA(kH8q?c+TLLefYeuditKGd9Rf8YucE>U(aghIFP2_dxOKen9B_gt zxoR;{QA9iDWLrE(&}%*w6|L-iwZo+N&Tv8H@ag?T}CWWM= zBom9q)j+|^cw#=?$V#a@pQz}wj!#dg?%aUH*@il}2ifqgL2J%^D_U){iu`>$cb-R8 zgv7$0G>j-k3Ns-8eqmx>#u(PU_V#`j5TKaszpva%{K^&9RK>bfvq6~@ERa!XGh0MZ{;Mil^fWA zSeKgx+-t!UYrK>>Ug3K>`%@>U&A|72aSEY;l03Von@qMM5=UT~rhbQIBqwqZ`!GzQ z*Tc8fqy}XZfk$UXZ)0z5*tn7Drr`*J2Z`6e`W>>fPhm!s-gcb1p}4T{F_IzZJ3bp0 z6%-ZmyCGmqdYSIW?FNx5e>}59?J%%Z+(sOVwM_t{+9ab<@y=@jQ()WpnbhXgIHcD?%4R=cXjtjkw!)Qr=&i;htu=Tl$38#_mOe) zuV1E!YlV+CQ1!Lu=BoSQ+;{BTCkA96l$%gYeASB>wgO|vg}ZuslHuM=U#JTWk1h?i zvZsDHa5E%fD$F-Z)IvZKDi09w!b(T}ssg%F>NLGDaBQR()8!=9;w>0|pEWW%9wQyw z5n$1hr^ZR0wiHNv=>&;-dOGd(?><<^I1cmO8AuH>DkF;9Et z=}D$aCcTxcZp8pa4N(S>stI7GLGEHo_auK~%p0_KSZzrl6a4`!L1^PtEuzH#VUP&y zB9o*xOB2M{kdP3|#mPD}q5qsb=?he_Q8Eb*!0cq5G7=n<$?%I|$I@Xj1_p+~ z!9hNo84lo|-v$JiZ^b=YkoLgRLUE_t@ZtIB=qP7lcm3I_yWCjdpV3aS^KsdT%=7W{ zZ{NA|6X0h?CZ-NRc%E_Jk*w%Z7GYwJ;mKJW8=I)-)a-ASvaK@;yT+uZ$oI151OjvXctXyu5jg4+@ZVq4XW)1$%;2xLPSg`sCSg;kl z9AG$n_#t7mpcWl(U0$k76vF4Dd-Dafys)^q=Y+PDk7^bwNwSF1U<0J6cG1F5TKQS{iLuRzct;W>|<5}2F5S7R} z6;PwVC)f>0na*zJHuwZLhpP6BG-vXnmS}gqNOuSvPYegRz!lzmLR+oA2)PVd(Ws0y zmE+E*^>ci>C6Y7Ku?a1+_@ztF)XNuVnLvj3f z#*hIo2w*!|M+2B;Vz{M&>A+w^vLi-^iiY6>rL(k^6@R$^Q~eFe%s@!WgM@?7%*nTe z0u~{xv;}~>h^J5W8dE%cShG1%D}adR0C4@dW+g3BRv%V?5Bs)<4h~x1-fkd_KNR9& z8L}5eM7AF|K=AYWgxjmY_m$ow5ai)e*c)VD2^JusilP?zK>6SwG4L0C!}a^F3qbaE=*QYBaY$pSaOy1>5xE0(LrPEdfx1jMNQYu%f|?MbZqPp6H|1`Ib`we>CusGDX+_XntDqZg1YeU z!_U=cWL}h&vq_dA$6C|fJwD_Ui8N^-e&D=Z7Ut%_s`VTac?SAti;4mb6|;pOS+uvP_w0$%RQngX zyqTx1Sn9>DtaN0apyT*jppuJi)5mDYM;&*H@IA;sv|Tr~4v>clmJhRQ&BkHW1BSf; z7M{0wKt%nQP&L|?7gh_j<{5q{%S`+4ukXDXn&gfGSSBqFES$AR{(O7;d$yQeP5XHD z)sV)*JS(uLkZiwISIeat-i|T@g;y0wTJ1&xA>!-p1vx#>@o|l#!URBxxEgC1r)MseWXW_ zzT|2Hn*Tj~m$pjs!+md1WO)W*q*1oBNmKp<{v&qJzouuGoMOJpl~&nKnHw4!UJ1PQ z_pIsx&-rKzJoCMSg3853rq1lo<-I={W6qc>O;1m61QeuU%Wqq+cjc%uky8;hwFP!= zpIs*jHUg?FusA|e3J7rTx|guOu#zO>_U)K8$7_K3-b36ZZQ9CUhj*}gaY>PXD z803G_Y$LV=PLqX8F7Tw;3n*udN88Sz7mR88rYI?yk11Uli~X;!7Xen^MsrIBRbjPZ zKuvJkC(Q>fXQ`zeN#g+6&_#HO4+IEg_8Rj`e=c2}e9%P~x-|!J)))zujiUvnrKKgc z2BF>|C{mj>f!fyI-!G>v2iB2~I)!GXKQzy*)He-*24iT;#uQ#=7Ho19j|8O>)wXS< zOWJ$^Hv(UhW=v^1pX-k|q9|fdV#CZ0DA%o&bOplHN3ACa5rL;V?pqI1bqLT-RD8$H z2W3%9$mZDa=PoY^pm7Ms0s@Zfk1{b4_nQ##w`|b>bur92$jz+)e_D#vN)p4lr(5XJ zW)m?5AbwR%&0>r$XVGG#9Dk{v`}XZWBuS!A{Rrl}p@jwEKSD<2b+1x*X~qFi*d0!v zG{_>-Cu`+>_)U(Y&?H1FLdk}x02mt`p>3m*d5SK5)mqAf$B(-b2;ED`dILLqymm>< z?;Y~F@C!?K-81x2M0A6sMMz&1gq4GS4xnlL^KzuXiy^ zlX4=^e#we(DccL464DRwl_n6tnv9C~hdDP#NE`slBmpr&1*+vV@MEQPe+RBhvDfny z&s92C2sI`zC}=WB3JAo_-ysqua?T)!?JMqr9P?KehWMTLH-s!Y^4=Ci)=rpw`6Vxeo*z z9Uo7wy1B&!^|h(etnC)euMy< zs7~rLEew40pmQRS_0-gfi9~!F2ckIckr-=hnvtr93r^`WDolzAuZ`$BP-8e_DXHqn zTdjKm?gG{|%Y4v*Ml#(-*$_j!$vd;84m?7HQw85u{4S#5p+zXWXBFuKL=fdMg;9|R|Xf(3mHsB`a(?LeWzfS#rE13tK_r$wrt*9SWw`Ac(LM3_B{&>)F5TE@P<$UJPX`;g;72vS{CITe-OmmIyxky zcV&Qo05Sod;Pv4gjQvQJ3cSn#=oP2sXq$1WPE*=(f>SEnjIA-q8e4nOnfA~>|GfQ{ zMuaRt+Q4oO2fvFnPN-f9LJGKg?X{o1z%$6$NZ-pG;oIJQP}lq9uDv{udIKHO`0lpQ zYE(VR%~64ywmltc$q=0$o$H}rFF|^OfR^&p3PdlmJ=m;;(dl48l$4i$s;+j!b=JvF zkN-4AEGHg}kgP~*AnNZxr`rX#f6U|0NSAS^`}=!#4^6jlEmM98-<&naL`g$IO_M`^ zqEm8tipn)6NGNRi%;3}X@;t{A?lJ^rF)Pt3NO_B5CFV|>#HBel?juRSgZjWa`RQc?2MzJ*Zbn^?GYgY)ZuzsM?f+PEz$j@2tWY}qV zw`7<`)qLs7|CJi_OzQj}AxCm|+Zk`cJw4?QlBmMB(5SF|XiSc2{(-+wjQTxPkJ8Gt zD0q7rJJ{XbyI6JWJ`K9mSWn6At}#zG>N6*Nogw4{#;TFr0(pbH*YrKDLqp&+s{FdU zerr5F>|4Kq@b;)@_*G_+-PqkY3MHzx!0PR@Pf3}9@U?o)ni_K&lI)NWWixjlz4~bLzVb2!#rEe6 z30D2|Ha}|%Bg~KBJ~7|;J%_7vez>yl>#D&)l|}0T{{l5mVfOjhRFwhg3C^usEqnIR z@b6eyj5Sf(j%|RMB92_=T&LvVP4n#KyCv0qPGFYxoW0k3b%OK20n7F^Chv#3Z!Y%k z#PZ_)UCJ2i{YYHXVp}J8WQJN+`U3XZMDIKs9UVT1X_ zZ}LI0xk&9jD`}(4n57yC9Tr4hgk-?vA{P$1H z^<~E6b5?5hiV0jb=doFMKPwv{;pcV2V2f&T{+Hk$O>Hb1|8vWnNTi=@Voqkfj)*8& zci`i_5g+@tcdOSb+3s3P$w57iyVCuKEg=(M)-M|P8fvY)rw4rHQ}YxOmV1T2Wb*#_ zA!VP1aC!63O_Yfc8xjqCMKO}KYI!~={W0x9rqZU6=IqRkXs4n$cQqMn{VGOXD#hy- zHRo)`s9551;3<%Vh0h5ghbI!1vQ?V+kag$oP{B413k~ZfeNI7KX53-j?Qu14uHpr8 zJr0)&I^Hb}$w_wa@WC~bd8}R$C*_Y|={86;XNN~Oc-TzqdvkBt&BBrTsIehG;dYN) zvHXX~7H|BD@7v$yXB^$leo>SxqqXu0YR_jaAZ8Q_y$Au$l?%*hi1<$xcWg8o5L?F| zC?(Z+TVZSq!%pM*+^x0dG|9u=5*@NLV%EueGP`8X4#!MbhiSa453G1*A@N81D#6K}v_h0Y_HlPWSBVb5 zPT_DrJ!{p0(KOHST(?g=eoNp9Qa|$eo9Wv6~ywsi5CrL zsIhC>LG?p={40m{rEN|R1DH;MV98Hm`oc7`i!Zv9M&=>U6@{_s#1`RnVB77OL}m0X zg7K1$+S150Yom}@<%noY@T!HG(DZ?s+SndFLBTd3O_i=oqto#%6g*rrnN`J%vqQzB|>?MLNm^ z*ieLhx(TCJYvvKIAr2rs)n zcgtpVnHp0ysySaG!hrj*wsqNT-rJBb0^5pJao})eQ&Zi7k9Lmb!Li0EO>=N!zmB;&^qhecb(9@|PT_3ei{OB3pX5>uO0KC`y$>RA@|49>4xykv7| zI@j#w4Mve)LxY8phaPkn;gu&sn?kBDS8y6mSF{M4dCj_fFO9RE`YELmFIp(O(pKQ! z_(F4-OMs_dS1@C-Wk`^4wt)4w$@E1QnpW?OoGo3uJPju%*3GC}->_?PFPRIF+qui{ znFM3F85MPruq?GqM6^Yv97u%h*}o*y2R6PC7xxZ0T|P|f%WD|k=TCR2J3EzJ#JA#z z(P>ka`C!2vl{<|rcnxmx70?~zthkTgB?Zyrv3t`;e~zj= zw4sfroyP=tJ*uSQ;)wE$*{}V(dWvLMR_97+^cPWPof@>#GCZg#U)yeY_K?I?fiq)%vvPE27w#{Aab^KP$;d3xCc++&NMox>2M$uQECXe9MnFLGK zwL#?2pU+PZG+T`Y9`xTYYOi{&UQ_4$=T%K6j$4KGE8nF3_!Jp@hSr%~#m;nZi&=S4 z#C~5N$E6oS)NH?IDR3wU_vXLZGYL+9zriOUkYvAX2WVgqrV>OQ4PFJ2 z;9_FGl29+m1fM{I(0Y|ZzJ3{X8|qgLaEiNI>b$y};<{qx&o!nbm_%3wxNOZDeVG1Z zYCO7S0u`CmS;bPFkI%afV|};Jjh4zAeoJy9^m@nX)$ga8!&h4haOmAOj?zOQK7Z!+ zhR~7CYgHCx#vZNVPsER#th3h{*aVzD|BOoPD9;L&l21pub=u08J>P!e`22jb+IQ@l zgtF42;8I9jJ0`weAXl_zVi){P?0|yUnk&tArFxeQ!iKGF4Q? z1Qk{v{ODRU!rfiJV#Uk3nVp)6lxn>m98*b_f%~_8d|0>7>&3n4uQoz6hkRTvJ{hk_ zyTH==y2N0<%v^8rPT?NT#LX-LJ1d#bIq=QZQ8Q4mSMptUF{gVMRO`;h`g3$@;jMO= zj);{k=lc!qhbqM_)9B9WkHv8>dt?tcZs{2tzA-s#ElwlG6K2BwKB0;4Y9L!jC-vD` zQ>kNOyy^*B2Kr%jIYts&ChEe*W^?zAFZw}rZ775_m_Qr<=Eo;TuB%^TLK(6Jl+ubX zVs|au3O+i(aNr_p~xT>z$6V$-B@tYASukI|^M`+!r zTTTvOgK-5Ke58(l^xp8?$+A?n(dGdspC$2C8Z4I&an)UtR@%T`&R1BFy&$`Ib#?6C z%<&P44mRyO%bSvKNxS>i$J}^+O75eJTfS9iaK_7JrU&nGTP*tPFJvf>*lYo zGB;gfGiH3wQ=GE*w8DzAN~_rW8&iEoFDb4yo6xw%YtUl-p=FK9R9PHti*4esMf0WO z`q?cGn+1|qaM0Wy$WhSO>dc!uXJzwYhI`~x^Zi09zgOsY!aMp7(C10;K!4OP|g;p3S}tOF>E05>?a!>Bd-rkk&(i-0oWA+OEp#)ZPvKkjJ$*HKZsyx>j^ymwx6d&(l^6X+cbq}Z zXAhSPJRi#{n!Z(s1aB&K+o&}yv&kg2cKFAS)0yjK_STr)X$)34yRd)EFe&s3)dbIU z>u?!EndIjZ_PmljPk);uMvNklp7OoFdzR{F+7G;dR62e3atTL5ry*T+p#J?Nhs}z& zz6aYr+BcA*+1aZlQE>30zK*7TJsoYgp4N5w_b1$Pc&)#3d|tSy-C7yAkilI1t<T(xQ-ggLq13o(>0>8TH^!f`zQ|)?HW_YrpFcjHa?@ev zk&&@#g!yfKs#R3BF|`3nBIl?V1j~(D?ETnBmS5>=spr1J;QkxHwT*T0%Uph%>((xq z*|L2w(5{qFA7Q;8xLz1f>y*b^asHau)`LV`k|N5o6`O4yE zX8{49+`iB3iNT-LI%Mx0+J6M2na|hw;{DPc79XcZiB?7%=bCBBJ>}J;f90do^)YJY z-n9bT`}C?J%5L=46*`V?o0zJiT;CO?#X!R!xuCRXSNgn$0Y0byYm38%B&t2ej$138 zc}#VND$CUwPZtJlijsRGDjZZ5{Zli4^Ofei(ya@T(asf395jbMwKmNMs~?d81R`{i zY#%EC#>~w<$W-Bgu8D^FB`yDJKt4@PqV~1?Cr@H9o)6@Z4C?@S#*JD+lveQdt1Fn! zV3wVRj9W3ol<1%U_I!be(R}bn9_am5!06JTV(G)!lmg(A;McETZ|3AMS^c_hB4d2t zjbT|S(05~XxX&`iO;I4Y$KD-#bab_Kqnn3J{!DzwteVzFiRt*XYmgCkSX9yoAFwca zU{bp^_ibmphUTn1FMaj>_p7aQC9U&gx#ZTatlY;uGkE{B28&PybP=NyA9{UOtnd`J zV^_m$5PH7c{7E`}bDIoU;bfX{xO-m`XARehIoYj0FrY7Co#Ogx;#=FGii2Mgt5*Hm zj8wB;@$d&mLB(z|DqSs&HtEySK^rHMmZere;A&_zm$`BMl-WW4Y#RA}CY$bANpe!^ zws;jx?<=?8w(rW(kX!dga}V6`PHJe9!o~b6He*+T_Jifqna4(uZ@_*$LUR-$Qr{8zr1sy>SfZ)uRJtYnrbUU%YQFk zi=cN{hgG8uUK@Vh?Y$oUEVh*A+GBqYliYx+`n)GsUG)*o4^649NL3u!a{89%gPzSx zcFx9%%Ii3dop$b2Zg~63+@8K@DZZsGB}KL)s?VhTY*3Y^VyWiCfPl@T(@)G(u1OYd zb;C>>Y?AXplbM?eDGp{my>@eM>@U_7NuULBQ3YgEC97XVB|T3C$03QNX5Z zDZU)qc{>1jo9=^v@Lr>0ulP|a;Ks$x%>f|2U@$Klp!wy^nVT6oOcT?*!VP6A994qD z!&}(cdM;O&&fBXGu>D#d_pBeNVgytawDdS~1)^3{L#+e7U%BFmp`p@c)#}!=2V6e( zsotcPKNk0@)~UkYP{K;^k-8tJrRJF(27*%5!V>rV_v^||*k5@s9N*3rpYZnk2*c}5 zRvM=%*tcv^E2z}P4OSh>yu!|R;foq4VJ5>zs2|xmm(9t+XpPOu=tFE*d9r>P6>^Oo z4d2x{q+~uG?f-Cx@wnKiQ7Qvlm^a;!U>ZZIpXzfF!6o}*t;SEu`3sNMo`fEAsdIkN zyYkcbI}MLAI|gn`T(~;B#`iz6%`)dkq14Gqd$AjrN;urLoVYwcnv4W>1uzVl*rqYB zySi(1aGs$`SSmgGb=`|`!<74{ViFf*er3pXJ1|3+t*$HVD3j7;S9cdjuBxetGR3{mS*?cjIx76@SM8gaasICP%e}60b%EWfc*gE zBMtpt47-%J$lu)6*Li9C>O+6I03S1Qt#90)wc`)ak2GE&iht1dZwi6eHin&?yzb|> z=1UpS0p<#0c>Yn^! zv8y+9IgA9Oo-t0mK6d;;r~_*XPftjN?8+NG^vCa+F&+I_RYvC!tj)>}!9^Ij32B*` zGHF+CrL5Rj&K0_BbkHT>;<(r@2^64`vbuMgopljz-Zm?%)+6BHd={4no2_JbnY9*= z@y0xSb4=w~+R?Z)2JP3Eekz80`dVoF-dgV~<`UK}9d+F_GvugGk7sy~^le{Xi(#?X z=>}1Z&qG$S-M`QBbYdZ|)9Rnqd4ktwtQ5WK=(%#aCIa}mOnL-z)h|_XaE{E&?iJE{ z>JUKRI+R}WiT-QTWv-4cmB+D8^jdq06sBF=9Ck_6uod<$ryjuSC}+>5|C;jtNQJgn zM|qfl|3c>$p9?enb;}a>8&2Kyt!Ye}d);!GH}TGZ(|k@~q}jQPIZZYJZv}k(b6=M} z-z3*6b1TEOkVvi~u%sIqX-gu%4pMBI|{ zj+;?gtO71a@p_Sx*9VfOzY3YM`FxJiYPwpY*6(68^S#P8sF_(flqXfI>vNsFfy(D{ zYYxM~v(l~AS(UL1+H$Eosa3!Ius-HWxr$}>xU+Fs?3KC)S@7&L0i%z^3&FDP6oUp{ z){5SNJLw*3ZPKqF^vA@ji^-0hq%wPYruuNYIhTVZJ&RF7QYnvNlS8RH%k2`6ef@9M zX%1KiHD^-Z*Ze7vxU9Bgi@9{#vhsifwXfG98;RO)IEASnGovMT7|)CKUhpMaSFjwQIcRBz4kO;4j%$-hRlgt?Uw@x!D?ZF!qCht zOw@yk)aw}Kt@?tg5aIY?GIpGXl9+Z73tHDtcoo^WMZ{ixuAh8IW3<$@?ui9X8LND8 zlsoY>K85w-mnJbm;h&UObUZ_%<)tg4LbK`J)>(6?ci&_y4*QxIw~A^mQ&T?t1|xIJ zK`}}w&41`+TP9gr`PyAd zHKk{0Yo_u1O$f6K=Y3)i^~pWtd6hMZ zw>q{>x8R~!D8B{&u91^reakjezBNrC@jSqsxl1m5*@SI1d&QhSGhgGivA~}0^Z@zU zo6&FSxt>b*;I`1@&Tu9(Hy$6l;$m|mtQEXU4CV({DXV)n=2&GrY)Yyv8ZCX)dR#5v zQ9|H)ONs9%_rc^@)}Njsn(~@+kNm6l>V(9t$__NEwD5tfolC7p14 zO5fX;YLWD0os?I~exoOAMx;+{K5bf;-Y2#8=~AA{4Y~@aJGb{9XL#W`N!!A__R$QxLGZX*-B72lu!Rjg8ef2%;}?7NIte}#s$Vw}Yoj_)k_UL0lG zi&+T9fE|~v{554OKYgNU-0=IL1P*fk{67-Wf8BJCucH5}hShlU=s(AH|Eq@eez4=O z8kXzYf0UzZMgOW{%TI6kE3w^k?0*hA5VGYB-$@8saQ?VVe2Iu}NZkYB$S$*gRlbs+ zaJs)w=lmzi|F56-f8-+mj~oZ~XJ;_S|6;O>?|t=hpY|Xz!oz zj8DHg`qxq!k0z7mr2Ud0SPva&?Rc*=V(d>S5c!ekmxL<)`3vw}iCnuyLdphzXRQk8 zM>Y#%#UiwdS0QR3=AQgZvC6qQk>{vfFRGx(C$@sWh8n%#Jw!(56kvrAUI3IEBDC#` zv2saI@Dpk?nsMspY=f81&P!rt{P6XK+N=7=i=Rs<%=&9$s3Afi9!ErS1fdiB9LPil z{Fy9JQ!wq%I$frSx(;W+A@ODW#|^jfJA;5<|26H{X?E&3> zd??Uk6O|FDsVQJkryF-$f(8NVO((eKs<4&<{YElL<4OyrZjjl$xI-nfkp8-;XZ3b4|B!GuPgCk|A610^MVcwV74ATbqCOhQUZIGFkn98n@b z!bFX5#UZICG)Qs*8cvGm$IT~tt{fcLdn3oj3RuDuaDjTOf_mZDw&Eis6@V1{p|VJ{ z9J>QXaOBOH-B9iTh^N}Q^O1wYDkA$LHgI5#_k#Xgq{2aTg9M+T00piDR=Uby*}cbk zfSrwn$g7+?03t*$X!ZvonMCo9_2;5HQ5ATq3@Ayu%`B$})6F|jr$Y2e-ULg?{ty5J z1_qMV2mi+RaIA!02xcdtsJFo*Q&m^Lx&EHQIP;Ms4uD6x`8+}V$FtL1URrc#k$X+r zSvVW#%=YZV%EhPk;AXpM@sm>qksl^~YZ2mCL$3_#Cs|5Zs>HAp{Nf$d)Fim`oAgjZ zsX^R|AaQyHx)}J%K)EV;)_w!8xe{}ISp4n)GP>#@6u@A)?SRK8ym%nvt(cr?!7f&| zo!sT=>4_URaK^*i$=97)mDmbHDF@?aj>cag__wvU=b^>1gnrrwZ-&%r0dPwsZD^O& zATpJel^umd7TV$x5MYQADO4siv$JC$8LMb%l|b3I>0b4Dx`yWSCSx6iL^}@oupfR` z5(`wfo0w%2XB{XU6A}|UV20EI@d6n(VvI~I2#p}E04wIkdHI!9f)kXmZB)pzbcGh_ zHjWM#vo-f2p5xLee*=Ozk!0h>JcYEx2pS{e)Jp`I;NzSI&f!|fei%5wDy-vA(2LF@ ze?NQq@>5mSR(5vw8#_oQeHR-`>|vqWR>i)i|a$@)jFj@{g zFa$QD%_G|unnxmyGwNJ>I>)X~0?tKnwcf+2wjNJb1MEirwPvT_AEwvvfvBgt6sSH0Wtfj~wK z^z@G*127uv5D}VbTZJ?6SFHyd$_5-P3UV_cEGXb+Pwf=ISz%d!g>~8m7dm+Vg!@c| zJkw5dJON`c@X^Y#NuZGM)3U~r;0J%0Xmc%wn~pE`t(1Bv>x%f|?HfHeGt)Lad=<8U z>1G4F38533xOcMeAEJU(;oci19eXR-!0)s2S6mPlJu!DABxN9uFAoR{$@?Hu82480 zhp*2ia2Bk7Mn#a;oUA!WA5KeGSAfD0@?$jxG#ruFL)Ydm%`rnJ#trrL4ti0FYq7UZ zhtTr83i0>E91dD`wehYJ@I47H zU$?t5@RS(1ZSW#G3|V#8V`?Q8{1_tERim(@xgI0UioHy%53vcbdJe|yUPP#tioLZ9 z-1vh7({!KfM&|HjBBf*Z!gy}g!GHdNf_)w6mwHUq;O^hpJcsRt{6p~u4-J~ntvWh7 z#IJxjRertu78!|fPz8|(U+z62S{Ixf42yTkIE8fDVo5|OL{<&#GH$JJkAPu7?=!C8 z>EW>pLdX?wPBu1iij}>)upR5J&Lwo=h{$huh83VD6LV0w>1_hBBh%o@BvSf&cx%DU z`?U1KpFe+=LKd(|U{K){s%&Vu9Z+I$s(idpJ2A3fwJ2E1>)- zfRZgzGECIY+-K+OCTDtHUS5RkA~O4hz4HvTX5+T(KKsPP#Hw>MUtS1h{A&M0s6Ksv zE2^1Qkoff6KDWDs_XHz*4+zyn7nbBCXf;2jhnfd+LRDmsHMf+og&2`>K}b0a7BMoN zGpdPGKNCdCiy9hy!N;7yBZQ2utUgJTBx*D#^`%3IyXZfNu>-7iK@uRs8Q{_GjyH)CXQM_v7~gM$O(o@Xy!grEgM-I54bS!C^*vElo&f%hNqf)xmT&m&~^w`2?87@b&JSROFFoHuZ`uBsnq(~yNeMd`ApEsNwUWaxmCloP5e@*vT>*wk?(E8ea2x38 z>N+1K8AiCo@c8)hSAQzwrf3#5!7qYO0f$--hUpod*2)T14(@UyCX=&+SgY{HUq=TNG4>81NguyGTmUf-T8%GG?m;4gaAYN8Ld+**olHXv8 zOvoL{knvuNHPtUpMUjb$lbj!l-MzfLsVj?_Un}p1d0bJ*mXHLjW;W%Va)fQUw?+$A zZ(P@bZL z+=vf|{OF#xGuBEKD6V!t?f5x#+pb-Om}f(@7t2_`dwV*u1OcO%cw5)j)*{J2ffynq zvS7z{#wn?SzrIUr_d+Q4`|JNz;~T$*%K=r#e>KqVhJF})o4q)>`gg;>o$-#gBqreG z>(2k$qW^E*Z3`|Ea|5L}Y}QBnBEpei`_W{%{9VhSQFFP{V#BB*dI#|o*JjdfxC5AUbvh?c_Nd+q1? z8GhEriap-AYn;Ub#Bd5|Sze8(FI#1b(0S&myg>r}px=D5*r69%V#E+jyh)@Fom-BV z)yVsxI({KoQo;w5_h3w+JX|{a@a6#&Vm6U_q&vmCPYxYB))y?qF4BonVGntm3=b=M zBQlOd&EXq<#h-6Gs#M$s*n?|g-x3>EqGGfso5o3EOmwQkOqy4)PEyalQR(w15S-2H7 zAe3u(3sOf6TYi9E_ z=UylDE;|KPtlsVCGrW&XjTnEq`UAqIik94H(X(l~`K>35pHl95h(LtGfQXGyIZU93 z6a3Ee9jh1}?y2vZVSR|3ZV+qxE;+w=aTuy>f!3^`vNUGsp(<87Y>~mZ~*$o z#3dLj8KcG~W`{_jdmxcc)~*S`;lep#2O5qiOhHT=@obES8cv`dih`tWHED8SKGlKU zi~9IRwzXLxI>&ka0+cp#AMS3)V-mtzRYR@&4lC#W{rkGza47tYQf3U`4K_%953=(n z35hD*%c0rXw$5hVySciS?LyERqKl@ukL`6_uYntF;a%Xdqj%%iApnQ;x8UtZvs>{@ zis4hpZ4c=Uxfj4>uA_S(FD^nc>&>aY5z5!owbQv62GVZ*$CFL56e8(7Ks1pUj66`i zr*N#Dt*G4fngQrY#5e+<*52D&43GQ=j*gqqHj>x;pkcj^E5jp3Lr(fgQz)_lO|(K1 zeE`XcbN5pm`MYGk6~f&wKJ5Xu51g@n6J-T^~Lw{)#yuzPGfWOt~h z!6&`!Yz5<&5Xgv8bhTJ0;SEe90wZ?BT@}`rXssZ>485k!N4ixAq~S~R29*MN%L=rl za0hz;XqX@=DCIxsHG0BBVHMtybqRk+T0F2{z>^$D-=i)+jCs2cpHWDE|1@f3BEMei zumYtsd1nX<3(Iik5(GfiPO|_OpuXRUKDQVv8V7_FiHQ5is{mjoO|4}40B}vq&PL*u zkB52r%9U=&TVT*#yt57~(yHS*gLrER@!SL=f^9-x@6(_Ye_Kb#Pp2H#3p{A}h}GKy z)*X4VQzzg6qA&+-4Bf3bq6o-h9A+`;0MgL@RiqF*nnFm!NKyv;MW92}biF@@QAnYe zgTk@hLq>_%$e`>X7UKkugUP}LREZM{Y!O%dES<`DuMDKIZa~i#sA_oeCgVN`n-oEN`Yz^l?ZVWza@b(lt5Rn zJhI46AnMW1&H`BcRgrcGDcP1c>fq4s(4BjhV`hn z>EHkzI5Hnm>@jCZtqLP_(ZJ=6Oz5tF$FwS-t71XCb^@r5Da;-ee;s`6^ zULES(?>2j#*ZJiumgc76G=pYdGcX%c>Z0fifP&)G)W&517wLV|d2*Bcb6|ki$brl9i;CzSV96#;j^SHm!nmbq6%yXAg2%@15y8%PJJz~iM zg>r>_0zo-8L&rIiOZrvwRI1*NJoD>3HGn1N$vgtc;q&ajwPvuI+IdQXEEGp1;unYJ z9ttok$Da+$q_2}hf`fxsMoynkG2fXXrU-Sb9SHd_*F;eGESCqx#M-@ku1y@6(_$`X}lYk#~YaiiKXHey4E3q`W_$UI~2l068o)ht44}0W!ViE>XTXKmon>(oQ#LbV}gL)Y8;v{VS?}$hl7y_9~&{KEyYsK>I*sO3j_Oi0IfLk5z=I=Z@6fc;99Tz z;>C+xcl{Qk1o^-l|5!~Td2Wogzwam;O7J}*wpMe1r*~40`;b%&I&{;ncC(n6!W+Ym zWIh?AK85WseEWbC&TW23TI0D_8}=3~63*`A z?SS^b0#*nlA1HiW_}EbaWn$11gO=6sN0+(yEJiT;#UervSO-0ot z5K!X#UVt(0=CLh{I@pY>^J&_Fmldp;MPuyVhAKgbaMNGCel0CuPhp`5u-p1>ox($w zCdT4wIX%%&V;*FoSnLvGGuQ>B^(GsSCTDKk(Rb~B5GEA@0F|+O7A5WuKCgQl?v_b>W>Zu!^Di?el`RzaaC&mY~ha z?8tD|rO0&&qI!5AqC7hn#lt#v8Y22z)W!?I#T`EG|XC zcwaG>B8iRD7h(qp%}(JSnaT(im2S@1@K!M%v6Tu=Kv+2~=#Z3OI6cyIDhq6NiKb(w z)29~G*uf=-)$B<5$TU^Z_-@T&gv6;E_ZF=J@|-2oO-#En#$9kh?Hub~@A|@lc;H82 zix?>5P?-&$$ThMdXb5Q#32A-2SxYVj90}eAa$I5BCEB`I@0_(%YHu?}06subVopwV z{*+w4QbB!Bo0J2o$D)JU*)Vxy-Igu$_4OY)RBl*B+bhlC)by|LEEWktatLsTJy)K1C45zW-xd~e;fFt2x!GY8uYw(DJJ!h5uF@AS( z<`ZBW?6#$WvxTLOYSdg4nDRq)^#pZ;v>;J41+7xgYBS8(_<3v3?J~PGT+X&Lk*O$t z`&OIrJrSEIR#YRFvBW5YZBzrA_5Ng zdtAQrQoR1}>V65&ZNjN_IQB)d#=$3;EZhUQPXroL>_RBs3F^ZV>(4Cs@l{cgfbK|{ z#M&3)0QRGrRh~Q`kYG8ficBZUVuvF~sR9qy9jhr(9I(H2)1M4Ft=YdbFzi(Pw{Fi$ zoN-;aMso0ZC#>SUNZ;KPhl`o|`chweEpovH)#MFx?Choix2=q~J3}Zein+k845cXH zn``Unh*^AvU=6l`1-RgF0+7?X7Ty6~K1^xk3eS%!f$7E7ZRGwSF|wphZEKt4yc-U& zR_}Vi)~$v2^iHsg{Gpcq9Yi)SSXY5CR zK~#H^VHx|{w6h#oQ1rr7BT>*EP>&sCWZDts%Ch~nXfohS=Os9JP-TBixM%NHy}Cr} z;WIW-3nO_$bVdGS=x2~>R6br45yFDRo7@fzChn7M4W3kd^2~cYH}(SM(<>X@xG;xBm zTOZ(n+|e~CVT!!1K&C}RV#{13{*g@PJwB}n!hog*M>J-hYz$0~tC+EX?R*DsO_Ejj zRp-_&WOH4jER4feP|zcAo?C;~F%P4Jrbh^_ePUW(uHy$*<({$|k%C)$y!?D)+zSz4XC;5DfOw5yC8w3U;7@SWtI=L$V7?SKak5Y(DvzF;bxfRJ{ZZzar{0EyU6qYgAV;ALY>Yi$XoZ#K%r!dmu@>24Te(h7FH=l`=d^Aeea^*yq zLL_D>#0f-J&Balo_-x;P&zfDEToOBh{kPhcF#j3UX+pYuwY0$O=YykI{E$iy0!^l8 zIrpCzG3RLFZP^Bs*@KQ#ic-{5C5ifiWpm$d_0TyffYcc8&ya4guE=X}8B>CG9 z`R8lS$vfGUCY#(B{EKFXu=x1+cav0|MvxPV1W|PUQe6Vnt$I8J%2TZ_ARu55Ed#JN zYoVQRm=QW6udee4_3Wi+u!aJtL3WRBQRUD7B#!*XV#xo?HITwv`KxpjGUV!!QLiRr z2YuG7>&$Qb&rvt`e@xdn^1l>Xe#hd}@949S{ocnX?(A8kgnM`X_(Qm?0fOmfp_LP6 zIUGzst_b>O8mFfA9buy};xEER&F_IOtj|JlO1TEhIYkedt^FFzsos;dqitnnHAG7& z7OVE?!O>KgtZxd$^cc~|8PgbSOv&`eZz-<_9*~$La!SxB{5GtK`fQTXGWnLiWUnMa zMQ$?~M@^2g?1%2$vLo7#BVRe*$90`Xw3#F|_alz~GCU6=oI!dzsS$TCiUFq7Wb(@+ z@xZ=)+e`b2;L@rVT{~dRq`nNBTx!#ghzB8&XOr%PqkzKA0?sUlw#&E+S|3TGcxWv5X*3k?iro5HMAc#^B8VX7or z${`mQ5XcD8-nIlGQ+z0h$&YZBLWML^&+7-V^UNn&B4}J?TilEDuH&vOao@juM8#WG zPKh4ZSn5xqi#^=Kt=0TJMM%mpVI?J6#}q43tP2l(2n*Ulo`}>q$UANG5TExb`+I%@mE$p3k1X7sBm(40XsVblp&GwMskmeJ z?zWeRbmAPQu70yDgBsM=Bz7`*Azb-6j$^ks15ry;6KqnM-0=J+}#xuO-}fsih&RhQ%f4hfri9yo_%SRC%emUb@zKpBMf zy1cxLz)bL2?+&`yQA~m(s{WK#_p91**3WGU`dyv{hI$}HOmFr&k zd0B9*gvvNRVs|8#@a?1^gHbu)+wdatJ)b}{QljtV9<{sj(A+(eerdb$4{KdbnO-!6B9xyKVSpoA9rqgTYtPx~(5wh;9Jk6s!QO|JG^_-@odV z%YV`aB3~7?Sk5AK3YNLTLXB+j?*02k#Jh3nzy12_Ee?JdLqx3^q&^Gw3oYhRVbb^b zu>m>kEZnoW*CHtfC~;3K2kqfxf1}-dwt@|JK`5pah7F_d_#WvpnPKWuZ)h60_bP_C zwHA^gYE=oQ@N@Z{&lzu7q&?VQW;ZrqmZ$qOq!IAi4D5~1s}Eu%;g0r&0Yd#c9NT;3TcGyk>Ba+YyXzme|Pf#>va2nzvvp1$E|+SViC?6C>%8T z_0zavd1k`8?eUOrKhW;JLVdPn4^o zF!B2zg|9TDavMa&RAHiuLnK_KoU)=Dc%CQHYw7LJ~Jgz~T^DFjH83M}lwscp_eBu1h>I@dL21*tMM%4n%IV?zKd zj;_xaH@n3E1qT|M68}85@5k!uHX)6da{`v1q7KKKbJ5G<;y-yq-FszO*JXJA6^d~- zU3S>-TrXitNHLR;kU+`Z)tP-d-s)LX1Sa8nyV8rL8$q zmW>ov5)o@if?F@|kTl}r-rGGFsomoDOsW>=fEh38edvj9^(xhOXYBB~CzN)J0E+u! z5Xzkp@Hh}!O4tRsHFrTHA53tN7q-Nv1gq$bN^TlqRO$3GJi;v+oq!ZXd%#nKkl?D& zvE9ks1xCms`KrKr4|*Xa<~-1gE_wkE@k!e(SDJ@gHW^*pkc?u$=a1MQNM06l==?VS z^45!Y3*WM`F!rCE(;#Hjv|}9X>!N01)%mE~*&Y_Q=Jja2KCOmRCtvwOAv zZKV_Ezr{OMZzG?@tsq+k5g2ZrF-sYF1EF3ta{$sD;T#}06Z8gzYM;4pqlCcuwa*%j}xw{YGX;h21N_$KV&vM$dRK* z*P-atT-vjSrSnmY_-4id6`d&Q0VY1<{U%r)pbLSkEOGk4pUi_Nx~K{3c~ApvibNj* zJRd`4{I$7Fap1DBZciCS)na6;X$OZOTIc)pG?}+)bvzY zY}Br5ACD6xRZ5k>Gw}Txt;T|Ch9=x5i}PK4xizu}^cbcn?^`}+wg|wON8J`& zB>c)-Rv35BjO6Xa#2GHH#cb|>MLaXrYp1u21Q8SMHz-oZJevBSq+zoYR@ZL$UKn-1{;e{3@QKgN;oUjOgTwcxR(lA~8h1;4AjdRR=ek`deH(@_i@UfB#LsYmc*&vFVO>eb2r$dt2M$*sZWYIMfeOSI?iA&g5+LbHa}N zQZ4RM{JNWr;H^7a>9m~0UmACXbfLuo1 zDe0stFOJ=m-{=82M+IktKXxcJ@_?*uU)3eq1%Y+;w-0oHC!%_|#4Wgb7a9p!{3+8$ z)*!mjwcTfb?LTX{e4uIE*$WpIqWb|CJ~cd`heXm_Q)l)}1I5zCA)+sg#9O&kW%ie) zz&|5lh+G1mn@z}e5qN*C5bP>priOQ$YYP1R_AB6%q3d$Q4Unh$< z(*pO2qm1QQ5tYOfnIzOWGYMlja|^oxrZ&5!H8T!GjS(B%t@}eTSVQ}n3z@D5`r#sx`=ax z8jMu8^?J|Dmgg^;Qw*#NoCY{`?{p=pmqC)(=v zdBb}D)SF&ovm-V~uIN9lQ*!R&t<%Tt>fiZFuVt@g-kdnrcfj3~>vG1;>DR|fzg0WS z;-+@*ntS^yMP0BTttOYM8&?vSsa}~`EB)}gTD2Y~b_rC7frUlj*2x|K6y+)5;o+M& zGWck&$#;H`NK{q^UmY+jf&%Bqwrxvk2$CwCIdkUS&6Gh|h?Ep`z~AOAT9gCx8$f9- z{)t1uz`-FNF7@$?7lFvzd;$X(qSsVZQVLf#EPwazA>4Wm?oxTnliM_^?tZ^4QKNl6 z0|#_Ke7nBeK%A;`T7+{u0V$h|;mrB-V@{BNY!WE-Bdpcq_fifxFa0(suLa&5tNiE25oP`77e> z!rM&0t)0BFn@aC}{bxPO%L{n@dL6ZK${=ab%4n~&w0Yd`h57~I7YJ$6t5mLUIe0g3 z*^)($QS|E75TLwXy?YDCPDIYX(=|GN13zW>q!7#Ab8z;MEmFe!ZxXw2w;S^u>#n?9SNIn~_bj|$MD#- zx?IV~SeUzYGGbJ}f&_fV&5;m*@?S}|Yb%lT9Tjz`|17*JeTg?KajLdMx^9KG5J==L zb+O{uu}c>%I+2!^CXD!X9PX_Gt+U27VVHt~w$#th@2CF#{qNkFdv3vSTYGytJmwD^ zIMC0>=K*XbHZDr+i?b@7c*RH`9zc*sco-Z4jb*3W)+6X#+ysM5h zck9wwv-Z;sG}1Tz(*?PGASc}!89w)ayoQo>0bLpl!rOCd4E{VFahGUph^-{jz| z6h5EI%4jPaoBC<79kg!dZjG@lK1!FF=QAx`-Sm^C>1NfJw%l0iuc)Zl*1=zy#kPD* zZ~MNJZ;uX&lZP$duzvmCwfXQzVH@uC*1b3*KX?@{DM`|6pQrMBy4eygi5P4>P~Fa; z;Paa)p7|W)63NugIXjY7oEq+}ru}GQ^QRPz;al7A^S(RXUfsE*TIkvxD5$H(2=Umx zz1ruA|4aHh4=eu1ACkI=KRCDg_ka1n{@~@1jZ;(xghxb7i~aHIb5C`T>hiLztn7X7 zudliAj@0t&A3AHkWMT0QBtKaEcYl!N5aoFZ8J2dfS*Y!U@TLBS;31F5mCK(agb&&md z+Rg3l`^l2)X{o6XL8m+|D_*=<6&)2dwOHH)8AaFAvphXL>#g&^#%uB`9gV>B^!DzJ zL(jdwp#Dz(?dA-wl+|#I!;(CRBH1xz#f_y04;|VJ{3^W);Au=&DCN`<`o-Fsnx|WU zrD#9jneI8gKB4i4Llf9NSUar-sW4)tGwESQWX9(3%~XH$bak^)=B*FSecv>r@$JxU zPlIQ2tNL&5ev^R-nQ)qRKhhH-f|q@gJgx#{5fp+@XbWk&0Dt`z(}Os zyJxt1b&#K*B5gYMb&Y_XqsNY2h)z7Cui}UBr7KqkkYz7hzI?ejp+x(n;nJmDeeR{F z8!lVs2IFxJ`8J_^zJ5VwA#pn#0dMh}H)&>}zEM$69akC~dqh~|`;p$LZe76TPX2Lz z+RoKn0_M(mQ&;Io9qU3bzB5W}JVO95G%&bIkNd#`2ehT)wV`mHo}jz^AaznLrWHDP zw&hvT9LZF@QIjVx<@9QH4Xk(`xrk|RJM&&TXEGI?uqXLD>=lPcI^i5)w2f|s9+{A2;Z z*duUJ1szJf2h{pM_3QU8>0zrD6%_P^nADj*q}B*vbAeG1KU} zGnUpM=v>7^itf2P+xMl-maNar>BXZ*@^o@JP9oZuB95@hue(kZzd{qmNM+^BFM@UL zT-jeDS)(v`M`42SnvL1>(Tm)}imr%wa162e5}M1mmmSvle7TM}5l)zBHUj#cK7T#{ zC3~h+fpc5^%cnw?a~8U;OKdfNKfifoM_l#Osq3YYk&(^wJ?O>=l52jel`(*|-TOZV z!Zu3}fIcctoM^CN!v^V9l1%?AS7u4qPxi=u@Zb{oq*&EtLcrgapQf^y4-IWyuTofA zI<3gGVq=3(>iS2BKWh@!sY$ zEuUwkQZE1pW?U~t=}d;@uCn$QR{7}*7XtYfW%O1(1Roh!^u^gle#nrSKr13HVzw(* z%}CmiG#N+XZv|rCTr@)CA-Cio!EqtM(SQl-yn0z=V)KprW}#OObAG6d`5GJ@ZF4`Y z3C*=aLd1C4>ES21;X|@zkZ1d6`*HDS7L?vgPM$@OM(;bTG`0IGr)F!8O>=g8hQ-&2 zbLjWKg48nou3V4*QTTHH>$(4B#QR?axG|%q{PNpxq0^mR?Cd@B`LYt{c9IEy1>1fW zL&x=;78h(O{voNGO7eeztjx)>t}i`gB7*y^n_B6$UVbMkXenq0c3Q+JmkeZQE8}Qehlz zc`a~NeCf;MJb7+!v#7)8Vw3Bx^E7M9vR2PcOiU&bc-E>nkrUlm{rPntrqb_cA+)t# zU}Y7?43mlI(f7x;NjOgqf+)RumPazn9m~Li@3M^dZEN zPsnM!NKv~g?pPgTr9&!sVB6ku2B4cmd@WS9*}gq!R2CJFly@5JxR7NY)b~JGfmH~$VDp*#ia-uhK7cmc&8K&9y}=0@0Kt1iM{0Hl z&^4h~NN6F|2JAf_5)yLS#bt;N-v<#%*=ljBz(g)_bWDImSgT?l;kPW|yJek65 z6D`N2&6^T;4w||{69MV(Yb%F-FeK}LLOlTQK8C?sdUAU|>{A>)y4_Tz53!v8Y z3CBRL!*qmR2BESqAwzM>6eBJfZ(di3nl}uo7g_newWchXzGFH2XQKYg0(>?wGP+Lh z$Qf7HI^%UQI}1hipicKaaa!NrJ{Hv6KwsYrFjhy3>^hKE@WmX5t_tEYmOFPo1hlRN zI`@f-TL}g*YsMmqMlgVy8`~Y`OT$oZkqQ~n{nA(EIArNEI)ej#-`d5>baeUANU_3E`@^+0_S6D7Dd(t90!5;_83IN}-|{q^gwqNN--e#ROF zO4riJ#xe`ht`Fil@M-tCvLZ0H&+9u8Q1ze7(8tOT9A%Gc9g`iVQ%bo_G8xV#g>;?G z+(|0T#VFj=R~Kv!f01MB?%~n&(+UR(0t)-WB4e@swLf8ir?E{KW~`>;cH_V&HHb-RR&IzM`s7Aasy85y~5OPzy4 zK{Hr4zQlZrbx;*Uz_LVHG7FM@zkq-RQY)HcsGGH=gi={qS*yDD%PB+*jf~3ZWA7^0 zj$?SoAJVF|ce1ld-dsay{4u{S#7wwx(VdG-r~h4 zX;QfipKkfCaIC%dYRMBZkFnx7&7Q`cJuaSQ-W6Cz?FOj!s>x5Pq$7s ziME_WE^_C>+brczrOlrsBSf{Rypb}{WJ~x8V&S;A#tyc7_S{`}^KL?kp8oeo9ZQN_ zCjOFiB&G8d@l;9M!GFC*>;LKpFOAc>Jb3o3^skC~?#s!}v`>T@e|>?e{pP2AeODF9 nKGIiywdof1|MLe)Ev?=w^t-;$Y-p-@cbz#4X9xbg=9hm17!P*# literal 0 HcmV?d00001 diff --git a/docs/guides/auto-backup/pvc/index.md b/docs/guides/auto-backup/pvc/index.md new file mode 100644 index 0000000..00043ca --- /dev/null +++ b/docs/guides/auto-backup/pvc/index.md @@ -0,0 +1,513 @@ +--- +title: Auto Backup PVC | Stash +description: An step by step guide on how to configure automatic backup for PVCs. +menu: + docs_{{ .version }}: + identifier: auto-backup-pvc + name: Auto Backup for PVCs + parent: auto-backup + weight: 30 +product_name: kubestash +menu_name: docs_{{ .version }} +section_menu_id: guides +--- + +# Auto Backup for PVC + +This tutorial will show you how to configure automatic backup for PersistentVolumeClaims. Here, we are going to backup a PVC provisioned from an NFS server using auto-backup. + +## Before You Begin + +- At first, you need to have a Kubernetes cluster, and the `kubectl` command-line tool must be configured to communicate with your cluster. If you do not already have a cluster, you can create one by using [kind](https://kind.sigs.k8s.io/docs/user/quick-start/). +- Install `Stash` in your cluster following the steps [here](/docs/setup/README.md). +- You will need to have a PVC with `ReadWriteMany` access permission. Here, we are going to use an NFS server to provision a PVC with `ReadWriteMany` access. If you don't have an NFS server running, deploy one by following the guide [here](https://github.com/appscode/third-party-tools/blob/master/storage/nfs/README.md). +- You should be familiar with the following `Stash` concepts: + - [BackupBlueprint](/docs/concepts/crds/backupblueprint/index.md) + - [BackupConfiguration](/docs/concepts/crds/backupconfiguration/index.md) + - [BackupSession](/docs/concepts/crds/backupsession/index.md) + - [Repository](/docs/concepts/crds/repository/index.md) + - [Function](/docs/concepts/crds/function/index.md) + - [Task](/docs/concepts/crds/task/index.md) + +To keep everything isolated, we are going to use a separate namespace called `demo` throughout this tutorial. + +```bash +$ kubectl create ns demo +namespace/demo created +``` + +>**Note:** YAML files used in this tutorial are stored in [docs/guides/auto-backup/pvc/examples](/docs/guides/auto-backup/pvc/examples) directory of [kubestash/docs](https://github.com/kubestash/docs) repository. + +**Verify necessary Function and Task:** + +Stash uses a `Function-Task` model to automatically backup PVC. When you install Stash, it creates the necessary `Function` and `Task`. + +Let's verify that Stash has created the necessary `Function` to backup/restore PVC by the following command, + +```bash +$ kubectl get function +NAME AGE +pvc-backup 6h55m +pvc-restore 6h55m +update-status 6h55m +``` + +Also, verify that the necessary `Task` has been created, + +```bash +$ kubectl get task +NAME AGE +pvc-backup 6h55m +pvc-restore 6h55m +``` + +## Prepare Backup Blueprint + +We are going to use [GCS Backend](/docs/guides/backends/gcs/index.md) to store the backed up data. You can use any supported backend you prefer. You just have to configure Storage Secret and `spec.backend` section of `BackupBlueprint` to match your backend. To learn which backends are supported by Stash and how to configure them, please visit [here](/docs/guides/backends/overview/index.md). + +> For GCS backend, if the bucket does not exist, Stash needs `Storage Object Admin` role permissions to create the bucket. For more details, please check the following [guide](/docs/guides/backends/gcs/index.md). + +**Create Storage Secret:** + +At first, let's create a Storage Secret for the GCS backend, + +```bash +$ echo -n 'changeit' > RESTIC_PASSWORD +$ echo -n '' > GOOGLE_PROJECT_ID +$ mv downloaded-sa-json.key GOOGLE_SERVICE_ACCOUNT_JSON_KEY +$ kubectl create secret generic -n demo gcs-secret \ + --from-file=./RESTIC_PASSWORD \ + --from-file=./GOOGLE_PROJECT_ID \ + --from-file=./GOOGLE_SERVICE_ACCOUNT_JSON_KEY +secret/gcs-secret created +``` + +**Create BackupBlueprint:** + +Now, we have to create a `BackupBlueprint` crd with a blueprint for `Repository` and `BackupConfiguration` object. + +Below is the YAML of the `BackupBlueprint` object that we are going to create, + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: BackupBlueprint +metadata: + name: pvc-backup-blueprint +spec: + # ============== Blueprint for Repository ========================== + backend: + gcs: + bucket: appscode-qa + prefix: stash-backup/${TARGET_NAMESPACE}/${TARGET_KIND}/${TARGET_NAME} + storageSecretName: gcs-secret + # ============== Blueprint for BackupConfiguration ================= + task: + name: pvc-backup + schedule: "*/5 * * * *" + retentionPolicy: + name: 'keep-last-5' + keepLast: 5 + prune: true +``` + +Here, + +- `spec.task.name` specifies the `Task` crd name that will be used to backup the targeted PVC. + +Note that we have used some variables (format: `${}`) in `backend.gcs.prefix` field. Stash will substitute these variables with values from the respective target. To know which variable you can use in this `prefix` field, please visit [here](/docs/concepts/crds/backupblueprint/index.md#repository-blueprint). + +Let's create the `BackupBlueprint` that we have shown above, + +```bash +$ kubectl apply -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/guides/auto-backup/pvc/examples/backupblueprint.yaml +backupblueprint.stash.appscode.com/pvc-backup-blueprint created +``` + +Now, automatic backup is configured for PVC. We just have to add some annotations to the targeted PVC to enable backup. + +**Available Auto-Backup Annotations for PVC:** + +You have to add the auto-backup annotations to the PVC that you want to backup. The following auto-backup annotations are available for a PVC: + +- **BackupBlueprint Name:** You have to specify the `BackupBlueprint` name that holds the template for `Repository` and `BackupConfiguration` in the following annotation: + +```yaml +stash.appscode.com/backup-blueprint: +``` + +You can also specify multiple BackupBlueprint name separated by comma (`,`). For example: + +```yaml +stash.appscode.com/backup-blueprint: daily-gcs-backup,weekly-s3-backup +``` + +- **Schedule:** You can specify a schedule to backup this target through this annotation. If you don't specify this annotation, schedule from the `BackupBlueprint` will be used. + +```yaml + stash.appscode.com/schedule: +``` + +## Prepare PVC + +At first, let's prepare our desired PVC. Here, we are going to create a [PersistentVolume](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) (PV) that will use an NFS server as storage. Then, we are going to create a PVC that will bind with the PV. Then, we are going to mount this PVC into a pod. This pod will generate a sample file into the PVC. + +**Create PersistentVolume:** + +We have deployed an NFS server in `storage` namespace and it is accessible through a Service named `nfs-service`. Now, we are going to create a PV that uses the NFS server as storage. + +Below is the YAML of the PV that we are going to create, + +```yaml +apiVersion: v1 +kind: PersistentVolume +metadata: + name: nfs-pv + labels: + app: nfs-demo +spec: + capacity: + storage: 1Gi + accessModes: + - ReadWriteMany + nfs: + server: "nfs-service.storage.svc.cluster.local" + path: "/" +``` + +Notice the `metadata.labels` section. Here, we have added `app: nfs-demo` label. We are going to use this label as selector in PVC so that the PVC binds with this PV. + +Let's create the PV we have shown above, + +```bash +$ kubectl apply -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/guides/auto-backup/pvc/examples/nfs_pv.yaml +persistentvolume/nfs-pv created +``` + +**Create PersistentVolumeClaim:** + +Now, create a PVC to bind with the PV we have just created. Below, is the YAML of the PVC that we are going to create, + +```yaml +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: nfs-pvc + namespace: demo +spec: + accessModes: + - ReadWriteMany + storageClassName: "" + resources: + requests: + storage: 1Gi + selector: + matchLabels: + app: nfs-demo +``` + +Notice the `spec.accessModes` section. We are using `ReadWriteMany` access mode so that multiple pods can use this PVC simultaneously. Without this access mode, Stash will fail to backup the volume if any other pod mounts it during backup. + +Also, notice the `spec.selector` section. We have specified `app: nfs-demo` labels as a selector so that it binds with the PV that we have created earlier. + +Let's create the PVC we have shown above, + +```bash +$ kubectl apply -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/guides/auto-backup/pvc/examples/nfs_pvc.yaml +persistentvolumeclaim/nfs-pvc created +``` + +Verify that the PVC has bounded with our desired PV, + +```bash +$ kubectl get pvc -n demo nfs-pvc +NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE +nfs-pvc Bound nfs-pv 1Gi RWX 61s +``` + +Here, we can see that the PVC `nfs-pvc` has been bounded with PV `nfs-pv`. + +**Generate Sample Data:** + +Now, we are going to deploy two sample pods `demo-pod-1` and `demo-pod-2` that will mount `pod-1/data` and `pod-2/data` [subPath](https://kubernetes.io/docs/concepts/storage/volumes/#using-subpath) of the `nfs-pvc` respectively. Each of the pods will generate a sample file named `hello.txt` with some demo data. We are going to backup the entire PVC that contains the sample files using auto-backup. + +Below, is the YAML of the first pod that we are going to deploy, + +```yaml +kind: Pod +apiVersion: v1 +metadata: + name: demo-pod-1 + namespace: demo +spec: + containers: + - name: busybox + image: busybox + command: ["/bin/sh", "-c","echo 'hello from pod 1.' > /sample/data/hello.txt && sleep 3000"] + volumeMounts: + - name: my-volume + mountPath: /sample/data + subPath: pod-1/data + volumes: + - name: my-volume + persistentVolumeClaim: + claimName: nfs-pvc +``` + +Here, we have mounted `pod-1/data` directory of the `nfs-pvc` into `/sample/data` directory of this pod. + +Let's deploy the pod we have shown above, + +```bash +$ kubectl apply -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/guides/auto-backup/pvc/examples/pod-1.yaml +pod/demo-pod-1 created +``` + +Verify that the sample data has been generated into `/sample/data/` directory, + +```bash +$ kubectl exec -n demo demo-pod-1 cat /sample/data/hello.txt +hello from pod 1. +``` + +Below is the YAML of the second pod that we are going to deploy, + +```yaml +kind: Pod +apiVersion: v1 +metadata: + name: demo-pod-2 + namespace: demo +spec: + containers: + - name: busybox + image: busybox + command: ["/bin/sh", "-c","echo 'hello from pod 2.' > /sample/data/hello.txt && sleep 3000"] + volumeMounts: + - name: my-volume + mountPath: /sample/data + subPath: pod-2/data + volumes: + - name: my-volume + persistentVolumeClaim: + claimName: nfs-pvc +``` + +Now, we have mounted `pod-2/data` directory of the `nfs-pvc` into `/sample/data` directory of this pod. + +Let's create the pod we have shown above, + +```bash +$ kubectl apply -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/guides/auto-backup/pvc/examples/pod-2.yaml +pod/demo-pod-2 created +``` + +Verify that the sample data has been generated into `/sample/data/` directory, + +```bash +$ kubectl exec -n demo demo-pod-2 cat /sample/data/hello.txt +hello from pod 2. +``` + +## Backup + +Now, we are going to add auto backup specific annotation to the PVC. Stash watches for PVC with auto-backup annotations. Once it finds a PVC with auto-backup annotations, it will create a `Repository` and a `BackupConfiguration` crd according to respective `BackupBlueprint`. Then, rest of the backup process will proceed as normal backup of a stand-alone PVC as describe [here](/docs/guides/volumes/pvc/index.md). + +**Add Annotations:** + +Let's add the auto backup specific annotation to the PVC, + +```bash +$ kubectl annotate pvc nfs-pvc -n demo --overwrite \ + stash.appscode.com/backup-blueprint=pvc-backup-blueprint \ + stash.appscode.com/schedule="*/15 * * * *" +``` + +Verify that the annotations has been added successfully, + +```bash +$ kubectl get pvc -n demo nfs-pvc -o yaml +``` + +```yaml +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + annotations: + kubectl.kubernetes.io/last-applied-configuration: | + {"apiVersion":"v1","kind":"PersistentVolumeClaim","metadata":{"annotations":{},"name":"nfs-pvc","namespace":"demo"},"spec":{"accessModes":["ReadWriteMany"],"resources":{"requests":{"storage":"1Gi"}},"selector":{"matchLabels":{"app":"nfs-demo"}},"storageClassName":""}} + pv.kubernetes.io/bind-completed: "yes" + pv.kubernetes.io/bound-by-controller: "yes" + stash.appscode.com/backup-blueprint: pvc-backup-blueprint + stash.appscode.com/schedule: "*/15 * * * *" + creationTimestamp: "2019-08-19T09:08:44Z" + finalizers: + - kubernetes.io/pvc-protection + name: nfs-pvc + namespace: demo + resourceVersion: "64082" + selfLink: /api/v1/namespaces/demo/persistentvolumeclaims/nfs-pvc + uid: 7c9dca87-8577-466a-bf2d-2fa7a83f85b7 +spec: + accessModes: + - ReadWriteMany + resources: + requests: + storage: 1Gi + selector: + matchLabels: + app: nfs-demo + storageClassName: "" + volumeMode: Filesystem + volumeName: nfs-pv +status: + accessModes: + - ReadWriteMany + capacity: + storage: 1Gi + phase: Bound +``` + +Now, Stash will create a `Repository` crd and a `BackupConfiguration` crd according to the blueprint. + +**Verify Repository:** + +Verify that the `Repository` has been created successfully by the following command, + +```bash +$ kubectl get repository -n demo +NAME INTEGRITY SIZE SNAPSHOT-COUNT LAST-SUCCESSFUL-BACKUP AGE +persistentvolumeclaim-nfs-pvc +``` + +If we view the YAML of this `Repository`, we are going to see that the variables `${TARGET_NAMESPACE}`, `${TARGET_KIND}` and `${TARGET_NAME}` has been replaced by `demo`, `presistentvolumeclaim` and `nfs-pvc` respectively. + +```bash +$ kubectl get repository -n demo persistentvolumeclaim-nfs-pvc -o yaml +``` + +```yaml +apiVersion: stash.appscode.com/v1alpha1 +kind: Repository +metadata: + creationTimestamp: "2019-08-19T09:18:55Z" + finalizers: + - stash + generation: 1 + name: persistentvolumeclaim-nfs-pvc + namespace: demo + resourceVersion: "64084" + selfLink: /apis/stash.appscode.com/v1beta1/namespaces/demo/repositories/persistentvolumeclaim-nfs-pvc + uid: a991373f-9d7a-4d02-a812-16f901497ebd +spec: + backend: + gcs: + bucket: appscode-qa + prefix: stash-backup/demo/persistentvolumeclaim/nfs-pvc + storageSecretName: gcs-secret +``` + +**Verify BackupConfiguration:** +If everything goes well, Stash should create a `BackupConfiguration` for our Pvc and the phase of that `BackupConfiguration` should be `Ready`. Verify the `BackupConfiguration` crd by the following command, + +```bash +$ kubectl get backupconfiguration -n demo +NAME TASK SCHEDULE PAUSED PHASE AGE +persistentvolumeclaim-nfs-pvc pvc-backup */15 * * * * Ready 119s +``` + +Now, let's check the YAML of the `BackupConfiguration`. +```bash +$ kubectl get backupconfiguration -n demo persistentvolumeclaim-nfs-pvc -o yaml +``` + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + creationTimestamp: "2019-08-20T13:01:54Z" + finalizers: + - stash.appscode.com + generation: 1 + name: persistentvolumeclaim-nfs-pvc + namespace: demo + ownerReferences: + - apiVersion: v1 + blockOwnerDeletion: false + kind: PersistentVolumeClaim + name: nfs-pvc + uid: 7c9dca87-8577-466a-bf2d-2fa7a83f85b7 + resourceVersion: "124087" + selfLink: /apis/stash.appscode.com/v1beta1/namespaces/demo/backupconfigurations/persistentvolumeclaim-nfs-pvc + uid: 6270ab3f-c967-431b-8e4c-c19fafa44a64 +spec: + repository: + name: persistentvolumeclaim-nfs-pvc + retentionPolicy: + keepLast: 5 + name: keep-last-5 + prune: true + runtimeSettings: {} + schedule: '*/15 * * * *' + target: + ref: + apiVersion: v1 + kind: PersistentVolumeClaim + name: nfs-pvc + task: + name: pvc-backup + tempDir: {} +``` + +Notice that the `spec.target.ref` is pointing to the `nfs-pvc` PVC. + +**Wait for BackupSession:** + +Now, wait for the next backup schedule. Run the following command to watch `BackupSession` crd: + +```bash +$ watch -n 1 kubectl get backupsession -n demo -l=stash.appscode.com/backup-configuration=persistentvolumeclaim-nfs-pvc + +Every 1.0s: kubectl get backupsession -n demo ... workstation: Thu Jul 18 15:18:42 2019 + +NAME INVOKER-TYPE INVOKER-NAME PHASE AGE +persistentvolumeclaim-nfs-pvc-1563441309 BackupConfiguration persistentvolumeclaim-nfs-pvc Succeeded 3m33s +``` + +>Note: Respective CronJob creates `BackupSession` crd with the following label `stash.appscode.com/backup-configuration=`. We can use this label to watch only the `BackupSession` of our desired `BackupConfiguration`. + +**Verify Backup:** + +When backup session is completed, Stash will update the respective `Repository` to reflect the latest state of backed up data. + +Run the following command to check if a snapshot has been sent to the backend, + +```bash +$ kubectl get repository -n demo persistentvolumeclaim-nfs-pvc +NAME INTEGRITY SIZE SNAPSHOT-COUNT LAST-SUCCESSFUL-BACKUP AGE +persistentvolumeclaim-nfs-pvc true 41 B 1 3m37s 5m11s +``` + +> Stash creates one snapshot for each targeted file path. Since we are taking backup of two file paths, two snapshots have been created for this BackupSession. + +If we navigate to `stash-backup/demo/persistentvolumeclaim/nfs-pvc` directory of our GCS bucket, we are going to see that the snapshot has been stored there. + +
    +  Backup data of PVC 'nfs-pvc' in GCS backend +
    Fig: Backup data of PVC "nfs-pvc" in GCS backend
    +
    + +## Cleanup + +To cleanup the Kubernetes resources created by this tutorial, run: + +```bash +kubectl delete -n demo backupBlueprint/pvc-backup-blueprint +kubectl delete -n demo repository/persistentvolumeclaim-nfs-pvc +kubectl delete -n demo backupconfiguration/persistentvolumeclaim-nfs-pvc + +kubectl delete -n demo pod/demo-pod +kubectl delete -n demo pvc/nfs-pvc +kubectl delete -n demo pv/nfs-pv +``` + +If you would like to uninstall Stash operator, please follow the steps [here](/docs/setup/README.md). diff --git a/docs/guides/auto-backup/workload/examples/backupblueprint.yaml b/docs/guides/auto-backup/workload/examples/backupblueprint.yaml new file mode 100644 index 0000000..fd8d1b7 --- /dev/null +++ b/docs/guides/auto-backup/workload/examples/backupblueprint.yaml @@ -0,0 +1,17 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: BackupBlueprint +metadata: + name: workload-backup-blueprint +spec: + # ============== Blueprint for Repository ========================== + backend: + gcs: + bucket: appscode-qa + prefix: stash-backup/${TARGET_NAMESPACE}/${TARGET_KIND}/${TARGET_NAME} + storageSecretName: gcs-secret + # ============== Blueprint for BackupConfiguration ================= + schedule: "*/5 * * * *" + retentionPolicy: + name: 'keep-last-5' + keepLast: 5 + prune: true diff --git a/docs/guides/auto-backup/workload/examples/daemonset.yaml b/docs/guides/auto-backup/workload/examples/daemonset.yaml new file mode 100644 index 0000000..08aef1b --- /dev/null +++ b/docs/guides/auto-backup/workload/examples/daemonset.yaml @@ -0,0 +1,45 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: my-daemon-config + namespace: demo +data: + config-file-1.txt: "This is first config file" + config-file-2.txt: "This is second config file" +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + labels: + app: stash-demo + name: dmn-demo + namespace: demo + annotations: + stash.appscode.com/backup-blueprint: workload-backup-blueprint + stash.appscode.com/target-paths: "/etc/config" + stash.appscode.com/volume-mounts: "dmn-config:/etc/config" +spec: + selector: + matchLabels: + app: stash-demo + template: + metadata: + labels: + app: stash-demo + name: busybox + spec: + containers: + - name: busybox + args: + - sleep + - "3600" + image: busybox + imagePullPolicy: IfNotPresent + volumeMounts: + - mountPath: /etc/config + name: dmn-config + restartPolicy: Always + volumes: + - name: dmn-config + configMap: + name: my-daemon-config diff --git a/docs/guides/auto-backup/workload/examples/deployment.yaml b/docs/guides/auto-backup/workload/examples/deployment.yaml new file mode 100644 index 0000000..8be38ee --- /dev/null +++ b/docs/guides/auto-backup/workload/examples/deployment.yaml @@ -0,0 +1,59 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: stash-sample-data-1 + namespace: demo +data: + file1.txt: "Data from ConfigMap 'stash-sample-data-1'" +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: stash-sample-data-2 + namespace: demo +data: + file2.txt: "Data from ConfigMap 'stash-sample-data-2'" +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: stash-demo + name: stash-demo + namespace: demo + annotations: + stash.appscode.com/backup-blueprint: workload-backup-blueprint + stash.appscode.com/target-paths: "/source/data-1,/source/data-2" + stash.appscode.com/volume-mounts: "source-data-1:/source/data-1,source-data-2:/source/data-2" + stash.appscode.com/schedule: "*/15 * * * *" +spec: + replicas: 3 + selector: + matchLabels: + app: stash-demo + template: + metadata: + labels: + app: stash-demo + name: busybox + spec: + containers: + - args: + - sleep + - "3600" + image: busybox + imagePullPolicy: IfNotPresent + name: busybox + volumeMounts: + - mountPath: /source/data-1 + name: source-data-1 + - mountPath: /source/data-2 + name: source-data-2 + restartPolicy: Always + volumes: + - name: source-data-1 + configMap: + name: stash-sample-data-1 + - name: source-data-2 + configMap: + name: stash-sample-data-2 diff --git a/docs/guides/auto-backup/workload/examples/statefulset.yaml b/docs/guides/auto-backup/workload/examples/statefulset.yaml new file mode 100644 index 0000000..9447494 --- /dev/null +++ b/docs/guides/auto-backup/workload/examples/statefulset.yaml @@ -0,0 +1,64 @@ +apiVersion: v1 +kind: Service +metadata: + name: headless + namespace: demo +spec: + ports: + - name: http + port: 80 + targetPort: 0 + selector: + app: stash-demo + clusterIP: None +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: sts-demo + namespace: demo + labels: + app: stash-demo + annotations: + stash.appscode.com/backup-blueprint: workload-backup-blueprint + stash.appscode.com/target-paths: "/source/data-1,/source/data-2" + stash.appscode.com/volume-mounts: "source-data-1:/source/data-1,source-data-2:/source/data-2" +spec: + replicas: 3 + selector: + matchLabels: + app: stash-demo + serviceName: headless + template: + metadata: + labels: + app: stash-demo + spec: + containers: + - name: busybox + image: busybox + command: ["/bin/sh", "-c"] + args: ["touch /source/data-1/sample-file-1.txt && touch /source/data-2/sample-file-2.txt && sleep 3000"] + imagePullPolicy: IfNotPresent + volumeMounts: + - mountPath: /source/data-1 + name: source-data-1 + - mountPath: /source/data-2 + name: source-data-2 + volumeClaimTemplates: + - metadata: + name: source-data-1 + spec: + accessModes: [ "ReadWriteOnce" ] + storageClassName: "standard" + resources: + requests: + storage: 1Gi + - metadata: + name: source-data-2 + spec: + accessModes: [ "ReadWriteOnce" ] + storageClassName: "standard" + resources: + requests: + storage: 1Gi diff --git a/docs/guides/auto-backup/workload/images/daemon_repo.png b/docs/guides/auto-backup/workload/images/daemon_repo.png new file mode 100644 index 0000000000000000000000000000000000000000..4a92b24d1c271eb6e673b8050ba9d6847c518867 GIT binary patch literal 52260 zcmd42byQVd)IJJ`gd*Loq;z+PN=ZqBbR9Yl-3SOsOZOoZknS$&=74lJhlWEpck{kq zjd8y*?(hC{$K68)xO46~pZUyZ&9!#uXGQ5(FGyb?ARxSwmHDWGfbc930Rf2+4F%Y9 zAg9#|{6cq-(RM;W!0dYZK}=xABtt-;Mv(m|q2`{xzv$(ycHVOIsL2*5fB0;bODgA? zvON0S>~|Q3n!~DK_!{vTm#SQ^Z&>eWyVpiG4>ueST}g)k#Z>O}&tQc?$0f4wCria13$0dj%QwKZlc|;(rNn4TF<$ z*VtTDH$+s;K7V}L-rysfgmh&6bKyruv>wd=y7m_b<3Cs82I8Yg{&TMJkN-GP21A7y z|6dCvUIhO8d`=mofA2_(LZ`ovqRRwQP|Tz5{doA@{et(r{78o1g~}QDb=htA<>O%= z@|J>vk)JC6-jWU3#kqN2m+B8ZA-dFg3|ES6@(bI4?CHyWz15jzT}g7e@9Zc|k0Ed$ zI^3&O(QuAbXJyzxgX{i_BhvO2MJFjrK8y|wjZo8#i@R-Z1s-KxOKv`#xE?bt=IhNe zPbyUJYi(RRF1P;xy#IzH$EFotIOrD_*yat%mH=Pt_{h-``pML?+Shum5jkS= z?e}*!>AS{$0z++YgA!hHA-+en_WE((@;ZCv6J9ia9$dzVlvN_od`ZAnf8Mczg-sq7 z)4_w_O0}KiYL1Pj{#q|?m?bT){Vq)fFc@#xR+Ol!z}!sdgY?F&rHAZBl)TY{!dv`O z0mmigOyGVM^_O?rRht60X>4ul3_uvT$PY78269LWeDs^{gH7$)UZ?QtM4b+i^`dI4 zjN~VmU?@W6!jRiT46MWo{?^uH2PQ4qn0V@|&{F#>0Y=l|x*qA18Ct73Aoa;xZiYDh zecQ*W_lpqH^f1}#WuCVR$r!1k(-!dc-cFyUdRQ^Z!eRsBh`3V3jA@{<7|H${18`7& z731WIXzpPaWaxP+*_GF zJB=jmv2`mNTt?ZF0Doo9Qzr{^`I}X7TcDE;-Fu9GRj=Htr5q?s1H#$HQWWsaV=K~R zDANk0qPXU52dOZ|PHvPc+~>&a|Gsf9CB8c}|w$@y!_TML0N^gske4l_u0gDyIkYmaXr zc-glzPkF%5y}6#+6)JKTN`Oe~VXb?jNF4uGVG=WdJU$2xb$YbDHP7y8|3VBp zxh=Q5>maz6&-r7N!PPlnKG8*IBu@X(2=`3&1*5fVkpA5LnDUTjREH={O779~u`=(g z{g!o>wwXw502k3*Ltq4-0K*vo5q~HgBoiqe9XPv8iJcV`k=|d%Whj_2a??S8jJw6C zUrS9Nq6xCB_nV)CJ#=i};&wjeL~StU;RSi5P1~dQ_{sY+-a3+)QNH8WWbFp(xS{y^ zrOnuSHxLsuU)@R9R{N0?2I>!&d8jCPvF?w4AR7TN#rzPyPo-rF=T3o`udOD%Pr6(6 z!b6=)dKk}x(ZOv(gNEV-06*bP3oAWJ*o{o&kYpd%v=w-bUWzq~V+%BbX^hPIIw~uXlWNR?)#aeSZJLj0|)C{v0iYAx4$EECrfNdf9w37?aFB&@%D0jlcFcOe^PUN9PCQkh_IHt*7xUr)AWT@&zN_4 z25(t)c`%QDn|Olm*Lf*8T%q@BS4n4f(SEXD@U7aAf{BJAQor8f{S*ZqO~SdHishvX z*H)wHi<=t3SxEQcbGZ9*xXGLgx{cQk_aR&YBAOA_fu9!<`tx3ffy{R~VxC9{MHOUT zB~}*Mk&tbd(=P~O+R6)=`#aU2H_RG8?GhZ|WQlRjGXKejJnl^sleiyV8 ztdTnJnVe{D3^o!voZZ>KsgEmpMd5QO2XID$?W+vaysj!6MWOMN*sIlaXMiVY^!O0@ z&NbS&RM$L!V8{vvwn?sjCdCYg+E~&s(?uC1YH0xlqBeL$g8eRkGYARZ;A)iar)u#o z@m^tZp`r0@Wh;RAW}wh)Eys7%VhKSl&c=u0-65&8zerk(n~^NavjoaK}0u zz0+n`TGFOpOznmqpon{IqLtOqa`-9IGlw_5)m@w_n>Q6XJ*+%Fi04ZzwFB8p;mU1+ zDjE;ag4&LZt3~6?VaYSKuisruf97BfG^0x)*Tq>$JgQsQw^@~1#yMPAaB<}2;!FvX zB$2nY*n;dTMn%bH=Lm#{1%@QonSI5=kVnTiC5P!K@l`Q%hMFx88E-Dwy_i0$oi$xc z9nqlFAMam^e$CAuNJKtigw!cq*nTNqd81XgngUHk)y@V4Nvm96bRtw>wM{f8= zGY`|2DSXB}+arINqzsV{xDV(Ij4ijLYA2w`EO2q|{Mub%oenC6>iZob`D(G^6!t=T z0PeWpKYt~^8uQ~&ck$!F2(=EG(2YodG1#7tQN*DBQyox9=Q1Ro4$6%h0=x+%`^QF` z;KCsPK5sWKq-tc;qlx;JJbVCDT5T=@1GIts})F&gZ4u}0+uKm~=UHVD9;#!M#C^&Gl*r~V} zl0xZwyN2^%>BP|geCN&)Zn5Oc6W;p*R|Z8!er<^)w7I4sCG%j{_)_|S<X^N{V1dYw>F!jbFV_dsdizT*>ACYweN7`nv}<4mIeHKC-vPC^?-=&@tB>#e1@a>N zFG@$DpUa1{8vJsxzA8dIDnk7{>H2D+jk7I##CuqOcr{aqk1bqW*B2erZ52?4Giy{I znq2$Bt(?qJm0BFr6<%fVAg?F8SieYlRU&ftMYu_P&v^VOx-#c=lpuHP4pn>4V*EgH zDc=A;@~mst%cDd>-wS1tx;X_}2KuT#N-81!BbTvbW#L23s0vojm;ii>!~IvKfrqd^ zQ?~Z&tGnZFGwRs*I5AZ<@QhL3p|-`C_MuSOUko8)Gi?XKrj!p>+pek8%c_2f;jigY ze-tdvwy$-3{!DCv9rJMDcm049^OaZh=p)higL=*OIZ{la{=rCVrt`k=-{FyH;SbS5 z#4*_D#Pg&mnfBDr1+)3gl0PI=I}i;lqBgp3)%6xoth9EO14=gV@G%9g&L_)C6{x8i zY=)y3nRXe^f-<=atTGO&o;~q{qXa0^mA@_ssk^$_>8QhjuXkVVR#eO7@-Ok-Z`31e zX?QE4^pXpR&_^&*a+zG>@TK(C)G}`WU<9nE;ipA18AKejsvx}C*N8)qAqJdBn^zHYfk$g<4r!w+A;Qc>f$2xCj#2-?Q>ubO1W=&hHfE zL8rh(9Hyb;=$fZ% zo?hIb-1J5rlgEMe&lCr*7+10DeZ9!`mM}2iavTVa0?wla_%q}j@uKs!cXP+BTehf< z@oHfVdhx7dx*lp{9|aB-$uH?(Hji(imNZ`OMcHW}4ALd*^@_{6S)WJ7h4EODd(P3> z;b2W95f^Gt*+3{JlBRUY%dC=&+#;P>Qc-JjtXF#ILqbWxAlj-*+Q>0`J|`IW0S~g# zQVu5z+3rbbKGf(#^d=bj(KW)O4EdI2d}&I-YwcR}5#{B#7XeRd9^$bsuyi@6t(#2Q z5ORDjN^y5sCIQHqp00|};s+SZq2I%Aq}Av6Rf`{!?9g0xfI9TzaQ6Q8SJ1a3y+FLh zBUef^pAD)*F=AE`j^U}6Y!1TGv-6|WBw?=CmHU7`bEQBFYJV`IA^(V4RaD0c424dE z{B9#EceiA)ofX8+H!a=OM!F3YXt*~g@+I6iCjIvhZ9CsRYx-ueX8;#jyy;9R^$)l# znByXUf28n+y=AuN?<>|~FYbxwmui9V^nz6ZP*UK~-d_(_WfZ5IJNI*k^4UM>#L|wc z{I^YO4fLIcm;R-F(+@O@-cx01CSI!inYpyFNq-4=?fGxhJS~oPL2h^(TOZx_pp}T+8@)FCB7qBreqTb1%)qM+r3-it7G2ekenY;YO2i$_{#B0+Nl@q%|!-MFPX4 zU?$V~z6J(VIm z&CC0Ch|benVdwP&OoI!^5R9iX@ieRhqVYG)mL)X?m*m|>3TtmaPj4ma#%5KvYKE+qG5}JV!-Y!Lz_S$veA{|I*~~c74hgtFoRWqdUmb z=74`~&#>L6ej`di&<2#(C4FHgklxSPl5l7S$<*DnA@p8c(cbuDb$;yXPa~()G z&V-~~2Z1hbFdPpGSVqEWJYdwqpihPxMnYBdb2HYT)?&)&K78P=VSP4iQ*J5uL;BO- z>+2HHJ9l#|6Z-rrfwB-6$VD7VmE|#o`Fs+0K|M1CAL^_*7yQox57(pfx2D><)8?`e zq8HrPuByy6tms3TaqT%>>o#ae^npLSzzUF1SysJ$JE0~e^-h8g%W2xTPZ)YWHfQ(w z#`|lbU+wSr?*84T{A1-V_O)XRpmG~U&uuv3vu|bR^YZ{8TBF}`QOp*J`fuetlJk&HznOiBq%{3$I?z4JW9M~|A_g!S` zP2=C{lI-kbNvQ4z(0Gxs3?a!foSp@8ym2db7& zfP%Y2n!|V9s@zD+7MkKHG8`yC3cAnxW29NWNuw{i{SwBl=NA{@!i@mfvcbxT2C;{Y&zXz()Ha5?5s)m0EvIL^dX`(^Fv@h-yh!xz$J zHcAP*7v!RUL*1P4#ZE2A$y6bCn;^?d7c> zTbHTV`AJ;Auf7mIf_2CbP=#lYRqzfkQLdg%<8SCdyHq(D5;Dc(QEV5RH?6Z5h;H7Q z&Ii*E^l!v8NmbHvPE6UWQ(=iR{mjkaZB^4);tMc{!f+U5Hh;7Tb(x=klMVF6Hr{Vj zq1iXj@vJzZo4I#yimYjF&`*?9QZu~f+TCcSS)4fB7ub9@3pBDgS=lEtiv@`b`7qV= z2IWJs)JeQv8U~7bO#n#7FAm;_}4sqII+s#gI3mf{GHyNGin5$p6vdxE2^4hm9dT7o_K7r}UWmX$(;i?pUO~ zJV#kO%>^2Y8lM&{QJc_FO$DlAK1z;+8@&nyM+|bpp-!wUR@PfbQ^-obC^_H1_enZ% zc4p~naV{#Hser48v##25e;7rrf07ePbFGO>!6ov*z7J~jvssQgB}4f6s>X44Vd^I~ zW2RClJ*Bp(5nqN#+x5mR>QnD?gkK$n9S1PU_j3zq-U(_0#%Z!xr}T`9($H z5C|p42O89WZ2s=OM3n|R$07ZPsS&af(bGTwv%Rcf ztgE}wZ5P;AKHuQP5XYd@Ix`Hke{gUbOy6P*z*KZ~$%X3vc?e3rSk6CAeDgos&X9wE z%LON;ja%iPQm^Dp6wQ01C}iIt`Dv!|dJjFkWs#9WhsPbThNk!8H-fGY#c=i~QeR{^wk? zcB4AMMa7g!`H7CV9+r^w+~p$+lgSZZE)wlxcJ&t^hXQ)P#_2khUuB4|5p({5a2EJ*b#uIge6mE!Jd^Cv=# z9|4*P^cEO39jA0wqeS*umq-NGiEpnQUtq;wbA*T8q9_<(7Qm~acgwFQk| zF}t0hqS6u)h;QG%-Ct;^f>y5{y&?TIqN*V3`iXe}ELF;)hu>sXz<9Y*P}-@#wZg@C z+}CaFq^!Fi;hBw}G%pLT3E90d9$>Q*AA!_7*Spib_?*{k((^ z0dg;15*Xa>X0Xu7U+0{8cC+E(;a(|j=Bdt1fzTBL$rw5#`RTrL#NEe<=nSV~UNTP+ z53dm)SeeE;GIyH(bC6o=@J2~7d{^1AI@IsJG?OBRXswSjZQ$V1a8tqycQoL3_1=c9 z&uA~lL1w4D$rEdNHmM8PVCj zlF;?$qh59)MsA7-c-~bJ`YM+3mXIZ?wMoDvQ1R}Id;DsE+Nu-|F zt-RbP**|<@ai|ZL7~@sz?RD(CcfzkN{}MD`{0NHjk#={y$KmrEm1TzOioOnv^)P9m z;m>xPH4y-=H@OWpB5@U|3-Mb_9E#S^9WI{Ou0esH2@@GZVojH{IyS;2SqERxjRi9`b(hc zB+WERvZ2ZR&=clEPkB`u8QV#P)d+=zN?-M+UidHP+q|^)bC&$2_r~$MVS_0UyATtT zmJ?i`MwZ2ijU1kF_dthIgqPnb7ukl>CjL%6C8TFbme;I%LMy$#=#$q`%!|KTnjc&g zC?X#aw2C)`!x-73O5Ks+8u4rB^^D+~f)e;@9lomaYR9J^H*;22&0?hYhyftxYgeLf zIz<~F6^kEIWg)wyROg80GyC;n6v%~4$6HMWOp%``{5`FTiVDtoasLENZe{)cC7`ky ze>!;B7h=U8=}S$8Hlu)^~C7WXivX2Hm%PfUeYzfZ5xzt{+* z)5SN0S76-~e59GA>#pA`j#txErG$(bNUKZIP3lwmzK5w7G?6F0LYkx#Sa4|>)KpD3 zcop@+8p`1T7jWL zmcCC>q*rUKZz^5f)s3i$gOtlnU!TG^9|Z7%z}^eODE=!`sImyz<>@e1*-G~<>zPMo z$=jfy%joqB#jJ)D2H#2f-iZnkuE~$MKSX_3R^ml1d7_8qgGUr=?QSAqQ{M6;mGGfq z$_`AoTKGoXt^1(^u0fj*%cU9V{;cD7SfN;s2^^V{WZv!K!Uy$wBo*|fCwhzMWfiex zc^ys)OGc8cX*jF64Tys3Q=z^LEs? zJ^|)C-sPszds=i9y>p*IDE64sGdrmG`r6_v9kZC34oC=#gr`#Hx7r*A?^5{S@ll0e7;^hPr1solJz|U{gIH+~LL;JGmHBMu zxc=r*>gdnyf^_i}hyT1>Sq?2fB_>uYR5L$S%j^KrbLKQ($=ync>!qADnC4xfFGpBJ`H6636Cjt)!$&&mds_V0ZjE+l*FV{!~<_cEosMbP)A9B|kw8qRq&g zuyB^q?cBWDurLI*cwri%KM!-Cm_)?-+}0dt%aM2C8X9X@e=pZWKTDf=(20dpXey)g z-MP2as5RcltH-a71|5578XTb(YeCnvZj0m?U8jv)@m04*P}`EMqSMwq#V2{q($jsA z+y~{r(cD%Yf#tO^+&6ILspA8RD86}WxYP!C&- z6?Z3CQ0JGT{Li%jnzFKBf^!YjZZo|%5`8`-Zr6?noP3LL}_{!Ru(N(|Famjc* zi{NU6s_$R%=6+zWx+#)->v~(>@QIPV0=KxVd%Ym5UhJL1a5tqp?39KadG+J;=+W@t zn%_clM?8A|-f&Fc`EwF^rGv|p)=}}2{xDx8M~60|KpC{z`R7q3gJO?~Im9I>iIzbx=FuvUzi*c$CgzLn z05WNt+t)|;bz-a`VNUzoRfIu^$PlEMh0@Ofe_Ha9M2-{uQ#3IBflS~D^ToHPoL>S_ zF5t2Z&)dtXTD+b6B(SO93bUSw2{N3OuX|;}4?`$8#6<49Zrv;Wp=EBJ@bCgV?guXGc|>B9z1qNKSk+Xm@p!#g(%=F22?V)6&O9MFC@od8+UZ*bD8lMq-iU0{F8 zm#B--=9-Yj_az8P>*Q2vfqT2GU3LEZPmm= zRx2zQfwyi+QcSX#AqioXOjcH8VEp;uOOBpKLj*tSQJu*bquV7Ndg{^L+7kUKn0B~l zD$3f@qpNxJj%`Mq-BFIZbn0r8@ha*Q=7`<|bn#PH;CM|{62a*JcV?#JwVc96F2`1a z2Ag<+MKup^{DgV10JS0F5Fa^aFM8TxE`m;@ONy@4<}~ z{KghvT}>6|fv2g@KX*n_QsGtW-xJkp&eY7gRH1S!pfeRk6!e(u>f3PF=K1+;86NIo zq3V2A-b3`iVI;7w-%NT|gi3cjfv#(^VoUg*B}I|>8dSzk=1g)#I!c%=@1)JKRx#c4 z=N<>!6Bo0?V0Y}V$VYt7PL%Z*$6SN0c`bJKUl&xxW!P7b%82ks$ptvL5CmR~;Jq$> zAzDk?DGQx^b=$L{{gz38-RW_suR6V=%To;2F@;K$^nWS-q zF%Vu(75TJOxk<5GbI33Z#<{q{moBzOeHF>qP!VpU;A~)lmnt75u)or7v9(6c`R;xV<&actx71b`wXKqTkGh@RB;-;)?v^h|p zAtQZ#ZgIByGP$4K^@75tGckJDd+i8oLKXJXutKb;5G83h*kx&};`Skk2`;@#za`jZ&=E7FYpAeb3Hq?}<`WjHEef`@%A>g@yZp$sg_s5^eIFKlUqkW%Y|TxMN(n)VNom9wM86qlaB zZtqGnsyeBqeB`|0#@JrFPhWpB?AG zSF1d$gVANR!C&k}BYnmF`v{IgU!gwp4M?u|qI4>oy{u${jkNUQQ}Z+Vy60#xITHFP zmBLS*ff&!xd8U;0HnXc4Wz-eS)CjK5kRp8pv`|Gd({poI8{R+iXsGJr(0+dvGPqQi zx~N4Zgk|*!Jb_XEIxX|F^wjGUeq02b>snPPKl%Lm^lCwIPTq)gi#XFmhBCY0OUc6* z&AFRu__GC-f(`=Y^%f@QNDIKxn_Wi7%7a6mP}dERAlPyXi7p zwn>${w~@vMr2SX1TpROtP~v@e#htqbS4gdQ$7O9dc)j{e>@ou6H#V?d)loqY*%zB! ze1K_k{rswwlMjvnC?=0nn8G~MY&}^ce$Xf8^tC^8$B~N$sS{C@`JuS$SUvMs7=Oss zl9JH2gTXLGj9D*uxywQFuOYN2TD$cYUs#AQyq73)9J!(r#_3NhJ%{PYqb!}X|MX|{zYM273q3Nhq_~ib#@=rxh*zs(I z32J|TzgEfAsYVLV{Jwy#YkKLZk6R7oi>}@D%BtmP+hV)eBgRN{U5A4DPXcpgPP1!1 z77&_y(eK}(`ZL~zkr~yNX;l%i{wm*R9s9+1S1L^^)}22lpin64x^hcOs;jA8J3wUp zy0{w&F^pXWDyF^Q@tP}zZ^bRYlISQuKQx|4D5^2=iY3{y@N@%&oyT+n8>#r!zT(!|3QM2czwqw;h4L041Y zgL=wA#|3^r*MEtjpI2HzUpc+pP1ZDrT7nrI1f{vXqJ=ctZ)Ba)nbA9~f8*&J0j;O` zinIw1EZkQ0eV12SyFm|JBHdfX${ zdWzz`{-ArET-39zo*(xt^4DvwT=Pk!!i>Bii5+n5;w#7YqJDn=JirSCL>MXA0 zeB3Vi1^e2p8fZ6`7^7vk`I%CF*j1CBsZ8IKz8GM8SqkQk;N5~MQbHADLE+C|BHsB^ z=Qq>VX_Y5u(+}-^;ZCNsFig^ze>@Q$1j&F2bH1?rh}~8O`8w&l=BsXv zlb}v8vo`=v@MLrnE-2Y9`FtT3SSDuCZA2BEw(dC%J4FrVS)R3FrX*)S#guuDNR+YIVxm>&Rrz0e&uVJ)vRS%KR_l4$=3BiCS*-Kd5tE0LM6B6Gp$}Js>7&a1jNg8_hgBly-LYp)b zy3EhNA>3DoTu^qt77eLdnyxzl36FTcL^M#C@X>w!(D-HdriC6RT|OcwYFKsNdb>5+ zm-EnbBX(r)6H4Ur8f`{TfJLGik}7r@Bz3})*Fi?mGo--+;t*a`Bb+~;jt4ptcCIQL z9C*hXt2j!aEiGZ;b?(I&p znuQ<8R&U*ezzr>9R0W1^Gv(Odcf(je@ZL#aXJr_OH)V!EMBp`dk;ic(7_K&R&=2aF z$7cp!^$!=|;ugQIa`iFHqX(Ai;X)<&esr&(J$dvj-dFe1%*?@c1HSRfd(~D|m#>@i zUdbZXz4)IpMbC?s&2>oGFYc+>Kl8xKXe*P`tkaUYnIYgmKN87_JWy75x}EM1 zXi^eq{LR;uzjzu%Hb<|PO=eb@pe@qf_6@AHTGD@c^!%=Q5oEA0`j|7_(wgw0!Q`rY ztwNrg0=C1OeQJIR$0tmTT5n(AUa+g~Yj6N87phRGI=Q<0+|AwTOV_5A9CYA-H&}R4 zwZUKVnIqL8K5F+sBctyuNb~e6X_$QJ;;mev*lPbG3O`|_$)q^OT~&&R5r&+-Ql8nR zMC)bm@iAZE{;A-8;&U;6FB|u+mYY-|_)B@axLhF-rsopG3wb_jO?ol9OdHn{tyaQJ+-5&O(IPyn zzYW^a%xHzw)kb|S`R?cj-oU|M3R5XWVq;>?K}9X-Ro%+tGweQeHsnVwxSU))MMXy$ z7FbmOCOv-X#q6LNM9I49d?xm#WA7&?cGp^j=SWst;)^;|s%wGp^chwOQXl>1C4^cP z{>>4nA8JE}up5`h$;N3j0ekLsuKQ`Y15rqkp#;*ozLnLk1&{FW-|){9UiCh94BeB6 zCwg@Fv%^@%gue;U#%;KcGr+siqnX|GQ!5?Ma zfbrE|UA!`qvzoHXU;Az^~5WJfxcMXBQFBXY9`|6zEX?1;dD>>J{d1;i+!xTSCEHEq+XLC5K<8* z!BT%+5hpGyR7cI2DQ)lLu;zc_$NxICsV#P7IZ`Q1Ugr^JVl%s__{EW2X)$TIMleYa zl@2Ecnqc(EdN-c=a8`XPavlYhl!1~|$FA6RtL`r(tRo$Oj ziy|uD^kN^%4dnl7#;D3iDXUBLtV-~fMn8;2n1l#@-zBtiNmPzPRf>$BvohGuKF#f( z(Dd9^6{u)rbkiv)EzK_N`Jgu%(VZAw)f{1b3lm4vcR1&*Uu2My17=xfGR)$W5^yt` z4mQ>61MLc}0C81g=v2>GJ8Rp;^+q$^CD$HqBpsuUEyH35?t%Kuo;2b z1cCY*TT##I+a4?Cc2$#~l{sOlO#HkO+!{@Rv4x)o(rf!-uj%YQd2hNG7Fl4-FuJ}v zDVFdefmm@LhFLLvDr&dtRo=*3(3O%jnec{HF5an#P%@VN&Z{lNEOt%Lom5K`RhvMD z^LLCw9Bg_HOY`P5B+L|e2{xZv$ga|F)i=#v1a!WW_>973_8zzBkfJ|&ifR*>8gW0~ zpKo z_u3zaD36N~S2%|`@I`>55HJYad+?56Z3@^w51|wUNAkvyJO^$0y)AM3r~ypU&9F5@ zZ@M1L5fotX@$j6bfVjFZ#+3qFt(v#q=qgVRyvs=H$$IY9%H;dT@!@WH^M-=vLsATG zuc(163{s}s3RS?z34Pv4iK3)_P8J4(ctr&SAgQRR%rrQeXIgeHN}iqIc4@-8RW(DP zn;n)_*cN9hI(vb4qoNl7PRxC9=~qX2twupEW4uN;yYRB>sV!Mol1gg-3NlBXT#^k# zC&b!Z`uH@Zh!cayR^&{uxA?LBeQQy?<8-%O$Un20x`%8>3Cm(o<;(&O6_SQq5NMye%XQido+gl*Z<22+5i4*=f6L_!F4-a@Ti#o_Zyx! zM9Gx@Ie8p7p`iB9OeHPKf6eIrZ#VcqnPdK+lc@i{xfzTR8|_DOavv~t=T?#SZ-BW> z{}+d6Omocq{rg^9n?zI3g;@9gHr6BiFpyTy~YZo%;-VR(>rX+xe; z(qQ(`vvPANB?t;paCPMq6chvs)A3Gz=0%G6`R=5ADos+j$;-{>v0tncqD#|FSo?rKP3!>PrIwOA3S#ObX-Gj-Uuq-Y{Se z8ocatIW{-vIbd?$@sgbby!KH=RW(J-M~GRol$Mh-rl+T;Pb7`s9<()-VrpvYu$iFg zc)952w9yx%TB`X^bWPv&csTb`xDoTE4ZFj;iC&dWTeIjl&&Vh$@_CD88W9J>4Ia-8 zq~5;|;56z$UZ2!7;9c_EV>KDek$l=&VK$if8ah5UW+b1?(Vom{5)5xzz8`UaxQ0c7 z*Lz5~%|{}tH$xd99P;#W@cSdb<=-VGyp+CIMl`Qqx4WNDYQE~^hyW@gDd1QsBctpJ zqfV5cg@pseqMp^@y^=c8#l^*7BVs9Q>!O&rIFk(+j0~vxyi=um)=z(+XEz`$I0xQjc93UiL1<^e0+8b7I$kzZ5%xj zBqmQgseG@pfmc=5)HF|)r~g@9J>h;(GaYfhH%$htVJPABd$?Qm8UHsO=+mb;u6o5E z#%8L_l`^L*tEwV1?=~2MjndIP_ohn1<&SoDI7{0eJlFRO9&diYJOGd1A`1g=8A--Z z8Wa>HB_|g?1~|;r+?>qJ%*cQ~IzP9@V z`zJp=p0_n4<<|l-QvwU&*d6^$Y zTt9xwLqeH%P=!hF$((f=;_;M@{Zk}ktjk*XxPaRpRE>x~z@wjXfSR2>+K@wrgV=Pg z+LAc99Y~#IVK+7aJ27SVx0mau*U6$@d;ln7&P_p}3+*ESuaSUZrA>#%fMR^gnuZKwbMe%2jBNy_a8ny)7I8Ti1|Ei z@cungN=gd3kn{F0%S`VRbj5r;wCA0d%YKjX2cP8ROa|iL7JsSP{bh+qFHh{y)&qFm zV!lJ)8!pMk&3%38_vp5^wuTUlU;OX-7Zk@Ora)F!R%aI%$$*!CmRh`M)Eh0NqbVc3 zmnSE?dm_my<_|tVVArrrSTLDgR&H+4)s=gmLRybWv}n(2XNaYZ&Bo1M83PSXpr(OO z4OEEAeFc$_MGN5%Yu&|*VjK z$i~KZ*Z`yKyv2n6~Gf^jEVnU6EfuYwOaARa*VxrjT zmA9D5&DoCBmoKTD9w(+I2Xi%2Pm8=R_UG%MS3Uf#MiJzKfBX9SIP6-^HP)ei52tUV zC&SrWEp)vOYMxC0r*g<8u^n)y{x%}+DO4|tfUozG0X)%@F6b0Nr0?EdzZy&y0XYBk z%s%)ZVI~tV(D{AW&E0=;dYT(}ET7Gc!(W+9b1o=s3}C>Hfafn~n%vm=(hiLIrT?h~ zV&)@z7CHX{$kFn@KUpTKN&833egCdYUig3iX!^g^*Z+6oiHH~D;hx6J;>=BVi2i$@ z_Dr=UUXeyg}fXS$Y~K*6nIosJrVSor`~WCBk0@9B|}iX!g^pxAIer32mLOG``B zt~5ml1WA`ESH`q$26Nr~u-8!w>N{iOH=6n$bO6z=_mJ6(u+Mwl9@Jd}74Of_Xfe;8 zL4C#Enl_-0!_$`UP`>{9MeFF~1gx)GO$9`jp{+YC!wumngg4Dgi;Kg0Zj0SOkO9$f z_S`xe2&YW3a9KiouffUb#ci+0Np{iId7FZvDF_Km>>6iLG+&>MK{zz`rPGLK6P3?g z`{UAI=cz%gq(D?G6=mi2vz_sR;$on`@C`5kPz7!ydwdusqn0EjBqGOuo+T+5UQgAv zcE4nA{!;}N8(e5`^4KlN7jQpb`H?6(2`26XlD`+g%Sc{I(jxfa2&ibA(`^sD)>Fmp zs}9FinfLnvc8`m0%bUPYOV<3;x9&0R8Fd4OgK$c#hlQ@jTn}Addi1YH?Ju?s|8p&X z@A`{})#Zzm%tx09%jcE|cUzBq6+6QqT)Z{+tC5Pk`*;j7!G-p~BC!q~4+@0GiUUUR zWrrUS%0Q2i7?ztkMg%djiT+9$X8El>Frn7({aDI8b8SSXG)exeq$OlNY2R!;x@`5c z6VYJ}>eU`*|L=zv-@d)WMN`QoLX-&mjfRHA#H8QN=Gl$p zu8!SZq>oMT8K2-YHZsn~UyRwP%AV-oD1o}QG#`H%-5k+_ABK*2dMknzJ@odrxWzG` z3UpM}3rRYH!+JPiySt6uH|Kkn^R=w^H|Nj(jE~3R&`6bgo?8jI?)RxGiFVh6*U`|? z+imzxyYQ4aeDBEzPnC9^C@Ts)(+0Hp!>}vxhKmjOkp^=evEG!XHk)&Wi zU?Cnq+#ccK;7BB~=_T`6;)WBlA{mb7DLheVT>r=ARv!`(caA5q3>(RaAmhjU`h;ho z7>$?e2`i=xv;#z+!e{%X28Q-$VBiHHplobxES6hE0Y$$K;N|M(CXwvc;Pm+J6nY9U z?^vUYbxux>gOk%byqC(nJB)x_z~O6F7B$4@Lc6)8MbKdd0g#L9;*Zx@0IY@}qG`#= z#Jf`^gMf$tmdXAx<$`Y}8Q>BS1Z8AU0JzLk$`sq!*oYsnHZ`RkOl198U!ROgA;e)d z!MJ~Lpxxxk3W!QTy<$>|$XHk~LPamh6%`e`y1F>r4s}N|#g%}a(c%vR`uh5sbWoz1 z+1argYt7b&8*2=dXB8C{Pen7aAfd_a2sB%1)(n&?d;$VEP@}7yV2ZlBy2N7M0*j3< z%#%xFKc$}r8D-5UFZ})eHy?(cbRZx>5oMH=UZ-FhJO%l zE|0L{y=PAP88RJCHe`1vi+Ve;#N}mVWO6H>76tcF7229|(3c`8Y3j(mMl&>d#Y!d! zzLIY>OKZ2-YU+<9;a`ZJhIPlKShGxy_{Uv)U+LjiWxm?l3yr)2OVbNSZy<53Rtd}n z3s)I^!8>f~P6Jc*a#n{h*hiEqX=TwAEit7aUBbgmNpFP9!Jev=`$xmfPU}TQ^SS9F z9m6sPAAKwKL_4*piKRTSoUv_vFZ^T17+vX<@h*)G46b)kG_>pJttgM&- zitxT#4dJo;`>j8YVH~)>*!2b;fFxl2>5{VN1F+{rk!Ey*6O79Nm?)Q-y*QW`^ts`o z@;So+blVDG$7@c`iirjQCIINa5gB;L?2P9F>xet*mVK>f+w7Oc?3xbv#O{tioSdA@ z0HHs(&W1O^3pUmUeb0^9#U#UJGXK-JbJ_)%5^k^rdrSKB|MpN5dy z<%SXky0rB4CqTwMC9B#Ex7S)I!}fSSme0*u!^V4TLm(ZVybe5{8^~mhGX3Gh#U{k7 z<4!C942C1=f*8acUxA}ZLYHO#;6ui8lAkNtzUya{LdpT9i%oz3qX}fYoKjyvSZlm0 zfqB(G>du!Z`uH8{;KO7a$WfXIi}WT5Kf%q})qL=Q90)o#o@SrS85zB%5Oy_vxVy%n z5Q<-HavRV7fQnFSw>Z#pxfC8A{?f?E=-an%*c23znVD1o7cDrC|6k<2cTiQ^w>5}4 zp{NLm5)=fHoFpiS86}9K2$Cf$AQD6}D%S)m0+N%6pcsgfGe}O7BudUmMuMasOYiT! z*HvG2eO>)WS65SYt8U5RoW0jxYtAvp7;_$ZiZ8c*1SlMv|0gJj;X>#!c|^5|$w`)@ zM_Vj1KdU9zWZK^ys^{{zZo&V|{A@afJZNrd$;!+70%73y%!o04s<_=Wheo<}=AJ{V zwNb&B2Z>Xwsi`e4F4|xpL@CEGX#s(!#?2zzUSXnW{qbY4CSnT(9OC`hr#^l)qRRkPPFsUjlV?A`}DWVZj_oIXaA+V@EmdUq%$hb2}Zrr?i zwf5I1J2H^LTal_MzTBvN#4ay$Hi?ymg}YXBWMt&LoZMT4pM|mP(8WcEXde`Mad(EV zK0C|${rmTf=^9x&$$o4q-Euzxod52hKg(I&B_5PqnOso2crgd{VE*e9F5IcnKb_Kd zswLm*&E3HK6>F`mtV{r%h*_Il{-dp^TPb5QXZ9o|C0UI$dt)6pZ`s22OrAh5nU6_2 zu`j%~(u)@gwg_2J{mF4=nJIQR4EfkA!QsVi?>pB^HOgU}We=`!n2H8t5&Q=f^ z{Moy=afhg{)Q{1@T&MEIWr^^}ki4QFKJV5qboF2RY}`-L@$;wp2mUq1m6e6xzth^= z+Xsl4%A7sBJ}N5eXIo|<-1xihefc76Q0{l%Tj_i|ZW(*yYgJXu6}6d}nJ-4w4!k$s{2{k-A_zRjJP+SK(e7;$xalDM*exjy}f5Z1#yR8pP!#6M@7vH z_Cx_cfB*BSVYp+ESY)qWr9E>-U%4nTDJe1~W%s@QQ0I_`Tj(aIYZa(zX$xJbjy(ws zY&o-Vg~o1rfG{`wffb|xp%*exx8l4F;wmI0#HRt+dyP!UN=t$v74FX`E7yCaoYT|a z|EasXd+!}2gr+RVqfJdsDQRgwdzv!%8TWFC5;(cz(C22(H|+OcyfxhWL{dx7pYx`0 z?)}U2lml0mIYZCWub0q}ecaQ1t1LfxowP{H&nmv)#|M7goj=?iTb^zwx;2 zZ(VhOX0lFOYgw|~U49|n*7gEJ_F~K?k^04gJN9CcdfwQma`NO!qaSI102`plkvl_+pR<%7y6W)pQ7N;4TEpYG4fZY0xPcd2 zAs0mj7_-RB?=DP_wD^*0R?hzCzf-QVSYBfyQdwwOye&Rk36VAqx#4R5FOc$2?a zcDFnq43bbjcOuUJ%-)(tb1^#iBO=07=3Qlphjz=w-q6|>pqA@JeVu&a(rT<>zfLCZNf|1p)Wv9Viv`qA|+ zVWqzi0wcv_;E=k@4M2iLAwR!XAb8>P$BgyUT2M=zb zz{{}1c8lHKhZI|ABz*O^kmc>$`^3fP@6#)s9+Np_XlBC^I1()T|;Bj z)~))zrQW-rpM?lg06ZF(loZYX?_pEzmwB;wv`V@?w0~mIkb^_8IxK1n^D*jwMnYvS z0#rT9uv@KW>?e`NG|DTYw{&BNzjbG&goV9E$kG7!p!oVDBA@d=GyYiRw|LPpvRvWy zY+AVRd*iBdLzlS3N3_p_#?6y^lO~E9CBipdW{$1`begx2-+XK|NzOJUOJ6wd$o%i$ zlapn93EH`v-IX7yVsa)`+&=Uh{mf?@I79Bq`nEm-{moM$`3xuil*5Qua!Yj*jkui_4Ar4>S~8 z_Xwjxmf6)pVl*fM3Sum`Un39WX7|WR2mi)tdFCwZ>H-3G! zY^(}bPXY{~_ne%Zz`2CgO?OP{pqSa=A*JHaH|y3M{UD*=ZTI0{yY{{ljT-zrC++mI z$A|f-)G|Z<+^3cgQ_|HRh8-n=d54GUPyp9@=O*uhkD&+oKe*qOfBcujm~_7*e}S6j z?~8`+R6PHeyEymjvcTV2ZHil>{vFH~_3+BSzpXpT`EP^W&HXh04r@z%X?o{y>uB7- z(9N{c#bxu;@{j*YOp2_+g8z9dr54{xW(k|vBLV+@BPt?|GwWjp0_%GSLOe=Z`X8HIlrKwAn2H5Kwe(nP}*0i7vbToxw*Nh1g|9> za#vEYjn?e#ZO{|+2nu?ZtNlK=czGVXczk9CI#OZ$h+U*6!P^q4e%i7M4eX@({&^La*v<`ETh<-t$~MT7JvlRgh= zrd&V)Km?`cvuA82ZN~SZ`cy4+Xp4I3tIM9ejX$Zp*?2r<8;P5a$V-;=3X^hgR|!3ySV%U z#U~N<3@U?4Y9eF@5l7@7UnvCS@fXlN8)Zr*F@D^ew#>N!bTi(y2gCsl?T-exs$&b! zo;=w|3WD#S_qHUP#l$DMxw`sE*b0JZ_Px`Ff&sNi7icTtTdgUjU8&7Zixbj5+}9Kh z{`sya7-v+?;)Hm*$Mt6@&#_}6q@)Cg&{q{&g{3+zBO~LTgaoFgKZ0WITzx99^!gYd zVA^kAZd|teHAJwBQT+!c`NvioM^J#G>iyc#K&RGnGuYqcx=7$hhvt4{(u!AyF8c`? zZbO|*ATK48gdfNX#Ug*XNUodNNaslP-SKX@weJ*ak^hiC;^O1e-WY2|4;Awr2eskv zP*_ml5gMx1+u$jclA1aJz0?g0OuchwUch1F;_~uOo=Hk1NU5hsH|gBQqn{pba7VGd zbJs4^H>|}aC5J54&CLb63!jIhsrH{ok0v`GGpo)7OWONrX4-X*jL5&c5G;1PRC?PNPsw~NXalpuOK6iGC-rS|`Cr`8JE1wMpy|F*%3#wVA3A^XiDnn=*XBJwf?yq#2HuO2sSmh>X#>| zOniO^FM`h_#F(rP_jSnJ5s?*Ftu7cCuuCnDuhDY+MT1&Vzr>U6ZA8Q>w#&BxyX>I~ zTec)D+TRcfod4CJ1ukP1WQ1OvnBEZkpN#@p^L=}1 zc~rkb)LKP2bl~dK($WdgmO5%IIT4!bV^rO8w}fw?SvoZ4x21*RLWo2Oo{ku97&$#- zs`9A*3&M0a0ir&pV(u$qcGiQ^2YqdGLR0z6{ijlfqti((p_T0oU++p`2IbI_0Ps!P(ity%up8E^xZwB7)#hORx$bc^d1k;DUh)0xMmxb#=fm@6y^A+k|DTxw% z*^4^jg+G1->lVG(v2&-QzOBff=Re!CLoa|(YhK2Ivs_u4)fEXmf8l}wLMWcpyPAbJ z84K}nCipBeid*~xTKGzH)fVSA=M_hCchHp$QpaNI7d2g9zT7UGMKL)wg`W7=*Yh9w z=z@DXWo0D{!qwp0>l27buQ)wxYHD^18*L}c0dkm5(h%nie6OHMBfo>ABhNauOP6*? ztt<+G*D-*%0_%mEU-?$+)2B~cEy{RW&5IcEMlVA`E`UlR`nb}^tF7>z%+1fk?(j%( zUi|JT19lP#Pfkm}J%WQxo09EkZ%If<>^^*R7mwP>(;JSajjXiVcSbkcF+yv zXGedKNa8={A>q6%L5dJa;Qgp%d*&v(VH@}sE=`3Ui4^-9#jmgTWs(n_8h#eGzGYyzO}GxQ3UYH;X-3!C7yA zjUCl%SV0*R{JOzaB>h8XL zQ$`nracpw(L97xgeOEU(E{S)qUlSqgR>s6x0Gf?dRLKq}>~YSbqoajQ8n=Voy9G&W zvvdJ29e=QeiHXU^#^z;kuskMH09}A&)YjEKh24i%j{T^6>QW6WgZ2vx??NhoaD90w zRRM1T`m(sH>K*JitxgLgN!!cC`_a}$1hJ1y-auppI{ zl}La-fgj6Cq6jL>{y0UUOoLbQ9CjRffXjaH-~o4xi;D}<^Df3W|G?UkQ}gYw-=ImAMU<#66Y+>{v?BuFdtB8T(aF$Lu7C3upMlH(p{Q2|3 zM&EKKn+ppc<>VZPmB6Ux?WW6-a@SD??xtK1_O#;Osx{pGOX9P>K$x3=J)lQ$x1btC z<E!;*(nP3-E>%+QNH~{yOvv%u@jz%)z8!waW9PX$n-T9WPZoUeny` z+fp@rIGYaDbY6abQ?eN|_66bLtbR6neEP&)Ca`VWHUyK$@VS&52qAX&wmqf`2^IF2 zqY1fu@!~xYIjLKedwY950s?N%-`*tST0glse@z~T1+ND$hv)IG&f3t>u*|A+3qlMI z93M)%k!C^~A)wyJ6Gm?4`IYdQ7ccjDBPJ@ETsIWS?)CKL%a@8p{k^?A=;)*oj4oPa zZ`iQG_r|P+#orWD=z0Q+07;yKgCnQ9ddEEoLz~-;iV6$6hKJP*?2**D&un?+P^y`H zOQURWBTNO~2+utFqm1!x>#A20vsaWp_RcRX)S?0h_A3%xKw9=gY#z&6;Kfnv39%pT zM2v21Y`jvE7tBZZ+ozgja*e%ka@4JKv@AQ#(@8UCeklQXDb}<_d(1 zTyQg9K0bw}$v+-_{>+1jJawk!(*OfvlB=sL|87csT2TvY>q3<9h!t9wq_B&`Ec>4I zCN`O{gV;k5!l~nF2@VRvx^g5xFE5wFwMv6&eF7~}P|y>VLvl0S=Cttz=lxlMx6-1@ zv-di`XhQJ${#i}S%Hwl(;GZC?dU&S%HM9Vd5c2-n^!D95OQK8KbZ^CF>xmn*B$)y= zczJjbrI{$@WfD|y8EquaIwTu0)C*v-bdXC3ks0{{D?+w4b~QvJN(Ql)Kr^16o+q80 zjv>l$ine9XglA;W4%NGXe2&#A*o^zQhM+u_Im-l!3o(8&du55rtK=W>hXfSt{xEbc z34nAQL`ae%ZT7y zR<(3e4i~Gpvb?ki4h6?BYhmT7IK^{LngEo|X0KFy zjLEuL@~f-B4MOD>ya~7Eh%4D0vN$DBWyPEp#X!#0I4vjgHJozd^Y-?p0UJnM;<2%@ zf)A@6vVeTD7;O~?8g#CvQRg~Rl$*QC+1VLx6?x=xSd|jx+&@8K0f`6LvmOF5ztF&v2Gm{GPrc$4;1@0pBWfn53&@f;8e{jbz+%a>fGBMX zsTEL`)HP7EqviGzK^W|KI3lyvSX(f-VEXb?2hj4e3YPYLOFRm zyLTaE6GTBJIlUb(Ch}*28(r=DORQxA$ZPP(xj>ObAzP@@m7Y^y@7-JGI|W?OH8xg- z2TqdA)vH$}e$`zj3}A}6E>T#CE_SU$2RHygf_l%MQgk<#$}xT{Caf+DKAR{hzese? zHyqMOwse^9^(DY_@2!-ux|(Td1ll-@l=OoCAj=SqDNw{TTKJ)_Nn`AFQh~x#Ud0fllzOt4oKL zPqQ46B}yxM`Hb@0Pd|gO_#Oa2*s0>q%Nf0Q>vD7NqjE^NJEloEQse?91Etzh+zg%~ z^UPR#75r{zknA(pMeSQsB4*Pfs3C2lrjV`HSjvgt59{7+ihLOkaE+R-L;R;mA*%!08K&<~dbZ*-)8MW137U1gxCJ8E*@LpITLfWx53+b4gk zRxU-%89RgccsrzC`|+vklPk$!2~=o(kUz5Z&&UC&dN`*I8yvp0!()ih3ZzOQF1N|a zH-NH-8HrwBtaRyfK}Wm){oixl?o;?rd01ytgIl(j3mAx{5s{l)df!`5{`!@9Q!98s z?#+UyTKE#)nGm4=%?n-u<(Qe7*~_)Drv_p}cSpy?n}PquKjF#qw6`Cue}}+P-q4`_ z-vrc$k&kSMvQXHk?<}ytWhc)t_IkczyHKRWRmt8|J8xetgbf*)%^=+l?{1O`g^dI7 zIwH$${J)vB%m0J$oHqZ6y8@%~KPavLuTY)X1!*=kXB`zL< z@Z9W?%lY3wU2}ot?tbhy2mFX)Vq$ex=g5k&STLr3DCmG9yoy}%fdgOTCGkN=j~<1F zbQ+%n6p;1F`rw72C+X?-QKr!B^^;bSCODMFWt?Q-93rMKO>O&~IAeBp_8M43P@Ycw zsu!&M`~J4L3!6^*T!4^QP5lV8B+V2pYTyP)ax7x9FOTQpqZEatZiCU?5Y^@PpVHe`Nuk4i4ZAk@|t(O2M!pwh-?~cVdHPKF~d! z4L&?-g{V$>`q|(Qfw_npR2=Nhuv_Q@?bHDt-ePT{QRw=uf#>swEEL z&CSij@G2lqT`0>invfd%qPf5TJpKOcEvT6Z>2c!334h~JSR9a*I){hd0t5FV`6qnQ z*a1WUTDQPg%jvwG-4W!`lur(Sj>Wl=+e+`AirlPwf|G^`MlZ&))E6YZKOAQvY6J|=DBnE~wW6)}M{wc2>Nbc5EG&6@%I zV}n*28gHfc(&Db~l*An`scXRh5rfN-yQ9y7gMa7;|DCY8;-I|bp9}XJD2aYWEoMR( zqgc3o_b!pOL1s~|Kb5H74wePxl`_lw$Z>jD(;n1}fVNapi^mNN`p&e7gBzTfn7|6` zq^Ca*;7<_?&j$7~0md{hx_bNiEC#;qhtN#8BM?TtPSV;C9G|+n62S$)174(?^d~-_ zgH4RsX|RD=#l-wVotNqFfqTHARq7i<9e`b{EfUDr{6`ttG2j2*W1SuhWP`1#LfE)R z$$yA3g$)h9aPukKpV-a7@C@64sFW1Q^m$cP?z3(7?htV|08zBIw(>S#0Bn_7o?|6V zeqeke&W@>mF}nZ!`Bo4+y&=N`1H}MD{_tBKR0z?-W9VgS0G1<*du(OVk_^BECWc7* zNjQ2ednE*)+dVi~0_@lbTS_6RCqqM_R60&gPzc`Qg!)LCr6mv z`exl(c^4#L)j}cS@9z(^T8k&L`Q0bP97g8uRk**fC#pk*Kd0JSD~V-i1Ee#@LbE zUMf|nmzE|#-rn=?A8#o)P)XSy;>_gf$$2c=Tz78i?)Z3$9h`f33GGXdA)yXApec$o3&lZ__LR|F?# zeh(jJJb%O1cDyf;ZJnmMc|p-(E-|IV<=c@P(f35cP7SCGx*w-|y}-59eXqpsHfQDs z527!qaF4@PNMTF_d)Ua>;6e z$5hG=&w?2<=5$Kv%8wq^%521=_?{Mhc0H>6GVJb~N1hE=PW*H7ch>gHwb$!X=%k+N z4)#rR9vxLwr%H_}UDh;(-G+YUhJ*ZLa}8qpV?1ItSEMl<;2oqMzuKrO#GCFxrd{s+ zHT?RnoAJr1H{q52rp>>diRqTD1{j{vlYI8729_bQR6+oF_WZfL{A0@|SdCv0{AO#ZP& zy~d!UW}u~Yg^a@EnGxBL9iPqxANdx;ENr&TjaDPG@qREVb|-YVJd-}usNO_`7PVyfoSY<8@D z^5&D+%iomj4fsL0!sWG-`m&(@DCE3I=apq}QM>LzlJEkDQS(umFUh1S5BY-F7*X72 zEX}kaTU=`v^p_)J1mM3BgvNqiN?X`jn=mREc$FwOAY-O-)=*L0#+jc2cjJRW%{5H8!CC0I%7ee#n`#(Ywq^|=O2Cfu}mQp zKgEK|?A@r(mvTfpQqyT>W;4MHd#*%qyl~O-=P@5yM`ruNt+VemY)Yozm~ODN=?^?T zxkbLUwea(mR;knag2n~5a_mC+c6Jlv6rqBSWn97nw#(wy45j-&-Dgb_`L=LY^pW-K z0f8SmF!+emDj#2?Wv}V{nknoTBd;Bmx{M}QX?}1F!$E=1ek%?;s=C)W(mN#>KAcy; zCH$t_^z*2{^gUlmzV_~_=hxY6#dl~GJDP=bnON+&Yc-?YdOO>qTg-|xl+9!CtpR6e zkYq;NhwN$YlBIq0@^jbi+4s)sU%Fz#ek|4RYS@L0nd6c{jJ%Gg9bqq)0Q=WF%Eci# zRrp|S5>xShmSPWs*C++v(CRQ*6s>Zb4-bG7o}KG=$o3!v;4|NR~zp^9rJ8+PWy0;@7H!{VsKGJ zIQ6fXj1KLhUGjWn&$u^0_%?T9%p3bRM-~#r1cUKu0(-9ad#DFI7MrNlyP2RI(U_gcag>hb~_hH7|dh^Kx+?tfS zg>`?9yMJ`EkPB3D9RLzKN2dda4|_wF3_xqoLwJ`vQDi_lR~qtzn(qQE!mbcPnS(Q9 z)S4ndltj`Q6XC0gT=@X3AO&dp8*LflkYU3iUl44JqU2eBh<$X8iql-@2FOq|7PF?U zz7;j{gWOJ^1==&3pU|`jHqv+*HZgbT7fqIgWh@_;)LdY>|5JjR;*kIPv#mc%+%M-3 zwAFZ*Oi@#)%-XX{SJKAX-4sg*+0qr>+b?dP^<>(Fm9Oe)cl+Iisj`)Tj^P_c(-G$> zGA6G{oXDE_)FK=Rr~) zyg&|>>!GlJ)*YEF9QaL{-IP$X=$ygg|7dxeNl@FX4GZ>DrL9sShgxX7idI65axy0N ze`*Y=EU|ppTet%k-&D13YA{9n>a8m6g|Jqcg{%?nZEm7(1!f;U;tp)}%Pg9j-_My} zqY2xlbCpCHTz>T5Cb~jHirDC;+NIabcYeNTu|>`ymHk(Zr)t;i$Me76Z z1s*rb?Rfq0Hcu1|#sB>HGvxiKlj%{vd`HL3Ylja%3vytUS_;^7#ewhYwEbKIIWs=q z-UXW`f&#``#X$B~8U=WyqhB*$kJOTaWAlA(0@9ye=!RC`@W&k=NrO?CQ z8z1fM<&_WTvrV7BA>L{Ol9L0(5T7N;F(^PE`D)rdMYnJ}3X)hf!7!l|_*4zahYn;0>w3JTuV(lVO~EkAg${U4X$!{YO2yFA^Dc6H=Tik_U9 zir1C4+9vP9FlgbjWhUwBv(!vpfQIvx{IUHuObV@oZsEZ+8i5UA8Yx@$S{qKaRIBg# z-C`-LCMuzBvitj#yQud^=Zc;eyiCH=$wjc(A3c(upznOaf7w+0W&WBahufA(>|e6h zRGbRpUSOA03EeMhtF5n8QzbRKpu_9a;5vC*eEx21GK+YE-xuyR$=0{~-F#1S_y71& zOD(0Kw&!rDH6ifeR)>*^+i{%{ z9?NsK%R6TGPEn6f#rMV?9nw?`2@ti)E2^M9s>X$Gp%#lJ**N%g(E*dRdDg5ou)<|2 zW5PNiOrP~&^I`K<`y^Y6D+kmITQAYst8qPQ|5?x}w63Se*WqP#w#(i-k|szd`wryX zzaK1l`%Y5i8PNZl;P*6xdsa6%7|UcDpo7rx!S}+LHq%| zMOl1qEl2IQGY#C!_GMgi#7<>K$x1=}xziovPMP7t3n}7imbxihCQ8`O+&nYe6|u~8 z^-Lw0Eu*^kJJzhHB+YVAWMb-;u`w+{OLU+P#Q^<5Fek`Na4OWm1x=hpMQ}QMA-@K|?lF5F!hM;V8qFzJk+!TA=MSlgdJvvf!bMCEzp@HoEpr9a-G0AL? zNTr4{v>L=LY{|Br59#K>+(&bmDHnXXp{=%scH~yw`<_$+RY$KZtVF=T0ydojl^Mxm zq*oNdUCG7)3KOIOpN6)!HlL`s7ZoY(Y;3gk_1EPfBSDDQcP;Pf(OX=UQK+@YDW7j& zSuR4~2qfv=hjg0z_U(J!Dn^Vc_&3gHwG{=A6qF<4MviY=@8xe9RbXX&?Om&GriSVH zDv_OYzDIJZD>u_g8`s2doxa&EBNKW5sbzNw7r#XnPg`qki`z2>)?-Z0i+&mErn?&p zTv!dajK9})@pAFj*SeR?cz&=zMa}z}oX^4k>MXe?S@XBEgn8v~=+0aOdE1_RZ z);MYQwlh6kPhEx1(0R%=XA1htn0`fZ$I$e4#&DLc)VeJB%`e%Wm6v?zp3bANb*7+d zYGq+kIxRLXKF>(dcW^cW;T5>8+zca z>7yeU&FqcF=e_7zIg?Oh3ms7-0jEmveW58&hS9k z0w+lUKLI>4v72MOF=qu_Bk8E1Fi4;mO^$cW+MfS#Wmz0EyLO=;?v}U+b|BnG;M$@q zqVV0m+Zngc{@9SctU4dZqxy>bKzEnL9i5Mys>jcs?n$$*KNfFw_wGADd(tGpMwgUW zpeN`pUI}Se%W1w~@`$LYFL5L$nW|A7`#r!)Xh#5k619o<0Z|mg4KmC3`e!@cbVRd` zrcLKM;yi->LppiUKcMV?Mg%%OycXT)S^N|$g^ap`S~=%k_nxjE?SiRx;O&5OlwB zyq?}`7QQKDexJ`QlUdI5>y-?WYB{ycUzZc3EHwTA^M_qS4@xJU*`r>fooRCHx|2z> zZ$+79*Ici&JZDCq?%g_``q}ywse-WwZ>M#z(K$!#HK^1S1y?wDch+w0p?lTZeqq~H z?%xW!Ar32)T*-#~v9cvbKA+{!hnWlXE6PSYAA%X#lEn>zY+%eDD#X@hT^vo$otCzsi#@RY{xg=AgTJqA5r6cxPT~lNqEl6gl z(^dGpQwa!!MH1dY~@Fh@b!$_56ElFZs)R2%i6AC>g@`B=l~0>CZW2yq#&ENW>9y!u&H zz_eKyk}j-~Yr!3HvU_d%D>lO!P+%lH34Lr5{yYp+n3$SEYi>&GgK5~;*uX3*D>rOj z@bWRu*~}plFu!EPv~Z!v*G_k(`-R+Qw+fR+FZrMICz~I6J2VG+=<0Q6nYeB>=v#a# z_p$Iooq2rUg6W`KK7T6S&zRqE^13r*XAbM19ah=j%j%3brlOs3^jg> zM#o2tm_l4`xta9j+=vlxW=l#&^K}fE5?ex<{quLX{7;^d);Vk4k_3x&1qQUH z=X8rYHL zFz&hxI|WzON{idhYq7^@ggUyfyXD@t4fnk`IVD>nczaTP|HmZ5n#>5}2*-=EX8 z2m#lzzsvb*to1cvVddTWqfKhm1G+`SRCT()YYyyOaTbocA0rt!Yv|=|sI#0_Q?+(f zJfvvwD~rXXJhzJP$z)oZ{-0Hx_SQcignZVRH#oKD?B(;-b{$uaT@)O0IQ4`&VPz%c zNU+LRT#|ss+0i4SmiuQMcI=(e)8)@wymQDVwaMq&K!gNHJyaD9@fXjXiCalwb$O=F z`mn$t>E}wfi>K@8(}17KXJ&QuvmZNWRq^#HT6~X?rF#<|PCTiws`D#HJeTl>ly2%p`7<6ntdHNI)cbmjqhYK9QwBT#OZ4wOx z|ELcIjPx;^G{rweWSoQ-aRMk)*HGCytu-PejH#)`Ey#g-jpmC^baq*#cCIw0PsM&H z{k76(#4SOlHQYoJLvqZ!Xmytr||th;ANks!9v3z|f^S#mVrPPYF}02EW89tR}7Y zaUAgM(9&W0J@4EW!<`+RBA>8wv_g8zN>_rDeq3cIHSJBM_|8mv=NdB^F-8eSBlU#F zQ!UG$fjpV2;x*2yVk1%#(n~j!GMc!%SMU4vp{b@*f5WjQk=5Zlmd7gkRZ^GMGfExt z?QFb1y+1pY$L;kGKg(B~x8&O!7!qh^;fp4w8)ntWv5yya#V5TU@w0q3-?v$RY_H&+ z@mtq;PamlL?UFzl;`sDPRg1R2OW5ZES5-md+v{k}UKHBT-IxhEr`>Gd8-G~B8eArN zTf4&C^KGKict!%nzAe?dO>fS45?rxz;X2h(_RSwOt}(h%Eikn?2T93T9}`0BEO^99 zgnw9G&O8c9Y@La96c-cYcV2dY75@~D4(2H|v-ZDS(SW!x4m&FJ1@Ia=D2%ZCEz{|3 ziwfD7!X_V6<>xnN8B*1K4h#`vXY18+U}4d*=6+TfG~+MP0?A4iS-J@oldjbJtllRH z+zi*A%J9;+J0D~5zb~|`H@qvkb>m^J=YID7?1?`IYPbWr7%uoxoMnB+Ox07_f0Os> zNJ>fP)KiDiz)V}s+1B*VxZ9n160Y24nSj->r#=H66ZiVme9<>UpEb@$57MN35mx!K z@$3t^u^r_y-kkhqns!zAM!0jlwQv8)KBS()4{Ad(&$DbgwJ($Oj_OjMxCc|hp{SDm zjs`2*K0csNgN|*Lv^UTg?K(5pkX=)D`k3B>4=^?8UL;b1;>8gAZ9aUDKdW`l_b2eu zF;L0}9B1NL4}!JteEw-RGYQjE@u$CLEKyg&KFM#+A{VeW%AeVBbxx4@_)8jp$N?57 z|9tV7g3C{C{&49FHPHuh zd*yjhIP@GuY`~AesQ~g7eE89M^y=R>F~9w6|2BsioGbaa%Zpy|UtQ#X`Lg08F`UOR z9zaux=g)hwD4e4TCf)(^0ejeq74rYt2mEhd$NwuYD^7cD?EtZt!TavryH(-mAi3kG zT;V>O%gd#;eD9uy|B+yyNCZ71`VD^k!VE>|Gi)YUpwM=JgA>e5g3ky}=}Y%6Jzcbf zCBg@y0Nh@``OzT&3Vd}Ag1?`bxy~wS-zI3`@O()}IztcT82EPj0P{#|su!u%z{CsL zO&ehb$||C-Ay=^-KAd=u)gczGse*X_2is0f7H1CE;2I8o=m*SRg!G%btKNn9MWHSu z8x}GsfQe@pq z@F`@BLC*K@N%vT(Jr;K|F;y8X53CSTNvnU<)T7Mi%Mxl~mur(|! zj7$XkQ)e%tnUD3rfq!6Ev+OOUL9IwG9DVg)wfSS=jd5D~r3_yI@pIomNDnFGWl8PE zz{2CdQ{TguVKv(7k0)Y2(RGGsyA*It`iYt`!NQ>fjUO!4Weh5TA;sLv>T7#DGkh(} zi&F|@Toh>Lc`O|qx*5yAhhf0paSw9pMCi)m26%FD9pE9t?~b)Kr5%HWyavWzAprX? zH|t$tu+wjJf|HZD-(aLX1H&6VS~cK5hEL-G9Ea32G-ncT){|E22pMl3kb`j1-<}=S z*mL;iKkn{Su*}SlKP~f;k(bwpY~cSw0QO7LLj)%?LUsh;65Pv^*pIsKl%qiki~TSv z1Z*Rgp?w^!Fcv+ZAp=+yGuO_Y+v|?RjnngF2KJH3IRkdqi;C&#MLYSeo z-+&}iCK-N!nu$Mu7@nZl>Zuk0pNiYIb$7o5V-5slha}NHs4$Kc^!_^Vv z6Yigge96h8FbRlb=o-K!dv+kZr{O5u2_gVYRY@Hb7JdbR{$kk4hm^hKF=179AGPMj zidhYOyARh4X{dsi=qrX|dp==7+ceXDRuC=YH|swXfF)iV;ZJ>z)#Z2mZH1SsAmosv z1n(=x{P11=0ejk?F;#E^T}r&ERGaka#R9n~40Iv`hJc{X%gUC8D_jcsD%37CFf=3s zi!ia(;xa@sH9?u9pQqF?)Ugo%Aa~H>9vY?;VKc2A7lgkGyk6ABu+aeUZ6Y2Sb!fyvg9jP5z;*SLHk?KdFdfsEqG9P3e6q1$($ ziab(<{t#jWd3mgS2#(fu)oUqWK7Oy7$cZZHD4gbK0=dU>#+Bk?s)fEQEsrZUC!P&b z`~#f92^7;4P;*ynU%#GOIUD#N|rH;4aRY!?|67%rgPcD;_3&DemdT*RQ9E zd{B+Y?Z&zh?4qtjAyY6N|9xl8%g@6u z5YWiQ;JK_juC2Wf6a~7co3BKI`-}`J!U4M!tu9VM9vcof@$6t|1<@Vx)|^TozGCy{ zz!zN(#my?~_XhIj2tlP*&y+r??7$92%sPohgJ~I#xxTPF7$I>f+sTna#)tbnIym5o zi$Lv1HV8;EuptF7!{0*>1qROa5JMgk8mi7m*vprr6xm9Bc*?Ly!6PDicUm7me(V(# zB!?%CVIg5q%<;m$2`TOp>M94pjcDRHh+dGu>jM7h_jrN!4Z?jP`{OXlBn=7fd9I=w zdG|fI9*u+Qw(J0tWL!;ilBq0w{DX~gtjK+~+EnexvK&|5Z$~IvUE_5S`XWBayZyT1 zptrK-br8_4$byK4`pr%&4|dYh(h9>Sjac7r_=LrC3qb`qa5uhxqW?RqWTMG1v>IWA zvUhZASca%xg^}>F*aj9vA>1%O1~P7@<1Ghd&<&8Dd);}fDf3v$N+!CNB4>XH8Gq-7 zIeh>|ChSChc`cH-h$#$586B@=&IA%J8JAm%R7^`8)U1D1av_{*Ok=&oEn3E4T@8Z)8s{g1=&B$1R_bkSJTO2j%B_~!Ie%HETwPLYNrxP@CY?R}y5pp_eDFCww3XFCOxfQY74nv1eE zhta-{|3wRu4D9=IF`X9gq=l^AQ^vuz@FnD7ir#jm`XaJ4&MQ+|fRJ zTt#I!P9N-(+t9j%hJQJ_x4wK@kvQe>G?UI&(EK`zuj{F;wg*P(bPM`w1`J6=rk|%UJ1P*K6`%5lp@5E%n zmtnp~j>aDu9ebWdntjnh`rUl~m7rV5iF>%HZ|GIH+%?-5XeMY_$v{|SP0ZUO9oY#= zzTiO7Z6wMgcNv%rO{GDGac(`y=+f_o;*D%pL_RMeA)It_+t}#so=n9;!ciihFU`on zKq5S8wZzac_%?CYIW*F&P8?o$E_AO7zFHb_QIPw??fyzeGMR>(n|lDgg=buMb>brX zaoh=F10V*1Jw;}t{CSvovOCc&cKbHJ=&jb*fMcW^bHj!WKznC_e_*jAZN_BC9~u6J zzSj>|KbOL1Cs>a@vjX`2=i#77bJsR}&VKlIkomu5Iog8@#T=qHsE093M}PSDYfzz9 z!{46+UU~vFl9+%HCZFj{fjcEQ1tVJB@l>(o@&FD%l)6Aw+*(;d$b8i>F5upb(DVj{ zpA|jvSS7%GFNu{;y%Vh~Mi22g1u#W(1CuVEW*^c7jKw>#ErDWQz%xx;Ho#b5y6V4h zC|-b>b^;)bbfz;fGLmsKm=*TLtUUxrf^gj7)IggXsgp1+cpT?a@w4h-ip8a+iRtMc^jULsY&_Ew z$_|GE_7wb$C(x*YHaIfz39CsM~ zDGu|32s{PN%>jS}Q>c>YtW@wvSMf)Gidh!L+vPg{G5eMLZ`Pe0RZKkQFvn(m`15V? zr%#8xWa1$W52QF2mis%!|10I8|EkSp{vFp+{?haBoRl3xZ}t98NBLjA>|%(d)$%2D z+J%HqB2+i=?uAViQ3L%PO`K*Jh6LmrA?sUtN$&4WtXx^wEHp4W8uHm$+}rE)b~5|` z_>*DmU@{q@hMaaO?BqI>H<_#5PMuyp2#*T%@Lg8BSv;%CJJYi<3ku`i)xKSSQhfP! zj@|kx#S1%g585i+8f;1C!@2LqTy;7WN$Y4I`)vrXE=J=I`Fb;qMk1|Bk$5X%mr*< zi^XN=q-c?phJF7@V&dVy15?n$Y9?WBLN*gxdQd=0eP3{%@1?u>{nL3QQ6|+<;4g{{ zpxCD9g|QLZ5@U>y!bpi~;A}ZjWn9=ZbmBp8ivVP3ik?~?E6%T62aHPmuE&2r2}eOe zY(7Zp3o54K2(Gv(j9^@eYvWURhogp8_>(BcF-xiZizC{aFgWBQ+9Yv03(#2xARK{D zLqBZ-uqpi@Itt#u5O8 zIn9yer(Gp3Ke8MH5fwVSyHCaG6abN(y9%3#{*e(f-4S&sVa-t+V1sx_e=cE$$r7P6N?C;wTkf?KfDYb|9GyhXrQ7_{Hc_tue@m zyc)s&HE%{&UPuh7^P>kAW3s@V5WRtr7Vv5=#x-9=J&maPOJ&Ua-DR9dKp)a$Ux#U1 zwKLGQ&^vfYIhp|jVEXZi4wzT2qNYZ@dv`IZN8n(_mgLKtdq4&Qq9YCwRH&W?9Rmo> zt9A?OZNwAlM||G>ypVE&KnRjC!o604?Jwvkn$TQ@O)8EyO;9X_C=l`Sn1Si??ww(z7>bt* zm>fZoV$r)9my(a>TI3>%RQnJj%E>icAZ!P)U0zE|%NI$YL-e$fV9%)>T@FM+Bog$F z<5;dbx3a*8Tt|9&PW=FO>c+C^Verc;t-d15XjrF6-**90uu+pi;$QCnM=VT#y|BCWf3FRLy<3FY*hpc>o}E6lkp` z9rS3QDA4BrhA5(GHyAp0_ zT9kxi!iBK0t)rr%YI9mJMW7ARF9)_h2CV6TX#k50?JIrwc7|S5F<8rcK&^;7k6}B; zZ3=IV$hMtg2TH3PpKndO;|4ds1-czci~-P&O-!t)8wG|zm;t*Ift(8eE?Ii((bn@% zce2^wf>5uwom%lBRzkfJPZVweFc<=s5;lm`^QZ;G5Pl$ziOg=}oR|K9N)+{ykj68F z6d-V+MJLQ|@kh4m?Co8bgA-&6#wY6P=YXhkH2MiTNTWBXm$LuCCp5{AL;sCOOD2*$ zMZCm!D#jyUJ=tVa>}PpF;*ijaWedQkktUL3m>&E%S;M7`#9zw1>c1Xhgn_p)6#6B1l+bo z-}ccgl2kmtG6$qi$jER^kX@fLHH-kmr&fBeAkE=rhWJ=g`~X|}ry1KLouD%X37rkT z5gb}C?15FcQE`B{AoU2Qma*eEgvvzg9R)a}9P}UsT-O5ZCNsa#a)n;xaBeDVk01`s z3>%-8TWuL7XlNtsA^8pr6f=)+v;c*wU<45O96e}OND`7(Qox8X5Uzxwl$iJ2h)yp- zSOXqW(&wRsLkZD`cq(G5ASb7XSxqQD#1#wh=on^4{FSf)H{i$~UCyic`8F2p2S5SM@q_?i1@TdMXJ)g`TEz zTsd0yQI7CqbTmxD@;JOgY!6-@yHbzNY=oFe;GONecD>S1*VWbCv~lBWyd#`F_tE;} z(v)CmIQNtJS8@j6Ee0lD2OJ?&RI!)50i-)n5CP4k0JNNXu}feBlDs}rbL5H?Pz`~N z!h5@sbg4H?aPa3EWOO)=M7v)+<2Hkf@GnOIbT$nXKfjV z=*z>9NG@T9POW<$NT70()4s)|{l^O+clz{NaQc5I#pGks(Ia19I(VHV!8L@Fs&J3+ z#(SU#`0nBIJGbRYoLNBIWeL9T;|?a4Mj{$# zOqOyn9CK)#UQ+{}90e{x3>?5Jc%k4@a4EeyV;daJb^5edY>nykf1+1i)1pzr~A<+o_Sf!2jt$w;RZ18tc{NwxN~ zNvOC7YiZny^49@%| zFoJ~EKzL&QeGOOf3d^8~#xzVudhF}#8}$P32D0Zl8U}{xCWNmc4cYy{{Kq&P zmNr7vzfGkW6^hghQe$bEN`*osC84xfTI`hyA!(CJl1P@M?RkB0{^$8W*SXGf&U2k- zu4^u|et+NJ=lfpn`+nc=)4m_*>wnkhk_goJk% zhyRjaFMOpi0ucon#W!|PlfbC0sX!#H45$F$%-pcHfd>Vr9+lG8Jw84aoY1J|<3O7N z$BoifrGf%BZ1bO(dg&5jLRP@{06fruDs5g>hHzGsWSeMGL`6%i3(do+xrUR~SZwe>3sHC5Dwuy9f4OMB}d)9x;u zH>#6%e{j2b>z2*(J~i#(X|G;)YzJ+Ps_KS2aVU>fSbIlVYGs-4$xJiJ{h9_Nx=--! zke6_8I$mz1Tk3eSOE|dau^AGF8&F5EUp!jbL7xru z^}%F1AED0N_OZxD^8QWv2;lyLIWMlf(K5c}M&wIM8&{;UIHM!2^R(vS3(6+R?h_Bn zz_p@#B+FKd5T|6Kn&Y}2+R2QETA=<><=@eX3um?IV_xemu%rIuKi-GYIYYvl?D;20 zCqvJJi|$12C!i*gG*Y&w z)|AOgnPk7rd20>MuzJM&o1q zn;Oi8b#?dFjxnGR3O-jlVe;e$iPMYQK9rRA!t3j6UG1@^8guvnI={a#RGHyiPJceJ zXV*X8|MG;==_F-REBY=08xn3l`#V6oA3-}S^L(vVUVHFJ6Twaq8%2bJD+J;EtKzbi zgG1Y6^C^wWhnfZ@4mq6g&o0Re+D^0MSJEh)A? zXGI45LIUINdhgk@_0@@oP9v3-dqv(`8#d%DV2$)3H%2)*_#s}-g>fqj6YB}zqk+>Y zy~!=sVF%vIQLYH5LhZS8#d;ADJt-|mT&yQl(k5uomm1}u zdVXSCYE5`0-GQ+Dpi)(;sV?uJIONjbq7$Tr?qunHx)5L=6$O1Ob)_0ioV%I3uT%Kl zrWdvPXdD<#*WI(t;Yp&8s#P|eN_Ua43H6iSXA`gX&{>PhkIWKy^o$s)Lo>dMaIx{- zb3K40hZTWiVu#;64UI=m$m9ZX*F8?T==(5@7f_Jv#e2w1gJ-6h9BvsD>LGKF<7^W_ ze1M6`CYeyq8AdPpom9Sm=(NV$ZL3l?{7$Wl>CSDsWHcMIf+J1Oe>t7NEWQw28`@i4 zX{E7js-)(VIiqm?KJYtuo|W4hexUG~88s+Y0Q9iHg4c?2P4^8O6>309_!DPe1Q+&k z*M-l^@P={ zU|7%`SFJ#0(=b@hP%m}ib4iEBL8kRx5j=as>(Xviaaix}f;6akai+Y|jp2+_w2`pw z*FkIO^TLc*?|5IaAGMBHXyVaUw?<}B6qJ#e!-e>S)z&8WtCqH1ItgV+3m)w0DWNO6 zMvtb$gU0PMd0o!K!moUb{9c7ZLi)o6zE0eK{rkML6LUvoXNxkC0x+WDwHaZSlCCRd z^Jws7F}X!Aq&eBzQwSmeF5zB80vk1VuNi6-gcib<8nnT0`@|tYVgi^Nzf}Vq3H(uT z?UW0^dXFc+Qi$EuS?C>rK%fF>lSCOac~FD7$3p*CjUPW+^D27}RV`%1Mi@2o+@7Lz z2v(01;GNyM-7Q?1@EJwylCR|JLi7>6BGf6;oUFuvw;G(=Ef1zGZ7c^6zeUR|j3hC` z67ISgJNl&{&=5NcL}y&_L6H5l6JXJ|F;3uO64w<45VFxb%x3kcZTQ+vtt|Ku|I=$6 z#AD`mVkZ~$^W3ql#*o%aTl1$7EKl1Gu$wt^CW>G&er6l1==Ve9!~o9DowFX ziBQaZofJt_0D%IDyY|69Hr76B=@d0JwY`HU{vlK!Ts)6uM6^MjmeO8d*}9;48^h$P zEkg@$=}DYguDR<=?Z|Z23JM7L0~3FUm(;Xu|JwGJXM5izrp#1khB(c}51blBBK*YdM6{;ajTfF}&fy`+>r%>H2Tj zB39PbwcP&6uQ7ia%#3UE>B~ePjSW8+T&sGtv#6x1u5KYjBp%lTz%QeKwspRrBVTU3 zc7Xq7E0w`eZTMXu;OP^6mBzxycls+DdW&*W$5f#2L2hSOU(xX&IY(7##+dvwHXHNA z9x|uElAZSa`57t!v0C>z>#&P>_UI_q#*(dUK85SIp zN|+Obm9>3e+2)#YXU&g&Wn%Oc6YM{73xL>31>6kY4<6T+^<5YbOtM z?(_8*2BiQ0BAl{#oOxm?h` zTg5Ok?n)z4a=F2X6}Rmds!Dl}{>$^tR)5|)a?4^SUr7Ub@7-X2)>1o%f0T7BPU`6i ztZ&nzL8d2eETu`h++$%?sJY7E7X-QX`XMn+$di^>PZ0W_kStV?IZqo2 zQCME_Bknh@QY`ytxyJt1vh+`nAH;7 ziZGr$%a&A$VE)Nwj4D*%5G7oCWL~adn>N89CwY_4j2w2Pq#$S&M&wAPT8W@S?`Dun zCHahr2oj~J+_8iewz@(eO3@Pvw@$52#4TtcYkdQ&njei3Z;rx=@XVo4K&PkJJvag% zB)N>qMJvp=1Sk9uO1F@r8?~f4(P|Zp%B5T zGRi?565tKjAJgZr2ASAy=QR&Ms7VEfG67Yjv%B``LxC++R@|cA|xUr6u(`||bf<;%ygE;O8Oc}6S^cY;g%(I6w z&5qERfprISzJL4FU~X`K?PS?zX10qc&cZKfT`!>yCpqkhjU6X}?*&*JIa`KWhmVo^ zgdpLuF>NuVYZh6ialEy7i!Vn_+cB+*F&g?hq4XjC3!~a72i7O?v>yagnw8f zt_C#qFUnrZkJ(tJQ~wLOpwJU$*TYtGMlCNc8Q_1bhWYKje z%ep*X9$U@7o9{8k4$(_j))bkkY(Rfat?2iro@cdhmR`PPz8P=O`E8HPjL-j46|3#@ zBQ#K8a+%u?o^;j+lX|jaj##IUq)Rwhi;4)WMIsni>Pw-$KuhgUI=RPIgwv-_)6Pf2 zB@rxu)HJCVnJG4%5ESYMM$}^{ej77M$Qjh?7PnDo&6B!uT5@>fP zH<@AF<|k6(CYD&6U-me^LUTIu`~BIME?u&@w2rltM6{yqt9C*IaY9``-)(+{Q@t=} z7fQL54HcdCeGAAAU4s9%J0|nqp?^tb@GpuH{?V72)EF_+dC%480s%?Hq@RAET~c}> zCz6AR@U|h*Uq0de&j$|vQNsK0@r9!^w!UbM9Ezpsyz0`@(gaiX90y>?3Hr-t#CZX6T~D<;SY&0^CC7a8~Jl%A1vWe zr^n3t=rCFK+}X1~`?=F}c~=Dv^lR?m8B8!z9y3M?>v1{vvPjq%_^oQ1w`-gSl0ewY zIwB&1$73+zJW{!a^Eg5LXyLUxVZsF3%-*wTZN%DD2`Tgh00yF&qW5V8LZ%A*$JGy* zs6Zr#*$_fzyr;5xKt?QA=Dv&a2)kK2-+h^8Dh|Iuwel;$;&v0b{SF?I~KnH&HzPi1U(mn@(4R6lyO*r{Xz547hZv0S?`VD83ihxvb}9O zky5NXiq@`3(>B^3gm> z0U^w=B_fOL?B37w{hoZV|3eV2f^^-_t?69r)Jup^Xqx6wUJmBQ@|KK7%td*q!UzYk zZ0D|BU4(G0z6J~a%JPo(&1uPtM+`=mPkK z5Efo%96}-FK^$-}Td>N!BvrcyKO?l&p<(FWtC!UMtuGHBK8zYyazDL}>>mYiDESJe z2TrK(=YQJtidzuTR3)dLb1WFC=E45+rw=>Wn5eJ%Y3J*R5xD-&!Ol*?Ub~Z2-=W#8 z+y-ojW`UMhVZ7<3xzN0XzDl@0Ylt?;(8q~wye13O2(Ax$_$yS_*E`5+n%<=;3$@KN z1C8^t%>4??S}R)E*feD{X8=OTVX=vqdVxKlQtHrD?-{4KS!W5TOtr}O`+7kk^U$B5 z>7+13+;jHaxe8wT@|8C2pRjb)qFP~aqnGHN9z6=Cn>OdtsqY#`Is4m)9ZT42a^5=C zYP=t<6L@>cO%y|*3V;6 zkVqpOd?DT!p7>1Gu@kQndA8U^3qgAyXT5^fYy8cwVz9pg%Vz%532Wol+lADaV#FEp zK(us#BL|bllfZzh^eF+vUW0DkGSGB%w4`@LdUUjluR?C5kFuFg=?0QllssF{+*J6l zMM6DDZX2aK|EU^+Yq`%N@utc7_rt-rn{SuXZ*J(Iwro(!RXB$e&@a|FZt=_jM9nbii0B-Em|HQ!B zKg}OM)m@IEo|zsWBlb>-TGWzFzx%oj+xg{cysIYk{I+^+;_QD{q4)Qs7--Y`ut%T} zl0{#}B{nH%?%cV8SVxqs8&8Az4A~;(s#D^cuNPsn^!Ja_7s>B+YZkR>^!*;JSzbx$ zm5&93cTk($vGZlwx4xJBJK_ZCp{pl5jJ?3LS@WvP zmm-v#5=2*0F1QFvY`3eyKHfO90D*~REa>0P1G#h!-m`b_m+d2;J~hBKSf~uvEhc}7 zF;(Qo=9J6w3JRT7oSy5V3d;n?IeAc>Yi#sAX4x2dgd!?+be@R4W_`iYJZxj-tHPN^+)Hsqgks2U0y&eM57kX}a-v3f~vzbt=nPRo?g zx0{(5IL6^>{xJt7jc$kVF#OMUOAq%ueB%rmh zH5`&`!!**nP;#Kn6f3Fa+#U4`U(8aJNPgJAKwHa@+DnKgNk5`%;2clf_Gtrh2Y}zr z+tooZs=shc(yX76XwR9mRLmY&5x|K7O#H#=2AQt}D?QcR@#IoVh+@vn{gorERlfi3 zTAzuN6wU4|pRAUbH%8OX&th#(Qua@yhS^!~m^QJCx`l1ZMm0B2+bP$FAJ0|muF$2m z;+l!?9j&fDePR!Ln+!i&{dCsQY2oD~s)~9y7xgyGTl%`m-eO0~swQ{S!lLHNZJ$;* zx#u1{i34@~J{gI`?AUMlPkVx0JffkA{`1csYztZVnP)bUTQWsmJvJ(8?(EsK?bfcn z3s63~=L935JOc-ZI5u97USJ$+#Ibz&@}>U#`QGpalc!GodH1!WH*e0>`1sf&?a)Y- zQ#^yw7cZ{pwR<*oeN24(G98_4Z#5Kzf9~67G<)_A`C5v}jZ=pPcr|IWDrCC*=fqXY z2VhE>RGb)}-&rDgY8)0Aq~+n!QTKYv77g|DRrahQTajSB59%cL;>GD~q0;6Z(_ge` zKlH~1kB;q&i^XC=G_r?nCR}548GB^1ELF2=ofS1SOz8w-PMuncIdF9L_nt!zgod6f zD_iYQbbikL1`QAE1XsgLR87&RPwTQAT3qDXwb92b9!hWopT4ExNOn%n6d-$^&%9VC ziA0j}u(iZ7xp>g9V}8rnmSe$y3vQ#xg^1Zrlij{124f(F&V2S4&NXpE=u5hL9!B=|kZ$nZRE z9E%P@egWK&ot@o%kd32z_e$$Ac*d(bzg%h5^H0z}YmxR_Y+vkI9GX*opJCJE=#vy@ z&RpZ-;?j|DxYV%_mDuT$l2vHywr)&a6<)~pN`(Of2P&$oFGHCkJ9KEE{FUbC2NlPU zf5>XPBeZ*N7SnkTlD{|KaOmR2i$VlyqBPLO+4;8Jg_i)U?=P2?l$?J4+&U;YIOfQa zSpm+#IKmC${E9d`M@M5Ts}tmh>S;FgZJ$A`jFv7v3Kk5A+WtAcjajNi@R@Di+m#0H zp|v_17ADJ1Nn=_fMP+4Uh#KlZ`31v<4P%$4{%^mXBPh6_U34hDXoTu))N@zRFpZX1 z3H?55b}BP8Fo=YpoP)?iQBmt@+NV{yLRucV-V!9UsIpI z#8ATA)`Vv(*qO89yrs{wn?g~W{{|8(8i$?J=s@&A=Z%Tu^vQw#{y*)xaf~*4aWR+4 zTgOqUdfqmJ1Qqr%ZaGXtX&Mdu%>CWy)PJb_0hu&H3YT`?%%!Z z2c*g|RCb5_6wgPlwE^+kC4PN!@%rcpG|YQHZA9D=7al%*u}ft-P~u9uY`>y)#)gK0 zyzP?#;}%?7sJ$$1h0CP%{iGQyGU6dm8}4fIr*Y_DNpLfzjUuuGa9tu40^$(mL&f zz$mepQeJoeV_B(tQz^RsaL(_HnMl0ycKQw>zK`rHbt}v60*|Ghsi`UFZt3#nAvIb* z7Fr}1SJ%`i5CnNtU&2YtyxsK<{p4pDZX;9EIGSu*)IsVG78@G}_Zm9&NK%s8hYugb z-04z2B0p9|WeGz7_W($g4&*Xc2;64q0)rP6^J>U4)B@{V>|D>)`zL1#s z0&UCch_1xmxXEJ=_z?fsY>v;Ylc@`c{|7m}!)?*_?P*lUCm7B^`?m%H!f5^a_!^f> zrDxcU!GgyZlsI=m_0~s^NGLi@oo0_};bm>@J$8T}1?@5oa4t06Y|F?UQ~tldtgCau zprX2}3X^aRUfX>zEhP^R4(CM-3HNlsoyGWVanEkB}Y-SCHEE3x9ZaiTt= zv}N8yaRD%M7`}VX4NtX#4jiy&5(5eF;bk=h$PKa0sils|o83OwR48;f7mCbSz=GYI zC664FW6z!Y?N0F=`ZG$GX3K(R;y%<3E-_rP&?hU0Xwr*1sAB&Gv{pS_J<@DOthr4%)ua#```j*xG zniO}e`|?X9$vqXn{ZOidSGBdF(F>{5BofDfh~nJOdg8AtvcW$8wCs?(Dkr|~|FvrQ e+qd8Kkc@0}F}xab)j<5X1#=c@pZV47kN*Wd5)wNA literal 0 HcmV?d00001 diff --git a/docs/guides/auto-backup/workload/images/deployment_repo.png b/docs/guides/auto-backup/workload/images/deployment_repo.png new file mode 100644 index 0000000000000000000000000000000000000000..68e4ebecc22f0c317253706700cc9a0157059147 GIT binary patch literal 53065 zcmdRVbx>T-vo8q&f+x5WLV#ew-Ge50@Zjzq+yVsm;7))*aCh0DixYygI4lI01r}N0 z9rFF%-+iy{ty{0^{q;^21K)020z; zqNk`p%eD}A3GfTuNlwQV2??k7;pb5@GY&Zt(hH<_QWEN(S^G;qzUt>4NB3H95=S-# zpS>}CCHSl_DK9(5b4(lse8@Xef-x`sVhQ3WN4PXm8W%3Y`}>gd3~u}GMr}Ys_d_2i zRYOc(@wdzwapk?&#qkajmdw?(c#0^_n<+HtW-j_5F?z07G=WIyP3^gHvQ%GmnvOo! zeJzLkcJ8&Aa8l!vg#Wz;2w5*o_{63DUZFYNx&O4X=N&V=e7HEVULzv@wqYTk5Vt-0 z+vs9l{i-+KBDRZw*tI6}rKEVW*z`}-+PbCMS43Iq^?z~pIpghRC-p~YoHP0zV4Uv(8 z+e?TpW<9D8v$rG+12X7R7DtYEe*Lnm-V=x9IZFPW@lB2~<=tZ9sHa77JP&8(_>Qup z=vd^aB5|{Z-!R#8@P^l*U70=Q)G?okP~eTltF@f0xs7u_St0E@=o8zIRG^pYM>_?l`~nN^ZYQ%Vdo19SpiY6FM&!{ooKMVFZcGk zZ}hSb*ZtW?Kz-dqDAq`8;te9bcayM?#ot>*Y!jgYQW(@rvd z$-KO}+NC*T?_knbiSu!++RDV8$&od3`+M#*3>KwjMddPSVR_u$FuHg?f^Ng+ZVK#o z=+AT04Q+1Ph$5n3!puz1y&lbsk64Gzj0t^Sj4T-mUygc+M6XTK4A}IIf~oF8TTS># zG(Vw$fWFrUZ|8q4di9}#$`hPfGPB>C4j3J>?cS6J@o;;5(3=p?pu4CozdnavHN|lS zl%~H+KauP-OsMSb;k|qg&i5%7PG1;0jr4BheOpNzLI;mFiiSUp^Rv=Rv*^v#zUzJJ z(nM)|k(s*eQv>g@Fc6&U{|3{a`16XFP00kj+ar9nV^psoC1vKcD8{uoye|u~-K-E{ zh{6U1h#^#uagW|Z@6rc_YdY8R>m8d(-IGC!3TkKFh%44@|D(mT{U=%T=$jV(b$jAM zdrf?BuW!_(Kj`?lM15E0!4-B3UN%d#wq_LYrHtOqvL0B)3YE#?0Dpf>xX^)LSi-sT zIByNC&YkzjM&NtoEF{13=9i|OgP8@A0cES{t2_Qj=1`BxLh)?IE5falMANh^MwA^@M18#p$Nu!v{Z^e$y?C++OIGM zZT}i_8UW9}0LF$S5@gt`OWoM5@1)U6CGPYMtL=C@CkyGz5t>lykTL)t$(X;rvEtWr zvIYQD@bsUZ+PM392q%;Q-aY~_@5Mb4q9y;Mt0MC-Lt87}e42_QKaM&V2{P-Hv`Q%6 zgW)jq@|~P*-5se#KZ$jNjEiBF>&5pYbXmAVqpf~q`|Ce8N3m8I=RKJ#Ta!l&bcFaF z$RAlx*5P}8`}ID9F7)=CviH;Iq>oBQU4xYjzuiIA(I0q6+&=D?@dQ9Cg>$lhB1$Yy zHL1RTYvEd0?p#<|sXx5&;04?1+S}GIiE~o`Hmxu{=2>LP@C+Znl3i&y7Azu=aMKRf zZg~-tMlyG$Lw-0I(agZW>FBmiDn>%0ZeJ6v6oc{-+?t48HC;E3w{t-nwMTBvl9}<- zjVRbJm$$AyKSI&Z4aS|R&CQp5q!7zc(UGWsCqo7K_10cU97`>$#IrL)?r?yF45zVr z>s)3genc0SJ^{rE{93dP%5QkDgWu*;A;>ZLc4yJd!n{9WZh69XX{nID#{V52>m6_Z zV!WI~6)%I}@A-}wL@Qw&3T-s8_El8tqGD!3A6}2vv70MkvC2Z`j>Axe?~XarIE8}G z=SMdyusm)QM!3}k`REo?ws?8%9SRFuSt*h>Hqt~GV!)L2l~H0X2OY5q?S8V&KJJGF zrp_R>IN0j3zTM%<}6VbKREub+2G*h0B zd*avPV7(nafV9UWO2)I6_I4Ha2hN6TfDZv+m392^7`K{1O7iviOQ70?4yK$k>pY5#JJPi5x%KcqdfV?MC zGO+uL9j&6RoxoPNU#va_klGjmwzuRFv<8%u7^9-MH%oZyS>;^k-LLRJ#j?mJ3&FJc zE3y})tIG}G>m~P@0e*LCD@%ta35S<(j0brCjU6-LT36+Br^JUnc9*6&tdz%L=9CMc zV@wu;Z%XkV*sU2jR?7+*zE(J@!A-y=27FVi(^{2iZ$|dJ@*J+O=UTZ&qm9oxk+Zoe zYp?VeT?Qzdem(Bkak8l6)~*CO_zCruBCbN;up|VCM8`I$Tgg4@VD*HOV*d8TFHf zk`_=8%d9r$NHD*n>?BbMkF>M;`HCAw((;`@!4;YOS$X*+#ZM?Z*;QyjcXHYyF=B5a z!_!WY+(#_9eqY@{Cw^dg6nn9uF1TFx1EW6sV=`Qr*-<89B%+)}0osa7-g0#Aj#rn+ zn4LJ57}gC_%H#@4ZaFCTyn3xM>WqM8ar-+fGkBH7oqoqv^E`OYCDbmfZD5PVe>s|K zV{9(5kZ$=3VLV|<=y$&lc+9hH_)(J+STSOemt!qycg3FXOV#-D_3>kWevy%qes3~} zjqbeR3fBv18KzbrHxUgX$p;NOkqhtBPtFmib=rix#bnk(xmqVfAx3R23s~%S_5vn3eYmUh4~;DL)gv1?gF6P0I#{a zj-=K9CK|Y?fIklM%L2Mg>_V>iQ%&8E7K}jpys3AU9M^vEQW!9`Y>(|LxiP`)MwCc?a1CIA5nNo1h1FE^9W@&Ys0Ot@t34!qYO75BC)c@ zy~hg4z$Ww7Iz_VDxYF9aDxQ_J6PoHe)CcPXAXT>YOXbRzRUogV;Mz=LxP2C%4BuBcSEvp^*sm!dIbU1E7r}DXJUq%Zs!oQT2diO!GPH%MT58 z$$egHM!#nBs5>C{4>lZV<9#vsrl6zDVrdprs?1$O$jAR{&5;$FkeDr|n75IX9=D2J z*+D>O=cYv{B*_LxYv`r^OAl(R?W>jSywbQE4BE!&#*4OlOWNNTou%&{9BRvFe@H-) z+XbQfSdooe<@n))p9UDE$imVu3Y=$?wc{Z9?iPx=$pepoX^6aOb-t3XBUKOF0&AWx zP3LUdjL6UDi4Gez^c$!zF`H<3)Kykhh>tS>%R)_PzN6dF#6oyO0iDIm1S^V`EyIMJ zub!))0$ljKx~b^EOrxqJ2ATlBQvj_k2+hZ(o5PFO$na%9`g$(09%0+z>f+Sbq`sn; zjv7H_O*kf`9#7(^4$y@^(ifcf&I|4xq_5o5$Q|yW$AP6inYkBZ5NqbhG8C zT2ZX=Fn7+2bwl|o_eU4hk?wZ%1(hJ)ozlwkqx)mPjRs%;yzF`=V32Uz_RHXPz02qT z{{vYDSdv*xcnnS{EpjSnMNfW$VQr*D7K=anYl4%!HV_j;kND%?5=icQ*GW~ z(2en|HdLw})2Fuw{4fLDbM2zk-*J-`B7Gai25W`w1MJ^WDa|4=Y_X^1|~e7Y;D@YEWll$_0-5tfZy|+#%y+Br~%=-*#+q ztan7JsJ98$#@Ew@Yw}JkN>;Z>-`<2`jW;X5BijSF+ifsD(Z{)h&s5C%_-X4$s!a&#A1Tp1CP`Cm8~_TqdQGePs{sxPA6LN8`q>yZ=av`4 z?aI=Uelp>+3wZN50|Xzphs^Lyl?Z3o%Q1w!2* zlF{VP!EsxKUo9exA7VP8g|4zA?mDYbI>A*iOjikr-9^l&29{?!CP!|$zNRISjstk0 zkKEVmbRYey$ef|t#8nUU%^dI|e@xL0e4L)Zy@LJRsr9mmsWvxjw8*c^pNWE?Pnd}d zYcBT&_pi%EyxH^}iX!?9aht?A^Q{WYN_=WtWK(;W;Y}3~Dia_Ij)HxiU$B*$xeK~B z8YFYJX;!G~m4TbHXN_{SWl^5yu6h_MZVz^=U%G}YMzPrFN@GcHc zh5go0wBFiuxXypyGPG<#N;=Jjv)RcmQ{hkqoFqh9Q zs!r@HB1>?5b6qYaS04v6Tgd$A=spkK@g*PLx5mKI{!RZa^mAm$$hSLPfrI<>j2Rq5s0qm;L6~zm$h$kXGG~= z#$>LFK42VKuAe#23gr~y!K|4yAspYc+`#* zs^2so?smjI3FJ2Hl-_&t--~w7Tpx@goFvC(@mZFB$<2iGTPP|Omg^Fi0Ov6GUPK$RZ#wdRgnLknP0+T$!*Ild9T(3~?nd|1&(&x5Y#B0&mf>=|-a zdUfB^t@Ua1V#y!UG&qYb5fidhQZgrt9`&?j)qG;SoMc}X6Y*Ot%oa)G2CwG4^0NEm zpJVSot33UfXmYc7Sd`5=l94rFiyLbM=-#9|O)P(=sk;tl!|~kiiGr zO8cIsmYnbUxVkGBZQfKbW9U4hSL2BIFLf}*0&e+_8YgY5limFfvAY)uI@Qv;I0ff) z$@4eQE0Lg%tD>%CIqlC892K@A%Q6O~Xn%~BQl7bP6`h=hZ;a^9_qHu*`Tco9N3M_r z{eCi}9^CPuVoF%9EH%-n7x3k(MjUs_=#8~*ESE{Fi|L%zZ(5QR`5u`)WTJMfxdw{g z&&YQW5K4}E3Om!DvUAUC?*Tu*@UWb?@1KKHh(`mB*yl;{{TuLT zvv+w~C? z(Pt(~MRHNIATqDuV4?R(eE>*S{aBdyUO>xJ9#=B@=-wQlE%{ncalgzv#UcV*>vo0s7{3H%-i;KSX0qA&MLYW#2>vP<&y80h-JV|D`0?}fHkOxA$lr$C~L!%V7e z>dlz^j_QFvFGB-3{QJ$GP_xHD&7T5JB`wm!s%+$RKE6qUB^fhAAk4pBbO6w!HmLrO zzefOtWI&wvAAgpyPa{fAv3Et;2YW6=tvRr!6`wS)C`FcrQo2aw`8-4Z_!W>;Y?%w) zmAnX)dl#*GOm2b^K&%4*P-B7l{=ifgQjRJlr5jQkBvFmeaLz;IVShxNQ4Sa{6C$zyHI?oLIg0yLdN-qYHI3$8pw-(-c*uB^v#n{zJ5+sAJYY z#%~VW*sgDXs1~4Ba1_^>f^qQh@oVPo+K;<2iOn+qnOG}wcsB<$z=h6M%sU)X?DJ1n zTggqw?It>=qdbH8Z#S30=FQ(zh3^uZueLG^G&&Cz=qIJE68?En=uy_;)!z8H|3w|w z7_1jx`Ao=utvh6MYwK~f-;MiBh3>4W_uIGKS3D}4wZw(_zakh^q|7xq1Z*&$v=cPH zM<>)$)iDEUS3JC6%Oc$ZO~c$sD}4!|1Z#UI8Kh+*XklgX>n3n>=bWjlp^{S9c*8%v z?&)@Xo6PS*ysC~<>5)5jkP#L^Sj4c#QcctS@%)Ra$fS8Z&qnpbsl04P=+c> z}*1L2)B1e~5n8=A{E&BRu+RxJMAY9T#oxznt;u<{6ytJ zWLL^>i??5{M*-VoQlmZB;%XUZ9lQeNl4@uQBBLNkPFamKc-PA4q^0_Cy-!y)reJQ+ zT;*p%RNrAy-p}cSke7>8#3+OYOg0#=JDYDgtK=+-!-h(umN0e>Vb?fC3UaF;#hT;( zwo#<^;UTa+Av4Q9e(KfAguPp!nf<}l>XzRa2h(=gdHxKljD`*uhx&PwpTQL zduzo7Z3D7~9H}7VTNj-W9{V+^ob;Ir@Ia0C9n|NMyOd!#jj0`;$6auYECsqaZ4UUN zPJl15BI@P0Lj09o5nm5wrZP=~(NCXE!CoDwFF+Sf$4wRkB&ogG9_|$dw&Z9QdOe_9 zHBO|k+uW0bQ`EGK!3F6EJ4Ark+Wc*YuC2)$y#MrS(y~S@HSMtLXoiiBlWTS)`rR5R zkJ@j!zv@mI|4#X%*V$D;v7svUk=lEimz6raRJqnP=Se&IEY{^8y?9Featt{(2^BYW z+b%BBQj8*cL`7r5?ya#VxlFo1Rgf!>58Z`jo-kGBiksNek?R7xyXF{rlNR^4Od+s- z7cEV_*;=qO@H|6oq9oJ4r!($-Eo%aGRdb5YyQNvOZpelnAUxK<9Ye|<6Az4nKdUR6 z2gdVvpJwh@63N@P1Q8bu%>heYO*zf6UEay<9qJshR?r0@bSK#QrA$~fvFKc#p8qw zI5#uC{$zZVASgL?)vm67U4kAoefU#<^_8|kBpX=LOSLKKdHJ`}{2--_Fp&hre?-2OnQGh21@-M;Z2~^W zPsdJb$kh}h$%1mL7DG_xZZb}M8_7$*)s|y9YVhy`KC{R~){;Qa zc_~}}o4AyzTUAd|A_P|%v?MAyrJnL(x1!q+e_t>bg&>t+U1iWo<xD(@%*>YsdXsOK^=(x;>s@0@KS)y}Njr$@r(^9{$`vf)jNFdZ>!@u)(P^0}c zFPTa?g-1vGa+Uwk4w;P1^LiG$UWsyeLrw7&66wYb&U?~C8QA8Cl$EXNUXf&b^A;Cp zYK)~rKazWMMY?6qJUB`g?{X{K)a%8l(RfNvyY?MpMHIvF&S&C zI`|BxB~6@*x*c~l_OxH_DbpMX3UAO(_8gg>6&NQ*kbm1da;t(3KOx;Pv0j=6O#gL} zZXQ$)pY5(O=cqCkIx9vpc`n52a_2^l&(`yHz2=3yrf*kcJpq*ge}=-svAys}E#bi{ z&r0K&dFsYWH`%ceoZUw1wfUiOtHFV-9bMGZfqWeI_DjY%hrP`$(gGbpj+7!1S+61& zF|_IpH~3x5a^z8;vd+mn3J)TENn=eGik*PmDn-tkp&9f~wcF#lu>BkBj{Z;q#%U;l9qP9e2aWmG~6BJkROQreNE5#mHhxK^vv z=D!y5qvTlSBWdrJi)y?hgZg%lmPTlC(X%-4Qh~hgk4ikpWaQ#9q*M_!W*VDzs`q6< zbNW{Vo4Vh|WX&}MzDvAjb(UuHMAk4*^1hAV=ssvP#hzJZW~P0Xzuo6uol*Oh6QPNA zh~|7m@70|YWPTYb7O1TXiON4$Lgl;L@N7(fuG|rs=|UYkO-6e zvNGI)F5gEUt7kf=dbOc|-bbFwAM0cj5cv#ziygvX>qBu%(o9J_ded)lKh6U16yGy7fug&ETx{%=Fd{K))WXJf-n7Zm6XnhNFZfTa)HG!LNgbn;2r~@O>&b zLKmlwn`A$F;#iH!bx+?j&>_7t({>W*)@ZRV+OT60>xvcM{@iU?aR038C~mFsrqX2Whb>Q+i?sA0J znYDF|!ur>o&)T2tyXHn%dZUUn*x`!%&N@%8?!8Q{7^X*H1Io)48}wGs4XW-PdD5oW zoc$&XN4E;oi1~todFC@AmqfXM0K?H0ruuqCY0uWhD&v0ZXE#CT`C-O4z&1h)dzV-r zX;Tt-w|a0?d~2ou!U`f$mY9Y9n2gBAdtd6Sj;7ySAwHmN{ykSkiRSx+_)h;pd0t`R zSEEnJGzdb2QfJk5#z@V`EG6>qeNc7H={1&W+(ToE!?zNTyNtA^ndGvoD3rahHMJN+ zEQLtk4ai#S@X!F9sj#5Fq|M5PRW`d zcGzabIfCNb}x1-|GdJCeko2RU_8oPhLV!RLN-9`-MsAY?0aDSr`-onD%l{>9luM4dCNw~T) zhn2MuX{$GN&rBoE$Ay>Eb=r7}9mNu+d4VyxpStIs?29N>9PS-{?8i8#4*`)QUy8VG~a|ca(EJS#C0~QfbhNYZIoz)T6z4~jz&s`p0y4ba)e2sUjq2Gg954m%loi&N zM!Fc%K`qE}iZc<9;U!BFKIoT-sRYSyZI*q#`=2&yZ+@KKptmY(9#t>+RB(lL|E^V= zv8~hP2n%`={F(3vYy&rAkkRR!f}$rUc**zl2zyH90N2Ege~?D%^(lP94s6V)rm80S ztPORDM4=N;Z_J=-9>&NvDs~g7fY7)Mvd{|=L5t)NiaI8MpwCGz8DOh!v*!2eN-7zn zKtq;nb*9y?gS3~f`2PsTA&m&|Q>tvi@qcn0UxbvNXavve%SpgP%5k#Xe_&w!cBkx9 zzl`+humU?E+XQ{N{#c}JQErhprtGE|o>f`eSy3I7(fz1ON~xe~6|H*n@KYrj$FIr= z2JMRuTpgmTqq*npwIlu5exo)Kw1k%kDKw`$t-@T#tE3X$m-kW7Ekw;GcHuBXHa9Q1 zI2L+GPZnb%q>sGv~I? zj#je$XM)>&JI$$^WLJv$i$+^B7#t&lO&N*<%!dcB9NUgib2{l<%9X1TK0ex1>43M_ zSRtR@u1|8dX3^&^g0xsxxA@{_7Toi}HkH9#d?M-K+-6iCs6_kT#Yv_i*yW&*n<`B# zRHv~yak%rB-~6MwfG_jXOJgDLc&Xfb9~CbXLv;De`{IAyfb(aso-%kki-=>97Lh33 zdKQ8Fs4g9V6GdyaB?xTNI_$8vr(td3D%rWaHq;uTY*Ya}S9DZLTCXvmJT`I5rpPqjHnd?gh(p@P4Hat@(kDnB1H8b#0V4yxV?za%?VF(OFa-(^A{hsmcoMVaV z)mH}dc>bu@Y>`+P1TVF<6s22I^AXRW$>vL??UqF4n9sUrwy!psm?B3A?}{sfzW#nj zv(LX2n=`%JnsMxs9lIfpzlM;(FWX@8r?OY6%z z=iYT+j~M&3)Zbcn2D`N37f(hAfsmRUE`=P6G5sz1S}k8BkkscODR~%EpWk0i}pHeY<4IqTO4+ujNF3V zcimA=?k?C@?yZ?Ca%@|eTle{?(nw19$@b?jNrydhEo8w(u&Mm#dMMlnVnfOXS3yU2 zGb2^^G~eRlXQCL1*sbh^CZpp|pcBGI7_|t1OVyhS%eQJ(DL0M3bdeS)KK3~3fXjfW zd2FVvwBlKKu#AS>e-yR&*aY!>LoQZ*?hmPn7Q;U%nSf znw@uo602mHf^9#|+R;_A7V1RmZ0b?) z_ZRpM_1CkU1Ra-G-o8!CenY_{+D`YqnORe3Glg<2A(x7NhH}aMC(Miar$eQSQyN;TP?+igb8&M%R$CjEW4f*w+P2kk z5VbhP#mV5}oUF&dGR`IWyd;Ik7X9OGXGe|HC-RT^%t9bOk{QYOx7%#3tx5e~GoDmn zQ&NOh=1q(xpdx=Yd55x(Kl;kf+5*Brxd{E!>ggcV|CIr!nujk@Q6G-b=dovr8&}vu zVnu9J;no&1m29t)7kSbv$%&rlfQF~s8a*#i7rcD5=!^W{K)~S&4}a+*9Z%1X$Scb(X|u>X1nxI|@iui% z8((q=A;^wL8*Pp~O;o^PyJ*k-SXEC2*2^60-lpQjHiZQ9L~j;IhJR?FuEL4JNbQ&L zkn)7)QZi3xWv;MyuQ(V{7X~JR$uv8Ii1>8 z0==(8R-#7GX<<}7_nV7l-NFlkyf<=HhgpwyAJdHRLP$#~L`xAg6w-7AElP)((+)*G zF5J2m+UR&sL-`Nrnx`YDvD~x=2Pfi*h!vG^czr>SaY8#NR0ZVIGYoXNck$UpbkSl>-EH2J8hz7ji&$}9PYYTkO zrqM+a$vpJB*2CwvJj#s*2$n6%u-mwDUs{Sv)6pQzLkN<5UYEJ6Ewq(YW=*W3ihahp z*tY==9Y(>_bzMHqUDD=KSTbk(b~1#+51y4I+7T#4o3nQt?j=|>9`1f=bic3@8ba$` zC(A|ZjprNeb!?>Ay4f?ioaxmjgHu3Tlvfw3ia4IjeKKSB*e^zG&E|fcU=PYfN%yU&%^;|57AQb!()|^Y=aa%E~3_xB|sEEq*IKcTd@)nr#p} zO-D<~JRcraOB|eA?wu^d{mnV~)jOi5OWb_Rk??wYbwiDdU$8zpb`nlS=J-s@b4x5`I0cl8T7`Q8ZL6pq9I(H@_iPV(OD~c{!#&v>4mV?6e>{6#?g==bp z=k#=O8dWIohM0D}4U@ulkI~+)u}`0WI2(W0UQZ30x68VnCHv5?!0N|v0Nrf(sgSHTOD>8>Bt*g za}@W-$#h9lMVb1WLZeUopq@T_{A}>pvO3($^qVn&oc!UR zulT0<<4D4F+79imuO`=ZPaK40OlQj`;2ft7*UyAdf8ExEoqeK8v&i2O!+~9Q4n*m1 z8^YbH9M_#@Nc>woStb=2JRKA-5%a#?-QD@l!e8A|AO~-}-%uD`HS+FH+6nWB=}joO z>5Z}x7nzEE7_U9OWx2A)-;CW#l`d#)eFx_9TWffDVcAB%uCJ%#UKUMVqgNZ+=eU0N zcJxXlJ->zUtrz{`kM0>cDHO$Se5u;#UZxh2^sq07;S^Ha*;Mvv<2uGDYy{*q5A zz26HOE+Po`t{ zrIC+nTl65|@VdNbsgu&*+HxanK+%XGm&ap|BQarv-$I!jNtbtD%(XQ@eH(Svl>Gfk zd3YJFu9WP)k(Dx+9iu(cOPWsFD2fBt^`Er|w6~WcR|M)$2AqjMtkz2YQci9PvRO>h zN?s%DReI9XRiT`7JvecNBG!V}adR?=)_lM8<;mggM~nbIQ5r$}Tf^8oa}UhH2oB*J zanxB$1I_F>DXGe*!Pl8^OR<}I(rvHx2!`wIMyIv6F0QVR<~sd^_GT*fIQ*)q;YMym zYc)d08rR1fS|2E}0_P)_4)cHfK+=L+-a|Ll{*?CU>Pwrme_1;C8JeE;7?(;Hg-}DZ zeVS%OlU(4?Boda5++6iKtoy6U$ntyNP9~cXUYD#8PmEx7&$4g2e9D<+X?X3P%(vRv?y6I$tQb~*Q3kp5DJ_7zq#HvTvwEFr<7R6GpUBiYG zq1p#MDR|bwYeq2ssfvMyl65j++oYm%dg9RfDOFh=)Tg96l={?Q>jbZMYjp&!qWZxp z15CjWWS)uyL0HPpC`yixcztM=-wT<4hpMOe{J=`D5y&D)Nmbpil}#OCJX86@)}^be zr2k7Pur1f}Rv_|3GwmcvQ{|)jBVM#IUtGE^llObAqaLD=QO54QkgvZnN{7n2wti}; zON7kJTbqZAQ)2B$bX!p5U@+}}PtpLM#Cv7dxaLHpYVe_amG3D5qL59E{#EtvT>`@M zmgAu|BAX-RJtX{aq=7Mm34hww6i0Ks#hK{X-vS_ zJ#^<25WwQ|lR*m$3sjQ|MQgY96Y-$OxdPN4O*UrL3$pqHk+iaeBF{+$?>$=l!2>_P ze>7Cc29#kd%=b-iXERv_@myR%rXBs(^#*-2%IPK z&oS&0KV&6%C@dzd9oD{6@9BUrXb(CQtFCv>9sDggCJaxQ!?HkYO9yIyYm=LZtVyff zm#LgF7mN?HxReeT{j1RWa{IsgQ0CM4zdyzq`uAV|&1X6PV`=t3Yr`i19JSBc|6SYj z1e&6-_Nc#QNG#;te-`wAeCzXnIq3f<-B!Gwq6YVZ!LaoxHiP}5f2zJ&DgUKN&WVMk zb7^a5SJ>Q~W?R`3nv_IPq>%pB+}!+=x1u8U$;nB%K}QC}p$)riddO{7f3^S9d!)|$+=gB;L(0a6Nv%j>?R?hoh{F#YOSuV!CgkLd zX=v&9d33@k$;imOM_|#^* ztEo*|$4w8jfkt{G@ZY_EZ*qOMQ?A$Y_43klcXu}*X1Cm)p3Y_YH6vqaTFY>>1HL>w zQ6Q__X7He?&l6sohA#rk4qbBKGw^~E_H4sQqlnpff$}ysXvL8v)EKcHa98}CnAlPw zjlIirBZe>9W5sV)yWT3{q0w%>*8C@|zOj)EpI!lQ#A(KeJ2;5Xzd>%a(cnJ~AOS)zWURy6ZI? z8=p)ZmHnds&4G-pY?v`g=)}~NnVE$JnSg*m|3ZUpOoQ$0!{0J`dRc4d-oPNyDzD9a zuZ9hI9h%orO_y5T9=c&?j#{v2SLdy4oLxX1$${#3|NeYkObj_683+Moi{UWsCwXXO z$n`Y=UR7O7i<~}j@HG_i^bhiz@G|hfGN%<4UH(y4#`RHGH)d;V>rX21 zP?msebOb&F*}=iVgt`BDnc?}<05>k6jysJ5P@|M20%Ll<<^;6-OJrN~T+`@u)eN(Y<-|rZuO&zMg8Y<6^-U7-10*ltKn~gld7z2|(6A z<1;AzT3GN7^?3Uihs~ZIUHP0%$X@Lz2MmD_!=P#}n1%cPoP>-_KWQpCheD^XCN#mdmt; zR(36A=4gKctt=97RDg{HNXJ-1-2VKcaX(m?rd?Ic;(z|RKsK({qz|LCtgOJ$6dVg( z?Fx=2<=U#>TLNH&%W~}1n>VrBIXE%)%Zr^*|j~|b{JIX&c zMBd-6-20rJA5K@?J$W3+75Z%%23YN*s#$qUONM~kJ;SSIcqe$a^Mc35*7lvUGFo_O z^D>}da`N&U$7?;s3O5MYxO0o1IR8_BKpw^RS}rb}08klEmueI%WU?E-&As6P1mh1O zIvHZFicd-DzrQxTk4j4;`TPjQ`X59Irzt`3@bdm%UZ%okLh^wh#%Qj!0&lH-c5`vz z&g-xk-m^w>EX>w%hR3(`2|p$#rnkSJ(|&ZeSJ#6erQWdO4?8Q$${NJ z?!m1y>Uxai(00Jf#LNtcHe4xSucC?H^Vo@8;s%rRXAS_YrvtQc>;ZSa zkx^0Bj*gaBr_g9}zF2aH=0}Nxz4w>Y_rcV+e`E`bid=vdp91SU0krXCx2)=M^{1T= z4jt#3r!bfo01^V8$1mhlSd9ClNhf?zK(_~ub-q_FL@e4r;{p(-SUo_Yr%+ai+H>_$ zj?baM>FKF+>C_L^ zzd*ax<^fN$gbpSDg;8x5qMkLUGm;0;F$G9_zkSn^#Va~G()9H7e%d%;6K-DKi!|^N zoP4raneS_2V$5J71G(*NB@f_@eCjP%I{o^aI?q{6HwO}AY-~!MZw{Ks0|3ld@+p7t zT^rYXReZmH|Bi+@f|j&fKUv33hyoy?S@F?4np$jG?%g|%t&w!ocEss$zarm~Svzb@ z$kLzd9|)L>;)r(eLubp&$RMLv&KU{CCRZYjfZ1&UamwBG9^gejclf|fnjmcMuK$oX z40f{uzsSFsIq+Tb-`^`YTP=zHJ-jEi*{urwfB)F||MHvY|GC?nkC!($V7LmgRfl#a zae`|-0L_40+-fo>isf7EA2fhi7ok$o+=1+G;1$23g@)chhDgma>x8qC7gQ9lY!;*G z>L6f#?TsuqS&cVMY#--qwx6tI8H*G{(I#c7{dxfgq5xPft!%8>#s2(*>y~UC4Gl$2 zVbSRxN@nIrSCDM2fI&|@F9CCY1URv6zy>Uq+r1WjVWX0@059>06T3T!6F%w1x9r%5 ze$w;NZE~P|u!Bc(a&j-2nWMV9-&VFAwqnkN!dC*QKW93$mVoytDJdV|{Q>>}USn8& z@vtLUvXYutKD*OMM}D7zEU7v|R}gzoWQzJu2Doy6Pk3EJIl1t(TiIb*O*cEl6^J9& z^X+zo(Srqk|NdPeS2Vk}mJ=XtI=}*^r>D0&9D3NVvr_;H)q^YMJO3mpjLJJa)zCkk z*uXQe#dZ61zi!;+c(v;ht5563uT;SJ15q%EvgEng+BOy-2Tdzuj{Y$6nR1=r$(_w@ zvHL5Or8_ig-=DyblSI>B?k|G<4qA00#gH6OVj1>EzvDm70xbQut0YZC`U&rJBfLMZ z^0|WF3y;+=nj!h$1nkY9DIuRYa|pY`weS4jGv!iSLlZP|*O}WMeGY)QM;qGl%UKq8 z3D3$A`I!93ezo_aepuV9?X`%s6Anry}jRG^6*rj zo&ldYdee4DK4nFJQt~@0NDiOik+isUU)h|BdNoofll1D#$RD5c@`8e1ynh}~|1J3S z3!XE)ukp+8vIpA(HaR)zztI!GZiJPo($y}?>$XPtZ7)P`;**S5Z>vn_eK<44*?gA$ zxjzd@W)E*vvzF_(r2uaA*LQhhBw-Peo!KgCX06IX=_n#BD&aKao>0JZV=K_(vvpp+ z>Oy32y~zG0DXstW1k-(TP-$oSdQmFgKgWLoLR(E# z7Nrpu&H|24askX4Ku6r402$M1cA^Oh3Hfxmm~PPFT?3ee`{CkXwQ[I_&dX<}2% zjL z=jN+F1HXiYscCBu@U8gvTpU1Z>go!#sti8uPDPZLvqZJaNJ$+}DvJT2EDlgbQg$Px zi;Ihg2xMSD4p3MDr&S~x8k%;1_V5b`IG_DdwHVEie*5S5i!Gze>Hzw9Er;#b<*jsRv-OjhNbvU5T1ASS-USE%o zoubTvh++$H|Jph_6XiNw069bX39x1-7nhg({AtkPRM*`pM$y|dwTCTz*s&{^G&n0E zK_ZHX^#ReWC-OtQ0tzMufUUNkDNpZ%0h!5YYX8eXfcbIyBRqK>mq!AT(SB%EQOU+q zbeVA`WMwJ%`U?A8>_3X^WS=e5s%oE9iw1-T_&IqqkRTwXLnD}6@W26 z^xJp=u2=+c-jOs8WJgCwfJ^J_U-=_WWSO)oM*u?pXQCjig~1NeXrCqOmoYAOpY@zp z23ViiGay>4aWpe~g-QHobChr8ArA>S-;<3vv5eWHrMA?=r8d~SWo|-t_Gk*LE>fDP zpCGQt*)v1GbHYcD9wC4+pkIgO0evagZHkSLe`aUTb_*HLmyUX1kFasE?T0}R7h8y0 zfY5FOFuAopV#D@L+Y5m8{w`5t5Omx9)E7ei^Y?do0k6|nz(H(_%j30&P!+II&Q$Y^gZJdMW);t^lm-9MDKuJ!1n5o&d$kOT7y4+F0=Zmw6$8cuq9sj)7 zj;9Tv8l-0#=xXG5s;%1=L@|pZ zN>T}mf=W(`N;07m1OqBaP6Cod;wCF5L_h>VKtMr2MTr8ERdNb*bJiq_7LBkaA`nrqH6`skzgv2B>BymlPa1&q@-Ft9{;c&GgKPGBGtP)=We zbCSVEfGM$OJWQJ+v!N;nZlnD@_#>~P!fRl_$eT@44#ixBqzLxND}*004jC#Ee%@Y+ z(KRvg%*~Z1N9P&O)xM$lTz;Wxgb1~s6`xyMLlNAlzhUPph8{J@Nqvu)*~c-bi|7F8 z`7|s{5$FAlT3Q^1VrzQ{ti`IeYYE)z9v)UOH;<#V^QonNi_;LliNCWq0BCIF0XCtZZ!NY=t*0ER@vMSyr!JP11BvPtVOroO55iSX*>QVrpt1>c)&= zDc6OGweD*+eTAkUAt20oT6M!l&$it3^mK(6hke5&9fPf$-%gEO1AA~UCd^^O)vH(4 zH8j%4a^@R88gKg%d$k|iAPb0~p{c1R`rOW>q@?1qGMU;;zz(U%l2h~d&0iZZFa+ABUg!m+Xb{8QwICdHIXbP`(X9Zs2Q7&CC+h(qgcbucM-HPRnsN zD5L59RKSorrTzz0R2f)9s*Ol~0#YieqWTC}yaG(Yq6JDFzQ`U#81`zZIQlA0R*@+FnqtCJ6eE!rdqKY*l2L0NOt$|`eM=-E9)IU%EOyO3DdZf4QOjRmqc zg#-n8#KgqRS=L6MyB#q!12E^Fot-_`(9xuoT=P06rn|dak9fx^(G?wTbE^?~4iJH4++pc@vgty+NZ= zG{b{>i4uHeXB`6Q-04i0XCz(gt4#;%t-0$)gJvbx%uIIwmRd4x2`On7iJTjWY-;eI zI>(RuEWs`DUZ0V;)w2$pMU2T7C&i#5_#igq^Z2Wii2{q$qz3#Qo*9;^kN@B6Zroi{ZO+26D^;~AdDjqh)cN1palNx8ug78a)b zPWfkscQ&s-qoXY46C?8Auc3OMB6imo8kx322Bq}ZD__X!>T+QFzeY&T&(9Y`nLGIX zt=@&Z_KuEzFJ73sym zXV~QtE{lJVxak-eWTNDr$?eBHBa7nK{X&ngkrVCm=E)Z0a_)1ah{mV3q> zDA68Qa8E*OKvqFPA-}biRX{)hZzZ_HtM7!guyBopqp|EiarB7BRR5sqxvE29S@Sl$ zMS4>Yl@1CTA7@dVt`ntQc5LXq^N>DiYC~g!nBO)bis%QkBXsgb(dG-Ec0cp$pDgAR z6moUmAig=YDDvs1-!~3VR1EH=xtCyR!8qo^>YkFqpt!jXPrbOD|IZ0=9Tyg>dM>?{ zP7`LSw!i8b!1%&|{biCiz=B_KeH;4?ft{OI?t z6tm`lhY#09L`IfWR2Wo8$ON)-n+P%!{_2SJz?Rh1)K8h2dV7z)H$ z{(nPZ(fq=up`D-m<+s}FOm4q5wb59!=w6lP`oigmTeY=60@}vHKG*FyP5b_Frst;Z zOy~a8h?WN#j?MJ`sH%DzZ17ShRIa7|E2~?z(p8<|7b>F~R(Id!Oe;92>`1LUpBueR zYBbfF-R1GQOE*N8g1ECpc;(bLC4PN7Ssr}QlS#{o&e75FsO|7s6_w`&TiU*TJO5{9tP0jEgss=cwb6Y; zi*iVS<=0S*dDJX4Sv=w zGIGzR9iqD=C0X|$WkR;fd$RjvLUMBV&zNv76esR$X@i?bsw3BC+K%XgGx>!C@_p)q zL0JGHhYnnder_0)-M|x{r8{BYmG5Ca))tDiGc`TaY8O7YNO}^&pm72Ow7ik=_ndy5 zz&xsU@gJ-l`t0Woi-0SYm0Ud{+6xB`Da1J^pZv?b(aqKG@8@Zc^M18O@kLo)YwsHC zihm4r%Dd8(CuW-CXxc(q%iI*(#Kiyhspx!NpQ)KQ#Qfzj9{Ojiz3cynuQ*lu;L*Qk zyA8(*{^>NGUH!7_pWnV-d4A#_JK)6?Z~iqPzNIoPi>!{WIumdv*(va7Ole7wAS zp$~Nba&y}r6sF0^dCko`@iUdwd}M}`l~^~`*?G{u;T}5e!zz9sJJQ_T+@SSW?iC;n zK*_uJ?*|7S@G(%L@I!wrCMCs&kjlcsVy>&d>_VYX(6<3Nw$QW{@6UPNjVJFrbcsJt zYHD)wm&_k-fI@~L%0;%auu1hCxzhMA+MoD5eVV=8-A^X6<@~ox(3tvvZn{!~uS{;Y zKKUn{xX5Nf)2mAG$I^&-W?1g-llKK3ehmnlSRfxuOgHFp#sLBE=* zB6WJpr^IsIPt{MKKIOfx$GZ{Kt^tsHK|qKC7s0IvICE$n2{fKIrbwc=K7RbT0pn1v zEJ|wDqt*m>gJKTMXpPde>YZu&pp_d2dP3`m6kwn(cu&qaabynMvH{(-^ipIMa6n?> zH28;fIkBi&alE6HloVr`H@mcE-|CXzhb_BS5e5y{%zN$QLlhhB!%rUl1Qh`mK2c@5 z$4@E1*wQKckZA)3G_FFCa3G~PN5csn8t?|)qoaz*B8|u!K`Ei(;Z-OGORB1J-z}nG z^+pMT(jt=3p^Q~tspvN_@~f-7Uz?hc@MLbPe+mUf+w0<`R$X1)=b(wfQ0SuWSpcbu zGVz)5ypWKPL0uTx4dKmk{bQ$(0L$78eg_oW{5@VP93i@G_=&lEj8b?sLg?(=oQ{c_ zdE{fh=L*rn?1gjSqeXy@2xNj0m9YQ7!yNqlmAaYG5t-bOMk+@?PTgk04mDF#s+lKX z)0Hb%>VLIdjg^?(_~hBM%e>*$)ztt{{&Q9(?JX@WvsJE3Cs8iHMOKZy@_|EAGFzeP z3JFfPOwu_$bCDZRZ89~bSt#ASDF}qVhleM&!4~BU&CWwKT3T8sPMnxUU0ps@873+J zU^DCZ^mH_W^l*D_dzLx+m#fySxfri0nQGCl`Mwn?dFuNmr9`_iO;8`j$Wacz2N&l0 z!wXUuad*Z|9}nPRlEUbPv@4t2r%#7Le%z0V*+WIft$F z$k}-9b7@zpy!)H<0DD)hUX7~#911f)i_gfxpwj%0I@zLYLpJ-%m%DOiyEb~-5U`1x zh`I6O9qCH;^`fq)VL7}7pR4%du;u0Sj2B2vI5tM38AJT2ZU@?Pr2%gBQJ}IMzUc;} z^DWcP;zoVkCVv-Ae``%-wfZbAICdKWra674?%>oV7*%ti2X<~|v~`7f^TJByIQ1ZK z7T0*u0%AttnyO+u-f^6CD6%M1ylsB%uFH~uc80JymxqW|=`x!d&!fti0-rqIYS*5K zS{wWHteo72^P;b9OP+F;hl&S+`15yYzKvc3Vb@yHtr`>c9#G~A=HsuWyvwf=bjw}( z<4Kw7n*dkl`{aqXW*AtFcb8+Iix_T3d%F*>2$b)%vAlWnC5k)}z@!Dvac#?8UJ?hC zA=vMQq+@EnGvZw#t@Og@g}JFYoDZsoPnLUpeSJ~xC+Xy^=_s{=Hie@%vgJ|k#%$`S z#b+NY?io<+Qwq~xT9{)2|AVB?rT9X{G;{qnt^|{M{>`jM^B*zrJQp_DP!=dqq%T~J z^<;Ax*o_VcV8X`u?CBj`ejdMv>P65Hb6Na-^~!sdFWAP93aVi*&RLk0Cp!nb)iX9W zRwj#SDHIeGP}6oH-BlMZT}TFv&m(0lA|BJ4KDOE89Es9vHWLn!s-S+K#^diFnOy zdn`zK|Kf+>b{@hbTjfyQx^?TJmsb?dZ=V^0+)2=4c&i9pJ&w@#i2ZW1vaj$zA59yd zLLsDS8;(=Z(cgb2T*`TTYD$F32!$M>!LS6?xvs8YUK{ZsJuHg~3aS(J&ak0LN2nag zJdpngxsB*JIS}cCJXnR*^6c%$dSDlk=#*jo^ThS*(Uex4rit-!?ayv25KouyFS^k) zGaK=rm>FwVx_EJ`kHq9U!W`l}p>o#uees)z;2i4ZG z>ffq_U_#t&aa~?yIdW^28{(mm_GhXchfL2Ri26wV88}$<3G_9om9e;BNV|FiwGJuu zboBI`LTCpffIVh8`q#n=>z_5N0l^7137S!p*9Rmg7ccK))Ce5|1H}*N_8fNpBZ{~i zfe!%_xD|}%N@{AtpQamLN6|yVw5zM@wUiq&K+^m>EOX6hu?*<3tr%O4>K&Qj)?|%ZHFFU%hs)T($d79abHgQWL{fW7ce|*iY@)-ax5b{W3EBHe=fcNYqh!! z47O22!fw=A$j6-{BO31mmvK@N@VYuXZzI8?FTmM1c;nXJIM!XLe%B@x-3;FQCpEUP zvm5H)Jt&WwZaoc+KFDe@=hHGs@k_Jaw4Mf7F69r`ek?Q;7T!m8LdE?S@d}~B04a-^ zW{qOF)H!flpAHm+V--|Y zRWWU%YhYmAG2pbfTJIwxA`p>yQnQfM`#4rVa*>(&{rjM+js_kX2^X%5znN$y#;ML* zw_a4OxX!d?%Q1uo)kIyHM4K}{YzD&(iB7Yf4{)j;ql@d0?5CrrcZsWNlMF>cQ885| zz~BEA0K#r|GtjWWx&xVdZ>5Mu4vOeo zwxbgJxbcc07KlD$uJa;M#M`)|LwuJjA1#wU(bgeYyz}a7qvP14OvDw>LdK z{qsQaBS(BgLezA3{`~n<)U3%LzHVxLDsIyGwC%Q!_I$NHC9?h3){EAW4@!7t$MmOpFrpK`m|T_U*FQuI)f) zqc3NEl*d+5E!Sm{SH1q+h%Rae5E(()xAlc1cUOvz%1b z@I;G1jAU{sc)lR~6SfHnI0nzWZ`x&P&Jbd)hmRkV=3T*L13ET@n?`I!3DJ)yE1E0C z)Kl$g)EAxr zHkcaC91FI}h6V^-GzIKmPf0uD{(`7Vc?4BcQ`5sP3y0UZcRnqetI|tnopg*MyK2)W z0~A9Db&NdL{Pe7d54cf)!JCcSugEtS;jCi^A#R;>agjnHB}8k73?xh*#u2OgVC-?e zc)7eXUf@ta0bPkQn&2Y9BV-pip`bABs(@8fL zoFJjHj#b+{&$Juk5)%t-X;F6p&e6>d#F_7a>By`Zm20@aeH5>km#-TUo;^ZmKYi}4g^T#WtCs6gCyL4AE7+CK~?-6{2& zk=RzEH@-haG!6mvG6{CA8z;4=#E$}nmvLhfCrXS@>FJhB3lx$|kpUG^s~G=y$1plN zTJJ=IhQq>aw+|FFY>3|wbW0w!9-#V+MVf`MVSHjj2Tf~i)tK@zy#{Qs`?TzpK;2$o z22mOtez~*y`+L>eEH5zbC=|M(UDEmX@_64Y|4kbkgNd#J5`9*!T9p7{AaMRe#8QxF zL^q4@Hv!~W1Kc}xmmZ}~URzrj`i^U8n9rN;S1~5tX~3TK8#V}QMb1_2*2VQgN+L$X zEa)aa`YBKM-7M*E=;p6;m>E5H{`?jorwFvO>Vv=X)Ws;V6OAhPKqX{R((6PYmqSo6 zp&=FNBJikynVA`7y3vqqW1^Do>(0`ca!dq;NVA3-9CJb4j}K~rckZkt`m7x1`8OA% zN(~GjXMLA4YfdE@ANr3cC_G$zjvhXI6ZmtoUdwfY)HBdC=_Y$?J^~U$&ez3$asumj z>dcv1RMNTyrrO%Okd%2fvz{YiT%&P^l0XurH>r9+_}AdGZl%`=V|`SUuP4F|B*i#p$QHBUYG`CFY*mk>cg(xz#>=Y5> zdj6;em3GGTP_Ny*g^kUnVqPiakQZ))T<$X+<+L1V3jkIOU7WHh!)Qi<_|V29G@xtC zJ+0cW%DX6%iwlg>thY@LQsD9&qRw5MR{JwOqW1oCx<-CM!G$O}hN*6~BQsaK!i)9* zlGgVJghB%UI?Jprt5Jfk9QRZ%a)n5#7IwBWCPP%^{{WCJ0b{o6;jn zWTt<}EuN(~L(!ib1+qTlzw>c^J6rhU_N|@jugV=g#J!>SjV?lercPQC;a$=jMTh?p z+y8gg(qDeU5KuFR(@i}HB^tOY-hlriuYSD(4oD+(6`1d{`tPh&n#2D6`#XO9 ztW6sU^bYxg4T*(OYw4G#@H&=S&2b;d1y}%G0)57Rv1vs`MO~V1X;!21N7={~N&R=u zQ~K>c3bOw%(v{#B|I9sIm81Gho$VZP4ixkCy^U+58U1OOoVUfdY=2x210~`j>V7pIK%9vV*RHTiMyGAQzEU6cA%5Y*)>FaD0BDqJi7L_0gnWPbY=1frt<3GddTK<@;OfcaZ(A9+sXAjC23ipwiJHbxmHD1TQa*xVZRcHi=?<5+d=B%PHcw zdd{LI<_qZU>tj?~^TgjjAK5wX-K-+I4w}am3KTU;+i;R^X+xXV(#u4Z$To=g%Yb?`gp! zqYy4dQqM=GtC%k+C=ha-HigUpf_Iv@xHy!G>{?pwTf?CsS=PrY0qQxE8phV>{tEv=7mNi6o^!-p+7+~ua> zAFicD;1W@~3FC&SAU!6q6$EVzIIw;jnAAt0xYhQev1>z2i@W)y9wq; z1{6VqePMBtWLppyQknz>K4j-O<*X)dI zl+Vf;lOq%!@<&j7yvPnOQKN4i@0y@G0ROtt4HrWa7vUHyQU6$)>B*u2dlTfs*m6|^ z6yRU6wW;>=^71A=Ux+~)HR;9=ZXm#%tsAfYU8lFtaWwnK#*}aoL`nqY*aOLYLFy3* z0)STAJD}@3W#f!ap*AQ~m>2v&L!$R^!olH>K{Fw^kT^jW zgH>NQSodM0TT047vY{Y0+@BIS3f7TD!hQ=xWk6|SKAbV2k5tn} z-O=5A=OEJuEz$`=PYhtwU(E^jHp<(}!|f`eVFTdEaL=qv!2bag3YoVYrUKe?L(2z+1)=^_)YQ8B`fM9*!Tx+9OeVG` zb|Pc872rfsVPW+5ops_zk0x2POA$Ri;y2>0l1DQhgD0MtckmMHHf+eySBK#J z6#|pJgF_9lBNQd4(OEI9e4&G8Jr(0}Wl4z+h+)pn;wZ9EX1Ox)KuR(%>MZqCI(J>} z;3Ci%Sq(`^R;)g*`tsnG^WgZ^l8OcaabYHU)v&4Wl~KSqqSVJ8YP(xZf^KP1ip$J4 z-)9CFVms+ z*Iecrv0VR-%c8ltI!UR~q}AJVdOz>o6qC;6D(&9V2;DK= zD_6w!@zc@06;xi3ovR7lPM7{;A$fq?A}C1EQ1L>wUC-Hx-!_Av$2-5Jjd^*=4&5obq&dYtA-nUpkQmOy#jA5x@#G|2W(&5Vt z;X_3}d9m>)&TpY%GgX~cRsFI!lNWsO=D?P$*@z8jgQveOjq0z`7Tm(fc>S;NiJDg8 zGq}ry)EuGT*AYsv!~5?sX?|{NTMBL(K(h`^7N@A_$H$Se4RM_D(iV!5vd=|+EX0qb zyg!SO_t%?&PESH&VtQkzdJ0YnAs_X8ByE#VrW;r0_a_e-9m*b?{Pb=yt~W*6W{@7u zlb1+k^;>TgTvA!L=QQ-oPyCgY7Z&~8sYT6cDni_2_L;U``(-C?+(e&Y3K>>I%*TtC)-JeM(xnu+ocp1NnR7qH!E6@V52S*+ELTN)v-|zm4 zx3d||?`AVsn$*4TMAetgw^7;+?VF^RciP8~a!ZAWi^XW7SH~B>i1q|(ICkX)jklw% zunNgr_yw*Nx20cftqc$lI0~cTT>Yor^$V-luC0xb+33y2w`1i@xk%MF(6?+ZvpQ6` zp5ymvwv&9-kVO$ew+I$4Zv3)#z zqQP=jQE{`9)ZAXGnHDQzyDV&P4@U)@h{Oi*Cl(5>;Ut*2)U9;j{eG|ZTz z7f&6|I&r${NRhX@>fI|g`E_eXvunK`j7{(5|M6KoS@$qwsQhJV$2Qj_;oX;6_#HQ^ z%WBG(<++cs?BkDeTb@69pUGjidWNm);#BzmAiDRQyv4!gQzU)3pfTTx&8YWFLe3Ir zq2;*p=8bzU%2o=Fe`^iPntdtonbXI4v`N1&PPR~G9qq?khQ%iX%wqI+P;PuZ5H{8+ zpT;=)(YaS}V|%QOfrU7#_JU!90FQY9Hgbm(knCXx8oh zTsHbhuN{I+0s!o*v`p(t_x3FZ+;QaGdE=_hN0qBJ>CSIwTBZ3Kg9`)8ww08LRd*_0 z)pXtKre|nHnXBDj=d8R_ZD#`=C5$#lyy$hmJM+;IUbDf>q(45^S?Xq#<+r6y+1wuO zv<$r#U#*U>vTxGmy?a2qAlcMpN0@mk%}BRW^Pgvj*+PoG85{omp6^wlRx|!yKX2C1 zy}^+qq$+Ul6Thp)i+jA2oz#mN`o}KDJA-jbton@LL3od+fC?IRtp%VW2?4hZw}48v z!$Cl18g{7{03R!e>x?MU0mgq~XtG}6<1clo1Fm~`uDtI6B;5XEtk1_NX^eandh}BFq$bCd~r+>WLEgK)9PuRopMCU z@}u};0^*E5n{{RqO*O-91A4n3Iix?W+4L*3$ZvhsmCjfO*~ekq%HE5;OYW<(-W*XpXVithcC-&SEcCLNS#C|x9CWn{yBM0INTjG@u_ zT8};(bzX0a>C(M5!kc(^GRd8|u|nY7k-Tg>#t)9pH|S|oCwj_W{g~|vJSC;RrRZ^e ztj45Gc1>15z=J5gllD$62f{Mj12cChXXr2Gssx|?O|>>Ui=})}x`twSg@$JzeJ>Hy zN;z^qf3a|4&0}%du}sM~+f}k|ddU?V{xSIhGet*%QiKtGm%@;^x}4D0?b-i25%5CvVl4Z_(EkEnNE+!p$q{!Pbl=iNB)HKhewsNxK zoxaryha-r}gzN#Sy|vyoncL&8D7CcD=G|Ne!mmpE2**2)g)rY(eRRBY>Ns!H^U^mK zdUJzbgJ?KOm^j^2g-ZCHG9)($xId0thz7JS$Gj#>uNM2a4PZ zUsYz+H2e547K#i+);djI6l7nB*$|oIWzd$PuQ}FT)sj+j>U8g9*{Ac01-%nZ-;;US zE-8O2*vrr{q*L^0;+50nC5hxKT*5l%w=9L(maBvn+wHlbuG;l!!DJZ-J#cnAGn$bQ zc)+80fC~79oK$qi+(A}1xE)L@qI#qnl=a$35cfaq7CVN6MZvUv3-aE z{iO4YA{rj|aImRFc9CG!uSh)3C=fwwZa}}d6Rhy{{D*W`U*wf#*!L;&#CC~Lni}Xg z&6w7%k%)_{pAM*fza1{o3U4^7OI6YtT|p93L0#*EmWd~nxazm&(L%ooS2%GQP?2nZ z>eOAzB1)V_NdBdl7et^+!=!^`o1rUG%L`WMqmoH4&ktL2z&KG5$7gMAy%$B#>(_e; zT)6hp=)w&aNHI`3Y~8ZueAk~f2SbCVZwRvS%bbiIyljU(6qY_~QvZ#ChsS7ZpF&0H z=Ha8ZVY{>(ThvXB=r4Y(=nl;eN|f+@|KbG8@cWWdp{=3Mm5iQHdlub2Us4j>Zfkgc zUxRO*9X*4g`{;~8*^79P9!^Z+K3d7C7Uz`oq^vjPqlEgoCD!2&XB7l?aprw?u4pyhIz5vpS<|-7wJPFL zj)NOD@+v2z>rBecqUMS<7GgUcK2B@nBCoY~UK~t3GhEX1B{fX>H&5x1+9Gvv@lxg) zz48|-3)!ZWrQ19_9ay2SMIZK87KuAd{j8d}s=k27^LR9nIXa~?UO{toWG1)UD#Caq zVgZWo#_g1_<;@$uw$(k#nX#Xk>spm`Yr~3xrj|`wv}#V0rf=y6j`>_+`*c+85;VhM z&rA;oUi|#iYHrnhbL~&p{x;W)xdcIud(e=-xjZ+Sorhi#N~dvnp`WqLgD|LBZKSO zB<2Z~T~wNJhpf%6SiheUz190Ih~-)xU#VfNICrA4#q|r#;x&}tIodVTcyX31~$~bxai^Wa_HRZ4UQtH30B0)%39okJln?lZ76oL0)btF&$jJMf zyW+KSBO(O$P_sF#3*d8KUSitJ&VS89^lP~5*Dy($=A6Yt-(#=ZRtZ4-7FwDzi|(Q% zT07ujL~#10=6be4gK`CfT@D<879fZnq*lm-`zJ0;^h4L2M}=mETeT7I6=g0iuC6hQ zBg3PxbM?SVPed_z0fa;r&`_x8vd9PWN8#V13V-(L<^`5rYRHh@c=DBpRmtj)X6Gkq z%-iBpv1iu*DYCOWBhI7F@n?B_i8RFXgvMw zHW4#!nPzZPK-%g{kxaJIp(|IIH=Zl-UJS<$_K+*i?MaL=*v_}1XZ(gtUb%NspYKy+ z{XDH8(b(===hB#`ZY6Va*4oc)S~i3(rB5J_Q?^oc%Yeqh!dV3|ZQi@)7OcrCVg5S% zQ$Ku2VMsmX%KjLRh*ywFKFJY)L)OI2;ata2U$gDdt!G@5egB0l>hbtLbsU&7Po z10yXJ5GFxvhP25R+gC9q}MOWNmIijJ=ft*dl*tw zD$tr>SV5!*q2&s%=K;t!qo9QVsBFnZP6^qZgiBQ!6tNbMFAOEZ1oGCeXslN;{vZlG?H ze8A_~37LEB^bEJ#UA2DIN3Nw|-^`~Lph1Hgzkc98&AhdpT?|@deY>ULv!G{WWNao> zH57{#3$ug=!{8fS4Hf8$@F@`NLJ%pEs{>_)9zGFa_6blkjX5R)eUhyz2)>*&y+8}X z6>>GvgAOJqQp!dJYI6U!XMC^JX=Kf>wK>+?&z<39OgNuSv(Az6X9`@^fgg~^nt&G;E zN=_y`q3sr8YBfo6{EWy9l;})a>P*Jm%CRoZw*mp2PoH1kU&nKu_wH3GFWs7rm(xYQ z2klwTWE+(Gr-HkuJ9r11R>6tQ-EnThf!+1cXhjd6@51zjk&EF|b8DUWyq#flWE|?g zv~m1aN_tP?yaW9vzN}sRKaMGySI>>~XcsIj#}>$kztCw+6?OQ?zhlF7lPNpPn+N)z zdWJ2_!56v%v^*$y`PS%GSULG>IA2G$b`^U|K2~sn+ zWjh9DwDs?(9O+J^F!~6%w0~(IT9CvkU7SDo_#FS|g6bW3k5L*cE);e3xm?w$IYXEG zi(s#_3xA{F9vmPuBCVInc6G8TaC-Z!5@v5~CZbqC9B|gpHzvX2imgLfgnwID9FkC&@8~Lrw7SkpDh-UlrT8X*U{J}bSmUu zQcJUXXg?l7r3GUiKe~a34<9B9E@fqUC=f_N1^#!dU&&o?s?Z^GGQP}(=oGT_PZ=2j z4iX1~*1UIH8R;SIqn|u;%DaGRjzPSpghw#ZMTzUe39ibe|7Zc$Q$*ME{fQFiD=WUA z9YoKpP`<$Fdq3sHn;!j&ryt%v4&Ekjp0nOZ?odOss-K16qO_wO8(VGbvg<<7CRNU- zM)`56TOC)QVl19rKX~8``cAC#^Z|_ z%mHTEx0Br&1g@m@XC~~wc+qQNMww$-GW6J#gSY5=^QxdSyCW0z8a0o{o7tD`gxb1f z_FXZ}ESckxZ8;~DWL>t&McViCVsM=-d;GJTVqQ~MpB{GEo&9Xjk%Hn8abuMyZ5$tO z%~z;%3Z^@2B|EZHnR;HEv{Mj%d;dlIa(tksL3Q5{^9nITlZ%(8>W;4e8Lp+E&fOos zH__aV_ne7%->0#PormdC=NVm#Uf-NI-=WvHTyZ=3=UA*6oqXx1M!{)TrReurg+G?V zwf*^2@3Nlh@{m{1>x>=>N_8Dq=b*dlm+rjJOD3ddn|DjGahCf1>o%-&mSvl0jDN}w zR&TU(`*o!^n87S)ZrSJU!`Kq1>|fjzVc#jO{*v&X(U$FdY83` zxU*CAGtMma=GzGxX$swolMx2g`*PHFR(x1Rowk)mLDQ1&QpDV@R2jbX?cs7xx}!PT z>2Q*Zuf-I-TZ?~ey1Htr7|?`JQBeT`Al~eB=lMebXk5o3YP`$y01 zTIAA((~d}op0rg+>xDq^&LZvd0tQU4+nn#d0_hU-d-o1N?QD9|= z#*VW}1J_dT@~LT8v3+uFR!jRD8z1cxrIzwYJzN5(G3=$&xh3L~Q+~S@9Yk(Ic5D}3 zb(X!#S16=E$)Jq6Jg2=`N^pXoOHhQ- zNce)zF*+yJFOO66^6|ks7mX}K#wnmDBI5kV8j2-Z9ADx(3p#3ZBOtTtNv7wUxC;53 z^NKs-X{Gb-cnM`G*WS+0T%I}UA|mxn>~xsHyAY@Z|L{)EiBA9$500?UR5?M)SGqlVvto8oJnfBCCnjlM$ zfbbW6KD8do0^z^EF0@`Tr%y|ZsCby{ls>z`yr5R?vYF?#Ee!?kpBn>zE)}en%V^NH zFewRr{lIWtI_2*{Y5QfvwU_tNxAwUH*(KK>F`~Kbx#wz^j}*A}Embf%%jty{?PL4? zUb}4m(o#g#-E~d#M{7UbclMrN(!DI6k#;kx{q?#gXNQ14mxt|R-^xcH9lD$txhP-h zv~+Us={*ZoYE_9iy+;@NO{4YJ)?|*mB<_Ejx~KBu*OFk(59(G7GpJtAB@17VsW&li zP*MAKJzw>-lWS1TjP;65xNq0fT-8_*nqU{-qgBnp8QgvMorUD1H*ps&Y!aGvwSLrE zwC(vXmmu|nx5#+AtC|$fqBHbaDiz+g=U)7roTFr{4X^V5+-q%WIFp@u^@Ch0jmy*# zsSWA*LwS{5+9uD83+t{99?{V=JMI^(n#n6wp828mjqN#Lw| z^jso-OT8UyWjEZa`tj${OKYDwpYWADviz$m=a@l@$Nquv?2Sy?UspXB6Ik5tHp8vP zSorvMTlU67Ty%6o@~dk`roto6`f@<7p|M_0>f3y9F6x~rpPbonF^jfsN(*8BYU|f9 znrBp+w5jgfMcJ`XEA5zkK9R#|p6}GD&j~s=EoNrq179k!tE4A=`-&F&)TYSw={F-+Ka;VZAx%OY2QNj=bDpW#qu?ZQf9uHf_jK$eG zxlR}v{h{t0qrAs=@tt+KFu89|{!*}KaqVeoM-C3%=uC!TG=VXP=Ksb4$W0;iCM{7YB0q6n`}m z-LX-89chKq(UoZZXG-V)&ZqpJz2^V3@Af%E@Q?#2V~J-olar+}XaDv?PnDm1wb%8@ z{9XQdj|lPv9zN8MGXJ+jdc7k^VF?{JB`D(NP!yaiBLYwS&qg6`U)TGP&I`g(LWb9@ zp=B$_44@Un(E|$EVE3889~dVHBHbh)7d?0eTO*E(RKR?N57=GK!eg=>{4_W--S0!&`WE3{20WuJTLPhw?-b99LX;pW~oS*8~vfDrtY!IjS zb-jyGL8RA((HwuPIp}8~6amcYoU85fRn}1*8{l z&G+fk6IeG25n?W$D1|7U3j7C^od5n6pP^zP3Ur8wAl!pT=Gd`gM2dy_+;VQx04xxt zKh%!6D1eIa2$R5$LTXNW6!yK(u1+4brK3n7V6CdDIu6?AHJ%}PCXgdeVcgRSVwi*6 zTby4rtN709jSoFMUO}etYowV8CRuo0U_t8uovRDHG>joUaKo{>fB6irnIgKOR4N!o zxICY`47V2#WQhxWp8hP zb79sJZaXC?pDw>s)`7dofB%I$;NQ^BJ`LRn>aYmAu{Mav7(R>h`*0sT_zbt9e5k*9egbq@)!}Mrt87wDCfKbE_iccVbi>!D+z-cgG zMv$uz^(s;v4qr!SC$S9Kciv+nBi*1>!rm|lcI_tGFQ`jMZwTX(R>I%%6|)OZL$nKd zdwx}wKy$Y<424j|GRw=$qrS7*)_Y)D!FIl!DF2D84y|orK56K{4NCoWkVmp6OL?&Q ziaw5_{f)j7W~yZ*n71BT0C5(Vl_>Bm# zm6`eBy?d*{U^+p@40)VCwuI&H!OMW?WHjzi$P{q(y@&!-=^0!^K@XdU9`+1rFXD>y zgUUxSXoQS80~7R!NuUz`Nh(sJlMz;sJj9?mfjLuN7&PoM+qw2%ku{jXgEltLV(Ot@ zX0taPY0nMEo(_fJrzY7@iTIXbEFNe`+yer&)PL6ClU4s_7)gj{0%EyjbnJoOWg+ZR zg_4d6dxpr@&@Utap3G%Lk3=QYmXAq5Q~%dMH5g9;`Bsz(f4hjNxV;gNL+T9dvY@&Z zf!GM{ph5@_@wm%k>@I}eHO%O(f{qYRC=qS~%!V+!rU_jn5uG85et|ac+&)V;ltGtr zoG6z9g#gtM^bTB&V}Z4#i%k50G6AP(J~lpd%E@rZ5atP% z2H|H1uDoZ);WB{w01B}eBv6z2YM?u??rUG$g~R-JQD=B172+N-%91V+IO>eM7|LL z^Tt5&Z9jZdJNg!$2q#KQV)4{1ctq?JBKS4D9#rVpXOHbM|>@n($ zTltL}EM`w!K2Y@x26teht@3*nUo7X!Ei5dL-QB5SLl%B!41v{Kg9#il#Jn|b_;r$D z6&s0}5aLso=K5h^QGRp&Hf#!0n3ziXP@yqPEAZyWJhpNsv8X`-S=7`N47L1uz-mw` zi76=+iTsfG4%Wxhx_NqTgm{ivn$g&@LL|dwABN&D+-Y(>n0jmYUk;ko-30MNEMti9 zZ_mG4iN|vtUE=h%2gBYoXdWYL7}dwIB5Ofj>yDi({U?NTZZJr3iHZyy20{omo(zN~ z#TS-sVzDK=0nN8tmjjVsYJ{^BtuZU@Xk)3!KIAM6?}I;LCoyUxLNiO)k5j9SBhx*= zSU_x_wKaa6kfLEK-j#1UhC>j>UWZ?$C5u7^qv)%;j-5i>Wh4ayTp=~82{xz* z5hMO_h!+Xhj=^c)Ac|M$70x(y-C70;N?OxUlBD3LgApT)L*~&qvBVUvkb1LI%{+en zsPl)+%*>xQ+wr;g!HHrI=))=sKigKEp zOsAB+exh$@O0l;WG_Ki8ym}~)OYl^0Ico&7BJ$R1t%M+ySY%zz=qM$+be@Swo}Z!2O*4*00^#$ zPp0>3K%V%?eu4v1RSd`}`nUk`A1oDQra@On$1#w5Z{dw3OdI?-yEr)RAfi|zp`3WE zd5VpQji5$OfMyZbcGz*67xq`scF*}wL9B8L2hh^mn#{GvfTsjZiG=jgw^#Q!G9s*s zPz*QZIAwIV82Kz4|o!*S9K8b=YvAk7uk zI2-f&wIJNJ{8~BXAr?8Z#8L!HEY2)R-_T%IyHE1j`rc7a(#L=`YSM~UMYM+h6bj}1#4>>5O_p2u9>x^u8B9$5soiOl=elSfZB+vNdH5)f> z1aEK#k&y!Mk#5<&1}AY3ADz>r{(g<<}Ko|=R_k|i;dQyC*Hls?!rvX0?F0D1-j zrYB?m2WBQsvc%J~Y}7lw^X7^S*OyayE#f3O$;n>KWD^z~{PVX6FC~h-+_gVb!RLZ-w*d~_*@nsEV zmnZ@P@#=wIj~)^G7RGn=y~{$E0$h(jud1+;&_6?$7X0Y1m4yceUX5FtMMcsoJFY0LBZhgSjdQyxs;ARXFAf zv;_%XhuI*wcg-NSH8xcbT!ei%Mddc3GcIDcj;;lO2|$vj{+a!d98H{+0~#5>_KcJP z`;Zt0Ud-p010@5Q;sK5?%;QK6<^jLMou{`WRYc>A5H~ZH_(^cE94b!O0DOMhdwO|6 zlk1Q0OX^%4>A<&PK%7&sE>B<#;1l@e(dI&LcOx3|SE5h*1DYg5$3}uL9vl0gW?v1B z(~&|&_96?=&0toE4?5wUgM)HDY?2DOd&tBez&s3%amQn=MSmZ9y5#&Vu&5(bG^U#E z#Ju#+rKKCr=IV&pjjBUY;QiqPA3T5&=mrOAhFF>xYh!8ucn9DKqF?~2P2v*FJY~O{ zKxiicutHQPj}#&NVdJ`W+8CVSFQC=-(UgF8mcviL$lXF=#yfu@;?#O12ei_NHDxbs zJ2T&N3EYSN9>+mfp#BGD1i49Z| zlYM|09R!*kq65BLrOztefwY&rp0M#KgOqr;H)YxhK)*=oskdlMTFt~1_<+k5{-o8D zVGFI9?K8qVywITNk<|8O!Dyav7-=uQR}rdB0^HU!4w~7lh@Hb`yP5g$&0VM^Fk0gQ zDo_j)qCr0(_Ds_Qcw>48InIZ<;6dsE7m<1plNIz;@hui7(YhuzBdQi$`=@_s`Y-kuDvHQRQ54?{M zJ|tQ(bc0(|6es);I43{r|94o$|pE_wo8VNSQAk9Yg{$B(5Sqv^0pN=~Y|?TtKK9^Q2>2nk zSk&gg1dU;J!CtE;Eyj?oCPlI%Ws zFy+`a7aXlhYyuBY&q!=wGT{iWYAlDGFNe%5AR%n9k@)!NZ8t#moC_B1M3@4UbC@0` z75ekHZCElg3ONzQ85OWa5l{za2@qsH=DNId<3`W5=F;5UrPg$Zk!vBVDFlOc)7qL0 zxWxM)I5xrr1U*|8rrZ#Z5WN~UUL%-BSy@?Bt<G$|t*>fDAEU zs|043n|5~n*e3;*mHcHc5ANN=1|^O=;%vji;l&gkID9W;*;`_`z;Oi0TMNAVpr=5= zg+RsuuKY~(ob1?~cWW*7sGw}ciP&Kl3125~tBMu^lSRl}_ z0B|})tciejk9Qp8E}F^%q6b>)fQnx|+u<2b&19wc7*(UI>uc=~m>!Km5T+KvBW>Bu z{t2)bR%65f*ow`^045bmDpBDaxcGV<5`#;}xn#s8IQhuHq!s@w#{_WVFP@L;yqVI=w&HX7I@a9i{H7pt%l9y;u`oDcdxP9@XX6nYGAx(?0 z7#V;}w{iQ`-h|$(p~FZXj;=$r;XEmotQN{*A&vm!@D(F4KiQ7#AYl&=mWqs@1i1r( zive+uFq@woesfcSr7c3`joHIk7&1T&jaQ5bTX{A&bE3&4-k|9U*3r1;^?F=XB!oez z#U_N>HwoF{?;7JWDN|fzR1cC9QK8~pp4Wl2B(Z=LJmfe+)$QFZi!9}e@3p~L_*=L4 zx?ph$CPuCo!30c{?z1SN6^6EL+eSuoVzkbo*2MCTzP>^-!2l~6gxN1BU>eQ)F$sjs zqDI&!#VfpT1qeS$tu6pL=j@oUtL0G1iTq$jGtkR=kWM8qhS&}J(oQIyD1+0tT(Aw)*J8 zD^-&vQpB{@^q81m-?{^ti-cd`{eU?8qQu3I69fm>n?&MdZ#@bA8BWEwMN1>6U}9nD z6%e7TsfESGatu@;&*e$Jfgor?oA4FH8=*+|k47``vW8>&(h^HVj zqY_FWk)x5^`%xcuc$DbsIIX!l{vX$zQBVLMJs>`abeQ}0!NzyGr3M_P{%j)AlS^>j z1=t|mqB-vNU_1a?p<6z`Wx+&7N8`mVMOV?XPAe0TJ8OpN)y3({#{(Ub0NkihvLYa= zjJQNtPsP&#m4k5d=5grIQQ=iL#UDH=iP;V!@dpcDSy3GFh6`alIB|qe22I$$gfnfI z<`>;$WX=)qY1+U)NM9r*jL)KNvum#BGVCrKfa+=YJs4$3n(~^{6wz&rNOaIyaWo~Q z)!sN?0XO)s&2FF{{X6_NBIN3bkF;aA>@AWX%RNgRlGo7aFDDn$buz;2!;r;?J-Qk5?31LMvlj8p@5v8-35^}a^Z;%}S%}p|s&zi!!vkZ|p}r!l-Lwl8O5zB=AR>um-Ov>bp31tNZnv`HhhPnq*^_9jtIb zqyQ6RnOdr>+wlTBC|t<#^6Ba^UM>yj(YeLF2{TIw(K}f4U|bCpC-q&oZd>1PIK1eg zOKn4VT1)D^d#^EHZt~>95bg7X-+K=p^n?t1l6WA(_9wGG(KxUGqiH&gnmic;kyTdr z^mjNECSIv1=AX0Us>im@6ma}Wx9@VBV@Xz;cDRxmL7Xi+xp*Zk+MHl5&HO@Lxdq@f zRKfz87^R?)@wBjFhF}rc(}5onf3;A@KTLJ*GUs)MOP#KHUcy7nOr?{U=0XIX+x~FU zI@=cgLDF4*a+h98#WUI>Au=l1t!7K&&6|C2IiQK*kaBSq_W;O1K;ri^nmYAwSOSzu zTQ~dJ_$E<~`}s#Y^f3-&?~Yis!e3}Jn0z#+*?z)6dy3THX;}wiv>Mvl4T__Vdme&c zrNL07ZV-y)#24Wt!-<-9q{+-tMvswE-Wlm3!BX*5;!ZTgBBTYv5=MbL*9_vi?KyStbm+mKzPnX z;34k=Z*<5>p>}tO81D94?NX7V3hH6PgdYHZ$gAq^IB#F7HM*$zN9iu)L$gSA1krYQ znwoq`gY<-;YhPZPy{GgLrkVn5fnYqzoiy#!L?y&n1vQrJB~qF+oEj-K*@d>1vzlTZ z>ytLFU!Q(?^J7%AH21IM>K7&f$fu+##)WDQ>FWCy&^*{B%NjuScY3`&8MPSZNnzY{ z-14BB9|M~5^mKHzK4k?BhScEgV!3o!A*^qP3U64Xta`%HMRJ1zEs|0Q&Y|3~Wq^|9GUBiR2YQc~{fR6dzmFGP{SWTj$JQ!c z3J{`Mv?2R_jNcn^PGQyXiM3qUz7%qZS61jUQ(^Mt$pz0p_LG$jc32pHVB5z+8F0}3 zeHHw;&mPWt&m}|xJ5YJK&Y^;jPzS+0@u6oEn@eS`U4IeOWvX5^7z+>Qr>V=fj;HACR~z zKYB@if)m#lRhB^d8Tzn#(6vuL@yM5RI+=mA;a$#<+c+1IIUXrkt$uWZ##-#Mh)Pt z3x@eT*;AYCPcNn5pv`WOhZA?=?x~{DFw-QYo0^$Hm1%yQI2{s8_^yC2P!PmprpvAM z`O!mD`B9|n!Z%V7h`4#$nYUvmv!U^m@a_DKGADkBp=ZtJ;n(m(v!^OypG^OnwuO+f z4^KDNfvoWqNzv5U+j^SX@0-84;M{qda~olBT^P**^6G*w2&RJV`tWJxCW=Y)XgW0X z5rlq@NEC)y$XbLZ^e($gSnfLX4y?BLAs)eq0NcUCMo>ADN=?meE9+as@7cG1e}`qf z2I|;HG_cI+wwnC)GCVtX3mXHF$o}QI#>Pg=!dSs?@mTpR)vYGd%-}xBZr>Uk*Yg%( z_ktX>N_L5MP_ja*ftjGG!a}#OaH`qEJ6%b??mT?x3tc3>hKB@9>TquUKqxZ(d1)zU zjLG(30mMkfX)T{-iZ1*Mmu|1#rtuP0hVVHiy&&7!1xjyBbR&)Ys$X!D^nyY+oUQLt z{aiWUJycgVmCI2yshTI)_u`vvIR;{10--(v1Hou}9zYp72xV9IMC~>uwE7qLAh>q}i*jyy*^MN=sY{r1L<{jkXa@#NnCSw6Fq-a=GZcl zF$i1W9d$m>$p8sB{tgoDaJh-ZD8VL?Bw*KQTe&~5(4%9*y5eA5(jb38Ob`!btND*V z_t3P|291R|TdCvCyH}hFPvRM%LhU4|v=0xW+>!@37)ga31#^HMy)UA~2W2N4n-tbM z5R{6ZCG(X7b3ToJw|8$)kF&3n+S{6iq=bvu1l$@GlC;(&n`SD-U%=!cYXki~Nqz)2 zN1lxJg*66yP!O8v8cJCN0ogmu$`q-H_>brD8ULm7%> z(7j?50|c*oQ=Rg0;f+V6TM7CnT-k_Srr`8XR41zjn>U6QA9S%tY9cJOyH>YUY))P^|4@^DVdK11f&Zs7I(e#v)=h&<9OhuGlGu0C!9kbvElBI zJXbMfOl4fw$4Oh}_rISOs8rsoOnqo(R!L7;^*3(6_D^Xc+f(Ve)0GxUE}Ms{C-w!z zv%+u7%8r-mbg%F=6H{kr*5pl{OTwf_0k!eh;3Yc2P9)0_JyL~95%&;heSW%$frp`i z!5gM`*}#1HPVMuR#Nz<5njPU@eVxZzK{es8lv!In=9qtS%l3sq(10Cpjw&nN(DhdN zUa&f0*eCX)KrRruaU|DO04YJAsH&o_ z=d}+p_Rl!M{&CuB^`oA_tDLeiJv9pU)0{Hp=H9P0q_dv6YC;eJ$0b^Ej?S+;3*KU?tUxQo6QSH=7}o>M2z^xve{ z6xoRHYJ_(DDeYyBE#wNDu7B7j4f|&J*I>~9!div?MQ%y|OLFV)Z!683StM7EQgQ2; z8Xj*|910`hG({!xM1_0?*@prYYVg%RM5DDAM<@7e3%aVc>{;u7l2C4@VW$K@i_k^; z^EO@i_Rh4=Ai(Mx1F?WIFV1UtZvc@DYwz6J6CodsT2wePabN_BSp-H*A2ae7rf~Um zWYkNRWwP+wKqMqiv$f4WtvXCCoJBJvQcx4NyBL-n~49>!h(ExqU9Ljf4mgA5KBsT`0Pp|1`pfANof5 zDx#3c4T-`M;cp_k6ewqeOB4Oleo-;R(_S^w9$2t_U(h4T0 zcaQW#vC4aoTmRW|snClWJq0{eU3DCmzhdPuQbc6`C0d zBB$A;Wry3ea*Ns`Fr@FduDv8dC zGU7He+VB0jNNQE*(*Je|BdE;xT?e4g{G2J)a<##OVS7+&Za}t1m1!DzS!mUNNsm8g z{Fi7!Vez0phuZwV2owIb=)S5YQjMN&?eo7osP#IcXA2c{(0j=4-(SryrQ=gc5uU;iR5s@g?i z2`y#kn)@V6^Mi`kx3#i1($NY%v+>!Of#}A;q%|?k;yk)lFaGkD`<3+Dik(G@{mJTe)9y64M`SxZ4?c`!&q2@YSoum`&{9Rnk8k z26i*MMJKLT@7_P7U?f1ni9-nf{NgI_Oy9}j?tt7Sot;bAO8}J}D@yumET=9K}=c!uKZ1y?Q=WJF6I!68Q4#doMVoB5VAQMK;|DrnsXdrO!#-< zo*|eQf`*wGYsXn%GNbyC*p(|xY8wVp75Q?VfVJEqqLWKW?)%Ca0f~dy%5z_`P=QN@ z8F%g79^=JrDu%0}@|Fk%8l`>-!Co*W$UISl^$52PXhR3b+K0a0Y+5QuL_dHoUKK1H zlk^ne_PgNeamP-<;Xv5i@n(d=o!2Z`Pcbf<9k>hy!$a+i)Z~Vv$^Vq|!eU4ldB{rB{Zqf~hJ|jLKrmo)43+aIg z->g_ReE4u~ee@vHp45{6n8NIGW`vfF)L?|}{=Ul5!hD9t%?;B&c&DF1s4>yiTWJlC z^nptGc%V45jpcu!ukpvIrnkIaT!hXN0hM4&=ZZrdyuNf;Z6r8BD$=ALOtI=SrirpntLRi0fErrcs~^-8=<#=U$2Fs;S@^ zq&Un2>=u6QHgdK98p6y+&fm!BY2XAhoYQxf_ZJ!I_(5Mz$S~09A*mVlgg`e5h#e{l zbwKaa;fRGRDcexY4F|gtGg7F@b2vXtg}Lm|@|wS?KlVuO$!M( zj{?^c@^H22B}`(#!6THl0f2yS+l?rr{fl<{Ov>TWe3y7Y&@ksf87UBV!Wd{hZq&)v zMN{|-^*ObeRBl?ey3?ykhBv@@RME9yi!H>AAUGZFfabAV1CUVDHnEfAiz;B;BX=Qv z+iI$KVAh$-p%ee^qH=wKO+OdniK?`T7@c5bA9P`F(trehs25Zq)t=?^KP)ZNwJmA1 z5{HZ-GO=pqf2#2Qr-jPDj2HhbtmJ(&aiHztZ~fl?k9N0zD&nI*3{)_{A8TCJV=mOl zmjo-855v(_x?xvZ;C9L?$6ulhl8{`zAUj==wjDf3=ue*4|Dyk<2QoI$6d6k~Uc=Vb zR!UDq6Tjr{XUoQG7lt(2>Cc%XSY&hmg6Gfa==}2ZN_Vb^{$zl3V_CD{TF?H6HPe#k zVYYEdb%1IYA{A^|0X|ctd@D#I`99u2XU2Tv(>nVIMlcU|@18ckDr~p?mYn?LUAHhL zY5)HHr#ZfeKRS7FXmV+(0DP`sOeM%B zazMC6qe`Ay9=tDLB8^JeTML(6x$U2%IDcD~-C%bKT~fPa&BqnzmD;rrB?r7YJa|U8 zeyYE9xPQQV#jeLXoxKl)jdUuK{_(A`+2HIQ-L7XRMF;d8J8-30cJGM=2_^G)Ydlts zU;h1M`#pNjw&58EeKrh8KT<5$GPy^_?dcsdw@%a0m=x0R&eEGBeAghO<;zb4 ziI4S3T|RXaoZi`U=f)~4oA5kWuU&gw9&N}Hb8~YGROjuHQWA+#r@Pj22?+_KM~<9D z0I*1OiDIm7-#&fLpj$Cquwa2m4Vb}mh4ioAfB_dSUpDcZZ)_ZjW+>|X`PrZ*2+~we zJx~dpGnuIk^-X(a_CF1tW%!*Kq!v$Z8NH5)T-+=qoHPMsPHVdRcf znu}+Fp`lNBPI5iTgaZ&8g8`4HELYy@> zV8RTl+e7kEk&*g{g-t=?7a)F5n z2l_iKG%ZdXxN_~)xN)sd|j#i`W9nL%U^+;)PHg}XDnEKGrG^wBSz>_ zU@rRk=bfN6rElM!=F$Fma27~`g(KOPoyMu-{{ADocI}GEg@U%Wwcq@uOO@Es*nArL z;W&8g#EEl|;0Au=-hp9VyF4ZqUJ=;2tW5Xrxd7{3WA$QPlSY2NKD?zq7r4fD!az0Z zQ^#e9Rf^|ZSd5{zG6-rGK1uQhDAy-@v|O*Os#52BG$&8aeEir1I`tWM*%e~?ILqtC z7=`(T!*y8@)Q+DyQ}SB+hxgvl>L`?CHcgawRr+oF`iItl`6t$wzj+fzNO!qFZ=pY< zCa*bC`z<FoUwO znP+c2iuRzq124YHPO3v4V^I0Zy0on9EOL;@n3#E(6y!l<9P{%#-O{oh5x-1btk=+t z!a^%oSJy$>9!c_15fQUsYOGfCcAvg_rRbA-no`?UQ-c#ZH(1O3#~**}n74`@(RMdD zc`5v7E{^G!xV9@0&pzc{pT`9;>f*&YU3Sg*@ZrOlF=KL3u<)j}on2j@VKLip$dGXc zY*_{l7%y0GTs+ju%JX@73)R)tqr$^=c%}cy9@=5%EPMM%E~kiyh>_2pK8=ixHD=z0 z)oOU^(vlJ^&W9NgLQgz>`cyvZi$^$1mbm5fX~q6Ntd=Vfl9XImiR8|i38gFB@Nkpc zb}4ypMV3koDVqZ~pvC3o-hlbh(2lDC`}h0$o(KsEfyrAD9i;7f`*wSqTh*;jBr}Lu z!bw08e<-M^n6kxH21@Tgbm*f-vm|sK1i`aMk3tEWhLx}42lVcp8|_5-nVFN5#~Ur< zWs)|}uKcwE)$%h^%wtE7o2qL9$Rx8MUVRkpUax>+uUSA-5Y|yP3wh$R*U#4=`ky@abc0VO!&fDNhBIxpZ@PY zzK&|UZjW@s)3U$#J&*J@4dG8~!A`5>rLw*|JUqIIm(f_W_-i-ub&XJKfA_ZGEBEe^ zUFphKyhe3V^%P%N*73Xl!^bWkpG<2nhf%+EzM-L^X2V)n*DGM#g9Xgj6u?@-fvQtP zFTK)3{KA>3p$}TVH8(fBzi>@f+QW|xeUY`*dsaU~otAd)Dd|lUy+#$0-Ma8lJhiT3 z@y>p5^m6OO`$+C$SAI!*>cEz^Tz(MN%*E|hQPEP4^^n~7oxI^~$Tf}y2gi`NH@yFq zBVJZoY7g$;`fAGS?&U7*tSm`y|$x7QrB0m@pO)PN^lbh zlR64p`lQ|?4PNBtb~8MuEPxPG`}M0ocLEMT(eFfy$;k;eJHZ&vfeBg2$xYcL7J(U! zqe%US(5&itb+`f9-&sKnJAFXfY|XuncBLeNMt~~`3F)>f8Tt8({7S2;F68E#iU3Ru z$EyAm@5@$g(9Hv%sb4K%tA-U3-S&WHkp~3xsbpv9L603zh`@T{@hsQeg6EIvuDp{ z*sEo((a5q@seqBmE3vb)8#8vS*}{eX@RlPCXp7Hh)Z(zC8R2npDrIG572u?K&eU&_ zfJ+95cFc$(w3GR^zsRA0tz(*$ivz^fYOpQNb>g=A^KdOuJbtH*C#bKZ6n&wrQJX-R+$q~cl^Ql=IVoN zt12?>^O2FpxKsj+-Bhg4Oiw@TG>RArW0`L_{+7JKOUP4d^yuvDY^M@52fHbg&Qkb} z*3ig%IY3;~gQjjv2;N#A=&|*C<%GTi25kP8c5fHqni}$=R7Dm#tc%4)fhxLiW0O7G zl0eXj(ZisUb#--lTw^9ocw|AgIXeEuMd~2UNs~q^DrQeULxlaSY_b%vYYp*cw4Prw{DT0-B~VcxoxeLm6g-3urfhP>+EkOCCy*5#4#wP@g`wkY=Z9Hx*g%% zfGLIn=j&Hm*4}{cZ?9EL*@FSySS_vXu{VcCIsaI`%dL$R;O1^s5)DS&g)KQqP-cEl zqSY64LtMl2Nd@bbnd74O%30!GR#6cJ%#`x6%d%9*-o8`(-M{|K&Bdo&fa|SpY}D=7 zuir}?!;^y<%`lD){Pyi~(wZ@fiq&CPkn1FLxl?rY3#zK~=g((0IrDaCPmV&F>2g8+ z)C2JpJ-(FCc`$YkDIiV`gPF4vL4ESV7-F z6P-3UlQOixhDDW2zsnp7nI{1M%}?Q=FM_dNf=!Dgdqsn0!e`_&Qc`9BMLeO(6Zr*b zkUMjLE8o8ti42ZVF70jZBE{>}$;HiCS}Tgojd>W#B0=Egljn8s+4F;GNolD(=qoE{ z;D@@B+F+zXP{Z(OVjzqQmk^0y3}Bmd<0LL#S?{6Os-IwuAJ)+177(mdvj4z=`KG3R z1dL~Sc@ao8xNY03gnh6`#CbGou9fp21W#SkvuDq|65cwOY97~IJz7}CX+|4;pyaV< zC+*+2&t&b|Xn2KlR4dkgbqr^Qn_VEmMlRR%)@Qu!x^SaNIImALqLSCl%)4(w^K@skHnXK1ZR_ecXCLurbU zAW}n!26xUZ&j)sYoII|j9Z`IAAZNRwvNx*BsWH(pF$)2Ieb*H;<}~v4>(?_Fd=Fgg zN~1E9V|#8XkP(GRa&j_0KxwkY-?fE!ToZ9q)@WDnwnr5kx_i3ctr0PO%ktQFGU6+1 zB&we8r~Lk1clzuK)E1wMmD>H^K6cz3lAQc?uZa4RF8}x|xHoy0`x@;euu8mUq-D#A zFFu#t{o|vThxu3YB})qAPIMNZuRCI;*Y#Ab`0KLB6)#4Kzx?O-{`E8eu8&^r9Vgw* W?Pr{$x?TJ`2D^FIJPKQtQv literal 0 HcmV?d00001 diff --git a/docs/guides/auto-backup/workload/images/statefulset_repo.png b/docs/guides/auto-backup/workload/images/statefulset_repo.png new file mode 100644 index 0000000000000000000000000000000000000000..fa0700e8a03386a1f4c1399ee645eae1458635f9 GIT binary patch literal 52604 zcmd42WmH^2vo=bAKyZQv4L3+ZUgm5$QfI{B!`yHClweDE@MFxlNjIwMv!hxtDeBs>$!;`Pj>X@Ba08IFY!R>Zexv+r?CXmqkPPC* zRu)+av<<_2qKYUk23)U$5Z8C)sXslw7c-Df694OM(yhO+8k0v;)8%~YL(`w19$Ni21ji^?3RxS0W5zL7YYWq3&_>fNzko#P z4%RG5{#=-8Yz|FeXAwodL*c`z#kt}7JD}}urDw=1abxbL1u^VwKPL7Rtp)qT#>OB` zsy-tmF`YC|i>z0dxeBT6J#Fz|qf%W0yu7;?K9V0aYj$|7>dB+qFNd~_7MmL)`P8{F zmo6t}MqtqfTDExVzK|MU$o2MV64^Ka6C7)(bkQ*#=x=QzmTe)(g%*(0XAT6x+s|9l z33c4C`qL@xcXAW*VJJBxW4CEcli$5yOE2v%pUEMRB%1p2&_&)_Pd~NXXgbhcZE-Vw zo4IJgubm!xJ`gbg%TQ4t7gM%+p+~bWS9u_vGwbAOX zsoLRT?gdBq8%X~7%}=q+2MZ*j7W+U5HMfl`(S+V=H-#dl*>Rw4L`cXWZlkL;Vz_DU zuNBKmLnro%4zPq%NtX@x>zc-wk>c#1Pujr4s99Lk2YKh#gCgsn)K5@)!k`F^hE7f$ zx{PGn&CJUP$?R-?CN_e9->*QRsD&~G9{!#mA(40s-5lp=l!g^ik$2Wd=7&! z#;HE{1r%XC4d1VV7?&##-x&7INHhzlxxE~qKt?(enUyn4mP1I-|Tx?J{vxlV7O_~OCfHnMxE zD^#~!r{hr-N?ow~$0hC+%w-t^-+Bg5zx&a|nvMorz<9@3UZ2(AFM4GAUo30gw5~^E z{*KMcc+t*s)WgMf#M6Ww3(U*QR^iK8!p8NS9R{ndG2)iQ>-4ks-ocv!Nb16=G-{e# zeWuFnfsGQ($C8nYJF8xMTlm{lYY`DNBL$B_!xZ9&o$0Z~bI_2%(;kj7g>bWy)SkZ+ zA!l%^uAGvXCT294Z7OLsdKYSD^>We(&?|;58@sI-BAo1lhm#%O<9ebDm-2#Jf=HXp6+EM4b zYxTcR!&}>ZwSV9G7P7udS!_Z{o1-)t8$Xe45flu&9#(QUeO>eC4);bCC#wULzC+yn z958E9`c-mNTzmu?Jx~W0^eZFV#rn5%lZ7B**!Js}-W>~zD&N?cPD^#ZKWG0Q=Hi7be}QAZh(b+cMhB*^?iacTU&Zy~)ofQOfO?yN>>d!Q#y8@~Rhy z@W#MA)iLY+5_rL4@6V<^Z!gDJBow-bf4EOig48Zu5qeqsQlcOuL)+02Ij07UR(ckO zSVgVAAaq`YhRDshw5ZeBEUuc8`Qo^mckvVQCTgyTLlhZpbE~4B=m$x;zxM6SMqP%s zVU|wSG;z8Zo2PA51GNWu3pZ1cm91bMNz$FCMEMb+ITuoVWWL~#0V+WhWmB^%!G^$Z z2^-Mtp+(bSNPgh*)YN$Xn0)+feK3-fAz}^0_#~vKmot>EzHNXtmfIG?ZFwAI&ID~B zwQrwsU1Dwki~`aVU!nlAQmU^z{zz(af(7^cax<+Dhm_f_kG0uMzOU~15tm1nYGJ)+ zs8t@?_tXM#B30*cu4^mHL{8uhz>5H`Lm`MZ)5K{iIWesl2a>C#HT&Wy6|J(UWhvoH zC(_!cd4Y1Wa!-z^GOojGvC$Y5xZ?Bi#C3P4>w4N3CWX&Bpp*dzZ0yUKya%N zSURqEl6X^jAdKqdg&Bn3lym}gpJ;0ymYL?Witk=*VZS?I4R|iVe|WV@Di&`y(b3gd zNHV&4`LiB**YmKOQoW*L1F+xmUc^8&gp=>HhJe}Yg9`rf)G}&s)MoSBRtkL>Q=IMC zHU!&0tIaWBJ{2!nh|WJjJcFRrc5haIEz`qI^SVASFt3DcF)p(=wkf65mRF?fnD52W z;QAu(n|j-4pD$Ur6=lsd9Z*o!k(+klW$r}UO_QJiK5n;k9UnQld~c->%9mV@imH5) z0~+)!!@0NX)Vnr&TmFd3h}U}q*K=`^hjMa;i`?v*ybW>RI9F}BQX2EyQiA7eYasZ8 zgYuBRr$dK}D}xk#ABLJ3GR~gTWbffdU$mqBN*^8GbT0Sk2=&t2d&$e4aK@X$f9c`A zX5l1J$=2ad$U^=jpVkkQ8P_#&y#LeS;(7atFDZ+VxoHdR{RoT{3H$4LftH45yu%F% z8p!;Qy((CU53r-V>(!RB6<1NV206J8MWpT{E*l3m^I)N9s?Ru1#ZB0qb8R+NRonkluA;LjgoV| zdW1Dau-|dM`7MnJKpKsXvOqd6Dw=7$0RWi$Bc(zX?>~iE8|?+{CJQ$mOPST;@q&u4 zBj)xp)8&F_nLS5exl)=#pmkmBTJyClxxeQDjO98q@4Ma-y>s=mvEJJppT+Wa>Dz$X zXNdu93vl-R_d(<4oKT(gG1e9@n@Vtbx-4j!;I7?_@FsL@;3qW~9=%zH5$(mO^XW2i z^oe5Hvh=v(R#Ld+`FKtWe`1y}o3J4sY+P#lXbkZGW~eQKwkFrdq8xfAyK{f^N`@6S z{8q5%T7Qk&2|*3!$G4bP=RQJROy4|@_R?Y-;_D`?(M4U-?D!E1!Rci+!K`%+00oJ> zLy2r-^g^gT9}UO4oo1x2_gxz*&lu1EA(S@_i)BfcwBdsjx2$d61BRMV4XzWhjpk}- zIGte}SgdWxX#2rqx@t*nWXF!vF*jU3!ME@So>RI&Hjqv-^e0Mh%U0%#nk0q^nTWN( zFF!k3d?7ebrZ&Z!So}E6?GPNQ3K-u4+<`GuJ*tY6HO3o*quvd5&KFi=cTitB{zsbQcVjGTZHaJr&zS^&1Qr1`deRdwKNWxa48@n#~$DsAzGrfAgEY z@NX;o?`ub(>-*=E2Al#gG4-i6)!NL1r$1F&Qz@#ltPlC7h5*FwiDr5cgNsF^4Z9T5 z*FUT2v60~pW;BZ_j|GU|$*5hl^7MdD@N>XLU9>!yy_&jgFP44usZC#fmqE=gmxP|< zxnVB#6Zaz|DV=~HU_G+6Mnes?Xo9S%ZdgYx7G1V4+tDkqbNf)NKP6VINj;9fFSdsU z5xjoVGzN;g@X)vVl6)gH$9H?a(=N_cRO}Sh}>veDyZwhhpSWqgaiHhx99i0qZcD8A==)yg}*1 z?J*<)Up*XhNO?jG3F_Qhd+7nxa7ADI(-R;N8Sh&LVMLcznoFQRfLq%i=9p4bx-UEG zrdK>OQKHEDgN_9JfEb|$z;_24JPj_scb*Tb`T*#PwQPwuyJsrodJ@mCTCq+$?nA@d z7$cEfYWb4Iy1_R#?@GNGIkK~B&xKK^9pmg36)0y=CvbuWPs0wu*O%5+2_*mmn~pfR zQvQBvCg$yYLP65F{rpXS+BJ_ zOhFJ9f7HP9n`PGBHoP#+{JOljx!xZF4>uU!(7ys~^2H-xYlmqAjEbmD^5kOG<`ya> zy28hv5Nd?4c{h==@^Gv4w2PXnw8fu!6&Kpf`|t)MbFmGc87K~w_s3s7bR~ZV>ZRIy zv!HC;nZgYV5Y@=7o^Qd>8y^h#T@5Gwu;}rU9MLN{LJHw%VjNokXtKojM@|5X%X#uk z;Cd!0FGh)r7{r-?IZ~t;I4D)@vpBmN)Q(~u+B(UCp;w}k4Df^ZT{?@aGjn@9204d3 z+~vfAOHxf zNW;Aj#}NeiJ8!BCokTh|On@N!_ZFsJI|v!(?(gHusH1~RiMg|pL<%o`Aqa%VjKs#3 z05w0n&86|I&;`6kpFUQD5F4UJE=I9eHE({2;V~RMXM<4%P@TS~MXifg$n*DzaDyQd z2gkwD%3evB$@}yn)|Pl5sL;4wNBWRa-`+_9?lRd+I_^N)xUGfuri43+4E_f-Iu-)s z>gv2uv&(Ky?z}2%M?P4oxv5#SOC8i^WyBivspQqEZc1gmXzzChGZ=$q?kk?7)Ynge#0f7;sy3EPCeG*U2{l#Z z3I8w46dZ=D+V42(UofS`5&2>YQ~j{It0(fUq`r(nk>%!yVSnYP85dXdd(x$t!T7`< zOMcRF1u!N4+s`yY>2Z`4&)E#8qvnzgJYY*XKp-N9${JeAGG$XI1W>@q0o6aHOg5{_ zu1jVw1*@(#YSWC4VwGkN%_G%_*+(53>F6XShYyeMyIt(+9zz&_d;sPlCYK$GsfCXg zZB<|UzRat4#(`#YasF2*pAhd&VZdNv7Cg#X!vAtNSW*Hh1_-RwBjtFGSb2&0u$>=c zqArSVRedWN@2ut3+MEPn@E(9K1dP^WxV-PVnd2z4#Sb+~J&NsRec7F5ahk!Z&Pkf1 zD=zNJTKJD6ZP0RO!=S;C4b7GRQ*7U<;R!w7{$+|kr15$FSswoHxg+g}&8i|4E)TJk zE@j-lpK&`z^CBsBJ-h!t*+yxHKf#UQTx}~G!t2ED{-u|7x6FF?D6{1LmdAulPKChu zWK+doz)RcxzKmyAW0M5y@VHI?DC3Ynxf7{RbKC62;j&k{T^qrslV<~O>FJ%s{a&8) za7W@0XoX1fpv#r3b>=JNPVl~xGvI2D{WN|;dIN%!Cn8H{2T!9v4;Fg1*!;tfjm>?# zJcdacv*AKpb)YA@)!fn~QYbK?A#y#5#((8(cv0w;;c9)N`3oRx#!Kai+C^5ub#blp zk=M;(F&demqNRy04Zw+zs8;~>0|MzKh3l6Wdri`EBUmspE6l)>a39raAhg{mHgxMM z>5$|G7-UL%#$c@uKAg0XceDAd6 z3ag_U+0D)R!xMIgl`#qZ{yd9cuzuo+`YzZwRE_qBmwoEH0Yys)ko~!}SMcOG;S7v0 zS6>F=CDvIm5E>at@T`J=4Xs*5OHfrg6w5e(j>rdFuNU)wbG?Fp)|y>_xSrR@KiVU# z1!6>g<0U3GVdT(kYMxhJl_$HQ$gCLphEmhmgzJdE z<9Zv8^q43O`u5h3IOf(GzvI?)S30Y;6g(%ghd{Z_1Vj*kpH@L@ZDl~#Gk(;S7rdDY z5tI+R41LVJrZWb1j->rpYPR>&v({FugW$gKze!n4ZgjuL@4tH06Y_tPyroADd%R65 z;!+`!!h=`&U+y*LMI^Q8#}l?h_y44RiIWn!{1dr=eiGjPKX_gUCe43$E48BkaHGDp zP-RqGUq3ZD`B7b+IOs>r*T30UF=ok7qVT5(aYF=HUj;<75r6z0_23Q-D=qEQxFInw zFTS8Jzh-9%GYS#@Wt<&7q~+x0kJte={df)T&`nx%#l^?xzWq;b`g?MEy7%X&f0-W8 z%l27(a&of!l)?Ldf^hVZi3ks;VP=MkG>HBi#kjxNQ{g6^qlGH}p*TAI-==>bt)oJK zxKo|?w&8C-Lz^tlNdIo%zWu+F)OZsn8(z>Rx|_Q~rJV65R-`H)xNB@&T-BmAKm4!; zVv_c+*Q9XSvrOTdMa*n?+jhLO;@`mz4lxfwvrkWxjBEa;%Eg!)!@1<;Q#nG(>{?m1 zE)Ir_*>t}W{nc`a&dvBV)n*sg>A2X~ z@iM1%Edw9LCT=GsvfdPiEc|t4WhL3- z^z`)g>(`j~5=g$5#a1WR2WSBz$z`r*W2qxI@k0=j9tX% zsU#%=IKd^!Q=eh94w*CXw?##6pEM48T|=$8w;B6%wSt$mMN^EVQt8b0V9VMXbyYFJ zwiD}C+*-`ePTPnUmaJDD4}_bM8PxTMmb7E!19gjU?rlZz&hramZPCCrcR5MXXKj4! zEcRC7VnIpaY{<}+CU#O}7<844-A1bU8;a$Ld+SVG@U&{k2zr+=#r={De_dU?=diu2 z{*R!2Zxs*!MhfP$amZ}7&dM43DS-=J%%|_3AS~6j&td!gGw$KzR+S&fTvQ2FuEOmz zA-L`e%beO(OV%2}KfgH6t=(5fQgwI}yu7LSwtjNn<%dn_z59NQn&w8!X>dIQXW1Rn z!{yu27D(%6dbYp(uC=*M94KRK^OMEmx)+ycBAu={O~hnnMfVwg8Hl1_okr=77VEcedhVvoz>l=QYV>2gTE<5J1fH-FF61Ve=)xA})=}hbRK04~n&i*Fw;hXP?1z*Rl(Abrb<<<|gsB}+ppH@W+&7nrq zMR();z&~;MZZ*c0mOBZ#Fc058rB7@zc84qY?C*wRzxsHi;M`8X$T#cr2kA$j9|z=0 ztDh{1sx4hoYz$pUF5G_M8|!tt2yhOAMD9eT2S81tH{PZUMpMuQ=`Gx^*xtKXu?cB8 zaMpbGEawd1-qi`Ac}Ekvr%%~q=ti3Jds|5D$aL`@5FJO_K?~%=pMJ?k(CiR5Wm}Ns z8-&_Z(=jvtwjG`p9J1FYw5&c7#uPDG4aSM(jj4Q}zh2^YXq|Ga9kQQxx*ZWv-RFXR zE*1E@h141@?*vUWHQ_moKacQYWP8Ll(E{u_D_KHA{a3eNUUcDVP;6f?Gc4#drVAD$ zT_7WVd@I{Fvaj{hq4sw?z&4i|ulF|ga*ek0Xc2mX)iq61WRaD_c7~f{0ox0nv zH8i7GCPYo7qidg+=HwTLk%9z1mM$DBpofS5RFx;u!ZxE+xh}*(@DMHxGL&Sv=u^G& zywoo($*!!#D;WrG_}!bPd|Z;9v*&TR_9)yA*1Z#zr zKJf*3>ZwjWS#eJDPeeQUcP@UorfEp(N+g+hlC@{V#SC3aT9Qf$IEo#sA4O+Wla!%l zUHZg_f>Gk}iG*99&>TM9`Fddp`Cik@LPxi~&bzzzfK}88VYDdFWDBhTv!kd-D^Tw7 zhF0Rdj3P7B?dm>7$$|=oxo!EjUr!RYx_2Zb(@m!`F|~ro8yb)zBl%BDB$o1{c4CU& z#C|P3^+C-qmCo_7Hf5`AIN!~m@UR`DGiD*1SSfvSXzzugDA*JY!KORCSRQcH59)%x z3wAF*Gg=~2T#u=$s%e1o4Z6*7OmX;fbZ8_G(Tl7`4jSyWV*X6y=!+4UlRMBnoaoCg z>I*^Xd|>Uv6Ci$-FDGR<>_fw#=Mo~2bs6XAHIy1Zdnf2}wl*iq4=ahL-Xi7SqM7bF zHu^(j7#Di*1AgpMaXx~qxwUDryeMF^L7%UkePPc&ahLCRTp9&Y2UAVo@x61rzjz_a zG9q#|`BGNRyMHc%gHnSh)q3gFhQGI(km9vRx#3(2RXx;2ay(FBzky=6XkXEMYPuI3YVkm|LYR`Sva|>8@QBVN23T1B>5iVz zc9VU}k%qs^)!Vnv0z%r%appcNsriBTJ9RZ8G7tpyu?RB}@^PF`(c=Gnds`fBdc*{lET1;}$h`shta>wb_Pua>x8xqG31ajE`EM@2egOj^l; z)ph^WW26vUcvQ8M*QOzAcvIx<{+T^tl9F|>r#|6Y*sHLj{AS~IlUZR^G;vBHS2tFZ zJ}wa#PWQGQg4w4<{Grdda}s_$Cx~YV4Dxe=MHw!-}ttF8pDSiu3$eJ??Qs)|Cs9z=P*aW#H;N z`#T|>E}=Do_6SFlkIEOUf_J4>op6^}N=WygQ?!C&3X54zii5f#J4OaZ#)Fijf%uZp> zwNy`QTb#^ID28SMeo|ZPRM^{APKDtWf!MFJAFB$?=BGbc9*8WU%L05xKk-Ax0z*z| zzogBtz-9D+TNQOU+76*IC03&C%J|#i;bJriZrpDDojf99lgwE2ox#0YB|R-^7kPp4 zSMYVp{tae=*SMIj>Q&zW{&uP|_r)ba**o7qF~B=seFo3bvoLB+Q9~@I2Gh-fHer@l zg{YtDYe#Ex>^{PH_1m{UAzFZ!;T2p_QBxJ0Xb@@0FiZ-TsmSVPLsg(dF8jI|HNAI8 zV<3TCR9u)le%PzLL;JawiP=#}OQSn9GX>J93&Lvun$dmsc9Q&dB6T= z*D$V2g6#a}#7}y_bYeQy1D4eSN?KDbK}9I>B*+3t2EEbxg2P~WDN?CbIapbMQs@rb{tBI{M=Ep-=sJR{pT+6H%efv)>g;4bpoH|!|4`hyhu5ok}h5; z5l6^(Q#x5*=(xeEc}W_pzukIn31%8_I2Gi7$$B3~N8~nNaJO310MnVv&Ki%WvpQbC zvx(feOXula?>K&O{5+UZh?X4TiIgF9^PrJJ>J6Uv58nei{<@+_M$?F`(~e`SJD{@R~-#CI$BCT1%1w0PEM7Z;v$Y^d!AJSq9#S?naosq7*a)M7R>hcYA2~W6CZbyQTC|Y)n~Fg~zK|dRoR;fe zFhya`998eWeXL~2r|sk1#i$Aa_1t%nGOw&oo{lw! z8KK6r^2wgWFQF}n3g}@e9l!fAsx7JKK$y@cV5MEB0{^D58p!ioFdAXhgNNeN1`NNG z_2e?p@^tpwqOP3ML|`d)x@#dC=9DW%p31e1SDX2OEz@`Ij-H=x3 z+m5ovu;$Gt6=DiMDiEGkZjZ~AzhM2v96q3VxeC)Hx;|cb-r6|Y@8UCNDgBb->W@2} zJybnE%l10CNc+`8IHbS3iU2d0kzSXh?u9V9bem`fL;HX@k9YHhlP{J*D9zB6Waly{ znU9K}{LXH!mYnMyzb^4oxO#3kH@i^N#2&bX{X7EI@7j4p&^EGN5lt@5g*JLM9zjx3 z?qMns{~YW%;ll5rysbfHcJ1a?!_Ve$Yi`-jS3F^1vBjp*Y%Uk=G-2ShW6LG^V7FV9 z6=7y;`Zk*1lkjri-+lgQYrZ24vM)`t!VSW#u|}gy^r?qbBUL`UuaWgk$B47$Uzb8q zXt%3xus08vTXl!hNcxrMJrrDk5@@dNUmt zIXcR-Fa4%`V|4z02p81PZiX2yFIZP8U&k_iL4{mDb+CuPxP!0O6qn4;b;c+rO$Hpmy;4u73}F3= z8tn%Jd>^>t28biq(X%}sp8MWznt4OGO?@wLqp4TfLF@t#pn>{cvAzuB)Aw#;OhrJmE^NVY<{mk`AV!~EAGoQu! z3$HJ{nXkO4O6oE<1RQqRE!Q;dxHUvAzAy-;rNvIk@O!9@3fp*4@7ycDTQH+3EOb!T z*A|VOkSwc+ohn8@grc_++TM|;=XGIxML=5^C~)+lT7B)sw{B<1jkc1Rg_+*droI}> zB(0N#Z+q-QqIM6<5gr-nrH3KC=Fjit$npy$?Bod3|*keIZ4(!6<7?g zb0c<3el?Qc%e0*6k@`eWE>v!`DqtcoJ*Lr;)Wg;dBUtJUFD>>GAMc7n?XxxSMvM?T z#;39D@8oh*V6OGQ_N9)>?_ExY!*DcwdH6leG|+Kwx9Fi#tjZ6Qg1&9L2-6)&{w0#X z4y>}ox6hoU)ey&aKi=lnwxcTsQdudHANsuilRbiX?WFLuo zlxx|dm{QR4mYST_B)(DMFm2X0-|QQQc9{km-m@T{oxH}`uvyFtjiHh0U&O?6dX!w9 z>Yz>Au@eFR0zIbNL%xSlCGi{)>1B~SMCxND1_B@1U4zf8$n`YM?FT|~GWHKN~3(-N$fn(ugK)U+nl zw}gEJs-A^~F3M{y7!~Pr>nOrs6%e%k{%_YeJP&Zm3OmuuW2xr)_F z{H&Q>&-`qHwcVY}h-=*{y$+tQ(NNA`y?z<>P5O;*+YT;Rn|OfxP5*Q){Fx#MSsldd zA1Yi;6W(Mbv^(E%lU&;We8rsA-R=NlZOeLkk+Sz1-z%cpOs~u6KKg2{U(wxh)15N? zm%xv_j3d6ZpEQc1avfF=7xpamGmL?fnIdvdkTkM=}*-GXa8NNtwq{GEGklFI{lBo0%M;ghpGB^{Z z`8hi)2;()Y95BL-!8nS&Eu<6l#Z9vr=^-i}(AO39ISxPnBycZGPhQ-tA9k;~$67JA z(@9y}qpnNrik?AfzG!^Hk$oZj6)emajiTo+D3L;*Wh?RhReA{na@6S`W@o zxEO_cT7)R)TOIg!r4Tloe0{N_L5p(J^%GYLJ5Lhr4h+vq9c~SM-4goZhiSr{+zo#E z9dkcvKR-0Hw&tj*d>u@S55FNx=q(N8LjSzv4qZf8j+P{y9IU4Ef<8R)b(yL`VxfR} z(?(X!A+KFmMyisL!87b;`z0R#nb~gq&5o?dl6hc9HB{Tn)k+pUHFF1qSP|Z3_vuGS zzllg_*yG^&DdzVRqOH{|XNIurd8gHbG~RgjAblpv5sqnxOg(%-5EoTLWu-AW&TjgK zt5;Yi2C7DT9R-|&EP4V*ooAXt{VY5%WdVn~veZ#X)^{57I_Fw^s1ORB4wch)=L9A^ zx>1%@m3yX~xng2(w85ixCkhry8^Z6e{BvoX>PoTg1&YAbo}LiQ>ah(S>|+>zkGW+{ zOgRkAj(a2DZCF+51Q}1ZuLbh({ShSoeTF2p(Cn@ynPEmBWPm~{pt>^RmJaA^hYOka zseV=nt$|0YWF+A!Vwp-(+e%VmH_+ThbWlcz*z+9*>|34A&fwJ&f8J#X6O`#z*Ap@M zB`@wV@lk01B+;`FZOOhdooAGK|F-T5iCTo3omr7KM(Gr(-H|_GLsG0UeKk7dIbD3sbtCSv~X?oCfgL&%(D-nJvj8!6{$Ck}i>1FV_!G(>sM-SOZP! zk~8`?o&+Nb7PoTFEQS{qGxvP_UTjF0DU3GD856^Dr$RuaL}IU`r!4)0un_iHM?;}( z@#7Zb`f-1VOifx@d#CWz|rK+U5)uT<; zZCw`wVa}`l#rqW=bwAzisU$kg>KM=I1IdE-os&{7lAXR0r93%a}LlaE;n|US3Wb4e6z)H!YzEE{U(6 z!t>mDH5 z$R`f<%_RIy-=}TTudFBTAx*eI&VwNkpCZdpam)&CvgWQpt{@&BE-5T3eF|h%r3qC{ zS$1Zr5ij0X(&48$xEB{zCn+oGihF2&|GpU1qbXvdS%kR$@)JUQ`(sU_*h}&(=R(p0 zD2z~g-waBh(*tEX9SzaXX#DfI3r^QTK`4nV(b&*YzT;L=1%<|rK9lp1Fek#|yw==r zUt7}A1s+)TZ&eV*gQ7DNgr5rYX5UtiurZ<;I%MA4N zFWK4S7|R>K*@58899&%eqvu%<*I6sx=VQ6~`DcMF-W$0t2;?7}Ljo~~*(_)1B_c`t zd|<1RPEO|x(X$vVt)0E0_|nqSUvB>FmFhIb_V$YH9~|VITd%dIq_CUCW@e5jsOt@_ zx`D@HXe1Sy^#0j3y-~=j!vIClsx7yk_o;XfXM((}oX!4g^s9OhnCg|S7Xr8@mU(O);OXEmB71hNNn{1sS}HI~P-+byaG z^TV|^zTLXgQl>3Bq3h5uFX#~0nq3ZlPPa5SM;ugitXDBFGn4Usgjo|d^@rhYs})lf5+8Tl#q}Z^{i;Wv9#tQb6a&G z1~{YPOrg@F2|}(;w*ZUH*v-KGt5RMZ7_#7>U!u3$bV3{Y4;T82tsd;l4R&;lj0d$N zkuO*`bK%ztoQjr~Z|z!7QGh3HYJ+cxxY8mke2%PIVQXFp92^`7?>+zgPIif)6i5Zc zF}=7b{r<&v7-Kn)1s`x{PcRPB$)Z^nE1)ao`h)WcAv4H$2J1(=&E8N1a$d&(LPoVu z+S+7yq(PF!t3+~FkF5>*S8lHpq;7#O1>Sof4UN&#oig#*494t zY%A5O3jy2b$CLEWy0)!Vz*+PsEF zN0CEG#xNB2!?pSVs}C zok(Bs2atHL;Zxk)iztIz1R8axBIjEo$5Xey1 z_u(|nz~MhZz#w8mSWncp{n6Zo9xrSW;s`x{+5QBfoZ2M5;k){8l9pK`^&8+~$FM77Y! zIV}m43lvNMJbMxJk)B}lbbzX$t?e#%fYuwr2maC4Mv*qwKLNUT0^oW8(4Ww{hv|6w zkUx&#;O+G}!@GBRIXV72BT4MGD?E=FB=-jY;T&|Y=zG;e^$5OW+~83F7RIL)g~nuA z+K@Y^@?@K?cheY{n6~fX$B^|de?GGh}@umyAnc;go&;=p%MmK&+y(cjqsMwFHm+J5HUaU{T)q95l*cxu;*=%WU1By zACOD)ud(0LeJfm#%oF3CLm~ICNi?An!NFro|9~aTdu_e9;Jcv6$vI`an=OAEru#)f zJ-tLPwdK2IGaGBLPkO~fW#;Ue{~oXe)&b{}-QJ!FFbg)XOKaPPrbMX1PVP=_a~^7K7S_J^)5eu zC~qs%ZioT{3jyIZEp1F(oG7qt=K+G{Vbud0`jp3i)laMlj zNA2`Xepg4N0x@**QISK2g3CAOAGrKtNYMDNwg;SDGd!CPOJ654j|v_f`QB=hJ$T9X zXtD@tU{mr-d3f+n7bq6|{P}Hj({Qd#Thhknh__<-eS~j8UO~ZmClZbh+sB3 zL7WhTGXY76ouY!wO4tpS=JUw3U1A#IqnAI0=9&~=_7_aUNxCip0pikutvhv?bs zfIoUtil%JGR80~61cUWBouN%8{xQa_?0e zk0WX-TMYZc@ex#mgSoO5U-;3VgLxbTZf@>Jb_@85y`?%vd^!bV0K%`}aDXhhUoM)Z zd~kW|>+9=%cQJpsP=!QHOxzzuAq#NG(6F%0vWB&v05K7hkif&m6$U5>36K3t1VBr9 zswHa9$7>k?z*ZXep(D6LSB8pJOXz{}wjH<~lj1|XzVCG)5-Rq4lVJh`J>P2+i70aE z0)>oc7#K$Px7Xf)N1V;1LBPPkC@n3mtgikEJanc)KPw~z*oxaa9C0_{;l7ubG3kquNH$+54 zMT^ucD7X3}bAW*o5E7pD5$jjlfd#FttzUd_ruVt|L(RxoBBtl>?|*%{YzMfFT-hY% z2ns$TfBU@dAT=v%%wyvy`@}jF>MMHY zoe~*|CE)pI9q>r~2Jdl6NQPFLoW?}yai|1G0e(LMSgrWSk596EE=f?a$vY<}V}PYS zRbw`RH^Aq0$pj$jM%KeE9iRr2b~C`**E{`?5CDv21tu!fXURdT+3w8?#Ou9XU4BoH zP=0lQK-pKaiQ?fz&nYPt0Afud?#r;0-Tj>jCdpzy-T?3O%#mO)ZKb`VQG4cEJQd8$eqD|WVOlV9 z_i`88`XT!%4tT38K01eFZ6uO=fb(T%1vZ%}F^&t|T^CQ@`*4A^fHwL9ww@(xSbRP; z*4@)%0T7%}lXqIR>)nAE8X6kEnw-qADLxXHS0KG=2KaRCl- z6EJ{Ui|HUhl7?(4Qqt1Y)YN`7l2HhKRO!pL7Rsx841MMtj<;71hDJuG=jV*vuJkFW zU*qEmwCXJTfVfF2oakLLKnZ=|mnM@x#ogWAD;>7_KSQ+JJUK58=FNs;X)#GT23OeY z-H!DD(O&(|iB9ISAq9J%V*$H=X)m$R&>s0*>)9|P5E=w;ZyT#s=-KFj0I{H8lMg<2 zp#W@+a63jZ*ys-AKj}pBzS%3dy1F_67>tT6Go#`A7Yp?^WMiqEJxk4-$KU2kHAOu= zKT!Gnd0x?ahCY(`jxi=2;B>p=86!0lg4!EimxnbIQw54tKxC@ChlpzcL}vlP!R$cD zldq653@meA@2mF+RK8c#WmD9``M&Vft@+_qbV!H;Oen z6cs^H1O-GurNIOwM39tj73pp)Iz$OU0SgpSQo5x}R8YE8q(emNT+_XO@B58$&NyHE zb;kG{WACxIu-1B>XU=)Y7574D+Od86os10LTmMdF0?=p$Acda`OCo_Uzeq2MTiwi|42SDXhoZ!YOwje>^U1 z+?k)3rLueovEl32uPE@Jp#=Y6+TM~Y#KPiv@7`Jxj5aVjyWhRL27UB^i`{sKOrmDq z^@cYz6fed6b$^XC`|aUb?;fyU@av0<7P7WTu{FhNCMG7{fq}1+k{*aNINWP%Q#TEc z6tqM6Y3e6-C^R%Q_s?*=a@!z6h~CG0oA~(ny1KdwAIXYbl9QVpH`CN)7|&lge%^zM zYcTu8FIx`sG*I_@JbJVPkGl<3>*7>3=gAvi?*W9ELeH*kVj>gBAY4&Z#Uv_P(AGqf z<*Nwa!t7s4uZ;Fcamdzjca0k>moZ$aD~ZoT8m*>3wTozVG9se#(KYTw!Ev?QMk@dXy9V!4ZJMgG) znV8&YPGLqt`|8yz^WPIXQI5k$DdewS4d*pu*tM&)(eUJ6vNJk5I+z0tjE$ur&gZx6 z+qnC<`ZMFkgcw~QMZ^wqt2KR#`->M$R%SX_W7?7+uP1!#u%oY1B~ z5OZB0!{ZEfvhHu|A6lS?k*0rW-Rzkhc&F&`aQbwG(d zF*9?rAOYD5dyW}Ti-qO&cH!_aPmMJOf5SP`H}$pY6Y=M-#on$cSv~#WiXP3=%m>x( zg(*g((h|H~0}9;ivb&ATsAu%m-Ribi*QfgF>+j*BEBfOWJx6_i;B$JMOI)v}bcIpR z6;4h1?%Gd!;koI25z#C4tK)A*?R|ZtKK7}IOLobvXGV2VF_#`48Cac&izO))TXK3y zIw2uJXtv?%+O=zg`7{+26ymH%kk)cr3ctg3G6J?E5_i{cId;pevBxrsbB_H8Gjn%O&z+ncLEw&b{$f@|jN7;CMvZ=W z_wT_O-(+o>q%T3utGOZ+I-NX!_|+bJHv^$x>7mv)W*5wBLW<)0`gSMxsvObbnzz0w zXZbPINq|4qQG9Q=#e5%agi5k-$kOXnMB$8jJG;fY3fqmAAL+At87fQeupxDT;Hi5^{=TtsTmDX>*?$3n-4b}1r~H8s$!jw zZzeFg2+upK*REfm;y8Pgn}-MZggzc58o^M9fL7BSf7F2pCRYY#{@lKO`&N5)$k5RB z&6_v>{_#4x=ISh-R>XPFtu))Vx!=FPZoi;yAD(Jl(88)}dASkAZX_Z-G<9btUkR_j zy9$mYbMq6(qzEdEEG#Uju_R|%XGfYJb#-aKc=@ujx>^tUO_~0j@d>)$a|J84xb)=o z^s>^@b$5%d7&Km06?++ktz-G)EA!ry*WF*gW(f}uzjyzBP(%bA^lOH`#!&ujOl0BY z3`8dEa2VW=_MHOfrlhko`t05H$tWNE#Psfuhet;42WYGOO|UW5NEY3$l&$S)`~^X6 z(Q)?l^<79ctW_y+6~+hR{F=uZG&Cq4 z&)cst2~1)dPrB4=d#iY&bJ3i%Yj;2I>XJ-j!j}Cwf$hKvxnzr@<)P9D*c?VQ)tPC-({1*3aBuNpS$6+3x z`rM_wxenvyB?mM*s=4-D1m9_GeS(M=LbqOB=@#j4(<1NxxXGAed-nqKt`omTDMudH zzlc5m7t5rXZ+-L2vs8=nJk7n*{@xz@HQB>tr(C#jGpInH=J)h-soZ5%cD)7r2J3&& z2_`o-x90AD2`Ty6<%h!mI{)N_75*hd8kmm#%RAkqq5b!#XO9A>V@yYnZbERo8??04+|<<7-F-VGB*dY) z_US@Of;cu%Lg0OH4T_CLb&-OesC9wEezWl@h(xskCg{wWGwu%IQ!2B;gTsnSuBeC2 zEiFHO`joK#(85A>T^$SR1T!69n@a|RlLDC*UtZ|>h35gnaK-Jo3A+?=H#8~k4{ z-?F|~M)h9Xt&x!t$=ToSHCdcL9dQYLe}+uY`S&3d_Q$>*Qd3YU@u6iS+4LrBN__DvGCq=Ru={6mm>7Z1EEy7M3XcJ3uFT#>eYW0;AV?^H49I#D{s~d8ysE zrw8j^YZbVzUAOMb8@WRW?-!Mnl;TEF7>9EkY@Qwd_7ZrJ^Y3oY0UJ3vxf!@lsi~=v z!T2qD?m4uhES#L3jUfeMYer&&1+Q604Ph$4oKH+o_oDqL-3m&9(3W2yC1Oy9Vlk&G z4h24ljNEd@*;#1Kda6Q{lE4!tsyPc3F5XP2st7vdFp^xJ2~O;KQ_?{m!x~nr9CY+w zfIGCcx0A9yC@5&a25IZ1PO-=DKYzGg{#Z{>J$*_KsLR*Wa|7U@qqE)nwM%_y36YEy z=o%apN8^q{5&i#0Kxn1~OTR2VznQjt@ZQC74L>d~XLM87ZAV>%OeI4;*eq{0)FCS{ zkQ%U4F&c}cq@?(&Zy_~Lcmr{4EX()Xbqx(w41IaIiHb@e7em0M^;`CyxYcyx+K20_ zf;*2_-3$Zp#xvgd;v(f%MiKRH8_m-L?%cVJz)^7PXZo#
    Mp@+2UJRowu%kDLAdR-+-dKyPNzz zAi|*V@JayIYBzK2IvhMv!dd*8x#7AvDNfo4lr$&8rK$Fv_9I0LIt4taa&Y z5W!u$N4x&{GrGk#+g6hc7cX}A^(ioQRIlWtUP5)N2VkFc4xrHk zru}(4o*~KsJfB2MJxzkfF&4$}@@lTJ){MZVg}G@^aH*)Wwzs0j=EgB3n5V9;?nbON z0w5sBWYczmU7VUVI9z)qUXQFSy$Bgb}NF_PcP1Gt5fePoy$L7~8HI`sPU){HJEMs!w9%+2u*QXb&t4Qpyr zi8y&fw_^ZZ+`W7EPT(1MQ0+N){rYw99@bN*LJpqy*hWWJaeK{%gv>fnv6E9%x+PvT z_6`o=lxcVFtWGy+74zJ>pHA5EB#>8nLECpVnZ3QeS>VeuQDbh}vW1z0!+&wnIo-5f z63gi@^xSje*Dpi-XUr7Bus9%FK%p;jAW)A+H0~F1rc+i{CTKRm1hb~ym-6%T2XtqE z7J~zu?z&5DIT&e&)hq~h+^P@l3W(xYZY#@F3__0)<#z1bCq*EfZ*OUVqcO3v4!yPf zyEl6|+jndvm?p|t^q~e{UtKcj*zo}) z8=ne0?Q#d)!~=T1CBsY>#jic?B7wh*gd9X%Jlo`q3_|Df%Kj#Z^Q~L#psPWHXNx(m zUWMJ@`Tjiz0jzMAkB5}wqv~@Vti=52&Y}<@$Rz4kH1iRKg=df}y%5`Q(*UxX+pea% zE;+_ZhZA58kl{<^L``Ks=F_J`F+r9`uZ(JBbo57OfoPuNtnO$_8gn}3)~&HPxKxZH z^oZb5u77S!XMr@bJMu zZ@?cRVPPpM4JZAN=F@Ol9nCf=Y0|IX|%^5vSB27nb)_l=07Z(>FKmV6kmv+2+ z|2_*`boJ;uV+5gqfPl>G?4IFaNkhXUP;B4`;2{TwgwXC6us*=X<~uVpvwcA`*Pg)n zh%smJT%_6>ZvZ7j?9a-|YO}27AnT?W`qQTgeFJ4)Qql=5Tp(I4O-)U}#lgd~)RdHm z4jiDsRs%3`9kDt*D?8#TBv2BwnOwX^iZq;@iQ9``9hZ`jcm}*R_1|t=>D`VBs*~e<;Ii9hQ^+7L2f!wkyv0zyMi&fs(7zS!SwaiF+ z2K^$yLAGRe;NFOS5n5`hs@+Ik*48J1ziZ=SZnbP zA@7HsGHrW2G&HommHEh#P_G|>z{$~kQUcdmUwHi__w~=u;(dB=^7HYL%?Mpf+$R4j z-{f3dIn5mQpLEJjk-WyPoIHE|PnvZ+h4APLb_U8n@x}y=EbAW+9rg(d3KB>b*MnS8 zQ&Yp;+TFi!$k)fGiYz6ynp!J2%d4u&%7e_zrHe7!ckYfenD5PdjPvqX`Uo(&IP|gJ z{ad$g9ndKX>mL|EadUORLeOTo1c8bqDy%VKx|lm!haWz9Vtm{qH8oYLM(LV@!o7k5 zH}6p^OG~eSfFp+wuVpnI$CE#9(-vPDhl)!fa4*MdG`^JpL$Rp@Y=+^&4OST2Faq2P zdsmXftSRYvmdfoOvu{7Y#TzYmW#9aEY>Z&c48m1Nn$$Zx8x<5&JLiA@-nMgRNucPm z%1sS0M5xGm&~*~MlMr+;C8ec01_p}EgC0FXv9DeQtAsv%Dy^-p9o`xiA}%T_n!mE_ zG;RFyiv*q#$|pjO(Tlo1MS9pHE-vmt&1l*&c5SLDN$0%0ynID%ZD~gb1FLHt_U$JZVS;-hXn|;YhO98q4>iC6V8qW6%wu%f<24i-a1^g4 zOdHmYGoHHD^g!6@7Yc3%94}NmN9EQ=A$&A6D1g53N=rM1(3#W2RozY;RDuF!+=8XJ?+%+yDy7cc9BZems|ctNG)? zctIcv2!#2?LD7}xZ{BQVWMl+XR>P(6E$=2yRTt48p;&_SA{B}(WMFZ~D{9LZpw*I) zkzvL~Ldg)Rh zbm$Pjc~>FrxYo?X!~s@TFE=QzptVK&BW-S;H1ASCfAz|hZRLTCgd`}wesT(m#PCL8 z@JwjAyih)4Ns93zEhNorV@pAbK}P7pd^z(gz*U-lnym_9YfdxXefI3xm`@s-Id9%* zv@|zkzn0EV4+2xA)f|jY>^H11Gf-7g*|u$4A^MxC10VfKfCc zFHe|(fq^;Q7@f3^j!s{Hzs||MQqolbszj#w_tVqYn8ak`Z!M2&WfSW}1RoY(asj(Wj>eIXJf5EhKf-#lDJQ%F zd^KRAuA%YcTl{XK*C1lia=UQQKG<6QI0fZI+W%thJ<4jg#akPU^%RTY&AY)O9CMLxVqW)IaP+R=JIxscVVWLYvp ztU1srhnzB&zhFwjFk)UQ5`ko`{52YobD%_vAs3uSlY^iii!M6G=bDz5R>Ub|B4Aa` zFxBwx4#H+HDJe-JJc4n!%3m}3ZjPm!jhQ%rGCRq~IOtDdfIRo?jf*l_9C z?Q_(w^Zj8!EK(GnTcvt|FhukkXmsmuQ!a~6{0k<@`p*GfZ1{i}AI{>3$Cv5gAw`r( z1uvi6w7o(TG)!u?U*ny1h)x!Eb}X!{Z(`4H$8W@){-(KBv+jC5kyhZJ*lR3jGgZ}P zw<^6;v1l)U!x8+l1&8dXhwy4L_v=;c4Zb(Xo~Uj({u}y>`_A+k%e%i$tY=RAm1* z(CU9*`u{l~Xi2sJ_41cFZ|CHrF#@s&3GU`b17(GF&$h&ft>-T!0NE|%JRM^`(W~^$ zVKV`!=Y5A}tN|SdJ#qKA`;X}Ue~B(jq;>322}0crb;hMjN2B=4K&PQ&?(OcjP%KYQ zNX)5qO!R>!|2P701l9poctVb2OR{( zHd@+?sG6QXe~xlmT`{nWEiqUAX7dhNp|egcljYBBWI z_dvGG3eWCDUC`9r{LNb8pHJCMJ_Wx?5y5K~P*70dfX}JL6?LPvxaZ;V6>%|MU<@rX za@Wyhc9bX$-0skA;BdGpUVK)mj|9{6RySKySpXfL5OAc@>S{_(PMPw*GXL<3d1Q;iz8F(k}k)4P1oSsNua@ z7>bH$rT5p8jp`WCTZ@6pN1sO8ypqY(loW!cdinXiLjC5q_mmHw8N}&VNv?ocYU7qI z{lH)hh8yArmQWARgP9>h10>m!%1ZAqFU7B-Z{@CYnCLo79#f_M3oy%Va5u1P=048M z zc;O`QPfX+lCbUKyn(GVV;ygCP3J`ZyB5tFWT6X~ID4IiJ6X>r)1(g0l?7Bc|ku;5> zHXNw~JdzYpSqkLp?(b@59BJb*QenWwHW0NS$Q|UzmfW$xK|en~eWX}eC2j*_vj9o_ zDO$7+f_}991J6AfUZB-y4iGl)I)hvwi4Gq0P8Za|@~i$KHqLC>c{^-;Hb;nkCh)lI zE~|NwqWH;Ag5xJ}#U!l)yK_)nV1Nn*!C4RWCqC@P=V!P1^8vK%J$=h7Bt$W83CTkY z6^l8zGb9us8`?TLXNma0<_>vu;5Tb{Oz!b0^tF_LDvYo&;W}TOTDgp+`EIx&` zCOz%4Tfk_P)7W!7w~&B!KAxGN7NgO^)?*`qB~G~MMxq$aywlqtr`1TQGT@yhh1MfV z-33nH)zfnhAAt~1tbIbEdLC*SG;7?QbLcJwiAE1iIzK=EA_N5JG1MpdupbW{IpTrJ z>(1S~H`=pLQ9wfj;xwYub>V%RW)6OUWkLO?56&Ew-m4m;MI`qCoL0iQ=;$1TQ0w&E z<4_i6=KHwJX}oiNriC7msr6?}O^-v2!a8e)`WbL8fJWt9!@rlGmG!Nu>!08K zQS=9re@xr6vHllvLvQo8K`_sS^{iR@r*tR zyx)4Si7t3o_|JwpU$~c+X5-CJ^w!a|%O4$9F(TX$v^z4MenjrTe!i+~j1 zQE1e6tA~KNrbGb;Y(=a7AJ?B(@I)B>R)V-O@iMyn+L6V-Xz(Ay-mBrb{{>@dAZqvA zN2sOq?qyj|g~6lb?)o@;zAQ7G+JDDO;au8fDpGaej~mC{f8Lns{{!{;>RR*;5?%~8 zQhU}uDXQGW;F=lx5~bEPF~ZzR*i?V=*e|GEAKMc>J?N%2*hNw7@lEAAWSI+ZHUWRsSA7FAbGRu{#rwKOXE~h5!GQn*nC-%_o28E{d(YcSDr_&crety5-k=Gq0-gSF}sk$F74WF~`AnQ=# zRr2?pYRqZ7Mzoln{TxnqF7ouU*P&VPq3+_BU1&1)AE_W zw_s3Oy3|phVPkADuH_&k^vtZY=S8BK*2HX{g#`kJ!au*|uz52KDVn4ARx7}(rdKOz`)SCi+Pd?2zIseJ0zgDl)kg2@uV(LKHhhwb? z+@>CF%Kfv;?evt@1{DRLcz#C@vbBw^D3zoRdA{1WQ?b?wdsWBIIo;xo|E>7R(U77!Bi zpmSm8Fq2+VMP7zB)nOpqC@HUOfs>>!bSoP-ZhX@-bTh-a@~2(S*Q~s(HU4=voV6in z?5#Ro=8{cXProz$Nc|FYWKngsFZ^x_j?q==fxes8(QmHRY1*HlEHvP0yu+dEGOt*B zzvd6VgwnM1QRB*baDgBKAXizrS^RE4G@VgNG3-i8pEJ2m8Y?X#Ur$awV)1n|HH;J} za$i*{90ATX!}h$#-LdA>4QOD11MJ~7r3b%YFws@S+tYx882U0Hcrn~$E@}fW1X_8F zBEBhYU^YkNMuSzd5{=3xwe(xvz##IEQl4=~+)lCVuZnMZoicie`?>qLZH(gEjeb%` zpIJ$X-+IT9a4a<5=Do?nwW%2}hFznh@0pT>!~;VMK3!*b{p@7VcdOa5S2tVk^ey+> zYm5a@e#RN{&iu>=1NbG)Soz#}U(YgsM$xEK#@`<|QUgLq^Ry<(xbZl8vhx6u!l8?c zbIS&~@x}`+8YvnmP+Qu=%t+dK0#YHEBDaRh_KEjdDiiFUPjnORx2~pBYdHoc2aN2H5=yF zTsZ7;`)b`}MeFX&$5$3dSoLUfQ-z{(G=-#Als_dq4vrU3|BC)(_?t;-Wd8wtHe0EWZTJkcG=}Yrn;KE>kQm<(T3WK3%h@unrEl3%P*XNytsM#w-IfB zTCNazw@()bCll-RRQ9OnzRO)?(c(T~p?TO&TA=tY&qsdevANuPrG3*AYP*N<`td|* zR^GC!yDc5e#rW(Bc2?c7DWIN?A8H9Rk$FB|{k#oN!K(3aaKwibr|K)7{TOWiZM>dB zc*Vk_DfrwozRt*~tp`~Oyh4g@2=UA@$>#1pi$^dy+;iP>itVvY5*2bI+gx>M?&=-& zVI`l9r&ObsyO=8Xcx>m=G`&iGT|w7k!TE;H&T;m@!J<9gGtSFYR^JaNjhY`>(&85% z-(5HL?fcGYt^m)$sn74s$DUe;dQUTX%W~wtZ3+Yyj3Udzj{hpCn3EAS6B*bLzhh&BbLjI#&*X&*yD0QJvd`#d-yR$g zo2m?~e477zL4+bFz-V$}gfd3=-J7M5*&Jo1k;W%1tYee7k$pfX^ie1SN&{&RlCc{; z0R10dWBN_!jBsQyJt7<(F(_lYhYwv>B3XZqa~58e6)pujb{UW!Arl;6jUq%o4saig zn7yd$PcimRbQcq5fM}NBcMWdxVMx5vo^2hMWrZ2yZ4|uLx{tvzk^=y4L9yHR=+UD> z5Lgj17^MLhykmxSQKSkm>lna+JB+l9s$w;FNETkp`-V##N{657z7! zF3~2^M}+GO|1_^U97{XZmh0Q*qBfbmdr+J^({o>RZo}h1H;JCSkV$sOWQ+Ub#s<^Z zG#S3v-YhFl<(z16nazBu(Y|?lWitD4#P24q@p-XZ%N%#1vD4`lES(qK8By%Ha{Yqo zSsFbfPo9y>$`OBBLVON!C%fP0JbC0$YhkL@p&y@XZjWUMggT8nT{cX%bUG%bX?o|; zOWH@Gem$NpKR%f1QlHU$?u{$5FjL;W-r6QhH{ivi&GU=jj%4zwOn$t>n%@-sG4<|G z#bX6nZ-7JfST*iOx8$SYCDv;?Yj253TdsN}>T@#Dsn?gzbTX|s@AZ;ODv$pjt+J^f z)iUlqocI>Rn-{Ky23f4w5xK9@%EB(Dp6T$3qKjkWV?GdLa@GX)qrZW$@7@%08z#>H7KYS~6^7 z$PB0MKd2CLeZ0T${%>c^$Bd;dyiX=)t=-04M(M4hjU{|NZ1`Nb66Ghu8kegU+83-w zLKNkqdU|^7!I}O>%V=R~+4Du5u^;J$7|sc4iXQC?3TVp=CzyMrH0#S5cQ7*6K_)E? z+#hr^Zz9_`ju(*Od9bdRWMukpZ(txOFv!nsyLOeGrxq^3u>u^?Rml>q4^$tD7GdYb z$#OCj{+&k7F5jxt5pPdg>QCM~0lUlvu~5zNp4E|p#U>fI^OpPr6SJ+ysK5i%%K_Zo zVt(F-fNpCZL`T={w`)5K;rp>RSIoO0M);ZGZbV*Tbc#nZUM3F&R-Z4L|XzM zi4M+_GZGIFDIz|ZKo)%%9AE$W?SSePRz5M{UF=^z=PlLwiU& z3-=G#c)hGf2Is?%iiF#*4=FxvR2E+_KU#iWq~nQ{-lT2Dz>fts<%+Z$x`D5)ES?gF zkz0Y(8*7?OlH8R}yfQBTA|1szFkA35_4QTXp2b%Nd-=CLtX+|rDE{7ZC&(^q`b*1& z6iZ*Hg9~;Ru~G4-X4T(M&ZX&H;Z=T0&wit|fgvMXsU&9Cb{gd~hs@OeEGCW$a}_>P zEQ-5V-ftzf^wnXR2OI%96EcLMT3xI8SGTrN1zEe*`Co-&#CE>j($o-3;? zdT1*%dZYQxR?j+v9St2nd?rKp=<$yxrW81ZSi}f{&X$MX3yjH+=2RB2{y7Pwpj)Z{ zWZi)r08}e<*sB$O&+XQRfYsiK^nWsE&QO3UDF;!2Yv>spyDTkDMS8e}g(s~ekSM68 z-`azImd!$Ie#O2GI?ps?UkJPP^>>QybZtCNC%pH_W%j5|K%M)JSYX4W z>golxj<%UN%`y5PdZw7R(W_UlLTu&^{kqZyW@6hRySfaYsuXteDYi;|X=h2q95&oe2&nqsd zOCA)ip5N73TnWd>Ay>CQR9fX_tIGvK5r~G`zj*gitw9~};E_?^b0;DDAyd1rsebm^ z%gahxg0#Dtjb2Qdzc;?0*FN4Eyx`dM;DM4?4E!8BoVc}|(7gtQbWp2IF<`f!n zLmyjDAjA5dwOJEmmY~|Bh#R?69xFsW0mM{!>`$=tntXt7nv@MY_-1S|p# z(q!k#a#)zAqc@Z^5uSC*hB=UdMR*#MAp;P$)IU4>qto99ZoqH|9ZsJv$k+no3cw%9 z{jF71n*mrNir-AwxHc)t{n@jg=%MQ>A2#md^e9=`B3xJJ$(hf(you`GVANfjLxp2i zqw2u?kFu zE04{-Ym1VEjWJsK#+|&#b(|c2$Lv}&8_u;om6ZJ)6ry}V$&_a7@^=KxuY{r%mRayF_L=L;S`s4ID{nalU_Nn|;<1F9p@mDd-u2A%&bJ2EFMO$j@NF~6ei z8PiwnPHVJEJ8og7;T&NI5P+{zJe;PGRKEq8aNuzgnsc7}?FYXvSeQQN4k!NQ{SjoxrF}(mog+XMq z*|`|BmWNje4Y);@7$u%8s{R&%M#+*%D5FNtFdWRT~bOxdYj24?~r*%L`r<6omBu{8*GLS^Uy+_1lXt!_PaCi*dm7JF8}!ny`7Gckta?7q@VEaXu2)gV1UC8%#rBm=s@=z zs_KPbOC%Csme*6BcVi6qCQ)qmKLYDxw~C6XH}#C@Slxkw&n3SOg_x{Z5*6+|z6RXLe1fm0)h3rr&+m+>O5UnuDHsw z7%7cQ91=PnjSb6|{yJsF`m~#^(L&EcR?4)`#=z>qhWkCwt=HW@f()4SEYtIP?WYft zwA>-JNZAxg8L5YlWKrBr?pZ8IWr{LTyLw_(RKj;UD&nXlh|Uy4CcgD01}a zvD{xdW_E_{9oD)JDJ!ekdi?A3_?#2?5@BNc?a(qYF8-6pNM`lqjnY!x^PFm~{85!L zPnkkZFCDd5J~U|M<;8h`EyK$|?ctB+bj$NQ*s^6uQl4$S?3^l0t0!lX?AUY8!lG|X zzx4g`FZM;PCq7=BU6Hht3NOaEetvHWLV=skSXrWdFGlU5gFHeOgNp$z>B zR@5>h&UxX)oyrSAo0zt5ZklRk_K_|y3k$t*famq^+MiZAJdBC5Ov0@aj_Em-c?H*XC*Gy9q(!3KU{B=s~e|Pv?c~d-7luXvdf3yIyuVte#Vu=d^o$jF_FRVZgEZKq1jDby7vpE-k%(2h|GZd~GBkG*DxxrON8->lfWh zwR|G?`|VldH21OS?g>-%%BX@@hwXoIOw4(97a!z%9KYO)LoHuxDnZlqQkqIxx{olBrdM6@k7m)vsMccM@%{PdS|`7bS*1HEkfyW>;P|u^rIS=Qh)U; ztK`m{xnI4sR8+k1Xxlp4q_Ks0```8z!bYE*KN%Q4u6xSE15jG}DPItT+1pXXgD&&- z^D99phXCNqv$Jd9nu3EX7MMM8$r7JGnTE17t9-LDp%&vO&O`PY`s0#a-@t`zwd#j$ z6180+azX4Zbmh}&^b%R~D=Z?755GFtj9iLM%#}7D=jLlMa&0diVW01>JA5tBOMkp_ zXUBN=sxxQQc%Rb0vp>rEuu)W?Hoi_!Zt#X6{U}FxTjH&Oddg1zPo-X?yCg&iuNrNm6Ic*> z-zi)a%_9Fs?%={E$MGWXN=b=roMJ!+xx^rkrhZUOd@H;^ z%C6^S;tQ_5-35ulrBk(&*3RSlp(Y!+U;lE=<%_U=DJ!3nc`8ryQ~R3=m@4ft{bNk+ zb)!^5lZx7B+nGyZZVtD(?PRuW8N2FH|0U!4lIh{QhLJBn)!WA2c$g*k?hP}~h7hA} z4?btl{YHa9`muQ$rPl+oXK*GoB>4cUHzwH0-oS8!QBJZem4 znyYLxLz7}hhiYyl=Cx+ZXIaybUomEUT2}S-j{N0j@iZ*Yo`$%ccMX>=Mqe^Ym9EcM zyWHBj^eZn%&yBvbo``6`P!bsh>dU64rq3YHD8TGifdm8c(e3iH{XMc7ny(%(B@Ygs zXSHi&RlZ!_*=A{O{@1?^t39-^&|9B|B3X@(`hKPF`Ykvrnf5eCWbXLTt`yX0yMK%4 z(K~ExVa(H`xXM4WO6Yv_TVB9=ii=3;wgK8M%zRXZ~30}U~saxn* z@Y_N1V8`Ip1CKg>*+d%UKdHZ zpI_Kv_EIBU`5s&MOF};+7D*Y^PJqXr9$5rOFNABM_I=W)P{~FRB(+KZZnCb*ZJ2&d(C1k3WaVJn#M;r=-slXQ-iY1oo z*X+A+So8-SV%I|!$$!mjHC|(z;0nPXu0#L*cMt#dp7Fdm{EyA7#Eik;j~G&InJ{I6c=_5bVx{*V4O8=Ztj+`Plv@gG0JWrO~z zX}lhLo|9R9aL!vpbBEa9r%F?Kx&GggNHrA&0-JAXopo&`6lxcAYsxa2Rp_F~#4e+|^UuM{r_xDG5?R*9a#1v@o&qzUJ zG7Jm}6kh)R2GAs9e9CUidvobvlkpS9CLIZpEGx~u`}Z$NjM57`lA$jBTo-N3pt&Gq zC-GnW8c|(OMRx`&KbQ*0#4c#oplGX2F{s9O5@G5Vhzs@QwHyxeL-l7VKLRrqhhGNT z0*;X@7nZp|Yd^*W8qgDlaPgBtGrM+)L4r)&`)^c|b#*)+6CbODtn46=Bz>F<_<~nK zjjUA>i}@*09Iq3IeP5UoKt)b3RIemfdIgD1D>VzcW*;h9s#VG7P2}rG7wgzpu}X~ie8J+mQx3&RTSPT97R{a zs+P_Uy@n2%um_NW$8Jm=^lkZzi@sjIzAy0*Fdcvp_E4ijt-T2Ai60%;9YUf5Vx*rWAG4TiP#AzEIG z$)1almz0D5fp~2Y`doJP%m?IgD!s3AU$ur+HRUk09|welo?_BqJ&b9vxg@8g9CJ5Q zXHdjA6}T#E)BX2QttU1icu$UA`@l*(0B|V7Exh&RmkNwoBdQzeQ4FGdLdFO{Vqw)) zxC)=(1LB3+MrK-B7iFsIQx<34oM^a9l@Z zB1%AguOefQ7JpB!-LRn^rw+~$%eFB)%uIqK5LSPbpci*5Mr~Ue{_)I?j8y{Jl?u@W zdo&}48DcYR-@8|mjH=-^i;5dT=9?L94a0z(6v&Ms@FY`dAgBfBEYpVE26sI$plWP7 zKoNb|3miiU-hEF5E9 zl?)9o1oj!{hBxI-e58bOlGupgzq<$N0ujhk;2;oT)mue2Vh@5+tT{<%4YptJ%RrGA zve6=B>%)3+&R6S#Wuon93(-G;J0$}gX=rKhLrnyTEOti|05m-llUmf8WM=}uDuSLF zn%E~TmtLT;!js|pyG32tnq$X_t7Bnj_uI}anS{Xz6#0LK*)T-59ON%6wge6fGjwKPT{a^m z;IQ#KOuf3X`JK=_ghy_5Cbw{E77=QtBLzYjgdK6Z*AtZ)l&~Re%AX!mbYNhC5BxP~ zUxDAb+DvY$id}5Au#nJo*krIdKGxOM&CG)o zsxG>_VIEquEQjgX9~4`!#7gfurtn5PLTq4k)E|x@1nEKSAz~APG$fQ$>l30h*Is{| z^ti%>BM+l-+$Uhp0&5E$axfU(3Al|6vG|d-2P?im!>rQ~vduFC z)^A~(+AX%50wM1;u6z+|hn-E@1)rTqSD%TI3?UC0LbrD?^I_fu@v1>Zf*E2|6mWc~ zXPTeAT6J-G6+~`y{FaBwa0`fkz|rl2QW}1Q$1xrFrdiB$=>Ddx6?6T|3o>?zPu?-W#Bo1>k#H_Y6NCK_Q2E1%R(g5SjeHTz>_Zr8ATSgvx^;SH3*n z?E&6gK1ILsR;$YW&9q7B>4q32MJAa+%aFDxd?=C z*xdY(5_iKrg!v;C)S`<-x6WtLLxfhb__W}oS3RH^V`_A%xRDcxY=_E~%x^%nzWM!K zC6F_Qv1ZPkh`GZ~^SYRU1glh1N;a8X^$lPH{ff4#VoPP}9@dxYi z1*?9m-%gYj+KxMDP`@N<72KhcyTEXl)C9;J*w!8Zzd?!+0tXYE4oc+-US%GamVsMn zjy?uKaRc-TI#Yd>ME09wXIAfWXD;GE{PNuW%~|tRuO9S&@XyN0A-a#{#c5g6 zpSr@5rXC$XPy(at%s3+dbx9G%Ukn8}WVrHG+Io7^Ne87wxO{&+dyq9bJJv2(y(8ST zE%WTPYkQ#>C1Z+ZM?*NZqTq5&wd|K9sQ{;=2|>DdtJ{ltN zmlwRZs}7TIN`^qY8$Lh4^x(fr>+2sOiNUB>f%rj`T!;kf2WJmoMTJCy0>&jlhgUu` zk0?SaG+2r-1d1H!D3@QVt}9D+MED4QC?bC^QrmsHJg+__Ao`HJqFBEJvFGI|A#ZFz zq3&@81t8{C?cdBC=S+J5`?6%3b9}z2X6ODB8Uk_9^tV>C5A@`YzbNgpKv}dUB3LuVxL-$EeCG?1#&6@7J!79 zFa5E>^eD^)>cQJNXlCGUa2dL|Wds-ED~5A1PCjPyshbVj*cgDojrN3m^2dS-rkao? z2j3nuI<-mn^r71nkRv}wMu@#PPUfs&`;&pg4G9|i+_9n5(+rG^$`RG2sh=KIPN0YC zvnr$M;^u33`;D77_dGGn*Fk}ZCHS20;slRaiu9;D9we42_Qng0+`^;TfW!g)BB5{K zV0fkwCx8DN?Sbiz0>HSK78up9vk9j6J}~tqI61CMf8<_C(2%L9z<$VZVoZxA6YY?x zcj?YBJye5K6K?AuL?jwUMp;}4-O20Q@KHP2l>AUk!gufy>TANvVu&~mYCQ6ZSQI1U zI+#F!p^?@Aih=zI!SGqH#`k1Dhu#rIbocPE4-6o%?;|F@QH=lVFN8n(DAa>5pfo}Z z>pa=Afi&mD8G&+x)PUGD=-7#o7mgLx6#Y%`guX(3nwgUWvRe&ku$ZLeW~}FHR2cKi z8r8*F3$&Yvu?^hUTwB>S%%wr1CsI;;GUiCpqV64TOe8#U4K}+BwP2Mm+^hMEQ&O{;Ph z>sGMo&)G3o`5-R|Q_LGB5y$8fLsSR)ka8OF*N<#xd3z`H!v5f8KYbQN#GFR zxsqvK*O9ArJdZF}L1cmr$hpMi2+p<`qcw?xGDvR$cK~(6 z3-F!PX^UtD&f&}-)yST4`MF=new#ZQgTd_4f;qLr1!yQBq`!>%Getu|*lk$|)*|a4 zU+*Ik_h;AU%mpp%r^Ka|BTKv2>=9FZtMD901)Ff-`JWWj)evr9xN_z5c@9q5SY!q= z%o9>R?4~*;5!Xd~G%?8BROpzr@qp2rLntUr1{$`E5knM0%);FGYrK&7_g~(2%`v0;R*>u_yPe; zb6H2`Y@m+lN1=cbR9}EPXLR^<$_YL3>vHZ2tJr6Q7~wC8uoJx>L7#Si3A$F z&PyyG87e+Eve1c#OgyqgU!G;zPlt(EYr-71rT+G9Ls760ny8+Y;?9(n0i5IC`36VP z2O}A*Q^bOt5}o%>3vMS9jq*F)gCzgMY{T;y4`b7|d}P zGX{_ffkI%f@Jz+=t}Dj4Rv4~?6;^KyciRTrybQJ->bzJ)kwA{4EtsYOVygQ*X91oz zRPv0E*D?rLZ>(_IZf{pGj=6>qv{X11GG!&f?1B3E66!;lXav|TQq{S#ce0%r9X=;( z!x9H&0BH!wms;SvE--$}`HhG|qGlv|M3IJ+DSb$9wIN+2y&tM8L$*L)-(DQBU=FoV zv^8Xg-jT~s$#%vRRG3q4BVeNOCS9#PhS|VfUQ}Ajtfoe~KVT#jM6yE?bbl2shNp$v zlX8Nzt9Y+Xs1_g=C9~1_e;s_CK9-JKBlZRubx@G`?c)u=K9R#%@ciXJ#%L}I(d{5g zbfHQ%fNn?imkh)eXsU)VqYmfD0DUey#qyBU z{p9o(6vCJyv0A93w|E7T5A6!4Nx1eo^or0W?^lc;upqprd`-sRKFwYqN|5f1y zD`Yc6t7CY>34jOzAuzt+Dek17Ki!GT_wWhPhq*|o!~;Uc&tk=i5{c9$h+F_LCLsHh z&$2WCEp!`mT+o1&q4r#X?-#l~Y9y*q4mC0Kl`y?ZF8|Q5^bO$3HVe9gjLwBou(M&fw-7>7V^3mNJw41EH2V^n7V?I5XlV=Nq0j=)li zK%R%iwBtOSKn$r@%m=WNg4rWf>(`(f$AIvC;I`VVmM}FT_E8}$Kirmm640yoKw5|k z#{gqujRYv|fgC`@AP9jeN7E5CFdJ74#Z)QC+WW9~A5FlN%c+K|vf-{Qq?AXJ$IN25 z9{&Eq`}ZaRTm{pg1W~0;qSc?ogkw)4TR<_w1;7FL92wCJdoA#R&XWeqbRMcPQ&UqiLdeN!;nvbtYU=XqC%5m}a|vcv*w1zFw1{{Bz5E1RL~=;i3(Ln} zuGB(Ig5eAG7%kzV&^puuZigJACKnZ&2%8Ck#3JbMPIOGuPdT`=k zX-mRkA>BHjSP7|W0D!r5_Flm1!AnEt*CFcFqv*z5sZD*kjF-Ae*McdG{F>6OSyr!) zT1a6M7K)x=R=L&g=oro6O+CQlkerrQ3ITc4?t0t`8O8&N2L%~dgieI#X2ToySVA3x-vip;6J&RIEWL~0S$0!sqV?W%{ayQS`)YNJ@NPN-~VyP z1`RMds_+kSGvChQzbted8r)v&SKi1ukW0akh4_Ojd>n8V?c)(ZztxrqOT-h0eqFe6 zP%BGrXm0JUdocgB&1q?tmX&>lwwzo5`Xf}I?{281qbpU2SMmp<2i@IAED^c5Rb&z@ z95`ga3gq%Abjf)`u3guKB$hk#RZ8`H|M<8p>8ospccOmm!5pH%-zHvXaI;qIi0FHt z@R}JS3OC29s~5ON!ZpYRBpZ1PbIEeY9Z?<5LwF+&;9&FNRTvMhjna^WP>k#{|M{K6 z_0JEMs}3lA0lOc7;~(|mW3hA!xU|FnomUNk%t6?d%4bJ93!;%?rqDKGcp95b=u_xiA%qj3pyYDEk6R-|)+H z(2Id$kmJ9q~$1eru=z@)^~hk*pdIS8*1`H~!LeY6Z@Kr|9bJs5>s zn-1t-zBCJ&7zPlK@xy2o`kTh#KqQu`@9*{y#UuK{nut?u)pje-I{Qg6kE=s%V1$sj z2u%gqlNd`0191^ST zoo;n#2P!SINfPiQ5xj*&VtP1S&FkF($;rP{;UZJ$3tX2_JE@Mv7GM9579dnE3rR>W z$JV62v*YRVm=O$Rs-NKf2JYLD!N{Mc_)=_3ed#yE?k5kGDIj-3J5+{D35;z(xLPup z^(=^dOhDjSa`uFhfY-FG3u~(SJ&W8geu||X+n4&~`e6Zq2x9k+TgVL9L5(xSkB&b* zE*gbn?AjA7xa{K6();jzV)SYuw(hu7z(X~|ptT9=SyTBdQ#bL5iM5u*QKpMN6R37E zBI!JM2Sl(g;H{Vu7=RjZ4?-AGvr^z$m!kE?P$2}y)2f#f#`}@;2{4H{pcr^{0Uh%x zjtf)mzzwBP29u>k>u-e3jaUxt%vlt-ByM7=`eAhWNU-gx{s^M5nNpJ-h)RS&^^}Ky zp=F(dB3KRp1FHBp@T_6vPV5vmm9B}2KOPPFk_Qy5ydkHqelgOlA zhpAk*5w;K_!GDnX=HO4}3ug!Q@l1$r4#Q9+!;a%7OklLniOWT61lunG7cnRp%W&j@ zL#ZW@KR~O64FSmB*coJK37I3`Qh9WsK+t~T0P+duO@VZkBJYDBv}QpY3@kDvzCepq zMMU)bKUzBzaIDw0?LR4LRw>PC(704cTINcN6loSEl~8G-WJv*7KHhs3+wdS9wr`IBXd?fT=XNg~1eA#h;!;rbzO$KSnDRq z1h-M3Pr-fMg7cklE!;tnD}*vtYpGnp=Dh<_PlzZUYX|$_FH=;g6MM3tzIej$;qAy) zbFx@eY^a>ipMtH^g7x;}h@75e7|rEUY~6o8mw_#D*L<052k2Kj=u;8p6Rf4G$?%^a z%Pjv^L}?{_jE=d=E~4-;$K`^REeu3hxaC!67gLL&q*SYaN;4bSzjn*S2@@v76^5?o z;hf$%ru>JIBin;x@H`DfQ}Xur{Q=-^)=GyYA>tdUtlV>#s!hfRO1$>j(N=m`-V1*x z(lwQ88I6tafSVFtnmM`$?P@KSsf$%G`VKrx(HGFW1*RqjP=m`52^IE-%ls?9JB#UB ztgTN3uhZXq2xT2UcRA_~6?x|<9^k+pQ|B9Z&TkP;Dv)4uefsP{98dgCu29j7=46N+ zyl=9qDny8C(H!@Rij>yYnzGt&S8gqoNmq?}i~k62LMo5eRu&hz8cd&C*ZiY{@H`{& z1=%b9wEQgt)b0RnVW}w=3}MOZ@%(3`1L7#iNiLu_7#gZMT_xbB-d}Fkc2=T-X8E71 ztPm9^U2MJm{Z;}7eS9b9w{Ree!Pd752Cc|^hCb!=p3XrXrzBijN#4a&p}?{c zsl^vIS}a|9s`q`+h?26h6HzjoaS{^w`bYk?>j}(8fBewMP(fTP>gvAwyp;vdYKef} z!E$Y@xFdd#$T|Xs{^Gdr(4jf;DdtFsBMyZe)9CU$&vLNBf|JW+HRl#)Qm2DmDTQKX zW?K;5`h=&$(#IG*k{gfMPgv+6{^XEl)|!{M_fP(skkIC~rG+iGcJ{GV8S>eosH=-1 zQBZ?WK{`k&BsPwmy!>7~*eF1SuPM+KirMnD&L+pBU*j`4ZfdsKEXv5p$Q^XZVjA`>`Q43} zm^;s&`3ST}tMW582^1e=G&BPKq#3@X9x^0Eh~|FtO)F9+H;F1(EJ5z0agLYc!2zmr zO>8XELMT~4df`vOf8dO$W+FSD(~&A5KcYl}m1gRqEDkAfv|kKLJes>_(f*V_3&eIGeB8kEDjwg8%Aqu z4^DSo77ZLt_8>lR$%F1YDZJd{8KR~wr8lk*DIK+e5exCxk21df}3wgYQVkUr)H ze+W7O1pV!cXa%6@$ItSRhh$O0-UThXNkl{-FjZ&6=nK7m3*z+RFgC|boiIq@_x4QF zNk6|eiRtrFc6tbHC%GuD8l@yqq5~-+7FgSt;d5+u9v1X@2wn1g6v;GzDQNsPG;DD1 z;B!uut?X_&~2_b0$$(LnrU;XSL($=M~pU%buoq zdXgX=W?TV>VK_H~@hV@=o^%iG}FiL)X@6)bbKJ=25ozTA;f zI7WyA!aY?s>@@!m)t=x&DX3s7lnQc_1zl-GG6c3%4pk*;vTGaiIXh03G+nuTSy%6VV%%l+eH~Cx?#la0^b9*E~iTF?>=&1!G~AO<`gL*ID(--HhI~W+WXZP zLU)b;x*+MW`?`Y;9svOo3RG9!?Z8%~t~`&NL1cp9@1)Ox?@kH-Tk%hjf}kqc+~ z3fZj5k%Cgf=%hbjTSf6kZX?`rsT{J&j51D6l1+uv62q!0*)ELv;HTZldckf_X*o|M ze5X-Quvo-c0C8ifeq)oeYK4A>wd}s3LcURJZs8Ro3jfqutSboL3(w4u#?`h+$%CveUH#Al-W?M+@$Oew+@8%@r?5`>U5~CMyUVwhol6>R z;Oe^k-M!H}kCx2w2*P^MKXBEMA!0C@+k4Xqy}#b*+Pym*YR>1_m$#%lc2tF?RcdU~ ztt1hd$yTgw?!UR$S3ATK%9hz;n2fLkR%x)+WZq#3WSsg*Uqno_bez6F(JA1~d;Ggy3BW0Ra_s7Ywwk zR)=1$-FQquutE@p1q=1h=ZPyPTN7PHnmK0~;oeiJdU@hDQNgWo4LkMi);Igw&R{g_ zLVPrVx|($@FaAo)SRI=RN!49a3Ft)gRr~OrA8}N$xuTNdF9>UDBDj?Ml_Rs}viCDF z0&%S0GT^J-_~(^jf-^!U`s?@WBmeTp@(KQzgwx-6seery<$cX}!5Utz{i%o0F@6rQ0WiS3sNa^E z;zNABFwaoxQ%jUE{5=S0`|{?ffZska3EmRN&Xi|D^Y8n}&7Vsr9YI>KKarWsIRAJP(0dt>z? zD>R3K{v>b4>2f#d+B^VHA#{Ez0Kk4gsqiZ%!{pH-;yzh2 ziPMIr+^ul@kkotbtW-Y1XE_M6(F+e`41qa1!yxSuc>!1;dK07asA=WbybwCwy7Sq! zoxhDqL^mS_`m!#OoG8!92N@6|Is7XnuvgX?0t)R2+Ny)l(>X*dSY@d;H^st)$Z1Tsh9e^5%{0|(5ol0cZs26Q9s-2t{1$j1j-_qm zr2d>{D2RAmZ(Uq&u1okEc4h8WZ^ZSMu3D@3VfY5>Rz9upac&!uEZ9KFz^R)abLSZV z)-H@gmeF%k3JRec+ML6Au`qt(qXg)ACP%&}Dc}(WRRKJ3#rP`{iW{#ZGiN&PZQ(Kp`2)n{zy9i7as zEb zTouz7??Uk^4%!%4r#Qd&m!1%N2M!&&WtR_XDAod{r>H)N7e#R)cUFocS4>+bhQ{Dh zwJ>(A+Q6?uP{W-}uAhFtkh)2fMMQ8RQVwrZ(!lmG>-Oh6D^oKv#?J|$JVm6ohV?Hk zAICnLwKH4COZE;v$q1TaNnwR|7POGD4S62q$Cl=XjiN!9($-kkUtl|MQT;?>%)Sw9 z;i^@4K##t%dQIvD@5pwD4Gue)j!DRW$*A|!GV8AixN#0@Tc~N;hRS0nH|$ez1mTts z%|c8igqi~`dNm3U#nSmL_J&fNFOECRR?c(Y35t@Qi9 z$<^N_atp<0Xu2*-rxajX*}F$?whA5+V@90gd%*#Bog&{B0KPVkd;V7&z|1cG|MPZ% zzlVi?*;TOLX{Y+oe*I2{W{Sg zH$*TPz@-7YaW`&=epg_^vURur43Dky-nzZtqV$jQbgggf&~q5xVq9EWU$+n^qyi8` zN!fXmMl{OfAq}WnYc7vmn?X(O3`My2@$BLRZP}vJE@>pcNMUT-T=?L@UhY`Oh-r5_sE^+=GA>PfF`@1}j$UYrbqXqQT0hHL_UM;xc#YX5(fjtHJ(-G`)L2J_e-f<>&X~%0__WDIUID1! zdn>J4Ykzskm4QOG!WiGX=-b$Vr(eE9HAj7ap2Qu=ZvJxv%2wVS`9NooQ!Yt*8tx22 z*(9OVyiZ+;1|ra(qhbI#p}SH`UzIT^)mh*$p4e zJ*6#{i9)_B{8fNaB~U6hq@PJG4F!+~*M}vdj2lsx?bkuKBZBrjG*tuH2tRt}2S{Kv z#o$Oj0L~DPg)H=ufGveNDmAs33IfjG?i2zbp=1B@v4k=~1^yJ`MP^M%knoa+vFo#A z%unC{pa_5*>V~uRT6O!aDnXu#ss4kC>3Lq`FEDEJ*`~FTUhgQ zi6U;3ChiAg_rbP;YIy*Lvz%u_w@HW#$V2*B`~hzELTd9EpF!O6KPX(D#3X^uQlG_6 zTRlK?+r`RO!Qx{=j{nL;TBu%A#Ly*a=#o6FYLIZb9L$$WN zd@sn$v4rSJi1wlOB)Cf*j*7DP`fNJWaXaKDPsi8V73i2zEz{Z=DEb%`L}(j{2jpDb zDh@a5Imur^Ex!sP09nJud1q$$XHBw7Hl{yASo0vbv_tNSnDlf;3J#ZK7e1!9d%CI# z;lR3Q-V@Z+)CzRGsBX=D)S&Y5{tdWtWcTiSI<<|5j~*QZIK!gJvEx)bs^QqnbrE=h zElG>_kiE0iU#gcGomEs;Kujvf2~+)vNM{WV%zpee{>k?rgaeasu>Q`dFMCU#Byr z^&A|sGUqiFMMYMq9p)v|%0EA4@r&9(gfT%Lk}kkQ3!)QN?ht`XcoycgctbP4XuoRa zP%jkefd4uqlR)ILux+5gaf}OW<21^^3p>6B0iZr>A5g1ym@XLbK5z`^l8`Z_<4Ar*ZK4m6d-D#rl8J*8R&`YH5XC2|CLEt@{m6N;UcIJ;i;dWK;hC(E``j zV>g{CLO~ar0P_;A4q~1rZhQt77NNd}RJJL(MvgxFmr>UeJ zl@RyUrSue2tf`-Dh9(T@<*F*|yE)C={VBM64;f;a+DoVdOG9T2>HOG~U#k`FIRI4o zxo&-9tmR)v{{cy8={%Ir^| zGn?e>ZjVui2pKW#EK|m-m`($B0XE%zoK70#{&p@E5cKEnv zkf6KJIOFuxfU`TqWww;UbTCiO-ZxAW5_7o}S@HzGk6<k-r?g#FnF20~6W9ug z;2?x3Z{qTsLSdDk?4boED?}TVM=zg$N3|qI@pOrDAJIA<~a4VQCDYs~ngA-YeAU|T= z8cJ7DhaiQNU(z_UZVi==`NY-VEIHGd3~b|dUkpvkX+<#d2nDui51{hA`}Aoq&U@DmHDoxV6`mnQeI{7=k+F;ERT80nfoDRq+7=igp*W)ZNjT}Ite;fZLCnBJ z0QxW{iJ*txAxtu|_rvoW7ltVESe~7*DxdX4BI#CcG;{i*AIv(*%3dHHj<{b9)=bRC z2EQK??qM8h6447nWh>}nUIIgbZ*UgpmKX!r0y$y{lT-k$iq0d zOjrPnG@ibxgY@vp<5&K&R875qpv%c)D%Y-E*_Pg^!o+sBhKlsmk!qG-uRrZ>e91NE z@U{HWe<*tC%?mJBkr^^&#zlksO0wCGF3QJBzP8-aY#u&;SIE}=S)ZU0Dw6an60f%R z4C?p7DcJr})w_4~Nb#!3d@~+DUc~eXd8MUcQNXFxl#IP0c19B!fO38;0VB zeJLWsfP~T_X0`Y1*|V=9iaO!%KYrxMd-?aIMqkEZ*~!UioTB1PpXX1X4rfll^eL?T zs>;gax$95dy44((MvfanmqA%snZ}hYi9~WFH6&Gq5vkAgWp&O2bi4&H$OG9ITKUK` zXQuPQs@hsJC#UPIl`-p98l8@gjvhaLyx-~5|_U*jIi%&qx$mCMuFy3f6FZ4OjS&*?hX4b$TbFN*# zzLes-`9n3`ep1`%2Qo{tIrw6C9Eb8XXrJyk= z?t>SmasReVy_vs3Juqru3L52$Rp-u~GhA-39=O=dZ0Z|p1x7CQRZytSzV`-7aUAek zS!wAv>mtruKc-4T(eJBgjD}>FN`hL4f!?|67u(xMg}A)wocsLwTYTKMIGyCDlKy?% zrGj6R1}xdI;qnT%%286o#J5kb9^F%X?Y1Xin)s^RbH*_7wSTAKe|^7aC-L7MXLRZy zzP2CUL5eTCyn0Ht<7?`)8V8Fx($aJ7yG-;Ct*sg=UekZCzWz!(y9rp~|KRlKd7_ai$gaqmA*vA7{K&4?90-_o+Es49^UD9s~&m|G+ny@$%>QcTRp z%?is>cHTz)^QLqtALYj*bL^ysR5nPyoD2yWIz-29Te=heH<y5I9hsR5#h~#J5XM6shmpA&*Z!;wKJ?A<`wyd={T+>l+vtIOkzt22yz~_`1PQ;f0 z$1oQ5KqDxyXo#g~rCethcw9IV=qLbE(S=znzwp1h7##p)W&Vjn~pz z#w=FPWp?U;^_aA+Mc(g*q|xTOMfK4ZEWa}{GjloO8FYT0L&E48a@TNX0o{gB*Ys$* zHhC`_UD<5Un_mE?E?TxMs=VBmEAoH|Zb%z6aNzUo>@a?XEi}uA6#XhqMy8{E zjkhuOdRF8ERaI5bh`J|^A6Ho$MB$%HN8;cHO{ph~ zR;;*+md*%qX2zpOIdFw%nwpx1J0Zd{n>llj7^KZTe9Im6IZwJlAE}2MmdMw@;mofr zIdSr2K`p|_(+EMrsVX%#8nb+@?>J_wQ2+V>ZgMa&BYjllrAzCx>!OpAv|ZiZ?b!z` zvKLULCypHp%gC55-J!!Q9~h-=P}iBEdR9Kym>7xo>N*sLZl%W!#qFc{YW|Id78aMl z5#AvpJE2(p>h>~@+dL4}eZN?v@J@6rI|xa12~^$PN|D*Q4~vVf8jGAm^;hT{Yop8< z_}TPe0ewF9K&f*pg)i0nV!ejntzRa&#yttqiDEDb*Y~KPU>OVL(v>TVIiYShkom3O zv?-6rsODO?W&*sn?xUR~V{j?@NZozT!?M8$&Z65jNO2qy0#eL5U zlgT4zKPTtjq1)@tawVOIZ|Nr0zP%H${q2UA_HJ<3^>p_2=wj|EJ%#b}MhiSWQ`khT z#EHS$t_xaPTGnsexOn~gs$a7>e4Q>2ztd zX^3{Ih9@%r>+$jHS@jL}r2EbZ6_Oee&M7rZt2RmWKioL*aZg#8^-A@?z5@qdI(>TJ z6m|7Wk `>Q)!i`SXt(kM<=83~y?3<9@CD{UwXjz31SKTJRAmFAEB)^=`z+XQZVW zqRk($prEkuGUAVSl$m+N_gxXCbI~?(PxP~&thd)|YT|EJIrdeiY zx3mrFk1{h&IK#wtMf)8!eX|9^UY}lX0JaE8$Qy3D#VUuvv4*mtPMaI@Gs!Z_zrX;na=O!g+UKrfr-? z(utp?9@_e@@Nmj5gF8B0wGQs#A0!_>_ulOO`Df<24fx5xK=XEW0Yc32nwl20nHTMs z^;1}Ls(1?Ty6fYe@X221Iy;@~+rR&hXJmIe`?=TNHiKWkT0=mRNMu%-4ijJdr|&6} z`(ot?e_-Y;GJ##wmF50(qT%q$F?+IIM_rBHas`z+&%S-VTGN*1topHHf2RW@+yAns z?N2Ii(wNkil1P>x`6p?@eto?m*W%)Gj+@H1{q0e@{o5|48=Fad3^1% g{F7fl*4qBbkr&VN`~RdOuFB}AxihcMSo!n+0&PyhlmGw# literal 0 HcmV?d00001 diff --git a/docs/guides/auto-backup/workload/index.md b/docs/guides/auto-backup/workload/index.md new file mode 100644 index 0000000..fbd8e4e --- /dev/null +++ b/docs/guides/auto-backup/workload/index.md @@ -0,0 +1,730 @@ +--- +title: Auto Backup Workload | Stash +description: An step by step guide on how to configure automatic backup for workloads. +menu: + docs_{{ .version }}: + identifier: auto-backup-workload + name: Auto Backup for Workloads + parent: auto-backup + weight: 20 +product_name: kubestash +menu_name: docs_{{ .version }} +section_menu_id: guides +--- + +# Auto Backup for Workloads + +This tutorial will show you how to configure automatic backup for Kubernetes workloads. Here, we are going to show a demo on how we can backup Deployments, StatefulSets, and DaemonSets using a common blueprint. + +## Before You Begin + +- At first, you need to have a Kubernetes cluster, and the `kubectl` command-line tool must be configured to communicate with your cluster. If you do not already have a cluster, you can create one using [kind](https://kind.sigs.k8s.io/docs/user/quick-start/). + +- Install `Stash` in your cluster following the steps [here](/docs/setup/README.md). + +- You should be familiar with the following Stash concepts: + - [Repository](/docs/concepts/crds/repository/index.md) + - [BackupConfiguration](/docs/concepts/crds/backupconfiguration/index.md) + - [BackupBlueprint](/docs/concepts/crds/backupblueprint/index.md) + - [BackupSession](/docs/concepts/crds/backupsession/index.md) + +To keep things isolated, we are going to use a separate namespace called `demo` throughout this tutorial. + +```bash +$ kubectl create namespace demo +namespace/demo created +``` + +## Prepare Backup Blueprint + +We are going to use [GCS Backend](/docs/guides/backends/gcs/index.md) to store the backed up data. You can use any supported backend you prefer. You just have to configure Storage Secret and `spec.backend` section of `BackupBlueprint` to match your backend. To learn which backends are supported by Stash and how to configure them, please visit [here](/docs/guides/backends/overview/index.md). + +> For GCS backend, if the bucket does not exist, Stash needs `Storage Object Admin` role permissions to create the bucket. For more details, please check the following [guide](/docs/guides/backends/gcs/index.md). + +**Create Storage Secret:** + +At first, let's create a Storage Secret for the GCS backend, + +```bash +$ echo -n 'changeit' > RESTIC_PASSWORD +$ echo -n '' > GOOGLE_PROJECT_ID +$ mv downloaded-sa-json.key GOOGLE_SERVICE_ACCOUNT_JSON_KEY +$ kubectl create secret generic -n demo gcs-secret \ + --from-file=./RESTIC_PASSWORD \ + --from-file=./GOOGLE_PROJECT_ID \ + --from-file=./GOOGLE_SERVICE_ACCOUNT_JSON_KEY +secret/gcs-secret created +``` + +**Create BackupBlueprint:** + +Now, we have to create a `BackupBlueprint` crd with a blueprint for `Repository` and `BackupConfiguration` object. + +Below is the YAML of the `BackupBlueprint` object that we are going to create, + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: BackupBlueprint +metadata: + name: workload-backup-blueprint +spec: + # ============== Blueprint for Repository ========================== + backend: + gcs: + bucket: appscode-qa + prefix: stash-backup/${TARGET_NAMESPACE}/${TARGET_KIND}/${TARGET_NAME} + storageSecretName: gcs-secret + # ============== Blueprint for BackupConfiguration ================= + schedule: "*/5 * * * *" + retentionPolicy: + name: 'keep-last-5' + keepLast: 5 + prune: true +``` + +Note that we have used some variables (format: `${}`) in `backend.gcs.prefix` field. Stash will substitute these variables with values from the respective target. Since the resolved prefix will be different for different workload, the backed up data will be stored in different directory inside the bucket. To know which variable you can use in this `prefix` field, please visit [here](/docs/concepts/crds/backupblueprint/index.md#repository-blueprint). + +Let's create the `BackupBlueprint` that we have shown above, + +```bash +$ kubectl apply -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/guides/auto-backup/workload/examples/backupblueprint.yaml +backupblueprint.stash.appscode.com/workload-backup-blueprint created +``` + +Now, automatic backup is configured for Kubernetes workloads (`Deployment`, `StatefulSet`, `DaemonSet` etc.). We just have to add some annotations to the targeted workload to enable periodic backup. + +**Available Auto-Backup Annotations for Workloads:** + +You have to add the auto-backup annotations to the workload that you want to backup. The following auto-backup annotations are available for a workload: + +- **BackupBlueprint Name:** You have to specify the `BackupBlueprint` name that holds the template for `Repository` and `BackupConfiguration` in the following annotation: + +```yaml +stash.appscode.com/backup-blueprint: +``` + +You can also specify multiple BackupBlueprint name separated by comma (`,`). For example: + +```yaml +stash.appscode.com/backup-blueprint: daily-gcs-backup,weekly-s3-backup +``` + +- **Schedule:** You can specify a schedule to backup this target through this annotation. If you don't specify this annotation, schedule from the `BackupBlueprint` will be used. + +```yaml + stash.appscode.com/schedule: +``` + +- **Target Paths:** You have to specify a list of paths that you want to backup through this annotation. Use comma (`,`) to separate multiple file paths. For example, `"/my/target/dir-1,/my/target/dir-2"`. + +```yaml +stash.appscode.com/target-paths: "" +``` + +- **Volume Mounts:** You have to also specify a list of Volumes and their MountPath and SubPath where the targeted paths are located. Use `"::"` format to specify the volumes. The `:` part is optional. Use comma (`,`) to specify multiple volumes and mount path. For example, `"vol-1:/mount/path-1:sub/path-1,vol-2:/mount/path-2"`. + +```yaml +stash.appscode.com/volume-mounts: "::" +``` + +## Backup Deployment + +Now, we are going to backup a Deployment using the blueprint we have configured earlier. We are going to mount two ConfigMap volume in two different directories of the Deployment. Then, we are going to backup those directories using automatic backup. + +**Create Deployment:** + +Below is the YAML of the Deployment and respective ConfigMaps that we are going to create, + +```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: stash-sample-data-1 + namespace: demo +data: + file1.txt: "Data from ConfigMap 'stash-sample-data-1'" +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: stash-sample-data-2 + namespace: demo +data: + file2.txt: "Data from ConfigMap 'stash-sample-data-2'" +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: stash-demo + name: stash-demo + namespace: demo + annotations: + stash.appscode.com/backup-blueprint: workload-backup-blueprint + stash.appscode.com/target-paths: "/source/data-1,/source/data-2" + stash.appscode.com/volume-mounts: "source-data-1:/source/data-1,source-data-2:/source/data-2" + stash.appscode.com/schedule: "*/15 * * * *" +spec: + replicas: 3 + selector: + matchLabels: + app: stash-demo + template: + metadata: + labels: + app: stash-demo + name: busybox + spec: + containers: + - args: + - sleep + - "3600" + image: busybox + imagePullPolicy: IfNotPresent + name: busybox + volumeMounts: + - mountPath: /source/data-1 + name: source-data-1 + - mountPath: /source/data-2 + name: source-data-2 + restartPolicy: Always + volumes: + - name: source-data-1 + configMap: + name: stash-sample-data-1 + - name: source-data-2 + configMap: + name: stash-sample-data-2 +``` + +Notice the `metadata.annotations` field. We have specified the automatic backup specific annotations to backup `/source/data-1` and `/source/data-2` directories of the `source-data-1` and `source-data-2` volumes respectively. We have also specified to use `workload-backup-blueprint` BackupBlueprint for creating `Repository` and `BackupConfiguration` for this Deployment. BackupBlueprint is a non-namespaced resource, so we just need to specify the name of the blueprint. + +Let's create the above Deployment, + +```bash +$ kubectl apply -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/guides/auto-backup/workload/examples/deployment.yaml +configmap/stash-sample-data-1 created +configmap/stash-sample-data-2 created +deployment.apps/stash-demo created +``` + +If everything goes well, Stash will create a `Repository` and a `BackupConfiguration` with the name in the following format: `-`. + +**Verify Repository:** + +Verify that the Repository has been created successfully by the following command, + +```bash +$ kubectl get repository -n demo +NAME INTEGRITY SIZE SNAPSHOT-COUNT LAST-SUCCESSFUL-BACKUP AGE +deployment-stash-demo 9s +``` + +If we view the YAML of this Repository, we are going to see that the variables `${TARGET_NAMESPACE}`, `${TARGET_KIND}` and `${TARGET_NAME}` has been replaced by `demo`, `deployment` and `stash-demo` respectively. + +```bash +$ kubectl get repository -n demo deployment-stash-demo -o yaml +``` + +```yaml +apiVersion: stash.appscode.com/v1alpha1 +kind: Repository +metadata: + name: deployment-stash-demo + namespace: demo + ... +spec: + backend: + gcs: + bucket: appscode-qa + prefix: stash-backup/demo/deployment/stash-demo + storageSecretName: gcs-secret +``` + +**Verify BackupConfiguratoin:** + +If everything goes well, Stash should create a `BackupConfiguration` for our Deployment and the phase of that `BackupConfiguration` should be `Ready`. Verify that the `BackupConfiguration` has been created by the following command, + +```bash +$ kubectl get backupconfiguration -n demo +NAME TASK SCHEDULE PAUSED PHASE AGE +deployment-stash-demo */15 * * * * Ready 19s +``` + +Let's check the YAML of this `BackupConfiguration`, + +```bash +$ kubectl get backupconfiguration -n demo deployment-stash-demo -o yaml +``` + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: deployment-stash-demo + namespace: demo + ... +spec: + repository: + name: deployment-stash-demo + retentionPolicy: + keepLast: 5 + name: keep-last-5 + prune: true + runtimeSettings: {} + schedule: '*/15 * * * *' + target: + paths: + - /source/data-1 + - /source/data-2 + ref: + apiVersion: apps/v1 + kind: Deployment + name: stash-demo + volumeMounts: + - mountPath: /source/data-1 + name: source-data-1 + - mountPath: /source/data-2 + name: source-data-2 + task: {} + tempDir: {} +``` + +Notice that the `spec.target.ref` is pointing to the `stash-demo` Deployment. Also, notice that the `spec.target.paths` and `spec.target.volumeMounts` fields have been populated with the information we had provided as annotation of the Deployment. + +**Wait for BackupSession:** + +Now, wait for the next backup schedule. Run the following command to watch `BackupSession` crd: + +```bash +$ watch -n 1 kubectl get backupsession -n demo -l=stash.appscode.com/backup-configuration=deployment-stash-demo + +Every 1.0s: kubectl get backupsession -n demo workstation: Wed Jun 26 12:20:31 2019 +NAME INVOKER-TYPE INVOKER-NAME PHASE AGE +deployment-stash-demo-1561530008 BackupConfiguration deployment-stash-demo Succeeded 61s +``` + +>Note: Respective CronJob creates `BackupSession` crd with the following label `stash.appscode.com/backup-configuration=`. We can use this label to watch only the `BackupSession` of our desired `BackupConfiguration`. + +**Verify Backup:** + +When backup session is completed, Stash will update the respective `Repository` to reflect the latest state of backed up data. + +Run the following command to check if the snapshots are stored in the backend, + +```bash +$ kubectl get repository -n demo deployment-stash-demo +NAME INTEGRITY SIZE SNAPSHOT-COUNT LAST-SUCCESSFUL-BACKUP AGE +deployment-stash-demo true 246 B 2 70s 5m +``` + +> Stash creates one snapshot for each targeted file path. Since we are taking backup of two file paths, two snapshots have been created for this BackupSession. + +If we navigate to `stash-backup/demo/deployment/stash-demo` directory of our GCS bucket, we are going to see that the snapshot has been stored there. + +
    +  Backup data in GCS backend +
    Fig: Backup data in GCS backend
    +
    + +>Stash keeps all backup data encrypted. So, snapshot files in the bucket will not contain any meaningful data until they are decrypted. + +## Backup StatefulSet + +Now, we are going to backup a StatefulSet with the same blueprint we have used to backup Deployment in the previous section. + +**Create StatefulSet:** + +We are going to create a StatefulSet with 3 replicas. We are going to configure the StatefulSet to generate sample data in each replica. + +Below is the YAML of the StatefulSet that we are going to create, + +```yaml +apiVersion: v1 +kind: Service +metadata: + name: headless + namespace: demo +spec: + ports: + - name: http + port: 80 + targetPort: 0 + selector: + app: stash-demo + clusterIP: None +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: sts-demo + namespace: demo + labels: + app: stash-demo + annotations: + stash.appscode.com/backup-blueprint: workload-backup-blueprint + stash.appscode.com/target-paths: "/source/data-1,/source/data-2" + stash.appscode.com/volume-mounts: "source-data-1:/source/data-1,source-data-2:/source/data-2" +spec: + replicas: 3 + selector: + matchLabels: + app: stash-demo + serviceName: headless + template: + metadata: + labels: + app: stash-demo + spec: + containers: + - name: busybox + image: busybox + command: ["/bin/sh", "-c"] + args: ["touch /source/data-1/sample-file-1.txt && touch /source/data-2/sample-file-2.txt && sleep 3000"] + imagePullPolicy: IfNotPresent + volumeMounts: + - mountPath: /source/data-1 + name: source-data-1 + - mountPath: /source/data-2 + name: source-data-2 + volumeClaimTemplates: + - metadata: + name: source-data-1 + spec: + accessModes: [ "ReadWriteOnce" ] + storageClassName: "standard" + resources: + requests: + storage: 1Gi + - metadata: + name: source-data-2 + spec: + accessModes: [ "ReadWriteOnce" ] + storageClassName: "standard" + resources: + requests: + storage: 1Gi +``` + +Notice the `metadata.annotations` field. We have specified automatic backup specific annotations similarly as we had specified in the Deployment in the previous section. + +Let's create the StatefulSet we have created above, + +```bash +$ kubectl apply -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/guides/auto-backup/workload/examples/statefulset.yaml +service/headless created +statefulset.apps/sts-demo created +``` + +**Verify Repository:** + +Verify that a Repository has been created for this StatefulSet using the following command, + +```bash +$ kubectl get repository -n demo +NAME INTEGRITY SIZE SNAPSHOT-COUNT LAST-SUCCESSFUL-BACKUP AGE +deployment-stash-demo true 410 B 10 14s 39m +statefulset-sts-demo 31s +``` + +Here, `statefulset-sts-demo` Repository has been created for our `sts-demo` StatefulSet. + +Let's view the YAML of the Repository, + +```bash +$ kubectl get repository -n demo statefulset-sts-demo -o yaml +``` + +```yaml +apiVersion: stash.appscode.com/v1alpha1 +kind: Repository +metadata: + name: statefulset-sts-demo + namespace: demo + ... +spec: + backend: + gcs: + bucket: appscode-qa + prefix: stash-backup/demo/statefulset/sts-demo + storageSecretName: gcs-secret +``` + +Notice that the variables of the `prefix` field of `BackupBlueprint` is now replaced with `demo`, `statefulset` and `sts-demo` respectively. + +**Verify BackupConfiguratoin:** + +Verify that a `BackupConfiguration` has been created and in `Ready` Phase for this StatefulSet using the following command, + +```bash +$ kubectl get backupconfiguration -n demo +NAME TASK SCHEDULE PAUSED PHASE AGE +deployment-stash-demo */5 * * * * Ready 40m +statefulset-sts-demo */5 * * * * Ready 105s +``` + +Here, `statefulset-sts-demo` has been created for the StatefulSet `sts-demo`. You can check the YAML of this `BackupConfiguration` to see that the target field is pointing to this StatefulSet. + +```bash +$ kubectl get backupconfiguration -n demo statefulset-sts-demo -o yaml +``` + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: statefulset-sts-demo + namespace: demo + ... +spec: + repository: + name: statefulset-sts-demo + retentionPolicy: + keepLast: 5 + name: keep-last-5 + prune: true + runtimeSettings: {} + schedule: '*/5 * * * *' + target: + paths: + - /source/data-1 + - /source/data-2 + ref: + apiVersion: apps/v1 + kind: StatefulSet + name: sts-demo + volumeMounts: + - mountPath: /source/data-1 + name: source-data-1 + - mountPath: /source/data-2 + name: source-data-2 + task: {} + tempDir: {} +``` + +**Wait for BackupSession:** + +Now, wait for the next backup schedule. Watch the `BackupSession` of the BackupConfiguration `statefulset-sts-demo` using the following command, + +```bash +$ watch -n 1 kubectl get backupsession -n demo -l=stash.appscode.com/backup-configuration=statefulset-sts-demo +Every 1.0s: kubectl get backupsession -n demo -l=stash.appscode.com/backup-... workstation: Wed Jun 26 13:01:22 2019 + +NAME INVOKER-TYPE INVOKER-NAME PHASE AGE +statefulset-sts-demo-1561532403 BackupConfiguration statefulset-sts-demo Succeeded 2m21s +``` + +**Verify Backup:** + +Once the backup session is completed, verify that the `Repository` has been updated to reflect the backup using the following command, + +```bash +$ kubectl get repository -n demo statefulset-sts-demo +NAME INTEGRITY SIZE SNAPSHOT-COUNT LAST-SUCCESSFUL-BACKUP AGE +statefulset-sts-demo true 0 B 6 32s 7m29s +``` + +>For StatfulSet, Stash takes backup from every replica. Since we are using a StatefulSet with 3 replicas and we are taking backup of 2 file paths, total 6 snapshots have been created for this BackupSession. + +If we navigate to `stash-backup/demo/statefulset/sts-demo` directory of our GCS bucket, we are going to see that the snapshot been stored there. + +
    +  Backup data of `sts-demo` StatefulSet in GCS backend +
    Fig: Backup data of StatefulSet "sts-demo" in GCS backend
    +
    + +## Backup DaemonSet + +Now, we are going to use the same blueprint to backup a DaemonSet. We are going to mount a ConfigMap in `/etc/config` directory. Then, we are going to backup this directory using automatic backup. + +**Create DaemonSet:** + +Below is the YAML of the DaemonSet that we are going to create, + +```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: my-daemon-config + namespace: demo +data: + config-file-1.txt: "This is first config file" + config-file-2.txt: "This is second config file" +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + labels: + app: stash-demo + name: dmn-demo + namespace: demo + annotations: + stash.appscode.com/backup-blueprint: workload-backup-blueprint + stash.appscode.com/target-paths: "/etc/config" + stash.appscode.com/volume-mounts: "dmn-config:/etc/config" +spec: + selector: + matchLabels: + app: stash-demo + template: + metadata: + labels: + app: stash-demo + name: busybox + spec: + containers: + - name: busybox + args: + - sleep + - "3600" + image: busybox + imagePullPolicy: IfNotPresent + volumeMounts: + - mountPath: /etc/config + name: dmn-config + restartPolicy: Always + volumes: + - name: dmn-config + configMap: + name: my-daemon-config +``` + +Notice the `metadata.annotations` field. We have specified automatic backup specific annotations to backup our desired file path. + +Let's create the DaemonSet we have shown above, + +```bash +$ kubectl apply -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/guides/auto-backup/workload/examples/daemonset.yaml +configmap/my-daemon-config created +daemonset.apps/dmn-demo created +``` + +**Verify Repository:** + +Verify that a `Repository` has been created for this DaemonSet using the following command, + +```bash +$ kubectl get repository -n demo +NAME INTEGRITY SIZE SNAPSHOT-COUNT LAST-SUCCESSFUL-BACKUP AGE +daemonset-dmn-demo 28s +deployment-stash-demo true 410 B 10 6m3s 70m +statefulset-sts-demo true 0 B 26 6m6s 31m +``` + +Here, `daemonset-dmn-demo` Repository has been created for our `dmn-demo` DaemonSet. + +Let's view the YAML of the Repository, + +```bash +$ kubectl get repository -n demo daemonset-dmn-demo -o yaml +``` + +```yaml +apiVersion: stash.appscode.com/v1alpha1 +kind: Repository +metadata: + name: daemonset-dmn-demo + namespace: demo + ... +spec: + backend: + gcs: + bucket: appscode-qa + prefix: stash-backup/demo/daemonset/dmn-demo + storageSecretName: gcs-secret +``` + +**Verify BackupConfiguratoin:** +If everything goes well, Stash should create a `BackupConfiguration` for our DaemonSet and the phase of that `BackupConfiguration` should be `Ready`. Verify the `BackupConfiguration` crd by the following command, + +```bash +$ kubectl get backupconfiguration -n demo +NAME TASK SCHEDULE PAUSED PHASE AGE +daemonset-dmn-demo */5 * * * * Ready 90s +deployment-stash-demo */5 * * * * Ready 71m +statefulset-sts-demo */5 * * * * Ready 32m +``` + +Here, `daemonset-dmn-demo` has been created for the DaemonSet `dmn-demo`. You can check the YAML of this `BackupConfiguration` to see that the target field is pointing to this DaemonSet. + +```bash +$ kubectl get backupconfiguration -n demo daemonset-dmn-demo -o yaml +``` + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: daemonset-dmn-demo + namespace: demo + ... +spec: + repository: + name: daemonset-dmn-demo + retentionPolicy: + keepLast: 5 + name: keep-last-5 + prune: true + runtimeSettings: {} + schedule: '*/5 * * * *' + target: + paths: + - /etc/config + ref: + apiVersion: apps/v1 + kind: DaemonSet + name: dmn-demo + volumeMounts: + - mountPath: /etc/config + name: dmn-config + task: {} + tempDir: {} +``` + +**Wait for BackupSession:** + +Now, wait for the next backup schedule. Watch the `BackupSession` of the BackupConfiguration `daemonset-dmn-demo` using the following command, + +```bash +$ watch -n 1 kubectl get backupsession -n demo -l=stash.appscode.com/backup-configuration=daemonset-dmn-demo + +Every 1.0s: kubectl get backupsession -n demo -l=stash.appscode.com/backup-... workstation: Wed Jun 26 13:30:14 2019 + +NAME INVOKER-TYPE INVOKER-NAME PHASE AGE +daemonset-dmn-demo-1561534208 BackupConfiguration daemonset-dmn-demo Succeeded 45s +``` + +**Verify Backup:** + +Once the backup session is completed, verify that the `Repository` has been updated to reflect the backup using the following command, + +```bash +$ kubectl get repository -n demo daemonset-dmn-demo +NAME INTEGRITY SIZE SNAPSHOT-COUNT LAST-SUCCESSFUL-BACKUP AGE +daemonset-dmn-demo true 51 B 1 5s 4m27s +``` + +>For DaemonSet, Stash takes backup from every daemon pod running on different nodes. Since we are using a single node cluster (Minikube), only 1 snapshot has been created for this BackupSession. + +If we navigate to `stash-backup/demo/daemonset/dmn-demo` directory of our GCS bucket, we are going to see that the snapshot been stored there. + +
    +  Backup data of `dmn-demo` DaemonSet in GCS backend +
    Fig: Backup data of DaemonSet "dmn-demo" in GCS backend
    +
    + +## Cleanup + +To cleanup the Kubernetes resources created by this tutorial, run: + +```bash +kubectl delete -n demo deployment/stash-demo +kubectl delete -n demo statefulset/sts-demo +kubectl delete -n demo daemonset/dmn-demo + +kubectl delete -n demo repository --all +kubectl delete -n demo secret/gcs-secret +kubectl delete -n demo backupblueprint/workload-backup-blueprint +``` + +If you would like to uninstall Stash operator, please follow the steps [here](/docs/setup/README.md). diff --git a/docs/guides/backends/_index.md b/docs/guides/backends/_index.md new file mode 100644 index 0000000..99d80f3 --- /dev/null +++ b/docs/guides/backends/_index.md @@ -0,0 +1,10 @@ +--- +title: Backends | Stash +menu: + docs_{{ .version }}: + identifier: backend + name: Supported Backends + parent: guides + weight: 10 +menu_name: docs_{{ .version }} +--- diff --git a/docs/guides/backends/azure/examples/azure.yaml b/docs/guides/backends/azure/examples/azure.yaml new file mode 100644 index 0000000..ef092cf --- /dev/null +++ b/docs/guides/backends/azure/examples/azure.yaml @@ -0,0 +1,11 @@ +apiVersion: stash.appscode.com/v1alpha1 +kind: Repository +metadata: + name: azure-repo + namespace: demo +spec: + backend: + azure: + container: stash-backup + prefix: /demo/deployment/my-deploy + storageSecretName: azure-secret diff --git a/docs/guides/backends/azure/index.md b/docs/guides/backends/azure/index.md new file mode 100644 index 0000000..91544b0 --- /dev/null +++ b/docs/guides/backends/azure/index.md @@ -0,0 +1,85 @@ +--- +title: Azure Backend | Stash +description: Configure Stash to use Microsoft Azure Storage as Backend. +menu: + docs_{{ .version }}: + identifier: backend-azure + name: Azure Blob Storage + parent: backend + weight: 40 +product_name: kubestash +menu_name: docs_{{ .version }} +section_menu_id: guides +--- + +# Microsoft Azure Storage + +Stash supports Microsoft's [Azure Blob Storage](https://azure.microsoft.com/en-us/services/storage/blobs/) as a backend. This tutorial will show you how to use this backend. + +In order to use Azure Blob Storage as backend, you have to create a `Secret` and a `Repository` object pointing to the desired blob container. + +#### Create Storage Secret + +To configure storage secret for this backend, following secret keys are needed: + +| Key | Type | Description | +| -------------------- | ---------- | ---------------------------------------------------------- | +| `RESTIC_PASSWORD` | `Required` | Password that will be used to encrypt the backup snapshots | +| `AZURE_ACCOUNT_NAME` | `Required` | Azure Storage account name | +| `AZURE_ACCOUNT_KEY` | `Required` | Azure Storage account key | + +Create storage secret as below, + +```bash +$ echo -n 'changeit' > RESTIC_PASSWORD +$ echo -n '' > AZURE_ACCOUNT_NAME +$ echo -n '' > AZURE_ACCOUNT_KEY +$ kubectl create secret generic -n demo azure-secret \ + --from-file=./RESTIC_PASSWORD \ + --from-file=./AZURE_ACCOUNT_NAME \ + --from-file=./AZURE_ACCOUNT_KEY +secret/azure-secret created +``` + +### Create Repository + +Now, you have to create a `Repository` crd. You have to provide the storage secret that we have created earlier in `spec.backend.storageSecretName` field. + +Following parameters are available for `azure` backend. + +| Parameter | Type | Description | +| ---------------------- | ---------- | ----------------------------------------------------------------------------------------------------------------------------------- | +| `azure.container` | `Required` | Name of Storage container. | +| `azure.prefix` | `Optional` | Path prefix inside the container where backed up data will be stored. | +| `azure.maxConnections` | `Optional` | Maximum number of parallel connections to use for uploading backup data. By default, Stash will use maximum 5 parallel connections. | + +Below, the YAML of a sample `Repository` crd that uses an Azure Blob container as a backend. + +```yaml +apiVersion: stash.appscode.com/v1alpha1 +kind: Repository +metadata: + name: azure-repo + namespace: demo +spec: + backend: + azure: + container: stash-backup + prefix: /demo/deployment/my-deploy + storageSecretName: azure-secret +``` + +Create the `Repository` we have shown above using the following command, + +```bash +$ kubectl apply -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/guides/backends/azure/examples/azure.yaml +repository/azure-repo created +``` + +Now, we are ready to use this backend to backup our desired data using Stash. + +## Next Steps + +- Learn how to use Stash to backup workloads data from [here](/docs/guides/workloads/overview/index.md). +- Learn how to use Stash to backup databases from [here](/docs/guides/addons/overview/index.md). +- Learn how to use Stash to backup stand-alone PVC from [here](/docs/guides/volumes/overview/index.md). diff --git a/docs/guides/backends/b2/examples/b2.yaml b/docs/guides/backends/b2/examples/b2.yaml new file mode 100644 index 0000000..e03411c --- /dev/null +++ b/docs/guides/backends/b2/examples/b2.yaml @@ -0,0 +1,11 @@ +apiVersion: stash.appscode.com/v1alpha1 +kind: Repository +metadata: + name: b2-repo + namespace: demo +spec: + backend: + b2: + bucket: stash-backup + prefix: /demo/deployment/my-deploy + storageSecretName: b2-secret diff --git a/docs/guides/backends/b2/index.md b/docs/guides/backends/b2/index.md new file mode 100644 index 0000000..cbb021f --- /dev/null +++ b/docs/guides/backends/b2/index.md @@ -0,0 +1,87 @@ +--- +title: Backblaze B2 Backend | Stash +description: Configure Stash to use Backblaze B2 as Backend. +menu: + docs_{{ .version }}: + identifier: backend-b2 + name: Backblaze B2 + parent: backend + weight: 70 +product_name: kubestash +menu_name: docs_{{ .version }} +section_menu_id: guides +--- + +# Backblaze B2 + +Stash supports Backblaze's [B2 Cloud Storage](https://www.backblaze.com/b2/cloud-storage.html) as a backend. This tutorial will show you how to use this backend. + +In order to use Backblaze B2 Cloud Storage as backend, you have to create a `Secret` and a `Repository` object pointing to the desired B2 bucket. + +>If the bucket does not exist yet and the credentials you have provided have the privilege to create bucket, it will be created automatically during the first backup. In this case, you have to make sure that the bucket name is unique across all B2 buckets. + +#### Create Storage Secret + +To configure storage secret for this backend, following secret keys are needed: + +| Key | Type | Description | +| ----------------- | ---------- | ----------------------------------------------------------- | +| `RESTIC_PASSWORD` | `Required` | Password that will be used to encrypt the backup snapshots. | +| `B2_ACCOUNT_ID` | `Required` | Backblaze B2 account id. | +| `B2_ACCOUNT_KEY` | `Required` | Backblaze B2 account key. | + +Create storage secret as below, + +```bash +$ echo -n 'changeit' > RESTIC_PASSWORD +$ echo -n '' > B2_ACCOUNT_ID +$ echo -n '' > B2_ACCOUNT_KEY +$ kubectl create secret generic -n demo b2-secret \ + --from-file=./RESTIC_PASSWORD \ + --from-file=./B2_ACCOUNT_ID \ + --from-file=./B2_ACCOUNT_KEY +secret/b2-secret created +``` + +### Create Repository + +Now, you have to create a `Repository` crd. You have to provide the storage secret that we have created earlier in `spec.backend.storageSecretName` field. + +Following parameters are available for `b2` backend, + +| Parameter | Type | Description | +| ------------------- | ---------- | ----------------------------------------------------------------------------------------------------------------------------------- | +| `b2.bucket` | `Required` | Name of the B2 bucket. | +| `b2.prefix` | `Optional` | Path prefix inside the bucket where the backed up data will be stored. | +| `b2.maxConnections` | `Optional` | Maximum number of parallel connections to use for uploading backup data. By default, Stash will use maximum 5 parallel connections. | + +Below, the YAML of a sample `Repository` crd that uses a B2 bucket as a backend. + +```yaml +apiVersion: stash.appscode.com/v1alpha1 +kind: Repository +metadata: + name: b2-repo + namespace: demo +spec: + backend: + b2: + bucket: stash-backup + prefix: /demo/deployment/my-deploy + storageSecretName: b2-secret +``` + +Create the `Repository` we have shown above using the following command, + +```bash +$ kubectl apply -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/guides/backends/b2/examples/b2.yaml +repository/b2-repo created +``` + +Now, we are ready to use this backend to backup our desired data using Stash. + +## Next Steps + +- Learn how to use Stash to backup workloads data from [here](/docs/guides/workloads/overview/index.md). +- Learn how to use Stash to backup databases from [here](/docs/guides/addons/overview/index.md). +- Learn how to use Stash to backup stand-alone PVC from [here](/docs/guides/volumes/overview/index.md). diff --git a/docs/guides/backends/gcs/examples/gcs.yaml b/docs/guides/backends/gcs/examples/gcs.yaml new file mode 100644 index 0000000..8dadcee --- /dev/null +++ b/docs/guides/backends/gcs/examples/gcs.yaml @@ -0,0 +1,11 @@ +apiVersion: stash.appscode.com/v1alpha1 +kind: Repository +metadata: + name: gcs-repo + namespace: demo +spec: + backend: + gcs: + bucket: stash-backup + prefix: /demo/deployment/my-deploy + storageSecretName: gcs-secret diff --git a/docs/guides/backends/gcs/index.md b/docs/guides/backends/gcs/index.md new file mode 100644 index 0000000..8c2ccdc --- /dev/null +++ b/docs/guides/backends/gcs/index.md @@ -0,0 +1,87 @@ +--- +title: GCS Backend | Stash +description: Configure Stash to use Google Cloud Storage (GCS) as Backend. +menu: + docs_{{ .version }}: + identifier: backend-gcs + name: Google Cloud Storage + parent: backend + weight: 50 +product_name: kubestash +menu_name: docs_{{ .version }} +section_menu_id: guides +--- + +# Google Cloud Storage (GCS) + +Stash supports [Google Cloud Storage(GCS)](https://cloud.google.com/storage/) as a backend. This tutorial will show you how to use this backend. + +In order to use Google Cloud Storage as backend, you have to create a `Secret` and a `Repository` object pointing to the desired GCS bucket. + +> If the bucket already exists, the Google Cloud service account you provide to Stash only needs `Storage Object Creator` role permission. However, if the bucket does not exist, Stash will create the bucket during the first backup. In this case, the Google Cloud service account key used for Stash must have `Storage Object Admin` role permission. To avoid giving this elevated level of permission to Stash, create the bucket manually (either from GCP console or gcloud cli) ahead of time. + +#### Create Storage Secret + +To configure storage secret for this backend, following secret keys are needed: + +| Key | Type | Description | +| --------------------------------- | ---------- | ----------------------------------------------------------- | +| `RESTIC_PASSWORD` | `Required` | Password that will be used to encrypt the backup snapshots. | +| `GOOGLE_PROJECT_ID` | `Required` | Google Cloud project ID. | +| `GOOGLE_SERVICE_ACCOUNT_JSON_KEY` | `Required` | Google Cloud service account json key. | + +Create storage secret as below, + +```bash +$ echo -n 'changeit' > RESTIC_PASSWORD +$ echo -n '' > GOOGLE_PROJECT_ID +$ mv downloaded-sa-json.key GOOGLE_SERVICE_ACCOUNT_JSON_KEY +$ kubectl create secret generic -n demo gcs-secret \ + --from-file=./RESTIC_PASSWORD \ + --from-file=./GOOGLE_PROJECT_ID \ + --from-file=./GOOGLE_SERVICE_ACCOUNT_JSON_KEY +secret/gcs-secret created +``` + +### Create Repository + +Now, you have to create a `Repository` crd. You have to provide the storage secret that we have created earlier in `spec.backend.storageSecretName` field. + +Following parameters are available for `gcs` backend. + +| Parameter | Type | Description | +| -------------------- | ---------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| `gcs.bucket` | `Required` | Name of Bucket. If the bucket does not exist yet, it will be created in the default location (US). It is not possible at the moment for Stash to create a new bucket in a different location, so you need to create it using Google cloud console. | +| `gcs.prefix` | `Optional` | Path prefix inside the bucket where backed up data will be stored. | +| `gcs.maxConnections` | `Optional` | Maximum number of parallel connections to use for uploading backup data. By default, Stash will use maximum 5 parallel connections. | + +Below, the YAML of a sample `Repository` crd that uses a GCS bucket as a backend. + +```yaml +apiVersion: stash.appscode.com/v1alpha1 +kind: Repository +metadata: + name: gcs-repo + namespace: demo +spec: + backend: + gcs: + bucket: stash-backup + prefix: /demo/deployment/my-deploy + storageSecretName: gcs-secret +``` + +Create the `Repository` we have shown above using the following command, + +```bash +$ kubectl apply -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/guides/backends/gcs/examples/gcs.yaml +repository/gcs-repo created +``` + +Now, we are ready to use this backend to backup our desired data using Stash. + +## Next Steps + +- Learn how to use Stash to backup workloads data from [here](/docs/guides/workloads/overview/index.md). +- Learn how to use Stash to backup databases from [here](/docs/guides/addons/overview/index.md). +- Learn how to use Stash to backup stand-alone PVC from [here](/docs/guides/volumes/overview/index.md). diff --git a/docs/guides/backends/local/examples/awsElasticBolckStore.yaml b/docs/guides/backends/local/examples/awsElasticBolckStore.yaml new file mode 100644 index 0000000..b561256 --- /dev/null +++ b/docs/guides/backends/local/examples/awsElasticBolckStore.yaml @@ -0,0 +1,13 @@ +apiVersion: stash.appscode.com/v1alpha1 +kind: Repository +metadata: + name: local-repo-with-awsebs + namespace: demo +spec: + backend: + local: + mountPath: /safe/data + awsElasticBlockStore: # This AWS EBS volume must already exist. + volumeID: + fsType: ext4 + storageSecretName: local-secret diff --git a/docs/guides/backends/local/examples/azureDisk.yaml b/docs/guides/backends/local/examples/azureDisk.yaml new file mode 100644 index 0000000..fb4a839 --- /dev/null +++ b/docs/guides/backends/local/examples/azureDisk.yaml @@ -0,0 +1,13 @@ +apiVersion: stash.appscode.com/v1alpha1 +kind: Repository +metadata: + name: local-repo-with-azuredisk + namespace: demo +spec: + backend: + local: + mountPath: /safe/data + azureDisk: + diskName: stash.vhd + diskURI: https://someaccount.blob.microsoft.net/vhds/stash.vhd + storageSecretName: local-secret diff --git a/docs/guides/backends/local/examples/emptyDir.yaml b/docs/guides/backends/local/examples/emptyDir.yaml new file mode 100644 index 0000000..cac13c8 --- /dev/null +++ b/docs/guides/backends/local/examples/emptyDir.yaml @@ -0,0 +1,11 @@ +apiVersion: stash.appscode.com/v1alpha1 +kind: Repository +metadata: + name: local-repo-with-emptydir + namespace: demo +spec: + backend: + local: + mountPath: /safe/data + emptyDir: {} + storageSecretName: local-secret diff --git a/docs/guides/backends/local/examples/gcePersistentDisk.yaml b/docs/guides/backends/local/examples/gcePersistentDisk.yaml new file mode 100644 index 0000000..9409337 --- /dev/null +++ b/docs/guides/backends/local/examples/gcePersistentDisk.yaml @@ -0,0 +1,13 @@ +apiVersion: stash.appscode.com/v1alpha1 +kind: Repository +metadata: + name: local-repo-with-gcepersistentdisk + namespace: demo +spec: + backend: + local: + mountPath: /safe/data + gcePersistentDisk: + pdName: stash-repo + fsType: ext4 + storageSecretName: local-secret diff --git a/docs/guides/backends/local/examples/hostPath.yaml b/docs/guides/backends/local/examples/hostPath.yaml new file mode 100644 index 0000000..aad9716 --- /dev/null +++ b/docs/guides/backends/local/examples/hostPath.yaml @@ -0,0 +1,12 @@ +apiVersion: stash.appscode.com/v1alpha1 +kind: Repository +metadata: + name: local-repo-with-hostpath + namespace: demo +spec: + backend: + local: + mountPath: /safe/data + hostPath: + path: /data/stash-test/repo + storageSecretName: local-secret diff --git a/docs/guides/backends/local/examples/nfs.yaml b/docs/guides/backends/local/examples/nfs.yaml new file mode 100644 index 0000000..5d2bdb5 --- /dev/null +++ b/docs/guides/backends/local/examples/nfs.yaml @@ -0,0 +1,13 @@ +apiVersion: stash.appscode.com/v1alpha1 +kind: Repository +metadata: + name: local-repo-with-nfs + namespace: demo +spec: + backend: + local: + mountPath: /safe/data + nfs: + server: "nfs-service.storage.svc.cluster.local" # use you own NFS server address + path: "/" # this path is relative to "/exports" path of NFS server + storageSecretName: local-secret diff --git a/docs/guides/backends/local/examples/pvc.yaml b/docs/guides/backends/local/examples/pvc.yaml new file mode 100644 index 0000000..aa1d9f3 --- /dev/null +++ b/docs/guides/backends/local/examples/pvc.yaml @@ -0,0 +1,12 @@ +apiVersion: stash.appscode.com/v1alpha1 +kind: Repository +metadata: + name: local-repo-with-pvc + namespace: demo +spec: + backend: + local: + mountPath: /safe/data + persistentVolumeClaim: + claimName: repo-pvc + storageSecretName: local-secret diff --git a/docs/guides/backends/local/examples/storageOS.yaml b/docs/guides/backends/local/examples/storageOS.yaml new file mode 100644 index 0000000..2905a5c --- /dev/null +++ b/docs/guides/backends/local/examples/storageOS.yaml @@ -0,0 +1,13 @@ +apiVersion: stash.appscode.com/v1alpha1 +kind: Repository +metadata: + name: local-repo-with-storageos + namespace: demo +spec: + backend: + local: + mountPath: /safe/data + storageos: + volumeName: stash-vol01 # The `stash-vol01` volume must already exist within StorageOS in the `demo` namespace. + fsType: ext4 + storageSecretName: local-secret diff --git a/docs/guides/backends/local/index.md b/docs/guides/backends/local/index.md new file mode 100644 index 0000000..4e47034 --- /dev/null +++ b/docs/guides/backends/local/index.md @@ -0,0 +1,277 @@ +--- +title: Local Backend | Stash +description: Configure Stash to Use Local Backend. +menu: + docs_{{ .version }}: + identifier: backend-local + name: Kubernetes Volumes + parent: backend + weight: 20 +product_name: kubestash +menu_name: docs_{{ .version }} +section_menu_id: guides +--- + +# Local Backend + +`Local` backend refers to a local path inside `stash` sidecar container. Any Kubernetes supported [persistent volume](https://kubernetes.io/docs/concepts/storage/volumes/) such as [PersistentVolumeClaim](https://kubernetes.io/docs/concepts/storage/volumes/#persistentvolumeclaim), [HostPath](https://kubernetes.io/docs/concepts/storage/volumes/#hostpath), [EmptyDir](https://kubernetes.io/docs/concepts/storage/volumes/#emptydir) (for testing only), [NFS](https://kubernetes.io/docs/concepts/storage/volumes/#nfs), [gcePersistentDisk](https://kubernetes.io/docs/concepts/storage/volumes/#gcepersistentdisk) etc. can be used as local backend. + +In order to use Kubernetes volumes as backend, you have to create a `Secret` and a `Repository` object pointing to the desired volume. + +### Create Storage Secret + +To configure storage secret for local backend, following secret keys are needed: + +| Key | Type | Description | +| ----------------- | ---------- | ---------------------------------------------------------- | +| `RESTIC_PASSWORD` | `Required` | Password that will be used to encrypt the backup snapshots | + +Create storage secret as below, + +```bash +$ echo -n 'changeit' > RESTIC_PASSWORD +$ kubectl create secret generic -n demo local-secret --from-file=./RESTIC_PASSWORD +secret/local-secret created +``` + +### Create Repository + +Now, you have to create a `Repository` crd that uses Kubernetes volume as a backend. You have to provide the storage secret that we have created earlier in `spec.backend.storageSecretName` field. + +Following parameters are available for `Local` backend. + +| Parameter | Type | Description | +| -------------------- | ---------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| `local.mountPath` | `Required` | Path where this volume will be mounted inside the sidecar container. Example: `/safe/data`.
    We have put `stash` binary in the root directory. Hence, you can not use `/stash` or `/stash/*` as `local.mountPath` | +| `local.subPath` | `Optional` | Sub-path inside the referenced volume where the backed up snapshot will be stored instead of its root. | +| `local.VolumeSource` | `Required` | Any Kubernetes volume. Can be specified inlined. Example: `hostPath`. | + +Here, we are going to show some sample `Repository` crds that uses different Kubernetes volume as a backend. + +##### HostPath volume as Backend + +Below, the YAML of a sample `Repository` crd that uses a `hostPath` volume as a backend. + +```yaml +apiVersion: stash.appscode.com/v1alpha1 +kind: Repository +metadata: + name: local-repo-with-hostpath + namespace: demo +spec: + backend: + local: + mountPath: /safe/data + hostPath: + path: /data/stash-test/repo + storageSecretName: local-secret +``` + +Create the `Repository` we have shown above using the following command, + +```bash +$ kubectl apply -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/guides/backends/local/examples/hostPath.yaml +repository/local-repo-with-hostpath created +``` + +>Note that by default, Stash runs as `non-root` user. `hostPath` volume is writable only for `root` user. So, in order to use `hostPath` volume as backend, either you have to run Stash as `root` user using securityContext or you have to change the permission of the `hostPath` to make it writable for `non-root` users. + +##### PersistentVolumeClaim as Backend + +Below, the YAML of a sample `Repository` crd that uses a `PersistentVolumeClaim` as a backend. + +```yaml +apiVersion: stash.appscode.com/v1alpha1 +kind: Repository +metadata: + name: local-repo-with-pvc + namespace: demo +spec: + backend: + local: + mountPath: /safe/data + persistentVolumeClaim: + claimName: repo-pvc + storageSecretName: local-secret +``` + +Create the `Repository` we have shown above using the following command, + +```bash +$ kubectl apply -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/guides/backends/local/examples/pvc.yaml +repository/local-repo-with-pvc created +``` + +##### NFS volume as Backend + +Below, the YAML of a sample `Repository` crd that uses an `NFS` volume as a backend. + +```yaml +apiVersion: stash.appscode.com/v1alpha1 +kind: Repository +metadata: + name: local-repo-with-nfs + namespace: demo +spec: + backend: + local: + mountPath: /safe/data + nfs: + server: "nfs-service.storage.svc.cluster.local" # use you own NFS server address + path: "/" # this path is relative to "/exports" path of NFS server + storageSecretName: local-secret +``` + +Create the `Repository` we have shown above using the following command, + +```bash +$ kubectl apply -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/guides/backends/local/examples/nfs.yaml +repository/local-repo-with-nfs created +``` + +>For NFS backend, Stash may have to run the network volume accessor deployments in privileged mode to provide Snapshot listing facility. In this case, please configure network volume accessors by following the instruction [here](/docs/setup/install/troubleshooting/index.md#configuring-network-volume-accessor). + +##### GCE PersitentDisk as Backend + +Below, the YAML of a sample `Repository` crd that uses a [gcePersistentDisk](https://kubernetes.io/docs/concepts/storage/volumes/#gcepersistentdisk) as a backend. + +```yaml +apiVersion: stash.appscode.com/v1alpha1 +kind: Repository +metadata: + name: local-repo-with-gcepersistentdisk + namespace: demo +spec: + backend: + local: + mountPath: /safe/data + gcePersistentDisk: + pdName: stash-repo + fsType: ext4 + storageSecretName: local-secret +``` + +Create the `Repository` we have shown above using the following command, + +```bash +$ kubectl apply -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/guides/backends/local/examples/gcePersistentDisk.yaml +repository/local-repo-with-gcepersistentdisk created +``` + +>In order to use `gcePersistentDisk` volume as backend, the node where stash container is running must be a GCE VM and the VM must be in same GCE project and zone as the Persistent Disk. + +##### AWS EBS volume as Backend + +Below, the YAML of a sample `Repository` crd that uses an [awsElasticBlockStore](https://kubernetes.io/docs/concepts/storage/volumes/#awselasticblockstore) as a backend. + +```yaml +apiVersion: stash.appscode.com/v1alpha1 +kind: Repository +metadata: + name: local-repo-with-awsebs + namespace: demo +spec: + backend: + local: + mountPath: /safe/data + awsElasticBlockStore: # This AWS EBS volume must already exist. + volumeID: + fsType: ext4 + storageSecretName: local-secret +``` + +Create the `Repository` we have shown above using the following command, + +```bash +$ kubectl apply -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/guides/backends/local/examples/awsElasticBlockStore.yaml +repository/local-repo-with-awsebs created +``` + +>In order to use `awsElasticBlockStore` volume as backend, the pod where stash container is running must be running on an AWS EC2 instance and the instance must be in the same region and availability-zone as the EBS volume. + +##### Azure Disk as Backend + +Below, the YAML of a sample `Repository` crd that uses an [azureDisk](https://kubernetes.io/docs/concepts/storage/volumes/#azuredisk) as a backend. + +```yaml +apiVersion: stash.appscode.com/v1alpha1 +kind: Repository +metadata: + name: local-repo-with-azuredisk + namespace: demo +spec: + backend: + local: + mountPath: /safe/data + azureDisk: + diskName: stash.vhd + diskURI: https://someaccount.blob.microsoft.net/vhds/stash.vhd + storageSecretName: local-secret +``` + +Create the `Repository` we have shown above using the following command, + +```bash +$ kubectl apply -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/guides/backends/local/examples/azureDisk.yaml +repository/local-repo-with-azuredisk created +``` + +##### StorageOS as Backend + +Below, the YAML of a sample `Repository` crd that uses a [storageOS](https://kubernetes.io/docs/concepts/storage/volumes/#storageos) volume as a backend. + +```yaml +apiVersion: stash.appscode.com/v1alpha1 +kind: Repository +metadata: + name: local-repo-with-storageos + namespace: demo +spec: + backend: + local: + mountPath: /safe/data + storageos: + volumeName: stash-vol01 # The `stash-vol01` volume must already exist within StorageOS in the `demo` namespace. + fsType: ext4 + storageSecretName: local-secret +``` + +Create the `Repository` we have shown above using the following command, + +```bash +$ kubectl apply -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/guides/backends/local/examples/storageOS.yaml +repository/local-repo-with-storageos created +``` + +##### EmptyDir volume as Backend + +Below, the YAML of a sample `Repository` crd that uses an [emptyDir](https://kubernetes.io/docs/concepts/storage/volumes/#emptydir) as a backend. + +```yaml +apiVersion: stash.appscode.com/v1alpha1 +kind: Repository +metadata: + name: local-repo-with-emptydir + namespace: demo +spec: + backend: + local: + mountPath: /safe/data + emptyDir: {} + storageSecretName: local-secret +``` + +Create the `Repository` we have shown above using the following command, + +```bash +$ kubectl apply -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/guides/backends/local/examples/emptyDir.yaml +repository/local-repo-with-emptydir created +``` + +>**Warning:** Data of an `emptyDir` volume is not persistent. If you delete the pod that runs the respective stash container, you will lose all the backed up data. You should use this kind of volumes only to test backup process. + +## Next Steps + +- Learn how to use Stash to backup workloads data from [here](/docs/guides/workloads/overview/index.md). +- Learn how to use Stash to backup databases from [here](/docs/guides/addons/overview/index.md). +- Learn how to use Stash to backup stand-alone PVC from [here](/docs/guides/volumes/overview/index.md). diff --git a/docs/guides/backends/overview/images/backend_overview.svg b/docs/guides/backends/overview/images/backend_overview.svg new file mode 100644 index 0000000..7106b39 --- /dev/null +++ b/docs/guides/backends/overview/images/backend_overview.svg @@ -0,0 +1,527 @@ + + + + + + image/svg+xml + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/guides/backends/overview/images/s3_repository.png b/docs/guides/backends/overview/images/s3_repository.png new file mode 100644 index 0000000000000000000000000000000000000000..47cdab9c970998ac1f62f2cde47ffe53bc637173 GIT binary patch literal 39014 zcmeFXWl)?;@HdJCNPs|ahXi+bPjF9gcXwFa3Bi4FPk`V-gS#yb!QEwX_eJjJFJ{Ky>+p|?Qm>H-kzrt9Udu>}E5pFNh=YNFBYuep{iN7g zwG#U4m7}y400suF=l3^k5(63$49r^?8S(e39+`*B-ad&}SvSwK#0i0@ae-gnP=>#d z=93A~L?aAVyF_AG10f^Z6(`{~MKb=F!!5(L?j^0P-F?JrDst7R{5pbsNv$)EKs5M1 zD8$)1!0;vet5=jAFQ`owZ^$@ay`xNcffdpXx$`(>9pD1!tsbyiRk#bUj+woD0SB92 zWi!isk4`+dG$j7-*g`aox`g@fuZ03Am;a6~|A5nnlc)CwEa>9{u= z2!oG`PpCzD5Bu70!npRa!>0K&k#)QMDF6-@?nzK&Ne>vWn z*nk-@ZQ)y_nhr55K&Ktkcidu_F z2Eocxzn!ZTSi3POQ~kTEMnyVNYZ}B3Lr!IZvx++YfeO~Y1j{*)CKLB~%D1ZfOIR5fY@xWJ~jGDZ`%Bhc4Uh3{Xk>bXmJ(UOzT z5}VjFCyT<2DfwaUefvE}THsRv_It#jZ^wJ~e(hvAt7PjKGQ4fg#}gy*VbTZ&VCvTM8Kk6}LHDt>;^J*;;D*p3knD}RYZiB#uL57^w*fDVT z=GDg4-RYgr(M)~6Ew=&3_>xa53kpE*(_BtC6mM2R|pPj zKj(`U)b5hEeIV0Hd^c1x>-3E4+3tgPWeSp8>#dpOq)+)x3NvoLPBll%g%DIsFgbGg$s++e|B)d<2tos(#wq4Lz zB=K8aT}^z)_7rd5yqr>_xqEn$goxmf2zTpCAsufJ`wOmA3rm?#UI9x~FJ>TSEl$i4 z^Cn*BD^rx*ipQf%JuqZD*=xPOo=BH{67cGqd*VSHoyi*jc9Qg?1_u@fRY` z-6d+J3#NKZU=whg>`YdRR(39!{JBF$8F5wIC;|*Pk99W^&8b6SwD;O(PCgM*+DmG= zxqXM0;T`WMr}G*#a*VzL4$94_N|*c1a=ufEXcO{-pNLwp&U-3c5^_k{Pk z^c|aD!)kBw7PHF_UlkcTEbhBB&%(6!W4^vldXY~tqk`^*(JfgtcVD~YipPd;$CuL< zIXnniR5Q1Gvn=|5oGJ&$zmP&Qk3Jr3&5G{uOl|{wc71&uS{AP7d6KO-cjmOaMwfi# zTJx+6lRJ`M=wkF#iSL!V_N&l<6=I4i=cTuH6~vX;^r$J|Zu*pJA63a!J$a0BC}^{m z?H@tK!JMd~tze24**$(Ih{Fvd;RENAmclB{UFjetW6xl*_qfFfmzJL<;ZWautqN5zh)2; z-12h<&PFnS)P-lOqh$}}^&sbppcQOM0c5%^H?co0X*tukB;L!Lu8@wotP&)X78NuM zD#?GqOEz^wQ>zJX2kCs@g@M@Bv$v}S_HKi>s(KJvoN~ZFvXWX<_P-5UbgWmh3FR@M zgVMh4Fe&FSuSAC~ zTX=%=Qlv8j{z| z`6l@E!=JiUMFqahbTOT)rL`t;G8rEjy4<(?x*#l@;Xd{GVbb7k%L9j0jx*d>lEY+Q z4|Vqi@jX_Jy81;eonAj=?TrMEnx^+k@6ulDT+Sn&FuxygGTVMh$d{i3@r!VC;dPDI z5yZ!3mlMo3`Q5?*B*Gc~iZ1#QhzGqm<1?b^2m2NNf~+lR$>GJb@9DE^ZtQrEhKhh8lCH$|@N<4h8wKY4 zZ8Y{ua|PCQZUW;HiF{_6s6u1pjl7;FcO%{bX$;Nek@4ON_0tE3+Bo7Pnj13a>&63( zjZ}ivg>d=MSFFIyscmDAFF7jP7FynL6Dqa_{DN@1lZEI*em4RuzBhXMp4&;>nkK)B zyAoO)yM_;ufc=k>><(sbU#(AM)DzP^PTP(JiS6D#UhDLGcD!fzb33Lr=_O#eAd@C{ zUtnUC3(j0huyujYw2(N~DpB6hf<)^K_%QJz{#C5Y?Y|nj-ls zsaKw=xF4W{zKIc6Um1(usJHaFXX7+l&>qhu)yC#m9=9o~VrOqUE`Q&!Sf%;S=#+kU zeM>2vncZ`a$^mgpJaaB4V>RSLpk?L{b+tra>EG|I#_qq9! z>cFR>YCZ}J3x4btGO=IJ3Qh3zO$}cn*)IFhhx6EU0otNm zAtHm9z-e(>LKoWfc)YeO8)sw8%3dlteMvv>yUR&ezbtE0JvJ#Yd$Avg-*(qsc(+-d zbAIk_zxjaVzi}kS7L_3otgpipe_LiO++xW{lu_>r?hNGM#GrtV^)z(gUY z!e@w3|8c78mh2(y`F^|oqBRkIi@3=BNA_c)S;Z4eVW`sf_A28>yB~j$ck80&eP}El zQU~g>n9s+lltz*CzKBAaIFAQkeUCenCR3qN2i(UngnG5J_t)GJFtkQjr8akA+_(}r?6gLy`O<7vNB$SA8Rp@zW^t3n);n0Q#PpUJ%R%SJ2Eb)P(Q#Oq69a?vVwPghhlK`Q(O2)NozF1t-(-pYr8j zI_RY;`^79-GbDue{F;6-$A3Dfk;{w-Bg}Jv{FsmK6i3js;!Vkyn!QF*f4ZUYlZ!dz zEGuXTLaiNsmN9ThhD>Jn2{k%!0-1%W4WyF~e3VeTJX&q)$ejl$`z5D(k!1-JN#t|e{k{T1?W4g&I)aF7E6A^<*`W=1~k zMNPG+(nsP3SOH1jmgT23?c^1a)dd$eZ7J8c9dUl}8n}_7sf|du9(Rc91ms!haQoKF zfJH3awcrSRwKb>!qeqCtnzpzdA5s#VJ+4zO(&jBGDo6$IyUETX_v$e$VEKF4ti@S) zolpyrP8;~Z2&KJI!E5K^2048PfOgrG1+`QMvx$7z%R|F&CO1z@%RK3mW=WhYM5_`{ zeFGA9CfZ%H5dlR(}K}mb_PnU&y`d!w5+%e+>+1PKMfO3X3;s} zbtkt4HC=c`#7-orwLI;;+JRttcz!goX=S%ExIGMO!)F&j!=;l%9`P*K|pp`U#09t%|byvCezgYI0tP@Qnr` z=`E)fq4}zz$XIDCBZi|YaLvZOVZq}`pkB_EHSbJSZ<&wt5W4&%3K4mdc;)?-X zmPli~9uCKts5$C8Gn&1fj1W+J#50&lDH32y$G>a>$56i!UG7wzwJ~LZ+@1jEG43{I zhUL!Z0DarjV_~�sWR=r3$^;>lDm^wy@V(XK+{UUlAY~hT!Z} zWoI;f!@)}07~HHv-qBGZwgB{w0HOO0iz#b%!`if>W>kfcUwk(P^LONz0zK}Y{tYul zd_G}f*ZP7BwRf{Kvw$AoCCE+f!v;j}|)gA8=;&uhbd??FA$}u{*v3Sxb!l#3%p*0fc8kGQ-Bmz`KWb|yaoUy)d z3R1TxO;oVfK9WzGhbEdQ=EtT)R{bMs$hh0;7##Tm73j!UX!OFJLX9bH*Q)C>$)p@- za~??W70M#VMX8pOJ>neXIOY&*j}tK(7I0&Og-_r}{Jd|-7-BES z&uGxc(^&u0{nCo_Ut;LKd#5j9bfk8K4Nbg)GqOf6ws5nJua9enn^@xMQi56S)qOmG zx>6d+ifC#nU+(8$5Xc;-bO_LK`RoXejc#1DoULoENQZA;3Gj1sB#re47zufl`tJ&6 zL{X-`ZI9QOaXi!JRnr{pTK1z}oeWCB`s`i{al_`QuT^?40^w^`axqa|t!r!KH0r2=-inzz(-2XN(7BnkAr|xnEkegHG4KK>fez&uy?Ft6(Y=? zOM=~zOL;k8xRG9*O}{6xvWF@enZms-hLksiYWtnCHUy;jn0mGqoBGfTJ`{EgP;xWB zkRLVhyhN%=`{l^L6W(5ZiJtSzX#&+xMd$3|hRbIYy%u8j4V*RU>8VKtK_^~I5JK{} znLcU}uqAB2^=dZ{ov@f-)F;+}=y5tFPaZmSGHU{9&dw9AN;3Ct^t7^`Rs()lJUHc4 z=E}(v#>4p5%tyfb_h{0lBkh!W=O<~|m3eEnrG;-`b$PYAjdDFIpL;=*p^9Eb#jAcr z`>2t^#ne`sJZ*jho7*Flz4)|ttRz2vcA;>iywZ5XnZ>W)ncJSVZrP1M&EP9QP+WZW zsTX0z`x#&9(2n&L^Uqe0LyAtt8rieqar?6X7LDQ-lF04*#j+`I?>5K8^mzQMpbd}p zz!#*E#YTEY6ptx(JqqN3AGC5wCTs_r>lu~qQ7 zgykOBBW7IJeHK~}k6M+IX-#9pqZdk?A;ro_BgG{PrDr)JJapz^Gpp9JbB`u_g0S&l zAI%PSv@(^Cb5VL*y@P-$D!iu9(5*L+q4{)(HDVb`(i)gi>KNA9oQYCiF<9s%QY-- zESfko!g*qX-br>q81BDPw!1DinTH$@X=eTs-++cc9cF*U^ z41<$2Ji=^b<@A~vCMRVBOW)ddXGVmCG2fxW5_2>Qd=-S}xDHm`vs!VUDd3RAG?t&r zEH-Z^I`y2p+oKb{B=`mrlZe!r@R;*o!zWQe{8dv6FTdL#wo5p3RG!-d27j35QztH( z{kULi;#`u}?X7gCAB=tqDEaw0_#m_8qYIS~U}2w-6gCRDNM$VseGL=e- z_Hnv3bRaLvV?s{_gQ2=|61+?<7uyfhxs_N`crEr z0EQG#Dsu45WnbB0LEC1Iz)=S-8@|!!<5mG^v%vBI;-h-<9>uAb<~y zXgw9J%)31b$Dg^=%L1D(3AUujaB$zt-}rbce3r)jyMruG@=T`j-stAiCYoVwx{Ok^ z$zIa+J7-=^{*_^(oJP&-bt_pRSXM%rU1EuyqgR5s$W`}f2cwvZRX!GUr6us1Oy>^BN<1w3zO?gO>lJ{Ea8eKtTcg1Xk zGLCZ|&hm`#6)s^;Rg43t)mxL8)Q4Zb9J}pY$C5vbIy#-dMVeH~HkNV2&>V@vpGuO* zTW0imW&{AD7`;2jKY#q5xE$JgnKrST`TbO$#FM-RE3z(YAJ1~^p73sM;!nVibZu9<=A~X0q5a? z`OtbETExz#l8wmtC;3L2?DVW8#$jQ(U^3#WaX~@qY@~yGOag*&mh@Oa?1iyJrS(y^ zKoi@$o%4}eTYm-9>*yT`Fao=ZUGz1(O&W`T+hMrdaaGniw?>lga!NXbRQOw6BrPE6PA7G1TQ2{%w2!INx`d z`E@gUeCG5VN@Ye@)!;j&re794zVf6#QAy>7)9JO7tUG=c=}G?DW9WV^=@;S&bMCYN zid_@@e5&(Yl_s!?!IHNmbiX}ly%=r}c?wY+iZh{xtoc`v z2TPHkZzB|rGtD2p^EGYhqWA}ndR5vB3+yHKv4VN~23og&^A_J6fB(6K1ktm0S`7mM z?#=zeM~Aeq{;QF0Z@xays;(XlNM8-BgumRI-}B>7wS8v|1DZZkW!|f?*RCrskG&2V zDzPljFDYKc5DD~a8bomcTbHL}i^dZ#gL3J%`08z(^R=nC3Y z@u-ZR`N#FidD`3{H8tOiJ_1OBIcM2>rG9S*I-F~3^=Q-^>EZnRFIfI!PgY`3RE(qK zFDw{es*t5p!Lc8R%~!Cb>+y6ajV>m>m2UEIU~pz(F6o8;o6tlI_S^8E0pPvDpx5&_ zYvEzKpq#XDFpWs~CF^e`<&)5fHpLX((^k6x{)HZS7_Oin(F*^&Y`pZx02h)^2>$_2 zpW*Tk!r&zE!A9wPTG1xO zBDlXeAGrkVgzE>`|42vtM;7Ci-0y$k{707#N*Dfr=mJp#ar2?ERpweGOPl35vH~?0 zcSiK_a`Pk`^^P3+#}2ZWYZrIqLa6_;*(g&BMIxC}h9qQUUe%$INJ~pw9!#&g_&~vs zc9Dthe>D8N^s3q{Z&b5*ba^m~esgz`Sz2NptFWZX8LaSUL*nGcdfsoTsHv5;wHLB8 z8t7>MQ-`$mEX;s;%_lv*0!jXncI&gWyn+e2$QvWJ$j=CbXxZO$|hH^#rqbxFy2lh!|3OnoYOh*u>FsctTfD!b&jTfCL@YLK}-L) z0Rxsjh7H$?b|RM*A~Bb5#O(?Fb+0d^(ck~W;#L7b4USTUR+N1j1?V&KMJ7-breZ8~ z+_KDjwbu6WBt_EeB{@%v%xV_d-n&1GFC~%#hw-B&8O;HapWn5w#?FG9k^dlmzg-FB zvj<~!u`|-3Th6f9FdjBj9eePPwY5$b9P;;-gacEbtttJBc!1XN|B6<;Jcc{8L_FqiFTg?I6!kmh zBEsTEnhFFs*cN?<$ejH@t_U?=jdFzy%X*2h7lzzv+N#l8C|q;u4u1_j{(5pp$;hUZ zwXlwGU=Cz{lJ)UW?%2FuuknFg!x0w+5=`+|^Qi5Vw8 zYx>BokMM)hJ=3&0MVfqpIYY|d-R4^v@QV@(xY_DNzl?-2TXm(@@x-En@`#e_>)-cNP{i0G73s=dVvnH#Z(btrPT%vo=|k!n0K$ z&gh;de2U)V?p+8P+32vllH_l!{hxtx@!k8ao*e48Hv{0C(5!M?7^u3Sp-sYB$iT01 zoAS@E8J{1UZAS&9WpH|26e#U(;RUaIIFF^HBIX*JV!RUjXy2KgPFrFA+s5F`)btH5 zU;7VEK6ZkxW3`2jpukkD3%uT3xK?Sq+sdIU2~16Vk4i=ye6U99*7}UxTxVzTbYfuc zrEU5l-=4t0#9mUIo9PdK&La&*Lk`xZ@li}gtmpSWBf=vJ3j@J|$xL?~5?pMk{?1%v z4|@vgZRg%IE$x9Cq_Tk}dW<^fG@0e?r;ney3A}FLxDASYYa*XLow3D2S4U#&^_RQym808j{RA&-87 z`_V2}N1iz&RHB2k9@g4~cn48UPJLJad@Oh_@8>S_S<7QGyWkQ%+Z8NXZ|1EkstQD7 z5UZ01HqCQ&SQ^ViT5eCp*(ESoFjKRq83kNpJBIK!f|jA)vK23PK?(rzzKZk2$_R=XV=8MvJMsp4j zuDps0*TnQTy^}L?+WT3yn*@w) z(~Es3)$v#>CBGC%-%?*04b4O>`AmB=N~Q5@`*{0Fzp+6)+>4`ex{6^CeSG0vyZW`~1gyr&w8od07-oH(Jj|m38ZD339qG^-vX(O~7UwdUoRBGEd-H0- zImV?FM(=FjJ1{zL#)H!Co=IeH#Fyjm|S=nJhK;rYP3~1MI-Hw6K7%yL0 za65>EMe1R{>7M)a$gETIN1^?-WqR?J%L zZEMWwBFwB~5oEkHv^ae1u2SyVsb4kIdF4XF#l|_!81E+pqxi|>sLw7437{h@UsN_g zT2M{5#7|^xPvnM(t`w-^?Q!!M^veOeem)OhQ1G?QIHaYy^o6oy{P+($w5)$6H9f%$ ztE{GmgMfe_zGy2hCADc|KB$?GZ{tnDrDBBrQo$QVql!|4)|wT7CnO$G8zEF7Z_*{k zaa+%~YPJuLm3C1`ZfzXG;omu1l;vVh1`r{bA#}65<&bbOJM8KF=13b~H3@ptO*hkC z88*w)GE|LFlgeg;HsluUzoj*KU|V!&x0KG7T25>_)=8+$j+pS$g-AFeF+J#z@1-6R zy882F1vFWFwpCD^`O_3lbdKp{4?~T zwPfX7B!V80o9HiC38MF-r$P=1Q0~S=P|fd7R?Pq_@9S`;4Uf{hPLW7AsD5{XswQd^!OxY!IFT!T3np)FSW?F(v6^9Nx>3LGxpHIs5s9{c zLaloWXX0Y(w5ANuf$Bkn*JE&SZ9SzH`8UQ49gRB#a7?Kgwa^ANdm{Gyf$gV{l@mZK zeZ(MG6WYo~T&`K7V)e%rY4pc~SgmKs_ah7hOlTmQ&kRR!u(H|`>xh&)p_giur z|GqNyuwTA_b`;Ip8oX1nG)UjPfj}FOG>pXmbwu*`>4J*^c}bHL_7Un-B!0Fsq$s z_uq=~d=v0RV^A@25}t*oTk`aQFV-nE5%P;o|1NyAnJ%vvRf{9Tl)12jqDHAF7hU&H zBNBA`_Smzg0jfiDgT;3GIq1;P%=o{kr4FE=U}Ph^JjD%-1rQg0M{cu`orWEzoOQc& z4u6SH{IqF;D}I+Z9@c9Mn*02b_RUM(GU|oBz(oh_@Mb<@zs(7B3h6FBm1qO#V+o zzoY)Yfk)Vv@BbT(k<{I^dvE_SV4N#e9v$7?p@YyPptZP@oJJ&G}_luqI>j%ji?k4s*ZxT?t9z zoaDI!z$@;eOC7i)*!!hNI%c1CUPR}8Z+`Ev{H!M)Z_^WkdSdiuS{lI|xe&e;->h4* z0am-pKeo0I0__ASE-&9X>mvit;TgcNZq+T~b6UQ!ug_>{5sZi>Ffz#7D96B)){ukggfS|JA(8og=d>q@J^Z~X_p@C<4*CUvscB2BQ-5` zrA=qSj|G(tRO_LAGAs7z@EpKJT3V-14XtlBU6>~O)Rn-vDea-NUS#6J8$;l4p8 zN-35mHx!gK#4u*}wP8HCYU$1aB{fn0bYZSCeyO!LQA2H$OA3o9WialQmb`S0fluV3 zjQ*&kGfD(qMOnx${ss^+p3g{-AY4IL&CGjVKW(_^{@@>1jvt~Gjfm4oVW~ig&3@=a zzrDZQa~-m_w!R&x8LPIMq@Hn@>+roSGa zHCw%0GZ3V4o8hH)ZR&*xYxvUVZhws}d6qrwG0a&o8d_@~MJGod4H+29Z7}ZKtaK^y zh;y7NvIx}SD(_tzE0OdiTBW@>8CoJ988PqPfy zAGv}rgcQDy&2_Ly(&1Xjdlj|$C~uzSG##P{@~*F5w{$QU6iDJ!BJiBIng2N!K4b&R z=8a?1(u$IGiH8g-b7OmdyQRWC?l)9#rL(1oWd?s|s*=y)N#Z10TNx@bsOS}1r!zO# z^-CbI7ZF4#^kyGEwFWKKsp~OEZ``*CXb4xVdF~b z;j*Ent@yHaD>rkvbZetOuN{+u!^qgbc7~vpKSShyx>UeM4ZZgp?fO-c$3klPwgec? z(l@1v1cK>Ih+e(#CQ%aPt+z;MH6t5cdr!f{5lLsFQZ?RlQctZ^_xqrihWt{QBmesK zYXAx!GYqr@@l(>kggYbcdN&Vd>uAB%715lizn_x@a*ljD^)y_YvfNvRIv|baXV92I zl0=c#x~An475M`_ z#nC}qWI;4`@UVq3FpYE*TxI$mci@V96Q3*CsS2XmzDG+ch`nR`^{tKdi!rB(Kk+tCB4sf~`=vOVS6#=i78f-BB^TU|`{hEoAFRXZ#4o;w!9q-K3d^&vbw z%>$`-@~4{eQQsYpGN$xDq-4*+%~T8q34kkaHQJ5OR8*v$cj8*};JWm6m>Q@V1H4(9 z>804cJBdLwpBWr*9Cp0$`7Q{u4Fp5asu0S20SvV{hz@6HZu5O?;Iv*r4wE;>Bt&yl za}7GfQS-*oR#KZ&<;?on9=Z!nR^PX{nYKQ5Ou=Uf9@b}=$&9H3(n`z~KSufxR1f>j z#k4S0vbBdR{H{=I`n2a-&4m!MPlw8*g7P&Tj~C?M2ZMn*h32Ml`;{??5frr6P1-u)bg@z zE-J~Y)!Etsv$lQau*6oT`4TnFOW~mf_tl)WM{7;3$*Sy9REVYQg5L8@V`BGFRWBlO z4=H1bq!wb-wn)z6aIeR1(AaB0Rgk3DwzB&Q@BJ7z!O^+naN)Q|Qsmt>eReYW2Ea5Q z3o63`Lj%65Jr%JeYP1QE1u(Uq`%o)Fu{j~?b}gMmOcGe<#|4S;>X$}n(cfSP#qU(Y zGS`I)(V#6&2Xx~S3!ot?_(r^kY3O3K$-G(9&elm?cKnH&cE+f35aX`Wm)kkgTKM+i zPR_caV#KM6=j3JGrIzUoY24*JcfO^ zB$-bHIcz})1f8`4-HbMg^}rttxYc>{%~W=w`05ZX07oAOg%dFVH>#JoX@zlsAivMfET@K0IcTwE>yNETzko(U z0nB<$Fl$#{baZszq+&^<+sYew=d|l|>g_d-WNedHC1)@d5&jTn{q49{Viu#n0{!Z*K;V6c&kJLEOCflt~Q zm0>5?l&Xe|;0S8`3R-EM#7|`dMyVp<9vUTcy|WSo5bgz<7W?-tZdF-+ZM;aCax}3W3AZHwQPs5L3$P^#Lirif6L-#1HCMwP7D zoU$=!O-SnCZbmRYex}=k%G6W%9clC9?Dq;3cfqPg+R^2Xf@P^r+3F@@9MCgaPiuYBo`9O|k+eTuH?NeD%QPB!r; zw|oStcE2rOS2`dI*%=L|a>WE>6AX=iZarLV z&0wmqGqVA04iCuo;@WFb99WklDVGKd_#ZDk+Q3I665(R@jhep?Nucn)7+9@OQe&|r zw;Q}k%bpsZ%OuiqQPBM^kI#zb4&EGY;NW&?VVonmmUL_GOv2*G?90iL-9$Gd?wKmY zwLtVwrNQ)(C%!gj}od#%UwXLU3PUGG0ng!-3DC`MK zoe=JyB}5cZ|9mU;^sHg<;~@Nn<3`V`9g!>S;NW1G;rmhd^8H&NN5~tUOeH@*;ok6W z7Q1v^JsFAC_Oj+d`gh#fn#4W5A0(`S+1|6^mwzT*ByG& zm)s~0oq94DoRX(cBsM^5W;5a&*JcKX5)-%(C#Sfc`A#*z0mV;R zILFKS^qEOli2Jz{2-kB%*}jNOyfmcsM6tb!=U+d`rwV7>O(Jd#uD<_9^HA+}Lp8R# zO?(*^JP5p}Q$#RJ(m$-KivB`Jx@6CT>rHNzN6qTGBS<<{S?M4Jdu$GxxwpxUuWCe| zZ{s7gAR@7;5lZ$5g%9lx%o{)5Rj%Vj8lT?gJs@L_jcn>ZaoW7rbj&YE;IrZfw28#$ zpOYLqa@QQnCT=IRT2mmrR%)e+UpX@`Db@3kHtp}wq`%;f_t(11j(p%TSPMSvlJv*Z z>mm*9)(x*ITVYsEN^BhN0U10I)bxU|^z?Ac$V*6$S4OsQb<=S}M6yXUr849Af$`t= zk{YtGHR_l(aet?dRu0H<)fcPBfmX2!NLcXN~c064`Nl=GnjIH+A3Nrc{ zsL>av-PelgZp7?OcHWjL7)!vOd~YBxm2*_l&kaqAs1eeV`&hL3w$`0-`z~XEf!zOeh0;=YN6U=9=CsaO-eVKn z`##l7As>CknkNYdM^*QFZ22Ktz>p0K^_Q-_pilUPMqd;G-Y7c{X>8Vef>tLm_)APy zXv70?9sdDWSjAXcHv)hE!PVkL$HJD?$x zs-Y6g0=>R$Z=_K#T8{_k#UkDODYk>rw9UZ)3uE`T^LmM+a$IxrYXtL&kbGlUV4oS= zgnq|@hI%zy#TyGPg3&G??sA{t+F-Y1;-or>|GU+?YiiNis6%|p+X%~vz+)qfH zp9jX61%omsW)a<7$BgXP>HznhANiDM9}GzO0t!uER|vL$iKa;}lm$}C&~zxCjqI*l zP2OJlKl9Y&c*mTdJL~&xCp{i4)Y?eh*e~Bg&bJ@TL8vhHZF>bOs#?f+*8^+Ov&MUq z7jdO+bI=|r{|*%uiwg-gPP=MJ=S`d|F-c73rfeOti`1J!s}?d?or6Z&4gAt&ThAi|b5=R5AK?3CBv$7b;6{HE^gat9hJX})Rrb+gom6orp`9lH`K^H-2+ zNR4{PHg%dF5%V-!QIYrkk(s`$xnO!}x)q%gKVC9DK1*`cYdf;egT77tZ7X|;b9*NY z%MqT^^eS(N=)%K#LH&N&2VFzL>p5n-i*J+s-n48jdR4*fz|5W1Z8v&}&@0gM8Dh|) zjxcTqZA!ZQAw?RJ?1aFh&lc->;n$tdQd$)L8o1(0%VUrv!4UQ^&mTA@{vn6V8DL3z zk)1whv;C{Ugsi;1@ky7*t)_PH^Ud8_Q2DzLY;XSd0-zF(&k+cd5=1q)a&ob>fbtUb zzeZ>-xb5{t^PrO>NZ+kTV+%ebLz!Sv*2hw?U5wFndAz!m3(uSWG)uDmk;?!GxfCPb z(@(GqefaDxX?oVZ=wLQr<8TVfQD<##LCiI=nyh0GsvsM}fl!M^3~ek_ne5#zz$G(z zM10>?6Yr~gmv;~x^>k-;$!~lZzl$+5Mrr$`BJ`WwdoM@XKbe{>t;|)PNye zaaTIWrUDFNW;wMSCA-zjsEQK2Z20!N?D1;=H&n+q3DE>elrlhan@<`V8nbhfjg5__ z78W@XUZc_~1@cA{`7$(1en(PdRmQ!@Gk%vCc8hgpzo=4vwfp<$=H}jR=gSQHU#Y?P z3Hv?JA;-Jbn5}dRs__BCd9L|c$IsFWQ#o0zs&dT*ulGz&T4;T#+1=u9jG@j1 zq|D;K7Uh3^DfsN;mF@q8G5csehz+yTeoxPz@NS?1o0LzI7{)^hx_fkN5`XJ_`4)@R`?eiEa$WNMYJ>Qy26(Q9s9kLeLz zw|ximf2IHx#n6mw;0#<}X8iN_#NKdo9e06AmubV4pMWWSd?`##?u|{Cp`1RV6`X7 zrzR^U$@Rn0gOHG?;-$M7R5<*pu)utW7OdAoQ@=D`Z=&+2XLn{oC7K=~HuwKpu>b4! z(zPT%FtB54bGZ}z(TNn!Z?Pw2We^UXlpnt6IJ&4mb#hYU(8v$cn}Md8;96M2Q7J0M z6=Lh1h<{kICcPH5re0p?Ic;VTz(5s;ex1$T2#o(wkO!o=idMd^@ta5rKhoxWY}2VT zKabWLKJ@eQe`uR!ia#;!xyXw0DBsPVTH4OkmKhLyaM0R%%I7dqA$K6$^+OwS7&Md~ zqNq?hN*Xx#w^6FdE1L~ptTB1*!2F!Lkx+f3Jj3E2iC#CGo!FXVuioAo_*9Xkyu1|r z+rkRzyx(#K+1nZ4KK9Fh4upr5HI~P2CrcX`b3VV@8me%7HObx|#FMQ6DpA6(F;@yw z3sfXvytn7%c>bBxxQ-?AB}PS8kViKYRD@P#+Ef1}oe;S$g~NT?Et_F!(gT8p5oVzp zi_552bMU1rm{e$iH6Tm=b_mSK;&8q{YPh}iXhO9}e=QVCPXFd@YO189IrZNAc4ei; zeRk@H#(?jErsm6WqX>NqAGn1wKfO%ympmE zK83`mQG$s5_OVQIJst)XUF4BD#mxBWHa^Qg%>wXK^!q0Kv00C|N1`B$cr7(F*-onm zJzp*pE*S8om3Hb#&+@ZB9^g{G$o-ldF}+=z%0)^aaf^mGUSS||e{~>sa={^!_vLk| zdbL}q#ewQ#RaIhA=M3sRmhos|-?&am<(Iuu_bLZN>kl7nn5DU45~1A1fS#FhjF**- z`x%OJ4vK7KQ3u$rHoas^Zz`+uy`H&sh7`|(Em@PaM5K)$Mcm^(_2Y&cl0Ry7mhp&e zHXgZ#+L21j?6d_IqsqK~^EKpimolj@1SL5cUVOY%!~6IEhmzwPm8wQU^D%(>8Q^e| zlKg)$_ZC2L1>L$Rganr)I0Oq8TnBzvrI&-*>9sR87^cJ+pf+>DB97t50<=>+v zUc|iIY;6qLStUiGSB4>lI8_Mh#j1jX#D)d+9%WVxkr!exlL2`*u-R%X6hqeaJASPPe`O zVney{#VY$7dfwO%ZHy5~db9gbz?UY}-vKU)f{CNc`W->`@ZOAvVlUc9m$b37oK*@U8bkNXT{cRP+RS7lRqcU~jp$5f!#^!ge z0#CeNv7Cq`Fe=tLqvq)X9f)?f1}~f5w3?A9a9giw_sLVC>n?ON%7HTwx>EQ7imj=$=H@%k^s+ z$L8rvLyrq;huU?V?Q@u-YO|y_c6O#ygeI|d;bx1+m&OS`BZ>L5Z0n=xtZgQ&%8{$7 z!F5>n5P_ls#-)x#0b9dc7m1^^j&nVRKKC`upgRXRqX$LVa(^>6vimWvvfaLW2vv_a zR^IK|d$9)xw#axXk8C;X!*acn}5p+$O_Qn z)&sKKBb=`-UORHw&~kf~rOkuAPFLYwdR($c+sROg$HH6y+L~u4%Qk~&H`_7bpDue{ z?PLiPTCXk@1?~#dOENZ*ZEhGHP_Ji}L*Pl7p|h?S3sGX>!P*d)-f_d*Nbz z9gajY#d2DC*z6>Yk+w%7e7KN)`g057@o_r3$&}gx*NpWlh<@`j!t{n`K~oRTs}u~W&g9YG5(Cou8fs`u}^x`0T6>`h+Ddnw2{H;DxO6mo;$ zEk<>mGK1Est*iZWgqc~siZ<9aF6`>NDCzSm_XhL=UJGtWif**!)u z%8mNmPxgOZzZ$h!5l-Yj<+RyqI4H#%qm1aOZ0=cp3|fHSnXCjg6w`iKRu*?KK&q-E z!c&{d7JthpC7qb0F3Y8$r!;^`*mb_0EU~$4W7vs3q^mAuuz}Cv#rRs@3&^0V3Q*Ag zG#;U)#M(4Q_4?II^O(8l_2jp;37;ILqK-$DXkiDWf8j4gpm!ikxy-z%*{3fh<=`^0 zJH`<;3`VCAffb2KeT$)r{mx~y2mERuk$NIin!rI(5cnRt_T3X`l>Zt1*zM z0C5psd0Se#nF+tL&|PrUwPa^u`JuBc07hU6wKGo3CWtR9rpUA+$R4#s5{ZsZ>Om_6 zG^e?eBFXVle~s?HSb?>`cQD?cll7sj$d6YT{P6Y#gWrdV5vjFt5@(}D&ECtRTNlL2 zrrL-F$69v8Xf?a?^%3>DG3so9#fb}XJcZ;$;nw4)wth>?4<7`Wbr{|iWhS~!U~07s zfivEMw4+}y%RUIHpRG<604p(h0YWfZ>fKV&~APW*_lj**D^;J)Fs88qW0ISoj6im?Xh3PW>(@HKoKy4#K=O*!%;EyLGqd8s+g z$v0AiAyWHdTGliRQUheA@e`-!Af6sL9)I%}2w&qA6%`?o&J|18s!%`l*4O?$9*Mjk zSVaZ4gE@DB-(c?&ta4zZhgp`(&xEf0Cg|7oFE|^xlb>SZ;8rrdVaCn%+3|eeKg&lT zjk5hWpD!DgIP}LNMpUZ!Ul!`3--h?rnVQeu2EP(tasb?5M~&bAPNYc=|BMnU+*C+K zU@o-Vftgnq&i(qQX$}kHy)yBgG;!5@_hg&$d-5i#XzWoI$?sPEG3q9#RX5u83}z_4 z^|Ueau0aiF(+pm9PVbe2jP2hZey4$YE5HCuA^!9<(ankaBHb#V;NXYfQN_pciZ2Uz zZf%OLUJ>;=p7v297>kDOPGi^}4OTAM!05&G|p zBGdD5yZTm_@RYPhPVd0<^9nx`RdW}w%E5R^Ue=xx5jOoKVy2Fe;+s2m>h#VrTWF{e z0zt?ne2Nwe=kQ3uP#YF^I-=ZpiLomhRh1e0Xy^WBw3G(+vz2CIF?6u1^qhFG8R)8! z@oqZC3kVI|M~Wc{Alo^~@lkLYV_3}Y-aKRT7Oz8 zV_QzY9>j?esq`sx>5Ep+OfaH}Coa5J^ju}ooz(U?V<(qDNyJh~x!*$}3&JuSDS$@M zSu>G*C~&DF{@al+5d~4TjVRixARVh#B`1@$kf|e`VZn>tK8%B)p^uE_nqr5`6L1|c zg>eSRqkVefkST>!eL;6?f~B{xh9TdPl@%3HARc7XDhk*U?>RVNUP>T!=7A2T;(KFK z@m`Jh|5V3TP*Rdst>EhyKQsrbl>RXaDJ#r+KeQ}aWgsugrTX)2cxh?66U~hm>*Ymi zAx*xQzB&c8H7%JG9RjnY%a?6bKD>S)>X2 zD#IjOwx%vV0CFbF<_rE17R5UsV=95celw9siiZ{0146r}s1_`eKP$qnue_Dt%~G!% zwSRtnFA#%ZcKnEHE}tGgbKY-0{L_C&rjfm+gCmgV)y^D8*$EtbMM^4wtZ3At_gosZ zy}}qoe4yoI(uOW`2s^mKWH2nGt#7Z#6ZBGBkTgiK<*mdAl#>y%kWcj$;kj`v;jJH| zhvHu&)|xJU75YGLWI>6gKJ_|gK6(Em;?HiUu6BwEIx;dmSwCiJ6qlIjq|UzB4=?=j z%9=lh3?J$V(AG+9i~2$zboI?2aZ+Hb8JQgYp)%SzsQv$js={fo3Y&M z^El||_q4qr@O&h+B{aN9`zUr{E9)_cljAC3BolmV^b>}VBlZUwWAuVYZ_NDL0LhR= zS5Y%lAL@tjTi&Ul;)0T*tjeMQg&mjL63y=9gRxd|+<6gLMH=HA5k*j22ve7!4R&`* ztrCGmwzm}4Yf(e3sG@^~U-)1NLzr(;6kN5bHVd@hjM=s(+airl+C#p<=TlWgyDnX-RwSrThk4 zF@HzkO>XYc67le{UI>B)JhzdM;kPQyg;5I@y}!aH66eVUUwD4_P;5M|U&rb+DI}a|X{pg@fstLdJrdY~ z^JUPL<-VLUcr?2zKVT;;^c()Kcuh{QtRKN?9X8wQ!7Z^|H;I?fh$d8*E0u`qYG=0s z$o1tFeDYrTa8;e!_$@`>lKKzuugW!Lekl*1Vo161UC^`2pULaTpt6+Eo1G4(S3dk< z7rWq389z}}QJ;-!^QOiac?`Ir6rVd;b{c7CPpfBXdEi@Yjp?_GkCG?4`3^q&ZnA!9 z*}G2iGy1HDDzA+0^Cwa;5?oUS@T0;TXc6hCoBbdQ(7|H;-tP6CN<7Q`fg9D;QTrWA z#_uy$pSrvNl#zv|)||u;->}Wruu-b5Eb{{NDg)^^SNBx`$M|d?^W#Hpj;ai`@2d*7 zHU3~KZ@Vbsj>s)uWkyh4EZU79tf6^T|6%A9c|$0ZEnZHXb2x0QMVbFvU-gqJ#Jk1d z1qGFuVhuy6OaG5xl3K+O;Epq64I#h5#)4G=rJ$D<)ynR81RiOg5htsQ?eDG)QIS_~ zEmjV6M&ut7RnxutAU|-U!S0MpwEUYfadtn*XwzbcBB~b}{EOzbSx;#P~A% z9?9Pqp0d&r%3+O-Jxt%7oSgbcM)daX=@BATo?`KGIR8G(OV-V5;8g(9Y;M%?sNW| z1JtiHpB%xQkCgk4dGA%C-IjJ%S(#j)Y?oK=$XMmucKBsQm7d%pLSj4uGxb>1Roh9M69(yZrBypnsqI zcd6=7+rt+Wg$96j>g={i}O90?+?AdGSwP^siI>JQFhcbzsoldG)>2;6OyNuA|ah z@>b5&pP!E@R9#Gq3k%7(=OgQ$x~LsvdDv9!9R;B31_hU89rOS^SiGs9w^?jXdWC{} zVmGVn38Lk3@@_VOBPoR>4l)sn?Ok8P?+pyNRC-<=-j8b6Sc)ns{V8Nre72_|jM=h{ znC~fgEM6af{9r+wA@b10!X970LPieLfQ)nR z?(S+dTH~v#PD5tn;tq^YK$OilmkSVI945_AnsXzjB^uE7Cz3Wx_4P*j9-EN;0Fz=Y z=gZww`tB-Kn@K;y-+3SrUChV}P%<51?pj)DLR+6+J$`T& zZ)DV}-$sM7{Q-`Gh$6Drw*HH>*aN8UQ*c>wN5Ps+YicIy!0}dJZj{Q>_(Zf-!_qU z+CI;w8EUR#y72Z|Ui)e`J8@seHPq0yLbfOO-6q|;N5DxvdLj=^QIVlwt|f&tp+#0! z7R~;A@4dKb0SmgpB-x9XU4w}y*R;3GlaN@Sac^wT%l%cb>tlze&B8>cFoIf{R(CEO z{PAXGo%>NBMnk2}joi`luLEo5+dhw^ zwY*h+HKLR+J(fFTPj>E{dq^~*)kWN;pnI{N(*@B^x}m0b?7kb!iuo`w#P z< z(Uc<3+3RyQ=MNb4DUJBpRFfKP8c;ne6}!z3}2KB5_VSXjAPNQLaAT_HYRef8Ex@Z-f{k~6te9*t((B5o}A zPDN_-O0Zjb#2Vcg+Km5VGUQh4Gh~1A2caG^$E+^E9!x2X!|LfpttQ))LVXrdzJJS@ zj3zJ;I<~ z;1B+!#`uGrDbpQ~ul~m{9-h+Q{`g@?7p=k6hue}F3%Wykj^=LF@`+b^9+7ER0^N(L znv2nm;TEm}?elMx-7Rg=<#qIj1A6re+LjCTy4J4v+l%B}S*=#z#t+>9$U8?_PyD;F z;7Z&l_)?-mBSslUS z8ETDsV;W5EK(MM;T=j$u0vx2v|;dKhvuar%tXU^8g$)M|2wi)E)l=W1ihB4TXL}8k}@g#x8l7ftnorK*MLzR zB}AYWgdi-ebr|fbBjo{Y3{3K1jyEc&(cYA40MxGy03FUcNw?iDOYL;oZtR-rt<9}@ zHE83s{hU7(FdfMC6xYhZSex0?|9oy`r|34ETXMUnHje?351PgmYSS*u+mfD)IQ#H@ zfivWC+)Xzpn?-OUn)2M}?z%NRjU%u-f&XU(JRNk5xsoLI++>)E-vl-B*pV%{z5}h&OAgN8Mz7SC4|PpI4@*zNuj$qCvr&k%ev4% zfxPcDW(NWIybYfjzHVI1Vy}Xj!JP)AV1qiHQ7cTlt)e=QiMkb1#`^?=JLw~%^v(BV zl=Y7eq_6#^RFp26zWLiHGQXy!&Ecg4MPU5>q0LZC8&SGNQ%eV?|>I? zCh&+otzUVUZ?<1AG*dTR`PV@Q%+}){}Ke`^VG`a>bSk)tB!v5TbgGrse9mB&)V2kbfMxyHI(C_k0(pW5~yA`{_bE5Ht$9uh6|jzo$R7I+n8Rx8_&ApM}OxFbwwC_boke7=HiQIzxn={z{j~;==AKkc5yk zX{R6_iX+hVr_&PAX0?=B|NYT52054=-9VY#aNB3lO^lwnSK4zjGtsAx^+Es8q$ly{ z#2D%`%G-iz9_PRzMkHIco|uWwk0;)Px#&&lJDC=|r|srJIA4*fk47?1FdWp6jEI)J ztX))9j%OBp^PyEm<2Iu_oMC69e07qMOi+1vpMAMmpL5We{oJzy6PU-inz`5Obm57? zd{~r#So_F9-m}tG?jdKiPmYPV@PL#j*YXv*4w2>dtY>V`-a(!VypXW4xqH3Xo_8 z4Pl4NkXL~CoS5z7h@QmGEVGFR*QDv-P9;#e&_aay{x9qcz*ln zRIq|D(DsIfd|sd(r_+9jO@L@DOBBV@$_hjK&^cO81sd5xV_S}a;bBT19*D}6lUPwf z5%+3shrk~N_)n~>8k&uVL=ciMJsa~O&p z!8t`E){-G16qHoNwaw06yy`mq&G@uWhLfXAmn%!CG+)hS-7qW4tq3nMybnpx@41^@ z`MvQ9CGsz9XKdT2P^EmbcM#AIR*6koLgIJOUYX4y>r)?w2JZv^-IZ1U2u`w6n*7QG zvjPG(8HJwSO|g^n1L64sTCi0K4Rp3Aa;2RT{>C@JiC=Kf6jJ=tdaZx7`Y#uMWo>UV z{!Xzq`|xv7ee=x3V#lFIT25}WF?xlXh2?}o^>2-r$|y`>(y%*Ma7V&<{=cbaXxKe2 zebG%gW~S<5QeLyt7%46;4hpNN9Oo(ws-fj~l95kIH%ZXQJE&ets!R6kyU6{@z&vNC z0bgac24_mO8%(D@Ksy>C{o{dAtLX(a z)G+Q2#SZ=|4%6gvV0hT<4lT#KgC86{9P>ZFJdjs)|6Z&&+9_(li0=-IG^`u;{FpvD zyu`entL(7i?7eAEI5}gR!@0Q+i$P~U?ap;c+HjXs<#qi3ESZyqc7z?er29puDG|i9 zh}noZwwo(Dgvq+c&ti+0%)Tpc_|0tqdrnjilW~DNDPY-^RnB9QDs{{k8aJd}J;V8K z!@#l~UpRSNco+JuXe3VN5?_v$LxIFMb$orD0aSEPxfy7{hzdvHP3i3H4540p7${0O zJNB+Z`tA|iebn54hRN#geQ0?pE|HS{dl|v0KlS*X-3H^<^bXvIG_GiIH8}6XwH=2R z#Ph`Vup{1H2Cy)F5_fdl7qL@;Fh_U09r{Bl-GQ8br(fgj(@%y5I{&`Tv1i zB+}<+yFZ*oOsdx@M*Xd`S`hqk*xn_&&|qUkI%-n)gzIJ5kr$!-RybKyJQN2xb;P0e zrw*T9@ca&_7IukmA4Axx@_YH#5Qdu#=*AI~XG==*5oqG>=DN+kqx{utS>86 z(5kQG?2tIJdTaoBfw;l65uH?Z0}1+bt0yx})`^;b`=#iqoD#_UiOUF|;|6^D7>01m zW-^|g!_S-e<7^NX@jSUbO#VAnwq|iGumm*ekw^P z50&MF(AyxH%~7XMp6T6D@i6`lRf(LYD_QJaP>g?4RdV& z2IoFnq~EaBDNTN_deKuxV1h+TBHO8xEJi%XIj`zWQo@XadVI#`DUSJN=R265?wdA? z!^peovIX33w|juJS#sMGxpAUj8*H@hsE-Y+OK?cJTbv$*kxHM79Cs31$g5EeA& z^L2M)e1-Iy_5(cW>u>&J9vnxAir^?A_*d&?G%!Up8vHThYM+>OWE{5pf)k#NNgNu& z-j~(?LFU(MOA|L8;oanrl$7Ls_+|7mu%ld0uv6hMoj0_7ug+mEYITvlDzUidoUFoi zCaZ*y%3jz0jR4_tx`C0YlG}|pFMFOqW`ohq&i-%?8eTsPj>A;}3ol6EOB2<3=I>R- zb0Xf*$3Dreh#ky&TJi)0G1)&ya?hXxDvREHQUQi zuQcv|OG`%wDS;yUuaA zKyhkjhC}0Fp_kZbHQ*Jr8&dHt8+_ur176d&0<0KaO^AHYC@~Sv1V3|!<)2&J&OfW? z7M@LT!iP?+{fuUD9*PYs6AfC%mJI8YA-1y z^}(>9%LQF!rzvM>)%V)BLA!T+$@(&hV5AEXp|BDeqkhE9bm=er za*q@i*WhhQ6a>~8)=n21Y-hY45Zlq?M|I_P3+8m(dxm3Oo@XePBTvGYB-v8 zvYQBly(h=1Dy*g(6J~#`gOdN2paY>r?f*M}ld@|RCupfP^kC)>qo6Abcuo5Y7QgUa zA`4AiczFAA@7EG0#H!Wtz3a2}=$l9H5jz!(z~^ zK;mUTbReedX@eOg?)i#fW!)UDihA?7ZI*}+4;dTlE%M8Z&v4z-2~G-XPs7a)ofIBx zlECO3=b$;N1=4Fg&M!N?n$pylRL2@0|BTr$yoK6}utp6nm^ zayNaWLNY~FZPe?(l}X9V>&+*eFVI2c&voZ`d8@2k4^`c{Y;=^^)(H6O!8i)$XO1&} z1$`G6MGjjCw4X~`Oa}G(K(rt3?#`NP?N?dqc=Cl2e9l%LWe4LK{G#Cs^tfYIN*7^Os*E;BZXy+p+}un6um2oj$eEd3zC0wb zhn-z=C0f3gTAAf*hDuF z?caqWMP~oDpd(d8``N1hyP*F+7Lh#9b`V+5R~P=w}KF+F6~ zf64jJ*O2_*`Lh)uk1*M0D{DHFwDeQ(=Eyqx{f<8*B!s$<^)DSB&``p9WRMHBHAevI z3i!)hpy8sa?MU(6dJkc8by{h<&j5&0x}c=wB`FI_^k5KLHZ&5E^?3LEIB=6$(9#r| zo$nVL;RNOZm0F+#%V#eC?w4;4hE!0#?R>T*%0aQ*jLZ&-{ZyCz zm|0=0j{xVa>+QQ8OsSnmAsu0ObpwN#2t8YIf4rZ(-WuzQG__Ij;45zj;+Rt4dRxX0PJz zt5ObVFjkf0Tm9CPYS0oxJYCM%GtItK4i_CO)0LmM3lamZB}YbuW=ok6&Eo@$qrUC_ z{36aoEp~BoUEwohx$Q_%MwjdO>gf$Ieq1sJT}0kzDJxS~ZC8BW(DM|>v*Y6Q|0JO_ zE>0H?UNW}07ia}hm|!;Q9Pik-$-5L&6l;%GPZyU13h7J*oypotz(^)C>AR?fACr}4 z<}$Kv``@)PYFe|RO0upar%eTSFr7F)zpH-q4XJ_T_wV05b`S){KEKbDpvYosy*8ZV zfa0-;wDp_?ezGFT+P8sx&GtrES)W`$L$UvNF0<` zPQ$YiKbka7*n&Upd}As`Dp~pK6F1*t?k**vT5-SK>{)+xs2)w6Gu9iwu5-58cmbtIBY8D)8!Y5>nWpL@TnRkiYnf>X-v1)r?)?Q2 zRq<_bXR7!|;``pna$4R~AIQQkucPt7D~;57qL7^$^OXJm0=@pB=2bkod}~v=o3B>- z38A#foJWnqXpY9pQfT?WY2EV12G?v5O_gz67v|WZFtxKwhO{=-TY_W_&xR*G9JW^s zZa5AvzhkA)JSa;*~0N z+v(b?ePbgdG4qA6L0V!$GxAMBqSKO^_6jCfm7Tf0df{SK66yPnoeOPO%{7|jnR>iD z9K4HOJ~j9o108k(-m|(=DSh+IV{t=EwMqWWT~$r3%#+XaYJYs0&vWL!{z|7`g$#2x zBquXoFI|HWdTKSaTV4qJRd=M>S}Xhs%;CSb->^cLWb07=a6QFWwCkfh)=(SeK?N@2 z!J2kD{9cCe{0PFJFsJQe{f|YtwY9ZVj~0C~zNh;zFxR05Z*2Zv#)|qqQwHN#i3mMF z`{|>A1N-*x)xdkfrw#}MBdGaO;_s~wVK7L4uT0*M!aiSR(7&Mgd+VPyHk0?A@wd=% z%F3N-w)Ee>)tezk&2$(=^3{$%Sse7U$R=X|_k1O&87|nE5J9rCjeH!u{_Ds0vgg~! ze(wbv)gwp}#Kb7te6#5~NCG1HLAHxg@1wt$Ju`3&1N}$Boe%%m+MvVTwaj0(+WFcE z{;w#5s2m!rE*Y9z<20a zTC|jZ)BLtydcLm7U3c&1K;S+`Oib+D?(xzNlmmTG!?(sL_~Bgs5vV)*m*+#0mlA~g zRigs>&TbTvkxe?czqck3QpT0^aw|x(~;~swyfadpCy|ufPk0 zO0-d9b2z2a!UJqwNvW*2cgK%7G4)pF*ydCw=e3+BD9ueQ$4PYi>p#_6KQ? z_)RS7p=T75L@hLq*F1A!?}`}3eDrvK=<2$78S{A27VqWdDjkOYwd<-V2a=vN-f)<+ zd-t~&_(5=2I)ecCAAR-O=rDOpBMOV*4EVJ5q3%e}rqpgG+P_3bk~M}~p-P>PJdk^0 zrbPFmW}X;%?^7B3LT!%DY2qdOl;xiF0?9~C96L_w?Bxh78qq?rF51Ps-a-c4$&Z_Z zZW$efPZw-9R)p1C8cH`40TWVOV3gqMY}3tO0#ewvwgdUVEQXu|0AOBAyWFhHn}Cfn zPU+S_IALN|+&QaN4FM!t7&|%kqs61LR!rW_s+t_Az?bxg`-0?|-z#|7w=?TK-wDr9 zY|Ayv^m|7VEyFSP)=nIBLtmL(icclPP=w_mp;6}5F!|^mVdzgq7FX^@V2pkdywM{H zi5SG^FV~MS1JZ0xsx&L}%_RwI8;@TAKN&qFF1LLw(Lb*%U?0m>XQeERRg|Zok>10< zcl6R}lMzwjn=3U6Ng-3@j~-L`P$s=o?K5MoNJ}sq2g*@W;|qRI;6yytw4->xYpC-* z*XN!Yq%=-2X4O*asAUNRUXz2-=T#*{oDDm(6EL%H-MlmetN=hRR!{n8wpz0iJA-&` zH#yr1k9?0jp_`qwW{cC&9o-|zD(BI&q6&kIud27t?FaWcBr6NJv68{arUmorlo#?v zr2Pk$lXJ$!^e)0`l4|mScO$SSj-vfW>0Ciww#xj{s@?6;&hp3YU;vk8CJ{oi`~rH#R&MolI)*KLskHE-f{uLlnR{N6gp zrVF!i)ryWppJB8Lt%d0^v`h9Uj_3>(eU_63Nhwb{%F3@S`Z~qg`a~v^r3}A!vXr7M z)`#$bxW}-k(DT*#)Ajv>{AwFE<>`Z+IyfsdOOv^YFZ*F&aJMBzgj9+b_s1Ceu@&Vl!$?!_&q(+Jae$9+DyOHUxlD=w)&aQ+ScbTx&hCD7|S z)_SRi+wG*0qW`qCV%fJz)N7W--WO`DHV=+_YD5S7Dhm(yx6p$KTmHCY=BKwpjwL|r zN=ExxyQfBttjTJ$?n<5`6u|R48oS6$@E*P`#9Q=eNTu&o0}4I8*zZ zpNJ2TF-c}Y!NT3vcL~Om3$|8%CCj+@BT88)MYU$C$)G=0vvOb+$^0rahMQ+BmjM$A zO_ts>1WIxHefPf(N_OtP`UlRB6HH4Om?~)%GG`)9z7Mv!;lyd`Vw4TvE28Ni+WF-A z>6I`miZY5^l$t(kIf%lkL_bhdc=|$BiLs0i4dFs6?;{)0NUDnMM6AJrS3ayfr~9Y* z9Xxe?-fTljP|~z^i$y=l1cxvv_Y;n+h2w-uq4BPxdSKdt6s?(*l4N&C39@6Kg|>~| zvl~6$FhC~U^uB6ZnHF!m%l!|~W_ZiBI(6#glL+6iPYcjn3r9Q7t0RV+fVp~6fz;JW zL)Pd`i$Z$T>TwavVr~MTV#{luf-RzZ4@FQnE{Mrfsj0Cl86-PxqexU%D`h!37#zy| z25qNJw~0~JI(}icOdUgYuxLX}pkbOgvM*euW>6s4B23m+KUnXeD27auF`a;KYkG1f z<41%K_<*-CB*uZLAky4&J_|Wt{d@GcG=qJ{rxEBk-F_w^6m@9W=AWE6xVJ1bWv3zZ zo~%uLCsd+Pa;a07Z!1eczZ=#C8#34&tshjGUAX#Qxzf#F5w2VZU3xu29J#@JT3s#n zfcXsEJnr*B4MB``C1EqJ9@H)G>5W3sQ?=`8 znzO(&B{22AZ%Az_@(BrJuSp9r_;qfQg(qZ=v5@(lBa8mRn)(o^>*h1W^EmWmAk^)F zvy+|`y|>H`dtwCUH-C3s#q&F1{&R$b6K1|5P2x>KB+xpp`Wr)tn_+s!7Kr`Sh93eJ z>_m&>ej;$KX9%r+*3v3h!Z^G5=_eT848*8IO8&8D*X@S@WA$HxQ_z={2d><0auVwP z<)NJq3JlSSJ@ywT^$9AfeG(O3+HVB|Av7n zK?&7%u4j$2=RHYmw~@Ygy^c*w(zXJe%ozgi=Zd<`K*@W%mRxaScjG0izs%_q{S(-9 zmGOS(>ha;I=nOLb>sS5yWo9PXePp(HoZAr}-^xrLr>AF|A(@gMF1kyBCs1lSnsbB5 zO)p77$&O==vyu6^!Rfp^1OEWakP$u6jO=-L^w#hGBj5&*sl_#F80_YutZXGsj8z_v< zGFFY+1dmv3Yow%=l#XKpYCIh6@)?bBb#z#=)9fX9ESu-G7BaT7X*Q(kN=q}M4+G~_ zpP&_Bet9epvp-czYd&s7i*NOUu@wN^+pWZnp41)&co-gKgoZKMn%ujD{gKFbaofAd z{_z!qaTWvRifHPrPETC6)TKrg5SwDf4$&&&D#-kE5X`J>U~|Q&?kf3JCf#QWXCh*L zj=#)q#(z7bjL{8Qy0D_w0}7vbntrlu?jr6vO46e4x7>4S*n8G8>DL~qE$W-9ZE>g6 zWcL(PTkh6CaoU+K8>IQbqF`Fh?z;4`0cJZsN>V^ zmz6R1^3s8NyBS}%ZL*fzm~?BPBxjtAtahqn1Dd8u+|ogG${iw9vcF((RAVPRDEVD_ zNsYa+og1n|5#T9%bDVkSjG#NJ^=B!^hpD0mY2;xE@{G)#E(zdRjx!GiHwvnY;|nIMU~cS%3k&lKPF|v%m|ZiST^iX z?9`4ML%ulMa_6XH(%gGxD5v$a?MjaDhUET8L>Hl6N59%rqRmVQq(u9|vlUpY!&^e0 z&2g|N3l)s=yjjkClJ9Q`mNxts&oqD|A^3}U=kh+PL zs|J{ReplDtOS$OsFBuYD_%yGloLyRT;lZ((fAbnJS$Ke^s4FLS;pGJFwN@9#+Fquf zn~5$!ovEn{1ERvhY5(J#Na@|7Q8EJdO1=`vT+mK5;o{>tl>kVijb!<8y$4e?uGk?BIcK%Pr;34|N;d=2!NY~#2kT$LIdshdTmbXA$8JmZgG$6p7PqbuPz2f_$e)%O~v4pp5Q zjgV4HR1f2Z4L1`A!$K*w)#dJD7CMs!J@I5>ouvO)oA`s^TutkUn?3t_?|C8%^_ryd zKCeULah!DVhV|n=TP=xdj#*OEX{@6rEQOdqN)}grTHHSr*bpb^FxJ&h9ZXu88CqVc z^rdQ5v}J2e&r}EX;Np4#qT`E-HxfOextCS@p_P)#fr^IBqfr5(s(a@R6%D?+cTRH; z1Ju);o8zl}`!4EW^fqtB{FHYfsR0V5j~qQ{dy#uOx9Xlp50 zPJseCs`q(g7gd_2S03S$Gubg9YBr1k+!2{66o#|7ryZx1zl~+Yq6kwv>v?hwpSx2_ zxv^pyMKGl!Jw8AnZNkp}wAidkuWX#8a#0)+?l=YdMx89oV&qMzNfYr~-liz%sy7Xo zpw~GSo?J`vsoS*Nj7{Z);-tKDDP%thp|T-vz{N6g_FQMBj!n^O<%nFN-g8qDc2|a? zFBv5x)41Jc>6%2OsG;$C^e?+LEwy@0=wi<9KFcwpho4g}Az+kwEN3q03H1%i42RlG zUP(R+`;)D;RPH!0-{-DSb*az#QIDs}G2DzsExw1@dKaXFj@Fh)cykg4v#9f$5 zox#0#UW$-t7LgZQb6vyZ2B8ykNl)9G&$kKV@Ro*c%ambd6X+AlWuatKyV(U7H+(Z; znAP8;UP}gYn_QAimCYyL(Aa(jQOMHrurRpRXhZilV{9m$ z^Z{_FsBCpH7|N;?HDtdTAd-|p%fvwCsSlseah%zJ3WKlv{CrhR1q^4n39}96 zN)ZtiyS9?xnRyIoEG?uya!zMd7{5~W`vkd-z*|{LFO`sAc}&7lX&Mbcdu5G7RW2Dp z%cbtHdKd&h$BJtPQKtP)4KQRc7}r#6U8RNUq5Ds49yLg+P&A(@?;>p31%Kz8&&Q}3 z<05k@vF<;`b%a5A!!${ofFxF9{quMDm8ue=F)&D1NKTcclcq6756-r6gScZHb!2B+ zLV3evTb=2!!OG~mlk1C+@7+;0tC!l@JCw48%#>WID9h&WR2>uW=aHW*fe4SE2pz&c zM>x5mJ>#c&dF30d?_VUDD{jV*x<1*Jd_J{;qf;V6Gh2+gLrcWJPDl8WzW8Gnrj5aO zxA)vjt9ss~RbM(kYlw>#1A)v?!)9y5!YFusFcw0&<=t?xxPW`{P$)dV<1n~!Y2ivi zuWz9dm_&J*PUKv}ut;^qjirspTL_yi91OQt{cHamfL1+YZZ$k~fTXX$lxt%dDO&C1 zQ2AcJLd=wwt4hO-KR43~fPAa=XuSzZu5s=NnB~bb3Ujr8HMRXtnN>H|m^S8J968>Y zO<-NT17Nx2pr&SCPrKY`XHQCe*X)S1IDe>8!6~m?UYetAp2rkkAMY>&y-v--@uQRa z9^P<6Nw<@ zjMSBm?BX?(04EV~=akDE_>1iI`Uo{hJkyYUpGiW`5RJw7dTWxRx~83mS@A3xA1#%0 zmcHc?8Y9csV@60vrDlh@4rFVBA&e~8dxsjD5>WzoN<}#LaeFA{{f}Di^eYK`jRW}H zYG!V^U8fYy(HT>3;=baDnORp0jZs4|z$K9~G-0@8yJcUqNs?bCWc)v z*D}RjRNP9<1sQQ89rsJ~=FW?Gb@cg9@?2{ z1Mm!8308-*XL#wrH=qX-H(G5}Xn{+E;x6M83jioG@Itk;1WN z`04yj)GZPWO+@@X0f>2Tz`f$iCe zjP2dUC3D{lm>t7^{IKb&ds7jH$Hqi^U4fY8z|4*$n`wJfIM8qyFv!bTk#LN;et4GH zAHwWtrjne-&FYO~uAMqQY2+Q(NLPNA4SOqcoyvudnUYn}sEA@5aH>&2oljPui(s-b zR;7mpy3VvSWxkvnDs+pdX6|9E>fQx&1TM%x)zFcKpEBh=hGBYuO>Feki)zh zsB4t}_dNIoNP~Y~XX+7SxUA*wGb@wXN*890elW60%<9{3>j=)|Krh%9s>DNr98GT9 zu<}YMt8YnrasGdyLy76D;E@TWyIc8lm;UdK;yuqCVn;ucH>A4e3(2o&U@;3&aGy`< z;P|$hJ7xAZghhcfK_8bb)A70qj&Pqc?w!+&4`V4L^xf%A4!B5r_9f|9%}CAu`IBxy zpH^#f`AY2ptZo|TwlNpO%jY#^TV*FKs1KRM_8%c!wJ;F-;%A722`rbu&|U~6L{+RP ziB)Z~CwWX0nwJvk6Q9LOHQN{t1Ea#v5jd^}>AH_1vhH~GY12oW)CI%v`nuRQ%4mgV z?d-8lzben_*nS;6JP1@UxdQz>Sj%(Z^17;{u!W_hfrhI-K5>HgOE;yfI9bd1RvBtP<0L=1i4MNpcquKZjwp)v z_-Z1F)Frz( z0)ax&{-H5#K``!_9q6z$xGYa?<8(0cElYe0AhWQ%BJLbII~;raa=Ri6t$Y;iF{Agc z@A*FMk}^7m)PS4Oium+^$Tw$&@er=WD3oVLi1nMsnGzg-twpio@9!Gru1^PjR5;3N z=X(1zvR1oOl`LgZ-}mdUFJA>O27PPL9{WilBT4`DK293d9=n?a=+{v#Yb}%@Q=jl&n~ue=i@E>==N8d8=qSX@%Zr{m8UP=`!8oaDYXCq literal 0 HcmV?d00001 diff --git a/docs/guides/backends/overview/index.md b/docs/guides/backends/overview/index.md new file mode 100644 index 0000000..5063a50 --- /dev/null +++ b/docs/guides/backends/overview/index.md @@ -0,0 +1,51 @@ +--- +title: Backend Overview | Stash +description: An overview of the backends used by Stash to store backed up data. +menu: + docs_{{ .version }}: + identifier: backend-overview + name: What is Backend? + parent: backend + weight: 10 +product_name: kubestash +menu_name: docs_{{ .version }} +section_menu_id: guides +--- + +> New to Stash? Please start [here](/docs/concepts/README.md). + +# Stash Backends + +Stash supports various backends for storing data snapshots. It can be a cloud storage like GCS bucket, AWS S3, Azure Blob Storage etc. or a Kubernetes persistent volume like [HostPath](https://kubernetes.io/docs/concepts/storage/volumes/#hostpath), [PersistentVolumeClaim](https://kubernetes.io/docs/concepts/storage/volumes/#persistentvolumeclaim), [NFS](https://kubernetes.io/docs/concepts/storage/volumes/#nfs) etc. + +The following diagram shows how Stash sidecar container accesses and backs up data into a backend. + +
    +  Stash Backend Overview +
    Fig: Stash Backend Overview
    +
    + +You have to create a [Repository](/docs/concepts/crds/repository/index.md) object which contains backend information and a `Secret` which contains necessary credentials to access the backend. + +Stash sidecar/backup job reads backend information from the `Repository` and retrieves access credentials from the `Secret`. Then on the first backup session, Stash will initialize a repository in the backend. + +Below, a screenshot that shows a repository created in AWS S3 bucket named `stash-qa`: + +
    +  Repository in AWS S3 Backend +
    Fig: Repository in AWS S3 Backend
    +
    + +You will see all snapshots taken by Stash at `/snapshot` directory of this repository. + +> Note: Stash stores data encrypted at rest. So, snapshot files in the bucket will not contain any meaningful data until they are decrypted. + +## Next Steps + +- Learn how to configure `Kubernetes Volume` as backend from [here](/docs/guides/backends/local/index.md). +- Learn how to configure `AWS S3/Minio/Rook` backend from [here](/docs/guides/backends/s3/index.md). +- Learn how to configure `Google Cloud Storage (GCS)` backend from [here](/docs/guides/backends/gcs/index.md). +- Learn how to configure `Microsoft Azure Storage` backend from [here](/docs/guides/backends/azure/index.md). +- Learn how to configure `OpenStack Swift` backend from [here](/docs/guides/backends/swift/index.md). +- Learn how to configure `Backblaze B2` backend from [here](/docs/guides/backends/b2/index.md). +- Learn how to configure `REST` backend from [here](/docs/guides/backends/rest/index.md). diff --git a/docs/guides/backends/rest/examples/rest.yaml b/docs/guides/backends/rest/examples/rest.yaml new file mode 100644 index 0000000..de74aae --- /dev/null +++ b/docs/guides/backends/rest/examples/rest.yaml @@ -0,0 +1,10 @@ +apiVersion: stash.appscode.com/v1alpha1 +kind: Repository +metadata: + name: rest-repo + namespace: demo +spec: + backend: + rest: + url: http://rest-server.demo.svc:8000/stash-backup-demo + storageSecretName: rest-secret diff --git a/docs/guides/backends/rest/index.md b/docs/guides/backends/rest/index.md new file mode 100644 index 0000000..9d92887 --- /dev/null +++ b/docs/guides/backends/rest/index.md @@ -0,0 +1,83 @@ +--- +title: REST Backend | Stash +description: Configure Stash to REST Server as Backend. +menu: + docs_{{ .version }}: + identifier: backend-rest + name: REST Server + parent: backend + weight: 80 +product_name: kubestash +menu_name: docs_{{ .version }} +section_menu_id: guides +--- + +# REST Backend + +Stash supports restic's [REST Server](https://github.com/restic/rest-server) as a backend. This tutorial will show you how to use this backend. + +In order to use REST Server as backend, you have to create a `Secret` and a `Repository` object pointing to the desired REST Server address. + +#### Create Storage Secret + +To configure storage secret for this backend, following secret keys are needed: + +| Key | Type | Description | +| ---------------------- | ---------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| `RESTIC_PASSWORD` | `Required` | Password that will be used to encrypt the backup snapshots. | +| `REST_SERVER_USERNAME` | `Optional` | Username for basic authentication in the REST server. | +| `REST_SERVER_PASSWORD` | `Optional` | Password for basic authentication in the REST Server | +| `CA_CERT_DATA` | `optional` | CA certificate used by storage backend. This can be used to pass the root certificate that has been used to sign the server certificate of a TLS secured REST Server. | + +Create storage secret as below, + +```bash +$ echo -n 'changeit' > RESTIC_PASSWORD +$ echo -n '' > REST_SERVER_USERNAME +$ echo -n '' > REST_SERVER_PASSWORD +$ kubectl create secret generic -n demo rest-secret \ + --from-file=./RESTIC_PASSWORD \ + --from-file=./REST_SERVER_USERNAME \ + --from-file=./REST_SERVER_PASSWORD +secret/rest-secret created +``` + +### Create Repository + +Now, you have to create a `Repository` crd. You have to provide the storage secret that we have created earlier in `spec.backend.storageSecretName` field. + +Following parameters are available for `rest` backend, + +| Parameter | Type | Description | +| ---------- | ---------- | ------------------------------------------------------------------------------------------------------------- | +| `rest.url` | `Required` | URL of the REST Server along with an optional path inside the server where backed up snapshot will be stored. | + +Below, the YAML of a sample `Repository` crd that uses a REST Server as a backend. + +```yaml +apiVersion: stash.appscode.com/v1alpha1 +kind: Repository +metadata: + name: rest-repo + namespace: demo +spec: + backend: + rest: + url: http://rest-server.demo.svc:8000/stash-backup-demo + storageSecretName: rest-secret +``` + +Create the `Repository` we have shown above using the following command, + +```bash +$ kubectl apply -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/guides/backends/rest/examples/rest.yaml +repository/rest-repo created +``` + +Now, we are ready to use this backend to backup our desired data using Stash. + +## Next Steps + +- Learn how to use Stash to backup workloads data from [here](/docs/guides/workloads/overview/index.md). +- Learn how to use Stash to backup databases from [here](/docs/guides/addons/overview/index.md). +- Learn how to use Stash to backup stand-alone PVC from [here](/docs/guides/volumes/overview/index.md). diff --git a/docs/guides/backends/s3/examples/minio.yaml b/docs/guides/backends/s3/examples/minio.yaml new file mode 100644 index 0000000..b8ccb26 --- /dev/null +++ b/docs/guides/backends/s3/examples/minio.yaml @@ -0,0 +1,12 @@ +apiVersion: stash.appscode.com/v1alpha1 +kind: Repository +metadata: + name: minio-repo + namespace: demo +spec: + backend: + s3: + endpoint: https://my-minio-service.minio-namespace.svc + bucket: stash-demo + prefix: /backup/demo/deployment/stash-demo + storageSecretName: minio-secret diff --git a/docs/guides/backends/s3/examples/s3.yaml b/docs/guides/backends/s3/examples/s3.yaml new file mode 100644 index 0000000..ec4559c --- /dev/null +++ b/docs/guides/backends/s3/examples/s3.yaml @@ -0,0 +1,13 @@ +apiVersion: stash.appscode.com/v1alpha1 +kind: Repository +metadata: + name: s3-repo + namespace: demo +spec: + backend: + s3: + endpoint: s3.amazonaws.com # use server URL for s3 compatible other storage service + bucket: stash-demo + region: us-west-1 + prefix: /backup/demo/deployment/stash-demo + storageSecretName: s3-secret diff --git a/docs/guides/backends/s3/index.md b/docs/guides/backends/s3/index.md new file mode 100644 index 0000000..227c101 --- /dev/null +++ b/docs/guides/backends/s3/index.md @@ -0,0 +1,125 @@ +--- +title: AWS S3/Minio/Rook Backend | Stash +description: Configure Stash to use AWS S3/Minio/Rook as Backend. +menu: + docs_{{ .version }}: + identifier: backend-s3 + name: AWS S3/Minio/Rook + parent: backend + weight: 30 +product_name: kubestash +menu_name: docs_{{ .version }} +section_menu_id: guides +--- + +# AWS S3 + +Stash supports AWS S3 or S3 compatible storage services like [Minio](https://minio.io/) servers, [Rook Object Store](https://rook.io/docs/rook/v0.9/ceph-object.html), [DigitalOceans Space](https://www.digitalocean.com/products/spaces/) as a backend. This tutorial will show you how to use this backend. + +In order to use S3 or S3 compatible storage service as backend, you have to create a `Secret` and a `Repository` object pointing to the desired bucket. + +>If the bucket does not exist yet, Stash will create it automatically in the default region (`us-east-1`) during the first backup. In this case, you have to make sure that the bucket name is unique across all S3 buckets. Currently, it is not possible for Stash to create bucket in different region. You have to create the bucket in your desired region before using it in Stash. + +#### Create Storage Secret + +To configure storage secret for this backend, following secret keys are needed: + +| Key | Type | Description | +| ----------------------- | ---------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| `RESTIC_PASSWORD` | `Required` | Password that will be used to encrypt the backup snapshots. | +| `AWS_ACCESS_KEY_ID` | `Required` | AWS / Minio / Rook / DigitalOcean Spaces access key ID | +| `AWS_SECRET_ACCESS_KEY` | `Required` | AWS / Minio / Rook / DigitalOcean Spaces secret access key | +| `CA_CERT_DATA` | `optional` | CA certificate used by storage backend. This can be used to pass the root certificate that has been used to sign the server certificate of a TLS secured Minio server. | + +Create storage secret as below, + +```bash +$ echo -n 'changeit' > RESTIC_PASSWORD +$ echo -n '' > AWS_ACCESS_KEY_ID +$ echo -n '' > AWS_SECRET_ACCESS_KEY +$ kubectl create secret generic -n demo s3-secret \ + --from-file=./RESTIC_PASSWORD \ + --from-file=./AWS_ACCESS_KEY_ID \ + --from-file=./AWS_SECRET_ACCESS_KEY +secret/s3-secret created +``` + +For TLS secured Minio Server, create secret as below, + +```bash +$ echo -n 'changeit' > RESTIC_PASSWORD +$ echo -n '' > AWS_ACCESS_KEY_ID +$ echo -n '' > AWS_SECRET_ACCESS_KEY +$ cat ./directory/of/root/certificate/ca.crt > CA_CERT_DATA +$ kubectl create secret generic -n demo minio-secret \ + --from-file=./RESTIC_PASSWORD \ + --from-file=./AWS_ACCESS_KEY_ID \ + --from-file=./AWS_SECRET_ACCESS_KEY \ + --from-file=./CA_CERT_DATA +secret/minio-secret created +``` + +{{< notice type="warning" message="If you are using a Minio backend, make sure that you are using `AWS_ACCESS_KEY_ID` instead of `MINIO_ACCESS_KEY` and `AWS_SECRET_ACCESS_KEY` instead of `MINIO_SECRET_KEY`." >}} + +### Create Repository + +Now, you have to create a `Repository` crd. You have to provide the storage secret that we have created earlier in `spec.backend.storageSecretName` field. + +Following parameters are available for `S3` backend. + +| Parameter | Type | Description | +| ------------- | ---------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| `s3.endpoint` | `Required` | For S3, use `s3.amazonaws.com`. If your bucket is in a different location, S3 server (s3.amazonaws.com) will redirect Stash to the correct endpoint. For DigitalOCean, use `nyc3.digitaloceanspaces.com` etc. depending on your bucket region. For S3-compatible other storage services like Minio / Rook use URL of the server. | +| `s3.bucket` | `Required` | Name of Bucket. If the bucket does not exist yet it will be created in the default location (`us-east-1` for S3). It is not possible at the moment for Stash to create a new bucket in a different location, so you need to create it using a different program. | +| `s3.region` | `Optional` | Specify the region of your bucket. | +| `s3.prefix` | `Optional` | Path prefix inside the bucket where the backed up data will be stored. | + +Below, the YAML of a sample `Repository` crd that uses an `S3` bucket as a backend. + +```yaml +apiVersion: stash.appscode.com/v1alpha1 +kind: Repository +metadata: + name: s3-repo + namespace: demo +spec: + backend: + s3: + endpoint: s3.amazonaws.com # use server URL for s3 compatible other storage service + bucket: stash-demo + region: us-west-1 + prefix: /backup/demo/deployment/stash-demo + storageSecretName: s3-secret +``` + +For S3 compatible Minio and other storage services, specify the endpoint with connection scheme (`http`, or `https`), + +```yaml +apiVersion: stash.appscode.com/v1alpha1 +kind: Repository +metadata: + name: minio-repo + namespace: demo +spec: + backend: + s3: + endpoint: https://my-minio-service.minio-namespace.svc + bucket: stash-demo + prefix: /backup/demo/deployment/stash-demo + storageSecretName: s3-secret +``` + +Create the `s3-repo` Repository we have shown above using the following command, + +```bash +$ kubectl apply -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/guides/backends/s3/examples/s3.yaml +repository/s3-repo created +``` + +Now, we are ready to use this backend to backup our desired data using Stash. + +## Next Steps + +- Learn how to use Stash to backup workloads data from [here](/docs/guides/workloads/overview/index.md). +- Learn how to use Stash to backup databases from [here](/docs/guides/addons/overview/index.md). +- Learn how to use Stash to backup stand-alone PVC from [here](/docs/guides/volumes/overview/index.md). diff --git a/docs/guides/backends/swift/examples/swift.yaml b/docs/guides/backends/swift/examples/swift.yaml new file mode 100644 index 0000000..9a817f3 --- /dev/null +++ b/docs/guides/backends/swift/examples/swift.yaml @@ -0,0 +1,11 @@ +apiVersion: stash.appscode.com/v1alpha1 +kind: Repository +metadata: + name: swift-repo + namespace: demo +spec: + backend: + swift: + container: stash-backup + prefix: /demo/deployment/my-deploy + storageSecretName: swift-secret diff --git a/docs/guides/backends/swift/index.md b/docs/guides/backends/swift/index.md new file mode 100644 index 0000000..ce490f4 --- /dev/null +++ b/docs/guides/backends/swift/index.md @@ -0,0 +1,158 @@ +--- +title: Swift Backend | Stash +description: Configure Stash to use OpenStack Swift as Backend. +menu: + docs_{{ .version }}: + identifier: backend-swift + name: OpenStack Swift + parent: backend + weight: 60 +product_name: kubestash +menu_name: docs_{{ .version }} +section_menu_id: guides +--- + +# OpenStack Swift + +Stash supports [OpenStack Swift](https://docs.openstack.org/swift/latest/) as a backend. This tutorial will show you how to use this backend. + +In order to use OpenStack Swift as backend, you have to create a `Secret` and a `Repository` object pointing to the desired Swift container. + +>If the Swift container does not exist yet, Stash will automatically create it during the first backup. + +#### Create Storage Secret + +Stash supports Swift's Keystone v1, v2, v3 authentication as well as token-based authentication. + +**Keystone v1 authentication:** + +For keystone v1 authentication, following secret keys are needed: + +| Key | Description | +|--------------------------|------------------------------------------------------------| +| `RESTIC_PASSWORD` | Password used that will be used to encrypt the backup snapshots.| +| `ST_AUTH` | URL of the Keystone server. | +| `ST_USER` | Username. | +| `ST_KEY` | Password. | + +**Keystone v2 authentication:** + +For keystone v2 authentication, following secret keys are needed: + +| Key | Description | +|--------------------------|------------------------------------------------------------| +| `RESTIC_PASSWORD` | Password used that will be used to encrypt the backup snapshots.| +| `OS_AUTH_URL` | URL of the Keystone server. | +| `OS_REGION_NAME` | Storage region name | +| `OS_USERNAME` | Username | +| `OS_PASSWORD` | Password | +| `OS_TENANT_ID` | Tenant ID | +| `OS_TENANT_NAME` | Tenant Name | + +**Keystone v3 authentication:** + +For keystone v3 authentication, following secret keys are needed: + +| Key | Description | +|--------------------------|------------------------------------------------------------| +| `RESTIC_PASSWORD` | Password used that will be used to encrypt the backup snapshots.| +| `OS_AUTH_URL` | URL of the Keystone server. | +| `OS_REGION_NAME` | Storage region name | +| `OS_USERNAME` | Username | +| `OS_PASSWORD` | Password | +| `OS_USER_DOMAIN_NAME` | User domain name | +| `OS_PROJECT_NAME` | Project name | +| `OS_PROJECT_DOMAIN_NAME` | Project domain name | + +For keystone v3 application credential authentication (application credential id): + +| Key | Description | +|--------------------------|------------------------------------------------------------| +| `RESTIC_PASSWORD` | Password used that will be used to encrypt the backup snapshots.| +| `OS_AUTH_URL` | URL of the Keystone server. | +| `OS_APPLICATION_CREDENTIAL_ID` | The ID of the application credential used for authentication. If not provided, the application credential must be identified by its name and its owning user.| +| `OS_APPLICATION_CREDENTIAL_SECRET` | The secret for authenticating the application credential. | + +For keystone v3 application credential authentication (application credential name): + +| Key | Description | +|--------------------------|------------------------------------------------------------| +| `RESTIC_PASSWORD` | Password used that will be used to encrypt the backup snapshots.| +| `OS_AUTH_URL` | URL of the Keystone server. | +| `OS_USERNAME` | User name| +| `OS_USER_DOMAIN_NAME` | User domain name| +| `OS_APPLICATION_CREDENTIAL_NAME` | The name of the application credential used for authentication. If provided, must be accompanied by a user object. | +| `OS_APPLICATION_CREDENTIAL_SECRET` | The secret for authenticating the application credential. | + +**Token-based authentication:** + +For token-based authentication, following secret keys are needed: + +| Key | Description | +|--------------------------|------------------------------------------------------------| +| `RESTIC_PASSWORD` | Password used that will be used to encrypt the backup snapshots.| +| `OS_STORAGE_URL` | Storage URL | +| `OS_AUTH_TOKEN` | Authentication token | + +A sample storage secret creation for keystone v2 authentication is shown below, + +```bash +$ echo -n 'changeit' > RESTIC_PASSWORD +$ echo -n '' > OS_AUTH_URL +$ echo -n '' > OS_TENANT_ID +$ echo -n '' > OS_TENANT_NAME +$ echo -n '' > OS_USERNAME +$ echo -n '' > OS_PASSWORD +$ echo -n '' > OS_REGION_NAME +$ kubectl create secret generic swift-secret \ + --from-file=./RESTIC_PASSWORD \ + --from-file=./OS_AUTH_URL \ + --from-file=./OS_TENANT_ID \ + --from-file=./OS_TENANT_NAME \ + --from-file=./OS_USERNAME \ + --from-file=./OS_PASSWORD \ + --from-file=./OS_REGION_NAME +secret/swift-secret created +``` + +### Create Repository + +Now, you have to create a `Repository` crd. You have to provide the storage secret that we have created earlier in `spec.backend.storageSecretName` field. + +Following parameters are available for `Swift` backend. + +| Parameter | Description | +| ----------------- | ------------------------------------------------------------------------------ | +| `swift.container` | `Required`. Name of Storage container | +| `swift.prefix` | `Optional`. Path prefix inside the container where backed up data will be stored. | + +Below, the YAML of a sample `Repository` crd that uses a Swift container as a backend. + +```yaml +apiVersion: stash.appscode.com/v1alpha1 +kind: Repository +metadata: + name: swift-repo + namespace: demo +spec: + backend: + swift: + container: stash-backup + prefix: /demo/deployment/my-deploy + storageSecretName: swift-secret +``` + +Create the `Repository` we have shown above using the following command, + +```bash +$ kubectl apply -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/guides/backends/swift/examples/swift.yaml +repository/swift-repo created +``` + +Now, we are ready to use this backend to backup our desired data using Stash. + +## Next Steps + +- Learn how to use Stash to backup workloads data from [here](/docs/guides/workloads/overview/index.md). +- Learn how to use Stash to backup databases from [here](/docs/guides/addons/overview/index.md). +- Learn how to use Stash to backup stand-alone PVC from [here](/docs/guides/volumes/overview/index.md). diff --git a/docs/guides/batch-backup/_index.md b/docs/guides/batch-backup/_index.md new file mode 100644 index 0000000..fa42cc9 --- /dev/null +++ b/docs/guides/batch-backup/_index.md @@ -0,0 +1,10 @@ +--- +title: Batch Backup | Stash +menu: + docs_{{ .version }}: + identifier: batch-backup + name: Batch Backup + parent: guides + weight: 40 +menu_name: docs_{{ .version }} +--- \ No newline at end of file diff --git a/docs/guides/batch-backup/overview/images/batch-restore.svg b/docs/guides/batch-backup/overview/images/batch-restore.svg new file mode 100644 index 0000000..141438c --- /dev/null +++ b/docs/guides/batch-backup/overview/images/batch-restore.svg @@ -0,0 +1,1128 @@ + + + + + + image/svg+xml + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/guides/batch-backup/overview/images/batchbackup_overview.svg b/docs/guides/batch-backup/overview/images/batchbackup_overview.svg new file mode 100644 index 0000000..a7d32e4 --- /dev/null +++ b/docs/guides/batch-backup/overview/images/batchbackup_overview.svg @@ -0,0 +1,1326 @@ + + + + + + image/svg+xmldiff --git a/docs/guides/batch-backup/overview/index.md b/docs/guides/batch-backup/overview/index.md new file mode 100644 index 0000000..6ec899b --- /dev/null +++ b/docs/guides/batch-backup/overview/index.md @@ -0,0 +1,72 @@ +--- +title: Batch Backup & Restore Overview | Stash +description: An overview on how batch backup & restore works in Stash. +menu: + docs_{{ .version }}: + identifier: batch-backup-overview + name: How Batch Backup & Restore works? + parent: batch-backup + weight: 10 +product_name: kubestash +menu_name: docs_{{ .version }} +section_menu_id: guides +--- + +# Batch Backup and Restore Overview + +Sometimes, an application may consist of multiple co-related components. For example, to deploy a WordPress, you will need a Deployment for the WordPress and another Deployment for the database. Now, it is sensible to want to backup or restore both of the deployments using a single configuration as they are parts of the same application. + +Stash 0.9.0+ supports taking backup multiple co-related components using a single configuration known as [BackupBatch](/docs/concepts/crds/backupbatch/index.md). Stash 0.10.0+ supports restoring multiple co-related components together known as [RestoreBatch](/docs/concepts/crds/restorebatch/index.md) This guide will give you an overview of how batch backup and restore works in Stash. + +## How Batch Backup Works + +The following diagram shows how Stash takes backup of multiple co-related components in a single application. Open the image in a new tab to see the enlarged version. + +
    + Stash Batch Backup Flow +
    Fig: Batch backup flow in Stash
    +
    + +The backup process consists of the following steps: + +1. At first, a user creates a backend Secret. This secret holds the credentials to access the backend where the backed up data will be stored. + +2. Then, she creates a `Repository` crd which represents the original repository in the backend. + +3. Then, she creates a `BackupBatch` crd which specifies multiple targets(workload, volume, and database). It also specifies the `Repository` object that holds the backend information where the backed up data will be stored. + +4. Stash operator watches for `BackupBatch` objects. + +5. When it finds a `BackupBatch` object, it checks if there is any workload as a target. If there any, it injects a sidecar named `stash` into the workloads. + +6. It also creates a `CronJob` to trigger backups periodically. + +7. The`CronJob` triggers backup on each scheduled slot by creating a `BackupSession` crd. + +8. The BackupSession controller (inside sidecar for sidecar model or inside the operator itself for job model) watches for `BackupSession` crd. + +9. When it finds a `BackupSession` it starts the backup process immediately(for job model a job is created for taking backup) for the individual targets. Stash operator enforces the backup order if the `executionOrder` is set to `Sequential`. + +10. The individual targets complete their backup process independently and update their respective fields in `BackupSession` status. + +## How Batch Restore Works + +The following diagram shows the batch restore process. Please, open image in new tab to view the enlarged image. + +
    + Stash Batch Restore Flow +
    Fig: Batch restore flow in Stash
    +
    + +The batch restore process consists of the following steps: + +1. At first, the user creates a `RestoreBatch` CR specifying the targets and the respective Repository where the backed up data has been stored. +2. The Stash operator watches for the `RestoreBatch` CR. +3. When the Stash operator finds a `RestoreBatch` CR, it executes the global `PreRestore` hooks. If there is no global `PreRestore` hook, Stash will skip this step. +4. Then, it injects an init-container into the target that follows the sidecar model and creates a restore job for the targets that follow the job model. Stash operator enforces the restore order in this step if the `executionOrder` is set to `Sequential`. +5. The restore init-container/job first execute their local `PreRestore` hooks. Then, restore their data and finally execute their `PostRestore` hooks. +6. Finally, Stash operator executes the global `PostRestore` hooks. If there is not global `PostRestore` hook configured for this RestoreBatch, Stash will skip this step. + +## Next Steps + +- See a step by step guide to backup application with multiple co-related components [here](/docs/guides/batch-backup/wordpress-backup/index.md). diff --git a/docs/guides/batch-backup/wordpress-backup/examples/appbinding.yaml b/docs/guides/batch-backup/wordpress-backup/examples/appbinding.yaml new file mode 100644 index 0000000..69866f4 --- /dev/null +++ b/docs/guides/batch-backup/wordpress-backup/examples/appbinding.yaml @@ -0,0 +1,15 @@ +apiVersion: appcatalog.appscode.com/v1alpha1 +kind: AppBinding +metadata: + name: wordpress-db + namespace: demo +spec: + type: mysql + version: 8.0.27 + clientConfig: + service: + name: wordpress-db + port: 3306 + scheme: mysql + secret: + name: mysql-pass diff --git a/docs/guides/batch-backup/wordpress-backup/examples/backupbatch.yaml b/docs/guides/batch-backup/wordpress-backup/examples/backupbatch.yaml new file mode 100644 index 0000000..5d71744 --- /dev/null +++ b/docs/guides/batch-backup/wordpress-backup/examples/backupbatch.yaml @@ -0,0 +1,34 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: BackupBatch +metadata: + name: wordpress-backup + namespace: demo +spec: + repository: + name: gcs-repo + schedule: "*/5 * * * *" + executionOrder: Parallel + members: + - target: + alias: db + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: wordpress-db + task: + name: mysql-backup-8.0.14 + - target: + alias: app + ref: + apiVersion: apps/v1 + kind: Deployment + name: wordpress-app + volumeMounts: + - name: storage + mountPath: /var/www/html + paths: + - /var/www/html + retentionPolicy: + name: 'keep-last-10' + keepLast: 10 + prune: true diff --git a/docs/guides/batch-backup/wordpress-backup/examples/mysql.yaml b/docs/guides/batch-backup/wordpress-backup/examples/mysql.yaml new file mode 100644 index 0000000..9b748a4 --- /dev/null +++ b/docs/guides/batch-backup/wordpress-backup/examples/mysql.yaml @@ -0,0 +1,75 @@ +apiVersion: v1 +kind: Service +metadata: + name: wordpress-db + namespace: demo + labels: + app: wordpress-db +spec: + ports: + - port: 3306 + selector: + app: wordpress-db +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: wordpress-db + namespace: demo + labels: + app: wordpress-db +spec: + selector: + matchLabels: + app: wordpress-db + strategy: + type: Recreate + template: + metadata: + labels: + app: wordpress-db + spec: + containers: + - image: mysql:8.0.14 + name: mysql + args: + - --default-authentication-plugin=mysql_native_password + env: + - name: MYSQL_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: mysql-pass + key: password + - name: MYSQL_USER + valueFrom: + secretKeyRef: + name: mysql-pass + key: username + ports: + - containerPort: 3306 + name: mysql + volumeMounts: + - name: storage + mountPath: /var/lib/mysql + - name: config-volume + mountPath: /etc/mysql/conf.d + volumes: + - name: storage + persistentVolumeClaim: + claimName: mysql-pvc + - name: config-volume + emptyDir: {} +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: mysql-pvc + namespace: demo + labels: + app: wordpress-db +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi diff --git a/docs/guides/batch-backup/wordpress-backup/examples/repository.yaml b/docs/guides/batch-backup/wordpress-backup/examples/repository.yaml new file mode 100644 index 0000000..8708c70 --- /dev/null +++ b/docs/guides/batch-backup/wordpress-backup/examples/repository.yaml @@ -0,0 +1,11 @@ +apiVersion: stash.appscode.com/v1alpha1 +kind: Repository +metadata: + name: gcs-repo + namespace: demo +spec: + backend: + gcs: + bucket: stashed-ci + prefix: /wordpress/backup + storageSecretName: gcs-secret diff --git a/docs/guides/batch-backup/wordpress-backup/examples/restorebatch.yaml b/docs/guides/batch-backup/wordpress-backup/examples/restorebatch.yaml new file mode 100644 index 0000000..b2771a5 --- /dev/null +++ b/docs/guides/batch-backup/wordpress-backup/examples/restorebatch.yaml @@ -0,0 +1,33 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: RestoreBatch +metadata: + name: wordpress-restore + namespace: demo +spec: + driver: Restic + repository: + name: gcs-repo + executionOrder: Sequential + members: + - target: + alias: db + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: wordpress-db + rules: + - snapshots: [latest] + task: + name: mysql-restore-8.0.14 + - target: + alias: app + ref: + apiVersion: apps/v1 + kind: Deployment + name: wordpress-app + rules: + - paths: + - /var/www/html + volumeMounts: + - name: storage + mountPath: /var/www/html diff --git a/docs/guides/batch-backup/wordpress-backup/examples/restoresession.yaml b/docs/guides/batch-backup/wordpress-backup/examples/restoresession.yaml new file mode 100644 index 0000000..f39036e --- /dev/null +++ b/docs/guides/batch-backup/wordpress-backup/examples/restoresession.yaml @@ -0,0 +1,18 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: RestoreSession +metadata: + name: wordpress-db-restore + namespace: demo +spec: + task: + name: mysql-restore-8.0.14 + repository: + name: gcs-repo + target: + alias: db + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: wordpress-db + rules: + - snapshots: [latest] diff --git a/docs/guides/batch-backup/wordpress-backup/examples/wordpress.yaml b/docs/guides/batch-backup/wordpress-backup/examples/wordpress.yaml new file mode 100644 index 0000000..b5dfc55 --- /dev/null +++ b/docs/guides/batch-backup/wordpress-backup/examples/wordpress.yaml @@ -0,0 +1,71 @@ +apiVersion: v1 +kind: Service +metadata: + name: wordpress-app + namespace: demo + labels: + app: wordpress-app +spec: + ports: + - port: 80 + selector: + app: wordpress-app +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: wordpress-app + namespace: demo + labels: + app: wordpress-app +spec: + selector: + matchLabels: + app: wordpress-app + strategy: + type: Recreate + template: + metadata: + labels: + app: wordpress-app + spec: + containers: + - image: wordpress:5.3.2-apache + name: wordpress + env: + - name: WORDPRESS_DB_HOST + value: wordpress-db + - name: WORDPRESS_DB_PASSWORD + valueFrom: + secretKeyRef: + name: mysql-pass + key: password + - name: WORDPRESS_DB_USER + valueFrom: + secretKeyRef: + name: mysql-pass + key: username + ports: + - containerPort: 80 + name: wordpress + volumeMounts: + - name: storage + mountPath: /var/www/html + volumes: + - name: storage + persistentVolumeClaim: + claimName: wordpress-pvc +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: wordpress-pvc + namespace: demo + labels: + app: wordpress-app +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi diff --git a/docs/guides/batch-backup/wordpress-backup/images/backup-data.png b/docs/guides/batch-backup/wordpress-backup/images/backup-data.png new file mode 100644 index 0000000000000000000000000000000000000000..8876082a19489eb90cae1677d86819bfbf94b00c GIT binary patch literal 49018 zcmb@u1yq;Y*Dd@*1e8=k2?+rO3F(v)QBYbyLMcfFBt<$Dl@0+3Nol0JOQlO1B&Fd; zcXQXnIsf;)8ZpyA? z(s_ z>wbauBCW{bp?(2<)cq@im(IlvY_0{xM8?<{y=4>}7aX@~AmKU4B)^ROQ#K_?Vu$qr z`DeO6e&XKQ-%waMbjUx!59{7}A^)Io3D16U)Av2**=-mklxM$qbnV|u&$%mGsoi_< zi`nSy&}8;|P0#o)W8Vr~IyyZ@J59^AN3YdPumqL6#^0q4$|kTGtsSqcz`scB`tYw} zQZ8Ixlz(G}{o*iqsoIUk4#xybL-b(pCiiE~S8v%RkT*-m3NZ-0)EV|?im6H?n}|Rk z3<+I{ESTDm%YM4Td?3VC9>eGqko<>N;N_Lc9|i5gaBZKFLvKC)wbkk$lcQ>WhN6X@GMn4nXz#&w>gO65)6B&)u!8-r!wmt`I30+>I|p9$y|NB z5%pealmKOj{IDSDlJ+MU^rI&g-zIL9d>Yy=Rh{ajcI10wY|c)DlJO9ti=5At)X&=J z@H3xlo_`yA^JbLB*7z^FEEy~Ez7F56Wnm0>Qpb)&vwL!Qg3D|El(*|C#u9er>|VD- znF<6l9JO{RWq4i9DJSpOqwL_xsiV=p568HX(Iw_ri}~8=(B3Vcj;TTS3H!lI2adu#gX&eiPR476;L9{X>53cgibKEl_0 z>%Epi(Tx&a36Jcr_kAYbQLpmzdUzGTuA+@X%9|a%W|R(v-09(`T?>K_Hh2b3AIdR* zzwP+=oLOYqDB@53@T_gfB~qBX!SkjNBTCjIik6DKc1O!Es^!ZIB~we(jk5bL=gxKDCE}au|2a6rF64xg>jUlVnwB41@Gl%l?#?h?`x)b8%5N2$8Y|Mlt}Fv zx*QptNP44UE`MWUZmBfd!ck6~;w?2~|;)KdBr4JU@v4BQQD7e)sB>raC(6 z`SIp6V=XsZax6jPt~_!xvCtoB#j(9?s}CU9=~WxKzsHb{)5zRn=JR;+S|pup;*n-> zGplL2e?}&#;qY`KQso`KH5 z&0imHVIHkn@n5EjddFlMwd9e4hb}V;Yp{P~CK(%7wQXO!K?UP!n!iNq_^G_heB~iT zg#W>;>S<-amW%U8L1Wmg6x-N-6EEHfDHPLKCp`ATV+cw1OtA7IUN)`RSlSSPvDF#8 zht+~1f7vP0TFAS>Jzl#m`SIb+^^vFIfqh;wlQIAe~oC$-oKW^3*?I(BV(fb7G5*h4NZMzIyrQ7)|>Men>8R4 z-MZUfjB%{VO;l^$Xmj|@0Al-(tixSqw0xee5L)X9(hJ12>@HRwWI7~=!xo{hZ|sh; zY#ub9*pRt-b1vq5PsTSP(G`aN2RAvLr0A+w7#u&8E7y&8r5q&~+|l1?Xytn+328cU zF2OkM`L~@Rh-J8ZDq7=VLlURuQ1bod46FWogYfYW8jaTKzmY(066#d>zLz8mbDX>! zji(_VhgbAI8dB|p1buGn_GI=kqnMva-9?s9`3KOP9-@j`U*& zm(WNXstC#aO{?jeFu$^)Ag#1hv7)w0%CT}_A!gu|%D1S8?J1wCkQXtp4E2aZNbQ^l9Un3fXBvNDJ*84hMFEH;U)*}lw-$GQGig+SlqB7hfBjU z=QZv8i>=autr?8U(7Qin$DQ-nlN#SSI(R8j^aT#=ySwoqpBI|HH95v(c{L4*5jm zC`JJ5n9Ikeh&NDo$vmo)bvGP4>XQ7|S*a$B3tk(@mUk((`J-PS56^dmskz73-UDP| zGn{%=ZtUe_j78WBP{VCT8@?VAo+g=6`aH(r=$6YiqMD~X@l3WdU%uEB+wz37w#(i^ z#SHs1XV}CIr>P!_i0NBg8Ej8Txzjk;g&}ude(A>s*07ajCd7INvs_ZuFyJpv~Ki zRpotr;?p5Kkw+y+437r&oRJCAZfFeYRk(2>d%^$ zO*~Yd&pmDe45Ke88yF4qA^XRg&er|;b|U*H;vUSuh{UKLxp^kR>cdmH1gW$NL)mvx z-nm`|%zHvyS-$)b?SN74!yXVF5C3J;KH`s&?)z4!uCblAF_VAjb(1cfL!&3YxZ+Bi~1HHCWPjKg(Wctz?D&d-ccli=jO+`Wo?tIBf) zI)&8hWk;|>$ou-0+|YiH`c+bPiblMl z0x8_PJi@A-gg4_ybU|a24Wp?-#%EB%q}W1dPZtNzkHK+$hnVI;Z&Hl?W@TK zWOn+Oz5(s=fX<-yJvFEkcUDSy@`*P>2w-YKs}1`Ag|5c?yL)t8MfWh@;WZk4tj$(beg-{4Dufb-j z&#G@Sykxj~4l(R1M`c5IZ6?OHS(6(j44?n6) z2(e*e#wGNDSupBHElg&6BUd+x0oQ4|BZ2w+;e!W01Fug%7@SccCbIufpW6aw_kL#m zmnEH7w7dZyK}VXT{Y$J2p8R{M`@h7hd2-7t;{vM9$c9s`{^aBU z%`P3zrZv*{&(~d!c6N65sUUpFz{GS>M`wI88(}1{1QXM9b7~{Dx4G1^HUGX96+Qbx zC+m&fUG|l`B$2;>ZE1lpB9FP^JyZ_g^tIJ@6ks?5*> z6UXy;vB}x*OOo|ozZ=NZ2svD>5gX7xCsHYkyl;B8#jZ_Ud(07?NLfhn>*0-s)VS^vi*dcI z)(;nn?Kj)`y?uNV?tjFsR}I9##Lm^L$AuNj>l25U-DI!tx6viQN8P`F->hFyKp?b~ z@wx>(w)ZOMk+A~hWvOfuJ6ki^2#z}YS&!|wxHuXju_F$lw@bHI7Oyr96&Ocy8RCw+ zow|54^Yie8cEkt`m#HGddpK3@L};#JV32hA2Bpy3HY2UaGEDi{*r*S=;xIp!5EH+@N${bim875S)K26zRM%@JR*LLT zhxBG^4ci|dZFVYWJ>#8ikFsmU!MXMH@j@gLRqynugDA<#A3u0-zPY)XuQevxCrctx zQCdkiC@LuE();)C1*|4Nogc}t?!Pz4VxYAO$E-CV!HnQf%OTW{Jx^%rLnOw z9+O_L*TcnH1#Rp#M^{KmN$=V&K5%p_&vRa%tndB)6c6GPCOU#sA3HKK(tT#1VjDex zqdVR7IYKtYG-V&=$xlA!?%#!l$GW;VBs>XkadL7FytYUh$$DPWovFcHSy_2otDGlB z$Zob|+_hlHEm``@%c1-k-p=NQp45f$8ZmKk@x8sh-)T?i`OHV`+jo&2M)L8wb@lJy zAXSxaOiXuQQg-W=5kcms-&N*!85kJ43tuUV?oSgRY%TnZvZ(eB2_dEudTa3W6G2%u zBOTp)##sCJ<+kW6*RC0ze@Dz9JF!0(#|TReYri?+LB!>HWS?kfGSl*pWWx9C+51G8GT*?DZ;$2d{Erq{+@cB#n8$s0BX2i5plS5_7}7wZBP8Noy@EIV2`Jj0&+y5d4B+CGhD|m$Vs9bZ@${3gnJ)E0&$xc75NUva090LmrCR zoa?;a$#%Pq8=u;K0t1NxSVM7jb+S9p3MaaxXl7s--KRlL2U;({?|KSdDhcH(fddU_HFX(YHSQHtAP!+_6h z@Lo@f9A1?e%;#scZR-vtNzywt&1}L;nd0{!U%Zr`p`1#n%jYH5lX z#>U2~*_z&oiS#Z9TeQ5qSKZmP%26CJPx`n|+=&_GIbQ$a(O-Jc`!cVZojvBR?c{WG zi1Xoc314f00;ePW%-41!E-tQ8>-wF?gU^f2IQvO^q1dErSCzLHh^~~)QMZJ%>!fJ} zA{BY*o4OOBNq?qyMTOAk&z}WjZ56MiaNl_)asehTL9@)--H@UOGP%v#gt%k?rFTwF z@))FOqu#V95MDvF5}$%#px>Wn2)G>ZXlrXXR3o`AHO^IfAX|$ZQc+!9o!MaSJBWbw zX2!VbXRcqEpW4I3+RsKB+b49 zYd(56Y8k@Oe6)Oh)$KG2W>B%l)n#X8w3UC{8B;M$@;LX!PxX9*i_60$#%mLG=drPo zjODsNLz*HNrTU)?Y>R_qQMIjFJ*i4qeo6iG}gb(h!0f`m>%F7&Kpj!Tp4ZX&cPbU*FxG zgWYb};72a`dval+89-KNMox8$&}yYb6yIxW0zyEegGHvKfH&xJDmQSmv$K&$0VWxy z6tk3=VN=gVxw*OZXKS^F>$pCKy$ltP$OD^zPE@qIHtzAGM;HG7{R_zGox|qr=jdoz zSTyxgOWIDcQ|EWP^e_c_L<}~ff|nc!9#wZuOf2p;HZ*YQH{efgD~KH%B$bUcxle~M zDqNwYbRJ!0_sd8X7~L|u`d)hUK!gU_I&^9*#f1q?O^*`iCSXJWYwk-wd8@X24I!_P z1A^zvJv>aeaY=spTxCgnnsIGqWrfd!^V@V1iJ@Ia3h@~MAbF5S_$a{7ug%uMl_>WL z+;{o%Va2UEygQKF&faos^bR>?Xm24M@~h9mtm8vI()m$>&q0p_aQ@g%X6K)7NmG03 z|A!9C|DI;Zx}EH&mX)$RA%P8PiJ)^6Kd?!C_8z9YZ(n^I$eOfL9z#MHaD1a^ow(PWoI~K* zs*uF!p#^_?{PxkVa@^*Kl=UOyoJR0>J1a9_ek!(N=1J&>u_}8B`I_3iCss02&!!p65yZXhXPu(Put9Um_Ym$17XZ>xRl zd~RTHQ^aX!I=f=!M_=C;lfLikP|}C}?x+L!WC*#)$XHRIkE~uWUWG92zUmw9xS+}x zKd}LuNg5e3ynFY~-pR>k^4CSw-8b{KVRxRB@tafXxNKj=A*8%PPwxQ|i zpuxd18%8LhbWmoAh=?Fldj|wC0Ad7olWQ?9s;Q}oA`@}sv6*edxB*}zDd}e73sIX{ z*@gfrJaz1wG{W{l?(Qfy?aGM6vFrTiNdO}n(9I!?+)$%YlvGsBO--oU=4NlXD88<5 z5;&-ny(uCJKC`A|nQ*h6xuqpDp2d*hV1V8gvkrJfM5!=4HyIetK|J3xGD>N8;Et4K z)v1m)j&;BWR^Q#zgSQolto@_E3y%%na@a1aaB*`lzVe1S7F9Up)47!j#UW=32g${Er80245z7L zwHmJ$>d`*@(A(SlZ`oWdrtY7@SAs^k((>{~0RNLxQmpsZUI5uTUkmWj|8@20iIcY5 zu`Nn;Zvr!0v+M_8*7m7DF?mPFyX=)~@4GB%U@1T~`O(u80zvUPH1yZW@nPBFN(G*C z2aJOpDj&S-!>3Qy(@mEFXd;{eA``}w_o^r5z6&9;?$-Jwl!NcK2@gbeNA#1bx0Z*) zVHf4=)}3n!WeQmpg-HCdzd1LQZ-^Hg8^%fg?c28xA3mTg=YP|pu3Wj|Cv*Ui8k5y- zA4cBx9t$r*#OZB71sb?XA^>-o2jxUb0$_}owE$23UyB~h(?i5lEtfLS{l^P%_l@pg z?u*jWQpN8oOtYPFM74kq_kcV;hN*#SiaJ8;oKAW(#)3rRk4->9Vxn0K5Y#yI^sgt4 z5+H@>=;--@oVYHDJP4R`t7l@2d312;@&rKm$#(wn=@`4QzfkX!fTk3_9u5OwPHInc za&qFl-KPd@G>*n~?;XMi#8LO8rEzs1(>u<8^W0mhSe@_Bx(-o<>@(y>KxotD7HVn( zl!h3;8X72CkySzgSB;osm2M2AX#`n-OsXqeODJl)zmPEl@F~ED7UbF>i@ zBZr+KV~m%*X_rSU>>6R+Z^?wMov92JK&1hox3_#@(I_&x3K<1xL|2}^)EFo(^sm!6 zI^x8L?#asH0~jwe4}n;jX$|)u*x&X7Qmrp6zB6<2;zbmsV%(5sgMzWTI;6h>8-r63 zuZh>iffq!wV}+Qx<+j7NB*iJnh{5X(@`kb+b1yitMRfSZEIHi@XHC?rLK zqe{qzGv#r$wfFSJ$_PTQ!Pfgc`E6nX`xpWPYRUV{^pZiLp${NFBKclZ;1E&&YHaj` zq5`^>ky+d^n_#Vu+p*ymAuLqRIyyS#Zx((4$<)Ok6S1DY z;7LTowq@0u^_(Q+9S-5%tpyRbC_70|+v+Vs28sNfuKFCMKq(@tSd?(NHGk zmpv&2t2L*te+lnHeRyE*_1@$9^wiWDu7v&GnyFFXNA3bV-yge(xAAl_&J8Hb6=GtD z>J;GS4KatX1R)U-kDQ%_fxdAy22f$1ys}SCPF{y~M_4V05GG3l3fGfgG^3Lsvt6fP>rNLQIvZf{v3YEI?eq%Z2j$B$2doR5r**ss;$c>DSNYHq#= zxp_)J<_q&fAiKL`PVAsn(7=7Vov|WVY@Ky=?+jbR08!V0-~ox$$bZRB)2aR%+?ArSHPjg22&U7ruO(cJJu*af=habP|s-A)f_ zKo0m-U;h!neK%Bn(bJ>N`(Fm2x&yV60cZqb$}bo$d@rZdj#+<>PL6mplC=3FV}n?c zztFim{y!~Cwao+cr~c9je)!z$^;#DZtoHfJ1Cf8MPUrrA1*-oAmj7d+dG;pKG! zB1xI@p)axokEqQZErEo9t}@upriujIgN-LQ>%_G&YWrFxBqV$jULv1(xlCSuXY9pJ zZM<=3tYDbur%x2EXMlCOUv~g{qq^`6jC-&UHs`V7>O~QR*jz6AICv-Pc24ZOkucMd zGY?l&RwJ7T&VV#|%j>dpXK4NN^FS>}LTfa6>4ELe%-N(_qw}6Wdt%Ncfk(>rYkXWM z{lVFfZ@Fu|_xSx=5!5jJ!4!NdG1uro(SzHK*2t?amu(N;5-4@#J7YhWnIf0&{tKj~ z*($`&FUuD>4m|wvw%&S2k77nzu&2NfRrPEiGsyB*h-#uMf3d9{?`5S9e_E}TgeL@@ zl!wxfxi^3N)^sI)6w{AmZ54Vkr+&O$PdV(r_~er)5zZyITOs@C&h_QG^TEp8>CeXe z>jFpXJ$Qxp2ac4T-2^xX?uz|s3TMK6zc+jDoJ{d?yEivesi4sB%mC7#72$QAJzes~ zsrI)R81k)Wq+xiE9zUi9$h9(BVFLmm`S1})+^~(q#7>WhLBoVde*n0}%GMT37jS8` zpv@=1JIK~VsyrFb%S%WV1ZfiC*nl8rZo6&Gcm4YHE7zot8Dw%P00Q_I z#~AVT>#ca~mG|1e@)0gTS@5HA>sDY8N3L=XESnHq9Fx96?gl z4j?S@Y&vAV=jk_EZ%jX~wH`Y@K2CpL z!dB(9+b}S|-?=JY<9htED*+20keSy8U^(BgwHqqvv%;4zq9xox=?DRhKgz|AQZN{3 z$XXkB=UNkeV6N4aWK`!osEnDL~` zNCF}U6!w+ZbOW-vGJt2)l)8@nUo7~EQSas#HSM~eKRwcwQ_mrg87Z0|iU4i-27){<3 zwH_cfP?RGP02Ik>tOSiBNbZgQqGS*u{Ak3eLz=BSl$DkDq5Bib^C~!xm7iWJfagT_ z9H8e*#Kigq?e8#gBE;N8w-@^op?YanJ4YhQAjBphCyg|H=Y`~O%eQZ5fi)oe6vTK2 zxvvJ9r#r(I&24QrxwwLBP7Ztl6B3h<{DMXiO2B!K<8;5%ZN4X!2&yHj7NS~8@WqQ4 znL0JGuthhaI9dV401_t&O0{N#~c)Hp-bVJcqlhbHHm6=q0@MTLQ&nHW-97;!FqFpz5{F#kt9+DRgy+Y*4Ul}uW?)Ty*48Y6{DJIHFw_PBF-@mN6m*NFKSjPE5+Th@ z5KU37R5#s0r+5PEsM-2RR@MM86!Njq+QWAT{Wb&w3{+*vxFLC2QBl`HD44Fpq2XCk zA2$~k5qUM3`)&OIC^VEYqz$OAVLpzDE`u-1Tt5MNz1A(mz787i^*Zq~>lr9nbI`Hj zbIgH8$U{X%#ejP~%nS^lKt?XNTa|}bW5`@8c)R>ePfyR%+PZx9V2Pj=V#;!V!w?Br zV0T3Kpmd$dB2bQim+=?N$;jx}`&_Nu>Xs2)v<31FZ2UDvaz{tU(b`XJ?6QMLH!83w?|y#Zh+UXwIxI4l8NlD1ZsZy$-Lf9r`Z#jwfQg#ln3#4( z3r|zkq&zZ|r?sZ=O)E`IT;TJa(}|}Gk5{r8s$*@~>77EG?c(H29R4nv>9zQfRg2h1 z_P*g(;Mtry4qstge}|#oZH$UCHwWVbC?*e}%s!Hlfs}d@534Szi?TdD-o*^7C{hKX zpT}Y>`U{Ji^}1dM4|@hIUvNkW5GDp*UfxE>f+1O81i(mm&Urv~HW|onhc5p5<|a!o zXG&5M(7|6I$_qjs1OUK)@|#lBIRX@cu5w$`#ep1)Ejp5Z8n+{H5KutH;A=(58$4bR zY1wB!^u0D>JD}x!wBE?)pE&G2WX2~t1#-b zBaLqd5H2jDYEjuPRPSfFYYv2-kO2edTdg`MXP#e8e*fFn^%ySo8^4Gc70}j)M<4(R z*e;R)GRfbMeS_}zhdG*>n(}BiNKl9qr4(@t^}r#@2QWjy^HO&t_byZfsN~$|FmunZ zwT83Ly~Clttyq<_JsK<&-tA+qsHumI!Wb(~?H+GsGCdX}$a7n*Y^t$4*=%)s)5&%I zfaHk&CHH~Xx{W0{X}=u7-;Jv>`(r~5IHhINF+0{pK{wRG{Hr`aMxE#_Nj)ho7xp_k3>!ozBSSj}<)p71Jih_(u zE{21J#R*!?)HVnXe!{i@cN}+DkjB0L=KSKK^vjpG$DKC`0E{8D6@>L}&_0A2-Jzr# z0WwBPI>dRt*$@}Jy%TWqW9ZjyYQ>Ghve*!)xHvmoYm!2uF*rRrX4T05004b3Gehy) zIY_{FA=|!K87TwF>^FEl9Cwx?r^;EIvu&x)32t-)B37Tcj)Anzq0`)e4%c?{2IxSR zgSX+7e&bDyP7M^*Kb0p-1)Y9zHit)8C7%^0)UZN7c`*jiF=h;haw~LrQG6imzR6=CF+3SHP@Lrq?+Tro1P~V0KCyAZXfQ zW$}=oLS_55q6VH6_SB-;tF4N1^&Rw#`Mww}C#Ksfy7g+NYTXyXpUhXnBkIBrr}lM! z>QIVCwr%8n$u@N>xk5zLS|%qe+qRBFRNLAbtap`$#-c!&mKLLF-*>pR)fXDQYoL_O z4jCT)G0h<_o9*8y7-$B*460kLHUC>s9Vzd=@q%f-HoNAx0ZP0@%`qPYHT~_T;IXiX zh$e6-=}v#|&(wf)N(z<)^nDzhk0J^n&ZmOJ?0m96$G5;(;u{}-18KB_47LV97_=Kn z_MpCB-o${)F*r_2OuCaUf`Y3L2^dNlOQTjbWE8Z?6^8WrT=HcER zhvme*Sl5GBt|$A(;7(~zdK?0hDW9vW>wsolOnA6jK<9PVxH4P!gFYymzgTiAgVA;Z zz}%p<7zz7u6R=1DG*JR*#5%w+;@UpN^mwD3FzaAvxwUF{%(RlNjldnsBZWS(JLO!> zjhb-W`ylh7dr|}Ch(`JbOw8lrwk;m)+!Nx50;|`Z^qA-MpWYPDuAe^>@2%E^ovkqQ ze#s|ajVx(%0l``~H~Cx*YH9~^HDlsF<`d$&LnlFNSXvY8iglGJrHJ;msV)|0yLm49 zu|T>53mG*Vz5L{oy4KNRTE&9k>$^|i&Q-UpsATAtZEB&Z?ND?9N1J$bf_+@WT~VhU zPHPE$&oeqVa_kf^CeRCyc4tq7PlCie8z$dHwlQ`*E{>7JZ~MP_Hq6C(tfmbT7_fzH&S$aEkDNG|mGJ$q6WFxS9| z^7-r67BJ!4*L5*Z~e%1z!QK7nE+uX;RR*bG`F5=4}5#7s2H^F z0(KgcZ`iH?u!k!7OKRzA#$~X+p^pxprYY9#RmHi;Nn{IufPZF@`jZjH&r6U)D5*JP56BNj$( zp0c4S>Q+9u5VwZTa29@F{W+6_|MtPJC)uH!w!05Tq@kzu2&%dUI2w=!3&3ED>itgu zIrKk$f*?RZKBvpUo3H#9NXrqL7nleru@)-0E?{{BwA>Bbfeg?r+M)$Rz>M~j>_Mr` zoIDEJcwjb21=ZASwEQY8uYTCAf*~{f%#M}3MrwV~e>0z#1R&`ew3f@4F6nYV;<Fx>-8V?b4R!<2w+G-N1j9(_tRs5#MFv=e*5Sj>oC+1l7XgNS1xA%@ z+xg$$FhQUNEJf3h5AWWrC)LS?mJ(vLLh1_4VJSMh!g{%#Wg%b3QE zsqc0iAU>m*6yz9`vqjGH9{?0C%K~-xT+Hs#^!C08e0nA5Ky5LA7W}VoLjR+{u=Uys zpt&jRuA(=Kz22uMyEScJd6Ag{5xN=D;RSsBBtV-EVXMo_uSfit=j~)xz{tEbQJS#~7TX z5wZ;LJv_*HO+vePMf84MKne~h0l<53Vb2C&az!dE@&W!A}7{N+aNUqLnEA7J9B>&_(;w&wsR=JzwW4n;B77Oe^b zn1`>gFDL2Y^86xtZ82R8oYMLQT2PVw=K`jUA?YlQRt(rLPfP@v9`yU4XrI%XQxk%^ z%x%=hp*?3iwiz-oxBFXy=mlTYP~j_Lylbqr&`JXJ{;Iv>AY@4{FpG&EE^&i!Vx;*T z2=UF>*jULM;Z;X49Byc?n)b`Bm@#a=zRM#5E%EvJdCJlKGetRA$Y1bGsQy1V;r|yA z{r~bba(voH!u=v}jt^YQ%aycJL(JL_^3&%2c2epoaTpx z3D6k-FLO)$Kfa#J|Ld9OkzW(KkPUC%x;2_Pi9G#5QjqyG%S+_s&CpANo=v63L!^!A z^@w)xHFFOrJ(r1zmE&KV4rI$gG=bT=M5?PSU*7Qhkk8rexDDnaI9T8%hxXwEb@hlU zAEdnp)|K308$vKql|L zxRTNpC|!SnO=A5Ky?q_tD|Flg$>W9aA zu_0zhEY~y*D48NYSN|DEK3XLOJk1D#q=Ys?$(UoSc10DNG|QQ2)yV9;&3ozmhroFX;rji~lrtlBWNc^ArCSHA0=LZ=^UQeJZf&=t`&$ z+XL><(beDkPrD~=ZlYm<4LlBx$`2oy6EFTBqY(qJl4r9)`79Vm%Z{0l;~vo2Rv&qK z>GJ32?(aR|$oWUSt(DOzko_mKrM+Kt+7u(|e`lP9=d)35#IX&!zE1^3{p9%R2|sYG zikV#vb!hE&x`EN)P}x%PJYZU+&#*9B!QUyoi4O#OW^ZJwU+zC%fc2?*rEri#^T0V# zv1|cKD>$gLn><26I&wYU9-zCEn05?!2RgtBimPQBbGz~>HqkXlN`4558+l4{`7>R@ zM7&q!MhlBGG|MYbPYyu~{0KOlL`GzZiV^`yAaiX1?u~D|J zIi4b`l%#W7^UwDw$C)=|IPY3c)XIGaAK8c*oSE@zHh^BNZAC>)&PG{_TlM#Vqk=@16O)_Itr}gA3;%Hhb~OP zn*}AH>WFs+;dVgd@hNzkUYg|qMFhVALKu(+1|)1eXH7`7bOHi{Z2lP#+c5K;fDBt< z*43fu4=N<|-)$ypF~HH^^xUEfs}^nog_;nVYB(fd2+i{SmBvLd@Bf90JPplLeMplH z8^BjYPxkbYuk~fGZUU6nZOs)dT$`IiS^W z>eiy5T479|RAG4q1Q-F|$0y@(hkbjAn%X?H09q$tux)n7z>E;Eq66cg@wX0tk(!^N zh6o=n73>`zDnpMuYV|i*K`s&y)B~&ng)`sf@U8wR0J!@g^RI1fB_UYtPa#ud_0;4f zqE>?O=UlwScr^rNhkA|W-}{iDaMim%BbHO7NnmNo!E4g1JJ%6&+BxRpDfM(FkjAZ3 zmTRHP^WKdcmrQEUi+emGWx_TPf1-KyK~26_zPhUFrQH&r(v0|t?>BttaDA|YuHF4W z_d!1CggEQ?1H(o^$-sfrE!WsIn?R1#fb#>e zf3mo!3c$MoHnMgI90atMI&L$gz*0uX!r}`RWxe6LMXvL{HT07RLZ4>)OVWdK{}<@o z97xQno!`>ZybymDh-Q$Z9Ka17!EZtR>eVaTas~ohmkKa@fHH{D)ZRV=pD+D8I3`98 zj6TqQpN9Jp(a(>9*9RoF-xYQi$i}s{whk@a*x1CT;pIq?5H`AI~4_3A?-BL>8rfmmoju#qmu!otF*x*LiZbRZd*NID3* zod_fP2mBW4$G{m9m;|lV%`5jWSnUQ+#D7NC-;YWt40@D+bc#9PG=#}+7kZmgz|tK& zK9peiaCUJ)`mtD)X3;Mhdee$eX$0S)o?NN22Vo4tO`Nrn%| zUDw#S5tNJ{O`qvaZOuW=gL%|S*X%3Y(7VG9Uz(JfI)z5Jf-0{7TPMr>5bWsd(;*58 zT`!Sn#=yXkHg&aK_@}#o1E|Y0BZCFb03yo{2z4E%ehL^qoUH;fAO^`Jv9M63j0i|K zk7>Uj^t_+9hnE>TgEM{b&mW|x8|yGjE-fR2ej^wEBHIFPcns`cNGJ-Z{S|-*Z{PAQ zEG!`O1sFF44E*iVpg4RPl!4m*{xHO?3Yrig&%~rYIIjd8`u9s7K$+p73?k-CVPWC< z@tT@?D;F0R@Ks?TrUuXjF455BWYTaMT!1-BQ~A!^nw6Dx2U*|g>EEEtLzai6i$~#) z?JtQ~Z*JYXg-;_olE8Z`sjYvzq64Tru!ME!UqHXS6-do*lOiyoaT&Fd^_uWPFC7^H z>>}8xAEcA@ASDhC4RrxdM@WT_j}MB2!XM#%$V0XVbO!dWCV=9Bu)cd5>>kjs1M6&h zkHbaU52a2+BTM)r=_#_2_kqyCB2t1i6V$TYKe&(NCy8gOHM-s!gKz)I3onBUxuQNoasldIR|fNh5p>L0ER z=Y^nOX$*sg-$RQGA%sdyS%_r-=zTm)4V@>6~nkW@}fqfHr3J=8XXi|7!6uSf9LneDvTD5KJYUOY%4ANzW{zX<^PX zDf$YFn|8mxTbCnVH3Q0T9aITD*tE-g&@K(_1m~S(YLA8)(rorc}g6k1**bT6nVHR^YfvtZ|cxdPc$X}qO zLFVH`$S+{d{QP{do1o$$(qPS=FM&>+s<{cSL~x)>fwy6Apys3=@{)W0Sm@WCN0G7& z;P7KP?|T0N?E_l_^(XW!OiV98*?|;(nUc~Ej=Kc}1RTK!Au|rm7DLV4m>4P`4Tvup zwg7Yrp@o0)6Hr^|78uZxz9OWeOwF<@w@uUGUIuW#!vNo|jvICPtUP+1C zrvNg4NoyOMu9rNp#}L~IG>bUM@cUAf$+J`uBicT=4xkjkM_!U#2wrZSK=%Iw$aK7RZN z=^5W0Y?whmJ&9}pNaAB-0&PM%@YEuX>T(4jqQQA5j4Ew~SFh6R*XZ407X?s@_`rZc z>41;DU8OUSkvZ~JmI0~Sd=_JVfY3)rsfwQYOD7`@IaoL=2rV880;mS}mK{+P8x)P; z)&nIYC@!uO>3G970J}0hJw0Yfa}xeLQ1z%4ukD@n$H4@MASkFHaAdY-!wwM!pqGLm z5yV6T5a;4O==6XwfC1V`z-ID5{AgDWYW^oNSQAyD}zozYQr2Ialpq*_uaQB zc_=o26T{5H=7s}BKHb+j;B0IdtHuw|e5CB{OS=;;aDW(uSS^y1?O;klxRoJSJr8`n z7LKPOXby0DA^=fjMIf3&LP8|qm=Sm_Fk9YxL);?A8IeEK4%3(6v`lE&0O%PA+ZfoZ zM8FwDDOxN2eg3$|9(X~KhJSH!F_81y`h#$^p&d*ok+3@uynvi~0z&pQTLZ%Q3$DH4 zg37=T5%^xvriG9K0l@^@+3JG)(J&#ae4&yZt^Alm-|AqA8G zW2j2!&!6vorT#=hdmM@=)Xq?=c?$nepeAZ;sbgVdga4ESEJZMRxKQ{j0r^25-a-!q z_V%hESkuD;6GY5B^;I~)21Ny#VK~o(^i&1z-hDeuX5yt`TGfmWe}t$R#xOeyFlm~#D+vh zAL7SFss?-&Xytk^{m2PVh%OLnYvB~c%hB?pdd+W;lQ+SP0N{x%fKu=WnAmEOL$QQ} zDF9-j>)M|1w-(+2sxcQFs|5Q9(vtWx@%RGmhcu=y3xuzkxybNAX@O)hB7no8Cb`nq zs+JC6L0YA)vnu^1cjaw$H8`24p#?AnHs8`Ajr8tiXMYytR2yP*b*JmeQmx} z=9B@K_E(G~SVXe`a2*>N{|#UmC|Pgj&DMrGlyO8`*fPe<@Zr+r4rATBOZP9}ZQwPX zp}`jqZEtDK!(aW6k^2o19C#LH^Y{aR7W6zXJL^FIVx9+)xmjiB!e+O1FmC%%UM@$)CV_64*_Tk-)WC-f|^jxDo) zIJ*IQ4Oc1W-`oWUlKwVM09=aHxQ#MrcVw%6BBYYm)zx(&bh7~|`JWqprlAWqp;Kf+ zLZ*4T57i8Ki6_K+v8X5M*?8{r#KXx}WS(+a!C(k`3My;9Y-$hUQ-M8NUyQgKA!4?h z-~T%U?|NATa{En#z@UQU6-~|Pd{#EL>>peO@c)45WyJgExn9^xIS_OVS9Qd^HISKu zxv_ye0qGhhqu<=6f_F~A2D~QWmrZ)*ic%cwKNrzbJgOQ~?FBqHIW?6<$nN9oTX5HJ z-VsW8n!>ez=HU`S(pXK9*+~rM<|=8g3V5`@Uvrg#i9b~G^rOMqyJ%N9wh0N%pI)K- z=dn+Ow!hlk_;(s@9$EhTSJX{`e@1oxC|%ovrTqEmw;mpI4dyS4pD3kP&{+yC@7=Gf z5kl~ogPWJPMeRz`4@;Yf9H)I;aTgXGYaI&(rEBMTE z5jG`q{36|V;|oSvP6;U!-Z_dA#)#q0GPkH_P>uJb&v^J01zedw9esifbvp3QX$>ZAo1bj#cB z4TN<@Or&w2IMw~_#d9rdrYW)JyD7(d8!qg;8xgkY=g%X@zBUx6zuvl8OXy7Bwa7OQ zs@&(l){yvFqBAjfAjLVq^myI%j=Q=F2Y?wq{& z!Jz83xYU!?`29PF#y<5ak8l0hrMgNbB_<`ODJZX*RdsZzB~WyzW~K$#v!Gl3_YDUO za<2FG7c86Z=QO%~&EF-f#WXE9dz%|apHH~Y^AeL;KR(wU4K%O0b^Fx5i+6>dtQk0M zW9~Pk0`Q!QW0>wE8TS1MlYM45#p`Z;v~Ok>Y9-4|nXsD6=Gmmi4R%G&vEMTk0^m*?gMXXf4Y`Q33>`Nn;r zSG5Oa)C3Ok`2Bbm5u5UQw4v$c+<}?_!+t=8Z23Np!!5x9PxFa`!kFi%LZ<|H%ON3~xU_ zVtfz+2arE5;|MYFt3WbH?LXHKZUAPN2ci2ZyI)@vDbD~;jUK_+ge;ubaE|$iV2HdT z;1^XN2sVXC@+!~}cH;al1_uWRbh3CNk5*7uzlI!|>@X1UlZ(cOU=L9NWKPw`5NOQa zXq7>*Jp!e_93`QTehNqwK<30!+|B1ln>*nF>7Z0G`WNQ@|inM&&Fawv6Hf&W2HP-|YvtUTp-PLv(R%slk@ z;WtWpY`WhC?*~5O;i3co5S*jNOFjlx&gm!LIS6A+PVvxw7mM-CA>1S^}Y5nujmKC1E7Mr#vdz?m^j0e`9T6Q@uF+DK&rnCf>*T-bx+x8FLw^c}f zKXy)KURdnW4dPF(2tS{#8gfRfPtl;cZk@S?_NuQ;()#DNE~tHKDW09yX#KnGrD%?N zNcqP;S}+BdPB=m>c=@&`bSi8%cMg6NBL90^ zf@;CKS?h`l19PVf+Vq3nvolmWqxfq&J8=(dvZvJ-pMR3BviV(I!iTwD6&-_Ro(oOS zD`#!_5ME-?>YZ@&zT)e&MZzCHpUD^4Fu5i8V^ffg_C2RtYg<_qQ+jF|f*(mX^YL$u zceG>c7d-y9ty(4Gp{nha?xaL>zqYD6W8le{!1HAtBX=C7#&VxC)SJY**hRNA@kpsh zb{q6&o)^s%7~E_*;XFfrc<^;awP)M#>1|){_&5)r+wv(|ATYb6DkuD^FKkS$-K^1ObV6Y#eM+UU!Gf^Fm6c`Xp4etZ= zB4A;c0GT9N1mWJ$VLt?>1q6C2j4P-oi2+SuC6JxvLF;kji9uP3z5(#swb%u~YLUfb z#fyNFe45bO)D!~kr~3ELU%y^G9v-RKSl1>1=!*MCGrS9sImub5PT9UgwgBF1->9Il z*5YJtw0?a^ypvef{;mDRCtu+^-g|TuI;GmoOV(+a>yG{kOq$EO{#Q!fAQ&2 zoXMhkWvzLosb6^oW3n#a4lzId)6<6WV4BEaur!0`p^Os>rX3;7Uw1cDEMUq^V4Cil zCEmfx{-;ngey@!Un>--DWNbUdCJc~<#? zd35}6ORMc}KX;=6hn`}FgTDkbjrKdGZ8L3Lm81FK;P1A`MUAE5EvbHmDVJCJ32iBTb2-N18|yv#Q3Po`E}deLUS^B+Olj>7rGWmKsLG&MQl;-Q&+t|9+P z^;cP0*@vh-Ny7=J51&>B1_=oXaxg+WhM*(oxqIc1Gm?@TJ|i$(nN zGxV#!EsQ)>K6Z8%AYX^RYQxU7Gluc;!Ldg8P>AI8aPA&Bc#wZIF*P-Ia46=xHiF6w zL&=2~3&iHkF|06>m#<(MI|=IeHX*Ln8%NQ6KHw6{(Wzlz9xv^UEJd39Iutd}=^v1{>&kBao-%JC!%-gpo;w!l-jm_K z>@yp6W22pS=Kma=b@GxUKbub`Oax2j|YK}S`#=zH~B^ z*Y20*jIxO&IbDXu@84csZQWEU@$Td)m2nKb5Tb0{g+jMfcHXkIE7 z>8;|=NvO?f@+$Xl=^p5;Dp!$7O)2M;43XDj?-;ic$`l(foqiC(6V{cbbzE5Q^CeEx z^Ch0fE&NbfV1=yPmT0=N1yLAH^zep@dYyu1046dzLPLhk*-7DkASeasDGqa+O0UxP zds(%0k=9nG1zoAzWn^UDXFJ*X*Z`h+_Uu_nZV8fk0LuPu_*J%^im*L?si~<;S292s z(vGSe)h++ARDQ54Pvhclf~Z8D`*V1hdbtTC$Egdh?QNRnXS3i}A04~66mdG0h@kP< zGTUTZVZ`&1l6yUV0@juX&L6JGV;21}R9!MH(HIfDtHiHsN`3QFWlndKz~~(xdsTjl zIi%I!d?Gx)-#|3aJTuYTxaUf0B(qCKT7s1wTZ7{)vy<1`My!S%B1j_t@z;ta_e zNz6z-@N0ZLd5~qeIzj);5p~AKpF}=duHZOw|wWw)lwD$;uv7nx~r96Ql1;r_G#d_ zHh;&Z!oc687Q;6AQX%F#SVH9 zzF7i-c2-vF_vD)S&g*iwGSDs3=KI zpP>%}FRdhn{PF?lw-3D8_gV!^h;0P;5>P?Guwcthu9wz569w7FPKvkmW&{lK?8w)S zeA}@1*v-_Gl3K%UI}R~tz`T#~l*2R8K>?FvP2*mn%eD9nnC$Q9oZgslXWO3s%J|_C z)6g%UPwD9-{`zimR&Cqav{;el3<^A~wYA-`j0Pj!i&tb?89dcsYWVs7$g$#Dj(Yob zUP$SwG&65C)=r(Z{o%{LqocNYuIjC8I4;UPdtEKF|6wZIvF&xmLlq_3XJR^C%1Q*r zzjrAIO8<&U2>e`hV{^xfRbOk0J

    UTkMMPuH75BY~o#2VrkV2(;FAXbI(kL8VY^d z&S#WtC?ve-P?|`_NU}&nl4fI97PsbR{n|x*%}p8Y7D*um4SV+=ckR5C)Ns*4^`K-& zp1D)vsdRzT$Eq{<_e^KFdX<{=g&V%rnH5kGdQ$mCv`cD>zt!1Sr9+L9r6t=QD!QLo z-RF@^3#ZIsyk9=zixu-PW1YlDN;~Avp5+5#jkN<&XEBl(WG?m|wL`#s5sbb-nu7xa zq;UeA03ZsHg|lNp3Uws{Sp=H<==II}->TwMg?qG0OH1=xS{|S!5vK{UMgko!(2$@B zL~~TLq22|3`e5-RoHv7SM%ZB+@9gY6SuY=3_xbaQ)QeMN>)^L=6~7H*#n(VsA+wOA z1PjogZK%Nepm+PzN-9!+3=J6~@Rh*i^WNP~S}WB1KWowMht9*pDN;6S-X*dY3i4gG zwaQvo6Qbhk52UnSjLq!q>|Nfj&{J}}TZKii<$kfp2mO1~r*6s0ZeD*?Y~E7#+(UI*=5PPZsV(%y>CZTOw4pXWf@Hey)O8m z-*wE)GvtovtwoL&;?Y<7#m+n|-Tv{DmGveChs=PJ_f90r1*Eb*n{e=RX^v$UvWz=X zH^!c9ZszC9eu1;hQ2KXr$>+Y`yHS56nVpl5SmN4rf{pX~s9U$-uul4sLX#)ae#cs^ zwlHmS+Wx34I=AIn!bI)U`!y<~S%4^PO`I|tD&ueOs0bQlt1Y<|keR5KwE2PFNM_yG zc^ThF`>mNC8`x@=@t@488<+1IbhBPM>h}5Gk5^%=YC3ituhqq?-c{Tf$~8*VJ;px0 z#x8nOM8aTfsoihK;S1m7Vta?8Tv8=cZDxzqJBX?}45}ZFxQb|Mv(Pf?$7T0>_0Dlo zub00cR`-a=aK1MvrWdy;*7d^GlbMPB;)_#fy5~u!nzhuUp9xI(GT_13%mVw}-n|QZ z^5h9@WKz^zT`U-=;no6fGywWFBW>QX7NJjzM5WKHv|TU13`UBCR3mbjGg&=arXb1L zWT!M@4oo7sg@lfYYXiG&XlN+O@@m|L#C>>pc=nt*OIEBX1ibHn)?*TUps)pnMR+w5 z_pcBrJh<^b2vsqo|Bztt+2lrcEprp#1yRUqA_jBzU7XD{)HP^i_|dB@IBnP2AGWE6 zL!pA#dF<0dG@`3^IYcZzmY#Z7bg+8h^d4cA{&M}QO)Eyh+FX@wGc9`6aw`8tYv}3D zRrRhL?-sF??;ec1o6vtRyJ3Poq~Pa*IkU$DlSMWe`7d@7^c&=p5!4Rbd(%(oiDO+< zyW#_vO}~uK$If9`t+7)%BPKX3uu_*P(7gI*`HtdWeeH7Emo5dRna<2IHFwlys1*7z zZ^tI)#6WFD9#diUyEpDedX6{Nd_Tr{rZ%Q5$W_~!SFEdkvQg^LN=dTG! z{8k>Gkrm|b-f?~Dg+iT3;}<6@TS|sFr@a@sO}BBY^i};-W6ghI=D&4v_vm?fwmaQg z9mP4?{_Mw4o?Qy_@?E;pzx(TBy*KV_CgQm7{Pg?H>pQo$Joo&z@pHNPtNG^*msGD{ z7pn41a5_<~=eWqm;`s^hS<|Ni_c>nRn+i>dYJ4E$cp*Z>vh`hK+slC-IcA<4_shDy zgo1x%*3~?|`#8Z_JJx8EQKMM0(fh_E4IbGm33^gs5tGip|h4 z60}TFO|2;6L}2We&2Ce5ZGHpUn}^a>cReU?PXj9oBCc-Y%^NNG%kGR@#y!?`O*#e? zaEKHMY+1Zix6o}mmQO1>>p}v*PSo+l-xKXy*1p}-UiNs0`j6sk%2Ja<{QM75>1nV2 z>J{$e$sHoXxBXT1tZYH`nX|Hz=pERYvfY`Ek~I_eFRjf_w@+`Z43AtOEcs32Q`rt% z+sVx86~~!lY#xkeec)Hi5Wf?Yw()ziVZX22=+-@Eb3!+>OF2DT6*lD=ZeB#XQ>0E3Yv*ShRVCuquaZ>m!4*{)XR9jRPZ!u5toDk#Oy7h#c*a7WUD;yJ_5E zYj0$!sieQjt(@$X@2PX7f)*=(?dMc3sB3v%Vx`hD`ax7!gQYX!nPzJZfBi`AHS1H3 zwilisJK>Zwl{oUM_Bl&gE%S@u*g)ZMvFUA?9D&IGQ^Vq?6qC>E3LnyD@Bo1K}%#0)_6gYkm$D@@1EDNMAMRnq4B_ zw5?cRiJ2bC8oQI;%G{513eW2!a&a?GpV{ql39quJF55a4{< zv5Oh_t5@&xZPDF=hEC}si(Im^aaWabM135PVQ#dxm|Xn0$w6(2fAVoe=11?1 z;}R3|jYZ|2ed5`&=X=e$?fCZk`g-2dZv$pd;EIHaD~h2<{X*80_2lD;S#KwP#H;At zlsoV_Zup|`^vBqW9)YrsoYpl@1?L)P{ds)17Ye*QI9h7$rTwz$;3$)ui@*%fQ|9zk zO#eKU=ZcOj@Ah9ctJ6dCi_>q}Iqh%HUH8gqu4}r36|rBo=epyFZL80yYLR{3J^~U@!v&O|R5B%64($DSoM`C;MhZ)Ut%mw6*9?fbv z_4l9JQ!EOZm%C_Z{fkf=oga}7DC*CE* z(3|&IDFTi(3J9<=`1E(5)> zV*f`NUZq2uiUJ63Z65@BJ>OOLzToL5Usu3$^XAS?+nWweC0E~?rJNu3x;Qa>+fNjx zDkt+WP82$q(ZLxj*pz7}jP_hCb`cmLQb#BRqj@M|Mo}q4-UgL-5T02(EEgbAZpd=j zhBQSp!{#dFr{S+HValV1YDZjLJPBr7IO*@eIG6;~=$x^zw9JG1e5~7~5B{MVV4u&V zeCY0C=qBHPwSoF#i)sB9v{}47+6FNrP#RrP_Eqp;lYZ8X+pb3o3|=ChS0x%SAZ$e= z4mWVTeBCWuaHTLk=$&5||1!%3eqGRqf%sXq#`(uyX!o9d-(lCM3F#0$atJYvAaq;K z${LRz0d%Y0_y<0O0^C^i-u${>5Z;oR5QJR-7mq0_-b#o`OA7)mWcj^*D^3n7B!P#& z5R<2dZ|XY2x1n1b0SHP+)R!|Yph+ViXz02`C(@A8E1i<4?NQlqz@O*&kFar7f z>62b^v*GE}KS(wd6yyyW4A($r1<(vzKwkuxm?IDrLUPy+X(d7YP?`?ld$vI-Lw$ny z6bO2Cf_B;RLwdy;lS%uP|F$@jT^!1fK`2Eaj|+z1KMLh_LPEZPPROQk8`=!f7dMKn zZxw$!2E7E9705-?!xD&5~d<<8j zF%kVvfc`HdOH^MNkPtXE^m3OMY-LENf@Wq1Xf^ow`AOMA(tfD+gJ5?ADV!qLmKTRx zLF!TOfrvZga7K~_-$fgS_-O5*e;r4DIg06{~6s{Bb48p2aq_FM6R)JX6c zA|kZG^Y@^hD~1kx?euRZ@@m4S1(Tr?vWa)WF5rX?J<+LYa8`q;pRwfacjP7A&{y7Z zo9xlC0pJ6pH+=-)f$hMlL!Ac>lPDdom%-5KkVSuYMOZi5SQ#iCf~SeL^G_K_hUCDJ zU=YQNn=6QnB<(Lq8c!69;C4>b1_;|>3E;P{q3ok2jz0df_5vR~jCP1~!m%RJfu@>X zdj?8UYBKop#Te^|^g>W}2fU(#{l%PlEZ?|rq8*%OuYxH=*`MU$$l=2gHB%%q#j?c4 zWaQxBAZa~zc|h$s%&I^cs`hnf9~Qu81aU0kMUuZ3Lsr5Bfc9v_mMN?staE)66O*BO zwCEMSeTzXTb0G^9*;ZkeHMh8NHFL)fto$)xQG=J_W2}&ZZ zI{L{`b2cI|SlJ~HjvoU2BPJ#`(KbD~7Q%i=N&ztQ^75|RwCPa84yc0u>TBK6r43y! z5Sn>tmq8mMh=EzUF!Uz5EY!oWbN$+o7+&MVSPAPpSa{;RCH@TEREi1;3~GUy^#9b< zWbrGISlIM6uUfIR~@&bCg(y@UqZO4hXq%KpV=2%r?GI=a-n%C1Jd}lR~SqWWU6d?EPmk4CVKhauN=<(w>Y7SSUIzUCLAy`^e1nF6B<1Z6O7Tf?^KoN3K zP&jj0SYie=>0W~b#&M{Cwijgr#9{5L zw<>DTJ5yvoul62NN&iQ}h$3gB^1aXDso`mZp?GC1iukaCs$lGvt?a%O`p{V^r{No$ z3S1Gb8I@mcOxto=^j}-T6$%lHc>dQ{lrJI~xC=u?D-1C}s*NEY>mixNSzpKNlK8Ux z5so1me}g3gg(1Z@N-h|{;6g2djJ(G`^(=@aYYuq<}>Al;Sw`rF$VWxQ)aK z)^s=EegYxCg|CJxG96-;_d?K*WQ(Q%lw{yJ!R@F~PT&K&Gj2**Hc zC>cpHZ@YoU3%H8vBro$hp`=ugCMeXs2cEoN%*tA@qs@80vGJEp{SWrj<$37bG%u2BuN{K+l(Hgp z^3{JlTY*+9oY%-x-NS|c6bLbAZ|cc_$bq6Bg}AJ&x5#sQ$PQW6>%5pbRQltqPp03> zzxL-xucR##m95x|wqcL>H)y?ko1Z@mBemu)TXe{mz2?OwQsLnW9uKqko_vnS5D=3% z%zyaLHF3Qut67(KDOpd39P@CbK*DYF}l4$;?>cPz*K2O?k0 zt#ZN2;oI-?&-Z)a`}5E}X_8$5qXYK#%0FMY&zrFdf>LxS!2>Vh?Vigj3JMm56L0^y z9=mId;~pJ7*=RLm3q#`9veGNUKdVHUu63Vx;8R|i~kQr*56OtH*xrX_Z4;%kw+mHM^)$hq^<`xdn=Ghd_-dMhi0Qwj%kfO!=_E) zA@}zyvIZ2N7HRo@RFv`WGIXE*vnU);e(l8ij~-sY!qNr3ur90_nD4Fq^Ds2X*@y;F zpus?;4pEzORrphzTa+I-cGyDU2wbw{mTPLjxlJGK1^@h7vm~{DK%Yup)UZ9TDJ#F> zf!#y1IXbOjEpfIfMTmj?uAwL^$-r(pG4qOsKWcDpYh8e(CdpxhOgM3{Up^lG86!Lv z;WU`&6n0Y#bc4$P$`dugWskXNO+Z2qYjt!eY}&p1evZpH>b~Fb%%mI`o42j3yi3R& zw9tJ?r`m5BsEe31G@3Z>Z{X@h)Zyjq;@47A~i!t!xh7;keE zN;y@}l`WS~?;Fr+hXD%u7CxOZ+TYBLlZgB?uq)`s9#Izq+DVXWKa5%tefSQ~4)MFG zUPxQFA^!uxHSZPJs8^5&t&+GPC?-~wv*CaNW&GsmNNPJWoPmoz`4zk8>Bc{JZya@k zZiM<~gM%9uH&AASo0(zgdmCBX+nSo>ysB6^Q`4vdg~xD7Ld8NZpTTJ11u92Mj2=`E z0Y;b8l8f$iZhlmAjy%KN#+%v{B83c)&Fw?0wJP!%nzw@<-%Wyo*OArJ%%=4lHjuv> zAY^neTfzh$T{^x<7SVl{2PO}lDKrKJWha`0o}xbirZb&952Di=@FMvDSv~SvgP}8Q z(x=3?jieR4eGC25HMwWxZ4pAENYCR{QUd|Qu~qH zpF#IBlr)Jjmj#00`QG>`@&!Pei<8xlq1XTzifq^mD7!}4Ac%3?ISnU6*7qKhiS!K& zAi7~jTbJ+D?mhND9u{aUAFU|ye~ri-~c;0p_D=BGcXT~=9OV#&N9rN&wyLvhJp=a-DaX;7cCj; z-E0{Wcs;AJ@H)VaF`$naRV&?$!f>z57I&H^>Jx4SSs0q$gD%<$Fb~ zf{Q&yD3#n?pO{hpX}RwaWWq~P)$RWAYL+QH`H^m_M>zr5hzAT=TDm|(Lj%$Xgj

    _2;6e1l5ipr~t*xQB3#fn(;dx$4n3qLE?%>9V;Qs>$E>;uA zpQ3a4UU0V%($tUb?fSN69cA{RI2~z8!w^dW5@3|h0bQOyM<+IjUGPO7wg7r zK2zco;=qx7acHamxny>bv&ww{p$|S;0x27|G;%5f$V{XgnjXK)U-za3H|c|EPY4#` z;5h&gfV{3mU*7yCGYr2%)$-PF?IQnVvl)VDnnM~c&~!LB;RDbrd?*DTw0NUVfA#GG z);i=R*AG5%R`qx>BU)tv;ne6}t}!#83fT@z^@mYaCZg=vo-seSiDAb^s>X@{aWM=* zhu^c?{hvN5PA?ljVX(Wx-Q7K!Q3(0^{hgMtzfD|5CzfOARpW(AIh$nwNcrs^nEQ_q z6t&kw)2aXKKOFBO==MSh z{G}mr6SPpMiJtGXuz=A&jo3odbU>i!pc^u@gRmv=Ki|^aY}S0ZnGql-s(n5nKhJQ+ zRn^V>X0wax=*Sw{dyMZS{c*UxsjFMT%ON%h?1|rZWoLRu2BIjnkPB%q*EKQG_-qt~ zUTQSE0`zIrp9b^zaM=8Cl+W1i3bgZ`+rATs)wzIiZw_`=h^;XAG=TrdX(OW@6Z5>A_Ms649oB*xDc6xHP=g_c zqNwS~D&V{&;;5nm<>De3{8CZ%6Er+}`9ZvR0jnUDcwh@OvWq# zRh}qC@VmU-wR0zfVJ5XP;*2sZ%}cW77|n&B{)(xlSar|A%&aGa)CKtI7nle-p%=qT&eA3;wvE*=_W zn$d!N_X@d;VuUg^b|caMfiXjT)`qxCv#M1s8Sk>^bgg9+q3}FFW-4i|gIBUs) zoXCA2-T^3s^#z%NfOsRvc0!>=*^hag$MH0ZnJd?jpn>?_BqgPNmNoYKs-E`teRw*Q zhJtz`?wgo!oE$$;lHIv`_Yf*dpg05{W@YV0GqEhtf@cnxkusj{JenX<_+s<7u^q1g zh@6X+GsGqq&b74gxve7`!)?7crqu6Yjo}`YL~=M1$YvX^BXSk*ASrFYu?o<$_E`A? zv>VYhB7C;mSB@J%MscKPP3#&FI@$$R=*@Y4KEA6+f$%Pb%q^Gho0uN%lg#NJo1XsN zo1N+_?t5M=z9G(7VAU-Zse>%yCzV+EmUj6sENBe(c1aepl9Rf^r~Klye~`aur}H(= zO?oU6TP1=T#P{#+;v)mn#(!8ID-z)b09a=DF|9^S?{Iz_F zQM3Zgi~n4_{dZhh`oZEqvk|-*MqW9wfH}A(F`I0PZe{L^kY_<2^q)Up_WXBZTF3u~ z&#JyQUma%lnDk2B$D{n+7@h}|^9vRvmrP(PHsuxo6-};5CNP~{3EKmta~_<31}^z8 zXY?u1=j&TH-@U<D6%? z8&R05KXjX(s1JY@)TsuvSm`wIO+e zxJ`*8^V}dHumIEmjfaNoq`7)qbP3sGV=?yYEKx93 z&laF&pGlLxkTbhZPujuL<1B_GK%1HWwySF-_!!SJ`VRDg1G}TqWi-__Pq(PfGOfi$ zLy(Pnn2`n0!R~;WO5~qO6FfhnuBQ?T5278tIFJaSIXIUq5I7Ny815NC1<(%dz!BkW zx;&aI0Jl1F}m%?eW}|2k1|rB9i)F#B^hyUSG-Oh=PpJZwR>U|j0QZ*!hDuO|Qg zm&y^B8%%S!9%Wj5nu*SIEF*QdjV1o0)8S7b76d60#JOU0heRIw%Gr_OA!R*^RgIU` ziD|w3SJ(oy0jR;Is6(eN5wkSlGvx*ld~@0@Fg(+dyO1DauJ7pi zO-!koy?Z9HQ^|C@uH%({e21guMsB|XeLXadg11LQG#i=3d>k+8(M$)(i@Lx8uMoMX z0UD;zjQs-+39U&vStXiT_O}R2f-U_|EYSfRw=@zB)J6$pYBX3Ix$tA;;bhZ+WDw5S zzOWiVoxqJyMy56J(4YqSb01#h5g--vHUU5wOfOzxzhJ^I4=Ow~!&ae~abE4!)G~rh znCRP;C`ggHl9wVic7q&13IvSFSsKmJG%N!F_%p7Cyd~0GZK5z(77qH;Os}xAsI?dI zr4x=AvtNO^0Q64YC14lKh3qiq09Hk2jz{|#2V^Q|3vBCtjO{7Bh74JVqzlmqMnw?9*oQK156QP zmn+D&009f3RRQLg8hwDXL6=6rh#4EB9SA2kw&;9T{^e>K*P3vAkqr=;{zBMAX9Ti; z?65aD#*PDtCUq8inJJ3`&^l}J%9XNsaa88xHT@nNgQ?;)N1y8&tYf-9w2aSCb!(;| zj~*e*3m2ZF(T#vph6%Vg5e$#lN-pS#7HRNwL`8v&on|Qz$3@YcW{86t1Kf{)h%qJ~xb(Y{LowcrF49@|2 zHY3pR;Mi$gOs?zXZ#-8rNku|JwDP$Rya<9+ABDLLuR_B2AyU;3rF8=QVKh@GGm*~0 zeXL40y@0ovek`ij7o5?NGzs`*+Z`sl~=MCwgmo-ouUGaxi)Z9`Um2H7OOca78c zt)S<80pH>~ox!M1pguvGS&b{6Idf(l8vh~H!B1iz0_%7L9~M;AH*w^|fi)n`2}7JP zw23zZfIiK?b{AK{sCu9J>M7&2POM@v8 z5#E8R^~QlaxU(a>Utse& zxb`W7pDQjYX~!`~Q+gr4zkaaFQHlfhJ~UrexK0q$ zQas1+%ObH?gGmi~?J&pw)(UNVuEHsDI6;sg8w%{4*R8Enp3AN+59`@;G(8OKR{1a8h>F^Ry6X`{!% zhZ744w4NfxdX(j;u#s2oMe2^EFCQfW@Wkafwy^5GutPO-0}B;-yP( zZzyJhx!5BFUs`+=;UFpK;GISbu7=l+=9f9pmd0VaA8lpGWB?LS2L}Bd9wI_UewM@F zkKthmaJG@J7ukdZ3JF4BLKE(NY`gHD{QL03onEqZ={{sJFnQ9$fG(Ui1Hf3wJgR57 zuHXIwCZK@8O2DiMWZZ>#o0y9*8#^zhHWU4j^jzrgFckosIk}e1TC~w-OCPKlp~Q^| zo<1*xi|VjS=NqT2iNr+GmvVvlR{Q|Y4nbRNDoIuPfw}9Ps2w9Cd5|z1sUCEfKqO{ zr-Q{*jFtLAEgq|X^Q#(b6XZ;z82lI21kuMI`ZC4Tp>)>~5pJfDhgjZSqv^}=?Qs{< zPht=dDzhyZ?RFnk6TXNV;NS@k_y?E?!kF<530@L4k=GTBl^^3efX)359LHi5M*&Ly zp~}(f0ni9bT+_N1igFyYd1gao32b^PsKV84XYrb`4`pCe0xIk+rpW={(h~``iZ(&7 z16guHQydWHI(8L&F{|N;`C7;c$kc^C2%IAzyvsoIED>UR!~lyz%Y#`igeIUC&a~CS zN`^O>zpzdyPK_?LyCKvDOO|Am?NvUUfj<^N+zC$bYz;Ym{l`O}W?|`~{cFXZJ-JOU`>{?R;Yk3v z&^0%gM|zAgc_rIZP@=AJ{jCQBZf~6NP~&$ZGNIe8G}ZJj{(>Mf9v)zFREIKih-G~p z#<;(?&=>&A#AZ7{^9JFgj`RL0s%N0?%nWXBZZx_c4z_TY7C~IKxbe9e@)cyyGDtM+ zvFj}D?7D9qTJs2`8x7%wo=5Jh`&=Jo2s0r-*@W6F4{|7=U^w7u#pUI1Pm6T&hG?X_IRbY* zg;Njfh{|ce0qD92{xdkhK!C7)u_$SOs3$Y>@O6;& z&6_tb7U&mmjqe`Q%0aFHW0PQmqYg;z0l)YTjkguHvHQLa(Vjb{1*qxLo|h`u4uT7^ zdbf#QHbx^awMZTxu2I!Vj_E;EMP~3BN5qF1t#Qu`#9bLAW?MtbXu1!L@Wp5;PCLK8 zGx%RFDXCDziH(Q$StMHafLQGW*pps+5~ExZwg;QZMby&DszfmrPHeVe)DS`rODIC# zy?fVm&-5;;HQMZJk7A?@9*K4K+}tU5SC{WUp~{!T*Yatkd_P}fm(A>^)BWw+Jrh%; z0#xrH^XRUh-qY`W1{ni}3G|Gh8lYoPKVFTLSvUtE6syMRp|QrVXM7U>5|uBBlLl29 z<3pSogkS-#Bg3&{$C6okN_y2MC!5b17`PYc!+mc&=KkDMw@pzDz=n^KS%#iD=a2=M zJD6hhns;KN^`(LV#B4e(S{-|YdfJK~_#+p}{xq^(LZWHRd_l}qCeko=ILUR>jNq6l zt;xaE(XdXdLCDf*@)1UB?ZqiVGhoacntsTSHjM0Pvdd0=RbI{lxEeE;NpnTk2RMof z8yZHR=c|$tv$3&pXuKhA8^ds1e}7`aOnZF9TKm5A?!K{betz*Zrj{tXk8K;tCkr}W zB+mxfU$CrKqS{3k1I+>s*p#6|)8MI^!F<_e?MZV?r7U9lB@5pgyddySHDjsR^F}V; z%>gmf!bW@PoERP-=!JIJ%$vRgq6Ae62HxBN4W9U6BNHX?2wg-w;1op|5B85bXq%r|eW<1q$* z02ViQu$%!RfD!R2ped$5>^zMdLi9m4+V7dMdi82@Si946sgiM^Lkn=Np$1d z%r*jR;VqnY?`iqH?F%6GfP(RKOF52eSXGb*SbcN(=J zF~q5;p1X;gTM?6PdaiuN7o2huKwb?QUHMR!MJCoT4$3o_e~U^g01*)00`DbU*Qy+T zM5n>!P!k3Pc{#8*ZhSvY8yjQNv^$b-i1O<>uO->KcruX*H3 z*5xQRK|ga9-oG`m(_w(%3qx>}sV+-GR96Ajz?!82R48O{v|!a8Ko$_MCP*_BfS8aO zaNCxN7sx8;)!^aLG;!pCXRDqT3w_29(z6Em0acl)i|)RI2R&_9evU@Lfu<>w^=*iz zB*diV@^|k}qg31RCI~6jqy1iVs-jRX8H|rh%}3sXg-N4qq4?F}cl`drdfl8etyvDp z;+uC}friidRh>BrUI`H>?nn4ss6v&*hK(O%aaTu~2|G zv)?Jk@ISxpr^r;A?BUls|CoWQ8sq76JGTe_^7>4}1kmQl$E$Ypl`T>*}l!}l!8qRg*pGafqRWD&j(6Yi)Gx|S1cl5gUz!mEOcjU}QU+u7LA$NcS(9cVsYeU zbiI5!ITNe*NPYvUzd>BQ!7((m58^?hEdj-J2mNx56rsEX^&pT&l8v0JjVgxkD>{5= z`y#D_ap~R9U0S$l60p#iNP5gTyeRR6O7{njpINFpD)%%587S1@{P=|VWV)C!TRS+2 zM-wbzXLjR|dfQR$@zylU4HRYYDn-v$UBSlqiGz%^nUKQ-ecpWsBs=gEc)1cH0iW_Q zmFWd$|CGxHHu2I9O`+m;lIA+&!tkPDzd)80ur*tv55vAxEHbq|wVdFd@TQL%u6ri_OP_ z-~js^S4+Ob@v?c9agUt`e*E}|@MibxLTT0-OVxUuJC1d&l3Bs1kjOh3YWCw;FQ5#O z4MnBpFI{rWNfR(uJ?z?X8~K3xFtnrPM@*<2^$dX7#PC8LUE4rUwWqoS+(W=iwI8_6 zkXS2RJb4r9_$96&PJ&NR?(fWl*_HSIJ9}|%gOV!)!tuf#N=4~c`?$YzoM-&=<3-#5{a%HC z*poWme}^R$@6Ev_SG`c&u#jDzq)3cgPER6w#&krphzMHl2R`c1qjyk|u{n-90n+KZT(vfQb8 z`WM9Gtc_A_NDeX9?UeD5k8CT#?_1RSR$8f$o4|ut^Uad0-m-^Pzv*1&NxhJ`;P>Ni zCwIan5!=uZ5{^;+5x|mLfvW+{Rgt}Q)qf#sNf3rzYAWH!S3}_C!-t#ai}vR%I>ve? z_H`SUzzytd=S@u5W<+s#EDw+^Cfy|1)aW*5#{IVnb>r2p8RmkGvJs7voqrU)4*0F- zh-tfr>kR-qS7wx(iVe0+Pu)db^$8gZDtqcnz?7`52mr55#UOEihdOxXD>y{I(8?6U z>V6Ky2Slr2VGbsNemV%jIk7rhIAVAklh93he6{bY)cBbr8>QTl6RV-wSfgo)hY zf#d=&1WOxg-~zwJNj> z)1TzFsPzi<*YtN^uYnm8x0o;kV0{!XaQ)23%?QRY}W39K<;$UF3hw< zP2JksO4jg*Yg^FR05RId$g9&B3Rnzg_FB|=Joer6*x%rp(WD0$fFcQ*12bZHx0(2|3Naw1c}O}$Z19c zeSL4S8?{y;!DfDku<=dIRe#v zOb_V)A}rT3Bpb+<2tO;s%)kRaVkwYg^m0p<-i%bRZ2K>UNNY;p31j6=nz` zYeW8ySfeT}v^d@A3n$MA@ExUfa43P`{7qru=Z_yP^2e|vR|8$ZvLMud!@=uCTcbYp z6DW_&;pQ4u6nB<02n{$~5O^;A|R>Iu0Yu7GB zg4-sNaB{|U@@=RTIBHu=S-`IOABPR+oY&~c>JD|f5f`@wkLa+RoIW03?GSDm3lVXG z+I*n0zEeC~v-c!$OYEM7FwSXVTZf^wD4R7>w+A0}#x9}(C^Bubx0b$zZUNgg9#c8+ z`{Y@Qqys9lZ=UBTCnjLqy8)_)mT=~);@4RPI!n@ z_R=UecVT2~&NaMKB$0)X5N7lthSIQcqFdpMT#2LwkRG!%FoZwyP+&)Zl-m*h4S=Xo zr#teo_n2isR3d=jcj!qwi@D(#n!)=VYlM@~0d&6M{3d&0e&rW5jQnh4(pToD6hNLR z@QBkxkr$zpn`28dD(JbWd?Sx=r14eQ5SmUiWDY#F*`^kgo0IAf2!iZtAmw>Dq}`uU z(XW?TZ8e7*T0;=j9g)}J(w@^MsZdXJ2{q?H)u7t^=+6ngOO9pWtJ$%?0m)3p8h>(3 z(A%FNutzksm)O37NC@CVhbHjQ@lgWV-aT>;GF+ z`OC>`KKX}gXZRpOD9K1K;PO65rJ@jhcUv>Im7kR`FJ%vlX?ij;tMC`F`--aJ>zX3 z1WF~$m~3a+|MUaxV?a=)wk^P5VB=`9TaaKU1BcJ-qa3(r35kT&Db&7O~JaSg4d z`?_Y;C@>*U4p=&i&ldQfZ)|MrP-dPk@4!mjYy5ZB0|&0%@MJxF$pLAZ8m^83I>0N4 z1aKHp0HB?5p|=F({|tD_Ugs1iH$I4S%z|FHAhRbQXuyd-VJw4tVxTh~p;o;Ii-HTB z=xxCE>uX)SHpRiizaR%Q{OCF*#cLd@D(8mnO zx@7Q@fvjx92*L$OdXodG0tG8U9u)w|2|WRZ4D8AfXFQR`0L<P${ftv2 z7{myf#i6VM^T>e77c}Gc{}IlP(YPFw+Swmb;L`v}24_q)2IxJ2VQe$Dpdk}%<@{G5 zo{vIPOJp#h8dPKM)8o0*27vj{6BbMrA$}6268Q%KlZmo*qbvpwnSEGcCej|vQ>omY zx(dPrq{lML-?x~fFI7AT9kIbsaQ)L$31I-B1e#R=NryaQzm;h&_;~=V7a>1jKv3mI zf67H18NjHHBd%g52B6}fWjop|(38r54l`qr_DhnKo}R80KiX#~$MUptVsd?pu_(Yo z21?Jc9mXrH{WTq?Et_I)ivQ zAtnU?X;xp0avs7=%^pa-X=o|#r8TbajP**)hqI}=Ka0-_-MhMYC>Wezjh>X8iGd?M z8K~YEuy2tqsS-|sp50GaSP&9#fyiEJ?8^oo`OtSzB~!Pc=#o=?#~>Oayby>!nv-|B zPVD@rTWW`C5A>=)eUNs5?1L?yn^l(>+c7sHbm&x27ZzUfn8YI+IE814u?#g@;WlJhmwonT1cmU zqdVIkjSoKYC)dlwV&XkDB|`>JqqC4|eMPB?+BRFS33$j4EaRV$aDZbA;>@3dCJ*FI z7w(N1X^?mAA3t7nci*olhNMA`!M$^=$LYu_WP!-Kl?;l$G;h!oK70_^ zzkfq(l(z5Mi;wtn4@k){e)Bp>$#9=B&pXzI_0|3jC><)IQM_R>n>ZNVxlmsKon$lm z@+Ss4C|TWX8FY9$KW5N*?!A2Re`3l%sdp)^kSdr3p60y)CGPE*54p3CnMLDNP2Vj1HG4j&C{P_VF-QsW zwsw|7Pb;B;xOwm1J%dw#rO;+B^xPX;AxX(<-Hwwtv*&w|bv+UwFvx?bifx#g2@pLUU>uFAN2q)TY7%;F z&WnIvfw>$9Ku+uzVdW4gpdH~FX_TPv>5&2={uWXij8w3-+-d#Z@ zE(T2yybMmVC9W6g9?5wT3=EKW(TJ8hpfrHE$Zv9LVwCg}d?%h`yxa_F)U3ohf%W81 zNI}-{vodZyp90O##m90ZgGco+i$pRcTmVqFh+1+Wj|VjEOZ~3YB3`HM6LPG-ImDMjD(1uRl3oS zoy&tW3fM9U=D>^K@g$kl-GD>_xSl&_lR1EQRI(UE!6J>^8A#F$pn0=U34xzd#p?tB zr~Gp-Ba7&4{zyTlujq1gY_rU zMzdMZpC2brJWq4oY6K0$2{i6Tm!fvEb`eoWyath;Ui%;@NEVZ=v(t|Irsv#4y|v{mq1GjYHC<E! z2R&_fgybVLe|Dz}6%N|A2v7jtLjKO6OelMWbc+YE5He8Ycq_$BgN7y-L2I@iphOqQ zpp@awBtxPZZulZ9SP(Izmu=a;ftYb9%cdO*vAA1_w7l3W1&% z6lLJfQex16!x)n@qxH1NEj%0FzvsH{U?>-ZJ3ckUW}e5#Eh_4frS@O1j73g_8cv zM)P`XdIQxf17qn>Q|hzp4J7AfL!;=-=#jBG=Uo>yJqQ%w1%{6?a_e*qk$7OFktUbS zuW2MyN}#mK(+UvEVDkm!iuXamK^L>!QIjIo2++Mzn^YbqZp^(CnV#%-1Ak7kzJk^G zO79}cW2BhQ&v!>w-TZ!oDCl{$xl3AFFpbd%{TGlb7ObXOtwoaZ%We;zh2YlC<`$Yd z@{sZ@kb0O2uac!ebx^0Lr|qXoD82iv+8=Pvo8g~PssDv1B8R|BIdI^Alvf|AM7d_! z)Z}RI$fmt+z0Aiqfb;C;;$Ey)2n-cpYPDWBvUD=r2iKIV`0b9ngwn3I1)H7)=P5KV z!G+55Jrw^x;hF#K`)|tQ)}Y;*>z;QrRv!KuSFc|e?ECR&YOGm_ZoGf_p~0X(SoPqD zabb_VbMfb!Apg61TIRWRL&XKZiT)Sgb6J-!_cv(<<%&+W75fh;Jv94ljiC@v|u^?x{4f2$8$N8 z*w@jxqH5@xoVl6)S#SJrUUX>h_zxmk@S|PAr$9+?oOQ{q$4~TRlys*s^Nr@;D1fLW z`5@%o^QDnVLH&ZwqXgg+Ofe)emy?@Ofr8hXhl~;!j~CK%^*XqsZ3V9cbn7DIH{>LO z@XmnK0(T?-QYBgrc_CW3y82HT;}kfEa1#N=9LZBqWip`1pmErwG)A!iKmv_^@eoZx z@Bzm55uytU%NcP%V6c^{)W$^=Og>#(M!} z$SX4F26}bp_U+ez6X~4A@t+dY20oD99N1dDRYx? zrksX|TxB4l=2GB#Jy4r1x7ysiKX1VCz3=z){CNL(o&hZQ8=cM?Qh?y5xJBR}+qrs^ z*5L`#35x;QVAIH8pAbw%)JQnTMTXgnG>!kN6$++gh8KkJo8jLJ5w zM&wel*ntPzQQ%2!EOCzNL1y1e9O5IHD1c>Pv3Pz+d9Zl-wq=5-0SC0`_D$X2211yU z630WxuEg(1lTs?tG=E*#iN>!9BNAV!pVK{;i3ske>W}dpoo8|ZKq3svL~>h`wwne( zhqDe%^X?<3iGGLX`092xqtllabOcG!tWli!XlXFLcKy2K!>rAZiLxCLOzP`B39zY0uP}h=0+TaPM%C-j0>0tNv4*PpH4xN0D5~4ODhhv zr>tTfl{jieAqTi-p%y}bssyE_MAUCdE$@yl`x3P*xFD^$*!eF1@XVzi<2Ysw$j&{~ zu4|XQbSd+8mB!7`n@;*o2j6pXv6gCzX;ZmhnDu~eG7b=0{#jd}m&p_eERo+w33g0U zQ9v^(0px!rYRClL`0Crixm#o%FD#F&8Y8!{sP(`>#w0C%IefjTZPerU z4lteQr~n(DMw8eyX<{4sw=xkVJ(25;bf>$Jztr;tx=4s3D@21(9~z;61ih0HEhjsm z85tx_n~zA(VjDiy*|`_|0n9Ojq=ay>n9~w4^sEH>l(7|gALpFQzOR5&`j2v@0U9&S zd4~l{Eno?jN`qQnN#gSGEr#(?+u@PYP*Lk&5<)M!W4=#O&ncdkqGI6mWP%65qOd zKe9oQK>|xtY*G;%?n}_xBQ9Vf;jyq;TL>#$`GuM?)Gmaeqn-qQpKt`R(Hnj7)tT?I zB|dA~v9t{l*m>u{b;`P2$Us^M4D+x3QRKL&nh7RCe372KT2nDe_6CxLIm#9^hr004 zmF5oD+mJ87xa+B?L@Seh;=l)B&6imN!@|W@@M!D0b&F75G1%w0x|GN#0@A-KW=Lsb zgcUIcO-yr#*-AxkCjxEX{!@J7Ec+_oodDPNMP_Kf;FL|2bxHYd4Y#ZaIwtSaJSzeG z0kt}dn=trz2nYdhqU@7PZ-n2t5onmR#IwSS08TeF;1g~OTH&5*QivF3(29c+l6h-c z%pH6(z>h)tM-$bL1B4r4Pd;;OQ<_%|SJG~0vKWvPE?e5V)~d`qa(88!wx(D~E)$po zH7~C8et)nDlY5bIx1@7>I-g2WmyrcK}o--x;*AUuT5aSQN zD2xE-;KAGsuOFu^69%dwp5jV1;ibSd_`!Z;39`%ASoeL|P@mLK!Ma{e@R7QkQ@`DZ zIpsWJy+iQ~qN+8nJ^^3+)!Eqphl%GTt72nc=&p$qtYOpqtrY{y)!rG)rw_}A7?l*d zynidVtN%P{mba?>eRh9NLPp!p`)!`z;u$kD8XfEvY|dv`Xuruq!?7 z$jKFB*nNMYdOmP7uYY^u{+mg@rScjB@$c3jX%0ua3Ia@;iM^uWHTU`K4EJ*j*Zc{s Clrt>= literal 0 HcmV?d00001 diff --git a/docs/guides/batch-backup/wordpress-backup/images/sample-post.png b/docs/guides/batch-backup/wordpress-backup/images/sample-post.png new file mode 100644 index 0000000000000000000000000000000000000000..8f4e56003974d7a9356fa715632a9d88f2af298b GIT binary patch literal 59134 zcmb5WWn7e9*FNke#)wi1BHbaNDBZ}Af^$0RK#RIh@pHAO5J%CmWL3)q> z^F)uOFLoep4!zpdh5U24H6}LmhcLOYQ&9;^INkd9vpofV*r?inKe%?nejTavp9kke zdnZ>HeRcdfB;ULFuV1hAboWxW~?+-@MezQ`M&$<*ro=lpwm^2N4^anmX<-1~xZ~@$&Mz-gc!8f0-=DEgkQb^0Oxd`{vD?Siz6G z!@^THMWr_G3DBdtqj7R_(kgDRRoJq#vxohjo_m3f((ARQ43#KE{BzxZA9mX}VsC$> z4E04OBfODr>kPQ)k8#m!UpLX<9O^cW)#2O}71bgkF*aWIIq{hdo2|3Oc-36vROPyN z+TPF3hmsikvXZ~vXO!pBZG;S}F>TZTtQ=05tPqhp`=Qz3q~wzl^4 zgw(&W;^i?hHDO_4866v=8LKgD_=rWuVfHy9B0{gpR#{nDwLr_%%qS%HC?n+U@zgQe zp8VTqk5~nhUdqv{7M%Sa9-vmk_~(LMyo7boy?-w4ic;bPiakL04hx)&kBAsR-FW~v zxmBX5BIdzE2Rc^P-31?aO47qH8fNi2k?!Pz=W*tyx~Heh{fg;M_Z~faQAkLE!uCea zSaDq!T8ga8f2v*hwYYk3Q%~T*jpq)(J_~hq9eJIuRTNR;s24hY_s{lEO%>KO(-hHb z6m-6mpO&U3FaKEWq_=-)C~5Zj%_*)Ih{%Yj#f7E1@p(aM9i6F(PAySo(Q2#la_i^M zpJS2oIngay>3n<5gpZHk))#GTWc10wy29hUQm;u+f3n)y#l;0dp(9u~n?l*P;z{J} z>=PXw?eC9{Z0#^jOiJ41_4D}sdmwve@IFjL&(vc^Mr*FlgoK1Jyh{u_9xZb0o@F}% z0s_)tI&1{O>jz2Q4WVkSPhuJUi`_{D$;tI|_VbI2C1tku_V#RSZ0XW*4_$coUjBU0 zMxveJN@mHKLTccYu8{R$VjRulmXWC`J11w0pvU;=Xl!gOAtB*?Qc@4jGmAHGt~OX=4pkng?%t%*i9XnN0Mv4 zC}a(Ay1jk4Xuw&Z6~*K({xvO)CSWpDR^V7~W4uCdoDmy={2;7tu@m&NcR5VdQbI=N zU~r#NCI~YOZ}WZa`+8WOR^yDg=y7q}N1OP8Vnom1HSR6jc!-PpC`^=JUQRBA z>AIz;cH;9*=kWmScZHv|wRc~?TI|T194>#JDtqRDpwKfkeelT2yZ+CK`sIalZ|dP; z#y>%!MovYglH}2s+^^JX+d*z;mrW0DynXw2W`2JD&mSXQ-PFuXU+fcJYi6X;06jhi zMqqY!wr-1zW}OE=8{0e#B)Lo&2dS&o@+?W5ZBt3MruN~(hwLTn`f2*efN#3UXk+hekHE|Mx|{B}I% zD+ArHUcG9(tNZSqb{xHh@!N~0*_#KY97+r&-!g|=4&RCB={y*cy>Q^-V_7N4xd_9v zOv%gRpEh`7ZSAMmR7Fceqb#qYt)-Qho_;Vr^MUS;Y{j^P7x|}==DFriit@^^2MD-r z^z8ObCojBoC}MCp;CdzpJc zZQ^8f&d|=0)^5)E(Zm59NrxMr6*Gb#DVR4G7Mj+ln;RSNk?`Q+v#9+t?oUtRc3oU3 zWv*EERFhH+cY9>Ty5(8riId}L?U`Sk%LF4fHDz?!cb;J}X*}dDZR=<&DJ@Y}9TE|n zs+xAqD#?>h8OdSND1^}UX7yl`hVd%y{2dY%wb*GI&7a;$-OqvlD~{EmxZ|v;L)+qr zW72f9H7Df*PQyp(%U}KNeMl9V((LRL`B!T<>jW>pYqI*4nd$2{y?MsN%bTT?9UmY6 z{kye_ii)c%Z=@t1y0_(Mhc9-DLY6~mDKdF0_OfJf5I?#=_I{#~smaLjs5%z$(N?|i zcmByhQlyTeV*lP=F@^9)z984}kr87(vtN1)EHVE6uM9SNHBs2Y+A=~yI23Fq^Yl7` zI;fD65_^+&R#w)cGK4!j+rYB(P{r&y#F4@lpa zRjiLkGwNjKlL?9U z6H7{pr6i@EbUv|SekUo3{?zcf+O1o+5XpdX1d@WW`#5_HpFL7yi0m|oj*2oiHufV) zFIZbA*>3jozKhSKDG@a^I5>$}6Nnuv==s-EI>gWV2v-N#wk@s>ouR^qK|z zgFJC-^k&ZRZ=VzSV3IK49PS*S5&gxfP4wA(^cx2s%g$+nAis00lH6;%)2;~=oow3I zud`&LL_|b09EP$ar*0>Ph~$?KCM+~hcjfJl0!=*`7#wJ3;T9>w;D=9f5EMKKr6x^< z8bbxBn>Wp-D(@swRPv1CcO_Onu-O&T8;%LDdlD~rxYM+YmAa|T=h@uabB&Dp#3D2G zLxR6Q%f;)hI##-13e?xHUkCHm@ND`8_Xh1Zf9v>nmkc`MGT5K&EklCL&(HVqxurKQ zWnyWGg@q-KfHX!+%O7k;_n4kx;P>xsCqBL|p~90S{VxTwX$qutd~jz1{Q`yt2IO2w zhiY!l>g#cPJ7r0l1t*G5dA>2!WwmW)YePp>CQ%8xopuIKnYWbWs4$Jy9nw|T*tPwn zs@tG)bmQHz*|Du&+;KjWioOU5i%NV}zg`{OJy*_!lG7JWtGirnkuNJQ9sK=!&a?cZ zin_W>NArHDqgR91^~KH@?>M#3aZQ3Qq0HnS+P)9`P#72(>?I}E!4J;REC8!fq9P(A zJw}huCqgv-QoVfr%o6hgrS@vE-rY52(?@Lb4(+AfCxUgaZcL51NtLfxiS+LqcWsOM z>4M;owN4km=o&s!qWEYlZr{?ZFAo65q8gbcJ z>FB-Q`c746ur!~@=k9QrPqsy!l~bo#d+MoGVDjh95-)`oE1x|Uf2EE)1qv?2y(cgS z?sDylO#nH9_#FMlbsGd}tz@zs{SBdKF|SZP8heNDZct()QxX?P>b))9=e2!Z*7hT# zqfKXupW))><>j%muoT+bjE;^j%razUK6qLl55EJ=Co87Xv@5~Fy=O?ew zS0pN>YQtMDh0lC8GiFYj)Je=U?3^-&O4G^D&&pGL5O>XZHE1&~HdY|%Vx*hb^E03Q zt(YGpRCss`!nY4DJO=6Xb~$Yg-7j|YH#0i-Y#eOXJm#Cz)BP0FsZf(`FPzc6XXn`@ zQnn7(#|otF2m60NXX}Z6HSKnjn|owkgTvzV;A45YlezhmLffMs$*Dv6Q!glSkVb&W zbj5;4OXsQv2TPw24S80X?=D)_D$B`zd&U{ZrO)FnIZ}R+qsE$UIdY+8Z{InzS~KKc zGU_@Zw)1#pW#wblCt<|*z(AP`hd*9ZG^m~(=7$(0e1AIFO^w+`>(5=$?*>@hx)olv z*ZbA)LExuP*vK0~uM+txN=nkcee=zY3=6ZdwG9sqt;YiDU}0i%KuuBGvRqG(i>@ed z-CUe?eA8RL_t4bDlt$yMDB|_6(NUi2iP6#a1sgRc6=B`Ej=U59_#w%k;}zPoSUS9` z%EH2P5Wj=S_&ERPg*b;%6%rq*hHw_CbA(9<(;XK~9+$iqPXu@ISe z94njMkfXbO`sr8hiA6#bg2L^uwddxvNTbC)V?Fxbx!)`+4@rI{@b4aF^%t_RoF1N8 zUe;4NHc-`#RK8SIUFr$d?N4{PN5(-7gYA$VPIHy(pZgvCg8Y$yUF+m|U2`LUROm+K zt&JdZ1Yc}4u`HcHd0BF@5cU0<{TEZs>9+)u3bNCi-#nvkUL_zPf(2^i9sBhwbz4gG z$jHb{psHOe4kbh6PlFz{JQbzRpPv7UVWnU810^g4-fBX;Syx_EvCKdTD8H zb#;FJMc)FWdTcBJiYIwbSXlZhd3c^Yd2;ieki3J8g|dC88kvs1ej2Ipb?XNcv`WgV zIw!l5!om$%tV_jg>?6%$1w1SptZsC>cT9~<+B!P?q8nRU=;-JIqW2_TzPv-Bq;rZFh%7g)Z*ujK7%KK4M`ZYht@Y5Tn*2n>e|Dj;W@m zR`{*OmYQSZd%BNLeo$$3e0*Y}1pwNy;n$Lq?SlqyUYW%YQ%rpVIHp-palLlBFHO*h zZ4|XV_u+#V@6DeTwu{)fDVx@tix{R<4PIM<#8I+#M4mf)BLl^IDYLV~E!$zdH#7p)u|r6mOAriYX8Qa}XEN7}I~%kQyGjLqd$mGv1| zR#%By>nf3<*q6&r%U`ZGkJAQ#nY{_QGs_WtE!NxaJcA{r`4{ucMGJU%oM<1&_?+gK zpJ%0{6n@Ke3Q0vnwvMztXXG^u`M{5CZEK^TJ$Q~ZN*O!)G2OG(nz`feztu|bmRa6% zM+yD6a|ji()j4FYLA>UPfrh+12m{BbF}ARQI)1YdkkHf9KO!P%ZWJKpu#-@8ZVJ>8 z$}>0D`>3Ykke_IwDk$VQAskFvP-`{U4y@tC2R=L+vll}M8_=H<@_~Y@tE;^|dywnY zQ^xS_%~!Ir846jXq@;GE0litx&CNkULCEBgdmK}Fq%Q6n8e@;p(WRw{L8+0F3doR6 z5^#;0o&Q6Pjo8`URaR17F?@Ncv!prH2ct{-RG^^cBHHe}+^jUORhw@{y{X>&y8Zvp0 zAnPhA%RA!|4RwT0-KiW1nDUpPcG;OXe*OCM>vPaIh*2T2+1c}iGEUYedkWf&!QF@2 zhx^&g(cLlJbHG9~x{f3o*J0znN`Gf;OyKcaLERs_udffc4zF>>s6VQK3coO!P+_4Y?G!U8XZNX9X@?-@RR z%o9CEp>j!~Rcm8@^o_!FD3@Bwg-;v+Lq99aM+_1LEyeIH>hHh+|4a)Ju9$$1Fw3bn zIZ)i4F8^3*O3=+%sr_hsPS{KM29o$t;i>lC>M2VXou?oX>F>xkO+`gUX1bP;=x9Fu zlibR5gQo0)(a|v?qPQ&rJ#*vU!9i_R)nFpr=m-;2V@lN1^X=%|+%>-`Opqeh1)W4F z1OJgL`PEPN7h_}dzgA}@lFDEnASfW-?GWNoC@H9O{B8aTyYg~+=3DZI)J?&j9=Xf? z9{IyNb7&ug&2M9l@Aqq?LV&IJi?r1?c6D`C;e>{d)A32aB3|Cj>y`4SC6;>IQ$;tBT zuB`=Y6njq!=!g1$KVe{iA(xes9)Tj`zq1oN8XL9v@W~T%jxjDKrdRa126}qvJjZCa z?!9U4$jC@vS^1+>y-_L@97{;Fo!j-5*YW4WC+fb~JamJ2e4dkTD3H5UT@0DaH8&vM z(@Muba|%(k(5{uEkMNl6XwhTXIPqu!AQb3dTac0Ax-KiIN%{!){v%wLHus-ho28C* z?YQVVmuV_0%K8TS%&!YIQ#5B=`2>P5o~BO#=}%8j$3>^1qM{NINNiHb&d-vRez|@s z`}JF9d11E8j!2o|$ro0AhB8sm-qvn-W?A%~59ppD8`gqb#Ab(_zcbe_#)e3*L|f9`p4XJ_Y=yu7ix z)9;78ChnmL39J^xNirG1B)p}$xvwa9p0ltp(9?hVdFf0&^dj3!-y?5C?6BqIxz65lLPb49UOE~ZQCVs z^ldRv+cHBNaIow^Fz1dpKy!CLL)Y~x5o|HwMJmsGj!R2Rci(0Fh(&}f?d|_v zuaz(p+AEH=?r2YdcgQ6``_yABDo|HbYiDP-qrC$M85ybUbBq68@m|&5Qq!&>ZDn9V ze*W@;%L`&m8g2U$CPqdoQWC4!I1qTeypRezMHr?-T-?L3F}^C$-*a{rMswE~dw=S| zkBZC6&I)r4rA7v;YPs*<3>0fvJ!E+NczJcTf7uQq;(fnNrIo+`LTm5n$jQm^TN3u7 zaoqS&df*@^DA?W22i*T729eL*ZF??nB!S?CqOR^-9H*sKMM1pb-jls8WKmJklP7ui zAB3Zj$%%)9JKEbJFrwGh3=BjVWv0;HVlkCn&3W81-r`Vq3Ujd(_j7lwliMdAisK^+jBFpWN%tCJ8W%P zhSOD=kCab#4T{OiIu3`_e~2f>LHf0IR~vM*u&~LgDmL87vE%8ipH$J7$xlx&txd)$ zSWs3_IBDB@3o7=YN)#Jmr{MHrv{dxH;!-vamhrRw(bh~?3=IBz9!_|m6F4`hC*Ab` z3OrvuE>xdvs`9j~s6<{-nVplBCS%A&F)!~)@EjQxN=ZrS;V+#Z23SAdmlYT9eS6y= zkn~)4@mF^e-^+5V8RTJ==`8F~vs>z>#>PBYHnH5g>SmhV$N2?N%)lkU8|mF{CshxX zP*Rg8Ai$$h+b&F*eU~ivXZ{a4q$0hoFYWEwWu$*j1(b#ch`Ak*vZ}WQ*S3j;5Z)6N zrk0kx?~Zz056SpE;(u^(5OOxNuWgKFNEjI#D`bK0!(-gnSY7QFDlyOQh$)n;xl`q9 z%YPC?!Ca7%^67Hs`SpvxI92nH-hC?y&(8Kg8n{O7w~H)1(XVhm?pEk8HNO~rp#yUD z+ly-MA!VtmYGe@ zeEIHsX;f4T^`Wc)fsZP+v{ZLyL5@zvJ7Xt3J1MD-qKErlvA`^?9EmnzRY71A zH)EIr+37Zx?x1JM$>8oCqbR0$&zZHyg+k0O)#_2cm|XFTv$J6oA8s$qFOu-MxLr;r zZF+x<{d~_VX>0kIHACjYqx5U>J&K6W5oYGb&nl2<x_PDI3V@OKop7`8?^=!OMFu!K#uBxS2w34&0 zlc&wyZCWZp|H-$qY;~!|fR^^YxELaV&)ovvWJkEZqkQ=wqf3G`6YCZ?@2UV6U2$=V zlCts?+n=VNRH@l2N(E{avs>?Lpg2%mycS%S-%M4!6s=QcIpMUicLybBZf@=@>RlMt z#~H_IVrpt#G5)#S>2j458@c4pym98y5-EjmVq#LKS#&TEQ*=YtPYMT#7a0jk2;bS5A6`e4Tb*uBY_^HL^m-}Dlr5K~t?Nw+ zToSyz-}b+&fgTE`8$q9nyl?>#AFp5Hvnr*v+=}8#=p94oVXZ3=F8pYE)t!MshJ{XX~)O zY)H==VZ@tt@={W~Gd%+9mh1ibF(E75f=11+U z^Gy%3T|pwSQML~hvD;dTG-Zrt4h;6(X<1+dg(C7wFz19lg1C_|PtBZVye#g)J5yuh zUFdHkWh*6VLWs<4=}B#Yo%u7X3!?JRpI-MYwr_2SQzL#34D7Xq(|LN%0>4X1nZ?JS zDYKYRuQVeN)+VL+nw%`)adz}WqfEQ_!WB{KjJ2xwsAy!vVgu+-BG2#etX4kjog2v3 z@o~4&Vq;LnKi%{6^hAY(_me9shOZ74cy2fKO^1A`E+dKK^fnZ9*EhGC+4?~kT z5=@LoB5yy%Mzl+IK)yf~} z`u7Q6LlMX>ST(hX)!)?*}0kI1+>z)?m;&(&$dS()0PVcJ-G9fweI+{^tM-iLYEDi*f=p~= zWF#Us!Mihdr|=mc3(uMb>UECebj#(s1Hp0Iz+=+MoI0g9&tf&ygGhOgEmBt}{X{5} zoKJf`9 zYGb1ABer^}TT@`%UnT792nsbd0t?qFIn>JPY77%?S=d<5aQR+9T3dJ6=ESPAeOB#< zZ>7uwO26Y160Eb`^_BHaBu(6^^=fJUXqjr5B9UHt%eVKfn``bDX`csZ*0?DD%ak!~ z8MjaZ294wn)%=$aYwkihQ)I%GTPN+UKd)b|ZN%buM*AUqhD7t(8Y zce1t)|L;pK5_1w`g5}^R8~-w-TuR@4$P~h~^1<=**0`f(?ABRq4@f;}3QvFqNlOEY z+*Z%c%QIiVTL7sId;=k`{^cmSc5RyMAU%1L@j>Ft>+i|Icf!7(_FLz#s~ZN#-<|=E zNiqNOV!%T;rT=!|2>rSH&x;`Z2tN3)2U8z<{;7_^A72QHcXT?@s{P05bIq;s$|2O7 zgVVG6KX3N@@cn%YhMw+H6^#Q*)+ z|2lWwe~tC>)}8Kuzv0>m?|+TM^4Z}3T#)DOWaj_<)c-On5&xHiiTl6a{C{0U!GDi? z^S>^r;QzV0|K}oH{&#L%|LdxU$Y%)tJ*F3R|2;m8=Kr3+|KmlN|35FHTjYOE{o`X~ zGy${PjmgLVmt|||%h3N!T{J`m`_;ifQhxQ9Fa5|7G&E_wsp171WltYJep$F&*Dl_> z>blgG06RMF^JhSAtsNau_v?=1WTvJTDV%T}?CV4Fm6;AbZCg=o?d+sEbjkBP?f$nV zt49a#;X|1Op5K#`7t{406|g%2$$%}(!^2}^V63%p* z;VY8zGMsjz&Qqsww&KT+9~HJs+I1dUg|oUy>>JYaYfb$nLd?w!6$$JpE#W< zq5&6yG2LWLd+ujP&nw*j^iY5SPG4W&-hLkdfljSkOs>D5U(B<&*M+cwz?W0g((WqY6NK;LUJ{VED|nN0i*$F?enoL{ac~A|Yfp}jo~#zs zJ!NLbw-ht6u$U~jP7MtW{q*TmZS6%YyD3zxsEKMKHOefUotz#$dL$twm6MePYvTNP z2}p!owKTZhz(cjRw)UFoVS)@4aqS!(>s@-X(9~-t04lb56lC~NqsvKPdMyj26XBs{# zDk|zsF6&w^{))*_Euf{Q{(^Nvb+vd-0!KR>3zs&GDo;OCGIv<9iQkZSd_w8oK4flu z940MjanF#kNgmTbmH2D1k_KtUf_p_(Gw16993f0hOc0oyG$bV%xXR0>4o8X%qnUM{PU`Hf z!LQwk3A~OQ^KIceZreAJnW?F|fYYv4C=qEe7#84gfU)=V^wfX29j=U^c>m&=#dvvn zIoH{@uV3eZk-=;4+_?jsZT88Ogsbc6Pw%^zC#%ebUrS3lz}v>gHqg@2GBu?mBZEnS z`|u%${fg4Ibr;wSDgHTZ7k_Q)1cVH2E=qCa(29^mN z{pr%DOM+)ZHrCcqa(T|mDonN~e&t-XR(3j+n9oQ~V8Ol9+hXRHA*&aUBfpsBY zd0L&di514{*0|^SnpQXWLs?u(;(Xq))=5B8yAnRS@Wz7A^b;Byni}^`CSh}D1`sm@gODKR?=~( z#GXC+WIB`|N(18*Mm%O!fB?_3cr1mkd^K3>Y}}TsHd+#6Ifkc4K+?MCS%`6+&Dfy#zk)e zg=_q9B9_}0ic_~HWu&Bd?NOt)L4LO-UR(|_mTU#I?#@zaf8 zLlT$%&wN7~pN2NGB67k$!P< zd<@$LtVM;dbAgJ@=A1!7gRo77I&!-RB;p**({NnsA{p0~mVWa1@g1GR0$3Hzp9m;J z5un<92Jy;oj2tB?B?V-!(tM1AFz_l2{LWFG+krS%YyT%MBEoL*7eRH++Xf#UkK>!& zF81(noZWqUwh7`Ucm|b}?J*jLAzPj7ui_vnLycfzIT_i3i!x0rnh*9dKmRrfp|i8| z4%)F{u1;MdGI?#RESQPg?a0c)Vgp79f(8VI&B+=fGP0?j9&$Q5Ljwa2=N-L=0eHm3 z#Ds+Y*x7k``v(UqpeoMXZi@>lDJg-d5)%^xSOM%?5c-llPO>5*aFKt8zw5&D8l`4_ z{{AipYifpu8KI%Qp9om5>_D~P3I#*-)2I2Rr7AKqU7*f(c1m9rjOW+a1ILa|u8yt* z-srU@OB0hyw__XFWZuZ{g@v&k=CRe)eEBBE#t;TyzId-5*-W)ogr5}2o{s8YSWyng;f^2OGGqqSuY15m&vImp9EBoc~* z&U}eJKFzJ6RBiYpbN#;u2Ee~e1r(Y3K460&BF-SUN>Zr*#(e&)2U%cY0Sew^Tvk7T zM6|ZjGcn~RC(rzNkH$v$1f(xY$`ml(Ba^?4m_Z(QcXzLLh2&&qWd%7{LxU*1&CbS# zP|$<#f=zorux@V;L4mq||9(npYDY)MvR!3j;$)-W18^ku?s6XO59wrpwe*N;d7wwqsz}nawwEPK z)v1iVkCf;cIEgJI$6jQ*_|E<~F1`6(kj?bNh$W^YQol|vMkAxH`0w7T>Q5{Uv$=ky zv(pru^(1xPA)w8u6Nin6l3otG?SVa z6-}sw-Rj_zois`mK)9_fYcFy)clT|n8oTBDBhz#9P;)0HewEtm1NNLZZ?MV8JfXP& zLNiAkKkTk?gSFxBRAQf;oCTG1bm}apYLAYbV1VP7WDg%YY>abna{$VQp#0$$hJvzk zXM6hzWRI<~$M^kYk_6o6nlYY6gPM|)n@dbYbd}Sl+2)|zV0I$r)go-Ows=EOJXQv> zDl2)Qm=-D#5fbuZGSSG~e4@;9>iqOjjR}ep4=|;xJK%fux zMo@q(qp!b^oy`zm#(dweu&4+R4-cq-BK08JCtWb^*rMbBH@-)^oyhN+4wyw>Us*%L zb$eFShKrN-0&=AN>EWj5!5Tq86ALS=)XSIkj-f6YSEg}F+vU6H==oYz@V2?>=@-}{ zA|j13tcDDXjJGj~jZ92pBO~pnfBbbu>C87-P!@G~NEzgeo z9l-or4-QTMr&p3hdqXId_!fcW%C>l4^yWW3G1S>!@f(XbDW5W%4supVIjHC$W*4J; zIsee-r00B(;MZcZTpyaM_&Gmb)=o-w{2L>1=3TgipU9%;#n&=jzoy?4N)J=_jiZ{w z9yfpF__L{5FR;Uo%%ouRF=I3{SAArrKf9aI)$E*(@0k6{ekM{$`QmBC4H@B{hIHQ> zgRc!cra$<&s>Ep@2|0FL_t4jB+OFN7^%Zf-Ei6tH+q6vHa8WWpQW+i5e%UyP&0wspiroR0VOmvG)qg%vu)r6H*ek2u5qy+ zDbxpVh?{^Q56@^rgKp0kp?OxD3QefH01KhKQo0~$B*evOfKfj`-(z(!@8rZqR#rCN z7aA+NA=!XCJwE&&9Nflte31YAV!MjFMuNPPv0ee%N6gJ@3fy0YN$kGfkh^tbzqz-LtepSOG7XE z2<=Iv@M|WdM29P_XufGkbk|8miRw?BTFa-{gSQ1FOZib$BH& zZw-J5ychVE%s9U!n7U6LOiZ*-R(n#x{K^oyvbk9YDhDi**`Krj9Do1)H{dbAIn6CC zu$>MU&IKs#coM`?0V^#mEzMEn&KB|PcL9$AP1p@AoUo8^kdWy0{sef^T@~V3tfqg! zVjmqC6kZ1A}b%#ziu@Q>~1RSt%eEasT zyQ!uqV`g5Ck zt?h?W(K$&Ml?P@YMe0n*Ir3+-KMv54>tf8o*@ki!wUf1|bZ97L8IJc01df81s@jb} zFKpzy=qX$uVy(F*&2I`Wgt%(P+G?swFIVX4#Ssfk5yU&q1r{On6lqoNG#4T1UybbE zkaWG=Sa>q6A3tv{-Aa-riLOw&QXa1}MsGGpiBf3Er6ziFwvrzZc!^0HJ~A+Xi-)%_ z)@!Mx6rtB!C)ACmWN!0(v$566SeMfe900pJ~NK7t}akZjX@;^SO5<}-t6lOBloTKoO?hg!w1X- zWC1IyXF-(-@$oLi_nGp8r~VO0T|^|L9^WI$d}jBh`CYJG@IIdSg~FlDQsj_c=c!6h z&o8UecNLgn&-)f1Dl6G{$aTAuj~OXZ<=iwi)i*<500Pqf?Y{5!D`ML+PCNgF-9lpe;>r+cX8`rv ztWtxmPCX}Fh{NhyJ#PtNw*-+i1munm4}T)zRjD?N>{tj(J#yiG00raLjy;G+XGe3v zPI2+H{-{(cZte;KRs*+-<0S+IX|N;UBjEXSx8A>hzsb9I)xlU~{+OQr9x<03pOLYp zB|hTDRX4~}Ty*QNhUVtd2Y(qD8oIi;fGLa|1zIX-PJbI(o^S;cvbX>G#RNTTV7h^& z3b&Vu$?W`Of40cske-5~erPBfc4%B2v~|9gl49iGcv!cJb+h{gEhZgWT@-Bd&`^0W zMgipkppcwQvB3p*^&SGz+TQ*%+&HwMTE0MVzxI#ybPnVvQZ#1BRnSdm)bmBv{jSp? zs52qwKd9r&s-3oHVVWW$A^>uO0tVU5)N~cN?EM?PEtccM!%n9M>kwohCqfhh1OwZI zQ6=|BxJS*P#y=fNKRl%;N_;C<<+J;>BKfsik&m_PE75aO%N2eYXB}WXWMf;sEZ4L* z7-EZ2&d`Z{J1>1_teoUnzpq=B!lauCcbhj2Lnrp$O$zF~f;Psiu(zx2pM56^@zGsl z)coDeSS!jy%O|IX87o5(GU-DL@%y1@+y0tW-@y1K1)R4UPF!ZGxE?W)+QY z6M&MSAWYbkHtW#Tc4So#4aDJN2#TlC9q+zx?J2=h2l12E8yN~EQQ3~Qw9^eOK-ie1 zfe@1RfIE`$*g=Oh++=>2`IQxaoyqOF7Dh(Kw#hu`y5wsq$jW*g*V!yYE`)uQN-h`z zZR3y`fJvNfZO&~wfnO8S#{BxDSg)7_oiq23@~^ zEyaULXI>_{;1Cir-1p-!9~J3(eUQDey#XbDFhg8XGfdB9xz{QxV%RrErY0SMvXu)v zP5*eWCjxJnq`xXjK%t|`_0U3G{5H2|IV6~{Fa;HrhnRP_b0BF5Bk=I?1J)<@u~lEb zfvPf3O=V>)Y!ktWu(0U#f*(;&wIn@0*EFF04IO1>W@fEOzp_{9^tN2_!XGg=%x~!a z#|w~_o({&)Su$<1I%}XBKqrETxfQ7IL;lmM^EihVk(!USoAdwh?F+>}gbYu%mq|n; z`^0#(Ue+Ps?jL^%nw6}qysss!*0?ExkjJZ1DZwtaS+x)eAelCg*x1!28}ZG=9e7MX z22HH*0^N;C)leaYr(263+w|+SSp9{dYF+_GhBR99&Q3Td5zI!ZCiR$XIfC4+H z+z@NZ|MEscpL5jF)6E8eTn1h7&c{3Ys2(V0Sx!{y8yc!Y9w8zMsB#A63XxhvL!-*D zo0M-T8XSIARaM|>2T(RUH@9sK76SiWo2Kwe_+&MvK@iFt=c3BQ(iAMm%ik-SY~NQr z0%v+N0|Nutn8DuNq$mdcaL_9-n++=;kH}|C`&(YH_8t6Y_*3{&q9WS^01qmn~2B_ z=YaXq5>wEclH3ns8r`M~-o1T`^XQRpi`m?yR^b_3<_#ebC1$P-gI^j1hwdI9Ll#q* zQ(xZ~69$?MTRg8IZ39i4XH$i9hOJMcK=hT9lM@kvU-&nqp{weAAzBA`08~A&iHM-+ zM*?l~@q;OloZmcy(0}8)(B>4EU-uFjw+*Ue!D9HEkh*#-w3R%l5@8)!7vGVoy(%A1 z3yN+(&`9%3V!OfLdg7K-TuUqc^1X)K)9GSLbkWT*W^C^iwzo#0wDxkg0RC6_x-2a( zn~ARVe144L>z{;@K;sRaHnm43>5JQv*;}JR!G_gTECO#j)t4YvT-db#0W8RKP?5D-%XQ3R;m~^1hg+ zZV2}L1%6PZu(06enJwR{nIi~;P+pujD+W5`dbCARE4OIHMU0v8?VA;>F4MtWAw)@O zDXE|bahYa?%>rnz0JIay?yQfMF+*{Whlh{?I!q}AZn7oF2wKmgKnW75TR7c1-K;As zEu9Ui%FIMeG1c4I*?|(9_T}oBUR?!*_8TzR;2`byHw8sSyIG1ETL(J}9kPjhennNz zeA*y^yn6Mk3f)~xOA7>^tMVN%RLrY_RKuHRtqZ=;-|4bG$}T8aheF)|@1v$B;P$}& zA;^sgFQ=0|V`1SBiHV>OOM{s-HC9&S6=90*-UV8w^th`v6BhXFLT7q*)q=@8r#lajjop&pyeH$Ye? zR6>N*pWGK}v@o@2;4g>5BOp0QyRhkiJ%v8H_9~XondRc;(&8e}c6?mi5Jrv~60lG> zIv&C#f?5ZdAwVPr00N{lDCq&yfuii+e_!+Tyo`@0rVUqvU7@aS^5zX-(wo@_1ZxF2wAFCGLsFcG=nYsk5WiWpnnOYLM%F{q=O6VQh2g z5$P26nZ#t*K;u$Xb);)sPjq^7;ntMK_E==IFY4ga_1G}4m0#AQrUtX`8!y?R5Ca8Y z6EicYTJ^$oy7+m7hlPRf9=-yhRgcBp&5b%o&;`oCq6iEU9yVUyF=(iQ?_mM>?v$+! z#0eA-&@-NDmdo*BIiDSE>$$ z3V=Si%po&K$FS({ul%0>(FCO~UM?`=>Z)BG9a6Hg(GnU7 zu=pY+-GRMmYQ}?#50D6!_vxdP`!~MZE%(7U8VnB)&(G@tY6gN7AXor=JR`#pR2^_y zJ3Akn3hRi9HbJ=XL7~2;rvq7rVmcO?z<6ipy0Wf*6?~z~_&6WHU+{RHna9S&$kXE{ z%N=6j7%o`+HFmiu$87kk@P$^41A*SPaf>u%Jne%$z!J*pfMQ$B#UZpGa_&QCvgM*C^X? zoO1vFNP7>kocsTM*tn6bq(MnV(N2+umWG!0-b!0U1JR^H(cVRSFD;Y?CA73li74$w zyDQamUiXdrdpyT|{GaDJp6mD>zpuM-^|?Nu_xm-@^L(A}#V%v_nm2EJr4Db~cK6Jk zt+hTc*pXWoffECgg`oWuR8h{eL#`_e#JfH^@O-2rD*~~?%4!4xIcD#Tk~VgWF+!G{pzvq+R@BCeO`*WZa+T-G>R1lLH;f+ zvUO|EkZ97cIXc?@e9^OXJ!K$HXK|Y8FfJZ+orXHZn@R{Sp@@ z;QcgQN#U3SomHa(t^na4z_{;&2NSI+^+Sy@Xp$7@rDVm$Uq0(|W2d!;c}me`%Oeu^ z#7D;jh%ncN4a~k)Ck+_dFHt#1a-|DPZ=V*M5H{~^Zk(bu)@7P*@uNOMHQx2q&arsz z(Z@lyh3Rch!ul;Oq!j!23ta9M=-y3(#}7ORQE;-iq%eD2c46I%Y{!lr60%xa;VCKR zvaNVuWcA9FU`SQMwlN{_^{72mxqeCS*JRMT)qpUoCp21K{)8yqZ9ody5^=_k9ls-oP*i(7bB^xF^DyC5T^QW8V+_mT-Bj|M`I?#`#|wrpNnQf6IO%7N`5bga~nQ zDKU`UxN(Ds!uIq;i>4RBJg5+qD64wvNsMrEW%2%&v%R!5&HvRQLLf4YrGv0|ZL&w2 z{`Kza_1Lsn6vraqer&bEE1BDj%L+`iPKLZv@SP zIUWPtJrrY3(II{1=1y5stCsBleT&L0kmf8bu7T=-$;sATG&kUgbn_;;1W-yauM^|r zs3_e~BqXQ^AgtpBW*Wh%48;i;An>lhjJyKzARVVaf5LbZmeQ$H*U(oXxI=7%+GM!M2W$Fj=O8 z&6&G@-)t8uIy%?+F-<%^yN9Zt+UY^>!g4A?B6nk|gs7o{f<+{93YK_z;~zPoUN*zVuOxiQL=U8)Pxa z1Ekh6iu{5*SaQ7`Tc8o>obpoh`T9sp}2? z*#zHXK)9gp0#QMI@L)EwWqE5E$c||r zqbvREpP1@l{ClNr_@6y0IrdArDtx#7m$vc7?mrv+;QvE3`2Y1r7kB=7_tU?h?MsK> z>&c_*uRs5s{&VGdCQa^P%^bEc?cu|5#Bc zHtzj%uO9#Tj4nRrxxd!yzd5DSB=`5Nr2BI#`5S&GnuAyZDABV%QbSiwe@!_vK^FP1-C!PP#g5;a{y|i5J{<)id$NyaB zzfU7Ja5vskxmrcXE5D}Hog-eKYG^;St=fy8>P|1U6Qe1 zRA#DysHEH@#bT1CzJKpSpA-G2HAe=cD+L%UmE<4wQR_Kcv##g{N3EDFjy8O`mAFXn z)Tqc&T9ht$A>EBrzh;2>fFS*~NAI7zD96Tf6`eeBvG0RP9YeKHv3W{+7Rj8~*7v)g zN|ts9%pVaF@(Qf1Gzz4r({>mNj4t${tZ-H)z*~Ke0quu_qXIT${ zDBC}Bpwmh10Y$l@g|AfU(9xUMw0y6Q9rw(wB0HXt+gug8_rA1T27Q3B+@4ZR%eNAR zPam#{U;&8J^86i(o3*Cbr@hQ0!q4vdG_py;{<2umVEMv@RU4(nE*@Ul)3*j1TMeVM zr_v6UnBfuseD`37i5Hong1Vf=WsC13!zm$KZc0eV-f0^*-^TRw38%>M_C)m)&lKee z8irjBp^HlF@;cvRSXedle2PE%2&Qtyb~FeUCSc*PL!uGExw{QqkGK zxM}mMJ4CLVBcgXT*#)mh(^IZ2K9Tk!8#WJd%4t{=@h7XPW=S=g7ulV|;B}8&-Dth& z$gooAgsJ0$b;W5U>Y{)R?82Kjcr37mzvfbYm0fQnSIKUbn;CoW-{*jq8nSoF>n;bsFzA zq}zO5rpu|Y!8Mw;(~0e7gggoB(rL!&mK_rJ>cQtAHobEO&^)mePwD!pZswcI}A{~URCpr`ostO2WvMX9l&jNrjVT)SL5 z!%I*QOq%sR_xIG#sfv6y{q$f;JxQ%QIb4h;TF&x}l)16-XtY+x2 zFH3Z?QIDU=D><%m-p;$V?iPN!g@-SEPux+j{iUZnKh0nGWGF@>aGFeF=5ZNec)$18 z*QHt(shqULsqO^aOY&f(M4iw(kGF4T&^yYariyH|pv^eOqs zcFtSH^;iS5b(_yJQH_kZ+|B%M-=MbKR2rVDIK72T!uLeMc18&W_3mU-Ra5zX?rq=h zb_Yyd=ow-k+b@_G9R9ZEY?Axm;~ z)jYgE-MU0(esxexf5CRVV*ZwQRTBwkBVec~K}TG<$F+a*R*rdZ@?-SO^w(m~EtzCB zFBEcUcU2WFT}b69*N~2leZ2Brknwfqb$y9@noXzdv?qdwD9sGrrJSg<5}r4N<<^Kf zr(#Qzsl`Sq?Drx0D>$~S;meB|w(w7SLGFch?*2g$b-_jnVI{(c)%Qm*t-P{Ou}qU5 z5M@_qsBLg9x1wcy?e-wfG_LS)jd^Z5Wg2Ti@?yOoF0h&R@6DVp@3?dBp8xJ3c|V7l zZ)fDR4lzoN$}8|$?yMzs)%Y%4G19oL=DFNJsV?K!sIIEXw~Ha$`Yx>kLkJJc4{>*Dx*z^VVd%Lv&1>!(xW+i#KO?^&)_uVQPJQ>8(P+?A$~SMn)9J z>ilcV*U!0am9xmT4Ss@mUw^Fhv_pN|r)isu@%R2>re_{KadIs&<}Y5e9`JFpIqjy* zy^%A`B8pu)c%rQAU4$1|$Q!2-;*1?<^?732*IeWk=pmf<$7sKj)ceN z%h4FQm?u{HpOdJi*f?*_GG3lKYwebho01V`cWW$GiXolPQhxR8Xic;9 zOuT=P=fGkg%fWf>>YGZ%6?8#GQ}L$Fy=f(@&ns9ro~gan#565(BtZX~-6j4448(;- z2Gh^`lJ!?yswfN4j*UIkVNI&eQb)SovgEk^&)aK5RM###PIr@fzn)#9Sq}ZudyiVV zN7+ouR8C10c+l&2mj(>@W_^jl^^W-81!X2x+bLt`$2u!t7u5w9ll%(p=d&B}aB>Ad z^}WoYaveFw_hzxalq&c6#l4Kl3yD_|vDJ4QbKE$@%}H_Kc}Kzeo375vEL+o@?0W6D z?_MS*MU?p(?YbCZamYD{yRGSN{yEng`c?|}u%V%Px8qlGy1&d3_PkKCG}=M!F5AX; z;?$*+Z@ctlR%0k^rT?2_LRge;%-P-QTMyh6s1HaGaO3B-=$+}k z)zZy>r1A7Abq?}0i+4tkSjj1CD%ClHIsKVsBIKFY*VH&zmFf|u=IJIIh{c4pho?fL zy8`i3Q%L@`v$|OoPaH1~Hje*WlNP9_RQzvkrpWN89VvT5_NT?UxG9@h&T7^s5!M_@ zGJS@)m6{pxc9&kAH~s_I*j`4fr@6h93V${J;J>}hfAw?x|5GFWN0Cqar~PSB*D#5a_>=Oo9Z`kbA&(F;4=v zwZ1+?mI*^J06zde07d|S@A!A$!1)6R7U(D;Jw9Mkt&AI3{_eZH-68%0Vs_WZ2PnwE z^6W6+e5}%KuBMkR83Moo-+XJLGsroD9tVqUjsCJ zHc)opb<(<(I1LHfYOZAijT1C))0OLw{r^TpFq;Oz2gCqC7hExfksph!)zg&d2r4W& zki1|>p;gsfSXdZC>T)s(r1~IMaM7by9SoSzkmya^Y_(sKOothV=&kzJYiz_Sn_ zMx&{b^jix6lxUg=5`HcRKDXVw3bSa6u>$${0=S5|1eNYhn>Inbr7ROR+L`ka_}7RP zWng6F5@G(LP^Kz0{s2obk#tDZ<#|>XyWvjFJNTda@GG-JiqNPE>2*W!q-*4^3yK8q z>H7NK-twFCm}^e*^Yp_9DEt`$P>cB7()*8hJ=23=+6K5L06{;_KzvVd2r9u1XXwK6sE^zoF` zp{GYv@3!4j{7Zkogv`deGw08L0mZT#w91R?cBR=i3i9&gel?C72QZp}#n7z!B?2N_ zkm}pEZasw2ig)ksp(t(Mx@5EYq4=17ITUse_w)1v2Xpj13z2%`qtlB-HtPCRdkd?x z*{eNbKc8HmHWJEw;OTkB#DtM<3k&_|=qN<+eb6bVt0s*Uur&Z`hfj|`TN@Bz2x(hY zza$YgH16x7&^ACo#$o(mse8o;K$N4Xmo}juo3`;}(5yvz(@4RE4oB0qUzd-8z{lhCYv$RY;Y`1y=B_AleNdHY% z3G?G!g$GaKalSku>zd^aVITGlxC_QG`84P!wwK0FVzru@nvSq|JcZ#{eK=JPw{4Gl>vz3x7Kl?*t3w+ zKtKitsR#QDO#a;5+=!5kxrGHxn_E>kC^|SgnrV>v)c_j@{@zz$uHZ+-ITFqB`pp{{ zT?F}W3Jt){YY!M(JQvUcI^}oPYdSoKtUa0oZggN;eydGXlzY|GNS_mnu;%W={>atY4pCPhM9%M z3iF?io;H~K%6z^2W&;IK>A*lT$g@htIp+uxnwU4e4p0daAU{Cpn6_y^()U>o!?TY*3@!fTEZj`g*bX`fxRty{w6naG)$m|oY^;Cq<* z#S5PMkgL3GXvjYMkOmiY8Dja-H~Z|N)qE5f_#Gr09>(zSFj#!>AejHa3-lMH^ms?i zj< z3)!-|x*GcWT=lQmoJS5HHob5G>JD5c1QZaNj&)>pAxYp%gb_An1~S`Er3jr_KYsjh zj3PC+uJsDUa{4Fr;3L$D3T|ig@$mry4=M%e4|4Mi*$Qan_*lytl z7lAhg%#S_&;`#FtI2pQ!g~!FMV>B0h2l(gw^mN#-;OvN=wzfh%HpWx0 zrsg)vHYzX0J+U<+3dXQIDpwaig8LuYm!aZo@{zf|x^g@_Q35|1CxmIUD{vk zr%9Bw!-9g&Xj<;a$mR*`F|GL$lk?}BF&zUA83&KF^0CX+G|X!fIavk} zW++wG)j1d0c23{87>)uh^9q;*x!92@9VhDzV&_CyGyzj9*}8>qK7D$W+u$D+)eUD& z=;+SGMeNAXxQS8-ge6P}Te)BA%?>s4U+RI`xpbW2frV#BjX!t7*yh@3tGB39G1#K~ zWyvcwYf~W?$Lf#oOmqJN)yfEgO_nJbLR1(~_=|2iEs@aN)kQp20HJ&?LrlA5aT^4y zh?Iqpc)OBPK~9B%IZ%ruA(?L~m{lg9q^DbHn=4aQ`~I0uPjqfp`|he0wWP7X{f^x zg3W+{x`tc`A(|s}W@!iHW`M&kG;)f9bgCtH#Enk~PPVGymgB)F{FtLLr{sapB)L=E^`%=)}P(k%rs+WPe)`}ZHZoBQG$~7t{bZ8s5 zq_J}%mY_U|_>fe!*6CH6)17}ohPA>JbBJzBU$+IxCf~^9HFaOq^=*%6dv_0l-O>tP z?5*~8`cmjX!0pcMU`fwjxr4uosb$q8Z5w-@*)`25J#tl0`6(`od5yNzU9NxaKst6` z`kqiV9znUnf8^_9g6OS<2cq6KeJ-=R42`3ptU<|^ITkb^#X^C}TW#w~`diq_4%e=w zDmOktene3=TF72qQ5zOXkWXpFFkov(J9MT&Vn6%aZ|GDcn6WX>f5Nk1tuRK|LNT57 zoe&nUrq+izi=Pg6ZMcFrobIbsj(hY7VjR?~t(F{|5G~9HP_vI?Y43jYDbw86r#)g? zAf>{UFqbf1$bgBViFap9G+f4Lsi}u2Cl$3>XdzcZZQ`pi78Jq`OFLL%xKb%v^;MJ; z($XgE6e;X3QgIo`QagMd9@bV-iN8W=UbQw=NRh$4Qd|d8SHYzjF0%X>4=A;W!U!+} zoHE>ad`#Fz*S>r%zlA%MmKEkH&VV7iGnm3(m5;m7NB)hT1mkuSGN~@LA3iL#rYOW2 zOONKepCF&g;7(iph)P|$YrP62ISBKSXmeuPh6a!jrgLL)if-i@n*svE+R~3Bf4|!| z`E#ya*}9Tls`cI7g3Qd)Mvv47GWs*7F##zbk$;qe6z6CCT-MY`_f>XXoak2XPj_3u z9-`tlGU&g{2{9KZ(iK8DGT}06$~ixto$7MNm*O9eOlYBOm@!5@G4ia!2IEgDk)$=6 zThc1PJ+oA%+`$Cs>(qV3;Q_}-N*vuiJ)cV)?z(j-f9Q*TXLs?bZMQ_k)vh#U`f&A| z@~{8i^z32s3b99sO4o*=1=o9aSy8(!5VBaAvu9hmbq_3VgBX*&{)#IfG_#oH z9_dnlS;72HlniEN@0?slBj)DkB_$+A6j&)2?9Nt+%zw(iu+5c}5*~Ai^P_~gkLU*O zD=>!kz#>Dz#W$HaOfB34_!A!w>uzqG^?cvAb_9i7!-2V6__HQ*J-`jC%b14PLXP^% zGmA!=F?qIg(y0{~e8=qVoE%>Q28MMfhR#7R?qDeXcpql$phjrU(>s9sl=AC7^`Uvi zebPhek#cBfwHn?4Jx}{Pk8^w|(xOrpR*pcJj|l6?rwEC@wo_j9TBp=C{aHA8s6CKW zAA3vho}8De@uAPvUeT4?;JJ951SYEJ=97AHRD!(7dLT1$J;tR}^7LOVZo?&|1azjO zz9KfQd4%mN;S4L{`%l^KH&kK6HDH`!uH(wD2slCi;sFhxZ|={MKKJ!Uxk=V=h)6Kj z^oE|x!I0W_A0#6wd&10+r1&!IOid4W9eaZ8nyOTl@gtoeq>_19y$^H7DBDWoH84~u zXLznA{Yg7Nsy{TLa|ig|LOQpaboPMKN1gBK8v~R1C|r-(J>| zu6jf$SqoZlRIdFse$dH`@?HwTsV^vupoA+GPpYb}M)`rv0EP=Ek)a8emEq&W8E?q= zC}|uwUPoI&g(j~^1A27YLx+@PvL0Zn1F^bAm6B+x@b&8%88Ng(sJGqLehM1mbUABl zn2NycB5em-9o9F5eo8WYV^|6m6%{nro(O=#*CzJUapJ6rQ1pLoEtzHzvT|$_ro~|- zI{CN#*`B*B&mbL-rl(F~p~C3Hac&1ukaGOIxSN}(VZ0#PLXn$uH&zLJhVhKh3SnR{ zRy20FF-BX-)ivxgG9+XxxM(ExeUL=REW=X)!!+M<7aTo@Fvg6N)NrEJJua0ekcg1p zAUjJECFpQ8&6}`6KH&W$Ph)|}@hr5H_L$7ZZftFj)GQ$#pPy_?+vBQI(*5E(_xuDmpf OV^fwmwLR@L}6p3amdq<#avMn?HTSq;DMc;>TpUeWewoTwGkZ?m1S9 zY{M7fx$2kGxA?M6v@F4CqQ2rCsREWpn(g$u(6<&7*yL`2FlYu~0F{{`sp~>O)!3I?P6oRyx^uB?O}4 zg{=OFN0|BO&(x+|=-ArhKlMR#M-1(cI1RQO!xyJkr-rNku_F3h>U0ru_}1wQxok)0 z@l;q`rJT{isF$iRuIQ60F56Etqb@;X*?!}xI7!L1Ng5|PgZ#=Bvk(G8%nh7Ah<4J^ zoRWisqrGYCIayh_OC)B6r9l{5Yg}$RwFkvQT|vwi?McbnZSZ^opB}wzn4E1A# z+XANR7EByK?z6K|*CO)9=4SLn@?01xbjdZ{%3rrkAhc?Kzc0&V)BBvqFhQ8LQ4O0e zC1V;xBO?Rt_Sdg#^KA`7Jc>pt=zh;}si)|EY4VKL#*ArVzq~Ij4KlxG?U%=QR%1op z6)lRbUDz0u5t(=D%SNFWn)M%gi^{0-J=i1|$j(Kdw8k8>6n_UG1}<77R?bLBpU`6}Jd-O{ z!?y>DKEJqsUk$XyLGlTzLeOe#RUb4JBo;QAzOxH*O!~zZ_bUJ5qZhU z!Xj|xi-)P#E)1igCB_&QH5C=kb(21O7DamNwv2_3c9o5BVwJ+-!CRNM-PzdGA&&Wa zXBT!7?<&9wLcaBi2fwt8c8^A(^j82*?kj#gJw!&B`j zzNk%5DaHe3sN4{Rx-CdlmaqG=oH17lVrvnUxeI-N0efuc5{P|V7qJbawLgEl)F|}V zd0#lv5{f}Cmu2b%+_n5^@uOY{L|^dnfxs3}UWQZouTG7QZZ|tO{JYSB)N#FpF8d~T zvrLwBM;Ng`@2~s;e-TH%Yv_ZC>#Edgy!By%2$Z1x=EuXj$iEQ>sSL@Fh0R;Q%al8R zPn1a{P~J8^%`Dx*p-jyz#Ceum*A?X+T1}7&C zVaT#@=j9+Gl8oW@m7_BA1WX<}eA+O9mc-XG{)&yTW?|Q}*mU~pysLws#_OHZ3t<%l zuns^LX8)j2#X13eH#I(9KYDtwp0cpSUuki1aozrg2Apfq$OyWw#R*)M(0aD1qQ`@N z#NV*^_?ME>4~3R{Rx{#N;ee$3)K>St+-){uaB51w?diGEP&dl1V%aA*LjsAT!`AnO z+v?5I+r)xNH;#M0!OfBtRVEBm**jCb?%w^_)6?3aK|(^JlC2-EzYp69PjMH$s0(^- z^jpKB1FV?FPwZ#DI#~7NblwE8%;dFG8vd@_QIHEm?`OCk0$4}sh%d1RQg=}!!q--m zH|NKswY7Z4>pJkT5hNbmzppA>i&gaYA?;gM+R?ts%Kih91;t+Y!TISvqN@nX$ZJkc zDSq9o1HJPFWd{`AzI=HeEhOsgByQ;gmX?-C695-O#9R{K|K+wi-{rWagNQiAC29=h zA|kp1maY*A`CREfTPgWwbm%kbP@M)gWJ*Rjkx&63m#{P}^R>MD2*in%O_$9bFV_rYYcshIgo zoS76KFP={z;&OL1^j}=dF*TI8v0+=8AI7JY=~|Z>FuwG14|*vowLTj!*Hbz+KwAJx zXjIzXSBqA3O;KaTS%a`TBj*hk0lP4m?RoWQYbL1C9jz!_OOKy#yWAZ9bpbnwy@995jD!3uEujBl(Fnk zxkg|&lqp66Y?~KrnOJ=VAbi9I=MaAAEp_q}tv?2@r}OI@aAxH+@`P`PLKivq_3UDw zJNx6iCXwmsEJ_EWAE>Z!)E5Y)+&U3{8z)^L93ePGM@P#Wdy!61*Aw;R1SficR>W>y zTm2OfZoP9nA|j8}Bl7(H-$RQ^(G<@jBow_W!?SGq`N+!Av`B*eOz7=*?@Niy@m{{69H?naHK)+iD`KfOdtr+J2hD&lJGRbV!lA;N-m7o01C z@D;T-%(^yHY6IgGAj14wA}A;#`7UaqdFbY*tS(^QCvnR5L%du0;eGo;U=q=+N@*7I zo$?5_#$ZuQ3tBLt3vYG`5#+FoptgN08evh{^^A@Ga<5L2)m}Qy#_H+;czDG6q}ddU zx)T1{vL%BsGymg9$<=|aUE7-s;+i!TaZ2&3t&4P@+X^N$+!SQQEX~XuzkfLc9I90O zz!>Y+6j)i`>d9gj62OfPwndh(#Sv&PNp5Ie%ph*ox6rTh$LVLUPMRJ+QYe78V z6c(g*{m->e)v!ZspZYO*5gUZvuAYi&Y%-U88rB9@P$E0ZMggwR*X8#cEY#G5TMj}_ zyRG$?Z{INAFoIJ<*A_I`3%1N;$U%7w;>`?v6jGyR-#VIYvyb1Kw;01sGeOe$2?o6K z^Ow=I8pfZinJ5D|-01dvBjdNUI5#4yfHjaT7qWo31aG8L@hJ3iXr5yI3l`u}gb8*~ zERm?DP?UBD=pFL{q+d`LmMvxZ92aoN(i@a!?E$0n-@ktV?*Q+Gkxd=&0T~ITBHgviykwm?_6GMx8JRF1K0Xu~dC_l! z>@f%gySGr~9Me7@lr_?agDNUS4ZoM5x;`x=1db8hj%}mrhQ?$}9M&5`A#ylyL@9L&z;7*mkwBe z&)T)*b*L?yYOAoe3~*4SwkVzpXSWCwQ@|u*#{nu=Q_X$V$79dlQk$5Z91SGhS^Z!? zk14oFtn#FKws2VWfJq)n=Z!rz35VMh$sPtVF?SG`;26Hn{gvE)4JKegv?Tdg;Y1~r z+=Ioa!zKM05LCF|9_FJ*TNyi3&qY;PY$&lEw+HzWergEx4GPis(R_YwZn7yMSkQb& zf_LoRZBhA1AK;Yk<%_UpZR8DOtN`k7nvTU>m9BOIj@7_eE0hh zNnPM97|0Q{{qO`^+z_6ygCDeanTko~VOTZu=tWn#tjgU30|U6jG%#+Zwo-!qAKX6L z8?>`IzJC4cD9g8?(1UM1nXoby{5h?F%FiGD^aAITE5P3jgp)Y^Un<@Ew>r3H z<%3p%rQUf!()jy*fQ1|#Pr7>f*mf7B;1i=NNZygT^}bXvGAamol$02^KwE=I2EU_% zKDvdG76cSJ$08;aX98|NpSwKO2LMn`@r2%0TZp5QfhZKvxfWn$*Hn29CtRbU;x>$S z)d!Wyut84hj7DjDiUM`%gCs0>z$CRa`nI+ch+ud(oiY7Md*(3t?mT4+l%0cv(lVNu zPTUovujwg{<}T*FKF&!`ie4TI<)(h6Ci#(e7E%F>&>;TS34Di(V7dFc(L(J3YU)K` z8Zcr;#jv3MR~YOO574PSG?&S3Ky8IshXiUOcqE^L=9Dcs<5y}YZF4%&F$g6`qpblV zPO-w+abeb3EiAv`)^`X^MJG*iMv)cZB8fz4i!xvhxD6AH_yFHv zFkeYonai*gja5I)GrhS~V8S_ywFpcUBA5`qA$yvTnV-uJLdmyPSZv$Vk>zt>DHcoB z$EJ-*Bk%~0q0>74N)fXQ3l?z%G=?pVIaQ+xO=z1(1CPQD60iD0G;nS~WvTpB&nN>F zHzrBnQ8NMuM6!H1QQi0UZQARw{0%1|^Z(8blO-J3jkaEqEesgOQs*&Z1;1wyY_%&6 zVSsUF!VWfhQ`3GZE>Knxa4y?Iw-Va(1Dr6!S*@b9Mf+FVb=m3qb=U$ht>o@JC6Kc_ z$Ei;rrGwJnFEC}XXev+}9aD^kazdIu4JQ@7L8~|zz^H+7Cqd_#ZwZoj(PM!r8#SFw z7-Fo7z#QSIN=pBAg`=gAs~G23)z%iYz;vf06WMbpHNXC6cA-v-RX zIrXoBUESsH067u~Ot5zCVkZ98<&~9y11EgiT=sbsKtC1_JKh`4&RD zRCLT zCp5aJ zoOWNog^Wj3W^fsfO-(7$zm{-wTO-2WGWF`PPDO11AqNcw#p|_e@`V7};p?uM`^<{` zJ`)223ZJc&>uaYCw=%b2BHZn#K-wj}u-*H@I2knX=|Heruh2yvOdFj-aqdXMriETb zVAq|pYm?Efd@0xg9bf`rS%6Zs*?cgYaIyqh42D6?sz&TJeSYd=S(D`zu{7?>2^E#N z^G()1*H{fI-O8~ov9{Y5?$*T9VaV~NG|H_APW=Vky7+j8+z=eLHCTFcic zyrruoD7>O_YBO5nT6atyf|<;G_g09~ zN1gj26=z?K9WmR}sZFA;@U4V6;u7d!0L{Lyd^K{Sd!bu{GxRx`WhfqE#zRKn;`Vpc z-%i)cMua%id0hkxyI#NkhE1HMm4h&s=zEeKUbDc;Cc3o#V%e4bz2O364#W~FsqRB} zH?rnK|8OZ88B5@bFoZyQNvhXCIi)Boo35U=8)&;)h9in-0Q#vro}V~=eB|S^X_UO9 zo2CG#LaHTCDqNl7e^-1;ljrF9$f|M#jdTTD3^2{GWmA)Kmds|YGNM?GvEy3| z{aG0q+_|+`iQPMQ?!;HyK}{2J+wsoESFaMl)M*}@A9Q4Y<7Q&Sq8+POpuzU={(WmS zyo_cLA(?mQr9-lStGC03L5GUHK(usLORfOx3{Z$;+qNI^wMcs$MrF@i?dI5R4X%Rg zNdp^vH{oeo1;zw4NM&T+V(=e@*c$p$WKm+z9bx#|e9?V<(fx!)L;7Qdc*!m20|_(x zSIR};wKKS9t%Uc~DKJjENl6oTXq=B@icq?G^#|_5NV*;p2wLXv3k#P!G7&J371LQc zXA7%BPzY!QVS@m~3w>Rg>&i9EVrytnq&Z)fk0}S)@Wr!fDVW6kWWia#-OieqexWuM_`s%26$fu>d;+js^dfrZMq9QoA0z4 zI4UXU_pCi-lXY$L&HwcV>@=-LT3*CAvJZ>x27MP z8cWlYYeVy2AX1}>i}~o(fHfEcxN46I22f3>rg$W2w0&tjukr&9P%txt-ZXI?`h8$xiXzZEPT_s`8jpR>m>J{p6- z0KL$S=^gqwcFL;R!+cDE#2I;QWzaIupoARSIDj@~H?BH!pJRb;5g69~y?Yb7*CWBi zr%AG*F34YRXxI^iaE6N6;@w}@+MBOq@Fe{ad#Lj$EJ1;igT35$*@?;U}GRHH_Egc<~ zuaHqb#TH1&j6CZtO{{ z+;C&#iwMUb0z#qkLK*j1%pFZ$wWCH9!kg#rdJnu7<0(OjVt5`w7RV0}(;^r>OC(1+>#xAQ-=YOcWV z(%yayAnrsL+6kymh>k=}V(Z_8_`f2!pq7iKk=-Qz^}8Ht58OT8bazMjXOa<9d8bSZ zE*P$S;xd{S`lt)irRZMpG#>HW9ZLJlWA%tTgIBge zNpPDjf44U8%9~TxtxVz0cFa%tQ-H)v-_mY-c{JJu_2MoWk{*t-m)HyZN*|2kr|81+Eaid=RHn>f7~T&Vv0< zw|cPtf$GuY#{N2T5+<+Rwtjb76jvUn#`qY`~$$nJF11CUV6`LSd_qwtf9Ty_!Pa zrGe7~QzYvmV`A#HM>O-=cX(I_rlbr)%Omh`y`?=nX6y^LAU^~1lI4K_F`dtOvDk&?cT1iwe$z;X;UEyfD|)=*3}nwsOW)Mg zgnb}4LxWa3bE2$0j(C!USzkFixa)A=7s_nFL(&n=;)O;4r}rjJfCh4el+r73mWAZcI#G{+XSSZ!Q#aW@aN- zH8WBcS)CSv*#io6G~f<;Hwzyu9_J8ij;A3fK^WHqH8>Io4}5C?H;AoCJBS&5vMa9- zVopF^2kGdD@Ulz^*?p-oy9phxq`{$~H}=j6hxR8okzCXC&Iuv_3 zI5P*TMNm9{7v2N3@Z$~VykBLi&1@=INo*qrMGibx>laHvk2Nu^4dcF{rZ{DpN@(m6 zR~2P6A?Mo_@-MP_Oz>ZFnJ(?X! zi?~TdlO3#WMJ1)w`gXPAdnqdK66nBTXTgiXF_cU~7EVQkv>|&Aey?-#@`%pVbmp(H zy&)PNbdSStD@Gpo^mjXh77!=@4fbeHboqWe;A7JMporqW6#8PcW;n443OF%WLQ(V` zO&o-T=j>Gk!<@ne!nLM&`-Y8^P96o(h!-~${fbpPHxv~LtK_uGuY?Hu{~A$T;9 z7awKtr1N85mVN#VKSQbVfg4JKTf7ufnG2Q57Te z5{?N%OPFqxd#lO@~8aV5`>{axW24TlP-W)y_2lt06-Cy5}H*?!w~Y zaL?%Q__)H|qQJboJaLBeZ5IyE(!PN8VE9KQ$HQCB8a!^hnJ7PPa&oC-Ye%>TS=ENTe0niSoZUlv(yEzwz7?1WP()YIZKD)k zfk?W%yu5pHldAtA5qV?!YLN79wK5X#w2fUME=krgWDBcvx2TjI!ak&YpCE-<3!)~` z#^%zeQca^zeSL9UTEt3)G%x#Ln!X%PTXdFIQZGU1j{hFbykGdnaYN%R5O9?8Qggi3 z(RzT|ur@an(oG1F0Zp&{q)&d0Vt&-dX4fI%NYR>O=yH<+w1_Jk)w*v7WuMB<>LnmK9r(q6vB{bS$h|8Uc-p398fs+J3rzR|U_UzU)=Nzv<-~fO**d9w=M(Z$9Nln5CkViY) zDEz3lfx!g8F8VYggOU-#Vp>TaeAv!z8W_MDm?rc_s3~;HZ#rdk<>43+S|_=b%dL=7 z6S;qsh!z&9Ivfc7s5EIXAd_i1Wka;;Db2JGBeG(iHpHboo>fzEQG~DVFHczgj zuMaMVB|tftNiG^gIR#FhI8*S2<0!A`>wEm4ZzN%6qa#zZ&5brouQ;>7Nt6iNFKOiv zJ6j+QT9?)Lf0}+x=(S8SH#0klDtc3e`dKNdZ(Wpu$37ilZPnhFXqTXsYrsn10f;r! zX&Fa`JV&=OTiLb_iO1M_hg6owh<rtibrl4%?~xYwJ={Zqo64eFo?$i4Tz`e7%|1S}SVL{h;?7Qo zT2hVUVeTI3xiF^DJ9|V`PO+VXF5jXd61J|uU8947t^zB^pT}3_yK}`MnD;%x`jz!M zmSmzu363ITS)7RgdcmS!X^^ttRiWkfmK_u_nyGas2~&AT3&ycH>F&wY%kHIN1R2`)Gf|g!m|4ipxo&wU*|TGw}1i+kCJ|kgTTeH@B$Xn`0t7J5n_qZ;dYWQ%yr9#sWf2YN%**AsWiM&gCqCb5mB25{J&gO&L#O0zf=+9Bu_FK#)W`Nl6KFZOZcp zcIS+v^lM)Z`Kg@YUUY^obo8ls*u9Fp+mI)W3#O=dXJA*thjixMn%Z}bgM?u9x41#MI75W?b``Sew9CqbnBv9ERQ}-mXy$J;NxC2u! z7`g+9n1S9vx{j7~i&S5tlFn)(Ao3bf?5;#xjW^&1(ge0bhtlPd~EcfBA97Zj9Sn7>Xj=h4+2Bw2SR}bagF`-M-JAU zlEw{%vtfpAVQPWX{ZX;x5&HeE)LaJX0?7qhsV&;U$$+sar^(f}v-;2?X~}f=r=&x* zh(VC4Agiz%8CnhTzZa#6QPEWamHc(Pb#nFy+tp!ArXzGlJbIOR?Hn<{%s^<`s3jpCy-AWDpGi7eG~VF*>};C@-I5vzyCgid(QrppNbAcS@-5(Z zXJX!Ga)|bP&osH3q+J7*Z1%eA{glgiz}{|oG(wK)1?enBZJvacm97l+;pMtuwy`a@ zII$!F?#Suty}{U`X4N>!J9XSC3I+C1O%!I4=d;p{`YJ z<_)bKg%fE%cG^&hcs(Frg=YiT@jVD2aa(?1Qij?tHCI?OTjwfTVd?1V>@uC_S4{Bl zuoUxD32#zF1h*e_=K+ghD8{#nmk5x+UXop5U5$$V(v2;9U5zR6C9e4$xdh03BSm+x zDMcPnNDsL^M!IKDL>CcnYaSk*(+0Q#(wkLbz7u5-`dA#M&3ghkj_JvlP@iSOJ=WT6&A_oBIP**iV zx6r!F4NW)u7xwJOHeI>IQ^bOMspHe|&Urfd61sYsm^Qe3_*3~$D0qbX8bGI`LXYR* zMx8>EE#yLazjSBodVrB`MlUi< z1hM8!y(Xf7abm{0dK~y!5DhYq*9r0pkPrbSK9BRuvRO1?QU?MlrJzV0RSN(=jd0Qy zAipqjXI1bs2Uu*r>c-2YUc}Fzo!RWICz;MUq+~(INPEgws-ez+qP+Es7aUTT4Rd% zjG0;T%(7!>KWju-SO=`d2Q9W>^z!|zu@rWVTg36XMI?rIx7yrOYsr-ynB6Og$P2!t z(K$*KPhw~LR^N!KyBW=H2)Zf7>CBik#vdTA$(doDEkJR^yXz~UdF9Sq(NhI0R+54# zv9+1v9GB;OQSsiIE?=y(qKJZ|5J{0<qEY^)E_^K^zDaqQ8$x%0#%teT!Z%=5X-r)S z-ejQJB8H1NYDU=Q)Uc3IA%*FWrFqmyGs{79a;ZH%$UcS~x@6$Z_{?@iC=W;*8B5#g zTw&M=ZA$3f-~bpq1{=`A1D}MHH28YTdW>@dF%JRKr4X`|QYD5!49eD7-ZUD0Y>%p& zW$d00ayZN4VYy%?_`z1rzCT^pN#HqoGM3-&@ilF3L4tg6XiUrsA{l$uJl;NDX4xUxgNq`v8tRvwbFUJt|&# zcZ-_&oYS>yk5T0#Fo$hZ1%Vye|LH_4FemIm>qYg_7VW2ip46gn^vkDGKt?Job8iEF zYXPQ2xKrHf5CG&$%ssK&Z{N8Sc5Aubu5wjtWWVYbggZR+@u_cvGREDImCRMvR997* z;xl?1W!~6sWIq>%oRjM{`^FkQEXuu8y3VR1{Kk-WbL!29*x&*ozN$Y=D^n4OvI$I^Hdv8i0p`8oLO^_xg@+=<=O&w@_13 zf_h*PsXQof`ZV#3=;h@AFSQ311;BZT`ve6~4J{vBr-`Z(5FTb|^{zjP2zKFP)meU6 zLG$npH0Ee}Fkb-r3Yj7Xu@x<$Z_o`VxR*AfDrriBcp4+pxBJypGh~c)U0jGZ;K1_X zc`f5jN(nV~TCai;v>zz3F9NL}m| z2ogk2j6g=?386B-i9>J(9jH|Sl;bhay9C&D7Yw30hxRS?#odB?sOJVT)o4^M)THY? z_jPiz+t}Bk78M;;!EKp;H%JqHDzeBhTs6Xycr!uzv(LcrhAC-K~~EtzK4xj{^F&Ng2(olpp4=lvsS zz@X_0%5CgoBp(#38BB68-9UYX7w8ytREUhkacqDL@-t@*(*LjKzC5bty?r~!gXqMj zG87V#R5~O{6Wf?1Qqqi$G)HM3Q9>%xKv7XCrJ_+Yk+jpC(y-gj^PqX&`@Oym=l4A4 zS!b=^``7zgXDv?c{T)8T{kiVzzV7?RiUnc#9G^w-6x$Efej`jXl91;zouS``F0Kq` z7l=c4`@{RTZEJ>|1Hq7qY(@C!5Q`7PQ~@?Z>H&ZS*7eiiO!6w+vT0Rl}*iV7m9rX~#s65@sZ04Q*JhfY5Q zTS%Pqer@46@gF$xBh5OHZhi-vpx3AfPEiEFfxHKVUM5n0aL~Yi@x}F%EHJS^*J^9s zh5WU>c@eWTz@deQ^jTK0Q$6D&u1lj4-74cUN7eZ0dlKT~J&AU>;{%9#0Mvr<6v+1N zLI4-BwO$km#^M3lrIcS+mw^xmz^Cwd&dyV>5?={F;1Lq)MdSu+2mryicpA(OoTE}y4=5{( z$AW{YgJp+S^sZUK-Yv3a;3T1(Yo#y8PDxD&!{x%{ecrq}uATXH?;`8vD2@V^;)LH_ zGx^Zcxyk`M1)TSu$BupFxpgT;0t_to?4PT-w8NpL2)+AOD(yH_ea^FYwu0^aG8F7{CCdYF-G&fjg=FFADa2=BJ)3JoiCJnR_1TF@m;uv{MNaPDS6I6kQnRyi0QtaACHCa z7V^F(${3O&S5;pdiGbn=CJFVM!3_MHhzm@l8u0sE3Dr-tRZ2v+HF~;?k|S)G*Qo zQC_Ik4TL^2fS`jx#S{B19(pP?M<|}nUOI-okNtU+rg91&hu!cApSTB3_aOp&W?}Ka zF*)a8nfS!=*jwXrS@*(W7^eEy3ad?n;P@TR_JVOgjhx3J?P}I=VigBULwKi6)!~ z?n6STjeZcYAt@9zK&RejkbA(dFwQtR z!Pk^l`njSG1&@n#stR)>TK#U`j708ca;Pb4H9&rthTB4&Ngaf$oflZ?naGKhvqW`v zAVw&u)X<{E*H;-z2H^Y;#lJC8SngxPwR+a6M}Aw1W<-M*RjFi$n>{~EKYnb0E&-QA zjix^}H0nT9`g%}4f;}a|3FCAJ)WyPy4hj~b-7pZafPv_5F9}$HXGR z+Ujb4^$d0l98#u?%EIzNOGZb6Pn(OZp7n_c4|f=&TH#((cve-a!5+!6MT z2T*C^J(6zbm_6j^;>5sqau}^f-m@S2ZYDtu@Uta@8%!&E%v>QYXd@_0;a0s9} z0>s>GpdPU38Sq_@3<<}Cos44xii!g}c6`O2Dk~d=D~qJF&0;1RpOy{n1q4QTzKTlC z#6d`Tu$5SG$ooP70%^;r9EJuxfL_QY!#o>-GBuh}Q2scvoGB`TXY#k5RxPIQv7eD( zTtl|G{hTauTdN{QT?`lz@hogJoFz^w*Hku>7a4}-2j;pfk$RZ6{HeZ-Lq@4=J%V{ z_cS+`V?KaJRn<4ISp$LOV5PdLjh!6}5B8B52m|O?jTH;eU%C{6{(GQWfs#l$g@wkb zYy;B*QBHADQGNVXcURY3zF_;Ut1crbGXmI!f+l590uuTI5M!X3fGgIL(J5dCv^OhO zDKm44-aaU4-S6M;EDd#=UN$^51ShKx*oTq7sdGs|VWB22g^MbB7aYfAfc)^`)kkRz zoVflh;G5&2WyMr-OrKiBL>Gr)r)kpYV?(I05mFlc_U)vsH!1}Y z{3p(7NNpVl^ZCr~Alnudbv&S!118Y!G36vGu0TR3)d`Xl<3(07N&;e#=Kg>On zvVco~A&E=joqc-)))sT5y zke>(+6;*~>-Czp=Re}4`jJ1>??cn3%6CYc_({lbyJuv7lQPCu@(KRoL)&Vl$%pev( zP<4w7QOE^=xOEr8CpaGA&guf3gNO!Gh=GTjVMeS`Ovw7pn}ZP6nW;LLg&5#Ylx;#7 z7Vt74{tUCMH^^pN*k9OMsExR}gW=F*toO#F2YP##!H^sGagY-c5QJg~JA#1ZA|e8p zR0h*sAR__W2a5p5?C$Ry%rMAk_eWH^16YRSCq6MzP*INO3xruM5z!i{@!8oHy%5!0^EzZWx6xRKq7)d%cu4Vu+V%#=*N4Q3)J^PVeMc+tIk(abap zjwjq281>fOG(_rFiBRTpjthowCDsF0Dfu3RD4_6{^MG{#^aiT{LKH)i2rB|5 zBae%Rhdh~_19}UEx~!1M2t$pfjG8;e`9(!qiF)TSorvYZ{u7ZVv`7X&`U45~I4WRP z;{bsXfkE#n0@Py~AkfO!_ID)#*^eSkW^k~qo?UG%APOoU#t9alz$E(~v&pAWKwQTm z3<9{1?x3izw3>|#o!vu>#%|;I5mb#o8d?emvkb%?91L4sI_L(J#zV;|@dF2tN*kx1 zQUtMJb@c=oK0+)^x`Oft_)rBEKMup5OxwN}WfQ4GyWljzF&DeiD!aM`NzJ?IoTMAb zs~MQyvk?!H9!d<j)UVPt#T>u2u*4deg7XkN!)A*Z| z8J5{o3=W(#%w>Ofw;kXW=1MQm2)R3%Fr@InP~u7z`gkbcaa4dX2HCNb_R$Csr>zZD z0p1LKw;}3<%F1>^@*$a|03?gDYc1E)5x2!bO{^Y5DjE^g9;@uErxMR*c-6V z;in<%ibMwAg|dU+kWP#ZfKwW}P*b?vLD`{X$l&ooBo6@Y#l0;c=nEufz%j)FbtU1= zR+IInmR?0BzgcPyh&n<68`KNSi3%owDAc8cj$jLJvJ|ZLI4*+tGr$v8c-s>N>C()% z$lJaS&IQ3oq+zHzmO_@pjr1%Ij_?m{-abBm8W^a3l*)AN+XXoi#fKk^HVmGK?stq9 zkxDQfk>$k5vTr57Rw%&whFKCdt|9c+oF1=XO(94r$La$#Y>A~$*ZZ)yw}YV@v_s#~ z5j2K4WYgNwadDTSohQ2TmXx5;jo6MIx-f}E?Sd8w-pq^)q#oQvXa+E6FTH5df6b1dkcnNR=xclM@n9)XDR~1DLVOdd;_3*1}fRIG&+L$Uud* z!HbnJnnD-f9Wv1|G{lxtrN(Fx87^0@m^FP_j%A0TK>IgL-*M*Eb1pB5gklR@#`vHL zw#Nd1uT#@ei_$SvP2bh%R|ixkAU8DF)KWb0_=H5kI({T!BeNWG0-|=;)%0~oj~zpY zAU&W$M5piEIYQ)I#SEUs5tJHTh@%NnS_~Xz?J+*tGR!p4<(^9)nb1S<#gTxO*}&qUzT%s{?Ou{%f>k%Zfjz;B$I5}9=hdgmGuFD_u=4a& zEl?IgL}l5l7B?OSeAmc!EA;Cd;U~>a28HFyeM71_5JbnC_hh{l7K0wqv z?3H?6!|g)CAv;KCxny84+33b?f@20if_x8jF7jv)^;M=fLE((B0m=8!t#PtZ>InJYqO@#tuQ{iaM8ht^&b}wK9c5ICs`5wFg98U>A zN~W13ei~O$6%k%KPmTmxE|QIHFsME+Ro3 z(=6-VViec=V>KC)?E<-~Z^~)3s~{m0Wl#Xpez^1mCJ7#xINl!5h`JXo5;8bVqCcEa z+LM+f>0PyN4H+s6l@!T+`;udi9S6C^vsrmL5Y@-DD6{U>4PaiwsmPEk}Xwh-PDO5jt1qBFeIcj3NbccIo}d zrw6kf6*!5)Oi*U_c61y7)S{Zy16$OioC@l!s9U211dmH!@2BuHn{NdN1;rM7RDyqe z)giZWIZwU)P$5cVAObI1Q>B!p^m58eDQG7>S8hGfJ`PRfBTB+6g|d{p@65!*6I^4Ym*lh3NWcE6M$ut0I( z)k~Kiy?7Dh@d3ye$_g?ws_Ef$#||$LpTqP2&Dxo_qA1vTA70}KtA;JcTiz9n~J5BPf7hH~* zi|@DY+GT+3p+WtS?W-oFEqg9vOj;lEYO_D;cU?h{!fH?@)=(cF9)6w$R>L4vXQ?HUFtTd&zK;Fxv#DhpfEFpD7QUv!3M@^#!7it zON1RVw6Kg@yfH@*`A3%A7<@1!lAYq-p1g>OgK)&TaiaMI1=S<12BA6rZh9F`M0AiP zl4NQUWs8>w!=@1vkGLjy7(Dq3j$L|H4v&|`FI~3GJ!6NJkP=251!9Q>3hc$n#f3}@ z=*_S_3z9Ik1SZ4&K}96^@ffsp&`GdzNOTMVlEj1cqYoZB-Qi#cr~t%$91y^{dNog6 zH*(jFL2TjRzIyd4soC>E*C_s0|h=gv5|+5IQKk)+!+UVCpkg zs9h_C!^V0Pr&S9X2Rf|jdM>Up)Od#%fH)-)^1+!6Zi-XPL@>J&a1Mv54K@#ck3A7X zeF={XreS7g28942WP*Z_7)ZeAZ`VANRaLKpVML%F8T~@5IzWG-u%xVlf;N(FwvG{* z-s9tX?XLuO;oOCLMfu$9O2UqZn}k~FlOTw|sUSjt&D-DCM{nZP2O5AgUxZ0U&KQJn zSk(>)!y%AgQ(cWJ-C-xwcX1HZUri!1*CR9hEKnir`t^4p>Kw(c>hTvT;Nc``yL|!| zIq&+Tki*$*+uprpa8I1;1h80Mj7lU*V-R>5TNH-Npu40VzB8yHiv3h0t}}cMwTL0y zhmi_KQ(7^xD)>4OkpEb@u@?;KTq)o)XFS13f~Fk>I0AD*qzqyDk@*Xlp9r-w>QUk3 z1&k%=KtfflRf%OzaKbP{#Qs+dr-0i4^w>>nQwcxi3%w=b7UL}e4?!|RN*gD+3-Pic zPzW@LRKR_?l7ObS9e=npF|dOh7RcP2H=j+T6G`DvqoK=gBuXwI1_Y-NiTMtQgQ8Y6 z(m%DGW|U1XAm0#=kGNAaumrF)h-T>1Z=yD!2GMI6hXc%@6mEd#ll=U$(&~`GAz>%k zl(u=}#^*snCWeN!NGI)m{v84IQLqnS;*5=qhVN$$?#;&03s$Z|s2@q6SbIR=!kTFn z#K`U%sJZ|{3|Lvd7Sym@(Di7b5l#2C_XHpA0PYErKJ1coWHn+2aVFM5J!G7cO2;b0 zFs0y&SP&Q?Y%xhGDHM|*X_~eXE|Zd(y$pdFy^ibcvnjG?Vq)yWK@TT6R$4A+w^}0P z`UWWRPkHc40+b74z{`GLAHw*4Bo~b?UxE@svK}h1Xz%%5SrlBB&!a~n=^;vs;0>Uq zXmqiF)*4V)6?0uY6YgAE(r62+}VMG?vF1ir)|5+cpI zkd1?=yaJyUON_;1AEFFk%8sekC$EQtItE|~Nfc`E01y5lDLIXU5A331@>JkSZ+14e z^RHjHF-{LgwviRqFfl!F>0k-5zm6JvZ;w0)z9M*I_!W!>ita$ewUTq+$)KlQ+dIm_ z-TnQmAmal|0Mi-t?3q5c88qrBPiUkjo!|U}$cpZ`cN6g7c7OM74lOM$gj5l`sYVp{ zc<7r8F*P4=EoO+9*CH4H0N`x4ELABVMcrZ8uHJMPWNP5ZbDoX79TGoZv8ed18qxTU z>AwPE3z4e70#tvGnEk)}z>kFhWbb_BO?e>zX|NFS`=kkCz&)>}A$^1Wl z%t!P78Y7Xuxt=GH8^;#Hd-D;=e~xng?}LY;<;)8~LX$NM(ZbW_vjNw$;_wuRiHzL5 zaBKOd`FnT$S2VPIt`)12XYO1h#jd}Pnl5MM{F`viM^2SI|NbU_#V7wB>@55+*I+Tk zaXu;;aAQ7D``5cJ1ZpYsJ)A?#=DSG#^KBL)wSTRl&Ah&-`1$F^TGk&zqADlcV5^! zf1lR>F(eBceIc+PKrG<1w@wUrop3yms_O13G@b6Io%Z%ES_fJuVHa6jP*b@y^J}W> zzJ}jTIAJW-e~{IFm#Tz%&5s+#6=Ztxn=|L-(hu_8DL(yl+Ge|9`vA8?Y+bH)vI*@x z_02$<%zgoZ73STe)EbleB|RH#Iro^|w%MML@aa~Tv^?7rMV}wJfccZb{f>IoukAkX za7?0R7^d4;*%&v(2~-Kx`hJ|0Nf~yWd2y<;h--iE*~-?dKLX%jZ&FK*GTd%>ZAz_g zWs+pi#yb30ms#UEeckM$b!Q&ksb=--h--r5^oSjWwJPzJMc=+DT|nPSdy>N~6%{tG z@f&*uCKM~o4Q&( z<}bWC+h*kZ5zOlEP{Go9W693B5zySM}-jn-5;f^AjEY5xtye_j74>b3Q@o zHiMSdNB5hL8~;qq)Qrelw_8img`e!maGL(*`Gye?_IBsPI4_lsH;V%qFJHGuCCds&R)=E!L>Eigx(&g&swL^>J4_} zbkIJvl*0QBO$J^%+_Pk?yoG9-d-doCZDYycRN@zq7db&>#9=rla9lkN3Y4QiLRWk zepAb3xzdC+a9qFNu8w*JrKtJJm$Nf_6s$*G51 zG`ICyosfU4@goV7Q$u#x@59P1ULUHO?q{5qZkN7~O3V z2jykfPs!ds(}Lyxd|)I+J|M+v%%EG5mOj?q|9r*rAC+wr8Q45MmEDD5Ek3F=LA{1X zgimz!YYVVGXf{@LDJ+ic;CZ;V^cgPs_M_|L`W!N#ua7 zPwnb9U0Y!}6#HlIbD!t&9c~<1j#RC>1VR~fn0ZfQXmJwP3LeDH1FS*s9X(F%k-7e* zv^ipwo7teDvFd$ox7i(6cSn=TSD^~sy9XI5CbUp$a>F|GylD-zp^2GR=T~NBX-@^^ zK7HFgoqL_<=v1;}jrScl&q=F}A7M6j+Sw)^k~7x|Rd@QgkKOL0T16Uq9mXRDPX4RH zxT7}9oF-uvnq+79?8HvFlcxg)6if6G4uA%E~L`ZJvw~!g3|E&=U==g-ve>x96M8JtWoo?VMoL9rY?7i$^x?>tUhV{dFe=ufV$>#3CHa{)*hUr@M^ooF8%!UId5fut$pWo zsd&O`M{)B$D;k5>bnm5Kk%;}4^NqfcakxGbC*z`-Cg?J**W`9*=`aV`sP;qGshKH7ye;Kf#B)d`jTaA&g}#zWlly4}U`)=|w#sRvGiE>9=pWHlwM zNaTmp4WShkiEFdqofHSr-jm1~qAgG<_6Tccb=AM6+Vv~caIfcO?A}|ImQ)oxeU7;_ zRVQ8Ga^9+*>Ye_<+1C2?J;DmXKiAoI9a@}X`}xF~N5W$4lTAzAT=oy>CH~p?yjt5~ z^IAuno-e4`x%QBE*w3HKXy2zCyGNyTWHt^QX9U$CaMy3qQ_`06>G`%3U;DXvC<@`e*H($*~#Q`2zG^x(1h2n&{w4!{b zJl}@5>$maAebK#&(Pxa?^Pfm>+|yGia;>V)>c4GpD>mwBDuD0V8#H2F&I1NXJx z(T*UeLf`zTzGPg^n4DkUmoJ4=ZE^wvay%}X4oRl%XP~;7a?CfQ>dLKk9GbYs)?PFj z?`kSSHG3B0F%lbNSUa8svAi0i-7jnLUC}|K1j`x5iMr{Gp~{cWD~(%%YbR5_Qz+g# z_AiA^{Ll2JTlN0TNvTF&JN0EI4V(Vv6J$U*96V4l7}@pnoyifJs`=WLo2G5ErKN6i zB^q?j(CthMj(kEbFn$+iDXViSw=NhM)MRHpZEdFB>~Y)HGFs^yqt#t`&g#*SoODjE zoQg)eqfSxP`PM!wo}=0Iamsr|W(><26DI!$x;^G8@IR| zuob+>yxRKLJyK3V`4M$PUEQwM&ds)cR}{@obxOyPw*LC~7)07WlZr#?WjPT zCoI%vWZ0fOn3>FYEyzJ;Zd6Md4ce3)EE#Wz0f@TrK7E~oQ$>f@HT#*E_!pild+A~U zDTLUA*=AAD*31vdm6f0qIy*N|9<=8V@yVn)Z6EkF!gg4~+$_kVqpY8LjtvsD)}^dm z711avH=WS;DWd}?Fm?;BWu>^Bhc0^cwq0|^s=@6W8~ZYs5wYy?6d&#tJf~0ZqQ_6$ z^&Y97ULqrX=Hz&l&+-R@Ti>U|RelLA&3$)|_l1@T8qIw@smjE(y}7%2q)2_SN-X^| zab{-~x~;M^hq=RemO6b#Y>C@H=66ZbFb;+l90JERvZ9P0XMgyB*xU^^h9*+&QhCM2 z!x3qJrmE`ax0Y5IC~n!5oi@5&DaEtkk=T^i#HFL*r*w;r5?}3@+Cyem zS2v_CRgU@zUYg-(6nb|=Zomd{mi|0Qy*kg>Be?vhj;88nI}IgyNlwuLy?xCE3hQRx z*|)u&pzXeR@aC^>G;AIXYP(Rv&y$llD{U+Vc_b4*`xB7L(%^6Jrscy?%`JHI~zrNg~QUMy@1NR-0|p z8YPKuxKW(@`}kz7b8K9DmBPiHHeEVLjw~Li8ZLN{`lxlOnKD0CBN-`m2m0fAWw$?D zQu8IO$tPb&X8pt&loy>~X`~oHy6M z`O<^5wd0#C&liut6bVZ^DLy{Cs!9uq{c&2O&GxNJg}?dIostvwDpqXsp$9k!$#gS* z4pNy{#PAv!49=Qw^_to%cDo<=^_BJ?K+X^L}CX6*tor;P-COuqzy}4~u zR=s?n*pSkNj>B0;F7{0oJ~=O+$NwbnZqUI$%)XTTlJj4+WYhWN5(T5W#XK(OGp2iAZ`)#S7!2u)U-tB=*mIw?B9wV_ zivpZ_Cs~iZlsv0ZdpY)3`&VO7l>OObjD*wKCxh3e@Wz{)xsV|4A(4CPHjNMKPu{zH zNB;Dnw3?>qrcExS6w`Kz7&ZM;1~XdlG;#BxUIM?s&9{?R^S`Y=qMkCWI?!EHeyvC# z+I{Q(zFWZOlDjv}>nu8JQ|+=dq8^ZtW07IywVQnJ``g=h11ZC_KM*ig^^sY;*rV^} zQ6Y6}79PujlmFT&UkgsssFibA1AVn?$mhH?U zV^`8Oi?)llllx|-bJ1K;GUlxyi>=mT57MiWP9OGzOA-sAs$yZ#j6U*QD?)~o9$!e= z2}Q-hR2BxqOiz>99chDuCT;wK2a}&)6Q8gU>}E9iefe}G&xK?>qrRLch{M`@r`Fl* z3t0#);`rv5y_POLER$2TsaDo|7{f?evFXAEKTeOfseauJ$m$LpHto%3u}RFJ7pTgd zIhnzJBMB!aOfSz-MKelMIKyEeXBiVyD`)AtL;Udgo=J__*(g699)7sk&C^zNeKKn*9#tlZT zsPXVQf?wB9XC1%RP!z){pDp68a_A1=eoX16S({Ni%x{eO_H#Sj@ z9-|Id?F+H}wdr=ze)Z&gIP?xKO`O3u1yr`VlB%n#*<|QjMMMnS5*3c!DmFCL)?|J! z{6`0U=Awli)9Kj-c-9I|icgodhUO^Rc?nf6evI!0gE0gOi!KhNH*dT=0a{fPsPJ>Sp`I(XW!4e+a2o7v0V&RS~l zEB)gZ>i&3mhs}8zR{TwrChiO0wg<^`vhZY0>V9h6#^)LQyK1^)v($^+XB?>C{@Q;3 z=aQ0!=+5B$?Xa_x)$Q7uGHuQ6T*y-J1OeiF?_t_RU*!FnWu7Fmr0wtr_2R?a4`)zR zD8j7QH~Mj~{EQm&jbA0Drfm+wF5?cLD=`)8$bxF|(>TA5$-EsOrir+c)RX%H{+JkA zwu<{loC=?)XpF0q6|GWpre^H=ySOaJAB?zwXv5;HJD=;h{JjG#du=Q1xb4}^CZ7kv zi&{HV%xRf+`<**Qb&LpKEp})jL}CIP+|a)AB;? z!unK;!t~F};zL+{Q)g^-*7c#S)oI9wBv97TT32Qew%%t57O8?MWOlzr* zTAEcFVIdcMOh&N3Os4@8=vzGCuOJ;*x+5e7UK-%?c=l+Y^udBb>4xzUXZGJjd3P$^ zezT=!#bE>H1OGbr?xVBvxz$l6_Y>68C%>u{zqybn_~P2o>4S9_*q@&cyJ@icedUTW z4&x=dav_`VTkjxyUjEl*Q6ATUUBz_kKU^dlRe6NBuL~~L&L2s?^_*?xuhz8w?yMoM zl<$EO0trE_gH2;o z?JItWT$8#mRz-O_Q1U&mU7CaZEs-)AZ*_!Ovsh9mH$KjUA-yP zjb!TvQ@TlMlfUOkp~Hl4tAb?e7MEY+YzkMk^d*{KJ~Mqww_v_pBjuE7(f#;N{NAAH z6xYx^`5LuUA^X9uklW^yR=uUye%=$H*_oDaTO~6-=*}W?;)v#+>9X|x>6!r1Z1_)2 zW84l#gCkXKZ9(+9SL-62#u`gX#D@qmG@e=d>DArF1aTgnJi9k z9(u;@rPNKzuvu1p*kwG9f<9x_il@(X|Rz$=+rnoV?6!#{Pk$b z=Y+n=wizCmMt|0c==AI?{qqwoT-o$hv|ws1HKM4W8XaZZuFPgK9jwrormdZPc|6i^ z_of?H8Q!ZU9LGxIgQeB&OI@FpKKiuS++2bC#ze{Y2qw}kCFVC&<<|VGOrGW0lKcB> zY0n0@<$_IH?CyswVSiqp9oE7kETr{lBh#Vo8}ACw^%s4Mwe#w;bXXMd{ni~fTGa}^ z)H}f$>g$=#tS(y@l3(EzPI~@)T5CxI`x8GRx9p41c85irhDF)ZFT{h!`b_Jc@)D=K zbq?r5KA$(<{hIDr6f^@2!T+hP(#ggv&HnOK8Y-C~C4#3$5iX35_ha&s5? z5FSo&!8Z~JiuzDX4-rQoNp;TtPZ;r=$4`hSKYC{N7ovPbKYNn+++Y9rG4X%;{{QwD zhxXfz_SxMWEthe;tZ#<<#~hzbY*}%A*PE!=H&OMfR@-Ib%pJ8%+M1>8#tL7I8MP*F z@~yRWA??r-dEMvB#8jeoQu}~~Z>&Ic_KT_9M*oLtS58KjXR^g@7^1g5D6_bF7`#cz zL0NoAh>;tWQIv{phUA8+np}`NIi*x}MGYlI4R-SQk*={j4=B|N(>qf+a~9L+1qxPO zPc>K@Z*A}zoi_R;Bqnd)-D|au@#logKOjVCMG=}pJCVYDkDV!=5}k>j))7t z59+A@ex+Z_)zC?Ol%}4-?O^Lovfmb%PU*Rk0qp?NgMr^S#C(PZBK32PNk>G z7^0`ww5uGMxtnIwU*9Q`_i*F>>3DaqX=^5?119>yV!y34ywx`&-&yPKCpb0U?B&MF z-&vVdfbT$W;q&2j!&?)!uUm13xeX zaWkhtJ?{wsO_ z%Fw`4^Je3cXMLt(#}IaavBi zbMNLhPr6oIPa5AchTbC*vm0De(5tW>U+4` z=7mHsU7M@Gs+Uf~dRk8&x9F_RcPBIRgekru#JCsHEi4XHnZ7CXw3J4`d@WBQen)P zZan@stCZj~XYMdsuwldhZMH=6h!8PJeEzTWSzD|yYtiN`Qk~+gVf{91QMb;S(&w`m zHT$<;H2KY1@p)S))<0`qE$2+KO(kKOzoil>tn-%nKdz(u=06^i*crqV%|6P}qFIw% zI%jDMS&4+)qjQfZT0Hx?IZHeLl=CKg&M<$O`}mhR`z$v1af#W1sFR$v={>XKu}5z9 z-Cq6syXpS>fbB7#J!uC1-Q53g%{B47a}SX6A8*+*d+QtKv(tA&u6lOBO!WW#As0R} zd-L~yzqx$eO-)s^PBzu!Oov1;Ch8^mYL9~7snimIJfXo0gRHoE{Yd&)l;oIA9=TI z>1Jlq)8Z$7-2Q@ojiMH8{47Ddx;*_C|%xv&ce}sbO3y#abT+0jo)` z?uJE7d<~ZZr(4S2zi_ZzC5A_5i;Rl3x%T;M7Hj5*odtNFtfqa3}xV0-O?_kdC zm-&GMLP}3PaQFO?LcE8ZtX=AA%pkT`W?kfoTbcx__>Z+aw+B9m|M%KfJs36%ANI`8 zt?le)0N+j^hxzq9w=n+imr_FF+^#0(1H1Z++-_X+P&c}ARkSEFqxVbP%z+nYYKb)! z!V#^W${HJ{IQQA^3n>=e{_kcX)4jv5t-GyEnRz(KvzCicSe&^sZ<<2p-?pjksQ`Z7 soTS4^_U&K!*;U%LH&0MxNq$p8QV literal 0 HcmV?d00001 diff --git a/docs/guides/batch-backup/wordpress-backup/images/wordpress-setup.png b/docs/guides/batch-backup/wordpress-backup/images/wordpress-setup.png new file mode 100644 index 0000000000000000000000000000000000000000..ba5fec4d4543d073e78bca38225bef09a7d18094 GIT binary patch literal 57563 zcmcG#by!q!)Gmr5APv&3AfVEqbST|ONDd&~4Bes9-5?Gn5+dCUDczkz_s}p5ops{}9e`|+*RF=WTqQpW$LBW-il~hAPc^rs>f-3YB z9r$J(^i>b|^Tb(PPU9)?@p)<*3j9yuBBkx34mNjjH*zvVv9Jf*nXx&WIGLH*J6nQX z4pCb~QBaaXpQ8L$-gq$N0%Z?jD zOP3iuhNUN)KFx4y32EtIG(zCxsGai81w#_}yBef4G8?|Na#{J^ku3 z@lz?_GIiSHpTO170QKj@5BE7>1p-&;@sz)Q1g>_p{%_qpG&4d&Kxp+UEZmj-Qg7pLn^v@<^=Ebs=l;W#DHLoj7}s=H!!nk?D4WW_ZUYRrcp8E z*=UJQdXg8B3jCStg*z|pZ2&H2e$Q+B(zxE99u^4KJ7GyPGeYQZVE1|q<>d$>=hH!6 zwwAK$(t%fmqa}C!P++c-G|FZhUx_ulGpORIr(uSzA0^p!|BV|Pr`5wFw#R|{&7O&Y zq13j|d1arHHIOl5Xk+p;M5j?G_hd#wMF|xQBO8OE!kmSWmq*53r4}z@|85 zYGk7TtHv-n@IZ-&2kHRkqiFEJxK@w&Ha`-ZH$Xdk*U0dVktd1;VydRzgbLy0o`_j_ z0rzL;Lb$N2lr9?T${*0o1a_J<*i?O#qq5nuyX4>#IE_}ogI+&KSc zi^vTuJkz42-Bs{5#AiCe6FofUfe?*B{V(m~d5$ejxsOll?BV+jp|ZY!YsM)I0UKh` zS|gcdso}5^rT+%k5ZJ%acqZ-BS z>CJCvs**W@53^CDy>jD=Ye;b9q3~?>e;RZ0wCJQUmCA3e>3iK6qXnhB9B0v+y}_mA zzln5sC{jFeWRW{QFB+KXAHM=j$w&|E*w0LRGkN^ya_+RU>$vbH zur;z#+(6I2t}4-|{Esz^V)x_B;&i~I`?MAo-?t z3F{(j0HT4lfPTW@UJeJtZ`gb$Nh$2c`y74eXDI)Ve#&}OdU`l=q_#mp2Au^v0NCDb z9cpq85;+P_oJ&(G)e!Z5>T@Tq<93lI2Of&cyAe9!ll_B#cT)mr0kss-Z$yUbA;wrY z+LyH&63FkiYtS?KjXC@|$m|bShcgltxsUtK7W#9yE@k-=;(8W(8*A=lQBTz*sl(*E z=$%x<1=ITMBHT3vzOEN8$O#|sXQ1!s4~mSJ;;OgLX?ia%PAFcnUf`n?9vu91#gfV~ zunGhgD+qX==VwpV8EGLRu(7G7?0B|!xrevNsiLIh!#&){TE;|W z`cz-v5bjc)7-|FSJlv-Rqt~R1Gibo#YF?(T0`qm9XCaKE2SUw+2k<=L;p4C%^OkXTZoY zZoqVoJo>^Bg6CM4YK7Q{kPHXdGX2_3~dNQ}|-H`k3&TOT@$9nE4Md|oV8dKycO9Fsd zwAj1}ChVq%CM!?gx)o2JN=g>#3%7_zgi5ebT>hBh`8~!qx5ozcf|64>n(>e(&-EQd z7oxrqY2od!_jvg7lQZ7UonCI~v{b54RyhliH#*`fc*(={c12#II8;`tz?799mmLWD z2={yd6}g)&9EwX*0Mt4U@rU>8_mUWRyXv!gtMk|_1Xmy8-w(|fBj6(WHzhCMaWz|T z0UI>P^<+1F_2Bcncj3_t;ves){j^=fvbMI)_Zmnqw^C5dgsN z%!pNetPY*Pe3$?yBwVIn+5lEHfB+t5E5|RTCY_O>ZXU; zFwQIwq-M%&&5%P8Hj|vya4rdJitFcyBHH>yoTG4%3%D(ij%5R0y$*3ZM*caetH%D+ zhc=V>!)!WquEU_%W`622{ zTBNQ`nW@>3RoL1NUxhFZA5V4wx6UPgJ&hpJ+)lDF~zAm>?|Cx7LU3Q-)qnjd}BL15VLVqX*UbIE4w#_C- z?d#l^@tUpm?I{fwxtx^Uh_GOe|InbPug(RS67H(c#@L@39&63HigJ-%x~V){Q0kwv zPbE7Ulj{cIq1yivuJnTk=~YkW*-~pZzDp~%R_A3OUhJ%slC)NMfY8@0__NJSM!<9! z#BcWmTk_1-j)y-=(&CI9=+VE^$m!hN58!4@W9R#)aK%Or#aEdMs=50>?0 z&>x=7HZKk;d|a#Wl!(!TbC@14dy4{gS_=p?DN;CC8Bb52^)T}s)4A&7#=c?&Z3^$2 zib6TqOg+eU_?YJ`IjUWkj}7VTy0LnEUX%m=w4gvpsQ1s{70eDv+BDZ8gLD0pIkvX? z?0%mw?ICj&wYKwozxO(lINWEOi=sni_5W@6Xm9Cnke6U-)&Sx!Q%z9q@Aevw4<;%P z1A!`Nms1*|=WhJ;`nv!OqwyWKn|naLof+gXJ3G{Z@mY9)_2vIbHEfikYRya9gdb{BlloXGcADAUq zm*;}!S+e$?Bm&3-ko%Rx4e|FT04NpE{6i+A&PrRpB#4#pSeL%|o=(C@vYNfw#_E-2 z;my<46y8Xe#nI}$V*$oBPtVhF7Z z6zOkED`nf=Fn=fw7*{l^r&(H@<$HNTYLwdu2?gl>jp-Y4j$kv4#)~DCgUQZ5uhOzysg$gw7k_?GPlbswdy%CcKFNXk(c3j2|wW z{=fmyKRt8nOECfO&bMvCx@rRdJWEP)DwbLPGbdV7V;6*GXmAAwHf)cBufJXxK>j|b za*>}plIuSIfF|kR&_LdWxkRyH=G!hBlvJpdxR(7nNbR^S(0ONH=u=mj3lc83_?YVC z2#^LKv3&)Sf?c}a%mhAR+|ECEWr0BLAL04P%f0{OXc0yG7xxAxWfTv0NI{ofq00UH2>1)%?$k zV-Gm$r25-BkzhIM=TBb!_9<2IT{U|-SpcuAZ1|q(wVTN4k+?Azm?t6vAc85Eq6n7~ zX$+~H#RuLl^#UL<_-9WaSRz2iv^J|l-I|4GeqG&u-N$rscftLw3Z1EE)0=+T_{-*f z>X_pvY{L|fJVOZ9HK|yoxtPU3knjw{`(FX{YH+|j>)8l^H_R(alO8G?IYamN%ng^C zXN%!`Fa!2%{mP1sRn(e854D7vB6ns1z-KGe5J1t{ET-|cQv2ZvTyWq1f z;r@k4NU-c_)Bgu`S(5MOQ<^KZj_HBzkQynuH2zDx;Ns_@TU=tCOz9UUUH6ZYJ5diMl1p;rZZxD{ ztxhG&z4+=Cz1jonKrNMU!Fu(dPiH!X-Uw590DI%}uEr*pNJ+lNqfps(t{awJFO{dD zU8=8rJdky2Jo)jh@#T3BO)mDwluSp~|Flt!g9ce}@Y{!aPeN=#_XV+Z71C@@!uJiU zoQcA7Md9@R2Xv#@!rLJ{Un@>N z5BVWiiUtALij*afJL%$Y&R6tg(GTW2X#_>yIH;74#kBzig4WgiA~2q|t9#7YXd8#0 zlJKGHZZ-(yRct*a2F$m6Go+-r>Ivw0;B#-!GXD9=*vn^x&@3DZ3X0_5gTTZ7uqG34oX~J?92()e%_VvEd=G%m-Ka-m0Dd#ZUAL( z7aPog53_Bo=VJdXFP9wk3k3HyP>+uhZXDSta z9}SI_W?~@nMnlTRJcoRH5RslK!z+X~-g>KrOXIlbo5z`yXj>nUj6C^L_L+{dL2#V! zw_FgcEvXkEly@~AixFW!K}Z02E#ENm=2vJ>P~L-Pg$cMyWBnZ`b}h*uYYiXyR0xn0 z2IjmHIoudi4n7`#jzP)52Is4O0K}vR_c4?Qu--u5|9fY{@IDszUSHn)DB~BS{U7?V zqO7wC9en|>b90Se{rGSL@@PONCrU|Dh67%5!oh0P$727>8HwA^K8Bd$8p>ih5 zp&+&euzpzD_o1#|%sP%+=VPPqfjP!$@qQwB5Gfw+-SDjz3QNLJ12~jS>Ka=kXloDt zA%8P!dw%|*{G#y@DP)D4uai`8yh{j-1U*yUsDO7^x#gPz(4w{32<$fn;ZDBA6JR@k z0&B(t3O36KXq2OW8P^?g@5VQf(xo?)fOI0TY&lP|3OR}V3Rn=(NC-ocfLgXA62#k; z>nO<4;*#trE^QxFwgnK3EG<=7Z9*nSlzti}_SuWS{hu~I6GGSjQ?0bqXa4_NbuJQhh8O_ll+I0a6-`UM?W|xS&$1Yw(8*<1gO(ge=pzG&tr96`RY!W6S3m&gV+-jAiZN% z54resy_jZ)Ol|CG69GrVDI0_m`{Qz*wF$gQ5;7=*R<3m#Yii_F#riU>FX-Zi?-CZ$ zX^p1p+-meix4jK~_Qk3^_ss0E3)+{sDviJMY%G1hLongH7hKg-VECDD$LI+-2}cdg zi$|8wz6E976J2}r) zf-jmB#EO3}h#f$p{bLj!tk+|^tz*cR*e6gI8N(~UW!r~a<@9aMb>V%&5DwjLgo?Ao z=(*eyk8>-<-QDrv#JTi00Sq!^*UkN^+v(FTVS>og!nn4oC&qq}^iImpEHb=;cl9X4 zza3P8t$4RFOORYMKDPr(NKY=_$l8P5kIc8O4Lj%uJC{sg{~MZCb$h0|#XEc^dSig* zJKC1qJqfAFy+i}g1T1GvPxc>2Jer(qe4{qs+u>W98e2JsQ2YU%F0hQsdj&CBg-s9hM}vEfcL)Yon#}a4lzt5Q zZa%W>v!c9FcoCtXr$BOqk0*MYFGuzts~q@@)-PQ+IBH?OqY7QBj~81BdShy$F~c~h#QYX6hs)`oH` zm_@tJlrH1;V7cH?@pB`ZIJ#2$CW6ONlQQLNOTHas4UOc^OX@CXZuHEqbW6U3z2ZL* zeRZpCyP3T=btl|cc;2zC8Ro0M$PkzDrI^6Q$m7E@&P7!P_Mw+w^)OHG66##zB!_(I6ddJhx9)DkEn0*; zt>3exjh!R+$1I~C+5Opru-FNqnSd&SgRpTUDd&?$mit-Imw11rI;lM3@J*AhV&ZHbzz$0c02Ze3_B4@;& zV77~7KT8$geiL80h$yC4^_uK}@)*Pgz6fa;!TM`~yrItV#39eR(ZH) z&=J+g=gRTWBWqX z#2e?kVT0fVstjq=&mEKFxO`d5e|4v*!ICj@wPUq*s$#zO%?UXHrR9G6ekBc+5{TP| zuARFeM|fjrrc-l)rB#y^{ymyHsAingKg`q ztSl5+=6CNfet|!#et*3=clX9e>m_Uillfac#@bb9?ZD;pux63^(Hc9>K?sJLIb&5z zb(US(Ywm&5hDcw9Yd_yqRm4hh!dT&x8Mnt)UEB5Sz=FiEo$dTtNQysTm zasgrm1p>=d8k;)GwWL}jX-Ew5qpVw8{NuhdmsLFKmuJf#@Tg%bC-H`%cXwD_k^Xf% zuttFpo$8lAL>#S5br&Rmxqsq&8*!2I*3y&ag}o+2NygWzGXaHxxR+bB@8N}wp*l@p zpgJojdp;yT?I3I8+`sp7(}a%@fhJbl4j(dVi3tV7{=s>36%Jm7m6}{qkfFp2G&EAn zRgE)hm6&XcF5BhtHNOlenC!__anY42LuydTg!T#U-+ike?U>p(Nr~Gs8!na+GAzwo8465N=fhhox@Ue+=GnnzjFmQ&vW>q1qR_*;eL$vf-x3 zfjw9pRFDm|FD&T?zTtAae$Tyjhkcs;1cCr(YdVuYXoN;ga?nbrrQr~7G8DZO{?A^3 zS<*iM%t0Ril(o|dzgtr_`T&beN|nM}HaHb3<{xcDy3WHc1z+{7&V0Q;URWg=xSbD3 zVLtg|^qgmP{fR)3nM6oPEekPe6s_7FtSwDFZJ>I2Ti?BZrOvDVn}WA}rtqIt?zhS% z7ur~IZrmTWV-@hyu!97kB$@lH`OkTxsI}-C`xc(pX6=S<)x^2Gbvl2Oe{6K)cV@wx zw~NYPwbbbGawb;FyaY}7kLAFs?g_OKL{*Vuu6cDS4C0R9!WX|&72eytOv7BE24TbDN--8Iq+Bpg=hR3roKCt;bXG?lqI6T@2&K=D#fFd0y_aifV^7{E#O&&x+sF}t)1Y)yiJAv?_ z`-+n#Ev}MMx}1ZxhHC$``$cbe=Imjw&AX~E?%Wt$S>6ghp!8QgH|eNze#ZNR%z}#x zzqan6^{b}*onY@(ez(aDfHT8~}DbYWF?>@3D; zewn~09ZODSwykT;f6TZ8T1_c%N7ao*>HNvzmP3)9-WdA<8S?!Yo$gALTFz?ElE8 zNGLkr^X`mcjlQs&1#!n)59WrkD?K))HTk*n1dm23;=-x>0r>r3&d64HKKQu^*gtJW zL=SeeXJY2l5Hf0oG@cstjtN*i29#Vs1oy-923#$+TlA8~tHCow50O42}fSJFs%g6AJ#EMD+SCkskw&}Wy^JkNd> z^3xev^u!|PnQUf>*#qNCcjweve_|D-rzZ0=9-?;#*aov!9Svp}!Ap)*=_I?^munIaqzpIYkaLhKl#S5z8i|$?Vs0L6ynzdX^oPok=H+7WBWqrGGt` zzm~;|>(AEVXNjL*b$vRAS0CeOq@>{O=X3sHtf@4oAvujOE+X(h+i$u*mur`4vjUSh z=7m^|W=oxdE80hY$yhC1-9U0_6haHfd5bqpH<#D9-40+C7l+@^x|9W#Y7Ck;AM?Dd zIJtC(EjbFSgYEVG^$=nEPWT9f0$n_}CHFAyh%zHtq2||CxUUFLrKMcK4^|=P(`hGy@8{a9iKTrb54v8Ngk)<8mdU`yl-voY{_xn z+CDct>I$dEilVKu9Z$GEpwKb5YYSd>o5Y=;bjQOMy^D^`m)5ZhVkXlaYCXKLEhK7Z z0!ZH-t>ij=c6>RA)BiNSJoLu(w<&A1G@}VnIRE#ysuLWbX58s}59klkvVa!$-%?}><%jv9u6XXaRI;_rwa3FVeYJcF*PEF2=cz-wC}*6`mgFX4Lb~84 zQo{c@B!jh-vF3frdXIm`ahQ(tbDtr)l-38(g3I+jkGEbEoN#w2*N$^F7xB zdcL9oA*5X)!k`x~--hDe!{5hGuN@z;A%ij;n*?sn_oed+dE(@0*6{mLUe>*dq@>o( zZc{ffQ&&J0pq|If*4l4xS~>;IIX_)V=`Oc6+k>Vcr+J`$(1nW=t6k2|| zBiAj2dMfV!fpWbr3J$}x`zb9CaOWm%|A*C1PVqSR;nTGCm8J+CFQtXWw zD9&f7r*bVZ)d&e+1KnQHY(^q1CL$EXqa;LHT*jX{F~y3_ReE=aRvPQQUeux+1P_m- z=pe_Lg{KzLh%R$j@52r2Mcdk9GV^L>-bMUnDl*+s?{~PnW*MNQ!O5w#oqbE%RlD9Q zKv(W`nKIzZop=$G$Hj2vf`HfxVDzXkU+pudH6dL!?Qc@wm7cutp4@HJ^@;Y}y%xT_ z;<&h7b0uZF|B-a>^4pttKJGgNRr>h4B~vk*=uaL2mm$JNF+(ZU-uR zpe!qO^ha#L_l7oTrQTWkw+K-XL4TleVSIJ~Qw=|gSiw06pj}?XOCdY0g+IN*V6*6q zmL#A5esb|-j4FuR_%p^gCG;bt$?EQ-zO<6pr4m%)O=#Zndrmg zb_&8{u1v|>zIFSif>p;4C_h4~O7A>diaXpJ3eG5h>eIt$dz8(Wl{`qQ6wE5ZgoGpUZh+P4-@@3*$d-pj=7 z2yy@+A`UoQvgfY+RPJ{s%!OpAL+V((P$8{3>9*-oq`9AHp60e$ zChow}&_IZxnf|i2`JD~k!Z%^AxS@(`X=I)V9Az0N51Cjr7rhbS|88x3xP@^i-D+Tv zcXd1uA7A+TrHP=&r)vse(WNTDuo}Evs*oNmn(j6W3{~^8y#cpHzZ2(dV{UTJI>%yN zM|++h{>oOpaQv3u2=Mvm(ZmC(U(wh1?a5W8zNHjXF8T@H^pr5nH~mH z6e2^4zmfwl59bE5FTp%E$KDsd=hV{~9Ev~-ro>3jGe<=rmTlW91aasj&SPt;D(~vO zo-ov>Gcs8dG26f*4O@1hdHb>k9>Qq}OGB%ZY!p%)-;urfgrb^q6OCd&Tro8j7H6EI zag`6|2I^-9Ru2^~-0Pxy*BFk3kW?Y>#ToWT}nr;2#aKI5+x)0ESbJ4%Og4I{v!Vw#=Pg$5uT0>8?V)jmdJI5}+wk0Wl&fnE+R*uH z+$@L@KFhC!o!?4ebd}73*#0S=-A+qoFZ@lI1---K1(u0@V^mlsoyEurbL!2x(GwcI zt`3HdS1!C`j#%qpHnRwsq}umJ>;(ICSMG#1}_1Vjr#$ZZ{js)Vqv55@j3cE z?FP(p?-wCJjF`aRZhbfzOV$E(=qlMe)$pTCE8P)qrSYjHFOF0LL!#D8QnCef@!7&c zLnnX+NdBtz?^42^-LJeBxI(sy=Vlzo1PSsgZy}}HRU0wZ(K;8e=T9@?_cs{2fXNqs(<};|4LSJZTPv-}~>QlX$dCuoKou;QAX(}ngO76;WX|YzW zU5B<8tEi-QvIU#pN#N=oKKv9ZX7dTj0_(mCba+!i3!&#{%BRvAam^fByKa zle)|+hHquKv8^K(6|NN55!zd;%arpg=eB_t)`4h?BIegZ7ul`F@%n)QQ#cuTHt z7|er6qR$@Llt%%*w zJ7f0p;&eID#ZbKVjO9^>(moEz5mh-%`69@}!Q&Fc7EJPGMH}njkv=)M9VHRNtkEJg z@qE*FaO~3Nwe61NBHgn4sinCv3|oCeiv*w#TEUT#kyqa}U#orXG;TF6|ER4U3bW0V ziXe6Mx&_qq2OV9oDbIIIM{M7Z32fEAcWBP_w|(S`FJatOVyezbBcepV!PZYDg8yX^0` zmfEi>v${v6@J&V9q0fKd(r;eD{GkH0O?Og(4K__R=0oxfOE8QW>^lJ|$(%gkY$AGa zU8yV+Kd-~phjZ6tDrx9Tu>x#QUpQ(M6@yUJhj_(^0lJ%O89gPT@Ck8*-LbTWBSboE zw#j$BlN*)Lau6Y6?Nfqs`i1HYtF>m2^DfS0 z956pzO`+hkeSRCfI2c&V7Yov&%O{mOT=9$#!58pcsM5Fy~kmg#fG5HbLd zW&~?@FsphOYU6bctk97mBx9EoS2ik4Tyq$RR^w*ybCSZo3=?t zQQalpgt#9V_s5x9PK1r#ezU#@I7`kV!07`7r6(-7_+x$yc@tfYvU4Uze+b%}tLV4Z zV9jK$3@W;@9oUFo*#ljgEkM=|4gNNNN7Xz;Fx{kTeJ79aAKEAsFy0%C^cPjkAG6pS z*qbYhI??1qY~GN0I-WsDER|!d(_(MZ=8jkvze>Y>xB4{)j-R_Mzj?bdl1j-%JcGnij z?~ZNesa+0a6qT+3%10Iqgjj&J_{S{f*J3S$9qN9u4zW#`7QHc<{fX|;qq(YhIxTkQ zO7%fEnVa0F$0ndP$S~b~6z~nzZT;mZ#|58(%hk8nM+~H7eoqY+y-fG6cTgwM$LOK zTO{pYEFDVEUXt71B@TVnT6Tx&Zi?Q%q!Lzk_J9)};~v4P$oP3)k(<~Hwv^07ZE#~} zHl3gg==;7J5bgL=Y+)%{<(rgXdyGVugWN))F@w*2Jvh6>`LGi1+keo-tWkTAe6R|+ zKy1J{B~Lc6&cz2((toSo14p%O4^(YK`GO_0{FOP8H_^cN;H55X{oAnHX@$m`8&qS^ zJvua_icU0m`NCDwpDSf%YUm{$STe*&<;b#5Ya>PJB5KB#`9@rrzwrjOrWWh311sA3 z7j~Rf-l#Cbea=HrpEt7EeEX)FnAes55dUab@Js7W42{C(vvm9eKdq70!?)#PY^w`w zi?IpO-bfqr`^#HX)&jFG`L)iocq3_zGCPc#}_R>nd2qdH1U=*-U7CzN*UMQkH76ATH`+|ILzc#K706JOGlX^EVukVX z@tmoO94=r0Ycl|qko~)YT_7h5<5$-6O%Kz|=lvom_p7lMzQX@=Qrm7kl?1bwRvJw3 zI1Bc^wm={nBG+B8@BBoicFir)pR>1cwH^p`=|-vaFhRIRYdZ%4K1$5$J)5%+J`Xtc@0dENgS~hNEgxcbx0dH+N99*9 zJqaf8O+fe^xvhvw*DrzA_p^NJ6g<~tDD$W#Mm;8#(Ca*d3mdX$4-E`x;&GH#gELx7 zjBN`kSp@goUlFApP19o9{P!<>9-}@zE3hV{BqW4R0Pr*sD%7f9YQLpCA(UYFYN1fq zNJdifj{9u^kXirhcgcXuIihBCrrRNgWlp<{iY&{PMTACk@@4J-DsQ%B>u6d{Vl7#dYTU7dwg}Zzeqhu3FCrut24m@A6!ta#I&^LtKVpg?u(oyF3~9iS>f^c)1R^;ShT!R zJw}=s70<%FE(HuuQ~QgKLZIG=cGd;=WaWjE2A~!EEj6G?3U8|l^PjlZ%w1j>Ag2t{ z_rs@EGF`F!TdXY(Z?{G;G=9MQVMcX>A=1C1M~ zj~D$D=5C150dGF|t;~q`+HMkuiB%aOekA^11?Yr9&vbakoRKMff4imJW9so#uJ%y++Fm5j5I>|3U!{J0ACcm@ zRl$*3enGIgiY*`{6wpaQ^u<~Ai>n*&3!o1ph4^Xbi%S>V{?zY=a_j;Q#v*avf}AFI ztcyP?zmS#QayYjL==KWvQixg!CUn;@?Dt!EIBdFAyb>^cvHZ%6N=y*kt&4D+I-tc;0jDogQ^{L-#8E%#qNy z?#KC3MZ!X%4c^|4p2H!j!adVF113I|uQDBn@$%C{FcVa$f`#w!ID$NI?E%@QI>2B(ZnY`Kmy;G;~8DaYku-+mW*iM-Yerg?m=+F>RW}6v>qMHLpVKM)((r3rv zD$U=n4QUk48r%sHBiuhCGY6fUnuhfI53z3Kr^~J6JZj(4!|k5K1Yws|ZE#_UFL{4o zD5fKceb0vBy*jEL8(OkS57MXdE0?)Fq?Gou6^+JhlYvP(K=aHd28-(By( z3D{#L7bgw;+H%$AcRu2E8ZXN1)!RL}mErs-p%%ttvxJ%k^n2ir*&d9Y`-XLq#1H?dShQQUMv23l1 z_HErRu|>MfrKux{8(8o`{MwPF#Qh5D_LjQN^OL-_ETa>AMC0Qo|Vx^Nq#LsPwn^u<_`-W>{eZGD{{WwU+xEAuMNu!0qCu-LLU zU+sN z?ZvAb8%@7EUi=z`)yi(#waja$h>{iKzfR_4nSKfF#g$9&;syzMj?81EH)|yhJjma7 zAX`g%8M)i?{l@sM4hl@~`{h={o~4WWXf+v!sr9sQvgrL|!(8pZO#ttEw^sXmlDcB2 z!t-9xc#4P7-n&PB%U7S{g3h>SqqYr7NL_4q6&CwGc6V*_=M^ zNJC>yqy2FHTRHcJUZcU4uu4hI3DjE#{?<+K2+S z$%$nf%C1wrrb*IZ^~v|9I)9s})SC_3@=ND6eD-Ssm&C%Asm=PMasEn{LQ2{>9BEjJ zrD11MV0xAluM+%v9OM*On{szpf1J)tHl(I%*MTM>(=+tLhoFx9nKAUwj`T}=io^b9 z^D8F**$W^n4;CZ)n~wLZ^q2mf>KScKz1Ebnt;I&Pc>Ud)oc+OaOpD*Eg7re;On$^tDd@s1M*8;vDbxMGA zuCj$%X=alf+*s<}>(Zce=R`96Y>xtRNfzdy9}SQt`~8Z>m{^tp>aBjp>a3tcBYGP{ zV({&*Obv5RY`XtJW69M0*W$Do!z@pdnyE5A`=5%jt71)V+yLu(bMA)jVfFfp$FcJ z1M;F#YHf+Bet2rt`C<0lwV5GL$L(ML3NNm|YakTv`zt~oQLzsp`Acx#LWkp&u@iE{CYo*2KJsvy_{(0^UUp4kJt1%Pqh-ZOvI0qSQ62uZ zH6!1Vz{(I2G61o$ALP#e;kbaQG7UB~7vra_p$JqJeC(pWLg1FFzyuK{Y@Q6@; z!CoJ1Wlb=GN;uvgxmj*5!(;%diGv{@m9XJe9*7>qW-2Aa9_NKudfM5w+cR0D^)j>d zUuC5h747|51PBwZBv1jE^xXxSQ4Nh4U69v@ROP0hPERtBkM6SqhaKS-9p(UkR!rVJ zHSLQG#j+trceRZfP9;jqA!+^awbL-gk()6>dcTyZ&Un`>heklneACXyR@fp%!VeOi_B=OtDXr}AX$j5M8y?}vma!r@#m3ATO-0=ct^RQnR~FBF z==-e{FSEJ{*Bed$1807yQrVr02=dI(?f`X~1`4E-o0 zIDU~rrGwL2L*v;RMg5|uQ2Mb-Y+Ah9O_EO4dfy~rB=)8M*?|cAA8y3jg@wGib*hz? z!+2{VA~@NYu?Fk*2}>tcou`$$yMh7__`7@i^=))YBP7}CXLUBo4AX3Q&DVV|*b|n& z#B3DqWUtc7?WCtKZy#a3c|&R?xOBeTsQ^!d3&RESwboMLPRi_HMbDsg9q2j?KS9`= zo5lI@*4Qr?Ba(n)llu!oo1TX^&+)BT=KL+>do4oYrfm-KyYtJtoEObYcj>rtsp}hb z7Kh0NiUUvARmD)xBHPymL1eSkvjWuZ(H`-`BGN!U;7Dtq$e~h!VZnsG(ZjAQdj>8- zJu9_hcYe#2?MLtOcf0-}m4-;WSNOY9L(br_5Tt;dI$7M#6^WL=W>jeCyd@}1#LbPR*XMkPYQ%}hp1F#=ocZ{6P2pVS${XIBi{0&1{HD(C+x@f!R zfzA^x`u2!5Av)H(H)s+qOwlQnOV@QB_yxCsUL*N}8x&4waW9Hi}zntX(pB@C-fR zQNV|#M^3&I60e*hoY(1?`L4mN8S$Yi*OxAURt+^83K5ReOMm>chiy=9cCWePfa}?W zHE~49yQZBqDF7fUfC6rQY(R48GPVb@fCF&;T&tvioGb-+mlhCv5l%qsaBb@RfBzgSgEnDWi;(PND6kLXil`X|zA zmL4(vDLhORmkjrMRB(XB{tf^5h~+|j;|Gzo%HaDE!ipn#GtH-~@1K{CS%QO{aey*? zDOihC5A^Bfrt+4xo?>pZ3hdh*t~OtBBZoIbkmYa(Z~no`d7&5*xSo3jM0(M-6kkj_ z^!$*eN`4cKF!k2J?JXd!$%|O9w!LOxX?|>HfC85J*6oG_i98r1XTe2Pm(gaC$Xc%)2dLLGHrQ-_ zWpmJzGAi}m@TIuMXGm)-^2cJ)@&r@rU5)9#j*E7WN`ua_#g-e8v@eSVqB?&E_0#&i z%YxHBV)DPA-^E&mN~;G8u#g$4>p=!12)Cs#KfB|xQj0#WKe{8)@;s0SkY(OKNZ$z< z5X0Q$oJA?a1in0W?uwrgve~GmqRni;yV_ex#ZNk5cVRQpAmp$Bg8aupCcCY@6g_clsQgnbtANNB|M$$qZ+CO_zmA4ToSQ-ZeZTN{mREo4BIB6IjS^2B;sBtwUrdl z9L0wqOwVnNBq!z%^iDTk08fMFkO4TY6^Gs6_FYOUm@qtCE4GccJgl`REc}4o;vHjt zFB<3e57!#x-p%JQq-x>GoS8G6gzK{yJA;?_xwZMxM5QBSJ5RpNCe{U)>tzSc;N&Q* z43gp2#QWTwIhSMR2E4?Zbps2$zTYZXC{RXJ`21s)qT3m3>(60it(;T&OQF|?x1=k3 zXRX^jsqpyR;iyEs6%Nm&tMzV_bt}Mn&;U}1IQs&R+t-)P+jwq$lQJRi1#j+xbxMbO zRJ@50meQrE+NI1OoO9vD_p4BrbgD;a=F~Xfxnt9ZC-cr?cG|?wZ9MrpC+8L%k3Sel zo$B}YAGBo3329%ONhF;}MVt(k{U(}!Cu?{|M4Zj7b0VZ=Kl&Wzdn{Tn=Q^9+<>@ED z{_ygJY8QD0;6^fM6IlIZR<6?@h`m(QZ3HfjJ1IPo!| z#T~1S<*4UsiN<=%Hu2T`ea2GuNs=~dm+)s>4ewr?NtT5dee`8%J}$xSq0NVO-iSAFVolbRV2v41RnWegV7Qg4 z@R!-xXOQJkh8hkw)i?fx!`Q`IjqF$Sq);_qU+^ z&X&$azv=c=i?dPPP5ce{i%&6k2gtTz4*M$L5A6jwBg$dxj#y+0Pqzv!24Ez}h;osI z3)CmPyNS}FuAMeVH&+(N%qGA0nml{s`t*AAX&|@EP*3#7=mj?%l7LT>9Oq_rrw;@u zOG)gfG>hEMw5KG^E>2^2@@{`N{H-;3w;{tg>*!tLekJ?`Z^aFGdpL1j7PmFWYdK(^;KO$R%=>(vblCpcBW1=P5#Yxxlh{>zc z6>2~)kIEsJr(ifi@2bs^s3w>r{?w=1Y4-QcK59+lWcJ5BQQLF^Dnq*oqrSP^63s|_ ztr7=9gYkYouDShF+cn6XiJ-nH={9tlBSrIju3`{g&eOJJ3%JwOQ0gfp5oBR>k}>ss zyJ6h)WE9iFnc<(zOz)X49Us`tSZVcw5U9o(uIFiqS8l%2ySUQhJD&;qct;_B;omaV zV{u+AFhsP4UG#&Dn3y#_tD@p(b>mLJxignD7r|TG+R#q6>&+pCDma=%xKN|{wiW@? z?l@Wej)+j#HJjWcCq=tj)p`k~+G&VV@q{LKpn;hx{Lehg>nHXjmSxB;2pg-bTDBKbFMThHZ@5C%Ue1I0lA~ zlP!1KSVMXZ6k~dWz-po+tXj?6GOSVz^}~kuRbv%3*iJKZJsOFoGTqd+^d^I!Hv>*v z^b2U~Fw>Jbj~_BW!LT>RipsIXYTcPMeMJljde$up{Arn_rHY~hkL98gI56m>dtEMI z{WJcOcDSKK)N&L>*<69fi?F=dTm6asxzs62ZJns&(98c(V|(Y5cGbhL7t+QDFfsX- zTul9|f1Ek&D@yD49b+BZ|4x6ZFoA0xaS9J0% zD!dvG@esLRV&d2~Me3>;aXre-$H5a|#uRW&mS3Lp*!zbaedn(MAlY+kjnKrk;=7+v zOM{Zy{*@+1_$6b0Wse+A5mfj?Nf(A&AV~qtHgEzo8d|af0Q8}!NV5JQG>Ac|=QH+s zj_aW%GP>lWgpLh4A=Rwuy!ot_vo{86^c5h6d)f?7o65fS^*zVP!#}QIWE=r~ckTKq zJHT^Byt(t1dJbbAEE6kuYU6S@49cMaD`evefU=y5X9GlYIJH~#GcpEDn<+*BaMg$d zB!OZace8Q2YaPqL+5zASYCBatjyjp*5lTsiEO}2V)@~75+sZmgJm0FO<-*V@6OTHFl8*7Uenw)+WtfS;m zN{l|b5A1>(O%F51kg8{mP+w-d;{(;A6bxOotDp3Jr`Ef}EX zUMjF~u;h`qXfugmHs96J#jw04PnVV6O+-a)LpTOecaNRqTZ z-xU9RvOz?8e4jLZ0|n2~5`Y>TYm?Nqk7h#~82j3pn0M%azbLBeNzEY$3#nD9-w&rb zhG2N#iP25#7W{KhQ3z4fae}@_IOgIIP1c>0KHtvbx3{0omU6NkAuWx%z-9ug3d1v` z?QEEy?xj-?>(Li+m@%@4Ksr$A68~Tse(tIAkH`))ulW0?2OGABDcQfHqNbOSRGyxB zV(g-+jBy*HYv>%VIPhv~`U=M++pU}#Ne#YnujTq4wk*MFt3)csxQ-Z@iH}(9jeCWd@`;phd@gk8#irc?#|Y`h%0pNfTz0~YSSbkKg{FlA z`iXbP*ajySR%$NH&|2Pu%A2AB$+ww#{W=5Xp<9Qv<_cXo@{IJt9fdF|`k6igc5!mn z5w?swbs-Mp`xv~h$y6c14KDZJpote_3r_KfmzdQ`J+-9z1hGd>@v(aYDiu8#|!K1k_0J)&vfe7j{r&)MT4W#)T zQ#xC?>VFHN3jOKOff!z$NjJ*6sA2V=SLw2??Q2}8UM7D+fFdD=1`5P8^r5wcK1yw|m z8MDNZ;(g>|?6{sIIGZ9Qw&>+dd8n!W8Rxi54I z3=I&b>M*Af^RwJzee6jmsKuGHJx|@_A+CX4&kYHaJ@fI~m$}@(1V+4`nJCXJd#9 z+CUA=8i|BINf1U6>F#>W=1Q(clx>gUtCEW)^tg7P`x^#U7RgVlIFO=Q{+HWuB6NF<+j^*1(Qji5-gpIWGf2zJ>eysf1321> zxbPK(L634kG7SQd(mcy|=`w7cd10*+dw_Kc z?>-`xeeASuw%+)wOEdGdCqYJZvX+R!ogA%Ux&ghti?LDA`WeDH8AtIlR%7t^`NwIeXA2qxs9KZ$KlCn2Er*DKu z%)RyT00&lN<;DmUp)UBRl7hQ=7WPY_xKc`*l7?Cde>EY<;l1Eub%jEDP7-urJMZL-M0EwXt@yS-jBK4?hzY6&om{TH{8i0%eW?Z zBV*)FV9>6`Gg|w(BbF=VUkT$qYeddXQJy<&jV`fWh?ErjEebWFRHLykHeQ&?IE3_8 zw;yEjnc?d+F5BH|XS?m&5?{m>FO>peeF$>f4&c;SPj`(yd4#7nad4Hs=ZrVoEb)?a zgJG?`dWz*(V&=@hkf^>s3NK%92nsz1gyCn}QeNA9*82SWrE?$Eg)ne-Wc#KD@AC3Q z|5SPKx^(Slxg1JL0_B-4$H34SIqll$1XQs35L;+wDS<-SmS$*>2r5wBJ8`y!(|gp# zyR#_v-dc-;s0jtHA65(B5M^<9i@z1a{=x#=O56RMN6>zeU2vtl;FwW@uGepJn{+dc z9YN-O9v!xWtpvtwxp%!OC}_;<2E9z9o5O7fR0q7MnR9OMv`^0QETk++cMlMcEwy}7 zkiO8c_)Jb6{y!{T<36<8zhUXNhA_R8jIa4=36?mb^NJ^3?43zzBY8TK@}~A5`N&F; z2+0jQtvjV2W9TV=CH(~naWw_j+v1`&)5TEoUM9fSn!_Be<_w6V#8+}GNbDCvcTKEL-i6RE)x-Qn%~9rJdXFApwraLzcI9#?*7XE1 zPW^y)wUE4a5NYGW8K^LYsH&(0_ zs5hqG6fvAV###KyT+q@-u0ZN#Uk@l1D4&}TyMxh_BtVo3fBgPxcW95_`KS}#0OS%s z-b3HO$SZDW0qN$HCl5Zxn+4)+{OdA9TJFfH_%Q(qU#U=~v+|TJ*GE;rIkNbMXX!tq zKP9dxEm(nUM*{^{D{cWjwtk%QAH6}e|C)TU1AGuL!nFKrkzfg6-(6X6_ zDTQbkZek-)Zf`pRL(o=BRdGS#r`|U)d-X{rb*Ynh0M(cZXb~+bf9qk81PFH(J=+0i zcfWKVyC1QVojJ)0fL?R&3l0d^*83Gu=7)00J89$Et<~EFF9-jeInkactU#5;=2Bsc z-rb(SS*-euD{36D8!#qETv;X9M|0&OWs$H}-<{alTdjpe?M9+M6u<-2Mtk0(SWnlb&dcLLvS`5FPr!9s1{!Qb5D67Tr+qkC9-i+?B#W*K(2ij6U?ftqu^ z-UDMyVPUK!I`koM2#Rfi)$MCn>=+ueD{AWOh>`V+x~7K-qSa1Xb4gLeikWh}WuBG! zr}mvorFDbW%8+zu*O|tkAlC7yN@wOVrQ!#@?!y=)A*~W5wQ-O2(C11Sj1IpZS*E|^ zx>S8`zE|zUiGTcH75?frLec3meclM1^bf<|JEXnn-l7u8M^?!Is?Elr>~mE!dn%W* z`hhVA?^1d6WvvQRlMnGvRJ)M|ttgFOl6yqQt7^kF4hcS?Hl6@%l2h?Q01i3_>d)ti zc(0^whvK9)Ufj9EIRIbWIAk}UkPqC+=Xt6S9hoA6K^6-iHm4Z+DXbICUq=Mk#1awQ zy}yVTH9;Ny44vAZzuGvZ?YCFTcla3}^V0itz-%!|M$Rd@=;P9&RfPTxfU34Mx2=yH z!l`|9jf0eLE@xU`Fr((kx}2|T_~!&w`N^n!qPw5x+k!0Q2IuZCp@iI94~Iw@X7Szw z#vR5*AtxIV-H6BEUpAu>QuX>yl(33-T;J(H4#)}7leE%w6_k@Vi9%q0F*BicCDl}) z)T6hPK0p#80p&o}Pr;W>HPGo+slS*n48hXDRd8d7L&@PlM_3rxh%rC5;e;4${W)qt z1}Z`Y6XdM^ykX|b2i*QK+6H&6@Q7izCx^|sa_x(#gbFug52I7cjJ-W#@*`57I*#e4 zjH||WQufj)*A?A;89W%sf548<>Xyq`_(#1vx7zfnf42emGfkgCphoxYv@DCHb6g7w z=9SS?kKOz5-YHUA4|L%ttb={8^wuNLv#Rnp(hAn8y&snUSaGkAV^DcZEk zQ#8hEVtK?Uh{WG|53v>%ts(NgD?q;SxW5bF?> zvN)-wAEui#AA7wjX-Vp*A+@UNym&RGIBax6r7;+57u!4JAXQqLoacH3CIiuw9V$?v z+-BM{zI{ZERs-SaVL8iVBZ?0@Rln zde2&=X*XkOdX`X-nlsXd>27EGj9y0&7wD-94@1iF1UMmSV!X*{98;w}3;jbo4Dl!G;g~`wVsR zI2xVpL>tM@9EGAJsHObncKtuR0Bcb-LGlg%O@{hO+phkm1^}7Gnf;&r1+)b~;IDs= z9&N`%dTGci0PwWpheZD=H~~C}=D&t94FQ4TfBE9upd)~3`QK8~|D;y^7hi4^V{L{c zW>x1yqpeFF(d@#wRVwx$8^}qccr|``k&V&C-Qq~-Pm(d4Pt^*39Fx$q8G}hGQ&2L= z__J(ukG1y6i)s3xi__{R_g1={7)WNBZ@4j1>(e*h@FxA7(6stM#(fc5G~HC)&L4vf z16fUpbQ)@c=sC2I*5*t$6`Nk?p?bWkwzvhZ(C)E z++9bIN+EV#S8L<~hPVgdtl1)}EgbM{)Y`m(0;1+hW<>dUuYP;`LAyG6Uh$%B45m$a0)|deTBmtt+{YT@979uqNg|1Y@ zsdK!jxEwtSD*e`MtiTkmo#-211?Wl6WJ;r2!KsfQC^G1D4auo+M&>SpQ7r6HqA$J*@wIVcxCJ4Z8iL}NhgnNbu8w=Ub3nkX_F69BY`B`7p zfJ$?~zNP~CzoetmmXfT<*oIMW+MF&{`PDOg@G1jD zwV>w`AkUkr5S$7ucjuEzCwD)w^Tut#F@|TP_dNH#iXMv(iSz4d8|}8b^FA5f<&M}{ zo$rh-ngS~z1X#hFGZMcnlGs-wakhG6Hk9Dn=D2)*7Z@?DG5*q_rPkfdPIT_p{VjHd z6=e3>8E#w!+*p4(l&qjNlCb2dK-Ezz+C_7Q2VJHF2k+qDmU7By@ngq;ilkZWnS&a- z;I1P@1R}|=`u0X4QXu;K`|qTFC%Z&<;UeH7KrtH2=-IKAX?4B%PzvskCYdfPz4Hv} zA3K{alH+}xZ)s`y050RO*?bR*4Hk>1)OqU}9K3oYjYj+b={bw*v59F_Tic0!Hfudx z`f>UyIgHJmHc!^v-%1pY4)oe61I{oHb@GKqOZqF8)7`@2>)Wkkb=FY6F)mT#qk^QG zD@)S{trzHv+fuvWrB^~KOemGJhytZ{B=>`+L%=0M+|Ks)6H>3fe$-w>IvdKa*KWSF z8tWW&;q)sRM#H_n4N!!7_dYkI!)5{<%zp+~yn?tgIsELMBXEkfHX7Y{w2!wfwpXGM z0PeL2JD{_((=0qVSRO92&$n-D<9MOEL7nE0Qn_Z<4I#U&-(sy)*5 z9tY){XJTM@4Y+Ju{76L&+sP4gBK8vd-W00})9UYxC$^s2>-WjD9XuCZE|S#UXgUM- zA|$OZqhMS#7(_!&p#`wD^5O`Hz3yPlH66IrJHW)l)dBO)eHbt(a*AR69oxX-E74PU zJU#A+vV;-cqyHp`6oSMX{9+H^h@O*$>l^Tr*iSgQ5aobp_U-pN9RjTtxSQnoSQ-md!0X5Xt=u$G-ED@W{n6!(ToUJF)vz}nVeB7Grn0>9nVAyxe=k2G;%M;(yM|Lp(MhVDP;{Son-YS6uy;!zd&WHT!%z znv_S@2Vco4aM4BPWqd(n-E`R|lFy-bznLpO^Xec0SyjXzz-;CEm9s<*1Lf!SX&@u8 zsqQ18(dxIz%}CnPzIHKzKorbSRHs*^+_u&bG7_VY*Lx~8-0h|fs-*NQJi7CbWVsL1 zzpsw-%95=K)3`gvJp7g2+$BeyHva+wr%YecuI`*k&t0JW?3oFymz5f?8}i6IR30qj zp-~6P*;uWyDK_R`3`VG@a6u__3SS60+t@tuDz|8p9E==7XkXv;U3P^xssf?bYyyuT zb$Hr}H>JmexI$&fm8v#5fm>~Bl+E*@3_+(NsJ2Taqxi0UXh?;S$Z!#Y*rG>tN*x0{ zBo5S=%b$RFM`8HERDACDx8st#FGycIpy!gFjED=Dz6_T1DhKwBI*F?e-{-*gg#h*l zUst#vgL#xJ;1B9By0AVXfu#jZ#QV&#Rr`ixmOlcvm>u2j!uRBW)qw&q zi`ZWLbyk8_G-A?`?F1a>T5!~qs1#V}kq&U}j+K`T0jT&YHh?oU==tq<{=-=FUqF@r z1W5m1aL)hvum2TP@#u6A?ainLnfrI04MSAC?q8(Os}r{9-!M-s5jBfVl8yuZ#d>^o>ylzYA@Ja zfvFpRqKFn9ebPq#K=*?z&QuYGjGk=&R21NLQvU@wq@Zaot9bQSn>>=#9Cql<8xI08y!crx&iz#9gS|v9V=7Qa_kZ}V*U ze$7A-5H8b@j65NNhE?q|gfudKzc%IN8ogqbtVJbXLCqR1p<&81o#SfbcWySxG(4X{ zE|bmmh{p7V>*p0Sms1@JQBRFIA^`R+7NF!_Ej47i%6Fj5P}=K__DZX%pJTX3S?H#T z%*i=HwwW~%amnUKC4{_VW!Xrx&ibm1PXo+jvYReKo!t`S{5%Io(^cllq zO(!yXlEt)I5J*^&L0dtrwQ1z~F0%rY`T6~lSbCp%?>n|-2qa^iM>RC1NWGtb&w?Y2 zg_O~8A^DJKn@CZlkg2i9y02X&+)u~|DzV>^&}X1dQDVH8C!+%tE8jyI-a;ZtfhE*x zYZ$Kh1bT7I=1~>B2rWZQ zX%AhV?BUUpJYLe;bi|B0Yr-JRBmqnefH2x`a7yy^+)|2=vll+ZH*+a?E5>@qv5EG2 z{a3Je5P^i|J!oKQ4REtnE2ESe-fxp$e*NNbM`S!3TPbr>B+KP~H0or1*tE1OJT=-C zqz0xjSz6P*=zy(k=k!lx#iO9uTuS0AR{Dr;A4V2Cca?WESPR4}Z{Q#AEDMW_z0&f$ z&fHUf#Fj-_n+hCYQ{?!VLCQT8AwB-W)FEoP*q4iS2cvtL<0*(DWN+4ytfv(fid&CB zrz+;~iV>Ao(>`6&ZflK4&g|kPYV|u0q_YxmsU9n)UqIOYbNJ&uo5g45+&Mqb_a3zo z1LXvQ$$)3P3{dw0cK&(}Z_&%UwTHK;c~x(Lbd2R@DXCEE{U|03zglJrD z$3#=OlTlt$b+@$i_2+Hk$SczyLPn~E(HO~sTiG2ikNf(UUtqjO*~D|Ani3OHj)zOK zP-2=r0r>D-pKS%S;x7x;6biO14OmEgt|;BEu4JeS7{P99q2*3_ZgN(`hoMgSt+7^ z!y{eYU5>0H-A7ls*Lqy%)!V}Ul5DBo*I-sVb4CwplkI2$JRz^g=4qCM!?R6(+>GHH z8mGPtkC3J5LiDyugrEowiTPAog<)=V)aa#%e;8p#|9c}0VDu0ykkSAnt^;iIe?>P> zL2o}A_XFcv1iSyQYxB*WG<{2rp7T{NVuojU{uEv*!2(Uh%uKM`lS*5kO@p`mSQ8yl|M8wL<4{a(}oSj};Pni}MqLv04g=uYm! zvC%^+i+PFz5kZRf;bOT~XN|*=OFcP^s=5@?{^TgJ$*|1dvTa^b7>pOVA`D-=5$F^I z-@vib8*_MQhQ@N*W$ne=n}F=Q2Q9>?rvkP7>n5b@cj$2GP>@=E=(XNMLwMW#XCA4w z311VvW&~s^;wmuc^4GQ02Gv8mP42LnZ_zqoNqTL78yE-%z_^0D~T$xtR2+R*TjVChbOLstp+5mHo^W`^o(- zq@zs3Y5R=8|K+&l0ImA4cLQ`*9{Y)S0$nkDJ$7oBA` z#ogt;P=vXth8@WSL@)0&=B=cpXN}~&VHdY|m8tDH1N%R^ty}`{*~ieVwNdG>rmSD^ z?)U@+-vgpU{UA7nE9|{$aeQ&Z!LL1)r_)S2m6uSr+mh=;%)!OKVExP$0jT0&N<(z# zuzNKsWeEsRLCJ9PPUC#B37B^!W0MYDTFTM4?1BLrjs$82$)xslXzNB#inO+TwcDZlesG)_K}je&Qw$L8%`DEfzeUCATjS)pyKCap-kyF7rxcnL&(w~4ja5U<|4Hsnkgj)TqYMAK z5?25HFNP@b51;+r?!9MgaSDEj&lb$rV_snsN zo3>lMSYX+qU=6^0>~bvjYuq0J1+%(QKb0}wuf_`;bOe;?6u?N+3)R;XVfx0dR{d7? zI2u}NQqQM8pnc3&5}|iI2TVL!>|p3>{vPuWDxQ9i$2vEQ!FG%hI4yS}_F=r8g5~vx zPyl`)LIpPc6|JlsBU?&r;J1Cg!_I`7O0@H_9-1-;0$t$mh2EN@U z;6jn=9f5c%_hM6TST}_%I><|iGN$_a2if!Ddx?oJs~Z?uSR5xuEd87l?e<15+QBc8 zZl{d}{6{ahOIAhdjh6sf##$FtS5wi*UI(@!wRDNhwJ37mXbD^|^G%|!!$tB^s8QZt z4LsE4xP~-KXdO*mYG3ynd1A1%MmS}!@O7#qwdJb7FXcDYW^0IbLSG|!*l(>lz?0l> z1rr%esV0da>wo|U6YlSA^g>Ls!^Tyb*}oX9sJ7CUR*Y^Vg0j6mh7}) z3;C_r-?xo?`w{yC0)kZsg4&Oc|E6yM*pyL4D!u6takF^ve`^i^c0+pp3V7T8?@JB! zywnwl=+q(6-C1Wvi&aV2x^(w?*y>u4q?&!+90ERETSVaZJu3pC)Ca@eXNwP!;4td9 zfq%vTInyH*!(|Bv#MZ#lnX`kX6PB>?)NsS8vznVkdUfhU& z##&@(oQwrLezeGL1oZXEbjJ9u^v8?9iIxNzW!VdVS5=G?tGUn(amVPV*t0h*VEGoJ zFx>fEN7+s5%!N8ILgeB92zwXZcMXsRpd|67SbbugYZcf$w5eflO|N{}y+lzG{d&E8 zA+1O)Mef{zw>j5CU$uck8csMgSYo$hsXDrZ9<=fdTp?Ow&mqq4F_#2ysL-I~Ohr5@ zN$vM{d$`Ii^+c6Nbuo1>4luBIx(oAj_h=C0CUyY~TnBFa!n7nhN2w(t9)2xOedy>; z6%7PHMGb5XxtV_14niS;oHgB{%=q^vvG~(?Um*|8d|~5{wdN?OH@3V4weDSI7AiZI zDWy{qXshXC{Xt($RZ6E#C!_Z|i{&c7auErXM)z4X>4A0m2|W-ADT2b#dNqWgZ);Hh zojdF3GD8yRH_=QH0EnmkQ24$|Lk)mQH9>DN+l%)(+|rgYQb6C=?33e`qw~4` zSeC&Rd*TW6taZYB@f_5vACZ49dUWa69h+^m9Q9THnFS6UaCkhpCnVohK&XhjO^{qv zG3vF*G8Zhf(djnnGlxy+cKhHa<{Wncz=`us{bX2^4my#VboA;@q(}Pt4Q=-{guI8` zhepRquM&Gb3$nW%&rt=AQRR>ByEF((R;fT(8o$mdHavnbh0snl70A((%Q(LucZsA0 z7_#Nkh}r&!Kq@!3>?gUd<&&3dolQ4P-d8f`>wV7yMNsu57VYD4-o+2;)$ zkb&)ob$nPlMpmkz&D8A-Nl zqBEoPck0_GF7b1B?vWSnb6JfvM0K14^G(6h#}C_vFX0U`xaaU@L3`KqRkl*`R;xK$ z*xbZtTjNd1Eg1;{nr-RB_~OZJH@JrmhkSCez!ow=ac{CZJ+EqnSA1=jRfTC6jiQuf z$HDDi-g8L)jO4)wV1+QS`m483?c#>)*bE98je9?P~u_F^5%SA5wpEyGE@ zDrpO>>0~eDy6zS{?XA1D$?*8K-VFveC25O+WYBwbYDZ|d!*~IA=H3S>eE?O(N)L3P z9X_Dj3IN{s|57*5Xy!lqgi0|~1o+XfD_vY%FkUqrHoM^^KhvCFN+NL z$G#;0X#)8_6}Og*Z*C;q;By8mgHJvHg|p>4RUKx84(Ke)W!LjK7q0oPD@hASnb(J4 z#MEMUY0a6{7M{{d0-!yLSQ8j3_8!idH-c@W-$gq^$?@N|cS#C=tUw3r` z%P;j*)%6@lykg_bIW6t*Rc|8hGu4W8g^e`5Qq9{>BCAPi?Q_z|=9 zj~H-K@qpf%Gx>Aq1NObbg({UIqLokuAm4R7JYE`4?Co4MQLr_L45m+x`1x#vkFIdBdW|%GQ$Br=LW)ysYUIJ>HNK>Qc`Ivy9G+a z|AsUR9gY5Xj_(6{b^tWy06hyWa<6mSI;7*OrRqJ^EZx;$b@5#Z=M=h7$cjlbRjWzQ zc5kHS$4imzm2Lf{EKMv9mP(8pO4VitlLe@4YeMbpkcIaIB(InV2~`;;TNi&%7$#fB zv^z_Fv==iUUcSGXqbB3NYS(_jsFPw8-Pb1VXm41XTm+IKYZdp7Tm+hs?}r9vK(hAu zkMf1xZRUf>Se?L6Cjts?s-wFve<6)ryw-Gr%*As01L>tT#nx=r#`7EyI#ZZPJ02na z&P`DH0#-_kyipw%JxILME9ieYjWLkKwb)KsQ8pSPu7GFd%?iFcu!iE5le#>-_0gr& zlbO{r5LWsYPn9LpZb4HIiJa!k?-zZRdr*b#5Nye3!ZC?@pyPu($m0PgCBZ3=0U)MK zwEk;POG33PfE*a!S{eSA%r)5F-N5u8UI0APkrfQ-5b5_Cou|FJ^c@0FL0;^~RV{{9 z^3)k9#>8K;VPi>Ly^Fnvxe2SBZvm#XOrrDK#PfFGP{Thf9S`08iCq2NoScpaIWquO z(iZ$6`=4@`AE1tU`N*8$ln3Ku#d@Y7Ty&(Y!rOPjK%Q+H$#von-Iok zfWgNr9?H`Sui%Tl1`av;>bfv8-{LTk@rV51@Yp_1>!A6RU5%oWlz9Ha-$hA5ck33} z&T1*O{ABYq^U{?XJ)f4*hQEu`{ZhqQgl;=PoCzztdV=bfkwL92ap5g9E2H7D+jSpx z$39@*b01}A4pk|}J6PvUDU8N%RKDDq=_$g%{5-7N8-@|C>T#1q5gK<4W@?cl^85G> z-mf#lBr`+w__r{Hv(sk*lGzG7FgafTbCO2!9^GR+YrmaqLQnO}1caqP;D$=P)Ul8K zWylZ(YZ}o}`Wy~7S6b}@?>mrfJq@XOFYfUWZGKJXcbQk-`NsAj!!qe{%53@=)m)D|v7{>8~p@FWPVu?#)MWsy=6|(V?6Pf;o zZRZN%djkFG%bujfR?*IBcx(yGIONicb1#2~sdvRj_{}g^EpvRcZS?VpO;UzSs&ky? zR%SvYp`=!)FxdgQzs;}S|BW@GFA#^svcs%CjmM6&D&1sHFA@Ig_i=Od>u4sgS0HZP zhY32xVvORM!94Lqy3~;x)0saqN4!8w^$8%>PILHw%%;JjQ8zv}8yXtIeX*KpwA=ex zB+q2A_{pFD7eA2}Vo!QB(c8)L!*P=T`UwZT>KqmQ@`)dKRbht)=MTI=be#5{|KEM2 zimtZ84kUH9Ft9rw5yA| z{U_e8+~^f+#gwljyx#{;o%vBb1~*yta0=spzMWmYH9k)W$VweAS$DoK?zrC_`+3JDc~sY!(-gw{L>#3;Gu`b8pM)V;g1j?z5roWb) z9BI0TJ+m4ze0x!sTrtQUP9M6}HR?oLBPFw;=P@egEHerCl4|j1y`s?R> zL5LNFaB%f#5rIFU-u`c7dBfA4qz5tDm3nN0#E#LpDvcV9z^A>=TZroiDx-7bPC``*=3fqheQ$&C9tuQ#`WGp$|*D!DuAoo<`v z8Fq79C1-<$F6HBY)uI3Nwj}|p+Vh0;QQumuikRT z$KdwrDvVez5f#WTwH3yMK{Kkv%w_cVoPFFp2!r{mOgOk-lR~^pIUI5(;xUmqee_MP zrq{T}XTitc(70TMMc7|4r|rcJxOX~E|F{UAc(gBP{XEwwZ6D4=G@>h*?8sqL9~h_W zF({|szjv$Ff8}MDU5KuF+1uyJUXwiIHK!X=($~-IbI@hW;Vz%GEMd~1&awG!U=i%~ zZ2P)t>p|WggZT*hnJ+l-gECC9@T8VWk16FXn3RzNQB|rIq#wtMyp~^OzkGt)nwr5She@#jZhWj3$7=ct zjs!-|THMem5vpQPmdf3ru|KlZY;uN#(#}t(_x*h){M`BLca6SeT7S9Hb1cp1+E-frGIpSXIdTLby?ob58Lj>X}3V&5pgax^BA#rDxr zavYVlUr37^$oHp6 zq8b@*vhOq-=2r~6E;w;ug=m7l7HrNz8_VK8o6ujG4NJiiU0p^JL=xp&*oF5YAJdge zd`GiOWw`Q<{_C1*k6n4GVLZpLS{qbSg_MpgW`fu93Kvy6YSTk_4Yt%tf81nVN5p*s zy$(N-PH7?Zn;veHhPOaO-}7*_S6WXC>Rzc|^A<0iS!?+`kaQP>>ib z(!J}WBBpLnk`;gl-mIio`z2kG>Bk3Tp}8m^Us-;ObU@Fqj^y3sbfLe3I{T|1Bed5& z{v(u*W=W)TnqEFBCCl+puw$4t=!5%xqGcLzj!$8TIH8#%|Ia{F<$dY@o76YV zfay3W(K~FEM_2OrB{L*GQ3c+@iA2ZH_U447!op*bzIM|=W=_|PlS)#!hQ}-wH>E-Qo$pM^G zI2CW5F9`p;N#x@7hV+<6?AKps<|c|o9Tv4;hfjzYBdS|j^^JQ!ONF4YsUh&;&t3d# zO6}l_-2*;?GwxjvZ5)r>N0LjE*cu-lbT8F|UB3Ac*rMbB>&{IgAPo3r^z5 zHB~#FRy1tC!@!gy!!TShRR@+uD*)GmIFh6Z*1fYRPTMqOWJG7PV#n?9CjR0Z%P_i| z717!5EiG|QzAPM+xbF#6-GSr%D5SOTts$#pMm4E7$Neixap9f5>1Z5tx*N2)SOAMn zP%rBH*X|n$ttv~E|H0c^0Ob)jYodfe2yVfGh2ZXP3GNcyHMqOGYj6ne?(XguAh^4` zeCWpx|JHx@oOAcc*4}%oD5|Dr7{=c2r=Nbhn<^;rdjOINl4@1*yZnKI>&n=O8_m>K z@KN_Yq8d)Kiu-$3%L{zY$W9lwe1`MXC4IQ04ya~lGKaO%CeL>N1zMdiDFC4CYbOB# z=GUnFF)^-rusGl-uvn6h__RHGsQFJ6rFqX`_74adm!`ui!{62L} z(MkEMYea0v@}|>tFRV^7Rx4Ct(LzS|GAy@*z_1<%zM;;5C+bscn)54~(E@y;1`5t>Z0Yy?XU(Aii#KfURAWDpfB3Tn`53 z|4suP_?NLh352vdZ1$wDfAGLZlEAx>1N|C#;Tqwmy-Ct-HGmsukB8iJ&M@FEXD z$+6!ecL z>&TUB{y3jw#1c1KXosW=#ZtI^yVks19uN&y{17D0hx<_hAgciY*^ri|o2(>BbU1q% z{SOq9c4HKkAX8cq1^!v=Uw@&r%vNDsq_K3U#5{b%IuThUPUx@c| zaYG`W5LWv*oX)&5>&lrg+mpo|{vu64Ua%e)h*X!a_z$t-E~a4nMw=qbSCU;RS&n1c zHCpWiOnyRhYU?kkio)g#Gq8OGfi`;Hf*aacz}p@DMQd+>#iFJvhL95H9&X3`_S}Yg zZ}!P2>W?t`ke3mwcuL#>>ixxOsiNs03JeO9Ad%AV@3F%qiyRJw#JruCN`Tn%=A@WU%6ttnQW&?J6k}xHZIv|KM207Y&B?i{;nT zSz|}hjCKNoxGMK)K?HG9{O-nOR>~eMA zMSU}y*0--4>yYSEj?C+3-6j)KwE2{7w|<>IZ3KB2H#jJEWUk;yZ#T#We|WDvy2f)b zIIl8eluJRO?le<>x=bvnnSD@E4>JGrE-kgZ-_cSieMwM*DDWJ$V!u%c;g69c+jRZ; z1cKF)x5bGRd8b8QYoBZRP*eb=MtEpyJcJne;zl!$CFdS{;h z0~XW3(WO+6@;)|4Bdvtzl>r8h?(cJ6&tf~Fyn^49Qu=0Hci6-@ba08n&Zh+_O-gZM zyJrWm+oN4>rz5bw@5BKMWcd8hOP2+5;SRbLx5IVm< zGcGnhv^yJ}fD4*xGKQy+U)F2|ZQ2f=BmEUwxzCbhbm0SX`|~vrI!tlAA=t(m&#}z5 z$~)0~19P6X!Ptu}8xKb|jd@P!TBd4B>bW+_g#`{NOqjaURSzET6{j-Qg8p1Z$gArcA9| znjo1(rw7cvn=Mhwo%04JumjYH^OK*zN82Pi%_f^C0d{$9?X?5%(us8LV2S)3)0qN_ zPjH{$n)g*#0LlXG&DQ?6xRC!HU9v#QjKd7GwR`G(JLUexmzWH-nJU2mga2h3u`Dyz zPy~cG)|M7zX`tdok+H!ac=_FS{5aBBOamX_ApmCLG&spw2U1i@|E@(UZ0xoYw6Wsr z@G1$ni)g0QtC%NK_@r=szi%n|n^N`lE115FXp&;I3XTX$?8~RS3CfU%Q1iw3rbKDm zsQ_fN;LA86?ayE;bNdN)@Povf;f=ldea@wMhkXK0-vB|kr8>goVJgIWEQ=%4HM3XN zQ=hBF+9f7;V+9G*y*%7n=BQ*f3?q2jvIDw)UrgWVB_*nnwz$V~ghyNX)cCICMPmq4Qsol zasqU3_N~XFROgVNY{OzR=nHv0zsvcD3G$~r0mX>(T25>5LKlf)`dNfl%5Z;<6RP-1wR3~EBZu}~da6RKeGOYk ziXHzhbvbb-{d4?`3Khje8qZ9w1IVu9`uLo~r=PGxcIoW*Aomm$CzYI&7aC|u?pUY` zg1saPT)WmO2>96YH|Oxbf{t(Br)BKuVHnKUK6>18rLAU=I7~tDP=R9N)h68$l|Hjb zK*Rmco-+GWlvUFdAQ3DRaN}H9E)!h4tPn8R-d&LVt`2fcRAEtRW30)w5^d*90tVzI z)PBeG{w9f{;t;=@r>7jG+qRS#7w7$sAuh=?%qT;4dY7)U z^YY+>{*PDWb5na48RylP=$5&IqP#jy0Alxa4CkQ{9o-Ph;L>ehG+`oQ(uh#c^|(N` zZCg_mTUfRnwmUcOa>b5o5dM6MLKfHIO>!(KFj?mB&r^#*u(ysX?tzkE9nnzEfts!V zF6tN;J4=&Hi|Ha}KjX&wSOIm|ipGM*kQ9T;AD4`rR84syn8TgSpix#7-)N=enA`zd zNPckE=8NvS`)3QvRoD_|=S*sFf_5R^9?srIvPK5%^Au1~bYHwV-^mo74?kUXFN}`6 zQW8Z*C2xxw-jBfJuzd~0599!-mxs9?evik%QVvU!G-dMXk0TSe@xvO5o#OArMp)g( z0^4KB`<#vdg94UU25xkfY8t9{tLr(Y`AYu%0aF(3L^rHyHC$tA5vo;)(PR>cNw#w@ z;H51pa>zmia#G%?tu4C?x!fOA_m#s?JWE|{JVDXM_IyK}!VkomwoCccm8PHSu8$)0 zcWuK)9CltB@!z-o7UZpbjeN;YFr?Aw?ihVX6AhautTkSx$}khbPjSA-4g^1)UH~uf z@4`}!t+_?$z-)xtwZMjYWO5cNR`t{O5ESMDiBm>?e)$`cfLSTIdhTTd?HAiPos0gB z*L6@b=CG{FvA6HeKKjH7%_jJp)Kn-cb3#X!-Gb3fE_cSXNmYJ$mhy{H4OS2ulNX~q zwG|#8D{jXw9+FADnOsBf=&5u3PFkIs%aYXH(Qt%@@@qXDuSZKZ#{;EluuQJgxu&Oe z<`a68l83mH5nX=^`NcG4(fMts_Mzw{&4fiymTL^V4%g5H?FT$t!0OTE69=I1W4*;q zYNZ{!hG(`>y9E2HcjS4bmHN}kHcp8RKSy$G-2UE-G$Y~%87pyB!%q)W(-p4R1eG~! z8{b^m%BOcRRM&bwAhhQ0(gHJ^~qE~5Po?=@`u~FI$2Qa@XYGVwI0WQxC;_Lo$cRTM$ z>?CDTx_DWS@d-y8oe}!e2+bTY#HRW=ZfDnfq+>@ZU{Wk6=S5e*lK?Uen_&cbx3dAI zmN>4>PoTzWuvXt0)eI!V2EthTJzWb!kRU2H!WEq=TX^JuG#Iln`qVW{31AG&WD3gzcpH3Hd1) zBvM_FU4vBQ)<%Gfla%Jbk5LJ>e&MR-=>Xven48sSpdGXXwr4~YqGT1_@;4xxr?}zM zvHUHuEHZ0UE5feC^KmO%Ra)fE^}`1~P0v510RhhVi_N>9)ARJC#lT65g-YEKq6_zH zJXavN{-)ImznZXV%vIS*;>DpwQaDC$qoc|?T;L-Rm9}miJNcfp$=tjA)f7~pS$+AA z=9G$ULrO9SdR(sB@s`LK4%@Zi$wgk~(X$*La$YkI(m>CO@PC50xyVq!eGWwF(WV5F zgY+}UeUm+A_4@Vd%?^iXMztx*oRcN4qob`E zw?1F9@4gN=AS3jAM22)LN~_6c^DfXT2PmDLdR0#6c1B8&5S}TJmZ$hc@#%_GbOq;u znj%2!$2Rj%H0^bg+8!fD)2Bv zDq~Xo@NF$vkiQtU$hM!m0({6i6Alw5KQ8b~;8}U-AKWa#f0%Rp7o1HaMSBvT5|J{= z@FX`oD<}a|*TUvp^~s&Tr^DpYGjB&HqXEVA>kHQI8gY zx;~c(rW%da$A4_$5JYHL1dpc)=sWjQZgTi7kDIaYx|`pJa)G|OHzJn1BX7EA0nF<6 z(!YI#+TYeiimPMzi4$N#+`JHz3Q20Hnrz7x0qna9K#6}#{zm-eE&Zn!;NKF#uG<-v zJJKSeI4QT?iY+Ww}&qnrAEdEOC zRQ95|kdem(mWa0->(;G_6xB;yzyWUO+Q4&!NgMe^&7f*x<&xl^rC*ulAjOYFR-zp_ zaQ`ieC+U*q|2>LlSMdKq@mSvyP$Spy=E9xJd$+V$ruX|jkoEs3keo#%bzW5o6Crqx z*;GtAWpidR(VhT6--6FL4|i&*cX`)8WcfXEke2E;sT0A)-s6rfFSnIq=`x_gy-V5D z$F{agPX}+i&))28J%B#kL&OU7RJk|g69eYCsMLC1t-ySbC9rb-=996K2yX051@tC{ zk9>Y4%Ixfr8gfI`It)JLS*Aa;=$&RntG=EPG7_$S zGh8t~ARDN*2fZC0dfqRUlj|ghpVVQr`j?_1!5yX9h?pCl_=542=xA1`qojOM;A}23 z?IJ~>C#rGb(;RBAs4b1mE4aXt@h2hKaDMtgU@G2VX zdb)pbo{-eG{LwBuL(m)ssVlF0Gjr}p6pQ3A-&IP8 z8txbA=FF>vxtMh3j6?Yrch2>PTW7qkE#!4_OXu33<_@kPyU*et+&BQTZ$Ym{@k%i0~ z*u4zBzNnjQ|22$tqDoZWId~;uHA@aNyAIaey~yn7){KU;7Z=AoEQwwmII4J;dk29S zZ$Emoo|VHi1(O$;t)HCz)xR^C6~OzSxE=Zj%f;VUbcSJa;ZMB%AO`(yTr|GZU5bri zSp%cYdx;!LFCs-Fb>@;(UPSrj0c^D7TV5kBf3H&_UNKh11fr4PrV3H+|Aen=Ku1{- z2+<WOHF}qo^nXcNnsfYgOs>VQ*2N`|j{i)zUH0@+->)PCC4(a) z;fB}Wzq^qwlCOB769?;3=WFSLKsdSQ@ykB!N|bNAPEtjChQefj7N>t?`%}W<(33Uy z2N%|0H|=nDtTZj~<)D>&g(kP@O^(9~LRL?;3NJ(|>3|EKg2 z(~^{3)h7?}DOwq&4DW?KFb~GW*-OZ8w1|o$ghE7R2P--b#q_U*T}E3%;-6!-3$N#A z5YzKZL<(o#j6tcwx3M=QWB9Cpr@X=;-fMB6XwQ)~Tk?GoiN0}N9v}(aK0b^btH>Iy z)cDVjv2XbKOE;84O>X;$)#ycX|e`@Cu9KPyDPUKye2;{eUU$0_>6pBP144J zr;{!{8K=NNjhet%EA;b$SY- z3+CA?95 z+w%5^rqa$J81V&5{jP*xs_Vzry|J&9u4L4Sy_XSu7S{pwq{Qp4nK)L`RoESShTlh* zWlxIEjq?aPy&>$+-qlE3;%rt{?gyd)31wMZ@biO+YQ9p)^1l;n473lw0$p3`%;#Og z!=4*bhP1IIb{4Zwme`Jtw*ETpQY-Ui`hj$E4{vMJYh!PU4b;3INPid>#_H6=W6`a2 z{E?1NN@9OpF9GVwvVRntEY(rM1wsaHfmh_kRyyB=E3J70#v>$c9pXlT zwTOVbOJ|B>wEv>L=A}Z|4ui&_j}}wXq{3 zh{j+WXIfd5`5!sMr_J5fq%PFB87IlxGCxq@E$9L**hAX;6OOP>)s;E0*-)~`}6I{qy4kMkd z9{f3B{mRU@51-55&H|Ul3$r$LM)vs}w(W#5akumig@oJTO^71eQ39mC{#Uxzih0bG zWy!}!+C26af4$*KH8G~m)aVz=;fo_^FG1Avlg89 z<(+}Wbmu#C*J4|hU=w#_BgMYo=12KkP|LE5^P0R2@hGjO^OHorrwa~Xkc<6(g6n>H z+MIR&(oH|MU9P!|FNcT2Fr5hlt`F~A-u$`%WPdvU9Xl@g<3DD{8}Xa|+w3?8eAj$g z>gWCjJLIqP7KX<9P<#cvLhZkYRO(qZhE`i*(D@X^7A`SUd${!PDWduh*VpT43r>1> z)VR?$446sImcq3s_-pvBK8%8Pei)XWv+e8DdYXMQhbP#~XSI&KTjT0!9|5N6e6UXM z_zYIe@Vt=6iiuIvoOA=0$g?J}OhdTpg(@w3`okosAQb*VXQS`~Ncl5#7BN6(*JP?m z|JWmOgW~ge`qx+)B4`VZ3ZDygdOf{?3i`kyV6dL3>rcG0&w~k7D_j~5Xsr|qNDx&x zxSYa7XiWUDsG3Ht`X`%>UpkrV?VGhDyO0DzgqmNin0YX+Y6{q};>N2u>A7LGzc=kx zkHr%CCBdR1^@*JDUtPT){JJC$jx34=HCw zh!H0jhkN{|D>%lPipS(PC70g~5H*oYj(aCi6q8i`fw1B|(8JBb%k1iXKzrac{_KI7 zKCjTE&GqesI()HVAH_8&^V`e^WOidkpX@A@IDdG23v&IYK$KPc%yJ=g6Wky?Z^)5?*M}w2{rc9uy2xNulJ_~-19G!O7qd*R8p$+ z__{%_zPLy7JkR(Ta@?k(#qxgnu{y&!d;lHH{;%lZeop}vMNN@h`ET>XCuzIxf+0Ul z)z@Y(3J1#RH^U#%qEe=xdrzb^`)i7z9K6E|5|j}!(M4)+gZ|9hNGM8>s{SiNSc{#d z%lXw%ndN$wM*l7vkafc`q+yy%zD-Q~KGrna?>vl{ajzPO< zdzvTo=~xv;Qz;H^$z`UW@*KQoZo4Z%NWHaG=?l<@I~Yj{RvdzJ+?C93E*$39-ca9` zyDiZQ2qzKFPfkjS z?k`Br;{d0aLF_8yo$`4p>y%10a;cIOX!>v|B>qPRB6G*TYlh*kDe$BS|o7V= zhB7%JR9dZiPpfBOK(B@)%W^&8SKugYWr~{QK4V`Lt^V-u(E9;)!TDx-y_rD;PA}I} zJPgkbIY=jZdOojG@(+drB&m-zpal)yW&;`Obvcqu7WzQK_rn% z{|1e8(28g{y!5eUMY!b0(@no%_3wz2YlJo?!KMF#cXgc@{HRq6IeQdIB8BhYZ75uB z9(^9*@>O(}?je#B1hH7q5OFcj-nI#RlV`ARirC}Ug=7@x{(noOsp02cBMy13-%~S!@gkD-|EUr;Lk2K zh({+rJ{iz$cexY(%JuNe7Id4r8*#GOv*x&1llgH+NLpA0d8%N)$Rnowrog*g1~iHb znKhF@Nx|z7W1H+qN2tXzM^wYlr;zlPwD)_Wmlr33J3Gc7FQ@FWmZ1SHCQ9dL;67h$ zVf9weejR1>lvAtKbK$UWH@Zx$j93uz{?=*n1l~^Hq!b{H(V-%Llu{Ea<$c{K1T!Ce zUG)Waox}snGbv&a9ah7}2hPVxmSMG(T$ofRE>&G9^-w!44Vcgwn_1D3wP+B~-W;>< z{mQsGS-y{4NzS+(lP)wNMl@;ITybY~KPGLYw9(7I&HW|-`3y+yswBfQ2?o>(v%XYP zY7;-Z?EKLW>QB$PrZ!*5QM`y0fki6+_|ZnR6sp{u@WXK`L`OvG8q}Z<-1K0ZXmuPv z5dpHCn+bitjOWFyN=%%#k23XYByegk-nSq!?+$1DM`lMJ%|hgHIJoZqo}Xr|Hr7`i z`hqr*AF7J&Ov%lpBJ*ci!BZAkcSQHrn>Xe5JBud37n@eEa+8e^lyp zegz()R>{2y<|G}5AM8eM`YenF=H_!_io+&1RoWxNQ4oVkuVK&DS|b;OQPPyr&PR2K zjgYnRlxxs4J|K5Ni4=XiUo$K$b(^t-CXxnI!v zr-@3ay$0Zrr%rro3kj{bL|KxHD8{}x^@#Vd(HK;nnNe6|+e6V{(?)M>EgESjSAe7bL-ShC^34YPE76$IO$^0#LxYB(*%jYR9U7vIK zob+XH3>@n@C_$8^bo+fb^2LX?B~l-3UPz(LZlnR=tPpp}w?|ZXJ)?#J!YqY|m#AwQ zyu?S9F|=7uwN@$gO3U&o<)!L4%3D7X~NO z$sBhP7Dy6t?DE7Lk?sL&V`4YCObHzQjQ94){`MGS%k!}lR1WdV6yq$dv7vHJ3$XEG z0_zKx2q@XYRiCsn@jeuJdu{y8IM@GodZo9s{GU~T0eAGKQ~ftZVj=4+=r{`g2jDTY zj{E%7H|x_edy{14gVKor=%F(8?y^f#6Xp0=ll-auY55?Y?H6CRFiT`MhLa<2_Nz`-u^uwAX`{q4HPuzdUD8JrIjqUb@C3YI_$>t zU=8fVLe_8V7{=#$g||Z>(>tYKeR~R^)~B6Ub%B*v#Z|wLCh|gN5@38@YtFi4pTdGm zQ0(L)pFN~6P}w!>&ajP{r(pPDI~yC)Eo!@bYm}|Bgv8Sh1uPH42#HZVa|r&+1BO*Z zc1F&78a0id$DGuk_yvZVyCD^~FP+?-v1ZXbX5ut{`0Ysi3>z`tvobUfywSeO zRKS{nXpETmjtLzTJ+O@j$*_@5+lQedTQXIS(*9^a$Bs`8YZBm!E@gXHokw~l-<28l zgI}{Q5pr4!Li`u=*(&XX&P(!3c1ZTEo<4LKJw^26nR5CDBtxjni4XXtlnq&Thlig3 zy4q80$rLwqT5&hTU>|h<#(wmf2(aOLop0Zu(Tf}Pd{aFNg-C1-h>Lw7_?-A={H}>%_0A9+xl6 z0-8GGs$m`D*DQ@8r)8aVq-MFlJM z5$_KbASuE87HO?38*dLDjtMh%l_`Z7i^ruh-J8x(_Q{Vb&|tK+yFKpPX-2zNhT>&m ztxc8e$Q!zX`Ovf=WhoE(^5>ceDdSiIYxac&ULANNFW=mNC9J?=9$D&c%wy%!G~MH* zSx@7CnzF%v#ToR$xhuXoiCDz^B~ui(@uR-PIp2Lr$5-N~&RH0m!r_V50ON1$EbQ)6 z#pPpO=hQR>5>#Vs`z^ZNA!w(p^orYM_IWAFp4X4S@?QYHcY&3}l;=FHPaM#UOUK_G zz~5aopCfKgu5Ud$2;#M&9yxwxUeZVST$+4_8Sg;2?d-Q>MAG`W+!ABch&I>X(W|0j z<)KI^ubXWB@Ls@6{)p2a-=7fSfsr_I-kUV0ES{`X%eu>)yc<2le=n(((ZoK&WY7* zuc9_rq(d*xc&jZ@b>e<1tcFUKDrtMIeP5MxAJpmYz?r^m;9L~o^PF^_CS<1xB zT)ljH|L~xP{UIoO5o)KWX!IYg?zaACzj+!NU{Lwr@B#!+cVfZg*3UrailRWEQ=w4b z)jtpL{m16N9RDwy{W&Wn{4?RnQR$_g{ZSg{TDVP7KoKZ57>Au(IDwSN- z-mvc{pExbbdgEOAK}gYM?U3eNufh4qE7H+8I)ZB-23{W7Bg9AAPK+^7o3Vd8iIkO_ z$`(YO3l_D9S$4Dkm|b?I%tJhB` zsKvZ5QW(X<*$E^LGP-Mb_%xnIP`oV;#CvPs5i&EzrfRvH#h*B0Heb$38zkwsM8^$R z!HyBfE0K)Dg(VbqKa#4S7{o(m8LFJwt=Ub_p+q|3`?@8@jWT+VQ<%2+^tqkL8bJP1 znh8#8R+jsFN@bj%Cwu}9;L6j3a7KI>UrZYeaIV=hI9_k}y?VnsBff&ytoj@dg`dyK zuIEqr6IWBYA1`|vwrX2j!Ol$8_}tgQO8kl~!T!nht;xTe#l+LPui{QqI2bzwZ0rgu z4MsA(L^YEpfKv?qDbz6*RDQ5>U^gWk|GA@k&Kq_(9qyZJRKvF|Rc~y6rlzE9H0XYC z*@eAlO*3DwQ98M2w*@(rcw-c#7AK$j^yRDFF3{0o z*LB5eB|&HZBpy&lIa3lO4lRvmR)Zf}Z9L~~u!q79 zB^Q(+7R=6EWOR5^C~-ZpFP_onD!iieCy}}?cWFdA8;(!-jJlm^Qd0$vgNPp($H zRQ6V036$aw4ur49Zh`U3{M@0{-fl7RT`op#w*=-`uYnm4nM{W}Do|PJ)k#z4gfPK4P!7E^dbAIjw=aKdK&wSpR z8p)S8r6))PUC#;L#{Kra_x+-;(X49180W4}6@4G@Nn8~^07DW;;R5tc_ngC<`Ombu zl)P3ML(~p`mU9%u$jX6Ycs|WSasSCP&}j+6s_|adgJ>Z46mgo#h`>h|J^mx7zWzi( zf7=|TX~z7qPkI1M6Vepy1r%PuBj!7vd@1Mve_%%I89m+4J`I5-=@Xe|YD2t?UKNeE z^;tD7ETsf}T)xZv!oigDn{M-qJ|Vt%;q&d7wrkbVZ_5{-&V2T-Ue7|0B7x|bZs@$3 zzlY9ynN^$ZxUJNui#-LAESLS!ea^)emBpU;(wmJYWu_%6=sicZpL4DDlkPr4>aBe! zXs;vCIER&LX_XI@KBP{pZNIl7lOm8RypZep>fP@@8U2OJnwOf*RfF@?l0g5Ee@$=V zLRCHKjF|*;IXm5=l!^nUpW(9IS?%!|f-4{x4U?dI)w?NL$Igd#c|={t{P9^!W4@ZG zkyJ3_F}*QuNau1R035(cojy4ib}-k0x76M#149!UqDjRoNHOOmD65^e(izreNL(kp zcuv}jK=L(5xcSsKU;$x;0PB~uND%sK2wNRpqo|1#ch9)BxjZblJns@Ji{(4wSGxe; zRqmN$PmLadWfUzd`rcO&E};+c?Wmsu-rKm9P=l~JImx7ZQ)(2J5Wt~>q+#rH`s>d zlmXh8)L6(xbxToDAJNLB`7QHH9}pE`=PF&Wjef~iSXB=X}n(2c;>^? z3PN_(#@McsDO?VZTzi5yY@53T&z5ViV$gbA(GWndN83GFj+hej2I_&+T5I84co#5X_tJ&R%hWkjRleb^xF3a^@ z{=KO%L!f196~#|_PCjmNb2nV{5|^mUGC@Ly-P_8KPp6Os(PnZ=q_!LgO{cOnnSVk@ zI7iQ#khonf7TaLXuzU0F=Zt%s$mfTL&499!XIUiZwc)YCmYEusi)PIo7pdpc%G2h0 zcsR)D@G$2Vi2Y%E4N_hi+v2I}@4F3ru4jX*@Q(ZX(jnMoxTvukY$3TxLGJk%QFIlqbgIp$1xpni|`rQqj?i0*;gK0Rd1D1UyzWUG?648o`9%C7mR6~~!C1~!>f7vz&~20dMz48Fy9F+ceXZDXn-66s0df2i2|U&^ z7XP4uZ0E@1UxcVVBU^@B=0tBdl-CdqQ`adKXI@6s$RWvfop8CucwgC(-L~iK_5bw~c;oJFUlEkw)m) zTGthAVMv&{!fDFPx>uBN@w>je2$IT?NuqSTFLoPWmiEaRE#1&sneB##AK5k5yb=S} zql~nVOtUDbVzOPFJcgc%MTdu%B!6tN%mq4pNjn#p9`8{zB?0W524wV0IEJ|C&JMxe z@$4icX+5;_2VBE^aB6M>a*>Ffh3uIFp5g9FXD#Uq1&jj!_HG|Z+V=#f8$4ZSbyV6M zV!G|T{jXoKWV8nKEf;Zc|6tmfz~739>=}v@W|@(xrNm0thi6*hZkrKq@n(eCqC_9LxAOg@H&d{- z^mfWi3n6{yl`{cuV#p}E*pPJN6sTD(g6_~L%FTf%w^n;+JQ(I${UXxgGtY0z-q-MP zwe^duG5I!KjUPaB8wZ^JI-(g@*S+4GdM(KveB`Tr<0rWb3fPhO6Nz z?f9h>gqr>an)YouwVKYAS*c`k*la+Qt7|>5ib`cdtJn7C|yefU5A=J=vF4M$uCE?|aQ0wc>BS}O{9iDrbd3}{eVrP9IvF--%55dlS zRZP&tpV9lIj-RW|*+{3idBz|Tb(qUQ@s*zwFr1EEYiG85vS$+AgOiuKuj|vG%@hmx zvtIaXutP@oCzYVwZHj{a)HVPH+?lfNJjOKo;)G_-Y!y?k5LQ%bp*|eSCsk`Q@`LCM zP^*y~aYiR2y-MC@f2pRuwPFkj>HnXj!2V^^RNt(cf_-@MIVd#sx^%VIX5X6Q9s)?$xvc#8zh+dRNcJ^i!i=*~sCo3v3|Dfs>YS zVfbKs`)2r&7hQx)=FT3cNqdrZ7trFZw|5xbE*Q90TTrLKWo{)id50AYb0`D?Az#~) zw*7qNr&1nEF(&Je6nf*~^FMD$7^XgCB$a+I=tf4tU+fQ@zQo`^0W$`6$f@ zRKWs)-9rI!Xn5zf8otF_!v z`OV0V?9LhFc{p6YTSK_SaN%c!$f1Vm=I59iP59tS?u@E&IF zR={kS7dRdFRAGoxwWVHZ@^h_p<{0W=wepJ@y1cISIh{yJC3zuuZeg$)rhJ3j=6cQ8 zRkLc~TTem)@l0YhiF*}bRd3J5)@;bTIUEiIL<+Axfu=M?kUA>!(zFrqSmSPSj7yqp zBtVtQgD^9mVtDU#Iwn7tFMUlCH~pxH9bXy=nXQ^Jcsii<;5Z@UN;2u1w51nXw)%{7 zoY@IKFB;nR%L5Mr6a}DzhId^2qtni>11G+|Wyu`@TF^e_dr|v0{c$NZQ^D^h>Ge*J zK&p=?5O_Kh`ZwmS6K4jP9)mT_lyzP%WTPr{`ahoZ`J_EkK(!^Q8f(&KS4lhT4#--9 z)Xvc72D5uoRw1vf>;{D|T~?a4##-XPN_jzZ?AWRI7}?0=H6FL_Wm?Y&>2Pd}rYjnF zUlOsv`#4-Ff53+r7WWsXXMItKHm}AQ=Xj?Bf9J8TTq2@DU}>G`MRy)am5#xs{+UDb z^^v;5q^e4`+oIjeyF0B=L@u$bf(ZB)nHczN1_~8oN1X8dly%xYa8tjMMN<@!b?4wr z%-XutKLeWGQgM{Qz|@Er zH5A5QKtR*}o?8Hh@%EO@(8ja*g{Kam5uj~9K-77h@U6W%ylb725j5$g8sY6}cp?AT zLF-pFV!YCl7|BWN+9WD@ep`1e9!*AA#rE(8G;j1vB(yC;a0j{}`@CJgt_~OF^TR3L# z^$St+cCekvn3m8dI^87-TtOJ8Y{4fTRD8GhQ>=(8R#QPkSMOC%pbb4*d>%?0V>5Pl zPDpXeZCa(Xg1YJI`S_BnbYY-ju7?7t_?%Hu&4F1`l0YM6bkx}fOn(Urxl;#v=q6q= zw$xnxaD^eq`iue6|1cU56ax}b3l{Y>Re9QU$P3hjJC9*XsZpDhE`b^NI>k-n4%KEL z3NqpOE7RBzqPFJyPSwXben7s2rEUL!YB!@5k;ahtT|Tmee*#me*+g<~WH>_mm-I@l zeadP(tMo}%l-i94NxkxH)30qyBwUxPqO(IGR8;D>nWcu{1Y5U14u>Wa9_?euivspe24So!W;qk#8J2Ex5IJ5Toma~n;iZ7c`W^3a5Zv{=k zUiHswf+homxGjxL#HkETa&mLWbS$T~!NYeN7s6`_z_>_qL@Lx~!+A7Eud7EEpcQa2WXcy-Rq>h`Q1`wN5`~=sPKR>wZ-I`7Jec>iL z66`DzQx_G9cYg^B;FI66RPV*ILa)+m{O%Q1x^nqSbSkGdHX{C#hIp9oy$l_Ejd-g6!=jPHCZ`^*1@UxT{tvUHuedvKubaFZi)$Ac* zCTa8;7D^hLzEh`}GPTtTY}<`4-`~z?s1L9vvn5u>{NrO|eO8Uz`}@Iq*w`XkvP|^+ z&PPm%nUO7EKMYjVYB<0;{3mYv-+A%>?>BWkRlWhuY9DK4(zZfbxy6@~`VW}{Z?)1( zfA~Z2Kd#`7w0Sk6E*0r{s)*)6z6~fXo(gGXzZ#D5Fu{gGoNabsl)=Kd24_fV4n|!M zZ?_+}a(%@(=mf?<{*UI)JQ~WrjpJh*6iF0gn{~LHVJtJAThIH)`<}Od-t(U4ocGWB{C>Z4U)Q-W3v?|q-^Q}{(C^x?@UFrz2}shLqCrsG*xML9D=hAB;UMbH7heEEnAbE#zhsy%0O zvtGS;{_1@q(CK(vF#b=4c$=}U{!i@b&(Sf2M_P4j?d9+C5Qnue@xo+SK0udk>r@9* z)!RG>7gnlz{0$VCECIA*onUMnWchY(hDe7aY3-5@2xH4(0~-*1tvfn>3`(Clf<<$msAxqg*@gtb|3xzH))ibN@)a(Ccq2V|Kptdd6U# z7yI!$mo(pTotG8nV~C&J@$@r>iWO$3(cLk@8awH1mS#3BGSOtopku z-mId&JwUWpfWLDsZO5?n%L|eFV|1s2JMh$LPM?C``|%`d0mY%aCVaOf{|b0-Ls9eP zbK60i$-W{|fD!-tMnd~QoNXoZ6d~Mh%t4HPZ}sBVsOZ&CCX899j#D_1gzB_L0gLxO zeH{`-Vr6QjTExZ4VdsITlHsD}vUFj%U-==9U3QR%ehZ;NR><5jL=^f^Pi}vraA#Qa zv#B3$oP4}uitdv0g~MWKTXV>#Zy%;z6l6I=$J00T%&pz6BzJ=hHR$?lr;+V;?Juic zP!6V(w3UN{RARt4HtzVw?nAHpKNK~Yc}l-bGpd}~&M?yfHRNzSbahDKbX_DierPt5 z0b_V9`RJO%)j{bA^ilGW*sa62>9r_YE(EhO|6v_0u(_D^eAAQAHN6fiMMn=i=J20^ zV^(TY0|lYa*SZ@j?%d^}Rh@XyRI3WAb=g&Qj_aju21oEx3)YXM$=6@Lp*Fok6ES^N z^X{|cw5Aak)Xj|2U0GLdI=X)4xN47Ui*Cbu`hY{0*`wELXWx$-4g% z7LqEcXQPG9Gj#P4UQns-^My}Yho4uBk*gESn6)ep2VSC-F0P6|8Il_o83%QC=3S{5 zlhZ`-KmYA$$1Csdsn(S9Hr_ZjdAgk~Kiittle^5$D5L9Ld*W30l(%k(_|c}i@q2d) z0{KgX3n40~@b=rw-k12-G@Apzpq{CcB#BPf-JRPF+u$SdO;VwJ==o|w0VY`R_nr)% z6VY;L2jfvELEVt!evJ;!u`=bf7E&c_SW#3jXcj~V zCdR-0fPi&8n+LZzvETZZojyZ1Bx-^WsU2C=8}&UBOl^?Nak>l0=Q>)10V2lLY?5}1vRr~(jCrF!G2$g&UmW~*KHb1n8-uu4*Z z9wo(UgKg;aC~)RU_q%wlY6*;u4WWI)068S!aSoQ<*c8g`e)lM@&D_l4(v)bbsO-s8 zF{E8mBTU23CW-cJ%JIa1l^gQ#2q{wy;4$}KlRhzca(ogKZ3rDt4_{&lWKw2c%--Po zVNK~=kSMQWt|5JaNA$e4gsP2ZzOG+dnw1qKoa<+PK&UF;ejuSN-M0k+i!>ZBuJ1x9 zFO~x>^Ocm+uS{3fOO*p3H3>WfUsgoAf(^GcqZQlbBX4 zA)X||iu37+8ImJdJ$}Rp%lTnCvY!Nlp&Y15b40-T8wHqygaU~bTMX`f=F*I zsZrbi)m0i?Q&Z#S?tanM))a@+%J=#j_zpm8AqdWl(a|WtVJ?@uQ&n zFk?olyU$VJSO^e}^98%%KP`IMeMp0)Nd5h_ w?5~xu|NHyy-&aKdfk2S6#)g-Eq2zHQ?4orjl>ynIz$DOF6AR;FBd5E60&4WKE&u=k literal 0 HcmV?d00001 diff --git a/docs/guides/batch-backup/wordpress-backup/images/wp_missing.png b/docs/guides/batch-backup/wordpress-backup/images/wp_missing.png new file mode 100644 index 0000000000000000000000000000000000000000..a1dc99489b68f7cec3fac5e5e15aa9d7af5882f1 GIT binary patch literal 50717 zcmcG$1yojR*Dj3P0BJ-(T0}uWKtei{6cCW^mhNsIgAfr=x>LHlK?xBMkZus9yF1Q& z+}r*A<9o+9{_&sxoHg9A_TpJ<-7)Vuuj`uge*B-yh-0CXprfFmU`ad`kw-zfvWkLo z83XMvxMKGu(FlHBw|S~&kAi~TjQsCXI0H5*3d(I136Up?F50UTt}f4vPd;xM(}a2k zKM1*f=jm#ZLY{~j-MjnQk^$>Ey`EEuyz=ZYd38&5shlzqM*rJFS*rL_AEa;GIjOg1 z+d27V^In+xW?OB2V$P6zd{yE?oZ7E=_jO~rk*gWo;)N`)W3v05qrb^=O!C{iFUqAS}9e4YMT3mj=#^gm?1`fS&C5bQo?*3$8Y^EbYNaqA%8$>>%PT8$ zjODPTaGm{FSoqMeK_fRe_nBi)Mxs}?#W|6Lgv7SmP`}8e3$o$QpGr%U^Ez1^tWPX- z#u5<_C@Cu5^}bI}|L)zp7*1<#xZWB>9vc&r&9}BM&v3ayOG2V;bGpe7oBVjETafnN zz3}jGxaZTSPr0f^`ps|gQpEzZGc!N%@^W!K&H8zEFlB8M$g5&wQ@HzjczF2!81k)2 zUxb8(Yn(SINJ!|t3o9xTc^sEfDLo497rJl+4t1CNv-bD*-w6bYrecn3yVaeapKM&5 zY&3*p5m}Cwnr_dwtqc{YaIoK_4{vX7Zhn|DU^ZtU8v1T72|04?EXm2q2CYE^Lc?QY z-Lah3aEqOSu5OY8?u{F)_VeFUQc{WxTJv=p1h}|V*X?;9+1+#6neVi_Hdbyq#;8#~ zyRcwvY<#gdq+>Z&9zFw4L&f1(YDxF>@K|OVDlwMLY8x6->FLkYsOadvcH0}*)YKF@ zlb@5LzyWqcs^qk&xV@u8v2vmMY{4%G$Af-tP4v-1ad^B{UGBY=;KQJ9?eZrhHjEix zYwenyYfq`ypPdD4exS5~UNvzV+^ zBN1~y-ZiDOJKkL~PH;tjU~q5{8ykC~+R=T+pEihspI%18({ zx<<#w)>KwvQVN_NOd*Dr9DF@{`}%YcXO0L20u>ciL7{KHGdB1Zi+*R!Bl(rpkrE~P z0beYlbH@A3%#qq3HX1I@d+%9g!w?X&8F`$nRkZuAC~9cb7sAV@6H+)>q0VAfOqB=i6Z#TLOKj9p%h>D8BYL@4iA|&a_?7$!D@Bh}i(4EL>g2(T+ zd!LapJgD>g_i~G@jnLyhSwa4@-9Fz(abV8Snbn0vgm&?ZHhft=D(}qvdw4X|@DphNs zjFy&`i%VrmiT&fpFN@a*d0n?>^R;R;H8tTWVV0cXVyUJ>`4erSw4os(vxuwczYlNR zt*xztN%w+rZaO*%w4P*PRBk)_GRv{S@o~+9A#gu1MQ{X?a<1<;91h*Qbt@_=YH?+S zfn-nkFO<(0*R)&>j~A$f3}#9;ADuj@^Trj*=uj^fFqpJnDnXbwoKnwSmsZUQPAE3{ zMMq8~PA=nRwD*(O*>QAC3_2Ai5kvJtg1d!<#bCY`gZS4# zQd;lAl9B*_|Bq~{sHlEa!oK~3gT6jKN-8QV4#<@op*o1CY# zveE@c+0f7stO1`^=Gn7nVa!b4hcFd=eSK-$>6+Bi5)!T#X9q+~nkK_L)wPE+0pOp~ zrDI``Ar3z!_yyia0F0v}lDQx^*JHOwJPmWOzu)0|6iY%v!pZ(xDEbhrQFKhq-JKm$ zFqClSx52@|WKXDT70GnAQqXX`zhe0u*ExIFpzh_syC@_lOr)f)n# z%z@5ClAMA(g=p=kmmKDl)T9Opeb;i@zOxlo6j2UOoK5etB2V-_EM8H;OQNzg;^0;2-bk_k-Jb>ZJa~ zlr6qF#>wY|gaVl!_L2sh4d3O`5kc$kIu#{6{H@Jhqh8NtyCZ2#HOayz^1licW>_|K zrJV#tQt%j34wock-1hzvu44H8B=5FGL3!nPx?jQ20&|?}bjQ0&Hmy`dFW2aGs%3OZ zR-$vc(zC}}PyD0(q)L9GRM5Ve8(QeXyK&-@vi?jtp|_)>qgbRI-(wz`L(Gy# z5D`TV534Sbo(3@2bLll+sncfme(UeQG+dP0FOK#xA>n*b!@BNle~cv1Xr$PXxpwpQ zO&#z;ShRpGioj`v2I;uYg%{KxOR6uJ!YAabT;|%tt?Q4B)YR0R_I;Mn!CxXBt`9DR z;~sI!@O0b_@F@e?O3;2ddJAYEq-xeoL0F!4sFE6#i^R#6SI91fJLKI?{PHS7CJZTZfm;*VG|!8f56N! zLna9ATd2X?eFjZ>eZ`M@!*KA z8$=8_z76l6O5|2lI7>=Onwe#@ukbQ5=B1~n1BmEF-9A0q(bLm2?uyIG%Cfb$C*`t9 zI=x-s=3G@(Map6E^x3oil|6pAnu z1$s@s5(Qry>V8E|)Zq%f752kk8!cm?rf%x*FNN4jEgobsQC(Jfctyu^ZvZ@!=AN*8 zw>!Y8o8Q%|uj4zmEcI^>UopQ3Xb6wZoG^Y?YonPV9d)eNvUNA0oG~^KD_5qw4c6TY zS&NLqBRe0qlc7!_v{t;!lKT{lleQ153P15Y>PwfU&5%2|X)zgFwJ94ITGugq@~Nvj zJEnPwGPatlQh>FVkAn&^(bfBgme(pOwYZoCNEs`vduwwmCvMF4avc#k_v=1_5R+HuAW1Ybrr0 zN7={QyVPPtK1fkf(PFCJbN+j@fPes?hz|>2&SQsk5d1L7wY8^!Wb9h9TzBT}{J=n| zyxE_rpvfsJ-UNUf_+ot^Co)X#Q+oRTQlGehsM#?f5C|X-9y~}uoV&W78ap{TIXaf< zb^C_;U8(_p8>*fb8!UKU8Md>ycMQR>9Y+ZbCZ0+Y?XfBNhHG8z zvuG&s@U{TLlkTe(>5Iz9$ZSm3#mC40`t_^fWSw_u0_;)n{P34A7HM{NHbBw&+1Z=q zUspP1MF@M zVNtuzEjlU+u&C=&Z(45wMF;_dGT?0Ijme3L2`y}NDorh|__(;@l9DvJEw?%WDylDC zT~>=fk{grg84Rnuyu5_o&d$!ls;1y|`rg-90x%FfBZEqQSO&io<_43X-~~h{0jJfd zH*ek)6l`q$YE7GZvkX9<*878ab_Vbht(rl&5f%-7I6W(?9k@AgZd%ZAm{$*vQ*dW# zsA>udJDr?Ut78@26BC}FUtTINFW0EB3g6h8n%oL-cK?#V@9uTBH*|V>D&Tqivn z)dRHMr6)(889kTH?a>3AZas+oG<0%yuGVotu~BGL?*B&m=%Y(TYinurg=CIw!j{@* zHg3v8kHm2m6>Zb83Wb^vID9(ppU&E40ovqpN5=2Hv7?S?>~s&H#^J_X@3ZZw9n`7) zaXu8RUdvs^!60aF+qBH$R>z((RGX%8CQF6zRCKj?t(3tLPfb{^cBtOkIW@e$q8abB zq|tg*#bDlR&o|}L@4RQMU81vCsTb7rp+3z$m{3$RO2%d3!wtEt{2w;*h?YAd72=`y z^`FJ_>_JqRXh2**@Pk?P{Q3D+b~Zhgw{nhFp)PXN_SeRYt*r9-*6hFo@;a}-4+xL~ zE-E3x?R8o?ei!SS*J85YV4eo8cV=E*JiBQ~TAJZdzLxv`D)G&m>@U9IF2&YSx%%iy z0QH>RbD?KoC^&M-m(*6E<>l2NVf9P{3W@~DYomL^MFv7|0Ux=!yH}VEWW$V~9q*B{ z=!--$X@xDYvnVMkv9PcJ7Dv(<#rtDL2IA`K>QA1$Dk!i92fDvLv9h{qp;{4UXk_H( z;^MF}C>?{DHDD%qG#gr3S(%b@rz&@0d6^!|@yC(_kefX)OPP3{0eB@i)_5-4#*Pm2 zukVR_J4o^HiU4CjG9TpI>sNqKk)M}0QD#20*puphu+BJT08N4L1<{?(`~Lm=QT*;s z^78UBGC?^xD-eh<(9yvmrRnAK#IFPP7jWB!8^!0IGy;2aU(U+NSI1ceG&fo24&lpv zckyF%w3@Q=V1@M*41+0q3=-W@q@5N5eQ>Muf{0#LR)+K|r9U-*#)J2&gTFvr{noI3 zYf|g!)29GO0nf9C)TXB!eR+L#yG|!uy8zfAkq{Rzuhd7ddgDY-Tl+4qo(4EbL1H@`k>nEu^&8pt!W)XF#lc`DDs;5jN z71oKkGc80qVRq->8AQdz<`))7&#%}F;7ABhf{3I0&2jnZN|ykjxd%Z!n#Bv5xQ(@C zH77gxabh?(g`(W6P9AWmPReJn6&2kS>VGlU#?m_NoR!DujcZ2AAe9(l=qEce;i;F3 zWscCH5|I|mA6G-`IbA}XH8@zHoh=BaA9ea{Fn{+A)18Zg2_dvdx+e1yj8AXD%87Rn z%#)6@@^UNLyT_w(jky~`%J(v2E6l9crerb)_V|1n-FyzSxb!p+4>5z=sK?a!1GD*j8}hMzASjWm302;EANBa8u5f9Yv1YfO_*Vdi{GDuEBVpdsQ zpg9{R9raLeeH@7`^A+D@=jM*X!UMQN#Hjwl*!W;BQU^&5e9s6>{q<{xNJC@YN2ZRH z2#APcqoQ)boq@mt<`@1NI4~?s3lo#YSnGP%jk*J0h;}ADGut~cxC#mifno}Ba<=o| ziA}RJrg_BnR{8;!$i&aa^2B%b_R6ElsjA+mE$UqW=|DNB#$m}0np9g0+_bcC?b}D{ zIZCu^I22?A1dgECw6{wx@u=J*G6gTsuXqHSHf@K{O9SsrfE)9*ck`fqpSlCTKMY6Kp088iR=E|%l)F-{$ zy1IaCnEn)kDoeV2EIp4LxX|e5R?mR>kW{a0J$z*{SJJ%v(wSmRxV3X zA^q7$8O1C`ERWVSxjq;iJ6qcx6ZW;S3hQq#bmL`)J{*8PdSCTm*SxP!R!2+0>2AHr z*!k(6TvmanMrbsxVQd+<&(TV1yTPvD|yg!4iG8H!khEr_B28tj?-U!(Uwh6?HT< zk@KbHY5{T+t3!?ES;xT|=t6=gt8Aw1x&RUUut;fIIy*Zd%AOo-Y^<*{m4Wz}mvGmq zJ&X<+DT6LwzWnC(Yj73SPHXg7J?!k}gSoAg2+##Qz@LNT17TIg*^NC>D=Ut3$n zyMnAf8g<4l{UX@q-Gf1tHNr|LH=%g8YH@bJ*qPMH4SC~Rb83TG~?*#2s%XX{W%8XH4<#w z0%O-t5WsQBc$y_QT15eOycaR5>+D=ArATAG`ew|8)$lBK93;BsUn)0Kue zo2vnularU{=^v_ODKkcPiSXzR|(U0;{R8|J7q4EY)A(IhmR}PY8hhvqu zxA)JVKfzmFr`lf~Q2Yd2f&GCc0<30kI4z!j*QeqLaC5FB z(wv<{P_Uui^Q5|_1}LLccXiQIb1UKy-%;&Qpk6@mKyH2VjCM60hf|Y7P@NwwBqk-@UYcgquH|B2kjm#0g_&IG0|8UqlNOHY<>n@`prLF&T?7f=+Cu;9SJ zGXQ0u3|)8yM8ZTgm!l!U%3 z1=8`+UaC$Tq2+1>a5f|~6d;?nmKI}y=LB#w5IX?5(R~S}$O9^mI|GloW~@_5_lORB zLsU!*P%%X%r8de5`voSA!YA9ap|b7FMrWV=i><7zKqe1=^Dg574hj<;U9=$L95g(6 z1%)&m?aNcP8X9A-E~8?TaXl{>5*HQC1Iz(7yhmHaIah~*@-s+(c`$eNXWMe=1AFUk z3}G|J>Np(^mBda~M@M!?``)3!>r~HHnO46gF%+~<6?Xjmi}Q|W7kc8=g6sHYnSBX~ zB|>P^4-bpO6?|}IsIP^s^ShnLDp}4q+!-(pXgo-(t^e#go)kgJm$j(baGdzsQ@6YL z%$6AA!lYuAe<_HSDDR^To)B7~f76fptE5iG7o|OG{w(sV;~9d0t@^gtOnsv-;&s7! z?ksdO)6=70zi#@Ii5GcnL9L28`FZlZP>%Geb063g%Y(C86H|&p^w+2%>J33C(xgUTB!D80e(_^t5WjC$<354eC z>`I_pdw__tOQI99(;U!d~wkvYj+e# zIw-9Rb90_ZHF;SXyau({dmASw0guDYFKb+stRT^Dku-S{GgpuK#B}+p2G8!SUAsw2TI0H7PJ2QP+?#`g0~~^SUirDRrZVJ# zbicd?cc7x}+5({?O+4`z$Q!4S8)f_jO1V3upGmYi? znC}D}CFhP@esxu2pKycgmh%*5tTy@b_B+XaGNouUGI7n}*re%Y1bRNsRAd89u?0eN zd^6I*?NB+MTPIS-VtM{9^ZkLDGI6O?*|-Zc*Xco%0FH$4>!#tf3eRFWOGt->>%WmV zPE8>|xbLn11Zkq72lgirxrj84G$OBrp}yX>Sp`R84jfE>*8{V43T+J zZfVMS>OQ`{?F?D`#VSdesT zaJk03}XXtt+^woP*Z($dlm7w7Jfu@hz7QihZdWqU_Q+AKFCqxA75;hCkS zDll_^-{4FjT*^kXrd3y0r=$oKU9w0N@Qh&6q9+#w`hmpRUu7V_1-cFBDH}%jiopH> zB7!%pkBn3S>JNHAU|?V^oeYo{z=k#YE$@IpFYO%ztOw%#^i30}Ly#f-NG*8QcsYcKd-qxZj=_SGN2R1p1gz!l=LfxT1DSp3fo3o<8x0GK zEsPdG1#qsA2whrQ0zKaM%qZKD*noml`voSm)BNJ;I`-dhuT>?UA zH7_ah8e%?{Ie1Rb^Bb*qF@N%w9>`c|(3UIxr8^yg z$UPgYz&N^nRK+}ZSNYe>550-V=&3Wco35GLitoPm47$$X1{2Xr;#+O7Lux+Y-8*`E z`WR5$pnsaO6r`l2yq?Fqz@gpUPdJ z0MLOO+Zs!~?GwSM(G|No4J=Q(Z^W}0_y%`7UW|<2f)&wleryg5wAZBr zJoMjL4iw3evn^Q+5%G%uh=0ze`mqdMQg zxIOrI`5QSsCdd^1=H}+F*5E{b_rc!YVjxryfj-b~$$*jXEf2J{wb9BZC}N^R^+1@v ze;c5K{f()O`T6~C)WKx%f>#o`l4)+>L!8&giOI=5cNgV=(*QaqnY3Q$iU%49QU>4) zHdfaB=;qOpkvfQ_@OtRbQ(4)H@^XrYx}O0xU0BL2g#+qJOq_xYG_XU=#PouK0` zC=!?(0iRzFa{@O)ivV*$fS}}c%4Lr_&4!#Za6_oZK-{CHU07Iv5&Q+6ML=;t_*s5y zpi>n&Q#tYqDe8=-K3!K0@)stNMI~UNlB0j0ZL+C|Em~E zPJXnsh^pTj2Wk(J-M0@^D*0b%@((|p9sq5B$s43TVd3$-Wa~-$p{PtMs^r+(x7n`F zM2fM~r6OPHH5E-&H?b5}&J{d_TCylwvTbpVUHo0!mI1}|7={9b5;=!Q9;OyBrrX{R zZ3|8J+Su|0T*ZPG>FIrN&2})%WzFKq)x9=n_plAl6Z=79|M1}h5M1#7*ih{QS~=1M zINi7dIeD;>-iNB;k^}coR?w&vIh;7sS|ZcKk+oN!9sMCKDrqo7StCF4!zEjRtt2A1 zWO;FI`x_dayw_a;uU=jwMor$0%B|NsjNu-~Nx?eShPxc-SXl8KmNBI#Fo(i6HZ}kR zfx4&N`LNp{gy!z{Nmo}lwckMEcQsei)}#2l<*#P>IBws5Jj$`ZUy0ATgKRv? zsW?Pf$QfR`bP4Ku+RHU049$%dg#IoMBMI*T+Jf7>D8#kj{tl zG>C|ZXs-h3MSwSg*F$QRork9yl8o@CbI1!pO-yo+2@>GC?V2oU1LqY0Z5N=e)kL*) zG%L~z7Ngp-nRuIgCnG_QjSVSi#ABnQ>yve3U%#e9AcrUfhtONdfQpKUyuZcL2ss^) z;vow?UTF)=8@!PxAZcijN`W?#`B+<9Q#FHg0r_urZH@fKjgYuFFem5?86F-oIqo=I zX0G!1@ncEJb|^vvm2Ij4foN$u++Y`a$nbm2&s#y~>jZ)ig8<4C$O2pY`xJs+9+2h+ zj}L`f0v5v$k;c6RiVm`_2Fio*sKpdjR3KSo&K?8QLW+AC+{!gdi-G?=o}+x;$0th@|40%W09em*cTI(GJ5;J7D? zslj$oQ)O=t<4WZXc>_?G2nYzk+kqW|><%+1uUY*XGH|#lpjK7K+$4Lb`|>yU6GEel z1(*1Ug{8-=Ox`b6sxOnx?stt~g|MdPIP~CaFy#g$q!$*DDzf9sprNtx*vQDp@Gu`_ z@PyFfWipg=@^W*PVUVGO1S$<$VfLW*>A9w4yCP81v{)Dxjt5^S%^s{?LC)pH2^9Y! zbqR;1UZ{K-=hs2Lg^t%eLINT|-Ls>5KB0M4MgYS--y)Z?tarB7}aFi}9^XXF7P z!OX)tgUn_x+U#|Fnt#edtzy8J^PjAiKuOB`w{M^43;>Af6>0`+fnYcS#dT0v1fB>C zli53p&vhFJNF<|%6BJ9dLFAT(JQJX*;Y!<7Fl}`7YFHhR8_!sEFweADwU7*u3fDun zA0>vOjP>`)V+GMaWt?VIstJD=Vv=S4Q?=@=juy`PyQKATX!HMExA||eC?@Ui58uKH z`90Mydv5=62mc!v0&!DP?o0ovs7?OU%s<7e|5lrt)v+S|Jj!GIG-W#K-@Rg&`;V6B z%KTHf`}}`wQrQo-zt@N^S-()B!r!0g%JlhD=!*UQzu)@rLm$%qHe9^t0#X-k(>N~uMV*{)BnBv_s_ilQ(OE0sPVPuQ}Cy6|IyiGBQ08FXI~aQFOmLxdQ|^4!audy$#SrAOf0Imm%WoJd~ov!`Hctq z#L*+x{G||cv{c?x=LJ5v+&dTas%0H11|5TfwfEU+a%Xsak0%+D=zdA)2ptD94}I~ww?d7APaPabZ{T%&QWdqwEXmUBaLK_1&G z-OkuW*(n!+y2n{m=S2J`14~=c^X+fN@vY`10sZ9>9L~-*UKW{IHK}?COF7r`f{$r( ztt)l`(yMuSZWZSHCLgLQV*9fziNdqK=8CeN^mxWoREuX02)*skno^9HarV;B+zD;U z4rNuK>Hf$|x~+Yb?W*B?WTN@ka6{5kuhRXHD01W$9WACWD@)6Yt@DWZ-ajE{Y05MO6|+xK%c8FuCu%9is@fi5_jQSl3kn7`gx(c{0t!eFPNaZ*l6 zFXt#Jyw6^J_s-XyoYq|Tvbz3DC@;SXgL`{u+;uDc7O19 zrsK$IL=pH=b{*?mF6HC$q<>>Q1h424ljwjb&m#y+x+9#(Hxu}2uED9KVL z4;i0NQMQoc+&tf^=)f0Nnoo~hmqjayV47^GqnXO(ab?=`xAwucDhOt?Ev)aCMQgG` zSJqOmI6mj560sC}GH8qlqkQ)LP}iqB(K;)S>E1F_s1xpkqrFwdWBFA)XZKNAdnK-q z`93<;gPJm@cmj(V-Mr$5j%e!(xZ^6n^mT~c#nzQoo~wItsi93D+Z8^~DZ58NfO=zY zkW@K5N)FFm3~l;+QdpUP6dk`z&7AW9hemB`;LGXh zjIz<(w1CzN{_JwrA;R!TtAMK05Fua`^fm4^*Qs`u${df<+LbRKXOF@#UC-;XGI6d+ zo(S*6(p{dO-5NfHeFihGGqe-eq#AB0(Q4h8}t;VMMs)D+9|L1=CyNBfk{L8 z{S^lmOb&#B$C&g6DWReib@280uI9ns^+~Hi{!uilcLg#0+8NoEAR2=K^FjCYCP&NW zIAu#u=dYI#b_u<0ue2vRzJ)pX$hNS2_kd7HF@c8`6)Sv={~lPP*)uZBFw1Lpgci9H z9X*w!HFW|qBZInNgAwsi7(9?saITAjQrXGw76DQF7GqhJ+Kx(Vx_3n zXbL)&clzWrSu{BkJO=N=`izoxMFX}>jicmG#S^y2G3wzXhSZKLw)<70+eQ9$N;Pj~ zy>Ulp?5Mo`>(bbd$~jVRFN_7+akgG}*4W#X+x-~LH4H_xK6AcbO1c?Yt=H5;)iMk6 z352+=96+*`*y*7n1vxW8%EVOS3oaTpr|J!c?V`1${DhJW5_avc&6DbAaw?k17O+Et z#Y7RwD!zVC2~{b{dU7Oa-FP<`#z4e*om84VazaWvTMxtB>bEcB8%^yvch#Lts4SZliusk_F>oZ%O%RT4-rdi};8kO z&d`B#Pwl|UcyhAO`eH~ZM~ZB}zPwakong3Gfgww_la|b= zO{REk7@d7iD67NVz&owin1+a|a;A#r@v+XiBfR$VfMvDewh!f{#oHn=xQ!{oQiibM zD)5OkItGe~9Xk!-8oxJgRRD)d!qdKR6_w_@3yfGqLaI)+lJse;11=tig{29FRIRAT z7*zB@cNZQEe`3t*9~um|;ErnWFjmrx8EMf{l`7YIs-FiT=seUaV%@(_Nl~hm^XvFf zUrJ~s?wy^`0fHi9Z)KHOwGWSsY5CZ=)zOCn!G6wQ#ss9(oXzv z5sktg>n`FKyqF{V_=WSFL$N2@Q=#F@M^I~aPxRnVz+2g)9q z64Ct7wmD)Fd8b^b?7k!xudMMrn{^*k#L$;X7RvsO*0@Y=J;OvXF_Ss)6eSkw`&n^e4tVh8Sim1J zm|R?5(k{W9h537n+K=6T*}$+qD)O4b%=R5e>sa!^SUEA-UJ5NyZxh~|_!A%?U-3j}P!tINQLYpmF>)Nv-RD*zXC6z za6V?df;7*UD^8tc1Ka9AM>!u;BQL##O;YaX+=b=`g0{53e&L6}zDFs^4hNq2vhcLn zSSgSq+zy@V+#gTXY%Hhtn1s=C-h&+wKa+>!YxbMt-wTo_Mn&p8S5}7Xy@7$Hp@Df{ zv5$BwcKt-PL#?&Rhm4Gx?b#KFZAGDt8ejU-~5<*d4oLlJ&BE@ zqlCX;=6mf@`=QB`H?$0?*VNt1-Upm%5I?eE&}QH@rp!~$d9U4{X5YHlQ1Okkua7Ol zCwH`HXJd9YY$ik=x!>b(rsP1!Wxq&j;S?20XAzd@Q^aMQ`@{aZxpBqY=(Mz`DnyYK z6E#PGcE8_ zGAqk7EAI+Wxtcf2P>Hb7w$kAQBlfdQ88zJKYdFeRSI2#(E=u(WV&dX74P$XdTkgTX zr6uB%6dZ|<3H;Uk7vBwjQC3cY@U&fzHBcn%&dC|Mx|%Z{|0y^3w125thTJn83nE$y z4wW^9QHYtlrCZ}ofEkp zUA138Tr?HW5fFs?Zb4(<-!EF3^I{LjnsUqfB*CkdI2RD zjP+*9PD*~kWS*;8k*DscYr|?fRmEPH4t7<1nVb*5$r&!DTt+nrOJ)$+xEK;S*enYf ze(An0?@O{*#>&1E?mTs7v(MPB+f*U8zs&jK{B_zpOl2yTrDvPoS&1GTDkC=h4<4*Y zDX76#Wvi=?K+O2r<-jAbl>ZVBUY?(oC0DK`<>epR_1wfiDiPI9aTj~#+oM|Jmx)c%;06 zntSZIma8%qIzPxUu43PSF-4N~p5xhB*`T@AT@3IMpibDda=X$`zw+rb?Quuw?YB(+&M?SFT;@+WR z;bv}lOiVEI?c)lm)c8$phBoV*A#ko8`7-5 zg<^9VqQ=iIc|}cDz20A(nqoD*M?2BMg8T{@eXwh_C}k#O3y0qcKk+T@9agjM*bR?t z@YbI{=RD&N9~c~@;PsLxCeTMTg{V@A?4IY`Gzf0iruN6etlZ6v=`vSROdBiG{8I~{ zc)C;2K$pt-M!Nu^Hy;c8uiJfnC8T*POibUhj-u>kWbI{Cf(J!XZt2F%B86OX4V?`{ zcf)S_w$RY_xwsCy&7GW5&$p~@k7^D?{7#Q+Slt5ZE_#SejaNuz-3{t5rXvyiXDjUe zIo0!}!@}bF;jnd;Q&)+$O;CkY&ZBZtG8b}%6V7|#)*SIe%bLeWsjV|%J+aflj}VVu zB{D~0#+G|v|E87%I8i3_uXb$s+_Q%jz{)(9y3LB_+JC9eoeHG zkMnUdBZk%y5vQBx{0x}asRWKrVNa^7+GE) zJMUv|7-+~W)-FgqTCO=c@Xk@hns~k5z888ETZe_Q9JZ}YSB+yS>erk&7gbb*2F3Q9 zJFa+~OyIQtXfWw%Om&t;XlTT)#zD1CQwx080mV@2dAu&^Asa3PD-f(dlh4LlNA@?& zOJ8`^MO^I0*VM$4+1grhoWGL$^>y-MueOEK<23EbR0oteoS(NIFDcN%WCxlH;88Uv zy}Z=GsH1OgPCc=^V@Z0`|)rGl>XuqC`F z+=sYqH|k}(rA0-MVc<^u z=*T0`vwVy|=k}O2S?$4ZUnGd(=I%;7L3~N|>ritR6`iY?I@?5)EKF>=xFFZ=$w%m3 z{2ewn-ra(ShW#&PV+YN>F50H`uXcZce6Qo6Ju$JGl-H@!h?Cs6?STqf|GIg6JfXw# z1GS?LeQt)(Bj=UcnMhHCul(wW-tCEy!~zBujLL<4w~*mavtcPSH=2m{KYyXVwl?%! zLBW3UY3}sqPlgixtFAFt_#Sz8^O?GK7S5+KKMGq*5;*roShoKlfRaw3q0`<}ca^53 z@bJ0Vf=(NIM_0Xh4c{%_97I6;u?9qPU(j4_G7b^@>%93{If0iCLkkZ=_^+rH6Bxd` zUwJT@Gdij~Hmav#dEzu?sa2*9rSt)>lU|~+UU`wZ$}h4{;d)U?(sVWCsi z3HCSE`6EepW^<)fPJNhZPj-TJ%45H5d!97NhKJo8=`l`8F}R2~d?%WKhL?AAj&bgy zPB@jU9ZK`wNL-_afJ|ANDHkOHtf9;he zR60AlTnM_k@vOeiH?y(|s-o3@P?Vf}o^q9KMDCJK?(y?Og4MTgr<;YOE}m zOey-_j#DEes`gbW7Yc0os1De~r%I8d_VjVy!m@Gd?OAULDyQL-dm*Qw zu(t4`I|v(!xP80>(o^kU?d=TS%vT+#?|)h&6tKKF+ddK7 zXS@0--LP1ABCj-8^Uxo+=Qa+JQzn+IoMT7`Z``j@rsnlW8ta6f)-Zo&Fiin)# z@GO}ej21d!@g6@LE}78x*}%<7N#Xl^wDeupR%Uw2nn3~Iz-h4sD!7V;Er&ORZA0odgq!zRH4&ekU%1cB`k?>gEHUISo`rLM_yBRt42I6B1a%yeZbyt*> z23DUtGZf%@-XS4bUVTowyll4m+?*g>Y4yYNgmosU{uBCICf3qSOtP%d%3mbx=YnnH zq^P36Xl@<*b z^J{|fTh~!gsxiukFQF{r-6SCJDZm_O+B$K~&JjWUK-iW!Izn4=@(JT<1NuTpQf`zi z%h1fCqi@iQE29}6EPm%5jOdQd-vw}hku=l3OYr99+l}~ zX{1TQCf{~=z_RzVd|CTZSsC<7KR*4Izm-Pg#uL}%G@y2mH1z_wf$Qc7saL};F(+mF zl0q!e8lT+vn7sXB(t(S)VlU>YJ;;-su(k*}vO?67xLA40tE!^4#6&~{gsm6{Mz`~ZxH2M2`<;CortgN^1 zOkszp-a*F*e&+Sz&WrC(%#70Rul(crtMaNprlc%R%6!atEFzomHoq_8-xY}bMwy>w zx4WLVHE^D{V>^aGKAN|GqO_EKIGJO68(sQ+;Be32_BO^y@*rFsp_03XZ6mL&ynMec zH#5`Y@P1zE^`d8-5Af8YVu?wKjTUChnP~5z*WjzsI(**8wU+&IX6I(7;YbZBYNyP= z@!G$Pgo<&sG$Nj z1nEo=As|TC-ql1FPi*ph2oGN~7>p$+_z-d4Tj8=s2-W(^5qIR%HOLF{o9{oMmyz^p z4k|Y?r*>0_DEGxAEbr;64!qzqwbsmmRafy@EWKVB72~FWvmn*c>=MRmCdwD3_{`P{ zC1)14M|ysvm3TKBvCEWobSUp+(}7;=_ZgY;E5MKiPxJJ#k+RHpe!Y&#eX`f)L}e@0 z7oFmCrmLAREqV8MT<+Aj5Y%s&iyx-G9t%Ic?L&U&PRgaOAhW+Z7O=^C%@iN%K$$>W zDE5KKBMw&f4TE;{{n_$mCfGDlCoS^+Ep{z22~py=AoSs~1DhINQb$QqQ9~J-gw1?V zdt7W)hp(gjbYyY+#LU}2nn+p>4#eWvec`Zehv)d==@Ius@zZ7o1B zVe=7f8FOAY7S~{V_`}|=)IhxD=b~;-8l4*rJx0!oQcYyUo3ow0=;r?Q(Qin*?9qMY zwd%CxQp?8(o_UGddiT$r>%BEetKOXOtMUT z)#1XilifB{AE@n2GBM&8-Q76l?i-=nvf(28cwI?DKzQV=g50u{`il7jmQ>mbB~Ft0 zU!B-x@VwnR9F>Yrg8<6NXEF7KnVC@pL<$B5ziLH0A_`Pnrp_yplfP`JCv|_zI>9D0 z*CGNBh6TIo$-ZDBE9vhl6i6vJnug4=cGmebr5LF=yFhKrF-CKGB7rs?$@<% zye1`5BBh|DFapwL3?L069Yc3_qat0>4bt7+(%s$NF?0>FZ$#g<*0xA2>OzgIOorhCsX)Wa? zf+48=lBb6Si@xPpE&gi!u+et^P_|=h4SrY(W`n!KULS+iK@%lqE6HRfuY|-GrCx!0 zmT}cJowp03BHlRMZslOtS@#X~UCtNcZ0czHkZ=SNJ$eDj{Y<1s#=;Uu1jvMVE+Eh~ zdsshbVr4in%aF%YIeXiOfN?%5SGph(GJ`SW!0ovHw^dOlkc{9Ry|n3NCuClS2Ns(K z6Ehk^GMmpsJC?i@MKW4Sq*&y4FF)=Q_%>OmjhvUqD8~y*@kS8oy_b@5{qHCCNlKT6?5luSEQ3Ud8*1ypLy5` zbUyehydGl0#kqF6)$ojr_BrIM@W%xCD2=mo+~Oxc+;HHK3$dD+TSzv=rfiL>EnurL z0hagS7zLd7+gVoxTk_U=S$$haM|H7=varq1J!`1(%pN41OWkZSW&>VbnN%qGnwIwL zyztatKg?etJSx9KS-7&Yq-2RPso{Ajdn{eYJel&Nj@2)QL)CV=y2|AyiyIIg%$2{h zvpX+xqYw5h)bTtFM@kOItBXb@NJ*d2JG8dYOsn$WLYj4r2Sl3LVy)>Gih1AsT4Gz^Tm!|;Y;UKs=PnXo+sWGTvAFsXI6ZxpPTEXMAbBO>f6{y`%P!Jy<8=-4V z)4{Enqv3!U8yq~Ke8F{EN45-ICwKzX>ZjlkAJjub!z|ZSzuYL9n(U7s2jET95XzU= zVJ#V%fxhjb+PL?|K{-AoxTJL4^e;KVUEANlti%1S#YVaDkY=S^Z^HCQNYC%!>EG1M zL;9RF`{>&6{B_;`axDq3uQzJHVFVr-)2}!GW;P)q zJ^GvLrW7F3Q~KYuHKfmtZ*KTm;NLDCWLaXUH=hc;^{@Aq5!RpG5RQ7dB zFv~Ygtm|33ftaq}dGODRzf7g;`#+^GBSdfhvxpkAdp3{%nb@~a08aFiCaWZe`{|CA zvJ)mI{^|zm{_dymVd^qpiC;dWdO^>o*&N*WwQeCbcYI8CbWHZ%ow<;(Fc`KSMMY6j zv{J8Iwy$eg3z8K!5|T1b|FvbLEMGviF4o$EY*^CwftQ} z!T>{ooPfbW^|yk82ha0!L#oabL=-Uc5{W)^v2nm2m9B!RJ@)?}INrz1;*Yay+J&c0K=^uvO^~ zo`&_fu%Yx(uFLm49a8yxgDwXf z#}Nh9JqieOXAF9hoT42SgF3LEDQ`2OY z5t%|>FclURRmJCnoSVAAMw1_f)gi7_l^K5viu6q9uav1grzPXxd4@SOJd~=rn54P* z?HeydiBs|%#qR9<(4&=Ao$TUxI<|vugPu4nIF{9%iIK**Rb_;p><(jHf59Hj$XCga zj091UKBxz72s}#3lEt7YOD0_W4mvZH2_$Gv2hR_W2gk{ zbhH--E^ptzPjnWSHE;k$46{R1B2yKdS@0+>u`>1bF3#Tv5+{MwmnZnEeuT?I6OEr? zXAHq1QV#=I@n2%1tr~}gNAD#SDMmjp$;r8#ANtX{ig^kWyW+N-DOa-CP z*PXU6%S{bUVXq_x9B`WJ*j}dRTAjLMJ4^3~Dqq5bJ5BVB9Y7^9mliE9<3gd$07$4p z3>#P_hpB9IlQlJo)tt_A)v26JjqZmb<18+18qg}<1=HOY946D;%rjbj^~srHVl9YY zP(a}Ra2P9i`aLtVOldl)?_nHHXL|B>N9!R%w`tDLR{XfNni*65a#MpPM~WFa1|ggE@Ysk#bNGEwSk8I`qyP=&@3uvZ*^PLa@N4V2C~OThK4ZkHwB@- zz9Jk)(Ug=gt?~*#N=R4Wg%zp8cax1fv7KIBk=y2{*6;{+aatb9OIb2izIkJ7yX03* z0rtsJe}CSVzOu3eK2{iZ+({mPOabe-BhM|Q@6i5lKt|6>CFQ1yK*8BSKAYHe=?r|e zu4d7lhkCpl9AJBvJrnDaO2R38mHY8WS~voX=h(U+=5@EsPS9CzU5*6({nT!ypn!l_ zcGGV^8J`D!sX;INd!#cxTdRTLgf07PRdl$LxsN*)K2x#fvQ{(Lkfz5ZCpMM&`sX7V z`g#!M`)1qPD>~Z6$G!MYob2TB1qF7?MfBaGCD7Nc4YpG-dzY_dCv4i4U%!&E5_T7q zF6-!}VFo1g!WU9=fY?AiBJ3Rto0Ket_^eFcqeHnUlKD-dh5Pn!Ak`aMzQM2pahGSnANV} zkBp4|DDRYPgg&HlGeUADmy3>yh_QddzW0rmdc9BQB-dRr60ltR{?ovsRRt4@q|5-M z>(9)#H!yxB5vBuC3lc_kt=m7oB?b3#^sVbG7a0S? zAOVxX_xu1SN5_Uzo{OeWvKL)(p|~l=bkWk13f9~GXyDl+B>Bx*qbn-T4mt@zfLao( z0R)6O6gohS#r-fN)JOVVK-C}774#9q5 zs%L7T$bcyl`|3O{h9BPa;y!u4v%zT7l9^17Y$vCWn2pWqs4KoCA0zCmhSri&xfKmd zt+%K1m0*y2J!q-J;`I9QS&## z25O4+$TUKdq-N%(W~L?DULZ9W?Z6V{0SU|N*X?a>%@mx$p`m8Z%oVaS{2k-{FX`Em zv$7IUW*%OYx}hEBl@>3Wm2ZC4e&8)g%-x=s&rAaDjS+doe6aV}gmKYGP(H;FhC*t0 zLP<8OCF}GyKg-7l$n4R8X=-XgsKs6u4D6C6p_Sq{IZu23$6*SQIfiR!z0jP{SvEySgBXN5h0E$QemVgFKX- zO=HR;hq~lffk~PgxtGggRz=8;!cAw=3GwmtyKgh%zvNg!MC>^-cPjIN1tIKTZNl3m zX0^>xH)o<4O_Y>W2BaXKd14Bdb`JUTm{g-_p@V^O|8$O8onZ%&RTK@bKusAQ?(i zfviMF4(rSx{OJ+U#YwpB0wdpvo!`!(hLfnUD4WS*Rf^lVO3xRmp&!iMBOe3fOe{M zxlr6{so;sz&tOgWx1$Py*Y_|WIyx)P`GcTdic8GU;m?U;%R_h-oA=raf>ncBr~PS~ z5u@sAjp5IiR+ti|zKUpvakN$0X!_lh;jrNZLdv7udo+zt(udWad; zQT!Sn6BF;hZAxMYb}W zP4*gIlNV+HYr^F89oLj{HY^vBo|*o@4;hb?n*0mV`WrPfJz!!5RWo6-jmo*sfRt-7 zTnbOLDxB%j(ISnx*IH9A`RzAqOG&gMh0219vZl%J1W}+;kdAyof2P_O`9x1oj~b}x z7EVx^<{G+sdhE8%pzckEq(XdXh!oHcS?Tf1D*C)oCZ=L&qo5X$#hLp0x5<3; zS&V=^qiz=k%720g5P1DI&8u8VB_*=Q4osk^;v)$Nt*ZH5I_3KxKYp@-$Jlmis7qoc zs;APqf8#|vwvAjuC)#XA^+?Og^79ml<}l|B;sjz37^pmSRO;L5>+6v?@NO9?sUwrE zW5ijEEAI=K<0aj`Qy@&d)8TI2Ir}pfU4COG!x=H)ncxBJUh_UH*oz86szr6Xk!RaWlquPTi-f{2w~LO<;#Wi1Lsl!l>%HK?B1 zAlQzo*GZy70~#E-hX=(Gcnq?no+CLIf4BhsgW?O;=J#8kSkXWY92md?D_}~HNRnx4 zCXb#h_Vo;3;*fHY@yp2t)b17L2h_yoSgH0cNQaE8r{zY)MwqYZeHVe5lOc1#-y)AO zvHQ0y#BeTz#YQmNo}29E@`@Nv0V`~S;0Z1yochH2#fzbJV_`urA>XgJNE3iaVsRlO z+{(T!L$M4|>-;`%=J_GIQTd~#gPy;TU|eu0u-G)gfX&SExJ{SW8-h`t9_gPMTu^8+ ze6@mfrD6;Xd893m;oSwI6-08NjdLcSq(Xoda5Ccob}$31*|SQ3!!8rVazd^>`Kp4C z1BDZg?pWpr=}*16t0Vj`9kUUXG&HfC8+cAE!`2>^A<5|lf%6xQ?%O${$5_M+j)j{P zSeOB`UUh_Y?jAOr#F$btBS%JD2Qu&9`!bkiWa^Lmb!KJe0>06U1d8M(uLpbQ<$mWR z9zb(@br`~nZiA>FMETWWAgnh;zcl9|@T*!uAA&Te)n_Csv)$Ns)zT7k0Y?gRb( z_5LhOJjOI^Y-3(t(h7My`&cO#9Citjk?mD-SWlijG2efnz7Pa-ui;#AX9RsLEWVHq zR%y9nlojQj$V$}e15`NBH%p7Sozd)kCMDScUx+aQ{=A#o1nirSk_y^1JG8=TX6?Xm zMm?~^?T&dldZ?%KBPt3uIyl&f0iwu{0`lXDYeh@dm&1mKhrAh|vC&hxdNig}1t!}X zlX`iI6qOcZ``n%KD#Nj}ULK?eal?lJvr3ad@JPr_6-S_uQc<@L(AWk2h2$X?33Y&B zAUzcTPArSz7)(JXH#KugB30+zM?rbM?i5-?L~_VzQ$kXTHfDfV2E%?{ZBWayx5*inFPXr*C5s%j>$Wxb>aTun;Z@c>M?|FyQ z08F80&ZNNnLAd@W1(~?O$TrT*ij*U1ourx^E1s4btrWhLYP3XkEEMn9-onAsn)t3( zrFf&sDs!5}oFJFO#odN6O(Gp5BW{xeMR~p>@HdD&+{2BCcmg8SuDp}xM60bY#U032 z(J|@G-8@$%^p@uq!ho87DaYztyp;izyJl_Fv(m%}%Mf63&xi@r(+|tomzW%PylQP= z10kq^(2GuMF;JRuq2+|KwPR@s@AU38Xa<3o1;lnDSUOtWq#VD{WLI4f|H$rbt&2qt z*AI&b!NVqeMoTu-(kUw~&G%mEP(qKKr>-XMBn=?ZJeO7WhyDGldm`<2*ABDduh*^*YX=S9RAJ99p7fU&iIdBCAN*)ohGn#yM@hP&<=yW9ZZ}xE*?-|YvrKQUp^Lla98M7MgXm)0|%0)qx}_@M-7vt|rfx1>WXK8A-|Xv@}vue0*KtiQdH+u-@X)G)S}N z*~N5jEKd09p!TtSi=*$hYZFj80vP>3Kx`S(hQp?Wgvgj^Hx}i1@U-s+EJS#&8htu1 z{tUJ%4ImO;_MK;K*lMUoWoOW92p6+wYb2rb$bLFp-Eb$eV4 zxNZ%_Fbm;&sjJznXonXsToLzyWAlVXkFs{WL&Zp|N~Jq#gT;u4NFyL%VX`L&IHHRY znZ?tv>HKMk>np)DaK0XJ5Yy;ttsAm6N zHk*U<&@J~fjxlMO5k6>>Zd&F8TNFD?h*?mg;CAgs@Z1OiJGuqgKy62sgJ zuY4!g@JXe2mr&4sHJrr1hZVkJ!Ds69u6>Py2|V}>lE=d{eJLmx1W(rWI%Z<+5AAlQ zTFY>Wdw>tJnDzF2N`w!c0I)lPVgm*y0Y6uRBd^x+O>azx6ANB_}aj1XQz;d!^l9E_Ca7KG0q_qbHo&t>C zTI)pi`W0(JdHEQy?fTNkZrOLFrDG5=kC5SM9afiMh#GZgkRdU=J!jOHMx zAh7=%JvR`oG&FJOuVT4%2h+_*fK>v5npJnpfjv9@!1p;Ry8Hfey{=5|U4Fh95NRG6 z6er@)YgOq<-MHTq$-I2N^mFt?1I<#(G;s8wQ;}3pSJ%_S2g}Ewi0NC$(zLgbpxt+7 zy|OSBOfGwAUS28LMlPq`(GPKQY8kbOzD2>GX0vzF?C*n$ChzZ5qLZxG4YqYawC?0k zJWt+<`v3*eh6;9h28MoP+E~*=JK!H2xVhaSL$1cGiJgybLMbTBS8H|J%&UvQ% z?vpSGmQ8wTqEsXg6q5m4A70G}mu{T`?iCOudu9c|=jKBtXpHkV(pJy6xg7i)rTV3` zen~@f%P_my?*Mo5Ynr{~DY<5KT%PwWq~~|}1*Fm`B_}TcA;_+5Xy$yZW$@Ll zLxUMdPFga=2#It73OjsJt`>xANoud$a{O>Bvnr<^_*QLNo4;|cysz#c>%s}cpRgu@ z(9*yT+df*o1$DR0-Ba8mS!K?7v3Z>8ug1T&EM(7A0hzz+9b#OXa~OB3y&^$HwcXzY zDaEuyC-;0o%B8erJsmydDgc6HPy4PRiXR*E+dKfH_w^FUE6hK+HmLWAU*`cd{mgel zpe@}oyX(-xo~pHDXmA*Z$B7g|!QmuaiWYy4F*Yu%SoNsPw8JT&O+Z(USI*XTq;R_{ z>^U>{X{)CY2r>?bYAI5s|KdMVs5dIhuW2sq+5lDN=vJ1GqHGD;&;&R?zlOZ88&mBF z=5OiOjiV)#X~o3Vj!S=#{UouAWv|ddg~gxOq5Nd#*|y)&ur=v+a*`&+i_}4u*VL^Y zYwJ2=rTBC-@!@^50e#1=5PA`)UB!6)3Xe4kg?mj`S695X+O;Y$VI2p>zJ(vtmFccK zZwTnxDmgmxcZ635c6RxM(Z#mGWbi@QkcIFCQ*r|8?=&6IjO-`xKY+~xx_@AtB%6vD zkTY?8z3I75TK;uCzjKpZ4p556zjJ1;AveokDLmINUL(Q3F3&HtRyV)BQTrG8_TOQm z|Avvxs@>$x02t{3oz)+pPvFb%{G|Ugp7y(<3IOkrGylL%jX!Tv^8a)Azti)PkUYQq zx99ww@N^Aw+1=y~T|aW%uWAtg`N(xkm|8al4Uj%-%$nUp_WBJ!GMLzM{)2^S%s#sN z53Yv)UvagvYoO`Z_4HZUb=>^d?{D6j1T@^Bbl2!7-=C-Y_V3`@x12u%dw6X?{JQ>Q z;5RiR{u9UhZ;q}BK`LaSf32Cj)x@BZ0gsC3V~fA5g{bxSIMvheHr zaPQxi>tEn09mel0Dx^2>e%Gb=|GL^rpDLjo>=0)rsb;8aaM(5{phcD34=pJwx|eftMESz7tsmnqLiAJr zDfOh@@bRs)qS|56UgJ^L%_z!#cR^R1o|$)0i(W47Xqi4B{1@qN3G8`<7;m z&{|DRU8mj6_?ltdzbxYjxD8sD(P}BFDf3X2+3c+hQX93GLe{^eA?lEg)kf9KerhXj$*hR@DJN3sVHYB;V5!ENK=ItX%4_| z%N^MAC>DOeU1 ziM%dt8yyE5KAJhbp!Rc`dH>MR343DJ#SE$I~g+iD|DZkGNJ zB_#S5>g(qllkR@4bC#P(T=%G|n#7pNiDcBLuAE(3oo)^Y4aK!312pJ+bXH(Hcj@Y- zAS56n| z13Vl@`GDz#GHvZ(RWiIO-ZH5elem2n$6dnziq)up@>}C}+vKG=q(8%uAT=SOU-yUq z8=OAn^K#z}V(65q_`a>+v^- zdhRKR%SMhK6h9{=_Ai~w-MUb8*h1JVjF&@T`59SNUtxvWnNBQx{&8EgoJqACuTT_N z;sPWY3eCb3IOZgRv|nD!4ATQM!dC|fCjE%H05D}(DV;I{C95m*mCIp=;1C_!b3Be@ zcRF7iIX!i~mMQFNf)JM)N1{7G3dSB*y7`6okEnhx_uUANFn&(Xh5b^KQ&1p^S-&m& zI|rD51H$SPMjLapy=mpk^kSD(m;Hw*3ZP2MdY0wd{t23(n?CUD@m?Q zOo-=MRnnqH!pHU%d@qc`fD?cT`fon!i-ZjyuWckGsme<$Uo$9;l-0xKY~SUmOIvlH zvxIU~qHVz0J8No>OL@+_8$oZ!n)5RX?NU|bN%sj>JCX2;*)=#;`*cn&kWd`dZ{90) zbq;>Jdd0-F&=3NX8?#@1GSL-z%*PzZ4#@^0?Vz(!OO_~EIrN}!nkI!*~nH+ z8(oZMNG_~o!t+cnZ@jL70%*A+%RPot)5E=przci@M*CJ4GnQ`+6#okAI5Z(?^}kon z|8am}+5tgkNz@Tf7RwB;KvTejTzvN+7lG+4tXeKlYC37YB~p@mR!Z&tJyFeL->E6= z{Hf;hWOAt0HrPD2r@|^u>ipSYU3UB0ujDvv#*dG!Oo;bZ&ay$cCR^FhWBj!!U?op< z@Js>C*rZJ^h{j!K97-x;wN!o=+CK%ktYOE?Hx2g zOdNEt-Y+yn$iHZDC2w*yK-g~`#UQl1oTFM6K-d|^YM$pW2cMsB0n!teeW}xtG6VWH zl)%|{x)E_8-sV`dSIy&$r~wMI8Y3=M84NL{$JTtlETC;S{y5PX2yox1*QJJE4R!lg zdTX+wugy++lgb`m(NK74G)}-AF0DR zOf1@y@__`;O;6`?JX-s(5IhLf^(M$E`mjnxLruLomfzO<243e945_&Ugy)I+$>0_; zVt*F>%ZaPa(Ng^hx3aV!JKt&Cj|}Ion*D&EDGaT!V}~BpLb!>!`olazYY+mOnjw`@ z=Ah>3{c1nPm71yk{zsVWKq8u`^vsy{gf?6pxzF^(*3LU0ei|gY>W#wN--9~*+=>L^ zT9lAQ5AG*ot}Rk+b9znBe-scLJlM?RyocSYkhZX(Ve32=*ks&^>EmHe3JCCGgkwzy z;)c^Zh57l_fwBb4ZZx7Gp3I48TCew zVa}pZnB%VLN5$42o&uQz)4am5T6;!JKo>5qbtHLWVLCCR51;ZT;c~*|NtUa0>aZut zQ9kV}XdL|>+_=NLuU)-A4SH7aTyz+e+D=r%D}EGZoiFs%;QHLFmNE{j2xCc81 zERW8u>$jmL6B)qEmDH}meE67f)%wh-GaKf7Hp9YmUShPslQojW>`O*QR_NFvuRx%W zW?2j#6YQY(?=OaXRBq1F;BNWDzDT&VSPZA12S9+huMRF2_^o^hxXwGvJEATVzaS&^ zB0mGpYl5~p$0`2ETw*HM?K(M@_e&D(cID+ z9~5N01X1{+m6_5o(YjnkI)L0*0t&B8Rt7& z)LOwY?uehqVYO={CP6bG2MHuqk<`>$oR0=blKUzlCaj^0bIh|KeW2NoxJIWg>xFSA z$nFD`c-KBpGu38|^sODv-8IGv04WO`#IrGW(4T;IN1h%~vgY5hF4FT%fxLt9@D%+@!R$I8OFW1ZZ8gQ@| z1*#;shlKR6w!28OZB|O-YU!C7b}Dfnn=B05!|6;d*Lrfv`hkA()aj&z)y)E1)uH$- zamMMadCKtf_YK+evgemh3GS8NAPWie5WbS9w=^)g!6%+q9pjtg#*PULx2x)1mM>v& zW|Zab$IBaAYjXuhrEt*TCoy3=U;iOy!1o1gfle&YOfQ_>RuPDHoLYkO+1;R(<*tb4 z^OxPXan`D>!_LnJMo1iYju0KOM`KnIvqIG$5U&i*C0 zEB|{G-65J&89i~rP&GoS)ahJiqD_P`H-Hbx68vSVIu>@Vw%8hT_@Pjz5#$E4 z1RfhWEl8&zeZr#kEhPE$Na^nAp>lzrk%novX5A!ygTozr+lq_gIXuAQ!=Jj00x3*x z*Df7q9}wa|ih{cU%+OQks!rV-x09Td97}!KYWf~3NJ7eg#X^?gQQ3!vhW2#;rOS>0 zOJdK(iWzdhoJd(tZi&MpPi4ouhsPqXl$Ivf!>3|pRi(qBUJICZWC@>tD)i{1^bQO? zBdt@d7$2|pNGr&Q^lWKRhQj?g_Q7_yEO&z(xi?9UqwBb9XAhV8=%>mBMPyNA)4Pk}X&g+G1nf!xeEsT!ovV zx&E>=kBW=Ce8nV6)O&q`h_vhqHG*_^3aY3qL zayLvoV7c2VlAyM%yf77PgrX*kWuPy}62ABDR8-ilT>5>*sk&1>G&JNsjh@>5I`^dh zeNGBbS=8n1c8rQue^_rKn4bs`x#8&xkfnKV-ODX^%+^qVQOvD6u!SB zBq~bm-vR*7hp2kT>%3651T9qv%i7)_Ebril(LCNBplEpb7CkyKcSKA~RA?x@+UUdebt-Mm zl}71_;5T4R`IvTGc+Ux9JaffbXNx0{0VEaGAN5%Wyw{^)@_ z8v$5CHMV%Uawvnk9bR)4;p#g<5$6~ba$#Y#@BFUS)a&`BXIVM>adF8`C9&*YQm}_# z94C+cGWIe&NgwY3woke>5L!?Wn33^dUmFww;fKmc62+FCbWPm8bH|SQFLjr6#$%80 zilz3OmBGQr#SB>azI%QKdaeq3ZRO&$D5hX=p9R9$*w{eRm&%$iT*?aNLyuvi>=y^B)#0BQJ*Cx%c1!_b;FZPDT1qM&SX4gj+0pIr0#%zgX`xQ6*c?O z{F45&_&JU%xt7M2o`@QwhT(=5QBY^amxKkRVTM-NwTpC#T*oOo>2%bAnWQajf2QOT z&R*e%vfTA}e#`XWWGu0z$DvkhYppQMB_|Fv$2GUet0pnu0D%+=(U_SM^Q*oEZRFgz zx#P5R1UtK^RW&oaB`J`iC+ib1(b$@uZUq#vXin$FS!VL-Vw5xEbu&bfcguola@k;? z=fFM|{L{Wwo$Ek0U$d99zeoB7*5+ae&Pp2lp;K~NnhC`T1IKti$Py~qBH4b%ZV!^o z96&(#bE<=5RncpvoV$~pjz|6Vr;Mk&x6MPw(IZ3DK6aaPN5g#rL$Pv-s}9$ajFd+eJlxOr)QP3O&(Q# zxeh$*epmf3_7~t3)At@|%>!!(q|}!?T(;IIIfux6+MIGuI^4fBBqB=vFdx?%JthhI z+4~c6m;+ZpN-Ei3&iL0XK{m_~c>t!8k(Q>1BX^F4aOyhFH)V?|o-c0|+{KW@AmQSL z%n`4J($Jizu_K(4GZU4hq-dAZ##61Wzm!2PAsd6`NJx1g%Jw-Gq;ipq5K4kh$0OtY z(>V~H?G47!Uhyjd-H6$vJUV0qXk-C9M0q&f@N;L+Lh{omR{P5b&SKcymP}G%UoO-Z z9)-)9`%I`}LSJ{bAZ)qv0jqIz?8w(!3|o7XG^`_jIOaK-8=9_;j)%8%O_kxv)GBB= ztXe~gu5}i?t4LS6D6mF=qJ`2NA<#sK-lDzwl)S%KQVTb}+GcGH7ki4g)v~h(GMT^e zbf3|^K^2!?Eob&ve|Rqw1V})yj#y_+6=2c-?9Ko)|e z-}HrLLxjC8=X4En%U^$02Fl-^dZ4*iL^nyMi0p`Cj~dn+jo&4iH9zR_TH(jq^oDgZL^Nve)RYihPLAkG>kS5z-wUK$)8 zpPf}~`IX>ksQg%2+g1ZX7IuT>LPX>J#M>ioYxPt;;mmzSrMtjrV7{nkq~&5{qFq=o zUZGjCiuk@U+6$^+?^|g}Q4{-H@9tSjN#S6WegSmdgWFCub0j8(B_&3S9`Vpma&ky;hd-& zFNC;!Kk6G9AtSBbcniFKfwrxeZOtELKb=qcJBLR^zI4{6#{@*JoJ#}OnZuRTLVNh! z4~0@0$Fp07O&0uJ6Gt_b+s@{vUQ)oB$5qS|A-u+?O38wyg42bL?-d%rfozLld0>_Q zSVsDJ0RM|i1P&&xvo&Y{*Wcb#!{%`C$;t|F?~F7Cxt4v43^V=kmo`+4E8#!$Nt~6B zLH?POlj`|JqemtECf?TPFEz@*Jd~;>U;}w4w|PMjXBa&enTyY&XePY1Sp(Ayh%i!6 zCSNf3Y|+u`F_N+nd9xc3r7&P(o0%1SH6OJ3Pg=+a{NkSWBsDM3$uNtI;&5%D$xz5YL4rZ^}*M3 zzps8hIAj;~*w)@Qn%nvm#BWB+5wpNtUg?R+SKR_llGe`7&U&PsNuJF*yb+a@Wxn%!LuF9W{sfrVv?Fd+e!{gv~~MS(p$V5<_Nteh1- zR+B#^l`gx!K>%Dc^xY$DRKOO9FO1IGlI4Rz7MuC8NU3Z;@C`$5KzuMev9m9fa1+3bvr_25CD)--#N2LpnU zr?mkd%m(9D>zz$|dtSgR&&bfbd|mFBLk2Qi{5__NY+JUg-L1E{6hVkbbHEtnlX_B; zks;!?5G6(vV9j^I)^a}4!Wj^PkdZmkux7cA?6tYW8SJr(^&4Ol&al!`J{8bZ#Zax^ zW%fG)FF+NCOAv14-d@|#fGf)@6Qvf4X3?HsyOmj}0o|AsMHgX8K_MpOA8^%Wq%OYRYL)y+RP`;%*w)Q$B z9f-J+%GrD61w>OBFYEo=?eqBg;WC`W7bp7_C}HOh9(X3O@h6uGY>m zkW8OKTS=!>9t#tH-8vv8Bos7Wlu=PJz9^thotYsTQ(Xjty%ar)A3oU4>KKDUo*c-S zO1mgJ6Rg11ep_lp!fD3v^wr7L)|9mc-~j*Jy)aU?bN|+>p!4qCYW#zKdo+B0VB^l=6yna5MwH}{yHR)--yl7IT}odD%pb?poZ3nwwl{jd8jbM?oCvN`t0 zY{z#P^zR{J9FKPQ_d)lkQ>W$giBfe~np9$rv0)bh6uRHVX|mIbeCa<~v*nF(QrHR0 zvuSF7x?gyDdP*XCPI_=cl1`O=-&4SF0()v5|EGDA%8Cw&^+hzOJBRdOjmPGsRrNhb zk#RPW4Q|W>j)~2toH)_5S(jse{g$0`Hj^El5oJiO?4Ek6A4InWX}0YnGb<{BLYC}v8=pMg;G$h^Ai}0c8`*HuJd_M z?t2)zc<@SQOe5B2ziX<@Y~ugSHY<`x#c z-8Ot%Q_ic|^dugwUtNXnVi4gFIZARM_XP2wZ3NW)WnjE)A_O%IRX)*w1((bXjy#)5+lbc{inj;?#%a1Ig~7kAZ?&S>eVuOKHE;c}H6 zsHrzTI@$^g>HrYts@a4>wNb`G}>= z%-X9+@It7z4%car2R$+~y|aC{E()*jFe)L6`Udy1ptF{Dg|CafO1yN*d&^GArz|=s zh;a|Tpw)Rs4@wQXR?x!ICia?rA7e()n>#h6Y(*8VCS9^n+7zC-L2Axw^Z>7CI|M5z zP`g`hcBY`?n?Da^4^3+%m%o;No{0arU6cCM?+F*(rtn*V4^B=sw%tB*JS7{GJqTBF zMy+mGwUvvrcQ?2NsNqscuA^S645=N=?@8{Eaq}hIkj}7+LU)8Fway$38&=vK5UsB& z+x7?Rt|Kas2sh{Frpjzvu1BGpnM16pFO}Z6TIlSke_26VV0{%2lthuvz*Ma!UM(MF z=t#f(YPRpog?$7?S!HteLdF!i0aG$oAr*|WCs z@w1llnL(%cl**`$a!EvY%(zUBB0eVDZp+#lOq9ET=lMY|95R@(+w5UIG-xr;54YSN zm4@PcSRArDG#WeE>~z^vxP7#;OSfYv;<8pobthotQ;XIJ*X@?@)t5l5}k zw2^+qhs~qbe1{tYj+>Q<(8Ya7Er;2G4G1rT#P;e;>B}B}M#bou!BgJL5)LaJ#zSw< z^}jJCur(!j3IuUFW@?BO^521S`J&4Ci!BVARVj{)`p45Q>(QXPr6v4AP-$iyVQt7- zWxW3lV_NisuwA~Uq{4)~P%dabvu%{K49XxQapFJE|G96}(p}vxDymnUU0i&qeHATU zZgzVssZyDMJx^%@ZwM4RjRb9D;@BOB&FVMtVUBxqqqagv6DhK^Ie=omnFeN)Q+ zX%4!^GYGV`VR2t_(o@Mnt3WdC(pr3sh0FvqZPy6sxknlp5n*Y3LI>Io)l^sNCi3Dx z>=lv-mikh+zGX}^9Q<<5X>rxFBS3=G479vuVHvre(c?}f2*!FU+J#iIpsg3k--)!d zKU}xOq?+4KnSO$L2fPiW0agz1LMIg!Z^pyP`;7~X$FMOfcW{3{V!xqhy7&o(?UpeR zYy;hSc~(;?U*7Xst@hW-{M2V$IZq;TvRG;l(H*LHMs!#2-uDDuW}}#|F1w1TNE7Iq z@7y*LA846tqz&nx)h!st?fT&Wt6Y%H}IkiC#v+6W+8AN;`o@|Fw`f#ps^H%&Qyw0 zXQ2r^Nf^~26+Sk-M$r- zk_T5p@K~kIO#_*1^h?9j$U0=iW8damx2oxsY6>jmex&l>hd{)(ko{r%TE4a6dwp|c z@!1o{M!;D13{q8Ke#v5dN4lCb4R+;p_E1zzq{MICizWo3PJ%x224XVLvQ z_c%qIg>c{|A>d@w&E&qC`^S)xC(^iE@2ga=o>&}cc_=mRaObKomcQBjB{nVC3lbEkpO8RU_i zS~xFnU)5UsrT)$!3Y3Z;w4#U6fO5*wqD@*g~FMM2tfq$?^y* z$Vs7Q8LSx|MDB26ZwUD>JCUNotftp_c+;q6Vzc!S(f4bu#rT-PI zOgBq}G693hX~qvAKWszxCMyg_){6-O0|Uu&LBBAO%$1eI8pVCL_7E@bs#L)xFP;nS zHW`@1yi~>y8&I^bK~O@OguRzj8@TX=D;F!xzTpIYED&WcgX51hm}7(m7cj}%E3!?4 zk7j$PJNI%w#x8Y)^f~m+qCMMpK3ftTEC!7k-C;gyupaBZVBNduL?Qwr)lOs;>CTB@ zL?SWVjKHo@bf^kSd=Eq$+WN>;;c;((I)!K)SMDXd)w#drM(JcZ)=0Ue0%m@3@mQX& zzHaVE^-Jc?;o;`gbI(L4T&+xG**>z+HP76GnOqw|Le06CH4(j@Zjs8H~l7&S-g+W{#7Ra4P^ADd`U0b?@w3M-7qlUu*m)y z$3J$L@XH&bo5ef&JnUaoxZeA`1lQk%G^_i&`&KVn#m$#mxNQG6<$iz~cHsI!@SE}Z zk8StAJ>l<;L%n~xZW;XYo)H{a2;s%eN`smM~ z|JafLd>3{+8~ycr-cVr2=iW>L#UJa_t^OUbi^2aO|2+JkMZk{yGnc&pmFc z>HHx0XNUeV*2O>El-&8ZJGuTIaJ4wJ^=4n5z4>Qfj$aQ7oDZ5md!<3e*!X|db=6@} zZC!uvwJwNqkrF}BQ2{|jX#^b=5TvCWq;u#l6_lX`Wa#ehEW`~F8q?28BV$X~;CL)QJ2Z5oIhaS!=?uKlNwzd`ED~4i~N`>I+CA#z;h>miB2rfk9XnZ`XyceHKzYP zBSgR6?8NU0;Q#d;LVWHYKgvvUH}B`O3B4{Vc>U9eJm>aX)k(;H$frY`ndr}N{CWl@ z{@EXDS0y>{Q-RJ3{1oSVwLe8+bOQ5Fm+lMnZzcO}OMl%W>3-{n0V8fa{zAkPAfK(z zhgdsElPb&SxQ;}AG&-%%XBTG|Cn3?1uhZg3eg7VA^ZNKPo!(mP?~r^~bGU3ely=PX z^5x6$@v&0#sluS6R!?HOR*FnRpyC8BNGuWJJ*yjdT150CsN+U(m~=f6;J<$7&K*up zdCJ}b2Khx;!^L87(`g|0%~I}X=}MQ)fd7=9 zAP^k{uW`ng*AWPulg}wCR6CV%B^s2a?gOsFMggxr;^M zTVpK&)d8aO3J$}o^z`(stljPH;ykg+qzp0&H7?HL;(qb;a&mG*&tWL;jQ}n18XZ~n z8^Nij<~+LAZ9_xh1Z0S4dz@UZW!_W~Sz1}i_9Tfufp~G7{vV6d@fJuff%&|H1posw zW;J69q5xk?PUybWf29k=-Qhu|Jsi(~w=<{a$N|WuAsit%{ecj5pt1X|Nqg^bXZ-kR zr-lC3CxetkL&CPEflrjK~s6LzF4EdO{YQ33}jQF@7E`U5m zMn`8~h8B-1#~nWk)|s9(X>2Vp%)%aL_=rVtIK!(E(}`1|Tq=u-il!rxuif2Go;(Sx z_Tkq;nANMDb^*hnT)2B}p6B95YW&^p;yHg}=t*i#j8wJ+gt*sur{@JGI9O)`rzd-(7LW^=J$g4i{Y zx&cINw8ED8wp$c%%7etSQDi;=Cg6Hc;s|yl?7Me~mn+7Bz!gUFJgipfp82GEP0cZo zUl*NtU0P9LyU_EL_!gSg?28@Hb+=aKJbwHbsI&1?VxdHyKhqvH40_fQ!ff=$W@Th> zvZadYS1&-N{l*#8ZKS!mInaGyWYzTnP*4N6qveI($0U&u_{n6v^rxA7>LSV|XkUN- z{*&IUj@wILziOMv@bgz6ZVv-zt3KA%8#Yi673g&U5&80aRj>x|>Ne&AHR(XTi~4FY z4gB(K0We-8BvO+l3|}vFMsH_%xF5bT8EEKhIooc%Jj8zWYAuzgkB`$sakT*;=ACJa zNb&s>u`&q;(oU_^)?kIZG{||G!K>&lD+BEVyN+dbj&KWnhXL&V$G>v|oL5{Q^M9SG z?CoS-Q6Aj5I1o3fm%xAB;A5VMYlI>9btJpI%k-T5s8d8pB-VVTIV;93$mX?D>jfh7 z)v+#1Nx}UEQc}l=)=#1CV*6;O5sl{CLaGEDeOn)}o}YGIh`S`zSx`FDOB1%nd6>vW z_S;hjq?T0abuGERm)O%~(gGcxfpUW73-tiq|MSENK|d-3Ki>C+2Hk~MiHNvi?Y@7T zDtbmlNazo2wUBzp@Ysq6<*xvnEpP`1(Te30gtx_@P}i>UQ8H;yHTvqcN2W=q_}NUj zR5@%}n3?6OJbd7|Z7d`6ZtwnG9+!hsUBL{Xf%iCnng2S}vL@cY#IiTxP{*NS6Id=) zw^}oJ@MRtwg<`k!goHqpzQkN}5I=@f#_+amuXxZAD-ej$Q6O7h6v5u&2HLV|_og5^ zV5eW)-rmMOLcH*T;NR}{yNETzV2V|q-Tpian>z!81O1sYD{gUPD5vXh1XrG|jwO{j zeCbM$p8RTd9E%P1P6%?nyt+#hyfnU|)}t@0)3`5NeR;8`v^Y2-sJ5@MS}rMnl`ySn zQiL%C$w55%g*5x`VwD%m!zDQl7@=nyG?{8u4j>$3)y|GWLZ9LVyf3jEve_&tv|Y;V z)Q@C0lC!efTp6vvkxysyDT)6b;Cj42-oVtDPGP*iy==QQ5b*Zx-!wEdzzJPpW3tQ} zFz&K1M#)g$*_pQ{&#c0&VrLJW-|zL=ygtGD#3v*$c^LMjnuDPmcRfDD5ixHMoANz= zEFSYw+wy4%R++kur|iP5FX}@&}{zIgT&kiEn=7-;|Wf z-%Cy+Bq;<+1ef>)1x-iG*;!av=;%IncNZ9di;Li3=iRGmJbG1TIg17RqSp~U1pbj> zP?l+S>j@!IS(Vx0@{Nd%!0wSD&NMEaL=h2GiQkduRgYFykXW@#TfJ3uXYZC*aB-$x zL++-{dj+{E?>ByXR8bVfj}}#STAbCmd(pVrUM`Y%B+1&%VwKQSxkAKZgFkU8^bbQ? zstRMHk@C^xC8`kYR`bFA_tiGR_%W5{I(5d&i)&_eb#?8)K8~kEn+NRYG~b^y4vx4L)$O=B*O{*)fmk_`tQB z|CXtM_S!@(GB7GCYySPxVWearM;GW*pXMD?FZXuy+Arf-?aMGKZKXGk) zG+VX85D7C3u7@LRg?&Vuf(+r6(0|Pa7I?NbEGR5&FiW}QD&HHK3^|k0a%(4DJcNM7 z+7_AHRnDusdp+v;Ipggj;@-*ytPXw6iK=mOe*W8pIwj&_4Z=<37cBJ}IPw&NnZldi zIUjBpF_U{?^4z^m8oH42T-T46=SK8UFi#0sII7sV2VRLiZ*!Rh)e4di{W zxXkt7!O^FHYh+VW*(zmnSxTOtqVGGh4Zj(8+Gs;kUXxFijMMt)hs9~h*5i#{0qvne z1MKuiB@KwR|)6Swatuh4n%Yxc@O&K(IU1$>t~o zuYA5~qbH`bw<#$}eZ3mhGm%Bpf3zEieO+pcrbT)x6W&0h7T7aGM9!iZ^*k!y#q;!~ zii{ruIg6 zF79nF^H|P^woE`2ia+b|`W(#zm1l(&Z_iWnrh0CI@%WUUDzENbWIol14S;);#=?6+ zBp$!UA4(Mh`^pwjU(XLy1(2}w-lk%ySsZs@bab`j4%)Jv0>q13MGtJ~LQMP`jaj1) zMMKi~Y)4EzCK$Y&c+u`eDvf<0ntvR8&+< z`!~UKvl|b5K48590nPR6*YDjMYG`Qq_%TH~MSP(hTUl8d#bX=IWsU@Y*U*pzqXpu7 z_KO6#a-hriFE9Q$As)?ZKi`$~$n7-z4Zdpvv2<6G2>fGgZ0x?nCOyPeyNtL14#qM+ zKTpaix742#lai7Ghowa`qzSesQ*%%CB#IZEBJLJf5gM}OweRrUWF3-z$X{P1_TluG zm)HPlrZ=;VWQq8V7fuz`<0%uScnEwQ@hiD4TbJb=R9aMVizZL|*1QsWgb^7S@-EzZ zD;YB&$H0U%cuq7EEp^Ib1AUacSB=47dX!YHP*?S-?pe{Zut*W#8VTUKas_zOsUJ9T z0jrX5Fax%>E?vH+Kc{7BvcWrC2<#*qQE)^rq^Xbo5vV`T;o}dLS*AdEg(148RD!N@-nVIKvUsk#jU;}2VH{`zaKKSy0fWdz>0jrorkDSk~><^$xMv!`bo zX}LL46>XL#l#G)5)sCa26UYl$X+C9XN#{vfpc|7s1TaFA#n+@n1ycj zuDm=>C63q2mMoAq@5+Mu!(d07xq%WBo{gx`gFq`tm6N7)|5v-3xq z!ILMAUp{z1)H)1?T`o;(dN#(juN{F=bn->3vnfStWpuI2-q|>{m%~%E6YF-AhWs;8thHR)S3eZxX7W( z<FW$-6R2KejY;KaGlaSKwpRaJ)&0YDOZydN`ySPKo!w~Rlo z;&tc~7F0J4k=qj9G&GS<(A>?DFY&7cpVKaeVxIHt0EoYDGqz_Um8&IB|Ml zVBqALGp<{`^6=!p1AtCsZf*{iCY(+_O{$@`_7PKlx@6qrU{vejd5-!X8T&GKpaCqTpl- zO6R{`E0c|uSqc){3x_hgxApkdH*DRID=RHk@WEh=2lE>?Ki^V*SY$l7{{H2O=g*(R z7ni}fec3V-0f7kPvCZbdNBm86xZ){0I56-X?BMP$oIMW4m`Sbj`;&lsH|7JydJ{w^>`_uN18{t=~ti$)xcvo9tw_ zX~~<^Y!Cj)uG!qwR%+K)_Btjw!Y1aq`N%zXS!N63z#BOl&P{V)Xpt+b;UBXG4WbRO z5pSLJcI9$79kJBCbT$nfMUh+v{pQj(ev|sE?D0EoWjovB*twy2NI|Z1uD)vsK-mdF zQ|N(43zljBV56g`6D18g*p|mB=uf@en}Lyd5*QTZPlG~J;Fe9tZ>N;qbgWXd!3$J| zU68|MXcGcbBaZq$05#S{m0HHy)9YrZc`rbWOG6U_Nf_o6gf@@)_z0*(qp!602+TtJkd=M4&ii~Z`=D*Q&oMCMjjqHtp5lRqAMNbz+9&y5agJ=|ZKc3u!`%Tx>b(9HXA8STIx2@qn>1$GS6KAe{OWt6sa){&ES^HUHpR zjf-4n6aDJ0CVoppMT?+!F!M#BNm)1gtYpXnAWN#;9x@7_P@kHf?gj0Iz(G8WW!jDK z!Dp&3jz3pt5=T^JcEr9~R+{uzU6OTrt#l_)#J~cy*42Ea%_280x zpJ)jS3&USGX4-lQ`m|XD1OybT>!r39dXK+P5pLW?17vlU>=p)NH{iOQc1z+VYnUiD z3XlCv{U7hAh)Znb4d=Msit|7JTrw%h9;+nxNS*NMF zYRF_hHG~W_v*pWVupe(aC=_)o>dbO0j#mh#jIh(2<{-LxKRu_+g-f@uxqjRqgPCPi zHOxLp?+c&T8FwAj&n_ZB}fEOC&2`*aDJ|t{qxeQ>1K+1$)hz^<328Et1prIf-2gfS z$BbR(wYx)4Ki9@N4#JeYeHZclShu;U>ieFan(3z5>d;8Brh!|$w&3{F5%Z;)1NPUH zETm0Y(%`(;yIG{pN9OxPSXczv(AdJQRU+P{?=NHdbW2?D*Qt6shZe^)GjG!Etk2Eg za47jk^?5AY;Z#H4y^VF>QftSRTZ5VRZO;(KL5=`Y())m@p{cEHYkj>du^O-&*H6-B zt>J72ldG$)-`AXJOnff$aImv)joOaOo=t{G^NH`JByPUmmX-{I?pJ?q(Io@I#ctF` zKuE|b`0CZGTa8JOe1<2yp`xNvb3L?fDdfF&Edkyi5R1YCHE448rQ(*7W*#jvk|#<7 zIAdm?n40>iON6;MM}3^7RKF96OGvi2i}Uh2Vb$WhEi{P?2J@2=5~d&ua&vQoLN-|I zL4YhE0!~YS-=?~&Sq~xsc!RuKtt5zy?YOi2eRVY8W(zBdf`T6bm8&Q#Bb6721djy( z5{M!oUtxjN5KNJ2)s|eq83Gc)XC#!Al$IUZJUkVxt)kY$S%B2~`krHdjEKG{ZPVVi zYlLoBPqQo^^S;c5G*f*e~3}6e9r_*Z1r=69oTdxT}bCk7}MVZyf4@(R3 zPrBJOoLTOAvdW?}OO=y$e@cdbU8>952UP;eI#}5hJhBJWav${BwikLuEUgwG+ph*x zL~t3i4^s}ls>`D74hnS)-scGN&z_Bi`1pAIl3OmTRXay?sFP<1sSoB;Vhj^(Nzq5w zk&u2Um0P7vEAj*c;Lu$(7$`tpR8>^qYaFIynY*xqc2sq=b0}WmENleG&AqcBsi~<6 z<^!a4admZdW`>NIn3#&n*nT2rAy{6mlOKU#aEo$texg*)alp^7Rwgx#XJZA`%g-l{ zXs^pU)?IQRUt~$T1`ABZWfn_&5g@wQM<>K2wID?{jC-2|h<$3zU;E#`1K8GRF*i}` z){qtDvO66T#eD#)KiuCbp<3=q>xKyX*0uB?ItfEL=BlcyUXura zT}DSoWBI_PU{eS~RUxk`y+kkYEL*)sO}iVQ(uoJodnDowG#cL~8~8lV%jSSC1K2t& zIP^pY^7+r7CB<&AA|58qZQ@R5xgyYeK|V`qO9Da|gYjzTFX!07X?F8dH-4mX<<)6^ z=b=)UrCxIc7W`QLbw0ac&u8sAU6Y~0o4C9g(p+$7Jt|6D8eZ|OF{ts#S}&mtxhyg! zrOh>0ZSa)zn*#z z0*ZXo@#;xzejC;0%XH$Ab`$Ua*h)Qxco^V=E4ju><8qhg=B|^+R(zR?4Z>)hTfNS_cf10!&M4fSQaj<}pMAw*od90}!U#qdUxp_-ESrmG?Dy$c` zL3+tbkfQ(*yMfShTWEvz0pECzkWfNYw6(n*hvKKC=mA~=qk^JJN#G3;!^1Ph<%D4pc74Tgrb<;n0^QHpR(&j+VAqdz^}?M-fNN{H7#=J zzQmOb|E;E;_Wf~~P5GmrwRTPtiyu`*HF`~rpLN22>!$d-W9*4L?WvyYuva7boKies&j-5TE(oH}Sjvcmg-U@F|b` z>*w45TiXBi%zq1uzsh?5vo;$0vkc2ga<_BvXOqa2=QnX>fEP_9+mor0!`~L7AV?!c zxh@`2l!pLbvmbH}@9LR??9mHE5&6;R<#4;I!4J*7Pgz;%Xt(?7wwfFzbOpxmmU9is z<|r8IllO;QGD!ApA|Ws2LASO0oPD-CuhHd8K`8nqxeuBQn=I(KGaN|@>;55GZcCcK_R>V~c*0!>b zy7?Jx^~9(UYYOvIdeFmSm+Su44O>!%*K|{`UE#^*ZHti_2>Ud&mb=Pd0)Bf}$x{ez zJULxbbJx_r*;mZx;y0Z~r;Q3NGUY#%%ivklqkFd_Hu_Whkry^T7+RiQ9LU8g@6*cN z_CrEeQpMt;D=unW%NsP`H8(#)&{wT{gJ*Sp!P;RUsb$q!{?0kXTH-~qI-FozwQCCx zI4D%H4Ge~|6bM|u`Zd;)b$ma0UQV~ZsOOp_1z7W|=G?0+qdW@$(oYLbTmcNySsqLBT%L+RyOaj+!rdQ?Z4r7m~18t}o z<0UDe3z>ci1NLyW>!?&A*CLgEy79c68^DDkF4fb8-Z>K7YOE7>Z7+tsIYQm?7+vMv zX7~L#&sa_cX1nZZDP$1QIi2w!Ji30^(@@IJb2fSFSSZT!;PoGd*QZnxcWW7^jkHWrOem=V$?fB z)YS1wc*IdzXIJ^9+Q=*dy? zd)ydIsOU`(i43A0ak15QDbt7~DgxqwcZVsrrl1Ah7iaP2)F%7*7G5i#ab=XJn{6!W zRkpO)7s{46?v1Ry_uZkw+L+;V8MiC+ol^@Bd9J+zomhj)&h-4MUG>P*%jJ86t`In@ zs%NTiA6}i=MPH7`#yZZv*sq&YAl_k%l=%f?vUm|T|6{ycv zs%;+_ao2`aeH!Sy^H}h4mh^MMX0FH}Cw?Gj39Qa>GSxjMr04K?`A{}d0)I*C;F##J z+`QNaeE^W)6OWSwWTu8%IyXjmyU;|J5e(FpC;?RGCFH5bJS2BBL+*H{k&c@^4F|xs zW|A(ni1;r_tJrG#Mn;$iOzEcfLna}qd~%jHIhBZ!)8wN@LPmnab2X#hJJVmE`0d-G zjpH#~9GTN#ITR`-`F(b3q?i9pY8Df{TjKvGf*1Wy^k9moj88_mY$RKJbM~gKv?380 zskb(~BfJ~W6A#ThBQvoSmt)lcu$9iYU33hh4ma7AS`gSv^OmRUkQj1d+Y#4Hldq5s z<*lrPQzJ+#S7MHGEzlp;?VN>etTHiN><)3Qp+`d$wh^S{aj7m>K(jyXR7;FmKIZqi zp_<{uD#yb|y(#YY(pB=0_d!}ti4w5e<9#>n)vszyc@EE28$Uo*$)_Ly8JIgAtMx%? zrpc9oj^kNX?l!}7Sk#X&at?JAFQ9T!5qqgEb$N`%4cP;<$YN5F3hPbg`}zLCi&au% z9wE+C?XUYE$exW}Hk8?n=Bd>%k@0BtPMV3z(=B^yu<$zXb6$3G=8}l1Yf$BWDTZGB ze6P!1eR8J9J?*l+@Q8PYs>xSwBkh|`F_RFrglj|JXR@Ri0pf*=PNXl}s=9Aj(c@(T zz_(t6*Lpd)7=IJNybcR_-WK+}HfueEjPl$Y!?U#5<2Cj(ckt;a{e|E}2ApCm8~5EjiQJl6PYzfK~T&Mun+}IGDz>(@Cd|w9+^odhjEa zR=?-4V_jC*<4Y87A_IwuDai|!S$At$nAOhGu-u&0jl>M}+9efBA`quMp7KAENmV!u zaaGDD^~Uf;G0a5vt@8xMU;_$w5*?Pi;#aEd4EMlSWQe^Xg-ZEZI-Z^^G&Lz~L6}WG zB{&}{UwIb2Dra6%xK`kE0ve&K?hh>GZ#%#@h)k=r5fjzp4=CB5ruukA1o)JGI0_;qnlD*gBl~KfLohLiw z0r{&0KI6H}DE9lz+{-F4giA(p&1DoJ5pOfa88_rmMgDoAqF?yv^v0O*Dkc zoUM#HrK4IgeK)pBS1GJy@8)(f#5fB4ldFP0xBaLOhZWmz4ptNy4L|uODuOzBZ_|cW zh^efHFocjzHGU2zE)27}DzI!2Q^byi>x`FbwQC4mXJnu~>=9^DSCl`SFRb;ne*xtT zC0h*U>#Sa+H=ADWjs231OJf-mr1rZr;G4mTvoW`FIhJX(YOF=G0!&kTw?Glj(LLX} z^(}jS+3{32w4dV7;?g*IPuoRz)nN{nRaE`BT=Y8*{ z>?WgI!DrXe<>|>*+8%wBT*=$!29~ZLKl0LjOM9r9t_OB6Rkj50PxOwICJqGGcsIx? z3^V8$9c?#k<+zIR*n{1(LeD54xy8-kfBn;I^1hzaWZwr{tZ7@N(>2ZqgUt<{ojK*R zv3?7WG8uA+s?Krr2{h1e7u(<5S?{fRpZBQk9%W6r1zQfw)Zsp`=uP0U z^qj}o5iCiXH-D;;dj~Cl$7kKLs#IyGA)9*tczbKOge+Tv+l+ySw(nhp-mNc_bMhY& zTzNvs7mZT>gx>gH{hO5k_2 znZFx_|Lcmtv&_OgIwL4OzCmfh8EsIMU0p>%cO0b4;i8!|C^e{-cO98ZVmkG$Y;AJ@ szsP<50bn@`OUoitTq^hC*!1{}zHP?bzGnKLxZiy$AkLrtSmV|I0XxT=RsaA1 literal 0 HcmV?d00001 diff --git a/docs/guides/batch-backup/wordpress-backup/images/wp_restored.png b/docs/guides/batch-backup/wordpress-backup/images/wp_restored.png new file mode 100644 index 0000000000000000000000000000000000000000..9aa8daced0c0fca29f152ec597c0809f94fbbcef GIT binary patch literal 53156 zcmeFZcTiO8*Di?1qasRB36c*gAX&2Hb3i~qKtys^TnS_(QHK2czA!|$vye!rMv#dw43wG zk(t&VF~&MYNrFp*_>B7`)ei%n-Xg)LAR!|ye7*GUW8He$J&He7Jfy$B(T}?Q<4?&O z__r-3uYZ;yVEDltIb*tfzVO@O@n3)3v)?||;vDO?L-R87GVFD8$_{0zGGBrv;JwLS z>FVl==D+wJ&(@YIq~&|=zrV0|8e+Zi@7bySrzQV>bHLDZv3k7WAijTp^PGN={o?1p zeg5|a7j~F>waR?Rrf|gjL+j$lHz%J>|25^BRQ#2T6N!;uzdkl<{dDQ_)ykS0D?TbW zw?p{8`z!Z-Zf=!{1DP6@!Hwmf1bWYvl+iq$n##(@LPBNM6T5G((FK3_pn^F~P*Yd8 z^xd2BLbD{`{?^ux_a08JzCQc!r~DPr-rY?j=IK0^uZQZ6yF)>tp{~vp@Q{ryBqSt( z*Gvh{%ZAe-;^MMIH(INHS(Mk-dav}S_+KN|uXT6O*48#LF>!Hmk&$T~Oj8IVq!uu2 z4qjWctSb5S>NC&WwA-wW3pGwRA|hgtxOrkiYvSs~J;ibe3s+l>(y% z)g3P+r_Id=F72_9|m(y3Ac>CFIj778eALV57EW zq6(GC7}C;s#uVwTHSlA=Jh$M&)qWCE(9()|?wd0NBqSgcg`Aj_lh_3VgMt(&zJLFo zuAHo|t}fuYzXER}D-;A5{8iEk)F^X!~$E7UEiq zDc8Rzi2bxoO_!rsR0Bx#s+~WCgp`C8kHS6BP*5;4#yyBF+uG*4 z2x>`7w{*wx`oDX(vAKDEexB^H95+92Xp)gr?7BG_abNc8pMQ=|On7*B5Yh_o`{7QL zC#=i2A|oUB8gFm~ynj!1^C~rULb_rC5w(DI%SW;o>p}FsnFHpdxk88Gl4@$v`@8`1$y(#|vM#h0%7tZ zwOFgvqN1HDR8oR~4R~al%XwbKOuT^2B=}2SNKsMIP`YA?Z<9gU?(VL|PdpbBm zEOBNZA5CH4y;IUBF5B-B@wQl`H*}1&FCDY57Ur-Rsl`Q1cnk^j=7^wF0<8fn)N?$;pp@ z59ttco2kkojRJkgNRmcl9zrTUbM#Ez;K)#ha$mB9A6$Knhz7i+aLYs5($W(A>TDrg zqB9yoBa~XucB+z_mDO@2TP-XsOfqL{C{yp#+zC=c% zYxk6@oB)bQzU$SvIxbDZCq^R>h!#T@Ha3NS4{Bc1?gQK$E(_K=d=YQRkN??_(O3D| z9mjvkueki$GpiM*h-FF!Ra&oLBCEwAQ z5MFKi_K!am6_uf(;o90-x9MJ_vN+|fTLZ-=T@XpSVZ}Dca#~UM!U1#LGD|hUPc5y9 zqn!m+Rn;YG3Q6ztgE1i?p}{v9qL%Ry5j(BacHPMmv(+dv2sX3Dhe&vvUWAC5vGG%* zc5wH2VVAWpj0&)obl%(luyjt2kAI@#&-U0`_QGsLyf1Em4FeN?{`{HSs8#pq@^vDj z7`Do{lVw(JXGc3xQKZLXB0@r1)t{4+X2!=e$JPT$m?Bq)vsAV7$`um?c8kVFVR1g* z-aoqJF$T}VO zise4#VL=BGH}oi#;&I3rdBLQ9tm-!>7f0&;yyFJ+kQZgtG-oSEZGr+ijLa)co#ycz z`OM~R<$v&B!{QKoQgYq4kwu+Cxi&wqDJOfLEUf)dMJzN7)YK3#P$_iw_2P=GyXsrN zI3i8;74My%ic+!Qys<(MHvuHJwzhtJzm6m$nU#~oeX0k{KYjcd&ubP|d@NiYQ823K zHthoLbH3d~EQuf4vEOn5IxQ3sVinV_NJx^jl$4YtB!3-vAB<=Ol3exwC*E4r`^es- zcN4N|0>72|%a_KF?h?@oKk%_PsIZ+5zI8uE_t9KXpZIAmNuyzr=+STgL7s(8 zWQ8B@{16iSMUFpwsHCK{OT2jEj+rnk)85S0Dp~9_OZJJ0iNOG{pPrlu2ng6t6r13% z=V@taV1SEQ;5H2S^$Osze&pun2D|3w=exSO5#P8$ z4Y8A#mq%jw>)jPN@4cE9J3l`U=r}k&ewUP#&vxpuot@pPX30dY&nc$P>yVs`Oh{O` z+-}wvn9J7ImSiyG06Cu+cCBLLjxX2mFtw-d$fP=XP#xE}*k|p0=D_JFi)9b8~YdKze=sOj}!qL4)tEf9=XN898~rRtXb7|A=9c z^ZKYw|F?g3r}bV25z%T_*do4s`I3~hwYbO!5uGIFb@j@Xmey7XF4PQe(xxVJm9 z+y)?Qz_JV&$^{!ZJd7n0qzZ*B`&3>&8w}^(L+Z3Zudo@mK?bHuhBl)mC_Mr-kjU2iIRS& zgSr_92m$QWl8kESkBaQ@^ofdHD<0um&WvyFBbZ&i5448MokmH=vw0MfmBi~h^{0gn z>)8Fl-Rka=UNI5(PnD_0=UXLveuG|>9*UI;Yu5RB%81>t(AZz6Z&TDhu(afqYivl& z`1Y{pMK)D=MQO6H_IVplx&G{J$T}^oKQOxy;y0;{RWPg}qt`S2R<`3vA^G)_n%^$z zv*qESnJoEd174IS%si@A>kv$GRHUN5gf?|bx`#pF#|K1l`)Cj+|$IutKx zHRByL zHK{Gl`P_D){PO#^Vo1BMca8>zZ0fygS`;Fwc0cy{I(S^>B@Zdx8td&t4JxO&yXdMJ zel!Y-p*2EPBubQ=pWv$Zw=`o9PBX%IOJYY*qZucih}#y}uDo0w|20n>B&iCh z`C#*)L|`EnF@Pcmvx$uS@`dN$13;ElP;M^(U3WO6mZN^10Vvc~4O;x#wIJX-ZtJ5Q z_wE@2Fb>LkTkY02e}RglBjFIJ;o0g!)kBZVNoQx?76J!>gM)*U6?U^#PAH(v_zX}4 zkdl%vqS5r^Jh~Or%gY5A7=HEi*erL)4fan!tx!^2EH5uVS#GnA zMmKmJ+A1q6uSYzam?$xWBs`j?Kwz%NQ9MFVgGHi<|}}KvNJgpuT33#MBSD$Tm8! zjqmpZ;3^~_4Ddir&2d;T8yg$2w2^8Tt2+JU#6|S4ANA)Ct4@+yY$0R1wFa%^|WV~eI z?UmV{@^(rc#<$Yuc~eWH7xNU^Xr^*{!ooLoo$!Fj?|l{f~)yyjjK-&B^7J$AmV zwbFm7hUf;v#veXD$y6xr;$)IW&YyxuH*)G8^_U_`{7Jrx7d*|cBCbA8{~AIOI?8O;)2&IonfW2pDTl zAv|V$(efx$V`~aW=|*$n#J&e@?v8%}43&a7xF@c5#nasK}k0ZU+&pIFiBb6mP1e zE>b!=ECy*88y(F;onH{*P0)blqf&%g&FgTBBOo&;C*;Ei55V5Ejo8nhw?{M#I)%uty77su|jc z8jE*YEQ|`2Ue9?nY*U!b!5Wtc310Y$P zoSZ!gf_=TcoUE(_H*ZGu%`L92QQf*#^5 zJ;`u%ayr~Z#zsb}YHFJEQKfOQHO>p*{Yy(rgMTjH(7N!;AejPKi%qli9 zF)=1)`S)+YIua_X>;ZF5@9o`@ckgC#H{0Dbpv3R*|GmC$b^e>{ga)^ljMFr5adk}+ z^(a1b2|rkf-7<$nvC9?JZO(TUGT!_5OiWDmpnJ~D%mCGd{AW8`Uni4Vb*AABA!Xom zpa!bsdqV0Te@z2mgm4y=xyBVh5nlN)6p^Qpti{$*LynPHD7o#)wp6O%hM6Wce3b;xliSL_40&!a@cHrGJ3tzy#UwY_`}!B|RF3zm zRg{7iAicFaEbz#k+Z|Cpj6xT#%cKslYZm@3d~Am5MSuupE{4_8(P1kHu4zuFDJ*=B zT|7ToFKF276&W<~pkRz6b*G`FZ40G#>k~V~XIO(w)E&1sAHpS13julPmND`9Gl>N+ zD+NWY5<*xD^*KJCDzf82Kw(i4cS6q#_x16jRM8i)U%uR?r1Y3?zRu8`uU8|lppe!R zYO4g2l^w7@Ny$dQM-Z-(zJ9$+O$~BlpEg?6M+H`=S#114zkvAq_0^G_*n$E(Z|~au zTsu+=e@?4G_9+RFKj=wGqmq*JU%dDd6GMLY?n6R5Na5nb!onb@Oj^n7^Kft;t2fY4 z=sj86+~mk(c5`;N9?jJXrxU}jsC_1C06xArpdH8e`Y0ucPF_w<2qbIZL>CEQV`8Yt zs7;pM=Vj`E?lRj9Xg*{5UK|Vz43Kc|-@h*;|ykHt~1Yiuax^MPE@6_$tqKHXFAlgq`C2a%_-Xq0<)4qcJv$5H>nQ zW;t6bnQBu}ZT``R)O>>f8Z}#rb*}fZzi~RMKHHek6FctC;{GdSm(nv=?}TNX?;x{F zSjUNHs0vl(;kTR}|GswKDKF`2o-Vz@=cEhetl(F+CuvQP`b;jILCcQ9B3 zvct1__JGX1JpQ{k2e%Xf5pWkNFemTf4^cGv*4pzm1V&Fot>QxMD*RecRzCc zE(#LZad_{?MpJdRNz<^dBE7JPS*?rChH z!-5RR=pcBvQ+u8d{Dldut*wRoD=sNndhG$3Xt|pbKqLI4fw+c-hQ)ZfYKD?yd#NV7 z2I=Dq97#&52bNS_E$q>@0V}MosbOYjR*+NnECqo_GI(RdIw!SHFFKwy5rMF=wk9AT zu(YyTs@Pf`LTzsS<*`2?yF|a7CKqA>>lb$0Vy7Te)=Hw*)z=qy+nNF~-^A2Z-mbRG zyG2h|7b>x_0t1PVmfI8*6`lucP!Z}0_vlCd>rSN9$xP9w;bSIC6Ib{p1d*fGoJX!c zdag;K6*ZyZL1`%}_$f|eZgkh2)NFR*Y1IYo`5jF;2$KX=S4zJRIGc{XUBTq?52@DL}+1VLSfq?(UCt(D%8tihpR8m=1FJL)s#Z{PD}o zV#3VBqsqHi%?i#yw=78^F*Y{iG4VDds7#y9AMSv(2I*yRZ~~||vMguY)jWuA?#xI?Q1Anufu67wbF|)X-o{xh7fQA#u zB%P&D_rM|}1Rg~SoMdNaj+fgcRKAkp`QXfx0&xyr*H!a(OLOzXQ@sxW%K0FJ0T@Fk zAi7mF1PpY%ct=^e50&J_DK72{r8OvTgWlky6lP|q#zx7=4(C-3U8rFm+0E2WPENvw z(5q5P9eC;$&Q|^5#>|7U#WFm+-}Eg97|yLGJ1)Hjw&SGO&9j8HX+29`N5v&I$(#eP zgl#5fcDqbqxdIgCq=ukhw`gASxvuN?R@mj|VIBZfd&9+NCF*jey zR7w3Y6c6ZvUA4C|G@SoL$s0fdJJB$R_*@`ll31CfU1nJZ4H&PjD%nZ114%6Qbx>jU zf6oG7p|!e;%_*qe?Sy(Dt*;(f3>=_HqJdTL_KDsP$jr_@fo%FCNg3=7icoK&&>oWG z12_;u)WZ>4ZIZzd2HJL>)<#Bqpx?k+SY;@1M7TpgoQ9ejW7-NRTdQn@aBAZx9fG2HQAfO+E zVg}*Gtds~c*XQ>hX(gXPeLwLh76&rbbF|Zd*nfu4@B|hIlDRNwSRkMekB-ubxOPuZ zPkYX-Fz&Am+=ryf!mXn!(8XA5N4_5~1Ur8zK*Q-KtuAQ_p^MS^RiK^n_!HJ0pPnDb~Qx5VFZ&i?* z8UwChX#Qgce$&u828Oq|2zAQZg_vCQRUNwK_^TWUAds7zh=>S=WY?87cj%&mfC~*f zP(<_rsagz$9Oj?s>FL1@m1)~RYx;X?sz#o6bbS2U@^TCa1d)+^aY;%4HMV`FTl4XWofK$y)-oq6WBYb4aOR(Eq#-NzfVm)u!Sn<*5L;^wwPBau15 zyO1Vbh2sN^hQ>H#<^&#-&iR%Qu3P4J?%c_E7WYD3eR+8qazUDP{g$n9JelPF>JT%q zCg^H{DS>uG2xNd>u`!s|wLRAa{R3;UOYZHT832Gzp)9jP!!_kkixSdPUII6UB^Bs=j*Ej=FWe4h6t61RWIp5Q{oGNTA)IjCN-5 ztU+Ga)0^gMI0JGz3e6l)Y#%WVNf){SWR8-O5?UIX#>Pf?BPOnW1Q-+M z2Zn}*!s#XQzj6tKTSE2$Q5iVt$1q#w`Fg4Sf&k3AFr8N}gsUQiPLp3sM|YWENDWm#^MjnJmk>keE+rLEDASjWR-5 zO;2wVyyey{ZsT^6P?^1qg365~udSWk-7n>L##Wsnj{#$?wr>(}_?56&&;Y%Vvju2u zw#x8PQm5qNT8)e)R;|T&s+@+hQWKPDZKj7!SF1KH9#DxO3m5lfbOT5{iN|gTs@qs(`9#Rwa>Kx!H?Fi*Mn!793l2_3j7sPa=?+FVGg-UV8&<4E2e`k@-$bh7Q%mFVC4+~Q-*W>#1UoT0oE}BTVWC44QhxbjqoA2Mt zGl~EE#Q)8_*8hCLO7y>jTt7Kb&=ktiD7aA4WKy98+4Gg#2&iZjB46Fr6$8CeP;!gH zXhm3&Sb_gq1V?^K%G_R`L|;b-B}if50w8abbLwVpID4>@hZH;eKN9$NtgfOGq8O%I zAp9Ygp5tFk8^Ayalq_}n^mp!*fXr7iF$G;Dh{tg3bHE| z5K(V$Z|G=Tusj$9f)f5&!5AotUW@G!gLR;zdxN?UDHrCF;vPGESIQ7U|D$X5A4^oW z0GF+h^@9_@si&`9AR9ocfaD_LvAYO8)2+${B8GsPnwo@!1ZOS~wO|Ey=H~9$ zV-(oR$_3|l<3BTvQzuaCr9X> zmEvL^dV2aS&gpkKIe<awwl+`r*Un7(im9VpU zIu)>Uy0s;b>TUx5BtK}mjLAsIs&kUok7gPft&@mXz z*Mrvrz+e93j~|;M(Av{AFlYdQ4@~m&=TFET1Pn~iz7~RZ3xiBB8)38i$v(q&pm>$fv`zjUX?&AF_y0OX|1UF_|8orguU~Mo zR?Kcfc(KAa3DidadnOhP@xMoZ|Gzu}En5Kd+4fR#IcqQO>EDt(;&LA>(kXnII~5(Z zHzg<;{JAcffPr8ctGjznbc*qPi#z<(zy3o!16NnbDn8+3ZIB#?6L!;)e7PmhdOpil z)?wCNc2It4X3OZ5YHN#u{vLOFABP|N$YPJ%SpAFJo9PI1s5GW~s8}I47(}d3Kj}1umTW+OA{h3Zq zjvE8j9sajm{}F$YGq2Al;E5zxoRY!pRvr?ij1VyJFrQaojKfg({l(~MU&Oi!7&Wq2 zm6Uxm=|h(7M*Dptuqm%Aa4C-T%|^+4B0^(xR13=K?ljt**Y&Ow;{EJ-3)Ab*b0!xu zLh7g2j<;XIEHXhuFiY6vJ%c=jo}Sa+8QBKPd^q#se)C1omh$^AU;-}6PU-Vdu8jiy zz^mJmeB@DatX5@8L;~WryDB`?25umidaFUJQqTOc&X@D%ckfHm2GvyM0(Ve8WI9Br zemg&Wo`yL2I4Ts=;cB@Xo>fn3nzPT^e=|hRk<%+WtWB%4%3H?^4hT>3FUE|TEK+oz zR~3~Go@ULB(gu)FiPY(JrH@9R@V3NMUqyuY&kT)J=dYv>X!VQ?t~=+4eXmcMv$oK3 z_V%!r+*77=T$@=tB!YQ#nv1!7GPV=bkgiSIjY$Cw0eqD*F6ocObcZto#+`rV)#W)X z{HhICSKoN7UcIYvSmd*mM5c2)kVIHeHnOPN@l>U&+t0#!Uo!X`Iw@LsvHrYam+%x} zXNBCTySA8WTwgHD9L}I4aym*(Xr^#5W7{)RKU<{GbutuKWrr)kxMSjCzrWL{We+7r z)tBXRH*}|Gd6iT!KXxX{lu%8?&3(+iY*A&$X;n3E0{7)@RbLS1wn5I$9#eul9;kFR zSPgG*7vs@1GTS>nzy5k1MYiAc?AUU1XDBY*n<-%1@l;mcJFRx0^vZ>xdw~r5|{tNd{LB^YRDrLVMbP8cjm=pj2B&qQDgA@qFFf zj5Q~FJkcJjNWc)#Z?22pxED}3EWk&u@lYpE(~{b8_C)_{cfNm3HPKeKb^T3&9?|$Z z+_%wRqc2~o6!FSU+{F7CDg&uFGup>X0*QyN-mh&8Oo+0P9H#4odpSfK>sg=7kE^fG z6w(>yjk`Yi+9OPHZA_%*abOv#b3AH={UfE!Ka+f4Znmg0&vQJy&JfTlQ{d#LUarORwW3@+=Wq1p@?PUz z6Qs#dm9Vh$O%lmrMD3A3j9FhbOy|b?JFnEWTrrs*aom3PCCz~oo@ObH@5~M)IZ==i zXLurQ4I@IUVPRC%b$f3()vgV)x-n_3QA1x;alS5KgPEc|*2Oj~&uEtHVirsiACcf+ z`ga9G#gE@5WsZV}4izGx;X){hFJ)|(=bz_t z%}Q;jW3ayzO?{}PtPz9QI7sxKF!>v`Os`aIDH`6}BZm)98mJ2ZNTy!!CRWo~hHo7| zg6CUwdh7T6^E*6#sjaWQV$FXPjflNYMs?%UNRaY%2H3R+0rr&r+yMJoOif1}|os?e(9bi>nI$0R6U2xDOl*>!QpoUGgz_$ivJtO1!_ z?4LO+3DH};K8wep4ZM^&ef5VD3;}INzN7b>MswZX7F$>rTB>}xSAl(Z?J_(Jalyf+ zbW2@50R~GZUTWQ^P+a1d3=XkZ zO4Ty1krcfftL)-SI=9oR=WF@N67FzG^yoWNJPabbB#G~&ra1DJFM}>`bCQpE;xy|~ zoN7?*>+H-3*SoGOzqt;w#GU2quK*@6aZBOP_4ncq6C!&xNJn{$<~OQKb)D1@^ADs( zcO~>EG&OB078eeNADJNSIE!vX@vBNJ_7t%*1o((Zn7|WGf>i5ZYC+1n-g-q|h9`6H z4*1)OyVYDquCGep5F}urnKXEy3YgO~Q*AIAI39o6aDvZ}O`Jy2tz(v*S;WT|V>fP4 zYwTt7B4*Rh%!y;xo3lswz?|cpSubxq+BiQylGA{;ro3lUaPr4bj2RJ`P`^|`*q?-0W4Sv7f{=e?YjS*Qg!vR)lCJ?AxK??SyVqr?WgR&|~6 zs%zEOU_5~*1 zr9_6@$U7}g*6sgl5HEJHH|u3prf5K!Q6v$|>oZ#|ak_H_u(^aTf!S?fe1gww&)0&k z_?=Tj7>4!_%gAB^aRYS2Z#il3OIBRuh$McfQo?B~&wBbYy>iiw{g{HJYSjH4nOlYC z@wK((C+4PW{S{Aq{IiPH@l#xi?J&Io3b_MU@P5l&JRD{#95(&#GKDf**rdA4!|9j$ zd2Viw8#9wmoqr?W%TQ*leUT*GsRuXz_GOE#|RyKG=$FJb0omrH3Mc#bu zLg*D4L`j`g>^G*!dmBicc;I+>pxN&)W(xJw+C>YRMz5=Sf3J{^b}szFuTigeq`y+Y z{2m6UyVm?y)x4C1501|xZZJ@VboQw6OX4f&N%@RcNtdG%{chiv&S^0|IhRlEc=;lw zXaIRsEplMF&dohF+P8kF4iC*y#b*yb`#3o8K{SF&NiQql-Pz6&Pf<@8N^__GwJlBwLhrNE{YU+8pdUbsF&Rk6n(EIC2=l<_Q zRn@t|l`@>{3oix+))tn~W8Zyh1nN8krbjb^U@WYdjk9k$;!ZhwJTF(9n>>B>VC*3L zce3~og~E~&C+9-JyHjV{d^c|HqesgWl4qtxO6_ts4*Rw<8nB09A-bjZVZ|TWDx5UV z`fnYw=J++JG9R8ExwGWp*}q*s38JY~i>B;CacP#C?-ajlyk~-Jf#;T*(PDQS4u8v* zEFWwP9HgN#2q{JXp16*C0P1RSaW;H?`?lRau&^%BOuzsShg~JUnS8SHW81fah4`n$ zGiX}CVG+lDpVteOe}s;~J`6CQ&R+6akd?r+`)^$pT!H{NyIg2Xex$%o-W7{Gv^njq z@Y~**>iSenaEf6*vpS2a*{VN$DHBsnh_fy$bCD=O@_7$~!NNowc+@67`PB}Ws-n+O zL#~L^-lV<24&xUBm+|a#?)UtmQBe8A`6%-=*=tVG$fK%wli<8qq+Yq`$z)4Jx{g$`*ZGA5Vt@G3aLefU4M?hY(4Wuzls2%Pc5K=ouvf$c=K z)C3-65_fD`#rz@NOZ7_(0VEwPtHfd$I}BsT64q3KIh>^>G7UZ|+(KtE`qN5AuH<>Vd!?Yoe9A*m zAj!!n#)gMk*Zhpp^->cVPG{%ZU?;rFC9ou0Od- z^yJR7Wh6bhcU2`kLQ$RniYG4S+-_-)H|eFo-%A)=wOm0%yF{&Y3nR5*xi`=0UYC%{ z5ccx*&fB)viIwBFm#zBPawNY#OK)y!BbWARFrHA34iGi zvbDaic{skw$Va7&t{&0vx!6n0%(7q%&gFab*?78*qniy66)09FQrF|jW%BVSpXWe4W}V>b^QHD`+?IPy9J*+j@TIce7V(D5VGbvMSD*y0AN!#^ibhA3|x2 zBUhoKkTc@``6251$L-dRP`_L*3ctnkaI5^uskKweB6TE^K8xC6*clp|# z=(IhHvPmvfU$uEuw9Ack9@Nkwli1m(;$NL9&G(riSzHyS#=Yp(%g>7_3_MUR8Z$-t zH&3?3e3)FM1wq^>bGjzm^fRaIA2|9R!AGvVeqf9Vjd zj~6bw@1DgfWsNIZEXtjaWAkNiTuDm{BY&9-Q)EZWLI z6An7yV&PCN*UAC`^FqQbQ5Der9ba1<9jzwrOB*#JQEn@h8|n4UMLJ_Bnj%d{gEPCl zoYS^#YkKE2oL*T;q3;n@R~H*AbdE|QQ-A#?CnY5rOjnyldScLS35K0b{4jzJVQIEm ztr&DW+|&di5Tmi;tPKyp2;^zIqG$LWoAss}s~?6}ZCxcM@bhiGgF6PKob!(LxM~e! z*KV^Z(_R=_`Nv=4TuwG7&a&6mCMSi>n3)9yHQ-HL8S*4+oY%-ltCS12gb_*}XVEZP zdP@AjcD9IZ)qS^ParpZ@jErZ)i@=j8C{TC}4q(3X0CP|uiadZU2Q?Gc9om%;`hLYhIBvA z@YY7Ybr!l7#X8{U@&R@#>^N)&&TG_82{zv^1?4?7~P1k}BYZP

    8Yt95)$0zjo03X>I9I4g%LFc5qbZ{I%t%dm(;$;w>D#xtvdr-G2 z;>xxLm;qnch-vjp-QyYzLShZRVjyfuee!wT{E@*mLEbgSRmHzPs^^rIl|kaxP1e9r z3H#nN!Ax=a=~onGXKPPjkRlHt$00EWh(OIRv+eE@ zK#?C6s{vo|96V<1=zNyrTm^q1$87w*D$^9N>#)J~2eE~AevLVH-rsWdU;Q!zL2g`M ztF8l{F80A3k0p0wb$3EkHDBs#zO2Rl-Kb&UheD6d2cnWZUo}=XtfD-8;9>n9M8kH_ zQcj41d^CI>C3WYgB}h;Sh7~s$0PmG+{Wk7|D`NJn@;6S}o-qx@mr>*F2EIT%8SEni zK7Q={h%-ZTE`0Bt#CwyR@_s8uY4!ONQfeLcjV~drog63rz%( z0YQ0_lhql0dQ8F`UmtncKC}K~W=h`4X>WwuEtF%!54X@){z9u_3uY?AToUjhaqZz3PhXa6c(;DnxL@$t@*RH zHJO!v+Sy)4C`owlmqr}_T*%-oRy3I)xJjT>?-`PJe%Cg}rBp-CV&aUkVPMs{HYH7w zT3yl2u{l-j8JxY_rgch8dmq=*(cP(EvvU}+ke-odHg8k=tv;z7^;6|e&My>~PzkJ` zjfF$R2^$~Sv+Z*YxBQqR`S`(qsMi^Pei@R3!uBp4qvODx=@{Uy3* zq@jdg*{bK|uqzdWl!M}s;ay&n-aULPO)K2L0j~78$m+1 z7mjH$$oB{hyQ!8`8*^J*afg$^&e`%g!s*QP^q7SMYcnJTF>o?gwt~A77F%0Bve`LS z+X9??{QT3E9u2c^22x%}xPw))RxwRXSaiYAl!lRM^frgbm!WqO7+j0u2pcEApdgo4 z5x0m4g`K%YGqhPTXWgpZq4DvP4q+w!@2WWPDM)F=jhlb8Kg?efI-t2e`{mkAO1Is8 z#@*@<)&u6Hu$x45+(KgaZ`fI_`uQPT6M4`&_fR7wHaq*668hz%4e5+6X}mXKZ>`DS zU?O7M4*P!gukNc^Rk&=tE~0*P_tR32fI;QPC&5xxBcp}*1CcN~i6Fth0!Xq8G87Za zqQ16F%E91qYO5kzlWex~sM#gKbxuX;yU{#3r`}l6S+>H_wLce9VoZC!ehR8y?{-bm zaiddAF3F8FLaV8bgv1s!IF$G+blJ}Mx*uXyMLRprgZjdftAk~06#jmNPiL9cU_)=i zK`8q1xrg*pro)iW`5)WwU0K;#=@uTZ51G-|zLkDz-W)uj#9g%GF69L)RyE@+(5y?# zxjoqshFH=xRMb&ez=S#>bRSF+LLGMJ&RD$#DPx++0&|a?oMIcbCoAsF=Ln+=7p9IU z_$|$?#MJ!JKNOq~>+c7JCvBY(Cd;I9XqRKFovxw5Qbhh2mg4?xSUcQ>TK_h8XSUuA zeRj<_R>bpcDm9~E+gz6RZ1zJqopllsZrp9LYwT~)NtGqC=sk*p&7bb8F`Hf@{i)$3 zyGM)DHVctoE6~%I{TsI*hA{YV$lRn3kgWkDMFYI}A`2r=DSaN?z1jMn!>`uqJXp~F zg^Jcen|SX!^Tf$sdscv5hx>jT3}6I>B{rtAKP2s(nYP9py?%6ek0Nh1yW=wyL?JPG zeO+unso}X1My9l9j@m!Z1B@MslWQMvr8KAY=^KQd`H+W~!>sbj%FGD8iczlB@wNA& z?)x<1jw!jdhBM#!4-RNrF<$RrZ?kwQBFCB*Uc7!i5Jed>-kamMxjP5Y;$E5xs~km~ z3dMZ<6VI8W-Sm=qvdaCSIR@9;kuOYp^>Wn)ea0(FlJsm?~H(3Ga&yBbK5)n*9)F(ummE2<-Z9vcB{1h6PJU4u$gX zfi2+@J;r-HrX$({lo~)i?xLe_v?(fjE(|1@?d%e|2V1EOIGFVsv;h2pL+(!~u(8$TIzCZSni-6yF1qnX zDZ}pc9M9^<9<1RD8Sq}}ovV01iJR1_sPOQHzP&B)?EI*!&ezf2eSsJshGL;R&d%}7 z+9vmOLK8WudAOGLj((DZ2Fj~^XDXwcWc)P`y}J8PsCMBB|&##2^p zd516LkVu-Qx2CtgcXZ@Az9N17x*UyJkC^Yt$?q9jd3geNDeB(D_2D}@uw{E1Xw$y0 z?*yHdye03^8-&Pxau%+utbD*KycOMbZFebn@Wq$#Edw=G)fVcDNd1tWo<6c(?&g70 z((-6YxzEgnu#$a0(ZRNe$dNTwFMsc;Vau$l`(n~l-dI}N#8oLN<1jY1U>4>;jq-BS zMTEA@Dt^PD7j}ErY}=ge?CcC~y_ko`!{d0W8_x~5LPm4jc4+J)zx(gL1qnmW^|0w6 znVa;(McK8^!amq9vya2b?2u>3D7l4g^YG!(%*U}xiS?!SGtW#+q-#^!#=U+&Y-`E? zlOXUOj7B>!3Q4x36n^H3gvYSQH+`!0!ErM)hcA&}JP%$Jl@+P0sIwMiK2z?yiBG_o z{PN3}cx>;8(U*n0wU_X=jhq+#FTF8{yZE0Grgbz5kYR$KEzQmG35bXZh-6o;N<`qke&A-gNb?cK|vIb-?Sja0Y3V@skHJY~p_CDkuo zdh61_p;KmkiPr$Kz+<<$lMde44&F58K0Qq*I^w}AF8B;=3MCT1U_h!?#@CB-fD@M3n4}-L>hu?4X=nQ)pT;!0j*DFlLB*9lMS?3$V2cofyqVy!rWDbaHS-r3te&^G?>|ZTfp{daD}_ z4n=408sT@gt-LS=WH;qm=!KH0O)(1&{xo-_^A|H)iFHTqs?r^oQvS@BmMRV(D*DFQ z#{&HbP)!Pfy z|AW1^ev2~fx`wd;X%GpK?glBzk?!u6ZbrI6rCaGny1QGtyIWcqx|{d(e(&c`_?{oW z#{h8bv zmc0NoYKoJ`VsnSd(9zOWbGYB^h0_xm3T7xAeoXIej5f*60dHYKTGj1gd%4(7M#kFH z$qDu3y^gZ7w7>^)5|ZQnweXqF=a(<6msbRc*gXxE?CEB@Hi>^{JfdpPsBIUiGgKeU zii>I%6c+MOFsu(;G;MNNBMP)Wy8bmAo0*uaw7dB3#Gl^_9oj->DsuO z7!OK=-Bxu=_2$+kqtyw#92IwjCc95ua79K~n4^JW z1sJf&ol+_)yHfs*4cKbUyfp&i>({a=Ebd2#jEy{6u8S_r`fa_!3}D8WSNJ){pcT?U zTM0J`@*aj%IQd091k<6Hy!j2A+9su ztS_etX3ye3#)wT$PCK`{2XGjzy$(S--H{_Ef;dxDA!p_0UT!81ibtlCAHDm8xZHSW zzEkUDv#jJ@s%%#F_FO2E_8XoS)p9&8yIR0lq^3};3f2X1S z2lYT*QPXYsCT;nToda$umHczw$Y$(4i9k}D;V>;0Xh42GB9Te^XO<5is)EY~xet2D zspuAXVkv>{IvTx2tgcODFQ8_yMW8i>ZBSBOTv|m%L{ie=e(onUZFSA`eQt4c=2u4% zn0PX;ht_Z0*@Q3Y-NR^@_+QGE6D0q2kWv{jS#7BXn-Uy;^#LEM9UFiylA(C=x+lRx* ziTwt3&=hh>6HK9Rg2v?0FdyxJoJtw`IHupij3(tW2#ho|?t)32=H-oF_M%QHcu{%CKIpHr@JA8G4B$?bh}| zjxtxmyX5kSw5b#zVOK{NeK=Q4plBS!1nJ#J`jEMDHy3r)pI#R|7pXQzoQg_RZT7#?ScF!&>rby0rt`S~RQr!mP2D7$99 zeJ)8Zj?$hbb8z1tMzHba8sn~_mr#55)vG|CFHZo;#v~_?RtP`zx}9(4)E%iyJ4`B~ z38&=p)L#5v<~OUAZgwX1kP`(P;&m$I3^!J)`yYB@)c!DgbNM1Fc;Kg^9jLOiDT!J1 z!lO<;m5(TrjDkVNsnvazNIBkRaKL&?!4(Du2LJ>AszrC*hv1KX>&`jik?7hbc7*q2AvXQ(CL1hwmc#>eo>yxS-hDr zJTq14L$OCBD=Q0xq2LK!Z8}!CUNZoY;o1}Sr+ccu-aVVKhR$7@b(px-3 zVS6~S_Th@NNPE(}dOwAa&_=fT8{sRr1`c}MwecegO3FBNKV<4FG5h6_VKY7@DypNN70tDp zl9smL&Pa^U>+t(O7YR(Zek=TN0w*SEHVLzM>#sj^{m8&;w^CyqpZYxc>g)|K&oj8< z&p_mm`oW_ortkA8Z?{GBL)gy^#xxp!JN+sqR<6jc)1RKJb9Q$oh zT(GF3s!DuwHw4@kUdTnAky-7TlG5bhM_CbKu7J+_m1hq&*OG5>9hiEg@gTMoH-Cmc zJ8LhOTiV(lzHTe@`}%uqEi1JT+0m|`HSKcC>d))87%b$_2Ka?Af?KoqrEnpaoyb6nVp^FWaFr0 zVcUf+&Mpju85K&(g-&*+{QC9l`*$5@XQq`g-|ikS0s;5Jyt~laTr0!I%OPhaPa!NK z%i#2MpI^EVzJ;jR98D9}`7cOU9|aDJ3TZYn(n<;nEJnX&y^U2xxQt@lGXlA-QqrSC zeSK1+eFKBcLxaqHBmINmTj^12Xq=v&qNHBuYf^UOF*v>{EPtVXIdW;!#vk8W55wv6 z`l?_=R>!{{UGrnxefRs~ZKLWQv4O|=>XmU0l7NR7X7qSR)7Toxq@r`WKHW5$rvF{2qu=GoyiAoIC$;HIR%Rs@ zlmr}NB7CeEY+d;(djK_0rc%k-zb9u{`dO{ks*0a6BO=;oN%DaBRLB&d!keTONo6yxS{^{$3Y^ZkzVVDO3GHUGn=fAIR4$%%1dJt3xUBvWK;+#YX#_&uUx1S?J={ zK~B!-bn2Q+PtYI&GQO7u7&R-}yDZ1Htm=5n-J=7=bn{gT8{Nx(q6v?r-RmE#U(HAp zvjPmBH(Ika_LlT~W7L}Z=j?_cV*h}n)iSnTgAfgNNJ?>7aK+lfw6rIrjoaH1(%T=G zTzhD6H+cz6=sL^%f^*l?BhT_Ttab{zxd$h_#6$kJO}Vs&rInK%qVMVH`XQlwDaq-V zqb0~=S|)FIit^7i=oeG@o$8}g-wh8BlV)J@Iuo+jmOnj2Lb#c7;ouy((b9w9zRFEZ zk00^H6n-C6dci4RvDqvwKgNj1eShtd0+wuvUPXS1 z)Uph)z<`}I2?yDIU}Q}JrwHz?_@uPsWRuL#eadg>IOs2cn12-YNGNIBhf7q|k{mei zCI=G?EDM{+n@WqGTu!B-!Yy}o%uXLNC;|7K-tuMHcC7x_pEM0U9j z*ap27J=)uh`k2_%jgL-x8m`zYaB$ZKV26Lz1{uKrxS*Sj-Gjik073(UJ>bbgbx0R) zd@-;VVqYoRE;ajXY$1IHn7&=@t@ z5h7~^Wx_i9MG-HmB@@`+*-S6k5NdQEJAnKFaQp)5z(nW#Avh#>JtJL8N9R4d6SD9N z-E{e~qmSuz2WH`QHTq6Y!vGuAbBn`$Wg4$)+=Bbte|>!&SGFKi8C_T!p{A0LOJvgt zP?#CB4mv9Np!(S<_x`JamgeT~x*iP+*1|eELmfk1zdy}(&5cbgRY%q|fZCW3EWHu3 z9w2RS9+;L~)S~CU9l(FRMF2^!VlnE~WuLGot8kf;xr*28UyS*Djfu&wj-j|g56Q2% zsT#3H=o{<@lNk~c3OJyK#9BD^kKw~)eps!P^mKh~Pk+W|R+8~VU%4S8zY+G*RenPb zy!1Clok>YrJKE^S8*@M7cfQzT3c0zxdY?DuQuSjj2>2*aoi;3}d1Q|m+RYbLRSu%P zl;ZvOUi_7^fWijG3|6zeeIeKMt z-rB%Ge2=us>1;%JW&+n5!~k?!9lf8ty{>PXyc^?fAXcVzF79G#Dvs~Z|;B}xDN

    2XJs`GL`V%2j^7M{GUY#!O^manQ3W zX%7MKkm?^o5MeKp>C0!|n%V}ieUQ%pqdHnb@2zSi=!P=5YDa*QeIIzJ>>T1INio8oB;=JEr$ zEd2k>BjMDP3f=m`kSRV&&sI^Lv#oX{S2bz$WB?@@S%+(WmO#D7Iw=k|(pFFGBwL<* z2SKZqtu2tHM_02?1D`ojJ_iJ5_3xjj^LadMmk{)iaed=^dKwK1mEWxID^DB`bDvA3 zG_y9A$WZ8$uZWK%cH<<#z`osoH7~IN+@q5*A55<96o3vvox%Hi-xGM8$`2F7D*~LX zoL#_UIcVU!zPUj~JqOqvxJr5g-rAfcJy{G$p&u6pxS}q1{Pq(PmIK)DEJUF znwy!3v_DfaQ}ep5&mp)l`MBOmgiZ34GQBT5?5{7VrDLR=?i^(h6Vn=43hNX|tUD5* z!cP=LY;l7H1Zn^~toqi3?>0R;A?9>s`bA_d86)G{^dBN=!3T4-ttBcrq%n(WgGPTp z^MVx;KRUY^!_GIb9*#T@PNsqj%ia%1s)M+t8az)+yPYa@fv81*w`bC64Hj>Ev*W1j ze*E{9B=N8~`cd_{4BrBGnXbT(CyFw?wobccs(!bpVEDQDKcqMSZmwaDyH+;^1tFs2 z8@sF@y)bx2)Pj0(ydC$~(Oq7f2JN@c+kb8`+QY3D|34nSlBO*GJ(tC0^xbS<9m?>? z2!K{^ZiU;s7|1TzBO0u+O>ptOx{6qs^Gs#^Z`h78PAD|E}>Pl6vu{rY_D9UY~tj zS(^9;i3}%T6H*sPhJKO|6fDiIMv1Hp3J!<(^t&x5<+#2Odi6@wigW*WRw~d5RXbdz z%M9(Pbp(|DRiuraR>iJW%~50t zfG79+7q6g3cIU?{Yr+R7G(w0OdMzrCe8+dyn${y9i!S5BOz%!m;r`@%wOPR3uT$|v ztW+8i-)M*n3XYHcR5q1MuKxTe!@DQ|vXqNUEOrwk)0+8Q*5LbZwR3@+S&rC?igN!# z=omxj93G9J?uSp%n!Zmf&<5_tR^9I8*h6+jfXv5~Xv zM`NSAZ4_B<`{e@%$J7T2Tm{eD{VF>cG4+!`5aU{DNr`s3G2@L@xI2u#Z*Xm#GYp?2 zMN`gt@-}u_L-M2U%H!e!dN`Zi^JIaO|1bA zY;(Mr*?Sv$9B}kqxC8y(Ei5}3dQ8F#Vj|5tI-X=JJ?l%|FdLI9L{e`7v^qi1`QUXh z4rLPe3U@yQIMz1*Vw%nhN-B8VhKMkMbZZbN5|`KKcfXaAkx|iB7M7C}(-5gIF6QH< zW{y`*m88hwku_Iv)e96XDM)>-Qe z*T(G!E5{R6TI=+We|_|Vc-*cl;vk@>PmPZ!ZGMD@exhL#IN`J?;}go4c2>9!#-5&w zDF+g+&DVNXfDVaxBj&KQS%o~x5RI1?TAp2Pz1{qlK7M$1VhR*nl#!E6hPd#IXXh31 zJD&%+loD&VX8MCF2EfuZJKJg3x|ZhT(5gz%kkj8C@LrwaLVw`8i6IWB2;ifi#DKM5 zBS(Ud0?$QWkzk=rMdH`h_3<7QSiB86fb;g^w^^HT0{p$J@FFk~>Sa334p*dLO~6L3 ze7|?jmg(9;XXVAj8uRPB1{aUc8;UlS%@ld%nP4w51O?lX%^u$gECk=z?Sp{D;H+(( zTr`MY_3zY?`++E+e(#80{XQ_vWl@nfUIdx5Vt{l+_^w3tp#D!`G8+0 zY9RCIF5QknV*7C%7Wv>qI9FBTbOLHA4RrdXw|~deCb-WkG$LNT7KHn%HpjOP2Pd(= z+|s?=8G2t3RFIp?8Q`c%9_){7TBCQEld*yvTJ8K8b#@~?(lrb89vi(8F+VWkqhm=E z8E^@%hAn0$IuTqdMr_c~UPJD$@UJ5Eo``z=Upbh)=l4#NgE|bAXJi=)BibL8`n&w<_p91_^KN{VHVLrCezE#rioJx^@#ie zZXTYerrx~2M*_G59Yzm_ZHf80<*Iz{Rvr#KT==90COWDw9N||cfEz7vJwyqjN;#oB zWPa>Z+}4{80GeYO?8V7i0ir%w0u&@%6fbK*h={`8uo#>WbzstMkQC?&!3YV7(5|(A zL-eoWMdjy16utqDTHTR}wmK@i9ZnP?PZswmXH$=Uy6EbOE)z$O-Y&O?&h;q z?`Q~uWg-uI-<%)9++n@c6l>z;ADy;Ot9F=>cSipjnPe0ehG7hhG9RDc-2Pc}i0~Pw z5ceECj_~rVvqpd`e>TqmcVJ{-Tj{#C55k=rsJc>$g5Ha{9In_PVuogt|BuK4$e4~! zYG!7enE!E@N$c!-^I^9tvNR$N^pq$`i;Mf&|G@I02psIWyt141`)uqCl`p1)d&Az@ zPH7WIKDvvDie4Tr$apT>n8o!k4JD+fx9Li%OPEuzC3CQ`-r8J5fe1_O$4vV7OHG96 z4~22eiFtWN;jPRRRAp`MVAXK!+yMa!9bJft$y-Uuf~8{L&maV_xw(pvYU=dRLjl&i znv&A*tb+=lQBFW;Y&OvYX=|xw-NP~rq4+FZHVoC~R_m1m9i~i2ex0|H{kvYG6k8+6 z?-_$G488>;8oEB>r8*-JQgRiRcI0{Ry)%nY&e2e$iSfOA)a;STP~a@qt*|_(jSKu! zS?Tb|XO9$VpP8S}0{C}^xwS|r!1QBS$+tj7ZSO<8Vr60xAl`%q;vZXQz1efIQtt#D z6+A+h{QN}8{HW^osBOdBKLZ-V>+<~K41G_g!{K_Yl=$Qs11YKZ>D)8ETWKDTz4D|5 zNVjg&*$@_p2^=8&I1rzBH{(zNy~2r@ykD?tZ^kDNK<~+Fqfp*h84`B}tM#=G%F&p4 zb;8_rB+&}+zzO9{UK@#_ua-M=6CJ!aB7bq{B48C-Uq83I@!nLB+^^Z|0lMV*^;KPz zEkoD%c&A6f6wWJbo&q)p3_$${-)ivBM~ON#dKww{jm3o*m6SX(QgFJ|PNFwjqzHKD zUp!Ao^YMHE*Cz;sLrt%dmDBl~$G?5=T>7Oz(;In6%x{VJFG?T*YC7Ib+_=VIS1@lC z<0~iJ$a{c+wMq8r%(7Ab5#QwWz@YY67!587)ra)jEo_#32C=a!GZ_Q##Zpx$9Ltg3V`Iah(E4Z2zmz@TfV3*p_r=pd}`1qK`(DIl&dw!4>sQzR+rEIVQf z`OW!zHr6PLgp~C0zM`t}-Htn!U-_{)yze)RcdVYr4a$Lw$(J7^h@JM!yj)|Dh2iJD z>^;VB9COmcV`qES6;O=Iy?j(%vaIs>LTamPFJg}&YHO=k7=j_(GRvwDWVy@y&oO& z(DWO=G_&QIj{SaoTsaz&2|o#t19<0pwO!Y>I(9Uzb*?lIT;ph!?>Caj&*=DQuZw+7 zF4ak%&yCR=-<+AS_3KP`ZzjdHpn_9IpmY+y+ZUUsG#l%>yY(orAuHN0ms{;hOLm1U zEenZCM}c}|qCZ`xOpgu#@4F3`%2QLq$A4pIzB-8x_x0@w3nB5v*6)>r7WaZb!#V(p zJ{9HFf%x%u<*b^z_~6bNj5fMw4Rs%A%Rki3YgB)pNyc?)xTkrGfic%=a!>G%7W>*}TV6eJ{nK6+0j@3`pb65$iz{~2C&I!hEq z1O@(@UF{vff-IqjR&_fMq=3bI+^)MqRMr!2XMU8m`Kiepyr>)@WNJouk6B1r_#kqX zOEeG!P3jvYnWGNEwdM(KUhPa)9{R zb}p|fxMaVtmCplI-ot0mn+MDwIBk$m9g_KtLP+vZ`&l|Vrc9)_0}#Bms_a=;W}>pQ zyDsSS1e#jPi9d(d*$Dy@2#z4&E^hRE{9{w%cnuT`V{s9X0XR5BP;gY6t7N{?&gs+V ze1Q4C{{GRIuW_1ciXmiQ`N8W}1BH<9%RqJoVe)V1qnU2-yPZXJ5Fgy!dizHl#Hz5c zuquhi$_jQ@AN&GP@$v9aZyq~$u80JX(SkoWP5+3=-aNO6D2ij=^L!_npF=W#or(P0auylKBd-DNsDGAgRV(iv%W?a7G=Yq0Gc*o7zjLuL3=k7oauY6jI91#6QenKS8&M2)lZyy3^%6Zx}8)%cL9|g)C?rs4`xYFeA zdGk)B(xtSra=o1Nk}ZXbCk$_Cr2&2^OMwPx7bCz%KQLpOZ`a=p56D!Nhxk_@CWbE?Ph<-D?E*btGeQ zcNbqXQ4@3$a#Nk2zHnl9C)Z7odW(Yz`i3Z}D^G*a2V5y-rt{H||%UVrO@v*AfFFo2chbjhjrfOG_z9 zaVOwTnwv8#3zO<`0h8W0AOUh(c43xPsne^^{$qex0ABf*F*v5|2*^daulj1Zj{5&e z0R8vVWfUM(`tPF|;eYY#Kqck4h~EFX^w%`h|7MwjpBxi`_{V>L^Z&m7zXS3A{Wv`1 z16Sh9EKR%YKeMvcBNdWR6}9Use@51!a!>Lv7ERqtNg<#9A%Nq0vm4_3^YCFzeYVNS&N}rmZ41y|8Rta|+#WSa66lTty zej0PQxe3h4H8YsE))29FbE7n_YKsAXUKM}1KF*n)YnGR5!kEB@5B;|!V1RRh`yGAA z=c=nNpUmQ%(2~j_^f%OJPFsC6j~QaEQ3VIVK4)og^Ebe(03Y3ML=iKJMj|U-oSq_= z@j%p66{~C6za0kax8pvs_>J98pEYnVyAU-;NJ}u$m&N>y>skcYxi|dJU8luV7oUbm zSxLVkixowjU(|fVtt6!tS6b^n*tzJqF>;o@>9}qMA|gyomd5$K3+;L`D%st3%SFx2 zr&bCg_EKV+nxZdS6lG*Yq_foZt(0HzGu|r@#YDw99c;guk+5{dWUZM`{f?{wKbenuX!P|*Wqj>?*vHCI=w8oo<3 zbW9hgs8Vvnpo>;)3`P|@*E_!QvY;Rq@AsfE)!}pCgnzxlFmj*UXe|sOW0j2M=nE&k zH27>sD$tlW zh7}m??OBM+>)dVbj>_rzto1fV<=$6bnoO7-@!(cIWVn2 zaKZbTfi01KxvP`xLAMn;Y|q@QLmRJQq7pZ`jkUxsFSO;myG8G=s)`E> zgTv(d`UaNEO~2&_u?W%deRw=MyZSH@RqHj3j3mwH_52Ju1b5`Y%=vIx92ylhDI0zP z+DX2Np3rM_otm8tK-mk#$ebi7TlP%SS1>j;Bq3$O!F=m;FcZBMYWm~Js4@BrZ+x%M zDH6+JNm1sIYM~4nB_nLaSDjtUH=r>jx6#sD@MoUE!E5^Vu{l1Y&2MX4OQ8qW~Z1pya_19m2AY7fvS9+e(GIyE{3g)gu(zxhg zkR>+)s{|_138$FZ`7Up)Tm%Kb6}%CzZ2nGNP)LJy(P%1TQ(+kQTgFz@uRsTF1`{iK z(h9ccR5PtSQ3*y0mB2cb_@rujYNo~MqOz8qm5a6B>4}n!2!}{pRh6yNqPWJNRml8T z>P5dpU9+ceLO->(UaKHTo4Tl+ul%6&kJujuDrazvAfWyg&f{uzIK#ok)orpQVjcf; z;xK#MSKpQG_`<8Cc)u9{%hs9PNvcRO#PIi=e>$e`z)Sfa*Z|thM?u6}aNHchV;#ZV z%E<0=V!4jE+5PkjR|A;#-cd-gHb)&Bzo64awfN`?V0Uwn^MFmo5^Vd*5`UF8s^1Wu zP76*82-^Q0#llP)M#^1WjNGgexftY-aQRDQ#OS!FP5bv{j1x*&UAQ2U0>q?dgzYr6 zj1cGB06S>QD+j8FyXSrpsjZ|;Og!eF^tmFLO}1h~kSZfK0xYZwF-t_dbBG0Qb8}5t zF_d6AeC}PJoH*XTD=}Do8o@-^U-A$F8-4eA-a_N;?2!P$U#sB+o&cc?ux=(kR00iB z4ZHhWoY(|B7}wY?bj9n?$|N(R^c@cV)n)^%*kXfm*yGKS!`?mPyKuSe@8DXchphz` zn!{nHswUm6Tn53atMr?2}_o&bgf%pn5<-Exxy z>gaHKSeVo&L|JFYdd~+%5fwfwPLKU_Q~`ljMi}m!Rk2>G6`%bNUITcUTp(j{c6ynb zy6lsVjN|(CTE-e^rrIx#W?h<}&ttz{SQ6fiEsn76U$*LfiXJjo;nomVZ49RUAzI&2 z$55A0R!z+Q_){{N+LKi!+f^Tb3=l+JXt?Ua3ltPaxVn2R`}F+&9(hNO^TU*^6?cP{ zj?mCdPsf}>{I!~#nwF4GF#t;!2{Y~mGzA58ZweTMg6cPe)N^vo)YWHED(VbI5{cP= z$-5fssO)pS@M84)Q4;PSUPC)hK|}MaFf&G9VQK7Bo|1p2(VJHOXX2SHEhAfc%&ZdQ^~YW9Ihd+-9=)ZrOD!$ny;OWl6}S{u0w z{KHhu;vxw=UV90^A}@JeCu#7itLf3oq%3 ztR#mtO-!o|V@IZQp2q<+N=Vde4Ueo|8O0-omwtD~8XjhCT5e^c+uYN2{eWHOA* zWzDV^&wRh#Y9%8gA;AZV>f3o&+V_X)6-rI!g}L3Hz7R6MjbZJoviM@|DEz`}DW4P@ ziSkidG1Sob{ZPQ>S^yUnllT9`Sn*%`U(>=sjJvxkToyUIPEjRre9 zRI-i$F=mBqWT+CSpri$qb_IDw?e>TS8n$s!Nx`l1+I=I#;*5D<3D77N2+hymAd-R& z4xXmU;2~xjky6YaO9z70_V&nA?z9z`Cgv8GA<_~fBaDB>t!GNpO_Y_Rlx8H(ZI6Svqo2KHAJr&x-nM#^`X1cn z=9r21Qt34)Qjw6b%(X)0Yz56-_mi*g9n5%YVSQJJ0s{KqQO|2`HIlMTOxy1MsOl;Y z>I4s8=4KZb2kE9$)FH2Xfnv3Rci%?o0YuyQYgtsL&%fF^nLY=dsjo}xWNC7il`-LQ zKjk^I;@2I1y%B(^ubp%yH`pg9A;ZDNA%ZB{OBsx)9FF3YfWQXye5G1E%6f9}Ae9!W z!Oc@ruAhaC_4@BkO=()K{jQARQgK<$Zoyfd&a#&pL*hI@BQ)%w;C~FaCJ!Z}vY?)t zretew?cs@ox(VeCZ3H=f*f!S@-{1f}rVzjuw~a~QfMf7sBk&ic1R58xQm|s7VJJ>- zu#|&6FG`ByQ;N?EO{#+ZWW}WRd;_6EhIDM*_IQ@PTBv^!e#S)^r;^E$vGd`e*N`%i z=45=cHLwiA_`t@Bh!PPNCijOb`QrR__9Q_(!xyp;>%`=DdiA$o6IY@o7#ebmVwQ0xQ7_NBOpiz6^(axptEs>TU)W<=~ z@w2poVF(Rj@_nyQFqhROwDSA&cw;4L!Oi-p11x~8ZI9YFtRt{u2H$Ohjnr*1k*|zv z3-P)!I2dRs=H~!sPOHA~g%iiW`;xl_YqULMykJ*TgG)-(BsPd8*4T@ox2~|DK)1~@ zEjznj7c$r;uggrsFyG=8>sOB_M8n(`^f!#;i-WP7TTYpNP(#7m{_X}X_5en}@URDS zt0yWUUpX@?$?A;k>m~sQd*p>iU0@vLzgnlhe-`*ZS^$9Fi&RvxDdkZ`Q zQ+xm25S{tyEdB_y2z7Yay{X>4yNeQx94Hb2z}N-MYQ%X=NlYus)lvlULP=2wQFV3- zD4n7wflxo8Dq_nxhhs`bX|ihfTx?rPH+NzJiR>;URKBzefRNgaP_&h zot>g-i#gcECY1i)JJxX!Dkh~xX&K4ymJyh3-Q z^4Q*6SoFU(3J~x)I9%Hubyvlp9A+GHXM1u{!x011yoxnhpMw3n>!idu8&sw5#uNg4 zhLTc>m=y_@ir){QDjTO4|Fhkf9fJbzJKj5yow1f4ZE0eVk`MzDqGuNs0$tzKa#6}? z*8vLQ&)e$_Y_QM$VyYQxN7HXdh6ksYd*70>D*k+YU=T++09EHhF-~u= z_RlC2F0PZ3e0pI3l51$Wis|w*K58Qg(NOHCS1f@RZGH-3rcAw3%^Wo~a~P%B*?3&@ z`!abIP>8D+YS{6^J35lzP*ZCb?|p@+3SQf0?>kyD9)rKXydUoDc!l)z<(u5DL>2Ak z@8{nnPMU)*!5BiS(;UFu43UFQ+?140nmBSnK~k<4m(dY%@2cL%17`RH{?7zzAf7?A)=N? zNJ3oNX7d;a#@OA>8~gR*WmgZ-Q2~=veA4&#C0R1Cn#04xL#{@XZ4i1oRgec8aKk7R zlsJe9d8*Z;p`>JW$u$yw!B1UB@_~nxdp2|p8kF_eyShWK&^F?0HW*SEx=6%i^ghG^$N(POcmKlz`7GNa)pUH?59 zhsp9xQFZfkQi_>Ebs>3mawbx4GCJ?iPd=CRR7;IlA9$&K&ThMx+En97E)DGQO!JDC z4ZUib?;#r%OGX||e*@kk0Gf^RKMX=xqx-^qs0+B{fD}^k3x;CDjcCAsjOsNDPZ@M1 zb4yANiXci#guGe3S;)%BI44tvrX{68~lL!pp>>Hcz?3x$6G0C~6 z@jUPGsZztoFX-sN^7~O4B?PoM_LfwN{2b);xTGR^Tx5PgPvTKPLk3hCA{auNnr>>_ zVu%?43`|ra(MrBvhm9T20pMIn7t(_21pX$fOn`=g?qGISM@tG+)et)ZW+@V<7}*RlC?U9XJ-Pft!jA8+FwY!%gMkkJLCIHs4O z7!wN0!O{}_{fs2=oWQqrI713%1N0~eC|6dV1v{vy%S+4kljx}`Ywv8}W@cu8wph{D zmX?*SQr9rn5j3E^O?xrfI{LIZVRi(U&fJb;8W2qlA`&*{mX?iof1NDdXTV{p;Y4P` z$YE#4`t&Qv+iN(O0am3BClsWi9)=+$)$e+|nfkqXDC(8m++~R=75ve1bDJkBc_Hf# zE_QDhrB!~BgctMG135}{6`+0uJWkNYUxOxR90vO=mwHYCPESeFR8q?AviQ#9>{aX3WPSp2xBs^PXT_iZ z&k{JCU~K0XYw(B+fVug~{Ad8x<=0*Ds9YYY=C~U51~3NfD7l7TLe+| zv0ZR#bu34+d0YWv zT|iY=dHAs-w6M?;7;A8-Xi~c=(O|O~`2x47zaSCbU5l#a;=>1rvK3EjQ$w(AmGu<6 z`RwODFZy+{@9>V=*f8Lsh)K8t+$3UR!XYG~pz!;XK1|zi0eAq@9<*R$S@ZNmLJ)xi z<%5bi$V?LzgB|%4w=njJi(`iT(bA1OF=lEASSah_;g51oVu-H-#hQFhL3%}&QUUOe zO?wD?QNee2aS39Mxu2~{02l+x-1r!50EE0BF5h6r{QUWk!~#unuUUnOARa!K6T0Lt zQonaZRfk!V3+sCEGx{m$d9N)8mH}Dz)|N4!fR9P5!IO8KREWLv14Czr5r7n?raNHU zbahcF(U{-=%^2$ReyMA7aZ^R@b$@@6Zh^Zy51hk`i)u4w$W)DtiGP6#;2?XCauybf zB4aINbUv^$6OvNUlbb-z9=ahzH;2f&j2BDy9r+2+o)#x<=s6`F8K2d{H7~lJZqtp3 zu&$_<)CcCa^89)kIW_l%nDGPmA|_I5dj8)tdsd%aZM<3{;@m|=RljIdXZzLHPzEj- z&0Ww^QFUB8e``YlZX?}4gTqJ8!6=;|MJZ|W`qFuZD7`H=$07e=a1(|rh#uB^6g>2gmj4}>rSWm>YpF^rtreTvL;hQ--d=2#lrD4baj*C z(w3*DjBN~-W(Urr)qi_%9RW&&Iq~TH@BAIt5kJ6oxgUA3*$ z>ydQ+-HRr9OvTryl@q|9yg43^*LX(HOkL&JULBeKz~|))G86#P#El@58v4b_#;U>Y z5|Rh~l_yUkB%!S9v>En#Nu6LXk<17S4<#Tm_!$lt7svfOJRjmH z&g8hCz8D}E4h<>TFg%ig-!C$fnT$^0QF{+iR5MiP52~@T(~p9fL%$l6kQ5^a29_kg zrms#?v#^r^q-@;x%NtGjAjru6EF_5g0FWs|xMY67uZhLp0xFX@#K576SgEGW{3dtE>CMs`@*2qC8V)z!wI zzr+N_xB1oo4a#r^)J5g{M`nJ)@EZCZw;OoMJX2r>BqT%739Na$Rsy)|haa?^UiaE{ zX6I1)3TG)PRrwVN<@UfEiKAKS>XmZLz#O_1nrdxv;oyG1q2Vyub^W){vQs_e|C$$+ zX`CLxN7^*(-BWPz!^(WMj{`1|L&H2ymz+*tA{-*0IVMEv_kqPCphgv86lib;d15Q& zfzZ;I0j7w1<@bm_bt!;6b`CwfS^4!b^FAQUS}wIs)aut$tBL4fmUq(NEHU7TD-Nx0 zSH+A$lo;UjSZOoo&n>`b`KphwBLLzc*BmB0n*c%~_=`wNg=lM6mYFWqz@zUk&dpt) zoXuYQ#jFH00?D!YoS^kG z0Otz0LVjzu*jjU|hpKKXGm&1Z+gE;oY?Vv=7?r;`g&Kgq3$?Yx!@&NTk_1HOGFHDr z5tYHr%V-a0Zz*<(oct)qJMEbI_dZ{pa!lxUbQHS)-a!9T{hb*E$v=~XnYVj9V+Y%j zk+CR0Z+xN9?J_;PsHD~NB#gLv3E=(TJ}Cd~Mgwl@x5sA}Yw-C$kN?$p;s0iA@_*r4 z$4{4sysbS|ksH^{-1DI%WEDczhDUEbVwD_!F{)}6IcxLK8og6?(haI)%LM&>ifYc`AJzS{gYz$TO#$oq<>E!{#ODn@dQi zYNgXClnSm=?X@<Vnsk{b)W+Mft#@)NWs}`O2Ew)$t1_msL{$|9|#VLy$1HrB1WL)agz13vqP1Sd~ z{RYp=#);6W(eT>O!F6^@>dVN>%5v

    5r^>pBRdYQZTJ# zcGt~c3q5W8=N>>&G(2><;N|sX25#0t`9g~9p>e6 z^6H#l-kE%@jN*H>&pTJ>b+v%1bvJ!pw*2b?+V*5)j<3_`d2!$pu*0lVs|kxo5tT-p z@+f*5E38T4Fkfgd%k>Gw^+-YD%Zk8|l#%f?8~dBMI*c9}RIE{B*IgJ6T}HzE8Pu1* zmL))YG+Qnep6ku=kT;wFI)7(EHgCg|%dYTMs`LimIccjEj62?Um5CbP4!J=uh^fd@ zo7yxhEH|8dtXbSKF@MHFp0<^1uL9&VAaeT(_`VIp9&;o>~<{B0@vcSu8BU zR6khW#?$HNIb5wEpb>F6vUx81aN5{B8AgKJ=+_^~*QhxWPnY8in+**KIefVEP&ONS z^RsT1P!U`Ux2dH7y4;L^Kk{pQ>*3w)^f|L~!3wXh*lII=F;w=}UThc1DP`GP@9@%cRo4UUzR5%!jD&X0Q7JLY z*&?y!G*q=tQTyTP5gZl)MzTH)KYuFfd-E4L`_8;-8Q`*Ap(XIpe3kN%l5F^afPhZB z?!a|F3a=tWK`kRuhw)4OL1LJ~2qtxmhjpkFlnlHc% z2j@m$f%7#-E)B`v-ah5yW2Zl4NJd8L-Sx`d)nQ<$MDomVYtnh}NuPF|P-DwNokQNG z_$5@p$=d9QOKCzk(4Fn>U?!@%~|zZ>*ZFDyWCYdg#BB~Q|b*WxkLe&#{+5E zxhH5Zx;3^U`z)}Q>CR%Le^QX_gZ=gISv@yNkw=ZD^PzrzW~al?_jF_vXVaxw;%GRS z%*>-(p*x3*|EIn0jA}aF`o(dS84Da_02KiZ3eu%_a1>AhK|p#_I-x`8RgvDLcTkZU zI)ok~(z}$<3BC80Kp@F|GVeKe-E}|SweGjW7bPM8JZ1O&+k2nk${*|%>zvq(Yhx5u zROn*?77lb+wLB|Az>^1MU2WGU(OZpgAZER(*RvnAj@!-Etb9_H{a0*EXSA4$ z^B_YueA*neZsyfJoh?|nEN`|zEeIBVv{t4hzr2e)@1J%Sm`G`jT{sH7Cb(a~z(UkdT25lb6G+pEwVFGs+JfzyrayH%mjZ z$9yGmdztqp7*&{Mg;ramx538riMsGI$_z2W3BwZA&MfTsM^ZRl4-)O4LKOYO0yRUR zjM0MYd1Cv@nolp5;`2WS-yn6>*#ML=^kr8jA1dqQJezdm&IE47KJ!Kim$pMSbm;hW z!HyDlA!xE5z?au|;W}#^*Uf+*iPM}l+L}HH5@Cry^iononV8i}h%@=El*g&8(5v z;jQ*?&%vxS^PtY&b}&u7#{L4`j}~TQvzYiyoE9b2_{|E?Y@og8Wz%c!M*l`}e-8-0 z^0%5O#o0zT=o^$9=yQA(yGPi6Z(z|V$|U8(&Bj(^y@bbyIN&xW8xsAe9^C02{$T7c zju{zwE|-yUZ)>d32|LrClA`1KMnS|5l%v)(a7{hD2} zdc)hi+1c4aWgY|}k+bYesJIyq!}j9I>mLIh{0S>{K4&v>ZN0rNn+XRkEwz^YM(?C- zv3-29%z{2W%T6a-Xo1o#I_`NQZjUQXq%`~U=W=L&L$c9^M!nYv9h^CLtnb)w37y1~ zw&{;`7zSYZzq9-L{p#)XMfZM{Y7)Erx&#A;MbwwT?$EWx)(`|Epgn%5cNZ}ZfV z-NyYsNK0I)p~PKktBEfIjReeSSqs)->Zu%PX#8I4$9)M2i|zb)a7_GW?~Dl^xQjC* ztGONz*8~3xDpdOUQvFdfnbrN`4CETz{8}cv4-USnHpyB%1KRs4^*UTcnR9zVtx?O> zVGj~@chs;R@HdTw8Z{MUn9% za4VItcfG5xZ^(i%nPKh8thz-u!fCIU$o@qzT2h_lZuT&Q;E6fSFt?XYU>^S`g=F-O1~d|>zWZu-=D>u zgQ%*ar6CxaRUWU%0ZaL^Ug_QGO#x@zwo45l1mp-RlT6D$2kQV(#_^=*Y_RE%o`mnPeO#lt~bo%?r6IT3|=}9fx^KRtMrJAsiNA(d?C54E@yGA zQF;Hx`55AG>~%I;!L%fMr({G|HAM(v-ng6EznYpmx2>IDmDI^d#nnjKq+HjpKW%`R zn42g1Qt;q19;fo^)t_R1igpp9U1qI_68_e^C zvkJWL{$S&;Z(ODlHH9dG-@LwFR)Ze=Wlxl7CtL$PLuyR=r(|IgvyBAi9e768BV&7&his3+LXpVK&z+D55qefy!iPH_ru)*AyBX)W4L{-I3EsD!F?FSW9wqPkLQ zRZWcmrX>Gwf&`?}uN9@LAVq)6*|O#53O>7}xY+Atoh_!!w7RD9R&2swf{n!6BgXvG zHLfl+*0aOLa?!W#{yv^>X$_#whmIFz@nxqMjw5Pr(Ns0wtr0 z+n8OWd>iW3bDCEoXDnfdK_d1#U_kK!PL|Z&oly6P+dsrkPgv>oYr`rmHRAn4V;NCE zIJzV3Td)S4f{)oLDabFiVWn2L*itcg@yih z6Wgn+Q(uhiXoegDE~fVwpFP`M$MFm7fT=bSNyT1;E+N2m4Sm^5|5_h$oGt84Os!&& zd&tl4bh@s(v_#7mO?so;T$-#+Lo-?J*;%6h0B_23fSLC*GRk7{JFX|1Vd`nI#FRh5 z?*J615t4R1xi)uE;g{pr`weg-9ej+}r~&j-_<)a!*xug0M#t@Vx_%%CN>rMid4O4= zAdCW}`^tDgjLE~TwS&iIT)Kgy!fd6tKNw(FKp=qnE`9++2)R2}HgX=NE%)8aRhB08 zV23(ig>q-g_p8JO7oMbOME*rZ3u z^N?dc-ER};rtE(F<`zE=GywBvp&U1WI~Uoxu37vBOn39kzdYz8y7t01*9*Z3IXp`i ztl67s1TH4n2*3e!OFM{@)d*D- z?%OxhflSnd!;h}OkZ4_xFQI*>7ACpjEBKqYCzqn!%jW7%6b6&!zfZ$`F9!}3K9^Ux z$)eNnwp(p z0u3v0!7)+c;mi`>{X^VJR(((frpZQIB%=F%qp$pO{DE;P!Oqvhcz2FuYgF!-8tQ|3 zS3%T*)3U2hSCKx4-e4hEJMPE(em|xsR)2dPqW$r?eecrwoJVr;rdqX0{AwnzL7kLq zkEK7U;u*?CJ;EX?1c@7nW$n~Q_W zNE1ap2f^1Vpec-`b%{dn-xIa1$Ybc8Tc~Au(GD*qZI?U2CN!s?W;wA76@#$E5I_Hm z%PLJ1J7Az8u80+2ApUUs@K2Q4irVGBVP_C+fBN6>J2yG&@c;cBRNIFFo+6G@!oYyS z@_zxU4VZBky8ooA3;OK}1qC;mp6}zBZvJ6A`Xx_~jwYUmg5sSxIYm;>E%xx(&%wWEtcV>M%|9Lo>PXlJ0mM1n8=>##$-T&u{LifvEBZ8rta>_N}iCFSP z#;z+LEP3f22iLOZUW2bDKNxtd6rZnScV&|%sZ`nYz#gXm*~3RYVNOeW-PhIR)i{MP zlW#Ks`viYQ`O)6HXfg_gE;HWrQ)AxA@d9+I9T(kn`>)8IYNgNs* z`c@3|8h&O;08L_4LKNG5>6_R^BnT;tt*f2PVrv*=?Ao~@i*)kKzN{bn=*FdiS;a7= zaxUEoq<78*)7EXOA*E<9$FBs-xCCxUyCt<_sfL!Z?D%QxXxqc3*sF9@DuPX_@)g#; zhIh5cNE!Fe<}sCa{L`wBFk$6xt}ttZiZ^p2HAcG~OYy8GdpxuB$fdXHI^TJ-t28nz zuguxLH}27x(==-D8S5z3Y4PD3W6KL-j`RX zb16(G9|&Y9$k*E$>qt&-4Q}SdMGcI#_SYMo{f11NOx%Adc$Xrei99L(S5e&;M)zb} zo?|yg#DUI4lm9Lc#>C^c|ASL(GOBG?QUj*QQc)=|np2xO`a+i`Z0g>-msM`L(vSFc z<>H>P#+fb_XENDIAKi%-C_izob*mPYs&;exMf!Z(nS}pQANF7YAJUD>VI@iZgfKNM6BC>=trIu7blse4MY0Z*!8K$7;tc`}RF%a3kx* zvhhDnuTlH8cm#y%OioWE^O_jEs&nNNmQh>Vw9@G6uPeP#HGHQ8T{*NdlkxBYKmS9i zMcidI($&8Rd1Wp;0;<4E`z%TpT6f*thv>&U5_ftTG#MckAp=`EwjajR{_+8X(gF>a zJ929CFYY3bV5ep0GmWAGk&zf@13B1PMjR_ko2_gj-cOrLpOJ|CrTurP*{G%ksfcINlE2p_iT+%#aiIk9VAwe(PXl%BY3n;0n44=TNcy^!d2QDSc zw{4A#XF!u^G7*_E`QxX|12?&*5;@}>B@N^j`DVO47K=jvI$PH4+{|s8nkuae!7YoH zWNrg;&k?2k?yE>cQ&H(`qx)J;ed$*Gt~}h3wa_W7CA%bH`L9|L;hCw?H`DaxC%p57 z_Vlr6w{G{G9QP|lz!c3A272}>{2nJ=Etjqsad@ZvEPXWVrNJ*(8m9xCATRw{xpyk6 zDf`cT8s)G^bwMpmdOvNcTKCKwUg&2E4(;pJUv!}zglry?A-xtMGVz97D%&xohwnTqlapUWv@}rj%KyP z>{X&Q6~kX%Oh(QDSkmCXxT1g^Y;NbEZFa1recs=U@(Hnt=TsCGU;Gd{krL?xxkcD> zqH(fUC-Zi$Ct`w?!PMn$U;xGH(F zGb-2-zi6-SX9vvoNm-8va>d9FDkW&!=fUuJ8gdpT!RfnP^9pAH3Q$*pSrO3GK7~;z zE&-(p;;Uc3rrbMuBPTEuTJUSS#1xwqChMbI!7o?yBX2Z_6N{sh}4zb0Y6(@R(4=$Q5}-@rL39l+-cCG&G&zkFumPiGK3JO2(ePUKj222@@VGY|lG( zeF!${ItjiUsxd80qZm^*w+{kI_Xzt78#a)|Hx+eLmnr6Tml|{_o-&)}xIA9tfxLGi z`FY^=6m2g81C-p?9R8x|RJ>!x2}I7`px37R1Cdn>;zOvEm>b7&BPuS3C6A3w-cHQN zVG>*S!^SOUZ}l$XOfAh7s2|b`(i1P$cRhg~guzKuq5l{A>!0PWS+l;%n0>*#tmO>4=0 zbI%CB-jwGiFZb{;I|m$KMAX1mRaQ@Qr*7hHAJW(h@FBJdkGgsxPZ%XA5o`VEkt-gM~%eVB+B`5rfmk<&K9Ve_z z@A1vq7c}Cvo%Y7w$lVIu+j0-*l*o;F&nChlbZC+v1|$T(_ebuTYhoTh6>UP;lgquL zx4)q@i*c6HrPOKZF!l?4qf1sKn7w*9)T>1mdg%15x>O!lT##LZm_**!<<=UhU#n-2X>Y`v8N;8dAzfK28SdYr<#l= z#9a@$%UkB_xVagG&3^UF#928bR7XOeTWQ&+%Q*S(NLMOn2$0kaMo6 zBb1J|e=Kwq)hXWw_&C?^O6voWpd)d7qL0U>-stKQecmL{BpuWmCQHY%6N&r#x&n*D zVY{KmK)|D}yj0O>MY`?TpI?XLAGNu)UpwPw^z`o@ThGjo|M?AemI*{5$G*k&a{;4Z z{%bKGb{uY;5nG0oD$WNbL_H1%zg64@(bFhZUPL*JRxq=W!S+uFw;|9R-hFH+y1q> zMt2m&wMCrR_sageBk{P@_}XKgABH8rQ8@qkPl!i%b^cvh(y&vxs4VE)WkF@G=%MR$#eY1;?+#K*^jxBWCZnI@1e`}+XI5)`3rKihmh zoXZ6k46+Cift3g+kh}GDR;H4B(Rpz;-mxQzWtR2CV|RX~Oi*6Aw#)~z(^bL7$tpYP zqBdqWHgM*6IuP>3VzCDY2hb({Dy7&<6ygc_BsBmvo&q`h!8B=q^x)R+EVZ^bgeEo& zoXy&R@zn928x4of4+6+yQZ|p|dmMb*{AIZ_kXb%C$EVlqY-eSaGDRB}8W|oM+2ASY zLHfXoS1d_GgJkM7(&j~`O0rvVE~h5<+Qx>{n#xtadm^2JsoqNe6jh)MeA6xX{{f4y#7Z(MhK8icxFrX)AvvIlO zB*>FRZMpA$nysgG+l2j!GnY-~(ZHwkb=KOiI7r=x-&4-h{r5Hx_#!V+kZ_BOi?W$d za-E~{09vi*Nl%{pp5G~eEEJ)w`TZ8h*@!eG7NwUjQvm!bcQYz~FeCZBRPV1LQ+9l_ zV6j&wy?$+a+7F?A)T_&ggfZ~)=&)%B6=gv#jOt#W&;he>vIQYs=&jP=vB4cinay}r zne$B!`N^pC8g%KL*O>cJ;$wK7vbR669fpXdql(TuoG^e_BMx^AqRo{6*qsbK^|V>3T&xf7I@ zKnH*8PqUC96@swWh>(q&y_Ou7sSB2SP!XU3<=`RZL5KZn)_UFnm>-z)tPQU>BmOj> z^=@Kv!(~l%wQ0}!NP_%70?I#9Rkm$?gF+QRp(wH>&#CWO1JVOT00Gy;@*GTnGOBS)`I!2fR0vHi1*Q9=q9fh(H0pNfgm{s@Mc;g{KY4l zpJtKngpSt;=y&Jb!>l0bNUp&PgN^pKw&?UH@+GTriEw`=e!K?Zq&Df?0-phntx&T! zCCgXX`?=o#h=BRCTd-B1aqYPV7Ur)amArs%a<%clQ_g8IlEMrw?n5f=Ikj`jxyHqD5F>No9Ikr4&vrhW` zY9^z^Aqe_?0C_SsmT1+Uu}@VSliF43%>R}tgJb|;vUgMFP8j0Ye)gK@`RoD^AJ8R^ zh|tJQqTbwp*1*rAst#X0744rtd>h!-)&>wsqeWeR_YN0_-V;k{Io_^VvKY1%B(d*t z?q$G1A~ZXxR2^RbKv>wdYoDK*rK9j>uL07{boZhiivBI{sA!}3Iz<;bUMc0BY2-Bv z;IMH2tJI7+GO^+yKT)x7qD`26F$z_1+YvAK*nlGN2~p`!R;FAvl-VlH7;{NvuD;z0b=V zaX`r8T0iEp)v(@*9YkdeEul+Elc-sqv-=Qrki-5#L^6(+#q(wBJ9h2dB-!d#nNy#(n{}I9!Xp^6P~{|Eq;Ae zoh_X1s8j>q0EhQx{wlvr8LgloU&vbd^O(t;=fd}2{}adDZ%P3v$~@67>o+KDrMyd1 zlhjSRm}ghOu&L3V+~^UD0Y=#ao16;kPr<<@Mpe5d80pcDk@wiZ(3dVG1$Yu+eslAi zzs^^mRQmqAC`^?%z>20(J^AqWnh2p0X*f*}Wu*lq4I~`{Y_)011LTrn(N{96eYiFP zmhzVt7o)VRF%5Jki)^)!;XbPamn;eG@VH0e2mmscJNU-S%d4iQR{PN*TiU&aV+%zq z?zP`{ro!jqcgmskClGMYX|1t9Bm*VT!H)g4V5;CN2>Llj-vbrW&SJh&TDN&u z`UBS#%gSGT1qpX|udlC5`?iRP_f>j|ooMt54xt1cD}WlnoSp9-5#J2{WCn>N;ZprY zJsuEQrlule0S1nlyp-L^^yCV3xWVapHcy`DSHj{^j6h`NRe&%LaBdQ&vMWXKRSUW-AY>0r#dLxvh1SHXUrriqBeZtmnjq^teHCYvj)jroBORs!eG3`{nBl~u= zOn;>OhcI;(SEfp>^9Bxpr?eO+69Ib9ai&jT2|!1@PzT|9!UEXV_j#z6z7$<++sgll z0fy+SDQUmp1{F;R#2JdF=QK%6Ng+DbCv3(94~TYJghyEwk1oJaNw9pNp3w!n`C2^hys%)PAH{xkDhYH4c)A53#L9b&)j;$fyHhBV)_Th<3t!x= zhn=PA_1G=Y#OBF{h6+L7yx_?l`8AUwXeo%K5_z7tCt>3g&rI7J2|&ihNpf-zAp$*) zhPwbG_mdSef*pA>!~fVJ3vO>HS(KYm?|jmrrMk^IrFDzs`Ix;)#ZhU7=XM z2lNz?WLUM$TqO=W(kcgEI?hw)0G$-bWBYv4lgyQqG+enH6nV#iH3I|SV8PR=%n}I) z^lyTsuk~k0yeg5YAsrZ6zMiulL!)!G`d?^==pE7!&s|nDzSZgVqeyAT~IC;tMTn}45;O^aux zrt9$$OWUk8N>7p9pXdW}yi}TlIwDtAlIw zu|s)^0QS8xUYnevKQLSHw;^Nt3;(LMewUR6wKqH~eZc$~RhLNe>HBThLdGIkc}{KY zv{{iNAfFr=9?Sw(P(VcNvBpVC5U;Co~JC;Ieuv)%Re zH)SgQ0QFlC)fs(HnrPBl!_Qv<1lwpC!0ZKIDTH%)2eoYo6Ajua%@&~dM`YN6K>^`78 zkypdlK~aK|b$y)}{E^FzX+HDyi31H_LQ@LrS{RfTJ5-opAj6P&Auh-{HM6+)?zga& znV@U*1tzcqOCuTWdeCL|;v#=C<~{_sm(CKO^&i<_3i5Clq$)GIl?+|u!dz}=80@W5 zeaXAO-4O{Yj{BLn+9L|l)gPbl7UTj2$^9j%uh0;l77^iMVJ*nXi3i}@R6`+nb_!jr zKyz+51DDs*YDu*(O)P;jx-He9cW18p>%orO;bDD`d}(PZpnCn5+7kwz^v_7?KHyj= z|E{-cacSO~ETTv#br~|M7{q=?J4^x6{>1Z07?FlcIOKTm;K0J-09{!B5cmS1u5-0U zrbwp(qkRc{YoLE^1p;9Qz_F-w_kZsGrkL|`cZpZz9lj^_nBt+~6`RPkm~BZ%u}AHr zdiJDhTuL|j@Dm>!z2(WRa-VByaD{@Z47Z(u<1|ZJiE0~Hl3NGEv&$63%f&)h!A-ci zx#cP)zJ)9B8hdWmhWFC}Gs8evaMD_PRiA%j_RpJ=F4&KHui@(QM>yE4K~z}b`LS~L z34suq)U*j}$WsuNvl}W7Q#%S9`CvIttT8IN%a8d@@$jO)hbPxZ5!l@|I}?Dr!((FR zOn2Xch}C_vg~V`Iq#!3L(xA~#aK5gv-}#7YDJoi^+Ov1yIs+eYm;q`76bct_WYu8)Ael9Pj?i_-?JMrJLD*7P?RAF{L0HD+%hH6s|fHua}oaICJlBcM%!LZ`07x;q2*7jb3pTY2-(5P= zhI1x#>i}zoP$V_k*Zu6yZb3%!pe8TWM5rqBD==1LWHK`*?S~&caBohP(Js;B26iMs z$!>{2w={>#nv7c^k1iUT@naPM@ta~4KQx|_osDO3`q$S}X0Ag4Ds{ErxL7Odp3JQ$ z?}tT!W7@wRlaq5cYwiNf!UmZ~5pZ<1pCN9%`p%tCM>V(9TfmRYX98-@_aDnfOhV##XGEhUPZ-}i7#xKc1N8*C zSt%)}0I1LB<~?%kE7{mIVZJ??CnsfPC zgK`z1k;tGl;PL`1K5sBXyY{{Q^MCaR$H)*CV@?>+MK9IWhd(cv)`BpK2*}NcOGjOr z_vH6@H^;)jBkJor9}}U)ty`04e#ExYlZ55oKA2x<1(diqQO_r|T`D0|vPz8V+Z9jH z$76TJap&1LHn;?3d2~;}4lx+{!}@wmGZWM;P0eAx(HB&?jTW_6deKnfBW}#crwTA~p63QD^q^+SNV;M0%rAE8jA$*=qX(d_ zhkf~S^iHt98 zr|&PM4Lc&u5Jal3`=_LGrOq6-cL2Mr)PQ3t9Z^#*)~^RfvCMjL4rYO^z+U?Is-}ID zuj(kn^&Prt*_ZMHjU+0njrg6SiyZLuXciL}CnD_YCmFFi1>WN-pcNZ{=R%h@swyk- z)-A>E=g2~l$^l?8k7qNu?vAS1nMJHv*LbdSeS&MlO}wa~fuPbcohj84uzO`qjZvjl z4ZxX#ip-B!X4ZVp6ZH^J1Mzvg3*3+^Ge_FRZ?yjRF-r3C4uEkXr`sbqrhD7ytahL^ zP-oDKxS%<*J%=QPBM>LY4s5&`vLm(`f?wYgB)n_N944g#x3sJBb@&~CCjk{^)Y zNVWo$=0zy~5Y&3OTHj*`zKV2meyDJBvnZ+$lmwL;V12_D+ed@1fI<>GuhiCG4+z=a ze85XQ`yTdyAfc%E@Ez%`^}*oGWuE3kcMwMA{H{`A8qejdq=vf2_7# z##@{S3{;vc`pcfD`->KHEa@xmtSAS&`@b%$_s_G|5|8k(sTf+te~^Mmtk`48DG zZD0J*OC_0i0GSCYg{JG?OC#P_08HWjH{4f27#$r7Ki zuAlC9)5=1J3z|1{wl+71E9FOYN7%BdrJmSKEpzY8oL76&V^8tDPN2poli1%z-=97) zou1}`Jw9G1bih%iMzHPqBvCJr~BX z_GRC038XwbTI1SQD^PGn#XYL5s-E}+L>`t!>J}5z($30crRPYKBcl<82QxVxPY&Ye sM9o!RCjakUBst{zUqI0RLv=loa+e0H$(eYRMn1q-@+xwr&)$9fUqa!vHvj+t literal 0 HcmV?d00001 diff --git a/docs/guides/batch-backup/wordpress-backup/index.md b/docs/guides/batch-backup/wordpress-backup/index.md new file mode 100644 index 0000000..8be501c --- /dev/null +++ b/docs/guides/batch-backup/wordpress-backup/index.md @@ -0,0 +1,954 @@ +--- +title: Batch Backup | Stash +description: A step by step guide showing how to backup and restore an application with multiple co-related components. +menu: + docs_{{ .version }}: + identifier: batch-backup-guide + name: Backup a WordPress Site + parent: batch-backup + weight: 20 +product_name: kubestash +menu_name: docs_{{ .version }} +section_menu_id: guides +--- + +# Backup & Restore a WordPress Site Using Batch Backup + +This tutorial will demonstrate how to use Stash to take backup of an application with multiple co-related components. Here, we are going to take backup of a [WordPress Site](https://kubernetes.io/docs/tutorials/stateful-application/mysql-wordpress-persistent-volume/). + +## Before You Begin + +- At first, you need to have a Kubernetes cluster, and the `kubectl` command-line tool must be configured to communicate with your cluster. If you do not already have a cluster, you can create one by using [kind](https://kind.sigs.k8s.io/docs/user/quick-start/). +- Install `Stash` in your cluster following the steps [here](/docs/setup/README.md). +- Install MySQL addon for Stash following the steps [here](https://stash.run/docs/v0.9.0-rc.2/addons/mysql/guides/8.0.14/mysql/). +- If you are not familiar with how Stash backup and restore MySQL databases, please check the following guide [here](https://stash.run/docs/v0.9.0-rc.2/addons/mysql/overview/). + +- You should be familiar with the following `Stash` concepts: + - [Appbinding](/docs/concepts/crds/appbinding/index.md) + - [Function](/docs/concepts/crds/function/index.md) + - [Task](/docs/concepts/crds/task/index.md) + - [BackupBatch](/docs/concepts/crds/backupbatch/index.md) + - [BackupSession](/docs/concepts/crds/backupsession/index.md) + - [Repository](/docs/concepts/crds/repository/index.md) + - [RestoreBatch](/docs/concepts/crds/restorebatch/index.md) + +To keep everything isolated, we are going to use a separate namespace called `demo` throughout this tutorial. + +```bash +$ kubectl create ns demo +namespace/demo created +``` + +> **Note:** YAML files used in this tutorial are stored in [docs/guides/batch-backup/wordpress-backup/examples](/docs/guides/batch-backup/wordpress-backup/examples) directory of [kubestash/docs](https://github.com/kubestash/docs) repository. + +## Deploy WordPress Site + +At first, we are going to deploy a WordPress site with a MySQL database and generate some sample data in it. Then, we are going to backup this site's data and database into a GCS bucket. Finally, we are going to show how we can restore the site form the backed up data. + +### Deploy Database + +We are going to use MySQL as the database for our WordPress site. So, let's deploy the database first. + +Let's create a secret for the MySQL database, + +```bash +$ kubectl create secret -n demo generic mysql-pass \ + --from-literal=username=root \ + --from-literal=password=mysqlpass +secret/mysql-pass created +``` + +Now, let's create a MySQL deployment with this secret. Below are the YAML of the MySQL Deployment along with its Service and PVC, + +```yaml +apiVersion: v1 +kind: Service +metadata: + name: wordpress-db + namespace: demo + labels: + app: wordpress-db +spec: + ports: + - port: 3306 + selector: + app: wordpress-db +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: wordpress-db + namespace: demo + labels: + app: wordpress-db +spec: + selector: + matchLabels: + app: wordpress-db + strategy: + type: Recreate + template: + metadata: + labels: + app: wordpress-db + spec: + containers: + - image: mysql:8.0.14 + name: mysql + args: + - --default-authentication-plugin=mysql_native_password + env: + - name: MYSQL_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: mysql-pass + key: password + - name: MYSQL_USER + valueFrom: + secretKeyRef: + name: mysql-pass + key: username + ports: + - containerPort: 3306 + name: mysql + volumeMounts: + - name: storage + mountPath: /var/lib/mysql + - name: config-volume + mountPath: /etc/mysql/conf.d + volumes: + - name: storage + persistentVolumeClaim: + claimName: mysql-pvc + - name: config-volume + emptyDir: {} +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: mysql-pvc + namespace: demo + labels: + app: wordpress-db +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi +``` + +Let's create the above MySQL Deployment, + +```bash +$ kubectl apply -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/guides/batch-backup/wordpress-backup/examples/mysql.yaml +service/wordpress-db created +deployment.apps/wordpress-db created +persistentvolumeclaim/mysql-pvc created +``` + +Now, wait for the MySQL pod to go into running state, + +```bash +$ kubectl get pod -n demo -l app=wordpress-db +NAME READY STATUS RESTARTS AGE +wordpress-db-58657b89b9-kgt76 1/1 Running 0 104s +``` + +Let's check if the MySQL database is ready to accept connections, + +```bash +$ kubectl logs -n demo -f wordpress-db-58657b89b9-kgt76 +Initializing database +.... +.... +2020-01-07T12:33:23.242350Z 0 [System] [MY-010931] [Server] /usr/sbin/mysqld: ready for connections. Version: '8.0.14' socket: '/var/run/mysqld/mysqld.sock' port: 3306 MySQL Community Server - GPL. +2020-01-07T12:33:23.325316Z 0 [System] [MY-011323] [Server] X Plugin ready for connections. Bind-address: '::' port: 33060 +``` + +From the last line, we can see the database is ready to accept connections. + +### Deploy WordPress + +Now, we are going to deploy our WordPress app in another Deployment. This going to use the MySQL database through the `wordpress-db` Service that we have created earlier. + +Below is the YAML of the WordPress Deployment along with its PVC and Service: + +```yaml +apiVersion: v1 +kind: Service +metadata: + name: wordpress-app + namespace: demo + labels: + app: wordpress-app +spec: + ports: + - port: 80 + selector: + app: wordpress-app +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: wordpress-app + namespace: demo + labels: + app: wordpress-app +spec: + selector: + matchLabels: + app: wordpress-app + strategy: + type: Recreate + template: + metadata: + labels: + app: wordpress-app + spec: + containers: + - image: wordpress:5.3.2-apache + name: wordpress + env: + - name: WORDPRESS_DB_HOST + value: wordpress-db + - name: WORDPRESS_DB_PASSWORD + valueFrom: + secretKeyRef: + name: mysql-pass + key: password + - name: WORDPRESS_DB_USER + valueFrom: + secretKeyRef: + name: mysql-pass + key: username + ports: + - containerPort: 80 + name: wordpress + volumeMounts: + - name: storage + mountPath: /var/www/html + volumes: + - name: storage + persistentVolumeClaim: + claimName: wordpress-pvc +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: wordpress-pvc + namespace: demo + labels: + app: wordpress-app +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi +``` + +Let's create the above Deployment, + +```bash +$ kubectl apply -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/guides/batch-backup/wordpress-backup/examples/wordpress.yaml +service/wordpress-app created +deployment.apps/wordpress-app created +persistentvolumeclaim/wordpress-pvc created +``` + +Now, wait for the wordpress pod to go into running state, + +```bash +$ kubectl get pod -n demo -l app=wordpress-app +NAME READY STATUS RESTARTS AGE +wordpress-app-59b69858f9-48phf 1/1 Running 0 3m40s +``` + +So, we can see that our WordPress site is running. Now, its time to insert some sample data. + +#### Insert Sample Data + +At first, lets port-forward the `wordpress-app` Service that we have created with the WordPress deployment. + +```bash +$ kubectl port-forward -n demo service/wordpress-app 8080:80 +Forwarding from 127.0.0.1:8080 -> 80 +Forwarding from [::1]:8080 -> 80 +``` + +Now, we can access our site through a browser at `localhost:8080`. Let's complete the initial setup. + +

    + WordPress Setup Wizard +
    Fig: WordPress Setup Wizard
    +
    + +Once we have completed the setup, let's create some sample blog posts. Here, I have created a sample post titled **Stash Batch Backup Test**. + +
    + Sample Post +
    Fig: A sample blog post
    +
    + +When we save the post, WordPress will store it into the database. If we exec into the database pod, we will see the post has been stored there. + +```bash +$ kubectl exec -it -n demo wordpress-db-58657b89b9-kgt76 -- mysql --user=root --password=mysqlpass +... +mysql> show databases; ++--------------------+ +| Database | ++--------------------+ +| information_schema | +| mysql | +| performance_schema | +| sys | +| wordpress | ++--------------------+ +5 rows in set (0.01 sec) + +mysql> show tables in wordpress; ++-----------------------+ +| Tables_in_wordpress | ++-----------------------+ +| wp_commentmeta | +| wp_comments | +| wp_links | +| wp_options | +| wp_postmeta | +| wp_posts | +| wp_term_relationships | +| wp_term_taxonomy | +| wp_termmeta | +| wp_terms | +| wp_usermeta | +| wp_users | ++-----------------------+ +12 rows in set (0.00 sec) + +mysql> use wordpress; +Reading table information for completion of table and column names +You can turn off this feature to get a quicker startup with -A + +Database changed + +mysql> select post_name from wp_posts; ++-------------------------+ +| post_name | ++-------------------------+ +| hello-world | +| sample-page | +| privacy-policy | +| | +| stash-batch-backup-test | +| 5-revision-v1 | ++-------------------------+ +6 rows in set (0.00 sec) + +mysql> exit +Bye +``` + +So, we can see that our post has been stored with `stash-batch-backup-test` name. + +Also, WordPress pod write some files in its `/var/www/html` directory. Let's see whats file has been written there: + +```bash +$ kubectl exec -it -n demo wordpress-app-59b69858f9-48phf -- ls /var/www/html +index.php wp-blog-header.php wp-cron.php wp-mail.php +license.txt wp-comments-post.php wp-includes wp-settings.php +readme.html wp-config-sample.php wp-links-opml.php wp-signup.php +wp-activate.php wp-config.php wp-load.php wp-trackback.php +wp-admin wp-content wp-login.php xmlrpc.php +``` + +Notice the `wp-content` directory. We will work with this directory later in this tutorial. + +Now, our wordpress site is running and we have created some post into it. Now, its time to setup a backup for our site. + +### Backup + +Here, we are going to backup the `/var/www/html` directory of the WordPress pod and the MySQL database into a GCS bucket using `BackupBatch`. + +#### Create AppBinding + +At first, let's create an `AppBinding` CR that holds the connection information of the MySQL database. Stash uses this `AppBinding` to connect with the database. + +Here, is the `AppBinding` CR holding connection information of our MySQL database, + +```yaml +apiVersion: appcatalog.appscode.com/v1alpha1 +kind: AppBinding +metadata: + name: wordpress-db + namespace: demo +spec: + type: mysql + version: 8.0.27 + clientConfig: + service: + name: wordpress-db + port: 3306 + scheme: mysql + secret: + name: mysql-pass +``` + +Here, + +- `.spec.clientConfig.service.name` specifies the name of the Service that connects to the MySQL database. +- `.spec.clientConfig.service.port` specifies the port where the target database is running. +- `.spec.secret` specifies the name of the Secret that holds the necessary credentials to access the database. +- `spec.type` specifies the types of the database it pointing to. + +Let's create the above AppBinding, + +```bash +$ kubectl apply -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/guides/batch-backup/wordpress-backup/examples/appbinding.yaml +appbinding.appcatalog.appscode.com/wordpress-db +``` + +#### Prepare Backend + +We are going to store our backed up data into a GCS bucket. We have to create a Secret with the necessary credentials and a Repository CR to use this backend. If you want to use a different backend, please read the respective backend configuration doc from [here](/docs/guides/backends/overview/index.md). + +> For GCS backend, if the bucket does not exist, Stash needs `Storage Object Admin` role permissions to create the bucket. For more details, please check the following [guide](/docs/guides/backends/gcs/index.md). + +**Create Secret:** + +Let's create a Secret called `gcs-secret` with access credentials to our desired GCS bucket, + +```bash +$ echo -n 'changeit' > RESTIC_PASSWORD +$ echo -n '' > GOOGLE_PROJECT_ID +$ cat /path/to/downloaded-sa-key.json > GOOGLE_SERVICE_ACCOUNT_JSON_KEY +$ kubectl create secret generic -n demo gcs-secret \ + --from-file=./RESTIC_PASSWORD \ + --from-file=./GOOGLE_PROJECT_ID \ + --from-file=./GOOGLE_SERVICE_ACCOUNT_JSON_KEY +secret/gcs-secret created +``` + +**Create Repository:** + +Now, let's create a `Repository` with our GCS bucket information. Below is the YAML of `Repository` CR we are going to create, + +```yaml +apiVersion: stash.appscode.com/v1alpha1 +kind: Repository +metadata: + name: gcs-repo + namespace: demo +spec: + backend: + gcs: + bucket: stashed-ci + prefix: /wordpress/backup + storageSecretName: gcs-secret +``` + +Let's create the Repository we have shown above, + +```bash +$ kubectl apply -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/guides/batch-backup/wordpress-backup/examples/repository.yaml +repository.stash.appscode.com/gcs-repo created +``` + +Now, we are ready to backup our WordPress site into this backend. + +#### Backup + +Now, we are going to create a `BackupBatch` CR targeting the MySQL database and the WordPress deployment. + +**Create BackupBatch:** + +Below is the YAML of the `BackupBatch` CR that we are going to create, + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: BackupBatch +metadata: + name: wordpress-backup + namespace: demo +spec: + repository: + name: gcs-repo + schedule: "*/5 * * * *" + executionOrder: Parallel + members: + - target: + alias: db + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: wordpress-db + task: + name: mysql-backup-8.0.14 + - target: + alias: app + ref: + apiVersion: apps/v1 + kind: Deployment + name: wordpress-app + volumeMounts: + - name: storage + mountPath: /var/www/html + paths: + - /var/www/html + retentionPolicy: + name: 'keep-last-10' + keepLast: 10 + prune: true +``` + +Here, + +- `spec.repository` refers to the `Repository` that holds the information of our GCS backend. +- `spec.schedule` is a cron expression that indicates that backup will take at every 5 minutes interval. +- `spec.executionOrder` specifies that we want to take backup both of the components in parallel. +- `spec.members` specifies a list of targets that are subject to backup. In our case, we are going to specify the `AppBinding` of our MySQL database and the WordPress deployment as members. Each of the members may have the following sub-fields: + - `target.alias` specify the host identifier that will be used to separate data of this member in the backend. + - `target.ref` refers to the target that will be backed up. + - `target.paths` specifies a list of file paths to backup for the target. + - `target.volumeMounts` specifies a list of volumes and their mountPath that contain the target paths. + - `task.name` refers to the `Task` object that specifies the `Function` and their execution order to perform the backup in the Function-Task model. + +Let's create the `BackupBatch` crd we have shown above, + +```bash +$ kubectl apply -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/guides/batch-backup/wordpress-backup/examples/backupbatch.yaml +backupbatch.stash.appscode.com/wordpress-backup created +``` + +**Verify CronJob:** + +Stash will also create a `CronJob` with the schedule specified in `spec.schedule` field of `BackupBatch` CR. + +Verify that the CronJob has been created successfully, + +```bash +$ kubectl get cronjob -n demo +NAME SCHEDULE SUSPEND ACTIVE LAST SCHEDULE AGE +stash-backup-wordpress-backup */5 * * * * False 0 32s +``` + +**Wait for BackupSession:** + +The CronJob will trigger a backup on each scheduled slot by creating a `BackupSession` CR. Let's wait for a `BackupSession` to complete, + +```bash +$ kubectl get backupsession -n demo -w +NAME INVOKER-TYPE INVOKER-NAME PHASE AGE +wordpress-backup-1597245602 BackupBatch wordpress-backup 0s +wordpress-backup-1597245602 BackupBatch wordpress-backup Running 0s +wordpress-backup-1597245602 BackupBatch wordpress-backup Succeeded 40s +``` + +We can see from the above output that the BackupSession has `Succeeded`. It means Stash has backed up our database and the `/var/www/html` directory of the WordPress deployment successfully. + +**Verify Backup:** + +When a backup session is completed, Stash will update the respective `Repository` to reflect the latest state of backed up data. + +Run the following command to check if a backup snapshot has been stored in the backend, + +```bash +$ kubectl get repository -n demo gcs-repo +NAME INTEGRITY SIZE SNAPSHOT-COUNT LAST-SUCCESSFUL-BACKUP AGE +gcs-repo true 183.5Mi 2 3s 38m +``` + +From the output above, we can see that 2 snapshots have been stored in the backend. + +Now, if we navigate to our GCS bucket, we are going to see that the backed up data has been stored in `/wordpress/backup` directory as specified by the `prefix` field of the Repository. + +
    + Backup data in GCS Bucket +
    Fig: Backup data in GCS Bucket
    +
    + +> **Note:** Stash keeps all the backed up data encrypted. So, data in the backend will not make any sense until they are decrypted. + +## Restore + +In the previous section, we have successfully backed up the database and `/var/www/html` directory our WordPress deployment into a GCS bucket. Now, it is time to see the restore process in action. + +Here, we are going to see two different restore scenarios: + +- **Batch Restore:** In this scenario, we will assume that both of the components (database and wordpress deployment) our WordPress site has been damaged. In this case, we will restore the backed up data of both components using a `RestoreBatch` object. + +- **Individual Restore:** In this scenario, we will assume that only the database has been damaged. So, restoring only the database is sufficient. In this case, we are going to restore the database using a `RestoreSession` object. + +**Pause Backup:** + +At first, let stop the backup so that no new backup happens during the restore process. Let's set `spec.paused` section of `BackupBatch` to `true` which will stop taking further scheduled backup. + +```bash +$ kubectl patch backupbatch -n demo wordpress-backup --type="merge" --patch='{"spec": {"paused": true}}' +backupbatch.stash.appscode.com/wordpress-backup patched +``` + +It should suspend the respective CronJob which is responsible for triggering backup at a scheduled slot. Let's verify that the CronJob has been suspended. + +```bash +$ kubectl get cronjob -n demo +NAME SCHEDULE SUSPEND ACTIVE LAST SCHEDULE AGE +stash-backup-wordpress-backup */5 * * * * True 0 12h 13h +``` + +### Batch Restore + +In this section, we are going to simulate a disaster scenario where we will damage both the database and the wordpress deployment's data. Then, we will restore them from the backup. + +**Simulate Disaster:** + +At first, let's corrupt the database. Here, we are going to delete the sample post we have created earlier. + +```bash +$ kubectl exec -it -n demo wordpress-db-58657b89b9-kgt76 -- mysql --user=root --password=mysqlpass +.... +mysql> show tables from wordpress; ++-----------------------+ +| Tables_in_wordpress | ++-----------------------+ +| wp_commentmeta | +| wp_comments | +| wp_links | +| wp_options | +| wp_postmeta | +| wp_posts | +| wp_term_relationships | +| wp_term_taxonomy | +| wp_termmeta | +| wp_terms | +| wp_usermeta | +| wp_users | ++-----------------------+ +12 rows in set (0.01 sec) + +mysql> use wordpress; +Reading table information for completion of table and column names +You can turn off this feature to get a quicker startup with -A + +Database changed +mysql> show tables; ++-----------------------+ +| Tables_in_wordpress | ++-----------------------+ +| wp_commentmeta | +| wp_comments | +| wp_links | +| wp_options | +| wp_postmeta | +| wp_posts | +| wp_term_relationships | +| wp_term_taxonomy | +| wp_termmeta | +| wp_terms | +| wp_usermeta | +| wp_users | ++-----------------------+ +12 rows in set (0.00 sec) + +mysql> select post_name from wp_posts; ++-------------------------+ +| post_name | ++-------------------------+ +| hello-world | +| sample-page | +| privacy-policy | +| | +| stash-batch-backup-test | +| 5-revision-v1 | ++-------------------------+ +6 rows in set (0.00 sec) + +mysql> delete from wp_posts where post_name='stash-batch-backup-test'; +Query OK, 1 row affected (0.01 sec) + +mysql> select post_name from wp_posts; ++----------------+ +| post_name | ++----------------+ +| hello-world | +| sample-page | +| privacy-policy | +| | +| 5-revision-v1 | ++----------------+ +5 rows in set (0.00 sec) + +mysql> exit; +Bye +``` + +We have deleted the `stash-batch-backup-test` post from the database. Now, if you go to our WordPress site through a browser, you will see that the sample post that we had created is missing now. + +
    + Missing Sample Post +
    Fig: Missing Sample Post
    +
    + +So, we can see that the sample post is gone. Only, the `Hello World!` post is now available. + +Now, let's do some damage to our WordPress deployment too. Here, we are going to remove the `wp-content` directory from `/var/www/html` directory of our WordPress pod. + +```bash +$ kubectl exec -n demo wordpress-app-5b778b446-gtd6d -c wordpress -- rm -r /var/www/html/wp-content +``` + +Verify that the `wp-content` directory has been removed. + +```bash +$ kubectl exec -n demo wordpress-app-5b778b446-gtd6d -c wordpress -- ls /var/www/html +index.php +license.txt +readme.html +wp-activate.php +wp-admin +wp-blog-header.php +wp-comments-post.php +wp-config-sample.php +wp-config.php +wp-cron.php +wp-includes +wp-links-opml.php +wp-load.php +wp-login.php +wp-mail.php +wp-settings.php +wp-signup.php +wp-trackback.php +xmlrpc.php +``` + +So, we can see from the above that the `wp-content` directory is no longer present in `/var/www/html` directory. + +**Create RestoreBatch:** + +Now, we are going to restore both of the components using a RestoreBatch. Here, is the YAML of the RestoreBatch CR that we are going to use: + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: RestoreBatch +metadata: + name: wordpress-restore + namespace: demo +spec: + driver: Restic + repository: + name: gcs-repo + executionOrder: Sequential + members: + - target: + alias: db + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: wordpress-db + rules: + - snapshots: [latest] + task: + name: mysql-restore-8.0.14 + - target: + alias: app + ref: + apiVersion: apps/v1 + kind: Deployment + name: wordpress-app + rules: + - paths: + - /var/www/html + volumeMounts: + - name: storage + mountPath: /var/www/html +``` + +Here, + +- `spec.repository` specifies that we are restoring from the `gcs-repo` Repository. +- `spec.executionOrder` specify that we want Stash to restore the component sequentially. Here, we want to restore the database first then we want to restore the wordpress deployment's data. +- `spec.members` specify the targets to be restored. Each member may have the following sub-fields. + - `target.alias` specify the host identifier of the backed up data for this member. It must be the same as the `alias` used during backup. + - `target.ref` refers to the target to restore. + - `target.rules` specify the rules for restoring the data of this member. Here, we want to restore the `latest` snapshot for the database and the latest state of `/var/www/html` path for our WordPress deployment. + - `target.volumeMounts` specifies the volume mounts where the data will be restored. + - `task.name` refers to the `Task` object to use to restore the member in the Function-Task model. + +Let's create the above `RestoreBatch` object, + +```bash +$ kubectl apply -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/guides/batch-backup/wordpress-backup/examples/restorebatch.yaml +restorebatch.stash.appscode.com/wordpress-restore created +``` + +Now, wait for the `RestoreBatch` phase to go into `Succeeded` state. + +```bash +$ kubectl get restorebatch -n demo -w +NAME REPOSITORY PHASE AGE +wordpress-restore gcs-repo Running 7s +wordpress-restore gcs-repo Succeeded 2m +``` + +We can see from above that Stash has successfully restored both components. Now, it's time to verify whether data has been restored or not. + +**Verify Restored Data :** + +Let's verify that `sample-batch-backup-test` post that we had deleted from the database has been restored. + +```bash +$ kubectl exec -n demo wordpress-db-58657b89b9-kgt76 -- mysql --user=root --password=mysqlpass -e "SELECT post_name FROM wordpress.wp_posts;" +mysql: [Warning] Using a password on the command line interface can be insecure. +post_name +hello-world +sample-page +privacy-policy + +stash-batch-backup-test +5-revision-v1= +``` + +We can see that the `stash-batch-backup-test` post is now present in the database. + +Again, let verify whether the `wp-content` directory that we had removed from the WordPress deployment's pod has been restored or not. + +```bash +$ kubectl exec -n demo wordpress-app-684b577c89-wpsqs -c wordpress -- ls /var/www/html +index.php +license.txt +readme.html +wp-activate.php +wp-admin +wp-blog-header.php +wp-comments-post.php +wp-config-sample.php +wp-config.php +wp-content +wp-cron.php +wp-includes +wp-links-opml.php +wp-load.php +wp-login.php +wp-mail.php +wp-settings.php +wp-signup.php +wp-trackback.php +xmlrpc.php +``` + +We can see from the above that the `wp-content` has been restored successfully. + +Now, if you go to the WordPress site through a browser, you will see that the `Stash Batch Backup Test` post is present now. + +
    + Restored Sample Post +
    Fig: Restored Sample Post
    +
    + +### Individual Restore + +In this section, we are going to simulate a disaster scenario where the data of only one component get damaged. So, restoring only the damaged component is sufficient. + +Here, we are going to delete the sample post again from the database and then restore it using a RestoreSession. + +**Simulate Disaster Scenario :** + +Let's delete the sample post from the database: + +```bash +$ kubectl exec -n demo wordpress-db-58657b89b9-kgt76 -- mysql --user=root --password=mysqlpass -e "DELETE FROM wordpress.wp_posts WHERE post_name='stash-batch-backup-test';" +``` + +Verify that the sample post has been removed: + +```bash +$ kubectl exec -n demo wordpress-db-58657b89b9-kgt76 -- mysql --user=root --password=mysqlpass -e "SELECT post_name FROM wordpress.wp_posts;" +mysql: [Warning] Using a password on the command line interface can be insecure. +post_name +hello-world +sample-page +privacy-policy + +5-revision-v1 +``` + +We can see from the above output that `stash-batch-backup-test` entry no longer presents in the database. + +**Create RestoreSession:** + +Now, let's create a `RestoreSession` object targeting the `AppBinding` of our MySQL database. Here, is the YAML of the `RestoreSession` that we are going to create: + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: RestoreSession +metadata: + name: wordpress-db-restore + namespace: demo +spec: + task: + name: mysql-restore-8.0.14 + repository: + name: gcs-repo + target: + alias: db + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: wordpress-db + rules: + - snapshots: [latest] +``` + +Let's create the above `RestoreSession` object, + +```bash +$ kubectl apply -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/guides/batch-backup/wordpress-backup/examples/restoresession.yaml +restoresession.stash.appscode.com/wordpress-db-restore created +``` + +Now, wait for the `RestoreSession` phase to go into `Succeeded` state, + +```bash +$ kubectl get restoresession -n demo -w +NAME REPOSITORY PHASE AGE +wordpress-db-restore gcs-repo Running 10s +wordpress-db-restore gcs-repo Succeeded 89s +``` + +So, we can see that Stash has successfully restored the database. + +**Verify Restored Data :** + +Let's verify whether the sample post has been restored or not, + +```bash +$ kubectl exec -n demo wordpress-db-58657b89b9-kgt76 -- mysql --user=root --password=mysqlpass -e "SELECT post_name FROM wordpress.wp_posts;" +mysql: [Warning] Using a password on the command line interface can be insecure. +post_name +hello-world +sample-page +privacy-policy + +stash-batch-backup-test +5-revision-v1 +``` + +We can see from the above output that the `stash-batch-backup-test` post has been restored. Now, if you navigate to the WordPress site in a browser, you should see the post again. + +## Cleaning Up + +To clean up the Kubernetes resources created by this tutorial, run: + +```bash +kubectl delete -n demo backupbatch wordpress-backup +kubectl delete -n demo restorebatch wordpress-restore +kubectl delete -n demo restoresession wordpress-db-restore + +kubectl delete -n demo deployment wordpress-db +kubectl delete -n demo deployment wordpress-app +kubectl delete -n demo repository gcs-repo +kubectl delete -n demo pvc --all +kubectl delete -n demo service --all +``` diff --git a/docs/guides/cli/_index.md b/docs/guides/cli/_index.md new file mode 100644 index 0000000..bb57563 --- /dev/null +++ b/docs/guides/cli/_index.md @@ -0,0 +1,10 @@ +--- +title: kubectl plugin | Stash +menu: + docs_{{ .version }}: + identifier: cli + name: CLI + parent: guides + weight: 120 +menu_name: docs_{{ .version }} +--- \ No newline at end of file diff --git a/docs/guides/cli/kubectl-plugin/index.md b/docs/guides/cli/kubectl-plugin/index.md new file mode 100644 index 0000000..57077b2 --- /dev/null +++ b/docs/guides/cli/kubectl-plugin/index.md @@ -0,0 +1,432 @@ +--- +title: kubectl Plugin | Stash +menu: + docs_{{ .version }}: + identifier: stash-cli + name: Stash kubectl Plugin + parent: cli + weight: 10 +product_name: kubestash +menu_name: docs_{{ .version }} +section_menu_id: guides +--- + +> New to Stash? Please start [here](/docs/concepts/README.md). + +# Stash kubectl Plugin + +Stash gives you kubectl plugin support named `kubectl stash` cli. `kubectl stash` cli can be used to manage Stash objects quickly and easily. It performs various operations like creating Stash objects, coping Stash objects, cloning PVC, unlock Repository, triggering an instant backup, etc. To install Stash kubectl plugin on your workstation, follow the steps [here](/docs/setup/README.md). + +## Available Command + +Available command for `kubectl stash` cli are: + +| Main Command | Uses | +|----------------------------------------------------|----------------------------------------------------------------------------| +| [create repository](#create-repository) | Create a new `Repository`. | +| [create backupconfig](#create-backupconfiguration) | Create a new `BackupConfiguration`. | +| [create restoresession](#create-restoresession) | Create a new `RestoreSession`. | +| [cp secret](#copy-secret) | Copy `Secret` from source namespace to destination namespace. | +| [cp repository](#copy-repository) | Copy `Repository` from source namespace to destination namespace. | +| [copy backupconfig](#copy-backupconfiguration) | Copy `BackupConfiguration` from source namespace to destination namespace. | +| [copy volumesnapshot](#copy-volumesnapshot) | Copy `VolumeSnapshot` from source namespace to destination namespace. | +| [clone pvc](#clone-pvc) | Clone a PVC from source namespace to destination namespace. | +| [download](#download-snapshots) | Download backup snapshots from backend into your local repository. | +| [trigger](#trigger-an-instant-backup) | Take an instant backup. | +| [pause backup](#pause-backup) | Pause Stash backup. | +| [resume backup](#resume-backup) | Resume Stash backup. | +| [debug backup](#debug-backup) | Debug Stash backup issues. | +| [debug restore](#debug-restore) | Debug Stash restore issues. | +| [debug operator](#debug-operator) | Debug Stash operator issues. | + +## Create Command + +`kubectl stash create` command is used to create stash objects. It creates various objects like `Repository`, `BackupConfiguration` and `RestoreSession` etc. + +### Create Repository + +To create a `Repository`, you need to provide a `Repository` name and backend information and credential. You will provide the information and credential by using flags. The available flags are: + +| Flag | Description | +| ------------------- | ----------------------------------------------------------------------------- | +| `--namespace` | Indicates the namespace where the Repository will be created | +| `--secret` | Specify the name of the storage secret that will be used to create Repository | +| `--bucket` | Specify the name of the cloud bucket/container. | +| `--prefix` | Prefix denotes the directory inside the backend. | +| `--provider` | Specify backend provider (i.e. gcs, s3, azure etc) | +| `--endpoint` | Endpoint for s3/s3 compatible backend | +| `--max-connections` | Specify maximum concurrent connections for GCS, Azure and B2 backend. | + +**Format:** + +```bash +kubectl stash create [flags] +``` + +**Example:** + +```bash +$ kubectl stash create repository gcs-repo --namespace=demo --secret=gcs-secret --bucket=appscode-qa --prefix=/source/data --provider=gcs +``` + +### Create BackupConfiguration + +To create a `BackupConfiguration`, you need to provide `BackupConfiguration` name, `Repository` name, Target, and RetentionPolicy, etc. You will provide the `Repository` name, Target, RetentionPolicy by using flags. The available flags are: + +| Flag | Description | +| ----------------------- | ---------------------------------------------------------------------------------------------- | +| `--namespace` | Indicates the namespace where the `BackupConfiguration` will be created | +| `--target-apiversion` | Specify API-Version of the target resource. | +| `--target-kind` | Specify kind of the target resource. | +| `--target-name` | Specify name of the target resource. | +| `--repo-name` | Specify name of the `Repository` that will be created. | +| `--repo-namespace` | Specify namespace of the `Repository` that will be created. | +| `--schedule` | Specify schedule of the backup. | +| `--driver` | `Driver` indicates the mechanism used to backup (i.e. VolumeSnapshotter, Restic) | +| `--task` | Specify name of a `Task` | +| `--volumesnpashotclass` | Specify name of the `VolumeSnapshotClass`. | +| `--replica` | Replica specifies the number of replicas whose data should be backed up. | +| `--paths` | A list of path that will be backed up | +| `--volume-mounts` | Specify a list of volumes and their mountPaths | +| `--keep-last` | Never delete the n last (most recent) snapshots. | +| `--keep-hourly` | For the last n hours in which a snapshot was made, keep only the last snapshot for each hour. | +| `--keep-daily` | For the last n days which have one or more snapshots, only keep the last one for that day. | +| `--keep-weekly` | For the last n weeks which have one or more snapshots, only keep the last one for that week. | +| `--keep-monthly` | For the last n months which have one or more snapshots, only keep the last one for that month. | +| `--keep-yearly` | For the last n years which have one or more snapshots, only keep the last one for that year. | +| `--prune` | If set `true`, Stash will cleanup unreferenced data from the backend. | +| `--dry-run` | Stash will not remove anything but print which snapshots would be removed. | + +> Note: You must provide `::` in the `--volume-mounts` flag to specify the volumes and their mountPath and subPath. The `:` part is optional. + +**Format:** + +```bash +kubectl stash create [flags] +``` + +**Example:** + +```bash +$ kubectl stash create backupconfig ss-backup --namespace=demo --repo-name=gcs-repo --schedule="*/4 * * * *" --target-apiversion=apps/v1 --target-kind=StatefulSet --target-name=stash-demo --paths=/source/data --volume-mounts=source-data:/source/data --keep-last=5 --prune=true +``` + +### Create RestoreSession + +To create a `RestoreSession`, you need to provide a `Repository` name, Target or `VolumeClaimTemplate`, etc. You will provide the `Repository` name, Target or `VolumeClaimTemplate` by using flags. The available flags are: + +| Flag | Description | +| ---------------------- | ------------------------------------------------------------------------------ | +| `--namespace` | Indicates the namespace where the `RestoreSession` will be created | +| `--target-apiversion` | API-Version of the target resource. | +| `--target-kind` | Specify kind of the target resource. | +| `--target-name` | Specify name of the target resource. | +| `--repo-name` | specify name of the `Repository`. | +| `--repo-namespace` | specify namespace of the `Repository` | +| `--driver` | Driver indicates the mechanism used to backup (i.e. VolumeSnapshotter, Restic) | +| `--task` | Name of the Task | +| `--replica` | Replica specifies the number of replicas whose data should be backed up. | +| `--paths` | A list of path that will be backed up | +| `--volume-mounts` | A list of volumes and their mountPaths | +| `--snapshots` | Specify the name of the Snapshot(single) | +| `--host` | Specify the name of the Source host | +| `--claim.name` | Specify the name of the `VolumeClaimTemplate` | +| `--claim.access-modes` | Access mode of the VolumeClaimTemplates | +| `--claim.storageclass` | Specify the name of the Storage secret for VolumeClaimTemplate | +| `--claim.size` | Total requested size of the VolumeClaimTemplate | +| `--claim.datasource` | DataSource of the VolumeClaimTemplate | + +> Note: You must provide `::` in the `--volume-mounts` flag to specify the volumes and their mountPath and subPath. The `:` part is optional. + +**Format:** + +```bash +kubectl stash create restoresession [flags] +``` + +**Example:** + +```bash +$ kubectl stash create restoresession ss-restore --namespace=demo --repo-name=gcs-repo --target-apiversion=apps/v1 --target-kind=StatefulSet --target-name=stash-recovered --paths=/source/data --volume-mounts=source-data:/source/data +``` + +## Copy Command + +`kubectl stash cp` command is used to copy stash objects from one namespace to another namespace. It copies various objects like `Secret`, `Repository`, `BackupConfiguration` and `VolumeSnapshot` etc. + +### Copy Secret + +To copy a Secret, you need to provide Secret name and destination namespace. You will provide the destination namespace by using flag. The available flags are: + +| Flag | Description | +| ---------------- |----------------------------------------------------------------------| +| `--namespace` | Indicates the namespace of the respective `Secret`. | +| `--to-namespace` | Indicates the destination namespace where the `Secret` will be copied. | + +**Format:** + +```bash +kubectl stash cp secret [flags] +``` + +**Example:** + +```bash +$ kubectl stash cp secret my-secret --namespace=demo --to-namespace=demo1 +``` + +### Copy Repository + +To copy a Repository, you need to provide a Repository name and destination namespace. When we run the command the coping process consists of the following steps: + +- At first, the cli copies Secret from source namespace to destination namespace. +- Then it copies Repository from source namespace to destination namespace. + +You will provide the destination namespace by using flag. The available flags are: + +| Flag | Description | +| ---------------- |-----------------------------------------------------------------------| +| `--namespace` | Indicates the namespace of the respective `Repository`. | +| `--to-namespace` | Indicates the destination namespace where the `Repository` will be copied. | + +**Format:** + +```bash +kubectl stash cp repository [flags] +``` + +**Example:** + +```bash +$ kubectl stash cp repository my-repo --namespce=demo --to-namespace=demo1 +``` + +### Copy BackupConfiguration + +To copy a BackupConfiguration, you need to provide BackupConfiguration name and destination namespace. When we run the command the coping process consists of the following steps: + +- At first, the cli copies Secret from source namespace to destination namespace. +- Then it copies Repository from source namespace to destination namespace. +- finally it copies BackupConfiguration from source namespace to destination namespace. + +You will provide the destination namespace by using flags. The available flags are: + +| Flag | Description | +| ---------------- |-------------------------------------------------------------------------------------| +| `--namespace` | Indicates the namespace of the respective `BackupConfiguration`. | +| `--to-namespace` | Indicates the destination namespace where the `BackupConfiguration` will be copied. | + +**Format:** + +```bash +kubectl stash cp backupconfig [flags] +``` + +**Example:** + +```bash +$ kubectl stash cp backupconfig my-backupconfig --namespace=demo --to-namespace=demo1 +``` + +### Copy VolumeSnapshot + +To copy a VolumeSnapshot, you need to provide `VolumeSnapshot` name and destination namespace. You will provide the destination namespace by using flag. The available flags are: + +| Flag | Description | +| ---------------- |--------------------------------------------------------------------------------| +| `--namespace` | Indicates the namespace of the respective `VolumeSnapshot`. | +| `--to-namespace` | Indicates the destination namespace where the `VolumeSnapshot` will be copied. | + +**Example:** + +```bash +$ kubectl stash cp volumesnapshot my-vol-snap --namespace=demo --to-namespace=demo1 +``` + +## Clone PVC + +`kubectl stash clone pvc` command is used to clone PVC from one namespace to another namespace. When we run the command the cloning process consists of the following steps: + +- At first, It creates a Repository in the source namespace. +- Using this repository, it creates a BackupConfiguration targeting the PVC to take backup. +- After the backup process succeeded, It copies Repository to the destination namespace +- finally, It restores the backed up data into VolumeClaimTemplate in the destination namespace. + +To clone a PVC, you need to provide backend credentials for creating Repository. +You will provide the backend credential by using flags. The available flags are: + +| Flag | Description | +| ------------------- |-------------------------------------------------------------------------------| +| `--namespace` | Indicates namespace of the respective pvc. | +| `--to-namespace` | Indicates the destination namespace where the PVC will be cloned. | +| `--secret` | Specify the name of the storage secret that will be used to create Repository | +| `--bucket` | Specify the name of the cloud bucket/container. | +| `--prefix` | Prefix denotes the directory inside the backend. | +| `--provider` | Specify backend provider (i.e. gcs, s3, azure etc) | +| `--endpoint` | Endpoint for s3/s3 compatible backend | +| `--max-connections` | Specify maximum concurrent connections for GCS, Azure and B2 backend. | + +**Format:** + +```bash +kubectl stash clone pvc [flags] +``` + +**Example:** + +```bash +$ kubectl stash clone pvc my-pvc -n demo --to-namespace=demo-1 --secret= --bucket= --prefix= --provider= +``` + +## Download Snapshots + +`kubectl stash download` command is used to download the snapshots from backend repository into your local machine. +To download the snapshots you have to provide `Repository` name, download directory and snapshot list. You will provide the download directory and snapshot list using flags. The available flags are: + +| Flag | Description | +|-----------------|-----------------------------------------------------------------------| +| `--namespace` | Indicates the namespace of the respective `Repository`. | +| `--destination` | Indicates the local directory where the snapshots will be downloaded. | | +| `--snapshots` | Specifies the list of snapshots. (Provide a list of snapshot ID) | + +**Format:** + +```bash +kubectl stash download [flags] +``` + +**Example:** + +```bash +$ kubectl stash download gcs-repo --namespace=demo --destination=/home/downloads/ --snapshots="19eb4793,b7244d52" + +``` +Use `kubectl get snapshots` to get the available snapshots. + +## Trigger an Instant Backup + +`kubectl stash trigger` command is used to take an instant backup in stash. +To trigger an instant backup, you need to have a BackupConfiguration in your cluster. You need to provide the BackupConfiguration name. You can also provide the namespace by using the `--namespace` flag. This flag indicates the namespace where the trigger backup will be occurred. + +**Format:** + +```bash +$ kubectl stash trigger [flags] +``` + +**Example:** + +```bash +$ kubectl stash trigger my-config --namespace=demo +``` + +## Unlock Repository + +`kubectl stash unlock` are used to remove lock from the backend repository. +To unlock the Repository, you need to provide a Repository name. You can also provide the namespace by using the `--namespace` flag. This flag indicates the Repository namespace. + +**Format:** + +```bash +kubectl stash unlock [flags] +``` + +**Example:** + +```bash +$ kubectl stash unlock my-repo --namespace=demo +``` + +## Pause Command + +`kubectl stash pause` command is used to pause Stash backup temporarily. + +### Pause Backup +To pause a backup you have to provide the `BackupConfiguration` name or `BackupBatch` name by using flags. The available flags are: + +| Flag | Description | +|------------------|-----------------------------------------------------------------------------------| +| `--namespace` | Indicates the namespace of the respective `BackupConfiguration` or `BackupBatch`. | +| `--backupconfig` | Name of the `BackupConfiguration`. | +| `--backupbatch` | Name of the `BackupBatch`. | + +**Format:** + +```bash +kubectl stash pause backup [flags] +``` + +**Example:** + +```bash +$ kubectl stash pause backup --namespace=demo --backupconfig=my-config +``` + +### Resume Backup +To resume a backup you have to provide the `BackupConfiguration` name or `BackupBatch` name by using flags. The available flags are: + +| Flag | Description | +|------------------|-----------------------------------------------------------------------------------| +| `--namespace` | Indicates the namespace of the respective `BackupConfiguration` or `BackupBatch`. | +| `--backupconfig` | Name of the `BackupConfiguration`. | +| `--backupbatch` | Name of the `BackupBatch`. | + +**Format:** + +```bash +kubectl stash resume backup [flags] +``` + +**Example:** + +```bash +$ kubectl stash resume backup --namespace=demo --backupconfig==my-config +``` + +## Debug Command +`kubectl stash debug` command is used to debug stash resources. This command describes the necessary resources and shows logs from the related pods which makes the debugging process quicker and easier. + +### Debug Backup +To debug a backup you have to provide the BackupConfiguration name or BackupBatch name by using flags. The available flags are: + +| Flag | Description | +|------------------|-----------------------------------------------------------------------------------| +| `--namespace` | Indicates the namespace of the respective `BackupConfiguration` or `BackupBatch`. | +| `--backupconfig` | Name of the `BackupConfiguration`. | +| `--backupbatch` | Name of the `BackupBatch`. | + + +**Format:** + +```bash +kubectl stash debug backup [flags] +``` + +**Example:** + +```bash +$ kubectl stash debug backup --namespace=demo --backupconfig=my-config +``` + +### Debug Restore + +To debug a restore you have to provide the `RestoreSession` name or `RestoreBatch` name by using flags. The available flags are: + +| Flag | Description | +|--------------------|--------------------------------------------------------------------------------| +| `--namespace` | Indicates the namespace of the respective `RestoreSession` or `RestoreBatch.` | +| `--restoresession` | Name of the `RestoreSession`. | +| `--restorebatch` | Name of the `RestoreBatch`. | + + +**Format:** + +```bash +kubectl stash debug restore [flags] +``` + +**Example:** + +```bash +$ kubectl stash debug restore --namespace=demo --restoresession=my-restore +``` diff --git a/docs/guides/hooks/_index.md b/docs/guides/hooks/_index.md new file mode 100644 index 0000000..0ef6d55 --- /dev/null +++ b/docs/guides/hooks/_index.md @@ -0,0 +1,10 @@ +--- +title: Backup and Restore Hooks | Stash +menu: + docs_{{ .version }}: + identifier: hooks + name: Hooks + parent: guides + weight: 115 +menu_name: docs_{{ .version }} +--- diff --git a/docs/guides/hooks/backup-and-restore-hooks/examples/post_backup_hook_demo.yaml b/docs/guides/hooks/backup-and-restore-hooks/examples/post_backup_hook_demo.yaml new file mode 100644 index 0000000..32cb284 --- /dev/null +++ b/docs/guides/hooks/backup-and-restore-hooks/examples/post_backup_hook_demo.yaml @@ -0,0 +1,35 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: backup-hook-demo + namespace: demo +spec: + schedule: "*/5 * * * *" + task: + name: mysql-backup-8.0.14 + repository: + name: gcs-repo + hooks: + preBackup: + exec: + command: + - /bin/sh + - -c + - mysql -u root --password=$MYSQL_ROOT_PASSWORD -e "SET GLOBAL super_read_only = ON;" + containerName: mysql # KubeDB uses "mysql" name for MySQL database container. If you haven't used KubeDB, change this according to your setup. + postBackup: + exec: + command: + - /bin/sh + - -c + - mysql -u root --password=$MYSQL_ROOT_PASSWORD -e "SET GLOBAL super_read_only = OFF;" + containerName: mysql + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-mysql + retentionPolicy: + name: keep-last-5 + keepLast: 5 + prune: true diff --git a/docs/guides/hooks/backup-and-restore-hooks/examples/post_restore_hook_demo.yaml b/docs/guides/hooks/backup-and-restore-hooks/examples/post_restore_hook_demo.yaml new file mode 100644 index 0000000..ff39230 --- /dev/null +++ b/docs/guides/hooks/backup-and-restore-hooks/examples/post_restore_hook_demo.yaml @@ -0,0 +1,25 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: RestoreSession +metadata: + name: post-restore-hook-demo + namespace: demo +spec: + task: + name: mysql-restore-8.0.14 + repository: + name: gcs-repo + hooks: + postRestore: + exec: + command: + - /bin/sh + - -c + - mysql -u root --password=$MYSQL_ROOT_PASSWORD -e "RENAME TABLE companyRecord.employee TO companyRecord.salaryRecord;" + containerName: mysql + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-mysql + rules: + - snapshots: [latest] diff --git a/docs/guides/hooks/backup-and-restore-hooks/examples/pre_backup_hook_demo.yaml b/docs/guides/hooks/backup-and-restore-hooks/examples/pre_backup_hook_demo.yaml new file mode 100644 index 0000000..c444b5d --- /dev/null +++ b/docs/guides/hooks/backup-and-restore-hooks/examples/pre_backup_hook_demo.yaml @@ -0,0 +1,28 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: backup-hook-demo + namespace: demo +spec: + schedule: "*/5 * * * *" + task: + name: mysql-backup-8.0.14 + repository: + name: gcs-repo + hooks: + preBackup: + exec: + command: + - /bin/sh + - -c + - mysql -u root --password=$MYSQL_ROOT_PASSWORD -e "SET GLOBAL super_read_only = ON;" + containerName: mysql # KubeDB uses "mysql" name for MySQL database container. If you haven't used KubeDB, change this according to your setup. + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-mysql + retentionPolicy: + name: keep-last-5 + keepLast: 5 + prune: true diff --git a/docs/guides/hooks/backup-and-restore-hooks/examples/pre_restore_hook_demo.yaml b/docs/guides/hooks/backup-and-restore-hooks/examples/pre_restore_hook_demo.yaml new file mode 100644 index 0000000..4b66781 --- /dev/null +++ b/docs/guides/hooks/backup-and-restore-hooks/examples/pre_restore_hook_demo.yaml @@ -0,0 +1,25 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: RestoreSession +metadata: + name: pre-restore-hook-demo + namespace: demo +spec: + task: + name: mysql-restore-8.0.14 + repository: + name: gcs-repo + hooks: + preRestore: + exec: + command: + - /bin/sh + - -c + - mysql -u root --password=$MYSQL_ROOT_PASSWORD -e "DROP DATABASE companyRecord;" + containerName: mysql + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-mysql + rules: + - snapshots: [latest] diff --git a/docs/guides/hooks/backup-and-restore-hooks/examples/repository.yaml b/docs/guides/hooks/backup-and-restore-hooks/examples/repository.yaml new file mode 100644 index 0000000..00327bd --- /dev/null +++ b/docs/guides/hooks/backup-and-restore-hooks/examples/repository.yaml @@ -0,0 +1,11 @@ +apiVersion: stash.appscode.com/v1alpha1 +kind: Repository +metadata: + name: gcs-repo + namespace: demo +spec: + backend: + gcs: + bucket: appscode-qa + prefix: /demo/mysql/hook-example + storageSecretName: gcs-secret diff --git a/docs/guides/hooks/backup-and-restore-hooks/examples/sample-mysql.yaml b/docs/guides/hooks/backup-and-restore-hooks/examples/sample-mysql.yaml new file mode 100644 index 0000000..c20ed4c --- /dev/null +++ b/docs/guides/hooks/backup-and-restore-hooks/examples/sample-mysql.yaml @@ -0,0 +1,16 @@ +apiVersion: kubedb.com/v1alpha2 +kind: MySQL +metadata: + name: sample-mysql + namespace: demo +spec: + version: 8.0.27 + replicas: 1 + storageType: Durable + storage: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + terminationPolicy: WipeOut diff --git a/docs/guides/hooks/backup-and-restore-hooks/index.md b/docs/guides/hooks/backup-and-restore-hooks/index.md new file mode 100644 index 0000000..e76d6a4 --- /dev/null +++ b/docs/guides/hooks/backup-and-restore-hooks/index.md @@ -0,0 +1,730 @@ +--- +title: Backup & Restore Hooks | Stash +menu: + docs_{{ .version }}: + identifier: backup-and-restore-hooks + name: Backup & Restore Hooks + parent: hooks + weight: 20 +product_name: kubestash +menu_name: docs_{{ .version }} +section_menu_id: guides +--- + +# Backup & Restore Hooks + +Stash hooks let you perform some actions before and after the backup or restore process. This is particularly helpful when you want to prepare your application before backup or restore. + +Here, we are going to demonstrate how you can perform different actions before and after backup and restore a MySQL database. Some of the examples might not reflect the real-world use cases but it serves the sole purpose of demonstrating what is possible. + +> Note that, this is an advanced concept. If you haven't tried the normal backup restore processes yet, we will recommend to try them first. + +## Before You Begin + +- At first, you need to have a Kubernetes cluster, and the `kubectl` command-line tool must be configured to communicate with your cluster. If you do not already have a cluster, you can create one by using [kind](https://kind.sigs.k8s.io/docs/user/quick-start/). +- Install Stash in your cluster following the steps [here](/docs/setup/install/stash/index.md). +- Install [KubeDB](https://kubedb.com) in your cluster following the steps [here](https://kubedb.com/docs/latest/setup/). This step is optional. You can deploy your database using any method you want. We are using KubeDB because KubeDB simplifies many of the difficult or tedious management tasks of running production-grade databases on private and public clouds. +- If you are not familiar with how Stash backup and restore MySQL databases, please check the following guide [here](/docs/addons/mysql/overview/index.md). +- Also, if you haven't read about how hooks work in Stash, please check it from [here](/docs/guides/hooks/overview/index.md). + +You should be familiar with the following `Stash` concepts: + +- [BackupConfiguration](/docs/concepts/crds/backupconfiguration/index.md) +- [BackupSession](/docs/concepts/crds/backupsession/index.md) +- [Repository](/docs/concepts/crds/repository/index.md) +- [Function](/docs/concepts/crds/function/index.md) +- [Task](/docs/concepts/crds/task/index.md) +- [AppBinding](/docs/concepts/crds/appbinding/index.md) + +To keep everything isolated, we are going to use a separate namespace called `demo` throughout this tutorial. + +```bash +$ kubectl create ns demo +namespace/demo created +``` + +## Prepare Database + +At first, let's deploy a MySQL database. Here, we are going to deploy MySQL `8.0.14` using KubeDB. We are going to insert some sample data into the database so that we can verify that the backup and restore process is working properly. + +**Deploy Database:** + +Below is the `MySQL` CR(Custom Resource) that we are going to create, + +```yaml +apiVersion: kubedb.com/v1alpha2 +kind: MySQL +metadata: + name: sample-mysql + namespace: demo +spec: + version: 8.0.27 + replicas: 1 + storageType: Durable + storage: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + terminationPolicy: WipeOut +``` + +Let's create the above `MySQL` CR, + +```bash +$ kubectl apply -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/guides/hooks/backup-and-restore-hooks/examples/sample-mysql.yaml +mysql.kubedb.com/sample-mysql created +``` + +KubeDB will deploy a MySQL database according to the above specification. It will also create the necessary Secrets and Services to access the database. + +Wait for the database to go into `Running` state, + +```bash +$ kubectl get mysql -n demo -w +NAME VERSION STATUS AGE +sample-mysql 8.0.14 Creating 5s +sample-mysql 8.0.14 Running 2m7s +``` + +**Verify Database Secret:** + +Verify that KubeDB has created a Secret for the database. + +```bash +$ kubectl get secret -n demo -l=app.kubernetes.io/instance=sample-mysql +NAME TYPE DATA AGE +sample-mysql-auth Opaque 2 5m7s +``` + +**Verify AppBinding:** + +KubeDB creates an `AppBinding` CR that holds the necessary information to connect with the database. Verify that the `AppBinding` has been created for the above database: + +```bash +$ kubectl get appbindings -n demo -l=app.kubernetes.io/instance=sample-mysql +NAME TYPE VERSION AGE +sample-mysql kubedb.com/mysql 8.0.14 66s +``` + +If you check the YAML of the `AppBinding`, you will see the connection information and respective Secret reference to access the database is presents in `spec` section. + +```bash +$ kubectl get appbindings sample-mysql -n demo -o yaml +``` + +```yaml +apiVersion: appcatalog.appscode.com/v1alpha1 +kind: AppBinding +metadata: + creationTimestamp: "2020-01-16T10:28:00Z" + generation: 1 + labels: + app.kubernetes.io/component: database + app.kubernetes.io/instance: sample-mysql + app.kubernetes.io/managed-by: kubedb.com + app.kubernetes.io/name: mysql + app.kubernetes.io/version: 8.0.14 + kubedb.com/kind: MySQL + app.kubernetes.io/instance: sample-mysql + name: sample-mysql + namespace: demo +spec: + clientConfig: + service: + name: sample-mysql + path: / + port: 3306 + scheme: mysql + url: tcp(sample-mysql:3306)/ + secret: + name: sample-mysql-auth + type: kubedb.com/mysql + version: 8.0.14 +``` + +**Insert Sample Data:** + +Now, let's insert some sample data into the above database. Here, we are going to `exec` into the database pod and create a database named `companyRecord`. Then, we are going to create a table named `employee` which will store employee's id, name and salary information. Then, we are going to insert a sample row in the table. + +At first, let's export the database credentials as environment variables in our current shell so that we can use those variables to access the database instead of typing username and password every time. + +```bash +# export username from the database secret +$ export MYSQL_USER=$(kubectl get secret -n demo sample-mysql-auth -o jsonpath='{.data.username}'| base64 -d) + +# verify that the username has been exported properly +$ echo $MYSQL_USER +root + +# export the password from the database secret +$ export MYSQL_PASSWORD=$(kubectl get secret -n demo sample-mysql-auth -o jsonpath='{.data.password}'| base64 -d) + +# verify that the password has been exported properly +$ echo $MYSQL_PASSWORD +CWg2hru8b0Yu7dzS +``` + +Now, let's identify the database pod, + +```bash +$ kubectl get pods -n demo --selector="app.kubernetes.io/instance=sample-mysql" +NAME READY STATUS RESTARTS AGE +sample-mysql-0 1/1 Running 0 6m50s +``` + +Let's `exec` into the database pod and insert sample data, + +```bash +$ kubectl exec -it -n demo sample-mysql-0 -- mysql --user=$MYSQL_USER --password=$MYSQL_PASSWORD + +mysql: [Warning] Using a password on the command line interface can be insecure. +Welcome to the MySQL monitor. Commands end with ; or \g. +Your MySQL connection id is 131 +Server version: 8.0.14 MySQL Community Server - GPL + +Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved. + +Oracle is a registered trademark of Oracle Corporation and/or its +affiliates. Other names may be trademarks of their respective +owners. + +Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. + +# create database named "companyRecord" +mysql> CREATE DATABASE companyRecord; +Query OK, 1 row affected (0.01 sec) + +# verify that the database has been created +mysql> SHOW DATABASES; ++--------------------+ +| Database | ++--------------------+ +| companyRecord | +| information_schema | +| mysql | +| performance_schema | +| sys | ++--------------------+ +5 rows in set (0.00 sec) + +# create a table called "employee" in "companyRecord" database +mysql> CREATE TABLE companyRecord.employee (id INT, name VARCHAR(50), salary INT, PRIMARY KEY(id)); +Query OK, 0 rows affected (0.05 sec) + +# insert a demo data into the table +mysql> INSERT INTO companyRecord.employee (id, name, salary) VALUES (1, "John Doe", 5000); +Query OK, 1 row affected (0.01 sec) + +# verify that the data has been inserted +mysql> SELECT * FROM companyRecord.employee; ++----+----------+--------+ +| id | name | salary | ++----+----------+--------+ +| 1 | John Doe | 5000 | ++----+----------+--------+ +1 row in set (0.00 sec) + +mysql> exit +Bye +``` + +### Prepare Backend + +We are going to store our backed up data into a GCS bucket. At first, we need to create a secret with GCS credentials then we need to create a `Repository` CR. If you want to use a different backend, please read the respective backend configuration doc from [here](/docs/guides/backends/overview/index.md). + +**Create Storage Secret:** + +Let's create a secret called `gcs-secret` with access credentials to our desired GCS bucket, + +```bash +$ echo -n 'changeit' > RESTIC_PASSWORD +$ echo -n '' > GOOGLE_PROJECT_ID +$ cat /path/to/downloaded-sa-key.json > GOOGLE_SERVICE_ACCOUNT_JSON_KEY +$ kubectl create secret generic -n demo gcs-secret \ + --from-file=./RESTIC_PASSWORD \ + --from-file=./GOOGLE_PROJECT_ID \ + --from-file=./GOOGLE_SERVICE_ACCOUNT_JSON_KEY +secret/gcs-secret created +``` + +**Create Repository:** + +Now, create a `Repository` using this secret. Below is the YAML of Repository CR we are going to create, + +```yaml +apiVersion: stash.appscode.com/v1alpha1 +kind: Repository +metadata: + name: gcs-repo + namespace: demo +spec: + backend: + gcs: + bucket: appscode-qa + prefix: /demo/mysql/hook-example + storageSecretName: gcs-secret +``` + +Let's create the `Repository` we have shown above, + +```bash +$ kubectl apply -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/guides/hooks/backup-and-restore-hooks/examples/repository.yaml +repository.stash.appscode.com/gcs-repo created +``` + +Now, we are ready to backup our database into our desired backend. + +## Backup + +In this section, we are going to demonstrate `preBackup` hook and `postBackup` hook. We are going to make MySQL database read-only in `preBackup` hook so that no write operation happens in the database during backup. Then, we are going to make the database writable in `postBackup` hook so that the application can write again into the database. + +### PreBackup Hook + +At first, we are going to set `super_read_only` flag `ON` in `preBackup` hook which will make the database read-only. However, we won't set this flag `OFF` in `postBackup` so that we can verify that the hook has been executed. + +**Create BackupConfiguration:** + +Below is the YAML of the `BackupConfiguration` CR with `preBackup` hook configured to make the database read-only before backup, + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: backup-hook-demo + namespace: demo +spec: + schedule: "*/5 * * * *" + task: + name: mysql-backup-8.0.14 + repository: + name: gcs-repo + hooks: + preBackup: + exec: + command: + - /bin/sh + - -c + - mysql -u root --password=$MYSQL_ROOT_PASSWORD -e "SET GLOBAL super_read_only = ON;" + containerName: mysql # KubeDB uses "mysql" name for MySQL database container. If you haven't used KubeDB, change this according to your setup. + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-mysql + retentionPolicy: + name: keep-last-5 + keepLast: 5 + prune: true +``` + +Let's create the above `BackupConfiguration`, + +```bash +$ kubectl apply -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/guides/hooks/backup-and-restore-hooks/examples/pre_backup_hook_demo.yaml +backupconfiguration.stash.appscode.com/backup-hook-demo created +``` + +**Verify CronJob:** + +If everything goes well, Stash will create a CronJob with the schedule specified in `spec.schedule` field of the `BackupConfiguration` CR. + +```bash +$ kubectl get cronjob -n demo +NAME SCHEDULE SUSPEND ACTIVE LAST SCHEDULE AGE +stash-backup-backup-hook-demo */5 * * * * False 0 74s +``` + +**Wait for BackupSession:** + +The `stash-backup-backup-hook-demo` CronJob will trigger a backup on each scheduled slot by creating a `BackupSession` CR. + +Wait for a schedule to appear. Run the following command to watch `BackupSession` CR, + +```bash +$ kubectl get backupsession -n demo -w + +NAME INVOKER-TYPE INVOKER-NAME PHASE AGE +backup-hook-demo-1579179002 BackupConfiguration backup-hook-demo Running 10s +backup-hook-demo-1579179002 BackupConfiguration backup-hook-demo Running 52s +backup-hook-demo-1579179002 BackupConfiguration backup-hook-demo Succeeded 86s +``` + +Here, the phase `Succeeded` means that the backup process has been completed successfully. + +**Verify Backup:** + +Once a backup is completed, Stash will update the respective `Repository` CR to reflect the backup completion. Check that the repository `gcs-repo` has been updated by the following command, + +```bash +$ kubectl get repository -n demo gcs-repo +NAME INTEGRITY SIZE SNAPSHOT-COUNT LAST-SUCCESSFUL-BACKUP AGE +gcs-repo true 1 75s 55m +``` + +Here, `SNAPSHOT-COUNT` 1 indicates that one snapshot has been taken for the targeted database. + +**Verify PreBackup Hook Executed:** + +If the `preBackup` hook executes successfully, the database will be marked as read-only. In this situation, if we try to make a write operation into the database, it should reject the operation. However, the database should serve the read operations without any problem. + +Let's verify that the database is read-only by trying to execute a write operation, + +```bash +$ kubectl exec -it -n demo sample-mysql-0 -- mysql --user=$MYSQL_USER --password=$MYSQL_PASSWORD -e "CREATE DATABASE read-OnlyTest;" +mysql: [Warning] Using a password on the command line interface can be insecure. +ERROR 1290 (HY000) at line 1: The MySQL server is running with the --super-read-only option so it cannot execute this statement +command terminated with exit code 1 +``` + +Here, the error message clearly states the database is now read-only. Let's try to execute a read operation. + +```bash +$ kubectl exec -it -n demo sample-mysql-0 -- mysql --user=$MYSQL_USER --password=$MYSQL_PASSWORD -e "SELECT * FROM companyRecord.employee;" +mysql: [Warning] Using a password on the command line interface can be insecure. ++----+----------+--------+ +| id | name | salary | ++----+----------+--------+ +| 1 | John Doe | 5000 | ++----+----------+--------+ +``` + +So, we can see that the database can serve read-only queries without any problem. + +### PostBackup Hook + +Now, let's update the `BackupConfiguration` CR and add a `postBackup` hook that set `super_read_only` flag to `OFF`. So, the database should be writable again from the next backup. + +**Update BackupConfiguration:** + +Below is the YAML for the updated `BackupConfiguration` CR with `postBackup` hook. + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: BackupConfiguration +metadata: + name: backup-hook-demo + namespace: demo +spec: + schedule: "*/5 * * * *" + task: + name: mysql-backup-8.0.14 + repository: + name: gcs-repo + hooks: + preBackup: + exec: + command: + - /bin/sh + - -c + - mysql -u root --password=$MYSQL_ROOT_PASSWORD -e "SET GLOBAL super_read_only = ON;" + containerName: mysql # KubeDB uses "mysql" name for MySQL database container. If you haven't used KubeDB, change this according to your setup. + postBackup: + exec: + command: + - /bin/sh + - -c + - mysql -u root --password=$MYSQL_ROOT_PASSWORD -e "SET GLOBAL super_read_only = OFF;" + containerName: mysql + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-mysql + retentionPolicy: + name: keep-last-5 + keepLast: 5 + prune: true +``` + +Let's apply the update, + +```bash +$ kubectl apply -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/guides/hooks/backup-and-restore-hooks/examples/post_backup_hook_demo.yaml +backupconfiguration.stash.appscode.com/backup-hook-demo configured +``` + +**Wait for Next BackupSession:** + +Now, wait for the next backup slot, + +```bash +$ kubectl get backupsession -n demo -w + +NAME INVOKER-TYPE INVOKER-NAME PHASE AGE +backup-hook-demo-1579179002 BackupConfiguration backup-hook-demo Succeeded 7m8s +backup-hook-demo-1579179905 BackupConfiguration backup-hook-demo Running 12s +backup-hook-demo-1579179905 BackupConfiguration backup-hook-demo Running 8s +backup-hook-demo-1579179905 BackupConfiguration backup-hook-demo Succeeded 63s +``` + +**Verify PostBackup Hook Executed:** + +If the `postBackup` hook has been executed successfully, the database should be writable again. Let's try to execute a write operation to verify that the database writable, + +```bash +$ kubectl exec -it -n demo sample-mysql-0 -- mysql --user=$MYSQL_USER --password=$MYSQL_PASSWORD -e "CREATE DATABASE postBackupHookTest;" +mysql: [Warning] Using a password on the command line interface can be insecure. +``` + +Verify the test database has been created successfully, + +```bash +$ kubectl exec -it -n demo sample-mysql-0 -- mysql --user=$MYSQL_USER --password=CWg2hru8b0Yu7dzS -e "SHOW DATABASES;" + +mysql: [Warning] Using a password on the command line interface can be insecure. ++--------------------+ +| Database | ++--------------------+ +| companyRecord | +| information_schema | +| mysql | +| performance_schema | +| postBackupHookTest | +| sys | ++--------------------+ +``` + +So, we can see the database is writable again after the backup. + +## Restore + +In this section, we are going to demonstrate `preRestore` and `postRestore` hooks. Here, we are going to delete corrupted data in `preRestore` hook and apply some migration on the database in `postRestore` hook. + +**Pause Backup:** + +At first, let stop the backup so that no new backup happens during the restore process. Let's set `spec.paused` section of `BackupConfiguration` to `true` which will stop taking further scheduled backup. + +```bash +$ kubectl patch backupconfiguration -n demo backup-hook-demo --type="merge" --patch='{"spec": {"paused": true}}' +backupconfiguration.stash.appscode.com/backup-hook-demo patched +``` + +It should suspend the respective CronJob which is responsible for triggering backup at a scheduled slot. Let's verify that the CronJob has been suspended. + +```bash +$ kubectl get cronjob -n demo +NAME SCHEDULE SUSPEND ACTIVE LAST SCHEDULE AGE +stash-backup-backup-hook-demo */5 * * * * True 0 5m13s 29m +``` + +**Simulate Disaster Scenario:** + +Now, let's simulate a disaster scenario. Here, we are going to delete the `companyRecord` database before restoring so that we can verify that the data has been restored from backup. + +```bash +$ kubectl exec -it -n demo sample-mysql-0 -- mysql --user=$MYSQL_USER --password=$MYSQL_PASSWORD -e "DROP DATABASE companyRecord;" +mysql: [Warning] Using a password on the command line interface can be insecure. +``` + +Verify that the database has been deleted, + +```bash +$ kubectl exec -it -n demo sample-mysql-0 -- mysql --user=$MYSQL_USER --password=$MYSQL_PASSWORD -e "SHOW DATABASES;" +mysql: [Warning] Using a password on the command line interface can be insecure. ++--------------------+ +| Database | ++--------------------+ +| information_schema | +| mysql | +| performance_schema | +| postBackupHookTest | +| sys | ++--------------------+ +``` + +So, we can see from the above output that the database `companyRecord` has been deleted from the MySQL server. + +### PreRestore Hook + +Here, we are going to configure `preRestore` hook to delete the corrupted database. Stash will remove the corrupted database first, then it will restore the database from the backup. + +**Create RestoreSession:** + +Below is the YAML for `RestoreSession` with `preRestore` hook configured to drop the `companyRecord` database before restoring from backup. + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: RestoreSession +metadata: + name: pre-restore-hook-demo + namespace: demo +spec: + task: + name: mysql-restore-8.0.14 + repository: + name: gcs-repo + hooks: + preRestore: + exec: + command: + - /bin/sh + - -c + - mysql -u root --password=$MYSQL_ROOT_PASSWORD -e "DROP DATABASE companyRecord;" + containerName: mysql + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-mysql + rules: + - snapshots: [latest] +``` + +Let's create the above `RestoreSession`, + +```bash +$ kubectl apply -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/guides/hooks/backup-and-restore-hooks/examples/pre_restore_hook_demo.yaml +restoresession.stash.appscode.com/pre-restore-hook-demo created +``` + +**Wait for Restore to Complete:** + +Now, wait for the restore process to complete, + +```bash +$ kubectl get restoresession -n demo -w +NAME REPOSITORY PHASE AGE +pre-restore-hook-demo gcs-repo Running 10s +pre-restore-hook-demo gcs-repo Running 42s +pre-restore-hook-demo gcs-repo Succeeded 42s +``` + +Here, `RestoreSession` phase `Succeeded` means the restore process has been completed successfully. + +**Verify Restored Data:** + +Verify that the data has been restored successfully, + +```bash +$ kubectl exec -it -n demo sample-mysql-0 -- mysql --user=$MYSQL_USER --password=$MYSQL_PASSWORD -e "SELECT * FROM companyRecord.employee;" +mysql: [Warning] Using a password on the command line interface can be insecure. ++----+----------+--------+ +| id | name | salary | ++----+----------+--------+ +| 1 | John Doe | 5000 | ++----+----------+--------+ +``` + +So, we can see that the data we had deleted from the `employee` table has been restored. + +### PostRestore Hook + +Now, let's consider that you want to perform some migration on the database during the restore process. You want to rename the `employee` table into `salaryRecord` as it holds the employee's salary information. You can configure a `postRestore` hook to perform the task automatically. + +**Drop Old Database:** + +Let's delete the old database `companyRecord` before restoring so that we can verify that the data has been restored from backup. + +```bash +$ kubectl exec -it -n demo sample-mysql-0 -- mysql --user=$MYSQL_USER --password=$MYSQL_PASSWORD -e "DROP DATABASE companyRecord;" +mysql: [Warning] Using a password on the command line interface can be insecure. +``` + +Verify that the database has been deleted, + +```bash +$ kubectl exec -it -n demo sample-mysql-0 -- mysql --user=$MYSQL_USER --password=$MYSQL_PASSWORD -e "SHOW DATABASES;" +mysql: [Warning] Using a password on the command line interface can be insecure. ++--------------------+ +| Database | ++--------------------+ +| information_schema | +| mysql | +| performance_schema | +| postBackupHookTest | +| sys | ++--------------------+ +``` + +**Create RestoreSession:** + +Below is the YAML of the `RestoreSession` with `postRestore` hook configured to rename the `employee` table into `salaryRecord`. + +```yaml +apiVersion: stash.appscode.com/v1beta1 +kind: RestoreSession +metadata: + name: post-restore-hook-demo + namespace: demo +spec: + task: + name: mysql-restore-8.0.14 + repository: + name: gcs-repo + hooks: + postRestore: + exec: + command: + - /bin/sh + - -c + - mysql -u root --password=$MYSQL_ROOT_PASSWORD -e "RENAME TABLE companyRecord.employee TO companyRecord.salaryRecord;" + containerName: mysql + target: + ref: + apiVersion: appcatalog.appscode.com/v1alpha1 + kind: AppBinding + name: sample-mysql + rules: + - snapshots: [latest] +``` + +Let's create the above `RestoreSession`, + +```bash +$ kubectl apply -f https://github.com/kubestash/docs/raw/{{< param "info.version" >}}/docs/guides/hooks/backup-and-restore-hooks/examples/post_restore_hook_demo.yaml +restoresession.stash.appscode.com/post-restore-hook-demo created +``` + +**Wait for Restore process to Complete:** + +Now, wait for the restore process to complete, + +```bash +$ kubectl get restoresession -n demo post-restore-hook-demo -w +NAME REPOSITORY PHASE AGE +post-restore-hook-demo gcs-repo Running 12s +post-restore-hook-demo gcs-repo Running 29s +post-restore-hook-demo gcs-repo Succeeded 29s +``` + +**Verify Restored Data:** + +Verify that the `companyRecord` database has been restored and the `employee` table has been renamed to `salaryRecord`. + +```bash +$ kubectl exec -it -n demo sample-mysql-0 -- mysql --user=$MYSQL_USER --password=$MYSQL_PASSWORD -e "SHOW TABLES IN companyRecord;" +mysql: [Warning] Using a password on the command line interface can be insecure. ++-------------------------+ +| Tables_in_companyRecord | ++-------------------------+ +| salaryRecord | ++-------------------------+ +``` + +Let's check `salaryRecord` table contains the original data of the `employee` table, + +```bash +$ kubectl exec -it -n demo sample-mysql-0 -- mysql --user=$MYSQL_USER --password=$MYSQL_PASSWORD -e "SELECT * FROM companyRecord.salaryRecord;" +mysql: [Warning] Using a password on the command line interface can be insecure. ++----+----------+--------+ +| id | name | salary | ++----+----------+--------+ +| 1 | John Doe | 5000 | ++----+----------+--------+ +``` + +So, we can see that the `postRestore` hook successfully performed migration on the restored database. + +## Cleanup + +To cleanup the Kubernetes resources created by this tutorial, run: + +```bash +kubectl delete -n demo restoresession pre-restore-hook-demo post-restore-hook-demo +kubectl delete -n demo backupconfiguration backup-hook-demo +kubectl delete -n demo repository gcs-repo +kubectl delete -n demo secret gcs-secret +kubectl delete -n demo mysql sample-mysql +``` diff --git a/docs/guides/hooks/batch-backup/examples/repository.yaml b/docs/guides/hooks/batch-backup/examples/repository.yaml new file mode 100644 index 0000000..7354160 --- /dev/null +++ b/docs/guides/hooks/batch-backup/examples/repository.yaml @@ -0,0 +1,11 @@ +apiVersion: stash.appscode.com/v1alpha1 +kind: Repository +metadata: + name: gcs-repo + namespace: demo +spec: + backend: + gcs: + bucket: appscode-qa + prefix: /demo/batch-backup/hook-example + storageSecretName: gcs-secret diff --git a/docs/guides/hooks/batch-backup/examples/wordpress-backup.yaml b/docs/guides/hooks/batch-backup/examples/wordpress-backup.yaml new file mode 100644 index 0000000..a8995a2 --- /dev/null +++ b/docs/guides/hooks/batch-backup/examples/wordpress-backup.yaml @@ -0,0 +1,77 @@ +apiVersion: stash.appscode.com/v1beta1 +kind: BackupBatch +metadata: + name: wordpress-backup + namespace: demo +spec: + repository: + name: gcs-repo + schedule: "*/3 * * * *" + members: + - target: + alias: db + ref: + apiVersion: apps/v1 + kind: AppBinding + name: wordpress-mysql + task: + name: mysql-backup-8.0.14 + - target: + alias: app + ref: + apiVersion: apps/v1 + kind: Deployment + name: wordpress-deployment + volumeMounts: + - name: web + mountPath: /var/www/html + paths: + - /var/www/html + hooks: + preBackup: + httpPost: + host: hooks.slack.com + path: /services/TXXXXX/BXXXXXXX/XXXXXXXXXXXXXXXXXXXXXXX + port: 443 + scheme: HTTPS + httpHeaders: + - name: Content-Type + value: application/json + body: '{ + "blocks": [ + { + "type": "divider" + }, + { + "type": "section", + "text": { + "type": "mrkdwn", + "text": "Backup started for *wordpress-backup*.\n *Targets:*\n- deployment/wordpress-deployment\n- mysql/wordpress-mysql" + } + } + ] + }' + postBackup: + httpPost: + host: hooks.slack.com + path: /services/TXXXXX/BXXXXXXX/XXXXXXXXXXXXXXXXXXXXXXX + port: 443 + scheme: HTTPS + httpHeaders: + - name: Content-Type + value: application/json + body: '{ + "blocks": [ + { + "type": "section", + "text": { + "type": "mrkdwn", + "text": "Backup has been completed for *wordpress-backup*." + } + } + ] + }' + retentionPolicy: + name: 'keep-last-5' + keepLast: 5 + prune: true diff --git a/docs/guides/hooks/batch-backup/examples/wordpress-deployment.yaml b/docs/guides/hooks/batch-backup/examples/wordpress-deployment.yaml new file mode 100644 index 0000000..8fb48e2 --- /dev/null +++ b/docs/guides/hooks/batch-backup/examples/wordpress-deployment.yaml @@ -0,0 +1,60 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: wordpress-pvc + namespace: demo + labels: + app: wordpress +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: wordpress-deployment + namespace: demo + labels: + app: wordpress +spec: + selector: + matchLabels: + app: wordpress + tier: frontend + strategy: + type: Recreate + template: + metadata: + labels: + app: wordpress + tier: frontend + spec: + containers: + - image: wordpress:5.3.2-apache + name: wordpress + env: + - name: WORDPRESS_DB_HOST + value: wordpress-mysql + - name: WORDPRESS_DB_PASSWORD + valueFrom: + secretKeyRef: + name: wordpress-mysql-auth + key: password + - name: WORDPRESS_DB_USER + valueFrom: + secretKeyRef: + name: wordpress-mysql-auth + key: username + ports: + - containerPort: 80 + name: wordpress + volumeMounts: + - name: web + mountPath: /var/www/html + volumes: + - name: web + persistentVolumeClaim: + claimName: wordpress-pvc diff --git a/docs/guides/hooks/batch-backup/examples/wordpress-mysql.yaml b/docs/guides/hooks/batch-backup/examples/wordpress-mysql.yaml new file mode 100644 index 0000000..99f8057 --- /dev/null +++ b/docs/guides/hooks/batch-backup/examples/wordpress-mysql.yaml @@ -0,0 +1,20 @@ +apiVersion: kubedb.com/v1alpha2 +kind: MySQL +metadata: + name: wordpress-mysql + namespace: demo +spec: + version: 8.0.27 + replicas: 1 + storageType: Durable + storage: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + podTemplate: + spec: + args: + - --default-authentication-plugin=mysql_native_password # without this flag the wordpress will not connect with newer version of MySQL + terminationPolicy: WipeOut diff --git a/docs/guides/hooks/batch-backup/images/notification.png b/docs/guides/hooks/batch-backup/images/notification.png new file mode 100644 index 0000000000000000000000000000000000000000..64a3ab4d4d0d503f257424dc2d647ee97e686753 GIT binary patch literal 77029 zcmc$_by!tv7d^U=5-9=cQV>v5x|EI%} zSU~Br&wo50Imo5UrKO^!L?M!uaoWEv@?&Qhv!J%j%m4Qj@7uxE>PegWI`f}CI1=pN z*Z;n(Jv3)YsL6_}O0QDoFV00z&7sIrGJXHg2ewSXb>2K-A+Y}AN&~O*HHp2J@zOBv zT)Ir^y}Ew*ewu*u=QWizavNd$f$`GI!$o#BHa1q)QgvE1f1!QRe~+OzW+zgyvScrU zDq@&0(O*DYDD4(Qfb(2cQC<*ko~@QTkD5r`?N?dW$*PrJcCMftIZfN_gG(MUDcfq! zQ1LKwdK7(QtGmP0fB}2CTBx4LwxEvGth|~LzRi5|pCYv& zv>-$$%rj3r77_dI>gERH+p7P+?QSX$r6CjSEgw(lB|t#Wj4kk+eyT(+)yB*{l*J>J zJz{3zH326Am%X0V)JVouLG;eBGhj$n7>nSOhh$;~+dVPRpk{{IWJMI}?33~){H zCCr~VY%PBODs|}UzxgnUR-Mcm&H7k$E!L1LENV#Ul)^w&LMDe=*~!pt%Rj+4%p4w! zLc}I7D-lWqf3H<>Ygx*f^vA<)PJo0@m#c9i;49df&iatCo!o2M6;781;)aF>6ok)j z{$JlrhUwpiRF9dHQ&_+*KGfezdnUNGmK_;g89gPVg${8K+BQ4zDN8GkcaOfg(*D>U zA}#|fBQ{l9)@V#4Nn?1>{zV7XwEPd0HX%1QGNDjaZRKU{)juCM`%wMpvf{(*egXNy zzPg3c-(P#2n3{AbsSBJwqd!fK|EzH}adeVl4=pVl2gfls)MeyU6^LreCWuEyMLTM~ zQ)o;T6_W9?*R~&?PMg``g7EYiTfDy~S2Q?^NOa6gxqLY62n-04j^o!YY{p?AJ>0Fy z+SQ$+k)lRKV`d`#Kwm2AJz8AeD_p6DjIn?Ec%#7F+WBQj2;8Kw_PBsnw@zEY`?_pZ{ zTcs66PkN7ATH6pYIDZ@d?z?38z*=r|J-4>HTApG=H=?w1B`OE60w1d~c*wLc&w=&2 zgskLeE{O+&O@x1BQ@*#lzN@uLaZ2D%b#z8mEX&`1Nbt7EWS>d$&1le5P4pDBF}$cW zyW~B3M|&jfdR!R35oi%wo=>@-uE?B}M^%w5!|{H`^xg<2R|_|2|f^6BbA z;ahKEtU`+;Q6UyKHqk}z(eXdZ8mifpG$Qeh#A^zawBP@M%wd;{Xlw-$33%vf&@&}& z2(KZy&GMl~ydUzV@S!&;Ri|Q0%_}Z|hd3!T$}w^-85T+T=2K*IJ*-cAC3~Luz8@-t z~xlJ+^&z7Q6jJfYe_=NnQo4x2Sel9(CcfW=vVQDH$C(PX^rQ zI9I2m^z#Bn;&%X93H~3!+_rOFu*|ft?oZs!yFN}pS*vVePVVCIU1%qwmZ zZeVH9BYudQkoym8tgl}0lxHp&H+URx88^Q|*m1Y`TKm<`pqTzFcg!66=sY#Oa%V{P z+n_uMS(4N0qKU%8Ka^x<(cbrS`RAtmhlT80zd^Wl;|4-AX89@Msh0kwaki3#?+G3C zJl{{g3l90?tYgzHHV1Q9U^uX=f*9^kV*IcXY;I%KwC}=A_X>5!+c%Y-^H_o`{xpcX z`>p(LW@p#XY`0a$h21jlTI?=e;>{guWu~>O*?;x$jh+&QMrips^F(2ZWk4OV%)TWZ zH>*}*b4*%*zN$SAbaZlzspoadbfR)wkawZrmY4(&t;JfcWYKbcmJMzij!9f#N0mMo zX&0dyRz9<=k zrF~0k%Po{TzwdrY5wwxhTlcXpPHwEMC6#IAt$i2w2Tjv-lq@(93LWBF;{bQ*_8Q${ zVvsX^LcNX6`2HIMMhq;i4?`hTOqk5nlGH}n#>r}2%)5m2Bz3|%bBG<+9iLLvvW+OP zGBDrhV6c-7h$e(M+J$dVls9B)PYJ6DY8vj&Srgn4eAo;QMDrRQAAU2Y#dc`zEhMy> zL5xfzNj;{UV~#%j#J4}I8WbBS?Q!_wcZQ(qYEgGb@7q44?@!S{@lzMhYpQB$$m3bp zu+Wj2Hzi%_q0>dK9>}GQ*B&n^EUVaAUxgD2f;n_pz!EBjeLp_%=I3X>H1o9dtZY17 z96g

    BRpy-WjY@71=1`I0B@~Tv*VsBVi`3-g2MO5HmJ9^CL0F!*#$wOik=`L?|&K zaZE16DasSfTtCp~ZmD7dy zT{C?vMAVN$he{*aTawZc^E~?HOWL%8LJP*uxncX3%q1~Y)P9mtOej1uK}SWEBKOU# zl*%V{1r?2npYT3a=McXR(-hmo?}*jN_2{*J(Krx@9sV7xOo?&lbf4``k&hDp5YSlC zH1~PN-tbhOd;XUNS$`SxINr^dTS|6(is^ZhdO|`1_%HC3HFEDtSr?kEd@d4+EOvZ| zLqvC(<#SUt_|Xz0QnR7EmJgef}KqSs-TjMsvq7-;z{T@Q0#g-LbxK+_gDoHa<>_09 zfRNwo|HtLiNdsh2U;fA1t3UmpWbOAf*cj-fL*lsp=ed*njdiBy{Dsn1G67dH4vBPK z8dZb)al1Ee%v1eYa31;RT+hq&R25<{ZT0k4n;Mm0JE-}4mIiWVflQMAdi zB(B5l`1i1!V^}Aj|5)V_V@53ZpCU?yDK01E@YJ0geiGT2rpCLE7#XE1ON=>X!KrL;3c&rW;r33F_1U~g=_4{VR zh`4pkF#|HfT^Gt*cYrstH&Wj98l4K;Iy&Mq+uP@MJ*P6t^jpj~a+Bcjs2{X6)b;Bg zyKe0cZ#D9x{Z*fSf67&owA^6d*|v+JCZ~O0qy4{K9|xz5pfu%?=o?2+nP2$AvnabqrG#5pNARde|DGwzP%PO=(jm!Jp0x8JUl#h26mRYcZY|Bw|AGRVd!C0v4Q{fqk~*|0j>+|M@Hi; zg+cP%5ai2V8lk%&9P&h)+o|#0=6(2x(1xv332lDE3Vz)4=$7Q8rJc5;Li7O1ZG|K9 z`nS%|%eOS!3+7%wE z>R`=p{$ThfS02`Yar~ME0s4L#WQ=X>KZHkuiz7Dp^}km5OQ@*olJC}tqdR^i0b&|1 zTR=*0nkWq9+h!s*AG%QPdN_DpU#3`YS{(njgls6e#jvy+RxCPOrM(9E8TB(30y>&& zIv2{;7HOY{$?K8~y+*g=Z`=!WW~YUAUo6Oz3WNKc=M_edCL8~xzacso66ulU68 zi4oj?(f5>CMHmV`5j}2Rd@m!lFOa6f8h9v|tycNWyI@P_$B-^5T4Ls;S_tX?vl$KHaJ6S@~C)%5T=^=Q1>}$uDd@qQp(HQP4+(|hyC=0#c zd!uS`GKz||Rn6}@T+3Q0Sjz5L|7~E+q zq;%srXFcF6RZ>k|ZNB}>e4}>fvXG>RqKt1V6^pqWIn8~p(J+t;!(2Ju2fmMS zKeCFl(zDY$@J_img#zyqdJ~!`y(SzdqAH@gzy61)b;W2PBsw3<{Hhqfb|NgWPmJ@? zmweE>z27(G92{-$%&M)ucIw~V&9!A=uOtXNn91KIPbMzvL`nniu?dv1fIiwN;CvUxP z>&uEFW~Pu}X;BKP3-U*76rB^nHatCjlg^h($m;$u+=2m9Pld2@V9#Lgg_D*i+ z$)_%chaE7!pePuHNq~5L;;Vz}qRZ*s;aHO|Ng90;@jbk}b%18*0b#%WO*U*8E~hP6rY47Vrk5gM^&~fR=s)N+%3bqK8#d1aw%a zJ-a>juJ%gd2v?7ad`xSj+N+tr=3(h~de92!U3e%1CBEx%xTb?F)vz?VIlPn$l~b5h z*uYwX^(}Si6c?A;(`kqm%_T$`L4-*7NUCLihWU}|oHpc`7OsaMB|BPK4iXYYi!b#Q-Po<(*VcPIqQt|%ObU(ana2G=AKl7Lxmsg|o<4n+x05$_ z(JW&++%-t7q@s##&lcAPlW8EDX&TmK&lBFZAs^e3z2_C5A!=*!;$NO=Q?mL!PeSGk z!A+WkOil53aaoN6P^P;#dXEeL(6T|}s*?-IHR#ZYONz8M2P4nBhN2oGNLQ4?4Bsr` z8ofkJ7{Te|3O=LmlMq=KjrAnFNYHqQ4S+f>W6EaF&RG#Q#wI&?$YlR{2oCnWfz5LC z>ZjA{x)H#`tU1ivJmf` z2^H3B4fq6v1i=i!DOnv`D>FD>#3>SKJvJF3HS&EG0%L`_I45a7Z}0!-S_E{e2+CK^ zt0d`px_9B1Nkj?FsSnVqVih)3tw;Upyb*mh5=JiE3@Uk&P3piG1I3fk+-e_f+zx)r zuwikpZ9tt2Qo&?02ct6IjUz|#8YuH5!rtA>uN2x2YQb2g46O` z`r1deG1wD`RCRS32vC6iQ;5UL*~zUkJnvmCi=qQoP@I{Cm4%HJ&YF8%DmWUEY~M&q z)YV#3r00n$oyD5uex9aY)K}Wh%ciJd}MXRV%h=qmx)k zjcGracSaBc4U` zQRlQF(pbEC_7o{VBG8Uuf0u=o4TEYM=DmiUn}O_)&~&!Mj+pQmvwX~+;yX-FzdLCY zDUAP!7nzf%zv@Df=0mRW_#4Pa8A(nz(McS)pd_Cv2o8GLhsWow3o>(At&JIzpJelz z3|vC*47HJxgjRgp@(Uwe2=X70b&FZ4A7W^~&H0qi_d{Mo6Wg1@^D=_>eP;e{zWMo> zcFhNao5C~lNA5bOgQ|!IOnU{r;({VcZOJ6793B~kF_m5BUvjb*vO+qrP!x8Ilz7nT z@hK*f=bh(@qM@-!HZ=TaxVvu(6A?P-l@OH7sB54(wEMU24*Lj!MTP>B1~OiV+%Zy+ zd27sJJk#~oWz}Il;I|OXHGXZpLvR_rP1gp9n`eTT?YXY7XVR^!D)X*F_Xh(;18@g@ z!sMwF?Ov~!Nbv&NAlm53=#Kji7Or#vau5RzEztNresq2w`vUg`j`D71LShOs1XPbo zM6=VA57@#RW zc*z=oJo;(37@|u^-A5B?7^%zSE}_#J+b1!AzoJh`{Yp?fx81_TxM@&+T)w}rpBz(t zpeSujz=XWNbC4Jra@#%>9Q^h?_X%Z3!@)?oe`eta=JL185`r^*F{L=d6vA0X6b_0G znv;=Cfzdp3o!mxSgyGB(h^iV;7mk z)YQ~;8KSGHsY!02k1Su1{|&c$OfIM3r(SY$r0ugZxJedvkMhr*kK=`A)lAR440&tqcAfZ~)Pb)vxLu9UY^iqZJq5!XI(7b8|hC zPYjvjcL;V!NJ!>%N*POqIR#u_TnE%={Hd|aysRBceKJ$1*5~B7*s5mx7^b47wR^B3 z`yw(YCucF2?B>G&=};;^RZi(YuBJC#GJyt+m#Gm9mK_}#s8vpzxVwDo!|9*>5eQIG zkdes~O7xmZ%vg?mEFY)1c5gY|*YZ+R_1?d4`HYDEMrUSbW^RDb>n3~*c&>Bn;W06j z7yGleaPt9yArg|Z2|R90)91Fgb^DLYDZCz{oK+XLmS$$I=LPfJet*m97S%W4A09qM zM@RH6=%voMUTTF!^H<{4 z(fb|<#EG*&@UPM&HP+3`7w>h!{GR!9i z64fRt&-07Nk9MVYtQz#x8 z0#WDb<&~M4f&A_R#tFuaAznnw`cpu6AKDGy+z+XnEd?w%1UAsMY(6l=wrjf zaV+MF{gE+@2;4^2)?OEL8VBOCvZ2-0F70gr4Glb$k#Fhfc!yn=qTVXKLFXqUTQTV# z0GaXo_iu0loSdA62CAo0p>xeXk2@2Ea;vFeZQkLbfH#0M+-A<%-L0NG zj60fOXwQ|Dl8R-}N(m2_*VL5Uhm}`S@;EwzneHDN;&-{wc6Gg~cR2*%Ze(PHfKIZ< zG?wl2_&~Y|lmOGA6t~pV(2x*1YU-8M)!m8u*y!kqB8_tQ%L7!%@=^VEYb0}T&#G7Z z%T@029G}wVyZ_Ass8#+GF`Hky0)|V9kGu?4c7>sUkU)3{A0K~Zt~RHWa>c_!L1EK&JNWtGvAYFQXpJ1G^`^eSNkI4Q`JQ_vM>|X!uND`mJni7OI?P4A1Kl1lEOc6TTzhZ2}gsXnVWA%s)5 z92^{b{J-?X#ow^9I(3|2x4*Q?N=hOE`Z7!`tZWj8fq^;9;;;KJ5fPYSA|xXtBXh0& ze{a(K{LT2xCRWpRUxE8ukK45N)lACCiS>BYrMs)kbT_70dZTN1*WTgpjX|$zk8jcI z{^s21Zt2tK+lzhj#E_7X{I~hwuAAGyW;OTDbTG-|@({a;;WgG@Y(1m-D{}tkAPW8b zSx7FooFzP3;-&ZR7f63pzPTK|z7N3r31CfBH8lPI}|8`Tl`phw*ye>%3qB z1_q|MobP*BSSpwCPDmPIMn*<5PtI}vw1Y`(OiWI8wjBqNgp{@#{0HxVJAPGwAk<3b>u5J!kO?Xy54I6a`d zU+mRh_*kNoaG6-!igp6fg7il+ zL~P3!WK;Q)_n7dFBCgpYZx1h$hvr`Owze)W+Ooi5+qP;Yy2p7I3{26H(N|lD<~)+ zd~Wr^dQA`_x)zCd7Q>b06@}05@qvQWmh{AklPlSqbBRgeX?$X$Tq++g4ULqJPV$zM zo!yV||$L__Y_Lq=Ew$W`za2DEvqK5DA=Clr+dV@TF z?(OZd*-lGKb8~WHV`Jaf?#e-VB_+)+hYM>xkq-9ueEo>d&dvb-ptS7lb*8be!LZPJ zeEQgS)YHH0&)fbgmGB+Wx$bM#WGUko{Q!vj# z>;LqkZND}V(l;}DN(Yazwz*lob1V24dT=*uYCMaGTwPsrWKu;{g#i&@U|^t1br$qz zfP>oG+mrab65=+hyxZI*>CQCfa0ygY)a>+_qEau9OR1=fu5(`+BO0)_<>{qJ*=(IKT z_N+Iw>~F>lgKyndKXPbjXheMvSQ*1zAp}5l(8k9oXE;MJT~bi+4C<7_BgMy;5ROCb z2ayI+P+3f@%Q&ZRJYT7n9sO?!X=W)381`x1ZJ&bDN~V~~926D7)XR^U7)k`6TTzt> zx@u2~r%1?uy?}(Yw3iwfDrzbYmk+b*w5mcvu+ve`W0!XBf@iC3Ncp|*w7x}HB3@!q zynOkd(~O*!wtxO^Q0@h2t=Y@flM9LhN-2_(k}@(g0EYL^M@K}I9r)}H-lksiA2Pfe zX)O-{V4be_1gxK$imED``}h_JqaPUj{QL)n%Tkh(Q7@vQ7K^y(>S}iUM@2(J!?}UF z8Lk6L|F-1O&iu zaZylKQWBDFo8nU-WV8D7%K(;jh7;g785!A{$=-am%gI_#u~Oc}eWNYFKq}d!fDmg| zeIY}`mCg`CbYiY{;=k_MFhjvA^C89!Co3D9s_-970@=`%WiF{~cZ!3IF$yppcLtil6$|mX~_M%xfmyrefy1 zuNfIjKXt z@iAZyywI09lvk@HK|HEIwaxYQUs6-gO!~qBSOHWR=lS!OiE~}+35kgeNzL!s5DC!l z>OKe)XEY2)!78y;v8_4E%Rjff#^2r^%k{X}yWYG1YGiD@IgseWxwMMGb|PCg?4Di8 zTDivZ4@MxlP7>XGMSA+QyQhbuK^lT&WMn8PC?I{N`043s=$+%1Jm6)$w0d1_ZRBh@ z>kau?Sy|>|Ag}p!#O2@c@Z8;9pBg3fN#mYa;2#*kV(L+S^Y`C0+KfYGBo}Mjr7kxa z;&R$~p^;U~QBSK=r>rBy%S?WnO8)qwiQ(+{qSkxW9f%%zNJjQ{cBQ$wRQQ`0*s~0@ zv^*Yzd#hccSTX>MO<>15C%;X%@c2CNxLlX&w?472vkVLj1cMDH;YL%1cfCGY-xx^z%kw(_X{pBk@|_b*T?)vz z$-D2@GeD6+46b0VeEKc#txv<(W|o3FcN<4mb5bpiafoJMe>tKN}00C%51p$XMpwfyu`A9 zUb{JzibbA#xjkmu`Wt>_Wd&S_lZy+Ld%QHI8v~`{@4hd9LC;K27i*W66%o1}AN*~5J4;_rq{)rsTRDJ`5bUpFW-PcQX=g&u2 zhS`?}ubpRItWulxy|qji;}a56nm_7_Z>_#_1d;o2MwtcDlh5OVmf~uEgCVZj>bh*m zhLC~bFd|zjNhb-HUh_|(8UtCkN%@BlhMAd}@u<>500=)1@u=xl-~0LbZ89WP|EfrH z_Wa92o1Gs;LY(ta3E4ckSS|p`3uN9Bj8%~JWiK%Rr{dYo%l zixDr_X?Id4g=e~}i)zPC8MJ^(N|6;66+eEATp_LUdkn93kB|c-JGwj_8XDT%+ypuR zDX;t47bL7aHywlNGUJPj3qYU2GJ+t1gNKifj`l|(X0n{5UFoaK%QKVzIQ(#bOHNL9 zdU^`~74H1}j7lzrXVMNNK-gyeP_DK;tX};+CMG5z73icq4VbPJeDqBjJ+_pZimcLOxXsh#}BO!1)pnF#f73?|c%kqN#ICSdIyA0NL>a#2@T zH!(2*d?qd~uBxi)Yj#I4K63zLCB^I4cSE;gVq%C02%S8EZ(a2uqVUK_W;V7IPD>Ne z*3?eDp{4aaogC2NcA0PVsBUP`R#dca@r4=7kt1YreeOc=Pjtw#NHNk_prjw>{imh; zZzk`P>A>IG2p0bT>}>OHA2k_}Cw2LBEzYoB)wZHjx2X~9itKN}#p^P84|#d5GS$fP!59b>eo@BJ)}8eRd1h*nQ7AxgWsa(`3W5+yL+EP4XcB^c_^v%HfTRg z7(022?!1>0Y3zILGfhGWxJ`ro5`KrCa?i2V!nEYYlanfcW0-4t4!vM?KWsXg+P|zW z$$_`wX%xtbMVXp`AaGd={m7+uWt`5BTl;=mxg^QTql#p8GYM+q!e%3(B5I1T2hnrq zftMt_mMkHnu)f=UIsADjdM8s6>$kBwl69`k3`PfaoWi*51j&5HJ!{A%gZ?-RoW$$v zOMCAn{;Y#GTFF4 z2@RnV{gMM^DQ1n_AK4lBotVD}e_?Yij*W_5`^W(Xy?k_ML`;Wg6JiI`4(m&8PgW%E z{O-(=wx1O|qd_l@YjkF-tpMsIN-A4JZ6L*KG8TvP{^hYf{+~z?gmZYJUgPx&oxyf| zKaYed!ZNg|b2sSU9lN1$)W(28#p6NYLjOG21}#C!qSB{FN1pb-vSj2Ac;YkI2PWoF zA>norM-(SPhB<@sKPSB>)LzP9Nf2l7U|XyoXXhMr`0P2E8L=SD4847gvdz{?M2E=% z>=!tmp3D~hw}aNFRaATu$|DMF#5TRWxUHsPLoXWhX^7OG`1%zHKBnK#CQR9sS(B0{ zZ{(OvrQ0AE{`2qZ#ZSrX8=x-*pL>(|E zU{bn`QWuw{E+Js<>Dmxj960@PY_Ea{M&MyB_bnKhSi`qTop8}7h47e0gFVhT<8^uY zO+3RRV~`uyE)4Lki?sfSWWmbMXRYAj5Pr-vbT^LYO!us zMGW98%+JS%NVGjZj&0&#EPv!MXBg9@uuC7=MnNEk5)u<;5@I<7LL0aOlJv``+u;IR z+aO<{yd3B|C^17HIg-wq*;p90>cCGIY8?K{RQ_DqB-XBMQ20xoc#r5v<~_A_6y~RD zO13|ab$;voMPo1?jBbpy=uh(%GXoQPUm0d0s4TeG_$P^-(~+w&Bg@YN$1g1$j4f3# zWif9-;TKGe#cq0CO$d;Pj0l*hhTahyJcDHVbJ!Uco(HY0ZyF!HGjrr(q!gYBQiWGn z)K&y17b1!k`y!|jmk<|csBcIsJbEbkbKPV^?Wtph(?Wx}+b8k2Z{N;n&LD3vq_sa5 znhYga^NlAFShsyS#`-pko(slh(kdz(kJ4Igz+h!411>&(epa62<^{1u7y5~a+(>mm zXsD{9@(Is@#Qv2?gZp{!N8j}Fa%Pv09|VYHjfFc z!)%pxXJ==fms4b9Wd3}r*{0XksT2^-jhM{9mw|5D=m?OURidtKv)#P>g8e_GpJ^H` zJ)N^3@gGMKcM9D|E|nFPso%Uwb54`JE&Cv>z@E9Z+Jd-P5IF6~|I#X{FtegT84RR5 zb(r!oyT!Xf`n)5WGICzIx3Y)LgVWL#s*|csXE%m+-lZ0#Dg?Z3CUg)Wn3sic}0O(BU>hfx32h;i}cX6;MI|YmS%BNl$;px?T8=FfJ&TwyL7y zwa;om=y&=ze{bUM$t-3^FQGq8Ubjd?SSSb|K#vHHfP;fmjB~usRX+N&!>|-6nj>Pl zVH59YEEZ#3Z_c&>dFI7&J3>BEx|Mf1F~-IyPmw_NN(3q2S<59jo7ldB`B^=+tYLfP89TU@$p3Dg5qC)=XJ>yf>Q0<9ug= z>wXikzlpgy=@93yXBB6IkFMz%8JO2^6s4tuXFk<^^7ZwdC{)$b)bw^AcKXuxRB|oV z=K%oM&!0d4-NSfp7kbY9?QNj7%g{Fq=^anb*II7=7C~lZVaX%5-i`3T)^h^FzV$I%hn|AM z7&s3On}heA-?#pZd`M4E2g+dE_q@bizoCU((YK+LxoR@%0~4^55o~h<)kJHSaqN7Py!=QwOE_gxHpQJ+vSgX^$e#^!Ox!uYk`rWp`joq zh1aAOO&-57cH4w*eCx8k*`;6wiD#wV8F@CQlH@(LXiO zZYI2@orIs>zlMW@W3!ow`|)FWe;*Yxl}+vG?VYJ`!#XCEYj1m+8z>7<9o#{)2f7I| z(~7c+3~kzx!Tc5=W&tdBuX88ZA;=U9L2JZ%Mmk7>_Usv#>r&dMrccK$F?!8FGcKYn zW*KMwhK64UmguB^8?=R>!HLI9G_$Y>b;P@Vc?W~xlCX7lYugOl@-k8Yfc@#bmPPHK zxIcEGt1PUnAt)g@^y+cR=f|WDK)9*M9|KR`;-B5_4mI=LVwnJMeSNVEk#?|NpZ}`UW8h5(2M71J=TnoTDZG}>nlqbX^hm%G ztSS$aO`R?`$<4`%(CHWb+teVQk*4JqZf|FhHJi)Y8&2kjSp)LG+SK!5!b6dq${kGR zR@2ozDE$M=<({a+;nO-dr!A$lJEpc%=ro~qxffp!HV7z{!eh5d)ghH3-|9M_m%pNt zOUm-hX}U3RzWR0t%vexdYZ(#^%BO(`zh)e6y^naYxA1|tpNpKl&8{dj=iA1zkiUwG z@>`EzOH29`BH3SJk>&(OJCJexHBgn*l&Z_ik>t^(H zECw#~eNs!YFoNVCKVYCjwGv9cxXQ{(B}zF785wxr@hD{q5egTVOJ>tSJVL_4{DNuq z*}0mBV>LCLAg7Zx32ts~Fwr;PR99{?=zeqdcEs4!wA%aL9pdo1VY%GR&dM`NvxOj< zn36a)Cjuz^(BfpMtIJb(7|N50G!0*KBgzOOHb$h``s5!`!aLA_z;tGT(Sh)m(1c1^&=mS{O z?e#D`~D33?($YE5Iu3h2cZ)79*&5JsDEGp{F*j3GScB_ zNdWk_z;J+`V`8rC?a|WHdjqFj$R7=;htjER_Ye0BBuq`eeto>FIR<`VVzm|Drq|$1 z=Se}^GPBba62wp(cre^99Gw@t_Vj%+laK_gJo6b!9ma&46OadeNpv^h*^^nc{k20RG^L%<4!9Unh_m;GlV3e)yP;nZqgS6C(q zw~WR0&+zEzO81E!jdByWlp|$jMeS10jv!nH%^_4Pw%Ly9b+6Xj%&yRz)XS-n5is|G z1QashY6DVDM@{K|HM|U71Xi_PqkHt8&SkR`hz&$^675?1^)^IwwIX$a_RIZwmz}kI zBrGb|l%tCBN??d}MboHt*Zzdl=JejX>Q$j>l=bkca|70NVoXdGK#S(fM;)M701+3! zeMVt2RWorSoApeYTTpg(c5Lhvkhg#g$r0+*KV*xK^|ixLCYeh`R(EhW3U^(>aZBI| zz-!FT?k?%W=1~NN)KA^UI^$EEGIo&g0}}%yBgeqF`_LK8x$L$AJPU0HA6<~2SI4WI zR)au{e3-dco185I@EiF^sX;qw7}mj{+knSscs2Y=Xmc=8OHc1`_w<;$zPr17JZhZN zVIv#^)2$`f3tT%GV+sCEpxQH4rZC6@b8ofP$w#e7MT4Fj{Fjb+AxhZ*yOFk9gtmC#lv!(^-rb zr?02yEg!x2Wy-vOfB+~uKKJKS;7BlORaMS2eM;*cs1Pu zwG)YjIP zOv&~2>sOc-Fn<9kGc0s}bE$RG3bwSTqprSQE`bFJ`ttQ_58S~iHVrkkXfU4LMnC?N zZ*p>SUf$LZa{_4M>G6fl&S$3Ru3ORT=Sz80WTeFlLck`JO`;O`$G zU&_h~ii&t#mzKchtPMS<#j$L%|>GqYV`Vv@K6ES$E_6(1r>7hA#nAmdK$XpOK}pG>(@aozX*sBCm9q_QB}eUeP#A#&^x2<=VY>bP32`}HuFs)cce0Ma{OL571h<%U$fz%t*xy$-87(X z^LkwLgEW}!(gGyD#ytAR4+T&NfvZ?+HbMqinVp>-6doH(^*~svUL=#qR$E(3r`r&x zt_Ji}nP8c_`+HmlUC*mw17LO^9+u?gJ%vC!1U?AfC`?(c+vpA;_UP#7dHic6q`;QK zPwkR`f}Ne8fByXW_VREjIWjdh73_$|r43ko=p7T&$^iusFTl=$b9D9az{;FJC!E}w zoBB(*aJ#hBHGwPa;pR3mIr$73nL(>*uX@o33lsARL`awjt^{;(+?Va`HM^3k(U7xs~H%Jj`8a@&ebd!S2F-5)_r6zYXvKOt-vG z*(mkAJ{jVBX8+2%w4y9HC@eB6>UF|4{&pe|c&!HuG*cN8xnsD1Y{tcL=(j**f|(-#c)L%Rfa!97fA4d9&(6ok z2LXFqK}m@`C8Gqy1ZbY>z%&li$@XmUl^F^F%T{^G3(i%wt%7R$j#aTRV`Jk$H4QmA z+r2-fP_cAwhWE;u@y^}^cjZec-AL0Vc%qmkgP?coLg>fB5(kT1i? zNQ-qF6I|UvZ}$Wi7NkU=^(qb?UR-$i$D4k0EiEnR9Xoq$bfnH+DaV^PW_MS|z&di| z(h(OAD2sgUS?54man85579ADLih6O^uMeva*q> zB`zTrAs!xw+ldib7Z?g08;jKQ<$wFuy!{9R@RX9DKXI_JDR2dE_6XQ*{-~>|ZGtTS zg9IiK)HT%)fC2dJG?+Wx1=7E-J8ut*TO0HQwiqyzV0!tdifcX|a( zHyHiy@K=Dk507}K-Sax%l15g!bI&oS*`AT|h<>RzCi%Qw$QBhHW#HFNY z-n_wMHbIFO${iC6!%t3*mceH&6iRmy1cX33N+^{8ym(!{0`!b&s|!$pS;tueniVod zfw#UAO9-IV&;}#@fayB+MJ>1(#VSEAeFNsNGKk2=YS`262X6U2F7YRYC*h$hY0QE%v{8)b*cjnCWN!jq8VYD5 z7d5)*)EC}PBmXJI9am|2^2RV-<9)cHfUOC7)CtuIdTHsF>S;qpP6neNJhmy-JJr`-Hj5`-EGj_ozmT1-}brh=ly;Eely>^ z@67AKjH7T}*Lj|M?{%zW9qU+#5Lit>jX0BuW;irI3;T38lFnmiT5rkbV7_5*%-47* zSzAQ~8;Iy25a{&2>9HC0FJE|hDuc=-(BKpYs>gcgxUOEv-eWb-!56T}B>w82&Igcm zFpUS4e&dK!ZfUKUs!pGe4ooo6&}^UYPC*~Q3*zDNPB_wvpf?}F=HyBV=6wh3#-8=? z<6j*?WP4`fLtJbu{yKLE){lsmeL(ycAX=!(cyl@ak zBpLX{Zik?^tr&Y#E~>WfD(T*1l0YHoSObIxJmaJ7?Kxk|AqdnoWh4V3AL&5otL~B) z6qTBY41uyB90bG!tb|V>JI^2>4eUK?vp(G#A%l|GU0)=l!a(5LCpVYk?_X!M`|*5w zHGvMWVeP(pd#w8fAVyfbK8BMc_&mVh_uM9BWDvQwy`CEa8BZs7IO$_FEMA+Eii-F} zIY?49%jz<8tOeK5&)Myn|xUNj`SxfKz<_}z*ME8B5i zA8^kOn|x@(#r2;*G0@9ey^*=h~WaM6;01E8X3bxr5*;g?0_^A(4n>zKK@ zIqQW+N2;wsuuY`;-lyWF0#2g<-{aTuc64`}umQti?2wGQE3U_g?3w|fZCrYEe*Jo& znaj-=C}?|!y2%nk4B8BdoHV;{kO&=nEk7kwhYqvrAOLBLV#c z*0;6$pctXrT-NM*-#IuKfj8pFFDr*N9T%ta%39qxQSy zDvU0|PtiODCtHkQDs*Sfrt#^@Q+Np}qmI zKu)rp*O3H|7Zj`va1dbd6*&zq0KdKN_>=BLa_zfJDv+8J33|BPspYl)iH?b*rP)6r zZYo`@;9JE%K*^V41_v7r_`Kj$6shx5qX1bQ;P1exWq=S3l)<;*8FTsYpeSnaPFfnJ z;o0+GPgh*0goFfkyl}1ah%a}GbmZjZe0;Y@(Z5kqQ31gVl$M@U#BCS1N?Cvv`(Ek< zFyzG$MX_;yNeK{dbl)g}cw)Nb-0ZWB6Bo1eyWnKG)3% zS$dq?fMXsU%ygggFPMugg_4Ssk7ZFInV?#GpOgpA;FKAcZp?_DO03PyWAS_>$?4E{v<=ROIsiyhmD%$CxmGE^Yd~8p%*o%WUoWl4b9g1cU{8G7`b!=It80nRjCjgrYk^%w&yExC|tTI5b z;jgl982uOk90<4+0D*aUc@;i^YivB<1z9K`xJH1o`CX1aJ~UsCd8LaZWdmXl3mx6% z`i~(1M~;r?faK23%E}kf?pj?_6rIU0DjG`W+XP_}g#Abtf)!9R*iMuL;2V@E@&fEs z6%;B#xpksQ6`;FTa6W+4ZmkTKu82A>CkNmmAf1AThtJ?~4``&o0b8Lm#7;(L06bS{ z8L%{M);BG`6VlGMM)bk&9mXzcqE$@}4}VqhR!~wq1CS9E3plyBrY0t%Bh|faLEaic zEVQ`vRj4bo`cQ!ld}1~(woKkHzn>T`i5aIbb^s+Jm*xE1K`|hR&rC|123#t*6pv(W zvnU{R4+sd@Y#9W7Pf^4h@Awa3=j$6APL7X30x_7z5v$QfNkXy=5DEz-KcGtEf1>u$;R*n7Q3rAtNRx?vjrHycJoU-R%U!kqSw}O?hKVV?#1emsp55 zDp=5QaWCyKyaBTfKu0{CikGW#2D9ET9~fAbQZ-jV$N~9Unt;30zzzohi0OOFHzynY zqKS(R0P^N$yoWx1GGq0+b9sUYy%KP%j*V3`hPQ?BDM;RCiuD3CnG?Y}w|!@Sg?=ZI zphJ>up7l~i`W`u{eLUDuAWbV)Kee6sJeb<{u{9<}K|>>Dz$WzzGWP83v}`Kpe)E(o zha(5%0#f1izQjlZL00`vl#7y9w_#A@Lwxp3=e&h?)M{-{y~;9RE-o=KH6>XgA!nEW zBnb2gfV64N?T_Ze^lN(hJ0P-O`5iEn&Ijt=-+;n$q0$vOwkM6%Fyu=^M`O({;Ap-2 zPhW|k%j%~=!s6lqdpRlmrmS5>dx^nqCg$d48Z{tl(Q#5v_Vx7{d`04+3JJ8X*LN1D zIz#~vzz^a1h0Wm`DxxQ868;bF78Vwa+Kp@5+YJWCFCgYuAD8!62Q+A`dgEw7+OM?5hapPsMh!r2yKnQX9&mVq9iB(;DzpI z2zqF&b=qcb+DbqK#P$=E_1{MUX>n7u6X04w!Uj^lF=Oe?`k?U8P-G#YN0uRd`^|oE ziV~V}IE)>p=8F&_J$pvP<7NQL$)2}oK&kF@J7EcGLV2?3S)GoAb+K~cyC$oh;h=K6 zsM^frqK$q)%0F(mHCtouD#!QjuQU<;;p^A0!m_ef9lcn^x*aosXrJXUmywpvAL z$8)^spRrx#<=9J=SWN@1Bmfw!c7@}hqXQyE$YpD}%&N_4J_QzEGZhq&`crs9HGXcK zfrCueyMG3BNdbHZ0b|%80y8_%CUtUR=ZxljA*0qf-Vc~nAe`o5{BWV|P`O>1%4*mP zszX$ADg7UrZ!QlH!Q-?&c$=t0=};lk*w|3|U|CaS9%yUzccTK{03U_f#L8@=-T}Wa zrN&%`s#VZ)hds83;1iDlpe@%3gMWV1YPGxm@fjAZQ*b+C5)TwPtI!f=5` zqx`(QsnK}_Wo<{cONIQ;%VC#3sse}J@Yq-rp@Vx{*F*kRe)%x-)2Cnl z{-Aba97&LJkxDv`=LV>{vE#{TYR)bEUYMUJfDnDT!JC0Y6|`poZmaF?mXUb2 zFV(n$|FCYY*?J+6T?@J01+BhCKGThfPv&sg8U~Dy_oez2kmeLnm(~CA{GxmUM86od zWQ@A4^F0_QOCz8j^e}xQVWvS_B*~U6{Tn6#^qOt2MX~v#|3Q=hve{wp4*;2g7+~Cg zcOh0c($>ArmS<>SKp^35_;s0!nT;(pIG6|2*gzUFIyNTiE1JNhX=P%cGOM!AFt&8|M5yT`X8_4|36>WPs0Z^6BB3G7M%Y~ zz3Y#`vwUi+=}95T>lOajBf-=7stfDhIc|cJ;W*@B{m3sd*>Ic}g7U4c=C*F7y-U1@ z!~|C_0tNf1bHyDT=*fdM#vNG-I!5i8rZ{U9=pIr+8aG;t?g#l@kb4yy%d&r4# zlsUFa8@(uKTlBl-MkgPRO&vNTeBibl5{cXBa#YHr)14`}St2!hTke*&L?y$|C;7VG z#Ega(Ixk9>FL|~V*9POAJ-rq9*&FI~)rn!Zqt zz{c3ol<&5;qD$+_R*o!{+j-=)-F1IJC42nOV4@CS0{l z%t&%SZ!q5bbq~>9uzPwzuI{_RvQGjDn3#M0ltS-h^rf^nd5MYI=;#a0rVov3e{!{U zPADlwMdFPJu-DZFw)F_HxHDht;)xU!OjwVuAP`x7CxqoY3YI-AqctpL*d>fV;LO3P zxzRnqFYT4Jvh(b)F#}uVo7L(rF2=TFe`-LAo2i&-It=eD{45n$rrYBQ-EYSS-Z@=h zt`e>(PF_S_G$Dr!-K3mj#G@A!6z7V6J@_mgh%%8o70Hq0Njqx3@UjHeJ}R)<_5)f79s9DZSoWtOdq>3&f9 zCGBo1;pLZd0gn1wk9rv)3h2l!&F<(RHD*WL6HC%rl?|4I20B7?OPALoW1zL!wxuQZ zB$lTlIG%kx(1JImHA|D(y^PW^CY8vG3RB)ivV+VaXR zUn1^CaIp>8KBz5w8U~-Q+*+@WNsSx6mF>r66_yE+xUQoqG+Q1C~usUX*qjRoAj; z_p>|6;&p$;1m_y^kc8zczK^@%I1|qYe&5i#4ib=4ws(~f)MpxlvwTU)SYqIdF50Ew zn!Q8%<~`jdlJAz#yG*=eSn5I=h0y7waCTT9oJd{fS7D!jBPbNfU;cO>7$IHv$}->1 zV)AP;)oV^&_k#m7@!+-WG0GHki!;yKoguZ0U~!Ic22^)n26wvVzodt8_dzNW+Tw;> z?QnB_cZfK;q49k0V0}fNC{*4~r=g*AG}ss&Dt@N!$itaip3;I1ZDhE{sHhQMB#$Tm zR|`)@W*ITN^Rlsrl%>eSdKo1C5xt0R$%OTtjCYsvEo&Wu2P+N+ zZ&a?&v3~#Nij2X;q%E+5^Jxxg1UI@Z$(+7=LVrJY4JR>KYNy%t z@m1p-HG|y8F3kmQTjGJOy)UX{#mXBIz+0)E%ZJVGurI##?77YlX*9Zcp4rUA>u@+g z%oreIE`hByY2A8Z`yi>wXMf$1hiu^xISkni#5}Xvx=$LvPqG}4YMgvR z_vsCI2^}5Q;{3+X9-&KXO3mH$r;h_pOG=89%JydubBXGPIM^CsD#JE@`T=3Q_yKuS z^}(;zIH}N*d)1lNetJHK!{?E9R-3p0XgQD12)<6J{ACAy_0%}*9__K4b}`35iq1;= z^D*<*`qN@%VyI-O@=I0!EB{WRpiS)NhpWbb#sD-)Vt5|ZCx2Z_cQd98-FgR?c;((| zy?v{@Hk|I~N_;Y(=n~~l34HsS*>Ry51+e2e5kq*z zMdSzg>7;a&^={RI&@1zILsi@RnCUFdWiK4{Ik{A3V|2B5i{23-OS+{f)Yk`i&fi}lvni~-^z4-!o`PA)bMEA$X{odK=dRm=bmv*v(_r?^KoZtaxTYO;KH`b?5U+2?2nrY zcnQBHux#)bFHdn;L><;M_wgjGxR=BuJ^#!^=)%WH@G}oIADXr0Uy4n7zI2WAhJ}H* z%xc)k_@PQ=j0W#h>-7D0|Lr2|ibvLH;8ri4m@dk6!yH(~`|9uhaauVt(IB||&HJnl*&pkOf~f1yifW$@|Kb@_nS|4n zzF>7t9dSBOkOfvJ-l#!CY0Ook>Huw*mwDP*PmfnNit_6voQj*+mPFK8^bG``9_$p1 zo=jEr>&mn_S0hVbfN{%qEyT$g8NfILraXG%L*B}k76HLKTxeR3(Dcyk@y~JS+0^!p z-_6j2=S4J!gkWIx-VSF-zGm_$_WBKGAInJ#=E#W=q7#~)o zx`c<|M5J{Dd9GdUq;0|)(i`T?>hAh|efxng;a(9<5&11Gue_voMVaZ6Zos+=f3Jzi^8aAxl}kdLE*(f6 zuw(n+!q6>eEHJrCgK*jCT0w`i9iK3&|a z+VEagD@j-5Og}gueRD=+aRfIzT-T|GvHO`ZBoh!5V%x zsVRQ(LdnZbK1_~D#YY75Pqyl$ysDkPWj+a`(oYpS@}uL80un~@89$+>GkrPKx)bXv z_mG|~&!23vZ>M+Yt~-pLos4;)2pw-M z!u{JzN)&7?vOZHj-xB(?9~bH|#o^$5 z^0q48Bw_3yG7Bf@jn`h z1wHpGyK`$RFJ^ul8=&yn^RYoBMZk1Sk9~Z&|KM~HBB3Ooyewye;@0A&)wq8;)c2H} zeujk6+keIf(!QtLa=0PJsom1tLPkQq7~evIZ1s*Mk0qn)$kh2n9u01-s1lU8*g5O4 zlqSJGMi3m*ar&&v+dilyr70w-{EZ&b(HKkMC_!^Sgw=% zNAiEK#U|7`@rGZW04kAKTg?ZfNgpLwOI7~vy42RomY7jcR^XI`=TGE_F3RmrO05&+ z{n$&Ih}ot}^b0OUbR3P{@yv7G$9m~0(w2U=p2{yDqIYvB3=$T+9&FRAI}@Ci^0x6i z@uKu&uiCE2drQ(@vo>rg80_rsopdH}nh`qhOMjPh5MMqmuKs04)c2;khHX2|i!w;l zm5L?#h?++CP155<=-wPtCCta-3NxkmBg2bnnl8c~M*327vvjt*EkZ*rXTh>{qlzX# zsBQdVjC6TX#r0ziV+4+@D-|{ZmFLX+2CyLRz8c-FpXa~6cb&zGMM`huFZwHreuwHE zo2e_WtG;A$Qq!DH7V)1Ld^s@_M!ofm(2LZoNs>%MQzKTl85ZKf;t_;t%}5atcrxGf z3SLN5Lqy|yUYHN$?e>Y6j_?mg|1*nA>qDK{6j7et?kyC!VN7%57Pi-GZlvbGKb z1(R}|;`sQm0sA=fvXZdkYFAs=1Qv0glR@4F9FZHI9BjU(-#z)X>vL5M99k3rk`wg(6cj@n0nmIiSb$4>&3*mz;=*h>dhS%+wL4zS=49wM=g}P$3a-z zL=2YuJcf>I2nCaJnR9M*!Bgzj%{>KICv-Y2q^-#+ylto>oQp1Ow7K0MWEv}S_bsi& zbPdf6jGO!EcT31&=5>AJf_#dTmizkcFiRq@CEuv<+&b@j<793*JhlBcXTGmSp`KgA zi15270#(n;%}qYMAc4O8zA-v32d=8 z{D=LR$d(P+YzV;~J7J%WBL-h_2pjIcB~uCZ*4p^yZf&L|qnzUoN9A=8rI$`&Wf_m4 zvirwn#i7--;^OzO)hBv-)}!hC*mXrd2)*arGjC#*bF-ZJ;C@5@}J{ zvt@RB!l%cU4@^sIaf)QTpI2SM(5Ev``N!{eu@}4yY&?p&iIo`@8R4Na<#LE3=s

XuDNK8p804CZ` z*-dVxFxFjCdT5fDu?L@b<1`vxU8{1+bxowq-1WVj(-2 z^k(Zg?TWuHE+a{wKW`ZY>?j&7Ez9z$3l+BBVSGym>0P~bgaNc;A7B%JUo22Sd~Z?deOHk^P_`d427KI{NgRmzwuja& zq{R4BK?ec-1Y6^R>c#E|5>{}|!>zrImHnX0$~zSQ_U*1)D^#@jW-+|jrK*b2j?Ze$ z7M5W$A10X(8mb57+-&#UJA?PqU0iWMU&!;;GQ1PnREuo|9m^RmOUq-y28Uiqpz*4U z?<*hX-vS>An-gX_i~5|6>F7PoinD>qkFk9X3FcRG`<=@y3e=Ol^M3N&U>y;c=2bQv z37ZL`1p<4PO#CX3VaOuf_i=GX9H-eH%^+~&e&Jv&f^n^lw0Q?${~qi0%a&y~(Zv&b z#6Ha{kV1LTCzzr4n|nnA;}ncQnISqv{y-^{7TQr=K_d*mNe5jJLCJMKD8)3`=oP7& zDp3VXE}NX1!%4z3(V>zviyRH18&9d8aI0CTpFA_1^)oaR&3;;$+1sByfy^-we^LSO zVS7@6Tb7%RW*;Lgx7uK+_ZJ37xBsJvUt%8AI!)LrSh>XPeb6A^khRQCOy@3)PcbLZcaa+P&jzx*2TF8zF;{pjrtvMR;8 zLi0x!zvz9Uk-AphF@qsd&2N6zj)|8oD!d)+gd$f&&lH!PMfJRI1AC~9gh>Jtwkrtr z0b2OiQ*PEy{vNzu*we*<1HyPi$Glalt!c#>`g{g`^X$s}T;IYWcJgA+Gp2@1YzTwo z4o&Kkr+rXyOn0!+5Ji4Lf%Z;gj*JK&>z>tlVi;XdpxB~e;Sax$!ODsvP}b1jmn6?K23 z8Vs?M>W+zm)DroUhd$36UP9L1M8FiVW*(r-u33H6y24=<%2mp^5OXSHeR0L0%R5t07u zU&)`Zt}qe8N6S8p^a4#qB~HtIv3rd^Rk5&!c=vK?bGBxl%A7ex$|y@B7S53;@D^@y z$f6ZHttda45dY$^%{Vc@9xkiSIv;$_-Z@`J9n23=7v_h^$wda3!z2X&|3g%*o?jxx znc$q|{b(?0v0}Bu@2&fYFW_4AOWgRgb&2B0*j8=HEYy2vHD#R!KsKp=(L0fdkNZPT zaI(t{&<7i)gQ>2Zv&?n+-P9g6wmeO8y6bqHH2W^KM{}yn*PAZdieUeioE7rbrUQMC z9&0@g7+8d3yvsf!en=gP@yb1k%uhO*57E(_ULzTNdqCT8Id&autV{%v-xSM%)sx)z zdVLzM_AkAGh#llh8B}%FlYq!di8kmit}Ay-tf=1I$=1Pw_dK-w{N2*Y^XDncZ)E29 zN`__D;P4vz>L<%6m&{Q`8qSh0lS&UaSfw$t^Ht#z*Y~s0TD%X?2S^BKC71Bk;xdP7d% zb(Vx@qe1mlHSF-=B$8?Jtlpi5H*e?PUb^$*` zRAV6RLQwuja4AYF32ae*Wv(l#oEwpo7ThB8t}(bXv)m3YBY*T|mZn{ZW`bw^v`=k*(I4yoRgL}c_1Qm*EdSGp^soQNdB5Ks z0q7yNartaAe)0^Nb|I#wxU%^`VI(^ayR|ZZA8P3{m=7M!{(zT6Y-I=XaNe;n92|Ma z^E*&D{ROFnc>y_h0)Wc>X0@H0wU7E8G+FasoE-i)zv@Qm+Mhpp!h638|0ZLZgudtv zN`^rB`|AqRFHJu86;DE2Ld?rwJaDB#q?{hvO8%NxAbBRuoIJ3RpvChJD0^~&o=|Bp z2B5>hM1Jyo#sYXVE1m5hJ9EI71F{=XTz~otYxVbKf8UV5SIFOc;qTz^ceMOFFZ`V- z|1JssU$2p%MwpOT_qnU=6@Z$7Px>fpD+_?UxLS{%eGqn=@|o{tUKwXAPCjZ{(-V6E zc^Y=f=2U*(g&L8}x4%JcX!1kp%RhMvkgNL>YuZ1)0K5&X#yH1#aL3cQm$m@#He@h# z3!qV{cJI!&-5h}CQTdj7fW8miKlJ(tI1&1%Gjn18z7A$z-{b0$eIE41 zJv4U#!3*>&OMqtKDOMv$1nW|GzMa0@cZ5fF8@Bz(*p`( z*5Geo7?*-!x`ZY`TYCo=B;$rh_q5}HlDAQRu=gk$9MAX@A@El#RBzz`K-~ux^m)|e zJKEAk3B%SH8liKP9N8@UHFuqZOKow%jj= z`uD~cwG=#H-DULl6BA>$aCr3wd_eCBK(S4}Z@0CqqI+~SC$PXhH1*r4`sa1Kd&3tx z&AT5;sueBIE+0@T;Isb?fbsI8=K6b2Ky-2JaR6|Yj@D)ndDkD0>!s6sd4uL%QaQS{ z=0SJEy(82M>pvB`%zKr|c7Lmz$=gOoohRQ74i7%%R`yurVC6rW*~_&Y|HXYvYRvWn zou53S?7+Q2Iq^vy&~d=CuQg_?FpAzQ^vOh})T4#j+E&lL!;hc&nki3d^O9o8wmzs1 z6uYzIKEegh(xxgqa;#vT5qi3;3h&^-vnj&u#038Ud66Qtl+#b z$%*3NP%d!gtf?d1XYr-`k$<&q{hz%^O3kI{fCb-qc(KzxCUy8Pj5=Dq-c#ym^?aGHr-)#Nioy}7^B_;|%-IiBhwly}T1wAd#Oxc?Wc%9viIHCNA zJdxEBG?pdRbG|uX%4^@vf#ls_Q1kdBT?%OrV-wa~Lx)3ee#=t#kSZ z!3LCgwLrNGNf@0VTU4C&s>wbpYG9O;mh&?AD&A-+P^22rriK@G+7&k#q`6*!`0ED@ zxMsj(Bm$LfjoQm-{aE_hqjxc{cjr;B zcvdtp)j9MJ&RJF|x3_HdH*mSu_U9?$d#|U1A7qWI4t~KhZU}abn0{;9s48{<;70tNkx zHih_pAIv=p5GsHE%SU6xfKzmMDF?ekTG-RY9Kx)EKkDJzCjf0$L=qNI@)KsR z05ZY*i=ZO`y}{f8X7#h{k%A|``{uE?Y4?4j^>HlW zYIkRMY3wLv(tvkYk~?T}daetxcRFr}tID!#sA4BmxQhG5CcJDwbCBC`SC?B?A2h!} z)({AE?`fz(cy<+vzs$l{dA|4h_+e~YcXZ_Qs0zTLJMd!$xSI}aDr4c{!b$EC6qz=< zllYuXAY&Q}IU?J1puJ#@Su8z-DtBiBK`Kr=%8mFqb-*V~2W>TQeJvItdY}1#p*cf48c{RFD(~-lXX zGtVRnW&>lH7xeB{L7!^^kpZfAg!xj-)~~-X@Eiow>=2pdG8V%6yO+XDtg_1W=COz@ z=Ci>e_LGUb%l-5fRY9q+kr!D>zLxxuo5!-0u^_DxO*XNBDqaV%Q}dX?Zs#AayxM?t_W zEth440ij_t=!p7N-@ZbvH4~H0iO_BD=oIH#EFJudE$b-9nCU)R%eH`~yqqoj-90eo zBa!v?8mx{MaKrW15$yvu#=DpN-^xLS3&ue%x|FFtlqhZM-Z50Pe*_k8d0~|B=M!~M z=4EexQ^Nuy-OnH829|TkH&DIRV}@bhZugw7dvZPe%d4JjPdBP$2v`~>DpOE@+T`qP z-{A4y7ppU4XUUScDRfjhSc2a0WMLztRHxh#N}_E)_4_amESGl(?lJK_9rPh~D$9|o zFgU-R-owwG{3yaikU}3Innm#&L3E9I-kp9X6u3O0b#Awp3{8oFa)f{KII=rw#Di!n z_J#WQ>rg4kDI(fnk_(0b>JB|3N{rA$o^L)}V?RDm@u?o<%ZZ>jW}MU3EllAUK6Amr z^a%ybdY4B_D6i8)oNFWgiq7eUybfhqec>x0)nHG;i5%J&8D}8?IA=J{fBnS=)D^W` zH!tY_-qUTVMqc_T9j@n*Rqd#drJy(Z1*d;tFNHrXt`_h7nw=f&p*XL6FE_P7unDHxM!Jqc{|XcZl*$i_VG9CZ7)AI$q{R= z?VBhZPVNt%jr9P+zl<=sePj%GY_e~5V2)PXNvS_S z2pP}-DqP^6Cv#BM1j(T##Fn<+!${w%sgb1zLn=OOFi9p(7@7&$29wbd&tMm@^19@kku`DMF85;<|GPN~z|VHF zO0tu6rHRS&yh#uk{ZnGwj$JZCLp-qOFmq`&sQu&yfUTW?2(!c;Cn;iT5#hIjyJQLb zHCu|RII*zzR+yj?OSnYZhlM7~q#v_`( zCv#ME$36tP{e=c%Ne{^VI<*ODGl?stm3Zu2Vd|CCdj5E>v!}L@9%<0k8g26SrEZ#C zk#%}reoQ{H-=UVF?Bwlk*Nn7%jaMA&J}d=SQI1@9b}atnkhgA{bUMsQIbtTNT;!7@ z&LM6#EiZ7UM55+=ot;5iT3C6?ZGw%^+Dy3>Nt5U<^2x4MO7v_B?yKO9z<*1G2mUMt z_x_oH4g%_AE0#Qv$2M>FL}Xz8d`u_qDQJ)HJNsmpFK+)(Y4_j`L9&1HIHMfD@Y66! zEr_?nJD#t5wAhFp_xio%F9@)o4I+eZo!Q57 z1&u39X`A}ah!mrlboLkOuHSM?#hI9qsnwmvz{$8|%GIE>hG>}}o3q?m#!N0<^XZL% zaW%4cT<6nX!u9pJB)RwjC+Y<0hK!+%9qb#@S36L2&HnkPLG^*S*vEDnNzCZcD+)Vb zZ-*QnL1lv+Weq1sSWh^e$zmEpYg5Uy_+zd$U{A_QOV#ppgA+3{T;i7Axn@?VWYT(% zCW zcyahyrt$*G$R+iwm1>t(#o9zboLWn=o78=&xaxZ}KgT2$eOi}UnUwB%t}a6+OB6X& zj?W^~IHyLxm>V@z8@|)(_t6eydy*=_Zx+`~T}5qplPHeV8f;|Qwrjxn9Onrs^0_I`!?>u4_l;V&^CD?c*OKh963&$o1 z4@98wRH>cPXhM+J&5{aK$e6Uj&BZ=vtWf2}Cj$vhw?cerM`EeidBFjg_%r61S@GP^ z=UtT3CrgcfdicT{`>fLi7qncvj+LPA5tZ3yZALgr2Zq2IWi#G{ArvDS6EF>bR+@%0yn*LPA`7MoiA)0bty$+S`eG@1hgy*H1KAT zRi9YSZdwEnZp%C?6*C8h_4m0_?9P7f$r)WB!Rz;zh?BfbSo#Cw!qB9abP?uYmJTfA zqr{v#cFk`l>K^#;Gn-zaUZ+(UC;?}RN*Sw^S6>{7lh!Ks_7F}T@RzY983_2#d|D!& z$Qw?IP$im-unZuV)@!{4X}61xkA=4vlWgzOR$o)X&kCr9P3_i8XMX9C9a!wBaU|E4 zs*zYainYOL57JG0I*M`oO3PfT9tfJsQVr<_MxG zyD!U3v+sFYzWBGG@t^B#neFtDE)Rd&2fLNNmkP;fOZp#Wna#oC)E>oYjyUbzj}ew? z!&;o;1P9F6w7Hz9mhr{Xn3$m3mV=_V1)<8HZv8$+sLeCZP?`?G>Dt2y%GNrbIRpa( z`?_(5<6YI0fyIHZ6s=p%{Fu$l7e7ZB!x`K&8at1()~#5#$op{AV65e^RFq0h6?I2qlLnEINuNN>A}eVhoxxweYxkngJe#W7K8a~gMX zy4oT)!Pl$yltt7FX0`Iyo}}8$|6+P+m@RpYJvK-#%A6x_9wY;()kxEKdkSW(!t@rz zFYMc2Ti)~C(FKcq!t$}xt5<#a#X8zs^*##CaA)p{h&iMigq-PZ87r?Tf%+YbuzLvs(Cnv8gO^;vwP!SwB_=ljKHa1Mp4 zXH}G@?QSP{3U#^`zUnd9m6#JYQL}PQhKL@{?np zzt_V|<@|i3D1y>hq>^=1nb`>gWl_VmmlJ7`N|V*lAaiToz_ARtq%&T|+}yyPVhG12 zM+Ht)&?H>yjzubX2p-F!IQ(DeA^+CGIw(!iWuLXNa41fZrK%&V4I0^q!Grs9v?VOlFk0xu^yFG_Wm<>^NV_ zt##KdEkoQL>yk5wDhe^L8$)cK;>1U<&1Fh8k{xj_$IBEf@?)mR6V>(_w?%`d%F;>{ zt=j)uukr)qc0>}?4g0F0a-B^~JS}bXj+^^HBJEw%# zdL$e!Twh`Y2X1~~ z#{m2jNp!^$WRydm{6^#jcFZ2RC~A%($V--!VBLDo*z>pqKwVo9vZ&jy3f3ZXG?1w+)6zdmW>v<5Nu)9_(wBe|mK?A_{4do9S<--YhTS zTnktVxF|Z*Eb+lB%N?8ohV1eTS6`0L-wTYS1?D()m$<=Kp4Yu{!0Sqxj8(KO2)nnGt&+Xb9{%7b zj}RMx6Qn%Y&Ysuj@&#z`oBaM6rgLBy{+II8e~!!lyFUu#?t7MQ>2n_j90ZX{KdYcZ zxqVVl?z6h8gK_tviqOUSg$D58!aD>Fv@x>KxSi1hVw*7*HZu1@IS2OJOeD=&pFvVq z%w#H8iG3oN5%86GguTU}Ew!vaqk2GT4g$z0gZ?=ETHKCxVc{h`m=8yKyH;b90E5ekhc%SQIM=< z7(a}LG=aQB-+9TxWRxDukU8Gn<_O)K04Dyzg^5{w)E^}t>% zvzN9N&&;L)uE&WcqOqnhevTGXBcVr*9b)TFSLud-1t0z-g-QB)cY2G~)||9{H5h8! z7Brkv7yKOi=c_Y!n1rL#zd)rpO6+T_a~@XQ(;Pj(fe8QNH3vaUm+T5!+!kV2dH`&( zi<6GOv9^=z&dlkoe+P`PLdz`W(&_u>P8P_Wo%FT6;MUgN1W)i+*1^koDp(gYvimVN z8Rd!=_5*$kh`#00tJKOO%Jtsn&s}X=yLEm>V8rkXgK__F8Rz71#;4rtloo5I2o5El zZ93$Y=%~wfSFs0;0JBG#PQGW0crje!sAfl8__OO_KN5Li;%2->Hw^;ezLwIdiLUPUE)NV8Mqht zBzi@%;?vN{5v`CmyLt}6jrpoCO9dT>X33}S<7LjAKPFMNbb>PR$~W1Gk?%mU zO#Un}hkxL7%GvPT)fy$$w!<6f?|r3>8XINIPI8YHGnuUMHhm|W9Yuqt6v_4`#r=vx z^pzg&k!D+xdkmQ$%4XfC$Xu-nG?Z2cwPoog2LjcOaA?K4^IYrklDlqN@2Y1sy4X}q z>mndS#_HWf@us-8J)mNmuXEcZXxAGM&V+Hx^@2*2mEcKHVM|>K7*y}jO8W3XFD#~;@YFKSR@M2^3RJkJmUYeShcN-@a$h+_|&>s+k{UvxEr7`*297sNaH_7umsKrC4R6Q#25SYWXywQI-swIBpa+|VqR=Cja1zVWH{2oKT3*@Pg@HKY?g!(ZI3ki$HG=@Cot6b$*s zerG8ePjp+>pDZ;lk6>5FxBhSP3b)*Q))hzs zMzjt+*5d*lQHLIz>KBe<$>V0gsaTbC*mW#te2cS)AL!-waMwA|nLRoox9>2hJK=L{ z?ic>t38_ozS|3g3gKOg{tl0P&DRZCvFGrM z)ybpvV&RPWY3p0KG^TyLmZSBsrS@>Mp6n1~LY`D(9g5k%GRTNX#}-+|HDj3duny6e zTB3$>ee$=WpEv&-%=MoHasOPp#+9E?;#zCxvg%NuU5Tsoy_>5WQ&G7l^nT9HS4jBJ zH?51=n?-#_f%kmw1)lrUX$B$j=P*x(K-FIZINfn@s&j%!mA7n2Y%mY=dtZNSqRb)9 zuH72EBY)0<{BC@+P)=Bs)c#I=TD{ESrBo~Efm3fRxMCIWE4VUbRcldi49*vhR&$Du zRhtK=QovfqDPs$t@;*2{9UaByV^H857sT0o)}zA2bxO&`Ybanyevspia6aihXUGg1 z6?)4pIHun=75_wtz<2Dp1NAfGYY#$VP80oVyf(S`Lg$Sp4TZt+T1!5K*)J_?gRjPm z4CT%J`^;W`Eap@Cg;)pK7b6&C1*IHk4>gWF%ku6$QT0_pwL*lfo~>tXrhoq9x!^e{ zphm|MV#M3%f$?1e7!CSl+y#w&h~PBZmdHLr?@FV*4is38jIXS(L_eOtKGyQuUs)1s zKB2zPYfQ9Dp9mMfa;