From 95f21d495c6d65ecc5e84db8d2e22414b760e16a Mon Sep 17 00:00:00 2001 From: pankajtalk <58934931+pankajtalk@users.noreply.github.com> Date: Thu, 14 Mar 2024 16:52:45 +0530 Subject: [PATCH] Ekscplogs (#50) * EKS control plane logs collection configuration --------- Co-authored-by: paliwalparitosh --- CHANGELOG.md | 5 +- charts/logan/Chart.yaml | 2 +- .../logan/templates/ekscp-logs-configmap.yaml | 307 ++++++++++++++++++ .../logan/templates/fluentd-deployment.yaml | 106 ++++++ charts/logan/values.schema.json | 12 + charts/logan/values.yaml | 134 +++++++- charts/oci-onm/Chart.yaml | 4 +- charts/oci-onm/values.yaml | 2 +- docs/FAQ.md | 41 +++ docs/eks-cp-logs-streaming.png | Bin 0 -> 77665 bytes docs/eks-cp-logs.md | 292 +++++++++++++++++ docs/s3-partitioned-logs.png | Bin 0 -> 78945 bytes .../v1.0/oraclelinux/8-slim/Gemfile | 3 + 13 files changed, 900 insertions(+), 8 deletions(-) create mode 100644 charts/logan/templates/ekscp-logs-configmap.yaml create mode 100644 charts/logan/templates/fluentd-deployment.yaml create mode 100644 docs/eks-cp-logs-streaming.png create mode 100644 docs/eks-cp-logs.md create mode 100644 docs/s3-partitioned-logs.png diff --git a/CHANGELOG.md b/CHANGELOG.md index 7e3228c4..4d4848e7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,9 @@ # Change Log +## 2024-03-08 +### Added +- Support for AWS EKS system and control plane logs collection. + ## 2024-02-13 ### Added - Changes to support Kubernetes Solution Pages Offering by OCI Logging Analytics. @@ -7,7 +11,6 @@ - A new CronJob to handle the Kubernetes Objects discovery and Objects Logs collection using oci-logging-analytics-kubernetes-discovery Gem. ### Changed - Moving forward, Kubernetes Objects logs would be collected using Kubernetes Discovery CronJob along with the (optional) Discovery data instead of Fluentd based Deployment. - ## 2024-01-18 ### Changed - Management Agent docker image has been updated to version 1.2.0 diff --git a/charts/logan/Chart.yaml b/charts/logan/Chart.yaml index f9c34098..1924bae4 100644 --- a/charts/logan/Chart.yaml +++ b/charts/logan/Chart.yaml @@ -5,7 +5,7 @@ apiVersion: v2 name: oci-onm-logan description: Charts for sending Kubernetes platform logs, compute logs, and Kubernetes Objects information to OCI Logging Analytics. type: application -version: 3.3.0 +version: 3.4.0 appVersion: "3.0.0" dependencies: diff --git a/charts/logan/templates/ekscp-logs-configmap.yaml b/charts/logan/templates/ekscp-logs-configmap.yaml new file mode 100644 index 00000000..5bd9942d --- /dev/null +++ b/charts/logan/templates/ekscp-logs-configmap.yaml @@ -0,0 +1,307 @@ +# Copyright (c) 2023, Oracle and/or its affiliates. +# Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. +{{- if .Values.enableEKSControlPlaneLogs }} +{{- $kubernetesClusterName := (include "logan.kubernetesClusterName" .) }} +{{- $kubernetesClusterId := (include "logan.kubernetesClusterId" .) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "logan.resourceNamePrefix" . }}-ekscp-logs + namespace: {{ include "logan.namespace" . }} +data: + # file-like keys + fluent.conf: | + + {{- $authtype := .Values.authtype | lower }} + + {{- $multiWorkersEnabled := false }} + {{- $workers := (int .Values.fluentd.multiProcessWorkers | default 0) }} + {{- if gt $workers 0 }} + {{- $multiWorkersEnabled = true }} + + workers {{ $workers }} + + {{- else }} + {{- /* fake it to run at least one range loop if no multiProcessWorkers enabled. */}} + {{- $workers = 1 }} + {{- end }} + + {{- range until $workers }} + {{- $currWorker := . }} + + {{- if $multiWorkersEnabled }} + + {{- end }} + + # To ignore all the fluentd core generated events + + + {{- if $.Values.fluentd.eksControlPlane }} + + {{- range $name, $logDefinition := $.Values.fluentd.eksControlPlane.logs }} + {{- $workerId := 0 }} + {{- if $multiWorkersEnabled }} + {{- if and (eq "audit" $name) (eq "cloudwatch" $.Values.fluentd.eksControlPlane.collectionType) }} + {{- if $.Values.fluentd.eksControlPlane.logs.apiserver.worker }} + {{ $workerId = $.Values.fluentd.eksControlPlane.logs.apiserver.worker }} + {{- else if $.Values.fluentd.eksControlPlane.worker }} + {{ $workerId = $.Values.fluentd.eksControlPlane.worker }} + {{- end }} + {{- else }} + {{- if $logDefinition.worker }} + {{ $workerId = $logDefinition.worker }} + {{- else if $.Values.fluentd.eksControlPlane.worker }} + {{ $workerId = $.Values.fluentd.eksControlPlane.worker }} + {{- end }} + {{- end }} + {{- end }} + {{- if eq $currWorker (int $workerId) }} + + {{- if eq "cloudwatch" $.Values.fluentd.eksControlPlane.collectionType }} + {{- if eq "apiserver" $name }} + + @type cloudwatch_logs + @id {{ $name }}{{- ternary (print "_" $currWorker) "" $multiWorkersEnabled }} + tag rewrite.eks{{- ternary (print "." $currWorker) "" $multiWorkersEnabled }}.cp.{{ $name }}.* + region {{ $.Values.fluentd.eksControlPlane.region | required (printf "fluentd.eksControlPlane.region is required") }} + {{- if eq $.Values.fluentd.eksControlPlane.awsUseSts true }} + aws_use_sts true + aws_sts_role_arn "{{ $.Values.fluentd.eksControlPlane.awsStsRoleArn | required (printf "fluentd.eksControlPlane.awsStsRoleArn is required") }}" + {{- else }} + aws_key_id "{{ $.Values.fluentd.eksControlPlane.awsKeyId | required (printf "fluentd.eksControlPlane.awsKeyId is required") }}" + aws_sec_key "{{ $.Values.fluentd.eksControlPlane.awsSecKey | required (printf "fluentd.eksControlPlane.awsSecKey is required") }}" + {{- end }} + {{- if $.Values.fluentd.eksControlPlane.cwLogGroupName }} + log_group_name "{{ $.Values.fluentd.eksControlPlane.cwLogGroupName }}" + {{- else if contains "/" $kubernetesClusterId}} + {{- $clusterNameFromId := (splitList "/" $kubernetesClusterId) | last }} + log_group_name "{{ printf "/aws/eks/%s/cluster" $clusterNameFromId }}" + {{- end }} + use_log_stream_name_prefix true + log_stream_name {{ $logDefinition.cwLogStreamName | required (printf "fluentd.eksControlPlane.logs.%s.cwLogStreamName is required" $name) }} + include_metadata true + + @type local + path {{ $.Values.fluentd.baseDir }}/oci_la_fluentd_outplugin/pos/ekscp.{{ $name }}.logs.pos + + + @type none + + + + @type rewrite_tag_filter + hostname_command "cat /etc/hostname" + + key message + pattern /\\?"kind\\?":\\?"Event\\?"/ + tag eks{{- ternary (print "." $currWorker) "" $multiWorkersEnabled }}.cp.audit.* + + + key message + pattern /\\?"kind\\?":\\?"Event\\?"/ + invert true + tag eks{{- ternary (print "." $currWorker) "" $multiWorkersEnabled }}.cp.{{ $name }}.* + + + {{- end }} + + {{- if or (eq "authenticator" $name) (eq "kubecontrollermanager" $name) (eq "cloudcontrollermanager" $name) (eq "scheduler" $name) }} + + @type cloudwatch_logs + @id {{ $name }}{{- ternary (print "_" $currWorker) "" $multiWorkersEnabled }} + tag eks{{- ternary (print "." $currWorker) "" $multiWorkersEnabled }}.cp.{{ $name }}.* + region {{ $.Values.fluentd.eksControlPlane.region | required (printf "fluentd.eksControlPlane.region is required") }} + {{- if eq $.Values.fluentd.eksControlPlane.awsUseSts true }} + aws_use_sts true + aws_sts_role_arn "{{ $.Values.fluentd.eksControlPlane.awsStsRoleArn | required (printf "fluentd.eksControlPlane.awsStsRoleArn is required") }}" + {{- else }} + aws_key_id "{{ $.Values.fluentd.eksControlPlane.awsKeyId | required (printf "fluentd.eksControlPlane.awsKeyId is required") }}" + aws_sec_key "{{ $.Values.fluentd.eksControlPlane.awsSecKey | required (printf "fluentd.eksControlPlane.awsSecKey is required") }}" + {{- end }} + {{- if $.Values.fluentd.eksControlPlane.cwLogGroupName }} + log_group_name "{{ $.Values.fluentd.eksControlPlane.cwLogGroupName }}" + {{- else if contains "/" $kubernetesClusterId}} + {{- $clusterNameFromId := (splitList "/" $kubernetesClusterId) | last }} + log_group_name "{{ printf "/aws/eks/%s/cluster" $clusterNameFromId }}" + {{- end }} + use_log_stream_name_prefix true + log_stream_name {{ $logDefinition.cwLogStreamName | required (printf "fluentd.eksControlPlane.logs.%s.cwLogStreamName is required" $name) }} + include_metadata true + + @type local + path {{ $.Values.fluentd.baseDir }}/oci_la_fluentd_outplugin/pos/ekscp.{{ $name }}.logs.pos + + + @type none + + + {{- end }} + + + @type record_transformer + enable_ruby true + + {{- if $logDefinition.metadata }} + oci_la_metadata ${{"{{"}}"Kubernetes Cluster Name":"{{ $kubernetesClusterName }}", "Kubernetes Cluster ID": "{{ $kubernetesClusterId }}", "Node": "#{ENV['K8S_NODE_NAME'] || 'UNDEFINED'}" {{- range $k, $v := $logDefinition.metadata }},{{ $k | quote }}: {{ $v | quote -}} {{- end }}{{"}}"}} + {{- else if $.Values.fluentd.eksControlPlane.metadata }} + oci_la_metadata ${{"{{"}}"Kubernetes Cluster Name":"{{ $kubernetesClusterName }}", "Kubernetes Cluster ID": "{{ $kubernetesClusterId }}", "Node": "#{ENV['K8S_NODE_NAME'] || 'UNDEFINED'}" {{- range $k, $v := $.Values.fluentd.eksControlPlane.metadata }},{{ $k | quote }}: {{ $v | quote -}} {{- end }}{{"}}"}} + {{- else }} + oci_la_metadata ${{"{{"}}"Kubernetes Cluster Name":"{{ $kubernetesClusterName }}", "Kubernetes Cluster ID": "{{ $kubernetesClusterId }}", "Node": "#{ENV['K8S_NODE_NAME'] || 'UNDEFINED'}" {{- range $k, $v := $.Values.metadata }},{{ $k | quote }}: {{ $v | quote -}} {{- end }}{{"}}"}} + {{- end }} + {{- if $logDefinition.ociLALogGroupID }} + oci_la_log_group_id "{{ $logDefinition.ociLALogGroupID }}" + {{- else if $.Values.fluentd.eksControlPlane.ociLALogGroupID }} + oci_la_log_group_id "{{ $.Values.fluentd.eksControlPlane.ociLALogGroupID }}" + {{- else }} + oci_la_log_group_id "{{ required "ociLALogGroupID is required" $.Values.ociLALogGroupID }}" + {{- end }} + oci_la_log_source_name "{{ $logDefinition.ociLALogSourceName | required (printf "fluentd.eksControlPlane.logs.%s.ociLALogSourceName is required" $name) }}" + {{- if $logDefinition.ociLALogSet }} + oci_la_log_set "{{ $logDefinition.ociLALogSet }}" + {{- else }} + oci_la_log_set "{{ $.Values.fluentd.eksControlPlane.ociLALogSet | default $.Values.ociLALogSet }}" + {{- end }} + message "${record['message']}" + tag ${tag} + + + + @type record_transformer + enable_ruby true + + oci_la_metadata ${record["oci_la_metadata"].merge({"cloudwatchloggroupname" => record.dig("metadata", "log_group_name"), "cloudwatchlogstreamname" => record.dig("metadata", "log_stream_name")})} + + remove_keys $.metadata + + + {{- else }} + + @type s3 + @id {{ $name }}{{- ternary (print "_" $currWorker) "" $multiWorkersEnabled }} + tag eks{{- ternary (print "." $currWorker) "" $multiWorkersEnabled }}.cp.{{ $name }}.* + s3_bucket {{ $.Values.fluentd.eksControlPlane.s3Bucket | required (printf "fluentd.eksControlPlane.s3Bucket is required") }} + s3_region {{ $.Values.fluentd.eksControlPlane.region | required (printf "fluentd.eksControlPlane.region is required") }} + {{- if eq $.Values.fluentd.eksControlPlane.awsUseSts true }} + + role_arn "{{ $.Values.fluentd.eksControlPlane.awsStsRoleArn | required (printf "fluentd.eksControlPlane.awsStsRoleArn is required") }}" + role_session_name oci-kubernetes-monitoring + + {{- else }} + aws_key_id "{{ $.Values.fluentd.eksControlPlane.awsKeyId | required (printf "fluentd.eksControlPlane.awsKeyId is required") }}" + aws_sec_key "{{ $.Values.fluentd.eksControlPlane.awsSecKey | required (printf "fluentd.eksControlPlane.awsSecKey is required") }}" + {{- end }} + add_object_metadata true + store_as gzip + + queue_name {{ $logDefinition.sqsQueue }} + + match_regexp {{ $logDefinition.objectKey }}.* + + @type none + + + {{- if $logDefinition.multilineStartRegExp }} + # Concat filter to handle multi-line log records. + + @type concat + key message + stream_identity_key stream + flush_interval "{{ $.Values.fluentd.tailPlugin.flushInterval }}" + timeout_label "@NORMAL{{- ternary (print "." $currWorker) "" $multiWorkersEnabled }}" + multiline_start_regexp {{ $logDefinition.multilineStartRegExp }} + + {{- end }} + + @type record_transformer + enable_ruby true + + {{- if $logDefinition.metadata }} + oci_la_metadata ${{"{{"}}"Kubernetes Cluster Name":"{{ $kubernetesClusterName }}", "Kubernetes Cluster ID": "{{ $kubernetesClusterId }}", "Node": "#{ENV['K8S_NODE_NAME'] || 'UNDEFINED'}" {{- range $k, $v := $logDefinition.metadata }},{{ $k | quote }}: {{ $v | quote -}} {{- end }}{{"}}"}} + {{- else if $.Values.fluentd.eksControlPlane.metadata }} + oci_la_metadata ${{"{{"}}"Kubernetes Cluster Name":"{{ $kubernetesClusterName }}", "Kubernetes Cluster ID": "{{ $kubernetesClusterId }}", "Node": "#{ENV['K8S_NODE_NAME'] || 'UNDEFINED'}" {{- range $k, $v := $.Values.fluentd.eksControlPlane.metadata }},{{ $k | quote }}: {{ $v | quote -}} {{- end }}{{"}}"}} + {{- else }} + oci_la_metadata ${{"{{"}}"Kubernetes Cluster Name":"{{ $kubernetesClusterName }}", "Kubernetes Cluster ID": "{{ $kubernetesClusterId }}", "Node": "#{ENV['K8S_NODE_NAME'] || 'UNDEFINED'}" {{- range $k, $v := $.Values.metadata }},{{ $k | quote }}: {{ $v | quote -}} {{- end }}{{"}}"}} + {{- end }} + {{- if $logDefinition.ociLALogGroupID }} + oci_la_log_group_id "{{ $logDefinition.ociLALogGroupID }}" + {{- else if $.Values.fluentd.eksControlPlane.ociLALogGroupID }} + oci_la_log_group_id "{{ $.Values.fluentd.eksControlPlane.ociLALogGroupID }}" + {{- else }} + oci_la_log_group_id "{{ required "ociLALogGroupID is required" $.Values.ociLALogGroupID }}" + {{- end }} + oci_la_log_source_name "{{ $logDefinition.ociLALogSourceName | required (printf "fluentd.eksControlPlane.logs.%s.ociLALogSourceName is required" $name) }}" + {{- if $logDefinition.ociLALogSet }} + oci_la_log_set "{{ $logDefinition.ociLALogSet }}" + {{- else }} + oci_la_log_set "{{ $.Values.fluentd.eksControlPlane.ociLALogSet | default $.Values.ociLALogSet }}" + {{- end }} + message "${record['message']}" + tag ${tag} + + + + @type record_transformer + enable_ruby true + + oci_la_metadata ${record["oci_la_metadata"].merge({"cloudwatchloggroupname" => record["s3_key"].split("/")[0].gsub("_", "/"), "cloudwatchlogstreamname" => record["s3_key"].split("/")[2].gsub("_", "/")})} + + remove_keys $.metadata + + {{- end }} + + {{- end }} + {{- end }} + {{- end }} + + # Match block to ensure all the logs including concat plugin timeout logs will have same label + + @type relabel + @label @NORMAL{{- ternary (print "." $currWorker) "" $multiWorkersEnabled }} + + + # Match block to set info required for oci-logging-analytics fluentd output plugin + + + {{- if $multiWorkersEnabled }} + + + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/logan/templates/fluentd-deployment.yaml b/charts/logan/templates/fluentd-deployment.yaml new file mode 100644 index 00000000..582f0a8d --- /dev/null +++ b/charts/logan/templates/fluentd-deployment.yaml @@ -0,0 +1,106 @@ +# Copyright (c) 2023, Oracle and/or its affiliates. +# Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. + +--- +{{- if .Values.enableEKSControlPlaneLogs }} +{{- $authtype := .Values.authtype | lower }} +{{- $imagePullSecrets := .Values.image.imagePullSecrets }} +{{- $resourceNamePrefix := (include "logan.resourceNamePrefix" .) }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ $resourceNamePrefix }}-logan + namespace: {{ include "logan.namespace" . }} + labels: + app: {{ $resourceNamePrefix }}-logan + version: v1 +spec: + selector: + matchLabels: + app: {{ $resourceNamePrefix }}-logan + version: v1 + template: + metadata: + annotations: + {{- if eq $authtype "config" }} + checksum/secrets: {{ include (print $.Template.BasePath "/oci-config-secret.yaml") . | sha256sum }} + {{- end}} + checksum/ekscpconfigmap: {{ include (print $.Template.BasePath "/ekscp-logs-configmap.yaml") . | sha256sum }} + labels: + app: {{ $resourceNamePrefix }}-logan + version: v1 + spec: + serviceAccountName: {{ include "logan.serviceAccount" . }} + {{- if $imagePullSecrets }} + imagePullSecrets: + - name: {{ .Values.image.imagePullSecrets }} + {{- end}} + containers: + - name: {{ $resourceNamePrefix }}-ekscp-fluentd + image: {{ .Values.image.url }} + imagePullPolicy: {{ default "IfNotPresent" .Values.image.imagePullPolicy }} + env: + - name: FLUENTD_CONF + value: {{ .Values.fluentd.path }}/{{ .Values.fluentd.file }} + - name: K8S_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: FLUENT_OCI_DEFAULT_LOGGROUP_ID + value: {{ .Values.ociLALogGroupID }} + - name: FLUENT_OCI_NAMESPACE + value: {{ .Values.ociLANamespace }} + - name: FLUENT_OCI_KUBERNETES_CLUSTER_ID + value: {{ include "logan.kubernetesClusterId" . }} + - name: FLUENT_OCI_KUBERNETES_CLUSTER_NAME + value: {{ include "logan.kubernetesClusterName" . }} + {{- if eq $authtype "config" }} + - name: FLUENT_OCI_CONFIG_LOCATION + value: {{ .Values.oci.path }}/{{ .Values.oci.file }} + {{- end }} + {{- if .Values.extraEnv }} + {{- toYaml .Values.extraEnv | nindent 10 }} + {{- end }} + {{- if .Values.resources }} + resources: {{- toYaml .Values.resources | nindent 10 }} + {{- end }} + volumeMounts: + # RW mount to store tail plugin output plugin buffer and logs + - name: basedir + mountPath: {{ .Values.fluentd.baseDir }} + {{- if eq $authtype "config" }} + # Mount directory where oci config exists + - name: ociconfigdir + mountPath: {{ .Values.oci.path }} + readOnly: true + {{- end }} + # Mount directory where fluentd config exists + - name: ekscpfluentdconfigdir + mountPath: {{ .Values.fluentd.path }} + readOnly: true + {{- if .Values.extraVolumeMounts }} + {{- toYaml .Values.extraVolumeMounts | nindent 8 }} + {{- end }} + terminationGracePeriodSeconds: 30 + volumes: + {{- if .Values.extraVolumes }} + {{- toYaml .Values.extraVolumes | nindent 6 }} + {{- end }} + # RW mount to store tail plugin output plugin buffer and logs + - name: basedir + hostPath: + path: {{ .Values.fluentd.baseDir }} + {{- if eq $authtype "config" }} + # Mount directory where oci config exists + - name: ociconfigdir + projected: + sources: + - secret: + name: {{ $resourceNamePrefix }}-oci-config + {{- end }} + # Mount directory where fluentd ekscp config exists + - name: ekscpfluentdconfigdir + configMap: + # Provide the name of the ConfigMap to mount. + name: {{ $resourceNamePrefix }}-ekscp-logs +{{- end }} diff --git a/charts/logan/values.schema.json b/charts/logan/values.schema.json index 27e9f3c3..8c539e67 100644 --- a/charts/logan/values.schema.json +++ b/charts/logan/values.schema.json @@ -52,6 +52,18 @@ "type": "string" } } + }, + "collectionType": { + "type": "string", + "enum": ["cloudwatch", "s3"] + }, + "region": { + "type": "string" + }, + "s3Bucket": { + "type": "string", + "minLength": 3, + "maxLength": 63 } } } diff --git a/charts/logan/values.yaml b/charts/logan/values.yaml index fa534b51..d2d119a7 100644 --- a/charts/logan/values.yaml +++ b/charts/logan/values.yaml @@ -48,7 +48,7 @@ image: # Image pull secrets for. Secret must be in the namespace defined by namespace imagePullSecrets: # -- Replace this value with actual docker image url - url: container-registry.oracle.com/oci_observability_management/oci-la-fluentd-collector:1.3.0 + url: container-registry.oracle.com/oci_observability_management/oci-la-fluentd-collector:1.4.0 # -- Image pull policy imagePullPolicy: Always @@ -60,7 +60,7 @@ ociLANamespace: # e.g. ocid1.loganalyticsloggroup.oc1.phx.amaaaaasdfaskriauucc55rlwlxe4ahe2vfmtuoqa6qsgu7mb6jugxacsk6a ociLALogGroupID: -# -- OKE Cluster OCID +# -- OKE Cluster OCID/EKS Cluster ARN etc. # e.g. ocid1.cluster.oc1.phx.aaaaaaaahhbadf3rxa62faaeixanvr7vftmkg6hupycbf4qszctf2wbmqqxq kubernetesClusterID: @@ -77,6 +77,9 @@ ociLAClusterEntityID: # In Kubernetes environments where SELinux mode is enforced, set this flag to 'true' to allow fluentd pods to access log files. privileged: false +# -- Enables collection of AWS EKS Control Plane logs through CloudWatch or S3 Fluentd plugin +enableEKSControlPlaneLogs: false + # Logging Analytics additional metadata. Use this to tag all the collected logs with one or more key:value pairs. # Key must be a valid field in Logging Analytics #metadata: @@ -289,7 +292,7 @@ fluentd: # -- Kubernetes CSI Node Driver Logs collection configuration csinode: # csinode log files location. - path: /var/log/containers/csi-oci-node-*.log + path: /var/log/containers/csi-oci-node-*.log,/var/log/containers/ebs-csi-node-*.log # Logging Analytics log source to use for parsing and processing Kubernetes CSI Node Driver Logs. ociLALogSourceName: "Kubernetes CSI Node Driver Logs" @@ -309,6 +312,13 @@ fluentd: # The regular expression pattern for the starting line in case of multi-line logs. multilineStartRegExp: /^\S\d{2}\d{2}\s+[^\:]+:[^\:]+:[^\.]+\.\d{0,3}/ + # -- Kubernetes CSI Controller Logs collection configuration + csi-controller: + # csi controller log files location. + path: /var/log/containers/ebs-csi-controller-*.log + # Logging Analytics log source to use for parsing and processing Kubernetes CSI Controller Logs. + ociLALogSourceName: "Kubernetes CSI Controller Logs" + # Config specific to API Server Logs Collection kube-apiserver: # The path to the source files. @@ -425,6 +435,122 @@ fluentd: # Logging Analytics log source to use for parsing and processing Linux YUM Logs. ociLALogSourceName: "Linux YUM Logs" + # Configuration for AWS EKS Control Plane logs like API Server, Audit, Authenticator etc. + eksControlPlane: + # Collection Type (cloudwatch or s3) + collectionType: "cloudwatch" + # AWS region + region: + # Use AssumeRoleCredentials (https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/AssumeRoleCredentials.html) to authenticate + # Default is true. Set to false to use access keys + awsUseSts: true + # The role ARN to assume when using AWS Security Token Service authentication + awsStsRoleArn: + # AWS access key and secret access key, needed only when awsUseSts is explicitly set to false + #awsKeyId: + #awsSecKey: + # CloudWatch Log Group name of the EKS cluster. Automatically determined by extracting cluster name from kubernetesClusterId and + # following naming syntax as "aws/eks//cluster". Below field can be used to override this behavior. + #cwLogGroupName: + # S3 related settings + # S3 bucket name to which EKS Control Plane logs are being streamed using a subscription filter + s3Bucket: + ociLALogGroupID: + #metadata: + #"Client Host Region": "America" + #"Environment": "Production" + #"Third Key": "Third Value" + # Worker number in case of multi process workers enabled. If not set when multi process workers enabled, then it defaults to 0. + #worker: + logs: + # If using cloudwatch collection mechanism, apiserver and audit logs need to be part of the same worker as they share the same log stream name prefix. + # Thus "worker" variable is only picked up from "apiserver" section. + apiserver: + # CloudWatch Log Stream name + cwLogStreamName: "kube-apiserver" + # SQS queue name which is notified when apiserver log object is created in S3 bucket + sqsQueue: "apiserver" + # S3 object key + objectKey: .*?kube-apiserver/ + # Logging Analytics log source to use for parsing and processing EKS Control Plane API Server Logs. + ociLALogSourceName: "Kubernetes API Server Logs" + multilineStartRegExp: /^\S\d{2}\d{2}\s+[^\:]+:[^\:]+:[^\.]+\.\d{0,3}/ + #metadata: + #"Client Host Region": "America" + #"Environment": "Production" + #"Third Key": "Third Value" + #ociLALogGroupID: + # Worker number in case of multi process workers enabled. If not set when multi process workers enabled, then it defaults to 0. + #worker: + audit: + sqsQueue: "audit" + # S3 object key + objectKey: .*?kube-apiserver-audit + # Logging Analytics log source to use for parsing and processing EKS Control Plane Audit Logs. + ociLALogSourceName: "Kubernetes Audit Logs" + #metadata: + #"Client Host Region": "America" + #"Environment": "Production" + #"Third Key": "Third Value" + #ociLALogGroupID: + #worker: + authenticator: + cwLogStreamName: "authenticator" + sqsQueue: "authenticator" + # S3 object key + objectKey: .*?authenticator + # Logging Analytics log source to use for parsing and processing EKS Control Plane Authenticator Logs. + ociLALogSourceName: "AWS EKS Authenticator Logs" + multilineStartRegExp: /^time=/ + #metadata: + #"Client Host Region": "America" + #"Environment": "Production" + #"Third Key": "Third Value" + #ociLALogGroupID: + #worker: + kubecontrollermanager: + cwLogStreamName: "kube-controller-manager" + sqsQueue: "kube-controller-manager" + # S3 object key + objectKey: .*?kube-controller-manager + # Logging Analytics log source to use for parsing and processing EKS Control Plane Kube Controller Manager Logs. + ociLALogSourceName: "Kubernetes Controller Manager Logs" + multilineStartRegExp: /^\S\d{2}\d{2}\s+[^\:]+:[^\:]+:[^\.]+\.\d{0,3}/ + #metadata: + #"Client Host Region": "America" + #"Environment": "Production" + #"Third Key": "Third Value" + #ociLALogGroupID: + #worker: + cloudcontrollermanager: + cwLogStreamName: "cloud-controller-manager" + sqsQueue: "cloud-controller-manager" + # S3 object key + objectKey: .*?cloud-controller-manager + # Logging Analytics log source to use for parsing and processing EKS Control Plane Cloud Controller Manager Logs. + ociLALogSourceName: "Cloud Controller Manager Logs" + multilineStartRegExp: /^\S\d{2}\d{2}\s+[^\:]+:[^\:]+:[^\.]+\.\d{0,3}/ + #metadata: + #"Client Host Region": "America" + #"Environment": "Production" + #"Third Key": "Third Value" + #ociLALogGroupID: + #worker: + scheduler: + cwLogStreamName: "kube-scheduler" + sqsQueue: "scheduler" + # S3 object key + objectKey: .*?kube-scheduler + # Logging Analytics log source to use for parsing and processing EKS Control Plane Scheduler Logs. + ociLALogSourceName: "Kubernetes Scheduler Logs" + multilineStartRegExp: /^\S\d{2}\d{2}\s+[^\:]+:[^\:]+:[^\.]+\.\d{0,3}/ + #metadata: + #"Client Host Region": "America" + #"Environment": "Production" + #"Third Key": "Third Value" + #ociLALogGroupID: + #worker: + # Generic configuration for all container/pod logs genericContainerLogs: # -- Default Logging Analytics log source to use for parsing and processing the logs: Kubernetes Container Generic Logs. @@ -440,6 +566,8 @@ fluentd: - '"/var/log/containers/csi-oci-node-*.log"' - '"/var/log/containers/proxymux-client-*.log"' - '"/var/log/containers/cluster-autoscaler-*.log"' + - '"/var/log/containers/ebs-csi-node-*.log"' + - '"/var/log/containers/ebs-csi-controller-*.log"' - '"/var/log/containers/kube-apiserver-*.log"' - '"/var/log/containers/etcd-*.log"' - '"/var/log/containers/kube-controller-manager-*.log"' diff --git a/charts/oci-onm/Chart.yaml b/charts/oci-onm/Chart.yaml index fa3223c9..b64d398e 100644 --- a/charts/oci-onm/Chart.yaml +++ b/charts/oci-onm/Chart.yaml @@ -18,7 +18,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 3.3.0 +version: 3.4.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -32,7 +32,7 @@ dependencies: repository: "file://../common" condition: oci-onm-common.enabled - name: oci-onm-logan - version: "3.3.0" + version: "3.4.0" repository: "file://../logan" condition: oci-onm-logan.enabled - name: oci-onm-mgmt-agent diff --git a/charts/oci-onm/values.yaml b/charts/oci-onm/values.yaml index cf3c2638..70415ef9 100644 --- a/charts/oci-onm/values.yaml +++ b/charts/oci-onm/values.yaml @@ -31,7 +31,7 @@ oci-onm-logan: kubernetesClusterID: "{{ .Values.global.kubernetesClusterID }}" kubernetesClusterName: "{{ .Values.global.kubernetesClusterName }}" image: - url: container-registry.oracle.com/oci_observability_management/oci-la-fluentd-collector:1.3.0 + url: container-registry.oracle.com/oci_observability_management/oci-la-fluentd-collector:1.4.0 # Go to OCI Logging Analytics Administration, click Service Details, and note the namespace value. ociLANamespace: # OCI Logging Analytics Default Log Group OCID diff --git a/docs/FAQ.md b/docs/FAQ.md index cf2fbb84..be3f6deb 100644 --- a/docs/FAQ.md +++ b/docs/FAQ.md @@ -337,4 +337,45 @@ oci-onm-logan: containerdataHostPath: /var/lib/docker/containers ``` +### Control plane log collection for AWS EKS (Amazon Elastic Kubernetes Service) +AWS EKS control plane logs are available in CloudWatch. +Once the control plane log collection is enabled, the logs are directly pulled from CloudWatch and ingested into OCI Logging Analytics for further analysis. Alternatively, the logs can be routed over to S3 and pulled from there. + +#### How to collect EKS control plane logs from CloudWatch? +To collect the logs from CloudWatch directly, modify your override_values.yaml to add the following EKS specific variables. Various other variables are available in the values.yaml file and can be updated as necessary. + +``` +.. +.. +oci-onm-logan: + .. + .. + enableEKSControlPlaneLogs: true + fluentd: + ... + ... + eksControlPlane: + region: + awsStsRoleArn: +``` + +#### How to collect EKS control plane logs from S3? +If you run into [CloudWatch service quotas](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/cloudwatch_limits_cwl.html), you can alternatively route the logs to S3 and collect them. The control plane logs in S3 need to be in a specific format for the default log collection to work. Please refer [EKS CP Logs Streaming to S3](./eks-cp-logs.md) for instructions on how to configure streaming of Control Plane logs to S3 and subsequenty collect them in OCI Logging Analytics. Once the streaming of logs is setup, modify your override_values.yaml to add the following EKS specific variables. Various other variables are available in the values.yaml file and can be updated as necessary. + +``` +.. +.. +oci-onm-logan: + .. + .. + enableEKSControlPlaneLogs: true + fluentd: + ... + ... + eksControlPlane: + collectionType:"s3" + region: + awsStsRoleArn: + s3Bucket: +``` diff --git a/docs/eks-cp-logs-streaming.png b/docs/eks-cp-logs-streaming.png new file mode 100644 index 0000000000000000000000000000000000000000..00bb509573ff799c13514581667899d23b9ee922 GIT binary patch literal 77665 zcmdpeg z&OJZz-ap_w&%<%UUTdy7#~ksFcZ|8bCBy`7qTfeHLPEMJB*-s`gmfhp3F#6X^(y#_ zIO&HP@XI?rK0XN{K0Xo&a}#YnLoFmE$}dI%ox;d(?lkeV-W7b{hMI_5lvUfH?S6YC z{N)u~H=NU9-y}W8q%bqmk-gj9xkkIl(}}qK*eK6kqx3PKcTtDqlEW=xgmXIPOr0I0 zHzq7Fx-k3hJv~LrPSi-#Nt-R%yD4w~0_nl7gxKP%2=ZriFX;|)*QO?FDVF!bOAWRT z&7YUwC9ti?3VvkpC9LMus5_=T`X$vjOp%;!%rn$urkSEs6Q;gTe6t(B^5@9 zET$X}@9Fa-UgQv{Eo-t=JRi>P+zVroZk*x8S!AC*vBC*><$6T7up!;C(#)&lTe(hg zE-85V?$&oRGGtC=xaJjEZ#0OAiSJe7XdF?t>pBq|1SxNY}u>Sm1|09{KNY zucXFb{`>PKICSB2DLx?~@UN7Hxt5l(g|3OEzLIMi7-~@Ot(>Kt=xcTj6C-*xO%ru3 zdRrq?=oTbSTXyi#NXt@<#Ma2r*n-`bi}dFe?BFx>X9iM|pO;t~aFNQ1N|5lGm}`+R z(?6zvOv;T;LPEl6uBpu~$^Yut?cg^qQe8_+Q+5Uh8yg#Xo2T?9<~j_FY;0@{kDo9+ zc|r%SptG?tbVXkLtsb^wL0*$MtZenH0MM?@i=%4@onx~en z-hZBCZ1HPZV1W$KHw=vQj~V_M8{EnX{gqup&sNJ&o?p)hhzC4_``J@A&Y#y`_~t)P z{MVgw|GAU#*)!&U-}O zAZTuMPKJLrjT^m6qs<)&i5E$T|M^?nORF*0qVK#M@tSOOC%O7K7VT{t+S}WYS0XIx zEOqKWqc4vyrKQ;^&6+b=@pi;6qHTAzW3{7= zd(Um{t@7SLFH>*-x&6YLXA{XiH00awkx)pGE}`-wUHI7b3WdGo4cFVtfBg2>J*FtP zQezk`s=iK zeq3mFd&0HXyEGUIny9c9`&v9jZ<#JI8L}t8T(H3U!vYBXk?Jg)E9Q&uBHvzIL}?*; zwZJ#jmE|wLN&JPK_yL0N;&MrlQG0hULysc#;3W}cfz>@NfBV{2GEDgM$%W~;`tiNL z+e^5h&?||`8=r)wtMPn9!`Sgavc~6{RVWJ0g&QuRencYrHU6G(d<@ExBkSCA(U1O) zmO~g91iUB*#L6+Sms)cBJ@2&#U98rhUvh4W7Gh!R*(<#r341S!P;Z3I0p|ArHG`ra101bH$tcehVIBMFjc`cE{oWSOw7 zN9zO+E^#_LTtIw#=s(mW!eFFmR3eT0xutZwg(gQ4ZVX$4jgAmlv`zUr?e)tdy7(}L zSBpB0l`E{<=LcI_8EOp0xet@+st=}_b-PGbCaN4d%$P4)eF!PoUg0k(N|2;*$ht;K zdr~~NC8S13qrH~(hGyTF-$}!h*Tm#lh_*2F=R!z4wdk>5$ZqZ zg(+)StQLN{dG~RxiqoDn#ar=+Cyn#b7GlR|#~U#pX&Lm;x@(TdHw?d%hZSc?rH#D8 zH`3gwIj?TrIaEJ+o zr-&O8VW`q9YG+pTGcvsBzNnwSmmms>7mk2Tkyz~RcYC*!Lv8jFKhf*&PrB5MhEkqRIBb+X@#Eb7X6S6EGHE;G%WS`^8}yA!uZPTG zs}ZlLS>E-6r+pg;w48iNk{MWxEBbBII-@HsbPAgI?mL^zeGZj+lVWt_q$V||i1o&g z2H6Fkr>7e(@Q9~6+C`L(UOmXyX@7*Sh7np1eYGCZqu5ukd)mqQG;P^-Ooy0*okA)f6DNe{ z>_CHp*=DJyF;zS+wtZPOU}$J)5oHB~`=IvK=etvtDMb--7ll!L37E~$)qo6S$c2@m z2KOqKgPp=^*B_d#Z8#mtFeUQUcr?qU(s5bepsEV>jaf8K=Wv?cd_=Q~?bMZ(QFz`> zBF>@44>Gnl?fAkXn?B#uP&6(}sRBk~eY^%A-JGhAp`>G2^2Vl6=#1rBTh7X}ZWPXz z;aut!<7mHni$Hf!$-;M(;cFzy1&6GA9YhDC=Mn6X)daipvT=RH$Ejx%Cs+W!uWj4z z)wSa}rnL?Rz9=7@1m?jYR=NVYb0 z3rC%m8D5@jw=x*zmd%?tBSuYl_Uri3+M^5$y|JsU-bER~%orqsDfTkbVwdY&1W{CV zVys?2c!8L7aoI0yG`y1i2es#qe_*TI$d&oRlnNITBpX^AyV*OoPpyif?hBp|78bbZ zpF04zedr%{C`d6JC{D>>p}Zy?ZQN*IFa>gP$-wrw#Vd_{02oNr-`oIBNck+VR4u#ddf7_jo2~3vb6Eo`D9C=*Ci#&xcobPS+bS2J)d@4 zxSFcVX~|^v&=Y+ZHtO%P6TqU4>%A}-1aN{c{k~SK7f5R5V)SI~z&e+MdB4bYhUi+= zr&94R#j95Z=jTWo)Y-K~v-MgJsa;#?P4lEh=Kdh|CEs)vTqPYaoK4` zWr~*cqi6vQj*kl|yk+NS$I1u~Je48m!#TW)xllzz;5v)xmCJ{AmwMNLdn{RlPfpDC za~KTJ!Z*N$`O>n={met}+zh2>n*HHvan9@&=fJ<3FHqJ4*FKAA?Ufgr6I60uD;dnT z*_eQhTaOMK7PV_*>8jez;jHv$h4~V444}##JTo@oq)sr83nbY zj6&g+t3nYt-kbXVhWL-)z0avWT7DD-@B%%&dd$2vVtdSKf1G*Jac6F*W=Q?h@F#|9 zT__&-;&iULt2btfeet z#Isp@8PU!%IRpi?phu$S$frsc?IC%T7tkiJFIKHa`6~tjZ3vR3qqr7N^i;1iJE5sx ze`$|aD~zQ`eq*Dsm7dvX2~T<0e{Vk9ox-zlz#E_8NFekfWcexmtt z-1&G7)^y)s2yC6MMF(4&K{NBH;Y>@gFHrA%?Ajzm)=iF$$|4ASSgL=I&a_Xvx9 z3*)VBd(x`OmykS#SwdG%U!a1#55@9MuKj2sS{I;~N}+tW*cyhdf!i4c-p~ZtM+Wv{ z(n8U#-}Qg*IgPmXay z3=fnT41SpJ;5k2GR;xn^@>&O4Xyng*l#U(FP<^0Yv6%R2tQtV02DH|sSH4fYtFWT? zhcqybcjC@hTSD_WK?J7|7O^}%+36IW7*WxbdF0)*jWq#+`x*cttp!UgHHW^0cC%mT z`M*)6MXP(X0Hn58xF9SSmIhx9Vkw1@$BU%P9Lp*iF~M^K?r&#?4wkNNBC>KOo%WRx z;hZVw+hH|BjLify%V1EJXhEmlZUM#nMDq3OG(L@0lg`I%Y6?^0xJstar8vOQGI&Xf zX0>5*>Sz@}gAMbl5I!;OkA8Q-eb+B>rmoBh_uPV9We#~)UD!S0uH63Q0Q~M}rayQo zgbm`{HSBJ>0R2WB%=mLKDjee}TfPYr98D6yFk%(~kve_{5ki?$-1XvmnUS41jZiWo zfyN%Oy5z2DL(&EMH_{Ai4$11n#q3NJy8% zK-#qDV5D~sq#V~!#zf9X;tA2G-W0+uo9I1ubP0M91^J3@FIDPoR5jLY}L zV(QqG8k1yt%6z&Be0kPxX`WG9dcJTwAYvG|n4 z;w;7;tcK9R*!4E^kGm?L`#982{I;9NpV(4T5e$A#?d8-;{=BR}x&vHug zXm@F*bZIUaD+R~i;{q(&6M@XJ3RVmy_q^1|dMdU`JDYxJC_&%H+E2 zzsH`5kV$W=kx$>;J;pJRXN({ZT_%4I(g?rreDW&2SSC2Je51l(i6=|I$y>)uD zXThNPd8DRaMsY6u!IsnJkFR32$d=<}OAUAGbYEF*X) z<+SVSnbM1TJ=+Osu3SOG_v!#lvCORz&ebqn?uEh`#3~=Z$-<; z$0H}XaE_7Ae_hh96#0qE9c@hj&FHhe{HbyfRBhkHIM!y>ee#vXDh+`2%o zNK^ofX0Sh^#s;iv0VP$`wgLBG!yCs)D{`nu#dMv_e+ij^Jy_OCgCte~#0LQB8^? z+o)aiuLTnD2(;_$-cD!ImcE!2zN1+Dx{;lGtD&XZ{mJ)_26VyLaf7UEgB)i8nBbXw63ea<6H?76l(0!;t9%bB4}&Z_~X^QL)x9A zB?m@&D>w5cqIChVRugpoBB#>ptMNgu&nN&8Bib08o9|CS1c!Zp6g7k;LaPShI<|%A z-T@T{BOO;xD`MvZwNU`d41Xp(b0rlZ`x%Ac5=i5tutok2>&k65j6qUc<+Ss9+IijG^2YXB?er^VX09PMwIfMhL#3bq4+ zN>Hh)$9HY-RuG*d_twWp!EGGPIT8-hm|x>SGC$Ct!rs`P2C(XAfr{zZD}(}7ClX6J z@QK1^B8N6yxp$Y2*Gyat#>=gq7L&W8y_(No(B3+(#jgkbIL71D?^kZs*5Ww<0@}(y6N)Q|{Q&A01k#(pWpk0m$n@D+EC>t(77{ z0XYX{%50`-IJaVbx#P>@(+-Y}(sO`$3jqS`Mf;AGB|QL^9hE~-PKxQ+@DWq&qf7*R z%={Avts)tW$h7v7m~KB~NJcRb_9%d*M%%$ES|QS7)dz8%Jm+KmWfS%*Y*WV!E{C7i zihITAM`cx=v}kgQ1G7YsH=nf9&bV87mqTEaM(U8_b$9?y(_EF~YC&^3^Cwrlwxna} zQWZf;Muo&J2=2%n7b)kxON{+M$MI$8Z1S`LjZGiyn z$ATe1S9-WEM<8`7#F16%ZZv|JEG5o4C@+vz+eU=2Is&{otm3ey^%MN6=2ai*I{>sD z(`7%b6{fXAkrNGQ6l*}p4PlFOPI0D5FPxw4^8{^X!<0cb*HJNaeVUr@#%zisFbg(J z)yhPbCU$x=o@&*)?Zxh-7|NWK<>2u3m-ER8extK?6K4$pBD-W7MfGZNtT?T>kq6He zgqTkNs zM$s1@!pv7w5Pw^ejq|XZqtq zrQuI>u<)H-h;TDeF1P&t9S(AZ^2a3G^C3DVDCXXy+&2kWyX;I16!)l3JUOGa;GDG~ z%;T0)@V0#cHMU?}1>FY}yfo3?oc?o6w3x~wXcZM}Fhv+D+6p>_q<)}HnfoM2kvn2C z*-Pj)^iq-$rI)XqQF40KeWVmB#Wk>V6OUo<_de$)@P;MDc17NikW9xBMW>AR32Zq4 zndcb0%kTVcJTq#s%2K+owK_ROCq|Ox|Ioj@wkMFw@M%qJC-heKm;5o3yd}rj?ualF z`%4NRiq*v{PQKcuG{rkxjEKWdtIHTj-oBm&ZgkA^#=YqS!Q?Y2y)Ca(|K?x|aH2(G zzPkuLUC6!(3x*Enb2{Vf$bHD1COb~P+vUTR z6M((FSbd5ZjiG??Oq5yZ)I=%^kHs=-ys}nQV?!tR=$4RN)v=S$dTn=~rr5Kx7zdqy ziY4(ooUNRpy?om093&{i+3F{NC9gOb!m0@x32Kklc{vSJcMu4w;VzGzP9-alw{z-2 z`5<2S>7ojW02;W&VJ)8k6oQbTusw7iSFyT(iqpqlM1+>eK}d*yj!F43U2iieM@#}3 zM_fs}b@B+4ZHLM>)q7mwn^&(+<<)JN|5uyOMnU zDV12+CY4)Fi&G6&C366eTd2cOmPHuo+GNyt$i!%hKdMxx&SUXoTJouVMlxp@n1S{_R^9o@0?+!h&ZjD`daTpLVhHLT5sL)g9rk6(b%m5N zuovzGwm)3m7X^`9xPJp`R=j{uxpBTD;5N+^LYc$O(guG4-i zo?qPiD^`)yNAxhN?PiBr*sUt*Z=U{7Qe9JL`CAV}MJ!r_G>-n{aY0*}L!^I?j z*eCk(Z@8c+v7cBwZZkQ4b~IR1ew%`tRw2~g%HzQou8f_OxO~^ z9{g75iML06hB6^Cwc(o8{D}4^o$ZS1s)tQfFxbh}a+P+1u8`$4vodtYa}3o-&+#BI zuqwrAt+54h7#IqYgYe>t;p&QsqZU}rR*Cj;2_O7%RfEJ7`8HbH7B)!WEbjEmBU?q1 z`Rk!I9i0Q4WG#^0Yn%}|F4PRGQxXgh#Vh0t4}r_E-t@Tg=DDbirX7)&`ecmnfUa|F3}?{+ACsIb$Nn!4TBPuMhHDsR`+Ra3|$9z@a> zfqELV+plWh}nMec!5dZc019Ur{6<2xNWH2Xx8Y~e02#N zGMH}YoteLI;ncbJamd%cdwSNpvEKFvU5uOG&EHHA%!~`7uhX)G6oK0=e*}CqLkH`a zohTl5+Gv|1J4vo7(ar71b!pz{P!dAaAw52qA9Tut$`MT$%ceKfBE=v*jemvu%|Kx* zbh7k#`3Lz&i&-a3^+-G-X4n&$C4qe6pryBZF+*?7X24KSEUL)G8J%M4>fVq%W%`8s zlkrtWwppzXG#GnNUQX`QdvjY!B~{!RiK9i`c^^uWO2wf-AFny*eXOQZ*KH zhAuM(YIY~T^T^Q5)=_^jD%*qwUj-xYiPbuYwiemePLD@24SKXn==w5?`D%Ek-s=C- z`HVq$hAzhc_VMq#3hw(C4Y>FYWujD_|87rG>#Fy(CEc{`a{Y$ki2qaN(m)&pR{?I+ z`}PZ)cnLL`tcyyEyYQz7d2uiUOe=mA(r`Q&tf9>JX`>mwQ*!A|xu#+CZ$=NXwep}6 z#N@E_7z!whC^D?Z#eAFd#c|o8je5hm%!0bjQsqhe`Xd*L`h*?;DhibK6k~%yIFPyQ zck`b&t1ga6f0{0K=vKR3%?G2&$sd(~&tm*e=z$b$PaJsavphyR0PL5;dHt*LE5h6K z6H!#~((I1fGEEAwQ_?&cQ?#;CtV=EuH9*OlNord$IGU_dLm*qg-eln0ZC9!m&{3>D z9&;|r4CS`;`fNVMfh?}azm!?dfA?akB%Ku$K71agB18IO#P@E*UBK{UPDg%*B1qYz z|B+a$$Vkns#8u&7BHJUE(W|#gz-7NnUP2lW4_V9R?`}XCWdQrGOC3F;kt3+^N(r2o z5HDG4=)=l}?qz>YE`x`EYND{D1=1&6vF}v?s^oV2qZdM=Xp}GB&vR{aQFch1SW#^f z`}EO8jfT)UnEfr=ZoMZcBwdWCm4}--0|#Hp9A?(DEbh~~mN$=Cpq%S;4y)$+l40nD zh;lBOW2O>ZG>tVVAwM+`ybj^7J7fW~Tx;S1f;oMWc;vz#Wqg|atvQ~!+)hqEm#{_f&fb#QWu{h+>Qj3W(&&ObUpcSMeEFp)f;-9YE;>u;nNKAPTMR zwbmCl90?`U9f^S_JMg;eJ!tBgA@3_w902nGl}h%O`&%E0$13Hds^k4(5lk-tKYG7R zBK&9DOBL!jMTNxT9+3He8nkp!MqR$>ANw#N>V8qZ=MFTHxktD6LJ?XsOlv~u>`S?7D=?4-kgMRwRN+8!5sFI&l!0G;Eo(1x=KM7D66BMr`HL36*0s3OIE+q%8F2uRO zYEI@DpiUWuFnVQ(oJM%@oP6az+2jL=Vn@HyBm9C(1ot~YgH?T#0v$z2fW3GODqbty zNnSgVDwf?Z$6GP95MYLeARCjrS&W4J2Q5f{1=b}yBmMOeBr)k1yor{QFM`Dq>;9zA zJ-`ISM0_0o(ZP#ylE4M_rS(OZK_`i+abn+v2Ww2+N_`10a^Tth+!JY;e5 zw`<_~i*osEomvmxKUT*5d9(K?tw!W<36Kfx!8DM!>RLUV;#-L`HS( zqSN?iwUPj;iFtUx{$C124<0o~D#Z3bt_kn~yGs39^LJYMpXUH$Fvkq9Qo8cy7GxOu zWSetgsw1FK7^JHJHy&RF!mYFOb|y5C2^h@#8AhY)iII7Dx;$PQp#G0tV#h$Y=%K8$`I7l z3b_tvgJ1{KpGM=KyG1V)RK_{Q7HBk=J3%zD(1DCSsGzPUco7v6aoG<6;{P3%SDfAa zy@eFct$@Ct}Uoc5W)uh&M4?*i}`i}dhA#g;UoGq zHWT2X)62G?nINWXqQ=E#Wvr}d9I%M%2g)|%S`ZbwR=$!ujF>M{8!I&v%RiqyKhu#) z6D#p$9{EO1H^%Ys@FI!=#673&+vKw%R0^(y`l)G$JAGHL`bfjX>= zTtGNOfD|{Je-^ZJjQVjQk!JGUB=-2 z!M_X?7b|E)kV(VN`$uJVJHy;NX*a}K$6l|eix?6 z(S+!B8ZVwdX?y$_rK8%+j#xf@7q&aB>1io&PfIkdW%ljXRM$Yol*Gl)^;1~0~fLE58l+EEraoQDPx0P^PE=o9ny81ZV(GFDYejr~^=v28XCC=4P zNX%xgIUuFL;WL~Mb(ervkcAOwz^DehKeZKuUJc;5ge6j514Btgg*xiiuXsFBSV8wF z*lNO81noA;9J7o$WCfrlB+P1s%K=dg^%vw2n>AoQ%3A`Bd2M#AA^|d-E4t-?+mD79 zsko<;F&L5C$VnnTP}1esA{$e68j%lgf`*xLD?1@TOn%SJerA^aX_$mjNhm=e zR9^euF{p`*GhbiLlfXNu*22uf%sk@9vA)KwooWjz`b8m4u_g9{IM}pXV%mJSG2uu#ZX3tdS}H*SPiZieqW`Zb9~` zmxE>L`QEd)WAo<i{a-L7F+C-BUcI5yqWDa}T|i6v_PCQ;>8Iv$NPC~?z=7F8xIQeUO1 z^y&dUzH=%=wt$(}%3A58I?)FugpH!(Vo76sb99}{fAZbI5X*%krwQQJa?pD`a~x;B zt%$wC+LyTU4P=NG8u=GilG}-eD(vaD-RN@(w~2i&SG7=Q%|`bCqu-xy=$BO;pO15K zrjP`6y{%!+3C~r(Az?l~K5PGhYoHc`RX1lwx3Sz2!vVO1@zrn*zXITb!Yg5OqNm{A zvK>n?M*Kn?O_@ZiCjWw)|8nyGd{p2AwPh6ARrI0A9=4yr>Lyk=vr%MwBvUKICByq* z1J}vzp4aS8IKV*L64NIJLN4(KP<{Uz)Cl!yj(}?*(5f*#^fuia<%Acz9~z;)1sw7> zBhBf4q2pNiZ($8bpfiJB;m(C>FcjM3UjkEAboc$49Dpnf-GbDNn}{e`<4rv1LBD`= zfKpHzlCfu61q{|Jt zh++ud^=gy<5eZWY0`nyyy7h;o=5O%L`!A38-=4|)9N@AmTc)@Fg7PnXnlz?Ni zF>UGp$PgU+xLtaFmA+O~tTrJne=?MnE@Q;RYud8cT7c89*;3&6bC=3bAg@aUL~Qgj z(*Czc7jw8i^4Ih3Ot`Vel{zdojmaAR)6YQiN=E{UfX;G9WNb-Z;f5KhkOtx4v@S!4H z*QxNvAnFyRmHV}!!9l@PiZaN_m_lCXX>Lf{WNBE_iFbq}($vn?X)@Sq#+hnR*{T8A7wE%=a=Xl`XLqkc zzP=pw*);uIWjqvvUmHb7(p9oDHlX2p_)zEQ2adCB^Jpw$F3h!*=#lqwLbD|{h9__A zm0z^l|LK_i*MxK}kmFn!>7-+>t-;|-JXBx(p-8+XX;JgaLs>7 z$=dK&So!Y*m=bm0>s0m5R^vqv^x@PDSJB6T8_1$?di)%8Or#$}4g4n4qan+M^r&)C^6j^rWMNCM}9^(2h`5k2> zj{h}jJuvBFZ9l%7FQ$t)-A|RwwK-Vt=9-P|n8hDR*`TbutTIP24$9^#kM2#@td9t| z{mbDkySM~)T9BFuUo~-8JX!;wSPSH zEFyHp%x*HBBht*8M->bp+V7!b-kL*$33eI}l&uh04?YbWhPkr(@+w<|VY~f9gYk}I zqq^*k>;?}M<1)vrjnV(GEhF*$8o3j0>^!zHCEpqJ?$>z87D zPbw3!!(u5fuPl*alZiRFDl}te1W^|JEAYkVpp`a%`Mki;X+jk{`QiGVBk60iKBm`i z{mXTOF%>RHn98s|XtI2j+0nGBu2>vxtLnPK_r-`mKAeP*g>Skz5HABWea3yr^FL;; zD}rqAd7aB8C2^Y|Y~7B@!Xvub(%IPdwGL~+FK-YW0TeMuu~6H?$?!?djfI$~jfGNw zHJSM=J~JE&iA<6h&D$z{LT`uuMOSr&qTs3;Vk+w7FpUnz4N8&<__Gn1|GFV z4E{x52BY6HTWlrL;|rr_Vj)9h1a#Kul|PXY=s0av*noOC%+DT_%xe0 z{}<7O<>HtyzC*g#|!1%aAu33hx9d=-69HO-_|EPJP@2a%Q%DmQj!+LvG@ z_Rwi(J_a6TRMtE36|Jl@t9xN^bwdTjK{@MP+tM^wovPiT?|<*9_fHYQCl+aQm@0jb zBQ#(;+g+EiP@bS{CZ^K#U3LX2$tXy&wIGJXsC3E`0Tp-wdtx}<;0>XOVZb9PVzejU zG~$2fe~JN@|LW#qOT0IO7V2SpvLE?rba7civVr-7z@0wF>p(L1#-qYk(1GQil5Vh5;cZQv%bF+r!lDf#cH`GuW_!LOLX6>2jA{XFV;Dz<6^ zx542%N;xW5$QrC~&3G%3m=To;3};dyPe?sgw>&v2By_FUS3%B=>xz5PxqzDTB97RF z_UQG>{vl~G;gQregO>-}*$Wv3zseE8VZ7>;7^0{Z!&>bG2BBp!p(_Z*R^!s?NyJ35 zjuCJE`r2LY-FI;DRzz{REdGk%G)$|W5o@hBFU1Bo}fyeSCL&NBOgwuWcWnxU~Ua>mL)aoV& z6_eAG&CeOh{tlbeyuhZdi<%>NjIHIKelx1%THSP8^=xG*w0df?pkfol8}2vs0Jr`Y zvHC{!(dU~Op+-ikMMu=8W|V~*m;r)o8gFQbn9z{>U+}8*UL&%Nf4VTF;ZF{;EKv%- zU-WQ=alC29TYG;+A+x3_mvO!cmA@&6X&hrTlaSHTunD!e-zq)Geph-!vH+3XhIfbW zZ&7H|K_5Tzn6rKZJ8OTvAYAsLjf^R)Ol1YJi5t^A& zQeWHq&S$Sl!peh9D?R!CH6;d%2c5X&M!R)WGFk)cNjRH4H92X zjWR9-MX@nZcr*k@n=D$7aCD?Uzi;BY&QO`Zw>CNmo3J++)lKrHmXTG&b!;ZI83JV6 z27yd9=(dJsN0v)sEsm6AL1798NXt>cutqq^O0@K5JsAaO&Gg~p)=^xiyS>a-%WtFD zEVQLZhQIhm8o`DQy~#uK&rXj=A#xpDX|GQJe9_gesqFmu06smIiazDxcFJbp$jJ#* zSx`r(Difa0w_G0aZp$@Sb)J9Ml-~6Eu-apy}ypJ)p|V#k2v z;~0vd!`mSJ3Sn~}Am2L3X2FSos?@NdIMX^bL^ID>!J|u+fYL*_obS6Z8;`M$g1-IL zA8r`1ST2W=)glVv2&UmCdq#zzE9EMYj{!w(BwAC-4SJ#t0l!Q)($J8V5uq_&Q-7%b zy~vqae-8leUaHc0Odpyq=yMJVX77^=V9@^OKowUr+FAsh7~-bjY2vj-!E@+S~S*q&B$6=Kc94;3wuLc%how# zc3-yaSRexgpNP{PjkBGnY@asw{1d9j5OPp2DYNb7J4JB#WVIfHr`Q8mA)Tu&z5@$& z@st)iI~Zd-?fvsGA?Qxmr--o(Bm~Fm$b);%G5 zanYbVnu+3dtJ@wpAfHXOp|@8Cx`#(SZ{ll%Q{kfB%s~mKXxX6SRV?@n?3_vIHE%hCcnTf#jFs5HN&j=pdc8Qi;aocb6RApx{;*pM#Uk-;q zjbgBv__iZZ!P<|0CGnt_o=ng*w$6dFaR+YCp~BmA3)e{eM|%eLTH)xckp*HWBdIje z4ujfJ;;P{NyVpo0d{Ok}gZ*|ar|o~NjX$3KaPR=O63iRaY-xOX2Hq)bl!yP?Crz~5 zOeke_3wDQQazR7h4dsKGPQgm+*8R%dwReRp6uW7G+~Q|Nb8$FU!zbJ>XeETs!fqv` zj&Aj9k9>_%FS zK{YLoiE{@VQ+lr>L`LDeM=dK<)|(8%v!Y9;h;!_L4Qu1;I555`!X4?wG~zrvn8^{3 z<6fUg5xVLT`aKLp#P(PLt|&|5f$9O;s%u3on*OzX3b8%LsoYQbV)7hq{8BScUt4Ro zln2E4$kK`H#o*bCUsLIG70d~vZgF5&b)p;DxIeAfT*w80Dtxj;XRq(3tIus+0t^0r zk2PJ?IFo#RFkD9inh>pu)yPO7JsOkh^;G{#(f#1BLiO ziM621zQ!6Hge4J9dndgn-@(2@yWm8-aSCcQZ!5}-vDQK9lXh88aqs5RkE_Puy$;sk zEcD0&F9LP&f{b#j55BnFOgUfnaTy4&q_fNF?d?~KAAc0)ma%uk&F>#z{YjCr%rSjCs9Ka-E=FI{>b zy}~^J4zlCIyS>PtM;kNNMY0uq*C-!4eRgVAm8Cv3b?wTH`$aRK$wl#_>YqZqk5?l19(kjtICC%M@iRHTbq-nuHWgtauhQiMsVtNa&-J&h zj4Dp;zm{$co({f=J|F9Jg$XF%J&Tm6xudJVBsAmRZvD=p=LmRBgmd6zib&YVHSz1K;AJQ< zP)G*H1;M#;%YLjcAFIJZ=F;#UX#+CPlt=NmUv2jd?#DiQ6(|X$`M}_@-s;t~sm&6q z`6Bf0c(U?I6EC;%%~GP-*@9W(#o4OtYix8;+Q}BJ-m%1VllO>LHyP`q&5YA%s13xc zcdDE^q}Vq@JA8Uwov2$KcyTyt4z@nOp@ou*;7{*WEae&*Q}CJ5R5b4<4}f;cR+JYc z4E(gRc^NI{=3J@0Ii44u`^t!ZFSKNdtT>k;h#Fs9(PE~ylM)UnF|76Uu8}ZV=;=`d-1O@uA2%0mzO>?=o-BqT3(W}}>y-JY6_oHTe7E0CJwBt{-`kpN3^N+8 z5m|C+$(oHLo&hh>cpTO$w|OYj*|ZiyU$Odx100nY$+BP0LAq2Gkn6C&jsQjDA#k=) z-u1qMYO=HaWQl<+o>;Zd8qyoT+nfTxx80T1@a7yS_{<#kV31osLsB92y9z z8}5I_%kcc9=KQ!O6DJjCT@5;DO5{*dP#+tLEeCR}aRvtHq~XF%VulRRfZ&Gz+N)ld z=jn!5;~_k$AlX8l?OJbJd0ZNu_~n`O=8~Pj4qNnZNg8qzq1d69I|HKaKb+n-bl;oJ z6JPjz!$21RT;%kv0vj^AbbJ`Pj6tALy{C}XgMMt+YNz87 zkd#Q4h}r{xoXL%_@2|@;uiuSf(d$Xx1(3MmCnT@87CzkJigQv>9 z0>_sfCO7;rFgTfZP1E{j3%+c9zU7xSmLj`Od?PkW{nbi_`RtV>(FMFh24|&$w7E-r zAd`*>`#7S~av1wb>>)%nQ?gvz|4=KJa5IWXR|VCNP`HF`rNNc$5IVxrg88a`v@bB9 zNIz{IH~EOXYnG7^AMe2IRqXM;RoMBcwNlw3WjYpz#6R7^rioSDN#1w=%k<*(LX+kYFvVyLC)kTi`foVLfc_hibATSKN|=Y(dLu zh1;~zphZ+Q1`}K2tjqTv?#a#$_sz0gk~l%`&ZpHkIxseiMWANIxc6GUBC7_pmERkp()|c?voqz?&$FO0omcV^f^rwaC}s=3n(OW$8#X*??G5&Acu&hEPIK#i`0IbuQH|VjVxxr^*y2du+p6UQk_HV+ z3I;TY&{wq%`ndOb8a8U|&7wG2P93PDy(}#`Z{xc(bTU|-^hEBEqqC2bKBeE9E^gxU zXu@FQRG&%eK@F-{Ms3K|F*phvneQC5Jv@51U7uDtGbiK7eaF*8b5r$HZrbwh#LN|z z>Q2OhOz_4CHpe8~OUnXzYEWfrfnk!T#m=enniFSi4ef4?+}41-xPy_ylma*mb6kOi zNI5)fYcf&g#Sm@dxx|6#(&?fYEiY-YK@w;tEf%U+MC*=C~B12J8Dz2_Kw3>e1!|GQxj6YH- z-Lh}5dtdDN{ec!N4Erkb6!t;$de2G8X?i4;4jjX>- zxXc>gn!Wlz@8f?$MvP?E)0yWk!eKQ~j#e1qq6>U5fg)09ohHFV&| z7MlcL&85Sd@Bg6TKM8upY9$U`<>_-IXux=@Dw|>b&w~;NQuwL`SMl849E+i_HnjI& zXHSe3=%!Np8Dia z(9Nclt@v&2gs#nla$52n#dZ*f*}U8|Fwd;Y@w}9j8YvbNz1u^&`8OP=OPgS@Aj`mGyQ1FI=Fn1vo#PIT zNn-TAryveIae|~2JKPask>h=GGsoyHxbI!>5i?`|H!5T-Ov8>0xffYl!l1UEv z#(lP=>CONq@0uu>Sti`um`@&BOo4Zw0nN3gktC#K*_YZj&<=5ZeS{&$g@Mv1$vry{@5R zo|{05o3Pj8{YhAdKpRgSyIGFZ;Uf)_@z&C4Rx~+W6ON*6`n(KAEN&cl_G1Ug)MYH} z$DyyUMr|mT$v)jV6bz~N*4=pGVq2$yI}oXYd%(z&aRLELPo2O+Sp;(#MPj|+kk9}0^k zQx@rs&N0*1s500S!tOVOV&Z}D;_Ilu(OIky+%jkIpDCvjx}N zo`0>KJ*NJjFUNwj8BFa0*i)p?pHsF{9MqeIUWsS&UZF*WRsL_ao8V=)f%(XbaM`r~ zZOwv{U1T|KuTLh~jltY- zy_zh7pDtj%^fbrY(W1Jjj>h=&{eufdMh_3;#1@#Z<_LVejl&Jn`Pm${wF?j zV1e69)`Lq9Q>I11_Y8>3H_J#pDZN!)Dc78d@e{3B^*W3=?6PUj`B)e8 zxF`4KA4}WX_d>ckAQdd#{+Hojuq6HXt2aFMM=k8SpwZ)u*5-qc4(U};(D9ntTV8qa z5hdL&6pZXhbHymtJH`1E5y%Kg>_ax*Yp){aPlhI-{Id!kPygNi@H_UwczgxT74v)l z9|!2o|CrP6w}d!g8js7CPfe4{OFa#LJpMI{)&0IYltkF$atyQc*3lkn7qR-*=DEH4 zHo>6eK~Y;(`s68@qwQDHN~^{WK5E~DSokLISIC0efA3kKF&5Ch+dlkQ)kHCFi=>^}~ocv?QZ(SF+^N?W}QQizw#9aNA`WqQ-}U~?E60BG#|rua}^(>6q<9}ecI#Kw@@W%Qnq_nPXQQX z1?g87{D3?648WOXJNHvJ{$`947@o|a1%6n4$7}&oo;TKg?Z_FUH+EAm+x`aOXV9Y8 zqj>*8Z!uNqRiM3o7ZU#hDCBiO!n3(uyGW(xPUE5g=vmJMKF9w@A{lDlEz0}{Sgs8~ zs=9i;)fc*@B%F|f{7!%8$ z7WPB7Rjy=!6c-SF+??^pg>YCkQ#y8O%0cW+#dE2{;_PM6$R{`jys-}LCVq*qL1x1h zUX{_Q&bOy$gBE!|nANM!W5#8I+`(+1_8kv#*>dAIcY9Si?~2&q1EkAqx>MS)d|iE*F>2c*X<26`6}H~q&&>3Bl6qE z-1nPJ<&)W-0I7a(>GiSKjnbDgP~Cm`yG|jT`F=z| zIO~vbm1+iRxzm-cD2os+a5}xpkSwo+k~{tu+vCYQ z-9mBfN69sCR$qu9VfqJfG#l<%Eja-D=MFl^UH9kp8<_ZMT8J#(ylMS8Qb(&ikqQw1 zZkO*cs%EsqPXZ11?C&aNXyYBjZL*?UfIQJA4k#na2BEt%=P!^~cW6aPfHKxp@SrjJ z8)_dwt~hM;$MEB|4fC{>-$DBtXH9+Q0oNk+X~vxbHVmhwa1jEe7be8o~iei zpMhchEpXvB-aWf{O855aoj=YZHrG10fM85pH98V@r)L^0s!3tofQSOp0XW(~-buKAj|p5Thf}%7D2;uU@j5W*3mBhqP^LPmH_O!7!85f@ zwJhOrYp}lu0AQXrrtlV#0z95Z;K2DGm~nrmA`>_R{D0Y$es{?WRj}l8j?W%D8x8Q; zmId_i%=tT>jiFvT(04&jZ*#HKn*fyQqStx`R!==uwkm4+Y0d%Og%}Y6C_~KQEpW)A z?~pBbkSN!oAG7)5jng>*y{#wam>vLVY5O(-61&mopP~QRA$KK^?QBm|HWhAwxYKyG zo!REHDKQTS(09eY<#S+Bx-;)u0ei!@Qq?X~|7KeVI#`+-6aTgbQeWGtt&xgp!TvoS8VUNyr*NcHhX{_Cg@Lh2)zZ_ z4BVA!(EsX)R?s7rO0BdfK@=OnqfeTMWf$%@^^z*5L2Uj*jC&otS(c>!o)k(tOHzVcAt_hvUqr{z(Rqpm*x zKzdBQvYBbk^`Wf>awo(O`RTE%)Z~blsFmfv!Uj(5u(FqC5~FjkEcx0_=`N7fA#cUV z;!^`3xdFEiM1>g?G&=mTtfG;_ZW_Qn*-aLya%NPqP@lau;e&m z7d*0a+ec}(l)Uw2GW8ZHP;Q)m7)nWqsX8VjF0{YKN}2bAH|YMA%tGAkSqS1Z3dg}I zvcOeKN(Tt2$K_jI_0IN<%=&|ur-Hf7Z&>5cMF&p2t9+3^9m-FVHcb81+#o4E4}LlU zBED4<=0*!u$V5?Bm2?`cJsCi_aCtIi>~7UcxQBxR7X|FTuiTSoF&T)+-U~oHwEApN zvU&;cwt(3e&aLI}x&L4~XU;*0$^7s;GzK@xrINNX&!BEer}7l(0w~R%hqw`33u`gWd*8Grw^>M!-D%N#@D2q)`5&I9HsArHK7sSmV>j z<^Uw=jmxG&qN{?|$r|5g!3j`n68`a?F}t6bRP&4s4K!#*BNu^tb_;qJ6NJw*SN^i$ zy%a2U2VkeR%^BKPZ1u{DtSd0E!eyBpY(p4_xd;uO*!6K4UO|Y5jP8dF)vG{^yG+9;C^wUu7ii7v;Gb8zsd= zX_R=Pq1@Y5o0HfXW*q^*OCxmD#;U9gt%Qn~=VJqNePUAcaO==7H4=mUtUKqw-rh%iA#7+0C1^VQPx@h_R>`#qtD; za(fkS8=_ft{`{|Irf#JtXYL=68RzN3S$z#qyVJ|() zikxvXNn6d?G!pebuN_G)WQcW4Aha}AZs%<|jIRUzlyq6a%%?^-UTX#;R3f!xUQiH@ zj@vQ`o1;%I23VL?&_f5^mn7g#TJG@VJ8sVWzlT}@;;rQ2cbz-De*j)ClFmXxCYRJ- zwPq}NeO3#Q&i%P99M^xzEGaPPh&%T^OUc*1K4m=iI@=jPG|=qM%ORR(>-d_b^Hqy} z52z&hI?hzxyFSwKnfzCg;I|*$H^?j10Mi2+YFruHWOLZh+Vy>CmJbVX(@Bv zoitbNZ4+=B#cNqq%D7a4-L2Nb5KF4@I%wnt>`PxmidSU;F=Ok>1m~2V06QbRwSfFK zYe!7oeUI|qp3q78IaEne6k2h?GKBu=Dtjbkvn?Er*s+dUzS-P>+#iw1cY*26D;+u& ziDz$k*fjbZtVQ48JC0Q}1%!LB%z|AZL&u??h8#SMsh37ySwc2`e&ItKr>|Z8VDyXO zdNH<*{oR|IJR>`$24$f;N8ru46Q#jlhcfs9$r4QDuEN6`UEuv;C`CV>tNTEdKu&OO zQe9Obza*X^BPP+a3#bb2>+e`s^1k)&+Jg=yG}D4b&iO&2?5kY$kLpN!h=l*%yC9SB zw%aKdzDl?tJXYR{0`%ah#RR7r$rZH#$>G18$!QaA!Pr=;8$n4Ih(DP50nZt0#f#fN zSBe)-kzOZ%6WMabl`~_cTn-T}8>vMe0`p`Nt3nc@IT3Wc9-vWYGpgYQ=D#RSTZ}wL z6H1;`T#o|Hd7i{cRki(-VY?|+=e*)OEy3@mTu}Tw8ITN*V+Wsb7FC7x$Y8X+@o9Oj z%@hYdP_s(~ssuddiMX+X5*fMpPn=hEbq(Vs15#|j>1yUrT2+kLwJAZjGq%4{&Wvf& zDDn^C6W))|J*}IWMs+y;4=qhe$>KUrsQ+kD_3sP}XPkPd%F*ox@5OhaKfXH34wE9J zg4a>F4H#hcYSuo>`Wq0$qp1obJTB0{Iq^7`QTu7;s`NPpo(n>j*x*G5xJZuAEwc6b zOb_=nPmq%)_=CLVIK2lbBR7?NOpl>?Q@pIm#G5}Wb!HZ$CEp=3uLclx#_BD3qU>YgNscM@T zuD%$s8~;~xZ#S$GS(LuJz6dF?fa5%EE6Y_`4ittp*>3q7?S*$)nLcHu45W_15Sc3Jc%s%4MPG{Y3GukPS>AyPN0|khRb62J zDI}@lxx0W``VJ&mnWs$eWym|2Y*OsRM+qecPviK*n+kM|xL7i|Ym@h%o$ZU$g5!67 zez~>npI>vm^xge{N)=xjT)7QC^}oW*8YmaFrm{AAiIcFyp7w(mSmJ3tix7xCJ*7P< z)s30W)9F<|u02iZtd;H>?}1O~QdHSHTQ=rLE7jkRGpE4FD_6w>TwNmpNy5iR;5Z9- zc=E9jZy?2av2egeCEbUFJaO--GN&tqGE(RQlRo=<8>idz!Bd3PUih!!d84qKl--UW z9;~ap-5q`2JNz2^wm;re41TYMaJvXZ7L{DGAgp5=I&c}|K1k5Nw0-h#L!kJ0Zi+wT zojlmj3k!OXdJ;5KC4}^=2Ec*~j%^3q&uy4N`;@6ZgaD%g z{oupNag|`{Pv&tQULmGJw)mo|_p%zF^JGgk%uX99+fr=N8N9r<>^59@eT+1N`b}E9r{We%u9-v@pobjN z{93&%NG<1JcL;-qJ+51~%-v689obASkAKdsm{E{;@9=Kq&gPzW!1tRxrVM$gZe-C; z%?_x7&0kHYF$>Fof*02D>hPjr_BD{I)cblV@%&GaP1vvb!e{BM{{Rz|fZYS~%)Nvz zoA{F&kCb*sEDp7xJ)%R*ZT&aCoKQCWz`@!~Kg>eX?$K(;MxHAp;=SOPYXLqo-Crktr0>V?U zrL#H-ZzcQwk#O{wx_T0Ml%jLm$;jU;UN_8hx&7~)6)uTdH3pwYxO}<{a%e&w=Rlns z`{UmRiQZx$m#;%X1#uKq{Nf|N&-m6_(!?ZxIhfvWyvM+ zz&}(%YnM7j*KRWXZsVfyU%%W`%-}aYy0C)&aSc%8SdHS!art>HJ#p2Fu(^=mhml`K zUtC6Qb9O=S^5dU5-WJST-yd@VvJ^1SM^cNgf^9&1YvJQF~fD7xbb6Q@-9 z_(+-8Hhjp%@(BMvUX*I$cOK}_h$VQ4P|6cT9qUVm4)_Bp0%bw39YlVCb<*B)UJ~MG z`MA-#W59UbcH&QQM@N~UZ*Na#oq&c_U3dLOt_NQ}87dXEto?YAgju3)&~+6F7RPYH zQ8?%9*Wr6#tZjx)>$X}vMEJF)=m+86y{XceKyP<2d5;0_dctXBe*Ocew041I) zs_6dNY)pLhlUA`HlNUP-tTf=T$IL@X(uYDm9g%B3PEPkJfWt8lV=3b~nfK#Yuz z6tyh_UmSCpV^>mw{1Ug7mHmZSkQrz1Zw>X76hrUiyL$yzyXzm&O6z^y4}4Wdc=eai8=DAijRH0$RH*MAi-SVe_guYzw%vry2NMFn1GHC~_zeecq`N+p@oH1#XL}NCpL17gJrEzT8iLGgc2@kTI z%$&H%W^Y+U)^s>|#LI8v!SUIk6j=xgT=)z5hUx-cb6|3K?Qv8GI7}+=x5k+NmJLVPc07S)4*=B;bN=iIV-4ph4Z=b~w=76Fk zxVZYnD@DRDi;i3iiekOA?2j?6>9Zu^830>Gxxb|N79UprtjBdUTsHS#8v?R7n{sw3 z9y-?9A+6J1NQaHDTNBUTj2+S&TrK-5@A$ZTSFz`x>ThchRp8t8B|z)VAo}#ek%%FJ z_&4qEEQj^QwT&xF1&IX$#Ru#JFJk{1Q3cZi-zcQ1KTr(ym4TEg*>bcy8C4oxPpxM# zW(R6iUiJ2!>WB7Ri!|!DBbqm2MUT1!!(MIBFzmXGBo0W@gM|jB#|6QXdqije3ZaSb z?UxxIYI#VsB>DPd@DX(xz$0Hn*&G1U5`X=ww zZ5pB;E^GSSs4eD|CKsLpN4~{}E%<|fPNVO$^G?ORXD2!8ClWZ6b(YB%b9_;tOe03;vZNa}$ixl$dq93$WH#&$L;Rz?^=cjq8}9i(z>k*RGFU-5;y1n(lp- z)T-=``lau0Gopzrdj&~jWw%5#eH%Z&b%vX{eP`jyfbFnTL3C(3HLwAjO9qu%ECUC*f3GQZ77s|baE@?8t1JbM;|`c!*@{UE0% zDf~WuK{aL3jO9qoLq>NMxZLJ<&dMW2tp%L>JBz~%OxWV9jGF@xHdltM7a#`zJonHg z5rENDXggUn_*8l*W`VA&g*7^wFG@Z?*Ho|A=*Gt7*O=X()qs#|Bt8U|DQYrzV0iA=kF zXdvnl%B#s}TA7S=F3^1=aARd-)WFj}->M~(Xv=aCGw@XI>|y=@$p80_l#c~y(7?QH_aik#RKu^ zGN6OFNivKZkpDP~pce@%KPRONWhI!j1H$Qq2TLg7wTcz+8kzSYI@O|?r(OKThOH1U z%*73||MkFrI6=Q^(4A|ou8`i9VMJmWN! zN8$3b#Y{_L?Hh(nTG`37&C+YK>qz7?EI4N~b=I4%Jk*E1(vN~o3+owN?FFI^-2Jt& zv(Iz~&h+?q!HC%eLKCap(0T{|fO#j3_XxkH8moViaq<(CN_tMxIdVJg#=FR8Amv%o z%-@@n=UYsq!?wR|AEA$|4Bo#s4i^@`8kKJ5xmgH722~4VPG*zrOJ--1_mP_JjNv}< zLa>9c9bS??%eYc{Vr-*iQpV~-n=R43)BKqrmU^Kwx<{w?YoX!Bby1AO73EGrTYG>` zUGD#dtAziGkXz|JX}S!9yrQicoxd~JKXLX0n9YI=YuMn%o7nOw(hld{7ur;pr=L`X z30FA|78;ZXg`VdiB){~Z=pY4?s9au}nAF%Yn~2~aa#YLod%iB9snq(Kuay~;Y?qdF zZZ%s}dG*@9HuU-S;!NU%WEF4|(Fs?0R*dko@ol1$G=p*rX=V7(AC!X({{D~#1H%}! zBi)<7ze?X*)XOw-BQa%EQVQSiWO%%97pl1X)eC~&!SNqDa<_SOKluIMUWuU;Pi!o+ z2Ye%KSd{cntj~AGncxK$NTg_eTqM1)3;ZS^*EF<&*TLuZKpfB_DM} z{6(dDD}rI7GPHVXj6&VP5re2R=mFhs{nqwEmw7LAV7$0@CQ(h}V-3lsx~LqY$wPAH zD^A`Fv-Gy1etp)`BEraV(Sos4K*(?HNcy*eW$9%vyLIO2h*)CseWE(I{K=Jtz}>gP zR~M6!JAM-e00`N+Ik>-}vx(#iMaimNbEFD?sQlPTq)UV@k9Z}%bIn$M?Z?JZeY0Es zn7K0UiPbw1wU<)MQ9Q;%2-ytrZuhlN5}OyKUu=x$=SR&+M(rS%4Hjn!qdujIY0+Ui zjw_OBLGzXHhl0QMmX7lUFq_3riQppL%39NW6>jGWrq0f%pnv0*MfE1$Tgi5qZ|?Fs zXOf%#IW|z44Yrj@{k0A$iZYnpb|MQcfB6pEnJeZ&1aZSlx59_~75c_J)?cE&`jR4_ zaFI-whmypC3nf2BG!W3o-UO#t+>#t#D064EPV04b;{>5*%>q7PY<@7Kn8XLPxzta_ zJP}4T^pG>7mfc!6y}Ea|HC>Tkv^hGQWBw++uVJtce0#^Ojy?x*;^s$=c^=`4I^$s8&B9HK><#((NJD(;{tR zH~gS4V+IvID+8x%0$fHuezB3y>A9l26d?Q2muJaW5A&~y2fJPhHk5MFE3-vdiPE{b zTz{6_P3PGb8!phazt7Ed6jP+_Y2wj)oWj%_Rpx2suQhxD$E2LG_PxK?MB1G8u|Awg zHiDR`q|D;5;>oWtY@2S$q&(+pzv#y)c+rIYc%R%M2|TK4C4}(7&tJd9;fC+8%OCW( zbM#6+;8LM%1;QHc9E22Wejy+IO_lOy#sr!3@(*lR%-JNSS!zN{=#Ku9olJJ9x52-% z9P94*KjwDJDU3HWX~bWRwH%23u+OvF@+mhWR%gzJRrnaPt-80G33}##i#`R3Z3oA> zF^GP)x!JATq9?eZC^{ozkiFzf8;QHY&SO@}18+|H4r_Mz90yCPP5YqFug-4foCe{! z!GuaElaQqgsqXdj$!z=qHZ{n=Rly6V%BEG6FY}_a`^2Z=I{me^(5ke&osz5o`O}9KNlnA3zC%?YX zKV>3G5rF1S6Y1rn&rzXPBb|)gPbP%!cvtb?K)#2u@x<;?e0mLQ5njt2lIlrvgD{Of z1B0QU>tX|a!_kH?<1TcXb`2Ep8zEk~fi#GTPdQ0p=WAFbYu64HMt%62e|0j3RmCX8u*I{m7b%==#jp46}CH^3Regf>RgKB$_JF@RThjZQGUQ z>V97Kd%5_Iql_x??JauA^P1YiaEGGAd|KPz<`)~yQe{GHCj$vRMsinv!K3n4S0JP_ z{R*sN`}v_bnk0ZFx8aG?@g`R~V~XY!`=xH#AE+H#YccbQ=e_atGg>?|`b7%5`wGNG z^q1pS>KdmEJ@T6VWNxGZe@y*wBxkvIU1E&>d0mbMk=s}uER?5G=mrGg+Qb5E-kR63BpBoQN7^$RF zu!4pLx`$i`x7KRZA>xSRQ0N;K&_U`YJH}AU_I7;#;1|`5m7Q_ohQ+2qwrCCEgQ&k= zE*Tdz?-;eU3^Z8TU--j{z(Q>|RkOT)H+kS4LYZ5tS|N@bQ`~hORhY>-GUg;5?^|vh zY)^c8y^;Pe#4Fi{G-+nm;5Wa%3>A!j=?gI{=0bO)*W zZsyD!GXeKv9wagnAe8fmP=EE3~Zr)O# zW#(m#l>grCr^xS8R^#nvvd39X!wTZ%b6#Nc^7zAnCo=SM*GDx{^i5j^LB0|SP9des z`aMX*s+oz+U({#;i18bm?$MilC92Er3!$K4IR)FCF6#<2J-q^tp)J~;w>~BYD*XJo zW!FH~%PyEN$nrSc^ilc$W&ubk0QoIe0-`{Diwr$6UI){iF8h_ZXd9_>;_U=Uhad0c zSsV_eZCJo3`4kh;t&=TXCn0`*%?UG=nr=C}o0F1eM55D`^E{x#1J(5n4=VHCz-C2f zl5d@sp*FlZx&3&4{>(+US7`cqfOXo?GDzsXZrL5%(#9#}m+$pC7p?8k-NAa554$Wq zfnbYRyW3ENrtzPDSPcHtY-IsM7bJLA$5B>eyRF+v-w*re*WtIAU*Yy5lmY6JyyIG9yhx&l005>+inh46<$tQ} z)|e#!$$yxXc4)~qK2v9EZQe;jt-Jecy+haGVaoonjj5mgfyY7EYYrxS{bTl?c{9cT zS-Yt;{MC9oel4Qw{KG$BAr;?7sfr!Xlq9FMNhht(=i0xcLiX=L;rd}T5M zU#(b$o`8*_MU8Th5AHuYaYpXq?E(N_IZ=;)B{BRKtsvtKKO+)lmD4;zFJ3P0AU!V^ zW%vuL0&&45JqGZZ=CBn@sR>)Enoi+E_q;5HD>sYoe1w~a0-QV1Z}x$i-PGbhYTEVm z33Ea~?J`}sz*>Fg!v_;Q-!=kkzQmAxv=gQk=8Zmcj-|BqPhv?iG-g$OP2Voq(x}

H6c|93N$l zDs6M!BYWC`czs6CG0|=oeDRf0XoAxyCE%9X^@ax;y`>j63C>;3!}kz5A+CibI!`4? zDryYoLN}dpf6;0qqA~d3g~r05P5^`cNJ&Ii^#nW*%p@YBslAQ07%{h9UC`UWH(GB+ULM6ySmmU_mUj$=Mh0eAe zA?2mIA*0Kosgq>EH2N9?yVAlE$0TQ6ALbR0u9?+=2?cu4Tgm(zko9BtpmwEhTy%i_yi`w3gGePBYM>aoP`fHio#e)in=l_#YR&@d#%}RK`aCMb2 zJz0OX44$uJ6_o!b{UN%eJ=D#grNA3ftHJk(jJ+F;FHx6ml`j&GCHtrllry!s$uDZ{ZfhYoUI0nOO zk`)M1DrFV^oKdvc4*6I%uH0PW0FOp6SwQ|;MlH>5O{>N*{_NFHCK-4JI7i(>%h=!e z%FP4!^k$6eeKAu{ill}yW>9`f{d6QDpy*r^B#`wclbk*fm~|vq+@PtI7GF84Ty)vc zK&tdGP^)3da*b*hVg>0?MjVf&ECVU&EV{z?J?Ngz2-04<)Q&_~hg7Phm}2r|;k%X&b=3 z&o9?7-w0@EyBBxYjYLXwre)v&F!wjtuvg$J?a*7m9%7{d{j%8TzGu`STJi0r^&9*; z;K@<{D~W6e!e4vq0?X^6%@-D|PhqMvxh23gGR*S|^pE?o#9Y^0lhnFZ4#&8qXs767 za0CSb%&nXW9%;VI9Qp4ge==wb*Bkv%f~uvshg3g6XNKMACh6y-^9!g6=t;0%6C^34 z#L?=ZL)A;%j~{{@*W1XWCc@q-@V2RFr=t!+qP=bqV5k*FkkkLjD%v5CCAbqn2(!4Q zh z0l#vv^Hxa@^EZv?R|ywW2(j*R*N(}hVUT=I(Xq9&NRX{0N@g`hl3U6xpAha-5dB$4HZhbOX$3Qa$!3TV9j>-(%Jn50_bP=9R-%?ahzBv#qc3K z&7Xs+rcsPskHmnWok`X{kQ|>bMKv==6K;}(hguw0#JrtwXx%N^)5XHqi#4dS0B|x> z>G_x7zHdEkuDuT*LYk#+E-lj~d>i|R1%yq_j<`RGO^lwie|pi7M(OB8wbMmI=}Als z+R@PmA~0gM^r=Mg;cxu%9Lsh44++It z@XJ6Q5Ioz{Eo=~IQ74enzRsbq(;!|_S^{E&wZK}s$Hk@a1#-afUg%<)>sW63vauq$+QUIC%M>`s+xlZG5` z43rHQlxi36iTsu`=6LP8^+TR+-03w%Nbl+!pKvtKSvox`j59p&0nTH{UuvB$6s496 zkU&&SF&9IU-9HNs{cJ#H3nX?)-Ed!1yIgiYAW8xzb!t-;cm z>(U|gsct+|oVXU?iY7mge^44u57N&Nuw}fPiHj9(CG~)jc;z>cyUWQ7PMZ8Fixbmx zTB%oM+8WRDfGd9MZuTePznVwHw!`l^3_>(wcD)|ucSpa#F$p(r3P1bAf(m&S8#4W9 z)9tC*xX5-HWPj(eHv2_!VkS>N7Oy7#M9WN^7X$~jNQzHj>KqVGe*;(@(ax_T@o&ToVN zWt>jaExDPgftgELyWz*}V#Jwm$231h!LiQ|)7#*i*WamL<`)sA`)rqieMoHO^XPM& z{7<5sI1)+jSIQEA&8W7jHCQI>dSVSu_ZQK<dHL+L})!Xmx+hk>6Q76*gweKG^E z?AUo3yF07ErIA7|{YtU`0Zk)@My92f)~pOV%v_j4en$-~8H+w1mR3khEe zdWgRXfQLxA@|xx>@M*m)$FNA}@g?))gx7JqQYAkL-28k|oNnR+knTSVl>g*Y5(8LU z{;yfey!(Gh@yqBBYyx@AX=;|N9;Bw1$Ae)19U$IVOD#RkYsU{$#PphdqQFxJ~Pkz;h_%dHu2i2`I#6GFtG-=f6J} zn81coeI$3e9lc+~+c~E%5dGf50BYK?lH120aBgV~S~&GAcWXnwDO9P7BBat%qvU#c z|FO}RGKRmRWi3ehV0}}kF(&JCq$@tfgwv?J6xqW^ilkev2=BqBTNTlXfx=VdNHJ)t zxA@cuyfQo9XiNMT@UvhW)XP48B5_+TlBnrf>Sr(f_}2_sU(#m-!ve>zf0iA8iGeu- zz@_=ij7k;o0wH+C$XXtpFDbsj6OhG|)yimk>wmrTCZdppe_c6K)kVG&t=dO`#b5Sy zWE>zPl~cbWpuND4pHOgFPEJc&3B_V2pjaqhwwS0U`6w-Mc7NVHoHpsK4d@(91_dor zVK?E$2kJ{P0Z^|-Qjibv)nuVEr8{-EEtj?P^hYfy$&pXjTk2ju7hp1R8O(O|1gHfV zdXCeEz)4c3~H8{x+=d1z1|3Eqew0Y|*@m7k4y@<@hc{K(56Rq6r~FbyQgpy^mgSA2CJs6lWhC4H&c?=p7i9=IjgU4|pzL|pdMd)2OUbR%gKul>9?pqnlr%-^uY4?me zzVj)`rz6%(hdlUtj{K~NXLf5q3m{!v0o4?()c2b4)$IfCaYKao<-R^$$I;1m7P0=Z zbae`63ub^QHUVRc_ZjdgrZ2(PZ{w*so3q(*B3X*O-5)&SJ^L$oDBoD-nbr2t9eGmh zN;btWD8Ynu3%fou6n+0-=`%F8*VX-(K3zc(tPG>m*-QKi`$-@wy7Me<6a3?1*y76@ zN)rb@Y3A_A?IV!x%jeW4d@;M7hrZKWZI{PQ)FRnW>rZ0h7ph8D&?z(aHWl#*r&JqL z1Ul^!^w$Xe^x;3Lanr=tatx)#SG!^uYpF%z>|b`a8In@#Wz~vFVDaMOll@g3?-o$w zFt15KThT?FdX?2Y_zai1vUs4Zb(V=9(;Y8AT-Jpw7M~t^f`t1LQ2$-`>8Nl-i%S}^ zrn3&m+?qZa4cq8jHCuYX+QM`MjD6jcK>}&pdY;ZctcZAF)2}UoPX*z3(|!UB{pDmS zUJKH4_B?ZH=cBe33w!$pdyHj?^Q}gH@QTZ7v61`qhvaDMpYOPgj-Nf@i-3MM9{oGI z0kk}Ihi#?w*C!Vm%^6?0ZmYPj1(q@RE%=(haNsJD;5&eYH(m0;sRt}Fxv~cHD)dj} zL;DB}s7P9X_?a92{g{vMX+5?A%c%X1>mt}hqo2hC8IRHx0Q+~?8i%IwQ@K6rA=*+^ zIh7%j3#FFb=6=3#qB}#f_1l}CSGL(uL(HO?9#U+A!#o|d;QsC$Nji3-l^_? z5%$$#QMTK=Qi9T=pn!CUlpu)GAs}7Ssg!g}NJw{gBi)@tmz03y(2aC=%y6Fhc6|H% z_KCmd!poZXePXS9-SHT63wezk>aOZcAkqe2A2BNOldz1^dM>qB_)**pfo{cx%}y)R z9$j|>@eKR$`t{@T+cgKrGh-v>MN8MRP}$2; z9REBIe!sM;iZi)3iDvyyHmGn6oemvZ<&5B&l(&mQc)&0WV zqgkii_q~CF>}0Vpmks*KYPdk*O?bOE`T)?x7Sd3#JjKA(Y`=ER+|1!24>j&t54?w| z^Es51F3047&nxez2(9NErb2YmRjKO;5ghz9JGFzVSIZz0J{Nu=vDRm7A8SnEJ_yyc z;u|ajCvst@nlaGtLHpPPg3sQtgyRL6_UrvdtD{ged5w|*%pjB{ zAsTyrsNW})7a9MpJpS#_Yu+L>2kheuAFioY?|OM>AZ^o!h(Bz-!&79Y75 zWvgCg7ojMW8(GD=9+-KF*CHv)*FSoEr&faA`CXznuudV_X9cE zhL(?%i#tS<;aX$*3^LCzjdpB)G34h*XH0T3r>8`$0iz)IA=N*uVXwX<*UC{6%}>f209f$}fi-RPEr2}!ak2*WUOf@55% z)3>BXH`u`M8v;bGs`Kqm0_)ZMyDQ$JtBB6Bh6Wqgsa%lWn~Jfx+>5EA>(TaT7U&8k zKi-^vdQPJ&Cs}EwD1iSKXs~^BKVF~jG2Y^pk?+2KyAlqlR9PtGm#?hmA)M_UnLhPU zLEL6=UN|;?yExCYAFvBGUI9^8F~6d}_mF*)CVFSEN`H^lRpXgE~*hmi8L_;J<^(3Qnkm?N@N6qn~(iZdgEGtE{|Y!#MZg} zwV$z&L^3?7Ghh#E>ZQ=AuCIUDhloD6d~H4PM9qURSKv{pLhf-O5z+pQbc-zKAZyCP z`M^_8;%y!`^+kb6{wi-O**ir%$E#wwr5GJj*Gy%SWxb9G&krN4cWYtR zaby6jL-OT>1D)sD<^>XB>JUTMhs zb15~b8K>-v%}z*m(i(KZ@VK_i3be_(3ms!!y|+y#_QEOkFrFg&eFq=eRPq7tz6XpE zc9h2h`;u z%te%JdNc@{7Sz|MFT!toXwC~5kKUcHZ$L^Ezo&i>&A1O`n?LJTBpz_Q zFIXQ2;=M=LqYs>0W}CYCxP4m2-^;D`Z=^^P&fW4Nlh4<3irjmIX3M&ZOqos^uVpK7 zw!v-Ci2l;6_W5&Xruma52a{4 zOX+jWya(1wbcl(`LEeds%IVjbZQ5FwXa9IqPmvwMziX5fh-#hPJh?3Q{k^2>cyLpH zEww~aUhvkTGkKaDiE2=)6qWovH%Ygaw~H`W0biz*`J52geo$^v9~*y8EQTX?CzNy1 zIV|>T>*h(BQBPsg_xLAVREdutA~B_@2NcnDclO51JhaE2Te5v+`+Vke>SIS8@p|nhVIL8ex|w_>Jbd4y##5_wjP4S?0tyK-fpgFCkyY@}fp9m8CGeUmu zvR=nID4^tW4K2}bO(BQbwJJ-QsOHg=KfGQYA0P>qhnmi(({M zm{ZIG!;W0n8-ov++)8Qt2jckCtxstrBpYq7_6O+Q)XFMr(#6@LnC~d!V4SGn2tiZ^ zSe_7Jins(LpLf7`n{<M89PHQBPYJOVJ**&Qv-Cvqzq%^Sun zPz0W@5Nw2Da2i4mjcLEnRCqE`cX&baDl#5AD=fg8wI{`!C^Ee6(f* zBtj7+2-yATv0=Q8a*R61uAgb^N|myyM@CNI^&ghij5dST0&m^onbgau;?tSvWo|Ot zW^9h|o}TsD9e1);Rex{raMjJpu&CXlIw6G9ExN zVv|t4U{Y1c*fMFXRcrxvg!~1DUX4ls9ECaXx^}`{GU>vu_QFx7lgHwjnza6eM!-4k zP8KW)(rT&VO-%7U#{}sn@6>zb_1v@&DZ5=;wBHla$-5TIBhgcy-BsesDEQ@OMRUw8 zb(0wEgjjH%BFgWqZzpz<@bEgz*wxWl_qXZ#?x{?=O(}1PUlWZRtnnDOi=Q@}T02A4 z&DDUT_Wo2neO5Hz!>}b#!%I`l)z!@0>|bX-ILJH^PpOyf;2^`UZ)ZN77F~b1X%3-; z@P&5Qm_-5REW7IM1KY0BW^6SPq()DCjIuy8_ z$~ZKxjLNL}KO-p0X3Zn0HjIs(>@Vnly&)Z0p`;TJtR|wJ_v_^H^lc@LBe!up8(MGa z7$>xkR4OUu4}-74-=DHT`l6YtZpL?5(X0r`z3R@hyBH{(TmdV~Dtf%ilQ`IhjOu#r=ElZ6t# zd`eKZ+;UVVl)5}B&ZnmOgkeZ8K;u2V>rP`AR@kM}LJp?4pQotX+l!7Jsp^(x{nmr@ z!SSy2lbV%;M*HhuWjUh3e=56HDh61uHXSOp=O!5D{J0Bzo@hKqg4$hVX61>wc{#Uf2Yo8z|DLGwdKPvDJ2o!`xtDVw>oFlZ7!GpVK!7G zqxW(nlYWyxWxQcisN#%P)2$#26e_<>1==>FV@AKO$EwDGMz%Dj(7=HK4;jFyCB>Ef zFVXr-4yTJD+l9iI>qmSaZg2Jcjfb@O%!jM zpAp`r{uWisc)?|<#fGR91y{^t1`_J}>nc&9*$dXI*yB;xt-)~m#XH_2gImRKMPHT% zVngUk)y2JqVUY;Dk#+xyk^VCTUOl6ssEaQj%vy6faLzwS%I~u4M4J`sgQ*_GZa;T- z?kT!gXa99y{{VWnS}U5&}y^2p=2Sx2+n*2<>iDG#+4%50gJ zAoHfu8#l&0>lS0>$`v~H^#PMgxXaGvW7-gbHFj>DJf40hU`77vxL1v??gV82PbV_#e0kWFlw(~QNd*A|MR4#|{7m#n1KvmrKImSl6+G$$%6k2y)ceO58Rx7u z;!G8^s^BPbnQAt4eI~_usi%8xO_t5NN;nC!`><@W8)o=hiusp|8%%SecXYdj)TRpJ zY4tK~UJdBk~~V6lL}xAx~Pxhk|vtrI&!uW;biA;|2&@1WJ<5t^iMePet|dn zK^I1Hhd!F*`gxrjqxjuPg5+En0A=| z#(bHb*;*D%km~GrCS?FP4?*5ApPrya2HCvX2pN@wx^IY~enBhfS^7b5nRgw}R*4pe zjV$7a6{%99Apx9y^mj<5q|ph-+TXrTC4#WG<2z@QX*wZ?OMd_CSsU%(-kvmGx(w6%yB~KJD8A%0q%Z=jtHhO{HuXp`+CzWhrq%~1+1eaBrwR5E3!Vq#{ii}r zpHIUxIm=fog$0>8-9m$ZkRQS9PER6yayYyhb*wKG7-FwUE>Uopirkzi_lIv=$z8W< zLq#dF8?}$YpYMC6g|@7-R09332XWKY_%E?ZJwfB zP!@TF_owD?9-JLOyCPnM4p?XlYF&?CP7f4G+_JZf)+n7l`kj}gwKy}$x}8*1tyxx5 zJZ0~zl?8R-)p9!Bn^gs&Q`ErGOS&Z93XPBuiAlvDn}m*lPWpxUPto2z0AUenG1_mB zOL&OB=%_5FMg23JUWS6Ds_mdWgSKf}@KQba-Q|+^I>-)*0z3-A{4xn=YHJYc(Fgu0 zD=-u@nDGNQvMXMLkTcwrp3|_151MciSZXPXf-M(Zjuyj&yq&A>*GumlG0s6}F2lDo zyCtb;tRXlOJ#vLN5~FXx@gkvm$Jz52>~oWJB6r_al1~4vOtNGQGjc597*Y+AghDag z7jp1HErhP1?)@E&GilDIEmoPL)nZuYsYn00t!B3n#qMnFi);MtaH#*Sj2SyM-X#6q z+|lf{H4Jm1<(IXeh^nT;`r#*ueGxpMl@I}L9}KvBr}7e$BQIm0d(x*l2_rmdp7FcZ zb69F!S5ev&9D;C@!gQ0lKJ!-C`7{ZzLBK&GOy#*f>|6)w>2>@flBHg3PawdX3czh& zBf$m+^9`*>1f8<6D9C__R0ClmX8Zj9=Qax&Q4k+0jHEbu>X_bH+Uu~wmyyio?My=l z^>3T#=j-_>a--eYn29_zoTz6~tgTGZ{5M**4%0{ygUCU53(mN}hKr@L{r+B#bMPPJ zXU#*VBm=n?kPovHZ~CXXiP>GY9SP33_8Nx`z-0d6wDh3afoxAN|Gu#zKSuS=f;b}& zLIAYB;p?Ds)Nq14u*Y5W{fX8jMn1XGj=;zBJlidS*s~{f{duSHo}H%xRq*8gY|-yM zzFTse->N8!Q8-|TZE?)#-!#q zyanzMHFuEIZLhHB`he<{^^#zX%OcRTp%JmKQvrZ1v*~)fsDtVUVr0~Gv){O`=ung= zvIK%nRCWJYH68ish!Y+U(wH#irlN`Iv8PHG-5>9xHcwH^X(ty)`rz9W_AsFBQ)BAO zTQZM56=%~aw+>-{-^ZEZv0IoTToO%3+Z4ujt2-X0beUu-O* z)yhbpkN#uvP{m;&zY8zFIzhHX?exr~r{Ho*;Td%XVMf6j7i=g*+%*5WGwMex z>Gb1kc*ueo*?{dLIB!xBZcx2|BmM$7?bQmt0kbog%3tgQG2h0vwP9Nqu3)If{&iRF z3XBU7UOAEAB9L}VkJr@4eYb{Z>{An}1(YkJnWC6~p^vG9$y}^;xf}u4L&;onAeEk` ztoc02y!mX>w4(ovkxK~bhx7a;?*#}^e~Y-*9pwE*Pvf*I>lfSB{gfHTFAiGo;?%2* zwkSHRT4A}R`qo0R!Cg9odU!5uZdX;q!Sl81*7qo)HAFL}P&s|-=nG((fkkgLHHn$4 z-iOYrYZ`Do;S`4aj4z^LZ_5!sc@h_UkyfwyhkKs1c`4kWIjK=7CbN$k#h?PeGkbuu zy>MC0LW#`B$w50g0NyHS#@|yPZu5V3hf$IroYajvrOQctB*Y;O{5<~LSOo1vm^k+L0L^z%w%-+}wEQF_MuAg3+^`{_IiRoUiD~Whfb+ z2D*#Ua2oU7&Ej2uv-(*nT#Bi}r`mE}1LAm4ilTnS@hWcc?ZGc4-}FFAc^r(#$r<;( z*D?dyM;u;h^lqD#Ji1I8BFLCIC9&|aPb131%B*{vQD#17`a1FU)Z#e$;ouIpUk<~+q5>UiknbV7DT>M zD4`EJL@%;Hji*v5c(4_c{3zX#Lzkyi03%yN`kU0K9?6uFux?J;MGrP-6I=^+e7U zl=(jSg7Fy7bA~FvfW4I8z;Cl7&_c5=c0GwXD{j0-Mofu_I$P++G6pIqvV?Xrvga?{ z&$nP|+c(Gh)9k1LZ#X28K%y0kCAI+)po=?b4AsfF%m!mHWYOsHBK6W!q!+rq&c^LFJH2vOvKc zMlL{$=SEg=3nk;RkQ=$UPo}dSUp2G?Z9B`N8a}scc8Be8sn>t`Q9K4wPSxcv`gg~! zhtWl?*JaPk^0k(XTD}yu27mNSjiJQEPY^|rqNv+`9Qk(`$#<3U6FQ?xYfji#A^`)1 z5~p!Hw|tWm>2!O~xk49$iL9lmn_0`+QAtkGg;A1!!G3;%`1twwY_LJc#es0UKM;k@ z8Y#=})vFVt-k5^1BEh;Xu|30?5cT6>fx8clXEUakA?j7Y+Rr1pW>QT?gTso>1Ae9Z z>||N|c=!%ZpUPuNIl$CxAM3jN{)$>22i2jGlPkWNhm3iru_W*>1Y$j;O;L(@y%1OV zd*~PLio;)**`0$!@l?p6#GFAN2To^Cc`_e4lfE(SdOe<&zC|h3+$v~VqpTYFB)K$# zKhXD|C_nfROr%u7=%;SGx2^bY5bLjj@K`ZCcxp!uGRwdPu@-MC;)jnI~NalY4E?(jtptY3@bByKGJ#LU$2FM#Dg zHo{-1%eXOW;UKr`$=-#eB+Ag(a4QYWg`5>!^YyNmM|q|;Sc|Z;T`R*n?XMBT{OL@u zjog{F9T!EDxG-~-WRlsG7RdNyXSmIFN>Y{CeGZM&qDO#LZrBk2OS+M z7l&pY6}+6_UcSfIBnQ1NJGGH=^wLqvDkcoGUl(4+y>HmsmP(nh^EYT=WNOv2y<2@i z5S@K0;yBMVz%u)u%w^@7xpuT@$d$?&r6rYpwBs{&)Lrk)+oZ4vgFqNiddp(^nsK5&aZ%@~7OmyTpw$FU{>o9B!iY0#w)L2kD#zIUf<+ zd;OIBffvB;H2aB*N($SnTHs1-0?U#XbwSux6Wq2kQ8J@6+{%<%w@ragUS4O! z=G1G}S6u!!?UjqqZgWp5`^AQ?!5oRm`er9?TsZ%g^y<>=Rg%CxSaW$ zUOR1?*+SjIH?5`)75XT)(SE>kPDEg^aJ#4t+`X1`QkxH4&XbXw^|w>@JKF18L^`s5 zv$CB+_q?us;p77f=xHC#v)2QQrE>9q>6O*Oi7#GUp|imN(_nmkrZpna!k$#Upp==< zB=mqiIUu?WOD>JO5O2wD)hun~O(cw`lH+&EBfEHaf?TuxXUR_W&kyvyvMz4^e6Cq1 zk%m7%XV*L|Dc?tfu^JnODRnkUE{l56|82D*z8ErUp{R80T5&|Ae)ukB<8FP)F4V!X zhTr`HW+PPk48HR1+GwMHwS50(z>p{5yV@#Mr>sNqSli2p!@ zs&4#&`=!Fyd6OHg232gAo~sIXc#dk6z_G}rju|%dj;$(szvIxG@ycIz;=;;$={N@>*uOY>_Lux#4( zn6iNg*zA7T8Z{Zn7BK0bbMUuV&rA21v_9^qyWqW4lZ@FQYouSl>?K3r77kJ~wSwkE zliFQUvRhnBZ`nbqub92&$KIbq;EnM}Uas2>I9l|1gD~}+@ij&&BuY3e3 zjS&wB=z5h^wP_IyOQ2q6sRWE^nocvwN#043$EXB--x*Ywm07d)7egar_z&FrzJ(4{ zm4NwvB>*P-{YWemIAMT#$$_)S@%MD-zYZW$Jhfl=gHIe3z~OSGO!TB{UHr|J$^Nh~ zr)KS!G-lKG4)t=Ib}!#i^PDG`ae0Ox1@Qml#P{S${3i`=@+UE+_6777^cHa-^-$va z;-D@SFT3EMEDZ(=`tc10RyJ6kO?a1|`#*w0AkrM7 za1)i%e7cc-7t2QOPILD*UKiZ3kt>{o~? zM}uT?&VUZ1JBiJ#mPz9@uUfaYgzWBm_Mk($e_}p!HQBPslc~a~hR);-DX4X%TCeuM zUD*t2X?vin2ISBId+~7B^DBeIcRM80xhHW9i|WABSoe4#!REL#TtLE%OY@0$b~*m2 z^v1)evmkiQ)=!CM#+q|=x4%yc3J=un5Qkp>LyKis6=?0!4fpOHq;{b0xF6j!AB~ff zOBljYmQJ4|9`f{u%ILT)cx*e;x`_-yR~)0dN_TdLhi7q|{0S^ELE zGIzsq!P!{dZg5FI1@{!;^m231$_iKq@qFh~A`j-hakzV#_aVi|Y{o;Rw24QZxX)TZ zyWE3Z4FVebfH8jlCpCFs|9|AdYca#2Zd#DDmTc7$sgUI*s#S4lIhGrWcMg`pf3bYvsk&G^Uy~ve$+_%zZS5wV({k58oOa;Vp_NW6o=+9#n^AtqVqEyUE z7bUxBVcr>X~S0KCDIT!zjuT!~IbB;IIGk05ilPE4%vG{$j zCQ+_i2Zp4`X2bq2RAN|>jauYeKuVL&XACFu@%Rhk7smD^6gy=N&VducqCIqwyOyp5 zjq1Sebd_O$41;hI_M0g|u)*GWs_B9h*fr3SPA&q*zwctUMD*y-fsbK;kCGGA7QnSA zp@QxBNk`}Tk)P}FG>x;#6o$6{=a%H`+hc$KmdBOEP(qCIm|b)_3}{W+1)v# zT<)*Z73$Kns?ki@-_Dx?{+*IsYxzkObEmVfYU{U z$!nvWh#-asyBT^I*4Pb`y`XZ;9u_s>qjB6ynw~gdZt{NFwm5-ETmq z<_kX90y|d$=q(l7EzptiaU^84%XfdyD}l-7Z<22ZG-u=jG0KsCRMKw zE7JcP(udC&iIz9}40i6<>Mmz|st=4lMDrZDsV$J6hlGHK`>r$A`_i^oKXtMs3ZvHH zMh@b@RoVh4oE}oY2qinpgfMi5w*NLJn^Y&L_BWJ z9ZXGr$-4RHxvb+e1K9Zu`KeAlJP33Bq)+$fHkZNa7;96?xW)bt8!H?cn}$f)R@f5u zPPw2g+1EpO3$bNMVz*%t&RrB#tc9VjzI%wrYC?!E++)Cqk`Djn!cc@NO7P16EW8WX zSSEkM-+cuocl7YUh7K_uE3dom(D1;7in{36x!`A?+LH+XDyi2y!}$lVn@%ltOYMgT z+%9hGw7yNFRsP&Adf0XPqHYqel;`WBgE-n|R~Bx(=7D<~_Hk$=^_+`f%tc$4T%r5H z$|T9>`wt;TpZ{Jh>*3#p&KvOyvYnIYp^Wkm1}9c-ow#RLQ7`x$yAxNZAXG%a$v-Z*@jtu4_oUlpTy+3+(sw@P0mV;rwd;58<-zVp?A_SfIr zp)Nbk2AsGvWku3Y`GhIP-z;RL?w5i7K-$)TqtyA_rmM$rBb{OX;-Jt($I+7Wt@}|Q zy20Rts!}G{6ygI)LzUJigKy$4#IWMT_Zvh@4k_%Luv`vhonbljXNP+utG6ceWHW98 z?^Yr#kBg}tWvxqj-psqG(%x8Glt&hg4LZ&-s#TQE=GNHhm%o?P;Q2CzG5)@lh)L@O zO!nO@&M@}Bya04qxHs%K@*Ei_)bD??&a%1qey5~|sCBm>J*CgiNGfqvN$Yexa&X3_ z;kKszq7r$F{G&qq3tlOHU$8JIOJl;}7ho*6RX$JFr;fSoRI96on&tvGe2($<@_RGq zYP-lwy4o-nrKA0GJ8DQ>!e)zN%+9SjjTt${{k_nkJa zz56D+sAO;)Qx?;;e|!L2YmzF9MC2TEM|cf6eZtNRohf5oyn7`cXECbw)Ig}bcz*`= zV%p-a)92gT7KHz0WRztv${KZOC zIq#f+v6}%v)>X-;n6i6U{M>HNCw%cQfI58YBUm3Y=JeQ}kA(H|t1QLRz8YW>_Vq4N zmTkugFa`XAbtCHn$AQXyMAvvM*DY`yPn}EdNcbaO%PmXVI=H%^UL9?&Dlg3;5`yGx zuyoG^yir&7Pf>zj^xgb@U$9>dm_XKt@9&fq@!L;dc#G~*r^~@54;>yZdrwey^>cD9 z&>`B>yy3-LkNAGh__VzB(5s~^ib%ltB1PsLIq=0KlJF3}*0CG2IQG`;y!UAm%iv8@nUD%I-SK0VriLLu`J(Ua?pIe5~^2=hdBjX zG9t^bIY+nZMRAS(b|ULy5Fm#r6c{%b}s1#v~x7+>Vxwxe7vmcb?8yV zm5yl8R>5Ou9rxulXRQ0jbF_TUpJESa$4(yAeMoNbeYHq_71hLc`i$#KeH}#ZdPw~; z8h06EHh7MS=)NXE>}o*BM2mNNy{*8q1PUf;=d2KxOk&75H zA7FVOa26g9>OGl2YeHI|rk|P4V1md0)^Gqhn8~`=%kN^*qZM)=92LS>mnnV}J&PRf z6_iwXDkT>zlI-1Mz2`l6F9=Z6+&%?FJyA2#9tw!Vs=0mox~5hV22sT96Qfz_fkqQu*t6`8*M?0XOMrA+JA47 zwH5wH%fFbGTqfbgJdS{nU$~3rA6B&t8&wUP?v&%|57;P(5~AgYjpoVWyd__-15}~S z>44Pj_}O-6o$djFy)`P7qx-iNhAb@@?%zu-7uy(jA7u$H?@sY58V?`M1FP!u)o?{b_Kc~#mQtU7=bcfEqDLI*~Gvm{+ z4$MB|XveBWrj)u(F#8_}-(OHki~#Zyv%gdPYllf-6?k}YDUe)6GrvF!^SQe(5-Tiz=vmG}mdh6-|C+o+@3 zbYgQAe^%Zb;0Ha5FS#%uWsMDi*V13q{YZpxK*b)F2$LDy@`j@zF?Jeccf?lH-ANx= zQ-A)95rcw!8E9l9LfF6!TU)K}$J6Ucv&}uxzEPQ>V_L?*!q~u`DWeBZRY#WRhN{Mi z4#`ScQ=`M`KcjHfiF?uQI3p>?~ zlSCmAnz0kxp1oQXs5r_#M6R^uNJU%V-hhi1`5FK6m$Oj!**0`ea`=+zpBz=c0n4G- zu~?$iRaZk?$!pOAXEn#^lSLld)tUdjlL&4YlGd|TZLug%`U_u{w?}pQIF!I9qK#Ax zco+=p&Qiv=(*DeSt~7*MN!$*F)n7)0`%FCe7nuoXn0%%n4rVg_UIA-?ocM%eAicdB z&fYzc^UH8<#TKBAN|?X3Ry0XPGCtzB)gZA5R6Yn!0?K!qRQ`aD3 z8YF~v?2vhCrN@uQ7?Z#>fBmR~l`1b*;a_)SxcP&2uE z%IY=WP-yhdMZ$j|(lEpb;@allLep2f;q)O0h6@3e+x92al z!1ffT0@DM^k?N+u`}2Pzd4J6^C~%NSEW<>)hn_t5{M709U@}cD&Cla^50! zX@>ZJh#$(UEBU)m{reIBdnh6=i;)n%Wed?bD+UO`*Vu*TZ^q`a^f`zewVJOWp{j-x zF2gmSO;c6J&JWVGCVCDwN3tetxl^_PiN0VTM=Xpq(O#yF%CM&Q|U9RFj z<8>;JTE9Hs8_fweYDc!i+W<{R1%hGpbei7 zCOA3AWUCC^<_5p&zqMTDuIIn}gicn6H0DWK^1c`}=0mOxH0_5Gr=qZQr zgy-`Dt6Hzv(1ECoy$$_~XQm$@0hm-j}Kj$iePC1~E}Wv$c~NW(a)e zpsM=+vlfalp0a5dS!;g!ggW$gHDv9xh5N`GrmW@^+kS>)u!Z^&bNa3#fnmZrqN3u; zpj$Ak{#x{vl@ZZ(@E*3IK=7pAlCiK`KYK)1Wc$Jt1(e=L=rV4I{I?oKy5}2}57yoq zTp?_Ac1r5fc7bw9(#d~pnKjuJ9fvfZa50)rW)yPu7OG_zT8k9Chk%^i;aA3IW!RrW zd7{JluRrXB4qN<3ee{2N^DKDz9F!%&qb0xYhu#Z*nr7YcfZ^#}gL$p;gfT}F~9vLgfDv+h0g_dI*=jfPSZX%^0WKrYSdf+9Z_ItmUJ z-mBl=F%z}WFu$J0?QFW`Z6r;u{9B~*U$YnaMf_KvAuYPgk1WagU6|%(o%B6YMyq)4H>#q-mfwx@MgDy7yqA>|kQD2RZ`ZCxRxHj{d zqQNnnHfK4q)d(USv_4||6FU#B_kG~3>9|-x3kN}6kzV(>1DHU(9K%M{bG?#qLmqCU zF8eptOmlzFkN@7li1V137+F1VD=*z$!w>73B3gW{#cV%9|G19|@bgT}nyU{0J(u4R z38(^py@G@glLqAm#loRCiSdK&G4Z;3y6@wi@s=%KxcaVVin!6E!uN`4LTTW69ay9lzuAm-xFi=k!eu z=9{d^It0c#qO?vx3ZT*%PTi}tY}vXcI+XjHSp02?oZpA-Sh4yMS*?%^I!p7+;Lq1i zwSOyN{tNma$M4%yHa7{924l$K4v~OmCI_3m_7iqJ1B|{tW7m6&;2JY62*O19 z&<^4ag=%L^i?Wpq<>F0(2mD@mCNj9c4G~?cY>>m~se{dkECH}zZiK;}N&2B5^T(UB zoxC;nU`#k5(Ln0SE%_Y?(A7&_!EX*GR=5*;zeZtnG4}@QT9#6FP>>j~ zabJL3$$=0iOetGfMT*!RMMb1ErX@I>3PwRdWFoI~B~FBs?h*)ij0S~=?)+?u>v11M z&sYYXyP6%eK>vrs=C7*3lUq=a&DbPyWc*Rlm)jG5aDP-x@E~qjmokq#xM}DElQ*Bc zFdRw*k(r8yL7DIl2zxpBe10XFl@_?GR-}YIe9slVLs#5qtA=Evozg|auNaUh84ED7k(0=v|O z#CD8&a(wSWA1OvK6JDk@$*4-%Tg_CPm>NPrA*34UC;Ka1Ko|T%w0(~Pt>PLgCZ@3c zw?*i(Ua{#j`5(n#tiwS1an+5~gy!?6@?Jx{Hkv0$_uHPD2Rv+P zKk9P>eD1AcT&6`E#@B}ZkJW*~+=24fbd~Xr-UH~$>6je!5{sA#q;YnH;NItU;{Svc zIwbgIRb{~3K$o-{^BtQh)Qrg}g6 zSFCNaPk~cSX7+1L$S3@#+D~yaee5HwdlACho;A!06a|#P_uAzzXyKrH$}qqUZWYpF zhdmema=6sKU6%l%RABtTXW}7AjP&6(hDvXXc{T^O&;>>L>IajKci{(rTzlUZhl3xE zz2`b5A-}UZob7a-sfeX4TIJNZk*Gg7Qs<0OK2GsBz`1*>75vwrESqD)xmJ*SH8)^m zs5g?@;ni^75vHt5^J+t^NxMvd`TgVH&k28bag)STjz54(u0fl>Ir8Od{XcHOetgej z{#=vCG^M&zgIvd8KgdCF+hma8ijjv@wxoz4R?`u5$`JegIdx{Fit4baK(J=RAp&je z#HuLLo)a zB--zCFT~){(=YJ5?(Qq49cOo^PZZSP{IWqI;FaqfmMlKQH;P^=y}!6|ne!*HH)8>m ziG|C&Mc_8ToZm=H9{BDfRx4l_ELiJ6R-Pbm+)F)CgBfa&K?vo$>^1(0hf-P3-0zTz zeqYGRgMF!EHz@2mkE#0{5#ZVw+nz_GKZa^uZeF0U!g;;BE~ky(C>IQXVzJONz74CX zfh&;`pMSWG$9uo~E4Cl`6_{_STLK2|<0%Al`}ry4awS-4Xu}0h$I3hL>FM$&>-tOh z%xlfAG@gb`qoe=*P69tskRZQPm)3vYE9|gLz9ylDfNgzVZ%{fmo0qrW?|AIYe@dYS zKP&U-0~G}$!UHKhQ}fuUpWA=~`CSNShVBb#IWf3TN$pWz&;$p+{V>k~FH9aMTAao= zMhu60lcI)utrOSQAJ>M)9Ib$U_a9PTbv!*m^WCWmWScr*+4TaS$gM@Rs?7r3fD+TP zG9pjcI@*|cm{-dmBod0ue-%7jCMT^ExrF>l?9U+SdKOHRG;W1jS#t8~%Wnz?Hk5}E zqgbYbr7I8prb(}gPYywrZ9WO}LTvp~hc6a)e;XzZCk>bPAXe=w!Ada3Dop=oR3hl= z=bNYyE&zAB{MffI^5&)nxdY|T@=1-dvli@C0NxYAaHH}<$RqF=%{ou$bsy+QTWNr* z{=a$^K~ls6T#cfL_QgW&0~xg}V33v-HO$oYQydTOfEZ|cR@3oKirrqedHMKdoUagt zb(%hFCuboKs^16*att062LVKAt51ul2)jGkX9QyM)v#4(n^m_*Om%~yT{L)-2b&i?h10{hGY1PZBm z^S6VPFZ*;}8$+KZ+mJWQtEufKg!pK{?Hxrr0yZJ?>35eC47#I9lbKdW~pZ?$*%ac=u z3Vqs5T=%1G?7{53HzUr&&@%vFM_RD4AUbxF>xa-3cYG-7+*aogRv)%}Iaoc5n)Yi7 z5S(l^W!H;h`ri#&FFBIJe(O6;L z8r9IZsnluDr6P z`w+&tdo?S9Z*8_b-f~g*u^WS&Dv2$n?JgNB=5`aS#7@;pmtrr{>nIHuv9!! zqqXr+dceNR9&PyEXjEAh4b(-RYeP2AEjYSCDvW_`*xr~tsQ&2E8eZ1 zZuZncn7lXH{V|O6d@GCc)aotH4$=)-CjzAEh`c2Bw{7#kyt^9q;Ap0X)VPQ3sy0)G zxTm(B^KR7Fj(d|^{D+G9-^FSM1Vb+|Md9-IN+->=x0cvt?=G}VSCY)~NGS9mmtv=f z-bUg;z~J)tnh4j+p?;}Vym(xhjUuY;B?ycdQ<@uur~KUzD^rvIJ7)<#eI;HUOLnOqr42tj#S7Pvt^g z!F%E`I;{t}CjU?=8=8E0p(Y+YFQ8R|f0yErpuIz|AWrykQ?6BHZOMhMTmM zwP~z(52q!FKOB8=|MdA9P=CfQio!eZahN>&NY|V!nzQb7{N(dYiS`el8joDz4v@gk zmcyTx;C?=BeAZ<5AoohBi(6{@Ay+Wtv-Gb#i-RuG>0ZaFu?=J*Gy>pCha3c&;B;*8 zv0+C_r@|;=Sfg7|O(;`{m^HGU8`QD6r-p=_1j$G#-3xHLIH3`qu0H$^dlZhQE_VjL z1-n1$X!HJGmA!RXl6~j5v8O-5l|XwkWd`D1cq*$HoTIDK_pgica@Yz%fYBrC9+YpnP~>-yj=(!^czd`&5RN_+DS1vK9LZ zl9U`Am8ojW!K%j7}qcEmq4^)f{kT;M41mBVq43=JGS_=QP3nv*&LCm%VKrENl>V*OuOqM?Io=^TKqqdNKoxAJPccF8ywh9T6h=` zbV5Nu^3mZ`kpKpAlWFb9#8>TWpxS zo0VW27aoZwbpar81m*n2k37#WzZ&UeSA^<(pLD6lcFAvNZ zu&lq|5$3xTFyE$lta<5Ud8ElJ?6!e#ZK^zX0+YtgBZ?zrbVp2m6*V9;n@th2oYoGP z$4C=YXYq&YM~3bk?F%50q%OD{Pp0zlLq{CSziHmP{-BscV6`n;ih2OHlK@4x<}OFeAOZYJSJDLmtNKgL)vGiELB0OjI3pA z8aXmea8IKj1Cd|(QI4Zw7@E0T=>}EJ3~_FouG09o)NJI$b47Y8`=`?efIjs!d8?OO zQ4Yf@Z@G+Y+*F;YN<;Z8`k^RT`&38u_v(iTrO~=?;b8a`2Reu}> zIEwJiwD#{=^*N*@n|^x4F-}Bxap@zm_2%|9C8TetYn5+m66^AkR7C31mJ~IXW>F848^CXD8 zFVh5|*|xi)*0`lq#+F|XZ{CUa=_OOeHC=aa&829ypAYxY%ffm)y4WO&nzUI|<0P1> zu?1I2^zrWpNoXHU?lQV>_Qb}|ixei`sjiW6gqtowBv7%NO5Qf^PFcyR1c5?QHh%~{ z=xQAhkYuUdGfosGY9B~5ez-lRg1)cbs7lu==qXSARBgakRr_P*=ZXfOVy;e$;V5`_ z;VtP59y#wPWButgheh0_O#7id&I?WV5$?DqqzI2T6C)bmBh7?I(r0#Nq@l#?3c?CP z7=3bx%1S;&uIDWw_V)(G5ZuOmA_m%n+(*~B2mPHzzA8Hq5_2h3(&v3`Zfi9@en|v7 z&g}Ki58fN%2Gz|Eutn@Jw5a;YO8b^wC8PLp)s}c4;+`Y7mI1frn}r~v(Vys!Tg|q4 z*aT5&W$j5F8~U+QBT#UL`Of?Eb6poKvBOCgN{%csIZz+r@V7#^-+GBotoEOM;OQ}?2yH< z#W2SCTrf^}=0_S+rVEOTH?gCRGb=rTu`{LCgiasYvpz6cZ|`4-r8syWFXPVkTvN>0 ze%{X`baCDbmQ{U0lCC0FJ|lmVI7ze}qkF#kq$E?qwID$~54cBdyXXfuw+s6TD%k;1 z96AI6Hk_tbJ^JYYX%Lw(JmsRt4V)(XgS6xjdjBm9PtNegYQ=b|u9UTjGs^ByDca%Y zpspFU!JzI9_LFIoPO7*O*&x&T?NutU_Ul|?f3;UUno-SW4bh+JOBC%na;4OW3CI8b zj<>VGqOd)Kn(aN7+dOJTI)k8g15J`HM{+yLgNjZ41T{VtN5#pIQNLNk;u2stS0GwQ zLA*J2Pcn98Du!TlcOQOEXQl^sdpZ*N2)cZ^;#YL}qivB>d4gE7CH5xmSbwsk@OLTK zjq){)#lw2FL6m3SnJVQ=`%B^M6LzNpIId%naO95jc(z#<{}xP7QQf>@TTZyPB`TVd&mUySSfw>J3*O zsCE22Z?-amxBe52j^?J2rB8S?0{v}1!nwDeL<;gy1{j5SKCBcMvk2yGHvetN7 z+AMvI2dO2{cuD0K37>f*b33J(D4$lNrHH4{=-|%}9M5CFYwaC&t!?Nx$d)E1H)r5D z!<|e^EoS>h)e%o~p!7D^Z?+9;G1g&cK`zM=I%pw<+X?3Q{g6tHV=GizdVu>Qja*++os!lZ)iD`LaQeKjC5gge%AE`~4xQ&9t zbSjN8l;SA|Cl==KUm})rpUfa~kmn8}x+FxF zc(EOoygTI>G%!m>U>D-o$u+4GJ>S=GH|`O#MZN+>eujE9Y_k5+KMleY3rR~1p zK;jj-pIbtQUV2!h6CcD2 zOZ?i2yl=s#b!Yl5)7d@6b0=URVq1SL$Qfk*D&EPGlVVd#ZL~IF_f8eez7)_?s4v!K zqrRqAp5h2>sD{(-APB!DTAsWG!OHut^09U~Sh`geZ*!7Q)G6fh6rB&R#%-yncxi1^ z&+04#uJdLb%4H!cG()_C0P)B7r}SJVBjaHGWJWlNgmxMx2~Apk^`5Gn%|IU zA0k)=o6;3t6suy=5}rH~pW|PRrBUh+>EkGZvL+T&AE3{xT|0`f%enXg>dB6@A;~;T zMmBw|MwQncf3p^#gCm_nt4r@CB4xWR8w=|RIixdGZl@|g=Gc34NvoYxp1nwA)3=<5 zu2!qaT@+`(PwVp{!zpzU6Qc%`7_`O6-!2ECXf>xr^eOc^h5p6%+6?Up9kj{7_oubj zg!E&b33_A*u4&wcb3VmGRZq3b&|C@x9BwFInFzm`XPRY40314J@psh}OzjQ@gu@5( z*{ja(4e$$(C~QW`?tR;j-8ZSPPm>?SVHqx?f6l)pG85OYWb<+eTi>Wo?8v z=6f(Ye?2pyzn_I#4LEaU3G{I+2C?t)=T_RzpaS={#Dpr}o#AwVw`G!ML=ukz1Fuj& z`_u@C0r&4t%RW2FHly*r@6jF8L~kGCksI7>`A8SGCq_!zZPeler1Wa1Wx%Ytt;_q> zvqkOqC$U-%4v*mk~B<6CZM1FP$WgUhA>u}+)Fxy_*gg|tkshKi@{Ic8` zHW6ZXN>CA`1@?A$4N- z0xA~|0UTrQkSaj*>nn*`ngXtPY92ShffU*P(%^Zh8e)Kdwms!Ps-h?|OKcM<8^dcJ zD&*ZjtCm!^1P*kJPRIEO15j%M7Vwg#KMA=y5O_?oacj5^G<6u)> z#EF9H;p%hVenha@D=9TMHi-wJI3|uYW1^7oihtvhukS^EJ-@71`!bfJ0C;TEbDpJU za^RmIsa6Nvo{a{_9K*7wpU++p^Kk3D0qhDR0DVQfgF>qUm4+-oSzO?RsK9vj47G_3 z5#c%IR%0Wgpe2Q8z8nMMCOlj%wh!vFZd^z}f29?9r;s70z&~}gD{tV)64g6$dAdO} zv_roN7H=aId8)@eQcXz+)aBUMZyo6^?xSiPi07!Q(g-|G51VC9Dd8nZ1B>??)%LvD zA(oZz+4Q}`Np(l@h4-0e>{oaI1E;X95D-hWQkIc}ev4xeG+Lj?RgmmKFx}mmPu?%M z+@I7naHHz$*&4uCeVD8IP7gk~YF9%kQ#*i5lnfR%SD69hOK0_+%`U;71Agg<$u5#=Re0BrL-3P@W zP)w*Fu4k*!Ve-MP5+}yXgk|%*iNX!T%yOm*i~WpGEj+i1q{oQTKaV?L?3tje#;|^w z$}sN-rCt({``ohezUCQ1t((N&D^9ONP^sA#BOv`^Um*s}34WcABRVljD22;->IR*= zXO>%BbJn^q3ilnSe<+AodhBk!uoAajTxKabaod;Q-;hi4C!IxnwB$seQ*&9#?NZ*l z$G!275HkxM#f*KZr8Fl@JPX2Y@y;{!QqPeu(;TBsqpCU@cjmhzsNYuix?Dls)&mt( zA`dY~HX{V`+qvogJ_Q-fDU;c8qA%3^3Vc#h^I8D=X`aPx)8d%ODRulDH9rHO?;JAr zdyvhs11;grzJtk8gHzC$>(*X7o?Y{*&p*y5jy*QRAlE0JK%_ZaNhMyeph*@7g+=Qd zWPBEmn35QTfw~X78_9=DZTMX+Pl|=kt0J2=03F9SkVIqy4@P=dlgVY_(gj|#2oPRI z)`!)znH+%X3A5KR8C;KD_6tu}kSFJ9PtH$INRcg?1X42}y#GEXA>brVM}yEVkiieNNuEAELG)Xq>2D zJ4>klJSZ^ERCwkWW5NQ)%NWz?K*=F=usvf5q9_M*_bCKbF&6~JV7a8t+1b~=1?kt1eChHF`xg2o>{V+x*4z_N4+U4Jl&Ed|IV{*v?EZ{aI(MO54t37}t6ybK-@3lx?;N6bxd#J4`d!s4; zQdmA;=LGJ&h^#>0*5GqL>PdA2Z6-E&D;<|lxqgM=r`;NWUG48sxUl8=%%%?1dr*LM zQ#>l~iO4;5CL{Pl4yq;&G=jv(Q%?@qBCh(+lC|eN(kS54g%a@&EmN5-CFS2E8KgbK z*~AOHinv1Uctapg+a~GF++gVni>2-I9I(C&S9DCdBMo~=zkv&~W#((YBJ`MaSl6+hcB zN@65twGq-+4O?vwW|$5aDl-;OXIqgB#2W%h6)RRftH~k`LS5HA)8By%2It$xNzSN- zo&F2?7V>v2McNf8?x{*e#hGcqgXCuKZA!^i!f;Ur`0U&3=pxkL)`XH74DhB>C)D0D zzePV_izk4*sRxNtY^y2DRQJ^bk6EVY>4~)6k@uGAFy`yOHL&`%d$UG$xN}5Nh2(V@ z;CdB}lm_#j6B_`zi*K|&J9r133|zL?rbLZMx~VC_fos4>1X6b79ws`D4|{6(x9f?h z+R4}%kMju7A1-cF` zGof--{hBj3vSo6!%3^(12sXO%o)cMb!R733xo9W1SgZO{l4;4`z~y+rZgUT9q=>Qr z)xKp0>3mLhdn}==Qf$$lIT8>5CT@d7u|NnDdM-Zrq8S zo~Ly}I44i~_#1ybFybJY#>PV2e}j?VCMEi-60e& zooo7qY-rKi=aPiq5GcqJKccbwN!EtVgfWgQWrlda{o&KcHEyU>XmQD$a1uvJs*qNM zNl~8u&;dJvzNZnxWp!}}ohRl+3>t}cJFGnnK?F?kWI`L;_y>G=^1&S1BGP^0#SCJl zMfg|k8z7#Dq5xhzg7>bH;3?J0ZNJ+BE-E<|^J{*x6w+k44_m{iMQ+9j@=>;PI$8!t zGoBw;f%eGz;hE!(J1>l{u|3x!#sJ!Px7e$YWPh|V+hkVoQxa!tuYUgzWDkLF%=<>| z>{npU2CvQ)swrx-u-}z8Tu$Go?o+QbMNIk`pd4Bq^18EO?_6Fbm6X;XadW&O6HYUy zJ&BSJjwwAj!=Q+Os#9Sp9-P{3&LsPg8ysLJ3;db>#?DN+XjnV&0KUtVqo}w0pGV>! zL+zN8&@uy6SnK1%W_6m^=!B08F`N5_L44~u< zaa-$@nM@&WMO;f57DO(74N}e2%m=g^6ruZqW!dZK*GgDFP$cRyl2*0Ca3{2fmO-&) z6;N4?9dh-`Rt$PcKa%m})|XZEjHw9TCP|S%*)K?_kQm{;E6_$SxGuRcpzW`1i`af` zE#uO?#Gf~r7kWVk`NCs1vzOMzAhlDTr9Q&BK)jqQ1fI`|f}*2(TQ5^>pFGtYaL9r2QJJP((Yk9Fcw zUVDUiNcC0YrWTX%(ZT(#(XQmtR9peYZWHMyT67Tk%C}@#jsD)g??z8q$!h#$f~CcE ziC>J2Z`3A~h!Y%Lj)oOKe!=EROu`eHdST_!wL|V32i&Ryxhu>M0i$z681B%Qr7T+b zke1yu!yr%QF5AX!kIdH|9q`G#lG9|`>V2w$>1w&^*@7)-H+A><0p&GS`Pf>Q`^jj3 zRr~7`H+LjwuR!g}8q6OcVv+II`j}XwR%O2-2bcTI*I&cW62LDZYK~!_;tTT8$%q?a*5Rw)<=vR{es!OGk5k6nxEEvz z#Fe)TGk_-fIZI$kgLsRSYqhXj z-f~>|qN=2wnIg9sZ&iIwEhjZ6Gh+!6S)oK!n-)A7C#bI060_>zqWQSNWB=P&t$Ibx zX0NPyhQ8phMk89%D;R5A^(KK70t_TzPvr(F{~G%lvHNjv#C>7HdqsEY)&Ka-zaVX& zACWh9L@7h@XEpJQ9YjWQTu$SD6WKrifeqmexKX_xfb3qYm})&yUtu%#p|;Xk;@1aw z=bWUBDX3;}{l^y*KXY;knD$%1miQ|2LFD@v45$*2{C&$J;NOw_JwzoWF$|+tY54DW z*kIn36CR_0p5x&9^|ka8V6JYRkp~zqL@AHwLc9djj@D@TB;jGJYV1{4Fsfy!*_i29 zC`Ha%%$=|qIZ*t|)&P{s2ux`(kG1X}h(VlzOnB#Ocm=4kF!bWYIk^meh-OW3zblrz z1*)wOFJOn_(5oF^juM0X6Y0%FC>a-Opqf<%Y@{5vTk81l**uqQ_VZ_NPY z92CjN@qDJp*#Y(jw4Ow>&9}0dUbh#nC`*cA2V*#bQ(iGQuKKG*saJdC7pV=Dlw{OV15;# zQxwWF*Ak)@Rs_@ic1YrAQzE20;(M?B^TIxFap3G)g1svPgu&6RQETgtINnk~2pI{c z4ZJ3$ab5Sj_(J_e$h|Rtvyr5IHIgBS4VNWQctb{-Id^ z3odz&oMFDHD^#%gZ;S%T40$ci?pUw`@n{>se;WqLkSo$Fpan-FV8$mgh=5qa1<;@) zA9#8oX)1bnZK_G$+gya_S?eoM)~p^hBVt@q;Fu)&Wy!q6^N;fcSQ+c;!9_4XR#W@| zSsqCHPeRb6|BCqf;O2r0%NiiGj)HotID`P-@YC=zJN=TUfl%ST0g$r03ra{Wfz9Oqv~z9?l9wTUlS*0^w4BJAODY-6n7@Gs2p=}7<%jRWJ!z7;CaM={{u}l`pU`TMY_2Owpam*}y%9|I$NK#}3^pBN8Rv-QjMpPY5iQ~&R2GAmWUawC^xpFIJC6c0Rc>fM^H>y|!e9B;s}dSOCK*+c(yaMtdk$)r5@J8pmCit9b^58LMXV_Db)z*txuKcBw|J04Lk z{`}ZqGSamC6EB{%u;V~VF8Ob}4d6qtiAjTzrFVe?M6FpbOoqN{=5({8$vYVPa9_dr z%Wvz7e*_job`A@ii1J!MJ1D@NfWLbBPO->j9{sP5<&|6uG|$9t;Z$NT0i z_};_lp!b)(#D`D5B`0xDsK5s5+@HG@|6b4N5 zEOo1zp&*$yD_4%hoPBedUIAwhuD$4YNsu)Ugc@$=Hc@665lr&06n;A{L&3K&Fs?pf zT=;|D4{3j#DDiCQu=T@R-hsv0JIZAy=YOvKdV0Itt3Xuj`C_$NNSyw1oxG=^fz=NB zy}sln?oM^z=pKALj;-%KPxKL96mI75uLSO2&y=_TWJ3GrwhDlwv~&Dx&aK2#YPq%k z4}D{$$e+qZcYPN%_WAVyDHTGxDYvcTGgvd_lWgM&=oqV4r^HxM+4Pv6-g}yY?%E3k zg&O3VhoIwDp?>8 z;^>XD68C^N@z*PK40(Bm#4+2)8;NNt#UC2?yH+esiNBg?3D0PG&)<7DBuCf%a>H*2 zjat;88%#ZY|5zsJy%trBy-Z&wfq|YR_uRhPvYUD^+}(4P=akp4Mi>;)hzJ&cKC29m z?cq{_rW;IhY!7Q2zqTFTL#Ix8Hq>VToz+>cH{6a6Ug>=%=^T0uqh@PZb-G54u3gzc zP@v(VnDeIo@Oru4doz-J39k_fdiV7iX`IAWr2NIhh;xSq8mFt7FZ%qC7Y6{f!D5?w z{wnNv-x1EU#kz?A$Cp94=#^|^)O$&UKxAxy7vYsaG3wYwPy2A;jiZuZ?Qtc#lG z_s}ey!6w6c1jie{zI$jGL^wVxn&axm5dNo7&S32>+VpD=fV?vr?uo z8|o8Rzky4bSV%PrUFdQSN;5g*Saw;>6Mcbl zi_{ne<>unJ#RtYZOcjMDhic^>Cg1J^>k1ocXGZStu`?wni|YS*6+S{&VTi;K3|Ofd zmfb$JAgSGKpC!PMSi`Ab?4hkHp`Gs;Ay9XD!|4;D$UV&nkKQfJ!C%6-%4nZn$_Z99 zR{Rw}0I%?Vcn-)4GmYSNaF3l&I?dT+-C{^IW7$wilQZQ-Fmfh{bsXEm%?!6(!n`Zl z$GOy*$%t(a9?s)4cvnmd+Y9EL`cIzzO#lJIMIK1>Y~5SUK<~_Qyo$O8p6RA%%$Tg< zhm^WNiBRB-p(V+}aAl>3lqFYmd=V4X55ftp4vepaG4^JW@-8BC)V^xp(Kb?(FF9r>ddQJ+7R4*$}!hRcpG3QS7|l)*^kBiHU)o8rLmG2C4!Y= zX>gP~r+;5&w`CV};Y3fa^cL4)x6xnK#j9nhUa9*zRx-M)%=EeO9PNrL=-qxZ-*xoQ zDajg?_tM`;hkSOlruemvOQix1aj}6t>pR(>=`rZL>I~S_D^j}+-pU5r?@dXb53B6-& zM%S$9fz0zD$B*W}ighp|Hf^AYC0$L=p9gnVmKbqUnzdlkqFx0d3%{9veX(ewo9%d> zc+nj7TXmJ#uzOeSF2^jjxych~@w9}`e0Xt3!VP%GwR0}pt+&R*U{k3~T|=Q2PE+2LrVrOK*D(0WPqWI$wwAK)wY2xqsD!t1 zOW?3GGFEz#8zD7+b%`Kt^nSLoe(b#X14uOmwtZv<+E4E|n*z`?7H*E;E z$%7sv{S8mG8lL2@7M?QdQVoq_2mF`a5u2ap(;2v0=$JfP z-))J8&tK3loS7XFs~3INJGJmX%y8ACPTP;OA6;t>gq)w0tOBk8HM`+V_*}VMP-#8| zGG0hJwrhBRbt~WL@DZ-Ra#3Pl(4%0#$!U7mKiHxxZ)-y)!A^2My5{iPVa4RB-wgpa zX|R*CPHFJlEG5biUfk%P{{oh0`)I_SCH%D#IqL3?YSCx(GFhGVdS@oH8pysEI@S4%r5f3* zZGE5d+jzhzMlX}*dulBh@0;jZQb=|cBG=S`C=)!N0rVKL1U2E|9D_cf`rrr%dYIlG zvkw;msg7F!deB}S437q`K&qK%f&@rc@#5oe zxdI}$^V+c{2A{LL%oEmkzPj`WZ>dq|X^2&Abyav6G>BH%9PqfV6^y!#u(%kckw-6Y z4{vqxdUP#?R>$R#UTyBmWZySWzPJnmf@OdQ=S->Xy|8ATUp{~?*7zWMf$hGC^S7@F zqck&U7TKtw?e&?UXC}cXe!s`G%!YB+M*as%;a(%%C+YRK6Bi+$w@=xLGG8h z5CC!vWz}m{CjrSozXDWX=-V1Hq%iME^DVa+?j;x5?54gTSqSC1yY8*GEQ6SL350Dx zNR&$VZork$BF_5l4|DCYhM)vwB7oBD1^|(JcW87%r1SZQmqQH#=!+J+3-Xb3m4 zSnSKLuOqZsK$WMKLD`Mst>yII>&o#Wt`+$ptG5DtWpv{3z;P5HOUtpwN$d5zou_Yq z>8`}^C%JEFO;ms~lJ(c!l#k&-Si%4}jFl7nD~=Vwg>@OTLA+Q6btye=fNBPBc|pm@ zr4N4?&Dzw=hSloM*o%-{QUYpHyXPIYu(55zExH|D!40faI#QekNhI&r+>&@5`yKb+d$h~VX1z_8 z9YLLrAwbTtw65PlF*tsCwgu=6T0xi*z%#Z0v8QZ=VM}N^=pxbOv9~TQX5>%Ku*7t@ z?VsqnQsn?RB-;-3`tzNM`T7kWeD(`UxRG*mGf$H4%3-4m5G@4cQV&9CBFHK465h^# zR%t%id5nT_>HSupLhY|s061q+5HQJga}4sgNlviMXlXU7#rVyrA`iDc&_;}Wwt0>M z2$wX~0Hb5~VlgM@%HtKm!`GtQ<1}N9;)? zS43ge9KFh#3#bl-S~81Vj^QzV;|`83zW%N(td=d!avbakTY-}+ zFAt`7S;=GT-RB6YSE#%~rDn1_1I5cpv(sn%CO5lZr>o3#e9>5KOP}~n=C~A zMNPz{zkH=XH`+Qqr3^MsaQtwB)oC~k5DLfJkXcvDxRSYbgwN+UI+Pl9JdDpPZl=#3 zobvTqMiWuU^A_~;(C~&xYJD+7uaG0Nc?&IU|6!*5J9Pj}bBJFHtEQQEf+YS8VuTz# zawxOMZ>N)WcPT>Mu-a??B!5!LTYsrT?MmENI*g$G<>%EJIpoNKbyk1+xwguDG>O~wBn3&IgA3&}pq@llJuuTlCR1Ce->e0&nBK+? zh?{QaVIkIMnbv*&H5X8ESpGkeijainEr7B8aA^(a_W zRj%5ZR8CaO1gxm2a!&T6RWaRvoPU*Q1BNgAgea+2pW@-0f&UO6m}#KOjh z^ci`6Z-<*lY9LoDt$&aX| z=VE?L0}Fe37H-JzZaTh^!=0aEGdCZiw#<1d{ndVCRlX#XwW9l4>06IhD2%(?y*a3Huw*)g|fS~@CT z!v=hhW%Mgbwmfpj_gjK+P@4l=)bEBXuWRlcw&b8JH zTw%F=iha`ZOPSYA@#)!I>HT-TMz}NFA1nnm>rd`vW@xljPyfmu1Y-F(RV4(@){6!M zxNb4t%UF)}Zf{$7D%LGiC9~^Wo*~KebFqVJIM#_7>XJmREFo4|w^J9gOBe&Y9W%#N z?W*rk)iRz#Xm@>^_1(mc-E-~v(?KnR9Ml2)lQQ6-cEVm>$>j0_VAzwm)?{`5+wRUW zgM@5uBPoW>Z^78?&)Oa9__UK7u^2Z(;mQH}>lRJod^gy}_d6^>bs5kCI3)k%t~irr)8f+oH`3knk-HjI!1l5NHIP9 z##2#K)!BXO${SyuNUSER3|*O0OR941J+#82g|U~DYC+{@D2#+)m=c&zFa+`TP!Z7X z3nG*5@&(ayR)9Fo#{xj8&fD$#_yHoP0+N{4Io%#8&I@hL|M{T?0g)_x4iIW=_CTBt zgNAkT^Db;Pm)*E5>y<+@^c&K?ET@sdsjmd zys>z@d%#R)t`ToNzEvJ5j>w6!Es6PNi{P2pES$8DX1mD%OY~jQ*E;OiElg#7Qluu- z&^{w1$*6x-G06h3n2RkdhMPeSE0cL&*6TVDQ_J>R2lQAoPCy-Br&+bCCH{3R$|lr$+s-AekKj?4C4t!1o;}Hk2L(eYN(r zp}bkfNe_I##xl_HYj$4%U05!*r!9)3R3TB&nHDNB2gO#&g_dqYwmsDDt`ann@>_}h zm4^&Yx-k?`q2ncmHjVwv@z}N`dC1YZvxKbQ5R}OTM|yQ@(X4rQT z$CXE}AObGOA_O@Mph#ODX>NH4tN}EE?3EerB6BGOLA!xGEpE#wGoUJJ7?6F+C_zk} z3tom}FbKGru_Ym+Z^)8L|ZHYAlLzTb*bhBu|t9#r?@) z)be%>kO#}axB0$2o5BZrj!}S<_~&9=ffnOGcE;>Ta+)u0M*@5Cel8y{XH=NgEgQXvx8f)EnoAP~wTv0`Y3e`D4{Dp|t9F>? zYZz!~wWRtUK%QHds(PJCe{4PIYATl@crfpI(4so3jnCqahoOC=x|Jr#xZpS~gb<_a z(k&HBY`1FC6&>7oUCrr>{N3gzxd+g_iXB-37oj+WZ-kAv>*OB*iwubSR==6!2U8VC zz_L%x1JKpzSr#z^a|Z2u&x5x;-32L7b$$L7 z8d4>T(*DaI%0Oa&(u4em7j!JkBlnlBJvW$(xZ>0}1$A(J+2NdeMFw{&`n94HL2U)S zBtrl;m2y-J0ScutQ{m(NwI&MVG0|W}tw|BrtwzP0>Qx?Y5Cv5>y!c#`s-oZ zx=ax>KP;%c>o+GAqeow~BnPYC^ETm3O1Kr`Q-$U!u-N~wgQ?r#7-8S08x`%^hvOR9 zakQPuQ5RKOWLos^A7&2OIox4vHzCzf0=#Sy3b|al&p>fJCKL8AxlE0;hmsqkwm}h>hw+bW zKeM1VYJgZ(Y5N1x7S}zYWcaUJp%m*i-HrZhYx%6c1jpRHB0e(i`C>h-&xz^&rya0E z9q-1!=EvtD0*Q)6uXukXo%?nWI6`fkFp{Od@` z18s!VCbI-d*v4r&S{E6zyxh%}FI9H=mZKHfV*m~YqlsO7@@v8$c(^7tIHwxEf-OIo zB4_U#QNhP^>fP+cb?)yc@fne)8M!{>+Umvbn~BDD=4-GF z0}a=u&EN9osTJ4 z&h1x3ww&2g%<$6KsJ-inRS{FG|39W0_{I;*4TRnSKwW&Y*#;o6!6Xr|ykP8gm42Ge z3SkQ-eKC$4cs`0Ab7U94zCVpC#jEJxkbA_&-@mP&szJ(yB&*XOpZbvQQ%?{Z zhm)jHkzQt(M#TXLnK76(YSmf1uQf%PW-fRK1n%cdcoxjy_(558^Tl`c0nO*ck{|8j z9&PCBH&0L`{Nb)6u8W6Yx$56Rzllik;!00{43|obQMc49&(NvFQ6b>pw^GU!!!I^j zG2jX}Z+^JeV#nL_vUi~4t)%em5K=!UX&xmw}{m=Y~Vc4*#-A}{{0SOs(xvfDlxfTNH{ zLdClkys%l?H|>?JKb6SoqSti$XON;1*OTo$klFv`MzwjX*Dq@aEhRH2h}AgXDn0|f zk`zYAi)uQ<-Nwev^fb-%s+0xw|2XbW5QAv7{P9!p4JMK|bUiOCuaY5ecFcl1N7xoS zF(3TfOvs^`OtIUNgD;3eGhvnJZ;O>0bOq6Us*mbTuv+g~tLuV4oqem^w602IV`zUM<<1ct zvXf-1a9)24IiKu`O0;V>&0hY)d;sA|Xg%EuIgA1O0)KCERdJ6SiRw~t`5Y=bZIFC8 zU)rVB7S&L4xaatqL%;sZ)`YR5E5S3l5~1Au?X^Fn3DkvPe{Cj=59|AR3!tt#^J62U zsQ9wY_Bs8i8}j%n47p`Kel9*1Hpy+&Q9Rc%P%2TgVvXa~9W?54?x^2i5n9EKeWx7} zb#+)5{m>~mP%a@oqU_IParSDA(;5f-VB5IOj}i`FPlznH zWKBpiac=Efy)%22Ut@Jn$ga`1VjY-rVKkmk;;k#PMGn6@?apLKEKNzXq8JRDHx7%W zPHU*X6vVfCD~s={;oKJk8TZB!nG6>Byn{TE-?wdgq=+Fp=~u#;Oi@$S%Te`Gl=t77G+WVblMd9jPmSsjVr z@~*MfHEoR&aQfEe86BQ89J?#KtCo{mbxXZsTa_Y$t44=AlM?Z?9G=rt4I^1ogDy^Jd3?C%xv#4F;Y!)*+nN*fyk=h!w^auu3PERhi?%4vQsBnF_mjFa zWo||PI7m$XXeshs2&0tK!!A4Fa6;#(RY@~0&(dzL^EOG@1*zC>o$~PyHJ+fQtXuUC zD&FZ;mE;EA?EnNnPxycLr@s-(l^2QJC&0Ug6D!BR;+psH2W&b7!}y)W2Fs!H=gV>L zX@?UA=SIu2`bhtjY-oL;8FusyJ1K#QpgNg*xI2>MX7mQRR8-3FZerZwL$R_}C>u8+ z^{H2N3C6<|ZQoT<@7iZGYJ}sf-vO8ZsR$uyepc{U(wI<=;(ls_=yi0QdiE;~qpso_ zrt_<#2M%4GkqjT&Y`@rSunFO6gDeMf?a~_^j);K{#8G&-vJzn-++~zITyImbe=*OQ zdr?;7CHmO!GA_cKh(hf8^PpBhb{5~Kaw6z=?FJ?f7KS0QL+|x*cV48gyc-3EZ{xgaPj6vK_II_z!b9<-tc;kt zFiud{N&dDKwvfAlr|6hz&@su3y9Zo*d_viS0`-p&(uBlkarx&EPvBYOxf45j>DAU< zDi$@C6*8mIzoh~|S6C4uqyNnX1)Qj}n!umhpBS9D7mE($x>)6)U11UHzPZjiP-c2g zr}9Dgqj)3T@1LUehk>_mYF=2bK0@dc)t}za2Qf?2w%A`2av-w-qFL$I4@PnS?j8Os z=wCkcqQ^)&Yn`Y1<=FT5^aUh4XUe1_#^1_&wp2n0HX~0R&tZ=|Dsq^++=Q~y%h`^r*k_z_~Kjp09OaK4? literal 0 HcmV?d00001 diff --git a/docs/eks-cp-logs.md b/docs/eks-cp-logs.md new file mode 100644 index 00000000..a6671bc8 --- /dev/null +++ b/docs/eks-cp-logs.md @@ -0,0 +1,292 @@ +## Streaming of Control Plane logs from CloudWatch to S3 + +We can use a CloudWatch logs subscription to stream log data in near real-time to AWS S3. Once available in S3, the log data can be pulled and ingested into OCI Logging Analytics. + +The high level flow of CloudWatch logs to S3 looks as follows + +![Control plane logs to S3](./eks-cp-logs-streaming.png) + +The steps to be followed include: + +### Create a new Lambda function + +Create a new Lambda function using "Process CloudWatch logs sent to Kinesis Firehose" blueprint, preferably with Node.js 14.x runtime. Once created, update Lambda's *processRecords* function in *index.mjs* file with the below code. Take a note of the Function ARN as it would be needed during the creation of Firehose delivery stream. + +``` +function processRecords (records) { + return records.map(r => { + const data = loadJsonGzipBase64(r.data) + const recId = r.recordId + // CONTROL_MESSAGE are sent by CWL to check if the subscription is reachable. + // They do not contain actual data. + if (data.messageType === 'CONTROL_MESSAGE') { + return { + result: 'Dropped', + recordId: recId + } + } else if (data.messageType === 'DATA_MESSAGE') { + // Replace "/" with an "_" + let logGroupName = data.logGroup.replace(/\//g, '_') + let logStreamName = data.logStream.replace(/\//g, '_') + let prefix + if (logStreamName.startsWith("kube-apiserver-audit")) { + prefix = logGroupName + "/" + "kube-apiserver-audit/" + logStreamName + } else if (logStreamName.startsWith("kube-apiserver")) { + prefix = logGroupName + "/" + "kube-apiserver/" + logStreamName + } else if (logStreamName.startsWith("authenticator")) { + prefix = logGroupName + "/" + "authenticator/" + logStreamName + } else if (logStreamName.startsWith("kube-controller-manager")) { + prefix = logGroupName + "/" + "kube-controller-manager/" + logStreamName + } else if (logStreamName.startsWith("cloud-controller-manager")) { + prefix = logGroupName + "/" + "cloud-controller-manager/" + logStreamName + } else if (logStreamName.startsWith("kube-scheduler")) { + prefix = logGroupName + "/" + "kube-scheduler/" + logStreamName + } else { + prefix = "default" + } + const partition_keys = { + object_prefix: prefix + }; + const joinedData = data.logEvents.map(e => transformLogEvent(e)).join('') + const encodedData = Buffer.from(joinedData, 'utf-8').toString('base64') + return { + data: encodedData, + result: 'Ok', + recordId: recId, + metadata: { partitionKeys: partition_keys } + } + } else { + return { + result: 'ProcessingFailed', + recordId: recId + } + } + }) +} +``` + +### Create a subscription filter with Amazon Kinesis Data Firehose + +Once Lambda function is created, follow the below steps. + +Create a S3 bucket with the name "\" in "\" region. You can select the S3 bucket name and region as per your choice. + +``` +aws s3api create-bucket --bucket --create-bucket-configuration LocationConstraint= +``` + +Create IAM role "FirehosetoS3Role", specifying the trust policy file "TrustPolicyForFirehose.json" as shown below. This role grants Kinesis Data Firehose permission to put data into the S3 bucket created above. + +

+ TrustPolicyForFirehose.json + +``` +{ + "Version": "2008-10-17", + "Statement": [ + { + "Effect": "Allow", + "Principal": { + "Service": "firehose.amazonaws.com" + }, + "Action": "sts:AssumeRole" + } + ] +} +``` +
+ +``` +aws iam create-role --role-name FirehosetoS3Role --assume-role-policy-document file://./TrustPolicyForFirehose.json +``` + +Create a permissions policy in file "PermissionsForFirehose.json" to define what actions Kinesis Data Firehose can do and associate it with the role "FirehosetoS3Role". Permission actions include putting objects into S3 bucket "\" and invoking Lambda function "\". + +
+ PermissionsForFirehose.json + +``` +{ + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "s3:AbortMultipartUpload", + "s3:GetBucketLocation", + "s3:GetObject", + "s3:ListBucket", + "s3:ListBucketMultipartUploads", + "s3:PutObject", + "lambda:InvokeFunction" + ], + "Resource": [ + "arn:aws:s3:::", + "arn:aws:s3:::/*", + "arn:aws:lambda:::function:" + ] + } + ] +} +``` +
+ +``` +aws iam put-role-policy --role-name FirehosetoS3Role --policy-name Permissions-Policy-For-Firehose --policy-document file://./PermissionsForFirehose.json +``` + +#### Create Firehose delivery stream + +Create a destination Kinesis Data Firehose delivery stream "\". This stream uses the Lambda function "\" created earlier to extract the log events and partition them before storage into S3. + +``` +aws firehose create-delivery-stream --delivery-stream-name '' --extended-s3-destination-configuration '{"RoleARN": "arn:aws:iam:::role/FirehosetoS3Role", "BucketARN": "arn:aws:s3:::", "Prefix": "!{partitionKeyFromLambda:object\_prefix}/", "ErrorOutputPrefix": "errors/", "CompressionFormat": "GZIP", "DynamicPartitioningConfiguration": {"Enabled": true}, "ProcessingConfiguration": {"Enabled": true, "Processors": \[{"Type": "AppendDelimiterToRecord"},{"Type": "Lambda", "Parameters": \[{"ParameterName" :"LambdaArn", "ParameterValue" : "arn:aws:lambda:::function:"}\]}\]}}' +``` + +Create an IAM role "CWLtoKinesisFirehoseRole" that grants CloudWatch logs permission to put data into Kinesis Data Firehose delivery stream created above. + +
+ TrustPolicyForCWL.json + +``` +{ + "Version": "2008-10-17", + "Statement": [ + { + "Effect": "Allow", + "Principal": { + "Service": "logs.amazonaws.com" + }, + "Action": "sts:AssumeRole", + "Condition": { + "StringLike": { + "aws:SourceArn": "arn:aws:logs:::*" + } + } + } + ] +} +``` +
+ +``` +aws iam create-role --role-name CWLtoKinesisFirehoseRole --assume-role-policy-document file://./TrustPolicyForCWL.json +``` + +Create a permissions policy to define what actions CloudWatch logs can do. + +
+ PermissionsForCWL.json + +``` +{ + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "firehose:PutRecord" + ], + "Resource": [ + "arn:aws:firehose:::deliverystream/" + ] + } + ] +} +``` +
+ +``` +aws iam put-role-policy --role-name CWLtoKinesisFirehoseRole --policy-name Permissions-Policy-For-CWL --policy-document file://./PermissionsForCWL.json +``` + +#### Create logs subscription filter + +Create CloudWatch Logs subscription filter, choosing the appropriate CloudWatch log group name. + +``` +aws logs put-subscription-filter --log-group-name "/aws/eks//cluster" --filter-name "CWLToS3" --filter-pattern " " --destination-arn "arn:aws:firehose:::deliverystream/" --role-arn "arn:aws:iam:::role/CWLtoKinesisFirehoseRole" +``` + +Once the above steps are completed, the CloudWatch Logs will start appearing in S3 bucket. The logs would be written under the S3 bucket \_aws\_eks\_\\_cluster/logStreamType/\/ as shown below. + +![s3-partitioned-logs](./s3-partitioned-logs.png) + +We need to create and configure few other resources to enable us to collect the logs from S3. + +**Create SQS Queues** + +Create six SQS queues *apiserver*, *audit*, *authenticator*, *kube-controller-manager*, *cloud-controller-manager*, *scheduler* of "Standard" type and note down their ARN. + +**Create SNS topic** + +Create SNS topic like "\". Once created, edit it to add six new subscriptions, one for each of the SQS queues created above. For every subscription ensure that "Enable raw message delivery" is explicitly enabled. + +**SQS access policy** + +The SQS access policy is needed for each of the six SQS queues. + +The below access policy is for *apiserver* SQS queue. Update the name of the queue when creating similar policy for other SQS queues. + +
+ SQS access policy + +``` +{ + "Statement": [ + { + "Effect": "Allow", + "Principal": { + "Service": "sns.amazonaws.com" + }, + "Action": "sqs:SendMessage", + "Resource": "arn:aws:sqs:::apiserver", + "Condition": { + "ArnEquals": { + "aws:SourceArn": "arn:aws:sns:::" + } + } + } + ] +} +``` +
+ +**SNS access policy** + +Also update its access policy (illustrated below) to allow S3 bucket "\" to publish to it. + +
+ SNS access policy + +``` +{ + "Version": "2012-10-17", + "Id": "example-ID", + "Statement": [ + { + "Sid": "Example SNS topic policy", + "Effect": "Allow", + "Principal": { + "Service": "s3.amazonaws.com" + }, + "Action": "SNS:Publish", + "Resource": "arn:aws:sns:::", + "Condition": { + "StringEquals": { + "aws:SourceAccount": "" + }, + "ArnLike": { + "aws:SourceArn": "arn:aws:s3:*:*:" + } + } + } + ] +} +``` +
+ +**Update S3 bucket to send notifications**  + +Go to the bucket properties and select "Create event notification" under "Event notifications". Select "All object create events" under "Event types". In Destination, select "SNS topic" and select the SNS topic created earlier, to which the event needs to be published. + +##References +[FilterWithFirehose](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/SubscriptionFilters.html#FirehoseExample) documents the steps needed to push the logs to S3 using Kinesis Data Firehose. diff --git a/docs/s3-partitioned-logs.png b/docs/s3-partitioned-logs.png new file mode 100644 index 0000000000000000000000000000000000000000..595ba38d7263e8fa6e9fceec20e65f4a34b44b2d GIT binary patch literal 78945 zcmeEucT`l%(k~(if)bP^PDFc02+SjHQlt1k1t<___3A_p~%3^UZ}6*iV6( z%V36YJA*iFC5sK&6x5R;t*_0uV3Wm{u>JRo&qmdX0#qVcdF%nPfFy)n_gSphNZ#l7 zF@njW;;R{m)2hkp_Og*WNKw z!1EV()MZVAJm77QXMet_xE|)8@-^ojx1CF&oXLpFL!)=s$UnWm8!4+I?>F7%xoI0} zDLJ-P#AQ4meT|ansnecqt};CH?vlJkMA3yE|I)isb~(79+V!RwLxlNl{Fv*5BGdlm zjSfd-_~NnCXE?=g&1pXqJbs7axR$w&oQ0wy7Axi&AM0AUH5Lx$>Kf)ljrm|X5Y zGsO9x@{9hf{y$3o^TaDHb^g0{Se=oTJ)vf5FtVkt4e^ zvc!rX@UO}MTPDWr@EJ_>^1J#a&rZfT zxuSwXH6#GJ@JKN&V_fdCdX=e<3&gnNJWGx~>RD+IuMvQOI$r75JJd2MBvWiKc+OQ# zmFZhXCO?_A?vJTm%52;>D^vagN1|fnJlaDk=R+4bYNw6%W5O=IoZ4o6w5dtxiD#>p$cuDVf8h87?;0#oF>}OvBi&;3`*wm05s>H-6JMuDnmSRdD_4 zF#c42D`{}4%U#Iuq{4aiB?ui9j-oJfYCo&9tS(5cI~kThN5Ba^Wqige`w2Er8&N|b zSV?*7kJmYXC4|JqCK}?5ESthSlKa;1ASG^Ho!zWm?#rmdPsiJn^BkLVOdC%MlrkxP z9Ohxo_H&9;x;BGPG=}PJfsKpZQQ5K9YW5`&V%z9KG2dCU81XkfwDVl!ULg6Hj0|;x zansJQs3~M*Yd~Bg+r9&gNG$Iu<#5#%xtTG?NFR(Fly-Z8G>D1g+sMw*VgN-Co$spw zNrU90p-Kt#dB1!Tvx#N4dw2AcXzR$7x4{ikB*2$Z+k2;i7ZOyU)>P$YcpSS33sq{XwPl-sC>Nt)ZSNTj>%|YShxLtoG%Fvp@_?=s7&L7_4x#Ae_Le*;lMxV&Mxq zkE|+IXKCKuZPGkLevyu}pR2Lvx7-sg(JU$8vzz&5Gg+Ftke3=(4ykCbvs+w2%7~D` zJ*+;nX_vXob1hg5q?oMtC%OuGZ|mp2yv;5o6rfK(SO4iT+Pat!sFW!@Rcd{=M59Qp zz@E?tXFeq(gN(;BdOK6E-l2uQ#cfN?+11u=wyMiwILoZsVwfNII<U(YESo43&(b} zZpDBY7lii*QqIclo!T^OFR1nr{{caD5W1g+_|fUr*`@X$)(uS$Qu?!NV!3ZtWM8bnpGiSI?_6Et$UaJb##?E1 zavyNS-E?1!{X$|0Qq6q_HeN-m9LRlQPG{cSq#2|R=!F+xUqyTf`nB~I(JpEv#chMhfM zRE~g=FO&K@qV4iLeZff`aqEa+W4v*^$YVOw^Nml%{^7=a0jd~vB?>mVj-NHqLJw)g5Rwk6M#fc&8EXs%-pfaPa^ddel9=@i? zQWDw>2AeC3UcTp?n#+;$&nDcdLCJ6|Uym+EW^|HT>6NTrO{Q$o({1r-DO$kR#RJbu`RDMjKe^9G7N!QEO_7UvUtzy6RV_8w8kg6FyUQEE1~HGvI=z~P^nsRe;H*aMwcago)&NILiZ>ixfeJR$cq0{vyJnjv(o3Q;3#}+yey-C zwuW)*uqQhLC*8>FlFHcl(?+3b8nNhUg`=X1RIo+JsFZsw~^?pNIcwP(DDrGDKuT4tM^=ki-!p|4bArL zCKBG1RPZ=9EMl(O4kOs^`^mUIp8Yt>Yi?g+P^nQ}Vj-%V)r223vXG$qC zS4p}ljn{hDWpNTNZAX65a5~oS56~j+V-+t32Plglrm)eqv_rMjVpZkJ^uzSYo@5Vl z<@(ltf@;#^1evjOCvc&r?b* zxt_i!ZJjYLwXWXQ)`*_HI8b${+^YxEEfYY!gqOds!m^Nb2c73|m?bMVHLzb%8rv74 zRL-cUQzmOOsTaW0E+GfD5(hwz)E$i zci*BA{XgDt^^7VIl6T&Y4_Kv*5$e|Vu5em@mM&ygFj=NAaL)jc{Y&6BGPoDlafpUe z`({h5-5n;m^8J1G{kNv8Ewg+VjeH)Uz%+}3hIeZ@l_gp}@j1+lMC9k`bl$k#kvsG5 zL)%MicY^37PGgQvr`9W;&s)h$f``!k-Ky+)A+)s#^${2il89|p++ZL_9Npeo zqWAUI*a0bHh!Xvb>JmeSM!j0BhK6cmU4n*pBi&1Q&iz-_F(t%GLK?w&;ptjsM19Uq=ZaYEQd=GsqG$gS2t~{DNg^>O^Ye&9m8EaqZimQ~ECo6&PGOi(G$!^Le$_?7k;ti8M35&4**{IqhQAOa|<ZJomRWR@~`6y+%Vlj)_5!;{2ZR>5)`t;7ZA)K6p_0a?jr z0?i+x*@0X?HKqBEX{Lo_+N#fwx6dG;?ae1&6VhE>9EMmpLxUrwNR;MtP{lSx!L~Cx z+V}ai)V^s-qxM^mJm@bZb_T{7$8lB>TjK(oyyS6@uVN08?F3{#0FIKun-VFw(g7Vp zF=0eB6sdmj6gVI~VhhK;sVE=^5Jlb6!aRN0L%-w8_WFwfuDsM<89AHw`Tp6VWnV%d zL$#`**=W&1oq0)MGoJD~Sg>AUT6Sq;546`y@@~8aBLS|^fk{(8;pKO$JZtBw%CJHU z4$IVd7t$MB0@}Oka#Di_0fb?c-wUb1`0;eDA#Y7aI0dq8Di~$k4=Md1al=0XFR4;5 zGOC9o-0)}#C=5nw6%P0u4mWk?3-Fx1+1AZ7Bm1~YU=ULJ$?IOneACwa;w<=-Y~fmh zOXP;4eE9gbH!_tJh^=sL}IZ(zA|oL-*TGcmi~ znV6V0tI*(DpIl*hWp;r4aB9I>C|kjvPe8IPkZ)4A0BxD&+{98S*)Rs%JnsF006dQD zZt0pF%yo}R4$jaS?Zo)YL$c+dy=M03Zy#}gb0=H#7)Y&dQL6ET_(EFG&(jaS_#-mx z+nd(x+i`0j3cBl~e2SIX7EjF6Mu|@Fw;^M89nuR`X=T{7#TgeEjG=1QLBs>n5>h`GypxhrQJ$LMN-Ike+2*KS*f<8r(L0d3Mrg0 zQ2eC#d4WOE2d{x*{B!i>{@lT~#ikZOPTI{i&GhVrvTs+Swv3Pe`HygnB|$B9jT6>6 z3*4;2Hd!#_vck>Mz?;`L4%~r$1}C*EggPn7*RD}~(NJGt*gg=w6i{&C!T04#b+l(7;yidl@^!I!S$*MU)IuT)HjbulHDO zXdE9b8@L5&H#=8vmuuCB+%JqW0M?UfU$|K2U5Gy}*Q*tFd9~R!nrfMyY+c>a2FbgB zL$Z_SW^nbk=ZUW6xtWk?hQk$1fTTAt=vkoYXy==TQ*9;wt%gwJ(N%8pw%59m2rDIiF6xu7kELZq=^@E$p-M;DHE{# zYRkfHLL^MVu6Lhm$5Go-Rg2}~EuCXCf7vQjiMbc1vS5Z;!lclv`DuJMr&7z|Hsm+i zOY_bl!8OReEuqff{Yr7o@~Qk}L#kOsW%rN$078l<2h|#H1&v~JOhaK7Cg^5hKgQds z20O9_lqS6IDGk=srFCUH;-a*zDG#=jLIsa@!VRSgk3bogG2$ohh%Y~SmK_w!g0PvS z0E+G9fGuz?3TV=w)J6O~w4UWu(VC7xWy`Oy+iId|vy*sn|M~?A>F7wtP;&n@>rWrd z;!*|LZyYX<-}e1D{rVmKgP1^S-Wj_0{m-sF7M!a=;hF@qW>o@0_Jz?IXbIi~|NqD;Z-PlU7kBY>BoW1xvz`;BrnGsAaD8upj4b&2SR-4oD>gF|Vxpu+z?bEefL}xCv0fd3_;+!QemJHjn;^Fp$}2Z+5ZH(mYn4&!&hH68tfUSLWrtP5>97)uwae+YXn>S# zW7Thki#6w4fwSvY>Iz?Nbb0WpS-*V-$JZjht|M7e?r<2T7?+d^FSvNG}l zH0F2os2WXwPPBcv+GLC7+*^w>=z_^Fn`6LM{eD6Bqm`Gt}&QCL%wB{`Nx&dEZ( z@9B|R={oa4zGQ}4;Iw@46jXnj6&N2t9PTMN;E5MV_DbDBHB;a17EW90>jrVl28J!E zh#}enA3pN;>eMTGkHzX%xiEmA_$9IuNTfJPo}x*RZQIc{URv-2R^i0aYBHo6_2o?> zT;!ghmCBohCZKqIbAi)=y-CJ7`H}EGSSdLhx^~b{t?BNx!!FQcm}$zQOX(ZU_c_`< z^C-b>K^5rsci5m=^7DwcnmMhN1E8Y#eP_c?d;<;8PfX;;iO*-UhyYr zElMd?^POfb#+0NGNu}v;Pj2P<48YNIw!pe{ho&x0{Vsh?-2fw(s0rsT znvfdz{v=Vc8L(I9F~8FiKs#fX9X%3oiA$+FtSla(zgq>U%dNAO1jrVHSRNBw*(_@v zce6asiST39R{wB^DR_2m+trX`JCdOO-RZD|IuF_NXrr%sz}qf*Ma&B{z{Bh7P6YAT z4Y;K5Z8w9B+MUJxyKmV}@w&#E_DP^|N|qzU9VDU|#9U`9hsD_y(bWo=0UYB(25K88 zE)+v|4k(SirZ_+=tn@hAL%9l^ZGDRYJ5ec(AB!7aQchrf40f`)b{4i%ew3~EfUo!t zt(E4`RL)FY#DwRrms^25dbuYkE?`u8jr^g;Q^j_$qro@j_L?Q>5SPP8&xEHYHBU}N z_Rlm`OZr^!p)aD1WLhrpu~+66b=p2`TCey|^GQzQ;|ghN7vQ%NeD{Plu9?{b}9K!Ao(RZhx~^g9z42wP1dFp-i7C zaLhD0TFv`68Waeq4MsZWBRN}EdejftW$g_~HJNaO#n18z_q7}vO1G_#7#k&QH21v( z9AYo~3UsWW8o@0;J&Iy%S@b%B$$C17Ovo4MeODj5ULWl23LWhC;6JOS?TaIOSi92b zGFiN2o0N^Lc}0A&8PottHa4f$K7QS0s{&w3$TeH3Bk1eonc2louN*V-<&T619F^6x zm&ijpg*M!pUr4-mbl#!lBxkD=v!E^49QPUzyKYMF54SED)#%YwF=@KNZ{3U%?BjJ2 zM_`P}-RP>_4e9|eSYq<4G8Q%#K;ZG@^m&d_sdu*f6jf_|^fACQ!zW|0QN3Ukl#zU? zKlQdA;yoQ~+TQ;D+#U~Ue2r<{i?A>ufsBy)?B0@|{Out}f+2FPT;}ED50hnK?7=r| z-nbxXJ$vj#CC6Du&c3TF%UHPn=%SQvI-2`z@IhX$Zd+zRQQlq1ypzRz-qG-g0Q>9m zvT)2guem!06cJ*wdisJhwY$-Ddj~A0!&|Dp6?7qIvr7ts45iBdco-#;Gvo7hgGdRsC-5z-E-GIK`LqN9!zI*>J>ln~2 zmW>FELC&TVxmaeXGAPMZRNwAXYQHmTBc#p7hzGPrfpd$3M_}5zFh84+7n)P6F{xPy z*8UI=$9^E&r|Y9v$b&jlg6d^f*9;0j#)P5Zt`$B&!SfS?HnD}XjTpI4Pw;y~U9(y)yVF}|Du(FOvZ=?tm%EY~ zk8TS8bWtLTrXOTn6k5mFZ-MO$yLYtTG{xAiF?(@+X?iI0@t!pX;ER@!dHHfcswaiZ zj8W)LVhMK%I8rEuHurC;fCHz_^5{p`3vb%v10oos^m}-$uN9KfMYQDSdjA>4_0BH+ z&US%yYE^%^KCU}?C$RAl({@B6n|3N)X$K4Q7#Un->-$~5lK1ThaKNI6z9&uK$qV%B zvM;vh^lYIa?<>Pfn7VuD{Cn}dH6CiWmmh&Vs$(QPgeC|~M4CKcEA;1Nc^Vv@M<63I zTRvDsKPO)*3k%8NH-E&87(#5Rjjd2cus(L53K|nZB7q5N25jcZeNsGLUFTi!u=PxT z>ii|JL7U{HuY`L#szCCk*fh1dN^%bNwZ~a*dP|Nao z1a{(H=oa9n+4=M1{_)6JOW5_}Jn?fway)q-=R0hk<@EQ?KP9_X4N1>ts*^EG z%&)iZp3Oop(_H$?Jl`cXwWv>bfXSeHtJ^Pck8NeT2GHFqSiXDJ8~Vwi@>OU>V_z?3 z+W5oT!<$RXRD9I#*%WN7Mn4efT>|3 zL#9C(;8e!HZ8LGbGZWhpR=19IOY0o$I$YqvqiFjUmQK3FkTp# ztTZAK*u26`BVzGpKz@%eKumiS`F6k6IVf%*h-C8d%&eGIl5?3htJlwuBHd&o@0HTD zuGIph>Gf^mjwiK^2FUX4N56Q3j|n#NmHBRsVqj*))gJi;j;3$t@ICXs#KdVb`?T>h zGE8I$1RE@hp=LW-Ax4TEX&aK^CFc#-_H>aci&B^l(qK4=KGe@L>ID>zHE|q zQl-FINogSFu3PIzg<)2W@Z$+!iIU3bRAF5OwNVn#I#lVz zNVWw0u8zN+RvU+?{c_(Ki5^!&BoV>#&*F5x!;;uG9|fDr9IX}!Il&t zB)SS$;@WvNE*K+v@z#IR(N`h2-Q}l?{f{l7^#{{xd)3MkRJzlzQ`-xNoNZ2-Wk=n~ zZlFSjHA}Q)ws|LN@ZRas5_kW7_z9E%)?Iyx*0=)58CNY;PTWL{KeHQ2xNQQM#g!vq zE285f4>zpws>IBlMR;r}SdF|dd3aj$pg)yw-eNe-oJl?jUPe>wa*-4Cf!0vR#J-0@ zTVg(=(bc|yZM&!`R72OlOplKp++YB>GY?U}JZzMp=C@i3v0IjW zR=WNUS@g9!B6l!d0;25zbdOS^mJzxI9Y{6vx#zGJ{AE_GISl$4rU&xKoOHWEu(!@% zrc>EbpqTF90|3^_DAEh|+ICVj8hUuFQvPcc!Kt0@m+33fhh2LYxhvK!Q0n+{x#K>dS0CCo)bV!&El;|W3G3c3LWXkG2jRF|m4 zpbKnVqkqNVzHXKRQ=2@1E{$I>;=N1rNKJKacZy9% z!oQe0Y~G=*AED-Kx^DC6Z$QxU%{3tsN{;x%Pm}f--H_?i_d|%vy)Y*COZc+ZE!V1N z;f+bRLn3NjxdTi-s%zBcJ}uR`fk`;Yc@Ul6k1ZE zS|(lIe;C31Eh(KLRVd4ulju@SNwhtmLO3|#fAKY z8J%BugRt+;)L4IFk{A1cTNgKQ@2V;!al&pax2EI&ck7?3Zvh74rrc~-h>^%zVKNJD zw)pA@UA_By%D)`^Do=+jvgjc<=H-+7SZ3j`tS0bulOYI z*;sw!VSm-XLgRls`zJI0cVzz(p8uC(jJ=yBejShLn_dOM@6zpXSuoQN;GQaQH9Yv2 zjXRIYd2(j{>*rMhD)^WgL~t!t`nRQ$fM~PdOgoG&c}4;t(Z=t6g8dhFuGYik3|_zb zl)sV=$$}+UZmiTfaLqRf@w9K}CtaXylXwdpH%zvxZ9Xs&drih~pzrz$`rp-hef}}9 zY?{(|c6-wHjt8wS*FUubpd6dUJF_CEKq2iQlZn_DVz&ngAhqU8*PAmjd;n0b z8OgrYLzkq{7;SIwu2(QAOLrW~blY#-Zs?5yXszp2r|X2-s-D8RZG-OMqa>{|spv;? zd2#%9U@Hv3tN$j^gRM55c5DM6a{j)v)Tg#M?otF~wtM40baj8?RT+2e}jWv|J z)+`s<3+v7;Q|itgqLXtE&7u-`{ezhT-9SuH(VuoWre55faNJ2Mt8+m4pxaDBe3H`A zY>W};b~>-!)OWi5is}5b;Z3@Zc-DOm`Jl9p&JAP}wki<4btkc#Pj}&*{-|gw$bB~5L9vqy3c#=i{6%0iauMC8N# z^K_$LCh@K&(SD7$yzZ=N&@Q*w3a*7h99&ma*xX!Th=JE|`s)8y37H zU7feKX&md#`;(COEkXN6Kg4$yhEE`l^z&8T)luoE>4qMoXLVh=MOK?NR6J$R&Rjga zkk88$ORitQA;kAh#|wsQl6(c~KTAYalyNjnAAaqGE!lV0J1p3sS}%tlU5fuG)+{oW zp<5hE17$cUEO6&0yYEqD?)E$4ot|;%H1rz54uQ48PJ#L@7E$cRtsNAcx;EoZ8syqX%``KqqTMyQ(nA(?)yPwj1*%SbeRDcal8y-H-y zcVenk*S0Hy2?Wq7R=lu}H=Kg`iBvroL7ESEA&<&g0@4;d*sN*z?cfkw3BQ=h#oVOf z1^(q}i2qZ&jkaq0Q_fsi<6}B_k0YpN~Pe#P*XV=;;52YGd6Fuwe zjs1s!4d2&KU5h;192r(iR?kZ~>phKp7uSO<_&oX zyUk%nRN>{j;jIw75M=9v|cf@~C4eSs&e~P9*fV)Jyb9BCE;M zD{a`fTxTuB+Xf5DxjxEA%%2EY|0soX2$aq&!0L(hYkT7<24A7~g59j$_3}I)cSS1{ z@VUDu!IrVbfY&~l#$?)Av&U3T@a%b9YjT-~rsf#-Eo)7ZlZ(~Zv+X!p&EK-st$gM! z(%|mHwNQCC;JEX|qj6L|f!PEJtFA`_S4x*PN_Du|*p7aJbMxcI*X;}vI{h(OP;nq#BPK$f;<9KsjpDHNAGzky)n(|g7_&$l5m*%ZkPO(3jKG3lU7{ZjyXbc{&23-nNtI(~08B2>?PI=F~UJdGi*qa9w=L=+~rwa zHtqjLF7Q^}+9jv%*#33)#7dT{W8-t7ju+XakirM)|mOFy3nj? zK0sT~Jed$^Hw(A!PhvL{F!a@YtV%1y4vhhOhDSM<0R!er%A@E+ z7EiwFE({5yCUmO5(EoGEk0rt8`l2l2*rH~rQ24`GY<1fV1Q~njw^95-p)PNBs}Zag z<0@6|6wRmYneJF>vJ8ixuTJz86IPhZ_LvFyNk8ppsTiCRUep@!E;9|Ura+$_^nf{1Rzm$t%Dp=3Syb-qI4 zPicL;3&9z_tdU-_ub4IV5r;rlf8{+!jJyvbGI>0+S`ed_b;FCk=J(i2yob`;zTrY1 zofMFsffZ|<*;RSV*-hum2F?oF zHGCKqaZw{jSfDqS<7u!{1T@!79!sO&aDnj26EEFHeT!b*uic&M>5;Uha+KGW}`Sj@;QV(h8+$#C3m0LYey> zUuma+WwyMZQ{3B@ZRkHD&EbN+=+)s}5dDqWZB1Knd>yR(maB9AhyG;5cyWDqrm($5 z7#Bu-sIyeA6FasbDp8^?HIpUk^GXuzX0)zU7TuJ;v8k@%#A}rrP=V~0hKw2$fzeON z^-EJ0Rh|z_$|)!k7Z+tU*t1yAgeUFl>1sw66s%F5G+3A8!E1@1{3)ZP_$@`Fdm zC8nF226#EwiwPf3Y8Uz}1!s7%85p{E8LAF)&qp+e^(+MKVGLT`!rW+ZkkA?=PhVZ# zu)@AF(X~rabAnfvSoGwhBa^1IGQw_ZCZdq6KAy=?bwx#uYup@YBv|{k*tBT0^Lg$| zVF5ev=5_BbbyLfs0h=rZLzFXM50mv(-MiNxVG{j4Xx-XHtI{kTlF0`?DgTqTuPyN(IsiC0scQ{r z9c+_y^{Ss6_7{AJ>wLnQ9`}B{M)A}uIxK9HYua_6-u-U74;D5qJH}PW2~Cywr{2Jr=}K=U?}uOeZBZxy z(~u-q7w5O7I4goT{%Q7L-kTW*gBygt9bouvsjOb5i#heJ-*o~Xpi+Uo_MT10cq96E zU3p6hAn6JE%eA=bz(_v$<=o@Ep$Ph2L#!ad=>J$|SFZ@9Fo?keKsEk92M=R1W1Og4 zSD*41?f?5uR9`elu3R;Rh;XD~z#uqb-${-| zB(jbFta{{sgQ&0n&8v{Vy7X5i3?9Y75(||Ca};&GWV~|wud1;!*CGlwNTYxJc7S`M zFz620ii_j7QsYgAL3d;XAN>y8kpu`}d{dX)u7=-A$C@f;tmu|gZe1O~KVKmTj1hqT zD2i2v|KW|XoxR_gasPIhT^J<+90GbDBme5*6&jLs7$|G~e>;m|`u~pXU&`SBl^6#l zh$=xJ>(@K4M!y=W`Rz2><;M0V_@1AiKijRCUg{D`0J=p+6Y)FI{uYhDR%B&kV^ch+ z-(V$^)c-#aRQp9x&I)6!g2>2demhHkkrE=QXCyS&`|T9-;QO^pZH~^;_aDw3M$dZu z0)#U=hMxVl@PC{Bq454cWYf1mVG;q?jW&M!b2t4eH|r!Xj1&n(rT1EQI0nvq`z)c4 z5x;0H*O>!jyWMxjuDl$--L<^y7nG3MMnE>v-KX$a3PR3j z`R-Y>bVZooYcvdJ#H7Y!^7;2#kVCgRgE^}$hwJKKLi&plDm7_onktyQR;T|Xp5JdmCtcV-Ow482 zUaLiKvX}R7nMHrjt%n7Y&u~{Z2Gbo2J;XaVhK(x>ODugX6)0nO&VGbzwfddGI$cI; z15jbTI+%V$y6s!_V0QY!y3-wxtG##Q@X9bd1-!G?wIQgbLb2m_W{gLt_G8&6V>^!X zQ}#k@5loNghZ$w`Q@PD|b5Mv%b>&?v<+jtNW0b{P!%^5puiO9hS{*nmm<)agXvQ?( zop--d7fLbl>XRMEw)v$8&tV9ON3*~7H^+#34P(+k6U_!Okw%^D#q88zCz<<;4|>MU z1-?Wy1sop>1YpuR8+nF<8u)Cd=Y|SEkmd$hm)`B|B6^;A~iu_Bw1Xcw^Y=bd@q zatq9+(l>n%w5wj+lu$adP%LxFm*@8ZnUv(FUCq?m0=HVT-e^Ic&vHaLzH_lI3@KwpLxnT>ZVo@`mR*zKk`Yqerv z2TXqSRMVtXK*nT=_B{QkM`wGpt{XbJVYmJ3w@s0CXit8J3mnQkeFsHqfhtU%u34gi z6Pv7lokQ(@E6wY`%d_MnWX^Tsijeu5x_pIX-RxFO`swbctQG?Ru$gxBbI4@5@$kk# zrmX}@6x{uh%GP~ns@5N2ZT)Mbw!9tT7wJcCv~4J^S*VZg{5gQqPJ#aC!nX<6&~s z-Tn>V0)$&&iDuFLEiD=3^SOrm&NGrsIe(r70GT~C4jfj=Nt%(?EzHSknlZdy>PKgk#A{1Rkf zF)G&%Qs8LqoobR?AmnV_z3zcnK$VV`B_ zG&ybO@+!qnzxfy3_f{`ds_p~r?;&N-sr6;z%{C5MQhIyA;l+3N(yv{&|GrsS=XXX> zqMO@9>#^BR<cwv^@K{eu2n2 zweea~m7z7EG>Tn(-Tsmi;Cr45^;5BLvem4yn;kf!5p;^pZdTmUDtHM!o_9#N~k)g!YohatJI70QNUpf?gZBOEeg@_*|;rR(_RrQJCqzvDNz3 z&TGyI(Tuw#w9*mOfJs@nlpw02@a1=vYL-7iNR02U8u{B{w$FR4RLY#`YAk4JxR0)M zE$fa&{i)FYGI#I+v2U?|e5g>exmjy5NFAU_@#I!*3bmdPZe0SIXg@1#;fwd1gW%9D zDWGhOJ?(gbBEm5DWlW`6w8$u0n?#9acKwBVrZek}5;wT2%=vJ}rO+_$`u0@WYGE6? zJ-n<-9B;hkD!M_2ngf<}qy1$Uvn zUe-m{aSp$Uaa_asC15V!KYWF?&_wvnAn9+nL%S8=CA`( z78VvD`6N>S8M!{wZ{4yw$!BZt?~X3h&dKBf-H&V8^=f(p(FlmH$8qhnOc?Fra)qqt z$mbhWWEpz3Hi^V*xF{Mvn|p2+r*?BSAJF3K*+m{}q~XYJ`iVO`nBA`CiiTp2`SOVo zYa_^$`F(~mU@-?MibmkvS|OQ(JQZrE{fbYPfT36k)Xxd}9(Mb36dFBVp_(g$m;2_l zw3hvGPO!7oT(z|sM960MG$)yOps2TaqYRLt_EfP<@LEsr_unowyKX`6evnQ#j$0Re zOVN{|6|}0L9Vxbdlp#as^Nq;b*QwyLMI7A$m&gEuHf-38n!Osd^N?eapjjFE!0onr zhxwuUiL`jN0Z#Ogh(mP=uwg*p+XyOY-k)@QRY|a`SOd7blj(cfj`a6;3#apueG^dV zE`gl_9M0C07k`-^-N z-#JQTH*5t9H)yGgWcxK6$M9;4fk#N&PWQC%cA*kyzw`WK8?fcrw15NdQD}Wb(m`ur z?`A7dyf#>#b)~3j8MEoqblEiLFe!P1LH!8ISy8N6@}~D@p?A%WQ(pFNqh(eVkJ3I_ zYG{Ef=}c%Og?@enxdB$0Mc$0%n}^e%wd4dG7wslXH2ZlCq)oNUjqDTaCif{`6`lc& zs=J|e3i9#d@UM^cbKqraEj8rERB!`TKlFjL`w+(_VZU?j&NyQ$q}7ki)PJ4o5~!SN z8b!lbbpj)*y~8BG)?=6Y8}JhYWHeGRj|DXt*gpL|$cOtdR;8?fVuYVt|M#9-(=Xqw zl~CtT&Rz}91sP)SGcd3sdG_UR8V6-^NCF%R_p!BpW5r0m*2ZKM)U)lH*OC5)^y@-G zlK1mlpts~#pZ90Q8FCyokI<+$H2*dpPdNz_n)l{km7qKM>~|}=6WOOKK+(3Qp7fB1 z|kO30;?I7VA8CoJ)D;{Ij329{E7kgm6_ydBR?K;+VA~|eT!em(QMt`3 z`()2@XR0jb$<_}_quK`&QSbeTg>T%ZaVT#-Gdkew$=;bN7g&g;^w4W`NhHj$KZ%^Y z9e@DQ*EAkcu37V)`=K%yj=z}&Ag4jF*-`k&-QoH7s%9Q;{Eb;gl<&!hm`ZALwU)iZ z5vYwp{aqqULHq8ufP{m~4|Eh+J<)EQx=nU6kA_|5bdXLPrLzGv0!?r29mYz9Tv7YZ zqbp2}sii7CiV8e5Po3V2UGDaufZ4=$=lAi>)?=v9CB~ka%5Zd)r$hwEs2VzS)QJfs z+@rFDpME&;ZYyVmMB4Ni6Hd=WwLG3LH5UoEWM*cBt$GHe+Cy7-+BuM?0y|u$NyZZz z$wvx1be9sY*4?h>d1ocCuap6m$LaMH6Wh`oAZy!VcD+mxMCZ*4?Jj<>6NsGCf;bcW zWDiX66MXjxuOHFv^L03nUuGZ-M!Xx|-npWbmb`v(hLG^+v`6U0AjIof)C;>ZJ)bW1 zJGRwpLwq2Cw>|MXtIscx+14IAV#Mau<}yIG#@WExGjqL4>^;(9#`?%XSU~TGS&Tbv z*1a})^%YSpcV?~CxdoazjFtcZS$O@_$OQK-Lp^kbXusO=)V4x*!_ALg(*~BAGz$ z!?4rYLC(d4d|QDt-_eeS>5uh9AI2mK5xF0#T19-t?mQwvXrk%Cod@Ab8(B>!izTV3 zi+(H6`eL}9+2*n!h1SAcZK?T@nAz>VD&y?(^K^$z0uiwjaR14)g!++rCF6qhNprRE zEF%JJfpNk5lD+pnre27jar*Y*>JhSqBK+m$BWi_TOU$>ZNw=N;5|SkPox;~MWe9OQ z{W=Q2*8m+z1Uait2?|krrz;Y##RY!05cAv)-f*)ZJmG~R1SL3w2}pLI%om2%+Epf( z86?t;OkUbe_w)wY)+Z2z~)N(Fh#Ny6Ex??dP8tzgAUHdj1_f9}+LWy(%A<}CIy#*4f z0Yc#Ne&>Jgopa}WGkY?b{Ps-t{Pwf=+UwbCJ{Z~T^HB9@1kfTzqZ@iWJSN!#K;Cf>ohIn_Xh81|+&gU3MS%+-^`UD*> zE!2F?x*mNW&{4bYcWuAb@~XL`Esm+9<)u9+_v>NmO5RX!h%10?QEi%!%0cJBDW^vK2X`YY%^ zvpxDhv;7d=au&3sVTR0Fvk==j2Kmyz7;4<U3Scz8BXbeM$*zj!n*nE#CIS z^VtEEt~)$02*}3ko zv2L4tbMEsIZ`?N3^C&&mx9e-~xT;i{beMkFFse0m%RAmhdoNJ=dZdFIDh>RApR-g? zPk^$s7bnbncsY5us$puKCg+E-O_$b66mK+drdiKRccXi5f#mKK1k@q%<}&@I%(702 z_eJ}|@W5ve9I`_&D$V;-;{L~-q zXfdj?C$iu=#6_@u@}ienr@1)Z;pbbR-Rl{*8C$GA+?^F3Pv~T|?oo2J3MKS6qEyp) z><=p~sv_8B10|cPjq%z?)Z>*RE_=Aa(D^I;9_tJTccpp5($kLfC1t;Pm4S1+%`XYc zutJ2&4avYlJY>SyLED7vxB%I&g%YF>tz0ivn$_~=Pk-1C&wky?-AO2eCFZvic}a9$T?SQZUkUX7ET`!4Cc^_iSKc!S(1q#`1rSe)`22=IMt4!s9p zW0rO=obp~ML0xg?;Q(-i+$o}Q2gItj-<&0z{-LGjAPqXdkJ`2qYCDQ-4k_a8^zRC~ zzdtw{G#4xHI4=@8gTwpJCjm~IhXKujYlcC)13S&GNQWwIp1vi(=UUMS#1Ezo;87nN z=ctK2Z72@haXJBi13Kkdm?8P(z>l)lx)d4#ow=y2Unh=Ko&|)ghlL<$b8Y%!IZVQb z?5mBvlR9=wr=1QJB(Fn7wk5wyYRhRn5EuR+YC<^m{(dxj z*<8!DiX?M|zy*|7UWJz~ zoQdR`_~VS#}nmD$ z9)2R%lE-zdJfn#OUar-OPc4Rgs94a&7=bCr?R#>c93G(#LmMcn~Y+ zyaK@UvGvUwAXpm7nlj4c3&c!9mbdTd&$$uqekGke&OkzW_j`p)xbCdnmNviSEUhV4 z5ZP4VR1{HKXuE=5b8kzH3;2!CR3eNK)BwQjoh!YWco^XHuU)T1f~`eXxZ9*ceW?x& zdK*u(VK^T0m59UY6a|752V8D6^Ah~OyNfJ>rv1loSuirA!9-(Rbv-DO=N27WqH2Rg z1!EP8D{=}+MxH}&h;`66OxB4lCMX?mZqU0u8@nV}ve;o&9W=d-av!AYTVrea>c!$5 zZoB_%-w3*cll^NGtrW;B}^SXcm z+h0F{uC1U!^R|64=Z-2lsN>%^P{3KhTr&kn3LM9b5tav-uXf_j0jgs?zN}L(wGq`rmwMXPLhD)rJQNU#i(h_Dmy>J=a7^c}qQ^tu7Tx8MKtQ3&; z`~q=pdLJmuj0Wl9I^|RWTQz1ESN6NOn6^B&mmyG*O5Og>+{QmBxW{bvE+%UN%P}x& z>I4SKP9Y(XV_d{TwTFnt-)rC7eA;+T4#R?8oCS9WSD7{|tS^Zfm&yRwL9eCQVIveW zS#N1lu5&~Nzz-KEcVdY=Vc)iunTokFk(JEE$j6JgUwT)oLUx;cIPL2!c17B8RGT$I zhjo6=*yyzeJ#mS0Ucex-_1YGXT^J_=54B}sS1~rQLdnFvx#D^blkd_vZ(86J7gyH# zrjZn%_nbNw*;?EFDQ!=9>^(yMR^(y1aGr$S1uQ<<^@dC#ga=n|;1iK~l>%I)`a$6D zGOcUyR$1A2hW+peW{W>7;aWlXrGsXUjM5*Hw_dbGDkAUh&o$Opob@3DGU$uF1X`an zBh9y89O>cimj3+U&nOH12~KOU8t$lxlk6hxGh1`R%1$`8<|A7=e|g>qdh6-D&1rwY zHTC0xxpv_106|~+jGhHnTlThpN@GFCq?u}9E_z;~0 zvf5tn3>Y?a30VgDwNqYEF`YK-xB=RWt=DpBWialARcD`&6M~(aV9FZwjSV^wyK1>+uN1kKj3Kh+ZATk^I9LdEO@Z^&LK>`GWhjF*Dk_FBLz)nbZmcp%kL^PCqzh_{x}yS>iy>me?~Yg=Y0by4#Askw@!M| zS+tw>Ewcsel7t?O2W!!*`z=&5+Y&6b#0!dc+UYMHynozSXht-{Z_H(ZoA%@KdP*9L z!1opldtoN9PrUrb8z4O^f}7p7g$?JP#fW1I_H+eubKOw-Ab)qs@dvvHvb4spj`9Q2 z^MgEoiew{@D$hRE{3m9a^dTYCVvkJA#1`Z0=GY-JN(%dDGTI$Pdy?m@MXfIQXcpH( z;-{7eug++2GVG|%IXXR4?|Y9}gqOmfZ109e^t99zS>3`pMzq<8U2Tl{$z@3-zBLq5 z&x@UL_Z5A%Gt9I#y;UmsVgXevRy(~W&=OzdP+OOZ(I_PfQ}waP*C3$vc{V&!8a3!) zKWAp(fLge9>q9{_I?P@fx@>tpSPQ4r=J{p>RVSyfMRuSr-3D69 zcUjWrGo|~_?LSI4=BzDh=wRQMn7Y;>B7sp&S{&l1_qqN0hFv0h!!OTutpobS4G} zTE5~Z^nh#ARp%^>3K6V>gMGsLa1ZmB!8v7GfUP76Om27mhxebYJo%#mw0G6>t#d5j z{ssuXNj)A{r?ot2b{kBp#)^ia4atEa)Mfr`fzZmwkfazrl9{THk)DdJ5(2p)JAj4Z z94)<=vJWts-CG}9NBhpU10n>V5~$-W_NBudYGz3eles}IC(o$9nIxqao@Ld3IqnS#sEVzrULtzN{=96UOaMi zQsGWHc2H-ezN&(tt*^kv?~adwS4}O|NmUc(w{F(^ZiULL=QU-PQt04P^l`^R?!=n3 z>`uTt+{uK)??xWXR|CyF!7u_H+MEsz5@V2E@_5gD4N z@ACX~?HFbn8W}{2tm{Kr`C*UBIyS>Rsd?IdvwLAgdv0_?6FY=@#bNZ*f%Q^9k;!bQ zi+4h;7D_>iZQJ3|&Eq3xxY2=**F&esXC1u?6L_)(Qy?wG{!4lVXoQVn)$$_kM>93= zIo^fjeuEnHhBtJ#Y@7f43BQ)BVx z$$JZgIC8$lZOtc$-y-))C>z=Sx+BbpKMT82M!oqE`|4Eq1&r)Vh=o9Y&t6my4d8R} z@napsg(`DpPWI3^+CLvn%JKpW5&Zf0@wW6-`a=IPh47L9`>Z}IIF)d9^4-L?Q! zK7;LA1od9ECTCC{1!lG0|6p7lZwX}&f8cTb(Z78|pU-Lu&bR~vR5iIFc`{P3_5abJ zmqEty7|;EAm^v9>tsB%5KaU}YYaF6c8`YzJmoJsi2nVs0k4bj=uiLsuB^#25q2ipI zemrFc)gcV(?C4i%YRCRpr3D(i>~RvF@DTHal*B}xACjc6ZL34dv!Bcla3JG{g@M^9 zzn*L8KikgfE?%E4{B-DLHMWw$I8lnO?ga5wA@*NVJFP__g3^z_CKF}TE{-8ZR}0OX zXk|~@D@Nr?p5q{HXkr3&FOpW8EtgNP#hnS38v;X+6xv}v5lk<% zvp3oLbMCURn68|CqR$s0=>7arezI12B8s@zUU)0o9l0TQv+#pLSv%J7xg6QoV4U(u zlMhYh#!^4WoH!ZACNB}5Ku65gjd7W5w36{t&Dw_5wKK$si z7UlsTv2YXN-E%0z8cnFS{hYjU*s8(2JW$_#2j*2G9Yprh;;2M^8gjZm@r0!%#3a3? z%7wnA#?Gh-vbELbJK}K7c&YQ&Y21R<{AXnb>-pt-$+ZzL8T#x92mpFo>p7v}*;ONr zIUD15!JjYJ?*rmw(?4(mvk1+FmI&I(8dQq&GeT8$LGT>=%(Q^}i&LwdJLD}H9V@T$0sbZEPxgj*nDUjrn)^qFE8d8lirwSlFo(1Bt zIGWTFEJ=`Q?+87@lDXpVV_|e5m_Op8f!EyhkkKMadcgy>6&DkKMmb=0&?oB*Ow)SN zBFhj#xQis}_}!~2H_FoZ6Grovlpg-=Ih4wYB45{fi{aH$aR^7PluFfIfQ6O~pB;S01q$8F1 zM!|3T3BocL3y2H}6c|2cHPm+$1uggLVQ%$8v}pJB=(C zr_9hdoFBXww%L2J?*LeQ)bGXM!A?Tz*cxOi&AE*$q>l*nr!6yHsK6(&hK$}xyN7t( zc0yB18>*E4=MHV`6f2s|Vy$m}(|_hu_G0qp##vm8R8EU;ZQ%M2{pE>@pksInvXiPm zw&^;|<|57#^|x-C4C7IOQ7k2L9U?EIqP{u5%1Xt=0}u9eRmeTc~zcJ8pHj%^BEgF3T@A2oS@G4eum1(MD*6k;O7ovphU3Nglror78* zCM%9y_s&h#Q1>xhwv^RJsS@L@Bx799j$IiFv3;?~F?wXkw^qGL|68;Q;g3r+0+wUd zH1`_#g>D$12)%K_#;2->X^9jYB5+}J`@fLYXj;(qk!dg_I7+QGTjby zgSAM*PuQ;d@D`Y*&gkLKqJOa*Ab+b36C`bvAPd$*W=)1D8x3Mk3ZR9cEZ$2;yk(g=nVw3%JUQ!&IeDDivcz7D;ckl$qDu+-`~i#s8^qS|J1S2c)Dzq1niWnK zJ{DgE=C-+a3>xcDkB`~4E36Qam(bj1j{{44f}xPRjm$&VlBy5W-%TcYfpy-^qgp-o zd++%%r`?RIN`9;U^K?gRzFyd<>{WmH!)GbccY%?U(@;FyTT{5im$m_G`;&YghAzsY zmb>jNPe=^vqqk;3{u%KXf@YsCc&l!BYYa@Ixq_Q;<43vk%~+p;6YgAjO4CZ8SBs|; ze%75!qI5Q@;!C`sk9<6Jn8>H2fGfDA#*~ZN; zlV`~Rf^sxBtfzHPtFvTAwp7&fnYD{(2AICL+WWTZ%-?KcVO&F!F;{+_9kAf$M?T!4 zb(0vB@=?Sp<9XBo>BjxV8@EZX=ef(}{DX6wt2fXpK=wNX8@i>@Yc2nqi+Mr*Wm9mv z&M)fLRv0()P!!GY%Du>Vk;h8RNFp^E!LFtnl#f2r%qIisdF#_pw<&%G#*UT{4ueZK zy(-uqQC~5CmShb9shPhMGGxNc6k`nVW&Z4GIZHVvY|`2LmurN zxy*FT(>Pih4-9bf310nq6Ig7DDWqNVd+5y`j%vvDD)=`X&^Y8?tHPf`2Uy^Ajc(eecLoFH@!An0{x9s2(e{6*S#B(6zf#X7w#* zH^B)NAV#XHV&0~=c(OXIH4A zvSV&R?Sc#pC4%oDPAgZAoB=B4ACdWlUgXf8rx~S(M&V^dm{0PIEapRuN%cZUk4FLi z9!=AqbGUZ_Nm@14D;BpzgLs!C?<)Q6R#guRpcP+;={=-uL`_53jc}q_4eZtnai7j5 zJ0}S9TfGSbpoN}8i83RzRSfM~)^F81L}zln5l99p6ZHLzt~Er=tMwN1N*-Dz^9j_Q#Fqt3_G0s^O-YJuWmoZ^yd>_%Jt7Q29xn3Ew2W} z(cEL~(wr0OjZZYQl1AyN)EIlWKB)+zwV?woZ-DRrx<4U%FcApT1MbHVhE_lE+m5m|O#ul&kxku=p zrKI|P`I{^0{^r>&a=%={3J?S|ZOvdA&(Qq*e6~G1;3vs#^}ms02x2m#JmLYvTK%rp z=C?YxW~QGFtV+~$nL~~iM^98A@-Qqt98OQ=4LlJ7*sOgNpAetX@tYJ^ceVN6;kv=I z<1gh_6$G0iwS*`A&YRuBVwK_t;j9S8{Ma+H|ku@cO3jQo|* zQ<&OA7ei0TirwZI9J}pGJNgEeI{~2fZn8&C z9kMyRSPKI)>qoQ|MfHfk0c*z6i5jDkUYxp2F{Z_mLU0S}?TFx! zq-7Pwu_VCXSvZH9)*;Q0uxfq`q|^LA16ZbQyu{3F4oO{HJDGi@8RWJ&>xIRSR8$wj zw;muE7UP$N!Eb2j%5!io@;BSihbcAz+Y0f%D%L&_{OI;VsRUxh=na?D-Ei_%b0Ayn z7R$4%kMMhBWNFG=#J9s4wp)IxhF(;MmgscAM&;u8 zUV>OEqCI|ST-w7#8dgUYm3({jt`ry(C>PMaByNdtx5c?Rqar`=-kE7J?5SQ3kqwxq zdR30rFUOyZBwyrwZteE`>K98-4EJ8RqS(Dd2$fQHAN2P7hnjGg7t`5@#8_TfG@v9O z&&oKJe$jAly~77Vx-)j))Vu4Qc>U(^>%Qq6 z(t#WlB@$J~c?bQ^*POhwj>yY#yEY@J>&08VE0b)kUud}+1nUbw6`yQJ?sUx40Yhic zH8ycn&?CUr=@6|K!$Et%pjZ50#M$s!&)Vh`IJ?Om&hqCQ7i!TQbqMnMC$+)c(=^_n-L?L<~uoWLtx}kp0|IZC@B%fU;+;UOKMG_RK}k z6MG5r-l@an{x{6$!&ryjv!<=wB*T%cUjyNh&U{dk!?!5O*DnUr=kx7f23Yy203Dl& z^c=bFVgmoZystisQOL|*1%e#E-yq`k%gs*wj%dJEs$))@F9CiTHb}YAr1+cO1R> z^^1%Dv~kIK`jiO{A#;HGNPg%ujrci}JMiKeXiM(*?b~FEEFvk)hL(np_)MG~P+urt zG98g&I+1&kCkoePxvzE#78R*(;@3ikGg{=KahkPem!nvtNX**42Pd#?q(kAcuMm;X zoh!Q(k0d|!duH4(mCv9uwpkYM!FRq;~DO&;E!B^918}VipgR^US2>uVcmZhpKGAMy0M*#^$ z>#pru$UaY|zgGzxyW?Tx51M2du|AW{Q|AI)Xka{)?Myym(OByOP|m02ECp?+y>bfM zplL5`h63A%bPO!aR!D>1E33LdUsQSK(xNrf^>8wmSB@u^kP#KTfQlpPq%b=Ek4j-Yx`i#UvYf9bBaa^6`+feo93Ctgs3` z5(7I99C+*j!73yV&V^zQB^V1?2YiV7?!Jikq`Wwff}UOFKY3v&dMbH7e+S1J#ewUTojmhi5s*^AdOa|-q;G)l5y;e-UCW>PKBRqHrO9ZLW0_Ej)ha~ z%>(Ds^0U~1Szfpi>iq3@G=6qR+!3L3wR7NSaM1+Wn*#?I>!r31Hs)sDg{*gPwPc~i z;Yj9H!~=hl03bw9w{*AH-hk}V?V>r#@KpxG0E3DrJ$S6}BY?ZA>|jvWRH%@6_))LQU%G5&5~aHLcNSH~ z$U(a+_z{oG@C|CVU|;PVB1*=s>IjCuaO1DU5~3uH&sJY|H4QxDPXG?oH{f&B;71Fu z8EkMDo-O#C;od{<(!P%~UGil2dpo@_IJ1FaUXR@N(h2*CFWw!e3^+Qeu}nF6_Bb)9 z^*WOvk(ubJ|0LXsVC_4Gc#UN9NXNih7V3S|dZ4UmvC$AV<9GSl+Dx#%+aC;QF!;F; z8gqKS!NnnaAjon{nF%7{%bqn2C+z-#u)Ozps0VUtZw?=HCv5i(6dWlg?AM(tY)x{1 zw9EIWQEVTIkWgUh?cJq1i3yr+HrcLTNxaiU#RWl$6EI!c^I&cN*~X~62$#X4gN3kr zzxlq--Y=j~zqDZ_8;0FxeKB&!(5r6K$Ak8S1+-(ckuGbLvh(e%#LIo)efdPw>sc4f z*^>Hw2u-rQzse~7`tST+8@1QlKLy@u-t)PgguHK&m>s)Sv-#kT`2d`_tEp6Sbcb@s z{F(KFP7oVkxSQVoOOSn!AD+#-c42Lgt^wXd_$9ODCz*zMv(+4grzB-B=#6}Ag$p8C zK)R7N-^iC}(-Anzrf9~W8$?_SsWzkEU(4ebGapkzT-2OHi5c4hteNM9sOkbbP#t2+ z3@v9~zQRWmEt2e8SZ(Yx7BrA*h^!u$e7mA90c1AtEQ0xEtjEvxqkEh5X$8AY~Y>Z~8D)_K%FCL^WssRL&BC zIh?r0KnHxwYYPa|h;%s$M9dLXOahxYKm?mCIO^30Tw6Nk(t0Nr7*dC7{)MPwkG}h| z&%Cw(<5PBwm1iL#Qr#&Q#$nq^g|+G>6HBfvIV z=}EnhJtBmtH+i!070sZnXp=}(&W`l6~RzcdjHSN`Hj`>GkR`Yj%u2V_Uu%%Z4 z=*WCMm%Cw}!?%3AZzDsDYIgFCDGldyw%FN6LlC6SL4TY;hv!DWsSuuB0v11tGouDf zXdsTiLuj&OGH@|Q%wX_<_58o6CALU^m1BY9Wo|a}s=c8@c0}&l;pX0uCG!TKZg@5@ z9yC<{2eJ6Y|ApAPF*TI3z-o@1@Qu}<YvNF6~y>kzfR*oc) zn}l%^l3I=hPgLFvx>gfY<766M5p8miQq>8!RTV!}82kdB7OTK4ft63ikB^bvd<%%M z)j(p^AgOFEpln3wE5ZHKaLtH)AXyX>$_9P?`JAuqiW>ssF6DUTqK6!v^QHDXE>uu( zz=_=n3VMs+vyt0!r!zI@R280DlC)8hE))zJmrzYYDgxSmxKcwDc?$g^w_SUE-yUC! zQ)jHYe%G1PlZ!eEDzNAR;$!B|k_)aEm59CMi6#s#A)yv=IL1oXQB2~GMr3nde96>q_ z?FH=LL9MSFofq0kna|#HR!q0oxHj2i>nbYAQTfY+8=*|NFR4e|$UQK)J3PY&ax5S2 z%(M4pVW1&^yf6ftwT;h`h8+ea@vNNH$8p2GZ0<;w6{~d+D7-hkhVv-$0|DL*b40)# zAP+Px^9unFY~N2h%(&5^5)!Tywo4V>$23``B!jsv_DKbGi$WC)nL#|TCu-hb%9>dB z)Te_CEA@UlDp0($uTFat$6v6#U!(8q^nPtgm;BnQMBv;r^NncOWy;)_EO-!jXG>x9 z{ns7q?Sx5*s5YtztE>JA=8emv3yY0sS03{f@+F#$+GNKlzsl4FeqZo50l`cfo`SOS z2lY6|$7Oe{CLur0uF2Lin8J$X)rdGOd&k!+@wp7t1Ll@TM1l2Cz)J3m1`bj-7jcqG zE8#F7<0+JN>C~LC+o60h2=pb9W2l`}XU${8)v3e(5G{jR#e`RwCZzL9M{_Nea#UPi z3_&JOi6Yk<5{X{2Uc`aPjG++Mu&{>GsLDEDf@^*|C|eNdK5!8{i4|0=zx2aNSa2L?Nw!-7SoJrxD7zx zn7$ns`BS7HKYoxCF-~F?L?o-tM6mIS2)%#*$^P>4l1{h`dw)OI9~KZG@~2)VSF68J zet=4l!Z&~UXpWEX(>vHMCN7UyEXVNIo(hVcPa5<%TLA3QPuN}9{%*VnGk1(0R+ZaZ zGSkiRhHy4VDe7X&Ue!#uQ=ro9fjlq+W1EXJ5W#xOZq{E%!=9o^FNtHz?yD?!B|B7^ z!z611wb2EfcRw~~IxD2{l<0iQ`V_JqUQIi2lQ$q+6d&xW zKLUjk!0z!v{Ds3SSN}gG`VDdY zFN_-hM<9_C@xm7uhOnJ?V9cL!j%pp@747O>m&(#~b_xb8>(cN}^V{SXIc3GU6i39! zyQ1Xu^hD_Gmw5gt7$3^ZX*i4hE0A!uhjvsZDtp`Z2RUl{i$_kXhJUN+j@3bShk1SmkDsmOtg2q@BgF4XiJtYo z1+qz&y8>dKcNWJIKnWK}&2Qz>B*hGK$1~v}enQr)QhB;!jDxD|JIb#Q zw2CxAXoxj*pVZm&zYGB?0jLK;6=y>ZNp%12K{e&O?2z~f!v+4Ia0o=>C{b3%&Ggo}9WZgZb;_Ccq1J_i? zNQ1+=%Fn*0xM0tEawaut4R2zlX_5&?oC@R>uz#q$l2I4KY*fxn$Mv^-^@ZgH zlw#3m)?f<5sE&nGJoEF&w)6uisuG!*WvX9tl$sA0UCiNN|Ge%&>1;Xz#}oA`2d-~a zR4)rCobGVKkkRpAqeL_10U;siq@=8Awhn6G^M z_F+{HLpWxG!SNJYz3C8X*?(5**4prI6yfv{*(K0c;9plg>cuk+9;azJ*gI*lz(c-8 z|0y>yL%rnoJ4667e3`1n9jQ+tiReF^dVyfb!u_i1dM>NV@m`Q-fxgD`WLeE1z^ZmJ zx)L8bREe0+>IgSHJNqrO3Bqj-AYDT9HZ`bybmJx<=sg+BGg0|#Q%@?T4cXIF&0Ds( zu}T(&n~L=2d+|TSj7m*SYSMa}s_C@@1u&iPAE^h=9YW0Bdrf{)q7cm0Rc_St`}yYc z#G*lFpY;g8V4Prl{Fl$aia1CeA><@YOICl~{h`NJe?=3g!EIm0Af;n2Y0RDyH(oHU zy`7wEWjTVkr1d?I-5ULIwC~=B=!IDO%yZXOV$6Or6jSXHf@Nof_ML0@xpL&7lpx;g_shHgW{p zJ-C3bZ4=h$UHZaer+W(55H`xsTw{)aPF!8paZnkoiB)%RErXnC8&{cbB-djE?=q1d z%WmCmgudoW$7T~>`-~#lS)}pfIQJp6;=aX`WXcG^FWF4(ThY2r2A74)gap><_tC3VbR;=$Nd zF|Lz)VmF~}eFQ#*04{N~sFF)g2883(Ix0%WyZ+qszO<*ewgj2WVoUyha8?w~ml-Ef zz&l+!b@m4vucbB^KP)}#xepuyD!Gr3n*OGm-t6+KqxVWjJSE=2rThgUrr{&x{E<*! z_BHP8DXAG*G9GQrl0@33c#V;n{NXoXrAX?BarM)I5LLGO<|-i@zJ2FnN2m5ewd z>oXg_bSI;&aKUSyT_+v?Ei`V4WE;1;K&B^OCGp6?+C z1}fM-x%dHgt3kOy6mZRy@1%{MtyuP!dT6HM|M0`Xp$II^?Av-=NK?Rg%?m z6Krv9(@di7y6FXt(w%5~On`BXceB2(}G{@cS zIRY9p8w(GFLs+Gaj7@wA)ktcKxVX4DOhwHW1@0ki!ORH2lPY_D%bO8Be&X(45cQ!O zUwF8r^(gZ3OuGEX)KN(iMuD;xJ<>V1cb{c^1KwodGd;mE1R3vB@N_*h&bbgR+9@}q zXH!w4DG@NOuLZ+CLq0jVw>GNzt6(L!)tJFqrD!n8B3k?I`Osn>%{iM`z{!@+-<-T_ zG&GInHK(iCXOB~^Mg720+T`XjT&hBLdp+T}5pK4!a~$*h>b>Sjsx60-^?H{Bk&nCG zHJZCNqUYS}%Y&$s3y#eqWJ(9CkYn%a@|g$jfqP>IF>Q9m=F`J0amr?>C-H*!cO&;? ztoP%t(bXP>C0>rD)}{y6i_e|&a-p}b_GIx!Tudo%F|$SVEOpv;sWi^}9$aT_)|f3P zo7M06mqu3`0o|@ajp%<7K)qwo zblI=1Ruh)895XZ1@-?dr6OT9w-5YP<>$3!ht*i8wmlP}-#v=`Kswoc(JCjwVhS_@w zEvTlZiv4uv_8ZrN35oEJjRTRFGBr$+X*W(_xyE%Wi-%tl8#;aKYv-()lh~;8O#L5} zKEIvzo(QSAC)$6YCH{FzM#$-e6axp=E=yF$CFM0ZNGo@{uqXnP(g7}PnZNL70~}6VKR1H$fQ)|?qNtU zl{t7zwP7;2ppFhamgKMqiEW?|;vq7q+6)x`u+H9er=?x9UZ{$~-fdNamdwRI-|i}E zlDrgycW|Sh?~_%3pl^SQ)wO-vnVz-j{iggY*tW!GZ5HG5I+^mREK{Rc0o|H)pPSJq`DW^e=`B&Nm(V0xRcPA3M$>*ar^yCm|yHuI#P8-~Ryi&y=nJ literal 0 HcmV?d00001 diff --git a/logan/docker-images/v1.0/oraclelinux/8-slim/Gemfile b/logan/docker-images/v1.0/oraclelinux/8-slim/Gemfile index 986c61c6..c71b4f14 100644 --- a/logan/docker-images/v1.0/oraclelinux/8-slim/Gemfile +++ b/logan/docker-images/v1.0/oraclelinux/8-slim/Gemfile @@ -12,3 +12,6 @@ gem "fluent-plugin-rewrite-tag-filter", "~> 2.4.0" gem "fluent-plugin-parser-cri", "~> 0.1.1" gem "fluent-plugin-kubernetes_metadata_filter", "3.3.0" gem "fluent-plugin-kubernetes-objects", "1.2.3" +gem "fluent-plugin-record-modifier", "2.1.1" +gem "fluent-plugin-cloudwatch-logs", "0.14.3" +gem "fluent-plugin-s3", "1.7.2"