From 84052ff0b6f00b1610a7d5540b7c5f5613abb376 Mon Sep 17 00:00:00 2001
From: Matthew Mosesohn <mmosesohn@mirantis.com>
Date: Wed, 28 Sep 2016 14:05:08 +0300
Subject: [PATCH] use nginx proxy on non-master nodes to proxy apiserver
traffic
Also adds all masters by hostname and localhost/127.0.0.1 to
apiserver SSL certificate.
Includes documentation update on how localhost loadbalancer works.
---
docs/figures/loadbalancer_localhost.png | Bin 0 -> 58266 bytes
docs/ha-mode.md | 56 +++++++-----------
inventory/group_vars/all.yml | 5 +-
roles/kubernetes/node/defaults/main.yml | 3 +
roles/kubernetes/node/tasks/main.yml | 3 +
roles/kubernetes/node/tasks/nginx-proxy.yml | 9 +++
.../manifests/nginx-proxy.manifest.j2 | 20 +++++++
roles/kubernetes/node/templates/nginx.conf.j2 | 26 ++++++++
roles/kubernetes/preinstall/defaults/main.yml | 2 +
.../kubernetes/preinstall/tasks/set_facts.yml | 8 +--
roles/kubernetes/secrets/files/make-ssl.sh | 7 ++-
roles/kubernetes/secrets/tasks/gen_certs.yml | 27 +++++++++
.../secrets/templates/openssl.conf.j2 | 10 ++--
13 files changed, 129 insertions(+), 47 deletions(-)
create mode 100644 docs/figures/loadbalancer_localhost.png
create mode 100644 roles/kubernetes/node/tasks/nginx-proxy.yml
create mode 100644 roles/kubernetes/node/templates/manifests/nginx-proxy.manifest.j2
create mode 100644 roles/kubernetes/node/templates/nginx.conf.j2
diff --git a/docs/figures/loadbalancer_localhost.png b/docs/figures/loadbalancer_localhost.png
new file mode 100644
index 0000000000000000000000000000000000000000..0732d5489a919007e65f58f15ac0e181b612e7ee
GIT binary patch
literal 58266
zcmeAS@N?(olHy`uVBq!ia0y~yV4lRlz_f^ije&t-NzG$!1_rikRUr{2xfSk3i3J(H
z`6;P63=F<u$NP?K;Qc#`b<*iWcjqmxUjNu^AIrPF<@L2DHyKVIo#OJTbBV_+dyU)i
zu6Li>b8K1v(`ow84SyHh;ct5JIJi9aPcz34eU=;lITC-crylTH-Ts&9%c72Y!5j7m
zyXGy^<NxHccKdo8uYZe<gu70SiT&*uvEkjTZ`GYMmcRWGnz%ak&FA$dpSb@jskHqI
z;;^Vc?z-p7|MpL|HlI@09)Eb=;LmgxsrB}L^RC|B@yGDo=Raqs{rI!?xc##-|DW=!
zWsZM(t@5e)lfB05tA#s{*xp$1Z_1LEz78=K@owFd`J1j?-lo1+`f6cB=ZV&k)VZcJ
zq^2LWVQv#`+@H1djFooh#&?HeUh^MHk#Sj|pMR8R2fNXSb2%aL5^KcfdjBas9@Y>t
zVXDWfBB#ckYv1>7iB0obv2U&)_l?)uCR^r-y_CH8@%_E^$DZF^QTNFD?Cqq>r=0K2
z$eMO-+SYfIEiZn%(#UsS`j}_U1ckKevRVv{x0bD*_idZfhYBCRt-dJ&C;hmu&eaui
z_ws2gdnv^o!}8-Zv)!emIg!Qg&Bs2lK5@|Wk2|{a%o_Eh5*;d^-{hOE5j!*IK--l+
zbGB@ad6_@Gh%ZW+uhaVMn;xmn6M`Oovo4vxbhUtY=kvW@k=ZPD4_O|ronMeJQBu=Q
z{GImiX@z&pA8Yt56y!>rci8sjvAzSs+=3Q|q*$uL&fHeIxYhk$dKS+q+fXI7)dqc^
z*EeRyt|--WQ8ZA<JGQO!`$lJ{+|HP;OH0-jUZ2hxp?hFe&JWd`t37TXGmpzWFK3&Q
zcXih1#`F(M>rQPrp_com$mPt@&QQNsX5Y#ld7CWi^*GsY`|P1k)-sKMcUBn1xr-i}
zT+}X;EU~t^NNZ`%-L|{`db$!bey{rwxmZXf!lS)$lg7b~^VauY+C1B*a8*P@z_nHX
zyL@EcO`E><2B&qoL2jkK>SI~mU(c?lSv<XKex*J0+`-akS8Ylb3ck?E%{hHb-u_UP
zMV|Xv)<c^t&Cl6A+kLZSr$_Y4b5AyW6cljtv1=3SUE`Ou_E5)G<|d=tKPpdMl3wE9
zv_qBISid($QgPz<bUm9ncDD9?AO8x>Tq@c!$$O^P@ji*YE3>n0mOI_lyOEHsd?`2g
z+8bUSi?`J-{EIJFp1wNqWUX3p(D#GuM6{xQS?)a_sA3jA_lV=^>HE6fB@G{E-(iZ&
z{B<{~U-Qg%JIy`4`HXV!_Hg`&mSk#4*d;7n9xjk4*niTD_rZ@#M+&|do^hOYq2TO#
zw;ypumFK2sZg?^^`mK!OPt&Iy<)<w_m0tS%`}6!mGj#6;WJ_&bBh@BQRk^Z;tJ#{h
zQ|FiNo5C8IU7shkIjM><Yb>eT>i*K_%A2gED-LSCp6D^Pd%EFSzmnF8`!4cswfYp4
zu{bqN)qIo8+|^POCz;Hgvb?DDhh2DEbzJ}bybaHL)8CrkOEufIf74mLOCc$mA0|0H
zUZJQEx_sl2AjN~rMPF~=+rf~!bA7LOKo{eJGd~Vp;%?lUoa*yt+On4m*9Iq^{cyBd
zn&UBZz1?-EgbVCWo|e;IFAq}cD(0@#3*Yu?73a)nTED){dwtj7^c~ZZ56|vZw|Esc
zwLaT?gMnkyyY@EC8*LxLg?Ig9?UrPYZp-+vGqHS={f8$%Ts0p~mhktnm-w$&^p3eb
z@|Z$JY{pd^nL`s_Mj1D_o$0Ckn>K&b<OdHdR4y3LT>N$JS*3|-|EerL20Vz8uRf}8
zQk*nPC-v3iupRufWmtc7WC^kSkmhvmJUZ7?THS>;*TzXx)$OattbHlY+KS#L4SaXm
zYTn=ekl3j*EmivQq@{^(n{5_rp56LVIytA-?#WVhpS9=vHQ(*L(Z68RwpUr-e-~c2
z+xmOY`<-^n+tm3pF4|t4sW9u?qra_ckC#rl_Q2!Fp$fh`V&zXPf0%x%o^hWuMCtFJ
zY4RTnejBNNwL0Vd^jvr16AQH;{-2GWZu}$Rxb6A%jwMfAO<2tDhaB1))9-U(O^U)C
zk84q<&Mk7fT4<&cq_CxQ-I4_rd*Ampuq~P^AkvU4zEA!2h6bL*HEg$;T)FR6l&qVU
zBGt6##Y^+jCWEO)rmh=LcB@a__cF;X@KRo++V#9yZ?$Av_iyZ$IDKtf?6#U))gF^h
ziM2<)uV$2xQ2jQsTE%ta{7dg5FL|}5DQs)n*85O4KE1ZA;MCoA`58Me`tSMtDlvcJ
zzV*7Vz2pvNPO#{3-<&?V+u%*%a$PHpd3O{a#oG$T7{zxwzxH^}{&8J+ch&2olMhc*
zY5sALf8~e!T2nJc{il>OPAu5Q&9M9UAC`#kDwAgLTDH0S?wgRU`CQ2>&H9+YzqUo2
zIovoJA04n@c=2DYY5(8)<w{fjo9|wG&4htLfx*+oF{C2y&0O{!BCfZ##RnQHc0@V~
zieJ}Bh=~;xC~amme7&n%B218HhaOvqi{T=sw4<U1>p2Sz-)Je>|5__)kRWEzEg`_1
z^kDzIU;FI7NuHaz^4-gMmoFDzFD*P<ux!_>wY#&bUcKD@YOSi6Zq$|&9s&&vED8*a
z91aXjP^LeVw}OhT=R{tZ08CDXu|<WM5nWVC(80s)kZT$T!UQnW!NZ6R)nE<>1tG?k
z6qT5iHgr2%RFdKLgLOABu#6fEj}_Vn#UK4f)oBrn_>L}e?Up)P^n7mlt%dD!S@wTE
zG@su5{a*EL+44Jyr*$^_L~0!VdVaqB{irP&fnk*~bNHF|JvNeGdp1qG>nr2m$!G0O
z?+Wdiz2>{XH^&8KoC+%0+uvtaO0v|{-N@hZkj?tni^XrB&#x~t{rc|i?SCKp>u*f*
z){AsI+s%D5N_0|u&BxZY`+mLp_PF0Z%Fr<0?2VSzf%KTLz~WVxu4D;Ls;S>(yvOS+
z>;2bnzKBk9U|{;nsh}b$DA3`!;0pimrPJfG)aTa}#hyGaU%#hU!f??%bz`@!rPCiw
zG}--f+3YzM;Z7cU{~8$8p4J?G6d$eYH0iznA3MKar-Et&Uwv20tk&RX5@=}9XKY!b
zuldPQ!DYb>{@*jx=Vdy#^Q}E?Tk#>m`uCg7!cW^Ln7qEadive+`?VY=UEIZ5r+P1l
zQu|v|f9mbaC+n8$PfGUm6licr<y277K0W(Zk<)^OCl}c`e6oqFd^&aA)KkVaKMJfL
zwg^k*l&<7lzCQi&>-GD$rO&Uurnm1$QuVW$>2GG|@7oyv|JU`hHye-N0x{V3F3{im
zWm0U>N!4#Z9{1lqE?=LsHfrl8*|Hl4+4y8$#2xlLy)G=SGWGj%-R*ZSU0qsZe!pgO
z?f1Lo->!zo-<%#_m$^22ds(Gb`MVtbJs+BU=h@tB<B?1{Z~uSKXNgsJxb^p3uqu6Z
zMS(wl_MsRlEsZywpLLBj($CGYEc^L%`tAMy|K?Xe?lq73eJvuH_w|K^&2M+V-`AJ^
z`PtdM?i+tS+jLrQbM^bZ*Y8!m){Wj#uyF0>b5`4q%T?cyOrMjudhNETy_=q$ot>_|
zcFUySw|Bi>m%Tat{5E#^nhU+khEr{&bGJ<V`u_fXKKnl(j=s?_OMA3Um+Np)a_a5e
z?OQvA)vb1y-_A8ZzSH1t(P`ap&+Y%;{9Czl>9kG!_J20?1y9<Rap#xH*V+4``)xjT
zY<B%U+x&h_@pE4LM;*#y(W~D5-kW<OS!QW%;r`;lefCFxxIA67NlYgqA?j28dE4(d
zPV4W_k$SHiy{+WCcCEU}y08BWx^DYT4LrBCkvH&{%8p~xd-LO`{93!hBz&v!yT3=C
zTf56~I4r2*P*7RDeEkL!XBMvd8}+|ls+(`TE~KjZw)slkiG-J_&da9HlKJ81Vfr!5
zcGE%w+44JueiE&h@0Q=st^aj-{+tz>K4)i{ZoatK{dWAnPt$kxPtoV#Tf#ZNrEq`U
z-&c0mTOtm&Fg2=PEd6>le0OJJqOA719gBpgN#|^E%$Z%I9v^snWoPd9cXxB&-PzgO
zw<UMm&0})4UoIY1+szyM;pg-DxBIN$Wvt)#E35hG*6i!&=GFbmR1azX^7s4w+nY}7
zz5b`2Sa+}T`A&8w-lhBhzRiD^=wM+A4tTA@LCLQ7IXm@Ld#9hb`<=7VA@KM6{rgwO
zEw%smvH#lvX8s-DJ#RnS{3YC}e17e>jrsfkZaZlA;^N|V;a?Bix%b__edyQXZTj!Z
z&wc+L{H9F0{j~M_J&%8V{(3z=f6I%l*P>3#RlQJrePd&C?7SUsLl~dNNT;89IZGp_
z=J%o-GqSkW6~0$LdQ4=#BLmY_PX@)vxqsWP`uZsRIlON9L3Y`afV)QCoqDcmp)J>v
zG&L1>zFM`~DsegIt|RSAN58$jz1{D~-|zeXZ@vHLnfbXX-|tnQH@j2d{QPFt?QLs?
z_X)XwN;$=?(to<>wC;1Y>Q8f6H8+F`?+p!$JX$GLe!sSSGJDop)9WQSn{0l?{8zE~
z{pICjn`+zYZzcCkRsX&{CY`@Vdw0z2kbs9vZ2V>lvG&`3o3YvZo|EBJ^{{)aAOF<<
zfB%2y`7hrOypCB@ulnUlZ^$Hr>EVH8^GYsxmh#K=Sw554{cKkDtFFL=WeO6L_Y_Kb
zH?#2;UH5Kzy|8hI)`1C=e);|lzv18N^Jt4M-{B7y85wIlRJ<+N`6ZsLyt-+hf~Uu6
z@6`-JUfb`M&6chCaByYc?PI?_T=uswy%%pQ5D=1bbJOc}yKmjj-~V=Bb`{5hC8@8Y
z_QkE@Ka|7udwI;Y!2QKXb2QDCeT|gS+jT!@>(#JQ{?I<FR~o;6-~XTYdhPakyPwAt
z9u-|y`_yaK`xD$NLWNp=PG_cH$$tFBQ^w4$_Tr6v*Wkk5VtY-~bw6a71XlPlah!bh
z#(Yg)64OKZvcD_XPJd0g=4bu($+VtnRk!9$nJ~q?=*$emuN@vWbL#*7e3u{9S9!Pe
z`p)mO_OQmSNth%TQ}KH3_Fap;rf_{PZOgTNKBw5{w*z;u#rXzC=2tFLK6&1et9a1(
zZc?xLy&Gv~W(1a33Ym#=owP{xa(KP4VUkVi!J@do|F>R`GuAzwb9q^B?#82H-_F<n
z+x&#%PUZ8tucy8Dtnt{Pz4!OK-D>$uCaInMRd3O1srBmp*6VT6?>`sZ=CaSv@j03q
zEz@SS<x0dw=4l@vAKz_uvRhw2b;6V0N!PtR4@I6{H$A@YXUOr~WZ9Lq=MGw2FMqk^
zvft{{TKb!(Wt?`iol*Jer21>S?#B~-no6g<k4d!uS&`n%cI@FIcKs;Xg-d=n$ZZi-
z>t$Wr7H}yj$&fSXPPKQU^<smr%j$(UetdCFPF}Tg$FZIBr|e0b#K<JD!i$OH<f=Dj
zJ$YG7OI;TEH_Tnqvcx7ec2~*D_LNswR_56+zLYjQ_u0G;+L`|!ZOOcRr`ooV|48q@
z|0mVwU#S$Y|9$)ZEn$C~iw|7<PR}yCTXOm6E`>Yu#N%r&zE$Q9+L2RP&eR_qWG3p@
z@_0+Id*_M83sejj|6La~Yu6zzZ56XSPdukw*R}W_eDC;y-8U{Qi9FrVT*qT~{r<Ll
zRj-f!+IFMG#P9Ya1D!1k7j9G%)Z^bbY0u419<0gka<?8VbpOHV8MRI1b;R43Q_bU7
z7TAdI*6W+#v#2(3U-8jnUMmmEwR>;RyL)F|rt02TiP4F_=KudGf4SD(^Zstl;AJKi
z|23D-4P4iY9x_tlHGGU5A?l1RDW%_}!^{mEofKCte>v-iRzpWilil>|spoCK=Uln8
zq-Dvp>1>QqO{YYjxZV>|-OJYKI>nz+&r4NTKg6I_p*8nvouTbSJ)eg*TtAfkgC=aL
z5B4@~77?rSyb+?I@_35oNB#V43(pss`=_bpw96EAM9&jf_1qF)aF8`GeuYi{t<9k`
zxN`Z6uLxaOIz4XJJ=NZ?xf?k%=WIKg7?I)Zoa}n~qlsXs^^~TkJ0C4zmlm4l#g(`D
zwBGI=-!pFpt<irv@mjgJ=eA#V0UgRJlQZI{ypP$qF(|9%_`^l1OQV$5EMc&Cn7Z1r
z_Mt=YD(BTqQoH_7xqMFJ`mvXjEplppE!t>!H6-To9e=N0ZM${`mQ|A(oHkkg=3PB|
zhQp8cSh;D;d=>{HO|q_NY@ZV1Ia$?rlIVhE3#Uw(FvVT_M!5JDVX?f#_0wHE7qYKW
zygfx<Mq~MuwNHK8E^W~Cn<-?JKDTt*?b9nb)15sTTeh(5FxZshTsgn$m8SR}^$0!b
zCleR&eRoWD3i{2dx{E6~xi)$YKd78?o?p1YCdx^-&ns!2?e<^ma<<<sdzYWRe($!=
zGqit94w|*iq)a=|o|SRU7pWUTudWHZdn~)U&tlt@taur{hu=&~_6N;<SSb7TU$CFG
z^lmf1`9~5Tf1dks<Hkuie7dpIyJG!$wb?n3nu=JwB@d^ypVpYOqHV9=u4OZ>YjG@;
z*R%dp65kXS$FOwEycyGtCA|(W+mX6T_LGzCpAU!4GB2r2mbmiijKTjywY9yxM++Rd
zTu)y8rz!h#p@`VO-mhzqwI8XuF?n^i^y}#Pb{&_t?ck}Ev(gY+?Xq*yw0EbHrSDy@
z{&Z6P_J+j6uP!Xh^iKY}{Jrmklh=dZwCy|08!PR8WeM1OyS5&CDD-WP>6Rv^(zgCr
z0Sp@xX6`({LvQ)q-dO47{*N|jF0b`HX?n6cb*16)=K>85pa%2i+vX9|5}A&w>3wp@
zT;KCeQ|slQgAXj43nrTw^4i2(6**0AQpogN^6dr7${7<v7W5z5EMIzUans=z^;cEv
zIp&|Y{XXaSZl)6&0UiFI1lgB<GWk|1Wp-3|v!d9n3tBf$bqFfoIo{PHt#euXn4fo7
z^V8X<<mYU*EPmz_UH|v%-d|zKD?Z%ueS4exm$g8mW8%_Z3ohJC%I!XV;W(S_$Iy^)
z-T07y-|yGo*X6E%IyHPwr_}$4$_kgZEZt~##V&+1Ms@B($$xfr9}cpATOI%R)LN^6
zCl?i(R)0DsXqvfIzfX7RJNCjIE#E(B3PfIC7c0Knt$sRtyeEHR$(g?QppfyrH~rBD
zP1Cfl+Iv%CChrNKCRGf|_bJmEoQ!tYHm6Fe1!Qf~*|^|u$w4{ox09{EUI~7^)x({e
zC4E(|wE4Pwg^E^6PTo4rAwC|jG?-*R$@)E9tnO#?@yM=Ce)fM$wx|1h${AHQHZ5@w
z;VN60+8UK4F{ksT@x_lPFH3CRVV1cv@qp{R#R>i^ayo;THNEz*Sm7^nz~kN%g_VC2
z;-`N*#mcnthQQTN*A-R-RP@hv$(&LBaMBio<!yaZ6X#m#Icnb7e)N|DsBruu$<DaB
zAYpE>pXE`#T`!crPi!*D)M*R8waw&8f7hj|hppnf`nj6ZW9$EZUDmPF%PRfTyy|x=
zwUzo-c&@HJnxpycucq0$#|513;&=1+|9!J=_q(VyTz_pJtnfI>7(d@ow7oLHVbb@d
z7C9;IEB9rbIkxPP)bqNa9G{PpED8a8Sp+6sy<Hx0uZ6{n({tvsr`25Bls7K!Z0a+c
za9!2I%HPmp+hXT-zIQTSm8(RU;?q}owy>PueaOj3Ltn$)F}K90vFWeJ6AuQjgp8eQ
zrUm%Tx7(|CYL$(>(1uSfS^V=}U6<_NoOZS-UG&uCl_j7i>SkeY-))Ct1G+qu=O5qd
z*%<jmGU!rd9oO~s5A>qM#FzVUetJ;j%~~1wB|z8p>R|@m%{<ehvOJ&d|MzwMq{aGg
zQZE&<{r&yj+}0q#*2>Mry-7o~YB!VLD{I|s+wXUZWACrnf2>dT^|^&Szrvcdbt<Hj
zWtQg_O8oNq#az&JPqV*k(znH|jU6f)?0hm2{rR9^o_TAr=C&%11@C8^`|#)Q`}+JY
zy;Ylazuvv_J?cOIx3Xzj^_T89?znGxGxE*v;GBZv4}&W1J=}O)?)AR)zvT9OK4<-I
zNB@J}%h@@1@xSB=z5m-^%E{>5jPAq7mg`Gp$3vPym4{WBSrh`MvItBHy_qX<_X>-b
z?*pdaA|5VI4xZI{Th?r;{r&CT|4%iUnjs6zy(ee6)?7XKIe*{JWv5qrmTd_4`~9rR
zbJ`mXk=jJF);RZCwfu&rxh>5vTh?DxiJbhbpg?f`w`r$>-+Z<(^L!yTZ{vzGmPOWC
zGo#X0GCyxtJ;~c^SedQbpz_CCb?)VrdndMfy2pQcb#?W-7+>AOYb{aUy@#D#CKige
zEDH!>eR?ul%|Fh<^q587?L|gBx8>h;w?(X+U(%QM!N8%?<XPJJd9m*!W<9uNlAF0k
z|Ec2T?+X`Z>`t;RdU9gdXTfHpM_sc_ZiSzj7Ic4p(qn5ran56R%kS^an`0ib&*e!A
zr|_$9Lca}kO`mDi#&;cF77{O#?HpXtTWzmddj3f<hr@zjpf1z;^BXLfS-gDxn1t*9
z{Y?LTSpHwa|DWgU@66wF-?v(-d9k5N)D{`9I9^rV_NnE*)g6cA))q8$wH<nLzyAN<
zbIHp-rQ8;a&PlYYi9UT)%Ij0gNp6L}CB|~9Q7N;P&Y7vy)!d5K@?Uv=@vS9KmvNn1
zv@M%|(X>gYnwO-mbnFUVW;3z;UgdJ@b<R(_&az48JZL)Xap!eoL;j@W;YoHDn}g#r
zzHVok9QU+!nt15EjJJZ^{#{eu=efUKzxU0i(|3ye4MXftYHJ!s&FC@|TW^uueQHC9
zeS0pS{=sYax4OUEcw8=9B!AX6ldzRdx+lF?J@B>?a(|rj`|b8}xvg#IoO`rYLhCQR
z)i#y$s;%$p{k$S3WZJiW?M+*cZCQ7H6}Rl>g}<jN#mkr7NW8YE^0UWdD_=#)<^CnU
zA!bY8r7qnU?0eAk-QOeM?|IsBI4rON1?S@V8-$nyRtPdJRqHivYD{y2j-yQ|Wa2p4
zQ!en#k%4KeD}!QW^k3g>MaV$kRWAm`$hEfZcLf?8^f(n%if^tp;ew3oO|WL-IC-a3
zledY1Wz|dur%kh}`ENtDZFOc)jI^%x^;TqP)KX}eu%^lHkP8QN*pEl?qyqX-VxtF(
zz@&)<6D1*LLo5f4G73!Ufsbv$#t1uH7!)Nr#b+ualtH8vPfCm$JQ@^e31&1^z%#{Y
zP>cq}OvT|^Y-%Z~q@SIYx;g!PS)1={v$OmDd^+vn78abgH8gYY*K4cQHg6O~u3uIP
zL}V_Vx+ZwJ-?}$tZ*Lj;`?VH5<@R;;=##g<Cs+TcaQFLtzjXw{rshkT!YWHh*hQ)+
zEI)m(`hD)*U8S4n*;c1rbji_jR4`Q3yl7GOCPH0-+qUnaI)9ba!sSAhzRqntg}%}@
z6$Np#J$6HiXNWT%_&VHjSS>X5khW+u(-K}4jq303-X2k1X~i)`S4CAub>0`LC4I8i
zyBrtPH%jleDwvZ0RLEQBAy?#<jKH6*flSELaYY^uhd{$;e$GDg?e?x~6`E3X;>FY{
zxl9{dm&{Z9^78U>KZk8uS5LY1NIbOKJMBBWlFDY=2OIeyE&+K<A(~~0wu*+o%}1Bn
z=K1rC{rFZsJluYL%eoU``nq|(I*OJ>Pdu()^b(p-wZ6VGZquvV6FEHNgPt@aP0=0D
zXW7CM)~ETGn`P;}`2~kK6HX~Ko^T3^^Vqp?>Xnu0^J~qRjIM0tILXsj<kN)ExI&6a
zXv!stqBu?2vKxtJRbO7L+PFWA=d0MHR~O#h-Mzba(<dh{pG}fw9}}A<teLu=?`;c0
zv&ZCyrb;iDQ`ReYXirx2J=8c=?L$XuHK%9i@wmNJJ2kw!4y^K9yH&wzUyR_SeM?TT
zBUKQMk64yCKiP9>=9jL+MtOHEN<7@yd_5I4{ZpQwn>)87#3U@YB~?G=@!s|cXHJ|r
z#sh1_C@?g}2uzR*bntgApE_fXRjF2$3bSo=kcXGcE6)a(l!AZWY;Vr3;p8}Zri{1E
z5!%#ZVB`ofWL(=ZWyY1&M^sj3a*Bvfa!iobO`qCvL^yKSW`RjdB_}c?qJ)7dkn@DG
zrr^rdbu14$z4U+n>E-fly(Mdq(7?TB@zXVLI=?jcPx$iKMGxUFMh+KMh3C_z?bKrE
zKR1)7Po*b{@8@at3kxP(sXOuQ?d{!{wl19dV$Ht=f|LHOIl+k>7Asgpegro<OiepC
z=jAuwNm~9392Hk4+dXN$Vma}X&!j(`3MzjiCki9GuaF}n6Er|S_po=Le$Z1+9W@nI
z1yz-;OG4*)esgtuEz*)=688jo7S|z!>6ZRV3%&T-uT$^V{eD|^!I9lnx9Lx+P=t>M
z+r1M9o7r#QOrIZ{_Hk>urPHQwzvhTJBL&~QhApQiC_2X+jdERib;^=cf-BTjn!g^a
zP<~v_;ACWHy$&g1fF|fFRkzv)HI`55c=F0yZ)VNcmL=CD`sMBKx%JDvwQ3TX%iv^W
zWxNhvEief*ILI(1AL}ucjofi1$opo${l6D}vu2oN3f=zv=s-_}udU+EU8UKRH>v*$
zbm?07hU4UqH#>xogCvlHWx4N~9gn)UeLAJR+gR=C(hvr@KK&jiqpEvWijq3nZ*Oc|
z{IW(Y$cE`Dhi9$eGXME}|0`bXT*bxlqHSF@PvWlC3pN`FLW~ShWii=*LFU)A=)8@I
zhue03pOx)1*Glw!N>^=!`kU2uXJBgqR7z(&KQU3cSHb$}#Xc>Sr;Kt22@RenUfXgq
zZFO+CxM1s)ICf59$z5VqbIhQH*(GIx7c(BbIOGuVDl}=*6uw3)#hd$TtIO}SCp>2B
z<G1dbFs0(ktalC$S}hxI9JaTsUw6igac$WJdtK|mNgY?_<#c)p!Hb{{XNThMb91e&
z^_OgWk(syl=ay&EEDt)Jue_gSr6}pj@KZE)_RbnhFNdt+4MFGU+1{<TG2UvKmbLNf
zu7ln-e)DW@n%Y-1MRe<A7{knbDy%W5**m7}?X9bGjc=}xx8MEgl=kWMEkdsZ3!IDs
zKECPKsW17#aq@$qw$*>PcNIb`SrZ%1)m$ofNZh?uQ|^3<ZXeSv9!LV$nBTBx;wOi;
z<~FwCys7(c=k2~(dOg;CPTQxz>r)@JJbB!2pLch6dHJf?_nsd)rwC2@bR<J^W87AI
z9zn_Zrs2<;8;&gb#(7$K{cQVrKWn~duZ5<VkVy`p5o#}W*}n_FJ6^hUZDaEBYk%WE
z^Q~=Bn(EJ>7-@I7N_C3Rq=O09io$GF6&)Fvp5^`6_4E6?ySwvFn#aJag9iP^V=YVO
zn12e(`WhS&qvgiD(uT>;BP;Xf1V!hL8&PuJ<)xa6l5?*9JSralpwhF!-1SLwL*A!f
zc_*Y-zGvfvBo_uo4i`lMm%QAJqwxz$&2HxySHIu;ea?yy1G!55NKVn#qQ84UDOPIF
zrWq4>_<TZ3!uF~=GBE8I$jHcNu0gnlzcHzA<A(50n@;N$yUS(SFMTH0b@4zar(KKq
z`Q`~d$Jbt5-Nkt_;jsScDB(80!kr2W9IPK7?^l1}r&l%E4cgPw@?LO-%X{vG1;N5i
zmxZ>7l>Peh($DAB4`-Xn7k_grO3sbEsNKbRGKkqGF<66-Db%&$y?bb>_%UeuG;&>V
z#YQPYQsSPQvj37JOX5`3JTG!6s4V`dHB(wKQb<rz;etYAkUc{Jq6+F2{4mp<<&dF8
zk&k!WS99IsPzN8T4=&R2949mOcs+CTnC9Zb#-X4h$qedUg8ZxEb->+&jj^)iPkSF@
z;4HJ;S>1B$8Ej<Eim&w+m~^pX>Y3gNI-MOn0?5l$Jf<}CPneSN=FZN|x5Za(UfnEm
z#PH((ujRFVTD}a5k+TAq$Z(wW*l~iV(Td5=p5Xzas^b;>FxTD0ES&#bRrm*c-CEVD
zY7@8>cmDZw`gZyK+VuGPzgyRCIK;IydTtV5OG;OPrqy+pntFyJ-o|5&&|*-ayWzdf
zqK%J_9dd7ZQRAswt}3byGUMg4*|&Nmjo;iYzrVHgTI6!i-!h6fm;6|{r;GE)KZcM(
zVMAGHDrua;@#CDbih#QRyd2)nqYHSRUVOepN?_9ZJ)gS1zP^6G?#Dy+-7gk(=XC3C
z+b~Tx+RXF5vdU~0>#5Hg8s76e@XhiP1_hl11CxNq43J}HOyH?jZ9cJ%bN0;DkBS~n
zd~;*t;@WRF)4zQ@E`QtK{_m9xcHO8g8eh*jdo1gl!BymS;5)m*^0Uh$VX-j9@j$tp
zpi5q^j??QIhRJLE=i6P|obDeiAQ$wQrASeQ`D56s#e$QTa(uL8nbik!#N|kjvoPH$
zQ$dah*%!GvE%Nubx4BEFhHcW{_d{v**|RON94A|LGxnz(a?o6t#xZ5r#_K#BQe2Qy
zp}`@AY2Rm#`89K`N;kc{ynOeIwOx<AvSv8wwLIB=zb^Z<?)Eu9tJE&b@Nk?oc^OnT
zkMqZ!8=vpg-C~33uYu@4`02W^pT$A99tpwwE9S({<W`)y)XvExZKe5!rL#DG+_|xO
zrR@#4rB6YjU-JpnMg^_1u+mC-c4p?(Y?rB5r${UQ1kJnmn%{d7a{;uDgL~iRf`?Al
z9}Y0Dt^fb;+EVZ7T_wCuo0Mj(RB30a$$Mj&W9AD>T?&jK*W9l;`s@qmjM?2vMT#n0
z1-H5P%bAtFx>7ZF(F3d8+uOG8EPj4#ie_-m?A&dhdoK%2TB*FOX^zl`y&Ioz`Dwxp
zOCd&JH-0`TZCU*-=lR4d)t4TD;-TO6TLfrcS}c2R%aU(?dJ!8IBq`PiPO3SpAkg3N
zzSlPHWeh7UaOQFTIHz3mS=2h;=)BD0ExO`PMQgWSD@ym6SM%wlS-}H`=-RJWWtllo
z?tZuHG@r!-hU~k$w$}dp`8@E(kyG6hdRlcaxhBbc)tGK^{e;H-*Cm@P|9m{IytVnv
zSI!^zZajoV0s{*d#3Dr%@BWQ394DWhoqe0%{!hZ^=jXSJ=|){~&7XSX!u_aiIho%2
zd$-&+o>}JPvCQ{I{GC?akD@KD*M7%cU*;?Q`$04RrTm({Y*0{0F#5s@6$LfM`;{&E
z`xJ^^e|UJ<_q}Jg@QKz5IoH?C1<e$jWn54Qo^kJhvSt1~o82D{aldWi)>{#AMYSd6
zSN!G;J1$R;{vDsc|8H4z+0E3~m0E{?eu=yHa&e#4sV4{beLiQMyZNkH@v*uu7u~Pz
zF3$%|7UkZ~-CoK#yM$wH(2kyCpWbddt!GyF$Ypwb<GiM#%jy%?OV#AR`I%+9wh`I{
zR^VjX_qk)qXVt{&t<xrQD}t-aU$0hoe>?c`xO~2{d!NtV`Ji}SCtNPn23q-YTYmSG
zN#1(fc(w+3%qzQ<S@vq>@?C`=zFhXd-NGq6XJgl!)$M|yDL!6Vt1Fco*YA3@>S)W7
z{C!_IpKNBkFI{aH?Y|mU0BE!~yth$$S@ZNp%-ieFoIL7&y<EQSZrN?qs&n4$e6nx$
z|Npyw?XFj=R(=<EGAcddX8@|}<!ZkKT0fst{7OqFrY%ZCW$Txcw_C4ovn+mQv3_CP
zR1>|p>bIufSM6^-9<+n!e$7ka6Y0GB%)ixan->Nv1q1jP?^n89`gv;O&RgrxwoV99
ze{sh{H+k>>f4}b<g{!u{x|_Xz?;LTjgJoJ11tz@=7E9)Is^kYP)6iAf>K;~|x^;e7
zb!O?e6+s)0n`vasOr2IZv2N-ir%UGXzgRv+Iu|6LPk)^eD#fy^^!2ukOG`Yxmjs%n
zf~zKnQbCU>g<sRcW2a2oYG&?a6shyk+u7q-`t$0g68r!CdcADvs;(=$|9-o@+k5Mt
zP^N&SkCXlFHkw|K*_?NN$-2Ol`=-|-4(}~{b>-w<EztTWv*cqu(S=7v#f=qpRBAu}
z+}2$4m9yY*nv09-18E-ZtesEVL2=#qO8J3xzlT-)*NI-|9>s8+OnUV8_4@r~Oo_*3
z%S#+1FZpqt+`{?)k?ItIkOi~b<?C+T+LrtJUu@mar`telJsuove%qzJuHc@#>etf~
z6rJBJne4YoP}%Lq=kxaOn_g*XGW6TbSw5$zi~Cmb?cD8GS<iF&hjc%^yy^P%__~{&
z;XyV``^>*pEG-U|<5W=jd}H+%P_x6q29o@aZZ?w-e;VcS>IeVZrLXVpwSMmLEP2nh
z&O;AmPVRoc@3!mH+DD!0F)Cq|8dKYNrPG+%cnZ?n|NVH}ugCTJtoi*McbUQ#;W=Da
zHeYm;-nr*ia`lgg?YoN=uE&<g?*4Wwd#(3$z3!`_I`dgF?(eI8ds=`08NrvQ%#MCP
z78kjCh3;t<fk~0?WOG2-HXst>q|j|sZ?0Oqsx{@o-_MRx_r5=yY@a7*GpX=oVeDGr
z4|_LWw^G0LpPR8oWie#2DicK8)gu0otrK#tt%=-Q%-mi2WLk9I%W1~T<_b*86khgc
z54fz{`ge=A6=O?ENm>jeBZq^+dX}2!f}YP$Yx~bH3*9=Q=IPY%JDZM0=kMKmahq38
z-ky)gzV+AtIV}5n0=V#*@#(YIf$zuWUH^7@-3u0hNf&1pva%>JH0}}lFxOpWuKs$P
z+FPMlos2RP3_m_&Ry=9LaZ)8SC`?xn<Z2<|TTycuoF)k}flFFONJhxo$zG(WviV9Q
z$4Q;9Y}-PF8ShJ1n{MTdzO33X!Do8D?i9Q1YdX^Qb$fhgo2`8pue)WonVP@D@h;Z?
zRo~vcJZGdHIt`MQr{<<^%R1dVVb7;i+PRmOc$S^F{l265ndrvP)1vbV)49LBzkgr$
z?}F5Ind&Vmw^}sq*R#~*zp2c%f7|89peQ+4GW?H|!)K<u<sJea%?-z<^(iTb_Cbx#
zPW+a2s&&Gim&<0aDSv<O-OKZ5W*WaeV|;$gLg)5ti)%p>gpVa5DLJ?<4ph*8zEyWi
z6xvZUcwYJD^78)bP^*V6!mn&RKWR)<5NLO}vD&uiiAQ+LvCA(mF21X+Sqq8CrS~_z
zxdv()z1?>E*5>ne*{AjQ@2UO!_4>PlO4%@Zzv$epQ$bUPE5EaV%BGMB!Jq^_$83Ju
zQH6#HJ&bFQ>0gZ8|MvFw^7Mb(vag?exBI=F+D}tEwM!ZM&Mmcjv*B>gw>LM>oir?c
z6;eLWR5KQ8?d?@L)8}z3-rSVxJ=?y1pYY_UQ>zx+P0`!)!RdDX{=aLS+xf1o3SHeL
zBi29R%(sT)yWW7(RQh(-h_Fm1j+0)(>;L_#`ughWk>u;^V()5C{{8Cx<u%(J__e>?
ztInToQ@N>H);upJ%=c_>EV$%<%9ha6_Qc7<OQr7X)$ni6X6N5JDjuJ+*sT||mhyJ`
z{Mt0*v@-?A>p<O7J^x#riZjg;Po38WrI5JW{<{|mJ9xOIhn)`hu<-K8I=3LTgT;B}
z(~AK!w`tFqJZ<Z_+2-dtJvqICsvwEnd%f#TeM@ntp!iEKFE78oc<<+P*0+yz3g6{#
zV_EVkBhwML1tst9+~o97`?A%BOY8nO!{lQ-Y<Etb)gHF5_2$Zp<#H2C_Pr5Uu}5{M
zz@+E%>-X_WnXHi8dpm#sT|TQ93b%7MpM5hmJkHRy^zHTa@vmA0QQI!sY>X`_JQ=1n
zp3~0FS@$q+#mQyH-?T2j1qV^+veKJtRK=Y>EuUYvsgap|m+D$?-K|q(>;HT#RouJv
zX60mGv%>k|N{TAljx()3d4MwK@okrvRj>$5`ncojqfoB8OM9!!x0?sO_Y_#6(wKL5
z*Ur6@td{w`_k1Y;$+L5>g}ATWDKIJ0sdvJep!@`HQ&4UV51zfjG?t0uWXaEGE58UT
zyY2YAwDd~*y~zpzo=ocVDi*!;nDFp$`|Nv@FDXJwcdNB4`+|z~RrddQ#C<!VnK$R}
z*X!HU=T)kGjdO%IpO4ME{Os}?2^N7#h6}E~P`wkMwdJw#rJQ5&saA)k7hn3Rb$M6L
zwMpEHJ2NgSNn4eyh%LWc`t4!6{H%ZRGs2>CO=laY`@P!RFu_OGQ1r<ZP|FR}95>`p
zP)T-JebIZz{wo>B)0f=r*?+2}MgRGd&+zd3^?LpG#r<}>G#-Lh6oXoFSE?BmXIdp`
zozMiOC%@VLo09}yTw8m4(aFi``ht&x^j7*Zb+hry?P+;us=^U6iD7^K)P-+PTfVHB
zni*@BeX?}|k5iR-+m7_}^U7W>oqlV5-PhHaW-2f=if|UxdkX5gPFFebL%UOBBG0}#
zlg~}>_!t`Hq1TeqEvEYhv>Mu7zV^zt`*qdPiLIhOO@8&eA9ZQ_9B;Pya>4oC<}Ja7
zijp#II*F^lt8h3x5NEPlQTgY`$2lL5Eofk15mJ9(UFfqXiL0eyrnP6ni3y5k6(1h#
z3T9=PY{M9T&hxqVKGmziNqQ|yS{{S?2cQ)+xjUauyS66M_&T${?bj)~+wT-z+nDS=
z`TD0;@i>pY>0O*BVZD;QU$1SRX`H?+k6YAX!7Pp!yBEIi*eCs~Zvv<(rQ&*^{Lze%
z+9}M928_qzQ;#(xhkDWOx7&&ZBd5nzWrEjCZ@m@;>RMe_*4y~=>-G5M_qdnx&5g}m
zIyL9sp2}qzo2vYq7+B8i`}4^g)TG{;b@ddun=jxosp0(*!;@B;+)RvMTbht<`85Ck
zpXIV87aaX&crK8wezURctm*YD%AjT{D0>ILZw+$#wBaz{=8eh6cQI#{8t8H|2^f?I
z?BL^ke|PuxUP)s%6;PK<NEH-}TY|Wn5BwKQ_!F9@@uSGkDn2!8`q`)=MU~cXx3br7
zjn3P7bY8_HPEY}9UGn4I?)PQYs^xbI-FN?bwR&yr?y{BNoir6S^Sh_LJ*j>2;Fgu;
z?4luzjSm(SR4Q-XBI;i&S|X+9wBQuS4?mgJYa(YvtFlPcPkpHYil)^*uQx?{=e4AS
zeV8URX_GO>uEm_2**3fAb24r9NO*E$;yddF>^hH+^%}F@0S(Crc+3KY%gZWFekP>@
zKUSZy`0#X2$-Yxt^k#2WP!WD7F0Z&!t66nj)%w(Rvs@l`dhRgR(A&(SB2)eK)zfL4
zwFFP<ZH}F4eYm7QZc9dB^V>^%EhHvC{Ju|Mi&Wa{wcEE{kFUSGwukec`0C5s-yHkY
zdfIRCykizV^X=~b`*nT)E$#Jtl4j@aS_#Ud*H#9rr!U)gpIyFY!{77&|Mb7)d2an~
z$Kkj2VO`a+JLlA>_dUIK_^Uuh2gBp_MvqbQ`p?Jx_P1QcW1mdhmX&#@iIrPw$=w@I
z6i=@EC^~6X@H|gWFWutMOOwL?3b5NB^StF6DR6?RG4t}Wng3o^uUc|)={J{0ooAfh
zUuok#dL(SNS?-%=e!BvNL+@)(`phsmc=tMJUk3Mnf9D6RW=nNdq#rNfczIm5e2#3z
zgT}Jkx!ZT{U;%9sFn&EH*sqY^?f2K$&$msj`Fb_{orK=f9oK(;b4>mTbH0Oz*<Fbb
zf9I*sUH>xb&KJ|?P99mAFP=`1kDHWstz`+%waK?Zt5SXKm>eTFDW)_yOckEcFs0(k
zKM$Laq4#Enru_@@)=f3PSF!l-+x&Xtz5Cy6Iz8um&h*%_mE0%3&A$KVn5_KLCCQ7Q
zgo5^Syg8xVza=z0_Uhd7T{qKa?>v9lDepi7<F>PAw{Ix6%OpMg{?JBfRl8i(3hQ-V
z$Aj+Hd_G(H`+NGC84qo~{?eTwaW}c&Hbxe-g!?wr$7|8~JNNwBdpmdgU9r{sH*V8R
z-dH8-|6t2yzs;aU<W?mw62fCkr<T6GwN-BN^th^%X7_78Tjjs|bXxy?({0_&XN>fs
zcI`WE)#mLf=k<44?uLVG=d7y_FtS_tFA2Ky`jl+iKH=j<uOEW84b0Bt`B8U%^116J
zx_Q556)UPVE1P;fJhNy5&utxj-v=8tuZr2VJD3V_*u0w~9ND{fI{)lapDA+p=2kwN
z`ECCHKga#-em=3{uS~vY`}gmc%l_Mg{cW#u`pcSsJ;2Pb!{(AM_W$?&|JzKj$6THp
zFSCb#y0+lWZMo6XCK(fAYd#+Jlet&-`|Y|lw%_ku{&q86zWiPRsOfz*JifGkdPe9y
zIom3W_xE=`pO^i9&*yVVPMacbcU|3mD{J-5W`4UDVTV0J;)+hHmfkyhY|qO5|Np+9
z`yzBFXi?2>y@W-Nw>>*I_w~8LX**()drj{I#V_4){itLusC)W$`~5n<iq|!_9ynBd
zwEg$v@!NH~->njUQh4gQ6vq#t52AYeo=#k!$h2?H<a6Pt|4!sqTq&>nH{zxHzWV?F
z-nrMDRGpqPsjhd^maU#VOM*aCBc?tM-!nSrfL8Bs(RGsBI=}8$reR>1hL-)W7s}sn
ze|oum{;gxu`EO2fsQ-;Ueq+y{Pp9?#Kg3lYN?p76+by%wS0U=_o}HQbc+aGRMNv0Z
z4qo1rdfKhp<DUIZ85;@REt@xP6I~td6sq)XMsi=I&aTR2r%%1+_cq-B_icM$^PVkT
zGxj}fleXIZ^|$u6UEe^vn$m69dmhJ$m!Htv{btj-&pL6l)K4gD?FJ3J{r>m+{bRAy
zr2-u;2f}x_XiYiOEeI}-qTY4IaCqwezc~5A1NJSN)*^~Gr+ir{4VtnjWNJOMVurYp
z&NY=DrbZP*B}Z{TtMd^_ue!9?ZTRrpNl{Z!!*TH@m31Lu3K=RpzJNx`zMcwWSOAI@
zP;q>-{C@58b=f{1ZQ=J?ZilUj>kNOJxaa@B-@Z-37pIip%3OZ*Na+m?UDj)puG;^7
z>904VZ`upC#;&L>84r(av6*zg=5z1bt=FRR=7ZAkqrTUmZ9=S{xxR;ges(ri#8>zE
z*`Th?)6LGAdT!gf^0oga-OOoEwPP-AStxeu8>p;}O1K>%U96~L|L24A?d<h??-VU8
zK4*E{>{f>IWq#LSm6nv?faQLmxU6G&#C5XY{@;yCLDdOnH&cYaOZjyr{A#!Vb5Qp?
z&whQ8Nx$Y^+IRYDc>LW;715e!f4|=^cg^fv`AuZqo=>N~o|-0bxhVMWxs(4y!($9L
zP0$I;518rlV(s>Oucm$6_xs&$*VZL2i@tfBdc2&We3Ru3<()^xqIWD^2U>l2_ft%#
z@774occpcEZx`rYmE=359(Xq*U|-QI&F{A?7U`TbeR}KU*NdD#xTe2QEq0yJ0IFWE
z7U@56@_5C$cAid_yvxSg36b}eBTq9=+y<K0TEWto<P_v>vehKiJL2&B(%x^^H5>ZA
zd3cFvKJc^fG_n2r<?^*%rP=BWn!dL>1x?(g`s&N<rR?*CRwN(qD|P+)=H}(P@4N5M
zY`G!mF7wc3>7;2V`J~Oxyqz1;pyldu)$Z)q>+$>VZMvD1s~z_K+wJ`Kx6}mxyxDx-
z%0F2l@373Fw^!u?Tyv*-T#-Aky?)OoKb?7n$0Yp>UKQWe=3n(g^XT4nb2cijUy?IP
z_7h8Xf9AD46I&mr{P^(DEcKMg@vx-5hW?v>#Z=q&TfNeF{_|?xRRw`5(~`fxyL)?H
z%_q;>Ww&#?<&3XIIH>C~UJJ^epAg*3nj3UmYP0Lp*T0w99-JOmwet0|^LD?_RK8OE
zw)IZ*?~bWbS>8XYYR#M5C7<?8H(B>pR4?;Ntas`!P!mGeP%kH2ujR?ZcKN);?)`c<
z`#DZd>No+OzP`@V)v4=y%XDF=$=eUVKcvJS@^Y_c`OWzC=9`<FV<*VCCQVh>uaIxx
zxxP}=r0dnH#YWq1=UJOOUM~t#)s4Md`~7Zg!mPl>ZkCBFm+aa7Zr5sSz30DPuP<kE
zo}8yEotu-Hx6nW{Y<&}-=8v9fJG8Xcxb(aU(0U^9r|*<nr})h^p$?nMSFhbxbUj0I
zbsy_R%Slm6tBtnYG0pIv^ZJzRlqfTqxOp*om6<W}UzWBkWMX~U*w~V<slUr*W0FgT
z=O(#?j2f+#{8#3~#@%|gU7zG?OyzoUC1S(M4Y@~~%tSZ4)++xFb)T*mJLkgm^7zL=
zjw`<u9R6Nqd*DRUCsDn~EqiC>d;;aBtfVPh*6tLTRK>JL{$CKMVq}-Vd{Am@a8P8N
z#vk^721j4{P0*f~zRHtPt4+?S`OnMgxBIo?a~S)|DHB3AsM+>h2+HJi+N<?)VSCHI
zxUc56J1!h<3R=0a!LOHfHrMSios3|^=n%JneYe)CUap$4u;Wx!#UhT=`>s#ViVm)Q
zryVov)V@7eUV~csl@G<2%kC7IwCmyvPL06m$2^Sdz(bdfNuZ_2_I4_6Po`cL3a{L=
zX@<!;6^_*O`F6E?T9>rU-%}O!O!Iucz#h+yN?*1sw0>_BJ65bAdST_pgy4to-8L@p
zU78bE5<hjR@`Wuizov%A6?*RxJ>q$KVeR_!N&8Q!#Xp=B`g`?JJ#dpy%r5iBOm4-M
zv-{3n3;MupyEW^S%Z9njmiXTVHCYuH8jo`R@RON6Y3?)rTjHyiuKIK=^Zlwx)3#^r
zUvT7+`uv(l-$dFLe`9N0@MYCzhp(%)oU?j;qes#>reImn$`FU;$C`Xizf4%VaDng9
z98DeP(}l--rJqmhcwO^0D0gKWyX{qje_p*4vwqwGb<S2b`bL>ObMgRntlwH*j0|+V
z5@uVO-PJN7hwIf9=$w4UoQC&DHfl<;HF+%Z^)8gJ`;jO<!}Gt0Pr&b#(kY#NGdOK}
z9Tiqg_Om+4YIf;fXs3bdTi2=WpFyp!-yvTQ)IK`W$!oR|;<i@Tn2lhki8THF_0{<8
z%iPP$dbuBktkUH;xlCs3%~iL*SI;ZimlL>Rjp<H-Nm2h6XvFXODB}HQ;+i)P7MX#{
zU4aG%F^-Vam#!tuTg0(KJf@)0dUnXfh^Grfg1*GL-uV0H^ZD2h3#Nueoz(pwG9{kV
zkM&jH2W8c@mx2tObfZCS+qbu}*Owm5k@8x~WW_o$QJTw4^hOLgA#t@n0PPzU&vAFE
z+J3i8`=(e+irBuyn;R4}8(&1nnMK_<347w?!4`KQhyywc1nM+7DAco5eR+{+^+@UT
z!Lm(Wd!<^U!fvvbDSBvKb_TZ&W?oC(EY^~8=<lIR*IF8bWLUu37WgpT`Xw|+S<_$c
z<a`FFOY=jMEo)o7f0|w`;{<CveWh4YW&iJY*5wK7*QXnu<#YE~<~e;6bm`PZ4)6vw
zoudvOS^MXoQ&(|Z5X4f`>b>;M$!uGY{^{ZK?B1Sgo$w_yW9cUa6>Zm9RbYD=n3i(B
za4arRX)AiI(fQ%O_jCt7jw$X3!govw=MMi3F5xDhUpgVj%kcV?((9ibmc4~0PA8^M
zZd$XdBP_I5?QVMiU~0;qkgkUH1uLi6R<1n`N>U#M{&vIG0(?4kd3h{{r@WWoCj}Md
z14`NuUn{sW3H9ERUwQvo{=T2b!Xgq`%h?w9osZa2kl1A!Y{F8f_&_@*AxsY3)73uz
z>eW6e#hC^F6;*`Uyb7W2kYJIk{SpWo#JUsNlE3%sw9Nb^=MvvsSlBFEey8wV1n=Cl
z9!(CnK%sG~?8)95P}VzbeLd-|vxnN9-%mL}o#C5bUS7_<wI!1?+O<&N1Y4uuT&u|A
zeX_ZGzg|1t<`}`q$Z>^*@qTBr?|}sqMb!`dSj|%eG6vGA(`!u$Ueu?hvj5K~@A4fV
zYQNu2ukvql&=t6#c&qyT-tD~dc6Ve~_%=DnFx}l%8f{Yf>51y2nA4`Fo(UHp9BiI`
zL1hw4qZg<RIdzL>f9X$9n9D`}+QzB)()*NgyojRa#~aK2=UXw}To-FS`MBGE4}lZP
zjFq>)=6`#0b6us-#KrFYWs4@UG_GK=xUZ+R@z&Y*)`e?gownHcGWF~?dHFAB8>r5Q
z440TY1qt5F+w;*)+B|R0-Y=KDzuioqzq9uXyIjQr&@Sd(B`<>}%6$->Bs3xUSWlrD
zs5akw+&Flm-l9o70u#Q+J}Uh5<m9<o(7DBljHeA2&H}CFUb%hNwXpl0$(N%%-&U#~
z__5mOJh*;@b+JK1N3Sm~ZugyQwN)<FH7)!0wzX&HT3=u0Gc)OS&Su|NdmkvPJnejQ
zb@g=6;DE^tf18g-uDo5u#E~+w;mG2B%%7i~E#`0h;FGp-`lf7Q(1x1Hrl)Jv`yw|>
zSATMB_!vI3?hB}*0e6v~IC;oHM+<b^BAkkLKApCim0QeW{d|^~TPvqbn4-R{_V>3u
z%hli76_qZ(6Fha^im}u4t?)GWx@Tu*Ry^B$FHv$6zv9e==T7X<+$Vgz$DH}|swtrU
zt?YA91p*r;ipgHP_08jc`)!l`?QXL1$z-fvzi-!KUB$}lvE?@z*<}*eMsMGC-u}PM
z*EkJT6@KeC2GZ7LIY(P^U-2$u;!tr|5WPJwZ)W!UdwX9`t5FZoaeXp}!O7^k?3{$p
zHR^qwVV;2kE0jUq{{(P*8|F8&{Cjs~^=#_@)ns2>)M{N}Au#Dz^yz83xi6PaUw7i+
z;iWB0Sk~^D7}a-r-ie$#%?+zQv3!|(q1^dCXRW!1zz4;K311ev$O(R!YvIJrlqrz#
zXQ^Z9N26Lx^||Yf)}Bt&-6=4stL)di-S2NLaBPmb(04$2Wo@{4T*boJf`hE@?pW#0
z_O=!ko@AvSbUG?^{k_Qw42|&|FRWK(tot>u=$wl3;dTb6OYK6H0+V_gm#IC_j+u4q
zT-N&gpi*Jg+-S>h&z(HJy}o{a-M(M17RmJ4|ErL;EK0FlvuB;Ino6^R_0(JIU#1$&
zRG1*h#I?n^?oUP2yObsNs}AzCq?mpQGRyfg*COq3)S460paG+*D<ETGgNr{w{id?p
zxz|@5-{{=V_wD}wf7ioeORrw3UN~dI7ug*vr9D{%PAD+$lb3umrDt}_gfkWFsV8jS
z=}W%qkuquh7(UbQJ8~-GT6?bdiqW;-@AuyajZ}QvvG?1p(|)#JL$?24CB&&1$$9F^
zM0d~-z0J0{W=EA9KnqdC)^ja#E>6qU{Z@B*d!*p6ty+B<e_wuU1y4%8+@^JV>2o)a
zG*)A$O?&2b7#sE!`&Nb(l}dqTEHbb7&b;c`@V>6}TXb;5-ye_rqrbnqyEgm!x@F%%
z1C<T}Gixp_@m%(ONeO5+eA2n;e%Y%Qhk&Y+mI*ri8FM-l=VYJSJZbf1g$LEi{)_WY
zt?^^3`M!Gd{aL481qEK6eM;}uS$oD~ajCy<fXB8WDay^`70)i|yd4MMwqBVz3AD9;
z>-D(X+iqoPzrMeJfA0Rj-$Y+Bwxm?fI4ta}%Q(|0wd-!(@3-6DY&yNG*s)pU-16^M
z`d?No?lYRJSp_<N1GK+)6KDqcUCtr(`8Aie-7Sk2Ke2RSa(GEiPhaQGm&;~@20%)F
zXNvxCefnav>Ghb)zrMZAo*r8^v-bDf?cWZv%ijQ<;Q<=XEPZ$9X5PM^Y0;@uLvt?s
znwNgfKL75rzkTlSce~eH?+^K15e}+2)}E?+KDRt(=8|}hANOt~vNg87V-9F^&}4$H
zq`3X!;$q))tH}xhoS@Zo8|`X;MS#lqTU#=xuGp0J8a!gYKCN+fq+ZJsrEOY8*~y-Z
zK3$8>-`dP)rSWy2o5!?v3xN*Ebaia;S<`J#CVB7L?AXnD^0J@x*|)7%<ybg(a0;tg
zIP=+ja45fXDl&a;s&hMEX?ky5>D5qPsg+isU3}qvERT)P+a&Ybd}uhmy4d4udF{SC
zMW-#n!yM&L&VZ&#K-HM=p8vnD?|-xB^SR<frR}n18;sA}T$Z&rE_mP&yyYI~_=&&q
zOfy5~H@xqa%>yq5dL+Q1wET7Aqbn<eEz>mkT-J5EIJob9nYj6!*R|#xS9SHJ?gzk;
z{v~S4-$})aDz~>}CW9Jrfw%Vmy1M>Oiv8P`2|E27ew^I>=f&dwTb9q~1cygxDr)jC
zw7F3H>`Y;t%U-RMzrWwgUcWQ^@7jox_^XQi%WPUdDS##u&C1`!g!}z4{u^JKskG^s
zRQ8Udug;3nQ@-7=uaDl4(D>QmUg2?B@Nl|x{+`6^vE_5EpNFJ(W<9p$R6Hr6(a+!=
zefn{DcR2fTp3M1C$=V@V6S;H!<~1BiULUvj&b*kuTJL%J&Z=s<0=1{1HE&DGhLnIf
zPv0xoBhzJn|9n3G?!#xFbTUt_-s2G!HlxhRW14%!AC*f_Y_9}OP?#z-iCbK+B+gma
zIrrkC*4qDnzrVZm?Ck8_`&lzVbL~p{0_|12Hgi`!J}zHhA{Ve%Z~vc9%Zi%!NCi9o
zUnSG4{`Bw5<@00iEjXvJ!g<3=P(`74pm`Bz{-%>^-##4X2OSL(Ew@4@?kul$``lSY
zlLaPeGM`KQIO~q~qThQeKi^qBZKu#5m3G;?M|>~YI221%s%+Kr@{W?e6?XYZ+Ou_4
z;Kc()>_$$_MT#o_e;l{J<;-uJ5?}N2Xi|L0-`uBD!^<w-0#$1q8IMw3J&rvV6YE*O
z|KG06m9I{!&yU%@J+#ReI<sFGcX$KCm3<MF>|a;a8dQZ|a&DD0PP@^iy)NRC!PnS;
zKATBGwN<<=DHWM(r)}N$;Sl$>U$0hM_k$*uGvDw3zwh+wjcV&(c<b*C5tj{+JKe3f
z>%=*W$2{9prfsocyf1D2MnPa-e9Qjn6B--%8GT=Ebr1TjI(3Va%YNxwhnIy5u{;vE
zu;bE<ORM{42VR<SX;PN$7KNq$(9{<_?XJ|SFps*wU$2*jY+Vz|7<w(fzIJ<hZZof0
z!Th~HpUuv*pEXTEtDtMzcF+{}Q$ao(9-)%mZ#H#*zUR5+<^8AA<MTk>VO}|#8|!vF
z>ay}*yiU?6rDJZ%CC_)yK+XQ$s@`5)2bB4rYc8Mj=$pa4vfH_4g^!M~_41sOG)QRp
zoZ_vKbw@+A%FcvyqOZ`Ns3z^|<9)KPPlX?lyQ!=H<f6NLE@=1s-0F8b%iiz(zN>cE
zrdGJe1r8{mjL>LzC^)aVoM&CDLo$m=_(cijP~-{aRZ)tP9A@!Lx=yTIssoyou539h
zd>FLoz?P!|yyzeVy68Ztx~pxK>WV16MJrZ<*Bg|>)*F1%kgNOg@SO3Ar%SHKRj)05
zd1+~&qNGdx)p=g5Z*CSG=9LziR8^tasBv*s?R263PgPo3tM@#vn)*EOxAGSE&wIb$
zE3UsBck+Rwd*zZ(<y+tP+ScnXcP->pP<cG*@ver3X>zBMRrG@%1UB)pJQCorx%DY4
zTVF5kgoViI-N(QM#iupv-mT7d^H?=oYa<JnV&vZVjxB0SZ+UBeT)jB+$x0Pdp99~I
z@!4~*uw43e&PjqvAYx9#BgPjUYeC~Dtcx#iQ?i|LxA3^^+S1q86q+3-3quOolhXHE
z*c4QR+xjQ?NMx{fduIo&I$(24Su=n6x133!Mnek6lCN`pk6C#&I{f4K^HjgSP`jaN
z$<;V6ljRbuUAzJ^GpFvKc6m{j!h|gjUv$??-B^;Ee3k2@hJ#3M@I~{|6}5=@-n<)?
zZ*P9N)jGkaUsu(6fg;nbc^g5a?BVgXq3@Gjy{FGubHp(F3lEDFbSaDOcaO6iC*SY;
zeQxgS>A06hoKjt|gTe7j;Ze2=lAT>1az{iow%4p{cZh+^xF6kW&VT)>lgBT%dx`xi
za&0=fC(tIhkBJIsOmF!1OZ�zVO?b%je#iD9#mi#Ip10q^G}%IDec|o^&pJ-QBA-
zwoXP5?;TeDx!>Wj&xc1blS96%hHlTd-1l=*R=nwy$JNQ}+qNYnr*eF-UB#20)##wu
zsPN+4hlhvXUU23w74%Z~opr==4$o9IRmf!SWV2nJ+Uq$LR~~-7RWXMB?((?;lQ=x(
z&zlQBIJ&=cpZT{f`wvfvw`KVu7wR9Mn7NN5ruOUAZ`=3(JqtRA=XO%JZp>qm5WjTw
zS1-7QSY|armQna#ytd}bOm4-S0zPj$=NKlp?OvIgwEpl5Rkh2094C*qE}0kMH`D0o
z*G49}*4D5Jr4`=~TJ}}lTDe(Sl-2L$;(ohL_x4ubp6qXzc{^|STF`d*i>W47^`Ev}
z_A5>|FMDy};JRI}v|iuZx?0;k*(u%nmCr>`gXP<eWd85pmrjd11?tp%KfK~Qs0{%+
zT}JiwHOYzWG6fAUV?3uW-_-m~)USy9w$zjCHMyXZ!CoqQ+}~F_*Vf8S<^0L-$L6K8
zZPArtYys~La0p`g@_WhV*`OjJOo7#Nf8(#cwjYlOPhQnkr0~EOT#VV}GZ)V=-0o!b
zLR;2j|F2i8cP|xxIN@sMS5>D?`zA~=sChEc{mrcGbsJTu#}sW;UEli1i|NCaVE?TX
zmECu#&lOhlDPRR14s&f?thM#)HJfu@Tv%vU|F1?}K-z2d+HJFJe>`Z;>+E%TsyaOe
zeA3nFUC-xL-?IDtCK<H)gXt}J$|Jt&<<h(S_d(};f%YN4c{16*tlG}&>RR>nRb17V
zJk@trowIyC=LBdTBxQQVoVs5xx7{f^z0@?vIB?zjUR&W~NiJ#}3M$4Ic_kPdt6120
zBp%eUyZ1;iN^*oufyAt6ZptyO(`zSOnJ6zbae92+&bjsfeqLJ@s{Q-ZY5m~i{S*GU
zdcaoDsjq7aIpzHw)O@>@y*?MzXt?LGR|~Y-PVN2txUc4}y|XQg)0+RTe61qUZ~06@
z-R^Ma)X=cP>!MZ5Q?K9IS?oLi|BuK0%QnlG{wP|x>+6I^pyd^v;gzblw`2-OdWdDu
zelzKK(7cm-)bC4I-?O}6SI@-ZSs(VK#bGJO9#GZsbb_4RYsHM|da-vVDyncSfkfB7
zEw`sW{Zy=|QoCrI)~p#yJxk{bOxn-kiCBSGdT;rjf+(}a#VboLYz+GR?Cjn9O)3kw
zCmdw@e&6YtP*+t&!T-PCtpl~*FH<_LxiV+!%{7smtDG0kIG`K0-R|<FVBPkqZ#QYb
zx^yil_p-C#e8YL)Zusr~^WfOLGTSNh<sp6l%u7q+uU&n*JaY>RQ>d>4fB4seu>G-B
z6aIg_9=|)($x3U9d%xVazu#_$m;N@eo6RywtYhEP)X8qCYgS1ru3Xv<nr?p;A_#Ih
ztNEp%P+ei(I+HIgK}-Qn?<V`(70%nX;lr;VkNfW~JXUqJzb|g;wa9eY?fV1M!+xqw
ztp*)dq`v6=zTfM1``G7g%6>XE{F~UMqp!j$H+iqWHF@W|U9YcgT^<tMTqdr)f0~Wn
zoej0_W<NpWL@Bcy!kYj7eP3VBA92`o|6i-iyM_3_ZT97OeMtdQsz~LooMu$4tMXL#
z(vg3lBaDPiK1sm>S(Wo(Y}w7DCGSFRZ_B-F|M$R~U9Z>a30x8lj|qI9DY9G9xoyYa
zwp-B)YkRp?EiSnd=x+J`5vb~J`gR9ab?**d6k2Vv<>mjI>GMku7Tl}<UpqbA-?{$#
z?)y76in&AtTt4YOo2V1^UH<<M_uGZXW#9gI+`k>%aIt=GGnqYbWk@u$V&s~dmXurf
zBThk<FPd<OtXp!?IcaT>)u$86msj)|DJFPwyWIbjC0VQ2vc#WV%feeEf13YH-lvWp
z*Tg6Nn$L7Err;p!w<E&-J3Q8W3ee(}Hao+)@4Ws0J8!+Od`f0@nRH+>NAQAqy=J#g
zJiS_X{V>1%9nj9b?*$J)V~xM{q`bJMDJL#hU3W`)<%*5F-|yRfdR6VTs`VcYvaV>T
z>rCz9JegFw|Hq?l&^9E?_p43?2P|K|@7F2YEdeIG+itDeb?B?8w!EU`_t_^(!9!pd
zrm%=Cf3WNIx?;7QO()gfZI3(N_CisglPOc+gJ_-SbMM8vSA){@T9&vpA8DE<B&Jqb
zYqD^<dyu2|CGhG@q&01zb<zs{EcYs(%f7y`aq;ZgFCABJYkV<7*VW^?bBYklBsEB6
zUwXS@*{32!71euBQg=P>vyN$)reOQ^O7J=3rB8dk?AVV^zg@|3vWT;&b}eWb*>x@X
zTfB@M4hwE^yzucndo=C*ythe8FAn~bOrP^`&!k(=oSGaaK^Jmu;=LLcrq{BhFXzG}
zPS*6F*Z2Q>I<M~K8(ZDUJV%lR4yeB6bMjc`i?mu1ywj{w`NNIm{+orzWuNz*<eJpS
zcDeE#=xDgul2Rd-NlFlB2Ym}qw%jQ&$!fF5b2hDlE|$mU_iG+I`D$w_EmLaGEG}2&
zD{=P-dwiW?_GSmrax2#8jgV!SkA!EKW>4FifBzonL^ko=4J?f+&<=RZ+pAG-dM!&H
z)c<@secS(kzi%(@w|n&~>F?L;<-e6c`zQNmtq5`Q2<tNW`lJ`MtSSHPGFwp0WleRM
zZI*i{P@!v0T!l{fTBC(`KSHW~@%xWn?Kd)a3W{BLV!ryEf~Ib+Www)r)qGY|@P{@}
z=n>{LIcGYx;r`labMcd=SzO!ISLb%$T9$SGeRcBsZ)HjL;NjI7nWmBba<(x`K7$%F
zc{?7mmB&bPG8IDYxPH$jCVZ>YrVlkr^Uo>VIQKuOOL@+tn8%mZpFX>I`3%3^4}~H_
zj*}-&1nmcf#V*AV(4-avlc?eb(0uxxoyBV-H>c?>YmKumfA^;E*`yO!c3w~c&4z>4
zi=Mx}&*m9uh;{YVXA`e%)C^wcvk|mxZdz>F&8msH+()OKE46vGVsQ>={rz*tylpqr
z`sVe8UK9e&Y=8$0KqHja!kZQ@`EbAMnpyrmo9|x=`)$7!+*DyJWqVwF-u8K&i-?A2
zy2Gi{YdrEd1*aRmYEL`TAy{@ovHgbL?l(!o>V75H_kTFV{qBG5?{8aA>+L?X@9($U
zZl`rbE<Y?YyEaX}?#IEKf_nCM>~5}<KeBq=u2X(iFICdF=fv$OSU9)t*UN98&)eTV
zF;RK$T`w*Nh4(+B^Y=czwem&j?zh{bFMbo-?Kgk#$79mluE$mHG}b-pv5hS~>R4|0
zq4@qqM}OYCp`9sQ3SJxTP{s1)_HqlcUu${Pb3LOHTSf0|3KwFjfkedf?0C7)iYmhI
zu4V~MLJTkHUCLc}ePe(}*7=o-9(oCYW?f6Y+xcxiIH<RsvwE!qT0(brzWsg9Rc(`+
zlr*Deo89z&vFF#T)q1mCQf_a{&AqU|vFzhfaqC9a!qr#yR2G-_oCYnoe%LO*t&y4i
z)|r{ccheK4zaCcpt#U^sVr9h4-b$73txGrjIrL3;>y;osmwA=XW}Z6-nq|JW++SYW
zDCI;_nRm<TxmAy<Zs%^l30h=fRlGW+x;s`~P*YG(`iLXDqxS)=sh8Ka>{sd)dtRNq
zev0iCX7GyOm%<$D4KC+zcX{e({q~96j!6mvt&rwLV9uH7d#gkzMZWFG5}d@ff9(O6
z=W~kvWKRV-1;rf(jYEN#IZUhyjViqw8hgcb@2mXVx!YssUeJD{E_+o;@W!Up(^c{-
z@2m`7zH7y9E$1eUh)r6%?f!lV4&PUo@WuJ_Wq*5JHI=FU^UN#xrg}}4)G6iLzB?kC
z>$HAO^uoEPbvE}zZ(3|7eoJ;=*nG|W8}p9cihg5tbDhBJB#rk=7CmH5opyPhSMBwh
z{5MlKwL_*&6l$4{%M|xie^|NYq}uEoX18;aLE|}ppPBD3bl){m;ej`#kr@B`(+qya
znFZ^^x+hFIG3k4N+-A@?gpkdrQ<*c<LF)s5zu#Xz{Z#Ub{j8pgG7dJemOA<8GdV7P
zT{`!hW6R`q7mGqF-Bg7@C;099<b6|AEaB4u*4hWrX*>P|<#JAszj6KOn~><k^R*o&
zO#AH7pnam@)}09(dW+`XSfx|xb~L`pTEp0Dx6nVY3i0RF$=~%R^ngkpg$b2RQN5Qp
zCcA(CZJ%{T<FeQc(D{1rcE7g+E$_6DQ~7K=LzcM~yndXo@l<rv1fLm|TRA-E?p(Qa
z)va=goV4q{F-$H^F2CPAxyju<8@%{o_m^8MgVn#UTC&-y^l^OQQBm(pSL~dw#!5Vk
zJ{`67eBsxt;pK8CK}Wo{GV6;3wf@%^GdaHfOo8OlTR~b60z?#7)-IbKQ`C9;@`~3-
z&bfPt?e_B#W%ZW}(B-|xUl5RH`Bv-ZO3u^|dpD|w$Q}i4^=fc%<0yH1>*~C!SDLeJ
ztGCUr?vb^=cC1J8vCEPqtv%oGRlnQb%hH$xsasY*jdKLe`CL^}Q8iFu5nbT+`=`pT
zFaFZ^%kP$kZ<qhrrM+&&XOmU2w_Y#*Th8_5)1S}hcQ3F)8b~nBIv+2<vRq)j(#F5<
z%J*;9-FD+ppT#2%b*-s<)^7~L_a9k1?e;0NzZ0eiO^Vv|^V4bl-SYFC6rV?@{n(Y1
z>lx%x_Ws`8HeTsx-@3Y%e_Lty`Hb<qKbMo5w%jOvW&U=j&9@uLcjY{%N^+bmx;6Df
z_>zl{kQ3bkBbF`lpLRU%E52>qv}CGvl<89T6`&ni)~~Wxuidt)$MH(gRH#?IA~+>`
zC-`ur1o)V8dfu%0ez*KKt9VR;zs<*%?ju_KODDOUYhYx4^ZC4e`9v4d*3gL|s{d4e
zh^$Co+-p`;xpn^g4~O~7&3~3&kG;Nb@3*MemzH`rr+h65Os~;W=%2R1BSNe8$HR8L
zMJriWeT%qPa@p5!&NQJ(LhHD0eSSJUUQg{n&1oL)?O;!@nk!VdHfrmp*X#G+b3M2B
z%O&r(v-9_9YN>R`F7MdRE?Y7oSuub4j*OMrEA6zdf(j3glU|HV<v>%sp?(S1)<nK*
zT)k+o_KEp*`ljs)jtdl-AZ@gr<^q#Azt@>^oNSrxQz)ruka<aE`<&3z&8nB4N?x0&
zb9K^=#Bgu_M0L<UhEqZTDHXc)S5L|Q4STUrlar|x8dOi`Ie=0H$H|t)pgHD@l@s!J
zJ{9}@>-GA(ml8WY_l9|Y+Pg8_yLtm;m-!@R1;v{So!P}Ne*N?Le7W{Q4*?G7u*Njd
zs^fz9%HY{aQ|ANUkHr}~WN3iv;w#D*c9-XG|Lbfhb<X;|&FlO7?OPNApyRPo@0eOr
z4(;uq;3J`N^ePW%&GK1>g$uzsb%R9X=5to3<7&T#?*4wSI(CA6rMjnp0Ca=JOgqrn
zfWDeasoEs79_<4?(7Bj5d%xc^tNT;&eM#hdPp~-*jcpuvDjxTiy<WQ=yz$`o+wJpT
z{#W5p0gtDqe&RUUQoVo11fE6xYq#I4GAn*|rX_os1xJWEqwBNF<u3PmYu%v-t~Vaz
zcrjz+;(ohZVtO$z9x?jNFkp-@^*a#$Lv`-@X&aSQgx~#5ataE4DZwkd?)Opg_#L2?
z%?IvGR0SR5e0<>xThJyQ1{Q^Yt^>F8_vcFI?O15tx5l+w?Aw)K|EarL&KLVUI3n!7
zWumhCE${|6X>X2`PuLoTCt3aXXP>LBH0|ExN5Y5+wKb)$ubnN4VFs`L{eN+<d!xv)
z9!X{)Py!NYXb^9lU-#=|iH!%Swbgv$dVKxe*H%VP`x~BJo2>3%_Bng6yT`Ko$2m^6
zNKO};wCiN%&3St!EuA+*B}eM0qrzksw;qW^t6eVlJalu92G2j4cSr+d@JzK0kNd2n
zHm99^16o+uZ~xEY^0uTHD;9xCFAH?TRtZnKyv%p=xw+QS%l+o&yt=Y->UJe}(`iDJ
zva$q9+=bJ2UiY_n*dimiKvUp@`T|vrUwkhZxgE>??3@TmXkzLGFBZ1n`u%=?zW%-+
zi$I$Y6;>HC?b|38ackC{0|ib&M}KlGc(UqjzUMxfX4Q2{3)MA1D}hhG-?1R|E2oEr
zR#V}IDRmzn9P|sA1nR>%Ffct8kTA)Z@H=;6@{`;7`*oLVtXpfuw6D0JC8bC<T3u!9
zouY4VZocbQKd+)G$9Ugy&84R^r!2T)6t4QU@y20$x$1SN>=@V9U9i_p482qo_O|oM
zj{Y~_WyL^S&{l{sfi`!X*57|exA^bB-|tr+&3U8K?66^1(C^gd5~VE<VQT>_-I9+g
zs+?wsEy$cZfk#R9p`-?Xo`~YgSx;sPR(GCq2$+`681Ag_n?*%IRc@=jkblj$-`w1w
zg$^OojqY-lM{L*pe=^zs&2jnqHD;eTnkzLr9M9N2<C)k|AtxiHJ4!cSx1?;y@2{Qo
z^kA=+%HgdqIlUfi)I86%uFb)WlSQulT<4jz{|Ta?GQmc0f_u^Cvu2w?Ex~{J>f!Td
zxko#(h`e?!&X`}p&2jQco8R0CArlWuw##tH$ro5U8P%<gfv$!D?Y9r`NO*Xt^<BmU
z&=ywEZt2r{yLBcMxjFPnu-^J;+byLy^A5ubb(O7Ga{m1IXjb(lW4la)2z2KV$N)%_
zI#cLI*6OuyTE*iEF2+P}&zqYTIwdxd>7Zc}==kR7qh6{lDVk3I=3f_{^e|cT$<&nh
zlk86@sG}VektuuwblBp&>UV}=_m=wZDtfAYtz*x`z&=4|54G#|Ut5-R@$!9EdEsYs
zg5zYxogL6)(-;^zmiQ(-IM8U8bHm{I+$;O6f=Y!sToSLZi+$ZEqJ4Fdg2DL@4-dy4
zIDKr=`Ug6p@$>BCeLP;hnfvbUZtHxNxRWnp`zQ3A>(PcLGJyt%r5rKUZ?|6Co*zHk
zqHxjMJ)h4_T{W#rNKN3Io8K&xla_~Tf*zP?m-0GoGC6y+Wr-dq!|#?0y0NagPaQn2
zh1Fk<0%b5zv9+rIz+ry-ocbS!<=?#9{eD~R_q*GFNi`hRn|J!g#^kf*`6&%NiZky#
z$PDmcyVxJn>o0Nl$(fb^CJ9WsdcS=Obay&K;~(J*pRTRle(x5j6J-78!{N{OAINMq
z=y<(I&Gqi*Rkl+vSuI_6SUIxlfQg1mX`}$7r+3WLUsr$TFS*1bfO-N-O5=gm>-S~N
z1}%=Sdb!jr;Xs4Vj22#1ju(48at~j=bS>z&jI`FN@^yU^bZkYWMJMetDUf{q;ls+{
z<w8fdn)rW~og?QukrleB8MIF?mFbh;+Wr52m0gQWpLv8?b2p2MoT!Rt?X}(I`O?N|
zJ}SwoPNlWG%ihLF9u;!hWO8efQ_%F&!j`qaO1^6udTRMGD4yg1FJA+<w6D4*oSS30
z?b)pCTT{d1GLOqu=afpuJ74o+@!~0abK~M(H($piVe>5vI8I(F@#gZ>tnWN=b94Ic
zaNXjkH7Ac9R8sNgw<-d+uE0Ay*9gwAuiv*d=jJ6)=V<$tsZ(T`E-6Qy)B329zbNkU
zi-`^$zm7CGdQ5xwf09#>>x#{w9bxKfThD}kxM_UTAf_edrK39^EJ76~xH8%Q{W2NU
z!+2NY_;$atsV(En32}R?b}n5ZG?8nIuzNepL6_*QSx>)(PxIn98PsxSPs@@n!GhM)
zSB=7L86|A1wg^vO@{2`aQV$2*)PTDzCiAWT{dk=F<iy0QcPD6Vk6X0Sf4-exdxque
zbG!Q=cZ#$rOjz;0Q1PJA4GYHFRWiG`|Gej9q+!T$VDW$M4-XDDCzr3-J~ecTpkk!!
z+}4$##0O5#3j~>FU6w6AV+h)La$v<F78My$S96YK!s;9RZlp|Io^1c+)#f#!*MH43
zk4!X~xk_)-1Rm|Gz1M>oIlXeDdVjYl1iPFvVN;A$bI=2iIe{ZdQei{FL8j=uoloy*
zvPE^ed(CfXnYZV_Cpos${*ym&u$>OsUH10Xo>_LBijlK|bQD)6z2EVe&-%xM=GR#h
zIzpDOZr;+rDNNXDQ&{!9GVn4=1{Q@0=1lUnUnXwNy?qU|G=BH%b-O=Z+jC}%`)~2%
z{qpbo;yGECOk3a;J!Q4_p?e;zyi*;%cz#MawQi<y`n23;|JtiF)VECtNoHPp54!jK
z)vfis8-DrZy|9>_xLPnJ!5HO8MS%u~S|-pYzRx#7gL`r{9~?iZxHveLfQ~w~X?eKV
z=E;;v3%-cfEIq@y?di{Vy(xb2T`%<KPghlGe&Me54m21Z9$$Nvx2^K?v#XmO{Dqp9
zbN*6#R>_&OVOn(aG!}43fg>W|FU!5!@3Ekb6F%pJS?d*Dl@-<}D2OeU|Dr!f#543z
z;OFNm&6Qda{Yv|^TtDiZ3X>IGq_MGen_G6}zT)YsDy?cA4Jw5i<r`ZTS@|{vt+z62
zK{6gx2rDQkOjNt5!8mhC1<$GJ5?5|c7TOs2J(5i@T9nx>s{M*V<EGXnUA!^JK3VzA
zwJJ62PyTVT+3M=^H)2*ih|J8u6sfcz`2*;ZfavVCTknYJO_FD{oYV9+@8Q(0x^VaN
zs%sVd7nyj>=~%xjY}QfpL)j(Vp9@`;oPsn=EWSLwwEBn&v~2`(69ZGF@`4qMKnrh5
zUtBo2%xC7L?a!VrvTYQ&a&z*-ztin{xwpN`+^KtR{i7p7!jqVE1y?RzQ+3toy3PC6
zFOnTk5QT!k33*1==A94Qq;n4Qns4b8R)4m>G4z(wOF`ZAsTEf)MecRGs(f(U-W3Nc
zSBXSMrm3r`q_$dlXU|bpd%A6!^^R+cwoSV#9RoeO22^nch_Y;{_ba~ZYj*PpXqs}>
z2FvqqUhNti`fR#{CU#vF3T<!c=SqysetB`yiU}d5uNZP?fiv(0#&wxF3v}<AAj%j}
zDQL@7|MPTw&Zj3QxBYxJ8?@>F(&~;$-9i&GLQG;`3h1VXUO2yEo=2#H|K|yc&OYuF
zR`3KBGIesFT(C=lq5t3d6YkCI{C!s!mMDPR+tBiBlUKrd+wWUIom<Wszu)h-U!C^s
zk{;)AMrO8%f<JL{4p=eH*kB$M{biEXaii%E{;v;Q$>}*&evRR^YFp6>3$7S7Som{%
zy2H5z=|Z6eRh(~jJnqZOzCJBFFZ1#7{`L3TLOP!c)pAv-tQBNA(ph!HJu#SBU7}j~
zFT3L^r=YZqxtmy0J}jNo5wiSr>YCaqD)4fPfsrG`y3yDC?iIWLe~Lki(*-AMmM$x4
zHEEr;fQ>2WkpHbkGO-JnZoC!0(xmv=nN6p>R=%96V^*ptxh3j#PruD4kLurVx4(AC
zU|w_QSdp{)U7p#Vvm`*{xX{WkU^C0LxawTc3XGG^CylPBv^6%p0QHjJM)Jr%Ra`!W
zC3UBFK<F~1y<Rh>y}s(R?C8~CucIv~4Jps(mY2CVn`B=*Q}^%Z^Qt9>*r#|!Y+~6~
z#U?Zj)ZzoB0tQBo8K4sx#B`&c99hD`b#i{gkr)NBr?pr17hJm8C)5|!Hp|7p|LSsM
z^-zDy-`anpXRMziDn99u`otA0*1f&GeLHA9RqOMsyNVD8H-QaqY-s5FG$CV3gO8I<
z+et4MuN_(eK{sx5*4i`qDyb~}r>dqZ_f?C3>7M?F>in<HB)r`mAAADI-wch*)D7zY
z)$D$^>vhh<L#^A6ibda$tA2Cwi(6<T>m}xcW!pb^9bMu({n&)<5mnAkq3hSQ^!V-c
zY*}(9r2XZ}rXx$(y7>O4%uo5k_k;@(UyW}BD?l6RW5O3bU9q@t)93T{_SJ6J7Pwwg
z;98^1KFwuGnA;-9N4za+!jp``<8^kf+<GR|pV6&fZtjlLR&rwNnn0B*v}ALrWC86r
ze0_cW{Ihedug@*7_;gZzdbmRPbXNyR_0^nVxti(6gU+7*EuO6@31tO&-T&4vc4Fg~
z^I3lEeK7LTVkbBnL6_LL^-86F3eY<B;$ge|Ji*gh$9Xv2Ie&t-HM<E%sL$MYzGXs4
zaLK=Js|ZhjHWdwji-#;MsYZW&G{FTeq}1_sdC+5gZUd;J1e)^Q{pZu^$j0!6brTw7
zEQ^+0mUMh0+V{hQuP&`+$*d(?PYF%1$}ka_@~UF4aPT?B#U~#wQb7b5BZrIng2`Oh
zVv2pMKOAI#yX|(~=DB6JG^-S29=bZra;kEYd*I;k?aj^0oL(la;!f**W(rMeJQ}rr
zP2YT*%A#21Eu3M$HJ^5+Ij;%7KMARDRB&cdNfLSS^xN(H?Vw%(XipnYWcb}>8Xf0u
zY)rnp@A!v6xgrnGa1ZwhlT;^oDoUCJN+)fd7Rj7+Z%^gdC^<e(oy3!FH&fWzmV!rV
zArYhE{owce{o6r<#g?urWg;ERQ%_Gj85YF6^yF!Yj-wwwHacDgwN6?VKiZ&D`z?j{
z!PmT`WvwYYM1`gbO{uyHnsbB}KH&BP1C!E%#WpHZstSVrQzeB%l~uS4Tjtxn=ycie
zZ>Q0X6-X^X2Bwc3HoxC&HcLMz^ZQY^eoT)5>tn^A!WX=bB&?3En7XK*^NCNB!&R=6
zDpLNENbx0*!NpYj`&((c<g1Jc<@al^+x`7=d6_}8m7>6G1}7skD?Q{R=p1U8Kr<t`
zH#Q`GTW<gN<g~b|Owjd6kHn8n6<A@w*pkxP7%YoiiZU^2uiLSx7IY%a-s<w~dwX`;
z{(Lg|K%+ybfP+Vvt9hadLbZb&=b1T{m#e<Kc-Xi1^_`uYOJ80(daPG^`tfC#mdz1#
z@OZYyIg<}beW{>?echg3Ion%(HlIAiE7DKvZr>uEzh~nvsm86Q?hJ~N#j$?Ppza?u
zSU0&PytuG%S+Uym=se5nHye+~gk190+o_VBmc-BU3Urbd4|3R?U}$9Kvp4`+hPM0n
zyWMZw<?A+px&nUof4}fVv~dbV%wcev6vzn8lb}@4*duTwV{xyKcWm{yH!r{WfX;jC
zvwSwAC!$?a;72Qi)1-@#i~_Nzu}2_cN5MkPNw34>Yg5-oZ7pglx?lU<v{Kts-~{N_
zxM@|)(a^*I(vdaqK=FCo^xEIwwu0sy`mEnsWZ&GhbZ*fp&26Xkc3-iPW=Lsga5A#4
zZBzxRhiNTf5jk3VYKrEz!+h2^Knoy2mtplvnVxbjQFT<{2AwwYf;9(RdO|(pz}N_?
z>2{aBee-tv{cXJFcP{Ad{Sq|WBy-Z*?f0rSG&xKbcJMH(6i)zo8>)$cMM~|$Vt0Pf
zmdm-d-)@%Ot9*Xb&-!gjx0o)IILoX#3{IO)?q*<yISXXr1&hY3VbNznqg21I{!f4J
z^B{N4zW@7A&1up29MYzu;`>F^DQM>D2`L&UZBjL+>Z__0PgGI~KBY5dqmUDatCotQ
zimS(u{n!5eJ^yoFvHJIU&n=(Z9j@LV_q}v|@w~nBx8BdrfBtjM-tST7_cY|||7<LI
zalvt0-d!#ujwM=*Eh(!WJ%5HAR35VqEOc&PQuFiEr>E27y{@hbU0VPD-=?IaTr-VQ
zxn3wt$YK$gw6blUG_36micf_~7Q3HMgp1vR!j;wi=4iNfi%qTh`N{M9yStOGGlV-H
zNMqvgoZWay29bIhSQa@Z9B5#iq~<HNv*P2TIrjB&*Ve^mpYy+0e!uqO4%u8M1y3dp
zPc{x@JuyxW+jnG1O#m%Hnq`)&m3w>J)VsUOz58S=V=ghD`NGB6vLxKb(;g{=ZTuAq
z;yzuEub-N9v}<O~WZzjP6XWZC9{pUqy!o6`!-SG)_8Zuc+o7I97er6?N}Hcr5xDq_
z*ONClH>cj&QMf7NqS6URg)|m{Nruj6dyy<qNZ@a*`ufUqb=X>!@O3el)<&DJjNQF$
zj$Q4oC$p9~D2TBLOxn2Mj4g^5<HjwSmrw01ex7oug>zHtX)(*fM=d5fHv*(gvr<0K
z&ERAD2)g7>6gg@N6dRX%PoMR6t@kvYiQnGd_I`P3Y3h>`6E_t+bkdC5vxB?3<zybn
zN0Ya2Ksg*&k;SU)jfSfCG?SmI?{_|zt9&{&{K-Lf`6<Tf=MHc(1*$eo=+TOkYDY@S
z4ker-nn5mMYok<Kxy7gHL~c6K#LE3-=ks}!zrMci{{7gNciBuFp7FcqpF>IrJLVoZ
zH`jV;;p1bQl8^J<+*P`IOXg*_c~!48i}OCM-F~mA`um3a3t0pv@s;wVAypj?3OiZa
zcqEgW-tx%VM6mHlD2VIDOjzvRKdX51+gn?`^NeHI8&iZGJk+E`#gST24hMF!yxaRd
zZt}myK})@ge!ty*`p3t|ON*bMGb(uzurgxfqGI0TM&UvZ9=k5(N`NNPp=~>c#sa4L
ze?OOtXaqR;&9l*L=aZfE>FMdy>-YcDnrWPFwt8}SY^mr8g#>BFmL<6wnH<OoWTkh)
zuP-k*ReVgEX_h-{&);viH&uR4dwFy7@++%Cy}!M=IeFKy!g7B>2al>#b4!rY)`9md
zvrMzq_-(&T08LnY`f!+kw(+F&^Yf-k8mFCTm#=$KZu8~78Yr(gT;f4a_j8;SvahWv
zdT@YoGM|d?ER&*-k6bH19u-%0ZsYlMh+E&{sLz`ML&laR-E-StBBvRTjswr<*Xz~(
z{x<cz-EW^~=jZEBR`Z=y`T3dWT&q%_stLEYW;63KP2*5d(S5ks2*pm%1^)BxCfQb(
zy}Y}7`$_G{g-)!X3$K<2EOc7rv^n8m(>W8F)iI6?iZ8iPDl!I^AioFGqVpz3Zcg)D
z8MG9XD>l{sF7upiw${>qXUWS;Q_MYhIsSmwAGI+dTWRB!aDQKI(AKQbo4d=`=iJ!f
zxU1x)((CK%r*{ggpW0RW8kAe)-df)6GGlB>*}{3*4q125!~>w&k^8mZ=kED<Oj_-N
z-!h+>XMTE~^Io<n*rp)6WeNKn4{_vdI6;K*tn$j$6G1bOQ*@)lmif)qN<B4YqV~ES
zPI|GsSZp|!%wTXbI(lLSsFZ`H9maCOAK&lSFLmpc+LU!w>*oIY{UPgOB1>*(XSjry
zf91#y2DKfw+8+3eRQD<fFf%E;^%(3_ZReNI+qU!Fy}i-LdL)(CMsJ_yHB}2#dL$*V
zZvTL#1XC!GWCE3_pypJs`8^HO>}ylxY^zTE{eEBHvgpYK+v;y8wqB3pcIHs&W^gi!
zoUsEXxxQ0hpcE9YX8QH`&f@1Ppk(yzP2|r<-TI*1Z2VJIQ^13du_dKQqmUOlG;N#|
zOrl=5%hzRm@;NupHoEHTD^<|a^Dl31URJhUDt%F<VM32u?5#GWQlsH8#|z7o)$ew?
z*ZupMo_tf--zJgiqe=d~7_TWBirnIQQyv}dwmy?}rcjEpWyximCh%$wSd4TSHQLqw
z^7!`V=F;-__n!Iv`hIV3_0taz4+rh9tDRgviK%f3sEs0zoW4IOHm+X3FRD+*Qfa1f
zI-j+&Wy%QwP+7_&XLF-H<V8^tr-I64@2=M{OF(t*14X9bWj=<Ls-QD7t3<2Zg0}DD
zleG%b3S0AHq1<IrYfc4~w@W;uku53^Y_xvAC-`2?XWyNV`>cDeg3^hq_cV_-9?2ys
zCnptsc@Zf7l`S~glR;6^`_>)U;fvs=0iV)_!pCkeFDz^Z9iee-m1Xg>6I(JbKUv&w
zHwh_a^KFs{p5w%z_)^3_fgL$6f*Ku8Pt#qRb#>LHMXub%<$rg_@2?A5>LtqQD>{j5
zS)n((u!D!y4a*sbV-yt_8Z(3~YJY8ca%!r#-(0KIysfpr%QCO6nOXDstogJ1;W34+
zF}q4MZ>3$>cbY>%CH9%YnO5Yeyvy>)Evxp|%jIWxo;1t7b>h#@	M|cpBy3v)P^R
zU9G3qFrj4QX9L(Vq+oxR32H=aSg<B`cNmw5hC=%Jd8Rv6&(E<;o|S)h*Vd3#A)ZlN
zvr@0W%{cy)MPQO%xxzD~y2IfB9}_5rl;5j#2i?;-tNQKM>rZ}se7tD&)Tp8-Clsr{
zy_uN3e($xu+ZWqTb1JCBzH>N(TxB)HvdC3DV0?LP?d&USA}^b)Ts>K8r)mAaKc9|@
z$Db%ZZ>v7P{@>2n?Tcl_g&jP0-Kd<w2X-_xmaRGe{CM2&=JM~uVg6+|cNRZCb!BC+
zZ<K)U-m0&YUa#BjSM}{p=JVXl)2$%4mq@80x&6oV1Ha$z*9Vod@pV64_2TwOupR1q
zvFh&ba&zs8yNp&o-S_+5WYAd364r}Fw{y3jT;$rVl7DZ{zfvY!@fMY4c+mpt{^=<#
zSZQ^vS314OW|{A7Gp%XM{pZJ-=z8obd6{y&PxjK5%;3plE~nqz+<f*tyL^qn)auJC
ztT_}^?mkpsgWO$dP@G_#?guJKQ%+7&&2lk$aqd{J^wYQ7@0)$kxV>%d6#e)(6Wxw!
zp#0j#C#xl@9o938*W^tO6NhK|Z+4U{BjA>BYKmss)D8ag?bIe^Z8^1e`#r6y^_x;p
zgBmfQQbkR-W18=5Gtb>+Z+mVm`7s%^6}N8rb!g~<{iR%RR5V<o`|=V`<zL_T|Nkew
zp1o|&L>`k>fl;NYK}VN}#WvbheOckjz3A!3<MPv^wq|*5PCFapCRF@Zp<%+7W~E$c
zM+Tgk4>YrwY&dtMQ+R32&Z1@ItlVN#wq{?Sm0)wcPj>PoRd1<6&yVtqEld8_`1K<d
z#4$b&;Yy1|Q`GgQy}Z2q^rNHQskgRdK3iM)`PocSFJJCOu8Vi3otWSlSMiWlT=?i0
z4-N$t<%MptARoXyvqY#7)c=?h+OxaYG<ca$+S35#UDGs!kD0wTIeYxs+1aZ8^K6!#
z&APg3<`?BzVlLfme=SR1OaLth-*$I$+Z=xe#g{emiHgX1ya_x|tNdnH+1spbGqUVX
zK0Mrh`fmAsT~IqEW8TTHudm;B^SNzT@nHdvwAq<0JBy$DW!~Abk@Lr5*X{e(MQ`_0
z^O=!w+cxvWPZohm=e`SqCl^7*9jNY7@KA`}mb0n;f1R+aX#l9nbF@oz^8EULk)SmS
zKYzd9pR2m;V69WQ!~Du;lAC|6%yiuHf@?)yy>9HTEo;9oHGD4Q;9+&$JOZVJsbC3N
zW14Zn0d!7|%VYWaKZ&1g{breXPScOi3sWmyy>jl-^z-v3X@~1oe!H3OyZQg0&;2(q
zt;%%VvL<F{5F4M2hIZJR4WGAdd78k);mK~zei<CI(A*#}{lL1|-AlsP$AP*cUF%#{
zEdZUvnR;P?<ForxGU^+6uj*B~_sJOkRN<Gmlgat?^?JN`ZS3WyjFrL5`#>$vtn2G?
zujghSKL~1amhmk^ZgL*bWSM22uV<Ql&E%&t^U}DzRYp}`GA4_qyuY_sP2jx0{of}d
zlQ$}Nu?S2GZ1KJfi+WHB>=0$NJ-i}aa&hRk+}mopQClXgjo!|dzfkGZarycwfs5T{
zUf)&nQVDdTQOUbImQiUJ);V)1sK`FzI0K6hkQW__I8;=`OxG{TEByQS`~At6U5;G8
zvLevA>iaw0tE<ELw@p;@m9nh=w<o6Z=~Oj^{(rw89qksp-`w?1p<zNv`}_?kN7Zu*
zT`2ByZsRcw3@QDcX>xi~>gkjt9fF%mUS4{TTlM9I;?GY{C%?P9d-ip=KAFr#r(Ttc
zyccrtsJg!W3(_$B0d*FW`XzaqwpCv;u2ioHOin*DLvj0^qVAp3pKV+du&_zSqClbI
z{h?Ow)3Z#omjo<y3f$f<y#&;NcvbLx9dambXl=;To@-yfZ%g)dJvFDIQ&TiS&83+(
zl|>i+xyx0$fI4uz(q<;>&(1dY|FR1-5q!yAs!)!xWy$B7CRb#$Jf=9@F`iUqW|)6(
z&!<<b*SpnbXCGJrDwX&BerJ7hrt$L1%(u6;K6~>-JibP7%WhCjxjx>0WzbTtdtVe7
zTb8iT^_q^7wtShY)IJ~S6gH~(@Zdr2yB&}DB+c{YoXlLQx=>^N#VwuNlD!!eC8O`%
zK^nhiU|OeM@bD1p$q9<he}2E;e{i4Ae7jgN{WzV=%Y3=_fmZgfjM=$qOU}(pUu%~!
zKSZ5rV_@Xi(b3@M^7iub{+e$$(~I8RFua(%Y*wFhID7H)bF!P~mAt(b+9jfyROHTf
z>g)A*ee3dfCT5uzJ2riNb#-#->uXiPQ+~tN0vtV~mnS04#BuUQ!81MNpxV&tu+(d+
z%X#^-H#Y)7_2%(@`RUi=>tna&+*F!h_iLr@cMm^hPS<Q%lZ**}zFv=iwkK^t2E)9x
zv$H&#*?1>i*15i;g~92PYTqFr<T6jA5!4BMc(`4)_}Ljp1+9A~(-$ve>`cwPw50RO
z`uKP$^SqqA>St#pmGl1p`~7}_<m&MC)BgSaJ=<fw$a?_?kE-L-zpx;>Q3u#rN=!E;
z9qqcbvp8MYG&Eery+=YZzV_?XH4z(?ma&-S-b%UDmvd)_Va5IQd6jObrfRF_-rmN$
zPt5##icjy8v_Qp%2|Zk4Qpk-KhZ2q#(}HZ3cNRVMQdVM4S1Gk#xs0*1H1qDRtr-Eb
zcZ*i1USAiRHZ|ySGs`K^I*!@q`Jjt`kKeL+C$7rGaZ;mkX(Y0ze>65M`*UMo?d~2~
zYqJ}7qqb(vRImZ9B>k}U%gf8BUtV6W8oR5c?!cp;c1kL??~|-J5KW2)s!Wo`X(s84
zp))KOzNqxQd#dWig@p?&Pfyb|zMVT=FIK8%t$V-RGnw@7@9xe`Ff)r#X_&BuW5O%s
z*z8bk+*kX1R;aCQ_YCcDy`7J`w38}-v%FuLZr08#ttP4!!m+RZ^I7xL?((%NpdSAE
zx3{;ScbR>6cX|G*+ue-UI2BaZ8ZTi*_SBJ{1~=EMq9^PB|24m7s~@{d#Ms&?f5}UC
zlk_JS7CJZUtC#3)DtmiNjpO`be)~CEWktciITTdhCVP6LIL)f@^Yio8@8&%0xBmz3
zl*rfpP+aqW)}kjbE-o&*8X7+Hy8X{5!kdd$M#pQu1GN{o|KA{oNCFH@eF_2Faw2D1
zm9Cni8LXDkpLaOa@aLb;=h@@6<M!;(iQ5y=C93_5W4ED_5fjJB6FUM?TGcC^9{l}&
zUtBa}7Tc3YN4pcvmR!3QX8LIV|G(=k*WX+pzkh-6@jhAObd}OjqX1A}3)F(VxY&I;
zmwjFqKV!=hTbWE&Wak(vE?_J(dFnRTs#GQS))vE^=|y>;&YIu%`26f_>g{d0iPOKo
zyBqy(&u72P8ygZol#0$-saZAoviv&FS%?#Sp+O`rcw(mU^3IxBs@`J9BV)H@1Q!4M
zcuYE<=ayOaHJzE(<?GJOu{8b>wcKy+5|>V)OB<8jkAG!sp5)G;IMc=te(pNBMeZ&z
z!zi`u&5e!DzrMUwmO6OV6I89Lsh-??-cH)&^_Q2IpKT3Z?#CMc``_>PuF5;!-P?QH
z^I5Vt7l(pMFhjRDQtL-yLKF+rPo>LCJd@8US!w=tZ#cQD^fhSj45*H6OT6@FVpZ8D
zuc=xGufN~_zb^1$<YKqpD^90sbp;$eq8i*oQ4-RuhIMZDicafp+?TuQ{d9GIxtp6(
zyPuq!YaNmP<HN(E4-XtC|56SR(~Hq~zvpwGPQ(U<o4Lgci#Zfj=04`uL7HT3IFQPz
zBC_Jyg@w*)R<Gpi{}kT*b#dQ<+TY)Tc9mpiUSAjcA*?euRX1kGhBc9!-MB=xL~=K0
z+{Zqw=&-&0)l4VR-ooyAQ?G21@||tgdu(m+m1m!xo=!b6K@oI7T-#M|jrt|)0<!Ak
z>i>Qfx!c?wJfFeI=xc2QD>VMV{`4?we06nocbBQUc(2B4rjM^yujiX}b8mIIX261m
zlGoRCf80XqQ>&M=-xgA6n2-_yY9t_P`fWlP7Z<gLtPb;?SMjJbVfX5=wUegD*F}b{
zi;*l_KRvF>vt;Y1kH_V=UuBc()&reG{qvF)a?@~;o5I4+lLB`~a!Jjzuixi0%f$29
z+1cV@+QrY#fcl*~U#(i*v|ha|mn-l1(v=PjiZi(`>{LZI;f=zB5XF_Xpi5Vt9%|)Q
z3-w%Jl6NOU$}C5tSIU%Y-?H0Lo72zhrJtL#k(o31NC$(Hk=ufuDB}TtTpmnxmoq$A
zA7a6F3e?*<JxzD=%HZW~3s=PK+;sC>)%(5Qe{oJ+{kv;I$=2TnDEa)Hib3tKlE^(3
z8+~S*>1Hfgrmh*Zq+^anq0*TbprKs9`F6U@?0h9@=^M1<7+X}DnUJ%kp3(xx?0L1{
zB5&@g+<fxj3dbzH*j*~ZYCaR#<th#s+FtBfvo-trG=ICFDrc7c|MT2l&Gv-t_dCKh
zvA-{E%Z<LdC3AA}o8uFffCf|*k)yXjuyJ<&zQ}*S@Bg1w+?INJ+Emc^!@(xjrM|Px
zKE2(3-)faQsF@7v=3iXo+FZsfXA=QxJ2$iOa&0zEKQ~9sf7!DmODsU=4*j${<OEJM
z(1>T@OgS;Z(QmGmDm%a2l-=)kdGpEJ={!F_e|q-1oyQ7)N=TbzD4d;bKK<9%*X(ca
z?<`)Pabd2kby-X0*2v9ipDsA_pG@wzZQCB}z@Ye&Nj*^sIX;<KN=oyut%>~fuwDMt
z#^mEq=9b@^IMX=Y>;J#MPj|oHS1h6tYk76W+P}ZPa&PuN@A*pX?x9w0_W0`zHlQW|
zXnl9zE9PS=J`9Q{Pe2_EPP7f(9B1a)M&H_=ufMbS`LtGUaVf*H?{~{jYp>s<bai!j
zd5FK=uNTTQ4U^jh_byx-yxcEnkqhU`8yk~9JiTA{+t+Klp00bJOks$;0UO2*g-IR>
z=jYj`?SA$Be!YBIIPU@DoErv{xm31H(GK@h^PQ!#{a#fz&)O$p69p1njfAqUAeRsf
zER$Rnl8^PM?dY5LmPhyH<>ls@_Lr7=i`PUlv!|Y)7hCoH-P|?Xc4~YDm3sZQ<;Vk5
z4qco(RR6j!NG`uq*xn;;?w7a!@3#&6?0!C(9JJg|c4hSTybq;sZ=crRucIBl&c{$(
z>&P?)C!=k9c1j}$yN+N%@Gt(iE4bXwO5WU6`g%hhX#Z-OYte%Pjfv~kw*+N!N=#ks
z#GoiCy2b={MF^+}Z+syD(y3}t^uz-+Uf3gHsKnF3_Tb`+%~CcRTdu5&jlQ)lSDWAd
zPeBR8rB%8t0+Y5SED=ObPe<AsW?!n;m?)|pc4C2JbIQ+8PZJxq<=@wvW&LS({yxs?
zzrE)7Cfwa!etL#sauV~D-7cW3RRztokUKpJr5rmn|F#QRRef18MJv?HWUqUMW%;`~
zDQ9Peo||VY{jDl#Vq9>$S-EcygVUsq$Wwca94=EEp6$7_EqC^lQ&Y9y*v(=tK0C`a
zXhp!n4dBycH&2RO;xTc>E!W2rg&jQH&h^bg$!jc)&FuVMA0Hj{{UD`2P0BQD#uPbF
zFUR=(zu)ht&$F%W+9w}%YiqVTC?BTJt31|u_n?}fqlXa>a=ZP364U&ePo07h)!*Oo
zM$J`r=L3zZeR+TX{zTiC7Z<lbIX&HfSNVInw0K0tdVIt6=VxcD2QTxPxU=}V)h2t1
z)(I&*;N%X98%7R?1EDM-6<^=p4xeR`sWj6lb&~!6KbKiHuZ-DQv}daA@)FSEnl$d$
zOFSnZ^10MtRi#$+<;BIs^{-E@a?4kpza-d3;yz!P%G}q|I-na1K>clS|IUVq@#74=
zSgVthRJ&y?i;m=Ef=*XI9Hu$9CGYdIvuaC^FY}#!=**?7R}&Ano!pdq`q9kUy3uBn
z&0Ls21<Y}0P<&}KKS2;V0Sc)G>?+Bue7p7flCZT=LHlYdUtV23ozrXaf4jOrJCsk(
zwXcseN<XLb|IcUt8MVK^y`8)&bhVmB!`GfCS5^iu^_gkZ_h$0_UMG)VwJaCvk&;)q
z;DxvIVt17Yo;|!`qVN2wSDMNy@%4X8cfQ?rTjuuk*?GG>pPiqdf6k?C8jqyWiTL`z
zsxL1u=da%DH`nUYGGFP<N2flrVdC(7{*$E}CB7_~KxYwxDjT`VClfd9d&%{>N75K{
zS_Wse?M4TidCZS5@hPgrzOp!joM9VgbG#^vx%+5UW0O-i*Xd=xv%L<t@g9zow<=j7
zV_S74=kZdDeg>yYm39Y}ki5a6;+1f`PgYI+aT~9+&yg@*ui%YIu98M69(!^Z`yH~V
z`%?jGqU`y4EjlsH_Wz&HY8e-b&)bTB`^7F_qX1e1cxIOAY0tX{rv3M4P&^rcRy5uz
zILvzqbYq-%kn599Vf80x&F@bE9l9JM<)_=Zl;L8{#MNPIg=+1$tO&TadBN-J>&vsI
z*W`*jUAq2m`Ddi;kf*$0b$L6#yjfrXvupEJ5uJz&9bU_)%`{G*m0(>ZXS8Ka^mac`
zr#-&zXX=gDw~iM*J#})SbNifIs`0m5Cw$rZ`=t#cT{PV0SfOzF?OIvuvMHcGai6TU
z8t6dmgISN*HWdcle|Bze_NB@*GmX{HthrzRKekI$ds@P)Nk^1+S*?t(+sdl=GW`7I
ze57Cu7dkOTbMhS9YBSH<`mwv7?AWIpxyc38ga$RuY;G4lJEOU~{QWc;%c7RO;d?3y
zK~=lpERl3U2M?>$@)3}oYY_i7s&HmJxm@z{($2m~&-Tk$6f8JdE4lqn@p;=tfl;Oz
z0U0af_U__56udUd^!nH9ui2DU_P$H}#g6DlF)*?VTrdXBa)8G7j%{`eZpyGbspdPY
zW$*VVll{B8e0cR-3dI;(mTdmhXbQ0uqWgnN<JsBf-nX~qre0p=`|;QG83{552@Nqj
z3LJlZfB)W7E$^L()1|Zb4woVMonuD}Y!Xu~AmGlWO{v~1qqeTvl5tV#&DtYD%{!Ky
zo@XYk_%ieRB}-&&7R?9v?f)oj&ARGkaQ&&Uzm1}4)|Cm*&dzR^++FoGYqQkKN;OTa
z6V8HyJ05juAL+ap#XR@t)9LX`oLad+HA=<b>OUWk_nrV<UUH)vwDwnUhW)=E$u2%C
zL~NNjPQKW<G!@weM|v7Aw?4VJ*nMfp%AilT^Y<T3{&XX`-}CLQtxGd6FH3y?@~6jH
z)t~S8|3B8FZ0;q;*pl+eq7by49}-**3@kFf2VOdTI&c4f3KJ{WiIbDn9~WN9So`($
zb@OzM$J74&{Cv8NS6U^0Urpb$_vViUCe?km_>0s5|DeLSocm<`zn|`#Qcfy8KR37g
z`2N7fZl7K(?w>V(hb!}kl2=ze^Y;HO^Z#{r?OZ31T~~{5AkE4?&}PyS(GQ<f;}(?b
z@AJm)(+TCY=<LI7ypKx*w;w(?&o(-5-_K{KOXq)2_FzzybiQ#1u@K*ZfvHYyf@ZK9
zX!0lJ%nU;w=VmrupCe&+?@4VJ(F*af`~Rm{Gh)Mn`4=tMz31>ezLTX{0aj8ouqZt6
zWxBa3b@Jce-@UJ`i9Bo-u|Cc=^XjUpSJp<G#~ok4_gj?kR@3TlZ|=1`x)g^|UVRX6
ze0zJl_vvZ6segZcoun6Q6}c^EX34udk$iGC8lVFvQXU=Y?Bn;CY+asr6Iz9ysVseU
zWujT`tr;iQ7JC2s^784ImzS5F7kMt=;9+%KJOXkf3?xA}x^S+DxH5Hj`uy5!9IKO#
zcAeZ)`T5B)>HH~nwZBe$e0)6h+#Jh3wHY_euC~k9MS$v2e%mhrGyZzAz9=kluT79~
zy2S3ctQ%q)IKJPh7ks@MetM#^yGrr1GipE1Tv-{Mda#LgS+bT=x43>@o%PNY0Wx+q
zJEmv^DxEn4IycKDZEfi4up6&$$?yGkV`H-4yJ`Bl&K|!my)BVKG}sU1vV?f7T5!q1
z6trdTPT_G`x0+1QO=wTsr1K`&|NC+H;$5#dJt=2rnJ#tjmn-`J_j~)z_0Ki6!`JEj
z{`R)GWdENG8K+DAam&vmxptj$z{((1&`k7`Gc$v;uB=e3O50TM@KDjeKb0?UZ(slB
z)>iEuPA`v~TX{k^Xh}!sEvfAp^;_~mEsW~y=jY~L+EJK%b7OM5@a`wsvjryYE3==A
zG<j6O4K67*r=10@_b^I0z_3|sW$NKJ-b<U){VV_f{VqFKDf#uawQ5GMr|CvNQd}Rl
zc9!7b?{~}NZ&XV~tcc#8w<+(g)%G1H&C8TjY9D7=p)~%kC@*MiT;?-VsrdQ1-gK9%
zt3sDT=I^F%_&!ZPUeCFWXQIFTUz4vq&(CoRId~WuAg4@*#udU6mPJcWDq1ET>8SXA
zsd$3^{y&@URKMSw_<rS!D+`?b`rV{UEBN*>I$dh?JBYG`@QCVzZ#I)+ca<2f^fLLL
zdIww}wDZY6nOFUev)bEr$vU@v-|toPaI}Mp?lX!rP>SvrjvcoBDR+03K0T>Ee~MM<
zt0S-D_SO7Md3>yQl6n5U4c|etR83sHvewfa9~v-mc(z-z6eGKRf&k<8=M#0Jx2?Ik
zENYq0%nk1{UrkCn+NC;!`SaH6amMRkTY7eF28{<i<zIu`+IMJTxiin*2sB&$-~i*!
zXS1>o{o0;(R!TS{{p+i%AAkM5<gM?ytK{XAqvG)?Ar?IhPL~q-4$2@Ghbk@y&Q_|J
zmM@vtf92}&9Z!*($B*`2hj!vU8J)0J9Uc=JW`71Bv;}J2T(mo)3tDOfS|W1U-(L2;
z?b_n&vE?U&{cVq~D3D-mS#nsW$r35G3Ve`a^u2GGd&}hKi^ctqO4lYG?J~-_VX!h_
zq0^r4x3=f!7kQgyT{)5M5p!R@Wy$MU4|e2WdyvC)xSfA`GdsW3L5b}tCnve`$y%vY
zv6<vuJYb{c;5}XM?Hj&d7pz*A@Xz&|jy$|0;LSA4I!JkQ*{ds>Z?-`jfT!;5t$sZ7
z^Y!@p&Sk7WKcBZx&eZzurN-EjV&qsTiD*YKuqX&fGM<%P`CK;p`a0Qb2M)DzKLzzH
zS-HiIWLLbrwA3i;ibmw76weg%rC}kQ3Mz}crXNGLo`Lc1EUV;WJUgFGi$0V9+EZWj
z>r1AjML~j%$C7^q-*z~9SlzadK&joY3wykgNx8htcWK_;U6+=4POhk36Sj8Nm$$dW
zLEEaYf4|=?>)=s!arGBYL?Oe##HU#B=SQJt;Gz~8>oT2ruDhHpv#;rBhOP?P^W7-z
zjE1`ZyeT}AMixudX9#*RD4wi9Zp$&SEOK)wcF$UO!gsb=>)pqfmU=@Mq9yIARu5Cp
za=TQ}#R<AV>B_RdzrWA+%elKN6m-3rNO=bray&OU)PU=a=={A`_XMs8P}GdsQQ%|X
zJJ%}IEborSV)uT&-S^G!*C>N}`nk8a9o?LKW`^OW^z-v7N|TZd%ss^#LqsQietv%X
z)z#sr_f&p%aaBPXlN9KXWfYwZngGxWT{UBK*F_CpDHDUHjdg#2C7#W$^XNVC>)-G9
z$9J!tH}lGCY4bc8-pLu4*_aH)CuvD7_nDc*l5$7%_=SA8FSmvMUOVFJ`g=>-St-yg
z#mpWN<lJJ>+F)1xdY!%QLTg6mZ!b4*w>!Ko<Km$X@7-QW>9W7Syi~rqIeq%Qz17Ee
zhc+^?f(nI6_VsnU&n%Fg&3VMfW7UaQ_xJA?oX{AwEhp00<E#3HGkL}TlWyIq|NlGw
z^6|RAzdHZ<BIodi$($=T%(1E5RO!ZlH)&N<(EQA`dVOmmHafBKN~xTluHWDOaACXL
zBtBWI6V3c~65sBfxBss*RV$QBuCmz3-u|{&sp87}Wm~eYYH28JPCKim?A~Y6Y!vo;
zQ}WY<mXtLf#qvo0+s*l+csJLnb+Nl=Wvq-UIhcN=Lr~Cu`}Y?Yoj*N2t$ufRd4GD|
z!6w$!x3{(~THU`e_1T%3i`*ZWyjMB8lVy>XihHkAD%&D4(Fwn{|J#v!I;-ez`vf07
z&2>oqy#g)9yG*OO?SBaiO!-wlT`x8$r|9G))zo))b{1XsHE+Fob&A3)=TDRU?K-cg
zE%%%2vui@1to5=Vbs-(HjVm}kV_UDJ7U^2O2uZ07bzr;GI-%$8fv0{*iS455f~KJP
z`K5&(;D*MfC7vhuz4W*Ls{(3h%GdufjGGIZGd|eNo_b?L;>UZt-)_4NYIX#zi`kiS
zzneSR|3I1IO6GN0S64k#SijC`)r>8lH{`t$RQ=z_aq`LLM_x$bRW5KLVWyT+X=%{o
zS!<%UYDIFp<nQ^|_U7K+Xp^b#ci>CyYJPr7%%5vn>;{@?s{j9YyY+(~H@u=-mvp)F
zUS9oswJFnTJ}Z5ei=OX(IC!W{7rBl!8nL6Z!S4C%M-!gaT(?l)75la5{7)$t_w6e|
z^Jr^UYw4L@J+Ur!_aj9QEsOry6+aJ#-ELX3&gIpo&0QY7$5yeI?%g-l^c{nv$FIaw
z7u?})f8fvbYtMQ{W7A!$yH4sxZ&UfTr~c(7RnN(4y)k<#4CU5LkE`;$wA5Q&f8UR!
zJ>S`Qz>5tHW(sJWQ%jgVAw+QH{g4$MJWrMvmR*0lolh~-J~#?#RYidqV{B)L;mZA?
zK58MLslUg^dMCSfiyf`ropEu|rktBbJ3k(ie!Tbkx>)PVCllS5L~YGF_sZnj5#@yL
z2|O&<F1}r(rSx~3kmQ1{2`R{z$ydy6Sm(2<<4W$jPSyvR_xJ6cq8A$#BGERDSK4fb
z!<^UG*Y~$)zQ4EE%^_=oT-RsL2(d|0Tsxw-=c#Sz%S+#TCoc23a_1eVmXs%NRv_)O
zeIUoQt76IR7*mG+XES-0{NeuMuzlaU$j!%&_;TvbwJx8QbhK;c=E;TK&t_ejGijBs
z#yRx_PmfoXCzM>fX2iW}jNb2(?t5k}hv#$t3LT_y*wEg<cI}G8?5Gmcz@v+&<?sI+
z20Bgr=FZ~uJ<?Cl%)IPUboIoV!tQyqudG;`d3o8^;|@`sT8!RKL6>V@Xf4t6e|>7n
zeQu{q@0A<=Ay(4V3tm{eHh7tjA-C7A4NFpATv%B2<wYQ9yyH;9i=7^^dt-K$WZHOu
zPI<K~U-?{1^PPgg#t9*eE1iP2Z+UfUN&I=&wq25nFZ&$(ry}K?Zvq!SPueB4GCIa|
z|B}4&(B2E{<Ly6}XH-7wRA1uOD|Km4<>v}>{m@lYK!cy4BXg^H7EfIv+!5iy7N%S}
zVMW8Dj)w~tb|oIlK&nMPa5o+>-oWMFd#&nj>GhK@FE4*w8ozzbJnQmvOISH|wZqp<
zX=G;adNyInj&=tZC!-DWv#y>fa938jYy4rO2%;`KAjh<D^(5QsZzj)GOG^#6fQBG)
zYUf%Or|p^j%JQ_BZqyIEdtJ8oI%2g2IX&+(+t&Z9nQ4+aiSwuTPkSZ~Pd6q+72Y7v
z=`+tJ(nK}kU=!<E<Bk7hqh4KEshoRj%fwq-v)lLnJFUOpqm@ha$$>`Zx+BkC*}1Ez
zfJXj*opsJAQ40^=aPmh6m#1y}D)tGcSBzMh;#3x_Y(6zjSGwoNv!iyG)FIidA)K=%
zt$0Vt%b*Bz|G8GGm7ktW-2d;FcHH;s@9%Pzc6@tv_4Mito7?L}xKAF~7FPSf`ASPa
z_wLpuU8QFiFFx}%pNr*>g9CH<%XRF%uiOOm?JMTkIe~`E8p1iAoShxcCu=35ulwM~
z$H%Fsr|B-582NbG>UF!k`sD5PW*Vh_;$pl1Mfs>x(B$4eDbub7BTgPcYfy=ES4co$
z!mKl);W=O0nHcqjF6b}&lK%hS-(}TWN~OQ|-2Z&J>f&{1D`JnQ!_fyfH>W>d$_5$@
z_cfU7HC3y%wC2%~PEb>Rra@wpd1J+%a80pEu3aLAFYUfWv%2{Hc(K9TV^zbI+GkO(
zuC2}fmzH|$vGK%rteh{Vt82+!UlW-er|hrW%nXU#2Q^GuT;jS>DP@;3tpseDmaDEb
zp0G;Qgnj9|k|jI(9lBbdh=#``R!Nq>-~4-5-u|Oy949Yy?6@^=9Ye6f19v7+jn@9v
zRDY^lWpe7J{>2S;;GEJB%`rveUgnK<1_lKNPZ!6KKqt@?+b`=7?H7K>K0iNy8Z<9>
zZR&aZ|1rP5z15yy`)y|Qu8z5d97{YrUTxc4^z_usd|nHA$$Fhg(Mh|67HjYO6@9*4
zQEBG-I`sufLFYMNckQX$eDc(u`|d1%A-yDZp$n}7v5{Bw>q<?7`d7YqzU|rMGgGyv
zXKa|eV=1hQFW+U&xx~X`UEJQNRbgwjrfP?a{hcl3cVN|oD<N7|oTb*Q{XDo>6ciSn
z>@A(W`q^}@oS$vnu(W$laluRL62T|$cE9JV%Ud6{)ywY317^+GU0XowN6y?(cJG_f
zy7F*4zx8tAh)GFI94AGTz4tVQDoT2+E_!r?Gb}FW3%Bpi*$wM1yuNecs>fVuc>89K
zv%)*Es|UmnTwdl2T7?%__vhpBiesR|d)2&F=jATlG2Nl7Wl8A5CviR}H{ao!@9<8x
z_uQ)bU<HQ8|AHKM)fR)8;7+qZ0b3*JGTt>7c3&<yA6wwi)^3z~YK9I!uarqg`id^!
zyS2wBil+ZC2+|gqG;xymf_b8fk{p{3Zwr%_bqb!RxS+A@+4=eY7i7;@Oz8s;K{tqV
zyt%V8Sjs$4$GYqdN16Hun>qINb(RGW9QNdWdv`Y)RI~1_`ud59DgHa7V&>xCYdJi%
zOLN~a`8pn$$TCB|uY}tTT&p&m=gj!ily!C0Nnw8*L4S`dtKH@IYt4HmaGhJ`JNwkP
zx3_Ek&Pm^O_qg@KU7LS**sEJNSZ6ggD03Rv%e)lpf$Xo77rx+NIqU4h3k#hSML@&h
zo72u3-H!VD*?P;1uanh$mBjbDALDhp<mMh#d1GtP^<#P$L|9}z8-70Y*q$H)j?5o3
z9KOH1yVRkPNzFGr<6`dW{r~?}+bCMr{3x)5u3kHSWzW^pmL<LawtU)<y>wk~>;g>=
zi%ATh4^PZH2tFf3;DaV;b%FP@Gc%vgum8uX{NdZ}{O*4__x4!&c*t3o`FKs!(RA;Z
z`>JV}UnZ@Xxj25U&6}u|*~#J=Tugl`2mTZ+i8g?Y4%K))m>M28vH1D9lc)9f%eX0I
zUt4o&Uv0IdO+~?s32Q=EPb+zO$rZG8biUB%wC#eE%zj-xb$H#>U1nvC%M>1XFrDFd
z-^IEZ+&??8oMqk4XHuJeO}(e-I5II7&Q$Z2dU=0;eSn7_bScoR@JWw!nK(S9|7Jc-
zyzUh%z1tyJpg@K3S-bMxra*9|^uU=3G&~y^e!Nds`pw^)o6}XRzr87Xc1BV-K|RD{
z)rKo;H-yJkF6Gax+<h8kQZ^owTDirinPy+}Sm@N+wD<j$m6NAv1Ugxjy^&B;`Tq8{
zdg$sfQD0%FkDygmy>?r12DfA*Xi+j~iT#TU3lGkFe}8|xR`@y{Evc<6cAHJNKhfX+
zM@c(u%?C-<|0UvznTyxs4sVwSkB)YO#=v$KJamd!FKwEo0-6K($tgOis;=nzy4XqP
z`El}rpTfgIVSO8CSi7@;R*03pzBX0OcNR<aUZf?|2d^{Dzj<|4=;WuTr~mGl@PAj=
zge@1Jhsl+#y|Q&9w+SnwyHG-%#U)+neqKAp4H*}eB<<_==)~+WSaZDJ{@;!*xwpf#
zLRX2@#9pq?aF|#3_t(tabt3PDKFpnPWsdp#eZSY8nQMLBWsX(dpB<jdZtW;cE_Sde
zQCf24E!Z00m2+eG8Mg~2)a^K%e1jWYIK(MU2-wvRn#)<}-2UY2^?3f*S@UcvpL}?D
zn8Q<_x54GtBW=aXM@Kj>rhe0n-q!MPN6E`cPtMPe2MySR7AJ!S%LI4c1BZy9q_--^
zjt+*;hh5Jd3gG~i6(2+z%iiAdytyg$>CE(boZqrPKRcVIT6B4tZ(^;iWzmu|vrN6O
zt&i`Y@a2kz#}4CtLX#Soe%qlD;*oZ0il+&C-@Cu_%=6=1)@=u+f;^XFL7Yr_N(cTF
zOx$b$*)L?{{GeNZ--PG$s?X_cX_?j%rcpXQUV+skL(cR3fd$GRIevI~uuZ!)zxG=s
zXx=HN{_j_|4z80oH>Y>I&ApVe3Y5`ZoR8vkKTl&5EBC2eTeCrh!$G^ND}&u{ZOK&L
znth$`_48(aI}I%bas9ZQx?;CW#)lOy_WkhkSmr-J?%aHP{rbOOr-Rnd79AB0XK7us
zZ`u8I84=00#*&^J!M;)1R<*V7SIB+|56{jeecR^WsR~^cGV$u_@a0ET*7Z6!{5&`T
z+H^ZItzn%@+Sys5zrMT_-t+Op!^2M>9Bf|nT-mw%m{jJC4GSZuJT$i6R_Aqg_fIbm
zF|7~}&}IhE7-PxHOR77RDnC8(l(ebXz$0bi!6mMzQ~mv2?+NuVwZ5sl1SMZz^g1b8
zzVL4U5<jn&lzlZn&(!ala)Q&qUMbz(7aWNV4qlv~r938g+u4@!i1ZqMdNSGn)b;p!
z*=u(`pSRbaWgOJHT+D8Bu-EOq*MEC?WX+qsG5NUK%eCj`TAyAKxLE1aim9E+OY>Zg
zRc#4cp&?_K)N=E(eeyA$lQRsHZ+NA?DE+lPFZWum)ULljoB8b~fbM1$xRjBi8@0vY
zwiRgclJHye=xsUA_Fga(+P$vo>nqUazT&<A(q%HPFaELkn(j0AD;F*qfQxbm1-V9}
z)Kj3%3QI~}UOM=_r1aB)M&>m3_ys;Q3>?jJZYaFp^V#o%somzk#tUjxRr=*@wLoXW
zEz<4-ZCNROea-XS97|;>Mnw297A`;Z;j+KIX=Tr)C7#0h(pfQzEAKCQd5!n4kmG;n
zD>a@`C9B)krR@K5$@|kO?e#NqFXr$2nP#In^UiCVF56dklj>Y#4b7pkDZ%92#v^#P
zWWnyQOrS-)msW*p3r{f$0PS1@4U?{k*=f`xGymp4NsoO(lU{}OYAh8_KG?*XHhZ<$
z-E*th+e1AvHq7<t28ZdAZ&e%TaUC(uzIFn%Sm;0l<3YV+clSw!d%U`Kc~9l%Q~CS<
zriJl--7fYw2z1KNv+euDe!042NT1w$uKP^#MfGRyIvU0N;CTLE%@|v_=lQ(qrt>FG
zIR{t0xxYWYWO?|47yF?D-QDdy=X3t|DBb5gnX&8IsUsVM%xBdWMc>wX7b5WL)xx@B
zF^%cMlcW+nnRPP_)Oe48mJ$b>3M|mP;Mc|@=`%}0cVVvDcdP9mOS<+p{(LA>z2Wdr
zmQ^7ui!!gS3jHr0*bA9IIH^?de((2F2O61|1}*h^_AB@HwwcOy(cANQSI;-gjrzQ1
z$?koR#O7sAZoMTeuBhUCr{duuR?FgNJ%U0LMYM&Fd)@WO`I;pwTE4sdy&3yH)3e^K
zT%tbVU+t|#8??mwWh|9;7C+~kH}i^BJHPz2n4Lv4?{B|Xwfg5;*Tb>(zu#_uCQx}t
zNK0jM_1y5C?z`j9^k)cvi~Bv1?cygn&MMGRA_|o($NJ^<r2?L>-F}ZN?84kCsTLyv
zd8hjtaeH=nehgd_v5`gknXz@{p1lQApSPwc9Ci1aGxgFJ!NzTCePpytgD;t{kC(2f
z2vJ<om^V!?R_o{I=jQf{-TT3d4EDGsAL}t(-5<53@0s<hdwX}^+_$mvbDD67dpFyI
zi=yZ5?X8}@!1nTTe}1;}oV5YIudMEVTXpe#$eti2<pX~@dS=hhR#f@>ruG*fBgc{{
z4aXWTXnd~!_cMJ%*56-W&t@%|*UvKrv@G-tJ7`(xqU{fit(SheTW#xP#CTs(CDvwv
z^CyqG9}nBrmYx=muSrze_=;=kw1v*?Ufc8TKKXvXetP}?zt?L{gRUhNz7)l}ob46p
zj+ZlAr53C#eSJ-he~H@DtNAaPZreJ^hfLn($C|Ob?Cq0&`+o)cH$t|};a?h3*1(<L
zKcQsdWdlhj0S{9qDQ%biBI{#!Z`<g&zvlnP<MM}%Bs0D>2QBsT1PuponSB0DNOAI+
z{GJIt&3|rXuQz3^RMG_J&WSg?WI1+pGJHPld#|W%Er)0N4@S_@RL{Xj_}=U^Eq>;c
z{02IhY5rW9IrYbfhidBIHY6U_yRB%qS-<;)v3NzC2OHDk70184nX@eO!im|o)!(KF
zsd}9_+AW@XexB{KgpcL-Yt@UNotY?|w?k2hJ$j}^*ekabov8{Bl$g%&i(8&nT&4tD
zDlg;f(9HYqx&8l%>-YWA%1G~%u{^VRqu#oVndbTPd}bP{R=jy$B>TwtcTvlp&-<RY
zrmR?PA~aQP#dY1bSs|udUYNPhwWw+Xo$uXw;xO2c$hB%w$4U;*b_*tB1qMcU;R_-a
zv&?*p)3QNTfJyc>A1RZJgnxT$f0upEk6r4M_t4mS=aM`1bJw?|9P5$vU6FM6_T8=7
z;h=?VmdfHMdKX_@1v+Qnvi4Vr%e<{dg=?<#o`}$LJmAVQLtd|FnzN6qht(0m8H|h^
z7SkN=9I)K=YQ^~@`g^}j+88;%-E`64mBGt{uCUu}4sJPpRs6S?hnQ~E6&V@7RT)QC
z#n=5*Razc}E2P9{FYLVb{QUg<PtRHFV(!TL_`5RA3e))zyge`WV(5V@dQvOnf~RMG
zaMYcw?r)|&d9s=>*Q{k1pM9OPr0e7q5xdR7PN(l)|K;WJN--&R-u2>%oT9ZKF07d2
zZ~wQ%B@U-o^h}+DonHR87U6JdZs^nXb)6QK3fjz^c$ls7`P}jz&cf!mFS5(;*KP;x
z#srNRF2CVpw>h}y%vRAFRh6sWRWmBy+}QYR%@Va`*B9O2a;NNe?xMur)gdc|HX4I-
zwzAobE`b70#%Jx`GEWtZ1t;+pwRQVkoO(QLZPZLr58YY%`X#0(U1JZ1unTg;UX?S=
znzGU7_|$d(UcQf*2HFdB=f*54-_uR3+@N95w6C@SUuITZT;!_OU#8M}{*A|qotyjK
zx1^ZdO-X$eu~Pc1-9<B&ISvg!AF}B0IL+3wWcQz^EZL?4^N;ymxGz=Vq8xhcm*Ra+
znGK4&SWNUwPfyc58|iZQ(XQ0fVw2BXiMcX+i)n}H%y{P4?44!RpL%-Q%-iuh3LL+5
zT%V-sy(DI5k>Knj>19V=#DohfW-dOx22^+<cjLMj_d0o4-Lma7Sy%V>mzz!4x|o}P
z`mP?{tDKk+62kdny6D$eSB=w!zHWb3(BpbhwnD1)>#x`A&8<JfdiguQHZrrH5!alh
zZL~C9>G7>|>18^5UiMV~@bmch?RLIV#s!6+KOXm=-R=nLUYwL(DX*}%>gyz($W1P9
zB*A5U2k$Z^mKdjopAUuHEl>EgENPzekSRFC;#G0OGPcXP9ex~bkC<|1WHdIg6<-p4
zKUv*hN^xbA(Ja^gyq7oQ|1JW}<6K%7YkhM^;o_Z7e|>!o9vlE22A#w-|K_%Y5?AGY
zLX)I=L;3k%Z`b9VI!V=gmhIz4mNlAR7l5l^ueVRCICk_hd_J5j=UrPZIBDg3X7k7e
zw||5<9DCGw&o^d+=`I$NpjGouhB~f{j#(UP@;3J6rKP<UcQz)so8;cQvc@NCrg3^7
zkE~V5wYAadx8MFevyFG@W9d&*C*<7SRT>fTxMj~`_Sf!xGLjP?gX2KiXquNmfgt0v
z_U<`P1%d@9@fEgspSkdH(bG#yz4bOq81HpbxRsm_nYWRXw5{6W*%-b#&G+ZSc6lDV
z-c!4>u4;j%`Erh)Oy9QFLiX;A^(`sTcK<W!nd@SAdw~Yy4nEpj{r%MI_51Z^b%e%W
z)?E*;UYGK*+;M66`A{w2@^Dzo65~G)*tAW4cwSu<dUl%q-`Px!5kePqmsf=avCf@(
zhLQ8;o|>OUpj&%te!X0tW_~ZW{I2MkssHX2pFg=Wc)3gKvb(M4b9Q%HZMTi*JPF#S
z@bmL?*TrF=;`fZUy5Agw=%}x=il3izePRfS^PZ(bEHNMlD5YB-329m4Ec1}bxI}!C
zTI%*q$|qUx9&u?Gy3oq&%W0H!gk$rG#Bfg0zQV;@w`E*(`eG42->&w}uGk3cnlyLT
z)ymRer%pIC-+up3H@EFOzP-6=Trne#-zNJ<vhRgeiTz)7QdN$En>s?#E14P1LEWd5
z(dRaZD!$~g-*J%ZUwvWo^gY?hTaL|V>$~K!=H;cOlVvQ6PTa5mpQ~_fMWFL6^L#yj
zn~yG67PzhU4>X?9rmXfr8+@#+q;*-&qz#~s??<Ek;G}fq-g1nzToC-@|IvqhpLSGU
zl&F`A2nx3ZwO^r=0~Z58_h6ijJo)PCYWJyGCci{Nn=@^anDz-xa_^U$+9j&Z#xHq%
zX&7k1)9$jhPtMFVR$73qS_xehvU5w?*;)U)7dSN@c*+^`>iYWoqQB~SS(!GfBz%89
z+pY2H=Y6`-+otqL8qfNoB*m|ie{YYP(dxX+-m;Cm{V#5t{!Ll^fwtnx877=-<ZQ0Z
z36x54-@ldbta9a9)9Wrim%(9})Vz{|ak@Z4-Hs!HGdLN=g&zDD7q>d=tajV-pNW6f
z155MhZ8>TcOP={(|Dv@2->=mtCrfoFrO!`F)c@Wwr{R4|%99m(@t02>;Z$*67rlL*
z;7$<^hX?g6CV`*-{QP|K<FN$|3@kb72~RiQE=$h1P|os3s$R<E)tQ;bi!Mf(dN)2>
zdS`F-cF;z<egFUco>8=QwZEb1tl6&Mg{RwEv?FI)NPSrDF;Pj4VZyp8LEzD}3p*DU
zyF70@C&&frVC?3I`1xkrX|`J*^%<>?-9IzaIQ3YM<TLJY-;ajr=VT@aJ$bwRzTea-
zW@TSa?pHn(Yx{lbgg@W!*Pq>X?fd=u`!-YN*;bo5=DW_CaO2gHi@6-TrpE?Pd~qM-
zjsM#gXYZ1`I|({=cf<3*tMu)2w_TX_pCdxHURd2v<gEBl&?<tJK}*jRKl$?V^3%=d
z?IvelUbd7gV0EpR=;EE3E-W>wDyHsJ+*a?3@zhmZ$-Wpgr7CnOD=7*zj;R*7LyhzL
zp76=){%o8e??iKcxR9;wC*`fksQnmRVC3F5t9;PN-ZSCOzS`ZOZOJaFy<vSPo|K&T
znm_5X-F1uhhV?Be2}j=-{RsB<c$L+icl&bw<Trjk)jRDz+p)~?P?(?*6Run;&Zzy>
z?~9O`<AJ*@6)#G+|G$%0yX0~HhX)7M8v4?t0vK0XUIJZ6_w&hQf6$cE$}ZJQc1u@X
zyknyTO1{4gem$RGKPx}eBtGTcot?gQvb(!vh1CU0+~sF%wT*RM>TsZ+#e{v@ImW+D
zpb5)GjO7{v4Gb)A)Dn)TZ@+7Hab7)#i_yQ5uOI*X{QT*%zx_#H^Sdcx3MLEA9ha|v
z!%;Bt%SpkuWS1_^A6_12+1Jjzk-lCtY2vdkpRNtD!s;82hQ42VJLaq6tf@0Z`g65*
zOljac4qErl%<|>+_46EFTr7)x9WFbnZc}#suYXPVTI2ue%=NbuFUQyaRo#BSZg=Mf
ziC^VG-y-(rXWYKH!(U^4OU~5;3jMa<BAWIHSNVs>+}f6#z3t;vjX)<*UjnqsJCtYH
zzS#M9w@ElF?^B*|>Erh|o6pah!MHi??4)mRZ+GYA*FKw>F0=K+giCfm&%Km;wPAhB
zlDg!@@-dm0mrZ44W}A^;Xq0jyVYc<#ITpK&RyGCYURx9$XUad}Ux2~`SElIgd7^(W
z>aL0U(j0W&Ws}fL*L>^E{+^txYJPq?d9azi_u<0&+ZRDIgEP1IgZ3(1*uPlu1JgIR
zXpgwQz_+)y`o;?jz2n@w+$s99gw4kz!k_L{zds2+zoO=Iuj~)ON!tRJO!VMf^5o{m
z*xhB5RK3L{tx8r%ZU>D_=|pckV{_hW<&q`-ew(DDgZvJJJ8klrX;k#*N8#q>HY+DZ
zrK>!?wM5%Ec6XU6zXYS>%p&n%W~O&a3z&kAE}qw)qIxfOU-9m(zf>37&G`D_;^CTy
z7BxQ#GH-2J$r-aT=_uFby}RG<i@vr#KL6jpU$56MO*-1;cEjfDmEg4H-EH^xKb;nR
z=C^#^kA){+mOVJYs2R0og`oXZ?QpaAtz0|v?(Uj-)%5Qo<1g<oWQQEF`}gDVrp(J~
zn&Io__{_Bm<r39Ox%KPY?fkP^`|A8wNL(!riV9m7lNqL2_v0aZ@mjXoyZ`_D{rIl^
z#=6(7o_EbR{%ieoY3h+nOTF7U-9#tMHqSTXKU8R+FI??k{OG0l%2S}MTLhYb162~I
zCp=zwU987MNU`xrpFOX|@^1O~nvbn_YCfMWdb{=dtS@qYIw#*w7S27sY>MEAsS~d7
zFL)xdoa1Cbbm>&J4M~&d*cI@y+;LOb@W^kT$M(u|*58(SPd`^v`TbG1{;USkU9CDB
zoaWu&nz!%YpU>xKZ~m@jv;WsC?Z`b98ygoTxu4g0c_Zv1s8J@(D7t-$ZuGS^S}%6~
zy|CZ;{YoXH`hR~eZO@Ode7p5}kHr<;1yLoe>m8ff)WkQgivS%n|EyGWOVwJodl!;r
zK_eHI!An)Qyj}8Z?v>ifui}GNul#<ueE!DR-_qYdo2~qQ<sG-U-ihe^y{g{RbPTm;
zO`PU$|2IUg@`<4GI#c`H|Ns8FZojB~7&K_~=H}++Mb?+91NfOvDo&8OxHS3eqodtw
zwsY!cF4<iwWtKBz&a>dBvz~m>4CQ&eY#Zp9orWu&PM6BgUxpkB*&-P5vG~mm!;=%0
z+cWMZ{{0r;>K*e?G(1Gks^mn6l5KtbrWDW1ZVo3_p1AzkyYcGb9VfQ-E!zQFZnskY
zhxI$#&(F?k@6wvC9j^ED?e_a;R;47YUVCeG(u-Ny>pZV42JH%e>HpxfZl1i*>++!Q
zp$lh4{1+0QG)pD+^Szf^d3UlWRq0<aT)X&o+Si^{>pn$kg7#HvpFiaiZoYokE3M?o
zY=)ps3{#h_<Zet6-ZAGz)rW)Zz87|Wd3kyE#+C6_v9({Xp3Jj1)!P#@Kj^U9J4snk
znV5cVj^N)19`8=2cuh1e4D#xE4O+=$(e4nFIQfcJ$_j<xiz@{WeBIt9D4H7;a%b<a
zSF1NA9ApY~TsE=e{oe2QHt=O1;JLeM8Kbe&|2}P%P?l9UF8*Gz<LYmgBYo>MUfmCm
zt4xi!t+lP{+Z)Z@Wp9Q4{<&P$$$9dEet`3DNSr1)1%1BDD`OFGYP!C>zlYk_xCP0l
zBDQ}%JIC^}O3d~kliH?rPHcac=Ds|<t8UusX({`sf(`<ZK0W1&`O0+nyIku(`^=9m
zEpKqkE_Hrbd4o4@({Z<WPS5HIs`t2r)o-<A$}<TxIDFx7(E{y|&k5rybqzeP_wxOP
zMM|JcyVJPeoVWik^X=Yce|z1nSyzqHWt>4?DUDt|@8q6;zh0m1dXl^SuG;=TpSm->
zx6jBr5^ifO8ujVP$>eR9udNI|-eJajX=0G#%qz9b-@R7UcXm!{*>~b<@swS=W?re@
zH8u2n`Kk%qKKG<7^O*@+SLv9eHOKkC?B0uRrv-l4Gj-ZpznXJnXYulx+joinUbp*Q
z5wFp__SnZ-r`vu-d9c}SQM!9dYPy~9@lO>?z~k#H-4rwxS2mWE{9c)t$on_?^^2cY
zyptBEtAxJEJRqwpsug0eeznJ)9fgZcvaV=o{9~G{6Srpv=oq0*>F4zp)*lz0By}{}
zb?&+;nO6!$*Mrs>oV~I(Iy~#z8cnHycPG{7n=A_I&YOJoMPJoB|K{*sY4dY)9`1SA
zCVeQ3dGf3Bpzpq`>KFD16=wu#ClublykhOzsI5kx*SFr63h_AK6{)*R>*pbE{TWxI
zL|0bzT{*jY;;y9C$t6cR1fTV+x4XaMz3GI>VrNZP#Or`|gX~$Co@Kg!Ti!=r1OGL=
zYr|KCX#RZA%-^%(V&Ux_g~`VHOwqcfub1X+^wVINx^MZmm$s$rUT{@A9h_6Ly6n#H
z7nKL@*Z;p;<2l)~I4wB*_>6f!ubSPB5vnS?vU6SCMg5s2%bRX<oj;uSIpWDTB^6hp
zv(nRo*7(esBJ{WlG(dSyal(`ZmmV1WVpx+t)#?8=E2$Z-!ND(@*RnNSv}unrN$6+G
zySO&9$}LF#oqW{`#n1Du-QHinpL5dUCXa9}=6d#ymRpN29t-8k*dSNiah<*NuHI_b
z?d!63&uacOxBQ;rp`h-#=*4cllfB%xH-pYW1+9PFylDE3ZFhGtnXUY-c6I-b9-&`{
z%v7C%KD%e7#KbNPJh=An7VZ8edAxjg=e?ODC^=Jgmu>j*xp}u^ca^OC^6Kj89!Fg*
zwy!n0-{0N!ZO}M-e5GT|qhGcg&BXL#GPbF$kKKLEMd#XqkVcJz3m=<pWC%GG^?vpH
z*I5Ng2j>XwI={fN*(biFCR;%J@AkgT?bCOh@7u++a#1yC6rx+$Tx?$Z-4|O=<hXe#
zsVGZZUI9;tHdZ|U<M7Cisj);=%Ft}Wv!k_pf6PCsb)odB-~JmHKF`;>!Q{C3i>c`2
zU82$9>R-M4k8HD6zjkbKzg^b0|F2Fhm>1d`{pDXL>jJJ?|JSObXEfi{e(@IA8hLd6
zvaJ`Vmi2CW^G!%=S6t;&(aGPu_FG(B5R|9O;kms^?`fH`ir^$odDANm;9W}24GgO9
z<T-Y&TE_oj*U`}J+ji|$*}7?+c9T?v@1)vr1_l{(&{_b`?VDCfgiM@ysd%&05zp<u
zpo#QVAuA^>nBb$sF!k0l?FEgCT|HTgyQ<}5L$5wC-c_|eePZd>tqBL4^2)<M^eicJ
zInS6K61H8uWyx*Z88yFabyX(!YgUFE6;3+dxf(nR%E08O_+ab#cS~B9u%+DEoZjzQ
zxOk^Wx2X2CB*m3VLCgm;Ca8#37k1yX-^dVBnCq=IBiQNt#oV2s(<v6kpZ{I8kmcC?
zdF@wpcgJbO%?^(H;JM{j!-Oppb%c+*%`kx;Mccv1xW2YbT~+1lnVhXzSC`cO{`PFm
zBDMstlU<-1|Lo70Sl%mF4{po7&BpwbC1z>}!>S$IRK?C{Zv6eC>*E~D;w7Gw)h_KW
ze=pI~_u~Gc?8p9{l^gvp%5%Qk)BL_=$+KHk-|v=#+PcqfZ+U#Yf3`7;ROOoF<9$IZ
zgO+yKo;=biAu9^15F8koRyrN<kB&CoFuBWsS8D0XM3aUod8Jp2b~5-#xrQuWnWZK6
zcdd4l)WnEp+suX;0g5vt7*_3YGFq76cPlLEyJf+HhD!hQUazuNiFb+5m)(0qUB72*
z#+QTPPM?l+3O}2@12h-7@k;*VlIo)ylaKqbZ17M%Xjr(&&?OUcp@o8gEz_@<4Mk7A
zK6-7KyTs$=PB+nnS^Xi(_g|fw@0PH2v&-u{8<zdKP-6D_+FE1nMRA&OHDzCt=I=4O
z_vT&u`j#bmPcP)k6n1l+bO=h~)wa#Qx2MCxxKQbkn<@urUa`SpmEeT~#*H?Uq*RWb
zcKtjH)SWAObwzV>dC1Wv|F&&*@%G3{kh4`@xq2=um&k_8PeO7}cc1TzdlS5hPl)~g
zop2{3|9Ljg7<Q<=yc*;3t9Oo==%iorlhwMfEx9o3i`k?@M><=iN}*|IrSpTU;qg<a
z$5m-+sQmu^UcdJDH(%N09jo;@D?Z-5*j@YS=>s3P<+Z9RrU%!lRbE|kHaxzz)Zot+
zF3;Mxv$EF-^7gJxS5wyXnd7k{kevzCO;MO&#bT6pMnlS4G2n}(;+Oj?lSRwF3Nz~4
zSyyfJualar`EvF8mXw7~tv>%0|85JMe3LCq#ebfSW-~kgG{<H(&xeOvU5iCsgJxJv
z3|I_3V^!fBONnXGfd<CJLxJ1<vp&d%sV2YY-+%8S*yoeuk3WC<>n+mQgO64DJDtUD
zy}M+#v)oUA<kHgX1$G-l;|$?|iz}WhfAzT!IxwR6*_mf6y5Gfgm81uqu|CKf>wf@Z
z;%oM(DOL}(6)V5I2;BL4-EN`SLY=5BD>~Vx8K<A?C_srYA5NY4eKDZsUghIn^C#`{
zbpp21H`mA8Uwq!+H`nSUXgk}i;)zU+8NwePZC)(?TjXuwgKOVvRaLHf&N2_$zELk?
z!-1UQtBY<&zP_?DdD7>s4RbxbP1MirtNjhS18r03>uVlo7t688_&&H6oj-L`>gicO
zJwWSs1+<wi{&~|ED!-$@nzN$tPvu7cce05Wx85mtGMZ)acAmv7g9zu+Y%8I^vzZv}
z1x`%Uoqc6>xW8MEgyJuAR;GypD}t7uT56hoEk@8Y_SKI`2bR|T{S~`#{$ml2Ba<5L
zp6}bZ#dc$L<wk$M2d`YD1tytQ9X;2%_|eAD)nSf|D;t|ij=I%r2z*dtjLp41AG9|6
z-O7$RCYh52r;2banc}de=;qQZeCx{X7_IGh&%Gb5QzFHv-)FD??PTWTW18Q7_<5|0
z-0Y_2Gb7=gQ<mRJ?e%+tK0Q0D{q*$o>3y=+UaefBO5b{8h22@7JUKbJSGM%^HPiad
zM#3ATSG+J{+VyMQqrm5@#CkW_6g}~n{*|dX7;@C#gL%Jif4%v3o?P<E$sCYC@sl$4
z+jKPCDM)!+){|>Ty1GtfUS8%oS<P4J(?nTe_i)g$hWe44(?oOEXJ20@c+*LhW5?Wv
zF88_2v*xA0yR&nR&#t=*4Y$cFN+v(h+c#Hs{$0IycFUF<L42b*wY@Vr|Gl>2O#OJf
zpI@)XPcAvuYkn_7X@_gj8b6uXPSCu>&2y`s9~PK6v7*r`P6@WK>sfhf>OJp!y?OBh
zlP*4ez4Y4Jy0Yp{*4j>6sL9`y56hN+nL6Q$Odx1MZ{*Y~Z;M#DL?(2L>(4TdJlxK2
z9vx?#dMagI=aPuI7N9{a&ERD--mckY<k`r;;<74aWzx2t+cGXH?RYA!C$K|?vE|8A
zj*oQ>4Oh?Sc{m;5f>?91tAB6I^>C+82ifJPsCrL3(J8F{Xl>4mY|w?>A#0;TL8l{3
zJipdY#@BYy>WQ2;#V0z3G&QhuyqI%g=fc$!t;{vx=N9$~ZTNMQ*Oene@xjrL&yU(g
ze%v_ybyb|lJgZWz7xs6rty(Q*ey5-rw4<O)R6Fh7?ak@^pxJxSi8!C1pBKM-Ps($n
zQK5<dlDzDzFV=vPslX3;#<RLBt=UVewJX&mB~L0gOz`1TUFYaw#1=HWVQTvEE8A>0
z{;uBW@0U9FR#|17$E(9GUZ+g2$0RpZyMWqR4ijXzZFO^+XBDTuATZ{uw_MY^io2J;
zedSlol=oi0J>}`<+plw8#D9V2A#laS>}15aKXzA%rcyrc*`65(|Lf}&OltT2^61Cs
zr1>^BEV`w<ik%a-m^7^5X^aqf;H)V&Wp62e%aZMXB+uSsS>!x<v)QaEnbw9(QVZ*^
ztO%Ufb?tomw)$hcpSPxX#jF&J`Tz5|JZSZR*DBWaTXD@?=@}${eRWmsLfq3+Q(gZr
zb5NMZ!Zh(@_}Zw{MN_I5ewg`|RbOpAKgUS{KP{E>b1ao-si{m#0?(^-uD#OOFq^}`
z{>~HK^c!6hO4{V_B)KZgb6Vmaedm(@n-V!j{XSc}&2!DqElQoZz9prI`Mt|8M~LRN
z2OW0{6mT&<YY(=0C}%A&>D|Yv!a94uUW*2u$YPXvN#)|4b0Qo^nhrcUIeBU5>ad_~
zIgvMam1gVYNlvc*FjH3eOy3SpCnH941r=FCGeagON2VGLLx~_S2E~~{N&oiQ30TH{
zzM7?FaEa$<wat-5-)FsA8?&=Wt$xRKrAeP>%61Dr>8VywasD&Gx;*dV7x~@g@B2<z
zV;l7aO(q_4O=G#l^U~6^c0+ieXQP7&$BK$I@%#5#PJVrKOMXq7d-4^F&A#!RCtG3`
zq$}<J`z`wA_4V^#cs=QnH13(vvm^pM$(N*Es_;OK=?uSl<!Q-nN-A?7vYSUP<o~`)
zXywi&U$^HKfA#txZ2t4$>uswluDo5dODS?ifa2z*SF_`zKFoakHSo{=e?Q|q*aBp1
zt3uZ8|5sJ{=i~9zS65aF_A=lc@i#L5vM}zv$E!+D-C467&-=fUH2dq@=%B(<67zD#
zrTeq;+`9WT?*_d+ntP=t&E3fBPUP|LPC?3BS9QqPR&4=o^_gUv9kw~%7Ei2axjy(W
zv;9{8-E(RSc0VZTsoeTu=G)No$KFo|#rmRcuf8=2tNXc_FyWk+={|d5ZTqgIC96Fe
zMODSi*)IoAbVzWG4&VA!XPtPsqVva3Gv{_S>mJ+g=5dVi-rnkRNwb^?m%I(QQZ;Bk
z_D3JX{G0y@EuDf~j8aZ0fDRITc6Rn@(20?mmzVWsus|XO#~gKyd&Bvh|2yu4I~iH#
z{e8WDzl!%Xos&CF?wR6BBj5?=`+^UQZ`<pApE}{qot>L|Bn+KEi($?mp7ksF)D+D$
z*H0G~I^&71MoEE&hW8vFX1<l5{@csrRr672ep?me^m9{Iuit0&;_27d*SovU^h%r0
zx*ihZ76b{;jZ>`z3WOP-wa?!3lqXtn(zy@JVGayT|CA4;Z>z6)r>!_s*_{uxQ`1*(
zMJu=Xtf?pMYJbhxGm-Hl=<F%b`b`(*1K^nlrR3N!%}MQtJYMbK>CQisTKD7F)orCy
ze&$PiNrAde6O@>0(w1{fU#<Ub>V!L+)B8auT$H`Pr>iC5Ki^Jwx!+tPKAnIC4PV~e
z44zl@O7r9t&0rTlSlKf@wCl-2gGp9;haX87&y?R+xHVTc_22EbNo}Ae<dP1C`8PEW
zJ$=;;YRv@K|M}Q%^XtXpO*KD@9`BIO+i`GCch1E{txLS8pPK}kN7j{mJL%Ly{?@8<
zUq7F>pDt;f=5ee?^6)mL_PFKs=RwDvY{^sxtzqZ4`{9tc^QqY7WLx&tcJaH**50Xn
zKG&%HUCc$9MTMt-et!ORR`$Ay-|tnQuQ>@iTyv&<{k}~1`={qxZ{L!A-LH*bUJq1f
z%Ggu{fUd3v9X&HeJN(?5ve#Y}pm~PB?{~e{ySX8;*(B%2g*AQhwpAfU>F07@W!(mC
z@6Mbo<k#@?V26h$V@rxxXQ3@<PNACP!^~WMck?ZetQA-K{RAC6>^)u2sO(Kdaaz&E
zMXuX^oB~D3b+N~?_dFgf3}}70e14r4Xnkq)<i~b8$3!RnQf<tO2ThI(7BI$}=iQ0m
z64g=xtvuNC>6G@Oi&gh)KA&aL%$R-N{{Nm#ch<+@@wKYm;`(OSUrp!#wQJvc?VDOk
zpP!!xwbQ3wkE`|tjngVulxlxH(8%0dur^}jqCGzzb%Q3CL5l)G11fg^ek6a+7d<iM
z2g?lko~|iE4j#*<NL&Z4Uf<BpF#qPaf)Z!#dE%3P8BDz7v|;WPq3(ZQUmZ8izBXg(
z6Gmn>mi!7!#g*DEm7kwYy<hkH>>8z4`MSG)ZO^{0_c=QL^3+3ntG}yhsg$w?hjW#(
zZUmja`{ssW@!EU#ALjjwe!n&KwAkj-sM}XVJ-0e`uWOlaTYYVfL)L-ipp}{5@7L=;
zKHhI0pCh6f<g%;mtyJv{y*<qGUV0@_TC;m5_@uHIRC72S*v|6f%(wp6f|EFZNGZPD
z!?}RJRqIm8*A1bo!%m7#0u5P4nqJ9WA+_@Rot?$Y@_v1Jc{aOolA<%4@+YQ80rl+1
z8t+AiZ!BdEsgEzc8oKB$+q%6K9~TKuiP|E2ciF1zaXShQ#z^mY{_5)LrCC>3feuDo
z8ML%ZaNShx@M)l9IYFCHB6pRn1RV`g`9U@z@PYG5#$^dj-W(w-gPvYm6}md;pYI~?
zU+ptNos2nN42my9&fmxvcM?*}{J)~hsaxxciN~b8(AsY|)0aB6ay`@2x)H*#D#E7d
zNk^n9k7$Ebqq#t5_~Nf@N}sX{mV);0Y)Uy<6q)_?USnB_Ymn>we|#J#FX+paM8Ccs
zU$1*TzJ71y#654f-F`AXzRvLas*Wq67vJ9A-reP;yDP~u<%B@x!&dP#(;~eNvHS=~
zN&)vP8CdQ(Hk{8X|8bH}+g4xYZNrp1X5gY|a`yb$>$!7+gB`>7R+Vn9TE57)-mPCw
z7qpYD?(Z*9W28yDH)?tP|9_W2g}7zWlAL>cZn9jxxQMZ$q;)gsd}yA>UtV5LJ=!J8
zsl>JA^4e(gVz;2yMQnFGJv_GM+`M#SNmKat2dnmiM)}@mACTJ`9j<tLTdsD$?Y9|w
z{(L%ZlzvVIbavs!)+WShFn4?!(xc3)^;5Sgs{|j@KDipa4kh<ZQ}S#s+xK4{w#&~t
zU;>&@=xkY~JteA*PgYCon~Bt_JjbgVYotuSf`$+u`7wXJQ*zn&SyXIb&fQ&GBPFlA
zT>{#%6tXHrGf+{o<KL=uEz<=5P9aqxkx8IwS-}pisIPaHcDcuXy|Myyy1(K6(x;#u
zp3i!offjURSA}hg*qGG!bpEY2L;IlH%y&TJx(qA|6Kt4j($xDWi?4I?xb?ynRJViI
zn{x_ugk9jX^<Md?{O+#Ow55|KSuj3hUkuxp!pBsTw)?PuSw!cAEzOVq=N~?GWFvSb
ze+W<O61Ha-jVJB8wKCmIlf&~E1E>h%a5(UmrD9p>ZuZIf_D)7W*XUI*1<kO(OXYpc
z#Ia)z!{@_K`Hs|Zfa3fEFQeV&+Q(Ur9=Bd(!ySaS0G^?-0+hYZFL1!Cim_!$|8WMV
zOK#7jaqTq#9gg+buwlZMi$B53vazlH7I5(RRl%d6l3TKGYI`i!trH9^0+a0Im^nP9
z=jK1fv1*@T)HzfQ9nhIfUteFJzN_?g7kF#%KlcToQ+PqU+pNpifoJhSd%_r4=6D`B
z^?8GFbxUZcpo7OP3$ryob83Ho^PH&Ux}@OYp-tuQ<D}Ov(&X4Nzu_G3TxBcslD+^?
zO97M~3)C33&mTVbMleiKCE0*&jo+M{o10FaoUH!zNT=|k`d|eH#)<a-emH|>2qHJ9
znSw>YDY-z8arODb=iW+AJF0r1Ye{eNp;t#TZ*Bq|qU5?NWTn#Tu(g{m8qI2IsOALs
zSJ%hsf{p?{Iaz)8cI61@+2S7<8`s6|23;kRa->6WQGM_pZv|JUAo*us7OpFLdg|H1
zKFI#4t73PzEnhv!$IeZh#l@{pM)U5jQsdPVcWs?IwaSeZnh9^RlsKlGon@L9=<<JA
z#dJ{4xF01tDa%XYMW3BPc6IEol8qOgKrZ5Vv3;f$`xkDprZ+o|=SM(Jqxh%RFyTx8
z|6moB?RkIe-`;)e``C+t^+Eun>Jk<YRzXn~Er$?>kO@KpqAgP<a0!ThSi!KAMJu87
zuSrhXba_UZj`VXL8VU<<6d#*bV;ld!S8eji7e9VfeEIR?M&G4rrf-!!o&}_KWY?WP
zJEJ|r)-c+vsa|@ILsN2?f!<=dXP+y@HAI<MI0O_N68^L5OxXTE_sVt2It`C!3)tD&
z?{18bkN<7ep0#iJdIiY|UwqU8(q?3Pwe3+m@Z4Q7V6j77$WwLah+v~Rro~FR-vg7g
zR|_*Tv2a|`QqaC~Yt#R0uMayKHKy&2E4Q8GbawuNTDFrl#Z_rWo|X$Yv79Q?^EJ&4
zRbVuFX!u$A>yhnMqAScnx_JT@^u)>ZAJ5lsYmeZ6zGv=%_U4qx&XWb3>l=UbO`7fQ
zq3`>0<IQ!Mf5jUUIj6{#|90V9eRqy7NUwkfld5`3Z~q>FuvcO~3MS}uADp57bFbs3
zcc%m1f_&M)z{teXrZ-`0$fb{o6Zb6K{-o^r|Az`Q*Pkue%(JzouI}BlcbfmX-)wT9
zWC%7;!J&bnu~ziNi=8@KCTnWVoVWCf{)d$cGk<!ozM8cqLT49iqKM-qQwOlY90Cd#
z);Zk#U1>JE^mVnySMC}ukGyxKGvYkClQ<@Qy|0z!0aN#3o<o(wW$DcK&$q4X_h&sR
zF!ijP?yk?jn+&&XT|3)7ms0>_Gb0mAo&Wn;e#`TJI~1>se{k8+Xm;!TIde+(POMV>
z>T#`p^$JCpGY{Nnn!R`8_wV0h(<fhQJFvX@N!t1)s&%X<&GN*zs=yq0L*zu2=IN(J
zDS0W?*N;wbN{O7SnKSL@)~xL6?fp{1P)l!#YP??Nav+cIZ7h2{*QAG9+9s(T*}FDx
z-k-AisLaW*=(xQw2j+67>_6dCeEPz**|TR~ym~b>njy>jSJ8x?#Fv-O&70KU-+y-9
zBQ1|zi{ZhaCGJr%$46~(kDrabz5Ly~cdy2!eyw(2FkNBhdtd)2moEo@pJ{M2Nl+y^
zr?gZJ>hLY969i_;om{+l@w?#6;04<iW||9gPJI1!*Y7h1*ROq>E~0XKPv@0cpy&m~
zLX*S1@5XaX9~RokmCs*m`+oa{bGNT;+^#T_`B{>ct?k=GDQ!E`80SrU=EF7Vc3j!N
zeyB!=1P`XlbN1HOuiG}Oxuh+eJ8j<Q_A6ocOV{mXJ2|K1UP#LS89c>jrMr$MU2Huq
z)}?UMNqe<2Gzu2zHntq=?(TkPX@59!^ZY&YPHbD(_&w`(^#mPuP3{j*-miINGXMPQ
z{SR0?%|)Pk8XR<)IQy<&zn<UyG9qI6v}tdb%UN?zvfR7L)T8cvbT`YX)2B~oF)vlP
zdEWJ9G&~IJ{1g~JefzepdfNH-n%jQ-*!k_ob>;Ua9?LFCy3b|U8MW4`ndMZ>l*=!-
z%yy3q7F5a3@-0<F1m*K@?d|RFZti6{aWm(d?e6Q}?%WGI{chPdYyL@3w-`^ea?}=2
z*POXv_RlFV)z&9&TBopccK4O-LeSK~@y1P|`-RT*(|PwEKMRw4`Q_y1+<8|;ncj2O
zL{HFRKc8|pCu&yr*QZaP_7|U;-S=sm^1-5v$rZuN|2%0czP$4x+!x<G754V1>MZ+i
zXg~YuhYuU7+s;O*uhp5h)BmmUmg1k^6n1h>37Gj{>iHbWMX>z9A)xS~mg(jx<%Ncf
zK^1@OzDxCeS?u^J|G-&u<;v)wV`<kJ*7AW%G;mg{3sPA8_f*NIvlAQaEB*RxV;c8z
zO*))f@(iJbLm<Q5VM5OGwO6OWQUOToUJi~)dkuaGL5fF^2n)v+Wd)CIm#<}cLAYQy
zHO8^9oQ#vG<%Gp3$dFrt0xGvNvrSc@VGdI1pwHBlqTjQx1*8BL25&hyCcWLVbrw8q
g1r!_>h&RSRb^W{Q^@_5)3=9kmp00i_>zopr06O~Q?EnA(
literal 0
HcmV?d00001
diff --git a/docs/ha-mode.md b/docs/ha-mode.md
index 587d5ea46..851f50693 100644
--- a/docs/ha-mode.md
+++ b/docs/ha-mode.md
@@ -33,15 +33,27 @@ Kube-apiserver
--------------
K8s components require a loadbalancer to access the apiservers via a reverse
-proxy. A kube-proxy does not support multiple apiservers for the time being so
+proxy. Kargo includes support for an nginx-based proxy that resides on each
+non-master Kubernetes node. This is referred to as localhost loadbalancing. It
+is less efficient than a dedicated load balancer because it creates extra
+health checks on the Kubernetes apiserver, but is more practical for scenarios
+where an external LB or virtual IP management is inconvenient.
+
+This option is configured by the variable `loadbalancer_apiserver_localhost`.
you will need to configure your own loadbalancer to achieve HA. Note that
deploying a loadbalancer is up to a user and is not covered by ansible roles
in Kargo. By default, it only configures a non-HA endpoint, which points to
the `access_ip` or IP address of the first server node in the `kube-master`
group. It can also configure clients to use endpoints for a given loadbalancer
-type.
+type. The following diagram shows how traffic to the apiserver is directed.
+
+
-A loadbalancer (LB) may be an external or internal one. An external LB
+..note:: Kubernetes master nodes still use insecure localhost access because
+ there are bugs in Kubernetes <1.5.0 in using TLS auth on master role
+ services.
+
+A user may opt to use an external loadbalancer (LB) instead. An external LB
provides access for external clients, while the internal LB accepts client
connections only to the localhost, similarly to the etcd-proxy HA endpoints.
Given a frontend `VIP` address and `IP1, IP2` addresses of backends, here is
@@ -71,35 +83,11 @@ into the `/etc/hosts` file of all servers in the `k8s-cluster` group. Note that
the HAProxy service should as well be HA and requires a VIP management, which
is out of scope of this doc.
-The internal LB may be the case if you do not want to operate a VIP management
-HA stack and require no external and no secure access to the K8s API. The group
-var `loadbalancer_apiserver_localhost` (defaults to `false`) controls that
-deployment layout. When enabled, it is expected each node in the `k8s-cluster`
-group to run a loadbalancer that listens the localhost frontend and has all
-of the apiservers as backends. Here is an example configuration for a HAProxy
- service acting as an internal LB:
-
-```
-listen kubernetes-apiserver-http
- bind localhost:8080
- mode tcp
- timeout client 3h
- timeout server 3h
- server master1 <IP1>:8080
- server master2 <IP2>:8080
- balance leastconn
-```
-
-And the corresponding example global vars config:
-```
-loadbalancer_apiserver_localhost: true
-```
-
-This var overrides an external LB configuration, if any. Note that for this
-example, the `kubernetes-apiserver-http` endpoint has backends receiving
-unencrypted traffic, which may be a security issue when interconnecting
-different nodes, or may be not, if those belong to the isolated management
-network without external access.
+Specifying an external LB overrides any internal localhost LB configuration.
+Note that for this example, the `kubernetes-apiserver-http` endpoint
+has backends receiving unencrypted traffic, which may be a security issue
+when interconnecting different nodes, or maybe not, if those belong to the
+isolated management network without external access.
In order to achieve HA for HAProxy instances, those must be running on the
each node in the `k8s-cluster` group as well, but require no VIP, thus
@@ -109,8 +97,8 @@ Access endpoints are evaluated automagically, as the following:
| Endpoint type | kube-master | non-master |
|------------------------------|---------------|---------------------|
-| Local LB (overrides ext) | http://lc:p | http://lc:p |
-| External LB, no internal | https://lb:lp | https://lb:lp |
+| Local LB | http://lc:p | http://lc:sp |
+| External LB, no internal | http://lc:p | https://lb:lp |
| No ext/int LB (default) | http://lc:p | https://m[0].aip:sp |
Where:
diff --git a/inventory/group_vars/all.yml b/inventory/group_vars/all.yml
index add9fdd2a..ec715b960 100644
--- a/inventory/group_vars/all.yml
+++ b/inventory/group_vars/all.yml
@@ -64,8 +64,9 @@ ndots: 5
# This may be the case if clients support and loadbalance multiple etcd servers natively.
etcd_multiaccess: false
-# Assume there are no internal loadbalancers for apiservers exist
-loadbalancer_apiserver_localhost: false
+# Assume there are no internal loadbalancers for apiservers exist and listen on
+# kube_apiserver_port (default 443)
+loadbalancer_apiserver_localhost: true
# Choose network plugin (calico, weave or flannel)
kube_network_plugin: flannel
diff --git a/roles/kubernetes/node/defaults/main.yml b/roles/kubernetes/node/defaults/main.yml
index 94da756be..79b1faef0 100644
--- a/roles/kubernetes/node/defaults/main.yml
+++ b/roles/kubernetes/node/defaults/main.yml
@@ -11,3 +11,6 @@ kube_proxy_mode: iptables
# kube_api_runtime_config:
# - extensions/v1beta1/daemonsets=true
# - extensions/v1beta1/deployments=true
+
+nginx_image_repo: nginx
+nginx_image_tag: 1.11.4-alpine
diff --git a/roles/kubernetes/node/tasks/main.yml b/roles/kubernetes/node/tasks/main.yml
index 9c14e7a4c..a8cb6ce5a 100644
--- a/roles/kubernetes/node/tasks/main.yml
+++ b/roles/kubernetes/node/tasks/main.yml
@@ -1,6 +1,9 @@
---
- include: install.yml
+- include: nginx-proxy.yml
+ when: is_kube_master == false and loadbalancer_apiserver_localhost|default(false)
+
- name: Write Calico cni config
template:
src: "cni-calico.conf.j2"
diff --git a/roles/kubernetes/node/tasks/nginx-proxy.yml b/roles/kubernetes/node/tasks/nginx-proxy.yml
new file mode 100644
index 000000000..056c55a93
--- /dev/null
+++ b/roles/kubernetes/node/tasks/nginx-proxy.yml
@@ -0,0 +1,9 @@
+---
+- name: nginx-proxy | Write static pod
+ template: src=manifests/nginx-proxy.manifest.j2 dest=/etc/kubernetes/manifests/nginx-proxy.yml
+
+- name: nginx-proxy | Make nginx directory
+ file: path=/etc/nginx state=directory mode=0700 owner=root
+
+- name: nginx-proxy | Write nginx-proxy configuration
+ template: src=nginx.conf.j2 dest="/etc/nginx/nginx.conf" owner=root mode=0755 backup=yes
diff --git a/roles/kubernetes/node/templates/manifests/nginx-proxy.manifest.j2 b/roles/kubernetes/node/templates/manifests/nginx-proxy.manifest.j2
new file mode 100644
index 000000000..50e054268
--- /dev/null
+++ b/roles/kubernetes/node/templates/manifests/nginx-proxy.manifest.j2
@@ -0,0 +1,20 @@
+apiVersion: v1
+kind: Pod
+metadata:
+ name: nginx-proxy
+ namespace: kube-system
+spec:
+ hostNetwork: true
+ containers:
+ - name: nginx-proxy
+ image: {{ nginx_image_repo }}:{{ nginx_image_tag }}
+ securityContext:
+ privileged: true
+ volumeMounts:
+ - mountPath: /etc/nginx
+ name: etc-nginx
+ readOnly: true
+ volumes:
+ - name: etc-nginx
+ hostPath:
+ path: /etc/nginx
diff --git a/roles/kubernetes/node/templates/nginx.conf.j2 b/roles/kubernetes/node/templates/nginx.conf.j2
new file mode 100644
index 000000000..edcee08a9
--- /dev/null
+++ b/roles/kubernetes/node/templates/nginx.conf.j2
@@ -0,0 +1,26 @@
+error_log stderr notice;
+
+worker_processes auto;
+events {
+ multi_accept on;
+ use epoll;
+ worker_connections 1024;
+}
+
+stream {
+ upstream kube_apiserver {
+ least_conn;
+ {% for host in groups['kube-master'] -%}
+ server {{ hostvars[host]['access_ip'] | default(hostvars[host]['ip'] | default(hostvars[host]['ansible_default_ipv4']['address'])) }}:{{ kube_apiserver_port }};
+ {% endfor %}
+ }
+
+ server {
+ listen {{ kube_apiserver_port }};
+ proxy_pass kube_apiserver;
+ proxy_timeout 3s;
+ proxy_connect_timeout 1s;
+
+ }
+
+}
diff --git a/roles/kubernetes/preinstall/defaults/main.yml b/roles/kubernetes/preinstall/defaults/main.yml
index 343ba5707..5d1b2cd2e 100644
--- a/roles/kubernetes/preinstall/defaults/main.yml
+++ b/roles/kubernetes/preinstall/defaults/main.yml
@@ -21,6 +21,8 @@ kube_log_dir: "/var/log/kubernetes"
# pods on startup
kube_manifest_dir: "{{ kube_config_dir }}/manifests"
+# change to 0.0.0.0 to enable insecure access from anywhere (not recommended)
+kube_apiserver_insecure_bind_address: 127.0.0.1
common_required_pkgs:
- python-httplib2
diff --git a/roles/kubernetes/preinstall/tasks/set_facts.yml b/roles/kubernetes/preinstall/tasks/set_facts.yml
index e3f4757a7..19f08df78 100644
--- a/roles/kubernetes/preinstall/tasks/set_facts.yml
+++ b/roles/kubernetes/preinstall/tasks/set_facts.yml
@@ -5,12 +5,12 @@
- set_fact: is_kube_master="{{ inventory_hostname in groups['kube-master'] }}"
- set_fact: first_kube_master="{{ hostvars[groups['kube-master'][0]]['access_ip'] | default(hostvars[groups['kube-master'][0]]['ip'] | default(hostvars[groups['kube-master'][0]]['ansible_default_ipv4']['address'])) }}"
- set_fact:
- kube_apiserver_insecure_bind_address: |-
- {% if loadbalancer_apiserver_localhost %}{{ kube_apiserver_address }}{% else %}127.0.0.1{% endif %}
+ loadbalancer_apiserver_localhost: false
+ when: loadbalancer_apiserver is defined
- set_fact:
kube_apiserver_endpoint: |-
- {% if loadbalancer_apiserver_localhost -%}
- http://127.0.0.1:{{ kube_apiserver_insecure_port }}
+ {% if not is_kube_master and loadbalancer_apiserver_localhost -%}
+ https://localhost:{{ kube_apiserver_port }}
{%- elif is_kube_master and loadbalancer_apiserver is not defined -%}
http://127.0.0.1:{{ kube_apiserver_insecure_port }}
{%- else -%}
diff --git a/roles/kubernetes/secrets/files/make-ssl.sh b/roles/kubernetes/secrets/files/make-ssl.sh
index a2f698541..f90fb7e8b 100755
--- a/roles/kubernetes/secrets/files/make-ssl.sh
+++ b/roles/kubernetes/secrets/files/make-ssl.sh
@@ -26,8 +26,8 @@ Usage : $(basename $0) -f <config> [-d <ssldir>]
-h | --help : Show this message
-f | --config : Openssl configuration file
-d | --ssldir : Directory where the certificates will be installed
-
- ex :
+
+ ex :
$(basename $0) -f openssl.conf -d /srv/ssl
EOF
}
@@ -37,7 +37,7 @@ while (($#)); do
case "$1" in
-h | --help) usage; exit 0;;
-f | --config) CONFIG=${2}; shift 2;;
- -d | --ssldir) SSLDIR="${2}"; shift 2;;
+ -d | --ssldir) SSLDIR="${2}"; shift 2;;
*)
usage
echo "ERROR : Unknown option"
@@ -68,6 +68,7 @@ openssl req -x509 -new -nodes -key ca-key.pem -days 10000 -out ca.pem -subj "/CN
openssl genrsa -out apiserver-key.pem 2048 > /dev/null 2>&1
openssl req -new -key apiserver-key.pem -out apiserver.csr -subj "/CN=kube-apiserver" -config ${CONFIG} > /dev/null 2>&1
openssl x509 -req -in apiserver.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out apiserver.pem -days 365 -extensions v3_req -extfile ${CONFIG} > /dev/null 2>&1
+cat ca.pem >> apiserver.pem
# Nodes and Admin
for i in node admin; do
diff --git a/roles/kubernetes/secrets/tasks/gen_certs.yml b/roles/kubernetes/secrets/tasks/gen_certs.yml
index 7178bce0c..6057c0676 100644
--- a/roles/kubernetes/secrets/tasks/gen_certs.yml
+++ b/roles/kubernetes/secrets/tasks/gen_certs.yml
@@ -65,3 +65,30 @@
shell: chmod 0600 {{ kube_cert_dir}}/*key.pem
when: inventory_hostname in groups['kube-master']
changed_when: false
+
+- name: Gen_certs | target ca-certificates directory
+ set_fact:
+ ca_cert_dir: |-
+ {% if ansible_os_family == "Debian" -%}
+ /usr/local/share/ca-certificates
+ {%- elif ansible_os_family == "RedHat" -%}
+ /etc/pki/ca-trust/source/anchors
+ {%- elif ansible_os_family == "CoreOS" -%}
+ /etc/ssl/certs
+ {%- endif %}
+
+- name: Gen_certs | add CA to trusted CA dir
+ copy:
+ src: "{{ kube_cert_dir }}/ca.pem"
+ dest: "{{ ca_cert_dir }}/kube-ca.crt"
+ remote_src: true
+ register: kube_ca_cert
+
+- name: Gen_certs | update ca-certificates (Debian/Ubuntu/CoreOS)
+ command: update-ca-certificates
+ when: kube_ca_cert.changed and ansible_os_family in ["Debian", "CoreOS"]
+
+- name: Gen_certs | update ca-certificatesa (RedHat)
+ command: update-ca-trust extract
+ when: kube_ca_cert.changed and ansible_os_family == "RedHat"
+
diff --git a/roles/kubernetes/secrets/templates/openssl.conf.j2 b/roles/kubernetes/secrets/templates/openssl.conf.j2
index 5eab64979..ac94b6800 100644
--- a/roles/kubernetes/secrets/templates/openssl.conf.j2
+++ b/roles/kubernetes/secrets/templates/openssl.conf.j2
@@ -11,16 +11,18 @@ DNS.1 = kubernetes
DNS.2 = kubernetes.default
DNS.3 = kubernetes.default.svc
DNS.4 = kubernetes.default.svc.{{ dns_domain }}
+DNS.5 = localhost
{% for host in groups['kube-master'] %}
-DNS.{{ 4 + loop.index }} = {{ host }}
+DNS.{{ 5 + loop.index }} = {{ host }}
{% endfor %}
{% if loadbalancer_apiserver is defined and apiserver_loadbalancer_domain_name is defined %}
-{% set idx = groups['kube-master'] | length | int + 4 %}
-DNS.5 = {{ apiserver_loadbalancer_domain_name }}
+{% set idx = groups['kube-master'] | length | int + 5 %}
+DNS.{{ idx | string }} = {{ apiserver_loadbalancer_domain_name }}
{% endif %}
{% for host in groups['kube-master'] %}
IP.{{ 2 * loop.index - 1 }} = {{ hostvars[host]['access_ip'] | default(hostvars[host]['ansible_default_ipv4']['address']) }}
IP.{{ 2 * loop.index }} = {{ hostvars[host]['ip'] | default(hostvars[host]['ansible_default_ipv4']['address']) }}
{% endfor %}
{% set idx = groups['kube-master'] | length | int * 2 + 1 %}
-IP.{{ idx | string }} = {{ kube_apiserver_ip }}
+IP.{{ idx }} = {{ kube_apiserver_ip }}
+IP.{{ idx + 1 }} = 127.0.0.1
--
GitLab