From 997f4dbaa036ff0c80ebb4d4276987842ae64fbc Mon Sep 17 00:00:00 2001 From: Jerome Petazzoni Date: Sun, 7 May 2017 14:16:47 -0700 Subject: [PATCH] OSCON updates --- docs/chat/index.html | 4 +- docs/chat/index.html.sh | 2 +- docs/index.html | 631 ++++++++++++++++++------ docs/mario-red-shell.png | Bin 0 -> 43055 bytes prepare-vms/settings/orchestration.yaml | 2 +- 5 files changed, 476 insertions(+), 163 deletions(-) create mode 100644 docs/mario-red-shell.png diff --git a/docs/chat/index.html b/docs/chat/index.html index 659ef3b9..e4bd7d4c 100644 --- a/docs/chat/index.html +++ b/docs/chat/index.html @@ -1,9 +1,9 @@ - + -https://gitter.im/jpetazzo/workshop-20170504-chicago +https://gitter.im/jpetazzo/workshop-20170508-austin diff --git a/docs/chat/index.html.sh b/docs/chat/index.html.sh index 7f8611fc..08b21ba5 100755 --- a/docs/chat/index.html.sh +++ b/docs/chat/index.html.sh @@ -1,5 +1,5 @@ #!/bin/sh -LINK=https://gitter.im/jpetazzo/workshop-20170504-chicago +LINK=https://gitter.im/jpetazzo/workshop-20170508-austin #LINK=https://dockercommunity.slack.com/messages/docker-mentor #LINK=https://usenix-lisa.slack.com/messages/docker sed "s,@@LINK@@,$LINK,g" >index.html < + +- The tutorial will run from 9:00am to 12:30pm + +- This will be fast-paced, but DON'T PANIC! + +- All the content is publicly available (slides, code samples, scripts) + +- There will be a coffee break at 10:30am +
+ (please remind me if I forget about it!) + - Feel free to interrupt for questions at any time - Live feedback, questions, help on [Gitter](chat) -- All the content is publicly available (slides, code samples, scripts) - ??? class: in-person @@ -249,24 +250,20 @@ class: in-person - Identifying bottlenecks -- Introducing SwarmKit - --- class: in-person ## Chapter 2: scaling out our app on Swarm -- Creating our first Swarm +- Introducing SwarmKit -- Docker Machine +- Creating our first Swarm - Running our first Swarm service - Deploying a local registry -- Overlay networks - - Global scheduling - Integration with Compose @@ -283,20 +280,18 @@ class: in-person - Rolling updates -- (Secrets management and encryption at rest) - - [Centralized logging](#logging) - Metrics collection ---- +- Dealing with stateful services + +??? class: in-person ## Chapter 4: deeper in Swarm -- Dealing with stateful services - - Controlling Docker from a container - Node management @@ -325,7 +320,7 @@ class: in-person (but that's OK if you're not a Docker expert!) ---- +??? class: in-person @@ -399,7 +394,7 @@ class: in-person ## You get five VMs - Each person gets 5 private VMs (not shared with anybody else) -- They'll remain up until the day after the tutorial +- They'll remain up until tonight - You should have a little card with login+password+IP addresses - You can automatically SSH from one VM to another @@ -440,13 +435,13 @@ wait ] ---- +??? class: in-person ## If doing or re-doing the workshop on your own ... ---- +??? class: self-paced @@ -454,7 +449,7 @@ class: self-paced - Use [Play-With-Docker](http://www.play-with-docker.com/)! --- +??? - Main differences: @@ -577,6 +572,22 @@ You are welcome to use the method that you feel the most comfortable with. -- +- Docker 1.13 = Docker 17.03 (year.month, like Ubuntu) + +- Every month, there is a new "edge" release (with new features) + +- Every quarter, there is a new "stable" release + +- Docker CE releases are maintained 4+ months + +- Docker EE releases are maintained 12+ months + +--- + +class: extra-details + +## Docker CE vs Docker EE + - Docker EE: - $$$ @@ -591,6 +602,8 @@ You are welcome to use the method that you feel the most comfortable with. --- +class: extra-details + ## Why? - More readable for enterprise users @@ -1075,7 +1088,7 @@ Note: this is a fiction! We have enough entropy. But we need a pretext to scale class: title -# Scaling out +Scaling out --- @@ -1088,12 +1101,16 @@ class: title - It is a plumbing part of the Docker ecosystem + + - SwarmKit/swarmd/swarmctl → libcontainer/containerd/container-ctr --- @@ -1102,22 +1119,26 @@ class: title - Highly-available, distributed store based on [Raft]( https://en.wikipedia.org/wiki/Raft_%28computer_science%29) -
(more on next slide) +
(avoids depending on an external store: easier to deploy; higher performance) + +- Dynamic reconfiguration of Raft without interrupting cluster operations - *Services* managed with a *declarative API*
(implementing *desired state* and *reconciliation loop*) -- Automatic TLS keying and signing - -- Dynamic promotion/demotion of nodes, allowing to change - how many nodes are actively part of the Raft consensus - - Integration with overlay networks and load balancing -- And much more! +- Strong emphasis on security: + + - automatic TLS keying and signing; automatic cert rotation + - full encryption of the data plane; automatic key rotation + - least privilege architecture (single-node compromise ≠ cluster compromise) + - on-disk encryption with optional passphrase --- +class: extra-details + ## Where is the key/value store? - Many orchestration systems use a key/value store backed by a consensus algorithm @@ -1149,14 +1170,16 @@ class: title - A *node* can be a *manager* or a *worker* - (Note: in SwarmKit, *managers* are also *workers*) - -- A *manager* actively takes part in the Raft consensus +- A *manager* actively takes part in the Raft consensus, and keeps the Raft log - You can talk to a *manager* using the SwarmKit API - One *manager* is elected as the *leader*; other managers merely forward requests to it +- The *workers* get their instructions from the *managers* + +- Both *workers* and *managers* can run containers + --- ## Illustration @@ -1188,7 +1211,9 @@ You can refer to the [NOMENCLATURE](https://github.com/docker/swarmkit/blob/mast - Since version 1.12, Docker Engine embeds SwarmKit -- The Docker CLI features three new commands: +- All the SwarmKit features are "asleep" until you enable "Swarm Mode" + +- Examples of Swarm Mode commands: - `docker swarm` (enable Swarm mode; join a Swarm; adjust cluster parameters) @@ -1196,6 +1221,8 @@ You can refer to the [NOMENCLATURE](https://github.com/docker/swarmkit/blob/mast - `docker service` (create and manage services) +??? + - The Docker API exposes the same concepts - The SwarmKit API is also exposed (on a separate socket) @@ -1246,10 +1273,14 @@ Error response from daemon: This node is not a swarm manager. [...] ] +??? + If Docker tells you that it `could not choose an IP address to advertise`, see next slide! --- +class: extra-details + ## IP address to advertise - When running in Swarm mode, each node *advertises* its address to the others @@ -1270,6 +1301,8 @@ If Docker tells you that it `could not choose an IP address to advertise`, see n --- +class: extra-details + ## Which IP address should be advertised? - If your nodes have only one IP address, it's safe to let autodetection do the job @@ -1320,6 +1353,8 @@ docker swarm init --advertise-addr eth0:7777 --- +class: extra-details + ## Checking that Swarm mode is enabled .exercise[ @@ -1450,6 +1485,8 @@ ehb0...4fvx node2 Ready Active --- +class: docker-machine + ## Adding nodes using the Docker API - We don't have to SSH into the other nodes, we can use the Docker API @@ -1469,6 +1506,8 @@ ehb0...4fvx node2 Ready Active --- +class: docker-machine + # Docker Machine - Docker Machine has two primary uses: @@ -1489,7 +1528,7 @@ ehb0...4fvx node2 Ready Active --- -class: self-paced +class: self-paced, docker-machine ## If you're using Play-With-Docker ... @@ -1501,6 +1540,8 @@ class: self-paced --- +class: docker-machine + ## Docker Machine basic usage - We will learn two commands: @@ -1522,7 +1563,7 @@ You should see your 5 nodes. --- -class: in-person +class: in-person, docker-machine ## How did we make our 5 nodes show up there? @@ -1542,6 +1583,8 @@ class: in-person --- +class: docker-machine + ## Using Docker Machine to communicate with a node - To select a node, use `eval $(docker-machine env nodeX)` @@ -1563,6 +1606,8 @@ class: in-person --- +class: docker-machine + ## Getting the token - First, let's store the join token in a variable @@ -1585,6 +1630,8 @@ class: in-person --- +class: docker-machine + ## Change the node targeted by the Docker CLI - We need to set the right environment variables to communicate with `node3` @@ -1605,6 +1652,8 @@ class: in-person --- +class: docker-machine + ## Checking which node we're talking to - Let's use the Docker API to ask "who are you?" to the remote node @@ -1626,6 +1675,8 @@ reflecting the `DOCKER_HOST` variable. --- +class: docker-machine + ## Adding a node through the Docker API - We are going to use the same `docker swarm join` command as before @@ -1641,6 +1692,8 @@ reflecting the `DOCKER_HOST` variable. --- +class: docker-machine + ## Going back to the local node - We need to revert the environment variable(s) that we had set previously @@ -1663,6 +1716,8 @@ From that point, we are communicating with `node1` again. --- +class: docker-machine + ## Checking the composition of our cluster - Now that we're talking to `node1` again, we can use management commands @@ -1771,14 +1826,16 @@ Some presentations from the Docker Distributed Systems Summit in Berlin: - Let's make our cluster highly available +??? + - Can you write a tiny script to automatically retrieve the manager token,
and automatically add remaining nodes to the cluster? --- +??? - Hint: we want to use `for N in $(seq 4 5) ...` ---- +??? ## Adding more managers @@ -1793,7 +1850,7 @@ done unset DOCKER_HOST ``` ---- +??? ## Adding more managers @@ -1810,6 +1867,48 @@ eval $(docker-machine env -u) --- +## Building our full cluster + +- We could SSH to nodes 3, 4, 5; and copy-paste the command + +-- + +- Or we could use the AWESOME POWER OF THE SHELL! + +-- + +![Mario Red Shell](mario-red-shell.png) + +-- + +- No, not *that* shell + +--- + +## Let's form like Swarm-tron + +- Let's get the token, and loop over the remaining nodes with SSH + +.exercise[ + +- Obtain the manager token: + ```bash + TOKEN=$(docker swarm join-token -q manager) + ``` + +- Loop over the 3 remaining nodes: + ```bash + for NODE in node3 node4 node5; do + ssh $NODE docker swarm join --token $TOKEN node1:2377 + done + ``` + +] + +[That was easy.](https://www.youtube.com/watch?v=3YmMNpbFjp0) + +--- + ## You can control the Swarm from any manager node .exercise[ @@ -1833,6 +1932,8 @@ As we saw earlier, you can only control the Swarm through a manager node. --- +class: self-paced + ## Play-With-Docker node status icon - If you're using Play-With-Docker, you get node status icons @@ -1847,12 +1948,14 @@ As we saw earlier, you can only control the Swarm through a manager node. --- -## Promoting nodes +## Dynamically changing the role of a node -- Instead of adding a manager node, we can also promote existing workers - -- Nodes can be promoted (and demoted) at any time +- We can change the role of a node on the fly: + `docker node promote XXX` → make XXX a manager +
+ `docker node demote XXX` → make XXX a worker + .exercise[ - See the current list of nodes: @@ -1860,9 +1963,9 @@ As we saw earlier, you can only control the Swarm through a manager node. docker node ls ``` -- Promote the two worker nodes to be managers: +- Promote any worker node to be a manager: ``` - docker node promote XXX YYY + docker node promote ``` ] @@ -1890,9 +1993,9 @@ As we saw earlier, you can only control the Swarm through a manager node. - Intuitively, it's harder to reach consensus in larger groups -- With Raft, each write needs to be acknowledged by the majority of nodes +- With Raft, writes have to go to (and be acknowledged by) all nodes -- More nodes = more chance that we will have to wait for some laggard +- More nodes = more network traffic - Bigger network = more latency @@ -2010,6 +2113,8 @@ Note: by default, when a container is destroyed (e.g. when scaling down), its lo --- +class: extra-details + ## Looking up where our container is running - The `docker service ps` command told us where our container was scheduled @@ -2029,6 +2134,8 @@ Note: by default, when a container is destroyed (e.g. when scaling down), its lo --- +class: extra-details + ## Viewing the logs of the container .exercise[ @@ -2149,6 +2256,8 @@ The latest version of the ElasticSearch image won't start without mandatory conf --- +class: extra-details + ![diagram showing what happens during docker service create, courtesy of @aluzzardi](docker-service-create.svg) --- @@ -2257,8 +2366,6 @@ There are many ways to deal with inbound traffic on a Swarm cluster. --- -name: here - ## Visualize container placement - Let's leverage the Docker API! @@ -2308,6 +2415,24 @@ it to Swarm and maintains it. --- +## Why This Is More Important Than You Think + +- The visualizer accesses the Docker API *from within a container* + +- This is a common pattern: run container management tools *in containers* + +- Instead of viewing your cluster, this could take care of logging, metrics, autoscaling ... + +- We can run it within a service, too! We don't do it, but the command would look like: + + ```bash + docker service create \ + --mount source=/var/run/docker.sock,type=bind,target=/var/run/docker.sock \ + --name viz --constraint node.role==manager ... + ``` + +--- + ## Terminate our services - Before moving on, we will remove those services @@ -2331,21 +2456,19 @@ it to Swarm and maintains it. class: title -# Our app on Swarm +Our app on Swarm --- ## What's on the menu? -In this part, we will cover: +In this part, we will: -- building images for our app, +- **build** images for our app, -- shipping those images with a registry, +- **ship** these images with a registry, -- running them through the services concept, - -- enabling inter-container communication with overlay networks. +- **run** services using these images. --- @@ -2353,9 +2476,9 @@ In this part, we will cover: - When we do `docker-compose up`, images are built for our services -- Those images are present only on the local node +- These images are present only on the local node -- We need those images to be distributed on the whole Swarm +- We need these images to be distributed on the whole Swarm - The easiest way to achieve that is to use a Docker registry @@ -2364,6 +2487,8 @@ In this part, we will cover: --- +class: extra-details + ## Build, ship, and run, for a single service If we had only one service (built from a `Dockerfile` in the @@ -2383,9 +2508,7 @@ We just have to adapt this to our application, which has 4 services! - Build on our local node (`node1`) -- Tag images with a version number - - (timestamp; git hash; semantic...) +- Tag images so that they are named `localhost:5000/servicename` - Upload them to a registry @@ -2556,22 +2679,24 @@ The curl command should now output: --- +class: manual-btp + ## Build, tag, and push our application container images -- Scriptery to the rescue! +- Compose has named our images `dockercoins_XXX` for each service + +- We need to retag them (to `127.0.0.1:5000/XXX:v1`) and push them .exercise[ -- Set `DOCKER_REGISTRY` and `TAG` environment variables to use our local registry - +- Set `REGISTRY` and `TAG` environment variables to use our local registry - And run this little for loop: ```bash - DOCKER_REGISTRY=127.0.0.1:5000 - TAG=v0.1 + REGISTRY=127.0.0.1:5000 + TAG=v1 for SERVICE in hasher rng webui worker; do - docker-compose build $SERVICE - docker tag dockercoins_$SERVICE $DOCKER_REGISTRY/dockercoins_$SERVICE:$TAG - docker push $DOCKER_REGISTRY/dockercoins_$SERVICE + docker tag dockercoins_$SERVICE $REGISTRY/$SERVICE:$TAG + docker push $REGISTRY/$SERVICE done ``` @@ -2579,12 +2704,16 @@ The curl command should now output: --- +class: manual-btp + # Overlay networks -- SwarmKit integrates with overlay networks, without requiring - an extra key/value store +- SwarmKit integrates with overlay networks -- Overlay networks are created the same way as before +- Networks are created with `docker network create` + +- Make sure to specify that you want an *overlay* network +
(otherwise you will get a local *bridge* network by default) .exercise[ @@ -2593,7 +2722,19 @@ The curl command should now output: docker network create --driver overlay dockercoins ``` -- Check existing networks: +] + +--- + +class: manual-btp + +## Viewing existing networks + +- Let's confirm that our network was created + +.exercise[ + +- List existing networks: ```bash docker network ls ``` @@ -2602,6 +2743,8 @@ The curl command should now output: --- +class: manual-btp + ## Can you spot the differences? The networks `dockercoins` and `ingress` are different from the other ones. @@ -2610,6 +2753,8 @@ Can you see how? -- +class: manual-btp + - They are using a different kind of ID, reflecting the fact that they are SwarmKit objects instead of "classic" Docker Engine objects. @@ -2619,6 +2764,8 @@ Can you see how? --- +class: manual-btp, extra-details + ## Caveats .warning[In Docker 1.12, you cannot join an overlay network with `docker run --net ...`.] @@ -2637,6 +2784,8 @@ It alters the code path for `docker run`, so it is allowed only under strict cir --- +class: manual-btp + ## Run the application - First, create the `redis` service; that one is using a Docker Hub image @@ -2652,6 +2801,8 @@ It alters the code path for `docker run`, so it is allowed only under strict cir --- +class: manual-btp + ## Run the other services - Then, start the other services one by one @@ -2662,11 +2813,11 @@ It alters the code path for `docker run`, so it is allowed only under strict cir - Start the other services: ```bash - DOCKER_REGISTRY=127.0.0.1:5000 - TAG=v0.1 + REGISTRY=127.0.0.1:5000 + TAG=v1 for SERVICE in hasher rng webui worker; do - docker service create --network dockercoins --name $SERVICE \ - $DOCKER_REGISTRY/dockercoins_$SERVICE:$TAG + docker service create --network dockercoins --detach=true \ + --name $SERVICE $REGISTRY/$SERVICE:$TAG done ``` @@ -2693,6 +2844,8 @@ It alters the code path for `docker run`, so it is allowed only under strict cir --- +class: manual-btp + ## Expose our application web UI - We need to connect to the `webui` service, but it is not publishing any port @@ -2703,7 +2856,7 @@ It alters the code path for `docker run`, so it is allowed only under strict cir - Update `webui` so that we can connect to it from outside: ```bash - docker service update webui --publish-add 8000:80 + docker service update webui --publish-add 8000:80 --detach=false ``` ] @@ -2713,6 +2866,8 @@ Note: to "de-publish" a port, you would have to specify the container port. --- +class: manual-btp + ## What happens when we modify a service? - Let's find out what happened to our `webui` service @@ -2727,6 +2882,8 @@ Note: to "de-publish" a port, you would have to specify the container port. -- +class: manual-btp + The first version of the service (the one that was not exposed) has been shutdown. It has been replaced by the new version, with port 80 accessible from outside. @@ -2747,10 +2904,6 @@ It has been replaced by the new version, with port 80 accessible from outside. ] -You might have to wait a bit for the container to be up and running. - -Check its status with `docker service ps webui`. - --- ## Scaling the application @@ -2763,7 +2916,7 @@ Check its status with `docker service ps webui`. - Bring up more workers: ```bash - docker service update worker --replicas 10 + docker service update worker --replicas 10 --detach=false ``` - Check the result in the web UI @@ -2801,7 +2954,7 @@ You should see the performance peaking at 10 hashes/s (like before). - Re-create the `rng` service with *global scheduling*: ```bash docker service create --name rng --network dockercoins --mode global \ - $DOCKER_REGISTRY/dockercoins_rng:$TAG + --detach=false $REGISTRY/rng:$TAG ``` - Look at the result in the web UI @@ -2810,6 +2963,8 @@ You should see the performance peaking at 10 hashes/s (like before). --- +class: extra-details + ## Why do we have to re-create the service to enable global scheduling? - Enabling it dynamically would make rolling updates semantics very complex @@ -3084,7 +3239,7 @@ version: "3" services: rng: build: dockercoins/rng - image: ${REGISTRY-127.0.0.1:5000}/rng:${COLON-latest} + image: ${REGISTRY-127.0.0.1:5000}/rng:${TAG-latest} deploy: mode: global ... @@ -3093,30 +3248,12 @@ services: ... worker: build: dockercoins/worker - image: ${REGISTRY-127.0.0.1:5000}/worker:${COLON-latest} + image: ${REGISTRY-127.0.0.1:5000}/worker:${TAG-latest} ... deploy: replicas: 10 ``` -??? - -## What's this `logging` section? - -- This application stack is setup to send logs to a local GELF receiver - -- We will use another "ready-to-use" Compose file to deploy an ELK stack - -- We won't give much more details about the ELK stack right now - - (But there is a chapter dedicated to it in another part!) - -- A given container can have only one logging driver at a time (for now) - -- As a result, the `gelf` driver is superseding the default `json-file` driver - -- ... Which means that the output of these containers won't show up in `docker logs` - --- ## Deploying the application @@ -3258,6 +3395,8 @@ See [this documentation page](https://docs.docker.com/compose/extends/) for more --- +class: extra-details + ## Good to know ... - Compose file version 3 adds the `deploy` section @@ -3355,6 +3494,8 @@ You should now be able to connect to port 8000 and see the DockerCoins web UI. --- +class: extra-details + ## Troubleshooting overlay networks +That's all folks! + +.small[.small[ + +Jérôme ([@jpetazzo](https://twitter.com/jpetazzo)) — [@docker](https://twitter.com/docker) + +AJ ([@s0ulshake](https://twitter.com/s0ulshake)) — *For hire!* +
+`curl cv.soulshake.net` + +]] - - @@ -6106,7 +6419,7 @@ class: title var slideshow = remark.create({ ratio: '16:9', highlightSpans: true, - excludedClasses: ["self-paced", "extra-details"] + excludedClasses: ["self-paced", "extra-details", "docker-machine", "node-info", "swarmtools", "secrets", "encryption-at-rest", "elk-manual", "prom-manual"] }); diff --git a/docs/mario-red-shell.png b/docs/mario-red-shell.png new file mode 100644 index 0000000000000000000000000000000000000000..bd34f9ed6dd78d6ae3e11fe9a9f139dd26a1f60e GIT binary patch literal 43055 zcmV)+K#0GIP)+Z~-e>QcHRl|2j4=t%zWuqr z-S@^fVdo1zAJ={FcQ5nK_93e3<7Dh10QXQ;-UKT{0ayh7+4|_wOUJ+CyC(nj%o)7mx*y^?SeX*%$BG0QuOwedJev4Od_Bg*f@`e{Y?4_wS*q z`dqHcPeEDT$@BRL^O9&@f~pdzYM`zGTZ5bphu^jD5WxC?AaMW-VBrG<08#tW5C9

r@(*Fy{{s~HZ`OwoKXCN>e_-$7x4#Xy zzU)(|gO#`*Pa}UktpU+kG*LXI+oo4eP&1Rso1XUFf z0)w0Zi~+0z!Ghp}Kx_yG@xejiPZ0qz0NYkrX#xTK`G*RhBLX-Ckr14vkX;BM1t!lvWH1mJ4EJO>_#pblZ@BT&o6O0hkK~U(SsnVR|L55k`q=>apL_f85B?x# zH=d@|cf4nVx3@o&=hfe$+5D4fI$KloDQG_Tfl*dITi6<8jL#OZfH;uzWfYMEg>p)q zfCQj4D1h*v@Tc{MUtE(UniomLe+{J{`#1rFKmv&3kYyAcDM*$9MGjZ=A;SS=JQ9pY z=dm>WJsAyuN;X&DRb1Ylf6-6<2mC%gdla4xkpITp1K;|Mxb)?pi(~)k*H6*G^owX- z{!N-p@1)5rSF;(ooB>q@Dl14``~Jci|1J*Xd>SB=vF(nPxL^IS1FJ z4-Q)cwSkltWDQ6x$XJl}fdL0F1Vlblh;0J`;wvF%!smUR1hM1;$A;k00I@(yKx%5z zh7Tlaf z7VK;&pPUa0=MO!c_!7tgVgU)kAmJoC3Ry$ovx@@6hU|inRRGx9XB&a|Pl*o>?k1Y1 zGIO233v3LIkaCtoP#PK7-TE34S`Yl z83s8AVh3{Y{e=Zs{BeX0=&T6Dg$yD7X=VzCHNdwq)1-X}B`pb>gHKS@HtrPv4By}) z%B2{j6+~-TrD37q#6txLJqw8gj0X#t9oR8QY0$6-SsDXtD}uGpFMx(!8iUQKK-v~6aQD@w|?N8{x0Z-2?^*o({52nC0G~rbRG8Nd=;LvAC?Xw0M>Er>1 zK(!UV&l+KNCt)Pf0qPBa@iJ&>8MfEM z?sSIp7cSwcC!WUDD_1c+n1Y?f3K(lpI0S_iRv55CPXH#04=;{Wd|9RllrfMgKx-h& zAVm&W^dP++BrhO?K4fWl&Mhx}hh16v`QH9?e)y+;BAsSF8z7&kZy)@&Z^y6x(7(Vd zzvgRi=h^I^U{=1$m37Xu66#eg@#0GNS;Ho94HFtB8TJ!(Cb5uN641O;H-c(fD^&&-~eZz zdK!;D`~=RQyNLaR2?`OcfpG!~n^0HfZxv&}^9sCo0G>>sXEPrhRRv{zaKJdQbJuhZOaYqJ05XE)fKv=;g1_v2 ztwc(}Dc>aLxdQSWt|*{-1t>4z@*X5BKv@RT3QlW)m8Xv=1(#*eqY?T?H{t3Ummhc- zk9_1IJof0*xV*IsXAIUsI0421bm>#M)e|Iqulx4!&qaMNqQ`q=>aM0tDH-~1}L zmDQ2Ddi7h?boQ+@tCq!BUq|(WtB_ zaOLtg&YZb`-N_6jgku8SE`;MC3=_yVHu+2dXTDNvKmZ-eJQLD~K?hPs005fI7t2HT z{g1HrziXa@iUJt)A)_(e^0=1er9W^>qaUhHo_vcsIH-?(|G#)PKtA5z-u8FC9-{TK z-r4W~D}LKy?kC&Vhp|csfNspF@{^F2L4;;KJnFU$sKMEub9G1%V0$>1A+v z4#|5!(TDW=;9d_XazJS~63lCd{n-rDvcjyIV^UVQx;w$#7|d&nd0C+{HYwUX1qDsk zN?Gp>EQS--;nS?bvTs|Oo`T|+g-oGx@!YMzi}VA_mLusYDdHo+wdEG2NP~_+0!V<+ zoXUVK2YNZA=t25JxbYZRUD}bA@sHZ2@xRekeR1PQfBY|9fAW`RQ22Xa`wgh`tWQ_2 zexFRHU(3@{+1h}s8Z<9K^9ocO=-R>=huV6&xrT$5He=Xu{kk3_A1TnFfa?$721D51 z08|tZO_({0Sy^I#X9rid_pm#eVSip>GOgg8gA)Jb763E|n*c@t`mrC7wsGcU24Vo5 zXW&ug(ItUkU8rFJ~}&bI^axc)o;5sv@!?|(Lfd_2AVfB*Nt zK=J#(k9uR{tJHM*V=^y$R2%e+L2qu5%`4En0#8fyW^?58Ik>FBu7+|JN(71lodYNs zF3-W^A@uSPJQ|?Pa?Bu@RVB7|_prTtfGfKPn9WMK+Cm3NbqS0m5XMAU5^81+oCHD) z2BfnPO4=R)W&nOy3qG3pLh5Mk@N%cHIsjDRzniFbn$WHf>-kI&fU@pswr_~&^(tB(A;pLjNd zeBAsJlPTzBpVHs`;QPOPZ|h30n$F;yMV@6?&T@>E#!vwx=fG7BCPoHN2XWzmszO1n z6_BMR&}al2<|xTw`(T2L7cSu3)m=;{b4X<{5?~XIO)yrFVF1RkE%}=P2q`~TB(yLu zk|CfcGPW}l?Euukr~*zo;86&K2z!dKX9+7V{Ad;sd4i%Z4GBa7&d?GX5i&~1E-*eI z#Dyk3KFCbkE}mjv;(vBSttavsh#Z6szyxOilmbP7h=n+NlAQf9GUn!bW8;S|eBEpI zj{N(dd^SKn9^O9khi^k!SDWU-g`+zcE<&mbEC6R3#c+Vp>I&ADmvMNdz@}yo;g$xP zE%J;&OMTGV7_v4%tr8P1)#h>P2MnC{QfGY*Hq*nq+c3XI{iLu{1O!`}=96~K85 zuTok|Q9>q+M8&AOWq>TO<^;I_B>^P^dnEo=SN;G?LR}#dXd;l3HW9cqUA4j33~1^k zwWV)Sf8tW;+WB9S5&j=R?;gUixqn0=C+%?f4=;VqS6(>uQ~&wd0Qn1t zalh@`;rcz!E?mA|PiCLR^YZo!SFb+r5tZL@F7M%LRikt@s5CI;96Q_F*w1rpudZNk zeFG;B4Y67J^+XTzD+z*GzU-@U%NM`u*&gIC;_W?u_gf%Z4fU0+*Q&jP|4SWAZ=hL8T-8w4pe{>n z@9*KUt*dx+c7V&S29o+;TA7h&cZ-8GvVk>Ok-tnc$Joha9Q} zFSm^KRf6t^-hp zwX^rVdiUTfd4H1AbPk@EP*n+@m!Ns+H5*1SsVh8GPw){bu?yEW%S7lG1$q#0Rb$OD zPEv;Bq%j7A#rYFMl>W)Mm~V%66p7#epCd?*&9lLA;^H-H}6h)7~J&-aQz|7X!Jfi7<^rE@%;O? zUh-+U@$dhGX9MKV`|Tay{4L10_F;S3EqZI`ht=-E=cxS&(aZ-2RTb2{1ZHz!<^u!~ z0tK)q27iJI55k}hFKY(E4XTHmImbE_GUuSgf#HI2i1-^h^S7~hZEHh51pC9-ux%wd zWb6^3W{l^2nZ!*7@c}}f_Ui?QwLgR;4pIr+j^L5n;Wv8>Lj)GVy>r3sg+_mwpbLWH zpd2I$f$vKtW`K1xfe2~Cgqe#865!BUz=j8ILq=2t(gYq6C@;W%Dl!P?5Z!|m1Grw_!{ejjhirfFnqoG2-&3cq$KC(z6DO0XkNbY(>%I>9+y$Vg z@6q0himVxfp}&tMhLQ++I3 zK?Vn{9JCTB?X!j|TKH5XWRD2XDjxvMQRGC8`-s1O8Pu35Fo^x%nFvG-A@aUgXz^ZQ zPxWYc!WB^0f=4ofVUIZto!}@GiUC1o-lTyQ2dWA~*ng}tf5`n~AVpHQ`3zipdOF)0WW3c5nczDWNP51c z5=hSA>(`)GhX8<+{Sj{0Jrq?1O%}Pf$P0n$iASC?{{qMUp@nS&6F0c+_!Oi*)B zef{IPSzv!~p%k1_aG{$Q6|H;x=O{3HMJqV1fWlKsmf~$sglz^Y=KvuH`>z$9dCQ;X zUHf;X15-Cz1Nq0r1%oo>A6xL-5(&YKI0^;K};=!d#wIx(MNKv=J+TY|9{_am)&~zxDMVgyF{#)*uzEKTG+J8f)9G{c{{Fu;>xXXa z-~aw+1LV(+RJ{(xkNsPi%|myp?VTT2+q?JD{uG#3KwbNwh=BnE4FjbNSi7e0Ab483 zJ~Bl1!h7(*&IDKY4sdfZ#JUk^s*xAI5pU3*7!=%MsH6bOk|`jg$rzmZL&RCQl{0_f zk%cT0KJS~F7(faX&92zHj!>q++8mpb~L_tXVfY2Jk3K9Z^bO;vWz+2&9ZyF#v75WQdpGCuE;L9><8N!h|FRhac z$bt|YUt9^U=b-rvJfDFN4qlRNU;WnvckJ@lf6cQ2@@IOR)NrH0E$ZskAJ;oOFQ$Vj zP?kP8tS1<ppT@L9u^9nG;f! zT7WG$`5>sHVq+T1BWW^%7a);lU$YlMki`CDZ|bH%c{rTP-}2EyR5E|dvu3dN!YSQj zYzUBrgJ+qrO9Ch2J$rQqWQ7-2Wf`C||MRq`s|#r_?^3NGi=sG7skVty-2Pi0$}}C| zTuO!Tp5h;8Eu^Sv^raTBqp`tzm@SA+U`tnC>p!1?=Tq=>`UO0l{r~J}yng9hzTw#b z`Jc)jU-1O)yZfklK^w#5hPD%%7u1+yaUO=o9#cW58W^ z;e+q~0H%BUxTP3kSp+#-C>F2|{3J!OpN%~>uCWkl8d-lx5HbU?zx9Q~Hz@{XUU(D_ zC4xUy>`CGc-Y5xk1$ zOSqha=QGfB_N8ij>$^>s_b+_&$8V5)T%lNh{PkZCSz6juTiZXTclJLwoA}_M+JIef z6|oLVEXY~7%KshK!j|GoVDdvQK0HG2(_e-&2NmA=J8#7%H16z;F*Fr2?Vz%DkQd=v z4pVW~NdvB_sm)0dIQKWaFRgUwFG7hD|I{Hsh}vEx{7;Bg`yP7$3S}2Zzg-Rhfq*A9 zo)*Eb@+g>f4#!1dJT9QeeeZFlG#qnqf^V||MdS+9qH3{D48NO4yTW_Sn9QN)@}62^ z!_Ua6)sI+ee7`&*Ld~GDQCS9BePkIo>;wO}2!iL4sShSE{G@mP{pZ{z|MG2bf0k%JCF>!G@I`Jd>${V!CL*mDG1Ph%n0fkTJrjDX3r@0^jAKAr(QQc!o^iu%MU zyzi%e7Otvr!(bglC&<|PvI_AQZcU>}hnYq^FA?r!ZXnO7NFwb^EJ^~Ssl}8+Ac+S? zY&dYBW>5%0b3hxUOd{m!{9`K|ib7#^?rK5;)Hno_bKYQ^NI;nYF7RR`;juVrtWhEGS)Bv2MdVjL zAOtHhWbU6g#Z-u*?->2@J0I;o{?Ru+`7eJ6r@r;?JsTj4Z}0rpzlVA}%JRn^{YUCx z^0jI*C9WzUc;2!z5a)x#n?Z-EFa@6{7mT14Km|ZY*U`WC1-S3w$MDpnkK?E+a5O8B zn|Xk66Y^eskrO_;FS}xC5u4Uzu0i2oN4S=`ogKj6tRx7*#LbkQLZjOVWEBVXUUJhr z0+a)RL6rsdG?r&|!@IIf*oT9&0w)BeLaFA&*ZpEWyVu!}5d`eWKS$PrlmjW}54yGf zPw~8W5(lB6$BzLY^daJ$*NAA}4~de7@74GQt2k|shIlRnqyZd3gaN9(a=!F0f+AW4 z^AFB$x&5i$BM-dy*&gJYDfu_!u7CMM$ew)stJP%k&3ZD)xQd3*L8KFw&9KBZ0s=)| zCJPae^V4z402%d=Kj$t?hhx0|&3^#07B>|`jGaZ6S+JIv5ZZvy3CBv2-@6f!o>;bo z8jJ$X!uJ)_22yk<(QSXhL3<7zVBkDDh-lwbD_@FHp_*ME+$%tX9;jD9dIhMLV;STn z8%z+zxB|hn6j_BO-)*zjQcir?N!m2^9{QooanhqU4=Gdnw&#ek*MUxTY&=bn* z)=f;Wsk$X*5`dypq)Xjk#2b4X3s?gZZ?A;10#y}wHoIBv@BILDcI?vYU-N8$#J9J8 z=RZOI^i%lAYrpnWcryJiJ(&!3XvWD|Fl@6nApYqjP$r^_dMpVvfSkd{4-oZ1WlQ;&%mrQuvR<;M(JiiC@O=f z9MCx^%fNXK%JZ;4M1>(@2o$Y>q8%&>hbEpvKSaI{k^lpP6~r)H#ek#cVu*7g5o#;1 z$V*f3>C}qP_QnFW1(_ObeSlC|f#&niRMUg+wBx1T#cz7uvjGAC`K5E1Z){%2ll>o1 z)9DE=y*aes#1wFK@hb$H{TeQyR#qU!Kk>`}a)Mg!qyL;cG0{2xe_Ej;g+>g$S%%K^Wrc z1ouyF$k;bTN(r&AsVOPFkaZ%?_amtWHljVuAcXRb+qnd3f3th+fk3?)=oiQfjsDa? z*thz1#@H)sxXOBCYW9elFE^dPK%Db^163LxASK8XC2;O_vKYuE4B^nbLvB>@4EUqU-Xgu z{Fy)gE1N;y{13kqeEAaci|0OCQ3<=1Ufzs{vnP~0FK@`+*mBM^O0!->DBQ4R70(H0f9wdXn zNDd4WbU!x<(HCktQ3?*))5CQ;@1QL6H+)fq$+*uVR1~0I0WNYZM@cNa+sHl~Y#C@B zfbTJ4DHnfMuK*W5D{+y7dbuy>w9i_?;ax=zR|e!ElLW^_2^@G*zEt$RO3db|N-X^D zx&v~J)iqGoz-)FsPY(X6&3bDWU-#92H8Y6bx{PXlLjO0FnFFRtHLCg@luzVBkLe7TNNFj3s zEd^;`a(T`Z14Rw=3aCL3t6TfwVfd`HQ(DYRgJEsqoPbF|vk_99(X z;4tez*yTs$TE}w}AlxAIVe+Vz6+l#2m)z?izvV{E#>@D?Ti*@`hZFe#16JOUT1iWb zpkR_7*R`$|G zF%~2tC`@1$+YmTl4;vFfj0-kFVXhIxQ_W=+2a6C;<{H-saVjaF;=j)$qbeZ=2DmrV;4BAa9({r^ z*b$_tK}8QT=%KF^loMFZp17zP)2fE6YPh=gnK8>fQr0|yb`A5ENj$Nyr;(q!4mffY_rLvJs7#IHSq~$fBV!*RqKd^TI4w5?mR%T0v%P2o#l!6@2*@OzFsm z)pphZWeu9mK7$YTzxvQm{zp9ZkH6zDe+J3+cftL^E3#_-`I!lh>T%c?Tr%RHZPp0L z6~%@<@}~mIG#ntm<2GEnx`RhP_z@IfT-P5Vhagj7l1ouCi{@hrKDb<{aP|pYv~CL? zz2bzh70HU88bX@=*DDHYI`-FNY~+c3gWHVekqjFXjfPf%qVAzy%5o5S&X%nWFz`iAfVN?mL}J@23aO>5#NY^%?KoqgW&*AuIs;`nI4{CPeE{nBA%h{*ppT)I z=J8OGV?P6`(!kCA>rz4?J~oBfLS2gAClsRlPGnDkG}6iAOI(Oee@JVO9+tQKo~bT#a*$HBGQ;TInP@4 zBvZdwS%d?Wnng=J=bqg zL52hHc!3d|5>%up_*5 z!BbMa<_EO_&1Wk-n|yt>ve`fXEwBH}l|g>#YrhUlXCKGG=CLo;Rrvy6T3N7jZNK5r zP(mgA-9wY%Ts8Z|spZLO1$}58yt#=7fAg&HsGXuCfq{{hR`J%AP?p7V3vH9`8~Bi^0v|(^FS{sC)RhjIPl1Qxo#|JW z(93cZ%$NmO)n$asnBfNJX*afVUXxxF-qpqV5>~9An3K^UWgs??7gez92^=xU%Dab& z|M?vC=mGho(1W>nA;ifz5d;=wLsnteNC-S0?^-EyybKc;6)`@efW?hj1P`LABi&$itGi6Q*$&aMO-KsDD2!* z3@&o$>rP<5GI;9YN1#DC-X9`Y48^V$|1{>yob(qhXUGRf`|k}g50Q8mC+X27EtF%R z1mz0L#1`33~=E3g~_hdT9(=T|sZqhjs!|Uc=7) z0(&{5nol53V6N<-zPbZjRvtnw3Q$pidp+ORgy}kp9w;w>qG(pXq3^flqURAVpGk6X zo;QR?&O<+?oT)A`=W7as-A3%v~cVz^RPZ9rTWSw#rUL==zgeE1GNWl1` zg;eBXiLb?@uT^va5m2JjZOgRCjEtHR5sE8rgLo;rop>!e#nMZMGDZMqMkat=Swep} z#M1r@2azdj9cJSJF70e#Y3l;A%Nc66Fta(Zxq*Cn zUGB}CCtLc^@|}t)PH|WN+Pf)5gNbA7%+Jy60;JB#K&wFNN|eqEn<2NH`w25D2VWcCb%K(cvVZS9uOD!Yv(P z-o$_bN`shTD+BxJQ#il7jjMwkOav7+)6NfO7+krEo|%GN?KKy*0ff9xB(im*hQ2}6 z(f~(7bq+mP1CIx29Boh4Jhw6MW53x@OVFBNgrC#R$UwXzBX7%>z}#l|`1qn#4Je0F z#q7jQzxHj21nb9GgIk}@^OwyMAeQ;N-bL@=DU>mi5k zYRa&~&%>=b=*Us*%xgS;|HB|KHU}dxa{y5SBpfTqXw0BgTvOW`U!j%M`pgj~iDpT|Sl~A_DtRcz4L}dAD1rFty8jXOZA?k}kh!vT^ zPOx)y9e;9p7u7@OaOCn1#y9PNrn|7S1DMGX=*>;&a}^H14ZR=PkoCQsSJ+SC#RQa+gByK#85*91`1yz!0joBXh=n(P zDCeJ%UA=fOSLNG3p)<&HE?z}BUS8@=_WxPGoZhVK3YoFc66owA;A9XOr|05aW4zof zh;hL@nSFz;mPW{5@En}k-p2cX|BuiY!riMISW=7(HgT(=hGL?!w!v=YvAocWv>BrD ze+tSuLNZUGBx`UoagXH`+IdK0NW!go9K}XF(}8)L2dYW7VBh2aPORYe4>0}cBe;LE zhiNZw<~tM`|8i-Bt?>}`_7wTq%fNgB5d&uoY;EC0z{q z1CBT4WGoS5%!@=aVgg_^>;vlbdxYe&5r&g+2}$hjQWK1XTZbA|gFcXw!sFg9) z#yTGPt=~myDr^=bjPo2C79mRq6i7lZf`;xvjd^tNoTcDk4(hT>Kz>>uUr4mUhNQHh zwBJxsH$jayJDxB~f6hV%X?=Xte#lE{8*R9?n3@WcO!)>@XULqx&{UY|3{|F3W*U#( zcnnuB@8IO4mvH3jK9+9YLvMNj%nv}bDP(g4dU-j}Omct~SosXb#BkJVUpPMd3)zFL z@fU$nK4=2Dvh^CKz|nGm569V&{DbtN*A;j;*w1xyV!pMKtT zzx`i+n5_BeCuE8Bv#t`PO3T^5k1?0+W%Hxou9d<}0CnA)duH7vepF9qA zsO1dV+B)V;IQ!`100@WreH2PTS=-dI&5AKjQg~>x;k<(Hf`??7;+AXZx5(8&m;qzPyDOtpU4~ z;ZG(x&h$qxS%#g%>zJ%8Vf)+_och2=v9`U7@l6LltIQ^_8;6jsuR{$7{^!TX&g>1g zL5OXIgv|+*mZL^NjGu4B%qtQ04Ieva0r5^W6ln3n4&oG;ZTs3w3?B-K!k5=%`~~Sk zFY5QJI1eM&)%84|{`F$}(huGLBR_^azVYinu>ypu3QJp;?_^tlrm{7Zb71FM2aIM) z9#;TFDtnVqeB~2pC5{9fZ|yt>A32Omm#^T;xr@+HI5Zggm1rCSDQ2He2~9~OjfOTN zjuI%C+CY)^<97RIk~KPILTEZ2H8*1LJ4pJSblq|iV4*3c)Hn*sa|3~x8t&>PT-x1- z(F#f_sM#DRW^;^B--7jHM{)ej(|GLcWqiPlaCtC<9rkhI=9AdJx`R`XU&68N11#UZ zk77Cj&!*_jX3!fO(925!zRjC#+dPI4)$yXD&>LB*A<#hw;@{yEC`fUgGmy;q$viyA z3gi`z&WWeT)s#oltzT-di9{lj`CsYRc*>C;( z=)Lu~QQh5SO+_wqdIpUTeb1}b|Um<6_$G%SY83$a4Y(^-i13Je*{P0`yqT_ zYYPu8ub|3v?5{85;b9+pPn^T)_dJN@tvw8HoIq6*m~w_}zKLRG8QkxCl&dJ3n?3f4 zjX_C=0bt;m8@GB$q~|ak)#3NIfMQsu`~~Se?Oq~$>m0}d&IP?sJP(l2uDE6tAi};B zt{p^KP+h)|Cwrg5Rr#h*tP*Qy8hzY^P zTp-P%(m5kr83BVnp1AKJSU9ZpdKhNf|3A3Bg(Z|nab0q&*Jy(WvALu~=Yh1$iJ1Z2 zc}YWp41IkvXlyb;v)Z{WuQ;q?W2Aje;+l?b;CfArg*%vF=gMX5s4%AxU}-YLV7&+Q zN04FwTH63^9K+hN(|Fmt-i7NPd>rrTjd5jZ1Tz}o?CsZM@99f8{m@w)-`NLG51{9B zP&EUUo6sw(P{X08;%7S4{GR?n&V}9Vt#hR4+M{g2c2#0ytr%P>Z+mJi#Ce|qYb~s^ zu!jA=Ti=e56EAdh!FK?F3j;BNfP-WtO5b5Eq&ASM?(=N+*(ZPI=il_;_k162`=0Oq z#0U_Y&!F=BWn9;HDQBAUN^GksmlWD{(pk|Rv%GWu8KKY|D<+WEaI0%LuojojT>!vX z@AZ*0Ly_}XlW?1g0@*SCFF2|M!**G*K`;esn7NX&eN{3Ch_G*vk9L~)xJV}M_X`0L zs|R1Yx3qhCh8aQ}`$$~A*(}L)FgrWAy0eR^)?wI2*r*M%;Totn0_nmx+`S%f%N-~- z4&$clK7h49`eS_H@)jOBv;m_vc269}14~29p1z1v?|lHv2NR&2!PRrvs)SxygBp&Y zGCzB9N_lG_8xL>LyeR8UGPG`diADK+C9oP~G{n@9+EeD8C74=ZYYAl%K@7uEG_9W50uqoWy zTb$FPnwvg>0w*XomXZt>o8~<93ULK<^nYSbnhFj97rba2NHW>F6!qjS9i=r~Yx}ac zagDIIttyzSS8?TF4wGrXIjG8F)mW&}0O-d?JCGqW4IDlS^(o6(KXx21{k=cH`coJ2 zp^Y`{_X^Z2V>~tl!i|fwlJ5xz7y?o0`6 zEPbqnNC~N?aI+cQd=4r7yDcl2s)ngtun)40xGJuQQ(+Yy1<7zEe@4{(Ps{zZR+3%zvB?fZ!?4y| zNO^YZ$`Z~$^dRQt9R0k9alh~T4{Dq?6CM>B!ebhM;0Q}n>mC?IQE3AnR~{@NSKg>O znYi0%EP|OB06U$+&StQ)3T9Tr z%xc)u!a9e__;-oVM3Ey~9)q(Sy|q{f!;~Q7%fytBlh6A9N1rPl{tcLMq6F5|kB$1#4(AL2u2FW{lgb(DFAy~FEx zuwP*E^m&~6!2MX7&Cv@68qTbMR0fzDQqCZ=DePW=LOto1buh~;~P(-cX$)SqleKub_D&C$Ds#9sHG7o%ROAI zvsM;B;kgVDsLV>pWCA&V9(3^{csl>|`3qlj!|c{u&pi3P-(gPOdiTd?fK<*w9Xc{{ zSFe15GBt778cPT!WznT1@T$BSbsH_xR3%YpLr`%+CVV}tmPRP+3Kz~i4F|${-}fKU zE+h6Dt{E~$cv8B9zGkY6&g`R^MT8Qm5lW$*zDruVVF9vk@<(7Khg|`YlqW7CWt`*~ z|IIdd4tw^hH*A9l+`&G!wzn_|U+t{J%B(_fV+}kWd#h3odk3ubl#ke8XTfrGbq##) zCu8}@QGC+xy$u^5c^Ds98ew~Bh;lr@6E~j1J})744Sl!*D-F!1z+@k0 ze;@VEF6!-V*qvRNt$kE`Gfbv64oZsy>re_XXN7V!Kyk-03{D=$(k(aOy4!EY@aPfr zR#(tlS@CMc;1?DtHu3ThYSG7t1Ofyn-YigtV_1bPKH4f{I)Yb==vA44e3&yD5YnMPVS{_jJm!YILi9|Z0K(hy0JBU#Fs6?-xQAaN# z0>Jw0B9aUh<9fd2WAZfIhVh!tOd7^Y*p)6p@#o#wT|>8F=ir=!+u6d_!2zo9J1A?h z=^WJZ2s|2xTbDx?w#_0w_@e=Nvxc@4!z}Ns1U%?(Cw(TERDoTA~11h4nhmJ5C=Aer0fU)l4puUZX%+a z0DOrE-=~&_zv#rh;gJVF@(2;R8*jbye{X>N{5O0P%7^YlcI4Qnb6qd7SYHoEmy)Cb zg>;wP`_ji}i&ij&#-b;BOHr0VjfS{z_GwIKbL6bBnrChAKokXk4OIm#h*x6ji1Cs&=7cS$v?QIM!V6X0DGOMsBf-Nw%bcX4n6{yt}Y}|SiZoBzL z9J%9GtQKOa$YcNY=j831#k?T+4_+58k_4qN2*4Lnm zUf6>Y*3fZWM;Bhipnhz<#NuFx6tJoFt z*+mi7N`qo~3>hrJWj+5q28R%5YS;#8D&gu9WL6W9@Z8-l-ajH)70tu23YR;24 zW+r6)472G0u3p}PfY8sBFUut8nd8q9uP14qK%`|AC2%h~a}NYc2xPIDNAo!kJGLcV zn?AZ^#%6dJ=Q5nIcpK7WY|!IUAlsBjaNhk~_V;jgcMtQ>H(_35wYE@8W5{S3jx(4# z$OoJS>JqM+!5nyc(g#qu4rqb)oU*@J5p+-C(v{1YPUip!D@wJua54jI_I|{J-qdmN zVNgl~hbM?v{7Gxp&~im246;IrNUALpq@9XOcmV~8@k2sCi6ugm9yhi;%Fi5> zwQz8#ceinMGJ_3IL{`^WV+CGW29K9K6|91nm%7?7|+c^E-$R>a00D0?Me;+3{2G|#U)4>A|e&_VeQ=cr>_>~2*(+*T-P9Waq zat_Tpr9FdRd)W+}ZMfV;1Hu+hJaPt=so?;vKvKWJ$h7jk4GFZg^lVbn!9YkB-Q2qr zctJ9~ZU%%Q`?2#6f;l*H2q-S5M0;2$<#sitb1++5 z*qT;;Ym_)-vl4@%fUIu-gFak6gUk;g)f9GKLgrK0$pqETF6KKsD6j5df9C*`gA)6e zakbyWO~9w8!! zO*s{)Iq`cUK9yb+kS5qT(UVY`P}2H|2_(L!MR2}B8jIBSB4}h3!KKXqe>6y538GCA zc}=eAq0`^^OL*c(zUa>{K;H3(Z-cR}*qfOz%yRn2Za%-;lyk5Ml=%4u2Y5F&>6FYo zD2Zx`!69jLEsea}k^?D$EoV4?;Y!1AG)~}J?q|v(XQ!txfg=kjg??$E zH#R_PtB`sE+22P!Ie?i=Q5_sW_I6QiZDV$27n8ji_DhFLS&r@TDrU<|kfkw3hc|Hj z^`~&%U3cKn4X4o`kAqe{>^W50!?ID2B5l7AGX%wwFJT45An+L$owAEN>4X~XPXpn` zelz*H&H+z&dd-}R1IieaZ1Xh^l2pDqZm@q zEI4=m0?uCA3b(ajW^HKlrGuF_A4QFaOI!bx1{I-Ow9-%{Gmccm(Rf(<23wu}a(4Y{;gg_?`YTRX%-ZyH+u zXK;JL#_Q6$HY+tj6w0xX{XD41FDJ;4TjyT$;h(toiQ8ZI2JHXt-}tiy$Xnk0dsrU# zP#b%5k@3IGGyVBlrfBQRHuf%WHSX+weVPPXcOrxd`T`gH!J=!4r)fx|Ttk?EI}un* zFj`Q~rue|4XECWvv#t4jRim;FJ;lkBwjel)h=|c?(5h5qf308 zU4oP)l>$T>w-)wh9-kqQAE|5m+CTYsw_iMc^PeGuyy-XJg5`06+PJ&4=6|1Q^^zjj z00ieQ?qdI7hGA^V1JTYU*+3SRgyN&e1^k}K2aW}zQ6)%%)YjH`d}|wzY#lVySPfvS ztgv5J7!G=Vk}m=kIZk1;;gTm%63|2vKPQ)dBFH4Z+&&Gq^ltv3BRs1_E4h-v# zZ)JN4#(<#2EIc0W#A^WQ;ZL$anqeE4Qc36Qk`PI|Wmwzrx3Y>99c@rBNjz!26yXb% zqHmc@&38Wf;D_yvx83tU9w2Y|-8W-A&M~j*=jNII39b0vJkww%Oeb?Zb><@S*$me3m1=zv{P>9Byh3(-(xA%_<)c=IfwadiVt7dhKS(aVUFqC;$dsCZwxL> z=U5-~K#eVc4^WQM+D3tt!nzC1U#FjzWIaNwV^1@SZ#v_kGtwXY5#T6`BmtEFQ$)fB z0I!}Ca&VRt;|~gzvhz2n@~)fp&K9<66LjB#o^{Z!#P$32POivXNLNw{+V;#{nHPH%8svULrN4XakEW zF^XG+a3!sB+wY+UoQ)%Z^fqmW9u0C8f`HO#dJK%_lJ4rdC1H@qe;4VJXPM}A{es_< z=jxZ<_rCYw1uwYwzaJpK{ae3@;ULF+UO%@e^iOH6o~M=ao~_Pe|6qdM%Ud|%N^dKZ z$R=$#fm)<#$wgc{`)Hc?Fi;MM%u2944uh}9ukPW(%-}ON#`x^#oyO%qIfI|Nu!C(8 zT-cl7#+5O&W>^T=g+@B*b9_DBPGLL2!4XO0Ynpdonn_zq$5mp18soR*dW??9BJS5~ z8jgm!9&YQ#2%#-O;^30Rf|Vze30XK(V{hC4j`5P#im~oe%Qw+9oqmOKZcE+IZj;I#d#52n3tH(OALm6KT#K-i5v&R zFG|Y0q>O5<k_;BgVti6LNRt7!ThISPLjiAKW`2LA-4O#J; z5*BTLnRpO*ntrsyOtMg$30wmOGrW$)>*yJzf{DNh%4)Qu08BovWFpR~m|N>I<_|0{y7$+>jDN74)f z>C95%G(L%<=4*-QD;|I7zMs*WANW%<$nX62Z(}kqv!!AGAL>lKQYnH8PjsAaTIaB} zJH`Iop$^+;Yj`<=O6~$1n(xN>zFD=F4A!NsGrdOHV0${p2lwWoO=sX^ z8#ujIV0?axeG!~LnBmx(1?!f2;=(+pedb)pL4-I?@fRlCkXHN@_2L0`OZSGL-3YLN zW~HWbL2+nXrxm|z7I2}QAm`w$gQ*Q%Rl-dsu-iL$cz1>~)Wh1z<2d=eyK(&|y#Sjx zoW@{fIh07z)lmluNP_=2#@Z@aAcYJO1DO$mM)|-A2v(eKH*S;*Rz!rP-$70-q|$3=2FxBtyY;$!n`tl_X2G0Yga!X{al4%e6FLeFG7`cyp!y zeILE=eb)xaZ~xBkVtt%rcfwzuY5jVwn3*`#rb%B3fvFAV7MK`^Rd%QVR6eQnx(1#3n%_?5aQ!75T3f~1`6(`m;9ObZ&a#5m zeOLi%iJGL)9CPv{Q&({iZ?for)yz;tntkamrs0N!m#7um-q!DI5BRzeU@gI!Ruw5B zaIJ9=Yl4Kef|<@y?@uw?n_{;#xV*B0{pa6{Pkr$x;nef)!P4PFzOSIL-Ym>5sOc{x zp?tKIc1{8$21(mr#D1hT-R@+Jh2IfKkfsh3bm7DF-;=SnToVxT3=FJ@HcE$%)Eso@ zu9=QE4R}%}HRV@ANpaGJ;yW>!4Bw*l5JA4=!qtPHAi~9K0z{GE>fZdhMXvvGmg$jy zV!6?X`z4kR%!FR9-~_l@G1k~Zu`d_upp#G`McK&g4nY#VmL!$nhF?^P#eP-df&CJ< zuPc1pCUNZ%MrmWG{+3j3W7Rs=g0mA4Y35K{=+C?2r{P%dFxo&gb5*Sm*o5fu; z4T&e8lmYBZRy845O+0MWH1!xY|4tirm|W7pPH(wP(|nIzu! zuJi8!&Pia|8 z7n%V1e}3kdG3sZSRpymS@fT^Wy?!W8SW}oTtb;mwXbH;$jYke9_~`y6+;jRkG_^B{ z8m&bY2UCU!3Q@eh!(fQTfyH7{Rd`^(#7!$BtoL(R>zWtB!opnLL4Mm!IJUNgwToA9 zAcC{=5;srh$i@R$0Cn6v94YWlx`#Sa#bOQ>Akq=CHG?e`co(d1Avsb2}@`n?d}e0 zq^4~qZ;h`xMDAkA6hB9)dM{no0O}6*I(m#nSg3n9T!Z*Eo53VaB@5Xjy}4Z*AT8%6 z{G32sjb?H|hU|6e{?C}b1On@wu-mNf9IUkoX>y_eP0*|M^VH!865&NJzpZz;36S-1 z58DUj(LqmtYo>L-xqTO@$;p$nwmQNs*Kgpd4=8-#;x=wv8zJkDQJI#1Wk6sd-y0;R z3h{Z2c5Na8F&2*=%rO(-j*Vr{mr1Z{2Z249K(xZ@jmL2O;#Hi5V9PojOlBxX{l=(K z!ny=!rI`v#2T5tEhz$XRx+Rl@9;8!7g%{6;Y~ey+IBVdXfvF8lX&|LRH8t3o8f=lm z?C>T=pZ#2%eECapb`HS_4TKwLR&_E5sia?6$SUo` zyq%CY4LY^iwOdYI3(zjIaXSGbvH;JbnPK>^v7Nr5Rh=fm5fMJymP!&d`jVDgO@AUy z86I`(&Phjj6~89>l)13aJa!nh1CjH1l9rK-7&*L zo=Asi7AhcmMo4mlP(qHg5e1|Km-muLm>3+r{pK=O&RxMo1n0{Nr{^VlqrU&T@G90}K&QjcX;yIu zLZyVp8V$-OaBwgISfFrY+3=!J2vieF1XEeeXBO48#!e~N9S%XyyAx|KdOn`>q8DKO z`cudTgJy8&nqeMy<`rFOYP%jS>L^_3;Z&SpM_5*I8$|G=!j%3&3B9BmLeALnp0BJ(g8& zp+{l%eT6lqE#u-I8gd}|$Ao6MYXMW+oV%TF$=kkS$`7TaPoYN_OG&2u& z_(Xo487qZ5Uw9`z`xT#o|MF9p@RrBU;|nxnxV!`b!-#~QAlP||&mzr60r7Ivx~}lh zL5btTK8}p~&4YDGA0sSa=TPnJ!9Zi>`ja?y?kX-paLHQiPG%Sl3r~7X0+7R0KZ>^~ z^hhlJPm|nO@$s0(SVG_k&7KMgvx};7sOJXzrC`55gt_@fEPwLzar^V1gG0C8gx+}U zb=wFI=**otNxS$m1yQJZQDer4RSXmR;83dT2trANo;KVe2%E+{rGs#4)O~F+Mb}Oo z7UmQYLQR9ibtkSNczl*^U0a%#+=V{GwOPnDJxRFD;}k3TekYNcAf0C3S_5ND$SjE{ zi#Y_3yGH&S`DHAWEc0nxH~`2gO=59rry8z~@>gl)n>y*hcG55)(|<<@5@L}sW27b;$)8X+Cpm%0pSUcj{H1^$Ol83@{J&r zONo9(i7&6hQLt8EYX?^v%x4A@0~`#7&^OMUqVgR2&Et^sIbhl4FKvK{*Gm9fPE<;57I(VUDJ5eGYJNsAuuGByt;)i zlcdp>(3iRPfG6dbKk(A@6e0raZ0mTFh^kxy<2JoU`2WX#!_+m5@&7*}ZfNZYl}Ad4 zp}>$PW>9e4UmV_tA8~_b0t(HyE9Sddabh|_-ETzvL zwxh-(maFYf#b{OJvxZWtAzij+&MJ|*CdgGVV`J(vW{J955290GOsp zmn1Vsq%YRls%aN&(x@lrpGfIk5h{_-WTwq7_Z}Tv(6~d;K^lzRg}oc3au6H_Bf=Mc z@#o{n@k99epZW#-?n95_hP@f?S|8!a#u9YD57C5K36K$JW1#C2JI>(Y(%{C86)451 zo#%Ba^7E87bNgRN$N)RrC~Cp@u3K@#*^9Uc!IpElv_Hk5pF_jftwzE!`tYpSFl84- zo*LsEDl4c;3u6WI%3?M*m>Gw8uMfR>2+Mceg5&o-51Th#kM&b0&>IcGD)TQUF|2C$ ziNswaBCXXAb^M@WFfg!agOkcm34tG#1V>c%CG!hHw=8RigUPW^U0R-z_?l`vbLSdnuyYR9*krgXu-3s^ z!@$~r}oZOn=rqv;itqn2g^>C08Xbxy% zJW>g!#2Al<*sJ4#7GweK$`XMM1IVp~pR zb*OPNOpzr?;oC5+hU-GKXq)TUO#7@6vV$>A=JvpWG(^p&@m?swTvAFo>$3`yQmd{_ z1J^q1U`)(V*0VLNZGH|BL1!8uK!=(no^M6UH}1qOTR6DZNZ5zySJEil0>Se+83wkC zuyD=%BXWu;4$ndf!IXhA70L$2iR(|}HQ)3ayyVkgg5Uks-^P9K{s7Kg*unahecZI% z!_n0t_WA|R8^QfsGZcdy<%n@kY?w&8ap!}5b4LB8=)oV@og z9D2*Ua3F&7RgJZJ4vcc-)(--$b(mLzxv{9{H73SkUOUvBfd)g2Z#;pccie*Oo_jae zPo2Qh;Y}37p?CHOE0G%tOF)=hKo6Q#YYFSLWw-iH=-OEXb(`Th`EHn|3nf{j%}^bR zM_M{{OSpyRqC>S2v`d{^J%CFPCIJ?v-7bMZT^l%Q#t40a4J+1MgI>9IKV&%MHUxxi z2CPZn689K}(kcEt->h4dWrez`QPrkF_F~g-LxzdJx7G?pk;51ZZsfw+GcICp6UA<< zyklzOwJZ#1CVDOi8?@+F9%ddACYru^Z>5SZe7+gwNADz6_!mwLa?-fx1<%7xx801# z9)1Mxd)vEl|9d}-_da*>C;r#YCG>0@8dIJlBBlxv!3}_-~_JXR> z&Ly1s!{5Wrhc>acI>6)G6R>r7WP5^L4dm7VwS}u4DhEL47#=x_;o(C#eBwBc-g5`m zP8`S5;X~++$Kc>|8|!+TZgx!=v(hZ<;ijfe=MX9BkD!tUxkXQ6-EfV88YTMhL?`ay zTU?7^F?+CtqJaT*wAhPO5TXUzcNpF^jd0Unv_m;sQ2P0PAwa9fG`Dt~e*3;77*r%g zR1pb{v~7aPMpsFRaIS-~7RHz+Nb0(VF&1@gFfS`qWsTa{K!4)I{#jaMxzHm|XLERw zA0y8*e`x?N#5XssBO@QD+$>m)`Td{jwLF^zMk1yBA zX&Iyn0Kwwk))*C$3yOW<8dt_N1SVMXa)z-k~BAEi)pK{%_+2WDWbsb?do4h6(+YCpd6g7 zp-E%&=yf=B>^j{0@=wKde;+#+FX52~K8i;le+oO>+c@{s1?+6^c^0g(DCZ@dbqy4n zliGJk@x$^`aLMETgy@LtHl~q z0qU}21<$}-1-isPO8LQwqelnHrM6^B+GfGEhn*4>g*riX?K?W3L&7qaPQTHD8`2FH zY9+4zwr?TV7GZKtAJ8x<5D}_S8i_P0Rm?yx^aIk!uLFc@Ldj$dY}&*J)XG?2KF#MP z=Ccx2ZQ7ufxD3=lIqSy*99Rty2r@Wiu;50~83&GF1UTP6?z$!@rBD{0}CV4pmj*V1EK@e6hnyp*QGb(C;J5e4vbn1N3_# z0GJ^ZAy?`Q=4?Ee=_aWTLts$@friA_m@{%`@w)$s371b6#YNP$rRhwopNT@AQb0Hz z@-0HJZ9pU%yYAFm7RD2a&rH1aMUwf1xQ2Y`dxADdB=ivydyLNK!kMu)@*@0AAIdHX zL1b#5J&+(z#`qGetZK|=6{@m?wFV>>a5buOhJ*cGO!s$TO$BF4DFbIQMQfvuEygh`7nH!3q}h5HiM4JhiE$9b0rZ#JitZ^GC6%UH*PZd?*e zxO6#YLJzP}C(*7a3g`qcWQPUKw8(<0u-gE)v6Jw7K%L0yNQ`1H(99^3XDUIqIx^K* zCZ!N9FKXlyk#M7yq{fdHodrIW=qaQlUG;r}Z5XmC8Wo{du`P2p5(Pac$~L!ui#`R& z6|QN>>$*l=)lL6el{Ktwr{Tt0R8@_6RimnEn7RTv191ii`};V1{yZLh_)$FmB@YQ8;p=T zt+zKYz~1hLsO4rYzNk#sDl~zF+!v@7vY-}ByVOM~sH8uGItUak{{I%lL+Q_x#hafN z1WgN~BT9#N=>V^hye=?kY0)V)y4bq}i)zI}t+8tts_m-oTnC85QDGW~;83Q`Yp_VtmY8%^IXEB>^VmMkt)*FLW(PZ_m zah$YS(*aEdg$lU<+6uCaKCE+oTqEeqtrP!looBzYr*wN`Ku%U0FMz+)QiLgaAgx_} zhltuVij-KoEHYS;8cr|N)hR7IJ^a#kZCwMb)J$6N%)LcoeMt+YSLzN(SbPpzy##UV zS=%+0r)x425`-xRC?$I>&@owiCLV}OW>hWzM<{`4om|tfc9eEuaZh_!NoOA61HktQ zv0sSUBXXW1k`<}s#?&E*EUK#V*}=N-u|aKWzxSjrvA@5EC(b;L`yP4}A9?T*T)eV{ zd08d6h!2KYZ84kshTT7|pq?bp$k1e=vK+j$in=Os`O4F<_9%wJ$omT5EI6V_*jJRu zapCpfBJc~0YOi8)ITiGdQu^=bU1CDWo#BT?a{G!d6fyu~Gpogy(!GmLBCSYsPF))diUYB#(eqF; z-=XBW6d3Cl&Z-O_5%6z<0j-!O&IychsA?PVVFzZ{=srli39z_s1KWt~rF}se-9?O& z8bRS&@1koA0-7@~&#-)jx(Br*6r^h!-892>ttR;zCyfSK;?%ty*Z4f8FfJ|jGpXV) zT@02y%;31#)(c`4gEbSechq}$+fhQloZ%d(8JeID4847s)2mbQpiJa zq!f|}*VeT`S^8{IRu$^Xgwo2unF`bC0WMv-jQbvX6!$&+7#=@!4wKpZn&cU$pw>w4YiCz-Z9i5tdQc zD{8?&ZBdWZm>NV2B8iJC6NmE%SyD1sZ0glST$GeXtqVw$9JezIP^!C#ELztL?^;9( zO)$8yv)zX560=2J8_Z^N%w}`cbq#9`oHa1j9DBRlc<7PG@!|VFibtP3i>=)~RJHqW zIbdDO6bsL9U0al89RkE(!^{k=GiaTGIcxkp2ZJ$2OFfjrFy5xqODh5h!jx`W4qY&} zN=pGf=!D)d7>)4PU-fEeW;#P4I4h_sgHi``VkZ#optUzWM$mL{;-BK2SL?ODo~fWF zfj`>?8to3jg=a;s!6u)<7@>0$Q(Iki7OqIgTig1U+|?9Ri)i zS_c=Hv$1?~vFET3Rb68~FHx2yOkDx428)F=b6h%q0q_6NgZR+>596uxmr>Sr^L!|# zptJe!2SwaD#6&O-s7%OA61i&{tTdF?V5N{z2J1AkJV&o^n9hOPS|}}@Mm-LCWV#n*Tc;-m%dIV|bazc)ag$NE2cdME>NBxhpJ^_#Xr+ln?I`IW zE)lLI!@ z-x9Zs#eUYe0De{%)>^9!N@czmQ4A3crE+9hjXbNtmG9YXpvpU<#^F#``JkLP>V0H=a(RdB%d}j@NLzR{E-|fU3M(lH&kWfo znU~R)MT~aEor^2|RE{j~LuG~UMOZ-;pp=GnIePgFMX6e|29g9dO)s)gJ$QGR4-)ft z8B<;T%GZ2NyZ#`{^T(~V?^R4Ejdd{Afok~R2nbC^x7O_9?5z% z3RBF+fEe9Iyk%%4YYG-@`MX}a*DlQIEJ|6dwyv3HEcP!60iEbiH98~EGa@a7?uz5c zWs1W>Nf@+Fp20RJmOV}5oR}~~*{QW{Pak_Om%4pO(<3yTs07~ihut)=t+TC$+XmXW zsSQjppfIKe#6XcnPYd!)pvb|Q62?@3IP{A?vfdEZ0rS}$#0o{xYvrtH$%6=vBL=NL zBz1hJ)PF4oM|=u&a5QB9QWEP%rpx^_9jD}Jf6fdlwrm%0^EqK~^rpGyA_3d>v zdtkJFyt_cBnomou)E_v_ua4=~Scj@I0c%d`dnI7@^Ae7wR$~7c_!#Yj61iqj*Um*G zp+}%wo?UAz-5HZfXUN``6SUx|FV|pP-AQ~~YGDDA?JjkbE{m#3eUw7ZO~c*x87?h> zl3vJ{J&Crap=J0(9UTxm0eX!ic{Lka=M31GnQ9YF&M2P>kT17sHzIJ;=pC%rZjR3a~#bMb%6N0&neP< zz)5-4vI#l?9-R`=u7_g+bjB!quOzeM6J zzR2+C4C*NHbB!KNp|2iAdx$<`Q<^=J*>96Mk^yR?9*jys5I~+>nCBXKp`djELWRjR$CXKmX%%gK z&|Ny(kUjMlvHHhK7r*egzxO}mZ+_+9x~AUHN->Hef50A0-=rMB);5Bbc<4>b@N^nl zd+Kl_8h63`Ki|J4 z8UyQgP);pOoix)zttC>cc5D58Q>fLKl+;eVA#g@oh&=U&3R$M(JDXV4H2zQxvD7tX zk~IdlHh!4r+LFpT8|GWJe@%m?A_k4M)-z<;AX5&S4D5W0%a^w>*}V)?9Y8TK8ZBXY zZ4)bNn;49jk>x#TrJL(sDMFSpdQM?9>_aJ!JT*x$l3AUva!j&mj62?E0gg=?bV`QJ zZLm`yC}tQh4Y9H^M1P>6*g)J2gIR{&8NsZUg+7*&{!^U;t8deJ{|(Mm?km6MtDX_C z(XW2>EAfV(|3$+@Kc$&p>6F_v(PZ7a_I3+_lRJex6No4%5s30HhzfqMe({pPv3L1P z7HYKHPvf>%=bJeRoGfx^C?oBmOi6pPfW$5=T1kzMo4YAGv!lbgY7Qo~$bjFM7^mW{ zODjqA1#*oEGqqFdB=8)$w#0I-16eoD>g}mck4XnlWi!f(JL|(y*@_cWsH~CFTE{) zPF*9*v-iv<(_he{UM~Ti@NRVs)Sd(5BHtf^EZmkcNMe0X!NbY>UwPwaYUtvez?#z7 ziBh}$dXeFjz`Y4-CGHuyQ5}?mlJB6!u9#Y<6PL6lG5fGfAm@a3C{a`GI*PrftfB<+ z4XBHR@3Yo)iG5A)vS5%Aq^OZ1(w1TfJgB69NZuQF4`X3X8yvP_=6WAwxEjusfStos z``EgA7W2K!*x9}WQVOH-5WUd=y?zga;TXg53VOpOWJMpW{BBC67=vMf(b53@K@P=$ zH8Yg+1Ke=^I*LMLXEN^?4@Zx>rH0#Q;DRMTE18L2EB6d_e`Txw-A!GYP@B7;!-!=_3_^j11(AW+5^x607H)nX7tY*= z3+FFjG#DaR02dj0y#htAkKSN}{%{G!V2HfvLFo)i5qkX$YwJr`T3tdm@Q4*m1`bzwdyfx<4`EZ2&t;>((MgNBZ`B8C_ z$67Y71gK5B^u~!mtH5i?6qJq9M!#7}Sl}90j%en^AWjhoLEMHNS0G3*c=Oem>oQ>p zNyCN2;X6_5$%6km#ghu41^n1TG5SWJE*gkWQDE##mnJ zp?qSyS-RvBudBs|oPsYdQ#&A3pyqoe&|H`udbwb2Wq{Sy74-T8=)4Ek3M6&Xw|bDt z3W9kaS0MGP#QOW!Z+iX*cAtJ2U-1=Rg8$LCCO}^C`F{<+{L60yv-(+-?qyENSBm&u zAFZo4V8r(y*7^XknZLcXVrXXHn}i^VB(eB+5#{>~#Vy3wdA3qxfv!DdvsRb5*DL&nz#)ZaSkmVS+21{O6NN;CdokldFUD+gyA1`J);&abDV1( z$z62w2!ugv4eHu9_L(N?vR&J-haJKo_<&F-VaqwL?C!!=6D*B~IC|s=hQl1rd9yrb zK!519%FrT1^v+ol<6e*C>i1=I8zt@B6x9@l8cqYS}o zwwIr1XM>PjDnj*PLgHb&9QT5Y=|l$fLe?)7@O?Z!>~##oEvHMK$e47TyVeOLE}?dkkj2{z&4rl(q05qW2?wTa z+>z+G(Q*24sW2(oUlEzgF-SO|U(x8Sp?g>lz1E?j_Dyx`59K7CyGZL%XZ{jn7GxQt=oQF&J!Dyq zqR6ne*2m_dAx7h#w}7$^!Up6LH~Q2Mj0j3)xao$YC^ABA|NFrKEGj0us3a31<mg zj-}-hmX>{hXssH*Fp;W*_yJO%Ji>22bre^wd(O@HUwOMGK)&D$J{Q0GE5C}Zi%4rI%uVYuRAK!tCoz7j7Z$NK#`U zJhQ$dQeYqp$PsmiQn9Y@*ujKmR%zX_-;e!CEL}LR<4T&u*dwH(tY+o`KesT6Q9%4U z@7{ry))6S=kqBt5YYntr*SI+j$w-36!q%|HU^biK^3`oT_V|-{t@W|CHbAeRhYP|FCfQk# zv(2Em^`&ihCEj++NgP`5#*BO9I0LZ7pghD6OEC4-lnPAVGS`By)FJJ%vDNHtIG9Fc@XWOa^MQQp;d< zolzns=4q*Gpr2y~LeLQ*QX*~A$lQ?(oJSNj=D8Is`5Vbm?51N)1bzQ=_ z8Uh;(=m<)C1GP*m2n1Rav~nnNh2^CJ%PTz;h4PQV8dzd5>&Ax1ukYe!5KL%Spq;qx zC~m%C6Hi@uGL*8?Ra16MGuoxXadDALs6<*b`hy%R%R_7)I)uS!9GpzTG{yQ$L!3>_ z?l6JK4(MYPAOP^nSHB9s^2Rsf!kNc^WAoUF*J?)!5rVz`666 z@YoYi;OyCR*xTFpQ}7U&in+0Cr3FL3$;`VE`c(uLtaRu>G_u^IQ)OkK6rkCl-(w7i zIkJr5#Amn&nL07B)~|f?tJ@k^^9Gh@Vhl%1_>>pjfVaK-Nue}k zEQE-V=Zx_v$HvAImRDDi=Y>BPVO_Y`+P{l|i1z}v4p(P&zR&zI3=jZ#<*QzW-}sH+ z#+9=V|K@1*=+_Y8$3b!%1%!gF*9kjGjJg7NYr`*W9D!|s^0te-S%7J22KH#@5tXZo~-Y zeXhNMi3D{mn3q+cp|nkb$}(g{4|%RIo0VV^D7MhrK`Fo6(fg4Z*sy}ZITfb)24oZO zmWEp6dq<^ne9DXO#?ha7H_l#~fw{}D7Q!>CNGX|(Q9#+oqa2$n0~|iQj`7kmvOM>% zktqRD5Ldz4Dp2p^Yk~Xkd+ONk9VgCzYy$)UKJW8B2fy|!zk=PZ%YQIhTKQ@KKWMFe z84>yQATdZnHgRD~Q&O6uSw3LfflxCT;x>a~)*NG}?+NS9RTOT-S(k+I}P=PrkRXew&pwn9ob>?H}Om zxr;dS)YEwS>8G)`w+mC7CL^i{Wk*ekNVk5McKGIfW__?!wQH&3!E0Bk40+K*ua{wG z$CrJYee++}HFRA!#@TFr=3t}Xm^}(f3?g@piA1F8+<4>l_{^7{#()0h`&+t@_&xTi zHbc7qY5EjRguy^#ZKaPRn`3NjtYa`7f{Eaqfi;!a-#Bj{BvM0Ml|U#@9g$GCKvV1LJNa1*J;Qk@s4fn zGh1eE)0+UHEaPs&j+QDP7miZ854$7B1+?NOIO2BGxJ$dUOCliSnc8X#t_GkZ(?P29a*M*bz(|b!+|nv z{I*sxVTOd6vHbpnc>w@_F#!SqFMsh}0DxclrC+?L^WwWrRlSXfzJmxavDPXf@q0ap zeKrXYrzAJ2qys)#5O*#5U!{DV&Qh4JLpi7W9S8~ek6KkoBI0TmvLIFBrIZoZ1X)WB zNeGY)#UyF!aqV6We_$g^H~Q9E%w}_3xw?&W=g#BFC!fN_ix;uKzu#y?XdzRe^`z)5 zQtc2mrbbxQ z&QfH-rc}Cac9728LKZ0QjcZcUW29{0R=VgX*#sA|pPyNny24~K!_}>AoIQ6Ak3IGT zE?v5W`F!rz5;uKU*E=!gjHQNjSn%-bXq1yA7Dp!>hJwu84BYZu`9T|NEH4{O4-W95 z_dNz@4RY#@TAT$3bE8}|*8_KM(-w$EEL*w5SPB{^wH(0@!yz*uE(0ym|=0CpD zXnb;Rhr-^>t$j&)Ipfe;ffJh}oW5=i*IjoQt7~iM^$WkhqgftWhl|4phzsRaZRk%9 zX1$BOy#C)4AOP^!KIgLm0KfXiU%JA1{!i<&d@EV^4Z`lT$+LHtePNP5J1y{Gi2(1{-@bArEZZ}kcxVE(|LNf_7YQT z9p>{ncJ~hO)Y)@5`}8@SJ$DY<+uNwhGAIVAog1Xk=i;1<+UMh$j3GO}wj{!;gj$|w zjKQFf!LY!1slaHQqbR(2f@=BFc9ZaI%7nv<6k|ryi-1S_2&P50n*G%v>SN` z001THNkl1YroIJILURGjOW|&SGd9FMxuT|G$m?^i5<=~`V~U1#swv!F450!(}LMqgD`uM8`{ufJTqhtn))^3MOB49W=H&+of}q>Gev zXFky)tHT~O9Hd>_z$Mnbbz{ToOacs<`YePIF;4+TiAgNADcrPX+WmMG7TOI6fSmNA z?RT{W2wY+9-Z|Wy;Pc_P1Gt%GE9p0k2ZVNwLXQ)S&6;MUeDhS%=Jwi!hI8MD_Oi z>o^u?Z@EyI{I6w!hNy5daPZj~A_(NN*Vb35mQKv(TGFe>GoWe;BvJ~5T`*5UH3f-bYe^GIFZn=d3w^cXX2im6QM=MhHCDl{g%DB>ssGw@M99RdHM=m}%ZKB!`BZcM!%3h~+di>qh6 z5G|FlK=R@{;Vq}GO#-ZT;iE17BKg%c*xM@RvovUi>^||ZEp&c2$IZ%o5Fyogvsj>iP&-aF&99d#l6 z_HASjg1)#vni#>-1oxbkOn0@ld;>fEjLYDLxW-sirm9L~He%3#1X}RduTZ^W1K3=# z>}B5+7z_RV%{puxp7xgfeStFlhtGY}@zZ}c9lEcCJ5qJK=TcrC2+iUrv9`H#mE6d$%$gk`>93dNwAnMsD{L*Q2$ghv5=i`5f&}c?wiXC zL~pMCTocBT2#5WPHyjFO|Z5xvr}C-K`+(3deLhYUaEg(M@&$HOOAEAbTI;vbzDoIk89lhOkElD zwZzx`V%*RWw8}d?yULdaDvefgruOpN%xj5Upo;Bb8Vi}e> z2s(SKaLq&3)JSf6rfk@luVb;liic#-nC%*N_A%X)A|2d6Hbh}dtT%+MY%sJ^>fv}( z<%i-8Or0&03qCd{1-mZ&&WGufs_U7z_ok3-b$a(YMO|_{YCAM;a7J0m779P^C5k&Go8me6GkPye6e(IlV21S7yb9GxoA(c?!QS^OR<8|Otw7&< zeBV$0hxqTfBCf*hpIM#FGqxv)^-6MDv=>Ly7RWPqh$R?^>7WzsAB?$ts@&?_na+oz zQT^I~IDoPXKr|@0B-;$#2l57Uwk~4(JU`>Z>Gzd{*JvXTm`ve8fqL-R26^7O+i5{ZHwLWmSlq-^k-+QDw z^IP}FfLju~f!^@JY(F@_9kQx!4J{l_V<)yzXzZ<|nK;y}E3Dn{f^NX8JkyIB`d7Sh z5WVLUEhP2KhtrQ5GfuA{7!F2;5EN8OO~z^;7EUu^bB3bnkX z96Dqu`+5G(W8DS!Zs~?zYudmiGCAcV8dQHp?fkBTjESA&60etvYoc|n{670Oy!jMF z#OkXsb#5dR`1-N-a!)S*`?_n(gLK1>jI*BqMNI4n4vJEqqc`vj3;3x@OC*LWApwe+ zK$d-|mR_6O>786t30H%czFpz84mCB<9ES3@aZM~1MP>!;Kg{70HFsiu0_2#`%|GW; zQxl!dWQSM#@h)vIx7n(H+g*~~#eq`bp;8Vsfy;PuKWOo1NK zi7ADalhe63zBUXDl!V?eE|R0_Nuoz%yL|sw*2>Yr%aUxBVYNaHpfBt|xl0n+AkaQN zpkL0cksyjhNWx}|4NT#^HVx{2xR$@%gU}CD^)woX@B7?ui1q3`h$N(b%70Jl8)h zpbPUDXymdfwP74T1h|nCs4@K7{XT{-JXPI#Fg(2tNc_Bfv(-AY_1x$Hb>L=lTxdcF z<4Kk`Kh=kBKHut*Jg5X7tU)kx_Z2fD6%FK!)cdSv#A_R7cBT+1qKlrf2dfYnm$8X>~WaDOU*3f5s_`#Gyq4_upzd^O0Col2r|PxioO_Bv4rLB}F?I`bKzI9O(?0p*sk( zc^=0PCMdvd z0Npe{j|Uwi!eg>Dpyj5-Nm>7hZ^FTP)6y=|KMz?Q2V^1od+GfPWX4+O-V}rt7A1I~ zb|E8%4xUv-7LCFXq$_4K)P=${>+*wEV{2++K3Tm0g-TX)b?>1}yfyqvhWlF#saX-$ zSDGkhH5{DeF$mN4-NMx|T!XI?NTD?UiM0N+$;iswiWI)`uu9q;+$xXI85j6s5f+k2vW(_anOi{0o!)brAhPd*85Pj=!&U-OmsjQr?R%(omBkV; zBulPy8$2t_HwF4udIY!Y!T z;5DFCc9q=I8&r^Spfv8z)csTQ)%hq=N}yq0pMd-r-gXmq#E{I^t3eS_WZ47NszKwy~L zXyIgE8LZ1yq6N(;R)B(a?Ps zUcH*1d7<9RvW(`z<=w|o`xZ%71)%k~3BACo%TRoemHe@vnW(Bwo6UT3~bgTwy?dBK*2zop_6aGVi&gY0bL#r=Ijd% zy)tpwSq$cEnZ6R@jPKYEv};H@@EY7^E}36%)ZWKi4PSVEmSy%k_-&P2=PGLku0I{~ zJC3(IK+9xPwfu|NsK9_dM9HWSV`nHBO4LV+^T%xIN2*$rn(Nu8PX!bl*{`PQ4lPfK zr6*O_!?emHO1ckMdqo^lo^#0Bcpqnpr~NmI$+VWVRLr60*v%{$^10zu!9)^|f080U z@z-eCWwL!@H1OSF*z|p*>^LN;?#Ybnz&bQ?{X}DfFZvG}8WmR8N-|M0av-jX)nv98 zJSTF6C=kM)tH~A%KZ?SU34IB^e`NP`sIAL@Y=o2J-m6#Lr=#o6XKaTP?8SNa=?;@B zyi(7RXzN?F=M4vzm`ogy>T_Nl6-)^kw2cl^6S~}?3OiNUuc>nl%8{coX>}8`85vIW6Mg(#GnyRPM z!RMK~axwZiy=^~n)@IW6#j28kl_jnu0}IG1p0N`uJN1U*n|<^KgD)b(uLjJvdaod& z8qO}?cWD`kg(2%Ky$O6Y3k&#lw<@^%N-N^!+}(BY&j$X-$WEiw_&eMA_yy_2ff_dC z6rcASf-v&w(a|$DOG>uVS^XQ`7AxjVp&eEpQp4_1&&v_Pa^61et9ms8+1mxG+c- z>3THHAM#zl3y_JPpiG3cvDBtJn1cA@o)&>)&Opn;M-I$u1&TQ=Id%?7f_QEYW^#+~ z3x0=Yb>1wlAVhJ5CO~*4CXMsF$u9r<#5P5reBYLJ-9fLo)xSOHc;7?Vul2x1Ho|_Z z7;)aU0oz@ty}E(c!;Aj0XDD!t33CCx)ifLh1-V(1mYkR+gO!s7-*($yI)W;)SW7OT z6-w{3Z9m0FQR!d&QEg?Cr&;u!74V5hH+eMs?O&pRv#6VQ?%Fra@;6U`Y}0YBvN5FH zW1KH~V2Po0vehm3@p=-NfkpI$aOJ@fb$pHvRX%kq1vvF36}?6@)ZW98!2N6wcwkYU z**xDufj$FJ6R%jpU`R4Z6~~jN7ehll0Ua=T%z#F^ijKvKyol8l_5fP`VNFsj?1mv{ zMVJzewQm~dtomKHj}ZAgvj{X5f!ZxUNVtYpzNA8CQi7KvpZP&pke->$T7iaezW_?( zWey`RRZ!&#XWte(UZ5%T?gYH}urLy(DWfS7fQ2uyr60a=lw+V-;uDBKVM<02G8IhI z3H-bkIC5da`yMj=@PXO7YH)L(+gI;)wBkAYa{k0cUYB*c$lAl~zq%HMcf*`=^GR#z zUJN0OU6beIyfUd3j_bbu=G}jLlLktBHoT@R6+qyoYuY3j-WYSd%8;T(u7hw1Na}h` z{p$2^N0EuR+$iNkI%A|^x6RY7SFoe%|Jsb{%lw_H` z?5U^Q3C5mHnmIQ0dSV^bGw;wh`dr*&@;^qFHyWsYqYlF8mqy)Y-rbA*L>h2Pbuu>8 z6=-5d&`gNTH3Ub+!mVS7siQlZe*=wzI|$>${X$B*MfqJk430iwLZreoL&6=M?gi)e zwp-P$PRRLY`tOR+t!?M!+rv7P2yuwfI#j!7eIxflCeh`TiG>~N6t`m&T5?s>{I_C} z)`w}C+^Az5#?bW7K|om~uvyJ=j)_opLi|vAr9uyad6@-m7zwimV+`JS@b;37ik_IH zxX&jyvtop5+TA&hbm=H1ywXNk?0NXul5;CWYTy%%Ds#Bnv<;?-#FQ3O0g*aK>fQ-$T5z|*oU-m>Y#kC9#TBL+lDj%CM9a$LV#@ky)9-LS@dLTkT*yW?=`voEt7;yn% zQ?eS|Dw=4DcH5QFTqKx0XJ_JK;xefDL;7N|LVK10K0h*Y4y)VlH^A9b^?2mD?QcIW z&6+!~+xYImzecfPyYvunBt#n1#s7&U9e1z+^-s-zF0B%()Dg+%X2`GPO)^b|4pPvK zynFn0I%;Hx*D_(|k%;=;kZ3(K;4cw@1B!Gt|WuS zRK=Bif$D#*6#4Iqr!RAYmb3Y@QUy0W6yFc1p3?F;%9Xn!r_}+UsuC;IOk=F?WeJLWo6sDxO zX$Jkwb6aFZnHvxp&%thwsAjfIO*>g_!}f|Vu?GMKJ-IG%*CV_3NsN;9H{L;PYE3vc-`wS%E9?J%EZrU zkM5lI1{w{@;btjEjM1BT6lfA5D luP9#Pj@qhZotbDd}t${OeVo zjj)&Q*K)YMqtAeb`Ntm5lLb>BY$}AGNTvg)g%0w=Wj9WQ^FpD13=0^zGi$V7Ba(eS zDh9^5l4zDpV^7dtiJw`o13T_mtk#^7Y0*(6(BVyIH)7NxwvWb9stNue%g~aCDCa$@ zno5tfRL1dW;P2N>M~DqvB#KVaqIOAWDX`@bD3k&rCl84`x^{T}V5$J2BB}x;6nZ^dpHW(Z~U^-1>MeK4~!}*BmU^b_eyYzTDa*c-)cc7 zRB#D8GGr8I;M>hTUqZZ)tO+eYTwY!7!H##>9*}~g=Z;d16IdE?S@2ub6Fb&&6uT9z z8$aTaL}3j86FtYb)s@-c$NH?smA>gw${u4$aKt%t%j{EtB~+6p{6o#JRPQHGPly5t zE&CEn*Wfn%4-H%Hjv7%V-T^(KDc7k%kV7mH%M0373IsFj5cw%_%_7%oqb1FefpI(- z+p5~!9XAAuQX*^dRGAGMu!VDK#mw2O9AoX9;URuvY*A#)-amixFN_+`%=L8{9!4%R zWJiG2fcz6*HLY^^`&B|dE__`__NP2LT{@$TIa!%{?K64! zA6kuR$r(eo! zdjsez0YYc2t6iUgGOi*ge$oa0PXD~uTB!z^8FtOsktf|Bb_6QVU?|8P*8=|aQO&^aXt=5=k6hQT z0trHBnS%QFvcyIhueyX<$<7~CMD}oPydD|SvjF;AerG^Pu7d$bL8a~~lft=z^(9|pk9v-O^h~jQodu=I{`BGhqPrK4sXroqFcsx4T-;;3GS9-x) z1RaS&6$PYhC!&1u`qFu6qd~H3v+2z^H7{=2Cn@AOZP|N3kf-$p#pumtX<|$D#~P!Y zg=$|nsX3Obdyk+y;~lxfIL#KXWMf!HFLM*U{DdVk0!3|C0D4`4h#?&5s7Um;h=>d5 zP+*}IVT2_*cT*Sv1680<(f99EFoOz|nwQ`omtdz?syM;M$chS+nD7+BLMJqmMqBvR z9{LBNE~y~>p@bAN=(J=+T=f|?@l0-+;3D8?M-Wq&6y*m_$U8~RTH8Sh`nH0wD~;jl z+sE-%&>$6U_Z^-k9+`c`(}Ns^Y&iziX6A^E!vcpdN0%)pBKo=w?b)Aa~Js_j{)Xmsy$dTzX9n1qY2;_|&7|V$H7(%?qbYP0e4^ z?O0WQpk@pOQ6yLp4weP}`6k`;@1=g=OFOd0Y}ME<16z#iT+D2Nqa>QzQ!rIsZa86p z(^**V^7?ad^|lO`E*}wj>ErrK>a@7s8}I95A96?b2lf(^JyZ>{!b`9b+F!0={wDA7nYV~-t1uzNzEUR*jCjdr%Gi#u>_Tia#x<;3evo9RlYyhx z%@?Iy1C9o;-X571YWr0^)sHi4s@Wht95v8nlDCFgX&L`UXoa#mFd7D#e72`Z6Mg)-1}sA!)g z`z`u*ATwdD%1UnX3>hXzd-MvAgYPi>m4SdOjnS*$!zQx8dwbr3{IuKTz1`-*1?9mH zr0bwgxQ=HQ&&!Krm!cx7o5z!c1c5If(FIdZ>qg|@yBD3`Ve)IGIDBj#pZqj zPloe96Au>4N_6kn6<<}HRafcI1<}gS@XJ`o)xbW#GA>B^`Ineq`D!S`*8HN3rxt@m zPB6_uD+%7$K4QxLxPx87!By)E)3wegyhP-FdA>kxV%{j9i|0ERfPuW@MX19&RL5w$ z?O#JIDtiK|Y)x*DO#2H#-;SM5cF6asqFo+mY-1y0ohj@glugjjq6cx!=Z&%7CI~2) zP}8p^Dy7SREYtiMhA8>cq-}A~xnr=bDU`tK>+mwa+DIQhi5*a|%^z9kU$=)c2$k10 z3SUieIkcP$dUg?ev-qn&y!ASW#-R7w`T3Ci_U1HjVO)MCU&gZoi86JH3D>1)27Vc- zWLD>Mwb3EgvPc-v)um@M%mz@R-*t1tAjp1WZ1(99Q15@8pw`Z?=OYz53#u;&F`9-J z_Zk7sQO(g)1bfAf>5jZ&Vm%{M)lZMwUR$14wVt%;U-|Oi8oVC}jm0nqT>RLX_e5`f zma7p&au4ryXO=m5Wch_6gl_!zY;RohQ5pfyhLFo*nIESR#l{A^%ok-kg8B!E?KS^} zJJY!TJIQ7dN$2oPLWx5Kwn+#SZFbursatGIOmWHyfjt{9~??KZ2Q-M%Z(jR(XgKj1e6PdD4G0>hshb`^|Va>68@uu*F6Ik zC0QORrbv`TN?!C&fi0#WR3a=85m#1$kSgVKqM(@C2O{DVS;Txm8pGP<)HS-%2SmUj zrxfZ>j&R2dr?D;q2Q7Lck9OdhP47EWjSu2-bx=0K?v6k7A{1q7vw)Swb9N(J$@lV1 z0=keZPaF<85E8W8R9KHZUMkGOjbV^E0?oSJUMkaV!Y$`fbM zWl81)K7?2hX^Ttyiw8(Q3pK$K{IQ?I+ViVZWk2|(=N{VhL+@(fn7)<`OTwuoPn(Z_*Dw%^S(aO9)E9iWQ9XWl2 z*O=!RbSpII*UIt>e6bz#y%yNS?zku=$QWBmKrucHS?ou}ACa>QVC-(rTDl5Ka-^LB zLY#qE%0UC-fh}YbMlj{wfg@y?2Q8h~LjmshlY&I#9|6W995HuGd2b~d$|MPl{{HUl!_7fSYZ=zdYb785>Yy9ed%)8mJE2Z zCvLyY{bm9}51b77IZfd(tl%0L*o}S=4PXJZMXba_DL`!wpK=0nR(_nGs&D%I`ze38 zE-q1!)W)WU8z3&`r;i~F{QC9YIEiR)(uuN{X&BeM_V~sxwL+<7seAvR-eJt+_|;*# zYli1}#9kEu0EoLv>bROY*x6awy8@)FZ7s-M9Ne7EEcnQ+TwNVq_*hvzJUm$JOq{J9 zJgjZ3Ss+l>|6qJ-7Ut?!7PhvE@?aK6drP{xBX@{7>i^7{o48u=nK@fPE&vWTb{=Ln z4rUIJ20NIK4aCO{VrJv!V`DodzIFV+I@mdwTYvTX|98k1RhWQukowPqi^Eq}4-;n# zfUKQ~rG=u2rL~z2If#Xag@c)g9O4q<1H{Y@B3Fg9|Kj*RVOal%hBOG8#lhLq8?!3{ zVv*oKiyBsLcBXuM5)Ni=|D}SDPXz*X0kD^Tw6j7mpZ*8tfBWR)v$C+Zv~mTob8&zj z;OevgA4C5Kq-|~PY6V~if!I=ay^#MOLyFdR7Oq~77J&bKU#yTU3fE~VK|uKb!<(W8 z1O@Q|2D5Xsaj}EILZ)&M2+se2s9SqO5G-I0E=4gh9aZH2o-06BQc2>sm~qhm0(6lU A(EtDd literal 0 HcmV?d00001 diff --git a/prepare-vms/settings/orchestration.yaml b/prepare-vms/settings/orchestration.yaml index 844306f5..5751704e 100644 --- a/prepare-vms/settings/orchestration.yaml +++ b/prepare-vms/settings/orchestration.yaml @@ -27,7 +27,7 @@ footer: > url: http://container.training/ -engine_version: test.docker.com +engine_version: get.docker.com compose_version: 1.13.0 machine_version: 0.11.0 swarm_version: latest