From 38b332ae2aaa07fa0eeb5708f4ea51e7818f3a79 Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Wed, 6 Jul 2016 14:35:38 +0200 Subject: [PATCH 01/34] library/roles/python-env: Simple role to manage the pip and deb pkgs python modules installation. --- python-env/defaults/main.yml | 11 +++++++++++ python-env/tasks/main.yml | 21 +++++++++++++++++++++ 2 files changed, 32 insertions(+) create mode 100644 python-env/defaults/main.yml create mode 100644 python-env/tasks/main.yml diff --git a/python-env/defaults/main.yml b/python-env/defaults/main.yml new file mode 100644 index 00000000..e45d9765 --- /dev/null +++ b/python-env/defaults/main.yml @@ -0,0 +1,11 @@ +--- +py_env_pkgs_state: installed +py_env_site: False +py_env_basic_pkgs: + - python-pip + +py_env_dpkg: + +py_pip_deps: + +py_env_pip_pkgs: diff --git a/python-env/tasks/main.yml b/python-env/tasks/main.yml new file mode 100644 index 00000000..c71f7311 --- /dev/null +++ b/python-env/tasks/main.yml @@ -0,0 +1,21 @@ +--- +- name: Install python pip + apt: name={{ item }} state={{ py_env_pkgs_state }} + with_items: py_env_basic_pkgs + tags: [ "python", "py_env" ] + +- name: Install python deb packages + apt: name={{ item }} state={{ py_env_pkgs_state }} + with_items: '{{ py_env_dpkg | default([]) }}' + tags: [ "python", "py_env" ] + +- name: Install deb packages needed to compile the pip modules + apt: name={{ item }} state={{ py_env_pkgs_state }} + with_items: '{{ py_pip_deps | default([]) }}' + tags: [ "python", "py_env" ] + +- name: Install a list of pip packages + pip: name={{ item }} virtualenv={{ py_env_env_base_dir }} + with_items: '{{ py_env_pip_pkgs | default ()[] }}' + tags: [ "python", "py_env" ] + From dd968c63647c11071a7cba221eb2b2902db08434 Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Wed, 6 Jul 2016 14:44:04 +0200 Subject: [PATCH 02/34] library/roles/python-env/tasks/main.yml: Update the apt cache if needed. --- python-env/tasks/main.yml | 31 +++++++++++++++---------------- 1 file changed, 15 insertions(+), 16 deletions(-) diff --git a/python-env/tasks/main.yml b/python-env/tasks/main.yml index c71f7311..b60495dd 100644 --- a/python-env/tasks/main.yml +++ b/python-env/tasks/main.yml @@ -1,21 +1,20 @@ --- -- name: Install python pip - apt: name={{ item }} state={{ py_env_pkgs_state }} - with_items: py_env_basic_pkgs - tags: [ "python", "py_env" ] +- block: + + - name: Install python pip + apt: name={{ item }} state={{ py_env_pkgs_state }} update_cache=yes + with_items: '{{ py_env_basic_pkgs }}' -- name: Install python deb packages - apt: name={{ item }} state={{ py_env_pkgs_state }} - with_items: '{{ py_env_dpkg | default([]) }}' - tags: [ "python", "py_env" ] + - name: Install python deb packages + apt: name={{ item }} state={{ py_env_pkgs_state }} update_cache=yes cache_valid_time=600 + with_items: '{{ py_env_dpkg | default([]) }}' -- name: Install deb packages needed to compile the pip modules - apt: name={{ item }} state={{ py_env_pkgs_state }} - with_items: '{{ py_pip_deps | default([]) }}' - tags: [ "python", "py_env" ] + - name: Install deb packages needed to compile the pip modules + apt: name={{ item }} state={{ py_env_pkgs_state }} update_cache=yes cache_valid_time=600 + with_items: '{{ py_pip_deps | default([]) }}' -- name: Install a list of pip packages - pip: name={{ item }} virtualenv={{ py_env_env_base_dir }} - with_items: '{{ py_env_pip_pkgs | default ()[] }}' - tags: [ "python", "py_env" ] + - name: Install a list of pip packages + pip: name={{ item }} virtualenv={{ py_env_env_base_dir }} + with_items: '{{ py_env_pip_pkgs | default ()[] }}' + tags: [ "python", "py_env" ] From 2b8340c81e525ccbd571498b9b0112a39dde1af4 Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Wed, 6 Jul 2016 14:44:28 +0200 Subject: [PATCH 03/34] library/roles/python-env/tasks/main.yml: Update the apt cache if needed. --- python-env/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/python-env/tasks/main.yml b/python-env/tasks/main.yml index b60495dd..d2c800c5 100644 --- a/python-env/tasks/main.yml +++ b/python-env/tasks/main.yml @@ -2,7 +2,7 @@ - block: - name: Install python pip - apt: name={{ item }} state={{ py_env_pkgs_state }} update_cache=yes + apt: name={{ item }} state={{ py_env_pkgs_state }} update_cache=yes cache_valid_time=600 with_items: '{{ py_env_basic_pkgs }}' - name: Install python deb packages From 08ca0889168fde80c357854ebb3c672054ef08b4 Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Wed, 6 Jul 2016 15:12:15 +0200 Subject: [PATCH 04/34] library/roles/python-env: Fix the variables handling --- python-env/defaults/main.yml | 3 +++ python-env/tasks/main.yml | 4 ++-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/python-env/defaults/main.yml b/python-env/defaults/main.yml index e45d9765..d741e79c 100644 --- a/python-env/defaults/main.yml +++ b/python-env/defaults/main.yml @@ -5,7 +5,10 @@ py_env_basic_pkgs: - python-pip py_env_dpkg: + - py_pip_deps: + - py_env_pip_pkgs: + - diff --git a/python-env/tasks/main.yml b/python-env/tasks/main.yml index d2c800c5..8efe3e2d 100644 --- a/python-env/tasks/main.yml +++ b/python-env/tasks/main.yml @@ -14,7 +14,7 @@ with_items: '{{ py_pip_deps | default([]) }}' - name: Install a list of pip packages - pip: name={{ item }} virtualenv={{ py_env_env_base_dir }} - with_items: '{{ py_env_pip_pkgs | default ()[] }}' + pip: name={{ item }} + with_items: '{{ py_env_pip_pkgs | default ([]) }}' tags: [ "python", "py_env" ] From 41b8687fee0db683f9614400b1d9008f8ec17cca Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Wed, 6 Jul 2016 15:19:03 +0200 Subject: [PATCH 05/34] library/roles/python-virtualenv: Ansible 2 compatibility. --- python-virtualenv/defaults/main.yml | 10 ++--- python-virtualenv/tasks/main.yml | 60 +++++++++++++---------------- 2 files changed, 32 insertions(+), 38 deletions(-) diff --git a/python-virtualenv/defaults/main.yml b/python-virtualenv/defaults/main.yml index 0f7833d9..e7576240 100644 --- a/python-virtualenv/defaults/main.yml +++ b/python-virtualenv/defaults/main.yml @@ -5,10 +5,10 @@ py_virtenv_pkgs: - python-pip - python-virtualenv -# py_virtenv_pip_pkgs: -# - pip_pkg_foo -# - pip_pkg_bar +py_virtenv_pip_pkgs: + - # py_virtenv_pip_requirements: "/tmp/foo/requirements.txt" - -py_virtenv_env_base_dir: "/tmp/foo" +# +# py_virtenv_env_base_dir: "/tmp/foo" +py_virtenv_env_base_dir: diff --git a/python-virtualenv/tasks/main.yml b/python-virtualenv/tasks/main.yml index efc6bbad..2474b170 100644 --- a/python-virtualenv/tasks/main.yml +++ b/python-virtualenv/tasks/main.yml @@ -1,40 +1,34 @@ --- -- name: Install the python virtualenv packages - apt: name={{ item }} state={{ py_virtenv_pkgs_state }} - with_items: py_virtenv_pkgs - tags: [ "python", "py_virtenv" ] +- block: + + - name: Install the python virtualenv packages + apt: name={{ item }} state={{ py_virtenv_pkgs_state }} + with_items: '{{ py_virtenv_pkgs }}' -- name: Create the virtenv environments. - command: virtualenv {{ py_virtenv_env_base_dir }} - tags: [ "python", "py_virtenv" ] + - name: Create the virtenv environments. + command: virtualenv {{ py_virtenv_env_base_dir }} + when: '{{ py_virtenv_env_base_dir }} != ""' -- name: Install a list of pip packages inside the virtualenv, inherit the global site-packages - pip: name={{ item }} virtualenv={{ py_virtenv_env_base_dir }} virtualenv_site_packages=yes - with_items: py_virtenv_pip_pkgs - when: - - py_virtenv_pip_pkgs is defined - - py_virtenv_site - tags: [ "python", "py_virtenv" ] + - name: Install a list of pip packages inside the virtualenv, inherit the global site-packages + pip: name={{ item }} virtualenv={{ py_virtenv_env_base_dir }} virtualenv_site_packages=yes + with_items: '{{ py_virtenv_pip_pkgs | default ([]) }}' + when: py_virtenv_site -- name: Install a list of pip packages inside the virtualenv - pip: name={{ item }} virtualenv={{ py_virtenv_env_base_dir }} - with_items: py_virtenv_pip_pkgs - when: - - py_virtenv_pip_pkgs is defined - - not py_virtenv_site - tags: [ "python", "py_virtenv" ] + - name: Install a list of pip packages inside the virtualenv + pip: name={{ item }} virtualenv={{ py_virtenv_env_base_dir }} + with_items: '{{ py_virtenv_pip_pkgs | default ([]) }}' + when: not py_virtenv_site -- name: Install a list of pip packages inside the virtualenv from a requirements.txt file, inherit the global site-packages - pip: requirements={{ py_virtenv_pip_requirements }} virtualenv={{ py_virtenv_env_base_dir }} virtualenv_site_packages=yes - when: - - py_virtenv_pip_requirements is defined - - py_virtenv_site - tags: [ "python", "py_virtenv" ] + - name: Install a list of pip packages inside the virtualenv from a requirements.txt file, inherit the global site-packages + pip: requirements={{ py_virtenv_pip_requirements }} virtualenv={{ py_virtenv_env_base_dir }} virtualenv_site_packages=yes + when: + - py_virtenv_pip_requirements is defined + - py_virtenv_site -- name: Install a list of pip packages inside the virtualenv from a requirements.txt file - pip: requirements={{ py_virtenv_pip_requirements }} virtualenv={{ py_virtenv_env_base_dir }} - when: - - py_virtenv_pip_requirements is defined - - not py_virtenv_site - tags: [ "python", "py_virtenv" ] + - name: Install a list of pip packages inside the virtualenv from a requirements.txt file + pip: requirements={{ py_virtenv_pip_requirements }} virtualenv={{ py_virtenv_env_base_dir }} + when: + - py_virtenv_pip_requirements is defined + - not py_virtenv_site + tags: [ "python", "py_virtenv" ] From 4a90dfd9b086c78d53f7b66f37e74ff5604c594a Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Wed, 6 Jul 2016 15:30:08 +0200 Subject: [PATCH 06/34] library/roles/R/tasks/r-installation.yml: Add a tag for the R repository key. --- R/tasks/r-installation.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/R/tasks/r-installation.yml b/R/tasks/r-installation.yml index b7cc76a4..c46dbf5b 100644 --- a/R/tasks/r-installation.yml +++ b/R/tasks/r-installation.yml @@ -1,7 +1,7 @@ --- - name: Manage the cran repository key apt_key: id=E084DAB9 keyserver=keyserver.ubuntu.com state={{ r_install_cran_repo }} - tags: [ 'r_software', 'r_repo' ] + tags: [ 'r_software', 'r_repo', 'r_repo_key' ] - name: Manage the cran repository definition apt_repository: repo='deb http://cran.rstudio.com/bin/linux/ubuntu {{ ansible_distribution_release }}/' state={{ r_install_cran_repo }} update_cache=yes From 3376bc30311f15d8c3bea880d0459304c81f59de Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Thu, 7 Jul 2016 11:20:37 +0200 Subject: [PATCH 07/34] library/roles/R/tasks/r-installation.yml: add a new tag. --- R/tasks/r-installation.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/R/tasks/r-installation.yml b/R/tasks/r-installation.yml index c46dbf5b..f7fef965 100644 --- a/R/tasks/r-installation.yml +++ b/R/tasks/r-installation.yml @@ -41,7 +41,7 @@ apt: pkg={{ item }} state={{ r_packages_state }} update_cache=yes force=yes with_items: '{{ r_distribution_required_packages | default([]) }}' when: r_needs_additional_distro_pkgs - tags: [ 'r_software', 'r_pkg' ] + tags: [ 'r_software', 'r_pkg', 'r_deps' ] - name: Ensure that the R packages sources directory exists file: dest={{ r_source_plugins_dest_dir }} state=directory owner=root group=root From 965d6bf6aede830a1b714598f6d3ddd0f2fd1705 Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Thu, 7 Jul 2016 17:39:27 +0200 Subject: [PATCH 08/34] library/roles/ubuntu-deb-general/defaults/main.yml: Install xmlstarlet. library/roles/smartgears: Change the default versions to the new production ones. library/roles/smartgears/smartgears/tasks/smartgears-app.yml: Task that sets the loglevel. The default is WARN. --- smartgears/generic_worker/defaults/main.yml | 4 +--- smartgears/smart_executor/defaults/main.yml | 4 +--- smartgears/smartgears/defaults/main.yml | 6 +++--- smartgears/smartgears/tasks/smartgears-app.yml | 8 ++++++++ ubuntu-deb-general/defaults/main.yml | 1 + 5 files changed, 14 insertions(+), 9 deletions(-) diff --git a/smartgears/generic_worker/defaults/main.yml b/smartgears/generic_worker/defaults/main.yml index 757ee673..11952b74 100644 --- a/smartgears/generic_worker/defaults/main.yml +++ b/smartgears/generic_worker/defaults/main.yml @@ -1,9 +1,7 @@ --- generic_worker_install: False -#smart_generic_worker_plugin_ver: 1.0.1-3.9.0 -#smart_generic_worker_plugin_ver: 1.0.2-3.10.1 -smart_generic_worker_plugin_ver: 1.0.3-3.11.0-128830 +smart_generic_worker_plugin_ver: 1.0.3-4.0.0-128830 smart_generic_worker_plugin_name: 'smart-generic-worker-{{ smart_generic_worker_plugin_ver }}-jar-with-dependencies.jar' smart_generic_worker_plugin_url: 'http://maven.research-infrastructures.eu/nexus/content/repositories/{{ gcube_repository }}/org/gcube/dataanalysis/smart-generic-worker/{{ smart_generic_worker_plugin_ver }}/{{ smart_generic_worker_plugin_name }}' diff --git a/smartgears/smart_executor/defaults/main.yml b/smartgears/smart_executor/defaults/main.yml index 83fa19a9..a522af70 100644 --- a/smartgears/smart_executor/defaults/main.yml +++ b/smartgears/smart_executor/defaults/main.yml @@ -1,9 +1,7 @@ --- smart_executor_install: False -#smart_executor_version: 1.2.0-3.9.0 -#smart_executor_version: 1.3.0-3.10.1 -smart_executor_version: 1.3.0-3.11.0-128844 +smart_executor_version: 1.3.0-4.0.0-128844 smart_executor_name: smart-executor smart_executor_file: '{{ smart_executor_name }}-{{ smart_executor_version }}.war' smart_executor_url: 'http://maven.research-infrastructures.eu/nexus/content/repositories/{{ gcube_repository }}/org/gcube/vremanagement/smart-executor/{{ smart_executor_version }}/{{ smart_executor_file }}' diff --git a/smartgears/smartgears/defaults/main.yml b/smartgears/smartgears/defaults/main.yml index 9ddaba88..27e820c4 100644 --- a/smartgears/smartgears/defaults/main.yml +++ b/smartgears/smartgears/defaults/main.yml @@ -15,9 +15,7 @@ smartgears_user: '{{ d4science_user }}' smartgears_user_home: '{{ d4science_user_home }}' smartgears_instance_path: '{{ smartgears_user_home }}/tomcat' smartgears_install_path: '{{ smartgears_user_home }}/SmartGears' -#smartgears_distribution_version: 1.2.6-3.10.0 -#smartgears_distribution_version: 1.2.7-3.10.1 -smartgears_distribution_version: 1.2.7-3.11.0-125799 +smartgears_distribution_version: 1.2.8-4.0.0-129615 smartgears_file: 'smartgears-distribution-{{ smartgears_distribution_version }}.tar.gz' smartgears_url: 'http://maven.research-infrastructures.eu/nexus/content/repositories/{{ gcube_repository }}/org/gcube/distribution/smartgears-distribution/{{ smartgears_distribution_version }}/{{ smartgears_file }}' smartgears_mode: online @@ -31,6 +29,8 @@ smartgears_location: pisa smartgears_http_port: 9000 smartgears_service_name: 'tomcat-instance-{{ smartgears_http_port }}' +smartgears_loglevel: WARN + # The iptables rules use this http_port: '{{ smartgears_http_port }}' diff --git a/smartgears/smartgears/tasks/smartgears-app.yml b/smartgears/smartgears/tasks/smartgears-app.yml index c9b6868e..7afaefb0 100644 --- a/smartgears/smartgears/tasks/smartgears-app.yml +++ b/smartgears/smartgears/tasks/smartgears-app.yml @@ -61,6 +61,14 @@ notify: Restart smartgears tags: [ 'smartgears', 'smartgears_conf', 'tomcat' ] +- name: Change the smartgears log level + become: True + become_user: '{{ d4science_user }}' + shell: LOGLEVEL=$( xmlstarlet sel -t -v "/configuration/logger/@level" {{ item.user_home }}/tomcat/lib/logback.xml | grep {{ smartgears_loglevel }} ) ; [ $? -ne 0 ] && xmlstarlet ed -u "/configuration/logger[@level]/@level" -v {{ smartgears_loglevel }} {{ item.user_home }}/tomcat/lib/logback.xml > {{ item.user_home }}/tomcat/lib/logback.xml.new ; mv {{ item.user_home }}/tomcat/lib/logback.xml.new {{ item.user_home }}/tomcat/lib/logback.xml + with_items: '{{ tomcat_m_instances }}' + notify: Restart smartgears + tags: [ 'smartgears', 'tomcat', 'smartgears_loglevel' ] + - name: Remove some wrong symbolic links created by the install/upgrade script file: dest={{ smartgears_install_path }}/state state=absent with_items: diff --git a/ubuntu-deb-general/defaults/main.yml b/ubuntu-deb-general/defaults/main.yml index 18f613b6..11377ac1 100644 --- a/ubuntu-deb-general/defaults/main.yml +++ b/ubuntu-deb-general/defaults/main.yml @@ -27,6 +27,7 @@ common_packages: - sudo - apt-transport-https - nano + - xmlstarlet # Set this variable in your playbook # additional_packages: From 6aed2db7a27aab8dfc328788b816a477bc3a2c53 Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Fri, 8 Jul 2016 16:31:17 +0200 Subject: [PATCH 09/34] library/roles/foreman/defaults/main.yml: Fix the foreman repository definition. --- foreman/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/foreman/defaults/main.yml b/foreman/defaults/main.yml index e3839b89..8e18b3d3 100644 --- a/foreman/defaults/main.yml +++ b/foreman/defaults/main.yml @@ -2,8 +2,8 @@ # foreman PKG state: latest, installed, absent foreman_pkg_state: latest foreman_repos: - - 'deb http://deb.theforeman.org/ trusty 1.10' - - 'deb http://deb.theforeman.org/ plugins 1.10' + - 'deb http://deb.theforeman.org/ {{ ansible_distribution }} stable' + - 'deb http://deb.theforeman.org/ plugins stable' foreman_repo_key: 'http://deb.theforeman.org/pubkey.gpg' From ac277cb6afadbd50e30a382af310d24b59d591c8 Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Fri, 8 Jul 2016 16:43:11 +0200 Subject: [PATCH 10/34] library/roles/smartgears/smartgears/tasks/smartgears-app.yml: Fix the command that sets the logback log level. --- smartgears/smartgears/tasks/smartgears-app.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/smartgears/smartgears/tasks/smartgears-app.yml b/smartgears/smartgears/tasks/smartgears-app.yml index 7afaefb0..9d463285 100644 --- a/smartgears/smartgears/tasks/smartgears-app.yml +++ b/smartgears/smartgears/tasks/smartgears-app.yml @@ -64,7 +64,7 @@ - name: Change the smartgears log level become: True become_user: '{{ d4science_user }}' - shell: LOGLEVEL=$( xmlstarlet sel -t -v "/configuration/logger/@level" {{ item.user_home }}/tomcat/lib/logback.xml | grep {{ smartgears_loglevel }} ) ; [ $? -ne 0 ] && xmlstarlet ed -u "/configuration/logger[@level]/@level" -v {{ smartgears_loglevel }} {{ item.user_home }}/tomcat/lib/logback.xml > {{ item.user_home }}/tomcat/lib/logback.xml.new ; mv {{ item.user_home }}/tomcat/lib/logback.xml.new {{ item.user_home }}/tomcat/lib/logback.xml + shell: LOGLEVEL=$( xmlstarlet sel -t -v "/configuration/logger/@level" {{ item.user_home }}/tomcat/lib/logback.xml | grep {{ smartgears_loglevel }} ) ; [ $? -ne 0 ] && xmlstarlet ed -u "/configuration/logger[@level]/@level" -v {{ smartgears_loglevel }} {{ item.user_home }}/tomcat/lib/logback.xml > {{ item.user_home }}/tomcat/lib/logback.xml.new ; [ -f {{ item.user_home }}/tomcat/lib/logback.xml.new ] && mv {{ item.user_home }}/tomcat/lib/logback.xml.new {{ item.user_home }}/tomcat/lib/logback.xml with_items: '{{ tomcat_m_instances }}' notify: Restart smartgears tags: [ 'smartgears', 'tomcat', 'smartgears_loglevel' ] From c787b44fc4cdeff174b28c827204ed6c2fa8213b Mon Sep 17 00:00:00 2001 From: Roberto Cirillo Date: Fri, 8 Jul 2016 17:23:49 +0200 Subject: [PATCH 11/34] ../library/roles/smartgears/smartgears/tasks/smartgears-app.yml fix change loglevel --- smartgears/smartgears/tasks/smartgears-app.yml | 8 ++++++-- .../templates/change-logback-loglevel.sh.j2 | 13 +++++++++++++ 2 files changed, 19 insertions(+), 2 deletions(-) create mode 100644 smartgears/smartgears/templates/change-logback-loglevel.sh.j2 diff --git a/smartgears/smartgears/tasks/smartgears-app.yml b/smartgears/smartgears/tasks/smartgears-app.yml index 9d463285..aa0184fd 100644 --- a/smartgears/smartgears/tasks/smartgears-app.yml +++ b/smartgears/smartgears/tasks/smartgears-app.yml @@ -61,11 +61,15 @@ notify: Restart smartgears tags: [ 'smartgears', 'smartgears_conf', 'tomcat' ] +- name: Install the script that manages the smartgears loglevel + template: src=change-logback-loglevel.sh.j2 dest=/usr/local/bin/change-logback-loglevel owner=root group=root mode=0755 + with_items: '{{ tomcat_m_instances }}' + tags: [ 'smartgears', 'smartgears_loglevel', 'tomcat' ] + - name: Change the smartgears log level become: True become_user: '{{ d4science_user }}' - shell: LOGLEVEL=$( xmlstarlet sel -t -v "/configuration/logger/@level" {{ item.user_home }}/tomcat/lib/logback.xml | grep {{ smartgears_loglevel }} ) ; [ $? -ne 0 ] && xmlstarlet ed -u "/configuration/logger[@level]/@level" -v {{ smartgears_loglevel }} {{ item.user_home }}/tomcat/lib/logback.xml > {{ item.user_home }}/tomcat/lib/logback.xml.new ; [ -f {{ item.user_home }}/tomcat/lib/logback.xml.new ] && mv {{ item.user_home }}/tomcat/lib/logback.xml.new {{ item.user_home }}/tomcat/lib/logback.xml - with_items: '{{ tomcat_m_instances }}' + shell: /usr/local/bin/change-logback-loglevel notify: Restart smartgears tags: [ 'smartgears', 'tomcat', 'smartgears_loglevel' ] diff --git a/smartgears/smartgears/templates/change-logback-loglevel.sh.j2 b/smartgears/smartgears/templates/change-logback-loglevel.sh.j2 new file mode 100644 index 00000000..2ddebe2c --- /dev/null +++ b/smartgears/smartgears/templates/change-logback-loglevel.sh.j2 @@ -0,0 +1,13 @@ +#!/bin/bash + +RETVAL= +LOGLEVEL=$( xmlstarlet sel -t -v "/configuration/logger/@level" {{ item.user_home }}/tomcat/lib/logback.xml | grep {{ smartgears_loglevel }} ) +RETVAL=$? + +if [ $RETVAL -ne 0 ] ; then + xmlstarlet ed -u "/configuration/logger[@level]/@level" -v {{ smartgears_loglevel }} {{ item.user_home }}/tomcat/lib/logback.xml > {{ item.user_home }}/tomcat/lib/logback.xml.new + /bin/mv {{ item.user_home }}/tomcat/lib/logback.xml.new {{ item.user_home }}/tomcat/lib/logback.xml +fi + +exit 0 + From b02841191c084e459c9b459c973ddd844ae931e6 Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Fri, 8 Jul 2016 17:38:13 +0200 Subject: [PATCH 12/34] library/roles/smartgears/smartgears/tasks/smartgears-app.yml: do not restart smartgears after running the log level management script: we need a way to know when a change was performed. --- smartgears/smartgears/tasks/smartgears-app.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/smartgears/smartgears/tasks/smartgears-app.yml b/smartgears/smartgears/tasks/smartgears-app.yml index aa0184fd..afe26e13 100644 --- a/smartgears/smartgears/tasks/smartgears-app.yml +++ b/smartgears/smartgears/tasks/smartgears-app.yml @@ -70,7 +70,6 @@ become: True become_user: '{{ d4science_user }}' shell: /usr/local/bin/change-logback-loglevel - notify: Restart smartgears tags: [ 'smartgears', 'tomcat', 'smartgears_loglevel' ] - name: Remove some wrong symbolic links created by the install/upgrade script From 883a8b0826e25b5bc19394150d73a9b9d00e36c1 Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Mon, 11 Jul 2016 17:57:45 +0200 Subject: [PATCH 13/34] library/roles/d4s_user_services_perms: Manage the manually installed tomcat, providing a logrotate rule for catalina and a sudoers configuration that permits to manage the instance by the unprivileged user. --- d4s_user_services_perms/defaults/main.yml | 13 +++++++ .../tasks/d4s-tomcat-node.yml | 34 +++++++++++++++---- .../templates/catalina-logrotate.j2 | 20 +++++++++++ .../templates/startContainer.sh.j2 | 4 +++ .../templates/stopContainer.sh.j2 | 4 +++ .../templates/tomcat-sudoers.j2 | 2 +- 6 files changed, 70 insertions(+), 7 deletions(-) create mode 100644 d4s_user_services_perms/templates/catalina-logrotate.j2 diff --git a/d4s_user_services_perms/defaults/main.yml b/d4s_user_services_perms/defaults/main.yml index 214c9185..e8d9279e 100644 --- a/d4s_user_services_perms/defaults/main.yml +++ b/d4s_user_services_perms/defaults/main.yml @@ -4,6 +4,19 @@ d4science_user_create_home: True d4science_user_home: '/home/{{ d4science_user }}' d4science_user_shell: /bin/bash +d4science_sudoers_commands: + - /etc/init.d/tomcat-instance-* + d4science_tomcat_options_files: - '/etc/default/tomcat-instance-{{ item.0.http_port }}' - '/etc/default/tomcat-instance-{{ item.0.http_port }}.local' + +d4science_manual_tomcat_inst_dir: '{{ d4science_user_home }}/tomcat' +d4science_manual_tomcat_log_dir: '{{ d4science_manual_tomcat_inst_dir }}/logs' +d4science_manual_tomcat_rotate_copies: 15 +d4science_manual_tomcat_rotate_access_log: False +d4science_manual_tomcat_access_log: localhost_access.log + +d4science_tomcat_start_command: + +d4science_tomcat_stop_command: diff --git a/d4s_user_services_perms/tasks/d4s-tomcat-node.yml b/d4s_user_services_perms/tasks/d4s-tomcat-node.yml index 2984ea6a..17a7a56c 100644 --- a/d4s_user_services_perms/tasks/d4s-tomcat-node.yml +++ b/d4s_user_services_perms/tasks/d4s-tomcat-node.yml @@ -1,19 +1,41 @@ --- -- name: Install the sudoers config that permits the tomcat user to restart the service - template: src=tomcat-sudoers.j2 dest=/etc/sudoers.d/tomcat-d4science owner=root group=root mode=0440 - tags: [ 'tomcat', 'd4science', 'sudo' ] - - name: Install the script that allows the tomcat user to start and stop the service without using the full path template: src={{ item.1 }}.j2 dest={{ item.0.user_home }}/{{ item.1 }} owner={{ item.0.user }} group={{ item.0.user }} mode=0755 with_nested: - - '{{ tomcat_m_instances }}' + - '{{ tomcat_m_instances | default ([]) }}' - [ 'startContainer.sh', 'stopContainer.sh' ] - tags: [ 'tomcat', 'd4science', 'sudo' ] + when: tomcat_m_instances is defined + tags: [ 'tomcat', 'd4science', 'sudo', 'startup_cmd' ] - name: Install the README file that explains where the options files are placed and how start/stop the service template: src={{ item.1 }}.j2 dest={{ item.0.user_home }}/{{ item.1 }} owner={{ item.0.user }} group={{ item.0.user }} mode=0444 with_nested: - '{{ tomcat_m_instances }}' - [ 'README-tomcat' ] + when: tomcat_m_instances is defined tags: [ 'tomcat', 'd4science', 'd4s_readme' ] +# A manual tomcat installation. We try to fix it in some way +- name: Create the d4science tomcat user + user: name={{ d4science_user }} home={{ d4science_user_home }} createhome={{ d4science_user_create_home }} shell={{ d4science_user_shell }} + when: tomcat_m_instances is not defined + tags: [ 'tomcat', 'd4science', 'users' ] + +- name: Install the script that allows the tomcat user to start and stop the service without using the full path + template: src={{ item }}.j2 dest=/home/{{ d4science_user }}/{{ item }} owner={{ d4science_user }} group={{ d4science_user }} mode=0755 + with_items: + - 'startContainer.sh' + - 'stopContainer.sh' + when: tomcat_m_instances is not defined + tags: [ 'tomcat', 'd4science', 'sudo', 'startup_cmd' ] + +- name: Install a logrotate rule for catalina.out and access_log + template: src=catalina-logrotate.j2 dest=/etc/logrotate.d/catalina_access owner=root group=root mode=0644 + when: tomcat_m_instances is not defined + tags: [ 'tomcat', 'd4science', 'startup_cmd' ] + +# We always install the sudoers file +- name: Install the sudoers config that permits the tomcat user to restart the service + template: src=tomcat-sudoers.j2 dest=/etc/sudoers.d/tomcat-d4science owner=root group=root mode=0440 + tags: [ 'tomcat', 'd4science', 'sudo', 'startup_cmd' ] + diff --git a/d4s_user_services_perms/templates/catalina-logrotate.j2 b/d4s_user_services_perms/templates/catalina-logrotate.j2 new file mode 100644 index 00000000..836a931c --- /dev/null +++ b/d4s_user_services_perms/templates/catalina-logrotate.j2 @@ -0,0 +1,20 @@ +{{ d4science_manual_tomcat_log_dir }}/catalina.out { + copytruncate + daily + rotate {{ d4science_manual_tomcat_rotate_copies }} + compress + missingok + create 640 {{ d4science_user }} {{ d4science_user }} +} + +{% if d4science_manual_tomcat_rotate_access_log %} +{{ d4science_manual_tomcat_log_dir }}/localhost_access.log { + copytruncate + daily + rotate {{ d4science_manual_tomcat_rotate_copies }} + compress + missingok + create 640 {{ d4science_user }} {{ d4science_user }} +} +{% endif %} + diff --git a/d4s_user_services_perms/templates/startContainer.sh.j2 b/d4s_user_services_perms/templates/startContainer.sh.j2 index 2d5fa86c..a4b2232f 100644 --- a/d4s_user_services_perms/templates/startContainer.sh.j2 +++ b/d4s_user_services_perms/templates/startContainer.sh.j2 @@ -1,5 +1,9 @@ #!/bin/bash +{% if tomcat_m_instances is defined %} sudo /etc/init.d/tomcat-instance-{{ item.0.http_port }} start +{% else %} +sudo {{ d4science_tomcat_start_command }} +{% endif %} exit $? diff --git a/d4s_user_services_perms/templates/stopContainer.sh.j2 b/d4s_user_services_perms/templates/stopContainer.sh.j2 index 2d22e531..da3407a2 100644 --- a/d4s_user_services_perms/templates/stopContainer.sh.j2 +++ b/d4s_user_services_perms/templates/stopContainer.sh.j2 @@ -1,5 +1,9 @@ #!/bin/bash +{% if tomcat_m_instances is defined %} sudo /etc/init.d/tomcat-instance-{{ item.0.http_port }} stop +{% else %} +sudo {{ d4science_tomcat_stop_command }} +{% endif %} exit $? diff --git a/d4s_user_services_perms/templates/tomcat-sudoers.j2 b/d4s_user_services_perms/templates/tomcat-sudoers.j2 index 8dc5cd9a..b10c66ab 100644 --- a/d4s_user_services_perms/templates/tomcat-sudoers.j2 +++ b/d4s_user_services_perms/templates/tomcat-sudoers.j2 @@ -1,2 +1,2 @@ -{{ d4science_user }} ALL=(ALL) NOPASSWD: /etc/init.d/tomcat-instance-* +{{ d4science_user }} ALL=(ALL) NOPASSWD: {% for cmd in d4science_sudoers_commands %}{{ cmd }}{% if not loop.last %},{% endif %}{% endfor %} From 2544a66b68473266d961560976cf3dc10a3ef70e Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Tue, 12 Jul 2016 15:33:46 +0200 Subject: [PATCH 14/34] library/roles/iptables/templates/iptables-rules.v4.j2: If we are going to install letsencrypt, open the port 80/tcp to the world. --- iptables/templates/iptables-rules.v4.j2 | 3 +++ 1 file changed, 3 insertions(+) diff --git a/iptables/templates/iptables-rules.v4.j2 b/iptables/templates/iptables-rules.v4.j2 index f28fb135..22153079 100644 --- a/iptables/templates/iptables-rules.v4.j2 +++ b/iptables/templates/iptables-rules.v4.j2 @@ -41,6 +41,9 @@ -A INPUT -s {{ network.nmis }} -j ACCEPT -A INPUT -s {{ network.eduroam }} -j ACCEPT {% endif %} +{% if letsencrypt_acme_install is defined and letsencrypt_acme_install %} +-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT +{% endif %} {% if http_port is defined %} # http {% if http_allowed_hosts is defined %} From ebe5e5e79f3d477c98d67ef71803fee32577db66 Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Tue, 12 Jul 2016 16:19:48 +0200 Subject: [PATCH 15/34] library/roles/postgresql: Configure ssl for pgpool too, if enable. Option to force ssl client connections to postgres. --- postgresql/defaults/main.yml | 9 +++++ postgresql/files/pgpool-letsencrypt-acme.sh | 36 +++++++++++++++++++ postgresql/tasks/configure-access.yml | 16 ++++++++- postgresql/tasks/main.yml | 4 +++ .../tasks/pgpool-letsencrypt-acmetool.yml | 15 ++++++++ postgresql/templates/pgpool.conf.j2 | 25 ++++--------- 6 files changed, 86 insertions(+), 19 deletions(-) create mode 100644 postgresql/files/pgpool-letsencrypt-acme.sh create mode 100644 postgresql/tasks/pgpool-letsencrypt-acmetool.yml diff --git a/postgresql/defaults/main.yml b/postgresql/defaults/main.yml index 32e10d53..958d1fee 100644 --- a/postgresql/defaults/main.yml +++ b/postgresql/defaults/main.yml @@ -33,6 +33,7 @@ psql_conf_parameters: # SSL as a special case psql_enable_ssl: False +psql_force_ssl_client_connection: False postgresql_letsencrypt_managed: True psql_conf_ssl_parameters: - { name: 'ssl', value: 'true' } @@ -125,6 +126,14 @@ pgpool_memqcache_memcached_port: 11211 pgpool_memqcache_expire: 0 pgpool_memqcache_auto_cache_invalidation: 'on' +# SSL as a special case +pgpool_enable_ssl: False +pgpool_letsencrypt_managed: True +pgpool_ssl_key: /etc/pki/pgpool2/pgpool2.key +pgpool_ssl_cert: '/var/lib/acme/live/{{ ansible_fqdn }}/cert' +pgpool_ssl_ca: '/var/lib/acme/live/{{ ansible_fqdn }}/chain' +pgpool_ssl_ca_dir: /etc/ssl/certs + # WAL files archiving is mandatory for pgpool recovery psql_wal_files_archiving_enabled: '{{ psql_pgpool_install }}' psql_restart_after_wal_enabling: True diff --git a/postgresql/files/pgpool-letsencrypt-acme.sh b/postgresql/files/pgpool-letsencrypt-acme.sh new file mode 100644 index 00000000..4093f67b --- /dev/null +++ b/postgresql/files/pgpool-letsencrypt-acme.sh @@ -0,0 +1,36 @@ +#!/bin/bash + +H_NAME=$( hostname -f ) +LE_SERVICES_SCRIPT_DIR=/usr/lib/acme/hooks +LE_CERTS_DIR=/var/lib/acme/live/$H_NAME +LE_LOG_DIR=/var/log/letsencrypt +PGPOOL2_CERTDIR=/etc/pki/pgpool2 +PGPOOL2_KEYFILE=$PGPOOL2_CERTDIR/pgpool2.key +DATE=$( date ) + +[ ! -d $PGPOOL2_CERTDIR ] && mkdir -p $PGPOOL2_CERTDIR +[ ! -d $LE_LOG_DIR ] && mkdir $LE_LOG_DIR +echo "$DATE" >> $LE_LOG_DIR/pgpool2.log + +if [ -f /etc/default/letsencrypt ] ; then + . /etc/default/letsencrypt +else + echo "No letsencrypt default file" >> $LE_LOG_DIR/pgpool2.log +fi + +echo "Copy the key file" >> $LE_LOG_DIR/pgpool2.log +cp ${LE_CERTS_DIR}/privkey ${PGPOOL2_KEYFILE} +chmod 440 ${PGPOOL2_KEYFILE} +chgrp postgres ${PGPOOL2_KEYFILE} + +echo "Reload the pgpool2 service" >> $LE_LOG_DIR/pgpool2.log +if [ -x /bin/systemctl ] ; then + systemctl reload pgpool2 >> $LE_LOG_DIR/pgpool2.log 2>&1 +else + service pgpool2 reload >> $LE_LOG_DIR/pgpool2.log 2>&1 +fi + +echo "Done." >> $LE_LOG_DIR/pgpool2.log + +exit 0 + diff --git a/postgresql/tasks/configure-access.yml b/postgresql/tasks/configure-access.yml index 30154ba1..ca4ff1fc 100644 --- a/postgresql/tasks/configure-access.yml +++ b/postgresql/tasks/configure-access.yml @@ -6,7 +6,7 @@ # - { name: 'db_name', user: 'db_user', pwd: 'db_pwd', allowed_hosts: [ '146.48.123.17/32', '146.48.122.110/32' ] } # - name: Give access to the remote postgresql client - lineinfile: name=/etc/postgresql/{{ psql_version }}/main/pg_hba.conf regexp="^host {{ item.0.name }} {{ item.0.user }} {{ item.1 }}.*$" line="host {{ item.0.name }} {{ item.0.user }} {{ item.1 }} md5" + lineinfile: name=/etc/postgresql/{{ psql_version }}/main/pg_hba.conf regexp="^host.* {{ item.0.name }} {{ item.0.user }} {{ item.1 }}.*$" line="host {{ item.0.name }} {{ item.0.user }} {{ item.1 }} md5" with_subelements: - '{{ psql_db_data | default([]) }}' - allowed_hosts @@ -14,6 +14,20 @@ - psql_listen_on_ext_int - psql_db_data is defined - item.1 is defined + - not psql_force_ssl_client_connection + notify: Reload postgresql + tags: [ 'postgresql', 'postgres', 'pg_hba' ] + +- name: Give access to the remote postgresql client, force ssl + lineinfile: name=/etc/postgresql/{{ psql_version }}/main/pg_hba.conf regexp="^host.* {{ item.0.name }} {{ item.0.user }} {{ item.1 }}.*$" line="hostssl {{ item.0.name }} {{ item.0.user }} {{ item.1 }} md5" + with_subelements: + - '{{ psql_db_data | default([]) }}' + - allowed_hosts + when: + - psql_listen_on_ext_int + - psql_db_data is defined + - item.1 is defined + - psql_force_ssl_client_connection notify: Reload postgresql tags: [ 'postgresql', 'postgres', 'pg_hba' ] diff --git a/postgresql/tasks/main.yml b/postgresql/tasks/main.yml index 115e215e..36fe4d16 100644 --- a/postgresql/tasks/main.yml +++ b/postgresql/tasks/main.yml @@ -33,5 +33,9 @@ when: - postgresql_letsencrypt_managed - letsencrypt_acme_install is defined +- include: pgpool-letsencrypt-acmetool.yml + when: + - pgpool_letsencrypt_managed + - letsencrypt_acme_install is defined diff --git a/postgresql/tasks/pgpool-letsencrypt-acmetool.yml b/postgresql/tasks/pgpool-letsencrypt-acmetool.yml new file mode 100644 index 00000000..dc2f333d --- /dev/null +++ b/postgresql/tasks/pgpool-letsencrypt-acmetool.yml @@ -0,0 +1,15 @@ +--- +- name: Create the acme hooks directory if it does not yet exist + file: dest={{ letsencrypt_acme_services_scripts_dir }} state=directory owner=root group=root + when: + - pgpool_letsencrypt_managed + - letsencrypt_acme_install + tags: [ 'postgresql', 'postgres', 'pgpool', 'letsencrypt' ] + +- name: Install a script that fix the letsencrypt certificate for postgresql and then reload the service + copy: src=pgpool-letsencrypt-acme.sh dest={{ letsencrypt_acme_services_scripts_dir }}/pgpool owner=root group=root mode=4555 + when: + - pgpool_letsencrypt_managed + - letsencrypt_acme_install + tags: [ 'postgresql', 'postgres', 'pgpool', 'letsencrypt' ] + diff --git a/postgresql/templates/pgpool.conf.j2 b/postgresql/templates/pgpool.conf.j2 index 04f3d9ff..14fc72bb 100644 --- a/postgresql/templates/pgpool.conf.j2 +++ b/postgresql/templates/pgpool.conf.j2 @@ -77,25 +77,14 @@ authentication_timeout = 60 # Delay in seconds to complete client authentication # 0 means no timeout. +{% if pgpool_enable_ssl %} # - SSL Connections - - -ssl = off - # Enable SSL support - # (change requires restart) -#ssl_key = './server.key' - # Path to the SSL private key file - # (change requires restart) -#ssl_cert = './server.cert' - # Path to the SSL public certificate file - # (change requires restart) -#ssl_ca_cert = '' - # Path to a single PEM format file - # containing CA root certificate(s) - # (change requires restart) -#ssl_ca_cert_dir = '' - # Directory containing CA root certificate(s) - # (change requires restart) - +ssl = on +ssl_key = '{{ pgpool_ssl_key }}' +ssl_cert = '{{ pgpool_ssl_cert }}' +ssl_ca_cert = '{{ pgpool_ssl_ca }}' +ssl_ca_cert_dir = '{{ pgpool_ssl_ca_dir }}' +{% endif %} #------------------------------------------------------------------------------ # POOLS From b53163a875c3fc1c8659261ddcbc5ab541bc21f2 Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Tue, 12 Jul 2016 16:29:52 +0200 Subject: [PATCH 16/34] library/roles/iptables/tasks/main.yml: Start the iptables rules immediately after a new set of rules is installed. --- iptables/tasks/main.yml | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/iptables/tasks/main.yml b/iptables/tasks/main.yml index 3c6163c1..c3b85587 100644 --- a/iptables/tasks/main.yml +++ b/iptables/tasks/main.yml @@ -34,7 +34,7 @@ - rules.v4 - rules.v6 when: is_trusty - notify: Start the iptables service + register: install_iptables_rules tags: [ 'iptables', 'iptables_rules' ] - name: Install the IPv4 and IPv6 iptables rules. The IPv6 ones are not used. On debian 7 @@ -43,7 +43,7 @@ - rules.v4 - rules.v6 when: is_debian7 - notify: Start the iptables service + register: install_iptables_rules tags: [ 'iptables', 'iptables_rules' ] - name: Install the IPv4 and IPv6 iptables rules. The IPv6 ones are not used. On debian 8 @@ -52,6 +52,17 @@ - rules.v4 - rules.v6 when: is_debian8 - notify: Start the netfilter service + register: install_netfilter_rules tags: [ 'iptables', 'iptables_rules' ] +- name: Start the iptables service immediately after the new rules have been installed. This can have an impact on other tasks + service: name=iptables-persistent state=restarted enabled=yes + notify: Restart fail2ban + when: ( install_iptables_rules | changed ) + tags: [ 'iptables', 'iptables_rules' ] + +- name: Start the netfilter service immediately after the new rules have been installed. This can have an impact on other tasks + service: name=netfilter-persistent state=restarted enabled=yes + notify: Restart fail2ban + when: ( install_netfilter_rules | changed ) + tags: [ 'iptables', 'iptables_rules' ] From 250042228724222bf4c087b0299de5ebb000baa0 Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Tue, 12 Jul 2016 16:37:27 +0200 Subject: [PATCH 17/34] library/roles/ubuntu-deb-general/defaults/main.yml: Do not run by default the task that disables services. --- ubuntu-deb-general/defaults/main.yml | 1 + ubuntu-deb-general/tasks/disable-unneeded-services.yml | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/ubuntu-deb-general/defaults/main.yml b/ubuntu-deb-general/defaults/main.yml index 11377ac1..ac6d6b61 100644 --- a/ubuntu-deb-general/defaults/main.yml +++ b/ubuntu-deb-general/defaults/main.yml @@ -78,6 +78,7 @@ exim_email_server_pkgs: - exim4-config - exim4-daemon-light +disable_some_not_needed_services: False services_to_be_disabled: - rpcbind - atd diff --git a/ubuntu-deb-general/tasks/disable-unneeded-services.yml b/ubuntu-deb-general/tasks/disable-unneeded-services.yml index 67f5ccc2..68884cb6 100644 --- a/ubuntu-deb-general/tasks/disable-unneeded-services.yml +++ b/ubuntu-deb-general/tasks/disable-unneeded-services.yml @@ -2,5 +2,5 @@ - name: Disable some unneeded services service: name={{ item }} state=stopped enabled=no with_items: '{{ services_to_be_disabled }}' - ignore_errors: True + when: disable_some_not_needed_services tags: [ 'bootstrap', 'disable_services' ] From 487572aa6ea45366ff8e6fc8fe8354110af24688 Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Tue, 12 Jul 2016 19:15:00 +0200 Subject: [PATCH 18/34] library/roles/ganglia: Change templates and defaults to support an unicast configuration. library/roles/iptables: Rules to support a ganglia configuration that runs over unicast and not multicast. --- ganglia/defaults/main.yml | 6 +++++- ganglia/tasks/main.yml | 2 +- ganglia/templates/gmond.j2 | 16 +++++++++++++--- iptables/tasks/main.yml | 22 +++++++++++++++++----- iptables/templates/iptables-rules.v4.j2 | 6 ++++++ 5 files changed, 42 insertions(+), 10 deletions(-) diff --git a/ganglia/defaults/main.yml b/ganglia/defaults/main.yml index 906bca9c..aedcbd7a 100644 --- a/ganglia/defaults/main.yml +++ b/ganglia/defaults/main.yml @@ -5,8 +5,12 @@ #ganglia_gmond_cluster_port: 8649 #ganglia_gmond_mcast_addr: 239.2.11.71 #ganglia_gmetad_host: ganglia-gmetad -ganglia_gmond_send_metadata_interval: 60 +ganglia_gmond_send_metadata_interval: 30 # Needed to build the correct firewall rules when jmxtrans is in use ganglia_gmond_use_jmxtrans: False # Used by other roles to install specific ganglia iptables rules or some specific ganglia plugins. Or not. ganglia_enabled: False +ganglia_unicast_mode: False +ganglia_unicast_networks: + - 0.0.0.0/0 + diff --git a/ganglia/tasks/main.yml b/ganglia/tasks/main.yml index a68eff4d..c0165f17 100644 --- a/ganglia/tasks/main.yml +++ b/ganglia/tasks/main.yml @@ -45,7 +45,7 @@ tags: [ 'monitoring', 'ganglia' ] - name: Distribute the ganglia configuration file for Ubuntu < 12.04 and >= 10.04 and Debian 6 - template: src=gmond-3.1.j2 dest=/etc/ganglia/gmond.conf owner=root group=root mode=444 + template: src=gmond.j2 dest=/etc/ganglia/gmond.conf owner=root group=root mode=444 when: is_ubuntu_between_10_04_and_11_04_and_is_debian_6 notify: Restart ganglia monitor tags: [ 'monitoring', 'ganglia' ] diff --git a/ganglia/templates/gmond.j2 b/ganglia/templates/gmond.j2 index dc2ef39c..d33a2a07 100644 --- a/ganglia/templates/gmond.j2 +++ b/ganglia/templates/gmond.j2 @@ -32,8 +32,9 @@ host { /* Feel free to specify as many udp_send_channels as you like. Gmond used to only support having a single channel */ +{% if not ganglia_unicast_mode %} udp_send_channel { - bind_hostname = yes + #bind_hostname = yes mcast_join = {{ ganglia_gmond_mcast_addr }} port = {{ ganglia_gmond_cluster_port }} ttl = 1 @@ -45,10 +46,19 @@ udp_recv_channel { port = {{ ganglia_gmond_cluster_port }} } -udp_recv_channel { - bind = {{ ansible_fqdn }} +{% else %} +{% for host in ganglia_gmetad_sources %} +udp_send_channel { + host = {{ host }} port = {{ ganglia_gmond_cluster_port }} + ttl = 1 } +{% endfor %} + +{% endif %} +udp_recv_channel { + port = {{ ganglia_gmond_cluster_port }} +} /* You can specify as many tcp_accept_channels as you like to share an xml description of the state of the cluster */ diff --git a/iptables/tasks/main.yml b/iptables/tasks/main.yml index c3b85587..892fb731 100644 --- a/iptables/tasks/main.yml +++ b/iptables/tasks/main.yml @@ -25,7 +25,7 @@ - rules.v4 - rules.v6 when: is_precise - notify: Start the iptables service + register: install_iptables_rules_precise tags: [ 'iptables', 'iptables_rules' ] - name: Install the IPv4 and IPv6 iptables rules. The IPv6 ones are not used. On trusty @@ -34,7 +34,7 @@ - rules.v4 - rules.v6 when: is_trusty - register: install_iptables_rules + register: install_iptables_rules_trusty tags: [ 'iptables', 'iptables_rules' ] - name: Install the IPv4 and IPv6 iptables rules. The IPv6 ones are not used. On debian 7 @@ -43,7 +43,7 @@ - rules.v4 - rules.v6 when: is_debian7 - register: install_iptables_rules + register: install_iptables_rules_deb7 tags: [ 'iptables', 'iptables_rules' ] - name: Install the IPv4 and IPv6 iptables rules. The IPv6 ones are not used. On debian 8 @@ -55,10 +55,22 @@ register: install_netfilter_rules tags: [ 'iptables', 'iptables_rules' ] -- name: Start the iptables service immediately after the new rules have been installed. This can have an impact on other tasks +- name: Start the iptables service immediately after the new rules have been installed, on Ubuntu precise. This can have an impact on other tasks service: name=iptables-persistent state=restarted enabled=yes notify: Restart fail2ban - when: ( install_iptables_rules | changed ) + when: ( install_iptables_rules_precise | changed ) + tags: [ 'iptables', 'iptables_rules' ] + +- name: Start the iptables service immediately after the new rules have been installed, on Ubuntu Trusty. This can have an impact on other tasks + service: name=iptables-persistent state=restarted enabled=yes + notify: Restart fail2ban + when: ( install_iptables_rules_trusty | changed ) + tags: [ 'iptables', 'iptables_rules' ] + +- name: Start the iptables service immediately after the new rules have been installed, on Debian 7. This can have an impact on other tasks + service: name=iptables-persistent state=restarted enabled=yes + notify: Restart fail2ban + when: ( install_iptables_rules_deb7 | changed ) tags: [ 'iptables', 'iptables_rules' ] - name: Start the netfilter service immediately after the new rules have been installed. This can have an impact on other tasks diff --git a/iptables/templates/iptables-rules.v4.j2 b/iptables/templates/iptables-rules.v4.j2 index 22153079..a9ebe483 100644 --- a/iptables/templates/iptables-rules.v4.j2 +++ b/iptables/templates/iptables-rules.v4.j2 @@ -178,12 +178,18 @@ {% if ganglia_enabled %} {% if ganglia_gmond_cluster_port is defined %} # Ganglia +{% if not ganglia_unicast_mode %} {% if ganglia_gmond_use_jmxtrans is not defined or not ganglia_gmond_use_jmxtrans %} -A INPUT -m pkttype --pkt-type multicast -d {{ ganglia_gmond_mcast_addr }} -j ACCEPT {% else %} -A INPUT -m pkttype --pkt-type multicast -j ACCEPT -A INPUT -p udp -m udp -d {{ ganglia_gmond_mcast_addr }} --dport {{ ganglia_gmond_cluster_port }} -j ACCEPT {% endif %} +{% else %} +{% for net in ganglia_unicast_networks %} +-A INPUT -p udp -m udp -s {{ net }} --dport {{ ganglia_gmond_cluster_port }} -j ACCEPT +{% endfor %} +{% endif %} -A INPUT -m state --state NEW -s {{ ganglia_gmetad_host }} -p tcp -m tcp --dport {{ ganglia_gmond_cluster_port }} -j ACCEPT -A INPUT -s {{ ganglia_gmetad_host }} -p udp -m udp --dport {{ ganglia_gmond_cluster_port }} -j ACCEPT {% endif %} From 130b6e3ced2d6763a2c43312a9d62b688fdd0a62 Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Wed, 13 Jul 2016 18:30:56 +0200 Subject: [PATCH 19/34] library/roles/smartgears/ckan_connector: New version. Task that permit the upgrades management. --- smartgears/ckan_connector/defaults/main.yml | 8 ++++---- smartgears/ckan_connector/tasks/main.yml | 6 +++++- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/smartgears/ckan_connector/defaults/main.yml b/smartgears/ckan_connector/defaults/main.yml index 7b36849e..2896f5a9 100644 --- a/smartgears/ckan_connector/defaults/main.yml +++ b/smartgears/ckan_connector/defaults/main.yml @@ -1,8 +1,8 @@ --- -gcube_repository: 'gcube-snapshots' +gcube_repository: 'gcube-staging' ckan_connector_plugin_install: False -ckan_connector_ver: 1.0.0 -ckan_connector_name: 'ckan_connector-{{ ckan_connector_ver }}-20160627.090904-1.war' -ckan_connector_url: 'http://maven.research-infrastructures.eu/nexus/content/repositories/{{ gcube_repository }}/org/gcube/data/access/ckan_connector/{{ ckan_connector_ver}}-SNAPSHOT/{{ ckan_connector_name }}' +ckan_connector_ver: 1.0.0-4.0.0-129609 +ckan_connector_name: 'ckan_connector-{{ ckan_connector_ver }}-{{ ckan_connector_ver }}.war' +ckan_connector_url: 'http://maven.research-infrastructures.eu/nexus/content/repositories/{{ gcube_repository }}/org/gcube/data/access/ckan_connector/{{ ckan_connector_ver}}/{{ ckan_connector_name }}' ckan_connector_war_file: ckan-connector.war ckan_connector_user: ckan_connector diff --git a/smartgears/ckan_connector/tasks/main.yml b/smartgears/ckan_connector/tasks/main.yml index 1fa412ff..ed6400fc 100644 --- a/smartgears/ckan_connector/tasks/main.yml +++ b/smartgears/ckan_connector/tasks/main.yml @@ -1,6 +1,10 @@ --- - block: - + + - name: Remove the installed CKAN connector before upgrading + file: dest={{ smartgears_instance_path }}/webapps/ckan-connector state=absent + when: smartgears_upgrade + - name: Get the CKAN connector war file get_url: url={{ ckan_connector_url }} dest={{ smartgears_instance_path }}/webapps/{{ ckan_connector_war_file }} From 36180848191b56ed00a046e794cfb80f83cc167e Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Wed, 13 Jul 2016 19:04:28 +0200 Subject: [PATCH 20/34] d4science-ghn-cluster: CKAN, fixes to the smartgears/ckan-connector installation. library/roles/smartgears/ckan_connector: New version, fix the upgrade phase. library/roles/solr-tomcat-instance: Configure a multicore instance when requested. --- ckan/ckan-solr/defaults/main.yml | 4 + ckan/ckan-solr/tasks/main.yml | 6 +- smartgears/ckan_connector/defaults/main.yml | 7 +- smartgears/ckan_connector/tasks/main.yml | 5 +- solr-tomcat-instance/defaults/main.yml | 8 +- .../files/solr_core_base.tar.gz | Bin 0 -> 116285 bytes solr-tomcat-instance/tasks/main.yml | 69 ++++++++++-------- solr-tomcat-instance/templates/solr.xml.j2 | 15 ++++ 8 files changed, 75 insertions(+), 39 deletions(-) create mode 100644 solr-tomcat-instance/files/solr_core_base.tar.gz diff --git a/ckan/ckan-solr/defaults/main.yml b/ckan/ckan-solr/defaults/main.yml index 655077c2..fc579c10 100644 --- a/ckan/ckan-solr/defaults/main.yml +++ b/ckan/ckan-solr/defaults/main.yml @@ -1,2 +1,6 @@ --- ckan_solr_port: 8983 +solr_multicore: True +solr_cores: + - collection1 + diff --git a/ckan/ckan-solr/tasks/main.yml b/ckan/ckan-solr/tasks/main.yml index 71738e0c..4ac0d794 100644 --- a/ckan/ckan-solr/tasks/main.yml +++ b/ckan/ckan-solr/tasks/main.yml @@ -1,12 +1,14 @@ --- - name: Install the solr schema used by CKAN - file: src=/usr/lib/ckan/default/src/ckan/ckan/config/solr/schema.xml dest={{ tomcat_m_instances_base_path }}/{{ ckan_solr_port }}/solr/data/solr/collection1/conf/schema.xml state=link force=yes + file: src=/usr/lib/ckan/default/src/ckan/ckan/config/solr/schema.xml dest={{ solr_collections_base_dir }}/{{ item }}/conf/schema.xml state=link force=yes + with_items: '{{ solr_cores }}' when: not ckan_geonetwork_harvester notify: Solr Restart tags: [ 'ckan', 'solr', 'solr_schema' ] - name: Install the solr schema used by CKAN, modified with the spatial fields - copy: src=schema.xml dest={{ tomcat_m_instances_base_path }}/{{ ckan_solr_port }}/solr/data/solr/collection1/conf/schema.xml force=yes + copy: src=schema.xml dest={{ solr_collections_base_dir }}/{{ item }}/conf/schema.xml force=yes + with_items: '{{ solr_cores }}' when: ckan_geonetwork_harvester notify: Solr Restart tags: [ 'ckan', 'solr', 'solr_schema' ] diff --git a/smartgears/ckan_connector/defaults/main.yml b/smartgears/ckan_connector/defaults/main.yml index 2896f5a9..e00efe9a 100644 --- a/smartgears/ckan_connector/defaults/main.yml +++ b/smartgears/ckan_connector/defaults/main.yml @@ -2,7 +2,8 @@ gcube_repository: 'gcube-staging' ckan_connector_plugin_install: False ckan_connector_ver: 1.0.0-4.0.0-129609 -ckan_connector_name: 'ckan_connector-{{ ckan_connector_ver }}-{{ ckan_connector_ver }}.war' -ckan_connector_url: 'http://maven.research-infrastructures.eu/nexus/content/repositories/{{ gcube_repository }}/org/gcube/data/access/ckan_connector/{{ ckan_connector_ver}}/{{ ckan_connector_name }}' -ckan_connector_war_file: ckan-connector.war +ckan_connector_name: ckan-connector +ckan_connector_filename: '{{ ckan_connector_name }}-{{ ckan_connector_ver }}.war' +ckan_connector_url: 'http://maven.research-infrastructures.eu/nexus/content/repositories/{{ gcube_repository }}/org/gcube/data/access/{{ ckan_connector_name }}/{{ ckan_connector_ver}}/{{ ckan_connector_filename }}' +ckan_connector_war_file: '{{ ckan_connector_name }}.war' ckan_connector_user: ckan_connector diff --git a/smartgears/ckan_connector/tasks/main.yml b/smartgears/ckan_connector/tasks/main.yml index ed6400fc..c8c396af 100644 --- a/smartgears/ckan_connector/tasks/main.yml +++ b/smartgears/ckan_connector/tasks/main.yml @@ -2,7 +2,10 @@ - block: - name: Remove the installed CKAN connector before upgrading - file: dest={{ smartgears_instance_path }}/webapps/ckan-connector state=absent + file: dest={{ item }} state=absent + with_items: + - '{{ smartgears_instance_path }}/webapps/ckan-connector' + - '{{ smartgears_instance_path }}/webapps/ckan-connector.war' when: smartgears_upgrade - name: Get the CKAN connector war file diff --git a/solr-tomcat-instance/defaults/main.yml b/solr-tomcat-instance/defaults/main.yml index a3ec346a..1f842043 100644 --- a/solr-tomcat-instance/defaults/main.yml +++ b/solr-tomcat-instance/defaults/main.yml @@ -23,11 +23,17 @@ solr_outside_tomcat_dir: False # We need to define this one because we are using the tomcat multiple instances role solr_tomcat_instance_dir: '{{ tomcat_m_instances_base_path }}/{{ solr_http_port }}' solr_data_dir: '{{ solr_tomcat_instance_dir }}/solr' +solr_collections_base_dir: '{{ solr_data_dir }}/data/solr' solr_zookeeper_data_dir: '{{ solr_data_dir }}/zoo_data' solr_install_collection1: False # Stand alone solr_opts: "-DzkRun -DnumShards={{ solr_shards }}" # This is for the replica/sharded version # We need to pass a lot of options to the jdk for zookeeper and the solr shard configuration -#solr_opts: "-DzkRun={{ ansible_fqdn}}:{{ solr_zoo_port }} -DnumShards={{ solr_shards }} -DzkHost=index1.t.hadoop.research-infrastructures.eu:{{ solr_zoo_port }},index2.t.hadoop.research-infrastructures.eu:{{ solr_zoo_port }},index3.t.hadoop.research-infrastructures.eu:{{ solr_zoo_port }} -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.port={{ solr_jmx_port_1 }} -Dcom.sun.management.jmxremote.password.file={{ tomcat_conf_dir }}/jmxremote.passwd -Dcom.sun.management.jmxremote.access.file={{ tomcat_conf_dir }}/jmxremote.access" +#solr_opts: "-DzkRun={{ ansible_fqdn}}:{{ solr_zoo_port }} -DnumShards={{ solr_shards }} -DzkHost=index1:{{ solr_zoo_port }},index2:{{ solr_zoo_port }},index3:{{ solr_zoo_port }}" + +# Define the following if you want a multicore installation +#solr_multicore: True +solr_cores: + - collection1 diff --git a/solr-tomcat-instance/files/solr_core_base.tar.gz b/solr-tomcat-instance/files/solr_core_base.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..8465587f781f73cb9666cccae6503087dd982f51 GIT binary patch literal 116285 zcmV*JKxV%miwFQZUxrrz1MIzNdmG2KF1o))zoLWeb4_KFAOHd+s7TJiD8eEE8UQ6r zv5%f6&?I4j0E0mklau?z&OFCt=2&v((HWG;iUulqo-J9^zaT&A3;)7hHLUJh-CfRVmYj+kvG~+fJnb=Hkq5nIw1WO<#?$+O*|?1R!>$%S#_G>~DHB%(2(G{%ZVAPsnfRlec;lkhpis4c6rM% zH=scca~Yc1HaFS0@xkF^4lUU10h>Fk<3?W&I#5vu$Ke*X4mzzC0DhSrBa*2ZrCP+u zW@@F{IM6s#s?SxH>c*K&wVEl{ONE+IsT#RTIbW)mDrNXqG&1G0#;H;{KWNSwR_R(b(nN)SiSXDpN(c8 zn%4v>?bdp0z=f#q?Ns#0kt2mmCe+EKzun7$Xd9&tC_Wp>Jn*ss;=Og`M9}BRk@^~E zjx5bMwbAQdY&C&RCTjtUmzhu7hGX+0Yz0k~RClf4kvEZO|Jw2197!gzm$*B$#Z>b=NJ0 zU4yL+5Y#sGg_#skkG^Pix83e;vZnQi%M)0!=5lsg1?)5 z=*)J%YuL1wE#m^S5CFDBqoGA+P@`GTo7RdsY!5&T8lr+th8MisY{9r*u&fQ<2b)j} zM&{BuZ#xhf_Js{##CjID1DsC3(Q9oC`dq4-mf2>^<>m^>^gHGT$RIc0%w#n{P?>J^ zK$eBwv)jbQ$#S~NM}xAI`2f4kjh@D@?$eT}w!{GYD-c-rNGk0h1#**KREb zF%HKDDlKuM91240G@;!!VSr#XUod-po74((cBmZ+O~y-M?yYrZG(jV}?TZ#C5ZP!C zS3yuC4(EhXvN$Cl@nW{kkt$=XWgP>-GTU390p~Mrlc|CQw?I(mp!POekd zhwTAaIpF?93v^{m4v%c2aUA&bywjX55cEsJGkL~^^+xnlFbBT!7Ryda*KN~c)X{+X zQRA*qh!iMSyB|IB?~ZVueS$uG3_svHSlpjVY2$w$FUJ!zFb_!0Bw?Zuiziak@&7PV zA8@<)=l|#NKOg_|V9o~T!9_y+)QrB`?{=PQ9U=2SHUo6c|E3f1>1Xr5599OMNUPHt zWO}Rp$g$6UZagA|U>@9Mt(oHtnv(r@+8_Xph#n1wg{=dI3a zyVYNNUq&HJ|7T*Z{7)j0nu$Nt{}1EyS%~aZ6A)>wc3{4jGy7KL7)<1>&#`#aWfpie z7%?N`@{f-5SJVEpXW4)D?Y{>2*RuT-=9TuJTlg15koae7#r~_~{59y>f7{esHla?} z`OE&XYZL0)gq&(n8O9G{wGpNxBe#+&;0*~@^S0G)FhV?aI|tA6u6?sLHSu-~_w%GI4wh8tk@@jW$W!SbK z*H5!&b*pV%Y_a5BkEf=S zv1j`KVSJ8%bYkMj(^vy~N=rabWd-P|EdV{8^`G~+{3CL1hgkeM@>G_7p2Et{(_8p? zD(gOB%RUnm&mTF$6oJbPlVgxrF(7R9h7so}<7KFpkrC??txlsoZ1Nnh)EWpFCyoeV zT<%`N5pA&L6P`G~*s?Y`xhM>jSV9?yI_Sa>kUP>B{q9+khG-LSMt`llX$(Qkj~s8U zuNwVc<3t4hm~1t=lTfhFmtUZ-(T&b(l*5VT?qJYee_F9Xi2sj+vvREFpJ)F6ng4(0 z|Iz;k8A5{<rSteTR(5Pd^u-6{b zIp?FFh=@hn`An^DlF;K|Ih5d*8Za*`~Z!Au~hxHS$}E&VItcfSUup~2eK7pwEZ8d{ZG!sXP)i<_%J?V z{D-}s)oE<89b6wk9U=aIW;*8f|EYN5+5GQA`5gZw+qHL5_`DO5cr+F~+ma`&n#R?Izp8ZW$eO9oP^-%Nk)!#r&>VZ8rpc zERo}TXsIUhK!evMLIvKKr43LypuN)TuB&2zjbr7bAZwE>$D4@7;}fyjiNp-AjuT-8 zIQm3nsg{qxh@XgLsxVCK!HGyRIyE(wo{2{cnWAP-PZnUf${AzP>USf?WDupLJW_%# zBvLceX_eAatzON{moi4a3+A>LOslX|MOv}wOmb>^W?G?D81}jw7Kj=9BbZROI`1?p zosP$5rxZfjYUW&N-l$q;JD5x^qxNkomX45&UdU8W8K-*SB7zCcow8Xy6HUkBvx$U4Xs%K|X`EvJ8HL+( zOGTuWh^L~{@#$HW)>8Rorg|2f83e$CU`nN$!z*A`Jdsv84mNi_Q_l15h486Vwk10` z8%@r}(yEq#`2!894mYe2F1?gj6l6LXpGr|O_42&2P$@@^;u5s0#!3gaYTmX2Q_-2& z?97zPs8X$(Da;$SHS5z>h@!l(XiMe{h-M-gR|&n4S;o~oX4m_0okjnAk` zd#X|`WQ?&I_>;M##+hyyu`_vxQ;C^WJgLglsiiZSQr*b6I$^T3@KV`s)KoN`O3$h$ zV4?6*DOVXmb<5`zOOi-~rl<@m7tR>x3K=d;qX>ApqG(+@H5;2!8&$4U&t%SyqI8R= zY;j7@L{l>mn=5n{Gp9eww7s!Qy&NeGQO+ejv-qSJ{O zk;X+ZlBLDPQW=7XaDFe&mmSFlI~k|6DxB5l+TFocFr8{ep%agRA5q1qT3N`HL38J= zVF;O}tW72njVGt4RrXYuYBjF^5S<0nsb#8)!lq)$X?5Uh;EPK}rkcqzYOSp>_f|Wp z3gztVR7&k!tps**5wvb3kv!+LEDZ)=c4k@)D7e-dnPRn+gO;&fqrnX;oN^ppIz5#n z%3C{A0LLTn9V0Lso2GhFgYfiRp~^*}*n>Ddm{{GhC{wX$GL|4BUeA=yfU1nb zs`^}3A(Wm?rd6%0&t*!yNm+9(#5-jQPK%<`Gl|)h+P$S{CR&KHbDC@BdN84-%$(zV zXVYNiRDLg=s%Aj#jJe*{#ZD`PXfeE`nk@o{zlo$tNtcG_FUvLyzL z9YE)dX|PdbI}3Y*;f8%;U8TwnWwit;U+crVvb4WFWQD>h%ZgW)Op$Bn2TwP24;+ z4{hv3kS-8gZg(3Oj@sukT0MzpV|>wUvuVaSyKIO}OT@)MQ7#KPhdy6iqZdzMyE*kf zZ>#LJ)%=99*4<=5*Eo;yxDa>yY9G09gP56pn4~b#5=}ClYkXWJkMSl=7`eESV>701 zn~#g=?L^$D4M9x#oavY<^Fz@}F7&MSL4R^FUz}Wu#nQ3pMstPJXOl~9!iQKf7LVhF)nVEz`p|qG0c&@H}YrvN>uCW@vXLKi>;uRI$z2rqWmhBhD!Dq(!mY zTOX}q#jHYZ&TOx2wwhpN7?X>`c3XTq1i7M3&JbS2hFP5`n>KD(&6de=?As()oAZv5 zI}hJ%Gc51n>|6XOon1&;I3b*UU}l$DJ8?msbSCUT9D4+%IM_C)uHqIi-Lp0X_r%W_ z%a&>t-n@9G0S;@x;#pzk(K(8({q`|Gdou@nwrKU*@`5~Ze;#;}Rjv#Jav+bnE<#|8 znfdNe9_w4PAgb&g72bp!d=_Ct>xwOA_oJ_x7fsR@f`sPViJGseWP>;^dIJ(t0&t#1srqDK)Wi72QO3?_c&7sn|W z)||VaH;hlsXX>T0k;^QW>X~_CzEH0hsz!##DaOfa=5*neBaxSfu~;r9nwp7l=xZU+ zOm3-eL*oScdI&UEs^*p!it~k+5T79UFNEOhrTM&F^%Q}AF$9_~WeU{-glY&+68M)w z;MG$3q>;&19HymI{Jk)KFJyAnN?BmR4-;${*Rs_DRvV8IhTRM6b>(EGTsVbT(&hW# zF@lXlt+BRg>gd;Ub7wM=Zn~(_eekU?A;>tK$mI$2%BX{Aumv^3(|mzY`dJvIN?i=6 zmr{X@&VyScO9m&UXh*!5Q7JtPlaYL7DLY?KRWm^)k_MLBa>2j zopnjn^^vK#*_4J(Kvzu$BYVo^j&{&eW_Z8T4fBH zND<|J^kaXJ6167ShD`5tXvPs1A=^`cZ{m}Y-$;=Yr z-@6qoeBMAQPT|4UsaiTYS2yM|^F>Zc(wNO0rU@QTeW(_ALy##74>oi`VU~-L!7>{Z zWX(`QzdsBiZ~tZ~wLcz)8VRtnl+d3JL&!5|c}nar;bz{;aH;^eu8v59gjO!$`TK}8 zyn&TVjNTcM5DBYX67-J|X?TJvB0&4ED+X{WTgz2Ti**-85md!yV-)zkFrZ@&0Zamh z{hjZ6LOH)WlX+U_)nNToCWndKbc#Y9A#z22#MA?h2+qNs*L-3}pSBi@Ng^#z-qZ); z0+E@S!gyN-n_t!C>h=MYN>LC!2m$PF#zG(vEGd0ImB$%oVEAF8Eul`?yh%~X+0#zjWY z*0TsfUY?aRn>PWnn5h=Z^*IOv&jl;RtVEBQM`evV!(zby%NN>)t_0|esV!Y-G=~y!Qvl2a=7@sERzN>-v~XI0eRwJ(IgGSw=ZL!i8nI`?jbb(T&cAgoPLyf#gq^$$uh zQ;vA8-Iw@zcASC`m{tkwZ~r4KF_Oi^$czd+*!@L#VkC=+5z^`VpZ6C-LSFom33@LvzX zyV4l(ScbsA8CJcLn2P08=>0H`sZN5h>*4JXBweh@s@TUr^jPeAwNTH^!Eoo$$dlUk zu6;4s$mh_yCkgCE=*S3(@XR3T0PSzz2s5%dG_nMEu=~q!Bb!4bJEcPJYO(~rqFj*N zY6yYQD7~K`Q{dNv>-326EJ1%G5bY7-ECGKjxN22|^D6NER|A2n0H;;l!`(m}72lkS ze5A>zVN;i?^XQ6FDsJya2zzz1NVvTJolFVh@3$O5otm7sC7r>JUbhvd`OBM)4=u^I6&Kv4->~-_>=! zP@j{Uhe?XOkm7Ia5P2UtE)b};vb;}N6(`l+|C$afj!~D5JnFzK!D$^&-m5(sg8W7Z zl7@0w6}xxsOTorGkH$PjVP6i0;h+F;ngDNvb<-1qWhh?jVDp+FEJyKSQsE853Y0*Y zY^dHKUZBFUcVjyY?PO%tM#K{;nf>jXVLmXAK9C66lgl@C^_R-ErTGj3Gcz*;c(D7c zaOasv=b2QYcmL{daU8uZN**sm{h#}&)fUoMonAnU{gmyb9 z+6=YHel0++_!&V@yVT%I4;z&rME1Ae8YNJ|0h^VAHr5n@(!(1XX~`P-(#dLOaSj7% z8G<*(eE-3hH8{U+qfL_C)}*~1woj4rk2Ps*sERf*f&;*q;OX|2Q7Fv z66GX=#B#}9ZCvL~pvQ8v1gedB3YyJCxeUQ;1H6L&uAp32h2PW09Dd6N7->lC_d>Ah z-kx}pKz|U{YS$z*K26|13W1Z&L2)ux_kI$_a7CEogxB}A@u59KveT&r0@TKZmBm8Y z2I1nZ06o;&JDW$|Z99a^54EYXLeRz?!s>_G4Wb3FdxA)Y@cL0$1L!IPsd(?2lO6G& zM&Kl3hQMxwNu`iz&prYwpnEsMBvc`zCIP6R?%fEJRGo)TQ!-&f%Y!pYAwwy=Iode# z4msigbaI5wE$xzR!9P~Y(w^MXuHP0k+k3LKBe%3Gw<;?T>uS6AlfEfbT?C|uB0SJ@t{WO@# zY6L)7^x(2TkjP&wp3keGhnkha05?vU^iZ=*5a`4Sryd4NqsxU8Ry_)?oH}q)>7yU{ zBi*r5B1JUkk!EbvNGXvbqw?s@keVnqN3fa^bz!|J6f(q*uJ}{Q%~u!=O+yMQiN~7V z$C3m=&Jv~HyQW!Mky5EZAzC8L-n+gXIK2M*jT4lF#%!pJ^QSXK>3r`HBjHalNeJEu zwo1A&{dTau z4~zGR-0#1xWH$Y`AIpd>HcObZzw^D|j3kDMd7|dXn{@ExAIczT;Djl;#Lhio9AXhwE^epTli;7a6wFjk({weQxLB;QH-wun# zix`V%Rp661oi!WZSiFd9!!ZK8tlfx$`CE z#L$0Qh2GbAMxTL^{%}REru;b&=(n0uAOx;!cGMR2t0}YvH#EoCbb?VN=vx{;GtXYt zQ1d4-n^j5d?|eU4eNnRVDHZnQvSzD?M?i8a?BLFq!*mx%7&A<=ncF`fMR&2WcuHw( zMd{5?E#XL-ra3Q($Po12zD?hPl4K8rkwV9@I-$Oc7Gf08Bd~TBtv^oGm+5hylnWYKx>?n zpT-vnP_vyvr|)qB)+{UfYx|T6eV{q0;wQ%`75GSVFM(GQr(*=C>8OmKZSf}^+;~G95lADu4p>@i0{$VG&WyFVZ%RODC%-XvV#x0sZ z2mCa}Yu8HWyk-W_X^PffoinGHM%w<2N@0KdPM8y#Lno9cz^lIv>v*A-E0ptvs+>Jf z&rtk3T0FZbz@BrbRMf%l@4`LM9C{$at9zPINUIdG;x&QR#5BGtF{2_MYJ8WULKIct zBTa*)@j-ot3l7!|ozds4OH4kW!zVF@8 z_+Fh-Pf>L6SbJ1DMbW`y?NR6%iq@=~_^b0Q#cGz~^vawi_*?P3>m{FUXVPJo1XO#?V##OQ zS)M?(TbW9_ZD$37|4s?1*V zeNTIRT*+s-IYF3pPkU)x$H%Jy!Ai5b0vOkJp=GPid-Y%IJ>N@+?UY$!a7KZKwA+y4xUMoSotl9oSt%gJnb z6aFQhhsHZIiUfJE`}^>SvV;-kEU{;r)8{@mxFAPNWKHjC&QADP;6k1NHBp+*{uT-Z ztqIUH*0)ep!S^&_ji2qEB|uF~<7;`d1R2aGVs{Cf?ge+0T3y;p&23U3w)2Hr4b4D& zDz2g)XzrTxv3+=?Pyiol4vhv_KEm6Fngc9>c8~D*ktTNYG5HA$+yrv(nx^rX9FgXZ zws`LyEK{7CDtU+~*&msYWR*Boc<8}qz?8k|vK``iBt^U*J$k1ndfgWW%bd)gP! z(~>&xY0~LhCduiNVDbaafzcPd<{3|p3gAOcdK|rh9Ml9}A|+6dH2Uc~BC`akNfp`k z`A|p|RSJ(a_Xqe=ur~=wQh29;B&AugL9SIRwOS!Rp`>u|%9dB9zW+E_-%(2Pga`Xq zcf%aS3z!thslbCfUk@`BC|t=5sd4+)qbNN#7f*nVy(*PndxhO8zjY$K&hC_$b7_xy zobs*;r&Z(w?QHmzSF8&Jx_9jx!HSO#5JLqCyP=(uo^l7S@d8dq5vx7Pc*@`Jpk+q9 z)=-|(N)B+2w0!^S@55T|&Tq}C_$QaOhdxeu)HySgj8U-mn8ztQ zYJg}Kex_6sl#2Fn$0?6J&=4fdJlOqXxFtV@mYfLDJ&j5A*A;13F9==HY>4&Ilvx$` zKr?gk(-Q)Gtl6L~16+GcKtToVUDuf4Q~G7jBq4A^GY9cgvN%O*&dusnY>J{aPFAa6 zDHXoI^OIn6kLs1r5ZG1C*%h5~5%iPGnw_=2suibD&2n_GVogyRnjN$ws}*74!JTh} zc`#I}WR@^-`!}O_FdPAVoyXV(>A|#jc+7jZE8zW?^8%{fpgHfW&{+c3ZeyAEswUom zDWU%gfyy0|c^dnmAdyf>Jh`mDSd-jQlNA zjzIqz3{~w?K?T06xldGQl`!0sXw4>WUz?Ork@qzR!Q2)pK1*2i@LF&`oqI1ZnijZ6 znw+jqfMbd2EWv9s=h)oBd>wIQTpnpsaP!(M9#F`u6!xxbT=u*^JWCM*H#8Bf&XUeh zv}W(z2zGRq64IQC(pu3hg=#n_Z znZ6l{(qv`yhL7<3$rVkc={9?$tp|6$85Yr@(Mu9Rf1tg)bsjT`cx-B3X7g@q9jj2s zi8F=y8Z<%Pg;l_p49*KP`yk9U_#{K15$GK-mGawB0#TF;eC5elTLhvHbYo;!hhy@p z?6XD*G(AQ!6g+;cnR(3D+_wgy&Fl-D&iHw58^Zd;T|xJ?2Op#iEuf8-qOc(2KWE2= zZ~V7_F<+j*ZfN&*W{x_g|qOL%cR^vEXkd(VHzu!}5AqaJGQK83kU| zE`=|+vIJmONS~j)l}``&fU zrD6+u?>$Wj+|cak_R|Sk^-YZf&}jti`Ato>L8lK>DtdqC&0t51+K|twu!B3_3iCcF zSIIo7Z~J$nm~pHXU*|ctF0a1^k$L zkzlRAEqgmhpz3!T;TV{L0NU~dH1)KZXdMFZj)mH7S3A?=zk6ze4QnOETt zwDb0|XOBv}m{y?=wbR_PVj;wv-5fiCC!7S0N7sTq7w&tWNvf#5Yu^rr+2?o5==ll+ ze^Z<8E^Bm^)_+qwyDn?Ab(-R}p;TEDoF~(ifOZ#EIWRn@va`SQg)lE#MlVV<>0tNI z;U1}s9*OY&uEsO?C_Y}D*%4Z#$(sAAeUbn*9>HJfrwLSZ1&W`_rwLFKrjlrDc6&GD8U5 z)FdW!HY-KZ!PR>#maA^9Kx^#PEQM>f6optTBD4FivB)fBXOXm5F+6A|p*xp@!y`0v zc*RynhDYBH3y;vqC8=`g&9gmGMN2Fu=MS_Ou9kx)*OEbHoLv8Yl&B0li*EoO>&VHq z=1y{_%`$lGi0bZYZ+WeF_qXDECB$p}?rP7vSG+r1@q%ax)!xKe(d==>>s%!M`yqG| zd!`6fyJf!Ozd;rci%Ph5D@VnfzK!7~H-UXud!D1>vr86JMG~t$l~M8TlSM(6Q2iCN zBo(K6UwmP*pm1LsD)EcADiV|?oVx#3SZ_V~<2bH~NebHFw1QL6Dsn4B8vH;zH>r5N zKF&=fRC|b|;OT{JN0i)Pb3I)ABHhkY|Zsjp?%V(jw*g07~r%!+RagJxVIrwL`3(lIfrR{=RXyk z_7o}XyCE<~BSErhl{dpg!eODBBB7RO?`D`-I8@w+D5+uEyBTJgG#BxuT-^%uVVbM> zQpBC@-40h6*QRO8m)l`{@$T8C?6@7qj)1%9@{}dF!&nk<8(rSTmeGB+|9y1Sb?@B{ zbHD*N(otW$cRS1(huld=-SggU?N!=}zwvTDLy2hf|863L=PpswUa;UM;^nqWrbh9h z9zGXb(xlzX;3necaDm9u{>~S}aupTKRS=b(6@-DHMR3e)oW zN@WqDWK<4z{}P@ssbIo{Sna!-d9P25jj#0(uQtA`ne+NY*!Z>#3Dm6l>*8y?XGx+p z^LwA@8ZWkyK+Q34O>B+lt0h=-N26b4jcH7Qd{^_59^be+Pmr1y^!P>9MFP~knkOKp zj;r|ln&oky(3apHXf7Z03v7ufJn=X*09nqw4M+jqyI6l%`&8$ug6DeX` z9%+n=e9Je2W{6?gyQVqXSFbFJOC;==cbeifw=`!f^?GH&1)U+#>l&!&n>Onh&(Bgi zH-p7i6LjY(jbPCY2)T=tPO#b11>A8;M0c-uaJWqz)ZXndWp)MIlpnW)`QZ(qIv^#HO-)TXP&^!~lDi64PDa9~53^DGAMa zwZP!oB|4h(cj2M6ONPQdxHqtNNss3KqtLLL$j<)jN=)E?m`;Y(u~`xl?C)F&PN`!w zj*|)ryQE%J-*)AM#r{bfbkcYOlEgi^tj{S_uv<9clNqXCge*8#mb4_7 zFjTMp?^1DZ?FjV_mV9@vg_VdijisfbYA|gd_OA3tZO2 zS9(d@lgm1HVsjZ~K!#7h9G%OQpv_}!`A|#;v=Po-sMFztxsv^h3Ot~g&=s+MYV2v1OW82@W8E|nl6o_Frg0~%x;4tD<< zo{?CTR&0v2{=Vk!JRfP3Bd{Tt&@~f>Mg0ft_+Jh)b}yo_n^u8OE^Dpqi=zpEi<~xF{-T||@HxGT@8Eh-nw+cQCg(*oIdK(w z??#BvJk>KpwnCk%+9$bWt3E9TN)t@#1}Lk7A8Rh-e$j0T6S&CyX*sYz3)X5J)&hY& zxvViIBM#~eC8n951rO=0O5@JNgI+$(C0fIifQ3RP|D64!1=q~M#p z#J4gF8jrL~A60LLJ%NiK0{hrGE8-hu;#uf4Y4zjRf>Cy(ZFpRT?_K+GNUi8Msu<(W zQv6SX@p4*Vqca43Gi<;;UO!Fo+Vw;QuTJYzuKKl0iEh029APR)Nof}ptD4P!_zJ?R zv~^zzb7EC=VlxDIRXeefHQRO>;&q~|Pc8@WuUe@umGgMnBW2u^E82rec$Ys~(=<_# zgWbP{JGUx2Hv)ZE6CnASBpDd>1W@A*{0-6!fog2OpE;UUfe$rtWq>h?6TBvr3^YYk zDuqXytc|ZB$`hpKyf@0R>qJwIU^P<@w!8 z)+C^H_Bcz?x);KRTjM+>q{%>QZ7~ss{hgl&$DL@23q)z3T-J8pWlTx0pIp(LY4ey; zGSUZkw!?x-G^8maaQoYT8YQU2K4v6m$9ghnsP!2&A4@FVMomDq?zZN?X(EnJR^qij zw&rWg3k0m)r&IGA+WkQ_f5pO! zP7tq+5!6AmS3*cjl9ZD6JuNC5{V7dTO4^(E+@)+~o&g%J^KXtLLCF#zP20hfcHoX?l61XPNknq}>OpSy% zQ>608noDVFo+Jo{%zYUjXf~SF^Z`ba5V-#JKmvXtL52{x89b04&5TpDW(ihjxuz&u zlSU7>TPaFM^D>%nt2IOEXl_9q&1MmK+Pn2;kO=GZOYs6;ZGnU|Dy|Z8-^>C;h@$WB z{31B$LHk)C;`!u?_LQ*46cVvKxU&-$zn~#ZQIWW%4+G{h)kOn0=HOAxnsgD{e;y_7 z!EWM9na29^G``LdDs{$UxW3SroqXGKtQJ>TYvO9AVm2n-Vt*ivpVrma{Y)-8`nmvX z{e0cW=q3qN>)7kwDPtUcxxn7no*b!rSG#fqsXZ-H*KYp;8U>ZcLv2J_*BbT=A)tSq zr(OxczLQq$T?=^$Y8`W6SpvJMJ-<`enAZ%&hw(lqV&P3?)Dx;w%k zWboi`U7DY-g#~bR4B%!};FBxbvvX*G>S%z7&>rkw3y;O>7>iL|(YQ2!4VBhQs<-ZK zbUyl-B0!A;^VQB76?tE?rM9l||Da!4g4b-N_0jFTihHPuSoK;-s(q;0>5g#a2>i5) zd#pLaEmP5WBVL;D=&@$uJHQGhaOry><222#+qynZBLlp5GkBalb|6d9!K37{0(pwo zU4f*t0YwVe>{$r00C7U(mL^f_7-6#Sc9sm_{?0Fh!xyw31)`4oS2Zts46yu(+%yrm zgFD{~i)7G@;9{8o-qi*&b?0=VX>i@2L59#!=QdZTBr{zNwvy*Uw1^z6q{= zPDWFI86}!RuH$Pd#|9#rdaQY0PCbW9lO8R{>yZWx!8}dMSY;ia*B!|BI=-XXR#|sm zKUz9fkW51*%@7(-F6->@=**uX6d&s(&~twtN}Y_n-_%S+oFS8rav(0wyZd9^ATNn_ zlbZ-6R_rsps|~T1Jn4rRp4XGmpN2raHxXnBUYj&r^0Ny7&#CZtwURC2>gjmQDM_d{ zGFwu&;Ukvx`dw{QCb89Z)}8n`z2I+TZLOjyoac8U%#ZJeR-oVC6$M`uU`@h zQ#MM7^o^+AgE0M}gw!jAs3JYo?&_d&K~^P`go1W+$5PO`tF`u%WZ8iWSbk;8IuC#$n7xy z;Cp7KKpAp7%v1QDnkl$g5#}=V=Vl62?r(>A5dV`iRPt|!xe@KznIdr}`#WC`o7gYm z#GWwZVE3Ky`S}vg&xsYktJ(PG6X)QyYvPc=T}^=K6XoE&&l0G)L0K2$;2p{mt=V#+ ziEwc5t^mKQ2?PD&8`9Z#HSjckept(j#8#5Hk(*X*?L zjcTS;hMA%?H0dpU1e2n8&HElg;+GjpB-pTPq8Ar4f=zW$>_Uv--fc}P zR~NZZe%#jN5wvj&<;3k^tM4DRP)6Jiw*USyi;D%pjvydn$x}MPe!)LpDN+)_&Oslo z5Erq(^Q+)ABE~8OqNE3Rz8{tX#7HGY#9)8>ucM^VuvYXgW5c7;s_4cL=QFnB7UwYU zYv(hkJ=y%MoWz_K6F2R>;4-m(8s}~)6}ETH+4|%=cRMW`idSAs*iG&0sZP7&8c@s} z#cJ2{PW!7SPWmMNwzh8aLX6WWL8SKmoo|H2yQeYU&8omBm$m8O)3%-VJ8M#)RJ0SC z(}i*#Q;=yDbFh0oJkmamk@mC-eXKbbT047!7lgpY-62SsYx_ofw2VtfZMG;RAVddIQmZ$M*1Kd`5`mD6R zS4XkF$mFc#(%8kLvPR9uD5pN;>z0^+X!Ag4G@J2|zh^}J{Ev{0ac8zV9c>k7%l7NJ zXH=?t*M1&sqR*g-juY4|?b~h6xaZmN0v=mJto8uO8TV8hunCIQrV!8guN0<}6tCSd zaK_O|HCVxY1BlnYm*9-QPUAxH8L89X408}?&_Uz~@T%5%pK+O6P)x$JgWZ3GTlh0* z;fZv-tBL!y5-TmyrieGfwsI1Q^-5~Cs8V~ZIn*M(2JRzB=T*?&EzKKe{G>Eak(!

>0=`atQwsNQf*lr$Hl|@E z?5bvl>Lb{M(Fb>a80IZdtW$(b``dpT#q?uyF%}-%l!5mx?aB3*G=n5FAumb1_NeGf z8WG8<`2C%4g&C2T(1_$!;KA;Va7*wKT7oob^L35-y`+z#WZjo!r!~={j%8Vj4zAwA zFjDva>&lTj|JYG7EH*nufIGhpmT2TNPS7t&!TeE}U?P|CP^+wO`|qO&Cf1sjjUBrr zx2bC1bad8drCzc~L__at*O<=gZ2dIBYZsT!`sT6YxU3}L_x~OOSEr^^D)OP$FP`y<{CqSpsp1}L+_$g( zO{vI7ntQ=~wU6}l@wfevG8nX#ub_hVZUxupQN1EXYjW{tb-~drf!_{h6Vcl#iqu5m zI;~Anbg)o(b#{irHCcB*jdgW6Sd>+LC5+zR`CYKnMQz1}_$}#le;np?QCCx>q5Ip{ zMsd1WD+>SEmOK-CQ)igYd6Yel%MoH9<-4~-psrhnS7#brUdl$>(X~YdXlB#wy$T?3sF_Bb}d)Iyu?26A}3L`;ax3m}5 zo%6MqpwTf(KznP6Xw{?p<^o&;MG5dwVZ5QP2{GD z;61slJ*RZKR4bjV)aOb$19zfMlU^U}-U@fB=g_HUh`ehyX!z-w1d7eC?`pPK=(H?H zz?!|remYiAf%i3M7<@HsT17s*d>9R*R!Y&YJfW#su=LTcl!|-w`QTo-55D4CtOfe< zcLUMBM=NG21@&jm@4v=YaMc$so-0)GHfY>e9g{hT&-0>LZ^1Mzxbp{v z_4(4tl3F;48was43$n_ElhEeV1w)I%2rDLSFun27RlHb?lNSB=O;;x?Wt_ZZP=jPh({&=y%DdQrMUPs78j!a-+yxnLH$exg+My^gcO3;i4b5p5CU56jh}mjz%HA_ z#WPuU=ekY^90(>GB;@ix!iB&F&)`&8g0H+biV!&PG;QvcZyZVp6gpXz&cW`sj}TyK z5CY23?XTHF0A;*FAayl?Lf|!hZkFPD&R9YU!Qb6NFjp^_`R)Q|y7(o~u_zY$zC7fS*7cLG8fi!LOm2VzSAXG{@ zmD0iPj-N=_%>A~FWStpDRhL_T#`|&ELG7FN>h@Q zg7HNn7)rr3E%?SSJ#yg`PGSTg3-8>}iG_l}oT9{Bz8NkR4tfSB?-I?g?g|wO1)ruZ zzVfX@$%INMuM#@g{hp6V*u_C2C|kF`VM_!n-MOU`1_y#?Iwa)s?QmJJ z!84eclVE;9Sg0sC@HB1imG2x%5)?W`mCnKL4}1gxOM@IxhHih$mIEl`6$5E>rcn%T zYQ(@{DH_bNX_SJ0xTT_~B%{E#DWYUZYm%0d@l_%jYRNP$`NnTOlA)AN z;$eJQdS_QB87c^O{7TT}JK>U{z-KTIFX30dGKyrV1k$w8SKc_3WT=!d-;|b;@gpC} zaLR*ZQ08ub$CeCU$}1Vt8l_P(Zfhh%WiMLNu{27CJNr;B*=YqdFtbuHzD5K?DVU}O z-}s$JE}X(i+#oFr@7&Reg@VCVT#32-&v2=5&@-4gmgp;A9YrVc5#ph%GT}g+7iJEc?1GY(JTtYu0|jf#-b%1o0anLhMJiyFD+!*vae(8 zF(HNdv4468&jZ5!0tmYNuOR-p;WM~x8{t>J7Cd|&0%=#Huk4ICejZAg1V&2R%sM!w zyd#2Xq!yJLNcBU}zOggZ2n5TL>pkD-u$F>o*V{h*nk!Z71!u&teVBInQ&7(+77utKcKdru-(*p5?~(|T zz1#l0ws*8T%)pMtF&pv5pS=BJvsJZ!*hb7B{5hb1E-apwN9^|Zo&I4_Z~rhyjq~d5 z*L3}JRfoyNu{h4I-}tjn|4K!*d)P#r4*w;ndjyJS>kzvA1EqJOq_=aJL&r(t_Uqct zk;*VnHWtU3;v0YQ_6?>KYTvMdIJ^66K;I}7uO~q0_79!D$&%i_%^(K*_61$vXl0o1 z8H?lm=Z(Mm^o>~{1%=B-ah$JQ4eFf>j0YMKy!|7ke^}PrLtGxf7=HVU+8(+pOxw!@ z7|FkJ)yEgG08i;6wh{yHzXf>%ip4#Rh~56N;tym|ZwJxAVko-(C9OxG)#1#1ERON$ z8-MfmkHsr$|FDf1LH<3Ue=aQU{X*>aPn`Z?QE&gyy<%jw{bgPMT-D(`b1ZJhSAX~Q zdF488fWl4q2@J8W1^YY)iTgWvn|GmUqFfIPvd%<;=va23Byv{_emQtEB~;N8$cWyBtgF*)Lo1 z158uEW!8mJl0>imR`e|7=sC^5Hk8 zZer7JVt=uTxdde-YDGfrVE1)0|MD5SVlkF*4atvCylN$#P{M#qlmGH_67^$SyaHjf zE*P^;5)dR_85iuQ4vgJRK7k^nC6ILy;0JhAIZL<-yrT*xDVcJWys2~{bo`Nsn-8}f zA|s4DQgN|`ze7d{kEC@N<#4g+@|$jABT>l_DhIn?ArhEbtgwA+i*uL(h|Rbd!BPNo zXQ2QlYjH2hge<^kq?PhSwpz%XVhp0C!%? zFD`+XGqTl8?o>hENc-YaXnDODV55>?j6!@zm{Ob^Q8LM z?zl#sci9OqYyrTOhZKNs5dqME(iFrmXILoYOG^tLgvSx2DfABxv^bxs*9*)lgc8Z9 zL=JYp>K$Bnqd^{N%{PAM3RXPbEa2t9V-oV(KV3W(!{NhJ={sfM`TDmBQ+22`MP2^A z!x|67!;x8v{i7dS!>MFdDhIn?^ASED#?rcP{N5eU`EV8?*xt9P1i77zMp-bGb6isS zYhb*i)3}&Qjh25YH=kMXM&?rFJ}P4nWqHvT z0Rf?G)<-4eHD+4WvM(+bYHm?!aQ)sl5&W~Wyx=ok~Dn*rDY>z z^5QklYS24AhP8Po8pTVGCneeM5VEz(d@1jQj73`ZC$7fMS8TDB-8v?#|BgB-sudPW zPGM+*B>M?TmYOSC8c1hp>9<@nRkxf1Lel@FY|K|2b?_ByIkWgAmS^FMT~MPyNg0cL z@}sg@Kl2Qvl-dj$KD>MEe@etIHJE~1t`R^zefedn+HChi4*WOnL%_=u{+A^BPudLU zzQar|hqfEY7AWdp)M0>(&pT_c_=dUjl09q=R6Dc8Qc{js;oGzRZ|M!F*K-cPfc-Bh zCEw=)jJ?xxY|8-q2=ShRX=qu=PYHU`G9Z#9iU*I2bWR?i$*ynwmfy=WQh=Eg>= zv)VTpft6l&9keu8Diyo!Cj4A%wFg!&`l@-+JZ6M^KK2y40B!i#M<<8<-sEztGr0j> z;J-opjZL%HVGaF+{N5k*T8#nw2LD^%GX7`3JM1;A^NlsL*EdcWV@E&XeQ>^M36`|F z9a88&2WD^88o*D_Jtt{yuC>~hF?RgwkPK`thTaEd&|H#<0IeTQ_d}XB;Z|h|e?9Kq!|GpsD=C>T-~6UX!*;Lmpe9<&+-5IN|Eb#Um^O4 z;gKQ1($5|Fk7u8!_-S-IE0fY{O_abzn1fa)o@q3!&LBFtG&&P=EH zzp;e)&OWK+bkc|?lCi18bSya)H`pay)5-rZVo#&;u+Oj$at2K?n^wDRu4~Idv6Yno zI-)Oz{qO%FpN|=Ja9){O(P+0|%=;E|ci{6@n6(BUceXn;hMlI><4!KKVK(5Oc~NxS zIBoU%pteRL8Ux)NV?`qJVdUs1j4c4Kn_EVw%blh|*}BxQz>~H*Mx(pF(QcWY2Kc1b zU=7F&oEoAAZvdmwT^^WF+yuY|d|OeA8RmdHHujN+jyE?qqb6@HKXQzno18B}uu>~b z@D>APsnfRleWPc6df4iLTVLKXKpCL8xeU#0o0|sMUvsr*36~Eo*zC1HMOMd+es^U6 zZqx!Q%@*^Y%fkVba=3-9gHEdjfL~_Eh-7L;sTMJ^nOdnf4m4Prv9eS*&Sa|9Ou1ev zu%r!yd*ytIg^2L2Xk^M~jZ>v^e%!EtS5S?0X`{#54~=XwK3dHvkg8c0X#n#f?0bL1 zYP42b4d_>Ab!e_y#wr9YJPr=lzvt8H}#=A~nt z^ATavMFb{HcSH^eK8m)j&gx)o?5Od)5i`cbuSUb{F!@*pp;+G-Y(3?H?C*$(L-M7S#>@}#OZ2ri^d&qJ@I_am;X3B=@gK2z^`M z-5;}WOY)ifoodP>_dC;+NAB05DUZl|U+!LJU(U)$^lG;o&Lh{gYj=OfzL)}4kfUXa zM?Y5|#mS>zsE-ol(J$3UQ{>UF)JIA3=-29_6nXR;{>YNgxkOVOwA;J*7$_6;H< zL6yD|^6pLcZ783)-vy*Ra=-0IdE|bTkMfATw&d;|_GL>xa$otTJR(cf%6;TYTRxQoyV90VzaS_hcnV1)`itT@!jt$M@!Vmq z4CG@u$}94%sBd$h*~h2KTh9O8G5gc}@cG|HuRGZ6_L}{tHRGe7kojLcm5RIOf2pbD z^t1Wjhw*tf|9dw7d$04qiKp{nqrk?{U}nf_FcvXmWQ(Bu8AbsFpg#~j8CdJ<&>|SJ zVS_av>=(;qcY0RaL<)U|=B3Sb%UCv9+8cfrQ`av1)aiC6WWhCa0AG9SX1l!wr8>`v z8EL1{9d-s5RKteo)gh}MXj;4(CU1*UT(k-*Xm&dT_N9O1Gn;E>5Nq?q&yiyVlx>9(iiM@9DU{_vrbK9Mo$Z}1pWy=HQHvs z-|m`>H1djfW7Ap&QQ+y-l~$)|v56$d?*Mmkj4Q5LRoV8uHgvbbk z@b~&KK&64w(F;ri8r@!x`*o-VdeCSwts3^Z2zG~qiSEh-(4ScDUScgMN&}+m_c#-) zweBX9(FPdu?t1GpimHtp&|2p8`xbBv6{K~crD_OgV2$_arS&#cv{g|q zcfHHxx5u^(fF$xxF;l>dWrGm_y`F%k1K&UltmcWxirEI^BJ5oo>TFqU2wgV1Ai|7i zV^)6y#JmSGE*>3a^@nX!2MFOZ6=1l_=5$ z>)C>?a#9z~_7D^T8whe@T~b=uTH*GO((*&EvD}^s|V(g*Uz@4fL&;@ zm0wP|3Vd2$X0`_;VJHUXh0_bnO!YYo6tZbKEi{ca@URv$H><0x6>aOHB?N{y-n`gt zfxzNZcnH>w`5@rGG_F$1n5jGwk@hB{h9{}W^FWXrVRIn8ixFYvBWRG=7vUxywPj6& zZ(IdzeFXos(FO;*G3Ebc>T^oO-U0zZ;z)XN&D)L>+y;8pf+aLVftX zGiWtfSmPK#78BTW4KNTe>YY{Mg}Dog9zik?l^rwIK?_=^nc_8-t~XnP9t?YbFs|AK z7LTbIB*s5bRfk(Fr;50)3b5q8E=;pv4kQF#@h^shPaHGA{toKkREsdEnND-D+iwYH z>Q8LY8~W1X9~mZb9y_`eb?TcsCN;gOm|?D9EUw}ag0#vGCV9*-A@DpYH*PJi^}s#6 zIJ9~#%fFFK^qajFm=jiNYtiiWrMB3dwARdvEoddTwIBr`+HJ9)is_-C(-*AW;Bn;z zh$cWD@}k#$+HI(>yRyQ&jnek~3D$C_6Dh&yGDuJ#c_*g2jGqj-(PM!OYqem=U~9v2 z)iVZtgyDn;0RCC-cEM4CI~A>tMx#eXVXl`P76p()5nBYlk1%m?a z0hD-4c#kn*Qbpte2DaN9u)ie}g!>I41-=V}=pus&RI}UQn$!;hg6LSRq;RMp6?yw_ z!*m1}EY`}fE!b@~ED?yW_PWCj8Ip^ji&>tPVTZH9__UDfsF7(8pt9995s!!u2L9tp z81HpqslA zHp$vzQ5v)NOgF`B2U@*ulTrfjV7> zGI&#%9jrs!K3)^#>RbTLUS+2vUtuHh4$Yb=DZoOu)s z5Fb(#_0skztgtZ#j-qja69m2wSrj7Xsd7@M2t343&+%ZFC7=4N)2$8?Tk#2nrK~Cz z+*j_{e3DJT*@V(INpk!lX0V$jsM%)b7zCG>;5p1ESOkQ&h8Zg;BGi_fBbZcl8!gkB zrc0~lv|xCDJg(Q z!NOLU)PUl&CzuDZxhLGCZMtOck4334=W(hP^@#_(bGGjhmX}E=>-|7R6OPdxV|hgr z{L$8DtmaW^eH}k1>A=9QpXO6MVDG26V|~TVU2b}KUs-AJ2&}k>HL)?PP-91Q#ctpk z=8A?)PK^a1FyFdhu?gHb_SlYq`p{&UF|-C-jw!Qa7jE{P09gqsl^)nW{urnvYwU*n zf#hMh!n?W=HEd(fXP4ak!1Ssorfg7x&DI+*27RTz%E}7x$gZu+zm8BBuLA1}uL?E# z7*7!i$!$3a6A{jFGJ~}qOh7?$tX_|0Bv$Nr-d6i&7slTX(xiJ3vHn`sC_uPhb+@k%=vG%bFFamvO40p8c4G2I1+G{nK zTJU^Bzronc_UD=nV5AJ4dA@>wSaY#+No>$F0S-SoOzDFyjKci=yo}GzALXV198MsDHrMVBo3h1RJ&rrWa3W&Uif|)#BGT@5RwK@IpP8wMou1&|CfW4N zu=~#QK=wLJuiG8iVk%<1<#rc_3jXW}FNaSdaH*<|6^~`dZ4y!%#<^ePj#y3zm_%*1 z#N3<>hNow&DR#F+*sJZB$ZAX~L&`miJ)kfFZ8alkCB$gUFn~{SSG(P&!E6l+JGxOY z&nz)0G)SlgH9F%4_*9S*Hk;=4*a=8WURP78v&Q`Xk=tPq>&FjlY(aeJM4ET$D) zE-(}Z$!NFboYGE|s$`lLC|6II&t-nI*U?{W3BR*@nR&tif`C!{H}yB zc0y_Ld1v!|8aniSUvr!W zI0X1=_Kh>$9+=U^d@+ht)-7FPj7K)hR>NdD%zEpBsl+YJuZXm?GQU#hOmZr+9u+m% zZDfX-<%*h4=E82I41HMSGvH>HHHc4LHrH5h_!QZOiG(blw1I9MLo*oRKXeA?*}z1O z8AU8VSFbM`YZhDB=`+6y8V1G#I0Z(*GS_W9C^g@I&n=t8+q{-ZS=I-0-N2$zR#xXx z2dzQ-J($SR%tU{<{3@vWQ?bCxakHmFPdMkndoW=>#LVGft=oGlq%K%nd~eIs=_Evv zt1zv8D#VEBJq?1xUi&ExrJ_?$-Iv1rWpIAI+vHO?B+tV0L$?!VBp3Sczk#-qUSR2< zvVul-v@t#==_DS)3t4Y3AVB1G|TEypfJYR^F5~ zOSvd7%K8~U`7lHXWiUIM=s2TeuM5gqqs-s&F2b*3_N-*EmE{s+jO~!%%biZvz_{2l z6%MZqdz=DK*^osue>=}PbO>dWy$+T@yN^!eMMgvr?aO5oF-^DE&P1LNhMdh)#S(*^ zceZ%O(!$1>)v@F=+{N@`}^r8OAPX!v_1pUj|)7YbZlC%0?G!lc25LC z7r4H_q_HJ_VM%^AW#+jK>jj)48XMuG`q!<9ZS(?vT@sPpP`wqYD zr5+lOAD*`^10lbTM*gtVKMz%Z$rUx(Ye*oHo1Dc$KykZ4pW9ZJ=L2gE^2$cVSwvcH zt*%-8(DEm7z4Tfm@JLmCxuNnkqVs&t#BI?&^E zE&^??j$)mPCEJD~DWWdCNKs_Er0y@X*Ksz?0d%3$ccwE+Vl!%|F$ynb78d8hfy&|g z`1w`@SKt_k?Jg2Pxnu=)?tIG_Yqx-5>szhn`PR7cne(lqNU&O{)vG0bD-T~nGgjN( zYROHH?&*2_)4&T$1OIEnRWvv)=pgt@I;@A$8c6 zHtm)+yTj$ScUm=iOP#P~BvP7|+AfIiPr+NGgr{Scv~3Ds2KuKgW7*5wO17~NG>%vax!5;vVx$!Nq5DFz#gi9Bq!l4s%AMxKdA zmu(wusX9dEb!R*Z6*Dw&h#yrEr2}sE`G)APeoSak*VqZ1JF@z^BQqMnRt0OTJVu zlNNGmcGK)AdrgO(3!Uy}2YZRxE8x~7+aM!0!6=(l?S*n+pr6EzAR5LbM$c@1#Ye*4 z8P4}=ccC`6Y}M+B&FFH|gp;@u>#`lI@60IVk)8p`$Fai(ax0dy&MHhkUuEVqj%AB) zv&YqT+)KwBsVo7vn#U)dZ`ksDVX<1sW$J~z*efIXRO9)mA~u9=H-TRTD=)(Qx;yN1 z>$xS?NqT+0tOM2J!j35)%Z;=m8PsReXI)}@q@nTVa(6gzc7nmIWWi(`jtTBwt3B-{UBmi3+-Ty9oMvs zB~eYBzT=?`XU_yQ_qexd&oj+AKI!v7PO^h!pt8aE4on@(l=J_)Qaw7FBpfm55}#WV zRPAW7JtU1bU%Hc=+wj zrN69ul`8TdzDTpqCeo}5w&2;7S#XvqH^t77R?{;1p%7u$c$S1s-Z_vh5Jp8Ukxxgv z8$PlaEQ80Hs3@D)-Gg%?QmKL;!JLW6#@b0jCbuAWeR=k=f?^?Sl#(J5J4#7s=fx}@!8*CdNTWV?jDn-bxEPf&&(Fz$}3@*UBP?U@1Aq5HMDB0K~WReOA{;?8-9i(&cf-2FNP~m5m*l2#zbY5c2=*<$jZNCAj~L3qrlzG^$r0Ju=`3YLe z87H z2f)-r94uGkER`EMzIRz}z{WGuJSvYc_spF7ig1DQ5GEA2`g~6(5&>AJ$(AoS%*F+_ zj)jY1-QFsmXJ)jb{NO=fvImD-npbwnTOOPde8xyb9##+sa^)OoQciwAgO@?f*X{n4 z29C@s=Z6GTMC$BbZ{Z0!E1r)b11N5ld8!!*vZW9%C5nayx}$C^mIb1t6X z431*2BV2?R*s1@{>b%J{Mcw))_#_jl@_?Ew0nNc=nYL;>1FP1Zg&zYeCw04uh|?|3 zZ$-WrUJ*=w3LyI*?oPp&B z1~`o$mf;#VSPF=pQ)5}B zaY-D5^$0uT72(qevoml`=*zM$SwXUu#aCiVf^yY-xoGkql!PGO~4 z*t;@N&QA56BPb%@;gAsbk?@JSv=%a&x0<-X&n{#bGyD7`28%0>YCFY6;REc|vbDle zKu@h(A)_O8%TM0zhy0oqyxKx(0Pj3niS`g;8O!!nIJxFNK}^jy+9o@b3q9+r{defe zi38WQ7QeX!Mno>e@(%H|y(ypaaZ;W}(e$!^9MzWO<+)#5fgG;~-l?d`FprA^J9rTY zOC(QiEC9axF zrqZR(Kw3;Tt8K9WvNo_bPDEl6`+!-Ao!?@DdD7$$CN&kv+_t-lBK!HNRU(q{?mFhX zOn{$K6_{6dSCZ$yzn5xUl3Df&q_PJKrqG}{;w+juuroLOiU+RtcGZF!izpint1aG; zLYGT;dWUaC5Em%`8e<4+uxZJM93zNkLmq#Yrw8pVdjPHG2_z*eq57pRg;y; zbTT_z%ZZFTdu4b(ddkHk;wY=1`b*Q9aWxD07ITi$+PiUBo*t7X4nhu9h&m1qr;q8w z%kkjw3i)1YIjly$mpa~yN(R?MV|8(;RW1m#Q`1b9?71e+H=vLapPfxj#1j)!@p@wF zSZWsjcW#{QfaQreA)xF)IXibICUxsbs9|=x9d;Ijt;vW}W%jNnR&!lBi%squ+nnMz zDb=f!m)6^2@90Eg@?(hMUeLy|e%YrgBj+M=f@!jtb*Y|{dBl!fzK~Z#C{wA5eb)!u zoGkwATi_k#gr9HfVh4A9SQ4F`ojvD}%GkSSmDP8CI>f2hDP0iPj`5viY=MB!-Itwp z{iX#oDaOTiV<=DCxeoO@wB%W8iyaGOWiRp>c%)o86QTKSHZIa`w5(`UZIAc>WOA;u zRCWIjA1H2A*@b*|>OySelA|rA1O_y&=RfE3~E<=|1jQTN$!csB2=xs{tRANX6~W^KIE`XpAK%i-S%v&V}eiTC#)C?MQVtDb=G^B-I|owu?R;E z)6FdOb~-6;wuB#RVp8ks!a$kG^O{`qc>bH{fj4>*VnE_<*(Q0u%(-=e9!%%6DtiGP z_q&fZcpg=*-O4EqOER^YB=O_DGPByZXNc?+gEF@EiZ+a?$&LMdv9<313a zDY)lhlWeAjlE2tyr$&5cG1BS{#QuS%vZ|w8!yy7mOf88#z#3n?5?c)9<$zAc!mU-} zNQpCRYXb`#-PNACvBs}405)-ciY4Pu56w23LFcLiQRXQ22v4-wb0*mz<`SCBCCW<_ z<%E)7-)XTu3HG^jUiQ=~RYS?%fFttbKoutcB=t^!2C-JU-(5%Vw+^E`3h zPQ;0sm-#I-F>mKD%(`Xf%DMm`Ma%BqVsu+1P?eXJD_5>umv5nf5Ij{pxH;S1UW*M< z9NRWu zsS%4@V;ssY!S>42q8zPzIoZ)r2)a0Xc~o0)MhLEr5kU+_*R;(lPbzgsFepfO-~Qr8 zFa3*k#q1S=8=(X$MT{dAk)y6G`82AbZZU}#e=H0ij;@LbO+hF0!gV~|ScMennI_tn zrE&`@8Qug~X^t9gd2_n+?hCq?ctCI{E?39zG#CD%4o1VL-5`w15IO4pF zFc=E(3w@4AsR;1W4i3x$Xj`weZ2&f0%Y3mmH_n8EYi5K>=_~uzI9+wb!xq4-ZOrDg zcmJYCU+Z~pr^<$)MK@g0bS6sKT4I=ZC$TpSUpOY%Ki4RQvC%ZTS(@h-YS2C5fzM*s z25lDKq8)E2g{%}OKJu*jnTJ5TXDEGP7K?x5lCintJ;yJnN#rgfyf8B_7;n#xiQG?g zEMFl+nGjeMp1XOLsNmRa)WTBV-`i%1>MlFd_(e@ zg6+^7`A$RmxL6gkUaodDY=4Dqn#tM&sbl-EI#u>cnTCuphrl5Sc7&EI)!lu==T^T#}SvenO$G?|U;#W_SIQ_iVEZo#yqVDIHoJ)z_s%Ch(f zv^p0*YCWZBjJWH(_g?TY&tdYsC(V0i(mRcaY2_017Bt0_TfViWm#_>%>^48+5QXGS zqvztTItNkywJcP+0Tknr;o1ccr z&_5dwRxlrj8Sevqj7~vR-6;^*V@YHZlj=G*E125*v4l^EKzfOR6$l_s1%d?q--arS#hXc{bnhyW#(nG6TqNY~=UDw2T%g?FH;O)%Yhm- zLZZ5}Z#gdZ1%}&ag$1YqP$IPd#@M$Y7zZLFH$w1T1 zG{-B2qYM(bWidtBiZ%sqB0G|+{Ub>c7!2vdVo`)LL2<~D+_Y7|CYZ#6-63M(K}10K zX1#H>xXr-tT$v%@O;$=$)>c|<%4~8txAk>gQeigsoS>@muLMQpAwMJ5b8Y~fM^T7w z?kFRqcyf=UBN@AbcS$YcgBmNaHI0RYszdQ9-MEQi{um_urB;ubtt zJ|XM08Heq92fe1g`iBUR4^(`XF~odQeg0A8eZ`ivG&TMieCB1CA-3$M`}Bn3+T7>p zI85Ye{}X=F|7>qKBzHb>`e}mm-KSlRPkrF!?0yfMdllh#)@GL6b)WQ^kHy~`75u&N zpPs*KRFq??RE6OSc+i`pokO!pMPsKGeL+UhmsxrVN&(jv#pL0k)E~i8QxncIQtnY~ zN4$5GZcNbs-@d|@_Nm}W9$`>;m|sOU;OZtrmobIOvyp#dkMYI!hBEs4M>wbd0fa>9 zIQ>u)VYL*v-%Y z`FgK~_=T|{1D;Ch*b1d)6uy6%=6e`*8t2zLjYkdn=-)BqhH7v=q>r9Uw6}Y7qy6a7 zC)3zR=7A+QJ#J%>N52m$PTpk#BWa6bLvIl8`7TPtJS9Pm(09#`v8Lj_{Z{$q=^Kn! zpkG=?=cmUZXgQmE-7bc~6wj2ODO3YLCfFv>GJ^71L{}mi z23B6oi8K^9N;fzT>1QjuPseW%*x@W1Ai6k`U2=)I%DTB}A>aoByLD*`J7vgk%Ec>M zXlE|Mmjq#U83P@tt~NEwWzvWdn?Z49an12+Xf`XA%_ArZ90KoqTx(2al8x(?fww=x z>3l~eftnb> z+)iN$hEcnljyjkTlt-N}=!;G`j_H%m6fVb|EE+`bJA%#8%BQ0dEJFKgG8*1uKUA?< zt+7a^xzkwt^IyZ(kAGQj=-KWx?4Kw?hwlC5j~OM8Rcg%mDox;O(k<1S<-aZsj#ZnJ5LPL=aoq;3E-ac`t+g1BIBmDZB&P znYmD~FIOsWx3zo68I~lj90fz8pQeA`Y(H)oY=2c-8xB1Dx?$>sN)PxNyx~H-_Z)PI zh?+U$mFWgsYU4I~<|f>L`*TQObyk7~_RF>fV1RS^@4?zQ9!KkN(`;~V7`=Rz-tcV` zKPh0NN;Ou-LxcTALu2p~%CHGqyTP1rWkX=jy*cDQ1^fi_)G;F*TWE*vA^d-g*+BTA zJSh+MQ0ah!#(z>iHIHgx@qCJ|;C}}dhNJhp7Lds0!{h9P)Mi|P{NjoPz@$+d$_6@Q zTnW=fB5v`bHiYh(fo{0X-oyi&N>H$i(&=a7jFnv4>nIwNYBnh=WbHY+sBQYAgeoti z?A=AHTJjPnPahWV6mUvieH}*`CR)vkg9|KP1X{09NtR|zA}N`wL(KDK^k4@sLzb{` zLf;Y=Yn&Kl70L?2m+bYYa(Ud-Z}92m(+qse&A-;H$J~iGoQTs`J?+7pH*dDF4J6WTo9Zb!JoC73cBUE6Iif(n_eLc6*EZpm`(Rs&nOWQ4 z;9J4AKgMHOY;!yMkH;{07SP15NHn3&4vqco3yI!U_-`3QC+dvbfpq3J{LQMG76x z=u(Q|GPc(omx-&U;VB#8^@eU0&7&UN>>-*pp{I8DUkycAA+e6JUd(O?5z zACu-UEkB-r(iz&m$;JgXk@wG{?li+##FrqK;`bL>6xnUu{**q#pFcFPlmPm3dl6=4<^_Rk=z>rTA*sk~6iG-Ju<84CgQV-N4c4GH z>p6x)fL)2a$F4%LWeE=>{!R2QL`dlo==}LskauClb`ZgQ7>>`7Du0K)9MXRt9t3Mh zs$q)@6APdN9mDIuA_u0X9Ve-qf(EJFg=}AQxcm~PRe=3?mcHl1sEW=-@-ddR`BZVIFRcC*~+PdZ_ZCo zcqSHleu!U8+HZ3<0#g)Ibh*Buzo?%@`4!q&GB^OYf)fi!IEoW8Mj2EBibRm1z~WoVgKm-G(hvrdNH9s3ok({o*!`$X7^$^aaO+%O+drB&*C-X+-oe)%T&buq=|z%a%9fmsSyEtZiCORSlFPU8M2;c(%qb;DnL z)%+b}9LK}e<+jP;ki_u9B|<>|?l3Z|ge5p6Tqy@4EE8?`(fLP)wJ@(7?zvcqh=ZLA zeVL0CK`iynw^%3|)%vwOl4!xVAxr4s8&FCU#AWm9GK>8Z?s#L+Xwm_Jml{{g z`XcUpTZ=>U@c~CXc^=%vJXyapYG^0O`xEp#D61Cd|j zoAX0i^`VH%^7EXC(DE~y+J_w>-%hh0CigE`?CZ;4&tg~Yvos5nc*z4 zt5aNn=*!4Hp8JO@6Z=0#-GzMc>e*RgsNy^LR|z5W6;KfQMgb$ zpn3l+d@nBFnxwViQs)ni?yf3=zrg3?Wlo;xevljgc_dVn-}U5SdM_zr?o$*<&vzCD z&%*qNX|#w@rk@zaXO!uES{8T>?zGWgA{6vORiuAEDrWh1_CLKo`No&JH91Ez&T`Jt z;%uUi%M>4KHI|9qy@3zl%6`$_bqhv%9w$qj7>IWBNf2m~$3O2~MV94mTB^KUdn(=S z#CVSWw}p)IYjcAA5@zv!_Nz3D%dl?Gv%K>6d5_{2f3bTMcYo)daFi{Un1f%Fbw_W6 z-bdUBgR*}}4<%{QP}&X~A~qzUD5sdJy&J4Qx@!IA4p3VQHpta%d=+u6^U4ud^g#^p z(f99iV_R|y&=l^ZdVU4^O?R>GIruf%5q=Hgcd(>2K*)Pv7At9PIazxPHuySDdhr4t zxcbLe8w5_M+(xQ7&2oU>4@m3vzPp(w0A1a!5MLK zfQ0K$Gs;Y%$~6XF9F`<%b7^4L%jp^B-Ow~BvytH$)nsrMSnhT>v}q1fWq7_+czYL% z&OESJ_8r%{TTBFCI!fQhjtMH3A71J>3A1J%wPHmtbl{r2Vt5E%Tg*^%^iY6jc{Ff2 zrm*DwDMRv_Jj`G(xQeD3mSybfZd5+6G-09kbA}kfVuWKvT(#v`Efzm~6%G5?#x){o zhPFtMUnKrJ*jR#l!Kogupd-yE%%Wma4&SV{fCCtgNl&lvD9>Ia*?R z%>vUPibHRUQBf(I+b#eDBf}jNwtFA_!}UXO_h@l%c<*kDB_YzoL!V- zqW1`;okd5M0vUS6OO;NUKK4u9ivdL-R4)R|lWjyN3(GT9hsc zV;kc5u&RXW2Dft!-~qi?15_YcZ<6{-xyw}Fo!hC>-LmylG%6@?xwzJzA4Ceg2z_FHh%$B55K zILHO;i?HChAQ)!(hLo?ZJDRvksW%Z47GbbYQW%g7+n*EmPpCJXDIF!47n zx4!iE3TA|oPJs>J`ykj+rH~^tXZ(<=vH2u;i73QV777a4m+GmX!85sPY#wRE&N2vOj2 zc!)$xQJea(#tIxD8ew7epv#iS=!}F^Zmuk_9I#(6c{_zY~d|F`vpdbgR;GgOG-?fE+9nP~L_oJ|tKRHdmB1IzY~DCVdA zb9%Ev)5f-xT8)1iB9^X%C(aHDr`}LfGeB^LAUG$f&ez}!c>CuyNNKwNx!2ZSiShL0 z`M3KhY~aqgn5N66br@R0sWYi1CyLMvIATrXp6 z{ebJt5`>p2U5As9h-z)X)-s%J~fxzUL7M_zn<*?$`Uj6>j#`FE6|OnaX5Lm_})Lf7pU}qB1_Tm z-EzR%Ox^pj<{wNa3!_YuPrgNep_1WUE%{s*@02y!BC1}mcnhZuUvq`y8I7_vy(st8k|i`)ryo;l|BAMQ;>V@Mn(RkY%}>#FCfqIRyRu zCRzdyA^&uZ^EoAd_w#a!EX&HQ!!F-1o8VA>^(->Ex_b)I#WcHK zyelWarp%BE;_bmGCRsYZx*g4B@*h9Bcv69!cK0nT(^&faUNI6m9>s8{!g>t?@Q4_v zXok$v=>&0msJ=$1u+xKgc{>P=OHPKq7j&mEw~=lTYq{FLWXz`8tA*4IuA)r*rlu_o zGf7bbG78pFm4~$LYU6ltx?A(1aN(~}_@~kEGdDVFhWX!>CfUy2Tx3bQ>8LH(06##$ zzl3eJZquww({!c$wt*>aEtV`CT}SXGBgB&5dmC87gbcv%wxL}+q!sv>hP=D-FaNoI zFwz9(p2g!y-o`(EhCVhnHa>s+IKY3u`1}d|yYZ0!#-Gj4A8iJk4s;zXsktMheo zdU3RW$k?rjQOz##9(nel9STkW;Vscwy5T(j2MWr{3;%| zp%pYQ!BEXeau*7Pll(rN${f^mg$m8!J4{lBP9C;5prti@q#<86)}K<)6v|g|mZ_Fa zMO%Vn8)GzEH*(XmJpe7fmp0N%@?(ZH4FgJlY^XO``3&B~A0ugRZnU5^lj|GEVQB*O0OG1A zL1XVcI67|x&-Tub&YRH2>!XXWPhVXGulLT*_D(L24$m?4Z2$D+;OOG$^aTET9_*cb zAAEasa?lK-Sb&wO_#4%#KssXR%V(B<%m562v%@?wKKlWNoFvE{<0u=&R7Q>*+RzHs z+Yo1rRpY-DUWn@nl#W6SDP57Pm~aLa8d+Fjgu&k7YSj*CK-=7%xmE>7SX*US z2y4HLhUrZc3l>uO5USZocPlb@@y&~FP__mD*OSJed>MH+B!GW>i{q6kK$bFJ#u#IR z1q!J6X>LnPaamce&T9)IQnzdT`roHxkQUM3kq@JM@^>u#@pp^gYvcROMxZEE6TTTz z*whT}$fl+tm5`;Wa9u-+a5rsG1e1*|m5Vf1bcmDOMYbCv?xT!Khf*k6q$5&|i@Mlq z*%ZK=P%b`viOXa93wwC!21>z3{>tF!H@(yW77LM7F0j2!Oo6pv5K$N{T->pA#rufE z@_^?vU}2G#M|6LuIAM%$!ayjBopu*}sr1a$%Ayum=L`E}1;OeJ9Ge?sl=Xy)K!y|- z-3@K9cgW#hm*{1s+L#D8OW*@i;}eF(k$GFD!#I` z-yX)7om~(fnTbB+veY(IK9;(ZT%QL%pn9Sh()CT~N+olROkxZio)CM)k=ek6@3`J_ zLwKN}%q6j%xRkrr+7XH!wiVD{YjLy{?1>pDZw6<~%BF#@q34E^| z!d_g|S=9@r7vWPSs4D5eB8vh=q0I&ir+bZ+-%LBi%46IYWZL4YDO64TavF2_kuccD z?RpIB2j5{`3X_*Y+tswhOBB3?)#V7#UNojMk6o%LZz{6j_f**|;5wbbFnWhbjiwp< z){L8yvR=Sh$Usy}E6XR2nn!&YV51FZ=w-vM)C`UvIM#AY6}1pe+O0?z%Y}VT)kvt) zD4EWv(l(XFwNsUnG+v!q(|}Z~Zd)s$wPf-St}qU6#|*TyTaspb!74nlDkl*h_L4gS zS`$}Mr!l+1l6BBd*fIv|d?aDHq$5cUPGT`pqfX`{Er`yjyVx}_tvWKlMwSSJRjQ!9 zip}YrXf?Zl3hvTGngOL*s@=fjr;%e$jvcy`wMRWG!eV<;q7tV;-I@2-U@`zdj@J@-<=QZ+_rVA zA)s;@_ddLPZs%5AgNRGJ@nrVFbTP(ep$v?;rnlJ?6RoLP zVP=$ZXxwBbQcX|da?&s<+m4m1D9chh-!1#whCp<(hO#S6aV z<=ub#oBX!*({{&vxMF#Ns>++G8t;>6wl-_d)njygpq-GV2IM-F&oCCyyn=}*EI}tG z!EPLPuW4$Rs6H1eeVY3p*Tk~=*f-z3U_}d*Dl`+cWiTga7yBUo_M>lcT5392`&H4Fo9rDVVWox+LxQ!Hj5(zLp`N5+(v zPT84-iNA|O9@mQ(;kYyzZv{?{PM@Eb=bL6SF>1N|gc}uyvFyF5T0)*9uN%f_+9epH z!k;5*8EcQY4{;xpEr*UH#i~A67Q11eU$OT_QAZMPXZPa2{f$OlY-?))8~oHzE`7($ zW*g*@J*inDvTlbeAE%U)ErJkRdi}h1Swte-#C%(s6^k&pP5OB+MUsuN29wQNzk-%k zOZXVFOdj^5q2#_q=AuVObz87uijxVlG}T%Z-~T}~<=41aw9}r^G=x=X@UCkb7j@0psE8p|;g-$DMqpzujgxm#HX&67jwE{^UFa|fUyi~y;V1^(O;c_Z633DD z`!Q9qWwVgGo8vjp1Cac=G`*ILevbdZhUpCB>X|4MTU?!#O;Z9$20iGA4Gh1br5n-} zlnyd@(M63&@!P~NZyiKDF?-uF?L4O;c5E40{(HTR8PQ@vpnwn|qORHOQ_J3WQQ+wu z{HD6o!woCV$&O*>7|Ggbav|bDNV)jRl0&qj%=2tQbym$~)UJRmH&w{OBk%|teGQT+ z%Gz*+JYr2`js880(B5D%2c*u{bUesHPE=1R*AYz!&L|gz@6s3z-ARPT6HI>1A_EJc ztX^Hsm0pxliJKZqy}n2T-u$+{yfDex;rT_d_wp!jT7#iA5)jvK^MhuOY^}IM%KyrY z=0%uq6S{QOw*z4>(O+ABWvv9F5T|nH~L8@07l$0H+mN3=@hh;lMn^I zeAVI+>4+SP$?>L8R2RuYP&;bRV$ft&nWP$BfYo+G5ogW8Y+=Lk(b&n2wm>{ePc-P`{5_fAeuFHq=m&#ED^E2wv^qQy-R*a&)*=*pt!%A%R9 zOk~&9Ob$)9?YS?t8kjslVHo;q|IJJIucaDf;E$WCqz2_2SBzwwx(pl=kq# zC$5l!Hp5OA{z0dVQ6vaw0?0+6IepWrZp!Y808^Lqf-z}1R$*OJcstk$khz=EnQ3lL zpLQ|?bP@HQI@PTyS67(AI3>5DJZqN|g*AyW(O>c?5FZF1*CImmWoj;Fw=yH<_pvabY-&a}wl3KP8w-^D4FQ8p6NwDkhd6ER%5Hpo|!lWRep z$aI|X0gC4e`!*(SSEN(e1HiT9gNwpE1~nI5XgAcHcaRE<2SIp@K>C-iq_}mr*cgG= zj}So-wrTLD9JwH?jKVk}g6v9}>tWBG6ZRau7y27EpkeG=H=ju-3b`yjr^EU-5J^ySpcx2u)Y>Rtm+FX~5@5>8 zZw1(c-|{xSe+;i*K-<7pyZFp@r}VM4t1C5hB*RK<>2RPobQC5LTCpZqD2tW*_fmnk zSXd#W!hz&NScNWXMSA#8QHdfx7h_SZs;<=UvQVZUv76QJ}uJf5Y<8;KV4%uBtwv_C@g};iW&|@ zCK!iA<}}2n;#I!;^hrhI_>hQWSko*w)!$JK#Yg~H5M@$jf&oMD}HR!0yp5y|CRWeq10?7LJ}xu@L(?=*BOep?u_vMmWOF zfm1o#d!bp0FL9T%!VN@m7Fn05QF6-k(D|ge4Gl1GJrIZt)`Z#lm#NnJ!)boy!hQ~% z7e_JSdmek#J4m}Zk3Hm&3bQ0`i?|V7%1f>#83pwzy0tlo`s|!3(uvTl3jMP`o3$P# z#S|JF~u)7LVGG z@STeo$4Z@YpK}|KcOSyLHz70oaXNT5n?yt;*NU=i9lnE8+&_0!YzFNJXalHKF$hg^ z+v4`fJ!noY6|%z73T-wWl%}U|O?XyM>}BXZJ+(JEg^4y`Ik!9TZOzk$>Mx@Vd#HFE zSiyC=TbNFuO?bTEe8Bp&rxt=feN$inJVWf#)BZr!fnMn0p%l`&tJV^upGw4N@*CVY z1ra&GxGshW!5)Yv6bJyj%{4|HB0etd?-w5FXnUXg^fAX|VLUag;|&T9fVdZ_S;I}= z&b%-pr`{K3qoEAhbo^a%prr%LUz`-vevBiEolnFQ0V|Ffd9cI<`fv4CoeaP`L2o*Y zvMMQHznmusI84O7F2^TY{>1Q>h+Bmkb#1Px-CRa?L}RoxWx5ed6<&n~8R-IivgZ+U z3SFj2nJ9>mb2!YxVQuFRZRhsJEDe;YZ3*rgS|9-GX0H<2{N+If(&*7EdLpq24z!oj zT0tieU5abd+j;>awK6Yy2)0MPY19JXcr}oxx#OPh9VTc6k9i4Uk$%W|h;R{;Ni-TyWD5Be zeP#$=oJLLyN9(}uG(8P7j}TosG5a=XDP$%qC8?5c1*<$|3Y9U3DZYbeF{q*>E-|JM z?s?WEQRNX^<)N(_Yqqqd`h1~-TdfXXpoB{CAK>3@1U21aD*UwFv5%-d_bQ>w;3??rlQ5f1$7)t+Vk2A6lpn$~ z;0jIee2b)$afBKmeoOPtxs7&V^8&%5P&9N|Fc54QQyJ$Y4+Yh5o06##gGcuqOy;Y=8x3GuU46ZSIeT3 ze_?W+CPGnrrzw0~IM~X^)V@A%(mq=JMBbsr76=j{rX(G#zN6efS|5JN;jlTuR|EM7 zzt<+Qq9#962eYqhV;^*3Jxbu$cj0gs+S~4wKQ72}%R9=E;7oxj+&H6NCyV$O=TuWS zd3{B*Q8V^Ice4tRQZSVF2JD@{Usd4zay~YVQS{G^S*eKYWQU_ZkqM35Pe~3~&7b6>7>j z+!!-v&<5k05%*u0_%{v$(_r3RU z1;2EBhVcTIjqc0`!%@;l4m`!=X%NN|D*O(06SQbuf?`YQO45M%*(s@|fvufW zYYmUdS<|6Qol7AjZPEF8-3#ZEErBaSo(dx|`8cpy3iv%m@(oGpEgI_7(LhFR(m`U9 z{C&_2XqcoUzz$l?F%YsHJe!pQ(gGWdEiohl`anTweBcg=ec+lkxWZ;0zingg4jjo9 z*HJW07$S*8S0DHXyBz|8cM}07)|t&G5~w$b?{F1$uT2C6N^(%T+(9OA`4p-c=htMm zh2e#WIIKixmQDG}q?|9-Y+)NCcnXarO3n(4E^Xr9`=965YNTy;sY!{dV+TqM1bxD@-#HRDLfuk`6Vv2bmyUl`;V0GnpJo zNU;kV=8oh`5NfkM{FNeu)kB5u>3+a5BYK&1euxWm8OWb~~+zz-3tQIYYX^%l$xYiSP%C*6??AI%*y82(i9mAtc?b<$V*`-ctB z{v-?>!tM`~obv!s#5CC$%hhDUVT(L>1GLKbrdUfJEe1^;1t6S6e1=M@2?eFhHdN@v z0tIc81Q}#-g$Q#j*aQE#R;CFbrfAuq95;($Z!T3i#}87(I$Yp;RD_1lFQq@`I;D=w z2T`uYx;l9q7)b~hd2Af`0IjAjbdo$+K2bm($DOw<@p7;42`aTEMRl*Ncq_kS&T%?$G0b4?I4Z=(Lz&bO7?y4%H)G+}nYnITGni|l zPo@>AhXk)DF!vT7RjN>j0gMRvMt%j4$>?j5OssCNqn70a@> z&})uvLyAQtOPpC}j6*S1=I|r$@W&?1O}es?npeHMCF%!f)8z1d)aBSdGY#NI{D?1s zHbPNa;`@YRPYl@(@+o2*lm}1e#7R9l@{efW#BX=vr`r!zyj{-kjB>_!L z=Dc56d3CG8XhJqIS2II*jzOJ+hB2Nq5{`i|De(RrOAe`!?a~7(A{=?CE*w0}OgqRT zja_Pa7k)Q}IP>>I^LGbcscr$d!Zh&W`|tM7cHV`<&C1udJBE4%le1BG<>sO@JCzMz zJXkurvm9!V2?kzXtH6kq+i`hVpUDHj#9S;JK98d+?wV z^Z^cqoE5a%p;6$NR3bD@7~P${v{J@TiV}+GVIw<6KfAM_rg1*9Z5q7EWJenSe2X2c z7)TScN`3XGG&wkuBC3ZJ_l+0+r6N8U<(yIRTA`+t-la61LP+(OWns!7+q$1A&sxPmj-9n~y&KT+*hr3nPuWx86`MC zZTeHhl9wemiuSTWWA_|&;_p0wRxzRZ9pV?tV)6_jIB>Qx%m<@+5X@EVuwKrtb>7CA#fi`>2%GG)c7MW$7rb7BB-ebLRmjZ~7_Eg3>p}ujj2Mo*f)>Li| z3~NYc;)NQeY)*jg)x9ioVYS9gVn-yGaY`Pb@_oIs4sF#VjDF=+kOkb`+<5qyqhkHf zSJcf&T(zR%Gr#UL-)XXA1QXsXCpT&F1SWQ%eA>_isn{4B<#RbcdqwRw-F!p3bOJ{t zrgj1 zx)5MzR6?Bijv#2J-n2)S z&VZ0E1SgX8j~w_MFRJ7lC&q1c$J2oEAbhYkS#QoL;U!jdVgi{6d0aY9nle@)Tu@F| z$%D0nw0jQpTUV<)O$ZnZee4k;>(G?7)i?s z$#w{Ba@0b}IaaA_R2MGAO>_7}8OSWh!*e?`3%SlbZ#8;3pHcToiM4q+;4Wk!>;QEZfn zy3=^F`LNem>ckB60NreIjuCi9@HUMT)3eWR=hyooAEuZ)za z>woJfOnSv`ZXrOIV!6sSdHCg==C0D4BRqX~8jl{T$~c7pO=iL3rau(h zDtXOmVdJhnH#jZaS7_{kf2p(pvWc5el#*7~1}&EQU0ZKbW5;QFJsq#D7nEoE?kLIO zcCxlEi#ncWzlsl(ghKfdPds$fQF}Bab5}BJznEz$QFza1P{*Oi;g2(sAqXGq=StWpZT|$a z(gJs}J((56X4uoNfMNJ!Je(P)Av(qclY#=N^LUUDHUzT77(=HOFtfL?yUR#M;>+S0TxsP*8<{+i>ICek(?%L7M-H`O#YKRVH=>Eov|&-^$x}$F?X&> zAN!4ccWxAn`clv^t=1?RM>r9iayTYbdrb_anz}DNH(3sOJejh^LU13o1|+b&QwIB2 zVCZlUKoXK#f$>Tv=gFYD!;OKC!r@HtmSajlMox!u+ExVFzA3=AiScxf$XiPb+n_a& zO)c!F1Q_PY3min6F&_~d2`AQl>zcDXDR+U_aneg~0u)t>6%(HYajhv4%=r3>nz+5h z3qfp4vC`;C|DPh7VPp}q9A}ophrD|Q(9lLM*f%NMl!_i2u2>7NL&Ylt95S?s%G}YUh-N)T7pMy|WGz$8 zO+10U?U zGMyw{ho|CFHw)nmiqHIbhKfO}s-`v=fGbSoD$t>jO9NfzlU?O%{DDIs*uChvAhSth z7g!2oBJ-|%-@&&RG?!sYXia-J5!Dx}Z_umKo7r$&KX9Q$Hjh8=i*SXJ6=;U{mTqBV z*sDoW@F5lAM7&wo%+v8Js*?M7tvCJnT72j<66QfrbJ-T_i5s`u+}jn~&IE0afPJxI z4FzrTQ>+3_JTI1+vE8+%jtB<5;^+(v5VeYWyxGL64LUW+V&fvO7-Ch66vSCE{gvzq z1R6B#6(co^A1kV&wOBc$=+9zZi+>E7fF#pHgIG;;4;Wz;OhuN9B0BPt&{=Midfd`=IeLD-!c_cLG4$cxM#A`RtN z8=Uh7aVww$Af*#RZf)9DaV;AzQ=S}5k54bbF8l#Pg@E4DgZ=WIJi$$6dcPD#4 z*MRH3ji32`$rq*>wDv>+Hzo&zgPx_}M&?=}eq~HF#!sRW`(Z<(WF*ps*OcY9^S*U+ zbJM~vTR=0aUkMip##x2irF;M7>G?&Q3d-UA0+#|mv2n{r&M2a*$_02=n8+TL2H&lRjqTu3sRxrlep zU3JY!3aP1@$I`_?8KSw0&b1zz;?ps~M6xf!wc%CmE71Lc7j5;x6C6%#aJ?kBUR?nN ze~fG)xqdVuU6b||g+?`zS6nN$stR1BDcgh#qfulEMdDDN4>pX&=enl&Vn5YzS{%Po zDJDcJo2~5pdj&q2_i}YCVx36XX*}F`{3SxJR=!rVYx%9}S87<_$a&8R`1Qrb%Rnk_ z_^I{$m2uk`ONZK*YbXstRd_!$)&R0cQ3;5Ay$IrAig5DE`xOL{e-XrOIvGznw9Olq zZO07aicw#RDkN?Wc_$##!K01GW=T5gaFg6&2f@ou96`lV#rm9VaCQ(k8u6H517uZd zNdq!GkdL7EMkt@@?tl1x9Aii{f2(xwzKZO#$|-_5w88;g2iL21nZh5yyH{oZHjr#m z72p>Ho)E?%6v!YNsd2p8qJXf8T^j{D7nekP%H}PPPCoEPVaV`kqZy2+mvG)}cl=@6 z_B*PBO3Vv~@NdKoB~{0Kx5u!yC40?TSUa%#18k9>dM6^@3wq*;0IX5vsi;w{DGsBfQaQ8bK}JiLJGR^!5%>dK%t7SmWAtv$sy zf*HRYdf0ZGPjWRR3Dr%Sl7No+Z@45V4b0&lXxtMj4L6)IV=-6jQH`%=IdZm=JCyi~ zW1`?-33vAH|Is9bYj@Pc!fow_R3sL$F!RTcXE#;G!p^EVZ64K6Ko@CIEm}or3Q~5h zI1iW+NESzaP=5EO_V=D2w zK9w6Zg`M4u{6)N!+hA72uOpK%uHqvKoY21?77$EQ6GX zH}o>3(5?NTu3>FgNm-Rw9ZHdt)y^v8a++u(_JoJlO-hL;dAenm9061?@~87>^iFsF z;tW`1IYFWV!G4&iOmWI~Q1i(==8&v&%0-GSDyL`la?*rUIYG8ZyDwLP!2-&Z9MmWj znXRH6cO;sFpi}NNhT)I1hD9duax&zOrjjm7_Gs%g!>Mo{%%qePCg)0VPt4s)m2W&x zGi|)&hsb>uM^eQZU49{XM?C_V76j5uh+v`lz3v)#Nkx>g0ixi^w&c(U(+t*ar&sn} zEq4X=yGy-1F>ek^hxC*XHVCl= zR9%dU7>P~RbCe=r&?@0X$l_ivqLR?61z-3SjtKG{nM7g1u~FG;D)YE|l~Pzgd~NKN zg}P5J)h$bJ@-pVR&Pnb!cJUgiTTreh$>;T|MVrwzg9cVIPkOnSf6FvdXJu+C$IlFv zS-W!xtlXHZhJb!8&q&2NEAY1I&cb{0Vy(&Mx6odWkn5FjrALyDWg|rR#DKPgM*oK$ zRAkcb^_EDRig9Y|;!J1e^?xv9lXS((*yK`74%622u24`465B*b3A7Ua!v&-% zE(Uv~hMChTcx}ivmbHo^&L*SAOZa231~-B$thHJw3e^w0(Zu@ppe^spe{yS5x%(JunrxF-C!m1;h-!R8l16roDlc|2*Cy) zsd$Vcy@v|zkYp{^K|*6e#9-Ah{~L`;u52zYgAPc{20*sbNZ61tAk$VU%O1$9lv4E& zN^x9d%9mvkJ7UGI#*EH*awS$xN#DR<-Og*8Be^InJVcM)NGcxlIK@cH zu2$x3Y|z)&olZ}yRx9;_#60q0LSC7A z*rOIpKjTi<{Qv9O>}pgs``yv7vD*zNbHF{kM@L~YeM5Kmg>TS`NYKpIpC1Glr@@nr zjlbOTJ$MD*eDIfLC6e543~$R>TUOb`k15ASGw`#c=`~z^kpjNCa;T>}EYv-O2 zJwY9LStMsFMhzD906j*N!^cYGyj6B#Ic;Xo_K<2p5DuRu~6;3Pj%Bhd^2h6zRlC5_5q%g zfw-x8Xs%9LK~6(Y3onMT*Fw@}Fqp#VfsT|TQLynm^qMmCfm9IfsdCy?1VNaA z4*p#%rEc1>NcO5`I?`gu2EWKuD_3UfFz8P)-C~w>@xa?VJ~oXBeu^tON7pxeh}Mv* z9G-I-#UW*W7J*5<+cqh&BI((u$gWowGp69NxfIBNFC#NZQmmb^l!mK4tv0bj4sAH| zsJc=r;Z;IGRg}1T3j%cuz*4XdXw&;Dn%r?0rod=l(|i`}ojdQqc^gcL){83!F3u(; z;T7jLs#u<2uHZBlxnf|(KcCK0ImTF;NiQ-qFeI+0G54^<^?vSYujrD2YX7(2P^&+A z#48Z@J1HWtRXjWjUy647@6HDPF>yx5HnHrna zn%CvJu`{R`E!!@~ru*qN)>;?hcWWH&W*iS_yHi%0^~I*8OSGy)ALopHD_s zgWOhBA;&ZM&wmLn+>PDOH*WXRARIS#pVa#n{D}}&PF6mHyguwhx1Lh4SI`(ue0 zX>N~}n;Py2to@466>xyQ>CM?0?efD_Q$0C--TD4-@2s`Cf&ZM}y+NV?GDP!EkLhAd2-BJB4Va!Y>g-~WoH73^6TPaBVa*j7t=6hC zr<2jbwd~uK=9n&mLd6B|^50%645q&N%mqOoBx!;XlBIATG)Pk9-ORWNDJa%JGg!kd zmodnd+m!PR{`BIwNtXF$uz&s?IXJ%A`)=>q(TQjE*b)Rb94lUUd>U|O3E{yFm?akUg#zhx%o08O)YccI_1+A}xRmr?+QK4VF{&e1thELH3 zhiDr+(@DSe<*FlKYP>m-c4C?#^4Q2TOEID@GS4)iyKCBj^indAf~Nc<+rW)f#B2W! zjkBA-^AkU>toaFK;5f#5!!BCefy$3;N@JXir`g5DbiCDz!$adXX0P;Ia9`>5sy3J8bM?SNYtB zpxe@*7ci0K9|oP2sM=<2b^GT?=w9Q|~&ro^#;r0LW3vRU0jOl=)MpZ$V)M z`m0?efDSALS-Dl39E}TyMc6xLjKK}%SJP8J%DaLbPX&9bo1v55G(&$ZXr{6i&T46q zu~-g2MF)P;y!it~bK3WRSl92VK+EEL_6>Al@!`LQy#05&yI?DXK&DcKX$df`M2iFN z!L9}(_H)HXiTg#C!@9cY?YxeXyx<|j9|frD8Zu#BqcFQ>NV~>}WAz)n7WqbE=A}F`2f(XRn4Zds^^Ot9BMjEK1b|KEG@3D=vJN<+Sng=c zUF4yYTp!i&xAtKP)U9!0_sBF&AJspF|84A|I(0(Ekp++Aw&KSxaDz$ZnBq&@9e-pr z(004M?B}Y!7k!n>amJUVLlkuu(Qh=BTLz(Z$xf1RaWtys8Vhoo#K0El9g=0jlzJ13 zV8bsZqEqK{0w1Sc#4Dm^Ld8XnTOt9Dae{j z^oJ&tfFn_LSXD2diB3DSn@ zffwV(iBf8YkryzHQcen%jjEc1#+IS)e1XV=!JWlou|eo(%gHpeG?ik_tGg@@)(NhK zQc(c6IpU%>0v}>=?eSI87Ee%YYG$ znr6@G+atJe->y}`#b{Kw`jWoAeXCq7rmocs`u1Qt8sBoPHr2aPHCFrWoydzhwDqfY z4srtVY^rZa6-D0T{E7e@(Y!>UAOesg)m*RAQS?&>(|4N+m&w_+6u?|{*J7xX5MoNv zBh(P!Syz#hbikvq9}dyjYvsU-cZAcataT9KvkdoYEAgV z<|IL+7)o8JK*T#ph*f-VwM}?^oGfmhegluc5$jK0AmP$$RUruOuy#RktDyNSivDiw z=CdSCW~014F+nZC+~>oDyn8tEWnXzvct{(Zs_YfM#R6e)I#(DYdqrmJWrQof<8Q5( zWvjp~Lk|T`6Pqpv{<&1V^rY$dR9SIX4CV|Fd9Iq1gBL*ZS_qOmc8h`NgJ}rV-1F)Y%oh%n*te-6HNXl z6ifBBq!lmcTPlptK^z=0$|GvcNrd-C%%?VW>^OKHp)g-@^8Ago1#Ic4);kS(>00Fo@zLa9H?u-U0wB5LC^8b7Tp{CP6w$b|R{@ zl*%q)$1d;KTJ-SNW7vt%;hB3Hra(fRySEABQ@$5%22OXo7R(sD27N}MqxQM^SJ{wq z<5vjN;7d%njS3|ts$DZO&gui$5HH&6(?gu6GAE;~_<~$_=DdOD018SFAvv(n zC`3J`nNQL&1xGr0S#dHim>Ltcx?4*>43wdLix@90{e7`95_PYFodKC8+i z)wRO`uBCP;KK3^4jE0k{o5~BIG1_eKihG;pu1r{&FY0Wx*=^cF6!5$}#dG}lHtmpl zP;Tb{KQ6Un+B%RFLZip=!9!NIf|zHxgJGIp6U>XUST2=WSyW`*H?+i+-@u|(er~B> z`7P12@*AR1Wrn6b$N4JiOfo@{))*j@C}3GJ)sVZVX~{|!E)P-=H!a-Y&5N?_+B&u( zrXpK<>v41>9X@??w_P=Tu6p>M&62D~d%s{;s0x_VFs<^5Jo8xeK>b zScx zZs9%g@R5O=!v)Zg{6>lyYsWN0fxP}iSgp@v?lLfA09 za~gv@<6D84on_AtXbVX=p)Lq*c(v+E2DS^i_!% zriAckQ4cFT-?(o1Ius?-5tZFWn_rZT@-4%1ndsYWPWb*1+oMoZ73}Z2m6>DW zG9u+tWJXPoHC@EXONr;$Eca2aj11?(*j#GHRE`LPOWU>MKXT7g3~8wcnZb~viMhz6 zaS3Ik@)A;A9|kflteH0_((O!y^5go6p`kmc5~E(BC~pj;z>dct#BMVj%|g%{4d^*n zU}Ij|*sNkEcb%j=9bJDQtA;rG|q=v_XcP#CvBUh`mtP%gVUd@WL~Ep<2xG z`?b=v6w&Y9J89zB!Gahn8gT7%-Uixd$k0Nfke9MuwZ3M* zbgmX)7K7aQCWnGcXGlp{U%lW@_mK<)T0<(nibD=I+g#={Sd-&b7m0t^rb>^&n%&}z z^(YvT^rC+LQ9IZpFa*SigX59H$Y~99wC;Uz3Jz^Ci%={gBF6okY*HX~#n}8+-K$tt za+7L6K$dz=M3hCow#*_CDX9^#uVm941SAzAt_A!95WG}1g}rbI&lakgvE-C)q^>-1y9+R;}&XM8vbPA|SbJPTf*o*kSw z1N{9kI64o`4)>0azYo4TJv|8azur69Kg92X^TUf*FN0@?$EUC1DMh~E_1AkB!S|=H zg4cT|7s2z>GyLN$czJeu0D(Y$zwm1R;^_1wIRF0q;_$_9iq<^T8*X{+lvSRD@z72< z^+4`aWU97h*Wt9X(o&D5Q3$@dl{2&wQ^EPA$YO)1hF1I-mo62P!>TmD>PaSj+EEO! z!5mt(x|06_7ts){jpKP$6J49o6|7}Z>n4jQlPEDv$8aaEt_3$^N}&7g7&Tc>Lyw~- z6kO$(^|*9XhzauxZof5eEmRlhWFjt^h^W)-G(*o#LoA?P+$Ih2$r5kgA`9`hNr)eu zgSd1G;!-p!q#*iJH1`-4Y_QmHSf4*QFMY7y?j_Xsr3!zjEnawkQ(6K)Fz+Tbnw^`6 z>ga?P^Xd2q&aKAo^XZR2&W`DW=Wu?f#v-odkkXZDltv|J%V^sDd{SqZ%uqRwf#R8R!I$uIh*=((2Y$vfqe z(nPOlt)atfmsB#ziu8`B(=APBu5zggP>>%U(|@c-A6;MY1{Y>YF~Gt?4qE>ZDT}5N zQ|Hp93l}Dkx0eXyoxIDgKCVu5nWjU#R)%r$!+8ujSDdRQUtXT$n(q&%IpdgDaOU^v zbQKXBCAh*=St1&B?Tc-R+cG8OBrMiOkCOQ|n8c$wPp+fqBrO}yabv9EQ3cuPisi6WVD=L~ePiTa;DxQ{~H=d)1p2ldK3|i;@9o%Jl~^o>yr_R^+}l zs<53~EoC?yq@Y+|jci3#xJ_Eu;yzOr)Mj`WG}!C5x8(b#1hYb2C(u{E(!0j}WIX(N zKnJc_IYkMYL;D#2>xi;v8d|D}e9~>7U+mxY^=m4v)qWOJ5LGhx_67c3)tYWjT^eCu zVG&H*HnOrKMH|6vNMMi9lBQDKed6vB%0iTN<8Y{!i74~vt6&W`doGRv3Wgcd)|LzS zaJJ61Tl#TADRl+vL)$Vwu|g8v9}U{l{ygH<{vOuZ}@%2KiFSf9)!V(jvJH0;|@wv+TC27kYP}-i@PNzy-GyDhIy?T5j;9zf9QSV7sU&WENXG&>*Vr}af#o6W zjmNM7Y=~o&nG_MCR>!84OSlxrEKp2@TUI>=z3@B;0S!2xjz(mktyy~=W8;ERBYA{|f0y9juRN?C-# zU|jLqmv+imQDbJC2R^N%ytJ> z<##YW<>goQ{PV(;_@E95>)q_yzIE4=UY)uUMfC6zW-NTHY`{`++jq2Gm&DzR>U(JqQ;W*;+$$(ROkU!quF%#RVxBF!4*tc&sl zt(k?SFC*sljcJ{VDJkpJ+E_l!gja`*w?-wdw za0{>#ZGRPxpW7~$hxgOrj2>+9W)aZc5AxaWxC!~%6K=l&!lJi;i!-bxoF*+UCaq}T z8J%!{A{GKwOmfh9>+Y#}goN&*_X~kb9Hq|i`Mc2y=a*9}zyqMs4N1BP&9J0ob`7k7 zU=Ox*6bS2ln2t5D@*JvvQ6#!_8e+0t@MPn++!$IPWC8(qU1(lM7DER_qBg!-6(;X` z!J^-2m@{i(fGY~EJ3(aImM0s#e{TK9P0;N8NAe%P`(c_+p8hTzr}@*r{O#dJ^WnyZ zUmj^`o~qlnWD_pzTKAz0aWWcKamS*4R?R$LLu=1X54T|*k7gQ)efu|m-apv8*!%N# zG}`^kUv`Uuc{Q&RCcAsLQ~7d{yk_7_QCD!~HEqpD^C(+Sw?hG{7Yw9@s|(C<4C>;u zX*?{9qxhA0#fda^$R%|nJEymv`zcX>X&V*h|>q||^A#fgdlox~} zO5l3E^Tv-9ghViI&ioGZr=hw4K;NHd(2OKS2@pQXf z;&3amH-F=d5K}x?X6M~7NtTxkA0p!TXnE#$d}ofn%rSZrTPaszt9qD_`5U|K=5PKO z{O+?qJpJ8gn;ZC_M^EPyvOuWi=tx1kN0TUHlfv!j^i03}0puc6G#Vru0K+&&tT!|t-bpI>m!s39%rM|3ig>^z zgy>+3DCYu}P1au2n7gQuy28;q4<|Nw=nT*cPY)9EfUu{H_NdLgK%Wdk{F;{;$u~js zsG0|6+a$A_aMpHtE85&-Q@*z6l*+Io2a8mwx;2i@TB_MkLHf)1d6{ja5)17mlPL?i zxPhw->Ha44=~Hr27Mk_frNaJRY@Sz|U9PUuWvSF-^^hcGuRswFXMbb~Q%oYWPc9Z&le)nveEP8jlGlv~^6$69%6IEU6F4GZ8`uWjZZ#=FgfE6W%RKW2_Vr1s0slwg zcuWUM4m}%qv4B(Rr0Bgx$Kx*1r9ycASRa-B&`osH(uqY5HB}GQG&c&lpp>RkK8+_7 zDyiCrXUtehrjIBwwuOC}rm|SM+7Wc^Ez{v$90qljIPA1AI+4N+!%MX3VqZsu)jCgz zo3%eM^H=IZwnC^Dm^1j@x1v@pWiMbYyrdTS5YbWQ36r=R~y95zP|96AzelO4UF>7b%_SbfFNp151E! z!gnDzF40m2CZ?0Ly7NVx&CM1Fu~Irbmtbrjfb%|8QypQs|#!DavB8+r)calADAsf+uVul1HV_0G(;kk@EM46B(6?*W&1UrrSz zzpq~#zEm~F6hLsu`{pQdhtZ9cmA4^wmo{<27ELP`9U#Dd(}at_cQ{`9?9$c!EDDo zKqG8>iNbuw@m(S9?+0)#d=Ok>teeyS1ksU8^nmzzarEMl?MX16MzLUDBX~O{p*Vt_ z%(|B*b=_PnY)

tgxNFlTVBC!jFF;jJ+2caK%9cNx?HTw!k6Lor``%AL2Jy)8*fweJ{3ZJs^N~wt;e- zRPkUoY8vcTGf>LGkO;al&8X&-<>|_jjAs0-T};da8_g*9FPXJp%slE81tUo`1K)m| zMKLcCS;|X7{=aj|)R9(iy(}OAEU-L2CTQ?ZeQV&?4YT?s)u)!iU6w$$aiMjY*zbyy zuq5Z6YgLt+l_(L#>MTaKDKm{NC3j(@jtM_ourlys>6PNt_KnK{t)&yvW*PjLCq8lS z8-wCy4SyY{VefgCjt;^}h{jCSwJxiog6GpDVcSDv_igX83)5&*88sJ5wB1nykk9zP z7o0j1vR49=X}Inn26ckcjOEr8WN_6)Ml<^CVWZAUVT69$zT2jC+nY+XkG=3z&5njs zK&Pyqj;RntSwUA3Loi{s_e8D$WK_Z!Tsk2T-ibT{Z>XCsyLfMG#>B#jKf2e6_tGhj z(DQSBXGy@{R#U-OV>}ysP!reNq(?{L%$8KbVrt5OMrstoP+g`}KAiEiq$fl_B?avT zR$w!e;mcMJ%Mrl`!x^2t6w|cyjfgMQCxe zr|DxksAUC+ew;SpeL{z`JioHt;r4e|{^dh{NTc!a-9D(f%Abvmjn5xH4)EVEK7T_0 zZan0_`DgP1F3|Bz%AWQ$!gZcFH(SLaV>v|~n-^YUezxlYl{~ta6{L}vb7(br{ z$8k4Gq>K}uQ+sq6!i~2-xxsV&IR#X3eW<h)qN{H8!TBt3~!yvMT)qdJ20 zCIMynDjv6?6||bdP|ZkkNk)xX8T%fz5T1jYu27*Fd`=#sdXtsU;7xs7xVh1n z1v9zMF%b0R{IEqMhF4yZ>DPdT(=|=(NvP`$!y78xfr~?H4kJMO2#~W0*9l&9XhkoM zqm~&RI%(AdDS40@d*{K?c_VnXcYbuLPf(cXqaSa&dHc9-N*9`==)d zM~L0T`{y0(@BK^8hVlltVj?vQbPq zA(USUtqkK)JP`!T(xloSrb+!{{;>R46)=B>J{HLThntVSDCvJ2k3Px&kMZ+KSbh?g zcN3N?pSAAiXXP`B`J14dRwR)L2EvXd3ldF4TzMmAd=~f@P4^U#6NX_wO@p1?0Dij+ zvz5!sOZh;4gMaYzZnrC+!*B2b|MTMtdJnNBCz2DTyO9gTff|aqg%{3X_Yb zSo!K%a}Zy`{|DjaY!caD@|73Qnj`pT6v;Q{mwe>{6Jz6?>PNcYbNJ&s{C~dk8El@I zBN=fEHK2!vuG-c3Dt^{LClop`u#Ut*L<>jI>F6(zpsvrj(9{&wt7H{j&_hHUH-O_e zsTAp;Sr=D9*Tba*N--Gdf+v$ST^Yyk<57s@h2KU%!CzXuefnAOL+5`nlI5QJSakk> zzPV96|3CkH^V9kNF@8D^Rva#t&B+Cc8%Pz5JOQ z(H1nb(+GYK|G-NtFoN@FVoTAnLjpggj&kW}tpNw)o4nBs8aG$aEGP>NdHXAR+po`Q zgRHnE9oPml;3znp#M-L{X;-p80F5%*OLp^9%JKT1`Iof}&z^ovG? zx`rJRJc8q47w_6SjjiFHXslCnd*rgRHTzu5vbZcLq70spymX#?&$ZZsMf8y2iKt~8dccq35(ge!xVti{6>K{exi1NT3Pw2ywwg+P(^09 z5gR3GD;-xo`y$E)(GiztU+#^4DoDNDvu7#C5ifWe5gqfZwbB#6l>Ddj-^AT?ex5$? z+<)?9j{j$)c>X_r^u_1@5~h3dYVV1&FTx5yK4_ zQR2aUxQhtv{673e(9nH2jG&qOGJ--=_hJR5ncc+<8a%*vZ)phSm+r$93e9}DEfgBL zH)ANYbsyGHXl8*qltVHN@Cu_bxQJt1DM~0d0E-O02xR>F;>9t)ybY3fiy$rXs|ao| z-ln7gA=s)(z6Fo%tg6+$c|2AFm2*(NyAuis?1pfqqv;7ErJ3K_YSYA1b@;Q+ ze@Uhzk`c{S7y7lnx-J3S(&Z!q`k}pn?p8aiomB~u!tvT1C&bEEDN!`AT^TamXIq#~ zE~ET69(8ATyTgyU*YNpnNV%QTsmXlE9YD}_M|ZY;nf7L?iL1@U-NG~OgaUQt3^g3s5?K+n7IBFIx}4N5R};%Yhq7-MZs+G!xPKollx9ZZWfb4O%TI4oEHvfd~yX2hwjGVjnY z49#Jj-4OjGjD~n~6+=g3jN62hCMsZ?7zVP%Lj<`bi~3j)`(4P^xUES#7!0GeM)mxR zAcbMKR-4E{>lkASDughLX@2*Q{DI8Do7-j9Suj`Nrs8a?2H#~=1sF`R_r>q(yz;qA zS~F$8hlSmjnyuyn%yas)6Bs+#-Cr6$xvJ^PAIJSN8)H=TZTDuFWi{LJqwllnu+T6Z zAuXyPU>bhlZ=GRWBk%kw*ufbNZn!s&u)in2$kU@`kn;Hs~9_l6*1gJd(e*?`YnY8-hC?3wX z;6gR+#=S833KX4Q)PO4oC_Jq^%HRn2N#2|E+GLoPSE-M!0F-vP!#tJG;vb`}FE@Vs zRJ{bxgQ`8DT1N2bAlX8cboaz`2v3Z{Y!JgY8{_v+<&V}d>QAo>>1gz$MzX{-#uRC z^^9lcco}OR&QGD6l%DQixUpnrWo+NxBu$RAB*u`LHenu$0+wIUIMAcEtTz?X;B5 zHQi0M+YxHmM-@&46uA^a%hnj?*o+v3qqM5owHquq=}BAwlaIL+N3o7Kng0i8`!To& zM*hbly3u4Cusihb0ByS~Wti7~S!9U@yZv-Fpb%P0^h9A&S$EwJqt@9Eon2ygth+1s zW{G5WPQduJH=`BQS?GHdtmwgv_h0M=)tk0u%dumcCW3`qO$4JT3?pWM9xxou-7>d& zskWA#-fCnGTDl*YjN(j7&ir!IiAz4FiFLV&bDwWijUy1GZ1EJDL|!`Hztt6kxhl+z zHRtqi)2A2akM#e; z_#El~NBaMf{{I2$|1aFQ@fWWCPt*QEpyLFe(`FgdhLFT?xp?K6J-knYufP_k7fr6=|;89_ZxIBlX+tmER2~4g(c1 zDm?bVKH#ZmjDNyd6rb&XAWCSi!-~|b%6m|}7>Wak9jGQ7kN;kjS*JHqQ`I{U6LLOv z?@xc#fOB9ikH(#gIJX-m`N(OE{(C)WSn@tr5( z{QLh*)Bl$i7fvl??*A{IJktLUS2eT1?&y<}2Df4=~Kw>N9db9cQr3=mG#hVw!-=S+X8Q^aKp>(5W^U`zKn&EZ`az3w@ zH(%gBE+91dwH^|vMlb3yDCJUE?C88oTal|cbt*Z5O4hDoB(r*0Nx)_0+EB37o{Mmqi6l@3cN;dJq zWH8~nA4FZe#r=NZrFVhmyU8xtSy-7Zr3q+)OL%fRn%VhC`G@PrrVsf0!#odCk?V7+ zlAamZ_^P`tkeZcFXIF ztI%I*oFX39%wb|ss+j9fHN@p$lPeL5M&*6;xI`}{=W6D#t^@0)#^-?hIf=#-on)hD zF6kavCmESN_t3mk#lPd5a5=8!1?p##y(dR(1Uok`YPGT=U^$taS3SfukZw4#(5hcF zs(aE%G%k56mkT3b#Mg_Kwc*6CpCodprAIh960l3J7^6{5569F_?W;5CYj+9c_As>u zGBh`OE~z*Ugg8^S2uOE{7Yx9+;{hXorQU1-xtx{~|h`Ijt*qP!0<;?lGknKZX? zp*=8wT&(j}hQ@6#I$U;v=aiU4o=r7)Q^uF_P;WYu=0TTDG5?7~vUF@Ht|EWV(4w zSrq9J`5OB^mJz|old=0C_JqtRK;ML#zC}(}Y~Y<%_YOv0_Ih;ICq~Sq$ZP1L^s)jl&9Q0xfwS= z?Mq+ISJL*`vy7gT3XQQxVR*;h&b`8&$FI`t>VKr}k;kJ|pkWqYLC=)j|0bkZ^__5C zeQ)jNFXF;Bvs75bYNx5vdqk&@vu4@q-Yp`q7+%HTA+Nf=H+Z%0`d0KR=e>J%Ja&4o zqN7-bYH}1^O<~RbVu0ZwOs1b6)Tz|84=T#Bj7+DR!t;iF_M*%Tljv`nA$i{$sv>~X zOz~NBadL=aBH#OjhEed?dM_^rUKT;J zp@Ukvi7x$lubh+>&O^VQu+pf_jXg}bXZPlE)Z7WE?PF7sZ6D2=`8Z5OB5$J6w+eTc zi|9@P+o)+~s`RcH>t1!Ho;B`MPQ`;UX`ddKD%fo&3uQNJkIf&Zja_z2U0z+tMB~aW zsRuL@A}h6f!-9F+>#Sq*xWfomW)<+-tW#Uq`@V56Opjo%%v~wuX4%+I`3GZtpHHvN z3&B_DfJM|NGrBA`H=hVLHy;z58&3qA8;^<2wI_njwa3KfV^0K|k3A+f{u9B*e@tvf zPXwFMV`6jtiC}a6F|oP&M6kK~nAkk?M6h}0F|oPuM6kK=nAr562sZu4#KwIh*tim# zsmgg$T~12dgqk<&tgf*1u5%WTScqqoz4xKy6&#!FOQoH4o?a-{YWIKOGDWp4K*H3Y z_J_%ogBw$Y%nR0#ry-iL@Whl@d9uv$mo8j9fAjoHiKjXq-af+N@h1_Pt|jIhr{cJD z#WCq*-2;hCr#?MrqoHlb05-M;Gh|GcV_T63yMgbz0=rTl`mfYYtFh~hTKv@U9L&d) zE#n6c^>lJ6$8#Oeu8*Mq-R)H2B-&)8Odu|e($+Zg+nIQS9Y2cvVY=^WAW^TDeYOs; zkt!6ZE@lo2ikpzZ1^H(SCs5AkOuzr34=pXVlb9wkx^>H>Z5=x>OWH>l?*2kP@%=xJ zH}ZEw_rNa!PL2O}CVl_!^y1P{{`W)q9L4oGitBL{*JDp{JxY5C>p?0%=eDF5oIz6j z-LL4d25?p=_-Y=4dS)C^ zK}^(ZxuGw}vc$(<2l}^TDO~Ir zN?JT0_!~|SAXz#YG9__D%%&yU{5$A#Zc{qfCa(BBWJr08=qT!_qaZg5#i=u6rBL5J z*e`6`>K<6$2~ZsR1o&3UDEe5@-XxgfC>vJ>9*z_xdk~eObq64OKm@cd)SOkP1m4(F z(ujQox_>`8JpAtDaWl6+`TM{pl$?X2sT2(aPQ_&xgU7%s#2lLx;ios|s5vs(r@%c# zIBhNplLX`sXx}RronM)?a>M%{J4Wx4St1BkdKpha%0Gt>)ry>PJUzmOXUwt0oaLYF z06KYD7_uk1kCiH5AH!FgI4%b{EPEN1%%JQmp+Mn&ESdka6Zo4T^frps;K%t)(f=0~ zPiOW2lS@bX|6zP)o?^xF8fu>uV^WNKP+wSuK`AeZLTE+^RDBm;aI(934Ws9cU_nRkmOu~#b85!QEyf0p&Pv*gGuFW6SP`B2Gw&n4gQX-|7 zwc!jb(7@PECu@}{adQae%hi%}2~1QQSp&x-O*Bz0e!Ld>qh$4&8F6FX-xQaE0Mw;x zpe2L8Tf-F0mbaY%ZexiATzZlL_kvA2upHx>u)5J0wq3+bP=m%`VhO-9v{wSOe71(S zlHN~$*-Djw@Ifz_zp_t~|I5X8zye?z|DQj-nCAZ{7Z;EC|6zO-|G%(qckdwIxWFWU zOC5HFmps&xdbC%J=&~7<#lsFENo7qgbs!m*3(M<^Vg@+sO^jVpDPK^`ePDZbV9BtG z7eKxBqea;KVml;dx^cV7jbOQo%t65^@fBR;R2PAhMAm>JH-cp9+Uvec+jrQzVIw`e zZvkq|a-1HfG-DXVZC)6AyhEq>JD8+R)Gy+Wv=L*{u(|syQ82be{k9e0UEm;U;I|0( zSGF1l=vOk-VI#>@2|?;9F+koqi>I9aQ*to=VG+k0&~RLAvn2C7ndd%nCOPWCY-Mgn zb!o2JaDA&+DbI`p7X{WDZLZ_4%($=@EOSt$dvlx7Tx(9P`nj5z+h{29KG!OzrnbCO zZI|NwO&>JH9(@k-lgs~&MST!$Ox6FFQv81r|98ay596cw|9MvP0@D7F3H$w+=d!{- zBQArEN#+AdC#4zSH1xpG;$a^#QH@7UkJNGCbGA!byn0FM_#8i<12tTgM4dBR4xeHv zEH=YId?m(np}?de&<)%auP^Zq+d!6@AWXTjs@#GDoR8S{i1>8h$IPEN6lk!)ym~fS zqk->_0(%44cU;L5oEy{{jX(%sosNyI$=^r5bx)PtVk~Kjp!cr0t_lhkj&-lJuDHH8{l+rrY`j#8oRe=m8 z<{xF@dtKM*-dUNuP30=co2re_=>Ufvgs}4u>~ggsGniJ}AdRAN;0c1(mS-ybR>-Wr z#AdLS5gvb_c@q;Hv*!`I2T9g6Ynq2Han)&W6>dxD!Oj(B8tW^qDq6bG-&Qa$qVl03XYPo9G(F*om+p>Hr;hqAv=**e>+ z4Nxu6^`TU%lF8#^1jtye8>cY@Ff@jtfnK$0)Q0J>!)^oP7fAr-TP*@vbeK&qH&s`( zAi=dAQ|R=hxs&t_A}*ypX1N5@Ue|{@q}sF?DSeZ~Zn>2SzXsXLv=+rWHBRi-Vjn)K%q#vNoaBuXJ z<14e?*mbMMqZu1EtjqRrmAqy>$^g8I>{Kc_T#|x{Rg+OTjD1`jWP?q9(&7iQ14gZ+ zo@On9+rW>#`t0H!l`uAIx*2_J=tI{Rn0GJ2D{;bbx#Y5JeOOvCb3 zlE&V60(noan3f{e!S=dlWnE9MM&>p!r(!2vG+ z>HEKv8T;?jnWOyghw_=W{+Slg8-zC>HF5qU=SBIM@f|2uHu!)nn8yd`)#K_0Tse0o zzksjOD>?RV$l35s;x^oYYH8{&FuezCNHFG3@EG$uI!{|s+qXORwtgcS4!)$#n0nri zi<`jpd-6X_m!XHc2=0zj1>li>J+MaU*YHTcmX0f_68uybvicGG{F`OyAr?t8QyN$3 z7;HY}iyHSC{t)8u7x06B0S)+;%0OYfh;J^;{grBJPv(Nfh9Y6T@8@B zjQD{L#7xKc!|3_I>DrkwkqE-s6;l29x?2=XI^o{A|Ez4HF{_!#lrZQ!Vo>sJ?TIsH4haN1;fhNLwFGd?B0W+h(_bUc44dPbU7vv zh8ejM;q@ts7ZR-lLAcHxECb&oiiAPoQ0S@`GBX&yA^S1m-8Q=V;BEsHdkY@H<|5*X z3a#URy_Zju@*i{69k~0?RQZ2;DQ*8bb^6qi{r6BlO8(0bK0*eV2z4|i&NiRc2A;hM z+^;9u3~K?j0YC4>0f74QdMAb?3OWv~V2VUU99Iy>wfRnp%;`Qu&nk2DYp!Z!XJ3Yr z7DW-NV-Twij-?MRQ?#D4x=tytNuqmRTVO=b(2iDKym`5PRt4*sc&Ac?L07p52A~M< zG;fDZ*XcBGlRdb;&^XgrYz!T*aT`O+=nIh|k>p;7*eIt%c4mAKkz?*Otsa1EV%)HE z_|Hnb8iy9N1vO8|{@p})8eDTi%lmDKd)UB`j})Z}CZ@RIOurbDJ&*0sremp^VSyoYNwGjYCZ&&(bughVF?y0+3mGa9ocgxj8vz56t)EWb9JDo`29eRmx+;MUm>on2zx z4BdH|2QDxLoKs`8f&+BIoR}5oL_EkVG{UHLs?jL`hBU-wDo`Hbb9@tI<<6U|2veAj{gEXVB0u6 zGvhsx+9W#TC>a7KtZ>c(lB^ z?%*jMdlFM*6sWasCE|<0qbqcpnYmu5u4v}OqN*#L%j)j@vv^`CI5eMhX+Eb6ZaI)i zpzf|fnxOjIc> zC2mcN3d17LkQ7uduO0b~UeTL+I?*375PHQ`X>C_CPiF4n8r@lTR-f}3r{$)zn!M>u zN|RydzDWU=VdtQ9FwQ@Wztq@=+D1w+)lCTgD7>IB9TPxx3gI5#9!OuVR>PRzbqS{& z_ua6`%dCR2`q=dYQ+R|b!nH(H0?FQa5X39vsZr=BZiw$uG8i@Xz~^<@B7Sca*%w<+ z15UE{6x7@rS$=NTGKeT~=OUiYg#QfCj~Z*e402b2URqSOCxfk#g5X6?U}qMYQCc<> z6H$t594X>|E}yLYr{EX|x(k@*|G6-qmj9>EEFAfN9?D0@|MJM}Xb>uv zg(Whs-JgJ3CX@=sdr4$yjnmb}$!hg&y0p)v_HotM?Xqr_G{XRkr=OiaK4>yN`aI?* z$^Q-AATNXTt`=4P$E*u%o2Q(Imf`zl9!@L46HCaIBQq zJbSaeioKHVDb)-r=X*WOI27Y!@dLy?j_a#}!ONg|f02%-sr8?K4*Wjbn5O@oTuS+W zFD@)B9o_#uluyIzs%XFBUg_9~FW9H7_@OhGW*T!HY)rqWZtALw(9cu!s5=fq?3D~64o`GKQ*w%j2hFEM z>6p{!e3_i0t78-XV%-m%SI{Wp%EY7{E8r3q28e}vlv`LPEgj-{wyKZ$z)HuSY9f4d zNbm_JQEds}f8#d)-~_I)cnD`kh`bIq@Q$N19Qi?Hc@f3wq12`8HYLf!ly#vUQKq&) zeS^9f;|qgUZ2%sggV#D4Lxo%?@bB0ZW2^4~*Y&p;Qv)<0bDEIJl7XBEj8l%bp?f9~ zN%9dGe`^ki1@k5OL1WUo}9#*GmFZ6ggwtc3cYZDJV97e(~h# z^El}VO5XVkWas<-Oy~c%-!J>0!v9a6nO{7Uj{gnij`;s!e43>Goi`?2)CEU16(e^H zOj0Z~7Dki;5=&mti8d?Us#t^>6&JT%%foD$>-N~KiHq>#!wqp`(}`ZOgPJ(+-L}JZ zadYfiy>$y7{O$k!&%hIZZ`u969iRgs0ltXg$6b|#G)}~L?aEEMX!POduj(wGEzX5$ zWcl+)@WLMl-BdQrp%c~RkH%onUkxScYiPZ}>dOe`*LG3hud5BYI&Yr@d zI9s1TQ^#1w^R1;bt)->E2i4gQyv8f4t74YHHcO>;?Bg_BMZQ#;ZS=i{y%oV`y8^$> zMhrhMV35~?i&kXSgwIzjsP?f9kSb32V&IAua=}CIOH~wY6=j*k9k|>vSrLury1|_q z{4mKNXh_i))~JDF0InsQIA_2H`8#&q8kXq6@3;s)hPN@oRKz9`s>&2K*`RU)MITig zTA(~Av`?H6$L05iluzfNAeKHg52bhFp~2q5|C>#^HVS0x66rdacQL{p4F%+_VG?o5 z&jG@de8er-Xw*SS(h0a4`*`FUF{l-hefH|B@q9_6jCRhW-)*szz>LGqW4vWL_>v$I zO%l}VN_CCS-znEDm%b9&Lo&>uP}{VEUPwtsL4bE07x=k>u?arL*?bCECm$npiKavz z&zc%!ku&`cae`n=m7YurikzGZbZ~>|DIH^F%pmJ^&h^63%+@-f45)lk<(g3CBpgn; zvKKhY6|l@z0Mtve>@5YX?~cRu3%GMk`c)P|ip!T{d?I!6DF&fNU;;|27NRAKYqZ8* z0V|k*TCxtKS0eYq)Fc5dXn2k{8b=AXQX;nUkxTy*ieXzXKHm~cXK_Vdy#Dd$TH++F z&Wo3>!q?OI_2&6!K*`5%FI>9$;tNn@VF`a-x^V%N>ofTE!u4y{&cpMw1n2qlAHGCT zm((wYymS(OKXd-VM{YcS{=%h}I14=h^l`yl2y9H^HY@zjZM#dR071Ab=XFMVmY)HW zL4mU4DDL3uwbov(=zF^azKIAV$v6hAl{&e_;{`#~+7eyM<=T zW%;5@X{1*&%#BE;Vyp)&yl#b;{q7i<@w|KlZAKrlx1UFY1G>5@u%M|q1342zXxP5! zZ+h3g8RC8^%AficZCIIUpN;PSxKm79ODzF( z3^wqSEXjC+R8EoC@p&Q?J2Isb^CjvNW-XRI==pZ&&4HBQMJ1$fvKRsa}H~?sktunpZiL^tfU9yoG7abWe{s+*>t%oo)+c8 z!JygT&O=Y40NsU-NFd+}4OqGO`xuv# z^l*`7c!fAVPmUynhV&qXX_IpVE%6(yt7_~BJPB6?eDA_KMUa>W@fUzBm4)cv4zPkd z{2+lCF_8m8%>xzb08x`1@1Vxb8rUz64j8?I96dx3`PBPD5&r{{mOei+!MQzjaKG+p z^cCmU3lw<@%EVzM{pyB|uE&uNiUR7!wKA5)?z41Cj0noK!~-eXT&HF4*|v(Q3VR_^PcVhiv1v1rVs$u>@08Jsk*KnY;lG0B<-6oVe z?l?&6z$r;i>*F|!(MCpGOB%uPm6=v~n7PN4TqF%2sR<)+OTkV8mI_j;Mvq9Ui`GMV zLMvBjjJjAA3$%GETC};Vkuj3eSn1AL)NWqCcpY%srX9=eaj3Q}+msB;$30ar;A5k6 za=Y61V5lnkal^H}0h9wQs~`dO^OqKG$xSArqgsYedVKzWLAu6P?$!kEKxJpJ1)gCd zDqN`e76$Nyi2SSmrX5^>byOji zayRuzSC(5J=(z+TSE{+Z?xgbEtmL@z$Xh+l?i??X11C|d{4)4+4#EFxNA5U7I}zkQnf!^?Ipvqn#8Bg;gm2*8|0lNOFA5J8TWthkcefmf3a=8&3MUlvK> zf}KR#s+iBKN}4ACXaX~)*ujwuq(xRuSjMs-55SadL6WUDX_A(UVx!8cRT9Gl3JDq0 zHW{y34B1xKb~bD_8z*Ut*{-3KqsDrbF_bVf)4Ib}27`p+HEBozo<;WD({h2x@TCBJ zK!d+>`IaIIb7{+Hh9lRBCN9Bt$&~L<@g)K$r4>OdmQ93~+!x5_JkkseL^2sojQ3hH zDf~4zOD-f$J()qs@-<^LHWWSPbGaA?S)Pi#l;&Kw6gnWm`VQXCk}mgb2J84+VzbG5 zZUEXDQ5k4oVF*HtoO?Q)p1NbJw^f35x5ZxlHf&eu1Qv}5sEZP9wL}Ues(U;<#=xLF zx(qm>ipKSn5|3{XTZODXgv!SkRC3hL`F=f}m6M*1>b=Ab0Z|kfxiIxcy3ydg@W z%lt8ZyBF0jR_E#q$|RCl08-5()oy|*=xI?&aMg1YWKau3f(zZ+j{Hk^cybUZmvvcV zbEo%NI0i9EROL)5$0xzgNN78j7i)N6)jogv;?bBGODFp*OTUKVklbFASj*c_!%uAp zsZP--q(@bS)z-WG&Xg6jMV`Oah((~Pik6T{Mt8|mn==bvsYoc%Kpc&`XcYo=!E)Sj zU`Xu(g^UE@3dzH){)NO!qq4%MK&0zYOY~a4B3lNA8#%w>qf6a*FxZx-Mz|mcK8jc}g)DqufjI_EzjYLB&$GmUH|R z_;`!I@m{a0jnuOZ>$bI3Vc2A&+{U?daUL;*2EP61*aluHeQPj!VFzTX7G#P%Ljr-G zfxu~~NV%qZ`)|DfuriOxTsl#lRrd+vGw?yxWN<+hjV*VgySE7N(^b30a@fqL1@q4@VKJ zM09DgUgsH;=6rc?7XEwb=J{uCk$&0_C6fYc2@? zs^(rT%SmADUgAHpnOmAmNaBQwHAOSDNr49-N8~f*e3JBbc|jXS^PVGeH3^33ioY^l zXp7HIyh&pOGXgas3)v>gt1_^M{)Ro-P=KIzvOXNzYl?>ilM57)_g^#0JoQ92-~M>k-1VZ$J!#Yq>F*TmzZv=*<@BuZZ| z^7L9@&`NiW%bStW#69-7LE5Lx?QyZ#f63q_OkTr`^I@DW|X+=@1Dg9#+PrGg<}3+za;L($=U_uADpm(m$MN-+H=T zg|Evm{loI=t*5FLg>XDQ+`$cPIv)_J@C{- z$4{PB?%-$VbBXqX^peTANol_$sV&`89xYN~;Nvx8O&Ro72~nf#OjP0ou}s`{X*ZUQOmf2L9#7rszZX3$1#5h^VYA*%D-oY6Im?@)xxess2F_6Va zA3;_10sEnee$8e=Iq_fqd z152$_D@ub`L+g$W^A(V5Xy1{dn&Ja8eNtfIbZ4-+YTm#CS_{(htb2yrapl^I(o`{9 z>;i4?bvMy$s^v0+aD5+5L4iLWaAadE2&`?|Ms(Rt&cZTx#v{Nq7vr=B~LynN5&wfj;DMuRHJ0Z#EI2*ZnTA+k1F%k96P?YtjNjZvErD#Fqp9!jU!gqs2tKL zl;y3NJgGCNM`LhHFcUmh@Rms|MnkVXa~_jAojhP;ZHvX5v02cAT6%o_OM)Qfi*KoG z)k~R6fL-w-=EDz#vnO*$q02X_-=)HyHxL9V3cCAjYo&z>G^f|*D|X;>6md-qiuJ%c zSvL1O+SHX=$!23pe^e|BSa!VC=3wQr6U0nPdcSMHEI#qTS@e({gofcj;MFmFo5QA< zqiaNxEgwU9qFc~sBkJry@p#J6MAS)vfXGN;m`_!)npiwlP0A}Nckaao6H)<=CFDOf zC#40Jq)IKWi)02!wh(*#uG(s8=8_OCACi0W)9R-CZiZ~o?NNb-iDxmbxGV&PS zGdY$cnT#ct#HMQ4EtF(3;PK%tC@)$DWkpZ|$3fuq!ZcPWdsy_`!D9`U`>{Ql4`8Hu z+7xVQIarA|CG*voI2rxK=DIhAJ!BVVo!h4Yxnr20bo1On<(hLxyXMHX)=jRkEyGA{ zdW{VHh=M)?vNc*iPNbHQ7H7vKp_!`dRzq$J?p6)R$8f-zRcyt!ZDnrWNg0)uz){4B zm6^M+!6M1i?JbZY#9p)*!Mi0+q}GAf_Dq=ap#fGEPf!*2D(hY)@JK8^wnPOZ=Lj7h z*Xs$(kDiyi^5hEb{Z3U)61Lxs$1R6c_cD+Bn3I=iVqyctR`KLyW+Ut2m0~7rsma?m z-B51*@tI7%C%<;#N4#-3E?hl-_$}jdVVXXuL>FF`)%gl;cCAk6yJK{hA^;yg-&qH%6vM4;d z^v0vQ@70y-?=j_Jhfc_*SCesrM9z0IbiM3dkq5BhsIBUcNBgO5G%xpqrmq4AB_QdB za3o9{Vwh`LwXq|T?mp&xX~S{6Fxgq1OCeagBcm1vQn*4VvIa!-$AOVt zy;3$&MKH3|$U=4gIe9k)F9M*02Vlc@Ypz@Zp63s3zK>(Jjr$d{ir08^=?pxdxAGLo zm`3clTC>K?vdEA>Gjl#TYy_$bh^q2(n z^a|fuON1Atvc)iHXH=fY-PP$oDX8uj3&KdMmHGkk_cf&aiHa?y16R5y&e z`)JVdJUie=WXUt3#^<9F;BpR+g|Te^@_D&IWESQOPI#Z4RvAzvjv#z zD%j$=^kHKwexI>OqIVS^nd$Y*=V-A#7@JthLo{s@${vM5Rr3fewxBw z=WiC-M1795OJvA&i;+XMnCcR#CU^`(Y5?^Lp4F%*`PJ*5X)ClQGfAI~KDoSurW3pA zYGxLn4Jji`4!4@fBJ(Ji>>{I)yDd5cryo#Y%YK3erHg6bYv>YH)w+IE(N+_~jG==J z#Yf<{`H=KO8Zsdz4I@4JAyx6a^dqKdLYKAkttfME{FouY7UHtFYo1uPZWgB7huPu= zXE=_801H{ar^|OY#OyPi<(KIabn3;jt(}37&5fe+`nG2{c z_Jn;JdEByO5zkSS44?XV1)wLXMrMjyVQ%B}{HcsCSrn4GkBNx`3S>)GEXSlEZLWoo zNY=+U&d7sS;|?^70VB!{JRM6R5A4A_>oV80*?&Bj*T|rESQe9n7Ndg#@RN$VI~A+R zJbCieH|5;K+O=`;V4@hS-se)!T5+@VpduY#A|DnJBhtVNqsmpsR5!RJ27}c_@ds;6 z+8-{ZI89dTa#W4^6bxM?9uYjESBJYv_$H!8{I5AYOP?#5CXq}V7)@PYf**zs?}K^J z6MOIm1$}F197v>{KhYllElsChz*8sDc zJ5t%9P7L=PM^u}u4|3lIp*XjI`xYDWe{++7f7S1##r2Z7zS+%B8&Wn{ZJR2_z~ z!#uzvjA9oW!^H#2M9n>r1P+{$Tw$(wk+I;}{K8T9>J;F(x|fn1rny=*d}-68mwl4b zniY$Xm!$I9gmDY5fZa}FSyOqjAyRM9fhpFEVrHk^zFLM&u&T8k zg|?~IQa!#cxF_ku{W1M%i%pZ*yy4YBKFUDBupy6X=)O#?prwM|H29SICTJ)x;2ku! z#mgz+CoB0SwVOQsYT$W@H45#DzPPMkk^IH>D`kCdT9znfOI|{C(kzEKCrTL>D8v7i zkpw28hr#Gj!OMy z$Zys52OXB~=yOP)Wc)|ididi5PXRYA{`cv{rF8sn_;wWk@i0Cr{`YnCP`dt% znHFS>Z?pqotbfb}U5Yc)$b8{t42rGZEu)$y^FFEEkd)}RoJt9a=^L9f&6%zr*lU!U zjq}c*$HJVvQKyAUWSO)BodUr`gc6s^LPhJQpA^qIZlq31E=Bd`y^{(H-gSa5T6|UYI`5qq=M@lk z(O;vOu4~Ld2nYq%?ps60-EN6zZFj@QA*hM-fn&L#H(Fj;hi$6UZ>z#G3itdd(vLRf z4!PsIy=-&Yb}sniz`=02@{4%R-mHnC@A-5yxwn_LJT%I>)EaV>1LzDuvIvX{m3?x_ zI@wv^4tdswGeBSWkXv$n3y{E3&diyf1G03?^CLw$XJwJ}tW(+gqAVRpfmb2Q+kz;u zfh@d^JJWkPKoaB`Q=<-OA3v-s2Y+~l|1I!eB5G(N9?j&`7E|lI3MOCFY&H^kk3I%Y zFa|`o^}y;mE?KGZ}8;zT)6!2A+i zY*8*37c(3Lb!4TSBBC*W7K0n_mmba!FlcQpTMxW*z zC$lJE`-w+>$W){F;ljM?QQtryhdCx2pKs*!mt)+9_cXYLvlHRbd}4BSW0+!$BzH(G zRF->C%p$vxF{g5PmzMq}qX$sdh9UtXg}7=|LCag^34VZ>q>@l3)RXMgO(DK~d{V4v zp|EYx{j(Hq6r>bN@rpSu7mRw1@;$>^NpxVLp&MyJ8d@VmI%~x)e}<*VMPy|46y7Z_ zTCaE49k*9m^qyX*76}cNd84GoONOiDGa}cavy2Sm?>S+YJ7;9#oxsoRAn=1d^4oyb ztJGBTz@Oz6pEq286$wI8`#)!Bui>%F8jgKq7EYZ$+W#HKN9TW| z^E2|J6W4$W>KFz9Z&R*gbOOA&K!KM~je)cl;f0w0m}^4NQKk4XhLXi`w?kZQEYAji|Q= zu;CiK(q4B*?e%Dg|G8~vXbtSP6Z-AjRsjEPSnb;*djS8ye_`7lTkTKfOVALM1!+&mj4}V zd+kkYqrEw_;J=ObmK(OWpi^5Tr@aM5+OIg6_nW2}3F$HrQj2IsPaAK+>82Cxf#sxn zd28=Vm^pHlwW~u4Y3qZP)@0>dIyGPkqW%BC<~x1 z2Hte>X&&eeuh$rcbtId0+Z|D{^#{B$E1Ss-i2^6H>S z-vMgHlJF#_ge_!23iXwXqniuH-ON0nQ%8?>DRjR=5i31^&&4A5+ZjuwcG?D?~>EbbV6} z4S38*m0%g~y%zG|v1@U?yn!mH2iwZgy3-B0VqQ-QD$*!$t-R$>Pzx6t{G~End9?S+ zA=I{d;ks?h@!7|y;;eF|C~xuhh{Q&@BZn&+cyzEmikL;fg9Ir61Et4a(eS~l9N}Hw zkq^6ADmv0wpd0~m8+mo;oJ&8k1hC=Ur3S1y#jpZRx#?yDhB>r*4iQF>2NJkDy^Hd? zzEuaQj9G*>?0O$q#X1%R8Bow*IQAOA-y7&GLM69~C|H&31=c2)>`f`@aG$ww5yh#( zn}LI;EmU?hw_hN%@O6|sc<|cZqSx@p;0lxiot|$+Np7*xwV1Ji@GHQLa)wcnu$P*A z7+-vWf08eNa6op_yP;w~BwE!wt~bnM%aZWyt*%Xs5QJ}DSD8z0s4*c#g>$IrOe!?8D>m$QnRVbnb-8BOkLc z>MwYMY>tdMc5kkVXW{^J1UhPIhAtK31K08HtVRBsijKF2o(Yw*`iUC~A(q3D6UoqjR2)hJ(u)lPYb z@UAV6fMR%i?BGPMmf~xGK0VxL7d|Lnh}=$)D8Mh|59|3}UCx>6T1_7J86fJoyFi3IUHQw5bX z5=N+aw{)T>O|xb4to$ za)`|P8Q*s+bMSJm#`jn$4hDaVol9NY3!n2pdgAVi(`(HFEnn%KfI2I9HK4qD4MPB2 zb?(^W=DHK2pDFSj$$+F&=FCjbH$wW3*0)3Sg5zj^aTqqaT-0F#y<8F4A|iVkdq_dc zDs%J>r5JUHepSu!8CoM47H2pRVbEPE%M9i46uRyE0~aqi4C!~%8ad4nMRXT_o;&f1 z?+;fN7EhooTUj_Yzjb#01iZjgj+MZ-dhi{72Y2isT$zB`i4YU02P-s|Wzk$k>|joS z$-3yb%K;Tu%4>+J9Owcp&)r?&9-gp&qv}a#uW1dHn7jqcx8nB#I>{ z6IFJa^C6|5!9P;alZwGK$9o!8>^feH$t7hjhjbx}ab%DLeZ)>Y<<%R`&_UILE+QF& zMnHsuf)|K}98eGcDqRP|t)rYDyDX$27ul6Df#-q6h2x<9nf@uDPvpa#(2*wa+7C`)Ww)yQZtNK@1-h> z(4O-}f?&jDRu|;}@p6+~k3H4rdUj_#0Qo<6Wa9g)|0MN4@(nxa>pxTVztamD|Nn)B zBm3W>d`uyuJp)O=EmMYKywDQ6aF!{|f$srRzh`pwow69((Yggr{>vbxOqZ%D_XW0^AJStfS@ z`a=F;E9KeacG%@8CWh>-%-sdXU2d)>A#pb5a@=Q5shlZ?x-mXAH@nI18s3}b)xyrQ zcc;Fzd!o}{A)%teMG_R~bfWPtW<$g|l6~#;b!Vw^Sx9>dr4ebEo$mDKIBuL2T?ER; zn^CA3qa;{;hEVEk3lfUUO=>ySQFWn-hiC+vsO84jno{q{_+!2`u06%Vt`KDsMRX_C z&@jy5Sa*6oj4#835f|5kLVar{9Cd7~Mn!8fCro&fNo}owuQ`*p)RsSw&RoVV= zCIiq*@5a4j9S*8sOtgE)J22HddhjM9*T2i83mWz1kB0FQh*v=WZdIXaBC5Wa6l}O+ zmrdG5AFWVeHZ)qEfG6LC4;w;Uz!-l>ynJ800i>(iN{_|lF;Hr!Hv9MQvYBXQR*9+$ z_>(fW#&vK~dEn;e;>RZjQCloy*y?Q;hT|UHbL!b$Kd{)N({((%Ecgkt4RrW8B zK26*)Dk;U?nXhH>24=GgsG*`8qpOD9oPpGJLTx$A+*DGmbYCk+h*&8v3*V!lj4N|| z>AQkkTC|CFFmiENDFXs!j7>fmP*S>NZ2q}bexcIE5N?V76?LGjWOYmR<~5ue$hAcEuSy5TzE2S71hV-P?iEk}y zcF8d5&E*32$lhHX^gw!z;hCh>vE4j9`GiqC-aa(MHO%M9SC=t~fW9XfYYb%A6whp{ zt;Mn`4H^#PF1f1F0&IR{o=~Zi8Ip8{GFi05vzFI$ZCy|Xh71L$00De)x3g9H&X&wD z+!W>Kd`7Jtr?@D^%wHzRknG)*?KA~yXh}g)H@EY&byHVYEgA|rH?vyU@DPY+jnWTI zLLn}-cVtYm+y_DBJV51cMB|2XwHCa|NW(i9)IeMuWKL)*cy zdI?i{^BcQvf(z{z@%mAub_Ku-pCgY@=M|e%ZNiq>F;b)YqD&gP=-6Fr9NMau3Ji%1qR!Jhba7k|b_rh@ArY3%Ra0A7?o&^ukjmZi%+*AB zVZN+{7a)1Ti5#1S@=Xw0G6fKB+Db;dT`skvqkJ<8Es_bBX*0-oy71M>Qw>;U3ny#! z4=pv$o>@A%fCZl!_hDn?*Tl8w;-X7u8t9K-t1ryYH|7_Y=;rQ4zXwACh;7%zM{XE} zPc`PL@Q2Pc=DFzgJFd0v4=q{x`bY9WFD^DtO3*i8)MDwbFsbV`raB44cQZT zavFE+?Hd?vUYOhec>cC24kl8DEKlBKCa`49loU&p%rVgsWv(Q#n<&WAM!6Wrgh5V; zGu@abcT=_{gq!?TWWPMo%bUuJK=Bsl2CjVMT2)UZi$|Qtp0=}<6Bb_bjVzyzM?{Vn z4GOJAHp$H1!yh{{_t3#=XJH=uQ8pAUha#j?eoMP=VY*tsFBay7)$unlb!WftbTQ4) zIf1Eroqm)3*U8EMoNTcIx*tZZvmZLU#L(m9$O}zQDpD$4iRN?wnQ}*-k4R-uY(ukM za^l4vSri?NlM8NRC>lz?Si;|Uu7LcUP91&Xca-Q_B`mgsAs#fGhw3mSU8u|nbuBma z#ik$J0lkuQsKYkj3VN!dH5%cIO`yR>sq_)g-}FGg1NKO&OPH7$o}Q;j6_nkhdwVFC z^2b$R7ztpW6tp_D0}xg+h_&cBY*i5bz#r1=)i6{VpfuJu{9v8~8*hi8Q;s>MJ|G*Qh{v;#R4KA(Ac78R2Wfh7G4auu?zbSjt6_m{3_=CyK?h10BhCvQ zzQ>3-Q4lH^OWn_{GfzpQ-2B+X)SI{?^#uFZu zN_s6_@%nypVoQIEk!U&=9z`hhVcX#i#&}y!(y)iexDIDj;%VH9G$D7_Dd~hf<<&z_ z!jW`_6dok9VH#BCCx9cf?g*boRN%E^dL2Q7bWt&0Yf4TS%UQomFLNzZCe?1*-oWwf zW&kQ8^g7gK>I;oCO{AjwU{2bpt;{0_{m6)Pq#hQata&$+9tc7pdql_RbJ(f)*?y+z#kz zg|QE9TJ(Z9kg{#_Q>PGUA-~7W&3)t|P(iugXDa|@yW^gX;j!q%%B4G`*m4;bAVn*o zA;9BRxk$4z zvDAIOj2KiLIDv0v zI=NvJOb9x(&O`_~fmhTwiq6XHdELojj|5igy4qAl@ieg^U~Q8bO3&`n;IJO36%pn} z+~%6Rke^zU(iuWWAW+x#)hcCs0u4vvrgRj&>_AQqZ6POy~i=( zvU_Nr3+6UYuj1xM&W0ZqEDL%kTW3_>U(X31HZ2JxN2q{yDqkY|K<=b-9ZzaH!n~1P z+COpaHA(x-xv~#cdnlqonzBBCP5K&v@W{F7U_VLwUy3;$P#aUuf3xx57S5cSKeGQF z$|n{7L%aX0xJ7)(m2^2C5dDh50cU^fY)5jv0Of{T=lJ9oGyR^_>&#Z8sQq&5hb#DCFZIWxF58V7Jhk3WJB@S#QBe$ z7wNeDST+;!or}t_@K}b9lbQeI#Jr&}L~}-b7J7h3fAL)eT`dTsRJE#PDCyeem&#A) zHHYC*o-W@iS4(m&11EjqY9V&xz%_A$p9MjMWI-JcB&P_>8pYq?uqbJuW!$f~n$70) zs^xU2C4{2>nw`CYf&B60L{o}%8S0V~3@IBbY)*R2FxJ~|@UIv_em z;)ne<9=rga7>ZlIDI-w5(CP5P68Ls2ZnuGDu0(S^CB3MNsMV|f0?y^JcL&d`%ED(I z!rsCNk}xPlVr8BEnO>sE-~6p4YTSl)I- z#tf?;Nwo#Ej|hN9)dnjb$MsakWN%KcY5@HZ*!e4_qy_@J0vvJcdLMJVSF1*;g{nc@ z>6YM8PGdX@^pv9ic+%e#3oUU4sR&syaYFir(V)=8I3X}w ziBuM>%inGc*|s6`x5!K^bX2I0eKt3FQFiby7MvhMSya+|f2x|rN#iao+C<8xBx-ZmNSB583-^?IZi0AonwC)Fm0@k9} zj8c5LfGfqFSEXV{C%wk50(V%u=J(i^auKa*MQtG?SsTit=_c`IUA<&~Hr0BnUJep; zdZv!?iJx}!RyJme_aS5!XNbCa&iN|ZUATFL<4T)%H z($~%mcE&8OPjUsj#@5%KIPZx|UWBGZI>KG|H%t48sAt5~n;uo~G2-fRWIe;+wrt!Y zOf!$-h{||I;TI&K%i)4&$Ta z|Em-6?nDoQr>1)fkZDNEzo@{D%bt?R9FY&qMtC#gi5WSMK82s;`j;LP2i(S#^}o0@ zpSJ&=I(_8-eK?=Y`j0(gn#%p!j~#o{jxkU(dnn{VA@)CICm8&SPG!n$%x1G|)*b2H z%T^^IJ%L`o`@BzR?gkJ>y<-K5fG{%X%R0MEVsFr6or1?iw%D)&40ysG$X#n>bsU$j zUg51HwXo)o+Q}A;1$~?r!9(c1 zQ=-~&vt%`Gi+~Z~eUz%9uY1wmCc{jj3&h)~kv!m6hF{Xxa`za`b2FrU&8PrGhQ`Z) z3T+a6%kI+kx{M?W8%}*=?-}%R$nACE719G80tULrF*tW3rUZ%3ghAl~Q$|IG7!aiP z?`a%l)P#c^1%<_4hauHzV^jz^j<`SuEHn7RiV+eZ9wycHG>g^;%|-umKS}wY=QscU z+n93y>*Sd;^XdG5ODB)ce-GuO4GZ2 z4!{q3((S>#C(%bMI$ktk#ef>Gkf;~4upg-A-H)di(g?~G)agN$E`MqJC~FyEQ!yvH z8K!=8VSmzOm)oYQpDd}MV@bO49AkrzXzRjfIWZQha@9D}NQ5@iHKj~%=EKZ`i@dcu zlR%N3ofBhmw|e64%Ixubc#aKavym%z62+GnSjeb`pv=g!HRu`%#X6`}lojx?7 z8|dGyYLpdNk^t4c1$8?S|01D~0Y;%LDF|dS#B`iV9q&>>QvyXpRpO}_W-^u{Vw!xC zkFC->#q2PYLy(E%NM_BIGL|T307%uL7_U&pHafxIR_IPR!6~XjaWYPfqLsq86RT5W zz5L3(x$N}cMQLAsjBs{)h+}smPu}*vXpw8S)M6@WS`6?Gq z1}Ubx85u)-H^S?ov-GE$(0i%Q33{=@?{fjjpqw3m(zdrJgDL(o;|0 zy#Dl4w=zp6iD3`uZa-*d+DT(Hp)I-%@B|vu>mx6#vY183PkruMl;9I6Pe!zjBjCza zL1r4L#lPwznWc1O2LwkR`&c@tDgdbCi%jALf@8LTNfZ!Cxf|pqpWt%oEXsTB)Urq? zBsKd;;PU$T^d9?&04DY^Zeh=TMGQZPuG6!3Xs zm{irL3dU&)ktE1u5{2l7Q==E3_-BSuS}Sw7Vol7-mo@q1IeALK@tg5UI-6eN*cTzz zSwUD;pv-gKOzu65B|}%4P^9w;Rs+j{X6T|0Ggj?w5RW^(e({B?=nytj%=8r;+&>xd zfQ=>)MkY2j<@3|NRH_`NGf~iRu#;F;%|qw>DA7g~VU^TQY3ZdTw@S_w@y3ZWRg>Zw z{sJ8McYyxEvmF~p8@`ao;QN_1qymOU8mj!72(!!+!!w3{!B2tg6lLHSfXk&uSz%nAvUIYmg@_MV3Q`{a zC9ci1|>M%)={K@i2(2mE2mue3EG1JhB=`3Ah4C!hjT~I)U z)3{2R&r0|vrK}tCl30S$i-TeHi6z4g)BcT`Fqm;%h~r}DLXtX6#+)&~o4T|F&`^w$ zf62L7HD9(`lBjfnSh0?ukz%lH4_Ai{d66$S;X5Zzrm5nh39TSC0LdPr&J*$=a8>GM z(wi#d@}}1#*Onp?mH^|MDfxZ|DXCXeb9vi~7!TZIz{tiWTP@>l%EeBt@Ax$3;IOXe zqpdbNDIC*tT7YOGC?tO*_{^MB51Q$jOMy^gKl3tIF-Yoea!1tHD>dt0vhEDlUA%J# z-7@`8`Fo%L&a3-_Qhg;cr7rtvI^8JnV42oLwS*vNH)dv1S~4{w8jXffZ7C&H>)xrx zGk(RPY(N1|tGT9~BkI!T6;%9n8(o#58vbrD*R7Pd;ZwhMt={X+-JE;&+17B_3d6a- zpDWi?jT%<~4De(Y(`dv`ZaPEz?|l!RC4QA(ym79lGdMj-3Yif79(-*OQzaYt z4xMFU1j)uYa@+VUr4Gka2zuHrCLffm(@7LtmDBK);5gx`By#)7=WvBgYJF+ z5)43AS19Za#%0&HqOy4PRWW;ypiC_b&B1uBHzNO{KkmTD^G~bStH_S1ei)-sR3tG( z>imb!|FFd-`h^FawJTifS_c>ea;pE|{FzMthck;u=YNOsp*xtUE?ux9%eDAMfg%Gs zu)72b75w1n$t7h4bn)gVdHhm5Lv`1K?*^f>jpbSH_A7X$6c5?9y{=#ny_Nnu;i7(Qgn2H|3Q5U)_*@Z%=Le2K6C$j;mH5*P(FJ7Uk+>!1DYS&^2fy=mF|v- z1Kb8~&@J5_hw%IE*mvNM>j(I2Gt3wUjJ7D zCp^sM--G4fIa<~q^rv9`JJBJo|D~l&{Azhh67hN2X~Z&BKS5=YEs51)AbuWygm zZH`cS=<+|i{*UDU;e1l^-y{NB{Wl_ibnr`m9hCl~P5+<6Ctm*;M8D^BqczVx-~=%H z-~XRJbtL}}=cCs@Mt=|J24G*taO#bt?z%v-7#{5E?>lxB9;1It9jL~?^|zAk9J3v0 z@{Z&6j^RJ>{evE-zt)er{{2y84Z^kC2PymUGkN`=oQK7pS^p z@;4>70_C2!*Uz_yG(*T6K!k$wdLrnaH-GK2J`Jqe|0-dxeSGCM-(BqB~NF9H$YZCr>?-sTfBf1CSRgCRgmj{ z`t2v)edFgw1Az9(4qA8-9sceYuF!yYzw!Hr-~4n2e+FO2F#j!q|Ke)*Y`pqCGFr?9 zQ-o|C{tIzXo~OT-OBdlDXEc(n{r>mxt*ABG1#U@^5RxcRQP1I-r#w30IG~$mD25T# zzyTVddTk^M+Zph$u$_Z8SH&dox)x(jVICU@4Sy!Ok7U;f>s-b@+7 zx@@sUQO$rM#O#M(gmII*|NDPGdh6E{8{7TyzZAAa9a_t8Ebgq?-Vfe>@AZG4++N;v z`N6>QoL6YpTNE)b1okxog-Nm?vw+dwd!P9FqqqL`(KlbKiRYgENPfGI{^OI6e)m>R zA2DYo&?Eji7-HQ0=C60Z^PPg0BrTfF*;|;52)jpqL6p=Xrk4BPe{lb|@NZ2#c>N0x zUjNyH`+s=w`Y#^5{+XKi)9-)&-s^vyghVk75iZ=`HnJ%CBIi-))*pW5hY!E`b7=bh z+Yesk7)@+=_Zxpqw#tn2dH(WP?C%f%n#ZE(Zvl^@rdq;S zdf$3*|Fh7Y*Zu|mkAGnue)7R6NXU-zNF+c;uS=Q~vMEBx#JXZhc3hjM30iV$sCY>68q65J}eooRLiZJ=kP zzy_JqaXgChO5K)#bh1O#Dx59|zqw6o&g4n=AKd@UgZr=Z*rdP0>lzQ9dhsp&Lge)4 z(QkkG=-)qS^vCMKR;lAyZi~`k`T;V2qJwaZsT@PO6fh>EwM|kIL}s)u*>%UJNWTcq z#c+xY4hZ!*f)R35zcwFmc!_|~OnmeeXzjcF zt7`C%A3S*dHxFL_%7fQmhs9eH4?p>hN8kDc{JsD7?q|PDe;>Z_qj%r@(R*L{D)oN% zm!IDK@7M9`o4cR?GR(8?`-A)cvHOEhKm6w(KKjqECngtT*Mc0NG>k3MweTASx1wY} zsz6x7gq}S)K(hbxG63{MRLY)Jj&a|8?T5R+|35GVzx?#Wufp_qn_q$-@4o%*-QWGrK+c2V4;)|)=L4(bbOm3p0YomWJ0!rUfaQiY zo);t?ylhBx_NPC7NmO>f@$D)M)0ci7FPHh6Sg47`8Wx~efaCAp(Fnl)Y@C)7y`J_GTKgvu*o21k>ppey$MVi)&Wew*Iz@TfZw02iAQh!+ruw^0UrJu`7SP# zPt)_=pM948(lYr5l>6G3r6BkTN>W-tZ_$s3zxrqV@fBK4P~+jxzxU|pAOx{>`n>nu zf5Zac;J2Ut#H0Ja$KO97QSoDF>i3_gzxe1rGFE8qr=Qbb@BdDVlKY>-uSC+ndhpuU z;pH#hP(MJJ0I2_ZhyLoeAHMmy-CukG%lyZK*Zz_JBGiYU{T2Ov@Y)~fIVhL#&sTne zvgbZE@#xb(t%-L(@hN=rj}Kl$R`4bLgTxnfbsx+S6FpTZYchprQEETV*)mWLt>FI7mas(9PK^S+&@VTF!bLA7V%{z*8dkw zG!Dzx;Op+^e<+{Aco0|r(;vS^y@3Ai{@}~>_r0%uj(^kpKm71dzm@Ml{W+EjU#5BE zq0_@crRXW>3cLS^1Nz!$ct$?+RXHO-nEy;)-}~AZ*oWWz#Giiq3;FPE(n4aY(C@xVS_jmDG5^yaX)xgTZ;&W|#6Rx8 zhBT-s7H9%=Ncr+73U^SbC4xWU7526J@&{uFlw!0_FTO)0^xh}ldi1kjNxAeUjvHb1 zOCFwgNcZ|R&lmju?!WJT0qO87G(G=G5O&}AM@hw4{SUNA-=Q(5iJ%|v7>)0K62;a# zzmU2Z5A>t&e1G>-Z{(0*f%uk$I8O6vw2`0y2CCcr%uiXw01t(Nj_X*!tB?}QRW!SV z-F4r0#UQYTz;8oBkYqk_dCa!^;QkvxC?LhZTLl=~{eIt&US||aO6m!bSz1ZaoLygCKEL)bTc>3G$acG~Ly>C{o_y_aj)fshY8V1h?pY@K zH2&X_OcuFQ9?FwsHRW1EHXy(3*P_wT4LpbCqt_Pa0@ zp+Cl+@GMamX=of7)CbK$pk2y*ou0jk*@t<8AD=#01n0>`8* z_hD1@1Fbdl4##HQf|9gj;(2Osx>ACbNY|OJlU%{HRg^BZCi8}C{Un6V2_^?eJtf3M z>2xO#;qutP*dtZZu#`DA2+ zw?G2#{uadQqi=pTjaSBkB=J(aOu5Ly1b#6>F_JOPHF;2=)qP_Js&-&#-uW3(ZZI|( zJM9zS{n3|6IFn|$`>7uiwY~d=KaymB_uu{xP-40p1^Y$W8O@4gwhK$r;L9*;4?p#0 zHOY*jdmx{XLy-ZbM>*3&)(4#TBe3%rvXp+e#~umM$KlIrMyK%QjHJF%Ft-LVsl-7h zhLfcScQG;P3}7^NEy2PtDbpW)ouv8yl04>nnSM=_=i{_~zn5Oc)|x_v9~4RCN^eyY z3cFU|QBQ<__&F+|55M`d8f)sH$YRZ}Rx=&RR}5trvl3uM{Q(Zc&vB1}QsVV5l0EkiWE%qAx;w0i zI|I}_e@50X5GT9e_#>45?C&4F^#>X^+FHTi-Oqg{hq@W_?8s@I?uOLql1yvJ#|iN$ zDxw8VE48pH4}S>E<||TmRo?x?>#!@R3iA|2qLbDBQ~1B>x$ZXx_8Rk}P`)f9(G7H@lyF8=idX zzeMFvzx~7RPk)pkP~e~N4c21D;<`z3<+C_{P7-203B}TIo;XeRqrj$;hCM zVQ13HT4)bYDN-kL(%6Itw8#Qtv)#zIqhOo)eh=shvuD-BC2!z5;d+fvi!X5K9(S8< zVU#M3V+5c|&&Z11|N0WBEDyi@PrJYP%I+IqAqyF3$Qn%;CAntN#(p_=51LR`T%m5blNNFL@ zVVL8Xm^d*vt7>=E?y9|ac|WS@KHLbY^_IYltpUbQ&_RNhglIhwNJ5Vf4PR~ez=ULf zAuJ2*Pv>8_>-Sr^ckM@kJvMIUjMY+Q=3be(GIQn1mG6~oxKm1&SIlRXZnDZ>OaJ!9 z_jP3y`xm=TLu%`0=GrMYx4_D6H6uAIPRUEb0H48FpUoqmyt&6M)5!$qCtUEAeyyCo z^k$Qk^G1NWsWkx#C22;an<+xwjc)Cs9Da9s;hx?_GoOU1t?x6Ko3a;SCNu9mOC`Bd z$=9SVByvtmQ;kw&GWW0Ka}unQ*&=K$zmwpTOc!CN<$DS--7rsLax7*_A>HD_w=2{8 zDcwaBdVg+<<`{=eisJQ~EOi^9UqL%9?&R%o&31_n_UE5b|VoKgX z=)?5>_0{J~Ukv?%cu*gL{i^OKlXtsR`ZwG(re zYj51zxtB}nhp{@oR{nbSUsUG16A6d&ua6IW4>)!{E2&5~CvzKYXC0Mnn{B_{`O2@a z9&v3cuh|NBK3pE|7AzWdI$6wh;1S-q#t^Dpw_L^l9u72sQtoH~3jM0?K$H&*JX7p+ zNuEtHmaPmfT)U|cFC19dO8L}OLf_rtJefP{MbPSc=4UQvD$ctu@uQcRTSt~9!$GQcwU+w%s;#O9b2aBO>3md@_veYT^#Dz@E^n*u4Z7c9ROu*(_v1b#mt}JEU z9v3Tl6q76@;y#P9qhFCtvn_6K2q9$LasAA#U6+J`w_}deVo$$@!wKrG9CQ1nw|{f= znNOa1>(`eLY~Q|pu1OmmSx=))zGliJmUOW^6K+5+P?ElGvROY(()rZ-U7yGdb-v;b z2(9awW#X4J|2oInYmNujZ|^r?N^*AIV0MCCjvY=YoLk}==wKXv=sk&1I)J=lcc*N#*w$cb|G+qgC#1n)e#h#r}qygwQ#Id3;9Wg-1)tdvm8bbuQ}($V|^;8tmoXoJ=0_Ca9!dU_!dR| z^|har$?&6>%Vfw!mPco{c`(Q`~I)rIbQn0 zb~O66!ddZnG5@-?whP-GlXwo`WN`jM^ z5Cqc8N}yR8on{?>&sXXI@809QDn)F~ux>zo%;=C3+WGn3ax1h(D*b_^IJ% zf3v>R1#{f!`l7?RNT^512QupQoNj~_ac^Hb|M8g@i||E_a;P(PY>^MEIx7!VN6bH& z=KygR7hqp>1pk2}>IR7i*H7~_etmsyY66oL_wuL>Tv_l75j~e5j{5ag3ZH+c=l1Emgr0rNqY}l3rdoXQo@vDfsN*97wpyj)D-G|AgnujI_KcCf-whkotw8JY@NTkj@I^@lV|2yE-%l_&Hh7OEd94u zzFu;^^$&IKgXbH!4?c@N;OeuVTzy0PIY>@v?K__>26Zy+oXW30&RiBN8Ku!Y&d-!R z-EJLMsatVW8LrKK{F7_9&x5LKd-4Q-`@)fr4?RD9fFH@URwlSfuvKzC% zJUI(>xFp^nrXaM|4i@e4;;WyWIy^PGMb4!wvRfM(=aJehpNH{d^2f`{H{Yu;%{uFh zO-@JAuigFe3ztNkvF0%q-F?V4nzb@duqEMu)b3|168rS6UHi-7urycwUOQ4w;SJXq z%H5h00Rn3`&l(Dc94vc3H?PMD_tfR%Cl`K)>{=*wdJ9TEZWkB(7O4=TVBILhHC*7{-g*>Idp~9I^5R32CT!<0ecyqKYJHW}we#8S ztw)}E2$TBTKe~E*p9~jX`|Ym7GDlIiN5veTpZ)m4+qaLsFwL(uyB+iWNgD0B)?;Df zcinP6SA$3WSf(YDlrCMQkZ=PLheu}rr{DPv76~?7*9mrdg;TC_3i%?$C&w|GlNNsa ztj+;m(o?Jjy5F35^|$LsFo64~1Jd@jZ?5IGLyG9)j2;oe(4#~ZuHLMbbK~%rBk;WH z;oltiX)V8b>u89K|9R!Pa`TeUPv@Z0IcVh>oO&)V5_?JYoP;h5dWkzf7v4Q>hkr6a z`}Nf$x1V|8_es{ji}>qPceet_{fxq#39?0oC%)*obg(!w1D<2GJ(O+^>gWYoHIz8D`;2tVsM{}iR6uGf*bPH}7k zF>_eADA{vfzl^@%h;+kmyj65TlfB_$r88gO=Kjq?rZ}om4m9b6uxj>Kv96FLrIKKW z$_DkDX`DuH6z4iiUp#I80$U;Gh4Za^UGfw!A8kwkXJ`_zrp;G}2X1V>kBzP2Qvoy* zEA;|<9C@+Mndju6nFn23eV*rSxo~-aec!>!*S-m0!}Vu6h(DlMWX9$8i`7|dLYZwJ z?|G?7=42&kN5k4e;1dK2QGc`kFSnn2+mu4O6}lbyQ9TDHE8_{p2@^LC_!U+355Icx z@ULF{?tl5;ZteX3ul9ZaFaMiMr?M#LlEdK(t2cUWGQlu^Yv-;a+HX#t{$%Y^CECb~ z{iw@JuVT9+B2d?ad&(tl`G@WQ^U8N`?OZEx-G1(P9al2q*|bL``rXTZR|ZJSeLwXG z&PjClCnqj{@`J0Dc#+IG{;?g~&cI72$k7G z_S+W@SBpQ45^oBUx&QB1JAd%2oj#Yj!pt_^X883xPTmoEceTlux7|f9^=-_vWDeH~ub@qiig-L+ zrKcivl%NB+Y0HE<+alp4v_o$7TE2yf}V6fUba)e1(@auT(FvPj0JC+?v*QgKfR_oia}Q z?Mvq?`Hw9(+E8C7fBNwYr$0HkzwGZuU=I~TF%W8U#8)!>@sCe_^3rj)w1K}C-XFoE z6aLWqUrJX=RsRPE2mfe4PvyV=>38b?x$pi58v1{}{J@v*=>OP?zq0m^WoeTgcjmN> zYw;aC(b#&zj-!?Q;CI(g(%5fj2!jnMJ+=AOC%)Di`W+ANBA9K|g3(XY(L)Ohfu|?< zvd|B`?VbL@l49MS0PBKCpT!02%{{ffp9Vuj-Z4xfkyHhS<>lq=koT%*XnPd*7F<%v zLObc+ou`ZV68+(!XG7K0@y$*e;rX$9ali4Nd;a&0X_PRnV8>T$5nVlW^V4ixzF4@pq3an_dDRt{pRMbn}^^>OAPg+ zL%`xPH%{H$Yi_(IA2(isu`d4^3YLNW3cL@(ID{}X4w{>Lfaw4&@uKyLTF2FI&&}P; zk%ptSTdiHRZd_9DOA`Oa8Aep=HGvDReZaJjpPHdpa>w!9K`-awz>;r8uuc>=ckxRs zejU)S1NoOrV9$+{T0%GuspCuzIWvJAa>1P!JdW$vas9faU$B(cxf9{{Y9aP&5%y{U z4&8W5!Rina?E$%H?UAYhiDB*0N~X0R^xuyv-H%E~Xa-WBBPIKe3l)tqHZoEZ~mOzJYoN_Fd*Vg}l;|)UgDAEleUB}mH ztxI7p0ji~F_lQG0UKg~7gz3I$`TFnuZ(9G~?rmxRfB%Dx_dlfnzyD7EzZHM~!TSIA z&&dDx--dDd{cEt^0qE@e7ihpotPc+8_eC1-zvC9Mqq)-lWQ4rKVuJPl8=fnwolEHIoU6<60sE0n-`N7@~cANLl8^wPf1(zh5 zv-2?CG$DC>TkqO9r;) z1dhwj(gbqnHRsd>)JYN-L@5a3924k;iSy#bdC6H5$U9n%mmRafne&-*OrTOCmQCy{ z2q4D$Z@vE}sus?xu;2}9O4-O!_;h)^lIKyKZz&4N!UxZ(gGjXgt^lbZB!;V6S67u{ zx$}}**I8xc<^1zP9t0mCzBC2`&{VD>*{iJBYjhy>s~Y{H`d!Rvbv36Q+2bl1{ThQh z=OuNrmaj>>J)@26nj@`50(+iQ;=p;0GU2NFtkFP5kZJw6N-m@KLBOsncU%YPI{jQj zE`4Yo0eDlbt1iHVo3AtVcXIfCi2~?^b_Ly>V*-0y9sEATyr4xhlR{6ydWHsS&`@v` z%?5J9kmZpR`o6O%bo5d>Wm`RYO`9ZJmzuq>=k@p&bg>ehP1?jjN0=BJVk=YK4EWTgWEX zAx08@gYm&$gA(qg%(*}=k+Ay>YnQdUOY^ed)dKke1xGQS`(JmMIc@y+xjz2(pMLlH z&ja^2J6llYi!$wiLsr{)5i9V^`C-6%yY&L<-d3hy`&$-9$dXFRMV=J17S%RK!=+z z(>zTRSW?2%*i%!&25tPho9F57W`K<(kc>2kLucim@S{WRBz2Z`wwJ?cOR{arz3JGl zrIB6o9ZPOi3v17--~PM1B@gA3f{GUVHO|>09|9$}f@M*q1L){s;2QOy6&req?;( z3!@CxOw5us!X*vkZ5WmEPNH|2!Lb1h+#^6ZK8x8^JmfnvA4+MyQ{W7vm?4E2i+%x*0{C77PnR0z}|8vC;%V<7niY z?|^LIA=ShTX{0T&JVO-VUohEsGKBR*8kVM)&`L})BUJ<=G>JH59ySE;KrMdUt z{pCGh`r3oMS%WPV;Wue&StoT$+_CZg7p+JAUh6^R;;yge+Rt~ip2P$34@X0Hc8O=& zo{&B$^jm+UnZ2tu`$!U4f9MPP7GHA~WOr2q;Y7u^yhU_{9k2CQsv$-5mUzJJK{u&I zqKP1UvTr*BAwsCg9**KsmQasLSD&^>d|u4?@|XV~o~6pO)G0FhkRTuUBd_b*d8c8k zJ&byKyT}MuTz$WJKpe|`ztcCrIPuHprpq%boB!K%c(1kjT%kB;&2PFYX*5 zDJVEgRGAJ!L<^|xg|>uS7c@7o{qnm=Q(#e+5+=Xzl4KE7bs(^idnnbw(+nD9gC*If zuM&7I>83*-ZCIo?b}3jXw$tHR+@7SXK9U@LbeB<)odxwL$htD9QYLrkZk%O3KchjU z(x3x)aUqSCZQLz~c)mcq;BYNMfm4B|$abl?D602V#~V=(6d^ZW|HTGzIlw+;FBw?? z0cs;BneqsJ7f@PU+9S`o;!p4{Se^m}!lnmPpdsc{;hwl4m;d@FcKHJDXZErG58VnV%m`F%J}v zfy~Mza0F*peyR7~4>nJmK&IZCN8!aE@C2KuQ<;)?fFotdSOx@=4@(3Je(#!Rq_4q> zLulVSDp>5ue-EjNTD`qOS~*KhKCf z8O3%i^VTKc?wZhB!W{SAXMLHqcLnN+76As+1r?o_AAEjm$>td*W$&|t3VcM17 z2%!QT!35@apY;OC$&w@#h4SCZFOnbDXjV+HVx){<0;$zNNE(Eae=o?$dq#*H(8x?U zF@a8~MXaa!A>9o>QD$Tj<+qZu*k5$h{=NRD$^Y)wuK$1OOAplN|6ls@o%i3i=CAd1 z>rpKCC*yFt5JLWE3C~z0VYJ+~!{LI=*2BTVve%XwmA7DrxOkBE1DP?3Y)ks&8}N$} zRFktLpLtZ|8~ITYiBdW%k|$ZsNPfO!)E^=IA9XxL;iN-ha)bsW?8$R@kJ?TeL9-vv zhYG8yHt6H6~bkJ!p=A)Vvd_hNfU zYSPc&-~%E-YU7@#8W0m6X_XXA)GJ-sdzy2_i|}W^4<3C zGKsX-Qn=;5Ai##h=J85=nUZBAPT^&0hAbc>m^vX@PDdqA^Ab#oStFh&y`$7`IT2ky z5oGhaNP@kea)7>!pBAg>FCqe$o1#U|Cy^B*iUfh*z$VTH;Sr?2a1j4P}&}+@A0^GTIF2)ID0d_m; zt{{w5LbVjrSOyEXcbPKJNXQr$WOR)ruNgbv(r>Gt-Dp{=$zL>MzY=xX6S`DNAtNbC zWWq($$f>#L+Y0Lny-Yu=;7YI+msJuJ0coHxwM=mNT;NU41>1?EBmuLuy_HDvjkL+} zD9pSD1xyB(6|_<-Qa+sMU$DtS;)`f7i?J;SDVUeO>zAm9`eB^5lGgw0~dKhh~w{6;3IwnNE?xQn{GH zet0|qMzI95-AXVk_L?lTs;p`62e6q z*e^|=mGPAf8waO?l^uRSXR0s!7v$i`HiL$~22a>NzP~ks6UZ9y6 zkI7G}fqjRrZB~}}C_tR3pKsxfw^*}|rD~acR(leN72&6Bl5aG6=3BbkGQGKf;8n>D z)#4Z;r1fxtUl}$8D+?l|JQ;%|rEc+Q-4oHVXaVD=6fE>CIyu~@b?g4~db@UkA?R(m z4OXfy`83^XZva_f!_wH{X?L@;4?Q`hxB@~ZE7``0mNGK(yViB!RhS^iI{gLs&bMU1 z6{dItL4+SMLTQybNj1%>VaC;-S(>g1qDoD;VT=?$Nh*~gd@eG?FH0Zk zM7n-mOvT{G7>g6VG7EFlsb7|X(oL?&_(dADKQ0AqbC&?2MFjRr9`Y$-7~)T=;xS!z{}I)>~49)#b7Z8Z%E@AYGYeH6b28AaP!voetl70CF2U=O z^Qy%UJiXvtQuIIJ{BP>~-`mRh|GoEo`Of_R3;X*c=KnoUrm*3i`TyrS|Nkozb!+DT zo_k+|7uR|5lv~K|QY+%);%Y}oBNLvG>QbOR7yE=GXc`a-`mA;*TbWi-08erpV z32ReF*KHH-IV*5>=pIhdNMbt46s{z zQYaChWiKhuMOvfnqwQSK6?({grd=;4rZiA!^C{qP8aQnr!Kv`lG|fS~3Jn`jzfKGC zPrtz;X%0^-3qtvs8&hpK@OexoS#?gvq+wcH3c#{{zwRUTGS7;ZdJtcaMnE&9sbHC{ zHpINd!cgD%jo!%5dn3Qm8%e$3N^E6msKoqI@3T>0~W+?&YaDJj+ubWh% zNexQL6gDJ(B7=t^R*WQCRwo}SI?U>A29Il)s3KgHi+KXhMBRFW7bzC?>r9s)T1>ot zEjZcNBn_&gdrL_6M9H2g*%Kvu;>eD{K⁣jJmL2FS=X3lo)X)ujk%>@t<{YCdAcm5MqKia>GTz}ca*V`nFfH>_d9;w<4+ZgDGZNyJfV$pa&D zT;Ztli8qvC!seC6_#J(`$(jRfU2@kA1T3@F{UM>Vh6KxaZNsAx&5Ie=Xt$bOt|%HV;nzqN3QZc_^|A+Gt!=pk z8`Kss=-p^_x(Tw3qx;p2GtEZx0odybQ(S2ffbB{>!luV+b9^2Nu+FCvOxbj`Ay1uG zY*wqB#}Po+lU%JX`$?(4BWv&wt@*6=!)fb(-f(Nre?IWQz0LK%FWp)H+ls$!t#4!< z4ECS~cEF`8J>`KVAhWIYIA82(uL$og+H9DX*1GanjCG%i@xKv?5Wo{dy8JcITO?D} zrV#_y&SrkTd!}@pUcT36TIOfh&ClL8Ki>oU`p+)Gb(Wt$-wW&QpYImy=Ldgwl|Z%L z7VBr1e|Gj~ms+qdiD7qd6OYchy&S5ej`ipo?^WqukAU2ciwx+bOW>}>_7=B!fc^1r zKKan7BzmZcfRsGNMSK8^a%x!g- z>l;GQ$DerQZsu5`{9QQo671c4C-Y-f#IASc+^w0vryZ4Hy3M1P|Awxz$w_t zxmUCgo{R0fZ8Zg>jl>=w8gF}8KVfTF^m|$C4#`fKYSgHYq`>7(D1 z4M0iP4!lqi=~!(h;W%vvZX>T^3(8pTI2qI&_QO)s#)XU&*DtU<>@OOwDaxe7PmG_c zii^}li@X^T8?G~Og%2AxJOE_4rK9Vuda8p5L%Dw-csSeD*_Lql7cIr^{QaSSQ~Up9 zOV5AYfA75yH2VJs@0|bGlE2m;e*PmF-MIkr`5ypzVzf0kK=LCXlgE4hfV&_-!s{T^ zU9J!A>SYkU2co^`Q>mUfdE}`ywysl~=o2AT^L%=Ex1o9?p;)EG3aA-QJFLJ1j8KZy zSl)}~b>phCP+Xi$@TP6Ot+eVucC8Jlbb`aEc_zi1*OmWnHA!qfd9A-}c|(&lO6M*P z%sb6%en3qj!^ZOP1pBD5V9nbc?G;rrk~Iou&B(^K5d~_>>O@0_9yXRrLmZs7HK2@Q z8Y`Rmfl^}|G`C6sxJ&!xEc6qPd`rkVg)mU2Ry*B;_2XdkXq`HoipZF+78(%AW<9iI zd^F5rJ2b;aedwmXmSUyBaCQiFF)OB;TepV=dvU^uMcKUazMZQ~8A-v_pQOOxU*GXn ziI8lbo>3jR0tK`;?TDNo7wm2JLCBDk5Dr)@n*Ok4_>y^2C!nzGXU@ zw1}u2h1&u_R%trIrCM!n)_v8|Bj>HKI^-_|qFp|1$V1*=N<>MQ;n8EgGjsjBrSldt+#P#-dk;;0~P zSc<2_bzasHxa8CIl3E_Pca=un8prFEfhpT;sy?uER@yz+Q%W?cB?|0G1AA7L50nH$ zuOY77CTLhWx2D1*b_xPbA;wqnP{rMA`FnuW|y>X|HP-?#0})3!u= zt+O(5TIFp(85-7d#K};V!CY6-njPENw|ehzWe)AJRzG@Uq1nCzk2$C&ppO(Uowq!If{bpus_3LoL7gF$W^69DpDi5pMMjNI|1g zslZgQ-YDwS$hYV%gI#Kg;*;jB&s* zZQxh%lyi?O0&Pg5qO(WUOliqlR9h|TxKVzbRX%J>=3DLpSW-uu)X^q&v?287P6P_11Mm0{ zY#ZT{8el?HGj3qg>q6r?s&O6FxQeJ9zo*^dcoFAp!t>g0^))Gd zFI2ZRz4DFnhbYBXs8si8qLy(@Q@?y?tK!`gY7*wgJxq-EgwpB=!zV`MNuz5cccFb*kFz&DTQ#?-akW|gZ=E5{W(WNlVA?b9~5liX1R zW>q^EgS*gq;7QmbsD{j>qY{IaEOx{X234T1E>^BOY;LPhUabyTgtsny;^lT8UMtf9 z{ldj;OII&d2uE&N_m#NM z`GOxR4(8EBEtsAL(@G;$L!P$IN}QdCV zZxydr;7N7U%jAFhlrQG0WVA0CP;)>t<(SA1HN8Gk(_vcJ^$`NSPap4Wh=F)9fU(BP z@FTX2*tEbb51A9IhjRfjeikYgS8+vb)#FbpJXIT3j90YbG%hD(D`tr?v`qc6|Jx|^^3m-h|uor62 z&r?hKjW_uU^e;B>3iKg7Cr7WPU?m6~Dox_uY6yVxQ#e&V0D~5JE~p#bP+| zecQmb`-aQO8uanw;p;3(kU3fxze{SuSc>DCRXkI2&4rM$@BUa|IorhI-w3bn@a?arU~ z-YCMu`MS^)O6w6AA>LGLoe!gn;|+b78VQn=c*y!J7yz_emv|e1oY(YFvezXh>h+L* zp1!#T+MRXP0N%K92_AS4`z+Bo@BP4dkuPuqbxt6rp;1|icEvVq{r)sLE37r zHXN2cE=K<9I+9MRwpk$69hQOKr0&)~!g6o=D$`3NTl;tGT0eV-Yi3mEW zPsH!jSMFa2g((Yiq8?H~vY`!}Oqx6PI-FYFjzM>`ZSMus?$yZWfaomCCJpTZLhlmC z+sbQuSl+y1a}HDKpfp4CJL$xX)FXr>L+o{JJ(q_{Jj$wFIXAzlPsZ;iZ{%#FaZxdE zXmvTU$EJ_(T)O14Ppc0OEsn~yw^1M#SGj~z!qM?0>xG=>gb?``-)}PmYlg2|{9>O& z%!00yYOVnaZNU{<6C?-&pJS`iw=$e`)K2C#($f?aglEB~q^OE3M`@rr%PtBzRnF7q{$M#US&*`%$$MOj4L(SH^xkvB;crIJ?hZpRywKEiP__+d}cp%_+p(c3XvA@*+;HLsFWg{ZRXhWegk zzYoEq(rtsi1u^FwpgeF%(pz_ZmP2-P(tuTB>~(_#Aq46AS}r71#NIdsiSnj$@>yku z*CyX+Be;+ygBW|XBRW%z2@nYteE{9rKF9Lx1#=0%PN`4i2l90H zt4yG%&4&*QToA|0=wR=^IZ3<{h}ZU6{wV(ZH}azY(9I?#gbb5G*9 zQN$lM{+~Mk^S5^X_uzwHZodC=&z^PM#`%?Lul3GXDZg%rf^R-)k!XQpa}YAGUsQ|C~08jOKl5Enqb zhZ#*zGGr>M4m54-?We}`4KvDYdj5Fxn1p`%aVqBcD~+|I(}DH3mKww!3q2~ld1R=% zq#hg6v7@Wt9c_j0P;l!J)sFLIjHjjpKioXl;>jAEdxn*&Wz|X&t9Gikgo1@bTC^Q_ zSUU)eLOq7#tHhot_C&EKial}I6Nf!f?1{skIPA%%V8;=m{^l{#12!l_J5@VH$^;~d zIMtQrE(uM0ILsl#!f#q?xCVeHmenWl{4SDKJB7{U#Aaf2JmxwMAAHwR1-<_MAAHw^ivWc?G)a3sq|eceV0laZt{AvxnA1%hen~M3J{cPhr5jxZ43z|16Qir}V{&kWIV3L?cD6&MTNqW+i+s>S zERqej`({FsPqM*wU`-?PL;cJX!09k|06p|82{x+t0wYAE;_`-&&g4(Qr;A^dOhea5xL!sk2?<30ykjpzgmQXSX0{ zx4^O6MCdzqqe>%Hpd@G&|L6Ya%43!y*3MEC4kkw=m!edGWHQ+98*Ni8Jrum8ZIj=g z;?U2c9FbGcB=~@Rslv)j%F0WQm6seVFDWZ8IaXeBti0q{c}ZD$DJs{B!J7u*QWkdf zrCjvZB%6~EOV*Vc_n(&Z3?-Gh526Gad%C!CGRSzx!|CS_vNToi3~J__R}zWH894mF zn2Qn)dQ574#V_u$wHgNq#uX2LASpwSKMo5+i>P_J`rI#c4w5oY=Zf?O#P)RcVP3Rt zS2#WtI}*wad<}*NMa;_3ccsU5^7$NWa%KK_9YXzi_oZCSa3xhAXvV`EFzP`qa$odt zzwtM9{ugiU`)@McYtH}f=>OP~zdvUFhZoiFO#eRL>%WhZsDJX?zqWC40(Ucqo_IVp z)gv)>>~*R>6tJBs7dB-4+G*Yfy(vOxbmA^#%mCR_u2euSDls`C3tN5W#wu2O$p872GozuFso~Q$EDby zfjL-d%`SR@47RLaqcFPBsh1&x&67c$ST^v!(z1LCAc*|CHOQ>K=`=@L1&wM!2#)ij zdR~!8tg#pZW8i;X>PH*qE#?i7joN_^(ZD z9XgXVDhTq4^h+9*F~O=;l1x$MYtkut(+iKT zO}Xfvg>^DpT-vI^RtlaPH+YJQ*vAc~q9*TF_3vrUeDQ=4*W`)|ah*o6&W!0cfZZ9h z)BrBcm|+7roH3g(H=uYu5;LBLM=)c;1~8m4NduV7n6v>*XQt>ua7z7Kb&q1va`Pl8 z`MXZ>Z=S$yCz_tK618bT^=gvw>JBdB;L=5a04G!4z<@7Kj?(1a2;QB**dG@xR`tUL zQh%Rcz6;`O80$-a%Jh6q*5?;P!In^jBGh7rTMuGyzJsiYmGWjp3{Q6*1c^i|Oe0!B z5>XzNcPWy@MWmal&>evhIB)|$xD$f;7Vhh!0X!F9hUl22n73`M%Ru8=1+O)##@-`_m=&-HKG{J*!g z=YQ|L=fS4_=lk!wGymU;KPV5BMr?cXADu;LEZ(4s<$s8)9;Q8G+PJLY$Ej)eH!sJg zW22rGnPx@g$pnRtSYmYgQ6Tfde!6*H%*^k>3{409V`uY(?TUFBP?(-Xkik#aiU{$< ztBY?wv()LU8Tv?!k4N=4kD6`-B`l_!Zk{$>d~Y5VUrB1wMm~*DO{*5X7jai(5h<7+ zN{Ksvy~y-rbk|2Q`;p|<_{NtE_+2RrwIo`+vSJj2WPOOa8SM~CP6(FKRbcTZrc9wu z7=h#c4KXAqVuZ-Jgp=QC{BWZ}GAcjmZ4A?dAqb+x#E~CBh~nBPeAKeBb4WZ~G3~(L zPe8Q)990%m~$i~wpt zmA`{B42Dh{Np?TtfVWHX+CqDuE*O zW0HUN8VMB*QV*XQMMB{b`u`E`8p5D6q5&thHcHnf|3maR3EybS@WW*NDXaPgs3}gm zxXYGC0-bMAijwkbJ?@{&Z}Y6Pa8F&jI1k!{GN=TQ|G2zPA}GOAph}4 zxQ&QyL8#at4P|!VAtZ@WDh|qrjhto4`}UUk=-A$mj;(!k?A4EsozahDYMuP(*!oAu zu9ZHH?<{}p*N@W*-bW1A)pb&={etMDW0-@Ih_ece`3Hj*AN$K6hx3nWDGoMEaj;p6 zgIbD%<-8s&@^-Mu+jHWp)&-6DoJRboBE&yy9ZJ3rsO7%Spe|UJ{DZ;uW4-LNUh>Ja z{5&#SigT%mkXs)e|EXs7d97twOmc$zdXp42=;1PSqa5)};kr0+O%g1M|9lQRzU!l7 zKPp`3OhHyxRnIdurP1+cw91`}m4KvQEHd#gnu8yIbnJDtE|H^m>Blv-D&^Jh^@*!i z@*htv`Hzbt{mh1CXR>;MY=kYc7?IIKLtIWoQG8*K3z1+4O zsn>~KYh*)Z*E+-eP%%1&KB?q`)oQ6j;+)Gpkqej5Nrjy%IPdjB^u4a>7p`5Jo)-7j z!gWp&y-p10%3SDV>RN?SGXLibHwv}!BQ6trprjZ zUd<*um=FnPy(U1h_r zf(WN`p?}5{P3ZL^vjxkq6{+kmH`=utEh+-HQmnj-%jrEqbG=kmIZ+g+>n--zQ0*;` z!;aO4X3EC~BL&+!K6*K?}Y&H%fM4%WTs zw<8R#q#bvyZ?ItBk9sRGhsF+k{03qSBD}(4)6{Gp9j12ZEU0r1jSalvikjXax3OUF zoL=f&&JG#M#}ANbxI!eGr+WY)sm-I}(I)PGKUy_b@+fhjqE3v>^O83Ku0{hG5@=O| zudYJB;Ogdy7$008x2u`6qY%j2*nY%=cHVIF$`E@Bp=Ub&U_ismEy-smk@UJAR_tXU z)iYji^F*>L)(U=DZx=Jgg<5fJo@m1oLWv25fg~4~`ZrJXc#c@Y4d447jbwH6t(dM9 zuL&gr#sc)_iO~qb+8~_Q@8eKX;0w{@D+I;77^np*h4oeefIdBMbrlI|v2pHgQ9c)u zFtiMMfe~&(IMyl*A%ou&fKYqI;7(6E#zCRsb{Iwzq=_>4P)_V8!RCq7_>$eF&GYyT z%~HhL8A#b^c;Y#La$_OWZ(~wmirwR*# z1Ic)SPYODUD;EY>Vho*?I(y*L;UkIy(>^vt#zOZXlGYVkAuJ3bk=mh=QiPi)u-PHp z6~OcjDhEJe&=oj_1CS*2!%kwfNknLFZzWQHMwsNi?+x%1GL1YWKk{PuP#?5O>=MY4 z2u}G)!4hd3^27DaXfTkLA#8UPG_vBt>S_o(MiG)#G4aC2P<0abfhqNdOVH{Yjafg= zhC<`bx8!^CvJ^4{H({Iq@)CZQ@Fht>TOCb&M8ib*W(>N(kQif;B|-vNL2iY(p*3^? zCHG^Yz*rmpI2xujY@n8cq&G2RU+80vP~U@l6{iiwPtyIO`@=uCzp3NDl`S3r-SgnR z&G(T{Ryb`|#qwt~u*p_m~fl zfA}Vhw`eFpLLGb=&Hy@rb2+z=`1hQc?$fe zysYJ5S;au|mnBcvf%h5_3Cb_JHvjE^)7rn^-CF%W_fI+hd1wE3YyP&mXFD;B?fOr( zz9ur@Av{BxW?jBX{zQtAiOiH9SzPowX@a-DADcYJZnm|)2;gc|hym|lYnKgN_aY4C$5ltPCy z#A%zZPg@hC%S-^dr?Dgca8n)6K^ZAN3@K9Ku19;;Jxz~?>` z;B2HvM_|K}3lUw2ss}K)k!0KU2h@|^U$$x{%sgTZ{ej{Yb3h0kZ4bKBM+~D5-Vybk z1#EOM4Z1)u1TI3QnX~dRDaoxam+3s%FbmYou>jy~ms2mathpjPu_LUyhJ}lS^dzx? z!zE5e^rhHp>gP}m;_&H}SQp24VIrA^sL4=pFrf@8>N65GbF4+jFn1t!CkuFFiFVia zvtfoqWHN9S&Xu1q0!}FVG)7?Qu7^>2S0;Nj2B359P|B3Rd~BpElXo$FFd}{k)kO_- z{a6j;B=utbj>4YlA|DbPEk!K^ky(vIr3oAoqmL$4I6^)ugeNV7k&lzk3J?>)`&d;` zv-s3{E1Z211$N*p2BM2zKC*$p>hSR&LHxEfEtzhHJ)WT!6O?uiKz!qP&@mvm$#I-x zw9)KnTM~#6W zyLO(t27amry=7)akpzR{#(nkWCj^IqNHRsXN^pb_!8x?UjL>1`gF*N$d~IoHiu|lt zfDffm)W5RRpyu`M657jrsja)&>EF^Lv^qqfld6r zn%b-<0KC*_fx!tPacD^;GFAy<4>_R4biD*~eV8tMhJ>=P$GoYHG(!FY9B7n&!B-QQ zq)H3ODkrhb3(yIiN|H z7vqNLOyOh}Ygnr}cZ*nsHA3Hox=GOH zQfFy&;I*1t9@K2xwwg}dXDWo?N(+aRfl4%3%9PTocpH)N%m5(pfl`*xN0k zEuwu$ahyeraA-|e{CYe;I` zMpUB}WL8ZL7gBsX+wqPPV+4H-x$SCD*#(vZq&V@)-rRScCLJn~674RMybs4`@!=)X z)n&O&bOoU60*I|11i&2R4&o4oLLX$Mmx93#NvNKRNJQ>ZPdgkng$|N?*qNF+ICCAD zdLf$YSW-KJ6rv?yADtEqxLpTBhnmP59mE^;&9d!gF!|$PYuOGYg=NbBdE9Zar-uu9pA84-s+5;tLiMV4P7_T2js(JSbugN3V0%88&5SehD`B?eiJT0pqdh6 zID;rtJbLhHys*tExUy7N|Kk)JbsE}5RDDrYPXYm1!cOD*y7Owy>WM6gJB;SVLdm?e z(~|iCl)j-_R$8%q&6#dPa|+g5FuAOOyN<5iDq(XUA#B&y^P_R_99o&Qxd%wwtUxb*`mU5-qm;gu(r@US!QH7wDShyXw4Sh0O8Q7C!$v9TgAK-dDd~Yy zhK*7xwi!m6;?tv7y_6csny^ty^^q}tL)i{qyUpsQlwhn&@u`)PK2pl0q1s5}h)2DY z^gtCvlRN{wXc<4y7LFvY56F73zADmf3`Po+o3ov#fru*Ch5$-Cr) zW5F*;jbC}{y+sXRpQ5&Cic&A$GOrU$pkYG_@n!lt5W0zmQQUYR-diz&-*|%_!1@F9 zekFMVsv(?8;xfQCLNt`92qkN3ucS(%I>0tU)DY!rs>G{?EsT;{g{Vrf@-y*yFux8c z={dm_zZxQ^2dai?T*ox7V+tCwFz{q5QwLJ(Ri^>Yq@=29Y25IW9Oa(F2D|nBU|w~} zHFbyanPqrQ%SA9r}LU>a`m`WlJ9?d&VLj7q<;X2b)#Ra&zTLV*1oxgdh1`cFkXTFo!nnau=D}G^G zX#-M38Mspa4_3$~UJ9^vfL8%j`oE_Og?G44R}W|FfEuPGtzq&L1^e}Iwhky`N}6qo z?_j5CwF{Gh4xxSn`unMXdq_sujc};gCQwF_GrVUg^9-22@tT2zm;DBmEqWS4=@O#` zJc>VC$C&Ws@BbFN=|{Ye-nTgO=S$}Z?P7d3Hw+_%sVOkpfR5wMb15ex`~%B2Y57e>ahnD1_Q<-)yd99Z<56_@EOuRufV-Azc#- zx{AqVT+mfa&=nR!S*0sJ8G_}94H7V{3!G?ZM+g1+xv~RNlr~5eBjv>mdJ2GTF_Zs5 zgHNcui;;QxNEiZI@FFE6zknIq+k}jtL9RvXh}Dfgn^^M_6uGMMuF!N5Mr$!Nr1t(B?39mamp| zR^Y%cAIhJLUPprwz1LB%z=b7l0XoDaEp0FV&I2ZSnBPHQtPA}9>?qtW5quc(Q-(~H zvr=C{;Ga~PGF7fjl`T`{%hWMu>NqpaSu<7MOmpT;bM8!Y_DpmBObhagbF3y~jIEj) zdaRkTW6g~SX9RNC`7}+EI?N6)<+pw(8aDCVmkXA-R6*7+dhPD>_?x!=yR^0X-|m0l zzB}(fe^GziDq0x2p0su^Y1!iRACCoMZ1UIG826}SA&&wtu>v7oD;q(YNZ;SRd*pWp zxV0F2GWZJd=nrHKX9bDZ!y2ae=IC1A_6I(WMq4Ov_**W8`mupDK>uH-6X9{aRy?wF9?y?US!-%--6X`mG}ugiD?dskh{M?Vx7%q^5NdS(D$(OoBeA zi0~E78b28Q5Uu=6;fVP|MRv%cR^TawNBY2VMoV$HD9>|-ML$f^A?&dt?2nKa4Tv({ zzD8o-+V!mB{fTA~rFugvLC_u2uj?+P(ciHm8{gBohgh!jrl8C7$T4g8HC7cX=p`*5 z694r(F964HU-%zIExvSX*HItsw2*=T|ZS4U1Jy|a7eMA zaIE2Yn)!95dWV>gDBG>y-g{QlP!4)Unf^5vnK@7|DbKUYmq*Mt{IwpDriIytH2nV% zqq^V!Z`$~8INs9n-+lK#*u4LH=l!3p`GW#4?hAjzrsK-B4;``Xm>dA#k#GHTgyh1{ zxBkY)GN5Yxjm*u4P@KDseX4})`Oss5!4~jiSk(H@LK&TUVn03RXtVnebYityBdix> zp$yDySHiZ%fg5h|k}BDPA}blOVDdQTC<)51$}fLef7RF#RTq!!;Ju^f-CgkrDvh(= zdq?4Dd#k2nv)FXsJ@W1qgA?bzhkz1s5RJq!v~AlpLvIPehwq;1u0k(jloHPf=k#JT z60~9*>6nr4$q%nRNIp_A6dU+yWZpY!eZrMY)*dxY2=qjm5Qmatle)O#w`q-teKilw~aO3Qny@3;N5)sH0Em7vub+NAF#+a-TkHNzSe z)HZaW7Z$i=oFc=`71g*Z=$r2brc+=0!}jUe)_2LH#d$4>(@PvOjP9pq)n5v$!9WYH zLE-oWgMt=3t|Qr)!6-gWj9-0s4CP47a^rbDAQR|(3wL3Jg{0+@afibe6lY)-kZ}1= zfHTO;434Zy!gEY@**@i}pwBj|S)YAit`+-=3A`H{;lx_Pkx(rg!9+dy{F+zYy_w7@ znw(RFm*jcU!*Y+z1PuzKwem!nZM^F=^aq~P8jM2oCE;-t)m|3_QS?miJlFZ~HWyhJ zMPAI}I9fLS>Sjgb*oslUY-4F&WHp~BjG{p;G|p4aQ&Of;g9`p|D6K0Ld&;Y- zIOrHOQV%?nHOMLKHxcpO#%a%Q4!f>zqN;3g4Y~*kIMc#SJnRHz&^#VW6OBWQ2kg3y zhCun(=a~+c+Z`e6PYsw8*jFoX!V=FYg;OJBAr*YvFa<@R%Ddd(EL-VLRpQx18d$ql zLYaBveLNYP#L`@}k(AnqJL)rI`cb_<>PO3HB`bmy`)bpW3M0xe<1>&_w3K5Oerzhx zrH&^yM>0A|l!QDnzFIpg$3{^-Mw{~iH&7ZhTSN;7fdW4j5ux;n{az0(IE;FAL>?MD z>f5X~PUX)eeUUFS^NxhNcQ>uvn9UYar!~7Q=;o$By1Uw7Uba0R)eRfRh4F@buYqO; zr-)}99p55NJde*5JahK4@G0mg%Oa;oMFba8yyLSt&<)z79^1B=W1yj^{j4{N)?0^ zKFwsHo+EBc16_^6vQT__@^Isz(J5<=J2w3Eytbj6c!-9dP3h8eiD$Z5eH4`N4vlo> zZc@NIJk^&eC+tw~k*j4u*i4x~h=zyh%u?g9@Cq11GTo6WW5Q8%jm@L5<8kyVqdJj* zew{-&BwB8a;c-A$__14s`hipdG^c!;z|^*aD^01t)GbG~L+R(G&zatIWCX@>6&m2b zNkZodE<+VzC1PnTPtL-@iW&D9I6p)Ta!@^^jVy{seH$ibkcHtC89;t8QCP3=ELp(8 z`c)Z7)Hne{i`47YvgIyV%ujke3x$34dgV5}jyg>2dEGh-#h&f1NWIl%JW5@VET3}B zpl_LRbbvIUnP(%=f-ibtGBaqLyY66k`jy)BrP4aWs#w*D7Fju4u9t}S4}54ksPF}3 zZ#$B*^t@#cbM=WAD#;~3;<~=?Cgn3|@sy91r(GlT4|f(v|9tNIC4Ya!`fnJ;%U2b2Epd>VGD|@ zWH7V6^=&TYW}%M<`~;DZE?g0oNCsTB4Qz~6<-gEWzJyY(S@C7rZB=18OFQkw*}!Ggs*hf!^%Oh%T9Xta5} z77I@z*QbY=O12ijaJ;B)ITNj|5AyPRzdp|Iu|WTCHwGnKGe1WJeX+ZBCVVrvW z&Xqkmt1*69mvJF@wcdoeiLv==TrE^v(ALEo6ASB0Cy9f$n$WRdyUWkr08^RN(RHWE#Ksj@;j?4`xDr3~KFy~l$O@mJzCfSrJE(~%?bbwa zdlkmw-C?xOQaPUH(sCC>YZO<8j7beDQ}YFGjfzC7F-yK;g#=1lNl)`;wv6wpD+yfi z>`oV8_3{%c&7>+-TnkBT5L7aW>jjbte>m_;nb1941-EM8*6e7Q#ps)*YYb~mfIEU{ zaMk9k`@Rb(G?W?Qa&=Jhb~jF>_0=0C%F?fQAY4}!Xi$M-6-$U&m9V;E11ak#_0Uo+ z?akxeT62$5Xtb@h%Sj{h>arw-vPfZ(ZsoqU3VoUKQLj4U zcv`RUC&S8C|I;nz2I8t(`)zNk6yrh;id&brQd~$?uUE|q$$&bmuwjCWC8oPFsAh$C zJN|-j8`t0oM^-iI&v72%v8}-a2QP^@C*d5XppJ<#>Vkt=nqBmQ?Q`&M3`{Uw!=0nQ zFkXF-{uqGuriQUH;dPNxz|*Pl`hsu-LiMAtEaM@v09~r)@@Y(e5V)4VL_;_F83orR zF;>X{tW=Bu7a%4zcvAHdXm$8QnZzV=9ZyF+gED zq(_~110tz+cnV#q(GH!Iz{5I|grrdzRTg@6Fw&Y0Y|`1j5PDh4)*+#)D#*crHSMV0?I}E)I*Af^bF43+ z$MxY_8#u;M4T|*^2Cfbgvd6E^}0(Y0E|E*_&frQ6`5nrDZ zX&efk90z{nDX3G^lfZ7(L52(@Y@Saq>`pz~TO8(UYF3hHU*QQ{n|_6(wWj(b2Em!b z@6=Stl@(x3*SyqioXL~S{behfqTZ7p)_9Fmkuqaz^ph>#DXVER6}B*NloXUHRiAj| zThKvP&pTFf!_8Ofy3^eGT}ia5K`m+=$5r}a(XKHFYDrm8)}|^oAtqP3a15cjAJ1q~ z!20?H3mDkiOj31|+0V#WH>w{b&`L-^l)5h3WS*yM@q|Dv5*CPc8KoFW71XtjvRfA2 zt1qx&rM%lft#zLeeLCR)qJL7*Z@yeXpW}yW_4;vFuE}Kenj>R3m2)b;B$N4lQ6Q*f z>sIup>5-(&uc#nRIj^IW>-VndP^ zp@{a8C!RE3qbQG=)CTR%6G0UjX6~Ek8|4n60D?34kyqD74DFt%I`Og7e5|o)xrNb7 z#;0jy{3L1U(S&FiHmd{AuvCZX#VQO-J!#uTm2|yP?d4SYjaMAUUf0R=@e{mx3=eG`l&{*vT9eNnU~bT-b%p{xzH*& zVjOigPgWyfMUy4+!+d9@D3P|~*akHkOKxmES)3Wl>Lg~FGQ90s_X#8D8ntzTNks*X z#u}_h({4yE>&P|9_arzAw0W{ABEqV;o@CLI$EzoY9FHep%}*n1cC~^CjAdCi#ttK|9~2I&y1RP1 z=(==tRn5>7^8nMb!Pd>YYs-NoixmhHwilU^7&M>(J@oM2^ACuawQT*1J>NN*Rh3mW zfMq-i+g;IJdB2@JdGb=3Uz!aV0m9LTWiDB875{~uV&$T2eg*GR1BrsHEw{Yu55oos ze$=MvBCEmRxjOrvNshe96QSay!lquV_$XuHLR&4Pi38+_h7cIY@ZKpI$nbfkzN@}` zhXb2Yf*o~mT^;bSLkGB)u6>B=^h=_jMnu%O4^bQXQY4%Dcv%lIVXVai(dR-2W}@-8 ztqyD3vUscx)59}_qzbVe>TvZS6C==an=|Q!p=!21JztSC3^v@UwCqT#E2xMW{!mJ- zAf_yo+m0Xv!5(*%lwFD^qanRB?+XI+(LVgV^{kp zZJrbiI!3J)GJ+c3o*I~L^dBDLwBvdf4TmgvMj9PZf*KOO=HtzF(4hQE!>TT02lp`H zr47m(3Mc+l*|e>WMk#p$nG3SS8stkkWxlff^*u*hU3GGI&$%yoV)vn0C6+I&6m!h% zK?Tn$7Ss?}Q2b%VT{OR~_UO8JL;u4sZ3r|<=;*ql3Y$3`{wgBAE1QubnFg^UKrE$? zx#)3L?)ZU)PW~K@;9ia10sa&{jUa)@K%$MbS4m+@m|;zP!p%iD7Tr`-b0{yDZ^KAlrsi;fEU{> z0@^5atw!3!#+EdsoHiY+31wqQIc|{TX!k9 zEvLzEY<^7eEdnO&glgg*pp&@0C!#`NhlPtXFi`Ja0GJi7Pz)U$lfwnPl%TxHL*MNs zRx9mMROCiQr-Fbj^vITUT=#CunA%pGNJ4(wG{Es({F!WR4`v#$cqp02_+ov}8oiId zPyYa#pchdKqViFpY`i!}nTG9|)~voSDg}w4L2g+|wHMa1FCQNk&UJsLgkb)G{R*%BMIsyWC4|idZSOY>^An(+N67q}KfM%94d8a=>@o@nXH6b$L z@=6Q56NAw5#`u#}5G3wlYjfJ5KipGsPL(UQ*#uE0h%!NRlp8qEAEP<|v{4Qz<%Bbu zL^vnQA)_Qkx=9KwxHQB)C@q&?^UzbR(aVR83u>lVt(vEZ<~^FOt4f$xl`tQ{QYv9y zDq%iK;i2zFcu^8xbT>44zM!Xe{FmBY_e+>L~2h!@7bqiFr&cy%{< z8?TkuX7I&*{6X2)3u&T|MC3BQQw{)9hk|k?Y8$&JDak~<+E|hB14vyixhMy6nZz2lk&D|2EhpwP{T}FPA5?cm0W6oB5S-l z{;*77d@iA=%Gtta`0@1$Z3on9QU9CEn=hA~_#1|qG+S#>fX2Yu9F|=j1x5w9HfwyN z!WI~Ehq2cN$U{$kTmenWiQ|*U_@hd88}1-N^bNP;fooSP0fEB72*r*+OC!aTGlgV6 zsZfPKKu=Qz;HpVf=J?~ySBNq06#Ovi7E!uf6nyv?ua{Y$H?0RQXKnnkkswYfLa=d@ z+FY*0=JJ_DAfe=0F8Kq67o34GIVHY2zHPJ$KDakt-TX;8Q?Z~tF_H!E{6N0Tc?hHF z>}riLK~_REQzHYmKC(An8-G-C5CAC9YTe|FCH3VIBwnRzSlv9m`HGS70-EC;;%0+I z)$t}+mUw9i@Fe7NyTpRhH~`!PDqp8`hT{(n=ahOCuF;Q6l5nYn=#p2$Dm7Wt_Y#oI zDC!&4rmQw%;LD;$S!9{v065O=?*`#YN%Ju|s*rMiXx_ni5#S|ipsyH?ayCNP%nT-A zd|bmN@vu~c@K&EQkvs7SI@dN3kn)--X}N{kPP3WDOfAknWoAe;FV-y9n%Xl&^>*7k zh18pFOP0GjgC5uIo$)7|ubZV)XP%hArTlD5UknyNT*~Qq-3&vNf;gc{gv2MIQXm*p zD|S5efJBAsB_eAcp!ns|5nR{IBDtIfpDl!hVJWg+ato3AD$&PmtQy`8#M?Yus;;FB zse~Minv9DKR1MVIZHwI@x4#+bnUr z9Qs82sIq54pmC>OVy-27E=pMV@{vzw*3$Kv^}GsZy$M$R*c=b=Hzp!TrAJtBMeLM` z&mZH7?msG%R^Pw|d7Vp;#msqtts_P1aa6QX_XuM*$(C8AFUVUz8E0o?x zW=Op)NwqFx#IeL^L2bz=^)}4Jw{q72@T7uBBrv5FF5{YT<%?TBR$1V&%I0ab7c(~i zYm%O_ERcEIn6P=tg_t$tbZQ~v>t>W1I*MYXK7~ZOAqsr2?W(eu`5cFISqPd^f@=b& z6?Ad*prbJ6pk_h&-z_Dn^g7&P$G7T6uT;cWVQ;h%b(Ru@<-YwiWPBkMu6A+;o*rX7 znEq<4n2D1@FSn$?B50;TqL3<9Wyp-RK2k5|O)wB4Q7Re^-u6>W1ZgT zK34`wMEzu0`pG%sydNzJeQxE%7|y7gg+^_9V!o=305Jr@XLl~- zhg{pYi&RJ=AjYXq@V3eSK#KJmzCxA*kO2)ePM7;Un#6GDbc=a(b@RuCYQudh7${!H zpu!B6EJRjGkk`#Ir5&IRs4=q|kQ)4l3Ao^bZT<-CRO(1&oC|)&AavD8jyJMO=UU20 zBf^+$MJ6bou2WBWA3q zgOX5HwD~~Sa?uS}++pG(dyfU1T82wMG9%ee2#M&i_ki!GwD7xD911AmH*L4wz{6)# znblPUsvjk>>Jrh-nz^imMW&ARn3F2I!jVa*?}|LE%%K?N8?6Xgoe_vZ=Kk_X zC>Rt=^MMfEY|X+3f>PXYab`Le{)5kR#xQg)idrZOdbZb$bkM8gzQ$^!Nl}KlEvrDT59m>7=-k&(#o(- zmn6O#+SGP%B(048neo;|eq+(#qe3MxWn}%4*TI(Sx?I_&D&1A7PZep(8z`j>n|*|8 z!dZ(k$)I2?Gm&<-C>fUuNSp|7R4BLYVm->t3UeM_Yq&x3YgqKH_ugB)qqp&t98kp( zo0c~h@IGI5kr61hOMU57<^rPS>lk`DMKwSo*9)TEeC-F~otLTd;k@V&L^@s-NE>u8 zS!&eMMXyf?)nCx_GTh)NMoywBpeMJwUh7^+cKXX(? z;eO*j&MKjz&8jYWUc#a`ZL_LNtVYTOPpeYatfXwC%c)Cb#92&OF$}Kg^+JVj-H49b! zbFCZp+Xh11b%Ba$X6-IB+Ql%2{R`SbxH5Ao7jC^i)pADVWKQDBR%X6Yjm82D?>)^L zhT9iyD-!H(zWy#})odwOW{I+}Atro-%h%FKh^!cJA41@lTRLaqPqWM zg8#cCkNx@gf5Z!J%Zn#Bz&%>qxF6uIB^Z(qZuQKvX2 zt_*;=9pX=^_|E1i7HHMp6IZz;&b&XtmJKE~$iUNf5gNGU%+SCfdf`A&9SSjDPEdso zwoW<~aN&sKc#P*c5eez1tuHSI~%yWvd4Ru7dH(twszJ7<;AM(;#jSMsZUN z{?H!XsDf11V*X;J97j)a?M+#HeNE9r5?Q17s>sL>3G?ez;e5UJzh`?uWL>Z0l&}f` z#9ND@JZ)f4)&e6ptH8(%x)GG=6}a^nyR}GjRiM4XbutwIUVQ1PTpSegrEqnK$5+K{cU}or^ROw) zHLg+OBKNI%uf*E8$qjdrQP~vd%{wH|0Pt$UF$=~mlfl3*V;d_AYqK>a_+U z+TP>(F^PAIzl29g2?hgd^hv>zp;O{AE}?*Yo-DUZ0lp1G0}&z@&GE_6dqu2iGz5s* zX+Z(iU^{@$-6n?7@uyRdn~O`>40gwMflgYkta>orTJ-a<21B$8T%Fw*s`0B$ zd~F6`pg^?<;uQejglTF(eweVqsC^S6HLHE%4)c7!?6ar<|7JM~%KS}b1{|;vJ-+Tt z2}+BJ32gM|l`8;4$eGke0tjm(e#TJZoEH%p z@|>GVavodd+D)W5b*RUv3Ns2+1#F#)t=lijw1L<Q>gNARXNS-K z9^6+w|2sMVu_F)8|2ke_ZU@Qnl=Yas>)Sn==1`ycRX1^E_c+O2_WYg5_hjCA++B!i zX6mOw7*m+9IJo46e4a=fC;8R`FB#ZJXs$Piy?7V-_-2RZbdgUUx}B5;PbbnI_4da} zD5VP+s$qfhXeXi>8=B|Woqp<))*Co9rnK(eeCgiWm3udTBD#0)-8?6{w?z55I1TTu z{Vvm;CuJEX2ZqIuwoXpU@L}8pa_T# z1Ci&3W{S1nvhE6(R2js2ZH?&(yH`10iDrcv1YCJe3VTHp5h)_*B^~3tmag54Rx#`) zkOI+NDVF?F7Up7>b7G%WQB=9!l{A@cK=-Q>;vI?jZ5`ivHmqH?n4why=d&!INBy9| z!0y$|ZiS;fuMM2wd8w%)ZGXw6QMy%*G^dubVx7<}Z=Tvpys2FMQm1>in6KQH3~y)_ zBOS2@C;bNMkX?VF384&%qW5n8*f3{?tE_|FyQ0&{=Z(H#Yl)P}s49jlQl&r7D(dAT zOZ`+c01W4{jOG+P$Kif1I%-j9PKrHQ;OWf0q_{@saz=40GVO!w#=V)Zd>)-gCz#j_O+pgzA`I3PF;&@8?Z^QFlprz2ikN@aO)P)KNm44S5U18N-gmU+SJJ2fJ zVY!IViyXbjxGRf@esp7iXjy3jhy^Gt4qh$w4x#u?Un$71(y$8$NTKC&a;`>KM(bgB zw9e=#PKRHf;Gwhug|czM^J!MQaRH03-T-%*cVjH*Mcs6f-o7)SWRx0jtPFe#MKk)u za$A(kE|d_jKI=VSS$e)Vi2AGv+}MML&72UmB(lL>iQ<+d@}kUWm8d@FHRwfYVIk0W z`C_*@kKQzmx3HMmal_I2A}KxmDI&RrrLX+CR0T0rQpckT!3(uT3R!tn$*4ompQDUg z9v~GNp@ilwxRoeW8V@znWyGDXLsbYucO7D4e-M$5Sj3aJPrQNq=%5dkU7V@fB^I|u zi<0kBmD3;8BgMswEh#JAjg@}a3MdguH;}Y~)C#B;iLZgYyRqUk*a{P$-#$$J7QbDk z3;@T%FD`UsQ7wje^{FjHekWJAnVs7SlW<;c#sUzeFEFC4pjnROjkyg?pChI#J7XmCk zIp9Q6!Y)w%y41wz9m7TbEm1svVFh{-f3`*Q!z;A7o#F+1X{>lt#gZzC-X%)WpK_0P zODiF(lJmPvMCvh|Hp`gM(#(>K)&py_POL~gi^c7EDmnc@-gz>)1IOYY<#XWl9LOtD zsir9s(Fny^4@#0I5KoC%C#r^WZJ3#)POSm8LwYf@4ygGN*INTNczxo(0UEzGK&x7G z5+X#Q|A#daSSyK;72>RQ|j)clb*fj8^pahJ@LXY~o{*;ASj6 zxa`&7&G0%at%xE6tS19}F1X%YCyCYlM;X$xY*9zKTl|rZN=z-EV$`H*4EDCDvzZGi zvSN7x=M>5HMb~zn*hPj?M!+LqefJ)<{c6HKg8Mf3YMj-L1rwHE}dZuZmILveWe z=>){JA3to*%*@!z6q3E7Lgu2)aH|sKFlVJm7KiuIQ>{>!+upn2wP-{alQg2*09u-p zaP3iQLT62MUYVn)I1UsbOo8iH=T)}3P%bX2Y%Cam5nd) z7IXJW5%{ zCa40#G1GUQkT|{>1wHUXY<>F6%b&jezkghP<3+>tzphK+K4sOVq(Uc7 z7enT);km8hI=_FmH5_g&Uz^UX><8GLd3o#1o1D*|s-(H_SGI;^b(;NWeoY7apa$<{*JpQLoz8Vz%NLo3oFb8M_}i`F z`3LX+x2ykd;5uQvm*!%!gEO8v75JYsjR%bX9{=*b68_tM8WK*{e|F?~`k(ji zwJqEJs@ry`JH~FiG#VtC+TF{HVdpGkXIp}2C?3l$>;Y~%A;9GQ z$N|R69*h!V8ilo{fVXl~IL-ck)bBRju-QRywLsMCNBDj?qqvbb_2TMm#3UPe_wGGx zJ)Lpq-q=mBEtSh~Xjjg)yACt-yXn*RS~Y&i*SzDW>_gj-o$oYU|8Va6=~=NUK+5N_ z+g*2XXxFzeuA$+@T>YF9Fz4a4S%+#m! zFURhak}lxajvaaa`Dc#*@LNZ|@$K*a@Ys>#&wlU7v(G%Ryid;>6^k~HY1LgmdPgLap6OSL9$p4*q9!~xr12=3V^Zy|wzM`6baD}E8omdud zVw!NcGOZG#5j9#-laX8EnL zPDp}w_OVzt?aXB5nBgY9jW{lMPK7i<_rLAFj=49_+>wlTv7|#aqnwV?>^H#{ru*gg zq%-euFFEsENPU&t&vLkb-=puC{`&2IJNX|c%||5tA1wc$c(Nk@$$BFHcj9?C`G4a1 zqZ8@>H!TAv%O`rntIJTTe+y(3TP1n!|`wL8U literal 0 HcmV?d00001 diff --git a/solr-tomcat-instance/tasks/main.yml b/solr-tomcat-instance/tasks/main.yml index 244759c4..dc79361a 100644 --- a/solr-tomcat-instance/tasks/main.yml +++ b/solr-tomcat-instance/tasks/main.yml @@ -5,23 +5,20 @@ - data/solr - webapps - zoo_data - tags: - - solr + - collection_data + tags: solr - name: Create the link from the tomcat instance for solr to the solr data directory file: src={{ solr_data_dir }}/data/solr dest={{ solr_tomcat_instance_dir }}/solr state=link when: solr_outside_tomcat_dir - tags: - - solr + tags: solr - name: Solr needs some additional packages apt: pkg={{ item }} state={{ pkg_state }} with_items: - libslf4j-java - libcommons-logging-java - tags: - - solr - - tomcat + tags: [ solr, tomcat ] - name: Let the additional packages jar files visible to tomcat file: src=/usr/share/java/{{ item }} dest={{ tomcat_catalina_home_dir }}/lib/{{ item }} state=link @@ -32,51 +29,61 @@ - jcl-over-slf4j.jar - commons-logging.jar notify: tomcat solr restart - tags: - - solr - - tomcat + tags: [ solr, tomcat ] - name: Install the solr webapp under /webapps copy: src=solr-{{ solr_version }}.war dest={{ solr_data_dir }}/webapps/solr-{{ solr_version }}.war owner={{ solr_user }} group={{ solr_user }} mode=0644 register: solr_war_installed notify: tomcat solr restart - tags: - - solr - - tomcat + tags: [ solr, tomcat ] - name: Install the solr catalina definition template: src=catalina-{{ item }}.j2 dest={{ solr_tomcat_instance_dir }}/conf/Catalina/localhost/{{ item }} owner=root group=root mode=0444 with_items: - solr.xml notify: tomcat solr restart - tags: - - solr + tags: [ solr, tomcat ] + +- name: Copy the solr collection1 and solr_core_base archives on the target machine + copy: src={{ item }} dest={{ solr_data_dir }}/collection_data owner={{ solr_user }} group={{ solr_user }} + with_items: + - collection1.tar.gz + - solr_core_base.tar.gz + tags: [ solr, tomcat ] - name: Install the solr collection1 example - unarchive: src=collection1.tar.gz dest={{ solr_data_dir }}/data/solr/ + unarchive: src={{ solr_data_dir }}/collection_data/collection1.tar.gz dest={{ solr_collections_base_dir }} copy=no args: - creates: '{{ solr_data_dir }}/data/solr/collection1' + creates: '{{ solr_data_dir }}/data/solr/collection1/conf/solrconfig.xml' when: solr_install_collection1 notify: tomcat solr restart - tags: - - solr - - tomcat + tags: [ solr, tomcat ] -- name: Fix the collection1 permissions - file: path={{ solr_data_dir }}/data/solr/ owner={{ solr_user }} group={{ solr_user }} recurse=yes - when: solr_install_collection1 - tags: - - solr - - tomcat +- name: Create the solr cores data directories + file: dest={{ solr_collections_base_dir }}/{{ item }} state=directory owner={{ solr_user }} group={{ solr_user }} + with_items: '{{ solr_cores }}' + when: solr_multicore is defined and solr_multicore + tags: [ solr, tomcat ] + +- name: Install the solr cores data on a multicore system + unarchive: src={{ solr_data_dir }}/collection_data/solr_core_base.tar.gz dest={{ solr_data_dir }}/data/solr/{{ item }} copy=no + args: + creates: '{{ solr_data_dir }}/data/solr/{{ item }}/conf/solrconfig.xml' + with_items: '{{ solr_cores }}' + when: solr_multicore is defined and solr_multicore + notify: tomcat solr restart + tags: [ solr, tomcat ] + +- name: Fix the cores permissions + file: path={{ solr_collections_base_dir }} owner={{ solr_user }} group={{ solr_user }} recurse=yes + tags: [ solr, tomcat ] - name: Install the tomcat.local default file template: src={{ item }}.j2 dest=/etc/default/tomcat-instance-{{ solr_http_port }}.local owner=root group={{ solr_user }} mode=0440 with_items: - tomcat.local notify: tomcat solr restart - tags: - - solr - - tomcat + tags: [ solr, tomcat ] - name: Install the solr.xml and zookeeper conf files template: src={{ item }}.j2 dest={{ solr_data_dir }}/data/solr/{{ item }} owner=root group={{ solr_user }} mode=0440 @@ -84,7 +91,5 @@ - solr.xml - zoo.cfg notify: tomcat solr restart - tags: - - solr - - tomcat + tags: [ solr, tomcat ] diff --git a/solr-tomcat-instance/templates/solr.xml.j2 b/solr-tomcat-instance/templates/solr.xml.j2 index 9f1a7025..86a3c5ef 100644 --- a/solr-tomcat-instance/templates/solr.xml.j2 +++ b/solr-tomcat-instance/templates/solr.xml.j2 @@ -29,11 +29,13 @@ + {% if solr_multicore is not defined or not solr_multicore %} {{ ansible_fqdn }} {{ solr_http_port_1 }} ${hostContext:solr} ${zkClientTimeout:30000} ${genericCoreNodeNames:true} + {% endif %} @@ -41,4 +43,17 @@ ${connTimeout:0} + {% if solr_multicore is defined or solr_multicore %} + + {% for core in solr_cores %} + + + + + + {% endfor %} + + {% endif %} + + From ae8283094ad086aa81903f640bd9847354a9db59 Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Thu, 14 Jul 2016 12:40:31 +0200 Subject: [PATCH 21/34] library/roles/smartgears: Simplify the smartgears template management. Add a conditional to handle the case where no VO is needed, see https://support.d4science.org/issues/4723. --- smartgears/smart_executor/tasks/main.yml | 59 +++++++------------ .../templates/smart_executor-container.xml.j2 | 34 ----------- smartgears/smartgears/defaults/main.yml | 1 + .../smartgears/tasks/smartgears-app.yml | 1 - .../smartgears/templates/container.xml.j2 | 12 +++- 5 files changed, 33 insertions(+), 74 deletions(-) delete mode 100644 smartgears/smart_executor/templates/smart_executor-container.xml.j2 diff --git a/smartgears/smart_executor/tasks/main.yml b/smartgears/smart_executor/tasks/main.yml index de1fe8a6..d2d462ce 100644 --- a/smartgears/smart_executor/tasks/main.yml +++ b/smartgears/smart_executor/tasks/main.yml @@ -1,41 +1,24 @@ --- -- name: Remove the old smart executor files - file: path={{ smartgears_instance_path }}/webapps/{{ smart_executor_name }} state=absent - when: - - smart_executor_install - - smartgears_upgrade - tags: [ 'smartgears', 'tomcat' ] - -# NOTE: Install as the smartgears user so we do not mess with the permissions -- name: Get the smart executor plugin - get_url: url={{ smart_executor_url }} dest={{ smartgears_user_home }}/{{ smart_executor_file }} - when: smart_executor_install - tags: [ 'smartgears', 'smart_executor', 'tomcat' ] - -- name: Create the smart executor working directory - file: path={{ smartgears_instance_path }}/webapps/{{ smart_executor_name }} state=directory owner={{ smartgears_user }} group={{ smartgears_user }} - when: smart_executor_install - tags: [ 'smartgears', 'smart_executor', 'tomcat' ] - -- name: Unarchive the smartexecutor distribution - become: True - become_user: '{{ smartgears_user }}' - unarchive: copy=no src={{ smartgears_user_home }}/{{ smart_executor_file }} dest={{ smartgears_instance_path }}/webapps/{{ smart_executor_name }} creates={{ smartgears_instance_path }}/webapps/{{ smart_executor_name }}/WEB-INF/lib - when: smart_executor_install - notify: Restart smartgears - tags: [ 'smartgears', 'smart_executor', 'tomcat' ] - -- name: Install the smartgears configuration file - template: src=smart_executor-container.xml.j2 dest={{ smartgears_install_path }}/container.xml owner={{ item.user }} group={{ item.user }} - with_items: '{{ tomcat_m_instances }}' - notify: Restart smartgears - when: smart_executor_install - register: smartexec_containerxml_state - tags: [ 'smartgears', 'smart_executor', 'smart_executor_conf', 'tomcat' ] +- block: -- name: Remove the smartgears application state if the configuration changed - file: dest={{ smartgears_install_path }}/state state=absent - notify: Restart smartgears - when: ( smartexec_containerxml_state | changed ) - tags: [ 'smartgears', 'smart_executor', 'smart_executor_conf', 'tomcat' ] + - name: Remove the old smart executor files + file: path={{ smartgears_instance_path }}/webapps/{{ smart_executor_name }} state=absent + when: + - smart_executor_install + - smartgears_upgrade + # NOTE: Install as the smartgears user so we do not mess with the permissions + - name: Get the smart executor plugin + get_url: url={{ smart_executor_url }} dest={{ smartgears_user_home }}/{{ smart_executor_file }} + when: smart_executor_install + + - name: Create the smart executor working directory + file: path={{ smartgears_instance_path }}/webapps/{{ smart_executor_name }} state=directory owner={{ smartgears_user }} group={{ smartgears_user }} + when: smart_executor_install + + - name: Unarchive the smartexecutor distribution + unarchive: copy=no src={{ smartgears_user_home }}/{{ smart_executor_file }} dest={{ smartgears_instance_path }}/webapps/{{ smart_executor_name }} creates={{ smartgears_instance_path }}/webapps/{{ smart_executor_name }}/WEB-INF/lib + when: smart_executor_install + notify: Restart smartgears + + tags: [ 'smartgears', 'smart_executor', 'tomcat' ] diff --git a/smartgears/smart_executor/templates/smart_executor-container.xml.j2 b/smartgears/smart_executor/templates/smart_executor-container.xml.j2 deleted file mode 100644 index eaec0a22..00000000 --- a/smartgears/smart_executor/templates/smart_executor-container.xml.j2 +++ /dev/null @@ -1,34 +0,0 @@ - - {{ smartgears_hostname }} -{%if setup_nginx %} -{%if https_port is defined %} - {{ https_port }} -{% else %} - {{ http_port }} -{% endif %} -{% else %} - {{ item.http_port }} -{% endif %} - {{ smartgears_infrastructure_name }} - {{ smartgears_vo_name }} - - - {{ smartgears_country }} - {{ smartgears_location }} - 41.9000 - 12.5000 - - - - - 60 - -{% if smart_executor_install %} - -{% for context in smart_executor_contexts_list %} - /{{ smartgears_infrastructure_name }}/{{ smartgears_vo_name }}{{ context }} -{% endfor %} - -{% endif %} - - diff --git a/smartgears/smartgears/defaults/main.yml b/smartgears/smartgears/defaults/main.yml index 27e820c4..899005ee 100644 --- a/smartgears/smartgears/defaults/main.yml +++ b/smartgears/smartgears/defaults/main.yml @@ -21,6 +21,7 @@ smartgears_url: 'http://maven.research-infrastructures.eu/nexus/content/reposito smartgears_mode: online # Production infra and VO smartgears_infrastructure_name: "d4science.research-infrastructures.eu" +smartgears_vo: True smartgears_vo_name: gCubeApps smartgears_hostname: '{{ ansible_fqdn }}' smartgears_country: it diff --git a/smartgears/smartgears/tasks/smartgears-app.yml b/smartgears/smartgears/tasks/smartgears-app.yml index afe26e13..a3175bf5 100644 --- a/smartgears/smartgears/tasks/smartgears-app.yml +++ b/smartgears/smartgears/tasks/smartgears-app.yml @@ -50,7 +50,6 @@ - name: Install the smartgears configuration file template: src=container.xml.j2 dest={{ smartgears_install_path }}/container.xml owner={{ item.user }} group={{ item.user }} with_items: '{{ tomcat_m_instances }}' - when: ( generic_worker_install is not defined ) or ( not generic_worker_install ) register: containerxml_state notify: Restart smartgears tags: [ 'smartgears', 'smartgears_conf', 'tomcat' ] diff --git a/smartgears/smartgears/templates/container.xml.j2 b/smartgears/smartgears/templates/container.xml.j2 index 3649a3e3..0f67989d 100644 --- a/smartgears/smartgears/templates/container.xml.j2 +++ b/smartgears/smartgears/templates/container.xml.j2 @@ -11,8 +11,10 @@ {{ item.http_port }} {% endif %} {{ smartgears_infrastructure_name }} +{% if smartgears_vo %} {{ smartgears_vo_name }} - +{% endif %} + {{ smartgears_country }} {{ smartgears_location }} @@ -23,5 +25,13 @@ 60 +{% if smart_executor_install is defined and smart_executor_install %} + + +{% for context in smart_executor_contexts_list %} + /{{ smartgears_infrastructure_name }}/{{ smartgears_vo_name }}{{ context }} +{% endfor %} + +{% endif %} From 96a35c2cc6081f1edf4e203a01b0db496ea71bb4 Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Thu, 14 Jul 2016 16:12:19 +0200 Subject: [PATCH 22/34] library/roles/ckan/ckan: Fix a problem with the CKAN plugins dependencies. d4science-ghn-cluster: CKAN web frontends for BlueBridge and SoBigData. --- ckan/ckan/defaults/main.yml | 2 +- ckan/ckan/tasks/ckan-plugins.yml | 6 ++++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/ckan/ckan/defaults/main.yml b/ckan/ckan/defaults/main.yml index 0674dd76..43994df5 100644 --- a/ckan/ckan/defaults/main.yml +++ b/ckan/ckan/defaults/main.yml @@ -56,7 +56,7 @@ ckan_ldap_prevent_edits: True ckan_ldap_fallback: True # Needed to install some CKAN plugins -additional_packages: +ckan_additional_packages: - git - libxslt1-dev - gcc diff --git a/ckan/ckan/tasks/ckan-plugins.yml b/ckan/ckan/tasks/ckan-plugins.yml index 315d65c4..f24ca4c6 100644 --- a/ckan/ckan/tasks/ckan-plugins.yml +++ b/ckan/ckan/tasks/ckan-plugins.yml @@ -1,4 +1,10 @@ --- +- name: Install some packages dependencies + apt: name={{ item }} state=latest update_cache=yes + with_items: '{{ ckan_additional_packages }}' + when: ckan_geonetwork_harvester + tags: [ 'ckan', 'geonetwork', 'ckan_plugins', 'ckan_pip_deps' ] + - name: Install some plugins dependencies inside the CKAN virtualenv become: True become_user: '{{ ckan_shell_user }}' From 78f009ba44a4ea2efc6471837eb459ca6dcccd7d Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Thu, 14 Jul 2016 18:36:45 +0200 Subject: [PATCH 23/34] library/roles/nginx/defaults/main.yml: Add examples to enable cors and x-frame-options. --- nginx/defaults/main.yml | 46 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) diff --git a/nginx/defaults/main.yml b/nginx/defaults/main.yml index 2121a727..3a7d287d 100644 --- a/nginx/defaults/main.yml +++ b/nginx/defaults/main.yml @@ -69,5 +69,51 @@ nginx_letsencrypt_managed: True # php, rewrite rules, acls, ldap auth # More robust rules # log format personalization (global, inside conf.d) +# CORS # # Special cases: mediawiki,... +# +# CORS example 1 + # set $cors ''; + # if ($http_origin ~* 'https?://(localhost|*\.example\.org)') { + # set $cors 'true'; + # } + + # if ($cors = 'true') { + # add_header 'Access-Control-Allow-Origin' "$http_origin"; + # add_header 'Access-Control-Allow-Credentials' 'true'; + # add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS'; + # add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Mx-ReqToken,X-Requested-With'; + # } + + # if ($request_method = 'OPTIONS') { + # return 204; + # } + +# CORS example 2 + # location / { + # if ($request_method = 'OPTIONS') { + # add_header 'Access-Control-Allow-Origin' '*'; + # add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; + # # + # # Custom headers and headers various browsers *should* be OK with but aren't + # # + # add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type'; + # # + # # Tell client that this pre-flight info is valid for 20 days + # # + # add_header 'Access-Control-Max-Age' 1728000; + # add_header 'Content-Type' 'text/plain charset=UTF-8'; + # add_header 'Content-Length' 0; + # return 204; + # } + # if ($request_method = 'POST') { + # add_header 'Access-Control-Allow-Origin' '*'; + # add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; + # add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type'; + # } + # if ($request_method = 'GET') { + # add_header 'Access-Control-Allow-Origin' '*'; + # add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; + # add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type'; + # } From a06ab825a4ba9c2ab4a1d199f1428290990d0083 Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Fri, 15 Jul 2016 13:36:46 +0200 Subject: [PATCH 24/34] library/roles/smartgears: Move the vo context management from the smart_executor role to the smartgears one. Rename variables consequently. See https://support.d4science.org/issues/4736. --- smartgears/smart_executor/defaults/main.yml | 14 -------------- smartgears/smartgears/defaults/main.yml | 16 ++++++++++++++++ smartgears/smartgears/templates/container.xml.j2 | 6 +++--- 3 files changed, 19 insertions(+), 17 deletions(-) diff --git a/smartgears/smart_executor/defaults/main.yml b/smartgears/smart_executor/defaults/main.yml index a522af70..fccdbbcd 100644 --- a/smartgears/smart_executor/defaults/main.yml +++ b/smartgears/smart_executor/defaults/main.yml @@ -6,17 +6,3 @@ smart_executor_name: smart-executor smart_executor_file: '{{ smart_executor_name }}-{{ smart_executor_version }}.war' smart_executor_url: 'http://maven.research-infrastructures.eu/nexus/content/repositories/{{ gcube_repository }}/org/gcube/vremanagement/smart-executor/{{ smart_executor_version }}/{{ smart_executor_file }}' -smart_executor_context: '/{{ smart_executor_name }}' -smart_executor_contexts_list: - - '' - - '/BiodiversityLab' - - '/BiOnym' - - '/ScalableDataMining' - -# dev has two different contexts -#smart_executor_contexts_list: -# - '' -# - '/devVRE' - -# - '' -# - '/NextNext' diff --git a/smartgears/smartgears/defaults/main.yml b/smartgears/smartgears/defaults/main.yml index 899005ee..dde232c4 100644 --- a/smartgears/smartgears/defaults/main.yml +++ b/smartgears/smartgears/defaults/main.yml @@ -32,6 +32,22 @@ smartgears_service_name: 'tomcat-instance-{{ smartgears_http_port }}' smartgears_loglevel: WARN +smartgears_define_context_vo: False +smartgears_context: '/smart-executor' +smartgears_contexts_list: + - '' + - '/BiodiversityLab' + - '/BiOnym' + - '/ScalableDataMining' + +# dev has two different contexts +#smart_executor_contexts_list: +# - '' +# - '/devVRE' + +# - '' +# - '/NextNext' + # The iptables rules use this http_port: '{{ smartgears_http_port }}' diff --git a/smartgears/smartgears/templates/container.xml.j2 b/smartgears/smartgears/templates/container.xml.j2 index 0f67989d..dd824f60 100644 --- a/smartgears/smartgears/templates/container.xml.j2 +++ b/smartgears/smartgears/templates/container.xml.j2 @@ -25,10 +25,10 @@ 60 -{% if smart_executor_install is defined and smart_executor_install %} +{% if smartgears_define_context_vo %} - -{% for context in smart_executor_contexts_list %} + +{% for context in smartgears_contexts_list %} /{{ smartgears_infrastructure_name }}/{{ smartgears_vo_name }}{{ context }} {% endfor %} From 611751759c7d1a64e5dcaae4c75b50a29129e180 Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Fri, 15 Jul 2016 17:31:47 +0200 Subject: [PATCH 25/34] library/roles/tomcat/defaults/main.yml: only ascii and numbers for the shutdown password. --- tomcat/defaults/main.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tomcat/defaults/main.yml b/tomcat/defaults/main.yml index 04c7d123..d59f00a3 100644 --- a/tomcat/defaults/main.yml +++ b/tomcat/defaults/main.yml @@ -31,7 +31,7 @@ tomcat_ajp_address: 127.0.0.1 # Disable the shutdown port by default #tomcat_shutdown_port: 8005 tomcat_shutdown_port: -1 -tomcat_shutdown_pwd: "{{ lookup('password', '/tmp/passwordfile chars=ascii_letters,digits,hexdigits') }}" +tomcat_shutdown_pwd: "{{ lookup('password', '/tmp/passwordfile chars=ascii_letters,digits') }}" tomcat_restart_timeout: 300 tomcat_catalina_home_dir: '/usr/share/tomcat{{ tomcat_version }}' tomcat_catalina_base_dir: '/var/lib/tomcat{{ tomcat_version }}' @@ -102,3 +102,4 @@ tomcat_install_jdbc: False tomcat_install_pg_jdbc: '{{ tomcat_install_jdbc }}' # Not used yet tomcat_install_mysql_jdbc: False + From 3021bcc6e377e71cf16b2d95965b1017f17b1bc4 Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Fri, 15 Jul 2016 18:40:47 +0200 Subject: [PATCH 26/34] library/roles/tomcat: add a new option to the tomcat-server.xml template. --- tomcat/defaults/main.yml | 1 + tomcat/templates/tomcat-server.xml.j2 | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/tomcat/defaults/main.yml b/tomcat/defaults/main.yml index d59f00a3..14b06340 100644 --- a/tomcat/defaults/main.yml +++ b/tomcat/defaults/main.yml @@ -33,6 +33,7 @@ tomcat_ajp_address: 127.0.0.1 tomcat_shutdown_port: -1 tomcat_shutdown_pwd: "{{ lookup('password', '/tmp/passwordfile chars=ascii_letters,digits') }}" tomcat_restart_timeout: 300 +tomcat_max_post_size: 1000000 tomcat_catalina_home_dir: '/usr/share/tomcat{{ tomcat_version }}' tomcat_catalina_base_dir: '/var/lib/tomcat{{ tomcat_version }}' tomcat_conf_dir: '/etc/tomcat{{ tomcat_version }}' diff --git a/tomcat/templates/tomcat-server.xml.j2 b/tomcat/templates/tomcat-server.xml.j2 index 2268cb41..deb06736 100644 --- a/tomcat/templates/tomcat-server.xml.j2 +++ b/tomcat/templates/tomcat-server.xml.j2 @@ -76,7 +76,7 @@ {% if tomcat_http_enabled %} {% endif %} From bac130afceed9f9e2ec861b7d23fb8c834a68870 Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Fri, 15 Jul 2016 18:59:16 +0200 Subject: [PATCH 27/34] library/roles/smartgears/smartgears/defaults/main.yml: Put the tomcat contexts in a separate library --- smartgears/smartgears/defaults/main.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/smartgears/smartgears/defaults/main.yml b/smartgears/smartgears/defaults/main.yml index dde232c4..b473f00a 100644 --- a/smartgears/smartgears/defaults/main.yml +++ b/smartgears/smartgears/defaults/main.yml @@ -32,6 +32,8 @@ smartgears_service_name: 'tomcat-instance-{{ smartgears_http_port }}' smartgears_loglevel: WARN +smartgears_tomcat_contexts: + - whn-manager smartgears_define_context_vo: False smartgears_context: '/smart-executor' smartgears_contexts_list: @@ -53,7 +55,7 @@ http_port: '{{ smartgears_http_port }}' tomcat_m_webapps_unpack: True tomcat_m_instances: - - { http_enabled: True, http_port: '{{ smartgears_http_port }}', http_address: '0.0.0.0', ajp_enabled: False, ajp_port: '8109', ajp_address: '127.0.0.1', restart_timeout: '{{ tomcat_m_restart_timeout }}', shutdown_port: '-1', java_home: '{{ jdk_java_home }}', user: '{{ smartgears_user }}', user_home: '{{ smartgears_user_home }}', user_shell: '{{ tomcat_m_default_user_shell }}', instance_path: '{{ smartgears_instance_path }}', max_threads: '{{ tomcat_m_max_threads }}', autodeploy: '{{ tomcat_m_webapps_autodeploy }}', unpack: '{{ tomcat_m_webapps_unpack }}', default_conf: True, java_opts: '{{ tomcat_m_java_opts }}', java_gc_opts: '{{ tomcat_m_java_gc_opts }}', other_java_opts: '{{ tomcat_m_other_java_opts }}', remote_debugging: '{{ tomcat_m_enable_remote_debugging }}', remote_debugging_port: '{{ smartgears_debugging_port }}' , access_log_enabled: True, log_rotation_freq: daily, log_retain: 30, allowed_hosts: [ '0.0.0.0/0' ], app_contexts: [ 'whn-manager' ], servername: '{{ ansible_fqdn }}' } + - { http_enabled: True, http_port: '{{ smartgears_http_port }}', http_address: '0.0.0.0', ajp_enabled: False, ajp_port: '8109', ajp_address: '127.0.0.1', restart_timeout: '{{ tomcat_m_restart_timeout }}', shutdown_port: '-1', java_home: '{{ jdk_java_home }}', user: '{{ smartgears_user }}', user_home: '{{ smartgears_user_home }}', user_shell: '{{ tomcat_m_default_user_shell }}', instance_path: '{{ smartgears_instance_path }}', max_threads: '{{ tomcat_m_max_threads }}', autodeploy: '{{ tomcat_m_webapps_autodeploy }}', unpack: '{{ tomcat_m_webapps_unpack }}', default_conf: True, java_opts: '{{ tomcat_m_java_opts }}', java_gc_opts: '{{ tomcat_m_java_gc_opts }}', other_java_opts: '{{ tomcat_m_other_java_opts }}', remote_debugging: '{{ tomcat_m_enable_remote_debugging }}', remote_debugging_port: '{{ smartgears_debugging_port }}' , access_log_enabled: True, log_rotation_freq: daily, log_retain: 30, allowed_hosts: [ '0.0.0.0/0' ], app_contexts: [ '{{ smartgears_tomcat_contexts }}' ], servername: '{{ ansible_fqdn }}' } # To enable debugging: # - Set From e72ba9235535069f58f9014776ea22a7b21c9d81 Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Fri, 15 Jul 2016 19:17:39 +0200 Subject: [PATCH 28/34] d4science-ghn-cluster: Change the smart_executor conditional. library/roles/smartgears/smart_executor/tasks/main.yml: Change the conditionals so we can let the role remove the application when smart_executor_install is set to 'False'. --- smartgears/smart_executor/tasks/main.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/smartgears/smart_executor/tasks/main.yml b/smartgears/smart_executor/tasks/main.yml index d2d462ce..a3899d12 100644 --- a/smartgears/smart_executor/tasks/main.yml +++ b/smartgears/smart_executor/tasks/main.yml @@ -3,9 +3,7 @@ - name: Remove the old smart executor files file: path={{ smartgears_instance_path }}/webapps/{{ smart_executor_name }} state=absent - when: - - smart_executor_install - - smartgears_upgrade + when: ( not smart_executor_install ) or ( smartgears_upgrade ) # NOTE: Install as the smartgears user so we do not mess with the permissions - name: Get the smart executor plugin From cd67222e4eebad685c6ed406172fa29715b2c690 Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Fri, 15 Jul 2016 19:23:33 +0200 Subject: [PATCH 29/34] library/roles/smartgears/smart_executor/tasks/main.yml: Fix an indentation problem. --- smartgears/smart_executor/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/smartgears/smart_executor/tasks/main.yml b/smartgears/smart_executor/tasks/main.yml index a3899d12..fc7bb5e1 100644 --- a/smartgears/smart_executor/tasks/main.yml +++ b/smartgears/smart_executor/tasks/main.yml @@ -19,4 +19,4 @@ when: smart_executor_install notify: Restart smartgears - tags: [ 'smartgears', 'smart_executor', 'tomcat' ] + tags: [ 'smartgears', 'smart_executor', 'tomcat' ] From e201856f79e372d798a88a5b0e90fcfddbb5693a Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Fri, 15 Jul 2016 19:25:49 +0200 Subject: [PATCH 30/34] library/roles/smartgears/smart_executor/tasks/main.yml: Run the tasks as gcube user. --- smartgears/smart_executor/tasks/main.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/smartgears/smart_executor/tasks/main.yml b/smartgears/smart_executor/tasks/main.yml index fc7bb5e1..99d359aa 100644 --- a/smartgears/smart_executor/tasks/main.yml +++ b/smartgears/smart_executor/tasks/main.yml @@ -18,5 +18,7 @@ unarchive: copy=no src={{ smartgears_user_home }}/{{ smart_executor_file }} dest={{ smartgears_instance_path }}/webapps/{{ smart_executor_name }} creates={{ smartgears_instance_path }}/webapps/{{ smart_executor_name }}/WEB-INF/lib when: smart_executor_install notify: Restart smartgears - + + become: True + become_user: '{{ d4science_user }}' tags: [ 'smartgears', 'smart_executor', 'tomcat' ] From e642ffb6480cbb0dbb49387e41bf07e9314eaa35 Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Fri, 15 Jul 2016 19:49:31 +0200 Subject: [PATCH 31/34] infrastructure-services: Some cleanups --- smartgears/smartgears/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/smartgears/smartgears/defaults/main.yml b/smartgears/smartgears/defaults/main.yml index b473f00a..b9448ef2 100644 --- a/smartgears/smartgears/defaults/main.yml +++ b/smartgears/smartgears/defaults/main.yml @@ -33,7 +33,7 @@ smartgears_service_name: 'tomcat-instance-{{ smartgears_http_port }}' smartgears_loglevel: WARN smartgears_tomcat_contexts: - - whn-manager + whn-manager smartgears_define_context_vo: False smartgears_context: '/smart-executor' smartgears_contexts_list: From 4d53951c939d2f16e158afe49dbef7e1dd436e67 Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Fri, 15 Jul 2016 19:55:04 +0200 Subject: [PATCH 32/34] library/roles/smartgears/smartgears/defaults/main.yml: The tomcat app contexts is an array. --- smartgears/smartgears/defaults/main.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/smartgears/smartgears/defaults/main.yml b/smartgears/smartgears/defaults/main.yml index b9448ef2..a8ce8e87 100644 --- a/smartgears/smartgears/defaults/main.yml +++ b/smartgears/smartgears/defaults/main.yml @@ -32,8 +32,7 @@ smartgears_service_name: 'tomcat-instance-{{ smartgears_http_port }}' smartgears_loglevel: WARN -smartgears_tomcat_contexts: - whn-manager +smartgears_tomcat_contexts: [ 'whn-manager' ] smartgears_define_context_vo: False smartgears_context: '/smart-executor' smartgears_contexts_list: @@ -55,7 +54,7 @@ http_port: '{{ smartgears_http_port }}' tomcat_m_webapps_unpack: True tomcat_m_instances: - - { http_enabled: True, http_port: '{{ smartgears_http_port }}', http_address: '0.0.0.0', ajp_enabled: False, ajp_port: '8109', ajp_address: '127.0.0.1', restart_timeout: '{{ tomcat_m_restart_timeout }}', shutdown_port: '-1', java_home: '{{ jdk_java_home }}', user: '{{ smartgears_user }}', user_home: '{{ smartgears_user_home }}', user_shell: '{{ tomcat_m_default_user_shell }}', instance_path: '{{ smartgears_instance_path }}', max_threads: '{{ tomcat_m_max_threads }}', autodeploy: '{{ tomcat_m_webapps_autodeploy }}', unpack: '{{ tomcat_m_webapps_unpack }}', default_conf: True, java_opts: '{{ tomcat_m_java_opts }}', java_gc_opts: '{{ tomcat_m_java_gc_opts }}', other_java_opts: '{{ tomcat_m_other_java_opts }}', remote_debugging: '{{ tomcat_m_enable_remote_debugging }}', remote_debugging_port: '{{ smartgears_debugging_port }}' , access_log_enabled: True, log_rotation_freq: daily, log_retain: 30, allowed_hosts: [ '0.0.0.0/0' ], app_contexts: [ '{{ smartgears_tomcat_contexts }}' ], servername: '{{ ansible_fqdn }}' } + - { http_enabled: True, http_port: '{{ smartgears_http_port }}', http_address: '0.0.0.0', ajp_enabled: False, ajp_port: '8109', ajp_address: '127.0.0.1', restart_timeout: '{{ tomcat_m_restart_timeout }}', shutdown_port: '-1', java_home: '{{ jdk_java_home }}', user: '{{ smartgears_user }}', user_home: '{{ smartgears_user_home }}', user_shell: '{{ tomcat_m_default_user_shell }}', instance_path: '{{ smartgears_instance_path }}', max_threads: '{{ tomcat_m_max_threads }}', autodeploy: '{{ tomcat_m_webapps_autodeploy }}', unpack: '{{ tomcat_m_webapps_unpack }}', default_conf: True, java_opts: '{{ tomcat_m_java_opts }}', java_gc_opts: '{{ tomcat_m_java_gc_opts }}', other_java_opts: '{{ tomcat_m_other_java_opts }}', remote_debugging: '{{ tomcat_m_enable_remote_debugging }}', remote_debugging_port: '{{ smartgears_debugging_port }}' , access_log_enabled: True, log_rotation_freq: daily, log_retain: 30, allowed_hosts: [ '0.0.0.0/0' ], app_contexts: '{{ smartgears_tomcat_contexts }}', servername: '{{ ansible_fqdn }}' } # To enable debugging: # - Set From a96ff08a5b00b4623531b1d2093431b17eaaede3 Mon Sep 17 00:00:00 2001 From: Roberto Cirillo Date: Mon, 18 Jul 2016 18:31:26 +0200 Subject: [PATCH 33/34] ../library/roles/smartgears/smartgears/defaults/main.yml added multiple application context on tomcat-multi-instances --- smartgears/smartgears/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/smartgears/smartgears/defaults/main.yml b/smartgears/smartgears/defaults/main.yml index b473f00a..fe02d193 100644 --- a/smartgears/smartgears/defaults/main.yml +++ b/smartgears/smartgears/defaults/main.yml @@ -55,7 +55,7 @@ http_port: '{{ smartgears_http_port }}' tomcat_m_webapps_unpack: True tomcat_m_instances: - - { http_enabled: True, http_port: '{{ smartgears_http_port }}', http_address: '0.0.0.0', ajp_enabled: False, ajp_port: '8109', ajp_address: '127.0.0.1', restart_timeout: '{{ tomcat_m_restart_timeout }}', shutdown_port: '-1', java_home: '{{ jdk_java_home }}', user: '{{ smartgears_user }}', user_home: '{{ smartgears_user_home }}', user_shell: '{{ tomcat_m_default_user_shell }}', instance_path: '{{ smartgears_instance_path }}', max_threads: '{{ tomcat_m_max_threads }}', autodeploy: '{{ tomcat_m_webapps_autodeploy }}', unpack: '{{ tomcat_m_webapps_unpack }}', default_conf: True, java_opts: '{{ tomcat_m_java_opts }}', java_gc_opts: '{{ tomcat_m_java_gc_opts }}', other_java_opts: '{{ tomcat_m_other_java_opts }}', remote_debugging: '{{ tomcat_m_enable_remote_debugging }}', remote_debugging_port: '{{ smartgears_debugging_port }}' , access_log_enabled: True, log_rotation_freq: daily, log_retain: 30, allowed_hosts: [ '0.0.0.0/0' ], app_contexts: [ '{{ smartgears_tomcat_contexts }}' ], servername: '{{ ansible_fqdn }}' } + - { http_enabled: True, http_port: '{{ smartgears_http_port }}', http_address: '0.0.0.0', ajp_enabled: False, ajp_port: '8109', ajp_address: '127.0.0.1', restart_timeout: '{{ tomcat_m_restart_timeout }}', shutdown_port: '-1', java_home: '{{ jdk_java_home }}', user: '{{ smartgears_user }}', user_home: '{{ smartgears_user_home }}', user_shell: '{{ tomcat_m_default_user_shell }}', instance_path: '{{ smartgears_instance_path }}', max_threads: '{{ tomcat_m_max_threads }}', autodeploy: '{{ tomcat_m_webapps_autodeploy }}', unpack: '{{ tomcat_m_webapps_unpack }}', default_conf: True, java_opts: '{{ tomcat_m_java_opts }}', java_gc_opts: '{{ tomcat_m_java_gc_opts }}', other_java_opts: '{{ tomcat_m_other_java_opts }}', remote_debugging: '{{ tomcat_m_enable_remote_debugging }}', remote_debugging_port: '{{ smartgears_debugging_port }}' , access_log_enabled: True, log_rotation_freq: daily, log_retain: 30, allowed_hosts: [ '0.0.0.0/0' ], app_contexts: '{{ smartgears_tomcat_contexts }}' , servername: '{{ ansible_fqdn }}' } # To enable debugging: # - Set From 5dace451a3b92d394d602c0cbf3eb2793b5c8da9 Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Mon, 18 Jul 2016 19:28:35 +0200 Subject: [PATCH 34/34] library/roles/fusiondirectory: Install the fusiondirectory packages. --- fusiondirectory/defaults/main.yml | 27 +++++++++++++++ fusiondirectory/tasks/main.yml | 6 ++++ fusiondirectory/tasks/manage-fd-packages.yml | 35 ++++++++++++++++++++ fusiondirectory/tasks/manage-fd-repos.yml | 29 ++++++++++++++++ fusiondirectory/tasks/manage-fd-schemas.yml | 27 +++++++++++++++ 5 files changed, 124 insertions(+) create mode 100644 fusiondirectory/defaults/main.yml create mode 100644 fusiondirectory/tasks/main.yml create mode 100644 fusiondirectory/tasks/manage-fd-packages.yml create mode 100644 fusiondirectory/tasks/manage-fd-repos.yml create mode 100644 fusiondirectory/tasks/manage-fd-schemas.yml diff --git a/fusiondirectory/defaults/main.yml b/fusiondirectory/defaults/main.yml new file mode 100644 index 00000000..cb0afa20 --- /dev/null +++ b/fusiondirectory/defaults/main.yml @@ -0,0 +1,27 @@ +--- +fusiondirectory_install: False +fusiondirectory_schemas_install: True +# We use the debian wheezy repo for Ubuntu precise and Ubuntu trusty +fusiond_repo: 'deb http://repos.fusiondirectory.org/debian-wheezy wheezy main' +fusiond_extra_repo: 'deb http://repos.fusiondirectory.org/debian-extra wheezy main' +fusiond_repo_key: 62B4981F +fusiond_gpg_repo: keys.gnupg.net + +fusiondirectory_main_pkgs: + - fusiondirectory-archive-keyring + - fusiondirectory + +fusiondirectory_main_plugins: + - fusiondirectory-plugin-nagios + - fusiondirectory-plugin-ldapmanager + - fusiondirectory-plugin-ssh + +fusiondirectory_main_schemas: + - fusiondirectory-plugin-nagios-schema + - fusiondirectory-schema + - fusiondirectory-plugin-ssh-schema + +#fusiondirectory_plugins: + +#fusiondirectory_schemas: + diff --git a/fusiondirectory/tasks/main.yml b/fusiondirectory/tasks/main.yml new file mode 100644 index 00000000..bfd4b6c7 --- /dev/null +++ b/fusiondirectory/tasks/main.yml @@ -0,0 +1,6 @@ +--- +- include: manage-fd-repos.yml +- include: manage-fd-packages.yml +- include: manage-fd-schemas.yml + when: fusiondirectory_schemas_install + diff --git a/fusiondirectory/tasks/manage-fd-packages.yml b/fusiondirectory/tasks/manage-fd-packages.yml new file mode 100644 index 00000000..84c7999b --- /dev/null +++ b/fusiondirectory/tasks/manage-fd-packages.yml @@ -0,0 +1,35 @@ +--- +- block: + + - name: Install the fusiondirectory main packages + apt: name={{ item }} state=present update_cache=yes + with_items: '{{ fusiondirectory_main_pkgs }}' + + - name: Install the fusiondirectory main plugins + apt: name={{ item }} state=present + with_items: '{{ fusiondirectory_main_plugins }}' + + - name: Install the fusiondirectory additional plugins + apt: name={{ item }} state=present + with_items: '{{ fusiondirectory_plugins | default ([]) }}' + + when: fusiondirectory_install + tags: fusiondirectory + +- block: + + - name: Remove the fusiondirectory main plugins + apt: name={{ item }} state=absent + with_items: '{{ fusiondirectory_main_plugins }}' + + - name: Remove the fusiondirectory additional plugins + apt: name={{ item }} state=absent + with_items: '{{ fusiondirectory_plugins | default ([]) }}' + + - name: Remove the fusiondirectory main packages + apt: name={{ item }} state=absent + with_items: '{{ fusiondirectory_main_pkgs }}' + + when: not fusiondirectory_install + tags: fusiondirectory + diff --git a/fusiondirectory/tasks/manage-fd-repos.yml b/fusiondirectory/tasks/manage-fd-repos.yml new file mode 100644 index 00000000..db866703 --- /dev/null +++ b/fusiondirectory/tasks/manage-fd-repos.yml @@ -0,0 +1,29 @@ +--- +- block: + + - name: Get the Fusion Directory repo key + apt_key: id={{ fusiond_repo_key }} keyserver={{ fusiond_gpg_repo }} + + - name: Install the Fusion Directory repo + apt_repository: repo={{ fusiond_repo }} + + - name: Install the Fusion Directory debian extras repo + apt_repository: repo={{ fusiond_extra_repo }} + + when: fusiondirectory_install + tags: fusiondirectory + +- block: + + - name: Remove the Fusion Directory repo key + apt_key: id={{ fusiond_repo_key }} keyserver={{ fusiond_gpg_repo }} state=absent + + - name: Remove the Fusion Directory repo + apt_repository: repo={{ fusiond_repo }} state=absent + + - name: Remove the Fusion Directory debian extras repo + apt_repository: repo={{ fusiond_extra_repo }} state=absent update_cache=yes + + when: not fusiondirectory_install + tags: fusiondirectory + diff --git a/fusiondirectory/tasks/manage-fd-schemas.yml b/fusiondirectory/tasks/manage-fd-schemas.yml new file mode 100644 index 00000000..1c4328c8 --- /dev/null +++ b/fusiondirectory/tasks/manage-fd-schemas.yml @@ -0,0 +1,27 @@ +--- +- block: + + - name: Install the fusiondirectory main schemas + apt: name={{ item }} state=present update_cache=yes + with_items: '{{ fusiondirectory_main_schemas }}' + + - name: Install the fusiondirectory additional schemas + apt: name={{ item }} state=present + with_items: '{{ fusiondirectory_schemas | default ([]) }}' + + when: fusiondirectory_schemas_install + tags: [ 'fusiondirectory', 'fd_schemas' ] + +- block: + + - name: Remove the fusiondirectory main schemas + apt: name={{ item }} state=absent + with_items: '{{ fusiondirectory_main_schemas }}' + + - name: Remove the fusiondirectory additional schemas + apt: name={{ item }} state=absent + with_items: '{{ fusiondirectory_schemas | default ([]) }}' + + when: not fusiondirectory_schemas_install + tags: [ 'fusiondirectory', 'fd_schemas' ] +