From 87b1788865061ae0a5013ac787c1aeef2a3b0d93 Mon Sep 17 00:00:00 2001 From: chopupu <1123478123@qq.com> Date: Tue, 13 May 2025 10:37:11 +0800 Subject: [PATCH 1/3] =?UTF-8?q?=E8=A7=84=E8=8C=83stratovirt=E6=96=87?= =?UTF-8?q?=E6=A1=A3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- docs/zh/docs/Container/container.md | 18 - .../Container/figures/isula-build_arch.png | Bin 3418 -> 0 bytes .../figures/zh-cn_image_0221924926.png | Bin 1607 -> 0 bytes .../figures/zh-cn_image_0221924927.png | Bin 1858 -> 0 bytes docs/zh/docs/Kubernetes/Kubernetes.md | 12 - ...2\346\214\207\345\215\227 - containerd.md" | 244 ----- ...45\345\205\267\344\273\213\347\273\215.md" | 433 -------- ...06\351\231\244\351\233\206\347\276\244.md" | 27 - ...50\345\214\226\351\203\250\347\275\262.md" | 20 - ...50\347\275\262\351\233\206\347\276\244.md" | 258 ----- .../Kubernetes/figures/advertiseAddress.png | Bin 4940 -> 0 bytes docs/zh/docs/Kubernetes/figures/arch.png | Bin 45519 -> 0 bytes .../docs/Kubernetes/figures/flannelConfig.png | Bin 3352 -> 0 bytes docs/zh/docs/Kubernetes/figures/name.png | Bin 3416 -> 0 bytes docs/zh/docs/Kubernetes/figures/podSubnet.png | Bin 3346 -> 0 bytes .../public_sys-resources/icon-note.gif | Bin 394 -> 0 bytes ...07\350\231\232\346\213\237\346\234\272.md" | 157 --- ...06\345\244\207\350\257\201\344\271\246.md" | 388 ------- ...es\350\275\257\344\273\266\345\214\205.md" | 13 - .../\345\256\211\350\243\205etcd.md" | 88 -- ...43\345\206\263\346\226\271\346\263\225.md" | 13 - ...50\347\275\262\351\233\206\347\276\244.md" | 20 - ...350\241\214\346\265\213\350\257\225pod.md" | 42 - ...02\347\202\271\347\273\204\344\273\266.md" | 383 ------- ...66\351\235\242\347\273\204\344\273\266.md" | 353 ------- ...50\346\210\267\346\214\207\345\215\227.md" | 995 ------------------ docs/zh/docs/NestOS/figures/figure1.png | Bin 140633 -> 0 bytes docs/zh/docs/NestOS/figures/figure2.png | Bin 39548 -> 0 bytes docs/zh/docs/NestOS/overview.md | 4 - ...71\346\200\247\346\217\217\350\277\260.md" | 105 -- .../public_sys-resources/icon-note.gif | Bin 394 -> 0 bytes docs/zh/docs/virtulization/.markdownlint.json | 24 + .../stratovirt}/StratoVirtGuide.md | 0 .../stratovirt/_toc.yaml | 20 + .../figures/StratoVirt_architecture.jpg | Bin .../stratovirt/install_stratovirt.md | 11 +- .../stratovirt/interconnect_isula.md | 9 +- .../stratovirt/interconnect_libvirt.md | 93 +- .../stratovirt/prepare_env.md | 33 +- .../stratovirt/stratovirt_introduction.md | 0 .../stratovirt_vfio_instructions.md | 0 .../stratovirt/vm_configuration.md | 55 +- .../stratovirt/vm_management.md | 152 ++- 43 files changed, 183 insertions(+), 3787 deletions(-) delete mode 100644 docs/zh/docs/Container/container.md delete mode 100644 docs/zh/docs/Container/figures/isula-build_arch.png delete mode 100644 docs/zh/docs/Container/figures/zh-cn_image_0221924926.png delete mode 100644 docs/zh/docs/Container/figures/zh-cn_image_0221924927.png delete mode 100644 docs/zh/docs/Kubernetes/Kubernetes.md delete mode 100644 "docs/zh/docs/Kubernetes/Kubernetes\351\233\206\347\276\244\351\203\250\347\275\262\346\214\207\345\215\227 - containerd.md" delete mode 100644 "docs/zh/docs/Kubernetes/eggo\345\267\245\345\205\267\344\273\213\347\273\215.md" delete mode 100644 "docs/zh/docs/Kubernetes/eggo\346\213\206\351\231\244\351\233\206\347\276\244.md" delete mode 100644 "docs/zh/docs/Kubernetes/eggo\350\207\252\345\212\250\345\214\226\351\203\250\347\275\262.md" delete mode 100644 "docs/zh/docs/Kubernetes/eggo\351\203\250\347\275\262\351\233\206\347\276\244.md" delete mode 100644 docs/zh/docs/Kubernetes/figures/advertiseAddress.png delete mode 100644 docs/zh/docs/Kubernetes/figures/arch.png delete mode 100644 docs/zh/docs/Kubernetes/figures/flannelConfig.png delete mode 100644 docs/zh/docs/Kubernetes/figures/name.png delete mode 100644 docs/zh/docs/Kubernetes/figures/podSubnet.png delete mode 100644 docs/zh/docs/Kubernetes/public_sys-resources/icon-note.gif delete mode 100644 "docs/zh/docs/Kubernetes/\345\207\206\345\244\207\350\231\232\346\213\237\346\234\272.md" delete mode 100644 "docs/zh/docs/Kubernetes/\345\207\206\345\244\207\350\257\201\344\271\246.md" delete mode 100644 "docs/zh/docs/Kubernetes/\345\256\211\350\243\205Kubernetes\350\275\257\344\273\266\345\214\205.md" delete mode 100644 "docs/zh/docs/Kubernetes/\345\256\211\350\243\205etcd.md" delete mode 100644 "docs/zh/docs/Kubernetes/\345\270\270\350\247\201\351\227\256\351\242\230\344\270\216\350\247\243\345\206\263\346\226\271\346\263\225.md" delete mode 100644 "docs/zh/docs/Kubernetes/\346\211\213\345\212\250\351\203\250\347\275\262\351\233\206\347\276\244.md" delete mode 100644 "docs/zh/docs/Kubernetes/\350\277\220\350\241\214\346\265\213\350\257\225pod.md" delete mode 100644 "docs/zh/docs/Kubernetes/\351\203\250\347\275\262Node\350\212\202\347\202\271\347\273\204\344\273\266.md" delete mode 100644 "docs/zh/docs/Kubernetes/\351\203\250\347\275\262\346\216\247\345\210\266\351\235\242\347\273\204\344\273\266.md" delete mode 100644 "docs/zh/docs/NestOS/NestOS For Container\347\224\250\346\210\267\346\214\207\345\215\227.md" delete mode 100644 docs/zh/docs/NestOS/figures/figure1.png delete mode 100644 docs/zh/docs/NestOS/figures/figure2.png delete mode 100644 docs/zh/docs/NestOS/overview.md delete mode 100644 "docs/zh/docs/NestOS/\345\212\237\350\203\275\347\211\271\346\200\247\346\217\217\350\277\260.md" delete mode 100644 docs/zh/docs/StratoVirt/public_sys-resources/icon-note.gif create mode 100644 docs/zh/docs/virtulization/.markdownlint.json rename docs/zh/docs/{StratoVirt => virtulization/virtulization_platform/stratovirt}/StratoVirtGuide.md (100%) create mode 100644 docs/zh/docs/virtulization/virtulization_platform/stratovirt/_toc.yaml rename docs/zh/docs/{StratoVirt => virtulization/virtulization_platform/stratovirt}/figures/StratoVirt_architecture.jpg (100%) rename "docs/zh/docs/StratoVirt/\345\256\211\350\243\205StratoVirt.md" => docs/zh/docs/virtulization/virtulization_platform/stratovirt/install_stratovirt.md (96%) rename "docs/zh/docs/StratoVirt/\345\257\271\346\216\245iSula\345\256\211\345\205\250\345\256\271\345\231\250.md" => docs/zh/docs/virtulization/virtulization_platform/stratovirt/interconnect_isula.md (99%) rename "docs/zh/docs/StratoVirt/\345\257\271\346\216\245libvirt.md" => docs/zh/docs/virtulization/virtulization_platform/stratovirt/interconnect_libvirt.md (95%) rename "docs/zh/docs/StratoVirt/\345\207\206\345\244\207\344\275\277\347\224\250\347\216\257\345\242\203.md" => docs/zh/docs/virtulization/virtulization_platform/stratovirt/prepare_env.md (97%) rename "docs/zh/docs/StratoVirt/StratoVirt\344\273\213\347\273\215.md" => docs/zh/docs/virtulization/virtulization_platform/stratovirt/stratovirt_introduction.md (100%) rename "docs/zh/docs/StratoVirt/StratoVirt-VFIO\344\275\277\347\224\250\350\257\264\346\230\216.md" => docs/zh/docs/virtulization/virtulization_platform/stratovirt/stratovirt_vfio_instructions.md (100%) rename "docs/zh/docs/StratoVirt/\350\231\232\346\213\237\346\234\272\351\205\215\347\275\256.md" => docs/zh/docs/virtulization/virtulization_platform/stratovirt/vm_configuration.md (95%) rename "docs/zh/docs/StratoVirt/\350\231\232\346\213\237\346\234\272\347\256\241\347\220\206.md" => docs/zh/docs/virtulization/virtulization_platform/stratovirt/vm_management.md (95%) diff --git a/docs/zh/docs/Container/container.md b/docs/zh/docs/Container/container.md deleted file mode 100644 index c86353b2a..000000000 --- a/docs/zh/docs/Container/container.md +++ /dev/null @@ -1,18 +0,0 @@ -## 概述 - -openEuler软件包中同时提供了轻量化容器引擎iSulad与docker engine两种容器引擎。 - -同时根据不同使用场景,提供多种容器形态,包括: - -- 适合大部分通用场景的普通容器 -- 适合强隔离与多租户场景的安全容器 -- 适合使用systemd管理容器内业务场景的系统容器 - -本文档提供容器引擎的安装和使用方法以及各个容器形态的部署使用方法。 - -## 读者对象 - -本文档主要适用于使用openEuler并需要安装容器的用户。用户需要具备以下经验和技能: - -- 熟悉Linux基本操作 -- 对容器有一定了解 \ No newline at end of file diff --git a/docs/zh/docs/Container/figures/isula-build_arch.png b/docs/zh/docs/Container/figures/isula-build_arch.png deleted file mode 100644 index 911a9ae6f46988586ab49f15de282948f5470c37..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 3418 zcmcgvX*kqh{~koyDly4kvSdP(Z7fqXk}yn2WJ{=_F|rI?V032^W{MfosI9JwWK4Yl9RbUQdLjRHYsL0XP1I>#f z*DIkZp$ado?(ip`OU>`tERAO`u5B3RhRE{cw0k#Py;YhFFsb({YE)!4+#B`Y7<^uu z%*ilty?)bJktQA#=W29If5hV_U4LvOP_5>-I~qNeJ$7&cD#Q4ijd~p#PWa=Fwy^?2 zq4>4O!q=ceZr!d0n!@Dh`skK&_Qn|wVZ#mC3#}a9^%5uCjZQeuY;9ZB$trWipH*q*hr=xbE+jC! z5uV?h%3cX0PhX$I4h%AAM4fs%#>FEhjUDwHB1cTScEf7-;vvLS0q&tQiJ0nBorY9( z3)Q-IW2jTL?XmQI3kXR+HQKyll)FRpph8gRB#lLX7|4hCuQj~s(7Vkf8g z%@T}2AKy+ym@19svY*^@EJ=QWccO+lO7*c4a>&9WPN-DoG<2OK-oWKQ#`j{wZNve6U@Dykh^* zQ|)yZ#Q1!%4tr8QtHQuYd3pLlNyJ>e2yR`Kr|Ky}Hqwz@8by-CA$Gie| z&^WAwV05Xtb)o_cmV&`^Kgu@41edpHFcc-FfU;a0?oGw*rFty-g(2vQH8_7@+Mc%A zgBh}iorIn)KM%~Lx`I;{DTdckc=@BRl*D9hx;Z^)cGx)Z_3NJ$^WoT+h_EShMwxuxfG>l9y_?)!N+i9w61je>UO&aHgL#Wc9()JLTDi0y(mPxMVs zA-8H}H;VfumF4xpgyR`?-(WjMnK#@r*=3bpQeTa(v#KzTh@1S4C5L)cQ80^~e3nv-f^Ol77>m zoul+@m0l3tA;w+=sFPY>sB+?G^x$l`-_W& zm7PykfgEvW0U2cdj-vR2XgrOg;v?b}Sg(5YFg9-ohB(6I7~bnvHo)(7wtVRc1_7KO zJ)4e$iqTq$5(^S+@5U6PiH2wUzleUbrurX-@uH*u{IzVH{=f&@lj$!o`DVjg5m~QC zs&>p-!RG|XsJ1+w-o3q@xX4?dfSJ)|!ZMop4^oe1X~gIIoYePipgC1L90gLVyeYW8 zW%ZUlZZ09WbCK>OYTkDiFoutcS6bKWkYW+q_2JZ2PUl=t3)k7zr`4@Bzw(0o_SOXt z^MGvYJi@06auGNzqz!tN0vR#nd=l97OqV3*aRLRKs&_b%9y7>$dCLB-7)27_{DT)C zxa6d}8;h7|dlu&G@`KQ?vYQ5{x_z%^>qbNnDrZ8K;|WRXS>??jqo=*Q9&7shv5R^A z;T2PggsUII0j+nEw$J_6xqp0JaAUmA9Kgq%dWIY2`JJByRl9oz2A!3O78C%-(V$S6 zi&vw(G-!*erhKpjN#J(qKS za@To~B8(o}ZTuWk$pK&`nFhj?edbkWlUlN2oyew^fUL!c{(jm1a&kkh>{jSdzlc=1 zws+s|jLo@Lt{^*2NP|6Z(xde=6Rf3Do-qY-*bS{plauOm=dqIyv}C{AXC{mDv+*fo z9bL5caFzodoI)INxB#x8Zwfe|8lSkdCZC@c6907+>%|*8rm=pSJ&j?StPeE`jL{l6 zj+@3QFj~y-tCBiISwMJ!qP`9+HTd&3W~8V60hrGIwT z0->(X1EV>Y!2t}xJ@>z%`;6G2SdzB1&#Csf*qjb;X=!=Y9M+lnQ+Gj;r7~!!A3Y}a-vJBWhb4H6-y*OvimdNMj0S~2(UhD6EcmBZ9UQ% z0O(`3LjNoy501)raWSPQxQ;xuno|e~osPpNNi5_Bk7ROCqu`A)(WF_I&^sWUf(q#K z&AcUSq=mB$X3EpD?B9GcdaRY}a90QHV*ufpwZ0I&V=oL$#ISX~Wzl=+hQE718f+Dk zLffFk%b?H-KU15N=h`8QMhW5HH)bR&y$B=m8>$6cobhwmTt~cty3h?>HXal6EG(y`U_IGBnn(nRjCi zYTC>fZ8oj;|1%ZyhcTSg^8g;%#VvIn|3;1C39}5x|GEbD!8Z5wZ6`YYK{jGWL`-!u z=tF)hA2G!BhFBf1Ayre3;f{Z4J}X;idc_^v-X!Z*hVSk8e1NDfj>9c4rwN$aQ)zH3 zvVgTFJL%Iuhju_b&&J_c^z{;CYUFu@nxLj3U8Y&i?Y5EV^`7jLjs1T4qlK0?>eAf_ z(+f)deIC`V!$_)aaSBb~&Nvz&Q3+NWsXP%iiZXrRQTp!QJ*B6$V;=9b>#=?PwSBrt zsNVJylM9PFc(mQm1!mQ1xEYfJtK(IYW!9&Pnj-g zQKim0G2O6~lIKrv2B(+i-A|tLr(yf*1^HB9|ND*5`5?rC-4<;9AYr2*T1C9hAwu!>FJReO^1 z=cCk@+u+`*w!hx&?@kn-=^%=NU6x85@2VI0V9=u2vO$fFL|;rw z{BY6Z^Qq1!GmsKolAHEs{JmYqu=|jz8U1U)8?Pl(yOYV~HB&*Md4lO_f;8yd7jLX$ zP99lc(3vNi^q&OYQu}`-@Yz59qrjsD=e^nqGLglJE;w=Mz&LX2?PHd;Ml0rMlwAon zLxo4O8QRAFze_&^>OJ#a5<>nG3+Qk2mX~)*02RLc@h`<8=Hx@Co{V=2b7>L>wRQ-* z!dT9{C^E~yh_mg)MBz{IN#(QswQ-d8Y*GVq^!nUd_!KJYm(Kg>MApv|z}OH5#Tz(B F{vW4ByAS{X diff --git a/docs/zh/docs/Container/figures/zh-cn_image_0221924926.png b/docs/zh/docs/Container/figures/zh-cn_image_0221924926.png deleted file mode 100644 index d245d48dc07e2b01734e21ec1952e89fa9269bdb..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1607 zcmV-N2Dtf&P)pK`AI}URA}DqntM=Gbri=xcX!qSCDOwmk1w?y+bX_7Bg zbTUWnF+HrT$jr1!8o*vQHsx43<4l%so7B_{Q!8^S9bai!QkIH|E7Bq@i|k$(=#Pz? z7li0Bf%f~(?9A@|&i&1A&gcHlIlptSM8?7zgj$-ib;1WNQv!?tBP75GFhc(eFs`Kd ze?E!HNP0>au-mR`FoqVh61$C0=8j^=fkO8FaPBW%`pQ=Y;4KfqO^9Lbtl^lA2BZnE z3NZgv-#j}GTbPl~v5}1K*NIk!rfp^=Sk20UGq`^TGjm9H%tiwRg{4=tm*Zuobd7Bs z^tSy13_wIkLknsft@M!`ne%zW4-I$ZjbtXK#%qSc)Wg| zN^{k-y)nKGQ-&rrxRwj$0Rg5qugtxp4@$5)w5q;>^{zn%?H%6+vB3ixw9{=40;jDtWF0X&mM^qtmcs= zyHuyw4L9wh!zuFx(CegnyWsNtvUbV<>|sU<3QKuq(;?oNJ{Zrheq1kaQSBF`^#b6G z$ESgu2jqwx6LS9X`4f?`#GP^nba*=4;%x!jmOeRMdj40@L49VK(sXJn=K!)i7# z>gJBBO;L%Dm|1HW`@&Xs9z4y?gQtm^wT75kYdBYWQ8Qn9Vkm5t`4l!C`kuBXBW9z4 zt5wam@}y^0<4TBO|FKhGw=rXMPb3LkFK^-go*gxJ`#zvoVq5e&Nxl06N>DT3rXSC; zYG(lnas*GMxftmR%@JiYX~JL6glGY#Q3aF`6rk|MNwf|(@%FZFLyqs+@e1a_Mia9f z70!JlZa}A#7}`5d{XfcXX2E>}#E$u^TK(`yWQP^Er-JEgKL6YExZNINXRlR%Ki$78 zkB>{HsKlp9{>$&|uK_2(TtUkoNMlTD0)8b(x10?SP#Uzgm<$A~Y8u^vmnV7Wh!g;| ze6AfkccDTg|38D0p4y43ni{%ft*4^c19lr$r{jwDVP*r>HBEomdRw0kRQNAp4>Pj= z>CsnRC~Gz_2~Il}lb&g>?NIOLLvzyk`K3uD*GbTsu0+g61HQ^jO+Fteh+~44-RK&pAO_sO{H(=c1(VAs|xt=Gh>Me zH*vbSTvK|xPq{gK{5&@$wWF*&0JQujX0zp($ABu{-|^@JAD~_LFzI1e?`})nfR6hq5Ji596M+?yTQ^T)pdEN%4I7+*m4= zAi-cY_b&cKEe`4`J*5lFGl!wqNep>@3;U0qLXMY1Ij52H5Oy1KR5`DE4rz zO1!=#zz7L20*sIVBftm=FhT;103-CT$N*#uH?%nI`VBD002ovPDHLk FV1id93qSw> diff --git a/docs/zh/docs/Container/figures/zh-cn_image_0221924927.png b/docs/zh/docs/Container/figures/zh-cn_image_0221924927.png deleted file mode 100644 index a32856aa08e459ed0f51f8fcf4c2f51511c12095..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1858 zcmaJ?Yfuwc6i&s85>P0^#--)#Pef1Ye11=n9(+-JsC{G=&lnWY8&;87K**plNEYkT!6#jRvVz zLfR^}j3LvB(RB6ljW`;+afMvDF+<5y(Sib@00SR5(4eFOGHBLo3BEx{d*hc6*0y7q z2E8#MGlaCaq*lwKATfrc5Sz~NRU#}V#O2Wu4ui*JErpm2gbOpcFyiOSK==#}-;W24 z4;qMut5W$flF;#3U?-%dlcbIh!+O1*uJ@y3cp8lGcs!WFgqciVVBt$-X-S2_S4((J zc#xok5?AX;HKv7Z9u+BACMl!=rf*Zw=wz~Yj``0*zhHoGE;+UNvT9g11EHqTE%DiGY}D* z9V`(uSqKv1@9)nNix~)06f6$$7a_<5R;ndPg;t49VAb!jqK{(vVjNYF7%s=K^%LET zO2*+F>^M;rS8qU7p*W_2-js%~{y=yxD>#(RWpO}wKO6O6 zj+iIn^27*-%?1(x)Zb!NA4q!~%l%(049LK?zW%4r6GuQiw&gq3g3UYKqgo(#9H_e5 zczhbTEX`7hNN%`xyduu$MAFQ2-M1(W+I$LqoALnP$U= z4QXlHk0m4|6z|;W=;Rc4&}@D(HrC(UJIlo-Iw9f9iZJi6=H0t@gRfJJMkAh_5FcL| z85#MVDM%nt_IGwZv{=F(I!bSzZg2O3pk*%3_bir;27?c`u-t03DijKWAj0ey2zb25 zLqjK9T5^oW3a=TNgWcWTMYZO&B*_|GvKDcBHiib}&UULyzjL*#i<}2MRaI4M zYhWIS#ZslFS{^(o-?OK_zW(0byNeq)<>c(Gs&b(;G&IP|=iRgr$0cckX#<`RUf^Use42H>K{BO_NjI`aRBi;p)Kzp9+# z>gqc3;zhQ%9qqyG+bNf#F$~+jZCkKd+_4CRi=JOyU2ULJsg{S?N}24}v9Z9JOWd3n ze?E7v4_|P;xw$#EEnO6LE5vKoS&>J>)~#C$ieJ5Yb$i>$4CnBJ)cwLlvDhxMZJ|3; zZk0DxG`*fvH^BMUWJ-vOyV}>cFtKxuhlfY>{-TplhK8gyCX%$hf zhnY+!fj|H+U0PdP>wLGT$5k2lI1G0_x^G{9oBOoZW5>!)rlY90K#+~&r8jo%+Ew(a z#bPnUTY*-F8=IP#0R>-=U<5IA?V3BBpP!$dot@sPso1+W!iUt^+uKjNySbyI!M7({`J&?!NG$3`Sa#Y2gAYPvz@Q%@4ki=N%Hpxv73*RqA3t@fc)puk z;f@{PX1kOfI&{d+&TdWY;N)R%Z|{h_imvk@z1D+pqx{E`(v;tOu3x9loW4w;R4N;X zi;JC#LRgL$YJ65iMgnT5&*#=x|JL;=BQ0%_eL?btfOW-&k;0l9uft5>yR;-Pc`R{n nS(%?uC_7# ![](./public_sys-resources/icon-note.gif)**说明** -> -> - 如果系统中已经安装了Docker,请确保在安装containerd之前卸载Docker,否则可能会引发冲突。 - -要求使用1.6.22-15或更高版本的containerd,如果下载的版本过低请运行以下命令升级成1.6.22-15版本,或自行升级。 -``` -$ wget --no-check-certificate https://repo.openeuler.org/openEuler-24.03-LTS/update/x86_64/Packages/containerd-1.6.22-15.oe2403.x86_64.rpm -$ rpm -Uvh containerd-1.6.22-15.oe2403.x86_64.rpm -``` -本教程中通过yum下载的软件包版本如下所示: -``` -1. containerd - -架构:x86_64 - -版本:1.6.22-15 -2. kubernetes - client/help/kubeadm/kubelet/master/node - -架构:x86_64 - -版本:1.29.1-4 -3. cri-tools - -架构:X86_64 - -版本:1.29.0-3 -``` - -### 2. 下载cni组件 - -``` -$ mkdir -p /opt/cni/bin -$ cd /opt/cni/bin -$ wget --no-check-certificate https://github.com/containernetworking/plugins/releases/download/v1.5.1/cni-plugins-linux-amd64-v1.5.1.tgz -$ tar -xzvf ./cni-plugins-linux-amd64-v1.5.1.tgz -C . -``` -> ![](./public_sys-resources/icon-note.gif)**说明** -> -> - 这里提供的是AMD64架构版本的下载链接,请根据系统架构选择合适的版本,其他版本可从[github仓库](https://github.com/containernetworking/plugins/releases/)获取。 - -### 3. 下载CNI插件(Flannel) -``` -$ wget https://raw.githubusercontent.com/flannel-io/flannel/master/Documentation/kube-flannel.yml --no-check-certificate -``` -## 环境配置 -本节对Kubernetes运行时所需的操作系统环境进行配置。 -### 1. 设置主机名 - -``` -$ hostnamectl set-hostname nodeName -``` -### 2. 配置防火墙 -**方法一:** - -配置防火墙规则以开放etcd和API Server的端口,确保控制平面和工作节点之间的正常通信。 -开放etcd的端口: -``` -$ firewall-cmd --zone=public --add-port=2379/tcp --permanent -$ firewall-cmd --zone=public --add-port=2380/tcp --permanent -``` -开放API Server的端口: -``` -$ firewall-cmd --zone=public --add-port=6443/tcp --permanent -``` -使防火墙规则生效: - -``` -$ firewall-cmd --reload -``` -> ![](./public_sys-resources/icon-note.gif)**说明** -> -> - 防火墙配置可能会导致某些容器镜像无法正常使用。为了确保其顺利运行,需要根据所使用的镜像开放相应的端口。 - -**方法二:** - -使用以下命令禁用防火墙: - -``` -$ systemctl stop firewalld -$ systemctl disable firewalld -``` -### 3. 禁用SELinux -SELinux的安全策略可能会阻止容器内的某些操作,比如写入特定目录、访问网络资源、或执行具有特权的操作。这会导致 CoreDNS 等关键服务无法正常运行,并表现为CrashLoopBackOff或 Error状态。可以使用以下命令来禁用SELinux: -``` -$ setenforce 0 -$ sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config -``` -### 4. 禁用swap -Kubernetes的资源调度器根据节点的可用内存和CPU资源来决定将哪些Pod分配到哪些节点上。如果节点上启用了swap,实际可用的物理内存和逻辑上可用的内存可能不一致,这会影响调度器的决策,导致某些节点出现过载,或者在某些情况下调度错误。因此需要禁用swap: -``` -$ swapoff -a -$ sed -ri 's/.*swap.*/#&/' /etc/fstab -``` -### 5. 网络配置 -启用桥接网络上的IPv6和IPv4流量通过iptables进行过滤,并启动IP转发,运行内核转发IPv4包,确保跨界点的Pod间通信: - -``` -$ cat > /etc/sysctl.d/k8s.conf << EOF -net.bridge.bridge-nf-call-ip6tables = 1 -net.bridge.bridge-nf-call-iptables = 1 -net.ipv4.ip_forward = 1 -vm.swappiness=0 -EOF -$ modprobe br_netfilter -$ sysctl -p /etc/sysctl.d/k8s.conf -``` -## 配置containerd -本节对containerd进行配置,包括设置pause_image、cgroup驱动、关闭"registry.k8s.io"镜像源证书验证、配置代理。 - -首先,生成containerd的默认配置文件并将其输出到containerd_conf指定的文件: - -``` -$ containerd_conf="/etc/containerd/config.toml" -$ mkdir -p /etc/containerd -$ containerd config default > "${containerd_conf}" -``` -配置pause_image: -``` -$ pause_img=$(kubeadm config images list | grep pause | tail -1) -$ sed -i "/sandbox_image/s#\".*\"#\"${pause_img}\"#" "${containerd_conf}" -``` -将cgroup驱动指定为systemd: -``` -$ sed -i "/SystemdCgroup/s/=.*/= true/" "${containerd_conf}" -``` -关闭"registry.k8s.io"镜像源证书验证: -``` -$ sed -i '/plugins."io.containerd.grpc.v1.cri".registry.configs/a\[plugins."io.containerd.grpc.v1.cri".registry.configs."registry.k8s.io".tls]\n insecure_skip_verify = true' /etc/containerd/config.toml -``` -配置代理(将HTTP_PROXY、HTTPS_PROXY、NO_PROXY中的"***"替换为自己的代理信息): -``` -$ server_path="/etc/systemd/system/containerd.service.d" -$ mkdir -p "${server_path}" -$ cat > "${server_path}"/http-proxy.conf << EOF -[Service] -Environment="HTTP_PROXY=***" -Environment="HTTPS_PROXY=***" -Environment="NO_PROXY=***" -EOF -``` -重启containerd,使得以上配置生效: -``` -$ systemctl daemon-reload -$ systemctl restart containerd -``` -## 配置crictl使用containerd作为容器运行时 -``` -$ crictl config runtime-endpoint unix:///run/containerd/containerd.sock -$ crictl config image-endpoint unix:///run/containerd/containerd.sock -``` -## 配置kubelet使用systemd作为cgroup驱动 - -``` -$ systemctl enable kubelet.service -$ echo 'KUBELET_EXTRA_ARGS="--runtime-cgroups=/systemd/system.slice --kubelet-cgroups=/systemd/system.slice"' >> /etc/sysconfig/kubelet -$ systemctl restart kubelet -``` -## 使用Kubeadm创建集群(仅控制平面需要) -### 1. 配置集群信息 -``` -$ kubeadm config print init-defaults --component-configs KubeletConfiguration >> kubeletConfig.yaml -$ vim kubeletConfig.yaml -``` -在kubeletConfig.yaml文件中,配置节点名称、广播地址(advertiseAddress)以及Pod网络的CIDR。 -
-**修改name为主机名,与环境配置[第一步](#1-设置主机名)一致:** -
-![](./figures/name.png) -
-**将advertiseAddress修改为控制平面的ip地址:** -
-![](./figures/advertiseAddress.png) -
-**在Networking中添加podSubnet指定CIDR范围:** -
-![](./figures/podSubnet.png) - -### 2. 部署集群 -这里使用kubeadm部署集群,许多配置是默认生成的(如认证证书),如需修改请查阅[官方文档](https://kubernetes.io/zh-cn/docs/home/ )。 - -**关闭代理(如有):** -``` -$ unset http_proxy https_proxy -``` -使用kubeadm init部署集群: - -``` -$ kubeadm init --config kubeletConfig.yaml -``` -指定kubectl使用的配置文件: -``` -$ mkdir -p "$HOME"/.kube -$ cp -i /etc/kubernetes/admin.conf "$HOME"/.kube/config -$ chown "$(id -u)":"$(id -g)" "$HOME"/.kube/config -$ export KUBECONFIG=/etc/kubernetes/admin.conf -``` -### 3. 部署cni插件(flannel) -本教程中使用flannel作为cni插件,以下介绍flannel下载和部署。 -以下使用的flannel从registry-1.docker.io镜像源下载,为避免证书验证失败的问题,请在containerd配置文件(/etc/containerd/config.toml)中配置该镜像源跳过证书验证。 -
-![](./figures/flannelConfig.png) -
-使用kubectl apply部署最开始在软件包安装中下载的kube-flannel.yml。 -``` -$ kubectl apply -f kube-flannel.yml -``` -> ![](./public_sys-resources/icon-note.gif)**说明** -> -> 控制平面可能会有污点的问题,导致kubectl get nodes中节点状态无法变成ready,请查阅[官方文档](https://kubernetes.io/zh-cn/docs/concepts/scheduling-eviction/taint-and-toleration/)去除污点。 -## 加入集群(仅工作节点需要) -**关闭代理(如有):** -``` -$ unset http_proxy https_proxy -``` -工作节点安装配置完环境后可以通过以下命令加入集群。 - -``` -$ kubeadm join : --token --discovery-token-ca-cert-hash sha256: -``` -这个命令会在控制平面库kubeadm init结束后生成,也可以在控制平面按照以下命令获取: - -``` -$ kubeadm token create #生成token -$ openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | \ - openssl dgst -sha256 -hex | sed 's/^.* //' #获取hash -``` - -加入后可以在控制平面通过以下命令查看工作节点的状态: - -``` -$ kubectl get nodes -``` -如果节点状态显示为not ready,可能是因为Flannel插件未成功部署。在这种情况下,请运行本地生成的Flannel可执行文件来完成部署。 -
-**在工作节点运行kubectl命令(可选):** - -如果需要在工作节点上运行kubectl命令,需要将控制面板的配置文件/etc/kubernetes/admin.conf复制到同样的目录,然后运行以下命令进行配置: - -``` -$ export KUBECONFIG=/etc/kubernetes/admin.conf -``` \ No newline at end of file diff --git "a/docs/zh/docs/Kubernetes/eggo\345\267\245\345\205\267\344\273\213\347\273\215.md" "b/docs/zh/docs/Kubernetes/eggo\345\267\245\345\205\267\344\273\213\347\273\215.md" deleted file mode 100644 index ff393c549..000000000 --- "a/docs/zh/docs/Kubernetes/eggo\345\267\245\345\205\267\344\273\213\347\273\215.md" +++ /dev/null @@ -1,433 +0,0 @@ -# 工具介绍 - -本章介绍自动化部署工具的相关内容,建议用户在部署前阅读。 - -## 部署方式 - -openEuler 提供的 Kubernetes 集群自动化部署工具使用命令行方式进行集群的一键部署。它提供了如下几种部署方式: - -- 离线部署:本地准备好所有需要用到的 RPM 软件包、二进制文件、插件、容器镜像,并将它们按照一定的格式打包成一个 tar.gz 文件,然后完成对应 YAML 配置文件的编写,即可执行命令实现一键部署。当虚拟机无法访问外部网络时,可以采用该部署方式。 -- 在线部署:只需要完成对应 YAML 配置文件的编写,所需的RPM 软件包、二进制文件、插件、容器镜像,都在安装部署阶段连接互联网自动下载。该方式需要虚拟机能够访问软件源、集群依赖的镜像仓库,例如 Docker Hub 。 - -## 配置介绍 - -使用工具自动化部署 Kubernetes 集群时,使用 YAML 配置文件描述集群部署的信息,此处介绍各配置项含义以及配置示例。 - -### 配置项介绍 - -- cluster-id:集群名称,请遵循 DNS 域名的命名规范。例如 k8s-cluster - -- username:需要部署 k8s 集群的机器的 ssh 登录用户名,所有机器都需要使用同一个用户名。 - -- private-key-path:ssh 免密登录的密钥存储文件的路径。private-key-path 和 password 只需要配置其中一项,如果两者都进行了配置,优先使用 private-key-path - -- masters:master 节点列表,建议每个 master 节点同时作为 worker 节点。每个 master 节点包含如下配置子项,多个 master 节点配置多组子项内容: - - name:master 节点名称,为 k8s 集群看到的该节点名称 - - ip:master 节点的 IP 地址 - - port:ssh 登录该节点的端口,默认为 22 - - arch:master 节点的 CPU 架构,例如 x86_64 取值为 amd64 - -- workers:worker 节点列表。每个 worker 节点包含如下配置子项,多个 worker 节点配置多个子项内容: - - name:worker 节点名称,为 k8s 集群看到的该节点名称 - - ip:worker 节点的 IP 地址 - - port:ssh 登录该节点的端口,默认为 22 - - arch:worker 节点的 CPU 架构,例如 x86_64 取值为 amd64 - -- etcds:etcd 节点的列表。如果该项为空,则会为每个 master 节点部署一个 etcd,否则只会部署配置的 etcd 节点。每个 etcd 节点包含如下配置子项,多个 etcd 节点配置多组子项内容: - - name:etcd 节点的名称,为 k8s 集群看到的该节点的名称 - - ip:etcd 节点的 IP 地址 - - port:ssh 登录的端口 - - arch:etcd 节点的 CPU 架构,例如 x86_64 取值为 amd64 - -- loadbalance:loadbalance 节点列表。每个 loadbalance 节点包含如下配置子项,多个 loadbalance 节点配置多组子项内容: - - name:loadbalance 节点的名称,为 k8s 集群看到的该节点的名称 - - ip:loadbalance 节点的 IP 地址 - - port:ssh 登录的端口 - - arch:loadbalance 节点的 CPU 架构,例如 x86_64 取值为 amd64 - - bind-port:负载均衡服务的侦听端口 - -- external-ca:是否使用外部 CA 证书,使用则配置为 true,反之,配置为 false - -- external-ca-path:外部 CA 证书文件的路径 。仅 external-ca 为 true 时有效 - -- service:k8s 创建的 service 信息。service 配置包含如下配置子项: - - cidr:k8s 创建的 service 的 IP 地址网段 - - dnsaddr:k8s 创建的 service 的 DNS 地址 - - gateway:k8s创建的 service 的网关地址 - - dns:k8s 创建的 coredns 的配置。dns 配置包含如下配置子项: - - corednstype:k8s 创建的 coredns 的部署类型,支持 pod 和 binary - - imageversion:pod 部署类型的 coredns 镜像版本 - - replicas:pod 部署类型的 coredns 副本数量 - -- network:k8s 集群网络配置。network 配置包含如下配置子项: - - podcidr:k8s 集群网络的 IP 地址网段 - - plugin:k8s 集群部署的网络插件 - - plugin-args:k8s 集群网络的网络插件的配置文件路径。例如 : {"NetworkYamlPath": "/etc/kubernetes/addons/calico.yaml"} - -- apiserver-endpoint:进群外部可访问的 APISERVER 服务的地址或域名,如果配置了 loadbalances 则填loadbalance 地址,否则填写第 1 个 master 节点地址。 - -- apiserver-cert-sans:apiserver 相关证书中需要额外配置的 IP 和域名。它包含如下子配置项 - - dnsnames:apiserver 相关证书中需要额外配置的域名数组列表。 - - ips:apiserver 相关证书中需要额外配置的 IP 地址数组列表。 - -- apiserver-timeout:apiserver 响应超时时间 - -- etcd-token:etcd 集群名称 - -- dns-vip:dns 的虚拟 IP 地址 - -- dns-domain:DNS 域名后缀 - -- pause-image:pause 容器的完整镜像名称 - -- network-plugin:网络插件类型。仅支持配置 cni ,配置为空时使用 k8s 默认网络。 - -- cni-bin-dir:网络插件地址,多个地址使用 "," 分隔,例如:/usr/libexec/cni,/opt/cni/bin - -- runtime:指定容器运行时类型,目前支持 docker 和 iSulad - -- runtime-endpoint:容器运行时 endpoint,当 runtime 为 docker 时,可以不指定 - -- registry-mirrors:下载容器镜像时,使用的镜像仓库的 mirror 站点地址 - -- insecure-registries:下载容器镜像时,使用 http 协议下载镜像的镜像仓库地址 - -- config-extra-args:各个组件(例如 kube-apiserver、etcd)服务启动配置的额外参数。它包含如下子配置项: - - name:组件名称,支持 etcd、kube-apiserver、kube-controller-manager、kube-scheduler、kube-proxy、kubelet - - - extra-args:组件的拓展参数,格式为 key: value 格式,注意 key 对应的组件参数前需要加上 "-" 或者 "--" 。 - - - open-ports:配置需要额外打开的端口,k8s 自身所需端口不需要进行配置,k8s 以外的插件端口需要进行额外配置。 - - worker | master | etcd | loadbalance:指定打开端口的节点类型,每项配置包含一个多或者多个 port 和 protocol 子配置项。 - - port:端口地址 - - protocol:端口类型,可选值为 tcp 或者 udp - - - install:配置各种类型节点上需要安装的安装包或者二进制文件的详细信息,注意将对应文件放到在 tar.gz 安装包中。以下为全量配置说明,具体配置请根据实际情况选择。 - - package-source:配置安装包的详细信息 - - type:安装包的压缩类型,目前只支持 tar.gz 类型的安装包 - - dstpath:安装包在对端机器上的路径,必须是可用的绝对路径 - - srcpath:不同架构安装包的存放路径,架构必须与机器架构相对应,必须是可用的绝对路径 - - arm64:arm64 架构安装包的路径,配置的机器中存在 arm64 机器场景下需要配置 - - amd64:amd64 类型安装包的路径,配置的机器中存在 x86_64 机器场景下需要配置 - - > ![](./public_sys-resources/icon-note.gif)**说明**: - > - > - install 配置中 etcd、kubernetes-master、kubernetes-worker、network、loadbalance、container、image、dns 中的子配置项相同,都是 name、type、dst,schedule、TimeOut 。其中 dst,schedule、TimeOut 为可选项,用户根据安装的文件决定是否配置。下述仅以 etcd 和 kubernetes-master 节点的配置为例说明。 - - - etcd:etcd 类型节点需要安装的包或二进制文件列表 - - name:需要安装的软件包或二进制文件的名称,如果是安装包则只写名称,不填写具体的版本号,安装时会使用 `$name*` 识别,例如 etcd 。如果为多个软件包,各名称使用 ,分隔 。 - - type:配置项类型,可选值为 pkg、repo、bin、file、dir、image、yaml、shell 。如果配置为 repo ,请在对应节点上配置 repo 源 - - dst:目的文件夹路径,type 为 bin、file、dir 类型时需要配置。表示将文件/文件夹放到节点的哪个目录下,为了防止用户误配置路径,导致 cleanup 时删除重要文件,此配置必须配置为白名单中的路径。详见 “白名单说明” - - kubernetes-master:k8s master 类型节点需要安装的包或二进制文件列表 - - kubernetes-worker:k8s worker 类型节点需要安装的包或二进制文件列表 - - network:网络需要安装的包或二进制文件列表 - - loadbalance:loadbalance 类型节点需要安装的包或二进制文件列表 - - container:容器需要安装的包或二进制文件列表 - - image:容器镜像 tar 包 - - dns:k8s coredns 安装包。如果 corednstype 配置为 pod,此处无需配置 - - addition:额外的安装包或二进制文件列表 - - master:以下配置会安装在所有 master 节点 - - name:需要安装的软件包或二进制文件的名称 - - type:配置项类型,可选值为 pkg、repo、bin、file、dir、image、yaml、shell 。如果配置为 repo ,请在对应节点上配置 repo 源 - - schedule:仅在 type 为 shell 时有效,代表用户想要执行脚本的时机,支持 prejoin(节点加入前)、postjoin(节点加入后)、precleanup(节点退出前)、postcleanup(节点退出后)。 - - TimeOut:脚本执行超时时间,超时时该进程被强制终止运行。未配置默认为 30s - - worker:配置会安装在所有 worker 节点,具体配置格式和 addition 下的 master 相同 - -### 白名单介绍 - -install 配置中 dst 项的值必须符合白名单规则,配置为白名单对应路径及其子目录。当前白名单如下: - -- /usr/bin -- /usr/local/bin -- /opt/cni/bin -- /usr/libexec/cni -- /etc/kubernetes -- /usr/lib/systemd/system -- /etc/systemd/system -- /tmp - -### 配置示例 - -此处给出一个 YAML 文件配置示例。从示例可知,同一台机器,可以部署多个类型的节点,但是不同节点的配置必须一致,例如 test0 机器部署了 master 和 worker 类型。 - -```yaml -cluster-id: k8s-cluster -username: root -private-key-path: /root/.ssh/private.key -masters: -- name: test0 - ip: 192.168.0.1 - port: 22 - arch: arm64 -workers: -- name: test0 - ip: 192.168.0.1 - port: 22 - arch: arm64 -- name: test1 - ip: 192.168.0.3 - port: 22 - arch: arm64 -etcds: -- name: etcd-0 - ip: 192.168.0.4 - port: 22 - arch: amd64 -loadbalance: - name: k8s-loadbalance - ip: 192.168.0.5 - port: 22 - arch: amd64 - bind-port: 8443 -external-ca: false -external-ca-path: /opt/externalca -service: - cidr: 10.32.0.0/16 - dnsaddr: 10.32.0.10 - gateway: 10.32.0.1 - dns: - corednstype: pod - imageversion: 1.8.4 - replicas: 2 -network: - podcidr: 10.244.0.0/16 - plugin: calico - plugin-args: {"NetworkYamlPath": "/etc/kubernetes/addons/calico.yaml"} -apiserver-endpoint: 192.168.122.222:6443 -apiserver-cert-sans: - dnsnames: [] - ips: [] -apiserver-timeout: 120s -etcd-external: false -etcd-token: etcd-cluster -dns-vip: 10.32.0.10 -dns-domain: cluster.local -pause-image: k8s.gcr.io/pause:3.2 -network-plugin: cni -cni-bin-dir: /usr/libexec/cni,/opt/cni/bin -runtime: docker -runtime-endpoint: unix:///var/run/docker.sock -registry-mirrors: [] -insecure-registries: [] -config-extra-args: - - name: kubelet - extra-args: - "--cgroup-driver": systemd -open-ports: - worker: - - port: 111 - protocol: tcp - - port: 179 - protocol: tcp -install: - package-source: - type: tar.gz - dstpath: "" - srcpath: - arm64: /root/rpms/packages-arm64.tar.gz - amd64: /root/rpms/packages-x86.tar.gz - etcd: - - name: etcd - type: pkg - dst: "" - kubernetes-master: - - name: kubernetes-client,kubernetes-master - type: pkg - kubernetes-worker: - - name: docker-engine,kubernetes-client,kubernetes-node,kubernetes-kubelet - type: pkg - dst: "" - - name: conntrack-tools,socat - type: pkg - dst: "" - network: - - name: containernetworking-plugins - type: pkg - dst: "" - loadbalance: - - name: gd,gperftools-libs,libunwind,libwebp,libxslt - type: pkg - dst: "" - - name: nginx,nginx-all-modules,nginx-filesystem,nginx-mod-http-image-filter,nginx-mod-http-perl,nginx-mod-http-xslt-filter,nginx-mod-mail,nginx-mod-stream - type: pkg - dst: "" - container: - - name: emacs-filesystem,gflags,gpm-libs,re2,rsync,vim-filesystem,vim-common,vim-enhanced,zlib-devel - type: pkg - dst: "" - - name: libwebsockets,protobuf,protobuf-devel,grpc,libcgroup - type: pkg - dst: "" - - name: yajl,lxc,lxc-libs,lcr,clibcni,iSulad - type: pkg - dst: "" - image: - - name: pause.tar - type: image - dst: "" - dns: - - name: coredns - type: pkg - dst: "" - addition: - master: - - name: prejoin.sh - type: shell - schedule: "prejoin" - TimeOut: "30s" - - name: calico.yaml - type: yaml - dst: "" - worker: - - name: docker.service - type: file - dst: /usr/lib/systemd/system/ - - name: postjoin.sh - type: shell - schedule: "postjoin" -``` - -### 安装包结构 - -如果是离线部署,需要准备 Kubernetes 以及相关的离线安装包,并遵循特定目录结构存放离线安装包。需要遵循的目录结构如下: - -```shell -package -├── bin -├── dir -├── file -├── image -├── pkg -└── packages_notes.md -``` - -上述各目录的含义如下: - -- 离线部署包的目录结构与集群配置 config 中的 package 的类型对应,package 类型有 pkg、repo、bin、file、dir、image、yaml、shell 八种。 - -- bin 目录存放二进制文件,对应 package 类型 bin 。 - -- dir 目录存放需要拷贝到目标机器的目录,需要配置 dst 目的地路径,对应 package 类型 dir 。 - -- file 目录存放 file、yaml、shell 三种类型的文件。其中 file 类型代表需要拷贝到目标机器的文件,同时需要配置 dst 目的地路径;yaml 类型代表用户自定义的 YAML 文件,会在集群部署完成后 apply 该 YAML 文件;shell 类型代表用户想要执行的脚本,同时需要配置 schedule 执行时机,执行时机包括 prejoin(节点加入前)、postjoin(节点加入后)、precleanup(节点退出前)、postcleanup(节点退出后)四个阶段。 - -- image 目录存放需要导入的容器镜像。这些容器镜像必须兼容 docker 的 tar 包格式(例如由 docker 或 isula-build 导出镜像)。 - -- pkg 目录下存放需要安装的 rpm/deb 包,对应 package 类型 pkg 。建议使用二进制文件,便于跨发行版本的部署。 - -### 命令参考 - -openEuler 提供的集群部署工具,使用命令行 eggo 进行集群部署。 - -#### 部署 k8s 集群 - -通过指定的 YAML 配置部署 k8s 集群: - -**eggo deploy** [ **-d** ] **-f** *deploy.yaml* - -| 参数 | 是否必选 | 参数含义 | -| ------------- | -------- | --------------------------------- | -| --debug \| -d | 否 | 打印调试信息 | -| --file \| -f | 是 | 指定部署 k8s 集群的 YAML 文件路径 | - -#### 加入单节点 - -将指定的单节点加入到 k8s 集群中: - -**eggo** **join** [ **-d** ] **--id** *k8s-cluster* [ **--type** *master,worker* ] **--arch** *arm64* **--port** *22* [ **--name** *master1*] *IP* - -| 参数 | 是否必选 | 参数含义 | -| ------------- | -------- | ------------------------------------------------------------ | -| --debug \| -d | 否 | 打印调试信息 | -| --id | 是 | 指定将要加入 k8s 集群名称 | -| --type \| -t | 否 | 指定加入节点的类型,支持 master、worker 。多个类型使用 “,” 隔开,默认值为 worker 。 | -| --arch \| -a | 是 | 指定加入节点的 CPU 架构 | -| --port \| -p | 是 | 指定 ssh 登录所加入节点的端口号 | -| --name \| -n | 否 | 指定加入节点的名称 | -| *IP* | 是 | 加入节点的实际 IP 地址 | - -#### 加入多节点 - -将指定的多个节点加入到 k8s 集群: - -**eggo** **join** [ **-d** ] **--id** *k8s-cluster* **-f** *nodes.yaml* - -| 参数 | 是否必选 | 参数含义 | -| ------------- | -------- | -------------------------------- | -| --debug \| -d | 否 | 打印调试信息 | -| --id | 是 | 指定将要加入 k8s 集群名称 | -| --file \| -f | 是 | 指定加入节点的 YAML 配置文件路径 | - -#### 删除节点 - -删除 k8s 集群中的一个或者多个节点: - -**eggo delete** [ **-d** ] **--id** *k8s-cluster* *node* [*node...*] - -| 参数 | 是否必选 | 参数含义 | -| ------------- | -------- | -------------------------------------------- | -| --debug \| -d | 否 | 打印调试信息 | -| --id | 是 | 指定将要删除的节点所在的集群名称 | -| *node* | 是 | 要删除的单个或多个节点的 IP 地址或者节点名称 | - -#### 删除集群 - -删除整个 k8s 集群: - -**eggo cleanup** [ **-d** ] **--id** *k8s-cluster* [ **-f** *deploy.yaml* ] - -| 参数 | 是否必选 | 参数含义 | -| ------------- | -------- | ------------------------------------------------------------ | -| --debug \| -d | 否 | 打印调试信息 | -| --id | 是 | 指定将要清除的 k8s 集群名称 | -| --file \| -f | 否 | 指定清除 k8s 集群的 YAML 文件路径。不指定时,默认使用部署集群时缓存的集群配置。正常情况下,建议不配置该选项,仅异常情况下配置。 | - -> ![](./public_sys-resources/icon-note.gif)**说明** -> -> - 建议使用部署集群时缓存的集群配置删除集群,即正常情况下,不建议配置 --file | -f 参数。当异常导致缓存配置破坏或者丢失时,才配置该参数。 - - - -#### 查询集群 - -查询当前所有通过 eggo 部署的 k8s 集群: - -**eggo list** [ **-d** ] - -| 参数 | 是否必选 | 参数含义 | -| ------------- | -------- | ------------ | -| --debug \| -d | 否 | 打印调试信息 | - -#### 生成集群配置文件 - -快速生成部署 k8s 集群所需的 YAML 配置文件: - -**eggo template** **-d** **-f** *template.yaml* **-n** *k8s-cluster* **-u** *username* **-p** *password* **--etcd** [*192.168.0.1,192.168.0.2*] **--masters** [*192.168.0.1,192.168.0.2*] **--workers** *192.168.0.3* **--loadbalance** *192.168.0.4* - -| 参数 | 是否必选 | 参数含义 | -| ------------------- | -------- | ------------------------------- | -| --debug \| -d | 否 | 打印调试信息 | -| --file \| -f | 否 | 指定生成的 YAML 文件的路径 | -| --name \| -n | 否 | 指定 k8s 集群的名称 | -| --username \| -u | 否 | 指定 ssh 登录所配置节点的用户名 | -| --password \| -p | 否 | 指定 ssh 登录所配置节点的密码 | -| --etcd | 否 | 指定 etcd 节点的 IP 列表 | -| --masters | 否 | 指定 master 节点的 IP 列表 | -| --workers | 否 | 指定 worker 节点的 IP 列表 | -| --loadbalance \| -l | 否 | 指定 loadbalance 节点的 IP | - -#### 查询帮助信息 - -查询 eggo 命令的帮助信息: - - **eggo help** - -#### 查询子命令帮助信息 - -查询 eggo 子命令的帮助信息: - -**eggo deploy | join | delete | cleanup | list | template -h** - -| 参数 | 是否必选 | 参数含义 | -| ----------- | -------- | ------------ | -| --help\| -h | 是 | 打印帮助信息 | \ No newline at end of file diff --git "a/docs/zh/docs/Kubernetes/eggo\346\213\206\351\231\244\351\233\206\347\276\244.md" "b/docs/zh/docs/Kubernetes/eggo\346\213\206\351\231\244\351\233\206\347\276\244.md" deleted file mode 100644 index edc8e8aa2..000000000 --- "a/docs/zh/docs/Kubernetes/eggo\346\213\206\351\231\244\351\233\206\347\276\244.md" +++ /dev/null @@ -1,27 +0,0 @@ -# 拆除集群 - -当业务需求下降,不需要原有数量的节点时,可以通过删除集群中的节点,节省系统资源,从而降低成本。当业务不需要集群时,也可以直接删除整个集群。 - -## 删除节点 - -可以使用命令行删除集群中的节点。例如,删除 k8s-cluster 集群中 IP 地址为 *192.168.0.5* 和 *192.168.0.6* 所有节点类型,参考命令如下: - -```shell -$ eggo -d delete --id k8s-cluster 192.168.0.5 192.168.0.6 -``` - -## 删除整个集群 - -> ![](./public_sys-resources/icon-note.gif)**说明** -> -> - 删除集群会删除整个集群的数据,且无法恢复,请谨慎操作。 -> - 当前,拆除集群不会清理容器和容器镜像,但若部署 Kubernetes 集群时,配置了需要安装容器引擎,则会清除容器引擎,这可能导致容器运行异常。 -> - 拆除集群过程中可能会打印一些错误信息,一般是由于清理过程中操作集群时反馈了错误的结果导致,集群仍然能够正常拆除 -> - -可以使用命令行方式删除整个集群。例如,删除 k8s-cluster 集群的参考命令如下: - -```shell -$ eggo -d cleanup --id k8s-cluster -``` - diff --git "a/docs/zh/docs/Kubernetes/eggo\350\207\252\345\212\250\345\214\226\351\203\250\347\275\262.md" "b/docs/zh/docs/Kubernetes/eggo\350\207\252\345\212\250\345\214\226\351\203\250\347\275\262.md" deleted file mode 100644 index bccbb49b9..000000000 --- "a/docs/zh/docs/Kubernetes/eggo\350\207\252\345\212\250\345\214\226\351\203\250\347\275\262.md" +++ /dev/null @@ -1,20 +0,0 @@ -# 自动化部署 - -由于手动部署 Kubernetes 集群依赖人工部署各类组件,该方式耗时耗力。尤其是在大规模部署 Kubernetes 集群环境时,面临效率和出错的问题。为了解决该问题,openEuler 推出 Kubernetes 集群部署工具,该工具实现了大规模 Kubernetes 的自动化部署、部署流程追踪等功能,并且具备高度的灵活性。 - -这里介绍 Kubernetes 集群自动化部署工具的使用方法。 - -## 架构简介 - -![](./figures/arch.png) - -自动化集群部署整体架构如图所示,各模块含义如下: - -- GitOps:负责集群配置信息的管理,如更新、创建、删除等; -- InitCluster:元集群,作为中心集群管理其他业务集群。 -- eggops:自定义 CRD 和 controller 用于抽象 k8s 集群。 -- master:k8s 的 master 节点,承载集群的控制面。 -- worker:k8s 的负载节点,承载用户业务。 -- ClusterA、ClusterB、ClusterC:业务集群,承载用户业务。 - -如果您对openEuler提供的k8s集群部署工具感兴趣,欢迎访问源码仓:[https://gitee.com/openeuler/eggo](https://gitee.com/openeuler/eggo) diff --git "a/docs/zh/docs/Kubernetes/eggo\351\203\250\347\275\262\351\233\206\347\276\244.md" "b/docs/zh/docs/Kubernetes/eggo\351\203\250\347\275\262\351\233\206\347\276\244.md" deleted file mode 100644 index 4ee2bb86b..000000000 --- "a/docs/zh/docs/Kubernetes/eggo\351\203\250\347\275\262\351\233\206\347\276\244.md" +++ /dev/null @@ -1,258 +0,0 @@ -# 部署集群 - -本小节介绍如何部署 Kubernetes 集群。 - -## 环境准备 - -openEuler 提供的 Kubernetes 集群自动化部署工具: - -- 支持在多种常见 Linux 发行版(例如 openEuler、CentOS、Ubuntu)上部署 Kubernetes 集群。 -- 支持在不同 CPU 架构(例如 AMD64 和 ARM64)上混合部署。 - -### 前提条件 - -使用 Kubernetes 集群自动化部署工具,需要满足如下要求: - -- 部署集群需要使用 root 权限 -- 待部署 Kubernetes 的机器已经配置好机器名称 hostname ,并且已安装 tar 命令,确保能够使用 tar 命令解压 tar.gz 格式的压缩包。 -- 待部署 Kubernetes 的机器已经配置 ssh ,确保能够远程访问。如果是普通用户 ssh 登录,需要确保该用户有免密执行 sudo 的权限。 - -## 准备安装包 - -如果是离线安装,请根据集群的架构,准备对应架构的依赖包(ETCD 相关软件包、容器引擎相关软件包、Kubernetes 集群组件软件包、网络相关的软件包、coredns 软件包、依赖的容器镜像等)。 - -假设网络插件为 calico、集群中所有机器的架构为 ARM64,准备安装包的步骤如下: - -1. 下载依赖的软件包和 calico.yaml 。 - -2. 导出容器镜像。 - - ```shell - $ docker save -o images.tar calico/node:v3.19.1 calico/cni:v3.19.1 calico/kube-controllers:v3.19.1 calico/pod2daemon-flexvol:v3.19.1 k8s.gcr.io/pause:3.2 - ``` - -3. 按照规定的目录存放下载的安装包、文件和镜像(具体存放格式请参见 “准备环境”)。例如: - - ```shell - $ tree package - package - ├── bin - │ ├── bandwidth - │ ├── bridge - │ ├── conntrack - │ ├── containerd - │ ├── containerd-shim - │ ├── coredns - │ ├── ctr - │ ├── dhcp - │ ├── docker - │ ├── dockerd - │ ├── docker-init - │ ├── docker-proxy - │ ├── etcd - │ ├── etcdctl - │ ├── firewall - │ ├── flannel - │ ├── host-device - │ ├── host-local - │ ├── ipvlan - │ ├── kube-apiserver - │ ├── kube-controller-manager - │ ├── kubectl - │ ├── kubelet - │ ├── kube-proxy - │ ├── kube-scheduler - │ ├── loopback - │ ├── macvlan - │ ├── portmap - │ ├── ptp - │ ├── runc - │ ├── sbr - │ ├── socat - │ ├── static - │ ├── tuning - │ ├── vlan - │ └── vrf - ├── file - │ ├── calico.yaml - │ └── docker.service - ├── image - │ └── images.tar - └── packages_notes.md - ``` - -4. 编写 packages_notes.md,声明软件包来源,便于用户查看。 - - ```shell - 1. ETCD - - etcd,etcdctl - - 架构:arm64 - - 版本:3.5.0 - - 地址:https://github.com/etcd-io/etcd/releases/download/v3.5.0/etcd-v3.5.0-linux-arm64.tar.gz - - 2. Docker Engine - - containerd,containerd-shim,ctr,docker,dockerd,docker-init,docker-proxy,runc - - 架构:arm64 - - 版本:19.03.0 - - 地址:https://download.docker.com/linux/static/stable/aarch64/docker-19.03.0.tgz - - 3. Kubernetes - - kube-apiserver,kube-controller-manager,kube-scheduler,kubectl,kubelet,kube-proxy - - 架构:arm64 - - 版本:1.21.3 - - 地址:https://www.downloadkubernetes.com/ - - 4. network - - bandwidth,dhcp,flannel,host-local,loopback,portmap,sbr,tuning,vrf,bridge,firewall,host-device,ipvlan,macvlan,ptp,static,vlan - - 架构:arm64 - - 版本:0.9.1 - - 地址:https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - 5. coredns - - coredns - - 架构:arm64 - - 版本:1.8.4 - - 地址:https://github.com/coredns/coredns/releases/download/v1.8.4/coredns_1.8.4_linux_arm64.tgz - - 6. images.tar - - calico/node:v3.19.1 calico/cni:v3.19.1 calico/kube-controllers:v3.19.1 calico/pod2daemon-flexvol:v3.19.1 k8s.gcr.io/pause:3.2 - - 架构:arm64 - - 版本:NA - - 地址:NA - 7. calico.yaml - - 架构:NA - - 版本:v3.19.1 - - 地址:https://docs.projectcalico.org/manifests/calico.yaml - ``` - -5. 进入 package 目录,将下载的软件包打包成 packages-arm64.tar.gz - - ```shell - $ tar -zcf package-arm64.tar.gz * - ``` - -6. 查看压缩包,确认打包成功。 - - ```shell - $ tar -tvf package/packages-arm64.tar.gz - drwxr-xr-x root/root 0 2021-07-29 10:37 bin/ - -rwxr-xr-x root/root 3636214 2021-02-05 23:43 bin/sbr - -rwxr-xr-x root/root 40108032 2021-07-28 16:40 bin/kube-proxy - -rwxr-xr-x root/root 4186218 2021-02-05 23:43 bin/vlan - -rwxr-xr-x root/root 3076118 2021-02-05 23:43 bin/static - -rwxr-xr-x root/root 3496425 2021-02-05 23:43 bin/host-local - -rwxr-xr-x root/root 3847814 2021-02-05 23:43 bin/portmap - -rwxr-xr-x root/root 9681959 2021-02-05 23:43 bin/dhcp - -rwxr-xr-x root/root 4054640 2021-02-05 23:43 bin/host-device - -rwxr-xr-x root/root 43909120 2021-07-28 16:41 bin/kube-scheduler - -rwxr-xr-x root/root 32831616 2019-07-18 02:27 bin/containerd - -rwxr-xr-x root/root 3284795 2021-02-05 23:43 bin/flannel - -rwxr-xr-x root/root 21757952 2021-06-16 05:52 bin/etcd - -rwxr-xr-x root/root 546520 2019-07-18 02:27 bin/docker-init - -rwxr-xr-x root/root 5878304 2019-07-18 02:27 bin/containerd-shim - -rwxr-xr-x root/root 4191734 2021-02-05 23:43 bin/macvlan - -rwxr-xr-x root/root 55248437 2019-07-18 02:27 bin/docker - -rwxr-xr-x root/root 376208 2019-10-27 01:42 bin/socat - -rwxr-xr-x root/root 4053707 2021-02-05 23:43 bin/bandwidth - -rwxr-xr-x root/root 4328311 2021-02-05 23:43 bin/ptp - -rwxr-xr-x root/root 3633613 2021-02-05 23:43 bin/vrf - -rwxr-xr-x root/root 3432839 2021-02-05 23:43 bin/loopback - -rwxr-xr-x root/root 109617672 2021-07-28 16:42 bin/kubelet - -rwxr-xr-x root/root 113442816 2021-07-28 16:42 bin/kube-apiserver - -rwxr-xr-x root/root 44171264 2021-05-28 18:33 bin/coredns - -rwxr-xr-x root/root 43122688 2021-07-28 16:41 bin/kubectl - -rwxr-xr-x root/root 16711680 2021-06-16 05:52 bin/etcdctl - -rwxr-xr-x root/root 3570597 2021-02-05 23:43 bin/tuning - -rwxr-xr-x root/root 4397098 2021-02-05 23:43 bin/bridge - -rwxr-xr-x root/root 4612178 2021-02-05 23:43 bin/firewall - -rwxr-xr-x root/root 68921120 2019-07-18 02:27 bin/dockerd - -rwxr-xr-x root/root 2898746 2019-07-18 02:27 bin/docker-proxy - -rwxr-xr-x root/root 4186585 2021-02-05 23:43 bin/ipvlan - -rwxr-xr-x root/root 18446016 2019-07-18 02:27 bin/ctr - -rwxr-xr-x root/root 80752 2019-01-27 19:40 bin/conntrack - -rwxr-xr-x root/root 8037728 2019-07-18 02:27 bin/runc - drwxr-xr-x root/root 0 2021-07-29 10:39 file/ - -rw-r--r-- root/root 20713 2021-07-29 10:39 file/calico.yaml - -rw-r--r-- root/root 1004 2021-07-29 10:39 file/docker.service - drwxr-xr-x root/root 0 2021-07-29 11:02 image/ - -rw-r--r-- root/root 264783872 2021-07-29 11:02 image/images.tar - -rw-r--r-- root/root 1298 2021-07-29 11:05 packages_notes.md - ``` - - - -## 准备配置文件 - -准备部署时使用的 YAML 配置文件。可以使用如下命令生成一个模板配置,然后根据部署需求修改生成的 template.yaml 。 - -```shell -$ eggo template -f template.yaml -``` - -或者直接使用命令行方式修改默认配置,参考命令如下: - -```shell -$ eggo template -f template.yaml -n k8s-cluster -u username -p password --masters 192.168.0.1 --masters 192.168.0.2 --workers 192.168.0.3 --etcds 192.168.0.4 --loadbalance 192.168.0.5 -``` - -## 安装 Kubernetes 集群 - -安装 Kubernetes 集群。此处假设指定配置文件 template.yaml 。 - -```shell -$ eggo -d deploy -f template.yaml -``` - -安装完成后,根据回显信息,确认集群各节点是否安装成功。 - -```shell -\------------------------------- -message: create cluster success -summary: -192.168.0.1 success -192.168.0.2 success -192.168.0.3 success -\------------------------------- -To start using cluster: cluster-example, you need following as a regular user: - -​ export KUBECONFIG=/etc/eggo/cluster-example/admin.conf -``` - -## 加入节点 - -当集群中节点不满足业务需求,需要扩容时,可以在集群中新增节点。 - -- 添加单个节点:通过命令行添加。示例参考如下: - - ```shell - $ eggo -d join --id k8s-cluster --type master,worker --arch arm64 --port 22 192.168.0.5 - ``` - -- 添加多个节点:通过配置文件方式添加。 - - ```shell - $ eggo -d join --id k8s-cluster --file join.yaml - ``` - - join.yaml 中配置新增的节点信息,示例如下: - - ```yaml - masters: # 配置master节点列表,建议每个master节点同时作为worker节点,否则master节点可能无法直接访问pod - - name: test0 # 该节点的名称,为 k8s 集群查询显示的该节点名称 - ip: 192.168.0.2 # 该节点的 IP 地址 - port: 22 # ssh 登录的端口号 - arch: arm64 # 机器架构,x86_64 配置为 amd64 - - name: test1 - ip: 192.168.0.3 - port: 22 - arch: arm64 - workers: # 配置 worker 节点列表 - - name: test0 # 该节点的名称,为 k8s 集群查询显示的该节点名称 - ip: 192.168.0.4 # 该节点的 IP 地址 - port: 22 # ssh 登录的端口号 - arch: arm64 # 机器架构,x86_64 配置为 amd64 - - name: test2 - ip: 192.168.0.5 - port: 22 - arch: arm64 - ``` \ No newline at end of file diff --git a/docs/zh/docs/Kubernetes/figures/advertiseAddress.png b/docs/zh/docs/Kubernetes/figures/advertiseAddress.png deleted file mode 100644 index b36e5c4664f2d2e5faaa23128fd4711c11e30179..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 4940 zcmXX~c{tSH_g5-qjiTgj%hI5vvJ555Fqk2O2`Nl=Z-xxn8nR0oOJPJ9WtkZoWQ(zU zN|I$t7-bogq!`;rW#4}D`98nY`$va)x$AE`@*N%?ULKSs+7#dpgLHIFIvfD@_VzTms!R0(pr{N0=)NTY;F|pb zkT%aC%+Jpw`>MhJ?A3Y(TpS3%39!C?G|?Z4hied*^lFv}Z~)o2#F(cMxO1L?`;Xio z!G+Se-n4ld2<0i{J$&^Z1_RO(;e50x zR`;YHAc-~u^mIkBX5tB$Ju5o*QZT%~2ELj=V`#X*mGRYZkN^NGrvZQf0&)Prx{Aw% zvp9f)3;?_XPR{^}c7TivAR`L^j)06FaY@6any$%BZ#n>IjspsNR(r6Tevm*@HURzs zPEP^~&A{o;fWlco8dkFeKr{&i1|5UZbAcndssS8;!x2XIGy({MG;Z8(fXr1uIvS7* z24u4Vc?NJ=3y@~n+t&l~$_DTPKpt7s4~N59Mi4zfT92DO27^GL{Qwl^0Ywu)ng+sI zNKG6PvuBUgAg06caBDz11(2fx@;-npjWJ&Z$V0f#PoM<=vP0b4A~g{Z2!jAJ81r8M z1#>|9J#hLtAb%|1UpPTGk(&UJkO|23019-Yvmgl1wa4HfKrRG8Xd-iw&InB?9fO3! z0Rn9vM(ihma1fB)!`MdvvdEfhoF;^YG-4TP;vkS*d;44?B#prUX#^Sp4#TH+0SW{L zgKm$35&d(KMta2b`L2`&BfT-Xb3<+acv?p<#QWfkkT^}GhI=tnNi$ayU}5YLM#x-E zB!fYt(HN6hr*SNTF*he~n#$F=g$r_vfI*!S|p~FY#3nK7YoswN= zDv_Z&`H6sXtkUD7#t(7~-PHCK%N?kMe>R!PoFI%MEY*lLGP2_TQu%VWAXwj2Qo~`N zZ_dBiRL05kCvUCe~P~EUQ&k#O{Y5EZqs#8vRpW%bziC7u1V`|`x$>JM=j-&i1$LvmaWuwux)1LB1XTBWG2af~V@PM^?5__-Ke+ua<#FxSbq>8mjCw^I^=Fad z$>^OgbUO3iP$2R0P)Q*tAu???s#dtZvT4lI^4#SO|ABu3-AvkI>_jaOX?@P^$*U&e z=JA$MY!jG5FRFV6+R6^;i#9MkLm}P~nc4tkrc;kDtWoME&gM<(Z6zjUEv|=L*wX(6 zlhxFCC9HMED<@qL?S6<_b2}FFFEO_A71B9qAv9+3Qr}&H2mD<)Y}<|J&T z^nVJ(doqr97EsH7YdJSmp4{;7SLL&nZcwnR6q&9rtX#_YK5_TW7<)G7ryBb_tE%~^ zb?hsqYsA@lT_Ny~Y0Hb8X+vu5k%Ne+4ZY#`q0+UeuDZeT0sQpVK2`Go93jUg>f?j3 z#tD=~_sVj^C(#PP{I2j3VNNd&WnI?Xy0T3Xn9ycE<&uk_Y;d)Twarf2+Wfc~H+9rV zwYh61pBytHl5^ZIul|5j+>lCV>xcrwA^Hu>v|Fgl@M5HTmtlH$;t4gBjUKPX!uO1r z{nIFFa2f?A+jCq0hJmL_z?&0oP%Yv{G$+~y$9sgZq24Y!`FPy_pen+f#HfkPw%5(# zcwEkPi}DwlyPfyyc;mOYKjl9!va8l83S&9Hplm}eFVd+?C_=$ev?(qK0m401!pYYx z77i4*tux>^!Lxg)0(h~L!Ou{SNV4{Q&RjDQ_G}_-(L}9vrQDevK8!jkiSqoK=y{~{ zwa}V@naj2UJ$`+04T{cG-`fcOF`Rx2tMP+Rb=$=u)fP5udC0umN89S*AUelSiR^o64g{LfSi~C{CJE&yn9K+Ov;V8}@TP7F^zHUfkm^yYi$h0Qw`svfh+J zaaX;hTgI_{rd+_{W1V+D?5=_=HyAV5U&*|6{{ySbLF6RaZB?MH98QT1Q7-NosZ#Is z9T@q2qIuoKA|6q=G#9t^<<=-?V4#&R{Xi-}{Ztu-RjJLkmUg~P+I*jcctaa&ot5Wh zo}o3rLXV2ixw6LnNSoc)6Ipdw9}=|KOKo)FU5|J7_4E-+4$S~0Mc!-<>g+h4-10st zWIChj^0y&UBodp3kQo@evqY@>E-5g(YSnqUjEZtDY4AWT*kC)_jtnbzhcIKm=k6eU zt<;qbLr$5L-msN2p>(sCMqjWhA zw>lpk0qQIF(kQy#y4csorrxeI(k&Lnk#|TZn_bfhr{z@%^0OW_>US!U!S;1|hpq=W z`X+N;iFz(Bh%dhIyS*!Q_7qvzI+3iIl)%Sl{aI1x+^AJDh;^Kuq(}^L57k}QNNjTd zW?{6F64kk%iM8~!@db{UR4tQrJh^X2FaE0>|1hWnaWCW@N2h?xX&$No!1JTMe2rHh^#(oZfwBBCx!#et=r#-24O~^|ZIzy=lm<-dY zfHLnj{M|eS!tKM`huBWd$>oGEN4#13J|xvp#>KC*jU<1}iS62{uIl~x+F0=ExNUj0 z_iQi{qA*hr0MAcuWw#i|qJ|davMcn1S~zTT*k9`Oy8#s+h&m zovPihRqPSEA60SYk#yP8AI{ykH_~07j%@V^g7%{f3G{8DFUg(z@fXQAP@a*>^z!bW z@@MUQ62h`2QK&kVg(V4>?SxOEIT7b(=fFQ?Y6YDQ;b ztzXAkfAWQNO=;?gc*?Rh3ubWme);u<=}~VxJC~xJr(wQlS0y$hncHJO@lLmNT!ho4 zf4#x4dU)EO$EnfT&8@w(#5oOImtekT>|cVg~(n8$>A zBSE@mcgLh5_1A48wcIx-54C(F@M4}2GxtltuK=okdy?@2UPw`E>j`*;6xzpcqP!eX z0bVt`NHN7vDGizL2zvMIRWB|kRXzFeMY;C--xm{}+41hgKM%Gorc=8;iGv|Hj7yXN zWw(pHBq}x+*r~%imbj)gH~4#dWH$V&OHsSsTIh7di>D20kwiQ7GnulFvKPKbK!yt2 zA6X6BmEycCeB34r(Ps$KZt~6AU;WTrnCzbKc_O+bhOYlDa)!YX+YZcT8tHyzP zO)^kTq)YvmXqsSWgzE3)RetXsmgCmb&d%gbM;WP%u89TXw1J(nFY1Dl>8&MgX}>6i zf4-QoA|IRMq*b>-m+MpE%C{`=0WJ9uDRbp`e#*h@zkkP)jyRZ27o|De+YB0gNkP5D zul;#|e-=sI*xHpN(>%r08d6WVM&kQI+t8!+Mpks^77Tl7X0Lcy{a%y1Z7^$t6ucl642-*wbF@*jIV;=ST}bwxBKkvD>J(Ju$DF(Dr@d))qm{|1SI#~b z!{yW6o?$ot{`g8HJLjDLNttcDc{luGMO0V}?5?EUYbI z-w6#obNG8R>)K{OwUOuf`a2|i^`mVMiO*Y?R&u13ZHrDUd`OMm2(K*S`y*Y8&P*4Z zJK7+ygdG00B5`xUjMI5m%Yv@yEn2iwHb&dj?V^8*-Z)S}8jfxSv~Fxz{t=0Nw+RM% zEnV7@SZ2kwmA~+My_$o^s$WXEyFLshAf7y2h$;Ga>9-O2MeM^QvAI?K-NZbb5GQZP zZ5~;>s%^p1s;hw7rx2`B?N~nPLw1V9JWQO<4O!ALwQD z()RK4m=*udQd8PV(~-S~{NSKq+0xQYStOE;bM``>t&tEwn`u5f#Jps1xAI)iMNF12 z5P+IxM=YERJ)*`-_NYBwvni~Kz`i`+xC3#qQQ^k5E901wR2$tsmjI6Civ98YoA20y z5qT%KJ>nio%8F6F(s1P{cGETWwQq7hKBED8x@>}!koY(!izd;8bQ6Z9tb7$Vh*Vv) z_fCozc%3c^8D z$D+@(xlU>|NSAYy>>hXgdclkV>-i+rV{wca#zWBmvtkJhq1G@rFCmvotQKdmxp5AvD&1-WlPx<o3`tc;GDhbMM{Dr zsgIG;qgm??I!2d`sj?DOFs!qx$9TOF8--H`cgRTgp5%rkK!;k z{%W!lx}hAUGz=IMa`^b4abR?QJ2x%Vv5{}uj+d@rNSlYKS&j~^Zlp~FxaO&w;@w%6jen}PFPF_)mGW>z8O*bin2hF;x zrgK!o-Noj5jQ;0hoNa>*P3e31{q0QU=3Zmidk8L(Czv(dQ zNLQe|ifY!67BnNg;)?%yvopsi5~ZO1P2Cq(Yg$taAJ0QBJM94kA>+q6Pht5?*9PQi-@NH diff --git a/docs/zh/docs/Kubernetes/figures/arch.png b/docs/zh/docs/Kubernetes/figures/arch.png deleted file mode 100644 index 93c5b4cb56b6d165dc5a5cf7aa76a007c362ef55..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 45519 zcmdqJcT`hb^e$=v5v7QTf=EXq0wP5Sgd&1;f)r7tN$(Kp9R;PR6sZCMq#03q?}#A1 zgM?6n^xi@GTTwZ`oOAE{@4a!ydl>@@d+)X9T63;hzWJ>LK7h-Rp1XSP#EBE6a6|axSx}9s;n#EqLG}Ggu09FLVRFikNOc}^oUsSE{5X%T>^;aJz7OvBY%|Mf*6X zZsXW-rQIU}@aEs24?Y)wynp|l{D11-6QpobQd$ZMio#RBMY+Umix{Y?L@o4pou;7Z z8t=;#G&uxoi~G#5QzP3GbfR|Ano?3yE!kC1ln}q4dJe?DK*5tk0Qr62*;6&d6cncw z{$6DKUoKLPk<(hH8aLSRnv6><+DVbH)e!%F(&sMXp0DT)EsHWurlxr-p(R=^Cxo!b zpfjyG@#FXW#PHvDT_EtGygIwOQ@Yx)>{GitUsfooewYh0dSP2x+SeGh?0~-iHW5!2 z(jM3sIauvXc_c4eA*U=NuQt*v112z=teQI+uo{m2qY?>5Xp+hRU)Ynrj0gt)7KOqG z2s;y%w$XR_t(kmT_qK_7nlJuQ7~@$22*0emw91lD?CV)^|8UBz{ei94|)nAHvmYUy-onX*YbdOSVs^EZ53XPSBvrSei z2mSJ-_;MX@Jq$TLs?xqqotNF|(_FKjth>Fv6Td(IjH`uaS^SFnoShG)w5$*1?}Z_F zfqhy3_{J%7Q=-y)O7Cmr%7c-TTMMh#?)i5`;Z2h#mIk>-$htSUmB$xbQGI%hIE5Ym zjjdOL>{qLz^R)(YISz)bY9w-Gx$uG!n0-_ z(Ty_IGtn#pg?P$q>$Y#yeD_}M9-^CGc)FBpSdkTWll@>j?JFbM|^#;r$OP8e+J(wn2*0h))gqmY&22_}Jecmn3$ zbn^}OB1v||({bHrS;RLNdAtqqg}H`!9Dk8BUK2pxqW(3`Mda-Syg{U-NI3DdB31YG z|ECu-V#{^KSZp)vRXw*O`34qg2=Q!;Swo2mSyZ(WZ{B!;IQdmkupDRrOa5I1%H8e`o_A4)K&kJ{|`2@W0SeY2xT((!3vGM^;bndPXMR)g{>yt;s1S6 z_=i|j1(Rd=Z)v*v|l4C$--0ii>>n*?4V%dqk#Q!wO(7>msNthSte6jYl~
  • z5x4oa7qx1JrqIQBjG|w5X+)s(oxHhJFXUj4rG@G?w;R_}rn!O=*h1 zaRC@o=k4=^s107&84P6Crq3#%R|k<@Yno&aHI6dw7r}JoB8gqvObm zx;#Rji0+^)e=0;ct?jOSB2n|}Cj*nEQ##&kR*`vG_x`nN>qHRuqIag!;goOBNufM| zgUhmX3OAe*QIUHM{|*L)i9}vQ`u%8{?X524L-PAqO=^$oCJ4Q7zFt7y)RI-*Dc5rT z{qAsk*^;doo}HS#-|^{DwVYBJ)0BT@%HtYE^;)TjDgf@iznYGOZNKP6S2Mw!v%(+g zy23AWCs4_mwo)&X-nhTenUtyMz7i=-fKte_csz!U5PPX)ddN6gc#jXstN&%l_M<)i zMy%zuBSU$7ejc&x0f!^<(04G-w1fr8Jw`if`3wFG!Of_|D&tqFg_c+3trv}GU`{WG zT&EZ9*4yGI2Q0NrnB_bwkBaW+8DokEa(<$L`39)nfEt@fx@IL(BCiV3%28(7p%XQ? zTXz>qTE`qG32xwR`l~iyu@TDX1yu61+s&Ul>wA-h=!9q)`cl1tBI`&^)A5R_Sj*Ih zUo6u+_loRlN$JwGirc&MO$BEMi%}%hh`1p~G##(Q%yYIv@1wzj?ZQxUQn#cH8u(J9 zIuZFz# zGI_l`f*f52V(*+cYKgjHgwEQuo9VnPl}Ign zr!{ZwpUmv55BBAhIU!_w%=U0yI6hJ#&M&oIG0JUE_*Js%JM6}CHOhFf=ze#xp+H8- zL;uR4tBxTVPwwc!6Gt+2WUg^uLhdIu73GeqqO|C5K+}1a>~B6q_=P*hB{*9C-G3(@ zgY6>{cLREdf8pJ9LL9rOn}g%40F&;rO~*bG)O7`umKxtUQFLH_88(8OA0y!8r{;B@ z2sMO}i;Nwc*qsvTm^?P>6PH1X)^U>vrBmLgIsK&U=W7nt`NsNS8*B9mm)6~_Qlum6 zU1!A2%du8*ZhmT2*a@#|zO(1yS)rFW-_BNAH)kyfugm_8-?$L6o^cPM%A?=-_Q@|Gph*HyR6p0g#CJUyk30=KRQAmXck$n7g?lSo`|j@I zS|iK0`@QeO&ZA7r75UOIdRkkMg7o0Il-oQBz|5vvV`hkzibn>NbX_Nf7F{^?{v91} zZym08nC2OL*DgKWT@d;(P;ASh5Y-x`=Y82~3GZr*?5Ywl)@=||UlJtfcX*eyKX8l279{qG%W_tW%i&j=@_KgwRpvqTFoKF-Mc z@2j*6EvgEvFhhY#YA7+}K%jUs-J2iL|Bl>mU+H<3D$~18ctQBnDPN+0aCHTL|M;Kq z&Od_I(_@N<=`GiN>`L)hkgP2q$n7uqk4)0#h%rjIS=sK~mx=FJEDOhPU;9t4!E&%W zPj1xvNgr-?6`B)rO=zvmiPI1A@4Uba>AqzZx-?u4%{Bj7_in9)yP?34NBciRrD*3S z_Yo^K1IxE;(C7b8vJtd0ofy)TDwl%n?9DZVVR8*4oj9ds{-e1ydePmojpfn7Kqcp4 zM}H)AH5lBb0E5yEc+#9c&QO7cf0He@9(>cCXM7$apcJzfx_`Kb8px#B+G>NXMFW#T&vA4BMdEE$c$`3Apc0GB2+OFq_hT3tMeV!)sao`nt_fI$ zQpTCIU(2TR4H!F?9rvWekK*=W2Q>&pfJ^T%0tn^DjrZOM2Zwu-a5L4a!`*X>P^q_m zcmhkVr-T%_8uTPdY88xM;1NFF8=%A^`CdHoWHC@_y1gMFup~Jly9v>OX8~qWcvI)Fk*uXxwsPC(A_DSviQoyM(JSd+tHCb+#hQrQyN zfXH$F1uD0Gvx8jow%AudR%!;kVFcv8tp;+&gmCJM#+!peA48mgjdn7S2EUNkmjlE1 zWwrp}dGJdrk_>SH>(Rq7U?KI7@RsStM#IOy7Q2d9DC?^n-7ao*8Rd)#s`^@ zs--}s3zz@ccDq0)$lz#uK(M0lHcQ5uk(S$bsbu$1C!`T~kgR z0j9RM^^BU1`Qves0TyItb-iQT&43beRz~XBzvJ)~x{i4FQOdXxSJOA=2$G?9PG0?RXjEEY#i<_1L<@0PZt8|X<6_d zi%F3ocQ)t=WjgqM3C|F0&i?f+y9k2h05hUy>#KdRb7K zl)nz$SR7RI+L?U6#Uoi~bev`}O7TL6J-6xL6V#PvuPXLao(7O5YR-$$Q?iMC@@&1p zL-UV^eRm!XbIP#$S^vp2+Vb>SflA4btq%0j;|N(4Nfx@?uWmu&VAIgdVFH1uy$Aw*HBiAO6$6G+_Ftfn~`&De9fh?S*hTY@XwHcp21U@>bK!vDnTD`(O0Kj-*||=1lc`|Cu)1 znVKfrIJ*=8%KDX{1P)*qkRJ5!$|%wod2P$L*Ul@Xu{r8l3ec_UX7TYAZGAG)tOrHN z#E7&Hmk=~QBYZ5~S_I$>F@`wA1Ekb*QM1D^waP3@=n~x2in^|g|&#K#t zd{kH!v$<=0{Wyf(F!Vq?sS>EP$5^?~dJ=wmHbYeIAOKZ%XNa6>F^TKCHHRauPW@V$u^dn;?)t{)h94AW2 zZ!tCLb(-Sv&}a4KK0OI*--0tCE70xicKgSPqHLXRrwAe5H`eFRo4PJNvhwNaYHDAO zQ2t-g8^3|iKMHvr=Oh7mV_wq)Q@dd;Q1VGryfojx8_n+U7%6U$W=d{;4-U``UP*Sr z+nAG|AK$onxzeZ9VA(d-(f!zyMeqniF*VY#H!>(XTV(BW#kBKURzqQ{XGsF(a}SD! z(jh9Jg`9Cc8EMBO`=xUGc#n6D4CtY1UvKFs4yn@YM-yI?J#VoQho${i*NxrkRkI3Z z9P>YJJed!WL*#iMF^;9DVvPtBPbEn^m*{lKMv$qt+YJjxTxT$tj>n|xY1|Mtu2-KC zQTiv`L@+^(4T8MroN}6^QwKCh5{C!28-xmO>51I@WZ4(FC$L6{@;I5%xh6f#E$I^; zJIrs8uC02c!56*YeT8?F1mYfVQOY5f-e?pOWQfS)x|ASK4DYi_@;O<5B}8@ClzVc9 zOfd%fFl@kakT3TXL0X03IYLzHF2|*mvws^Oz+IG;jPugHUkFfN=qxN~KWKt+G-bO- zg<0od)jepPx@|ArO7tvJsQUF&RLJ}AxpsxiW1Pd?Uu_`X*&gK^XehM1 zd=5Tq>_n2MyfK`CxsYCt)%EYVH;riKY)L4e4e0H7GfG_NSkt6&CE*kiid#&+(&SvL z$j$qZi>0PaX-A@-K}%XIc9K!5wD}8WRJYHhk(c(+twoDN)5v#v+K?8=V{gcdtYxpm zP7E<*MxKMmYHAvvK^f@UxBWCd8EFEvzAk+ZA0yvwe4tjyDq183{=f(JQgb*!fmvh&U!Idm+em^EEY~+O!RfF5# zvOTJ35_(Z0dP{J{#W!5^OF9KpV--V!%j7wDP>gFN?@STXUnn$!2L?4Kb8WG8x~#G_ zIPsbga%8u+b&CGA#*Kyk7Q6POh-tAq!cg6R`dy=w3(6Nf+1dv2VJ;WsZ35j!L+Ww$>#97i>Nd!^iH-_cg!6FoVk zZ>L~^iC5zlFTZ8!gl1X$`KB<>L}_m4*BUdXsk`gk=4x0){sO&a{OPHz2wx(> z7EsZ=Ei`VqoUo|f7#mw|ytuA4`KpO@;6m~vzID_~O*rOkxNgUaeii0kTKjv|cQ@?m z+=pjrWMgxMb>6Xy4mMSB@6y0$dA`G;y0QQ0(vJwWK$2cM5jxkiW@K4t*_ph*3yzG&bRKHKC^xTrM8k>7@^w z{dqrLa8jm91aPIl40=d zj9uk-+qmtDeZge6TUfBkgDRr|dSg zny{%_)p{_1kH-Wmx{^iPo3OWK^tAIg3!avv;XGxW#Q=rQDqn*C&7(^weX*$y{;~U0 z?QD65Nv>&9l z@1(-~)uyf~Nfcyn1E?<(05-OXjUD1&z9OWm_Ld}toR?1T?5|ha?QYlzJ^M+=kw7O} z#x`##Y0gLZ|9+My&eX(e5jsw@XFxq_D#PqoDO+$hJ#|_0%o& ztDK?6sJ#AzWM8b4JMgSB7RtGg@!CxSmMNyd=eYO1T+y z;FKQQ(Ww^8(;Y^Ywe64IjK1>#k(cstYC9)uJW$znDO=g(@4g=je1y1(IrWUl{;dYW z&U+qt6gS`AoTenHYRINg=^1}dB@nBA8(JzEZhhT1d`aNoa{Smt>Chdq_55>6uR1Ct zAg9ci4V@I1gnMez5mGFFhuvp_f+nj1LSFRI#Y;#B0FnOWLyDYi5>@!rPl9UgfK%Ju zM=DyWK0!N=CWzJ>&r;kNT}~y|KgKyPIG=?Rpg?0#wIh;%074bpo{08m8(i}Ve=R%G z|1+LFHBj*|bR2m4+R2J{5L$-{l^dR=VrL`iU)U|1wlA6#nWty<@5RkKZ5$`p%@>eo z;UED`OW@!kgG<~Cw@&d@vw(4k@-#X2YwhwXA=Wy~){Yk5SJ^oAy*rv-IB1NSjVNVE z8030tQ?XW`c`u5-_@9CV1WhnOS|`M=gPi;P7DqDdnyZf*8|O~LmDPQ2RQ^0)=LazB z4QvFlc$KVCV(TES>$$dT&2O8C;aj_&6cC6B`$Ou_a+%_SBx$ygy^_m)d*u^nKJ6ci zyTmF2)n}JB@l$)H*x}P$=L@<>VJ0MVASu)wgU~)+=!~!x2+bcduA)&sl$_f~lL{NA zi}d8j$;Z*%|GPJS-9vo)TF(X5ALsJ)qttlvPom~Sc_s?`vWNh+@=sdA1l4~^3^!9i zoYVV%;I=?*#2h9+j_S@C5fKSm(c2=n^tb!ntmr)upSE&qCuH&764OYCN>^jZORg`p z9&9Rmb7WCVBv9Ewx7Y2a9nlii)+Ofj9)OW!$Hn^%%2I5Bw|6|HfS+PadJseZ#ug1v zv#WO1{+cMRc6o=rRP~Qr2L(&>vvCV#$+PJcHRJCXh5`zLFU$6udH@8fa8)Y|pm8KsJILD}F_@P&|GJ358oB?hgXNiZk))^7F#8gX20sMB18(=@;Ul3Jv!MOc{QP8b z(|K-@$bp(6l&970Qv9NcZLNkluHCSqs3j#t3>$;lm`NdTPFE{080Y!deW17!vKcPZ zUMfk6ri|}xMd2C^)dyRFP9mVp#hc*;Nx2 z$jiYZK}^R>{b}up_bBmn4RK_m$6A!gTH^uSK{fcAYsfW`lKU|F@G(JC+S|-?^obV7 zDZ0iM>BAX+Yy;PR8A!wNN0S>A$c%Z^jk z?Xnc=GFNO1E?G%akSRb*NUh^RFppI_5=Xg}#e}-}2Gi}Q=Z$yPP!ni9@jhK5ine3- zjza?ZO&1b?k4ou>mw4{Um(FK-C9F6AoT8=3n%km*#en~K2jfu2)V?2FkzNOGuHSlA z#(a&Y+Y7-gsk!jpBv5*E;4Iyj=`L+kSr`Wq5&eaIfXO%Y#Ysepcc0(Xa<%tO?yAQe zI%Pw5UGDMYp=vLa_QpeGi~($g!&<&k8r0#*KuyD~E28Lf?`_H7O^9257RVSePZ^%h z-e&B43*Xf!SBi^j8ud=>)+ML-0{I_o>04tQx5%)a!j<_o?&={_B|Wo-?lD$_;{tv9 z*0VNgk83%uzC=y6Wxr!rt8aX9I<5dMS=Wq*uyx9gx)`R3tbDzo?4mm0Kd4jXq3tdz z#rY5L0|t|J-jxX=%$_ukjXRJvF0FME>?%rhJO!>GU!q|l&Z|ES5A zj&YExI@pq29CK<04Ufj5((nmv4cG1_qXF=vzp*tOpDT9$6^m-M9G!-s)Z8s2?$PpX zD)6p?0?RQ{Wt)b|3NF#Z8KcEDteY(@&l27O@i)BT$fQx)T^TRjnxSyrJnXIB3yPLO ziLs*fM#W4Ovvr3joBVB+4$4s(pTt8e={W8wMY(NTTiz;94b%yEc8t2<*k8~3IusbB zr>lp~-CZv-^%7%tWQmo_2k}I8ZW>^!teeOLuHw)Ay?K#T$o;LEu7_;O^jvY5haz`( zn0zRcrSVpN%KSTn_YCG%VOy+RTg9Tr(={T@ z({VRBkJ1_WQL?Gx31BiOR>!q&?N}%?Y*bn=pHiT`i3ajEa(t5tuPs(~tJVAMW zFd!pl*P$5yzJ~@T;ftc%n@ks{;Su}$;mfux#mw-JWHbp zTEX41rI(BVi%wcS)Lxt&2V}dhw>{*w9(Y_j8Fj1uAa`-Nyqxn1za%_iD7{iF`5z(* z&Po*)iN86vtPw!mqr&HDm-fp{#R!G>Z-vMNSKNAYr6Wwt)6L~u_*xB-e{+H;E!a12 z^YHd-TiyaTqErL|Ej8sQh? z4-1p83QZ&;FCeXe7vKa4I*0R6*PE4>(s%))le2{s-d@~+;fq~Z=X0%9W2B`(4pr^W zt-plu!||5T1QUQ&pWYD=ri$}G=Wld)+_VC`nc3b~D7kRyrc!$bvj!Hwf1ps%%+7C> zy6%iz)%q1$<{@xE0;xV+=`CH~TpO_Luxw!V!)r|3%jetwft&{W1Wn}W?>NqT8T?o^a4q8ZkP4$k36mj^5Nv)60(lPta z1``RQ;nNn|vx>$I^A83Ls8}pn!pNmA83shM8VXJ~(I)uFyn$Im3va?^0da!d;Za;# zKo(q6;90yg2P>*P|o|?J{5Jr@&pt+g?mpr*PblV3?awSGsZ{J?=7I zBxSlfcd$J=DTVryT_ul$PZptd@_1UgKCw{|*nzGnNXDJX~#uG4!|0cr;&>@4>q#HIkf#$~K zzebztQC5DIthPK-Y}UXipnX}0c0|e(iXJx@Ovyw zY+pe(2BcSrrk&W|ISrN>zdI8^{H!7PA>5&CI^o3{s3pxBm@eZhiLH@}!yEElr8`sY8VHN7 zDHCy>LQiwuW3oEm+rVf_v7FULmh zZp7=f@E9U&Jy5`I&;C2ap16wu7$SCTsMNkYP2ma$RLA>Zv%9l1RP)bsCoYfxwNB(% z4+@w@^?XuE;f?-#fxs8+tS2TN35!yw$(Cr-TR7@G_}m}^X-ENJ2`uwI{dxin`0P8C z-3qp*_2QrF&%XgmJ0mv{*)@cT5b0HZ*+Y=~|8sF4T>QY;62)bo+=CRd|L1KJ{@`u* zX@u-jDdUT5M-xgf{Tb~pIe6P^fG(KNb|(2!A+_?bo2|W)UJjG|;%?c3)eb4zAh2JdU6DKNg;@t)e7JxzaC}|+(K-R2X zf?&%3OVDS;Jt&`?mDL_Ixlu={Y;-*F#(RiU&%-$i~|LPO|^O_Y&+%I#g^}PMG&tDZZ0AIQy!2Qt&slMTIo@g)D`=}b^_TT8 z%M6zG6E%xWutRds;lUo?U(2}L%?Le7-5SLeZ?rx&&oXY`Q5X(V%p4!J5PHx>WMod( ze7(b|!p50;Afa^u#IS9oOh=)T3s)ybmd5@fbVp@@o{1zg^>pYq%LvZelma{Nunr z1$4UJUQz`rD<;fvM&WABhCL@lit`0>BwLke($hBd>yX)fPhgw83zmwS(kFbaa$ENq zut21cF6;~`Ujf#Ld!EfufPRCk1ymKeJa|(xlt-xc^}(HzdvIM~!%oJ+nx-qSMfl$B z8{QdLi%ug?>oL>YUa?y4c+pFM^3lKH{h_(kyZs<1JKWOg<3s5^XGANhrMOi_Zj`1< zTOpnIQ3HsUvG{LLMeJ^(L(;%D*FdQH_aBTN#RH~=BjyDg=g$6) zmUo4Kb0DcNz@~Zta!dxcH~GH(&O~@|fnn!~Hw37mbq?cbp&HvS>ritNo_Y^&uDL7=Zq*m`S z#y;w{*z(5AmbOC(IW#X}b?@Iput#&o01JNfs8}6#hQ)@(C!9{@Dg*Ldws>{qS-82V ze;ND1SRhdNpBVZ_;cC7;;z!7^!vlA%n%Sv1+psrR02M<2CFyl&DZDJ+*6&?kGa+h- zr)p1?6KZbD4RR7`i9eeVU>RSZDuSJZqd)N`9V8&mPSJl#&2Ilf=ck-?s7|dIlxxE&$C( z*1x6s-(7`F7MO>CeEPS?3J7@oFBfWw5C-`FY;QV<%x>FN_d%$CX}SY4)ZD05YbWrg zKW7jAys6|2WOAVJJc!dBVzA-T{d(GL=UaODCNHLi!MH;BbGHYsnZXN16%{L3ExlB+ z?gZh-lu2Gq(Oz=r-rs#Ijy5Znpi6^fQ<>?N)R>_!W> zyPEhc1D}*s9S*jWz3_|_zC98r7LoP7){nGXm*MZNAngpGE+T+DC!i?CZuF{!nAfU` z?QK1@b=q}gVm5HSh)gELorkLh{HRdIpO=xnf<1tRI{!1Qy*)k~okjG|IMm+c%~7#7 z-Fb#VRy*+GYsZhc$PVKw793mY3|lqV6Ml3SIGgudPH@(#tYP}g`w9C)GW7djL=aQj z-rvX9C{n<|6h?`Z*Ifj&mPKm28fFjlbO51 z&~pamuy5X6QYd*DS}mAg(upJe5i_^f$n5}Vpk-s$urR3!vxT~-A%Kd>7Z)AEU(Y15`pD%*{Kp~W$`SUh?YtvlFF47VOE z>I>$>sHFHcggQnSbP)Ef9a1xgSyE$ug702=dEF17E1BRg^aHG%*)OOX@SV} z-IH!~Ies11FQI7vp2;8rY!9!??-rGkm89%93* zL_N>u*>bz<<<-bJA93>K$LtR#KN~!YBO(LU%h#BHdr1_3mlrX_s=0;PURw+C339-s zFB^Sjp^Uc{Ht)Xi?}53Y#@q@3kOW8QmS_}qNa;(?wHjIU>ihpD>&jkGA%-(}m0*Zj zoJ9qcXdmP}BTHB*$+sqF82LPW2)sn-ADfB@5|&Xh_6bk3{}q=he)f(EqPdho_zurG zo@C%wFG{KV^o)myTM@pC${cJQIDceTODxd-V|1UXE!)!ATF+4oGQ0)m>-T5ADZL5H zpWaiEz;7+iyQe(J#YWiHhmC$4uguRp*Vt6sb>a71Z`J^kd0ZxA_fe8eVHZJ5{^+NT z!2Z3B*(7|)V&OBy9*wwTF0_#gtFL^+c`M1b-PQ?F;IKeKc#~lgHey*oTUh^=8TK9t zh^BXa0>G{qtqP)&T8b0ZqgBii@$dLlShT!}E=JpU1I5e!v18@sF>_bb8$uE{l|ST? zceGF@MHihv2|9zRc!XMQ<^sRBtUM9@q7ah5I4w~$B3{R6mRziC4@voIjQ|zau5X;3B3-pF zS$yp`XZj*R4LhLcUEm=hhIfIZA^`#V02z|KK!5`DzI%1I|7>;Os6l4VC~*N92KdVq zwSN?T>^>zB@_?Bw1x}5s6#x{6*`Ob%?*Eem_xSdNTxoAkuO+qf(Az(l@I526t?BCo zV;yFwvJO@A-x%bw`8-{NM!C|@RJc@0!0CH!i&^^-84_OA8KVL!Aiy54u)f>s{23C> z;qh*q|9F*NGdtKpn`)!t%jvRGz?tZwq0zC+yOkBY`bq>g^;Sgu@a;9PIP3@YvB@8V zv(q)N*%K{`wT3**cdx9qe(K4y`bo1hqmw|?%q?ae8g0qf;hWy%LO-J|%v4D_qC3b~ zeULn=p#o^<|GfY6AxGuzgO_8}Q{HqC;CLy0!(+Qr6B@F)s~Jflhj398s|vl#{1r{% z)eI|lCQPnG+lESqub_q(ccS-Jh?Ca$AIseP$|K(6rkWx}5+mA<(&e6E$**nZTvw)I z->eze9+?+E3frIPWXRJW5z-XfdF#RO(_8!IL)<>NEeie7ZegO+@eIeVd+WZ_punqN z;=HgTn%=UVDyf*Sxmk+NjmA8gFG8!aP{McWQQB2S_3rTzm1x~&n(1ntqs;=eT+I63 z+)}Z$PdFM-{~iyfnDkJ*!x01XMJ+=5rD#mo;r*>2-o3g``b(BdaM{HnJjYqZvG#A)=`ih9i~#=pJs)$*agQpUg%0VIcq z3+m~8tJ1#Ixg|sh_C!u~@o~1tPkYzxNTYhcb<^$+U-F`(jA1c36+-kCw)n{HVzzbH zmG2OstQu#pE}KNwFFyO9X-L;by?3pz+`)O7Z$nsh?%H7(n%*+4PjpK?exonglC9Qs z)>jSQpG&99QCkS8EC(vPOX1)^cqLbdXEUiukp|R0TZ^Tp$x;By)mE2WU`zzjv&tjA z7Qf%sm_0343aEG@=r^(sd4P5xc~Jwnof05><>5VFE8R8g_I2SvFSlRhmZp2(9yP_y z7OY~Q-m|T-ZfjoyaV_QaDKX{dKqh2=Dj-sGdU^K@H%P zy4pct_cMsnQah<$aIcB)OCz1LHeXx?PXk@#P)!q^uZMnkoP`tkV%cHDsyxRIvKyy6@44UTH@x1xaYh;fSM5h&2 z=nL9#pKxKCtbtsyovuWoj``Hx=Kbu+1Fojn;pA_x-RN0Y5zQW1o@)w15jpE_n0&hG zU1aUd+Rn(lxMn`mVUQaf<2`Zl<-3}ugxraklSXmGB2Mq0nF#JkK6nBVF71otHc2Zy z9mWBrDkWXCgWM#n(A#oZT-MfxK}$s)%--Z5{HPvo@gtdCcJ&x)iC8iQJ%9~P`|L-v zx*zMyqSFVTaXWK=>2(A7op)zm3p{>+-FeF@UUwwx%Qe}91ziExg+;qJPx?IHFKi4? zjn%#}$|xM6$oo;MD{yI&e#?aW`~|NCjLJY~npOfSyp-=#UW?tb8aM@W4z$`zc-Wzy zj-MqG++S{!7K6G{LO?7$qZ2Weaz=COy&HFzZ8+=acD({?*SrLx#3kF%$eyZB8*)YW z-SO&-8{6B7yVlg#e;ZmIHWj9z?xzonZUm}%t zO0_fLFEv%6D$%76zlPkeZkhXWUIfimK(}AhRJq_}TIr;ImGQujEHsJcVTB#Tmca62 zrroa<4O1PjMa+Yp)9*ZCTUP97Cdb(K4?R4UAT{iu-;b?N#imxR#dTsGN9V%H=HR(39l#X=Q zcqk0r%(dw#iipuIcghTJ3YS4;t>?VWi4wmWgH?Z2EahGb3Ky4)$giX|P2g0`CqS&m zHGZTnvUH3YHBcWB7dT#~(VAf$9|(U2n>Mujo?_QNras|C6>Nc7f0)^Qt3w{KcJ&5y z7QV6QaXx-2b!?Z?caRS`RT&9rvceteZk6nVPMa@p9VNYLI|E;huT3v}i-aiv6mTXc zMq?4n@3{-LJeWIjY#9b@3ou!mvv3my#68d=!r@?yVbnCpp=rKmVu4v>%;Skz;tAUM zI<_>+sL;KfJIW4r-`;goA&0gh5Mg86QOb}7P+1RWFD$y7N=?>59)a&|h%~9ePP{}$ zEZOGRd#Y*A*047gf47cqSllc(d6aGs-(38`ZeQMJ)F-yr`Hdydz|6#>UdW!!B+A&k z0fuUouWZ-5;d1z?9_q3Jnxb3FqgrsJiwq1d_h&~jL1RG15lH~)1pxbVSpyS<{A{3j zsoTAGuqBs_$S3YG(>eUkch?5otvyX*U{H1)eFfA}j^MP@{Mv{{&L~rdA}9DNk?dE# zYEGr2u}TVeo~5hSu%|&RCf$~Ix3$MZ8h@7ePG+Xv|1zI3xg@!{U+sG|F*|on%|avM zoXX+4Az>~!Q7k%N4Njm=fb+)a;Oo#=0Bak%fNTZSB6%N5+##5|tULlx&AD%(;snO6 z#Og6IvIE$NKEBg8jotj-dB*JyuIkC8lio`h+&rR}K*vvC5Ci3XHaPIz&0y7S==dxh z07~6=YMWJ@4~FcarM2&l4nwZqY1RC=!SH!ntW`M^)&KU!w&O53U?*V8`DdT{VU2(( zt6xMuz!3_V0|EWpLqX`I>l1f2wUz#q!n-q{K?-g3#e}c4I!HOaioL^)%*3JLrXzKt zrz<*3aKghfsoPVh8Z<5y#11yN{%^*W1KW1%b_t_@8hiXY$0QQ=S&A4=ee$7^Dqo!X zQ#-w-5S1lt>bFRDO(s20$6QCc|EF7$s{_y!Snwy+8Sou5Qn!fG7|Fn4cFx%H)_xjz*I9Vb z(OpHvO+TRjs;YuLx)$ulWJB!H-QLH(QjAKs8&jN3dGmYbIU!I&9t2|dr`bj#Q90jH zu8QT#^y!-P=Q4U|t3m0jH#Q;;MG!BmEQl=A~(xWwBY63Bejgvb)+DaD3p0#^NV7jleWbR8qI>_`m%4d^pLuY>b=8qJt| zNUAtv=>nkFiEQ>7t{v`Wn`cWRZvI#x3lNTQ-fgWPCGt_@xyn;JYc_YlKl;n3Ms8Rm zs8^?P|M5w6M4q0%#5c+sIT{T_o}}-=E*qG>Mvb}iYEI_|ttD`H_%j75yqs^lWw+Rb z^WQTT0^bp^VYyjVlV|b6!`!Stg>E_u+&@D8b#e&zN_lelW}HRFr_@UL3#__0ccr09 z6GnLnYov8UgaR3HQqs3FA5DEeD-NsvI*ADNS(IEG7{paK#Aoa}BQ1c3e^fA(BwPUi z-|fpjYP_sa{WOpH%pYre%ZX;ulYBr)bLu1Hk9JZNOs2V}g}31GTEk=s&ePnUjgrl+ zyKBQ)o~5xb3g%MXJ+mD9r-lUgsx3Zd$LU0S5%C`_>uUR``6-@V6S*bvlpN;e5Rfz)cMuKn~zyJ#sl3tLdH8||$KfImWDF5NyI*VAd=xoNMpdUZ>u zDk8ddG@3a-f4FoGUbM7wX%K5vP0s(M%`)2}2`usJ>x7V$1frs?b*61`-3g$)IvMO2Ta`;jQG+}eF!_+v#?yEAL^!Pi84@3s1m3$1KNi^6;fNb-0Ld33V@!_&e+)(;)QLM$-7QFecF+d^Ez zvR?AZdoY@#BT*ddI`liWw8(JRtlC@}+Cg$^{v?H?;PLWYFst;##i{+B^>*G#&~4>Y zsM{@ekGVSk5$iVpsPRLuz_s$Kh)olp9@forqiEAo*7>D}A!Cd&+fF8xdnTG8k#tD1 zY=$^5WP|OE-SRT_t@45BQTOG_*-fGcuTaIKBe5R5I>ak=uzC-*8Oi;w_d#fUkm~R#L|uhKtV>9H^mWK%b%H z?2s6TXblzvn*YFJ$YUi1VgK-hlPw1)+jbej2`r~+FRVfXa)GG8qpLx{*>#M3KcU}n zRB+fkuy5G5q1777a5cXsy&oQ$SAlhSVq+04wj8zAnZ(sTo_uJnmjyaoAE%$$bE|>8 zJ9o+WRiBpHI4NAxkK|cYx_3EXMdnVI`IFH#b5hKYE*V>7#QDs}!@BKvGBP3USYI6JC=A8wBCfVD`0^Z=!}wYG2gL6vTEE1Q;&8Vkt= z)Q=jeI*_Q0T-};J_s1Xr?1cOBfO(}NN%YddQ=du9(#Nd6EjsbTlZ#t286VT)`9+*f zIm=l>HK#mWTGs88=!EvFna@t~(G@?hkz3T$i1;5APCpk2dEgY-bh3*O#5 zVzEdykVdL#&b_SRI%(rIr$eV(CL9fqCYS%1QrO)d605naW5e;sYJc{z_Eg6M93?Sc+yrcBCqO)KJESVNxcm89h(=D91CZ+k8S7@ z5_}a3*Wy5$GJV!UZ+`I*-y%EBPV4!{$=ix?Eb(p|c16Yw!HcO$`XNr`EEm zwHsQ9-hDbXz|-Qv=x{1@+4uc{1lMS=Ir2L78$4tG?Y znbz&uG=5mgi=KU$`T(JtWZn==7xT{iEL`{e(yw%M0p&-&Y|V~&*t!=srZSZNk&A!f ziaVT%7#_sK+;Q5y=(VZ#I54|!CwS7IUdX`iN#tTDL>^h4_RIp!>$_5cstDBt(9k?X zwh-#+K`ko1hONzlEyY=|!D zX2>n*?7eU$fN#v-nNvL~YxdOZTx9(?iW*v`+p@m&TJF`T{W&>=#ajwj`jSHdD!W55 zceMgaa@L zsG`iksb#f6+fP=2AztoD5!YQ$0NM8EI`Yrk@E1PdO`G<85`5UG<}%%(8*OUJs^_qF z^hhodle^{rz(=hoG*B+RpG)i`rl(Cf&^pZd8d8dU(g9m@7^k87&y1QKN%#N6;HIxJM1mG?fn2O!S&hDi4d_^ z8l^Iqh?vRmczL zBAnJCxf_-E<&cmQqq)yv zmVOk-;a)AW2HYalg8C-)3V*%S3=ogdHymyvS`EK zjS0)Y^4Ko)?dMQaj*3#lY6mSqXFy(n;$YC+Z zrXQD!XR^PMZ;4=y^iOHGdfWC_|^=o_QSJ7@gR*P5tYvB?!I4`QT>k7 z%Z8hu`|RBVTEYb^p^9!|ZMB|Lg-WQ`mOeqT?k85W)=wLXN|(-E#t9nw3BEvAn{l%8 zvi_*&BVkZPsS4#&1`cdFO|U;?&wUZ)v8f`l=z?UBIUsh|r(V4TkIHt`(L@MShy0~9xdrg?=vuDs-sL~Um4it8hv`ZG#y~fwYD;;7o)K6e!6Ff8K_}03gYkxCE zlWhkpBGO8n9P3(nHWIvMDtcj_<;=lO^WWG&=)vOA*)Ch#c7pN9LozcRBw9HDx#?PM z!@=x`{;8>;g(9)o^;P+GyXT?qYw?@wmy!hWA1v}qy0vQhwUe*)E5rTW z)-4t!SO)7N*Y!c|W_BW**(Bw;itI0$FN#Z!;R18X$U8h)k>bejdBuadw02;79L3B#2;sVQHZCg(~*wQ@rO*@MpmZZZ)04a~IdopnT$nz5Y?P$-%J;7Qmoi?A9} zbzu^~=vteSO>Id5oE)E>COYiGYv7P((I?m5Hi<`Blm+cjK9bnebdMu`-4U?RVWmP{PfJP zKTSvpc{*Q?vMl%7|9l{|OmZ-+Alj^HR4^AtDe*vzf$&K4W20xk_PWmC+EUM#*^fq8jn8tSH#?Fyd6$`I4gAUF$AZQ=|M9I6## zPB&mO?NZX zjsEH*_}EuaHCr&k_rmGHbU^wcw2Zb4W7W}DV@wm~Cx8m_%iQuaiHTAeYi^M)ax2gq zZ(Y^z`-qB8w!kBRZNTqFFWMdSJN@fO-d{up1;itj?UY7aQ^P2kT=H!{P66!myyb_P zD7pl<6}*;n{*yO>M2NwE8Rw5V-vQmC&h`9uiq_pnksTIek=|0v>woe;uxnyP(AdT>huB;lh&0IC)E3K+T=TI(kh^QI$j0m5IeYh=7A# z*Ao?yU%UH76x#v3cz>yP!s}$sxmvB!y2!9jPy-7F*xrYgQJv*)@64McZS!nTB7$oO z)a1XRzNaMY;*h|u!7qnUB6%;c0_fphnC=Mh06+8f9IFF-(mPPB+5YC-TOp7i)d$g~ zhJ5=aY>rKrZHroZ&`@h0+MCFH9u1r(tfrMSRqbU6#5t|Ikg4CPVE0} zO$xBv+z_M}ae9N|)O1~FLgw-E_kO<2mMfn?==s?p&?$Fu5I%WQ#|YVgfbVl|5W3F? zs0z+kkv-9MUl+(CnWT6=0fjNz^GX;&Oz$PYmeuXwi(oDHpj9Xk5jzK6DHM06X^SKT zC{7I5PPM$0+EPd&frkP2T{#0N-hfDPat8w*xe#tOSa;_wuZ9(w9oN?cDl>r*6 zA4#T)gyRG)yiq^_55gMkXu#vmD0CH)Eb8zr5+{L#Hua!6GzVNTKgYRPr>lwx?+&IA zFpo~QLx=nTLyBWQUS$%@IAeJG%i8j*%E8LA%>IK1A-DANH(Uy*KPp-c2HfF~G@kBt z16F~-go?x#or8q*1-8)?UQuWecv(&cJb3ZZMws3+Pqx?~BxEH}eJ%LR9MJ8VrV|fi zfynhaf2uGM;A61QB08!5M3Czqbllod=uXc2U$56D#v*bQwPG!%Q0*-;%a6ucfNWf+ zi?tz&+jgv3wcDZp8r12N!cTZ%h-_+X!U|Od>Ren2($!W9>0vg|x*H_*zpa84IpMVU z3VA!Bq;GY%wH)CKWg_4AqCS9-P*%j13l>_;(ATC2YU}l{RBIkqsd{YYBaY!c`Z<|UbElKJ@H$bONFx9y9 z#eG0M7-r}mJeUCIe(35S6?OnDYdRtwnLBHYRG7qv{p0bw{#vy6M!9e;-uHMCZVju1gt;M zgbLahYAuepy#*n>BY|*F0D=rLDhFx4x#5VhnAjl;6z_h>ySS{3bhM`eK8ncn`u9QX zO?>rTPNsY)UT-E5jSE`B$V5e8r9YQ+zcxH5=Gt>pY%8~JsRPo1aX;}2UQiH5zP9X7 zvz()M)OYht40)}g?edk&ag?x=b9G}$zy7`5ts>1K{MQkky2RYHd59CYC}9W)2GMDw?>%M}FU;XJOi@ziuH zv&|`d*dfB-OslDcwOD94R8DB~QJ_Nvo+yC*!GNC+M zF(;pQ!E(WR@}S=ji&GI~m?${@X>!H?LK1>?wNDe8{9M z>Nv<9hA^zZ@rT^7RjIzGV%V@9h<|we5Cr)fj}S#zLr4mN-mP8}&z$QCPTp5FBevH?%|v9!L|ebb0L)?TPipuNfME&-o6FTp`ATk+zh#R_&Jr$~!b4vElT2ANTi?wL2 zKKj23RVjf#UATJN499Oi^5EPZU=U_8`=?KybpqMT&jEL|SP=%9hU2-wEa{~x4gEaOcqVtg3 z=S5}J@6D*F#StcC?~7<@f;7Z&&HV1OU3pz+`Fc84ArQiH@uU&GXfdvPOv*@ zNNA~s^R#{LM3#CqkZ}WDR~P*|EQ^#^7RJsXD2tV)sq;I@I$3s-FTTFw>F+v-(Dw4yxpWRv+JfinH6wh<$5BUrg}L}=a;oox-nyJnq)6-qpReC=d^rQ zSE`SOVpBJA!U{B)OKhgp14wL;t!2y46qQ~_`N+SGu{1;A7TXlsD2HII6i$z3^NPC} zb@JIWcD8@wE`LE-DdQTpP09jG6sby6`4hptARs5)(v^}qKgPbmQ1cKsZpu2hlBQi; zGj?arsW!Wl0-ZPJpj}imrg<38v(!;vs5!h4>bgE$^#N{0$ZmI$4xw@ZODjyu*=*8j zoKbF~COYQaamOeGylq(4YDrJP1Ih(o+yy)nM1@*7v+xuWLa7MSp7i^IvsZsy>pEY5 z6wZx@#_IB1SGCfq(mOIu3y^CZB9m>_v8XdDkfkv?8d#B#asfTzaKRTW2P)!~=aR%1 zv|z^{dtU(BbN6Ij4Juyt5?F_AgB|zdhusW<=LF~1HP&q79YqegnCF&uXkUN(T#hv? zSpHF!V+zIhm6X4?wSiOU!D4L)qr9^r=jO{qPHXjW#s-(A>O$dO%Et#hX>@YQz&)tJ z&0J3_J-9`G#nx9f(9yf?LAl$0I%@QW__PAqUbO05ffn!sw;c}$_Mr|26#K{kKNYUdJzklk))Z{qg5!-KQ~`ngFew9hZt zaG|VpZxx0~^$4yDMdvvLSjxT)Q-vB(LaIw~)IG7K>OBJ_c*0Ws-Q=hvR87y%k!dZN zR&P3G^z3sPI|qVP7py-jJXjb`zH#2VNQ}-wJO1Yh^M)Dw-UlhI!P8IZ+lqLa5F6dI zDo1wKp&>Gqe)qTN=VdRi02FD-S|`N7Ah5u7mRa;0>14ibtLA0l7nmvK+IcC7#)Z4m z%=U4DNo`8wliuhm=1(?+b3JAxONq;uki&&I<{41LDTz6exNRf<6<}w;_}P+J`Z1^f zzxuBdKvG;y1mNj+S>!Y`nNA({I;9pgiXb%m^TsSo>-hzVO?!~b-za`sWNnANm}4lq zT-pAzXg#r~h8UM~A>Iq_vO#xvKGne}6mq5jTHN`PVHt&IzV5=(Z2O-EeD`v;ABhki zZ#pxdO1kx^*!S~>!xYa~>sO0ZJEoq?gF-F@5=a7ETl;N1K{|KSn=9?^fbsI(vRVP5 zn{RrSvNz32Vt0bhJrHBIf4zbr?PzA{$qr|^#5XIsW}0qSy4CCt&gCpTn$lbLuT7#! zW_Ewo`mi4O2qZBi(s)UT@Uw1i%q6<4UGe;oo_s}1+aQob#8D+y?7duR*K!)Wohnro;x8!t`llC3h>&#b z+=Uy>hr1l`U?*Wa6(YNo9A7t6BZ$P~U`c$lhZG`cT7oEILsEzLZH&{m$W??(*nf80 z1uOP`_Xj*s!htCXq5u*vLWz^|$5kYx^p%*KVshT7%sKw*P`+!xmA+&F5tI_KO^v{v zBwHHTGMAE zQnvS?<%T;fQ|?nGI1dI46YGY==~@XRLE4M4ZVh4vPk`eyKi&p_g}KnLT2hQ`wMo5*+?Nq>&P%Tm;+i}K5E&Y(vJ!+VIItvjj*$YjAydHjey8Kxa_J~_Ug;+e ze#VH1RUupw!v0S2Jfchrt~bsz31t;iAhbnIr01we6_(?5w<+g$mohL@B*RsiHv#=F zqw<_?YEReE&I1S&9pSrtykGUkIjPsC-@B!fr~qj>z$+m8p!?CU=BaD|7QJ3pkv(4caY8MEKG0a}H5p07(oG1nJ zBf`CgYRAb^(5FMX)7Xm%`>Z;#;wYFlje6d!d2t5OCdkHI`ltW5t+k5KLsSEe>9@aZ5S*;2i2^n_#3&IwgsH26QAB&;}~oi$)G| zNI)9qQPk6|sqkgPOK?>~l8`8Ykr{Il4+r|%BSx(M6+_(4bA)L*`_0x;1rw`a7Qs{Kf`o zed@Bxg4$+I`{O2Nn6#82Uz*475Um)5rp4g4)b+Rl_>JfI<$^gSe=56l^eNhr{V#0i z{Zi+GfZWH8gGWOfj@oq+DvCPozuqr8Lyr4%D3?ixmXwiFw837|{XmCBSic|*5rOou z^i~h^4WI6&UpRQ(x{$^FdfHX*jbrHC*HY=CF&tjYh72Q<*4=H2XUI|2iKtIcwisyN z96-2i_jZSkU2Xfc2F7$}h%a zJIOo1g>Q@U(`stNN&|8*v2vBja!&lhC(xgOOB?9p5L%sQz8;*IdS%R^Et=eAaeuDi zOgQqKw1tl9vZQ&Jl{S+cc&xE;`}RlR~5ups_TOE zTuKqTVy?C}P(9D~i$%(5f$_;JX}V=M+9zoBw-y}p!xvmWF2A$t{f7m4XdDu(XCcE` z4~zOdSYMF|TI4H#)^~2;QwELIy~#(ds|#2VSZ@uR#Z1iyJ&Eg$?Es2bNuX%)D}GmKC4XnKQ!45r+(5#C-+*t7zw-3sxQ81^SxRf&wD_ z8Fu+4T~kADC@B`^*X@ubjz5>;OY!PuqeTkThRBjMN)Wx%R+(Uj2)Rl#`dybEFz-YFQ#8{>Z!ZI!ay4adpuwWXkC##Ui2=vrJJ`4 z$RiO41?ivI-8cy2S4@Phn%JlL4&@yji@r8DblaugJb_;bC?UD4Lj(jf5wu^Or6qgn z?)^u%l#h-mDBF#D?ED-@zfXwMMK=cCV*_5(1*yg*4P3Y3N=w zqP3`&WyIRS+@0J-kcl!mR191s1+j10s>hU3eUSz2>;K$r$9;2Q(pKbHHXj3!>IY9smul{3n zuafqrmxf~r-RzY0rip#BZ(MuivGv{pJV;ouzntt?3dyi&Q_C0e9c}EuRSZa%3s!rC zLs5 zbJWC3Wd%*wO_Q-*qj@lgv&~d5hzKpzS-gr~>8u+b*tlnpbE~sV=g+g7;NpBgwqs)P zpNyWW<N-vBoGSt zl6<&J83imqr^i}dCAbxdOVlsJ=ix=yg=^Gn`O~wcGta)=rquLIWhaoJL|Ci4P?)h<|-3 zaaDkUPu+-{ANeA_u_U$*v2wsWKvw?OXLGrNR1BP$&#MO_hA%)+W>q`Q%HKqdUiTi? zLIqg`YWn6);`KepT!W+#U$oL0$IHMXxcbVrpfOhTM$3!5XjKCw$3d@8RD6$}l0rO^5#rej5^mH_I^4Z)H)i3l^%2r0R06 z)nSa4Rq@$Yn(LG&5s(tty5f?`-c&`R}}cNKaw4GpihYvQ-c6s zEHd6Ie_`V*A5zc&^+~I8P3f2cKWnI)!E-}$YmB)8IV^LZ_^UB#lQ(Mm!}lM$V%Ua| zSVBN1QE_Vb$kIdMmNP#{1A19VW_i7gZ4h+4k%N<0%q0Tr-!(ySa@KG7j_%_HFbGp*id+{@tAOy-JzG58(89OPm@_=fb4t z>E~P!vb3{h&I6*7r7#FRwqxP=^IPsfEh`m`KB=n3S7K{8xgQv2LLF|HQ4zxyfBCsYW-4?uF#t;TWf zU(QSL6!|VWyJmsT;qLIv9Ft~W#bCbCwtE*2bDou-enI$sW&|~l0^gl%VL$*K+!u}&`8)3) zMR+(UxA(7&Wk=NRLP4yq`~dcAU(_`&te8JX(FbHnO2vDtVc5=pkGA_$GP?WD+%Fsr zK;GIp$bhBe-NzLJA_LEQX(=ir`e>VmA2hgK@XvB1;qVVRbjCAa6$D>bEfikH5S6ni z39L+R3r(w56Pf3e#JC|2iX4&5OaNGquqQT8(O@UFb5sv;XtBSOdKDNc{x~*B|E6w} zepV=7$_zkx(*&%CqA!&1!W-~#>NgF|r*#OaPZfg`sjlL%Ta7KBWj9v!jbu_~emA>G zVu9?)nkc=X-S`_V_sf>~Nx*9Yifel*55K_UTLBl-%L9Qc@s0_rpjLZj0s9^pFI#i! z*()xC7nLp!#w?bFxoSv%ud9fa9JxKWiffy6*`8&4b@Ob;mSiC$qP_B z&RQp_#)`(=?uGW2)S3=%Ot@k2UM-8pym9>+C$6~E$+7s=Z>0t7PtL2wslMNZOAKcG z_-EvmY{us@nD{qxG}w??N1xoJ5C3OO0T{3TRNam+F$-$pw;PoOZb;r!)w|bbW6jZV z6pu@!7aLu#5!3z5h;1x7uR)O3jQ#jhY%;D*{GFtC+R0bI(FhCg)zeO%?}^=eh3%$y zhMk(_>yU$Z#)nm$w(eam3sR>tlRu7CYu!nzl#38`#rE(#kr%%7pm!kE*nr#N41a)* z9~mxQjC#CPX(f>*8*s)d;Gimc2VpfZV-@nKlTQ73@o71j9S1h5nBxtA!8Iz8x^n-? z6S;e5Jp48mcc4(~u4lM2tM$=LDMcarQ;nO37gA1M zsqN#|ub?$HGU`2s79gWngyeNhD>nge98NwW9$WETP6nBDf4yL!3y{gai;)Qy$w=m1 z*SbO^8^E;Fg0Reqbt$&N*3?tTSva(!lnmv3ND;J5la|so^X>ElqemKIp7V%HKRUDd z;>3A0WyRXDCpP?h8L)}P!{fnnqn&ces_3RD6@cWAfP!Uk{iTgS!K9K?SL=hxYN{Sq z$?mRwsm*fC(SRemjIR40(n*TDa4e2Yt?9}x>6#3u2>63!Po#Hy-re0p4Zb78xjHv~ zRL_lyQShJTQ?>)2$B=DN?w&5FJ2VZrw4%XmFuKb3iB8xt;mmhdTik$n3#*F5h#@OW z8-X?5?_0<1l>@JjKC%&dI>M-A&!1-b?xrj#$^hYx$O#y}iT`-P^`n*)z_h(DqWIfh zCEan|6+gaur5@CGnRJQlpf}Jc{m*KiRs4(l7vmq?C&ycb*&FK? zD?TLfHJsq{bWb>AS=CGPjgIOr$Niw%a!GOk*^Vn?1s?l#%M>y1qCkgVl=-(`HkNwm zN4oNzS6(TBPmJpgu&_&Q2jd&IllVHlqC3i#hx|;*#jML?UggbJ2z}ie;Pghqc-xAv9;kvBRj#c`x}gnvw*QL{VoDLQt$Vv z1lEtWI}xipI0@h!R=z$D7V}{RWl&^OQ85RT-sU8Ap(*7iaAQDF`N51kmtL@F3RhHV zRfurcyu9^?jzYJszkFSt9?%pgV;ZRpybVzeF`08C-S?}iu6}N#SI*X4W(1U|?u(we zzhU(`N{@|N6P|{PF0$J{!v$Sne2oqhRB?BJyEDr|X(8gfm>QDj>9<#QgT^Jn(qA#M zeA9N5?i9^y8`MTkSiOJurG-}u#XuBzQIn6_H4Y=mMy$=yBG6b1F zV+;7uk+74Qo{B=M$dVQUAlm8>9=Pux9aA5!5M@@R&=3q+PWciXAu@1mGVtkDf%|N8 z+Bgn952eC|-6yy@q`NGPako+^ccIe3-t6bH7eH3Ze{rHi&D{l&xCbgfNaTWI5gP;t z-%#~rf!U_adC!Z-x0AV{!Px-m?HeD!)63_3Fu9od#OCv597eqmXk z;4kTbi{JH$Z<>bdf8@=SzML(l9vwKbk_sky(;#+V^Fn6TCl4e%W8J*o|3V&z=M`mU zBBHF7L1M^#LWQCwQS~g~%zPuo6@|#~5nZVLkEj2KUunC{gljmP?;Cq{b7@i&38ywe z``F7so>}O=x+54qdnkVTt#vY9)+HW0M zJ`EyONCH#c{mIJw$O+_Hg-n2B$~Jij1(Az*!{5d`2exb(VAS9T{wakkACNQK%?PK_ zOQws_7I5lEA_BjC-w)OE`do6(#}!>02r?qe;d8vfMZm3eQnZ5O(OX6w5B&52L@Y$J4<1bA2?fwcLeE7us{><0ln$;(Q+J37C1dHI9 zeGeoh`yRh*wjO_nXEuhb-M0b}uS$>I^3lZm)k@QyDfL=UF0NXmZ0Wxk>tc%7wMF?B zJl#S|>S<8jS>fb8)$8bdxtn@Tt_jihuhfwn=so|f2u9l4{FixVvoq<~1F5O;meGo% zfw{;T9VAO;BkPySTRTdT+vE^Inmnnf%cM*_8)Q`qmM8cJrPNK{ zJySAgU864K2f6v{ns0%ou=x3P3*3YALTuY7{Ag>d_;nezaxi@va5pulGhCW*Zi0XS zL#8wYCdQ)+{Sw>cVqI7dY-uo|ke1Lk34{R7>s0G@OJCv_DFR1jC z4a~pz(jJzSv(jU|S)M>$$kviQdG^)majb|NjFyQAb$Cuc#j;NGVI(@U>9%O8Dx?E> z@-`V3k=rf?##qhlN%}Fz>4ASxgJS~PrXUg2x!LNLi(9>!JK|Nk?o9=Rd*Z+<8VH=w zIiPHo)^iSkTUUf)iS3635+bxMNy)4uLTzc%qq<@@N#pDcVT|P5Q4`~ytfUVBB)7{y zU5(%mMC_@7G@>bFQxEZ(wlOdD!HRRq{znD1EK3e`f#MBf*h9(T%{<6pvyQ1`3x(7vR32)X?AxN{ zEV_u;NO+QG8)b_(0IE;k#Bkxv1W*S?JK7pgJj$E!u>o6GA_Cbi{|uokzeQa;`EAF4 zx=;bCK+}<>3s$l*8CP;ex?TiyucDT>f+e|}l@teUc^7x}!7BWVs#YaCO2S46Hd-*J zH!O*w`6YJeZ-&%9i;cH!irkMyc_`EeqK`l8a-sABX-)zXv&514u9u<f-aYkkU*V!Jzj6;5R`&WrBihxN~wCl>e4>8gLUc9%ejTA-$mElyiP0EYHoG6ry z3pf|i32$F$o+TVK1$;51XcG*N%3K*!0K$R^MfpX+mTT zdK9=P5XaWZuysGx1yQmL-QR1m+*wpq({?KfPag&QRQ;W5lMt|%vr`3v+;(EZdmo51 z-;eqNISC{-K17mr{0Sd_HJ*l&55j|VSTgEDB<=MsCZrxTsSi!0#r_7S*Qp8RYXZ6K z*~(hDqU&%grIx!D#Lw}Klyb-X5`hM=Fj%KGfa^drm07k0U##8nSD*o}lM_$>6n4}! ztpxDS2Fwtg1Wdsuar@k*{0as!SXCN%F%cw(S-dbi*x!(CDSwU^|2_KXm&RYa`A8$6 zV}NrA)@hH931uP80PkAd*<&(>zv01e+JoT)M3}z!A^FwR5$}(Y)}S%}OSjPiR(wPP zH_@RD@%2x!*0Tfk&5of_R(rw_rO}_&>nLvAnrO^2Yx}qt4HzDw%(>ZMz?t6GUgB%m z4-^9-7Qnu3ZykHnwdV%>Lb+R~j3(u<1VltXu_aRQR?dnl--Z9-7ocOV;Zg2BJXw;EPQlD95Cr{|IRgh3x|l?H6YTX zmXduoBE6ghul#`|XD>rV$WHAz7j!-pF*Y7F{m9qwv+6RSwgt3VLMAPS`?5+=rHwrT%Eu1%Mu|xvvk%y^txl9B=vV`Rs2c229VCF@uyf z@pU2Lml)ppRS?&6^fPZcf zG9qvcL=7*8z`Qd@0w53N@$_5<;FLng-iN)04y;a&zx=J0 zp$$Fmn@W>~t5hgKysCWO{Ug-W1zpEO55McM&5Zaw;GFgOQ$AmLJnEHknbM5~hi^={ z?O=C`(Dr?YsStll5b8&S>F*mAvSB`~%?q?Gj8Y#-<7f#dngsrRpM=hOc+X*|D!-Yp zxvhTWp9gaA^(;F~o{jWHJ-DIm*l`z8>GuRmhYI*-Ra2lVh+5x~x$v%%I0Lc|Nz4$+ zFNn@FK|1WZDjyk$1JN>W|9z`P$6^#s7$PliM;QY9n;>yw{e##80N&~2*&Kv(U^Cj1 z5(J+^KyWjbZPk4TV}AD^^H~t{&(OW(^jm@41XKj}n*>VV zd_r$|d04kS^$3*oOU**Q!pt8)Z0w^D{)>J`*5ORuOANmkR=%<_G5gO>apCkZ7Fmaz z3}D;*vJ3-zv(z@Yk5QCq%LRYHN`O%ftV^>EH|C&n0Ll9GxuXci7O0X=215If@?J+! zxpu<51w&-G8)+tQoX}05z|;l2?t!%^i5M_301RG=J= z`%6R>RXi~~Q{}XNq_Sa(nfSK-m_aW*#nv#5D=hiI@$Q2z$+t7tTO6lo&W*5XDF$LW z+bw&Hi~v}1gVX}@miqodLN6Ubf%wgFj>7L5l)!^X|6;M)>nW}e2cY(`d$yVV~*S_gct&jT=)wxc^GN$mtLyZ$$jq z0`7#TQK`WG>i%d*)*Lh2akd_A?pF~XS>$}hD43CMAlC&(DhP4`0jO2{^T1W_v(HBJ#OZRW zDRuU-A-7-}F&h&@PSsm@Nw0*Quc5d6nIiUIs5xP@Vau-@Fp24ZrYg|K!uM^!TdqcB zbHae5RxERYx{b_ya7313p}MPktkKn^ zw>LU8)&J%B%rril@U;79Xf&{U0ytJ$M*|J}y{l z?usz;0Wl4^k-dVZ4Oduu@*qvK_nSsGQWr9ue{ftt0n@e_|3u}yXGF2Iv6R28Qu(K# z`NZ(5G})Zg{?}ansLPm&u&1=A`SqJ>uFJFmCM9OcM|9hqJ&>vvcnJI9M7aRACY^oV zTCgxDN{+{nf1)N)NWL>w{AS_t!OR%~tFxx9`nEX;LKy5|jNtj4&Z_edRxWYll}TBL z8HwQW7pGmn*Po|8f>o-!Pi0)WU)b(*gVf0)5LWk379WdMk9-aps~tOLyhvLGMBo6K z)3~V;X{h2&r*nqAlzRd^7?se zsYp%)(mRd`1kL;H1;&u0mIPj}T`FNzpN~A_tQod^_11d;*B%YS21^N^qX+FJU8`nI zm2C?l^y5()EY{(j0J9&B%U*1P^ilVWKXCIzQ119b?)fuTF_hqeYfyZc*#BSmlU5w$ zcXZhIY}b|u}I?uXE`X8ySq3&>CJ#`)-ikUr>+=8nZLY^j3;eSs9NRI9uf`)WLg4m zV?v%^(G*;MBb#p@R7JlWo)~7WCKP*&0u3Hrx=oUYvfFwa{J|z5Y4_uW%5!5>s=do$ z)|zT5`Aj+)q);8rNgZx1TzI)no2$~`m}j-I_QwRjAL$myfH%DDXV2>wL-+0@1-fh) zH+84U(+`z1V!#!n3s4EUEnV~{PwMZ_4INJGjsEIqk!uX|18f|sxr7o>MvYIkF@k5+ zO&YR`9q|_d2a4d|C=OmygMi94=iH~H@5-fLnz?Qt<}sFPc(b~vuRwVCVqvGMl0Y*c zL_5c>8%yEWbjRQNYq{HX1-EG|PclbE{##NzBC%vQp@!2uWDEN}L~aa5_Fr1LlzaO$ zzcG*=Icc5)((>xCh7~izw-ph-AtupQy~h(Lc(=lcSAl)a#*3d5z!#4<_SxlKx<$II z8~HC%o~llayc)=iO?&*_@s#{1h$pWqoF!|kT+1G*a%kw(n#>zFiV?7<`>8s4@x6_C z3$``opX8o{-!#JNen%<7PZyyYzz0r4n$AZwSWXHQ-QndQ>=uK)8pMo|nBIw#lIlW& ztW8C>x>0PzNJ-sU@qOszO7^+OI2Rbgf{*P7@i%*cI0xwl(yY;$SB@;tXpJTfR)~JT z&W&r}1>m}xm3t*_g~0mV>>Ps5BYio_Q45?(!y#Thk#_cnC&bmqA%h5#(vSG!!B33f5;o042gLr2lSeZnh|a!S@i~Zlt?_C8$Dc?)yw6wcQ;BigMz_k z+%~6Qp|E$LbL#Trori);^qAG+@);#|{+QxXs*qZ-n*Y|{lUvVPz@8rt`W-RDZYHO0uS^%kENoOB zdh<5~cWAA|D_c1{q|?&;<4evOYld~!rv`L4pS zb=o`dpQFkAAHr=3Gp>(^mloedtNigV?BR$2`6q*8YG3po_t{$o;Pqjr}&V z`TK89yq|1Buz|A!LbHgaYW5%D0U!&M*>Qf-ZMHmgwwkYg*~3TS#{|-uRZ5kvc8Fgr z{{(~dv9UMWE@v2I6ec>dGO6|#fM~EzitCZ_0&()n?t&Df>>CYhkl!Fm9~Ts{fp@dq(s-fwxvdHXJaaHgJWgDBA==!_QUmK&|tWHI_5B8Ud1*+~eP)+$_ z7#944gcTPpzk z?<_?jcuiY%WwumIt9z9T>Gr&?+;;&C4gOkls%e>RaOIH3@wQaD7Ef}TupImG2KeDX z>lc~9FV7(gG?13S)1T+l>M3t;Yo5TIDRHG)lzwg+Qu&;tIrc)GWdgtRWG8t;tn#^F zF3d~7Ltdj(XwHA-!nj>>E0s<{spXDDXRYZ4Scl|>+Bq6?;-FsLlplRe!`Uv=L>EYxk zTtuS<4Xxwiq@n)w-$Fm=*>bXt}u1OLi>XQ|IgV!NRFsyzUzUlh|{F;;>0Y-FZ>UX zJ_(8W1OwjX+Wy8j;^V}{^B0gKxG_D)>-eo47XtpPFID=f|G5+=Kh&!Ci8L=LfY7)y*Ql>Suqqrx zj{71jU#dn^r0s_IsL~S#K8q*ps*nWV3mCiHNI(xVNX8xK53o2E0YZTaNd}m`Q;xj| zi}W?I8cjFDTBKdSE2G1OS#9Ybf=D*Kn^6vTJj+5}T!2$`+SR|XGJH<8o>dE-fjLwj zig?L${4v^_BV~nl&)i-Nb_(Ke^=H)f0F;&_4G4-8O)n5fV<$gZ z*d1acJesGvS{>V1bAx8OlA}m(gYJb28E!W-&c1?8$7fG81)1agq^yCRQyBEwaWX3O z+$+gV$BQwy^M%bxBG&0z|9c|VAeECC2o9`hGAc8cP(DlaI#$01D=^!rC|{0O#Bl~a zd<4Mlj}Iwk!QT|PJ!`LXqc2ur6nNLG4%Jc(^|n`0!O`c*{g6Jrt{`lg$WeBWnzR%A z0Vdpr{7tdl`x>Sw9FuSSz_-E7Oo#!Q{vZzRKwk6qXfY$)F&+~o1L-4r_KVL{ow=<8 zu0A|~ZFDv5%CmhtErC(+qQj2Y-4z?&1LD}qm=FbF_O-Zw^{Ev(x9d|A8#!&Gl+vg`Jncu~NHDj4uHCRK|S-o+?nE1$AG%qezzhY)|;p?wIn@}Ii9 zQ{z0P9%D7a@W2Of1XP}I>;)O}#yU^M-4Wz%y#rb)L+k%6e1QA@->Jk2q&Di|=e<{E z^rq0#J=;;vCGrJnzj)WQnFdeA_1KVk^xu<$yJ3EQn4eMt73_^(J#dgZ!^$6EZeS=c zGp8*&Gn#P`bi-;5Wevq{868AbUH*XMPs?SuW2gd(s+#L=g$zYa2KdfD} z?!v+k1{SiAzW^jkT4S%?yN`a)fn0u)h!DJ1V$VrH{Vm1TQXC*7P_J@MLUj?*sB&p?ux{9jGKSmGpHz6-AY< zD@01~rrpeqXdE1&9yjh9j}IMGjr9mTx|C*?SV7WC1}W)NT${@6i*8Fg?cU#3}VXDWv4&vd>H4$IF7pg`x2bqToNUFivKlbzJRwFeDEtW*4s zRpSS?)Q>$BOF#{|(H|BE^Fd8Sko*)S?F-HnxvqW%!tj;CUVm51&+Pv~1c@Ea>Zy35 zrX|Ja0iOD+ZVO|Y&dbfC(@J%z)unN=7>1cd!`!1hy!nZ@Z&NDwn}X=F3Hgc4PFIml z0bFD4X3>lzFf{X=DNW*c&mGl);;wjUxH z&3=O4IN}@te+Q`1tX+@6#bgTxip)m(fL^5;Kd-URostvvjp))n3!A}}3D z5l18gP3Xaw#5~b5>c&Kz#^*KcQ)Qme_)si(lpPK+^JTNotmWHRunRW@iptjB>>WU z(EPJ$Ic1?e5KqPba#Q(fti@jeXBPs_-|~AF*qrh9FXmG`ktN@6`qv%45~92-@(8W} zp^;*l<7eyDvTtOCT>gvggwaJ0r9bywo%hBFE=`7AOt)6Rg$i_APc6Ij&FPe$sbnH= zTdfRBt)$29xPB&-fMPE?$bAiJQ(Bt9!Y5Uoc=P(F#Fa{D1h!FnNCYyxVQAs-%d!X!_L)i3Rnql7&OF z7kL&tLq>%{OE;6eHoCO#EtxNm|buqsF`edjb z3gtuM#ma`5QQqw((s?Rs(PQ(fdnHPGC0-Du6#|igE$Q{Y^Lr7O_y+?B_zp_65+(Z6 z5$tLGU;@S8@VBG>|1-rl#Sn}gms9%kOx+I@yk~1#;}|NQT&-YWc**E|s`JA_>^DdM z(SPKrAG*F0<90Y8mM*HM@?HGn= zVIs4Kn(0$*;;Wi4=M*Uj%j&4pGjHF6UQajrVGl>K>u#c<8X_ITaEvFD@X68l{R^688 zrsu=trD|hrf~Yj(dpy=w#^yXxUx$Ohbx!FfGL$e5$}MELeTO&bd26d54Np0WI=xnY zrdW&J%V*woNXuoW4GK#iO;0zxQI*Hi1?7bk|1^D0 zyI1Tr-D$l_CSO_`w`;0!RkAhbp030EqEzwBdfB_-raOn->`xqPw~b>`r($xkn$}x; zA%hwC+_!RUakBL&TG;lalUB@kgN@LYm)SyY4$e8ND525ph|(H%scqv$g$}3{)7~pT z;htDn_rb28XQ4~f)xLk|=xBufuzANAwd~8V8^)r`15m z!-dObu}x?Gm`rw>6(>8#=6NTJ^(7o;sH*;3uFV62G}~EEnjQEf*xC3o_@m1Zx-H@eEbQlueLf%+V}JV z`&PgBo|YD=Bz+V9RH)tR@YB-1jp_dvzRo~}ZsJ(oQFqAG5BbSEaExC$!@Q%N7sdb{ z1OHWX6F-7K4MGT{f0E{c5hMN?9Sl89{Ifw828sBmaV$NS^eOijN;K)y5aa*D;@BT< b{#maPA?fi!GyzgWJEX6nC6ce+_4wZa4>D#X diff --git a/docs/zh/docs/Kubernetes/figures/flannelConfig.png b/docs/zh/docs/Kubernetes/figures/flannelConfig.png deleted file mode 100644 index dc9e7c665edd02fad16d3e6f4970e3125efcbef8..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 3352 zcmZ`*eK?crAD<$Xa2y969@Wv0)QMD@;n;FSWsMT+EX+>Q6HS=6k(WeyS*&v^8^$V0 zr^J}NJ)w@gl-WkuA&=xe8_V0|b-%fO*LD8;J=cAGulu_1&-e5Fe82Z|KhHPyw99ez zt@>LL2!#5{6UW>Thz(rDJY@4mg`K|ju^xd?YCnC--4Or)xf7FV3;<>j08r#OIbh73 z1pY$-0B6M>;0)s+2nRzri0LGk;~+Vj0^{Tqv>d|8VWhJ=PYROkeMPDB*(!_Gk}SNU^LTN5tPWm@;DAWA=3$VHe)&) zI~TV}iX{?BTe_q;0Lzowlu7|(X9pe!GE-P7Hpa<WJ2UXBs>KPnZyX)OF1wJi)GMFh;(s3~o8)@4%+INcTIF=e=lz38H5QK?+;7vN} zG>;Kex4eLGkzQJ|m09;ImQ&ZJN7OFeIj_1KWk9%7MqHBhpsroq-26YJ8ZAV|V%M!) zaxwH^bCWMovNnuy&we@YB1rGsrwtmw#|$&Acl3Og^gcbS!q2b+bK4^JgW*xz`<5sC z?bG%0pY)5+7k??0IW*lZLZfmrxi1nmBeSuAZG;7n;D)TgJStNj7zQ7!4FBqxJGykR z$t5Ct5C2v$zRQ>Ii}R^03X2^?jC&I7P4K|Ql|w5 zcMp=my4Z^m2U~hnLg0}UPi_|>z*cSc7xlOlYoDAgo{YzhDrLuedJ}vl?a6cDW%;6l zvA8DIPQhVl=b2Ah5&GWfhQh4R^s?vu&nb2q69TWsh|$EeuJbME`>H7MymZO8v5}Un zui2#+n_c;53+nO(gK1kKa%da>Jj>3eV5&NfkDSUEr(vHF^Ow_`hxY4FcINlrTVVJs zEFCtnEZSL?zb&cv$otsIQ^8YJSMrX`*W`(IvGnos2(MSv@4)+ZS|=EH8wLl)il&-V z4x_G&Z94prHDCO*dHZs=mF=Fqw2I5+vwrXFp@0nbO7$zN^OGaB-2)ey@E20luFBDo zXIViL;k8LD<9JCGb((`})$^O3)izYcfDMD&_)ok*bv|obe6(|gLU3T1;Fc_ZY_Hg+ zRadv`l3PVMUZ*!?dhqv<%yTyWj}NtnZ1w@$P>I|#i$$*zku@}4o9Ol{T+*2mO}*ZI znVKQB%;L5I!dG4AlEIh%IJjDKcY z2a4EJ&+^*q#dJeGLrv=)Lk+?}^D^a-uPAY&;PzpZL2c0MC$>f{E8(lw)j^!%ybq2E z8Pnm!DgOJ7Z28}b-B;-r4;IwjqXwb~C87mL&?EAQkHB1od`D~XlLmLZN7#IIN$kd% zlJ@)C#K@6zv6()b&iWxNK|edVex^B%rl)yihoJw)<30|Gnxl3o?tLAo$5L+vKTLjJ zNS+fOXqk;;#{V=l4$eJiPebXsi{&94Ng_8|vpM!{>agT4nB_Y~NH^FoKkpY?pM^3H zs5E*Wd(bs>peVJa`ib3K$juQSe-=)kadXt|p-i0Ss`R=_iKSwa!5wwc;hS8Vt!Hsl z8yB^2A3qV(l|j^4J>S)t)!L4taZ{JkJ6`@(i9f+gUex}c9>y{p+_R`PM?4+uX6?Da zO|9^${-&)+r>lRi?AuUW zBj*YW$J1q$@lA9mUEiE&ARw3szO3H1MNoJj``mxhZS{V=EJM=*8XyC0=+LU~_!$9= zi6C}!=MAp$-vi{{<_~A}w7Z}s%Q#0B#Zh)GsD80t&ZI_}HT93PY8Q^L)IGzqywM_v z@>?HMUeWatYW#=mS!-MWedl6yNu=*CIT~}vYDzs1G-oePRL*@Nzftsa?<6`Q^fBpjowb%)F^%Vbp+OP4tuWUW<<&6SxZcRy4q`T_qJgwUq~a z)>Kfxd=^V)ezebjVUV~cGxv-e*6Eh3*K=xZ$Jv8fBeH2v$<1@y_<2L8uC@KVXZJJ1 zG0CK>MovVeYKg(Tmwtc$eD7U54g)jg9mTV#&)$YX|w?mZ1D=z;eH; zG!Y0ND5@$9N|~RG3_7XtY=K@BEzWNxL?yhh9XVg&Sv?nIlr1QpN)J6#^svS*oD_-= zYr!};geG436xZY(sRP25H=x(Up_!=andKL@^*ZAGSI0jzylNxtTe!N^c{NCUf$1G& zPYj11%FeJxXql6J-R$i*Jy)c4g0-~-9@rDVrb0ROjVNlu zOJ5O>$Jcg!^z>NXB>2>^yy;O#|M5+VKhlHVE&L8{R=N0-)puTDdvTNL%11k`kZKhr zZ{zn&SM*ukVfmf=RJAgV>8yK$!6;jsu(*y!4GeN+TZj(zg!7L5f*y)&V*7H@VP zVP$~-6n%>9!>2n$e-lhCoGR8?MhZVbV+^E|@ z?@aH9=;ZZAg>CYk4VS{7+Q~k(*v=lH6Cn zCZ%U7T{%ok36b*d+ymNX_iaK)<%v}#MOiE|-YGT`R@cqeGKHR_#@1@y#~uW*ZkijN z_TV2HH`*{HP*h}t$3_Lg^~HsX4kZPu5w(tDdTp;sK_EKy3azZteK^u%Y?H{m6BRjG zFofzl~B4tsu**J|S*!Z-zvC zANJkx&qeSK*1YNlo0O69U7MN;nqM^e(JQxkzj;Q{wMi*hUvnHXxz=u?6^eSWODabHpKL`B7`$9H89xeaCL2kou7akq~DtLh(wxZ6)`FQ?O*UWj@e z5(KBG^#kt<))^jaJhC&lySkfwq}emAm^8AWpinF-XhpRsaqPy>SAOGL@z!iyrAXcI zE%mX;{%zz|t%U0u>t9F}s#!@?_C^qQRP~@|{U6t-cKzFQ{+~$}!u##*wL(K_%49$h a?OXg-<-yq3#Af6={G_AHvEpAzH~tH0e9GYf diff --git a/docs/zh/docs/Kubernetes/figures/name.png b/docs/zh/docs/Kubernetes/figures/name.png deleted file mode 100644 index dd6ddfdc3476780e8c896bfd5095025507f62fa8..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 3416 zcmWlc3p~^7AIC-K&<$N2$z!f1DRiPTX0*;qE6NcSvq=sum&k3*q;g4(I;pALy8Tn~ zGezr|tlY(z>%w6ohK*s^W@G=I=k;8^&-Zy=@9+2dyk5`i^*pyvyB*uKe#d$h6_rh{ z$B%lbsI1{CZLEfxvhV81-K3(Tia34J^A7-kfJG4q1OT8tTZMoC?E+vLn4tl%0f3-f z_M-u07C=*!GtaUt0758efN7<%1dwMd4UPl?0YqU52#^30D18JL1?@=DykQdRsB8>1L9Q3NIHpl@0d;6Tqw= zm@3dY0GvP*C=>$N<(Fj+Kn5^E`Jn><>?$z)0E`u<7z#X|K!H$xz=lL~1h8FxGz=+3 zaY{i2MlXSJ3os!Npf+G)2>?VP*!ZE*1PDb6p-@-=jXn-wgHDk-=s`G%wu?lAQ-x?{ zp+LYdi^XD5D9|7t4-wEKz>Exxn84%{FoBd>05eRP5blR&u>>}LG*lUzMInp;(<8vZ z7r+hy0|G(G5Ksu{L6_ZtKw;qV0N5T-o?58`8lb4`*TDD$fK>w%A~4JX#s$E57ZQyr zV=M3&hAn`T*e6`Pz<(Z^!V7~Up;2W*0;H5jsTmqY%7P#kq--n-1PPR(2mt*Pn0^5! zr+@*4#X?a-B3&?%wwN3*JlJhJi1*6b4F)l`0PK$34I(jk1;$oMf+&=(^cTe{D(ib) zkGgoq^-p7OC;eNe11nuB9}Ud=er42dsln~|M*H-w<}o*Jmkn&8nznUlZ!vmkfIAzsckxw&`j0r+^ z7`(lM6Uxqy#HQd`{o$TnvZbpYPEN(DE_8M74icu_9bDWig6YkQapw(}ZpwC& zN5^7)vKAU&U8%v?ufn!C_Ve#^I~X{+oc3;5EIP=fAq3Rz=>tgJZfOi=(%YVyn`g1A z-hyvj{WLC}`k952B+B*9bH_M?TKm~M$Z9L%e$}NDKdAnF(@a%!#)dUy%!@QDZqgcd^Kj_} z#!kP@%~KM#F?W)aUs6*NxwYR)V?4W1f?~&wUTcR6M=nhl)GsqGAu3=~0rHLVq2-6x zTQ?O)knhlT%t?&xVOzJX&*2$qYZO0k^mF6XPJBv^VLrq?X41za0{iD%dct^*pmRqA z+a=S!oN5zkNun=hZXi1*VA$KgOLX~_diMx@U3|yUq`33NWYp5he`b;n3>!l+K6Rxy z-UHE@r+zITZ*WJNQt{GM$x>k=DQmnWo(6h`JcwVG?6e{(^evf@Fw-khP9^+j4;qNt zXWeHVdOoX<61vq4u*c!%WO*LH`fzT)gO!`xiTvy9R-gWK(LL6mTQF%owloqT3-WmL zRI)tsUCpQZe{Rp-y{4+k)-dQkp}e_idd5=r=WB=Szsih17H4jt>kfo2PM5|R+pR=L z<0C38BVrEQt(euu_#;O=Ph~gi^I~V;A_SQ}ciYn79gXeZ+U|&Q-okjXQvoHiH~fne z%*}Gma8^QMXQ@u3nM0yZkJde0X)KDCZCGPCBsCaMWZ*n`%w?B9-L2CE$NFUb4Sk_> z(R(EGGri_6R(v4X+fcWkn3%JHep>7RhwQ|6%^(4 z%Cu>Yj_2R%L^3U;ww0()Nev>a%C}QFPn1$#TY2{49yT(p!!X0HzL@cDIo|#f@@)ct z>V3Ju2|49pMMEV9t58R;cxPEySN*_g$tM4uzf837w^;V4;^wquP1j3=x0ibodq(d* zBcFSK!|ovW)s@@5ycL6!qQ?H>CT7YINM-}9+AuI}*e;mk=*;+{ww#<@!ITW7Y+dU5 zFq#|uAiSR{Ne|NK+s2b<7<6y)7kXG2$6E z>`++0IR0#|zBgl)+ouCVwtNbyFnKHMeakIMeAB2`D-ZtLoMFlczxjY1aq0%t-F#Lx z`ChPXHt*0wugP_%(S7>COwp0I``pWIH*Ff1{GQwB)n|4!e$Wq?Y zW~`{gan9%34G(_uz)-H7Siw-AS1FM_Pb8*{JB=GL_Xtn7r(HJ?Y4pgCUtahWEQ_;g zKRH*t9O2{i=jz!%SQ{pYYfG4}A8$cx;rbI{MWxf4oM{N38ko=inEz&`W>|ZCP3lh_ zs|;LD`+|k;o~+aDH#6YxBM&pbC$%tF1O3|h%~Ci{aaO(~?^MVnhf`%UICFv*8=Cy# zU=av8=l5)hNgeh6P6-PZ-RUa0xH#+_s_7v~~f{7UKg$j2&#I04mc@^Vu zc7b=1CEwA-!t}`Pn7aiXkVvCKv-z>t*-*s(t1FhvBk8vb9`|xp*07IU>FI;=&puhcQ@1bFQyn3Fms{b#>sCd{M=C~@;1)FtmFByx?qUCGX(qV*9g?RM>6@_)@bwr0rqn49u$E>>NG)l&F^JQ zb{T5U{~LcwPU`y9u?VZJa;mqUh&z*m5V5FMn+;vnUPq5N$;EBfplK{~=C$blHjrHo z!%9Lm%dV!nVJ^HMRKOfk3#5@i6QBmS+ z^bH;@F^cFs8nm%pJ*CQpR9)1$sRQCVOia0QunL}e=E?*vgY^{2_{WOeCrJ3mNE0BA zgcpUxE9%ASQzRV{4xdIIGOLPZ{}A6!3R&eb69E^Lxi{e+~vLJ54 zx4U6Q(t5Ebd`J?WM6Ejbt+djuGVX~^CO|mPd6DEJGPP;(ug?v*4%>h4w@Sf1(p4fx z2ENw5&VL?f2_v&)YNnFF*&!DnYhO51(0SQude8XvOHpg+;~Z|2>6B38fXWc-tO zfx7I{Xv^#R;@eVO~1;ObPJJ+Cuoq~t86Ps(K!tIqY-$OpECmt442 ze`Z_w&VrajL-BL_GU!{z85Tn)9Nlsg`ZMWdv6cPQrLPov+k>ZWJL0MqpBv}Qh>yoq zMd!4kJx2FMj5ZQ?T;B@9E85w!m`_{EuJ90IjpQ%;)~)^TiK(se-*8-GRm&N^Kc2KE S)KU3kQgQvm?I?5vf8+mvOA0*z diff --git a/docs/zh/docs/Kubernetes/figures/podSubnet.png b/docs/zh/docs/Kubernetes/figures/podSubnet.png deleted file mode 100644 index b368f77dd7dfd7722dcf7751b3e37ec28755e42d..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 3346 zcmWkxdpOhm8(t(DO>e2*S09sO%b|uLa+HGWy&E$)}pk9SP>%M zHc9ELROGxG$`3V_5@{$o6tUmlf1c~Pp69vm=eh3tkI(hV^zq)k2Ca!kp-^i)++BT9 zs1-PQ9-^Wsk2*xv2^2~Z<>Tq^1_1CEa>!i*02p|A-Zce61rtEuP~LFlFy#?IBmit3 z0bSnZGRR$1QmNFXON{4E0f-F%)4xkVWXDd@jpl1K^zKmdS_c*)3JVgPW!kwNA% z0FDR{is-Num?9#n)G$;aVneW0%A-I1?h3Oq%u6y3^jw5ufFm#+WVWF| zLd4-i1-4xAFwm3HsE8NBBU6C^Q{upM357&3+a(krL>vOi3>|^Qio~XaQlN7XU@w3z z1fVqr^j!g#2T6Di5(!lfmmpRoghrK-i2$NQbT%CV61h-9F%4&IE4-pa@Btu~62-&jaTc$_^GE9eTLm?TJEFlwkJ4kpg$3-Z&Rpi2g$SejE z;MlMTgk6xz+1W4&&&vc`VuAJu(02q{cY$s*&~*pcdZ5b$B#9N1Nv67R84@y?MaVHT75;BoTrt$Cqf&deTlMo3!BAH}{xNyY~8n*2n?`HKes+S#cF=BMmhAdO5#!~rpm|OueVv&ZDaSBu(;s{C!-xt! z&(p(*8mbkv)}e%{NAp7o|MZ@So12?t-aj!OIW!-W;1@?b^RB@9pJi)RluWgEFz}A& z)tWd)eaLit_Jg)N@%oBJ)~ynFPyBgFdoq10at#S-es`KU@>#lR#(zFZqwafrUCNde z>|v#S?f$O@{ZX|`G4{u1AJ=xKgjp-R_E%d(=yvBSPM^sve|$i>Us&;@Z^hOWbo9vo zoRv^#(ZBb3@Dlu065WagkI}CY`WCqN;%-Y*{q3XU6IMe90*1qV4jY}^^)p1PJui8B zqZ4Ux{$vC83~{OWkl&>wbIDZytH^&@f z$2*?ivn%R@eD~|k{fYrkci?wgKiz=wGJib&h3_uTxUXb?aA|oR#WHlZOLEAwdPeAC4q~nSwS!EU9Z27(}Up@VFkzEN|P${$DS6vJIgnD zmC+$th?Q(K2pqX*-+goXeOq#d>cr-JJ>|!#jmM)}w0`Cd?U>!vnSkkQRpJnKTdg|V zxTBN5-_j3NajL)As-h!ieky5sNzq$H>i4GD`b6T_F!wUY$)9RE9(P`qE{D~FkbwsY zp+Zg857*Cf&t_DIU!UKazxUv;v&r4_aizs+o{FAE3d*xiHmCU09~XTnYZ*_%XG%9C z2c4uO&&eHEkSJ|&YXsf`W8{9{MCW^!9sR?|=_bSc+TeD=75@9XeC22FzOP4zw9K|v z|G5@1=UiG)jbIfxOqP9aI~2q_Rl|5@jqHT#kNeaX=XtJg9a9Xkj;?W6u+d;%T(PtQ zj@*lB=|6z8V1>W^T&|eMQGanmy3WO++uKOM;6~&(^F6W0cNiUivz%>VHN(m}us%WK zU))iO2;SYzkDkVFWB4G=f>4HhPD_d;iLP?ifYG&+H2CQ=i^r` z2ZWJ=oENSsEe2#S4?m^2#%Y|5vp@3pM-eiFk7n#5ZM`?=UEm}%Rn4R9 z*P2%v%!^jYlIen$@_kv7>-fM}o1sC}uh{cymDd+p$A)tZeKsK2)wRVxj&taTx4mw` zWbie0E^xZAif=}*$5{=r8xXIrygie6P8vrCEk{Zvlm*6^S7SwW{C>b+Dx{b2oo%8 zYF!q4J4J<3MmBuBzUHfnuGb^)GwP2P)U`COru6aq6Il(S#+>EVVf`WJ#L|IRxBA$% zFH6oUW2w^5W~4dX?VAaQQq0>-sMs|6i^(d=qpa><(`#bvD{p+S3AaPvcFLZ7IDr}W zKk+s)I6JK9F1I-KSykw{PUDpt*#|#qoR59zb|ol2yYlec&1W#mKU$n$#tSc}jL*D( zL0FZ%{(y#4K*NA9`e!0D+u01mZhBMA&}z0=pS^$g-IoL8p5sPFRo|2y)^86x>5P3& zwYQpmp0@z+ktj7NWa#Y zOL3`NL}oXR_zRz1UbcKvcV<-7LF;mdyno$MO57s*S_=HB-A zga=CW8+#GTv#1<5qldqbXN}*}7+#qd@bjwYT#XM#QtV@s_WQ!<|0u%Jgu$CqM0aK7 zSijlYj<|-0(dvOV;a{C{RFrs&nGp>o-H(S69WgEMT+z!J?(?Y7CEo34lyWgQ?b}zX z*TX^uXRTB6S7KzT$6-Rjcr9)fv?}0!YiD)$CI!PJvyQ>QVJDzbbuPl90%cJm;#b_( zZ5&LtZnpHZ!BL|=9@&H*pCtBXj3KV(vvGqr;MpRl0rHLVzZO?VJbc|pw5)CJgwOez zMlI$;;Tuldx@~cOzB0rB0p1K3g=(%&&EqoI=*@OVBJ232VVI1lgOF@O@@kN2fIWb-j=M3brkoSZ#YL z;O7?&Oh>Tk3oA3|`f01exNYX}DYxD_m%!+h^C8A2lrTR|U*}T%)!or*q@(U_+uTZO z(2m!h5$ox^=*&+VO_do7a%*o^{7cYG8;f^vO-<~s9h)j}FLF(>spc*U&3mVeG*!F* zx#4Q2H91xt6qGyL!c4t;y+88SGN#&dppjuVfB4x;iWim=Q?t25{awbMxknk>qq+RS zEqu>?v)}2w)u+X_A<0?D;WdLf<>%3tw>Ry?UdC0a5ju6#x#@U3nv{F6i=Ncv^rZ$p zkjo4I;|uo?=D!;M+obBi+TFh$RaONl1vU=rq?)(mb6+Q7Bg`5YzB7Kx{IHs=+djTQ z&A+GDemNpXR5%>MTAse-V!qO(3eU+6|AWktLuweqf0yf@N(`(fK^v$jV%5zO7^%O;gC^h}Mc)yji$K>)h zzcSCO<`Es2w~@og${DoUF#$gv|VY%C^b zCQFtrnKN(Bo_%|sJbO}7RAORe!otL&qo<>yq_Sq+8Xqqo5h0P3w3Lvb5E(g{p01vl zxR@)KuDH0l^z`+-dH3eaw=XqSH7aTIx{kzVBN;X&hha0dQSgWuiw0NWUvMRmkD|> diff --git "a/docs/zh/docs/Kubernetes/\345\207\206\345\244\207\350\231\232\346\213\237\346\234\272.md" "b/docs/zh/docs/Kubernetes/\345\207\206\345\244\207\350\231\232\346\213\237\346\234\272.md" deleted file mode 100644 index fd04c7701..000000000 --- "a/docs/zh/docs/Kubernetes/\345\207\206\345\244\207\350\231\232\346\213\237\346\234\272.md" +++ /dev/null @@ -1,157 +0,0 @@ -# 准备虚拟机 - - -本章介绍使用 virt manager 安装虚拟机的方法,如果您已经准备好虚拟机,可以跳过本章节。 - -## 安装依赖工具 - -安装虚拟机,会依赖相关工具,安装依赖并使能 libvirtd 服务的参考命令如下(如果需要代理,请先配置代理): - -```bash -$ dnf install virt-install virt-manager libvirt-daemon-qemu edk2-aarch64.noarch virt-viewer -$ systemctl start libvirtd -$ systemctl enable libvirtd -``` - -## 准备虚拟机磁盘文件 - -```bash -$ dnf install -y qemu-img -$ virsh pool-define-as vmPool --type dir --target /mnt/vm/images/ -$ virsh pool-build vmPool -$ virsh pool-start vmPool -$ virsh pool-autostart vmPool -$ virsh vol-create-as --pool vmPool --name master0.img --capacity 200G --allocation 1G --format qcow2 -$ virsh vol-create-as --pool vmPool --name master1.img --capacity 200G --allocation 1G --format qcow2 -$ virsh vol-create-as --pool vmPool --name master2.img --capacity 200G --allocation 1G --format qcow2 -$ virsh vol-create-as --pool vmPool --name node1.img --capacity 300G --allocation 1G --format qcow2 -$ virsh vol-create-as --pool vmPool --name node2.img --capacity 300G --allocation 1G --format qcow2 -$ virsh vol-create-as --pool vmPool --name node3.img --capacity 300G --allocation 1G --format qcow2 -``` - -## 打开 VNC 防火墙端口 - -**方法一** - -1. 查询端口 - - ```shell - $ netstat -lntup | grep qemu-kvm - ``` - -2. 打开 VNC 的防火墙端口。假设端口从 5900 开始,参考命令如下: - - ```shell - $ firewall-cmd --zone=public --add-port=5900/tcp - $ firewall-cmd --zone=public --add-port=5901/tcp - $ firewall-cmd --zone=public --add-port=5902/tcp - $ firewall-cmd --zone=public --add-port=5903/tcp - $ firewall-cmd --zone=public --add-port=5904/tcp - $ firewall-cmd --zone=public --add-port=5905/tcp - ``` - - - -**方法二** - -直接关闭防火墙 - -```shell -$ systemctl stop firewalld -``` - - - -## 准备虚拟机配置文件 - -创建虚拟机需要虚拟机配置文件。假设配置文件为 master.xml ,以虚拟机 hostname 为 k8smaster0 的节点为例,参考配置如下: - -```bash - cat master.xml - - - k8smaster0 - 8 - 8 - - hvm - /usr/share/edk2/aarch64/QEMU_EFI-pflash.raw - /var/lib/libvirt/qemu/nvram/k8smaster0.fd - - - - - - - - - 1 - - destroy - restart - restart - - /usr/libexec/qemu-kvm - - - - - - - - - - - - - - - - - - - - - - - - - - - - -``` - -由于虚拟机相关配置必须唯一,新增虚拟机需要适配修改如下内容,保证虚拟机的唯一性: - -- name:虚拟机 hostname,建议尽量小写。例中为 `k8smaster0` -- nvram:nvram的句柄文件路径,需要全局唯一。例中为 `/var/lib/libvirt/qemu/nvram/k8smaster0.fd` -- disk 的 source file:虚拟机磁盘文件路径。例中为 `/mnt/vm/images/master0.img` -- interface 的 mac address:interface 的 mac 地址。例中为 `52:54:00:00:00:80` - - - -## 安装虚拟机 - -1. 创建并启动虚拟机 - - ```shell - $ virsh define master.xml - $ virsh start k8smaster0 - ``` - -2. 获取虚拟机的 VNC 端口号 - - ```shell - $ virsh vncdisplay k8smaster0 - ``` - -3. 使用虚拟机连接工具,例如 VNC Viewer 远程连接虚拟机,并根据提示依次选择配置,完成系统安装 - -4. 设置虚拟机 hostname,例如设置为 k8smaster0 - - ```shell - $ hostnamectl set-hostname k8smaster0 - ``` diff --git "a/docs/zh/docs/Kubernetes/\345\207\206\345\244\207\350\257\201\344\271\246.md" "b/docs/zh/docs/Kubernetes/\345\207\206\345\244\207\350\257\201\344\271\246.md" deleted file mode 100644 index a355988d3..000000000 --- "a/docs/zh/docs/Kubernetes/\345\207\206\345\244\207\350\257\201\344\271\246.md" +++ /dev/null @@ -1,388 +0,0 @@ - -# 准备证书 - - -**声明:本文使用的证书为自签名,不能用于商用环境** - -部署集群前,需要生成集群各组件之间通信所需的证书。本文使用开源 CFSSL 作为验证部署工具,以便用户了解证书的配置和集群组件之间证书的关联关系。用户可以根据实际情况选择合适的工具,例如 OpenSSL 。 - -## 编译安装 CFSSL - -编译安装 CFSSL 的参考命令如下(需要互联网下载权限,需要配置代理的请先完成配置,需要配置 go语言环境): - -```bash -$ wget --no-check-certificate https://github.com/cloudflare/cfssl/archive/v1.5.0.tar.gz -$ tar -zxf v1.5.0.tar.gz -$ cd cfssl-1.5.0/ -$ make -j6 -# cp bin/* /usr/local/bin/ -``` - -## 生成根证书 - -编写 CA 配置文件,例如 ca-config.json: - -```bash -$ cat ca-config.json | jq -{ - "signing": { - "default": { - "expiry": "8760h" - }, - "profiles": { - "kubernetes": { - "usages": [ - "signing", - "key encipherment", - "server auth", - "client auth" - ], - "expiry": "8760h" - } - } - } -} -``` - -编写 CA CSR 文件,例如 ca-csr.json: - -```bash -$ cat ca-csr.json | jq -{ - "CN": "Kubernetes", - "key": { - "algo": "rsa", - "size": 2048 - }, - "names": [ - { - "C": "CN", - "L": "HangZhou", - "O": "openEuler", - "OU": "WWW", - "ST": "BinJiang" - } - ] -} -``` - -生成 CA 证书和密钥: -```bash -$ cfssl gencert -initca ca-csr.json | cfssljson -bare ca -``` - -得到如下证书: - -```bash -ca.csr ca-key.pem ca.pem -``` - -## 生成 admin 帐户证书 - -admin 是 K8S 用于系统管理的一个帐户,编写 admin 帐户的 CSR 配置,例如 admin-csr.json: -```bash -cat admin-csr.json | jq -{ - "CN": "admin", - "key": { - "algo": "rsa", - "size": 2048 - }, - "names": [ - { - "C": "CN", - "L": "HangZhou", - "O": "system:masters", - "OU": "Containerum", - "ST": "BinJiang" - } - ] -} -``` - -生成证书: -```bash -$ cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes admin-csr.json | cfssljson -bare admin -``` - -结果如下: -```bash -admin.csr admin-key.pem admin.pem -``` - -## 生成 service-account 帐户证书 - -编写 service-account 帐户的 CSR 配置文件,例如 service-account-csr.json: -```bash -cat service-account-csr.json | jq -{ - "CN": "service-accounts", - "key": { - "algo": "rsa", - "size": 2048 - }, - "names": [ - { - "C": "CN", - "L": "HangZhou", - "O": "Kubernetes", - "OU": "openEuler k8s install", - "ST": "BinJiang" - } - ] -} -``` - -生成证书: -```bash -$ cfssl gencert -ca=../ca/ca.pem -ca-key=../ca/ca-key.pem -config=../ca/ca-config.json -profile=kubernetes service-account-csr.json | cfssljson -bare service-account -``` - -结果如下: -```bash -service-account.csr service-account-key.pem service-account.pem -``` - -## 生成 kube-controller-manager 组件证书 - -编写 kube-controller-manager 的 CSR 配置: -```bash -{ - "CN": "system:kube-controller-manager", - "key": { - "algo": "rsa", - "size": 2048 - }, - "names": [ - { - "C": "CN", - "L": "HangZhou", - "O": "system:kube-controller-manager", - "OU": "openEuler k8s kcm", - "ST": "BinJiang" - } - ] -} -``` - -生成证书: -```bash -$ cfssl gencert -ca=../ca/ca.pem -ca-key=../ca/ca-key.pem -config=../ca/ca-config.json -profile=kubernetes kube-controller-manager-csr.json | cfssljson -bare kube-controller-manager -``` - -结果如下: -```bash -kube-controller-manager.csr kube-controller-manager-key.pem kube-controller-manager.pem -``` - -## 生成 kube-proxy 证书 - -编写 kube-proxy 的 CSR 配置: -```bash -{ - "CN": "system:kube-proxy", - "key": { - "algo": "rsa", - "size": 2048 - }, - "names": [ - { - "C": "CN", - "L": "HangZhou", - "O": "system:node-proxier", - "OU": "openEuler k8s kube proxy", - "ST": "BinJiang" - } - ] -} -``` - -生成证书: -```bash -$ cfssl gencert -ca=../ca/ca.pem -ca-key=../ca/ca-key.pem -config=../ca/ca-config.json -profile=kubernetes kube-proxy-csr.json | cfssljson -bare kube-proxy -``` - -结果如下: -```bash -kube-proxy.csr kube-proxy-key.pem kube-proxy.pem -``` - -## 生成 kube-scheduler 证书 - -编写 kube-scheduler 的 CSR 配置: -```bash -{ - "CN": "system:kube-scheduler", - "key": { - "algo": "rsa", - "size": 2048 - }, - "names": [ - { - "C": "CN", - "L": "HangZhou", - "O": "system:kube-scheduler", - "OU": "openEuler k8s kube scheduler", - "ST": "BinJiang" - } - ] -} -``` - -生成证书: -```bash -$ cfssl gencert -ca=../ca/ca.pem -ca-key=../ca/ca-key.pem -config=../ca/ca-config.json -profile=kubernetes kube-scheduler-csr.json | cfssljson -bare kube-scheduler -``` - -结果如下: -```bash -kube-scheduler.csr kube-scheduler-key.pem kube-scheduler.pem -``` - -## 生成 kubelet 证书 - -由于证书涉及到 kubelet 所在机器的 hostname 和 IP 地址信息,因此每个 node 节点配置不尽相同,所以编写脚本完成,生成脚本如下: -```bash -$ cat node_csr_gen.bash - -#!/bin/bash - -nodes=(k8snode1 k8snode2 k8snode3) -IPs=("192.168.122.157" "192.168.122.158" "192.168.122.159") - -for i in "${!nodes[@]}"; do - -cat > "${nodes[$i]}-csr.json" < 17h v1.20.2 -k8snode2 Ready 19m v1.20.2 -k8snode3 Ready 12m v1.20.2 -``` - -## 部署 coredns - -coredns可以部署到node节点或者master节点,本文这里部署到节点`k8snode1`。 - -### 编写 coredns 配置文件 - -```bash -$ cat /etc/kubernetes/pki/dns/Corefile -.:53 { - errors - health { - lameduck 5s - } - ready - kubernetes cluster.local in-addr.arpa ip6.arpa { - pods insecure - endpoint https://192.168.122.154:6443 - tls /etc/kubernetes/pki/ca.pem /etc/kubernetes/pki/admin-key.pem /etc/kubernetes/pki/admin.pem - kubeconfig /etc/kubernetes/pki/admin.kubeconfig default - fallthrough in-addr.arpa ip6.arpa - } - prometheus :9153 - forward . /etc/resolv.conf { - max_concurrent 1000 - } - cache 30 - loop - reload - loadbalance -} -``` - -说明: - -- 监听53端口; -- 设置kubernetes插件配置:证书、kube api的URL; - -### 准备 systemd 的 service 文件 - -```bash -cat /usr/lib/systemd/system/coredns.service -[Unit] -Description=Kubernetes Core DNS server -Documentation=https://github.com/coredns/coredns -After=network.target - -[Service] -ExecStart=bash -c "KUBE_DNS_SERVICE_HOST=10.32.0.10 coredns -conf /etc/kubernetes/pki/dns/Corefile" - -Restart=on-failure -LimitNOFILE=65536 - -[Install] -WantedBy=multi-user.target -``` - -### 启动服务 - -```bash -$ systemctl enable coredns -$ systemctl start coredns -``` - -### 创建 coredns 的 Service 对象 - -```bash -$ cat coredns_server.yaml -apiVersion: v1 -kind: Service -metadata: - name: kube-dns - namespace: kube-system - annotations: - prometheus.io/port: "9153" - prometheus.io/scrape: "true" - labels: - k8s-app: kube-dns - kubernetes.io/cluster-service: "true" - kubernetes.io/name: "CoreDNS" -spec: - clusterIP: 10.32.0.10 - ports: - - name: dns - port: 53 - protocol: UDP - - name: dns-tcp - port: 53 - protocol: TCP - - name: metrics - port: 9153 - protocol: TCP -``` - -### 创建 coredns 的 endpoint 对象 - -```bash -$ cat coredns_ep.yaml -apiVersion: v1 -kind: Endpoints -metadata: - name: kube-dns - namespace: kube-system -subsets: - - addresses: - - ip: 192.168.122.157 - ports: - - name: dns-tcp - port: 53 - protocol: TCP - - name: dns - port: 53 - protocol: UDP - - name: metrics - port: 9153 - protocol: TCP -``` - -### 确认 coredns 服务 - -```bash -# 查看service对象 -$ kubectl get service -n kube-system kube-dns -NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE -kube-dns ClusterIP 10.32.0.10 53/UDP,53/TCP,9153/TCP 51m -# 查看endpoint对象 -$ kubectl get endpoints -n kube-system kube-dns -NAME ENDPOINTS AGE -kube-dns 192.168.122.157:53,192.168.122.157:53,192.168.122.157:9153 52m -``` \ No newline at end of file diff --git "a/docs/zh/docs/Kubernetes/\351\203\250\347\275\262\346\216\247\345\210\266\351\235\242\347\273\204\344\273\266.md" "b/docs/zh/docs/Kubernetes/\351\203\250\347\275\262\346\216\247\345\210\266\351\235\242\347\273\204\344\273\266.md" deleted file mode 100644 index 91ae3a2b9..000000000 --- "a/docs/zh/docs/Kubernetes/\351\203\250\347\275\262\346\216\247\345\210\266\351\235\242\347\273\204\344\273\266.md" +++ /dev/null @@ -1,353 +0,0 @@ -# 部署控制面组件 - - -## 准备所有组件的 kubeconfig - -### kube-proxy - -```bash -$ kubectl config set-cluster openeuler-k8s --certificate-authority=/etc/kubernetes/pki/ca.pem --embed-certs=true --server=https://192.168.122.154:6443 --kubeconfig=kube-proxy.kubeconfig -$ kubectl config set-credentials system:kube-proxy --client-certificate=/etc/kubernetes/pki/kube-proxy.pem --client-key=/etc/kubernetes/pki/kube-proxy-key.pem --embed-certs=true --kubeconfig=kube-proxy.kubeconfig -$ kubectl config set-context default --cluster=openeuler-k8s --user=system:kube-proxy --kubeconfig=kube-proxy.kubeconfig -$ kubectl config use-context default --kubeconfig=kube-proxy.kubeconfig -``` - -### kube-controller-manager - -```bash -$ kubectl config set-cluster openeuler-k8s --certificate-authority=/etc/kubernetes/pki/ca.pem --embed-certs=true --server=https://127.0.0.1:6443 --kubeconfig=kube-controller-manager.kubeconfig -$ kubectl config set-credentials system:kube-controller-manager --client-certificate=/etc/kubernetes/pki/kube-controller-manager.pem --client-key=/etc/kubernetes/pki/kube-controller-manager-key.pem --embed-certs=true --kubeconfig=kube-controller-manager.kubeconfig -$ kubectl config set-context default --cluster=openeuler-k8s --user=system:kube-controller-manager --kubeconfig=kube-controller-manager.kubeconfig -$ kubectl config use-context default --kubeconfig=kube-controller-manager.kubeconfig -``` - -### kube-scheduler - -```bash -$ kubectl config set-cluster openeuler-k8s --certificate-authority=/etc/kubernetes/pki/ca.pem --embed-certs=true --server=https://127.0.0.1:6443 --kubeconfig=kube-scheduler.kubeconfig -$ kubectl config set-credentials system:kube-scheduler --client-certificate=/etc/kubernetes/pki/kube-scheduler.pem --client-key=/etc/kubernetes/pki/kube-scheduler-key.pem --embed-certs=true --kubeconfig=kube-scheduler.kubeconfig -$ kubectl config set-context default --cluster=openeuler-k8s --user=system:kube-scheduler --kubeconfig=kube-scheduler.kubeconfig -$ kubectl config use-context default --kubeconfig=kube-scheduler.kubeconfig -``` - -### admin - -```bash -$ kubectl config set-cluster openeuler-k8s --certificate-authority=/etc/kubernetes/pki/ca.pem --embed-certs=true --server=https://127.0.0.1:6443 --kubeconfig=admin.kubeconfig -$ kubectl config set-credentials admin --client-certificate=/etc/kubernetes/pki/admin.pem --client-key=/etc/kubernetes/pki/admin-key.pem --embed-certs=true --kubeconfig=admin.kubeconfig -$ kubectl config set-context default --cluster=openeuler-k8s --user=admin --kubeconfig=admin.kubeconfig -$ kubectl config use-context default --kubeconfig=admin.kubeconfig -``` - -### 获得相关 kubeconfig 配置文件 - -```bash -admin.kubeconfig kube-proxy.kubeconfig kube-controller-manager.kubeconfig kube-scheduler.kubeconfig -``` - -## 生成密钥提供者的配置 - -api-server 启动时需要提供一个密钥对`--encryption-provider-config=/etc/kubernetes/pki/encryption-config.yaml`,本文通过 urandom 生成一个: - -```bash -$ cat generate.bash -#!/bin/bash - -ENCRYPTION_KEY=$(head -c 32 /dev/urandom | base64) - -cat > encryption-config.yaml < 5G - -#### 2.1.2 构建NestOS环境要求 - -| **类别** | **要求** | -| :------: | :---------------: | -| CPU | 4vcpu | -| 内存 | 4GB | -| 硬盘 | 剩余可用空间>10GB | -| 架构 | x86_64或aarch64 | -| 其他 | 支持kvm | - -### 2.2 部署配置要求 - -| **类别** | **推荐配置** | **最低配置** | -| :------: | :-------------: | :----------: | -| CPU | >4vcpu | 1vcpu | -| 内存 | >4GB | 512M | -| 硬盘 | >20GB | 10GB | -| 架构 | x86_64、aarch64 | / | - -## 3. 快速使用 - -### 3.1 快速构建 - -1)获取nestos-assembler容器镜像 - -推荐使用基于openEuler的base镜像,更多说明请参考6.1 - -``` -docker pull hub.oepkgs.net/nestos/nestos-assembler:24.03-LTS.20240903.0-aarch64 -``` - -2)编写名为nosa的脚本并存放至/usr/local/bin,并赋予可执行权限 - -``` -#!/bin/bash - -sudo docker run --rm -it --security-opt label=disable --privileged --user=root \ - -v ${PWD}:/srv/ --device /dev/kvm --device /dev/fuse --network=host \ - --tmpfs /tmp -v /var/tmp:/var/tmp -v /root/.ssh/:/root/.ssh/ -v /etc/pki/ca-trust/:/etc/pki/ca-trust/ \ - ${COREOS_ASSEMBLER_CONFIG_GIT:+-v $COREOS_ASSEMBLER_CONFIG_GIT:/srv/src/config/:ro} \ - ${COREOS_ASSEMBLER_GIT:+-v $COREOS_ASSEMBLER_GIT/src/:/usr/lib/coreos-assembler/:ro} \ - ${COREOS_ASSEMBLER_CONTAINER_RUNTIME_ARGS} \ - ${COREOS_ASSEMBLER_CONTAINER:-nestos-assembler:your_tag} "$@" -``` - -注意修改COREOS_ASSEMBLER_CONTAINER 的值为本地环境中实际的nestos-assembler容器镜像。 - -3)获取nestos-config - -使用nosa init 初始化构建工作目录,拉取构建配置,创建工作目录nestos-build,在该目录下执行如下命令 - -``` -nosa init https://gitee.com/openeuler/nestos-config -``` - -4)调整构建配置 - -nestos-config提供默认构建配置,无需额外操作。如需调整,请参考第5章。 - -5)NestOS镜像构建 - -``` -# 拉取构建配置、更新缓存 -nosa fetch -# 生成根文件系统、qcow2及OCI镜像 -nosa build -# 生成live iso及PXE镜像 -nosa buildextend-metal -nosa buildextend-metal4k -nosa buildextend-live -``` - -详细构建及部署流程请参考第6章。 - -### 3.2 快速部署 - -以NestOS ISO镜像为例,启动进入live环境后,执行如下命令根据向导提示完成安装: - -``` -sudo installnestos -``` - -其他部署方式请参考第8章。 - -## 4. 系统默认配置 - -| **选项** | **默认配置** | -| :-------------: | :---------------------: | -| docker服务 | 默认disable,需主动开启 | -| ssh服务安全策略 | 默认仅支持密钥登录 | - -## 5. 构建配置nestos-config - -### 5.1 获取配置 - -nestos-config的仓库地址为https://gitee.com/openeuler/nestos-config - -### 5.2 配置目录结构说明 - -| **目录/****文件** | **说明** | -| :---------------: | :--------------------: | -| live/* | 构建liveiso的引导配置 | -| overlay.d/* | 自定义文件配置 | -| tests/* | 用户自定义测试用例配置 | -| *.repo | repo源配置 | -| .yaml,manifests/ | 主要构建配置 | - -### 5.3 主要文件解释 - -#### 5.3.1 repo文件 - -目录下的repo文件可用来配置用于构建nestos的软件仓库。 - -#### 5.3.2 yaml配置文件 - -目录下的yaml文件主要是提供nestos构建的各种配置,详见5.4章节。 - -### 5.4 主要字段解释 - -| **字段名称** | **作用** | -| :------------------------------------------ | ------------------------------------------------------------ | -| packages-aarch64、packages-x86_64、packages | 软件包集成范围 | -| exclude-packages | 软件包集成黑名单 | -| remove-from-packages | 从指定软件包删除文件(夹) | -| remove-files | 删除特定文件(夹) | -| extra-kargs | 额外内核引导参数 | -| initramfs-args | initramfs构建参数 | -| postprocess | 文件系统构建后置脚本 | -| default-target | 配置default-target,如 multi-user.target | -| rolij.name、releasever | 镜像相关信息(镜像名称、版本) | -| lockfile-repos | 构建可使用的仓库名列表,与5.3.1 介绍的repo文件中的仓库名需要对应 | - -### 5.5 用户可配置项说明 - -#### 5.5.1 repo源配置 - -1)在配置目录编辑repo文件,将内容修改为期望的软件仓库 - -``` -$ vim nestos-pool.repo -[repo_name_1] -Name=xxx -baseurl = https://ip.address/1 -enabled = 1 - -[repo_name_2] -Name=xxx -baseurl = https://ip.address/2 -enabled = 1 -``` - -2)修改yaml配置文件中的lockfile-repo字段内容为相应的仓库名称列表 - -注:仓库名称为repo文件中[]内的内容,不是name字段内容 - -``` -$ vim manifests/rpmlist.yaml -修改lockfile-repo字段内容为 -lockfile-repos: -- repo_name_1 -- repo_name_2 -``` - -#### 5.5.2 软件包裁剪 - -修改packages、packages-aarch64、packages-x86_64字段,可在其中添加或删除软件包。 - -如下所示,在package字段中添加了nano,构建安装后系统中会有nano 。 - -``` -$ vim manifests/rpmlist.yaml -packages: -- bootupd -... -- authselect -- nano -... -packages-aarch64: -- grub2-efi-aa64 -packages-x86_64: -- microcode_ctl -- grub2-efi-x64 -``` - -#### 5.5.3 自定义镜像名称与版本号 - -修改yaml文件中的releasever及rolij.name 字段,这些字段分别控制镜像的版本号及名称。 - -``` -$ vim manifest.yaml - -releasever: "1.0" -rojig: - license: MIT - name: nestos - summary: NestOS stable -``` - -如上配置,构建出的镜像格式为:nestos-1.0.$(date "+%Y%m%d").$build_num.$type,其中build_num为构建次数,type为类型后缀。 - -#### 5.5.4 自定义镜像中的release信息 - -正常release信息是由我们集成的release包(如openeuler-release)提供的,但是我们也可以通过添加postprocess脚本对/etc/os-release文件进行重写操作。 - -``` -$ vim manifests/ system-configuration.yaml -在postprocess添加如下内容,若已存在相关内容,则只需修改对应release信息即可 -postprocess: - - | - #!/usr/bin/env bash - set -xeuo pipefail - export OSTREE_VERSION="$(tail -1 /etc/os-release)" - date_now=$(date "+%Y%m%d") - echo -e 'NAME="openEuler NestOS"\nVERSION="24.03-LTS"\nID="openeuler"\nVERSION_ID="24.03-LTS"\nPRETTY_NAME="NestOS"\nANSI_COLOR="0;31"\nBUILDID="'${date_now}'"\nVARIANT="NestOS"\nVARIANT_ID="nestos"\n' > /usr/lib/os-release - echo -e $OSTREE_VERSION >> /usr/lib/os-release - cp -f /usr/lib/os-release /etc/os-release -``` - -#### 5.5.5 成自定义文件 - -在overlay.d目录下每个目录进行自定义文件的添加和修改,这种操作可以实现构建镜像内容的自定义。 - -``` -mkdir -p overlay.d/15nestos/etc/test/test.txt -echo "This is a test message !" > overlay.d/15nestos/etc/test/test.txt -``` - -使用如上配置进行镜像构建,启动构建出的镜像,查看系统中对应文件内容即为我们上述自定义添加的内容。 - -``` -[root@nosa-devsh ~]# cat /etc/test/test.txt -This is a test message ! -``` - -## 6.构建流程 - -NestOS采用容器化的方式将构建工具链集成为一个完整的容器镜像,称为NestOS-assembler。 - -NestOS提供构建NestOS-assembler容器镜像能力,方便用户使用。使用该容器镜像,用户可在任意linux发行版环境中构建多种形态NestOS镜像(例如在现有CICD环境中使用),也可对构建发布件进行管理、调试和自动化测试。 - -### 6.1 制作构建工具NestOS-assembler容器镜像 - -#### 6.1.1 前置步骤 - -1)准备容器base镜像 - -NestOS-assembler容器镜像需要基于支持yum/dnf软件包管理器的base镜像制作,理论上可由任意发行版base镜像制作,但为最大程度减少软件包兼容性问题,仍推荐使用基于openEuler的base镜像。 - -2)安装必要软件包 - -安装必备依赖docker - -``` -dnf install -y docker -``` - -3)克隆nestos-assembler源代码仓库 - -``` -git clone --depth=1 --single-branch https://gitee.com/openeuler/nestos-assembler.git -``` - -#### 6.1.2 构建NestOS-assembler容器镜像 - -使用openEuler容器镜像作为base镜像,使用以下指令构建: - -``` -cd nestos-assembler/ -docker build -f Dockerfile . -t nestos-assembler:your_tag -``` - -### 6.2 使用NestOS-assembler容器镜像 - -#### 6.2.1 前置步骤 - -1)准备nestos-assembler容器镜像 - -参考6.1章节构建nestos-assembler容器镜像后,可通过私有化部署容器镜像仓库对该容器镜像进行管理和分发。请确保构建NestOS前,拉取适当版本的nestos-assembler容器镜像至当前环境。 - -2)编写使用脚本nosa - -因NestOS构建过程需多次调用nestos-assembler容器镜像执行不同命令,同时需配置较多参数,为简化用户操作,可编写nosa命令脚本,可参见3.1快速构建部分。 - -#### 6.2.2 使用说明 - -构建工具命令一览 - -| **命令** | **功能说明** | -| :-------------------: | :-------------------------------------------------: | -| init | 初始化构建环境及构建配置,详见6.3 | -| fetch | 根据构建配置获取最新软件包至本地缓存 | -| build | 构建ostree commit,是构建NestOS的核心命令 | -| run | 直接启动一个qemu实例,默认使用最新构建版本 | -| prune | 清理历史构建版本,默认保留最新3个版本 | -| clean | 删除全部构建发布件,添加--all参数时同步清理本地缓存 | -| list | 列出当前构建环境中存在的版本及发布件 | -| build-fast | 基于前次构建记录快速构建新版本 | -| push-container | 推送容器镜像发布件至容器镜像仓库 | -| buildextend-live | 构建支持live环境的ISO发布件及PXE镜像 | -| buildextend-metal | 构建裸金属raw发布件 | -| buildextend-metal4k | 构建原生4K模式的裸金属raw发布件 | -| buildextend-openstack | 构建适用于openstack平台的qcow2发布件 | -| buildextend-qemu | 构建适用于qemu的qcow2发布件 | -| basearch | 获得当前架构信息 | -| compress | 压缩发布件 | -| kola | 自动化测试框架 | -| kola-run | 输出汇总结果的自动化测试封装 | -| runc | 以容器方式挂载当前构建根文件系统 | -| tag | 管理构建工程tag | -| virt-install | 通过virt-install为指定构建版本创建实例 | -| meta | 管理构建工程元数据 | -| shell | 进入nestos-assembler容器镜像 | - -### 6.3 准备构建环境 - -NestOS构建环境需要独立的空文件夹作为工作目录,且支持多次构建,保留、管理历史构建版本。创建构建环境前需首先准备构建配置(参考第5章)。 - -建议一份独立维护的构建配置对应一个独立的构建环境,即如果您希望构建多个不同用途的NestOS,建议同时维护多份构建配置及对应的构建环境目录,这样可以保持不同用途的构建配置独立演进和较为清晰的版本管理。 - -#### 6.3.1 初始化构建环境 - -进入待初始化工作目录,执行如下命令即可初始化构建环境: - -``` -nosa init https://gitee.com/openeuler/nestos-config -``` - -仅首次构建时需初始化构建环境,后续构建在不对构建配置做出重大更改的前提下,可重复使用该构建环境。 - -#### 6.3.2 构建环境说明 - -初始化完成后,工作目录创建出如下文件夹: - -**builds:**构建发布件及元数据存储目录,latest子目录软链接指向最新构建版本。 - -**cache:**缓存目录,根据构建配置中的软件源及软件包列表拉取至本地,历史构建NestOS的ostree repo均缓存于此目录。 - -**overrides:**构建过程希望附加到最终发布件rootfs中的文件或rpm包可置于此目录。 - -**src:**构建配置目录,存放nestos-config相关内容。 - -**tmp:**临时目录,构建过程、自动化测试等场景均会使用该目录作为临时目录,构建发生异常时可在此处查看虚拟机命令行输出、journal日志等信息。 - -### 6.4 构建步骤 - -NestOS构建主要步骤及参考命令如下: - -![figure2](./figures/figure2.png) - -#### 6.4.1 首次构建 - -首次构建时需初始化构建环境,详见6.3。 - -非首次构建可直接使用原构建环境,可通过nosa list查看当前构建环境已存在版本及对应发布件。 - -#### 6.4.2 更新构建配置及缓存 - -初始化构建环境后,执行如下命令更新构建配置及缓存: - -``` -nosa fetch -``` - -该步骤初步校验构建配置是否可用,并通过配置的软件源拉取软件包至本地缓存。当构建配置发生变更或单纯希望更新软件源中最新版本软件包,均需要重新执行该步骤,否则可能导致构建失败或不符合预期。 - -当构建配置发生较大变更,希望清空本地缓存重新拉取时,需执行如下命令: - -``` -nosa clean --all -``` - -#### 6.4.3 构建不可变根文件系统 - -NestOS不可变操作系统的核心是基于ostree技术的不可变根文件系统,执行如下步骤构建ostree文件系统: - -``` -nosa build -``` - -build命令默认会生成ostree文件系统和OCI归档文件,您也可以在执行命令时同步添加qemu、metal、metal4k中的一个或多个,同步构建发布件,等效于后续继续执行buildextend-qemu、buildextend-metal和buildextend-metal4k命令。 - -``` -nosa build qemu metal metal4k -``` - -如您希望在构建NestOS时,添加自定义文件或rpm包,请在执行build命令前将相应文件放入构建环境overrides目录下rootfs/或rpm/文件夹。 - -#### 6.4.4 构建各类发布件 - -build命令执行完毕后,可继续执行buildextend-XXX命令用于构建各类型发布件,具体介绍如下: - -- 构建qcow2镜像 - -``` -nosa buildextend-qemu -``` - -- 构建带live环境的ISO镜像或PXE启动组件 - -``` -nosa buildextend-metal -nosa buildextend-metal4k -nosa buildextend-live -``` - -- 构建适用于openstack环境的qcow2镜像 - -``` -nosa buildextend-openstack -``` - -- 构建适用于容器镜像方式更新的容器镜像 - -执行nosa build命令构建ostree文件系统时,会同时生成ociarchive格式镜像,该镜像可直接执行如下命令推送到本地或远程镜像仓库,无需执行其他构建步骤。 - -``` -nosa push-container [container-image-name] -``` - - 远程镜像仓库地址需附加到推送容器镜像名称中,且除隔离镜像tag外,不得出现":"。如未检测到":",该命令会自动生成{latest_build}-{arch}格式的tag。示例如下: - -``` -nosa push-container registry.example.com/nestos:1.0.20240903.0-x86_64 -``` - -该命令支持以下可选参数: - ---authfile :指定登录远程镜像仓库的鉴权文件 - ---insecure:如远程镜像仓库采用自签名证书等场景,添加该参数可不校验SSL/TLS协议 - ---transport:指定目标镜像推送协议,默认为docker,具体支持项及说明如下: - -​ containers-storage:推送至podman、crio等容器引擎本地存储目录 - -​ dir:推送至指定本地目录 - -​ docker:以docker API推送至私有或远端容器镜像仓库 - -​ docker-archive:等效于docker save导出归档文件,可供docker load使用 - -​ docker-daemon:推送至docker容器引擎本地存储目录 - -### 6.5 获取发布件 - -构建完毕后,发布件均生成于构建环境中如下路径: - -``` -builds/{version}/{arch}/ -``` - -如您仅关心最新构建版本或通过CI/CD调用,提供latest目录软链接至最新版本目录,即: - -``` -builds/latest/{arch}/ -``` - -为方便传输,您可以调用如下命令,压缩发布件体积: - -``` -nosa compress -``` - -压缩后原文件会被移除,会导致部分调试命令无法使用,可以调用解压命令恢复原文件: - -``` -nosa uncompress -``` - -### 6.6 构建环境维护 - -在构建NestOS环境前后,可能存在如下需求,可使用推荐的命令解决相应问题: - -#### 6.6.1 清理历史或无效构建版本,以释放磁盘空间 - -可以通过以下命令清理历史版本构建: - -``` -nosa prune -``` - -也可删除当前构建环境中的全部发布件: - -``` -nosa clean -``` - -如构建配置更换过软件源或历史缓存无保留价值,可彻底清理当前构建环境缓存: - -``` -nosa clean --all -``` - -#### 6.6.2 临时运行构建版本实例,用于调试或确认构建正确 - -``` -nosa run -``` - -可通过--qemu-image或--qemu-iso指定启动镜像地址,其余参数请参考nosa run --help说明。 - -实例启动后,构建环境目录会被挂载至/var/mnt/workdir,可通过构建环境目录 - -#### 6.6.3 运行自动化测试 - -``` -nosa kola run -``` - -该命令会执行预设的测试用例,也可在其后追加测试用例名称,单独执行单条用例。 - -``` -nosa kola testiso -``` - -该命令会执行iso或pxe live环境安装部署测试,可作为构建工程的冒烟测试。 - -#### 6.6.4 调试验证构建工具(NestOS-assembler) - -``` -nosa shell -``` - -该命令可启动进入构建工具链容器的shell环境,您可以通过此命令验证构建工具链工作环境是否正常。 - -## 7. 部署配置 - -### 7.1 前言 - -在开始部署NestOS之前,了解和准备必要的配置是至关重要的。NestOS通过点火文件(ignition文件)提供了一系列灵活的配置选项,可以通过Butane工具进行管理,方便用户进行自动化部署和环境设置。 - -在本章节中,将详细的介绍Butane工具的功能和使用方法,并根据不同场景提供配置示例。这些配置将帮助您快速启动和运行NestOS,在满足应用需求的同时,确保系统的安全性和可靠性。此外,还会介绍如何自定义镜像,将点火文件预集成至镜像中,以满足特定应用场景的需求,从而实现高效的配置和部署NestOS。 - -### 7.2 Butane简介 - -Butane是一个用于将人类可读的YAML配置文件转换为NestOS点火文件(Ignition 文件)的工具。Butane工具简化了复杂配置的编写过程,允许用户以更易读的格式编写配置文件,然后将其转换为适合NestOS使用的JSON格式。 - -NestOS对Butane进行了适配修改,新增nestos变体支持和配置规范版本v1.0.0,对应的点火(ignition)配置规范为v3.3.0,确保了配置的稳定性和兼容性。 - -### 7.3 Butane使用 - -安装butane软件包 - -``` -dnf install butane -``` - -编辑example.yaml并执行以下指令将其转换为点火文件example.ign,其中关于yaml文件的编写,将在后续展开: - -``` -butane example.yaml -o example.ign -p -``` - -### 7.4 支持的功能场景 - -以下配置示例(example.yaml)简述了NestOS主要支持的功能场景和进阶使用方法。 - -#### 7.4.1 设置用户和组并配置密码/密钥 - -``` -variant: nestos -version: 1.0.0 -passwd: - users: - - name: nest - ssh_authorized_keys: - - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDHn2eh... - - name: jlebon - groups: - - wheel - ssh_authorized_keys: - - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDC5QFS... - - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIveEaMRW... - - name: miabbott - groups: - - docker - - wheel - password_hash: $y$j9T$aUmgEDoFIDPhGxEe2FUjc/$C5A... - ssh_authorized_keys: - - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDTey7R... -``` - -#### 7.4.2 文件操作——以配置网卡为例 - -``` -variant: nestos -version: 1.0.0 -storage: - files: - - path: /etc/NetworkManager/system-connections/ens2.nmconnection - mode: 0600 - contents: - inline: | - [connection] - id=ens2 - type=ethernet - interface-name=ens2 - [ipv4] - address1=10.10.10.10/24,10.10.10.1 - dns=8.8.8.8; - dns-search= - may-fail=false - method=manual -``` - -#### 7.4.3 创建目录、文件、软连接并配置权限 - -``` -variant: nestos -version: 1.0.0 -storage: - directories: - - path: /opt/tools - overwrite: true - files: - - path: /var/helloworld - overwrite: true - contents: - inline: Hello, world! - mode: 0644 - user: - name: dnsmasq - group: - name: dnsmasq - - path: /opt/tools/transmogrifier - overwrite: true - contents: - source: https://mytools.example.com/path/to/archive.gz - compression: gzip - verification: - hash: sha512-00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 - mode: 0555 - links: - - path: /usr/local/bin/transmogrifier - overwrite: true - target: /opt/tools/transmogrifier - hard: false -``` - -#### 7.4.4 编写systemd服务——以启停容器为例 - -``` -variant: nestos -version: 1.0.0 -systemd: - units: - - name: hello.service - enabled: true - contents: | - [Unit] - Description=MyApp - After=network-online.target - Wants=network-online.target - - [Service] - TimeoutStartSec=0 - ExecStartPre=-/bin/podman kill busybox1 - ExecStartPre=-/bin/podman rm busybox1 - ExecStartPre=/bin/podman pull busybox - ExecStart=/bin/podman run --name busybox1 busybox /bin/sh -c ""trap 'exit 0' INT TERM; while true; do echo Hello World; sleep 1; done"" - - [Install] - WantedBy=multi-user.target -``` - -### 7.5 点火文件预集成 - -NestOS构建工具链支持用户根据实际使用场景和需求定制镜像。在镜像制作完成后,nestos-installer还提供了针对镜像部署与应用等方面进行自定义的一系列功能,如嵌入点火文件、预分配安装位置、增删内核参数等功能,以下将针对主要功能进行介绍。 - -#### 7.5.1 点火文件预集成至ISO镜像 - -准备好NestOS的ISO镜像至本地;安装nestos-installer软件包;编辑example.yaml,并使用butane工具将其转换为ign文件,在这里,我们仅配置简单的用户名和密码(密码要求加密,示例中为qwer1234),内容如下: - -``` -variant: nestos -version: 1.0.0 -passwd: - users: - - name: root - password_hash: "$1$root$CPjzNGH.NqmQ7rh26EeXv1" -``` - -将上述yaml转换为ign文件后,执行如下指令嵌入点火文件并指定目标磁盘位置,其中xxx.iso为准备至本地的NestOS ISO镜像: - -``` -nestos-installer iso customize --dest-device /dev/sda --dest-ignition example.ign xxx.iso -``` - -使用该集成点火文件的ISO镜像进行安装时,NestOS会自动读取点火文件并安装至目标磁盘,待进度条完成度为100%后,自动进入安装好的NestOS环境,用户可根据ign文件配置的用户名和密码进入系统。 - -#### 7.5.2 点火文件预集成至PXE镜像 - -准备好NestOS的PXE镜像至本地,组件获取方式参考6.5【获取发布件】章节,其他步骤同上。 - -为了方便用户使用,nestos-installer也支持从ISO镜像中提取PXE组件的功能,执行如下指令,其中xxx.iso为保存至本地的NestOS ISO镜像: - -``` -nestos-installer iso extract pxe xxx.iso -``` - -得到如下输出件: - -``` -xxx-initrd.img -xxx-rootfs.img -xxx-vmlinuz -``` - -执行如下指令嵌入点火文件并指定目标磁盘位置: - -``` -nestos-installer pxe customize --dest-device /dev/sda --dest-ignition example.ign xxx-initrd.img --output custom-initrd.img -``` - -根据使用PXE安装NestOS的方式,替换相应的xxx-initrd.img为custom-initrd.img。启动后NestOS会自动读取点火文件并安装至目标磁盘,待进度条完成度为100%后,自动进入安装好的NestOS环境,用户可根据ign文件配置的用户名和密码进入系统。 - -## 8. 部署流程 - -### 8.1 简介 - -NestOS支持多种部署平台及常见部署方式,当前主要支持qcow2、ISO与PXE三种部署方式。与常见通用OS部署相比,主要区别在于如何传入以ign文件为特征的自定义部署配置,以下各部分将会分别介绍。 - -### 8.2 使用qcow2镜像安装 - -#### 8.2.1 使用qemu创建qcow2实例 - -准备NestOS的qcow2镜像及相应点火文件(详见第7章),终端执行如下步骤: - -``` -IGNITION_CONFIG="/path/to/example.ign" -IMAGE="/path/to/image.qcow2" -IGNITION_DEVICE_ARG="-fw_cfg name=opt/com.coreos/config,file=${IGNITION_CONFIG}" - -qemu-img create -f qcow2 -F qcow2 -b ${IMAGE} my-nestos-vm.qcow2 -``` - -aarch64环境执行如下命令: - -``` -qemu-kvm -m 2048 -M virt -cpu host -nographic -drive if=virtio,file=my-nestos-vm.qcow2 ${IGNITION_DEVICE_ARG} -nic user,model=virtio,hostfwd=tcp::2222-:22 -bios /usr/share/edk2/aarch64/QEMU_EFI-pflash.raw -``` - -x86_64环境执行如下命令: - -``` -qemu-kvm -m 2048 -M pc -cpu host -nographic -drive if=virtio,file=my-nestos-vm.qcow2 ${IGNITION_DEVICE_ARG} -nic user,model=virtio,hostfwd=tcp::2222-:22 -``` - -#### 8.2.2 使用virt-install创建qcow2实例 - -假设libvirt服务正常,网络默认采用default子网,绑定virbr0网桥,您可参考以下步骤创建NestOS实例。 - -准备NestOS的qcow2镜像及相应点火文件(详见第7章),终端执行如下步骤: - -``` -IGNITION_CONFIG="/path/to/example.ign" -IMAGE="/path/to/image.qcow2" -VM_NAME="nestos" -VCPUS="4" -RAM_MB="4096" -DISK_GB="10" -IGNITION_DEVICE_ARG=(--qemu-commandline="-fw_cfg name=opt/com.coreos/config,file=${IGNITION_CONFIG}") -``` - -**注意:使用virt-install安装,qcow2镜像及ign文件需指定绝对路径。** - -执行如下命令创建实例: - -``` -virt-install --connect="qemu:///system" --name="${VM_NAME}" --vcpus="${VCPUS}" --memory="${RAM_MB}" --os-variant="kylin-hostos10.0" --import --graphics=none --disk="size=${DISK_GB},backing_store=${IMAGE}" --network bridge=virbr0 "${IGNITION_DEVICE_ARG[@]} -``` - -### 8.3 使用ISO镜像安装 - -准备NestOS的ISO镜像并启动。首次启动的NestOS ISO镜像会默认进入Live环境,该环境为易失的内存环境。 - -#### 8.3.1 通过nestos-installer安装向导脚本安装OS至目标磁盘 - -1)在NestOS的Live环境中,根据首次进入的打印提示,可输入以下指令,即可自动生成一份简易的点火文件并自动安装重启 - -``` -sudo installnestos -``` - -2)根据终端提示信息依次输入用户名和密码; - -3)选择目标磁盘安装位置,可直接选择回车设置为默认项/dev/sda; - -4)执行完以上步骤后,nestos-installer开始根据我们提供的配置将NestOS安装至目标磁盘,待进度条100%后,自动重启; - -5)重启后自动进入NestOS,在grub菜单直接回车或者等待5s后启动系统,随后根据此前配置的用户名和密码进入系统。至此,安装完成。 - -#### 8.3.2 通过nestos-installer命令手动安装OS至目标磁盘 - -1)准备好点火文件example.ign(详见第7章); - -2)根据首次进入NestOS的Live环境打印的提示,输入以下指令开始安装: - -``` -sudo nestos-installer install /dev/sda --ignition-file example.ign -``` - -如具备网络条件,点火文件也可通过网络获取,如: - -``` -sudo nestos-installer install /dev/sda --ignition-file http://www.example.com/example.ign -``` - -3)执行完上述指令后,nestos-installer开始根据我们提供的配置将NestOS安装至目标磁盘,待进度条100%后,自动重启; - -4)重启后自动进入NestOS,在gurb菜单直接回车或者等待5s后启动系统,随后根据此前配置的用户名和密码进入系统。至此,安装完成 - -### 8.4 PXE部署 - -NestOS的PXE安装组件包括kernel、initramfs.img和rootfs.img。这些组件以nosa buildextend-live命令生成(详见第6章)。 - -1)使用PXELINUX 的kernel命令行指定内核,简单示例如下: - -``` -KERNEL nestos-live-kernel-x86_64 -``` - -2)使用PXELINUX 的append命令行指定initrd和rootfs,简单示例如下: - -``` -APPEND initrd=nestos-live-initramfs.x86_64.img,nestos-live-rootfs.x86_64.img -``` - -**注意:如您采用7.5章节所述,已将点火文件预集成至PXE组件,则仅需在此进行替换,无需执行后续步骤。** - -3)指定安装位置,以/dev/sda为例,在APPEND后追加,示例如下: - -``` -nestosos.inst.install_dev=/dev/sda -``` - -4)指定点火文件,需通过网络获取,在APPEND后追加相应地址,示例如下: - -``` -nestos.inst.ignition_url=http://www.example.com/example.ign -``` - -5)启动后NestOS会自动读取点火文件并安装至目标磁盘,待进度条完成度为100%后,自动进入安装好的NestOS环境,用户可根据ign文件配置的用户名和密码进入系统。 - -## 9. 基本使用 - -### 9.1 简介 - -NestOS采用基于ostree和rpm-ostree技术的操作系统封装方案,将关键目录设置为只读状态,核心系统文件和配置不会被意外修改;采用overlay分层思想,允许用户在基础ostree文件系统之上分层管理RPM包,不会破坏初始系统体系结构;同时支持构建OCI格式镜像,实现以镜像为最小粒度进行操作系统版本的切换。 - -### 9.2 SSH连接 - -出于安全考虑,NestOS 默认不支持用户使用密码进行SSH登录,而只能使用密钥认证方式。这一设计旨在增强系统的安全性,防止因密码泄露或弱密码攻击导致的潜在安全风险。 - -NestOS通过密钥进行SSH连接的方法与openEuler一致,如果用户需要临时开启密码登录,可按照以下步骤执行: - -1)编辑ssh服务附加配置文件 - -``` -vi /etc/ssh/sshd_config.d/40-disable-passwords.conf -``` - -2)修改默认配置PasswordAuthentication为如下内容: - -``` -PasswordAuthentication yes -``` - -3)重启sshd服务,便可实现临时使用密码进行SSH登录。 - -### 9.3 RPM包安装 - -**注意:不可变操作系统不提倡在运行环境中安装软件包,提供此方法仅供临时调试等场景使用,因业务需求需要变更集成软件包列表请通过更新构建配置重新构建实现。** - -NestOS不支持常规的包管理器dnf/yum,而是通过rpm-ostree来管理系统更新和软件包安装。rpm-ostree结合了镜像和包管理的优势,允许用户在基础系统之上分层安装和管理rpm包,并且不会破环初始系统的结构。使用以下命令安装rpm包: - -``` -rpm-ostree install -``` - -安装完成后,重新启动操作系统,可以看到引导加载菜单出现了两个分支,默认第一个分支为最新的分支 - -``` -systemctl reboot -``` - -重启进入系统,查看系统包分层状态,可看到当前版本已安装 - -``` -rpm-ostree status -v -``` - -### 9.4 版本回退(临时/永久) - -更新/rpm包安装完成后,上一版本的操作系统部署仍会保留在磁盘上。如果更新导致问题,用户可以使用rpm-ostree进行版本回退,这一步操作需要用户手动操作,具体流程如下: - -#### 9.4.1 临时回退 - -要临时回滚到之前的OS部署,在系统启动过程中按住shift键,当引导加载菜单出现时,在菜单中选择相应的分支(默认有两个,选择另外一个即可)。在此之前,可以使用以下指令查看当前环境中已存在的两个版本分支: - -``` -rpm-ostree status -``` - -#### 9.4.2 永久回退 - -要永久回滚到之前的操作系统部署,用户需在当前版本中运行如下指令,此操作将使用之前版本的系统部署作为默认部署。 - -``` -rpm-ostree rollback -``` - -重新启动以生效,引导加载菜单的默认部署选项已经改变,无需用户手动切换。 - -``` -systemctl reboot -``` - -## 10. 容器镜像方式更新 - -### 10.1 应用场景说明 - -NestOS作为基于不可变基础设施思想的容器云底座操作系统,将文件系统作为一个整体进行分发和更新。这一方案在运维与安全方面带来了巨大的便利。然而,在实际生产环境中,官方发布的版本往往难以满足用户的需求。例如,用户可能希望在系统中默认集成自维护的关键基础组件,或者根据特定场景的需求对软件包进行进一步的裁剪,以减少系统的运行负担。因此,与通用操作系统相比,用户对NestOS有着更强烈和更频繁的定制需求。 - - NestOS-assembler 可提供符合OCI标准的容器镜像,且不仅是将根文件系统打包分发,利用ostree native container特性,可使容器云场景用户使用熟悉的技术栈,只需编写一个ContainerFile(Dockerfile)文件,即可轻松构建定制版镜像,用于自定义集成组件或后续的升级维护工作。 - -### 10.2 使用方式 - -#### 10.2.1 定制镜像 - -- 基本步骤 - -(1) 参考第6章构建NestOS容器镜像,可使用nosa push-container命令推送至公共或私有容器镜像仓库。 - -(2) 编写Containerfile(Dockerfile)示例如下: - -``` -FROM registry.example.com/nestos:1.0.20240603.0-x86_64 - -# 执行自定义构建步骤,例如安装软件或拷贝自构建组件 -# 此处以安装strace软件包为例 -RUN rpm-ostree install strace && rm -rf /var/cache && ostree container commit -``` - -(3)执行docker build或集成于CICD中构建相应镜像 - -- 注意事项 - -(1) NestOS 无yum/dnf包管理器,如需安装软件包可采用rpm-ostree install命令安装本地rpm包或软件源中提供软件 - -(2) 如有需求也可修改/etc/yum.repo.d/目录下软件源配置 - -(3) 每层有意义的构建命令末尾均需添加&& ostree container commit命令,从构建容器镜像最佳实践角度出发,建议尽可能减少RUN层的数量 - -(4) 构建过程中会对非/usr或/etc目录内容进行清理,因此通过容器镜像方式定制主要适用于软件包或组件更新,请勿通过此方式进行系统维护或配置变更(例如添加用户useradd) - -#### 10.2.2 部署/升级镜像 - -假设上述步骤构建容器镜像被推送为registry.example.com/nestos:1.0.20240903.0-x86_64。 - -在已部署NestOS的环境中执行如下命令: - -``` -sudo rpm-ostree rebase ostree-unverified-registry:registry.example.com/nestos:1.0.20240903.0-x86_64 -``` - -重新引导后完成定制版本部署。 - -当您使用容器镜像方式部署后,rpm-ostree upgrade 默认会将更新源从ostree更新源地址更新为容器镜像地址。之后,您可以在相同的tag下更新容器镜像,使用 rpm-ostree upgrade 可以检测远端镜像是否已经更新,如果有变更,它会拉取最新的镜像并完成部署。 diff --git a/docs/zh/docs/NestOS/figures/figure1.png b/docs/zh/docs/NestOS/figures/figure1.png deleted file mode 100644 index b4eb9017ed202e854c076802492d8561942dfc88..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 140633 zcmeFZ1yEewwl3PZ6KGt6HPE;_!L5-%L0uVqHRTKe8NB{uR;}7tA z9U%AE`mY^-4f0bLDmupDH%D1zF~Ui z;xZ+@kcgCTrL}Etfsv12MoUN6!>6$c!~)f}gnQ02F$*fBq_GMp z+IWRF%gRL+mVdFbwzZFp9(cSd&0laZ{=ftP{M%hIFp;nxPs0cSNXRHCC>TVzPf)Q? zQ65(s83pi&>JbpVB?c+47Ch|>F$oztgA7z#M_11#1(9CZI5&^UFDRs7<>Bd-+SJO( zCueQz?Ne0T+%mhcxWgnM8!9ZXXqVA8IP_KDHzE==upRb$4S@SNI5Hs$AwUX{V}!j* z^X8$X^WIs*c1e#T^K(rc#yUpzsRG#xZc%#!9?HfIs}J@LKONd?f>Vm7_Ddaf>Ak>6 z#{`s(Vo0S+Lo39jI47QAb?!P?2^OG)|qG%onPW6w>~)bNb7L5{8gq zHS`fzRemn7wT7$J=YMwA{SAO7$0GfQAtnFpt^WY|*Zu#s{{ND{f9c=9?9adK@Bc6T z&vNg{sg(~GqrH#bYt=M5+Vs|dFpOZRV}}pYFi2o-#63w66L~A1zVAw=!>zM}-E6tH zy7wW0sJVD)7!Rx7-^1OZr}v+FG*97B6tlv9^*x<$)~x6DWX1 z#HfKhpR8rkJ^r-u;370%ivC%}`%~+OAycd%y!>A+{$0t5RF+Sg&f4B4@f*L)<<&L6 z*2Mq6d2`}YFeVgHLJxr^M}i@;|Gk=e!c&RtIlTBfK2CZ87(zX6B5+p|#3Z5;xTh7Z z046CDkaE^KLJ%7cXFWAR2QakPJL2x)bx`-`SBw)^3C(82mvr8$ba_svC3raPRVHc= zHGrq`aJydVZOz+{QwI~JWojoUN)#OdO||w-B7X8_u#z=!u&*su@@_10XFmI|&4~9JnfFT%=aOs3(09-JAta1bH~id*A8x?3XbbLFFVhwal z*l$XA@pA`zS|$yheF<<_epQBEq>)^G6bDzhx86-wQUJ!SGRA&GtZdMi%@7x-S>xvT1PvUTcO$3+aV zrb910$71AVHZ#n|gUbg!QgKZ>OqlWy_6KwpG>f6VS5 z_x!E!_as?It;n5ryVUPaEq&ad($#;^L1~Cy^;tI`%dUMpomEx;pGpC#NKH|M2-(rzd@E-H~E|%`=&w8N#2Y*aO-xXwbm)%w)euxXsh>R z;WT0Pa}r5|?~_zUy(uZrZUuAF9+e+-tJ;=F+g%bfr@y{bVCImoll6#k@C|mtsB(ch ztscc3IGDc3Uc;0QH3YBpF}W?)9!J%mnfe)yEYti^ku_6;{&0zT{sjw2R+rCCmY79^ zkhDKbYcH#VnHXl(I%sK!$_O}f#}y)}chW$z>2appV0b++OlY)CpulF?Ay2jLanoD( z_VKURY3*0**@;<^fyiRkLsRFN^Dt*hnw!)e(caS@Uu#o|;udkJ(x)S}x3n`@c82Mx z`FYlyz*lTu{M4pNwBGoaF-5!ra}@YKV}(qYgw`WvVq>%YX3MRc+y1WA+NKsH3>oz~ zJqtSbBm)Q~rgPqXyiaOmbO5Wv%gv{%O=)&QaUA1DMlt+5l_tjqjnm)1HiO8rscZ}v=lPnfu_Roy zJteol3QXeIHkVXJ{`}4>0lTj3#F|cwJFON655{MEuM;RX<0>g#3o&nLM$ch}t_SVVlZwnZY(L z4;G+T)$*Mp@}#!=KJ|Qc&sPAqeiHOXQno)Ee*UJ>`6*Ryc+9AOIuE~Y@T)#{>T!Kmg61kbI2I(1U_%YhdG|kmQSxzu<|VKHrvEjf|@Me4PNkM zc5HU?V4Cx+eu~Lq30hVW;4{kk$?dFSVQDjJcU3Td zjaF>S87YiklL4;T_7pE5=h+nB@Sw#iF{CBNr1O{i35ymr%t6Z=pFv0KLZz-fnh~?f z0cqAz6esSN{=lKxF29M_5sGD>o>7rFuUlvqS*E?<%ycQ@ds1R1=v^4c2;+NoLx zU7;L)`5ngjx<}!#^joKv`X=7kQ0)|^@3V(rp=kNaWESMEXgQ837J=y{8zFWD83wg$ zAQmwK$dtA=1SO$npJ`R>A}nwNmy}u=wSNQ1PKT~u($(awr+wNN7S1{o9UC`QlSjD1 zG^bW|i_|_b-~i_ct3)BzI;9}>DNeC)Z5E!LFcfqdS&~V7q$PCuv5Bkv%93$=_Yv$T z{i1$F%FNJF%W_H^w4We^mZdqI92VXoZD`RtYB5XzU?8Y<8V-S%^WNKBCaxqAD~yS( zNIX2cR3#sA(pL{dh1=* z%|4#B9&0Yg-FpXt{M86=V(!4-F#j1JQuwO)|8O5dzW{U<59JRKPYQ49kxNZ8nV!D6 zjE<5ddAqfB)6m}iusON4-kqDDW$(M z1Y*kkg>v0Zq7)+O+_>M1v{CPzA2(LW>FsNfE^RnGohOAR?x`A0Y7tfYkq2u5b!KrFFG6 zV;IQuIq!|wS>BtDokOooYPgqUz*1}7Yp&K>N4^nNBLoDYeyqimJ1#tGHkZKS8#?xK z{5QZl`}SqpZ-7BPp+mij1!j~4Rw4kfwnH#FM;Aih+U`n^32`QfTDm@G-&$(z4cuC) zi;cINr2R%5$jcrSJH?kF#e3~Y>N{N0cyvI?!zCzz+uq(+K@cNwbgWo8aCdz;sbh2? zk8OOX#n+VT|5L~*d#~;16W-Xp7%`4OaW*OLq(VQ-1n>Rj+~hDm3&M^ut&+w>&BZ!9 zR;Jd&Wdg%P(nxB)+lRQ830&Y&%XoEk=O35bE}GU@=iKW9 zF_5ea%|7}JIM7_U-L6e=2fn;)uh-&@W2ok4+r9-Er8L&oX8Dhojt}1H!c>eFDR=S7 zj8r+TxD4yKK&4V)p2ELU3*J2^=L{qlJDQ`&3te4uue>oQlC0TOP@w#{K7ml(o&xq$ zo_Y|FU-O_4J|Xn0kx4)?5u|+d#hjaK@6QiH4e;qc>7XAEhmIMp#{#RrHCG5%o+c|l zAq|yyM;Go65@`?)Ec(z@8>{MQ47v9kRrgbd1f8D1ru4VD4p3G4p2Xkd( zXOk{t7t?<^!Uo1A7bjQLq-Z0rVK%^(%Hjr>t=Ui0Ed$eI$vH{XDnsFzR@+E79n&Vp z-^!#swJI=!WG6lP)HOen=nPU=sX0A$4C@%Nu29$a)frzT{=8SXCW!uF2{0D5Svdk-^`G(R$_s4IjmIW40X_UOp0iX zY#dH`LU|2xODbKYplRhozfjnshkVlgbVxiHe=n!Tv|OL~vTVl{tI>9@j12nPt@SMz4B?La8Xf zKnKB&+yJ|=78s=o>er>ON}1P)H6RvfqNgD{aDgCJh!6*&aOg&fqYw6pzJKl4^Zt&b z;6;3=Zl77P)=mbn^7|a$8B@3*FPuU?43m9j8jk9~z)zW;*|Y(B?cFVGKc_AR8|EYq zu-*A?TZt_@%cZc(3;9sQy`Nefd|+jYRdnnV>y;WEvE5OZ$J1%TIn>jcoApg9Fm}83 zqIa|R)>qgK+Ek1m(_2odbJw+=@rC+eTD~VT#SID-Y zdg2GDGYq}Az+WOcCyYJ|;~X$vZVkv!>5^#Np26Qv&}j)EG>3HgZ(!E{awvT2vHUAi z{ntb)DQ0b;xgYzv+49C?TIJ=9`NOqz7W;E8vMK(!0^-R_1_gXghvVinfqn3$wk10C zhH``v>B4gmlPp5`Iu?@EG|nU*%7KJe>tyS?WT5{x=;-qplmAUywONsiR@JniZf1*~ z3a-w&f=qKjlQGkclg7;8vi}?XyJ#|sjcnjc^jKO z(qlFc71gS=Oh-cv5Ss;})V7rsSp^W{dHVhh%=s&L9KB}RU%|tq>Ud|HS2oZY@Ii#p zDC4ZM_!e5n)Tq9aL&V4m+ zTRIgP6wm9}F3D0<8n0q0vx$tw5#F%qH~Lf%7=sWuLy~BWHvheB5u{T_(9x;u4Uex* z=!jUtm&hb$N?X+Q&BE_*Ic)ZQg(_uXcDt#=M9gVKp)cz zS}f*MK%vEC>mb|hnQi3#?M#7*htk)F_xCsXH4SfHe4n38RK7fuP0~WIau|wQF!*Id zz$*?l98>|Zjj8G}ZK+`C9-*ctV=*(U1=KnVY-vhWp4mhr=9V%})EZC{P(fU6pt%pQ zQ%qGS{~G*`bqCl;ZA&SyMf<#GYE(~6=q_vDTdMT=5x~AxR=id|J2WeH>2j7sHdP{~ zYZUh?VO#!9+H|LHXQsB>rks;Gj|%*o3UxaTB+3Cwk(6(PA6bOr&rEvCa=5edWn9zc zwuoUotm$}=CuBW~$Bo;<=>9}!*@=VwW1rWz-BgKtjU{FC`riQ4=K9*(m+upmuit+B zWqMsb5)ge2)k0kheCmgTf|E{+lQBVVfTh3*CTm$E%(BBmHSru)`%%ZC)`d;gKr+Q< z(jCjSY@B73$*$>BF%j2{w2USHb82{?*Pb#%vq#-hx=Wmt-Ds)N7q9ljXaN0lt=ryX zO2KHU{j1SZYwb_nn9ENJE8P4K6@Axf?|0tzW^&)?8u>I0_TC>n=MrUn-#XW%m$!YE zwI8&nHYP~x8N{d7lB#bPAJIx!R%UPDj$;rb_hG(TjTd=9lJ^s#5*eJ-LLSL%xlF&} zrA`b}mG`=mjm}1q+I)=MwQMVWh^c|Hz$ffjO<5T_bMHL`=jCd)nHk8`1oMcVW@V*s z>0GNWQ>#zmGYE{9-In1FpL@d)Ms zsYX7}I{;%mVcFKwSmVQF{J_=@dGAXT{p$;8VykSzu@)6-s?^k&fDo4~`W#R~_MbBH z^$h>V8~Hf?*ITN*FL3yt9H#Z!ij8EyzhKFFiI$CVrLxtl@otmWKrv1Xem}5%F|cQT zX-Sf`fN7!e#+Fis84w;}I1xqn&8xC8O140WF-Lyfj7D1%02U+&wEu+OUxAAvBrNCw*0<6OXVs*7pX&U#1r?U00C%^}$hLw?R`?>s8 znPVF6j*&^eo#{2CGK$3v2b!KKdqk#h2cALQS61;?g(4HhVJD1>%+0BEpW3Pn6PJw= zdJjw9tbSgmXyr(eViUZfXUJ^e+5MpUG*eh1z04@b4D+l;PBQrwuZxc3628cs4hTzgM=w^n zw8*1Bx6PBxsCz6;uMpNMnojQa1BniqGUJS8i_GTxJ)eQ;fPu|g0t#VA;TE%$d69g5NEgAlu z3F%pNw{inQVP6X`i1{fYn4PG2H~iSs`taPT-(*#fj*elgwBred>H=xQWM%JJVAwAH zQEp}xbIo;QFrJ9{Yg-N}h&Er{OtyCf!}6lJSI4E=+YzuU;;Q?cUTvZ+##^N=+g6g9 z^3~K-s*19zO(j<(hj5%&NfyLa1?o;BK@5~l4`@v7&g|t`lXOF zro7rFrONk;N*ti5tg{{IC+CT1u&EOF9t*^CKJwioVJav7JNEEIB45f;w;gB zbv0q?O8ZQFu6^VqUNG%gm4=S>?DLij$Vaju!K*;pN>OuiYwzMSqA%KeghR>?Nm4<$ zN8hoo6<=CEJ*PZW{p5UcT|B+$pDJbj{v(Rm3)x_;*DGW9QC+}0D)9%0OK%3&|8nTS z&`>6}xQG%}?74+L-uV+iIFcm^3~Ec=kk)*s1#r1NZ7kd_6JzM&fa(Uc9vDsx3XFG3@^)ElG^h_ ztj`}K=;lDP=I3%Bn3MV(zUFsWNbKd1ron2k zBlTZtN*@LMW;S?evkvzCb0oU$*t!3Nli%2_7DUC<7a(#_NMeU5`x6@Z6E)9EiD_EX zW|GWxs+O^VW}JiK!~jB#KVddQv?&9$UzW_?PSf(Y<6@MFelM^~;#!TJJWE)!{3%|!~K2|#d;LVJoV4_{7RYs&#Q(QEkJxc5(vIjia#4dI!b(D zpItoJX4Q26$DF}`qSS*yte->Nu5zAzFCO*T4!IhW;-8xRyv}PF{KuS$|3q0WP|90g zD*QwJY0&Jhxck3$=3hJWFP-_9&iu=oP3h@gKW*t3>ZotFBkOcByZsHASEYWKH1_!o zxF>` z%`#4@RBP9unO~S6@2r0V@Qzz5xeq{Bz{uNd*=%2lf3 zNxZDNX4M>&`O{?$axs$|9}}G6G;(=bQ;x-)Z>n-`v?d?2J`2k)MgA;NKZ>x3^hgD9 zwCthZ4~75?=-d3xU18M^FPy)9PZv`%^i`x?$QOBmLH9OmZXr$6JB>wBI#%LKIn(?w z1X>qRT%%&e_nDbV%Go2FgJv6KbYDhJ7xu_3zO>zpwEEKk_%R-|*Bm*Nt5Fr4o)&yrKV4wXSFU`51i8k_coz^M z*8MpML`j^fS-F{Jy~@=1nIn@*L5?cG)iq*|fm|I-KtMo@)~%AdG7?>u)@ce_z{Lu; zfQ3l?-r^bx2x#o+ zVtKkD+w`iLC9u7N^i@#VwWr}T-)N8a?5mBQ(PcBC#3!T^=7h(|nNe;NDYK2o#OQV; zbP^j=Rr>mAky|^t#S52e3wj2E8?HU=KRXDIM=V-UXu8u*L=(^85(3$0gh$FwNozp9dAoTu8W{45G!PM)Y%N>d+faM zg18BhjfMAj-*GM1+4e@?*?4$!_`3P16U9kW8>|nAfGW@phR=^z7bn&ejXXwn&32L< zxpXgjQ5lwxSJSks7JXI<^N2Kfc52i8m~B*{rH;$IUf)L&Dr>UMYf3#Xg~fXCO5b_- zgku@j_7Fxc3N?%UBJ+ScYfxhl_FYMaldYi%TnM<5-@pHJwxg?=_GS6S9pP-sREblv z?p9;k!V&bQc}*TyvU;0O&1yw-i?kRBvFA}xj;Tkt9Zdd)Wu z@tPh2WtCL0LCp;iBOS7q&*j+70mJsWJ+Z+1OFHm#C{aSGseJ z0X{WGwW8YP4L6l-UzhSKAbclIt?46eyH43I`1CNHuaFNdsp(8%#Hli5V&nf~>aY4R_SdF4mYFt^dlZ42|JCEhuxxB5QC-e6V+9GEheGM@3w9MiP0)XoKW6f7EWKBT1S5wXGx%J7c*b$vM0wKN*UgRBK$b2i}0pl6kzt*z^5UC;Nvn$truf{ zsXN$KE3z(%k0GU@I)Ei|I|tY!T;atY+FIv}8B&U(hmSspH~o>s6@R&PtkY?&^Z1|U z#U>ek9H9CQz=JzJ1JNnBDe$wlx|y3RNTNAQNUJj{vX_8-jSEsEl?1&!c*Y>Cu-rTZgIe zZ(Hk6T-TScs}~-ce3ddJL_@`;N6Q1GXUKKSRVf3VyeIE^8>im_Wue@z@Pd&PF8PWK zoqkcimRM69NxraXr-(TX4s=p>69&9`r?nEX_}_r=y1aX)8FDY|bCouTpeT^l$^zVJ z)rg{L_}rG#5=q#PF^+XEp2CMf8fMiSMO$5z&jTA&C@~f4Q+DTi8XV+3!~?3U=UO>t z?VO&4Php`JdR$i-O=(sdg`Q`@56Jn|Y0l~6WqU9DCD)QlUucj^jRy%&lU(li+SLr6 zES6K}*F}@)SJcAPYDJZCbatx@RCM~;q_s3vpfcdDFL*m_M%SQeom|%vPDHotn+T1l z1n>xH#GKrAQ=t%YEMJyN2byW{;LpW$!9eQmAkL97s2C|Eh|M|CBj3&{M>`iQJ1I}xU^T1o%mT%Org#$ zQ&f*aN@a?-5`zSrL3XxW!)BcPtKpJrD8%x$Q$Y%E=}PFD>Rge_1;ulZnDv<jj=cnA8qykp38YMvFptk;ZT7^j9!!Bxt`C1t^+ zpBx`Am33})5TA@RdWV=b^e6}BQei1Md_UHCWUlBe{Am5Ya$B^BCsRhVT%H_n@N*~9 ziL0!oZa?H`P_!q5Q_y-OVq{CFwTt{PhOHzy^VPT8aFT*Tg)Opo8>Sk17BwYJv6}Q0 zdbz>uM|AA{3!G9GJYD37k&(7IYMIlXVfh@?0}f>I)~}(Ztd}@Ui%4918SecCW0vvs z9Y*?d(&!9hkGeBAB}wTGJxy zkHD6sScun0Zs?3Q3#8EO<+6n{mA1So#VZA8B|&>l+xZgKD^ZEJxORbh$O+528`(yK z7aieAKv!uE;)qf~ueG7XpT^6HjA$Bg;;NmgtZ$+7Z_Pofexa70=IcIquezAY&+fTeLOlRlk=ll2Jj-WaKD)_@|kKbi0w~5^F*mgFp1jm@21s)E0&G5Ka3Uw)7C7M@?aA-8E?Vb68v~ zG@k96O^>)I;2{%&$RrB%ifn%+%C?YmF(8y@!!v=b;|7L$WbSJ5Mra;zO0+R3udQb_ zOa=y^erA#l#r;K^LMc!Z)eqv+DG|$%^}t4}K^|uXa3HmYJrZp;YU~U6`<@twH#0C9 zrjgVdwUa#uGAgFgjS#cxRLa}FDP_3AjxQr)IWi9Hb&*C+p!y5@Sx+H3S3i+AG z^D_0$EruUA$4$IcrW}-ckvl-0B8U?-u_EZJaCy+*l)ErqyZ}1EN zk8US|2%86q9L>^bx!Of&YBf=Geu?D_IdA8?LRhC`@Pt7&Opdanq-v-7D^*O#$Gnlo zk5G<{Dl(yJhoL;RbhSzeM=z2+MV)fOTwxMRhHv=O_nDJLj5xxIT~MCFkioHXHC}gI zztQI@utMm80(^a!)e%^*Le_NTqKbo1r>_oo}3 z>iQy_d+(o*R7b5gH(C5OV9-DJZu0*t0mUkBzx-+OP$$?-FSTO`-sIr9dg-q%x4z*r z8zyALkA8T#^+3r}i2`Yeu()UMP>o4Djkyl@^!^gV#KzJr&=z>#O|8q+7p%mNv9E>@vLJJ)jVxt ziMHg5ek-L>r?JAXAPv4zl=W=QnAzEJIljiuG7#_Cv1UTfSE0o-RD0Ysf?(L6+Cy_Vk1&J;2+1mQ|sQ*8pmUg~`m=o=REnLxW2QhAvz zj4ICYI4fDqwT6z66Btpv99XO%lt@*rl_@mgI#K5|zid2M6+)n;!|s114gS-k?cX;EsvQEN`K}@nb9~)m&EkFBqgp>V)tM+~&HYgDK#P$N&_|G2Gk@R3POb)Q3a53T&x@|IfEN;wO2 z{71A@tRs}Zs)&buU&@?;Rtsls#edU>XODDcr(JehV{R7Y$1#9DmZvwcnuI;VA17cL zX43^psp1q#vLUunESR?9b&g^NL5i*6(7eJ*L4NktijoR!x`iQT>4~Ygk#B*Gii*Cq z1%7?DYF#|Gitv9OsW%#dm)v4nxy-N!A8jX(XxX*A1J*eI%U>- zL~1NFW6PI+ig9gb3QCMDAQG|OtYMB4-s~hY86rM9bF0&s%i!47 zHP5U$E+1?ghzvUG0aZEFA3UmFA|xU_HCuA(u}nGx_kQk=uFNUh3`*RikgqfFin4J6 z;=V|t7HSh#rcTZCmv3(_H`vJ=84;lsJ}A!=RAdFNBc3=js?JuJ8TFY9)7z?qcj3Cf zB_6Vd9(1f_y^x3$uZX3vD|c~6$xma6OO?yI*r{c;$`qu)cufPIUqiW zz6<)^>G?v4jRSIB*Pl^3>~`ciX#y7uTdMGJ9mTg}jYfHXBTAQAH;kW+{k_r=`Nx?s z17l!=_1@=AePy^RlQlp(8&$SE)0ADAu7*QfafEzkLM1~(ew*1t`L^1Gms9wuz!+0W zWJ@#}1yZbC|CT?inx;i+d&RTE#MS0_jbZjLZuX|e>50^qGs*lb%J1<@8Bk3(DKoBJ zKP=lijyio=HKpq1a(nI zE>VHt^80)FM~nel8CMPnI##sglQBvWlqVcF#pkvoHViRW#^7XL7o4~ekI;@%d}Rj1 zOuQC$8rCHBOfvS|c5W$F2@Iy)Q~CWbXHT43*Qe|f_DAd2;0Z zAc&C=$q^Y{#R%M{`LzQ~(u&?feh7MeOCMpLvVt>XQoAgpDrW6(fd1^mhYh{QQh~{} zAUz_0xX1+jTv`$f#^M9E%B&M=n!SnL$%@OkC@6MK)Jw z=3*oi1uAi@7rNXr$QF-mlD=b3vS+~UzPx3Fgh@;kW;YGHM~HYU0Mk;;`B(Q^Tvp`);p~vr$NUFX~=dW>m&6R zbgVe%nKQ7dI%>Bgjft4vb>`TbThmmX&>6xf;Q(o?*hUC*7;68V$K6g{a;#XNASqy?T`O21zGLstbv9xdGIAGs8oVha6w`Ni%f0HhvSxX3iE||| z5Ld)ANAWw;dv+nnYs;E_W%qAmBU<8IaLsJSrf%w5Y#o)jth1@2&3wfpQ`1r&#CX@A) zCHJtUTd0j-zp{4r^Q>T;I-OS;00^= z%WQT;XyxXvZ^tNRWAHetP0}s6dI!Lm<(?#0!2E;9AZvMvQIiy)L&6Rgg`}Je@)Wsn zO6bha3|Ipb4IZ-j#hDPqj#x%A*_FZZDKhte!ZghuGt1331cK}azRDdhkNq&uFPaNU z_^cXypue|B`(_mr;Z@729F=Vh0Uk}(-sXFuesyw6XJ;@Rqse5dwfX|g$bkX9;}0S^ zYO$F(k0@WyILkV%TcNdk$ZnkrjKqupS#S{2nM`VR2f%EDS4sT3X=LvYh@@cOc`~gHG?s4Y_wL}| zJmzGuAFDB6b~+i|_FA>9PeY|Y4dVW+97Jv?p@^W0VkmZBA*;x3QxV-|e%+y6uAM{( z)J6fu!dat8xkaSO^3&XrFSC$xIN!@}%_p!0nYxe7?gf-wE7A}JY6w(*^&WbvlyaQ5 zc!l-SwLYRAoJje+)0?o}pn%tGp zc&WGE@n$ahRa~9`s5DsdneaQ0eRd@}Pv@3&Sx=*nr3C9(KcGuX@7f%_x81ZZ)!%VW zonaX>rp;0)5U0H#a-)P3ca-AMm+8j7I=x>IXc%XvAXR`%*j&bH z2_U*fB~_Qjm6_`x%A8Pe^|u4CG4h+QS(n{fx1E`iav0M9D3rhh8sz#;R%`8 zJv&tkH`QeoGZtqk+LPO~8gpmF`CT`?$m+ni9fSRZCAChJ^eBPJ)Cy%@LjU&v_}1)y zYcltLNwGfTlJ6JA-+-Z~cW%1njVBui^O*ye7p0=ThL(SmxFo-B4HEhlmx6RX{1f9@ z8r+V!lnpcSAAC1JpY&#Gozd1eNusQ2$#=gU-QLEEXHK@Zb(a2}J~LtE6zjK|0PShE zeIU#(Z0IAY1%^fJ#^curs=e09gq#>PWaR@qc`4;f0TJWCed_aUJ}Ydz5G}0vw6qWv z)C?R0G=wI=0Oc{!`KV9&-5rz7foW^+Ilf=cB^Z&g0V9Aa5EbTc5E-VkG@mJX;x}B_ znkYPg+>o`^*xqx#)2+Rm=E-M4SH&8;T+`>zog|tM-a`Z(bn5vW4hb)n&OeAJkM_lw zi~PE)-uk15z@L}uMM7+5KQQhmZNBlPPY4F~!5_Zr_l}z8ZWJu}+rKYBz&31Gd&kf0 zGlIS!Db`{m#*5!5O+W3HK9{5X0Sel^->DCb?-uTqtoio-wIu6u%~{;NkPgt%^Xl}? zwo>j$-~B(Q*8*QK=2V51IX| zA5WBWD>46H5z+JnGQ+uJmFNBF@4j@T7d1=wAw$(7#sOtTkm$yv1ZyX9<1-3QH=TMe zPEFT+E2qaEVYW$|vV5j&Vr(pWG>Td_PVO|XFQTYaAt2U+Wmwyr(@!p&3k5&~yn2UM z@C&_kUiX>_$r9f|u7_}2ox)zNx~cqF1@@OLV2l|@4@T9vU9m(99Z%mhX$D*_%rG{I zJMz@UCk{}g;PGRxG2^3Aa{M)9keakutihoPPo7AGAE0z!mRYU{E!XRy?fZctg zA*N(Awko~7U%1giS9TKlsZ_i@kRtNOLWHuI9-$|@R;G7Aw^)rBsqx;S$nF4Km6s^X z{S(CHG*PZUjmBp1U0J^Ui{>XvPD&82vj-#A0Yk-$U4Nta=5D-A63YQzV-~e&7Hr~q zDzPN|nCzvMpHaND-gDs$>2%$6rDI$T#bp9$A2`t>4N_y@DY}(fkfyfE*v#fWs~H$H zAdgbO9XwO9C)KbybyYAY%BE>*uCrh$X>nhAO}g9XEjkv~4VZjxx%L~t7v`y+F{n}QVCOGqzClE)$9E0Mn+_?E=dP9eL7#-t*;axAl74g))==bN?q;P88i&?nbYU zTQ6)4URDHW4%&u~ls@R3K3QO2fz@$Q#op+gq`AvzIeFJExO~{C6TMlI<+o+WXe6mP z;fOVZ)Z^g+%se9Zmuyw}keeBIq2&$ltjUbrV>ve>f;3j?G;;Us!A-fNgNFKSOP^BG zs=3-VBLg;2{7oCWS6$_l6JOfl90PZr7+0kL7HKrw7%+u54b=R)&I#Ik)J}|j9$h8R zY+GHnAWH?u*RnH%-5QO>3I&lxuMB$r`4v8o64k~Q5@PzE1-G(2*0T^u%h7v17?LYm z82=znd=O3K%k~D1MSSy)r`b7fs@Gfv*o!1{DmDG}=#kz#248qixvKcRhYA@Yz00HG=!Ot=SDcj3&r z=iL^rFlfZWPyC zO|qG8Im@>WnoEuE0>kUFL^0cO+RO|**0Ck5RJo3o0p9QGz%8}f zhJCz?-hQkap^C_EO1+OPM)QyXnrKwl zEwoKfx`PVt@ftEVK(7wkUD{qW=d6z})L^lROn>EB{ZT+FFdSFc-)U%(N#nK5ytHSA zy)eC~dOlc>6-iLg=>5skM^zA*y4#PUUns4(?Hzg z@2lIGu_Yh!w6kAyqn2%VdHQj#>-TQdLQQd-rc`+hOd`q0gu-JMnGTgFvymLQGn81H z1k!O&3{@`WNVbb5q8T4B# zjjug>8~c!@b)Qjm)(5moJ7F(;JZ$Fs=h_{ZX*CE#>17--Gqys>S~5Kw zQcf%c=ND%N=to72IfqM8H*i+k$#~InQfap~`g0&dz30NbR5w@AL<9#1tpppmEUW>< zF|3v8`m$SBTSKzw0a215D<_h48qZKHP;petM(J|*YMn5vS~#a!o^1)GC*GjEwdPM;>y3@MRKcZKIVbQ29^Y~Rh7~Lc_8+nbG z=j_gvFy_N0T6Qx|AEy8wVf+L&_o*#7fn=YIW};K^+`y+y*AypkK0xyPFHZLVv>8PAe`hn^`mt+g zvgt3N`N?BoB~h&r`PwvF5}U;1oCURkg^8aH@#fu3UpL+vJEKL^ZuErh6Lxpr*05^{ zdwX@E83b{(PrwVC4UJ%t8{v^PYdLdQ=dw&E%%mz*?Nr2mS4%C`nhz z2dw{A2doVP;+hdY7ZCSPIVj02DCv={0>fO4BZH9bl}{OjV6meiQLxL}1;1!;-KdpC zT{GB{Z_jK)8)j72?Ce%G$)md&p2YGd)3lfAkaKsUNGG!~wYsv0@` z(=oTSn<6sZ+QsJ|FWlc7+ZH&xuCS|5Gh_;%%y`G3(Aml?)!z$gM#jV3zbjKZIT(RM zMmg)#KT1^ETZ-0!=AMrS3`}wI;QH(cJ+aNS(*Gaiy>(Pv&$lN^kYIt}o&<*m8h1%> z=mr{Spm7M&xH~}t1b24`)_CJCA$V|tyF-FYus~$EckZ2)@9#}!*1R=ut(o=y;;hr0 zQ~T_y+I!coPknYs&kEorf5-FjG7D231Ac6MU|Kgzn@lArk#A0S@Ak|-Yi>$owP}ig zg1fBcFVjHuuhW1(v5|C^e_jIi>_7;9qd^*6G>t2~j<#BQ$Xh}yBf5`Fk-q8g+sX4d z)Ktl4)gXn7Eidnwvulubs8*4Bsll*ZERD&mlmzfb31+Al{Lg(VgkcirEe=)e7e>J#dkczudT&m_rS3?Vix-t|*s%=rr*aJ_t*ea>t5Bd=5a$yW4 zIb5x}9$BKhN3G3IUBgOG5)J1LI;co{EC&RG3^zG8KuZ2-iMD%U!*$1p?>o< zBS81Hor3f&(F~AUxZnEJD83w)i&d8CUSb0)Ey-i(-?wGBG&lXld=UNBd<=SWLA70y z3?pC^xQfLTU)53CiZdd-ow$kO>bhMBnS>cB*@W+fjZg*eF-jAw5+^pfVPc*O*+_Za zP2g;KZ<@(b$F1qd5*40$uiwul# z(QHf`Wa)3Tiq;(Zw(B~eHI&pO$YqNay?4jCi`q;&8;-(!I*1J8luOZR=pi?P@$MMN zpW4Cy;@b27YSxGs_0l^LoemW}0WFDUklMSNR2z1(7Mx?>PVZO5qVqg}ug&&xc8eYS zDPn2yD?O(^`p3dZS$8e_>GIxd^ACFFJS{BDX{+N4qGM%921uo(Sd=j<-g-<#juhh-MSVU#FTmM{C^gAS$3iP$FW zoD<%Qv4X^)vY<^1+JMh2oh?mUjp`Ny?4p(3^j=MznL!{o0E?94b4#Kbp~0|v^lvA5 z6br@oB6>#PZX89^k%D%S0OrAyzj%X`ze$H^PtYrAcYR=HCf$f{i=ve3rf3h+U5H2H z4zW4hab4%gzJD(6X6wFekH>`9OAoMut?qQk)7v|MW;zvCdz3u1bnJkpS=*bk(mR>v zO#Rz=MRrY4HYvA3^uSSwp=F?yvSW?z5SaP!Wk4@#iTnR*NW?cyS{fyq*Vd@xf7F@E z_*f)F)H)=)I+$~%{IlEFV3QTSMPd9E$Z1&i^CtA5VUFO67cQp{99l>f9m1C_WF~a! zWJgKXol8VxL1@oH%YTNSQr6Wsf0UF4j+j%6IOM*`GCIFchVA|>R{Qn0SdGI0Qqi_9 z+N~cb`t^vVyM!WP;!VUdac}8w6a)=Q>2_yWOXHM&6pEpj)Ah?ALYPi^AHEbcintU% zb7b#%BrIpTEZJ6*>Oem%j?c=K$;Gy1sUuI~qpEov)0WmriBB%)&4QCVxbzp3OZ!)& zmYRo@zcQ4Ys_4y;{_xt8hgDUD=KxV7kb!1-IT&8wg1o3H(%Z9t$n?I^m zsr+RgIRAB|WjTvh9B4@7z+U@wE|ZO*+%aOac-WCy5!Ky&Qkx^5*p?dTr`xn=p;I|! zUC)R1@%0pi==2?#r7I}u) zHhnn#YE>{)3sdjhjQXeuh`^8=>HJH`A@H}51G*WHgzC~LRXt!FAdgIknzFB+G424K zB;pOpot+h2>-deM0q|&aL!rf$0=x~=fh=u&y=G4&gr3@Y&WxZizV9}Y=^_76 zUDR_$IxBMmu9TQ@7&+c!!Hy_?25rKuSNCvNwhHnj`=Hgn{)CYY&7sk5zB~A$s>1IL zTx+tqQ>bw5>%-Yj^Fi6Y+b*$?FLIM3e=M9X|J0o_%%zb9o*>r6-g6^K`CPeU0|>G( z(KJ`KUh#Pv#N%!mUbp^9%Oh(?s`Yevf_|JVcA<9l`he(6ZJRy-t&}Ub?i3eK5pC&* z?2HJ;V)Eu>{W^V*99ezj!_q(|5;dW{j!v~1;+}-_#^zAW=(!CpMsQKHlx5I>m8QX8 zCIaPOCqi~`r|jbA;uAKfpNl>$!^%E5{1^8k#&{8(TKU$?=*}H_i!{wj1s%y(bRAAs zcEw|e;QJIG=c8R4kD;wqBkf@HBA%5fYs33WYci&V=E_(kQ|1$RQ=kp*UKHpgd?UC&lDcw_ z#@3@9C6R0utEh=P>V@rJ9H{4?1OHFsTWmElqpcOLp5Ulf zIGDJl8LmGh6a?`@&LK0JySdvdA2yeDBWGe#VJ6D-bH(@Vevo&nEckp#ZkyKf-=CZLgMXWwsn*!D#_G$Jtrm~luWA{?o7I^V z#Ot-b#V3cJ%V9~|#0uFNp=aH{iubB!rHVP8q%^&;cXX}QD{K=XO`m%`B5d?Du9t+k z9P}v>jp5NJ&tc}S5V}o%wdqV@F{vmiAMwP^uJ(;l)y}`=U}FBNFr^H=xPy+Mql22+ z^y-AXcTpJK{KF@CeVf*{O<<-=(AZYcd#W4DeCcs1TW*pC=E+Vn0Vxe<|K_yPwTdRg z&oJtC(z?D;M>^?DGfSz>M@-I5FCj||<85j?TdAw1(CwL}^CV&nzf7D*LG;&uF&|U6 z3^snpKE}o^&mXuYZGWSDwa7X#TF$v;Q~ufo8F71G>}woA1MgEMH`}{Ou3#$Dm3s!c zMC^gTF{l-#s<*Ubx75&_@#3m_V(163(r-F`SZNj?hm{?zlhj{~5(!E6)v;R4TZ6=K z&{!Ds*tgy>2*Uhk$jOcDY)T^b>c%a2#-l#&+ zZmMrX+pDpC^RMGUX-e~W(ReYH$7-_w74}!Yxm3%U)ywaDwjEc(yW+~=J}T-KcD0J> zDG;i*G$K46PZ1s6R05UeBg}0K+3hEPLV&+fdqax+faPeFm<$JS#%EN_tpPftXi*L(?fQ7l5 zuC#fCeoGK5XgIOcPlG&=c(b^{($%Li$F%W2VDkN+_-YM*?!hE`;bYc*VfW`n?ks7w zN54_PBB}mY&&EZBzaNlXgny78sEi(0367|3Xs~2<^mJkI>)@8&mN)i0T$*deIk)Z& z-6A20&y!@xm0P@gN64g8-C+QAO7Idn!8CX1Nk&K!O8>{fiLWXu;Qb4|b}8n+(9i$-$oa~Yg5AzK zjO#kt^sla2gJv;L>p z|4lVCA@1r&(ym>lcdxMaH@&*xZ(xnj{!|9!A5s^$d^L2je3N-eu)|&+XG)y&Q{nTi zf+}wR{r{vh1O}xKlf-7`^TOy1HGK%OPY+(k^@w^IaV;99AQk?hi+_k+B}#6Pu~yuP zF7khK7hYS>8{J(x&5>oCg?hVBbHu%{)D|z8>R2&}<$YobnJU1JUfcUR!{VG^4np%A zhSqlSnvD?a_O_CXb`zQrDC76IyQQU@+NbU@0iWWYL_AUcHW|i!RG$8I~uukH}+_$F8$FF_faitY>i-pKzX<*O#&}-GC%{R9my|< z4O`P8yVo1Ecdsc}h}3tFJlIQMK04&Tqy)M0?x*`@giYd_*snxqS2S0U!A;0rwWCGb zjS}mp##AQ4q97d<5UEG~7|B4>%M=zt5_XAuA$-5{=2>E+8F>H-={8aAz9J^U=bJj2g*@r~O-30KjRS~NjuJ&5sS?$_lx3hQ0s27*h zlQCJ^QQ8v!nM)?H~7+%2Ud#&6M{yF_$oQ_e=6fj;wRU zY40UFI{7bAvup0MF7MWZRL{ja@GTh+MJ8v&7GI`$297mq{SU+xF}V`jzv@DNzvbyg zGY*<_%`f$=^W!{4%d#nlm3PMQl?1=AB2O#M4bb>gV3*zl$LT|V>{op!XCm22m0x7k zPR;KOA3k(e6RG7xWvPnwa*~TnMFOSdPl0#CX4XsQeh|Hlc+i3fi|%-6{@T!Gdk4OK zd6{1M^`Bb!Q?DaW%eqvNw~W70h#%D80;$izlj%&_e~@@t3)-mlry6qplsNT;hW~s0 zGtjRGR_4*297|EEFdvqw2Z@`?5jGWn_LkV65_7yP{`s#i4ESm0(Qh1@m681V?G;S47GGIm&=|@}gBj4D3Z5K^i*I%r`N+-R9!s3NnR(xDFSU@^(_FxOwtJr1WAI*O_s%MjTj2_jUE7i zRpOquOV_K7#|ztRck_+Ej_t}TPpJX!;8Z2xz=7RQNxnFiR9&XyXDW@W{H7b4z4co|6F)!se6+Yr@`9Q2T^|1**8*rQyj`=TzfqEn52oL-|5P{rF82#5 z@*l7Ik>(jN{{Or82ne`+D>Gm(Z^3STg*v8~+dUL7+8^sfS9YG+|EkW}zq~0uRC;M@ zNB7h1XENSxd7@KSUl47An#9Om-Cyl$(v-f!zSyd;`t(}Yw%Ahjk{!*~&s2!w>mDNn$ol33G*k}0v3 z$<5dYV?0-g!`@TE6Pn`mtcNnR8L5(qF1pVeUN(axobfhWRq`H<5&M0yIq@|h1%OvR z*Zg}`BpCDjTkDn&JfaGBqg%uEZIvojzowmiP2J+IGWt_^-W%F(6J7=@dCsMsDeJBR zz-h#EU@g`iKhFbcqHkq=c%Rd+#sl{RzuHM9YCZEXbBpE?4Qzel+bq-?v|<^(7Q%1p z5WiDec0L-z=Oe=Rj=?tAnT?5!M2L>u5M1yT@>#i&;-kpsG@xy8ZTF1PS=ld)*?J-G zSjh$bHws-DJyTo}G1d<)-aR~j3zF7xlkjtMO!qrbkyWf*zp~@SS3NEJx|QUMok)rJ-Dr7q$1&%Y z00#yaRI_MJtQmj)eI{7+z&9N36F6rZU!}(Lej}FAbhlJW=4=-4Se~@432!t;?1S4< zoh$1637tLy1D88eJ~U?dYA3GCj+x}nYcN#W4W3Cq85M}IZBFpWJjg(_t8k84Y!c$X zIqn@+2`N@#jZj2djVo%_M$``VG9cWQHE`Q;6u*6!R$i$UALhT7R?q?#KynNh_TRG% zf0IY;%YZrJzIriSGRZoM*kkh^8n1U5Obw12YcqPJ_c<|8F|I8cTl>WOztt0j`}fy_eZfzn0Oyo3Ldo+Vt+V}8daNR5nhMn=60e*Fd6y6(L&mn zrIX`phGBa|k~pj&S|X1}JV|lGIGX{fuv6b0K+~ic1cp<+<-n8WVNwsV`C0YwDbk*XUy-`8e%ms~ZDoK!>OE zC?CZff~7jYLWLV^5xvCO$1iN(s^X@a$$cYZ;(CIE#YCDhYQ!y;>UvmbO5}*WG0(0R zFryMFi@Fjc{p>tsSVT5KV@~7K@hN~-jd8m1_NtsyaIV-pIzOQ?q>cFoJD%jj%aiyJ zJE+1uTB1m5z+|eKZeQ#;^_d|n7vyt%NHAizlmzH?A~l*urP7TJO|8g!z~+&&nqbqG zq9GaG71J|JAgz!zds7D^P41M@M?Q6~ssMoyBag|1k;i2%TGhAkRBSX#!L$RMUIM5rU80Iwq_5w`lk$w?d5-21WRv2zE7G z#IK2TPoL<;S(+&=Z2DAKu4vf8~C`o6xBMZl*O0Z%2lwK2o z5RNDdYTnzWgnC87tUd%}=%%qGMSyXwgQhf%+yN@c1fkIKHtOQ!8dl&~f^0%3h_iH5 zzV2lL2%Dsn#emo$dSHr_4I&kJ^cI~M!XZRnZBz`nq=Fz!S$BpxZyV7f2SUP^*7ac( zbVD5|0yaF%bcz#%Ws%&Evs^|fP<1NdVNMQ_v;7%$PegiTW9`Q8*{wWvi@mpky}S^> zaER<##AZ4hJ^PkfoXFLyXl&yAa?Yao0vDbJPGC95`yg&ZCGY@GQufBzj4>}Ytu4rL zo-=hcNKdnrVsceqnpD1t>?Cj7sO6yD&?;3(r1cTu>-xx@L|51~~z6~W_iiJ_@1Qa};-;H>)sRG~RGi zuDXOCx2qy{ur%Z1QSRRj^5=8BwoXshM6ic4NdIRli@ne6kqKew6O2@pa5L`i2XCPbPheJ5WwnkUGhDHwh)|0KyPnlRH@@1`$#WJu7tDT@Oq{^A={P2S!q9kY~grh$U|xuk5s0 zwvq+wyH)huYi*ZPH}f*uX=$DSZIqjjSVx4X{%ILUWTG+D?=Gj<#@9Bi_m}5|Uo{rX zw_N7cMuHSeZ7RV@8f3K57ef?%igG5Dua~aNmCevxI~)v-)-k!S<+aLn9ag$f%1zVS zjp$8APYMHt8)XoLD>{!E^ySfqm_~}LG??H>P6tHryB_qP!@3-C{982m+oZ7&b=J49 z*gj=qe-LmEEce#tv9;yd2Yt=zd*GgX?a+?0Jcl$0(S0Hx73^%zB+!GAtyHp^zJ@9tyD7BjrnGfv@%+hnViD$w^ zIM?Tl@)-0Ia%prFWDFYtoZQK;#gX5ov8q3bD{t}4`bzzR^n7YA9of-VKKh#QDB!iN zS^{;_P`3HhMhR9Wd%fQu!~!;Twx%J>D;$FB4ekjGS&+HXE=;s$gF`^ zBwJ+cYiSa_xWB*!2@;#UP9i@rgbp{cRhN(bJA#yvPKs93)>-fc4O++ddEqaDgP+W( zy~jNUxNow92FycQ9(f4%O+wObOf?>6f>4aDb28H8<8nllt2ad z#Ma$*)}5rM*wIV?4+jf)tA~!YqREtW7T1`;vT6kb>xC4T(Gq~A)E)#x9|hPUL+5CE zq+#Ex5JmipN;b@wyU+Kan?rTA*Ea}}gT-lVqwB_ce6G$@AHBJT3!aCHfFE{|w(hDA zXVo6=G*|nqyUZ@mt8R>W_z-9J@GoIa$-7?=(>zxz0HmOY-r(YVVMxx_1toOE&I21k z?`m;In;$FoS!~!m9%QEEF>v7GOG_zf5!a?0e;Tztm?n<3$E)2?PC6Vm#3W6E2`jKuous2vc35Z=2Z0XlHL`fR7n%;;6Gi8qUOj;c>ijUM$ zZm`DNLOuvBoe0kCE*25VaIz?qqHA5R_%)Fa*i z1`cbldL`>HI?axA7PXy?GE>Am0yB?K;JQ6bi{zl4pMr9s+3s^nQKiEl?rD~1n$|I< zLVJ`FIcg^H1)Jx&)AZ7=G%fVC#>JspJnWoHB#n7x8p_Clu@f-e@|?6&ic-^*cM+iH ztDas>u!fgX1YWuRp1MHUS`_x^Aaf!g6{d^4b3}kGyr=2LNM|P5#t9D?gEhg?Bjc0) z={YnmoR`qwAL1S!si>|h5hZe0bp>`?y=9> zEOiFeIxrzyLn*F@?fKJ4YsINlIy)`ggvKJb(L^&87@O6>yTJW<65X5ni=q+SmLMV$ zGSrY3YRgY#Le4B|3n{*>@_Ob;%~Id2W}777-&gXHZ}l~-Ov%#7HrqQZs6Hj9G|Zg5 zvo;_|u9RWq#Fn?=t+uk@hz{;3x0uy(2Dv~y;Kj@El$0u?#^}Emll6*%Ch5v&NFd3UlHvN&Zt?cx&ijfr5HhE9;to=0%$a`I=D}-AeOwTA z(f14K+yK-dTbwWzWxPG#?kbF~&=%9|Z*pCTjd&^Ub^3LiZQg(Bz0LLe3zzmQ%@sGe z&jPq>YjJ&XC488x{q4>A{ozHI+>PU}``;*j{@NpoI}6a1gO^_x-kqfOV{1hS?gtfY z*EzG+nr?9TjWmwdk_&m8RT);nqt*?`TAG29T(lPCS=C}_p0W&4Uh#DbGc`p%u8MO7 zkQ04$-^OAm39UCGydlAjMFhwWqTcBuH52r3DZ+VHxs)#6O^omD0kF<@PHR0M_I8^k zd`|A>t{y1*-W2X@^1g~@IizxdiBA_YaB{~01Q483^uAloVj$y>DSaiWm{*nB8o+pY z4BNWqd|L^&?e%996w}ekdCzvf^58>aO%|!PwCeX;8PDxZ6#yYy7N8F@M%lJHlLE-d z5&$;n1w9-K`=ip`SIZ}5;3RDTV5sc|dwzj9l~-Oj(`inY8-xjs^9AeKX#o1O#m-rIok-(AvQZk(t%h_cg*k<6&B*IwB!~HFU z1Bk1qXMdS*E91~Im7Eu`PySxI_<%8jo+uSWpYF3*J0!w!7@;Sq(1Y`6psBi6y9+%J zh4-Pp-qs0srkaAQqA?*duV=w3J0L-7&+-va8cbFBFD7XBX)=ha< zj7_#x*-nL}MT{ozGVyHn7$G;|u6!1KBZDWn5@@1>Qqyme@fvjizq^KmkAqsrtOn?_ zKt_Rd)*MMnOKL=2{wrI*1V(Fak72K5eR1sqvT@BK|m zPqd(2GZF{;Dfz{0 zSot{WrPPh%PL{Z6q7vd)TdKxf6x)eCHp>`TEpV&^K7tD*oSRG8W@_4pQ6fy3Rkyv^F z!txbGrm%zn-z&T_G4qhm*~#0UWRkW-=PN}h{0gg`z!SQ)dCvQ+!~Lb?VxuxWZw;c0 zF+NSdM&LQOGw^0FIk-q^WR(3_$EmcGiGG8NaqmvmoL$_pHZ$i_y;9k%#TPrd=k`t3 z1F1nPoi9^lEKKIJ%Vz;GkCMy42yFX70~k|cFakr}oWIn4p zHaOg=kHX~f=`i=}4x>N6%!6}op5uxAm`d7|-C8k|_61I^D~!=hbzJHo^~Ezcs~IMmPPJ>`B% zqhCHeJVGgqLsJ>^Kz35M4dhq{U}MYk?*=c2(=keOxq8v*{ft$3$HQOKe_(6^w8^H? z5Mod}%eK{jA(>N@94tf@afO5mS)8!yq5BeK%`sERXFon|G5oxa{in=gyG$4%P(jX9s*B|Q#t(&&O=5ReJ^HC%Ks(OKi^z#9#|>E&oD>b>#X2f* zL}W&~WkrOAn~F5cy17sg>Uk}*PtI59A4~g2)P72nTQMZ2FfH{>ycpn#cS;H_8EF*Z zGlb@m+xG_&VZ!qWE!LgnpVXtXhv&`k%Kt1of|owQMIX{_BTX)#v>T0&>F&(J5j1Ol zJe^-F{aziww8&p4Z@noYwaGDs3bxh3Sa<7Q@R^*TD$cUsgN;OHD$f}PZL2o4zVq=` zNY?|UTc=6k+V{n)JA=@P@Or*Tdt?c5NdUNHT%rN9WV?I&^}Lq@XDa8{>fhz>xs@2aK)7CEtgI)Gj~;9*_wKVKk{h&%)pGGuN8n!nvgP$(KxX} z%A$@NJEW|KIG61acOP_rib-rLpM1E05p3{s_ejU5%kSE0%%UI5EGShUpk!M< z%nh5i)nMC>0Lb>Lh$dGy(r%mY%tZCT^0KOMMjaX>vl~JEWA&yL0*tj{yuBLxDk)%t zH(6pltlO2?%OD_su(OgY2GgPkY=g;GZa5+e9A+5R*f@el?WzI4d=KegTG|baX)UX} zQ!S&BA2fW}8Q?7`Jac$Yc03PxIn$2U@ZP6wt<0+p|W+2> zMv<{i^EvIM*4z=_qO?KKHXB0KmQZZ~?0TQD71>J=D2WajV6eh%IC+AKkPWjrlLd<< zM-Cz_IR)-Y%vH9`x}|GUwCz4C*k9&;75X_s4#>Y9iA{$Etx{G!GCqku+W)n1Aarog zf<)NDRxGG7t@g%0E}uNMEegymj=ENghte(o3l)YpxL%&IN` zxCZQhjqwqMrfA=}4Sqiq-zr`yI9L&@jWe#xu8QkvW-}?!=mt7U-8VZ;Frn+E+eh4uG2MT&9W=_ z0oQ8F_BR_EklAOyQ_0VdGxzN7e%_V@ublb@-HT zy~p89q&UPs^ak&U-Pq;dK(ouY)s9B9xb1&w9>S-74=nO}`S~sLLxaMp+Ep&?qc>++ z9r$)xOM_8J%a24A%mvJ{r}VzAinHl;whUI;a0t7h(LhRmDr9XcIz`EVl=>r!H0o~@ zw=QfmS-NoF!(z07lk*>MDPXCJ8W0{cEt+uMVmNbL3!}B(aO%svkgCr&%*{g232P}a z@Q1Ywl9aJx#gl@$^l`5L_`pAVq$(1|L}xRL5dv%k+Lt!kfV1>tfFWh|16h*@-a{l& zR)oEc)Sjkf1t&**p&VpoWH4Rf%)l_OcJGT}*X`YfM zgpkQ6iEQ)g5X&pah-Bugvu8}D>vl8st77RP!b+irDM(F|CJDWKD(@bGvFArVfA-!W zyV>_79Ge$PqnuQk!;4U^6sGApY;hZhP=cHWYaQpq(ZEMV8P8)HIch&TD}&P30c%G6 zOY?X)jvB=5JWyz2e~alG8;G7w3FnYXp-f9@9kCV)d@a4WVVbM1myZUF5S^5sb%8~j z4>n71duLAi4XCxIPHL&);3UBZ6ZJKsnOL2%lror1A*3|J5PDMuwke~m)J9ggR@jz8 zGeD&uUA?bL&4elV5w?uto0O951Zn+%di630?}WU!Y;HO{Q{D6_>vr*x^j?c2X03Q} zBE{niytIZfX61T@L_t9YE7=uaMAFR_5=qXDt=;E$$*P@ z+-@69*4dT%Km+gdc2g@RWHVzzqGULUDYIpaz=g7Y{B>acfa%!6<($O;g?Xcrz6fB{ zE0WWQ4&zxA$4GAJa=6?AtZUh5t_aboQ#zsw8P#jev}+WB9=BZXtXjNAx<63hHGO8B z+3qsmqAiJ>3T9`VR9DAFHE5rn$p4b2W54+Y4Km*qafz z_=oY6K2ufeBE0cdN}nLv3PKi6rDV&x(2oQyRTz@8lXpK_8$Pd4r?K`XQSd&&!e`## zN1^Z{9}_bhJn|;*S18YFmfS+7nn8Mc`90uF=ZPO#Yx#y_ZUg){ zkZk-e&?ecLPu9{~(e)vWq@{gQvOrFpCEf^DsCH<9W{MygL7p;lBTw{%xQ?eZDl%G; ze1$7==Tti3)9WMEr_Bnaj=)(L6PiYPMWuqU(pJ`|1UJV&m0UI7Ys@1P8ZjxDaL&Ra$5D z^(UgC!oE7b@cE08f%fulHu6=s@=j&&?lvmvxifO-Eolx*mpu?i(G^b?G2mz}TS*5> zViOo}CsR$sF(}2E1c=bgX-QDvu8at5kYdXNxs~|12|qxs>km~~FLh;jyV$VzdsXBM z$PC!Lf;YrrE^+NFci>yoD6!9r81DJps;pu1Pa>p$&Hfk}Nm4gr?>EFQ`BU}LGyWsi z&!09J4>do4_n1-+v#Y*I{9rys%d~>#zy0$+|7`gmjad>6UyW;f=l&voKnn7+|09Q3 zs`M&yZ-qGCZL00Ae3X(hi`E8*A$I57ItYsph`aD?X+4`Xz=EfLIc=evYEBZ^p^58c z$~(XMP`y#5=+E3_tvgo{eMY%lV7f&iKqIwGS+!&2B4)gS2)pXay4=yhH(eGv zQjmTBT-@{0ImPCSP0ICb3$0Di*V_KiE`oEHZ`KA&DvUNtgB24KpE#yC@FkZ+O=Jnw z><`0xl~K?f+kLcM^qjOTfNW5lxOJ`SCsK z`&_n^#EgdD(M`sas7}B{diClvEF`Z`7h=$6hli>_EQbxQrelf~Xs`6LQ4V7>m!BOg&@mit z2WuA(QL$tVst0J}+Tx@fP-h*t_D4KE>-=JIR3GW{)$ILyp0}dYb>o23{8)eA{vU_h z0%J??&4HiRQaIAfAkCAkvb-^tSB`6RQq%}DPflUe@RBItOM_3UmFH|L^ zNXLXi9S_1M28xmh5SY_c(v82BoWo+^-S8=LxA-A=g>S8 zZ(EXuk4E2RXijuYI)9@ajv9Zrf2jPUm!nStV{n@O;A^mk$>_xqAW{~A zp#b>v3=kT3(hxst%?N*fbZyWzft=IYd{xF3?}##wQ6t9Qb91%`4kANq`;h0tbq*NT zC|UI@e5<*Fp$IEIn=2YcsAEY~Eo0Pglm>w&bOS>G_(*Z>-w{I<#I{`xE5;N#3_mTL z;kv8;OoFCQR5hN5-$^sIA1d84bDVVLJ{Ie~^?#k}NS9)!V;6Yt0Ux{8IXW7MvAKe& zrdnWs+MLPOiRKHUts8!Pce9p?61vuiG@ks`K-~L$kf|%w?(njUuPXhDT~TocIBT8p zT?DkJ0WUUG(nvfSZAc^5L@;qOHODt#AlRYOANx>~AGKtiN9i>dfDQ7&Qd?Qo;7FB4 z0qSaW>S~k+D5P@^Qq=!cDDI_Q^V{JPTgdzB8}2pnu7`Rj`dzy)$4ZP;-L~yd!k`en zv_ze3!!Klh;HkZ>8U0A}a|V1!Ot+Ht{`gj*`s>J#n@XgE_B{iHM)#c~+J%ct=4m92 za4SAYxl0z~G){@4Qa(hp9GW~gx7`D}ShlOO<`OQd+p4oKWn$8n#~O(f?qG)RpoGCR z$r`CMts(J``PUTX3Eu>KIQ)eA^4DCH=W1INAZKH9SWg8u35gjF0Ia*<|b5UaqZhqC-uNnV~9brkdmY3UUNvxSK zY?s$NLzX*#G(5u*E4n4%g6*84+xH|vzK%XZ3sM*tX6Tl;QJ5B=u6vimJ6=nv3!7pQ=EX}V73y=n{Asbv*@i>do~saoRwFHPPqs?#3*=mjaCJE#l+ zKqV|j$?4$q6lv&IMRdbQ>^A3JQgT#jml6VdCB;^_Nki5$hKa4DJ)2ZtVY(%31+BOw zs=D3?Fi=r7w^Nog7&Wjw*tbfk(_SIzc_LV&$x@3r%WFEh*lw)$Ti0uS`JjrM%)u@} z{og1%Gv-XSnT!ySjYCIBg0MTT?XFS-G8u36IfIkn@aL9f?%aGS<%)TVWPHw}_9}84 zqLJudSP3gtQlG3KW;uF1qR_GMX%!P3Q_SIPi%$EYd7{ys0%JUS#dMiu`iK?)5If(M zb~`cgGJB@%c8D2IB(%Z}ogaNRvaZ-3D{F+0v)q)|L5aC&Pp#M{b2v%WTq8RB=pYtg zQ&C#d%+7t>cL&d9NzcmYeuD)~+{9q}6jdz~NhyIQEP`i4iyBP%SFg>-(D?z1PiqM+nUc>+5>O@mMqRUoKwl88--6q@X* zXedaU{PB}n-JgPS@B=7PMaaVHxak}3sbJ%0^U38;=_X~tBAiA^@ZH9ckMSjl-BlbA zF1!&n!O?jrbVkkCw%zC9Z8 zym)X{yRgAmX4gw=WBH4PGGPAWG5gHg87SE$HV!s`kU@pX5h$wJ7c}>Xkw`}xbp)f5 z;PC@W)>f}{=0(@jt9L)IE9MudkAa_zsXG<@lWD8qSK3g3<{=QiQZfy=z;)^54kKq` z0zD;#clR9s~HGLaw~GwF@v>${3^8 zH*q+SP7X^`s~0H2s+1a5rjUiV5C2%k32)uO;PVY5S9$R|xu=j7q&WNo`sqHpO*~_) zw(RN?twGGOL4c)hH^NK`y+Aqqf{^Xm+?%a3URQ>v3)#ZU_H)Df&Qg7ClmILM2uE$C ziG-_#b+e05Q7ffgM!`u~_D8vJu7eBMnsW@?&?;n}_A*S1e>o0eFIcaVslixOHZW<_ zLnTw;C2ILf0*1h;U;W6jK zpVQnDjld{=1?So%R7$ekuQde|iF7)snj#&=wDv4Q900lpWUJH{eQrsYQ8ZR}MKy)b zUGcLY!>{rz{2lEzrIYXhq63~n77ci($6qM2H&V9-5dByuPj%%t-Z{V7sTeEb$d|)- z1P6gnBp+&KZZk1Ff+k8k8<4v1Gb+@jl)G)8C<*aSSrBsX)KNO``xf=aDDeoM5(SHY zU{z8cZ75NalPf4lLsg{b6##%sqAF!NR*%a+tM+7k`MQax3=Z>dU)CykAHp~BxrZt} z#aQU)QrZQJf8G0Nhp;0=?T>=w2S;1kA%o=mdF$SJ9%gmN{7$pK)V=s^7k={x?&BA- zlQ!uMWpCfSU@Y-7W`C~BW%Bmk2lSAb)Oy%fEoEQ|VJDk#HR2k;2aY{dqK7F6$$|}u z>2Q5|%M&v`XA)_3wvr65>@a)q590J?Umo{mess8PuUHR|!Y6t&W0)#2tQxIkil_6n zk`R6PJYsprMfPhvixLYb;XS*vy|jyvy9#(Yi5Wmd6knv5!X&ymjHIO+BZ8k~j-xq%sDvnTl-oT$;#IL3IEYUH5z(nVq&79G=2CA$o&hGG4F9H zMn^Cy9V40t1Od=I_Y9G-_ww6N{K32Nw3s49IWu(W?EYiIE&SsPWgeUss9#dak2>S4 zvS^z{A85n-2sYz7F`{0o`@&_huBNv5yRKn&YpU7yf4Q+lroTY>^q2N=5@9dZ!@>u_ zE_LySWhVI+R@Reb<&((0M{9q$+)zYiy~r5by=XXzwO6}EqvNW+iL1qCeZFIh z1KXGh!DV+IQD>z3FYLW_R2g6DJ`#@k)(al})s?uH8D4jXf|{lki$f9KmjRvP~<%BfB*z3FJ z(CQ~mC{QWOH;Yd>G^HS=ao*0CgMb0V0?lKua2)S#_USaZemmYI_22eE~5^Kvw@Xm)CN1BD?h^A^i*Z5nEg!UTnq-iV4(fXlEH>T42HvA!>_}XJZi8eT#^@&<+ z$S&-T^nPpKINqx`SVcqQGt*B<-}bWyt#XyZ_dQRRKbP$UuC8VLRc;z=MfI(F)3n~0 zfBy9w5T9~6DZKy#>MW>ALTe*acwXBR$;vRNMh`CRckpw!yy6j{IHyjQH(Er%e;pVC z6a6~PF%6D1n@=`{s+piyYEtF_nJ5jGNc=4KVS8)(pSqh{=aot-oCF&YA<($p6enDA z$C|~$))`oP3sNCEQU#dt3xITtQDl!rkZqxh+)@mvI|xxYVj7Jt0}D80nji&@`T)rg1Cqu<6J=PnWhu<}b8Ba7 zb}U?8`p@(k<+cAwne2P=2md=Et_rlowb>@?oo6XQb-s*k`LL(8Yo?!YvFqc?1z*M@+RBx|fbbL$0wR5gn6*4BPIdScjw{e7w{FvDk3DQ2Cm8GJXsy!J}@M zt~0TsW$O136-zI)Q&WuPj5LKc8!+=vr|7ZQMW5(5Ty{QWf`;DC#bI3xYi^*2XPE*_ z`!3*QmcA9kS@nE^aZ7NiJ|~8wuwP*^JV*a#5Kg7~5uT?khUkQf}JR*&4N1U%zOeiM|Fp6!fJtR=1CF9OnpV{d#J5R#&Db(UZ%KKztuT0J~mFj}| zNe&x4Qq6XIIJ=ttI!E`i%}T6c3a-N-PN_tjhgH+LRhrHPD70W~X$C+@*>GpMQZWzu%@SN?Q!6va3z^U}j+ zOOI$Ut#I+Grv0i!9UqCsoSZd6aO7QD-mNHkj&vM|9pv>*Cwna^H zb5j#uY4&;s{)FXabTFHyf0Q%w3Q>LB?UwInL^v6f9Ztr?eGiu?p~3hk`O?}`C&%!y zbo=MvA=NQ&EQ`5l=khS!AzJ!*4d<84rp_6a=l&GwPozzCa}U#PCpAdlM;gYQzvc)( za!wwX_kfJHj^C%a8|y>ph+2LF)-8M0e*+v{)3F3op7p)njzT$o*C#kbfc3r4@8z#h zH1FjnR;RPApEVM>AZ>t>U{RP&TR75yIA%6yR}V)&VXaB;-fh8_@y}Zp{v#yR_Ued{ zg&_=YGdD(gyU3kFj$epV&d8;*Qs$CYj4h*RvMnb~i>}@W?){rv9-*xd4RKbeC_F8_ zbP^$3xy5x&z)l+t+>m}k_6Ye5MlgueYX=X-*Hrw-K~{BKrhR@Wf0&g+Hd;s$NAb(B z=tPyiwQY;O!{VLPrySY43){_8n3k9{X(`)-w-?sd~5E{B3{X1X8o+G+UY^5o~pD>oLuuegD6Q`r=Yqw17Jq~35)iNGY9yEA#T ztBm4E86ICW9v*K@Ls)rTSZ<(a1MyiQ#Y0EMk#U%6$1slB3O|o{!f8_pQ)d@W^4Q9l z-iRcbv@0GHA1yn#?Wm&fQ6h(q#F4$eYJqf5Dqfc38#YOBbB3%g=&TQVMqRBfl+vR>(mTkZ7i&5fy04^dkdl^z z-U!|PQcFmW8PWb$rr%fltMm&U6DAk$uShS90|3rpRK{LQwJ_ow8YpLmKuYccleDE> zk({pX;kh>hh+LmyxB}gT3f(7YY*%1eMj#AGTtl!>N@%Q==0hiUhld zC>oMoBx9)!ZwxV5)3*p(@^k1dk=PZZ$dzeK>*Ro{*%M=cQ8aD6Tb3CW{h0Ntnw_GF zror=R*b@F5o*$kB6FCZu(YC(tWEJA46+h`-RpyWD(mH6+ld0FVA3DnJX6gut7Duxu zRcA}sQ{k~y*iIy=M(oRb%19w*yK|%WGM4DsL_i!qG^$fC(b$v5XVn~#2bqyi@DBU|Irm=iGzmXpJp9qKs#9<#A{SB^FcfDhwKc6pkt4qnJ=3=%+6!rS@&_K!sM`7Yq74Y?XS6ro49xn%sL5?M5H?yAtp9E4;p@X;L5|@MN3K}OY>@Hdeakm7~ za4<-I=iv4DZ!>e1%&6xBk0x+je&zKI%DsXc@$fl>3Wmn2a98_Sv7$1L{=O=MxQgcS z&U$z27MJuc_^j)2Wcy9IF)R+G<*o@&)*4>zTu?4>&JEL73Du(i2Nn5!TjTjKRRNrx zSK-R@A3i;F5&z1;rSb=T(8&8<6px3nyJE41#9J&6hVT5|ceDFPl7f!^^tN9V7eNcm zaBO+-&0c$0iK+Yzs6d0~_~@P=ak6HGauL}~Su`O^J2AptkfZbwV$R;akcu3kpbA}j z^^rklHr#V&MG*S=U9D1FM>?DT#_2b#VrTl(O^qRf=lT+-I{|}Zmovue*B|oW{x-sC zgN4oLU%%-r$P|tZ8JzJ2h|4_RPA0MoVO?jFsB&5LxVl+}lj3=YieLNy21$=#XU4oF zkAGF=4_nN$5^v2>bH8Bnku)vG*%#Wt4hP(hvB{F1S> z^h1mcAKnTvFVn{>U}9q^y?qxmL!!X;<@PL_*HhM*?tbaf)IKKp2p2n=#3HgqE2V9^ zB-{R*7BdBbK|c?-5j~x;4iO92Lz zr<}it5l3G(E;)^!3n5NQw-0N}8fh0*%Br2w)wyj!K8+} z3%Hnza4yhmvCbOb7{axy%gbct@Ebr#0=xLq#<4S_O*nUGAH{AlcE;xtTj;5UiO~-< znV@DUBt%I($$Y6fS|s;O32Qq-Y+v_S=BGg(|#4g zdt{dRLY#}gEmLwHvGisZZ*?u6vi^o(y!I!RNcK)Ss8>3Cd(t&Fdpj%L>^C65YF)h~ z{F_M(D76jdjHq9M1Hvn;WsRn!n@`sq=km*xZ?!vqb56Z|%Y2iyrxMRQM(Lj`tKh2@ zBovU7J2OYx)s;j$r*oYB;PQ65Go60ql$7-1S=^&8qBxQgN|Mrm363IuDi49X3JJPw zvO9kPY4di5x~`FBoE5tp1rd=irK)4>jt`PruV&Ia3{y|fxN&UX+z$Gfo@#sU7R0nD z0}A--k_^`>`LsUk22`0bX*O2az5O+^ctr~tkXq$3+=zCg8OCd2WA0y!6e_#!zZT|G zCL!sfl=_}!bRCFC-k;HoMwz5rcESTHgzw-q1N1oVMEJQAPY7LyR>myhV~TJVg|tU zudIu>nz34Y!B&Pv3P!bZ*_Bp}^p!FNU$Bk2lO&zC?X^NF5R;`;qk=TO$}XbLCt`e3 zWo|JE-t`5U{iCl z;n?RLO(J|0A9Uec)Jd!CQrnk#3bN)R@7S9}a~auVh}(_E7iGB#fTe8Wny4oPW7^)ne@f~qB1>MW~B9=y~kyj(CN zw>4Wh`+F0|b* z(~P>5Y!Q4X`^v>MqzSxK?t!lgDp<)y+32YHsEv;F-6puZ*5}h$#BIm4aajrNpMAqfZcPf+yG*;&l zRg+{q!4DJV1ohFqFu8EOId^`SbXh~1~h6o>5xbU7$%igEaxfwIJMl$ z&QW*l9#-OQa%w+LjlxXVdpF98?uZH53ng;^hL?AinS$AH#W<;xSv1l`&AlCJl_$V> zBqwx&I@JUCsV^MCCO&y>$Itx`!Z;K<+QA5hnsGe0UmVx@4insDUmLPWU&WPsagm{D z%sA+wZ%-!WGoNJc^#|y_40N$|&>O+m%Uz&4!x;;>iTEHC%Z9kpVD z2tJ9)q1l;f25jBh8IR`OjR$deQZ=TJT*jzBK^iZxn?K!tUAi59S^O;zLo7Ukp=Kb<2R?0*v!;Mdi_kCa zN5h+6xyD%bZ-pqpJWspxflFvO-8 zttWWp^dY_N60Txo*HKzjn(fG5D5P3SuoFWZj;{I)*iY!%4nRks4|^*K)o2RuG0)7) z&-3%LoTr8VT?dcV*QbmhqrL=fAFZ(_d)r;Efp`fn>`9+V&p+*fEX|u;eCxf+#(ySu!&7(l>Ad9NoN=HeK~?R z?fowia7xF4fkSf%pK1vM3yBs6G>m8UB|XPO5oEx`K+0-cBUHn=&TL{#L8;U?tKw>k z)^sG>rGuk7m2+}|ai2cr9gC`^aZs6HOT}QVBaMxMx>AJR2Y7`il!bQl)8OjG5?-4e~+im=p z1CE&NC(k2)16XgyqQ1r(2hXJy{Cb0b1P)+@IMO|yU&;*!Yl7e6X7P$6JyH~d_}1;8p3M1snWOx zEJzObdTj=GfA*i_1^e13>q@FNw+qxtKTKcFfuRuwvqgHjJG0dsA3Llv-XCh&0+)9w zIVX05Y1t$l26A*UI+IL(-CBOc&Ql zs(sSQ#tnQlelvPx=Z^MS7Mg@l3IMk-WUkT_yLJ?BQlM9WdxY%mooW_4uc{(U zN0xaAX&53bc`@@{9eR^KU}i`jsaIO&gz9iIF}$N;Pp;84^R=|Jx0M+ZEOSoJ==gF} z3a`ZRcmta&Z7)~R`ZrZg22!n=Fi~MEW^D5`3-m$mRE}ebwHJu#Xv16*T}|Uq?Bvp$jY2yxjZwc0i#Ec97C!mxU+wSw_?-FMWmb2&NrtlYuLiq&&>dU zHix%E5#liX?0#I{A_X3>7OLXKbX%FJWr`G7ow z_*e%FYWj`@krhdj@YH`v9L7qS890`)mE|j;qWF5}tQ?S3_EIlbFBF0ZM^7q^0Wi-1 zXl;Vq8?H{(+xoHUu>uHwOGPm9w*VuM003|Rpiv!B?OlmSf5L0*n^^|%kd2hwX z^b!gMAD6 zonKMuN3s62-vAt{?H0+v=a1(q`MKf+t}>4L$yOho9=!rfkX>I^NDvZ8!KZ;aSM4CLB|SGw+K%OVxuoNh*P+ z(3*1!4wU;A;k8cFr$EacaZ1VwDp-(UAXOj)1P(!p`k?5u6jTQ^kE;_+mP&s;K%+F-n$ANL5x|o~@`0MR7j^t!nYfzP)ZVBvWq+b0bVdQdsJp#;Tth z%|9t?2UX_8-y7ZF)%|SszVW8zi9OqTynVWRsGI#8Cww_4#7_VVnBWjstHvuDbW<(S z^rU}Vn9rN4^Nz!pnz{>ZVAxiR)Rex}oNtqx}- zz7eFgkr`l88lixuL<^8;*~o)sK0$cK8!BIrV9*m2)|!UaOWAK;gDm8@!J$n=dS1f{ zt{qd2=(K$G$%iXWN?mM}I5Wxm!kQfP?F?2iqsFy`4x!@7{!xM*XEvj*qyUG8qLVlq zYw?lH4qguO1=G+tsxKyfX^pqNXq=N(v-B@T=NBGR_?#(gMbA{w~?kPC& z+}apnk?$LG>+!y!LF~@y86016Wo6rD$oqgBjmb44l%1BcknWd9`u04jdr?vSut;ove9C z{E`nlt{s>xmCVTpFMOskR3y%E8)9prtK;a#Vfz+25}qpTThjpSS9AJG5*>RS(Ik60 z*uTqJVjz``*1s-gCDCf(Vz3FGoO*GdM5_frGth2r%XW{2n9?+{#{e=|`(}`40D#vf zq#pnPmkHzvHftn)^kTNIb#1l=Qd6|XGa3Ux&pTI)n~k2(`4y<{!aRm`-0Hz+*JUz| zc1uX5q>hdwSn9mBrJ^HZ9fH@j3QmqnX~cD|f`oH{4Y|`bChYX)^v2So6u{{8g4-Hk zLvR#E51@>2Px}R2;~;t{|MkQZPTz6lgI0xggZKHfa+QSPqCR1+1;u|MrC|8x$mAwy zF^DehZY*~4IS zzrYqp>PaVh?y(FKAL=KFu0F1v*0l|p^EN3{DBG4$rMqUKCYg*0rj{j}P0??MyO62D z;uq-H;P73535f$WngCi2T=lg&eQb?Y!OVKAV#P0}B6S|GGR605Vtg`fyk;q1T?XGl zbX79X6h_E^5byy(obZ{72py|vm;irV5l*$O@+-RR&f{|s(muUm;L0tXR_$KvLZ9!d z?B!U}8}j9Iw>3NC?nk=2-vIB2ON$rAzX9`pt5QutMCU!RPr*a4PnD;B>i6Do!Yl6t zKUy5Hb=bA<+5JCi81Mb%S=xH+7Qe7n>MhqdyBDv2pS}h;@926l_v%*k;MeXbW!rt< zRFBACM{iB<26F>Y0#Q3h}*8A1n z=-q~vcZ#9fT$~v!?U7gf1}L5-2E%PXceI}VZTNSx*S-IKh2MbEt22E^h5J0~Ln`-Q zB0Lr^WUree|Lid@=X+b=iSdso;DMdnN4vfi`%R3Z-vAD{L8rSu)Twm!zN!1T=P8l& z-)Hb>fBn8Ba4m4+#^OI_5ai9?3cH`46G&GK`L@}be6khZbq>$5y}wWqQU7zP{<%2z z@U?*t@2|yyTjN#*w!(+mavIds93MEbdY_lYgId=SxOsE!CBl4FmFW>&$^=&)JjXo# zbapQu7oO3 zq!k=h8$PDXFAtF9R4QVZ8{xQyI*{kSPY|Gli9Oehz|7P}??)WK8YFkF>55+6fSmTU zL(@`PUcnX_EJ_Jqv90dzGQ3l%Xq?N%fTm?YVv@jMEf`ZiK!Bt=1tu>qSjIp$RwMtR z7^-)!^ku^hTEP3(nV9^>texq9&|3JI``LbbWZpnq;Q!_f`@iYZ{!5%IoiY}=e&AdE z0q3rO#C%8RC*J`Yy?R+()1`f^VYPLgmGJKYg}rRX1T9z+vfbVuIDC!R76KjU z=r)88YY3s2HS@IWgtSs)dZcZ@gqR0A>HWGgEJndSXTJLh+wFC(MlFi7h(R;NiW&G9 zU&5nX4~YGTRzoaW=|@#N5WY7yMO?;)h)_v>Gqr0H&Y%UsDNB*+zbv^rDW)(C7$x}b z8JSY~>?_n+Mz|_%Ex2+EK3u4w3s5XCZ+7~=HgV?U%mb7e`yK9HgmicJdLVY+>opOx z=ZX6i6J7D-)#%2iPZzvai}fSb@Y&`6)^o0ZmD7#lepIb;>Y)j1RZ8Zep66xuT4sAq9j8AtZl1JOblc-R=k%R)gwGSOjEw2G+VB6ITT2zU+sXoJ z47alsFhR;GcJsOq)b+vI!jV&&^%RX#!v|nUR#2yXL57cr@BE~AZ0=Nbw3%uJEiB|*b>O}1Ngkv-6Z;G#Wh&>jZ zl*iQ^^2>nqNhAAFG|@>Bvx2rNSk_EDVwCpU{VR5{&%H=*kxx_|dwRcBemF{j`EK*1 zfzuT$c(&E>(Hz;MI|}O6`4m1+d|f0TQ^v~`D!R4!9<~f=J^J=u$riEPUIp?#+hC<| zR%3k4Ee@Xn4(BPsfx>_;!jW$8aJxTv;3{cvS2vXtKRCy^@}1FS@CcL6>xaDu3Q2Fw zq-VdRii^jKXik=MJN3_?Hq^o07&HI*>k!!p6Eb!-GswWdJPbDw^2Hy{j z>WHu&$pHb*bR{!S-WXH-(@IY^4i7~jbh5mY4B~3Q`{Mufc1-)@rdR)ec6Ueq@mOgH zGK@c#6C5Tp;h}gFZuZ>l{f@6f)4h?ocYuq0C?UTkw33}p_j@xk>l+ZeIdwgjE`NQb z{drrU-FV<14Bf^y&P8$L8+OVG8h#)49Fmq=qzwp6DX6qnE=fc(7S9(Qbum6kPQEZ&uKKQFXNXzqYJCBF0qn521}Vg|6=v9<^f@jDNwOV=PRDllX76F_R!0_j!k;t zl3yLhaD3%hMq|HqPWDS|X4<+*?lrYkPF}*AuNC{GdqBv)#}sdIKr+7ki|>(2HItmX zeU%&{cffgqbvTPPObc_Iz#!Va=~-ar^L`obpK#yX>H=rYuXlLjZ|7>xRPNt34>&Bc zuxr{A5qk2MmFAQScCo5^+UH3fDb6h&d+KFe5lf@$;Pi__e{9b;GtFcV}c%&tm z*KKb>CB{`-vI5R6?r=L|8WOB3)O6k+w>EU35_wFiyx;m@aNMnDCJQmHv{^rQXXNwB zPb5mEH2kBZ!+%_&8%~QB;4qZ_Sw`r=0+)Ws$>1moP><;(RAwvnT>AK6%Un+Wc)d}uQ;ah8VWx|aYwU?+(VW|xYn*J9(lC{W2bdD*V8~|9BQrv zW@WbmNUst7IS}(sKd7E}6INTVqjlsjK1@wysEGoH3^A%b8pX0)N(-;L`*$j;Ytm?c zK@8uRq{^0#ngZ8k(;_LmM{&qN$=`PLCMZw|21x@KMJ7IX>3!`zJu1?@dd)-*({wN< zB9n2{v1D76gxI>(%$6CHzvAS%CN0hKUG-zkcC_>Cf)={X$*X3rhBg)%nWd&}+cvqo zy=eXF0PZvfQ)m=P5|!d@LyAfc=(3SE*-Q}YWf6>*>!opxmhQXKd+Icg(fai!1|vRY zbLUIU`xN1=S0pv6`|=6~NxLQ$QCvLSHmR~}Eqo70Se7wYpnj&Di9mF@-81BWwiupa zkJdln@3gvuT<5&kGGuSG^;6T_G|I~3Q}kuYm{F~}G)08Nk4$RCi_9jkH?Oi9B1qXG zOVeQYm)lhtQ4(@y6Fdi%{M)$x$C#&e_Bsyz`A*=*qcY}3=q^WQ*5Fb_6CrsX#k^(v`&xQew4tof@JUXccp+Wh!{I+$a;^#jk>S-$>#JXo5bUVj+R1%}duV3hnP zSH=s{_vQDJ@V}q7yCDexi6#^}S@(!-Z(MD7HR&2Gl1 zrA7q%^zyF%R4Qox6Kb8K!*h2nx3DrVB$tz*}M)V|WM>gg4JMn0IgYOCVVvU=`Z^GkMst z3fpLwOUWiLa$lf;xG5}Szs8NEG(l&sU!$-zoP9okgahDz5{c4kySHz06la`RH9_88 z8UF@wNFA=|p6#{Y?AQDaAew%f-jyxB;zsu}^qAF<7PH z=SJ5}_Al3Df0#&5)vfKz&%4J7vu7mxKm#!Ywe!OpG4i&cdFA%vt@)E60jI~(EaFb} zuGK!TqIuGma^hgwDC5{OT*cc-g> zFc2*a6wcgG$UH-V@XYHmv6lJv>YgfotM^p@D)(oO<#o1mGYg+d$=B#DePb%+2q$J_WAewM(Y708*RFWU=oTjecPkK*a0~zN zG(OwB?SV@^_@6CfEfe_P1tt!kZZ*&UJ=8iTCYF}x?}^_C@$0cLYkc%vL~Q0+U5qy= zudp!Z9PjQL;F~SZ0diVDo z^BkgldT)Nw<$d}}>hF7(?7I49fMO-MpZL)Qo*i0byWx2J;)#Coc|rR?mMkKCw0NCb zY~mysj=etnH|%wG<~

    ^CKL4y^Y1Ttq8|n%j&|OGZL5}?GL!bH6geHObL7Z(FA(n zQcKIVx!2q@Hg)i#9*}xwPkb;X=M#ml0Op4S>-Bh8g(_{GS~u=*z|QdKX~g!|3b3|? z>@~b%E=l-L81?i~1Ao`O($GcpoY;~zk;ZVKXI-4!94`Bop7BR+YtM)8+?y{3ejqhP zKd&Miuy|3`#NpgHVr|7|uU**~(8Q@Mhh4HgXqtyW&K zycNI?;!F;Ur*DT807NnFi=cG#rwTb!fuh8k&<9Q`n)9i`nc1Kto{;+*31Q=9qQ^%H?a@8Hy$ z^z&bQf3=rmU0EM!k`KHfWtI)x99=9rKA~G#ke2l=JmL=KXNbslQG8h{J zv~H6`r00tcqvi|UwXw8>Izz}%$`>s*$?atpkHFf~FFKwu>y!K;#SjloKsw92k%<90*AqnOx28k+ei{xTd6Bd%2tbC2mz z0e>3(wi^BOZ)Uf@Rn7Zf%YN}Dm)%tj^$SPlsWUKB73}6YYd5U6 z=ivQGE9cgMN>eD5;6XCDr@&9A^ePM(MaANpeci@npdgYG9l#e&Yl^KJ!~CVBnK69w zT>@BP&K<(EL!Zev@JhdcCW*0HGo9B)dQ&&cQyn+e%kUKwPdKl}l18>aZMMZh8Prul z(@^G3hi;@37f)@PJH9#zr_4CSKp;F_X1Q?ad1Yh!nnPd{kb@A$P1~jC@wn+s8Ss~& zM4Iwa-d}@a+AkKv)6zK!wI-oX)p$+2wUAu^;=73s$1~YXRYE*F z7Xm+IP9$Wtu_@*u1|k|4(<#mO^ENj|FqX+RFRO$#XI_pU_J(9iSl!VPWP#WU88A{` zB~u-F^|{Nl%@m>uJ7n6Bq2ASn(EBhL7(}XxhoJ$Htgiu~{v|ZfT*Nz!hn?+l?~1Yv zkCK}$eXk9NHoqJA4h+|)cuZWg_veqaipOG}Z+q2hH=-u5pEE~*hes=$58l*8SI5KD zK}rI7)nl>|)r*t=Wyqyr_hKvZ?&H(F=J5&EP5Lfp{AP(57)P7uuBw8d(lfpBO#Kl0 z3%SE6Qz|wkB|S|)O6iRSgPm#VcnY>l8Xm$l@334Om?kQ!_C$olE;Tw(Icy+j^)zjpm?^`SWR&a|Itdl}@czXhf|+U=%e9 zg-eVwC=^`=U`4{JLxXkhH}aN+28dK44FGhfD1AWqM8A*7|1N>1gngMPea#WWb%dw@ zN`r>1ptk_0#looJZ#Vz~{ad zC=$=#Cqe}AUVFch`hT-8ljIt-t z97M`aK(p`YuGK35_0YP+`=t1G*IeU!d)P=dL;hhXKB`zWqca_S^@kL9QvhKoxUL_- z-p(KVp{Bg~;wdqlh4&=RUcp8J8&#`?QPWmZhxr9ihPN>W!0-H`HFyY5G7UGgMKu?D zWtaCeeJkC|LHE+1{vsXmr!kQXTKgL>yA<#&Y%DOBSrqz>=t4< zDu5J+*>xi&0*pe6-ZW)NFOzaE{Gu3k$~6^p_RiVt=oM`VX`KCZKARD@HnO?97ZH0# zaSk9JC4zNXCRIq2vr)c`r)8mB5!Ae1#rd+IB0rgd8@1(zF-IT)aZZX=k<@c#DVTpf zfB2CrgJHeb2oA*!h6|7z^FLI7urQ3i;`$MfT$rH|Ed-98ozmN>pv%E`RjbaP)9?O9 z((-ZThHBx)CS65v9;|=>Wj{(@R=%s3NgGPEXIM$O)q9H~LS$D@?3A4B$**^-7%-op zI-SZdY=`nPA>D#o7VQ{OS>i=3xfSXV`3YxI_R=AGVPKG*hpMY2)}vzB zTsk>B5Y?i>Y&T@eAvy3MOATNoPx5vkpW172Mju|i^hB|O5I|uSp60$o%*{e!tS@*l zr(nv=u#)zI@pMX>CVrrC+jU*=?PecK0uS?l5iR&H$iH6a`xee!-+D={yW&SS4t=qv8u<4zX3rnodZl)MWYKAxosg&SE3;0yI!r=jYj>y z0XH|PPZm{hlOI)Cg@3b+219WEa#{O-H9QQchQj*3b|cemNjRm-H?^yLvKnX77T3f{ zwqdsA?W8kl(&)=2)G%=*S6P|Zh4we1oh&%&nbl!HCzxJXR9wsGJmV2_o<Qm@7dSk0D#7y-0O~{L4aOV4>awar z2Mo{hbY+xDJOo97iKjwIn^9`ZWf?U!3a~HbFPx4Uz&?-jX5&Q zYzizHd~4spjfLVSj=j+NX=z?I&rpuw$yVaZWq!1HmP{q zz6#4Lm>5jnc>1Y87jjo-a6?;GjoukjK6Nl#nUtAEp~QWZ>Nt)p;O(6zV*xA@Usy1y zI7V~?*R{0JS{+9K@6+@J>myd!Lk5 z+MDIuOoLsk2eDzmZvFOrdg2xTM@TkgE-l?i0zx1;0|LLL1u`;hq`B~Y2W#nBe!*+5 z%M2`ey|IV%wrF(@tTYZ1!1(0m-PfEqTNPr%%fA7J8gWY#{sNYw>fCqB#Ws4iJuvlnihh@Msx}pDkpubXIjjw` zg{q9t{puKB*Nh%zmc;652n?%M%a$)9^A-dmL-BZJ0ok5hNWR9SH3E>}U!aqO9et~^jA7v7CtDgH`t}h*Q z=@Bztobueyvm2owX;v}nfBym-Oo-jA zE|TzTHvI07?#qnHaRUfC?z4~%rZuyH%6jAypL^)~>?l2im^FlF70*NtWQmV=%s4|c z#N4TKe~sq_ILLg59GqF;zZcT7feG0-qMBVLJeK>;>=vpX%kZ|J=aCrK#YgpG7(7mf zx*xE3UNjJYRCwQ!q#UrPTLj%JYHoBv?o;?7 zyw&(m9lxS$2LIsNAkb8xqkNnmd^5YI|5ABu88(2iMhCIaEHO1^JxAb_ZR$v$cFkys z1uodAV7itX-M7|b>bl8_Y%aHil5gIu*A<+xwXP)~vG<3uo3;*}vB4O0aL@rY+NSc| zMn%Zmuf7o{aUxzKA8-->7&}1tlpxQ9N0X_eLN80$F+hZ`fE(_&*7{Y#)Ies1U3$!lXO#n#Q9ieTi`Coz72KQtBa|Mc@J&^>Jrskt84! zPsEzqE`9Ila@vz8#ooC=WMpd(6Holbw$Bx{JE;bDg7G_RLj*@oHqheURTQFk5mEK65yUe{clR#})r=3x- zOq#Dko!0pcC#kEOQHO{f(e7|QTnC@;x-y!10GkiF6nWTn8Qn7G=DxV@Oa-Zidt11a zi{4A(rt0O&`k0!f(%4c(2aDb!g(}!t)n$gn^Z`wSOdQHsKNr^|gMEq3E^XLEVOxsB zTQrdR<@WPEH#=C9FMRMo1H=%UH6MkNW{$L}^2^1x?;eqFF{mQ~&Df%mtpjuNOOsh$ z%tf}t4x%=rnT3N<0k#XugF_wwF}ebc1GW*;3bG36q;_P!j|;OVqK!k4Blhz?_4G3; zIXiIleN-3~KO~Ta8)-Fn$ zE0stV8J%A@Vkv{ZY%wbJHBhH|=Be7nRL`xH152~i6BkIBE%zpQ6vJhm-lth!H?Xyl z1xLG`Rw(ipL;`?Qz6F8Rv6W7jP6~ECAT;e2GO0EojRK&I65lPV+c?PQ^1o;7vcw?V zfBy~85!yRL956%=z{-1S_U)|W zkvs9d|6;8&s#3{&4+oCBEK3?cvktDIbSj~X_%AlX8qew@SG?AYN3v@ArZOw*?*5Z( z_P_kf{`ZI@zOC85O$5}hSB-A%#*0|q2|uF z>&P21$fw5|_iG{)#+NRa1PTV3lsP$0i`K}e3du!BN4UZ~hG6J0o~jYKxG9~{XBzB} zdT}V}4CrU35+qLStNTEm@ANpbqtx-U`TU_X6p}Ml-)mSTYZ(~#5V6LIah!yr1m5LZ z$IOiSME`Hpy=7FJUAQe8B$Oa6!M#Y3V8xvlhu{PcQk>#etdy2QaEIVhT#9?J;=yTg zcPUV$r3GsAyXo2I-raBCvCp{U{J7)ZpD;4sto5#EX07!+&zy6M(&kvyTQs5epHfa0E7?>qi$nVXx}8+XroT+gl6+Ir4H)*k!xx^&N%OGV)M#&~;F z*+X^_$&qQ3JGlGeaiRKF9Fiv}9eqV1)l&ynPIqFrH~QbDoCzF~+t>Is8%2M8>2;i_ zQd!BaNHuIT5TLh(t3<*JAkMaQx?kJAOEEjTJ~W|We9WO^{oN)-WYXRI&0^jwkP3q* zlriBEGqmi#LOOr9%}mHuMwmc&swKN za`6PQ>*?K6i?MXM;zf1gd*bSu$Ig5L&4wL~vt75wcej^m?tZVy^5ho8@uG!`*e6d1 zM_{hshkCvX9KIe(Gvq5H(dO}up>(7yZrXhvq|6()RmBB@kI5^qPkhvX!|^;a)cHAD z*!UPKq73NM+YvfTHqZqFf#N{TcD~J(qB`}>Z}z4Njn`D`?>NX(UyU#Ah6?s&u?di^ zi_MWczve8`Bt%w>3Gwbu24uf?Fuep1TXcRwtSYBZYjBs$wdS2KvJ}EkE8A{FpTx1uS0|8I->B}Gi$ zRTW25Pd*c^+f%M2b+I56gX5pGvGf(ox!97j9Ds-nd?xi2)F_=xkq)7KgvL~zIA<$J z7&TC|9DtZ<8XS{%o^dLn0JEyU9V`$qRA&ygnR=kzwf`B#k%h=`2q20$G0AjIf1az6 zzzbd0xa$>E%3+Sr&{62iP{(c^rZA~x(8HHG%H!|QL{=IS=5Pp{(0Fg;tErB`9aH?h z!b^xyhm)%*HSuLG=#aq){Z=}!4Vz;T504#glknf!>Nk4Vz4;{Phq`@>DEjj1#Cs}} zNKiZ@&?DsgQ9rr;Y4li@q=>ZoD?izgV7zDLZE2?*PBC0mijD9Eh(#%zmPR5NmLUdn zVk8DM^l3IKlCL>mpH zo#sC}Nc{&;t7T_Av6^1`3kJVUS^yOu* zTUH|N!p$udaW8G=VQIy{e4sa?u0mt0RX>3o-==z3%I&J$ z{>3sYO8gfItvc~6v+bk)cLmcQ1Gb|1CM(iW6OO$WXhTUZEjTsFg}^+YfaCi)v2?AR z1RwRDTA#M4b)&`8ko-%c-!Kn{O9ZC0n#BEThgL<~5@g})3O8J%gce5=2V7Nq3MVD_R+!Td?Ql8HAtDKb!?ZI z=H>=UR-M^2D=$C2liQs&CB^(|KC6nJMGBpRO4SD2d!9?pXmr*sEiR^)>5OkS$JdH} zhjeDgeHhDCim~RWh&9p)a><6>-Fr!<$1jprZR8jtAGT+b7DtwmsWBK83ku>P1#;{< zzSj4HJfO%76O@R=wVR@eC3ydZnqQm(zN#!8L>V=mYL`CR)US}yh8Amsru14)V&+I( zly_a!jI=?7@L%$H17_Sv$A18`%_>S9x3yPLQ!9IpZ(DSI<<3o*hu$dsh^&pw+OL;{ zuoxzCQaX<*r4HT|rf>F+jQMPJ733hyOm$1NVQ&b?yXI3bo;&s##HI(!66`EUWaNBs@m<}ApA z(o{(J8$dXu=hTOAsDkB<+B*4b_@SYIT)FVx0QWf?pV;dor*6?~nR6J%ZAId?LQN{ytb#`7(>oPW z897hLP^BorRWny=G9f5`5r{{kN`a*^Er=&lI^ufriSDQL^xx5?R9G_Q-x_^JC*#3< zH@ggG*vj9cZF&Cf&P(>nTT3wt_18NZ{{W)zeMS^LjC^tPJ#){pa%*mZN*wf?vi@5r zR?gxL#gWs+%j_3os|mMq`c`wdH3;2|m5VZ?B-87MFZb-bo55IBR%0+&>U=kFG-W`37K-vl*keYRBGG6f{{hVm;ha)|9mtqcZcmco(3P#?<}%Wu%yhHi zy~WJ)s@%(4^lJu`yw)bd*Xiy9njnFZ4d=r+MoZ4y{Q$N}&^gR!lLFaw94hF(^xTzl9VMyC9UI#;gcmmzdp^MLhIvEvax;zkteph$WJt+96jb(6 zo7y8_87Xw`fizszNR%B0Z!r-|;-+cRu)!OM&K@$b%zxkR^E z*R$2dtBc@s#MVUc(m_z>FV>e!_rBGts}jF0fBN$+t$St>`}U-0QFI0ST>%Wa^_VEN zC~A+-gl`sOT89(6NQ=+3v1Zl9>+djJ&o^dIlIAbb=GWBrP1q>m4*iau!?YbY;WD41 zk7}s^9%#70#ty=&ld)?Y7^j1iMV~POpB$K?kZ)(I9MvHmwL5Ix8M0Jw`c{1yg821r zNtE;^A-;$RQ2tQEqYTYMuG*GK<(rl)nNh@MeJ_VK<5H4`hFEgHd4_FTLn~9=XnaR6 zz}~%XxtL{3To|6qCLrbSF^mnK5}Ea2H4j%z_aOI?{#PGw}RkV#2o**fj~7Y!Dt$z75z z)>dW*ywf-->o4j`v938S4Ts&ZC7EA>zv943(0JM6Bw3*jxgvKfrMWQ5yHJL?)RtKR z^cM=LqSn*6czmLJO(FtR@`A|+_d0G|63J9c<2`W4KA&3Gm>x=Gna4^~Z&SkK%{g;g zGzQ7sM}4&NishAWl`bXHr~I|&m*tDwPLvc&vKgo45udHZ(Ar0V=J=c!N&`q-bRR_k z{{TK7nIdZ_`<5vlnLI1OA{jP8veU-v@`T(_gmuWkHCJoUqg~j-$IQjn->Ab1nu*|; zZ}P=H;%NSMyvWcKVO=X`Vn&bw`+z$r@H3M5e9JS|80NsAU)o48CT1UnI&91^hw-1Q?Rao+4Wn2tAyEPZS$VfmMtPOOKza za|y9Ky{1pP;cqJqo|@IofL)ZtVhK$D`NvvV`s>U7ldcutx5ULqznHMRs@;{^95sXb z7Xi~)Qj~uw(?m$s!}eS4S(DnENADmvi&%Ep_l~Qo_4d`Y3kldmGp@IZuI@h!GVU2| zPUL^Gq*2>GV-{&Ab({H-Z~moI?mCgKZa%!jvz2SpBQ?ac<986(+xC9|6=F;FKOxtJ z zHI|b{f*!oC^=LXFVstm`6q|qn$UG{-r&sXFw6O}~V9u#oy~5IlhSFq(37M>iQM6GPmJUQX#oL#t(}Q74KHMc=i_{eFd4lBNXEAnDjeX)bq#2YV&O> z${QV11GN=NkHQ#`b`9+=lTg!zng!uC^B9;JgFeC%j?l24(iHE2fu5(GxHXkUXlM$S z*}5ewj;Fl?Fn%`SfTdKRD;yAT>K1E#0sesUPaYl0uks$}@Y4UU_0ejW{==eR*!TZq zDV6P+*7ju(`q44g8Q1fdZ=_R!lWiRs#|k$Z$*t; zyqiZ!IDfPp->jdA#H)q;l- z(|3mJnHj162%nG@R7{lpIuXv e%JQz>KKzy)2xIIH5O{3S=Tgy~PZ{)hq9DF%Ri)KnQzuro{@|Ue;o|Mf+WCTmM{2!u zyE1zFtyLzD8SnCc^JT< zuS)`V<&&9I(cj)&m0o0ZD3wzFJ#3x2zo%T`Oue8RB+Y%#nJWBxGUTdjEF!pyFOZ!w^G=S&;cYr@E6q z;+!Q5+udN{xQi3yeSp0PbQgGmy~<7&s>C=%Y^{1tLwx5HeVo6a_&xKnS(<}F+0vm) zWt4>|P1r;WigQ17g~h5^`&raomtxYiX8U$B?N8EAFjo0xc?n%Cs$2r~wXta`S$nd^ zCt2(7S;1^j6c4{OrI4vpw1l8BX?24i`{TF2Tk^lqa6b*JF!}F?UHIOeykRe;T(Y!n z&c=iOS%%)+6X%99s?B1o{sH8JBupZ!jorvyeN_MyZ0^co?r-bj%F4&jt0jKAKau83 z$C<_-(IQ~;!J@CgfkPPrp!nZfG?Raa0{j2J1B~eEua}?y*H1&$!oNUu#yoYG&rFp*i23SfO(!fFg{pjJwNqC0{HcOfsq4+wV%l5VgS*Kl zilfVq&4MCgniw99(tB`n8_t6Go^~TxQ@{^%Xti3)4dI47c}$D!+%A)@O*SA!J9)BP zZx6(E>zV!SfBV}}nOn5VxfsQeT*f*Cb<{Z&@v&Kf2=D--q{HgnkQCMYZ@kS=W9vHIP$_UF_Xh zfBU+O=IW!f^ir?Rk2_1g{tcq=hCuBLg%=;1h{D5RiwgrtLC~LzY}UGs6)IW zMa4OImhj)`h`a$N4&k32I}-Jiy0Mz2-_`z3WLR1{4v$*BmtMxJ6zafftRWETTb%-PsRHnv z!Z;x0wXmltA(Q{%mirIj%e1ei@tToJ<+Y&3o{k9d-dV6?rL3b-a>WW+R}8&w-uML~`V za~4YR9iE;(k3qk_4{x_!XsCANuq-p@|H(4rS^m!V^oh78@tDRImSv`M1_A$@WfsGy zAh6Wn%7*1kJnr3K`!zV8&sME^uIP9VMBsC&5FtCFv(IV$DcR`(gw|lvue@B0YT>T? zO?i3V{LJ_4Op6ybH_r7{BL#jzSUD66TiT4)Dh++Kl|P_c6}Jn=c>}TGWp;qxo!?z7 zzkp{HQQ>xKt3!K!IHa z%UV!tRg}#7$k!KmA70LN+*Qj+D{St*==jAvH*+vU<%?yry}-Kr#(lZR^E4Jqn4`J4 zQSTMJtWbY5)0LbZKA@1-oou5kG}i&jl7-Msj1f?NVUi+Po2u24+B|$z^69?J@BC38 z*_M1@{)dov+t&q20@2k4C1=DpKT98H1sRkY4Ycq4VT_6YVT^hI#Tbj%K`^h+kNpQ@ zEc1rz|6+`pUi8QIi!3#Gx-pGv_3yAuTd50HWF4;~Cz;7f4)()|f)Yz~iV;QPnaHjm zx#P9p%{s&$@v{m~9N9iI8iOX!RTb^JYi5KTel9FhpVSgU zO_ipoEe49Xp26HTwD%;tQ>NpoaZK3(^&gkn2V)GiY~qo)Vj+y8hk3-@z-jAB|dNisb{y8$ zUoA0sBL$yMwy)sO52p_Z_<`YW7DDd|tU&D6eMF=^6hY?MZOM_K<1X51p=epce|LZU z{pGqJqz$Hk;}f}?TIR&K`&7l^>Myup8HE2C$1NUz!R6`SI5O%EcRyS#XT0#eKlANg z{yzYneeL}qXK7-Y>7TFr&*Ydb!6tHlMM2fS;-i+~?=X=0J3js^B%;_SVDHT~1J-}v zb3VE}itRXg_`dgLr^@%JbZHfxzvJV{#$T`KU#pz=e;e!nZ*j(a5#bk<%0+9mCZPND ztD737L*=!;6bS*>BiH1P0!+-z9Wqw)xi{CJ0JE0bOy6wzJ8k4!69ks1PK-;gzq+k_ z>)U@_y$P#|`a8C|GT2uHf8xGFYf8Us&CKwn%M#GJ<&Rf_U@OsdBXsFqy-KfbTu3Z- z=-o6v^rO~)7w%5*ZJfR1u3hu=kXw%(cTsYO8h1{bxXdlWMAu|HinFD8eSIcKC!0l$ z>FwbT+1|sGTDI_fKgLlBUSYV$(_rx9v>Lcm`I092{7obE0c9yStLb>G9!IVQ%CKvU zhwfEZ9_gsjf6e)+cX{p4e6xBmbJ}To9{Y$k$@MWa`t3t0Iv<9dWISdEa%8RZHDL`5 zM{srmec?X!J@np1gzMv%2;+7CDTH{A;)dVaBXjriHI0nDM1f3ElsFPX#qX*Q(!dI< z6$9{-*&UY1%k*8wG&E3ep6Mr(<&am8ZNoT+Ws9g z#J#}g6)!&io_d_$jd*mx5cmA~gO%#T$d)q`JMpN#)(1N+-~Ho#Mi^Y=6y!G3n3Hrf zpA1#juUTQO*F6z`{MY{hv~Bqmw|i12eOKMxx=(!V;{W*x)-%k5|MRC_$MSzaNODd8 z1a$s2>+7@UU8)cY$U_;1*fL}z3x$O<#k0s3_hV`SzM<#^OZh}xCt~PH%pD7tBsz^) zLn>vgD#IOWL4d;XWS|6vAiGw4w2VwIMX*;Ymsi$`*4gR3b7YxT&*mklIO;=VyYvhVk2i}Sk|?n3VA3K#p~C%^c4%(vob@$g zZ~t?ZtJa1~e(R&#M+RCW>y69RS0;^ti%oJtN$B~C?i!;@1q}sz>CUt z^9~z=n|}Zg9-kwwv1+4lX8f6Zo5sJ6<=TI47p>R-aBF`;I+MPGlgC3NexRepuGLDn zmeE)>eXkB@b#deBEEpS0wX+Y)PsD7qEn3bEtHh*zJ!Tw|*V1Mw;L+Z;g|o2?7K7Sl zt{|WaltUg@9j!Vw|JK;Ws#ee7a*l)p4&cxg{-~fPu!5#4W65n!e!%{kMnnVNxhwJf zPeQWNyM-B2PPEztI%+-nT|y+9o)s*xx%owTsri5~Ik$-Xt!BI(p_r!EWOz zJa(6*52!uaScH}fO4GQ4lqo1VK){`(dn3%;K-{zj6%6ma+S*3Buh+rfh2DjTRhXOG z1|Of^T-p`pd?9RC?E9hm=IHV)tLEX~AIo=lkGZI5-Wp2`KCU%8fTC^^e$5PG ziw7!`Sx0%_Pi}w6b~*m9N9G{6_fix~3>=&B<&@@n_^kIulE6yr;733O0MFJ9+?ry1botZ*JC}C_^;;zqZMF?RR@W%Dbe($B7;okf zeywd>ZwubNmmpXRTrRR0nwPjKQ}BvCW?Q9jz~6`~F7U%|WA zp!NxAz&5gw2c3Mw${{o}zf#gQ;H#<1jZQ;?;&tSPS>JvN4(mYxp?Xy+CXc<)_@Tgo zouFlUm=HOfoRH>&L@ErD8@eKO4Zt=nMY8>&8~!mN*eU(*YzDf={=0Ujw40 zOMcb6m?aZfD0?}S4z38bN7ekKR)`E$K~BU=kapw@U)FF%f8ce{5h3v-PZh`;dauAq zv`LrB{}4v%>ZA8*gDy~TcZj2AG@q)wn&SyM-mHet$ zZ#~8OuAjW#EKk7Z6^C$gg1m=fl=e62JXjk}T)@t5zeI@p)*6hxSbPZhJ>x^nGKQGK zNm)YtqKpEg?a=7|=w*QI9JT;V;@%Lr4Z59IUhZwH3;PfzI5(bom583E-+lxCPMA76 z&ts?RT@NR59sbc5=uH;aGmlo5EcPgbiaf=9Br}ReyAhi-&^{ug-Zk$C++?|<=%X^A;Ku`Xvrn#O6EZI4q0Mvd zbBWRns{=1Uiw6BMD2blh08OH!KkZMC{IBbx=UxdmlkT-UV#wMihO}Pi(sqhNlr5vz zD;o_G)rFb^Ezy;S6B*S;?BL+cr*aB|2EFKuu1|Q{-zeMQ>=CspF@5*@*9t*msC$65|@>6Xed(Q&LC9g1st=bJ_; z6@m8&W}j6j$h+lbDn0V`5Z&0OPC7FnoO!lz%9to?R-SD4h5IhY47R9~Fhi&fJ+`qC zV^=7P{z=lVqC!GYF3)Rbb`Z_ZU4(Dk^LefSXCO&FIpZv@NC!BA%tfmvI=zVGbe(g##1~S_~9@TI2 zoR$g8;FSA{W+b2JE|DkYjg&xSwV4b_k%sa}j|2@`agPwIwrE0HML3GlWGka~#*CF5 zq$hODUy^wx!%RbRV*FR!_r`>$e?r zQIz>+pE5&Fj{AF@J@V8S03v?FkRvgFK)AP}Xqki_I)$-UG4eDPN)xG z`E20ToMo1e4EM>LCr;oepjW~V%;$o8m3>ro;7(6;w2JHM2W*#a_2jXkr65&SvHE~K z!?>GV;B=rTH(|^(L7+%pjglS%Cv+bPK~tQHLI^<{IqfpTZEDeP}~ky4yl z?R_~85I!5_Al)-`t4{#m(};OIfoszo>K-14l-YzWV50&stDujJ|Cyq&{C?xW6dl2% zCcx!JS_7^6h92_$!y0a`QU^NQhl9jT#j1E|ZPDVUL5iRVau%Yc-W|B<&S5!A3?AzU zpXu&;a%#RFtxE+#XqJRMC=Ta_?jr+0zrFZ!WsM502AH%f8H6?Lj!+4lG?q#! z6;GnZvKAhQrO+;LkEgUl-Jk{Ab(pq3yPV^IgFW2QaoW2$bc`ysLmB+}i(n;RBzRkk@IiE5O`3Ok7!cY-%H zGgNf=(qd9arl3kLBgn&y%XQ&*PdtQ&C8bjZtI*o+iteZI;XZU~nea8vVW>%KrF|2R zz8bSz&O?3Bntpes#cm-J!Be!l!!i@Q)M|&M_v_bw zg2***6s003kQ9AQC(5qNEU!N$;L2qhWFxpuXxw_# zu7idSkpHZ}8)HZ=PzfA8G6CCGNzkHgS=dn#Q4ZlGM^^Z6h;g&MTCk3<=AF zt!_%$IT<(;l3h~oB@2`Lh$WnjkBKedIF@+@5aQ2A!0hzE$&Hho)SO>2%Ut|~{ZISE z2ku@RVWF2tx&6|CZqHvX6d$-in8@g>TvGrWk6wz z&w#sd%1*GeKkZy#u=gZLpz=})W391m&L;Rq7gb8?DBSZdR(klNAL{2Uxp**r-Ak{R z+)pmFPSf*e#~ruhQA~E;cTyq~deqxk&&M zMm|U|VzX<)HiJFEN}IXKyeSgqAo0w-ktQ*5r{O-@L!|$T(uB;7M*9X#HN;^06WeBd zM2dJZz-K=~(Y!mV=?uni-WT#oX()z}5MJh731riWn95t$BxhI0F1SKe(tC(=A_%gI z2gxpie`U_S0Cox5wGVm8G~!WFgv-w@UfyM6l+ClxQk5WjK^)#9UqX>AD7?C^$HtA@ zAfe=(SdJ?kNcvDboqi#AtnkMfr{p}^~_A$Y~JLwP4IVm_dOLD~OuA|e>bKh<-? zI|^4n(gx$cZ~$%lb0FQ}D1kyD@>KQDpM4Dd z)O=xKX^J6h7wC!(=S=&IfvEZUJrve=F#VP(_dQ_GVGy-CqBh|1W2zi6fR$#geGEfC zB4gezTR!zB6Pj{Vb(2imqk8Wz6sC5Pk|{s(&G>VXMiFht*Yv zgEv8`Bb1~<%Ib9Ygk0M32`4xfaKepyN;ydv$gKgN39sBkAv2PkJcCkX8iE?~MxnfG z^A=5f&h~j&*A5#Vb85K?(e{j;jG}C`HMD;{4YzzptPvEMffznmhmptk0lvtyMlKzl zEpw5!@Yq@`#qU&7tL!(!P<|T5qV{Qb2l3YtP}@8)q4O#; z7RKO`3d&Q}o{7VlAj6Qn-{bm~i-qpS`gN6>LcDR6L_)Q=$s|7sBkEN0)ZcT6_sdz6 za>FJBIdN|=aV;0&j5FQsXxnJvAz@kw)=dwh*N2>C^4<(EDJbxzG_-ui1 zs-$(UNJ<|=P8J=|6EZEyOWMW%+}jtEd@xZuJNooozE+b>L^m+oZhjQ3us<;g4(N=^ zdZXI5e;OCn>4TfXg@a2PcXt=O70#YSGCPX*MKDopK?$rJF+-RjbcUrp8VETo|BUyj ziUB0(Z8BJzaUhihlOvaUdhEy9c@$BweJ!;JZym1xK%fmN-u6bKrWZFAigNK$i??8I zJYm%J8xNyfmt%)S zHW9D5h_La8QJjk;V32D3Y^zS2eQ(&N|AUy7Y}k?Z;Ev=K4rWi+r#&nh|B8pSng0yy z(25}r-=MmA(Qbi*+#*h;{2XT^pfahH)DOkQP^tlc(N?)g@OjW^l60+@+VHN;@Fgs7 ztcg`>D8#gf@kum+Q&b>{p)+J$*LnpsJ|(*lol3VSkCV9KlSkRkL!z8~(|(^DxDSqy zaNX#UvxKz1px{j87Wy9u6m!X>RR4p(NM6%-HXAE!);RLWXBl184(sYXgJPtiGF3Rn zgzeI-%OZCxeZ;m;UGECL|ApGfzH23}9AM~S^u+mu!b+a5oB12Ol;j`4{`@B+dUJ}oF4OrG?V{C!3uUOz# zJBh4%?kEdmChYQXOt6)s^bcSqhpEA~6-{^f56}*blSqGl*A7*ncAuTC(gWLt2f*_b z$qVb8C%};LTX7R=mgXsGjXoI6{CyWxa4B+kLTCQaVcgwU*3Q5hwYlwHhoFkIfTm}= zhK7?+we!-K%oPxNdU!m+b|c4_(|i94r)*6zfr-s>pG(g56q4rjlS4wH7 z5)?e5;&h=sXI3MmGTZHjI%m_S#UvfXzl1pwH&d&UibONj`ADtTSyRLc!6uET`soR5?AePQ@M39=x?H`umV+fUxCDlb2dZ?XIen4l7=@j*C& z8}l{Nl!uzy#!k!Z6|JWiq;XJ(U&`||lG(MXoID!u4LHwkmmK4>XgdMAq1{M9nMJwHoscA9Sv#!Y8(%2r*I$k`MKP!B{^)-{-m zqjU8*>?|D4eS<)Re6R31A{TFAVGXNyAfANSLltky3$+x7ubN}_s)*7KRYZ)z)0}6p zet|*!qAT15XU2`%7os&01Q}0;z?;}RRG5ReA4jQ}Y)a^5X7YX&2-z(`j~JT75LWns z2!L!vVe|=r2_MPa_!drlc|$fN!|Em*7J(}BvD(Z;t|FOiov-A?m*do?sKN}+raE(J z9DS8pknJ*YF(ituVIdd6h{iRm0zo@A^or#bXJ;2Qxv`>?xGlmj$zR@RCg$*(Sl(!P z7^gG1Gg^VzJ#o|0Z`hS%$1~U@eLrQ5!AIctgk9J<0S-lgp}6P+OuF5KeMi8fmrlMQ zG95hkvk?NLQ)?Ldf$QQ!zdp3(Cm#`JAte8(&z^M@Y^X5?y!1kbmfq~!r;$H9u3aP} zOjQl(@#8FWy@!`6M1z4?IPwZwcEs1E_L0 zK0=~^o^S6d@HtF_*F3P>Em0aKiC%FuxiL@dLkEWrDy>AtlktJr|H_ z%xJ2c2pO^jzmmfgd%Ja*V8fvFhhcVypif zU-g)^-qzuJ^>=kfGkoT;!G*XDjHR3ETdOtK`pS0Jy#nE z4=wN;2a{7sz&yniN?2IY7ti)htWO^v_Uz0IGAJ!dj&go>OTBJY;t?_Ie76HiE{WD$ z%waoc-`a~Y*W-HP!*pH*R-X$kLSkX4C^O@ueq5fapgUR4STtn-#m_iGIu?9FHs-XJ zrVfN)>~e%dMW|SS$SN%8r?_!QFFbL}gu(|<_Ug+zxbx?{V8ROjFSxbr^53`|V9G$; zCgfSsV#I9+zW~p#OdOp4J6wiD(WVr-D(RIK-?OoVtuaC4(Kl#gW4y z%CW4X{u<0@m_9Zs(G;Ov@Pw3UfOiSAQgO;Qsf6oTV+QhM;~Nu87y)SvM5nHp3QKp@ z7l=yWbF7Y;A5?q#Js68y=kNP?@vfm>UF{`hCpZ3{v6O5eRKrm~)iy;=JVMHQ&(jO_ zL!_>J_*K>#(wP6fViR~>qCvOk?Ai5e&V=&L!YVBM$SD|zEGRaTsh&Fa#5b+P8re}2 z98U%a&W0}IwTD@W5EGfx|JiWwIQQaKI+!p$0{2bXTE^+`P$h7xC4+GDls84RloEAx zeb6FoP*v{%)-2;r#Ubl+vXIt~DgJ%SHs8j;^^)VXhxQ#FkG#_o?C3>?e)LklQSD;j z^+iwg(my0?>>YXy6j#em)t|f#bWc`%O!oc z5(aCgo51(_(aOug{Z>m?;?~ba$DfC2>WD{Vg$i7T>daja+wLXOqr z^hspt&rzKRUOFa{(?Z@C*tH45Z{o30sl?BDC`{_2_e;Mo$OEh@RCb@BYQLGUe47Do zv)QM&3$~BT z?a|K!5tFp`n z8L@ySa+F*-^sL=j!){uGEn2R^3n=7D{D$@Xj_p&P*t6bBm*aDyF33h)F~`8f2Y|R9 zl&A`$7ClB()dRIzXd)PjwCZ7{V_6aPO4DUI#$#10_g0)PO|#Uab_sA2j@4UT46@a? z!J17g4CO_DUlFA{(Cf#H3lacKZUtaWqPuCR-{a07I{ED&VHGI93}Vf8xPJod#^6yA9 z>m*gyUGDGkyK9fq>Cruc|-6mn%W^DPtwuI_3%w4w<>i-=`8# z;cjvT)3qB|0}DUj76~X)rQ|$l#Tn?WH9ct7S%zj)2DMgG^qap|-ZM~lb7nLBK^|=v zyYFD(@87p-s?h*%oiN%wxeupurQCKu7dhqKyxK0&kz_JJl&eUl5(F!*KUs=gXs2V6 z7j+RbVBIyGNt$Lm@VrCip(n(cQfS->*PagR9m4pbi?cNNAMAl3 zx_1)59FU1kCFxwwM_=M*XD3rUOYg8TH}@f?t<4U*yazZ7*E$T<)Ja})MoI%$FZMT7 zvc5gM|8gO&qV-*~;|Hc~ci%wLgF2p(=`0!&xokG6E!siGgpB$yX;@@q0^M$iHwI6` zLl*JDJM)EjF|92mJc-uhn|7Fv(cC%>uzKS;U6jY$=}b(+PxKn+n#hWiKKOH-LuecA zgjw{4w>&}=y;$OLDSI~scYGzed_{^7GZ&u4m^``V+7$U*w!~5p zlq0mz1n#O5D$|jn9SLFR_pYYudHbP8_^5Ckw4F8*slJk!0@&^mk1iUS%fZzR0c99? zfwID}iU3lpH_G}YICipZRJAXVYoT5xQlHcL13M`g*B55~LgniSir zL%Y01u+DV47LHUsU9U-;XtyrvACrejY#SyV=fHO*=}4nL2bWW7AS*8coVqd0OPsy| zBPvw3H2~#23vj7vZO&qo5{iqvKhqm`=}&5iH!c~d`Wj*lX@Qz&^8Yzh_azXckp$_n zkz%YwPwTK->w4i@XnHYWSeE0uL~Bn;s+xxAF6m1LK5X8G&X8O}nME`zeVcEdpNpFP zR5))j!&wy~F9U>!(wdHO+t7MGciE}Pqd(11jG3V9UxH+e*npwJetg&>!KF|_l9VAZ zViZ^4+Hi?XukcG2IbElLcVxUhz68~UMOZge)Dl{%vljFIN=Mh=+o7Sqg)f^>mG|gp z{3p4)UmP6Qdp^&KQ)-XG+obQ_V8uX6|D^m8*yCz(Y2#o5OX}klZ7Iz#408BS%HL4B z9pES_PG))!o!}*pJ4rvJvW%6@YmB~pWgUBcMS;DPq#s+TGgQrh{tEVUY8n0uyZ(kcDMH1Ds#ecq$~FrNwq-}J5xzk*@h&ZSIhU;cRKz+$C$Uh7 zXkC|y7Bie=$OSgRX;e+g5@L0ts!Nv}enCRLQD?RWv>7?@0lqVxWjt&$zQIj}QP$e4 z2EFrKZuvUyJ=c|tu{^JO&aWsMrDmAjX=go`3b_GJ{7F2xLlW25z)pweuLEoZO>?DL zcRYUJdX&1gJ&4-cScabY;d)@pda%~14sn6Clh2&G^!iWRbXn~lenjr$8*{ASw3~{% z#!l~OT60s)gWha2<%JplKJvgZGm1rfcFYWhe+F2{W6zyr%|$_wUqgtW!X-_G4r1Cg zHu{f1-ON8`)3TL02bs=Zh(c^TXqYc=TA!HQwnO%C|?LiO|G@gs7=ry|y3wN3XzbSkE+60lZ$Du`ex=WoH zPSexr$khW0X7@h$9KRPQU2)ri9lYg37|4wkRilm1UnVZb@c+a<{^P)$|}~ zf^FCnkIJGFM^00vc34|foc2}lQqP1gT4g))l1a#(HApyvR@O=tUQVfob0U*qoPYt0 z@7d4<^LRwn3%V>*&~=)7?}B4a!H@lu;}h*urS&T+#BNc|bJ7rdI4m(*-X)-HpR$Zt z;Q(9Nt5B&*;!sp3z~`AK^HxpOn-Ik9rQ9zDa`E%pb$kYa)MWTQlsETXMH(I7wjj6B zMH(sUDEtvetT~l&8FyEWGFiS|pJkYgc};acIw&}|dVJmep5e*&WcDDloxVduJHvxi zn=^IV;xB$t7CoOYRjK{U7Z=+VHc#N}%2{Di)|3q9pL>Bji0lfDTiPyLX4i>Q4yFV8QXkH?ENfNgQV#E|`O!JxuU37kU zABrpW!T4f_y*L6z`@z=K^QHc13N(qax>v1NhF87o>Rakt8S6F_iMuFca~5C$pHsSj2|V zngGOG{%H^>#(0l=_f@q`SS3Wof&hb{qP01qk8my5!lwHBUAO#uy3Y!ZlLQ!)qJH1; zkuoU$1`|vNDhE)LL3kM8{Gcf?8#2M*-JN;lc#Y^zr{CRfsHHaKY$py4|5mBJ6%}wj z5+G!mx z`t@mqW}8SP`ZZrrn0jdiFSf*#@=x4_t9KCu=U&fnK!bzNrBe2 zejnU!wEpMh9>Ef9fHZ3MpMM#KtP335Q**pwb6>Jd{kc@l-atq-zfow_To$wSnfS-} zH{PWhK3Z<&6?rou?r5x~p1&-A!_Tz9&yJ>P_uU*~&;pZq^|q16Hr`~}!2q>oll6K{ zM{L3oqe|*L+))07)ozqP8IuwLW=p!qOXu69o>PZ=HVl*yzY&J{vZo>y&czGZ9K zctz-j2bGM)H-H7Us*>}g!SgukB+9kc7Djf-X}0aJq6^RfV^^_S`*2xS;e(4>*V!*^ z!R0ihMc7^!ybi|3#%@M=Ba&-IxH?(#YSoh|*Jx@==K^5&6TM0$wnZJK%HInudmgw; z#Aop6wIA5By9p7sbLm~FIQgKvG0W2sx6gt(nyUk0&s2RiJA<)xcV&`0T%JrdHJ6bT zM1QIPFXTqBCBNltA}3j+I~K~VcLqFCT)bf_YT#>IdiFXW96~ zpw%-}(AV?v+#tN+#|ZHJO=FAf4VPBrNQQ+8{dl~F@&4%CGsntb2e9@BFWj>8Tj>qC znN)(Sbh5%?`TPO=E>`~Uo(}A^NWR<-U>~h)qmZ572Qv;wG1or3ZYf30kP9vdxZBXK zucc++@6t`Ig_?z1C3k@ojKg+LZIDMs_elS^Tgp-0KbfANmP1vwS`x1v| zG*?599`_V-;gf1o!+#bO(D<>h^dmE?=Y@rxe_n%(Qm~SNBS#pkyESscyNd@hv(Lfl z`byU*;`uaNbYZ%6@*pPyP!;3>tWn$x#|m{@W#%_;2%_EZ-v7olx=(7|ubk{tk}U*< z8MKtWkb~7WT#m9P_?=Vgaxt>GnQ8L^T~~OchbUbhxGtwfJv)o0>SxEVa&|KyPa=!y zCsIkMyzAu5!CrkZLG0qdJr^TMftDpyF#~aC00n5k{yG%(UgvuUKiv9s+|Ipk7?p4k zqhAv3&=D)OTK@-oZygoav#pB)0fGk_*I*4aPU9Bb8VPg*!QI_8Bm`*OXb!3lk$Jmjf< z9G;pJn(VGUd;?-!aL5D^!U#7x62=Otkq&h;NKa`{`3ptlZl`%5m}u(>bA0T_#HWW^ zbi$T;(#pn!k+VIltg(6HfU}@sRtwnLDZWc{Og+|~MQhyT5TbYq7qe$rQL-(yHhEnk{R6EqkP50TrejAGq2lc>&r&7{} zCz?*5wURZnHMvg#U;9k7(9q>OkjXS(OSy0Jx7o5G4|MU6ht#!#M7uX)=IlJ^agBp} z#oRugz|<%ruJfU`7wwe+{(9(x=)hIEl!n{*M~Ag_q!Q{r&^;*rsVmH<;&Iamf(i%L88Z{5@MbRKcji%6TyjpHVIND>F`N?efBk~f4Fcm|qg_wN-x2q1M$|9ok6-9d?-lX`}ayb#A~M*h>c z1abI?!dd>Y(Wm9ZFKx#?Qy`u6KVSM&s7(G@;U1>x9rxKlHZgMH=I>qHVmyry9qYS4 zB+va{x&_desC`wxjJ# zb_fx3^zc$Ex3V@JHwk7LjFoLpy`$*TjfJ+2!?ik4UqQAQk%+%Kw7ZMNB(jPgm#Fkz zUPV*0%QRy{2A$B8I+C8w@BdCv-QObi{u30i+qEZB(>#HSf~L>x7lx7b`!BGvpC*w< z?*3c`hbS68p&#O`nLZ>LA8%?B67@`+((}(}d-8~V%yo-v3VquEU{zM4H_+iX?$?%eYgLM>@ij|f~JDjP_S3@$c}b&_m2ih{`kNv9*76q z!hD?}&$hpm!eh9m`3QT2?v(4a|JqZJ|3t!^XhDH9vWahWFK6u@gHPSZ3lb5%7Idz9%bjLFa>!|%l5Sp{+Hv!>9W%=wyW_TPFA_qSGy_GT z%=k}RFfTYj7(hAM&?pojcbkf64ayULQFxy-)(^jbpJ{(L5#(Um_3V7X%_&PHMHJL= zZ6s9r1<9)Q44NASdWw0=@|pTfC=<|zK_cgGvivCGmyVY{6Mj?h?Ujeg)pzyVaQqW( zM%~&FfMsrSa&yCYd>eNr$Z@WWexbBnq>x}o6$QUNq|RZzDoEi=`D?Q}3c}A$)e03t zBofD7E#r&P`yJcquM3(9o5M}$3D+}h+>MQ>8|LpfBk^8tg_&c>eF`Z?^T9ajIwD&C zXBtqF<;dIgxr15hU4n2S`GuYhOiw+DK)jtanj|Fd)>J5Y>Sqp~t?59SS36j|eF3*O z6JQb++`)71LJu+D(GB&g2Y$|cekpGy>1WmLxy+-qZo)_;slzcAl{t6lS`Y6|Fe92Yjj`CP z&#+yIcl{^pg7?8HJNjCERJT!eJ}&dvT%`qlN_d@y@-hV=iHqepMiYfm*RCJx9T8bP zLKzs`C{G`~bi#KoV<|ib9G`x}kVNuATcqK@Wk)kfbR=?ju24^ZxP&twuv?{=n3EKL zio)o^G{O0Vd$%}X$bpOd!DD9iGuHftbzM`tfq}M2o{@TY{FSG9JCudY2!xtU^8oXY z;@9ymF6Ws6F%h`6)*K=Tvm1}PeVL8l3UIFyrGEP-BS^Eyc-UNfG}2R1c5yUHu^=Z@ zL!_VrIJi^lLYdB+2!E#ijMJ(BH#iwv|J|oVVxB;k>sO;6HOJ+!yO2dS1(bal=@E}! z)+_Rk9$^0pjqWs!?lNrQp{(H(+6F6X_wA{N6G2f-Cq{N%MfaVxBBcYQHY-EfsH?6m z`|!Dv&;;W>t@^2~HV@ws*``4o5oD=sSsn{R&t57m4?Uvj^*Z9Pv5?)md9PH%$cl?lk|jn&{uv z;@wM?tF&o7k~n{KzLaRDa~i!nr$d?j`*Z&Iz`==z0#%j|uJzAntjA6MK9eE`ny0JP z-)F?7FO-Nz_)9rAU2gKn=-f*G_&|FAEJ?8>H)Qqgld&IMbjFPYqS|6Dj&D4tKZ+*} z{-Fx!j}O$CAojJ&OU+tL`>x-_D5X0M{7b3-Vc&mQ>OUNQ1i<#W52O#C-kqN@?^}N( zD48zSmN))F>5@uofv-Lj&aw*1`C*Z{FY1--%NG#!BIBMby^HH@vLsEiGpn?0glz<| zhC#QA-CXHQ%LOWaZhdg$Dk^$*T_@5y-&A9m#A2;mpbj?XCw&hWU4-)r z3`6DS%;nOFBA6o*dHwZxX#@$xdy0!MLo z&wY%-NvTBvzGLhIq^!!h)y;BA#rgC%ahgO}w>H5c*r+8L9O&d_I0My^5S1IRC8p=| z)K7AhXchDgZPkL_^D%(^?jVU-h7VXU<(ltH>y@&{`omOTCY1x~2Di!JPieg_mg$Qb z=Ri6f2%*TAOs91YdcVO=*8bxY`TMg2vv;uFO4b(?@M3lDS@kyeKr z-mx@T2o3(P-VHEXwZ|kkti(o(n`D8#BZN<)I(-Z!q1DJBbhg+{cmL4Bh77?S*7V-H zBsmwWT}+4J`jXNG(0eGF_xZK4tGKFk^B$sr}1wRZ`@=e^?^oz~)4?gCq%+ zP@F~Iuc#=n!3^b~v;kknI{fnA93#g1{~dyJ#^Hb|*^8`Q!~Z&HLvccay%)KTZ+~R@ z{GhO`;?jR>X9oQ83rW=x_$tz~@d3S?8(WJeNv1AMHCHKD)poGTdD=(qJ9)gQ5QPPB z37~`VPB~m_o3~(vg^V|x$NR_mCvokK7W}#Sar_TCL1P@SPt%;G5hq#Vw#pIIM?a!n zyEktH9@A>A*mWg8->!H0l(*L&UWCJHmtC&bN)CIoJ18|&4D#;WttF(?X4l2!MYg0C zU_lp`nUA@dmJHDPOVgUoy=L{Px58fF+&`N2fGpfM#(;Ky*u<~SF${nIU6_68`+Dky zaSYC^!jYlHZ+*<{_)?i~G>&*lYurjrPSXKqQh0y_`wug@t)wW|V`Kezgw!#qu= zHt|aTXf`LgS@LXm-0w|hQHxikd(Ydll84PL{>Sv-|D+QU`>ExZwq&q@uT!**#d2{s zzZ8T&U3|}aOa=y%a?suWyLCZ-Hp^W7GEk%;?|F&cc`hT3>-$qs&%N*D{J|PuV!7V^ zpS|{n?L_}H7vaCG^-rz!NJ_^@z|TzBG-C{E4m zFc?SF?5IPJTB{(lr*&6K{0i#|OPSMP=^#82!=e>CaAnSg>zl&sjV!2zU=26O4YQQE z))!#j!Nsa7TGh;rCa*qU3>XN-t(yT@@OUVj_;&OjD(m zX=A6elvF>73$Mn&F0r%LEF;iCP5=CufX*}>kiKLX^?}B%8rtdSVUOA ztQIH!^$mKt$F3%v{aU))ql}!HnS>Mrt;f#WqkisI6qm7s&M}n4N1b#eF0Mu^-A$l# z^R?A-XD#Ow2oaki+9(t*8B1w61PWusCHvaBBEeLwXiJbAZcG{<11vO7nCsVgNspkH z|Gk22pS6rq)o$-50nlXSp0ylE1jnrQ4=CqY7wh5bp^gUqv4Z@uaIs%^%9UGWW7~Yv zKhY1WOM!{1d=H;nzfLf>?{l~Q7?Hxv4|^&R+nkN?j5moFQMHlnc*N5LRJvVqvL{ z1qjx*X zvKatQQq_y|-Nk^DAtw{oTx8L%{-xADHr9Tnj}S_!YU(0ux^st{I_$XMXQXfpOYl5J zbZC?tz_n*TQC5@N83YZM79B=QHTPZSjFQxDj+SGKv=YvkXp6HNJtu2-8%(;%*$$*rsrE|vk= zAnPdP&|k&5LC?r$i2Nq=Yqw*M-!8Ii&u{x><`iTy*FT>-gT-Zmn%vmRPZw z<;}iZUV3Dj;>pFm`w3yRuwF~w)yi^!Xl8-B7!ycDNcPmG;9rpp6V4etH_Jjt2Vy~n z#!)%2WT9@saMZv^ePyQqhCY6i{$qvElMlp z7v?8&4-CK`GU>WCyLsY9jICzpuz;QJ$2*9^-!2cG>5rc1%FID^nULs+mAiU2mA+Zp z2s04~4J+_o+j1`L72D?rvxRAE_A$^{>Lys2`6)%l^-FB_6cX!kfksa1U~|&%9E&jf zs`COwJ!7bG@se8cklz%JwXCk+M8sOLm1@8KGT3}0B~!xJVyx!#m+XemtUSB}^YA-5 zD^N+@fuW&a4K%8gf_&4j=RD?SD02=`BNqGVZ+9{}e@78jDgF=GzA(z$r5?WL%JQv2 z_HWULa_11`?qI%nD;W&aIN-Z6k?U0hs-%{SmxL(&*rTUbW-bEF_OtnLnj|;V4YcCI zc==e68h->Q=92(=J(*?a1le|4em7!aJ4FoEd0Y)+R?rJ-?%*9e%x(`RhJ^SOax4!4 z=kYYzn9#zYMt<*ABa?jCD?3?^e(J0-MZc;y)7r(1@y)*PN?vLnt7Q4j=c$c|RLJ`9 zDlxeZQsQ_gT&o#}K-(cvr1?}>x+_3esnw zydXrKI8rosOlRsfROMHrI2#EooQQAqDyQY5^^=6R!V;IO`acsl4&Yc2jc7IOiNq#Q zs*r&+0=7$`FG^W@E1*O*xbaUHL&^|rw87xqyqv2pG&y$k+fH>>;peG(*B68VC=`o3 zKALI_D$!0XP6cC3n<3y899_L6cI~h^j1=#uMb$6UqmT`XOOYv-O*3N8>3gXA;gbiS z^WDx6S0oPEIFy3gndMBH=*%8!@ef{l@0P}jT`Mtz3s^h)Dtf7)MAe50Ugm7W1`&O6 z<8|_z5~ye(RnBQ|zR!z>p92LPXujT}L3*qX@I!dGC|JUTSQXcvlE$UiFS&ps5jL(- zs|1MRzmWh%55Iq?`QiR8!GZk55}=c_X!-Kja*)VRrDoi(^-=884wl*Yul0U7Mme8# zUPT-;lKk7@!~fer93&6#eNqQT6(zr zfusq%2QmVcrJRgH!)V)E`dIsI{cmsg|3Wzoy{$abJYGre>u4nbIayzt8Ot{9ulTms z2BIBOP~+USZZ^02O2s#gErbj9`iS1ZyXrRJn-O@_*BSg4z9|{&2KQ-NM&-3%M(!14RJ(X z3RE#%OCqyFv~g+5YQuBA*o;(F{Dk{cQm3-w_R9`v2-l;NeY)r3^`l4D>+ukk`5+$+gE$e zuk@e08@}R73$Pp)OX$07EZOKSf9*BJ^=zaBaCj7}@8 z!4Yz%Q5Av|zWug2n1Pjs_R;?4?e#aCy@>M zc7LPhS><7&L?5b3E@_pEHt!g5@|y+4wm&H^pDVTmSv2jJ$qJ47jkSG}FrIol${P+2 zb=*+wf~*+g;#WJbf7&zX3SL`!oK&A4vh%uw%8oSC35N!^_+ohQw&9QhSp|A~ZOQ;E zW+%P7!^BoPp?s0^W5kblJ$iKD$n|C)E5=A zEyc`&G%h371rnEBaE6lx`Cs!Pik96xsb7cEV4RCnQ?rPUQ-*6jSE72GQYabnrOTTn zgXu|(^;Q)yQgQF>TJJ1uIa%-dswqKy7h8fdj-8k6z9aDuSy-9w=obV2X==+33sR({ zoWnYxE?GO#JS^-f8H1-ca(FcD`(6pst*BhjSM$P|JCd?N0|_>$R_dc7Y=Z4PbK}AAYMQq(BK}xZ($wqct=D9?oxO}8h$;U?jL7wR%ALp1> zi`l>q1Nc7r&~$G4tg-kXWt~M1%j-%9^Z9BiIPz`UP^YnuOSGx~@3JP7i?jlNR6fsA z>#wgg{wV8sLp=Vy!oa`Y|5yL~e_}jfQ2Pj?Ws1RB?eOD=Sm+N}HpEJ-39FzU;qK{J z&e8Ys94Khrp{|`l6K`ov=#u!q3BpR8KxGZPd+;Z`eVK=MQ5nbN^>yCbEI8+dzGy7l zBF2&v-EAK=i|bpuYx|yD=;rdgz2lhqK=3y4y`h{F{2uJ}@*8I4UnuX?J=1D`JVw^3 z&0A09=&0M&Rn%n*f?7&y0F3XGM)wbp{XDy+e7hsj`^MpWG0csN_TyQH^0Q9i$*a=N zsFX`O{-R@24&2k2Gv8&L)>~RxEo1*e$^Ftqtc2ykWb$nE^s0X>COpU~oZ{PdTrP5Z z(W;JZWCoLo@j#qJ&)Jt$ycOfJxB1d7g4Wlo8Fv&rCRd!Nu%o(a_Iz~>^pab+=H6n+7DB0PApd4$G8d2{oK$2F&Y zP+EdqhfxZdK#8KV7sHGcjtIMsR@)Q`@Be7#&n7D?bgjp$%OfVa|lGPzit<=5f7))rWBc(qd=c?brs# zh{LkVTfyyxt6U;sOf0czyRnKt4{!X}SB{kYk&j$OVCBDsh5kK*P}L)`jbm@qhABlZ z(=Qu$Yc<Gf-<%-8ywq6q6;UYZ1?`r}L$Yp&pXJJa>zAqAH|dAoJ>42h;HmXM za~52a;<+ zspUU$pt9;GeMRm#IMnpi7rh#u#0edsW+lWl+2O~Dxiwz}p|b1D{*5)t07I?adTxb` z3BBTsQw~BGbG;s)9VS_acI?kl@(YF>6q_LpJ2D*s*{%a0;&`2ivK?3G1!|3aKCi_W z7{tMVY8z9D(Cla9sz5w#j+w5#n|Y6GaCJekHUv>>V?(L%Jw$e)`4O!+R-q_`mw5C(E!PP;$>GM{JHkZ0sb&Z<{Pl(@ADg`1?!|0!x^szH1rY6s`MjZiVa zl1}6POWV~Jb6|Yy-HU)HfW}0I7{NBFvL|cv^HCItG#RdatXWQx0W>XJPrDmL^@kbS zQn!R=%fs)E{2q%Ow%Ar-gxfz04&)4uQ`j43ff`GvP_I5W7rc~cxEQ?H8nF!%E~K`pT0W{0drbkAQc?~g%^60n0%_d4LR75j~brpS*;!eXmL0P_Zl~~kX^oVn^7Mf`_IjOh0 zDv#)nQ?rvv-DB7qL=vYGo!cMtfe1bwJ$9n)& z+`x`S{l$h-1Lu9AZw?i8>u_X&pSCMVPqUjHeXge6z-gm>B&E@vs|76>$Xs#<-~FQS zU~!(2M7GA-ta#ttY2()1>gwon*988t-nwzW{wl6P7^dH-)1mizH1pS;Byd!Xa-M4s zmRCfCm?cA2een%*o>D@MV}~oSNLXi>&5$lo@x_|7wLWn)G~|8rQ)=ni{aUT5nQK!k z!)upYh98`o;Q?7rE!5FP^61=iJso^KP zGyXR4l?Vr#%FQB+Kr-Mwrb@WYNmIDqW#l2e1MrPn{FmL0w~1B4%FTV> z^!vp3+O~ImzjtcFdN3b(L<}T0m6h=Sfg`)@=|3RSGT_{1X(=JhpQh;#=ID)!q(~Fv z2oybWqtJ)PFQdXUa5tDxs@)=m+a4hjA7KMP%JP;|Vy4kHtZ@SE`it^hWSO2YI-3~2 z;k9fW2Or%5QiK9vn55(r3CvP(Zfsi1Tqx}cgi02NlZ?}HV=9F+5Ph`FaGmwz@#Iu< z`S(2N+7_#|>udRFB|1%@+RLc9wo*+Q7iS!Kru8Ls8nB!^Lo%<)efI+#gjMSlm4DFA zqxEf`x91eiCWdfVEs1QBup6wD@7EoIlK_-2iq0^!Qe{z3D!#b~hXpLUj5OE!YsNyf z@j}iF9LZ2D@j4swh%0)tSD&J9=&@$X(y1fH7k32Wf96U5D;svZd@z zbn-)Xgww9S{>axb!?^eoWp7I-lU5IrWgm;NHL(bj)3MlaZF1GAn}k9sZtx5^4e6fw zyn!oZ&a~a+F?UcDjm>#(vAS6fab(UV1fE7UJHEp&n*)6@2cymmw>6Zv7q-_ z_znZjFR>=Ux0FkI$GhN{Mnx=Ay|rErqf_IHtQvkRR%(Y$1=zZ3gSnX^lbk-C5Lre= zp*dv!>Sm>8!gmA9q@yUW&S&%DYpdc;{tR;=7LBd#SF0G4!z5f$Dv6S!J!}wUJ8po_ z;0c6HLCJr(^?N8N>@~8lfT*ksVI0P-Dwk zyGd7k%OjOS&XD33khaznt6f!Ic9Tz;zv$!;FSxT<{OaRd{HgZ1-2!@EuI$BKYm2dr z*21#tS*(c}S)VH<8+okHSDt7p&o$?3QOl0z97bkx$IsrHC1mn?Sp~kEAKkZk%0YhMu0)L|Nz|63jsl&DO1Zp&Lq=(T>+=kK3^3s&XAO|6?+Q}4-~ z#eN5jc~f$nvX*cCBGNbgz4f^w%ppeRZ18@-^%nneg1U@0{?BRpH+*m;NcrC$Ujcr9 zTcx!0O_C^UPz+~TteJLjL8a_tkj@!mSF1yHjJ3d4h~7bQcE>Y(_pCNhmy*C=?UQ~5 z3!&(1QL&7`{ZEqK%eJ19zw#tvOP>nBk#=rSOULiZFBvoq$T!G|PwhN%?bmlPNw zp__92H<4)u>ja-lKEa%YO2O(i)`x3`;K-oMI#qW2VHo%ur)oMK29aP3truVoCz#m= z)RoA?0AdDNgAP-JInex(M%;YwL0ZYMtWxwLGl1Q+#kLWk>MNE` z>sb)$5CsSEz@0#Qb^Q_PBY@a+OsL@#1rTT`fAM^}81X>oM72AQI-6=Ryi9f*_%%Ga z8IT>eFk*6#&5B|jF65k=mC2#jtyP-i0&xj)29}4lg)^)6J9DVUF|i5^%k1u_z=e0cW;a;$0!z1Uq4@P=C^*N3o99 zt91Wa4u0mdrV(Pb@hLLg$qws-BWfJ&#(6w8QIIg_7p|@@h7Fu{I|KRFEY5QJat<5~ z=4y(%G7BjF2YXrggltMK<3lZZ2p$NcvjqGP1~!f5*01QBFLLkqS(iSpGXzcM68}am zl-hj2U-x!;f+NNUqjUhPnqUw25ohi<&Kih29%B4}>H@siK z;pWVu^~NULJ-uH)@Ud%pjY9MQipRQI^WUx@eL zAwQ!YgI8DUUH%rr`j1&&HKmW-Wzu`m`z~SCdRnXnvT^NoiFEsCXJ<{}OKEA>>b%L} z^&bKXiHSYqnG=nCdG{WHGfC@VX+cUf3P8Lba)#K^J^1i~i3rjYXF`-AtplEvImB^o zOHf!U{ZuuMqdy%3gfier^zYC4ksXMH3nfi^S2y01fBJoA4wG zlwDsTuF>qL>C9CUzLA}*LT^k}gcRs>3j{OfO8G=SiWKWQ@TU}O_|d70#8X$;KLY{+ zNy-|XO^FPW9J;*9!DWFHmY!9q@?tEOm6Og@efpsd@)cV%@U@OwIWHMP8G4HA-sKUzqpFkT3FN@?npSIM zPn($GO}D`og`<~)AR&EBxYcY&?n`~bJhsH#Im^LeAgeH>yo#8%BU#BVCVxY@^rkoT zX@otsU{UGVu6p@wMU?xSS~{r}34kGO6h+q_Rd8 zTB@a$EuWDGNZv*sQNlbfkZjtc7DiIx9-1N(wLwyKc`37O3^F4y{{i)IJ=^?Q0YUiE zp7|iKFEvc0$>J%_LN>x$Y}I~*iW#uBvX>CZ9}d}khp-)yFPRd2+$8k&d)=th9O;ZC2w_VU*h z-U0*P*1S=f3UXGCHCX- r&%U{jIMm1%JV|4zA;hfYmtbNT1Q89sHkh_^c@^hlN zOeoThD=^CghEq32KZ}k5mv-%@h;R(=G*;MXOe!WU$ArM1%g}V@xIP=PQdixes`8kB zRhwC54$pkaJt5TuCwt!f zqPEDqUo!4wOp?Ex zq6Pj!@d?SJIpoH7MzN{O&{3tGvGRNIqKi9@QaEO&59xuomZ{+oXAdX{Dmit-`5gmhoqiPeyL(&hML{3caGRCU&YrO~5}> zcRs8}s$#zlnWq2lq~?MgAX7{x^wPd%9(WHgDf+gq2wi_b@F@&m%H%Y}8JG3RcKoJHF@AI(HH=n6b2}q|YXL zZAmz(!F6!iWUViySI~H&0bcBHo^6EDLtlzMUDm!|{jvC>WDRNG^nHvnz>$+L`Hfbl zkaY;u&_N|F@j79}z=?#+P&?C-x!rfuet4k*JDkQ2-nQomLqfVaIG`=q22sin7A}X8 z#@ldaLd)}~mjl1d{z3_=xV^)CQ1u`mzJxwUVzEb~K79ELMNewWp*!eZ&)f$5s&gUY zL>A|8MrW&89Q0j=|JGv<*zkO-f0wkdoi0T6t^VsW<->oWtOePYw1*1O z#@(q>(;0p4BA`k)vgb73>06`y^39TJ*_f%8q{d$;$I;_|p*&`S7;7_W8$7dN?V)~K z=0Jkv@KMP6$8FAI9M$&z?BSS`_ciCW-jsb}^J98BXTe61eB1}osD$mM$&Ks3&tTyS_I>KPzI>8HlBcEu4%)SXqz9-mjeui<9W@SH^t_?oyc|`oR4@EM8(C z&fLZJd}-hAPD6Qnk;26#u4$CXObud@y|d5Oz?dY05{mDKr4xMnnFL=m4l5XCy-s9D zXt``!Fbo@UYo`y-Nb$+l$Ia@SQ53>!qUH_W#yrEnAB$ap+so7bW;9`7D{ zy#;Ay9MK#t-rkhN@Y)?yZy=4*u!=bNk~VIsO%~yR@%Ee#{*Y?u<63WZ1H( z;EdDA*y}N{p@V?UEV}@1Y%U>LB{1)qt6;?TJXS>Ko zrNrLi#MWC$QS2yL2JDh4dZH45za_L>Z?YMY+s)belmlAQY+V*xts%_*#W49e)vuyJ zOE1&9^~pPa6{EEjFcLM%dt`1e0kXw%y3FRmhn?v!jaIxtqMe;>XU=RqNf@jtHHhYd z`g#TR^@0VK5SKBfzw9r@OzzA!-k|~97>ep@T%9bYWl6qq`O2tBU(Z0dU9JNjFaBU` zBqRF}l1)xPZsIG_=wxA4OuH8_+SIZ(Y^3G>J*qTEAEFhvnpyftN~z+E-xTt>lFhm$ zQ;{rNmY8dV?6jUU#N`PX8jNy;o(}|dC2NqxEI{HtRG^58Gv*)L?s zH{F;q#n`2hfc^VE+Y@fVswuk7+fS%jDF5EgATFEv!CAKz36!Xeb*Vio z{tIRN)xH`CqB|Ai^``^>KTZbbSwA*;9?wNyBPXch_NrZ`T+Z*Hi$bK+e^8m zF=hG{yFo1YqTB5doEtV$RE(*|}Wnba2eB zAX-hWID%=hTy*djSMd>eujgq9TVm?tXlaHgV#T72 zgz``-#mSEFKr;tuyC-PIH9f&hhOhFoBYodmC{GhdGsM*e8#UD8*$m*a#3z0_u+<_LeA+hHQbiipYL&o8IvVIW07KnjgokR_;TzBltPSUJs zbBK+@ZIa*6`9;`Y3sxc09&gXwb9*dYctpaxnW1#=L}QuhF3hW}51ZI6e8bi%-p5oj zoI_pgtLlrnsQK$76ACtfL^0n0+Q~z|%gyvsYk0(&c~{t=S0PS1>|?BCLFD*sPE&eGS1`Okt9D(n#%z)eg0yS}FF)h0b~Wmi1|V zSb0k+`0=coVTfcJcWc+*hp;@s)U9D{X*Wk&6AmM&LN7zgFe5_dmGDnF=shV@q96=X z4t#_tn8!mR3D0}??7r-2%Ddp-PP@_t14M?LK!0_nkNllZsuuD`!Q)8Eu(S$=EZ*25>J^kZ^& zJY%M&`6}{Ngh7i{9KxVzFI25G-S`!zL=~S1c^s@?8PR^y@rOULgA7QfhadGF#}KWnid8}(;&vfsV2eNRX`C%Fs7M`u!%3a zBk8(QaOZ)*YxwWGp zuU~N%=lg2kzJnm&3l4i8=o4tp+E|5arBgPoqVjVzz z4Utr}LN9nVgk6(AN`4lHnG%8AyOW1w!QUsLFze=ElM_CvMj;>!mL73CBq92uK^rsZ z5D;!&csP_3MDi{%74;>(vf{Us4}%N}Ao{_}Q9}Toe$?YnIL*C~57!@*oaQ!|9}@H8 zC(z@_YLlK#es`l#g$4>=k{BX2$&}TX=@X3xGvS%3IRBuIOreSsuw^!ojyBSN7-$>8 z(YGX64BAl7em*B^m`z}Etp0b#N?WS+=|+&PE+kJj!7T^Fk4fbj^mWlIGm?`5RmJsy z&s{WXG|9CtUk4RKSqiahB$PXLO`MWELQ>qhZQAA8oH;~h@&t9A#{<+HG?p?sS1CW( zBqp)Dh)#K(9N6=mB(b?@bPZh$RU4G-GiV1`q?Ac4Ak!rKQXIpCTcpp6`i!r$UdTQi zX04WXMm1XgP~z}3pV-7M^(D3$`5Lc#IFQ~!tkcj_cCN{+X_&k)9mlrXhXX9vX#uza z*%VIf7ee6_(CiU#PX7*I(H3+;_(~5tBU0{Ec0`|ZU~84Ak&-8vK~T<%A4a_e6mZeg z?fqT&@Us_vY3#Y>-FDKJoF{qso(r;hOQ$2k)A`j08f7wieP<_J-j62KDWiY%;tB zSap~00&$i$x;=kA_M_DQ>_@${R6&I>LI3FLbg$p1?Vm90<--}xFSLB^0={0e^@k+) zFlZ0nMRgB>#-0f@3^UE8_x9G%t{XJhRQ#wmn9@AaZpW3gu`cuY`u(02xMg8dJm!A{ zoM5+C^d2gZX3*_r$u{2u6I2bkw5ibZ{7 zlKJ_$+^oWc!~`2eAVx3%6ET>{H&9eu&I5jEFql?7c%2Mj&{M*Dh^cV(th z!?_x5-tQ;0ShNUqy;doyD-QBAG0VqLuL_?aPxt8=Dvoq8zBuW-9V9eryQJdPZ4Of0 zH_Cdd!}czum?fW;TSx}W2XB}LpkujMZN+7niISmORoo(k9HyFkt=(s!oxh8Y1oM?p zJoRD{g4Q`Is*I~HDWtS*i&BGa%Qcj(gA88JkyW*2lPHKM)s0!qCG$|$C^xu|&a&7$ zJJ;7}U5O@J1s4yMYPnrSf?G_r*QV=DvXSZ&Mtt%OZo5lX*XaI}jdy~_fI15d94rrj z_e)RoXdMv-1T*38xwUYXTw(u9k;Evh#HO+zdx+~(d4LXE(*c{O?o0wbphfq()J=XE z!U9OGOqp=6;9qD94!<|@$pq_6yIu%`-hF94c-$J?L`g6l&|JTGskq0e9PwmyQ%hiG zyWYkZY{R=Sq{0Z*j*A#?V3!|%^$vpBh6az(YUkrYeOYTGnB&N3jlrhDP(ay{3MblE z%PN?y2gH&y$ir=*DYEI}lzb6Xa@s_hXh^k8yZs?Cjg=v7c<`;Kr`1NS9!gc@z!iQ$b2Dsb7LfOIw_{ z;NFe*!x@*&#Y~dWqV{%EKGb)H`2x%Af-A9{?-^O+*Md-SkeR&m3uHccTy8m4VdXd$ z(IDv(%nSllUVfheog%}Xm}%# zjPS!+0Sw-B_x!rn4s^a7#t;moZ3S%_VWe`kC&%1WazpZMlGlYErt)a!sa$f_d)@Z} za87QPnP&|(4aG4k%3ZdiEaSq=G5oD9VT)H6Lb#(bsuq(Qvi!O1l8oc4@8skhZpB;> z1#bG$R*l|O!!z`cI7=^VwbAt5vB#s_sdS!sgrEcM_D{k^I{i>Ra&$?|LLDDyuk(zg z!=;g!Iml-?S^0?|ehB(a8KWgLv|K!LPL=Nm4AB;h;P$(vkUc#7+NRL(0w7K}Tp)AT z<`m}8*zCx-_YHI5XAfxOkO2=jE%WOg*$$-GndnO`z&9t!vp@P`0-&!MiPgtcr9R?u z#=8-i{n@4e_sY5C{mmd9l;O8u^~WQ1(1Az#L9#Q|NCQ<``LHBhK($zU@M40QS0C2{ zqrv`E&NN2z7@k1Q~oMMjDm)X79z%y=wnJz4)9rc*p{urNK}@eDX&OrdmHrY8(62M zHfo>TfkGV7HwO17G&*cbpJ(eb3x$Mj!%k&gSiTk$=RI86KY*i7T1yrMS|-L-*zn=# zJC7--Ki38pB+ zt(2u^g5oU1ij*PtQG?_{MqwO8WGwwx<~CWL?HW1QbM&PYOa)NBkmdUX>VC9CX7i8n zVpJS9X!N??jhN*1j3bHytM2VZF`M`Z{V4J9&mx7s&x}J~Y}jF4q&@ub__X{$Q1ngK zclP27<=V7kWzHwq(PQ!J`g#2P)>{dg1IFh^(LN*gm%VxP*GbQAhFpYZ63jm@463+) z6q2+Cem`Pu9o5d82uls2TE|D*k=Y_gWn{=Wea{{T*5og8z#iXAH_4O^v7j%lD7P`Slj@mq9-=OKw3fGhevK!6_>K90$6MeB1 zk)OAoo%B;zW2T}%JK>|q-GfG~i#*@G^1aWm8Ts{V;#Kg&N>8J&RX@sN70IbGDaJg_ z(}=;7+-|N*!nKjrpYIP<$gHikyF1^+=>7ysez*?6JFypDm~>~qK>qpN_v%*8B_Yk% z@1_U?Rb#&GwB0kpNltyc^WlYkB0i);Q)nhtcSv?ETpg*yZIn2T*e1@V%3xD{ZifZ1 zI^P|~lQU1k0`X8FUo(aU59zcn2o!_AJV>D%v3WXB`;kMB-%8OkTV%oz_*f!X5xmEY z-yp-HT?QH|bqgkL2Rh*Kh+rt^D@E>i*I&^hpUeJKvau!DlD}jm-c>P${PXb5t&Ef2 zuG#gxhGy!j9)(rrWJJ{Y<(7ZI@pIfWkKNZrIr}aX1Beu=PO=SDa)K7FC+2?owpr$M z#8`>-3L=uxVzgx3V{*o4scmgES+lDtmw51m}}Ha9ysfAPpabgJUs?KY%$EB~Ax{htG7YKGSd zR!&eg_ezMmwdVz}>oIbQ$Q9i5iA_CLs>alOqF>7pa#la)V6skN0=R(&Z1WJ*Hw2&A ziqRYO@~)mkuG3d`#7-`u?D!PYZ2JO~rm4_zVC95; zbyp9QJ4>_vmTP}oM(rfY;*q5R&ty~NzMf39H?hcXPdrxQ+qT(L1qzTG4pEALG*iC- z4daUO_8Oe2BYhokQ@hxl#7!k2GnJaiqjXcxer8CM0NLvOAy?N^N@ZVM&j8^V95^ry zmx_Jd)8$nWhYh1XJU7HzNU?Qr7T~3R(u>Hw)}aO(Ih9#Ipgb7?`KYDCRj;? zlig2U3ttJ>v3pYEoiMUd^Xal8_E?4O2#=#j4V_Gxfafy#D8}WWmzD|KC}HfxefY0x z?Qi$_f|`Sl_KAI&kWVNt9^Y>5e;-J@Q^uzho53~Z8yJwG-keR(ydc!bj{&;$wkLB$ z^mr>LSY$3ApE4tk`uzAVAa6HVZeq&SQLV| z;Voqb0!_sH5z#KHrEq_-2{$p8J2y_0tf7#hvPtyanZG-feaeqw>m{g6lS9ug*u5|U zRpWp|O;#9|kx(4U?eJ;~(%3;(58Ko%ofUP5hC$_;09WQlIe=dqO(7YraB0+#%jd9i z4^iCqJwcQHjc`qA84cwfq>>Gduu@rv?y$LTt}|5Nd?+B?Ivrmk^R13RFYBFwOujWE z{~pL4?N?$|q-jmlA8$fCD|}W|b`xu7 z{VEqzN_|4L{3KbY==tahG3ea`>Fy>^Z6OxP?PIC<2Dy^T(8^`=mCOs0Eqh1RQWPPM zh6Uuqqv-~`|GL1=rcHJ!6CamjHdWz(H-LGZfefIqrFh~t?AdA17 zbTzWB#W@qjOt|#uIHWn`QroBKOW)|5KAesn6p^p>dN^P4=*02PRWx+xDiTcOkw}yI z_#weQm}p{y0GRlgdN;ClE90n8fN^;6!MK3@KDKNa=SO`Y)}s0X6;?@7jI&6M$Q4=b zr1Wl%hId90^MOO#)y!1$E=)N+kVSCG&;O+Odx5l^_bzi|vxB^Jw$LdYI~5ef`IMDizJVJSFU?2w%}oBCb0X%F+G2MGwN z^WpRYJ~PS65xQHU%Mm&85TP4xwDfXXEVY~jAs_m#cRn@p#(OB}2QpJ?TE)D_$ai%3 zE%BK~kF}1nisq~4L%x@pE4(Bm7vY|9j$YH00Z@!Ah7>S~8}$=j-%qKyu2?DVY+GfD8zK(bLmMMqcr zzE`otvR2Oeq$>*Um$36)d<)?v4hz(5)QdshfQ-Sv-Zl7v$}1Gl;m8rF_Uy53TBv*~ zQ49*pnOD;FX0UGgW@+OhSNL(olUhNSbhKEB7geGIk*y>9<9M7C%3_*)uQ<4=i@#K1 z=Gc*20s=JJtqCy+=ZNg) zYvBzZAEG(Pd2dmsWJX$*!j;^9zpjEY7f*jRXI_Pw0#TmmiDkA+r@H;}r{8$o68#=U zbtmj2g^7voaHLUHfrE{&+H4V3)I=b49I(lhm@wz(fWP(A4w!U0JHmU7`6#bug;Q9m z$?M7jCNe>#1SdbRD9CkPnw??dc96#*E(z>nf=$N zuTOp|ki+e{te`O%6*uei%LrcQCj-G$e3|eKFRjAQtQa5oeXJcer}Yf+=&xaOqfJ=B z{d?@v^u%R>@vH!Ht~3q`Mr~OkW|3;4>G;Lrzb&#a-*2J*^VV4PEV;;mOkK@& z+D_^zFikfJW^9l;5Jij%9^h@VJ!tG#;#5R4C9?ieYi{qiBuTsvJks58C#^_ieHVl~ zL>MMss?3cAX`G>h(RhB3(RgL$oR&acYUAaplBfCDM#^&W9;>25j#?Zskw&b}2lWN4 z&?MwkyR&h*-`Ti2rBE5R*gVX9Fj7`r={ebwm6`FDXLhft7gI0ubHfV3$8fhE1|6Cl(-<;d%nf7E2CLaU zrr!XzXe+DBLew`NRL68z&3D4mi#tsQ zJ^?1e2l1i2`e>om58u#ufu1W5@bH}B;4{Q;$1vU`(5Q}Q5MoSTpjXRWrvI?fL)W{X zx)1Pi)NWtn&B*Bo>KCL*Y&nh}mEZs@)>ApYzrMK=d9&=JTiw~($*zt z#v;;EmihFg&_g-<9*wOqOuQ+7B|M{WKs31qHDHoc2hO2eW_%%`4dix*GE(d&?uYM7 zanc_zi{9z#)t#>59O9-hK%ROjG`+_9_+cXfIA^$sO8rXSm$zx?5{*M8j)WVOft4mL zABUx1pU%aH7<+ZkQm9&N%wq9<;aNX(%c^=*6LKP7b{Bdk@4D1u=Xg{J*zyM&Lsucv z%1~=UPB*u~BArt0nn`;0!{2~dm>nwV`mFz?>FRHQ)%#4u6{GxOiD#(VY3~@B<^~%ZfTmmfz(ka6^U6LUDAG>Gx*S73K6|=+H{b>QaS61D{BkFWx(s@{%$4dIrYW=;b+*JDVxJ59JWBwOx)h1a|k=NL=Sa-s9h2YvXy zMXa0j-26(gmH?|WeaJ1KhU!NlJrVh@&W?hYTp^c!q+;EgK?#l9=&dl0Tn@3gQFKwm zL|S!0QbH4_&1ByOrr|L$=E44&=~$6FbN=DZoU7Z3Mug1_5F!`DxO_Ulpe#`*_)%22 zMwU48qQ95dgc1w!LxF-Y=#2FN29d&BO6wMGdv4WOhl~n7i`GPM9E(Oih2#j&H355A zh^kdEIEb9g5UbRW(cYqoB>`JC(ykpivZNS3!OgwMzxrsw%blKCIIU_^{I2b?`|W1= zx9#$M_wa!QakE#y;`xWxzKp7*nbg-Pck^pMvM1fPQhY>Y<)qOeh6B+Xo* zQJ`WIE#`EFaZ#|2aJP*_+msh`NZzM;@d7sT``= zN48%ND7lT#;LwSI3PG9-EVnWZyrcWRiI>!5vJUH#OVNk>?Z~S2o-F7gC!QW%(GXl#b#YiA*pih82M>SwZ z)8*8fgy;++OQ~MQyaBceSMh-P-xe_2^GW~a)>SDmVA>I_LO2$o^9XAoS4+>L^1Q1rgzBR`jb4Ov&3akP zBXh3vQG+9Ws-@4(c8x|}r&Bex?Smw3muU0Umad>gBFLl6Yq-#-Q{W;ixvIk9JREe!wDvC$XS!H2EF zLs@S&j;WZxg}pA8`&@abc_2p8G>BC++{Kg5Kt4>4JOq#MGMPkEFS&!UMUb)(+D?>K3!(3O~0+-WQxRjY{d8!T5xN1&v|0K_{depuz zMUA3X4W!*IjA2&(#Cn%ppVQs7)K`B&+24R8iK9ePJ+n+)Bh60@fAsamhd`d!Pk7k6 zGBPTO^*p+WJXc=xX2i=ovISxXK1O~;NGnC(X4j^U>fa<7w_i0RB3Bt%^wLRQW>92O zveQR=&DPMg>cYu)31SS2`-WiudQHh4##mhD!lI~&Q8vi#CT!(U7kiHPKomQ7ib>wR z`2}&e99QjVNRn~BO+$8Jd2zxpwsV{WwVkb#m{%jCT(oK)3G}tjUQf0DrAjT-LE;%U~8Y0OV~iBy{~be`AzxG*ZxDgW5EOth)l=QAmbrc)~8zDt(>Ng zX+7M{8#j$-K{wx;>d$@yZr;HbZ+u@CQe261{}i-;QueLD_W_)9?Z*3D+xgf@(R#7( zM`GLP^OHJ()05wTtlxmIn|W=&On(D*pZ=_IPp?oII?*Ip!og+sf(@2Ts?#JBVW+lA z)e!qupSngH%Ua7Tc*}V!^|-B_oCG~x_=5WMsYM<;zqH7<8`z-nc+$)u3=nGIG37C? zJ^kP#*3v|)8CWM2C&Nv3x$83;f|2R;-8c8&fTY9D=lgGdiPoj9q|x)LV*5H~^NWeH zKhvTBf@}wJjQ2R*5lOjMty^Or2ChA<+Li#pupqonEYw%^i>%+;=yr<%&bza^6qFDt zX)kL6{7Gjoe^g&7hR>gr-e$zL=<+xz9OwB&lQV=%CNEa0#a~hxY8hb1w@AZDfjk@z zlYGW+OW~>@GmR(?91Uj>UwW)aabB<1Ou6}fjYyUm4~d7emT~<9{BV>9#Ce}OJ}zC9 z@cb9gQ}Ljv0$riX@?EV6W(=$G`!8o72@@{lxw%)ThoC@5B3ZcZxDzSYc*{5&kMxz zEhgSo*K-1acAZc-<$$UT`v9dG)YMW!((p7{9UL_^c2Pp5EekBv-B)f8RC3U{zdj54 z_4U!v^Zgc!*0=8*{p7!H94UM$!qAm{6he1=@5hNz{VUN`)700ZPg8H$mMvNjjNX;etvq8fH4CZh+zLV(m-7HZ0Z|D?;HSkR--} z7L0-}_YQNds5{CXeAWH*>HDOhZOB>U{Z&rA2_q{hqny?(=bZHdJU1ADn6xB|^-)!} zY*bAQ9^dfOSr7{GmzP{EtXXJD1Xou?t%%=%V4%efNprRO&3^H307vS#qlVF_%8EIA z+O$B}0AkpoRtp#&k!f2IP24tJ;$?=|gyy^2CvDrb+-qKZJ*8JmlVlOW%?{G+g;~4$ zqVO$e=Z9#S$c{%$Sd@*`I=}kD&BXB>biGm*M_dy@TGJa z*yt1YgKzpVQ~DW=YEV9WGr`YRHWCzf8~HyZuWFZW&){;e=OFueT1uwm52BOSyKOu7s?1kdAt-BRP4YE2-@bLLbVw7; zrw#+3C#QCwygS>j&CcqBxk5zbeke)&(=w;d!`WKS>#T&IRSNH`{BD`Hn6E3ZboW}7 zwD%tQXCFW`uqJlE)@P0l`=T|$f4q2hMmw>4a!2!XP#%O248C5 zvh2Ky9Ju(WrYbI{Uz__fa@M1yomgRaUBRzf5c30Y_&Yd{|Lr%!jG5_R`G9#s52X5DrozMSO9(w;W z+=6neIx22i7Cuowa*Dp@E@|}-23w5|xIDeF6MyGZ_2JF>#O8bd|6$#gcf-xKbT;>! z{U$#pXo~;4>i%7I|LjTsuDXBsx_|e&e^1zd%zGG6BDETN8%YtxVV*faf^Du>fLGw1*IxiwXb8g9 z#jaUrP$rbmHZR9zj9k9&&=F{2c}j!PX12^#_2cchp6|C^Q>Q3+l)YYiqEdzIoR?So#lV_YT4g+`tB=W?Clgt z+Pgjx-|tUgOS(_fy5B54Vmf%;iu{n~{2PE63$FOJy31ooF{vAfUd2zRMQx?R44!!u ztw!3!YnIf`F?hhLQwt`7n}?wGHdwZdV!UQ3J+p{s*_P+oSlU(LngFooQ{l?2{btjv5=80#?DIpOJ>II-YA0_43)G* zl}wMUmo|wd<2m{@24fgn9tZRc&huq?x(U zm`aNry-FV=cz%#bO#<@zy2f1hJemm%&%-HXIYc|$bw@4a2zQjQ#|09@d-pyJ9fgWme23?vabPW`h!p0PNb z0?f)ECn{M-E*kndop-Szr;pPvmrKOlH6*4>_t&ouaQf#P*RuTy;A>fRJ+Up zvMaB!D5%!f)XI)u&kfNXVB{8M7WZ~iOmL=TWukD+yj}x{3?~90!@>R6eQ{pd@p#q`|D{I(goddoPj?Q6ayK-FGIc8%p6;%1Uj=i0}0(BF5cJ+=+ZpFydypeWB zsX(;r?O(5+zg~Fy1ML}7zG>GVet$NSObKxF^?425rxuIX$TI@B|2!k`7OncUT9EPc zCG2~lPJhXzo|G(6JjJH08JfT%)8yyk z>bh9xvCt(*>_j3kKu7U}JAG$(=QBmf1Aq130O9BzN|%pAF(zCgitiY#qKc_OwyvBM zyR#tk4U!cYq=y}`b@c4SY&N>3MK04UpYMtyYP7-38H2YEgQl8;F=6Teb+oDGnG9?g zQb}IST!g4pv0jWl#G=_;%kHR5g$KwtH|D)9tj?x$xM#5(VNhrCp3;%nkHS>%)S+UU zN_;oV@_13DBuOPwP{g^?8jL&SC67*lX1u;u8%avXqb^mvN;~E|z17TBV&}S9&(*@v zJ=%3NS3YxMr+T(Y7R?yeFKFjCwwk->$Ee;WK)br{hn1BR4fTSs5PeO@8qf_Sc@rHaP|}ROFiD2uTA1q- zOEUAe#51Yu6e6q>&yxsW25kReHeQ&VRq{Ic5*|0P3DX9hmQj_(C;MoZ>CBs8eFV#{ zn$|9HJx9%Xyk*SF1Nqrhr{aKcDb z*A#BRq}xLiX~Huqt?l$ck78BxFt@^3z;6zRzk?Y+ZFjKU#~)~;+&W21%r(cGs7|X- zHAONCC&oS^3|N7TTBvDn9cg%&k^(7Ca;ts=?0!ML4iZ%gJnQ6XsF?)RSsVmNpMxgC zNC-5?I4pGH7?w9RBfw*+Dz!;^MXCe%$AJekX*)xrZLNYuI?%uvFvdTm2$2+NqUtQ0 zYju%OfB#ob9Od%a2hwu;Tu&>%^d$~hQZ&krXRvE;xc}3br0%@umgjf z&>9Zz7=U;aG4B+4eB;5YIs2hu`3uLYEcSyk9F2qw1DTi8{ZWWz-{y&Sj>d#}`Lt|Q zZSAvxmLndXURV)gSHMm+7-mD$MwQ4QN8&8~afv4Q;MqnAd{&q$ij69Fljw5ihhMV5hh+wTRo*ps&72gbn-&AlDLu_&$bCJ(56yEKcI%5wCp7@G+cl4-UeBS z^Jhrf9C=S-{ASvHjWVxTKND>*32RGR>t_gSvNXqJqK)(fIS+qd3m8lFq8cme4c zgV6^cJj=m*F9~hR%?ImDEO3U%joXpxi0L%moPm^ZeJ%$uMI^NLX1iU&b9D$SMu$NM z%AJW804O97ppNcq8PyVRkFy1uC?m=OJ=8MDWU^~(D(wcsYh zPU9S!yeE7vF7;XipoJ+%(QrZjtyH&$m#2oHHp|?agxYTo7o6$oOyHuE`j(?{jFl|0 z#+7ZBI-c~HonoU4V>O>@Y zQTnZx4ch8*Wx+JORCDrjO$DcTtXA{57s}VzJu_^kXUh+4Opvb@rV4ye%+qF!Gv3Sd z)k|5oVK?r0H>{dgIihThwy$B`$HTM%bt{RdPv-GQZ4!;?sA_kF!kHpwqSW?S^ozs~ zB0KhQ=1Wm}H5MDu&r=Eat{J0L?Ctrn5RB`m5}OC`UXjI1?|#QIy(D;l%!F-yesEt7i(3)-(~1L8rhbnH8m(>aCjj@Tc*XVkbRT?%zwDeA*Pr{JPU3 zx0lz}0$oQBbFNiKJb!L$QiX90EH~n(7$VC3 zjEJnXCyPdaEU7T7$Xw5Cv9!nClU%3`tu5iUr^rjXzf27^tFXhPG-b-`MzRaIw<+{O zYn2|bY zXFl6k2bB)={vY&4{*nPlK1KC^kVyFJKmUC2N#zFlYE1a0-4BXq<0stD?QCDD&f(OA zg?xEFPxqDA(7hpMeR6i`%Fg6V5?^hEl^;iE<3qLOy%z?etH$n8j=>pN%^aZ27efra z|MSn*OEpss-=j;tQY#aW6ZE0V*@tFT##k2+799Qc`8so;XPQ{4d{7;a*_KdQy|YP&1zrc{k3Mk_N79o@7v$BW_OYCNh8P6ic} zJ1{2hh43G<$HSGF^E%|(EOX=?+`(O2Wpr@udMDPb&6dC(^+%w# zcfe2jF~43){{~Ql@oDQz`X7za?zZF}TYj=@4mv^Q;YARvZKEw@PfSQZWvuX^ZR@>P z&6}6|^oxrA;lhdH`PyQ=7`w`mUiE6+ep{`D2PkE};=h?38FCh0?Ae@fxL!p!dve=| z_HCEpbGNPB_E=#Pe*Z=`=$A+{mE;qZ*yriVi_WzX-MKTLnz0bCZ`=5P``P(1-5|Q} zq1QiM9fbT|rywboth6;truTw`OWrvUd1fsWtU0ezGv+#7o?{hqD zKw+6yCS&uEGGn}nVsmZo>G=z-qP!IhN=4!_RAQy24gZqKS-U5mq~G{?cEJ5DHmMsQ zy4gFvq-h5=(N3~u{CDq9E3&KWBVhj|vZM|G#~SgVFqn4)6R=^X7TOEi$$?V9pwyi!BdgRIyaJ0% zWp1n)sZg9=F)RG~r}C1noEXx3tB0jci7_vd|#FNM6vE6SLW-rnue4L^2sIO_23zhE255LdE!Y z{8$`+zg{~vUKTey!v(&VQhJhdoTP%YYm!$=(lm4!M-%;shkzf`aO}vGa*=b+2j1=U z^D$SxSPM)lj7>Z%q`w>05Kp#9jzC@;c`FSHsz4X;38yiyDZfzlHI{o%NCYG%&!jW+ zDmPbs$E2U24aydFr8q_5vUTI|Mc1||v|HN{%>qGEY=&h!4il$9elBVI@<^oEEcj*OFd2vK zm2x}PH%jQ35F6G1}GKla$mPT?U;fHUC`hvjpW zb)0zrqGy0N@l2@)1PD-u)+CAMzJnzv!uRCe=q}vd2)8 zAy;YS)za}C$M;$Ppz9;zK%@htpfHUIKE4aomjKk`L`-9;hy$(B+SY7e-p7sh#|^Xz z8YwGMi^K`_#0S-Dvy;hkzI7NYHDWM^GB;jXpDh(;cEl{Bp<&=2I`W0CGAl+e5iPWa zSh;W;<(HV2awup6<%Crebf13ghGQ8TE#GNd@1!rqonu#rr@j7x%!?wvBKaSe?S=+#2 zP1<6Rhcy=~_sH0@1rWybr)BxMOE@wFJ52sq{j_6?qDLVuQZ(Sgvjg%k38oC~d-=sl zD>pba*o?mJ&cl2Z)fzp5Vqj|MgI)y28yT8quV|rB zl1go0NZVfGOZY}RY8Nh}o10OV9ieRs%Xm>t>I%S8v0c-fk1924N53f9sZ2nhjS>4T zyMkKvsPGCUGqG={~X=f$h5KX>{*AEGCset63;LiUZ-zUH+r#NyxgZq;xfR zSL2sJ4l;%ir7B-(UKW!!xK}y>Gw*n}(3ajLeXW1Tk4Q3_5g;Sq1848~8>axV7U|t_ z?nCl|$BPva33{7Sy_-;Hh=>_HJKuE2DZhD}9b)*6V)zs9$*8@DuwCCfYtC^Eym%gI z#@JzRqjV5}2cO5)TD(=pB#c4U3G$JCZMK5Tj=_Xf3|bBcR|vdX)0Sh7CHa8uM7rlY zimDe)jM_(2lSqu|<;Hw(Op~^lBm5yg$94`U817ppe`M5&yz2i*CEI1-IEzI8w0%wr zm+`|_3m@~kY`shP*3SHO3SV0(*!K~*kbwJfzyWH3RIsqNKaEyn{;_q)g6zDsr5 z(Y(s7@STKhnb4{9UKF3WcD$&4e2=`MD=?~?VGjO%{kAca?sWF)Dp*DyGrI^wd9c0Vi0^rs5va2DKZ1I!mPRF9x;mW z?TGgMmw=|+8PFtJfpT-jaQ!lZ{4$=Z6=1*-vKeR|VdaeYWP#x(f)o;re+j1y;W?;b zFGxzZ$7aRsERvg|9BHym$7Fd7uZT02>@WqeDDFiyu_$a$xD99m`-y)8u%0Wfmn&t= zu}FL9m)J+a4I6O29=%0XK7u$736+VZ&&9er>U3nDet$kSv%ki-AGsh|=QD*m{9Wcj z!2@UKJImE3>t|AWW``i7Q8<%UrJ0xFYx=z-pFt{5E{|4HPST;qry2dcRGF?M!fJCb z<>-{rn7Ea>xvp(WiFMoVKb*@D7~N}#SQq-lYA=1jn)-r{m`*H$LxAHqfb5A+1J=_% zVgz0V*$ORl&CcS7bw=>A`WwJcFUYUO+}R>u&W$g>0WV6%TCK*gtNhIl3o)Qyf_Wu) zmZ)#%U*c9_EDpq_;0elkNbplY)5DWv^i*xRf&xo-)-Px#uRi{KM&fC2)5 zr1K|@uH+?no(lVMcA#_7IvLaYuBc_1`UI=@3cQmPQ6JU5r=;Qa7Njh{x$Xs4naj}J zcIqQmA)pHF&0oTxx(`Ku(sT9hw$%f%kl-M9hwOg zL0i58@@J-qI|?XD)f*;?DIV4u4cBm^;7kXoYV+Tw2b0)d za3OU2vispZXnUK84Z=(u{sEpSEPnqp9G4T4n9WwMTI6BCU>_mQWj46|5RAI_7>6p^ za5`hpNsmI%O=aYm7M5E3_MD~l8m~w^3eiO?5MB8fqn{bc=&vi{@a;u1`h)+;=y&cw zGWtsaQ4i3-`aESpuU}kz3G^Emw-VMqE)aa%D3cQPUTJmh@>VmgxLpa$BNZI`mnRLr zZdC3WO|?%WAMd%>#!S&WX~m7~9DP(&$7+$cCraJhg_68W7LgK(U9_VI@5?;Q-xzz+ zV`nsuE?94orX|BKf@j=>nrp7frw?Nwo+Bd#)KkWarVnn;j5hVxsN{^e#4gSc(R z3e-jgy9-xZc7rL#XD6*HBO7|$be4g%(EI$bl)=NmMA0x#8WfmDsG#lK%CmXw&?RCu z8$4CuF@l2(#dtajXh&(+TxqU;{p`{E59cR2UcF8QOA_{BHqYpAClgxQZs%P4mdh;- zyUN;QxRcRYyA^OjB(>k{O1F2vHhT#@zG8%Pzpbc}D2xyfn5ZXyYt>%&{ zM^-yjF(#h4m~osur&uc(hA^38pqdo_0nFvN7xf+p4q)Iel@=J6Pwd zQIG>LkbkVVjFU^(I+HsAq8^Sd2pz_kZUK%=FvHbgn0VYN>Vh zw-?gi;7WXc<03?j&d*n=JP?xCK_f?5_%fM9I+RuaEOk?vuX{W4IHMf})&4`JJW)+1 zhY$iu^0#cQ5i%ryFYzr+AjmnRh|vNQ`i8+a6C$F_Ds(~N#88$fNQO0u(i_&8H9*t$?#@fME+2*h&wB`(Ncg#lcdpyvB!&eZDOpBP|$*xF9s{} z>m?`I`mCKUGtQ}y2Mfdsi0hHG{)Hy2dU`sxSRHX2vrf4W3)AknYeI^PZd9J9-2217;EWu zyx089l~S@DIOErLa|@w5-o^s0{Fnyg4{VwH!EPC0H6+KT2tZ0)n*t=QtaXqoqun=lTT zbBAV~MYiU0h_N0?Uc zAL812cU%RXM`3}^W`RyOVxwRqiQV>^+U?52b$qp%_DD}v>?DYRI*B;8#I?x`19AEL zJyia%mw#{J; zc>^&(gAG)thsp~ji@n99JW{Ud52Nbf&QY~Ow#&3niet;vx~0ZAgV&hoGTK`im%&eO zo9OjJ#KMtN8Pu{R+(6FTG0^Jo=H0*pdRSJlc%~lE`|KJPNXLpj!N6}BN92$)o-B5w zPSf50oQ-)}*_zvGpFsr1Iq z(4rpCxp`RDEb4jcp0%z>L{&4}uGf&|6HwsxY2o7$h9sSSnA-pY~03g~KNkCR5is^x)Io&f6m1AFUE=JUvv zF-wRRk({I(-cp@v0Bv;Ssbh=n5nxs&w)Ml35cSXm4y5j*AnEemf6?U!dh`{TeBaK& z7L-W=0#TzR_#o0~CQ3W=KX~f;^v+-=Po)V&AU`sZBx6DwU;5|oVa<(oAQP|4AKPr) zQXD&#S*F_Mluzx&H&@PGo7sga&2R1r3DM4BD(Kz@pATArXGgpJa?4zK2*gI61-$KL zf>1y~q?;12uy@638gShP_b z{IVCLc|K&X{L$!sp2#ccqoKq3*N^Gu@!$`cG#fN>h?t&65fj3nuozo;W?Lo?G*?TF zSu9LSBhlmP35)zn7!rq#UnKfd+XQF{M3=DWJ;=f)D;J!1B!0(jAHP$^F(>f zdnIq1gQe%K_U=y|t9Iz_j+Kt=Sk8^4td=lhyGwDab3FJKQprD3^eweXlBe@HW*N8d zeE#6iJrkF>ojr6=q&fjkOYGZJM%veyi7&DqgtM{YORKF!U&S!9KS#L;kf>`mP$bRQ zWJjH0_Mk8uA4SgsXGP?Rfgo?in1>@X-V!YS0Rx!bjR79ua@lbTU<|H0WyVc@wf;u% z(LCg>OX+`7=L)uP ztrBLnT4Nk8xjVGnc ze%OkoU{Q1;g~jCpl2+%iJk-2~c<@}4wM}YDd(Caxmnmt`Ys?Bk+oLzL*8r2EiQTv0`w5$;W zcd9?^QWxLfxl0{P`liQI?PO=xq%DxOa7r<1B;e&B;*TbECEiI@JYqHAM4GzCH1?3W zAJ1t<6&gFdYl+jY?G!I0hd*iZn5V?~8ThZGT&0Pe9XcK-Cl=&Uu1~n#uTq=ghBR9o zn(%)z=(n>U`U1X+l&Mfqul{jI&3mV>!;{|_*?>=&G~b1ly0cTUd_5Hz-BKK-%4k=# zHYV>JXGLmIAnu8Z?CNrxJuvjACOyBIPw#&#pU1BC=86c}v65>Yl6nLf2)V~*v54P$ zY6AP1D;^39NQevBLFQ0==iye+_G0<|EUpa3%p%Z{{J?O6a)IjGKaJJyJK>6?!^k(Q z0Ba-9x$%OW$F<_(KA{{epM4Eu5DJFGg#?obHJW?&3jd(dPr~a4%aX}u+uxrWAIvOC)_TutUhkRG*U zYGi+~@iZm~uI6tDqkwJ>>iuEzuim|?Xj2&Xu33#c9%$k-TFG7t44+*u`3kZ*%`$in z$NdMHJ}xlcEbkv=`XV@zOwWhm=$D$7p+sx>S*zVypvKz4+qB#fVp{c6gR4MHW%9-D zK8{Hv8f6d9qZoZ2?E@k87c3a@?~xkAlu)}@p|U>4s@L3pf56iVcjD;=?>gggHt-80 z`Z=@OjUYSm@G)>MR-vpOEj>&vD^93_vJ3m1!) z;gXU*-8r1vwiQS+7Nq$LrBZd`ei;Kf2dEmLroWgI6i=Y?k>_DeC1<Qu!J+qcLTtEHNrYnG3gss`wlXk|u}yfXb;r zPns@e@Iz092J||jD}?KC*WSmP&EWpl6B)I_v6Q?7IT~rHRl-z3OD+6O?Fo0BHUM_1 zSk9Y`!kQCnCFc99$}TlQS>2N_)Kbf0BGWb8<8hT{+su6OV?F5cY&MRoUZ3PI4U)L{ zDzuP)){831&4Q8EaS8-KX6i3Qlk6{sJd|S}wcb(o*m;9L+ULhed5{_D4n6nH&tPoD zf?^YyWQxcz&(%}7#_1(Z+Q{yOxSs)N0QO?9sYzZ3d&YGDwRA_jOS9_BfjGkO& zk@5PTa?zjUrvpP*Vn>{62QL!rvmTTe*;<(W0`~ahm~z zp&%c1BY@<_$uKjhbdTW2F>Z*1KU$EnQ5&mng5VxpkwE)gL?NEaZk>!LGc`_LK1EaS zNUcUXlW`P^POdLBp^Cia0LoxRiezPR=F(0_T7AN~v5m(N_Z3fT;2Eol8FSfRqy+sM zi=y-suR$@^CvD6$^WwQFdRw-l-xpT85hrKtE~d0)*R^fve5KUq{I;-OYk{L{>$@#Xfsxx3& zW@1aed{Pu^Cigp=SR?FLZ4F%FGXUOl;%pTy?qaPBcd3#uMbj}>lYBMInbWoDL>xNb zCurS)PDOn0ll{iiU#4x%EQ29?%pLWOuRp1x@RfomwB|I(=Ud5Tf>-haJE29sFEa4Q zMn+WZS8|t9UOPwvL8O4kV@s(ITs!qysLb>%YgH(Mv4SA}32RN4vrPx?O^9#@>{<9e z2huROu>x3EZM|MEg5bTf?L8ADbtLD&zUc@;duLn zm|^22jBJf)5`-MbT`aw{E;RLUBZ|)b`knKM9ve3I$1m(ADz#bI(w-(hizO&6WJ}4j z(NX`1f?%r|PRyiS^Yiwg)Xux39+rTDjmNqC10_`JE+v1lbGAr0sQj6mID4|eF!B72 z8h~H4murf`S_*vWv>lctZIf*fV#sf2kj^D=@nGfN1L^L74@0QYGn=GPbG$O?O%*1~ z$Ac)T!NDZF5cNJ8fkCUxv@M`b1(mwxQuaMt`w0EAjG10M?l@P=m4%liFQZf=R<=8; z2pI`0747-2`tQsApxDB2MMp)Z2!x#!iRj^z$)1JL8Q&H}wz>1ton-)~e zK_$X6Kc0g)Ktv@m_$PL)0i{(q_;_I?CNQf7AM842hU3U=qytys6jWi8fEWL9;I#bU z|1gYsYr(Y7f$Gq6b>(kHErXSjS39p#gO+4%k;=Hgj)c&{JR0$qGf=Sa`O0ty`STDY zW2&fU;2+ef1WJW{-7jikBuJj z*dC=o4~I2+0d=+^=a9ix1*K@G%anO1>k{J0bPKmfnQl11H@G{(CR{9+Wm-y$p>Q=s zb;x(0?e~eA&G+nI`5R;09*yPFmeVTgJgPUa9rGVQZu$JSL9eO1ZZ~n%VdA&cUzRLk z;vkv_@NXkNKQr<)nE}-9`xTrSoWJ1`<3^Ng6JGxEPE!Z(7D`rTrGmuIwiU_-v3o9+ zl)oPN(UQ@S!DAi8X-jWs5ZpKku}AhWSwxGt*3H6a?(OFRpD)B+z00oPaR+Lh)drhYG;EOItA8@mA= zu&JDw9So{Hvs03^obT}nn`V8Bf*9MAUIwJm5G9v074BLQ6hDHa6Sx_r-1l+-y;%dc z9Jwv!kEqj;xvi|VpgCO}1uo87S2kPl24?)q1*{6p&zAL$wvNQjIf!*LNzjzan{Vg0 zu;F;WNs%m2X78w(^vWF7!<#<5%wNN{74g5Tyt})$i&^mJd*gcp_)K_B$e?fK{O5q%bMKkl49F!icY^l^t{a@W;>6uVHJVJ z(<6Gos#iLgbTJyy=~~8)O&09D?I?EuE=~UxP9?wgg4S(PrJ7aa*vqTDPi`Lq&sNSKBVp)3 zI_E8+@wLj&1PQd2Y4&LUU*YuYpqttVxA12!4!A$!tTIudACa8SO< z5>0vFfhXBn#}iM#H*1vNWMpxP25AlWBu z(E*Btz}OvI&iLYzA%wWNY;GDXUD0r?C9R7J2nG}9Q?u-Y(0D|V0pf0Ei`euZTh{&z z?hY=Psp6-4`_i-bl}7`PjQ`CHeNRJW)YQPfeTX4VdQZXdOHJV#QM%yL!kAG-LN#8I z5LX=XFk|Edi9jh076PI;r@AI$p%8kbFdgEa&_lGSXlG`oTB!pgWK+pMOF~ob%BN2i zv8LN5y#(8OpC7UfKW47Y&{O3sqC?F?jkwdNr-Rw+pr^a_he6v7E60eDhQbU$_F5_6 z*E$!UB$uRa@CSrLTRcr+#oY!MOl(5WUxQy0r@p9&qI=-c{@m4N^{*w!zsM}WUy1_N zU;8fSS3vsz_mXwC#)Ny~nqMO|DU?*(l0wY}b_YyIqc&%RE4hxuJXIUZ1l}!hvdpR? zh!}Y4lBWuYBV&q}Zd?tvV!c1%^<_FZPTSZ4!4+W5No#l;^PFaQ*PbB&KlnkTIYC!9&)q z{y?K;y$tAb&8lQ3=}&2$u^QtY5eR>xX2>8#>;$+5@FW?3Fo;4#>=UGTT0uY6F})i|Tb%5FH6ir)((An(guIeCl0i-awz9zCavlt z-4do&!4M;dDpAL+l|2RIwl$wOuTVuC7S;<(qnPxNw7V`G0UM!|XNiIe<)CQY<$S zPPwt$a5fO4_vLTob?raI@U9Rq?^!rH5GLz;r1%3xKSy7a;$r44??Xk|=0HdgdT;Jb z$TQ2ijppOg+~?_AULDqU*<_tefV{v2Qke)(}+MjU(beRLdl9j8$aeHNJwD&fHX@=%ji)zk|A7Lp4Q=5#7cMKF80UmHR*WsMH^OLD_Jn!ar+Uuv(sDA5 zK^eRHp!loGrr`>-Jn2L+-eFCy+mXUH=6Scx=r}n*VQJW^`kUoiZaULqaT2fDKJ-K8 z8l!k3Kw(53w}s^X{u~)$jO?2(DD_g~>$rlc1~#2s(c$b)Uo#E&V8HSh8NUOGL_wd` zo0+kc2>e{lx~=Nlhko;?>hC7Y4}2~Rr^?OY0vAmU!_tvYyy$`2OGD$8!g)PJ(fCZ^ zc`}5G3@4$*>6$=vpmGS;O-iGUXhZ0;H`F~;2@Y#woyUGQ3X%P-N&$B_+vR$3*&kuY z;k{%sWGKoBTb z?)al8TlL{m_WKjoBN$hsms%S3oM|_Ob8DS8R{>Ne?ZTF$#$TRXG;HLBmT2w!R&?B3 zX$pYycwMZ9Uuj915mo*4RSsUP6L%~Inr80D%{_^%duBShc$sMIp~&_=D|Dx?c?B{G0wmJ@~yRl-s}^p3p7w$WIS&|bxjb!CPM zSE=(|kll+~90y?=#nI<|j*PCTwfug6wijDnA2puSL0kqp*v=qou1d|mbNoPYt}u&_ z`qIw67Dxl6@WAKIwqVl=)%e=wm_m`16>ANBlrZ!#8DM1uM`cfgs_T?sMwp_Pu9`mM z(DOkC({m|zUec%1wW-{w%4rlB8tJKWy4s>h&bSXq(`9IySerm;#js-e9<@vXNK4I5 z%L&vZJmP~XEx|;>nTX==t}3?OG%Qol1|7EV^sh;jnijydNH>Hs|*~Lt}Z?ZNfq9=VF(x?k_Q;N^o z_{4_9X0lu(a^8)4?7RSZ* zpp7#@nW6d~9d11ahcoSkqqq7Cg#CF>X{}F8_L4fM(a7nF8^?kXNeOuvmj3Tn{|;YM zzfI@r-s(2ief@#LF=JUN`Y$)CMW=lhFKpK!Pc;Ynb$5*qSYRh`?#gX?&?)9!@k0~_ znggfBIr^3whaj%asvv_7Zij^{WMBuA739SkX+EZeJack~S2~j4{=QuA;PyB4@V;z1 zxB|5M8zQ|v4!Uf1+yE364rEmVZ&!O7{Ff@mq5E798^UpmsiR16^(mF+H@Hys||8vj1DP1d(wGUsSn93oST$SAX4-8*ca^Ngy0E7tw4`0;>K9!cHhXktwIxke?q>z(7D zyRh)3b}MLHH!ElQkLmahBbQGlJDA}?b~Pb2^if1H-!EFmj(zTZBeSpmYJ8vM+n(F2 z)x-POT+_yUQJjQymi2`|)_gZI_Kj^l_zI@I!m%S5WYiOyF=v?)kqx9R| zb-mrz1BtOdt)rQ8ZlnWQuO9dPpLXYER}TH(a`PT0+K65Y4PCfutF@av-9Ny*_2(V? z(4!SRvHEIlrpr*XIC*ouSZ zLs}=`b03T9m-jzLUcdW(qw6|%c9k{N-=7UO&7G?V*u~q2=iO=pZamzIyzDQz!oLju zK$#~aT?T>MOhmVSF5@oFT>gxVseFV8lTgz+t;`5!vg;8r-xn!nXs=5 zJiCTa{foDtu2!@?%0ktuq3oAg*f^^{`w*6l3+aA~xN^}!7Gx)G>`{+gPQ~D>RWBZohx{a{{@N&O5`nDw{P?_Ja zKWOSmCd!^Sah@y@6Od$Saw4ig8WU@GZGMPS?QZSM3jZjxXBP zK3mMQc^I@5v&G9XR-ZzQvRpM!`+GH}Hr;w-XOHAp4K%?iM%eS~ufrV9nD8p}Dh)y> zH)`m_+xk`sik;XH(gm%Sw1dYuGxUT|-z=6+a3%PJy}1 z08%V*WA8%Eh{<)x_rD6pt~)7Nhb0wboZ5PmhziF>qrE#)>{@bT!Gy1?zY13_?k1U0 z^LE<8ld@Ejm($0ZAnG0Amx&!dy@x~0A6gc}RKSvit+b1%~)m1!C z^(2WorDao!H=OLB=848_T}K(2I&<;vnC+@_M=uILyi#t`Z?Yg zTds}f4B5Oy21So1rCzcm_VjY<;6qUEnyu^!U;o>P%E)%2H zedH#a^*)NJPMkaw@lF(9hFPiAS`WByro=NICfqmIu2KI6Qj7`A_2_+QTcpC*=;Y}j z2C`vNTW^YbBEk-gohnF_-{hxge9tnIR~Ee>X+V^Xj*q%2lV4~*Ngc2@GRIcI&lW6N znq#HxOV{U4#>NR&iqF-{GD)fNF*Bt!(b!UCboaDnlBgO4`f#$w2(T>OMZacT zdqqyKLPUhy4(Kc7P35CoD#2|qy8{u!*VkFrqlQHFBaIfC;n4Rovzx}|fP zw4DmkLMmj7z;O`b9js&ciFk$A%*132qNi2IO=JovZRn{2Y$_p_3P?K)e9g(O1GTv?qm;1_sbGN*5Gd3G|&0O{4j(G0CpXR@%}m z@SI2&&@tayf=JiB*lmW9seK{!3Ac9tj;qJo{|rYe5Ci6T$L{5uy}tzK7bx4 zRqw+wipYF?fFlG-9y$K8XnxiIoQ6+_fmc z9Kot2J=LaMtXPFWHJ1mz!T-X*;yw`m22a!h!mSiRT*8tBSK7?g+%)HKt=cH8=UFqy zfnY1Taj@fGTRQ=j9>tEQ_3_n4rSpFjfiQuIm)|9rZ%=jpNYw6<)OC zo1%&L@2$(we$vy=*09HKQt@q&YWXyRFG+1Ce^Js8NS3V2>kO$xzlt-e4{=M-sqG?g zl$?(P&3|j1K$UnbV?aKK7_YE38f^&PowoxHnDE zx0qF)E-V(Kg$(7;Rz(4697VM5u+Kqned`BtD;3aD4Nlk5tg*azc!kiU33Otvh=T(loF$i&4Nsu6af81r}CVq1^Y@ko?l~B$Z|ccq&8Zo?XcYzMiH@p_iVReHx6Hb>bLH zL$5@+$;w={(Z2x3wb!n;)XD^e6eWF#lQ-=XEHv_`4p4g}rkPSW!DB=EW&?hx&E)Lm z>XQq9m(ahNv1abbhB_5Gf1jWjo(~|fs>ZUAwh)jD$5U}GumvyHr15!_Lm|a7xPV51 z)uLfw8*z>`Jko?e)@`Jxf@KSX%~~<74Ew~biSL~|B-5=wb}X;AZN9XFZ-r2uT3#iY z9V(oI9!b>$Eo64j&u4l2ttcz|_JPt zvht%^uUEa=59ev)BYB^$G*kXSF{AG&sDgjod;P~vMgWJ^;VVuzO7FX?r$~A2OWXBR zXba{in$35wzp4x>`C6oG5NW`AiI?+4^t%5#C`+rinxgs1QkB~JZplGHzqMY6y^!q* z4gaNlp58hixw&2tfKnrrb)qgpil;z{JeH>cmEhR}T+U9DZj??AJxOw806m@BP=Avd zgq7bXt4h`)jX_-F0T9X}i^a1<5j^@}HoXUkW;RDXf#MAPUT7iPG&utxk)lN$kSoAFQYm*OL#ew}%%&WBhpDcbQ^g^5fKDx( z*m8jx%W(=`svyE(Xfa5RmPB)|8?~}_bVB0n(UrB~%E^|HP8%T|Pn3!KjKn-Pk3D;d zr~zd|?cPhLp37C;?+pl)>_G?QcD-GkD{YlE>$F~!|NM%neao(vo(SkIlf>kg8bb?1 zOSzk|&IbkH0jlsua&?Rl9kGHZ$?Y^g3K%#ui{X{;Evjsbsam(FGe9==dGLI*ryf-r zRL>fZGx73J`Ml60W?<;B;UZ`e#e7fE4s3>)PmMmD!ZF!En@b;2Vt*(=?LcQ_FqoMv zD$B;K_mHa$bg}=qL4u5HG)YUoGh0_7t0BUupM2Mzf~w1lUE6YBzG%jh2@NbsI)k7% z#S!ZUvls|krQN+y4PIf#l5C>&pGvDJnG;r>_v0Y#om5VJ~!t#33ET!pIhM!3T_!<2y`gwJXSo-FQRhj1Kz^QBHI$}&< z#7>vZz-~XIcLsaAne*}I4YHDZjMFSQ&R?evdFU{+-5jpdcS6u>?sf7=+mPJgoygGEOkM{We7^OABjx#CCs+SQ+n^}1eP#MGj*3) z&rtLWEFLivmikq|p7GcynfFg@ikWXsq$C|0@e$_dx9%lXi$tfi<}bX2Y`ZFnbc3`e z=8HBKxFYTx^Awlk@_ka*aG^71Cqq}XO4s#_c7DUw`F1CD*_9w}k`UE;5MvsHJ~Fr= z0{ZAUO_e{E^8=9?W+#fz1E+J{JhnT^Fm`iR^-5ssgB;Lw9GXt4Ec8xTk@_%aeqWJX zw+9rrK8901&IeU4bXZ!m$yyDW`AM2wkf7m#LJk6l`Runb21ugRK zaVP${!F~OHGSQ>m(3F&V>>B$_GwY9Ojpn`hTY+!%4{8obj+mG$rm$EY{Kjj}iezT?- z$H=K?sXieo&pTY;_|BnN(pvp^?)V7HEr%y#2nH?WE9C5pL&p9kW3%7|OQ-4W9d~h8 zu79(#>Suk6J*5ALL^gjeTU1n3K6{Cr#hE*me0^8vt9Ytqb^$|#fXXhTOHr>biz>0R zytr_VyQS`!Iy4Tzz1DbJdI^syE_~OmdVMsz@D_ zw>w-^w^ozG(r23s>&}PoGv`3fTYOr4Kv_>zi2C#Z&kc-|(}5>@{0kcyS=s=}i$uEm zuUIt))zt@_2RkaQ@9))#v#CO{H@NWta$A*(!gUpaapeh9 zO&37}P4h4=w`VpKY{e}0kj{;IBgf!K-k0pX6U#;ShXl&Pa}?eBNtMepmEw?OmGI4C zZIKLr62)O9A;SzXnXds~(0tv#xLtP`yzWvu{UKk4rD5c$j(#}l_**;wR9;u17f*!x zPeV!+9h80HR;|^m60KU=%NKmwC=#go0^=y3Hi;MNhaJPkBV57^wcdz9-pS{mRJzcB zs5kGcIgOUjFTSLoK;Q14z~es^ynhgjBN0{NxvP$)PL$@}c*(g``L6Iwq4z`9zMWHf z8`F5E2lJd*HMHU?4{Bni8QtAgmCKl9Unm5xq6)D*h7_zPiwuMerM***t4(&s|JFOH zcH(vTq5qr^I0E_39I5+B1m#Kv}wU*axMB5Ga!|0bTPmN~c7Cq>YedX-An>p?pD9UaLv;MDh;ES95(FbtdV; zK>JY^Zi3CvF8IlhiAVy}J!K=CC>Lfw0_v3>Ho zX)Y1JXvN}s+&~{a*(?=0nCvS(1{c2MvP`mP_0J4=N^t{65wc#ydCIwEa+BnBm@lk# z7~i5P=$#Xs2uD~#WjKYogltJfm0PJqMX_|`?X4TF`CH3@@nqz8H2R#p(H4n%qh;Mu zqu!BBlYKu1NlbstJ)Z$g{>jHcU)n4x~SHf${z+&hTf|VvCvh5qxan- zy=)(>ey%-NC?x=ZlITRif&|sh!y>ReM-DXbB3hW4br)KN3t7U5?ryq0<9KEje;P8; zHKa`=+DnhML=~eN7Fj|zK}CfRe$m(%PENCB+1KI+h)#cx8(tnD-7S(#!O2JHK2;*K zHa0Bf|F%3rC>#|ur#VP!a#(}+!WBI8NQ$x!LG=vEiq#0C7-EFZZdxsNowD;2@yQCD z8ae~dH5UhJSg)sho0aaYmurrEf}9s*1vWF}OM`2dr7|;{c^k{_GH;`L!2lj{)n2|@ zX4Z`-%xCw|fJ$m6Ox3uK-`9VW zmuPGLQeALP6=$eD2047rSMnUL;pbVzQO%fc{tr3=$-f+jhLi^`AVX-`+9|BhCp?d@ zM;KJBywiP3q#b0I5t~aiUoO1vXL~TBfCd7$5Q=;M?O>@cCz3Ko@)M(}V`wV*0Ry@S zsSIr@bZMn~#y|PJG_{vVHnDMw`&+UoWm$gW3+u*wO)@K8j1jU=&!()~N<8-?Qx&Yv zu0)SCaiPR41zj5h{(wAeLNC59{)f#*hm}GK`>raWFF=m4RXeFp>_R~zTd)E6caILlVJQ%Z&cZaspMOAd)UU=vq6eHdnk>b-j&mn6j84vntv+%=SmlFz_gxGP|x>{?@4 zm9nc@=7ina>|QoDY6cb}ek}^KeV+ug>y5M`&saz+Tv_*Jw%Kwk@@E5zPGjlZT2gAI&4ZjjdtCSmsb=wiQi z^EylAC~0To<0H=}tqR&4;-;^frXgjNG$!u)eGv23XamQMZXDJkpwJuqMx?Tz1C&(B zF3iS6z1pv0?_!)csE=*cxM>4p0_zr zTu_9>xC+bFfaj@8YTHBA&n&6_8)Ck~gUk1;0;{OB=ca=?FYbR@7oC;M+>eO-1i_=J zE0ld-Bt!d4&Js@|AmWtfarVYx> zua)~tvnqBA)qNG;@0AAK$Me*GIbipkH0i@4rL6L<7VlvQMEI>tNoqju__dFeK=w!a z$-%d(p92L8?As}8zR>2~J{J67<4>RW#Xv^E5kkOU&fsvgpkLPU4!z-2Nta?7eZnOm zQjO)Sc-{roMR?_bxK%D-JA;_T>iip5+B%Sm$qObVHn7R+>7|#|35rT3?!}^G$>DI3 z@=!r>1`Hb^!>b#YlIl!080WVgWWr5`}wY8A186hV?qDJW!pvtM2v8O8_I zKKS@yX5r{!yiWbD33uOS1}do;o%%5@8eS(4F7MWA6dGm~GSoYw2Dx4RO%*r`udzRZ zFM{U9ONOZfa$mGOPAXzEQTWNm=kjSvc30k=Q~7`w0ul$p{$Es?#Z*@O)QQL zutBQsb%VD=o-!I8Cr!4=SBprPlr*0KZFrSD`SF~91V*c7qgn+?$y}xFTG^s z;JDvgm*_y9MK*S)>3 z{+*T&@V^a^GWGs8tiqMA_%BsXePnii0m%7GeEGh8$EsiC@$vrwz!wM^UQRj=f7y-v zd{00Z^ed7-TiFW}Y%iNS?wIwAjqx=r_Epue1u;E{ZU^G=o*t*^+fn8Bj=61Z$QI+I z=A);#K=q8+^AF5cW)TM&yMZ=U#JTmal}E=N`07XAv#E|KYd+GqE<6$MCQ4}OQV&~^ zM1by`Vw^-9wo6H6*K4=>BJF@}%;&Y3i^@oz@9g|VAa`h|{?hun!~s>?7tG7DxPIj~3SO%=M;CJ3;?P00BTxMYPcMouyWCx$MB`7DG#lqQcGvOjJf?1cB=!K7rUb}~9O zCfNhiHxCrw&_rcUm0JGV{lE55@;{~DnsXcHn3cd&97Vf>cm@_PcJixV1d;eJkCOFI zpi+KrkVqQ81<)5X3H)V44)W99f~Ln3GGCrK3@R1244tX%nD<#{E%!IHI`U;cyR50uCKIK~ed zm>@W0eQ|->lqoz6yStC8*o?|*>l6*L`rK2%oXW4wnHZNi$76lmXP4#|Qq(yb_e`R* z!bvL_x!4*$bB|7LZD!&a7-9jvw$y`*9!N`RZ|tK{?rBqQl0F}*Hj%GU&dCtO!iZqD z-L#=)l?ex_JEiN?Lqo6=kiPbu%Jp*7g# z`>l;0<3rBa_B zkhUVxerh)9iieK39WyCBwdYVUOeyoSCFg${yB5eMEqB|9apL&-O5+yN%t=J(RZhMpQYvR16l`j zZM!KlC6!04j@Tb~hb~~HSWJNiTeGC8)ET);}*qAa_djY{- zq*}m`t64Hu)fPJJM(B}prsQ;2LlOY7?k!_u3MPJy%CdJfO8Nr@$v+?zQ2u#>^p6wf zzfQVN{FyIR6RSUsAfl*%R~tF+y=dB>S=BL`QC@RhdhcJf)qm4S{&~~1p@hW(x)fyt zJU;L$H*%mQ$$?9&LzEPfBXeugQDs6cM|LLA@rdJsW4DO@Avb~C?I`!)&^M49vFXUf zZBETpO*u3y;LXomY&{x5{7R?p9pJa+V1m<=pSenYFL+(1s4)C{uAH9*|KsXk{jGX{ zgTV~E3VB(ASM3?hG$Vg*b&yQmpKABt7;lMLpOa&*9;C3e)F4?Htr#X(h$E!W?5n#- z#>@2;;+y|Uhe!qj5+g&<8ttK6)~sGKWcZoX+Xs z{btwKc5(ibv;H?)AiZe_raV=cRBZ@{N!M=+F`eJE^?{2>E|$2-BJAe>;Zy(FN6~F; z+#vE_N&&I2UDUV_qagWUhXyy}i#|V4a{VE{YrucQTaA7g)T@#xhI4%3W)Hm+-MhA# z+i6ix2T>I`yt3GIamDQ)MB~r)UqHkEEwEjYYRE?VX;?$4K6-!RL`8A&|F(E|cc$s6 z%Ei>fXQsyb@4fT8fx&+w`JZEWPQ{uPPuyaa0Fts;dnO`Udm@zIk&j@%QXqG57DZHP zzAy67ESGP9iirtfUZmOSEUek3korjvxzWXzu3J^8=3)-EGhfW+Be*sL8+ihO_LHi5 z_%>Hf%?2q=cE#o+b2rojxt7?Wi3UW9hVw;<2dX#}T4D|2O(|Q_9t0V!RetI;9uu@E zMu}cOP^=$?rOQ0tsclx?0ZG%$euKUwG{!wE?po$A`S-v7{u=+r#=pnHza_)JCEh-9#!IKC#$3jmo6|Inqeec;0+eJCpKiRi@(!w`OV<_sztDrFR?#^fy;f zuuI}L)abAna&+DjC2u(gZ7(@LGa>Vc+qRC2(9@@HNnft7zdxBW!`jr=*6!cOR*X>p zITzN%Iq|tKUdR5Q`)b&qqIQ=@+7L8U*|~>Egk!zc`PMpZV#M72PjPqN?4KWI0%olMEi@tMvT&(6q`r|6{)Z z?vrP|yZlJWq*c$ofFz$&hB2*A@ns65)V|d7aK}p(uTDwE7>gPyOG=@Ll;(S7CeDm3 z?WtuCoc)ixg|j~PkiIgT`eWQUcrT!=`{$)$=3%yB&S9S6E5lb2!AW@Ce1~vpt5$e$ zw|w!>U)L+sDky^vQa?6VEqISrue10|Z)Bvtzuj|YTATOvtbMXsN(HS=#PaQ4kKy|* z=f{hqvqZD#p-@>=ElM_`HbOSCR(*+vR_VBDd)mLa=WgJp0x@oSf=Inz$Ish8a~ z5Yg|@AJt#gKSGPE60A{5r~dhLo|tLA+AwH4OP(4Nw$u>C?qe{ps3*@N1XH2s9YcU# z#DuMWk!r7zjjD~3)yz_$RdQ^4H#%F|m~&SHmjitpr<792@pV1>J(j(#BAB z)82lF)Q5UB`=17dT_?{nv&b9sI)3`HNz%!Nu_|!`IF7F zrz5!!1RYZlf%>c7y&wGh`aXn9I-kfI3+P@V%N;84&w2FG`%Olr?`fn}v?iapLthtd z?y~dPZbul83fent%Q{@#p_eQb?X5Dc%7!%O)};Z>tmZp%YNNk0CG(RfG>lS}d1<9q zxiw-Hj1eeJ(lOS`D5{v2aM?At^O~lgHy4JJ@MNi&R!s6O=q4L%HA<26Bt;Eow%>a0 zetCVQ00pyBK}KEwZR8D@tj5&xP+DBa(7OJc~M5dpt)wx8EoHqw#om z<)1XmaL~6fBGcBDQh5UmWw0~qRJ=&nhT(z7L$Httso9{a7bRvrk`E$>;zHKv`>$E( z=5wMn>BcTg78;4$kqoO1-_%B4(WN5Gy%Q2$clXeq#iA<|+2bbg^f`w20cs ziKzriOeq=p(b{Y5RVU@U6sDxYE|}g$Bdf!yR z*vwZk8-(pWIox`*G4hcjb%`zh&xom;j=x6zRnw~b5x;!4*qIxl!~}mwe@qoN*Dd(z z^Pi2;x_)3=RWe?l!Ck+MECZKui+$O0;XEs0m7J=PV?W+#h4XaWTuBHzKYd)coNBs> z-SG-en`3dSw-)~T`}S_vW`g2bY0;;KiLG7w{wbH44Ek|^w3+Kik@qA-z!}vR}gT@S1QQ%!$RHc zhgH+Qnex8}R3*LF^i9ibBEFuVVYkP&>koA6FblC;XV{&`IXQkS%tw=9k&AZT-MK7o zRH+coeL80f7On4*S=4q9Ix%y$yDp07xQgpe15G2vGH0%3@oaLnO>sN?jb|rC2Z|Wl z9k`V9m{po(P>uZIm@OY}F+V}!VVcF$_Y~}{XM3$Qir&pu(sC01ht5Y>L+1R|SN?r2 zqvDT7gjUmJcz58(v)GRHp~9Tq1dJ+faj7ds52J-!3_O~4q*26`9(-lB3{qxO``4hQ zJ(u47bn{IAvnj=4eB0fMpNVI1;I5Imy^)zmgwNVQ^JPirwKnaddmoD*jh2k$YtU5b zPFA{PW15(b*+^FNvsqlLn}7W*S|u9hO1QB=Igmz7!5|%ex}0X2rQggkPI6^=qol6y z!@ZBc4x7)eWXnDFCGOb&#%MW)BBRUdykb&b5Li?Fs1xwh;F8{KKN@zkA#~%%Y!X~C`%!=-mayJCe>@ww+Sc0=L1F$G zb{2mgXeyy&4*a4D*!7s2>a)w&%U5%PXVgTvG~&G$wFS8{ynt!&|GW}eX$XHfBHEKQpG=2A%QHw{9r+thn zy+7+6+Y~b~4@5q*CWKK%#^iHmG+PhE#}m$p8&I0Cp0SHN#9^OBp*Ift6(3VaNIt#Y zuf%d=l8fh=65@ktLqLuAFWqce8OKm@0ZmQ$$6J11%tuNpGF!4 zEGk0^i3ZAsOKssa3Trsdvm|HOSyGUU^|_`O-PzT+qXb+$uPBG$B323Uc{hPI>L?+c zl*ZQtp^#$UBJ4@!lt&Sss0^KlcjXPW5qqz_eL!>GDFXs>>&+F`b4^P=)cqhO;Dc(} zJh!>WJwO~YhMYU&POn2&Fz)4>ymMu{T|XYf5;dbNq4`-^UYW6c3sJ| zTo(R6N)L>#lv6_sFDIVKAWg0S-E~9rocvi@f_GUh!c(a5lyj#*Jn2ir59%R}WhD*kXsxvip7`=;RcvKO zu>rT=GxE_?>PX668`JUS(P(WG%{khwAn{6GkJ6Z8xgt(%HFT|8_#N27-&G(Vf)L*H z$%Mvxt8kI1S63eg*6%>ZMBQJe;n=(2?MOGkwff)$GTo)9R8-D{^5x#1!qQy<~N@fq`-9 zGAP?1b7G}4P4=^*yG1LqlYUP7HuAFAV;BQ_T(-C90_p2;1DnsEqZRks_NwIRqOacn z+!@UmAARU6b_XKDv87!nmCxNNb_^lyQ0q{ZwO@7QYs_kTUAZ+iEo(6@{+|>_XgqNr z7ZUgE$biVj4xOx=qk%-ap1~AR7zioaE_!WN+`jv{Ro5P`@CnU4d@s;?O#>+jIoEVR z@9ZW0zODRRErI|+iHh36W4b1kKOT+dVx70LLJC-;eW6-NQ*^cn2!5W_MB(hBHYii| zC6x|)1bpKCgIiqt);ZGThk8*CSp?&VA5F*`(u{FA)S=P@@%@E`dX6gJ?hqGt-q4Z% z)Nt)T1N}}@+v(QH>yMA>SJvbXU*Qda_nOHZYoN$CFb?9m3hILkuy_m49LmCW z6NU|j?+%+FuG1>{6&M_hj4Xfn9VdbyM2T7(dpo>UwXB97Csy*<>@#yrym~ZJyiPf* znnIsM6{&fjv6Y8yBNur18<)OJFYG$pQo`bS=f5*V-?toi^}+|)sa+OWUJ(KrF=;d% ziYzB^=n_{kq?`$nlM;-4!tt)Y(WVZg(H0#QCv%qMa5ZC{`PTW2fAH6hL9E7!&IvyJ z_v!0?yD>#iA&f@Yy;;5?tOgN7Xx>rO@6(&V6N*zT&yv9U{*zJv_@HX^XuL!#^jQc* zl?1)UQM0fH!jIOUq)d50ica5CJW#omxUC;D4BHHcCT&#I8B4eh!Ot7`c zHmjvvh6bLV?gT%6Z-HQCrHp`4NncZs^}r#$B{DBb$oX!6zV+qu*hkf!|H`UbNBZc+ zcyW>0`b8rIOy+Xq9E8g8s4UeKtt8p4-=GZoNA+N zn-zaV@l%d_35O&fYmoR2#6<-EX7)Q#S%A+59Q3B(xO(j|8YcvP=PxY}3JjzSGz|XD z_oS0IRC`pr|kb>BNyeRq$lL<&RrK2Ew}nA zX5U?1oS^qrY*p>a+dH{KT;c|{SxnOD>={iWK_}F(2cqPZ8Yo-q&m`%*lsRvuXUQ^L zpj$k?>fhY}rZ92q`KO1%4PvtYv1LkAK}hEfY>+fj$b3Vb^{z4oQQiw|`2=4ymRidRI>_hjlZxs&bqdxnO@rJcyH8Q$($L*4#H!#SPbB>ly zdKiB)nF`p&yN07qZOaGi3(0-xK&X1r$pXyTZupVy$0s!(Dg%}+b+n0zNp#y(h)`C3 zhvSZV0z$SDglxnxC2OWD%J)Ydy_1zMR{>CgZ$`A;v66+v12r$!Nb=q~E9J2!gtv_* z=@PcX1amCygk5=z(<6P@N64o?K*!l|bQX2kxN7O-#h8^fO{=m*GsXZ;d&^SjXYL~` zmMSZJ%*C$Zjew_S(zKpvz>LzUvEhhXVHCgOIhH0AGWkt`07h=_MMg> zh|g1cl_mJ!K3^izPK|NG3(&LiZTI3mgIPXL<2^17{(U9{i|16t*_ONHP^a+fl?7+r z{r>YV!c7xzImxZzw6E`)#mK8CCrdKENC%O*NYmn5TUrvt^-y9WaHyiHK1;QV?&M~N z9~b}k(U&QBODp4ke^9WG1VcJLj9&ObeYsJiRWvk@qp5v=BjOz*czw_<eMV1GQ>U%Gi$ZC)iCIbE*!O8Z0!l1g#{XG(xdAXk(?6C@kYemv2@l~TW+ zdsw&i7~cc7BXCf*R^{uUHahg|O<7-azKYCh21jz|Yh~eO{5RgEyvux-kDLK`iCW38 z$=MI1k8I?83s$LC5sw?p4qjxwvcfFt{p}xFWn{0lf8OrvYk9iA#&?#C{LsS}*vF8= z_ey{weYar2-UC1j@8g-H+{{e7t=d1$w46xgu)kmif55v~rZWYf_F^!Rg0xD7od6;D zsGGkslIOC@y80fvZoM&LIW>&4TSh_G2{T&{OO*|th*-NENM@UXk#S!jCqr|+RUMO! zeODhWw(C)*qFby0Xta3&0Q55mUqq!J_>xfoKFZr=0!RUNREEbqn_HLd0zEnpCA|0P zrdH8p^_#7+FM`GbKe{HqYW&&l&H|MmOqQ;1SiOfLvaS5bI4WOae%KrA>L1~@ z6wkkycGgH>$*!<`K9LD28r4kxTI|J`m8^{qy{{nq*p)@ zI#%KGpV;RBG)Pa}|6^IO*n2sn1oWS_Fo9@*x!m=XM9^}}rpU0UA#i_u!RkFfWXAto zRq$SA%=Mb$Y?sj++A4NLe*r?9{Jgo`cpMwzW{;9O7|W;8eJB^ z9ueD5#bxyv1;GNibQxvu^}VWUy8pQL#~<-(-(8(bmpTiiAd)u>K&9v1u$C)0h1T-G1#BV70+-()a*A3l0UP4o;}C3 z$_&0Jx>witf(h&Q=2|)V&yDI0epF{bd;M{I#rVOs`p$8Y$~Ya{$ua55S5u_#aC;p& zB_+9iO{)fffo%OMr)vK*1im4j^VIJz(?a>pGD)6z9M|HFv1 zt@g?7a*I=_ViPQhqF9g07nB294-8v2;O-<3>&`Gf8#v4 zNba2~vY8W~{?3g5j(m|xMdVe>1_1J*pnLeUQ8aCgF;5WSLtfo1Cy-Mli~U#P(JxI=7Wh!UZQ zK21C_vfP)YHs8qWRx%!K)^3zkfQ{sSo$pq$&9|7p2jBGN3)B-}G^CAy3S29-?_pS7 ztfy)FYk@PQ3tW3I5bVIPP*?7}HU9JK=SR=w?t5=;T{=>1-%-2+u(F3NlFpDIKqwAc zpPu~b>+lOsTO&M%!)1Ja4bL$meqFS^TXaumk#9M6kdGl1;DrMKtYpBcKsfUV8$KH3 ztJj<;0RZcE8zJbd`|h0b#*a5W(eL=mp!n0CJy!vGTsFt30)bt1{rczL>PGUhQUI5N z=WIh@^TglVqm3;5c#IZvBwg;8zJ;nF6Vk;US1uDZ?6y!eXCSCS2OuX$!^I}zrsPaf z0|htfCTqML|G84$|IqjXL5=1JK%54T6r0c$Us(tt(vJgJBl^$gxVR|;x?eSlnreg= zOwQkfR)a#cLMg}^eKEW9R##!9V6xi*GE_mvk(X2BwMy~`!in@Ysdl%n6p~i(_`NpR zd>L^K^dWAi@qFgt&ksHb;_v6Z8P_jR>Z``8U=k>@vjC#)*FuVj1c!QSkkjjwMxrTz z!!NE4=DUiCRqUjVciUIQg7hwzFS^$ngIsVl@E%SF`dF#55|KTU+Qmc%-qQGW_ux#>d#&Zh#{xP z_Tyd2_D_{vhKM8xO%<+B!6w_uzxd6#Nz|K2 z{R0uAegm8L;)CJPLn&w1>nsvqGX4nPy)yh`_@UWU)0>b-KOYtNC*!}lHzNPe=cc&e zy^;@s(mqeEWDo+{uf(Qf9H&jUMUQ01#dDL}TjbwOb^?3gR1jT%DzGkSazykj$Wmd3(k)!QL&xvYHg55HR<6_B_`=nUnZGwl^E?Ys3l|v(Q-GKpU@1x($E)0Owr0M{VZ5`<>wL$7!>|X)UJt@Hcir-!dHyMj0KB*P_0sTG%r4)xY96*JZMD{DMi-^NTuNOk3!CCGW5M zfh7j)oN9>xHt(1Lj&&sU;(8dQxmk7X{4l2#VLw)CEos{x2W~s%JLz(`UAIG$Q{F0B zQnPZ||NIp25QiR%&!i>*`!l_2SDFLxNnwollnEuP^uWsZbUGoK>#hyQ4p`uL;d(XU zyZ0*`o_#d08)-N@c{Ew=k&nd!LdY}NfAE6x@Lx%HoSL<6I6w2R1C*4WsT0E`u-aM% zP^GbhsTwbr<}l()_jwf~j6Xo}57!HGUVYB`bFakAFIllwcc*$Wes0L4)MYam@LH7* zhIkzpd(wny8m{|;!>tP-hnfo)7Ya2J*bf2iLZr1%-4Q&bBSoBZMvxPiV*)6k1365d z&&J63hr2~nvlwpN;`elM^Jc!Y{T|`%s!S<2--ah3)b@4gWl0a7p0~5OUGN^87no+S z7qw-;UIdnEVJp+E!2^o}^E6fCzCFJWaKQ<%s#7P{m@RPSdVGp(xb31_$@R0qli%x- zu2a$%goW;~j5Q<<`+I$HTg?DT@D9?VI^Gx@d?ZB@@aLzI>CyJ|)`y}J&-SSzBjKZ? zOGaka0J-woPzF)S`EYX_3~V=Xw8VUpc?}+nOOjA+l>}p0p`sAs*QOtt4Tu#7#wCQjk;>#cg)xv;+__+fybZRc@A5mQA@) zl*|ifE10p-3(5=Z5nnD}e^|XGe}-A?Qx4c|CUyPF50W$Um@vGI3x>xW4Y72sS!O7* zY;3q7t4_DlECEl@$FO$^7vHoz9|f-j9FZIrImYoEO5-x|+2btH#p)O+K?cWSKaR) zTGNMMdv^Njf8;x9l|$r>d!&lT-JaK5^m=H>YQ)@|? zpOZHL99yN_W~QQPSex_|PwhT6oP40;RXoGw$BKz$fc#|qg^|UB3;OQOokCsTar-ox z@OBJT2hg<1FN92foNjSdKNxyjbINHv#uw}rFRhxVmes+NX12h}Ya+nP^xmTnX4~$5 zycz5Gqu^$r5+0`_dTm1f$*lhUtO;S$eZ&wW79YB@Jr8Z5?$;T5nXq7JU0 zgfE0MU^XlI%_3qyDRIXEZlL7r;eE%(gd6+lgX?yNrNOgH34s-C0`>xSo9TfS!fnc9 z!kkR+a9yaxFX^&AABr{w4d2ZX@F1ZT`7EZ+IMw(?a_k5 zKcwL}iOHa|}Ah-65i?C2-U zoe|4&yPKs;)p#n^iEl}e^f~K`t!L3ABGSm47nzI4Zu+~(MYT9dEtTbtqw00_+U^mz?)AA4@5V205 zCmV$Fy?WAeT!(bhZPiQSyyD_J%NY0d%WPZcYuiHr?7hk<`W8lWUT8lhTTC)mh5*=Dn z=OkaO?rgJqiFC1h8sHF%MtLpQLwzmYB}S@0IX?8E!R9f;G$Ioh+{%>;20f5wGXPJ|kE>fmUxcH58$dP(Soh(a@Cm{=HM^JTwbx8W}gLpk(!>}y3Xe9Ew}?@|pU z!Kjy3nGO3qTHj~s1IW+f<6sJSIbqUPit`R)0es`BfTNXz4}oYz*Xw}669|}1AXU^% zC9+l#(U^;DQvRH1zNZtwDyWdC1PgBSD1(y|kSn(~bZ#%o!Sv{fsDfDVTW5tXG!*9Z zkI}D1aH+gkPKfYVpV1%(l9H4q%G@{xR9||;L2mSgZ+V(yw#z!$y~f3UF~`TAaIz9n zGl?|WPgcXT7&|nZ3q5JxCkWjA;GMUD18 zg;&6vD}8Re3XG zvK%;Z`tNVQG4mzoR1r}pwab|7%9u-oOkr3W*NF)T&?`a#*Mgp(iK6-9)3(W+DQ3Gw ze_Y3FjtWME>oP!QQRmHkoD#c*L=S}W6WLTyJcl2fjVzwbN9Y#g5kM?;C8LyHC=Ftj z`w~v@gS!udPX8DkDF)G(sYT{!OJ60%>A?j{s7l#&qF99+Qf7a^Uz|kwqe=_huJ};Q zItqY@M9JP=Zr@Ye8SWq=#*e0mizFRabY_xUw`haSDLn~^4tUZO?dnPJO&1wX$B|)U z8PtYfe|k7sBF~EdEr^!$S)BW?@ruHYJK-sWhp~5>46M1EWbLc~#zTkYecDuGJ!SV9 zUG09Ki7h_vc@^VR_P&H=c2>kfbXaR!4T7LGQKcgZzvKHKuoXT#4y#Z#j?_p-694N8 zlIl<-$v7jDqId30oY`jNCZ*M`JQ32`GK2|1u@Fd-ZZ_*3zQft6qMtb5T*!HA*A2sw zL!6ha@qM7?Wh2=c6L(lhQ-}WGVj5HoqZz=E{s2eUz%<5SB5)Wnpu#bzLCYDTh{Tj; z*|x4?wuwUel{q-gc3)t`2n-dx6fmLy8$@XkMUpSvlB@Wu8bg+2@V`?Fp-iPDhfy)p{D_qp#iL;}AW+9+ zk|gONjLpxTW(f^7IB-WOJ?T8AYDYomgDEF8Xbev%v$-GUz9%DWcJKON`2O~{t6Hef z;#>1bS0;o3iOV|jY6I7GgP6yXXha(WLEjGJpvp=Ff6VOMl2dAHH1sCt{g%LFJkpz= zNu)33DY4>Bw(N;MjO$ExY7fU-FvjESxW4f6>);)X_KCDqv$5gD5lHPO-m!y|*hdN5 z!Sg6>Y7-)I6@r{7G(HhQC|p?woUF6AxFkxw+7fa~!gsn5guS{L?h!S8>wXN`=HyXh zGvlCr2uE@;T}zBrKdCz_p^mQIolaIPB~*dj@>cUK{;HbNav_0rFpl~>TA2IEcQRBI z4eOo(MkVGvb49uYrsH7U*|vB9v%~1dkG6JR#~EX!?0nW{yN>U44&O0ySFEN9=s#W% z-|L^tguM@bCk}O05dY@0%Cz?r<4gpdHK0wnekT!6Km{tgE3&WjdieckKjQ~yEs(Ee z`0Y)E33z$EjQPqKD|!nF*s+zq_e6f;RYVKN^^N&vHE+>hp+Xeu+6<8^Jc{I$?z+z5 z-ohO%qE9_S*IKNg@~n!1k1%okd%98dAKX+OnOEDy4wv&~5Z5xg>)!!;Zyv(W`Yhw} zvv>o`nlu5V9-R)bFBk>of^-@6LsbpOJQXozh)#U8x6}fa!CEG5KEMsUuLux8;E}5V4GK9 z9%GiV6wcc-0y){*u`S(`%)IE!i}3p7e77t z&`RT}(=WGkV>LVw+Udvj8>)y_*}n9VEDIi}wO5u!6VXVPcua-3WF0f6HKK!{11k`g zyAqgroko@*G^(%2TZwzlIH1s}sq}3292vU?<+N2Ly+L z!-JuBu4mpXi_TRG$dbANOetinxdh*G9*cdlD`)2gBM-rAzDK6ND@x>zxfF1zq31Ck zH3bKf>eS2W);>N*C{qw6JXDw?gj*A-&#AO4yqU7o$v-3%1#OXXuczGJ&2Pe7?RoH) zpxn@zMY(;)gz;P>F(QYYf&)d_K&?p4%BVo59R7)#v5l^ye=nj!fR(S;H!FwKpnY$! zgTHKD5SDRLt$>#ABUbDZ!^zr2#_2Pah%Q|5@Ko!Iw$&SvO^nvWyQEzI>k!K3S2nM# z#374Ag+d6}T_$E;V5y$kLIp@MPd&IhL;9P1n<_Axcem-BuqF49+WFR$KH}i%Hs|xm2V?#hNhDU z-}ej?f{i1BqB`eg6JO*myfx{jF@{iZ&@>)!)ndNFVav*fbBZm!YIf+e!>UFZ%TWFn zK7(Bi3AOp0T`dd@B``pw)-D5!Pxwv|no9b**?0G`QjQvmDP17`x*1fFC=kK{U&8Mv zOc$>t&SLC+4B^NigIPwKIODG2^M&Ns!gHJp>tnen;yz)s>RI*QKk_D2V{|OS>7cObq06tqd z;&6s)&v(NMW1m&KOlA6|(xctqGQRD5d6%0A+6?J6BGSsDQ6T1Q>l6r+aE^BnBO)O-P~l~% zE3l-JjM++l&tco+b^{|CV9t~=j0t2SqMPI*47XI_=2U{hFuX*3%&ZwBFmjA##{Rk` z@{rWJS@eguZVnTHTpNutOLLYm#<)`JAc7ki991we=5jMOaqfL(8Jb zny+@~4sXKl#cL9q_FeGY|Kgpq;f*YaQ*m*1?mh~JzoP*F*BmVqo% zG^f}#CZ@b+{dP8;b8}14Sx^lok$5VNWP#g6lsTIGQs@uv3`qNin~59Y6>Xv(Ixwqw z-xK~h;(^T?zJ4Br7>$50k^Z-sOM1^snQS^mCBvqnpS5$Y^KHzeR;7E18GWWhaaxs% ziWS@WydQuu1hms|K75BJdydIzkZ3xR!1}{g)wJ!|`(ijgw4Bo8=UigA8DhR@`h#=;J&hORY9?@NY6jfdv z2Q>J*g0#^|;EA(b1N-cEw6qdxP(Z19HF8IlmkVUyoIbJn9CRr!2^?#7ic(^-*njNq zj4R{>V*M@lI$lD0L?jW3yFr+&moM-S6PR9?_PTdbAn(2(QPYgf9BgqfHsm)T!uNLV z+CN;nqgRJcJ+l-@H>#F0G=sb<#Up1Fj)dNfQ}{LZzT%SL-M+Wl{b&1&+M$%xIy^PU zg3gSJ5l&4SPcS+Hb!~@xEY^?`+RVjfw}eyFDRGOy_z9-fE~slKA&`%2lWzRlh9A7o z?*~eqA!;FWmX2baA%G_s>mW5ZTMkY$`F%YIwL#IB^9NUUz+CqHdz7QtUx=1S zzpVVlN8PU{d>KZDVpZI93SGCBg*Xkb7d;m;Xt97FjAr&nK>7Y+z~X z%Bp?j)auVhQQDW|AJqVX72Vl15FkJ%Kmx$++&sch7P-mDxm9~v60+RyQOu=XR;!l? zRC!w|^?qltNJNX}BzH0c7O53!r!7K)WGMLIb-BA!`wdf04we&E*@}#chLPtSXV2>C zmRj<9AE@3;U+d{F?sjATz#gCc4uU(OG%9T6?mp;BS&+A1GGr2iaLMp2)&H1ZM# zhkojQ&?&7DzjMm^D0(gvhbozWs}UI^{*mO2uW*yqo%K5zl8)DF9~Fi1at@kgZ|G7V#lVa^%1(x5LbjTXHB28YVr=gB~eioYy>6oQD2XQntrT0yrr@DxBF{M29 z&}LHXm?yrx1Laz5onq8(TgIxD!ZXOk{tyRTKyZK(=%yC$7WYH2eOrIji7Lhjrusw0 z>zU{kI||U+@tu$x!p|}6vmK9%TZujdjo7X@+mx&0*d`rp+Oh(mbQC{u5shy+9)=9Q z{7q(qWfg3o*&V{j;#ejf_B9m+#W&p9S!vFO^q@V+s_zTm3zAs*cI3Iao)59Ac_0b+ zSFD71v{JoW!ZvAINJCqN@|7f%1zs>K1fE|O6MCbS=DWj9Xb}-Q53`=*e_7qDHxN;p z=OsSKc&AC+UQYd091_1x``w#cFFeJs(^2i!Eqsg3d6F&|Pf^%ZTp-O$1nWZ?g_fSX z+wqoj{Ut`qTkAdnIC2rk+`DA=;#7M_!BiZ8F??dX*NJ>F^Z~RL!i0#Zv{a@Umy1b5qB=JdWYd2<{OL)jHeR|00WW-EFTP<~l}GnEdfZZwKzJcb$IWpASm zp9t$Py|w3?z_*BKHpHEM73pd+No3&t(A>oxesnk|QIEGk9IgEV9;y4IzK|qU$Yh~h zK8V5bZLSeKxBlOug-a_zQI^Be{mqUXDozb5o7@d@iAE+INaLv4i<35=#fv0L2hDcI zeRB8=S1R52Z5`fD)hPRnHmJrXMNXIF`9lQ3cXv1k63Q%KVVXoKri4?VO!q#Ypag)m zzvjpNZ6;ya5D3a!0D7I{7A=;zjJmOPY&}ckfH|HhpStm7l2dqm5b}OKUzCJUK6`Q! ze+as^#qBGp*qs?pZgLJHh7Kh|UO-x1P*mlr?Jrlj&J{#CDO=`Oaz@-<+uM@*Ax6DITk`;{x?*Y(LwIe=xky?d^n=3if_nJosL0x zVzH{gHocIP(7`;T6l!qxEvieCHzeRrR#bfW-yUb|K$Yx1Ua(|hogg8>^FmoBgN;BEQm}HQ5Glo|X$3Ffbqmju>h13qEuM0BJ-5(E5SO(qD z2Ep`VHydjH_Bbr+T;|&Oj}0VLDLTIiJY@5m2VjhKT?x?dP|noq>_PdmJ$@;oY?~Z6 zF5|yOrc3}*X4*}2@TpUjgQ=ejf!tkuq&Pe5xtNll>R*=6o=*xNg?SC9W=n)|TC)dX ztka%xhG?;le>>5Z?vz}&q-THdjn%$}%1e)4$vJ9MZ!9P5JPr?_Ggf30<4N|nzVBm_ z%4wAV!5AY$$EWN4VA%aUThz8)T4R2eJkCma_{MG%q3gyJ`57S{^btni4HCvug;%{VkIHOj9QlX}O$^%5l% zWxCp)8w=`!p}||lsFqos> zrj)u5VEN=i7p?7x(wXCOil6NiklOi(*oet&J_2+jpSlN6SZ;F-=DBcwqq~^(tAPER zQv3L5G*opyJ)b$W{j8H#G$-=EhNrGEFWhplF<_=^#n2a$qTJ3$tGTC`-*E%NLm(T# zmL2z11k|17s1A!%6D6q}^7E-byZquRlN}a)ty0ey?J`im^144cXMS9dFRXu&b+;G7 zF-w}#*SE>_z0|r@H*V(AMaBRMl>cW*-Tw)iI{Gu-MD=dpy#t#?(&QC8KQvDCn zj<^ycVEE~gpi$rh|HI8M(*gnld@tnvk0zcoS8Uc(2!e~DM2U4(CPy#*vp1Rb4Whl2 zS^o0#v`QBRfqwPB-o0l2i)a9|w;0ZYa0TiBP86CASP#&UaUwTC zOYk>@(z@y68fg>V?Ye|IN3u9WS>B z${US;rpfs0(=T*N@PJ+AQe+#|-zi9P1T}?+fC;SIU&~LJ0F1NMCBb{2K_Pl={{_b< zkC_Xv3_3meNBeX!RW~4+fUdp|R>D#Zt}HiRG6EZ**}IQcu@rSLh!EVI2<(qYQe(XkXiql+{EVxi)}P1TtI>_ zV)Y(PcVUtSO~od4eHQ+)E71gg`No%az3{)u1+KTqu30S*3F~l8OEfkO?66@*t-G za*W8ilneRECJ>k0_(<+Q-x47SByV$fB<2F7KN()I{@b-1*CuOyim(B{*9?x%0oAja zYU)~cAr%Td=FKW;ytK6zU<@W^0lx->;ddq>DVbZH#-ch&_S8h6b zFr=qA4iq>Ku}3>JsjQAbjVE~_OT4oJ4$~+oET5k&x2UAHy8#4Npsi6xMr2c#t1Y%a ztGK8bwRpPD;}6t7n^Ewf(oqZl-n$K;==IAN=kXsF!KXg{fO>b?p2EqUA0MnvcEE#K z18%{yG=OF$Oi$(j6j+;rs<146WlAa_7P9}LaQges#=z_F)4dLOb4G_r{gX0tzvUMt zzcnXdP%xF~$p#hdaT(is5~kW4ZAm}!p=wvi&EPgZV@x*#NN0bvTY!m{FQ z;8AwZXZ;He6$_|arSpYAQN3swS5~P%cB{(#-rBfhjt`=}^^Xb@!Dt@PsBG`_E1pk9 zXO)KF6Lr`6Y;2BN2KylPU-@sBJ^k}*9HhB=b_tkXP>DG`%RaJtwwnp`TQwWgZ?qVV zKwPi|M2=Ta?c<&8Hu{dN_ZOQEvW=gd0NtG(lYXlTTzd#AjB8cYWNq6i`D`w9)fYv0 z%uzrLFm|Cxa%%)StBt9eiXK<}=9%F0Q&%=I<_j$k9R(o?r8~g`klvN#9S*dGE4{qo zSAL2+=x_efm@DJjf+BN0-%Oxv2X*&W7xlz+c4)ewBkWG&G?&ydNfmi`!kkl z1(?$O22y;?KFxeZO!+tG{*C=kuI&?qam^v_RUFMxvaQWzrlgDKX!=_*ORl=13XLe1779oT?!*H!y>syc8+AbEOSQz!>Iqs+FW)@O{SLnr6* zODVTk7n?j8f9@yhjT9=1)~B1oW#^RX8UJVqS>s{&kxYxy)j(9{L(w4rs%yT&ZDhaH zrG$Bu?zO4|MG}ybOnweH-gjmeL-I``CR@McjmP_kyYtwpw?}>N4{v0)uu)I1h@dCBZ?w{9eGySWBW0r(n48fkU1H&R@hD5~?o*-hh&cL(Nr?$_XrgftLK8-(ZLopbcM+9;JCMd*(b9gh`mPpf zV$k|8DF36rN@jrDZ_M?W$cujmO3Shu2~^HsBnXI>wJ1)6&gj4N?Lj(NOZ6r?pTu!A zrMkBTU^Ze$N{<$K1QA(fYsIo-Z3n9nhhw&2sAn^Bzz2+Qa7o4Y_!qdsoNQ$E@rB5+ zhOkMMYoM|LtmKczaJoB~A2&Lm@UuuaCDLbW$g$&SjpWQ12((&R(id-QNGAO$`gPlo z0ZTv79I|(pvv4()Rz|PjfwcK=yhX{RI{qAzQeGUR6gr5?X2#ubV*qKlkOkshWILU# zAR@aqS`_0RtAt||QaBro6u7}RpT&tW&`&fx-qsiFFDXx3nY5_uoFuH3oZ$TW<7(Yl zz#IMd=>CQJW_Bw1;7=R9s*)Mar?pAeHwN^KCkOt_$1z(e?O0H5#S6bFiu`9!L`Sw? z=||-_pOlI$Np*|I%Hhn8bMaQH$)6fnf)P%L1>_XBr}yJ@tD{S)vyY289tg`t+dtA| zDu-kVB8gai$AM7Y;|Yctebp4%j5%$gwAbLNuStyzg+6R7MrZ##TH}2~={qeVBFH_n z+Z(j7%l^Zg^C`7f>fT1d;SHFeNW1v}{{Dy>4L&-Qb{+4-Cr=5R?+pGtkmrP#=joSd zRYoh+ILq()_Oufz=g$kXAm7?jr2U=d`HznGgaw(JMmnY#=3Qd`X#vfx8^KqpMc`)1 z=GT`R!0Xe*JM)T#+!sh*h>0O#2B%tRV3D3*URZSX$lop0u}-z2tmMS!wV#pslUqtV z%FZ&H57n%A`WXJ1Icf3Y-r~)fN6+sv9_z8kUsdAMzZ;B+x}YtJ&KsfKEuxb&eP7Ot zqnVEm!i?!ei0piiO?Yw3k4+2TH=;jn*xwMK`xC<)6@b*TmW$;zx`EHgT0kNbm+rXV zZ7A+YnLs;+ZD6}PRw!YabX;=(`jF02q|H8}6KCX2ck_Cbcw1Oh-xPBt(gWV3&KUQs zCP|n>ESxw9>S5<)74bGDB^}ZjkI>n^>V^5H;@f|?=^1E<$B!xa(+_ZQ`XXseTRjHl zIeZxrDE&vid5NGz4N-Aw4o2VixH+&L+!|ZHL$eHOQ!O+h5_D&0;Ly$ ziC^(Q#aXvHzcFQv@=hE^A!Dqi>Uk%3c1}{do`WZ&rkXWEFELETkR8dIywzM!4A}Um zlbz<(YA(t5Z70v*Ba!Oksw>o6ie``iia?O@@2$lOM7B!{I!l&B{>mME@9T8Ay{O;q z#3QW@&iwn^x%64#K(zlnskg@beVsQ$QDl;lY+AaTbZDLg%LW!x8d_z=No2#athM=s zXr5!HjCDPCpVF~XuT0O9qQbLGb(#Tr3&AgZ>t~3t^BpjJiB=qv5XwWdKVn_(JT;Tg z7RbSl+Ikt?jJpd@J;Q(#<0QYE2!B~rbTKk+iTLt$$|+f}W>NC3o`DXXcAQhW!J6$2huot0Nn3Ezp45%;Piu2mm&Vg)!RDl$8aijs$Lw9P;%j(epCxe-(6;OGP^rXS5rhkdz-oa#zp5Z7G9~mM2>qJE0CeR6)>~nUmoEh2zCLf-(`9s;KgQ7@c(4ij~EmE%e9+YN#HvO_NGxClmNI&|-7fuhvC zOp2YO7xB+)jymW&+j2B|v_hrPuOsd6J89<1qNVp3jDkhDjP&<x=3I$fNJO%|YJBnw+5JOV6AwKK1O>@?x!c z5_3!K4kcw{ml4XSLA5H&C9$uzAye_`MzTzJm%Dh7o4C}~+2wUWy-=1J^uu=B_uOi6 zO?R}r!yy$o$~AX(!#mUo+~K;PrAdd#aT zUFiG=#kv1_Ys@gjKvek}N!FxNxxrPeZvHFE0cm((G!MG>$F8S>=_8>nW8Z@xaCk?U z(C|J0i~T*eY3eM~nk#RwgH4_2R`#%A>Ka|l8LS+6pyB8GDv%SmR(EUeITV(%D}wegfJ&2t9wIwZuS-9 zSr=PAINhqc$JZB`i&FO(;m9_fr=pDY!3&QP#wTh`)lDfNg_sG9(9L2LoCrJrxWO1~ zyEHg^aH!>&k=WcW9MQ}X21{^1tshE{6x-h&h@&Bs}V|o81ZBB;9jqbWmZaphY659jB6ly|4ebIhrHR< zNCV2c4--}DI}B-YMTh<1U4?$AaSX`yX8!YbjN+l=@{d_4z$@lCGAHEo)t#+ z-1qQ;D~iv;C>OVvNvem6ZH+hgSd^DjJa+?{>N!}outrcgMgtl~jt2aH{NO(%TK^iW zj-*`wF&Z8zv9PE9pZK$8hQe(BIS6o&SUORD7IubR?dS!-`)h={#`3lqAn+qj!DH`R z=jE4R^adbu z<^1J_6x?QKz1_aOh$dCInS2tq^~^UMOZdYBs((cC{;9OSBw^s344K`^Y-~azl2g1dFzZt_U=|(On#s}z^2oygl zjI0& ziMJaHv5?k5&>IBDfnqn(dn25=AmOOJwv)Vx2GintYM>qHKun+lpa8G_D=04)ez4UA zshJmtU$Y#knJFjYQ@VQoEr5or>^V#phsx{_o7O=%>l-u%*+E+0hIc@|Aa$9az|GFJ+us7cb=l}$P3NXfQf}j%6U4tmTsJ`0% zpTU|Fhs9?zqEE*mu_1;J)s%0?fQBcyNuL`_$7L0Fud5Dg-pzvzueyHyuR=ASKTz zq|7W8g7nVaK_Hq4Ntho!H+%LE33IlxzjHMxie9Ukf5>o@1Q2!h`1a;kv9t7n_xSsY z?$ zf#K5#RU%&^g3@_TS?6v}mpz;Y=i%P=MhpM}V|OI1-}i58(%1Pw0%}F9F&GI_m&e{& z?T7r$o03xm!5!jV@S2tREnnN(j6J5oJ{;4HAaGPPK*E z^FBM)&-e>{3g!y1HdX*l>N%9Ry*Yc?eYxv27$ApAZCtu8mA)DEp95Iuy6z7mi|OD2 zfL=LxBcE<_;`1@j|E5>28SZ#U2?W{_|LpStCbETiH!6A96-r2YEgac->AB}b=&lWf z-)bMHzO%G6eN8A5i+~Ysb*UfM5u^n`Y-3P&I|aW~JkP*QS11S~%xzw^Yx=uDDj6;043aBvLEQX%wfBSNrE4$Nf)LsgAV{*@&$^WbWOR5CNT$EPN4;2e*ML9lOFRp|7Z6g1m$6Jh zxfBqke@n|3)bJ3XU#|ka3De9Y9 zySYwlFdtB88raOFm`Coes9J^6FX7}V+MC}+!MeW+40b&V-akSev!x&zrsrs-kb!B3 z#tI}^HuLid@|XdUB>%X5%!m?LZ*I>L{Wkv|4Sg!%%MZhMeoYQ``1FCmJ$qAEq%|X;v02mzti635x4sHN>ed}IU)2d#u9R;buKTzy| z{CFNebIe4Zw1W=m*Ovwtpf4J3eD-rP!yt(h6?%>-a0e_CX$z7WZeImr+~WPo#{gJ4 z268`O?m1;yAO7h(SUZE97V}o{9(hf{rI%;xrdJY|T&sQx9{}(2?oA!3oLMkGV;WdA z$PL@gq5z5s=Zge`(Z_S_U{rO3atzS&BCKxb_e+p@vGtF*1tot#Tr|EXfA>N26b7%V zW=SH?q(I8&d`m=??~MMteIPm;fuzqsp!oy8v_UQIIO^- zS2tIGKtb|FfNx+s`R+%^%Y2}+hJ>!8Ij7z8DvTbgjqZakQ`al{BY2*7aqw9R$U%{c zo3^+WKydp<&RJdBl+-n z@IM-QVIe+0sRrR<=i_2@-h2Ytr%lj8-^5?nPKO&zaay*%UEgAP?*+8Y(YxFUAUi80 z;_Txw9z&eRqE__49-tHua#s|Uqt1ZntD;GsV%*G25L{K2T6t{O>nqIm^*NZ!B~3ZB z3c@zCH^TT}r}ofwf;?ZgyJ^DN`6DBPA*}L`+F(i7pK^7J>E|UYfP8&)l(mkTpEch8 z2}ofKL2~0Wm8a}RXs&@;rp9k=+u$McCq9B+@qLvpnRE)mFn9f~1yTD;_2FRv)*DV@ z@IOEl%snv5SNZytN@GL*S||I>(xu^Dp@V11Skbm;p5H%w&5?JT?!D8ul)Ks_WKBEe zUUT1CDpV{0fh;iv!d1FL_=O2`AMjD@MA12%GohsVEI7Lp&J4LK174Wg!p`7 z*~IcYv(6=#c7eP(2rK)QvCd$Aym8CeWnysxY0CU8ZA37{6IdLncr2&F=cSbeQD|RW ze(ePm?;UhhXewyxe_tP5E>%Z%e8-Xn0b{NdPUG%XNa}ck^s5LxOE_rd{3!6IO5pR$K6OwB8u|O7$DP%hcmf*D&2}6$&QE0RExY{Mw(+8Wa;t$Xr!w~5ZY)y3 z3DV4hg+YqyA>c4uf+00um(joncg^}d591b}Ov2-z;TfNrWh!3faVmP{eY|At-ph+h z3}SG3rbdv3%S^A=?XLJgap`;5tGvB9&0tkBUU^9wlH3=GMV8yaK7qbdV;>utdJWD1 z)t&~LT2EJIo-sKsGO?%bd-X6D#HT)G3S-@erG(^pui{=Dq)) z(Q7!q0OVg-SBX2RAYUcGZ>(73QQfqE3ZHu3>p5>bM0JgA!IIA7c}7m@!u8oMRfkl>*sSUhWl|L`kyY|qHXDK=IpxMFAC1d40hznGwA@jtY@D=4 zfgb$Ln8!L#lG(JSQKlD09V0#19v7dDcNIk8Xww)@TC+GNO$;P)#=HNNb0G-g=*DQ^ z$FPHUbn7;znMLBNv@FXtlQRx$yl^o~DI0BsPZZN9uyEfz0+NU}MqsAo>3-n=ZVfYt*+GVdd){7EtV1(ZIlF>mCN&7Qw$#^%v!q;y^DOX8?gdgKI$VA zzwjY`V8`?UXF)OWQyt%qblC!_Nq>bXSM*@?drVfYM%afcf3X1mpFw19?$)`r0rE}y z1FnxP4;dMPl zG*BjA0_r}-v3#I=vv%mgP~Uz)a&Y-ZD>j%)aSo=))m-F|jB+O>F45OF zHb^6h$GFgySRTb*N*UanX$P)sXH2@bZWUi|H}1>jLzTA{caFX_5U{M*-@t zZF?euHHo*aMI$nt!dex342QH5*l|eXZFWOpu#O!(7|}>Zp5c3a)(kvC$p{gm_j?nM z1gA$GERW}Z`0e3`l!Pm9DxEJ9sxwbaIUU@{%YR>Lmhl#<|?Zi;-ybm zbYaIS*Cqon^>pnUkT-PLVL$GI5hhXitf{;gO*l?pF} zv-q-0;qZ}+0&gp`RO*n;8k4FfZ-c^3$}PN3xa)8S!R&F5f_AsrWO9ry9#LJ(Uu-p@ zs7@Jnm%I;_m7eo?{>kpF%@5|`b&RG>)u=0Ey2^zw9QgPqu5}zhznV&YX^NvrZ;)YJ z^aZgvvP{lqyP;XVPaVE{RJe|vlzXk~en5D^297aqk)!h07cNr(tEa>=@|oXLKgP~Q z&1cKU$j28;%_7wKkUl-(wkW)0uSE2Dc}Yp)IpjG`jxYnlIEsP*E24p?_67Zfw0lk7&%(D`DY`!vfYyCV53|{A_8MEyTh`Z23k%{&?W}GZ4wTkyuI5 zlrSlP&>{_(f6=1J43C8C{V+kA%S3aaW~kIXvKy%D@47ZUKoQD$W2vnKCxj?fTjwj7 zJdjuQYA1D3NV39GnjzgmK{tw0l8X&@Vq&T)j92@9wg>BGmja6S3mdtcI44vc28vWv z4(~)XxtJm(*1p!|Qcb#$Zh=IDZ}{!MBMOZw^Q|tM&68X^0u@rp+3xWXEd{Kiesz3% zS?~)7>1!~AjE=!qD7|nyUDqAtY=OcL@HE`e||hveEeACl@jz2{oC zk^KqCNd8XmjdJu+Iue|wEQ5`aqNQEin1yy8tm{bK>OE${2_6hr1Fl`gH-fEE*^kA? zke~vWALe>?rt^eI``@NUu-(~cd=2qc7g(=R#u_<(ls98DM}0vVURawkLn)46CfQuC zW6#e#z?><+8hv$-rXY+T?UA>&0uhrwj zLut53FH0Yc7{MYEe46`$Nd9DN^4oufjEMU*mbU%EATcQmp7t?LBkao2CjZOe`F&kx2C4 zbNW&A*$Kp((XFI~*R1iLY4@KfC$6%^u|+2)_d4jV*}I0$S25qnddz<&h%XVxs;bS# zOObR$W+;t(V_%U z%v>i94DO|0!(5qB8=;-1qtzNyjeg+I@GREXRvv@JDr@k-+M4P{S+KMQzsP{*;PsYO8F>z5D$Y^g$N0RVLA040x4)8 z0f&XApqum&A%MO`Cva-bn?M!HSPcp<{m=X8B4a$))B_^>&<et4|Vz`UrdBpWBZ?H23q6@yV|w(N1j7z&pb*@pwGD{cJf?K_JzOZU+Uzzx;pePVAy)f z^Ug%kr_<&$2Zd+Ji{;bbHy2^4G0Ao;EOv`Z;FHnjM`?AFE<7H89^0Iqh$Hw(ALoHl z>o#gdu}eNT>y0~Xj&pB$OWB)EV4&4&mJIcv%0^w9QbFfxQ zGW;x(v>4~FUz|}kp9k4tEwEZp68)1|8WMIql&T~91kSV=TyQXZKBH=xz{rG_E!T}! zs*YmXjXs4nCr#jOIN!5+IqQ?r@<>5=#Z;4QXiVQaRrN~3$jlwL@Ml-yl&AjEcCGd7 zrDzJyOk*A!O=$C5&fHn+AsgE`Rog;zdT zQnCwm1k%8BFc#L#0uBcA?l)T@?P}ysImR^VR^8*#r8L=T<=<$M?#|ZrG1w=WkH~+l zu=|`02E4_=JU%|lr1zkDOA?ED8Kdo+q(i$fp$0qpT(hA42i{jjF%&&e!g}cR-}Y`NlP26wT>1& zb6H>xc^Ut$-DgT3RaM-0wn{+h?BR|E4L-y*r%8Lt(DzE+VVbvCaRGZTd)iDs`*5E7 z`Ra}sPTkUwk>gwW0Vl_=60yVlX+Iwu4QYFA}tj9u}Y7crXAo#^kU|f8s^b|8qq@MgwC`iq#Ka?2Qtsy{_A?;5i6WAaoMrN z{5FA7Y>L!>w$hkW43=2!l=C8;3sJ6~V`rJNpFxMwZBQWCTlR_y*-fqcWSlOn6uE+C zZImw2IvM)3e@arqykw~ZM`6l7KfBu=%g_|%Y349^k3G5cy(GSIp^M$tIJTu?7sZ|@ zKAbFph)*D|$MxYfc$_%PP??&^cQjP@9+vWK-Mtls*10!Xi*)0wbpNwaWR)Z=h{MLO z@N%}rH&Ye~#hxOmbDnXfS=)UN%@9H_>7+DOGM1 zem*|_>5W)cE*{yl1Vrdb?X*<{6PflmrAKbJ$NTc6NcaQ?O+-rm^dRCQ3L9DfNSTp8 z?y!N@asH1D(S+>_0H?^nRFXODVniJ;B-ka`XQF#z__ZnGDTF*Oo&$igzP*;QlojKAFNL>y?^W#GoSNULj6SENu|nCFq>CAA`J|&Y<_QvBBc3%2KdSA}S$2$0OO=5munU7caLky0!$4tpMN6J_FhXdAQTUElRh87`N z-K7wwy@1SIE1kR%wcoF-%7qYK5lS1&hS-}$l98@M7}qm!8Jz~bwrjE{$s(bAj#1qb zM(uD$vLK*vxRdHUIv#vu{ zllf5l=Tu`*`=va(r3X%ocjBcH#Xh-eKA}_lSW)HUJlf><+pku?WFewcoL}PJYvON* zs;ZUu5I6AZM1=9_W4H&!uTLsD(nrkjC_A&vrws}J1IxW@+D3#mV806 zO))YnWEjSRF6h2TMg2(2Va%Z-a(V6&Eix-Mj1hKMBCOKMFg65c$`=mUD4(Gq$J>lcI?zg80L9UOWrXaw}iq(XQMgFH;)SujMgydM5J-_Mk?#xSv z2t30)1MCk7j>^k_sw?ugc~w7%)=MUdQtz}#x10^~%Ev7bl2+TFPdErSZO_V+nwlez z?Yt4z;TPDsxN~s1W9P~m@8k6a-LnxR#DlyBQKg->r@y^(3qZ9~DAkPp(?L@A<7`+y zyUZlf6sfG;=Bl427-*ctdPG`XczxD^D=h$+nvA5x7nw<~p84Y+BNP)HnDy+GCd~&l zXFA>Oz4!s==lY>CpSPkJBz^pa;vD3q1cnwwdnb~LjMZ-Hf0S|LFl~2L)n`snb&(?w z2HqnK=nCZkMAHYo(Y&W(h`sM7or2Q6h|&obdX{Ess{N10jrb*_JCR-a({L?QHdC!i zUc}gkJ3jFu%65w5&O=GYS6dsY#{>=OCg(%D==76hW@&X7KY0tzG%pPqYQpe=StXe# zEz}Ifo5b@%rO#HEfS{6B)~5tU_U4@pUHOOftXgi7!CZUg*VuiGbz5a*u}R|>pN01I zw-GzDJstC&#~Wlc{nf4BR#i(oE{)GyP7oQI@xH%ilSOpWrjVgc;IHdg`*|8nx?+SMaXNDL=%+2oogUdWRvGADUUBks~x_VX<2+;d`~}d}SPMoj1EV z+IUaHmVX~p5J&fR#}=Wq|?xCO@g-JH25M)4Y_Q=R-*4ZX+BWRL7JyhK981-MmCDW zp4?q(B;V#+ZahL+5q9xKcX7{0cO{Xe^cl+V^Y<>+_+8_;Mt+d8?x-oOG4s%;RAP%c zT{O<$K?7w!Ek7jmsi)Wlr<~_B^2m>=#=F=LG?eRtoH0(jTc-FKu2}+P1|m)?QxdFs*Z_zS*Hl6Lszwcbg{Z9Hvqr95#SM@{sjx z(>vjb1We9bx2J1?i4)g$|7>sgc#yRs)c&~t8AaU}qDR}NMVU;ibrh$*oqFF4BQPdz z4Hyy@?JhTZeBsF`Kpu~1s?Lfl=wNm;ZgN3chG^a?Azq#`ASHC`tms%+c4HPJ^$ljFF^|C-m6@SqVx}O4G z?~F0z=RUMO!2^>Ms!F2U&Z=Oa5xSMe$Y)EW(AU-EC_0uzGzsqAlzC7387c3!Rwxju z#Gm{UY!QrkCbjn1SCvqFfluRH?wcj$-8+dDwHO=(c>wD#k=j0t@>XlNuwvgPeOZ;X z>zcDOC2e+M&3=ymx`k6!=w;B3bPNQhZ9CjU!i)2-m&#cAh*mhe% zD#}wy19Amp;i86?kTE{hZNBa4pfOS#9>iaTsBakOGBfb9BPAo&vr@r#_kI!hC!yo={1Jj0jU{Z^AztqTT){0;AW z|L}LZr{+xnI*Bx=y#4|c;=*EyT|v$)#w2t=#OgRBgG&?w{W9vh33cn8s;R9Gv~HAk zY;Gr#b&0_tGGjUlM-k+s!6Vg6aMDgH{Klqzrrf)TgGGm8?cUf+ZfTFr?4`ID2iH!J4ai^v!+9dJK6fnKpma*p616%m}C0zO^RXO zwfUA~llV~)AO2rj3oVYq&<>XVJOxIDB!xTVb2fWsRvxh#{N2bg;i^X#1)=bE67w|QXRvInn=X9G)H3mX3^A)ku(k)N@hOqeYR-|@t6vz%IZ&FS9>ndBsYEKB3pK!m zCwW#%hR1cYyzVBULy@!y?Bw{UZ~^LugIz-Tng$K&8Tkom4J$}iAEs#RV6bZrrx{4_ zF8cB4B$H{hD1&Zmt4r$!tc}=ZwdUTTHIn8qZ5bLUj=Dd{fvCt6(~=YwjHKs;Bdt=) zDM>!5#~gx$?2BuO@{EfYf!CTQoC zdy0kSnG{iAxpA|rdW=nX|N7z$w^p=oIE+j!p-?pSLOZaF--~U0={b3gqxa`PSt>`g zctt)>nqD!r5^@t2?n(X2N>)0YYn5Jrny)tr)q(trE+(Y%>XkFAnMT$E}; zp20slW9P4_tXcM0Q=iDSB@~(jO1h6`7u+0dmzh=@jxmqN8+GVhuu4#EfGyh3<1ZkE z8SO-}bZS$7t@Yz@G+8S!GJmLG5vIZpjgBO1RD7h=q0(&GBEP^<#+sZLifq3?HTEnK zm@=yWX_=}8S`hwKZc)5jQ+^fdnoEAbeYP783*x#8ZMyM1nlTX$sva4Ot!tHH#nBm1@h6osbP_D6hv|KD=hGNE2 zk%)yRv;@gXqY6fr-Fcd-uA@eoEwJ->;6_S);Z@4fJp8^vEd`cLHxou*N2}Um7r#r9 zhH7(}6^`6nD_hrBCj8+^=BG$gQ7BsY~6AI%x zzi;hR!Kti<@__4R0;_?d!;Hqu=mKKjG>h6FqiM@pt&Uf8NgD_k*T^}|P?p7MZ=^#_ zfL+78fuuGxb2x`rrvZiU3SUm1(vLi0S3Mt}yG@P799nrSR^H+KUa*-D)0)3>@6ngN zgRM zM{ubqq;SeKc|Jfm4HW6Es4`NU>bEAXDs7gRU@zigw~g;d>gt(q3ybj3^7e758#vQU z=~i*|L=~5Il=$Y=u^>^%`K8wau=|WAoOzV{A0ro|`&+hm-J3r_7B0JdQAG7iY*}Y$ z<4#7Bc&F@XFp(*aH$;(WQ#!LLhg)RMN@)ZOI>YE%60*U|RRcSs^>gyhw|CyF;RcuD zRz<;+RW6b#X|&7LtMAl5mbz<~;91GnbbF>XzQQ7zn-d-FO;f3ZV2qH2U-{#N;qH}5 zqZ1a7Jp%}k3lV21I<_n9h!~B#VS|Th4ecqvTb@nsej;N>gbJUCQ`8|)Q4#vFzKmpz zN&}6V_|)dZ-GP@{`t*mtVx)44-yc}tER!-a-4nLpN2?SLrVJFQ`s9sYEl{6UvJx4O zZtxxCXx~~ZmYfM{5@=RR28Bu!Hhnh$Sh)cmNkE7CbEKBF6gE{QuBWB~yfRL&vqYd^ zXf`6`_u#{GjU#)_hOLwaI<=`r6BxaLmb6E(nBH_1PQI89Jf98j+&2mZ8OQRfwB-+T@cwZzoAU zSRR4l;|4PkDOn8sCjXd~tJvhZ?vtc_u?NJuJ9x2nMzmVF&C(rvmU4km%t73oWHe^t zCd)*0gg{k{I@_O$e6a1%%6Q5Pr_H7hk6~iXi)|coyDnfBLxG8O;K%DzL^b-MIiIYa zCtD*l)&zK@vK?dD=ehZ$wb8^gw!Iv7zxCkZS<5mZ%t)L^S47|2=9E;Kwf(0^UIJn> zVYR7XSEB$PM}FlaP4K~(EmPBmMIjuO?KXSXKGUA8I5g$l(`f!#^DtaKJHhnT7g~7D zIK%H3IAnwx2b>73q{BE@)Wh>tB&-Uc)vjnW$rvrtq$6ZVzN!3*s$+*@7Wcw)uDU=D z^Ugi>_f9ePtIT|xa>d=~4+`7B$qL$y-FWfSxvysQg6+Ny`J;KA!0WN@M3T4PPS~`J zAe&dJC@kGG<=QjQ%OAA{GK2p#JOPKs{HAYt;Gk;k|NHDw{$~Y=Y;Kfq!keES(Qd5# z=g`-!;- zTX^o$L1E*O|KV?S@8!Q0z27Z9Tc|kOY$RXatTaAbXV#JTdG zMS^(gP771%#lLr6T^s8idg}kKc<}{Z-)*es*8L01o*T!*d7$!Ge-4Sx^{7w(tiZkc zE%2Au-JExo^cL5zeA4e3pT{pgFRsD6!Qa4gFucWj6aZGzp3J9y9n@!EHv3OzLA#7}DQmu{WW7R^@Qhuqtc77L(TtM7_ zz_f#}v^9mFUjpR|RB6*kV1hs(2Z3K89!V0Hz!ADa!VzF%6dVD+a0F=qU^*ZYz#a+H z@!$y9DD!~GR%|;s0;<@QfK~vJ#tV*6vI9{RsDV~JQV;z93;gfDq8N$~OO;*GCZN?I z#K95PM|2wU?#WT`yzW2OT>-2|o|oWnWCMeio;>A2Kw6j=dkVBh!Zs#)vxfA2qrj&g zG>AWFxNacs_W(thkolR*0+5AVGVNGMC+GdHu{c@MR2AoakK(ozXzV%Q*##{oYX~8b z0}h~59Lr3SRC~EvyOC@G2ni}T7VH733BsT{#Sk6{rw=ij&d`G1LP&z>K55KQ z_u-0zPUD5Trz|~mnhNw6cy{PCu!<6lZ3p`@U>>ST6%@X$XONnXo!=ULz$ZO7b4tgW>$KV%0sr9RKnPMP>Cv+L9#eN9M8v_9| z?#M0=*mj;ln3nLU26l)1S(t*Sa%d#RtpdbJ&42ole9&>`L?hcN*1m)4+~|Mbjtaz7 zS)^k3I#_SHNze!-`;=EBb@G&tTC&itKKyKzmc%Up6p48YhJ%Qs_Jae+NvCjRJ3DfC6R@0J{)rGK^fZKZ_-h5h>h?lH^MW z%sLCyC0eC{%@7-m(A#Gi-TqPrT%;a)Pk2Vvz@>6Prc+sqL4G*cSv-&DWJ1B2^ z#->?IACm+$80>Ixuf%(A7Zty~zbW!fy*YmDbd1*Gp$SoMF!^kGfm7J2R2(qlI{&yBfPjTY=W>|pwjC7@`T zdCJ!^G|Gqa%idJo&U{;S{$ADX(~DPU?t31I!EA>4hRV7u;x2vruz&Mi$lt}Q8Bcp& zh21BgskXgxen{r6$8gJUyO5g9GV{R$;6A(S{rt89a4TLK>^n|-`4YnP3zSO`me?bk zx&L^YvA?>_aiw|g)pDAM{sgW)bD-p%mo%@V?bP! z_h}i9?aL9 zM6uXaDxl&S zJ129!-W@8h>MRETr5LNU(CysdmURy}@wWX#tI%>jT}Jd19fBd~j|76>(umB*sUg*T za?Rl*0~_Hp?2L#mh5V1Bz(m(;HH>6hZjMOn0394<`Y>YKVt3c7Wn5Isl(aNb)AhGv z2bd>U|L!{7coBnxI5If6Rqc(M{fX@-OSd0h9s>qzF;9vLtv-6iSd`cfpOF7FzPV(f zDUOka@-*01z(HG1cYalRJzu{%_|DwRvx-TqyY&p`#;8)%_`sls$AT_{OS){!y|}ZV z#H}e~iT%vPcK%=@;{52&-CQ69BN&1{OF&e(4|_poyzXO9KJs3AHm~FKeTOM$8H>EGW{H1~NVP;ouvEsgSs{Hsj>dd>?y9LS64;39!K;=9;TiA&fH3-f(~ zVI)_P_;4NZlbQu0%?f($l=mg=91hh!zW=n@`W`quvxjVQ+kgEn|0ag^H0B918{+Vx zCPz8!s;6gP{65CW)h;Jh>v(v}_UzUD*~^emG}w56hFMUY40+kN$g#P^1TGWR`)mH5 zs0*8L7!tY_7`PR7-=Ia+)rY^wKbe%{@T{79059r2L5hYs9~DRDbsEKuC$ zdHi?ZzH-R78yJ|GxQ`Uw{rgK(6nckn@D4?%CG582a(&;6_8jUCU7zjDw3?nwvF~_Z z;XiK-;ktO0e9$xVBONLhivc}oU>qH%qQj7;eRP3r*|4YktHB)KqV)>k=Vkff7l6Z< z2PEuDH**5Mbqc`zZ>;j#9SDb|5WW|r8uG`LZNRX$b5-`{KV5fYU)0ckY>+p9V= z(e=VweB^fK%V?qO7N9y`B6dzT#w^EkdzAy(-w()+&mG9qzJk#_%vt$bdnyJ(FMXK! zNdsHRaWC_YfOOB0P6nXEZWhRak6pw4@a93B)%;s!@VKHLM~_}N&sH)!k)8G5hLgA@V?p$YW@CM+?Z+nfuhtNl-uL7diF658r23e(9@!6Gq_$}uC zqqgSjbF;Sn@4z(<(rW+;QjdaHcQ;2$9dNP!#A!ibgt|MnmrbCcYW?f)k*D5ubocSc zfe!JV>dO1()3;{hAV0dHSE`b8WbUXK!ul*&ioSyYWmn#LEgw8Bz4Es6QmLf_G*s={ zJe3I?SCyoCqqT+uj;C0fkv3eWJA+$|@FfG`hb*_jw41e(G zQN}v(bF_XMUwLcGYwY9A*FX)}x8HY@(fbe*e#^d}e|W1D#JLp0c5dVX7qvwt;O*-1 z?h_cO-~Vk*=3PAK{fU|Dh8fYg4u}*$3T6n{0d}6iCDirW%P-YTxeC|}@b0da zMOEt%yNW)dsurLejT@vT>ip+>%LX@qhHBiqW3Ltf<5s-EN-yEml{f8)yec@89Qlqb z)gHg}qp!)n{rBZ!qS%Z~nB6J(wIeyAo?s&fxVZeGyIdq|G#^6R8)0Mi= z8a7k;Tc?2yFVIh@zT+Exbo-dNiYaxU+C~z$aY3Tm&dyQHht&VibzFw@Xrq?ZR& z-=mO~yqvR3Anh2C^t`7-f>lBgwo5l*u1oS`cOowfSCIik4L-5;=>{6kq(vk1Ox<~o@N+iv}ZQC&Z}b53^&n><|750k;y0a=NcvXy{-n5kvK z)H>vvxC(P(Mpx=6e!r2ic=_ISnqN(m?P-sP-Wu4s550(Ci_#%L{RxHdqqAUN>OKr2=*N4A!3^nD^y%5defQ5=req%FP$Do~ces1? zO~*p;?O1{UG&@n~pZn@Q{`s4WMfC}{d&(Xo=_ zm2F109B{mvw+sJz5MWGqwf06ZG;^GUrZE&!<51;YEK|hZbNfV5!}d;_p+_&jx_ucp z`T>mNC61%MA#SXcPw)1TjqNAnnjxs1(%CWwu^>CJB= z@1li@q$l;t)L--23yGUo*}ZeS4#UWzptS|ONAiK~j~~#wDNraoz^a(GQnP!1V}bAt znjnr=4FnnYmC#+_-c#;yBG_DXY3$v^l{dfevoCEt#%?Ylfa$R;L~+HQDL9B(ik8h> z9_)Jnkhvd%Jcx3eDOGpIRM~`~u>lkofhicjasSn&M^|iKj!s_O1zSb?=c29}c`Dy~ z#cX?bm^mE{lKGgRpFFy|&b>JPG0nbHUc9fD+*EHucFNI?9hJu})m`CzX;q(C_715> z0bRR$(L33HKT5@VV6g6Rs?Gj+yEk|(t{h)WT#i-3`@aQnA1&pe`Hmnr*Yj>UqEFoI z^zYLZqy8N5^LpXshYgfl2X8kdYujIZb;H}evf&67h;6?Cy>Ci}<6+lNFWOz7zgKEc zRaW0}f8i^m3lV&EQ*+iIO2aPi4%Z01x?E4WIb)&;`AI|OGCIUqyLX=NZt;f_dq0*( zb7O|4I&C+J?eiYrx<{+=qkdPb0`p%@ly?kyj+C&9Emn2DkQyElDUhm8T#azmU5#iz zq2Rsj99$N%CbZc)HuLxCP0VdH^t(ykb-TTMVe4-0Uy5EGEg>WN>ichJzH+=KHeBgv zv53#SW5Igv`R&t7d!LUj^Sd0Y0xKTNkCNY)U)>ZLS@|9^OF-&D3@b5zM+kp+UJ9WPzFLQASvH}A{0CYU^ e5T}jL{Ig%a_&58bwVVGj0D-5gpUXO@geCyH*1UF#$gv|VY%C^b zCQFtrnKN(Bo_%|sJbO}7RAORe!otL&qo<>yq_Sq+8Xqqo5h0P3w3Lvb5E(g{p01vl zxR@)KuDH0l^z`+-dH3eaw=XqSH7aTIx{kzVBN;X&hha0dQSgWuiw0NWUvMRmkD|> diff --git a/docs/zh/docs/virtulization/.markdownlint.json b/docs/zh/docs/virtulization/.markdownlint.json new file mode 100644 index 000000000..81f0eb7aa --- /dev/null +++ b/docs/zh/docs/virtulization/.markdownlint.json @@ -0,0 +1,24 @@ +{ + "MD003":{"style":"atx"}, + "MD007":{"indent":4}, + "MD029":{"style":"ordered"}, + "MD009":false, + "MD013":false, + "MD014":false, + "MD020":false, + "MD021":false, + "MD024":false, + "MD025":false, + "MD033":false, + "MD036":false, + "MD042":false, + "MD043":false, + "MD044":false, + "MD045":false, + "MD048":false, + "MD049":false, + "MD050":false, + "MD051":false, + "MD052":false, + "MD053":false +} \ No newline at end of file diff --git a/docs/zh/docs/StratoVirt/StratoVirtGuide.md b/docs/zh/docs/virtulization/virtulization_platform/stratovirt/StratoVirtGuide.md similarity index 100% rename from docs/zh/docs/StratoVirt/StratoVirtGuide.md rename to docs/zh/docs/virtulization/virtulization_platform/stratovirt/StratoVirtGuide.md diff --git a/docs/zh/docs/virtulization/virtulization_platform/stratovirt/_toc.yaml b/docs/zh/docs/virtulization/virtulization_platform/stratovirt/_toc.yaml new file mode 100644 index 000000000..74658418d --- /dev/null +++ b/docs/zh/docs/virtulization/virtulization_platform/stratovirt/_toc.yaml @@ -0,0 +1,20 @@ +label: StratoVirt用户指南 +isManual: true +description: StratoVirt是计算产业中面向云数据中心的企业级虚拟化平台,实现了一套架构支持虚拟机、容器、Serverless三种场景 +sections: + - label: StratoVirt介绍 + href: ./stratovirt_introduction.md + - label: 安装StratoVirt + href: ./install_stratovirt.md + - label: 准备使用环境 + href: ./prepare_env.md + - label: 虚拟机配置 + href: ./vm_configuration.md + - label: 虚拟机管理 + href: ./vm_management.md + - label: 对接iSula安全容器 + href: ./interconnect_isula.md + - label: 对接libvirt + href: ./interconnect_libvirt.md + - label: StratoVirt VFIO 使用说明 + href: ./stratovirt_vfio_instructions.md diff --git a/docs/zh/docs/StratoVirt/figures/StratoVirt_architecture.jpg b/docs/zh/docs/virtulization/virtulization_platform/stratovirt/figures/StratoVirt_architecture.jpg similarity index 100% rename from docs/zh/docs/StratoVirt/figures/StratoVirt_architecture.jpg rename to docs/zh/docs/virtulization/virtulization_platform/stratovirt/figures/StratoVirt_architecture.jpg diff --git "a/docs/zh/docs/StratoVirt/\345\256\211\350\243\205StratoVirt.md" b/docs/zh/docs/virtulization/virtulization_platform/stratovirt/install_stratovirt.md similarity index 96% rename from "docs/zh/docs/StratoVirt/\345\256\211\350\243\205StratoVirt.md" rename to docs/zh/docs/virtulization/virtulization_platform/stratovirt/install_stratovirt.md index fdfc80929..60dc1aaff 100644 --- "a/docs/zh/docs/StratoVirt/\345\256\211\350\243\205StratoVirt.md" +++ b/docs/zh/docs/virtulization/virtulization_platform/stratovirt/install_stratovirt.md @@ -1,6 +1,5 @@ # 安装StratoVirt - ## 软硬件要求 ### 最低硬件要求 @@ -15,25 +14,19 @@ 操作系统:openEuler 21.03 - - ## 安装组件 使用StratoVirt虚拟化,需要安装StratoVirt。安装前,请确保已经配置了openEuler yum源。 1. 使用root权限,安装StratoVirt组件,参考命令如下。 - ``` + ```sh # yum install stratovirt ``` - - 2. 查看是否安装成功。 - ``` + ```sh $ stratovirt -version StratoVirt 2.1.0 ``` - - diff --git "a/docs/zh/docs/StratoVirt/\345\257\271\346\216\245iSula\345\256\211\345\205\250\345\256\271\345\231\250.md" b/docs/zh/docs/virtulization/virtulization_platform/stratovirt/interconnect_isula.md similarity index 99% rename from "docs/zh/docs/StratoVirt/\345\257\271\346\216\245iSula\345\256\211\345\205\250\345\256\271\345\231\250.md" rename to docs/zh/docs/virtulization/virtulization_platform/stratovirt/interconnect_isula.md index bdc33ba1b..519bd5f11 100644 --- "a/docs/zh/docs/StratoVirt/\345\257\271\346\216\245iSula\345\256\211\345\205\250\345\256\271\345\231\250.md" +++ b/docs/zh/docs/virtulization/virtulization_platform/stratovirt/interconnect_isula.md @@ -1,6 +1,5 @@ # 对接iSula安全容器 - ## 概述 为了给容器提供更好的隔离环境,提高系统安全性,可以使用 iSula 安全容器,即将 StratoVirt 对接 iSula 安全容器。 @@ -34,7 +33,7 @@ 在配置文件 /etc/lvm/profile/isulaVG0-thinpool.profile 中添加如下: - ``` + ```conf activation { thin_pool_autoextend_threshold=80 thin_pool_autoextend_percent=20 @@ -43,7 +42,7 @@ 更改配置文件/etc/isulad/daemon.json中的storage-driver 和 storage-opts 如下:将默认存储驱动类型 overlay 配置成 devicemapper 。 - ``` + ```conf "storage-driver": "devicemapper", "storage-opts": [ "dm.thinpooldev=/dev/mapper/isulaVG0-thinpool", @@ -67,11 +66,10 @@ 若回显有如下信息,说明配置成功。 - ``` + ```txt Storage Driver: devicemapper ``` - ### **对接指导** StratoVirt 通过对接 kata-containers来接入 isula 容器生态,此处给出对接 kata-containers 的操作指导。 @@ -220,4 +218,3 @@ StratoVirt 通过对接 kata-containers来接入 isula 容器生态,此处给 ```shell # isula exec -ti test sh ``` - diff --git "a/docs/zh/docs/StratoVirt/\345\257\271\346\216\245libvirt.md" b/docs/zh/docs/virtulization/virtulization_platform/stratovirt/interconnect_libvirt.md similarity index 95% rename from "docs/zh/docs/StratoVirt/\345\257\271\346\216\245libvirt.md" rename to docs/zh/docs/virtulization/virtulization_platform/stratovirt/interconnect_libvirt.md index 77e14c61d..e9a061af2 100644 --- "a/docs/zh/docs/StratoVirt/\345\257\271\346\216\245libvirt.md" +++ b/docs/zh/docs/virtulization/virtulization_platform/stratovirt/interconnect_libvirt.md @@ -22,14 +22,10 @@ libvirt 工具采用 XML 格式的文件描述一个虚拟机特征,包括虚 StratoVirt 对接 libvirt 之前,需要先配置 XML 文件。本小节介绍 StratoVirt 对接 libvirt 时支持的 XML 配置项以及配置方式。 - - -> ![](./public_sys-resources/icon-note.gif)**说明** +> ![!NOTE]说明 > > 使用 libvirt 管理 StratoVirt 虚拟机前,应该注意到 StratoVirt 当前支持的特性、特性之间的互斥关系、特性的配置前提条件、规格等,详细信息请参见命令行方式的 "虚拟机配置”章节。 - - ### 虚拟机描述 虚拟机 XML 文件必须包含描述虚拟机的最基本元素: domain 和 name 。 @@ -40,7 +36,7 @@ StratoVirt 对接 libvirt 之前,需要先配置 XML 文件。本小节介绍 属性 type :domain 的类型,在 StratoVirt 虚拟化中,该值为 kvm 。 -- name :虚拟机名称。 +- name :虚拟机名称。 虚拟机名称是一个长度不超过 255 字符的字符串。同一个主机上的虚拟机名称不能重复,虚拟机名称必须由数字、字母、“_”、“-”、“:” 组成。 @@ -55,8 +51,6 @@ StratoVirt 对接 libvirt 之前,需要先配置 XML 文件。本小节介绍 ``` - - ### 虚拟CPU和内存 本节介绍虚拟 CPU 和虚拟内存的配置。 @@ -69,7 +63,7 @@ StratoVirt 对接 libvirt 之前,需要先配置 XML 文件。本小节介绍 属性 unit :指定内存单位,属性值支持 KiB(210 字节)、MiB(220 字节)、GiB(230 字节)、TiB(240 字节)等。 - > ![](./public_sys-resources/icon-note.gif)**说明** + > ![!NOTE]说明 > > StratoVirt 暂不支持 CPU 拓扑结构,请勿配置该项。 @@ -86,15 +80,13 @@ StratoVirt 对接 libvirt 之前,需要先配置 XML 文件。本小节介绍 ``` - - ### 虚拟机设备 本节介绍如何使用 XML 文件配置虚拟机设备:磁盘,网卡,rng,balloon,console,vsock 设备。 #### 磁盘 -###### 元素介绍 +##### 元素介绍 - 属性 type :指定后端存储介质类型,在 StratoVirt 虚拟化中,该值为 file 。 @@ -132,7 +124,7 @@ StratoVirt 对接 libvirt 之前,需要先配置 XML 文件。本小节介绍 属性 function:设备将要挂载的 function 号,取值范围为:[0, 7] 。 -###### 配置示例 +##### 配置示例 配置磁盘路径为:`/home/openEuler-21.09-stratovirt.img`,配置 1 个 iothread,并且磁盘 iothread 配置为 iothread1 ,iops 为 10000,并将其挂载在 bus 为 1、slot 为 0,function 为 0 的 PCI 总线上,示例为: @@ -142,24 +134,22 @@ StratoVirt 对接 libvirt 之前,需要先配置 XML 文件。本小节介绍 1 - - - + + + - 10000 + 10000 -

    - +
    + ... ``` - - #### 网络设备 -###### 元素介绍 +##### 元素介绍 - interface:网络接口 @@ -185,7 +175,7 @@ StratoVirt 对接 libvirt 之前,需要先配置 XML 文件。本小节介绍 属性 name:如果设置 name 为 qemu 则使用 virtio-net 设备,如果不配置 driver 或者 name 值为 vhost ,则使用 vhost-net 设备。 -###### 配置示例 +##### 配置示例 配置网络前请参考 [配置linux网桥](https://docs.openeuler.org/zh/docs/24.03_LTS_SP1/docs/Virtualization/%E5%87%86%E5%A4%87%E4%BD%BF%E7%94%A8%E7%8E%AF%E5%A2%83.html#%E5%87%86%E5%A4%87%E8%99%9A%E6%8B%9F%E6%9C%BA%E7%BD%91%E7%BB%9C),配置好 Linux 网桥。配置 mac 地址为:`de:ad:be:ef:00:01`,网桥为配置好的 br0 ,使用 virtio-net 设备,并将其挂载在 bus 为 2、slot 为 0,function 为 0 的 PCI 总线上,示例为: @@ -207,7 +197,7 @@ StratoVirt 对接 libvirt 之前,需要先配置 XML 文件。本小节介绍 #### balloon 设备 -###### 元素介绍 +##### 元素介绍 - memballoon:balloon 设备类型 @@ -219,7 +209,7 @@ StratoVirt 对接 libvirt 之前,需要先配置 XML 文件。本小节介绍 属性 autodeflate :设置 auto deflate(自动收缩)特性,可选值为:`on` 、`off` 。 -###### 配置示例 +##### 配置示例 配置 balloon 设备,开启 autodeflate 特性,并将其挂载在 bus 为 3、slot 为 0,function 为 0 的 PCI 总线上,示例为: @@ -241,13 +231,11 @@ StratoVirt 对接 libvirt 之前,需要先配置 XML 文件。本小节介绍 由于 console 设备挂载在 virtio-serial 下的总线上,所以在创建 console 设备时,需要创建 virtio-serial 设备。 -> ![](./public_sys-resources/icon-note.gif)**说明** +> ![!NOTE]说明 > > StratoVirt 的 console 设备暂时不支持多端口特性,每个虚拟机只能配置一个 console 设备。 - - -###### 元素介绍 +##### 元素介绍 - controller:控制器 @@ -265,9 +253,7 @@ StratoVirt 对接 libvirt 之前,需要先配置 XML 文件。本小节介绍 属性 type:指定 console 设备类型,在 StratoVirt 虚拟化中,该值为 virtio 。 - - -###### 配置示例 +##### 配置示例 配置重定向方式为 pty ,并将其挂载在 bus 为 4、slot 为 0,function 为 0 的 PCI 总线上,示例为: @@ -290,7 +276,7 @@ StratoVirt 对接 libvirt 之前,需要先配置 XML 文件。本小节介绍 #### rng 设备 -###### 元素介绍 +##### 元素介绍 - rng:rng 设备 @@ -306,9 +292,7 @@ StratoVirt 对接 libvirt 之前,需要先配置 XML 文件。本小节介绍 属性 model:用于指定后端设备类型,在 StratoVirt 虚拟化中,该值为 random 。 - - -###### 配置示例 +##### 配置示例 配置周期为 1000ms 内最多产生 1234 字节,rng 设备在 host 中路径为 `/dev/random` ,并将其挂载在 bus 为 5、slot 为 0,function 为 0 的 PCI 总线上,示例为: @@ -326,11 +310,9 @@ StratoVirt 对接 libvirt 之前,需要先配置 XML 文件。本小节介绍 ``` - - #### vsock 设备 -###### 元素介绍 +##### 元素介绍 - vsock:vsock 设备 @@ -340,7 +322,7 @@ StratoVirt 对接 libvirt 之前,需要先配置 XML 文件。本小节介绍 属性 address:用于设置 cid 的值 -###### 配置示例 +##### 配置示例 配置 cid 为 8,并将其挂载在 bus 为 6、slot 为 0,function 为 0 的 PCI 总线上,示例为: @@ -357,8 +339,6 @@ StratoVirt 对接 libvirt 之前,需要先配置 XML 文件。本小节介绍 ``` - - ### 体系架构相关配置 XML 中还有一些体系架构相关的配置,如 pflash、主板等。 @@ -381,7 +361,7 @@ XML 中还有一些体系架构相关的配置,如 pflash、主板等。 子元素 gic :ARM 处理器指定中断处理器,属性 version 表示 GIC 的版本,在 StratoVirt 虚拟化中,该值为 3 。 -###### 配置示例 +##### 配置示例 配置虚拟机 CPU 架构 ARM,主板为 virt ,启动命令行为:`console=ttyAMA0 root=/dev/vda reboot=k panic=1 rw` 。pflash 路径为:`/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw`,属性为只读。 kernel 路径为:`/home/std-vmlinuxz`。示例为: @@ -398,11 +378,9 @@ XML 中还有一些体系架构相关的配置,如 pflash、主板等。 ``` - - ### 内存大页 -###### 元素介绍 +#### 元素介绍 - memoryBacking:表示配置内存相关的信息 @@ -414,9 +392,7 @@ XML 中还有一些体系架构相关的配置,如 pflash、主板等。 属性 unit :大页大小的单位 - - -###### 配置示例 +#### 配置示例 配置 2MiB 大页示例如下: @@ -432,8 +408,6 @@ XML 中还有一些体系架构相关的配置,如 pflash、主板等。 ``` - - ### 配置示例 #### x86 配置示例 @@ -520,8 +494,6 @@ XML 中还有一些体系架构相关的配置,如 pflash、主板等。 ``` - - #### ARM 配置示例 如果想要配置一台名为 StratoVirt ,内存 8GiB,配置 1GiB 单位大页,4 个虚拟 CPU,架构为 aarch64 ,主板类型为 virt ,对应 XML 文件的配置示例如下: @@ -598,8 +570,6 @@ XML 中还有一些体系架构相关的配置,如 pflash、主板等。 ``` - - ## 管理虚拟机 libvirt 使用 virsh 命令来管理虚拟机,当 StratoVirt 平台和 libvirt 对接时,仅支持以下与 StratoVirt 交互的命令: @@ -620,12 +590,10 @@ libvirt 使用 virsh 命令来管理虚拟机,当 StratoVirt 平台和 libvirt - start:启动一个关闭状态的虚拟机 - -> ![](./public_sys-resources/icon-note.gif)**说明** +> ![!NOTE]说明 > > 目前已经在 libvirt 中实现对接 StratoVirt 的接口(暂不支持关机,重启等命令)。使用 virsh -c stratovirt:///system 'command' 即可调用 libvirt 中的 StratoVirt_driver 接口,同时,可以使用 virsh -c stratovirt:///system 进入 virsh 命令行,此时连接为 stratovirt_driver 。 - ### 管理虚拟机生命周期 假设用户已经按照需要完成一个名为 StratoVirt 的虚拟机配置文件 st.xml ,则对应生命周期管理的命令如下: @@ -700,21 +668,16 @@ libvirt 使用 virsh 命令来管理虚拟机,当 StratoVirt 平台和 libvirt 删除一个已定义的虚拟机后,使用 **virsh list**/**virsh -c stratovirt:///system list** 查看虚拟机,shut off 状态的虚拟机 StratoVirt 不存在,如果虚拟机 StratoVirt 为 running 状态,则在销毁虚拟机 StratoVirt 后,虚拟机 StratoVirt 不再进入 shut off 状态。 - - ### 登录虚拟机 虚拟机创建完成后,可以通过 **virsh console**/**virsh -c stratovirt:///system console** 登录虚拟机内部操作虚拟机。假设虚拟机名称为 StratoVirt,参考命令如下: -``` +```sh virsh console StratoVirt /// virsh -c stratovirt:///system console StratoVirt ``` - - -> ![](./public_sys-resources/icon-note.gif)**说明** +> ![!NOTE]说明 > > 为了可以正常使用 virsh console 命令,需要在 XML 中配置 console 设备的重定向类型为 pty 。 - diff --git "a/docs/zh/docs/StratoVirt/\345\207\206\345\244\207\344\275\277\347\224\250\347\216\257\345\242\203.md" b/docs/zh/docs/virtulization/virtulization_platform/stratovirt/prepare_env.md similarity index 97% rename from "docs/zh/docs/StratoVirt/\345\207\206\345\244\207\344\275\277\347\224\250\347\216\257\345\242\203.md" rename to docs/zh/docs/virtulization/virtulization_platform/stratovirt/prepare_env.md index 798ed6152..f476b073a 100644 --- "a/docs/zh/docs/StratoVirt/\345\207\206\345\244\207\344\275\277\347\224\250\347\216\257\345\242\203.md" +++ b/docs/zh/docs/virtulization/virtulization_platform/stratovirt/prepare_env.md @@ -19,21 +19,20 @@ 查看该设备是否存在: - ``` + ```sh $ ls /dev/vhost-vsock /dev/vhost-vsock ``` 若该设备不存在,请执行如下命令生成/dev/vhost-vsock设备。 - ``` + ```sh $ modprobe vhost_vsock ``` - - 为了能够使用QMP命令,需要安装nmap工具,在配置yum源的前提下,可执行如下命令安装nmap。 - ``` + ```sh # yum install nmap ``` @@ -45,32 +44,32 @@ 1. 获取openEuler的kernel源代码,参考命令如下: - ``` + ```sh $ git clone https://gitee.com/openeuler/kernel.git $ cd kernel ``` 2. 查看并切换kernel的版本到openEuler-24.03-LTS-SP1,参考命令如下: - ``` + ```sh $ git checkout openEuler-24.03-LTS-SP1 ``` 3. 配置并编译Linux kernel。目前有两种方式可以生成配置文件:1. 使用推荐配置([获取配置文件](https://gitee.com/openeuler/stratovirt/tree/master/docs/kernel_config)),将指定版本的推荐文件复制到kernel路径下并重命名为`.config`, 并执行命令`make olddefconfig`更新到最新的默认配置(否则后续编译可能有选项需要手动选择)。2. 通过以下命令进行交互,根据提示完成kernel配置,可能会提示缺少指定依赖,按照提示使用`yum install`命令进行安装。 - ``` + ```sh $ make menuconfig ``` 4. 使用下面的命令制作并转换kernel镜像为PE格式,转化后的镜像为vmlinux.bin。 - ``` + ```sh $ make -j vmlinux && objcopy -O binary vmlinux vmlinux.bin ``` 5. 如果想在x86平台使用bzImzge格式的kernel,可以使用如下命令进行编译。 - ``` + ```sh $ make -j bzImage ``` @@ -80,20 +79,20 @@ rootfs镜像是一种文件系统镜像,在StratoVirt启动时可以装载带 1. 准备一个大小合适的文件(例如在/home中创建10GiB空间大小的文件)。 - ``` + ```sh $ cd /home $ dd if=/dev/zero of=./rootfs.ext4 bs=1G count=10 ``` 2. 在此文件上创建空的ext4文件系统。 - ``` + ```sh $ mkfs.ext4 ./rootfs.ext4 ``` 3. 挂载文件镜像。创建/mnt/rootfs,使用root权限,将rootfs.ext4挂载到/mnt/rootfs目录。 - ``` + ```sh $ mkdir /mnt/rootfs # 返回刚刚创建文件系统的目录(如/home) $ cd /home @@ -104,25 +103,23 @@ rootfs镜像是一种文件系统镜像,在StratoVirt启动时可以装载带 - 对于AArch64处理器架构,从[alpine](http://dl-cdn.alpinelinux.org/alpine/latest-stable/releases/)网站获取最新alpine-mini rootfs,例如:alpine-minirootfs-3.16.0-aarch64.tar.gz ,参考命令如下: - ``` + ```sh $ wget http://dl-cdn.alpinelinux.org/alpine/latest-stable/releases/aarch64/alpine-minirootfs-3.16.0-aarch64.tar.gz $ tar -zxvf alpine-minirootfs-3.16.0-aarch64.tar.gz $ rm alpine-minirootfs-3.16.0-aarch64.tar.gz ``` - - 对于x86_64处理器架构,从[alpine](http://dl-cdn.alpinelinux.org/alpine/latest-stable/releases/)网站获取指定架构最新alpine-mini rootfs,例如:alpine-minirootfs-3.16.0-x86_64.tar.gz,参考命令如下: - ``` + ```sh $ wget http://dl-cdn.alpinelinux.org/alpine/latest-stable/releases/x86_64/alpine-minirootfs-3.16.0-x86_64.tar.gz $ tar -zxvf alpine-minirootfs-3.16.0-x86_64.tar.gz $ rm alpine-minirootfs-3.16.0-x86_64.tar.gz ``` - 5. 为ext4文件镜像制作一个简单的/sbin/init,参考命令如下: - ``` + ```sh $ rm sbin/init; touch sbin/init && cat > sbin/init < ![](./public_sys-resources/icon-note.gif)**说明** +> ![!NOTE]说明 > > 本文中的 /path/to/socket 为用户自定义路径下的 socket 文件。 > @@ -174,7 +174,7 @@ iothread配置细节见[iothread配置](#iothread配置) #### 配置方式 -> ![](./public_sys-resources/icon-note.gif)**说明** +> ![!NOTE]说明 > > 使用网络前请先使用如下命令配置好 host 网桥和 tap 设备。 > @@ -188,35 +188,35 @@ iothread配置细节见[iothread配置](#iothread配置) 1. 配置 virtio-net(本文中 [] 表示可选参数) -轻量级虚拟机: + 轻量级虚拟机: -```Conf --netdev tap,id=netdevid,ifname=host_dev_name[,vhostfd=2] --device virtio-net-device,netdev=netdevid,id=netid[,iothread=iothread1,mac=12:34:56:78:9A:BC] -``` + ```Conf + -netdev tap,id=netdevid,ifname=host_dev_name[,vhostfd=2] + -device virtio-net-device,netdev=netdevid,id=netid[,iothread=iothread1,mac=12:34:56:78:9A:BC] + ``` -标准虚拟机: + 标准虚拟机: -```Conf --netdev tap,id=netdevid,ifname=host_dev_name[,vhostfd=2] --device virtio-net-pci,netdev=netdevid,id=netid,bus=pcie.0,addr=0x2.0x0[,multifunction=on,iothread=iothread1,mac=12:34:56:78:9A:BC] -``` + ```Conf + -netdev tap,id=netdevid,ifname=host_dev_name[,vhostfd=2] + -device virtio-net-pci,netdev=netdevid,id=netid,bus=pcie.0,addr=0x2.0x0[,multifunction=on,iothread=iothread1,mac=12:34:56:78:9A:BC] + ``` 2. 配置 vhost-net -轻量级虚拟机: + 轻量级虚拟机: -```Conf --netdev tap,id=netdevid,ifname=host_dev_name,vhost=on[,vhostfd=2] --device virtio-net-device,netdev=netdevid,id=netid[,iothread=iothread1,mac=12:34:56:78:9A:BC] -``` + ```Conf + -netdev tap,id=netdevid,ifname=host_dev_name,vhost=on[,vhostfd=2] + -device virtio-net-device,netdev=netdevid,id=netid[,iothread=iothread1,mac=12:34:56:78:9A:BC] + ``` -标准虚拟机: + 标准虚拟机: -```Conf --netdev tap,id=netdevid,ifname=host_dev_name,vhost=on[,vhostfd=2] --device virtio-net-pci,netdev=netdevid,id=netid,bus=pcie.0,addr=0x2.0x0[,multifunction=on,iothread=iothread1,mac=12:34:56:78:9A:BC] -``` + ```Conf + -netdev tap,id=netdevid,ifname=host_dev_name,vhost=on[,vhostfd=2] + -device virtio-net-pci,netdev=netdevid,id=netid,bus=pcie.0,addr=0x2.0x0[,multifunction=on,iothread=iothread1,mac=12:34:56:78:9A:BC] + ``` ### chardev 配置 @@ -351,7 +351,7 @@ StratoVirt 支持为虚拟机配置内存大页,相比传统的 4KiB 内存分 如果需要查看其他页面大小的大页统计信息, 可以查看 `/sys/kernel/mm/hugepages/hugepages-*/`目录下相关信息。 -> ![](./public_sys-resources/icon-note.gif)**说明** +> ![!NOTE]说明 > > 请根据大页使用情况,配置StratoVirt内存规格和大页。如果大页资源不足,虚拟机会启动失败。 @@ -367,7 +367,7 @@ StratoVirt 支持为虚拟机配置内存大页,相比传统的 4KiB 内存分
    -> ![](./public_sys-resources/icon-note.gif)**说明** +> ![!NOTE]说明 > > **典型配置:**指定StratoVirt命令行中的mem-path项为:**大页文件系统挂载的目录**。 推荐使用典型配置使用StratoVirt大页特性。 @@ -427,7 +427,7 @@ StratoVirt 支持为虚拟机配置内存大页,相比传统的 4KiB 内存分 -device virtio-net-pci xxx,iothread=iothread2 ``` -``` +```txt 参数: ``` @@ -455,7 +455,6 @@ StratoVirt 支持为虚拟机配置内存大页,相比传统的 4KiB 内存分 - 每个VM只能配置1个balloon设备。 - #### 配置方式 轻量级虚拟机: @@ -470,7 +469,7 @@ StratoVirt 支持为虚拟机配置内存大页,相比传统的 4KiB 内存分 -device virtio-balloon-pci,bus=pcie.0,addr=0x4.0x0[,deflate-on-oom=true|false][,free-page-reporting=true|false][,multifunction=on|off] ``` -![](./public_sys-resources/icon-note.gif)**说明** +![!NOTE]说明 1. deflate-on-oom的取值为bool类型,表示是否开启auto deflate特性。开启时,如果balloon已经回收部分内存,当guest需要内存时,balloon设备会自动放气,归还内存给guest。不开启则不会自动归还。 2. free-page-reporting的取值为bool类型,表示是否开启free page reporting特性。开启时,如果guest内核向balloon设备发送了free pages,balloon将释放free pages所占用的内存。不开启则guest内核不会向balloon设备发送free pages。 @@ -546,7 +545,7 @@ Virtio RNG配置为Virtio PCI设备时,命令行参数如下: -vnc 0.0.0.0:11 ``` -![](./public_sys-resources/icon-note.gif)**说明** +![!NOTE]说明 1. 图像渲染用到`pixman`库,需要在虚拟机运行环境中安装`pixman.rpm`和`pixman-devel.rpm`两个包。 2. 鼠标键盘输入需要配置一个`USB`控制器,以及鼠标键盘设备。 diff --git "a/docs/zh/docs/StratoVirt/\350\231\232\346\213\237\346\234\272\347\256\241\347\220\206.md" b/docs/zh/docs/virtulization/virtulization_platform/stratovirt/vm_management.md similarity index 95% rename from "docs/zh/docs/StratoVirt/\350\231\232\346\213\237\346\234\272\347\256\241\347\220\206.md" rename to docs/zh/docs/virtulization/virtulization_platform/stratovirt/vm_management.md index 358eff5dc..b4f50e928 100644 --- "a/docs/zh/docs/StratoVirt/\350\231\232\346\213\237\346\234\272\347\256\241\347\220\206.md" +++ b/docs/zh/docs/virtulization/virtulization_platform/stratovirt/vm_management.md @@ -1,15 +1,12 @@ # 管理虚拟机 - ## 概述 StratoVirt可以查询虚拟机信息并对虚拟机的资源和生命周期进行管理。由于StratoVirt使用QMP管理虚拟机,所以查询虚拟机信息,也需要先连接到虚拟机。 - - ## 查询虚拟机信息 -### 简介: +### 简介 StratoVirt可以查询虚拟机状态、vCPU拓扑信息、vCPU上线情况等。 @@ -23,13 +20,11 @@ StratoVirt可以查询虚拟机状态、vCPU拓扑信息、vCPU上线情况等 - 示例: -``` +```conf <- { "execute": "query-status" } -> { "return": { "running": true,"singlestep": false,"status": "running" } ``` - - ### 查询拓扑 使用query-cpus命令查询所有CPU的拓扑结构。 @@ -40,7 +35,7 @@ StratoVirt可以查询虚拟机状态、vCPU拓扑信息、vCPU上线情况等 - 示例: -``` +```conf <- { "execute": "query-cpus" } -> {"return":[{"CPU":0,"arch":"x86","current":true,"halted":false,"props":{"core-id":0,"socket-id":0,"thread-id":0},"qom_path":"/machine/unattached/device[0]","thread_id":8439},{"CPU":1,"arch":"x86","current":true,"halted":false,"props":{"core-id":0,"socket-id":1,"thread-id":0},"qom_path":"/machine/unattached/device[1]","thread_id":8440}]} ``` @@ -55,15 +50,13 @@ StratoVirt可以查询虚拟机状态、vCPU拓扑信息、vCPU上线情况等 - 示例: -``` +```conf <- { "execute": "query-hotpluggable-cpus" } -> {"return":[{"props":{"core-id":0,"socket-id":0,"thread-id":0},"qom-path":"/machine/unattached/device[0]","type":"host-x86-cpu","vcpus-count":1},{"props":{"core-id":0,"socket-id":1,"thread-id":0},"qom-path":"/machine/unattached/device[1]","type":"host-x86-cpu","vcpus-count":1}]} ``` 其中,online的vCPU具有`qom-path`项,offline的vCPU则没有。 - - ## 管理虚拟机生命周期 ### 简介 @@ -76,7 +69,7 @@ StratoVirt可以对虚拟机进行启动、暂停、恢复、退出等生命周 - 使用命令行参数给出虚拟机配置,创建并启动虚拟机的命令如下: -``` +```sh $ /path/to/stratovirt -[参数1] [参数选项] -[参数2] [参数选项] ... ``` @@ -84,38 +77,30 @@ $ /path/to/stratovirt -[参数1] [参数选项] -[参数2] [参数选项] ... > > 轻量虚拟启动后,内部会有eth0和eth1两张网卡。这两张网卡预留用于网卡热插拔。热插的第一张网卡是eth0,热插的第二张网卡是eth1,目前只支持热插两张virtio-net网卡。 - - ### 连接虚拟机 StratoVirt当前采用QMP管理虚拟机,暂停、恢复、退出虚拟机等操作需要通过QMP连接到虚拟机进行管理。 在主机上打开新的命令行窗口B,并使用root权限进行api-channel连接,参考命令如下: -``` +```sh # ncat -U /path/to/socket ``` 连接建立后,会收到来自StratoVirt的问候消息,如下所示: -``` +```conf {"QMP":{"version":{"qemu":{"micro":1,"minor":0,"major":4},"package":""},"capabilities":[]}} ``` 现在,可以在窗口B中输入QMP命令来管理虚拟机。 - - > ![](./public_sys-resources/icon-note.gif)说明: > > QMP提供了stop、cont、quit和query-status等来管理和查询虚拟机状态。 > > 管理虚拟机的QMP命令均在窗口B中进行输入。符号:`<-`表示命令输入,`->`表示QMP结果返回。 - - - - ### 暂停虚拟机 QMP提供了stop命令用于暂停虚拟机,即暂停虚拟机所有的vCPU。命令格式如下: @@ -126,16 +111,12 @@ QMP提供了stop命令用于暂停虚拟机,即暂停虚拟机所有的vCPU。 使用stop暂停该虚拟机的命令和回显如下: -``` +```conf <- {"execute":"stop"} -> {"event":"STOP","data":{},"timestamp":{"seconds":1583908726,"microseconds":162739}} -> {"return":{}} ``` - - - - ### 恢复虚拟机 QMP提供了cont命令用于恢复处于暂停状态suspend的虚拟机,即恢复虚拟机所有vCPU的运行。命令格式如下: @@ -146,16 +127,12 @@ QMP提供了cont命令用于恢复处于暂停状态suspend的虚拟机,即恢 使用cont恢复该虚拟机的命令和回显如下: -``` +```conf <- {"execute":"cont"} -> {"event":"RESUME","data":{},"timestamp":{"seconds":1583908853,"microseconds":411394}} -> {"return":{}} ``` - - - - ### 退出虚拟机 QMP提供了quit命令用于退出虚拟机,即退出StratoVirt进程。命令格式如下: @@ -164,14 +141,12 @@ QMP提供了quit命令用于退出虚拟机,即退出StratoVirt进程。命令 **示例:** -``` +```conf <- {"execute":"quit"} -> {"return":{}} -> {"event":"SHUTDOWN","data":{"guest":false,"reason":"host-qmp-quit"},"timestamp":{"ds":1590563776,"microseconds":519808}} ``` - - ## 管理虚拟机资源 ### 热插拔磁盘 @@ -180,11 +155,11 @@ StratoVirt支持在虚拟机运行过程中调整磁盘数量,即在不中断 **注意事项** -* 对于标准机型,需要虚拟机内核开启 CONFIG_HOTPLUG_PCI_PCIE=y 配置。 +- 对于标准机型,需要虚拟机内核开启 CONFIG_HOTPLUG_PCI_PCIE=y 配置。 -* 对于标准机型,目前支持热插拔设备到 Root Port 设备,Root Port 设备需要在虚拟机启动前配置。 +- 对于标准机型,目前支持热插拔设备到 Root Port 设备,Root Port 设备需要在虚拟机启动前配置。 -* 不建议在虚拟机启动、关闭、内部高压力等状态下进行设备热插拔,可能会因为虚拟机内驱动没有及时响应导致虚拟机出现异常。 +- 不建议在虚拟机启动、关闭、内部高压力等状态下进行设备热插拔,可能会因为虚拟机内驱动没有及时响应导致虚拟机出现异常。 #### 热插磁盘 @@ -192,14 +167,14 @@ StratoVirt支持在虚拟机运行过程中调整磁盘数量,即在不中断 轻量机型: -``` +```conf {"execute": "blockdev-add", "arguments": {"node-name": "drive-0", "file": {"driver": "file", "filename": "/path/to/block"}, "cache": {"direct": true}, "read-only": false}} {"execute": "device_add", "arguments": {"id": "drive-0", "driver": "virtio-blk-mmio", "addr": "0x1"}} ``` 标准机型: -``` +```conf {"execute": "blockdev-add", "arguments": {"node-name": "drive-0", "file": {"driver": "file", "filename": "/path/to/block"}, "cache": {"direct": true}, "read-only": false}} {"execute":"device_add", "arguments":{"id":"drive-0", "driver":"virtio-blk-pci", "drive": "drive-0", "addr":"0x0", "bus": "pcie.1"}} ``` @@ -218,12 +193,11 @@ StratoVirt支持在虚拟机运行过程中调整磁盘数量,即在不中断 - 对于轻量机型,StratoVirt 支持的最大 virtio-blk 磁盘数量是6个,热插磁盘时请注意规格约束。对于标准机型,热插磁盘的数量取决于 Root Port 设备的数量。 - **示例** 轻量机型: -``` +```conf <- {"execute": "blockdev-add", "arguments": {"node-name": "drive-0", "file": {"driver": "file", "filename": "/path/to/block"}, "cache": {"direct": true}, "read-only": false}} -> {"return": {}} <- {"execute": "device_add", "arguments": {"id": "drive-0", "driver": "virtio-blk-mmio", "addr": "0x1"}} @@ -232,7 +206,7 @@ StratoVirt支持在虚拟机运行过程中调整磁盘数量,即在不中断 标准机型: -``` +```conf <- {"execute": "blockdev-add", "arguments": {"node-name": "drive-0", "file": {"driver": "file", "filename": "/path/to/block"}, "cache": {"direct": true}, "read-only": false}} -> {"return": {}} <- {"execute":"device_add", "arguments":{"id":"drive-0", "driver":"virtio-blk-pci", "drive": "drive-0", "addr":"0x0", "bus": "pcie.1"}} @@ -245,13 +219,13 @@ StratoVirt支持在虚拟机运行过程中调整磁盘数量,即在不中断 轻量机型: -``` +```conf {"execute": "device_del", "arguments": {"id":"drive-0"}} ``` 标准机型: -``` +```conf {"execute": "device_del", "arguments": {"id":"drive-0"}} {"execute": "blockdev-del", "arguments": {"node-name": "drive-0"}} ``` @@ -265,7 +239,7 @@ StratoVirt支持在虚拟机运行过程中调整磁盘数量,即在不中断 轻量机型: -``` +```conf <- {"execute": "device_del", "arguments": {"id": "drive-0"}} -> {"event":"DEVICE_DELETED","data":{"device":"drive-0","path":"drive-0"},"timestamp":{"seconds":1598513162,"microseconds":367129}} -> {"return": {}} @@ -273,7 +247,7 @@ StratoVirt支持在虚拟机运行过程中调整磁盘数量,即在不中断 标准机型: -``` +```conf <- {"execute": "device_del", "arguments": {"id":"drive-0"}} -> {"return": {}} -> {"event":"DEVICE_DELETED","data":{"device":"drive-0","path":"drive-0"},"timestamp":{"seconds":1598513162,"microseconds":367129}} @@ -289,11 +263,11 @@ StratoVirt支持在虚拟机运行过程中调整网卡数量,即在不中断 **注意事项** -* 对于标准机型,需要虚拟机内核开启 CONFIG_HOTPLUG_PCI_PCIE=y 配置。 +- 对于标准机型,需要虚拟机内核开启 CONFIG_HOTPLUG_PCI_PCIE=y 配置。 -* 对于标准机型,目前支持热插拔设备到 Root Port 设备,Root Port 设备需要在虚拟机启动前配置。 +- 对于标准机型,目前支持热插拔设备到 Root Port 设备,Root Port 设备需要在虚拟机启动前配置。 -* 不建议在虚拟机启动、关闭、内部高压力等状态下进行设备热插拔,可能会因为虚拟机内驱动没有及时响应导致虚拟机出现异常。 +- 不建议在虚拟机启动、关闭、内部高压力等状态下进行设备热插拔,可能会因为虚拟机内驱动没有及时响应导致虚拟机出现异常。 #### 热插网卡 @@ -301,36 +275,36 @@ StratoVirt支持在虚拟机运行过程中调整网卡数量,即在不中断 1. 创建并启用Linux网桥,例如网桥名为 qbr0 的参考命令如下: -```shell -# brctl addbr qbr0 -# ifconfig qbr0 up -``` + ```shell + # brctl addbr qbr0 + # ifconfig qbr0 up + ``` 2. 创建并启用 tap 设备,例如设备名为 tap0 的参考命令如下: -```shell -# ip tuntap add tap0 mode tap -# ifconfig tap0 up -``` + ```shell + # ip tuntap add tap0 mode tap + # ifconfig tap0 up + ``` 3. 添加 tap 设备到网桥: -```shell -# brctl addif qbr0 tap0 -``` + ```shell + # brctl addif qbr0 tap0 + ``` **用法** 轻量机型: -``` +```conf {"execute":"netdev_add", "arguments":{"id":"net-0", "ifname":"tap0"}} {"execute":"device_add", "arguments":{"id":"net-0", "driver":"virtio-net-mmio", "addr":"0x0"}} ``` 标准机型: -``` +```conf {"execute":"netdev_add", "arguments":{"id":"net-0", "ifname":"tap0"}} {"execute":"device_add", "arguments":{"id":"net-0", "driver":"virtio-net-pci", "addr":"0x0", "netdev": "net-0", "bus": "pcie.1"}} ``` @@ -347,12 +321,11 @@ StratoVirt支持在虚拟机运行过程中调整网卡数量,即在不中断 - 对于轻量机型,由于 StratoVirt 支持的最大 virtio-net 数量为2个,热插网卡时请注意规格约束。对于标准机型,热插磁盘的数量取决于 Root Port 设备的数量。 - **示例** 轻量机型: -``` +```conf <- {"execute":"netdev_add", "arguments":{"id":"net-0", "ifname":"tap0"}} -> {"return": {}} <- {"execute":"device_add", "arguments":{"id":"net-0", "driver":"virtio-net-mmio", "addr":"0x0"}} @@ -363,7 +336,7 @@ StratoVirt支持在虚拟机运行过程中调整网卡数量,即在不中断 标准机型: -``` +```conf <- {"execute":"netdev_add", "arguments":{"id":"net-0", "ifname":"tap0"}} -> {"return": {}} <- {"execute":"device_add", "arguments":{"id":"net-0", "driver":"virtio-net-pci", "addr":"0x0", "netdev": "net-0", "bus": "pcie.1"}} @@ -376,18 +349,17 @@ StratoVirt支持在虚拟机运行过程中调整网卡数量,即在不中断 轻量机型: -``` +```conf {"execute": "device_del", "arguments": {"id": "net-0"}} ``` 标准机型: -``` +```conf {"execute": "device_del", "arguments": {"id":"net-0"}} {"execute": "netdev_del", "arguments": {"id": "net-0"}} ``` - **参数** - id:网卡的ID号,例如 net-0。 @@ -398,7 +370,7 @@ StratoVirt支持在虚拟机运行过程中调整网卡数量,即在不中断 轻量机型: -``` +```conf <- {"execute": "device_del", "arguments": {"id": "net-0"}} -> {"event":"DEVICE_DELETED","data":{"device":"net-0","path":"net-0"},"timestamp":{"seconds":1598513339,"microseconds":97310}} -> {"return": {}} @@ -406,7 +378,7 @@ StratoVirt支持在虚拟机运行过程中调整网卡数量,即在不中断 标准机型: -``` +```conf <- {"execute": "device_del", "arguments": {"id":"net-0"}} -> {"return": {}} -> {"event":"DEVICE_DELETED","data":{"device":"net-0","path":"net-0"},"timestamp":{"seconds":1598513339,"microseconds":97310}} @@ -422,17 +394,17 @@ StratoVirt 标准机型支持在虚拟机运行过程中调整直通设备数量 **注意事项** -* 需要虚拟机内核开启 CONFIG_HOTPLUG_PCI_PCIE=y 配置。 +- 需要虚拟机内核开启 CONFIG_HOTPLUG_PCI_PCIE=y 配置。 -* 目前支持热插拔设备到 Root Port 设备,Root Port 设备需要在虚拟机启动前配置。 +- 目前支持热插拔设备到 Root Port 设备,Root Port 设备需要在虚拟机启动前配置。 -* 不建议在虚拟机启动、关闭、内部高压力等状态下进行设备热插拔,可能会因为虚拟机内驱动没有及时响应导致虚拟机出现异常。 +- 不建议在虚拟机启动、关闭、内部高压力等状态下进行设备热插拔,可能会因为虚拟机内驱动没有及时响应导致虚拟机出现异常。 #### 热插直通设备 **用法** -``` +```conf {"execute":"device_add", "arguments":{"id":"vfio-0", "driver":"vfio-pci", "bus": "pcie.1", "addr":"0x0", "host": "0000:1a:00.3"}} ``` @@ -448,7 +420,7 @@ StratoVirt 标准机型支持在虚拟机运行过程中调整直通设备数量 **示例** -``` +```conf <- {"execute":"device_add", "arguments":{"id":"vfio-0", "driver":"vfio-pci", "bus": "pcie.1", "addr":"0x0", "host": "0000:1a:00.3"}} -> {"return": {}} ``` @@ -457,7 +429,7 @@ StratoVirt 标准机型支持在虚拟机运行过程中调整直通设备数量 **用法** -``` +```conf {"execute": "device_del", "arguments": {"id": "vfio-0"}} ``` @@ -467,7 +439,7 @@ StratoVirt 标准机型支持在虚拟机运行过程中调整直通设备数量 **示例** -``` +```conf <- {"execute": "device_del", "arguments": {"id": "vfio-0"}} -> {"return": {}} -> {"event":"DEVICE_DELETED","data":{"device":"vfio-0","path":"vfio-0"},"timestamp":{"seconds":1614310541,"microseconds":554250}} @@ -481,7 +453,7 @@ StratoVirt 标准机型支持在虚拟机运行过程中调整直通设备数量 **用法:** -``` +```conf {"execute": "balloon", "arguments": {"value": 2147483648‬}} ``` @@ -493,14 +465,14 @@ StratoVirt 标准机型支持在虚拟机运行过程中调整直通设备数量 启动时配置的内存大小为4GiB,在虚拟机内部通过free命令查询虚拟机空闲内存大于2GiB,那么可以通过qmp命令设置guest内存大小为2147483648字节。 -``` +```conf <- {"execute": "balloon", "arguments": {"value": 2147483648‬}} -> {"return": {}} ``` 查询虚拟机的当前实际内存: -``` +```conf <- {"execute": "query-balloon"} -> {"return":{"actual":2147483648}} ``` @@ -589,9 +561,9 @@ StratoVirt 支持对处于暂停状态(suspend)的虚拟机制作快照, #### 注意事项 - 快照以及从快照启动特性支持的机型包括: - - microvm - - q35(x86_64) - - virt(aarch64平台) + - microvm + - q35(x86_64) + - virt(aarch64平台) - 在使用快照恢复时,配置的设备必须与制作快照时保持一致 - 当使用 microvm 机型,并且在快照前使用了磁盘/网卡的热插特性,在恢复时需要将热插的磁盘/网卡配置进启动命令行 @@ -648,11 +620,11 @@ $ stratovirt \ StratoVirt 提供了虚拟机热迁移能力,也就是在虚机业务不中断的情况下,将虚拟机从一台服务器迁移到另一台服务器。 下列情形,可以使用虚拟机热迁移: + - 当服务器负载过重时,可以使用虚拟机热迁移技术,将虚拟机迁移到另一台物理服务器上,达到负载均衡的目的。 - 如果需要维护服务器,该服务器上的虚拟机可以在不中断业务的情形下,迁移到另一台物理服务器上。 - 服务器出现故障,需要更换硬件或者调整组网时,为了避免虚拟机业务中断,可以将运行的虚拟机迁移到另一台物理机上。 - ### 热迁移操作 此处介绍热迁移虚拟机的操作方法,供用户参考。 @@ -686,7 +658,7 @@ StratoVirt 提供了虚拟机热迁移能力,也就是在虚机业务不中断 -incoming tcp:192.168.0.1:4446 \ ``` -> ![](./public_sys-resources/icon-note.gif)**说明** +> ![!NOTE]说明 > > - 目的端虚拟机的启动命令行参数需要与源端虚拟机命令行保持一致。 > - 如果需要将热迁移数据传输模式从 `TCP` 网络协议改为 `UNIX socket` 通信协议, @@ -702,7 +674,8 @@ $ ncat -U path/to/socket1 <- {"execute":"migrate", "arguments":{"uri":"tcp:192.168.0.1:4446"}} -> {"return":{}} ``` -> ![](./public_sys-resources/icon-note.gif)**说明** + +> ![!NOTE]说明 > > 如果热迁移传输协议为 `UNIX socket` 通信协议,只需要将 QMP 命令中的 `"uri":"tcp:192.168.0.1:4446"`,改为 `"uri":"unix:/tmp/stratovirt-migrate.socket"`。 @@ -748,10 +721,12 @@ $ ncat -U path/to/socket ### 约束与限制 StratoVirt 只支持标准虚机主板热迁移: + - q35 (x86_64平台) - virt (aarch64平台) 以下设备和特性不支持热迁移: + - vhost-net 设备 - vhost-user-net 设备 - virtio balloon 设备 @@ -760,7 +735,8 @@ StratoVirt 只支持标准虚机主板热迁移: - 共享内存,后端内存特性 以下启动源端和目的端虚拟机命令行参数必须保持一致: + - virtio-net: MAC 地址 - device: BDF 号 - smp -- m \ No newline at end of file +- m -- Gitee From 13543fcb092036772aa74f5f470a7c00209a985e Mon Sep 17 00:00:00 2001 From: chopupu <1123478123@qq.com> Date: Tue, 13 May 2025 10:54:06 +0800 Subject: [PATCH 2/3] =?UTF-8?q?=E8=A7=84=E8=8C=83stratovirt=E6=96=87?= =?UTF-8?q?=E6=A1=A3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../stratovirt/prepare_env.md | 20 +++++++++---------- .../stratovirt/vm_management.md | 4 ++-- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/docs/zh/docs/virtulization/virtulization_platform/stratovirt/prepare_env.md b/docs/zh/docs/virtulization/virtulization_platform/stratovirt/prepare_env.md index f476b073a..3e72908fd 100644 --- a/docs/zh/docs/virtulization/virtulization_platform/stratovirt/prepare_env.md +++ b/docs/zh/docs/virtulization/virtulization_platform/stratovirt/prepare_env.md @@ -103,19 +103,19 @@ rootfs镜像是一种文件系统镜像,在StratoVirt启动时可以装载带 - 对于AArch64处理器架构,从[alpine](http://dl-cdn.alpinelinux.org/alpine/latest-stable/releases/)网站获取最新alpine-mini rootfs,例如:alpine-minirootfs-3.16.0-aarch64.tar.gz ,参考命令如下: - ```sh - $ wget http://dl-cdn.alpinelinux.org/alpine/latest-stable/releases/aarch64/alpine-minirootfs-3.16.0-aarch64.tar.gz - $ tar -zxvf alpine-minirootfs-3.16.0-aarch64.tar.gz - $ rm alpine-minirootfs-3.16.0-aarch64.tar.gz - ``` + ```sh + $ wget http://dl-cdn.alpinelinux.org/alpine/latest-stable/releases/aarch64/alpine-minirootfs-3.21.0-aarch64.tar.gz + $ tar -zxvf alpine-minirootfs-3.21.0-aarch64.tar.gz + $ rm alpine-minirootfs-3.21.0-aarch64.tar.gz + ``` - 对于x86_64处理器架构,从[alpine](http://dl-cdn.alpinelinux.org/alpine/latest-stable/releases/)网站获取指定架构最新alpine-mini rootfs,例如:alpine-minirootfs-3.16.0-x86_64.tar.gz,参考命令如下: - ```sh - $ wget http://dl-cdn.alpinelinux.org/alpine/latest-stable/releases/x86_64/alpine-minirootfs-3.16.0-x86_64.tar.gz - $ tar -zxvf alpine-minirootfs-3.16.0-x86_64.tar.gz - $ rm alpine-minirootfs-3.16.0-x86_64.tar.gz - ``` + ```sh + $ wget http://dl-cdn.alpinelinux.org/alpine/latest-stable/releases/x86_64/alpine-minirootfs-3.21.0-x86_64.tar.gz + $ tar -zxvf alpine-minirootfs-3.21.0-x86_64.tar.gz + $ rm alpine-minirootfs-3.21.0-x86_64.tar.gz + ``` 5. 为ext4文件镜像制作一个简单的/sbin/init,参考命令如下: diff --git a/docs/zh/docs/virtulization/virtulization_platform/stratovirt/vm_management.md b/docs/zh/docs/virtulization/virtulization_platform/stratovirt/vm_management.md index b4f50e928..527dbd34a 100644 --- a/docs/zh/docs/virtulization/virtulization_platform/stratovirt/vm_management.md +++ b/docs/zh/docs/virtulization/virtulization_platform/stratovirt/vm_management.md @@ -73,7 +73,7 @@ StratoVirt可以对虚拟机进行启动、暂停、恢复、退出等生命周 $ /path/to/stratovirt -[参数1] [参数选项] -[参数2] [参数选项] ... ``` -> ![](./public_sys-resources/icon-note.gif)说明: +> ![!NOTE]说明 > > 轻量虚拟启动后,内部会有eth0和eth1两张网卡。这两张网卡预留用于网卡热插拔。热插的第一张网卡是eth0,热插的第二张网卡是eth1,目前只支持热插两张virtio-net网卡。 @@ -95,7 +95,7 @@ StratoVirt当前采用QMP管理虚拟机,暂停、恢复、退出虚拟机等 现在,可以在窗口B中输入QMP命令来管理虚拟机。 -> ![](./public_sys-resources/icon-note.gif)说明: +> ![!NOTE]说明 > > QMP提供了stop、cont、quit和query-status等来管理和查询虚拟机状态。 > -- Gitee From b6919ef74a308812b7a9c414c1b14273d4d19d10 Mon Sep 17 00:00:00 2001 From: chopupu <1123478123@qq.com> Date: Tue, 13 May 2025 11:02:18 +0800 Subject: [PATCH 3/3] =?UTF-8?q?=E8=A7=84=E8=8C=83stratovirt=E6=96=87?= =?UTF-8?q?=E6=A1=A3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- docs/zh/docs/.DS_Store | Bin 10244 -> 6148 bytes .../stratovirt/StratoVirtGuide.md | 3 --- 2 files changed, 3 deletions(-) delete mode 100644 docs/zh/docs/virtulization/virtulization_platform/stratovirt/StratoVirtGuide.md diff --git a/docs/zh/docs/.DS_Store b/docs/zh/docs/.DS_Store index 7e46cfba1fa19245e5afcef8ec61dd7fc034229f..81f6f38b599b760c7e298b5e99f4dfc24ccac63c 100644 GIT binary patch delta 98 zcmZn(XfcprU|?W$DortDU=RQ@Ie-{MGjdEU6q~50$jCG?VE1GL6_&~T0&h0kNbs;N qX6N7#WCkh$0s(Fy;R;f{vG6m~w3eq#cI)yA7W<%L0l}p$FKGqYmOd!f-JPKwnay;mep!=3Nf}X)K4V5^#2e1oZsxMJksv}K zLLfpQLLfpQLg4B^fWFzh$>oAZV}wA2K!m_W1o-Wl}iH9^9(lJ2;RkA5g4+vEe9x)))X+F-E6HSJ6Oi-cDAk-PcJ0m=yAhFHK~?Gi+O)Usrb$Qc3BIvYGNsxm@0t8gxfee%jA_ z&FS1;&ULu1ohe?YGkYv^q+hFQaUDNxIc6?Uund!y^mSQ|;f^%BdB^Yq-ISP+6OY+$a535>v#7bu!kJ?G2sNl7Xh0!#i_?9dsIl} z9NTpUNXj)7)=Iyj^ZnAB@ zm}GOjY|gdqU9M;Omh1F%`{qHvXlT+@cdzH>{FcC2zoz9qbGJ#htb*A}7Rgj4zuV4X zZpPbV<~*W_WS!VtWqkJh*pd~i8g9KUxp{m0T@!P(ib}Ogo!3>cJS$_Hog zfIY#EvA5X?_5u5Xon)ukPwZEAj{U~YvkNGJib^cT60AZk>QIk$SdR_Zh#lxaC-xwN z1F+%1g^y9(k1;%ehw&ty!qa#LFW_aog4ggm#_=wW<2`(W&+s|E#8)_tpK%7i;4IGL z0)Ce&q(#yaX{oeKs+H=b25GglMcOLul6s_!G$0KM52WIYX5VDbq(j6{pLAgfR2rW? z>0(>AZNEcpyXuqf+u1zLuCJOqZ+?8~%G$=J4Vx|oqln#NxL%qDLF7-$mmu^%H>xph1|^SRmn|o@j1ot%H`T;qnnd|3*t+_ds+CYS zDuM1THN+xh)~-`kt(5Xo%x%<(Wg*ktLS}fD$^Ue`f6Y#@@7Wo4mYqWx%Ap~K6}TCV z6yIC0jbgkF?G)qP=*3?2!NdS8+)EMfqkw}rgu{3c58)9U#iJDO&*C{ek7Ia=V*XW% z`f