From 62e5d52db0f30cc68a4ce42ab2ac777373b942e5 Mon Sep 17 00:00:00 2001 From: Stavros Kois <47820033+stavros-k@users.noreply.github.com> Date: Tue, 6 Feb 2024 12:02:27 +0200 Subject: [PATCH] netdata - migrate library (#2113) * netdata - migrate library * add caps * caps * ui and migration * clean extra values * add migration check * remove un-needed function --- library/ix-dev/charts/netdata/Chart.lock | 8 +- library/ix-dev/charts/netdata/Chart.yaml | 8 +- library/ix-dev/charts/netdata/README.md | 9 +- library/ix-dev/charts/netdata/app-readme.md | 2 + .../charts/netdata/charts/common-1.2.9.tgz | Bin 0 -> 63213 bytes .../charts/netdata/charts/common-2304.0.1.tgz | Bin 4993 -> 0 bytes .../charts/netdata/ci/basic-values.yaml | 10 + .../ix-dev/charts/netdata/ci/test-values.yaml | 38 - library/ix-dev/charts/netdata/metadata.yaml | 26 +- .../ix-dev/charts/netdata/migrations/migrate | 87 +++ library/ix-dev/charts/netdata/questions.yaml | 673 ++++++++++++------ .../ix-dev/charts/netdata/templates/NOTES.txt | 1 + .../charts/netdata/templates/_helpers.tpl | 32 - .../charts/netdata/templates/_migration.tpl | 35 + .../charts/netdata/templates/_netdata.tpl | 53 ++ .../charts/netdata/templates/_persistence.tpl | 86 +++ .../charts/netdata/templates/_portal.tpl | 12 + .../ix-dev/charts/netdata/templates/_rbac.tpl | 30 + .../charts/netdata/templates/_service.tpl | 15 + .../charts/netdata/templates/clusterrole.yaml | 25 - .../netdata/templates/clusterrolebinding.yaml | 17 - .../charts/netdata/templates/common.yaml | 14 + .../charts/netdata/templates/deployment.yaml | 103 --- .../netdata/templates/pre-install-job.yaml | 34 - .../charts/netdata/templates/service.yaml | 6 - .../netdata/templates/serviceaccount.yaml | 9 - library/ix-dev/charts/netdata/values.yaml | 32 +- 27 files changed, 865 insertions(+), 500 deletions(-) create mode 100644 library/ix-dev/charts/netdata/charts/common-1.2.9.tgz delete mode 100644 library/ix-dev/charts/netdata/charts/common-2304.0.1.tgz create mode 100644 library/ix-dev/charts/netdata/ci/basic-values.yaml delete mode 100644 library/ix-dev/charts/netdata/ci/test-values.yaml create mode 100755 library/ix-dev/charts/netdata/migrations/migrate create mode 100644 library/ix-dev/charts/netdata/templates/NOTES.txt delete mode 100644 library/ix-dev/charts/netdata/templates/_helpers.tpl create mode 100644 library/ix-dev/charts/netdata/templates/_migration.tpl create mode 100644 library/ix-dev/charts/netdata/templates/_netdata.tpl create mode 100644 library/ix-dev/charts/netdata/templates/_persistence.tpl create mode 100644 library/ix-dev/charts/netdata/templates/_portal.tpl create mode 100644 library/ix-dev/charts/netdata/templates/_rbac.tpl create mode 100644 library/ix-dev/charts/netdata/templates/_service.tpl delete mode 100644 library/ix-dev/charts/netdata/templates/clusterrole.yaml delete mode 100644 library/ix-dev/charts/netdata/templates/clusterrolebinding.yaml create mode 100644 library/ix-dev/charts/netdata/templates/common.yaml delete mode 100644 library/ix-dev/charts/netdata/templates/deployment.yaml delete mode 100644 library/ix-dev/charts/netdata/templates/pre-install-job.yaml delete mode 100644 library/ix-dev/charts/netdata/templates/service.yaml delete mode 100644 library/ix-dev/charts/netdata/templates/serviceaccount.yaml diff --git a/library/ix-dev/charts/netdata/Chart.lock b/library/ix-dev/charts/netdata/Chart.lock index a6a3993477..4ed385158b 100644 --- a/library/ix-dev/charts/netdata/Chart.lock +++ b/library/ix-dev/charts/netdata/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common - repository: file://../../../common/2304.0.1 - version: 2304.0.1 -digest: sha256:1ed155c6760e1166e2cb75b52bc5e81c6bdf0252c16ff5ede001157077c41670 -generated: "2023-04-24T13:40:33.182127877+03:00" + repository: file://../../../common + version: 1.2.9 +digest: sha256:af1a9a1f87e3e48453c9f25f909f5ebcd7fa6e25162b7b425448ba752bcdbc5c +generated: "2024-01-31T17:51:31.791327082+02:00" diff --git a/library/ix-dev/charts/netdata/Chart.yaml b/library/ix-dev/charts/netdata/Chart.yaml index e04524d5af..fad46b4a98 100644 --- a/library/ix-dev/charts/netdata/Chart.yaml +++ b/library/ix-dev/charts/netdata/Chart.yaml @@ -3,7 +3,7 @@ description: Real-time performance monitoring, done right! annotations: title: Netdata type: application -version: 1.0.40 +version: 2.0.0 apiVersion: v2 appVersion: v1.44.1 kubeVersion: '>=1.16.0-0' @@ -13,12 +13,14 @@ maintainers: email: dev@ixsystems.com dependencies: - name: common - repository: file://../../../common/2304.0.1 - version: 2304.0.1 + repository: file://../../../common + version: 1.2.9 home: https://www.netdata.cloud/ icon: https://media.sys.truenas.net/apps/netdata/icons/icon.png sources: + - https://www.netdata.cloud/ - https://github.com/netdata/helmchart + - https://hub.docker.com/r/netdata/netdata - https://github.com/netdata/netdata keywords: - alerting diff --git a/library/ix-dev/charts/netdata/README.md b/library/ix-dev/charts/netdata/README.md index 236b8a4f8b..1a4afa8d22 100755 --- a/library/ix-dev/charts/netdata/README.md +++ b/library/ix-dev/charts/netdata/README.md @@ -1,10 +1,3 @@ -Netdata -===== +# Netdata [Netdata](https://www.netdata.cloud/) is a fast, easy monitoring and troubleshooting system. - - -Introduction ------------- - -This chart bootstraps Netdata deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. diff --git a/library/ix-dev/charts/netdata/app-readme.md b/library/ix-dev/charts/netdata/app-readme.md index 09f11cfa63..1a4afa8d22 100644 --- a/library/ix-dev/charts/netdata/app-readme.md +++ b/library/ix-dev/charts/netdata/app-readme.md @@ -1 +1,3 @@ +# Netdata + [Netdata](https://www.netdata.cloud/) is a fast, easy monitoring and troubleshooting system. diff --git a/library/ix-dev/charts/netdata/charts/common-1.2.9.tgz b/library/ix-dev/charts/netdata/charts/common-1.2.9.tgz new file mode 100644 index 0000000000000000000000000000000000000000..8da115509fdc2d6cb3a37cad7c7b29f93adcdd23 GIT binary patch literal 63213 zcmV)@K!Lv>iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0POwwciT9!D2~t1{wwe}&K;|tCCmGaUnlqLcG79z=_Ee3)BSxn zH!lY!A&Fy(U=xrWPvZambFdNs!9|OerNwi)Ba>JP1)w$*szN*-<8F@3x93B4!^dAA1(la3x=6~rg z+?PAJZ{&e#iYcTqPRYpz05qlvIss>VRe)dPn;ho%fUk}Xn8m-LoWwXi0n@z=m}SME zyBiTAVIF6c|9uJ)Sv6!;!2stV{{MqFgFzg|Fac+f!UPXD#xPDPj8l}8lZ`GwV;CnV zAVSmsU;L5W6N<*97vk{-04W@!6F~C`N+H<*V3H>%U_@y~PIh+g?(TZ>6Dz*6Axew2 zy+Q9YbfN&-m@1fedwacqY1!OJ3!Kvv@Q;4K zzp>$OaR8I#28OrK(Ev^o%85;u;~R9%cPHD)8vqcLPva0>+dXt8%2BA2ILv)rvLQX&sXsF{c!V@a%CGixch{(SHh|`$HFnNv=cz=aL zoJQmX?Dpl?4COJ7%I~RYQ-3&=?*}kWCONtu<%o=M5*1&_gpa`Zvdh2Z2uAVO0ni@* z!uA-QWOIRYSOLvmB{WC<8vInO&v*=nh{2bm43n7R{9evCg+n#-lO(yoNgUpvfb+p? zOfPaoP)av8ZXg+*`&wWhbQ=e~gWleLeM=c8beJRJZB2dDE$$xn_UhXk!#sx3jkh`Z zt!S;^JL>Ho)Hj%;DE32l6Vnuq;~ic?H+tOb_jY&d+w@NfLE$8i>HQf_Df&oRcOjPI zf>=oxZ_l5ffWxD|^S|D{I=%Ym2?+XqjuQa#NqS0N51PV!G7%-~I8{FN5d#O0q@?+zoH!L&Be&r>94;sgyTrO9JphX zFV03V9U?U+Z#be}#bgX=I1+$PvMfPklv0@R8bo(W?ny`!@pr`p=7``)9txn7cpNKw z8D^6caM17f$NbMR8uJD8cTSaa^v47dtLUy%@UZ`im3;l%`SbJB4`-(rSBieaB&mWX z!_k{e3%V$UHwn5DjOEujy(Ps2jWD6F5xv9tZSgWkoQNr8ohEnio~`mICF-5zOh3mt zq2kLKP6zQ&0Edgt1*}3yO(RT+o;ogvoq&L^U!1{hNlxaT;W z@TJV!=kKgH94b1B34mD!LYRUZ1O|ALMgY=ERfA!sCp-9QGUNm?mlJwE5TlJ*6X0et z1aYc+*algGAVGkU002`E6EZ<&SA_}$DVyFHro9v?a>*o+f8!K^2|*D+QHB7M6mSO_lkpQc*(`vvytaT8fN+1!M$s z#7Wa%f!c|RK7zl3>o?EeoPZbnHMqG4ksyWtDa%t=&|@$8TEBpFbOLrn^Qtt=hlpOG z1cmf8Ni_NXE11GO!9((BU`%1Y!#ZdLgpRXE1A>mT#{MHTC8P19fe@kT4jGMW!4M1S zJpC66DT=@#$74Y_z&MVg1l_?LZTuB5cFebFjs_@aYYMO>zY%|Y@sXlDg~@qJQ9ghn zlB9Q%OP2iZ{bTpRs4rPcM`tLf@gNQ%T~dR;;bfwKGxsbPdM_qPa)rViQBp|4#miEq zkPmtcGhSN%<)Iy{x{~C0OMdDid6P+9jG0Xjk;f)w5`f#-*vhldT` z?-@)IArPtcce3&66Nu9=nM4Q#@yFhDw3}Z_H2zKPx58`bA01DUD%5Hi|J>fbka;bNdzIl|{jA z5YxXA{zAj}Hv%$VUxVu4#?a&}h%fb9Avzlnsz28TOj!@3v3|RpK zP7uX83MtO-0nW8{1VA`K;VsBuj#6rrG1ekrYjF^NWQ~nMJOC*|5sG?7BgH^@a~<#- zOyWrBUgQKouG(#jj~jBecA4B0r?rc+`@rN|R(6xGl#{2R$A5fQLX)vnjl#x)IC)xN z7zD3a;pabrE)cv}tdW=iRU`ntqH@P<(^wY_4C7A&n9?37HBd}k(Ms{oXo@4tY9Ri| zbvkLi;q{$YM&V+Cc`y)h6cnos=E%f=y-7cPlGuNEDD?bDi@QQxeU7pO-!s)um`ScO z6iRyoE)Jx`YH=DAkK3%YT;}l@=J(E9E>H=H7w4J|a1)v?Vo-@FRY;3oe-2i%`v8++Z|y-pC&kj3Ht@Q-3$_P zhx6#^=Bv}o^V8=)eYkw{=K90M>DATmZ!Vt)_E=r3f8ELeg{Jfog*JBacns6X9cmYl zQR!7TEWHXQDUB1gs=6>5$0^4UAN0cm$Qb+hkN>DCK`5jX@_#^t0Z9U4)_exIAt;lIO2j6m-c=V zoc+J>4bV(=Qy^7*VqZ?4O2b1}mWT&n1j#?qeTkz4F?lPbO_T4$1GivLmy^XLRdBn0 z$|u$;Q``9!#aYHUP*;~>R><*$P;i47b?1WL4H_^JPRi9i zaLvSJCNX1xQZkX!offX8_;eR132TKLZJ2z8$610X>bcOOG_poq{B8clf2&zxpLTvw z7EadtExKnQrI<1ufUtRwQ(z-uTUzj8O28fBJRDCbi6bO!8Cw@QzJWK%Jvck>h|&q7 zz*H#mNxA{V;%S~k1^>f?Is_BAv7`dFS==^w>taj)7rt?hy*XUL2qohl8SRWPz70-H z#i#tedxzrThz2Jh*bO|NBg7`AoAE=0-~{lO{N$3!t*(6H97DWDQpx_$^u8O!)+Nm;y9h|?5>v?~w&pB{2%=L|E#&IrZSF(H`x;<$ip&n$|IjdG7?IfA@P z$&2s+6a##IdVTuS>D7w|&9VZ!4TZ{RGS0m9Dlz&$C9w5l&qy1@*EIHw?<_;3et6jN z0QzBbD}oe(|NZ3ucAt#9PofV`e(64W)qQf+>5)H@x*k4%mZ^<k$m*?pQiIagB{F$2H4>LeRO3k?4m1GD=(J81h&t_OJ2!rF{KTzBWM+hd4=0jGpBIQOCB_rI>=P@r2M{ zAd%pU7CM$uid)IHvOG@d00bAt^k~@@biq4T^Sw5p;gm~C@1BtN0oeK%j#Ch9gFtoA z@tC;^z_xDVG&(12rlv57qd-ii2drvvScUf>aB49Cm! z=QH*G^8ES2eZHNs&$li56xL{Wx7CT3tTf-hyd6iv)QF*cE%~)QD^)yB0E3)A5#L02jCs}U!WU-U^9yI0KES{OaV$uBHBCl`Mokw z!@_M~8<5*LW5Ss!lChN$r-l)95EtsUv~Wyv?tt*-j%n4SIO9$S=DNfwcqhPme-b#g zxv#?s*xX{$CFq7AcrpP`hJhSMr(AxFBfC5_3fo5y=nqLp)rtJW12@-$^8w)RVO^l9-4y1&+67H%xX+ogYiH$;zL=%UK92;*E zg6u`C#0SqRR&F}tU+(h5`?Zl>GoxNOeSq!!08XSOty*Md0_SA{7XSnmSBqbJ^;vQ4o%Zh5EMycnYrFBpY#R8#R*dT8MigGpl6X&Gd zL&F|(-w0ImsjEeG3E8$-Z*Q|IECUIb#Ir76LT@#KO<}!hhgG84L^Ld6xoT^P7qv!( zM*Ux2Ib6g6xWWJT=;&zI)&F-7*ZTiT9>)f+ru%Dk09Nq1ruyQ&ZKhZ6D|~>}=cPFT zoA~p30jmNFSon1xkM9TU;HSMKZ~^0=$rHF(g>8;dyrnJuQaH_8Z#?z6{@Lyf=0Z)& z+#bbOR@1%G%K|E9{PjCF zv-a%8Y6x#@2j`-Nr8+o&RbI&1@Iy?*k$m?p*!*jUU^d6*cV2-mt1YpF6AtQ-h&x22)wJN32z1*#4phVo}do<>HXx z6ZI;SuLFTHlfUgr#l#5qg=Nf61&J&97o?^XL@mD2_TWE~9oCnsTX0!_b=QMPo0WMZ zHM-Vv&>~MwW$8KsMpwELwKG#Roo06m7R_NOko9s}51 zR({TC#*udB!wj^`!#Vnwu1`7jsiql^j(vEruegTj?!y1t1H~iW2xvP0=fQjzivHE; z|9^OVxa-FMI@mo}pZ~Aoar6#8-CyhBKL^g$O5{sh8{seYng4=k`Wh$R1AYE=0p&!r zZfYiN&)8*6eZbyKDJ8DjXfoxZl^VSkc`lYIH+^7_N;x37MBae2}`+CTn>j1cr040Du$?jPXd&Fhyl*pt7LVLtMq>z5p4 zoe5EN)?hyrJY-46L*AIra#(;;$Ee$~;%b9o@p-8XxrI@}7zFp{r?Ku=#5SK zpEPE?V4D8CYG9-OcjUx>-rMc>_t*O0DjrVhmA?iAWE79V5T!iJNIC@faGZ!s;L2Mg zgM{#-e!!M4BbYFx6PRcwK>+)I4zTdz&2k(fB6DQ?jOCT`96=%r@Y|l+iaCzccnlK& zxpOkFRBE4t5@DxyZxPnjXv&knI_*qSZgVD$7oRv=P`}L!)Fl2l|7hRB9$`Y2&umaK zcawr?*dLWh?{i<;Bq*Pvyj+Rr&+v4F$1qOI?L+l;_iz(t$oQt4O}p7Ntj7%*-z*0$x}j!_Nb2;|14U1M`wae= zVCqD571YaLjeqjilElqhO@8y%)5OnPQ-Af=)#TAzSAX@@HFtDTMNvQdfA_Rl9#5t(M2mx5_otxV%-t`o*nEEoX(>t<6N5?W#S= zBi(rvZ=bfUHfyhQ%%rDVcaVgu#v@@6%xO_#jO0+ ztgP|ETYGKa7|JDHgu%|3A}{y=flHBx7)Sz_3v)n#%XjS zr}`DlHpYm;$U-5bC`B{9R2%Vle-dv@F&j?^eTDKN0$XMUS)#CWvgz-DE&pms;+vj= zp$C)XS6(|P#{HRRx?@Dm3f9FBrrWfcqclRfXBDarf<$#GesmZW&Es)Lj9M-l&Bl5L zZ9M=Lk*qe&B~ybdv)G&nGm@pQ6l>7x*Z9l9U+F4J0}>@SKasC!mVhml=GDNQ@HI2W z>-bg`7A-bBe#3|GM2LW50HX*%kfJ+~u-&LFIV+2|`L#Wj{6EL(zwlyt|J2iD|2;U| zbNT=7@!^{Pui_D0KF8^Q;hUv!f3a>>!uxqq@wec=;w*(HM5Y)BO2+HT0k-AGY79%^ z#>R!wO6sc;FsrVA(^hSb$U5Y?-2MjAaI{nKd@=ep$6s^&ua4sr>4!Dj{(`itFyY>`tRVOE`ZyYQ&U&2qJB&2>Eo!TUr;Ue zs-&&fs(fW?p{v$FOEIDzMgFhS|CV+3_m>v>-`=sS{~hkH@Bgpn;Y!|;&i=l>bHDay zeqZRkZ|P@!>vO)fTK65ObxS?tTkAt>eQ2!@EwUun`p{Y*0)Gm9=+E|4>3=DrYzj{) zh2dz7Qu>_9&N07eJ*!^Wc>iPn$hrT&w|BU{|G$!l>w2%nWP@V1K{4IS&`gXO`B?)#b!N&^pPPLDmr6jl1XF$Xy>pz`{QN{mtsA(!95IkP~*Z$$r zZaM$!-a7y5N*>P9FPzC<2FuT;UzW39{8rDt#rHNmT9nLkJdGJwL%AqvyZ{t~2|+qC ztBX&5RWy&Ms;cprAWIhU@a!01up%YK+2)V8jbq;ZpQ)WVSM#@x;%SE!ZJ& zcwZUq@xlp1=Q1Mu6CNSR4ojUb-Gp)ZwOd2Z+jfpQFqsEG?RJl^jpiful%drRVnQ${qNO02u zSr)kIfIJSk63t(Ms@YcmJ7Z*JP9?BG|2x<}Japr~?)Lj@{cjbISO4Ray&NUbcZ9!E zE%2;K4LobF2lAp7%GGaYC4CBjDM#mPFKFT$_g#w92vBU+4|sIbCSCBXl`?4Xe+jn? zW5?%6YN0)_b$UZkN?WUe;UnmQg>tt-Rj_DgMs4t0ROk5CUh8y!I-SnlE03qveOtQM zSEcd*zB~Pj49_CsD}cR#KbjIckJQNoW@O9R+k{NZb4K z9p}vaRLTGO4Gfoc0iZGdSO3uU|35fbpZ~1n5lMr7Iz3y4xX%{NmzDSVvaJ>PRf#qd zzbYGwRH47e5i*2vSpdXD6##c}gaFP#iYcp?PZA_s=Re(c$%GF{iRJPyyHqP_Tp<3j zyf`=@a6(5okN+)lZQTBySpFQ0U8tiFnOOA_Cnx}c_{TbPFR&@%FwZ25s_@;_4T@$+ z21D7FlFctsf*?V?*XnagDp-rV-+{RMZ3v)(HZ%%ReDCqH%Q8bQb%XyDr%{{^D|tl5D3MWg2^yeSHeXf;luNf(3oOdC z(F2RpB54gP#*dRr-~9<8)c01poI>G}FQd!Mtk(?elcykflfgeG$m&MspmER4gAnC3 z9>gJ}P7XD*&8Hx+y>@6~B|bEc=*vCu?6Vh>B)KvM->R1ghqovfZruMO>Mn!bWvv&0 z-FijQHYY6tbTh3{(eUhY?^-Bb3#E@Ml-g&e3~#?cQr-YO3#UT^O8d3bF|&8fKuyH` z{DkzvoR)S3N03pxkmPQT4p15vwQteAzjl_#Q%KP*y7yO}hc@wwJ(uu!`>*ZP_Pmn5 zT!iLvI(%+na^6fRVD?-nU!8x_`gz=^TK?zy-YW9H9C`A;?XB~FujY~RKcDR7C;+^v z)y0959ddbl+fG&P2?(V|Dq3kRk;^eH-QS5!LnV-x7*8RlG&&ba0I!w6sJn-s*YbG3NCO2WRV-lWSaF}DM`aDq-L z<9GpM*W|hi1tubev@ppMIeFj)#`BA9K(N|)1l-}20-E0!u8eG!nKqN*oD$U#>%ty$JOFGNz%(lP>>2QM zoWJbyLSAxfY%xjB98*B^iJrW|8(wd~r`o)Fei5{Akl(N_6J#;HLtxVz5(x{}Az|K)5i z(GF1UFR;=BL2E5H91OZ;+Z_RzY#Ekd8E-vv9w$b6MO@cKU&Z+O{<{4vBBa@U1GEI`RO<3D{CWQO*=XK$oqqIL9eJg#Jw)Nq~1x$a@f{;$ND_ zVhS{wXOrNq$B%hpqB(@LN2;d80?~+4kV_uU9$^ zR2^H#V*1odv_!f45~KaaNwRLI+!BSkJ`BdW*`RFlG>!Pm<)@x<7)E=RdAp)f?~#ag zDCgp-bS78gMwV-uT~6R3#l`rG6FG1*p=vl;9*<#u?;VXDLQj-i62KKFi_SdDcI{J1 zdlj-JT=*DlTK4P`Bq6}(t~2fuCb7L+2%0oiJ9dGm4^R?QGoq)Q}4_EOGnaX zM|KSlBu{1RIP+Z*_w6%?Q|jr~nE+s)tn-_5niBL9eAfY636(=uz3{d>@}({*U%O*1 z$w>vF5oD!i)H4Ij2v!Gd4O>9Wip~MDAc?cW?5^|1mG2WZ3n)GVin(XY7dVZmmH!MM znn#TPy}y54lK+m6*ZzMic`W;XmwPR#S?BIcOAzRmc&+2?vh-sxpTf6pJR$TsLfIM4?xhvLk^59WC(!GZ*tw+I zt{a@sBJhNOZn40apdw5Fgf}9Em_Xy8*J+d`?9MA3s%8N~w$K&`?j98<2;3oXo8mjM z1ho`6$nhB1)1WNXj2FceppRJ+hcQj=d5c%tvkrtX1vwg^oV!Qztrx{P3Tbk`%~TPd znV$D|gGO)~<4MkzHq<+Swa3;3o=^t{EiZ0CLMCHGKrkUliHt$VaZWUOr<&$K4>ABf z*R#S#kPufL2uwG!I|KwA<_2aZCL~UWLc5ews@5`f>!%69to;-T4K3tse1LN>o+LER z5>+`y;_|~bh#CI1@d&3#IVtL8KGj)SZB%HFzeqd$MLs=AH&pWMV>LX>)c#&0lUMFr z4vJfWQ+MhtN@A}uHuHRS;nb^BwO$4aEtPu0e8Q5pP=KlEGfn}Mm-r^ga>T|WE@T=$ z&L)gn!1}X$dz7DQ`7b6{6lWP)Nc7`RgZ$S&=)3v9kNf+_Yx!>#Pt%!(UImq6j(s#i zamKF~2PLt@A&}xkwikaqV^Wy3iMdYFMfWAgZPt-vm1uO=7PbELK40cjz5lIv^b65| zrt@F6=bin3w7a+7|EqYK_P>*rz@Pyl7lKUzc7Bk1^gN}UP5*+DF_$rJ5I`}Hn-`~a zoBi+T0N@-95)A3lK~EW1B**3ld~9Z@pdSB5Ic5UPB#F3?e#1{^rzoc=k~JyjHZnMb zaS9+25)Ho!Mra;qAVDxA?$#y2P@MQf~`7eG0#fSY?U2G)?uqMO{od!o)i zxM&rifNPU5q$uw(8UBumlv1Pzs&zm|nDA^+_5}%;szK;`*!+Uan}I}gM_t2?QyTF9 z9~}fBkjM)<>W%<6plyvHxyaEV{s@A80Jh{zF(K%RnPUB_m{l98K{pQ_uqRF^h8)1s!)%g-Mt9&TG$w zC^nZ*NDaOM3EJ$4kpq)1YTl4DMI@K<@c2qGhN!*O<`|(^t;#X2W^wq}1ou0eVf@z0 z_yPxk&HTTxgw87hH0po5`!4@K>aYEOSMmr3Z>;j)9K-kG5TgfBH zyRrfeCTS?Hqz!NmhA2fjq)aE_O93cKYq$(k=dLBU=7Sd671!Ft3QPInp+Ww7ycHg} zU0I;`&9X@vf}?$T$?R$};3lqaP$ng17zdLiSrksyhJ96&w|Y_+vZp-OoF&D?tiL3I-mO6N4pQ|&&@z|QO7$u_Dtsy4r>p* znh<5aW_+AsgKG~k1u)4*FrAE19)|*>AtcDO9-mWgF<18GzjgoC<6g>aIGhDjFvf(k z3DC7j&w;j*%SwSRM~vTdG>iSq;GBvp!vGTD?tXJ$SXjhu*cqpe|F&k$U5Ca_m%rt` zW$+o~C`(|7K=8i<5PS$`TX|oauzn*?E&s=K75smdDO>G|9PCsG0c`>{cBR5? zds)^$)!rhuzuGW8MGq|_^jH=ASvrg&ZA^;ZF)qQN7!^l|mPwKK_X=he21Qn_!K7Gk zGK};jRM-i90Elk2ZII1yj8mB3n+C#Zg@KUwxHb!Z(Wi?3i>uu`A7DOQSOsXJ|NDJ6 z{`>Ln?)v`MN*>El#wHu^!`H=#zl?&yn)|wL?6;2S;v2}au6fm+d5fL`^pWQ9l>N3T zvIyekL}~G!cYE$5_jqtPPiFVe;ExHW2-p`iWPnuNO2T6S_eys=^n>sy93fF|My+{&+*~WI{*7h9*h3V$zCE0kS%@}TtJUy$&A1k zI>JorDksIFtDf(EGFwB+eT{U>R~;KbspcbV%KZ&IP4pk7)5pI5cXYhpckTbjhX-r= zzlz7A|1Z+%a>zbPr{4w1=i_)JxqlmMPTfo~$O)&oobZ~>X^vDh!+;N1#n|i!LSMv& zzV(rKzhP-wO0}c!iv@x8Y3B#HJgnG31~>{B*H?l&L1wo5r}aE3iCronB{umA8Dya|r` z+Lhp3($kl-%Iw&Y1ms*9o&B8S@rgNYIT{etDO*_q|B3D|(SWCk33EjCpMw}B5&P-U zNV(r40$T}6!Pe#!d`b@fD zfE*1Nbr``Z0zCA?fV*&%TpIs{;}itjAdo$qZ!Gu-&gp5AjbNvgV9FC9Z4-UWU@GDy zoOqKnY0s7*a4Y*AWRZ?mMIA!QR&#Jgb(xwoKY65N$7gKG=BFb)Sm4 z(c@myB*|^QBs}SKKN{;$mQmq1ztHzztRN-KD-cB;D-@AqkNHSr6_2oUvZi@iZ5&rUxHbs zh5pY(!pF4#9vmK&;{P12JZ$3?HF2#mp(a^QLoqB^IZx+cH zxlWrUz@xj^Rch7X3iYOqief7^^))I7RIAV!BX)wYS|y4!EkWSd-I!F(7J{?wy(*0C z&#(Lx-e~4jR479duBV1emk&NOLn;TdAV%{*C~D6H-W9Lng{?_fkg&|HEGR|5NGwwj z2o)Bh$V${Ws-Kv;c(S1##0#VbmcjPe$HDcFggDvOyc?_BS(?LUL~BZ^)u<^<9}|Bv@}Oa6by zd+YcQD|syX|1+EH<#~aqwewwYfMPI9WdS=sfYT|CBap@k$Z(uel)I7qtU!1sVbm}= z1kjho(kShw4Jn0tn8r~I&tOJ;nGJFz=rQTN{_Xtv`RRwV(~B#|pV4Gwnu55+HMmB9 zPuo`Yz^yP9A(XxNV*(SaW$s$=HjV!<-_{34@|uZ!Fg>%aMUyoCV}i6BOSM~p2N2(U zgmNa-9f2eXKoH__HsO)+CNxfBdLMvbn8R!oha>>OG>#DVSq($T1GJl{@rW4O5rdcK z5X@r<^dn0f*lt=oUi>3*Z=KGff|9=|7|9ubGGF5f19nmeRX>E&&r0x*Xp)Pm$t0RdZ5CJks; znNPH=&wtO^#D}XF*Hz63!(ywQSTLMnHknI-$hmy;6E`8#e1bY15U_u3?Wf(yBqe)( zdH&mrOGeO6e>(s5{QCUGl^Cj`S~cXo6r*XDj(wAf%48af0rY^3;{}~u291FB+iXZR#4ks zK1ol>TY_@F!K#b!)y>Luz}67SLjH}}3P-G}Tydh6*_(KK_2Tlw;;k&)0wWBniI?*= z@$&M`+lvp2H{)%gVv%7?f4*W%Dn~Hle!XulL4=VAk0sY0&wvKVQ6Y;HCJxB-X^?^e zQB81x%3gUmw-=J^=#q6ECy3k=ipJ%&_8Ozhy@>+WnH&lS2MC%qL|hZ~nH*Tv0)=E9@2AT+&&t!D9U^^=Y#I#A7%_Du(Nv zMxX}!&;H(CDgMjx!P@_4B~K|(CZBL4kjHXNLDn+*F6=?hh?eaa#G8L3eD1ZmrqF9; z6zG$uAmAm->DJ5;)h4Jm|I;l!buV+)nOQ1QOBAhHedwV)^`$*1)$)qSZHx^{vwTAA zBYG8py3ul^A?@WT!z8BI$iO+fM@<2b(cZH;A);`&98f46&IZF)>8!*AYIXyf1B=|4 zqH)&*RICjhKgjBQ77S*SB)Pyz9Nt$MOZ7qxin0L+&IhkCy~q(kDXj^xw3)FAF)~ec zcGcjNXAWb!9Gap$aP(o@?&gDAcd-!Giw2)H8{v!@FwAiU96mVfY?&IzUoz?a`q595 z{FlT76yApkdc6E!`~Bl%SN_}GTi^d)$z#cXda{=z^y%il3xUrV&9a5P5yrPB+sJZs zMVSU2WSGz^3Ug{Pi%pU1x~PCYqA&o#h|)~{L#zrVk+7I)laWZ91p{YW{3B&Fo#nIS zX<0BVR$LBczB{@arf1+s)=UfTWb!20Gyk{6HC!bh6r=1htok8u6tGO#Su@Xq))3ej zG(i#5yf`vBK(irJ_UwY>!z=|GmGz&i}oV$CCf}WG^xL8*lHs5dP#y9>@EapnMvK=rtUpZT(jv zd6hjUcmdmrk>N;K_>kxJzdD^$HDdx$3U3k=^?E(Wr+45$(32%?=|!|B0`$ZLK%mV8 z<*++Wdrl&|u6^}t=LeqaCc}|9mzF~^TD4@0+NMo`m*HoG^U6zOCjKgJqj^L)k4L(B4btj+7r$Q-~gWYOh;U45UtfWd6qmK5Z&%_KUv#ZP0w+Os04 ziVN1J-dz55TS95W;Avg{d2y-BK9vLYqswu-P}Ed- zNm!T{1?P&|e-W*YH5cUhydc1!_V7yu6j zg?mzt#(0X@#vk{<6{1x2!y7{%vm_2S0V9}YDCI|UTUQ8y+sO^eQ^YjI;^$v? z`-exn{Z0>@CIqvAAu(Ly;!q(D@{=$=X&i^I-&_MY7@&}H_>8&T29W4t5}zV@p*1$1 zHjz7vjZl&iA@%Ed0e2&mS}TUBGn1V0EIb%UUEoXWVqfBE)c*xj{%w&oP!0P3-v0iP zbN;h?bhP&WS;=GO|3x_gKS2_Q%S!{L)Ms}U&2x!@vw)eD_HwVSHS`88U%R}fF^ypo z|65)6v7GxykSN{F(aF{47g9ZORUh8?OAPSTvRk0kz8oesu~cYbg|O;eC}65whQglV zZfmG}LfW+?U8OaZOarE0s;gMJV=}~Z({4~wj66Dm>0_>(jfy&ftPym;)@EtCJ05BN zXBa1}!9w3las;D$0Cn$0^InPGn98y^S3VbxR?0 z3?O{SZ5=31EwD@U$0W{qM&SfOLOH}GglvncxOZ2DF-hjMi&#zy7D0|KpoQlK|KA|K0xXQ7Qk|!QtVW|F7b)?Ee>hvX{m3SzF(S z@m~&Q*=`@a-Pb%LeqkC(;wefIApr;&i;CrMo=kp{*=``bfosPX#ImX=Q_C>V!a$z9 zcYJP=mK~0-f_kd$bAk{R>yl8~;mb_~bZtR{J4QHp&J8G)a|Peu~>89agbS&bf2*~~lZ2xypH z;qdlLjzO@9MFt^S_)_q%*sE*-_&v0stw41hj}e}DohoX<)EhOhD18O24Q$X+w_E`d zC?J<8NY;$|8Ir3HWFACjRE=y-B(rYOJ5 zV~PY{RY%6uS}dBg>eu3K_A8VRQPD#2+1Fpi)f1krr;w9lVY+*c5_o@wLYziSTxQ&L zlB4TUj>rfn5fi;9VTcGZU&-!^Y8lF79I3xOVRw|s%Ym>wcf`?+&aG37%uKZ56BzWB zDA7Vk4Q!BLNRJKzHbfefQWCWnm7jqh3t<_`Gp5o7AqJ)fp|uR{9InbWTGoMFy{ABh z3KyXe)^q2n19le~y4##W#4f<82oB7P292V#B{g|gojASK!|;?~72SpD)N((wD((oJ zD(+`i#a`G>1^Xi_ZY_JKwDk?FFL`~PPm}$x2)^@J_rG@c_78VU_rH$U{=X}EEb;A9 zP4;pmH@$Yg3#rW*&9V)Fx@lI3vBl>IWoI}mU9m5Ks1dvDGFr|kUi(F=;(J|VK2|rXE)-qzfR2w{TQw0qR0q9z-oPa$YL*HF!~2K*7z4f8mu_GXt`G$+V# zo*rmTxa4e6K<@E4F9xCA@uSy{ABaF!i)L($Ic_2Vl+4dfDC3hjkxtSgdx}P)4Matr zzLM{Q@&*x3@**ow)%}i+VR!a=%^M^1x*e02S1SB(JU;T<@>k)-fTJCc$BAj){9mNsjWtz@%D?;a>J>DYT+ccvoA zlrn(x7?l)Xai4kqCh)qX&qgtxfgibBSoJCwtK~UPDUd;tNjO5$Btf9hI2rM}BMqrE zeoQ-{uMT7Q^=pxCa`DuX##(fUYRxQof~vOg>K5!-dg&no3XzjyForZ70SGckDax1R zjyR7rIs*sSwPZ;>96K=c*J#vsf)KKfFHD-?Cj)dh(7N2d3QVc&hvv` z@Z@}Fw{Ys(`2oCo@v5@I>(>{*?L9Xua3F?=ivb*m&Hx5M`M&KP0D_Q77s3DA>i^IG z^xo}u|MC7a|Npyw_aEiPbnJmosEV)u-n-NTR$flQu(6aJ7lk3#YxPB zfAR9L-ye6%fZM=tiEP&>62kn8or|68otHbWcK)gQddXULO2s=D@y>O;^D^Ff74Q5r z)@5T>*akUH!OcC}Lb6PM?|>D0@iD_GlcVM9{R4E=vE4xQGIG611Zw0MIv&9+gcJ>N zZswy`%9bcEmelWvJ3zvOU;v{C1VVucfbhs1fI9^4U`mBtE8G&f=e{cy6`mo6!m5Cn z!`5w3?P9MzA(r_TP&0~6H`vCa!*NDb?w|!PsB`6UXI{^5 z$8Ur2PCVRo;wEfmoNa)U1mCf42RI)?O8mj% z_*syMh$8ZrD*7v-cVPC&S9O=i%5P>ksQ%K1*01zwvj4kj8s<3#Xt4k99+cw$?(VPc z|EqZ{%UMAmuH>`>l|N-Ea<{XXzKdgl(wLTdIAC8f(pf};VS;a95&)cW*Ck6B|BABS zusJhg?+fj;Dloq){Fb2HUy^;%#dz)re>ssfg%$MX1}InZrx18}*no`fUF7jJPS6m& zV0t}Q!Aeb3738Pn>UC7AR(#?I_9zVTIJ?O4AWpb1C1abVN_H{fnra?sh`=bd#e-jQ z2$K;eG!Ru2^|$K0q0>zK3taz(5N7ZuPGTA(etJ@vm%?IA6-9bX7vOEcC^~UP>c&a{ zbZgEmK3R9xSqI?Vdr#_$dI+N&XQBo6t2K;8wON4VU6i3Ln@i5r##}kouB8dzJpDFD zx8!49ZR>2A2+LA|+Swf&+pNBvu{fuxJ-DtPrGnti6yfT#KM za+ClBCfk(vgv#v8RlTRSrfUq>t8iPP-{n<~sjIcMRWaS!FWd^>v8EkGl2Zf5rA)0- zfUkWXr;gG)r@cZ+6$+_ba##lDN=}**cgyq9tifrV(p8{T5wuDvp)Ca~jm2)JbYH95 z$5)CarUmnIlG1pLq$hJ=i9W&GG{mWBwKf`mgE*!8ojovryP>zgz$3wEfVe(!!i)l> z@6^3na%_DP-+&_3ptDK z#o%3kmQ8K4?sfhV{xsQtDayxjI&b7B@ifJM+TA^L{l5?UM{E18vM;?i@MpWrA{Cc)bzi(bdFpSwRMgJ5#kAi51V78$i`V#9JS1<@7kQ5Jz-6!H z3;2~;wq_A}Op0lZbyiuv$g!1KX|=rgZ8vFh&8U%9%$ARHn$4|Q=lAn8@&74KCS&vp zPty6*Ks3dFI@&Ms|Kt8T{^Lp>i~k#wy~HdKMyub25MYgG*+Re+Ct|bt?n1a%*fW%q zm{634$m^R|dFfnT87S(jI7Y>r;<|+|LV#gC(EO+32tftsF1tTjBepW#dRdw-8Kg3j zg$;k3nj-VLd9}W#@Rf@1W!N8y8JZlSD-Dm$%>uVDv1* z5!o?ryRa@rb+@h#5k7{u2oRJK#6xyZLw^PUetDw|uG?(c|IHu(_HB#eeK9NDQlQfp z^74o;IYS9fb!eBwwGed5?V+66RC4_K{k`NLksc+#Kts;(Scy!+#FW>(rzilyFPPA4tW9G92!4vAI7d9j z9!$!CoS?ar$}_uV+vsYRfD2oLSA`dWMH6kTbyZk&&*W{eY6j7A>9}q=syQX$&oppV z$@0iSFr8(%+J&S9NqIz0-XmQl)ya?aT6Rhlo0k_;eK@7Gnq#3r*u_gkiI=SDiBk=9MfMzWYtRBUlCVzQ~da9je+(Emt_rHjJoi~h?=eH0c@oulJBVgP!OUsw@XE(>6zS{4gXWgs1~GQp08 zD-w>7NL(QE!#o<-sB@XjO#5&FZbgb8zc0Se#G6@0-M0ROVlvuUcG-0O$T0V;^>mdT zM$Jq|=BzY~|KVXnF8`CNrbn0UX*Tn%PgzEhJyS<;t@iwoMx-xNHsyhdN1&2`A&KZxHK2 z@mLSTNzVGmsU+|9^u2xrv%2?tywMz=)GhA?{L1p3I(^bJt<`>~hSRC{I==StXojU) zBX*TR12A_K4bU5G%4(=C`?Lp$ID_Lw`eya#=(4P2&(SY$q^@%wbk%gxibgycIH8cn zVST_8FTkR~1(sX^_H1_{Wxrmi>Q^048sYeQ^Qr;~=ND%NO-MZh7v(PTgfa-WQdEH( z7pv{3)tpj4RL}S@ek{TB4BU-SYN0h2*A(7~V(;shCinA$^sPSN@O3aELA@Npgk49MPQ*VU8e0g6GeE2e?80-#aMz|LyMY z97TFN*MmRx$hz9I(X7o-t z5od6PU--!rqOMvPERtcbHzABqjFB-j{(>1KkMPXg%@Y4c>_kSRQWY13UB-c?Q#lyyf+`DpH2rD+< z0S;y%0X$xbld{Mx@@I`{(vJTxV*P7A|2aBx=4-2qohl8SQY(5BKt@aYf?RAtnY8@mp?Q);i8X_Bx*V3i4Tz-o30_-#1 z%W0PVCf?SAJ%%Y9qNsawZ+CWu@@X8ZN^>GL7mfLcF%z{_)7@LU?mXVpK>thb5A#Ta zjs8FVe(C<_{@VX@C67!e<~awf7YZ{RU1ca-3RfsCvI`tpqL#;9)Qkqky#~$TV8xLE zh=nsy<)MLLYhY!idy#Y`iqoNpU}@L{G91mqwi?H_?DK<|b#k6Y=p*vR5LHPsScz>} zTqI0(5_W|!K`&hB4NbK!$RdCuLKZiou%1e3ylX-smWN?S-LgK3f!JX20AdboIM<-1 zQ7Lj^J-B8dv68=5eWWjR=K269t!4qlsK&0e>9 z$+#;t{#aU`#Bvp}`WA;uvo;~X@wtQ);EKCIw*SM<58x%D2DWeR0m+h>QbkkZpH=m( z_+$6-#jh_;uU>RtpT2t0?RUz->?Af%o{DCE<<_lkV1iMC;FPWOIK1WkC6G{_xrQf3 zVlQ-nXHP$3UVmkEjCm}FSk>c;35bn$@j$#sL|OY7ZEN?LVlD`VuBXfB*X&0~Zax1U4XRQ<3h&i}JB3pYg&TVlN3?qSP z(*jPhVqzeKNg@`b!LrRGGPdOm1w!-==eLB*`-aD!UC{=9 zEz5sBPlNnlvU@$k`CotkpnU$ff3TMSSMk{QzeWg%8MlbW4C1cGPHLVmHR}T69+p?+ zhnDqKa&XaM&-m6^yAjUtwA%j*nt&Vk|DNmr*Wce?pZ~AqsoMYYpnc}8Z`x>=vg;FN z1++K3c)i~1i#`qeKeMbAk97XK@1Fnc^^XtN{=X}ETAcqb)6|za)~{Jlf!zASJ2*+? zIZO`I=rqYj@bzR24$V`LHHq*)&HMk+&wu;-uKj;~{=2fL{`_~zTYuiOU!&^Uez4r9 zVgC!kY?001;{H!5{@?EL-dg`(%_HUil!w3)E|~xi9PxjlecwX1-&E2(?`@f8f=$aX zpr}quvZFdNPTwS6PM!j(ftVjnn+Ypn{yoD99ziJmRrlkZgYd7Xc1P|JpE&BU;Imz1 zx54JrJ+&~y6Wp@z6*pds1Fu^XR5f>-x8UJHM;+Uo7Q=O-j2WhTW5BlQ-uSS2ySy8w zCYH)`^oXcBbr$0S_%fG38ENL%Wnym4dB3-(f&Z)gTMH=x4g7z1Z_kbY-alT)e_zex zmH&BAG@R<}Ys(P??6p*v?IFWa;n$;GdgO2A(i4!v|EKWH>4_*oDFXL+qIkSKnN}vm zJDlGp7|!I!;{xA;pIcr%*Y_DRyn3#S_%B8w?M-0(smN~OoWbh~?onLbmCmJh5fS~& zZtPPLEp15-t!D7n2ESJAf8lcsT{D(1@HEi>#V&rzr-}X_9=h@0`@6eq|Id{?GC!%9 z?lhUx-q+bf_}1^?wwqsS~u<6QSWK|_GgPyX0(5(!)NS2m?` zU3Y8KNeL)ww7ICMK=xhObo%w*Hg$(&&Q-&>Ox1pd!5P&S9ib0`Z%kkE(*F!cJ0IYL zVxHqrUJE%5L-yA-zC|-KgC_cawD0==?;Y*-*YtlCk9GdfrhHs6<%=)`CYRT>Jxf67 z$B+MffulB&pPL6YtB%kR4PaCE#tIFfa!1v^plM8Fn8g1^V36anP?ChZL;!GBaCJ?5 z-9)mEcXWoMH<>v2uN$b7(7AxJe5s&ii!~0fZ>A{E<49&x&v5iN(r#={Cix77a}R39 zrfOW?i)O#nxmGp(FCv>ScKXvu|Bw2+?)mT0@&4NWvy#W6|3yIf1&MuFr2qa#DZ4R( zWs`9pA?D4^zc>}o@tB95+G>+Yf!9=biRMX{Y6_{F6y;+Tx^!kxjLP!?;-mpLXljwh zhL4wjcVg6O9QJaQVG>iE-y1I}92yN=Op@dRCvhk5fA>Vd}RhW2ZUmtSq-JrzY#z%h(*+)8z!xw@D@e9STxBH0YB`R zJh%u3YT80kI(Hq?IdP&%D0`}-jNh@uzibXjv{MRIG0 zsxR2}uQ6HLDs|V@B&}XqYd^~M^Ott||5XO>7BT}g`F|cCmhXS{*ZTiT9u@ypO!Y#J z9+uiH7tOb?|LcJ)*$mK55aba!ek&iN&cZ3m!C!O_uSH5*{kJgFmeckLBWGAF6DM4% z+d>be@Fqd7mtj$ihiDy72z`!Fc80V2QWK?6DXDahY3G_Um?Vkgo>Fq)<5Ygo=T!IR>N^=~A$X8$^kf5e^Xo~9chVPRDL7Uo6@FZ{KnwITc2&4sV zBF9vI6npPJxJ(jfm3%NTg&NkRKb>#hRvFmT{fs!iC2qV=%gfIywjKoDhU%kxn zB=a8_l#01)YHp*be;4Z-9&xYV!e6(AfLG1`qq*;Ux=#cDKRoEW@jnj_57zvDC68tQ zfByOkNHZ5qBN-NcQIR03h~V}uNC8nghpT6k{XY{JK6wg)vt&Xj%72b?Vy6oh&PU$t zFEbwVdgERh=de*qW287;^`PmIiF=W9k7M|D4+{yK0!gJQig#EDCCI&zMEC=tXv1>6*9m1NfaS zC<&j8oJcWXL*h}PZ_z#BcLj3v$0W|})KW6Fq^vFQP{_fbs**Ku$sOfWl#>7i1i?HU zA@);jd=j`ift9F1?n5^}LoF)J%ou8S_nwevf(V$1mg9fN#`3=B=546IL}i;ub)zab zd2y^%Y!o?~o`DkmPGUp&}7o#|F0v~$XE8%iT!B&D&(CdKx_80_Xob&w4DR{U4 z-bAF)*|SoH57Chih5Ut4_r#Nqlb7kLYjZv84nnI5@!&?|u?{gu^C9NQLX7HZW~``+ zt3rudYP^E{qq1+-yFSq8Fj)E5fP**QQE$qmhT;?d^Taa<&uvI|IITC~+V)*M)%u?h zEu=r&uW@=iw>sE(|KrHb|KC5{U+4c{$z$n%=gPsdp5l~qbT=>eKMXEk}GcNr_c1q9q%I?f8sD9#+k zN`rIa7+DNJn^eSwPLkHoxA@fae`))DT>ig%uwRP*w)X#7(NpIC>U3cV{J;9>;M?K< zdJN0v|HdKAY85zDMu{iC)1x01(0|8-ub#fZOfY5RsLzZk${kbULK7zC{x4|J6h?USB~jx=9M>*9e? zt>t9}!>7^{&PVz!szz&Kz1SW9`3UV-`c%_@eRuW>g*l>+7yoO|6aTA!u+IOmlEw7Jk|ZkB z0Nc&@f5zAR$wG`9R%;DTYmGE$pAzRhG zfDA`fh^xOwu%uym?YgzW!d1>!yKOs$h3DS?*DvPO@c%TXXG^&Q*uejfjt)!tA9oMd z@!wYRXlv6FF9G^i&bQ0;y@Odg>ofZ=6Wki~3fLR77DplC|0bHvr@`!H^0z_d^R&dz} zpeaf@DU<}K1*9?}5(9XOQbY=mBH2hF=w4~b*R_=+7{$wKj0ur+lGQf#O(K}BX@w!=tMz|I zCv1ZBNcTUEcaKZ?pN`h||5x)^_WuhU0X649PWqz8faZvN--aEaG>#>k08~60$B^%I z%RsS+kx;nU#QD{%ns%O5-hiIn0cn$+t_K{KKU@96hOX0 z`4F)V@A8-;t3aJc^!1zPZ%)8z6ag~HvILD$N?`(qOpGGDy9iC=5D~C-xD9su+hC9V zchCV_Z_?x*+>KDGi^K##LgHa6e@zk>s?+dr;L<+GXLoL=%})iRd&2qhWH z%j95)=!I%)(HQ3{!H@>7m*6|Fl^_Nfb>4TtZl7(@?!$v#1hCkJ;0~sga9$Fp5r8~k zG5GN*uf@0!8#~*RlQhfYX`G-TiaxMHAGmf{+7BtJL(dYzZ* zi`5|t*sec8ifAv+rU$(^`%p3R00jK5MPQsZPXibGo!RsioEL|zamrnj0t?&$;Y(Nq z71^TriW_MCMS{Q+d83A_%8Iod^sQ9h*^U&Uk$X*jA6kkT-OR)JHTQF+HQcOaE|09}Il z@US6E)nwTegt0e}E7E{DN06##0uK)x<+r7KM#lA`Sq9dt zxqT#)CwMvs@7{0ts+5N#sTONS{Hy@nT7f-}HM(h!uqw|$oPr-^N5=7n?-)jPCGMfk z))%kS)R~-*x|keJSPduqhJdW9aLs&4M3*P&>vxFwlRee;pB!=KE$GEU7XX_4Kacxv z{-@)ky>luo8O5?4Ka60IN>fc^~QWRgEha6Wr9C9!fT z;rTocI?qv-;Cm(_xr5@t6WQ`sSwKH=GvW~mD(x|T$N@rV2V9gw}$Z)rQ34m8A~V~2Kj$~fA^pq|936_ujH}he;KnB$T?q%22fr`->eSc8_Ke^ z00Py`Y$f4aeTdIze0ENr$|O+U%i%V#UI!n$ge7dV34Xndglq0;mjhRoYmDx{d_%qX zwrPeO@rV^l6m+^=$~|DNJ`IP{iMzci(Z;=0Xj}Be? z@80qH{{LzoOa8kqrX27&2V&BJob^Rz!P+JD&5DH$qgu9vI4t^TYb%~Va(M07Y?0A~ z>rvy0KMG7TK_AVMs`#Wjj)2i;AGPu+ag;`rJuz7qCUL;rDtawwOPd<001dYO7+Z*P_ z7}qVjf5tns-bz<)k#W?I29w1AAB0@^ zmKz^_@ezd+ig;$-t8j#(Ny7fP$k71h#;ejQ<#)j3&e^h;tbD8b^UrL-`_@Dsbz)1A&6!z3i3O_3~ulH;n> z`)~fuCG5GmeI@UM1%L!V@FdBKof3W|76~paEF9Lt!aC@P*qw%uifS$iPnK*FYgGk@ z;X5!qydl!-C41t&AQhj?_~|trapMYbHVXi94^I+to~It+0TTx0J>Cf7FzlZTGd+s@3NT-I;u9!QERX)+~SYEFpJcis6J_|{(d zsrEIawu+x`n(k@osp76^2~Ky;B)pmSI`5tGf+|F;@X|(|vvC=x(EnI5!pS z+qjb;C=$kDw)I0k`-a?)g>U@d7mqn=J3=Y@!Z zRHaKT8NIv_xb0Bhb2KzZGmQ}WOj+73$Hi7b>O;ERv`Qewygbf5)^Jl^Cy1&yTYk&A> zcW`uc^v|wA+Fw3uZCf2Ovn;u_7Vv?m*q4a#WPg%Z)W<{7M!wMcP_Nc6j3`aXB-6&j zk7I2IP~oN=x(NsbbwgYViKe?fGzWK##hfB8cQVy#jMMSL&2k_m?aD{n*(D9Q@7`!$ zxhVUJgURavX2nYGv3P*8^>t|pUq?IZ{Ld>XhWsyv8f_>Y z*XDB10j27O$94!%9a*+bn4-JNbkyydg0s$QjJk&OV7w`c5XS39GK76BQ4r=jl&Fuz zkwj3k{5)cH$#odX-r0U1WjKcXN2osIMi`O^$dPArU7H_&?^t%`HxR z!~)F5=tKWwqpp=ka-s>`gxtMNM3$JY_NRv?N4N1GGdpgF+3pqc# z-v^O*BY(N#A{%qTvWzk3iHMCfk5s6`nKMn64q|TUPyrDVSte=ZbE_cO85EFjIZEbt z`rF4Rh}83crPjW;_)mMT_)q)m_>U_o2LD$>y&l-eFDgg>j8zA9HtN2S#Eg=18=z{)Aj?p+xV|Lu{CuBrE?+k$8 z{iOfq&H4M?7yX@Luza`XVrTn*egyT!vyBfg&o6&`{nwB5-@g!e^glNL{b|>T{7!!@ zn(jUostMr0-HnUs5Ms3pYP{^9_b>ZD_Fwn^inb9M_0Z0bn_I}PMf>Npe@Xj4(*A4O z|0~VvQeOEyz%)c>VM<0MK{Q0ycPU}2&R}<+S9haz_Ioz}Z_m}hAoZIp~ z=E@hzXCVZA6a>*Nr-SOSi~DBO5X36cC|0PNGJZ}(uoaR0k|u)hCYNipQV z>?pKU`LDua>aodxc~{n|pG8$anm*;*Q~uOwFGp%agyT4SzY^7#`VHAz(k*{wF8bv6Y$>p8*m`ggh1o=^zqM^v#35f@{ z#4wv7A|x%$kQ}D{PCadHSR&Q1%BYz=7PNK{)}<0^Xo00KFHnamOF?5=vggn_A$vhL zRd{kgSEAW-*qkStn5H^ZW&5@~Q9PeUAjFAaBzn)93FysN=vqKu3+Uf&sh9ubnRmbO zzjpTqh4^2)dq->ee-*`$|Igo_E?4w-yI(yvsULc=Y=J+Xc}kXDzA?VJziw9D@`7|g z!_jGgsda;_P;7PMTbf=?vQNX)PxArXbX+wb|D|{#-Nv1H=3Nx-u*aB<^LPs;=|y~T zXvS!lBwVaCX^WGh^M`RDi6)qa1%Wtk-4WSbds_rmB_H;mp&v;|5}c|O^z@f0K^}~0 zi1ly=85+F%*bhjux67szqw$hiVBiZ0+~q6yc5cR>`CX=B?}3>pqyXr^n+%3(Z_T}z zR_gh`a38-%`|thzV*Jme{dNA2l@u%g2OsL?iU6h22OgUgpgOW-LE!$~J_X`ypU*jb zJ_YH@oh+YvBuU@a!0>QDPDzr|A@w+eu5usEV*JTUD(qz5PIZXBlG!2qvGyrl`;@MI zN?Qr1V&w>FRQ&yB?N;hS+-`O4R{AK4Q~pn`vDg0u!PoR$Kl8={t@Hml+BvfC|BrU| z*7E-v!t!jME6VYvXdfcHTh zLdJJG{+VD&Suj5w-bsWesQ!H6B+Rl^jV63Yx`E~94$M;+E-iClRSLgOf%nws7&I|m zuIOqeB`nBLNQ)4OgTUHht5ObX0)gYhV&|+1<}I}SR?n%XW2tfs+V$Hf8MG9t8nBuS zgP^}`{Q1JYcS!@*xIt#~;uwfj=N9a4o@iQ2BWP_bup4E2Y>}8vXLOq=r^}>I3B?+l zbJ*<_)gG|ZYN8@eQ9v-*H4tlZS}6&8NaTTsno~x@5&Ga*KO5Ik6c8M4ZWZP_++1va ztk9jv?bH4cP8ob199vlvJ6d!ac@%&hCB~jSTd4i^9pT+1y*KJLD&Vk?Xj&ovCDULj z;oocJzx};J{P*3xb^MQ&6hr=d$47j50v}AEwVY?uP@y`HxLun_pZ6tdakA_K)oNZ-+;F>-+ze6jT2vM|_DoKM8Ry1v*HwWI?bf zoT;YtgQ(meHxly8lqSTl7gMr*fCG5mMezS-$^M!hYv*l*1K^DaHJZB-CE+a8kOIOR zQ-7B=`0d^VRqX$eTM*LD-LL)k&e5)Y{y$ou|5sGR{?FIUxl|Uu&xU>B-Cyb-bBKJ~ z=j#RlH`ps30JhyZlFfv_%E(pq$>BxEU%!;s2zH9F;*AI}L%#LO`w#f7={bd77@ksw z)b)fN#0tO|mlv8wR>P+xW!OpRXHAskzEUPcW6b^vSK+*RS61$BqK&6IT?+}G`p?i0 zTq>u)(h>q{{vaXPze6}{)7Dhy{nJQZcJ(j!=eJ>S2O3!b=HZaDYK3Q=9=z&>b^u4nOShtJOhEbSqrT_y5D4wfw)5B0};>yWgek{L)^0rtR5M_Aiz9`MlKx`3^z>z9s<^BE9%q z$^8;Mmjc5uN<|W4QBiwPtnFt<1UMU5?;9{AN57V!s`XVBb6b!jQtm`wrKMHQw(15} ze#DKgCgU|N5W(z1@Mm{|^T1{Ld>Xa{m{K zk8O0$2Yj*JA3*hB<}^;dXETFkXn(RD9uR7_!yC9S+YBr9;`1a*BQFZ{cmk;xcTsno zrs_XtY)Mwq=qO3GY|*-{2aKF`L8a9%J9fkpC6|>~!J|@ANOc2c0XSq0&LGrBNI~8b z3@Q7~4;9J@!8*PGzJQ5_I6Skk7P*1X9ksPL);D3~6W15n^MdUYIE^4^zj)3nx)1P* zMO!A(r@x>Lu)BvJxwV+vc&7L<4O97d36fg3o1mIkcOb06lHLN^6U#%O0(Aonbif)L zM>n#uXwnH)+0lgzj_g48yE*zA2teLFO_a61K3}!fVa){f#_3UQpQbYdxa>1?3vpO= zX$^>drJ2E&ZMWX5+uJA{mi>>!68Wcw%l*@q+(@eH?^vY zoO0^Z(p9;>w!N29E&ne^0aPvj?+kW!cMJaChimzNCB=~cm!$v_V)SAfpr%IvgzQ6r z+K0vShPs_1%F8#?vprG;v%7%1Ti^k zDD1c+Q8WiY&1R&d>SmGC*HhmCr}3n$!@(hP=>i~p9=l|zTC_DeFoW{E+o0`CR<_rL z&;U&RQawOnz)O!9dZrw{R`Nq<{*C6VWMDL(plHBux0bBdO*Gx2V+E0G?)UPsx0Z!V z`CjOzT49-tFFn!Ct3tk?)d{E_gX1pu(mhjPEpYE%0psgjy(^Myx9{pv;R0U0sJeq! z9bD)dUTdh~O}zTTxQw@mZO{2;*YOJSyf^asbk8p3707$ImzSv3&Ea#g7Zm28OOQ15 zwww291Rz_w2Rnd#5S*p}YCzgr16aEa-|tqo)&O~9Pm8q?nA5<>R`)HsodLXb+ zN~Qi!{?Fy}( zv3PV`lBhwiMO`;?UDSOQc{u29n#WiBHbFI%fvOHh?7A*+cBW<8p}cj8P%%pJ@4t7P zEh%HBoP>Yyb8OrFpT-maioF|sSHGa)C?FU7aTj&Z6EY;pizyD&6RCI19~HvT zo4bCFifpU>wr}>d<$kXk%@J{K_+}eor_WKZaXxYk3ul#<1w=8FWnQ=(1-pXPRimG0Wzs zY1=sl5M0(A@BmI>63r!?zP^5G%m3r)bwJtpO_aVP*uOjR{e&=99VfEx{I^rk{~YeF z!>x_LKagz0$~H_N{JY#GY66-xtJ-Lf_@psb$a0 z{dXk*v$h3YIq%A!4%gRGd#3^<;lJx_RX;_m8o2?wI=ad?n`$l&g9xXG{AftSw7Y2= zpJ!mBMEEu;$b(I^G17kj`EY+QD1JTX>=Z+q4W2bPYVKZ>^p=nieHfr^fk4q8GV8Ca zU+yU@8s{f*)xJ2Dn@C8HTG{>5p)7x9KdCTOTgz|XdTA>EUBtv=nfVuA8OziE?-cTX z?G5(V`Tti^Ecq{U(L;Q|mm>Ye#CyD!U^e#4I^m~xF*(ku-6=b3!)Cu?)yfx?CUlZ3 z%t4;1$cVKpV;|A(rha#OcCIO=d*}-aY3P$MMY~0PenZESr5r~jiE?}fs09X#t%k+g zUg%QJ-Sk>Wc*Lb8|5tH3T7`qCP@bS!RB3=|QUzVwd ztmNS!AYjYalYi>Qb6U%G>_7dLX#iNT46v(aTuOhTEJE~$)d@O)Z#0Bm8%Dke$7M_i zr;ZboDAIV~9l`$J5}J~?p+~ynH)ravad_9&UfaKU_4CNj{oFKBuC#NL$R{=CHU-le z_@>Z={;==9=jp+mlyGCeV4TBrM+huL=!@)J5EiTDVz z7Rbutd9Q=ul%i^gzY!K1a(Fw&36U@PpL~bq-*bY%gDgvMl~Tg$`jV~*JVx~{@{L)~ zsRfVoU7C+sLU2kDM$?e~G9_q?Lq8x}vfF*=&y$4klN{N`alAc?g6RZu$7fmH;mJ?% zAvBrura!SKe_~zB91`ehJOV1}Px53E0{BUqCiHrmDwi`gKr*_83%(WZLJpei1JSxx zf6cUNO7;HFCf6(2{||PLiu?ci{I`-K^uMpaU)KIFX3S&X|2aWg@Bgan-{$_`zc&UD zO%u;-t>6FCtpBH3SB5VyX9=5*8U_#8%#+Prqm!Fa9_UFk`&0^KpWj{eSOp$JYPt>p)<9>2O|G}&8Sgq=Y=uAu_<2i%05VS^8Uhce40)K5&5ml%ylgZ9 ztJY|U%2Quz9~`3%mGF}HxVveO17#f~7EdH4S#ttOx3&5DX9p&Mw&d^|VuC*YrHB-z3;i=Q zji=pMZ7x*{19A6zoT3qtydigJLU71X7#Rzy^S3b#2*THlglWZRQ$~ciE*Fyl<9p&^USUjv31VqN zW4_e3&@DkBAwCz?`D?!4q!CI;oDgV^H2lIe3Qrk*^TWk`*njQq72<#H?Ch`e|E;9JrXvlg$nq7z zt|Wk8T_-S!reXRv=14J751yb%Jo+kX<9kj$sEoIqOqC<2bJgzr^2QjmH$PnPDdZ3| zx@vlDqc>5C*ffr#go_%Q+N9P#iqk~cNBP=?uo$B*>H_&)3DjvyCL+hV`r37YJ0ht; zRQRm=+BWZ0es}w)nQ|4+q^Pb9tG1sCC$QEcL;4wY``x0h!)3zd!U-w^T71V#g=znX z{zs>wmb65>eEZ_mt;h7l++h@wQ{03?Qx-} zdP!sm@v1a5@M4bXtV=JkFm6o|1MsCe=qXi!J+N{zq7OU|6ffp<-et01pTq(zXh(1z8(4R;`R4s@}HVs z_b&gT?v#-v1Z8bE#*E!YiN8{*Fz@Q}r9xdGv?W3@R~<(E89pzl54|FQ7y38xNl`GY zkPHi0IK zhWv7~i@N#MX4kwL?23P3n|(pK#50aqdXCdERD2I6He3z@LzgbtK!$wiHJ| zs+=HrRbhBuP8bI^ai@65alHUGDBEC(FJJgQCDFcV+PlLee)B_@a|3QLF8!c7tUmxt zX!TtbimwE7PyK>^i=Ahd3uYvm5xY0m_*-xA}f~^Mlac6$R;XHIn@uq*et)2voSJ1Yb1mX8UH`L#(WV zH~tt#aB{i>mI}~ZwQD~x#9 zX|}>4O2%vehamve3`&#oXe)JVO0o<2;a1(D9-+6re9|5Rz{yb&Z-eaZhC);KYd&0N@JWuZ5O6$x0C z1rK5c_WA97qCfX!+EPX`n|RpQf@52wffJkwL-Jf9qsAdI32`13xFJ=n4>{TnQQHx; z+43PqMe_CphK|Zln=w(|6^(1|{Q#Q83YLW86A(9%91!ly1*o?nUZpK}MWk7W zN9W52LFOg8h;KO(5Cul5dq#tj9T$q%hZ&+=L!8|U{{j2wsUcSEgzM7BRpxDiti4gK zqWoxwsgWVU*?`B%aWk$-BcYg5iwHd{n7$w{m3%Eu6z43=m0LiFD?i|GF5u?om*#t3 zPSID+7aKrd6qLS4Wou?-?!y5C4N_89=^0-2@qeL~PF+r_@9wF&8E| zLn>uftw!C5l9VO!aMtHg9x|4gAEi8QUcl|qBt7vEnp0xr^!`5O0ut_(6r~vEG~Pdx z8i)AD1w=ddFfD=2eTIi}{t8sVSvu*d$|P=JAq1E%ieDoI-Vr4r7J^SaC&8ua2WRjb zgFwJ<>J209@JOTrP<+Mdlwzh{));b*l3&M-vlN}SJz?MM^r5t^RQZT}}#lO$**ooY%`q@Lgx7Y*^D5Fsj+h;Q@Dcec3J7W58=HV7~26uDb zQb-jMk1{>xg3;P(3JAF}kn;AEA>0%7Sf?bGgww>pIl@OgxCvQM{5?c6>TnWtg;w0> zXQLvBFbwHIQzjnZD3F?Izl6ksWr5coWw&a}=+od>0hDyK+PK2sTpGP_InDcn^H+$^ZJ2>*(W zKU2%Hv~$-vL8mMJz@H3TVc3)E`6`{C<@aF86xX&o1aRDA#(XQ&00=G-Y~BF34*&VY zl!CwH4;kdY<4Ag%D_)q5xM9`|#)GXLgoO0r6iyO$B6WqJQw^`cvH70-Pc!@+LiT{& zSdj!%uIc-@G-=%&@$le>rY^$$P~j@Rd<;@!tcPIDXAHVAp{^`%%meRu`+qb^X zZ6*cvwkdU-{LR4j`ufPj$nK>89f~qlUsoZa5p14xT11<3m`+J7NP`@4f-!W(9KwU; z&*p!2f2gS};*aSkK)pLKptIG^iC&l;i7&e6SHuI?>;;PkMe1 zg+TQxaiq(X$9ffew-njFXd)Cf`v+d$3|4Gvw4YTk4?In`a>lRi%i9d@v%5=LBIj#l zT963vvUmO8Il*WZKtJ*_z+UXLGY>HCh9}gX80K$LvA%acg5UqQGq+?BvK~T%qZ?zk zWM^+@MZsi!wySOX)6#+~s+KMb@#Q76GMT?P^Z{;_%iY;}qNXYQ+D?u89zAP3U)}qu zf~xAn5Y2zdBX70F*KO5M8&DN?72?nJ-Q#XD;}C46j&Ya(2FELis6;Hv}>b1EHavFxfy26Gr6Zo{&&ikr3>2p4jWPh z!FqrpIAMGyT6cA=BO|oUn&lA8eFn!_?2psKoy|2Z)nigXP)vQ$!P!8WXv?S-khn~m z{T)t6p)6+u-KL7)`0!=EJ7ai^0*4a##U0G@?^%Q?Yu2m?QOA4~M|LN)4?ms}oH_@> z#CWU!R)dwg1{5Z$z@V802aD$KXs=N=qu>kHW+CD221R4>pTEd(KIG&nGld+7Y^xT zEz*T#$oIb7a!hbdIg3KE7X}1p*$~U^#spMKiDWyB77`S(Rt1B6N^+eXqKxTk287ht9(0kTXySDAJbrXflhO988{X_v1B2R<- z{&WA1PArK+R=s^LFnUJ~Msr3Tu%0N?J8^(!l-)gi2enZhM*Fe4KwNYl8VYU>Pbzs9 z@5MoOwLaQoJsaup(_+a#@<9v!!zNH1B1b+*fPFx#S@|~HVix-rT43I?Sl77}UM6UH z+t<%&y)xtw#~Wd{`}02-8I%iNIq^sRirr_#C(lQ_VA9FW#uEfF*ou(qzBA3N)IU4E zO=pBg)X&U`+QQ^}Kl%c?GY|zDz|HC>VAsK~?if%-8T$U?jUB zqA%XzZHyoNw_Ort@{JFAX>o;$0Up8f#~@fq-S^S*CZITi9{w8K^&YS{_lM|v!Qj7p z6>P^(VC8~*pv?z*top@GrZ2mr-yOrzvxo*!TBBQ4Qnis02446w(*3x^??SWGm!ElS z&vakN(fDgoyGdnaIfd6^Q6C88_R3hoc1SGOx=k75@3^hduZo9IGW_#J1Q@~B5v1b+s*05YNHEsmlckLnxd>+{OD`0xBW(oie{XgcH z>267ZA@1X(z1gjkA5fG1V7_YQ!|$hI^13EsH*(DqewE(!ZZmamJG#cfBOq4GI*Q1C zW1>}(bTHRIYkS7)QPWI6L4EYuli!}Jjac3V*l4~2KtX?8eDtKCt%^pb0b5xi@GuGg zLV%6Di1zt|jkjRzmV8y5&8m${Mxyq_mI!>5NWy*0%x0ZpY@x6YH*Wsi2)iAg1=*NC zSc08RG}XpO@V)np0@St_yJr5Oe@ut%F5TzMy7n){0^b^kRUt<|qC1!szheyvA0%QP zfc|kd%4$lxXJ2Twl3LIp#-2loNlN+dnFX)dNbj}oEe;lleI`gISSQ=4pRzya3nQK* zr6}Zd&N^=igPy4{OQ+$o4iDqHFGvYCkyA|dJdBD`%JAAya>epddlVF=GXB=%deGyK zksk{nSbOI02-*U^!I#h+0qS)Kg3K+eg_k`B?DLUtnBDZizduG&C;izx%rL5ObdV$r}_y%LlubH$*;Q} zKv0dW?dbVhnA|v`HSZf!dl3iEqwBpETXdnIedlsDKrCLnjyQ!j;S;trPg6CGSU<{C zG0%C{)ib$ysMF~yB9ypm!1t>*X|9hF_eSMqCSk@|CJOFz68Rb-ch&&{c9hc`R*~ny zzpDPA8qtrm#W|Fb_6Lj~{G|%wgeVS~2WkIYQA{3oKA8+0`V0EE49i*k!4v=x5L~#m) zVt~l-IYF_slKdlX6WVo$Hw$Jdy?6jNXd^^KxtbgpMn$$>d zDl{$99IY_p!#NntBpF4YAC3dclhnG1$%jgcdVrmf%{sRkEg`{{5`G!uXIcBW^@=6P z{r!TXrLjS_knOFe`O*FnA`5866?BI&jvOe!+?ddC)6|vZfB_XeCMeDuyd*fT(J+t? zP|0UtK#`HlI+Kg4^?3fyq>eGjGVjDD;Q=X1MRWjDBYFyf1S*&I z53mKS;(9Z$A=zF$yEZ1!gBO&2mJ_UStqh*gv}(4~AtO5@Z04sO$k$AWNfgW>VOvFK zJobx#J;vyH+K=Fb0y@8iU)8l2^rg|HL(`RI<+#Sfc11w^pgwYNp?z7$`d_?VjTKM-Lqu%+p+l$0=*IE-SLNI46q=TZH&JL+KPQO>k4__7Hsq*3=UPU%-_*abLB zw|)O^8ZJ!8`2dDs+=9rM+x)y zw?8#%HIL!ahf9b~v#HI$BWkQecOc1FK=g)une5B2GygR=jH*p??T2!aR)$7T)Phsi{S2?GL>%Z(j*ib&L`4#aA{ys!}Lq_f=I^}LfGPB_#VvaRZe1JoS z)@|D>$;=+O;%X`(g9=_37c&{Dv}_uj(5`poHS&IQ`kujH`xuw{3s{i@?&RBZ|667^ ztp)a)t7#0_^nT*4k^$e(wkM4sUoY6Teawtv~ce`=sB&2_CSYO18P&yf&dfsdJTB-kas!ac%yuF4Cv+fm1nX6 zYXclgS!~5D@`tJ8QENgB)cSv{I#1219-M# zk~?~TQA9i5J8GRxju4NA7?f^)WQ-a|tn6?+)E^uarWIm^j0(B!P&rJA5<;5?5!|O~ zen3C2TQCp=bH$=TLs_2o2D37!+NHQM1E%ttY{<>f7oaZ5QpwBDgJsMa(U zM;xQx*nMR9?&BpYax!ZX8kH_|P%OUWS$d(h!Z_qNyzLtQB;XF}3IqW5_WHEGwM8`v z<)MANILXUt)CJXTU%1@sonTtfsbYc&qvI~hcl7qp!r zX?=X4S6wyBldl2PGDlxKfEzr#)i-^_pKdS9A3#6DUf~F#TOb;xpkCTMGfbZzT4{Qy zg-l>X!muJU*!XO+tRvE7k z8SEWcj&t_m>ef7=zs*eg-GDGofgR2lzI@nYlPAQ;QNCxC4K!Ak{v`?}M0UYn1W!1x4ZADm)!c0Y1ScPoxwkq>9Pfkl-d#Yl`R zM5FR4rAH_65$-Id^KRP-Bvl&l+ zs9png#z9}(`K=2#cT2M3hRN|I&5DhHpNP*kUpL!*>)+mNN3dKYmQsmG>_3@qi3w+( zlA-wYQJ9|XZo}*JP9j#1)__zBscCqOBvQU2l5W(H^uQd3l!U)B*MYV(*K+Q`>C=1%rR zlOgA}rzkj7B$~8oVSg2U`0Fg6FtpnFd9zN^x!w_cHog)_fybtOYf4>vW zm!jYgMfaI&t^7H%L*uJ;6fD(OC+Dhq9GK42zonS zQpXKSVuTKmadyO5p9<0@(7B}82^OaE6OXn)a1Nld$L50O3m~Lha9H#VG{Qk$Ww_dY zMV44r3Jn3V#J(ynr62;TAia^mhDqhUFq4egKJkYji)+NKVjwcS_ftMY`p*tCNp(n% zl#bZqNr-?;>!3J%u#Phc{==^jr6=KtPMvj%a2!jx^J|k zP|785oC3rDWcKZZsCcD|%IKWwF^-wTm;ZLmO_)g}8KlI%rlw`+5SsbdyIQ@dUG?7o z>7gR>k(jXsaLMB&N+3&ESC~I*dzhH{-tbhMcBR+C#RUHVCocIDQocpQadF4M%@O;6 zU~tTp!J zbb32KACDNjye+Ija($g0Zjo_y2-t7y6|OMIZ|f9Jw4Q#XonB529gS6~GwA1In&0T< z>UF<=G@9qcuJbaz-=e~jn>`RT+NKi-d)sWjkikVbrzWNiLM)iZAlo1VYH ziY$|yd?Q1b@k|z3NVo4)GA9rrIWMqI+(sdGYs}(r1OPZPC4LQfl`pjA7mSod6N1qN z9OgJ}Kn!s3jQym@S65=5qcd|b0Be>M`m7M2g;-!DBRUr73NI0Rh}?4S6RlMAN2YLx z@ivw+!%I*M29J%{C1TkA>RLJD@eG{qXN~xzk^oE04^)&Y2&vGc35^&g4VUbny-N2o zCZm)s*_Vl=qaxHWTI0Kuc8`6ck17+R?``o{>mc98{dc9eoB6tqrtXL zYQQgb%)CeZ4OAnh7xduNM`P|m7JxAw%>)LC3=#_`s!M$YX4@p5Ds(hpBq=Gl<+aZtCd`&FWB#7n!5HcZ~ zRNiYL6ULDvfXh#W2qu@*d+`@rs)N2rMW|uxsXp2Ynkbr-P$J$~;$lx4mbNmqD`cRQ zJr%)S)1AxSUvo|B0K#OQUmJ#3F;dRo0N7C5UsU;W0G3t$rZ2yrFDrNa>Pr5A9#o9q z{aT@fj&1N2Dn10vo%_2yDDCkOhSCrglgmr(D;!nB+ve@I@SSKD7I;cLj5b_(=QF!E z#tVMXHpHfMY)8a-WCXzm*zEz*LAg2sYQAL~pFtRT%?;54S;nHL4u| zxYrgm`wpO3Qv0P2s8ET0hI<37+~uh&yL`zX!<5FjpB>wgBJXX8qCf_0?xEnlQwZ`5 z+n1ucf}9`rY;E3!bfwonZvfgwW#R+avjl=oy>O~bmsr?O)g#ZnkA5eoat+EL|4 zE~5(HSoI7N<;21E)MF+oktFQJTzMY$?VYj19%`7uc`)%0{LiZk?uQyhDxt}nAwF-S z1pV+zNE93HyQ(%B)!ziu_LieccwVYI6ono3PK=#aZoY|}{{lN^Lqh7y>6)1;xxKK^ zN7V0&co0XKP&^k*{%#|*E&K`af;noXUDmgz6B7kqMU>__{!krSEg%zK+swN-xIqaKTQ6Orq;NQSWSe4ve zn@)nwAHPyCOl!jf>x{?J081E(kO-UivgWa2LXJ5{J3Po*z=wc4Fx_?#q{(P%EuNL^ zlcmH5n;sECW!_c}>7=}Mn7m&WkSM0)3l`qv9Kb~6=+7J24k(Ih&ufn{%i1o%BqbXQ zE;12cL#yJHim$a~LMhIBw{AaT&UCIWH)?KZR#j{~qF#`o4X`sm4#Jf!o}Nl=YE6L) zB_8|*=gWXLtWfu0xFe3m1j_2%I^QD8CGut?o=hY*{+ArTE7RH9rbX+osFf{R$WW#- zm3(1pt@?xYNP`}Y{V(&11OQ|Z3G9U*@m@5!B8=3$n|J`uo1cB1F%aA5-RL$VC z+4k*pkKYY?0vVBQZI+j*?-W9+x56m0^!J;NFCkH*|H$0D-VSOH7FGWfJc3CF@oXbQg!VjJ;9S__mpIuH7eQUgx_Al_zrswtV{g z!r^AL1+coI3Cu~R8Yd?NO*6(a&QLYWJnVaJ^qe)hfg~&gF>d~_71|G<{tnrKMQEE!lob^L;ni%Zu?=07htBA zSOc)YTJnG$umn_Aa|a3bef!}9?AeAk0nJquN7_2=2iEM3l{KpuIeKFm?w)PNE$C&2 zhVpV(l@u2SLWH5%7mciaRM=Zj=>N#S(B%1mGjje!Fc92_g(WoS5=^!Wy0kEpXW7@a zF|Pe4{5Jo_Okdu3dX@grTmobcPmieOyy}B2ot%WLn`^;YB7lH@zCO1 zj&Ki+X30KCXg<`EAa2$VsFnG)4A@cCoJGFdui?eEJxfI_=!~&tE1*yJ=lc)2d`_YR zFq%|yr$5RLL(yE`ekz?UdjOyh?%#|A7PkTT=$AduEB8BAaF?<$M2~WaZ1YfBwqi%# zih7!;0QN%Cm+QbEt8lM0dO4;H;&+QkM1lhepeI5Ez2+lQT-9LIvRR!T)Q2)DO-#8$ zkWYVv$Q7N;RWjlw)k+BCQ}eZ=1Jtz|^MyvA-eBKMr8KCGS3%FYgCYV>`gYk|xmxJV zKdV-Hc5&g${}e2a`Eh%Py!L!p|0giJZQS)Ckf~+_>n1>$Lufm5W|`TtRs{c&G?SYYFNk7~zUj&L6J-_I zqAP~C61(u?7a<)*MIek0W`drF0qx39i#HG#$#|*Cq3wPi)Jqd9F$2gKLBvS_P-73^ z?_TZ?0GBswcX{s6Vcr*CKnb*$P(-JK<0l_nDe65}W+?Nzao15;Hc8vsNCfOLEsrW= z`viZ!764TuB({t*9Bm{e&m`u<)bhEEG^@P&*RP_T=zk0SX$mn)7&Y258M$8H zN`y&6YO2a{1PK;GK9!LYrFdmVA&%5;5M%7;Rq4=@!HU^)|Ps_2ZC=*}X)M%a*RJQVkFb4MUM~ z4nFfiD>A3rT*|%(65Qp}CEyhbI~V%eW}Gvngx>S-n7;kG)4Mcfh11Rk2TD)6ii9`5 zz1{ulo&g$?0av22z=r5=pMRp?cC+tw=^ic;y!3{$4x&bsZMo?3W^XQMnLIzB1zn^+ zZR0L*k^D<*+L5a*^d%)Omw@=Rf)`~Ic1AXYuvx~>PQ zr3V(7W;5+t&YHdw0Dxt`*loo8RCY-3PJ$NEseE;q0HNYLO0)=q2RC}c^IZ6}MEE`> z9MW0Ltg0VM=@(kqZ(j^qm|Cw8$|U{mSV$05J-D&ysa#x(5f$y zHjz?E^rsIvW5%ES2rPFRmAnCd9wsM#`Wt?=CKs6b#VE5~>5J~d3vN7gAMx6_q@jC;I2y`Yc z5zOV+n++o6NkT25Njr79Q{~R;=!!6xSBx>Lz%$29LR$Rdu&St2AkHsDnE6Xwx^U9^ z%Kx8;Co;cB|LXjD)cqCXpnch+o-^(I7!-LQ*^*a8(})2vh_;(olyob%7(`ol*eD)8 zqq3`YSwd>4O`K}PC0D2&EDT|u3f)ch9T2$*_!>2S8HT8Q0dx%v2z`fb6%{=JO=42O zsPc9(24Z_Iq5{S<2)$clB;5m$M=^#$NaBldtcrxXR52SoS#SbYU|_~xSuGKsJqIyg zq+}sjgnM^>Pa?N=)_jYPAdDcN$oC1iEB9#Lw@4sty9#1rL!}7LpDw~lY07+F@s1pZ zQxEUCKxV>`Y5oTzJ{L91CA$-8yFxhQ$_BR9lJ6Axu16^a%&!%|7ytg9-`5F14A)*5 zIq@e@%-u?5rStXtk@ERSDoqh-QV5;E%M%;K&1dU?WCF}(d~D^)FALFgg_dh-$$ILa z3xGvv%$~625)h8h zi`uz@?c#{2iO@-N#s6ot3+A-c1b)C8V+y_K6nfkn^J^LRpKgBz^DD2T~oEue~4`Zc8pJjFPlM1Lb7 zoiw^3Ik-8;VguAP)5%n(ptJ216(B(n{ypq?m zN}(MtGunSUU>o}N?QYIJUtBm-39pk7w7Y{)5AD7BiT(W2AKt;1;rLWQ1_kG>GQD~S%ZceaGpE5gBHrHlJz6u@HyF& zr5Ya5O7h;cm1g&f&_vSVoYRv=ET`)xEoIJ60;yA_4R0!ZMdRddhE{&E!Gp=HrJm9* zh*EWHbVJ7u3W9k){U=_?86OJVpkhRkBzczg%G^1qe@M|Jmj=J7{zf^1xnY8$yIX%A zTKIN^)Ra-(JA~K3Mh5To$P4M=iY$!YXrE-~&Q2?YYBYsh7gG7~4zmO@8nNO*ezM?{ zepXZ8TyaoFpy+%CoFY~p@X)3%GHS>nyNGxorSop?nEn(1xRy(}K4WmsXYS7OSronex z2=!qOzO?8UDQrV4WaLLpN;pBY+ZZ)?BV84S4tv7zo+0YRIk^#A2Hkg*-dbz97tn4V zOc3$wBzx=e&az7TEa%auT@&P9UqlM;`LtV)2cK!+SKNobcY5b>wvUPqHT9JQQ1} z$%@;`vx{hTcZy+qX>hg~QID!FDB)lbbKZxTldA&gBkwtk&Tx_c%skEcP^yFLq8$bM zKhgu!l@xN#-&Ftm%)?diQ1qry1Jw?ZY|1L~d))a7Ye@i8G()~4$=~RBQ{+UX4d=9w zvP@ARalT`iQxW)0%5k9PlVWE9gvD^pqJU@TzA?ZKhBqo4mSb4b3nzr?jkZzzU>9SD zDS00^ob&)WFZkCQtuVIy0*uXH*`WG~)6igNdne$plr%^X!w0<@2l6`El`rmnH|UIL zaWPQ`vcud9OZC~5MS=q}Oi`6t!s zC7yZI6vIsGxE#$Yz`AsD)-GWu+Zr|{>17E^>1#b#B9*+~*rS_)S{^<~N8QK@#>Y|mfdp$^C#7M(G{xKWUY4)>6IrUbnzcg zy0dn-`lFYnSvUJhw|md&5H>mil$RGG?!yB#(?79D{L2q0FX!y{8&qEYi2X2sJ-nq% zGzR5-r?X(|*$af6P8so=Dke6BE?|^1W#!MF@}X#Af0&5L^OoKD9d|$hjP0o!PeKaZs=vJbad?TIYYJp@GPz5W< zk3b-hbT8fN>!D3cz;wvOPS_@I#vj@kM$`B0M>O1apzYn#<3C^!CF6)wCu>Q|Q6Q@! z*y@CM2<7ipP0@)g++e-0B$vQghXY}~PfkRQ;JSAd`Y}z`01d(ZCGMC)e^AlV=x}_i zOd$KJBwzZ5c_yk^`yiZL-fO6RI>3!0#*&>FhYOs>YmNljLEaHQKKO!}THTmw6g{}$H72sqw?U_JwI zJN}KsUCUELx6Ju)6#h2sTDEcFx3l1nL_j#R2sE~k_{?bCB_lmTxCJaN(2n&uteO-2 zzNEkiRT|49qV}uO8e@Crv%B?cyeY029zl3YyAy+lBeb@VkItkf7r;OfSZ3f+*AG#Y zS{*@n{h1rl=QH3(Af0AVAY=mLEjfsFE5bMN)lZ2lBO0vx@4XiA;a4*oY+(ABpbJVk z-diLvM1F7j1^C=KdTMOf4s1PE#+!>Tf%u@rA&wsAxa%6F=zeAG$u%GqMYAKV8UHa+ z>m}p>>#K)a!(A&HX?TfDpu1y9S&;$vjifH>pf2(3ZyW|r^!`|ON7>iy5PiBOJqxh~ z(9b)ZuqmSdKG_|O1hh4}yEIJ$S`+U{J_p2TgC(eRvA%;U=bf#|pWp0^k{>;*| z1pT#^SY8rVGOnO^RH>1xGGB&gQB=dt%ZBvB5UQXnLoC6^@z}>QYXY9Ynz7>UY@G3p z3eG2$gb0Gl3PF{PoVu_xShwOgJ=a-(K!nk^SrvIoNk(`w;jdH1zEWw7TU7M zGXDs@7}IbRu(=33do)h{lscMgHE=hXbNj z?ZwdazNnKhe&1Lw436|i#@{7dKav1hBb6|Sa!Gm#flgK_tD6?)u|xRwK!#dosqoN{ zKzNIIv3w9~p$H9#KRUrEn54}evDovVD@1)td7ofk$92_QIR z`C^v-BAMIRsLoUp4*8sLPs~PJ^b1v|f^8aSk=L5k3U+QSb6J#|Zaz)6qOa9xQf!OK zD(_rU;SzOYrmt1i^C`@K@x>NqF}dp$qMg)YgaHSkpTbnf4$MXbzh8UKBg{xY9fdy% zwxL}lI=LAL34S;5vus(Q=%PM53V-HN5vPE@j>K%L)2WA?W2WY#vRxaS@}f-tktiG+ zL3j)E;w#RJ05E6!ZYua$>I>Ljz0iy+c?<()7vm9$^rvv>w{Td>Wzb@mC{N@EWt8t7 z`S$KN1f5;tnv=nYphT$HNh0f^e?{f3TWbu2#LcUK26Bf{$j@p@D94ojJ{frF580w) zGoO0tPoHRGTZ&NctH(TA65}TCaZ{>-s*R3VVWP`%UT&~Q9c#OlYJ6KvFXBFfbdd33 zf1RN#Vb~E;Qtuvn8+UeLiaDT^9KsJ?HA}MC@8$`#J>>L4Ms}R(Jqn>|ld63k(LSZ# zpx6UF{j43tfc;rL5l<7lk2VhGEl#xh^ z*?5WrqzX2b;KQc?N{uPq@&!efOu=pgCyCXg!gwiPXd+<%aQrm=l|N8 zGb~@ef@1y#%&`5KuqdJj%HQ?7<0ALgGuO$Sr*!-fob*u1z3}l!@ zBFlEG{?Kd789c=`@{pf}&HM7nZYpcYV;@M0bKi_}k1`la=K!hVzs_@QfAK4D)>Xr0 z1NJ@bZ3DBaxbdoQ{M40l^V9Y&FYo~8FXu`$!V{woXJrF!hU}S{MD&1g%2Sw!o-pFn;6{WN*b^#qJ%6vvd*7o0gf{1szWC5#3MV*&KIClpI6=-Lv(ClB|3` zy_*7-W>ipAg{H!)Kntpwsxs$9XSY}qO->@+%y{6@g-M+>Ti5hkWpaSXuWty^4{q;3 z*^qO=Gqy(3OIm`GHuuP70WSlKf9$cOSwcS}t=G4Vgodv06D=l`^%1*&Pq+2~PxlP| zTx#<}>(jp|Gj=YeYrUp7j5cPGI`NJXyLcpf?DCWEwZ=6U-d=$rXP?KDP_7Bp=k%oh zx;Mf_B4TC?M1yM`Lz8n)D@|FkkeK1?3<+<`t{$fSM3iV0ppnQ}MtF|`W+Aqate6Mm z>^CkVH}j!Fek*x_!_Iq)90eOB;AQ z#Ub0w>*aHR%Ln(CZy=|)45%*j|AxNn`{N;%zl2Syb;Z8)T|Lb)_xE{kKuunlW>&G{ zszrJSoNlu0cFrNWEb-WU-fcK}X;%AyW5#f?v%D>?s66BVPn>%|4xoqV=5I`H%et7- z?B-PAznvV*mAov~uwLK7$~w_o|99Ln!&p~=!!_4gg4jRi;7~Bb#)$?#3bgFkpZJMq zWRy~wHpC6{*lFhxLwiW^F8c?hA&P}o*Z6(jh8w-cocg7+V`}a#i?Fb&)RQP%V`XaY zoJG9oaYVuwUlhs|K#AWJ@ZuVQ-KCW4fJ^*pU?C%%j<0jAcOv+(L1pS)_U`A+OF@ zXiWoJLFEQ!8AYvLpeDWF{8C}=sn)@Zl=Y@;Ra zg3aj_GNT8}mFomI?fiD7j?DpADIgboI;a-E0V{ZpX|rOwpK*P$R{&=Rhq}i93@!4r zKYf5P*ytJuFoUs)kYsMjrX4?0&Y-nNe%q;~Uduz^k8-53ftfuXI=v047WWVHLfNaT z)f8kp*yt%Ub3(1rmz1&9CTK}@br=Mb|CJmc z^e%P<-ESSU3x^xZwaFg!sIeryaA1P|es{UMcUrg%%+0h~(*;>&Bq!7Lhg;&^RrNYO ziAuZS%jp7|)bqMlo5TfYk~W1>TTkM+bDY^rq}uaW=pIerkuPKZGcd(UPiZ_1Rn=AQ z?$@4g@s9S`4(S~c0KRmWtxJd@wla~kv;KKO?B5^p$Le0V0!iR(E<%5Miz(>QkFe4L zd6XE&tQ^~v>-?)otxnnQM77Q9Az+9OgS?)P*T?bF4u6;TM`~-2Gg*uk(bq-_x9$LX zB#KK3Md0jW7ap^|vGy>I^?I{S2*WH3eZqyWLIxFU6Omz{fS1D%@^`|)+d)Swe;)WS zzf&{=Nx{ai%5yyUX3~REaa@K9g<|Uo_3mY6Be;h{&$>kIz9@I|8~yGB?*6eC^V(_p z89hC`-02fltEJ}>MP z9S-w2VK5&ZL-NGzTUt@4J+RVylanS~m2i9XhAp_Zz3lS=E)@GP?2C>+{pxzuX8{EG z)mMIMz$v0`Ro(OcMu3gde2pXaaM_w^*erXblA;)PWINIWF@ZsC1vh$s4+pt-XQ ztZg&4)b(dIE*YY}2 zfjIpn>6VU`PURf4g=Wz>V(GlI$m~J(m(~LgeGA?EnW>YTP!7F)fzHn7=$Ly9G*_Ml zdvMh+jsb_hv>_-NgEWnQBG@MhYq}TJrLfS)K!Z+0E^3I>VJOBlVXgaiuR$&H$dBL7 z@iXg_d4`m1!ai7vOqzWEDL9rm;$R>>=!FShu{n1Ge5kD#e78A9e;)jKV7=gr_!tF| zhXekn{TX;%^!b1GclpFCVyz|7_`@8D-RHk7`14ZQs6PMg>>unM+2_B#o%Q)|CFKb^ zhp~Pzhd;Zx4}+qZN5cHQ<6zjNRNWyL(fWD^%;Jfz)eUpa;d5E#{tvNYmugB>R3gNP zqKjR~s^AvXDoe#pcoDJekOtjZ+9_GiB)OLdbVfqLYRL8Qsl-W>^#%IY5JCm)oJtA7 zKCLCw=?)(&6Ve#sia(i8udix z1wc`Pe32GFoIaO8s4^<)`XdXOl0&p8IwkTCAQEChH49?Uc7}y zN$j;yR+Ujn*HKx>I3h|)5?E@h#i^v!L#?QEPf9Qsm2^Frg$ycDit+L3r(WFGN25YP zc3)I-D%uR>;2+jP<5NndvY<07U2#gy)uhy_!dO33Zno8il~GC8S6RqZ^Ed~UO4MXc z%Dg>;h3Ja#1-A}0TATPmp(lY~b8g#mhLRI;oQ+YrjcOIj?NE6%8~0DT%z zDHS*xWLhGX<|UGamWxVOl|{)^Nu?pC!89S4_AlJW$-Q)B%wt^gNt0)t zH8sIo?b)+LGLUD_w$L^4@RSjN7)?_|(=Bu}y(URWQUZETk@osZ^!*B9rm&YVd+2Xt z>W$&1A|Tl3M^UgIz2;1ldMU?OM#j72hY$}?r%4VoN`OFQMnbs#@uvat0drLY@Qz{; z_J-pv??q(rx$ZQCn#Av->pT85rQt~2qyUK++PL!Ksf<-F2JmVVqMZ#m^L+W4@D8k>FIqrqnz zdrx=B@n$E-rC4O%r&%XZ!rFVPM#Kswt(8)h-je=AZqXOxfu?(yix8iirqL;;v zaL^*V$6ACI&0=-rXgIY1a74_iEW@6)lok*;MoxcsRz_G@vQ9 zG{j5dsm*9%U{OK~qt3n4qKAFopoNh-Wgc3zrv%{OR9qKoEkuu6TKGvGRACvkn1d96 zLOm^@+9Jeo(Si}rize}T5)G*lFkv}sq!~3VB;49=tI~q2q@EU1H6ZM2Hy4n# zN)RZ@S|t@7bDnY>@XL+>uKbg^i0pc6 zE_Qc>g;!qYodgr+iksjKNM`y@D$RGcYXV zl~Q+F1=%m3CtD~X6Ee9L$*k1!q@fo~eS)q|PtHGGNmXU9^Fx#%BIfayc=zVz<)@Pu zug~6ODW0wgy2_vS{xCNkZvB5sk_ioACN9AOtS$Og^v8qhr+f$xLS}+d(vP)`pQeMqFxI zn;hJK(fL1}@Bx?x!36~UUsm|1+WbEU`@44hr=6X{HUD2ld4kUPs3Sh?NQ`^y5KY(17_ z|G>Y|bD(}~fS_Sj{Qt4{?YoWRSfBfMo`R?}Fiv2r;@oOr>=rhis_xF9t176ZrtxhM zv>AzxIgv$;DCaWM^#=P2`*QmvA9xidQCG`OGA;I?#?gg5{E;FL&$WcWUx@F~BuAS;T+6Fu(f<7yi%EYx)8z!1UeDA#Wc>EW!EIo z5@J`^S4LzL0+$p;GT~<@1nT;_A~1xMK9I=kia=doR|KL3#J*lQRwq!@S1}1|5*Wki z7R49HM{a!L`&F6Y3*$zm(!+~9FJ`KLcG35R#k(|OZ$Ti5EV{(XtuB))S7zbi0eWnt zChzK0_0tSW_AK?KogPfn9pP2r+kiw$@qsCDAw@gZM&%0-u&x(o^U^wnka!|VFITgu z#9b==jss3%0Os%>fyL5~ap)sn8Ai0cakL2Ir-~j+a}0LaV`NmEh%*yF3v}Uv^+yD_ z5^wzQ)6(}p!vz}saF%{aB-KJRp1J)Pf(6?lV75kz}4{L0Jt5ya0c9oo~)!r}x|6IZ+2NQiqEy@$Hc>10Fq3@{G zkl$f{=sSEF;+NTv|1D+Yj!TpyK<2BFNNoX;9Bxz>*5Y26-CsQYuD3oj({9qU%+pI@ zf%wMK)6A3XM(Rn~^UPy>RZbpDe?bZPqqJORTy$gq6$miQ^M63%?t(rWrCR=fm^uF+ zjE{Qx|3=C-;HtOWnZLFhwzi&M!9YHHq;Kq0y^2vfZ=Fwlqwh5Z?-vM34T)w>qz@iD z`h5O!`SHSu%WT+H@5QG#=K)`LNkHZ)o@csLHXA4L;c@B9X`B z3IwmgucfX?{RU%8S-r}UbVine2Ve{w$B`BNxV!}s3P}_T=HP55NW|EkBy|BsK4#yRiGZ z1;ew}d<-Q;gk?-7S(k%Qt~4o5_OD7wK;3N6Q%$}_rP5)^faP4>6Mwlt1xlGlHJ1y| zR|HEac}$$D)I1%OQm~3c?$@cgT$xk_meMU1)Lo=-TF+Oank@yZF!Fw#nsXxY!q2cg zPHIBkrLylY{0v2;ef;=$-ism62zCzR`A}*a7cd-3q2>^H=pMUh2*P`J2=L?RUo$%5 zzv<#;6yA&90l&z8?^J-bAj=>=FN&Pr6s+{jGEJGRr6izyqE=5RWM=^A`-Tya5Glh5 z0m?;NEk6;X*&1L)B!ss%E4T8RD`r-gU>Ovy6SH!#=<=rJyxJ64ioy-dt17URm3^z4 z%e7=HF7OI0P2nccs#xGNYQjb}uNy43z&~i^qo-DUOo8ZwQp73ox(Ij8zgvJ~K!Pl| z9fC!g`p<2GDTSN|73#u}cpMIMZV?GiH>C+!&Q(af+U)8k!D2Ld0M26RiN>0(mI))-n!A}+QMB`}b#>)sf zjZBk@=}SzLiilK?XkxeC+sBHq3A3bVw)BPj`x9A$2PkS1yBq{`4jI%1gJ(GWY`q6x z7!Uh^DH`&sq;u(#qI{>VtVc|E&I3HduDywJRi*I_*E7U2g#Q&rSeYl40oHqPIVTkH zgN&FTiv{24%K&q-1>{pjMqM%kh^&HN(yY(~ycI9=%W7#h-PY}vWn6V!K(qWpcpHdw z?l74S$zsosM8+LWQ?_?vb~Nan-5hN3Gzy84?qu;a(!@-_zrPz!ZYDe-qbRv$gGkmU zOzrB_$)BvMxdVuol&vV-mOd+PTp465MoAx%S63Sh3$Ckz`rMk_cBM%FZ?2uIwozgK zcd-91@BcsU?f*7Xwi9(pL+yWUmHuje`uTPnY2KTv)4S4=R~)Ix%|DRKE!j1i_0>W) zj}kqKY7q}$O}R{k67?~Jf%hdLx50r-3I{x+;tfh1H82-lEMUxb&NqAS-o1OXQx8!bqeV(UUEvRt z4)l<5g%R!~j0RDyjFKZ^TW#ohjm}-NBCI+`Syj^KsXmRh2{kfVuS#fPQtTRprsEm? z9ixZLnTX85)I6uLsdQy(wo^8o*8^>dx8oG^_g1!R0mIQf@yofdWcg>;l6A?r!(kSc zWL5){T{XU!iTon?bv`~^)lnMF(VT!Eed6B9FSe6iuxR}^1f(ms zQMLXb93N%R|Kp>6{ohF0PQ-6@c7V0U=Bu+EtTi%Um2nF@W%O);*RvKh2WR^5O_{5XF4Z)i?J1^xJqll|sOw%%C-n$79J>r)b=o7I2 zbDzd8Q;ODqL)o=*8ZgZt*{ZAPstk_1y`hWQDFvtHN9QW)0M#{F~4pn~#5DU?z zkp`wJ-e*Cn%Dwqa-n}Uj>TXfRF1i(AMjMvra^y8j#b#!PzT{)C?bfp@u7b#tMWw`o zomXd%l(|;F$_xpmxR}8)p9`04fX>Z;Q{~AOLmVh#fuUlyszfa@3{A(TD6}v2nRN2`93BWRt5nRCF6ZSkGJ#dFEVf6`ps$asf zurKwHk7A|w{(Mp8XbN2yQTmB^h$cMYTcIp2z$F!YvL-4gMl<;=mBvjeu{i(x=@8%< z!0}%wpg6eokqR!O@+`q5sNpb)Q3zE4#1-d@l*A;XuhqSU^CcaWv-X6!U@ciQ&~X|P zK$?9Ht;-+6Y<-RiT0!OVbMJV*Z5SjJ%-7lmp}E@d7~zJm$) zilFyfgk$t2kTQJnp_>ZvMCJr|kR`jxD=0K(RBje^k~U<`CfPZOU#mI<74!ev40>fA zvr_)Ef1H#59QX47jTFZJi;?c-KS{u6illAcit?XyU4Lr%4}Pq(ddsN@WXM>F9beaB z81_=1&P&nypK>f&v5kuL|J}Qzoc#absF(k2q-+~uZ(4+Z>jgpe_N=Ont7^|GFRx4@ zWDIIA8nTIo461t>kxfQqP~8iQY{DX=yS>!NCN)aWhd+_{s1zU+-RI&Z*a50YdQ((N zLX4RJeg5eJT-b~XHY$Wq%)R@(}rMb z1d!luS}xM|QWGG_RXqblZ6!9(A#gWNk6?`gckLL~T<|V7wFy`}jl@r9@#K*O#DU`z z7y9BMww6x7TlNt9nZzQHQ!(Sf7R=~9ijqu9oa_mBbLfoUWS%5GaqnKN3ZO{-(~00m zmMZzr_#i9)IT|0l>*YV2DBGa9;HMY*6bnImflraZrx*5=2zz=#Pl=$X7xI({d3pg) z0*?426;-9fb3+AXCO8HmJh0aJ--m#qtH#;&Azrj?shEU{NG_PNiFT^mehzS802Cb( zgqU!nq_vj{!H%$pI`tu?GR#d^;3T0jizs{X;AG{de>R!v)_X7lXER{V62swL1*c4% z$R}Ix`62Ml=nelR4zKYt3Md!y4Z*`4yK}HWFrXkp|6C$5@@%!>l034Eg?*l^=_5Pe zrmN!3k_g{owwWt(rY4;EzN9GLn`C6(HZqB4$4!sq+a^|eL7^@nIHtyS0uK0 z1_QxlPnZDX^BT#0VHD4i7Nexr>WThy#8-tR9FG!x=+3PFJWsa;q_~R=M{wRj`))}Q9W2A?4!hNwLxEJ%*UDp z)~2!#_-KS`=h#;By>hV!nNW}N^*+wypRN@0e`eZ&727E1|Hk9}y`2Bg!C~+JvyrlG zq(JTMze`JR|6Nvk`|qmK+kaP--u}C{|L*O-*IHhQ{rAPEAA9?68+9pwY{aa+lmoP+ zD9Xv7o(rIFHe%LZ$^i-?r4J!0wzrj8Y;0-9J3o&&YrG-}U}d+pz(FprC;yww?_@ z=3=J;RZcGZw(6p*1%9=pSyHT*PKM7~gA}levO?FI`0~Zziv26tss;q-*vF4fC1?H zoF~UFmotl2NCW~BtHfbyrtBEA!%i@@Q41=~b1chR#zse&yrifc&>f>2g>;r994&oh zThsFdSFOVqf~UOpsXnBp=xaG8c$E$evCQq(Ey23psZbFp%Io!{4#Cb93gYPLy2{F^ zP=3HRjyTeGP$tQZO9{bB*VHw_y56o4))jY-ut9Q{2;ZaVCch4^jxevc6}oi@*60cn zxk62v!Sbrv$4?+Y!y3!hV~h08H~N&lF%PZJ>u-n~#0p-1Qj)W3UG&Dej<< zEf`Fxr5Su1kVtrL#dA!73n|*swAtPey7VDH(4EWP;zaK*f=K156UNv)`z!Cx4bnMT z%cyq1DGb0I-lIgH&)UR@Iu%s%oPJjP)F~!Ip(I1yWiv^Ns!zfY!H5DJOt!X0V5&6t z?2)OGmBR&3M(fVe0`bSrMMV=Z{o$vj?|4;2miig8jiuBK(}LdML1NiM{pKLKwHTL(%O zNUBu6e}7XXkZ)a8?o%?TzjNl)10tg90+jeY94Q9K1O@Wfwt=xORy zaOPPUin(-?&t@-F@Y(8-5T2j2AnharkrrdJS?HQCt~$;J3E3)*n3;+v?0RY<(I+R{U{ z)zjGBjP{`9+2-3L5QM+h#lKJXfe{8fMIKE8~jM(xtL55qKwbN0f6EaZ}#L4V$oJO6!rj8POo|15}6G=pvjr@)Hy-|_MBLDv8G@Tm9y-AGaAKQ-(? zk9!MmU{%tGLZj&OVfyJc2aPe?YV5;Xeyl7g>kl!LqD&nda^G&9kxFaVjA9-ilE*<+ zY!bG;AT^t?qJ*+7ww4cHYOD&Dq>QDqrCXV!ZR2hwhh5YD#PfvyCUNx?>RC)JUFL82 zzTV?$qizw4>syzj^&5{qn9yeJUIW{~l5WijjmxHF?j&n=%h2SNb*mr?rfzl!2FjHO z2jJ Nfu(&uN`Swt4VaLJ9(3`OifM0d)%g+o{x!!;*0XwfZ;7^te*TBV{}POKw3 zSh}^A(c<0W%?>+Bq)+mjXJcy6h00B?H0{<`vW#;EZ)@1MB=wPKZbRL2 zJRbE`&BOJMmf2SG{x#~>EsW6ve9~mCvs(u4UI-ERU@vuw8 zv3B{;C@mrCUL=z{|Nngct!p2!%J{G2tp4}l@Oa#x|2I+8`TythZ*33!#%X^opH|?&551QdW7W%upszER~e0lgV#fexCMfCO@VQbSro znHthdIfQrUNh-EOh&hQ;bz%gzqD2gpW+7PXc}_;~H?sdq$;rSR&>gLvR_NsYX4rDo zh;d0z&OFazXxQEZQ5W*qjlW3s+%1X$3_}!nNbo@1QVdKF52a>%y!Va=QJB(Y82X5Z zPVl9lha>cSSn-PF0YrqvKB6?~rMSsM7U(|K;G}*&|2C~)dwxFuCK#RDaH%+pZEzO+ zL-dl%KQ2yBe*Fl(oxL>#AwvE9Lxg7XrQjZW7&0OgI%_^bk4 z*-X}iFQLG>GU9PxS5Q!4^p*9tmyKKf?TaYr#A>j_eLlgxkb;#=1e@3h7E-X1Jzx`q zz(NX4nS4c-gM3KOFCqNrlIychmoz2|)tXJvUq}JB?5jT$GmeC|Z-LjC&kyiN730Gn zt!EP`*0&0)z~rGa5fXoBvX#W!FY~StA|rvesGcpIFVpXa4TGf)?MhOkySXa<&I%n1vPW*h{DWk>uyDvrh21$juQ?j^6C&wfl1Y$r1JrD)a6Ae+ zg2SKS0{c(r#K&&s#B0@&l!Za6wZR1sL4FZK_ihNzxzWdmCG_P5Ic@coof;j%*1#;5 zj?~ZmRML@}ty$Wy(-G%N;Z+v;tA5(0l8!uq!P)u!;Siji-yb(I_$cWJMU-L^oXq$+ zr)qAkI<;hL0IKE&r#?nOe0DwrpGi>9WS~|@glf@oW%W*s7lWHk4pGQ;|EWO(s{q^{8Z!h1il8z|7#o2kCX*kAURjb z9|fOap{+YyI5%iu;JTF3&BAO4yaCSZc<9GYc_}JOsbM_Ao>b{@e#wNhn#?1TJbkt|d zt91C$^DDVK-gEZ%7!7;Q!J&){kXm#mdM&Ws6-$z;POVIdyg$7}O#ojyY-$4?P*^}g zqQtA8{gF{4z+{?iHS@637E%mn5phuKK<9dSA2%Go&P=) z53$Z|$p8O%Z$IzFDo6jQGWg(9~>TK^}mOQ`-lDce-mXJ z$bhS>9RHiy1=>n!`u7)*`#o1y5HqwhW2{?VLN54RF}b(qP&c-^w3U+V=k}Bxt+OX} zQi|E#8t*nX61A05z?3nmz-q01W&X=h+Y_no!UGzo# z5&hy&pLm;vA<4B>BD*L!D4RgEN}QE~qI_+VKs+RYjtZ%gS+>?)%4SZLJ8O-ZQ)l-p z&Z3^0IU(V`r9KYs%$YOAOvH7+FhQ{z{OeP5xit z?w1oM=KHgD{wf0)XGK@-@@l1#{54F=UMobdb@%I2F*O@$PX$07u(6||3H5UCc;r=M=Va-7?91ETh4%z|$lKi=f@Q#i2kh>i z{CM%@*Kd~}fBmoBT@WA_QQ9iOubrmmYnbNDHVarPl7{5QFqLcCrzMRUf+PUTz(bMd z+}MN21Mr62S1Rdi0#+23VnBBQrrEd@GN1-r#$+Vpe-sC%sPc&v3d0SgGm|3YN}o#o zlya(k4=(3~BEGnZQ8U$^?5GNTAMEbRzU=NgTkp+-EqiVVa4;j$Ld3CS3nr3E&mo`) z<-+Il^o(St=P`rgN+0pA2d1|h>-Cj7^IZ=NL&%-~P|cV{|0DB(ZA$;McXY6qjsJbb zZuk114HT{a0dm-1VD=|-d3|YlpzJyhm65U(xz#g5Wm+p&S>(xct|%FjiuyeW6ie}$fhI7C#UCp5?dWiR!UoIlSiUT%Sp?ZYl$%!5-%Tft!Qm) z8bP;K*PlO*u94ulyZE_feQy{=H}(DoxqjJVJ?7tdcqe1`_+ug<7x}oCG2sb_(yv~U zI}~s8TxerXY7#-Fyn{v2k5e|5 z?1HFGU+zs7S1jiFPfhZ!4FJo}e+Nh7@w=@3-*F%RZ!=|EN9kO@|6gruKvhbu0(EPh z83%6Gb+Gtiqtd0lA4fokOkN4fPHgsMDbbWBH5lBh?m;UXJ`;oN#^0=>PSnJ*)WSfV zy><87o8^^ZP;E|^qG@%@I#o)oSac0V2mHp#N-=1XD(zV@$jU>S0a1!Ur7d5IriMw&%SwrjR#JnpFDOk= z>dP2>K%q~b7AS~^;4~t^-^k4n{EggX^?~K#Nc`M1tsTL!CJcx2DR3OXZ;q= zi3fgduy|#vs)IqDbz$=uu#TU!N$!}dsul(%!jXighLUna2oVzRi%98cZz>K%Q{TT& z!GQ0ZI|75hP*8`qE-;uA8h=JHyIWjQOM!9$7G{%X*Nqwk26brb0t3M>N}zwm!JTE| zwZfnP084v0925q1XzK!l2+`FBDGX9iI_j|@_>AsR zGz4FQpCI;^QF#)*n%@GKv6q3_rCC}n{vi1ls%WdKstyJ*iWV{jk}VCS`xsfu@-B^V$K5qD~PM8sv!mr4vT17 zvx#P|JwA!}@nDKW9(jV%Nt*-G7z6eFRpxnJ`#ktXQzBA(qqbPI$H2K_KefbZ^Yh?} zPlRhR6Es=V=7`k7zzb+)1h94(6s(L%gM1Z~27o`|h-yDCwH|!mCI*$nm6v81IDERH=pIEa)`JH8 zfv|iiB|MM82z)lk8+?L~;GmA}aC;1l-=LlhWi32X0R}a?-WCIjVC2qiOUsLx2N#Mw zJ_+iEu4{>bb0vOV8#KLuc_1*T*YnmGkg!Nzv3Wg{1%oezlg!vgzRVD z|GU#~p$_3j@Bc!c$gd)=#qoU;WT!*$bVBpLs z&pn>Spu2BjdUX8P3N}e$V56mBSp|dBISg)*6ytQ{mOT9ud?h6Qgy{mt?z|X?3EnT?KN8l6oJRd#4h?798+J&C?IoI?waT9a4-UEiLa1B(ReEc-WJyrmWW95{1&O<;ANCc)L8Wf%xQQ;Y?0g*o1$lC$Ia&f~D zHISBlDI_+;!R_z2Y)k(=Vhm1w5_!ZUd^=wcx#d2TYPr~i_vCM~tqQ-%)C$%#Y>IlB zb{aS(aS$4TtHfINdf@5bDs+mppS>Qq5efc5Zq#*tP5s@3GNFQQu*pqjd>3`$df+%o z2%W^Ujgxg|F1QuB%wg5=c*^yUgwX>##L)}f+W^wJb)M$IE#8xtu zxx&~oCV*Sp$s2hqyYzi!VlV-eEYL{(DesorB~8G1Z_lVk8dD_Q837!!haC04B>zRy zu<^WjXYnMIn~qOh=x1)ym_+avW$xt~8rN%xd$g9cb_3nJWk^%^^!`3c*&!r%(}_?3 zFto`g1tTza_JWGd&gA@E2{Q*iKkIRS6>-&h_;UO?688lpjSE-1+ zO~Apio=Mr=Uru9rdE~O|TMEk5i6kLSiU%g(==iVMi>AzAl93f8gOod4rx7*lmFFNU zu9qje_UpG>= zmCsXK_wPRvZ|~A%ud3vHy4yN%xAfMwI%F58bL$|9h$<*UmH zqS8^rikq@wT|6eX+*3`0(TijC~$M>X6qBH(fx@; zH`trn@y$0iIPrb*Fa%#w=tCC`fp~wXoa7nAKJxxXZs;$Vv7Ar8;sw_6q07>ITC!sT zFde6r%qGbtO*KN9E?pN}KZP)u@3Q_V<@VHD%w_5*^Rj{{_AkK2%(Z8}AA zaZ`;*b_wIK*>d?Qn`N?MF6T&|ekQ?L;GsvPXLDvQrZ8C~2w@$svrO?;{`6MHeKOtr#UuH6l5Vefb%j%=j@jz;rHx zOSB+)I^N$a-1kbFYD6-0V|#9Z8Z{W0EPz2PL~y?1FkUw;4|W-;DW9`?fa$`+|_d9cBV#Zd&_- zp2(!kwP*s4Bt_*zW$0rU zGVW9UeUB+7L7JUDknFS=hY3)NgLuUp62-Kpr>LqO=U|JR}J=YQ1T{|@r;e-HP2{m(|qHfXE+sn7En9A0yVt_|Dc zVQyr3R8em|NM&qo0PH<$bKAC-{j6VcmPzMY*_wJ-ws$CeGyE&d!bt zk&uL%1Q-C6qfNcPeFrZReCT02R+3iuV2k9z!2xhyJU9R&mZpsM&Sr?qaDmd~yU$$9PtH2id$g9IFNtA>&b*f1SN2WBudz{ zLs5!Pz%W)vE;4-LDt6`$_wb-U3j5)p^QHU$S1(rnB~G&hNi2HT0`obEFp46UQyI$a z(JEn`{EvgspyeG=Z4Vu1g;F=sl}IKiDD$tNe93viBF$^&?w2{61jRHTobnDB}#DsA^ZU! zawaj{-B}DGLy7Cgh_b0ie;u zkFcl5V*@kmiwk2$KDZ(xm>p6^-hD8%{(ilSsLk9^!paY_uH4yKz#Z zrKJ}&0{knH;pn6!YL9W)!yn2C3eJ*TNX#$Z1YOv}X(kuN!*18$Gd^ws*z98D9vS%J z(#%&o(5FwB#^vB80xOIa(k@wy-!Lu%pA5|b7NT0cxSAl6K=7I-i;`$SGzN#zc>+QU zw#c)LafxFf)QPly0|=H)ZjHZc;vFh%B7nV^L=pl^Y~Xdwj7U%jW*7bd$w}(X?9epl zZ1y_lUSr%n+y3V%SM+HB|b|E&~1{&UOtO~O#@d)G^qy9Z-bI%i2@H5^AYK25S2 zy3A8J^aC+}!U)Q@T~^6|gfcWH36TUpN&&3%|Axbc{2vcSJNe&6vHqXTxe3{zEaNQW z1WEPV#U8ZdcaE?Qz(^PSS>gHloD=JM0?V*OScZ5^bSXetCVKNh(1^2k?n5EY61GUy zJKa4=EGj-ZjaL#$Jjs*$kE5_Pw=t3rr!wM<{?5j$C>$dh&3f~}7)#Vb=a&|Vzf@VJ z|83~x(F*|U^#8$OGyZ=t-0A;q6yN`|(OWS?9LInn&V*Pm{VsZ}M0bXhG!!$#Kr5E_ zZ1^xVF5%`eyE1einv9jxB3}V?usjQI@-gNVODsaddPTy4dJS$=X>m+jv80HiDUSEY zi|SgV3xrhb8$EkviGS3nHilromA*BLscz+?wJxDTA{wo#&rNqPOEe0!SUw5g+vOAd zQF3%uqu4;(XpHNQj`)~rVM{GrsaR+cC-A)p%Ie__UU*kJJOt$`OYPS#im{@s(*I`m zpM3pyG#J+Nzm5)$cI&@eDOy*({FoscYoAcZCfUR+-)eoiR7Ls9rDef(&#u^dk5>IqdXJS{ zanV4#u3T|2EkGc zKNs5D%+-Y8BsL3m2}y~>F-Qh-Mg;7Q7kVDgFRv6Vp;HhUj=EvzVggpF8zd2<5)mqF zW}m)CB;1lDfiZ?$C^`ioO}wRcHCvP`?hj!NW#H}nJ46K!SdgX9SMW$-5A1Sig$p-k z!ji^f*bI_N4pJ4r>T~7kCY;vOs>?$SDbH3G9tc08t3YRdX_iXk;) zS}r$G+HYFNoYwuUkmL=i&j99k=`eDfB`CrW{Cfbwb+8e)`CU5467y7%RLi!r(#$x- zUKE3a|JJ{zTWv{mEfUoPTP9m8Anz$<-Vj@)`$hWT-X>mW_nu>44=PjwA@!;7b)iXy z(wYy&F(42IsaC30P&KF}w*wI%@baw5mR>zjHEt%YH6g7jiiWV3qok&-hNf1#MXYzh zn{TtU`~SwSVJ>>tn9d1jRL4di_$si*|3BythE@N6*grZR?EL?26hHsNn`)RNPS7~P z%Y(iJkAz;m_qLj++c2HGyZW`i)MPcaFQOSvk$RgaF_QRayeN~zii|KHTM*4~bYtNX zBBW7;LARnU{VFC@@ORGAD;#kwpOhA%n=qQ*Ui^#~j=Fs>W7DV5dT?IqdO@>Eaw{;s z#S?P}mY^yLs3KJ51}~OXP`0HW8FMz_sm4mfJ#c86fF>ZcWZAiGNn|PeFJJ#&&Hti3 zhxu`1=MQZ0$TKNzOPHc*VXHk2I7d zFTeU(@iK&$P64L#_Dw5m`OgvN=gh8}gD-7~cI8Wywf-MT(e#mqAP(>S)PZ#mAGAd>M#0D(l)0D>$} zk~b_NQQ>!K>P{f=c3zbA;O=h8J9fr|bT8QZUR`_NR9M3U_ybY4=S*PG##y zN#)jaGp29-yRlsOY0RsS-*+Ntg_tQmG4X%12t<9&4uut54bC3Y1RMb3WVrg=aM`! z32cr29}XJlzZ@SO^>_Mz8>OoMy`?9&w|J?>_i|<(tkLzYyON9D<;yo_*Uo8p^iEE1 zsi){5$5}!mBzi(}B=L07bLckdr@3=2G91}G4;G!Kw@70c6boqXxi%`U$rFFCZc!0+V7Jp^DQQbM-hN-fzB6#2Hq%T}2VD`C8y$MB~rt@fW{dCT|> zq0`=V{K(CJ8^nJOMveVHgM;Ip{oh70nGly(aJG@IDmf#Jsi@Qm%EVyxtc+(A7bbbS z@~o1vYik;;wx+o-o4Sh=K1!h4fe^d2-}{zU`R7=$oJUynt|R=|(;wEye~$VM`9ByO z?c{$OrRu^+p5xvG*~4bk+>;5>`KUwynj@0vWj#WHd^{_kE?*@rI4M-fuI&om6NH7s zwkVIOuLyme8IR6eeXB-zozGqE7wi?M^VCu44*iT5E}N5GNlxgryDZzRbQ8T%op6>G zYn&$iY_pO4Dn{_R9Ri)V_V9sfMBA6lMbTWPebx9B%lp>#PiJaSoaN($L?yVX9{Mxa zOpLHV87Ffj@eOXo^1sTU+dBQPbIKoi2E^L+zvD*!*Wu3p+fLEC2>{@&opbPJ+$p2w zx~K&9+`m1>%iUd6sWylFl>!&V!)caRTu2?^D3B|sPvh6i1bzl{D^i=<6lJ;bGc9bC zmwSAeKx-s2>4zYkFlJE0QM^N z|A5~ap%DB4zN1!Y-S3Av3G&oKsAr%b+RVo6W(9P0|! zVU3Fok-D{cS|*D$ci|PgE!P5Cf6&jGr^VUNsiN);k~8x_;VN$VIVJju$j9YTkEzMH0Z%izI42yQ7eDQ=8DMww1U^;Hoi=+3-7FQy zbsLrm-Tjw_nBr_z$9n1&iEtd-lqogOlt~a+29^5$*`~#5*X>6_KQhgfe01Dm=kihQ zpm|#xF_K8w%|o?Tp3hlwu5g_E2nLrAtjEN=;gef1NpY({Tnu-k4^~*X4PX9bhx_lG zrQ}}*O;FO*dcf@RLs>T1rTY&o^})n*OYvrF>W*xbByH0DSxkeasC|3JN+lC+yeXqL z2!$E2!(r6>0|uoq$rau76ysxV+;@;#T!+mE?MwSq-%?ra|10IHRKt6t!U&@ec@J3Q z{~sJ5)$+fGgTujY|HoE}RxfsXaq;4>=3Uza6ZH`pj>v>W%EL<0iVs6sd3H8glzbCZ zZ5T=tc8lX{)rL9uz}UT%$^ZhPEMXAic>sa^EJjc@g2n|3i+crP)%10yFp4Z8@|DKg z3s!^f-4Z!txh(DlUULOJ=A7~CR7`ah7n`}D+P;Gm75H9+pdAtyFF{}+^wZp&v=37< z#}qQg62RdUe(R-F_9UV=J;73}Kz{=wY|Yyl<`@YB^_%j?O8DP&kd9a?@JEzp2^OI~ zGNaxF7ihyDU{7b;7ai_*&DeKgFOjh4ZvO!Zrd>FwqH^eT^vD~QdUNihB}>|C&TNg= zHd2O7=uODkfTV#UNyg)Ab5h^+oFy%!-K(+USp6me`uzSG5-kH$6^;iEz1Q^WO}B;Y zqb#d<6@L?@8d&dAWZ6$Op~p3mFU75h%vPoOxoYX!9mmw_Zqym1tWtlEXdgC5L^Wh< zZ?+)YcwAxGE5Is^=o(()^c6FsPe^?D-013$pB=Y7$91K;$fagXH*~sY+E!0NEAr-a zY;EY>TSsHm*M}EeyX^zMjM`e0!T@0Jc5T*TJ?f;RFb^xCA`wxesVRQe-?)>+y zlxl8L>G$b%Ci1ZmfH4v{21dcg7FH)KZ5B1C#k1BbnCD*L!o8@*!hQKqQMi!;DcAd+ zS0W`2SMd_OA+DD1<$ODDqgMXI8BS6%rHtdx-^N<`KRB#^|NH28cmC^E$}{z@A~C0W zq1SMLdf%Wh&PfszI)w~HH)x7Q*m(x}a6J1#KmlTglLV#-8=JjIgie0|juRxw92-4S z-bXaUKn6h*Hk1yhB+jJ;;<8*UtM2G#&PEv*wf12 zpIt#rxafpaB76F;A-@xj|CjglUw30R?WsTRQp{u{Qsw-;n?Q?)xv>DbL`Q{iy%hs*n1sdm5nAdGX?(r*AJWF8^@? z?|!KP;X*m)SNL(5EfyBe?kj zP&Cud7=kH7iK1kTRaeg6{u*{V&z`{rm7K-7PT8>oY7W1(nK{Dsy4Wl@!%2p@fZG{~ zW)LA-oa!tY#CVPqmI1}Lj;vg#8|evZOi9-n1TddP;NiER=XPaRc4b#~rCR + Host Path: Is a path that already exists on the system. schema: type: string - hidden: true - $ref: - - "normalize/ixVolume" - show_if: [ [ "hostPathEnabled", "=", false ] ] - default: "ix-config" - editable: false - - variable: mountPath - label: "Configuration Mount Path" - description: "Path where the volume will be mounted inside the pod" - schema: - type: path - hidden: true - editable: false - default: "/etc/netdata" - - variable: hostPathEnabled - label: "Enable Host Path for Netdata Configuration Volume" - schema: - type: boolean - default: false - show_subquestions_if: true - subquestions: - - variable: hostPath - label: "Host Path for Netdata Configuration Volume" - schema: - type: hostpath - required: true - immutable: true - - variable: netdatacache - label: "Cache Volume" - schema: - type: dict - attrs: - - variable: datasetName - label: "Cache Volume Name" - schema: - type: string - hidden: true - $ref: - - "normalize/ixVolume" - show_if: [["hostPathEnabled", "=", false]] - default: "ix-cache" - editable: false - - variable: mountPath - label: "Cache Mount Path" - description: "Path where the volume will be mounted inside the pod" - schema: - type: path - hidden: true - editable: false - default: "/var/cache/netdata" - - variable: hostPathEnabled - label: "Enable Host Path for Netdata Cache Volume" - schema: - type: boolean - default: false - show_subquestions_if: true - subquestions: - - variable: hostPath - label: "Host Path for Netdata Cache Volume" - schema: - type: hostpath - required: true - immutable: true - - variable: netdatalib - label: "Netdata Library Volume" - schema: - type: dict - attrs: - - variable: datasetName - label: "Netdata Library Volume Name" - schema: - type: string - hidden: true - $ref: - - "normalize/ixVolume" - show_if: [ [ "hostPathEnabled", "=", false ] ] - default: "ix-lib" - editable: false - - variable: mountPath - label: "Netdata Library Mount Path" - description: "Path where the volume will be mounted inside the pod" - schema: - type: path - hidden: true - editable: false - default: "/var/lib/netdata" - - variable: hostPathEnabled - label: "Enable Host Path for Netdata Library Volume" - schema: - type: boolean - default: false - show_subquestions_if: true - subquestions: - - variable: hostPath - label: "Host Path for Netdata Library Volume" - schema: - type: hostpath - required: true - immutable: true - - - variable: extraAppVolumeMounts - label: "Extra Host Path Volumes" - group: "Storage" - schema: - type: list - items: - - variable: extraAppVolume - label: "Host Path Volume" - description: "Add an extra host path volume for Netdata application" - schema: - type: dict - attrs: - - variable: mountPath - label: "Mount Path in Pod" - description: "Path where the volume will be mounted inside the pod" - schema: - type: path required: true - - variable: hostPath - label: "Host Path" - description: "Host path" + immutable: true + default: "ixVolume" + enum: + - value: "hostPath" + description: Host Path (Path that already exists on the system) + - value: "ixVolume" + description: ixVolume (Dataset created automatically by the system) + - variable: ixVolumeConfig + label: ixVolume Configuration + description: The configuration for the ixVolume dataset. schema: - type: hostpath + type: dict + show_if: [["type", "=", "ixVolume"]] + $ref: + - "normalize/ixVolume" + attrs: + - variable: aclEnable + label: Enable ACL + description: Enable ACL for the dataset. + schema: + type: boolean + default: false + - variable: datasetName + label: Dataset Name + description: The name of the dataset to use for storage. + schema: + type: string + required: true + immutable: true + hidden: true + default: "config" + - variable: aclEntries + label: ACL Configuration + schema: + type: dict + show_if: [["aclEnable", "=", true]] + attrs: [] + - variable: hostPathConfig + label: Host Path Config + schema: + type: dict + show_if: [["type", "=", "hostPath"]] + attrs: + - variable: aclEnable + label: Enable ACL + description: Enable ACL for the dataset. + schema: + type: boolean + default: false + - variable: acl + label: ACL Configuration + schema: + type: dict + show_if: [["aclEnable", "=", true]] + attrs: [] + $ref: + - "normalize/acl" + - variable: hostPath + label: Host Path + description: The host path to use for storage. + schema: + type: hostpath + show_if: [["aclEnable", "=", false]] + required: true + - variable: cache + label: Netdata Cache Storage + description: The path to store Netdata Cache. + schema: + type: dict + attrs: + - variable: type + label: Type + description: | + ixVolume: Is dataset created automatically by the system.
+ Host Path: Is a path that already exists on the system. + schema: + type: string required: true + immutable: true + default: "ixVolume" + enum: + - value: "hostPath" + description: Host Path (Path that already exists on the system) + - value: "ixVolume" + description: ixVolume (Dataset created automatically by the system) + - variable: ixVolumeConfig + label: ixVolume Configuration + description: The configuration for the ixVolume dataset. + schema: + type: dict + show_if: [["type", "=", "ixVolume"]] + $ref: + - "normalize/ixVolume" + attrs: + - variable: aclEnable + label: Enable ACL + description: Enable ACL for the dataset. + schema: + type: boolean + default: false + - variable: datasetName + label: Dataset Name + description: The name of the dataset to use for storage. + schema: + type: string + required: true + immutable: true + hidden: true + default: "cache" + - variable: aclEntries + label: ACL Configuration + schema: + type: dict + show_if: [["aclEnable", "=", true]] + attrs: [] + - variable: hostPathConfig + label: Host Path Config + schema: + type: dict + show_if: [["type", "=", "hostPath"]] + attrs: + - variable: aclEnable + label: Enable ACL + description: Enable ACL for the dataset. + schema: + type: boolean + default: false + - variable: acl + label: ACL Configuration + schema: + type: dict + show_if: [["aclEnable", "=", true]] + attrs: [] + $ref: + - "normalize/acl" + - variable: hostPath + label: Host Path + description: The host path to use for storage. + schema: + type: hostpath + show_if: [["aclEnable", "=", false]] + required: true + - variable: lib + label: Netdata Lib Storage + description: The path to store Netdata Lib. + schema: + type: dict + attrs: + - variable: type + label: Type + description: | + ixVolume: Is dataset created automatically by the system.
+ Host Path: Is a path that already exists on the system. + schema: + type: string + required: true + immutable: true + default: "ixVolume" + enum: + - value: "hostPath" + description: Host Path (Path that already exists on the system) + - value: "ixVolume" + description: ixVolume (Dataset created automatically by the system) + - variable: ixVolumeConfig + label: ixVolume Configuration + description: The configuration for the ixVolume dataset. + schema: + type: dict + show_if: [["type", "=", "ixVolume"]] + $ref: + - "normalize/ixVolume" + attrs: + - variable: aclEnable + label: Enable ACL + description: Enable ACL for the dataset. + schema: + type: boolean + default: false + - variable: datasetName + label: Dataset Name + description: The name of the dataset to use for storage. + schema: + type: string + required: true + immutable: true + hidden: true + default: "lib" + - variable: aclEntries + label: ACL Configuration + schema: + type: dict + show_if: [["aclEnable", "=", true]] + attrs: [] + - variable: hostPathConfig + label: Host Path Config + schema: + type: dict + show_if: [["type", "=", "hostPath"]] + attrs: + - variable: aclEnable + label: Enable ACL + description: Enable ACL for the dataset. + schema: + type: boolean + default: false + - variable: acl + label: ACL Configuration + schema: + type: dict + show_if: [["aclEnable", "=", true]] + attrs: [] + $ref: + - "normalize/acl" + - variable: hostPath + label: Host Path + description: The host path to use for storage. + schema: + type: hostpath + show_if: [["aclEnable", "=", false]] + required: true - - variable: enableResourceLimits - label: "Enable Pod resource limits" - group: "Resource Limits" + - variable: additionalStorages + label: Additional Storage + description: Additional storage for Netdata. + schema: + type: list + default: [] + items: + - variable: storageEntry + label: Storage Entry + schema: + type: dict + attrs: + - variable: type + label: Type + description: | + ixVolume: Is dataset created automatically by the system.
+ Host Path: Is a path that already exists on the system.
+ SMB Share: Is a SMB share that is mounted to a persistent volume claim. + schema: + type: string + required: true + default: "ixVolume" + immutable: true + enum: + - value: "hostPath" + description: Host Path (Path that already exists on the system) + - value: "ixVolume" + description: ixVolume (Dataset created automatically by the system) + - value: "smb-pv-pvc" + description: SMB Share (Mounts a persistent volume claim to a SMB share) + - variable: readOnly + label: Read Only + description: Mount the volume as read only. + schema: + type: boolean + default: false + - variable: mountPath + label: Mount Path + description: The path inside the container to mount the storage. + schema: + type: path + required: true + - variable: hostPathConfig + label: Host Path Config + schema: + type: dict + show_if: [["type", "=", "hostPath"]] + attrs: + - variable: aclEnable + label: Enable ACL + description: Enable ACL for the dataset. + schema: + type: boolean + default: false + - variable: acl + label: ACL Configuration + schema: + type: dict + show_if: [["aclEnable", "=", true]] + attrs: [] + $ref: + - "normalize/acl" + - variable: hostPath + label: Host Path + description: The host path to use for storage. + schema: + type: hostpath + show_if: [["aclEnable", "=", false]] + required: true + - variable: ixVolumeConfig + label: ixVolume Configuration + description: The configuration for the ixVolume dataset. + schema: + type: dict + show_if: [["type", "=", "ixVolume"]] + $ref: + - "normalize/ixVolume" + attrs: + - variable: aclEnable + label: Enable ACL + description: Enable ACL for the dataset. + schema: + type: boolean + default: false + - variable: datasetName + label: Dataset Name + description: The name of the dataset to use for storage. + schema: + type: string + required: true + immutable: true + default: "storage_entry" + - variable: aclEntries + label: ACL Configuration + schema: + type: dict + show_if: [["aclEnable", "=", true]] + attrs: [] + - variable: smbConfig + label: SMB Share Configuration + description: The configuration for the SMB Share. + schema: + type: dict + show_if: [["type", "=", "smb-pv-pvc"]] + attrs: + - variable: server + label: Server + description: The server for the SMB share. + schema: + type: string + required: true + - variable: share + label: Share + description: The share name for the SMB share. + schema: + type: string + required: true + - variable: domain + label: Domain (Optional) + description: The domain for the SMB share. + schema: + type: string + - variable: username + label: Username + description: The username for the SMB share. + schema: + type: string + required: true + - variable: password + label: Password + description: The password for the SMB share. + schema: + type: string + required: true + private: true + - variable: size + label: Size (in Gi) + description: The size of the volume quota. + schema: + type: int + required: true + min: 1 + default: 1 + + - variable: resources + group: Resources Configuration + label: "" schema: - type: boolean - default: false - - variable: cpuLimit - label: "CPU Limit" - description: "CPU resource limit allow plain integer values with suffix m(milli) e.g 1000m, 100." - group: "Resource Limits" - schema: - type: string - show_if: [["enableResourceLimits", "=", true]] - valid_chars: "^\\d+(?:\\.\\d+(?!.*m$)|m?$)" - default: "4000m" - - variable: memLimit - label: "Memory Limit" - group: "Resource Limits" - description: "Memory limits is specified by number of bytes. Followed by quantity suffix like E,P,T,G,M,k and Ei,Pi,Ti,Mi,Gi,Ki can also be used. e.g 129e6, 129M, 128974848000m, 123Mi" - schema: - type: string - show_if: [["enableResourceLimits", "=", true]] - valid_chars: "^([+-]?[0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$" - default: "8Gi" + type: dict + attrs: + - variable: limits + label: Limits + schema: + type: dict + attrs: + - variable: cpu + label: CPU + description: CPU limit for Netdata. + schema: + type: string + max_length: 6 + valid_chars: '^(0\.[1-9]|[1-9][0-9]*)(\.[0-9]|m?)$' + valid_chars_error: | + Valid CPU limit formats are
+ - Plain Integer - eg. 1
+ - Float - eg. 0.5
+ - Milicpu - eg. 500m + default: "4000m" + required: true + - variable: memory + label: Memory + description: Memory limit for Netdata. + schema: + type: string + max_length: 12 + valid_chars: '^[1-9][0-9]*([EPTGMK]i?|e[0-9]+)?$' + valid_chars_error: | + Valid Memory limit formats are
+ - Suffixed with E/P/T/G/M/K - eg. 1G
+ - Suffixed with Ei/Pi/Ti/Gi/Mi/Ki - eg. 1Gi
+ - Plain Integer in bytes - eg. 1024
+ - Exponent - eg. 134e6 + default: "8Gi" + required: true diff --git a/library/ix-dev/charts/netdata/templates/NOTES.txt b/library/ix-dev/charts/netdata/templates/NOTES.txt new file mode 100644 index 0000000000..ba4e01146c --- /dev/null +++ b/library/ix-dev/charts/netdata/templates/NOTES.txt @@ -0,0 +1 @@ +{{ include "ix.v1.common.lib.chart.notes" $ }} diff --git a/library/ix-dev/charts/netdata/templates/_helpers.tpl b/library/ix-dev/charts/netdata/templates/_helpers.tpl deleted file mode 100644 index 0b76aed34a..0000000000 --- a/library/ix-dev/charts/netdata/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "netdata.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "netdata.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "netdata.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/library/ix-dev/charts/netdata/templates/_migration.tpl b/library/ix-dev/charts/netdata/templates/_migration.tpl new file mode 100644 index 0000000000..4479a21b9b --- /dev/null +++ b/library/ix-dev/charts/netdata/templates/_migration.tpl @@ -0,0 +1,35 @@ +{{- define "netdata.get-versions" -}} + {{- $oldChartVersion := "" -}} + {{- $newChartVersion := "" -}} + + {{/* Safely access the context, so it wont block CI */}} + {{- if hasKey .Values.global "ixChartContext" -}} + {{- if .Values.global.ixChartContext.upgradeMetadata -}} + + {{- $oldChartVersion = .Values.global.ixChartContext.upgradeMetadata.oldChartVersion -}} + {{- $newChartVersion = .Values.global.ixChartContext.upgradeMetadata.newChartVersion -}} + {{- if and (not $oldChartVersion) (not $newChartVersion) -}} + {{- fail "Upgrade Metadata is missing. Cannot proceed" -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- toYaml (dict "old" $oldChartVersion "new" $newChartVersion) -}} +{{- end -}} + +{{- define "netdata.migration" -}} + {{- $versions := (fromYaml (include "netdata.get-versions" $)) -}} + {{- if and $versions.old $versions.new -}} + {{- $oldV := semver $versions.old -}} + {{- $newV := semver $versions.new -}} + + {{/* If new is v2.x.x */}} + {{- if eq ($newV.Major | int) 2 -}} + {{/* And old is v1.x.x, but lower than .40 */}} + {{- if and (eq $oldV.Major 1) (lt ($oldV.Patch | int) 40) -}} + {{/* Block the upgrade */}} + {{- fail "Migration to 2.x.x is only allowed from 1.0.40 or higher" -}} + {{- end -}} + {{- end -}} + {{- end -}} +{{- end -}} diff --git a/library/ix-dev/charts/netdata/templates/_netdata.tpl b/library/ix-dev/charts/netdata/templates/_netdata.tpl new file mode 100644 index 0000000000..a9c99271fc --- /dev/null +++ b/library/ix-dev/charts/netdata/templates/_netdata.tpl @@ -0,0 +1,53 @@ +{{- define "netdata.workload" -}} +workload: + netdata: + enabled: true + primary: true + type: Deployment + podSpec: + hostNetwork: false + automountServiceAccountToken: true + securityContext: + fsGroup: 201 + containers: + netdata: + enabled: true + primary: true + imageSelector: image + securityContext: + runAsUser: 0 + runAsGroup: 0 + runAsNonRoot: false + readOnlyRootFilesystem: false + allowPrivilegeEscalation: true + capabilities: + add: + - CHOWN + - DAC_OVERRIDE + - FOWNER + - SETGID + - SETUID + - SYS_PTRACE + env: + NETDATA_LISTENER_PORT: {{ .Values.netdataNetwork.webPort }} + {{ with .Values.netdataConfig.additionalEnvs }} + envList: + {{ range $env := . }} + - name: {{ $env.name }} + value: {{ $env.value }} + {{ end }} + {{ end }} + probes: + liveness: + enabled: true + type: exec + command: /usr/sbin/health.sh + readiness: + enabled: true + type: exec + command: /usr/sbin/health.sh + startup: + enabled: true + type: exec + command: /usr/sbin/health.sh +{{- end -}} diff --git a/library/ix-dev/charts/netdata/templates/_persistence.tpl b/library/ix-dev/charts/netdata/templates/_persistence.tpl new file mode 100644 index 0000000000..8c99e872fa --- /dev/null +++ b/library/ix-dev/charts/netdata/templates/_persistence.tpl @@ -0,0 +1,86 @@ +{{- define "netdata.persistence" -}} +persistence: + config: + enabled: true + {{- include "ix.v1.common.app.storageOptions" (dict "storage" .Values.netdataStorage.config) | nindent 4 }} + targetSelector: + netdata: + netdata: + mountPath: /etc/netdata + cache: + enabled: true + {{- include "ix.v1.common.app.storageOptions" (dict "storage" .Values.netdataStorage.cache) | nindent 4 }} + targetSelector: + netdata: + netdata: + mountPath: /var/cache/netdata + lib: + enabled: true + {{- include "ix.v1.common.app.storageOptions" (dict "storage" .Values.netdataStorage.lib) | nindent 4 }} + targetSelector: + netdata: + netdata: + mountPath: /var/lib/netdata + tmp: + enabled: true + type: emptyDir + targetSelector: + netdata: + netdata: + mountPath: /tmp + {{- range $idx, $storage := .Values.netdataStorage.additionalStorages }} + {{ printf "netdata-%v:" (int $idx) }} + enabled: true + {{- include "ix.v1.common.app.storageOptions" (dict "storage" $storage) | nindent 4 }} + targetSelector: + netdata: + netdata: + mountPath: {{ $storage.mountPath }} + {{- end }} + + os-release: + enabled: true + type: hostPath + hostPath: /etc/os-release + targetSelector: + netdata: + netdata: + mountPath: /host/etc/os-release + readOnly: true + sys: + enabled: true + type: hostPath + hostPath: /sys + targetSelector: + netdata: + netdata: + mountPath: /host/sys + readOnly: true + proc: + enabled: true + type: hostPath + hostPath: /proc + targetSelector: + netdata: + netdata: + mountPath: /host/proc + readOnly: true + etc-passwd: + enabled: true + type: hostPath + hostPath: /etc/passwd + targetSelector: + netdata: + netdata: + mountPath: /host/etc/passwd + readOnly: true + etc-group: + enabled: true + type: hostPath + hostPath: /etc/group + targetSelector: + netdata: + netdata: + mountPath: /host/etc/group + readOnly: true +{{- end -}} diff --git a/library/ix-dev/charts/netdata/templates/_portal.tpl b/library/ix-dev/charts/netdata/templates/_portal.tpl new file mode 100644 index 0000000000..e85c864236 --- /dev/null +++ b/library/ix-dev/charts/netdata/templates/_portal.tpl @@ -0,0 +1,12 @@ +{{- define "netdata.portal" -}} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: portal +data: + port: {{ .Values.netdataNetwork.webPort | quote }} + path: "/" + protocol: "http" + host: $node_ip +{{- end -}} diff --git a/library/ix-dev/charts/netdata/templates/_rbac.tpl b/library/ix-dev/charts/netdata/templates/_rbac.tpl new file mode 100644 index 0000000000..34f20a716e --- /dev/null +++ b/library/ix-dev/charts/netdata/templates/_rbac.tpl @@ -0,0 +1,30 @@ +{{- define "netdata.rbac" -}} +serviceAccount: + netdata: + enabled: true + primary: true + +rbac: + netdata: + enabled: true + primary: true + clusterWide: true + rules: + - apiGroups: + - "" + resources: + - pods + - services + - configmaps + - secrets + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get +{{- end -}} diff --git a/library/ix-dev/charts/netdata/templates/_service.tpl b/library/ix-dev/charts/netdata/templates/_service.tpl new file mode 100644 index 0000000000..acb48b7669 --- /dev/null +++ b/library/ix-dev/charts/netdata/templates/_service.tpl @@ -0,0 +1,15 @@ +{{- define "netdata.service" -}} +service: + netdata: + enabled: true + primary: true + type: NodePort + targetSelector: netdata + ports: + webui: + enabled: true + primary: true + port: {{ .Values.netdataNetwork.webPort }} + nodePort: {{ .Values.netdataNetwork.webPort }} + targetSelector: netdata +{{- end -}} diff --git a/library/ix-dev/charts/netdata/templates/clusterrole.yaml b/library/ix-dev/charts/netdata/templates/clusterrole.yaml deleted file mode 100644 index cd1862784c..0000000000 --- a/library/ix-dev/charts/netdata/templates/clusterrole.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "netdata.fullname" . }} - labels: - app: {{ template "netdata.name" . }} - chart: {{ template "netdata.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -rules: - - apiGroups: [""] - resources: - - "pods" # used by sd, netdata (cgroup-name.sh, get-kubernetes-labels.sh) - - "services" # used by sd - - "configmaps" # used by sd - - "secrets" # used by sd - verbs: - - "get" - - "list" - - "watch" - - apiGroups: [""] - resources: - - "namespaces" # used by netdata (cgroup-name.sh, get-kubernetes-labels.sh) - verbs: - - "get" diff --git a/library/ix-dev/charts/netdata/templates/clusterrolebinding.yaml b/library/ix-dev/charts/netdata/templates/clusterrolebinding.yaml deleted file mode 100644 index 27152168c3..0000000000 --- a/library/ix-dev/charts/netdata/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "netdata.fullname" . }} - labels: - app: {{ template "netdata.name" . }} - chart: {{ template "netdata.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "netdata.fullname" . }} -subjects: -- kind: ServiceAccount - name: {{ .Release.Name }} - namespace: {{ .Release.Namespace }} diff --git a/library/ix-dev/charts/netdata/templates/common.yaml b/library/ix-dev/charts/netdata/templates/common.yaml new file mode 100644 index 0000000000..645a2db661 --- /dev/null +++ b/library/ix-dev/charts/netdata/templates/common.yaml @@ -0,0 +1,14 @@ +{{- include "ix.v1.common.loader.init" . -}} + +{{- include "netdata.migration" $ -}} + +{{/* Merge the templates with Values */}} +{{- $_ := mustMergeOverwrite .Values (include "netdata.workload" $ | fromYaml) -}} +{{- $_ := mustMergeOverwrite .Values (include "netdata.service" $ | fromYaml) -}} +{{- $_ := mustMergeOverwrite .Values (include "netdata.persistence" $ | fromYaml) -}} +{{- $_ := mustMergeOverwrite .Values (include "netdata.rbac" $ | fromYaml) -}} + +{{/* Create the configmap for portal manually*/}} +{{- include "netdata.portal" $ -}} + +{{- include "ix.v1.common.loader.apply" . -}} diff --git a/library/ix-dev/charts/netdata/templates/deployment.yaml b/library/ix-dev/charts/netdata/templates/deployment.yaml deleted file mode 100644 index ef1e0cb442..0000000000 --- a/library/ix-dev/charts/netdata/templates/deployment.yaml +++ /dev/null @@ -1,103 +0,0 @@ -{{ include "common.storage.hostPathValidate" .Values }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "netdata.name" . }}-netdata - labels: - app: {{ template "netdata.name" . }} - chart: {{ template "netdata.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - role: parent -spec: - replicas: 1 - strategy: - type: Recreate - selector: - matchLabels: {{ include "common.labels.selectorLabels" . | nindent 6 }} - template: - metadata: - labels: {{ include "common.labels.selectorLabels" . | nindent 8 }} - annotations: - rollme: {{ randAlphaNum 5 | quote }} - spec: - securityContext: - fsGroup: 201 - serviceAccountName: {{ .Release.Name }} - containers: - - name: {{ .Chart.Name }} - image: "{{ .Values.image.repository }}:{{ tpl .Values.image.tag . }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - {{ include "common.resources.limitation" . | nindent 10 }} - env: - {{ $envList := (default list .Values.environmentVariables) }} - {{ include "common.containers.environmentVariables" (dict "environmentVariables" $envList) | nindent 12 }} - ports: - - name: http - containerPort: 19999 - protocol: TCP - livenessProbe: - httpGet: - path: /api/v1/info - port: http - initialDelaySeconds: 10 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 5 - successThreshold: 1 - readinessProbe: - httpGet: - path: /api/v1/info - port: http - initialDelaySeconds: 10 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 5 - successThreshold: 2 - startupProbe: - httpGet: - path: /api/v1/info - port: http - initialDelaySeconds: 10 - periodSeconds: 5 - timeoutSeconds: 2 - failureThreshold: 60 - successThreshold: 1 - volumeMounts: {{ include "common.storage.configureAppVolumeMountsInContainer" .Values | nindent 12 }} - - name: os-release - mountPath: /host/etc/os-release - readOnly: true - - name: sys - mountPath: /host/sys - readOnly: true - - name: proc - mountPath: /host/proc - readOnly: true - - name: user - mountPath: /host/etc/passwd - readOnly: true - - name: group - mountPath: /host/etc/group - readOnly: true - securityContext: - capabilities: - add: - - SYS_PTRACE - terminationGracePeriodSeconds: 60 - {{ include "common.networking.dnsConfiguration" .Values | nindent 6 }} - volumes: {{ include "common.storage.configureAppVolumes" .Values | nindent 8 }} - - name: os-release - hostPath: - path: /etc/os-release - - name: proc - hostPath: - path: /proc - - name: sys - hostPath: - path: /sys - - name: user - hostPath: - path: /etc/passwd - - name: group - hostPath: - path: /etc/group diff --git a/library/ix-dev/charts/netdata/templates/pre-install-job.yaml b/library/ix-dev/charts/netdata/templates/pre-install-job.yaml deleted file mode 100644 index 64505b23e5..0000000000 --- a/library/ix-dev/charts/netdata/templates/pre-install-job.yaml +++ /dev/null @@ -1,34 +0,0 @@ -apiVersion: batch/v1 -kind: Job -metadata: - name: "{{ template "common.names.fullname" . }}-preinstall-job" - labels: - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - helm.sh/chart: {{ template "common.names.chart" . }} - annotations: - "helm.sh/hook": pre-install - "helm.sh/hook-delete-policy": hook-succeeded -spec: - template: - metadata: - name: "{{ template "common.names.fullname" . }}-preinstall-hook" - labels: - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - helm.sh/chart: {{ template "common.names.chart" . }} - spec: - restartPolicy: Never - containers: - - name: pre-install-job - image: "alpine:latest" - command: - - chown - - -R - - {{ .Values.runAsUser }}:{{ .Values.runAsGroup }} - - {{ .Values.appVolumeMounts.netdatacache.mountPath }} - - {{ .Values.appVolumeMounts.netdatalib.mountPath }} - - {{ .Values.appVolumeMounts.netdataconfig.mountPath }} - volumeMounts: {{ include "common.storage.configureAppVolumeMountsInContainer" .Values | nindent 12 }} - volumes: {{ include "common.storage.configureAppVolumes" .Values | nindent 8 }} diff --git a/library/ix-dev/charts/netdata/templates/service.yaml b/library/ix-dev/charts/netdata/templates/service.yaml deleted file mode 100644 index 81c478b423..0000000000 --- a/library/ix-dev/charts/netdata/templates/service.yaml +++ /dev/null @@ -1,6 +0,0 @@ -{{ $svc := .Values.service }} -{{ $ports := list }} -{{ $ports = mustAppend $ports (dict "name" "ui" "port" $svc.nodePort "nodePort" $svc.nodePort "targetPort" 19999) }} -{{ $params := . }} -{{ $_ := set $params "commonService" (dict "type" "NodePort" "ports" $ports ) }} -{{ include "common.classes.service" $params }} diff --git a/library/ix-dev/charts/netdata/templates/serviceaccount.yaml b/library/ix-dev/charts/netdata/templates/serviceaccount.yaml deleted file mode 100644 index 6338f0c7f0..0000000000 --- a/library/ix-dev/charts/netdata/templates/serviceaccount.yaml +++ /dev/null @@ -1,9 +0,0 @@ -kind: ServiceAccount -apiVersion: v1 -metadata: - labels: - app: {{ template "netdata.name" . }} - chart: {{ template "netdata.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - name: {{ .Release.Name }} diff --git a/library/ix-dev/charts/netdata/values.yaml b/library/ix-dev/charts/netdata/values.yaml index b654d2c2d2..c948edbb59 100644 --- a/library/ix-dev/charts/netdata/values.yaml +++ b/library/ix-dev/charts/netdata/values.yaml @@ -2,5 +2,33 @@ image: pullPolicy: IfNotPresent repository: netdata/netdata tag: v1.44.1 -runAsGroup: 201 -runAsUser: 201 + +resources: + limits: + cpu: 4000m + memory: 8Gi + +podOptions: + dnsConfig: + options: [] + +netdataConfig: + additionalEnvs: [] + +netdataNetwork: + webPort: 20489 + +netdataStorage: + config: + type: ixVolume + ixVolumeConfig: + datasetName: config + cache: + type: ixVolume + ixVolumeConfig: + datasetName: cache + lib: + type: ixVolume + ixVolumeConfig: + datasetName: lib + additionalStorages: []