From 01376ead68eafb1cba4828e1c8cb89b0f6e39aef Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ram=C3=B3n=20Tom=C3=A1s?= Date: Wed, 4 Oct 2017 18:36:08 +0200 Subject: [PATCH] Created ARM template for deploying a secured SF Created ps1 to generate certificates in keyvault Updated readme --- .../WindowsContainers/gen-keyvaultcert.ps1 | 53 ++ .../servicefabric/WindowsContainers/readme.md | 54 +- .../servicefabricdeploysecure.json | 824 ++++++++++++++++++ .../servicefabricdeploysecure.parameters.json | 91 ++ img/sf/cloud_publishProfile.PNG | Bin 0 -> 14374 bytes img/sf/create-kv.PNG | Bin 0 -> 23823 bytes img/sf/install-cert.PNG | Bin 0 -> 15678 bytes 7 files changed, 1021 insertions(+), 1 deletion(-) create mode 100644 deploy/az/servicefabric/WindowsContainers/gen-keyvaultcert.ps1 create mode 100644 deploy/az/servicefabric/WindowsContainers/servicefabricdeploysecure.json create mode 100644 deploy/az/servicefabric/WindowsContainers/servicefabricdeploysecure.parameters.json create mode 100644 img/sf/cloud_publishProfile.PNG create mode 100644 img/sf/create-kv.PNG create mode 100644 img/sf/install-cert.PNG diff --git a/deploy/az/servicefabric/WindowsContainers/gen-keyvaultcert.ps1 b/deploy/az/servicefabric/WindowsContainers/gen-keyvaultcert.ps1 new file mode 100644 index 000000000..c6fc34013 --- /dev/null +++ b/deploy/az/servicefabric/WindowsContainers/gen-keyvaultcert.ps1 @@ -0,0 +1,53 @@ +Param( + [parameter(Mandatory=$true)][string]$vaultName, + [parameter(Mandatory=$true)][string]$certName, + [parameter(Mandatory=$true)][string]$certPwd, + [parameter(Mandatory=$true)][string]$subjectName, + [parameter(Mandatory=$false)][string]$ValidityInMonths=12, + [parameter(Mandatory=$true)][string]$saveDir +) + + +#Log in Azure Account +Login-AzureRmAccount + + +# Create Cert in KeyVault +Write-Host "Creating certificate in Azure KeyVault..." -ForegroundColor Yellow +$policy = New-AzureKeyVaultCertificatePolicy -SubjectName $subjectName -IssuerName Self -ValidityInMonths $ValidityInMonths +Add-AzureKeyVaultCertificate -VaultName $vaultName -Name $certName -CertificatePolicy $policy + +# Downloading Certificate +Write-Host "Downloading Certificate from KeyVault..." -ForegroundColor Yellow + +$Stoploop = $false +$Retrycount = 0 + +do { + try { + + $kvSecret = Get-AzureKeyVaultSecret -VaultName $vaultName -Name $certName -ErrorAction SilentlyContinue + $kvSecretBytes = [System.Convert]::FromBase64String($kvSecret.SecretValueText) + $certCollection = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2Collection + $certCollection.Import($kvSecretBytes,$null,[System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::Exportable) + $protectedCertificateBytes = $certCollection.Export([System.Security.Cryptography.X509Certificates.X509ContentType]::Pkcs12, $certPwd) + [System.IO.File]::WriteAllBytes($saveDir + "\" + $certName + ".pfx", $protectedCertificateBytes) + + $Stoploop = $true + Write-Host "Finished!" -ForegroundColor Yellow + } + catch { + if ($Retrycount -gt 5){ + $Stoploop = $true + Write-Host "Not possible to retrieve the certificate!" -ForegroundColor Yellow + } + else { + Start-Sleep -Seconds 20 + $Retrycount = $Retrycount + 1 + } + } +} +While ($Stoploop -eq $false) + +# Show Certificate Values +Get-AzureKeyVaultCertificate -VaultName $vaultName -Name $certName \ No newline at end of file diff --git a/deploy/az/servicefabric/WindowsContainers/readme.md b/deploy/az/servicefabric/WindowsContainers/readme.md index bbfe08bd1..9d8e7c486 100644 --- a/deploy/az/servicefabric/WindowsContainers/readme.md +++ b/deploy/az/servicefabric/WindowsContainers/readme.md @@ -1,4 +1,4 @@ -# Deploying Azure Service Fabric +# Deploying Azure Service Fabric (No Secured) The ARM template `servicefabricdeploy.json` and its parameter file (`servicefabricdeploy.parameters.json`) are used to create a service fabric cluster environment for windows containers. @@ -31,6 +31,58 @@ create-resources.cmd servicefabric\WindowsContainers\servicefabricdeploy newReso Alternatively, instead of using ARM templates, you can deploy eShop on service fabric directly by publishing the project eShopOnServiceFabric in eShopOnContainers-ServicesAndWebApps.sln with Visual Studio publish tool. +# Deploying Azure Service Fabric (Secured) + +The ARM template `servicefabricdeploysecured.json` and its parameter file (`servicefabricdeploysecured.parameters.json`) are used to create a service fabric cluster environment for windows containers secured with a certificate. + +## Create Azure Keyvault service +Go to PortalAzure and create a Keyvault service. Make sure Enable access for deployment checkboxes are selected. + + + +## Generate a certificate in Azure Keyvault +Execute the gen-keyvaultcert.ps1 script to generate and download a certificate from Keyvault. + +``` +.\gen-cert.ps1 -vaultName -certName -certPwd -subjectName CN=.westeurope.cloudapp.azure.com -saveDir C:\Users\\Downloads + +``` +## Install the certificate +Install the certificate under 'Current User' store location and check it as exportable. + + + +## Editing servicefabricdeploysecured.parameters.json file + +Edit the following params in `servicefabricdeploysecured.parameters.json` file to set your values: + +- clusterName: Name of your SF cluster +- dnsName: Name assigned to your SF dns +- adminUserName: user name for administration +- adminPassword: user password for administration +- sourceVaultValue: keyvault resource id (check azure keyvault properties) +- certificateUrlValue: certificate url (check azure Keyvault certificate properties) +- certificateThumbprint: certificate thumbprint (check azure Keyvault certificate properties) + +Optionally, you can modify which ports are opened in the LoadBalancer for accessing externally to the apps: + +- webMvcHttpPort: port externally exposed for the WebMVC app +- webSpaHttpPort: port externally exposed for the WebSPA app +- webStatusHttpPort: port externally exposed for the WebStatus app +- IdSrvHttpRule: port externally exposed for the Identity app + +## Deploy the template + +Once parameter file is edited you can deploy it using [create-resources script](../readme.md). + +``` +create-resources.cmd servicefabric\WindowsContainers\servicefabricdeploysecured newResourceGroup -c westus +``` +## Deploy eShopOnServiceFabric with Visual Studio. + +Modify the cloud.xml file of each Service Fabric application in PublishProfile directory and set your certificate settings to be able to deploy eshopOnContainers in the secured cluster: + + diff --git a/deploy/az/servicefabric/WindowsContainers/servicefabricdeploysecure.json b/deploy/az/servicefabric/WindowsContainers/servicefabricdeploysecure.json new file mode 100644 index 000000000..b5bbfa55c --- /dev/null +++ b/deploy/az/servicefabric/WindowsContainers/servicefabricdeploysecure.json @@ -0,0 +1,824 @@ +{ + "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json", + "contentVersion": "1.0.0.0", + "parameters": { + "clusterLocation": { + "type": "string", + "metadata": { + "description": "Location of the Cluster" + } + }, + "clusterName": { + "type": "string", + "defaultValue": "Cluster", + "metadata": { + "description": "Name of your cluster - Between 3 and 23 characters. Letters and numbers only" + } + }, + "nt0applicationStartPort": { + "type": "int", + "defaultValue": 20000 + }, + "nt0applicationEndPort": { + "type": "int", + "defaultValue": 30000 + }, + "nt0ephemeralStartPort": { + "type": "int", + "defaultValue": 49152 + }, + "nt0ephemeralEndPort": { + "type": "int", + "defaultValue": 65534 + }, + "nt0fabricTcpGatewayPort": { + "type": "int", + "defaultValue": 19000 + }, + "nt0fabricHttpGatewayPort": { + "type": "int", + "defaultValue": 19080 + }, + "nt0reverseProxyEndpointPort": { + "type": "int", + "defaultValue": 19081 + }, + "webMvcHttpPort": { + "type": "int", + "defaultValue": 5100 + }, + "webSpaHttpPort": { + "type": "int", + "defaultValue": 5104 + }, + "webStatusHttpPort": { + "type": "int", + "defaultValue": 5107 + }, + "IdSrvHttpRule": { + "type": "int", + "defaultValue": 5105 + }, + "subnet0Name": { + "type": "string", + "defaultValue": "Subnet-0" + }, + "subnet0Prefix": { + "type": "string", + "defaultValue": "10.0.0.0/24" + }, + "computeLocation": { + "type": "string" + }, + "publicIPAddressName": { + "type": "string", + "defaultValue": "PublicIP-VM" + }, + "publicIPAddressType": { + "type": "string", + "allowedValues": [ + "Dynamic" + ], + "defaultValue": "Dynamic" + }, + "vmStorageAccountContainerName": { + "type": "string", + "defaultValue": "vhds" + }, + "adminUserName": { + "type": "string", + "defaultValue": "testadm", + "metadata": { + "description": "Remote desktop user Id" + } + }, + "adminPassword": { + "type": "securestring", + "metadata": { + "description": "Remote desktop user password. Must be a strong password" + } + }, + "virtualNetworkName": { + "type": "string", + "defaultValue": "VNet" + }, + "addressPrefix": { + "type": "string", + "defaultValue": "10.0.0.0/16" + }, + "dnsName": { + "type": "string" + }, + "nicName": { + "type": "string", + "defaultValue": "NIC" + }, + "lbName": { + "type": "string", + "defaultValue": "LoadBalancer" + }, + "lbIPName": { + "type": "string", + "defaultValue": "PublicIP-LB-FE" + }, + "overProvision": { + "type": "string", + "defaultValue": "false" + }, + "vmImagePublisher": { + "type": "string", + "defaultValue": "MicrosoftWindowsServer" + }, + "vmImageOffer": { + "type": "string", + "defaultValue": "WindowsServer" + }, + "vmImageSku": { + "type": "string", + "defaultValue": "2012-R2-Datacenter" + }, + "vmImageVersion": { + "type": "string", + "defaultValue": "latest" + }, + "clusterProtectionLevel": { + "type": "string", + "allowedValues": [ + "None", + "Sign", + "EncryptAndSign" + ], + "defaultValue": "EncryptAndSign", + "metadata": { + "description": "Protection level.Three values are allowed - EncryptAndSign, Sign, None. It is best to keep the default of EncryptAndSign, unless you have a need not to" + } + }, + "certificateStoreValue": { + "type": "string", + "allowedValues": [ + "My" + ], + "defaultValue": "My", + "metadata": { + "description": "The store name where the cert will be deployed in the virtual machine" + } + }, + "certificateThumbprint": { + "type": "string", + "metadata": { + "description": "Certificate Thumbprint" + } + }, + "sourceVaultValue": { + "type": "string", + "metadata": { + "description": "Resource Id of the key vault, is should be in the format of /subscriptions//resourceGroups//providers/Microsoft.KeyVault/vaults/" + } + }, + "certificateUrlValue": { + "type": "string", + "metadata": { + "description": "Refers to the location URL in your key vault where the certificate was uploaded, it is should be in the format of https://.vault.azure.net:443/secrets/" + } + }, + "storageAccountType": { + "type": "string", + "allowedValues": [ + "Standard_LRS", + "Standard_GRS" + ], + "defaultValue": "Standard_LRS", + "metadata": { + "description": "Replication option for the VM image storage account" + } + }, + "supportLogStorageAccountType": { + "type": "string", + "allowedValues": [ + "Standard_LRS", + "Standard_GRS" + ], + "defaultValue": "Standard_LRS", + "metadata": { + "description": "Replication option for the support log storage account" + } + }, + "supportLogStorageAccountName": { + "type": "string", + "defaultValue": "[toLower( concat('sflogs', uniqueString(resourceGroup().id),'2'))]", + "metadata": { + "description": "Name for the storage account that contains support logs from the cluster" + } + }, + "applicationDiagnosticsStorageAccountType": { + "type": "string", + "allowedValues": [ + "Standard_LRS", + "Standard_GRS" + ], + "defaultValue": "Standard_LRS", + "metadata": { + "description": "Replication option for the application diagnostics storage account" + } + }, + "applicationDiagnosticsStorageAccountName": { + "type": "string", + "defaultValue": "[toLower(concat(uniqueString(resourceGroup().id), '3' ))]", + "metadata": { + "description": "Name for the storage account that contains application diagnostics data from the cluster" + } + }, + "nt0InstanceCount": { + "type": "int", + "defaultValue": 5, + "metadata": { + "description": "Instance count for node type" + } + }, + "vmNodeType0Name": { + "type": "string", + "defaultValue": "primary", + "maxLength": 9 + }, + "vmNodeType0Size": { + "type": "string", + "defaultValue": "Standard_D2_v2" + } + }, + "variables": { + "vmssApiVersion": "2017-03-30", + "lbApiVersion": "2015-06-15", + "vNetApiVersion": "2015-06-15", + "storageApiVersion": "2016-01-01", + "publicIPApiVersion": "2015-06-15", + "vnetID": "[resourceId('Microsoft.Network/virtualNetworks',parameters('virtualNetworkName'))]", + "subnet0Ref": "[concat(variables('vnetID'),'/subnets/',parameters('subnet0Name'))]", + "lbID0": "[resourceId('Microsoft.Network/loadBalancers', concat('LB','-', parameters('clusterName'),'-',parameters('vmNodeType0Name')))]", + "lbIPConfig0": "[concat(variables('lbID0'),'/frontendIPConfigurations/LoadBalancerIPConfig')]", + "lbPoolID0": "[concat(variables('lbID0'),'/backendAddressPools/LoadBalancerBEAddressPool')]", + "lbProbeID0": "[concat(variables('lbID0'),'/probes/FabricGatewayProbe')]", + "lbHttpProbeID0": "[concat(variables('lbID0'),'/probes/FabricHttpGatewayProbe')]", + "lbNatPoolID0": "[concat(variables('lbID0'),'/inboundNatPools/LoadBalancerBEAddressNatPool')]", + "vmStorageAccountName0": "[toLower(concat(uniqueString(resourceGroup().id), '1', '0' ))]", + "uniqueStringArray0": [ + "[concat(variables('vmStorageAccountName0'), '0')]", + "[concat(variables('vmStorageAccountName0'), '1')]", + "[concat(variables('vmStorageAccountName0'), '2')]", + "[concat(variables('vmStorageAccountName0'), '3')]", + "[concat(variables('vmStorageAccountName0'), '4')]" + ] + }, + "resources": [ + { + "apiVersion": "[variables('storageApiVersion')]", + "type": "Microsoft.Storage/storageAccounts", + "name": "[parameters('supportLogStorageAccountName')]", + "location": "[parameters('computeLocation')]", + "dependsOn": [], + "properties": {}, + "kind": "Storage", + "sku": { + "name": "[parameters('supportLogStorageAccountType')]" + }, + "tags": { + "resourceType": "Service Fabric", + "clusterName": "[parameters('clusterName')]" + } + }, + { + "apiVersion": "[variables('storageApiVersion')]", + "type": "Microsoft.Storage/storageAccounts", + "name": "[parameters('applicationDiagnosticsStorageAccountName')]", + "location": "[parameters('computeLocation')]", + "dependsOn": [], + "properties": {}, + "kind": "Storage", + "sku": { + "name": "[parameters('applicationDiagnosticsStorageAccountType')]" + }, + "tags": { + "resourceType": "Service Fabric", + "clusterName": "[parameters('clusterName')]" + } + }, + { + "apiVersion": "[variables('vNetApiVersion')]", + "type": "Microsoft.Network/virtualNetworks", + "name": "[parameters('virtualNetworkName')]", + "location": "[parameters('computeLocation')]", + "dependsOn": [], + "properties": { + "addressSpace": { + "addressPrefixes": [ + "[parameters('addressPrefix')]" + ] + }, + "subnets": [ + { + "name": "[parameters('subnet0Name')]", + "properties": { + "addressPrefix": "[parameters('subnet0Prefix')]" + } + } + ] + }, + "tags": { + "resourceType": "Service Fabric", + "clusterName": "[parameters('clusterName')]" + } + }, + { + "apiVersion": "[variables('publicIPApiVersion')]", + "type": "Microsoft.Network/publicIPAddresses", + "name": "[concat(parameters('lbIPName'),'-','0')]", + "location": "[parameters('computeLocation')]", + "properties": { + "dnsSettings": { + "domainNameLabel": "[parameters('dnsName')]" + }, + "publicIPAllocationMethod": "Dynamic" + }, + "tags": { + "resourceType": "Service Fabric", + "clusterName": "[parameters('clusterName')]" + } + }, + { + "apiVersion": "[variables('lbApiVersion')]", + "type": "Microsoft.Network/loadBalancers", + "name": "[concat('LB','-', parameters('clusterName'),'-',parameters('vmNodeType0Name'))]", + "location": "[parameters('computeLocation')]", + "dependsOn": [ + "[concat('Microsoft.Network/publicIPAddresses/',concat(parameters('lbIPName'),'-','0'))]" + ], + "properties": { + "frontendIPConfigurations": [ + { + "name": "LoadBalancerIPConfig", + "properties": { + "publicIPAddress": { + "id": "[resourceId('Microsoft.Network/publicIPAddresses',concat(parameters('lbIPName'),'-','0'))]" + } + } + } + ], + "backendAddressPools": [ + { + "name": "LoadBalancerBEAddressPool", + "properties": {} + } + ], + "loadBalancingRules": [ + { + "name": "LBRule", + "properties": { + "backendAddressPool": { + "id": "[variables('lbPoolID0')]" + }, + "backendPort": "[parameters('nt0fabricTcpGatewayPort')]", + "enableFloatingIP": "false", + "frontendIPConfiguration": { + "id": "[variables('lbIPConfig0')]" + }, + "frontendPort": "[parameters('nt0fabricTcpGatewayPort')]", + "idleTimeoutInMinutes": "5", + "probe": { + "id": "[variables('lbProbeID0')]" + }, + "protocol": "tcp" + } + }, + { + "name": "LBHttpRule", + "properties": { + "backendAddressPool": { + "id": "[variables('lbPoolID0')]" + }, + "backendPort": "[parameters('nt0fabricHttpGatewayPort')]", + "enableFloatingIP": "false", + "frontendIPConfiguration": { + "id": "[variables('lbIPConfig0')]" + }, + "frontendPort": "[parameters('nt0fabricHttpGatewayPort')]", + "idleTimeoutInMinutes": "5", + "probe": { + "id": "[variables('lbHttpProbeID0')]" + }, + "protocol": "tcp" + } + }, + { + "name": "ReverseProxyHttpRule", + "properties": { + "backendAddressPool": { + "id": "[variables('lbPoolID0')]" + }, + "backendPort": "[parameters('nt0reverseProxyEndpointPort')]", + "enableFloatingIP": "false", + "frontendIPConfiguration": { + "id": "[variables('lbIPConfig0')]" + }, + "frontendPort": "[parameters('nt0reverseProxyEndpointPort')]", + "idleTimeoutInMinutes": "5", + "probe": { + "id": "[variables('lbHttpProbeID0')]" + }, + "protocol": "tcp" + } + }, + { + "name": "WebMVCHttpRule", + "properties": { + "backendAddressPool": { + "id": "[variables('lbPoolID0')]" + }, + "backendPort": "[parameters('webMvcHttpPort')]", + "enableFloatingIP": "false", + "frontendIPConfiguration": { + "id": "[variables('lbIPConfig0')]" + }, + "frontendPort": "[parameters('webMvcHttpPort')]", + "idleTimeoutInMinutes": "5", + "probe": { + "id": "[variables('lbHttpProbeID0')]" + }, + "protocol": "tcp" + } + }, + { + "name": "WebSPAHttpRule", + "properties": { + "backendAddressPool": { + "id": "[variables('lbPoolID0')]" + }, + "backendPort": "[parameters('webSpaHttpPort')]", + "enableFloatingIP": "false", + "frontendIPConfiguration": { + "id": "[variables('lbIPConfig0')]" + }, + "frontendPort": "[parameters('webSpaHttpPort')]", + "idleTimeoutInMinutes": "5", + "probe": { + "id": "[variables('lbHttpProbeID0')]" + }, + "protocol": "tcp" + } + }, + { + "name": "WebStatusHttpRule", + "properties": { + "backendAddressPool": { + "id": "[variables('lbPoolID0')]" + }, + "backendPort": "[parameters('webStatusHttpPort')]", + "enableFloatingIP": "false", + "frontendIPConfiguration": { + "id": "[variables('lbIPConfig0')]" + }, + "frontendPort": "[parameters('webStatusHttpPort')]", + "idleTimeoutInMinutes": "5", + "probe": { + "id": "[variables('lbHttpProbeID0')]" + }, + "protocol": "tcp" + } + }, + { + "name": "IdSrvHttpRule", + "properties": { + "backendAddressPool": { + "id": "[variables('lbPoolID0')]" + }, + "backendPort": "[parameters('IdSrvHttpRule')]", + "enableFloatingIP": "false", + "frontendIPConfiguration": { + "id": "[variables('lbIPConfig0')]" + }, + "frontendPort": "[parameters('IdSrvHttpRule')]", + "idleTimeoutInMinutes": "5", + "probe": { + "id": "[variables('lbHttpProbeID0')]" + }, + "protocol": "tcp" + } + } + ], + "probes": [ + { + "name": "FabricGatewayProbe", + "properties": { + "intervalInSeconds": 5, + "numberOfProbes": 2, + "port": "[parameters('nt0fabricTcpGatewayPort')]", + "protocol": "tcp" + } + }, + { + "name": "FabricHttpGatewayProbe", + "properties": { + "intervalInSeconds": 5, + "numberOfProbes": 2, + "port": "[parameters('nt0fabricHttpGatewayPort')]", + "protocol": "tcp" + } + } + ], + "inboundNatPools": [ + { + "name": "LoadBalancerBEAddressNatPool", + "properties": { + "backendPort": "3389", + "frontendIPConfiguration": { + "id": "[variables('lbIPConfig0')]" + }, + "frontendPortRangeEnd": "4500", + "frontendPortRangeStart": "3389", + "protocol": "tcp" + } + } + ] + }, + "tags": { + "resourceType": "Service Fabric", + "clusterName": "[parameters('clusterName')]" + } + }, + { + "apiVersion": "[variables('storageApiVersion')]", + "type": "Microsoft.Storage/storageAccounts", + "name": "[variables('uniqueStringArray0')[copyIndex()]]", + "location": "[parameters('computeLocation')]", + "dependsOn": [], + "properties": {}, + "copy": { + "name": "storageLoop", + "count": 5 + }, + "kind": "Storage", + "sku": { + "name": "[parameters('storageAccountType')]" + }, + "tags": { + "resourceType": "Service Fabric", + "clusterName": "[parameters('clusterName')]" + } + }, + { + "apiVersion": "[variables('vmssApiVersion')]", + "type": "Microsoft.Compute/virtualMachineScaleSets", + "name": "[parameters('vmNodeType0Name')]", + "location": "[parameters('computeLocation')]", + "dependsOn": [ + "[concat('Microsoft.Network/virtualNetworks/', parameters('virtualNetworkName'))]", + "[concat('Microsoft.Storage/storageAccounts/', variables('uniqueStringArray0')[0])]", + "[concat('Microsoft.Storage/storageAccounts/', variables('uniqueStringArray0')[1])]", + "[concat('Microsoft.Storage/storageAccounts/', variables('uniqueStringArray0')[2])]", + "[concat('Microsoft.Storage/storageAccounts/', variables('uniqueStringArray0')[3])]", + "[concat('Microsoft.Storage/storageAccounts/', variables('uniqueStringArray0')[4])]", + "[concat('Microsoft.Network/loadBalancers/', concat('LB','-', parameters('clusterName'),'-',parameters('vmNodeType0Name')))]", + "[concat('Microsoft.Storage/storageAccounts/', parameters('supportLogStorageAccountName'))]", + "[concat('Microsoft.Storage/storageAccounts/', parameters('applicationDiagnosticsStorageAccountName'))]" + ], + "properties": { + "overprovision": "[parameters('overProvision')]", + "upgradePolicy": { + "mode": "Automatic" + }, + "virtualMachineProfile": { + "extensionProfile": { + "extensions": [ + { + "name": "[concat(parameters('vmNodeType0Name'),'_ServiceFabricNode')]", + "properties": { + "type": "ServiceFabricNode", + "autoUpgradeMinorVersion": true, + "protectedSettings": { + "StorageAccountKey1": "[listKeys(resourceId('Microsoft.Storage/storageAccounts', parameters('supportLogStorageAccountName')),'2015-05-01-preview').key1]", + "StorageAccountKey2": "[listKeys(resourceId('Microsoft.Storage/storageAccounts', parameters('supportLogStorageAccountName')),'2015-05-01-preview').key2]" + }, + "publisher": "Microsoft.Azure.ServiceFabric", + "settings": { + "clusterEndpoint": "[reference(parameters('clusterName')).clusterEndpoint]", + "nodeTypeRef": "[parameters('vmNodeType0Name')]", + "dataPath": "D:\\\\SvcFab", + "durabilityLevel": "Bronze", + "enableParallelJobs": true, + "nicPrefixOverride": "[parameters('subnet0Prefix')]", + "certificate": { + "thumbprint": "[parameters('certificateThumbprint')]", + "x509StoreName": "[parameters('certificateStoreValue')]" + } + }, + "typeHandlerVersion": "1.0" + } + }, + { + "name": "[concat('VMDiagnosticsVmExt','_vmNodeType0Name')]", + "properties": { + "type": "IaaSDiagnostics", + "autoUpgradeMinorVersion": true, + "protectedSettings": { + "storageAccountName": "[parameters('applicationDiagnosticsStorageAccountName')]", + "storageAccountKey": "[listKeys(resourceId('Microsoft.Storage/storageAccounts', parameters('applicationDiagnosticsStorageAccountName')),'2015-05-01-preview').key1]", + "storageAccountEndPoint": "https://core.windows.net/" + }, + "publisher": "Microsoft.Azure.Diagnostics", + "settings": { + "WadCfg": { + "DiagnosticMonitorConfiguration": { + "overallQuotaInMB": "50000", + "EtwProviders": { + "EtwEventSourceProviderConfiguration": [ + { + "provider": "Microsoft-ServiceFabric-Actors", + "scheduledTransferKeywordFilter": "1", + "scheduledTransferPeriod": "PT5M", + "DefaultEvents": { + "eventDestination": "ServiceFabricReliableActorEventTable" + } + }, + { + "provider": "Microsoft-ServiceFabric-Services", + "scheduledTransferPeriod": "PT5M", + "DefaultEvents": { + "eventDestination": "ServiceFabricReliableServiceEventTable" + } + } + ], + "EtwManifestProviderConfiguration": [ + { + "provider": "cbd93bc2-71e5-4566-b3a7-595d8eeca6e8", + "scheduledTransferLogLevelFilter": "Information", + "scheduledTransferKeywordFilter": "4611686018427387904", + "scheduledTransferPeriod": "PT5M", + "DefaultEvents": { + "eventDestination": "ServiceFabricSystemEventTable" + } + } + ] + } + } + }, + "StorageAccount": "[parameters('applicationDiagnosticsStorageAccountName')]" + }, + "typeHandlerVersion": "1.5" + } + } + ] + }, + "networkProfile": { + "networkInterfaceConfigurations": [ + { + "name": "[concat(parameters('nicName'), '-0')]", + "properties": { + "ipConfigurations": [ + { + "name": "[concat(parameters('nicName'),'-',0)]", + "properties": { + "loadBalancerBackendAddressPools": [ + { + "id": "[variables('lbPoolID0')]" + } + ], + "loadBalancerInboundNatPools": [ + { + "id": "[variables('lbNatPoolID0')]" + } + ], + "subnet": { + "id": "[variables('subnet0Ref')]" + } + } + } + ], + "primary": true + } + } + ] + }, + "osProfile": { + "adminPassword": "[parameters('adminPassword')]", + "adminUsername": "[parameters('adminUsername')]", + "computernamePrefix": "[parameters('vmNodeType0Name')]", + "secrets": [ + { + "sourceVault": { + "id": "[parameters('sourceVaultValue')]" + }, + "vaultCertificates": [ + { + "certificateStore": "[parameters('certificateStoreValue')]", + "certificateUrl": "[parameters('certificateUrlValue')]" + } + ] + } + ] + }, + "storageProfile": { + "imageReference": { + "publisher": "[parameters('vmImagePublisher')]", + "offer": "[parameters('vmImageOffer')]", + "sku": "[parameters('vmImageSku')]", + "version": "[parameters('vmImageVersion')]" + }, + "osDisk": { + "caching": "ReadOnly", + "createOption": "FromImage", + "vhdContainers": [ + "[concat(reference(concat('Microsoft.Storage/storageAccounts/', variables('uniqueStringArray0')[0]), variables('storageApiVersion')).primaryEndpoints.blob, parameters('vmStorageAccountContainerName'))]", + "[concat(reference(concat('Microsoft.Storage/storageAccounts/', variables('uniqueStringArray0')[1]), variables('storageApiVersion')).primaryEndpoints.blob, parameters('vmStorageAccountContainerName'))]", + "[concat(reference(concat('Microsoft.Storage/storageAccounts/', variables('uniqueStringArray0')[2]), variables('storageApiVersion')).primaryEndpoints.blob, parameters('vmStorageAccountContainerName'))]", + "[concat(reference(concat('Microsoft.Storage/storageAccounts/', variables('uniqueStringArray0')[3]), variables('storageApiVersion')).primaryEndpoints.blob, parameters('vmStorageAccountContainerName'))]", + "[concat(reference(concat('Microsoft.Storage/storageAccounts/', variables('uniqueStringArray0')[4]), variables('storageApiVersion')).primaryEndpoints.blob, parameters('vmStorageAccountContainerName'))]" + ], + "name": "vmssosdisk" + } + } + } + }, + "sku": { + "name": "[parameters('vmNodeType0Size')]", + "capacity": "[parameters('nt0InstanceCount')]", + "tier": "Standard" + }, + "tags": { + "resourceType": "Service Fabric", + "clusterName": "[parameters('clusterName')]" + } + }, + { + "apiVersion": "2017-07-01-preview", + "type": "Microsoft.ServiceFabric/clusters", + "name": "[parameters('clusterName')]", + "location": "[parameters('clusterLocation')]", + "dependsOn": [ + "[concat('Microsoft.Storage/storageAccounts/', parameters('supportLogStorageAccountName'))]" + ], + "properties": { + "addonFeatures": [ + "DnsService" + ], + "certificate": { + "thumbprint": "[parameters('certificateThumbprint')]", + "x509StoreName": "[parameters('certificateStoreValue')]" + }, + "clientCertificateCommonNames": [], + "clientCertificateThumbprints": [], + "clusterCodeVersion": "5.7.207.9494", + "clusterState": "Default", + "diagnosticsStorageAccountConfig": { + "blobEndpoint": "[reference(concat('Microsoft.Storage/storageAccounts/', parameters('supportLogStorageAccountName')), variables('storageApiVersion')).primaryEndpoints.blob]", + "protectedAccountKeyName": "StorageAccountKey1", + "queueEndpoint": "[reference(concat('Microsoft.Storage/storageAccounts/', parameters('supportLogStorageAccountName')), variables('storageApiVersion')).primaryEndpoints.queue]", + "storageAccountName": "[parameters('supportLogStorageAccountName')]", + "tableEndpoint": "[reference(concat('Microsoft.Storage/storageAccounts/', parameters('supportLogStorageAccountName')), variables('storageApiVersion')).primaryEndpoints.table]" + }, + "fabricSettings": [ + { + "parameters": [ + { + "name": "ClusterProtectionLevel", + "value": "[parameters('clusterProtectionLevel')]" + } + ], + "name": "Security" + } + ], + "managementEndpoint": "[concat('https://',reference(concat(parameters('lbIPName'),'-','0')).dnsSettings.fqdn,':',parameters('nt0fabricHttpGatewayPort'))]", + "nodeTypes": [ + { + "name": "[parameters('vmNodeType0Name')]", + "applicationPorts": { + "endPort": "[parameters('nt0applicationEndPort')]", + "startPort": "[parameters('nt0applicationStartPort')]" + }, + "clientConnectionEndpointPort": "[parameters('nt0fabricTcpGatewayPort')]", + "durabilityLevel": "Bronze", + "ephemeralPorts": { + "endPort": "[parameters('nt0ephemeralEndPort')]", + "startPort": "[parameters('nt0ephemeralStartPort')]" + }, + "httpGatewayEndpointPort": "[parameters('nt0fabricHttpGatewayPort')]", + "isPrimary": true, + "reverseProxyEndpointPort": "[parameters('nt0reverseProxyEndpointPort')]", + "vmInstanceCount": "[parameters('nt0InstanceCount')]" + } + ], + "provisioningState": "Default", + "reliabilityLevel": "Silver", + "upgradeMode": "Manual", + "vmImage": "Windows" + }, + "tags": { + "resourceType": "Service Fabric", + "clusterName": "[parameters('clusterName')]" + } + } + ], + "outputs": { + "clusterProperties": { + "value": "[reference(parameters('clusterName'))]", + "type": "object" + } + } +} \ No newline at end of file diff --git a/deploy/az/servicefabric/WindowsContainers/servicefabricdeploysecure.parameters.json b/deploy/az/servicefabric/WindowsContainers/servicefabricdeploysecure.parameters.json new file mode 100644 index 000000000..22dd82265 --- /dev/null +++ b/deploy/az/servicefabric/WindowsContainers/servicefabricdeploysecure.parameters.json @@ -0,0 +1,91 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "clusterName": { + "value": "your_sf_name" + }, + "clusterLocation": { + "value": "westeurope" + }, + "computeLocation": { + "value": "westeurope" + }, + "adminUserName": { + "value": "eshop" + }, + "adminPassword": { + "value": "your_admin_password" + }, + "nicName": { + "value": "NIC-eshopsfwin" + }, + "publicIPAddressName": { + "value": "eshopsfwin-PubIP" + }, + "dnsName": { + "value": "your_sf_dns" + }, + "virtualNetworkName": { + "value": "VNet-eshopsfwin" + }, + "lbName": { + "value": "LB-eshopsfwin" + }, + "lbIPName": { + "value": "LBIP-eshopsfwin" + }, + "applicationDiagnosticsStorageAccountName": { + "value": "sfdgeshopsfwin6744" + }, + "supportLogStorageAccountName": { + "value": "sflogseshopsfwin3480" + }, + "sourceVaultValue": { + "value": "/subscriptions/6c22bb55-0221-4ce4-9bf1-3c4a10a7294c/resourceGroups/eshop-sf-win/providers/Microsoft.KeyVault/vaults/eshoponsfkeyvault" + }, + "certificateUrlValue": { + "value": "https://eshoponsfkeyvault.vault.azure.net:443/secrets/eshopsfwincert/b4ae55e3a549448c96088cd8dd96c369" + }, + "certificateThumbprint": { + "value": "" + }, + "vmImageSku": { + "value": "2016-Datacenter-with-Containers" + }, + "nt0ephemeralStartPort": { + "value": 49152 + }, + "nt0ephemeralEndPort": { + "value": 65534 + }, + "nt0applicationStartPort": { + "value": 20000 + }, + "nt0applicationEndPort": { + "value": 30000 + }, + "nt0fabricTcpGatewayPort": { + "value": 19000 + }, + "nt0fabricHttpGatewayPort": { + "value": 19080 + }, + "nt0reverseProxyEndpointPort": { + "value": 19081 + }, + "webMvcHttpPort": { + "value": 5100 + }, + "webSpaHttpPort": { + "value": 5104 + }, + "webStatusHttpPort": { + "value": 5107 + }, + "IdSrvHttpRule": { + "value": 5105 + } + } +} + diff --git a/img/sf/cloud_publishProfile.PNG b/img/sf/cloud_publishProfile.PNG new file mode 100644 index 0000000000000000000000000000000000000000..edd5c53e5b761e8c7b0ec49bb29010e6e1145f49 GIT binary patch literal 14374 zcmch82{e@d|L-ITC3_TwkUdcuWC@jhi9)uK`HI1iJGj>v>Y?GZC zTeb;Vhmje}eWu_4|3Cl#z5jF1J?GwYpL6g$6y-B zZxHC*7uwf}E|21WKp=3F?p=+C&+XQ7+T0hu4%W5tWpXNWzKDu2y!naY%=oi>HyoYS zS^nFW?GtX*y!TM2nUipr7_$_&xfv6{w(~7)^L_hOjgP-L)HHqj`Ru;%GSg+9e|Ga$ z)cHq~`ZA9~jwxeplEBy?P-w=vImW+d`A<_7t)$aOTxv?(Jv>TByiyEnWM_`a{<|B; zM;^0%#-!8$>GM5JE2OcI4-j?!8C*hXmP^g!M?GkqNBOnt<)yjd-98QeB=yp|1V5GB zFT676Ge#&!Zz+^r*I6VY(-3?fhlAP-(MB`QX)#Bg=dlLf<3bDs7O(TuE$!83!Hy zN1I&!NWO1XeK}TR{LcwLz1}f&k|xaB7Cdk9VI%u{T!EQ91{d8iut;eYc8`vQx_KT^TO4hDLW$pu z_?P|J^o(DKhQ8bob5j71j6^ZraShv9R}XnOGp3OmoTL+(lFj4Eg)0h|z-vvbc0M@k z*Y;?`zf?l*PnzJwQJ%ikiCS)R4e489wTJ3m4qMROBYm*p+0jJVCB;$OG5*;T70 zch>75%ESf5@~elBT8^H0Rw{Cc)Q=WXpNQ(7oMF3OC&l=Al)fz&^wLX{V({bI0-c9- z-8?`3={u5-;;*k<7XIp>@$3%g{dn69YTW>IS` z;nH0*--zo@@i&wbGSpC^EvE`NP)b{?-4rDlh)i<$mU}x|k@qk|~#Wr4}SIh_=F zuPZPkPoI@EVU~|Wp@D8k{B{s^ZcmXeQ>5g&W}{fO*RU*PMcvI!<|9Awz)$+n9e38+*V$+t4S1Z`9zU>gmjIHo5Rn~t$>A{?RHhk})SOMmSd3mb8(;X+ zfpLIw;qaIi+?YBXpKTh#Oj#+|T#dn=^LP;*TqUKgDOr!shYC(sjOC<>wDTn(I#cXd zImwT2NyZ5);VMS{u8fEj3Y2^M=cAUpXX7m2tXiC+ZNThum|{4Ot|V$sa;V-y_U}gl z;k1v|eO1g8fjdBU3bC}g0k(g!gZ=Nx9hQF&fDE4We?KwtzUj%e2c{HIS}Q$z_u4R2 z{zWo)Q1#XQ4a7~8nJS$bz&uy=1wgJQI7gZ$p50aJI?xB4lLQSzt~OKyT3RB#;`yc`FQcDIP?zf|WU~SRIa`3LP z@q#RBvcYSib+|8K50mKFi`jmtm;v&R9rO({8Y>jdal+%aA3p`pU9P>grmuc-E#RKQ zmU)xoN70U^UDHR{v3Y^G*rDd2s@ove{@`=?q|#rWXx~|4BEhiTWY(G z$+u9N6~0vs@1foOsXI5|W-|f}o~ufoOMJob${%D?#O3O@B?uWK@Xa(tkR5_ze%x}V ziy-SiLS4G0EEVZBC!W6LwAGOQqicqxjqe{@hr;c0MrLTU@t-o*h4=Hy|3w*Vy(+l)C4GLAc?O7|{Tr|mf-b+|N9G4># z{H$x| z{>8JdmE%e>7V|p5nwYl1USi4qH{gF~%z3By;nc`f*K@b-3}}gP-C%8f{Rj7z0H2^B zLc3aL@6SX??S{HVpySe#J*Q4uPv2h1ck?%SEHPkjNY>24oIfd1)FR3)njP> zAY?kP83ZP+2cMa^Y7$WAQ_))^1z(uSvz;+>v;KXIuej0}{Z$7C`;o&L zr33-YF1=*DTEFAy1u5`XpvCcE09HzBNcK(ng0@5wcs&=MF|#GATF1J!_Y$3P0<<~F zG^cYCZv!d?XHT+}^VCPN1_TwzV|!x|%M7y<3(*%2bllCqw5ECt7V;UbFJ+^5-Djy- zS;{0OlQg1rH|gVCasGg}7k_7e-3mhW>wM<}spvVq2SM4Tt8C3%3FJd!_iLqJ?04gt z&|k+7_A>?a{nwSfHHo=0*8MQSkDn|0#zr4(4?&C7gl<>lV9%IUw3+fnZ>J41Qv2E4 zUGsX<;Yg+ta#gBuqy#3nF5Zj?u4k?+y+ zB(HTP7_8Hx`+HtrZyBw$bk)2u>f#{_6&5O7mJ3EjrLln7gxT;Sz(>>hTTp7AK5wKQktGGbn98`Gm zJwspk_ib(Z3Pi4~3yCt6W2y$j1?`2hEls*nnfh5DfZ5RWVrP7AK1kUVtk5L zUf2iTl}z%3YOK3FcjKID#ua{-C-vG~$ZgtJdh0EVjw6}&>#BFi;~OLoUtw*lcGvnH zDS!`V$lk8#f%BYeIBJAtsqv-Yn%r9g(pP!>-7Z0*DL3BlMtVL~fj|EF9EYDLr*Um~=aW!lgzLP%&Y-kQvyR)rAq z*lfZiJ=Tq%IUWC5j32C?E=UL9B+2+4ZEh}h-CV`)#U8}5vq19}p->L-3U#l4sjuC( z)u2*pfi71l3#{%W7s`=K^<8p}Rtw)juXGGeDC`0*v7m{y#Kg$b{Spb~cHS_X;)g{oU=hbtJvr23ch3g2Po%A_(eLA;i;Sh>D$$D1nfYrD zV+%+fYK*#FwrZyzURM`^@^sx;3VL2&F`98>Joh_MEL)%^z94_jqGz*>p>P99EzB@d z^7p)nW+8r-xOaz38>mRY0>KZSs~QeGm%RCWdK%G-$HkR|9X-6uf5~brd(N5pbX-AJ z>B_r?hKha@>7<`t2#Bg%MGaO?5S4p1wjiU^!P6EVac4OxNZF1YrVEsOb+97*=dBz2 z2azPG0hcvQUB*q5a?C6h8*gpAD#G|IF>FAXVtG@KycYI!Lus&^t-?77sAlTMulfgnaG zlxMwA@K(Ny{20%3nY`OD?Q*BYLkz3h=d@abT-MgI%*4E1Y`fFM8Sg3g7 zgA#+xrag?n6_tgHmf(GOP9t+FNf^BTGfntG|q8 z`SaMa^P-i|ck-?V{5q1s+8QMaMmDr!1L(74UugYNr-(R+Fr&c;$V;`XAfxxkN%!b} z(TeRyX1SsatMKdaB&f-BxuT5PL1runHyU5{e3DzK@X^Qiu@!l82|O7pr4wH1Oo15? zMq(@>Zy_ILQF&hc{fl_;k7(08nQP@AvM8i2G8y~j2d5FAWh9jIpUz`5YtG0QjQwtv z?BN*pu&*Y{OjhK_O7TdnqaS{3ytbK5P!v86R(z?#!9_TFkQanFk0KoHu1Lk7Eb7gL zFYvM?H7(cVmQAW9%_iI^pAZcAfeR*JSgg`9unE0ukcPE@EEx|*T*hh{taPaLHTF6d z*7{7PA2-Nb2*-3iS&yMO9Dl`VB`7-}_!~PTe2@xGB z(|^3d6lk2V1X$%eE;iCZkiXkGZztwJS1|jGUyB00^;|^yJf`V6C?P~+`Hd}8w@dP{tP3`5+9#p6_p;gEuP3YBIIaJDPJEo>?K^-F5C>~KH>T%u z`+0oV$EQQjg3S^gTTlY8Ty~pI?sv_LX+6k9X`QXkvjF+jt_MO#jjp=T?amZbnzU3sJbFy3#;V6$1gh9&Os7Fr9$HiN`N|-@wH~G90&<2n5}8$_YtfD|z8wOi}vf-l@4 z@hsWienMkMC8Qg>HR@tkkjZ@q!ut3^eWbY73(KC#c6-koBZK3{N7=uETR66sdQT+o99J}4cks~^hlp>S`2NO zjJEW@*jqYd3R%tA^&ZEz$?BD_>0v9JTp~ne%z`i0cr7e?ccu(E>6JqOuzO%ob@;MI z>Y_?fSU_deo!iGBGNjlT;GzQ$$oJUW?c0i=-{WKA;K}p4bH!%JpeATcDdn6 zNkV_}I?@_m#}PWZ3tv6nfafKyX4oJGi(n?pX-d8?-0}*$TGU?IHz{2nYIVyi@#wE# z3Lkl*PJ(Zsr3mj0mJ8;Bmocgyub`?KIkHidaNF*_*b5a1DvRk-s!Bv0OgYQ!b3%s+Iy;o86R9D|{hWuq${fot`0rw&vFa_`099(H-SUe1d zf%qauUZY8YX-WcaPe(qTiPVQPVxKPN`>QR$PCn(k6NDuzZaCqO9^PESs|}BN*9zUE znDx}o7hz2y8QTGKI@vHi7cixdjHZqev6A+t+-oOxc*(U4sm79#ob>TUti>8G+%2g5Vzr`!OROEQ%F zCs&>$-ymR$!S1}AGdyB0BXW$KF)0hWehHv&RHSkf6bFlH3&r|C%yWzYeM1UUqziTG z^k&nh=owRN)1moS3|90rDHnU>x+CRdg@HfnJ^jD%J^w8hwC8AOL88Le1yTv(*vP5d zu)N?W71+KHR@eT;k<%z|qjshJ?QEs5tk3yL+8SsZREk6jPx@z9MA(M!+=?v(2ob6MXP$H!y#HVnq;yO@uV_lhkY0y*S{*+`Gq`IR zNPvR{XKWtv^qt=BW*%5tN|}C-iX!UADPAST&qAMl+*i7}q%^QS+%dp~wu2Tb6|0Z5 zo(a{=KOd3h{3`TgNK1!nF-y3}9Vxh1c8%`!T@&KW8?Tsh{fcw?t9977yEV`oa2D*W z8K?N5?2f)m0ffAs@l56C5m=12qE(#Ad5tGN^3+?l3wKfIZ3Y>#Y@aYMc6r4_CNN@t z#gyw{V9;rDTbw*jx~4$1Zm~L1ypnOu69mimu1j{c5)adxgLZ)Ez0c<#>T@ zhYT@a0w#ET^_5Cc#0_xhPBa^eP~=<4H)I*zkpjjRDm{s6HY|lI7WTd_Qc*9Wlq{!B z>$%>q{oSAWXxx_Ya%a?|WW#$c#%5?xeIsjMycH#J!(WxLkX&L&8duxu<{y%!zGRRO zMC_cb_o@_)^y=NUXKH_q=(b@z-xBC{JsofAhOk1f-xy_bUOfH?NlZk-27$@<)FKDG zlYqKsHqtrYAwq~{&O1z>(SYxSNLUKPlb7nT!kmgxwT9E1Asj!fYNatTp}h>gef!V( zdtMxO`LsW!>y+ECy;L&u#h4m%&*<8C|Dv^x%_A^SK>*~=MU7lDA8y+}aPDmGr6H9vm)LHcl~q*#X&b zbgKGeL;ff;X10{Um*ZKc zJUsu`k~dxNGZo$+=jod8dF}{!rd?~vbFjqzCN3uld`39*qayQh9k}2b>Gjr9WtMB- z>j0?8vc9(_+^^sFB=xXoXNf3;Jclb>x9QEPAq~~Q)H`kts4I=d3%|nsS)5oHcg;(7 z1!9&2PRRNCc{*jz$u-X5!uAv=)?@JQ*)+b0kL$P4$h7b}b*0xdV&hhU|nJn&2oa604#v^7EQ)c7OEzcxdP=JGa?1e5wK{VbPh*@w=`1 z*2M%3^FQjkuk1<{5PR7T?h&$4t||@aPFYG}Ryq>)77|Sr#i%mSb|t@Em$)1x1WKLN zfh%lsSW6Te^o&6fpYu%5T4^CpSu@sO96&FETkH23=)f8W4`$4~!g6-+p|tWu9hbH* z#ZR*B+)vNNA!j$-4FD96#9uR?aTMKK25@F+@O?!##va2@<> z9)8IC*2w-1QB<$*>cqnHV#LI1J1hddMRA1uZa&v_W#`o=G}mw<)2~RAr`Mdl!|!R7 z-|Ndj_nmqs)DnQt(a-4N=?5>?waXlG^bY}H=IYcqQt326ABf$d0u~Jv7 zf$OwjhGuH*pA$mXcNKY%xfL7aQr+dfIETc1wnoCp(NBA%RND!snQB}7f}po~Q^Af! zFf?s`5eL1!g*h^rz(&c11i2BLbDX}+75`A^x|)h7_N~5Es3mS6%0~@i^4~#-wO7Wp zm1k~aMIg&ozfQUIc}hU6idu{c$^#C+-dkrQ2=9(Cw zipCcBeEEdxyI>7WqKE;Al6TLp{SFatNGtH(pO|I4LrYSIpceTiQi9?eS8ic#2tVc> z)U#zRPA)0iIlu*A3nJ!J;U#SL-Ok&Q9`h+|>v&dLoO8n||DFAy#jZi75M-yX=6lsn(b^ZmbY(;xBqV(s zSSl55nwL2I!ZcPZ%7=F_UtrhsJLUXdk)wmhmi=X#$YGmos8ycB{_-B$D&r0;*-JLS|~-ml^Xs=ubWQS+cFfH9mPuT33-5XUM}HsyjO21{I%=-zXny4 zP_Wt7x_zF6+V4-s|c;dYyx}vX>lGsxDvX-^b-Y()f6(OQAcjQcBAAg>i{L5zy8|=yyWKRSj2fIueyE#&?CE83k-;p;*-eP50Eu)Z((#j3z)hM0)?_im5Q zYAd+HNZ-gk1%SiN-kdlIQlgo}=lF9^vKTY>J046v#O~dg%0wjU{rXy4#HO9F_<_mf z+K19C_s}`GiVOIbVMrjMr>IRYqei09vot-6aOaW2GfaRFY24nGtXoZ#Zt~)6lBqG9 zzRXt*;Gi>y^3{-R+-1=72AW4i#uh;1S(?0dR)*?ag7&JQ85D2znVk8BxnD~k8lCA< zM@&zatmkUUnIyCu*6Q9lA0fjx+zI;lFVMO2=08B^t>T(p%VuTivKf5zC=S(Eduu%0 z*f3uQNX;dQ$cZM%XV0HCr~fL(p`1VC3IxEwXLflWGacidhY zQ#ekkHJGv};r!8k{J8BR-{Ii=eMRdhg zus|vE!Rls<71I>X{xu0yAodx5=lFkedM#rZ93)b)sq?9({1|U&)kW{S|EVnC(Kq_U z@L}P_qQ#Y}1*Uz2Q0`o#u|*rOMv*<@p)_4q0 zf|CFG;dFOOWu2fdy|JX%?^0h=f2YopegeD8RY>K=s{S8!_K>HAF3cBSM1}U#`%~$C zVb2yOz8o8>YAt>hEd9=7Hw8PCJmqmXD?j>#@HE0ecZMNu)ix6t=}Om*zDh1$_Kg5Y z5U}=VSBzv(_<29>BAFq6v3-X(UxKR)Y?WRLN-^BLD7|}9M)ps2n1zcO9weP!pphzy zki5Jdb>|wxVWDW;4fvq$Hu*wOLI1Q}GH34`JTv2{2 zV2$}ld2>^CtV?IgpIgX9aR{V#e~pl#Fza%VE;guZZ^pdxmEK2F{02|0Qu{mmJfk9* z_X!&vk6b_E;No@^$#B0=Yz27zL0#>(7b`rVP!8JjA8=?(-ux{E3xB`ck;30o>J6v3 zTe%vqazk#;5RLttf^%iDD(y?0);nc=)>gXs7~WquXGAMcn2>xF5y~=QX?;UAqWfMa zY^BwihTqJaw$>W)olOtFr4er22PGBmPHczgAeYm4e(&g4G}{+J0vAt!Qva`2kWg*y zJ)Jk+oD&@XYYtcDJ$=Xo0^yiw`SBP0W#C>F=2likt|mWYb>=G2x%3p?WnYXa;`;04 zOR|8IBd^OgZLXqI{J!*hUzxJ;_CE?FOjy>Wx*J7PIDxn>K?~9+LTzw6>1%0PE_atbl$J;$SN3nZH42Xhe^nhK^sd$QL-m`e+SE_dv-Z=Nq zsjq}4t7pM3YlMmrbB|ls{Q#EaTaTDdj!Vt%1W94WgzDB>TmDiup|fjctZ{u0{adSZ zdd|ysO5Lq=6|H)SFxQB`X#K|AJPYfp#AA_j`99u3X-zLJp0~`SrFCXveJrEh57sZy z`1zIyYLHUfo88AOS-}DX$bYScNlN9Rmqm*nUC&^*p5%u?DEoPAvtas){6m%Bk*137 zq_mEKVoL97sHlUQ_3 zY4M9{qM^56DpoIl)Y%SZrzM?DQ@{dM=*Zl1s$yXwl9q!$%bpJarcX5RCZliaR6fDKfsTX;<@7WKIVsWrecH zi+?>j&CIcN4;OOeGsZ3}- z*Yh7z`av!6(Qt`jB{D6TosY&3*)jiLYlxf0Ha1fav;He%M1F#j=b`mIibotG0CS>^ z6UsS2NZnnBy1FW8$-sXpi#1lQ0KWBgo^vz@T4i%fa|wXLu&Ca-K*CfJvjE%U6LeMYHWTkHNKW--B#T zHtp3_mlj)#jD#K++hYNoZFC#!o>yy$_3u5_g2*A>@OmqmAYw+Tp>X3lS3Y1O*?&2n zw^wu`qdtyXTElj)az9$GV!U8&$ENRl0q|w34&Jw1D5x5@cE$UTO-Y@NTCFA!Y3+lg zIsI;mSaUkhsi7n!;%C$CfAcLD6r*53l#%(1(P|g2qog@!TDxb9#X5Gxcd)|DGI9jH z{voCCP;Ka^FEIH}0kqg8rI^~O~u$OLp{yLmh{RqieotcmwoET*~1)pGt4#cJZ`q?>LP^T$`-d@l8^j=zcfkRn(C zVDl<3z(qHM0ijxjZh6%+obl4(sRq-=oqBN;$JR&{(BpbH^FUEc7$v`$WToV_lGUB8 z7!O6rvX*e!RFvYv>Cl0-bKN^s$0f71>NB$+4eBTHlQBYcRY5BOaBBpy;jb zzPVZ?^hzeBS1jsez7abDeW_I3UNH+HYlPT8(c%BTHC6!$T1H=)E80o$p-K3lPo&cT zpfpYwOz*82y+oJQO4I5A_sJF6;#vI)XFda5UT2^&wMq+Aoo(eQn>G^w+=B#Zj!irM zH*%*$l5Nlh3Ehj>YLa(PGX@~>@ zb^ZJ`=e#u}Amn@)uzS@t@AF@cJjgD&SH`@#F&y!g@^AY1#b0^;l^c6KTpz!&1B!am zN|5*b9wpEy32MkVtmJ2Ox=i?A8V2A;?Oqh z$pT7W&8Jn(KukCU((bto#7$2h??<*b!-icV1++Ty%lKYcmDgd`8qWzj;q4zOI@%-g zjd%GmVSZqwX%(QlCwi=5F1wJ;ehOT*1VrJwtz@5E3X z?IiNGwhy#gpg-UVA@+l9rohqUgjxv2(}D7#?mwJJFYlF^We20yUJ1yJ4EBVRD4%0LJalNFa6*l!Eb6*35(eCz5KW= zu(%60^`5YA1+;y(rEW9j=D}KhCcQ~+FBB!16T;+HD38cP*te18`F^X<8P_gcjCrj# z6RpKGCmFydv9SIH1gaD`olx+HUh3E?wAr*MEaYrQ8DsIu?HOcT*VCwun(v;y5IfP$ z$XDsh?5k2|Qd6^4cPHSGDQ!u%KtN$_gj<-ZYf*bwY;>K+gXOPQt^a!UA_-*%DgIss zGt+%>c7b$|diEyp+B)`<%%dqPWw;`t^FZSX;nV-}`-~}T3cx{3dlu-LUVeiDUn@3I+@-VW}7b*p< z)DYAHY(JLBu5~%DVr_K~&#v7l_11`7pmZ&~l8f`z&cok1tlrR9RDetF^q8pOa4&Is zR#-N?eRq!>{DlFZLEb%UYjfpum;F8#mXYz|iC?a5d{W8&eC4BpuSKHt+Fs^TDJN)F z)H7LeF#j4)M`61QV|SK)oj@%XrfOZ{rmv)P?Q|!lrP$U)&7@7#iS?Z@yMrWM;Mxrb zQM^@HGP5u+Brk{F{;)AY{kA99fnG=aR?)Dm*1n3mYF6c5J?kG+%_xILN=;4HNS?ER z6w09S?nBk{3geuE_SfiB4A}^*`GnfsvWHmFJiG4RgctT6xhq6-y5>ebGTZN~ng%D2 z<-+_|wa1)r#{VXXhujoTLSkAwg6|t}Q5?ndh(*Jf25(kh!r3vfAjc5~U8zy9 zHjlI68_Aedbbj+TKrxD(*6fwJb=%PK1n^%Vj!&(X^fLamd>ZDwlMA;Xw`x=~9l`P0 zeer3|vSW{`1+Jp3vK+tRURG{yH_Yjnm%U8m(=P#3)|`j@EPqU|aLXgCrP9gPO5F(s zT~0(5Zp35L|>n4*t12~nQe&Uj(`hae$N6!c=a=UNOwc%W|GHQnmK{hGA8Vu zm(Alz?egB2PqP7LC$*pH0F;9h^37F`(1|HWGpQBOVcjvzTK6>@sVCP?Kj9|9W&-9b zd$M3(gd$H%^nYNVQ3BY}?1_$){5Eq7W(VuHoDrjwrA8NjEWxX6FcPLoPCbi;QBk=` z>Lx$9#UI#r++153yMyqx-nD5%!1tk@DYN@ZBFbL-KmoJw))Y1EA1Z$+pX%`qm%Wzn zDd4Pi&X}KxeENb~NaJc@;%71R@}Z#CD|aJLkrR(~K>-S)EJxMtPZ&j@Aelv`sWFU- zwX_91et3SuE5Pi@TjD&={40AfeTST36Xli(gj4X$AsMr1&7O=m1?+v`K{uEymEd<~ zIo{-7l6>#3Q;F)DitCD0Z)OQpM1Y|Edy@YjP4@r6KuuWl_icH<(^7A=-&_2?9yIjZ)(kHzwpfK+5SohUa(`{* z0(9E{?e&{g{4Im}ec$_mj}Lg3pYul&yOg9fN(M#iN`Ep$_>3;F<7>tORT2PAJio;Y zv){=YsrE-!S(=yj0U(z>g8a~@BlMWo0*5pSDOSX1Jn^gz;rqHdwNkM%<DXMrh5=`&nTrX*Q0T9LyiO7C0CTso(=8G&b;q0PFO+9t*Yk6J<;r OQ}>?H-EvL)@c#kqZ@b_C literal 0 HcmV?d00001 diff --git a/img/sf/create-kv.PNG b/img/sf/create-kv.PNG new file mode 100644 index 0000000000000000000000000000000000000000..f2c5f91c3b5c7e3359b9d8361fdbdba126db6e83 GIT binary patch literal 23823 zcmd432{@GP`#0V~358?}GoeDZXh8w_>;mYR|@7_ueHWGTw_kfq5W zS%w))WFK41nC#5h#xUM{^nJd+{rJD{@BjXf-~Tww;c&Z`>%Ok@I?vDNJU{0|o82-z z%6XD=-@biEuN&!G?Avz$27JUh4gp6>O7{H#e(evmFx1^w(kV6r{K4j-b5m#EzA_Zo z_FZ=1?<0R2*#_?0cdU{1*^l!paNW1hA@91r&L1$Rh1%UujvkJG?QC-~J55XZJ%q!= z4nJ5GAz#`mcw%jrbe27Tjqm0?0Y0O1555~+EeN|mp_6OTj5yna==H2Pt{nd4+w!~P zI2U`f`vuO%FCSl*ijS-N^$_jluNBpW2`mj;S0D0N2#}ZhQQ*IIxccqp_b9F2+BwIikJAfD z_kIe;W`c?4%i)_*5uX_(Y3-rfZL(77wBNws2i&FLZG7pr@y2&Op4+sTVCa2BwcmK% zV($mbQ96xMqZGb^40HJM-~*#KU#qWnIZ~;pKP>Zzpz za+9$qC_&Q@8?REadD@iGpaI9e?QFB<7~2H)B}`YC?*`BAGS6t(#%PGGIyBfj#m-(d zwpeXI!C={mj<*g*)7w41@I-7jj;;+j*S}%j9ACXTnynZ0#Y1z>)(h`<8@sdM=RBDH z)}X-g>7wBi%SbE*na_RHe~_Jdp3`B~Ld`U`jvb zI5aSZ&^tqmxbS&gf0A-Ps>8y|E4NI5@}-;IZF?ofV!#mUF#H|(6pVElLvGuCO6&%=ETq@|Z zXcD1VwM9#WWUn=jxeWAyiV^qDU94#WT%f86SAX?Sq~(JSMcm{a0m0H;;sd1j5cq0bw`h z4o#qZF=t1qDmyc=D=nghthFOgFoEfL(1A=-WmoEinFpx2+>Y;SkfAMx)YoXkpKY6^ zRFylV9MBsHXDsX}xZb)pZ@IfV^J6aD<7|Dl6JvN_9hXM-tqoSU?eisKr!SSxFquoc zbz6t>j=@9yl=A~)+IfU{v?MNEzU7;+yERZ>7g464PHsDulYuUG@L_U83nkH;cP;=+ zAcC+C|4gpMd5-y1k5;{RSdf!9Iz%byieS=q)GN042{phU)Aswc)9UgS6gOYo2z5r% zDLtxnE3rFt?&#=?otUoh^-qiiV7h5y)_JK7{>tySGgUelTCFPT$ApFaxm)Rv z#%Ni6I~2_&_>S^Y?4yGp&6zbU-pz2ox-kvzD#As@|?$)1QFq~hsrUmz>PMk(S%F(8W)bVs#LNfh% zS#rY>MXinlM54iRymIG$_-#tgEQ`?F6OgpT;Du<# zPX`!DQ!H9uiuJOcav2LGVsV%JuoLV`zar1-d-e+p1#ug#rH^kAV!JoDA1% zfG4i&k|cGX&0N@0LZi#Y7-Gcu3IB~K4NbjoZN@J2FLwoA_f2H<>#|j1?SPM5v_U4z z_rzlPVBG}QD@kxkRrrrsH4GUw{ zb!)|`?+m{mL&qCqq^5nUu^h{1-;WiUn)lL)^*h8qRlnk6=;6--4f*D`-j7tdD^5O3 z{Z}(`JHZs@P;_LlJ=#wM5!ITEXoNqxeO!?=PphNU+Lz4okwf}m5tgcp&zG4>)@%Kb z#(xOvDn5z4bEWV3 z+BFX}&)P#$=bFE(r(W&-71;lo!)oO!uWrdqcks(ncA8Pvx2@yBnTATl*sjLUXm90e&(;fdUh>lH7QI3_{z7tG z$k}fM6I<@xDV4e1TG(7PU}3`7OZ5akm-&%e1F`2|Y$gqr@3!ogbK1w*C19WYSY7-o?OrI6ywWMdk3pAz4+oZ&63gdu7ujF^?Bm%4M-JmxCQyLiCrB|IBk9N6T zvcCUy4G8P;iKE*$)G&sp!vD$HY52HD0)ZT`rL@zdv_|R4M(#i;Rk0vzk)j-N?eNf> zCktOKj$Xz+P#5o>s(Hk5U%gZvA9$Y)I#K!UwTMvZQnr6r z4Z?7%sK%6SEw@zuQL%v;p%C~G?|C<4d>=GS{SfwRr!tOJ790VMt53Kp&vjVV4IXht znO4{W@BY(L$tTcDwP!jOrq_L_Fv*sBxyLs&b(s~98Ht_W(=`lxf4W-sf5=3$&m`*{sj4HK;j?&BjVTVjnm)}Pk2Vx=JBu*PjZ+| z_|?;!-&=~?YdOnx0`rnH-2#8!H^#4;wDZW!)072b_>>eV(}xt&3MlZuYe(l6Th z;ksfs`K57irrydoALss|va);dW#H&9gyHsVDbsUz=5SeSL|^0O2=WO65qr<1Vafmx zY>OBycc*A3kuTJa6#G)Y#ra0J;&?MOfGYZmNl+Du$VSSO>jz!ZtLX4}BRQ%1Y*=8@ ztLlVcI$N{!SC)w!p){F|NxE~7e2nY6!8DHH-!F|-+uyA%lqNsAoqRHaoJ^4eOPQx@ zH`=%^E5TttU0Y4YAh-9MrTEYL0u@hgnM21ku-ecw&ynid(FsbkSP#r=+6C!%9A(r_ z=W$A@8}Ht3A%AhZLQ#y9V17%Q7!epBdP5nh>YlCoBoj<_iRv->F=OFt zIiT)M@h~TNtQeCCbFNO@6T>>{RuNLgm4ot?RhLiN`AZTmZHp=kR zZGQ!qEZ$G|Qk#*(&cx{nhnIhrndzjPqm)VNQq(1y`7vdZ#zV}Ae1jBKtYwpK7SE0v zH_8J$Sthu9FWJ1A5NYHa|4>L4dG7C~{C)xe?8f`kbxBJP`l+!CLY!kwh&~fv?M+$y z`Kq%gAkZP@OAUIn@im)BU#Q13glgGDl}yB?>3o^S!8ZVjaKrVop>|(4C@gK)216N9 z2-Sqov`!7ixXWbCvtlND;@ucN&aATe*Dohl0_8)&sHG2-T}$uz7_(*W#(U>jY|M^> z9pGK>0sPIK8~Gm&yGV14sYcLLH_Qnas{A&wCz0HHr@MGJFiMuTN|-p$U6Ls?Z@0`L z{Lhg7(!PO700+)7A|9BEmOdJt+p2#UIwd-8qoCm)x)Bl)va8oY*h-+eZPdSjtstF8 zb`!*1RFf%vgCctr?~fQ+*f>3Ne29x9VBKeY-KS55*0eZU!>Ip)UHmflkxt-bU&2dq zIRW1FvM7rQ-fVu2!0j@Mb{MjV2#?l?;=8wbuG1U9+YPtx{ygkK*Zx$`sHrDv0;t*1 zaep3UckYD5Rc@C)3IH6#h7zSs*Jo@`-b?fWUC-YM!A^GU{9!%E!UE(g0vnI2uCB3&z}f#^GaP zzZes1I`-Sd8u0E4c!{xy!c|ZfAWPsf(6 zM7XD^K0A4rSQE13$yklpT>jbjP=iDi6Yc}F`#00FQd_pq;8ki?q47}i>O;0#68eIpe}qI zD<7|}nU{SQR>T%Ys17x$NAXHZ86AI8(IlK86uzAj-Uc;5GDUtgJUz@%fjfvDlx*T0 zAdWNFo#JiInXz5F?HQ=^`y zQR}*b_UGjrZl&sgULCK#O?W{}jfqY^e>#?FYvAHQ=Cmu4m(VG?T!zX!b-V0$-$ z>U-6-g_c?3_s!>9sO@b3)P)E}b;KiWL+za(+O=Pf8#=Z$LMwzCj8Av*;dt+h*^8Ov z`G=P2UcXWp4>7G2fb_U%l}~5_nVcD1hp|@$A&RY~>+t?*)t;kJ8J4qo^HP}|1!L0C z<4Df&8cE*F%@UzPgFK1*p{8h3I$@(<8Q~U#svg3FoY8nQC9v`_4Hl)kYnPhQ5ucGr^q$-&caSnOHH-s%d2% zp8dXym&G1dIG|CpOf8G-|lJyf5LmSW&J$% z|4WC2Etj2k$Ct2^ynI94oLMg}HV+~~&d9(d%WeOQC%pW?Io6C6su`^b3E3D4>@vpB zZ?V!XA;7No?aIsdo z9z1WOUG?-Z&pNpZVO#oy<-lnc1Zb!pd`_oE|7ef;V)3&wTGr%e0(@K%7*o#)O9AX$ zNlgi{(#v{RxJVl2uqxzljt<(7POi=rew7FRi7?%fyAS=utvO)S3Hhe(hmmlvJrrM@ zTDSTxwGs>+oA>fanee%U4E0ms2PX85%S!}~T^IvpMYsfThR!qF%HP0$DOG<_apLdL)2=AG5wI z-zu(?*6z-xq}Y;gimsdQSAdVGAXh&>?w?J9`zO4w4`Zyaxw((NK?cjD<67D4=bu8e zQAVhh>EPCUhvIp&ol_`v3Z+b+aY^kO{uR3U=_&-x2478$lwQJJ=A)(JR4?YcrHdVe z9>8B<-jl12SpC)AS7tuVkKSy06C6;ZpM|qyoDo}c3>odK*0J9o1lKgE&92H0-tPA8 z{i)oNfqwc+IxA{zIC6OIoD43F@u5!wOwZpL**GD5dzndl619ahDGh^ydGDW5ZX-Wi zVM|Cs^YSIYZBr)7u0%DBhSECZWStZ0^0jwn!X7dg9pmRxlZ0}3Wjhn-E{)Aa*cbcB zMwGIm#_-U5xm2h&K_?|fB0xm(c_lTkIr5?m@hrMvO}$GEUuIe79Z?YbOB5fB$Z$%L zrNK&s1Je%c;dHggGCWDqm+=&tY95UDkTV8MVg@kIR8k@XywMsVC3dCWHS0S%!!ZLF z$@it>B(%Y+{L~bpB-OupGhkdV$*n*LcW70d;q3v>IG)QnM)wPI-x$gdg>KOE!wtdS ziB?i)VL(dM%cp58>bgjl5c2gLWZLpR6I?Ykw;MxQgnFjh1CIhuu;NiFZfcQ+Swg(`-Lv! zt4L;uoitSMB5Nfrkn8X}Dt=??k;8!p;Pu{MVS5KdkJzL5mA{>Yc#N!N9*(QOUVSN#g47-%g(zokQM!IGuTmjlmMabai4_l#v?2@S1ssJ=unG6g+ zOZ{lh;$f}jCzp08WvL5#pz)$I^XI{mO0!2hj-HPb=0c5F#bP?vo)34fU2uCi)Gh1(yeocZkHYbWCg2$zQUXOX_vQCgrdf46a2U>>DmYZ+_()tSbatw;nta=rw zjuga(D!v1S7{N}XXs!-2L*Oq4qCwAFgPt%aGfZ~U!{=-d&lKOHJ5g4DsmIQ6#< z*t38w(l_t(i*)+v16%8Zr3Q0Ek+g%&L>+aBC>Xub?qU1>Mt+B|#`lnUO4*HAbM~cr zMThyiKPT?&8l8ee`dj(ikrHU{*Mr-Wk>wDjtZlZYVh;QY0x87i=28=CVc<$B^KN(= zk7bn~i|)&quhs$XK=daa9(0p`MnpSD!87-YivqYfmtu+y;-5^iO(6>LuoMzFzb_&lIeHL5z><70s!=qlqBf>7twU^144DRmK=MYJihuS zY6^!6Q5}6?iMzDWBI-APD?_d9l~fOi6)YnWs_jYasHvCEW(EE%?%-lL5=`_dB)-Tp zLhc1D&av~v+sif>xkyDWFkP}Zdm`G%a{hF~6eVj?Ix8M64}-MScjL8po4WK@p02F$ zTdsVv1ZZZ(HowJ+r6q}i&dfn?))%=EV^CCYTs@LoM%2d;E#bf2xaA-X=Hk;16mU%| zYzC@GR>m(Y8VeBC%(}$8!q?)I2W1gatE7ncajUKp_(DfgWYUTar!$8jO25@HPcJFg ziJ945a1gT)U*0;UjFLDVTc>-&qfZtkYniAH3jAW^6{84D(xnsFSiVB2j^G)pOQoEo z)oi(gj-d3gl*=VW!XJu4J|r!PYR8wSX1d*-L}E_WCw;~`PrFe$oo+5WG$aa|FYCJ= zmw|~&xyrYe3#i`E=RuNX2L1ndpwG2o)@V_6k1fF(-2 z+CUWMFb&-}%3BbMygXjlamrTzYw!yf4$$$)41+7A0MaMah@0(cAI*k?AgG3=vBQ`W z&Dcd?>C0TnTm&f6aQ(W_eLf(>pM8R;_UA46+#J2lD-pzTyN>;2fM9^YjBSMsKbiN_ zCN#QS%_#k4ZF2{;sudiVj~I zYyEE=VD}Rflz;)5+(&9wTn4TWy&pAbJY2mOvb(cUIUNE7^>qW+lQJ-Y_wuk*MaS7VG4&ozYO9nSMv{n>-mT{vT>vxdYc{qQOk`jRxI^lfZ=TD5cr1=VfW?Z+!8 zPo`|-c47i4AA=04xWG)D^CEe1od-x;kqZHPmPA4W5JHkCzCF7tp(3FUaW8+&*DB!i zEJh-7zZ+D00J)Q4SU>;i=)1?wu=tV;t&2{>c<7T6_o48yE}vww{(FwXz>(+VVDIJ4 zdd=^IQKju>%Nl9LokrtXYrs_W1#u)c9-Ws0A78|af{vV)<`Cg>K~udc+nm>JeXW!}N;%dF0?6V1+ayKOYr+WjL}G(G*u<*fm~l;i&*D zQ|sjGya~6mb2{F{{nI~T5LF*vj4PwP_0 z=wEq)>gnA}OV#6y);X&HCBp`OK3lOwtidCI$+e$&Ef0|}(h)q1ClPZ<T7rVRx?b+hw-}C!dD5KwgNFL6lD_JY}vKuTgU>h#-w<}&USL|mEU6{ zfo)Gg=z?c^_*IhpymVV_;x`CaB&@z(R!$P~`5rRzQh~@tKZs8>Oygb)!~mH-l7aIo zUxdTAkRxq!>^%2AiG6B4LC2fsKyn%5OA*6wmZtguiU3UJX?8#E@+O4?!xo?Q6%Ut9 z@yPeR|HY*)9}yudlg+*xi=(5O8zY}ysnjqNO|^!^wL(7=KY4U{W~c|c zp9z6xXh+ofA#ty4;R+2aV6{K*{0Izv_uVhN1bz#4)Z5TS(KHK!c}2ZF8RSSvjNS9Z zH*PPN)GU7S9Vl_!f&P^>G5T<>cy#EKhqcA!F8SzmfK}YddR^LK%!e=lc*T_Q+g&Iw zu6RCZXFWLiE$n9B^sA}R858G^6AJtOW)saP|8q9s-KlCU3nMdwC7mqUa0z#_08gdJ z?zew0Oc0J^Q4!lytV~XM`NnNwt^h-`v!6s7kVwkRk9?(?AQMn^i=?JvPURIh5bA0K zV|`(c@ZBoU0EvMjL*E(njuWzc9gIXfrCq}PM3%2K|9x(D$QS^y`Jv>&Kzrie>H=kM+^pE~5L$<7XdCd0@cM7$h#Bd8O*ui@y z5uhZWMAP1_3=c8#psaJ1cJH;-qiz~Hx0DD;aENsbru}I)R6;Y$OLEo{wN-I&B~+8S zIpx)JaMmsQG@9~er+f+9wZhZK^}OX3;c6bh6?|{fVd1n;4=Svn5pqo(6g92T1CQ}( z!3(?8L)L{4Ldl=KrqWnj@nW-z^>WsFMSig{sM@8pZfiDtSD+NuZ2X}TV49U&Fu1wG z2F9!}?=LJbh0B5D&)5D+CtfJvcvJI*RLq}0zd1}DrK(AN-j^yAT<|X0>^W0JRL36E zmF=HIb6C_Ha#}1LQKC&}{*XT<=HdNA`oOC>9L+dQ-tDU6Fy1V#V&rgA*fd>X<8Hr= zN)i$i7wmceD}8z^hX zpuRUtqi%uGSN+29V(a=``f*fC&9 z#W5YNPVTk%q|l$z)WLgl8@3=zAd*g}S+$yrTCQhptyg*QJLSf&BTBf_Wb3E?L=-&QMk%h&dK?&62K##o7 zPy$$^YoC<7R=dO4*g%ma_WPT=M*I@==@pS2VBgBsntHeU`RyTpJ|(4+n0F3g=h}pR zy-hh3Bh96wF1S_NCsivZ>eIZ?X2&d2m%%kK9|m%g{mV?#B`%VMRaON`lLMTtBcW}? zcuE1Jvs_&Gp`uBF9%jVUX$D!>I^GH?N3|a9%SH>^$6Sgl4ThM-1!?TL0eSo7Q>T}t z!1PvQ`*M@8jD06~Mk2iOGHnoVU$Dvt_ohtA;*yEc^upLPU^%nrtFWwJXl)mc0A~!! zmiBrhYL-;yKSBoEk{+@JI{iKR8#>E(`tgqE3+rAuh}fPEku>4M?y9YnXzA;>xSvC) z^00uz*Ov};$u;~U|Bm8cnzjvAx{FDEh;;p=^i0s{swD9!yJ_A{&+0oND*q{SJ}9dj zr#m}Hv2GfG%CY%L$=5{irF8&VqjwUL|DzJe>$PH5i=P$j83$Zt&EaUDa8qff#o1kUQ>UzV zV)2G)SXYAQ-EH#G1<2N~+`yE#V%L9t-|Q(Ux#Ywb`A`y})1w>_<*?H7Qv1ps4KATq z23Js|=IF;l8hmS$&FDE^^SYF}tckKroS@HsVqStXGr@qAycWQy3<#ei0XhRZRcr&@8>w8+9jQ&Po{ z=clR-hp5ix9*0t)^Bm5-rIi93 zL&yhKsy+Di-T3-Yn|Hc>g=KbVBeHefCBI~1<#qF8E+F%NuT?K4o_j{(7zdZd@o({6 z@E0bnYz!c=_B24^raEdTTSHK1$WQBXPirnWX~o?LxyoBQs5JMdd=nPx7V%55{rfgw zyETWD+oU>vEjoKj^y5K2n%N##nh!mJJ^D?wC^+DF!a~C>0mx~|s;8|=>^Y~A2Pl`H zNm@lwIn9muToay*7%o6Wf(VeU&ah@>5>$@BTakc@@|h)R(fqqZhOQ-{J&Gy}?A}`` zcIl}vnS+dw^z@)mIOuIgs#@I*r-s5KS#mI+w-Y|`+t&mW769O;ZhOK#bLu%8djPod za*l6j?l`YVD=x8`w)wnZEp3im=Ha>ayv44+%ZDoL<}xD6hs~ZM(Du>VP5wc+oJ98^ zh{o+@Sd2aVvD%*+s2z)o#^o|*hdvzPYvVq`Nz(e2Sk^Q+SUS3%SNyBGC=nI=kiPzl zx3_I77k#fj1O0YBb!XUypiBz*Diy{@G8l#+47tUfvktd1AT2A&P3Oh{spP;egcCKN zs0fUn#ex55I7pK4T_G!trRJC;;!mlQH|FrfNIk>>49~1()QijIS0gWy!(pd22_}mg z>ryUaX(J$<1z=}cV8msLxLgwSMZi~K*>v3PPDT-3^h%vALI{_Rp5vAaDhr4j!~_fo z?nQNA6Me9F*_~wDYh!Yk-}W-=U?ie?4bVOoeeAwf)E_OMZqBZBs|diemBLSz8J@{0 zY)ZZz0fi4V#7Zj~e*rGV;vcwqkMptMFEC{)NA`d+;3Zm5|JOMA#;s*V$1lCR)b$d_ znytawMh* z!_!zOdymFQ_}k9v4o>r7I|6{buTwyd56Cq0N}r!ndcdveyPgQ#_JOeFP~S?39E`{V zKvGx#8&1nqrqz)#tI8Ug;8zpCX7xG4IrbR~2tj8Sv9!+Q+RFG_%!j|(9g!2HQXaB2 zM(|~jRmwWFZQi$k_Ze7oeOyKLnX<65nL(D3AX_=6J#9Qsa&A=Ij?-u{KBZGxN2qus z-xqiPmzwUfT3jpg3vIO$WV=kI9c0mIdiE}h6rrmN(g`YOhlNi%!vWc1uA z(kzK$+K<3CLy}+N!b!!_@Zax>o$zmnL;A`d*5TkpVYrD#dJezf+_tUpf-Yvd8WoOs z-T6=ALJ^X_+S3a+7UjTR>Q?Jh{SOom_m+wqJ`bk8HVH^yO)xlz3d^eNe|mXR(v-U+ zXc1ZF@c~ccOQPvIVUJN)ezIu}ANLg_hXh|g|5mqq-vPdLCh`RD6BkN8QSg4+fc144t#%$pijazklSON{L@R%P-NBf*={YN?;{arbM=tUd)i#4X8q{Cfrn;Mb%;R^u~ku@X>}O}s?6PU z>R67JkGX1U+ZsOH1&zfXum?TuZF^PC_m2mA+c!+Phzhy)lwzjeFqKo=h~|n*hvx$u zx`h5zTxO|OI|#?)8SWZL!+DCbTWi-2n;RSy<=gH4yh%#`Ok;S`J4dVh0(7;M65;0g z-hqcnYlH6cZrXXu17d#a;lr(k7_&#d2nRGXU^fpJ4iHo{1&qJ!Dm;A@GvzP!PlF_m z#38wk2tDky(9&o%-}l#xi7xAJTfqTorc8zfBfU$ z5M@NB3`})AlqLYwiQEAX;d&f!dNs!Z;~J9B<=U$c#x%SR15%OY^4A1_WR6=d3vvAR z#sqs0LygW89<}AAkI6W%eJ@haS zXudN`v*uNK3LK3Cs%a%NQ-I1rPMr`1oe~zJ+r_}$d|{>wr&*-@W#(yE_1MF?3HC6l z_Ai@Va)&IV;4XESAMqKo6-1ozaX7Myc0*DQ{?u=szB@)qSfBO@EX4Fsyfp>spf{4g zooI;qCq*XhWkWB>HRA+%lQ3!3MTqLaJr)rBWuiH98&GK!Ru4^D zf#5}3`VSpiy@K#q-h*4jYCmV^=T(xL{MEG__-SQHSvRm4SD6087}aV$EwZOu)a+q+ zySg^&%y4OgvPH_a{M9@P{d8+?z5H3Yc2)H2dPtpZpdBYD{u(Gq?GT9e*@fvvuUx0D zxXBRaq=q|!yr%Mx=DiMMqC((|*IV5KKxwRUYujLFa7$NLx}!~v zR-3lvQaVr3PHXKPPqZ5-d~ zTysGe#1?u>gF{LzQwTWaizsYLfoa;Q0T$*xIQ&j?*zJ*&kMH3<+e%?aasA<76Sz}; ztchKLa@4W?LWK!E{>f(N*ZaRF7f%sRU@uPByi2HNG46tlU8>E}+E4xgnhu>)zzJHB2246q23w zFQX(te6^d|Gj>9`6rKOf?c~KMeh05j9WZt^lCH(Q7ys>~XiW5u z+O1)E%DHt}eljp43`Jl@+Lp3oD=^}}?f=z;|6O_OWIR{c7)4jG(42!~CeI*kWGr4S z9_037*Z@`0N;z;+h#b&vo?4ZFF+$Y^Y9wSac=i{)OD5IHI>$x&^r*~x?B~c?1nM@A zhGv}v5k`c-_%ml(r=&dt?NXwXF{iXmF-vMC8Q>`t_J%se{P~m%x6W7>6iLs|q^cQ7 zYgg-uOiN8GqhwpIUkRd)kg?@XLm@u$SK-4*_=r*ZKQcM_99gZwQYP+yi8tS`*|Rag zArbZ`5UQ{0G!U<_))$Z>xH?Ssd)JXgWMKADe<$(ozj)z&h_wzbH&|K5J@ggH;$wf` zrRM-^OBoOl){LW7{Xcp3QBlX0UjDPbvbOdw^%a$4|BA$3Yp`6#gBKhxs*e1rrxe`8 zlJS3u{S_V4T!7d>^FVsFogOZTG9DYr$wrvJ8N{oSgnQ%Kw0VR?gxF0Rh{g?nvl?Vf zLjfX$X^$QXTbCUl3}b#6?>ziOp+KuEut<>*UNv&vHrRV7mYmBYLC2R7DJk2}> zTe+)@Hl;2_CxF0`wE7A>!Z2++_Y)i)49M6@`gro@DVGE5)oa%^Joft-VuU?nqUwy4 zc6Y37qXN%{E$`lt72O@U_+qY!)qs<#5w^AJ7B+oZmbN*C+CcgHWXEn++v0FC~CN|qiEM#Z)$13%Gw2c z8SyZ@yX0UJ_Px2at+`@3mR?UEN?3^C%>=17N4BD`K&F*RRT3@7$$DQVZLUk>l|P~D zJyLOr#8cY4Q`-RTz0jri{%jy*`ay!Su;X&pW}R0JlCd7*jGZysXv*@kwosBrvpvSC zDew0y**qcOr-E3Z{z%@~zsuGAy09Jh>DZ)aW285P#cGZblM zR3vJ{e~cA{8`wefIh?dg|MZ>M-k))Ba^%FH;iqB){6UUO5Z$Zrtacx>vz_LAn42

3n3^sdXiX&wst|dK;`53nfeyB@=Kbf=;ELQNXjAmwJC1;rYAJRK}7n%zbNKZ4>&3WD$q4EH%5-au#ag6qSaNL93ox`f+GK8Lm>D zKsajN-$kmThQo;$@6_MOKNcX0GLuWiy`jjZo+*Z86Toi? zaRmNCFbGC7SGslTYI;R2Ujy^V@h-1yS~$7AU(O6GO2SE|FWAW>15Bl zK)L{5N7y-THS0n?Ru)LU)#6U%aKaA3Kk?0ldFF9T7ZwOf%bn6(r(F(f&ab9+*n1tG z7U3dQ9juCCEA>t-r(13onU2L=xbgmHhfc$98ml(d=Ep$No?uOgS29w`}t!y0JY zuIuYJ5byu#)LHGE9n2KGAKS*6S@9TA z-3YjQ_kTfgzmEbnj=faU9urRLztf_&bKS|ni2uJZ08ira@Q4KPqQtt8hkd&P+>)kZHl(@QL4-Zt~{5e zv05+Y#>5B9{4XY{ipBGeBA3#JI^|tD^Ce-lzkXzC4?*^>?_pm8gh=`uK=Vl{V>MrU z6bIBVYE-d5kB0pvK9iK~eKc?Jd$yka7V2Hdt5ZpVS|>hDi=BWB#jz&mfQb+`q@FRl z*Vq^~Yl)t<9`XJB^Z6wm;FW+&6-OMtMqO3&t>0M>k5t012v-N_8QCo8osg=vN(sf2 zi4A1@-K#Y?6xiA4!t5ckaH~cDsdctkFHUaYr?8;Ey>b`5==CMa*G-QjAh>@hUF~_# zg}i1gU$3lRaSso)72#ZHtrbD(%(Pbk2f;JRSN4bLU!j55Tp2kmWG?TxJVx&fSr_tt zHd#gVt+}ymB!yB*Do%Kpa|mwxt^D;VHrtN~70m&OSS)X1{EOpT1_xxplYBnhu@d=G zCm0(`OF#7V1to;wogVCN&!@$xHcw%S&!;Oh3T4o;bJI}N7O6SVjG)v8?I1_XGm|7x z!9$&;qAlvDY2{%oB*7m1Y~rY6?^Ag`htHVDxQ{pV9k$^`?>uy52)q*PX%pL(hiJEha_;^Y-%+|MsN%X7r(sz}pc>)T|i+b9-2 zch%OaO8Reu0jSLm*z(yQr!Ex@^GSrTxyfj-2|*R>Bs?JHTelNA@%?PEDhZtiV#*(m z9B^StY5!nXuv|~yh-%r#Ar7wqt9&*plc9vl^rr_-OO<{<+F>GgaK)D@*~$aY;0+c#zFH?I=Lf-_IvagDJAg5k-(o`SdU+*aYB%IFQ* z{<*(ow1?orF2QSlS#g++m~bsE{s8DYiYt8Hu-7$jUUi8lcE6{K^697PcMGR8UI0A{ zr5RCnnK!}}Ifftp%8u&iI31{KmJ$l0(JVUeS6DKnkTTYbKf)_0VB2}_e>@okSs#Sf z-uTO<$wxE1R^X#Sbu zCuT*X8s~YN?%nV@htt=Et4))vep#@0X$aD+gqsp7Y&HM64_tju2%hec!oq6`=Vbwi zHsr~==HHcP|7Q+8`8OH3;{bXD81f4vpce6el57L)_kS-d_dj^zKMUv3^)vqo@n@~~ zV-}+R?}Uv1k1zac!M3D*3tPy;mrw>IJo4DD31D|aC$gCFPXpM@P+R6_k*A1&E_ac5j;8NAyyx$LDp!Q# z=fSX_UmKVSSE;Zf<KRB_zfq2gy? zm%7hc59T;vjsj4s6Ht~U2o44#qKuA?<|xokQ4XpITBx3et=5hy*a6Vu(cWWj*ez4R z>bw#*kZX2yLqT;VX6u3d$ct4+u5R&u8wT6zJCz6}=~^!$TOaJL%vm`=tz-Y>KeDg? zgpmDLhk&(ej_y0poht}E@9qrf<$&59Ki>ynHD1UApogWb+EXS$_|n(_vu&LOA{0yQ z1;~V01?ua-iv61t&q~7#QJ{rAFj8Am^I*mz zS9)Fgl~`xs3P1yv#!0;5Nw9{|#{_AjSYW8c*Pja1g_{km7^b9=*&YdZou9@Q@K@K44pGy1t(35$O03ezNz){(34{Q7XZ>Y-k)A1Cef^#CTVoy?CSnY8 z9$}ODPq7@&Ur$3oxi^RL2jt4d3;tE&8IW`Z$AeBs31Bk>QIAhIv!9lnO&%vcmA5#9 z8NFdEy+rY8irK-QOJz?kBdzF<0l6eA>$L#xSWDNBu5FKo2u@XBG*KhJm*=c3OhUWW z(a5}Lgik{I-NoeiRJRXFmE1F=)TAJ4_*mWXhQQ`q!JI%#sAS0AlEq!;bQ*a-QXjGV zakIB4zK~kuea3dg*p@&F5XqD8nTcZN#FlHW2Z~}8i5%iMK1PCdKmSnYGXJ$!ag-<^ z)?_KAPC#TLIpW`{#0J2d_x+S~(dN37m+Eu1ByldX*WhH3-mI{x_d%amU>{PrurvZ+ zJf%`vl!}ut7auD4d*E^~jiYQR-h|&eDYNBkfUGDj_P5Pp6aIm;|BZzK*76@r5&8h= zhHDglsVw|S2}rRjvl=VpMFI2uzu!!;htOD?{Qsa=^CCl>jA6warXKtd&U006xevKbJ}t>aQf@c>n^tzj^Y*Ac^Y!K`NqekSQ*UsUD->_ z1fV07=h;N^lp-z#ryxmSNs0vr1tVPfbPv6AaEr#v-3PwqqTIDvt0CA7Z|82bEUZ_= zeeK!llpuXq^}RSjbYWMrd}$$wwHQOd*-DcdJ2;(U-suB2`C9`Q2edmWl&-VW0O9d8 zu_n)FT2KMnmLr@Lq;L0RW00j>E3XdyI|e*%RNh z{UWpN3jww0`%|nc+8&U|E%*L?1Kxb!b9f>Ng97! zut=;ML45D6f!oA?{op|zA_}SNj_eZTf{bhQ4F>=6!7xEwgM_OtWnH|EXPYc`;eq8W4+9KE-%LL z6u7}fo20O=SChTrM!I&S0)4UaO@fBtuD)hWty%a&s= zWlMM|pqAsHncKlzhZQGnopF0aw($(|g7PMi_W%n}eSPa7PSk|a^ctUWl7{G6<#G6 z_YUE|Z4q#<`Y*I!a>Og0=1xOceDq|{N+uFIUy9x54KvuW*f)f(L>P+Cw%9xgt$!-5 za&*t?0Jm;rQAd6gDNB)ZaDy{HUb5$F|`)UZ^cY2@+YF@ z!7MYoLmbHw;Im~#`2YU`(*lH$v{mEz7&}%$4e;+=*1(qe&%~#{x5@vLMD_pGSx>J2 zuV$`29O`}DueDPtt&n0Ymtlq?GHbL;GT4McR&FZ{8m-18B8zsIF6`7|+-3~p(n3?{ zibQgq%xdqNVMdhXev26*CT18-W;ov&T4z7cdCouQ+54RH_wV|>yr1{|zVGMrDh+?7 zr&JQSh*Yv0?cL-(Nso!^*`B}sNr>;t8YDU z!xU5mQEN-4q-$~_q`h#;w<&J09T?=>HA5;N)wd_=n8fN6G&_N$?(Jri%hWx+q=n4C zXHXsY!Yg95awH(VclIg&>W0nTvpGp2Ro2eaR3Jp4n4SV0-p1HT_!jt+c=W@+F`p-Fw*HEND zBKg&3{if-JU?B15WB5O*OQ~G*g3vUDtjFE)v1+TbWl9*(ih9mTR@#A zM)fF=BRX3++=CASNHn^vYm=3aYJ;|X4zd!Hdmr!cN&T)`;f}r42-p5`yVp3$k zQp|Ac8_rS0J}PLP>Z-_q=O6f|r+l-&58e}h__{>U6iHO`qVkl&@JExrl(lNiX6wRQ za2_$L;8s9 z>s5;A0w8gyrW|__@7(7h-4>xAHjh@ui1e0n7-b+xpLy%lrEh&b1Kk4XvE5o_Ej#Pu z=1;}GJMR0VlN^$-w#ILcd>Cx0MiJ*{aY3mU)If$ef!RLD`pLju21g!q2f@jxn()5@ z*&3)7!ycJdWHq9vxL%e8j6s}etjVgjB48ewEb^ImtuNb{})E(P5! zA!9?+j9b@XUmax-4*1eT!yp)^Yr6qKt>4WwfX`3ATRn1due@X~iv|!ry}Fm@p6}*@ z9jm!nzPf_CGn15SDmRuuicy*hrM%oNAOq>cWEG8&XV3NLg8u{z?2Y(S5Ku zBj!xO7ix($Nna1quV-Iad_{2fwNrXV3-1iPQ&=xV0yO}yf)^bwZv{r}U}bS~S(h|YAUlZ%;cSs)kRn&_|7Z%~2a_k%Qf zZ^+_zcSduTyFxBdZK7#*6_FIYJXV_Vd#<&kNbjEK-JMSgX@-x2fxtx&s@%e<^B))O zmc9<6nxshRUM>mc>5c*T0x_i5jHAk>0afH-zMj$vU9{$cXMsuo@wwo=atHosR7$J) zEuSaxm!7nKUb6i{XbCDe&?YZH`3wBMnn}n3LA~*jzJ6qRPpmrXWWxP${(ikz0X62k z*2cA{L(e3sRvY_Iw7|IE4Fr_S~2;OWrrw^Yu zGGEJEb2monx>7JejH7P{Gq+v?@W`t&#FU%1$DBH_vh{qQjy^b}3gr=nY>NJ`g6;p_ zX@P9mr(wq75J(adf|JjjOi1pwn<+P<^R`~a@QKbow4s{n`7gv2anoQKXXry!_g8Q>I z!Fw)O12Y!}nvGG`#sNHGvbJ>EYPB?I*I1QLk_Wf}G(KrrzY2J%Kj_6c2RLKf(SE0e4Epf+!!5(F{n#i{3PG=z^jCIxP58~qXfrs?lGrG&C!&rYGMDk1%y=S|3F4MrBoEnr-n_?d!i}=518)BuY&+@z02ZF)jXGt(}xQc=hYY z(1>6Cc+HyLGs=#Z>IzS_5n{YmgRY&8=UufU!pv)pn1g-fm^jnrR4H(+c$lEq$o<)e zjvt6?%LH;c#Bc092GF|ESoM5UZR(cyir<>}-i{`)U)n^xQ@DPxBxA69V08f}g_P*P zl-xyK0$LZ?Qpe!&kJK^Ko+WiO}S*4`}cVDQmC1F5%A5lJ<#LuS=y z%d0#rpqo`^b7#BQxpp`DQJq)}f(#dxoU>H6M09|aYOg+~z=KD2_huBS*^1c#jkM*F z$cl-a^|dnCNKQ*2dfm9W5#}QrBb(Yo;vC|mwYt&-iZ0GB>O0xID~U0nj`3p?CHL(E z&Q{IP1=|I*`VpM5(7t{w4rWa<$;((k)vEk{`-|n7w5S)KpUmV4GlfYCmF3=dS9_m$eFf$U%^*XPPbu#h7!uct+(DB zYl9QM8lw|5U|(F+*@Ne_de{&v+wN@of10dQ1}4iwe&&>0`3I!IACD#doUZ$9^vb7I zP=h3fgLXkbLrR#LgQ{O&3$Cj_;gbFdFQ|U*{Ple%gM(Vs1jT9%HmvX#vJwh-I=Np0v|&&nKr$~)td&B6md0r5G7uaU6)(}9GxlgE@9?=2n@6wWW( z(iRK%X_<8NtzPbaSAvSw-XLs8&L8?%pHY!P;I01vF!b1W!ylJfg~Ja=qv+ZetRN0; z4-nih3M{^_Ic}4Hb5zt7GKR4Gt@gzWa_ZU)W7knETb-V_GWZb@;ORA2>olkSCSKE9 z6(!QxSIO-D;}(=zOW=J9U4{JHsOM=Av6NBnz}O7F@28naaTaX=9KOyeP2QR{D%hAP zI%6TQ-yN1{QN}QWio+T2Blh?%r5tLm4!1d%h;-29VdskTlwG$^;iZI$9P_9_v7Z2? zN-eXFC8Rs(2BjO<JlaO)oEe2+p`Dff(d8btg8?F|fm-YLvR%wpT?p@z)A*Nm8 zqA%$iQPZUQsz$=$%S%BE18+8qODB;|2^87q3k)|Q4U1~e?4QoTbK;#r1#r)^ou%4@ z<}K`w{gphRzhN^`=pxA=g~mYx_YXNglZQKHD_}RGCdLty9r>r%JOjv!AkyrH%{Y$S zv`d)gHpItlrmL?R)b5$7fu%J^!LC3dlZo-6gD#lUQPG{46^^6rK{RHLv8S?u@-I&)!tlK}04!a(3-cS&ndrO6gde3*u) z{&O}9H#o*Y8mN|L(|ofa0T|jSL;%4x`Q%Ex&O~#;?=n3%%}!dfBdF*7Cte~WW3VZM z#|Wr~c8@F5ofbHwk9p${UxjD~olBP9UP%vqxn@cOPIF_Y+M!sk(gh4jk9-_C-DNf- z9;5vl47a;9pAGHmfMvm%I#=4J5#+MA5-91~IACTmtHb+3j+spEEiPoeYCGG9SQOH^ zho2&M%%F>^;~#mK(O7PW#Z(-vxsNQ~e^+zORseqhuCl?Wo&D+Oilq}(K;ITKTYGlj zXPdy9>;b%0!m0_{8202#T8tp714KIJ`HVwOqA82YUvlg&<{GmrEh^Iw^ynj&Ftsj4 zlE6&bB&q%o7Jjd) zR`)AVFvDJ?24EevQfFa5R!vV%4~hN&37q%)hxt{z)?V>%k2C&dANa4;jGttg>UHME r|IdQkzqy|GFL?dsf2tW_f>L5ZSS%rkN|O>B(m_QbW~S#Zfk11)z-Qa$jlh%WB&Q1C&l=<NE&c z5-YWGV*}9Ma>vvj2?A~ZwE9^?^?Q921TyF}J9qkWs56J@_*9J=);EXV@?B-!Y3J{o z)`j8Xd)LYKp^v`Uw9Z`d;OE~G?uEa*e(lrxbKgE|T(rL5Zmo1G#&TM@Wc?b_xNPaV zL!~~Q3Fn^{S(wi4yEvL1)~o28clOe=Kfb;+?Tc$Q$97-Qa=Bu+z?<%w4r~=;>+&-R zgtr7j)`Z~JE$PK?^dT{k6vlnE%+jHFIfqXi=GIARq_XkYL4!pGlGP9`$Kvt2P$P0f zM`=dF!f21Iu!s9M-{1epVwVj}6u8-ig>X|8u2V5j2KKC_=#SyDrZYDk|Q`%AM(E7M4)VBmVi-TIP zo&VoL{F^fWE%I*5fH_8@bQ&9v`hXe{NP_0}AO(F))@1~JDe-R0f^asV2n70I?5#|y znp=9$iZ90W)c$Ds#ESHw_&THb7r7legmgO>%qyHnYo%Y-^VwQK#&S=zN$Y~pXx3p3 z=pHVZHTpdYwvtVnB?}on{Kovff zybd1yUAkpz=3+lWpQxn^di@ao3BH;q4=I{-3!*<+hFZPFesNy_YYi#5E3nODJfh=0cm8SFC@X``j<<$iRskU9JOh#jF1kK~FM zDMM}1DsC%p@PapkVRO4-I~TB5J?uB(F4wYPjRQ+v1qq@>wkQU~OW;zJH{p=aa?8y(g8Wo~Wt0Nfmd+hjh+YJVdQM5G1nL}-f_T=qOfP4r*J zi1OEyss+2(qv1obKRD*doQctouxEOmBUV&s&_ZYsWg=sXp&|?xK5bX*yiK$gM0C3p zZ~%V^^?f(~i}KFA*JCj3a1N_i!gEQ-3iBaHDR)L@(-*}QyryJ&fR;A3h;9@6)=R`4 zLEPh%A9~z$h$M^~f)%SGXPF`C)ZZkTQuY^k`s^g<_6V0pd2pGxfd}{tJbs@M{@S>) zzE*|CFg4#y;r*%RD$#6`Dcb%zTCSfjb;rRjW*E! z;fQQGpDWSO|kg-N6;JxpbO zw~y$kZ%h;km?W%8Ay`9`Xh^g~Hozf*zI3h0cdIWlTf_Fqc3ewvHZYN5BK}`1-Rkb9r~kH!;IF zn1^_nJ>>pO!sfExsNj!E8~wOPl8}Y1ZoQE76(Qu9xMYYFx4}e4(f(d};OTvIMY_s? z*gVV5v18{Y-KPia-n>^9-c|yK69TA)fYOcyU?76_sJfuIQfbt;b;GsB1F>BTjgR62 zV6TFZt6muFoilpoiS|lk!_y?VPn@VRK2# zBN~`Sv5s~YRvgAXmEvi67?)JrxgeDu7kOS>@kq@;a41N_DXxJ?;%##WEdeH>&BfUb~CclKAjwiAJZJ1!a4GVB1RH*b1*?4QK(8 z0pFZ?-KX@O-}eyg;$rJrX+u{szha8@mk?5plbn@Cx1tsXg)Qhs*!3)oz>6D&U5aA$ zVmQ4mIk85Q4pxVxaN_Wf8kb1ud0#!JcM(Z!K3k@e;mQ`K7}GSWN=2P8Q76j-%l9~o zM#~=u)&!|imR?B&-5;`&km5qf~kJJ=4g|) zPnBcflWVRE+mhg$?PW({J1W%iV%}_;iDFm>N=Wxh)fqxj4MbfQtP$+WPOb}V&ZWh0 zk>O@EA0L|<3n(J19_(@gyI_YMa~LiRz#RjDJp5Usu5{nQS}*dCNR3n*^kikL3T)Yt zRfZQG;ug5ncGt4eSQ_fb14y|LDxg%9&{hL+MT<7+$6y#+f%^cm@&Pcy6f)19J7I$z zU{v{k;uxy~@%Wy@E&OU~KwOQ&e>*|=Tfz39`NaQ`pXuIg+{<>IAokpGOLIWewfEKRs?Z;)T?2xqytjl3D(-m6BwWAj$kdtkyV_W9 z&wk05UkidhXpVP5^~wGbEG(?+7BMZBd8-TI0|97`ue&9M&wd0t<)cx8#V z8T77_e~k1+BXn{ERbk4PdaKrgKDG-xIxBOd=6S>HcRLQ_V7l`9Vc99VI->v2$9qwn zZw*5s*$rtKc0-jeEep$*vUdZwYWP;3%#U}Q&?E^kDA2v;8?i9bg^ozu-m=&llC&6hx@#6_fq2g#oTfa-T}fb+0xx z8qZz(dhJTb8c@{^ZykdZkmx^{JxC z^#a)$f65E+07>%}*tJq4!sb*5cQQiL{I!B@LzcH(g#}Cft{RXWSMm5qNS(f9sI6jUC2RqN^9P4W!4)M~J+p#-%dpIXtKKQFh`8@Cnc`lWY_G>?{M=_nr} zrMmiRfBt?Id>I{zEUUR?7*rma<7TTzLK3*z*b|nNo5PWae^Q0KM`nqUZoWS?;28~ z8%zzj%cah+zNARE-SDck8%YrNiqw;HW9wg{vg)~armL>@{#mXbJ;cv1COxejYIDYY zTn>&*Y#3!-mLSr6YRHnW%bgAZekbx^eVuuZaoXrU)pjJQMqA(z$!+SMs#}!083(t_c6o6X zn}~B>nNX-F?_frs(%3$)yZACGVB!;``F-5k%4+6ygC=EBC^3dIVY(-**5PQ;ofa`` zU#9QLtd5eP_vO)$5J9NrfD7Nif}Pz*oP4N($g>*AzkLMjYjpCeZ*8@~$(hfZW@!o! ziuF6JAxHGHt~iE~q1E0DyNRYwH>n|$K$PlLDmYjYK`NuVAWVw)q7{kGGxEo2`kHSL zsOhTc%G>Fg5T-IZ13ei1#R)>UxuwXwbu`#1z#WL&+*0B3-ou8)xmirgjDi1~c(`Re zIWB-c5q+w6?_I|G>t(Yi0u3)tp3SJhzo7V^(vJOSwp_zv z95Jl6PglxH-6ni_&1dlQ*VK13M>_o8F|sVE=5%T1jpcB9Xn2UnwMV%L64eedC-gXN zo7KR$Ug<(_OXfRj0D2NVA-httiR$0hL2U0GUm4fVqaI}PbK$W^ijI4-Sr>mRMId_* zV~dpWDetJyk9tgK$L$9cu}Mlj?6gTxKrBKoglpQoU{iUwoKnU={=(NfFPt>rp=mxg z;g;|6yZhEg__L=A?8@WRy|P{YI{dF2I7AyN~D z9wmoOQR<(`o9*aRp9rbCGd5L}UK3-OHDxg?$75Tn;s=Nq{5UJ4F~{@#ROK@1Z7(ca zM;dw$L(@^tbukrm{1FI!<1Qtz?N(<~5iTT%rh!ubP9IfNK@S)OhLvL5O=cQ=back4 zQ%y1jHFhD~_;hJE8^%zJ4FS3FSq_NMTy$A=t`Dsks8&K~1DJUP_bpk#Iy`&5fFt@#`BaJ2|GGawM9x-At{L7f=mn>d~AluLut*7S9=B!Y*{7{+Z0@&qmq07NIvH`u5P$f z^*N=xMY+BcwF!Dsy@wTOee&kaJKOFlHrD_C0PH{|zZhknW-&9`5x>Q{fBgXo61Z%Y z(%H>CuS6#oF^;x%+7wehMi^ZU*%1`uv=nR>hSiw#)%Lx6bR*qfrN4*W-mK=_Xr;bK z@PisS_O-;EJ)9@ZhsqP3P@J;fgZ&<~kfzi#_E>aJWpgY3SxcVFhdS2Vq3%8@+BOXZ z8?Tvjmvvx%IqcLV;RgRpj(T=>+M$H?hq#FuHoB}nu5}}=C?UqNmByR8RDE@%*U*Un zW#LF`HUi>eb8mDlH-3;8k+f~-NzavQJDw+|QxNnN5?zb6^X|jZwPgop+dB--813v2 z_ASxS;WJhc3OHAVmP7ol{}Q+Or>Ff}Fvq_jf7`DD?j<-KT7^(taTn!&=0<-PHu)Fh z{Z}Z9WyimoroND-9~vgp=&VM z!GUYYD1kHc?B(U3Bdr#VX%k^FC0=x#E(D~zE&-htc#J-FTSAHXaIPjPtjq;MI@uo_$@Upg0bM>7pczSid^h0uV#sYt-(Xkw zHu~TX_tW<3YF7!c>}KZLoightnrG76?fm5*dol_{&AvN{xSI|=A{&i39H9{6VyD>f zOzBv*B=CkUorK(Rak-1UyE?YqH(Jk1co~u6RJT*%h>od~qC&{`)ZCVskG%?B`LS2_ zN&n<+Jkvn%{eENT-mb)x%==1s&p@d-tldDA1IU1B#A)_xrUjvs8xCyny6b4e&lin0 zjlzYPGiwj35U{V@p7BZZB?y}o_Q0sXx@hVw5#e&%`WV~L)0<6oqQh4m@i)w1Aup6n z_SFxv^jh}R-;0#!nxjB3jsdH~vvQg6YcG)FzjMB^=FhL3PV!3d4Yl|Z|0SifH>VEc zu3WkWD~UrAIgH)|%!ALZ2sa%E#+s-^L#Hh7#3}s>f^@%gZsqs}8M^T70GMw3ktFKdkHrMyE7|ILvdEdQOuHma6 z;T-1`KQm4Q*3I`aOn(~0wGEFs$A${)UQ+r~mAuAdOI~FfJ`8VrGF}C`g8@9Tl2qLj zhd|CP>_{8tY358bzgJ^d>5ydp#_JsFJ3?{1Kd|q+N*xF1ULeT4sj@UBon*(I()(H> zg{zJWCeQNV@5`CM$~tCt@|H*lk-_+A@#$Jx+hUStWT`m3$S=jf!}!)y&>cl3FgxDy zTIYuAVAio1bg2gNxsk`3>r$rBw$p>|=OM5}_;j&hTIWZk42TH$q5p(`{uh?{ui(=E zf5=PxtYce;hfDN=(g6_fL;`NhcIoXcryoVySI^t8qO{YpjrHrly1s{}KG4$`T;0nl z09oOF=fad*!$$9Q4UI12J>{Rf*{S{+g4pDKa!VX_cz3)l5;d+!59n=}4dKLq&Fo+I z8h6d!2KIjN2n#$M*cax=W?4gh5?&D3EuVAys=jdX<^Fo+2;6=VmYJ(oeay=@5lp8{ z!|u4xRAo!9gyE-OBl;=Iq%WCAPVZQ+IqSKlu|7iTndtJVsz{^3UJd@R?S>wy2)3|8rz~*F)$U`&&&nZ6||crJ3Z;5opOZHF#Zz%0cl| z%(!>Fr@4f{_EJn^a{a({o%#&_ERM#M}w=!5Lc?$rCg1`2*GT>onSPj>g5z8n3e z`itZBlq#F+zx`s`clf_1FDo1U&igE{AfLMKaec?0lhXw?(y5vWQkJI!zNRvj!1=7v zFX|D{7;EeP%4GD1+IaZSk*AeO*Pcf@Y(_+c(0_K(`PD_%h}5_EpUB2rCPH@c(U7BV zO5mSz>svrUFFv8y+Qz|80O9)s)F1!hcO`K20TSq)1w-ZN2H-`3P1E$Q#VxBs$O3Cy z^ZCC;ev96?;q;Er)u5gOBu`6k@K(^BkV3OM{mpwwN{quN)F0GO8=n037kr}MwQzLg*~47RB7 z%*v84GBVpNl)2?!E{OQ3tdys{$%OS;akMKV5OKA!xkIha$m88Li%fAR4uv;c9#3_m z%fk;NQ2Ap(ZmYv!=DZgeNs%>?DnZ44<4@$CGIDB1 z!2S0N(dRFQPaj72DcvZfeP2pAhIM8Vd8F|s!P$^8BDSAmj+*vAEAcv$OSE8b1pzDR zY1!Er>1g?>CRp>@g*@vNAGIqa$E2v)87IlSXEqp--$zJfrtEbgTE_IMoI9{)uJM6H zPxo0t%ClI+x>Gs8TyS3V!ZI?2a0g^6SSq&COOhZs_Tpz-a0~?xmHo5{q{$jZ8F?s6h3Xvz4=^* zY((xCL<3vPApg|BGI`>ApVpNWjEK_9Gv2B5k1 zul}J>MNUUSAI8r9H?HGf-U9R^(Jy?gl z?snrD!KdJV2PF1O;oE)<5NHDs(c!$8wMBrxye9=DarNJrk~+2RLYw0<&9+E+Md`(; zfCECf{nGEB7tpmo+zZ4?+hY^UU-X&Gq?)9hT(yQtY_QJXw>OEN5 z$$sR&_z~c`%B-QcYd4!~ zyxONx`q1UIae7v#Jo}r0TlGDzJ#>4ED=8dR-raI$j{QuZs^?5qZ96ujmo=qL%@z7C zoD5lYHt>L9XL%K-RX_ISuwPfcipeJ%Js(k|z5G~Hw-gkS@<>4BSht#umpSg2kC51sn9t@Q3+1Jr6lQR3jat8{+V4FeJ| z0Xbwt`qlU29M{3YeQqRzqJApGN9RIy4)vee$RF+o;9F^x$m*p_zenhs>OE$3Pm5j3>YWcRgYA=DV5w zOwdaKQMsJC^n8L(EDE2drcb#jnvAGMYZ>`68jj#S#9EhMYrt}lGZEU2ZdS3XlioL- z&o{`M342E9<;4nswOJP6;SuvKQXX+na~H;pN1HpfwYzXFlYZ6@0+=B)x^C2<`s~4K zzUu|$kx5_O=6K@dEh7B2TzS`5_Vm;g(Mv%tP0zI1gkI$9`qhfwNv%}Q$azN%q_zvq z-S)~;0mNsdoWMEWX;N)?%Za`%cDT663Y8aQStwRTbl?d^$zFpRGluI1f6^sv`5 zg{_#+K}jyf_0XcV5U}xL+uKKk0ma#GsHHsy>_}fWgx%C3B59f`6m`Y+{d$QOAc^PK z4?8b;g*mtkt?v-!j4Ee42Ua8gA-{9zrs3R$&o6wMtl)#$&7n2bWJ^Aqb$i^S%Sk*r&x;y6K?=LwP{Mh$AK+S`vrxB>uU?e>hHFHE5ifTDc@TtVs)d!Ym{= z+^P?xHmR&c9Ip0jH(7IL{(QPVA4;`-0Fl_!&Q=y^f-gcEDJ;*^UfZ=Z(^a|EUikFX z094EBz7V>g0!|8JG2W@|@=Sj!eeB$tlNvJRBbNt^$sZw4yVg7Lq1Vc87fr4l3nzNK9>6nFW&? z``p40by4?B4Y*SipA`tQICiwPaTBoogvfltP!4;=)4K-O-8oaX&<7-5VJZQsWK2=E!(JH<9wDM(*h&z8?91 zAymn7HbmH)w}Rc(Hkt#36IqzQq|TZOe}^+0IAco zpjAXbHKITEmI&?8+nuHOsd-cJVb)(pcuV{_J;IUT)mK7S(p)%E%j0F1>FrU|lB?;kgie z^><#q2E-w%7rG9F24?WT5q3eKB*osLj>zKIsA;`3I?ywAT-FXbI+Uk=n} z%HEd#ENh)tSRa1bAvdrP z&BDCIQEcaM!r@%;b!P=i5hjK#)4(!bETFW-p|uDFGn>GxSOkzbRf8qpMtVxXlrIdB z(#{{ETx=C}woE689(*O_PG?L^_fQ4^=`;6dwz~|a_~9LEIjyu=Y4!zAyM3{YJ80%j z#lj%=5F%PMmp5%-g6uJ?%yf0M>xlwv0w{Ya2f2$R5~ zKSPRpG!T3ss6+EL$Ba8mpTw94?dlKPLoRM-3wqC>TC`|e@|%Jx7Dh1s{;Mfkiwd}? zWA=qZ$X9m4;Q0GXVa@!Buu>`EQpTwW;8m2s^ux2MD<;K7H9wG~bB*;zhBkmgy3PW- zsaF+J8$ng5pC0Ug0LT10iShqC?z0N&BpLL5h0U;v33;Yn^xEHAsH>q1{txLhE{{H`4tDBS*2z@WQFY3{jGb(q zIX3jWPNp}fg&Ta^I;NT(VPKb_>!9{0 z;7oY!%6v16Ig63=)Pfr{D{#nhY`evOw zc>YcO_nQmf^*H>Z!8g@PpWjzmkM53n5NSUNrU#U~1%IAJiE5Z+G=%?YcehO-e5lgy zWLA<;`^HvLi5;X(t=07?c{KF4WL)5XU~)zvdq-g)#}mcJ3fXG^BH+KqyRXw z*m5=yKRy-X#QumpT14@kPHadgT|J%0Zupi8UWEl~%%L5h&x|JEY=sBMvpzQ_I#PVp zNNXC8nD9e162^@u=*iAot7+x$c?GfQys~NEV;AxL;WP5nBQeE?VntP*)WcuHVxGE9 zr)C#1?(nvqXMPydC0b)U7eAHie7=K1mrahl<-YVUj&T!mx$g9sr*|{U35Gp-guH#Y zr^v6IS>a?;Cx&P9=F&^{f!nsJ>>#(esOPh=aQL{sf}hvQ#W1goCtWnB5e)M1Qw^u3 zlj2ljF|RtXqvZSolIDiEX~g3m&Wj}x2;{cvtR#=NW}`)){tdMobEtAgIsw$${l8TC zfJ=z!t^gR_p@nq{t$C~T4i4&$`tlMkXf##@L;;R=b|VN z;q!Z&X7ZGNr9xA0%MB0GxF3I*HS1R^*k~}Wb6`w>3P5xaiB>SeSIwq4Aa_yyrc+XP6_>-*obWfWhemotY$Y_fvYR%iH*Ko0 zeAu;egqQ2s1;&N8b>NAw5|g&E4oqvbASo9W&&Kff8sg6rvY*qAYF8?pTR7h^5s92n zpA7XPF`toa2&A{^Xy&tqEP1yDgC6ZrYi~iS7xQL~t|Emgk~diFQ2Jh5{87F}B2SBE zXlktbG3Y_k4x^8M9F}p-8GU*84;=-`&YMdfQ4@)X?=33jB_2;f{lAPM;P$Tqp{4;C%r1X?#S7* zi#k_5n9;VeZ^{*#R9do&atP7Rg&pFK5xpFmE%Ur$)apd-J$se4e0iJ>-A6$EVA%13 z)MGmz^Fy))EwB`Qv-ENBNzSr#u}$#wM2Q70g`sC^KfLn(sB{`>-}^Q~+oWt7d$6xh zN7gT}Xk*(l;}3c6K>*%iy#$JL+C>zd9;giXdX&z#%i2-wPD1&L0r^ph&I;pa9iV=u zQ9t^JSsft`J{@gufDZ;Lz?Yk8+kl|qqfhEP0Rox+r+|2zE!98;N=H9|cHDig(q`L% z9@A5S5Tz3!zAP}KrqJIU0Koow>}t2iqi4j+N#a<;NNgfU@;+Dq8MYUNtl?3*+eEty zJ+U2l4Tx}Y;Q{QmQrAluNx}#tVYHXenu{oBU1TNHSefQ4?~lUz_1528UIo9V6Qyc) z2qLc}JRF6ojqKiNc4}pE0%C&5({*~WyIPvLD9da(QlZXw(bdow$74^v5iHHGCdNn*Ckr>;VH0)uOdh5G{~P^P}2vyc6zNHhLwyT64hHCcx=&!U(q~B z(Lm_*G+e?7M#V^Wo}$Np$-(Ewg4@@Dk&~x zuD;k31ZrKKRA)3$a_X}H{PF)2`UOfU|8{xfe>BRibntXj@)5aBAdu=mRPbEIKWihT zo>vP<6huq#76In20qt2uzT1G*TRrV)}Z(die^I6Yi6pwuSp7}zWgFLF1`wL1#?TbAr-*)ihy!l3p7y*e~l4L zN3b}RLy9&~#zof>X6@p6HGCrvCXu$OQXFYnzy>9F)RP zNVug2-48Z%2)o14grE65@sLX|hgK0nZE7>SOu+@Q?cUDzyQ#OFiEdUrvhRT~LUqz2 zd2B$4&c@6za$|2=%ShE=r!!toC1pw9d$lUMU8C{yYmX`#jVnzfHh7WlNS&vQ7w(FV z@yn;<-Z3>MzkZi#>b5)TC6wPA6?pmNE3J-VgY7tv(!MCnZyW@jk>L}L$rC&=e6|lS zZy_+J#_`<2q5XeUXheIp`%!0cim??g$r?2`&xLGw0UY05-If1`!2CJM23mJNAH35E zYA$@06e8siTIqeL?2o*KK)lzGs})785WKYh>^R1p)9JR%DVett_^0>0u#{PV+Fv7h zdB>*dJ@kdSTb@Z-rV=HVcj*-D))%Y$>s2<550rNPa=fOapn8pEks z(rPp&pdDr^^Pk<#6Zm%SOS)nS?QnY>>>b|lNz%llr z+xj>_z^~u+*#r;rK~OEgJmTQjcL65)6JA09$OdqOZPjYZgFk{mDXW&hdY1IRU8npX z88T3){o4i6zriS8>iiC%3Wbb)1{bUztLXYa{22JZzCrgd>S}M};I%*Mq*g0*r+2Vp zfYw}t+&@~|6Qq9L*?YTjwX6+1yz*f5=YvOYPY3*baISklY4uj$=9jnQ;HwntFKU@W zf8O+ay-x}JbDYcDR)=|H`1FBvuuh2U4id?H4f{#DF26=r0-MFbGc>}&o1AAGe}2R=9Qj< z0f=klWmlpo_ohl?J+m_Xh|`&!trzWr@1F3WZ~aO8(iMI#z+YJ5JNI<(aU#6%rR4KL zYcllYPpKX~@jn2#SWl;#u@7*PXy!DD89d7n7O(f!>}A}Sn{=tEmxq&HP6lc&z0I?R zhX&lBIkoAP(IQ)zKWdrsgM+Qn^vdThkC(ik#no3eoaC-YICJPL!tlnQ<);Hz=yVj;M(!(^#+hX7A5Y&&@E3C;#uEvt0V zDUf?pQt@b->yq9_>g2v+pYe-Ds~;PlNwoNnKUji29^Qhji?`;^13< zDfAa;;b-3HecAKA1oMAevjJ`YTLu#G%XT)uyee-XS>dw!J@8sKh6_nyD|6J=g{j`w zL$L;~ikPJv+=^m!s{yb5EbHSY$ce=vEM@i9X3P7``d&_YUOkN z8OudVZ|!1_ehW~%{ceq<7Lk3kWA$f`R>ts)1mlx~{;erf)sbWb-4||G{8sd-iVGZj zEec_zC8f}vYXr_nt*35kH`PdCs>!o|@-l+_Id8*ezo5FKNBa^FB1Tx;Nv$g$x07P9 z&-{0?V^xd$mj=E}`7a2p2#$f+1CJ&SgxwommjE`!><_y?D&-;(^dh#;eco-8Dv|cs YuGSqBSl9~O^aYt2Tc0DGxqkou0=OWu>Hq)$ literal 0 HcmV?d00001