From 5a94a7f83f5586f44747a053740d5a3cc7aa4ff2 Mon Sep 17 00:00:00 2001 From: Charles7c Date: Mon, 31 Oct 2022 23:31:45 +0800 Subject: [PATCH] =?UTF-8?q?=E6=96=B0=E5=A2=9E=EF=BC=9A=E3=80=8ADocker?= =?UTF-8?q?=E8=AE=BE=E7=BD=AE=E7=BD=91=E7=BB=9C=E4=BB=A3=E7=90=86=E3=80=8B?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../fragments/2022/10/25/Docker安装Consul.md | 5 +- .../2022/10/26/Docker安装OpenLDAP.md | 11 ++- ...执行Shell脚本,报java command not found.md | 40 +++++++- .../issues/2022/10/29/Docker设置网络代理.md | 88 ++++++++++++++++++ .../mysql/03-附录/02-Docker安装MySQL.md | 7 +- .../public/img/2022/10/29/202210291930211.png | Bin 0 -> 19700 bytes 6 files changed, 141 insertions(+), 10 deletions(-) create mode 100644 docs/categories/issues/2022/10/29/Docker设置网络代理.md create mode 100644 docs/public/img/2022/10/29/202210291930211.png diff --git a/docs/categories/fragments/2022/10/25/Docker安装Consul.md b/docs/categories/fragments/2022/10/25/Docker安装Consul.md index 16bc835a6..d897d5cd0 100644 --- a/docs/categories/fragments/2022/10/25/Docker安装Consul.md +++ b/docs/categories/fragments/2022/10/25/Docker安装Consul.md @@ -53,7 +53,9 @@ docker run -d \ --restart=always \ -p 18500:8500 \ -v /opt/disk/docker/volumes/consul/conf:/consul/conf \ --v /opt/disk/docker/volumes/consul/data:/consul/data +-v /opt/disk/docker/volumes/consul/data:/consul/data \ +# 使用该参数,容器内的 root 用户才拥有真正的 root 权限 +--privileged=true ``` ## 验证 @@ -78,6 +80,7 @@ services: volumes: - /opt/disk/docker/volumes/consul/conf:/consul/conf - /opt/disk/docker/volumes/consul/data:/consul/data + privileged: true ``` 编写好 docker-compose.yml 脚本后,在脚本同级目录执行下方命令即可。 diff --git a/docs/categories/fragments/2022/10/26/Docker安装OpenLDAP.md b/docs/categories/fragments/2022/10/26/Docker安装OpenLDAP.md index 8f1bb0801..01cb500f5 100644 --- a/docs/categories/fragments/2022/10/26/Docker安装OpenLDAP.md +++ b/docs/categories/fragments/2022/10/26/Docker安装OpenLDAP.md @@ -66,7 +66,9 @@ docker run -d \ -e LDAP_TLS_VERIFY_CLIENT=try \ -p 389:389 -p 636:636 \ -v /opt/disk/docker/volumes/openldap/conf:/etc/ldap/slapd.d \ --v /opt/disk/docker/volumes/openldap/data:/var/lib/ldap +-v /opt/disk/docker/volumes/openldap/data:/var/lib/ldap \ +# 使用该参数,容器内的 root 用户才拥有真正的 root 权限 +--privileged=true ``` ## 验证 @@ -91,9 +93,9 @@ services: image: osixia/openldap:1.5.0 restart: always environment: - LDAP_ORGANISATION: baidu - LDAP_DOMAIN: baidu.com - LDAP_ADMIN_PASSWORD: 123456 + LDAP_ORGANISATION: dcits + LDAP_DOMAIN: fucloud.net + LDAP_ADMIN_PASSWORD: dcits1991! LDAP_TLS_VERIFY_CLIENT: try ports: - 389:389 @@ -101,6 +103,7 @@ services: volumes: - /opt/disk/docker/volumes/openldap/conf:/etc/ldap/slapd.d - /opt/disk/docker/volumes/openldap/data:/var/lib/ldap + privileged: true ``` 编写好 docker-compose.yml 脚本后,在脚本同级目录执行下方命令即可。 diff --git a/docs/categories/issues/2022/08/11/执行Shell脚本,报java command not found.md b/docs/categories/issues/2022/08/11/执行Shell脚本,报java command not found.md index b7d5fd83e..1748a8534 100644 --- a/docs/categories/issues/2022/08/11/执行Shell脚本,报java command not found.md +++ b/docs/categories/issues/2022/08/11/执行Shell脚本,报java command not found.md @@ -40,7 +40,7 @@ Java 环境是配置好的,那还得是看脚本自身的问题了。其实, Java 启动脚本内容······ ``` -## 解决方案 +## 解决方案1 既然以往的经验不能提供帮助,那就对症下药,提示说找不到 java 命令,那说明它识别不到 Java 环境配置,帮它一把就得了呗。复制一份 Java 环境配置,放在脚本内容前,相当于每次执行这个脚本的时候,先做一次临时环境配置。 @@ -50,8 +50,42 @@ Java 启动脚本内容······ ```shell #!/bin/bash -JAVA_HOME=/usr/local/java/jdk1.8.0_202 # 如果你要使用,记得替换为你自己实际的 JDK 安装路径 -export PATH=$PATH:$JAVA_HOME/bin +JAVA_HOME=/opt/disk/java/jdk1.8.0_202 # 如果你要使用,记得替换为你自己实际的 JDK 安装路径 +CLASSPATH=.:$JAVA_HOME/lib.tools.jar +PATH=$JAVA_HOME/bin:$PATH +export JAVA_HOME CLASSPATH PATH Java 启动脚本内容······ ``` + +## 解决方案2 + +这个问题的根源,其实是因为 `/etc/profile` 或者 `/etc/security/limit.d` 这些文件中配置的环境变量仅对通过 pam 登录的用户生效,systemd 系统服务是不读这些配置的,所以这就造成登录到终端时查看环境变量和手动启动应用都一切正常,但是系统服务无法正常启动应用。 + +所以,如果想让 systemd 系统服务使用环境变量也可以在编写的服务内指定好环境变量。 + +```shell +[Unit] +Description=xxx +Wants=network-online.target +After=network-online.target + +[Service] +# 如果你要使用,记得替换为你自己实际的 JDK 安装路径 +Environment="JAVA_HOME=/opt/disk/java/jdk1.8.0_202" +Environment="CLASSPATH=.:$JAVA_HOME/lib.tools.jar" +Environment="PATH=$JAVA_HOME/bin:$PATH" +ExecStart=/bin/bash /opt/disk/xxx/start-schedule.sh +KillSignal=SIGTERM + +[Install] +WantedBy=multi-user.target +``` + +修改完系统服务,别忘了重新加载和重新启动。 + +```shell +systemctl daemon-reload +systemctl restart xxx +``` + diff --git a/docs/categories/issues/2022/10/29/Docker设置网络代理.md b/docs/categories/issues/2022/10/29/Docker设置网络代理.md new file mode 100644 index 000000000..ada29db40 --- /dev/null +++ b/docs/categories/issues/2022/10/29/Docker设置网络代理.md @@ -0,0 +1,88 @@ +--- +title: Docker 设置网络代理 +author: 查尔斯 +date: 2022/10/29 19:50 +categories: + - Bug万象集 +tags: + - Docker + - Linux + - CentOS + - 网络代理 +--- + +# Docker 设置网络代理 + +## 问题描述 + +**C:** 今天笔者在公司的一台内网服务器上,打算用 docker-compose 拉起一套开发环境。结果刚回车完命令就报错了。 + +```shell +docker-compose up -d +``` + +![202210291930211](../../../../../public/img/2022/10/29/202210291930211.png) + +``` +Error response from daemon: Get "https://registry-1.docker.io/v2/": x509: certificate signed by unknown authority +``` + +然后笔者又试了试 `docker pull`、`docker search` 这些命令,也都报这个错误。 + +## 原因分析 + +从报错提示上来看的话,笔者有两个怀疑的可能性: + +1. SSL 证书的问题 +2. 网络问题 + +第 1 个怀疑主要是因为后面的提示部分:certificate signed by unknown authority,而且简单去搜了一下,确实有一些解决方案是冲着这个点解决的。 + +第 2 个怀疑主要是因为前面的提示部分:Error response from daemon,前文已经提过了,这是一台内网机器,内网机器这个身份基本可以表明它本身是没有网络的,能上网也是因为设置了网络代理的原因。而且,笔者之前也记录过一个问题,那个问题产生的原因就是系统服务不会识别 `/etc/profile` 中设置的环境变量,docker 也是一种系统服务,所以这让笔者更倾向于是这种可能。 + +## 解决方案 + +既然有过类似的经验,那肯定就按之前的经验先操作一下试试。 + +::: tip 笔者说 +摊牌吧,两种可能,笔者都搜了。但笔者太懒了,看了看第 1 种可能的解决方案步骤,实在懒得去操作试试。所以又去简单搜了一下 Docker 网络代理的设置,意外发现它的解决方案和笔者刚才提到记录过的问题解决方案一样,这也让笔者确定了问题的原因。 +::: + +首先,停止 docker 服务。 + +```shell +systemctl stop docker +``` + +然后,创建 docker 服务目录,并创建 HTTP 代理配置文件。 + +```shell +mkdir -p /etc/systemd/system/docker.service.d + +vi /etc/systemd/system/docker.service.d/http-proxy.conf +``` + +将下方配置贴到 HTTP 代理配置文件中,是的没错,就是添加了两个环境变量,这两个环境变量在 `/etc/profile` 中也设置过,详情见之前笔者记录过的一篇设置网络代理的文章。 + +```shell +[Service] +Environment="HTTP_PROXY=http://用户名:密码@你的代理服务器地址:你的代理服务器端口号" +Environment="HTTPS_PROXY=http://用户名:密码@你的代理服务器地址:你的代理服务器端口号" +``` + +最后,重新加载服务配置,重启服务。 + +```shell +systemctl daemon-reload +systemctl restart docker +``` + +OK,再执行 docker 命令就没问题了。 + +## 参考资料 + +1. Control Docker with systemd#Custom Docker daemon options 之 HTTP/HTTPS proxy:https://docs.docker.com/config/daemon/systemd/#httphttps-proxy + +::: tip 笔者说 +这里提一下,官方文档真的很香。 +::: diff --git a/docs/courses/mysql/03-附录/02-Docker安装MySQL.md b/docs/courses/mysql/03-附录/02-Docker安装MySQL.md index 3ab800a85..990c91593 100644 --- a/docs/courses/mysql/03-附录/02-Docker安装MySQL.md +++ b/docs/courses/mysql/03-附录/02-Docker安装MySQL.md @@ -65,6 +65,8 @@ docker run -d \ --collation-server=utf8mb4_general_ci \ --explicit_defaults_for_timestamp=true \ --lower_case_table_names=1 +# 使用该参数,容器内的 root 用户才拥有真正的 root 权限 +--privileged=true ``` ## 验证 @@ -83,7 +85,7 @@ services: image: mysql:8.0.29 environment: TZ: Asia/Shanghai - MYSQL_ROOT_PASSWORD: 123456 + MYSQL_ROOT_PASSWORD: dcits_cmp_mysql_001!!! ports: - 13307:3306 volumes: @@ -91,12 +93,13 @@ services: - /opt/disk/docker/volumes/mysql/data:/var/lib/mysql - /opt/disk/docker/volumes/mysql/logs:/logs command: - # 将 MySQL 8.0 默认密码策略修改为原来策略 (MySQL 8.0 对其默认策略做了更改,会导致密码无法匹配) + # 将mysql8.0默认密码策略 修改为 原先 策略 (mysql8.0对其默认策略做了更改 会导致密码无法匹配) --default-authentication-plugin=mysql_native_password --character-set-server=utf8mb4 --collation-server=utf8mb4_general_ci --explicit_defaults_for_timestamp=true --lower_case_table_names=1 + privileged: true ``` 编写好 docker-compose.yml 脚本后,在脚本同级目录执行下方命令即可。 diff --git a/docs/public/img/2022/10/29/202210291930211.png b/docs/public/img/2022/10/29/202210291930211.png new file mode 100644 index 0000000000000000000000000000000000000000..95568b09429087f67ea32a59f681846f7946639a GIT binary patch literal 19700 zcmbrm30P9w_Xg~p>YA0Mm6=n6X=!O@N>0%1tYtZr1C^zjf}uGjL)|jNiE>s{QcE)j zazY%EGL;-j%@LIXl^l>z5fOopZrQ!R|MY#&^PT5$IC|J;@3r@O*Sp`f&Ox8GGvBao z$2ut~sSTDEryQiD)<7k{kNmkt^1bX;tf%D1FM$r`C!|U`l_w=9zk46IJuW3xiji5l z@`vPH`j*ATKq;whd%u1CV(Fm%RZ7YRZF%bWg-{RH$m=+5ljKi=u!m{Tr%LX@CnpT9 z#Rfh;dN(G~(=kRxtcRTO=wPD!&k@cC!>(_Wb zdAn6D&0)%a<(6IEKFKNPi5qsacv2R%bn-Vz2mU_p;?3#bdi?kC$?h@nm(>%Zy!y8R zeLrSTX}|)ZB~`A0O4WwmrKYoy)3wtVm)7%`s>|A_I`Bq^upd{xahgM8!K8Gs2loI<#C4;YS<@#jFZRcEv{fH6lphFb(tD zV4iU4J^CSmB~R}B+^z8rs*v)+66K+UR{DfowZ_1DG&Xq<>}q&1;)=Wx>lAFuT1gY9 z;~%%!P6&V%jLRRY+~Ys@<2R^@c_Z=wpR{!L0nU5Q@AXP@fbV9(4jzI9-q`4BcDTR_ zLT^q<(EKW^Ab9@**_~`T9R5KQ0!^_7IO!+w>q(7{J9Rd{x(EgajTw2q_0>cOyrW|2YHiQMvWYtffpm5Y_@-shfdqf zThdgE4wb8dBoy}81%M-j?RLv{HYccCca4OffeSU_s(dGeySzyFmgsSP1mFf{u&N&K zXG$KwPXIF(W7PI2^i+Z`j)LL~N6Z0>8gc-7eKpX9(d9vRdA|rlpu*CZ#uoX0gh52r zRYx0YaCXLEmhCh`RH7T;2dqxSe4Tf-2@^$Z~^Feh) zy`rP2m-`p{U&eZ?Ve3cS!*g-DA-PSZMMkJQL!#a+R0Xr@(%`(k*8xf_rBB4ciR=R_ zEYtf)0Fqd?XWLKnUNnLQ`qZ=xL%XN_G$}JE~B=c>tGcp!gWOFu9UVv5MBONuk?g~ zEAV|F?E+YQ5bT0PS!+Y5$khk>k=VyRV$?^%vZ$8XE>f_+Eh4@9^)Wq}St#5XYt2vl!Evt1i5 zJbszk=c%8!_o}FcZ(*fO=zGAoJ>8h z2`M57Pw;~cVqufOD$g9jAT&3cld}~t6#9}Pi!=@4Hfr1Xnc_9Fe87|R$!WZqM^U|P z!rx=pVkmZMPV&3B=KwknD6#4D`Sqwua$APzWlCJ;8w_)7_-P!a4=Di0f_(xj3jK!J ztaTZW8+ZLQK$1M5N8Ad`e4hYRviY#Tjkof<$CaEm+pGw-z_KCK75P_(P$%<6j3ukf zZn%l1YNPI?&2uLRTabAq13+)!rE;XC|u8pdQulavn6QqM~MgjYGEf*Nv)!7 z->dFT8%qxM3j`K%?S;!30Q@g@Q7zTux z7PgwRw2~sr!KXdW}6i zk{rPDfRist7mL0qxS@O{z$xQ{(mq}$!K@zs)|c0&Rqd3PJui<`aEi3Rfu`GT(Dx_X#?}|AyyK#kSR$QR z=Dx1@g~9ISwGZYzSRDGa?#tPfQa?cg(I&ZSouKeMj>svzi4^C5X1lIVf#JI-rFr2Y z%ZVu^ziAn#;TYwbt$QH+7V`cifgLsLT+GDTN?K|;X{x0cIp;dlX648zA25`FnN1^^ z2Qyiulps%5;viIpXFlFLzDD=XQ0PsHY}1@#dT6JK$3)y`pCMsyv%VQFrXIJDrVDl@ z5zKNLIEV41DIZGJ(2`&5)*tZz%xIGXIE-|wXAJCW*6{E(H5%HEWQp7KZ7v!228jr#?Ky-eV#(tryG*-*#=D?h#M~w1eLV+keF4AJ8H8+#@!uwGa7It~XC?8eHR0E@e zQ2QSQr?YB;lRL#zOMbJGs6idGDVv&5L!5|g-0=7EeWL*c!8{*W+M{3DLijsv(l>DB zVcpNF`R<`boy7=mbCW9*1bGdu4mQKs%!IE%piOD6@%${vO>G%}9XfZojm_&I-G659 zW|8pW9s5tjc8v|!-_=yGaOETdW~IKGS4gbCxtHyN);zh^2Ht9!ZCuR>o7XMJ8SAY3 z2CD&Tf>P*5<$ehEf#p@e6IB9MRQD_7+mQDu9@@Q-WSsSFoCs3`y9tNcZ^-Jm67nw8 zqEkD&PLaW4pFe?`Tn=gGpBe%02ncTwX>xG#xMDu}`Sbq_AG(&qE-cc{MR^=6ghle} zv=`lM3y-v(GxI#OnW?eOS2K%&ZWV!#yXKiy8*faR*fI2Jh(*wDZWmg!-(I^qF1quM zz!hlPpHO)xQ=JHDk30)9sM5FDpz^yu>f}@;Vb=`_V-gNaQIk0Yb6Lu@5D^*)rSHBZ?GfG%_ zQ!<-*#xT!TS#sU9r?bCRFR7LB{P~pb-X=Z@3MY6u4=9Ug5)8$oD^O?JKR8sBNDT8E zxi;tx`fCl*lht^b{Ci)L?O)la;om9KWl0FBvJM2|_He>~t4}x?2o+aW3Y|NqOB$tS zaYiL;$<Mb?Of@63aYNtf zt2r@C-!FXA`VD4W6wv6y^dIy(`o|iRT<|7y=Z{DxIk}~|%Hkv^!_uoPMsgCeJAr5f z=%*G}$GTz5T|BhG;_;nHC@&qS{_?Mik_-MmmhAo;$L=>il5+g@!@)j0xGDmzbe`Q& zK_!@VX=H9(``Luo$!*Hr3*Bh=c?$$6YbFQfZs+GAVD|QwX(cQT#dl zyKLW)Mq4aAjbk<)EeBv03Ns(ud=Qrq>gpy;!6tA*!IQk2&Vx456i|0K8*-)Jj3=Uy%kP?$8+VJ!N#h4_Wz zJGeJTYS^}Wp&1X|tLvEp{%|A@^=`EtC(Y6_q zu|5?`EQP#YKK1sqG6Ab`pkkcdipa*3?BT;YB9$X8>oT@VsPau*6i4s1mbu++>e7~nA*WKj7gT|d*n@|%8>(d%- z32-@m2*0$Z(H0_X+Ilbz(YL+A97`;SL$~{59e*Id)LnD#?`Z52k6|fnX^b?4mA_gU zXpnp)ylBdBoWC56-UR~(Ao9-^sr?wkT>;NlElJ~Jf~A#T=A*7;HCF(voEwGxN;JrR z?MU^AzkMwgPsmDES9ws3)5R8!8j?^X zMhKc3H~qMWl_x% zQxms*N{~s9__Mtlr=6@Ci{goTGf}BW73uO@0;kpbyq!x=3F^*})Y`YN(=&iNSKC)m zO$T~S@>sBu=8lhSXPebVzrLuyNM93OltwJbafPgI&EJGL+YJxvbnxME%E@LYv=4FD zPZ#xZHmPTiy^2f~d0D>&+yp{IL)&IRwUgb!Vzs&yr)61pqnjHT>^a0>VeHbV+9mDWg zTEE(qX?ec=aGeV3NC!r(L*OAYeSQ!`@E`5qVg0d0n85i&_iB$0^>^w#el(F`Po7}f z?E~~oiw5B9r$7d5UBQIozS=+J0Jtn-L8UK}@EfCI>Mm9FXSd#*3D)h1Ji_)X((`8r zO6Az6Q#D{G>0Z}?ut2}jM#`#XQ{PdrO6H_rz5453XVlO#J(7!~(D5hO0{121^r%=A zI5F*PIb0{2_-k&e%vRv6@Qh~YW?bRx5rX(Mu^U!SkhtTJ$lcp?4B`&@F~Fz$)SbHd zOkj5TjaekhZ~C!QAKU|a`FUdp)wlmL?u9fuLk+K8Tyv{MN~vgJFsPYqeK@7nJt1=u8gvk)53M<# zVSyaDd^#xdvYLDM?xfp~3GjSt^+EQ);)F5MlJ51sQIn5Y$vi}qH_ZMh5~u8i-duJD z1FJ~M8OM4EYkwH%l>taiN5gxi;lb(oDo$%AQt9(KpN8QuA5qwBLV@a-3IM417<&T~ zROsq=R&Xl5lp1-LoVi022=rLqY9x$G{G8h=0aUod)2pDN#pG!j7K|H#8eTX^HM=Z-^jo=~vHT8s{iQDtQH@tMGF zd!0|Wrm)TqxA4A26M9onRljl+W+3t#25ZNz!snZtYtTx9bQu%OG_I`DiGC&&ai-1B z+tisxVKBiR**q6EvA}Mh1)GRIrIMlnT(b_H^{+c6?8?1%s#~%%Y)Nt73(K{x6W2Ho zRGpTVsX~P$6T7%61hXHbyxYNA+0)j|_XgpzENd>z1&+~`Q4o5bfp=CNk2MOD*O;;$ z6rF>Z%nNd-KU^`}b@2+kZsr}E`rMYqjzr5#1`fKLXL4Y@oc^W&0juqTCbZ#=>P8?{ zL~wHpPB!|@0lV*9B5oL5@NY}tCBfr&D*(!u7Di+KQ5INprG$7WQjMY%%_b^#>Q@D} z%pweh!MTfYNtA}X|CDJsNwMz0zOa9-mZ1J{vz(f!{DEzHBiFYr`o!V!fj&>Pu2xjS z{wGI0U)T+wy6&KsANAI(h3nYz0tv}Ejx3SRrA`%xBX&q-3%m#B+8kNM5W#K812mV z&WgD{G&di*Ln9$-p3$JLc*Q<`vy*&Tvp-ao`bN=Irx3Rp}XFVoa`}#+g zpH&A-;>&wY7{PK_84KV@r1QM|!YNo9{mX<5Tv7Mk`~rQO(=i zifabdYKI@bDr?3!Ui5UNBubj`$GhK0rrZ0MC{|B$2nXFZ z=q+_dv31u!bI){07lW^hMl>HjShhwhL6BEktuR(p1AhTxen;}3ESr?Lqi?v_Uau)=h&`&=e);^?X{Fb z8p+WpjVx^v6#&BMT3$xvTyr70U+M0HAS~$`{u#f-EN0)_q}^&xk+Na*2tDqsdHN4r zcr%!yCUR17Jh3#`%Y<>wW@QXdEYcyJWzN!I2^v?)h_KlvGBpzNat)?NQr1tUo-Xjh7?#yq~_{dbaY1VE6{fNdM_p-Tj`_fw-_j4w>zSf z1KBItbHCiE{Lh9=nl4}!Pv%2=UHnf|GQtF-yfAX?kx4bYi91dvG|fbF1o}{xp553bfp5e#?@D@aaEx;4et;z#f~NNXX@{ zbSnp@)^?7siwRYAg_CX5Kc1UV(E1icfQnBKSiQ=1dG_%44>LbV7g}|ftN!9Xpp%=dPE~?q6jjMQYI0+e11uJ}VDsTY7fp%4ARa&7W43`Xtkc zIZ_Lz9fg%orvM#aAGq)z^^}hao6YvE3acm%vt%HSI_ooc0dw{{8K>m zyfPZ=Ij@0S-4?!4uARsSO9w7!Uk>iTf{&Hno;9^v_nIvTTj_r-7W(uinHd$TLp@M| z$HRgoIl4lbZvT*s%S&)|=#k)#X*+pMNLX?4^eXCXiI707c=&IKu$0P%KZx=44~D<&upB0`2k!4e7-s9mr4Zo4rO7Wp zJL0EZmww8k=zz!3EBwaCXHolMp3YB#+F}S#YAg!3shrr@Sbm1;XP)hjW$*Rq&NgAdb3Xh0Qc`X-s z;yCP=v;dg*LgDF$EpjxNJ0IC(Spvu1uyDG3O8X#v{UtE!!e}Bl^P*Mjg}u;q0xG26 zLLNXaIf$UQzpt=VQ#+_ese_#<6USv(SnhAtCfl3;L*-@DG)OcYg#~0WYkNN^i7~P;EItw+VE&3_Ta1Ir&-kRqKPq zod4RopfMIl0~&yyn?IMfzqNz8-Hs)I&?SnM&;(kBmb3oysCqm)M|#CiSU=lv4P{Hu zdnvpRS-N-OY!A}6_Z~t`0?LBIpAdN27g--t7$H5s?bm_ExVl$4i8A}DC0)Gn+jG`Y zFzINi?t6`2;Uf_(qI3!M7M-Df9j6x2b@*{-k<<4O{*n~P(&SIHxEn4%@$UJUWz&iv zF-+zcx!NTaqx7)3(U)u@fBH8P!|U)sXCE5t5Z+KPjo$9FGh#q`ypWL_j6*Aph~iiA z!(hxW{}Zz;h7^6-J)NH#CT z#Y0W4_y-+#j{EmoWpTd;27i``r1)WOCIgzPtNDHKFRi}K|6Zy2`#RA1^NUYD=R7>hmy4D=89zK6dR8 zw|3^5b3;ssv0c$Zp~Zpo^;^`dYBWCj!-+N*-Jlog&9A5&>Fwq_Y~BfjAQZ^Ek9^>x zSf47}bm?(#a{i^Tr-Xp};ab7>fTa#5NaN+@)vXv#9iXX`#9e_`pR@XUTiYw1KNc*4 zFEy6D8Q-?1~P~M1l|>#rcbnNTGa)lW);v_ z&67W*Zz(Avn5OeHlu3Pk@xLn2|0R%=5BztD=cy_h8!s&NL9X0L@3EfOLW~Xp*o1b8 zBM&cHTWGD0tUfx^{p{wBd$_m`O6FN;Uca!Ezx^ZX<|ueE!t`y8#c-koPwIF4qv|9K zygs7VZA#?SE3|6ARvE8x#U1Ilqvwrf%K^v}wkyi3ERB7+e`P`YN*wZ!_L8u0qhkFO zwQmHy_N(B34IWAwrjoc(B0H=hQ2=venSC7b1JSoSoNtF|++!C@<~zZIPKi(n)ZAHA z#L#i&abc*=^wIA^r5%3QL#a zRk-_H{K*qS ziIy}pFV;5Gg7nw1cpbhjyDRiJj9||+T~GchFVJ=GYuEV2!$xSh-CREA$fNt}HYZ%n zNb`OUN5Xa_KzAv$y*|pN%lJ5wHW?UtFXTy6Jj-q6okA= z+HEp!oNvr<`eFn6v(Iu^9sR6#!4i`J|4z|?*AyZ`mnhAMf79soa)98{hndaBKITqyOr4XD6uaK&C8@on8R`xa*>XrkC->{yYhL-l;*K3=f=SPZskgOil;;uu}mX|GT7!6G?Jc!riS zbuQD#_=|90(xkW2>}30JLE^N3>=6DN>@w+ta^+9{H3o-@(4CH#Ao5wSu8%RtbH9^y zy%3R@`kJ9}tI&7N@qjelf|al1$MYvf)*Mm4mRChZf<~Q&ca*DUNXaOIUFdanJx? zi`;3~liWX4gZ$CeHz%dhNwdpy<9F)qJ7TxG^Vz>mP4gPP>8BNI z`4fLD9oQc4Uv{{|Qxf}U@%2A%8yLpb_I`KN%Fz2c{ESH- zPd4lA_m6n1o@%vZ6ZoBO>&W;dXzAvWWNg&wNfO+*{^$#mCm zob^}s@MPVP>HVLqI{moP-kTaGxfw2&@+Xf6X{Jo;?oD3t?rF)62Tndoupj>DC75cX zP{IEKYcC0t#*e(3Z(V$HZE?O*4$v@ddPyR%oR*g81qat(e7mZGkR0emJsMCoB>Ce^cF`s>ekB!iyuH(GFMiPF|)(qm<#`=_{i!{WM~W-E!?QZ)4xX zk`tTMizMy_dBFUl^FOf^U2kZv5)HA|9$ zO!J&a&MZCEwIALdv0VIW-D!uUOl=Mt`&SpxFO{gbAh7L~?*+D9ZAuf}q7( z>=0ZQ@sA3xX@i*l-$mhTNCCMZ48_rg%jF#eVe+pW_W8Ub9?|@1V5#J2HJ@P8|5yIF z>KOm8N-%ir77)O^zcTnHyX*(iQ~f*RSKnA&En4nfsc}!gzf>J^L#HY|fY&@jWAzP} zcz@Ra)O9H9o}iQ~DY&iIp-W#rm|-tvs;~HESHg=5P@kI`{I52~a z{v5B*p0A`bBe5%pQ;`#w>4@?K)|H|lKx$+y*g(%tPFZI$wb~%%8H?##<=;R5mG@#S zuBBzEH@VhiLRQ;kk^jyr_zmeBr6DLijn;oMus${X9?`>9w4%<-#CEGK zY(!&6X_yjXjp?heYpX zs^pQl+=KYaAYtUhp(V!l5VH8Q;q)1S(gIt-cGxT_G~n1W+`x78QB94u2Hj$~-5{>C zh~PF=3&teJMdD*H{lJd(4Ky<1DEK4A>;Ut|3Pt#xF{9?rr?XYW=a4N;d5%>enSzC#!GLk@*W&yBIga z3s=+iX*lI7lI{4G`EDGy%b!5ttQ)^f_rp*#gXDeBC^d$Spzfi7S@3uzw23*y#90H2 zOzK||#Oa{KDlStOp3C!3g}6s}LuGY_CuDI*Fob_)&;=s+?K=Er1gK)ZS@@g{Mwklj z)Gp`X@NME(TgWG7WjFL_vh)Ym3MNO%aw*Y{i~YmGkvs6<8pJC`Kryy@Q0!2nl_eZI z+p>VPhfxbsAN4eWsYs!ynbnmko5U>a`-{VfYl6kdIgZ%Cu4NE9F@TSXF3`s5N&&nspYmL4CCtZ31iwCjW~!}BxFgn zBSj@+&l(a>cyL9pcn6LvG@)d0iekLgQ5!f6T4UJPaC`maWlx_eLV`TADcO9=JG`5?6JnB4jrphgR4mPqI7)M{?j`xF9bL+LXlRM$~#n6l( zG5!Uur?Gq)84iW7cSKE2&ZaDIie4ipXF+>fmu}$mD=T<~&*w3f3nF#w1wMmDAc?0* zLihRb1;KGXO=7%>IFv2i?c(I{=90bVh39tJ+^S|d#zb7I4sB(M16GRAuvDErgiFl=k z7af)&cVCThUtu7+k}-%g@H5XCzU2(qEZ+@g+F2v+S7FzL+Re;=LWX<6KMJ3pHzu_( z(LtTKMFC4}F4$CZFkOJU4i8|pxZ4|?5D4p^pMlLW3n8=iUYbx*ljc#koM(GAPd|fL zSYnS~JS`-Nqw&5oy5ePCwp%dR6GFz!jn2>=T;}V z-3SE@hyU`%K~fDlDgcUAjGn|hB+?|pN4;N#L!SG+9+Bwd%J5#=xhnHQu_s<63k%eX z5^stTU4Q$vp$qIcQ+tT6)NoROuhF4Lm>i^ur!&WX-6DLlS^PF$o7S&ZNh9p3fUTHg z@`TGv2R`u-b7x$;NP&#WsSTi7!w76v3oPl}4SQGrisD)Q9`M8jxmk2*yJj`8kDGD_ z1yI91*{9JI(7Q6A09`Jdh!Y!8FVR+(e5qjPdVkDFa1;N~N0S3IBzczn1->=S1UbAN zw_*n|>fl?Mjpo!eh3;sYFAyLJ?tu)vA}D=n!E;}%fF4->z7jH*e!((a!dFp z(BrLK-18B_!-L2%j6RHt(NvS}$ zIrXbKys&2FT$=>&-K*Ljl5U8n;eTD|Ep+vAF>x+aZ zPrkGs1P=)_l_=-#(O?1fhXkozxY@eGAS< z4Rat7z#=mbxG-vQnKjfB5zyWIA&!z#YzJmMxU4^!BVKn&8COqgZXlIWV)puSmu_Ha_9m(Z%=uKR z)2@fdxk8j*4iaK&UB;=1<$n!3T6Ly$BRTXE&>3S0j99ejKVR%8 zh@IhHeJ4m5L}QQepA=m{H&OTPh0x0?xhe5_K5`oBVGTe&IX?(Q8vC#LBw z*Fp>X_r$R{TjS1kgk}Z3{(6%lj+$=E9~J+0x3dOgW%Bw6p3W>-p5u?jl!CnCjfWO* zR40TsZEz(%P8!oezJ*kp1IBc-0{AUT_Z$AGN%0qFEVVlcBeC@;W^>?z@PwQ1g-Y)V z@JKh~vwqN?bFLM_=OeV|oC8TC9ouKRFT2eW}eK8e!Kq6HY-%{?3CV8!VB;67rp#Fk_QImKOkjz6N?YeD$T49WB;2We1gWx&Ms9AX<$)*r5S~+ASDraQR!VmM7x?`C}{WAE)6?}EQU&uFD4Z#t^ zOoj*+h47fQ7Q;(2;3sG8Yb!1gZ{;gA&P4Re=_D2=;fRlYsNjmerhxm69o?aE(Ayex zey6H9H{{nEpQ~Mx8Bc4Jl`4ym{cY^dsz2zdZ8LZmLxbhn8odMB7;lJa zcob)b?RiFcnB$JSaf^14Y!wI}!5=zj;_bJknH1`wwa9k4;d-5Ku!WreX+Dlz%_xSO zZuEOh>}uBk=)9YN*ZF2!f03~Juh3_`-Qo(%{20jzWi`HPl%)Xo{Te z$8EHA7+r_Prk>T&sU?~vKXya6RavT?$GKnc(Lg?cv=4$+M)=1~MBz2_=tYTHy{jnY zak+E+XZdyYez(6FwuqSaTy%mVKI(eALCv)0%F#5YZek_MB2J^z^8}v{So7qBz!_~{ zyg?3N%`jT7*C_ex<>ILz!5oXUV}ovcmJXOI!Jguq;vq)h>83>)07kNu6D3PI?b}kG zZWSy_*7CW}@XALf;`g3=99(qL6U`c?=5NGfr;Nf+sYZ|90*1OmHFP%K3snZN9v7(gn1Q(M~ zW){-IzEAUSN`-7~CT&p|Dg8_V>kn1lU0f2@NvML*h99atuoI>a$g1Q~U)Ln5kW$)+}?;&55;!1W#bs6V|1O>8CMdtspD1MNV3ph zU~>M%^MWiAr7raX!hK!{x&15^Bda}`{H$}%3!HiAK$4%y0w2+#K{SRCes^(Xh@NyjTF{e`s}GW`X=f}m^l z+B|58cCD&&#%p#LlF9y6i!S^MiK$by)iA#)sY4~tgJjC=`8>R<&ruO~QCPVKRcAXw zyU=`o$*l%?osl-J0D&j6y4D5#$z|dd-cjxkA++A_1+K9BZH6DPm&&?oua#YYjc$xx zcz+m1J7I>RuK0X?e`LP=6{}btFf@M>8k0!b>omeY6%LPJy=s zj^>t(*N|(gt zym+nl#l{`HTQqQ?vXH(!PCqYC`H+9V?74vD;SQfzNO@R*n&8%)|HjHTOb&I=jhmN# zY}SNgZUa*Y=O|UALKKmd(4Y6^Qf}?Ttq;^&X@=sN_h9y z+=~-WcjBHLjMJ5JdGVOIfBW83hBm|7uk^;AazO`z(Mo%UAG8DjqT&~1iIQ#B89=;V z;FG8}*UuBj;uD?0#3Yt~0loYfR}ESta+k9gk8DcubDJI?3Y^!CjGI;+&R8Fzmqa+- z1rA&cp>hV5{LGKqO+;&isLRleKJiKkD{GP)!6Txmxoopu<~v2Ewzy??=DmPJu5WWlDWC<0IG+gzdeI z!@IM@GUKk@L>)K%XGdF@kG?3UK~EY1nT!4qQ}ZasMJ0Q+wZg_@!=hn+{=hc#*%X$h z)*1-*DC*_{ccW(DGtaP1C+{8AvEtd}mR=lqs0e!Al2=U6HA8}?LyJH-O^rD6(`6Az z&yl2&^}N(`3L*ye*AFed5LkP@ zu=JV?&$?~rs$q9+L9~DmxO%m?v18}O_^`FM;J$qy)#8uEcUfi31@{ktw{rQ%fvV$W z=&1RY42E_{T}30uR4l49fB_YgtP?vUr`05=+I~_UdZ4yJl1ixh{83Vm#2c-cJpl8p zMs>)84?!nR>=EDVN>Xuq(_x#lpsT@<@fG85OLF>0sy*A96WX?NWr5mmL<5%W5l&j+ zvMc~0?u^YRwMe7BCemLX^1~>}RM*(f;O`T#M5-k=3b>J`_e_*tOTxxc-q<}&hus`9 zkS3wuYzatLCT1wljM#kj7lrFegVrEnwyd0|Z+_TXkQ*1sCNkcEmAo^6- zO3FPOBrNnHlmkvPQsR7;Vb)n@lz{`K>HGKSGCWgF#j;{-8_GRThUh}=zXuj(2q2>r6Iklk+Cn1xw-Qxw04q*OJ@FRMhLQd7YZs8FR~JEu253Wd4+hq46^jTcxtv z&9Y=`TY8F}sPJ84GBw|34*3Uf?YKMFa^=yE1H2^8N?q^4pxI(GsZVf$U_)_u9q5;O z8HtDUA{#sIOA44jX;+|5{U((aciUF#?&%p5) ze=P@rwsypHeTg3VfE?6 z)B!ij91|>g<3_nUbfXuFHBgr!<2nB!L$`mzi$NcJ*2v$P=-$PjA~+gD``Eg|?Pf<( z-ol`%p5lHy^_oOm{wC{V7`ylv&HuB9+L}<+J9FX>ZqVRg!|%*hdunFlJBo#IAxe9H zp9R6@ZHA9lmbGjKZM=qE^mL?qAqr!<{>ythoZ{p4_x^`%D%wRuWi49kvG08}M{|!p zCRQt0p3q29<{)m6-#+!PRey&ED*;99TFKLQhYe`^AOB|q5|CF;f7foVQJiZCW3;u% zFGWTpu3Z30+tDXf7c8;V@$T4On}9}M3UOWIUMIupHvcT*B%wzQFiE-epOZ3Tg~q<9 zLohAsTX=u~Zb+S}cP-V*gVdhw^rL88D_(Rd7xal{ z;=%>0MT^X_@U73rY|s~0Yl%#2BszowAdPA}g=1YS&pco^#c7d4AGzla_P`R+8aRe= zjxpR(oh@G`1o7t7s*! zV4Mo>Lr9+VMq1UmFrEtOk~h(RXc1pQk~}r}sGOz1Q30Ic9#z=V>|N!)r=Q?dO`2%b zR0*7V7TZez?_)brm32m#!8W%+RLE^Tucq(Ml1oXoR|U|$mcfG|@^t|tqVl)D6U*Qf z`%ndq!jZ8%OZAW6OUsLALw0e_4QBDtSoL!b#lsBu{WLY+6yTPCe6_%30-RJNlKtaOPXB4YC&!2?P(2Yl>Eoc zt7WHCfA3FbbLB^?TfD&`7B7j*Yp7Q7Mo5P`f*D7>#>MGTn!hupe(kuii(b5Q3bEyX zeaD3DUt7rbDzrs@cAMALKH!~Vi1=~p&h7uh>ma0`*c9Eo5F2@wIu&Oic^V7Y)13eR zEVsJm&5Xw@Yt{X~#LbI-_Wa4jysfCo)GF-GjQ8Tg=J6XIr9HW@RwDDXzg=I}-6Ll; z+=^G+$_MspbCZ;M`hDWVR!Pl2x-GNcG+D{6_R+DPznfRz4|tmnI&k9U>zPa5b@xq~ zqdD;vwD4?j|DM_@y)rLTC?~Jgu?e}20jnr zg|PYEbj6E`5~_JEM)!97E&g`>+r<0k-|IxLhp&Ait6jJ$_rQ_mb3|56mY%;oI(5^M z3m|uW-zfju?QG%QZJxk|5-I67@_v10LMv9MtALi~U&}9h>Q?tDJo=t>%%t~{&78UB znQ_)1W&FFoug=lAJTFETxVe}&x8QBrZPDasVVig+sZRa3w?Z$?NRb zCEAWfkP{4wjFPwTFWxpgcjm@e>#%H|?ljIMvFrO1w&}t>%5dycDTFyT|@rSMS{gVqVw`&`{@#-uMPh$9f zUgmo9<2xDh|J~rz`*zWmg~prCSv$U)T6^=~*J*Z>R{i^!e<1mk?0fhEp9h;$fve6w w>_l~l6;SM56KYB(?szZc9lyIjv_JdLZgAeoYi8xolb|f&>FVdQ&MBb@0J+Bzb^rhX literal 0 HcmV?d00001