From 01f0498498b6cbd90b5d9afc73a34a6931e3c724 Mon Sep 17 00:00:00 2001
From: dongjunduo <andj4cn@gmail.com>
Date: Wed, 29 Mar 2023 09:55:53 +0800
Subject: [PATCH 1/4] fix(cli): prevent non-`127.0.0.0/24` to access admin api
 with empty admin_key (#9146)

---
 apisix/cli/ops.lua  |  9 +++------
 t/cli/test_admin.sh | 35 +++++++++++++++++++++++++++++++++++
 2 files changed, 38 insertions(+), 6 deletions(-)

diff --git a/apisix/cli/ops.lua b/apisix/cli/ops.lua
index ef069f815010..5ce51dab3b32 100644
--- a/apisix/cli/ops.lua
+++ b/apisix/cli/ops.lua
@@ -185,12 +185,9 @@ local function init(env)
     local checked_admin_key = false
     local allow_admin = yaml_conf.deployment.admin and
         yaml_conf.deployment.admin.allow_admin
-    if yaml_conf.apisix.enable_admin and allow_admin then
-        for _, allow_ip in ipairs(allow_admin) do
-            if allow_ip == "127.0.0.0/24" then
-                checked_admin_key = true
-            end
-        end
+    if yaml_conf.apisix.enable_admin and allow_admin
+       and #allow_admin == 1 and allow_admin[1] == "127.0.0.0/24" then
+        checked_admin_key = true
     end
 
     if yaml_conf.apisix.enable_admin and not checked_admin_key then
diff --git a/t/cli/test_admin.sh b/t/cli/test_admin.sh
index 5336244e3372..6f39ffae170a 100755
--- a/t/cli/test_admin.sh
+++ b/t/cli/test_admin.sh
@@ -154,6 +154,41 @@ fi
 
 echo "pass: missing admin key and show ERROR message"
 
+# missing admin key, only allow 127.0.0.0/24 to access admin api
+
+echo '
+deployment:
+  admin:
+    admin_key: ~
+    allow_admin:
+      - 127.0.0.0/24
+' > conf/config.yaml
+
+make init > output.log 2>&1 | true
+
+if grep -E "ERROR: missing valid Admin API token." output.log > /dev/null; then
+    echo "failed: should not show 'ERROR: missing valid Admin API token.'"
+    exit 1
+fi
+
+echo '
+deployment:
+  admin:
+    admin_key: ~
+    allow_admin:
+      - 0.0.0.0/0
+      - 127.0.0.0/24
+' > conf/config.yaml
+
+make init > output.log 2>&1 | true
+
+if ! grep -E "ERROR: missing valid Admin API token." output.log > /dev/null; then
+    echo "failed: should show 'ERROR: missing valid Admin API token.'"
+    exit 1
+fi
+
+echo "pass: missing admin key and only allow 127.0.0.0/24 to access admin api"
+
 # admin api, allow any IP but use default key
 
 echo '

From 9b2b82f05c07a06d018f3bf5739b5c94222c769b Mon Sep 17 00:00:00 2001
From: Navendu Pottekkat <navendu@apache.org>
Date: Wed, 29 Mar 2023 13:09:17 +0530
Subject: [PATCH 2/4] docs: remove APISIX base instruction (#9117)

---
 docs/en/latest/mtls.md | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/docs/en/latest/mtls.md b/docs/en/latest/mtls.md
index 1a1180a0978f..fe0f43ef7ef9 100644
--- a/docs/en/latest/mtls.md
+++ b/docs/en/latest/mtls.md
@@ -1,5 +1,10 @@
 ---
 title: Mutual TLS Authentication
+keywords:
+  - Apache APISIX
+  - Mutual TLS
+  - mTLS
+description: This document describes how you can secure communication to and within APISIX with mTLS.
 ---
 
 <!--
@@ -68,7 +73,7 @@ curl --cacert /data/certs/mtls_ca.crt --key /data/certs/mtls_client.key --cert /
 
 ### How to configure
 
-You need to build [APISIX-Base](./FAQ.md#how-do-i-build-the-apisix-base-environment) and configure `etcd.tls` section if you want APISIX to work on an etcd cluster with mTLS enabled.
+You need to configure `etcd.tls` for APISIX to work on an etcd cluster with mTLS enabled as shown below:
 
 ```yaml title="conf/config.yaml"
 deployment:

From 508b73ccc7321968456db934d95c0f338189d0a5 Mon Sep 17 00:00:00 2001
From: jinhua luo <home_king@163.com>
Date: Thu, 30 Mar 2023 00:29:22 +0800
Subject: [PATCH 3/4] fix: host_hdr should not be false (#9150)

---
 apisix/upstream.lua | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apisix/upstream.lua b/apisix/upstream.lua
index f41364162f5a..416bbea7cfa4 100644
--- a/apisix/upstream.lua
+++ b/apisix/upstream.lua
@@ -135,7 +135,7 @@ local function create_checker(upstream)
     local host = upstream.checks and upstream.checks.active and upstream.checks.active.host
     local port = upstream.checks and upstream.checks.active and upstream.checks.active.port
     local up_hdr = upstream.pass_host == "rewrite" and upstream.upstream_host
-    local use_node_hdr = upstream.pass_host == "node"
+    local use_node_hdr = upstream.pass_host == "node" or nil
     for _, node in ipairs(upstream.nodes) do
         local host_hdr = up_hdr or (use_node_hdr and node.domain)
         local ok, err = checker:add_target(node.host, port or node.port, host,

From 809ba09b26ddd62e0efa612f85e90d1aa938ce02 Mon Sep 17 00:00:00 2001
From: jinhua luo <home_king@163.com>
Date: Thu, 30 Mar 2023 15:29:44 +0800
Subject: [PATCH 4/4] feat: Upstream status report (#9151)

---
 apisix/control/v1.lua                         | 156 ++++++++++++++---
 apisix/plugins/prometheus/exporter.lua        |  14 ++
 .../images/health_check_status_page.png       | Bin 0 -> 23044 bytes
 docs/en/latest/control-api.md                 | 159 ++++++++----------
 docs/en/latest/plugins/prometheus.md          |  14 ++
 docs/zh/latest/control-api.md                 | 159 ++++++++----------
 docs/zh/latest/plugins/prometheus.md          |  11 ++
 rockspec/apisix-master-0.rockspec             |   2 +-
 t/control/healthcheck.t                       | 114 ++++---------
 t/discovery/consul.t                          |  10 +-
 t/discovery/consul_kv.t                       |  24 ++-
 11 files changed, 377 insertions(+), 286 deletions(-)
 create mode 100644 docs/assets/images/health_check_status_page.png

diff --git a/apisix/control/v1.lua b/apisix/control/v1.lua
index fd031a473ca2..3143ae5948fc 100644
--- a/apisix/control/v1.lua
+++ b/apisix/control/v1.lua
@@ -14,6 +14,7 @@
 -- See the License for the specific language governing permissions and
 -- limitations under the License.
 --
+local require = require
 local core = require("apisix.core")
 local plugin = require("apisix.plugin")
 local get_routes = require("apisix.router").http_routes
@@ -22,6 +23,7 @@ local upstream_mod = require("apisix.upstream")
 local get_upstreams = upstream_mod.upstreams
 local collectgarbage = collectgarbage
 local ipairs = ipairs
+local pcall = pcall
 local str_format = string.format
 local ngx_var = ngx.var
 
@@ -62,52 +64,137 @@ function _M.schema()
 end
 
 
-local function extra_checker_info(value, src_type)
-    local checker = value.checker
-    local upstream = value.checker_upstream
-    local host = upstream.checks and upstream.checks.active and upstream.checks.active.host
-    local port = upstream.checks and upstream.checks.active and upstream.checks.active.port
-    local nodes = upstream.nodes
-    local healthy_nodes = core.table.new(#nodes, 0)
-    for _, node in ipairs(nodes) do
-        local ok = checker:get_target_status(node.host, port or node.port, host)
-        if ok then
-            core.table.insert(healthy_nodes, node)
-        end
+local healthcheck
+local function extra_checker_info(value)
+    if not healthcheck then
+        healthcheck = require("resty.healthcheck")
     end
 
-    local conf = value.value
+    local name = upstream_mod.get_healthchecker_name(value)
+    local nodes, err = healthcheck.get_target_list(name, "upstream-healthcheck")
+    if err then
+        core.log.error("healthcheck.get_target_list failed: ", err)
+    end
     return {
-        name = upstream_mod.get_healthchecker_name(value),
-        src_id = conf.id,
-        src_type = src_type,
+        name = value.key,
         nodes = nodes,
-        healthy_nodes = healthy_nodes,
     }
 end
 
 
-local function iter_and_add_healthcheck_info(infos, values, src_type)
+local function get_checker_type(checks)
+    if checks.active and checks.active.type then
+        return checks.active.type
+    elseif checks.passive and checks.passive.type then
+        return checks.passive.type
+    end
+end
+
+
+local function iter_and_add_healthcheck_info(infos, values)
     if not values then
         return
     end
 
     for _, value in core.config_util.iterate_values(values) do
-        if value.checker then
-            core.table.insert(infos, extra_checker_info(value, src_type))
+        local checks = value.value.checks or (value.value.upstream and value.value.upstream.checks)
+        if checks then
+            local info = extra_checker_info(value)
+            info.type = get_checker_type(checks)
+            core.table.insert(infos, info)
         end
     end
 end
 
 
-function _M.get_health_checkers()
+local HTML_TEMPLATE = [[
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+  <title>APISIX upstream check status</title>
+</head>
+<body>
+<h1>APISIX upstream check status</h1>
+<table style="background-color:white" cellspacing="0" cellpadding="3" border="1">
+  <tr bgcolor="#C0C0C0">
+    <th>Index</th>
+    <th>Upstream</th>
+    <th>Check type</th>
+    <th>Host</th>
+    <th>Status</th>
+    <th>Success counts</th>
+    <th>TCP Failures</th>
+    <th>HTTP Failures</th>
+    <th>TIMEOUT Failures</th>
+  </tr>
+{% local i = 0 %}
+{% for _, stat in ipairs(stats) do %}
+{% for _, node in ipairs(stat.nodes) do %}
+{% i = i + 1 %}
+  {% if node.status == "healthy" then %}
+  <tr>
+  {% else %}
+  <tr bgcolor="#FF0000">
+  {% end %}
+    <td>{* i *}</td>
+    <td>{* stat.name *}</td>
+    <td>{* stat.type *}</td>
+    <td>{* node.ip .. ":" .. node.port *}</td>
+    <td>{* node.status *}</td>
+    <td>{* node.counter.success *}</td>
+    <td>{* node.counter.tcp_failure *}</td>
+    <td>{* node.counter.http_failure *}</td>
+    <td>{* node.counter.timeout_failure *}</td>
+  </tr>
+{% end %}
+{% end %}
+</table>
+</body>
+</html>
+]]
+
+local html_render
+
+local function try_render_html(data)
+    if not html_render then
+        local template = require("resty.template")
+        html_render = template.compile(HTML_TEMPLATE)
+    end
+    local accept = ngx_var.http_accept
+    if accept and accept:find("text/html") then
+        local ok, out = pcall(html_render, data)
+        if not ok then
+            local err = str_format("HTML template rendering: %s", out)
+            core.log.error(err)
+            return nil, err
+        end
+        return out
+    end
+end
+
+
+local function _get_health_checkers()
     local infos = {}
     local routes = get_routes()
-    iter_and_add_healthcheck_info(infos, routes, "routes")
+    iter_and_add_healthcheck_info(infos, routes)
     local services = get_services()
-    iter_and_add_healthcheck_info(infos, services, "services")
+    iter_and_add_healthcheck_info(infos, services)
     local upstreams = get_upstreams()
-    iter_and_add_healthcheck_info(infos, upstreams, "upstreams")
+    iter_and_add_healthcheck_info(infos, upstreams)
+    return infos
+end
+
+
+function _M.get_health_checkers()
+    local infos = _get_health_checkers()
+    local out, err = try_render_html({stats=infos})
+    if out then
+        core.response.set_header("Content-Type", "text/html")
+        return 200, out
+    end
+    if err then
+        return 503, {error_msg = err}
+    end
+
     return 200, infos
 end
 
@@ -119,11 +206,15 @@ local function iter_and_find_healthcheck_info(values, src_type, src_id)
 
     for _, value in core.config_util.iterate_values(values) do
         if value.value.id == src_id then
-            if not value.checker then
+            local checks = value.value.checks or
+                (value.value.upstream and value.value.upstream.checks)
+            if not checks then
                 return nil, str_format("no checker for %s[%s]", src_type, src_id)
             end
 
-            return extra_checker_info(value, src_type)
+            local info = extra_checker_info(value)
+            info.type = get_checker_type(checks)
+            return info
         end
     end
 
@@ -155,6 +246,16 @@ function _M.get_health_checker()
     if not info then
         return 404, {error_msg = err}
     end
+
+    local out, err = try_render_html({stats={info}})
+    if out then
+        core.response.set_header("Content-Type", "text/html")
+        return 200, out
+    end
+    if err then
+        return 503, {error_msg = err}
+    end
+
     return 200, info
 end
 
@@ -372,5 +473,6 @@ return {
         methods = {"GET"},
         uris = {"/plugin_metadata/*"},
         handler = _M.dump_plugin_metadata,
-    }
+    },
+    get_health_checkers = _get_health_checkers,
 }
diff --git a/apisix/plugins/prometheus/exporter.lua b/apisix/plugins/prometheus/exporter.lua
index 45ff94c3f631..1cb4a534cb9f 100644
--- a/apisix/plugins/prometheus/exporter.lua
+++ b/apisix/plugins/prometheus/exporter.lua
@@ -17,6 +17,7 @@
 local base_prometheus = require("prometheus")
 local core      = require("apisix.core")
 local plugin    = require("apisix.plugin")
+local control   = require("apisix.control.v1")
 local ipairs    = ipairs
 local pairs     = pairs
 local ngx       = ngx
@@ -158,6 +159,10 @@ function _M.http_init(prometheus_enabled_in_stream)
             "The free space of each nginx shared DICT since APISIX start",
             {"name"})
 
+    metrics.upstream_status = prometheus:gauge("upstream_status",
+            "Upstream status from health check",
+            {"name", "ip", "port"})
+
     -- per service
 
     -- The consumer label indicates the name of consumer corresponds to the
@@ -458,6 +463,15 @@ local function collect(ctx, stream_only)
 
     metrics.node_info:set(1, gen_arr(hostname))
 
+    -- update upstream_status metrics
+    local stats = control.get_health_checkers()
+    for _, stat in ipairs(stats) do
+        for _, node in ipairs(stat.nodes) do
+            metrics.upstream_status:set((node.status == "healthy") and 1 or 0,
+                gen_arr(stat.name, node.ip, node.port))
+        end
+    end
+
     core.response.set_header("content_type", "text/plain")
     return 200, core.table.concat(prometheus:metric_data())
 end
diff --git a/docs/assets/images/health_check_status_page.png b/docs/assets/images/health_check_status_page.png
new file mode 100644
index 0000000000000000000000000000000000000000..ed4aebead0fd833a5757c384af88dce627789e1d
GIT binary patch
literal 23044
zcmeFYcT`i`_BM=0gCJE@I*2HUNbg-i=>mc@Y0{e%=@0@&nus)!CQXWTh)9Q!gf2Do
zP6!=BN$553anA1^&$;)$;~U@j{&@d*$2-P`>`m5QYp!R`HP@WaT!d?BD3OygkP;CQ
zk*g>_)g~eW;4kjGuK_Q94^b*VyZE@|uB{|bRNBk5dhu|@_Q~@nL_}rL*H6u_UObby
zDjT{J5m7Y%@pGx&CEtpO$S_&u>64c}rW<Lf2o9A1^co`HQti%4*JIW-L9KS#5hsRV
zEoL&E&r}uQhd=bnxhM0f3@Unf2Vb*y-u|ho%)b~<%RoQ-3N|vN`g*j?X+c+|PPmFJ
z#KxvtPpUka9eoga5c%n}4ch(7f2ZeQu&>)g*XGnGo%8N|_@QD8WRCLMJEH%(kPFn}
zN&X~UcmC^}i?;8Ykf^6u%)oo`ey3Y<`FsJp?0e(1axVkVk7!S?0)*cI`-m7G1MG;%
zzg_y{0r^Sz9c1P$;G9zK=ti?_Hn5}RI*sP<um9CH_>V>}0OxUhh?f~Imfs2GsN_b=
zroTG*yT>0_$zNl<`;d$~@OZ;oR1(P~>88;NT|Vb4rN77gqxs+<5ip>g>@?9Vpptnf
zD*TG~e~YFkaxp3!;CwLS%%jM{9O&#P<m!5v^WTMg9r%ZA7p;ycB}~$L?E@t_YeF6W
zy|ccd$F~6I3Qms#35@3!Ti!;2&gZ9mLmLO@@`MFWIr@@ox#-cEv)(Lp-uX)6?ZBS%
z^RObhmrLIJD8x}(;Ap-2QpJ(>7W_o+T%XX$3eF1H$PTRH%{U6&5!$IA*!4-LxcM(U
z{{e*z`K~B_1je{?TnRnjK`T}|UT#C4FUt}5vXc+bk7s0c5vN7xR!*NvAl2t02q6^R
zj&s1s0m|0wOZbB3*{+QVJn#scg2htG8J>!qyL4K1+NN_k`UjQ-9MA@65KeIf&smVQ
zwOQgS3SJtpWQ!<;SC82WxuF{yWCBa!N8E_QfblcJNJjOK!!EhA$R1qaqUD}FdkI2&
z=B#e#Y!s1wHh@|qo_WD4;p@M1!giWq58iDLjPGbKT-Q!_riY)G@glgq?T;6w`F^N=
z;apDs5k*|u%uuvlmslw?K+N|~m?3;G`2e^SZ|~t+s5uXKrWh7&Jr^lZtvF4$i#SR_
zn9z=%B1ASy3;0T+PyAO4cG{9sVCSpQ^U&iW#Mxv*t&p711qlAQ!AbR<>Z>#|RS=g2
zPR|%Py)lEu=wrT~leUV$V;-jw=AgR6gNa>eH%yA;hak>z5YGPrkqIXNGNs3t`cphU
zFxXT_0aDCl?E3_l<<t1_{>4WI*?(I5zqIp6q;DLl*#R>umkJFR+pFTnwfzb^J6&=i
zcv*VFqao-0^U>wct4Jcn7KMP*w`$YWT?1{>1yD<2gV8WjSrGsqz0FQ}C7UV3V%x`~
zrWhz$&B?h}D`-myg%{J?Yv!nvppO|X;OueD{zP}U5Ox=I<9>98RY2<T*J;}K_rEIq
zUJFb45Dj3!$0hJ1n)8mpQ_bs^ER&<ApsQyQtb_-kK8L1-=SQdU-W|vk+ip~kl<!;u
z`RM_C-(7MDymK&mRy=JeoPHECqc8VEapCM>7$t=hZQ20<;jts5vQF_bhUw4hindET
z=MXzWMH%(nD_KX+={>~AOoTzDtBK_0Z|c$xPIXVNRyASa6>}T(O*W<}+mBp7ykWFE
zMH|h!ICI%4($pM@4DkDw3>eClBT)&>Ghcta>Tw~+R#Wsm2-&X+M&iI4PV^xqw|t#G
zQSyjq{uAh65v@0vyf^4}{w<pfgg}Gy7_7dIH~9b#!pNQ6J>T^$FLd6oUH*uccBH84
z0-?q5U4cgB^~#pkzf5Ql{O#%X=hGn_qqx8lr=?LGDG*JETf(IULianAy2>BS@D<K9
zn2C@QaMp&qW^BQ5>dSoeuA|5Z;IzQv0O{#+DTG!J56G3Wsu-32=u5)3Mh?I&BgUaK
zWUJoUWD_)3BYzQ@M7c<Ub_qPdakkyIB<S<4PIW1cam@pqNa>8}LduJ<kt-jfgDQ0A
zq`Jz<jeGT17cx|k?Gn(LOPsFqzxCMnZuoH-q#8IPSHZK7`<gd63Eo^n)=eRnJdR%l
zzL9bKo*1X05=35-uf~n%FsZl5NDQ;Z(1wl*G;<3b2F;wbMw%axy9-}2P(}EDm_`Zf
zO-X&>tU}4u5~Ic3Mwm+V;&p(g2Dhq<dewqb9Wj&KdvI!skWM9q6{E#Oy{!gVP#nX?
zt?iIDSa^s(U`8E!l>TW_dvH}!*@*h~DwN~eHov3h!-YyNSw&3nKlgwbDC7m1f6w5m
z6ul2v9$X?vci6+VOP;;S;NE_XIKxoxyx>@bGZ<a`1KPY22g0NPW%Hyjb`uW7i2bn&
zz=eE;BlR?8My!oz6zQT~M}GBuC3;V_OjZT{3rT!1Fp1yAqxX{Nofr+d(w0zPXSXzx
z8bEkc_T6dea*}M6C|=tDPB8Rf^(&-6mk@1|10r^5mWhff=udx5J$gLmZ*x!cjQC@;
zguy=y>stZD0^lOQvhfgRXgIUfvBRbV7w^`9*723b4=yz<P2&rw{HoP~DS?EN(a!Z0
z+)ke2HL%@Pba3AZF*<}%rPe%(;ZUyz>~|GzU)R-DUYb%)X-YAUT7NXHumS_DPTj)b
zbzOU}AUhu&qw0zpIi4Tk>t5!c{gizI;0v9~>vnl~Z)Q`?TMt!VillslX*S1Q1;Rb8
zU+0F3CsE8t{~N%63j1m0%k$HirRgD=WhyDhk&S@EF^IQB+r>K9*rlpRe)MdvP|~ZM
zT!Lpn68C>F4l<-XHCRVgn;%JV;|DTb(CBpx*RFQ<n^X(FWcMSiq`f@y>yBm`-X%~l
z_fdtc6DARa1dL9p6pbp-9U=n)y)S>a?@QU+h92(-M5ON{ObKQs3!Ix3w!mZ+@_%#N
zvJ5L$m^_EMFi~6;8nIh+?(;UrWSv3cp!5)NQh%N}KNy6PKC8L-i;nF1>$*M>x25sT
z(O-*97M#-Akv|RhOzGA#DnU~li2ATTK8jW~=ECYu(74?IXeDJy1Da58K0xoCP`wF0
zPax?s^?cQ#<wHpI>GXXQc+_6^39akZ+X8umQ7G!B2ckCxyd#SWMlW*)p4WQYyt_$#
zNBx?z^?qQLwA#1Y0fe+PUp7V4tUCu`?_N0mL=#cjS=5MfV3p=br{C?S-<4%`L0jX)
z{)PT)xj)@}PfN5px}@2w=LkVa3!D*;J=-`xHS0X>W>`w<KzZ(&1?=hezdQV6!;M7<
zY@K<!<z}X2B+n$<!VgxRo=gmgxN#4{(Cuj1A!n!J4WYH5m9Mz7QyjRCA7gTWtk3m#
zFG(|Ffx?<HeImR=92ah{)}Pb@6nXp>CpyV^50J#4eDHM@yAA6+>}xCwOPe^;)4(^l
zvn8UMG3?%rouylj`^VL-IEKC9Bk;@=h;<x*OJ$g;Q{)w(W;3%+G{=BVMMO(tjumB6
zNp1wbw<Z|BGx}umB(OY#)f#AtkNRzFEy8_WNHq@G(Jvzby)4f9AQUJ+^_&nm#Z`ZU
zFAeDupx+FeJeA|SmMs>{NaNCVFnNwO!cv~C#I>63oae%pysekgLM!%qg&7{A(=zNn
zh=<ZNhyU*W&w!C58-fO+MYcpVQ}{#<+iIe%(N5#thD0`+FqyI5q`8^Xk{Q#};{DkG
zvjD>?QkU-Bi(PcIC0PNxelO@EUMfHRakSayx)$nf!~EO<>ct5&^8VKB&B<h&E5iSc
z`G11aKey@EUm5Z(Fls%bC~t*t9=FmJ#d;Kp`S9=mU7o(jv=<R)z3*xXZ10aaQ81Iy
zq@_*DL;K&O#EVE3vdMr%y0m`uM(uK%1%!ul8q@!G%ocXh#`|Ev2vpt`aQLv?IKwl8
ztMKzVi>Q{Xg8P4VX>c)ewN3Mh^_!+ux%0WOc~l*E|LD-yVycnpzq<a$k0<!=j?A2e
zW%w7!PKL(jZS_I2F8y;U{_&tVd=VF~-G*sgf*)hK_YUU+waiXel<52<V_!&7%hz37
z{l}*B2Tt>LL;$mPxj54QMK(b8@uD*=9~Gu6kBR>C!rplYfd;V`{I3#>Z`WR9h(i)v
zp8VHakH1k|CJsD81b#cb4*X9%{#0IW$t69^ntE`||2~1}4kg7u|KH*MspJ3u+WiYm
z<jOUejy@+b7K0>!vP#jBrZEt~R1g99KGN!MyLjDp%|i%JIf|_iu&V;BD0l|!BvFpm
zb9>&+ou}-~$j_d)^gQ0Ktg8d(wJ<sJ!62}V(4&KpI`V|g7t=GQ1*3eL!&_Uiegh9i
z1<&Kk-93H5MQB;^@GlD|KG~)$s*9cc%$JIzOs5y;d*bf!b6;6<c3n0_7>37o{%yF(
z2iH6VFNDZ@Qts~)z|Q!lKyn<27HZJc7%DOveYV!3_Q@mrQ8adASZ(h#+^QHLCsnJx
z_6*+SKVy>iVN9mJCK9usUvyARKnuyRz2G+!{FwFY$`wV0*PB4^%{|8F53H_SzC-k{
ztNh8gAV?xGzO)})@RN47p5d?+dzk6>))T>&)u+s7=C38TtVGX!kRFRO$Hdp^K%;WP
zAv&HLJu1cA-hl<_)pu`E43DSuT`%vq{r*w9(A&jjXm~9VySt)$k2G7`>z>e!%kE+|
z^(Kh+Fp#G=xS$u6UNpG2bs!=Q2NgM&nieJIDfu;d-&6Ta{`Z<E`}DXLLfd0C7z6M2
z#5a(^I(BO7Dp=q_5Cp>C)EONayJ?My_k;NsP=u5KP%W;9#CuEYKTI^L$p8^n-f;+h
zeLp;Uih_Dlv8-NX8ub}h)%e`KDrFB;Q>%r_5Irf5qo(AjK}hN<nLdrDaQ!DW(S7+M
z9Gekr;9SN|$th#kBTXlJ57`-fP_JcVR~l9mv5RG|Eh<T5ca?0kzkVJE`(*d#5LP&(
z&wGsaHXFmAk6IfPV@zRMnmtn5ezixuuSt@&gZ3YuW~V3lj0m3ewmbuNpPc+Esk1W=
zgJeXrcnxBf<`F4-aTghyJ;sG^f?9*_(0_RA-d}JaE2tj`;}5XgzV5EO>g^n8*e<cU
z?L+Q5sdglE3shtZ^5xUW2-sI8{w@_L7+GO>)g|3@qhuw_2jo+vP&V^sA33=!xMRY}
z_`%AKMRl}o^2^c69PfE5#D2{MGhmJ(2Ksb$;Bp&#h@HgN!XPNyB+kFr#J8IeK>+mm
z@>|PiJ6g%{<f~fsgP73G;PI%`o9Fl?b^d9-mzE&w+}H%lxV19Llw@4)J|t+BLM)Ee
zBA;O1NDuh#kTktRcR2oHBEQd>Vai{_t32RhhM~SU{`TUk)DHyl-cVRvA0;Z0ctmAs
zZ&#98(X8S!bcgz&7Nq~fn!$b?DW|h+677lVu709*=hOL-g(bpcEKRlsiZj;=NwN*e
z=D?o0o+~!UN{z3p$@mvWX_^&wi5=KSJ|Y5Xxy-CM-OOvp)|6H6YsplOo=lIeUDXMD
zbliV;Gv|3X|Ei#|*@^-_{Sjv@#hzCfveq~n=R7=IB;;w4A%c>Vc$mMF?dJn3D&<2B
zkB66*XY_U?`;}DtO1HeKAJR(|p9`yZ^vv8cenTQ)^dcSW$iP>cqJNKfATZAv>d_FL
zQHpZ%ar4OP^|;vyt|0nu(l5y8zG9eS>mHfiyE7bL=eUr}UnBWy=~&+EdhN(3jrP}h
zm7fVpd0R``tN|-S=g1ZPyd5mIiaDI-d5s%k#8(FU;DLR_3q*;iBlF3q0|O6hMqwh9
zS@vh|o$(48uAH+Mmf(8v-OZNzPWM*Ci19qBCh=O|2Fu2SB5Qil=TE*aTsK=Yl$Cff
z;B8&>nfSNH_vs*)0Z{TqA=D|XLcdJ~u==Y2dmAq=WH^ZI`Xj4kE=trValc2B8vz+z
zol+a^WOmRgAZ{rM+DtclXt@C*aJ9fPAb~Hvq3IFC`{R(kS@(vkcinEGn>V;UKfAZi
z92>u9BZGw};9a<5fJX<|<HffX@CZNFw1T2)h$>=OjACKPTY$^8a4Le1q3#;PA!v_7
zPcdz&@>X)Xj|7d2y1^b`v%KMHEv$3PKr*gLs`;D!X%q15$*5ccI#xE19i6~3G`&WH
zBYHZ!|Dkz#f-KiY5Ic$rF_OJGSpPjcI76x7`2(f)QtAsYGJ`EKED9Hxbw%Zp1ZHVm
z?bqx_CLWmFzqj@1_X339jd8)?Oe-mL+%;1YH9Ry~j9=PuES@Z*Qbyk|GOV^Uda?+R
zg=v~Sq9|7*?-_0C=&AlL?E9V2K@<4wxmk#Z{*&C0qyquGi|L|CzxUyss<6%y5h8ox
zU4V5VP#6#0BYkr+LWDv(4!R%7%i6s#zAEj{mV%RK_rScVRc1UCYkC^|TD9kCe?5{d
zT9&oJMWK&|)Yey0KzxbrP>q=@Hao@j{H0&RLagXkreXf^o+Hyr=}B3lyqs4}x-rj&
z&~6X;RY_B*6)m<ZyrF`W*QC-ua0D*z?f`@v&FFUCLIwTB%&xOv9tWQ7H;HkgpLmuK
zwjhHOCSTOL7qVFvREi*H;Rjb0Ul|kj$v;vgg14}W4H3mR_zGXfK=~^AD&0!AKwbex
z%b2<w-JVaR7!RA9cU3EbJSWvjs9A}Xu*PB2F8O_#OUI?llWU{c^~Jr1skQs0u+lK`
z{&@x;u3$sxO;dCU=R1}?hy7Zp8JH97s9|Fr+<j%BbvV-RWYb*749wUxJ#5&ODm%zq
zcwe(a%i7&7e}YDtO<}LNz2)=GaVjBa37~9CVoYfu(Ndv#6(>98@K&vCjoa1j`DPQ)
zPsLPa`m6x1>Evsa%#Cqa=w&l0`_H@h*6--LK3M$x*=En2UesQW1v$Xwcp`$^b7wzo
z!YXg_a9UUD#)4sa)Sw{V<fIhL^j^!Bis;gx7exEYHW{qq)%3)CsiwNzK5<95Op=6+
zpkL%v`F^K<Y%H&Vy-?=f+L*<qr7VBK0Zpz@MdzzdFS{%@H`mv;00jT?#34-h#A*X`
z{$e^sD(k+&dJ31lyt1an7Xp_|3vW{p3CPR^DXMr}=~q6XO7L+<e=Qb|wU{&#qhu=F
zX=S_7n^8a7!Nass{vf!SRv}asdTJ($?N6sN&}2%+<M+ldZ!a{u>7K$r-9D*^!cyyZ
zMr$O3PEAnxoDR;rrl%20;qll`M3b8cmxssFI%=e!dUWm~g8%5w6a||`ItlkoS2?#a
zZ&?0J8?uWg@c4jvRm+bdADpf1>$iB)f*W$2)(qaS=A&|Y_Kt^AEB?%C&v1>Fcno0n
z9fuvs@wxt&r+<BR&5GV<{96U(dk6aKGD*(l4kqf)0IX&Zcm40tIq~fl>}j>5!wf+?
zj1t9gaWhThi7TNL#*%$6fXuW*6QsS#!f(-?3}nPUWY5Tdc~7zyg`UTf*}bjtx({F_
z^)|!oek;|K>6vI|Hd<N3Tg|xM)>K`2YBc6EmhArwz{fm5CrPxSRcmCGpxcj1zdm_I
z(&Q)Mo5J#>({%BEXcRG3%Oggg)#7V3jq@3^nUlN8-ZR$ql-D)o(dnSY(PNkyty}(a
z2^q|X$R-+$i*Qq;F=)DHKUZ(yjB%H(*r@Vf*Gww@+<`40F{F5nDcUuWNWzo-_9L=)
zW6UvtBEf+ty-l)5L1T@MGGwPT%$I)9Kav{q6dAxd4>^J#dV`?ulU5%Net7qIzwkJM
zA4F#2yuW%VjAhdw;#GPhj;pdnq=oi2Uo}weBgFLd;&`f}Ac41~{E>8Ah}1?xyS!27
z*DrnMEtCh?%_YSQ^>ft*Nf7$$y1lPm$I~nFZLI)i0IJZ)JZm*%8Xj}cYUiC{qw|(g
zp}T}dlh~r@V8X2PMggsSMszc=655OfBrP6G6*P>h;1-hTOII!^>sczT)a_(iUsbfo
zktnssu(GlY5vC*S`Z)&?1J#n!2YWY?#3$+?&;jr7Z<k1ZFB8JkJ5HGUK{tdK2hein
zo_!Y6t;jr$aGZ6HXJdEe3#e%^bo8@+>(%Uj_L<^_LqkPAg%(Tt!w*{m-@gFIR{@=(
zVFof_^U_Q;W<i5?q!MihE_m{?8ztIEnll)&7Qg9Ttv``3rH{Km&@G7148Pj39+tl0
zHWG4A&Hg9UVE!|N@<2>m%F&MZHSB$?0FOqhN>L-$`zL>SNq8H}3EISOVTBH~hTLh@
z4X6$WJgH;w**b1b+RSsnv?_-Vz`3*emZ^Wwrs3%wdkiZ&HAJCaC{p#o&<p9q=gNaq
zFB)pZPLFxPI5$f6X{~p)3dhp^S6?~mRyo4kge&%g*N&_7@+Ud@ytUU2fU@Ro13=SJ
zUeCz!IobWO%0Lk^e+x?2*;x}Op%r=`ljX$rt9j$l3AF?Wr3-^|^;TcGiRWg7$XiWt
zdKJw95)^(f(mIi(RWWdp?ywQd=_KICFh!XjX4%}t2@Mct2yok0U7e?HkyA-Ea=BkB
zN(Q#&aKt$7nk;s20e_oiz?~R=eA5|PeGtw6Fw=EPUMTsQ3Qtg3XZI8*4@<=&<B-Nt
zXXcMEzYKy2x3oUxRK_az&arbSUyC$1Q>DUmIoav^Aa5)OJ#{8|NX_@G3!LfVpKUoX
z9QHlGUIe(5!NOV;SH82!wo7+7^7NVe)ic#JkJXtG+$VEPB~T;1lGAvX^weYq-njaj
z6>VCOSWrK{w~*`sHcf^^XAB{dU@{Uq%k?+q5p89fGx2+s^K8GhAoKK&GlsQv*dBVR
z#Ds^`SVY&3qx^97HOKrakVD`hozKzDRb3yrkMb}?5(}dDr(PO3A|~D#hFf&c6s*y1
z#JBXJ7w^kaVmDIM_O@FGkrG$6gPRh_{PPs1yPr%tS$cVR6*%K$Y&p~!x-G84efS91
zxbdy#gd+6QuVV$ei0W#rv3QK8^pH@|Aeo$1^F)Rm2@~%_;}8QY%=Z%Daa&lI(Lvp>
zR`uk%BqYn>el79YaOjN$ljG9#mMzKOI(S3<f#GnV-qRBFtThPvvD=D+xYb55t+e8m
zf8QvQSff?62sct%iOUuZS{Vp}!;Ztl92;JqIoWhoFElT`vU#x}@FjO^ZlFc05j=+r
zmKyHCz$;yh1o4s|*_3^g*^K2q3ZlT4{o;|*CD1z~jX?{%b<7rG-*5SlR0rvJ5@I3}
zeM>(<bINW`Dys9v{-iKQD1nnO<s%D)9$k+~(#vcsNgDjw)YB_bOfhfav@|Y^b6RqJ
zC}bF_EateTPl9wi*k)%v>I!-stj~j1CjRa5ov%G5gZT^k`Nw;ZMAx{O3bGps<8h^Y
zLq&VcqXMt?8vT`;uyJyCAEk=dfIRP|@?g@YSOkw+xqY1p_jI^T=yUnVX`ah3k^18U
z@Q;73XL=+V1t(TRpUqEw@=C-qNW3iTqvBP|+p$YC@3a1Vf99Jq(0*AD6Yqgpgh=|&
znzkljow*r(V$T&kc~Q>yNyR(}9#WFD@~eCCVWVX{tX#_3h`^iBvz<y#jZ+}Svp1Si
zz~f5=fjnaXR_U<&u9#FG!fFGoHR~6W(ZBq-)b#0=;BUQsqQ1uH)9`+%u4?&?mq=2O
z_9p3?DEaAd$G~H`eok%#T(8<?rXWl)=cg>m=?0_cma(LkI^9qroe#B<gtTeY`xtWX
zbd5#)9zX_<fPoB3&erN?jPsXyEbCH#{W5}xp=4j=C3-U&v*Lz(Lj3t(J31n#9X-!D
z=APy>dUV};sy_7IvAocyq$G!+V{>i8NP7j8OfAASUCDVl2k#_Pz#gKBONWRxUf)>5
ze}Yp)??K`tsT{zOXeqE%%bL*M&smMGL)B6w<1^!ok0)LAsWJjSgv+lUjG`6KN1?pK
zlVPr!1MrVf88!}9f4>}FXFZZN-IXrgNoO-7PO#<WxLcP1e3eRr2$PbkENNK7%VX)G
zJ=QHOEQo#j{7us#>t^XtvT*EV-N!!RMFz0GsY|cUZ}#CN>~SAb4McclKK}%^aFR?p
zsV35t`67h7tcuJqEZk{evr-1xpa|tRqe%$xyj#4&8Y<rlpe90jm`Jj`x+QpfgNG^%
ztHr-{1eE>ZGD1m+$HJTTI(CHiUYXG@qmB1`0*g!$cuu_>8NAys$MW=2bSK&Dt22(>
zSICakA%dbNS*<V+t|}nAl-D$WFqB?|nBmxmxscZ8vQ>P4wru8^w5vRUm%&HKo=vg(
zY45bMnFw9FRkr{>!igO<SyvfH8mR(rCzk2(E-Kw?Y1+{rX!|s~M*H!zL~R`oFJiQM
zjxX?gn+c7mucq;n<T4qp9$nr5$b`t?=c;Z*>vUyX?Ngc=Ka@$VInCxIpi^19mQAma
z!6c0CdG2MLVCQ>$F~;Oih{HBWrbkHq<KaaBFzoVQ?9C6_YZq-{ZuAriZ!GVBeJZD3
zcd<$`V>jPm_AaUUncM8-3C}p%v)Z5Dxp(xVo`rbgDp{V~3OKi#1XgQDX>sAVx32Hq
z{b4cOtpx2>5u!G%aqhhR%JUQ2ak?(7AsZqltB`mgPE|%FNOOjiLn+(Acqf3?V&pI&
z?{eYe_ET~f%=6@3dh$$#Nm8gVBRl{yY~S$S|Aqgf2I(yZ(Pl^$V*@dG+-6i73ty4W
zo@O#J&QDAZ8(VG5=M7dkoAMK$jF7e;EUb?DP+J*m^yIk%;U%_y-{Ok={om>6N9q`I
z*aac>q>;@smu`+t!*u0HlpID8FY`#!{9KC}0dojTv>_kSD}q7d7AbRdi-GZ(5YM@&
z?GH>WBJG(}N3AlbBFFJ#V|MQhLHP?7ZEa6GMStv(aU^{oEEUn8z_#1IUQ1bw(G|vX
z94NW(=`}KMZZwofhfCE&4<#qdd~N31<u##n8D3nCTPU<|KIB33rMPw&LCkKg&+0Wu
zc5n|it+YC`(A5P%w2lGbN@K$>8W2dJTOqGy*?xEx&OvUNmN~7V|1I^A?bAmS78dd)
z&-5+suHt>dtrJ2E_e@%6+)e+LOI)HF16+9u;M-&)OZ&ilh3m)pn1r=SbZFIWdBlS%
z3KXm!{t{}MUT6t!-`8=uztRy44?5ia?g#dyLDPN}F%SZxgWbDMR^2IpWF_}lv5gxF
z`k4-vZ^4;s0alTnG@dy)<A4&%gYv**y2ED=DJ8Fr1k=e?dXD-sWfVpfO@3H4h2^8s
z#s#Cxw%CP3Wtq2}M(IrUaE;-vF0p<>9q%KYGjyo6pld7BuTFV>q!HRp)%jy>2jF1}
z?bTp1PArOwkScke4uuXqZ#lj22hIt)qX!G?m9GW`#Q-icJA}x(fdg;`lNgj#cmuz%
zZj4I_ShH{V1bwu#7<>E;)mUS^ONrhKxlW#*U+!L>QCIu??hq3zu-NRu7xdHqFY6V)
z{@!_|d}alSbtO#D$#u7^^@2@y&0f=jqDk2CL{;F=O|$M~cEv6~$M8Urtc{4NfUJJn
zc>2S|)7}zvVOFg>)_el9ss<Lx9<#@SCOyq6`)7Ve*VLd_cr_I~PfAOtrErkH(&26z
z$e|2=r&y@6F!FK7rGUyE4w=7#kN?U3E;L4Sg&z-+-~Be+f}|wn3;&%<|BKXp_k;)#
zO>xZr4uXqj<NBNF{hu)&U%o^pePcD62nd%8&H0O${p}*@e1!SMFJDA=Y#f099QgHB
z7V=#sBESr*g7$Cw`Rhgx(~rdbQThl=BKs$q{>S~hTRy^lte43A1Ibh_{k2p7RUR>b
zC;@&C|M$(0lWRXNBTksK|4R%ah|FUm0D}0Q&a?lNkO(q;A>aRf>o2C@|6DX43*%=F
z+r(}LHeOUG|Emz#hr}}+VuC1t+R(lSo;4hxb=;2~iIR1|`D(SY{f{MVDm{V3lgr;k
z^J-Tc!6uuH<-F;&lIfl9cscOdtlcq_r#%WUscBkom$@&cXCy%(>wrO=Oyde`PesZV
zfh)B`VSZm6X~@4=>KWO({s2=rxPMJynHpVWkzSiiE}AcpCO#irW{t{4y-3_AgYGO;
zM%;ElSXPEWygBaJxeAL5{{WLC8}}vh35^}kDL2>LDAPT+x`(%3rU#v`?ocWXF6XO(
zLPveKC!SreoM}W}j|B*eGcYlX!GW09Crm?Un1x*81J7DwRGrTf*5@Ir@qG6vEPK^`
z=(|kwnzZjmR>%bIHAVpc=GJ3C+z=5foIt?;HPcFB3x&MD1@t2QOTZvVJM8%YZ1}dH
zy`M+jB+g^@VyrJ!DX&n?{{pGfLsn1nZ;+tBL89{^lLoSot7`-N5BCq6|B`Kl<pX&d
z%c*8Yp!io=C6fs*SZ~}Y@2h+Q1(0P&RAoocXyyBA|Ee=$FeGThU2DSGL5A{Q(;68#
zGFV0ao>oKCU(;GofSfO|@0~S5B>Mv8PJP5*^kG7qtE%3GsX`Gz*%z!0h#_oa7;7}Y
zilA3Ovty1NadYC^2ZRk!ovWFCJ;sn0W#X6tYCUgf<wexv0&`>yAN8%bRlkLbW8F4{
zVNv{1Q>cLLdCEk~y#u*ptB|dBY;*kR)ae_)F)|Ab4_$<Y$JT+u-rGdr8bU}3;3D-s
z=wMhW<M1-Q!qXyYMS<i&N1{xK!AQGDPug&;RITv-w@jCS!NDiDiA9d%C+zPX7ih}*
zA)FBpz62(R4dtyXG8XrOD@scF4P^#B-F!Nel(xDXbG;bZ8k!mp3j@tk27Y=y+Cr>`
zeVu{!)byNAttq6!d%(^zzsOJF65<r`U?H@9LZit1s-H_+M%6kP5xFYusJ;?BVRs6e
z9ql<f@H^$fJ9^x-JCNP)I^%D8-ZoaYLGmVf8}Y(@PNaUrq?jX{iPu{8GE3L|m`HY+
zU<Cpqcs^JCvt{t6y_Q3m$T1mbr02P0=mB;HdQrD$mN&b*j}2l`s-aJFjf@^D&7l^f
ziq)`WW){4dt7gF9&=XG@{RYAnNemC;VNaMupsR4Dmtouq9@8Jb;0C;5LUuYNKslQn
z(qpg@>VG*Gy*gQKgPCvRZ%5{3_dAfad1gqL$4_)H9x7G@ojxx%$1Jxvf&qL=_fKlP
z1@Ij|kI|VegX&GlK>f1III#a{)9PU(HSw2XByI0Ro{dkg{Z#I2jwWE1M2vmN=n93s
zJ<%~8_NL1K?qosiIrEV4+iV9?z)XEcVOvA}-3MgCBQ{`Ga(`Y?x;3=l=IA+@B__rC
zV<3P*5$U4zN{Mx%Pp1s$jz}(3Y0cDYIQD0(_m8M=(6POW?vkoEQ?plJY8!s`X3m{T
zj{lghh!>i&pGX%N9%_)Z?!ePjlJ0v>*c-7NM=IUTF$vo6l}J2k6R&AOiotof$lLTW
zYoT?N!?d1*S`W1itWPCk(p7rbrE<h<Z_p?z(@drw^)sKhXUgC=#%IZsGo!;MiN0Pg
z74_++KfD<+?YNF6(<`F6B|mX{EZ7EqJMHmKQ1w#d#+_HVleBkzjXuneqgXCZgH+sN
z4@%r^ADZTiGtX!AQ3*;)3QgO+D%(s0>=B-y)i6z(4x>$xIX%0b)OM$5&7)yEJk3E{
zs_Qsvf<j0*R_5A8L3Xlydi$L|I``(Q`;!gvhYnLxudahHP9G^$H7IjarBvN)H#U{I
zPX02u;^Fgm5k5ArErt0g;p{=ZuUV~6%J!=>JDw|=(H)nLd!-&XjG=WF-F{qiq9m&T
zbIG$WpBzkUDc2QUpEcS%*jwGdIXn1V?p6UU_T=X$tKM(59>&y3>ZqlHHiHKWVzD@r
zanjQoAbQxg`|$-A<s~<D>RkDjio@oouO}gdMZa{$y)CJviql^y%o&uMp-Oj1DOX{>
zk3JlO=LPa@ENi$dx}TWauQTKITGQJcyzT(__A(;_)W2dJ51t*(Y%kSs41+V}sE&tI
zOICt{`@&?8H<i}GAf&#dOZ(?;13R-Fs(RP4c#k^}nX!Afx0BAsbW@*k-3Cef*O%Gy
zRGD2I=#wh<-si7!Rqn}+B|dTw{yNZnB8eL@tr;T9`b-@s5`*nCHmOPLw*kJCrM;`v
zd=@;?<{Cx@>(X)clFki6esfIQw4kD=EZL<@?e32f>CCQbR;@Gq(hvthk-Z?_kIdaL
z#~8&ug2T&Yzw{d3Zj@<gI-6)qA6&%k$Q@tWR20OQ;g@azSRH1xbAoEZB!7;I-pWlQ
zfC@^8kDt6HV_WAj9fih0`ewrVd>&Y10E?yem`PAH`+Nq3+<&~LDN5;>t^w)oKODW_
zk6I9{CV%1Af5$v4r|iW@OSo7E+r9*(<5n2X6evrl+EB3L3Pd{v7M;Fde5-zX&B<j;
zMveY3T5PIj1C8BOSUz~hjhC2GJ$|?^tiW)HuTeE#FsaT|1){h3yH4-UOXm?1_UY-b
z;|u3VVdZ{YAzN4FPjXz-_E0Uu=6TJI*LY+Hr3&9ZxLxnKpW6Er`ADYu_E*p7;;GV|
zx3=tJs7b}Gt+0ae!CW>IF^;$2>srJ|lZ|6Vv~D=?qBK-#lnfcXjy&al951t~u$@Sx
z;r#9}7A6j9_?IfYdOJ|D*fZ3dO6Ko)xlrIR5y-h|Dynj@s#{oqYwr!W${!`RWti`K
zJZe`Zz@M;1X`b$cp^1}~NNP=2(NvbC7SGh`XhVg_vX3i;WT9pCSWD!8xF0tSdGqX@
zh-zG2bYQ~XUYq|4(w^tWhi}D5t#r-h63Er7^FEb5?zQ@yKaW&3alCt9Ce}o>H2)2T
zFd6+5Zo7IWxz})A^Ty!|_a-MX0OR2tm0#d?mxF3zxxl46D|X@l+|13JVl7^5+?<7X
z_&)Osl&UlM*ftIZ6fsa=EpSN){ACWh!CpgjFH$H%<~cI}7hNeDS}U<NyyR4K%jcY`
zZ)t9{5M2_G14Ge`BkSK)HD0H9Y!q4dTIAK&qig;#1FZFu90JnyBNQSx^)JKd_05vD
z`ZVK|j+CU11V~C^uCq!d+t#Wt2K@|R(iOq;axjaeids8MO$4hul@5f@QlGu6kgUHQ
zJ^O<*qg;FA(*y<aD+o#mAKO<pLZrU3^WI3ui_b$=Bx%FON@0e?SLD9uhcqieM~1^n
zn}>>wA(Pq+DO0x&tytrQX?$mP{zTK@OK3N^Ch*O0?I5YYzx0qnW%#;+30Bd0XBA%I
z|0qT>PZ@hMck*%&2#>e*Fn%$PBt98Oa-Bu&r))xXz^2>v_RqJJx$$#iJpKAt**V|G
z$!|Q%oF#*e+Pp8qai{BBYlNKU`IJ-=2lU&PbisyB8Mrlre8a|iI*`}rO)0sLV1-rT
zz3HD&Te=X&yYIzh@4>K7$zimDL;a`4j2~&EZZqV6m-8ZYo6obqls3ARo)+HwsP;W|
z)6=is@oGZaU6Pz~9HJYasB)Zv0Zcldh4CH3ABaLPpi4)_=rin4?0@Jc0s(TC!q|Qw
zT&+U|@Y@|f3<1>Ud@j;tzJt7<6$_WFS|8h!4-l)({*n(IKIL5qf$fRn8{w6`wX7=A
z>|<XT4~OCvGi9YwNaALy(V0pjTediA0#J;z?z@5-W1FuPfVB?Y#b^8Zy!eT2=<WN=
z&p2+&6R%!H7(JW+*a<`rY9h+C>dDttuQmAh82hWInwDs2qOHJUplZ2MGGY#!;G(vL
zjmNdNN4sVa?-K~69C|kp&i05j(|h8T2Ix(+rYf{8>XFrzcKX#}tgBSyE~Q4G-5UC$
z_R{M`Qgy#9<N5(TjR<}=xh#o)QI}yhTQ=m@p}|VdVSUVN%eez7CGM$Dh6flW?&Ss5
z)yFYk`jtzNE`vxhl+6d|P(0&d(zr&-PmXg|uz?%OVI45n8@#49I&AuUiwdgs^cR*2
zwtMfXJ5>yehhD03k^NJe*}i_rhZ)XidOQS5of8Ei4Wrenhb+s^2Aj+cQf#UFmJjVG
zol=5|ky6Jy`d-@9mn06C=f~S}r;x-R`adq4NpIEghZh9B)S<b)9c(17-ILa5I$T=~
ziGefH1B_<GK?LQm=cx~Zh8jy&cjV??Jtu23;<j}T7^ty$1jrC5V^i;2)cDzgNSSR-
zunD$Ro~)hivd_LbFY1gDvu{5}Z;|^i9k?T_603>PQexfdM)5U+(lRXWU<E9dlzlOu
z9j~Nl=gRWkN#`7wwz{af%!~^{JGtL8Qy`snT7U~MBhDtnU*yc_hktjA=gZzOM`Ulg
z@7IQ>e#e&jgW|#a-eCbOb}#A6t&iH+wqLkP6(yMOG<m09if<X*EJ2D9Kd?dK*4l@-
z{328PAlCNcwTL0y>6N$}!UbDV?t>%~&4-uSGMo={bK=N0YJ%RqoiuM1HF<+ciRIZQ
zS<ZZt#s5Q<;rmC=5{a$Z9NkDz(6cp5t_pH{z6}2BGvc?5rM+7jE1psw_2&xR?1<~r
zin7<N`mX*aC!kK?huuc~F82G{Pw6~%;X60?ktdlL^ubh#k;9#@$KV4u6>zat@U&n1
zCmZoB`<=)SDXlRtRIBsG?v+*(VX8U3&)xW@+n#5&So#~sianm$rM#g@Xp=A7xy_G1
zV|ks2yV+K52sHh4kIO#LRBm`ebZd6bRlDGvId`L$`qF0bd;Zngk_pvG=LkIvK_zd>
zae-knUcs`pCHS#mlSoyMPqU`<LkVbLOz-lIY&IGij({uf?iQvy^ul|y0dHe;Rwh9T
zO>G+JKq?X=<B<1idGO9KI-gv}tJ;0S&q{Y5FbiADWsJEGuCM5rho*#5lQD;<dDR@6
z`0I()WOOii709j)u6u*7qBDjQ_JiUt5?0+O=qpdI9q0u#6<SQT2+PTrQ~-#*D>-?z
zohl_F(uR7eIGpdq(Z88tCiCC*7-*YS$=qiZ?-P{r_k5Kr>m)ANm9k<a#@a7h>il3X
zH%*H3HgRv&wUCz)ASEMWX&}W-Y=Jp7%J_{oNZxXW1_xq3<|skDZKPW7v9ib3Cmc5n
zIma!2OpThE@=l*&<xmi0Ha1$kzS(So<s4<Q!8J$X2Y$Ic2Jo4J8JYE4F4AD>J*Mkd
zJ<IFac76K=AY0Gof<Xlt<YD}rS-LIYwgQrhA-(>dlgu*p;VRDEhJf8N=~=!M0!#+q
zqd;h~tQxL<_;z3Z%#aRHij;aaHs!2qhoJ#uYy@RRsp+>|21aaVZ5Zt>;8;@sKme}i
zX^Lu6DC?=X^0#Z|bIu=3f<7(1(W-2;?Ej`#sNhc-E?`YwEJR^w?+qVV_q+Ru`-hnh
znUK?4F#rI85fLW(;7M9W)qD~4Mw=HYRQq(MWfVnc0fOJp;^7=AM*+p`R0~DhqMk9p
zuF2@&4&h)4r@A=EK@&#)Ks^G`wExD7X1-esnOYaQtKJ|hzT0?Hj|f&(Nk`|)>a-)o
z6$}T<e(-;c9#|)F(q&+>g39MqrbrL6yGp%hek8nS^&_Hq40w{i|Ir9E`5vL|!YMpQ
zGgttzPgtcAS56O$F;`YcZ#@V_KGe;o+=q)%1NfY3l`o8)6!s(Q7J~tWJ;rlpkO5b`
z!%dcHwrkk~f3j47GkCC5&tfS4HSk(PedilW3y<o}<hAM?ZV82{1w2FDoRH{<D&r*9
z3Hl2u<>|1i_A`@A!{ciebHpp7YQj*>-O)jV?ls245%KAvqIov2jn;Z(weiO($4@Eu
zaCbCoa@qzi{Gu&XI$D_S5s&7vWg-iI{8I9{KRQfQuEA-<y3SYA2w*vXo3X`X)nliV
zlGs<gr>x{JvY>us2@`mH+T6b@fgRYK^-PC(^~-N~Ulf1uHB~S&0pVWkF#{=8K*dd}
zY*3*9-g4#b%=S0Ju+#ki<ml0V6AcIdBpP5oca)qmH(p(E6ixAvIW|VRLzBUM-Y<#!
z`rdtj3nFDIMD*T9{8XhIPRG|id*@B|A8+UNiJ4yzB6NpogGh1aES~|7>)d3gHzl`g
z;~`Hpr$s6Lc(HOH_?x)#qWmW>Vt&DI-V;HFxdh7jyP73}@Wm0f8<4TS)xVjSwBHoP
z1@qz(C+t!gV)~UOZF67BM0`w^`1?lg$j)D{@}xz_Q~b?~aQ}lB0YqOgqW_;c8=Y2U
zAij~f^PX@X!o7Gf^^iWB*Y5R+69YvRs*%p=c_-js?9!B8{mNIqzlUV~Ysg*@t|8Cu
zj7gbtoSrD|m+{%xHqpd7t!U@Er+{hKq5`o$gcmt_q;maVJw58*zL_5Ko2N4R%~O?4
zV4X1TH^$;^Rhw>jeb@L>PIgIHD|D1fv$>Hfe^c@6#q2pRfLkv8egU&B*`NH_jV4Fh
zAs<d+$PK4w`WSb?$&0rikH<^C=oP%u_n6*PL7JRc;aeS}eG}Lu9eF|2)h94q%tGK#
zLP_-+)I@7Ojp>SNMF<4-<cqBh<grR~(z6gw0}}D1J6!CyNH*6llmDsOp$lXD)cA)n
zYRmg<yl22I+|kP7A@irmk`}stMU|oL(L?D*Rb=B875V~YS2J3>{})NkG4520$%c2d
z2Ka4W%#!F`rr=QSRDSmUr0#K$t%<ZZkH}$$tfi|kII8Xom1+IAHYtf~U+k^}GJ+nU
zE>8S@4i$(X)%<b8mH&yh;=>zLqgNR&h{IaPf(v7!5BihF3&u}e6+w4A`S#R^?vUxJ
zug&diUxYsyzVvw?|1OB+v!He?2F}~}=R#2<Kg&bWF+I=7=Di<0%A3EXL2>#1L=$rP
z&a2tv$q0a_t81pS`+%SKcMS@Pp^oAD)I47f8p!MBnufk9ru>LUZh}Jd0@RSty(HI`
zL*8{0q&z*dPTJzQMO0l9r>mokODSFsCP=;$&DOtw(5mS_AS~GgqLb3gfF=@^8q#sZ
zovuMuZ^=(x_dYbi7?>y>gV{aR?0zC32wmE_7S)yITftK0_q3Uk!oRf5BqSvm)T0(w
zHl~MF?oQw8<0f|*KqY$^*$;3fn&qyaK7)&`c6mNuo>3Rw@nwxjClIX2VPh^%1(ZB?
zxH6ZCZP5H_kNv%?zB?=X)E}blPelW=3@GU`${#4jpNwufRwE<^_V*J{G9A;GbrZio
z5XDDA>`<4c`ySV<+Cl_BUSiH1nJjFl;~tlvb`wb!jP4L{w%g+c>AGCm<V=4iNAbz`
zfXp*=DdE_a_(zcnQM7AOb`FK{r;R(0wzZwl*s$FvoV2tN`KfxM^hXg((;M~o$&9`x
z2yn+vUI?0>IW2;3gNb<#WYphC_w{1B(q#Fy$}8eFRU6lt>B5Z#yLV@vd_-x=_w7M6
zY!;!dzqSjD{AlS9TOWG}2qv9j+LlF#zbrnMvTb#mC>(z!BiQ}YY~i#n-tK3HukcUG
zH%>^T?chX8ke)^X+-?ulUo7R+Fqo5=T4k4{a}+jRFS=QmDiCKVI8SBd<TYSOc1R$Z
zct&3bT`<R#r>KksNz4eRXn}5UabIWo%71waKID@3G~6kulS)Zp7dn|g17A{^oYY?m
zgL-#(H~d1nd`xE$rZnpqU>f-Li&b21x3ZRRy0MWmY#TT{K;|Rlv>dcX-?UhdCYGq#
zUK+L3X)|I}T&L(ZVrxz=5+i5tqv+T>_;SLQ=7gFJQH;pFCwfiAQP7En;P-~il>46N
zEmhXz+WzHGcc`<}&06h=UTsvKgz|UHxom6wDF`9MJ7K}a7a<xWSmArrRcQ*Zw<B%T
z-F|u&AjhU5dc<7;@fvZ@dT5W)_pHdA8KA$@O86khHkq$bJmcnbJ)Zl6l4{&{hQtib
zz`;~LFK*KB8uZH6pldgio0*M0##w&uxg|(2<OY`LJ7}x2J)Tr!Yr)mu)!H^`M;d+k
zK75~0-gf7w$OkXrJ9*{8lTtf6h9I@Hkzwr3N-dvZ$><hYd}x7d=Sqr2$Iaq^DlX8S
zQ|(tB*Nc(W9DJ`(B&-#aMf>RuE2OXe`ceg>BUNtLzt3^K8el0p!QIfMoIp5<oBPI;
z@CpA~b8tiJC^ddpRDV2{x8oGBKb`iHYC=!%?0r-U&HJjrU*U?skdk*-^C4m<m4s_V
zE^haxqm$}ts9(xw+^L*3@KC5QhREjW2rK!TX>Dh62G=po6d<UbH06~(0^4j~E<6~M
z+g&qjhfbd@DNjzCZHATlc6c)b5U<&t&JuEt0AO=`y~QZ2v6x(X_^EbK_qW*i0rGf(
z(=xk+$~*{)gwR9Up!xR8af3G3&I<If5-6QU2KymDA#~Gsg~ICBt`5@|7Fawp!_)_1
zlCVTkeV_TF$u<68pW-d+2^NNkp~8k$2iOI>7I||K7t0_cc2^v^F4}Ki9>wV6vi5mq
z#O;_`r6#~gZLefa_%b2)0G@*=4v!~|d~~8PBjlDP|3bxr=!)v|7K1vbZ-r7RR>=_D
zC}Q)GvXp`A1e)S=75lT^v(mNW*BDy3e{Hn{{CGL|iMIjCLC-f4(mCC?kV~U($bd{<
z4+E$51{;~nZK5_`8H3OPKw06nnK3|>sDA7Y@n@zzv5Vw;b|b#y_Pzi-N9fjP&+*vw
zTm^x0DNe_amXU&vbGCzU+O{JHU+dTI5$(B7_2b_uDveSIOKK7D9BT8j5$^|qtjgwh
zXfMtN!aj##c@ApKN;J7qh7g<>Qa!X!?6sZZqSYRItjb3brtd&_Wl2-??a$SZBHv!M
zGc~f%g(`?u(m-F|&DEp<23%C6xY(Sa*BxMSL66bi;N%-X(;zAaCeefZluM;9H*_-B
zQ&b>cEa)?}#w)>}EbO4A#?eU-%Hk`c-SQXzxNTxz0Z0E5Adl4T_NpD24OF-|+c|z^
zt!=Cy87=S&waVY-pPS?Uv9z?h$}iZVYyfK8^3{BSEsjP^?uAZmdQC^i4EITv^XlOK
z&UWI!J||IwAjQqO@mAzyIMr%#_`YsnPdUf!jjoKtd@GF6?3tcfz(UKrNbczbs||94
zd!JdTA=)&tXQ5FBhcX?7-AJMFD(;`(Ha19g>h*hfy}>%1WU#8mxoLD37q<wWafkNA
zr<6D^^2uvZ{4{e*Rgc-qyK0hRWFiyAQm~}UlCVYCsG-2cK_k8yTmvXA)@<%`uf087
z-iYe*iw6OrnYzb{C#DX0)46lpy_rEchRj04qxz72j(wOEjyBhGIQ{3g%aONG@<^12
zy+%Utgpr06nPWvYM01zjf>r80#M^UXmA@sbM-rXDk7G8UP9Bv%70a4Tod^zq3*ACD
zzVBorA4F{4k(M&Dnn3qziyggB{1khDMiT2EwLq%n9+2W72XYAo<G8kOay6<I!a}p)
z#DR}~zs5K&vfRllq!dU;=?Qy;_YNSj8s%FEg!gpF;+{QPO?`@1JJ{hMs~E;+fvap@
z-r&AFpjvw-Ej;08bJhX<_(enG>=_Wva6<7ys)IDR_uH@ajL(D*sTz)qEkxY-uUo_S
z@J_GqJ^-XrL<di5*YT~#FhkYJAXMku2R~;PCR+;OLakh1E7bSjO6hEj(|)NE1AVO4
zYy2#*oz8eTMw%k$<E_``@4mL75WnAhaqvZBZBCVV!R1UD)YQz`NX&7g<^DAOwZ_yu
zH(kiS`*yndQM!lk=jI`A6XP`7?3G9=^c1*y^@-yT^DF9lpgS*bJ4}Bp=J&7-3vekp
zrxTtZ>-GfAwHw{4?x!#73mFm8D{5L@*i@}}z5dmF-)pX0hFhV}IASLCR7g+FGOVW6
z8HwMD>AfA}N<Ng0s*28PT<^T;!l64rP%dhaoOH_qVal^g-jv6jyj$!%370*;;})f~
zm~gAry~XWi>Fo~dyHqSIl_xZMGeS>FP7NHoXQQ`{ccJkS8gA5A>_ERPA6x+n;d^9e
zd%!(9IG@h_yCwPd>s_LN1J`SWk_O8L&&MNzB_pITnunXAt-LI^n?MR63)&hb%4ceH
zM$o8Cnx82kt-U)UF?mI?ktm0-tJSo-DSq3;Q*0=`td61fm$EIrMo+x)pG)b4jVCgo
z5(oV0en#|#mV&Ds`s8UbTVE7gXx5&^@dba6m>uhp845_b&g`&^LpeK&#0TmFaQi$d
z`|Qs{JHoI|XlfBd!)gNAX_lpNv1>gng4pX7IenD7{0gl}sVF8AE+r(06irC&_})pb
z)>1y4QSTEeR;yK8c#rc=Ol3%u)AeuSl9yjZJv@MB>pMpa<!o#S90Byf`~W%ETH@!X
zm+#*iN$1t_8x~7bJm)+f%?_jwRn4@SR%K9(JRW)kiriLbi!75!l27Amz5y|GM}(x@
zw~6G8<OnA^<z$;U2Dnyuk^;GiU=)|R!*55$Nrv{}Sb9r<`gMtV#oJfN{Nw%9zo0rj
z8S4jIk=33eqQo@1`=+-Yd#9p(ebR2BQn#kMfZ7K3hkRGwT#s(<zx|k%P0fe-(t=D+
z)>ESsM@-QN%gaExs?0un?B~!I0P2g9GdwhE>2urIhKul2)sJImtf-N+61#J?(EE$@
zg!s=gI>~J1|G3TYs{f~#bMc09|Mz%pdyieYMOzwas7*;JjZ1DbTf}x5gj6n(*{&I4
zViZOq+MB3|VO)}1au4HHGvhjPNx6;7FfN%14Z~nC#{9-!Kh-(wcg|YBwSMRP0nd8g
z-)DW-v!2)UdB47AnVJs)nGHntecw;Xru<dC*d{`?+p5W`tv+E*Q#eiV4QaYvr)c-Y
zA*{6sA3xRqE(0jay$RHNgz^_V@lg^05xkU<^3xCU!f?r7GMwedo$u$w+WcBmx=%G|
zpan^`;t%k_fPZ!8rOs1gCp@JpUNV1F+AS#Yt830t{zU%ycK6^viZsQ~!+HGfgJkrl
z&Y6Y7bE?PDtuOZh2hrFl{)qjop?$*AJx(2E8&j(LmFsBxz5?&6;12Mz#)227gF=6C
z4A=OxbGp>i8(FY#<#V2?>IdQK)VmSeqxyvIr<HsHVQ&+N_-TuYYkc70{S7>ou0iR?
zOC2jMIWmRChXp~RS<nxJjCa(4tBq!};Dgs&iv;;;g8xqAhDEaY(Dc8jv6hcSmq$X6
zRhUL(H)Mq~ZtmJ<TiixKO=*Yj_CvR4yts+~_Ol@DyPpL&Cc^<n5&8ln<XwloGb4sU
zX_V!i*bXul)0*F6yMK+%-&bhcj}leDpTEL;)v&dv)(*V$JyfpFH<DJ_A!&Z8;opPz
z|JT9=`aX?en>_OyPmR|lw`l-%-=gVsfbX1d(Q<6+`YA}XL<16X$1WX?Jrcty=e(!j
zkFjeV=1Gm<Y8@R7pOGk@-{SlW-)-#XKi{}Irq%-#K#jRzYuG1b_{E7;p=hIH8%2p*
z_PSg;8~_|4ie8RC(Cx<5soWpe-{o<x*^%!!%__i(BGDO*H>v2%5fQk~Fzydd=HoF6
zq<u4N@0@a|y(h?n^|*a9nY?9xcYq|THgvrI^n>X2w@wNLh@n-FOf_Co&--aezC*b?
z4l#auVCxUYAOLT}3-zOOZ-cBQvTcIf5y@&D26iyvoYuounW9lsxNPO1-c^1V=iv2x
z=6h$rn2_0K_#`gYMe#!cz`a+x>0VOO+YZ*qD<g*9D;pHS2d{akhZx=2FqoGWqmaim
zFOs1#KU+i&p+b5;&z)_tNXB=W9mWvK-vMH3eQV^E{YT7wGSo%)9K#x#NuclK;Kz6=
z-SJqo4~TLlU$KOfw?J5!I?yPaOr<R4c7|)0tEns028`Fv3rtAy<Qd{3b;!q!B{`4s
zdM4RTi#C6qM)+zuB>HQt&;`NFtiQ-dFhaX;y&qSp^gm~CC&~<oU6HcehaUYx5Y8xg
zmjeV@3xyEkw43#m;{jo0OwF4Sb=QD#TzLuNXpTF)$LyL_D%iEGJCzrIh@OUncir%K
zYBGDJZhU_`De+_asYM=Q&ZBIx<7uxT`SU@NdZ9I#>9|%BuI;%zCvCcD8rn?>1l~-}
zU0(`;bSuVf`W_mj!Rui~R&RP%10zTXuM>$H0Q}VW$J=>Z#9on2#LEO;Flv`CnjU3P
z`=fE;IrOkkHcBvS)sbLbw!VIWId`MOqj&L&5Z9jrdiHqcR##$IQ!xP>hefr$91L;E
zY7#fX`|V4?+T`EtS)IGlj(}l6^KP>X<PIIU+NA$H`Ls=|V&Dn2jzst*MSYrv7>Su~
z-g@tAU!pw9Mhd-lB7e}v2|s8DHlFHB>SSq7gBLgqa7(<6AqZ@*TxiN;D~QGrjJpvM
z_#}NyWKH*slNlOku{@Gi8vOx@qbOfT2PbDNa*POgW#6p|8VVP(T5AcC=)D(t>F4g$
z4GYg0s;}>J;3O3nPYK);-Q<S>({}MDn4rD(!(;P)>WPwG`P#3-*@6L8O4dqm4^PP!
zD_jG+b?o1(v;r%?`H9j{BGYN?)-0nltoO2u400yLMmUM0h#0u#=4-l0nZAJKJE67n
zsX8G=xeb-gPl~ODBv@v%@Y#HX;FPi(<jg9nr`s`mB2`Fn)J`k&u9ha_Y%|=$d6umw
z_b9Sv-wnyxkyzU<C)RZnBziatcfd>AD)`y(#lKM1u#vk%S{M{}t7Ws3TtGcDSjV|z
z%FrFy^5-11&!G6{XRvA$*3>;QnH+AJJ^kq~Yc?Q>#tS{SU!Lyo2{W<YMAt_Qit%z8
z;zy#VRMcp<I46Rn;-ZHK`FkO{aF`;RKK2p-QJ0medm%rQAFDtA8-;g%IIJGfmDnKy
zV03f!5GSGUylVtnKFGpMG;CVMQ0Qw&!9h8Rqs6B-&eMt@d1p<zkQEg*OnvIp*x%cJ
zG=WwxVEy~gxyYwxPF55IN`YG>Ey$KbT6GM$KK0nR&^Wl1ab2}**+Q-=Js&j3H)cdx
zzU<Iyi*mOCd_q$dCoacWQP_SgP2HQy=0G?spb}HgjIuF!*JN;r?tLiquodvhtgXwq
zb!coKJ@U4b*SK{+$49YlGxu>jucH?j;^xs)s%kVQC!|IyE+%z*sS)|9Y4OhnJOKFH
zOfAV>RuIK0XMnBSy#(-c)RhsqRE=RH2s0EGEp)L{tQFv5rF+3OHpQ*_i(IeV^fPVD
ziePTw2L$@aq-@J2llX%8f^LH9_>&-&=|_w5{fd{95x8e^Eb}V;1k^*)<0mQ$ed^3|
z^{G^RA}!>UKEk+>qCvNf_u;|EDm+uEq~W-hwmj?zb!bZg^%LZe171==1%yP~D(mhC
zK^4&CTa_CuRtJNXv!&igs-a+b$u*6{1-7iXgi7cZ5|6@_DyGEBEJ?$LJsm%;_DE%A
z`$#=<8E5=<+^r_hz`5wyN>|nCYHerr^ujyuL2E4l=KMWadlOzMfTEK9S#%t6M}MVF
z?U=HY&yapzb~DkmFh<gvC!kRLJZhGfr0JT+7u(2X{i@8T?=V)_LoZHg3Z#m~+X~<>
zRWbUO4%mf@`q9bYzUq`rPFk)inMCBQEb$m@>k{+P5CkW{ui|Rd*pstm>)2(=pOS>Q
zESy$Oc(v;}*FB40Rz1<wIkttQQbLmUgq)vc6R}=r@O3TsMMEE{wvR}k4SN`9kva-M
zs!&W|2JbZvWXvulvfg$uNE3O=8llV_1}r)TqGP@|+8`X_aZmf=S??4VnSw)`#%?A+
z=9<9j;4TR6hXof`Xi<qu@={=CLc8=UqnEMp5@J0~E>}X^BT#TUtFG2Fx3jNL=#4$$
zfC6$o^!+`B=4>?!e9B^&&+@Sw(i^ooa_`PQP{{JXQVE0PIndS}Ai4cxmO~B_pYuRo
zbQS%B8|n7w5zsn9dzqyOT$2)gDndHTEXg>XWTmMewE8iuMEQ;~L0I&`<%hhUKuw$V
z-!;(lagi1tONUNXQ^y=cJc4^C;pPmur2wI@q9zM)T)3@BDkr>DhB&NODD!DO!i#q-
zwGnns4sTqYUT;IYs(T^o#2*TquSeKi!=n=t8`s(#B7qr-*y6AvpL*wUZXL&=yMSff
zpBo>p;c2?Dw4ykpCCIXoel{!VWv}8$2L>6l^I(z72fW}a0={KW+ks$aLEsE-G)>RK
zhbMkA!HJMY_g|KsY4d7sspCu64V|gCtfRz?<Ry-3uE44s(a>VOn==@NKIMsk^Vj*?
zP?AUS6A2L}T~WqWzGWaEcl4L&YGC+>g`BDX!Q8VgrXU%5uR;KZ%B65qsQc>$&QK3y
z*k;iPYB`}A$`Z^%U;9E}u(I^ZjG=#=`y$u`lHCxnn$g4(cqOVqxOJ>n-AVxUSx-4M
zrXS%gu)uO=C8K>bSE_X|VfGT0N{oD4O(Z~7?rohN&hGW_?JD`1e&A8U+mtt*-KVas
zQfpV9wR<h?O<8`7Hruk&UJh{Sm>D2<ck`;ddP7OR39E-9(qk%Oq9dR1GD2JPrY14K
z<u$I}LAcLS!iFph3DqTh!HwY+LW+$q?e`ff-U>NwETNd?4$DX~+GA=xAg&Y2rO#sN
zdD@n+i@(%S)34S?PEDMTEAFE$vu}Y9YlN2NGGGbGkTmn@(FUP6GM2w*<>U%b%NtG#
zYgA4n=e)EW!ie)CkzDsttyaL;sxIm|P2>W%0cWqSO^g@*uz8L%$O$oV7+xB2XYA_b
z{XDe00D85`_2&oDoSFKW)>#^jPHxhGs$KY8y#KLTO&66m=Rcp+b%s2MxPe{IHH+@6
zUJF{cdkyF)PA=W&l%FJBxKa{|?ZbK7;dJmgeXhZ)M}y0ob?a+u>sa<?CD&L!BAy2>
zpokBwIu?MCntxUi(zaR{5~H{4fuRXePJx7lgxREXOvspIg}8t(C*`Ws{w8oP53#!Y
zlcPHmn<~_WNM>G&7TrUVGOFe3ZVHhsu6TO}_fF*~C0hsk^0~F@ucSmHuUjPzCyhHo
zZGl7-tZ*(^ZT6$uLKd~~TD48SeZ8_;$Mt&e5ffi;5!_{qr7q}g;i69skD-^wrwr_e
z7xaGp`XP^peglWKPKjWBB`x_#vj!shrIB$uDFo*>+B$z*g^8(A8ENlh0qeOinfR;g
z-qiiU03CL)*q*N-weaINB7pP~$-B^d0eC~*RX#myJ8r`TX!x>^49O>~b~<$uS<sKN
zc4Jb$PqGpAJ&Qm%sjr47vHo}As5*YndNXmPY0y==p8Lp=09;Rbc+9i(O`>|xJpYZ(
zp94Yvo&#~!za>B$2smMNdZbI>&wFJ=MjS>P`Ni|L=~t`B9iBnF75$$|+5+8sb%2;0
zz#5aW5WQ1WFVYp0*3$h(PS)S0r6Hcuig6!Id$W5-(fRwfTlSTseRq%ib9Pvi%PQ{)
z|2jJiez4PVFK`)$@+<o-a+=5uZIV{kpP4GN_W?L+-gXB)_TxZ~&JMOAs$xpk8^0FA
zxeYtT@HgzS;FI+D3`0+zN~7u?=0TzVdR*^64=@!f4Sx@S&@X1}-Z5%+9F}dJL`rnG
z-%sc_U*7Hc@1n}K$s#Mrw^&3>bOd&!xbFlSdqci@;`&3|k$-WazZj87f8GrK=C^#k
uu*{XO^Vlog`|{O6`=-zQ-`s8s+UzDIPBeU^#6P)tm+?h&gOUr*_x}Mxj;Ck<

literal 0
HcmV?d00001

diff --git a/docs/en/latest/control-api.md b/docs/en/latest/control-api.md
index c6944f2b5421..a068d4411fb3 100644
--- a/docs/en/latest/control-api.md
+++ b/docs/en/latest/control-api.md
@@ -98,71 +98,50 @@ Returns a [health check](./tutorials/health-check.md) of the APISIX instance.
 
 ```json
 [
-    {
-        "healthy_nodes": [
-            {
-                "host": "127.0.0.1",
-                "port": 1980,
-                "priority": 0,
-                "weight": 1
-            }
-        ],
-        "name": "upstream#/upstreams/1",
-        "nodes": [
-            {
-                "host": "127.0.0.1",
-                "port": 1980,
-                "priority": 0,
-                "weight": 1
-            },
-            {
-                "host": "127.0.0.2",
-                "port": 1988,
-                "priority": 0,
-                "weight": 1
-            }
-        ],
-        "src_id": "1",
-        "src_type": "upstreams"
-    },
-    {
-        "healthy_nodes": [
-            {
-                "host": "127.0.0.1",
-                "port": 1980,
-                "priority": 0,
-                "weight": 1
-            }
-        ],
-        "name": "upstream#/routes/1",
-        "nodes": [
-            {
-                "host": "127.0.0.1",
-                "port": 1980,
-                "priority": 0,
-                "weight": 1
-            },
-            {
-                "host": "127.0.0.1",
-                "port": 1988,
-                "priority": 0,
-                "weight": 1
-            }
-        ],
-        "src_id": "1",
-        "src_type": "routes"
-    }
+  {
+    "nodes": [
+      {
+        "ip": "52.86.68.46",
+        "counter": {
+          "http_failure": 0,
+          "success": 0,
+          "timeout_failure": 0,
+          "tcp_failure": 0
+        },
+        "port": 80,
+        "status": "healthy"
+      },
+      {
+        "ip": "100.24.156.8",
+        "counter": {
+          "http_failure": 5,
+          "success": 0,
+          "timeout_failure": 0,
+          "tcp_failure": 0
+        },
+        "port": 80,
+        "status": "unhealthy"
+      }
+    ],
+    "name": "/apisix/routes/1",
+    "type": "http"
+  }
 ]
+
 ```
 
 Each of the returned objects contain the following fields:
 
-* src_type: where the health checker is reporting from. Value is one of  `["routes", "services", "upstreams"]`.
-* src_id: id of the object creating the health checker. For example, if an Upstream
-object with id `1` creates a health checker, the `src_type` is `upstreams` and the `src_id` is `1`.
-* name: name of the health checker.
+* name: resource id, where the health checker is reporting from.
+* type: health check type: `["http", "https", "tcp"]`.
 * nodes: target nodes of the health checker.
-* healthy_nodes: healthy nodes discovered by the health checker.
+* nodes[i].ip: ip address.
+* nodes[i].port: port number.
+* nodes[i].status: health check result: `["healthy", "unhealthy", "mostly_healthy", "mostly_unhealthy"]`.
+* nodes[i].counter.success: success health check count.
+* nodes[i].counter.http_failure: http failures count.
+* nodes[i].counter.tcp_failure: tcp connect/read/write failures count.
+* nodes[i].counter.timeout_failure: timeout count.
 
 You can also use `/v1/healthcheck/$src_type/$src_id` to get the health status of specific nodes.
 
@@ -170,40 +149,50 @@ For example, `GET /v1/healthcheck/upstreams/1` returns:
 
 ```json
 {
-    "healthy_nodes": [
-        {
-            "host": "127.0.0.1",
-            "port": 1980,
-            "priority": 0,
-            "weight": 1
-        }
-    ],
-    "name": "upstream#/upstreams/1",
-    "nodes": [
-        {
-            "host": "127.0.0.1",
-            "port": 1980,
-            "priority": 0,
-            "weight": 1
-        },
-        {
-            "host": "127.0.0.2",
-            "port": 1988,
-            "priority": 0,
-            "weight": 1
-        }
-    ],
-    "src_id": "1",
-    "src_type": "upstreams"
+  "nodes": [
+    {
+      "ip": "52.86.68.46",
+      "counter": {
+        "http_failure": 0,
+        "success": 2,
+        "timeout_failure": 0,
+        "tcp_failure": 0
+      },
+      "port": 80,
+      "status": "healthy"
+    },
+    {
+      "ip": "100.24.156.8",
+      "counter": {
+        "http_failure": 5,
+        "success": 0,
+        "timeout_failure": 0,
+        "tcp_failure": 0
+      },
+      "port": 80,
+      "status": "unhealthy"
+    }
+  ],
+  "type": "http"
+  "name": "/apisix/routes/1"
 }
+
 ```
 
 :::note
 
-As APISIX uses multiple-process architecture, if the process never handles the request of a specific upstream, then the upstream's health check information will not appear on the process. This may result in the health check API can't get all data during testing.
+Only when one upstream is satisfied by the conditions below,
+its status is shown in the result list:
+
+* The upstream is configured with a health checker
+* The upstream has served requests in any worker process
 
 :::
 
+If you use browser to access the control API URL, then you will get the HTML output:
+
+![Health Check Status Page](https://raw.githubusercontent.com/apache/apisix/master/docs/assets/images/health_check_status_page.png)
+
 ### POST /v1/gc
 
 Introduced in [v2.8](https://github.com/apache/apisix/releases/tag/2.8).
diff --git a/docs/en/latest/plugins/prometheus.md b/docs/en/latest/plugins/prometheus.md
index eb9ca6c83b34..9f93f9a24ae5 100644
--- a/docs/en/latest/plugins/prometheus.md
+++ b/docs/en/latest/plugins/prometheus.md
@@ -235,6 +235,16 @@ The following metrics are exported by the `prometheus` Plugin:
 - Info: Information about the APISIX node.
 - Shared dict: The capacity and free space of all nginx.shared.DICT in APISIX.
 
+- `apisix_upstream_status`: Health check result status of upstream nodes. A value of `1` represents healthy and `0` represents unhealthy.
+
+  The available attributes are:
+
+  | Name         | Description                                                                                                                   |
+  |--------------|-------------------------------------------------------------------------------------------------------------------------------|
+  | name         | resource id where the upstream node is attached to, e.g. `/apisix/routes/1`, `/apisix/upstreams/1`.                                                                            |
+  | ip        | ip address of the node.                          |
+  | port  | port number of the node.                               |
+
 Here are the original metrics from APISIX:
 
 ```shell
@@ -323,6 +333,10 @@ apisix_shared_dict_free_space_bytes{name="balancer-ewma-locks"} 10412032
 apisix_shared_dict_free_space_bytes{name="discovery"} 1032192
 apisix_shared_dict_free_space_bytes{name="etcd-cluster-health-check"} 10412032
 ...
+# HELP apisix_upstream_status Upstream status from health check
+# TYPE apisix_upstream_status gauge
+apisix_upstream_status{name="/apisix/routes/1",ip="100.24.156.8",port="80"} 0
+apisix_upstream_status{name="/apisix/routes/1",ip="52.86.68.46",port="80"} 1
 ```
 
 ## Disable Plugin
diff --git a/docs/zh/latest/control-api.md b/docs/zh/latest/control-api.md
index f257789e72e3..eeb61b5b8eee 100644
--- a/docs/zh/latest/control-api.md
+++ b/docs/zh/latest/control-api.md
@@ -96,70 +96,50 @@ APISIX 中一些插件添加了自己的 control API。如果你对他们感兴
 
 ```json
 [
-    {
-        "healthy_nodes": [
-            {
-                "host": "127.0.0.1",
-                "port": 1980,
-                "priority": 0,
-                "weight": 1
-            }
-        ],
-        "name": "upstream#/upstreams/1",
-        "nodes": [
-            {
-                "host": "127.0.0.1",
-                "port": 1980,
-                "priority": 0,
-                "weight": 1
-            },
-            {
-                "host": "127.0.0.2",
-                "port": 1988,
-                "priority": 0,
-                "weight": 1
-            }
-        ],
-        "src_id": "1",
-        "src_type": "upstreams"
-    },
-    {
-        "healthy_nodes": [
-            {
-                "host": "127.0.0.1",
-                "port": 1980,
-                "priority": 0,
-                "weight": 1
-            }
-        ],
-        "name": "upstream#/routes/1",
-        "nodes": [
-            {
-                "host": "127.0.0.1",
-                "port": 1980,
-                "priority": 0,
-                "weight": 1
-            },
-            {
-                "host": "127.0.0.1",
-                "port": 1988,
-                "priority": 0,
-                "weight": 1
-            }
-        ],
-        "src_id": "1",
-        "src_type": "routes"
-    }
+  {
+    "nodes": [
+      {
+        "ip": "52.86.68.46",
+        "counter": {
+          "http_failure": 0,
+          "success": 0,
+          "timeout_failure": 0,
+          "tcp_failure": 0
+        },
+        "port": 80,
+        "status": "healthy"
+      },
+      {
+        "ip": "100.24.156.8",
+        "counter": {
+          "http_failure": 5,
+          "success": 0,
+          "timeout_failure": 0,
+          "tcp_failure": 0
+        },
+        "port": 80,
+        "status": "unhealthy"
+      }
+    ],
+    "name": "/apisix/routes/1",
+    "type": "http"
+  }
 ]
+
 ```
 
 每个 entry 包含以下字段：
 
-* src_type：表示 health checker 的来源。值是 `[routes,services,upstreams]` 其中之一
-* src_id：表示创建 health checker 的对象的 id。例如，假设 id 为 1 的 Upstream 对象创建了一个 health checker，那么 `src_type` 就是 `upstreams`，`src_id` 就是 1
-* name：表示 health checker 的名称
-* nodes：health checker 的目标节点
-* healthy_nodes：表示 health checker 检测到的健康节点
+* name: 资源 ID，健康检查的报告对象。
+* type: 健康检查类型，取值为 `["http", "https", "tcp"]`。
+* nodes: 检查节点列表。
+* nodes[i].ip: IP 地址。
+* nodes[i].port: 端口。
+* nodes[i].status: 状态：`["healthy", "unhealthy", "mostly_healthy", "mostly_unhealthy"]`。
+* nodes[i].counter.success: 成功计数器。
+* nodes[i].counter.http_failure: HTTP 访问失败计数器。
+* nodes[i].counter.tcp_failure: TCP 连接或读写的失败计数器。
+* nodes[i].counter.timeout_failure: 超时计数器。
 
 用户也可以通过 `/v1/healthcheck/$src_type/$src_id` 来获取指定 health checker 的状态。
 
@@ -167,40 +147,49 @@ APISIX 中一些插件添加了自己的 control API。如果你对他们感兴
 
 ```json
 {
-    "healthy_nodes": [
-        {
-            "host": "127.0.0.1",
-            "port": 1980,
-            "priority": 0,
-            "weight": 1
-        }
-    ],
-    "name": "upstream#/upstreams/1",
-    "nodes": [
-        {
-            "host": "127.0.0.1",
-            "port": 1980,
-            "priority": 0,
-            "weight": 1
-        },
-        {
-            "host": "127.0.0.2",
-            "port": 1988,
-            "priority": 0,
-            "weight": 1
-        }
-    ],
-    "src_id": "1",
-    "src_type": "upstreams"
+  "nodes": [
+    {
+      "ip": "52.86.68.46",
+      "counter": {
+        "http_failure": 0,
+        "success": 2,
+        "timeout_failure": 0,
+        "tcp_failure": 0
+      },
+      "port": 80,
+      "status": "healthy"
+    },
+    {
+      "ip": "100.24.156.8",
+      "counter": {
+        "http_failure": 5,
+        "success": 0,
+        "timeout_failure": 0,
+        "tcp_failure": 0
+      },
+      "port": 80,
+      "status": "unhealthy"
+    }
+  ],
+  "type": "http"
+  "name": "/apisix/routes/1"
 }
+
 ```
 
 :::note
 
-由于 APISIX 采用多进程架构，如果该进程从来没有处理特定上游的请求，则上游的健康检查信息不会出现在该进程上。这可能会导致健康检查 API 在测试期间无法获取所有数据。
+只有一个上游满足以下条件时，它的健康检查状态才会出现在结果里面：
+
+* 上游配置了健康检查。
+* 上游在任何一个 worker 进程处理过客户端请求。
 
 :::
 
+如果你使用浏览器访问该 API，你将得到一个网页：
+
+![Health Check Status Page](https://raw.githubusercontent.com/apache/apisix/master/docs/assets/images/health_check_status_page.png)
+
 ### POST /v1/gc
 
 引入自 2.8 版本
diff --git a/docs/zh/latest/plugins/prometheus.md b/docs/zh/latest/plugins/prometheus.md
index 8afc3fe6570f..b63d7f970710 100644
--- a/docs/zh/latest/plugins/prometheus.md
+++ b/docs/zh/latest/plugins/prometheus.md
@@ -208,6 +208,13 @@ scrape_configs:
 
 - Info: 当前 APISIX 节点信息。
 - Shared dict: APISIX 中所有共享内存的容量以及剩余可用空间。
+- `apisix_upstream_status`: 上游健康检查的节点状态，`1` 表示健康，`0` 表示不健康。属性如下所示：
+
+  | 名称         | 描述                                                                                                                   |
+  |--------------|-------------------------------------------------------------------------------------------------------------------------------|
+  | name         | 上游所依附的资源 ID，例如 `/apisix/routes/1`, `/apisix/upstreams/1`.                                                                            |
+  | ip        | 上游节点的 IP 地址。                          |
+  | port  | 上游节点的端口号。                               |
 
 以下是 APISIX 的原始的指标数据集：
 
@@ -297,6 +304,10 @@ apisix_shared_dict_free_space_bytes{name="balancer-ewma-locks"} 10412032
 apisix_shared_dict_free_space_bytes{name="discovery"} 1032192
 apisix_shared_dict_free_space_bytes{name="etcd-cluster-health-check"} 10412032
 ...
+# HELP apisix_upstream_status Upstream status from health check
+# TYPE apisix_upstream_status gauge
+apisix_upstream_status{name="/apisix/routes/1",ip="100.24.156.8",port="80"} 0
+apisix_upstream_status{name="/apisix/routes/1",ip="52.86.68.46",port="80"} 1
 ```
 
 ## 禁用插件
diff --git a/rockspec/apisix-master-0.rockspec b/rockspec/apisix-master-0.rockspec
index 8a73fd59c73e..f11c57c3d3bd 100644
--- a/rockspec/apisix-master-0.rockspec
+++ b/rockspec/apisix-master-0.rockspec
@@ -39,7 +39,7 @@ dependencies = {
     "lua-resty-balancer = 0.04",
     "lua-resty-ngxvar = 0.5.2",
     "lua-resty-jit-uuid = 0.0.7",
-    "lua-resty-healthcheck-api7 = 2.2.2",
+    "lua-resty-healthcheck-api7 = 2.2.3",
     "api7-lua-resty-jwt = 0.2.4",
     "lua-resty-hmac-ffi = 0.05",
     "lua-resty-cookie = 0.1.0",
diff --git a/t/control/healthcheck.t b/t/control/healthcheck.t
index 3c9cefff8681..5d40e970739b 100644
--- a/t/control/healthcheck.t
+++ b/t/control/healthcheck.t
@@ -67,6 +67,7 @@ upstreams:
 --- config
     location /t {
         content_by_lua_block {
+            local core = require("apisix.core")
             local json = require("toolkit.json")
             local t = require("lib.test_admin")
             local http = require "resty.http"
@@ -76,21 +77,44 @@ upstreams:
 
             ngx.sleep(2.2)
 
-            local code, body, res = t.test('/v1/healthcheck',
+            local _, _, res = t.test('/v1/healthcheck',
                 ngx.HTTP_GET)
             res = json.decode(res)
+            assert(#res == 1, "invalid number of results")
             table.sort(res[1].nodes, function(a, b)
-                return a.host < b.host
+                return a.ip < b.ip
             end)
-            ngx.say(json.encode(res))
+            ngx.say(core.json.stably_encode(res[1].nodes))
 
-            local code, body, res = t.test('/v1/healthcheck/upstreams/1',
+            local _, _, res = t.test('/v1/healthcheck/upstreams/1',
                 ngx.HTTP_GET)
             res = json.decode(res)
             table.sort(res.nodes, function(a, b)
-                return a.host < b.host
+                return a.ip < b.ip
             end)
-            ngx.say(json.encode(res))
+            ngx.say(core.json.stably_encode(res.nodes))
+
+            local _, _, res = t.test('/v1/healthcheck/upstreams/1',
+                ngx.HTTP_GET, nil, nil, {["Accept"] = "text/html"})
+            local xml2lua = require("xml2lua")
+            local xmlhandler = require("xmlhandler.tree")
+            local handler = xmlhandler:new()
+            local parser = xml2lua.parser(handler)
+            parser.parse(parser, res)
+            local matches = 0
+            for _, td in ipairs(handler.root.html.body.table.tr) do
+                if td.td then
+                    if td.td[4] == "127.0.0.2:1988" then
+                        assert(td.td[5] == "unhealthy", "127.0.0.2:1988 is not unhealthy")
+                        matches = matches + 1
+                    end
+                    if td.td[4] == "127.0.0.1:1980" then
+                        assert(td.td[5] == "healthy", "127.0.0.1:1980 is not healthy")
+                        matches = matches + 1
+                    end
+                end
+            end
+            assert(matches == 2, "unexpected html")
         }
     }
 --- grep_error_log eval
@@ -99,8 +123,8 @@ qr/unhealthy TCP increment \(.+\) for '[^']+'/
 unhealthy TCP increment (1/2) for '(127.0.0.2:1988)'
 unhealthy TCP increment (2/2) for '(127.0.0.2:1988)'
 --- response_body
-[{"healthy_nodes":[{"host":"127.0.0.1","port":1980,"priority":0,"weight":1}],"name":"upstream#/upstreams/1","nodes":[{"host":"127.0.0.1","port":1980,"priority":0,"weight":1},{"host":"127.0.0.2","port":1988,"priority":0,"weight":1}],"src_id":"1","src_type":"upstreams"}]
-{"healthy_nodes":[{"host":"127.0.0.1","port":1980,"priority":0,"weight":1}],"name":"upstream#/upstreams/1","nodes":[{"host":"127.0.0.1","port":1980,"priority":0,"weight":1},{"host":"127.0.0.2","port":1988,"priority":0,"weight":1}],"src_id":"1","src_type":"upstreams"}
+[{"counter":{"http_failure":0,"success":0,"tcp_failure":0,"timeout_failure":0},"ip":"127.0.0.1","port":1980,"status":"healthy"},{"counter":{"http_failure":0,"success":0,"tcp_failure":2,"timeout_failure":0},"ip":"127.0.0.2","port":1988,"status":"unhealthy"}]
+[{"counter":{"http_failure":0,"success":0,"tcp_failure":0,"timeout_failure":0},"ip":"127.0.0.1","port":1980,"status":"healthy"},{"counter":{"http_failure":0,"success":0,"tcp_failure":2,"timeout_failure":0},"ip":"127.0.0.2","port":1988,"status":"unhealthy"}]
 
 
 
@@ -169,8 +193,8 @@ qr/unhealthy TCP increment \(.+\) for '[^']+'/
 unhealthy TCP increment (1/2) for '127.0.0.1(127.0.0.1:1988)'
 unhealthy TCP increment (2/2) for '127.0.0.1(127.0.0.1:1988)'
 --- response_body
-[{"healthy_nodes":[{"host":"127.0.0.1","port":1980,"priority":0,"weight":1}],"name":"upstream#/routes/1","nodes":[{"host":"127.0.0.1","port":1980,"priority":0,"weight":1},{"host":"127.0.0.1","port":1988,"priority":0,"weight":1}],"src_id":"1","src_type":"routes"}]
-{"healthy_nodes":[{"host":"127.0.0.1","port":1980,"priority":0,"weight":1}],"name":"upstream#/routes/1","nodes":[{"host":"127.0.0.1","port":1980,"priority":0,"weight":1},{"host":"127.0.0.1","port":1988,"priority":0,"weight":1}],"src_id":"1","src_type":"routes"}
+[{"name":"/routes/1","nodes":[{"counter":{"http_failure":0,"success":0,"tcp_failure":0,"timeout_failure":0},"hostname":"127.0.0.1","ip":"127.0.0.1","port":1980,"status":"healthy"},{"counter":{"http_failure":0,"success":0,"tcp_failure":2,"timeout_failure":0},"hostname":"127.0.0.1","ip":"127.0.0.1","port":1988,"status":"unhealthy"}],"type":"http"}]
+{"name":"/routes/1","nodes":[{"counter":{"http_failure":0,"success":0,"tcp_failure":0,"timeout_failure":0},"hostname":"127.0.0.1","ip":"127.0.0.1","port":1980,"status":"healthy"},{"counter":{"http_failure":0,"success":0,"tcp_failure":2,"timeout_failure":0},"hostname":"127.0.0.1","ip":"127.0.0.1","port":1988,"status":"unhealthy"}],"type":"http"}
 
 
 
@@ -244,8 +268,8 @@ qr/unhealthy TCP increment \(.+\) for '[^']+'/
 unhealthy TCP increment (1/2) for '127.0.0.1(127.0.0.1:1988)'
 unhealthy TCP increment (2/2) for '127.0.0.1(127.0.0.1:1988)'
 --- response_body
-[{"healthy_nodes":{},"name":"upstream#/services/1","nodes":[{"host":"127.0.0.1","port":1980,"priority":0,"weight":1},{"host":"127.0.0.1","port":1988,"priority":0,"weight":1}],"src_id":"1","src_type":"services"}]
-{"healthy_nodes":{},"name":"upstream#/services/1","nodes":[{"host":"127.0.0.1","port":1980,"priority":0,"weight":1},{"host":"127.0.0.1","port":1988,"priority":0,"weight":1}],"src_id":"1","src_type":"services"}
+[{"name":"/services/1","nodes":[{"counter":{"http_failure":0,"success":0,"tcp_failure":2,"timeout_failure":0},"hostname":"127.0.0.1","ip":"127.0.0.1","port":1988,"status":"unhealthy"}],"type":"http"}]
+{"name":"/services/1","nodes":[{"counter":{"http_failure":0,"success":0,"tcp_failure":2,"timeout_failure":0},"hostname":"127.0.0.1","ip":"127.0.0.1","port":1988,"status":"unhealthy"}],"type":"http"}
 
 
 
@@ -279,69 +303,3 @@ GET /v1/healthcheck/route/1
 --- error_code: 400
 --- response_body
 {"error_msg":"invalid src type route"}
-
-
-
-=== TEST 7: default health status
---- yaml_config
-apisix:
-    node_listen: 1984
-deployment:
-    role: data_plane
-    role_data_plane:
-        config_provider: yaml
---- apisix_yaml
-routes:
-  -
-    uris:
-        - /hello
-    upstream_id: 1
-upstreams:
-    - nodes:
-        "127.0.0.1:1988": 1
-        "127.0.0.2:1980": 1
-      type: chash
-      id: 1
-      key: "uri"
-      checks:
-        active:
-            http_path: "/status"
-            healthy:
-                interval: 1
-                successes: 1
-            unhealthy:
-                interval: 1
-                http_failures: 1
-#END
---- config
-    location /t {
-        content_by_lua_block {
-            local json = require("toolkit.json")
-            local t = require("lib.test_admin")
-
-            -- not hit
-            local code, body, res = t.test('/v1/healthcheck',
-                ngx.HTTP_GET)
-            ngx.print(res)
-
-            -- hit, but no enough to mark node to unhealthy
-            local http = require "resty.http"
-            local uri = "http://127.0.0.1:" .. ngx.var.server_port .. "/hello"
-            local httpc = http.new()
-            local res, err = httpc:request_uri(uri, {method = "GET"})
-            local code, body, res = t.test('/v1/healthcheck',
-                ngx.HTTP_GET)
-            res = json.decode(res)
-            table.sort(res[1].healthy_nodes, function(a, b)
-                return a.host < b.host
-            end)
-            ngx.say(json.encode(res[1].healthy_nodes))
-        }
-    }
---- grep_error_log eval
-qr/unhealthy TCP increment \(.+\) for '[^']+'/
---- grep_error_log_out
-unhealthy TCP increment (1/2) for '(127.0.0.1:1988)'
---- response_body
-{}
-[{"host":"127.0.0.1","port":1988,"priority":0,"weight":1},{"host":"127.0.0.2","port":1980,"priority":0,"weight":1}]
diff --git a/t/discovery/consul.t b/t/discovery/consul.t
index 39c5ab287b50..cf97e0ce8fea 100644
--- a/t/discovery/consul.t
+++ b/t/discovery/consul.t
@@ -558,6 +558,9 @@ upstreams:
             table.sort(nodes, function(a, b)
                 return a.port < b.port
             end)
+            for _, node in ipairs(nodes) do
+                node.counter = nil
+            end
             ngx.say(json.encode(nodes))
 
             local code, body, res = t.test('/v1/healthcheck/upstreams/1',
@@ -567,12 +570,15 @@ upstreams:
             table.sort(nodes, function(a, b)
                 return a.port < b.port
             end)
+            for _, node in ipairs(nodes) do
+                node.counter = nil
+            end
             ngx.say(json.encode(nodes))
         }
     }
 --- request
 GET /thc
 --- response_body
-[{"host":"127.0.0.1","port":30513,"priority":0,"weight":1},{"host":"127.0.0.1","port":30514,"priority":0,"weight":1}]
-[{"host":"127.0.0.1","port":30513,"priority":0,"weight":1},{"host":"127.0.0.1","port":30514,"priority":0,"weight":1}]
+[{"ip":"127.0.0.1","port":30513,"status":"healthy"},{"ip":"127.0.0.1","port":30514,"status":"healthy"}]
+[{"ip":"127.0.0.1","port":30513,"status":"healthy"},{"ip":"127.0.0.1","port":30514,"status":"healthy"}]
 --- ignore_error_log
diff --git a/t/discovery/consul_kv.t b/t/discovery/consul_kv.t
index da557d1d0127..9363f768d209 100644
--- a/t/discovery/consul_kv.t
+++ b/t/discovery/consul_kv.t
@@ -425,25 +425,33 @@ upstreams:
             local code, body, res = t.test('/v1/healthcheck',
                 ngx.HTTP_GET)
             res = json.decode(res)
-            table.sort(res[1].nodes, function(a, b)
-                return a.host < b.host
+            local nodes = res[1].nodes
+            table.sort(nodes, function(a, b)
+                return a.ip < b.ip
             end)
-            ngx.say(json.encode(res))
+            for _, node in ipairs(nodes) do
+                node.counter = nil
+            end
+            ngx.say(json.encode(nodes))
 
             local code, body, res = t.test('/v1/healthcheck/upstreams/1',
                 ngx.HTTP_GET)
             res = json.decode(res)
-            table.sort(res.nodes, function(a, b)
-                return a.host < b.host
+            local nodes = res.nodes
+            table.sort(nodes, function(a, b)
+                return a.ip < b.ip
             end)
-            ngx.say(json.encode(res))
+            for _, node in ipairs(nodes) do
+                node.counter = nil
+            end
+            ngx.say(json.encode(nodes))
         }
     }
 --- request
 GET /thc
 --- response_body
-[{"healthy_nodes":[{"host":"127.0.0.1","port":30511,"priority":0,"weight":1}],"name":"upstream#/upstreams/1","nodes":[{"host":"127.0.0.1","port":30511,"priority":0,"weight":1},{"host":"127.0.0.2","port":1988,"priority":0,"weight":1}],"src_id":"1","src_type":"upstreams"}]
-{"healthy_nodes":[{"host":"127.0.0.1","port":30511,"priority":0,"weight":1}],"name":"upstream#/upstreams/1","nodes":[{"host":"127.0.0.1","port":30511,"priority":0,"weight":1},{"host":"127.0.0.2","port":1988,"priority":0,"weight":1}],"src_id":"1","src_type":"upstreams"}
+[{"ip":"127.0.0.1","port":30511,"status":"healthy"},{"ip":"127.0.0.2","port":1988,"status":"unhealthy"}]
+[{"ip":"127.0.0.1","port":30511,"status":"healthy"},{"ip":"127.0.0.2","port":1988,"status":"unhealthy"}]
 --- ignore_error_log