Nomad (Server)

Overview

This is a flavour containing the nomad service orchestrator.

This flavour is configured as orchestration server. You need one or more nomad client instances that connect to this server and actually run the workload.

Since clients need to run jobs e.g. via pot, you need to install the client directly on a host; therefore you will not find a nomad client flavour on potluck.

Together with consul and the traefik pot flavours on this site, you can easily set up a virtual datacenter.

Please note that a specific network configuration is suggested (see Installation-chapter) as this jail does not work behind the NAT of a public-bridge.

Installation

  • Create your local jail from the image or the flavour files.
  • This jail does not work with a public bridge, so clone it to use an IP address directly on your host:
    sudo pot clone -P <nameofimportedjail> -p <clonejailname> -N alias -i "<interface>|<ipaddress>"
    e.g. sudo pot clone -P nomad-server-amd64-13_2_0_2 -p my-nomad-server -N alias -i "em0|10.10.10.11"
  • Adjust to your environment:
    sudo pot set-env -p <clonejailname> -E DATACENTER=<datacentername> -E NODENAME=<name of this node> -E IP=<IP address of this nomad instance> -E CONSULSERVERS=<'"list", "of", "consul", "IPs"'> [-E BOOTSTRAP=<1|3|5>] [-E GOSSIPKEY="<32 byte Base64 key from consul keygen>"] [-E NOMADKEY="<16 byte or 32 byte key from nomad operator keygen>"]

The CONSULSERVERS parameter defines the consul server instances, and must be set as CONSULSERVERS='"10.0.0.2"' or CONSULSERVERS='"10.0.0.2", "10.0.0.3", "10.0.0.4"' or CONSULSERVERS='"10.0.0.2", "10.0.0.3", "10.0.0.4", "10.0.0.5", "10.0.0.6"'

The BOOTSTRAP parameter defines the expected number of cluster nodes, it defaults to 1 (no cluster) if it is not set. You MUST still pass in a consul IP under CONSULSERVERS.

The GOSSIPKEY parameter is the gossip encryption key for consul agent. We’re using a default key if the parameter is not set, do not use the default key for production encryption, instead provide your own.

The NOMADKEY parameter is the gossip encryption key for nomad. We’re re-using the default key from consul as nomad supports 32 byte Base64 keys, but the common one is a 16 byte Bas64 key from nomad operator keygen

Usage

You can connect to the dashboard on port 4646 of your jail IP address.

To run a new job, connect to the jail via pot term <jailname> and run a nomad job description via nomad run -address=http://<jailip>:4646 <jobfile> or place the job via the dashboard.

Getting Started

How To Use The Ready-Made Image

FreeBSD 13.0:
pot import -p nomad-server-amd64-13_0 -t 2.0.6 -U https://potluck.honeyguide.net/nomad-server

FreeBSD 12.2:
pot import -p nomad-server-amd64-12_2 -t 2.0.6 -U https://potluck.honeyguide.net/nomad-server

If you don’t want to use the default pot bridged network configuration but instead need an individual network setup (e.g. assign a host IP address), after importing it you can simply clone the jail like that (em0 is the host network adapter in this example):
pot clone -P nomad-server-amd64-13_0 -p my-cloned-jail -N alias -i "em0|10.10.10.10"

Note: Some images might require specific network configuration, double check the Overview-chapter at the top.

Alternatively: Create a Jail With This Flavour Yourself

1. Create Flavour Files

Save all files and directories from https://github.com/hny-gd/potluck/tree/master/nomad-server to /usr/local/etc/pot/flavours/

2. Create Jail From Flavour

Run
pot create -b <FreeBSD Version> -p <jailname> -t single -N public-bridge -f fbsd-update

with your FreeBSD version (e.g. 12.1) and the name your jail should get.

Note: Some images might require specific network configuration, double check the Overview-chapter at the top.

Version History

2.0.6

  • Quoting gossip key encrypt parameter

2.0.5

  • Adjusting parameters for service “node-exporter”

2.0.4

  • Adding node_exporter and configuring consul to publish service at “node-exporter”

2.0.3

  • Updated to use gossip encryption for consul and nomad (re-using key)

2.0.2

  • Updated to use local consul agent

2.0.1

  • Rebuild for FreeBSD 13 & new packages

2.0

  • Updated to use latest flavour script, initial tweaks for nomad cluster in config

1.0.2

  • Trigger build of FreeBSD 12.2 image & rebuild FreeBSD 11.4 image to update packages

1.0.1

  • Fixed typo because of which DATACENTER was not set correctly

1.0

  • Initial commit

These images were built on Fri Sep 10 21:29:06 UTC 2021

Manual Image Download Links

nomad-server-amd64-13_0_2.0.6.xz ( 349.032 MB )
nomad-server-amd64-13_0_2.0.6.xz.skein ( 0.250977 KB )

nomad-server-amd64-12_2_2.0.6.xz ( 402.273 MB )
nomad-server-amd64-12_2_2.0.6.xz.skein ( 0.250977 KB )

Jenkins Pot Creation Logs

nomad-server-amd64-13_0_2.0.6:


nomad-server/nomad-server:

nomad-server/nomad-server.sh:
#!/bin/sh

# Based on POTLUCK TEMPLATE v3.0
# Altered by Michael Gmelin
#
# EDIT THE FOLLOWING FOR NEW FLAVOUR:
# 1. RUNS_IN_NOMAD - true or false
# 2. If RUNS_IN_NOMAD is false, can delete the <flavour>+4 file, else
#    make sure pot create command doesn't include it
# 3. Create a matching <flavour> file with this <flavour>.sh file that
#    contains the copy-in commands for the config files from <flavour>.d/
#    Remember that the package directories don't exist yet, so likely copy
#    to /root
# 4. Adjust package installation between BEGIN & END PACKAGE SETUP
# 5. Adjust jail configuration script generation between BEGIN & END COOK
#    Configure the config files that have been copied in where necessary

# Set this to true if this jail flavour is to be created as a nomad (i.e. blocking) jail.
# You can then query it in the cook script generation below and the script is installed
# appropriately at the end of this script
RUNS_IN_NOMAD=false

# set the cook log path/filename
COOKLOG=/var/log/cook.log

# check if cooklog exists, create it if not
if [ ! -e $COOKLOG ]
then
    echo "Creating $COOKLOG" | tee -a $COOKLOG
else
    echo "WARNING $COOKLOG already exists"  | tee -a $COOKLOG
fi
date >> $COOKLOG

# -------------------- COMMON ---------------

STEPCOUNT=0
step() {
  STEPCOUNT=$(expr "$STEPCOUNT" + 1)
  STEP="$@"
  echo "Step $STEPCOUNT: $STEP" | tee -a $COOKLOG
}

exit_ok() {
  trap - EXIT
  exit 0
}

FAILED=" failed"
exit_error() {
  STEP="$@"
  FAILED=""
  exit 1
}

set -e
trap 'echo ERROR: $STEP$FAILED | (>&2 tee -a $COOKLOG)' EXIT

# -------------- BEGIN PACKAGE SETUP -------------

step "Bootstrap package repo"
mkdir -p /usr/local/etc/pkg/repos
echo 'FreeBSD: { url: "pkg+http://pkg.FreeBSD.org/${ABI}/quarterly" }' \
  >/usr/local/etc/pkg/repos/FreeBSD.conf
ASSUME_ALWAYS_YES=yes pkg bootstrap

step "Touch /etc/rc.conf"
touch /etc/rc.conf

# this is important, otherwise running /etc/rc from cook will
# overwrite the IP address set in tinirc
step "Remove ifconfig_epair0b from config"
sysrc -cq ifconfig_epair0b && sysrc -x ifconfig_epair0b || true

step "Disable sendmail"
service sendmail onedisable

step "Create /usr/local/etc/rc.d"
mkdir -p /usr/local/etc/rc.d

# we need consul for consul agent
step "Install package consul"
pkg install -y consul

step "Install package nomad"
pkg install -y nomad

step "Install package sudo"
pkg install -y sudo

# we need vault for authentication and certificates
# not yet configured
step "Install package vault"
pkg install -y vault

step "Install package node_exporter"
pkg install -y node_exporter

step "Clean package installation"
pkg clean -y

# -------------- END PACKAGE SETUP -------------

#
# Create configurations
#

#
# Now generate the run command script "cook"
# It configures the system on the first run by creating the config file(s)
# On subsequent runs, it only starts sleeps (if nomad-jail) or simply exits
#

# clear any old cook runtime file
step "Remove pre-existing cook script (if any)"
rm -f /usr/local/bin/cook

# this runs when image boots

# ----------------- BEGIN COOK ------------------
step "Create cook script"
echo "#!/bin/sh
RUNS_IN_NOMAD=$RUNS_IN_NOMAD
# declare this again for the pot image, might work carrying variable through like
# with above
COOKLOG=/var/log/cook.log
# No need to change this, just ensures configuration is done only once
if [ -e /usr/local/etc/pot-is-seasoned ]
then
    # If this pot flavour is blocking (i.e. it should not return),
    # we block indefinitely
    if [ \"\$RUNS_IN_NOMAD\" = \"true\" ]
    then
        /bin/sh /etc/rc
        tail -f /dev/null
    fi
    exit 0
fi

# ADJUST THIS: STOP SERVICES AS NEEDED BEFORE CONFIGURATION
/usr/local/etc/rc.d/consul stop || true
/usr/local/etc/rc.d/nomad stop || true

# No need to adjust this:
# If this pot flavour is not blocking, we need to read the environment first from /tmp/environment.sh
# where pot is storing it in this case
if [ -e /tmp/environment.sh ]
then
    . /tmp/environment.sh
fi

#
# ADJUST THIS BY CHECKING FOR ALL VARIABLES YOUR FLAVOUR NEEDS:
# Check config variables are set
#
if [ -z \${DATACENTER+x} ];
then
    echo 'DATACENTER is unset - see documentation how to configure this flavour'
    exit 1
fi
if [ -z \${NODENAME+x} ];
then
    echo 'NODENAME is unset - see documentation how to configure this flavour'
    exit 1
fi
if [ -z \${IP+x} ];
then
    echo 'IP is unset - see documentation how to configure this flavour'
    exit 1
fi
if [ -z \${CONSULSERVERS+x} ];
then
    echo 'CONSULSERVERS is unset - you must include at least one consul server IP'
    exit 1
fi
if [ -z \${BOOTSTRAP+x} ];
then
    echo 'BOOTSTRAP is unset - see documentation how to configure this flavour, defaulting to 1'
    BOOTSTRAP=1
fi
# GOSSIPKEY is a 32 byte, Base64 encoded key generated with consul keygen for the consul flavour.
# Re-used for nomad, which is usually 16 byte key but supports 32 byte, Base64 encoded keys
# We'll re-use the one from the consul flavour
if [ -z \${GOSSIPKEY+x} ];
then
    echo 'GOSSIPKEY is unset - see documentation how to configure this flavour, defaulting to preset encrypt key. Do not use this in production!'
    GOSSIPKEY='BY+vavBUSEmNzmxxS3k3bmVFn1giS4uEudc774nBhIw='
fi
# NOMADKEY is a 32 byte, Base64 encoded key generated with 'openssl rand -base64 32'.
# 'nomad operator keygen' usually produces a 16 byte key but supports 32 byte, Base64 encoded keys
# We'll re-use the GOSSIPKEY variable consul but you can set own different key for nomad
if [ -z \${NOMADKEY+x} ];
then
    echo 'NOMADKEY is unset - see documentation how to configure this flavour, defaulting to preset encrypt key. Do not use this in production!'
    NOMADKEY=\$GOSSIPKEY
fi

# ADJUST THIS BELOW: NOW ALL THE CONFIGURATION FILES NEED TO BE CREATED:
# Don't forget to double(!)-escape quotes and dollar signs in the config files

# start consul #

# Create consul client config file, set the bootstrap_expect value to number
# of servers in the cluster, 1, 3 or 5

# first create configuration directory

# make consul configuration directory and set permissions
mkdir -p /usr/local/etc/consul.d
chmod 750 /usr/local/etc/consul.d

# Create the consul agent config file with imported variables
echo \"{
 \\\"advertise_addr\\\": \\\"\$IP\\\",
 \\\"datacenter\\\": \\\"\$DATACENTER\\\",
 \\\"node_name\\\": \\\"\$NODENAME\\\",
 \\\"data_dir\\\":  \\\"/var/db/consul\\\",
 \\\"dns_config\\\": {
  \\\"a_record_limit\\\": 3,
  \\\"enable_truncate\\\": true
 },
 \\\"log_file\\\": \\\"/var/log/consul/\\\",
 \\\"log_level\\\": \\\"WARN\\\",
 \\\"encrypt\\\": \\\"\$GOSSIPKEY\\\",
 \\\"start_join\\\": [ \$CONSULSERVERS ],
 \\\"service\\\": {
  \\\"address\\\": \\\"\$IP\\\",
  \\\"name\\\": \\\"node-exporter\\\",
  \\\"tags\\\": [\\\"_app=nomad-server\\\", \\\"_service=node-exporter\\\", \\\"_hostname=\$NODENAME\\\", \\\"_datacenter=\$DATACENTER\\\"],
  \\\"port\\\": 9100
 }
}\" > /usr/local/etc/consul.d/agent.json

# set owner and perms on agent.json
chown -R consul:wheel /usr/local/etc/consul.d
chmod 640 /usr/local/etc/consul.d/agent.json

# enable consul
sysrc consul_enable=\"YES\"

# set load parameter for consul config
sysrc consul_args=\"-config-file=/usr/local/etc/consul.d/agent.json\"
#sysrc consul_datadir=\"/var/db/consul\"

# Workaround for bug in rc.d/consul script:
#sysrc consul_group=\"wheel\"

# setup consul logs, might be redundant if not specified in agent.json above
mkdir -p /var/log/consul
touch /var/log/consul/consul.log
chown -R consul:wheel /var/log/consul

# add the consul user to the wheel group, this seems to be required for
# consul to start on this instance. May need to figure out why.
# I'm not entirely sure this is the correct way to do it
/usr/sbin/pw usermod consul -G wheel

# end consul #

# enable node_exporter service
sysrc node_exporter_enable=\"YES\"

# start nomad #

# Create nomad server config file
echo \"
bind_addr = \\\"\$IP\\\"
plugin_dir = \\\"/usr/local/libexec/nomad/plugins\\\"
datacenter = \\\"\$DATACENTER\\\"

advertise {
  # This should be the IP of THIS MACHINE and must be routable by every node
  # in your cluster
  http = \\\"\$IP:4646\\\"
}

server {
  enabled = true
  # set this to 3 or 5 for cluster setup
  bootstrap_expect = \\\"\$BOOTSTRAP\\\"
  # Encrypt gossip communication
  encrypt = \\\"\$NOMADKEY\\\"
}

consul {
  # The address to the local Consul agent.
  address = \\\"\$IP:8500\\\"
  # The service name to register the server and client with Consul.
  server_service_name = \\\"\$DATACENTER-server\\\"
  # Enables automatically registering the services.
  auto_advertise = true
  # Enabling the server and client to bootstrap using Consul.
  server_auto_join = true
}

enable_syslog=true
log_level=\\\"INFO\\\"
syslog_facility=\\\"LOCAL1\\\"\" > /usr/local/etc/nomad/server.hcl

# set the rc startup
sysrc nomad_enable=yes
echo \"nomad_args=\\\"-config=/usr/local/etc/nomad/server.hcl -network-interface=\$IP\\\"\" >> /etc/rc.conf

# ADJUST THIS: START THE SERVICES AGAIN AFTER CONFIGURATION

# start consul agent
/usr/local/etc/rc.d/consul start

# start nomad
/usr/local/etc/rc.d/nomad start

# start node_exporter
/usr/local/etc/rc.d/node_exporter start

# Do not touch this:
touch /usr/local/etc/pot-is-seasoned

# If this pot flavour is blocking (i.e. it should not return), there is no /tmp/environment.sh
# created by pot and we now after configuration block indefinitely
if [ \"\$RUNS_IN_NOMAD\" = \"true\" ]
then
    /bin/sh /etc/rc
    tail -f /dev/null
fi
" > /usr/local/bin/cook

# ----------------- END COOK ------------------


# ---------- NO NEED TO EDIT BELOW ------------

step "Make cook script executable"
if [ -e /usr/local/bin/cook ]
then
    echo "setting executable bit on /usr/local/bin/cook" | tee -a $COOKLOG
    chmod u+x /usr/local/bin/cook
else
    exit_error "there is no /usr/local/bin/cook to make executable"
fi

#
# There are two ways of running a pot jail: "Normal", non-blocking mode and
# "Nomad", i.e. blocking mode (the pot start command does not return until
# the jail is stopped).
# For the normal mode, we create a /usr/local/etc/rc.d script that starts
# the "cook" script generated above each time, for the "Nomad" mode, the cook
# script is started by pot (configuration through flavour file), therefore
# we do not need to do anything here.
#

# Create rc.d script for "normal" mode:
step "Create rc.d script to start cook"
echo "creating rc.d script to start cook" | tee -a $COOKLOG

echo "#!/bin/sh
#
# PROVIDE: cook
# REQUIRE: LOGIN
# KEYWORD: shutdown
#
. /etc/rc.subr
name=\"cook\"
rcvar=\"cook_enable\"
load_rc_config \$name
: \${cook_enable:=\"NO\"}
: \${cook_env:=\"\"}
command=\"/usr/local/bin/cook\"
command_args=\"\"
run_rc_command \"\$1\"
" > /usr/local/etc/rc.d/cook

step "Make rc.d script to start cook executable"
if [ -e /usr/local/etc/rc.d/cook ]
then
  echo "Setting executable bit on cook rc file" | tee -a $COOKLOG
  chmod u+x /usr/local/etc/rc.d/cook
else
  exit_error "/usr/local/etc/rc.d/cook does not exist"
fi

if [ "$RUNS_IN_NOMAD" != "true" ]
then
  step "Enable cook service"
  # This is a non-nomad (non-blocking) jail, so we need to make sure the script
  # gets started when the jail is started:
  # Otherwise, /usr/local/bin/cook will be set as start script by the pot flavour
  echo "enabling cook" | tee -a $COOKLOG
  service cook enable
fi

# -------------------- DONE ---------------
exit_ok

nomad-server/nomad-server+1:
nomad-server/nomad-server+1.sh:

nomad-server/nomad-server+2:
nomad-server/nomad-server+2.sh:

nomad-server/nomad-server+3:
nomad-server/nomad-server+3.sh:

nomad-server/nomad-server+4:
nomad-server/nomad-server+4.sh:
Password:===>  Creating a new pot
===>  pot name : nomad-server-amd64-13_0
===>  type : single
===>  base : 13.0
===>  pot_base :
===>  level : 0
===>  network-type : public-bridge
===>  network-stack: ipv4
===>  ip : 10.192.0.3
===>  bridge :
===>  dns : inherit
===>  flavours : fbsd-update nomad-server nomad-server+1 nomad-server+2 nomad-server+3 nomad-server+4
===>  Fetching FreeBSD 13.0
===>  Extract the tarball
=====>  Flavour: fbsd-update
=====>  Starting nomad-server-amd64-13_0 pot for the initial bootstrap
=====>  mount /mnt/data/pot/jails/nomad-server-amd64-13_0/m/tmp
defaultrouter: NO -> 10.192.0.1
===>  Starting the pot nomad-server-amd64-13_0
ELF ldconfig path: /lib /usr/lib /usr/lib/compat
32-bit compatibility ldconfig path: /usr/lib32
Starting Network: lo0 epair0b.
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
	options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
	inet6 ::1 prefixlen 128
	inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
	inet 127.0.0.1 netmask 0xff000000
	groups: lo
	nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
epair0b: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=8<VLAN_MTU>
	ether 02:3d:fa:7c:8a:0b
	inet 10.192.0.3 netmask 0xffc00000 broadcast 10.255.255.255
	groups: epair
	media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
	status: active
	nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
add host 127.0.0.1: gateway lo0 fib 0: route already in table
add net default: gateway 10.192.0.1
add host ::1: gateway lo0 fib 0: route already in table
add net fe80::: gateway ::1
add net ff02::: gateway ::1
add net ::ffff:0.0.0.0: gateway ::1
add net ::0.0.0.0: gateway ::1
Updating /var/run/os-release done.
Creating and/or trimming log files.
Clearing /tmp (X related).
Updating motd:.
Starting syslogd.
Starting sendmail_submit.
Starting sendmail_msp_queue.
Starting cron.

Fri Sep 10 21:14:59 UTC 2021
/usr/local/etc/pot/flavours/fbsd-update.sh -> /mnt/data/pot/jails/nomad-server-amd64-13_0/m/tmp/fbsd-update.sh
=====>  Executing fbsd-update script on nomad-server-amd64-13_0
src component not installed, skipped
Looking up update.FreeBSD.org mirrors... 2 mirrors found.
Fetching public key from update2.freebsd.org... done.
Fetching metadata signature for 13.0-RELEASE from update2.freebsd.org... done.
Fetching metadata index... done.
Fetching 2 metadata files... done.
Inspecting system... done.
Preparing to download files... done.
Fetching 24 patches.....10....20.. done.
Applying patches... done.
Fetching 6 files... ... done.
The following files will be added as part of updating to
13.0-RELEASE-p4:
/usr/include/c++/v1/barrier
/usr/include/c++/v1/concepts
/usr/include/c++/v1/execution
/usr/include/c++/v1/latch
/usr/include/c++/v1/numbers
/usr/include/c++/v1/semaphore
/usr/include/c++/v1/tr1/barrier
/usr/include/c++/v1/tr1/concepts
/usr/include/c++/v1/tr1/execution
/usr/include/c++/v1/tr1/latch
/usr/include/c++/v1/tr1/numbers
/usr/include/c++/v1/tr1/semaphore
The following files will be updated as part of updating to
13.0-RELEASE-p4:
/bin/freebsd-version
/lib/libcasper.so.1
/lib/libcrypto.so.111
/rescue/[
/rescue/bectl
/rescue/bsdlabel
/rescue/bunzip2
/rescue/bzcat
/rescue/bzip2
/rescue/camcontrol
/rescue/cat
/rescue/ccdconfig
/rescue/chflags
/rescue/chgrp
/rescue/chio
/rescue/chmod
/rescue/chown
/rescue/chroot
/rescue/clri
/rescue/cp
/rescue/csh
/rescue/date
/rescue/dd
/rescue/devfs
/rescue/df
/rescue/dhclient
/rescue/disklabel
/rescue/dmesg
/rescue/dump
/rescue/dumpfs
/rescue/dumpon
/rescue/echo
/rescue/ed
/rescue/ex
/rescue/expr
/rescue/fastboot
/rescue/fasthalt
/rescue/fdisk
/rescue/fsck
/rescue/fsck_4.2bsd
/rescue/fsck_ffs
/rescue/fsck_msdosfs
/rescue/fsck_ufs
/rescue/fsdb
/rescue/fsirand
/rescue/gbde
/rescue/geom
/rescue/getfacl
/rescue/glabel
/rescue/gpart
/rescue/groups
/rescue/gunzip
/rescue/gzcat
/rescue/gzip
/rescue/halt
/rescue/head
/rescue/hostname
/rescue/id
/rescue/ifconfig
/rescue/init
/rescue/ipf
/rescue/iscsictl
/rescue/iscsid
/rescue/kenv
/rescue/kill
/rescue/kldconfig
/rescue/kldload
/rescue/kldstat
/rescue/kldunload
/rescue/ldconfig
/rescue/less
/rescue/link
/rescue/ln
/rescue/ls
/rescue/lzcat
/rescue/lzma
/rescue/md5
/rescue/mdconfig
/rescue/mdmfs
/rescue/mkdir
/rescue/mknod
/rescue/more
/rescue/mount
/rescue/mount_cd9660
/rescue/mount_msdosfs
/rescue/mount_nfs
/rescue/mount_nullfs
/rescue/mount_udf
/rescue/mount_unionfs
/rescue/mt
/rescue/mv
/rescue/nc
/rescue/newfs
/rescue/newfs_msdos
/rescue/nos-tun
/rescue/pgrep
/rescue/ping
/rescue/ping6
/rescue/pkill
/rescue/poweroff
/rescue/ps
/rescue/pwd
/rescue/rcorder
/rescue/rdump
/rescue/realpath
/rescue/reboot
/rescue/red
/rescue/rescue
/rescue/restore
/rescue/rm
/rescue/rmdir
/rescue/route
/rescue/routed
/rescue/rrestore
/rescue/rtquery
/rescue/rtsol
/rescue/savecore
/rescue/sed
/rescue/setfacl
/rescue/sh
/rescue/shutdown
/rescue/sleep
/rescue/spppcontrol
/rescue/stty
/rescue/swapon
/rescue/sync
/rescue/sysctl
/rescue/tail
/rescue/tar
/rescue/tcsh
/rescue/tee
/rescue/test
/rescue/tunefs
/rescue/umount
/rescue/unlink
/rescue/unlzma
/rescue/unxz
/rescue/unzstd
/rescue/vi
/rescue/whoami
/rescue/xz
/rescue/xzcat
/rescue/zcat
/rescue/zdb
/rescue/zfs
/rescue/zpool
/rescue/zstd
/rescue/zstdcat
/rescue/zstdmt
/sbin/ggatec
/usr/bin/bc
/usr/bin/dc
/usr/bin/openssl
/usr/include/openssl/opensslv.h
/usr/lib/libcrypto.a
/usr/lib/libcrypto_p.a
/usr/lib/libfetch.a
/usr/lib/libfetch.so.6
/usr/lib/libfetch_p.a
/usr/lib/libradius.a
/usr/lib/libradius.so.4
/usr/lib/libradius_p.a
/usr/lib/libssl.a
/usr/lib/libssl.so.111
/usr/lib/libssl_p.a
/usr/sbin/bhyve
/usr/sbin/hostapd
/usr/sbin/ntp-keygen
/usr/sbin/wpa_cli
/usr/sbin/wpa_supplicant
Installing updates...Scanning //usr/share/certs/blacklisted for certificates...
Scanning //usr/share/certs/trusted for certificates...
 done.
=====>  Stop the pot nomad-server-amd64-13_0
=====>  Remove epair0[a|b] network interfaces
=====>  unmount /mnt/data/pot/jails/nomad-server-amd64-13_0/m/tmp
=====>  unmount /mnt/data/pot/jails/nomad-server-amd64-13_0/m/dev
=====>  Flavour: nomad-server
=====>  Executing nomad-server pot commands on nomad-server-amd64-13_0
###>  Flavor nomad-server: line not valid - ignoring
=====>  Starting nomad-server-amd64-13_0 pot for the initial bootstrap
=====>  mount /mnt/data/pot/jails/nomad-server-amd64-13_0/m/tmp
defaultrouter: 10.192.0.1 -> 10.192.0.1
===>  Starting the pot nomad-server-amd64-13_0
ELF ldconfig path: /lib /usr/lib /usr/lib/compat
32-bit compatibility ldconfig path: /usr/lib32
Starting Network: lo0 epair0b.
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
	options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
	inet6 ::1 prefixlen 128
	inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
	inet 127.0.0.1 netmask 0xff000000
	groups: lo
	nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
epair0b: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=8<VLAN_MTU>
	ether 02:93:e1:60:8f:0b
	inet 10.192.0.3 netmask 0xffc00000 broadcast 10.255.255.255
	groups: epair
	media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
	status: active
	nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
add host 127.0.0.1: gateway lo0 fib 0: route already in table
add net default: gateway 10.192.0.1
add host ::1: gateway lo0 fib 0: route already in table
add net fe80::: gateway ::1
add net ff02::: gateway ::1
add net ::ffff:0.0.0.0: gateway ::1
add net ::0.0.0.0: gateway ::1
Updating /var/run/os-release done.
Creating and/or trimming log files.
Clearing /tmp (X related).
Updating motd:.
Starting syslogd.
Starting sendmail_submit.
Starting sendmail_msp_queue.
Starting cron.

Fri Sep 10 21:15:49 UTC 2021
/usr/local/etc/pot/flavours/nomad-server.sh -> /mnt/data/pot/jails/nomad-server-amd64-13_0/m/tmp/nomad-server.sh
=====>  Executing nomad-server script on nomad-server-amd64-13_0
Creating /var/log/cook.log
Step 1: Bootstrap package repo
[nomad-server-amd64-13_0.vsf00001.cpt.za.honeyguide.net] Installing pkg-1.16.3...
[nomad-server-amd64-13_0.vsf00001.cpt.za.honeyguide.net] Extracting pkg-1.16.3: .......... done
Bootstrapping pkg from pkg+http://pkg.FreeBSD.org/FreeBSD:13:amd64/quarterly, please wait...
Step 2: Touch /etc/rc.conf
Step 3: Remove ifconfig_epair0b from config
Step 4: Disable sendmail
sendmail disabled in /etc/rc.conf
sendmail_submit disabled in /etc/rc.conf
sendmail_msp_queue disabled in /etc/rc.conf
Step 5: Create /usr/local/etc/rc.d
Step 6: Install package consul
Updating FreeBSD repository catalogue...
[nomad-server-amd64-13_0.vsf00001.cpt.za.honeyguide.net] Fetching meta.conf: . done
[nomad-server-amd64-13_0.vsf00001.cpt.za.honeyguide.net] Fetching packagesite.txz: .......... done
Processing entries: .......... done
FreeBSD repository update completed. 30745 packages processed.
All repositories are up to date.
Updating database digests format: . done
The following 1 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
	consul: 1.9.5

Number of packages to be installed: 1

The process will require 78 MiB more space.
27 MiB to be downloaded.
[nomad-server-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [1/1] Fetching consul-1.9.5.txz: .......... done
Checking integrity... done (0 conflicting)
[nomad-server-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [1/1] Installing consul-1.9.5...
===> Creating groups.
Creating group 'consul' with gid '469'.
===> Creating users
Creating user 'consul' with uid '469'.
===> Creating homedir(s)
[nomad-server-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [1/1] Extracting consul-1.9.5: ..... done
Step 7: Install package nomad
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 1 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
	nomad: 1.1.0

Number of packages to be installed: 1

The process will require 55 MiB more space.
12 MiB to be downloaded.
[nomad-server-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [1/1] Fetching nomad-1.1.0.txz: .......... done
Checking integrity... done (0 conflicting)
[nomad-server-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [1/1] Installing nomad-1.1.0...
===> Creating groups.
Creating group 'nomad' with gid '472'.
===> Creating users
Creating user 'nomad' with uid '472'.
===> Creating homedir(s)
[nomad-server-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [1/1] Extracting nomad-1.1.0: ....... done
Step 8: Install package sudo
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 3 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
	gettext-runtime: 0.21
	indexinfo: 0.3.1
	sudo: 1.9.7p1

Number of packages to be installed: 3

The process will require 7 MiB more space.
2 MiB to be downloaded.
[nomad-server-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [1/3] Fetching sudo-1.9.7p1.txz: .......... done
[nomad-server-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [2/3] Fetching gettext-runtime-0.21.txz: .......... done
[nomad-server-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [3/3] Fetching indexinfo-0.3.1.txz: . done
Checking integrity... done (0 conflicting)
[nomad-server-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [1/3] Installing indexinfo-0.3.1...
[nomad-server-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [1/3] Extracting indexinfo-0.3.1: .... done
[nomad-server-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [2/3] Installing gettext-runtime-0.21...
[nomad-server-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [2/3] Extracting gettext-runtime-0.21: .......... done
[nomad-server-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [3/3] Installing sudo-1.9.7p1...
[nomad-server-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [3/3] Extracting sudo-1.9.7p1: .......... done
Step 9: Install package vault
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 1 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
	vault: 1.7.3

Number of packages to be installed: 1

The process will require 149 MiB more space.
49 MiB to be downloaded.
[nomad-server-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [1/1] Fetching vault-1.7.3.txz: .......... done
Checking integrity... done (0 conflicting)
[nomad-server-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [1/1] Installing vault-1.7.3...
===> Creating groups.
Creating group 'vault' with gid '471'.
===> Creating users
Creating user 'vault' with uid '471'.
[nomad-server-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [1/1] Extracting vault-1.7.3: ..... done
=====
Message from vault-1.7.3:

--
The vault user created by the vault package is now a member of the daemon
class, which will allow it to use mlock() when started by the rc script. This
will not be reflected in systems where the user already exists. Please add the
vault user to the daemon class manually by running:

pw usermod -L daemon -n vault

or delete the user and reinstall the package.

You may also need to increase memorylocked for the daemon class in
/etc/login.conf to 1024M or more and run:

cap_mkdb /etc/login.conf

Or to disable mlock, add:

disable_mlock = 1

to /usr/local/etc/vault.hcl
Step 10: Install package node_exporter
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 1 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
	node_exporter: 1.1.2

Number of packages to be installed: 1

The process will require 11 MiB more space.
3 MiB to be downloaded.
[nomad-server-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [1/1] Fetching node_exporter-1.1.2.txz: .......... done
Checking integrity... done (0 conflicting)
[nomad-server-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [1/1] Installing node_exporter-1.1.2...
[nomad-server-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [1/1] Extracting node_exporter-1.1.2: .......... done
=====
Message from node_exporter-1.1.2:

--
If upgrading from a version of node_exporter <0.15.0 you'll need to update any
custom command line flags that you may have set as it now requires a
double-dash (--flag) instead of a single dash (-flag).
The collector flags in 0.15.0 have now been replaced with individual boolean
flags and the -collector.procfs` and -collector.sysfs` flags have been renamed
to --path.procfs and --path.sysfs respectively.
Step 11: Clean package installation
The following package files will be deleted:
	/var/cache/pkg/consul-1.9.5~19366b72a6.txz
	/var/cache/pkg/nomad-1.1.0.txz
	/var/cache/pkg/indexinfo-0.3.1.txz
	/var/cache/pkg/indexinfo-0.3.1~222426c854.txz
	/var/cache/pkg/sudo-1.9.7p1.txz
	/var/cache/pkg/node_exporter-1.1.2.txz
	/var/cache/pkg/consul-1.9.5.txz
	/var/cache/pkg/sudo-1.9.7p1~8ae5eb61e5.txz
	/var/cache/pkg/gettext-runtime-0.21.txz
	/var/cache/pkg/vault-1.7.3~f9c3f37002.txz
	/var/cache/pkg/node_exporter-1.1.2~ee4b6a019c.txz
	/var/cache/pkg/gettext-runtime-0.21~e9d9b87fa7.txz
	/var/cache/pkg/nomad-1.1.0~96b21d9d2e.txz
	/var/cache/pkg/vault-1.7.3.txz
The cleanup will free 92 MiB
Deleting files: .......... done
All done
Step 12: Remove pre-existing cook script (if any)
Step 13: Create cook script
Step 14: Make cook script executable
setting executable bit on /usr/local/bin/cook
Step 15: Create rc.d script to start cook
creating rc.d script to start cook
Step 16: Make rc.d script to start cook executable
Setting executable bit on cook rc file
Step 17: Enable cook service
enabling cook
cook enabled in /etc/rc.conf
=====>  Stop the pot nomad-server-amd64-13_0
=====>  Remove epair0[a|b] network interfaces
=====>  unmount /mnt/data/pot/jails/nomad-server-amd64-13_0/m/tmp
=====>  unmount /mnt/data/pot/jails/nomad-server-amd64-13_0/m/dev
=====>  Flavour: nomad-server+1
=====>  Executing nomad-server+1 pot commands on nomad-server-amd64-13_0
=====>  No shell script available for the flavour nomad-server+1
=====>  Flavour: nomad-server+2
=====>  Executing nomad-server+2 pot commands on nomad-server-amd64-13_0
=====>  No shell script available for the flavour nomad-server+2
=====>  Flavour: nomad-server+3
=====>  Executing nomad-server+3 pot commands on nomad-server-amd64-13_0
=====>  No shell script available for the flavour nomad-server+3
=====>  Flavour: nomad-server+4
=====>  Executing nomad-server+4 pot commands on nomad-server-amd64-13_0
=====>  No shell script available for the flavour nomad-server+4

nomad-server-amd64-12_2_2.0.6:


nomad-server/nomad-server:

nomad-server/nomad-server.sh:
#!/bin/sh

# Based on POTLUCK TEMPLATE v3.0
# Altered by Michael Gmelin
#
# EDIT THE FOLLOWING FOR NEW FLAVOUR:
# 1. RUNS_IN_NOMAD - true or false
# 2. If RUNS_IN_NOMAD is false, can delete the <flavour>+4 file, else
#    make sure pot create command doesn't include it
# 3. Create a matching <flavour> file with this <flavour>.sh file that
#    contains the copy-in commands for the config files from <flavour>.d/
#    Remember that the package directories don't exist yet, so likely copy
#    to /root
# 4. Adjust package installation between BEGIN & END PACKAGE SETUP
# 5. Adjust jail configuration script generation between BEGIN & END COOK
#    Configure the config files that have been copied in where necessary

# Set this to true if this jail flavour is to be created as a nomad (i.e. blocking) jail.
# You can then query it in the cook script generation below and the script is installed
# appropriately at the end of this script
RUNS_IN_NOMAD=false

# set the cook log path/filename
COOKLOG=/var/log/cook.log

# check if cooklog exists, create it if not
if [ ! -e $COOKLOG ]
then
    echo "Creating $COOKLOG" | tee -a $COOKLOG
else
    echo "WARNING $COOKLOG already exists"  | tee -a $COOKLOG
fi
date >> $COOKLOG

# -------------------- COMMON ---------------

STEPCOUNT=0
step() {
  STEPCOUNT=$(expr "$STEPCOUNT" + 1)
  STEP="$@"
  echo "Step $STEPCOUNT: $STEP" | tee -a $COOKLOG
}

exit_ok() {
  trap - EXIT
  exit 0
}

FAILED=" failed"
exit_error() {
  STEP="$@"
  FAILED=""
  exit 1
}

set -e
trap 'echo ERROR: $STEP$FAILED | (>&2 tee -a $COOKLOG)' EXIT

# -------------- BEGIN PACKAGE SETUP -------------

step "Bootstrap package repo"
mkdir -p /usr/local/etc/pkg/repos
echo 'FreeBSD: { url: "pkg+http://pkg.FreeBSD.org/${ABI}/quarterly" }' \
  >/usr/local/etc/pkg/repos/FreeBSD.conf
ASSUME_ALWAYS_YES=yes pkg bootstrap

step "Touch /etc/rc.conf"
touch /etc/rc.conf

# this is important, otherwise running /etc/rc from cook will
# overwrite the IP address set in tinirc
step "Remove ifconfig_epair0b from config"
sysrc -cq ifconfig_epair0b && sysrc -x ifconfig_epair0b || true

step "Disable sendmail"
service sendmail onedisable

step "Create /usr/local/etc/rc.d"
mkdir -p /usr/local/etc/rc.d

# we need consul for consul agent
step "Install package consul"
pkg install -y consul

step "Install package nomad"
pkg install -y nomad

step "Install package sudo"
pkg install -y sudo

# we need vault for authentication and certificates
# not yet configured
step "Install package vault"
pkg install -y vault

step "Install package node_exporter"
pkg install -y node_exporter

step "Clean package installation"
pkg clean -y

# -------------- END PACKAGE SETUP -------------

#
# Create configurations
#

#
# Now generate the run command script "cook"
# It configures the system on the first run by creating the config file(s)
# On subsequent runs, it only starts sleeps (if nomad-jail) or simply exits
#

# clear any old cook runtime file
step "Remove pre-existing cook script (if any)"
rm -f /usr/local/bin/cook

# this runs when image boots

# ----------------- BEGIN COOK ------------------
step "Create cook script"
echo "#!/bin/sh
RUNS_IN_NOMAD=$RUNS_IN_NOMAD
# declare this again for the pot image, might work carrying variable through like
# with above
COOKLOG=/var/log/cook.log
# No need to change this, just ensures configuration is done only once
if [ -e /usr/local/etc/pot-is-seasoned ]
then
    # If this pot flavour is blocking (i.e. it should not return),
    # we block indefinitely
    if [ \"\$RUNS_IN_NOMAD\" = \"true\" ]
    then
        /bin/sh /etc/rc
        tail -f /dev/null
    fi
    exit 0
fi

# ADJUST THIS: STOP SERVICES AS NEEDED BEFORE CONFIGURATION
/usr/local/etc/rc.d/consul stop || true
/usr/local/etc/rc.d/nomad stop || true

# No need to adjust this:
# If this pot flavour is not blocking, we need to read the environment first from /tmp/environment.sh
# where pot is storing it in this case
if [ -e /tmp/environment.sh ]
then
    . /tmp/environment.sh
fi

#
# ADJUST THIS BY CHECKING FOR ALL VARIABLES YOUR FLAVOUR NEEDS:
# Check config variables are set
#
if [ -z \${DATACENTER+x} ];
then
    echo 'DATACENTER is unset - see documentation how to configure this flavour'
    exit 1
fi
if [ -z \${NODENAME+x} ];
then
    echo 'NODENAME is unset - see documentation how to configure this flavour'
    exit 1
fi
if [ -z \${IP+x} ];
then
    echo 'IP is unset - see documentation how to configure this flavour'
    exit 1
fi
if [ -z \${CONSULSERVERS+x} ];
then
    echo 'CONSULSERVERS is unset - you must include at least one consul server IP'
    exit 1
fi
if [ -z \${BOOTSTRAP+x} ];
then
    echo 'BOOTSTRAP is unset - see documentation how to configure this flavour, defaulting to 1'
    BOOTSTRAP=1
fi
# GOSSIPKEY is a 32 byte, Base64 encoded key generated with consul keygen for the consul flavour.
# Re-used for nomad, which is usually 16 byte key but supports 32 byte, Base64 encoded keys
# We'll re-use the one from the consul flavour
if [ -z \${GOSSIPKEY+x} ];
then
    echo 'GOSSIPKEY is unset - see documentation how to configure this flavour, defaulting to preset encrypt key. Do not use this in production!'
    GOSSIPKEY='BY+vavBUSEmNzmxxS3k3bmVFn1giS4uEudc774nBhIw='
fi
# NOMADKEY is a 32 byte, Base64 encoded key generated with 'openssl rand -base64 32'.
# 'nomad operator keygen' usually produces a 16 byte key but supports 32 byte, Base64 encoded keys
# We'll re-use the GOSSIPKEY variable consul but you can set own different key for nomad
if [ -z \${NOMADKEY+x} ];
then
    echo 'NOMADKEY is unset - see documentation how to configure this flavour, defaulting to preset encrypt key. Do not use this in production!'
    NOMADKEY=\$GOSSIPKEY
fi

# ADJUST THIS BELOW: NOW ALL THE CONFIGURATION FILES NEED TO BE CREATED:
# Don't forget to double(!)-escape quotes and dollar signs in the config files

# start consul #

# Create consul client config file, set the bootstrap_expect value to number
# of servers in the cluster, 1, 3 or 5

# first create configuration directory

# make consul configuration directory and set permissions
mkdir -p /usr/local/etc/consul.d
chmod 750 /usr/local/etc/consul.d

# Create the consul agent config file with imported variables
echo \"{
 \\\"advertise_addr\\\": \\\"\$IP\\\",
 \\\"datacenter\\\": \\\"\$DATACENTER\\\",
 \\\"node_name\\\": \\\"\$NODENAME\\\",
 \\\"data_dir\\\":  \\\"/var/db/consul\\\",
 \\\"dns_config\\\": {
  \\\"a_record_limit\\\": 3,
  \\\"enable_truncate\\\": true
 },
 \\\"log_file\\\": \\\"/var/log/consul/\\\",
 \\\"log_level\\\": \\\"WARN\\\",
 \\\"encrypt\\\": \\\"\$GOSSIPKEY\\\",
 \\\"start_join\\\": [ \$CONSULSERVERS ],
 \\\"service\\\": {
  \\\"address\\\": \\\"\$IP\\\",
  \\\"name\\\": \\\"node-exporter\\\",
  \\\"tags\\\": [\\\"_app=nomad-server\\\", \\\"_service=node-exporter\\\", \\\"_hostname=\$NODENAME\\\", \\\"_datacenter=\$DATACENTER\\\"],
  \\\"port\\\": 9100
 }
}\" > /usr/local/etc/consul.d/agent.json

# set owner and perms on agent.json
chown -R consul:wheel /usr/local/etc/consul.d
chmod 640 /usr/local/etc/consul.d/agent.json

# enable consul
sysrc consul_enable=\"YES\"

# set load parameter for consul config
sysrc consul_args=\"-config-file=/usr/local/etc/consul.d/agent.json\"
#sysrc consul_datadir=\"/var/db/consul\"

# Workaround for bug in rc.d/consul script:
#sysrc consul_group=\"wheel\"

# setup consul logs, might be redundant if not specified in agent.json above
mkdir -p /var/log/consul
touch /var/log/consul/consul.log
chown -R consul:wheel /var/log/consul

# add the consul user to the wheel group, this seems to be required for
# consul to start on this instance. May need to figure out why.
# I'm not entirely sure this is the correct way to do it
/usr/sbin/pw usermod consul -G wheel

# end consul #

# enable node_exporter service
sysrc node_exporter_enable=\"YES\"

# start nomad #

# Create nomad server config file
echo \"
bind_addr = \\\"\$IP\\\"
plugin_dir = \\\"/usr/local/libexec/nomad/plugins\\\"
datacenter = \\\"\$DATACENTER\\\"

advertise {
  # This should be the IP of THIS MACHINE and must be routable by every node
  # in your cluster
  http = \\\"\$IP:4646\\\"
}

server {
  enabled = true
  # set this to 3 or 5 for cluster setup
  bootstrap_expect = \\\"\$BOOTSTRAP\\\"
  # Encrypt gossip communication
  encrypt = \\\"\$NOMADKEY\\\"
}

consul {
  # The address to the local Consul agent.
  address = \\\"\$IP:8500\\\"
  # The service name to register the server and client with Consul.
  server_service_name = \\\"\$DATACENTER-server\\\"
  # Enables automatically registering the services.
  auto_advertise = true
  # Enabling the server and client to bootstrap using Consul.
  server_auto_join = true
}

enable_syslog=true
log_level=\\\"INFO\\\"
syslog_facility=\\\"LOCAL1\\\"\" > /usr/local/etc/nomad/server.hcl

# set the rc startup
sysrc nomad_enable=yes
echo \"nomad_args=\\\"-config=/usr/local/etc/nomad/server.hcl -network-interface=\$IP\\\"\" >> /etc/rc.conf

# ADJUST THIS: START THE SERVICES AGAIN AFTER CONFIGURATION

# start consul agent
/usr/local/etc/rc.d/consul start

# start nomad
/usr/local/etc/rc.d/nomad start

# start node_exporter
/usr/local/etc/rc.d/node_exporter start

# Do not touch this:
touch /usr/local/etc/pot-is-seasoned

# If this pot flavour is blocking (i.e. it should not return), there is no /tmp/environment.sh
# created by pot and we now after configuration block indefinitely
if [ \"\$RUNS_IN_NOMAD\" = \"true\" ]
then
    /bin/sh /etc/rc
    tail -f /dev/null
fi
" > /usr/local/bin/cook

# ----------------- END COOK ------------------


# ---------- NO NEED TO EDIT BELOW ------------

step "Make cook script executable"
if [ -e /usr/local/bin/cook ]
then
    echo "setting executable bit on /usr/local/bin/cook" | tee -a $COOKLOG
    chmod u+x /usr/local/bin/cook
else
    exit_error "there is no /usr/local/bin/cook to make executable"
fi

#
# There are two ways of running a pot jail: "Normal", non-blocking mode and
# "Nomad", i.e. blocking mode (the pot start command does not return until
# the jail is stopped).
# For the normal mode, we create a /usr/local/etc/rc.d script that starts
# the "cook" script generated above each time, for the "Nomad" mode, the cook
# script is started by pot (configuration through flavour file), therefore
# we do not need to do anything here.
#

# Create rc.d script for "normal" mode:
step "Create rc.d script to start cook"
echo "creating rc.d script to start cook" | tee -a $COOKLOG

echo "#!/bin/sh
#
# PROVIDE: cook
# REQUIRE: LOGIN
# KEYWORD: shutdown
#
. /etc/rc.subr
name=\"cook\"
rcvar=\"cook_enable\"
load_rc_config \$name
: \${cook_enable:=\"NO\"}
: \${cook_env:=\"\"}
command=\"/usr/local/bin/cook\"
command_args=\"\"
run_rc_command \"\$1\"
" > /usr/local/etc/rc.d/cook

step "Make rc.d script to start cook executable"
if [ -e /usr/local/etc/rc.d/cook ]
then
  echo "Setting executable bit on cook rc file" | tee -a $COOKLOG
  chmod u+x /usr/local/etc/rc.d/cook
else
  exit_error "/usr/local/etc/rc.d/cook does not exist"
fi

if [ "$RUNS_IN_NOMAD" != "true" ]
then
  step "Enable cook service"
  # This is a non-nomad (non-blocking) jail, so we need to make sure the script
  # gets started when the jail is started:
  # Otherwise, /usr/local/bin/cook will be set as start script by the pot flavour
  echo "enabling cook" | tee -a $COOKLOG
  service cook enable
fi

# -------------------- DONE ---------------
exit_ok

nomad-server/nomad-server+1:
nomad-server/nomad-server+1.sh:

nomad-server/nomad-server+2:
nomad-server/nomad-server+2.sh:

nomad-server/nomad-server+3:
nomad-server/nomad-server+3.sh:

nomad-server/nomad-server+4:
nomad-server/nomad-server+4.sh:
Password:===>  Creating a new pot
===>  pot name : nomad-server-amd64-12_2
===>  type : single
===>  base : 12.2
===>  pot_base :
===>  level : 0
===>  network-type : public-bridge
===>  network-stack: ipv4
===>  ip : 10.192.0.4
===>  bridge :
===>  dns : inherit
===>  flavours : fbsd-update nomad-server nomad-server+1 nomad-server+2 nomad-server+3 nomad-server+4
===>  Fetching FreeBSD 12.2
===>  Extract the tarball
=====>  Flavour: fbsd-update
=====>  Starting nomad-server-amd64-12_2 pot for the initial bootstrap
=====>  mount /mnt/data/pot/jails/nomad-server-amd64-12_2/m/tmp
defaultrouter: NO -> 10.192.0.1
===>  Starting the pot nomad-server-amd64-12_2
ELF ldconfig path: /lib /usr/lib /usr/lib/compat
32-bit compatibility ldconfig path: /usr/lib32
Starting Network: lo0 epair0b.
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
	options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
	inet6 ::1 prefixlen 128
	inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
	inet 127.0.0.1 netmask 0xff000000
	groups: lo
	nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
epair0b: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=8<VLAN_MTU>
	ether 02:08:98:a5:ad:0b
	inet 10.192.0.4 netmask 0xffc00000 broadcast 10.255.255.255
	groups: epair
	media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
	status: active
	nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
add host 127.0.0.1: gateway lo0 fib 0: route already in table
add net default: gateway 10.192.0.1
add host ::1: gateway lo0 fib 0: route already in table
add net fe80::: gateway ::1
add net ff02::: gateway ::1
add net ::ffff:0.0.0.0: gateway ::1
add net ::0.0.0.0: gateway ::1
Generating host.conf.
Creating and/or trimming log files.
Starting syslogd.
Clearing /tmp (X related).
Updating motd:.
Updating /var/run/os-release done.
Starting sendmail_submit.
Starting sendmail_msp_queue.
Starting cron.

Fri Sep 10 21:21:32 UTC 2021
/usr/local/etc/pot/flavours/fbsd-update.sh -> /mnt/data/pot/jails/nomad-server-amd64-12_2/m/tmp/fbsd-update.sh
=====>  Executing fbsd-update script on nomad-server-amd64-12_2
src component not installed, skipped
Looking up update.FreeBSD.org mirrors... 2 mirrors found.
Fetching public key from update1.freebsd.org... done.
Fetching metadata signature for 12.2-RELEASE from update1.freebsd.org... done.
Fetching metadata index... done.
Fetching 2 metadata files... done.
Inspecting system... done.
Preparing to download files... done.
Fetching 88 patches.....10....20....30....40....50....60....70....80.... done.
Applying patches... done.
Fetching 1 files...  done.
The following files will be removed as part of updating to
12.2-RELEASE-p10:
/etc/ssl/certs/2c543cd1.0
/etc/ssl/certs/2e4eed3c.0
/etc/ssl/certs/480720ec.0
/etc/ssl/certs/7d0b38bd.0
/etc/ssl/certs/8867006a.0
/etc/ssl/certs/ad088e1d.0
/etc/ssl/certs/b204d74a.0
/etc/ssl/certs/ba89ed3b.0
/etc/ssl/certs/c089bbbd.0
/etc/ssl/certs/e2799e36.0
/usr/share/certs/trusted/GeoTrust_Global_CA.pem
/usr/share/certs/trusted/GeoTrust_Primary_Certification_Authority.pem
/usr/share/certs/trusted/GeoTrust_Primary_Certification_Authority_-_G3.pem
/usr/share/certs/trusted/GeoTrust_Universal_CA.pem
/usr/share/certs/trusted/GeoTrust_Universal_CA_2.pem
/usr/share/certs/trusted/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G4.pem
/usr/share/certs/trusted/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.pem
/usr/share/certs/trusted/thawte_Primary_Root_CA.pem
/usr/share/certs/trusted/thawte_Primary_Root_CA_-_G2.pem
/usr/share/certs/trusted/thawte_Primary_Root_CA_-_G3.pem
The following files will be added as part of updating to
12.2-RELEASE-p10:
/etc/ssl/blacklisted/2c543cd1.0
/etc/ssl/blacklisted/2e4eed3c.0
/etc/ssl/blacklisted/480720ec.0
/etc/ssl/blacklisted/7d0b38bd.0
/etc/ssl/blacklisted/8867006a.0
/etc/ssl/blacklisted/ad088e1d.0
/etc/ssl/blacklisted/b204d74a.0
/etc/ssl/blacklisted/ba89ed3b.0
/etc/ssl/blacklisted/c089bbbd.0
/etc/ssl/blacklisted/e2799e36.0
/etc/ssl/certs/3fb36b73.0
/usr/share/certs/blacklisted/GeoTrust_Global_CA.pem
/usr/share/certs/blacklisted/GeoTrust_Primary_Certification_Authority.pem
/usr/share/certs/blacklisted/GeoTrust_Primary_Certification_Authority_-_G3.pem
/usr/share/certs/blacklisted/GeoTrust_Universal_CA.pem
/usr/share/certs/blacklisted/GeoTrust_Universal_CA_2.pem
/usr/share/certs/blacklisted/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G4.pem
/usr/share/certs/blacklisted/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.pem
/usr/share/certs/blacklisted/thawte_Primary_Root_CA.pem
/usr/share/certs/blacklisted/thawte_Primary_Root_CA_-_G2.pem
/usr/share/certs/blacklisted/thawte_Primary_Root_CA_-_G3.pem
/usr/share/certs/trusted/NAVER_Global_Root_Certification_Authority.pem
The following files will be updated as part of updating to
12.2-RELEASE-p10:
/bin/freebsd-version
/lib/libcasper.so.1
/lib/libcrypto.so.111
/lib/libzfs.so.3
/lib/libzfs_core.so.2
/lib/libzpool.so.2
/rescue/[
/rescue/bectl
/rescue/bsdlabel
/rescue/bunzip2
/rescue/bzcat
/rescue/bzip2
/rescue/camcontrol
/rescue/cat
/rescue/ccdconfig
/rescue/chflags
/rescue/chgrp
/rescue/chio
/rescue/chmod
/rescue/chown
/rescue/chroot
/rescue/clri
/rescue/cp
/rescue/csh
/rescue/date
/rescue/dd
/rescue/devfs
/rescue/df
/rescue/dhclient
/rescue/disklabel
/rescue/dmesg
/rescue/dump
/rescue/dumpfs
/rescue/dumpon
/rescue/echo
/rescue/ed
/rescue/ex
/rescue/expr
/rescue/fastboot
/rescue/fasthalt
/rescue/fdisk
/rescue/fsck
/rescue/fsck_4.2bsd
/rescue/fsck_ffs
/rescue/fsck_msdosfs
/rescue/fsck_ufs
/rescue/fsdb
/rescue/fsirand
/rescue/gbde
/rescue/geom
/rescue/getfacl
/rescue/glabel
/rescue/gpart
/rescue/groups
/rescue/gunzip
/rescue/gzcat
/rescue/gzip
/rescue/halt
/rescue/head
/rescue/hostname
/rescue/id
/rescue/ifconfig
/rescue/init
/rescue/ipf
/rescue/iscsictl
/rescue/iscsid
/rescue/kenv
/rescue/kill
/rescue/kldconfig
/rescue/kldload
/rescue/kldstat
/rescue/kldunload
/rescue/ldconfig
/rescue/less
/rescue/link
/rescue/ln
/rescue/ls
/rescue/lzcat
/rescue/lzma
/rescue/md5
/rescue/mdconfig
/rescue/mdmfs
/rescue/mkdir
/rescue/mknod
/rescue/more
/rescue/mount
/rescue/mount_cd9660
/rescue/mount_msdosfs
/rescue/mount_nfs
/rescue/mount_nullfs
/rescue/mount_udf
/rescue/mount_unionfs
/rescue/mt
/rescue/mv
/rescue/nc
/rescue/newfs
/rescue/newfs_msdos
/rescue/nos-tun
/rescue/pgrep
/rescue/ping
/rescue/ping6
/rescue/pkill
/rescue/poweroff
/rescue/ps
/rescue/pwd
/rescue/rcorder
/rescue/rdump
/rescue/realpath
/rescue/reboot
/rescue/red
/rescue/rescue
/rescue/restore
/rescue/rm
/rescue/rmdir
/rescue/route
/rescue/routed
/rescue/rrestore
/rescue/rtquery
/rescue/rtsol
/rescue/savecore
/rescue/sed
/rescue/setfacl
/rescue/sh
/rescue/shutdown
/rescue/sleep
/rescue/spppcontrol
/rescue/stty
/rescue/swapon
/rescue/sync
/rescue/sysctl
/rescue/tail
/rescue/tar
/rescue/tcsh
/rescue/tee
/rescue/test
/rescue/tunefs
/rescue/umount
/rescue/unlink
/rescue/unlzma
/rescue/unxz
/rescue/unzstd
/rescue/vi
/rescue/whoami
/rescue/xz
/rescue/xzcat
/rescue/zcat
/rescue/zdb
/rescue/zfs
/rescue/zpool
/rescue/zstd
/rescue/zstdcat
/rescue/zstdmt
/sbin/ggatec
/sbin/ipfw
/sbin/rtsol
/sbin/zpool
/usr/bin/lldb
/usr/bin/openssl
/usr/bin/zinject
/usr/bin/ztest
/usr/include/net/if_var.h
/usr/include/openssl/asn1err.h
/usr/include/openssl/evperr.h
/usr/include/openssl/opensslv.h
/usr/include/sys/filedesc.h
/usr/include/sys/jail.h
/usr/lib/libcrypto.a
/usr/lib/libcrypto_p.a
/usr/lib/libfetch.a
/usr/lib/libfetch.so.6
/usr/lib/libfetch_p.a
/usr/lib/libpam.a
/usr/lib/libradius.a
/usr/lib/libradius.so.4
/usr/lib/libradius_p.a
/usr/lib/libssl.a
/usr/lib/libssl.so.111
/usr/lib/libssl_p.a
/usr/lib/libzfs.a
/usr/lib/libzfs_core.a
/usr/lib/libzfs_core_p.a
/usr/lib/libzfs_p.a
/usr/lib/libzpool.a
/usr/lib/pam_login_access.so.6
/usr/sbin/bhyve
/usr/sbin/freebsd-update
/usr/sbin/hostapd
/usr/sbin/ntp-keygen
/usr/sbin/rtsold
/usr/sbin/wpa_cli
/usr/sbin/wpa_supplicant
/usr/sbin/zdb
/usr/sbin/zfsd
/usr/sbin/zhack
/usr/share/man/man2/jail.2.gz
/usr/share/man/man2/jail_attach.2.gz
/usr/share/man/man2/jail_get.2.gz
/usr/share/man/man2/jail_remove.2.gz
/usr/share/man/man2/jail_set.2.gz
/usr/share/zoneinfo/Africa/Accra
/usr/share/zoneinfo/Africa/Addis_Ababa
/usr/share/zoneinfo/Africa/Algiers
/usr/share/zoneinfo/Africa/Asmara
/usr/share/zoneinfo/Africa/Asmera
/usr/share/zoneinfo/Africa/Bangui
/usr/share/zoneinfo/Africa/Brazzaville
/usr/share/zoneinfo/Africa/Casablanca
/usr/share/zoneinfo/Africa/Dar_es_Salaam
/usr/share/zoneinfo/Africa/Djibouti
/usr/share/zoneinfo/Africa/Douala
/usr/share/zoneinfo/Africa/El_Aaiun
/usr/share/zoneinfo/Africa/Juba
/usr/share/zoneinfo/Africa/Kampala
/usr/share/zoneinfo/Africa/Kinshasa
/usr/share/zoneinfo/Africa/Lagos
/usr/share/zoneinfo/Africa/Libreville
/usr/share/zoneinfo/Africa/Luanda
/usr/share/zoneinfo/Africa/Malabo
/usr/share/zoneinfo/Africa/Mogadishu
/usr/share/zoneinfo/Africa/Nairobi
/usr/share/zoneinfo/Africa/Niamey
/usr/share/zoneinfo/Africa/Porto-Novo
/usr/share/zoneinfo/America/Belize
/usr/share/zoneinfo/America/Dawson
/usr/share/zoneinfo/America/Grand_Turk
/usr/share/zoneinfo/America/Nassau
/usr/share/zoneinfo/America/Whitehorse
/usr/share/zoneinfo/Antarctica/Casey
/usr/share/zoneinfo/Antarctica/Macquarie
/usr/share/zoneinfo/Asia/Gaza
/usr/share/zoneinfo/Asia/Hebron
/usr/share/zoneinfo/Asia/Jerusalem
/usr/share/zoneinfo/Asia/Tel_Aviv
/usr/share/zoneinfo/Atlantic/Bermuda
/usr/share/zoneinfo/Australia/ACT
/usr/share/zoneinfo/Australia/Adelaide
/usr/share/zoneinfo/Australia/Brisbane
/usr/share/zoneinfo/Australia/Broken_Hill
/usr/share/zoneinfo/Australia/Canberra
/usr/share/zoneinfo/Australia/Currie
/usr/share/zoneinfo/Australia/Darwin
/usr/share/zoneinfo/Australia/Eucla
/usr/share/zoneinfo/Australia/Hobart
/usr/share/zoneinfo/Australia/Lindeman
/usr/share/zoneinfo/Australia/Melbourne
/usr/share/zoneinfo/Australia/NSW
/usr/share/zoneinfo/Australia/North
/usr/share/zoneinfo/Australia/Perth
/usr/share/zoneinfo/Australia/Queensland
/usr/share/zoneinfo/Australia/South
/usr/share/zoneinfo/Australia/Sydney
/usr/share/zoneinfo/Australia/Tasmania
/usr/share/zoneinfo/Australia/Victoria
/usr/share/zoneinfo/Australia/West
/usr/share/zoneinfo/Australia/Yancowinna
/usr/share/zoneinfo/Canada/Yukon
/usr/share/zoneinfo/Europe/Budapest
/usr/share/zoneinfo/Europe/Monaco
/usr/share/zoneinfo/Europe/Paris
/usr/share/zoneinfo/Europe/Volgograd
/usr/share/zoneinfo/Indian/Antananarivo
/usr/share/zoneinfo/Indian/Comoro
/usr/share/zoneinfo/Indian/Mahe
/usr/share/zoneinfo/Indian/Mayotte
/usr/share/zoneinfo/Israel
/usr/share/zoneinfo/Pacific/Efate
/usr/share/zoneinfo/Pacific/Fiji
/usr/share/zoneinfo/zone.tab
/usr/share/zoneinfo/zone1970.tab
Installing updates...Scanning //usr/share/certs/blacklisted for certificates...
Scanning //usr/share/certs/trusted for certificates...
 done.
=====>  Stop the pot nomad-server-amd64-12_2
=====>  Remove epair0[a|b] network interfaces
=====>  unmount /mnt/data/pot/jails/nomad-server-amd64-12_2/m/tmp
=====>  unmount /mnt/data/pot/jails/nomad-server-amd64-12_2/m/dev
=====>  Flavour: nomad-server
=====>  Executing nomad-server pot commands on nomad-server-amd64-12_2
###>  Flavor nomad-server: line not valid - ignoring
=====>  Starting nomad-server-amd64-12_2 pot for the initial bootstrap
=====>  mount /mnt/data/pot/jails/nomad-server-amd64-12_2/m/tmp
defaultrouter: 10.192.0.1 -> 10.192.0.1
===>  Starting the pot nomad-server-amd64-12_2
ELF ldconfig path: /lib /usr/lib /usr/lib/compat
32-bit compatibility ldconfig path: /usr/lib32
Starting Network: lo0 epair0b.
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
	options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
	inet6 ::1 prefixlen 128
	inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
	inet 127.0.0.1 netmask 0xff000000
	groups: lo
	nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
epair0b: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=8<VLAN_MTU>
	ether 02:8b:2a:22:d6:0b
	inet 10.192.0.4 netmask 0xffc00000 broadcast 10.255.255.255
	groups: epair
	media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
	status: active
	nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
add host 127.0.0.1: gateway lo0 fib 0: route already in table
add net default: gateway 10.192.0.1
add host ::1: gateway lo0 fib 0: route already in table
add net fe80::: gateway ::1
add net ff02::: gateway ::1
add net ::ffff:0.0.0.0: gateway ::1
add net ::0.0.0.0: gateway ::1
Creating and/or trimming log files.
Starting syslogd.
Clearing /tmp (X related).
Updating motd:.
Updating /var/run/os-release done.
Starting sendmail_submit.
Starting sendmail_msp_queue.
Starting cron.

Fri Sep 10 21:22:56 UTC 2021
/usr/local/etc/pot/flavours/nomad-server.sh -> /mnt/data/pot/jails/nomad-server-amd64-12_2/m/tmp/nomad-server.sh
=====>  Executing nomad-server script on nomad-server-amd64-12_2
Creating /var/log/cook.log
Step 1: Bootstrap package repo
[nomad-server-amd64-12_2.vsf00001.cpt.za.honeyguide.net] Installing pkg-1.16.3...
[nomad-server-amd64-12_2.vsf00001.cpt.za.honeyguide.net] Extracting pkg-1.16.3: .......... done
Bootstrapping pkg from pkg+http://pkg.FreeBSD.org/FreeBSD:12:amd64/quarterly, please wait...
Step 2: Touch /etc/rc.conf
Step 3: Remove ifconfig_epair0b from config
Step 4: Disable sendmail
sendmail disabled in /etc/rc.conf
sendmail_submit disabled in /etc/rc.conf
sendmail_msp_queue disabled in /etc/rc.conf
Step 5: Create /usr/local/etc/rc.d
Step 6: Install package consul
Updating FreeBSD repository catalogue...
[nomad-server-amd64-12_2.vsf00001.cpt.za.honeyguide.net] Fetching meta.conf: . done
[nomad-server-amd64-12_2.vsf00001.cpt.za.honeyguide.net] Fetching packagesite.txz: .......... done
Processing entries: .......... done
FreeBSD repository update completed. 30850 packages processed.
All repositories are up to date.
Updating database digests format: . done
The following 1 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
	consul: 1.9.5

Number of packages to be installed: 1

The process will require 78 MiB more space.
27 MiB to be downloaded.
[nomad-server-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [1/1] Fetching consul-1.9.5.txz: .......... done
Checking integrity... done (0 conflicting)
[nomad-server-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [1/1] Installing consul-1.9.5...
===> Creating groups.
Creating group 'consul' with gid '469'.
===> Creating users
Creating user 'consul' with uid '469'.
===> Creating homedir(s)
[nomad-server-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [1/1] Extracting consul-1.9.5: ..... done
Step 7: Install package nomad
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 1 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
	nomad: 1.1.0

Number of packages to be installed: 1

The process will require 55 MiB more space.
12 MiB to be downloaded.
[nomad-server-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [1/1] Fetching nomad-1.1.0.txz: .......... done
Checking integrity... done (0 conflicting)
[nomad-server-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [1/1] Installing nomad-1.1.0...
===> Creating groups.
Creating group 'nomad' with gid '472'.
===> Creating users
Creating user 'nomad' with uid '472'.
===> Creating homedir(s)
[nomad-server-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [1/1] Extracting nomad-1.1.0: ....... done
Step 8: Install package sudo
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 3 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
	gettext-runtime: 0.21
	indexinfo: 0.3.1
	sudo: 1.9.7p1

Number of packages to be installed: 3

The process will require 7 MiB more space.
2 MiB to be downloaded.
[nomad-server-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [1/3] Fetching sudo-1.9.7p1.txz: .......... done
[nomad-server-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [2/3] Fetching gettext-runtime-0.21.txz: .......... done
[nomad-server-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [3/3] Fetching indexinfo-0.3.1.txz: . done
Checking integrity... done (0 conflicting)
[nomad-server-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [1/3] Installing indexinfo-0.3.1...
[nomad-server-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [1/3] Extracting indexinfo-0.3.1: .... done
[nomad-server-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [2/3] Installing gettext-runtime-0.21...
[nomad-server-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [2/3] Extracting gettext-runtime-0.21: .......... done
[nomad-server-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [3/3] Installing sudo-1.9.7p1...
[nomad-server-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [3/3] Extracting sudo-1.9.7p1: .......... done
Step 9: Install package vault
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 1 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
	vault: 1.7.3

Number of packages to be installed: 1

The process will require 149 MiB more space.
49 MiB to be downloaded.
[nomad-server-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [1/1] Fetching vault-1.7.3.txz: .......... done
Checking integrity... done (0 conflicting)
[nomad-server-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [1/1] Installing vault-1.7.3...
===> Creating groups.
Creating group 'vault' with gid '471'.
===> Creating users
Creating user 'vault' with uid '471'.
[nomad-server-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [1/1] Extracting vault-1.7.3: ..... done
=====
Message from vault-1.7.3:

--
The vault user created by the vault package is now a member of the daemon
class, which will allow it to use mlock() when started by the rc script. This
will not be reflected in systems where the user already exists. Please add the
vault user to the daemon class manually by running:

pw usermod -L daemon -n vault

or delete the user and reinstall the package.

You may also need to increase memorylocked for the daemon class in
/etc/login.conf to 1024M or more and run:

cap_mkdb /etc/login.conf

Or to disable mlock, add:

disable_mlock = 1

to /usr/local/etc/vault.hcl
Step 10: Install package node_exporter
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 1 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
	node_exporter: 1.1.2

Number of packages to be installed: 1

The process will require 11 MiB more space.
3 MiB to be downloaded.
[nomad-server-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [1/1] Fetching node_exporter-1.1.2.txz: .......... done
Checking integrity... done (0 conflicting)
[nomad-server-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [1/1] Installing node_exporter-1.1.2...
[nomad-server-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [1/1] Extracting node_exporter-1.1.2: .......... done
=====
Message from node_exporter-1.1.2:

--
If upgrading from a version of node_exporter <0.15.0 you'll need to update any
custom command line flags that you may have set as it now requires a
double-dash (--flag) instead of a single dash (-flag).
The collector flags in 0.15.0 have now been replaced with individual boolean
flags and the -collector.procfs` and -collector.sysfs` flags have been renamed
to --path.procfs and --path.sysfs respectively.
Step 11: Clean package installation
The following package files will be deleted:
	/var/cache/pkg/consul-1.9.5~e3c3a94bde.txz
	/var/cache/pkg/vault-1.7.3~7ee859c9d5.txz
	/var/cache/pkg/indexinfo-0.3.1.txz
	/var/cache/pkg/vault-1.7.3.txz
	/var/cache/pkg/gettext-runtime-0.21.txz
	/var/cache/pkg/nomad-1.1.0~918a64552a.txz
	/var/cache/pkg/indexinfo-0.3.1~fec9f21a3f.txz
	/var/cache/pkg/sudo-1.9.7p1.txz
	/var/cache/pkg/node_exporter-1.1.2.txz
	/var/cache/pkg/consul-1.9.5.txz
	/var/cache/pkg/sudo-1.9.7p1~a8afb80862.txz
	/var/cache/pkg/nomad-1.1.0.txz
	/var/cache/pkg/node_exporter-1.1.2~9e7a20f0f9.txz
	/var/cache/pkg/gettext-runtime-0.21~c84f0d3292.txz
The cleanup will free 92 MiB
Deleting files: .......... done
All done
Step 12: Remove pre-existing cook script (if any)
Step 13: Create cook script
Step 14: Make cook script executable
setting executable bit on /usr/local/bin/cook
Step 15: Create rc.d script to start cook
creating rc.d script to start cook
Step 16: Make rc.d script to start cook executable
Setting executable bit on cook rc file
Step 17: Enable cook service
enabling cook
cook enabled in /etc/rc.conf
=====>  Stop the pot nomad-server-amd64-12_2
=====>  Remove epair0[a|b] network interfaces
=====>  unmount /mnt/data/pot/jails/nomad-server-amd64-12_2/m/tmp
=====>  unmount /mnt/data/pot/jails/nomad-server-amd64-12_2/m/dev
=====>  Flavour: nomad-server+1
=====>  Executing nomad-server+1 pot commands on nomad-server-amd64-12_2
=====>  No shell script available for the flavour nomad-server+1
=====>  Flavour: nomad-server+2
=====>  Executing nomad-server+2 pot commands on nomad-server-amd64-12_2
=====>  No shell script available for the flavour nomad-server+2
=====>  Flavour: nomad-server+3
=====>  Executing nomad-server+3 pot commands on nomad-server-amd64-12_2
=====>  No shell script available for the flavour nomad-server+3
=====>  Flavour: nomad-server+4
=====>  Executing nomad-server+4 pot commands on nomad-server-amd64-12_2
=====>  No shell script available for the flavour nomad-server+4

This site © Honeyguide Group (Pty) Ltd, all the hosted software their respective license owners 2020 - 2021 - Disclaimer