Patroni PostgreSQL

Overview

This is a patroni postgresql jail that can be started with pot.

The jail exposes these parameters that can either be set via the environment or by setting the cookparameters (or by editing the downloaded jails pot.conf file):

It is dependent on a consul server/cluster for the DCS store.

Installation

  • Create a ZFS data set on the parent system beforehand:
    zfs create -o mountpoint=/mnt/postgresqldata zroot/postgresqldata
  • Create your local jail from the image or the flavour files.
  • Mount in the ZFS data set you created:
    pot mount-in -p <jailname> -m /mnt -d /mnt/postgresqldata
  • Copy in the SSH private key for the user on the Vault leader:
    pot copy-in -p <jailname> -s /root/sshkey -d /root/sshkey
  • Optionally export the ports after creating the jail:
    pot export-ports -p <jailname> -e 5432:5432
  • Adjust to your environment:
    sudo pot set-env -p <jailname> -E DATACENTER=<datacentername> -E NODENAME=<nodename> -E IP=<IP address of this node> \
    -E SERVICETAG=<master/replica/standby-leader> -E CONSULSERVERS=<correctly-quoted-array-consul-IPs> \
    -E VAULTSERVER=<Vault leader IP> -E VAULTTOKEN=<s.token> -E REMOTELOG=<IP of loki> -E SFTPUSER=<user> \
    [-E ADMPASS=<custom admin password> -E KEKPASS=<custom postgresql superuser password> -E REPPASS=<custom replication password>] \
    [-E GOSSIPKEY=<32 byte Base64 key from consul keygen>]
    

The SERVICETAG parameter defines if this is a master, replica or standby-leader node in the cluster,

The CONSULSERVERS parameter defines the consul server instances, and must be set as CONSULSERVERS='"10.0.0.2"' or CONSULSERVERS='"10.0.0.2", "10.0.0.3", "10.0.0.4"' or CONSULSERVERS='"10.0.0.2", "10.0.0.3", "10.0.0.4", "10.0.0.5", "10.0.0.6"'

The VAULTSERVER parameter is the IP address of the vault server to authenticate to, and obtain certificates from.

The VAULTTOKEN parameter is the issued token from the vault server.

The ADMPASS parameter is the admin user password which defaults to admin.

The KEKPASS parameter is the superuser password for postgres, which defaults to kekpass.

The REPPASS parameter is the replicator user password, for replication purposes, and defaults to reppass.

The GOSSIPKEY parameter is the gossip encryption key for consul agent. We’re using a default key if you do not set the parameter, do not use the default key for production encryption, instead provide your own.

The REMOTELOG parameter is the IP address of a remote syslog server to send logs to, such as for the loki flavour on this site.

The SFTPUSER parameter is for the user on the vault leader in the VAULTSERVER parameter. You need to copy in the id_rsa from there to the host of this image.

Usage

Usage notes

  • The mount-in data set goes to /mnt. This change from /var/db/postgres requires the postgres user’s home directory be updated from the default to this. This is done automatically and will work as long as the mount-in directory is /mnt.
  • You must su to the postgresql user and run psql to interact with Postgresql.
  • No default database exists. It will have to be setup or imported.

Verify node or cluster details with

/root/verifynode.sh

    (runs /usr/local/bin/curl -s --cacert /mnt/certs/combinedca.pem --cert /mnt/certs/cert.pem --key /mnt/certs/key.pem https://localhost:8008/patroni | /usr/local/bin/jq . )

/root/verifycluster.sh

    (runs /usr/local/bin/curl -s --cacert /mnt/certs/combinedca.pem --cert /mnt/certs/cert.pem --key /mnt/certs/key.pem https://localhost:8008/cluster | /usr/local/bin/jq . )

/usr/local/etc/rc.d/patroni list

Starting over

If you need to reset the cluster, and start from scratch, make sure to remove the kv values in consul. If you don’t the old data will simply be imported to the new cluster.

Getting Started

How To Use The Ready-Made Image

FreeBSD 13.0:
pot import -p postgresql-patroni-amd64-13_0 -t 2.0.24 -U https://potluck.honeyguide.net/postgresql-patroni

FreeBSD 12.2:
pot import -p postgresql-patroni-amd64-12_2 -t 2.0.24 -U https://potluck.honeyguide.net/postgresql-patroni

If you don’t want to use the default pot bridged network configuration but instead need an individual network setup (e.g. assign a host IP address), after importing it you can simply clone the jail like that (em0 is the host network adapter in this example):
pot clone -P postgresql-patroni-amd64-13_0 -p my-cloned-jail -N alias -i "em0|10.10.10.10"

Note: Some images might require specific network configuration, double check the Overview-chapter at the top.

Alternatively: Create a Jail With This Flavour Yourself

1. Create Flavour Files

Save all files and directories from https://github.com/hny-gd/potluck/tree/master/postgresql-patroni to /usr/local/etc/pot/flavours/

2. Create Jail From Flavour

Run
pot create -b <FreeBSD Version> -p <jailname> -t single -N public-bridge -f fbsd-update

with your FreeBSD version (e.g. 12.1) and the name your jail should get.

Note: Some images might require specific network configuration, double check the Overview-chapter at the top.

Version History

2.0.24

  • Need to use 127.0.0.1 instead of localhost in the scripts to check patroni status, else TLS fails

2.0.23

  • TLS everywhere for postgresql requires specific permissions on key.pem

2.0.22

  • Fixed the patroni.yml spacing

2.0.21

  • Fixed the README file

2.0.20

  • Encryption all round. Added scripts to check status.

2.0.19

  • Removing sftppass, unsetting consul sysrc parameters where needed

2.0.18

  • General security fixups and removal bad copy-paste entries

2.0.17

  • Tweaking mandatory variables for optional parameters

2.0.16

  • Bug-fix on gossip key

2.0.15

  • Implementing mandatory variables

2.0.14

  • Adding postgres_exporter for prometheus

2.0.13

  • Setup for tls-client-validation

2.0.12

  • README update, turning off flow-control in syslog-ng, setting 120s time_reopen, and reducing log-fifo parameter

2.0.11

  • Clearing syslog-ng /dev/console entries to remove log spam

2.0.10

  • Fixing typo in copy-in, future-proofing

2.0.9

  • Updating syslog-ng and standardised cert.pem key.pem ca.pem

2.0.8

  • Implementing syslog-ng with tls for remote logging

2.0.7

  • Replication password, other updates to improve initdb process such as 0750 perms on /mnt/postgres

2.0.6

  • Vault certificates intgration, pip install of psycopg2 due to conflicts with postgresql-client

2.0.5

  • Updating for persistent postgresql storage

2.0.4

  • Adjusting parameters for node-exporter service

2.0.3

  • Added node_exporter and setup consul service “node-exporter”

2.0.2

  • Consul pre-generated gossip encryption key added

2.0.1

  • Fixing up minor type with trailing comma in consul agent.json setup

2.0

  • Several updates including new postgresql version, better parameter variables

1.0

  • Initial commit with PostgreSQL Patroni configuration that connects to Consul

These images were built on Fri Aug 27 20:26:44 UTC 2021

Manual Image Download Links

postgresql-patroni-amd64-13_0_2.0.24.xz ( 623.553 MB )
postgresql-patroni-amd64-13_0_2.0.24.xz.skein ( 0.250977 KB )

postgresql-patroni-amd64-12_2_2.0.24.xz ( 663.286 MB )
postgresql-patroni-amd64-12_2_2.0.24.xz.skein ( 0.250977 KB )

Jenkins Pot Creation Logs

postgresql-patroni-amd64-13_0_2.0.24:


postgresql-patroni/postgresql-patroni:
copy-in -s /usr/local/etc/pot/flavours/postgresql-patroni.d/patroni.rc -d /root/
copy-in -s /usr/local/etc/pot/flavours/postgresql-patroni.d/patroni.yml -d /root/
copy-in -s /usr/local/etc/pot/flavours/postgresql-patroni.d/syslog-ng.conf -d /root/
postgresql-patroni/postgresql-patroni.sh:
#!/bin/sh

# Based on POTLUCK TEMPLATE v3.0
# Altered by Michael Gmelin
#
# EDIT THE FOLLOWING FOR NEW FLAVOUR:
# 1. RUNS_IN_NOMAD - true or false
# 2. If RUNS_IN_NOMAD is false, can delete the <flavour>+4 file, else
#    make sure pot create command doesn't include it
# 3. Create a matching <flavour> file with this <flavour>.sh file that
#    contains the copy-in commands for the config files from <flavour>.d/
#    Remember that the package directories don't exist yet, so likely copy
#    to /root
# 4. Adjust package installation between BEGIN & END PACKAGE SETUP
# 5. Adjust jail configuration script generation between BEGIN & END COOK
#    Configure the config files that have been copied in where necessary

# Set this to true if this jail flavour is to be created as a nomad (i.e. blocking) jail.
# You can then query it in the cook script generation below and the script is installed
# appropriately at the end of this script
RUNS_IN_NOMAD=false

# set the cook log path/filename
COOKLOG=/var/log/cook.log

# check if cooklog exists, create it if not
if [ ! -e $COOKLOG ]
then
    echo "Creating $COOKLOG" | tee -a $COOKLOG
else
    echo "WARNING $COOKLOG already exists"  | tee -a $COOKLOG
fi
date >> $COOKLOG

# -------------------- COMMON ---------------

STEPCOUNT=0
step() {
  STEPCOUNT=$(expr "$STEPCOUNT" + 1)
  STEP="$@"
  echo "Step $STEPCOUNT: $STEP" | tee -a $COOKLOG
}

exit_ok() {
  trap - EXIT
  exit 0
}

FAILED=" failed"
exit_error() {
  STEP="$@"
  FAILED=""
  exit 1
}

set -e
trap 'echo ERROR: $STEP$FAILED | (>&2 tee -a $COOKLOG)' EXIT

# -------------- BEGIN PACKAGE SETUP -------------

step "Bootstrap package repo"
mkdir -p /usr/local/etc/pkg/repos
echo 'FreeBSD: { url: "pkg+http://pkg.FreeBSD.org/${ABI}/quarterly" }' \
  >/usr/local/etc/pkg/repos/FreeBSD.conf
ASSUME_ALWAYS_YES=yes pkg bootstrap

step "Touch /etc/rc.conf"
touch /etc/rc.conf

# this is important, otherwise running /etc/rc from cook will
# overwrite the IP address set in tinirc
step "Remove ifconfig_epair0b from config"
sysrc -cq ifconfig_epair0b && sysrc -x ifconfig_epair0b || true

step "Disable sendmail"
service sendmail onedisable

step "Create /usr/local/etc/rc.d"
mkdir -p /usr/local/etc/rc.d

step "Update package repository"
pkg update -f

step "Install package sudo"
pkg install -y sudo

step "Install package openssl"
pkg install -y openssl

step "Install package vault"
pkg install -y vault

step "Install package consul"
pkg install -y consul

step "Install package node_exporter"
pkg install -y node_exporter

step "Install package syslog-ng"
pkg install -y syslog-ng

step "Install package postgresql-server"
pkg install -y postgresql13-server

step "Install package postgresql-client"
pkg install -y postgresql13-client

step "Install package python37"
pkg install -y python38

step "Install package python3-pip"
pkg install -y py38-pip

step "Install package python-consul2"
# this version gives error
pkg install -y py38-python-consul2

# using pip to install this package, as pkg removes postgres13 now, and installs postgres12 client as dependency
#step "Install package psycopg2"
#pkg install -y py38-psycopg2

step "Install package curl"
pkg install -y curl

step "Install package jq"
pkg install -y jq

step "Install package jo"
pkg install -y jo

step "Install package git-lite"
pkg install -y git-lite

step "Install package go"
pkg install -y go

step "Instal package gmake"
pkg install -y gmake

step "Instal package curl"
pkg install -y curl

#
# pip MUST ONLY be used:
# * With the --user flag, OR
# * To install or manage Python packages in virtual environments
# using -prefix here to force install in /usr/local/bin

step "Install pip package psycopg2-binary"
pip install psycopg2-binary --prefix="/usr/local/"

step "Install pip package patroni"
pip install patroni --prefix="/usr/local"
#
## WARNING: The scripts patroni, patroni_aws, patroni_raft_controller,
## patroni_wale_restore and patronictl are installed in
## '--prefix=/usr/local/bin' which is not on PATH.
## Consider adding this directory to PATH or, if you prefer to suppress
## this warning, use --no-warn-script-location.

step "Clean package installation"
pkg clean -y

# -------------- END PACKAGE SETUP -------------
#
# Create configurations
#

#
# Now generate the run command script "cook"
# It configures the system on the first run by creating the config file(s)
# On subsequent runs, it only starts sleeps (if nomad-jail) or simply exits
#

# clear any old cook runtime file
step "Remove pre-existing cook script (if any)"
rm -f /usr/local/bin/cook

# this runs when image boots
# ----------------- BEGIN COOK ------------------

step "Create cook script"
echo "#!/bin/sh
RUNS_IN_NOMAD=$RUNS_IN_NOMAD
# declare this again for the pot image, might work carrying variable through like
# with above
COOKLOG=/var/log/cook.log

# No need to change this, just ensures configuration is done only once
if [ -e /usr/local/etc/pot-is-seasoned ]
then
    # If this pot flavour is blocking (i.e. it should not return),
    # we block indefinitely
    if [ \"\$RUNS_IN_NOMAD\" = \"true\" ]
    then
        /bin/sh /etc/rc
        tail -f /dev/null
    fi
    exit 0
fi

# ADJUST THIS: STOP SERVICES AS NEEDED BEFORE CONFIGURATION
#

# No need to adjust this:
# If this pot flavour is not blocking, we need to read the environment first from /tmp/environment.sh
# where pot is storing it in this case
if [ -e /tmp/environment.sh ]
then
    . /tmp/environment.sh
fi
#
# ADJUST THIS BY CHECKING FOR ALL VARIABLES YOUR FLAVOUR NEEDS:
# Check config variables are set
#
if [ -z \${DATACENTER+x} ];
then
    echo 'DATACENTER is unset - see documentation to configure this flavour with the datacenter name. This parameter is mandatory.'
    exit 1
fi
if [ -z \${CONSULSERVERS+x} ];
then
    echo 'CONSULSERVERS is unset - please pass in one or more correctly-quoted, comma-separated addresses for consul peer IPs. Refer to documentation. This parameter is mandatory.'
    exit 1
fi
if [ -z \${NODENAME+x} ];
then
    echo 'NODENAME is unset - see documentation to configure this flavour with a name for this node. This parameter is mandatory.'
    exit 1
fi
if [ -z \${IP+x} ];
then
    echo 'IP is unset - see documentation to configure this flavour for an IP address. This parameter is mandatory.'
    exit 1
fi
if [ -z \${SERVICETAG+x} ];
then
    echo 'SERVICETAG is unset - please set a service tag of master, replica or standby-leader. Refer to documentation. This parameter is mandatory.'
    exit 1
fi
if [ -z \${ADMPASS+x} ];
then
    echo 'ADMPASS is unset - please set the password for the admin user. This parameter is mandatory.'
    exit 1
fi
if [ -z \${KEKPASS+x} ];
then
    echo 'KEKPASS is unset - please set the password for the superuser postgres user. This parameter is mandatory.'
    exit 1
fi
if [ -z \${REPPASS+x} ];
then
    echo 'REPPASS is unset - please set the replicator user password for replication. This parameter is mandatory.'
    exit 1
fi
if [ -z \${VAULTSERVER+x} ];
then
    echo 'VAULTSERVER is unset - see documentation to set the vault server IP address. This is required to obtain certificates. This parameter is mandatory.'
    exit 1
fi
# we need a token from the vault server
if [ -z \${VAULTTOKEN+x} ];
then
    echo 'VAULTTOKEN is unset - a vault token is required to obtain certificates. Refer to documentation. This parameter is mandatory.'
    exit 1
fi
# GOSSIPKEY is a 32 byte, Base64 encoded key generated with consul keygen for the consul flavour.
# Re-used for nomad, which is usually 16 byte key but supports 32 byte, Base64 encoded keys
# We'll re-use the one from the consul flavour
if [ -z \${GOSSIPKEY+x} ];
then
    echo 'GOSSIPKEY is unset - please provide a 32 byte base64 key from the (consul keygen key) command. This parameter is mandatory.'
    exit 1
fi
# optional logging to remote syslog server
if [ -z \${REMOTELOG+x} ];
then
    echo 'REMOTELOG is unset - please provide the IP address of a loki server. Defaulting to \"null\" if not set. This parameter is optional.'
    REMOTELOG=\"null\"
fi
# sftpuser credentials
if [ -z \${SFTPUSER+x} ];
then
    echo 'SFTPUSER is unset - please provide a username to use for the SFTP user on the vault leader. This parameter is mandatory.'
    exit 1
fi

# ADJUST THIS BELOW: NOW ALL THE CONFIGURATION FILES NEED TO BE CREATED:
# Don't forget to double(!)-escape quotes and dollar signs in the config files

# add group for accessing certs (shared between services)
/usr/sbin/pw groupadd certaccess

# some basic ssh setup
echo \"Initialising ssh settings\"
mkdir -p /root/.ssh
chmod 700 /root/.ssh
touch /root/.ssh/authorized_keys

if [ -f /root/sshkey ] && [ ! -f /root/.ssh/id_rsa ]; then
    cp /root/sshkey /root/.ssh/id_rsa
    chmod 600 /root/.ssh/id_rsa
    ssh-keygen -f /root/.ssh/id_rsa -y > /root/.ssh/id_rsa.pub
fi

# setup temp directory for temp certs
mkdir -p /tmp/tmpcerts

# echo a message to user
echo \"\"
echo \"########################### IMPORTANT NOTICE ###########################\"
echo \"\"
echo \"Make sure to copy in id_rsa from vault leader certuser instance!\"
echo \"\"
echo \"########################################################################\"
echo \"\"
# end client

# retrieve first round of certificates from vault leader via sftp
echo \"Get first round of certificates from vault leader via sftp\"
if [ -f /root/.ssh/id_rsa ]; then
    cd /tmp/tmpcerts
    # wildcard retrieval works manually but not in the script, so we specify each file to retrieve
    /usr/bin/sftp -P 8888 -o StrictHostKeyChecking=no -q \$SFTPUSER@\$VAULTSERVER:\$IP/cert.pem
    (umask 137; /usr/bin/sftp -P 8888 -o StrictHostKeyChecking=no -q \$SFTPUSER@\$VAULTSERVER:\$IP/key.pem)
    chgrp certaccess key.pem
    /usr/bin/sftp -P 8888 -o StrictHostKeyChecking=no -q \$SFTPUSER@\$VAULTSERVER:\$IP/ca.pem
    /usr/bin/sftp -P 8888 -o StrictHostKeyChecking=no -q \$SFTPUSER@\$VAULTSERVER:\$IP/combinedca.pem
    cd ~
fi

# setup directories for vault usage
mkdir -p /mnt/templates
mkdir -p /mnt/certs/hash
chgrp -R certaccess /mnt/certs
mkdir -p /mnt/vault

# start postgres_exporter
export PATH=\"$PATH:/usr/local/bin/\"
cd /tmp
/usr/local/bin/git clone https://github.com/prometheus-community/postgres_exporter.git
cd /tmp/postgres_exporter
/usr/local/bin/gmake build
# fix stuff in rc file before copy
#sed -i .orig 's/sslmode=disable/sslmode=require/g' /tmp/postgres_exporter/postgres_exporter.rc
sed -i .orig 's/-web.listen-address/--web.listen-address/g' /tmp/postgres_exporter/postgres_exporter.rc
# copy over rc file
cp -f /tmp/postgres_exporter/postgres_exporter.rc /usr/local/etc/rc.d/postgres_exporter
# make executable
chmod +x /usr/local/etc/rc.d/postgres_exporter
# copy over postgres_exporter
cp -f /tmp/postgres_exporter/postgres_exporter /usr/local/bin/postgres_exporter
# make executable
chmod +x /usr/local/bin/postgres_exporter
# set start options, one a manual way to get IP in
sysrc postgres_exporter_enable=\"YES\"
sysrc postgres_exporter_pg_host=\"\$IP\"
sysrc postgres_exporter_pg_user=\"postgres\"
# this probably shouldn't be in /etc/rc.conf? but only way
sysrc postgres_exporter_pg_pass=\"\$KEKPASS\"
cd /root
# end postgres_exporter

# add the postgres user to the certaccess group
/usr/sbin/pw usermod postgres -G certaccess

# make consul configuration directory and set permissions
mkdir -p /usr/local/etc/consul.d
chmod 750 /usr/local/etc/consul.d

# Create the consul agent config file with imported variables
echo \"{
 \\\"advertise_addr\\\": \\\"\$IP\\\",
 \\\"datacenter\\\": \\\"\$DATACENTER\\\",
 \\\"node_name\\\": \\\"\$NODENAME\\\",
 \\\"data_dir\\\":  \\\"/var/db/consul\\\",
 \\\"dns_config\\\": {
  \\\"a_record_limit\\\": 3,
  \\\"enable_truncate\\\": true
 },
 \\\"verify_incoming\\\": true,
 \\\"verify_outgoing\\\": true,
 \\\"verify_server_hostname\\\":false,
 \\\"verify_incoming_rpc\\\": true,
 \\\"ca_file\\\": \\\"/mnt/certs/ca.pem\\\",
 \\\"cert_file\\\": \\\"/mnt/certs/cert.pem\\\",
 \\\"key_file\\\": \\\"/mnt/certs/key.pem\\\",
 \\\"log_file\\\": \\\"/var/log/consul/\\\",
 \\\"log_level\\\": \\\"WARN\\\",
 \\\"encrypt\\\": \\\"\$GOSSIPKEY\\\",
 \\\"start_join\\\": [ \$CONSULSERVERS ],
 \\\"telemetry\\\": {
  \\\"prometheus_retention_time\\\": \\\"24h\\\",
  \\\"disable_hostname\\\": true
 },
 \\\"service\\\": {
  \\\"address\\\": \\\"\$IP\\\",
  \\\"name\\\": \\\"node-exporter\\\",
  \\\"tags\\\": [\\\"_app=prometheus\\\", \\\"_service=node-exporter\\\", \\\"_hostname=\$NODENAME\\\", \\\"_datacenter=\$DATACENTER\\\"],
  \\\"port\\\": 9100
 },
 \\\"service\\\": {
  \\\"address\\\": \\\"\$IP\\\",
  \\\"name\\\": \\\"postgres-exporter\\\",
  \\\"tags\\\": [\\\"_app=postgresql\\\", \\\"_service=postgres-exporter\\\", \\\"_hostname=\$NODENAME\\\", \\\"_datacenter=\$DATACENTER\\\"],
  \\\"port\\\": 9187
 }
}\" | (umask 177; cat > /usr/local/etc/consul.d/agent.json)

# set owner on /usr/local/etc/consul.d/
chown -R consul:wheel /usr/local/etc/consul.d/

# enable consul
service consul enable

# set load parameter for consul config
sysrc consul_args=\"-config-file=/usr/local/etc/consul.d/agent.json\"

# setup consul logs, might be redundant if not specified in agent.json above
mkdir -p /var/log/consul
touch /var/log/consul/consul.log
chown -R consul:wheel /var/log/consul

# add the consul user to the certaccess group
/usr/sbin/pw usermod consul -G certaccess

# end consul

## start Vault

# first remove any existing vault configuration
if [ -f /usr/local/etc/vault/vault-server.hcl ]; then
    rm /usr/local/etc/vault/vault-server.hcl
fi
# then setup a fresh vault.hcl specific to the type of image

# default freebsd vault.hcl is /usr/local/etc/vault.hcl and
# the init script /usr/local/etc/rc.d/vault refers to this
# but many vault docs refer to /usr/local/etc/vault/vault-server.hcl
# or similar

# begin vault config
# we're setting a config file but not actually running the vault service
# certificate rotation is being done with a cron job
# token rotation may require the vault service

echo \"disable_mlock = true
ui = false
vault {
  address = \\\"\$VAULTSERVER:8200\\\"
  retry {
    num_retries = 5
  }
}
storage \\\"file\\\" {
  path = \\\"/mnt/vault/data\\\"
}
#template {
#  source = \\\"/mnt/templates/cert.tpl\\\"
#  destination = \\\"/mnt/certs/cert.pem\\\"
#}
#template {
#  source = \\\"/mnt/templates/ca.tpl\\\"
#  destination = \\\"/mnt/certs/ca.pem\\\"
#}
#template {
#  source = \\\"/mnt/templates/key.tpl\\\"
#  destination = \\\"/mnt/certs/key.pem\\\"
#}\" | (umask 177; cat > /usr/local/etc/vault.hcl)

# Set permission for vault.hcl, so that vault can read it
chown vault:wheel /usr/local/etc/vault.hcl

# setup template files for certificates
# this is not currently in use because cron job renews certs and restarts services
echo \"{{- /* /mnt/templates/cert.tpl */ -}}
{{ with secret \\\"pki_int/issue/\$DATACENTER\\\" \\\"common_name=\$IP\\\" \\\"ttl=24h\\\" \\\"alt_names=\$NODENAME\\\" \\\"ip_sans=\$IP\\\" }}
{{ .Data.certificate }}{{ end }}
\" > /mnt/templates/cert.tpl

echo \"{{- /* /mnt/templates/ca.tpl */ -}}
{{ with secret \\\"pki_int/issue/\$DATACENTER\\\" \\\"common_name=\$IP\\\" }}
{{ .Data.issuing_ca }}{{ end }}
\" > /mnt/templates/ca.tpl

echo \"{{- /* /mnt/templates/key.tpl */ -}}
{{ with secret \\\"pki_int/issue/\$DATACENTER\\\" \\\"common_name=\$IP\\\" \\\"ttl=24h\\\" \\\"alt_names=\$NODENAME\\\" \\\"ip_sans=\$IP\\\" }}
{{ .Data.private_key }}{{ end }}
\" > /mnt/templates/key.tpl

# set permissions on /mnt for vault data
chown -R vault:wheel /mnt/vault

# invite to certaccess group
/usr/sbin/pw usermod vault -G certaccess

# setup rc.conf entries
# we do not set vault_user=vault because vault will not start
# we're not starting vault as a service
service vault enable
sysrc vault_login_class=root
sysrc vault_syslog_output_enable=\"YES\"
sysrc vault_syslog_output_priority=\"warn\"

# new CA cert retrieval process with curl
echo \"Retrieving CA certificates from Vault leader\"
# get the root CA
/usr/local/bin/curl --silent --cacert /tmp/tmpcerts/ca.pem --cert /tmp/tmpcerts/cert.pem --key /tmp/tmpcerts/key.pem -o /mnt/certs/CA_cert.pem https://\$VAULTSERVER:8200/v1/pki/ca/pem
# append a new line to the file, as will concat together later with another file
if [ -s /mnt/certs/CA_cert.pem ]; then
    echo \"\" >> /mnt/certs/CA_cert.pem
fi
# get the intermediate CA
/usr/local/bin/curl --silent --cacert /tmp/tmpcerts/ca.pem --cert /tmp/tmpcerts/cert.pem --key /tmp/tmpcerts/key.pem -o /mnt/certs/intermediate.cert.pem https://\$VAULTSERVER:8200/v1/pki_int/ca/pem
# append a new line to the file, as will concat together later with another file
if [ -s /mnt/certs/intermediate.cert.pem ]; then
    echo \"\" >> /mnt/certs/intermediate.cert.pem
fi
# validate the certificates
echo \"Validating CA certificates\"
if [ -s /mnt/certs/CA_cert.pem ] && [ -s /mnt/certs/intermediate.cert.pem ]; then
    /usr/bin/openssl verify -CAfile /mnt/certs/CA_cert.pem /mnt/certs/intermediate.cert.pem
fi

# unwrap the pki token issued by vault leader
echo \"Unwrapping passed in token...\"
(umask 177; /usr/local/bin/vault unwrap -address=https://\$VAULTSERVER:8200 -client-cert=/tmp/tmpcerts/cert.pem -client-key=/tmp/tmpcerts/key.pem -ca-cert=/mnt/certs/intermediate.cert.pem -format=json \$VAULTTOKEN | /usr/local/bin/jq -r '.auth.client_token' > /root/unwrapped.token)
sleep 1
if [ -s /root/unwrapped.token ]; then
    echo \"Token unwrapped\"
    THIS_TOKEN=\$(/bin/cat /root/unwrapped.token)
    echo \"Logging in to vault leader to authenticate\"
    (umask 177; echo \"\$THIS_TOKEN\" | /usr/local/bin/vault login -address=https://\$VAULTSERVER:8200 -client-cert=/tmp/tmpcerts/cert.pem -client-key=/tmp/tmpcerts/key.pem -ca-cert=/mnt/certs/intermediate.cert.pem -method=token -field=token token=- > /root/login.token)
fi

# get list of secrets engines (helps cluster to align)
/usr/local/bin/vault secrets list -address=https://\$VAULTSERVER:8200 -client-cert=/tmp/tmpcerts/cert.pem -client-key=/tmp/tmpcerts/key.pem -ca-cert=/mnt/certs/intermediate.cert.pem

echo \"Setting certificate payload\"
if [ -s /root/login.token ]; then
    # generate certificates to use
    # using this payload.json approach to avoid nested single and double quotes for expansion
    # new way of generating payload.json with jo
    /usr/local/bin/jo -p common_name=\$IP alt_names=\$NODENAME ttl=24h ip_sans=\"\$IP,127.0.0.1\" format=pem > /mnt/templates/payload.json

    # we use curl to get the certificates in json format as the issue command only has formats: pem, pem_bundle, der
    # but no json format except via the API
    echo \"Generating certificates to use from Vault\"
    HEADER=\$(/bin/cat /root/login.token)
    (umask 177; /usr/local/bin/curl --cacert /tmp/tmpcerts/combinedca.pem --cert /tmp/tmpcerts/cert.pem --key /tmp/tmpcerts/key.pem --header \"X-Vault-Token: \$HEADER\" --request POST --data @/mnt/templates/payload.json https://\$VAULTSERVER:8200/v1/pki_int/issue/\$DATACENTER > /mnt/certs/vaultissue.json)

    # extract the required certificates to individual files
    /usr/local/bin/jq -r '.data.certificate' /mnt/certs/vaultissue.json > /mnt/certs/cert.pem
    # append the ca cert to the cert
    /usr/local/bin/jq -r '.data.issuing_ca' /mnt/certs/vaultissue.json >> /mnt/certs/cert.pem
    (umask 137; /usr/local/bin/jq -r '.data.private_key' /mnt/certs/vaultissue.json > /mnt/certs/key.pem)
    /usr/local/bin/jq -r '.data.issuing_ca' /mnt/certs/vaultissue.json > /mnt/certs/ca.pem
    cd /mnt/certs
    # concat the root CA and intermediary CA into combined file
    cat /mnt/certs/CA_cert.pem /mnt/certs/ca.pem > /mnt/certs/combinedca.pem
    # steps here to hash ca, required for syslog-ng
    ln -s ca.pem hash/\$(/usr/bin/openssl x509 -subject_hash -noout -in /mnt/certs/ca.pem).0
    ln -s combinedca.pem hash/\$(/usr/bin/openssl x509 -subject_hash -noout -in /mnt/certs/combinedca.pem).0
    cd /root
    # set permissions on /mnt/certs for vault
    chown -R vault:certaccess /mnt/certs
    # patroni wants 0640 on root-owned files,and key must be root-owned in our case
    chown root:certaccess /mnt/certs/key.pem
    chmod 640 /mnt/certs/key.pem

    # validate the certificates
    echo \"Validating client certificate\"
    if [ -s /mnt/certs/combinedca.pem ] && [ -s /mnt/certs/cert.pem ]; then
        /usr/bin/openssl verify -CAfile /mnt/certs/combinedca.pem /mnt/certs/cert.pem
    fi

    # start consul agent
    service consul start

    # setup certificate rotation script
    echo \"Setting up certificate rotation script\"
    echo \"#!/bin/sh
export VAULT_CLIENT_TIMEOUT=300s
export VAULT_MAX_RETRIES=5
if [ -s /root/login.token ]; then
    LOGINTOKEN=\\\$(/bin/cat /root/login.token)
    HEADER=\\\$(echo \\\"X-Vault-Token: \\\"\\\$LOGINTOKEN)
    (umask 177; /usr/local/bin/curl --cacert /mnt/certs/combinedca.pem --cert /mnt/certs/cert.pem --key /mnt/certs/key.pem --header \\\"\\\$HEADER\\\" --request POST --data @/mnt/templates/payload.json https://\$VAULTSERVER:8200/v1/pki_int/issue/\$DATACENTER > /mnt/certs/vaultissue.json)
    # extract the required certificates to individual files
    /usr/local/bin/jq -r '.data.certificate' /mnt/certs/vaultissue.json > /mnt/certs/cert.pem
    /usr/local/bin/jq -r '.data.issuing_ca' /mnt/certs/vaultissue.json >> /mnt/certs/cert.pem
    (umask 137; /usr/local/bin/jq -r '.data.private_key' /mnt/certs/vaultissue.json > /mnt/certs/key.pem)
    /usr/local/bin/jq -r '.data.issuing_ca' /mnt/certs/vaultissue.json > /mnt/certs/ca.pem
    cd /mnt/certs
    # concat the root CA and intermediary CA into combined file
    cat CA_cert.pem ca.pem > combinedca.pem
    # steps here to hash ca
    ln -s ca.pem hash\$(/usr/bin/openssl x509 -subject_hash -noout -in /mnt/certs/ca.pem).0
    ln -s combinedca.pem hash\$(/usr/bin/openssl x509 -subject_hash -noout -in /mnt/certs/combinedca.pem).0
    cd /root
    # set permissions on /mnt/certs for vault
    chown -R vault:certaccess /mnt/certs
    # patroni wants 0640 on root-owned files,and key must be root-owned in our case
    chown root:certaccess /mnt/certs/key.pem
    chmod 640 /mnt/certs/key.pem
    # restart services
    service consul reload
    service consul status || service consul start
    service syslog-ng restart
    service node_exporter restart
    # restart gives error with port already in use when using this
    #  /usr/local/etc/rc.d/patroni restart
    # so we're using this instead
    /usr/local/bin/patronictl -c /usr/local/etc/patroni/patroni.yml reload postgresql --force
else
    echo \"/root/login.token does not contain a token. Certificates cannot be renewed.\"
fi
\" > /root/rotate-certs.sh

    if [ -f /root/rotate-certs.sh ]; then
        # make executable
        chmod +x /root/rotate-certs.sh
        # add a crontab entry for every hour
        echo \"0 * * * * root /root/rotate-certs.sh >> /mnt/rotate-cert.log 2>&1\" >> /etc/crontab
    fi

    # setup syslog-ng
    # optional remote logging
    if [ ! -z \$REMOTELOG ] && [ \$REMOTELOG != \"null\" ]; then
        if [ -f /root/syslog-ng.conf ]; then
            /usr/bin/sed -i .orig \"s/REMOTELOGIP/\$REMOTELOG/g\" /root/syslog-ng.conf
            cp -f /root/syslog-ng.conf /usr/local/etc/syslog-ng.conf
            # stop syslogd
            service syslogd onestop || true
            # setup sysrc entries to start and set parameters to accept logs from remote subnet
            sysrc syslogd_enable=\"NO\"
            sysrc syslog_ng_enable=\"YES\"
            #sysrc syslog_ng_flags=\"-u daemon\"
            sysrc syslog_ng_flags=\"-R /tmp/syslog-ng.persist\"
            service syslog-ng start
            echo \"syslog-ng setup complete\"
        else
            echo \"/root/syslog-ng.conf is missing?\"
        fi
    else
        echo \"REMOTELOG parameter is not set to an IP address. syslog-ng won't operate.\"
    fi

    # start patroni

    # set patroni variables in /root/patroni.yml before copy
    if [ -f /root/patroni.yml ]; then
        # replace MYNAME with imported variable NODENAME which must be unique
        /usr/bin/sed -i .orig \"s/MYNAME/\$NODENAME/g\" /root/patroni.yml

        # replace MYIP with imported variable IP
        /usr/bin/sed -i .orig \"s/MYIP/\$IP/g\" /root/patroni.yml

        # replace SERVICETAG with imported variable SERVICETAG
        /usr/bin/sed -i .orig \"s/SERVICETAG/\$SERVICETAG/g\" /root/patroni.yml

        # replace CONSULIP with imported variable IP, as using local consul agent
        /usr/bin/sed -i .orig \"s/CONSULIP/\$IP/g\" /root/patroni.yml

        # replace ADMPASS with imported variable ADMPASS
        /usr/bin/sed -i .orig \"s/ADMPASS/\$ADMPASS/g\" /root/patroni.yml

        # replace KEKPASS with imported variable KEKPASS
        /usr/bin/sed -i .orig \"s/KEKPASS/\$KEKPASS/g\" /root/patroni.yml

        # replace REPPASS with imported variable REPPASS
        /usr/bin/sed -i .orig \"s/REPPASS/\$REPPASS/g\" /root/patroni.yml
    fi

    # create /usr/local/etc/patroni/
    mkdir -p /usr/local/etc/patroni/

    # copy the file to startup location
    cp /root/patroni.yml /usr/local/etc/patroni/patroni.yml

    # copy patroni startup script to /usr/local/etc/rc.d/
    cp /root/patroni.rc /usr/local/etc/rc.d/patroni

    # enable postgresql
    service postgresql enable
    sysrc postgresql_data=\"/mnt/postgres/data/\"

    # enable patroni
    service patroni enable

    # if persistent storage doesn't exist, create and copy in /var/db/postgres
    if [ ! -d /mnt/postgres ]; then
        mkdir -p /mnt/postgres/data
    fi

    if [ -d /mnt/postgres ]; then
        chown -R postgres:postgres /mnt/postgres/
        chmod -R 0750 /mnt/postgres/
    fi

    # modify postgres user homedir to /mnt/postgres/data
    /usr/sbin/pw usermod -n postgres -d /mnt/postgres/data -s /bin/sh

    # end postgresql

    # setup script to query patroni status
    echo \"#!/bin/sh
/usr/local/bin/curl -s --cacert /mnt/certs/combinedca.pem --cert /mnt/certs/cert.pem --key /mnt/certs/key.pem https://127.0.0.1:8008/patroni | /usr/local/bin/jq .
\" > /root/verifynode.sh

    # make executable
    chmod +x /root/verifynode.sh

    # setup script to query cluster status
    echo \"#!/bin/sh
/usr/local/bin/curl -s --cacert /mnt/certs/combinedca.pem --cert /mnt/certs/cert.pem --key /mnt/certs/key.pem https://127.0.0.1:8008/cluster | /usr/local/bin/jq .
\" > /root/verifycluster.sh

    # make executable
    chmod +x /root/verifycluster.sh

    # start patroni, which should start postgresql
    service patroni start
    service postgres_exporter start
else
    echo \"ERROR: There was a problem logging into vault and no certificates were retrieved. Vault not started. Nor other services\"
fi

# node exporter needs tls setup
echo \"tls_server_config:
  cert_file: /mnt/certs/cert.pem
  key_file: /mnt/certs/key.pem
\" > /usr/local/etc/node-exporter.yml

# enable node_exporter service
# add node_exporter user
/usr/sbin/pw useradd -n nodeexport -c 'nodeexporter user' -m -s /usr/bin/nologin -h -

# invite node_exporter to certaccess group
/usr/sbin/pw usermod nodeexport -G certaccess

# enable node_exporter service
service node_exporter enable
sysrc node_exporter_args=\"--web.config=/usr/local/etc/node-exporter.yml\"
sysrc node_exporter_user=nodeexport
sysrc node_exporter_group=nodeexport

# start node_exporter
service node_exporter start

# ADJUST THIS: START THE SERVICES AGAIN AFTER CONFIGURATION

#
# Do not touch this:
touch /usr/local/etc/pot-is-seasoned

# If this pot flavour is blocking (i.e. it should not return), there is no /tmp/environment.sh
# created by pot and we now after configuration block indefinitely
if [ \"\$RUNS_IN_NOMAD\" = \"true\" ]
then
    /bin/sh /etc/rc
    tail -f /dev/null
fi
" > /usr/local/bin/cook

# ----------------- END COOK ------------------


# ---------- NO NEED TO EDIT BELOW ------------

step "Make cook script executable"
if [ -e /usr/local/bin/cook ]
then
    echo "setting executable bit on /usr/local/bin/cook" | tee -a $COOKLOG
    chmod u+x /usr/local/bin/cook
else
    exit_error "there is no /usr/local/bin/cook to make executable"
fi

#
# There are two ways of running a pot jail: "Normal", non-blocking mode and
# "Nomad", i.e. blocking mode (the pot start command does not return until
# the jail is stopped).
# For the normal mode, we create a /usr/local/etc/rc.d script that starts
# the "cook" script generated above each time, for the "Nomad" mode, the cook
# script is started by pot (configuration through flavour file), therefore
# we do not need to do anything here.
#

# Create rc.d script for "normal" mode:
step "Create rc.d script to start cook"
echo "creating rc.d script to start cook" | tee -a $COOKLOG

echo "#!/bin/sh
#
# PROVIDE: cook
# REQUIRE: LOGIN
# KEYWORD: shutdown
#
. /etc/rc.subr
name=\"cook\"
rcvar=\"cook_enable\"
load_rc_config \$name
: \${cook_enable:=\"NO\"}
: \${cook_env:=\"\"}
command=\"/usr/local/bin/cook\"
command_args=\"\"
run_rc_command \"\$1\"
" > /usr/local/etc/rc.d/cook

step "Make rc.d script to start cook executable"
if [ -e /usr/local/etc/rc.d/cook ]
then
  echo "Setting executable bit on cook rc file" | tee -a $COOKLOG
  chmod u+x /usr/local/etc/rc.d/cook
else
  exit_error "/usr/local/etc/rc.d/cook does not exist"
fi

if [ "$RUNS_IN_NOMAD" != "true" ]
then
  step "Enable cook service"
  # This is a non-nomad (non-blocking) jail, so we need to make sure the script
  # gets started when the jail is started:
  # Otherwise, /usr/local/bin/cook will be set as start script by the pot flavour
  echo "enabling cook" | tee -a $COOKLOG
  service cook enable
fi

# -------------------- DONE ---------------
exit_ok

postgresql-patroni/postgresql-patroni+1:
postgresql-patroni/postgresql-patroni+1.sh:

postgresql-patroni/postgresql-patroni+2:
postgresql-patroni/postgresql-patroni+2.sh:

postgresql-patroni/postgresql-patroni+3:
postgresql-patroni/postgresql-patroni+3.sh:

postgresql-patroni/postgresql-patroni+4:
postgresql-patroni/postgresql-patroni+4.sh:
Password:===>  Creating a new pot
===>  pot name : postgresql-patroni-amd64-13_0
===>  type : single
===>  base : 13.0
===>  pot_base :
===>  level : 0
===>  network-type : public-bridge
===>  network-stack: ipv4
===>  ip : 10.192.0.3
===>  bridge :
===>  dns : inherit
===>  flavours : fbsd-update postgresql-patroni postgresql-patroni+1 postgresql-patroni+2 postgresql-patroni+3 postgresql-patroni+4
===>  Fetching FreeBSD 13.0
===>  Extract the tarball
=====>  Flavour: fbsd-update
=====>  Starting postgresql-patroni-amd64-13_0 pot for the initial bootstrap
=====>  mount /mnt/data/pot/jails/postgresql-patroni-amd64-13_0/m/tmp
defaultrouter: NO -> 10.192.0.1
===>  Starting the pot postgresql-patroni-amd64-13_0
ELF ldconfig path: /lib /usr/lib /usr/lib/compat
32-bit compatibility ldconfig path: /usr/lib32
Starting Network: lo0 epair0b.
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
	options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
	inet6 ::1 prefixlen 128
	inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
	inet 127.0.0.1 netmask 0xff000000
	groups: lo
	nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
epair0b: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=8<VLAN_MTU>
	ether 02:5d:59:dc:39:0b
	inet 10.192.0.3 netmask 0xffc00000 broadcast 10.255.255.255
	groups: epair
	media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
	status: active
	nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
add host 127.0.0.1: gateway lo0 fib 0: route already in table
add net default: gateway 10.192.0.1
add host ::1: gateway lo0 fib 0: route already in table
add net fe80::: gateway ::1
add net ff02::: gateway ::1
add net ::ffff:0.0.0.0: gateway ::1
add net ::0.0.0.0: gateway ::1
Updating /var/run/os-release done.
Creating and/or trimming log files.
Clearing /tmp (X related).
Updating motd:.
Starting syslogd.
Starting sendmail_submit.
Starting sendmail_msp_queue.
Starting cron.

Fri Aug 27 20:02:49 UTC 2021
/usr/local/etc/pot/flavours/fbsd-update.sh -> /mnt/data/pot/jails/postgresql-patroni-amd64-13_0/m/tmp/fbsd-update.sh
=====>  Executing fbsd-update script on postgresql-patroni-amd64-13_0
src component not installed, skipped
Looking up update.FreeBSD.org mirrors... 2 mirrors found.
Fetching public key from update1.freebsd.org... done.
Fetching metadata signature for 13.0-RELEASE from update1.freebsd.org... done.
Fetching metadata index... done.
Fetching 2 metadata files... done.
Inspecting system... done.
Preparing to download files... done.
Fetching 24 patches.....10....20.. done.
Applying patches... done.
Fetching 6 files... ... done.
The following files will be added as part of updating to
13.0-RELEASE-p4:
/usr/include/c++/v1/barrier
/usr/include/c++/v1/concepts
/usr/include/c++/v1/execution
/usr/include/c++/v1/latch
/usr/include/c++/v1/numbers
/usr/include/c++/v1/semaphore
/usr/include/c++/v1/tr1/barrier
/usr/include/c++/v1/tr1/concepts
/usr/include/c++/v1/tr1/execution
/usr/include/c++/v1/tr1/latch
/usr/include/c++/v1/tr1/numbers
/usr/include/c++/v1/tr1/semaphore
The following files will be updated as part of updating to
13.0-RELEASE-p4:
/bin/freebsd-version
/lib/libcasper.so.1
/lib/libcrypto.so.111
/rescue/[
/rescue/bectl
/rescue/bsdlabel
/rescue/bunzip2
/rescue/bzcat
/rescue/bzip2
/rescue/camcontrol
/rescue/cat
/rescue/ccdconfig
/rescue/chflags
/rescue/chgrp
/rescue/chio
/rescue/chmod
/rescue/chown
/rescue/chroot
/rescue/clri
/rescue/cp
/rescue/csh
/rescue/date
/rescue/dd
/rescue/devfs
/rescue/df
/rescue/dhclient
/rescue/disklabel
/rescue/dmesg
/rescue/dump
/rescue/dumpfs
/rescue/dumpon
/rescue/echo
/rescue/ed
/rescue/ex
/rescue/expr
/rescue/fastboot
/rescue/fasthalt
/rescue/fdisk
/rescue/fsck
/rescue/fsck_4.2bsd
/rescue/fsck_ffs
/rescue/fsck_msdosfs
/rescue/fsck_ufs
/rescue/fsdb
/rescue/fsirand
/rescue/gbde
/rescue/geom
/rescue/getfacl
/rescue/glabel
/rescue/gpart
/rescue/groups
/rescue/gunzip
/rescue/gzcat
/rescue/gzip
/rescue/halt
/rescue/head
/rescue/hostname
/rescue/id
/rescue/ifconfig
/rescue/init
/rescue/ipf
/rescue/iscsictl
/rescue/iscsid
/rescue/kenv
/rescue/kill
/rescue/kldconfig
/rescue/kldload
/rescue/kldstat
/rescue/kldunload
/rescue/ldconfig
/rescue/less
/rescue/link
/rescue/ln
/rescue/ls
/rescue/lzcat
/rescue/lzma
/rescue/md5
/rescue/mdconfig
/rescue/mdmfs
/rescue/mkdir
/rescue/mknod
/rescue/more
/rescue/mount
/rescue/mount_cd9660
/rescue/mount_msdosfs
/rescue/mount_nfs
/rescue/mount_nullfs
/rescue/mount_udf
/rescue/mount_unionfs
/rescue/mt
/rescue/mv
/rescue/nc
/rescue/newfs
/rescue/newfs_msdos
/rescue/nos-tun
/rescue/pgrep
/rescue/ping
/rescue/ping6
/rescue/pkill
/rescue/poweroff
/rescue/ps
/rescue/pwd
/rescue/rcorder
/rescue/rdump
/rescue/realpath
/rescue/reboot
/rescue/red
/rescue/rescue
/rescue/restore
/rescue/rm
/rescue/rmdir
/rescue/route
/rescue/routed
/rescue/rrestore
/rescue/rtquery
/rescue/rtsol
/rescue/savecore
/rescue/sed
/rescue/setfacl
/rescue/sh
/rescue/shutdown
/rescue/sleep
/rescue/spppcontrol
/rescue/stty
/rescue/swapon
/rescue/sync
/rescue/sysctl
/rescue/tail
/rescue/tar
/rescue/tcsh
/rescue/tee
/rescue/test
/rescue/tunefs
/rescue/umount
/rescue/unlink
/rescue/unlzma
/rescue/unxz
/rescue/unzstd
/rescue/vi
/rescue/whoami
/rescue/xz
/rescue/xzcat
/rescue/zcat
/rescue/zdb
/rescue/zfs
/rescue/zpool
/rescue/zstd
/rescue/zstdcat
/rescue/zstdmt
/sbin/ggatec
/usr/bin/bc
/usr/bin/dc
/usr/bin/openssl
/usr/include/openssl/opensslv.h
/usr/lib/libcrypto.a
/usr/lib/libcrypto_p.a
/usr/lib/libfetch.a
/usr/lib/libfetch.so.6
/usr/lib/libfetch_p.a
/usr/lib/libradius.a
/usr/lib/libradius.so.4
/usr/lib/libradius_p.a
/usr/lib/libssl.a
/usr/lib/libssl.so.111
/usr/lib/libssl_p.a
/usr/sbin/bhyve
/usr/sbin/hostapd
/usr/sbin/ntp-keygen
/usr/sbin/wpa_cli
/usr/sbin/wpa_supplicant
Installing updates...Scanning //usr/share/certs/blacklisted for certificates...
Scanning //usr/share/certs/trusted for certificates...
 done.
=====>  Stop the pot postgresql-patroni-amd64-13_0
=====>  Remove epair0[a|b] network interfaces
=====>  unmount /mnt/data/pot/jails/postgresql-patroni-amd64-13_0/m/tmp
=====>  unmount /mnt/data/pot/jails/postgresql-patroni-amd64-13_0/m/dev
=====>  Flavour: postgresql-patroni
=====>  Executing postgresql-patroni pot commands on postgresql-patroni-amd64-13_0
=====>  mount /mnt/data/pot/jails/postgresql-patroni-amd64-13_0/m/tmp
/usr/local/etc/pot/flavours/postgresql-patroni.d/patroni.rc -> /mnt/data/pot/jails/postgresql-patroni-amd64-13_0/m/root/patroni.rc
=====>  Source /usr/local/etc/pot/flavours/postgresql-patroni.d/patroni.rc copied in the pot postgresql-patroni-amd64-13_0
=====>  unmount /mnt/data/pot/jails/postgresql-patroni-amd64-13_0/m/tmp
=====>  /mnt/data/pot/jails/postgresql-patroni-amd64-13_0/m/dev is already unmounted
=====>  mount /mnt/data/pot/jails/postgresql-patroni-amd64-13_0/m/tmp
/usr/local/etc/pot/flavours/postgresql-patroni.d/patroni.yml -> /mnt/data/pot/jails/postgresql-patroni-amd64-13_0/m/root/patroni.yml
=====>  Source /usr/local/etc/pot/flavours/postgresql-patroni.d/patroni.yml copied in the pot postgresql-patroni-amd64-13_0
=====>  unmount /mnt/data/pot/jails/postgresql-patroni-amd64-13_0/m/tmp
=====>  /mnt/data/pot/jails/postgresql-patroni-amd64-13_0/m/dev is already unmounted
=====>  mount /mnt/data/pot/jails/postgresql-patroni-amd64-13_0/m/tmp
/usr/local/etc/pot/flavours/postgresql-patroni.d/syslog-ng.conf -> /mnt/data/pot/jails/postgresql-patroni-amd64-13_0/m/root/syslog-ng.conf
=====>  Source /usr/local/etc/pot/flavours/postgresql-patroni.d/syslog-ng.conf copied in the pot postgresql-patroni-amd64-13_0
=====>  unmount /mnt/data/pot/jails/postgresql-patroni-amd64-13_0/m/tmp
=====>  /mnt/data/pot/jails/postgresql-patroni-amd64-13_0/m/dev is already unmounted
=====>  Starting postgresql-patroni-amd64-13_0 pot for the initial bootstrap
=====>  mount /mnt/data/pot/jails/postgresql-patroni-amd64-13_0/m/tmp
defaultrouter: 10.192.0.1 -> 10.192.0.1
===>  Starting the pot postgresql-patroni-amd64-13_0
ELF ldconfig path: /lib /usr/lib /usr/lib/compat
32-bit compatibility ldconfig path: /usr/lib32
Starting Network: lo0 epair0b.
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
	options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
	inet6 ::1 prefixlen 128
	inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
	inet 127.0.0.1 netmask 0xff000000
	groups: lo
	nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
epair0b: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=8<VLAN_MTU>
	ether 02:23:de:21:c0:0b
	inet 10.192.0.3 netmask 0xffc00000 broadcast 10.255.255.255
	groups: epair
	media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
	status: active
	nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
add host 127.0.0.1: gateway lo0 fib 0: route already in table
add net default: gateway 10.192.0.1
add host ::1: gateway lo0 fib 0: route already in table
add net fe80::: gateway ::1
add net ff02::: gateway ::1
add net ::ffff:0.0.0.0: gateway ::1
add net ::0.0.0.0: gateway ::1
Updating /var/run/os-release done.
Creating and/or trimming log files.
Clearing /tmp (X related).
Updating motd:.
Starting syslogd.
Starting sendmail_submit.
Starting sendmail_msp_queue.
Starting cron.

Fri Aug 27 20:03:25 UTC 2021
/usr/local/etc/pot/flavours/postgresql-patroni.sh -> /mnt/data/pot/jails/postgresql-patroni-amd64-13_0/m/tmp/postgresql-patroni.sh
=====>  Executing postgresql-patroni script on postgresql-patroni-amd64-13_0
Creating /var/log/cook.log
Step 1: Bootstrap package repo
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] Installing pkg-1.16.3...
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] Extracting pkg-1.16.3: .......... done
Bootstrapping pkg from pkg+http://pkg.FreeBSD.org/FreeBSD:13:amd64/quarterly, please wait...
Step 2: Touch /etc/rc.conf
Step 3: Remove ifconfig_epair0b from config
Step 4: Disable sendmail
sendmail disabled in /etc/rc.conf
sendmail_submit disabled in /etc/rc.conf
sendmail_msp_queue disabled in /etc/rc.conf
Step 5: Create /usr/local/etc/rc.d
Step 6: Update package repository
Updating FreeBSD repository catalogue...
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] Fetching meta.conf: . done
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] Fetching packagesite.txz: .......... done
Processing entries: .......... done
FreeBSD repository update completed. 30742 packages processed.
All repositories are up to date.
Step 7: Install package sudo
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
Updating database digests format: . done
The following 3 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
	gettext-runtime: 0.21
	indexinfo: 0.3.1
	sudo: 1.9.7p1

Number of packages to be installed: 3

The process will require 7 MiB more space.
2 MiB to be downloaded.
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [1/3] Fetching sudo-1.9.7p1.txz: .......... done
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [2/3] Fetching gettext-runtime-0.21.txz: .......... done
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [3/3] Fetching indexinfo-0.3.1.txz: . done
Checking integrity... done (0 conflicting)
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [1/3] Installing indexinfo-0.3.1...
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [1/3] Extracting indexinfo-0.3.1: .... done
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [2/3] Installing gettext-runtime-0.21...
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [2/3] Extracting gettext-runtime-0.21: .......... done
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [3/3] Installing sudo-1.9.7p1...
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [3/3] Extracting sudo-1.9.7p1: .......... done
Step 8: Install package openssl
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 1 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
	openssl: 1.1.1k_1,1

Number of packages to be installed: 1

The process will require 14 MiB more space.
4 MiB to be downloaded.
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [1/1] Fetching openssl-1.1.1k_1,1.txz: .......... done
Checking integrity... done (0 conflicting)
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [1/1] Installing openssl-1.1.1k_1,1...
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [1/1] Extracting openssl-1.1.1k_1,1: .......... done
Step 9: Install package vault
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 1 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
	vault: 1.7.3

Number of packages to be installed: 1

The process will require 149 MiB more space.
49 MiB to be downloaded.
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [1/1] Fetching vault-1.7.3.txz: .......... done
Checking integrity... done (0 conflicting)
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [1/1] Installing vault-1.7.3...
===> Creating groups.
Creating group 'vault' with gid '471'.
===> Creating users
Creating user 'vault' with uid '471'.
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [1/1] Extracting vault-1.7.3: ..... done
=====
Message from vault-1.7.3:

--
The vault user created by the vault package is now a member of the daemon
class, which will allow it to use mlock() when started by the rc script. This
will not be reflected in systems where the user already exists. Please add the
vault user to the daemon class manually by running:

pw usermod -L daemon -n vault

or delete the user and reinstall the package.

You may also need to increase memorylocked for the daemon class in
/etc/login.conf to 1024M or more and run:

cap_mkdb /etc/login.conf

Or to disable mlock, add:

disable_mlock = 1

to /usr/local/etc/vault.hcl
Step 10: Install package consul
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 1 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
	consul: 1.9.5

Number of packages to be installed: 1

The process will require 78 MiB more space.
27 MiB to be downloaded.
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [1/1] Fetching consul-1.9.5.txz: .......... done
Checking integrity... done (0 conflicting)
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [1/1] Installing consul-1.9.5...
===> Creating groups.
Creating group 'consul' with gid '469'.
===> Creating users
Creating user 'consul' with uid '469'.
===> Creating homedir(s)
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [1/1] Extracting consul-1.9.5: ..... done
Step 11: Install package node_exporter
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 1 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
	node_exporter: 1.1.2

Number of packages to be installed: 1

The process will require 11 MiB more space.
3 MiB to be downloaded.
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [1/1] Fetching node_exporter-1.1.2.txz: .......... done
Checking integrity... done (0 conflicting)
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [1/1] Installing node_exporter-1.1.2...
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [1/1] Extracting node_exporter-1.1.2: .......... done
=====
Message from node_exporter-1.1.2:

--
If upgrading from a version of node_exporter <0.15.0 you'll need to update any
custom command line flags that you may have set as it now requires a
double-dash (--flag) instead of a single dash (-flag).
The collector flags in 0.15.0 have now been replaced with individual boolean
flags and the -collector.procfs` and -collector.sysfs` flags have been renamed
to --path.procfs and --path.sysfs respectively.
Step 12: Install package syslog-ng
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 14 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
	ca_root_nss: 3.63
	curl: 7.78.0
	e2fsprogs-libuuid: 1.46.4
	glib: 2.66.8,2
	json-c: 0.15_1
	libffi: 3.3_1
	libiconv: 1.16
	libnghttp2: 1.43.0
	libxml2: 2.9.12
	mpdecimal: 2.5.1
	pcre: 8.44
	python38: 3.8.10
	readline: 8.1.1
	syslog-ng: 3.32.1

Number of packages to be installed: 14

The process will require 165 MiB more space.
26 MiB to be downloaded.
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [1/14] Fetching syslog-ng-3.32.1.txz: .......... done
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [2/14] Fetching e2fsprogs-libuuid-1.46.4.txz: ..... done
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [3/14] Fetching curl-7.78.0.txz: .......... done
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [4/14] Fetching libnghttp2-1.43.0.txz: .......... done
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [5/14] Fetching ca_root_nss-3.63.txz: .......... done
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [6/14] Fetching pcre-8.44.txz: .......... done
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [7/14] Fetching json-c-0.15_1.txz: ........ done
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [8/14] Fetching glib-2.66.8,2.txz: .......... done
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [9/14] Fetching libxml2-2.9.12.txz: .......... done
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [10/14] Fetching python38-3.8.10.txz: .......... done
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [11/14] Fetching mpdecimal-2.5.1.txz: .......... done
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [12/14] Fetching readline-8.1.1.txz: .......... done
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [13/14] Fetching libffi-3.3_1.txz: ..... done
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [14/14] Fetching libiconv-1.16.txz: .......... done
Checking integrity... done (0 conflicting)
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [1/14] Installing mpdecimal-2.5.1...
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [1/14] Extracting mpdecimal-2.5.1: .......... done
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [2/14] Installing readline-8.1.1...
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [2/14] Extracting readline-8.1.1: .......... done
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [3/14] Installing libffi-3.3_1...
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [3/14] Extracting libffi-3.3_1: .......... done
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [4/14] Installing libnghttp2-1.43.0...
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [4/14] Extracting libnghttp2-1.43.0: .......... done
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [5/14] Installing ca_root_nss-3.63...
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [5/14] Extracting ca_root_nss-3.63: ........ done
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [6/14] Installing pcre-8.44...
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [6/14] Extracting pcre-8.44: .......... done
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [7/14] Installing libxml2-2.9.12...
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [7/14] Extracting libxml2-2.9.12: .......... done
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [8/14] Installing python38-3.8.10...
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [8/14] Extracting python38-3.8.10: .......... done
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [9/14] Installing libiconv-1.16...
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [9/14] Extracting libiconv-1.16: .......... done
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [10/14] Installing e2fsprogs-libuuid-1.46.4...
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [10/14] Extracting e2fsprogs-libuuid-1.46.4: .......... done
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [11/14] Installing curl-7.78.0...
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [11/14] Extracting curl-7.78.0: .......... done
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [12/14] Installing json-c-0.15_1...
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [12/14] Extracting json-c-0.15_1: .......... done
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [13/14] Installing glib-2.66.8,2...
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [13/14] Extracting glib-2.66.8,2: .......... done
No schema files found: doing nothing.
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [14/14] Installing syslog-ng-3.32.1...
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [14/14] Extracting syslog-ng-3.32.1: .......... done
=====
Message from ca_root_nss-3.63:

--
FreeBSD does not, and can not warrant that the certification authorities
whose certificates are included in this package have in any way been
audited for trustworthiness or RFC 3647 compliance.

Assessment and verification of trust is the complete responsibility of the
system administrator.


This package installs symlinks to support root certificates discovery by
default for software that uses OpenSSL.

This enables SSL Certificate Verification by client software without manual
intervention.

If you prefer to do this manually, replace the following symlinks with
either an empty file or your site-local certificate bundle.

  * /etc/ssl/cert.pem
  * /usr/local/etc/ssl/cert.pem
  * /usr/local/openssl/cert.pem
=====
Message from python38-3.8.10:

--
Note that some standard Python modules are provided as separate ports
as they require additional dependencies. They are available as:

py38-gdbm       databases/py-gdbm@py38
py38-sqlite3    databases/py-sqlite3@py38
py38-tkinter    x11-toolkits/py-tkinter@py38
=====
Message from syslog-ng-3.32.1:

--
syslog-ng is now installed!  To replace FreeBSD's standard syslogd
(/usr/sbin/syslogd), complete these steps:

1. Create a configuration file named /usr/local/etc/syslog-ng.conf
   (a sample named syslog-ng.conf.sample has been included in
   /usr/local/etc). Note that this is a change in 2.0.2
   version, previous ones put the config file in
   /usr/local/etc/syslog-ng/syslog-ng.conf, so if this is an update
   move that file in the right place

2. Configure syslog-ng to start automatically by adding the following
   to /etc/rc.conf:

        syslog_ng_enable="YES"

3. Prevent the standard FreeBSD syslogd from starting automatically by
   adding a line to the end of your /etc/rc.conf file that reads:

        syslogd_enable="NO"

4. Shut down the standard FreeBSD syslogd:

     kill `cat /var/run/syslog.pid`

5. Start syslog-ng:

     /usr/local/etc/rc.d/syslog-ng start
Step 13: Install package postgresql-server
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 7 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
	icu: 69.1,1
	libedit: 3.1.20210216,1
	llvm11: 11.0.1
	lua52: 5.2.4
	perl5: 5.32.1_1
	postgresql13-client: 13.3
	postgresql13-server: 13.3_1

Number of packages to be installed: 7

The process will require 872 MiB more space.
147 MiB to be downloaded.
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [1/7] Fetching postgresql13-server-13.3_1.txz: .......... done
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [2/7] Fetching llvm11-11.0.1.txz: .......... done
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [3/7] Fetching perl5-5.32.1_1.txz: .......... done
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [4/7] Fetching lua52-5.2.4.txz: .......... done
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [5/7] Fetching libedit-3.1.20210216,1.txz: .......... done
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [6/7] Fetching icu-69.1,1.txz: .......... done
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [7/7] Fetching postgresql13-client-13.3.txz: .......... done
Checking integrity... done (0 conflicting)
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [1/7] Installing libedit-3.1.20210216,1...
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [1/7] Extracting libedit-3.1.20210216,1: .......... done
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [2/7] Installing perl5-5.32.1_1...
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [2/7] Extracting perl5-5.32.1_1: .......... done
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [3/7] Installing lua52-5.2.4...
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [3/7] Extracting lua52-5.2.4: ......... done
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [4/7] Installing llvm11-11.0.1...
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [4/7] Extracting llvm11-11.0.1: .......... done
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [5/7] Installing icu-69.1,1...
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [5/7] Extracting icu-69.1,1: .......... done
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [6/7] Installing postgresql13-client-13.3...
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [6/7] Extracting postgresql13-client-13.3: .......... done
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [7/7] Installing postgresql13-server-13.3_1...
===> Creating groups.
Creating group 'postgres' with gid '770'.
===> Creating users
Creating user 'postgres' with uid '770'.
===> Creating homedir(s)

  =========== BACKUP YOUR DATA! =============
  As always, backup your data before
  upgrading. If the upgrade leads to a higher
  major revision (e.g. 9.6 -> 10), a dump
  and restore of all databases is
  required. This is *NOT* done by the port!
  See https://www.postgresql.org/docs/current/upgrading.html
  ===========================================
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [7/7] Extracting postgresql13-server-13.3_1: .......... done
=====
Message from postgresql13-client-13.3:

--
The PostgreSQL port has a collection of "side orders":

postgresql-docs
  For all of the html documentation

p5-Pg
  A perl5 API for client access to PostgreSQL databases.

postgresql-tcltk 
  If you want tcl/tk client support.

postgresql-jdbc
  For Java JDBC support.

postgresql-odbc
  For client access from unix applications using ODBC as access
  method. Not needed to access unix PostgreSQL servers from Win32
  using ODBC. See below.

ruby-postgres, py-psycopg2
  For client access to PostgreSQL databases using the ruby & python
  languages.

postgresql-plperl, postgresql-pltcl & postgresql-plruby
  For using perl5, tcl & ruby as procedural languages.

postgresql-contrib
  Lots of contributed utilities, postgresql functions and
  datatypes. There you find pg_standby, pgcrypto and many other cool
  things.

etc...
=====
Message from postgresql13-server-13.3_1:

--
For procedural languages and postgresql functions, please note that
you might have to update them when updating the server.

If you have many tables and many clients running, consider raising
kern.maxfiles using sysctl(8), or reconfigure your kernel
appropriately.

The port is set up to use autovacuum for new databases, but you might
also want to vacuum and perhaps backup your database regularly. There
is a periodic script, /usr/local/etc/periodic/daily/502.pgsql, that
you may find useful. You can use it to backup and perform vacuum on all
databases nightly. Per default, it performs `vacuum analyze'. See the
script for instructions. For autovacuum settings, please review
~postgres/data/postgresql.conf.

If you plan to access your PostgreSQL server using ODBC, please
consider running the SQL script /usr/local/share/postgresql/odbc.sql
to get the functions required for ODBC compliance.

Please note that if you use the rc script,
/usr/local/etc/rc.d/postgresql, to initialize the database, unicode
(UTF-8) will be used to store character data by default.  Set
postgresql_initdb_flags or use login.conf settings described below to
alter this behaviour. See the start rc script for more info.

To set limits, environment stuff like locale and collation and other
things, you can set up a class in /etc/login.conf before initializing
the database. Add something similar to this to /etc/login.conf:
---
postgres:\
	:lang=en_US.UTF-8:\
	:setenv=LC_COLLATE=C:\
	:tc=default:
---
and run `cap_mkdb /etc/login.conf'.
Then add 'postgresql_class="postgres"' to /etc/rc.conf.

======================================================================

To initialize the database, run

  /usr/local/etc/rc.d/postgresql initdb

You can then start PostgreSQL by running:

  /usr/local/etc/rc.d/postgresql start

For postmaster settings, see ~postgres/data/postgresql.conf

NB. FreeBSD's PostgreSQL port logs to syslog by default
    See ~postgres/data/postgresql.conf for more info

NB. If you're not using a checksumming filesystem like ZFS, you might
    wish to enable data checksumming. It can be enabled during
    the initdb phase, by adding the "--data-checksums" flag to
    the postgresql_initdb_flags rcvar. Otherwise you can enable it later by
    pg_checksums.  Check the initdb(1) manpage for more info
    and make sure you understand the performance implications.

======================================================================

To run PostgreSQL at startup, add
'postgresql_enable="YES"' to /etc/rc.conf
Step 14: Install package postgresql-client
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
Checking integrity... done (0 conflicting)
The most recent versions of packages are already installed
Step 15: Install package python37
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
Checking integrity... done (0 conflicting)
The most recent versions of packages are already installed
Step 16: Install package python3-pip
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 2 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
	py38-pip: 20.3.4
	py38-setuptools: 57.0.0

Number of packages to be installed: 2

The process will require 19 MiB more space.
3 MiB to be downloaded.
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [1/2] Fetching py38-pip-20.3.4.txz: .......... done
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [2/2] Fetching py38-setuptools-57.0.0.txz: .......... done
Checking integrity... done (0 conflicting)
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [1/2] Installing py38-setuptools-57.0.0...
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [1/2] Extracting py38-setuptools-57.0.0: .......... done
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [2/2] Installing py38-pip-20.3.4...
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [2/2] Extracting py38-pip-20.3.4: .......... done
=====
Message from py38-pip-20.3.4:

--
pip MUST ONLY be used:

 * With the --user flag, OR
 * To install or manage Python packages in virtual environments

Failure to follow this warning can and will result in an inconsistent
system-wide Python environment (LOCALBASE/lib/pythonX.Y/site-packages) and
cause errors.

Avoid using pip as root unless you know what you're doing.
Step 17: Install package python-consul2
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 12 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
	py38-certifi: 2021.5.30
	py38-cffi: 1.14.5
	py38-chardet: 4.0.0,1
	py38-cryptography: 3.3.2
	py38-idna: 2.10
	py38-openssl: 20.0.1
	py38-pycparser: 2.20
	py38-pysocks: 1.7.1
	py38-python-consul2: 0.1.5
	py38-requests: 2.25.1
	py38-six: 1.16.0
	py38-urllib3: 1.25.11,1

Number of packages to be installed: 12

The process will require 10 MiB more space.
1 MiB to be downloaded.
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [1/12] Fetching py38-python-consul2-0.1.5.txz: ...... done
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [2/12] Fetching py38-requests-2.25.1.txz: .......... done
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [3/12] Fetching py38-chardet-4.0.0,1.txz: .......... done
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [4/12] Fetching py38-certifi-2021.5.30.txz: .......... done
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [5/12] Fetching py38-urllib3-1.25.11,1.txz: .......... done
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [6/12] Fetching py38-openssl-20.0.1.txz: .......... done
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [7/12] Fetching py38-cryptography-3.3.2.txz: .......... done
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [8/12] Fetching py38-six-1.16.0.txz: ... done
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [9/12] Fetching py38-cffi-1.14.5.txz: .......... done
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [10/12] Fetching py38-pycparser-2.20.txz: .......... done
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [11/12] Fetching py38-pysocks-1.7.1.txz: ... done
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [12/12] Fetching py38-idna-2.10.txz: ......... done
Checking integrity... done (0 conflicting)
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [1/12] Installing py38-pycparser-2.20...
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [1/12] Extracting py38-pycparser-2.20: .......... done
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [2/12] Installing py38-six-1.16.0...
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [2/12] Extracting py38-six-1.16.0: .......... done
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [3/12] Installing py38-cffi-1.14.5...
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [3/12] Extracting py38-cffi-1.14.5: .......... done
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [4/12] Installing py38-cryptography-3.3.2...
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [4/12] Extracting py38-cryptography-3.3.2: .......... done
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [5/12] Installing py38-certifi-2021.5.30...
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [5/12] Extracting py38-certifi-2021.5.30: .......... done
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [6/12] Installing py38-openssl-20.0.1...
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [6/12] Extracting py38-openssl-20.0.1: .......... done
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [7/12] Installing py38-pysocks-1.7.1...
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [7/12] Extracting py38-pysocks-1.7.1: .......... done
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [8/12] Installing py38-idna-2.10...
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [8/12] Extracting py38-idna-2.10: .......... done
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [9/12] Installing py38-chardet-4.0.0,1...
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [9/12] Extracting py38-chardet-4.0.0,1: .......... done
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [10/12] Installing py38-urllib3-1.25.11,1...
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [10/12] Extracting py38-urllib3-1.25.11,1: .......... done
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [11/12] Installing py38-requests-2.25.1...
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [11/12] Extracting py38-requests-2.25.1: .......... done
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [12/12] Installing py38-python-consul2-0.1.5...
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [12/12] Extracting py38-python-consul2-0.1.5: .......... done
=====
Message from py38-urllib3-1.25.11,1:

--
Since version 1.25 HTTPS connections are now verified by default which is done
via "cert_reqs = 'CERT_REQUIRED'".  While certificate verification can be
disabled via "cert_reqs = 'CERT_NONE'", it's highly recommended to leave it on.

Various consumers of net/py-urllib3 already have implemented routines that
either explicitly enable or disable HTTPS certificate verification (e.g. via
configuration settings, CLI arguments, etc.).

Yet it may happen that there are still some consumers which don't explicitly
enable/disable certificate verification for HTTPS connections which could then
lead to errors (as is often the case with self-signed certificates).

In case of an error one should try first to temporarily disable certificate
verification of the problematic urllib3 consumer to see if that approach will
remedy the issue.
Step 18: Install package curl
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
Checking integrity... done (0 conflicting)
The most recent versions of packages are already installed
Step 19: Install package jq
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 2 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
	jq: 1.6
	oniguruma: 6.9.7.1

Number of packages to be installed: 2

The process will require 2 MiB more space.
500 KiB to be downloaded.
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [1/2] Fetching jq-1.6.txz: .......... done
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [2/2] Fetching oniguruma-6.9.7.1.txz: .......... done
Checking integrity... done (0 conflicting)
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [1/2] Installing oniguruma-6.9.7.1...
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [1/2] Extracting oniguruma-6.9.7.1: .......... done
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [2/2] Installing jq-1.6...
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [2/2] Extracting jq-1.6: .......... done
Step 20: Install package jo
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 1 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
	jo: 1.4

Number of packages to be installed: 1

19 KiB to be downloaded.
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [1/1] Fetching jo-1.4.txz: ... done
Checking integrity... done (0 conflicting)
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [1/1] Installing jo-1.4...
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [1/1] Extracting jo-1.4: ...... done
Step 21: Install package git-lite
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 3 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
	expat: 2.4.1
	git-lite: 2.32.0_1
	pcre2: 10.37

Number of packages to be installed: 3

The process will require 34 MiB more space.
6 MiB to be downloaded.
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [1/3] Fetching git-lite-2.32.0_1.txz: .......... done
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [2/3] Fetching expat-2.4.1.txz: .......... done
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [3/3] Fetching pcre2-10.37.txz: .......... done
Checking integrity... done (0 conflicting)
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [1/3] Installing expat-2.4.1...
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [1/3] Extracting expat-2.4.1: .......... done
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [2/3] Installing pcre2-10.37...
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [2/3] Extracting pcre2-10.37: .......... done
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [3/3] Installing git-lite-2.32.0_1...
===> Creating groups.
Creating group 'git_daemon' with gid '964'.
===> Creating users
Creating user 'git_daemon' with uid '964'.
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [3/3] Extracting git-lite-2.32.0_1: .......... done
=====
Message from git-lite-2.32.0_1:

--
If you installed the GITWEB option please follow these instructions:

In the directory /usr/local/share/examples/git/gitweb you can find all files to
make gitweb work as a public repository on the web.

All you have to do to make gitweb work is:
1) Please be sure you're able to execute CGI scripts in
   /usr/local/share/examples/git/gitweb.
2) Set the GITWEB_CONFIG variable in your webserver's config to
   /usr/local/etc/git/gitweb.conf. This variable is passed to gitweb.cgi.
3) Restart server.


If you installed the CONTRIB option please note that the scripts are
installed in /usr/local/share/git-core/contrib. Some of them require
other ports to be installed (perl, python, etc), which you may need to
install manually.
Step 22: Install package go
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 1 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
	go: 1.16.7,1

Number of packages to be installed: 1

The process will require 285 MiB more space.
74 MiB to be downloaded.
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [1/1] Fetching go-1.16.7,1.txz: .......... done
Checking integrity... done (0 conflicting)
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [1/1] Installing go-1.16.7,1...
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [1/1] Extracting go-1.16.7,1: .......... done
Step 23: Instal package gmake
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 1 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
	gmake: 4.3_2

Number of packages to be installed: 1

The process will require 2 MiB more space.
416 KiB to be downloaded.
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [1/1] Fetching gmake-4.3_2.txz: .......... done
Checking integrity... done (0 conflicting)
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [1/1] Installing gmake-4.3_2...
[postgresql-patroni-amd64-13_0.vsf00001.cpt.za.honeyguide.net] [1/1] Extracting gmake-4.3_2: .......... done
Step 24: Instal package curl
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
Checking integrity... done (0 conflicting)
The most recent versions of packages are already installed
Step 25: Install pip package psycopg2-binary
Collecting psycopg2-binary
  Downloading psycopg2-binary-2.9.1.tar.gz (380 kB)
Using legacy 'setup.py install' for psycopg2-binary, since package 'wheel' is not installed.
Installing collected packages: psycopg2-binary
    Running setup.py install for psycopg2-binary: started
    Running setup.py install for psycopg2-binary: finished with status 'done'
Successfully installed psycopg2-binary-2.9.1
Step 26: Install pip package patroni
Collecting patroni
  Downloading patroni-2.1.1-py3-none-any.whl (219 kB)
Requirement already satisfied: six>=1.7 in /usr/local/lib/python3.8/site-packages (from patroni) (1.16.0)
Collecting PyYAML
  Downloading PyYAML-5.4.1.tar.gz (175 kB)
  Installing build dependencies: started
  Installing build dependencies: finished with status 'done'
  Getting requirements to build wheel: started
  Getting requirements to build wheel: finished with status 'done'
    Preparing wheel metadata: started
    Preparing wheel metadata: finished with status 'done'
Collecting click>=4.1
  Downloading click-8.0.1-py3-none-any.whl (97 kB)
Collecting ydiff>=1.2.0
  Downloading ydiff-1.2.tar.gz (42 kB)
Requirement already satisfied: urllib3!=1.21,>=1.19.1 in /usr/local/lib/python3.8/site-packages (from patroni) (1.25.11)
Collecting psutil>=2.0.0
  Downloading psutil-5.8.0.tar.gz (470 kB)
Collecting prettytable>=0.7
  Downloading prettytable-2.2.0-py3-none-any.whl (23 kB)
Collecting python-dateutil
  Downloading python_dateutil-2.8.2-py2.py3-none-any.whl (247 kB)
Collecting wcwidth
  Downloading wcwidth-0.2.5-py2.py3-none-any.whl (30 kB)
Using legacy 'setup.py install' for psutil, since package 'wheel' is not installed.
Using legacy 'setup.py install' for ydiff, since package 'wheel' is not installed.
Building wheels for collected packages: PyYAML
  Building wheel for PyYAML (PEP 517): started
  Building wheel for PyYAML (PEP 517): finished with status 'done'
  Created wheel for PyYAML: filename=PyYAML-5.4.1-cp38-cp38-freebsd_13_0_release_p4_amd64.whl size=45669 sha256=361360fc89bcf094a2077c340a03c1ee91489c909a5797a932df7724fdafb1cf
  Stored in directory: /root/.cache/pip/wheels/dd/c5/1d/5d7436173d3efd4a14dcb510eb0b29525ecb6b0e41489e716e
Successfully built PyYAML
Installing collected packages: wcwidth, ydiff, PyYAML, python-dateutil, psutil, prettytable, click, patroni
    Running setup.py install for ydiff: started
    Running setup.py install for ydiff: finished with status 'done'
    Running setup.py install for psutil: started
    Running setup.py install for psutil: finished with status 'done'
Successfully installed PyYAML-5.4.1 click-8.0.1 patroni-2.1.1 prettytable-2.2.0 psutil-5.8.0 python-dateutil-2.8.2 wcwidth-0.2.5 ydiff-1.2
Step 27: Clean package installation
The following package files will be deleted:
	/var/cache/pkg/git-lite-2.32.0_1.txz
	/var/cache/pkg/consul-1.9.5~bde1e68fea.txz
	/var/cache/pkg/py38-six-1.16.0~503ab6cb67.txz
	/var/cache/pkg/mpdecimal-2.5.1~6a1530aa63.txz
	/var/cache/pkg/py38-pycparser-2.20~ac62095020.txz
	/var/cache/pkg/json-c-0.15_1~c9e6e8b4e3.txz
	/var/cache/pkg/syslog-ng-3.32.1~828a6af6df.txz
	/var/cache/pkg/libnghttp2-1.43.0.txz
	/var/cache/pkg/jq-1.6.txz
	/var/cache/pkg/perl5-5.32.1_1.txz
	/var/cache/pkg/py38-pysocks-1.7.1~fe4a0a95a9.txz
	/var/cache/pkg/node_exporter-1.1.2.txz
	/var/cache/pkg/postgresql13-server-13.3_1.txz
	/var/cache/pkg/py38-cffi-1.14.5~f39ae040eb.txz
	/var/cache/pkg/libiconv-1.16~58a485ac67.txz
	/var/cache/pkg/py38-setuptools-57.0.0.txz
	/var/cache/pkg/libxml2-2.9.12~808886ae95.txz
	/var/cache/pkg/py38-pysocks-1.7.1.txz
	/var/cache/pkg/oniguruma-6.9.7.1~992ea8fca0.txz
	/var/cache/pkg/libffi-3.3_1~ceb6b0f52a.txz
	/var/cache/pkg/glib-2.66.8,2.txz
	/var/cache/pkg/py38-cryptography-3.3.2~1c34c2637c.txz
	/var/cache/pkg/readline-8.1.1.txz
	/var/cache/pkg/py38-openssl-20.0.1~ae7fa9db82.txz
	/var/cache/pkg/e2fsprogs-libuuid-1.46.4~a5ac3c63ab.txz
	/var/cache/pkg/curl-7.78.0~f31d1f4721.txz
	/var/cache/pkg/vault-1.7.3.txz
	/var/cache/pkg/consul-1.9.5.txz
	/var/cache/pkg/py38-requests-2.25.1~6ae75642a0.txz
	/var/cache/pkg/py38-urllib3-1.25.11,1.txz
	/var/cache/pkg/sudo-1.9.7p1~f275c1822e.txz
	/var/cache/pkg/git-lite-2.32.0_1~8827c3c71a.txz
	/var/cache/pkg/sudo-1.9.7p1.txz
	/var/cache/pkg/pcre2-10.37.txz
	/var/cache/pkg/py38-openssl-20.0.1.txz
	/var/cache/pkg/py38-python-consul2-0.1.5.txz
	/var/cache/pkg/readline-8.1.1~f705aeb15c.txz
	/var/cache/pkg/jo-1.4.txz
	/var/cache/pkg/icu-69.1,1~b4df776fc4.txz
	/var/cache/pkg/py38-urllib3-1.25.11,1~49dd71a9ad.txz
	/var/cache/pkg/indexinfo-0.3.1~d4818e637c.txz
	/var/cache/pkg/py38-idna-2.10.txz
	/var/cache/pkg/json-c-0.15_1.txz
	/var/cache/pkg/py38-pip-20.3.4~1d3653afcc.txz
	/var/cache/pkg/python38-3.8.10~779ca296e6.txz
	/var/cache/pkg/e2fsprogs-libuuid-1.46.4.txz
	/var/cache/pkg/gmake-4.3_2~dd772c05ef.txz
	/var/cache/pkg/py38-cryptography-3.3.2.txz
	/var/cache/pkg/gmake-4.3_2.txz
	/var/cache/pkg/perl5-5.32.1_1~b911fbd122.txz
	/var/cache/pkg/pcre2-10.37~4cca0fe7cb.txz
	/var/cache/pkg/py38-idna-2.10~44d48af2ae.txz
	/var/cache/pkg/lua52-5.2.4~40d535cc7f.txz
	/var/cache/pkg/expat-2.4.1~8d48399c1d.txz
	/var/cache/pkg/libxml2-2.9.12.txz
	/var/cache/pkg/py38-six-1.16.0.txz
	/var/cache/pkg/libedit-3.1.20210216,1~98bec5446f.txz
	/var/cache/pkg/go-1.16.7,1.txz
	/var/cache/pkg/py38-requests-2.25.1.txz
	/var/cache/pkg/icu-69.1,1.txz
	/var/cache/pkg/py38-python-consul2-0.1.5~a2f0bd83ce.txz
	/var/cache/pkg/oniguruma-6.9.7.1.txz
	/var/cache/pkg/ca_root_nss-3.63.txz
	/var/cache/pkg/gettext-runtime-0.21.txz
	/var/cache/pkg/syslog-ng-3.32.1.txz
	/var/cache/pkg/pcre-8.44.txz
	/var/cache/pkg/postgresql13-client-13.3.txz
	/var/cache/pkg/py38-certifi-2021.5.30~508fb52d4b.txz
	/var/cache/pkg/libnghttp2-1.43.0~e01ce95679.txz
	/var/cache/pkg/postgresql13-client-13.3~6864ed4c2d.txz
	/var/cache/pkg/gettext-runtime-0.21~051ad548f7.txz
	/var/cache/pkg/mpdecimal-2.5.1.txz
	/var/cache/pkg/openssl-1.1.1k_1,1.txz
	/var/cache/pkg/go-1.16.7,1~f27609859c.txz
	/var/cache/pkg/curl-7.78.0.txz
	/var/cache/pkg/py38-cffi-1.14.5.txz
	/var/cache/pkg/indexinfo-0.3.1.txz
	/var/cache/pkg/node_exporter-1.1.2~fc91952053.txz
	/var/cache/pkg/py38-setuptools-57.0.0~22133cba1d.txz
	/var/cache/pkg/postgresql13-server-13.3_1~eccd00b8ea.txz
	/var/cache/pkg/llvm11-11.0.1.txz
	/var/cache/pkg/jo-1.4~4bab3e7b7a.txz
	/var/cache/pkg/libiconv-1.16.txz
	/var/cache/pkg/libedit-3.1.20210216,1.txz
	/var/cache/pkg/ca_root_nss-3.63~2e4dafd35f.txz
	/var/cache/pkg/pcre-8.44~18fdb314f8.txz
	/var/cache/pkg/py38-pycparser-2.20.txz
	/var/cache/pkg/py38-certifi-2021.5.30.txz
	/var/cache/pkg/python38-3.8.10.txz
	/var/cache/pkg/openssl-1.1.1k_1,1~337a7460ed.txz
	/var/cache/pkg/libffi-3.3_1.txz
	/var/cache/pkg/glib-2.66.8,2~9873f41b28.txz
	/var/cache/pkg/jq-1.6~48e58e6577.txz
	/var/cache/pkg/py38-pip-20.3.4.txz
	/var/cache/pkg/py38-chardet-4.0.0,1.txz
	/var/cache/pkg/llvm11-11.0.1~63dd58a928.txz
	/var/cache/pkg/lua52-5.2.4.txz
	/var/cache/pkg/vault-1.7.3~e104fea0c0.txz
	/var/cache/pkg/py38-chardet-4.0.0,1~13ea1972d7.txz
	/var/cache/pkg/expat-2.4.1.txz
The cleanup will free 343 MiB
Deleting files: .......... done
All done
Step 28: Remove pre-existing cook script (if any)
Step 29: Create cook script
Step 30: Make cook script executable
setting executable bit on /usr/local/bin/cook
Step 31: Create rc.d script to start cook
creating rc.d script to start cook
Step 32: Make rc.d script to start cook executable
Setting executable bit on cook rc file
Step 33: Enable cook service
enabling cook
cook enabled in /etc/rc.conf
=====>  Stop the pot postgresql-patroni-amd64-13_0
=====>  Remove epair0[a|b] network interfaces
=====>  unmount /mnt/data/pot/jails/postgresql-patroni-amd64-13_0/m/tmp
=====>  unmount /mnt/data/pot/jails/postgresql-patroni-amd64-13_0/m/dev
=====>  Flavour: postgresql-patroni+1
=====>  Executing postgresql-patroni+1 pot commands on postgresql-patroni-amd64-13_0
=====>  No shell script available for the flavour postgresql-patroni+1
=====>  Flavour: postgresql-patroni+2
=====>  Executing postgresql-patroni+2 pot commands on postgresql-patroni-amd64-13_0
=====>  No shell script available for the flavour postgresql-patroni+2
=====>  Flavour: postgresql-patroni+3
=====>  Executing postgresql-patroni+3 pot commands on postgresql-patroni-amd64-13_0
=====>  No shell script available for the flavour postgresql-patroni+3
=====>  Flavour: postgresql-patroni+4
=====>  Executing postgresql-patroni+4 pot commands on postgresql-patroni-amd64-13_0
=====>  No shell script available for the flavour postgresql-patroni+4

postgresql-patroni-amd64-12_2_2.0.24:


postgresql-patroni/postgresql-patroni:
copy-in -s /usr/local/etc/pot/flavours/postgresql-patroni.d/patroni.rc -d /root/
copy-in -s /usr/local/etc/pot/flavours/postgresql-patroni.d/patroni.yml -d /root/
copy-in -s /usr/local/etc/pot/flavours/postgresql-patroni.d/syslog-ng.conf -d /root/
postgresql-patroni/postgresql-patroni.sh:
#!/bin/sh

# Based on POTLUCK TEMPLATE v3.0
# Altered by Michael Gmelin
#
# EDIT THE FOLLOWING FOR NEW FLAVOUR:
# 1. RUNS_IN_NOMAD - true or false
# 2. If RUNS_IN_NOMAD is false, can delete the <flavour>+4 file, else
#    make sure pot create command doesn't include it
# 3. Create a matching <flavour> file with this <flavour>.sh file that
#    contains the copy-in commands for the config files from <flavour>.d/
#    Remember that the package directories don't exist yet, so likely copy
#    to /root
# 4. Adjust package installation between BEGIN & END PACKAGE SETUP
# 5. Adjust jail configuration script generation between BEGIN & END COOK
#    Configure the config files that have been copied in where necessary

# Set this to true if this jail flavour is to be created as a nomad (i.e. blocking) jail.
# You can then query it in the cook script generation below and the script is installed
# appropriately at the end of this script
RUNS_IN_NOMAD=false

# set the cook log path/filename
COOKLOG=/var/log/cook.log

# check if cooklog exists, create it if not
if [ ! -e $COOKLOG ]
then
    echo "Creating $COOKLOG" | tee -a $COOKLOG
else
    echo "WARNING $COOKLOG already exists"  | tee -a $COOKLOG
fi
date >> $COOKLOG

# -------------------- COMMON ---------------

STEPCOUNT=0
step() {
  STEPCOUNT=$(expr "$STEPCOUNT" + 1)
  STEP="$@"
  echo "Step $STEPCOUNT: $STEP" | tee -a $COOKLOG
}

exit_ok() {
  trap - EXIT
  exit 0
}

FAILED=" failed"
exit_error() {
  STEP="$@"
  FAILED=""
  exit 1
}

set -e
trap 'echo ERROR: $STEP$FAILED | (>&2 tee -a $COOKLOG)' EXIT

# -------------- BEGIN PACKAGE SETUP -------------

step "Bootstrap package repo"
mkdir -p /usr/local/etc/pkg/repos
echo 'FreeBSD: { url: "pkg+http://pkg.FreeBSD.org/${ABI}/quarterly" }' \
  >/usr/local/etc/pkg/repos/FreeBSD.conf
ASSUME_ALWAYS_YES=yes pkg bootstrap

step "Touch /etc/rc.conf"
touch /etc/rc.conf

# this is important, otherwise running /etc/rc from cook will
# overwrite the IP address set in tinirc
step "Remove ifconfig_epair0b from config"
sysrc -cq ifconfig_epair0b && sysrc -x ifconfig_epair0b || true

step "Disable sendmail"
service sendmail onedisable

step "Create /usr/local/etc/rc.d"
mkdir -p /usr/local/etc/rc.d

step "Update package repository"
pkg update -f

step "Install package sudo"
pkg install -y sudo

step "Install package openssl"
pkg install -y openssl

step "Install package vault"
pkg install -y vault

step "Install package consul"
pkg install -y consul

step "Install package node_exporter"
pkg install -y node_exporter

step "Install package syslog-ng"
pkg install -y syslog-ng

step "Install package postgresql-server"
pkg install -y postgresql13-server

step "Install package postgresql-client"
pkg install -y postgresql13-client

step "Install package python37"
pkg install -y python38

step "Install package python3-pip"
pkg install -y py38-pip

step "Install package python-consul2"
# this version gives error
pkg install -y py38-python-consul2

# using pip to install this package, as pkg removes postgres13 now, and installs postgres12 client as dependency
#step "Install package psycopg2"
#pkg install -y py38-psycopg2

step "Install package curl"
pkg install -y curl

step "Install package jq"
pkg install -y jq

step "Install package jo"
pkg install -y jo

step "Install package git-lite"
pkg install -y git-lite

step "Install package go"
pkg install -y go

step "Instal package gmake"
pkg install -y gmake

step "Instal package curl"
pkg install -y curl

#
# pip MUST ONLY be used:
# * With the --user flag, OR
# * To install or manage Python packages in virtual environments
# using -prefix here to force install in /usr/local/bin

step "Install pip package psycopg2-binary"
pip install psycopg2-binary --prefix="/usr/local/"

step "Install pip package patroni"
pip install patroni --prefix="/usr/local"
#
## WARNING: The scripts patroni, patroni_aws, patroni_raft_controller,
## patroni_wale_restore and patronictl are installed in
## '--prefix=/usr/local/bin' which is not on PATH.
## Consider adding this directory to PATH or, if you prefer to suppress
## this warning, use --no-warn-script-location.

step "Clean package installation"
pkg clean -y

# -------------- END PACKAGE SETUP -------------
#
# Create configurations
#

#
# Now generate the run command script "cook"
# It configures the system on the first run by creating the config file(s)
# On subsequent runs, it only starts sleeps (if nomad-jail) or simply exits
#

# clear any old cook runtime file
step "Remove pre-existing cook script (if any)"
rm -f /usr/local/bin/cook

# this runs when image boots
# ----------------- BEGIN COOK ------------------

step "Create cook script"
echo "#!/bin/sh
RUNS_IN_NOMAD=$RUNS_IN_NOMAD
# declare this again for the pot image, might work carrying variable through like
# with above
COOKLOG=/var/log/cook.log

# No need to change this, just ensures configuration is done only once
if [ -e /usr/local/etc/pot-is-seasoned ]
then
    # If this pot flavour is blocking (i.e. it should not return),
    # we block indefinitely
    if [ \"\$RUNS_IN_NOMAD\" = \"true\" ]
    then
        /bin/sh /etc/rc
        tail -f /dev/null
    fi
    exit 0
fi

# ADJUST THIS: STOP SERVICES AS NEEDED BEFORE CONFIGURATION
#

# No need to adjust this:
# If this pot flavour is not blocking, we need to read the environment first from /tmp/environment.sh
# where pot is storing it in this case
if [ -e /tmp/environment.sh ]
then
    . /tmp/environment.sh
fi
#
# ADJUST THIS BY CHECKING FOR ALL VARIABLES YOUR FLAVOUR NEEDS:
# Check config variables are set
#
if [ -z \${DATACENTER+x} ];
then
    echo 'DATACENTER is unset - see documentation to configure this flavour with the datacenter name. This parameter is mandatory.'
    exit 1
fi
if [ -z \${CONSULSERVERS+x} ];
then
    echo 'CONSULSERVERS is unset - please pass in one or more correctly-quoted, comma-separated addresses for consul peer IPs. Refer to documentation. This parameter is mandatory.'
    exit 1
fi
if [ -z \${NODENAME+x} ];
then
    echo 'NODENAME is unset - see documentation to configure this flavour with a name for this node. This parameter is mandatory.'
    exit 1
fi
if [ -z \${IP+x} ];
then
    echo 'IP is unset - see documentation to configure this flavour for an IP address. This parameter is mandatory.'
    exit 1
fi
if [ -z \${SERVICETAG+x} ];
then
    echo 'SERVICETAG is unset - please set a service tag of master, replica or standby-leader. Refer to documentation. This parameter is mandatory.'
    exit 1
fi
if [ -z \${ADMPASS+x} ];
then
    echo 'ADMPASS is unset - please set the password for the admin user. This parameter is mandatory.'
    exit 1
fi
if [ -z \${KEKPASS+x} ];
then
    echo 'KEKPASS is unset - please set the password for the superuser postgres user. This parameter is mandatory.'
    exit 1
fi
if [ -z \${REPPASS+x} ];
then
    echo 'REPPASS is unset - please set the replicator user password for replication. This parameter is mandatory.'
    exit 1
fi
if [ -z \${VAULTSERVER+x} ];
then
    echo 'VAULTSERVER is unset - see documentation to set the vault server IP address. This is required to obtain certificates. This parameter is mandatory.'
    exit 1
fi
# we need a token from the vault server
if [ -z \${VAULTTOKEN+x} ];
then
    echo 'VAULTTOKEN is unset - a vault token is required to obtain certificates. Refer to documentation. This parameter is mandatory.'
    exit 1
fi
# GOSSIPKEY is a 32 byte, Base64 encoded key generated with consul keygen for the consul flavour.
# Re-used for nomad, which is usually 16 byte key but supports 32 byte, Base64 encoded keys
# We'll re-use the one from the consul flavour
if [ -z \${GOSSIPKEY+x} ];
then
    echo 'GOSSIPKEY is unset - please provide a 32 byte base64 key from the (consul keygen key) command. This parameter is mandatory.'
    exit 1
fi
# optional logging to remote syslog server
if [ -z \${REMOTELOG+x} ];
then
    echo 'REMOTELOG is unset - please provide the IP address of a loki server. Defaulting to \"null\" if not set. This parameter is optional.'
    REMOTELOG=\"null\"
fi
# sftpuser credentials
if [ -z \${SFTPUSER+x} ];
then
    echo 'SFTPUSER is unset - please provide a username to use for the SFTP user on the vault leader. This parameter is mandatory.'
    exit 1
fi

# ADJUST THIS BELOW: NOW ALL THE CONFIGURATION FILES NEED TO BE CREATED:
# Don't forget to double(!)-escape quotes and dollar signs in the config files

# add group for accessing certs (shared between services)
/usr/sbin/pw groupadd certaccess

# some basic ssh setup
echo \"Initialising ssh settings\"
mkdir -p /root/.ssh
chmod 700 /root/.ssh
touch /root/.ssh/authorized_keys

if [ -f /root/sshkey ] && [ ! -f /root/.ssh/id_rsa ]; then
    cp /root/sshkey /root/.ssh/id_rsa
    chmod 600 /root/.ssh/id_rsa
    ssh-keygen -f /root/.ssh/id_rsa -y > /root/.ssh/id_rsa.pub
fi

# setup temp directory for temp certs
mkdir -p /tmp/tmpcerts

# echo a message to user
echo \"\"
echo \"########################### IMPORTANT NOTICE ###########################\"
echo \"\"
echo \"Make sure to copy in id_rsa from vault leader certuser instance!\"
echo \"\"
echo \"########################################################################\"
echo \"\"
# end client

# retrieve first round of certificates from vault leader via sftp
echo \"Get first round of certificates from vault leader via sftp\"
if [ -f /root/.ssh/id_rsa ]; then
    cd /tmp/tmpcerts
    # wildcard retrieval works manually but not in the script, so we specify each file to retrieve
    /usr/bin/sftp -P 8888 -o StrictHostKeyChecking=no -q \$SFTPUSER@\$VAULTSERVER:\$IP/cert.pem
    (umask 137; /usr/bin/sftp -P 8888 -o StrictHostKeyChecking=no -q \$SFTPUSER@\$VAULTSERVER:\$IP/key.pem)
    chgrp certaccess key.pem
    /usr/bin/sftp -P 8888 -o StrictHostKeyChecking=no -q \$SFTPUSER@\$VAULTSERVER:\$IP/ca.pem
    /usr/bin/sftp -P 8888 -o StrictHostKeyChecking=no -q \$SFTPUSER@\$VAULTSERVER:\$IP/combinedca.pem
    cd ~
fi

# setup directories for vault usage
mkdir -p /mnt/templates
mkdir -p /mnt/certs/hash
chgrp -R certaccess /mnt/certs
mkdir -p /mnt/vault

# start postgres_exporter
export PATH=\"$PATH:/usr/local/bin/\"
cd /tmp
/usr/local/bin/git clone https://github.com/prometheus-community/postgres_exporter.git
cd /tmp/postgres_exporter
/usr/local/bin/gmake build
# fix stuff in rc file before copy
#sed -i .orig 's/sslmode=disable/sslmode=require/g' /tmp/postgres_exporter/postgres_exporter.rc
sed -i .orig 's/-web.listen-address/--web.listen-address/g' /tmp/postgres_exporter/postgres_exporter.rc
# copy over rc file
cp -f /tmp/postgres_exporter/postgres_exporter.rc /usr/local/etc/rc.d/postgres_exporter
# make executable
chmod +x /usr/local/etc/rc.d/postgres_exporter
# copy over postgres_exporter
cp -f /tmp/postgres_exporter/postgres_exporter /usr/local/bin/postgres_exporter
# make executable
chmod +x /usr/local/bin/postgres_exporter
# set start options, one a manual way to get IP in
sysrc postgres_exporter_enable=\"YES\"
sysrc postgres_exporter_pg_host=\"\$IP\"
sysrc postgres_exporter_pg_user=\"postgres\"
# this probably shouldn't be in /etc/rc.conf? but only way
sysrc postgres_exporter_pg_pass=\"\$KEKPASS\"
cd /root
# end postgres_exporter

# add the postgres user to the certaccess group
/usr/sbin/pw usermod postgres -G certaccess

# make consul configuration directory and set permissions
mkdir -p /usr/local/etc/consul.d
chmod 750 /usr/local/etc/consul.d

# Create the consul agent config file with imported variables
echo \"{
 \\\"advertise_addr\\\": \\\"\$IP\\\",
 \\\"datacenter\\\": \\\"\$DATACENTER\\\",
 \\\"node_name\\\": \\\"\$NODENAME\\\",
 \\\"data_dir\\\":  \\\"/var/db/consul\\\",
 \\\"dns_config\\\": {
  \\\"a_record_limit\\\": 3,
  \\\"enable_truncate\\\": true
 },
 \\\"verify_incoming\\\": true,
 \\\"verify_outgoing\\\": true,
 \\\"verify_server_hostname\\\":false,
 \\\"verify_incoming_rpc\\\": true,
 \\\"ca_file\\\": \\\"/mnt/certs/ca.pem\\\",
 \\\"cert_file\\\": \\\"/mnt/certs/cert.pem\\\",
 \\\"key_file\\\": \\\"/mnt/certs/key.pem\\\",
 \\\"log_file\\\": \\\"/var/log/consul/\\\",
 \\\"log_level\\\": \\\"WARN\\\",
 \\\"encrypt\\\": \\\"\$GOSSIPKEY\\\",
 \\\"start_join\\\": [ \$CONSULSERVERS ],
 \\\"telemetry\\\": {
  \\\"prometheus_retention_time\\\": \\\"24h\\\",
  \\\"disable_hostname\\\": true
 },
 \\\"service\\\": {
  \\\"address\\\": \\\"\$IP\\\",
  \\\"name\\\": \\\"node-exporter\\\",
  \\\"tags\\\": [\\\"_app=prometheus\\\", \\\"_service=node-exporter\\\", \\\"_hostname=\$NODENAME\\\", \\\"_datacenter=\$DATACENTER\\\"],
  \\\"port\\\": 9100
 },
 \\\"service\\\": {
  \\\"address\\\": \\\"\$IP\\\",
  \\\"name\\\": \\\"postgres-exporter\\\",
  \\\"tags\\\": [\\\"_app=postgresql\\\", \\\"_service=postgres-exporter\\\", \\\"_hostname=\$NODENAME\\\", \\\"_datacenter=\$DATACENTER\\\"],
  \\\"port\\\": 9187
 }
}\" | (umask 177; cat > /usr/local/etc/consul.d/agent.json)

# set owner on /usr/local/etc/consul.d/
chown -R consul:wheel /usr/local/etc/consul.d/

# enable consul
service consul enable

# set load parameter for consul config
sysrc consul_args=\"-config-file=/usr/local/etc/consul.d/agent.json\"

# setup consul logs, might be redundant if not specified in agent.json above
mkdir -p /var/log/consul
touch /var/log/consul/consul.log
chown -R consul:wheel /var/log/consul

# add the consul user to the certaccess group
/usr/sbin/pw usermod consul -G certaccess

# end consul

## start Vault

# first remove any existing vault configuration
if [ -f /usr/local/etc/vault/vault-server.hcl ]; then
    rm /usr/local/etc/vault/vault-server.hcl
fi
# then setup a fresh vault.hcl specific to the type of image

# default freebsd vault.hcl is /usr/local/etc/vault.hcl and
# the init script /usr/local/etc/rc.d/vault refers to this
# but many vault docs refer to /usr/local/etc/vault/vault-server.hcl
# or similar

# begin vault config
# we're setting a config file but not actually running the vault service
# certificate rotation is being done with a cron job
# token rotation may require the vault service

echo \"disable_mlock = true
ui = false
vault {
  address = \\\"\$VAULTSERVER:8200\\\"
  retry {
    num_retries = 5
  }
}
storage \\\"file\\\" {
  path = \\\"/mnt/vault/data\\\"
}
#template {
#  source = \\\"/mnt/templates/cert.tpl\\\"
#  destination = \\\"/mnt/certs/cert.pem\\\"
#}
#template {
#  source = \\\"/mnt/templates/ca.tpl\\\"
#  destination = \\\"/mnt/certs/ca.pem\\\"
#}
#template {
#  source = \\\"/mnt/templates/key.tpl\\\"
#  destination = \\\"/mnt/certs/key.pem\\\"
#}\" | (umask 177; cat > /usr/local/etc/vault.hcl)

# Set permission for vault.hcl, so that vault can read it
chown vault:wheel /usr/local/etc/vault.hcl

# setup template files for certificates
# this is not currently in use because cron job renews certs and restarts services
echo \"{{- /* /mnt/templates/cert.tpl */ -}}
{{ with secret \\\"pki_int/issue/\$DATACENTER\\\" \\\"common_name=\$IP\\\" \\\"ttl=24h\\\" \\\"alt_names=\$NODENAME\\\" \\\"ip_sans=\$IP\\\" }}
{{ .Data.certificate }}{{ end }}
\" > /mnt/templates/cert.tpl

echo \"{{- /* /mnt/templates/ca.tpl */ -}}
{{ with secret \\\"pki_int/issue/\$DATACENTER\\\" \\\"common_name=\$IP\\\" }}
{{ .Data.issuing_ca }}{{ end }}
\" > /mnt/templates/ca.tpl

echo \"{{- /* /mnt/templates/key.tpl */ -}}
{{ with secret \\\"pki_int/issue/\$DATACENTER\\\" \\\"common_name=\$IP\\\" \\\"ttl=24h\\\" \\\"alt_names=\$NODENAME\\\" \\\"ip_sans=\$IP\\\" }}
{{ .Data.private_key }}{{ end }}
\" > /mnt/templates/key.tpl

# set permissions on /mnt for vault data
chown -R vault:wheel /mnt/vault

# invite to certaccess group
/usr/sbin/pw usermod vault -G certaccess

# setup rc.conf entries
# we do not set vault_user=vault because vault will not start
# we're not starting vault as a service
service vault enable
sysrc vault_login_class=root
sysrc vault_syslog_output_enable=\"YES\"
sysrc vault_syslog_output_priority=\"warn\"

# new CA cert retrieval process with curl
echo \"Retrieving CA certificates from Vault leader\"
# get the root CA
/usr/local/bin/curl --silent --cacert /tmp/tmpcerts/ca.pem --cert /tmp/tmpcerts/cert.pem --key /tmp/tmpcerts/key.pem -o /mnt/certs/CA_cert.pem https://\$VAULTSERVER:8200/v1/pki/ca/pem
# append a new line to the file, as will concat together later with another file
if [ -s /mnt/certs/CA_cert.pem ]; then
    echo \"\" >> /mnt/certs/CA_cert.pem
fi
# get the intermediate CA
/usr/local/bin/curl --silent --cacert /tmp/tmpcerts/ca.pem --cert /tmp/tmpcerts/cert.pem --key /tmp/tmpcerts/key.pem -o /mnt/certs/intermediate.cert.pem https://\$VAULTSERVER:8200/v1/pki_int/ca/pem
# append a new line to the file, as will concat together later with another file
if [ -s /mnt/certs/intermediate.cert.pem ]; then
    echo \"\" >> /mnt/certs/intermediate.cert.pem
fi
# validate the certificates
echo \"Validating CA certificates\"
if [ -s /mnt/certs/CA_cert.pem ] && [ -s /mnt/certs/intermediate.cert.pem ]; then
    /usr/bin/openssl verify -CAfile /mnt/certs/CA_cert.pem /mnt/certs/intermediate.cert.pem
fi

# unwrap the pki token issued by vault leader
echo \"Unwrapping passed in token...\"
(umask 177; /usr/local/bin/vault unwrap -address=https://\$VAULTSERVER:8200 -client-cert=/tmp/tmpcerts/cert.pem -client-key=/tmp/tmpcerts/key.pem -ca-cert=/mnt/certs/intermediate.cert.pem -format=json \$VAULTTOKEN | /usr/local/bin/jq -r '.auth.client_token' > /root/unwrapped.token)
sleep 1
if [ -s /root/unwrapped.token ]; then
    echo \"Token unwrapped\"
    THIS_TOKEN=\$(/bin/cat /root/unwrapped.token)
    echo \"Logging in to vault leader to authenticate\"
    (umask 177; echo \"\$THIS_TOKEN\" | /usr/local/bin/vault login -address=https://\$VAULTSERVER:8200 -client-cert=/tmp/tmpcerts/cert.pem -client-key=/tmp/tmpcerts/key.pem -ca-cert=/mnt/certs/intermediate.cert.pem -method=token -field=token token=- > /root/login.token)
fi

# get list of secrets engines (helps cluster to align)
/usr/local/bin/vault secrets list -address=https://\$VAULTSERVER:8200 -client-cert=/tmp/tmpcerts/cert.pem -client-key=/tmp/tmpcerts/key.pem -ca-cert=/mnt/certs/intermediate.cert.pem

echo \"Setting certificate payload\"
if [ -s /root/login.token ]; then
    # generate certificates to use
    # using this payload.json approach to avoid nested single and double quotes for expansion
    # new way of generating payload.json with jo
    /usr/local/bin/jo -p common_name=\$IP alt_names=\$NODENAME ttl=24h ip_sans=\"\$IP,127.0.0.1\" format=pem > /mnt/templates/payload.json

    # we use curl to get the certificates in json format as the issue command only has formats: pem, pem_bundle, der
    # but no json format except via the API
    echo \"Generating certificates to use from Vault\"
    HEADER=\$(/bin/cat /root/login.token)
    (umask 177; /usr/local/bin/curl --cacert /tmp/tmpcerts/combinedca.pem --cert /tmp/tmpcerts/cert.pem --key /tmp/tmpcerts/key.pem --header \"X-Vault-Token: \$HEADER\" --request POST --data @/mnt/templates/payload.json https://\$VAULTSERVER:8200/v1/pki_int/issue/\$DATACENTER > /mnt/certs/vaultissue.json)

    # extract the required certificates to individual files
    /usr/local/bin/jq -r '.data.certificate' /mnt/certs/vaultissue.json > /mnt/certs/cert.pem
    # append the ca cert to the cert
    /usr/local/bin/jq -r '.data.issuing_ca' /mnt/certs/vaultissue.json >> /mnt/certs/cert.pem
    (umask 137; /usr/local/bin/jq -r '.data.private_key' /mnt/certs/vaultissue.json > /mnt/certs/key.pem)
    /usr/local/bin/jq -r '.data.issuing_ca' /mnt/certs/vaultissue.json > /mnt/certs/ca.pem
    cd /mnt/certs
    # concat the root CA and intermediary CA into combined file
    cat /mnt/certs/CA_cert.pem /mnt/certs/ca.pem > /mnt/certs/combinedca.pem
    # steps here to hash ca, required for syslog-ng
    ln -s ca.pem hash/\$(/usr/bin/openssl x509 -subject_hash -noout -in /mnt/certs/ca.pem).0
    ln -s combinedca.pem hash/\$(/usr/bin/openssl x509 -subject_hash -noout -in /mnt/certs/combinedca.pem).0
    cd /root
    # set permissions on /mnt/certs for vault
    chown -R vault:certaccess /mnt/certs
    # patroni wants 0640 on root-owned files,and key must be root-owned in our case
    chown root:certaccess /mnt/certs/key.pem
    chmod 640 /mnt/certs/key.pem

    # validate the certificates
    echo \"Validating client certificate\"
    if [ -s /mnt/certs/combinedca.pem ] && [ -s /mnt/certs/cert.pem ]; then
        /usr/bin/openssl verify -CAfile /mnt/certs/combinedca.pem /mnt/certs/cert.pem
    fi

    # start consul agent
    service consul start

    # setup certificate rotation script
    echo \"Setting up certificate rotation script\"
    echo \"#!/bin/sh
export VAULT_CLIENT_TIMEOUT=300s
export VAULT_MAX_RETRIES=5
if [ -s /root/login.token ]; then
    LOGINTOKEN=\\\$(/bin/cat /root/login.token)
    HEADER=\\\$(echo \\\"X-Vault-Token: \\\"\\\$LOGINTOKEN)
    (umask 177; /usr/local/bin/curl --cacert /mnt/certs/combinedca.pem --cert /mnt/certs/cert.pem --key /mnt/certs/key.pem --header \\\"\\\$HEADER\\\" --request POST --data @/mnt/templates/payload.json https://\$VAULTSERVER:8200/v1/pki_int/issue/\$DATACENTER > /mnt/certs/vaultissue.json)
    # extract the required certificates to individual files
    /usr/local/bin/jq -r '.data.certificate' /mnt/certs/vaultissue.json > /mnt/certs/cert.pem
    /usr/local/bin/jq -r '.data.issuing_ca' /mnt/certs/vaultissue.json >> /mnt/certs/cert.pem
    (umask 137; /usr/local/bin/jq -r '.data.private_key' /mnt/certs/vaultissue.json > /mnt/certs/key.pem)
    /usr/local/bin/jq -r '.data.issuing_ca' /mnt/certs/vaultissue.json > /mnt/certs/ca.pem
    cd /mnt/certs
    # concat the root CA and intermediary CA into combined file
    cat CA_cert.pem ca.pem > combinedca.pem
    # steps here to hash ca
    ln -s ca.pem hash\$(/usr/bin/openssl x509 -subject_hash -noout -in /mnt/certs/ca.pem).0
    ln -s combinedca.pem hash\$(/usr/bin/openssl x509 -subject_hash -noout -in /mnt/certs/combinedca.pem).0
    cd /root
    # set permissions on /mnt/certs for vault
    chown -R vault:certaccess /mnt/certs
    # patroni wants 0640 on root-owned files,and key must be root-owned in our case
    chown root:certaccess /mnt/certs/key.pem
    chmod 640 /mnt/certs/key.pem
    # restart services
    service consul reload
    service consul status || service consul start
    service syslog-ng restart
    service node_exporter restart
    # restart gives error with port already in use when using this
    #  /usr/local/etc/rc.d/patroni restart
    # so we're using this instead
    /usr/local/bin/patronictl -c /usr/local/etc/patroni/patroni.yml reload postgresql --force
else
    echo \"/root/login.token does not contain a token. Certificates cannot be renewed.\"
fi
\" > /root/rotate-certs.sh

    if [ -f /root/rotate-certs.sh ]; then
        # make executable
        chmod +x /root/rotate-certs.sh
        # add a crontab entry for every hour
        echo \"0 * * * * root /root/rotate-certs.sh >> /mnt/rotate-cert.log 2>&1\" >> /etc/crontab
    fi

    # setup syslog-ng
    # optional remote logging
    if [ ! -z \$REMOTELOG ] && [ \$REMOTELOG != \"null\" ]; then
        if [ -f /root/syslog-ng.conf ]; then
            /usr/bin/sed -i .orig \"s/REMOTELOGIP/\$REMOTELOG/g\" /root/syslog-ng.conf
            cp -f /root/syslog-ng.conf /usr/local/etc/syslog-ng.conf
            # stop syslogd
            service syslogd onestop || true
            # setup sysrc entries to start and set parameters to accept logs from remote subnet
            sysrc syslogd_enable=\"NO\"
            sysrc syslog_ng_enable=\"YES\"
            #sysrc syslog_ng_flags=\"-u daemon\"
            sysrc syslog_ng_flags=\"-R /tmp/syslog-ng.persist\"
            service syslog-ng start
            echo \"syslog-ng setup complete\"
        else
            echo \"/root/syslog-ng.conf is missing?\"
        fi
    else
        echo \"REMOTELOG parameter is not set to an IP address. syslog-ng won't operate.\"
    fi

    # start patroni

    # set patroni variables in /root/patroni.yml before copy
    if [ -f /root/patroni.yml ]; then
        # replace MYNAME with imported variable NODENAME which must be unique
        /usr/bin/sed -i .orig \"s/MYNAME/\$NODENAME/g\" /root/patroni.yml

        # replace MYIP with imported variable IP
        /usr/bin/sed -i .orig \"s/MYIP/\$IP/g\" /root/patroni.yml

        # replace SERVICETAG with imported variable SERVICETAG
        /usr/bin/sed -i .orig \"s/SERVICETAG/\$SERVICETAG/g\" /root/patroni.yml

        # replace CONSULIP with imported variable IP, as using local consul agent
        /usr/bin/sed -i .orig \"s/CONSULIP/\$IP/g\" /root/patroni.yml

        # replace ADMPASS with imported variable ADMPASS
        /usr/bin/sed -i .orig \"s/ADMPASS/\$ADMPASS/g\" /root/patroni.yml

        # replace KEKPASS with imported variable KEKPASS
        /usr/bin/sed -i .orig \"s/KEKPASS/\$KEKPASS/g\" /root/patroni.yml

        # replace REPPASS with imported variable REPPASS
        /usr/bin/sed -i .orig \"s/REPPASS/\$REPPASS/g\" /root/patroni.yml
    fi

    # create /usr/local/etc/patroni/
    mkdir -p /usr/local/etc/patroni/

    # copy the file to startup location
    cp /root/patroni.yml /usr/local/etc/patroni/patroni.yml

    # copy patroni startup script to /usr/local/etc/rc.d/
    cp /root/patroni.rc /usr/local/etc/rc.d/patroni

    # enable postgresql
    service postgresql enable
    sysrc postgresql_data=\"/mnt/postgres/data/\"

    # enable patroni
    service patroni enable

    # if persistent storage doesn't exist, create and copy in /var/db/postgres
    if [ ! -d /mnt/postgres ]; then
        mkdir -p /mnt/postgres/data
    fi

    if [ -d /mnt/postgres ]; then
        chown -R postgres:postgres /mnt/postgres/
        chmod -R 0750 /mnt/postgres/
    fi

    # modify postgres user homedir to /mnt/postgres/data
    /usr/sbin/pw usermod -n postgres -d /mnt/postgres/data -s /bin/sh

    # end postgresql

    # setup script to query patroni status
    echo \"#!/bin/sh
/usr/local/bin/curl -s --cacert /mnt/certs/combinedca.pem --cert /mnt/certs/cert.pem --key /mnt/certs/key.pem https://127.0.0.1:8008/patroni | /usr/local/bin/jq .
\" > /root/verifynode.sh

    # make executable
    chmod +x /root/verifynode.sh

    # setup script to query cluster status
    echo \"#!/bin/sh
/usr/local/bin/curl -s --cacert /mnt/certs/combinedca.pem --cert /mnt/certs/cert.pem --key /mnt/certs/key.pem https://127.0.0.1:8008/cluster | /usr/local/bin/jq .
\" > /root/verifycluster.sh

    # make executable
    chmod +x /root/verifycluster.sh

    # start patroni, which should start postgresql
    service patroni start
    service postgres_exporter start
else
    echo \"ERROR: There was a problem logging into vault and no certificates were retrieved. Vault not started. Nor other services\"
fi

# node exporter needs tls setup
echo \"tls_server_config:
  cert_file: /mnt/certs/cert.pem
  key_file: /mnt/certs/key.pem
\" > /usr/local/etc/node-exporter.yml

# enable node_exporter service
# add node_exporter user
/usr/sbin/pw useradd -n nodeexport -c 'nodeexporter user' -m -s /usr/bin/nologin -h -

# invite node_exporter to certaccess group
/usr/sbin/pw usermod nodeexport -G certaccess

# enable node_exporter service
service node_exporter enable
sysrc node_exporter_args=\"--web.config=/usr/local/etc/node-exporter.yml\"
sysrc node_exporter_user=nodeexport
sysrc node_exporter_group=nodeexport

# start node_exporter
service node_exporter start

# ADJUST THIS: START THE SERVICES AGAIN AFTER CONFIGURATION

#
# Do not touch this:
touch /usr/local/etc/pot-is-seasoned

# If this pot flavour is blocking (i.e. it should not return), there is no /tmp/environment.sh
# created by pot and we now after configuration block indefinitely
if [ \"\$RUNS_IN_NOMAD\" = \"true\" ]
then
    /bin/sh /etc/rc
    tail -f /dev/null
fi
" > /usr/local/bin/cook

# ----------------- END COOK ------------------


# ---------- NO NEED TO EDIT BELOW ------------

step "Make cook script executable"
if [ -e /usr/local/bin/cook ]
then
    echo "setting executable bit on /usr/local/bin/cook" | tee -a $COOKLOG
    chmod u+x /usr/local/bin/cook
else
    exit_error "there is no /usr/local/bin/cook to make executable"
fi

#
# There are two ways of running a pot jail: "Normal", non-blocking mode and
# "Nomad", i.e. blocking mode (the pot start command does not return until
# the jail is stopped).
# For the normal mode, we create a /usr/local/etc/rc.d script that starts
# the "cook" script generated above each time, for the "Nomad" mode, the cook
# script is started by pot (configuration through flavour file), therefore
# we do not need to do anything here.
#

# Create rc.d script for "normal" mode:
step "Create rc.d script to start cook"
echo "creating rc.d script to start cook" | tee -a $COOKLOG

echo "#!/bin/sh
#
# PROVIDE: cook
# REQUIRE: LOGIN
# KEYWORD: shutdown
#
. /etc/rc.subr
name=\"cook\"
rcvar=\"cook_enable\"
load_rc_config \$name
: \${cook_enable:=\"NO\"}
: \${cook_env:=\"\"}
command=\"/usr/local/bin/cook\"
command_args=\"\"
run_rc_command \"\$1\"
" > /usr/local/etc/rc.d/cook

step "Make rc.d script to start cook executable"
if [ -e /usr/local/etc/rc.d/cook ]
then
  echo "Setting executable bit on cook rc file" | tee -a $COOKLOG
  chmod u+x /usr/local/etc/rc.d/cook
else
  exit_error "/usr/local/etc/rc.d/cook does not exist"
fi

if [ "$RUNS_IN_NOMAD" != "true" ]
then
  step "Enable cook service"
  # This is a non-nomad (non-blocking) jail, so we need to make sure the script
  # gets started when the jail is started:
  # Otherwise, /usr/local/bin/cook will be set as start script by the pot flavour
  echo "enabling cook" | tee -a $COOKLOG
  service cook enable
fi

# -------------------- DONE ---------------
exit_ok

postgresql-patroni/postgresql-patroni+1:
postgresql-patroni/postgresql-patroni+1.sh:

postgresql-patroni/postgresql-patroni+2:
postgresql-patroni/postgresql-patroni+2.sh:

postgresql-patroni/postgresql-patroni+3:
postgresql-patroni/postgresql-patroni+3.sh:

postgresql-patroni/postgresql-patroni+4:
postgresql-patroni/postgresql-patroni+4.sh:
Password:===>  Creating a new pot
===>  pot name : postgresql-patroni-amd64-12_2
===>  type : single
===>  base : 12.2
===>  pot_base :
===>  level : 0
===>  network-type : public-bridge
===>  network-stack: ipv4
===>  ip : 10.192.0.4
===>  bridge :
===>  dns : inherit
===>  flavours : fbsd-update postgresql-patroni postgresql-patroni+1 postgresql-patroni+2 postgresql-patroni+3 postgresql-patroni+4
===>  Fetching FreeBSD 12.2
===>  Extract the tarball
=====>  Flavour: fbsd-update
=====>  Starting postgresql-patroni-amd64-12_2 pot for the initial bootstrap
=====>  mount /mnt/data/pot/jails/postgresql-patroni-amd64-12_2/m/tmp
defaultrouter: NO -> 10.192.0.1
===>  Starting the pot postgresql-patroni-amd64-12_2
ELF ldconfig path: /lib /usr/lib /usr/lib/compat
32-bit compatibility ldconfig path: /usr/lib32
Starting Network: lo0 epair0b.
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
	options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
	inet6 ::1 prefixlen 128
	inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
	inet 127.0.0.1 netmask 0xff000000
	groups: lo
	nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
epair0b: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=8<VLAN_MTU>
	ether 02:fa:1f:de:dc:0b
	inet 10.192.0.4 netmask 0xffc00000 broadcast 10.255.255.255
	groups: epair
	media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
	status: active
	nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
add host 127.0.0.1: gateway lo0 fib 0: route already in table
add net default: gateway 10.192.0.1
add host ::1: gateway lo0 fib 0: route already in table
add net fe80::: gateway ::1
add net ff02::: gateway ::1
add net ::ffff:0.0.0.0: gateway ::1
add net ::0.0.0.0: gateway ::1
Generating host.conf.
Creating and/or trimming log files.
Starting syslogd.
Clearing /tmp (X related).
Updating motd:.
Updating /var/run/os-release done.
Starting sendmail_submit.
Starting sendmail_msp_queue.
Starting cron.

Fri Aug 27 20:15:12 UTC 2021
/usr/local/etc/pot/flavours/fbsd-update.sh -> /mnt/data/pot/jails/postgresql-patroni-amd64-12_2/m/tmp/fbsd-update.sh
=====>  Executing fbsd-update script on postgresql-patroni-amd64-12_2
src component not installed, skipped
Looking up update.FreeBSD.org mirrors... 2 mirrors found.
Fetching public key from update2.freebsd.org... done.
Fetching metadata signature for 12.2-RELEASE from update2.freebsd.org... done.
Fetching metadata index... done.
Fetching 2 metadata files... done.
Inspecting system... done.
Preparing to download files... done.
Fetching 88 patches.....10....20....30....40....50....60....70....80.... done.
Applying patches... done.
Fetching 1 files...  done.
The following files will be removed as part of updating to
12.2-RELEASE-p10:
/etc/ssl/certs/2c543cd1.0
/etc/ssl/certs/2e4eed3c.0
/etc/ssl/certs/480720ec.0
/etc/ssl/certs/7d0b38bd.0
/etc/ssl/certs/8867006a.0
/etc/ssl/certs/ad088e1d.0
/etc/ssl/certs/b204d74a.0
/etc/ssl/certs/ba89ed3b.0
/etc/ssl/certs/c089bbbd.0
/etc/ssl/certs/e2799e36.0
/usr/share/certs/trusted/GeoTrust_Global_CA.pem
/usr/share/certs/trusted/GeoTrust_Primary_Certification_Authority.pem
/usr/share/certs/trusted/GeoTrust_Primary_Certification_Authority_-_G3.pem
/usr/share/certs/trusted/GeoTrust_Universal_CA.pem
/usr/share/certs/trusted/GeoTrust_Universal_CA_2.pem
/usr/share/certs/trusted/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G4.pem
/usr/share/certs/trusted/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.pem
/usr/share/certs/trusted/thawte_Primary_Root_CA.pem
/usr/share/certs/trusted/thawte_Primary_Root_CA_-_G2.pem
/usr/share/certs/trusted/thawte_Primary_Root_CA_-_G3.pem
The following files will be added as part of updating to
12.2-RELEASE-p10:
/etc/ssl/blacklisted/2c543cd1.0
/etc/ssl/blacklisted/2e4eed3c.0
/etc/ssl/blacklisted/480720ec.0
/etc/ssl/blacklisted/7d0b38bd.0
/etc/ssl/blacklisted/8867006a.0
/etc/ssl/blacklisted/ad088e1d.0
/etc/ssl/blacklisted/b204d74a.0
/etc/ssl/blacklisted/ba89ed3b.0
/etc/ssl/blacklisted/c089bbbd.0
/etc/ssl/blacklisted/e2799e36.0
/etc/ssl/certs/3fb36b73.0
/usr/share/certs/blacklisted/GeoTrust_Global_CA.pem
/usr/share/certs/blacklisted/GeoTrust_Primary_Certification_Authority.pem
/usr/share/certs/blacklisted/GeoTrust_Primary_Certification_Authority_-_G3.pem
/usr/share/certs/blacklisted/GeoTrust_Universal_CA.pem
/usr/share/certs/blacklisted/GeoTrust_Universal_CA_2.pem
/usr/share/certs/blacklisted/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G4.pem
/usr/share/certs/blacklisted/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.pem
/usr/share/certs/blacklisted/thawte_Primary_Root_CA.pem
/usr/share/certs/blacklisted/thawte_Primary_Root_CA_-_G2.pem
/usr/share/certs/blacklisted/thawte_Primary_Root_CA_-_G3.pem
/usr/share/certs/trusted/NAVER_Global_Root_Certification_Authority.pem
The following files will be updated as part of updating to
12.2-RELEASE-p10:
/bin/freebsd-version
/lib/libcasper.so.1
/lib/libcrypto.so.111
/lib/libzfs.so.3
/lib/libzfs_core.so.2
/lib/libzpool.so.2
/rescue/[
/rescue/bectl
/rescue/bsdlabel
/rescue/bunzip2
/rescue/bzcat
/rescue/bzip2
/rescue/camcontrol
/rescue/cat
/rescue/ccdconfig
/rescue/chflags
/rescue/chgrp
/rescue/chio
/rescue/chmod
/rescue/chown
/rescue/chroot
/rescue/clri
/rescue/cp
/rescue/csh
/rescue/date
/rescue/dd
/rescue/devfs
/rescue/df
/rescue/dhclient
/rescue/disklabel
/rescue/dmesg
/rescue/dump
/rescue/dumpfs
/rescue/dumpon
/rescue/echo
/rescue/ed
/rescue/ex
/rescue/expr
/rescue/fastboot
/rescue/fasthalt
/rescue/fdisk
/rescue/fsck
/rescue/fsck_4.2bsd
/rescue/fsck_ffs
/rescue/fsck_msdosfs
/rescue/fsck_ufs
/rescue/fsdb
/rescue/fsirand
/rescue/gbde
/rescue/geom
/rescue/getfacl
/rescue/glabel
/rescue/gpart
/rescue/groups
/rescue/gunzip
/rescue/gzcat
/rescue/gzip
/rescue/halt
/rescue/head
/rescue/hostname
/rescue/id
/rescue/ifconfig
/rescue/init
/rescue/ipf
/rescue/iscsictl
/rescue/iscsid
/rescue/kenv
/rescue/kill
/rescue/kldconfig
/rescue/kldload
/rescue/kldstat
/rescue/kldunload
/rescue/ldconfig
/rescue/less
/rescue/link
/rescue/ln
/rescue/ls
/rescue/lzcat
/rescue/lzma
/rescue/md5
/rescue/mdconfig
/rescue/mdmfs
/rescue/mkdir
/rescue/mknod
/rescue/more
/rescue/mount
/rescue/mount_cd9660
/rescue/mount_msdosfs
/rescue/mount_nfs
/rescue/mount_nullfs
/rescue/mount_udf
/rescue/mount_unionfs
/rescue/mt
/rescue/mv
/rescue/nc
/rescue/newfs
/rescue/newfs_msdos
/rescue/nos-tun
/rescue/pgrep
/rescue/ping
/rescue/ping6
/rescue/pkill
/rescue/poweroff
/rescue/ps
/rescue/pwd
/rescue/rcorder
/rescue/rdump
/rescue/realpath
/rescue/reboot
/rescue/red
/rescue/rescue
/rescue/restore
/rescue/rm
/rescue/rmdir
/rescue/route
/rescue/routed
/rescue/rrestore
/rescue/rtquery
/rescue/rtsol
/rescue/savecore
/rescue/sed
/rescue/setfacl
/rescue/sh
/rescue/shutdown
/rescue/sleep
/rescue/spppcontrol
/rescue/stty
/rescue/swapon
/rescue/sync
/rescue/sysctl
/rescue/tail
/rescue/tar
/rescue/tcsh
/rescue/tee
/rescue/test
/rescue/tunefs
/rescue/umount
/rescue/unlink
/rescue/unlzma
/rescue/unxz
/rescue/unzstd
/rescue/vi
/rescue/whoami
/rescue/xz
/rescue/xzcat
/rescue/zcat
/rescue/zdb
/rescue/zfs
/rescue/zpool
/rescue/zstd
/rescue/zstdcat
/rescue/zstdmt
/sbin/ggatec
/sbin/ipfw
/sbin/rtsol
/sbin/zpool
/usr/bin/lldb
/usr/bin/openssl
/usr/bin/zinject
/usr/bin/ztest
/usr/include/net/if_var.h
/usr/include/openssl/asn1err.h
/usr/include/openssl/evperr.h
/usr/include/openssl/opensslv.h
/usr/include/sys/filedesc.h
/usr/include/sys/jail.h
/usr/lib/libcrypto.a
/usr/lib/libcrypto_p.a
/usr/lib/libfetch.a
/usr/lib/libfetch.so.6
/usr/lib/libfetch_p.a
/usr/lib/libpam.a
/usr/lib/libradius.a
/usr/lib/libradius.so.4
/usr/lib/libradius_p.a
/usr/lib/libssl.a
/usr/lib/libssl.so.111
/usr/lib/libssl_p.a
/usr/lib/libzfs.a
/usr/lib/libzfs_core.a
/usr/lib/libzfs_core_p.a
/usr/lib/libzfs_p.a
/usr/lib/libzpool.a
/usr/lib/pam_login_access.so.6
/usr/sbin/bhyve
/usr/sbin/freebsd-update
/usr/sbin/hostapd
/usr/sbin/ntp-keygen
/usr/sbin/rtsold
/usr/sbin/wpa_cli
/usr/sbin/wpa_supplicant
/usr/sbin/zdb
/usr/sbin/zfsd
/usr/sbin/zhack
/usr/share/man/man2/jail.2.gz
/usr/share/man/man2/jail_attach.2.gz
/usr/share/man/man2/jail_get.2.gz
/usr/share/man/man2/jail_remove.2.gz
/usr/share/man/man2/jail_set.2.gz
/usr/share/zoneinfo/Africa/Accra
/usr/share/zoneinfo/Africa/Addis_Ababa
/usr/share/zoneinfo/Africa/Algiers
/usr/share/zoneinfo/Africa/Asmara
/usr/share/zoneinfo/Africa/Asmera
/usr/share/zoneinfo/Africa/Bangui
/usr/share/zoneinfo/Africa/Brazzaville
/usr/share/zoneinfo/Africa/Casablanca
/usr/share/zoneinfo/Africa/Dar_es_Salaam
/usr/share/zoneinfo/Africa/Djibouti
/usr/share/zoneinfo/Africa/Douala
/usr/share/zoneinfo/Africa/El_Aaiun
/usr/share/zoneinfo/Africa/Juba
/usr/share/zoneinfo/Africa/Kampala
/usr/share/zoneinfo/Africa/Kinshasa
/usr/share/zoneinfo/Africa/Lagos
/usr/share/zoneinfo/Africa/Libreville
/usr/share/zoneinfo/Africa/Luanda
/usr/share/zoneinfo/Africa/Malabo
/usr/share/zoneinfo/Africa/Mogadishu
/usr/share/zoneinfo/Africa/Nairobi
/usr/share/zoneinfo/Africa/Niamey
/usr/share/zoneinfo/Africa/Porto-Novo
/usr/share/zoneinfo/America/Belize
/usr/share/zoneinfo/America/Dawson
/usr/share/zoneinfo/America/Grand_Turk
/usr/share/zoneinfo/America/Nassau
/usr/share/zoneinfo/America/Whitehorse
/usr/share/zoneinfo/Antarctica/Casey
/usr/share/zoneinfo/Antarctica/Macquarie
/usr/share/zoneinfo/Asia/Gaza
/usr/share/zoneinfo/Asia/Hebron
/usr/share/zoneinfo/Asia/Jerusalem
/usr/share/zoneinfo/Asia/Tel_Aviv
/usr/share/zoneinfo/Atlantic/Bermuda
/usr/share/zoneinfo/Australia/ACT
/usr/share/zoneinfo/Australia/Adelaide
/usr/share/zoneinfo/Australia/Brisbane
/usr/share/zoneinfo/Australia/Broken_Hill
/usr/share/zoneinfo/Australia/Canberra
/usr/share/zoneinfo/Australia/Currie
/usr/share/zoneinfo/Australia/Darwin
/usr/share/zoneinfo/Australia/Eucla
/usr/share/zoneinfo/Australia/Hobart
/usr/share/zoneinfo/Australia/Lindeman
/usr/share/zoneinfo/Australia/Melbourne
/usr/share/zoneinfo/Australia/NSW
/usr/share/zoneinfo/Australia/North
/usr/share/zoneinfo/Australia/Perth
/usr/share/zoneinfo/Australia/Queensland
/usr/share/zoneinfo/Australia/South
/usr/share/zoneinfo/Australia/Sydney
/usr/share/zoneinfo/Australia/Tasmania
/usr/share/zoneinfo/Australia/Victoria
/usr/share/zoneinfo/Australia/West
/usr/share/zoneinfo/Australia/Yancowinna
/usr/share/zoneinfo/Canada/Yukon
/usr/share/zoneinfo/Europe/Budapest
/usr/share/zoneinfo/Europe/Monaco
/usr/share/zoneinfo/Europe/Paris
/usr/share/zoneinfo/Europe/Volgograd
/usr/share/zoneinfo/Indian/Antananarivo
/usr/share/zoneinfo/Indian/Comoro
/usr/share/zoneinfo/Indian/Mahe
/usr/share/zoneinfo/Indian/Mayotte
/usr/share/zoneinfo/Israel
/usr/share/zoneinfo/Pacific/Efate
/usr/share/zoneinfo/Pacific/Fiji
/usr/share/zoneinfo/zone.tab
/usr/share/zoneinfo/zone1970.tab
Installing updates...Scanning //usr/share/certs/blacklisted for certificates...
Scanning //usr/share/certs/trusted for certificates...
 done.
=====>  Stop the pot postgresql-patroni-amd64-12_2
=====>  Remove epair0[a|b] network interfaces
=====>  unmount /mnt/data/pot/jails/postgresql-patroni-amd64-12_2/m/tmp
=====>  unmount /mnt/data/pot/jails/postgresql-patroni-amd64-12_2/m/dev
=====>  Flavour: postgresql-patroni
=====>  Executing postgresql-patroni pot commands on postgresql-patroni-amd64-12_2
=====>  mount /mnt/data/pot/jails/postgresql-patroni-amd64-12_2/m/tmp
/usr/local/etc/pot/flavours/postgresql-patroni.d/patroni.rc -> /mnt/data/pot/jails/postgresql-patroni-amd64-12_2/m/root/patroni.rc
=====>  Source /usr/local/etc/pot/flavours/postgresql-patroni.d/patroni.rc copied in the pot postgresql-patroni-amd64-12_2
=====>  unmount /mnt/data/pot/jails/postgresql-patroni-amd64-12_2/m/tmp
=====>  /mnt/data/pot/jails/postgresql-patroni-amd64-12_2/m/dev is already unmounted
=====>  mount /mnt/data/pot/jails/postgresql-patroni-amd64-12_2/m/tmp
/usr/local/etc/pot/flavours/postgresql-patroni.d/patroni.yml -> /mnt/data/pot/jails/postgresql-patroni-amd64-12_2/m/root/patroni.yml
=====>  Source /usr/local/etc/pot/flavours/postgresql-patroni.d/patroni.yml copied in the pot postgresql-patroni-amd64-12_2
=====>  unmount /mnt/data/pot/jails/postgresql-patroni-amd64-12_2/m/tmp
=====>  /mnt/data/pot/jails/postgresql-patroni-amd64-12_2/m/dev is already unmounted
=====>  mount /mnt/data/pot/jails/postgresql-patroni-amd64-12_2/m/tmp
/usr/local/etc/pot/flavours/postgresql-patroni.d/syslog-ng.conf -> /mnt/data/pot/jails/postgresql-patroni-amd64-12_2/m/root/syslog-ng.conf
=====>  Source /usr/local/etc/pot/flavours/postgresql-patroni.d/syslog-ng.conf copied in the pot postgresql-patroni-amd64-12_2
=====>  unmount /mnt/data/pot/jails/postgresql-patroni-amd64-12_2/m/tmp
=====>  /mnt/data/pot/jails/postgresql-patroni-amd64-12_2/m/dev is already unmounted
=====>  Starting postgresql-patroni-amd64-12_2 pot for the initial bootstrap
=====>  mount /mnt/data/pot/jails/postgresql-patroni-amd64-12_2/m/tmp
defaultrouter: 10.192.0.1 -> 10.192.0.1
===>  Starting the pot postgresql-patroni-amd64-12_2
ELF ldconfig path: /lib /usr/lib /usr/lib/compat
32-bit compatibility ldconfig path: /usr/lib32
Starting Network: lo0 epair0b.
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
	options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
	inet6 ::1 prefixlen 128
	inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
	inet 127.0.0.1 netmask 0xff000000
	groups: lo
	nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
epair0b: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=8<VLAN_MTU>
	ether 02:d2:15:e5:37:0b
	inet 10.192.0.4 netmask 0xffc00000 broadcast 10.255.255.255
	groups: epair
	media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
	status: active
	nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
add host 127.0.0.1: gateway lo0 fib 0: route already in table
add net default: gateway 10.192.0.1
add host ::1: gateway lo0 fib 0: route already in table
add net fe80::: gateway ::1
add net ff02::: gateway ::1
add net ::ffff:0.0.0.0: gateway ::1
add net ::0.0.0.0: gateway ::1
Creating and/or trimming log files.
Starting syslogd.
Clearing /tmp (X related).
Updating motd:.
Updating /var/run/os-release done.
Starting sendmail_submit.
Starting sendmail_msp_queue.
Starting cron.

Fri Aug 27 20:16:18 UTC 2021
/usr/local/etc/pot/flavours/postgresql-patroni.sh -> /mnt/data/pot/jails/postgresql-patroni-amd64-12_2/m/tmp/postgresql-patroni.sh
=====>  Executing postgresql-patroni script on postgresql-patroni-amd64-12_2
Creating /var/log/cook.log
Step 1: Bootstrap package repo
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] Installing pkg-1.16.3...
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] Extracting pkg-1.16.3: .......... done
Bootstrapping pkg from pkg+http://pkg.FreeBSD.org/FreeBSD:12:amd64/quarterly, please wait...
Step 2: Touch /etc/rc.conf
Step 3: Remove ifconfig_epair0b from config
Step 4: Disable sendmail
sendmail disabled in /etc/rc.conf
sendmail_submit disabled in /etc/rc.conf
sendmail_msp_queue disabled in /etc/rc.conf
Step 5: Create /usr/local/etc/rc.d
Step 6: Update package repository
Updating FreeBSD repository catalogue...
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] Fetching meta.conf: . done
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] Fetching packagesite.txz: .......... done
Processing entries: .......... done
FreeBSD repository update completed. 30847 packages processed.
All repositories are up to date.
Step 7: Install package sudo
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
Updating database digests format: . done
The following 3 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
	gettext-runtime: 0.21
	indexinfo: 0.3.1
	sudo: 1.9.7p1

Number of packages to be installed: 3

The process will require 7 MiB more space.
2 MiB to be downloaded.
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [1/3] Fetching sudo-1.9.7p1.txz: .......... done
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [2/3] Fetching gettext-runtime-0.21.txz: .......... done
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [3/3] Fetching indexinfo-0.3.1.txz: . done
Checking integrity... done (0 conflicting)
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [1/3] Installing indexinfo-0.3.1...
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [1/3] Extracting indexinfo-0.3.1: .... done
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [2/3] Installing gettext-runtime-0.21...
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [2/3] Extracting gettext-runtime-0.21: .......... done
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [3/3] Installing sudo-1.9.7p1...
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [3/3] Extracting sudo-1.9.7p1: .......... done
Step 8: Install package openssl
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 1 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
	openssl: 1.1.1k_1,1

Number of packages to be installed: 1

The process will require 14 MiB more space.
4 MiB to be downloaded.
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [1/1] Fetching openssl-1.1.1k_1,1.txz: .......... done
Checking integrity... done (0 conflicting)
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [1/1] Installing openssl-1.1.1k_1,1...
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [1/1] Extracting openssl-1.1.1k_1,1: .......... done
Step 9: Install package vault
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 1 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
	vault: 1.7.3

Number of packages to be installed: 1

The process will require 149 MiB more space.
49 MiB to be downloaded.
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [1/1] Fetching vault-1.7.3.txz: .......... done
Checking integrity... done (0 conflicting)
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [1/1] Installing vault-1.7.3...
===> Creating groups.
Creating group 'vault' with gid '471'.
===> Creating users
Creating user 'vault' with uid '471'.
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [1/1] Extracting vault-1.7.3: ..... done
=====
Message from vault-1.7.3:

--
The vault user created by the vault package is now a member of the daemon
class, which will allow it to use mlock() when started by the rc script. This
will not be reflected in systems where the user already exists. Please add the
vault user to the daemon class manually by running:

pw usermod -L daemon -n vault

or delete the user and reinstall the package.

You may also need to increase memorylocked for the daemon class in
/etc/login.conf to 1024M or more and run:

cap_mkdb /etc/login.conf

Or to disable mlock, add:

disable_mlock = 1

to /usr/local/etc/vault.hcl
Step 10: Install package consul
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 1 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
	consul: 1.9.5

Number of packages to be installed: 1

The process will require 78 MiB more space.
27 MiB to be downloaded.
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [1/1] Fetching consul-1.9.5.txz: .......... done
Checking integrity... done (0 conflicting)
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [1/1] Installing consul-1.9.5...
===> Creating groups.
Creating group 'consul' with gid '469'.
===> Creating users
Creating user 'consul' with uid '469'.
===> Creating homedir(s)
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [1/1] Extracting consul-1.9.5: ..... done
Step 11: Install package node_exporter
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 1 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
	node_exporter: 1.1.2

Number of packages to be installed: 1

The process will require 11 MiB more space.
3 MiB to be downloaded.
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [1/1] Fetching node_exporter-1.1.2.txz: .......... done
Checking integrity... done (0 conflicting)
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [1/1] Installing node_exporter-1.1.2...
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [1/1] Extracting node_exporter-1.1.2: .......... done
=====
Message from node_exporter-1.1.2:

--
If upgrading from a version of node_exporter <0.15.0 you'll need to update any
custom command line flags that you may have set as it now requires a
double-dash (--flag) instead of a single dash (-flag).
The collector flags in 0.15.0 have now been replaced with individual boolean
flags and the -collector.procfs` and -collector.sysfs` flags have been renamed
to --path.procfs and --path.sysfs respectively.
Step 12: Install package syslog-ng
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 14 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
	ca_root_nss: 3.63
	curl: 7.78.0
	e2fsprogs-libuuid: 1.46.4
	glib: 2.66.8,2
	json-c: 0.15_1
	libffi: 3.3_1
	libiconv: 1.16
	libnghttp2: 1.43.0
	libxml2: 2.9.12
	mpdecimal: 2.5.1
	pcre: 8.44
	python38: 3.8.10
	readline: 8.1.1
	syslog-ng: 3.32.1

Number of packages to be installed: 14

The process will require 165 MiB more space.
26 MiB to be downloaded.
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [1/14] Fetching syslog-ng-3.32.1.txz: .......... done
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [2/14] Fetching e2fsprogs-libuuid-1.46.4.txz: ..... done
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [3/14] Fetching curl-7.78.0.txz: .......... done
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [4/14] Fetching libnghttp2-1.43.0.txz: .......... done
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [5/14] Fetching ca_root_nss-3.63.txz: .......... done
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [6/14] Fetching pcre-8.44.txz: .......... done
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [7/14] Fetching json-c-0.15_1.txz: ........ done
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [8/14] Fetching glib-2.66.8,2.txz: .......... done
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [9/14] Fetching libxml2-2.9.12.txz: .......... done
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [10/14] Fetching python38-3.8.10.txz: .......... done
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [11/14] Fetching mpdecimal-2.5.1.txz: .......... done
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [12/14] Fetching readline-8.1.1.txz: .......... done
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [13/14] Fetching libffi-3.3_1.txz: ..... done
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [14/14] Fetching libiconv-1.16.txz: .......... done
Checking integrity... done (0 conflicting)
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [1/14] Installing mpdecimal-2.5.1...
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [1/14] Extracting mpdecimal-2.5.1: .......... done
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [2/14] Installing readline-8.1.1...
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [2/14] Extracting readline-8.1.1: .......... done
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [3/14] Installing libffi-3.3_1...
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [3/14] Extracting libffi-3.3_1: .......... done
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [4/14] Installing libnghttp2-1.43.0...
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [4/14] Extracting libnghttp2-1.43.0: .......... done
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [5/14] Installing ca_root_nss-3.63...
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [5/14] Extracting ca_root_nss-3.63: ........ done
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [6/14] Installing pcre-8.44...
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [6/14] Extracting pcre-8.44: .......... done
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [7/14] Installing libxml2-2.9.12...
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [7/14] Extracting libxml2-2.9.12: .......... done
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [8/14] Installing python38-3.8.10...
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [8/14] Extracting python38-3.8.10: .......... done
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [9/14] Installing libiconv-1.16...
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [9/14] Extracting libiconv-1.16: .......... done
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [10/14] Installing e2fsprogs-libuuid-1.46.4...
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [10/14] Extracting e2fsprogs-libuuid-1.46.4: .......... done
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [11/14] Installing curl-7.78.0...
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [11/14] Extracting curl-7.78.0: .......... done
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [12/14] Installing json-c-0.15_1...
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [12/14] Extracting json-c-0.15_1: .......... done
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [13/14] Installing glib-2.66.8,2...
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [13/14] Extracting glib-2.66.8,2: .......... done
No schema files found: doing nothing.
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [14/14] Installing syslog-ng-3.32.1...
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [14/14] Extracting syslog-ng-3.32.1: .......... done
=====
Message from ca_root_nss-3.63:

--
FreeBSD does not, and can not warrant that the certification authorities
whose certificates are included in this package have in any way been
audited for trustworthiness or RFC 3647 compliance.

Assessment and verification of trust is the complete responsibility of the
system administrator.


This package installs symlinks to support root certificates discovery by
default for software that uses OpenSSL.

This enables SSL Certificate Verification by client software without manual
intervention.

If you prefer to do this manually, replace the following symlinks with
either an empty file or your site-local certificate bundle.

  * /etc/ssl/cert.pem
  * /usr/local/etc/ssl/cert.pem
  * /usr/local/openssl/cert.pem
=====
Message from python38-3.8.10:

--
Note that some standard Python modules are provided as separate ports
as they require additional dependencies. They are available as:

py38-gdbm       databases/py-gdbm@py38
py38-sqlite3    databases/py-sqlite3@py38
py38-tkinter    x11-toolkits/py-tkinter@py38
=====
Message from syslog-ng-3.32.1:

--
syslog-ng is now installed!  To replace FreeBSD's standard syslogd
(/usr/sbin/syslogd), complete these steps:

1. Create a configuration file named /usr/local/etc/syslog-ng.conf
   (a sample named syslog-ng.conf.sample has been included in
   /usr/local/etc). Note that this is a change in 2.0.2
   version, previous ones put the config file in
   /usr/local/etc/syslog-ng/syslog-ng.conf, so if this is an update
   move that file in the right place

2. Configure syslog-ng to start automatically by adding the following
   to /etc/rc.conf:

        syslog_ng_enable="YES"

3. Prevent the standard FreeBSD syslogd from starting automatically by
   adding a line to the end of your /etc/rc.conf file that reads:

        syslogd_enable="NO"

4. Shut down the standard FreeBSD syslogd:

     kill `cat /var/run/syslog.pid`

5. Start syslog-ng:

     /usr/local/etc/rc.d/syslog-ng start
Step 13: Install package postgresql-server
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 7 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
	icu: 69.1,1
	libedit: 3.1.20210216,1
	llvm10: 10.0.1_5
	lua52: 5.2.4
	perl5: 5.32.1_1
	postgresql13-client: 13.3
	postgresql13-server: 13.3_1

Number of packages to be installed: 7

The process will require 810 MiB more space.
138 MiB to be downloaded.
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [1/7] Fetching postgresql13-server-13.3_1.txz: .......... done
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [2/7] Fetching llvm10-10.0.1_5.txz: .......... done
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [3/7] Fetching perl5-5.32.1_1.txz: .......... done
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [4/7] Fetching lua52-5.2.4.txz: .......... done
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [5/7] Fetching libedit-3.1.20210216,1.txz: .......... done
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [6/7] Fetching icu-69.1,1.txz: .......... done
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [7/7] Fetching postgresql13-client-13.3.txz: .......... done
Checking integrity... done (0 conflicting)
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [1/7] Installing libedit-3.1.20210216,1...
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [1/7] Extracting libedit-3.1.20210216,1: .......... done
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [2/7] Installing perl5-5.32.1_1...
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [2/7] Extracting perl5-5.32.1_1: .......... done
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [3/7] Installing lua52-5.2.4...
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [3/7] Extracting lua52-5.2.4: ......... done
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [4/7] Installing llvm10-10.0.1_5...
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [4/7] Extracting llvm10-10.0.1_5: .......... done
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [5/7] Installing icu-69.1,1...
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [5/7] Extracting icu-69.1,1: .......... done
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [6/7] Installing postgresql13-client-13.3...
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [6/7] Extracting postgresql13-client-13.3: .......... done
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [7/7] Installing postgresql13-server-13.3_1...
===> Creating groups.
Creating group 'postgres' with gid '770'.
===> Creating users
Creating user 'postgres' with uid '770'.
===> Creating homedir(s)

  =========== BACKUP YOUR DATA! =============
  As always, backup your data before
  upgrading. If the upgrade leads to a higher
  major revision (e.g. 9.6 -> 10), a dump
  and restore of all databases is
  required. This is *NOT* done by the port!
  See https://www.postgresql.org/docs/current/upgrading.html
  ===========================================
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [7/7] Extracting postgresql13-server-13.3_1: .......... done
=====
Message from postgresql13-client-13.3:

--
The PostgreSQL port has a collection of "side orders":

postgresql-docs
  For all of the html documentation

p5-Pg
  A perl5 API for client access to PostgreSQL databases.

postgresql-tcltk 
  If you want tcl/tk client support.

postgresql-jdbc
  For Java JDBC support.

postgresql-odbc
  For client access from unix applications using ODBC as access
  method. Not needed to access unix PostgreSQL servers from Win32
  using ODBC. See below.

ruby-postgres, py-psycopg2
  For client access to PostgreSQL databases using the ruby & python
  languages.

postgresql-plperl, postgresql-pltcl & postgresql-plruby
  For using perl5, tcl & ruby as procedural languages.

postgresql-contrib
  Lots of contributed utilities, postgresql functions and
  datatypes. There you find pg_standby, pgcrypto and many other cool
  things.

etc...
=====
Message from postgresql13-server-13.3_1:

--
For procedural languages and postgresql functions, please note that
you might have to update them when updating the server.

If you have many tables and many clients running, consider raising
kern.maxfiles using sysctl(8), or reconfigure your kernel
appropriately.

The port is set up to use autovacuum for new databases, but you might
also want to vacuum and perhaps backup your database regularly. There
is a periodic script, /usr/local/etc/periodic/daily/502.pgsql, that
you may find useful. You can use it to backup and perform vacuum on all
databases nightly. Per default, it performs `vacuum analyze'. See the
script for instructions. For autovacuum settings, please review
~postgres/data/postgresql.conf.

If you plan to access your PostgreSQL server using ODBC, please
consider running the SQL script /usr/local/share/postgresql/odbc.sql
to get the functions required for ODBC compliance.

Please note that if you use the rc script,
/usr/local/etc/rc.d/postgresql, to initialize the database, unicode
(UTF-8) will be used to store character data by default.  Set
postgresql_initdb_flags or use login.conf settings described below to
alter this behaviour. See the start rc script for more info.

To set limits, environment stuff like locale and collation and other
things, you can set up a class in /etc/login.conf before initializing
the database. Add something similar to this to /etc/login.conf:
---
postgres:\
	:lang=en_US.UTF-8:\
	:setenv=LC_COLLATE=C:\
	:tc=default:
---
and run `cap_mkdb /etc/login.conf'.
Then add 'postgresql_class="postgres"' to /etc/rc.conf.

======================================================================

To initialize the database, run

  /usr/local/etc/rc.d/postgresql initdb

You can then start PostgreSQL by running:

  /usr/local/etc/rc.d/postgresql start

For postmaster settings, see ~postgres/data/postgresql.conf

NB. FreeBSD's PostgreSQL port logs to syslog by default
    See ~postgres/data/postgresql.conf for more info

NB. If you're not using a checksumming filesystem like ZFS, you might
    wish to enable data checksumming. It can be enabled during
    the initdb phase, by adding the "--data-checksums" flag to
    the postgresql_initdb_flags rcvar. Otherwise you can enable it later by
    pg_checksums.  Check the initdb(1) manpage for more info
    and make sure you understand the performance implications.

======================================================================

To run PostgreSQL at startup, add
'postgresql_enable="YES"' to /etc/rc.conf
Step 14: Install package postgresql-client
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
Checking integrity... done (0 conflicting)
The most recent versions of packages are already installed
Step 15: Install package python37
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
Checking integrity... done (0 conflicting)
The most recent versions of packages are already installed
Step 16: Install package python3-pip
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 2 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
	py38-pip: 20.3.4
	py38-setuptools: 57.0.0

Number of packages to be installed: 2

The process will require 19 MiB more space.
3 MiB to be downloaded.
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [1/2] Fetching py38-pip-20.3.4.txz: .......... done
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [2/2] Fetching py38-setuptools-57.0.0.txz: .......... done
Checking integrity... done (0 conflicting)
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [1/2] Installing py38-setuptools-57.0.0...
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [1/2] Extracting py38-setuptools-57.0.0: .......... done
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [2/2] Installing py38-pip-20.3.4...
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [2/2] Extracting py38-pip-20.3.4: .......... done
=====
Message from py38-pip-20.3.4:

--
pip MUST ONLY be used:

 * With the --user flag, OR
 * To install or manage Python packages in virtual environments

Failure to follow this warning can and will result in an inconsistent
system-wide Python environment (LOCALBASE/lib/pythonX.Y/site-packages) and
cause errors.

Avoid using pip as root unless you know what you're doing.
Step 17: Install package python-consul2
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 12 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
	py38-certifi: 2021.5.30
	py38-cffi: 1.14.5
	py38-chardet: 4.0.0,1
	py38-cryptography: 3.3.2
	py38-idna: 2.10
	py38-openssl: 20.0.1
	py38-pycparser: 2.20
	py38-pysocks: 1.7.1
	py38-python-consul2: 0.1.5
	py38-requests: 2.25.1
	py38-six: 1.16.0
	py38-urllib3: 1.25.11,1

Number of packages to be installed: 12

The process will require 10 MiB more space.
1 MiB to be downloaded.
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [1/12] Fetching py38-python-consul2-0.1.5.txz: ...... done
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [2/12] Fetching py38-requests-2.25.1.txz: .......... done
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [3/12] Fetching py38-chardet-4.0.0,1.txz: .......... done
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [4/12] Fetching py38-certifi-2021.5.30.txz: .......... done
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [5/12] Fetching py38-urllib3-1.25.11,1.txz: .......... done
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [6/12] Fetching py38-openssl-20.0.1.txz: .......... done
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [7/12] Fetching py38-cryptography-3.3.2.txz: .......... done
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [8/12] Fetching py38-six-1.16.0.txz: ... done
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [9/12] Fetching py38-cffi-1.14.5.txz: .......... done
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [10/12] Fetching py38-pycparser-2.20.txz: .......... done
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [11/12] Fetching py38-pysocks-1.7.1.txz: ... done
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [12/12] Fetching py38-idna-2.10.txz: ......... done
Checking integrity... done (0 conflicting)
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [1/12] Installing py38-pycparser-2.20...
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [1/12] Extracting py38-pycparser-2.20: .......... done
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [2/12] Installing py38-six-1.16.0...
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [2/12] Extracting py38-six-1.16.0: .......... done
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [3/12] Installing py38-cffi-1.14.5...
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [3/12] Extracting py38-cffi-1.14.5: .......... done
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [4/12] Installing py38-cryptography-3.3.2...
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [4/12] Extracting py38-cryptography-3.3.2: .......... done
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [5/12] Installing py38-certifi-2021.5.30...
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [5/12] Extracting py38-certifi-2021.5.30: .......... done
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [6/12] Installing py38-openssl-20.0.1...
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [6/12] Extracting py38-openssl-20.0.1: .......... done
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [7/12] Installing py38-pysocks-1.7.1...
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [7/12] Extracting py38-pysocks-1.7.1: .......... done
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [8/12] Installing py38-idna-2.10...
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [8/12] Extracting py38-idna-2.10: .......... done
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [9/12] Installing py38-chardet-4.0.0,1...
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [9/12] Extracting py38-chardet-4.0.0,1: .......... done
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [10/12] Installing py38-urllib3-1.25.11,1...
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [10/12] Extracting py38-urllib3-1.25.11,1: .......... done
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [11/12] Installing py38-requests-2.25.1...
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [11/12] Extracting py38-requests-2.25.1: .......... done
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [12/12] Installing py38-python-consul2-0.1.5...
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [12/12] Extracting py38-python-consul2-0.1.5: .......... done
=====
Message from py38-urllib3-1.25.11,1:

--
Since version 1.25 HTTPS connections are now verified by default which is done
via "cert_reqs = 'CERT_REQUIRED'".  While certificate verification can be
disabled via "cert_reqs = 'CERT_NONE'", it's highly recommended to leave it on.

Various consumers of net/py-urllib3 already have implemented routines that
either explicitly enable or disable HTTPS certificate verification (e.g. via
configuration settings, CLI arguments, etc.).

Yet it may happen that there are still some consumers which don't explicitly
enable/disable certificate verification for HTTPS connections which could then
lead to errors (as is often the case with self-signed certificates).

In case of an error one should try first to temporarily disable certificate
verification of the problematic urllib3 consumer to see if that approach will
remedy the issue.
Step 18: Install package curl
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
Checking integrity... done (0 conflicting)
The most recent versions of packages are already installed
Step 19: Install package jq
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 2 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
	jq: 1.6
	oniguruma: 6.9.7.1

Number of packages to be installed: 2

The process will require 2 MiB more space.
498 KiB to be downloaded.
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [1/2] Fetching jq-1.6.txz: .......... done
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [2/2] Fetching oniguruma-6.9.7.1.txz: .......... done
Checking integrity... done (0 conflicting)
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [1/2] Installing oniguruma-6.9.7.1...
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [1/2] Extracting oniguruma-6.9.7.1: .......... done
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [2/2] Installing jq-1.6...
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [2/2] Extracting jq-1.6: .......... done
Step 20: Install package jo
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 1 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
	jo: 1.4

Number of packages to be installed: 1

19 KiB to be downloaded.
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [1/1] Fetching jo-1.4.txz: ... done
Checking integrity... done (0 conflicting)
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [1/1] Installing jo-1.4...
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [1/1] Extracting jo-1.4: ...... done
Step 21: Install package git-lite
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 3 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
	expat: 2.4.1
	git-lite: 2.32.0_1
	pcre2: 10.37

Number of packages to be installed: 3

The process will require 34 MiB more space.
6 MiB to be downloaded.
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [1/3] Fetching git-lite-2.32.0_1.txz: .......... done
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [2/3] Fetching expat-2.4.1.txz: .......... done
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [3/3] Fetching pcre2-10.37.txz: .......... done
Checking integrity... done (0 conflicting)
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [1/3] Installing expat-2.4.1...
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [1/3] Extracting expat-2.4.1: .......... done
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [2/3] Installing pcre2-10.37...
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [2/3] Extracting pcre2-10.37: .......... done
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [3/3] Installing git-lite-2.32.0_1...
===> Creating groups.
Creating group 'git_daemon' with gid '964'.
===> Creating users
Creating user 'git_daemon' with uid '964'.
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [3/3] Extracting git-lite-2.32.0_1: .......... done
=====
Message from git-lite-2.32.0_1:

--
If you installed the GITWEB option please follow these instructions:

In the directory /usr/local/share/examples/git/gitweb you can find all files to
make gitweb work as a public repository on the web.

All you have to do to make gitweb work is:
1) Please be sure you're able to execute CGI scripts in
   /usr/local/share/examples/git/gitweb.
2) Set the GITWEB_CONFIG variable in your webserver's config to
   /usr/local/etc/git/gitweb.conf. This variable is passed to gitweb.cgi.
3) Restart server.


If you installed the CONTRIB option please note that the scripts are
installed in /usr/local/share/git-core/contrib. Some of them require
other ports to be installed (perl, python, etc), which you may need to
install manually.
Step 22: Install package go
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 1 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
	go: 1.16.7,1

Number of packages to be installed: 1

The process will require 285 MiB more space.
74 MiB to be downloaded.
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [1/1] Fetching go-1.16.7,1.txz: .......... done
Checking integrity... done (0 conflicting)
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [1/1] Installing go-1.16.7,1...
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [1/1] Extracting go-1.16.7,1: .......... done
Step 23: Instal package gmake
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 1 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
	gmake: 4.3_2

Number of packages to be installed: 1

The process will require 2 MiB more space.
416 KiB to be downloaded.
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [1/1] Fetching gmake-4.3_2.txz: .......... done
Checking integrity... done (0 conflicting)
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [1/1] Installing gmake-4.3_2...
[postgresql-patroni-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [1/1] Extracting gmake-4.3_2: .......... done
Step 24: Instal package curl
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
Checking integrity... done (0 conflicting)
The most recent versions of packages are already installed
Step 25: Install pip package psycopg2-binary
Collecting psycopg2-binary
  Downloading psycopg2-binary-2.9.1.tar.gz (380 kB)
Using legacy 'setup.py install' for psycopg2-binary, since package 'wheel' is not installed.
Installing collected packages: psycopg2-binary
    Running setup.py install for psycopg2-binary: started
    Running setup.py install for psycopg2-binary: finished with status 'done'
Successfully installed psycopg2-binary-2.9.1
Step 26: Install pip package patroni
Collecting patroni
  Downloading patroni-2.1.1-py3-none-any.whl (219 kB)
Collecting python-dateutil
  Downloading python_dateutil-2.8.2-py2.py3-none-any.whl (247 kB)
Collecting psutil>=2.0.0
  Downloading psutil-5.8.0.tar.gz (470 kB)
Collecting click>=4.1
  Downloading click-8.0.1-py3-none-any.whl (97 kB)
Collecting PyYAML
  Downloading PyYAML-5.4.1.tar.gz (175 kB)
  Installing build dependencies: started
  Installing build dependencies: finished with status 'done'
  Getting requirements to build wheel: started
  Getting requirements to build wheel: finished with status 'done'
    Preparing wheel metadata: started
    Preparing wheel metadata: finished with status 'done'
Collecting prettytable>=0.7
  Downloading prettytable-2.2.0-py3-none-any.whl (23 kB)
Collecting ydiff>=1.2.0
  Downloading ydiff-1.2.tar.gz (42 kB)
Requirement already satisfied: urllib3!=1.21,>=1.19.1 in /usr/local/lib/python3.8/site-packages (from patroni) (1.25.11)
Requirement already satisfied: six>=1.7 in /usr/local/lib/python3.8/site-packages (from patroni) (1.16.0)
Collecting wcwidth
  Downloading wcwidth-0.2.5-py2.py3-none-any.whl (30 kB)
Using legacy 'setup.py install' for psutil, since package 'wheel' is not installed.
Using legacy 'setup.py install' for ydiff, since package 'wheel' is not installed.
Building wheels for collected packages: PyYAML
  Building wheel for PyYAML (PEP 517): started
  Building wheel for PyYAML (PEP 517): finished with status 'done'
  Created wheel for PyYAML: filename=PyYAML-5.4.1-cp38-cp38-freebsd_12_2_release_p10_amd64.whl size=45670 sha256=1849e33de547348273a8838fbcbf761c767a88659d0d96a2196114968f136025
  Stored in directory: /root/.cache/pip/wheels/dd/c5/1d/5d7436173d3efd4a14dcb510eb0b29525ecb6b0e41489e716e
Successfully built PyYAML
Installing collected packages: wcwidth, ydiff, PyYAML, python-dateutil, psutil, prettytable, click, patroni
    Running setup.py install for ydiff: started
    Running setup.py install for ydiff: finished with status 'done'
    Running setup.py install for psutil: started
    Running setup.py install for psutil: finished with status 'done'
Successfully installed PyYAML-5.4.1 click-8.0.1 patroni-2.1.1 prettytable-2.2.0 psutil-5.8.0 python-dateutil-2.8.2 wcwidth-0.2.5 ydiff-1.2
Step 27: Clean package installation
The following package files will be deleted:
	/var/cache/pkg/vault-1.7.3.txz
	/var/cache/pkg/python38-3.8.10.txz
	/var/cache/pkg/py38-python-consul2-0.1.5.txz
	/var/cache/pkg/py38-requests-2.25.1.txz
	/var/cache/pkg/readline-8.1.1~c6e0b75a5a.txz
	/var/cache/pkg/py38-pip-20.3.4.txz
	/var/cache/pkg/gettext-runtime-0.21.txz
	/var/cache/pkg/pcre2-10.37.txz
	/var/cache/pkg/libxml2-2.9.12.txz
	/var/cache/pkg/py38-pip-20.3.4~ea96296a17.txz
	/var/cache/pkg/py38-setuptools-57.0.0.txz
	/var/cache/pkg/openssl-1.1.1k_1,1.txz
	/var/cache/pkg/gmake-4.3_2~d398c6d50b.txz
	/var/cache/pkg/py38-certifi-2021.5.30~cdd82ede78.txz
	/var/cache/pkg/glib-2.66.8,2~e7f710500f.txz
	/var/cache/pkg/pcre2-10.37~05ce9a0a91.txz
	/var/cache/pkg/mpdecimal-2.5.1~1d25bc877b.txz
	/var/cache/pkg/curl-7.78.0~ef570545e8.txz
	/var/cache/pkg/python38-3.8.10~b529305b59.txz
	/var/cache/pkg/py38-six-1.16.0.txz
	/var/cache/pkg/py38-urllib3-1.25.11,1.txz
	/var/cache/pkg/py38-requests-2.25.1~2276d4a3bc.txz
	/var/cache/pkg/py38-six-1.16.0~827d80e838.txz
	/var/cache/pkg/e2fsprogs-libuuid-1.46.4.txz
	/var/cache/pkg/py38-pycparser-2.20~ae2fc2aeab.txz
	/var/cache/pkg/postgresql13-client-13.3~d3542500ea.txz
	/var/cache/pkg/py38-idna-2.10~452a010607.txz
	/var/cache/pkg/e2fsprogs-libuuid-1.46.4~896ac07355.txz
	/var/cache/pkg/py38-chardet-4.0.0,1~7df3b94b3e.txz
	/var/cache/pkg/jq-1.6~c6066b435f.txz
	/var/cache/pkg/py38-python-consul2-0.1.5~3edca36113.txz
	/var/cache/pkg/ca_root_nss-3.63.txz
	/var/cache/pkg/indexinfo-0.3.1~cd1aa182f5.txz
	/var/cache/pkg/syslog-ng-3.32.1.txz
	/var/cache/pkg/py38-urllib3-1.25.11,1~b5c0bfe144.txz
	/var/cache/pkg/py38-chardet-4.0.0,1.txz
	/var/cache/pkg/libiconv-1.16.txz
	/var/cache/pkg/oniguruma-6.9.7.1.txz
	/var/cache/pkg/perl5-5.32.1_1~9d4850b10d.txz
	/var/cache/pkg/libffi-3.3_1.txz
	/var/cache/pkg/sudo-1.9.7p1~683cf599ea.txz
	/var/cache/pkg/indexinfo-0.3.1.txz
	/var/cache/pkg/postgresql13-server-13.3_1~d6782fc1ce.txz
	/var/cache/pkg/py38-pycparser-2.20.txz
	/var/cache/pkg/pcre-8.44~eb4a39393e.txz
	/var/cache/pkg/node_exporter-1.1.2~05f1a82760.txz
	/var/cache/pkg/lua52-5.2.4~75e4ccaac4.txz
	/var/cache/pkg/py38-cffi-1.14.5.txz
	/var/cache/pkg/mpdecimal-2.5.1.txz
	/var/cache/pkg/llvm10-10.0.1_5.txz
	/var/cache/pkg/jq-1.6.txz
	/var/cache/pkg/glib-2.66.8,2.txz
	/var/cache/pkg/postgresql13-client-13.3.txz
	/var/cache/pkg/pcre-8.44.txz
	/var/cache/pkg/node_exporter-1.1.2.txz
	/var/cache/pkg/lua52-5.2.4.txz
	/var/cache/pkg/libnghttp2-1.43.0~a371ad62f9.txz
	/var/cache/pkg/libedit-3.1.20210216,1~cedfcaa453.txz
	/var/cache/pkg/py38-openssl-20.0.1~84abdaad37.txz
	/var/cache/pkg/postgresql13-server-13.3_1.txz
	/var/cache/pkg/py38-pysocks-1.7.1.txz
	/var/cache/pkg/perl5-5.32.1_1.txz
	/var/cache/pkg/libffi-3.3_1~57ea96fce2.txz
	/var/cache/pkg/jo-1.4~a7177d81a0.txz
	/var/cache/pkg/vault-1.7.3~cd2b978f50.txz
	/var/cache/pkg/expat-2.4.1.txz
	/var/cache/pkg/py38-cffi-1.14.5~efd2612eb2.txz
	/var/cache/pkg/consul-1.9.5~a117e971c4.txz
	/var/cache/pkg/libiconv-1.16~d5dea9e62b.txz
	/var/cache/pkg/icu-69.1,1.txz
	/var/cache/pkg/py38-idna-2.10.txz
	/var/cache/pkg/go-1.16.7,1~5436f5cd0c.txz
	/var/cache/pkg/py38-setuptools-57.0.0~3e1708a228.txz
	/var/cache/pkg/go-1.16.7,1.txz
	/var/cache/pkg/icu-69.1,1~2ca67b0b4f.txz
	/var/cache/pkg/gmake-4.3_2.txz
	/var/cache/pkg/oniguruma-6.9.7.1~4185029456.txz
	/var/cache/pkg/py38-cryptography-3.3.2.txz
	/var/cache/pkg/llvm10-10.0.1_5~ddb5dec6d1.txz
	/var/cache/pkg/json-c-0.15_1.txz
	/var/cache/pkg/libedit-3.1.20210216,1.txz
	/var/cache/pkg/git-lite-2.32.0_1~e46e854e24.txz
	/var/cache/pkg/py38-certifi-2021.5.30.txz
	/var/cache/pkg/syslog-ng-3.32.1~0943a6fbf2.txz
	/var/cache/pkg/libnghttp2-1.43.0.txz
	/var/cache/pkg/openssl-1.1.1k_1,1~89d9dc53f3.txz
	/var/cache/pkg/py38-openssl-20.0.1.txz
	/var/cache/pkg/readline-8.1.1.txz
	/var/cache/pkg/sudo-1.9.7p1.txz
	/var/cache/pkg/json-c-0.15_1~ff906a5de2.txz
	/var/cache/pkg/py38-cryptography-3.3.2~629931d11c.txz
	/var/cache/pkg/py38-pysocks-1.7.1~98944ce32f.txz
	/var/cache/pkg/curl-7.78.0.txz
	/var/cache/pkg/expat-2.4.1~df4e166ffc.txz
	/var/cache/pkg/ca_root_nss-3.63~dbafb0f738.txz
	/var/cache/pkg/jo-1.4.txz
	/var/cache/pkg/consul-1.9.5.txz
	/var/cache/pkg/git-lite-2.32.0_1.txz
	/var/cache/pkg/libxml2-2.9.12~9b537b9fce.txz
	/var/cache/pkg/gettext-runtime-0.21~778e7e5b6e.txz
The cleanup will free 333 MiB
Deleting files: .......... done
All done
Step 28: Remove pre-existing cook script (if any)
Step 29: Create cook script
Step 30: Make cook script executable
setting executable bit on /usr/local/bin/cook
Step 31: Create rc.d script to start cook
creating rc.d script to start cook
Step 32: Make rc.d script to start cook executable
Setting executable bit on cook rc file
Step 33: Enable cook service
enabling cook
cook enabled in /etc/rc.conf
=====>  Stop the pot postgresql-patroni-amd64-12_2
=====>  Remove epair0[a|b] network interfaces
=====>  unmount /mnt/data/pot/jails/postgresql-patroni-amd64-12_2/m/tmp
=====>  unmount /mnt/data/pot/jails/postgresql-patroni-amd64-12_2/m/dev
=====>  Flavour: postgresql-patroni+1
=====>  Executing postgresql-patroni+1 pot commands on postgresql-patroni-amd64-12_2
=====>  No shell script available for the flavour postgresql-patroni+1
=====>  Flavour: postgresql-patroni+2
=====>  Executing postgresql-patroni+2 pot commands on postgresql-patroni-amd64-12_2
=====>  No shell script available for the flavour postgresql-patroni+2
=====>  Flavour: postgresql-patroni+3
=====>  Executing postgresql-patroni+3 pot commands on postgresql-patroni-amd64-12_2
=====>  No shell script available for the flavour postgresql-patroni+3
=====>  Flavour: postgresql-patroni+4
=====>  Executing postgresql-patroni+4 pot commands on postgresql-patroni-amd64-12_2
=====>  No shell script available for the flavour postgresql-patroni+4

This site © Honeyguide Group (Pty) Ltd, all the hosted software their respective license owners 2020 - 2021 - Disclaimer