Traefik (Consul)

Overview

This is a flavour containing the traefik reverse proxy and load balancer preconfigured for usage with consul (e.g. consul pot image on potluck.

Installation

  • Create your local jail from the image or the flavour files.
  • Export the ports after creating the jail:
    pot export-ports -p <jailname> -e 8080:8080 -e 9002:9002
  • Adjust to your environment:
    sudo pot set-env -p <jailname> -E CONSULSERVER=<IP or hostname of consulserver>
  • Optional: Mount your traefik log storage directory into the jail:
    sudo pot mount-in -p <jailname> -m /var/log/traefik -d <logdirectory_on_host>
  • Start jail with pot start

Usage

traefik in the jail is listening on port 8080 (HTTP) and 8443 (HTTPS with self signed certificate).

You can connect to the dashboard on port 9002 of your jail IP address.

The services registered on your associated consul instance are available under their service name via the host: header (similar to e.g. Apache Virtual Hosts).
To test this, you can use curl -H 'host: my-consul-servicename' <jailip>:8080.

Getting Started

How To Use The Ready-Made Image

FreeBSD 12.2:
pot import -p traefik-consul-amd64-12_2 -t 1.2.2 -U https://potluck.honeyguide.net/traefik-consul

FreeBSD 11.4:
pot import -p traefik-consul-amd64-11_4 -t 1.2.2 -U https://potluck.honeyguide.net/traefik-consul

If you don’t want to use the default pot bridged network configuration but instead need an individual network setup (e.g. assign a host IP address), after importing it you can simply clone the jail like that (em0 is the host network adapter in this example):
pot clone -P traefik-consul-amd64-12_2 -p my-cloned-jail -N alias -i "em0|10.10.10.10"

Note: Some images might require specific network configuration, double check the Overview-chapter at the top.

Alternatively: Create a Jail With This Flavour Yourself

1. Create Flavour Files

Save all files and directories from https://github.com/hny-gd/potluck/tree/master/traefik-consul to /usr/local/etc/pot/flavours/

2. Create Jail From Flavour

Run
pot create -b <FreeBSD Version> -p <jailname> -t single -N public-bridge -f fbsd-update

with your FreeBSD version (e.g. 12.1) and the name your jail should get.

Note: Some images might require specific network configuration, double check the Overview-chapter at the top.

Version History

1.2.2

  • Install traefik instead of traefik2 since the traefik pkg is now v2

1.2.1

  • Trigger build of FreeBSD 12.2 image & rebuild FreeBSD 11.4 image to update packages

1.2

  • Moved from traefik to traefik2 port
  • Support mounting of traefik log directory to persist access logs

1.1

  • Added HTTPS with self signed certificate (port 8443)

1.0

  • Initial commit

These images were built on Wed Mar 3 13:50:03 UTC 2021

Manual Image Download Links

traefik-consul-amd64-12_2_1.2.2.xz ( 271.718 MB )
traefik-consul-amd64-12_2_1.2.2.xz.skein ( 0.250977 KB )

traefik-consul-amd64-11_4_1.2.2.xz ( 350.28 MB )
traefik-consul-amd64-11_4_1.2.2.xz.skein ( 0.250977 KB )

Jenkins Pot Creation Logs

traefik-consul-amd64-12_2_1.2.2:


traefik-consul/traefik-consul:
traefik-consul/traefik-consul.sh:
#!/bin/sh

# EDIT THE FOLLOWING FOR NEW FLAVOUR:
# 1. RUNS_IN_NOMAD - yes or no
# 2. Adjust package installation between BEGIN & END PACKAGE SETUP
# 3. Adjust jail configuration script generation between BEGIN & END COOK

# Set this to true if this jail flavour is to be created as a nomad (i.e. blocking) jail.
# You can then query it in the cook script generation below and the script is installed
# appropriately at the end of this script 
RUNS_IN_NOMAD=false

# -------------- BEGIN PACKAGE SETUP -------------
[ -w /etc/pkg/FreeBSD.conf ] && sed -i '' 's/quarterly/latest/' /etc/pkg/FreeBSD.conf
ASSUME_ALWAYS_YES=yes pkg bootstrap
touch /etc/rc.conf
sysrc sendmail_enable="NO"
sysrc traefik_enable="YES"

# Install packages
pkg install -y openssl traefik
pkg clean -y

# To allow mount in of this directory, create mountpoint
mkdir -p /var/log/traefik
# -------------- END PACKAGE SETUP -------------

#
# Create configurations
#

#
# Now generate the run command script "cook"
# It configures the system on the first run by creating the config file(s) 
# On subsequent runs, it only starts sleeps (if nomad-jail) or simply exits 
#

# ----------------- BEGIN COOK ------------------ 
echo "#!/bin/sh
# No need to change this, just ensures configuration is done only once
if [ -e /usr/local/etc/pot-is-seasoned ]
then
    # If this pot flavour is blocking (i.e. it should not return), there is no /tmp/environment.sh
    # created by pot and we block indefinitely
    if [ ! -e /tmp/environment.sh ]
    then
        tail -f /dev/null 
    fi
    exit 0
fi
# ADJUST THIS: STOP SERVICES AS NEEDED BEFORE CONFIGURATION
/usr/local/etc/rc.d/traefik stop  || true
# No need to adjust this:
# If this pot flavour is not blocking, we need to read the environment first from /tmp/environment.sh
# where pot is storing it in this case
if [ -e /tmp/environment.sh ]
then
    . /tmp/environment.sh
fi
#
# ADJUST THIS BY CHECKING FOR ALL VARIABLES YOUR FLAVOUR NEEDS:
# Check config variables are set
#
if [ -z \${CONSULSERVER+x} ];
then
    echo 'CONSULSERVER is unset - see documentation how to configure this flavour'
    exit 1
fi

# ADJUST THIS BELOW: NOW ALL THE CONFIGURATION FILES NEED TO BE CREATED:
# Don't forget to double(!)-escape quotes and dollar signs in the config files
# Create traefik server config file 
echo \"
[entryPoints]
  [entryPoints.http]
    address = \\\"0.0.0.0:8080\\\"
  [entryPoints.traefik]
    address = \\\"0.0.0.0:9002\\\"
  [entryPoints.httpSSL]
    address = \\\"0.0.0.0:8443\\\"

[http.routers.my-api]
  entryPoints = [\\\"traefik\\\"]
  # Catch every request (only available rule for non-tls routers. See below.)
  rule = \\\"HostSNI(`*`)\\\"
  service = \\\"api@internal\\\"

[[tls.certificates]]
  certFile = \\\"/usr/local/etc/ssl/cert.crt\\\"
  keyFile = \\\"/usr/local/etc/ssl/cert.key\\\"

[tls.options]
  [tls.options.myTLSOptions]
    minVersion = \\\"VersionTLS12\\\"
    cipherSuites = [
      \\\"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256\\\",
      \\\"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384\\\",
      \\\"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256\\\",
      \\\"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256\\\",
      \\\"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256\\\",
      \\\"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256\\\",
    ]

[api]
  dashboard = true
  insecure = true

[log]
  filePath = \\\"/var/log/traefik/traefik.log\\\"
[accessLog]
  filePath = \\\"/var/log/traefik/traefik-access.log\\\"

[providers.consulCatalog]
  stale = false
  exposedByDefault = true
  [providers.consulCatalog.endpoint]
    address = \\\"\$CONSULSERVER:8500\\\"\" > /usr/local/etc/traefik.toml

echo \"traefik_conf=\\\"/usr/local/etc/traefik.toml\\\"\" >> /etc/rc.conf

touch /var/log/traefik/traefik.log
touch /var/log/traefik/traefik-access.log
chown traefik:traefik /var/log/traefik/traefik.log
chown traefik:traefik /var/log/traefik/traefik-access.log

mkdir -p /usr/local/etc/ssl/
openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /usr/local/etc/ssl/cert.key -out /usr/local/etc/ssl/cert.crt -subj \"/C=US/ST=Denial/L=Springfield/O=Dis/CN=www.example.com\"
chmod 644 /usr/local/etc/ssl/cert.crt
chmod 600 /usr/local/etc/ssl/cert.key

# ADJUST THIS: START THE SERVICES AGAIN AFTER CONFIGURATION
/usr/local/etc/rc.d/traefik start
# Do not touch this:
touch /usr/local/etc/pot-is-seasoned
# If this pot flavour is blocking (i.e. it should not return), there is no /tmp/environment.sh
# created by pot and we now after configuration block indefinitely
if [ ! -e /tmp/environment.sh ]
then
    tail -f /dev/null
fi
" > /usr/local/bin/cook

# ----------------- END COOK ------------------


# ---------- NO NEED TO EDIT BELOW ------------

chmod u+x /usr/local/bin/cook

#
# There are two ways of running a pot jail: "Normal", non-blocking mode and
# "Nomad", i.e. blocking mode (the pot start command does not return until
# the jail is stopped).
# For the normal mode, we create a /usr/local/etc/rc.d script that starts
# the "cook" script generated above each time, for the "Nomad" mode, the cook
# script is started by pot (configuration through flavour file), therefore
# we do not need to do anything here.
# 

# Create rc.d script for "normal" mode:
echo "#!/bin/sh
#
# PROVIDE: cook 
# REQUIRE: LOGIN
# KEYWORD: shutdown
#
. /etc/rc.subr
name=cook
rcvar=cook_enable
load_rc_config $name
: ${cook_enable:=\"NO\"}
: ${cook_env:=\"\"}
command=\"/usr/local/bin/cook\"
command_args=\"\"
run_rc_command \"\$1\"
" > /usr/local/etc/rc.d/cook

chmod u+x /usr/local/etc/rc.d/cook

if [ $RUNS_IN_NOMAD = false ]
then
    # This is a non-nomad (non-blocking) jail, so we need to make sure the script
    # gets started when the jail is started:
    # Otherwise, /usr/local/bin/cook will be set as start script by the pot flavour
    echo "cook_enable=\"YES\"" >> /etc/rc.conf
fi

traefik-consul/traefik-consul+1:
traefik-consul/traefik-consul+1.sh:

traefik-consul/traefik-consul+2:
traefik-consul/traefik-consul+2.sh:

traefik-consul/traefik-consul+3:
traefik-consul/traefik-consul+3.sh:

traefik-consul/traefik-consul+4:
traefik-consul/traefik-consul+4.sh:
Password:===>  Creating a new pot
===>  pot name : traefik-consul-amd64-12_2
===>  type : single
===>  base : 12.2
===>  pot_base :
===>  level : 0
===>  network-type : public-bridge
===>  network-stack: ipv4
===>  ip : 10.192.0.3
===>  bridge :
===>  dns : inherit
===>  flavours : fbsd-update traefik-consul traefik-consul+1 traefik-consul+2 traefik-consul+3 traefik-consul+4
===>  Fetching FreeBSD 12.2
===>  Extract the tarball
=====>  Flavour: fbsd-update
=====>  Starting traefik-consul-amd64-12_2 pot for the initial bootstrap
=====>  mount /mnt/data/pot/jails/traefik-consul-amd64-12_2/m/tmp
defaultrouter: NO -> 10.192.0.1
===>  Starting the pot traefik-consul-amd64-12_2
ELF ldconfig path: /lib /usr/lib /usr/lib/compat
32-bit compatibility ldconfig path: /usr/lib32
Starting Network: lo0 epair0b.
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
	options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
	inet6 ::1 prefixlen 128
	inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
	inet 127.0.0.1 netmask 0xff000000
	groups: lo
	nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
epair0b: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=8<VLAN_MTU>
	ether 02:6d:8f:21:9b:0b
	inet 10.192.0.3 netmask 0xffc00000 broadcast 10.255.255.255
	groups: epair
	media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
	status: active
	nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
add host 127.0.0.1: gateway lo0 fib 0: route already in table
add net default: gateway 10.192.0.1
add host ::1: gateway lo0 fib 0: route already in table
add net fe80::: gateway ::1
add net ff02::: gateway ::1
add net ::ffff:0.0.0.0: gateway ::1
add net ::0.0.0.0: gateway ::1
Generating host.conf.
Creating and/or trimming log files.
Starting syslogd.
Clearing /tmp (X related).
Updating motd:.
Updating /var/run/os-release done.
Starting sendmail_submit.
Starting sendmail_msp_queue.
Starting cron.

Wed Mar  3 13:37:59 UTC 2021
/usr/local/etc/pot/flavours/fbsd-update.sh -> /mnt/data/pot/jails/traefik-consul-amd64-12_2/m/tmp/fbsd-update.sh
=====>  Executing fbsd-update script on traefik-consul-amd64-12_2
src component not installed, skipped
Looking up update.FreeBSD.org mirrors... 3 mirrors found.
Fetching public key from update4.freebsd.org... done.
Fetching metadata signature for 12.2-RELEASE from update4.freebsd.org... done.
Fetching metadata index... done.
Fetching 2 metadata files... done.
Inspecting system... done.
Preparing to download files... done.
Fetching 68 patches.....10....20....30....40....50....60.... done.
Applying patches... done.
Fetching 1 files...  done.
The following files will be removed as part of updating to
12.2-RELEASE-p4:
/etc/ssl/certs/2c543cd1.0
/etc/ssl/certs/2e4eed3c.0
/etc/ssl/certs/480720ec.0
/etc/ssl/certs/7d0b38bd.0
/etc/ssl/certs/8867006a.0
/etc/ssl/certs/ad088e1d.0
/etc/ssl/certs/b204d74a.0
/etc/ssl/certs/ba89ed3b.0
/etc/ssl/certs/c089bbbd.0
/etc/ssl/certs/e2799e36.0
/usr/share/certs/trusted/GeoTrust_Global_CA.pem
/usr/share/certs/trusted/GeoTrust_Primary_Certification_Authority.pem
/usr/share/certs/trusted/GeoTrust_Primary_Certification_Authority_-_G3.pem
/usr/share/certs/trusted/GeoTrust_Universal_CA.pem
/usr/share/certs/trusted/GeoTrust_Universal_CA_2.pem
/usr/share/certs/trusted/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G4.pem
/usr/share/certs/trusted/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.pem
/usr/share/certs/trusted/thawte_Primary_Root_CA.pem
/usr/share/certs/trusted/thawte_Primary_Root_CA_-_G2.pem
/usr/share/certs/trusted/thawte_Primary_Root_CA_-_G3.pem
The following files will be added as part of updating to
12.2-RELEASE-p4:
/etc/ssl/blacklisted/2c543cd1.0
/etc/ssl/blacklisted/2e4eed3c.0
/etc/ssl/blacklisted/480720ec.0
/etc/ssl/blacklisted/7d0b38bd.0
/etc/ssl/blacklisted/8867006a.0
/etc/ssl/blacklisted/ad088e1d.0
/etc/ssl/blacklisted/b204d74a.0
/etc/ssl/blacklisted/ba89ed3b.0
/etc/ssl/blacklisted/c089bbbd.0
/etc/ssl/blacklisted/e2799e36.0
/etc/ssl/certs/3fb36b73.0
/usr/share/certs/blacklisted/GeoTrust_Global_CA.pem
/usr/share/certs/blacklisted/GeoTrust_Primary_Certification_Authority.pem
/usr/share/certs/blacklisted/GeoTrust_Primary_Certification_Authority_-_G3.pem
/usr/share/certs/blacklisted/GeoTrust_Universal_CA.pem
/usr/share/certs/blacklisted/GeoTrust_Universal_CA_2.pem
/usr/share/certs/blacklisted/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G4.pem
/usr/share/certs/blacklisted/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.pem
/usr/share/certs/blacklisted/thawte_Primary_Root_CA.pem
/usr/share/certs/blacklisted/thawte_Primary_Root_CA_-_G2.pem
/usr/share/certs/blacklisted/thawte_Primary_Root_CA_-_G3.pem
/usr/share/certs/trusted/NAVER_Global_Root_Certification_Authority.pem
The following files will be updated as part of updating to
12.2-RELEASE-p4:
/bin/freebsd-version
/lib/libcrypto.so.111
/lib/libzfs.so.3
/lib/libzfs_core.so.2
/lib/libzpool.so.2
/rescue/[
/rescue/bectl
/rescue/bsdlabel
/rescue/bunzip2
/rescue/bzcat
/rescue/bzip2
/rescue/camcontrol
/rescue/cat
/rescue/ccdconfig
/rescue/chflags
/rescue/chgrp
/rescue/chio
/rescue/chmod
/rescue/chown
/rescue/chroot
/rescue/clri
/rescue/cp
/rescue/csh
/rescue/date
/rescue/dd
/rescue/devfs
/rescue/df
/rescue/dhclient
/rescue/disklabel
/rescue/dmesg
/rescue/dump
/rescue/dumpfs
/rescue/dumpon
/rescue/echo
/rescue/ed
/rescue/ex
/rescue/expr
/rescue/fastboot
/rescue/fasthalt
/rescue/fdisk
/rescue/fsck
/rescue/fsck_4.2bsd
/rescue/fsck_ffs
/rescue/fsck_msdosfs
/rescue/fsck_ufs
/rescue/fsdb
/rescue/fsirand
/rescue/gbde
/rescue/geom
/rescue/getfacl
/rescue/glabel
/rescue/gpart
/rescue/groups
/rescue/gunzip
/rescue/gzcat
/rescue/gzip
/rescue/halt
/rescue/head
/rescue/hostname
/rescue/id
/rescue/ifconfig
/rescue/init
/rescue/ipf
/rescue/iscsictl
/rescue/iscsid
/rescue/kenv
/rescue/kill
/rescue/kldconfig
/rescue/kldload
/rescue/kldstat
/rescue/kldunload
/rescue/ldconfig
/rescue/less
/rescue/link
/rescue/ln
/rescue/ls
/rescue/lzcat
/rescue/lzma
/rescue/md5
/rescue/mdconfig
/rescue/mdmfs
/rescue/mkdir
/rescue/mknod
/rescue/more
/rescue/mount
/rescue/mount_cd9660
/rescue/mount_msdosfs
/rescue/mount_nfs
/rescue/mount_nullfs
/rescue/mount_udf
/rescue/mount_unionfs
/rescue/mt
/rescue/mv
/rescue/nc
/rescue/newfs
/rescue/newfs_msdos
/rescue/nos-tun
/rescue/pgrep
/rescue/ping
/rescue/ping6
/rescue/pkill
/rescue/poweroff
/rescue/ps
/rescue/pwd
/rescue/rcorder
/rescue/rdump
/rescue/realpath
/rescue/reboot
/rescue/red
/rescue/rescue
/rescue/restore
/rescue/rm
/rescue/rmdir
/rescue/route
/rescue/routed
/rescue/rrestore
/rescue/rtquery
/rescue/rtsol
/rescue/savecore
/rescue/sed
/rescue/setfacl
/rescue/sh
/rescue/shutdown
/rescue/sleep
/rescue/spppcontrol
/rescue/stty
/rescue/swapon
/rescue/sync
/rescue/sysctl
/rescue/tail
/rescue/tar
/rescue/tcsh
/rescue/tee
/rescue/test
/rescue/tunefs
/rescue/umount
/rescue/unlink
/rescue/unlzma
/rescue/unxz
/rescue/unzstd
/rescue/vi
/rescue/whoami
/rescue/xz
/rescue/xzcat
/rescue/zcat
/rescue/zdb
/rescue/zfs
/rescue/zpool
/rescue/zstd
/rescue/zstdcat
/rescue/zstdmt
/sbin/ipfw
/sbin/rtsol
/sbin/zpool
/usr/bin/zinject
/usr/bin/ztest
/usr/include/net/if_var.h
/usr/include/openssl/asn1err.h
/usr/include/sys/filedesc.h
/usr/include/sys/jail.h
/usr/lib/libcrypto.a
/usr/lib/libcrypto_p.a
/usr/lib/libpam.a
/usr/lib/libzfs.a
/usr/lib/libzfs_core.a
/usr/lib/libzfs_core_p.a
/usr/lib/libzfs_p.a
/usr/lib/libzpool.a
/usr/lib/pam_login_access.so.6
/usr/sbin/freebsd-update
/usr/sbin/rtsold
/usr/sbin/zdb
/usr/sbin/zfsd
/usr/sbin/zhack
/usr/share/man/man2/jail.2.gz
/usr/share/man/man2/jail_attach.2.gz
/usr/share/man/man2/jail_get.2.gz
/usr/share/man/man2/jail_remove.2.gz
/usr/share/man/man2/jail_set.2.gz
/usr/share/zoneinfo/Africa/Accra
/usr/share/zoneinfo/Africa/Addis_Ababa
/usr/share/zoneinfo/Africa/Algiers
/usr/share/zoneinfo/Africa/Asmara
/usr/share/zoneinfo/Africa/Asmera
/usr/share/zoneinfo/Africa/Bangui
/usr/share/zoneinfo/Africa/Brazzaville
/usr/share/zoneinfo/Africa/Casablanca
/usr/share/zoneinfo/Africa/Dar_es_Salaam
/usr/share/zoneinfo/Africa/Djibouti
/usr/share/zoneinfo/Africa/Douala
/usr/share/zoneinfo/Africa/El_Aaiun
/usr/share/zoneinfo/Africa/Juba
/usr/share/zoneinfo/Africa/Kampala
/usr/share/zoneinfo/Africa/Kinshasa
/usr/share/zoneinfo/Africa/Lagos
/usr/share/zoneinfo/Africa/Libreville
/usr/share/zoneinfo/Africa/Luanda
/usr/share/zoneinfo/Africa/Malabo
/usr/share/zoneinfo/Africa/Mogadishu
/usr/share/zoneinfo/Africa/Nairobi
/usr/share/zoneinfo/Africa/Niamey
/usr/share/zoneinfo/Africa/Porto-Novo
/usr/share/zoneinfo/America/Belize
/usr/share/zoneinfo/America/Dawson
/usr/share/zoneinfo/America/Grand_Turk
/usr/share/zoneinfo/America/Nassau
/usr/share/zoneinfo/America/Whitehorse
/usr/share/zoneinfo/Antarctica/Casey
/usr/share/zoneinfo/Antarctica/Macquarie
/usr/share/zoneinfo/Asia/Gaza
/usr/share/zoneinfo/Asia/Hebron
/usr/share/zoneinfo/Asia/Jerusalem
/usr/share/zoneinfo/Asia/Tel_Aviv
/usr/share/zoneinfo/Atlantic/Bermuda
/usr/share/zoneinfo/Australia/ACT
/usr/share/zoneinfo/Australia/Adelaide
/usr/share/zoneinfo/Australia/Brisbane
/usr/share/zoneinfo/Australia/Broken_Hill
/usr/share/zoneinfo/Australia/Canberra
/usr/share/zoneinfo/Australia/Currie
/usr/share/zoneinfo/Australia/Darwin
/usr/share/zoneinfo/Australia/Eucla
/usr/share/zoneinfo/Australia/Hobart
/usr/share/zoneinfo/Australia/Lindeman
/usr/share/zoneinfo/Australia/Melbourne
/usr/share/zoneinfo/Australia/NSW
/usr/share/zoneinfo/Australia/North
/usr/share/zoneinfo/Australia/Perth
/usr/share/zoneinfo/Australia/Queensland
/usr/share/zoneinfo/Australia/South
/usr/share/zoneinfo/Australia/Sydney
/usr/share/zoneinfo/Australia/Tasmania
/usr/share/zoneinfo/Australia/Victoria
/usr/share/zoneinfo/Australia/West
/usr/share/zoneinfo/Australia/Yancowinna
/usr/share/zoneinfo/Canada/Yukon
/usr/share/zoneinfo/Europe/Budapest
/usr/share/zoneinfo/Europe/Monaco
/usr/share/zoneinfo/Europe/Paris
/usr/share/zoneinfo/Europe/Volgograd
/usr/share/zoneinfo/Indian/Antananarivo
/usr/share/zoneinfo/Indian/Comoro
/usr/share/zoneinfo/Indian/Mahe
/usr/share/zoneinfo/Indian/Mayotte
/usr/share/zoneinfo/Israel
/usr/share/zoneinfo/Pacific/Efate
/usr/share/zoneinfo/Pacific/Fiji
/usr/share/zoneinfo/zone.tab
/usr/share/zoneinfo/zone1970.tab
Installing updates...Scanning //usr/share/certs/blacklisted for certificates...
Scanning //usr/share/certs/trusted for certificates...
 done.
=====>  Stop the pot traefik-consul-amd64-12_2
=====>  Remove epair0[a|b] network interfaces
=====>  unmount /mnt/data/pot/jails/traefik-consul-amd64-12_2/m/tmp
=====>  unmount /mnt/data/pot/jails/traefik-consul-amd64-12_2/m/dev
=====>  Flavour: traefik-consul
=====>  Executing traefik-consul pot commands on traefik-consul-amd64-12_2
=====>  Starting traefik-consul-amd64-12_2 pot for the initial bootstrap
=====>  mount /mnt/data/pot/jails/traefik-consul-amd64-12_2/m/tmp
defaultrouter: 10.192.0.1 -> 10.192.0.1
===>  Starting the pot traefik-consul-amd64-12_2
ELF ldconfig path: /lib /usr/lib /usr/lib/compat
32-bit compatibility ldconfig path: /usr/lib32
Starting Network: lo0 epair0b.
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
	options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
	inet6 ::1 prefixlen 128
	inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
	inet 127.0.0.1 netmask 0xff000000
	groups: lo
	nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
epair0b: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=8<VLAN_MTU>
	ether 02:5c:67:bd:ef:0b
	inet 10.192.0.3 netmask 0xffc00000 broadcast 10.255.255.255
	groups: epair
	media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
	status: active
	nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
add host 127.0.0.1: gateway lo0 fib 0: route already in table
add net default: gateway 10.192.0.1
add host ::1: gateway lo0 fib 0: route already in table
add net fe80::: gateway ::1
add net ff02::: gateway ::1
add net ::ffff:0.0.0.0: gateway ::1
add net ::0.0.0.0: gateway ::1
Creating and/or trimming log files.
Starting syslogd.
Clearing /tmp (X related).
Updating motd:.
Updating /var/run/os-release done.
Starting sendmail_submit.
Starting sendmail_msp_queue.
Starting cron.

Wed Mar  3 13:38:47 UTC 2021
/usr/local/etc/pot/flavours/traefik-consul.sh -> /mnt/data/pot/jails/traefik-consul-amd64-12_2/m/tmp/traefik-consul.sh
=====>  Executing traefik-consul script on traefik-consul-amd64-12_2
[traefik-consul-amd64-12_2.vsf00001.cpt.za.honeyguide.net] Installing pkg-1.16.3...
[traefik-consul-amd64-12_2.vsf00001.cpt.za.honeyguide.net] Extracting pkg-1.16.3: .......... done
Bootstrapping pkg from pkg+http://pkg.FreeBSD.org/FreeBSD:12:amd64/latest, please wait...
Verifying signature with trusted certificate pkg.freebsd.org.2013102301... done
sendmail_enable: NO -> NO
traefik_enable:  -> YES
Updating FreeBSD repository catalogue...
[traefik-consul-amd64-12_2.vsf00001.cpt.za.honeyguide.net] Fetching meta.conf: . done
[traefik-consul-amd64-12_2.vsf00001.cpt.za.honeyguide.net] Fetching packagesite.txz: .......... done
Processing entries: .......... done
FreeBSD repository update completed. 30290 packages processed.
All repositories are up to date.
Updating database digests format: . done
The following 2 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
	openssl: 1.1.1j_1,1
	traefik: 2.4.5

Number of packages to be installed: 2

The process will require 89 MiB more space.
19 MiB to be downloaded.
[traefik-consul-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [1/2] Fetching openssl-1.1.1j_1,1.txz: .......... done
[traefik-consul-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [2/2] Fetching traefik-2.4.5.txz: .......... done
Checking integrity... done (0 conflicting)
[traefik-consul-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [1/2] Installing openssl-1.1.1j_1,1...
[traefik-consul-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [1/2] Extracting openssl-1.1.1j_1,1: .......... done
[traefik-consul-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [2/2] Installing traefik-2.4.5...
===> Creating groups.
Creating group 'traefik' with gid '475'.
===> Creating users
Creating user 'traefik' with uid '475'.
===> Creating homedir(s)
[traefik-consul-amd64-12_2.vsf00001.cpt.za.honeyguide.net] [2/2] Extracting traefik-2.4.5: ....... done
=====
Message from traefik-2.4.5:

--
Note that traefik starts as unpriviliged user. Thus, it cannot
bind to privileged ports (by default, ports below 1024) and
will exit when configured to do so.

If traefik should serve ports in the privileged range, there
are options to achieve this:
- Have traffic bind to an unprivileged port and use the
  packet filter configuration to redirect requests to the
  desired privileged port to the unprivileged port in
  traefik's configuration file e.g. the rdr rules in pf(4).
- The mac_portacl kernel module allows unprivileged processes
  to bind to privileged ports.
The following package files will be deleted:
	/var/cache/pkg/openssl-1.1.1j_1,1.txz
	/var/cache/pkg/openssl-1.1.1j_1,1~cf9f7ca81a.txz
	/var/cache/pkg/traefik-2.4.5~109038a605.txz
	/var/cache/pkg/traefik-2.4.5.txz
The cleanup will free 19 MiB
Deleting files: .... done
All done
/tmp/traefik-consul.sh: COPYRIGHT: not found
=====>  Stop the pot traefik-consul-amd64-12_2
=====>  Remove epair0[a|b] network interfaces
=====>  unmount /mnt/data/pot/jails/traefik-consul-amd64-12_2/m/tmp
=====>  unmount /mnt/data/pot/jails/traefik-consul-amd64-12_2/m/dev
=====>  Flavour: traefik-consul+1
=====>  Executing traefik-consul+1 pot commands on traefik-consul-amd64-12_2
=====>  No shell script available for the flavour traefik-consul+1
=====>  Flavour: traefik-consul+2
=====>  Executing traefik-consul+2 pot commands on traefik-consul-amd64-12_2
=====>  No shell script available for the flavour traefik-consul+2
=====>  Flavour: traefik-consul+3
=====>  Executing traefik-consul+3 pot commands on traefik-consul-amd64-12_2
=====>  No shell script available for the flavour traefik-consul+3
=====>  Flavour: traefik-consul+4
=====>  Executing traefik-consul+4 pot commands on traefik-consul-amd64-12_2
=====>  No shell script available for the flavour traefik-consul+4

traefik-consul-amd64-11_4_1.2.2:


traefik-consul/traefik-consul:
traefik-consul/traefik-consul.sh:
#!/bin/sh

# EDIT THE FOLLOWING FOR NEW FLAVOUR:
# 1. RUNS_IN_NOMAD - yes or no
# 2. Adjust package installation between BEGIN & END PACKAGE SETUP
# 3. Adjust jail configuration script generation between BEGIN & END COOK

# Set this to true if this jail flavour is to be created as a nomad (i.e. blocking) jail.
# You can then query it in the cook script generation below and the script is installed
# appropriately at the end of this script 
RUNS_IN_NOMAD=false

# -------------- BEGIN PACKAGE SETUP -------------
[ -w /etc/pkg/FreeBSD.conf ] && sed -i '' 's/quarterly/latest/' /etc/pkg/FreeBSD.conf
ASSUME_ALWAYS_YES=yes pkg bootstrap
touch /etc/rc.conf
sysrc sendmail_enable="NO"
sysrc traefik_enable="YES"

# Install packages
pkg install -y openssl traefik
pkg clean -y

# To allow mount in of this directory, create mountpoint
mkdir -p /var/log/traefik
# -------------- END PACKAGE SETUP -------------

#
# Create configurations
#

#
# Now generate the run command script "cook"
# It configures the system on the first run by creating the config file(s) 
# On subsequent runs, it only starts sleeps (if nomad-jail) or simply exits 
#

# ----------------- BEGIN COOK ------------------ 
echo "#!/bin/sh
# No need to change this, just ensures configuration is done only once
if [ -e /usr/local/etc/pot-is-seasoned ]
then
    # If this pot flavour is blocking (i.e. it should not return), there is no /tmp/environment.sh
    # created by pot and we block indefinitely
    if [ ! -e /tmp/environment.sh ]
    then
        tail -f /dev/null 
    fi
    exit 0
fi
# ADJUST THIS: STOP SERVICES AS NEEDED BEFORE CONFIGURATION
/usr/local/etc/rc.d/traefik stop  || true
# No need to adjust this:
# If this pot flavour is not blocking, we need to read the environment first from /tmp/environment.sh
# where pot is storing it in this case
if [ -e /tmp/environment.sh ]
then
    . /tmp/environment.sh
fi
#
# ADJUST THIS BY CHECKING FOR ALL VARIABLES YOUR FLAVOUR NEEDS:
# Check config variables are set
#
if [ -z \${CONSULSERVER+x} ];
then
    echo 'CONSULSERVER is unset - see documentation how to configure this flavour'
    exit 1
fi

# ADJUST THIS BELOW: NOW ALL THE CONFIGURATION FILES NEED TO BE CREATED:
# Don't forget to double(!)-escape quotes and dollar signs in the config files
# Create traefik server config file 
echo \"
[entryPoints]
  [entryPoints.http]
    address = \\\"0.0.0.0:8080\\\"
  [entryPoints.traefik]
    address = \\\"0.0.0.0:9002\\\"
  [entryPoints.httpSSL]
    address = \\\"0.0.0.0:8443\\\"

[http.routers.my-api]
  entryPoints = [\\\"traefik\\\"]
  # Catch every request (only available rule for non-tls routers. See below.)
  rule = \\\"HostSNI(`*`)\\\"
  service = \\\"api@internal\\\"

[[tls.certificates]]
  certFile = \\\"/usr/local/etc/ssl/cert.crt\\\"
  keyFile = \\\"/usr/local/etc/ssl/cert.key\\\"

[tls.options]
  [tls.options.myTLSOptions]
    minVersion = \\\"VersionTLS12\\\"
    cipherSuites = [
      \\\"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256\\\",
      \\\"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384\\\",
      \\\"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256\\\",
      \\\"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256\\\",
      \\\"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256\\\",
      \\\"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256\\\",
    ]

[api]
  dashboard = true
  insecure = true

[log]
  filePath = \\\"/var/log/traefik/traefik.log\\\"
[accessLog]
  filePath = \\\"/var/log/traefik/traefik-access.log\\\"

[providers.consulCatalog]
  stale = false
  exposedByDefault = true
  [providers.consulCatalog.endpoint]
    address = \\\"\$CONSULSERVER:8500\\\"\" > /usr/local/etc/traefik.toml

echo \"traefik_conf=\\\"/usr/local/etc/traefik.toml\\\"\" >> /etc/rc.conf

touch /var/log/traefik/traefik.log
touch /var/log/traefik/traefik-access.log
chown traefik:traefik /var/log/traefik/traefik.log
chown traefik:traefik /var/log/traefik/traefik-access.log

mkdir -p /usr/local/etc/ssl/
openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /usr/local/etc/ssl/cert.key -out /usr/local/etc/ssl/cert.crt -subj \"/C=US/ST=Denial/L=Springfield/O=Dis/CN=www.example.com\"
chmod 644 /usr/local/etc/ssl/cert.crt
chmod 600 /usr/local/etc/ssl/cert.key

# ADJUST THIS: START THE SERVICES AGAIN AFTER CONFIGURATION
/usr/local/etc/rc.d/traefik start
# Do not touch this:
touch /usr/local/etc/pot-is-seasoned
# If this pot flavour is blocking (i.e. it should not return), there is no /tmp/environment.sh
# created by pot and we now after configuration block indefinitely
if [ ! -e /tmp/environment.sh ]
then
    tail -f /dev/null
fi
" > /usr/local/bin/cook

# ----------------- END COOK ------------------


# ---------- NO NEED TO EDIT BELOW ------------

chmod u+x /usr/local/bin/cook

#
# There are two ways of running a pot jail: "Normal", non-blocking mode and
# "Nomad", i.e. blocking mode (the pot start command does not return until
# the jail is stopped).
# For the normal mode, we create a /usr/local/etc/rc.d script that starts
# the "cook" script generated above each time, for the "Nomad" mode, the cook
# script is started by pot (configuration through flavour file), therefore
# we do not need to do anything here.
# 

# Create rc.d script for "normal" mode:
echo "#!/bin/sh
#
# PROVIDE: cook 
# REQUIRE: LOGIN
# KEYWORD: shutdown
#
. /etc/rc.subr
name=cook
rcvar=cook_enable
load_rc_config $name
: ${cook_enable:=\"NO\"}
: ${cook_env:=\"\"}
command=\"/usr/local/bin/cook\"
command_args=\"\"
run_rc_command \"\$1\"
" > /usr/local/etc/rc.d/cook

chmod u+x /usr/local/etc/rc.d/cook

if [ $RUNS_IN_NOMAD = false ]
then
    # This is a non-nomad (non-blocking) jail, so we need to make sure the script
    # gets started when the jail is started:
    # Otherwise, /usr/local/bin/cook will be set as start script by the pot flavour
    echo "cook_enable=\"YES\"" >> /etc/rc.conf
fi

traefik-consul/traefik-consul+1:
traefik-consul/traefik-consul+1.sh:

traefik-consul/traefik-consul+2:
traefik-consul/traefik-consul+2.sh:

traefik-consul/traefik-consul+3:
traefik-consul/traefik-consul+3.sh:

traefik-consul/traefik-consul+4:
traefik-consul/traefik-consul+4.sh:
Password:===>  Creating a new pot
===>  pot name : traefik-consul-amd64-11_4
===>  type : single
===>  base : 11.4
===>  pot_base :
===>  level : 0
===>  network-type : public-bridge
===>  network-stack: ipv4
===>  ip : 10.192.0.4
===>  bridge :
===>  dns : inherit
===>  flavours : fbsd-update traefik-consul traefik-consul+1 traefik-consul+2 traefik-consul+3 traefik-consul+4
===>  Fetching FreeBSD 11.4
===>  Extract the tarball
=====>  Flavour: fbsd-update
=====>  Starting traefik-consul-amd64-11_4 pot for the initial bootstrap
=====>  mount /mnt/data/pot/jails/traefik-consul-amd64-11_4/m/tmp
defaultrouter: NO -> 10.192.0.1
===>  Starting the pot traefik-consul-amd64-11_4
ELF ldconfig path: /lib /usr/lib /usr/lib/compat
32-bit compatibility ldconfig path: /usr/lib32
Starting Network: lo0 epair0b.
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
	options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
	inet6 ::1 prefixlen 128
	inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
	inet 127.0.0.1 netmask 0xff000000
	nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
	groups: lo
epair0b: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=8<VLAN_MTU>
	ether 02:e4:6a:67:90:0b
	hwaddr 02:e4:6a:67:90:0b
	inet 10.192.0.4 netmask 0xffc00000 broadcast 10.255.255.255
	nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
	media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
	status: active
	groups: epair
add host 127.0.0.1: gateway lo0 fib 0: route already in table
add net default: gateway 10.192.0.1
add host ::1: gateway lo0 fib 0: route already in table
add net fe80::: gateway ::1
add net ff02::: gateway ::1
add net ::ffff:0.0.0.0: gateway ::1
add net ::0.0.0.0: gateway ::1
Generating host.conf.
Creating and/or trimming log files.
Starting syslogd.
Clearing /tmp (X related).
Updating motd:.
Starting sendmail_submit.
Starting sendmail_msp_queue.
Starting cron.

Wed Mar  3 13:44:44 UTC 2021
/usr/local/etc/pot/flavours/fbsd-update.sh -> /mnt/data/pot/jails/traefik-consul-amd64-11_4/m/tmp/fbsd-update.sh
=====>  Executing fbsd-update script on traefik-consul-amd64-11_4
src component not installed, skipped
Looking up update.FreeBSD.org mirrors... 3 mirrors found.
Fetching public key from update4.freebsd.org... done.
Fetching metadata signature for 11.4-RELEASE from update4.freebsd.org... done.
Fetching metadata index... done.
Fetching 2 metadata files... done.
Inspecting system... done.
Preparing to download files... done.
Fetching 95 patches.....10....20....30....40....50....60....70....80....90.. done.
Applying patches... done.
The following files will be updated as part of updating to
11.4-RELEASE-p8:
/bin/freebsd-version
/lib/libc.so.7
/lib/libcrypto.so.8
/lib/libgcc_s.so.1
/libexec/ld-elf.so.1
/rescue/[
/rescue/atmconfig
/rescue/badsect
/rescue/bectl
/rescue/bsdlabel
/rescue/bunzip2
/rescue/bzcat
/rescue/bzip2
/rescue/camcontrol
/rescue/cat
/rescue/ccdconfig
/rescue/chflags
/rescue/chgrp
/rescue/chio
/rescue/chmod
/rescue/chown
/rescue/chroot
/rescue/clri
/rescue/cp
/rescue/csh
/rescue/date
/rescue/dd
/rescue/devfs
/rescue/df
/rescue/dhclient
/rescue/disklabel
/rescue/dmesg
/rescue/dump
/rescue/dumpfs
/rescue/dumpon
/rescue/echo
/rescue/ed
/rescue/ex
/rescue/expr
/rescue/fastboot
/rescue/fasthalt
/rescue/fdisk
/rescue/fsck
/rescue/fsck_4.2bsd
/rescue/fsck_ffs
/rescue/fsck_msdosfs
/rescue/fsck_ufs
/rescue/fsdb
/rescue/fsirand
/rescue/gbde
/rescue/geom
/rescue/getfacl
/rescue/glabel
/rescue/gpart
/rescue/groups
/rescue/gunzip
/rescue/gzcat
/rescue/gzip
/rescue/halt
/rescue/head
/rescue/hostname
/rescue/id
/rescue/ifconfig
/rescue/init
/rescue/ipf
/rescue/iscsictl
/rescue/iscsid
/rescue/kenv
/rescue/kill
/rescue/kldconfig
/rescue/kldload
/rescue/kldstat
/rescue/kldunload
/rescue/ldconfig
/rescue/less
/rescue/link
/rescue/ln
/rescue/ls
/rescue/lzcat
/rescue/lzma
/rescue/md5
/rescue/mdconfig
/rescue/mdmfs
/rescue/mkdir
/rescue/mknod
/rescue/more
/rescue/mount
/rescue/mount_cd9660
/rescue/mount_msdosfs
/rescue/mount_nfs
/rescue/mount_nullfs
/rescue/mount_udf
/rescue/mount_unionfs
/rescue/mt
/rescue/mv
/rescue/nc
/rescue/newfs
/rescue/newfs_msdos
/rescue/nos-tun
/rescue/pgrep
/rescue/ping
/rescue/ping6
/rescue/pkill
/rescue/poweroff
/rescue/ps
/rescue/pwd
/rescue/rcorder
/rescue/rcp
/rescue/rdump
/rescue/realpath
/rescue/reboot
/rescue/red
/rescue/rescue
/rescue/restore
/rescue/rm
/rescue/rmdir
/rescue/route
/rescue/routed
/rescue/rrestore
/rescue/rtquery
/rescue/rtsol
/rescue/savecore
/rescue/sed
/rescue/setfacl
/rescue/sh
/rescue/shutdown
/rescue/sleep
/rescue/spppcontrol
/rescue/stty
/rescue/swapon
/rescue/sync
/rescue/sysctl
/rescue/tail
/rescue/tar
/rescue/tcsh
/rescue/tee
/rescue/test
/rescue/tunefs
/rescue/umount
/rescue/unlink
/rescue/unlzma
/rescue/unxz
/rescue/vi
/rescue/whoami
/rescue/xz
/rescue/xzcat
/rescue/zcat
/rescue/zdb
/rescue/zfs
/rescue/zpool
/sbin/devd
/sbin/dhclient
/sbin/init
/sbin/rtsol
/usr/bin/ar
/usr/bin/as
/usr/bin/c++
/usr/bin/cc
/usr/bin/clang
/usr/bin/clang++
/usr/bin/clang-cpp
/usr/bin/cpp
/usr/bin/ld
/usr/bin/ld.bfd
/usr/bin/ld.lld
/usr/bin/lldb
/usr/bin/make
/usr/bin/ranlib
/usr/bin/svnlite
/usr/bin/svnliteadmin
/usr/bin/svnlitebench
/usr/bin/svnlitedumpfilter
/usr/bin/svnlitefsfs
/usr/bin/svnlitelook
/usr/bin/svnlitemucc
/usr/bin/svnliterdump
/usr/bin/svnliteserve
/usr/bin/svnlitesync
/usr/bin/svnliteversion
/usr/include/netinet/sctp_structs.h
/usr/include/netinet/sctputil.h
/usr/include/openssl/asn1.h
/usr/include/sys/filedesc.h
/usr/include/sys/jail.h
/usr/lib/libc.a
/usr/lib/libc_p.a
/usr/lib/libc_pic.a
/usr/lib/libcompiler_rt.a
/usr/lib/libcompiler_rt_p.a
/usr/lib/libcrypto.a
/usr/lib/libcrypto_p.a
/usr/lib/libhdb.so.11
/usr/lib/libpam.a
/usr/lib/libprivatesqlite3.a
/usr/lib/libprivatesqlite3.so.0
/usr/lib/libprivatesqlite3_p.a
/usr/lib/libprivateunbound.a
/usr/lib/libprivateunbound.so.5
/usr/lib/libprivateunbound_p.a
/usr/lib/pam_login_access.so.6
/usr/libexec/ftpd
/usr/sbin/freebsd-update
/usr/sbin/local-unbound
/usr/sbin/local-unbound-anchor
/usr/sbin/local-unbound-checkconf
/usr/sbin/local-unbound-control
/usr/sbin/nologin
/usr/sbin/rtsold
/usr/share/man/man2/jail.2.gz
/usr/share/man/man2/jail_attach.2.gz
/usr/share/man/man2/jail_get.2.gz
/usr/share/man/man2/jail_remove.2.gz
/usr/share/man/man2/jail_set.2.gz
/usr/share/zoneinfo/Africa/Accra
/usr/share/zoneinfo/Africa/Addis_Ababa
/usr/share/zoneinfo/Africa/Algiers
/usr/share/zoneinfo/Africa/Asmara
/usr/share/zoneinfo/Africa/Asmera
/usr/share/zoneinfo/Africa/Bangui
/usr/share/zoneinfo/Africa/Brazzaville
/usr/share/zoneinfo/Africa/Casablanca
/usr/share/zoneinfo/Africa/Dar_es_Salaam
/usr/share/zoneinfo/Africa/Djibouti
/usr/share/zoneinfo/Africa/Douala
/usr/share/zoneinfo/Africa/El_Aaiun
/usr/share/zoneinfo/Africa/Juba
/usr/share/zoneinfo/Africa/Kampala
/usr/share/zoneinfo/Africa/Kinshasa
/usr/share/zoneinfo/Africa/Lagos
/usr/share/zoneinfo/Africa/Libreville
/usr/share/zoneinfo/Africa/Luanda
/usr/share/zoneinfo/Africa/Malabo
/usr/share/zoneinfo/Africa/Mogadishu
/usr/share/zoneinfo/Africa/Nairobi
/usr/share/zoneinfo/Africa/Niamey
/usr/share/zoneinfo/Africa/Porto-Novo
/usr/share/zoneinfo/America/Belize
/usr/share/zoneinfo/America/Dawson
/usr/share/zoneinfo/America/Grand_Turk
/usr/share/zoneinfo/America/Nassau
/usr/share/zoneinfo/America/Whitehorse
/usr/share/zoneinfo/Antarctica/Casey
/usr/share/zoneinfo/Antarctica/Macquarie
/usr/share/zoneinfo/Asia/Gaza
/usr/share/zoneinfo/Asia/Hebron
/usr/share/zoneinfo/Asia/Jerusalem
/usr/share/zoneinfo/Asia/Tel_Aviv
/usr/share/zoneinfo/Atlantic/Bermuda
/usr/share/zoneinfo/Australia/ACT
/usr/share/zoneinfo/Australia/Adelaide
/usr/share/zoneinfo/Australia/Brisbane
/usr/share/zoneinfo/Australia/Broken_Hill
/usr/share/zoneinfo/Australia/Canberra
/usr/share/zoneinfo/Australia/Currie
/usr/share/zoneinfo/Australia/Darwin
/usr/share/zoneinfo/Australia/Eucla
/usr/share/zoneinfo/Australia/Hobart
/usr/share/zoneinfo/Australia/Lindeman
/usr/share/zoneinfo/Australia/Melbourne
/usr/share/zoneinfo/Australia/NSW
/usr/share/zoneinfo/Australia/North
/usr/share/zoneinfo/Australia/Perth
/usr/share/zoneinfo/Australia/Queensland
/usr/share/zoneinfo/Australia/South
/usr/share/zoneinfo/Australia/Sydney
/usr/share/zoneinfo/Australia/Tasmania
/usr/share/zoneinfo/Australia/Victoria
/usr/share/zoneinfo/Australia/West
/usr/share/zoneinfo/Australia/Yancowinna
/usr/share/zoneinfo/Canada/Yukon
/usr/share/zoneinfo/Europe/Budapest
/usr/share/zoneinfo/Europe/Monaco
/usr/share/zoneinfo/Europe/Paris
/usr/share/zoneinfo/Europe/Volgograd
/usr/share/zoneinfo/Indian/Antananarivo
/usr/share/zoneinfo/Indian/Comoro
/usr/share/zoneinfo/Indian/Mahe
/usr/share/zoneinfo/Indian/Mayotte
/usr/share/zoneinfo/Israel
/usr/share/zoneinfo/Pacific/Efate
/usr/share/zoneinfo/Pacific/Fiji
/usr/share/zoneinfo/zone.tab
Installing updates...Scanning //usr/share/certs/blacklisted for certificates...
Scanning //usr/share/certs/trusted for certificates...
 done.
=====>  Stop the pot traefik-consul-amd64-11_4
=====>  Remove epair0[a|b] network interfaces
=====>  unmount /mnt/data/pot/jails/traefik-consul-amd64-11_4/m/tmp
=====>  unmount /mnt/data/pot/jails/traefik-consul-amd64-11_4/m/dev
=====>  Flavour: traefik-consul
=====>  Executing traefik-consul pot commands on traefik-consul-amd64-11_4
=====>  Starting traefik-consul-amd64-11_4 pot for the initial bootstrap
=====>  mount /mnt/data/pot/jails/traefik-consul-amd64-11_4/m/tmp
defaultrouter: 10.192.0.1 -> 10.192.0.1
===>  Starting the pot traefik-consul-amd64-11_4
ELF ldconfig path: /lib /usr/lib /usr/lib/compat
32-bit compatibility ldconfig path: /usr/lib32
Starting Network: lo0 epair0b.
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
	options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
	inet6 ::1 prefixlen 128
	inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
	inet 127.0.0.1 netmask 0xff000000
	nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
	groups: lo
epair0b: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=8<VLAN_MTU>
	ether 02:12:31:6b:de:0b
	hwaddr 02:12:31:6b:de:0b
	inet 10.192.0.4 netmask 0xffc00000 broadcast 10.255.255.255
	nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
	media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
	status: active
	groups: epair
add host 127.0.0.1: gateway lo0 fib 0: route already in table
add net default: gateway 10.192.0.1
add host ::1: gateway lo0 fib 0: route already in table
add net fe80::: gateway ::1
add net ff02::: gateway ::1
add net ::ffff:0.0.0.0: gateway ::1
add net ::0.0.0.0: gateway ::1
Creating and/or trimming log files.
Starting syslogd.
Clearing /tmp (X related).
Updating motd:.
Starting sendmail_submit.
Starting sendmail_msp_queue.
Starting cron.

Wed Mar  3 13:46:02 UTC 2021
/usr/local/etc/pot/flavours/traefik-consul.sh -> /mnt/data/pot/jails/traefik-consul-amd64-11_4/m/tmp/traefik-consul.sh
=====>  Executing traefik-consul script on traefik-consul-amd64-11_4
[traefik-consul-amd64-11_4.vsf00001.cpt.za.honeyguide.net] Installing pkg-1.16.3...
[traefik-consul-amd64-11_4.vsf00001.cpt.za.honeyguide.net] Extracting pkg-1.16.3: .......... done
Bootstrapping pkg from pkg+http://pkg.FreeBSD.org/FreeBSD:11:amd64/latest, please wait...
Verifying signature with trusted certificate pkg.freebsd.org.2013102301... done
sendmail_enable: NO -> NO
traefik_enable:  -> YES
Updating FreeBSD repository catalogue...
[traefik-consul-amd64-11_4.vsf00001.cpt.za.honeyguide.net] Fetching meta.conf: . done
[traefik-consul-amd64-11_4.vsf00001.cpt.za.honeyguide.net] Fetching packagesite.txz: .......... done
Processing entries: .......... done
FreeBSD repository update completed. 28837 packages processed.
All repositories are up to date.
Updating database digests format: . done
The following 2 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
	openssl: 1.1.1j_1,1
	traefik: 2.4.5

Number of packages to be installed: 2

The process will require 89 MiB more space.
19 MiB to be downloaded.
[traefik-consul-amd64-11_4.vsf00001.cpt.za.honeyguide.net] [1/2] Fetching openssl-1.1.1j_1,1.txz: .......... done
[traefik-consul-amd64-11_4.vsf00001.cpt.za.honeyguide.net] [2/2] Fetching traefik-2.4.5.txz: .......... done
Checking integrity... done (0 conflicting)
[traefik-consul-amd64-11_4.vsf00001.cpt.za.honeyguide.net] [1/2] Installing openssl-1.1.1j_1,1...
[traefik-consul-amd64-11_4.vsf00001.cpt.za.honeyguide.net] [1/2] Extracting openssl-1.1.1j_1,1: .......... done
[traefik-consul-amd64-11_4.vsf00001.cpt.za.honeyguide.net] [2/2] Installing traefik-2.4.5...
===> Creating groups.
Creating group 'traefik' with gid '475'.
===> Creating users
Creating user 'traefik' with uid '475'.
===> Creating homedir(s)
[traefik-consul-amd64-11_4.vsf00001.cpt.za.honeyguide.net] [2/2] Extracting traefik-2.4.5: ....... done
=====
Message from traefik-2.4.5:

--
Note that traefik starts as unpriviliged user. Thus, it cannot
bind to privileged ports (by default, ports below 1024) and
will exit when configured to do so.

If traefik should serve ports in the privileged range, there
are options to achieve this:
- Have traffic bind to an unprivileged port and use the
  packet filter configuration to redirect requests to the
  desired privileged port to the unprivileged port in
  traefik's configuration file e.g. the rdr rules in pf(4).
- The mac_portacl kernel module allows unprivileged processes
  to bind to privileged ports.
The following package files will be deleted:
	/var/cache/pkg/openssl-1.1.1j_1,1~9ba189c612.txz
	/var/cache/pkg/openssl-1.1.1j_1,1.txz
	/var/cache/pkg/traefik-2.4.5.txz
	/var/cache/pkg/traefik-2.4.5~d914ae5389.txz
The cleanup will free 19 MiB
Deleting files: .... done
All done
/tmp/traefik-consul.sh: COPYRIGHT: not found
=====>  Stop the pot traefik-consul-amd64-11_4
=====>  Remove epair0[a|b] network interfaces
=====>  unmount /mnt/data/pot/jails/traefik-consul-amd64-11_4/m/tmp
=====>  unmount /mnt/data/pot/jails/traefik-consul-amd64-11_4/m/dev
=====>  Flavour: traefik-consul+1
=====>  Executing traefik-consul+1 pot commands on traefik-consul-amd64-11_4
=====>  No shell script available for the flavour traefik-consul+1
=====>  Flavour: traefik-consul+2
=====>  Executing traefik-consul+2 pot commands on traefik-consul-amd64-11_4
=====>  No shell script available for the flavour traefik-consul+2
=====>  Flavour: traefik-consul+3
=====>  Executing traefik-consul+3 pot commands on traefik-consul-amd64-11_4
=====>  No shell script available for the flavour traefik-consul+3
=====>  Flavour: traefik-consul+4
=====>  Executing traefik-consul+4 pot commands on traefik-consul-amd64-11_4
=====>  No shell script available for the flavour traefik-consul+4

This site © Honeyguide Group (Pty) Ltd, all the hosted software their respective license owners 2020 - Disclaimer