Merge branch 'master' of github.com:telmich/cdist
This commit is contained in:
commit
36d6ffbe74
20 changed files with 243 additions and 27 deletions
|
@ -77,6 +77,11 @@ if grep -q ^Fedora /etc/redhat-release 2>/dev/null; then
|
||||||
exit 0
|
exit 0
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if grep -q ^Mitel /etc/redhat-release 2>/dev/null; then
|
||||||
|
echo mitel
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
if [ -f /etc/redhat-release ]; then
|
if [ -f /etc/redhat-release ]; then
|
||||||
echo redhat
|
echo redhat
|
||||||
exit 0
|
exit 0
|
||||||
|
|
|
@ -51,7 +51,7 @@ case "$($__explorer/os)" in
|
||||||
owl)
|
owl)
|
||||||
cat /etc/owl-release
|
cat /etc/owl-release
|
||||||
;;
|
;;
|
||||||
redhat|centos)
|
redhat|centos|mitel)
|
||||||
cat /etc/redhat-release
|
cat /etc/redhat-release
|
||||||
;;
|
;;
|
||||||
slackware)
|
slackware)
|
||||||
|
|
|
@ -0,0 +1,9 @@
|
||||||
|
start on starting consul
|
||||||
|
|
||||||
|
task
|
||||||
|
|
||||||
|
script
|
||||||
|
mkdir -p /var/run/consul
|
||||||
|
chown consul:consul /var/run/consul
|
||||||
|
chmod 2770 /var/run/consul
|
||||||
|
end script
|
|
@ -7,6 +7,11 @@ After=basic.target network.target
|
||||||
User=consul
|
User=consul
|
||||||
Group=consul
|
Group=consul
|
||||||
Environment="GOMAXPROCS=2"
|
Environment="GOMAXPROCS=2"
|
||||||
|
# Run ExecStartPre with root-permissions
|
||||||
|
PermissionsStartOnly=true
|
||||||
|
ExecStartPre=/usr/bin/mkdir -p /var/run/consul
|
||||||
|
ExecStartPre=/usr/bin/chown consul:consul /var/run/consul
|
||||||
|
ExecStartPre=/usr/bin/chmod 2770 /var/run/consul
|
||||||
ExecStart=/usr/local/bin/consul agent -config-dir /etc/consul/conf.d
|
ExecStart=/usr/local/bin/consul agent -config-dir /etc/consul/conf.d
|
||||||
ExecReload=/bin/kill -HUP $MAINPID
|
ExecReload=/bin/kill -HUP $MAINPID
|
||||||
KillMode=process
|
KillMode=process
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
#
|
#
|
||||||
# 2015 Nico Schottelius (nico-cdist at schottelius.org)
|
# 2015 Nico Schottelius (nico-cdist at schottelius.org)
|
||||||
|
# 2015 Steven Armstrong (steven-cdist at armstrong.cc)
|
||||||
#
|
#
|
||||||
# This file is part of cdist.
|
# This file is part of cdist.
|
||||||
#
|
#
|
||||||
|
@ -29,6 +30,10 @@ CONSUL=/usr/local/bin/consul
|
||||||
CONFIG=/etc/$NAME/conf.d
|
CONFIG=/etc/$NAME/conf.d
|
||||||
PID_FILE=/var/run/$NAME/pidfile
|
PID_FILE=/var/run/$NAME/pidfile
|
||||||
|
|
||||||
|
mkdir -p /var/run/$NAME
|
||||||
|
chown consul:consul /var/run/$NAME
|
||||||
|
chmod 2770 /var/run/$NAME
|
||||||
|
|
||||||
export PATH="${PATH:+$PATH:}/usr/sbin:/sbin"
|
export PATH="${PATH:+$PATH:}/usr/sbin:/sbin"
|
||||||
|
|
||||||
case "$1" in
|
case "$1" in
|
||||||
|
|
|
@ -22,7 +22,9 @@ LOG_FILE=/var/log/$NAME
|
||||||
export GOMAXPROCS=${GOMAXPROCS:-2}
|
export GOMAXPROCS=${GOMAXPROCS:-2}
|
||||||
|
|
||||||
mkdir -p /var/run/$NAME
|
mkdir -p /var/run/$NAME
|
||||||
chown consul /var/run/$NAME
|
chown consul:consul /var/run/$NAME
|
||||||
|
chmod 2770 /var/run/$NAME
|
||||||
|
|
||||||
|
|
||||||
start() {
|
start() {
|
||||||
echo -n "Starting $NAME: "
|
echo -n "Starting $NAME: "
|
||||||
|
@ -36,7 +38,7 @@ start() {
|
||||||
|
|
||||||
stop() {
|
stop() {
|
||||||
echo -n "Shutting down $NAME: "
|
echo -n "Shutting down $NAME: "
|
||||||
"$CONSUL" leave
|
killproc -p "$PID_FILE" $NAME
|
||||||
retcode=$?
|
retcode=$?
|
||||||
rm -f /var/lock/subsys/$NAME
|
rm -f /var/lock/subsys/$NAME
|
||||||
return $retcode
|
return $retcode
|
||||||
|
@ -86,7 +88,7 @@ case "$1" in
|
||||||
fi
|
fi
|
||||||
;;
|
;;
|
||||||
*)
|
*)
|
||||||
echo "Usage: $NAME {start|stop|status|reload|restart}"
|
echo "Usage: $NAME {start|stop|status|reload|restart|condrestart|info}"
|
||||||
exit 1
|
exit 1
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
|
@ -132,10 +132,10 @@ if [ -f "$__object/parameter/json-config" ]; then
|
||||||
if [ "$json_config" = "-" ]; then
|
if [ "$json_config" = "-" ]; then
|
||||||
json_config="$__object/stdin"
|
json_config="$__object/stdin"
|
||||||
fi
|
fi
|
||||||
printf ','
|
# remove leading and trailing whitespace and commas from first and last line
|
||||||
# remove trailing ,
|
# indent each line with 3 spaces for consistency
|
||||||
json=$(cat "$json_config")
|
json=$(sed -e 's/^[ \t]*/ /' -e '1s/^[ \t,]*//' -e '$s/[ \t,]*$//' "$json_config")
|
||||||
echo "${json%*,}"
|
printf ' ,%s\n' "$json"
|
||||||
fi
|
fi
|
||||||
echo "}"
|
echo "}"
|
||||||
) | \
|
) | \
|
||||||
|
@ -166,6 +166,11 @@ init_systemd()
|
||||||
|
|
||||||
init_upstart()
|
init_upstart()
|
||||||
{
|
{
|
||||||
|
__file /etc/init/consul-prepare.conf \
|
||||||
|
--owner root --group root --mode 0644 \
|
||||||
|
--state "$state" \
|
||||||
|
--source "$__type/files/consul-prepare.upstart"
|
||||||
|
require="__file/etc/init/consul-prepare.conf" \
|
||||||
__file /etc/init/consul.conf \
|
__file /etc/init/consul.conf \
|
||||||
--owner root --group root --mode 0644 \
|
--owner root --group root --mode 0644 \
|
||||||
--state "$state" \
|
--state "$state" \
|
||||||
|
|
|
@ -0,0 +1 @@
|
||||||
|
3401777891 9273880 consul-template
|
|
@ -1 +1 @@
|
||||||
https://github.com/hashicorp/consul-template/releases/download/v0.6.5/consul-template_0.6.5_linux_amd64.tar.gz
|
https://github.com/hashicorp/consul-template/releases/download/v0.10.0/consul-template_0.10.0_linux_amd64.tar.gz
|
|
@ -1 +0,0 @@
|
||||||
1356006333 8496656 consul-template
|
|
|
@ -24,13 +24,19 @@ None.
|
||||||
|
|
||||||
OPTIONAL PARAMETERS
|
OPTIONAL PARAMETERS
|
||||||
-------------------
|
-------------------
|
||||||
auth::
|
auth-username::
|
||||||
specify a username (and password) for basic authentication.
|
specify a username for basic authentication.
|
||||||
|
auth-password::
|
||||||
|
specify a password for basic authentication.
|
||||||
batch-size::
|
batch-size::
|
||||||
the size of the batch when polling multiple dependencies.
|
the size of the batch when polling multiple dependencies.
|
||||||
consul::
|
consul::
|
||||||
the location of the Consul instance to query (may be an IP address or FQDN) with port.
|
the location of the Consul instance to query (may be an IP address or FQDN) with port.
|
||||||
Defaults to 'localhost:8500'.
|
Defaults to 'localhost:8500'.
|
||||||
|
log-level::
|
||||||
|
The log level for output. This applies to the stdout/stderr logging as well
|
||||||
|
as syslog logging (if enabled). Valid values are "debug", "info", "warn",
|
||||||
|
and "err". The default value is "warn".
|
||||||
max-stale::
|
max-stale::
|
||||||
the maximum staleness of a query. If specified, Consul will distribute work among all
|
the maximum staleness of a query. If specified, Consul will distribute work among all
|
||||||
servers instead of just the leader.
|
servers instead of just the leader.
|
||||||
|
@ -39,8 +45,27 @@ retry::
|
||||||
with the API.
|
with the API.
|
||||||
state::
|
state::
|
||||||
either 'present' or 'absent'. Defaults to 'present'
|
either 'present' or 'absent'. Defaults to 'present'
|
||||||
|
ssl-cert::
|
||||||
|
Path to an SSL client certificate to use to authenticate to the consul server.
|
||||||
|
Useful if the consul server "verify_incoming" option is set.
|
||||||
|
ssl-ca-cert::
|
||||||
|
Path to a CA certificate file, containing one or more CA certificates to
|
||||||
|
use to validate the certificate sent by the consul server to us. This is a
|
||||||
|
handy alternative to setting --ssl-no-verify if you are using your own CA.
|
||||||
|
syslog-facility::
|
||||||
|
The facility to use when sending to syslog. This requires the use of --syslog.
|
||||||
|
The default value is LOCAL0.
|
||||||
token::
|
token::
|
||||||
the Consul API token.
|
the Consul API token.
|
||||||
|
vault-address::
|
||||||
|
the location of the Vault instance to query (may be an IP address or FQDN) with port.
|
||||||
|
vault-token::
|
||||||
|
the Vault API token.
|
||||||
|
vault-ssl-cert::
|
||||||
|
Path to an SSL client certificate to use to authenticate to the vault server.
|
||||||
|
vault-ssl-ca-cert::
|
||||||
|
Path to a CA certificate file, containing one or more CA certificates to
|
||||||
|
use to validate the certificate sent by the vault server to us.
|
||||||
version::
|
version::
|
||||||
which version of consul-template to install. See ./files/versions for a list of
|
which version of consul-template to install. See ./files/versions for a list of
|
||||||
supported versions. Defaults to the latest known version.
|
supported versions. Defaults to the latest known version.
|
||||||
|
@ -56,6 +81,12 @@ ssl::
|
||||||
use HTTPS while talking to Consul. Requires the Consul server to be configured to serve secure connections.
|
use HTTPS while talking to Consul. Requires the Consul server to be configured to serve secure connections.
|
||||||
ssl-no-verify::
|
ssl-no-verify::
|
||||||
ignore certificate warnings. Only used if ssl is enabled.
|
ignore certificate warnings. Only used if ssl is enabled.
|
||||||
|
syslog::
|
||||||
|
Send log output to syslog (in addition to stdout and stderr).
|
||||||
|
vault-ssl::
|
||||||
|
use HTTPS while talking to Vault. Requires the Vault server to be configured to serve secure connections.
|
||||||
|
vault-ssl-no-verify::
|
||||||
|
ignore certificate warnings. Only used if vault is enabled.
|
||||||
|
|
||||||
|
|
||||||
EXAMPLES
|
EXAMPLES
|
||||||
|
|
|
@ -77,17 +77,64 @@ require="__directory/etc/consul-template" \
|
||||||
(
|
(
|
||||||
for param in $(ls "$__object/parameter/"); do
|
for param in $(ls "$__object/parameter/"); do
|
||||||
case "$param" in
|
case "$param" in
|
||||||
ssl|ssl-no-verify) # boolean
|
auth-password|state|ssl-*|syslog-*|version|vault-token|vault-ssl*) continue ;;
|
||||||
key="$(echo "$param" | tr '-' '_')"
|
auth-username)
|
||||||
printf '%s = true\n' "$key"
|
printf 'auth {\n'
|
||||||
|
printf ' enabled = true\n'
|
||||||
|
printf ' username = "%s"\n' "$(cat "$__object/parameter/auth-username")"
|
||||||
|
if [ -f "$__object/parameter/auth-password" ]; then
|
||||||
|
printf ' password = %s\n' "$(cat "$__object/parameter/auth-password")"
|
||||||
|
fi
|
||||||
|
printf '}\n'
|
||||||
;;
|
;;
|
||||||
auth|batch-size|consul|max-stale|retry|token|wait)
|
ssl)
|
||||||
key="$(echo "$param" | tr '-' '_')"
|
printf 'ssl {\n'
|
||||||
printf '%s = "%s"\n' "$key" "$(cat "$__object/parameter/$param")"
|
printf ' enabled = true\n'
|
||||||
|
if [ -f "$__object/parameter/ssl-no-verify" ]; then
|
||||||
|
printf ' verify = false\n'
|
||||||
|
fi
|
||||||
|
if [ -f "$__object/parameter/ssl-cert" ]; then
|
||||||
|
printf ' cert = "%s"\n' "$(cat "$__object/parameter/ssl-cert")"
|
||||||
|
fi
|
||||||
|
if [ -f "$__object/parameter/ssl-ca-cert" ]; then
|
||||||
|
printf ' ca_cert = "%s"\n' "$(cat "$__object/parameter/ssl-ca-cert")"
|
||||||
|
fi
|
||||||
|
printf '}\n'
|
||||||
|
;;
|
||||||
|
syslog)
|
||||||
|
printf 'syslog {\n'
|
||||||
|
printf ' enabled = true\n'
|
||||||
|
if [ -f "$__object/parameter/syslog-facility" ]; then
|
||||||
|
printf ' facility = "%s"\n' "$(cat "$__object/parameter/syslog-facility")"
|
||||||
|
fi
|
||||||
|
printf '}\n'
|
||||||
|
;;
|
||||||
|
vault-address)
|
||||||
|
printf 'vault {\n'
|
||||||
|
printf ' address = "%s"\n' "$(cat "$__object/parameter/vault-address")"
|
||||||
|
if [ -f "$__object/parameter/vault-token" ]; then
|
||||||
|
printf ' token = "%s"\n' "$(cat "$__object/parameter/vault-token")"
|
||||||
|
fi
|
||||||
|
if [ -f "$__object/parameter/vault-ssl" ]; then
|
||||||
|
printf ' ssl {\n'
|
||||||
|
printf ' enabled = true\n'
|
||||||
|
if [ -f "$__object/parameter/vault-ssl-no-verify" ]; then
|
||||||
|
printf ' verify = false\n'
|
||||||
|
fi
|
||||||
|
if [ -f "$__object/parameter/vault-ssl-cert" ]; then
|
||||||
|
printf ' cert = "%s"\n' "$(cat "$__object/parameter/vault-ssl-cert")"
|
||||||
|
fi
|
||||||
|
if [ -f "$__object/parameter/vault-ssl-ca-cert" ]; then
|
||||||
|
printf ' ca_cert = "%s"\n' "$(cat "$__object/parameter/vault-ssl-ca-cert")"
|
||||||
|
fi
|
||||||
|
printf ' }\n'
|
||||||
|
fi
|
||||||
|
printf '}\n'
|
||||||
;;
|
;;
|
||||||
*)
|
*)
|
||||||
# ignore unknown parameters
|
# string key=value parameters
|
||||||
:
|
key="$(echo "$param" | tr '-' '_')"
|
||||||
|
printf '%s = "%s"\n' "$key" "$(cat "$__object/parameter/$param")"
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
done
|
done
|
||||||
|
|
93
cdist/conf/type/__consul_template/notes
Normal file
93
cdist/conf/type/__consul_template/notes
Normal file
|
@ -0,0 +1,93 @@
|
||||||
|
# < 0.7.0
|
||||||
|
ssl = true
|
||||||
|
ssl_no_verify = true
|
||||||
|
|
||||||
|
# >= 0.7.0
|
||||||
|
ssl {
|
||||||
|
enabled = true
|
||||||
|
verify = false
|
||||||
|
}
|
||||||
|
|
||||||
|
# >= 0.9.0
|
||||||
|
ssl-cert
|
||||||
|
ssl-ca-cert
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
--------------------------------------------------------------------------------
|
||||||
|
### from docs
|
||||||
|
|
||||||
|
|
||||||
|
ssl {
|
||||||
|
enabled = true
|
||||||
|
verify = false
|
||||||
|
cert = "/path/to/client/cert.pem"
|
||||||
|
ca_cert = "/path/to/ca/cert.pem"
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
ssl
|
||||||
|
Use HTTPS while talking to Consul. Requires the Consul server to be configured to serve secure connections. The default value is false.
|
||||||
|
|
||||||
|
ssl-verify
|
||||||
|
Verify certificates when connecting via SSL. This requires the use of -ssl. The default value is true.
|
||||||
|
|
||||||
|
ssl-cert
|
||||||
|
Path to an SSL client certificate to use to authenticate to the consul server. Useful if the consul server "verify_incoming" option is set.
|
||||||
|
|
||||||
|
ssl-ca-cert
|
||||||
|
Path to a CA certificate file, containing one or more CA certificates to use to validate the certificate sent by the consul server to us. This is a handy alternative to setting --ssl-verify=false if you are using your own CA.
|
||||||
|
|
||||||
|
--------------------------------------------------------------------------------
|
||||||
|
|
||||||
|
### example config file from docs
|
||||||
|
|
||||||
|
consul = "127.0.0.1:8500"
|
||||||
|
token = "abcd1234" // May also be specified via the envvar CONSUL_TOKEN
|
||||||
|
retry = "10s"
|
||||||
|
max_stale = "10m"
|
||||||
|
log_level = "warn"
|
||||||
|
pid_file = "/path/to/pid"
|
||||||
|
|
||||||
|
vault {
|
||||||
|
address = "https://vault.service.consul:8200"
|
||||||
|
token = "abcd1234" // May also be specified via the envvar VAULT_TOKEN
|
||||||
|
ssl {
|
||||||
|
enabled = true
|
||||||
|
verify = true
|
||||||
|
cert = "/path/to/client/cert.pem"
|
||||||
|
ca_cert = "/path/to/ca/cert.pem"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
--auth-username
|
||||||
|
--auth-password
|
||||||
|
# if any are given enabled = true
|
||||||
|
auth {
|
||||||
|
enabled = true
|
||||||
|
username = "test"
|
||||||
|
password = "test"
|
||||||
|
}
|
||||||
|
|
||||||
|
ssl {
|
||||||
|
enabled = true
|
||||||
|
verify = false
|
||||||
|
cert = "/path/to/client/cert.pem"
|
||||||
|
ca_cert = "/path/to/ca/cert.pem"
|
||||||
|
}
|
||||||
|
|
||||||
|
syslog {
|
||||||
|
enabled = true
|
||||||
|
facility = "LOCAL5"
|
||||||
|
}
|
||||||
|
|
||||||
|
template {
|
||||||
|
source = "/path/on/disk/to/template"
|
||||||
|
destination = "/path/on/disk/where/template/will/render"
|
||||||
|
command = "optional command to run when the template is updated"
|
||||||
|
}
|
||||||
|
|
||||||
|
template {
|
||||||
|
// Multiple template definitions are supported
|
||||||
|
}
|
|
@ -1,2 +1,5 @@
|
||||||
ssl
|
ssl
|
||||||
ssl-no-verify
|
ssl-no-verify
|
||||||
|
syslog
|
||||||
|
vault-ssl
|
||||||
|
vault-ssl-no-verify
|
||||||
|
|
|
@ -0,0 +1 @@
|
||||||
|
warn
|
|
@ -0,0 +1 @@
|
||||||
|
LOCAL0
|
|
@ -1 +1 @@
|
||||||
0.6.5
|
0.10.0
|
||||||
|
|
|
@ -1,9 +1,18 @@
|
||||||
auth
|
auth-username
|
||||||
|
auth-password
|
||||||
batch-size
|
batch-size
|
||||||
consul
|
consul
|
||||||
|
log-level
|
||||||
max-stale
|
max-stale
|
||||||
retry
|
retry
|
||||||
state
|
state
|
||||||
|
ssl-cert
|
||||||
|
ssl-ca-cert
|
||||||
|
syslog-facility
|
||||||
token
|
token
|
||||||
|
vault-address
|
||||||
|
vault-token
|
||||||
|
vault-ssl-cert
|
||||||
|
vault-ssl-ca-cert
|
||||||
version
|
version
|
||||||
wait
|
wait
|
||||||
|
|
|
@ -1,2 +0,0 @@
|
||||||
- add support for latest version 0.7.0
|
|
||||||
- config file format has changed
|
|
|
@ -5,6 +5,8 @@ next:
|
||||||
* Documentation: Fix spelling in manual pages (Dmitry Bogatov)
|
* Documentation: Fix spelling in manual pages (Dmitry Bogatov)
|
||||||
* New type: __pacman_conf: Manage pacman.conf (Dominique Roux)
|
* New type: __pacman_conf: Manage pacman.conf (Dominique Roux)
|
||||||
* New type: __pacman_conf_integrate: cdist compatible pacman.conf (Dominique Roux)
|
* New type: __pacman_conf_integrate: cdist compatible pacman.conf (Dominique Roux)
|
||||||
|
* Type __consul: Do not install unused package unzip (Steven Armstrong)
|
||||||
|
* Type __consul: Add source & cksum for 0.5.2 (Steven Armstrong)
|
||||||
* Core: Support object ids '.cdist' (Nico Schottelius)
|
* Core: Support object ids '.cdist' (Nico Schottelius)
|
||||||
* Type __apt_norecommends: Also setup autoremove options (Dmitry Bogatov)
|
* Type __apt_norecommends: Also setup autoremove options (Dmitry Bogatov)
|
||||||
* Type __user_groups: Add NetBSD support (Jonathan A. Kollasch)
|
* Type __user_groups: Add NetBSD support (Jonathan A. Kollasch)
|
||||||
|
|
Loading…
Reference in a new issue