Merge branch 'master' into feature_files_export

This commit is contained in:
Darko Poljak 2016-06-10 21:04:43 +02:00
commit e3636e6ffc
475 changed files with 10788 additions and 3878 deletions

7
.gitignore vendored
View file

@ -8,8 +8,8 @@ docs/man/man7/*.7
docs/man/man*/*.html
docs/man/man*/*.xml
docs/man/man*/docbook-xsl.css
docs/man/man7/cdist-type__*.text
docs/man/man7/cdist-reference.text
docs/man/man7/cdist-type__*.rst
docs/man/man7/cdist-reference.rst
# Ignore cdist cache for version control
/cache/
@ -20,6 +20,9 @@ MANIFEST
dist/
cdist/version.py
#sphinx build dir
_build/
# Packaging: Archlinux
/PKGBUILD
/cdist-*.pkg.tar.xz

View file

@ -1 +0,0 @@
2.1.0-pre1

View file

@ -18,8 +18,6 @@
#
#
A2XM=a2x -f manpage --no-xmllint -a encoding=UTF-8
A2XH=a2x -f xhtml --no-xmllint -a encoding=UTF-8
helper=./bin/build-helper
MANDIR=docs/man
@ -28,7 +26,7 @@ TYPEDIR=cdist/conf/type
WEBSRCDIR=docs/web
WEBDIR=$$HOME/www.nico.schottelius.org
WEBDIR=$$HOME/vcs/www.nico.schottelius.org
WEBBLOG=$(WEBDIR)/blog
WEBBASE=$(WEBDIR)/software/cdist
WEBPAGE=$(WEBBASE).mdwn
@ -38,6 +36,8 @@ CHANGELOG_FILE=docs/changelog
PYTHON_VERSION=cdist/version.py
SPHINXM=make -C $(MANDIR) man
SPHINXH=make -C $(MANDIR) html
################################################################################
# Manpages
#
@ -45,64 +45,48 @@ MAN1DSTDIR=$(MANDIR)/man1
MAN7DSTDIR=$(MANDIR)/man7
# Manpages #1: Types
# Use shell / ls to get complete list - $(TYPEDIR)/*/man.text does not work
MANTYPESRC=$(shell ls $(TYPEDIR)/*/man.text)
# replace first path component
# Use shell / ls to get complete list - $(TYPEDIR)/*/man.rst does not work
MANTYPESRC=$(shell ls $(TYPEDIR)/*/man.rst)
MANTYPEPREFIX=$(subst $(TYPEDIR)/,$(MAN7DSTDIR)/cdist-type,$(MANTYPESRC))
MANTYPES=$(subst /man.rst,.rst,$(MANTYPEPREFIX))
# replace man.text with .7 or .html
MANTYPEMAN=$(subst /man.text,.7,$(MANTYPEPREFIX))
MANTYPEHTML=$(subst /man.text,.html,$(MANTYPEPREFIX))
MANTYPEALL=$(MANTYPEMAN) $(MANTYPEHTML)
# Link manpage so A2XH does not create man.html but correct named file
$(MAN7DSTDIR)/cdist-type%.text: $(TYPEDIR)/%/man.text
# Link manpage: do not create man.html but correct named file
$(MAN7DSTDIR)/cdist-type%.rst: $(TYPEDIR)/%/man.rst
ln -sf "../../../$^" $@
# Manpages #2: reference
MANREF=$(MAN7DSTDIR)/cdist-reference.text
MANREFSH=$(MANDIR)/cdist-reference.text.sh
MANREFMAN=$(MANREF:.text=.7)
MANREFHTML=$(MANREF:.text=.html)
MANREFALL=$(MANREFMAN) $(MANREFHTML)
MANREF=$(MAN7DSTDIR)/cdist-reference.rst
MANREFSH=$(MANDIR)/cdist-reference.rst.sh
$(MANREF): $(MANREFSH)
$(MANREFSH)
# Manpages #3: static pages
MAN1STATIC=$(shell ls $(MAN1DSTDIR)/*.text)
MAN7STATIC=$(shell ls $(MAN7DSTDIR)/*.text)
MANSTATICMAN=$(MAN1STATIC:.text=.1) $(MAN7STATIC:.text=.7)
MANSTATICHTML=$(MAN1STATIC:.text=.html) $(MAN7STATIC:.text=.html)
MANSTATICALL=$(MANSTATICMAN) $(MANSTATICHTML)
# Manpages #3: generic part
mansphinxman: $(MANTYPES) $(MANREF)
$(SPHINXM)
# Manpages #4: generic part
mansphinxhtml: $(MANTYPES) $(MANREF)
$(SPHINXH)
# Creating the type manpage
%.1 %.7: %.text
$(A2XM) $^
# Creating the type html page
%.html: %.text
$(A2XH) $^
man: $(MANTYPEALL) $(MANREFALL) $(MANSTATICALL)
man: mansphinxman mansphinxhtml
# Manpages #5: release part
MANWEBDIR=$(WEBBASE)/man/$(CHANGELOG_VERSION)
MANBUILDDIR=$(MANDIR)/_build/html
man-dist: man check-date
man-dist: man
rm -rf "${MANWEBDIR}"
mkdir -p "${MANWEBDIR}/man1" "${MANWEBDIR}/man7"
cp ${MAN1DSTDIR}/*.html ${MAN1DSTDIR}/*.css ${MANWEBDIR}/man1
cp ${MAN7DSTDIR}/*.html ${MAN7DSTDIR}/*.css ${MANWEBDIR}/man7
mkdir -p "${MANWEBDIR}"
# mkdir -p "${MANWEBDIR}/man1" "${MANWEBDIR}/man7"
# cp ${MAN1DSTDIR}/*.html ${MAN1DSTDIR}/*.css ${MANWEBDIR}/man1
# cp ${MAN7DSTDIR}/*.html ${MAN7DSTDIR}/*.css ${MANWEBDIR}/man7
cp -R ${MANBUILDDIR}/* ${MANWEBDIR}
cd ${MANWEBDIR} && git add . && git commit -m "cdist manpages update: $(CHANGELOG_VERSION)" || true
man-latest-link: web-pub
# Fix ikiwiki, which does not like symlinks for pseudo security
ssh tee.schottelius.org \
"cd /home/services/www/nico/www.nico.schottelius.org/www/software/cdist/man && rm -f latest && ln -sf "$(CHANGELOG_VERSION)" latest"
ssh staticweb.ungleich.ch \
"cd /home/services/www/nico/nico.schottelius.org/www/software/cdist/man/ && rm -f latest && ln -sf "$(CHANGELOG_VERSION)" latest"
################################################################################
# Speeches
@ -162,17 +146,6 @@ $(ML_FILE): $(CHANGELOG_FILE)
ml-release: $(ML_FILE)
################################################################################
# Release: Freecode
#
FREECODE_FILE=.lock-freecode
$(FREECODE_FILE): $(CHANGELOG_FILE)
$(helper) freecode-release $(CHANGELOG_VERSION)
touch $@
freecode-release: $(FREECODE_FILE)
################################################################################
# pypi
#
@ -189,7 +162,7 @@ ARCHLINUX_FILE=.lock-archlinux
ARCHLINUXTAR=cdist-$(CHANGELOG_VERSION)-1.src.tar.gz
$(ARCHLINUXTAR): PKGBUILD
makepkg -c --source
umask 022; mkaurball
PKGBUILD: PKGBUILD.in $(PYTHON_VERSION)
./PKGBUILD.in $(CHANGELOG_VERSION)
@ -219,15 +192,13 @@ release:
#
clean:
rm -f $(MAN7DSTDIR)/cdist-reference.text
rm -f $(MAN7DSTDIR)/cdist-reference.rst
find "$(MANDIR)" -mindepth 2 -type l \
-o -name "*.1" \
-o -name "*.7" \
-o -name "*.html" \
-o -name "*.xml" \
| xargs rm -f
make -C $(MANDIR) clean
find * -name __pycache__ | xargs rm -rf
# Archlinux
@ -246,10 +217,7 @@ distclean: clean
# The pub is Nico's "push to all git remotes" way ("make pub")
pub:
for remote in "" github sf; do \
echo "Pushing to $$remote"; \
git push --mirror $$remote; \
done
git push --mirror
test:
$(helper) $@

View file

@ -17,7 +17,13 @@ source=("http://pypi.python.org/packages/source/c/cdist/cdist-\${pkgver}.tar.gz"
package() {
cd cdist-\${pkgver}
python3 setup.py build install --root="\${pkgdir}"
find "\$pkgdir" -type d -exec chmod 0755 {} \;
find "\$pkgdir" -type f -exec chmod a+r {} \;
}
eof
makepkg -g >> "${outfile}"
# Fix this issue:
# error: failed to upload cdist-3.1.6-1.src.tar.gz: Error - all files must have permissions of 644 or 755.
chmod a+r "${outfile}"

View file

@ -104,6 +104,11 @@ eof
;;
ml-release)
if [ $# -ne 1 ]; then
echo "$0 ml-release version" >&2
exit 1
fi
version=$1; shift
to_a=cdist
@ -140,39 +145,6 @@ eof
;;
freecode-release)
version=$1; shift
api_token=$(awk '/machine freecode login/ { print $8 }' ~/.netrc)
printf "Enter tag list for freecode release %s> " "$version"
read taglist
printf "Enter changelog for freecode release %s> " "$version"
read changelog
echo "Submit preview"
cat << eof
tag_list = $taglist
changelog = $changelog
version = $version
eof
printf "Press enter to submit to freecode> "
read dummy
cat << eof | cfreecode-api release-add cdist
{
"auth_code": "$api_token",
"release": {
"tag_list": "$taglist",
"version": "$version",
"changelog": "$changelog",
"hidden_from_frontpage": false
}
}
eof
;;
release-git-tag)
target_version=$($0 changelog-version)
if git rev-parse --verify refs/tags/$target_version 2>/dev/null; then
@ -271,9 +243,6 @@ eof
# Archlinux release is based on pypi
make archlinux-release
# Announce change on Freecode
make freecode-release
# Announce change on ML
make ml-release

View file

@ -1,6 +1,6 @@
# -*- coding: utf-8 -*-
#
# 2010-2012 Nico Schottelius (nico-cdist at schottelius.org)
# 2010-2015 Nico Schottelius (nico-cdist at schottelius.org)
#
# This file is part of cdist.
#
@ -41,8 +41,6 @@ BANNER = """
"P' "" ""
"""
DOT_CDIST = ".cdist"
REMOTE_COPY = "scp -o User=root -q"
REMOTE_EXEC = "ssh -o User=root -q"

View file

@ -22,10 +22,19 @@
# FIXME: other system types (not linux ...)
os=$("$__explorer/os")
case "$os" in
"macosx")
echo "$(sysctl -n hw.physicalcpu)"
;;
*)
if [ -r /proc/cpuinfo ]; then
cores="$(cat /proc/cpuinfo | grep "core id" | sort | uniq | wc -l)"
cores="$(grep "core id" /proc/cpuinfo | sort | uniq | wc -l)"
if [ ${cores} -eq 0 ]; then
cores="1"
fi
echo "${cores}"
echo "$cores"
fi
;;
esac

View file

@ -22,10 +22,19 @@
# FIXME: other system types (not linux ...)
os=$("$__explorer/os")
case "$os" in
"macosx")
echo "$(system_profiler SPHardwareDataType | grep "Number of Processors" | awk -F': ' '{print $2}')"
;;
*)
if [ -r /proc/cpuinfo ]; then
sockets="$(cat /proc/cpuinfo | grep "physical id" | sort | uniq | wc -l)"
sockets="$(grep "physical id" /proc/cpuinfo | sort | uniq | wc -l)"
if [ ${sockets} -eq 0 ]; then
sockets="$(cat /proc/cpuinfo | grep "processor" | wc -l)"
fi
echo "${sockets}"
fi
;;
esac

35
cdist/conf/explorer/init Executable file
View file

@ -0,0 +1,35 @@
#!/bin/sh
#
# 2016 Daniel Heule (hda at sfs.biz)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
#
# Returns the process name of pid 1 ( normaly the init system )
# for example at linux this value is "init" or "systemd" in most cases
#
uname_s="$(uname -s)"
case "$uname_s" in
Linux|FreeBSD)
ps -o comm= -p 1 || true
;;
*)
# return a empty string as unknown value
echo ""
;;
esac

View file

@ -24,12 +24,12 @@
#
# Use ip, if available
if command -v ip; then
if command -v ip >/dev/null; then
ip -o link show | sed -n 's/^[0-9]\+: \(.\+\): <.*/\1/p'
exit 0
fi
if ! command -v ifconfig; then
if ! command -v ifconfig >/dev/null; then
# no ifconfig, nothing we could do
exit 0
fi

View file

@ -22,6 +22,15 @@
# FIXME: other system types (not linux ...)
os=$("$__explorer/os")
case "$os" in
"macosx")
echo "$(sysctl -n hw.memsize)/1024" | bc
;;
*)
if [ -r /proc/meminfo ]; then
echo "$(cat /proc/meminfo | grep "MemTotal:" | awk '{print $2}')"
grep "MemTotal:" /proc/meminfo | awk '{print $2}'
fi
;;
esac

View file

@ -49,6 +49,11 @@ if [ -f /etc/debian_version ]; then
echo debian
exit 0
fi
if [ -f /etc/devuan_version ]; then
echo devuan
exit 0
fi
###
if [ -f /etc/gentoo-release ]; then
@ -77,6 +82,11 @@ if grep -q ^Fedora /etc/redhat-release 2>/dev/null; then
exit 0
fi
if grep -q ^Mitel /etc/redhat-release 2>/dev/null; then
echo mitel
exit 0
fi
if [ -f /etc/redhat-release ]; then
echo redhat
exit 0

View file

@ -33,6 +33,9 @@ case "$($__explorer/os)" in
debian)
cat /etc/debian_version
;;
devuan)
cat /etc/devuan_version
;;
fedora)
cat /etc/fedora-release
;;
@ -51,7 +54,7 @@ case "$($__explorer/os)" in
owl)
cat /etc/owl-release
;;
redhat|centos)
redhat|centos|mitel)
cat /etc/redhat-release
;;
slackware)

View file

@ -1,13 +1,10 @@
cdist-type__apt_key(7)
======================
Manage the list of keys used by apt
Steven Armstrong <steven-cdist--@--armstrong.cc>
NAME
----
cdist-type__apt_key - manage the list of keys used by apt
DESCRIPTION
-----------
Manages the list of keys used by apt to authenticate packages.
@ -20,13 +17,13 @@ None.
OPTIONAL PARAMETERS
-------------------
state::
state
'present' or 'absent'. Defaults to 'present'
keyid::
keyid
the id of the key to add. Defaults to __object_id
keyserver::
keyserver
the keyserver from which to fetch the key. If omitted the default set in
./parameter/default/keyserver is used.
@ -34,7 +31,8 @@ keyserver::
EXAMPLES
--------
--------------------------------------------------------------------------------
.. code-block:: sh
# Add Ubuntu Archive Automatic Signing Key
__apt_key 437D05B5
# Same thing
@ -47,12 +45,11 @@ __apt_key UbuntuArchiveKey --keyid 437D05B5
# same thing with other keyserver
__apt_key UbuntuArchiveKey --keyid 437D05B5 --keyserver keyserver.ubuntu.com
--------------------------------------------------------------------------------
SEE ALSO
--------
- cdist-type(7)
- `cdist-type(7) <cdist-type.html>`_
COPYING

View file

@ -1 +1 @@
subkeys.pgp.net
pool.sks-keyservers.net

View file

@ -1,13 +1,10 @@
cdist-type__apt_key_uri(7)
==========================
Add apt key from uri
Steven Armstrong <steven-cdist--@--armstrong.cc>
NAME
----
cdist-type__apt_key_uri - add apt key from uri
DESCRIPTION
-----------
Download a key from an uri and add it to the apt keyring.
@ -15,16 +12,16 @@ Download a key from an uri and add it to the apt keyring.
REQUIRED PARAMETERS
-------------------
uri::
uri
the uri from which to download the key
OPTIONAL PARAMETERS
-------------------
state::
state
'present' or 'absent', defaults to 'present'
name::
name
a name for this key, used when testing if it is already installed.
Defaults to __object_id
@ -32,17 +29,17 @@ name::
EXAMPLES
--------
--------------------------------------------------------------------------------
.. code-block:: sh
__apt_key_uri rabbitmq \
--name 'RabbitMQ Release Signing Key <info@rabbitmq.com>' \
--uri http://www.rabbitmq.com/rabbitmq-signing-key-public.asc \
--state present
--------------------------------------------------------------------------------
SEE ALSO
--------
- cdist-type(7)
- `cdist-type(7) <cdist-type.html>`_
COPYING

View file

@ -1,13 +1,10 @@
cdist-type__apt_norecommends(7)
===============================
Configure apt to not install recommended packages
Steven Armstrong <steven-cdist--@--armstrong.cc>
NAME
----
cdist-type__apt_norecommends - configure apt to not install recommended packages
DESCRIPTION
-----------
Configure apt to not install any recommended or suggested packages.
@ -26,14 +23,14 @@ None.
EXAMPLES
--------
--------------------------------------------------------------------------------
.. code-block:: sh
__apt_norecommends
--------------------------------------------------------------------------------
SEE ALSO
--------
- cdist-type(7)
- `cdist-type(7) <cdist-type.html>`_
COPYING

View file

@ -22,7 +22,7 @@
os=$(cat "$__global/explorer/os")
case "$os" in
ubuntu|debian)
ubuntu|debian|devuan)
# No stinking recommends thank you very much.
# If I want something installed I will do so myself.
__file /etc/apt/apt.conf.d/99-no-recommends \
@ -30,6 +30,8 @@ case "$os" in
--source - << DONE
APT::Install-Recommends "0";
APT::Install-Suggests "0";
APT::AutoRemove::RecommendsImportant "0";
APT::AutoRemove::SuggestsImportant "0";
DONE
;;
*)

View file

@ -1,13 +1,10 @@
cdist-type__apt_ppa(7)
======================
Manage ppa repositories
Steven Armstrong <steven-cdist--@--armstrong.cc>
NAME
----
cdist-type__apt_ppa - Manage ppa repositories
DESCRIPTION
-----------
This cdist type allows manage ubuntu ppa repositories.
@ -15,7 +12,7 @@ This cdist type allows manage ubuntu ppa repositories.
REQUIRED PARAMETERS
-------------------
state::
state
The state the ppa should be in, either 'present' or 'absent'.
Defaults to 'present'
@ -28,7 +25,8 @@ None.
EXAMPLES
--------
--------------------------------------------------------------------------------
.. code-block:: sh
# Enable a ppa repository
__apt_ppa ppa:sans-intern/missing-bits
# same as
@ -36,12 +34,11 @@ __apt_ppa ppa:sans-intern/missing-bits --state present
# Disable a ppa repository
__apt_ppa ppa:sans-intern/missing-bits --state absent
--------------------------------------------------------------------------------
SEE ALSO
--------
- cdist-type(7)
- `cdist-type(7) <cdist-type.html>`_
COPYING

View file

@ -1,6 +1,6 @@
#!/bin/sh
#
# 2011-2014 Steven Armstrong (steven-cdist at armstrong.cc)
# 2011-2016 Steven Armstrong (steven-cdist at armstrong.cc)
#
# This file is part of cdist.
#
@ -21,9 +21,8 @@
name="$__object_id"
__package software-properties-common
__package python-software-properties
require="__package/software-properties-common __package/python-software-properties" \
require="__package/software-properties-common" \
__file /usr/local/bin/remove-apt-repository \
--source "$__type/files/remove-apt-repository" \
--mode 0755

View file

@ -1,13 +1,10 @@
cdist-type__apt_source(7)
=========================
Manage apt sources
Steven Armstrong <steven-cdist--@--armstrong.cc>
NAME
----
cdist-type__apt_source - manage apt sources
DESCRIPTION
-----------
This cdist type allows you to manage apt sources.
@ -15,36 +12,37 @@ This cdist type allows you to manage apt sources.
REQUIRED PARAMETERS
-------------------
uri::
uri
the uri to the apt repository
OPTIONAL PARAMETERS
-------------------
arch::
arch
set this if you need to force and specific arch (ubuntu specific)
state::
state
'present' or 'absent', defaults to 'present'
distribution::
distribution
the distribution codename to use. Defaults to DISTRIB_CODENAME from
the targets /etc/lsb-release
component::
component
space delimited list of components to enable. Defaults to an empty string.
BOOLEAN PARAMETERS
------------------
include-src::
include-src
include deb-src entries
EXAMPLES
--------
--------------------------------------------------------------------------------
.. code-block:: sh
__apt_source rabbitmq \
--uri http://www.rabbitmq.com/debian/ \
--distribution testing \
@ -55,12 +53,11 @@ __apt_source rabbitmq \
__apt_source canonical_partner \
--uri http://archive.canonical.com/ \
--component partner --state present
--------------------------------------------------------------------------------
SEE ALSO
--------
- cdist-type(7)
- `cdist-type(7) <cdist-type.html>`_
COPYING

View file

@ -27,11 +27,9 @@ if [ -f "$__object/parameter/distribution" ]; then
else
distribution="$(cat "$__global/explorer/lsb_codename")"
fi
if [ -f "$__object/parameter/component" ]; then
component="$(cat "$__object/parameter/component")"
else
component=""
fi
if [ -f "$__object/parameter/arch" ]; then
forcedarch="[arch=$(cat "$__object/parameter/arch")]"
else

View file

@ -1,13 +1,10 @@
cdist-type__apt_update_index(7)
===============================
Update apt's package index
Steven Armstrong <steven-cdist--@--armstrong.cc>
NAME
----
cdist-type__apt_update_index - update apt's package index
DESCRIPTION
-----------
This cdist type runs apt-get update whenever any apt sources have changed.
@ -25,14 +22,14 @@ None.
EXAMPLES
--------
--------------------------------------------------------------------------------
.. code-block:: sh
__apt_update_index
--------------------------------------------------------------------------------
SEE ALSO
--------
- cdist-type(7)
- `cdist-type(7) <cdist-type.html>`_
COPYING

View file

@ -1,5 +1,24 @@
#!/bin/sh
# 2013 Steven Armstrong (steven-cdist at armstrong.cc)
#
# 2013 Steven Armstrong (steven-cdist armstrong.cc)
# 2014 Nico Schottelius (nico-cdist at schottelius.org)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
file="$(cat "$__object/parameter/file" 2>/dev/null || echo "/$__object_id")"
@ -8,12 +27,12 @@ file="$(cat "$__object/parameter/file" 2>/dev/null || echo "/$__object_id")"
prefix=$(cat "$__object/parameter/prefix" 2>/dev/null || echo "#cdist:__block/$__object_id")
suffix=$(cat "$__object/parameter/suffix" 2>/dev/null || echo "#/cdist:__block/$__object_id")
awk -v prefix="$prefix" -v suffix="$suffix" '{
if (index($0,prefix)) {
awk -v prefix="^$prefix\$" -v suffix="^$suffix\$" '{
if (match($0,prefix)) {
triggered=1
}
if (triggered) {
if (index($0,suffix)) {
if (match($0,suffix)) {
triggered=0
}
print

View file

@ -46,13 +46,13 @@ tmpfile=\$(mktemp ${file}.cdist.XXXXXXXXXX)
if [ -f "$file" ]; then
cp -p "$file" "\$tmpfile"
fi
awk -v prefix="$prefix" -v suffix="$suffix" '
awk -v prefix="^$prefix\$" -v suffix="^$suffix\$" '
{
if (index(\$0,prefix)) {
if (match(\$0,prefix)) {
triggered=1
}
if (triggered) {
if (index(\$0,suffix)) {
if (match(\$0,suffix)) {
triggered=0
}
} else {

View file

@ -1,13 +1,10 @@
cdist-type__block(7)
====================
Manage blocks of text in files
Steven Armstrong <steven-cdist--@--armstrong.cc>
NAME
----
cdist-type__block - Manage blocks of text in files
DESCRIPTION
-----------
Manage a block of text in an existing file.
@ -18,43 +15,44 @@ of text.
REQUIRED PARAMETERS
-------------------
text::
text
the text to manage.
If text is '-' (dash), take what was written to stdin as the text.
OPTIONAL PARAMETERS
-------------------
file::
file
the file in which to manage the text block.
Defaults to object_id.
prefix::
prefix
the prefix to add before the text.
Defaults to #cdist:__block/$__object_id
suffix::
the prefix to add after the text.
suffix
the suffix to add after the text.
Defaults to #/cdist:__block/$__object_id
state::
state
'present' or 'absent', defaults to 'present'
MESSAGES
--------
add::
add
block was added
update::
update
block was updated/changed
remove::
remove
block was removed
EXAMPLES
--------
--------------------------------------------------------------------------------
.. code-block:: sh
# text from argument
__block /path/to/file \
--prefix '#start' \
@ -68,12 +66,11 @@ __block some-id \
here some block
of text
DONE
--------------------------------------------------------------------------------
SEE ALSO
--------
- cdist-type(7)
- `cdist-type(7) <cdist-type.html>`_
COPYING

View file

@ -31,6 +31,6 @@ echo "$prefix" > "$block"
if [ "$text" = "-" ]; then
cat "$__object/stdin" >> "$block"
else
cat "$text" >> "$block"
echo "$text" >> "$block"
fi
echo "$suffix" >> "$block"

View file

@ -25,7 +25,7 @@ destination="/$__object_id"
os=$("$__explorer/os")
case "$os" in
"freebsd")
"freebsd"|"netbsd"|"openbsd")
# FIXME: should be something like this based on man page, but can not test
stat -f "type: %ST
owner: %Du %Su
@ -33,6 +33,15 @@ group: %Dg %Sg
mode: %Op %Sp
size: %Dz
links: %Dl
" "$destination"
;;
"macosx")
stat -f "type: %HT
owner: %Du %Su
group: %Dg %Sg
mode: %Lp %Sp
size: %Dz
links: %Dl
" "$destination"
;;
*)

View file

@ -1,59 +1,58 @@
cdist-type__ccollect_source(7)
==============================
Manage ccollect sources
Nico Schottelius <nico-cdist--@--schottelius.org>
NAME
----
cdist-type__ccollect_source - Manage ccollect sources
DESCRIPTION
-----------
This cdist type allows you to create or delete ccollect sources.
REQUIRED PARAMETERS
-------------------
source::
source
The source from which to backup
destination::
destination
The destination directory
OPTIONAL PARAMETERS
-------------------
state::
state
'present' or 'absent', defaults to 'present'
ccollectconf::
ccollectconf
The CCOLLECT_CONF directory. Defaults to /etc/ccollect.
OPTIONAL MULTIPLE PARAMETERS
----------------------------
exclude::
exclude
Paths to exclude of backup
BOOLEAN PARAMETERS
------------------
verbose::
verbose
Whether to report backup verbosely
EXAMPLES
--------
--------------------------------------------------------------------------------
.. code-block:: sh
__ccollect_source doc.ungleich.ch \
--source doc.ungleich.ch:/ \
--destination /backup/doc.ungleich.ch \
--exclude '/proc/*' --exclude '/sys/*' \
--verbose
--------------------------------------------------------------------------------
SEE ALSO
--------
- cdist-type(7)
- `cdist-type(7) <cdist-type.html>`_
- ccollect(1)
- http://www.nico.schottelius.org/software/ccollect/

View file

@ -1,13 +1,10 @@
cdist-type__cdist(7)
====================
Manage cdist installations
Nico Schottelius <nico-cdist--@--schottelius.org>
NAME
----
cdist-type__cdist - Manage cdist installations
DESCRIPTION
-----------
This cdist type allows you to easily setup cdist
@ -26,16 +23,16 @@ REQUIRED PARAMETERS
OPTIONAL PARAMETERS
-------------------
username::
username
Select the user to create for the cdist installation.
Defaults to "cdist".
source::
source
Select the source from which to clone cdist from.
Defaults to "git://github.com/telmich/cdist.git".
branch::
branch
Select the branch to checkout from.
Defaults to "master".
@ -43,18 +40,18 @@ branch::
EXAMPLES
--------
--------------------------------------------------------------------------------
.. code-block:: sh
# Install cdist for user cdist in her home as subfolder cdist
__cdist /home/cdist/cdist
# Use alternative source
__cdist --source "git://git.schottelius.org/cdist" /home/cdist/cdist
--------------------------------------------------------------------------------
SEE ALSO
--------
- cdist-type(7)
- `cdist-type(7) <cdist-type.html>`_
COPYING

View file

@ -19,19 +19,11 @@
#
# The marker file is established in the docs, but it isn't obligatory.
if [ -f "$__object/parameter/destination" ]; then
destination="$(cat "$__object/parameter/destination")"
else
destination='/etc/cdist-configured'
fi
# The basic output of date is usually good enough, but variety is the
# spice of life...
if [ -f "$__object/parameter/format" ]; then
format="$(cat "$__object/parameter/format")"
else
format='-u'
fi
# Dump the timestamp in UTC to the marker
echo "date $format > $destination"

View file

@ -1,13 +1,10 @@
cdist-type__cdistmarker(7)
==========================
Add a timestamped cdist marker.
Daniel Maher <phrawzty+cdist--@--gmail.com>
NAME
----
cdist-type__cdistmarker - Add a timestamped cdist marker.
DESCRIPTION
-----------
This type is used to add a common marker file which indicates that a given
@ -23,11 +20,11 @@ None.
OPTIONAL PARAMETERS
-------------------
destination::
destination
The path and filename of the marker.
Default: /etc/cdist-configured
format::
format
The format of the timestamp. This is passed directly to system 'date'.
Default: -u
@ -35,18 +32,18 @@ format::
EXAMPLES
--------
--------------------------------------------------------------------------------
.. code-block:: sh
# Creates the marker as normal.
__cdistmarker
# Creates the marker differently.
__cdistmarker --file /tmp/cdist_marker --format '+%s'
--------------------------------------------------------------------------------
__cdistmarker --destination /tmp/cdist_marker --format '+%s'
SEE ALSO
--------
- cdist-type(7)
- `cdist-type(7) <cdisty-type.html>`_
COPYING

View file

@ -0,0 +1 @@
/etc/cdist-configured

View file

@ -0,0 +1 @@
-u

View file

@ -0,0 +1,34 @@
#!/bin/sh
#
# 2015 Steven Armstrong (steven-cdist at armstrong.cc)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
destination="$__object_id"
state="$(cat "$__object/parameter/state")"
if [ "$state" = "absent" ]; then
# nothing to do
exit 0
fi
if [ -f "$__object/parameter/onchange" ]; then
if grep -q "^__file/${destination}" "$__messages_in"; then
cat "$__object/parameter/onchange"
fi
fi

View file

@ -0,0 +1,57 @@
cdist-type__config_file(7)
==========================
Manages config files
Steven Armstrong <steven-cdist--@--armstrong.cc>
DESCRIPTION
-----------
Deploy config files using the file type.
Run the given code if the files changes.
REQUIRED PARAMETERS
-------------------
None.
OPTIONAL PARAMETERS
-------------------
group
see cdist-type__file
mode
see cdist-type__file
onchange
the code to run if the file changes
owner
see cdist-type__file
source
Path to the config file.
If source is '-' (dash), take what was written to stdin as the config file content.
state
see cdist-type__file
EXAMPLES
--------
.. code-block:: sh
__config_file /etc/consul/conf.d/watch_foo.json \
--owner root --group consul --mode 640 \
--source "$__type/files/watch_foo.json" \
--state present \
--onchange 'service consul status >/dev/null && service consul reload || true'
SEE ALSO
--------
- `cdist-type(7) <cdist-type.html>`_
- `cdist-type__file(7) <cdist-type__file.html>`_
COPYING
-------
Copyright \(C) 2015 Steven Armstrong. Free use of this software is
granted under the terms of the GNU General Public License version 3 (GPLv3).

View file

@ -0,0 +1,41 @@
#!/bin/sh
#
# 2015 Steven Armstrong (steven-cdist at armstrong.cc)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
set -- "/${__object_id}"
for param in $(ls "$__object/parameter/"); do
case "$param" in
source)
source="$(cat "$__object/parameter/source")"
if [ "$source" = "-" ]; then
source="$__object/stdin"
fi
set -- "$@" --source "$source"
;;
owner|group|mode|state)
set -- "$@" "--${param}" "$(cat "$__object/parameter/$param")"
;;
*)
# ignore unknown parameters
:
;;
esac
done
__file "$@"

View file

@ -0,0 +1 @@
present

View file

@ -0,0 +1,6 @@
group
mode
onchange
owner
source
state

View file

@ -0,0 +1 @@
428915666 15738724 consul

View file

@ -0,0 +1 @@
https://dl.bintray.com/mitchellh/consul/0.4.1_linux_amd64.zip

View file

@ -0,0 +1 @@
131560372 17734417 consul

View file

@ -0,0 +1 @@
https://dl.bintray.com/mitchellh/consul/0.5.0_linux_amd64.zip

View file

@ -0,0 +1 @@
2564582176 18232733 consul

View file

@ -0,0 +1 @@
https://dl.bintray.com/mitchellh/consul/0.5.1_linux_amd64.zip

View file

@ -0,0 +1 @@
2207534901 18245010 consul

View file

@ -0,0 +1 @@
https://releases.hashicorp.com/consul/0.5.2/consul_0.5.2_linux_amd64.zip

View file

@ -0,0 +1 @@
688442448 19798264 consul

View file

@ -0,0 +1 @@
https://releases.hashicorp.com/consul/0.6.0/consul_0.6.0_linux_amd64.zip

View file

@ -0,0 +1 @@
3100584780 20416856 consul

View file

@ -0,0 +1 @@
https://releases.hashicorp.com/consul/0.6.1/consul_0.6.1_linux_amd64.zip

View file

@ -0,0 +1 @@
2124180907 20416920 consul

View file

@ -0,0 +1 @@
https://releases.hashicorp.com/consul/0.6.2/consul_0.6.2_linux_amd64.zip

View file

@ -0,0 +1 @@
1832669072 20417720 consul

View file

@ -0,0 +1 @@
https://releases.hashicorp.com/consul/0.6.3/consul_0.6.3_linux_amd64.zip

View file

@ -0,0 +1 @@
3832641574 23002736 consul

View file

@ -0,0 +1 @@
https://releases.hashicorp.com/consul/0.6.4/consul_0.6.4_linux_amd64.zip

View file

@ -0,0 +1,51 @@
cdist-type__consul(7)
=====================
Install consul
Steven Armstrong <steven-cdist--@--armstrong.cc>
DESCRIPTION
-----------
Downloads and installs the consul binary from https://dl.bintray.com/mitchellh/consul.
Note that the consul binary is downloaded on the server (the machine running
cdist) and then deployed to the target host using the __file type.
REQUIRED PARAMETERS
-------------------
None.
OPTIONAL PARAMETERS
-------------------
state
either 'present' or 'absent'. Defaults to 'present'
version
which version of consul to install. See ./files/versions for a list of
supported versions. Defaults to the latest known version.
EXAMPLES
--------
.. code-block:: sh
# just install using defaults
__consul
# specific version
__consul \
--version 0.4.1
SEE ALSO
--------
- `cdist-type(7) <cdist-type.html>`_
COPYING
-------
Copyright \(C) 2015 Steven Armstrong. Free use of this software is
granted under the terms of the GNU General Public License version 3 (GPLv3).

View file

@ -0,0 +1,55 @@
#!/bin/sh
#
# 2015 Steven Armstrong (steven-cdist at armstrong.cc)
# 2016 Nico Schottelius (nico-cdist at schottelius.org)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
os=$(cat "$__global/explorer/os")
case "$os" in
centos|redhat|ubuntu|debian|archlinux|gentoo)
# any linux should work
:
;;
*)
echo "Your operating system ($os) is currently not supported by this type (${__type##*/})." >&2
echo "Please contribute an implementation for it if you can." >&2
exit 1
;;
esac
versions_dir="$__type/files/versions"
version="$(cat "$__object/parameter/version")"
version_dir="$versions_dir/$version"
if [ ! -d "$version_dir" ]; then
echo "Unknown consul version '$version'. Expected one of:" >&2
ls "$versions_dir" >&2
exit 1
fi
__staged_file /usr/local/bin/consul \
--source "$(cat "$version_dir/source")" \
--cksum "$(cat "$version_dir/cksum")" \
--fetch-command 'curl -s -L "%s"' \
--prepare-command 'unzip -p "%s"' \
--state "$(cat "$__object/parameter/state")" \
--group root \
--owner root \
--mode 755

View file

@ -0,0 +1 @@
present

View file

@ -0,0 +1 @@
0.6.4

View file

@ -0,0 +1,2 @@
state
version

View file

@ -0,0 +1,9 @@
start on starting consul
task
script
mkdir -p /var/run/consul
chown consul:consul /var/run/consul
chmod 2770 /var/run/consul
end script

View file

@ -0,0 +1,22 @@
[Unit]
Description=Consul Agent
Wants=basic.target
After=basic.target network.target
[Service]
User=consul
Group=consul
Environment="GOMAXPROCS=2"
# Run ExecStartPre with root-permissions
PermissionsStartOnly=true
ExecStartPre=/usr/bin/mkdir -p /var/run/consul
ExecStartPre=/usr/bin/chown consul:consul /var/run/consul
ExecStartPre=/usr/bin/chmod 2770 /var/run/consul
ExecStart=/usr/local/bin/consul agent -config-dir /etc/consul/conf.d
ExecReload=/bin/kill -HUP $MAINPID
KillMode=process
Restart=on-failure
RestartSec=42s
[Install]
WantedBy=multi-user.target

View file

@ -0,0 +1,81 @@
#!/bin/sh
#
# 2015 Nico Schottelius (nico-cdist at schottelius.org)
# 2015 Steven Armstrong (steven-cdist at armstrong.cc)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
if [ -f "/etc/default/consul" ]; then
. /etc/default/consul
fi
. /lib/lsb/init-functions
NAME=consul
CONSUL=/usr/local/bin/consul
CONFIG=/etc/$NAME/conf.d
PID_FILE=/var/run/$NAME/pidfile
mkdir -p /var/run/$NAME
chown consul:consul /var/run/$NAME
chmod 2770 /var/run/$NAME
export PATH="${PATH:+$PATH:}/usr/sbin:/sbin"
case "$1" in
start)
log_daemon_msg "Starting consul agent" "consul" || true
if start-stop-daemon --start --quiet --oknodo \
--pidfile "$PID_FILE" --background \
--exec $CONSUL -- agent -pid-file="$PID_FILE" -config-dir "$CONFIG"; then
log_end_msg 0 || true
else
log_end_msg 1 || true
fi
;;
stop)
log_daemon_msg "Stopping consul agent" "consul" || true
if start-stop-daemon --stop --quiet --oknodo --pidfile $PID_FILE; then
log_end_msg 0 || true
else
log_end_msg 1 || true
fi
;;
reload)
log_daemon_msg "Reloading consul agent" "consul" || true
if start-stop-daemon --stop --signal HUP --quiet --oknodo --pidfile $PID_FILE --exec $CONSUL; then
log_end_msg 0 || true
else
log_end_msg 1 || true
fi
;;
restart)
$0 stop && $0 start
;;
status)
status_of_proc -p $PID_FILE $CONSUL consul && exit 0 || exit $?
;;
*)
log_action_msg "Usage: /etc/init.d/consul {start|stop|reload|restart|status}"
exit 1
;;
esac

View file

@ -0,0 +1,95 @@
#!/bin/bash
#
# /etc/rc.d/init.d/consul
#
# Daemonize the consul agent.
#
# chkconfig: 2345 95 95
# description: Service discovery and configuration made easy. \
# Distributed, highly available, and datacenter-aware.
# processname: consul
# pidfile: /var/run/consul/pidfile
# Source function library.
. /etc/init.d/functions
NAME=consul
CONSUL=/usr/local/bin/consul
CONFIG=/etc/$NAME/conf.d
PID_FILE=/var/run/$NAME/pidfile
LOG_FILE=/var/log/$NAME
[ -e /etc/sysconfig/$NAME ] && . /etc/sysconfig/$NAME
export GOMAXPROCS=${GOMAXPROCS:-2}
mkdir -p /var/run/$NAME
chown consul:consul /var/run/$NAME
chmod 2770 /var/run/$NAME
start() {
echo -n "Starting $NAME: "
daemon --user=consul \
--pidfile="$PID_FILE" \
"$CONSUL" agent -pid-file="$PID_FILE" -config-dir "$CONFIG" >> "$LOG_FILE" &
retcode=$?
touch /var/lock/subsys/$NAME
return $retcode
}
stop() {
echo -n "Shutting down $NAME: "
killproc -p "$PID_FILE" $NAME
retcode=$?
rm -f /var/lock/subsys/$NAME
return $retcode
}
case "$1" in
start)
if $(status -p "$PID_FILE" $NAME >/dev/null); then
echo "$NAME already running"
else
start
fi
;;
stop)
if $(status -p "$PID_FILE" $NAME >/dev/null); then
stop
else
echo "$NAME not running"
fi
;;
info)
"$CONSUL" info
;;
status)
status -p "$PID_FILE" $NAME
exit $?
;;
restart)
if $(status -p "$PID_FILE" $NAME >/dev/null); then
stop
fi
start
;;
reload)
if $(status -p "$PID_FILE" $NAME >/dev/null); then
kill -HUP `cat $PID_FILE`
else
echo "$NAME not running"
fi
;;
condrestart)
if [ -f /var/lock/subsys/$NAME ]; then
if $(status -p "$PID_FILE" $NAME >/dev/null); then
stop
fi
start
fi
;;
*)
echo "Usage: $NAME {start|stop|status|reload|restart|condrestart|info}"
exit 1
;;
esac
exit $?

View file

@ -0,0 +1,13 @@
description "Consul Agent"
start on (local-filesystems and net-device-up IFACE!=lo)
stop on runlevel [06]
setuid consul
setgid consul
respawn
respawn limit 10 10
kill timeout 10
exec /usr/local/bin/consul agent -config-dir /etc/consul/conf.d

View file

@ -0,0 +1,31 @@
#!/bin/sh
#
# 2015 Steven Armstrong (steven-cdist at armstrong.cc)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
service="consul"
state="$(cat "$__object/parameter/state")"
case "$state" in
present)
:
;;
absent)
echo "service $service stop || true"
;;
esac

View file

@ -0,0 +1,174 @@
cdist-type__consul_agent(7)
===========================
Manage the consul agent
Steven Armstrong <steven-cdist--@--armstrong.cc>
DESCRIPTION
-----------
Configure and manage the consul agent.
REQUIRED PARAMETERS
-------------------
None.
OPTIONAL PARAMETERS
-------------------
acl-datacenter
only used by servers. This designates the datacenter which is authoritative
for ACL information.
acl-default-policy
either "allow" or "deny"; defaults to "allow". The default policy controls the
behavior of a token when there is no matching rule.
acl-down-policy
either "allow", "deny" or "extend-cache"; "extend-cache" is the default.
acl-master-token
only used for servers in the acl_datacenter. This token will be created with
management-level permissions if it does not exist. It allows operators to
bootstrap the ACL system with a token ID that is well-known.
acl-token
when provided, the agent will use this token when making requests to the
Consul servers.
acl-ttl
used to control Time-To-Live caching of ACLs.
bind-addr
sets the bind address for cluster communication
bootstrap-expect
sets server to expect bootstrap mode
ca-file-source
path to a PEM encoded certificate authority file which will be uploaded and
configure using the ca_file config option.
cert-file-source
path to a PEM encoded certificate file which will be uploaded and
configure using the cert_file config option.
client-addr
sets the address to bind for client access
datacenter
datacenter of the agent
encrypt
provides the gossip encryption key
group
the primary group for the agent
json-config
path to a partial json config file without leading { and trailing }.
If json-config is '-' (dash), take what was written to stdin as the file content.
key-file-source
path to a PEM encoded private key file which will be uploaded and
configure using the key_file config option.
node-name
name of this node. Must be unique in the cluster
retry-join
address to attempt joining every retry_interval until at least one join works.
Can be specified multiple times.
user
the user to run the agent as
state
if the agent is 'present' or 'absent'. Defaults to 'present'.
Currently state=absent is not working due to some dependency issues.
BOOLEAN PARAMETERS
------------------
disable-remote-exec
disables support for remote execution. When set to true, the agent will ignore any incoming remote exec requests.
disable-update-check
disables automatic checking for security bulletins and new version releases
leave-on-terminate
gracefully leave cluster on SIGTERM
rejoin-after-leave
rejoin the cluster using the previous state after leaving
server
used to control if an agent is in server or client mode
syslog
enables logging to syslog
verify-incoming
enforce the use of TLS and verify a client's authenticity on incomming connections
verify-outgoing
enforce the use of TLS and verify the peers authenticity on outgoing connections
EXAMPLES
--------
.. code-block:: sh
# configure as server, bootstrap and rejoin
hostname="$(cat "$__global/explorer/hostname")"
__consul_agent \
--datacenter dc1 \
--node-name "${hostname%%.*}" \
--disable-update-check \
--server \
--rejoin-after-leave \
--bootstrap-expect 3 \
--retry-join consul-01 \
--retry-join consul-02 \
--retry-join consul-03
# configure as server, bootstrap and rejoin with ssl support
hostname="$(cat "$__global/explorer/hostname")"
__consul_agent \
--datacenter dc1 \
--node-name "${hostname%%.*}" \
--disable-update-check \
--server \
--rejoin-after-leave \
--bootstrap-expect 3 \
--retry-join consul-01 \
--retry-join consul-02 \
--retry-join consul-03 \
--ca-file-source /path/to/ca.pem \
--cert-file-source /path/to/cert.pem \
--key-file-source /path/to/key.pem \
--verify-incoming \
--verify-outgoing
# configure as client and try joining existing cluster
__consul_agent \
--datacenter dc1 \
--node-name "${hostname%%.*}" \
--disable-update-check \
--retry-join consul-01 \
--retry-join consul-02 \
--retry-join consul-03
SEE ALSO
--------
- `cdist-type(7) <cdist-type.html>`_
- http://www.consul.io/docs/agent/options.html
COPYING
-------
Copyright \(C) 2015 Steven Armstrong. Free use of this software is
granted under the terms of the GNU General Public License version 3 (GPLv3).

View file

@ -0,0 +1,221 @@
#!/bin/sh
#
# 2015 Steven Armstrong (steven-cdist at armstrong.cc)
# 2015 Nico Schottelius (nico-cdist at schottelius.org)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
os=$(cat "$__global/explorer/os")
case "$os" in
centos|debian|redhat|ubuntu)
# whitelist safeguard
:
;;
*)
echo "Your operating system ($os) is currently not supported by this type (${__type##*/})." >&2
echo "Please contribute an implementation for it if you can." >&2
exit 1
;;
esac
state="$(cat "$__object/parameter/state")"
user="$(cat "$__object/parameter/user")"
group="$(cat "$__object/parameter/group")"
data_dir="/var/lib/consul"
conf_dir="/etc/consul/conf.d"
conf_file="config.json"
# FIXME: there has got to be a better way to handle the dependencies in this case
case "$state" in
present)
__group "$group" --system --state "$state"
require="__group/$group" \
__user "$user" --system --gid "$group" \
--home "$data_dir" --state "$state"
export require="__user/consul"
;;
absent)
echo "Sorry, state=absent currently not supported :-(" >&2
exit 1
require="$__object_name" \
__user "$user" --system --gid "$group" --state "$state"
require="__user/$user" \
__group "$group" --system --state "$state"
;;
esac
__directory /etc/consul \
--owner root --group "$group" --mode 750 --state "$state"
require="__directory/etc/consul" \
__directory "$conf_dir" \
--owner root --group "$group" --mode 750 --state "$state"
if [ -f "$__object/parameter/ca-file-source" -o -f "$__object/parameter/cert-file-source" -o -f "$__object/parameter/key-file-source" ]; then
# create directory for ssl certs
require="__directory/etc/consul" \
__directory /etc/consul/ssl \
--owner root --group "$group" --mode 750 --state "$state"
fi
__directory "$data_dir" \
--owner "$user" --group "$group" --mode 770 --state "$state"
# Generate json config file
(
echo "{"
# parameters we define ourself
printf ' "data_dir": "%s"\n' "$data_dir"
for param in $(ls "$__object/parameter/"); do
case "$param" in
state|user|group|json-config) continue ;;
ca-file-source|cert-file-source|key-file-source)
source="$(cat "$__object/parameter/$param")"
destination="/etc/consul/ssl/${source##*/}"
require="__directory/etc/consul/ssl" \
__file "$destination" \
--owner root --group consul --mode 640 \
--source "$source" \
--state "$state"
key="$(echo "${param%-*}" | tr '-' '_')"
printf ' ,"%s": "%s"\n' "$key" "$destination"
;;
disable-remote-exec|disable-update-check|leave-on-terminate|rejoin-after-leave|server|syslog|verify-incoming|verify-outgoing)
# handle boolean parameters
key="$(echo "$param" | tr '-' '_')"
printf ' ,"%s": true\n' "$key"
;;
retry-join)
# join multiple parameters into json array
retry_join="$(awk '{printf "\""$1"\","}' "$__object/parameter/retry-join")"
# remove trailing ,
printf ' ,"retry_join": [%s]\n' "${retry_join%*,}"
;;
retry-join-wan)
# join multiple parameters into json array over wan
retry_join_wan="$(awk '{printf "\""$1"\","}' "$__object/parameter/retry-join-wan")"
# remove trailing ,
printf ' ,"retry_join_wan": [%s]\n' "${retry_join_wan%*,}"
;;
bootstrap-expect)
# integer key=value parameters
key="$(echo "$param" | tr '-' '_')"
printf ' ,"%s": %s\n' "$key" "$(cat "$__object/parameter/$param")"
;;
*)
# string key=value parameters
key="$(echo "$param" | tr '-' '_')"
printf ' ,"%s": "%s"\n' "$key" "$(cat "$__object/parameter/$param")"
;;
esac
done
if [ -f "$__object/parameter/json-config" ]; then
json_config="$(cat "$__object/parameter/json-config")"
if [ "$json_config" = "-" ]; then
json_config="$__object/stdin"
fi
# remove leading and trailing whitespace and commas from first and last line
# indent each line with 3 spaces for consistency
json=$(sed -e 's/^[ \t]*/ /' -e '1s/^[ \t,]*//' -e '$s/[ \t,]*$//' "$json_config")
printf ' ,%s\n' "$json"
fi
echo "}"
) | \
require="__directory${conf_dir}" \
__config_file "${conf_dir}/${conf_file}" \
--owner root --group "$group" --mode 640 \
--state "$state" \
--onchange 'service consul status >/dev/null && service consul reload || true' \
--source -
init_sysvinit()
{
__file /etc/init.d/consul \
--owner root --group root --mode 0755 \
--state "$state" \
--source "$__type/files/consul.sysv-$1"
require="__file/etc/init.d/consul" __start_on_boot consul
}
init_systemd()
{
__file /lib/systemd/system/consul.service \
--owner root --group root --mode 0644 \
--state "$state" \
--source "$__type/files/consul.systemd"
require="__file/lib/systemd/system/consul.service" __start_on_boot consul
}
init_upstart()
{
__file /etc/init/consul-prepare.conf \
--owner root --group root --mode 0644 \
--state "$state" \
--source "$__type/files/consul-prepare.upstart"
require="__file/etc/init/consul-prepare.conf" \
__file /etc/init/consul.conf \
--owner root --group root --mode 0644 \
--state "$state" \
--source "$__type/files/consul.upstart"
require="__file/etc/init/consul.conf" __start_on_boot consul
}
# Install init script to start on boot
case "$os" in
centos|redhat)
os_version="$(sed 's/[^0-9.]//g' "$__global/explorer/os_version")"
major_version="${os_version%%.*}"
case "$major_version" in
[456])
init_sysvinit redhat
;;
7)
init_systemd
;;
*)
echo "Unsupported CentOS/Redhat version: $os_version" >&2
exit 1
;;
esac
;;
debian)
os_version=$(cat "$__global/explorer/os_version")
major_version="${os_version%%.*}"
case "$major_version" in
[567])
init_sysvinit debian
;;
8)
init_systemd
;;
*)
echo "Unsupported Debian version $os_version" >&2
exit 1
;;
esac
;;
ubuntu)
init_upstart
;;
esac

View file

@ -0,0 +1,8 @@
disable-remote-exec
disable-update-check
leave-on-terminate
rejoin-after-leave
server
syslog
verify-incoming
verify-outgoing

View file

@ -0,0 +1 @@
consul

View file

@ -0,0 +1 @@
present

View file

@ -0,0 +1 @@
consul

View file

@ -0,0 +1,20 @@
acl-datacenter
acl-default-policy
acl-down-policy
acl-master-token
acl-token
acl-ttl
bind-addr
bootstrap-expect
ca-file-source
cert-file-source
client-addr
datacenter
encrypt
group
json-config
key-file-source
node-name
user
state
advertise-wan

View file

@ -0,0 +1,2 @@
retry-join
retry-join-wan

View file

@ -0,0 +1,71 @@
cdist-type__consul_check(7)
=============================
Manages consul checks
Steven Armstrong <steven-cdist--@--armstrong.cc>
DESCRIPTION
-----------
Generate and deploy check definitions for a consul agent.
See http://www.consul.io/docs/agent/checks.html for parameter documentation.
Use either script toghether with interval, or use ttl.
REQUIRED PARAMETERS
-------------------
None.
OPTIONAL PARAMETERS
-------------------
interval
the interval in which the script given with --script should be run
script
the shell command to run every --interval
ttl
how long a check is considered healthy without being updated through the
HTTP interfave
id
Defaults to --name
name
The name of this check. Defaults to __object_id
notes
human readable description
state
if this check is 'present' or 'absent'. Defaults to 'present'.
EXAMPLES
--------
.. code-block:: sh
__consul_check redis \
--script /usr/local/bin/check_redis.py \
--interval 10s
__consul_check some-object-id \
--id web-app \
--name "Web App Status" \
--notes "Web app does a curl internally every 10 seconds" \
--ttl 30s
SEE ALSO
--------
- `cdist-type(7) <cdist-type.html>`_
- `cdist-type__consul_agent(7) <cdist-type__consul_agent.html>`_
COPYING
-------
Copyright \(C) 2015 Steven Armstrong. Free use of this software is
granted under the terms of the GNU General Public License version 3 (GPLv3).

View file

@ -0,0 +1,64 @@
#!/bin/sh
#
# 2015 Steven Armstrong (steven-cdist at armstrong.cc)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
name="$(cat "$__object/parameter/name" 2>/dev/null || echo "$__object_id")"
conf_dir="/etc/consul/conf.d"
conf_file="check_${name}.json"
state="$(cat "$__object/parameter/state")"
# Sanity checks
if [ -f "$__object/parameter/script" -a -f "$__object/parameter/ttl" ]; then
echo "Use either --script together with --interval OR --ttl, but not both" >&2
exit 1
fi
if [ -f "$__object/parameter/script" -a ! -f "$__object/parameter/interval" ]; then
echo "When using --script you must also define --interval" >&2
exit 1
fi
# Generate json config file
(
echo "{"
printf ' "check": {\n'
printf ' "name": "%s"\n' "$name"
for param in $(ls "$__object/parameter/"); do
case "$param" in
state|name|interval) continue ;;
script)
printf ' ,"script": "%s"\n' "$(cat "$__object/parameter/script")"
printf ' ,"interval": "%s"\n' "$(cat "$__object/parameter/interval")"
;;
*)
key="$(echo "$param" | tr '-' '_')"
printf ' ,"%s": "%s"\n' "$key" "$(cat "$__object/parameter/$param")"
;;
esac
done
# end check
echo " }"
# end json file
echo "}"
) | \
require="__directory${conf_dir}" \
__config_file "${conf_dir}/${conf_file}" \
--owner root --group consul --mode 640 \
--state "$state" \
--onchange 'service consul status >/dev/null && service consul reload || true' \
--source -

View file

@ -0,0 +1 @@
present

View file

@ -0,0 +1,7 @@
id
interval
name
notes
script
state
ttl

View file

@ -0,0 +1,24 @@
#!/bin/sh
#
# 2015 Steven Armstrong (steven-cdist at armstrong.cc)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
service="consul"
if grep -q "^__file/etc/consul/conf.d/" "$__messages_in"; then
echo "service $service status && service $service reload || true"
fi

View file

@ -0,0 +1,39 @@
cdist-type__consul_reload(7)
============================
Reload consul
Steven Armstrong <steven-cdist--@--armstrong.cc>
DESCRIPTION
-----------
Reload consul after configuration changes.
REQUIRED PARAMETERS
-------------------
None.
OPTIONAL PARAMETERS
-------------------
None.
EXAMPLES
--------
.. code-block:: sh
__consul_reload
SEE ALSO
--------
- `cdist-type(7) <cdist-type.html>`_
COPYING
-------
Copyright \(C) 2015 Steven Armstrong. Free use of this software is
granted under the terms of the GNU General Public License version 3 (GPLv3).

View file

@ -0,0 +1,75 @@
cdist-type__consul_service(7)
=============================
Manages consul services
Steven Armstrong <steven-cdist--@--armstrong.cc>
DESCRIPTION
-----------
Generate and deploy service definitions for a consul agent.
See http://www.consul.io/docs/agent/services.html for parameter documentation.
Use either script together with interval, or use ttl.
REQUIRED PARAMETERS
-------------------
None.
OPTIONAL PARAMETERS
-------------------
check-interval
the interval in which the script given with --check-script should be run
check-script
the shell command to run every --check-interval
check-ttl
how long a service is considered healthy without being updated through the
HTTP interfave
id
Defaults to --name
name
The name of this service. Defaults to __object_id
port
the port at which this service can be reached
state
if this service is 'present' or 'absent'. Defaults to 'present'.
tag
a tag to add to this service. Can be specified multiple times.
EXAMPLES
--------
.. code-block:: sh
__consul_service redis \
--tag master \
--tag production \
--port 8000 \
--check-script /usr/local/bin/check_redis.py \
--check-interval 10s
__consul_service webapp \
--port 80 \
--check-ttl 10s
SEE ALSO
--------
- `cdist-type(7) <cdist-type.html>`_
- `cdist-type__consul_agent(7) <cdist-type__consul_agent.html>`_
COPYING
-------
Copyright \(C) 2015 Steven Armstrong. Free use of this software is
granted under the terms of the GNU General Public License version 3 (GPLv3).

View file

@ -0,0 +1,83 @@
#!/bin/sh
#
# 2015 Steven Armstrong (steven-cdist at armstrong.cc)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
name="$(cat "$__object/parameter/name" 2>/dev/null || echo "$__object_id")"
conf_dir="/etc/consul/conf.d"
conf_file="service_${name}.json"
state="$(cat "$__object/parameter/state")"
# Sanity checks
if [ -f "$__object/parameter/check-script" -a -f "$__object/parameter/check-ttl" ]; then
echo "Use either --check-script together with --check-interval OR --check-ttl, but not both" >&2
exit 1
fi
if [ -f "$__object/parameter/check-script" -a ! -f "$__object/parameter/check-interval" ]; then
echo "When using --check-script you must also define --check-interval" >&2
exit 1
fi
# Generate json config file
(
echo "{"
printf ' "service": {\n'
printf ' "name": "%s"\n' "$name"
for param in $(ls "$__object/parameter/"); do
case "$param" in
state|name|check-interval) continue ;;
check-script)
printf ' ,"check": {\n'
printf ' "script": "%s"\n' "$(cat "$__object/parameter/check-script")"
printf ' ,"interval": "%s"\n' "$(cat "$__object/parameter/check-interval")"
printf ' }\n'
;;
check-ttl)
printf ' ,"check": {\n'
printf ' "ttl": "%s"\n' "$(cat "$__object/parameter/check-ttl")"
printf ' }\n'
;;
tag)
# create json array from newline delimited file
tags="$(awk '{printf "\""$1"\","}' "$__object/parameter/tag")"
# remove trailing ,
printf ' ,"tags": [%s]\n' "${tags%*,}"
;;
port)
# integer key=value parameters
key="$(echo "$param" | tr '-' '_')"
printf ' ,"%s": %s\n' "$key" "$(cat "$__object/parameter/$param")"
;;
*)
# string key=value parameters
key="$(echo "$param" | tr '-' '_')"
printf ' ,"%s": "%s"\n' "$key" "$(cat "$__object/parameter/$param")"
;;
esac
done
# end service
echo " }"
# end json file
echo "}"
) | \
require="__directory${conf_dir}" \
__config_file "${conf_dir}/${conf_file}" \
--owner root --group consul --mode 640 \
--state "$state" \
--onchange 'service consul status >/dev/null && service consul reload || true' \
--source -

View file

@ -0,0 +1 @@
present

View file

@ -0,0 +1,7 @@
check-interval
check-script
check-ttl
id
name
port
state

View file

@ -0,0 +1 @@
tag

View file

@ -0,0 +1,19 @@
[Unit]
Description=Consul-Template Daemon
Wants=basic.target
After=basic.target network.target
[Service]
User=root
Group=root
Environment="CONSUL_TEMPLATE_LOG=info"
Environment="GOMAXPROCS=2"
ExecStart=/usr/local/bin/consul-template -config /etc/consul-template/conf.d
ExecReload=/bin/kill -HUP $MAINPID
KillMode=process
Restart=on-failure
RestartSec=10s
LimitNOFILE=4096
[Install]
WantedBy=multi-user.target

View file

@ -0,0 +1,89 @@
#!/bin/bash
#
# /etc/rc.d/init.d/consul-template
#
# Daemonize the consul-template agent.
#
# chkconfig: 2345 95 95
# description: Generic template rendering and notifications with Consul
# processname: consul-template
# pidfile: /var/run/consul-template/pidfile
# Source function library.
. /etc/init.d/functions
NAME=consul-template
CONSUL_TEMPLATE=/usr/local/bin/consul-template
CONFIG=/etc/$NAME/conf.d
PID_FILE=/var/run/$NAME/pidfile
LOG_FILE=/var/log/$NAME
[ -e /etc/sysconfig/$NAME ] && . /etc/sysconfig/$NAME
export CONSUL_TEMPLATE_LOG=${CONSUL_TEMPLATE_LOG:-info}
export GOMAXPROCS=${GOMAXPROCS:-2}
mkdir -p /var/run/$NAME
start() {
echo -n "Starting $NAME: "
daemon --pidfile="$PID_FILE" \
"$CONSUL_TEMPLATE" -config "$CONFIG" >> "$LOG_FILE" 2>&1 &
echo $! > "$PID_FILE"
retcode=$?
touch /var/lock/subsys/$NAME
return $retcode
}
stop() {
echo -n "Shutting down $NAME: "
killproc -p $PID_FILE $CONSUL_TEMPLATE
retcode=$?
rm -f /var/lock/subsys/$NAME
return $retcode
}
case "$1" in
start)
if $(status -p "$PID_FILE" $NAME >/dev/null); then
echo "$NAME already running"
else
start
fi
;;
stop)
if $(status -p "$PID_FILE" $NAME >/dev/null); then
stop
else
echo "$NAME not running"
fi
;;
status)
status -p "$PID_FILE" $NAME
exit $?
;;
restart)
if $(status -p "$PID_FILE" $NAME >/dev/null); then
stop
fi
start
;;
reload)
if $(status -p "$PID_FILE" $NAME >/dev/null); then
kill -HUP `cat $PID_FILE`
else
echo "$NAME not running"
fi
;;
condrestart)
if [ -f /var/lock/subsys/$NAME ]; then
if $(status -p "$PID_FILE" $NAME >/dev/null); then
stop
fi
start
fi
;;
*)
echo "Usage: $NAME {start|stop|status|reload|restart}"
exit 1
;;
esac
exit $?

View file

@ -0,0 +1,12 @@
description "Consul-Template Daemon"
start on (local-filesystems and net-device-up IFACE!=lo)
stop on runlevel [06]
env CONSUL_TEMPLATE_LOG=info
env GOMAXPROCS=${GOMAXPROCS}
exec /usr/local/bin/consul-template -config /etc/consul-template/conf.d >> /var/log/consul-template 2>&1
respawn
respawn limit 10 10
kill timeout 10

View file

@ -0,0 +1 @@
3401777891 9273880 consul-template

View file

@ -0,0 +1 @@
https://github.com/hashicorp/consul-template/releases/download/v0.10.0/consul-template_0.10.0_linux_amd64.tar.gz

View file

@ -0,0 +1,134 @@
cdist-type__consul_template(7)
==============================
Manage the consul-template service
Steven Armstrong <steven-cdist--@--armstrong.cc>
DESCRIPTION
-----------
Downloads and installs the consul-template binary from
https://github.com/hashicorp/consul-template/releases/download/.
Generates a global config file and creates directory for per template config files.
Note that the consul-template binary is downloaded on the server (the machine running
cdist) and then deployed to the target host using the __file type.
REQUIRED PARAMETERS
-------------------
None.
OPTIONAL PARAMETERS
-------------------
auth-username
specify a username for basic authentication.
auth-password
specify a password for basic authentication.
batch-size
the size of the batch when polling multiple dependencies.
consul
the location of the Consul instance to query (may be an IP address or FQDN) with port.
Defaults to 'localhost:8500'.
log-level
The log level for output. This applies to the stdout/stderr logging as well
as syslog logging (if enabled). Valid values are "debug", "info", "warn",
and "err". The default value is "warn".
max-stale
the maximum staleness of a query. If specified, Consul will distribute work among all
servers instead of just the leader.
retry
the amount of time to wait if Consul returns an error when communicating
with the API.
state
either 'present' or 'absent'. Defaults to 'present'
ssl-cert
Path to an SSL client certificate to use to authenticate to the consul server.
Useful if the consul server "verify_incoming" option is set.
ssl-ca-cert
Path to a CA certificate file, containing one or more CA certificates to
use to validate the certificate sent by the consul server to us. This is a
handy alternative to setting --ssl-no-verify if you are using your own CA.
syslog-facility
The facility to use when sending to syslog. This requires the use of --syslog.
The default value is LOCAL0.
token
the Consul API token.
vault-address
the location of the Vault instance to query (may be an IP address or FQDN) with port.
vault-token
the Vault API token.
vault-ssl-cert
Path to an SSL client certificate to use to authenticate to the vault server.
vault-ssl-ca-cert
Path to a CA certificate file, containing one or more CA certificates to
use to validate the certificate sent by the vault server to us.
version
which version of consul-template to install. See ./files/versions for a list of
supported versions. Defaults to the latest known version.
wait
the minimum(:maximum) to wait before rendering a new template to disk and
triggering a command, separated by a colon (:). If the optional maximum
value is omitted, it is assumed to be 4x the required minimum value.
BOOLEAN PARAMETERS
------------------
ssl
use HTTPS while talking to Consul. Requires the Consul server to be configured to serve secure connections.
ssl-no-verify
ignore certificate warnings. Only used if ssl is enabled.
syslog
Send log output to syslog (in addition to stdout and stderr).
vault-ssl
use HTTPS while talking to Vault. Requires the Vault server to be configured to serve secure connections.
vault-ssl-no-verify
ignore certificate warnings. Only used if vault is enabled.
EXAMPLES
--------
.. code-block:: sh
__consul_template \
--consul consul.service.consul:8500 \
--retry 30s
# specific version
__consul_template \
--version 0.6.5 \
--retry 30s
SEE ALSO
--------
- `cdist-type(7) <cdist-type.html>`_
- https://github.com/hashicorp/consul-template
COPYING
-------
Copyright \(C) 2015 Steven Armstrong. Free use of this software is
granted under the terms of the GNU General Public License version 3 (GPLv3).

View file

@ -0,0 +1,190 @@
#!/bin/sh
#
# 2015 Steven Armstrong (steven-cdist at armstrong.cc)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
os=$(cat "$__global/explorer/os")
case "$os" in
centos|redhat)
# whitelist safeguard
service_onchange='service consul-template status >/dev/null && service consul-template reload || true' \
;;
archlinux)
service_onchange="systemctl status consul-template >/dev/null && systemctl reload consul-template || true"
;;
*)
echo "Your operating system ($os) is currently not supported by this type (${__type##*/})." >&2
echo "Please contribute an implementation for it if you can." >&2
exit 1
;;
esac
versions_dir="$__type/files/versions"
version="$(cat "$__object/parameter/version")"
version_dir="$versions_dir/$version"
if [ ! -d "$version_dir" ]; then
echo "Unknown consul-template version '$version'. Expected one of:" >&2
ls "$versions_dir" >&2
exit 1
fi
state="$(cat "$__object/parameter/state")"
__staged_file /usr/local/bin/consul-template \
--source "$(cat "$version_dir/source")" \
--cksum "$(cat "$version_dir/cksum")" \
--fetch-command 'curl -s -L "%s"' \
--prepare-command 'tar -xzf "%s"; cat consul-template_*/consul-template' \
--state "$state" \
--group root \
--owner root \
--mode 755
conf_dir="/etc/consul-template/conf.d"
conf_file="config.hcl"
template_dir="/etc/consul-template/template"
__directory /etc/consul-template \
--owner root --group root --mode 750
require="__directory/etc/consul-template" \
__directory "$conf_dir" \
--owner root --group root --mode 750
require="__directory/etc/consul-template" \
__directory "$template_dir" \
--owner root --group root --mode 750
# Generate hcl config file
(
for param in $(ls "$__object/parameter/"); do
case "$param" in
auth-password|state|ssl-*|syslog-*|version|vault-token|vault-ssl*) continue ;;
auth-username)
printf 'auth {\n'
printf ' enabled = true\n'
printf ' username = "%s"\n' "$(cat "$__object/parameter/auth-username")"
if [ -f "$__object/parameter/auth-password" ]; then
printf ' password = %s\n' "$(cat "$__object/parameter/auth-password")"
fi
printf '}\n'
;;
ssl)
printf 'ssl {\n'
printf ' enabled = true\n'
if [ -f "$__object/parameter/ssl-no-verify" ]; then
printf ' verify = false\n'
fi
if [ -f "$__object/parameter/ssl-cert" ]; then
printf ' cert = "%s"\n' "$(cat "$__object/parameter/ssl-cert")"
fi
if [ -f "$__object/parameter/ssl-ca-cert" ]; then
printf ' ca_cert = "%s"\n' "$(cat "$__object/parameter/ssl-ca-cert")"
fi
printf '}\n'
;;
syslog)
printf 'syslog {\n'
printf ' enabled = true\n'
if [ -f "$__object/parameter/syslog-facility" ]; then
printf ' facility = "%s"\n' "$(cat "$__object/parameter/syslog-facility")"
fi
printf '}\n'
;;
vault-address)
printf 'vault {\n'
printf ' address = "%s"\n' "$(cat "$__object/parameter/vault-address")"
if [ -f "$__object/parameter/vault-token" ]; then
printf ' token = "%s"\n' "$(cat "$__object/parameter/vault-token")"
fi
if [ -f "$__object/parameter/vault-ssl" ]; then
printf ' ssl {\n'
printf ' enabled = true\n'
if [ -f "$__object/parameter/vault-ssl-no-verify" ]; then
printf ' verify = false\n'
fi
if [ -f "$__object/parameter/vault-ssl-cert" ]; then
printf ' cert = "%s"\n' "$(cat "$__object/parameter/vault-ssl-cert")"
fi
if [ -f "$__object/parameter/vault-ssl-ca-cert" ]; then
printf ' ca_cert = "%s"\n' "$(cat "$__object/parameter/vault-ssl-ca-cert")"
fi
printf ' }\n'
fi
printf '}\n'
;;
*)
# string key=value parameters
key="$(echo "$param" | tr '-' '_')"
printf '%s = "%s"\n' "$key" "$(cat "$__object/parameter/$param")"
;;
esac
done
) | \
require="__directory${conf_dir}" \
__config_file "${conf_dir}/${conf_file}" \
--owner root --group root --mode 640 \
--state "$state" \
--onchange "$service_onchange" \
--source -
# Install init script to start on boot
service="consul-template"
case "$os" in
centos|redhat)
os_version="$(sed 's/[^0-9.]//g' "$__global/explorer/os_version")"
major_version="${os_version%%.*}"
case "$major_version" in
7)
__file "/lib/systemd/system/${service}.service" \
--owner root --group root --mode 0555 \
--state "$state" \
--source "$__type/files/${service}.systemd"
export require="__file/lib/systemd/system/${service}.service"
;;
*)
__file "/etc/init.d/${service}" \
--owner root --group root --mode 0555 \
--state "$state" \
--source "$__type/files/${service}.sysv"
export require="__file/etc/init.d/${service}"
;;
esac
__start_on_boot "$service" --state "$state"
;;
ubuntu)
__file "/etc/init/${service}.conf" \
--owner root --group root --mode 0644 \
--state "$state" \
--source "$__type/files/${service}.upstart"
export require="__file/etc/init/${service}.conf"
__start_on_boot "$service" --state "$state"
;;
archlinux)
__file "/lib/systemd/system/${service}.service" \
--owner root --group root --mode 0555 \
--state "$state" \
--source "$__type/files/${service}.systemd"
export require="__file/lib/systemd/system/${service}.service"
__start_on_boot "$service" --state "$state"
;;
esac

View file

@ -0,0 +1,93 @@
# < 0.7.0
ssl = true
ssl_no_verify = true
# >= 0.7.0
ssl {
enabled = true
verify = false
}
# >= 0.9.0
ssl-cert
ssl-ca-cert
--------------------------------------------------------------------------------
### from docs
ssl {
enabled = true
verify = false
cert = "/path/to/client/cert.pem"
ca_cert = "/path/to/ca/cert.pem"
}
ssl
Use HTTPS while talking to Consul. Requires the Consul server to be configured to serve secure connections. The default value is false.
ssl-verify
Verify certificates when connecting via SSL. This requires the use of -ssl. The default value is true.
ssl-cert
Path to an SSL client certificate to use to authenticate to the consul server. Useful if the consul server "verify_incoming" option is set.
ssl-ca-cert
Path to a CA certificate file, containing one or more CA certificates to use to validate the certificate sent by the consul server to us. This is a handy alternative to setting --ssl-verify=false if you are using your own CA.
--------------------------------------------------------------------------------
### example config file from docs
consul = "127.0.0.1:8500"
token = "abcd1234" // May also be specified via the envvar CONSUL_TOKEN
retry = "10s"
max_stale = "10m"
log_level = "warn"
pid_file = "/path/to/pid"
vault {
address = "https://vault.service.consul:8200"
token = "abcd1234" // May also be specified via the envvar VAULT_TOKEN
ssl {
enabled = true
verify = true
cert = "/path/to/client/cert.pem"
ca_cert = "/path/to/ca/cert.pem"
}
}
--auth-username
--auth-password
# if any are given enabled = true
auth {
enabled = true
username = "test"
password = "test"
}
ssl {
enabled = true
verify = false
cert = "/path/to/client/cert.pem"
ca_cert = "/path/to/ca/cert.pem"
}
syslog {
enabled = true
facility = "LOCAL5"
}
template {
source = "/path/on/disk/to/template"
destination = "/path/on/disk/where/template/will/render"
command = "optional command to run when the template is updated"
}
template {
// Multiple template definitions are supported
}

View file

@ -0,0 +1,5 @@
ssl
ssl-no-verify
syslog
vault-ssl
vault-ssl-no-verify

Some files were not shown because too many files have changed in this diff Show more