forked from ungleich-public/cdist
Merge branch 'master' of github.com:telmich/cdist
This commit is contained in:
commit
36d6ffbe74
20 changed files with 243 additions and 27 deletions
|
@ -77,6 +77,11 @@ if grep -q ^Fedora /etc/redhat-release 2>/dev/null; then
|
|||
exit 0
|
||||
fi
|
||||
|
||||
if grep -q ^Mitel /etc/redhat-release 2>/dev/null; then
|
||||
echo mitel
|
||||
exit 0
|
||||
fi
|
||||
|
||||
if [ -f /etc/redhat-release ]; then
|
||||
echo redhat
|
||||
exit 0
|
||||
|
|
|
@ -51,7 +51,7 @@ case "$($__explorer/os)" in
|
|||
owl)
|
||||
cat /etc/owl-release
|
||||
;;
|
||||
redhat|centos)
|
||||
redhat|centos|mitel)
|
||||
cat /etc/redhat-release
|
||||
;;
|
||||
slackware)
|
||||
|
|
|
@ -0,0 +1,9 @@
|
|||
start on starting consul
|
||||
|
||||
task
|
||||
|
||||
script
|
||||
mkdir -p /var/run/consul
|
||||
chown consul:consul /var/run/consul
|
||||
chmod 2770 /var/run/consul
|
||||
end script
|
|
@ -7,6 +7,11 @@ After=basic.target network.target
|
|||
User=consul
|
||||
Group=consul
|
||||
Environment="GOMAXPROCS=2"
|
||||
# Run ExecStartPre with root-permissions
|
||||
PermissionsStartOnly=true
|
||||
ExecStartPre=/usr/bin/mkdir -p /var/run/consul
|
||||
ExecStartPre=/usr/bin/chown consul:consul /var/run/consul
|
||||
ExecStartPre=/usr/bin/chmod 2770 /var/run/consul
|
||||
ExecStart=/usr/local/bin/consul agent -config-dir /etc/consul/conf.d
|
||||
ExecReload=/bin/kill -HUP $MAINPID
|
||||
KillMode=process
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
#!/bin/sh
|
||||
#
|
||||
# 2015 Nico Schottelius (nico-cdist at schottelius.org)
|
||||
# 2015 Steven Armstrong (steven-cdist at armstrong.cc)
|
||||
#
|
||||
# This file is part of cdist.
|
||||
#
|
||||
|
@ -29,6 +30,10 @@ CONSUL=/usr/local/bin/consul
|
|||
CONFIG=/etc/$NAME/conf.d
|
||||
PID_FILE=/var/run/$NAME/pidfile
|
||||
|
||||
mkdir -p /var/run/$NAME
|
||||
chown consul:consul /var/run/$NAME
|
||||
chmod 2770 /var/run/$NAME
|
||||
|
||||
export PATH="${PATH:+$PATH:}/usr/sbin:/sbin"
|
||||
|
||||
case "$1" in
|
||||
|
@ -51,7 +56,7 @@ case "$1" in
|
|||
log_end_msg 1 || true
|
||||
fi
|
||||
;;
|
||||
|
||||
|
||||
reload)
|
||||
log_daemon_msg "Reloading consul agent" "consul" || true
|
||||
if start-stop-daemon --stop --signal HUP --quiet --oknodo --pidfile $PID_FILE --exec $CONSUL; then
|
||||
|
|
|
@ -22,7 +22,9 @@ LOG_FILE=/var/log/$NAME
|
|||
export GOMAXPROCS=${GOMAXPROCS:-2}
|
||||
|
||||
mkdir -p /var/run/$NAME
|
||||
chown consul /var/run/$NAME
|
||||
chown consul:consul /var/run/$NAME
|
||||
chmod 2770 /var/run/$NAME
|
||||
|
||||
|
||||
start() {
|
||||
echo -n "Starting $NAME: "
|
||||
|
@ -36,7 +38,7 @@ start() {
|
|||
|
||||
stop() {
|
||||
echo -n "Shutting down $NAME: "
|
||||
"$CONSUL" leave
|
||||
killproc -p "$PID_FILE" $NAME
|
||||
retcode=$?
|
||||
rm -f /var/lock/subsys/$NAME
|
||||
return $retcode
|
||||
|
@ -86,7 +88,7 @@ case "$1" in
|
|||
fi
|
||||
;;
|
||||
*)
|
||||
echo "Usage: $NAME {start|stop|status|reload|restart}"
|
||||
echo "Usage: $NAME {start|stop|status|reload|restart|condrestart|info}"
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
|
|
|
@ -132,10 +132,10 @@ if [ -f "$__object/parameter/json-config" ]; then
|
|||
if [ "$json_config" = "-" ]; then
|
||||
json_config="$__object/stdin"
|
||||
fi
|
||||
printf ','
|
||||
# remove trailing ,
|
||||
json=$(cat "$json_config")
|
||||
echo "${json%*,}"
|
||||
# remove leading and trailing whitespace and commas from first and last line
|
||||
# indent each line with 3 spaces for consistency
|
||||
json=$(sed -e 's/^[ \t]*/ /' -e '1s/^[ \t,]*//' -e '$s/[ \t,]*$//' "$json_config")
|
||||
printf ' ,%s\n' "$json"
|
||||
fi
|
||||
echo "}"
|
||||
) | \
|
||||
|
@ -166,10 +166,15 @@ init_systemd()
|
|||
|
||||
init_upstart()
|
||||
{
|
||||
__file /etc/init/consul.conf \
|
||||
__file /etc/init/consul-prepare.conf \
|
||||
--owner root --group root --mode 0644 \
|
||||
--state "$state" \
|
||||
--source "$__type/files/consul.upstart"
|
||||
--source "$__type/files/consul-prepare.upstart"
|
||||
require="__file/etc/init/consul-prepare.conf" \
|
||||
__file /etc/init/consul.conf \
|
||||
--owner root --group root --mode 0644 \
|
||||
--state "$state" \
|
||||
--source "$__type/files/consul.upstart"
|
||||
require="__file/etc/init/consul.conf" __start_on_boot consul
|
||||
}
|
||||
|
||||
|
|
|
@ -0,0 +1 @@
|
|||
3401777891 9273880 consul-template
|
|
@ -1 +1 @@
|
|||
https://github.com/hashicorp/consul-template/releases/download/v0.6.5/consul-template_0.6.5_linux_amd64.tar.gz
|
||||
https://github.com/hashicorp/consul-template/releases/download/v0.10.0/consul-template_0.10.0_linux_amd64.tar.gz
|
|
@ -1 +0,0 @@
|
|||
1356006333 8496656 consul-template
|
|
@ -24,13 +24,19 @@ None.
|
|||
|
||||
OPTIONAL PARAMETERS
|
||||
-------------------
|
||||
auth::
|
||||
specify a username (and password) for basic authentication.
|
||||
auth-username::
|
||||
specify a username for basic authentication.
|
||||
auth-password::
|
||||
specify a password for basic authentication.
|
||||
batch-size::
|
||||
the size of the batch when polling multiple dependencies.
|
||||
consul::
|
||||
the location of the Consul instance to query (may be an IP address or FQDN) with port.
|
||||
Defaults to 'localhost:8500'.
|
||||
log-level::
|
||||
The log level for output. This applies to the stdout/stderr logging as well
|
||||
as syslog logging (if enabled). Valid values are "debug", "info", "warn",
|
||||
and "err". The default value is "warn".
|
||||
max-stale::
|
||||
the maximum staleness of a query. If specified, Consul will distribute work among all
|
||||
servers instead of just the leader.
|
||||
|
@ -39,8 +45,27 @@ retry::
|
|||
with the API.
|
||||
state::
|
||||
either 'present' or 'absent'. Defaults to 'present'
|
||||
ssl-cert::
|
||||
Path to an SSL client certificate to use to authenticate to the consul server.
|
||||
Useful if the consul server "verify_incoming" option is set.
|
||||
ssl-ca-cert::
|
||||
Path to a CA certificate file, containing one or more CA certificates to
|
||||
use to validate the certificate sent by the consul server to us. This is a
|
||||
handy alternative to setting --ssl-no-verify if you are using your own CA.
|
||||
syslog-facility::
|
||||
The facility to use when sending to syslog. This requires the use of --syslog.
|
||||
The default value is LOCAL0.
|
||||
token::
|
||||
the Consul API token.
|
||||
vault-address::
|
||||
the location of the Vault instance to query (may be an IP address or FQDN) with port.
|
||||
vault-token::
|
||||
the Vault API token.
|
||||
vault-ssl-cert::
|
||||
Path to an SSL client certificate to use to authenticate to the vault server.
|
||||
vault-ssl-ca-cert::
|
||||
Path to a CA certificate file, containing one or more CA certificates to
|
||||
use to validate the certificate sent by the vault server to us.
|
||||
version::
|
||||
which version of consul-template to install. See ./files/versions for a list of
|
||||
supported versions. Defaults to the latest known version.
|
||||
|
@ -56,6 +81,12 @@ ssl::
|
|||
use HTTPS while talking to Consul. Requires the Consul server to be configured to serve secure connections.
|
||||
ssl-no-verify::
|
||||
ignore certificate warnings. Only used if ssl is enabled.
|
||||
syslog::
|
||||
Send log output to syslog (in addition to stdout and stderr).
|
||||
vault-ssl::
|
||||
use HTTPS while talking to Vault. Requires the Vault server to be configured to serve secure connections.
|
||||
vault-ssl-no-verify::
|
||||
ignore certificate warnings. Only used if vault is enabled.
|
||||
|
||||
|
||||
EXAMPLES
|
||||
|
|
|
@ -77,17 +77,64 @@ require="__directory/etc/consul-template" \
|
|||
(
|
||||
for param in $(ls "$__object/parameter/"); do
|
||||
case "$param" in
|
||||
ssl|ssl-no-verify) # boolean
|
||||
key="$(echo "$param" | tr '-' '_')"
|
||||
printf '%s = true\n' "$key"
|
||||
auth-password|state|ssl-*|syslog-*|version|vault-token|vault-ssl*) continue ;;
|
||||
auth-username)
|
||||
printf 'auth {\n'
|
||||
printf ' enabled = true\n'
|
||||
printf ' username = "%s"\n' "$(cat "$__object/parameter/auth-username")"
|
||||
if [ -f "$__object/parameter/auth-password" ]; then
|
||||
printf ' password = %s\n' "$(cat "$__object/parameter/auth-password")"
|
||||
fi
|
||||
printf '}\n'
|
||||
;;
|
||||
auth|batch-size|consul|max-stale|retry|token|wait)
|
||||
key="$(echo "$param" | tr '-' '_')"
|
||||
printf '%s = "%s"\n' "$key" "$(cat "$__object/parameter/$param")"
|
||||
ssl)
|
||||
printf 'ssl {\n'
|
||||
printf ' enabled = true\n'
|
||||
if [ -f "$__object/parameter/ssl-no-verify" ]; then
|
||||
printf ' verify = false\n'
|
||||
fi
|
||||
if [ -f "$__object/parameter/ssl-cert" ]; then
|
||||
printf ' cert = "%s"\n' "$(cat "$__object/parameter/ssl-cert")"
|
||||
fi
|
||||
if [ -f "$__object/parameter/ssl-ca-cert" ]; then
|
||||
printf ' ca_cert = "%s"\n' "$(cat "$__object/parameter/ssl-ca-cert")"
|
||||
fi
|
||||
printf '}\n'
|
||||
;;
|
||||
syslog)
|
||||
printf 'syslog {\n'
|
||||
printf ' enabled = true\n'
|
||||
if [ -f "$__object/parameter/syslog-facility" ]; then
|
||||
printf ' facility = "%s"\n' "$(cat "$__object/parameter/syslog-facility")"
|
||||
fi
|
||||
printf '}\n'
|
||||
;;
|
||||
vault-address)
|
||||
printf 'vault {\n'
|
||||
printf ' address = "%s"\n' "$(cat "$__object/parameter/vault-address")"
|
||||
if [ -f "$__object/parameter/vault-token" ]; then
|
||||
printf ' token = "%s"\n' "$(cat "$__object/parameter/vault-token")"
|
||||
fi
|
||||
if [ -f "$__object/parameter/vault-ssl" ]; then
|
||||
printf ' ssl {\n'
|
||||
printf ' enabled = true\n'
|
||||
if [ -f "$__object/parameter/vault-ssl-no-verify" ]; then
|
||||
printf ' verify = false\n'
|
||||
fi
|
||||
if [ -f "$__object/parameter/vault-ssl-cert" ]; then
|
||||
printf ' cert = "%s"\n' "$(cat "$__object/parameter/vault-ssl-cert")"
|
||||
fi
|
||||
if [ -f "$__object/parameter/vault-ssl-ca-cert" ]; then
|
||||
printf ' ca_cert = "%s"\n' "$(cat "$__object/parameter/vault-ssl-ca-cert")"
|
||||
fi
|
||||
printf ' }\n'
|
||||
fi
|
||||
printf '}\n'
|
||||
;;
|
||||
*)
|
||||
# ignore unknown parameters
|
||||
:
|
||||
# string key=value parameters
|
||||
key="$(echo "$param" | tr '-' '_')"
|
||||
printf '%s = "%s"\n' "$key" "$(cat "$__object/parameter/$param")"
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
|
93
cdist/conf/type/__consul_template/notes
Normal file
93
cdist/conf/type/__consul_template/notes
Normal file
|
@ -0,0 +1,93 @@
|
|||
# < 0.7.0
|
||||
ssl = true
|
||||
ssl_no_verify = true
|
||||
|
||||
# >= 0.7.0
|
||||
ssl {
|
||||
enabled = true
|
||||
verify = false
|
||||
}
|
||||
|
||||
# >= 0.9.0
|
||||
ssl-cert
|
||||
ssl-ca-cert
|
||||
|
||||
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
### from docs
|
||||
|
||||
|
||||
ssl {
|
||||
enabled = true
|
||||
verify = false
|
||||
cert = "/path/to/client/cert.pem"
|
||||
ca_cert = "/path/to/ca/cert.pem"
|
||||
}
|
||||
|
||||
|
||||
ssl
|
||||
Use HTTPS while talking to Consul. Requires the Consul server to be configured to serve secure connections. The default value is false.
|
||||
|
||||
ssl-verify
|
||||
Verify certificates when connecting via SSL. This requires the use of -ssl. The default value is true.
|
||||
|
||||
ssl-cert
|
||||
Path to an SSL client certificate to use to authenticate to the consul server. Useful if the consul server "verify_incoming" option is set.
|
||||
|
||||
ssl-ca-cert
|
||||
Path to a CA certificate file, containing one or more CA certificates to use to validate the certificate sent by the consul server to us. This is a handy alternative to setting --ssl-verify=false if you are using your own CA.
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
### example config file from docs
|
||||
|
||||
consul = "127.0.0.1:8500"
|
||||
token = "abcd1234" // May also be specified via the envvar CONSUL_TOKEN
|
||||
retry = "10s"
|
||||
max_stale = "10m"
|
||||
log_level = "warn"
|
||||
pid_file = "/path/to/pid"
|
||||
|
||||
vault {
|
||||
address = "https://vault.service.consul:8200"
|
||||
token = "abcd1234" // May also be specified via the envvar VAULT_TOKEN
|
||||
ssl {
|
||||
enabled = true
|
||||
verify = true
|
||||
cert = "/path/to/client/cert.pem"
|
||||
ca_cert = "/path/to/ca/cert.pem"
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
--auth-username
|
||||
--auth-password
|
||||
# if any are given enabled = true
|
||||
auth {
|
||||
enabled = true
|
||||
username = "test"
|
||||
password = "test"
|
||||
}
|
||||
|
||||
ssl {
|
||||
enabled = true
|
||||
verify = false
|
||||
cert = "/path/to/client/cert.pem"
|
||||
ca_cert = "/path/to/ca/cert.pem"
|
||||
}
|
||||
|
||||
syslog {
|
||||
enabled = true
|
||||
facility = "LOCAL5"
|
||||
}
|
||||
|
||||
template {
|
||||
source = "/path/on/disk/to/template"
|
||||
destination = "/path/on/disk/where/template/will/render"
|
||||
command = "optional command to run when the template is updated"
|
||||
}
|
||||
|
||||
template {
|
||||
// Multiple template definitions are supported
|
||||
}
|
|
@ -1,2 +1,5 @@
|
|||
ssl
|
||||
ssl-no-verify
|
||||
syslog
|
||||
vault-ssl
|
||||
vault-ssl-no-verify
|
||||
|
|
|
@ -0,0 +1 @@
|
|||
warn
|
|
@ -0,0 +1 @@
|
|||
LOCAL0
|
|
@ -1 +1 @@
|
|||
0.6.5
|
||||
0.10.0
|
||||
|
|
|
@ -1,9 +1,18 @@
|
|||
auth
|
||||
auth-username
|
||||
auth-password
|
||||
batch-size
|
||||
consul
|
||||
log-level
|
||||
max-stale
|
||||
retry
|
||||
state
|
||||
ssl-cert
|
||||
ssl-ca-cert
|
||||
syslog-facility
|
||||
token
|
||||
vault-address
|
||||
vault-token
|
||||
vault-ssl-cert
|
||||
vault-ssl-ca-cert
|
||||
version
|
||||
wait
|
||||
|
|
|
@ -1,2 +0,0 @@
|
|||
- add support for latest version 0.7.0
|
||||
- config file format has changed
|
|
@ -5,6 +5,8 @@ next:
|
|||
* Documentation: Fix spelling in manual pages (Dmitry Bogatov)
|
||||
* New type: __pacman_conf: Manage pacman.conf (Dominique Roux)
|
||||
* New type: __pacman_conf_integrate: cdist compatible pacman.conf (Dominique Roux)
|
||||
* Type __consul: Do not install unused package unzip (Steven Armstrong)
|
||||
* Type __consul: Add source & cksum for 0.5.2 (Steven Armstrong)
|
||||
* Core: Support object ids '.cdist' (Nico Schottelius)
|
||||
* Type __apt_norecommends: Also setup autoremove options (Dmitry Bogatov)
|
||||
* Type __user_groups: Add NetBSD support (Jonathan A. Kollasch)
|
||||
|
|
Loading…
Reference in a new issue