From 47daae1aa2d9285bb4c51344f99b6a7f54fd816b Mon Sep 17 00:00:00 2001 From: Steven Armstrong Date: Fri, 22 May 2015 21:09:03 +0200 Subject: [PATCH 01/15] Revert "__consul type requires unzip to be installed" This reverts commit 45df8dca119e3004596f290ce423843163cb145b. --- cdist/conf/type/__consul/manifest | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/cdist/conf/type/__consul/manifest b/cdist/conf/type/__consul/manifest index ea1a728f..1cbc5413 100755 --- a/cdist/conf/type/__consul/manifest +++ b/cdist/conf/type/__consul/manifest @@ -43,9 +43,7 @@ if [ ! -d "$version_dir" ]; then exit 1 fi -__package unzip - -require="__package/unzip" __staged_file /usr/local/bin/consul \ +__staged_file /usr/local/bin/consul \ --source "$(cat "$version_dir/source")" \ --cksum "$(cat "$version_dir/cksum")" \ --fetch-command 'curl -s -L "%s"' \ From 8062fd9d6c6d33027b1231ca72892e40c6cb936e Mon Sep 17 00:00:00 2001 From: Steven Armstrong Date: Fri, 22 May 2015 21:10:16 +0200 Subject: [PATCH 02/15] changes++ Signed-off-by: Steven Armstrong --- docs/changelog | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/changelog b/docs/changelog index 034b5342..410cd3a3 100644 --- a/docs/changelog +++ b/docs/changelog @@ -5,6 +5,7 @@ next: * Documentation: Fix spelling in manual pages (Dmitry Bogatov) * New type: __pacman_conf: Manage pacman.conf (Dominique Roux) * New type: __pacman_conf_integrate: cdist compatible pacman.conf (Dominique Roux) + * Type __consul: Do not install unused package unzip (Steven Armstrong) 3.1.13: 2015-05-16 From a1f1b3540dafaab6b3359ef9551c06d648b8b4b2 Mon Sep 17 00:00:00 2001 From: Steven Armstrong Date: Fri, 22 May 2015 21:13:55 +0200 Subject: [PATCH 03/15] +consul 0.5.2 Signed-off-by: Steven Armstrong --- cdist/conf/type/__consul/files/versions/0.5.2/cksum | 1 + cdist/conf/type/__consul/files/versions/0.5.2/source | 1 + 2 files changed, 2 insertions(+) create mode 100644 cdist/conf/type/__consul/files/versions/0.5.2/cksum create mode 100644 cdist/conf/type/__consul/files/versions/0.5.2/source diff --git a/cdist/conf/type/__consul/files/versions/0.5.2/cksum b/cdist/conf/type/__consul/files/versions/0.5.2/cksum new file mode 100644 index 00000000..1c077266 --- /dev/null +++ b/cdist/conf/type/__consul/files/versions/0.5.2/cksum @@ -0,0 +1 @@ +2207534901 18245010 consul diff --git a/cdist/conf/type/__consul/files/versions/0.5.2/source b/cdist/conf/type/__consul/files/versions/0.5.2/source new file mode 100644 index 00000000..991034ce --- /dev/null +++ b/cdist/conf/type/__consul/files/versions/0.5.2/source @@ -0,0 +1 @@ +https://dl.bintray.com/mitchellh/consul/0.5.2_linux_amd64.zip From 414542cd8279357ea5e573e48441afee85375185 Mon Sep 17 00:00:00 2001 From: Steven Armstrong Date: Fri, 22 May 2015 21:14:41 +0200 Subject: [PATCH 04/15] changes++ Signed-off-by: Steven Armstrong --- docs/changelog | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/changelog b/docs/changelog index 410cd3a3..96496052 100644 --- a/docs/changelog +++ b/docs/changelog @@ -6,6 +6,7 @@ next: * New type: __pacman_conf: Manage pacman.conf (Dominique Roux) * New type: __pacman_conf_integrate: cdist compatible pacman.conf (Dominique Roux) * Type __consul: Do not install unused package unzip (Steven Armstrong) + * Type __consul: Add source & cksum for 0.5.2 (Steven Armstrong) 3.1.13: 2015-05-16 From 085a7c8ce1e3ce05cf4cce69d163d17f434ba0c2 Mon Sep 17 00:00:00 2001 From: Steven Armstrong Date: Thu, 28 May 2015 22:26:51 +0200 Subject: [PATCH 05/15] work in progress: start upgrading consul-template to 0.9.0 Signed-off-by: Steven Armstrong --- .../files/versions/0.9.0/cksum | 1 + .../files/versions/0.9.0/source | 1 + cdist/conf/type/__consul_template/man.text | 22 ++++- cdist/conf/type/__consul_template/notes | 93 +++++++++++++++++++ .../type/__consul_template/parameter/boolean | 1 + .../parameter/default/log-level | 1 + .../parameter/default/syslog-facility | 1 + .../type/__consul_template/parameter/optional | 7 +- 8 files changed, 124 insertions(+), 3 deletions(-) create mode 100644 cdist/conf/type/__consul_template/files/versions/0.9.0/cksum create mode 100644 cdist/conf/type/__consul_template/files/versions/0.9.0/source create mode 100644 cdist/conf/type/__consul_template/notes create mode 100644 cdist/conf/type/__consul_template/parameter/default/log-level create mode 100644 cdist/conf/type/__consul_template/parameter/default/syslog-facility diff --git a/cdist/conf/type/__consul_template/files/versions/0.9.0/cksum b/cdist/conf/type/__consul_template/files/versions/0.9.0/cksum new file mode 100644 index 00000000..0f86f500 --- /dev/null +++ b/cdist/conf/type/__consul_template/files/versions/0.9.0/cksum @@ -0,0 +1 @@ +4037434610 8901128 consul-template diff --git a/cdist/conf/type/__consul_template/files/versions/0.9.0/source b/cdist/conf/type/__consul_template/files/versions/0.9.0/source new file mode 100644 index 00000000..25fd18e9 --- /dev/null +++ b/cdist/conf/type/__consul_template/files/versions/0.9.0/source @@ -0,0 +1 @@ +https://github.com/hashicorp/consul-template/releases/download/v0.9.0/consul-template_0.9.0_linux_amd64.tar.gz diff --git a/cdist/conf/type/__consul_template/man.text b/cdist/conf/type/__consul_template/man.text index 9db958eb..876690ee 100644 --- a/cdist/conf/type/__consul_template/man.text +++ b/cdist/conf/type/__consul_template/man.text @@ -24,13 +24,19 @@ None. OPTIONAL PARAMETERS ------------------- -auth:: - specify a username (and password) for basic authentication. +auth-username:: + specify a username for basic authentication. +auth-password:: + specify a password for basic authentication. batch-size:: the size of the batch when polling multiple dependencies. consul:: the location of the Consul instance to query (may be an IP address or FQDN) with port. Defaults to 'localhost:8500'. +log-level:: + The log level for output. This applies to the stdout/stderr logging as well + as syslog logging (if enabled). Valid values are "debug", "info", "warn", + and "err". The default value is "warn". max-stale:: the maximum staleness of a query. If specified, Consul will distribute work among all servers instead of just the leader. @@ -39,6 +45,16 @@ retry:: with the API. state:: either 'present' or 'absent'. Defaults to 'present' +ssl-cert:: + Path to an SSL client certificate to use to authenticate to the consul server. + Useful if the consul server "verify_incoming" option is set. +ssl-ca-cert:: + Path to a CA certificate file, containing one or more CA certificates to + use to validate the certificate sent by the consul server to us. This is a + handy alternative to setting --ssl-no-verify if you are using your own CA. +syslog-facility:: + The facility to use when sending to syslog. This requires the use of --syslog. + The default value is LOCAL0. token:: the Consul API token. version:: @@ -56,6 +72,8 @@ ssl:: use HTTPS while talking to Consul. Requires the Consul server to be configured to serve secure connections. ssl-no-verify:: ignore certificate warnings. Only used if ssl is enabled. +syslog:: + Send log output to syslog (in addition to stdout and stderr). EXAMPLES diff --git a/cdist/conf/type/__consul_template/notes b/cdist/conf/type/__consul_template/notes new file mode 100644 index 00000000..fc7cca11 --- /dev/null +++ b/cdist/conf/type/__consul_template/notes @@ -0,0 +1,93 @@ +# < 0.7.0 +ssl = true +ssl_no_verify = true + +# >= 0.7.0 +ssl { + enabled = true + verify = false +} + +# >= 0.9.0 +ssl-cert +ssl-ca-cert + + + +-------------------------------------------------------------------------------- +### from docs + + +ssl { + enabled = true + verify = false + cert = "/path/to/client/cert.pem" + ca_cert = "/path/to/ca/cert.pem" +} + + +ssl + Use HTTPS while talking to Consul. Requires the Consul server to be configured to serve secure connections. The default value is false. + +ssl-verify + Verify certificates when connecting via SSL. This requires the use of -ssl. The default value is true. + +ssl-cert + Path to an SSL client certificate to use to authenticate to the consul server. Useful if the consul server "verify_incoming" option is set. + +ssl-ca-cert + Path to a CA certificate file, containing one or more CA certificates to use to validate the certificate sent by the consul server to us. This is a handy alternative to setting --ssl-verify=false if you are using your own CA. + +-------------------------------------------------------------------------------- + +### example config file from docs + +consul = "127.0.0.1:8500" +token = "abcd1234" // May also be specified via the envvar CONSUL_TOKEN +retry = "10s" +max_stale = "10m" +log_level = "warn" +pid_file = "/path/to/pid" + +vault { + address = "https://vault.service.consul:8200" + token = "abcd1234" // May also be specified via the envvar VAULT_TOKEN + ssl { + enabled = true + verify = true + cert = "/path/to/client/cert.pem" + ca_cert = "/path/to/ca/cert.pem" + } +} + + +--auth-username +--auth-password +# if any are given enabled = true +auth { + enabled = true + username = "test" + password = "test" +} + +ssl { + enabled = true + verify = false + cert = "/path/to/client/cert.pem" + ca_cert = "/path/to/ca/cert.pem" +} + +syslog { + enabled = true + facility = "LOCAL5" +} + +template { + source = "/path/on/disk/to/template" + destination = "/path/on/disk/where/template/will/render" + command = "optional command to run when the template is updated" +} + +template { + // Multiple template definitions are supported +} diff --git a/cdist/conf/type/__consul_template/parameter/boolean b/cdist/conf/type/__consul_template/parameter/boolean index 5e17dcd7..696f66ee 100644 --- a/cdist/conf/type/__consul_template/parameter/boolean +++ b/cdist/conf/type/__consul_template/parameter/boolean @@ -1,2 +1,3 @@ ssl ssl-no-verify +syslog diff --git a/cdist/conf/type/__consul_template/parameter/default/log-level b/cdist/conf/type/__consul_template/parameter/default/log-level new file mode 100644 index 00000000..1ef71804 --- /dev/null +++ b/cdist/conf/type/__consul_template/parameter/default/log-level @@ -0,0 +1 @@ +warn diff --git a/cdist/conf/type/__consul_template/parameter/default/syslog-facility b/cdist/conf/type/__consul_template/parameter/default/syslog-facility new file mode 100644 index 00000000..f32df182 --- /dev/null +++ b/cdist/conf/type/__consul_template/parameter/default/syslog-facility @@ -0,0 +1 @@ +LOCAL0 diff --git a/cdist/conf/type/__consul_template/parameter/optional b/cdist/conf/type/__consul_template/parameter/optional index 2848edb9..5ad9679d 100644 --- a/cdist/conf/type/__consul_template/parameter/optional +++ b/cdist/conf/type/__consul_template/parameter/optional @@ -1,9 +1,14 @@ -auth +auth-username +auth-password batch-size consul +log-level max-stale retry state +ssl-cert +ssl-ca-cert +syslog-facility token version wait From b515601c9c8d49b415fe7f98baf2110475fecaec Mon Sep 17 00:00:00 2001 From: Steven Armstrong Date: Thu, 23 Jul 2015 22:05:55 +0200 Subject: [PATCH 06/15] create /var/run/consul with permissions suitable for storing unix sockets Signed-off-by: Steven Armstrong --- .../type/__consul_agent/files/consul-prepare.upstart | 9 +++++++++ cdist/conf/type/__consul_agent/files/consul.systemd | 5 +++++ cdist/conf/type/__consul_agent/files/consul.sysv-debian | 7 ++++++- cdist/conf/type/__consul_agent/files/consul.sysv-redhat | 4 +++- cdist/conf/type/__consul_agent/manifest | 9 +++++++-- 5 files changed, 30 insertions(+), 4 deletions(-) create mode 100644 cdist/conf/type/__consul_agent/files/consul-prepare.upstart diff --git a/cdist/conf/type/__consul_agent/files/consul-prepare.upstart b/cdist/conf/type/__consul_agent/files/consul-prepare.upstart new file mode 100644 index 00000000..569220d1 --- /dev/null +++ b/cdist/conf/type/__consul_agent/files/consul-prepare.upstart @@ -0,0 +1,9 @@ +start on starting consul + +task + +script + mkdir -p /var/run/consul + chown consul:consul /var/run/consul + chmod 2770 /var/run/consul +end script diff --git a/cdist/conf/type/__consul_agent/files/consul.systemd b/cdist/conf/type/__consul_agent/files/consul.systemd index db624fd1..8d5fd323 100644 --- a/cdist/conf/type/__consul_agent/files/consul.systemd +++ b/cdist/conf/type/__consul_agent/files/consul.systemd @@ -7,6 +7,11 @@ After=basic.target network.target User=consul Group=consul Environment="GOMAXPROCS=2" +# Run ExecStartPre with root-permissions +PermissionsStartOnly=true +ExecStartPre=/usr/bin/mkdir -p /var/run/consul +ExecStartPre=/usr/bin/chown consul:consul /var/run/consul +ExecStartPre=/usr/bin/chmod 2770 /var/run/consul ExecStart=/usr/local/bin/consul agent -config-dir /etc/consul/conf.d ExecReload=/bin/kill -HUP $MAINPID KillMode=process diff --git a/cdist/conf/type/__consul_agent/files/consul.sysv-debian b/cdist/conf/type/__consul_agent/files/consul.sysv-debian index f4498041..a75c555d 100644 --- a/cdist/conf/type/__consul_agent/files/consul.sysv-debian +++ b/cdist/conf/type/__consul_agent/files/consul.sysv-debian @@ -1,6 +1,7 @@ #!/bin/sh # # 2015 Nico Schottelius (nico-cdist at schottelius.org) +# 2015 Steven Armstrong (steven-cdist at armstrong.cc) # # This file is part of cdist. # @@ -29,6 +30,10 @@ CONSUL=/usr/local/bin/consul CONFIG=/etc/$NAME/conf.d PID_FILE=/var/run/$NAME/pidfile +mkdir -p /var/run/$NAME +chown consul:consul /var/run/$NAME +chmod 2770 /var/run/$NAME + export PATH="${PATH:+$PATH:}/usr/sbin:/sbin" case "$1" in @@ -51,7 +56,7 @@ case "$1" in log_end_msg 1 || true fi ;; - + reload) log_daemon_msg "Reloading consul agent" "consul" || true if start-stop-daemon --stop --signal HUP --quiet --oknodo --pidfile $PID_FILE --exec $CONSUL; then diff --git a/cdist/conf/type/__consul_agent/files/consul.sysv-redhat b/cdist/conf/type/__consul_agent/files/consul.sysv-redhat index 9a2aaeb2..44fd8737 100644 --- a/cdist/conf/type/__consul_agent/files/consul.sysv-redhat +++ b/cdist/conf/type/__consul_agent/files/consul.sysv-redhat @@ -22,7 +22,9 @@ LOG_FILE=/var/log/$NAME export GOMAXPROCS=${GOMAXPROCS:-2} mkdir -p /var/run/$NAME -chown consul /var/run/$NAME +chown consul:consul /var/run/$NAME +chmod 2770 /var/run/$NAME + start() { echo -n "Starting $NAME: " diff --git a/cdist/conf/type/__consul_agent/manifest b/cdist/conf/type/__consul_agent/manifest index f8cace94..053c9e80 100755 --- a/cdist/conf/type/__consul_agent/manifest +++ b/cdist/conf/type/__consul_agent/manifest @@ -160,10 +160,15 @@ init_systemd() init_upstart() { - __file /etc/init/consul.conf \ + __file /etc/init/consul-prepare.conf \ --owner root --group root --mode 0644 \ --state "$state" \ - --source "$__type/files/consul.upstart" + --source "$__type/files/consul-prepare.upstart" + require="__file/etc/init/consul-prepare.conf" \ + __file /etc/init/consul.conf \ + --owner root --group root --mode 0644 \ + --state "$state" \ + --source "$__type/files/consul.upstart" require="__file/etc/init/consul.conf" __start_on_boot consul } From c4aef429c2c5f2a407f66ecd034af7e2a79d966f Mon Sep 17 00:00:00 2001 From: Steven Armstrong Date: Thu, 23 Jul 2015 23:19:33 +0200 Subject: [PATCH 07/15] dont use `consul leave` to shutdown, just kill instead If all servers in a cluster leave, the cluster is basically destroyed. Servers are supposed to just die without leaving, otherwise rejoin no longer works and manual recovery is required. Signed-off-by: Steven Armstrong --- cdist/conf/type/__consul_agent/files/consul.sysv-redhat | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cdist/conf/type/__consul_agent/files/consul.sysv-redhat b/cdist/conf/type/__consul_agent/files/consul.sysv-redhat index 44fd8737..13dafd2e 100644 --- a/cdist/conf/type/__consul_agent/files/consul.sysv-redhat +++ b/cdist/conf/type/__consul_agent/files/consul.sysv-redhat @@ -38,7 +38,7 @@ start() { stop() { echo -n "Shutting down $NAME: " - "$CONSUL" leave + killproc -p "$PID_FILE" $NAME retcode=$? rm -f /var/lock/subsys/$NAME return $retcode @@ -88,7 +88,7 @@ case "$1" in fi ;; *) - echo "Usage: $NAME {start|stop|status|reload|restart}" + echo "Usage: $NAME {start|stop|status|reload|restart|condrestart|info}" exit 1 ;; esac From a2349124063ba3fa5596238f5fd09cd77f41d1c9 Mon Sep 17 00:00:00 2001 From: Steven Armstrong Date: Thu, 23 Jul 2015 23:33:52 +0200 Subject: [PATCH 08/15] support version 0.10.0 Signed-off-by: Steven Armstrong --- cdist/conf/type/__consul_template/files/versions/0.10.0/cksum | 1 + cdist/conf/type/__consul_template/files/versions/0.10.0/source | 1 + cdist/conf/type/__consul_template/todo | 2 -- 3 files changed, 2 insertions(+), 2 deletions(-) create mode 100644 cdist/conf/type/__consul_template/files/versions/0.10.0/cksum create mode 100644 cdist/conf/type/__consul_template/files/versions/0.10.0/source delete mode 100644 cdist/conf/type/__consul_template/todo diff --git a/cdist/conf/type/__consul_template/files/versions/0.10.0/cksum b/cdist/conf/type/__consul_template/files/versions/0.10.0/cksum new file mode 100644 index 00000000..bbf394db --- /dev/null +++ b/cdist/conf/type/__consul_template/files/versions/0.10.0/cksum @@ -0,0 +1 @@ +3401777891 9273880 consul-template diff --git a/cdist/conf/type/__consul_template/files/versions/0.10.0/source b/cdist/conf/type/__consul_template/files/versions/0.10.0/source new file mode 100644 index 00000000..7fa074b5 --- /dev/null +++ b/cdist/conf/type/__consul_template/files/versions/0.10.0/source @@ -0,0 +1 @@ +https://github.com/hashicorp/consul-template/releases/download/v0.10.0/consul-template_0.10.0_linux_amd64.tar.gz diff --git a/cdist/conf/type/__consul_template/todo b/cdist/conf/type/__consul_template/todo deleted file mode 100644 index a3786501..00000000 --- a/cdist/conf/type/__consul_template/todo +++ /dev/null @@ -1,2 +0,0 @@ -- add support for latest version 0.7.0 - - config file format has changed From 6fb35c7d90e9598ac8891244d047757986db81d4 Mon Sep 17 00:00:00 2001 From: Steven Armstrong Date: Thu, 23 Jul 2015 23:36:20 +0200 Subject: [PATCH 09/15] make 0.10.0 the default version Signed-off-by: Steven Armstrong --- cdist/conf/type/__consul_template/parameter/default/version | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cdist/conf/type/__consul_template/parameter/default/version b/cdist/conf/type/__consul_template/parameter/default/version index ef5e4454..78bc1abd 100644 --- a/cdist/conf/type/__consul_template/parameter/default/version +++ b/cdist/conf/type/__consul_template/parameter/default/version @@ -1 +1 @@ -0.6.5 +0.10.0 From 543d79a7b54610690906a7ff66c09524f56363ca Mon Sep 17 00:00:00 2001 From: Steven Armstrong Date: Fri, 24 Jul 2015 00:21:08 +0200 Subject: [PATCH 10/15] drop support for <0.10.0 Signed-off-by: Steven Armstrong --- .../files/versions/0.6.5/cksum | 1 - .../files/versions/0.6.5/source | 1 - .../files/versions/0.9.0/cksum | 1 - .../files/versions/0.9.0/source | 1 - cdist/conf/type/__consul_template/man.text | 13 ++++ cdist/conf/type/__consul_template/manifest | 63 ++++++++++++++++--- 6 files changed, 68 insertions(+), 12 deletions(-) delete mode 100644 cdist/conf/type/__consul_template/files/versions/0.6.5/cksum delete mode 100644 cdist/conf/type/__consul_template/files/versions/0.6.5/source delete mode 100644 cdist/conf/type/__consul_template/files/versions/0.9.0/cksum delete mode 100644 cdist/conf/type/__consul_template/files/versions/0.9.0/source diff --git a/cdist/conf/type/__consul_template/files/versions/0.6.5/cksum b/cdist/conf/type/__consul_template/files/versions/0.6.5/cksum deleted file mode 100644 index 2dcac994..00000000 --- a/cdist/conf/type/__consul_template/files/versions/0.6.5/cksum +++ /dev/null @@ -1 +0,0 @@ -1356006333 8496656 consul-template diff --git a/cdist/conf/type/__consul_template/files/versions/0.6.5/source b/cdist/conf/type/__consul_template/files/versions/0.6.5/source deleted file mode 100644 index 09a1ce3a..00000000 --- a/cdist/conf/type/__consul_template/files/versions/0.6.5/source +++ /dev/null @@ -1 +0,0 @@ -https://github.com/hashicorp/consul-template/releases/download/v0.6.5/consul-template_0.6.5_linux_amd64.tar.gz diff --git a/cdist/conf/type/__consul_template/files/versions/0.9.0/cksum b/cdist/conf/type/__consul_template/files/versions/0.9.0/cksum deleted file mode 100644 index 0f86f500..00000000 --- a/cdist/conf/type/__consul_template/files/versions/0.9.0/cksum +++ /dev/null @@ -1 +0,0 @@ -4037434610 8901128 consul-template diff --git a/cdist/conf/type/__consul_template/files/versions/0.9.0/source b/cdist/conf/type/__consul_template/files/versions/0.9.0/source deleted file mode 100644 index 25fd18e9..00000000 --- a/cdist/conf/type/__consul_template/files/versions/0.9.0/source +++ /dev/null @@ -1 +0,0 @@ -https://github.com/hashicorp/consul-template/releases/download/v0.9.0/consul-template_0.9.0_linux_amd64.tar.gz diff --git a/cdist/conf/type/__consul_template/man.text b/cdist/conf/type/__consul_template/man.text index 876690ee..0d86aee8 100644 --- a/cdist/conf/type/__consul_template/man.text +++ b/cdist/conf/type/__consul_template/man.text @@ -57,6 +57,15 @@ syslog-facility:: The default value is LOCAL0. token:: the Consul API token. +vault-address:: + the location of the Vault instance to query (may be an IP address or FQDN) with port. +vault-token:: + the Vault API token. +vault-ssl-cert:: + Path to an SSL client certificate to use to authenticate to the vault server. +vault-ssl-ca-cert:: + Path to a CA certificate file, containing one or more CA certificates to + use to validate the certificate sent by the vault server to us. version:: which version of consul-template to install. See ./files/versions for a list of supported versions. Defaults to the latest known version. @@ -74,6 +83,10 @@ ssl-no-verify:: ignore certificate warnings. Only used if ssl is enabled. syslog:: Send log output to syslog (in addition to stdout and stderr). +vault-ssl:: + use HTTPS while talking to Vault. Requires the Vault server to be configured to serve secure connections. +vault-ssl-no-verify:: + ignore certificate warnings. Only used if vault is enabled. EXAMPLES diff --git a/cdist/conf/type/__consul_template/manifest b/cdist/conf/type/__consul_template/manifest index edeca89c..cedcb413 100755 --- a/cdist/conf/type/__consul_template/manifest +++ b/cdist/conf/type/__consul_template/manifest @@ -77,17 +77,64 @@ require="__directory/etc/consul-template" \ ( for param in $(ls "$__object/parameter/"); do case "$param" in - ssl|ssl-no-verify) # boolean - key="$(echo "$param" | tr '-' '_')" - printf '%s = true\n' "$key" + auth-password|state|ssl-*|syslog-*|version|vault-token|vault-ssl*) continue ;; + auth-username) + printf 'auth {\n' + printf ' enabled = true\n' + printf ' username = "%s"\n' "$(cat "$__object/parameter/auth-username")" + if [ -f "$__object/parameter/auth-password" ]; then + printf ' password = %s\n' "$(cat "$__object/parameter/auth-password")" + fi + printf '}\n' ;; - auth|batch-size|consul|max-stale|retry|token|wait) - key="$(echo "$param" | tr '-' '_')" - printf '%s = "%s"\n' "$key" "$(cat "$__object/parameter/$param")" + ssl) + printf 'ssl {\n' + printf ' enabled = true\n' + if [ -f "$__object/parameter/ssl-no-verify" ]; then + printf ' verify = false\n' + fi + if [ -f "$__object/parameter/ssl-cert" ]; then + printf ' cert = "%s"\n' "$(cat "$__object/parameter/ssl-cert")" + fi + if [ -f "$__object/parameter/ssl-ca-cert" ]; then + printf ' ca_cert = "%s"\n' "$(cat "$__object/parameter/ssl-ca-cert")" + fi + printf '}\n' + ;; + syslog) + printf 'syslog {\n' + printf ' enabled = true\n' + if [ -f "$__object/parameter/syslog-facility" ]; then + printf ' facility = "%s"\n' "$(cat "$__object/parameter/syslog-facility")" + fi + printf '}\n' + ;; + vault-address) + printf 'vault {\n' + printf ' address = "%s"\n' "$(cat "$__object/parameter/vault-address")" + if [ -f "$__object/parameter/vault-token" ]; then + printf ' token = "%s"\n' "$(cat "$__object/parameter/vault-token")" + fi + if [ -f "$__object/parameter/vault-ssl" ]; then + printf ' ssl {\n' + printf ' enabled = true\n' + if [ -f "$__object/parameter/vault-ssl-no-verify" ]; then + printf ' verify = false\n' + fi + if [ -f "$__object/parameter/vault-ssl-cert" ]; then + printf ' cert = "%s"\n' "$(cat "$__object/parameter/vault-ssl-cert")" + fi + if [ -f "$__object/parameter/vault-ssl-ca-cert" ]; then + printf ' ca_cert = "%s"\n' "$(cat "$__object/parameter/vault-ssl-ca-cert")" + fi + printf ' }\n' + fi + printf '}\n' ;; *) - # ignore unknown parameters - : + # string key=value parameters + key="$(echo "$param" | tr '-' '_')" + printf '%s = "%s"\n' "$key" "$(cat "$__object/parameter/$param")" ;; esac done From 31dddca0db19defea55d03120004f948694a9b11 Mon Sep 17 00:00:00 2001 From: Steven Armstrong Date: Fri, 24 Jul 2015 00:24:10 +0200 Subject: [PATCH 11/15] update params Signed-off-by: Steven Armstrong --- cdist/conf/type/__consul_template/parameter/boolean | 2 ++ cdist/conf/type/__consul_template/parameter/optional | 4 ++++ 2 files changed, 6 insertions(+) diff --git a/cdist/conf/type/__consul_template/parameter/boolean b/cdist/conf/type/__consul_template/parameter/boolean index 696f66ee..10057e46 100644 --- a/cdist/conf/type/__consul_template/parameter/boolean +++ b/cdist/conf/type/__consul_template/parameter/boolean @@ -1,3 +1,5 @@ ssl ssl-no-verify syslog +vault-ssl +vault-ssl-no-verify diff --git a/cdist/conf/type/__consul_template/parameter/optional b/cdist/conf/type/__consul_template/parameter/optional index 5ad9679d..8bc528ac 100644 --- a/cdist/conf/type/__consul_template/parameter/optional +++ b/cdist/conf/type/__consul_template/parameter/optional @@ -10,5 +10,9 @@ ssl-cert ssl-ca-cert syslog-facility token +vault-address +vault-token +vault-ssl-cert +vault-ssl-ca-cert version wait From c3bf4c7b610df27a2ba5a206456584b7914fcf4f Mon Sep 17 00:00:00 2001 From: Steven Armstrong Date: Thu, 13 Aug 2015 20:45:31 +0200 Subject: [PATCH 12/15] correctly merge and reformat custom json into generated config Signed-off-by: Steven Armstrong --- cdist/conf/type/__consul_agent/manifest | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/cdist/conf/type/__consul_agent/manifest b/cdist/conf/type/__consul_agent/manifest index 053c9e80..76bd6032 100755 --- a/cdist/conf/type/__consul_agent/manifest +++ b/cdist/conf/type/__consul_agent/manifest @@ -126,10 +126,10 @@ if [ -f "$__object/parameter/json-config" ]; then if [ "$json_config" = "-" ]; then json_config="$__object/stdin" fi - printf ',' - # remove trailing , - json=$(cat "$json_config") - echo "${json%*,}" + # remove leading and trailing whitespace and commas from first and last line + # indent each line with 3 spaces for consistency + json=$(sed -e 's/^[ \t]*/ /' -e '1s/^[ \t,]*//' -e '$s/[ \t,]*$//' "$json_config") + printf ' ,%s\n' "$json" fi echo "}" ) | \ From f0e07903b62f2c45ac6548dc0e0f3e6a1eec4af9 Mon Sep 17 00:00:00 2001 From: Steven Armstrong Date: Sat, 20 Feb 2016 12:48:29 +0100 Subject: [PATCH 13/15] fix download url for consul 0.5.2 Signed-off-by: Steven Armstrong --- cdist/conf/type/__consul/files/versions/0.5.2/source | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cdist/conf/type/__consul/files/versions/0.5.2/source b/cdist/conf/type/__consul/files/versions/0.5.2/source index 991034ce..43b43d55 100644 --- a/cdist/conf/type/__consul/files/versions/0.5.2/source +++ b/cdist/conf/type/__consul/files/versions/0.5.2/source @@ -1 +1 @@ -https://dl.bintray.com/mitchellh/consul/0.5.2_linux_amd64.zip +https://releases.hashicorp.com/consul/0.5.2/consul_0.5.2_linux_amd64.zip From 37fec8b3b550e4192a32646934bda897c3ff8b4b Mon Sep 17 00:00:00 2001 From: Stephan Leemburg Date: Tue, 23 Feb 2016 11:54:08 +0100 Subject: [PATCH 14/15] Added Mitel as a redhat derived OS --- cdist/conf/explorer/os | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/cdist/conf/explorer/os b/cdist/conf/explorer/os index 053177eb..b9f3512b 100755 --- a/cdist/conf/explorer/os +++ b/cdist/conf/explorer/os @@ -77,6 +77,11 @@ if grep -q ^Fedora /etc/redhat-release 2>/dev/null; then exit 0 fi +if grep -q ^Mitel /etc/redhat-release 2>/dev/null; then + echo mitel + exit 0 +fi + if [ -f /etc/redhat-release ]; then echo redhat exit 0 From b03a4f2829c71f432e71fe27105e1fbb08c2a074 Mon Sep 17 00:00:00 2001 From: Stephan Leemburg Date: Tue, 23 Feb 2016 12:57:21 +0100 Subject: [PATCH 15/15] Added Mitel as a redhat derived OS --- cdist/conf/explorer/os_version | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cdist/conf/explorer/os_version b/cdist/conf/explorer/os_version index 50889429..8f092827 100755 --- a/cdist/conf/explorer/os_version +++ b/cdist/conf/explorer/os_version @@ -51,7 +51,7 @@ case "$($__explorer/os)" in owl) cat /etc/owl-release ;; - redhat|centos) + redhat|centos|mitel) cat /etc/redhat-release ;; slackware)