forked from ungleich-public/cdist
191 lines
6.3 KiB
Bash
Executable file
191 lines
6.3 KiB
Bash
Executable file
#!/bin/sh -e
|
|
#
|
|
# 2015 Steven Armstrong (steven-cdist at armstrong.cc)
|
|
#
|
|
# This file is part of cdist.
|
|
#
|
|
# cdist is free software: you can redistribute it and/or modify
|
|
# it under the terms of the GNU General Public License as published by
|
|
# the Free Software Foundation, either version 3 of the License, or
|
|
# (at your option) any later version.
|
|
#
|
|
# cdist is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
|
#
|
|
|
|
|
|
os=$(cat "$__global/explorer/os")
|
|
|
|
case "$os" in
|
|
scientific|centos|redhat)
|
|
# whitelist safeguard
|
|
service_onchange='service consul-template status >/dev/null && service consul-template reload || true' \
|
|
;;
|
|
archlinux)
|
|
service_onchange="systemctl status consul-template >/dev/null && systemctl reload consul-template || true"
|
|
;;
|
|
*)
|
|
echo "Your operating system ($os) is currently not supported by this type (${__type##*/})." >&2
|
|
echo "Please contribute an implementation for it if you can." >&2
|
|
exit 1
|
|
;;
|
|
esac
|
|
|
|
versions_dir="$__type/files/versions"
|
|
version="$(cat "$__object/parameter/version")"
|
|
version_dir="$versions_dir/$version"
|
|
|
|
if [ ! -d "$version_dir" ]; then
|
|
echo "Unknown consul-template version '$version'. Expected one of:" >&2
|
|
ls "$versions_dir" >&2
|
|
exit 1
|
|
fi
|
|
|
|
state="$(cat "$__object/parameter/state")"
|
|
|
|
__staged_file /usr/local/bin/consul-template \
|
|
--source "$(cat "$version_dir/source")" \
|
|
--cksum "$(cat "$version_dir/cksum")" \
|
|
--fetch-command 'curl -s -L "%s"' \
|
|
--prepare-command 'unzip -p "%s"' \
|
|
--state "$state" \
|
|
--group root \
|
|
--owner root \
|
|
--mode 755
|
|
|
|
|
|
conf_dir="/etc/consul-template/conf.d"
|
|
conf_file="config.hcl"
|
|
template_dir="/etc/consul-template/template"
|
|
|
|
__directory /etc/consul-template \
|
|
--owner root --group root --mode 750
|
|
require="__directory/etc/consul-template" \
|
|
__directory "$conf_dir" \
|
|
--owner root --group root --mode 750
|
|
require="__directory/etc/consul-template" \
|
|
__directory "$template_dir" \
|
|
--owner root --group root --mode 750
|
|
|
|
|
|
# Generate hcl config file
|
|
(
|
|
cd "$__object/parameter/"
|
|
for param in *; do
|
|
case "$param" in
|
|
auth-password|state|ssl-*|syslog-*|version|vault-token|vault-ssl*) continue ;;
|
|
auth-username)
|
|
printf 'auth {\n'
|
|
printf ' enabled = true\n'
|
|
printf ' username = "%s"\n' "$(cat "$__object/parameter/auth-username")"
|
|
if [ -f "$__object/parameter/auth-password" ]; then
|
|
printf ' password = %s\n' "$(cat "$__object/parameter/auth-password")"
|
|
fi
|
|
printf '}\n'
|
|
;;
|
|
ssl)
|
|
printf 'ssl {\n'
|
|
printf ' enabled = true\n'
|
|
if [ -f "$__object/parameter/ssl-no-verify" ]; then
|
|
printf ' verify = false\n'
|
|
fi
|
|
if [ -f "$__object/parameter/ssl-cert" ]; then
|
|
printf ' cert = "%s"\n' "$(cat "$__object/parameter/ssl-cert")"
|
|
fi
|
|
if [ -f "$__object/parameter/ssl-ca-cert" ]; then
|
|
printf ' ca_cert = "%s"\n' "$(cat "$__object/parameter/ssl-ca-cert")"
|
|
fi
|
|
printf '}\n'
|
|
;;
|
|
syslog)
|
|
printf 'syslog {\n'
|
|
printf ' enabled = true\n'
|
|
if [ -f "$__object/parameter/syslog-facility" ]; then
|
|
printf ' facility = "%s"\n' "$(cat "$__object/parameter/syslog-facility")"
|
|
fi
|
|
printf '}\n'
|
|
;;
|
|
vault-address)
|
|
printf 'vault {\n'
|
|
printf ' address = "%s"\n' "$(cat "$__object/parameter/vault-address")"
|
|
if [ -f "$__object/parameter/vault-token" ]; then
|
|
printf ' token = "%s"\n' "$(cat "$__object/parameter/vault-token")"
|
|
fi
|
|
if [ -f "$__object/parameter/vault-ssl" ]; then
|
|
printf ' ssl {\n'
|
|
printf ' enabled = true\n'
|
|
if [ -f "$__object/parameter/vault-ssl-no-verify" ]; then
|
|
printf ' verify = false\n'
|
|
fi
|
|
if [ -f "$__object/parameter/vault-ssl-cert" ]; then
|
|
printf ' cert = "%s"\n' "$(cat "$__object/parameter/vault-ssl-cert")"
|
|
fi
|
|
if [ -f "$__object/parameter/vault-ssl-ca-cert" ]; then
|
|
printf ' ca_cert = "%s"\n' "$(cat "$__object/parameter/vault-ssl-ca-cert")"
|
|
fi
|
|
printf ' }\n'
|
|
fi
|
|
printf '}\n'
|
|
;;
|
|
*)
|
|
# string key=value parameters
|
|
key="$(echo "$param" | tr '-' '_')"
|
|
printf '%s = "%s"\n' "$key" "$(cat "$__object/parameter/$param")"
|
|
;;
|
|
esac
|
|
done
|
|
) | \
|
|
require="__directory${conf_dir}" \
|
|
__config_file "${conf_dir}/${conf_file}" \
|
|
--owner root --group root --mode 640 \
|
|
--state "$state" \
|
|
--onchange "$service_onchange" \
|
|
--source -
|
|
|
|
|
|
# Install init script to start on boot
|
|
service="consul-template"
|
|
case "$os" in
|
|
centos|redhat)
|
|
os_version="$(sed 's/[^0-9.]//g' "$__global/explorer/os_version")"
|
|
major_version="${os_version%%.*}"
|
|
case "$major_version" in
|
|
7)
|
|
__file "/lib/systemd/system/${service}.service" \
|
|
--owner root --group root --mode 0555 \
|
|
--state "$state" \
|
|
--source "$__type/files/${service}.systemd"
|
|
export require="__file/lib/systemd/system/${service}.service"
|
|
;;
|
|
*)
|
|
__file "/etc/init.d/${service}" \
|
|
--owner root --group root --mode 0555 \
|
|
--state "$state" \
|
|
--source "$__type/files/${service}.sysv"
|
|
export require="__file/etc/init.d/${service}"
|
|
;;
|
|
esac
|
|
__start_on_boot "$service" --state "$state"
|
|
;;
|
|
ubuntu)
|
|
__file "/etc/init/${service}.conf" \
|
|
--owner root --group root --mode 0644 \
|
|
--state "$state" \
|
|
--source "$__type/files/${service}.upstart"
|
|
export require="__file/etc/init/${service}.conf"
|
|
__start_on_boot "$service" --state "$state"
|
|
;;
|
|
archlinux)
|
|
__file "/lib/systemd/system/${service}.service" \
|
|
--owner root --group root --mode 0555 \
|
|
--state "$state" \
|
|
--source "$__type/files/${service}.systemd"
|
|
export require="__file/lib/systemd/system/${service}.service"
|
|
__start_on_boot "$service" --state "$state"
|
|
;;
|
|
esac
|