Merge branch 'master' of github.com:telmich/cdist

This commit is contained in:
Nico Schottelius 2016-02-25 07:19:45 +01:00
commit 36d6ffbe74
20 changed files with 243 additions and 27 deletions

View file

@ -77,6 +77,11 @@ if grep -q ^Fedora /etc/redhat-release 2>/dev/null; then
exit 0 exit 0
fi fi
if grep -q ^Mitel /etc/redhat-release 2>/dev/null; then
echo mitel
exit 0
fi
if [ -f /etc/redhat-release ]; then if [ -f /etc/redhat-release ]; then
echo redhat echo redhat
exit 0 exit 0

View file

@ -51,7 +51,7 @@ case "$($__explorer/os)" in
owl) owl)
cat /etc/owl-release cat /etc/owl-release
;; ;;
redhat|centos) redhat|centos|mitel)
cat /etc/redhat-release cat /etc/redhat-release
;; ;;
slackware) slackware)

View file

@ -0,0 +1,9 @@
start on starting consul
task
script
mkdir -p /var/run/consul
chown consul:consul /var/run/consul
chmod 2770 /var/run/consul
end script

View file

@ -7,6 +7,11 @@ After=basic.target network.target
User=consul User=consul
Group=consul Group=consul
Environment="GOMAXPROCS=2" Environment="GOMAXPROCS=2"
# Run ExecStartPre with root-permissions
PermissionsStartOnly=true
ExecStartPre=/usr/bin/mkdir -p /var/run/consul
ExecStartPre=/usr/bin/chown consul:consul /var/run/consul
ExecStartPre=/usr/bin/chmod 2770 /var/run/consul
ExecStart=/usr/local/bin/consul agent -config-dir /etc/consul/conf.d ExecStart=/usr/local/bin/consul agent -config-dir /etc/consul/conf.d
ExecReload=/bin/kill -HUP $MAINPID ExecReload=/bin/kill -HUP $MAINPID
KillMode=process KillMode=process

View file

@ -1,6 +1,7 @@
#!/bin/sh #!/bin/sh
# #
# 2015 Nico Schottelius (nico-cdist at schottelius.org) # 2015 Nico Schottelius (nico-cdist at schottelius.org)
# 2015 Steven Armstrong (steven-cdist at armstrong.cc)
# #
# This file is part of cdist. # This file is part of cdist.
# #
@ -29,6 +30,10 @@ CONSUL=/usr/local/bin/consul
CONFIG=/etc/$NAME/conf.d CONFIG=/etc/$NAME/conf.d
PID_FILE=/var/run/$NAME/pidfile PID_FILE=/var/run/$NAME/pidfile
mkdir -p /var/run/$NAME
chown consul:consul /var/run/$NAME
chmod 2770 /var/run/$NAME
export PATH="${PATH:+$PATH:}/usr/sbin:/sbin" export PATH="${PATH:+$PATH:}/usr/sbin:/sbin"
case "$1" in case "$1" in

View file

@ -22,7 +22,9 @@ LOG_FILE=/var/log/$NAME
export GOMAXPROCS=${GOMAXPROCS:-2} export GOMAXPROCS=${GOMAXPROCS:-2}
mkdir -p /var/run/$NAME mkdir -p /var/run/$NAME
chown consul /var/run/$NAME chown consul:consul /var/run/$NAME
chmod 2770 /var/run/$NAME
start() { start() {
echo -n "Starting $NAME: " echo -n "Starting $NAME: "
@ -36,7 +38,7 @@ start() {
stop() { stop() {
echo -n "Shutting down $NAME: " echo -n "Shutting down $NAME: "
"$CONSUL" leave killproc -p "$PID_FILE" $NAME
retcode=$? retcode=$?
rm -f /var/lock/subsys/$NAME rm -f /var/lock/subsys/$NAME
return $retcode return $retcode
@ -86,7 +88,7 @@ case "$1" in
fi fi
;; ;;
*) *)
echo "Usage: $NAME {start|stop|status|reload|restart}" echo "Usage: $NAME {start|stop|status|reload|restart|condrestart|info}"
exit 1 exit 1
;; ;;
esac esac

View file

@ -132,10 +132,10 @@ if [ -f "$__object/parameter/json-config" ]; then
if [ "$json_config" = "-" ]; then if [ "$json_config" = "-" ]; then
json_config="$__object/stdin" json_config="$__object/stdin"
fi fi
printf ',' # remove leading and trailing whitespace and commas from first and last line
# remove trailing , # indent each line with 3 spaces for consistency
json=$(cat "$json_config") json=$(sed -e 's/^[ \t]*/ /' -e '1s/^[ \t,]*//' -e '$s/[ \t,]*$//' "$json_config")
echo "${json%*,}" printf ' ,%s\n' "$json"
fi fi
echo "}" echo "}"
) | \ ) | \
@ -166,10 +166,15 @@ init_systemd()
init_upstart() init_upstart()
{ {
__file /etc/init/consul.conf \ __file /etc/init/consul-prepare.conf \
--owner root --group root --mode 0644 \ --owner root --group root --mode 0644 \
--state "$state" \ --state "$state" \
--source "$__type/files/consul.upstart" --source "$__type/files/consul-prepare.upstart"
require="__file/etc/init/consul-prepare.conf" \
__file /etc/init/consul.conf \
--owner root --group root --mode 0644 \
--state "$state" \
--source "$__type/files/consul.upstart"
require="__file/etc/init/consul.conf" __start_on_boot consul require="__file/etc/init/consul.conf" __start_on_boot consul
} }

View file

@ -0,0 +1 @@
3401777891 9273880 consul-template

View file

@ -1 +1 @@
https://github.com/hashicorp/consul-template/releases/download/v0.6.5/consul-template_0.6.5_linux_amd64.tar.gz https://github.com/hashicorp/consul-template/releases/download/v0.10.0/consul-template_0.10.0_linux_amd64.tar.gz

View file

@ -1 +0,0 @@
1356006333 8496656 consul-template

View file

@ -24,13 +24,19 @@ None.
OPTIONAL PARAMETERS OPTIONAL PARAMETERS
------------------- -------------------
auth:: auth-username::
specify a username (and password) for basic authentication. specify a username for basic authentication.
auth-password::
specify a password for basic authentication.
batch-size:: batch-size::
the size of the batch when polling multiple dependencies. the size of the batch when polling multiple dependencies.
consul:: consul::
the location of the Consul instance to query (may be an IP address or FQDN) with port. the location of the Consul instance to query (may be an IP address or FQDN) with port.
Defaults to 'localhost:8500'. Defaults to 'localhost:8500'.
log-level::
The log level for output. This applies to the stdout/stderr logging as well
as syslog logging (if enabled). Valid values are "debug", "info", "warn",
and "err". The default value is "warn".
max-stale:: max-stale::
the maximum staleness of a query. If specified, Consul will distribute work among all the maximum staleness of a query. If specified, Consul will distribute work among all
servers instead of just the leader. servers instead of just the leader.
@ -39,8 +45,27 @@ retry::
with the API. with the API.
state:: state::
either 'present' or 'absent'. Defaults to 'present' either 'present' or 'absent'. Defaults to 'present'
ssl-cert::
Path to an SSL client certificate to use to authenticate to the consul server.
Useful if the consul server "verify_incoming" option is set.
ssl-ca-cert::
Path to a CA certificate file, containing one or more CA certificates to
use to validate the certificate sent by the consul server to us. This is a
handy alternative to setting --ssl-no-verify if you are using your own CA.
syslog-facility::
The facility to use when sending to syslog. This requires the use of --syslog.
The default value is LOCAL0.
token:: token::
the Consul API token. the Consul API token.
vault-address::
the location of the Vault instance to query (may be an IP address or FQDN) with port.
vault-token::
the Vault API token.
vault-ssl-cert::
Path to an SSL client certificate to use to authenticate to the vault server.
vault-ssl-ca-cert::
Path to a CA certificate file, containing one or more CA certificates to
use to validate the certificate sent by the vault server to us.
version:: version::
which version of consul-template to install. See ./files/versions for a list of which version of consul-template to install. See ./files/versions for a list of
supported versions. Defaults to the latest known version. supported versions. Defaults to the latest known version.
@ -56,6 +81,12 @@ ssl::
use HTTPS while talking to Consul. Requires the Consul server to be configured to serve secure connections. use HTTPS while talking to Consul. Requires the Consul server to be configured to serve secure connections.
ssl-no-verify:: ssl-no-verify::
ignore certificate warnings. Only used if ssl is enabled. ignore certificate warnings. Only used if ssl is enabled.
syslog::
Send log output to syslog (in addition to stdout and stderr).
vault-ssl::
use HTTPS while talking to Vault. Requires the Vault server to be configured to serve secure connections.
vault-ssl-no-verify::
ignore certificate warnings. Only used if vault is enabled.
EXAMPLES EXAMPLES

View file

@ -77,17 +77,64 @@ require="__directory/etc/consul-template" \
( (
for param in $(ls "$__object/parameter/"); do for param in $(ls "$__object/parameter/"); do
case "$param" in case "$param" in
ssl|ssl-no-verify) # boolean auth-password|state|ssl-*|syslog-*|version|vault-token|vault-ssl*) continue ;;
key="$(echo "$param" | tr '-' '_')" auth-username)
printf '%s = true\n' "$key" printf 'auth {\n'
printf ' enabled = true\n'
printf ' username = "%s"\n' "$(cat "$__object/parameter/auth-username")"
if [ -f "$__object/parameter/auth-password" ]; then
printf ' password = %s\n' "$(cat "$__object/parameter/auth-password")"
fi
printf '}\n'
;; ;;
auth|batch-size|consul|max-stale|retry|token|wait) ssl)
key="$(echo "$param" | tr '-' '_')" printf 'ssl {\n'
printf '%s = "%s"\n' "$key" "$(cat "$__object/parameter/$param")" printf ' enabled = true\n'
if [ -f "$__object/parameter/ssl-no-verify" ]; then
printf ' verify = false\n'
fi
if [ -f "$__object/parameter/ssl-cert" ]; then
printf ' cert = "%s"\n' "$(cat "$__object/parameter/ssl-cert")"
fi
if [ -f "$__object/parameter/ssl-ca-cert" ]; then
printf ' ca_cert = "%s"\n' "$(cat "$__object/parameter/ssl-ca-cert")"
fi
printf '}\n'
;;
syslog)
printf 'syslog {\n'
printf ' enabled = true\n'
if [ -f "$__object/parameter/syslog-facility" ]; then
printf ' facility = "%s"\n' "$(cat "$__object/parameter/syslog-facility")"
fi
printf '}\n'
;;
vault-address)
printf 'vault {\n'
printf ' address = "%s"\n' "$(cat "$__object/parameter/vault-address")"
if [ -f "$__object/parameter/vault-token" ]; then
printf ' token = "%s"\n' "$(cat "$__object/parameter/vault-token")"
fi
if [ -f "$__object/parameter/vault-ssl" ]; then
printf ' ssl {\n'
printf ' enabled = true\n'
if [ -f "$__object/parameter/vault-ssl-no-verify" ]; then
printf ' verify = false\n'
fi
if [ -f "$__object/parameter/vault-ssl-cert" ]; then
printf ' cert = "%s"\n' "$(cat "$__object/parameter/vault-ssl-cert")"
fi
if [ -f "$__object/parameter/vault-ssl-ca-cert" ]; then
printf ' ca_cert = "%s"\n' "$(cat "$__object/parameter/vault-ssl-ca-cert")"
fi
printf ' }\n'
fi
printf '}\n'
;; ;;
*) *)
# ignore unknown parameters # string key=value parameters
: key="$(echo "$param" | tr '-' '_')"
printf '%s = "%s"\n' "$key" "$(cat "$__object/parameter/$param")"
;; ;;
esac esac
done done

View file

@ -0,0 +1,93 @@
# < 0.7.0
ssl = true
ssl_no_verify = true
# >= 0.7.0
ssl {
enabled = true
verify = false
}
# >= 0.9.0
ssl-cert
ssl-ca-cert
--------------------------------------------------------------------------------
### from docs
ssl {
enabled = true
verify = false
cert = "/path/to/client/cert.pem"
ca_cert = "/path/to/ca/cert.pem"
}
ssl
Use HTTPS while talking to Consul. Requires the Consul server to be configured to serve secure connections. The default value is false.
ssl-verify
Verify certificates when connecting via SSL. This requires the use of -ssl. The default value is true.
ssl-cert
Path to an SSL client certificate to use to authenticate to the consul server. Useful if the consul server "verify_incoming" option is set.
ssl-ca-cert
Path to a CA certificate file, containing one or more CA certificates to use to validate the certificate sent by the consul server to us. This is a handy alternative to setting --ssl-verify=false if you are using your own CA.
--------------------------------------------------------------------------------
### example config file from docs
consul = "127.0.0.1:8500"
token = "abcd1234" // May also be specified via the envvar CONSUL_TOKEN
retry = "10s"
max_stale = "10m"
log_level = "warn"
pid_file = "/path/to/pid"
vault {
address = "https://vault.service.consul:8200"
token = "abcd1234" // May also be specified via the envvar VAULT_TOKEN
ssl {
enabled = true
verify = true
cert = "/path/to/client/cert.pem"
ca_cert = "/path/to/ca/cert.pem"
}
}
--auth-username
--auth-password
# if any are given enabled = true
auth {
enabled = true
username = "test"
password = "test"
}
ssl {
enabled = true
verify = false
cert = "/path/to/client/cert.pem"
ca_cert = "/path/to/ca/cert.pem"
}
syslog {
enabled = true
facility = "LOCAL5"
}
template {
source = "/path/on/disk/to/template"
destination = "/path/on/disk/where/template/will/render"
command = "optional command to run when the template is updated"
}
template {
// Multiple template definitions are supported
}

View file

@ -1,2 +1,5 @@
ssl ssl
ssl-no-verify ssl-no-verify
syslog
vault-ssl
vault-ssl-no-verify

View file

@ -0,0 +1 @@
warn

View file

@ -0,0 +1 @@
LOCAL0

View file

@ -1,9 +1,18 @@
auth auth-username
auth-password
batch-size batch-size
consul consul
log-level
max-stale max-stale
retry retry
state state
ssl-cert
ssl-ca-cert
syslog-facility
token token
vault-address
vault-token
vault-ssl-cert
vault-ssl-ca-cert
version version
wait wait

View file

@ -1,2 +0,0 @@
- add support for latest version 0.7.0
- config file format has changed

View file

@ -5,6 +5,8 @@ next:
* Documentation: Fix spelling in manual pages (Dmitry Bogatov) * Documentation: Fix spelling in manual pages (Dmitry Bogatov)
* New type: __pacman_conf: Manage pacman.conf (Dominique Roux) * New type: __pacman_conf: Manage pacman.conf (Dominique Roux)
* New type: __pacman_conf_integrate: cdist compatible pacman.conf (Dominique Roux) * New type: __pacman_conf_integrate: cdist compatible pacman.conf (Dominique Roux)
* Type __consul: Do not install unused package unzip (Steven Armstrong)
* Type __consul: Add source & cksum for 0.5.2 (Steven Armstrong)
* Core: Support object ids '.cdist' (Nico Schottelius) * Core: Support object ids '.cdist' (Nico Schottelius)
* Type __apt_norecommends: Also setup autoremove options (Dmitry Bogatov) * Type __apt_norecommends: Also setup autoremove options (Dmitry Bogatov)
* Type __user_groups: Add NetBSD support (Jonathan A. Kollasch) * Type __user_groups: Add NetBSD support (Jonathan A. Kollasch)