Merge branch 'consul_agent' into 'master'

Refactor __consul_* for use with distribution packages

See merge request ungleich-public/cdist!837
This commit is contained in:
poljakowski 2020-02-23 09:28:24 +01:00
commit 47ec9ada10
21 changed files with 260 additions and 163 deletions

View file

@ -116,6 +116,9 @@ verify-incoming
verify-outgoing
enforce the use of TLS and verify the peers authenticity on outgoing connections
use-distribution-package
uses distribution package instead of upstream binary
EXAMPLES
--------

View file

@ -2,6 +2,7 @@
#
# 2015 Steven Armstrong (steven-cdist at armstrong.cc)
# 2015-2019 Nico Schottelius (nico-cdist at schottelius.org)
# 2019 Timothée Floure (timothee.floure at ungleich.ch)
#
# This file is part of cdist.
#
@ -19,133 +20,64 @@
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
os=$(cat "$__global/explorer/os")
case "$os" in
alpine|scientific|centos|debian|devuan|redhat|ubuntu)
# whitelist safeguard
:
;;
*)
echo "Your operating system ($os) is currently not supported by this type (${__type##*/})." >&2
echo "Please contribute an implementation for it if you can." >&2
exit 1
;;
esac
###
# Type parameters.
state="$(cat "$__object/parameter/state")"
user="$(cat "$__object/parameter/user")"
group="$(cat "$__object/parameter/group")"
release=$(cat "$__global/explorer/lsb_release")
if [ -f "$__object/parameter/use-distribution-package" ]; then
use_distribution_package=1
fi
###
# Those are default that might be overriden by os-specific logic.
data_dir="/var/lib/consul"
conf_dir="/etc/consul/conf.d"
conf_file="config.json"
tls_dir="$conf_dir/tls"
# FIXME: there has got to be a better way to handle the dependencies in this case
case "$state" in
present)
__group "$group" --system --state "$state"
require="__group/$group" \
__user "$user" --system --gid "$group" \
--home "$data_dir" --state "$state"
export require="__user/consul"
;;
absent)
echo "Sorry, state=absent currently not supported :-(" >&2
###
# Sane deployment, based on distribution package when available.
distribution_setup () {
case "$os" in
debian)
# consul is only available starting Debian 10 (buster).
# See https://packages.debian.org/buster/consul
if [ "$release" -lt 10 ]; then
echo "Consul is not available for your debian release." >&2
echo "Please use the 'manual' (i.e. non-package) installation or \
upgrade the target system." >&2
exit 1
require="$__object_name" \
__user "$user" --system --gid "$group" --state "$state"
require="__user/$user" \
__group "$group" --system --state "$state"
;;
esac
fi
__directory /etc/consul \
--owner root --group "$group" --mode 750 --state "$state"
require="__directory/etc/consul" \
__directory "$conf_dir" \
--owner root --group "$group" --mode 750 --state "$state"
if [ -f "$__object/parameter/ca-file-source" ] || [ -f "$__object/parameter/cert-file-source" ] || [ -f "$__object/parameter/key-file-source" ]; then
# create directory for ssl certs
require="__directory/etc/consul" \
__directory /etc/consul/ssl \
--owner root --group "$group" --mode 750 --state "$state"
fi
__directory "$data_dir" \
--owner "$user" --group "$group" --mode 770 --state "$state"
# Generate json config file
(
echo "{"
# parameters we define ourself
printf ' "data_dir": "%s"\n' "$data_dir"
cd "$__object/parameter/"
for param in *; do
case "$param" in
state|user|group|json-config) continue ;;
ca-file-source|cert-file-source|key-file-source)
source="$(cat "$__object/parameter/$param")"
destination="/etc/consul/ssl/${source##*/}"
require="__directory/etc/consul/ssl" \
__file "$destination" \
--owner root --group consul --mode 640 \
--source "$source" \
--state "$state"
key="$(echo "${param%-*}" | tr '-' '_')"
printf ' ,"%s": "%s"\n' "$key" "$destination"
;;
disable-remote-exec|disable-update-check|leave-on-terminate|rejoin-after-leave|server|enable-syslog|verify-incoming|verify-outgoing)
# handle boolean parameters
key="$(echo "$param" | tr '-' '_')"
printf ' ,"%s": true\n' "$key"
;;
retry-join)
# join multiple parameters into json array
retry_join="$(awk '{printf "\""$1"\","}' "$__object/parameter/retry-join")"
# remove trailing ,
printf ' ,"retry_join": [%s]\n' "${retry_join%*,}"
;;
retry-join-wan)
# join multiple parameters into json array over wan
retry_join_wan="$(awk '{printf "\""$1"\","}' "$__object/parameter/retry-join-wan")"
# remove trailing ,
printf ' ,"retry_join_wan": [%s]\n' "${retry_join_wan%*,}"
;;
bootstrap-expect)
# integer key=value parameters
key="$(echo "$param" | tr '-' '_')"
printf ' ,"%s": %s\n' "$key" "$(cat "$__object/parameter/$param")"
# Override previously defined environment to match debian packaging.
conf_dir='/etc/consul.d'
user='consul'
group='consul'
;;
*)
# string key=value parameters
key="$(echo "$param" | tr '-' '_')"
printf ' ,"%s": "%s"\n' "$key" "$(cat "$__object/parameter/$param")"
echo "Your operating system ($os) is currently not supported with the \
--use-distribution-package flag (${__type##*/})." >&2
echo "Please use non-package installation or contribute an \
implementation for if you can." >&2
exit 1
;;
esac
done
if [ -f "$__object/parameter/json-config" ]; then
json_config="$(cat "$__object/parameter/json-config")"
if [ "$json_config" = "-" ]; then
json_config="$__object/stdin"
fi
# remove leading and trailing whitespace and commas from first and last line
# indent each line with 3 spaces for consistency
json=$(sed -e 's/^[ \t]*/ /' -e '1s/^[ \t,]*//' -e '$s/[ \t,]*$//' "$json_config")
printf ' ,%s\n' "$json"
fi
echo "}"
) | \
require="__directory${conf_dir}" \
__config_file "${conf_dir}/${conf_file}" \
--owner root --group "$group" --mode 640 \
--state "$state" \
--onchange 'service consul status >/dev/null && service consul reload || true' \
--source -
# Install consul package.
__package consul --state "$state"
export config_deployment_requires="__package/consul"
}
###
# LEGACY manual deployment, kept for compatibility reasons.
init_sysvinit()
{
@ -179,8 +111,43 @@ init_upstart()
require="__file/etc/init/consul.conf" __start_on_boot consul
}
# Install init script to start on boot
case "$os" in
manual_setup () {
case "$os" in
alpine|scientific|centos|debian|devuan|redhat|ubuntu)
# whitelist safeguard
:
;;
*)
echo "Your operating system ($os) is currently not supported by this \
type (${__type##*/})." >&2
echo "Please contribute an implementation for it if you can." >&2
exit 1
;;
esac
# FIXME: there has got to be a better way to handle the dependencies in this case
case "$state" in
present)
__group "$group" --system --state "$state"
require="__group/$group" __user "$user" \
--system --gid "$group" --home "$data_dir" --state "$state"
;;
*)
echo "The $state state is not (yet?) supported by this type." >&2
exit 1
;;
esac
# Create data directory.
require="__user/consul" __directory "$data_dir" \
--owner "$user" --group "$group" --mode 770 --state "$state"
# Create config directory.
require="__user/consul" __directory "$conf_dir" \
--parents --owner root --group "$group" --mode 750 --state "$state"
# Install init script to start on boot
case "$os" in
devuan)
init_sysvinit debian
;;
@ -222,4 +189,108 @@ case "$os" in
ubuntu)
init_upstart
;;
esac
esac
config_deployment_requires="__user/consul __directory/$conf_dir"
}
###
# Trigger requested installation method.
if [ $use_distribution_package ]; then
distribution_setup
else
manual_setup
fi
###
# Install TLS certificates.
if [ -f "$__object/parameter/ca-file-source" ] || \
[ -f "$__object/parameter/cert-file-source" ] || \
[ -f "$__object/parameter/key-file-source" ]; then
requires="$config_deployment_requires" __directory $tls_dir \
--owner root --group "$group" --mode 750 --state "$state"
# Append to service restart requirements.
restart_requires="$restart_requires __directory/$conf_dir/tls"
fi
###
# Generate and deploy configuration.
json_configuration=$(
echo "{"
# parameters we define ourself
printf ' "data_dir": "%s"\n' "$data_dir"
cd "$__object/parameter/"
for param in *; do
case "$param" in
state|user|group|json-config|use-distribution-package) continue ;;
ca-file-source|cert-file-source|key-file-source)
source="$(cat "$__object/parameter/$param")"
destination="$tls_dir/${source##*/}"
require="__directory/$tls_dir" \
__file "$destination" \
--owner root --group consul --mode 640 \
--source "$source" \
--state "$state"
key="$(echo "${param%-*}" | tr '-' '_')"
printf ' ,"%s": "%s"\n' "$key" "$destination"
;;
disable-remote-exec|disable-update-check|leave-on-terminate\
|rejoin-after-leave|server|enable-syslog|verify-incoming|verify-outgoing)
# handle boolean parameters
key="$(echo "$param" | tr '-' '_')"
printf ' ,"%s": true\n' "$key"
;;
retry-join)
# join multiple parameters into json array
retry_join="$(awk '{printf "\""$1"\","}' "$__object/parameter/retry-join")"
# remove trailing ,
printf ' ,"retry_join": [%s]\n' "${retry_join%*,}"
;;
retry-join-wan)
# join multiple parameters into json array over wan
retry_join_wan="$(awk '{printf "\""$1"\","}' "$__object/parameter/retry-join-wan")"
# remove trailing ,
printf ' ,"retry_join_wan": [%s]\n' "${retry_join_wan%*,}"
;;
bootstrap-expect)
# integer key=value parameters
key="$(echo "$param" | tr '-' '_')"
printf ' ,"%s": %s\n' "$key" "$(cat "$__object/parameter/$param")"
;;
*)
# string key=value parameters
key="$(echo "$param" | tr '-' '_')"
printf ' ,"%s": "%s"\n' "$key" "$(cat "$__object/parameter/$param")"
;;
esac
done
if [ -f "$__object/parameter/json-config" ]; then
json_config="$(cat "$__object/parameter/json-config")"
if [ "$json_config" = "-" ]; then
json_config="$__object/stdin"
fi
# remove leading and trailing whitespace and commas from first and last line
# indent each line with 3 spaces for consistency
json=$(sed -e 's/^[ \t]*/ /' -e '1s/^[ \t,]*//' -e '$s/[ \t,]*$//' "$json_config")
printf ' ,%s\n' "$json"
fi
echo "}"
)
echo "$json_configuration" | require="$config_deployment_requires" \
__file "$conf_dir/$conf_file" \
--owner root --group "$group" --mode 640 \
--state "$state" \
--source -
# Set configuration deployment as requirement for service restart.
restart_requires="__file/$conf_dir/$conf_file"
###
# Restart consul agent after everything else.
require="$restart_requires" __service consul --action restart

View file

@ -6,3 +6,4 @@ server
enable-syslog
verify-incoming
verify-outgoing
use-distribution-package

View file

@ -0,0 +1 @@
../../__consul_service/explorer/conf-dir

View file

@ -19,7 +19,7 @@
#
name="$(cat "$__object/parameter/name" 2>/dev/null || echo "$__object_id")"
conf_dir="/etc/consul/conf.d"
conf_dir=$(cat "$__object/explorer/conf-dir")
conf_file="check_${name}.json"
state="$(cat "$__object/parameter/state")"

View file

@ -0,0 +1,15 @@
# Determine the configuration directory used by consul.
check_dir () {
if [ -d "$1" ]; then
printf '%s' "$1"
exit
fi
}
check_dir '/etc/consul/conf.d'
check_dir '/etc/consul.d'
check_dir '/etc/consul'
echo 'Could not determine consul configuration dir. Exiting.' >&2
exit 1

View file

@ -19,7 +19,7 @@
#
name="$(cat "$__object/parameter/name" 2>/dev/null || echo "$__object_id")"
conf_dir="/etc/consul/conf.d"
conf_dir=$(cat "$__object/explorer/conf-dir")
conf_file="service_${name}.json"
state="$(cat "$__object/parameter/state")"
@ -45,7 +45,7 @@ printf ' "name": "%s"\n' "$name"
cd "$__object/parameter/"
for param in *; do
case "$param" in
state|name|check-interval) continue ;;
state|name|check-interval|conf-dir) continue ;;
check-script)
printf ' ,"check": {\n'
printf ' "script": "%s"\n' "$(cat "$__object/parameter/check-script")"
@ -86,7 +86,6 @@ echo " }"
# end json file
echo "}"
) | \
require="__directory${conf_dir}" \
__config_file "${conf_dir}/${conf_file}" \
--owner root --group consul --mode 640 \
--state "$state" \

View file

@ -0,0 +1 @@
../../__consul_service/explorer/conf-dir

View file

@ -20,7 +20,7 @@
cdist_type="${__type##*/}"
watch_type="${cdist_type##*_}"
conf_dir="/etc/consul/conf.d"
conf_dir=$(cat "$__object/explorer/conf-dir")
conf_file="watch_${watch_type}_${__object_id}.json"
state="$(cat "$__object/parameter/state")"

View file

@ -0,0 +1 @@
../../__consul_service/explorer/conf-dir

View file

@ -20,7 +20,7 @@
cdist_type="${__type##*/}"
watch_type="${cdist_type##*_}"
conf_dir="/etc/consul/conf.d"
conf_dir=$(cat "$__object/explorer/conf-dir")
conf_file="watch_${watch_type}_${__object_id}.json"
state="$(cat "$__object/parameter/state")"

View file

@ -0,0 +1 @@
../../__consul_service/explorer/conf-dir

View file

@ -20,7 +20,7 @@
cdist_type="${__type##*/}"
watch_type="${cdist_type##*_}"
conf_dir="/etc/consul/conf.d"
conf_dir=$(cat "$__object/explorer/conf-dir")
conf_file="watch_${watch_type}_${__object_id}.json"
state="$(cat "$__object/parameter/state")"

View file

@ -0,0 +1 @@
../../__consul_service/explorer/conf-dir

View file

@ -20,7 +20,7 @@
cdist_type="${__type##*/}"
watch_type="${cdist_type##*_}"
conf_dir="/etc/consul/conf.d"
conf_dir=$(cat "$__object/explorer/conf-dir")
conf_file="watch_${watch_type}_${__object_id}.json"
state="$(cat "$__object/parameter/state")"

View file

@ -0,0 +1 @@
../../__consul_service/explorer/conf-dir

View file

@ -20,7 +20,7 @@
cdist_type="${__type##*/}"
watch_type="${cdist_type##*_}"
conf_dir="/etc/consul/conf.d"
conf_dir=$(cat "$__object/explorer/conf-dir")
conf_file="watch_${watch_type}_${__object_id}.json"
state="$(cat "$__object/parameter/state")"

View file

@ -0,0 +1 @@
../../__consul_service/explorer/conf-dir

View file

@ -20,7 +20,7 @@
cdist_type="${__type##*/}"
watch_type="${cdist_type##*_}"
conf_dir="/etc/consul/conf.d"
conf_dir=$(cat "$__object/explorer/conf-dir")
conf_file="watch_${watch_type}_${__object_id}.json"
state="$(cat "$__object/parameter/state")"

View file

@ -0,0 +1 @@
../../__consul_service/explorer/conf-dir

View file

@ -20,7 +20,7 @@
cdist_type="${__type##*/}"
watch_type="${cdist_type##*_}"
conf_dir="/etc/consul/conf.d"
conf_dir=$(cat "$__object/explorer/conf-dir")
conf_file="watch_${watch_type}_${__object_id}.json"
state="$(cat "$__object/parameter/state")"