[arch-commits] Commit in consul-template/repos (4 files)
Christian Rebischke
shibumi at archlinux.org
Mon Mar 12 00:05:07 UTC 2018
Date: Monday, March 12, 2018 @ 00:04:56
Author: shibumi
Revision: 306252
archrelease: copy trunk to community-x86_64
Added:
consul-template/repos/community-x86_64/
consul-template/repos/community-x86_64/PKGBUILD
(from rev 306251, consul-template/trunk/PKGBUILD)
consul-template/repos/community-x86_64/consul-template.hcl
(from rev 306251, consul-template/trunk/consul-template.hcl)
consul-template/repos/community-x86_64/consul-template.service
(from rev 306251, consul-template/trunk/consul-template.service)
-------------------------+
PKGBUILD | 41 +++++
consul-template.hcl | 350 ++++++++++++++++++++++++++++++++++++++++++++++
consul-template.service | 12 +
3 files changed, 403 insertions(+)
Copied: consul-template/repos/community-x86_64/PKGBUILD (from rev 306251, consul-template/trunk/PKGBUILD)
===================================================================
--- community-x86_64/PKGBUILD (rev 0)
+++ community-x86_64/PKGBUILD 2018-03-12 00:04:56 UTC (rev 306252)
@@ -0,0 +1,41 @@
+# Maintainer: Christian Rebischke <chris.rebischke at archlinux.org>
+# Contributor: Tyler Langlois <ty |at| tjll |dot| net>
+# Contributor: Tim Meusel <tim at bastelfreak.de>
+pkgname=consul-template
+pkgver=0.19.4
+pkgrel=2
+pkgdesc='Template rendering, notifier, and supervisor for HashiCorp Consul and Vault data'
+arch=('x86_64')
+url='https://github.com/hashicorp/consul-template'
+license=('MPL')
+backup=("etc/${pkgname}/${pkgname}.hcl")
+makedepends=('go-pie' 'git')
+depends=('glibc')
+optdepends=('consul: interpolate values from a distributed key/value store'
+ 'vault: reference secure secrets in template files')
+_consul_template_commit='111a80441153783544817b7c6a9c08633308b9a8'
+source=("git+https://github.com/hashicorp/consul-template#commit=${_consul_template_commit}"
+ "${pkgname}.service"
+ "${pkgname}.hcl")
+sha512sums=('SKIP'
+ '8b187ff470fb10b47b815b2faaad836ac369071c8ce7e353ec0cbc98e3b1ac2ffc9c892244ac492be1285caa303c4b5fd0a22df3bdb2a037fca1b06c7b24084b'
+ 'b2acfbb4bf389b1d95ca9a5f2dfe9be85444c20efdae63f0e6e34d2f33a16ca1d089e6510b6867f74c3b4390a097952ab235c55e4023245e61cc4318622d5674')
+
+prepare() {
+ export GOPATH="${srcdir}"
+ export PATH="$PATH:$GOPATH/bin"
+ mkdir -p src/github.com/hashicorp/
+ mv "${pkgname}" src/github.com/hashicorp/
+}
+
+build() {
+ cd src/github.com/hashicorp/"${pkgname}"
+ go build -o consul-template-binary
+}
+
+package() {
+ cd src/github.com/hashicorp/"${pkgname}"
+ install -Dm755 consul-template-binary "${pkgdir}/usr/bin/consul-template"
+ install -Dm644 "${srcdir}/${pkgname}.hcl" "${pkgdir}/etc/${pkgname}/${pkgname}.hcl"
+ install -Dm644 "${srcdir}/${pkgname}.service" "${pkgdir}/usr/lib/systemd/system/${pkgname}.service"
+}
Copied: consul-template/repos/community-x86_64/consul-template.hcl (from rev 306251, consul-template/trunk/consul-template.hcl)
===================================================================
--- community-x86_64/consul-template.hcl (rev 0)
+++ community-x86_64/consul-template.hcl 2018-03-12 00:04:56 UTC (rev 306252)
@@ -0,0 +1,350 @@
+# This denotes the start of the configuration section for Consul. All values
+# contained in this section pertain to Consul.
+consul {
+ # This block specifies the basic authentication information to pass with the
+ # request. For more information on authentication, please see the Consul
+ # documentation.
+ auth {
+ enabled = true
+ username = "test"
+ password = "test"
+ }
+
+ # This is the address of the Consul agent. By default, this is
+ # 127.0.0.1:8500, which is the default bind and port for a local Consul
+ # agent. It is not recommended that you communicate directly with a Consul
+ # server, and instead communicate with the local Consul agent. There are many
+ # reasons for this, most importantly the Consul agent is able to multiplex
+ # connections to the Consul server and reduce the number of open HTTP
+ # connections. Additionally, it provides a "well-known" IP address for which
+ # clients can connect.
+ address = "127.0.0.1:8500"
+
+ # This is the ACL token to use when connecting to Consul. If you did not
+ # enable ACLs on your Consul cluster, you do not need to set this option.
+ #
+ # This option is also available via the environment variable CONSUL_TOKEN.
+ token = "abcd1234"
+
+ # This controls the retry behavior when an error is returned from Consul.
+ # Consul Template is highly fault tolerant, meaning it does not exit in the
+ # face of failure. Instead, it uses exponential back-off and retry functions
+ # to wait for the cluster to become available, as is customary in distributed
+ # systems.
+ retry {
+ # This enabled retries. Retries are enabled by default, so this is
+ # redundant.
+ enabled = true
+
+ # This specifies the number of attempts to make before giving up. Each
+ # attempt adds the exponential backoff sleep time. Setting this to
+ # zero will implement an unlimited number of retries.
+ attempts = 12
+
+ # This is the base amount of time to sleep between retry attempts. Each
+ # retry sleeps for an exponent of 2 longer than this base. For 5 retries,
+ # the sleep times would be: 250ms, 500ms, 1s, 2s, then 4s.
+ backoff = "250ms"
+
+ # This is the maximum amount of time to sleep between retry attempts.
+ # When max_backoff is set to zero, there is no upper limit to the
+ # exponential sleep between retry attempts.
+ # If max_backoff is set to 10s and backoff is set to 1s, sleep times
+ # would be: 1s, 2s, 4s, 8s, 10s, 10s, ...
+ max_backoff = "1m"
+ }
+
+ # This block configures the SSL options for connecting to the Consul server.
+ ssl {
+ # This enables SSL. Specifying any option for SSL will also enable it.
+ enabled = true
+
+ # This enables SSL peer verification. The default value is "true", which
+ # will check the global CA chain to make sure the given certificates are
+ # valid. If you are using a self-signed certificate that you have not added
+ # to the CA chain, you may want to disable SSL verification. However, please
+ # understand this is a potential security vulnerability.
+ verify = false
+
+ # This is the path to the certificate to use to authenticate. If just a
+ # certificate is provided, it is assumed to contain both the certificate and
+ # the key to convert to an X509 certificate. If both the certificate and
+ # key are specified, Consul Template will automatically combine them into an
+ # X509 certificate for you.
+ cert = "/path/to/client/cert"
+ key = "/path/to/client/key"
+
+ # This is the path to the certificate authority to use as a CA. This is
+ # useful for self-signed certificates or for organizations using their own
+ # internal certificate authority.
+ ca_cert = "/path/to/ca"
+
+ # This is the path to a directory of PEM-encoded CA cert files. If both
+ # `ca_cert` and `ca_path` is specified, `ca_cert` is preferred.
+ ca_path = "path/to/certs/"
+
+ # This sets the SNI server name to use for validation.
+ server_name = "my-server.com"
+ }
+}
+
+# This is the signal to listen for to trigger a reload event. The default
+# value is shown below. Setting this value to the empty string will cause CT
+# to not listen for any reload signals.
+reload_signal = "SIGHUP"
+
+# This is the signal to listen for to trigger a graceful stop. The default
+# value is shown below. Setting this value to the empty string will cause CT
+# to not listen for any graceful stop signals.
+kill_signal = "SIGINT"
+
+# This is the maximum interval to allow "stale" data. By default, only the
+# Consul leader will respond to queries; any requests to a follower will
+# forward to the leader. In large clusters with many requests, this is not as
+# scalable, so this option allows any follower to respond to a query, so long
+# as the last-replicated data is within these bounds. Higher values result in
+# less cluster load, but are more likely to have outdated data.
+max_stale = "10m"
+
+# This is the log level. If you find a bug in Consul Template, please enable
+# debug logs so we can help identify the issue. This is also available as a
+# command line flag.
+log_level = "warn"
+
+# This is the path to store a PID file which will contain the process ID of the
+# Consul Template process. This is useful if you plan to send custom signals
+# to the process.
+pid_file = "/path/to/pid"
+
+# This is the quiescence timers; it defines the minimum and maximum amount of
+# time to wait for the cluster to reach a consistent state before rendering a
+# template. This is useful to enable in systems that have a lot of flapping,
+# because it will reduce the the number of times a template is rendered.
+wait {
+ min = "5s"
+ max = "10s"
+}
+
+# This denotes the start of the configuration section for Vault. All values
+# contained in this section pertain to Vault.
+vault {
+ # This is the address of the Vault leader. The protocol (http(s)) portion
+ # of the address is required.
+ address = "https://vault.service.consul:8200"
+
+ # This is the grace period between lease renewal of periodic secrets and secret
+ # re-acquisition. When renewing a secret, if the remaining lease is less than or
+ # equal to the configured grace, Consul Template will request a new credential.
+ # This prevents Vault from revoking the credential at expiration and Consul
+ # Template having a stale credential.
+ #
+ # Note: If you set this to a value that is higher than your default TTL or
+ # max TTL, Consul Template will always read a new secret!
+ grace = "5m"
+
+ # This is the token to use when communicating with the Vault server.
+ # Like other tools that integrate with Vault, Consul Template makes the
+ # assumption that you provide it with a Vault token; it does not have the
+ # incorporated logic to generate tokens via Vault's auth methods.
+ #
+ # This value can also be specified via the environment variable VAULT_TOKEN.
+ token = "abcd1234"
+
+ # This tells Consul Template that the provided token is actually a wrapped
+ # token that should be unwrapped using Vault's cubbyhole response wrapping
+ # before being used. Please see Vault's cubbyhole response wrapping
+ # documentation for more information.
+ unwrap_token = true
+
+ # This option tells Consul Template to automatically renew the Vault token
+ # given. If you are unfamiliar with Vault's architecture, Vault requires
+ # tokens be renewed at some regular interval or they will be revoked. Consul
+ # Template will automatically renew the token at half the lease duration of
+ # the token. The default value is true, but this option can be disabled if
+ # you want to renew the Vault token using an out-of-band process.
+ #
+ # Note that secrets specified in a template (using {{secret}} for example)
+ # are always renewed, even if this option is set to false. This option only
+ # applies to the top-level Vault token itself.
+ renew_token = true
+
+ # This section details the retry options for connecting to Vault. Please see
+ # the retry options in the Consul section for more information (they are the
+ # same).
+ retry {
+ # ...
+ }
+
+ # This section details the SSL options for connecting to the Vault server.
+ # Please see the SSL options in the Consul section for more information (they
+ # are the same).
+ ssl {
+ # ...
+ }
+}
+
+# This block defines the configuration for connecting to a syslog server for
+# logging.
+syslog {
+ # This enables syslog logging. Specifying any other option also enables
+ # syslog logging.
+ enabled = true
+
+ # This is the name of the syslog facility to log to.
+ facility = "LOCAL5"
+}
+
+# This block defines the configuration for de-duplication mode. Please see the
+# de-duplication mode documentation later in the README for more information
+# on how de-duplication mode operates.
+deduplicate {
+ # This enables de-duplication mode. Specifying any other options also enables
+ # de-duplication mode.
+ enabled = true
+
+ # This is the prefix to the path in Consul's KV store where de-duplication
+ # templates will be pre-rendered and stored.
+ prefix = "consul-template/dedup/"
+}
+
+# This block defines the configuration for exec mode. Please see the exec mode
+# documentation at the bottom of this README for more information on how exec
+# mode operates and the caveats of this mode.
+exec {
+ # This is the command to exec as a child process. There can be only one
+ # command per Consul Template process.
+ command = "/usr/bin/app"
+
+ # This is a random splay to wait before killing the command. The default
+ # value is 0 (no wait), but large clusters should consider setting a splay
+ # value to prevent all child processes from reloading at the same time when
+ # data changes occur. When this value is set to non-zero, Consul Template
+ # will wait a random period of time up to the splay value before reloading
+ # or killing the child process. This can be used to prevent the thundering
+ # herd problem on applications that do not gracefully reload.
+ splay = "5s"
+
+ env {
+ # This specifies if the child process should not inherit the parent
+ # process's environment. By default, the child will have full access to the
+ # environment variables of the parent. Setting this to true will send only
+ # the values specified in `custom_env` to the child process.
+ pristine = false
+
+ # This specifies additional custom environment variables in the form shown
+ # below to inject into the child's runtime environment. If a custom
+ # environment variable shares its name with a system environment variable,
+ # the custom environment variable takes precedence. Even if pristine,
+ # whitelist, or blacklist is specified, all values in this option
+ # are given to the child process.
+ custom = ["PATH=$PATH:/etc/myapp/bin"]
+
+ # This specifies a list of environment variables to exclusively include in
+ # the list of environment variables exposed to the child process. If
+ # specified, only those environment variables matching the given patterns
+ # are exposed to the child process. These strings are matched using Go's
+ # glob function, so wildcards are permitted.
+ whitelist = ["CONSUL_*"]
+
+ # This specifies a list of environment variables to exclusively prohibit in
+ # the list of environment variables exposed to the child process. If
+ # specified, any environment variables matching the given patterns will not
+ # be exposed to the child process, even if they are whitelisted. The values
+ # in this option take precedence over the values in the whitelist.
+ # These strings are matched using Go's glob function, so wildcards are
+ # permitted.
+ blacklist = ["VAULT_*"]
+ }
+
+ # This defines the signal that will be sent to the child process when a
+ # change occurs in a watched template. The signal will only be sent after the
+ # process is started, and the process will only be started after all
+ # dependent templates have been rendered at least once. The default value is
+ # nil, which tells Consul Template to stop the child process and spawn a new
+ # one instead of sending it a signal. This is useful for legacy applications
+ # or applications that cannot properly reload their configuration without a
+ # full reload.
+ reload_signal = ""
+
+ # This defines the signal sent to the child process when Consul Template is
+ # gracefully shutting down. The application should begin a graceful cleanup.
+ # If the application does not terminate before the `kill_timeout`, it will
+ # be terminated (effectively "kill -9"). The default value is "SIGTERM".
+ kill_signal = "SIGINT"
+
+ # This defines the amount of time to wait for the child process to gracefully
+ # terminate when Consul Template exits. After this specified time, the child
+ # process will be force-killed (effectively "kill -9"). The default value is
+ # "30s".
+ kill_timeout = "2s"
+}
+
+# This block defines the configuration for a template. Unlike other blocks,
+# this block may be specified multiple times to configure multiple templates.
+# It is also possible to configure templates via the CLI directly.
+template {
+ # This is the source file on disk to use as the input template. This is often
+ # called the "Consul Template template". This option is required if not using
+ # the `contents` option.
+ source = "/path/on/disk/to/template.ctmpl"
+
+ # This is the destination path on disk where the source template will render.
+ # If the parent directories do not exist, Consul Template will attempt to
+ # create them, unless create_dest_dirs is false.
+ destination = "/path/on/disk/where/template/will/render.txt"
+
+ # This options tells Consul Template to create the parent directories of the
+ # destination path if they do not exist. The default value is true.
+ create_dest_dirs = true
+
+ # This option allows embedding the contents of a template in the configuration
+ # file rather then supplying the `source` path to the template file. This is
+ # useful for short templates. This option is mutually exclusive with the
+ # `source` option.
+ contents = "{{ keyOrDefault \"service/redis/maxconns at east-aws\" \"5\" }}"
+
+ # This is the optional command to run when the template is rendered. The
+ # command will only run if the resulting template changes. The command must
+ # return within 30s (configurable), and it must have a successful exit code.
+ # Consul Template is not a replacement for a process monitor or init system.
+ command = "restart service foo"
+
+ # This is the maximum amount of time to wait for the optional command to
+ # return. Default is 30s.
+ command_timeout = "60s"
+
+ # Exit with an error when accessing a struct or map field/key that does not
+ # exist. The default behavior will print "<no value>" when accessing a field
+ # that does not exist. It is highly recommended you set this to "true" when
+ # retrieving secrets from Vault.
+ error_on_missing_key = false
+
+ # This is the permission to render the file. If this option is left
+ # unspecified, Consul Template will attempt to match the permissions of the
+ # file that already exists at the destination path. If no file exists at that
+ # path, the permissions are 0644.
+ perms = 0600
+
+ # This option backs up the previously rendered template at the destination
+ # path before writing a new one. It keeps exactly one backup. This option is
+ # useful for preventing accidental changes to the data without having a
+ # rollback strategy.
+ backup = true
+
+ # These are the delimiters to use in the template. The default is "{{" and
+ # "}}", but for some templates, it may be easier to use a different delimiter
+ # that does not conflict with the output file itself.
+ left_delimiter = "{{"
+ right_delimiter = "}}"
+
+ # This is the `minimum(:maximum)` to wait before rendering a new template to
+ # disk and triggering a command, separated by a colon (`:`). If the optional
+ # maximum value is omitted, it is assumed to be 4x the required minimum value.
+ # This is a numeric time with a unit suffix ("5s"). There is no default value.
+ # The wait value for a template takes precedence over any globally-configured
+ # wait.
+ wait {
+ min = "2s"
+ max = "10s"
+ }
+}
Copied: consul-template/repos/community-x86_64/consul-template.service (from rev 306251, consul-template/trunk/consul-template.service)
===================================================================
--- community-x86_64/consul-template.service (rev 0)
+++ community-x86_64/consul-template.service 2018-03-12 00:04:56 UTC (rev 306252)
@@ -0,0 +1,12 @@
+[Unit]
+Description=template rendering, notifier, and supervisor for HashiCorp Consul and Vault data
+Documentation=https://github.com/hashicorp/consul-template
+After=vault.service consul.service
+
+[Service]
+ExecStart=/usr/bin/consul-template -config /etc/consul-template/config.hcl
+ExecReload=/usr/bin/kill -HUP $MAINPID
+KillSignal=SIGINT
+
+[Install]
+WantedBy=multi-user.target
More information about the arch-commits
mailing list