[arch-commits] Commit in consul-template/repos/community-x86_64 (6 files)

Christian Rebischke shibumi at gemini.archlinux.org
Wed Aug 10 19:41:39 UTC 2022


    Date: Wednesday, August 10, 2022 @ 19:41:38
  Author: shibumi
Revision: 1265112

archrelease: copy trunk to community-x86_64

Added:
  consul-template/repos/community-x86_64/PKGBUILD
    (from rev 1265111, consul-template/trunk/PKGBUILD)
  consul-template/repos/community-x86_64/consul-template.hcl
    (from rev 1265111, consul-template/trunk/consul-template.hcl)
  consul-template/repos/community-x86_64/consul-template.service
    (from rev 1265111, consul-template/trunk/consul-template.service)
Deleted:
  consul-template/repos/community-x86_64/PKGBUILD
  consul-template/repos/community-x86_64/consul-template.hcl
  consul-template/repos/community-x86_64/consul-template.service

-------------------------+
 PKGBUILD                |   95 +++---
 consul-template.hcl     |  700 +++++++++++++++++++++++-----------------------
 consul-template.service |   24 -
 3 files changed, 410 insertions(+), 409 deletions(-)

Deleted: PKGBUILD
===================================================================
--- PKGBUILD	2022-08-10 19:41:30 UTC (rev 1265111)
+++ PKGBUILD	2022-08-10 19:41:38 UTC (rev 1265112)
@@ -1,47 +0,0 @@
-# Maintainer: Christian Rebischke <chris.rebischke at archlinux.org>
-# Contributor: Tyler Langlois <ty |at| tjll |dot| net>
-# Contributor: Tim Meusel <tim at bastelfreak.de>
-pkgname=consul-template
-pkgver=0.25.2
-pkgrel=1
-pkgdesc='Template rendering, notifier, and supervisor for HashiCorp Consul and Vault data'
-arch=('x86_64')
-url='https://github.com/hashicorp/consul-template'
-license=('MPL')
-backup=("etc/${pkgname}/${pkgname}.hcl")
-makedepends=('go' 'git')
-depends=('glibc')
-optdepends=('consul: interpolate values from a distributed key/value store'
-            'vault: reference secure secrets in template files')
-_consul_template_commit='870905de57f085588c3b718b779d8550aefc5dcf'
-source=("git+https://github.com/hashicorp/consul-template#commit=${_consul_template_commit}"
-        "${pkgname}.service"
-        "${pkgname}.hcl")
-sha512sums=('SKIP'
-            '8b187ff470fb10b47b815b2faaad836ac369071c8ce7e353ec0cbc98e3b1ac2ffc9c892244ac492be1285caa303c4b5fd0a22df3bdb2a037fca1b06c7b24084b'
-            'b2acfbb4bf389b1d95ca9a5f2dfe9be85444c20efdae63f0e6e34d2f33a16ca1d089e6510b6867f74c3b4390a097952ab235c55e4023245e61cc4318622d5674')
-
-prepare() {
-  export GOPATH="${srcdir}"
-  export PATH="$PATH:$GOPATH/bin"
-  mkdir -p src/github.com/hashicorp/
-  mv "${pkgname}" src/github.com/hashicorp/
-  export GO111MODULE=on
-}
-
-build() {
-  cd src/github.com/hashicorp/"${pkgname}"
-  export CGO_CPPFLAGS="${CPPFLAGS}"
-  export CGO_CFLAGS="${CFLAGS}"
-  export CGO_CXXFLAGS="${CXXFLAGS}"
-  export CGO_LDFLAGS="${LDFLAGS}"
-  export GOFLAGS="-buildmode=pie -trimpath -mod=readonly -modcacherw"
-  go build -o consul-template-binary
-}
-
-package() {
-  cd src/github.com/hashicorp/"${pkgname}"
-  install -Dm755 consul-template-binary "${pkgdir}/usr/bin/consul-template"
-  install -Dm644 "${srcdir}/${pkgname}.hcl" "${pkgdir}/etc/${pkgname}/${pkgname}.hcl"
-  install -Dm644 "${srcdir}/${pkgname}.service" "${pkgdir}/usr/lib/systemd/system/${pkgname}.service"
-}

Copied: consul-template/repos/community-x86_64/PKGBUILD (from rev 1265111, consul-template/trunk/PKGBUILD)
===================================================================
--- PKGBUILD	                        (rev 0)
+++ PKGBUILD	2022-08-10 19:41:38 UTC (rev 1265112)
@@ -0,0 +1,48 @@
+# Maintainer: Christian Rebischke <chris.rebischke at archlinux.org>
+# Contributor: Tyler Langlois <ty |at| tjll |dot| net>
+# Contributor: Tim Meusel <tim at bastelfreak.de>
+pkgname=consul-template
+pkgver=0.29.1
+pkgrel=1
+pkgdesc='Template rendering, notifier, and supervisor for HashiCorp Consul and Vault data'
+arch=('x86_64')
+url='https://github.com/hashicorp/consul-template'
+license=('MPL')
+backup=("etc/${pkgname}/${pkgname}.hcl")
+makedepends=('go' 'git')
+depends=('glibc')
+optdepends=('consul: interpolate values from a distributed key/value store'
+            'vault: reference secure secrets in template files')
+_consul_template_commit='4525703f9dd1347a38446e137d56de94dcd06ee7'
+source=("git+https://github.com/hashicorp/consul-template#commit=${_consul_template_commit}"
+        "${pkgname}.service"
+        "${pkgname}.hcl")
+sha512sums=('SKIP'
+            '8b187ff470fb10b47b815b2faaad836ac369071c8ce7e353ec0cbc98e3b1ac2ffc9c892244ac492be1285caa303c4b5fd0a22df3bdb2a037fca1b06c7b24084b'
+            'b2acfbb4bf389b1d95ca9a5f2dfe9be85444c20efdae63f0e6e34d2f33a16ca1d089e6510b6867f74c3b4390a097952ab235c55e4023245e61cc4318622d5674')
+options=(!lto)
+
+prepare() {
+  export GOPATH="${srcdir}"
+  export PATH="$PATH:$GOPATH/bin"
+  mkdir -p src/github.com/hashicorp/
+  mv "${pkgname}" src/github.com/hashicorp/
+  export GO111MODULE=on
+}
+
+build() {
+  cd src/github.com/hashicorp/"${pkgname}"
+  export CGO_CPPFLAGS="${CPPFLAGS}"
+  export CGO_CFLAGS="${CFLAGS}"
+  export CGO_CXXFLAGS="${CXXFLAGS}"
+  export CGO_LDFLAGS="${LDFLAGS}"
+  export GOFLAGS="-buildmode=pie -trimpath -mod=readonly -modcacherw"
+  go build -o consul-template-binary
+}
+
+package() {
+  cd src/github.com/hashicorp/"${pkgname}"
+  install -Dm755 consul-template-binary "${pkgdir}/usr/bin/consul-template"
+  install -Dm644 "${srcdir}/${pkgname}.hcl" "${pkgdir}/etc/${pkgname}/${pkgname}.hcl"
+  install -Dm644 "${srcdir}/${pkgname}.service" "${pkgdir}/usr/lib/systemd/system/${pkgname}.service"
+}

Deleted: consul-template.hcl
===================================================================
--- consul-template.hcl	2022-08-10 19:41:30 UTC (rev 1265111)
+++ consul-template.hcl	2022-08-10 19:41:38 UTC (rev 1265112)
@@ -1,350 +0,0 @@
-# This denotes the start of the configuration section for Consul. All values
-# contained in this section pertain to Consul.
-consul {
-  # This block specifies the basic authentication information to pass with the
-  # request. For more information on authentication, please see the Consul
-  # documentation.
-  auth {
-    enabled  = true
-    username = "test"
-    password = "test"
-  }
-
-  # This is the address of the Consul agent. By default, this is
-  # 127.0.0.1:8500, which is the default bind and port for a local Consul
-  # agent. It is not recommended that you communicate directly with a Consul
-  # server, and instead communicate with the local Consul agent. There are many
-  # reasons for this, most importantly the Consul agent is able to multiplex
-  # connections to the Consul server and reduce the number of open HTTP
-  # connections. Additionally, it provides a "well-known" IP address for which
-  # clients can connect.
-  address = "127.0.0.1:8500"
-
-  # This is the ACL token to use when connecting to Consul. If you did not
-  # enable ACLs on your Consul cluster, you do not need to set this option.
-  #
-  # This option is also available via the environment variable CONSUL_TOKEN.
-  token = "abcd1234"
-
-  # This controls the retry behavior when an error is returned from Consul.
-  # Consul Template is highly fault tolerant, meaning it does not exit in the
-  # face of failure. Instead, it uses exponential back-off and retry functions
-  # to wait for the cluster to become available, as is customary in distributed
-  # systems.
-  retry {
-    # This enabled retries. Retries are enabled by default, so this is
-    # redundant.
-    enabled = true
-
-    # This specifies the number of attempts to make before giving up. Each
-    # attempt adds the exponential backoff sleep time. Setting this to
-    # zero will implement an unlimited number of retries.
-    attempts = 12
-
-    # This is the base amount of time to sleep between retry attempts. Each
-    # retry sleeps for an exponent of 2 longer than this base. For 5 retries,
-    # the sleep times would be: 250ms, 500ms, 1s, 2s, then 4s.
-    backoff = "250ms"
-
-    # This is the maximum amount of time to sleep between retry attempts.
-    # When max_backoff is set to zero, there is no upper limit to the
-    # exponential sleep between retry attempts.
-    # If max_backoff is set to 10s and backoff is set to 1s, sleep times
-    # would be: 1s, 2s, 4s, 8s, 10s, 10s, ...
-    max_backoff = "1m"
-  }
-
-  # This block configures the SSL options for connecting to the Consul server.
-  ssl {
-    # This enables SSL. Specifying any option for SSL will also enable it.
-    enabled = true
-
-    # This enables SSL peer verification. The default value is "true", which
-    # will check the global CA chain to make sure the given certificates are
-    # valid. If you are using a self-signed certificate that you have not added
-    # to the CA chain, you may want to disable SSL verification. However, please
-    # understand this is a potential security vulnerability.
-    verify = false
-
-    # This is the path to the certificate to use to authenticate. If just a
-    # certificate is provided, it is assumed to contain both the certificate and
-    # the key to convert to an X509 certificate. If both the certificate and
-    # key are specified, Consul Template will automatically combine them into an
-    # X509 certificate for you.
-    cert = "/path/to/client/cert"
-    key  = "/path/to/client/key"
-
-    # This is the path to the certificate authority to use as a CA. This is
-    # useful for self-signed certificates or for organizations using their own
-    # internal certificate authority.
-    ca_cert = "/path/to/ca"
-
-    # This is the path to a directory of PEM-encoded CA cert files. If both
-    # `ca_cert` and `ca_path` is specified, `ca_cert` is preferred.
-    ca_path = "path/to/certs/"
-
-    # This sets the SNI server name to use for validation.
-    server_name = "my-server.com"
-  }
-}
-
-# This is the signal to listen for to trigger a reload event. The default
-# value is shown below. Setting this value to the empty string will cause CT
-# to not listen for any reload signals.
-reload_signal = "SIGHUP"
-
-# This is the signal to listen for to trigger a graceful stop. The default
-# value is shown below. Setting this value to the empty string will cause CT
-# to not listen for any graceful stop signals.
-kill_signal = "SIGINT"
-
-# This is the maximum interval to allow "stale" data. By default, only the
-# Consul leader will respond to queries; any requests to a follower will
-# forward to the leader. In large clusters with many requests, this is not as
-# scalable, so this option allows any follower to respond to a query, so long
-# as the last-replicated data is within these bounds. Higher values result in
-# less cluster load, but are more likely to have outdated data.
-max_stale = "10m"
-
-# This is the log level. If you find a bug in Consul Template, please enable
-# debug logs so we can help identify the issue. This is also available as a
-# command line flag.
-log_level = "warn"
-
-# This is the path to store a PID file which will contain the process ID of the
-# Consul Template process. This is useful if you plan to send custom signals
-# to the process.
-pid_file = "/path/to/pid"
-
-# This is the quiescence timers; it defines the minimum and maximum amount of
-# time to wait for the cluster to reach a consistent state before rendering a
-# template. This is useful to enable in systems that have a lot of flapping,
-# because it will reduce the the number of times a template is rendered.
-wait {
-  min = "5s"
-  max = "10s"
-}
-
-# This denotes the start of the configuration section for Vault. All values
-# contained in this section pertain to Vault.
-vault {
-  # This is the address of the Vault leader. The protocol (http(s)) portion
-  # of the address is required.
-  address = "https://vault.service.consul:8200"
-
-  # This is the grace period between lease renewal of periodic secrets and secret
-  # re-acquisition. When renewing a secret, if the remaining lease is less than or
-  # equal to the configured grace, Consul Template will request a new credential.
-  # This prevents Vault from revoking the credential at expiration and Consul
-  # Template having a stale credential.
-  #
-  # Note: If you set this to a value that is higher than your default TTL or
-  # max TTL, Consul Template will always read a new secret!
-  grace = "5m"
-
-  # This is the token to use when communicating with the Vault server.
-  # Like other tools that integrate with Vault, Consul Template makes the
-  # assumption that you provide it with a Vault token; it does not have the
-  # incorporated logic to generate tokens via Vault's auth methods.
-  #
-  # This value can also be specified via the environment variable VAULT_TOKEN.
-  token = "abcd1234"
-
-  # This tells Consul Template that the provided token is actually a wrapped
-  # token that should be unwrapped using Vault's cubbyhole response wrapping
-  # before being used. Please see Vault's cubbyhole response wrapping
-  # documentation for more information.
-  unwrap_token = true
-
-  # This option tells Consul Template to automatically renew the Vault token
-  # given. If you are unfamiliar with Vault's architecture, Vault requires
-  # tokens be renewed at some regular interval or they will be revoked. Consul
-  # Template will automatically renew the token at half the lease duration of
-  # the token. The default value is true, but this option can be disabled if
-  # you want to renew the Vault token using an out-of-band process.
-  #
-  # Note that secrets specified in a template (using {{secret}} for example)
-  # are always renewed, even if this option is set to false. This option only
-  # applies to the top-level Vault token itself.
-  renew_token = true
-
-  # This section details the retry options for connecting to Vault. Please see
-  # the retry options in the Consul section for more information (they are the
-  # same).
-  retry {
-    # ...
-  }
-
-  # This section details the SSL options for connecting to the Vault server.
-  # Please see the SSL options in the Consul section for more information (they
-  # are the same).
-  ssl {
-    # ...
-  }
-}
-
-# This block defines the configuration for connecting to a syslog server for
-# logging.
-syslog {
-  # This enables syslog logging. Specifying any other option also enables
-  # syslog logging.
-  enabled = true
-
-  # This is the name of the syslog facility to log to.
-  facility = "LOCAL5"
-}
-
-# This block defines the configuration for de-duplication mode. Please see the
-# de-duplication mode documentation later in the README for more information
-# on how de-duplication mode operates.
-deduplicate {
-  # This enables de-duplication mode. Specifying any other options also enables
-  # de-duplication mode.
-  enabled = true
-
-  # This is the prefix to the path in Consul's KV store where de-duplication
-  # templates will be pre-rendered and stored.
-  prefix = "consul-template/dedup/"
-}
-
-# This block defines the configuration for exec mode. Please see the exec mode
-# documentation at the bottom of this README for more information on how exec
-# mode operates and the caveats of this mode.
-exec {
-  # This is the command to exec as a child process. There can be only one
-  # command per Consul Template process.
-  command = "/usr/bin/app"
-
-  # This is a random splay to wait before killing the command. The default
-  # value is 0 (no wait), but large clusters should consider setting a splay
-  # value to prevent all child processes from reloading at the same time when
-  # data changes occur. When this value is set to non-zero, Consul Template
-  # will wait a random period of time up to the splay value before reloading
-  # or killing the child process. This can be used to prevent the thundering
-  # herd problem on applications that do not gracefully reload.
-  splay = "5s"
-
-  env {
-    # This specifies if the child process should not inherit the parent
-    # process's environment. By default, the child will have full access to the
-    # environment variables of the parent. Setting this to true will send only
-    # the values specified in `custom_env` to the child process.
-    pristine = false
-
-    # This specifies additional custom environment variables in the form shown
-    # below to inject into the child's runtime environment. If a custom
-    # environment variable shares its name with a system environment variable,
-    # the custom environment variable takes precedence. Even if pristine,
-    # whitelist, or blacklist is specified, all values in this option
-    # are given to the child process.
-    custom = ["PATH=$PATH:/etc/myapp/bin"]
-
-    # This specifies a list of environment variables to exclusively include in
-    # the list of environment variables exposed to the child process. If
-    # specified, only those environment variables matching the given patterns
-    # are exposed to the child process. These strings are matched using Go's
-    # glob function, so wildcards are permitted.
-    whitelist = ["CONSUL_*"]
-
-    # This specifies a list of environment variables to exclusively prohibit in
-    # the list of environment variables exposed to the child process. If
-    # specified, any environment variables matching the given patterns will not
-    # be exposed to the child process, even if they are whitelisted. The values
-    # in this option take precedence over the values in the whitelist.
-    # These strings are matched using Go's glob function, so wildcards are
-    # permitted.
-    blacklist = ["VAULT_*"]
-  }
-
-  # This defines the signal that will be sent to the child process when a
-  # change occurs in a watched template. The signal will only be sent after the
-  # process is started, and the process will only be started after all
-  # dependent templates have been rendered at least once. The default value is
-  # nil, which tells Consul Template to stop the child process and spawn a new
-  # one instead of sending it a signal. This is useful for legacy applications
-  # or applications that cannot properly reload their configuration without a
-  # full reload.
-  reload_signal = ""
-
-  # This defines the signal sent to the child process when Consul Template is
-  # gracefully shutting down. The application should begin a graceful cleanup.
-  # If the application does not terminate before the `kill_timeout`, it will
-  # be terminated (effectively "kill -9"). The default value is "SIGTERM".
-  kill_signal = "SIGINT"
-
-  # This defines the amount of time to wait for the child process to gracefully
-  # terminate when Consul Template exits. After this specified time, the child
-  # process will be force-killed (effectively "kill -9"). The default value is
-  # "30s".
-  kill_timeout = "2s"
-}
-
-# This block defines the configuration for a template. Unlike other blocks,
-# this block may be specified multiple times to configure multiple templates.
-# It is also possible to configure templates via the CLI directly.
-template {
-  # This is the source file on disk to use as the input template. This is often
-  # called the "Consul Template template". This option is required if not using
-  # the `contents` option.
-  source = "/path/on/disk/to/template.ctmpl"
-
-  # This is the destination path on disk where the source template will render.
-  # If the parent directories do not exist, Consul Template will attempt to
-  # create them, unless create_dest_dirs is false.
-  destination = "/path/on/disk/where/template/will/render.txt"
-
-  # This options tells Consul Template to create the parent directories of the
-  # destination path if they do not exist. The default value is true.
-  create_dest_dirs = true
-
-  # This option allows embedding the contents of a template in the configuration
-  # file rather then supplying the `source` path to the template file. This is
-  # useful for short templates. This option is mutually exclusive with the
-  # `source` option.
-  contents = "{{ keyOrDefault \"service/redis/maxconns at east-aws\" \"5\" }}"
-
-  # This is the optional command to run when the template is rendered. The
-  # command will only run if the resulting template changes. The command must
-  # return within 30s (configurable), and it must have a successful exit code.
-  # Consul Template is not a replacement for a process monitor or init system.
-  command = "restart service foo"
-
-  # This is the maximum amount of time to wait for the optional command to
-  # return. Default is 30s.
-  command_timeout = "60s"
-
-  # Exit with an error when accessing a struct or map field/key that does not
-  # exist. The default behavior will print "<no value>" when accessing a field
-  # that does not exist. It is highly recommended you set this to "true" when
-  # retrieving secrets from Vault.
-  error_on_missing_key = false
-
-  # This is the permission to render the file. If this option is left
-  # unspecified, Consul Template will attempt to match the permissions of the
-  # file that already exists at the destination path. If no file exists at that
-  # path, the permissions are 0644.
-  perms = 0600
-
-  # This option backs up the previously rendered template at the destination
-  # path before writing a new one. It keeps exactly one backup. This option is
-  # useful for preventing accidental changes to the data without having a
-  # rollback strategy.
-  backup = true
-
-  # These are the delimiters to use in the template. The default is "{{" and
-  # "}}", but for some templates, it may be easier to use a different delimiter
-  # that does not conflict with the output file itself.
-  left_delimiter  = "{{"
-  right_delimiter = "}}"
-
-  # This is the `minimum(:maximum)` to wait before rendering a new template to
-  # disk and triggering a command, separated by a colon (`:`). If the optional
-  # maximum value is omitted, it is assumed to be 4x the required minimum value.
-  # This is a numeric time with a unit suffix ("5s"). There is no default value.
-  # The wait value for a template takes precedence over any globally-configured
-  # wait.
-  wait {
-    min = "2s"
-    max = "10s"
-  }
-}

Copied: consul-template/repos/community-x86_64/consul-template.hcl (from rev 1265111, consul-template/trunk/consul-template.hcl)
===================================================================
--- consul-template.hcl	                        (rev 0)
+++ consul-template.hcl	2022-08-10 19:41:38 UTC (rev 1265112)
@@ -0,0 +1,350 @@
+# This denotes the start of the configuration section for Consul. All values
+# contained in this section pertain to Consul.
+consul {
+  # This block specifies the basic authentication information to pass with the
+  # request. For more information on authentication, please see the Consul
+  # documentation.
+  auth {
+    enabled  = true
+    username = "test"
+    password = "test"
+  }
+
+  # This is the address of the Consul agent. By default, this is
+  # 127.0.0.1:8500, which is the default bind and port for a local Consul
+  # agent. It is not recommended that you communicate directly with a Consul
+  # server, and instead communicate with the local Consul agent. There are many
+  # reasons for this, most importantly the Consul agent is able to multiplex
+  # connections to the Consul server and reduce the number of open HTTP
+  # connections. Additionally, it provides a "well-known" IP address for which
+  # clients can connect.
+  address = "127.0.0.1:8500"
+
+  # This is the ACL token to use when connecting to Consul. If you did not
+  # enable ACLs on your Consul cluster, you do not need to set this option.
+  #
+  # This option is also available via the environment variable CONSUL_TOKEN.
+  token = "abcd1234"
+
+  # This controls the retry behavior when an error is returned from Consul.
+  # Consul Template is highly fault tolerant, meaning it does not exit in the
+  # face of failure. Instead, it uses exponential back-off and retry functions
+  # to wait for the cluster to become available, as is customary in distributed
+  # systems.
+  retry {
+    # This enabled retries. Retries are enabled by default, so this is
+    # redundant.
+    enabled = true
+
+    # This specifies the number of attempts to make before giving up. Each
+    # attempt adds the exponential backoff sleep time. Setting this to
+    # zero will implement an unlimited number of retries.
+    attempts = 12
+
+    # This is the base amount of time to sleep between retry attempts. Each
+    # retry sleeps for an exponent of 2 longer than this base. For 5 retries,
+    # the sleep times would be: 250ms, 500ms, 1s, 2s, then 4s.
+    backoff = "250ms"
+
+    # This is the maximum amount of time to sleep between retry attempts.
+    # When max_backoff is set to zero, there is no upper limit to the
+    # exponential sleep between retry attempts.
+    # If max_backoff is set to 10s and backoff is set to 1s, sleep times
+    # would be: 1s, 2s, 4s, 8s, 10s, 10s, ...
+    max_backoff = "1m"
+  }
+
+  # This block configures the SSL options for connecting to the Consul server.
+  ssl {
+    # This enables SSL. Specifying any option for SSL will also enable it.
+    enabled = true
+
+    # This enables SSL peer verification. The default value is "true", which
+    # will check the global CA chain to make sure the given certificates are
+    # valid. If you are using a self-signed certificate that you have not added
+    # to the CA chain, you may want to disable SSL verification. However, please
+    # understand this is a potential security vulnerability.
+    verify = false
+
+    # This is the path to the certificate to use to authenticate. If just a
+    # certificate is provided, it is assumed to contain both the certificate and
+    # the key to convert to an X509 certificate. If both the certificate and
+    # key are specified, Consul Template will automatically combine them into an
+    # X509 certificate for you.
+    cert = "/path/to/client/cert"
+    key  = "/path/to/client/key"
+
+    # This is the path to the certificate authority to use as a CA. This is
+    # useful for self-signed certificates or for organizations using their own
+    # internal certificate authority.
+    ca_cert = "/path/to/ca"
+
+    # This is the path to a directory of PEM-encoded CA cert files. If both
+    # `ca_cert` and `ca_path` is specified, `ca_cert` is preferred.
+    ca_path = "path/to/certs/"
+
+    # This sets the SNI server name to use for validation.
+    server_name = "my-server.com"
+  }
+}
+
+# This is the signal to listen for to trigger a reload event. The default
+# value is shown below. Setting this value to the empty string will cause CT
+# to not listen for any reload signals.
+reload_signal = "SIGHUP"
+
+# This is the signal to listen for to trigger a graceful stop. The default
+# value is shown below. Setting this value to the empty string will cause CT
+# to not listen for any graceful stop signals.
+kill_signal = "SIGINT"
+
+# This is the maximum interval to allow "stale" data. By default, only the
+# Consul leader will respond to queries; any requests to a follower will
+# forward to the leader. In large clusters with many requests, this is not as
+# scalable, so this option allows any follower to respond to a query, so long
+# as the last-replicated data is within these bounds. Higher values result in
+# less cluster load, but are more likely to have outdated data.
+max_stale = "10m"
+
+# This is the log level. If you find a bug in Consul Template, please enable
+# debug logs so we can help identify the issue. This is also available as a
+# command line flag.
+log_level = "warn"
+
+# This is the path to store a PID file which will contain the process ID of the
+# Consul Template process. This is useful if you plan to send custom signals
+# to the process.
+pid_file = "/path/to/pid"
+
+# This is the quiescence timers; it defines the minimum and maximum amount of
+# time to wait for the cluster to reach a consistent state before rendering a
+# template. This is useful to enable in systems that have a lot of flapping,
+# because it will reduce the the number of times a template is rendered.
+wait {
+  min = "5s"
+  max = "10s"
+}
+
+# This denotes the start of the configuration section for Vault. All values
+# contained in this section pertain to Vault.
+vault {
+  # This is the address of the Vault leader. The protocol (http(s)) portion
+  # of the address is required.
+  address = "https://vault.service.consul:8200"
+
+  # This is the grace period between lease renewal of periodic secrets and secret
+  # re-acquisition. When renewing a secret, if the remaining lease is less than or
+  # equal to the configured grace, Consul Template will request a new credential.
+  # This prevents Vault from revoking the credential at expiration and Consul
+  # Template having a stale credential.
+  #
+  # Note: If you set this to a value that is higher than your default TTL or
+  # max TTL, Consul Template will always read a new secret!
+  grace = "5m"
+
+  # This is the token to use when communicating with the Vault server.
+  # Like other tools that integrate with Vault, Consul Template makes the
+  # assumption that you provide it with a Vault token; it does not have the
+  # incorporated logic to generate tokens via Vault's auth methods.
+  #
+  # This value can also be specified via the environment variable VAULT_TOKEN.
+  token = "abcd1234"
+
+  # This tells Consul Template that the provided token is actually a wrapped
+  # token that should be unwrapped using Vault's cubbyhole response wrapping
+  # before being used. Please see Vault's cubbyhole response wrapping
+  # documentation for more information.
+  unwrap_token = true
+
+  # This option tells Consul Template to automatically renew the Vault token
+  # given. If you are unfamiliar with Vault's architecture, Vault requires
+  # tokens be renewed at some regular interval or they will be revoked. Consul
+  # Template will automatically renew the token at half the lease duration of
+  # the token. The default value is true, but this option can be disabled if
+  # you want to renew the Vault token using an out-of-band process.
+  #
+  # Note that secrets specified in a template (using {{secret}} for example)
+  # are always renewed, even if this option is set to false. This option only
+  # applies to the top-level Vault token itself.
+  renew_token = true
+
+  # This section details the retry options for connecting to Vault. Please see
+  # the retry options in the Consul section for more information (they are the
+  # same).
+  retry {
+    # ...
+  }
+
+  # This section details the SSL options for connecting to the Vault server.
+  # Please see the SSL options in the Consul section for more information (they
+  # are the same).
+  ssl {
+    # ...
+  }
+}
+
+# This block defines the configuration for connecting to a syslog server for
+# logging.
+syslog {
+  # This enables syslog logging. Specifying any other option also enables
+  # syslog logging.
+  enabled = true
+
+  # This is the name of the syslog facility to log to.
+  facility = "LOCAL5"
+}
+
+# This block defines the configuration for de-duplication mode. Please see the
+# de-duplication mode documentation later in the README for more information
+# on how de-duplication mode operates.
+deduplicate {
+  # This enables de-duplication mode. Specifying any other options also enables
+  # de-duplication mode.
+  enabled = true
+
+  # This is the prefix to the path in Consul's KV store where de-duplication
+  # templates will be pre-rendered and stored.
+  prefix = "consul-template/dedup/"
+}
+
+# This block defines the configuration for exec mode. Please see the exec mode
+# documentation at the bottom of this README for more information on how exec
+# mode operates and the caveats of this mode.
+exec {
+  # This is the command to exec as a child process. There can be only one
+  # command per Consul Template process.
+  command = "/usr/bin/app"
+
+  # This is a random splay to wait before killing the command. The default
+  # value is 0 (no wait), but large clusters should consider setting a splay
+  # value to prevent all child processes from reloading at the same time when
+  # data changes occur. When this value is set to non-zero, Consul Template
+  # will wait a random period of time up to the splay value before reloading
+  # or killing the child process. This can be used to prevent the thundering
+  # herd problem on applications that do not gracefully reload.
+  splay = "5s"
+
+  env {
+    # This specifies if the child process should not inherit the parent
+    # process's environment. By default, the child will have full access to the
+    # environment variables of the parent. Setting this to true will send only
+    # the values specified in `custom_env` to the child process.
+    pristine = false
+
+    # This specifies additional custom environment variables in the form shown
+    # below to inject into the child's runtime environment. If a custom
+    # environment variable shares its name with a system environment variable,
+    # the custom environment variable takes precedence. Even if pristine,
+    # whitelist, or blacklist is specified, all values in this option
+    # are given to the child process.
+    custom = ["PATH=$PATH:/etc/myapp/bin"]
+
+    # This specifies a list of environment variables to exclusively include in
+    # the list of environment variables exposed to the child process. If
+    # specified, only those environment variables matching the given patterns
+    # are exposed to the child process. These strings are matched using Go's
+    # glob function, so wildcards are permitted.
+    whitelist = ["CONSUL_*"]
+
+    # This specifies a list of environment variables to exclusively prohibit in
+    # the list of environment variables exposed to the child process. If
+    # specified, any environment variables matching the given patterns will not
+    # be exposed to the child process, even if they are whitelisted. The values
+    # in this option take precedence over the values in the whitelist.
+    # These strings are matched using Go's glob function, so wildcards are
+    # permitted.
+    blacklist = ["VAULT_*"]
+  }
+
+  # This defines the signal that will be sent to the child process when a
+  # change occurs in a watched template. The signal will only be sent after the
+  # process is started, and the process will only be started after all
+  # dependent templates have been rendered at least once. The default value is
+  # nil, which tells Consul Template to stop the child process and spawn a new
+  # one instead of sending it a signal. This is useful for legacy applications
+  # or applications that cannot properly reload their configuration without a
+  # full reload.
+  reload_signal = ""
+
+  # This defines the signal sent to the child process when Consul Template is
+  # gracefully shutting down. The application should begin a graceful cleanup.
+  # If the application does not terminate before the `kill_timeout`, it will
+  # be terminated (effectively "kill -9"). The default value is "SIGTERM".
+  kill_signal = "SIGINT"
+
+  # This defines the amount of time to wait for the child process to gracefully
+  # terminate when Consul Template exits. After this specified time, the child
+  # process will be force-killed (effectively "kill -9"). The default value is
+  # "30s".
+  kill_timeout = "2s"
+}
+
+# This block defines the configuration for a template. Unlike other blocks,
+# this block may be specified multiple times to configure multiple templates.
+# It is also possible to configure templates via the CLI directly.
+template {
+  # This is the source file on disk to use as the input template. This is often
+  # called the "Consul Template template". This option is required if not using
+  # the `contents` option.
+  source = "/path/on/disk/to/template.ctmpl"
+
+  # This is the destination path on disk where the source template will render.
+  # If the parent directories do not exist, Consul Template will attempt to
+  # create them, unless create_dest_dirs is false.
+  destination = "/path/on/disk/where/template/will/render.txt"
+
+  # This options tells Consul Template to create the parent directories of the
+  # destination path if they do not exist. The default value is true.
+  create_dest_dirs = true
+
+  # This option allows embedding the contents of a template in the configuration
+  # file rather then supplying the `source` path to the template file. This is
+  # useful for short templates. This option is mutually exclusive with the
+  # `source` option.
+  contents = "{{ keyOrDefault \"service/redis/maxconns at east-aws\" \"5\" }}"
+
+  # This is the optional command to run when the template is rendered. The
+  # command will only run if the resulting template changes. The command must
+  # return within 30s (configurable), and it must have a successful exit code.
+  # Consul Template is not a replacement for a process monitor or init system.
+  command = "restart service foo"
+
+  # This is the maximum amount of time to wait for the optional command to
+  # return. Default is 30s.
+  command_timeout = "60s"
+
+  # Exit with an error when accessing a struct or map field/key that does not
+  # exist. The default behavior will print "<no value>" when accessing a field
+  # that does not exist. It is highly recommended you set this to "true" when
+  # retrieving secrets from Vault.
+  error_on_missing_key = false
+
+  # This is the permission to render the file. If this option is left
+  # unspecified, Consul Template will attempt to match the permissions of the
+  # file that already exists at the destination path. If no file exists at that
+  # path, the permissions are 0644.
+  perms = 0600
+
+  # This option backs up the previously rendered template at the destination
+  # path before writing a new one. It keeps exactly one backup. This option is
+  # useful for preventing accidental changes to the data without having a
+  # rollback strategy.
+  backup = true
+
+  # These are the delimiters to use in the template. The default is "{{" and
+  # "}}", but for some templates, it may be easier to use a different delimiter
+  # that does not conflict with the output file itself.
+  left_delimiter  = "{{"
+  right_delimiter = "}}"
+
+  # This is the `minimum(:maximum)` to wait before rendering a new template to
+  # disk and triggering a command, separated by a colon (`:`). If the optional
+  # maximum value is omitted, it is assumed to be 4x the required minimum value.
+  # This is a numeric time with a unit suffix ("5s"). There is no default value.
+  # The wait value for a template takes precedence over any globally-configured
+  # wait.
+  wait {
+    min = "2s"
+    max = "10s"
+  }
+}

Deleted: consul-template.service
===================================================================
--- consul-template.service	2022-08-10 19:41:30 UTC (rev 1265111)
+++ consul-template.service	2022-08-10 19:41:38 UTC (rev 1265112)
@@ -1,12 +0,0 @@
-[Unit]
-Description=template rendering, notifier, and supervisor for HashiCorp Consul and Vault data
-Documentation=https://github.com/hashicorp/consul-template
-After=vault.service consul.service
-
-[Service]
-ExecStart=/usr/bin/consul-template -config /etc/consul-template/config.hcl
-ExecReload=/usr/bin/kill -HUP $MAINPID
-KillSignal=SIGINT
-
-[Install]
-WantedBy=multi-user.target

Copied: consul-template/repos/community-x86_64/consul-template.service (from rev 1265111, consul-template/trunk/consul-template.service)
===================================================================
--- consul-template.service	                        (rev 0)
+++ consul-template.service	2022-08-10 19:41:38 UTC (rev 1265112)
@@ -0,0 +1,12 @@
+[Unit]
+Description=template rendering, notifier, and supervisor for HashiCorp Consul and Vault data
+Documentation=https://github.com/hashicorp/consul-template
+After=vault.service consul.service
+
+[Service]
+ExecStart=/usr/bin/consul-template -config /etc/consul-template/config.hcl
+ExecReload=/usr/bin/kill -HUP $MAINPID
+KillSignal=SIGINT
+
+[Install]
+WantedBy=multi-user.target



More information about the arch-commits mailing list