[arch-commits] Commit in consul-template/repos/community-x86_64 (6 files)
Christian Rebischke
shibumi at gemini.archlinux.org
Wed Aug 10 19:41:39 UTC 2022
Date: Wednesday, August 10, 2022 @ 19:41:38
Author: shibumi
Revision: 1265112
archrelease: copy trunk to community-x86_64
Added:
consul-template/repos/community-x86_64/PKGBUILD
(from rev 1265111, consul-template/trunk/PKGBUILD)
consul-template/repos/community-x86_64/consul-template.hcl
(from rev 1265111, consul-template/trunk/consul-template.hcl)
consul-template/repos/community-x86_64/consul-template.service
(from rev 1265111, consul-template/trunk/consul-template.service)
Deleted:
consul-template/repos/community-x86_64/PKGBUILD
consul-template/repos/community-x86_64/consul-template.hcl
consul-template/repos/community-x86_64/consul-template.service
-------------------------+
PKGBUILD | 95 +++---
consul-template.hcl | 700 +++++++++++++++++++++++-----------------------
consul-template.service | 24 -
3 files changed, 410 insertions(+), 409 deletions(-)
Deleted: PKGBUILD
===================================================================
--- PKGBUILD 2022-08-10 19:41:30 UTC (rev 1265111)
+++ PKGBUILD 2022-08-10 19:41:38 UTC (rev 1265112)
@@ -1,47 +0,0 @@
-# Maintainer: Christian Rebischke <chris.rebischke at archlinux.org>
-# Contributor: Tyler Langlois <ty |at| tjll |dot| net>
-# Contributor: Tim Meusel <tim at bastelfreak.de>
-pkgname=consul-template
-pkgver=0.25.2
-pkgrel=1
-pkgdesc='Template rendering, notifier, and supervisor for HashiCorp Consul and Vault data'
-arch=('x86_64')
-url='https://github.com/hashicorp/consul-template'
-license=('MPL')
-backup=("etc/${pkgname}/${pkgname}.hcl")
-makedepends=('go' 'git')
-depends=('glibc')
-optdepends=('consul: interpolate values from a distributed key/value store'
- 'vault: reference secure secrets in template files')
-_consul_template_commit='870905de57f085588c3b718b779d8550aefc5dcf'
-source=("git+https://github.com/hashicorp/consul-template#commit=${_consul_template_commit}"
- "${pkgname}.service"
- "${pkgname}.hcl")
-sha512sums=('SKIP'
- '8b187ff470fb10b47b815b2faaad836ac369071c8ce7e353ec0cbc98e3b1ac2ffc9c892244ac492be1285caa303c4b5fd0a22df3bdb2a037fca1b06c7b24084b'
- 'b2acfbb4bf389b1d95ca9a5f2dfe9be85444c20efdae63f0e6e34d2f33a16ca1d089e6510b6867f74c3b4390a097952ab235c55e4023245e61cc4318622d5674')
-
-prepare() {
- export GOPATH="${srcdir}"
- export PATH="$PATH:$GOPATH/bin"
- mkdir -p src/github.com/hashicorp/
- mv "${pkgname}" src/github.com/hashicorp/
- export GO111MODULE=on
-}
-
-build() {
- cd src/github.com/hashicorp/"${pkgname}"
- export CGO_CPPFLAGS="${CPPFLAGS}"
- export CGO_CFLAGS="${CFLAGS}"
- export CGO_CXXFLAGS="${CXXFLAGS}"
- export CGO_LDFLAGS="${LDFLAGS}"
- export GOFLAGS="-buildmode=pie -trimpath -mod=readonly -modcacherw"
- go build -o consul-template-binary
-}
-
-package() {
- cd src/github.com/hashicorp/"${pkgname}"
- install -Dm755 consul-template-binary "${pkgdir}/usr/bin/consul-template"
- install -Dm644 "${srcdir}/${pkgname}.hcl" "${pkgdir}/etc/${pkgname}/${pkgname}.hcl"
- install -Dm644 "${srcdir}/${pkgname}.service" "${pkgdir}/usr/lib/systemd/system/${pkgname}.service"
-}
Copied: consul-template/repos/community-x86_64/PKGBUILD (from rev 1265111, consul-template/trunk/PKGBUILD)
===================================================================
--- PKGBUILD (rev 0)
+++ PKGBUILD 2022-08-10 19:41:38 UTC (rev 1265112)
@@ -0,0 +1,48 @@
+# Maintainer: Christian Rebischke <chris.rebischke at archlinux.org>
+# Contributor: Tyler Langlois <ty |at| tjll |dot| net>
+# Contributor: Tim Meusel <tim at bastelfreak.de>
+pkgname=consul-template
+pkgver=0.29.1
+pkgrel=1
+pkgdesc='Template rendering, notifier, and supervisor for HashiCorp Consul and Vault data'
+arch=('x86_64')
+url='https://github.com/hashicorp/consul-template'
+license=('MPL')
+backup=("etc/${pkgname}/${pkgname}.hcl")
+makedepends=('go' 'git')
+depends=('glibc')
+optdepends=('consul: interpolate values from a distributed key/value store'
+ 'vault: reference secure secrets in template files')
+_consul_template_commit='4525703f9dd1347a38446e137d56de94dcd06ee7'
+source=("git+https://github.com/hashicorp/consul-template#commit=${_consul_template_commit}"
+ "${pkgname}.service"
+ "${pkgname}.hcl")
+sha512sums=('SKIP'
+ '8b187ff470fb10b47b815b2faaad836ac369071c8ce7e353ec0cbc98e3b1ac2ffc9c892244ac492be1285caa303c4b5fd0a22df3bdb2a037fca1b06c7b24084b'
+ 'b2acfbb4bf389b1d95ca9a5f2dfe9be85444c20efdae63f0e6e34d2f33a16ca1d089e6510b6867f74c3b4390a097952ab235c55e4023245e61cc4318622d5674')
+options=(!lto)
+
+prepare() {
+ export GOPATH="${srcdir}"
+ export PATH="$PATH:$GOPATH/bin"
+ mkdir -p src/github.com/hashicorp/
+ mv "${pkgname}" src/github.com/hashicorp/
+ export GO111MODULE=on
+}
+
+build() {
+ cd src/github.com/hashicorp/"${pkgname}"
+ export CGO_CPPFLAGS="${CPPFLAGS}"
+ export CGO_CFLAGS="${CFLAGS}"
+ export CGO_CXXFLAGS="${CXXFLAGS}"
+ export CGO_LDFLAGS="${LDFLAGS}"
+ export GOFLAGS="-buildmode=pie -trimpath -mod=readonly -modcacherw"
+ go build -o consul-template-binary
+}
+
+package() {
+ cd src/github.com/hashicorp/"${pkgname}"
+ install -Dm755 consul-template-binary "${pkgdir}/usr/bin/consul-template"
+ install -Dm644 "${srcdir}/${pkgname}.hcl" "${pkgdir}/etc/${pkgname}/${pkgname}.hcl"
+ install -Dm644 "${srcdir}/${pkgname}.service" "${pkgdir}/usr/lib/systemd/system/${pkgname}.service"
+}
Deleted: consul-template.hcl
===================================================================
--- consul-template.hcl 2022-08-10 19:41:30 UTC (rev 1265111)
+++ consul-template.hcl 2022-08-10 19:41:38 UTC (rev 1265112)
@@ -1,350 +0,0 @@
-# This denotes the start of the configuration section for Consul. All values
-# contained in this section pertain to Consul.
-consul {
- # This block specifies the basic authentication information to pass with the
- # request. For more information on authentication, please see the Consul
- # documentation.
- auth {
- enabled = true
- username = "test"
- password = "test"
- }
-
- # This is the address of the Consul agent. By default, this is
- # 127.0.0.1:8500, which is the default bind and port for a local Consul
- # agent. It is not recommended that you communicate directly with a Consul
- # server, and instead communicate with the local Consul agent. There are many
- # reasons for this, most importantly the Consul agent is able to multiplex
- # connections to the Consul server and reduce the number of open HTTP
- # connections. Additionally, it provides a "well-known" IP address for which
- # clients can connect.
- address = "127.0.0.1:8500"
-
- # This is the ACL token to use when connecting to Consul. If you did not
- # enable ACLs on your Consul cluster, you do not need to set this option.
- #
- # This option is also available via the environment variable CONSUL_TOKEN.
- token = "abcd1234"
-
- # This controls the retry behavior when an error is returned from Consul.
- # Consul Template is highly fault tolerant, meaning it does not exit in the
- # face of failure. Instead, it uses exponential back-off and retry functions
- # to wait for the cluster to become available, as is customary in distributed
- # systems.
- retry {
- # This enabled retries. Retries are enabled by default, so this is
- # redundant.
- enabled = true
-
- # This specifies the number of attempts to make before giving up. Each
- # attempt adds the exponential backoff sleep time. Setting this to
- # zero will implement an unlimited number of retries.
- attempts = 12
-
- # This is the base amount of time to sleep between retry attempts. Each
- # retry sleeps for an exponent of 2 longer than this base. For 5 retries,
- # the sleep times would be: 250ms, 500ms, 1s, 2s, then 4s.
- backoff = "250ms"
-
- # This is the maximum amount of time to sleep between retry attempts.
- # When max_backoff is set to zero, there is no upper limit to the
- # exponential sleep between retry attempts.
- # If max_backoff is set to 10s and backoff is set to 1s, sleep times
- # would be: 1s, 2s, 4s, 8s, 10s, 10s, ...
- max_backoff = "1m"
- }
-
- # This block configures the SSL options for connecting to the Consul server.
- ssl {
- # This enables SSL. Specifying any option for SSL will also enable it.
- enabled = true
-
- # This enables SSL peer verification. The default value is "true", which
- # will check the global CA chain to make sure the given certificates are
- # valid. If you are using a self-signed certificate that you have not added
- # to the CA chain, you may want to disable SSL verification. However, please
- # understand this is a potential security vulnerability.
- verify = false
-
- # This is the path to the certificate to use to authenticate. If just a
- # certificate is provided, it is assumed to contain both the certificate and
- # the key to convert to an X509 certificate. If both the certificate and
- # key are specified, Consul Template will automatically combine them into an
- # X509 certificate for you.
- cert = "/path/to/client/cert"
- key = "/path/to/client/key"
-
- # This is the path to the certificate authority to use as a CA. This is
- # useful for self-signed certificates or for organizations using their own
- # internal certificate authority.
- ca_cert = "/path/to/ca"
-
- # This is the path to a directory of PEM-encoded CA cert files. If both
- # `ca_cert` and `ca_path` is specified, `ca_cert` is preferred.
- ca_path = "path/to/certs/"
-
- # This sets the SNI server name to use for validation.
- server_name = "my-server.com"
- }
-}
-
-# This is the signal to listen for to trigger a reload event. The default
-# value is shown below. Setting this value to the empty string will cause CT
-# to not listen for any reload signals.
-reload_signal = "SIGHUP"
-
-# This is the signal to listen for to trigger a graceful stop. The default
-# value is shown below. Setting this value to the empty string will cause CT
-# to not listen for any graceful stop signals.
-kill_signal = "SIGINT"
-
-# This is the maximum interval to allow "stale" data. By default, only the
-# Consul leader will respond to queries; any requests to a follower will
-# forward to the leader. In large clusters with many requests, this is not as
-# scalable, so this option allows any follower to respond to a query, so long
-# as the last-replicated data is within these bounds. Higher values result in
-# less cluster load, but are more likely to have outdated data.
-max_stale = "10m"
-
-# This is the log level. If you find a bug in Consul Template, please enable
-# debug logs so we can help identify the issue. This is also available as a
-# command line flag.
-log_level = "warn"
-
-# This is the path to store a PID file which will contain the process ID of the
-# Consul Template process. This is useful if you plan to send custom signals
-# to the process.
-pid_file = "/path/to/pid"
-
-# This is the quiescence timers; it defines the minimum and maximum amount of
-# time to wait for the cluster to reach a consistent state before rendering a
-# template. This is useful to enable in systems that have a lot of flapping,
-# because it will reduce the the number of times a template is rendered.
-wait {
- min = "5s"
- max = "10s"
-}
-
-# This denotes the start of the configuration section for Vault. All values
-# contained in this section pertain to Vault.
-vault {
- # This is the address of the Vault leader. The protocol (http(s)) portion
- # of the address is required.
- address = "https://vault.service.consul:8200"
-
- # This is the grace period between lease renewal of periodic secrets and secret
- # re-acquisition. When renewing a secret, if the remaining lease is less than or
- # equal to the configured grace, Consul Template will request a new credential.
- # This prevents Vault from revoking the credential at expiration and Consul
- # Template having a stale credential.
- #
- # Note: If you set this to a value that is higher than your default TTL or
- # max TTL, Consul Template will always read a new secret!
- grace = "5m"
-
- # This is the token to use when communicating with the Vault server.
- # Like other tools that integrate with Vault, Consul Template makes the
- # assumption that you provide it with a Vault token; it does not have the
- # incorporated logic to generate tokens via Vault's auth methods.
- #
- # This value can also be specified via the environment variable VAULT_TOKEN.
- token = "abcd1234"
-
- # This tells Consul Template that the provided token is actually a wrapped
- # token that should be unwrapped using Vault's cubbyhole response wrapping
- # before being used. Please see Vault's cubbyhole response wrapping
- # documentation for more information.
- unwrap_token = true
-
- # This option tells Consul Template to automatically renew the Vault token
- # given. If you are unfamiliar with Vault's architecture, Vault requires
- # tokens be renewed at some regular interval or they will be revoked. Consul
- # Template will automatically renew the token at half the lease duration of
- # the token. The default value is true, but this option can be disabled if
- # you want to renew the Vault token using an out-of-band process.
- #
- # Note that secrets specified in a template (using {{secret}} for example)
- # are always renewed, even if this option is set to false. This option only
- # applies to the top-level Vault token itself.
- renew_token = true
-
- # This section details the retry options for connecting to Vault. Please see
- # the retry options in the Consul section for more information (they are the
- # same).
- retry {
- # ...
- }
-
- # This section details the SSL options for connecting to the Vault server.
- # Please see the SSL options in the Consul section for more information (they
- # are the same).
- ssl {
- # ...
- }
-}
-
-# This block defines the configuration for connecting to a syslog server for
-# logging.
-syslog {
- # This enables syslog logging. Specifying any other option also enables
- # syslog logging.
- enabled = true
-
- # This is the name of the syslog facility to log to.
- facility = "LOCAL5"
-}
-
-# This block defines the configuration for de-duplication mode. Please see the
-# de-duplication mode documentation later in the README for more information
-# on how de-duplication mode operates.
-deduplicate {
- # This enables de-duplication mode. Specifying any other options also enables
- # de-duplication mode.
- enabled = true
-
- # This is the prefix to the path in Consul's KV store where de-duplication
- # templates will be pre-rendered and stored.
- prefix = "consul-template/dedup/"
-}
-
-# This block defines the configuration for exec mode. Please see the exec mode
-# documentation at the bottom of this README for more information on how exec
-# mode operates and the caveats of this mode.
-exec {
- # This is the command to exec as a child process. There can be only one
- # command per Consul Template process.
- command = "/usr/bin/app"
-
- # This is a random splay to wait before killing the command. The default
- # value is 0 (no wait), but large clusters should consider setting a splay
- # value to prevent all child processes from reloading at the same time when
- # data changes occur. When this value is set to non-zero, Consul Template
- # will wait a random period of time up to the splay value before reloading
- # or killing the child process. This can be used to prevent the thundering
- # herd problem on applications that do not gracefully reload.
- splay = "5s"
-
- env {
- # This specifies if the child process should not inherit the parent
- # process's environment. By default, the child will have full access to the
- # environment variables of the parent. Setting this to true will send only
- # the values specified in `custom_env` to the child process.
- pristine = false
-
- # This specifies additional custom environment variables in the form shown
- # below to inject into the child's runtime environment. If a custom
- # environment variable shares its name with a system environment variable,
- # the custom environment variable takes precedence. Even if pristine,
- # whitelist, or blacklist is specified, all values in this option
- # are given to the child process.
- custom = ["PATH=$PATH:/etc/myapp/bin"]
-
- # This specifies a list of environment variables to exclusively include in
- # the list of environment variables exposed to the child process. If
- # specified, only those environment variables matching the given patterns
- # are exposed to the child process. These strings are matched using Go's
- # glob function, so wildcards are permitted.
- whitelist = ["CONSUL_*"]
-
- # This specifies a list of environment variables to exclusively prohibit in
- # the list of environment variables exposed to the child process. If
- # specified, any environment variables matching the given patterns will not
- # be exposed to the child process, even if they are whitelisted. The values
- # in this option take precedence over the values in the whitelist.
- # These strings are matched using Go's glob function, so wildcards are
- # permitted.
- blacklist = ["VAULT_*"]
- }
-
- # This defines the signal that will be sent to the child process when a
- # change occurs in a watched template. The signal will only be sent after the
- # process is started, and the process will only be started after all
- # dependent templates have been rendered at least once. The default value is
- # nil, which tells Consul Template to stop the child process and spawn a new
- # one instead of sending it a signal. This is useful for legacy applications
- # or applications that cannot properly reload their configuration without a
- # full reload.
- reload_signal = ""
-
- # This defines the signal sent to the child process when Consul Template is
- # gracefully shutting down. The application should begin a graceful cleanup.
- # If the application does not terminate before the `kill_timeout`, it will
- # be terminated (effectively "kill -9"). The default value is "SIGTERM".
- kill_signal = "SIGINT"
-
- # This defines the amount of time to wait for the child process to gracefully
- # terminate when Consul Template exits. After this specified time, the child
- # process will be force-killed (effectively "kill -9"). The default value is
- # "30s".
- kill_timeout = "2s"
-}
-
-# This block defines the configuration for a template. Unlike other blocks,
-# this block may be specified multiple times to configure multiple templates.
-# It is also possible to configure templates via the CLI directly.
-template {
- # This is the source file on disk to use as the input template. This is often
- # called the "Consul Template template". This option is required if not using
- # the `contents` option.
- source = "/path/on/disk/to/template.ctmpl"
-
- # This is the destination path on disk where the source template will render.
- # If the parent directories do not exist, Consul Template will attempt to
- # create them, unless create_dest_dirs is false.
- destination = "/path/on/disk/where/template/will/render.txt"
-
- # This options tells Consul Template to create the parent directories of the
- # destination path if they do not exist. The default value is true.
- create_dest_dirs = true
-
- # This option allows embedding the contents of a template in the configuration
- # file rather then supplying the `source` path to the template file. This is
- # useful for short templates. This option is mutually exclusive with the
- # `source` option.
- contents = "{{ keyOrDefault \"service/redis/maxconns at east-aws\" \"5\" }}"
-
- # This is the optional command to run when the template is rendered. The
- # command will only run if the resulting template changes. The command must
- # return within 30s (configurable), and it must have a successful exit code.
- # Consul Template is not a replacement for a process monitor or init system.
- command = "restart service foo"
-
- # This is the maximum amount of time to wait for the optional command to
- # return. Default is 30s.
- command_timeout = "60s"
-
- # Exit with an error when accessing a struct or map field/key that does not
- # exist. The default behavior will print "<no value>" when accessing a field
- # that does not exist. It is highly recommended you set this to "true" when
- # retrieving secrets from Vault.
- error_on_missing_key = false
-
- # This is the permission to render the file. If this option is left
- # unspecified, Consul Template will attempt to match the permissions of the
- # file that already exists at the destination path. If no file exists at that
- # path, the permissions are 0644.
- perms = 0600
-
- # This option backs up the previously rendered template at the destination
- # path before writing a new one. It keeps exactly one backup. This option is
- # useful for preventing accidental changes to the data without having a
- # rollback strategy.
- backup = true
-
- # These are the delimiters to use in the template. The default is "{{" and
- # "}}", but for some templates, it may be easier to use a different delimiter
- # that does not conflict with the output file itself.
- left_delimiter = "{{"
- right_delimiter = "}}"
-
- # This is the `minimum(:maximum)` to wait before rendering a new template to
- # disk and triggering a command, separated by a colon (`:`). If the optional
- # maximum value is omitted, it is assumed to be 4x the required minimum value.
- # This is a numeric time with a unit suffix ("5s"). There is no default value.
- # The wait value for a template takes precedence over any globally-configured
- # wait.
- wait {
- min = "2s"
- max = "10s"
- }
-}
Copied: consul-template/repos/community-x86_64/consul-template.hcl (from rev 1265111, consul-template/trunk/consul-template.hcl)
===================================================================
--- consul-template.hcl (rev 0)
+++ consul-template.hcl 2022-08-10 19:41:38 UTC (rev 1265112)
@@ -0,0 +1,350 @@
+# This denotes the start of the configuration section for Consul. All values
+# contained in this section pertain to Consul.
+consul {
+ # This block specifies the basic authentication information to pass with the
+ # request. For more information on authentication, please see the Consul
+ # documentation.
+ auth {
+ enabled = true
+ username = "test"
+ password = "test"
+ }
+
+ # This is the address of the Consul agent. By default, this is
+ # 127.0.0.1:8500, which is the default bind and port for a local Consul
+ # agent. It is not recommended that you communicate directly with a Consul
+ # server, and instead communicate with the local Consul agent. There are many
+ # reasons for this, most importantly the Consul agent is able to multiplex
+ # connections to the Consul server and reduce the number of open HTTP
+ # connections. Additionally, it provides a "well-known" IP address for which
+ # clients can connect.
+ address = "127.0.0.1:8500"
+
+ # This is the ACL token to use when connecting to Consul. If you did not
+ # enable ACLs on your Consul cluster, you do not need to set this option.
+ #
+ # This option is also available via the environment variable CONSUL_TOKEN.
+ token = "abcd1234"
+
+ # This controls the retry behavior when an error is returned from Consul.
+ # Consul Template is highly fault tolerant, meaning it does not exit in the
+ # face of failure. Instead, it uses exponential back-off and retry functions
+ # to wait for the cluster to become available, as is customary in distributed
+ # systems.
+ retry {
+ # This enabled retries. Retries are enabled by default, so this is
+ # redundant.
+ enabled = true
+
+ # This specifies the number of attempts to make before giving up. Each
+ # attempt adds the exponential backoff sleep time. Setting this to
+ # zero will implement an unlimited number of retries.
+ attempts = 12
+
+ # This is the base amount of time to sleep between retry attempts. Each
+ # retry sleeps for an exponent of 2 longer than this base. For 5 retries,
+ # the sleep times would be: 250ms, 500ms, 1s, 2s, then 4s.
+ backoff = "250ms"
+
+ # This is the maximum amount of time to sleep between retry attempts.
+ # When max_backoff is set to zero, there is no upper limit to the
+ # exponential sleep between retry attempts.
+ # If max_backoff is set to 10s and backoff is set to 1s, sleep times
+ # would be: 1s, 2s, 4s, 8s, 10s, 10s, ...
+ max_backoff = "1m"
+ }
+
+ # This block configures the SSL options for connecting to the Consul server.
+ ssl {
+ # This enables SSL. Specifying any option for SSL will also enable it.
+ enabled = true
+
+ # This enables SSL peer verification. The default value is "true", which
+ # will check the global CA chain to make sure the given certificates are
+ # valid. If you are using a self-signed certificate that you have not added
+ # to the CA chain, you may want to disable SSL verification. However, please
+ # understand this is a potential security vulnerability.
+ verify = false
+
+ # This is the path to the certificate to use to authenticate. If just a
+ # certificate is provided, it is assumed to contain both the certificate and
+ # the key to convert to an X509 certificate. If both the certificate and
+ # key are specified, Consul Template will automatically combine them into an
+ # X509 certificate for you.
+ cert = "/path/to/client/cert"
+ key = "/path/to/client/key"
+
+ # This is the path to the certificate authority to use as a CA. This is
+ # useful for self-signed certificates or for organizations using their own
+ # internal certificate authority.
+ ca_cert = "/path/to/ca"
+
+ # This is the path to a directory of PEM-encoded CA cert files. If both
+ # `ca_cert` and `ca_path` is specified, `ca_cert` is preferred.
+ ca_path = "path/to/certs/"
+
+ # This sets the SNI server name to use for validation.
+ server_name = "my-server.com"
+ }
+}
+
+# This is the signal to listen for to trigger a reload event. The default
+# value is shown below. Setting this value to the empty string will cause CT
+# to not listen for any reload signals.
+reload_signal = "SIGHUP"
+
+# This is the signal to listen for to trigger a graceful stop. The default
+# value is shown below. Setting this value to the empty string will cause CT
+# to not listen for any graceful stop signals.
+kill_signal = "SIGINT"
+
+# This is the maximum interval to allow "stale" data. By default, only the
+# Consul leader will respond to queries; any requests to a follower will
+# forward to the leader. In large clusters with many requests, this is not as
+# scalable, so this option allows any follower to respond to a query, so long
+# as the last-replicated data is within these bounds. Higher values result in
+# less cluster load, but are more likely to have outdated data.
+max_stale = "10m"
+
+# This is the log level. If you find a bug in Consul Template, please enable
+# debug logs so we can help identify the issue. This is also available as a
+# command line flag.
+log_level = "warn"
+
+# This is the path to store a PID file which will contain the process ID of the
+# Consul Template process. This is useful if you plan to send custom signals
+# to the process.
+pid_file = "/path/to/pid"
+
+# This is the quiescence timers; it defines the minimum and maximum amount of
+# time to wait for the cluster to reach a consistent state before rendering a
+# template. This is useful to enable in systems that have a lot of flapping,
+# because it will reduce the the number of times a template is rendered.
+wait {
+ min = "5s"
+ max = "10s"
+}
+
+# This denotes the start of the configuration section for Vault. All values
+# contained in this section pertain to Vault.
+vault {
+ # This is the address of the Vault leader. The protocol (http(s)) portion
+ # of the address is required.
+ address = "https://vault.service.consul:8200"
+
+ # This is the grace period between lease renewal of periodic secrets and secret
+ # re-acquisition. When renewing a secret, if the remaining lease is less than or
+ # equal to the configured grace, Consul Template will request a new credential.
+ # This prevents Vault from revoking the credential at expiration and Consul
+ # Template having a stale credential.
+ #
+ # Note: If you set this to a value that is higher than your default TTL or
+ # max TTL, Consul Template will always read a new secret!
+ grace = "5m"
+
+ # This is the token to use when communicating with the Vault server.
+ # Like other tools that integrate with Vault, Consul Template makes the
+ # assumption that you provide it with a Vault token; it does not have the
+ # incorporated logic to generate tokens via Vault's auth methods.
+ #
+ # This value can also be specified via the environment variable VAULT_TOKEN.
+ token = "abcd1234"
+
+ # This tells Consul Template that the provided token is actually a wrapped
+ # token that should be unwrapped using Vault's cubbyhole response wrapping
+ # before being used. Please see Vault's cubbyhole response wrapping
+ # documentation for more information.
+ unwrap_token = true
+
+ # This option tells Consul Template to automatically renew the Vault token
+ # given. If you are unfamiliar with Vault's architecture, Vault requires
+ # tokens be renewed at some regular interval or they will be revoked. Consul
+ # Template will automatically renew the token at half the lease duration of
+ # the token. The default value is true, but this option can be disabled if
+ # you want to renew the Vault token using an out-of-band process.
+ #
+ # Note that secrets specified in a template (using {{secret}} for example)
+ # are always renewed, even if this option is set to false. This option only
+ # applies to the top-level Vault token itself.
+ renew_token = true
+
+ # This section details the retry options for connecting to Vault. Please see
+ # the retry options in the Consul section for more information (they are the
+ # same).
+ retry {
+ # ...
+ }
+
+ # This section details the SSL options for connecting to the Vault server.
+ # Please see the SSL options in the Consul section for more information (they
+ # are the same).
+ ssl {
+ # ...
+ }
+}
+
+# This block defines the configuration for connecting to a syslog server for
+# logging.
+syslog {
+ # This enables syslog logging. Specifying any other option also enables
+ # syslog logging.
+ enabled = true
+
+ # This is the name of the syslog facility to log to.
+ facility = "LOCAL5"
+}
+
+# This block defines the configuration for de-duplication mode. Please see the
+# de-duplication mode documentation later in the README for more information
+# on how de-duplication mode operates.
+deduplicate {
+ # This enables de-duplication mode. Specifying any other options also enables
+ # de-duplication mode.
+ enabled = true
+
+ # This is the prefix to the path in Consul's KV store where de-duplication
+ # templates will be pre-rendered and stored.
+ prefix = "consul-template/dedup/"
+}
+
+# This block defines the configuration for exec mode. Please see the exec mode
+# documentation at the bottom of this README for more information on how exec
+# mode operates and the caveats of this mode.
+exec {
+ # This is the command to exec as a child process. There can be only one
+ # command per Consul Template process.
+ command = "/usr/bin/app"
+
+ # This is a random splay to wait before killing the command. The default
+ # value is 0 (no wait), but large clusters should consider setting a splay
+ # value to prevent all child processes from reloading at the same time when
+ # data changes occur. When this value is set to non-zero, Consul Template
+ # will wait a random period of time up to the splay value before reloading
+ # or killing the child process. This can be used to prevent the thundering
+ # herd problem on applications that do not gracefully reload.
+ splay = "5s"
+
+ env {
+ # This specifies if the child process should not inherit the parent
+ # process's environment. By default, the child will have full access to the
+ # environment variables of the parent. Setting this to true will send only
+ # the values specified in `custom_env` to the child process.
+ pristine = false
+
+ # This specifies additional custom environment variables in the form shown
+ # below to inject into the child's runtime environment. If a custom
+ # environment variable shares its name with a system environment variable,
+ # the custom environment variable takes precedence. Even if pristine,
+ # whitelist, or blacklist is specified, all values in this option
+ # are given to the child process.
+ custom = ["PATH=$PATH:/etc/myapp/bin"]
+
+ # This specifies a list of environment variables to exclusively include in
+ # the list of environment variables exposed to the child process. If
+ # specified, only those environment variables matching the given patterns
+ # are exposed to the child process. These strings are matched using Go's
+ # glob function, so wildcards are permitted.
+ whitelist = ["CONSUL_*"]
+
+ # This specifies a list of environment variables to exclusively prohibit in
+ # the list of environment variables exposed to the child process. If
+ # specified, any environment variables matching the given patterns will not
+ # be exposed to the child process, even if they are whitelisted. The values
+ # in this option take precedence over the values in the whitelist.
+ # These strings are matched using Go's glob function, so wildcards are
+ # permitted.
+ blacklist = ["VAULT_*"]
+ }
+
+ # This defines the signal that will be sent to the child process when a
+ # change occurs in a watched template. The signal will only be sent after the
+ # process is started, and the process will only be started after all
+ # dependent templates have been rendered at least once. The default value is
+ # nil, which tells Consul Template to stop the child process and spawn a new
+ # one instead of sending it a signal. This is useful for legacy applications
+ # or applications that cannot properly reload their configuration without a
+ # full reload.
+ reload_signal = ""
+
+ # This defines the signal sent to the child process when Consul Template is
+ # gracefully shutting down. The application should begin a graceful cleanup.
+ # If the application does not terminate before the `kill_timeout`, it will
+ # be terminated (effectively "kill -9"). The default value is "SIGTERM".
+ kill_signal = "SIGINT"
+
+ # This defines the amount of time to wait for the child process to gracefully
+ # terminate when Consul Template exits. After this specified time, the child
+ # process will be force-killed (effectively "kill -9"). The default value is
+ # "30s".
+ kill_timeout = "2s"
+}
+
+# This block defines the configuration for a template. Unlike other blocks,
+# this block may be specified multiple times to configure multiple templates.
+# It is also possible to configure templates via the CLI directly.
+template {
+ # This is the source file on disk to use as the input template. This is often
+ # called the "Consul Template template". This option is required if not using
+ # the `contents` option.
+ source = "/path/on/disk/to/template.ctmpl"
+
+ # This is the destination path on disk where the source template will render.
+ # If the parent directories do not exist, Consul Template will attempt to
+ # create them, unless create_dest_dirs is false.
+ destination = "/path/on/disk/where/template/will/render.txt"
+
+ # This options tells Consul Template to create the parent directories of the
+ # destination path if they do not exist. The default value is true.
+ create_dest_dirs = true
+
+ # This option allows embedding the contents of a template in the configuration
+ # file rather then supplying the `source` path to the template file. This is
+ # useful for short templates. This option is mutually exclusive with the
+ # `source` option.
+ contents = "{{ keyOrDefault \"service/redis/maxconns at east-aws\" \"5\" }}"
+
+ # This is the optional command to run when the template is rendered. The
+ # command will only run if the resulting template changes. The command must
+ # return within 30s (configurable), and it must have a successful exit code.
+ # Consul Template is not a replacement for a process monitor or init system.
+ command = "restart service foo"
+
+ # This is the maximum amount of time to wait for the optional command to
+ # return. Default is 30s.
+ command_timeout = "60s"
+
+ # Exit with an error when accessing a struct or map field/key that does not
+ # exist. The default behavior will print "<no value>" when accessing a field
+ # that does not exist. It is highly recommended you set this to "true" when
+ # retrieving secrets from Vault.
+ error_on_missing_key = false
+
+ # This is the permission to render the file. If this option is left
+ # unspecified, Consul Template will attempt to match the permissions of the
+ # file that already exists at the destination path. If no file exists at that
+ # path, the permissions are 0644.
+ perms = 0600
+
+ # This option backs up the previously rendered template at the destination
+ # path before writing a new one. It keeps exactly one backup. This option is
+ # useful for preventing accidental changes to the data without having a
+ # rollback strategy.
+ backup = true
+
+ # These are the delimiters to use in the template. The default is "{{" and
+ # "}}", but for some templates, it may be easier to use a different delimiter
+ # that does not conflict with the output file itself.
+ left_delimiter = "{{"
+ right_delimiter = "}}"
+
+ # This is the `minimum(:maximum)` to wait before rendering a new template to
+ # disk and triggering a command, separated by a colon (`:`). If the optional
+ # maximum value is omitted, it is assumed to be 4x the required minimum value.
+ # This is a numeric time with a unit suffix ("5s"). There is no default value.
+ # The wait value for a template takes precedence over any globally-configured
+ # wait.
+ wait {
+ min = "2s"
+ max = "10s"
+ }
+}
Deleted: consul-template.service
===================================================================
--- consul-template.service 2022-08-10 19:41:30 UTC (rev 1265111)
+++ consul-template.service 2022-08-10 19:41:38 UTC (rev 1265112)
@@ -1,12 +0,0 @@
-[Unit]
-Description=template rendering, notifier, and supervisor for HashiCorp Consul and Vault data
-Documentation=https://github.com/hashicorp/consul-template
-After=vault.service consul.service
-
-[Service]
-ExecStart=/usr/bin/consul-template -config /etc/consul-template/config.hcl
-ExecReload=/usr/bin/kill -HUP $MAINPID
-KillSignal=SIGINT
-
-[Install]
-WantedBy=multi-user.target
Copied: consul-template/repos/community-x86_64/consul-template.service (from rev 1265111, consul-template/trunk/consul-template.service)
===================================================================
--- consul-template.service (rev 0)
+++ consul-template.service 2022-08-10 19:41:38 UTC (rev 1265112)
@@ -0,0 +1,12 @@
+[Unit]
+Description=template rendering, notifier, and supervisor for HashiCorp Consul and Vault data
+Documentation=https://github.com/hashicorp/consul-template
+After=vault.service consul.service
+
+[Service]
+ExecStart=/usr/bin/consul-template -config /etc/consul-template/config.hcl
+ExecReload=/usr/bin/kill -HUP $MAINPID
+KillSignal=SIGINT
+
+[Install]
+WantedBy=multi-user.target
More information about the arch-commits
mailing list