diff options
| author | Bazaah | 2021-04-25 14:35:18 +0000 |
|---|---|---|
| committer | Bazaah | 2021-04-25 15:02:00 +0000 |
| commit | c95cdb9cf1475f1e8006a3b08e8bce2fbb090dda (patch) | |
| tree | 2895a171d6465d411ed23b83dacdc96c0f498c29 | |
| download | aur-c95cdb9cf1475f1e8006a3b08e8bce2fbb090dda.tar.gz | |
consul-template-bin: <NIL> -> 0.25.2_1
- add PKGBUILD + SRCINFO
- add local sources
- add CHANGELOG for 0.25.2
- add .gitignore
This commit adds a new PKGBUILD for pulling binary variants for
HashiCorp's consul-template.
| -rw-r--r-- | .SRCINFO | 34 | ||||
| -rw-r--r-- | .gitignore | 7 | ||||
| -rw-r--r-- | CHANGELOG | 14 | ||||
| -rw-r--r-- | PKGBUILD | 32 | ||||
| -rw-r--r-- | consul-template.target | 5 | ||||
| -rw-r--r-- | consul-template@.service | 18 | ||||
| -rw-r--r-- | example.hcl | 370 |
7 files changed, 480 insertions, 0 deletions
diff --git a/.SRCINFO b/.SRCINFO new file mode 100644 index 000000000000..18d3b16b52d1 --- /dev/null +++ b/.SRCINFO @@ -0,0 +1,34 @@ +pkgbase = consul-template-bin + pkgdesc = Template rendering, notifier, and supervisor for HashiCorp Consul and Vault data + pkgver = 0.25.2 + pkgrel = 1 + url = https://github.com/hashicorp/consul-template + changelog = CHANGELOG + arch = x86_64 + arch = i686 + arch = armv7h + arch = aarch64 + license = MPL2 + depends = glibc + provides = consul-template + conflicts = consul-template + backup = etc/consul-template.d/example.hcl + backup = usr/lib/systemd/system/consul-template@.service + backup = usr/lib/systemd/system/consul-template.target + source = example.hcl + source = consul-template@.service + source = consul-template.target + sha256sums = 3e678bbc1818519df21741f41b9bc60fe13c1ae0f09b1b1f707e041130484268 + sha256sums = 6fb7f113a9c529bcbeaec00835d86e6c99502848766c4286e6bc48c7f8a0a347 + sha256sums = 91274ea60b8c8f8511427f9ff85a82d92c80755668bae11c2e3fd00dbf440a9c + source_x86_64 = consul-template-bin-0.25.2.zip::https://releases.hashicorp.com/consul-template/0.25.2/consul-template_0.25.2_linux_amd64.zip + sha256sums_x86_64 = 9edf7cd9dfa0d83cd992e5501a480ea502968f15109aebe9ba2203648f3014db + source_i686 = consul-template-bin-0.25.2.zip::https://releases.hashicorp.com/consul-template/0.25.2/consul-template_0.25.2_linux_386.zip + sha256sums_i686 = be13e676c5ae8c9de436e418f38aa092f221eec6c59e05dabd1c4959956eeb8f + source_armv7h = consul-template-bin-0.25.2.zip::https://releases.hashicorp.com/consul-template/0.25.2/consul-template_0.25.2_linux_arm.zip + sha256sums_armv7h = dc6ac0508dded2b39544dfefb80ebe907c820e72654a4f052d93d1272b079b3c + source_aarch64 = consul-template-bin-0.25.2.zip::https://releases.hashicorp.com/consul-template/0.25.2/consul-template_0.25.2_linux_arm64.zip + sha256sums_aarch64 = 54e973bf4cca8e860ba44d2ce762f2a69bbb5def7da3056566b9963226e87157 + +pkgname = consul-template-bin + diff --git a/.gitignore b/.gitignore new file mode 100644 index 000000000000..78e0f4c90106 --- /dev/null +++ b/.gitignore @@ -0,0 +1,7 @@ +pkg/ +src/ + +*.bak +*.zstd +*.zip + diff --git a/CHANGELOG b/CHANGELOG new file mode 100644 index 000000000000..0435fd75ad13 --- /dev/null +++ b/CHANGELOG @@ -0,0 +1,14 @@ +## v0.25.2 (Feb 19, 2021) + +BREAKING CHANGES: +* version output from -v/-version should go to STDOUT (not STDERR)[[GH-1452](https://github.com/hashicorp/consul-template/issues/1452), [GH-1455](https://github.com/hashicorp/consul-template/pull/1455)] +* log date output format consistency fix [[GH-1412](https://github.com/hashicorp/consul-template/pull/1412)] + +BUG FIXES: +* fix extra logging/broken log levels [[GH-1438](https://github.com/hashicorp/consul-template/issues/1438), [GH-1426](https://github.com/hashicorp/consul-template/issues/1426), [GH-1454](https://github.com/hashicorp/consul-template/pull/1454), []()] +* fix issue with vault secret panic/missing nil check [[GH-1450](https://github.com/hashicorp/consul-template/issues/1450), [GH-1447](https://github.com/hashicorp/consul-template/pull/1447)] +* Override block_query_wait doesn't work [[GH-1441](https://github.com/hashicorp/consul-template/issues/1441), [GH-1443](https://github.com/hashicorp/consul-template/pull/1443)] + +IMPROVEMENTS: +* vault secret ttl handling [[Gh-1451](https://github.com/hashicorp/consul-template/pull/1451)] + diff --git a/PKGBUILD b/PKGBUILD new file mode 100644 index 000000000000..f0168a890185 --- /dev/null +++ b/PKGBUILD @@ -0,0 +1,32 @@ +# Maintainer: Paul Stemmet <aur@luxolus.com> +pkgname=consul-template-bin +pkgver=0.25.2 +pkgrel=1 +pkgdesc="Template rendering, notifier, and supervisor for HashiCorp Consul and Vault data" +arch=('x86_64' 'i686' 'armv7h' 'aarch64') +url="https://github.com/hashicorp/consul-template" +license=('MPL2') +depends=('glibc') +provides=('consul-template') +conflicts=('consul-template') +backup=('etc/consul-template.d/example.hcl' 'usr/lib/systemd/system/consul-template@.service' 'usr/lib/systemd/system/consul-template.target') +changelog=CHANGELOG +source=('example.hcl' 'consul-template@.service' 'consul-template.target') +source_x86_64=(${pkgname}-${pkgver}.zip::https://releases.hashicorp.com/consul-template/${pkgver}/consul-template_${pkgver}_linux_amd64.zip) +source_i686=(${pkgname}-${pkgver}.zip::https://releases.hashicorp.com/consul-template/${pkgver}/consul-template_${pkgver}_linux_386.zip) +source_armv7h=(${pkgname}-${pkgver}.zip::https://releases.hashicorp.com/consul-template/${pkgver}/consul-template_${pkgver}_linux_arm.zip) +source_aarch64=(${pkgname}-${pkgver}.zip::https://releases.hashicorp.com/consul-template/${pkgver}/consul-template_${pkgver}_linux_arm64.zip) +sha256sums=(3e678bbc1818519df21741f41b9bc60fe13c1ae0f09b1b1f707e041130484268 6fb7f113a9c529bcbeaec00835d86e6c99502848766c4286e6bc48c7f8a0a347 91274ea60b8c8f8511427f9ff85a82d92c80755668bae11c2e3fd00dbf440a9c) +sha256sums_x86_64=(9edf7cd9dfa0d83cd992e5501a480ea502968f15109aebe9ba2203648f3014db) +sha256sums_i686=(be13e676c5ae8c9de436e418f38aa092f221eec6c59e05dabd1c4959956eeb8f) +sha256sums_armv7h=(dc6ac0508dded2b39544dfefb80ebe907c820e72654a4f052d93d1272b079b3c) +sha256sums_aarch64=(54e973bf4cca8e860ba44d2ce762f2a69bbb5def7da3056566b9963226e87157) + +package() { + + install -Dm755 consul-template "${pkgdir}/usr/bin/consul-template" + install -Dm644 "${srcdir}/example.hcl" "${pkgdir}/etc/consul-template.d/example.hcl" + install -Dm644 "${srcdir}/consul-template@.service" "${pkgdir}/usr/lib/systemd/system/consul-template@.service" + install -Dm644 "${srcdir}/consul-template.target" "${pkgdir}/usr/lib/systemd/system/consul-template.target" + +} diff --git a/consul-template.target b/consul-template.target new file mode 100644 index 000000000000..76ea35988216 --- /dev/null +++ b/consul-template.target @@ -0,0 +1,5 @@ +[Unit] +Description=Target file for consul-template@ service templates + +[Install] +WantedBy=multi-user.target diff --git a/consul-template@.service b/consul-template@.service new file mode 100644 index 000000000000..99b0fb4c314c --- /dev/null +++ b/consul-template@.service @@ -0,0 +1,18 @@ +[Unit] +Description=Template (:%i) rendering, notifier, and supervisor for HashiCorp Consul and Vault +Documentation=https://github.com/hashicorp/consul-template +PartOf=consul-template.target + +[Service] + +# You want to run Consul-template as a non root user, particularly when using it in exec mode +# User=consul +# Group=consul + +EnvironmentFile=-/etc/default/consul-template +ExecStart=/usr/bin/consul-template -config /etc/consul-template.d/%i.hcl +ExecReload=/usr/bin/kill -HUP $MAINPID +KillSignal=SIGINT + +[Install] +WantedBy=multi-user.target diff --git a/example.hcl b/example.hcl new file mode 100644 index 000000000000..b973dce5cbce --- /dev/null +++ b/example.hcl @@ -0,0 +1,370 @@ +# This denotes the start of the configuration section for Consul Template. + +# This is the signal to listen for to trigger a reload event. The default +# value is shown below. Setting this value to the empty string will cause CT +# to not listen for any reload signals. +reload_signal = "SIGHUP" + +# This is the signal to listen for to trigger a graceful stop. The default +# value is shown below. Setting this value to the empty string will cause CT +# to not listen for any graceful stop signals. +kill_signal = "SIGINT" + +# This is the maximum interval to allow "stale" data. By default, only the +# Consul leader will respond to queries; any requests to a follower will +# forward to the leader. In large clusters with many requests, this is not as +# scalable, so this option allows any follower to respond to a query, so long +# as the last-replicated data is within these bounds. Higher values result in +# less cluster load, but are more likely to have outdated data. +max_stale = "10m" + +# This is amount of time in seconds to do a blocking query for. +# Many endpoints in Consul support a feature known as "blocking queries". +# A blocking query is used to wait for a potential change using long polling. +block_query_wait = "60s" + +# This is the log level. If you find a bug in Consul Template, please enable +# debug logs so we can help identify the issue. This is also available as a +# command line flag. +log_level = "warn" + +# This is the quiescence timers; it defines the minimum and maximum amount of +# time to wait for the cluster to reach a consistent state before rendering a +# template. This is useful to enable in systems that have a lot of flapping, +# because it will reduce the the number of times a template is rendered. +wait { + min = "5s" + max = "10s" +} + +# This is the path to store a PID file which will contain the process ID of the +# Consul Template process. This is useful if you plan to send custom signals +# to the process. +pid_file = "/path/to/pid" + +# This block defines the configuration for connecting to a syslog server for +# logging. +syslog { + # This enables syslog logging. Specifying any other option also enables + # syslog logging. + enabled = true + + # This is the name of the syslog facility to log to. + facility = "LOCAL5" +} + +# A template block defines the configuration for a template. Unlike other blocks, +# this block may be specified multiple times to configure multiple templates. +# It is also possible to configure templates via the CLI directly. +template { + # This is the source file on disk to use as the input template. This is often + # called the "Consul Template template". This option is required if not using + # the `contents` option. + source = "/path/on/disk/to/template.ctmpl" + + # This is the destination path on disk where the source template will render. + # If the parent directories do not exist, Consul Template will attempt to + # create them, unless create_dest_dirs is false. + destination = "/path/on/disk/where/template/will/render.txt" + + # This options tells Consul Template to create the parent directories of the + # destination path if they do not exist. The default value is true. + create_dest_dirs = true + + # This option allows embedding the contents of a template in the configuration + # file rather then supplying the `source` path to the template file. This is + # useful for short templates. This option is mutually exclusive with the + # `source` option. + contents = "{{ keyOrDefault \"service/redis/maxconns@east-aws\" \"5\" }}" + + # This is the optional command to run when the template is rendered. The + # command will only run if the resulting template changes. The command must + # return within 30s (configurable), and it must have a successful exit code. + # Consul Template is not a replacement for a process monitor or init system. + # Please see the [Command](#command) section below for more. + command = "restart service foo" + + # This is the maximum amount of time to wait for the optional command to + # return. If you set the timeout to 0s the command is run in the background + # without monitoring it for errors. If also using Once, consul-template can + # exit before the command is finished. Default is 30s. + command_timeout = "60s" + + # Exit with an error when accessing a struct or map field/key that does not + # exist. The default behavior will print "<no value>" when accessing a field + # that does not exist. It is highly recommended you set this to "true" when + # retrieving secrets from Vault. + error_on_missing_key = false + + # This is the permission to render the file. If this option is left + # unspecified, Consul Template will attempt to match the permissions of the + # file that already exists at the destination path. If no file exists at that + # path, the permissions are 0644. + perms = 0600 + + # This option backs up the previously rendered template at the destination + # path before writing a new one. It keeps exactly one backup. This option is + # useful for preventing accidental changes to the data without having a + # rollback strategy. + backup = true + + # These are the delimiters to use in the template. The default is "{{" and + # "}}", but for some templates, it may be easier to use a different delimiter + # that does not conflict with the output file itself. + left_delimiter = "{{" + right_delimiter = "}}" + + # These are functions that are not permitted in the template. If a template + # includes one of these functions, it will exit with an error. + function_blacklist = [] + + # If a sandbox path is provided, any path provided to the `file` function is + # checked that it falls within the sandbox path. Relative paths that try to + # traverse outside the sandbox path will exit with an error. + sandbox_path = "" + + # This is the `minimum(:maximum)` to wait before rendering a new template to + # disk and triggering a command, separated by a colon (`:`). If the optional + # maximum value is omitted, it is assumed to be 4x the required minimum value. + # This is a numeric time with a unit suffix ("5s"). There is no default value. + # The wait value for a template takes precedence over any globally-configured + # wait. + wait { + min = "2s" + max = "10s" + } +} + +# This block defines the configuration for running Consul Template in exec mode. +exec { + # This is the command to exec as a child process. There can be only one + # command per Consul Template process. + command = "/usr/bin/app" + + # This is a random splay to wait before killing the command. The default + # value is 0 (no wait), but large clusters should consider setting a splay + # value to prevent all child processes from reloading at the same time when + # data changes occur. When this value is set to non-zero, Consul Template + # will wait a random period of time up to the splay value before reloading + # or killing the child process. This can be used to prevent the thundering + # herd problem on applications that do not gracefully reload. + splay = "5s" + + env { + # This specifies if the child process should not inherit the parent + # process's environment. By default, the child will have full access to the + # environment variables of the parent. Setting this to true will send only + # the values specified in `custom_env` to the child process. + pristine = false + + # This specifies additional custom environment variables in the form shown + # below to inject into the child's runtime environment. If a custom + # environment variable shares its name with a system environment variable, + # the custom environment variable takes precedence. Even if pristine, + # whitelist, or blacklist is specified, all values in this option + # are given to the child process. + custom = ["PATH=$PATH:/etc/myapp/bin"] + + # This specifies a list of environment variables to exclusively include in + # the list of environment variables exposed to the child process. If + # specified, only those environment variables matching the given patterns + # are exposed to the child process. These strings are matched using Go's + # glob function, so wildcards are permitted. + whitelist = ["CONSUL_*"] + + # This specifies a list of environment variables to exclusively prohibit in + # the list of environment variables exposed to the child process. If + # specified, any environment variables matching the given patterns will not + # be exposed to the child process, even if they are whitelisted. The values + # in this option take precedence over the values in the whitelist. + # These strings are matched using Go's glob function, so wildcards are + # permitted. + blacklist = ["VAULT_*"] + } + + # This defines the signal that will be sent to the child process when a + # change occurs in a watched template. The signal will only be sent after the + # process is started, and the process will only be started after all + # dependent templates have been rendered at least once. The default value is + # nil, which tells Consul Template to stop the child process and spawn a new + # one instead of sending it a signal. This is useful for legacy applications + # or applications that cannot properly reload their configuration without a + # full reload. + reload_signal = "" + + # This defines the signal sent to the child process when Consul Template is + # gracefully shutting down. The application should begin a graceful cleanup. + # If the application does not terminate before the `kill_timeout`, it will + # be terminated (effectively "kill -9"). The default value is "SIGINT". + kill_signal = "SIGINT" + + # This defines the amount of time to wait for the child process to gracefully + # terminate when Consul Template exits. After this specified time, the child + # process will be force-killed (effectively "kill -9"). The default value is + # "30s". + kill_timeout = "2s" +} + +# This denotes the start of the configuration section for Consul. All values +# contained in this section pertain to Consul. +consul { + # This block specifies the basic authentication information to pass with the + # request. For more information on authentication, please see the Consul + # documentation. + auth { + enabled = true + username = "test" + password = "test" + } + + # This is the address of the Consul agent. By default, this is + # 127.0.0.1:8500, which is the default bind and port for a local Consul + # agent. It is not recommended that you communicate directly with a Consul + # server, and instead communicate with the local Consul agent. There are many + # reasons for this, most importantly the Consul agent is able to multiplex + # connections to the Consul server and reduce the number of open HTTP + # connections. Additionally, it provides a "well-known" IP address for which + # clients can connect. + address = "127.0.0.1:8500" + + # This is a Consul Enterprise namespace to use for reading/writing. This can + # also be set via the CONSUL_NAMESPACE environment variable. + # BETA: this is to be considered a beta feature as it has had limited testing + namespace = "" + + # This is the ACL token to use when connecting to Consul. If you did not + # enable ACLs on your Consul cluster, you do not need to set this option. + # + # This option is also available via the environment variable CONSUL_TOKEN. + # It is highly recommended that you do not put your token in plain-text in a + # configuration file. + token = "" + + # This controls the retry behavior when an error is returned from Consul. + # Consul Template is highly fault tolerant, meaning it does not exit in the + # face of failure. Instead, it uses exponential back-off and retry functions + # to wait for the cluster to become available, as is customary in distributed + # systems. + retry { + # This enabled retries. Retries are enabled by default, so this is + # redundant. + enabled = true + + # This specifies the number of attempts to make before giving up. Each + # attempt adds the exponential backoff sleep time. Setting this to + # zero will implement an unlimited number of retries. + attempts = 12 + + # This is the base amount of time to sleep between retry attempts. Each + # retry sleeps for an exponent of 2 longer than this base. For 5 retries, + # the sleep times would be: 250ms, 500ms, 1s, 2s, then 4s. + backoff = "250ms" + + # This is the maximum amount of time to sleep between retry attempts. + # When max_backoff is set to zero, there is no upper limit to the + # exponential sleep between retry attempts. + # If max_backoff is set to 10s and backoff is set to 1s, sleep times + # would be: 1s, 2s, 4s, 8s, 10s, 10s, ... + max_backoff = "1m" + } + + # This block configures the SSL options for connecting to the Consul server. + ssl { + # This enables SSL. Specifying any option for SSL will also enable it. + enabled = true + + # This enables SSL peer verification. The default value is "true", which + # will check the global CA chain to make sure the given certificates are + # valid. If you are using a self-signed certificate that you have not added + # to the CA chain, you may want to disable SSL verification. However, please + # understand this is a potential security vulnerability. + verify = false + + # This is the path to the certificate to use to authenticate. If just a + # certificate is provided, it is assumed to contain both the certificate and + # the key to convert to an X509 certificate. If both the certificate and + # key are specified, Consul Template will automatically combine them into an + # X509 certificate for you. + cert = "/path/to/client/cert" + key = "/path/to/client/key" + + # This is the path to the certificate authority to use as a CA. This is + # useful for self-signed certificates or for organizations using their own + # internal certificate authority. + ca_cert = "/path/to/ca" + + # This is the path to a directory of PEM-encoded CA cert files. If both + # `ca_cert` and `ca_path` is specified, `ca_cert` is preferred. + ca_path = "path/to/certs/" + + # This sets the SNI server name to use for validation. + server_name = "my-server.com" + } +} + +# This denotes the start of the configuration section for Vault. All values +# contained in this section pertain to Vault. +vault { + # This is the address of the Vault leader. The protocol (http(s)) portion + # of the address is required. + address = "https://vault.service.consul:8200" + + # This is a Vault Enterprise namespace to use for reading/writing secrets. + # + # This value can also be specified via the environment variable VAULT_NAMESPACE. + namespace = "" + + # This is the token to use when communicating with the Vault server. + # Like other tools that integrate with Vault, Consul Template makes the + # assumption that you provide it with a Vault token; it does not have the + # incorporated logic to generate tokens via Vault's auth methods. + # + # This value can also be specified via the environment variable VAULT_TOKEN. + # It is highly recommended that you do not put your token in plain-text in a + # configuration file. + # + # When using a token from Vault Agent, the vault_agent_token_file setting + # should be used instead, as that will take precedence over this field. + token = "" + + # This tells Consul Template to load the Vault token from the contents of a file. + # If this field is specified: + # - by default Consul Template will not try to renew the Vault token, if you want it + # to renew you will need to specify renew_token = true as below. + # - Consul Template will periodically stat the file and update the token if it has + # changed. + # vault_agent_token_file = "/tmp/vault/agent/token" + + # This tells Consul Template that the provided token is actually a wrapped + # token that should be unwrapped using Vault's cubbyhole response wrapping + # before being used. Please see Vault's cubbyhole response wrapping + # documentation for more information. + unwrap_token = true + + # This option tells Consul Template to automatically renew the Vault token + # given. If you are unfamiliar with Vault's architecture, Vault requires + # tokens be renewed at some regular interval or they will be revoked. Consul + # Template will automatically renew the token at half the lease duration of + # the token. The default value is true, but this option can be disabled if + # you want to renew the Vault token using an out-of-band process. + # + # Note that secrets specified in a template (using {{secret}} for example) + # are always renewed, even if this option is set to false. This option only + # applies to the top-level Vault token itself. + renew_token = true + + # This section details the retry options for connecting to Vault. Please see + # the retry options in the Consul section for more information (they are the + # same). + retry { + # ... + } + + # This section details the SSL options for connecting to the Vault server. + # Please see the SSL options in the Consul section for more information (they + # are the same). + ssl { + # ... + } +} + |