Merge branch 'master' of github.com:telmich/cdist

cdist/conf/explorer/os

@@ -77,6 +77,11 @@ if grep -q ^Fedora /etc/redhat-release 2>/dev/null; then
    exit 0
 fi
 
+if grep -q ^Mitel /etc/redhat-release 2>/dev/null; then
+   echo mitel
+   exit 0
+fi
+
 if [ -f /etc/redhat-release ]; then
    echo redhat
    exit 0

cdist/conf/explorer/os_version

@@ -51,7 +51,7 @@ case "$($__explorer/os)" in
    owl)
       cat /etc/owl-release
    ;;
-   redhat|centos)
+   redhat|centos|mitel)
       cat /etc/redhat-release
    ;;
    slackware)

cdist/conf/type/__consul_agent/files/consul-prepare.upstart

@@ -0,0 +1,9 @@
+start on starting consul
+
+task
+
+script
+   mkdir -p /var/run/consul
+   chown consul:consul /var/run/consul
+   chmod 2770 /var/run/consul
+end script

cdist/conf/type/__consul_agent/files/consul.systemd

@@ -7,6 +7,11 @@ After=basic.target network.target
 User=consul
 Group=consul
 Environment="GOMAXPROCS=2"
+# Run ExecStartPre with root-permissions
+PermissionsStartOnly=true
+ExecStartPre=/usr/bin/mkdir -p /var/run/consul
+ExecStartPre=/usr/bin/chown consul:consul /var/run/consul
+ExecStartPre=/usr/bin/chmod 2770 /var/run/consul
 ExecStart=/usr/local/bin/consul agent -config-dir /etc/consul/conf.d
 ExecReload=/bin/kill -HUP $MAINPID
 KillMode=process

cdist/conf/type/__consul_agent/files/consul.sysv-debian

@@ -1,6 +1,7 @@
 #!/bin/sh
 #
 # 2015 Nico Schottelius (nico-cdist at schottelius.org)
+# 2015 Steven Armstrong (steven-cdist at armstrong.cc)
 #
 # This file is part of cdist.
 #
@@ -29,6 +30,10 @@ CONSUL=/usr/local/bin/consul
 CONFIG=/etc/$NAME/conf.d
 PID_FILE=/var/run/$NAME/pidfile
 
+mkdir -p /var/run/$NAME
+chown consul:consul /var/run/$NAME
+chmod 2770 /var/run/$NAME
+
 export PATH="${PATH:+$PATH:}/usr/sbin:/sbin"
 
 case "$1" in
@@ -51,7 +56,7 @@ case "$1" in
             log_end_msg 1 || true
         fi
     ;;
-    
+
     reload)
         log_daemon_msg "Reloading consul agent" "consul" || true
         if start-stop-daemon --stop --signal HUP --quiet --oknodo --pidfile $PID_FILE --exec $CONSUL; then

cdist/conf/type/__consul_agent/files/consul.sysv-redhat

@@ -22,7 +22,9 @@ LOG_FILE=/var/log/$NAME
 export GOMAXPROCS=${GOMAXPROCS:-2}
 
 mkdir -p /var/run/$NAME
-chown consul /var/run/$NAME
+chown consul:consul /var/run/$NAME
+chmod 2770 /var/run/$NAME
+
 
 start() {
    echo -n "Starting $NAME: "
@@ -36,7 +38,7 @@ start() {
 
 stop() {
    echo -n "Shutting down $NAME: "
-   "$CONSUL" leave
+   killproc -p "$PID_FILE" $NAME
    retcode=$?
    rm -f /var/lock/subsys/$NAME
    return $retcode
@@ -86,7 +88,7 @@ case "$1" in
       fi
    ;;
    *)
-      echo "Usage: $NAME {start|stop|status|reload|restart}"
+      echo "Usage: $NAME {start|stop|status|reload|restart|condrestart|info}"
       exit 1
    ;;
 esac

cdist/conf/type/__consul_agent/manifest

@@ -132,10 +132,10 @@ if [ -f "$__object/parameter/json-config" ]; then
    if [ "$json_config" = "-" ]; then
       json_config="$__object/stdin"
    fi
-   printf ','
-   # remove trailing ,
-   json=$(cat "$json_config")
-   echo "${json%*,}"
+   # remove leading and trailing whitespace and commas from first and last line
+   # indent each line with 3 spaces for consistency
+   json=$(sed -e 's/^[ \t]*/   /' -e '1s/^[ \t,]*//' -e '$s/[ \t,]*$//' "$json_config")
+   printf '   ,%s\n' "$json"
 fi
 echo "}"
 ) | \
@@ -166,10 +166,15 @@ init_systemd()
 
 init_upstart()
 {
-    __file /etc/init/consul.conf \
+    __file /etc/init/consul-prepare.conf \
         --owner root --group root --mode 0644 \
         --state "$state" \
-        --source "$__type/files/consul.upstart"
+        --source "$__type/files/consul-prepare.upstart"
+    require="__file/etc/init/consul-prepare.conf" \
+        __file /etc/init/consul.conf \
+            --owner root --group root --mode 0644 \
+            --state "$state" \
+            --source "$__type/files/consul.upstart"
     require="__file/etc/init/consul.conf" __start_on_boot consul
 }
 

cdist/conf/type/__consul_template/files/versions/0.10.0/cksum

@@ -0,0 +1 @@
+3401777891 9273880 consul-template

cdist/conf/type/__consul_template/files/versions/0.10.0/source

@@ -1 +1 @@
-https://github.com/hashicorp/consul-template/releases/download/v0.6.5/consul-template_0.6.5_linux_amd64.tar.gz
+https://github.com/hashicorp/consul-template/releases/download/v0.10.0/consul-template_0.10.0_linux_amd64.tar.gz

cdist/conf/type/__consul_template/files/versions/0.6.5/cksum

@@ -1 +0,0 @@
-1356006333 8496656 consul-template

cdist/conf/type/__consul_template/man.text

@@ -24,13 +24,19 @@ None.
 
 OPTIONAL PARAMETERS
 -------------------
-auth::
-   specify a username (and password) for basic authentication.
+auth-username::
+   specify a username for basic authentication.
+auth-password::
+   specify a password for basic authentication.
 batch-size::
    the size of the batch when polling multiple dependencies.
 consul::
    the location of the Consul instance to query (may be an IP address or FQDN) with port.
    Defaults to 'localhost:8500'.
+log-level::
+   The log level for output. This applies to the stdout/stderr logging as well
+   as syslog logging (if enabled). Valid values are "debug", "info", "warn",
+   and "err". The default value is "warn".
 max-stale::
    the maximum staleness of a query. If specified, Consul will distribute work among all
    servers instead of just the leader.
@@ -39,8 +45,27 @@ retry::
    with the API.
 state::
    either 'present' or 'absent'. Defaults to 'present'
+ssl-cert::
+   Path to an SSL client certificate to use to authenticate to the consul server.
+   Useful if the consul server "verify_incoming" option is set.
+ssl-ca-cert::
+   Path to a CA certificate file, containing one or more CA certificates to
+   use to validate the certificate sent by the consul server to us. This is a
+   handy alternative to setting --ssl-no-verify if you are using your own CA.
+syslog-facility::
+   The facility to use when sending to syslog. This requires the use of --syslog.
+   The default value is LOCAL0.
 token::
    the Consul API token.
+vault-address::
+   the location of the Vault instance to query (may be an IP address or FQDN) with port.
+vault-token::
+   the Vault API token.
+vault-ssl-cert::
+   Path to an SSL client certificate to use to authenticate to the vault server.
+vault-ssl-ca-cert::
+   Path to a CA certificate file, containing one or more CA certificates to
+   use to validate the certificate sent by the vault server to us.
 version::
    which version of consul-template to install. See ./files/versions for a list of
    supported versions. Defaults to the latest known version.
@@ -56,6 +81,12 @@ ssl::
    use HTTPS while talking to Consul. Requires the Consul server to be configured to serve secure connections.
 ssl-no-verify::
    ignore certificate warnings. Only used if ssl is enabled.
+syslog::
+   Send log output to syslog (in addition to stdout and stderr).
+vault-ssl::
+   use HTTPS while talking to Vault. Requires the Vault server to be configured to serve secure connections.
+vault-ssl-no-verify::
+   ignore certificate warnings. Only used if vault is enabled.
 
 
 EXAMPLES

cdist/conf/type/__consul_template/manifest

@@ -77,17 +77,64 @@ require="__directory/etc/consul-template" \
 (
 for param in $(ls "$__object/parameter/"); do
    case "$param" in
-      ssl|ssl-no-verify) # boolean
-         key="$(echo "$param" | tr '-' '_')"
-         printf '%s = true\n' "$key"
+      auth-password|state|ssl-*|syslog-*|version|vault-token|vault-ssl*) continue ;;
+      auth-username)
+         printf 'auth {\n'
+         printf '  enabled = true\n'
+         printf '  username = "%s"\n' "$(cat "$__object/parameter/auth-username")"
+         if [ -f "$__object/parameter/auth-password" ]; then
+            printf '  password = %s\n' "$(cat "$__object/parameter/auth-password")"
+         fi
+         printf '}\n'
       ;;
-      auth|batch-size|consul|max-stale|retry|token|wait)
-         key="$(echo "$param" | tr '-' '_')"
-         printf '%s = "%s"\n' "$key" "$(cat "$__object/parameter/$param")"
+      ssl)
+         printf 'ssl {\n'
+         printf '  enabled = true\n'
+         if [ -f "$__object/parameter/ssl-no-verify" ]; then
+            printf '  verify = false\n'
+         fi
+         if [ -f "$__object/parameter/ssl-cert" ]; then
+            printf '  cert = "%s"\n' "$(cat "$__object/parameter/ssl-cert")"
+         fi
+         if [ -f "$__object/parameter/ssl-ca-cert" ]; then
+            printf '  ca_cert = "%s"\n' "$(cat "$__object/parameter/ssl-ca-cert")"
+         fi
+         printf '}\n'
+      ;;
+      syslog)
+         printf 'syslog {\n'
+         printf '  enabled = true\n'
+         if [ -f "$__object/parameter/syslog-facility" ]; then
+            printf '  facility = "%s"\n' "$(cat "$__object/parameter/syslog-facility")"
+         fi
+         printf '}\n'
+      ;;
+      vault-address)
+         printf 'vault {\n'
+         printf '  address = "%s"\n' "$(cat "$__object/parameter/vault-address")"
+         if [ -f "$__object/parameter/vault-token" ]; then
+            printf '  token = "%s"\n' "$(cat "$__object/parameter/vault-token")"
+         fi
+         if [ -f "$__object/parameter/vault-ssl" ]; then
+         printf '  ssl {\n'
+         printf '    enabled = true\n'
+         if [ -f "$__object/parameter/vault-ssl-no-verify" ]; then
+            printf '    verify = false\n'
+         fi
+         if [ -f "$__object/parameter/vault-ssl-cert" ]; then
+            printf '    cert = "%s"\n' "$(cat "$__object/parameter/vault-ssl-cert")"
+         fi
+         if [ -f "$__object/parameter/vault-ssl-ca-cert" ]; then
+            printf '    ca_cert = "%s"\n' "$(cat "$__object/parameter/vault-ssl-ca-cert")"
+         fi
+         printf '  }\n'
+         fi
+         printf '}\n'
       ;;
       *)
-         # ignore unknown parameters
-         :
+         # string key=value parameters
+         key="$(echo "$param" | tr '-' '_')"
+         printf '%s = "%s"\n' "$key" "$(cat "$__object/parameter/$param")"
       ;;
    esac
 done

cdist/conf/type/__consul_template/notes

@@ -0,0 +1,93 @@
+# < 0.7.0
+ssl = true
+ssl_no_verify = true
+
+# >= 0.7.0
+ssl {
+   enabled = true
+   verify = false
+}
+
+# >= 0.9.0
+ssl-cert
+ssl-ca-cert
+
+
+
+--------------------------------------------------------------------------------
+### from docs
+
+
+ssl {
+  enabled = true
+  verify = false
+  cert = "/path/to/client/cert.pem"
+  ca_cert = "/path/to/ca/cert.pem"
+}
+
+
+ssl
+   Use HTTPS while talking to Consul. Requires the Consul server to be configured to serve secure connections. The default value is false.
+
+ssl-verify
+   Verify certificates when connecting via SSL. This requires the use of -ssl. The default value is true.
+
+ssl-cert
+   Path to an SSL client certificate to use to authenticate to the consul server. Useful if the consul server "verify_incoming" option is set.
+
+ssl-ca-cert
+   Path to a CA certificate file, containing one or more CA certificates to use to validate the certificate sent by the consul server to us. This is a handy alternative to setting --ssl-verify=false if you are using your own CA.
+
+--------------------------------------------------------------------------------
+
+### example config file from docs
+
+consul = "127.0.0.1:8500"
+token = "abcd1234" // May also be specified via the envvar CONSUL_TOKEN
+retry = "10s"
+max_stale = "10m"
+log_level = "warn"
+pid_file = "/path/to/pid"
+
+vault {
+  address = "https://vault.service.consul:8200"
+  token = "abcd1234" // May also be specified via the envvar VAULT_TOKEN
+  ssl {
+    enabled = true
+    verify = true
+    cert = "/path/to/client/cert.pem"
+    ca_cert = "/path/to/ca/cert.pem"
+  }
+}
+
+
+--auth-username
+--auth-password
+# if any are given enabled = true
+auth {
+  enabled = true
+  username = "test"
+  password = "test"
+}
+
+ssl {
+  enabled = true
+  verify = false
+  cert = "/path/to/client/cert.pem"
+  ca_cert = "/path/to/ca/cert.pem"
+}
+
+syslog {
+  enabled = true
+  facility = "LOCAL5"
+}
+
+template {
+  source = "/path/on/disk/to/template"
+  destination = "/path/on/disk/where/template/will/render"
+  command = "optional command to run when the template is updated"
+}
+
+template {
+  // Multiple template definitions are supported
+}

cdist/conf/type/__consul_template/parameter/boolean

@@ -1,2 +1,5 @@
 ssl
 ssl-no-verify
+syslog
+vault-ssl
+vault-ssl-no-verify

cdist/conf/type/__consul_template/parameter/default/log-level

@@ -0,0 +1 @@
+warn

cdist/conf/type/__consul_template/parameter/default/syslog-facility

@@ -0,0 +1 @@
+LOCAL0

cdist/conf/type/__consul_template/parameter/default/version

@@ -1 +1 @@
-0.6.5
+0.10.0

cdist/conf/type/__consul_template/parameter/optional

@@ -1,9 +1,18 @@
-auth
+auth-username
+auth-password
 batch-size
 consul
+log-level
 max-stale
 retry
 state
+ssl-cert
+ssl-ca-cert
+syslog-facility
 token
+vault-address
+vault-token
+vault-ssl-cert
+vault-ssl-ca-cert
 version
 wait

cdist/conf/type/__consul_template/todo

@@ -1,2 +0,0 @@
-- add support for latest version 0.7.0
-   - config file format has changed

docs/changelog

@@ -5,6 +5,8 @@ next:
 	* Documentation: Fix spelling in manual pages (Dmitry Bogatov)
 	* New type: __pacman_conf: Manage pacman.conf (Dominique Roux)
 	* New type: __pacman_conf_integrate: cdist compatible pacman.conf (Dominique Roux)
+	* Type __consul: Do not install unused package unzip (Steven Armstrong)
+	* Type __consul: Add source & cksum for 0.5.2 (Steven Armstrong)
 	* Core: Support object ids '.cdist' (Nico Schottelius)
 	* Type __apt_norecommends: Also setup autoremove options (Dmitry Bogatov)
 	* Type __user_groups: Add NetBSD support (Jonathan A. Kollasch)