Date: Sunday, May 30, 2021 @ 00:03:43 Author: shibumi Revision: 950304
archrelease: copy trunk to community-x86_64 Added: consul-template/repos/community-x86_64/PKGBUILD (from rev 950303, consul-template/trunk/PKGBUILD) consul-template/repos/community-x86_64/consul-template.hcl (from rev 950303, consul-template/trunk/consul-template.hcl) consul-template/repos/community-x86_64/consul-template.service (from rev 950303, consul-template/trunk/consul-template.service) Deleted: consul-template/repos/community-x86_64/PKGBUILD consul-template/repos/community-x86_64/consul-template.hcl consul-template/repos/community-x86_64/consul-template.service -------------------------+ PKGBUILD | 94 +++--- consul-template.hcl | 700 +++++++++++++++++++++++----------------------- consul-template.service | 24 - 3 files changed, 409 insertions(+), 409 deletions(-) Deleted: PKGBUILD =================================================================== --- PKGBUILD 2021-05-30 00:03:37 UTC (rev 950303) +++ PKGBUILD 2021-05-30 00:03:43 UTC (rev 950304) @@ -1,47 +0,0 @@ -# Maintainer: Christian Rebischke <chris.rebisc...@archlinux.org> -# Contributor: Tyler Langlois <ty |at| tjll |dot| net> -# Contributor: Tim Meusel <t...@bastelfreak.de> -pkgname=consul-template -pkgver=0.22.1 -pkgrel=3 -pkgdesc='Template rendering, notifier, and supervisor for HashiCorp Consul and Vault data' -arch=('x86_64') -url='https://github.com/hashicorp/consul-template' -license=('MPL') -backup=("etc/${pkgname}/${pkgname}.hcl") -makedepends=('go' 'git') -depends=('glibc') -optdepends=('consul: interpolate values from a distributed key/value store' - 'vault: reference secure secrets in template files') -_consul_template_commit='005b42eb2414a945dfe205dba58f64cc3546a7b5' -source=("git+https://github.com/hashicorp/consul-template#commit=${_consul_template_commit}" - "${pkgname}.service" - "${pkgname}.hcl") -sha512sums=('SKIP' - '8b187ff470fb10b47b815b2faaad836ac369071c8ce7e353ec0cbc98e3b1ac2ffc9c892244ac492be1285caa303c4b5fd0a22df3bdb2a037fca1b06c7b24084b' - 'b2acfbb4bf389b1d95ca9a5f2dfe9be85444c20efdae63f0e6e34d2f33a16ca1d089e6510b6867f74c3b4390a097952ab235c55e4023245e61cc4318622d5674') - -prepare() { - export GOPATH="${srcdir}" - export PATH="$PATH:$GOPATH/bin" - mkdir -p src/github.com/hashicorp/ - mv "${pkgname}" src/github.com/hashicorp/ - export GO111MODULE=on -} - -build() { - cd src/github.com/hashicorp/"${pkgname}" - export CGO_CPPFLAGS="${CPPFLAGS}" - export CGO_CFLAGS="${CFLAGS}" - export CGO_CXXFLAGS="${CXXFLAGS}" - export CGO_LDFLAGS="${LDFLAGS}" - export GOFLAGS="-buildmode=pie -trimpath -mod=readonly -modcacherw" - go build -o consul-template-binary -} - -package() { - cd src/github.com/hashicorp/"${pkgname}" - install -Dm755 consul-template-binary "${pkgdir}/usr/bin/consul-template" - install -Dm644 "${srcdir}/${pkgname}.hcl" "${pkgdir}/etc/${pkgname}/${pkgname}.hcl" - install -Dm644 "${srcdir}/${pkgname}.service" "${pkgdir}/usr/lib/systemd/system/${pkgname}.service" -} Copied: consul-template/repos/community-x86_64/PKGBUILD (from rev 950303, consul-template/trunk/PKGBUILD) =================================================================== --- PKGBUILD (rev 0) +++ PKGBUILD 2021-05-30 00:03:43 UTC (rev 950304) @@ -0,0 +1,47 @@ +# Maintainer: Christian Rebischke <chris.rebisc...@archlinux.org> +# Contributor: Tyler Langlois <ty |at| tjll |dot| net> +# Contributor: Tim Meusel <t...@bastelfreak.de> +pkgname=consul-template +pkgver=0.25.2 +pkgrel=1 +pkgdesc='Template rendering, notifier, and supervisor for HashiCorp Consul and Vault data' +arch=('x86_64') +url='https://github.com/hashicorp/consul-template' +license=('MPL') +backup=("etc/${pkgname}/${pkgname}.hcl") +makedepends=('go' 'git') +depends=('glibc') +optdepends=('consul: interpolate values from a distributed key/value store' + 'vault: reference secure secrets in template files') +_consul_template_commit='870905de57f085588c3b718b779d8550aefc5dcf' +source=("git+https://github.com/hashicorp/consul-template#commit=${_consul_template_commit}" + "${pkgname}.service" + "${pkgname}.hcl") +sha512sums=('SKIP' + '8b187ff470fb10b47b815b2faaad836ac369071c8ce7e353ec0cbc98e3b1ac2ffc9c892244ac492be1285caa303c4b5fd0a22df3bdb2a037fca1b06c7b24084b' + 'b2acfbb4bf389b1d95ca9a5f2dfe9be85444c20efdae63f0e6e34d2f33a16ca1d089e6510b6867f74c3b4390a097952ab235c55e4023245e61cc4318622d5674') + +prepare() { + export GOPATH="${srcdir}" + export PATH="$PATH:$GOPATH/bin" + mkdir -p src/github.com/hashicorp/ + mv "${pkgname}" src/github.com/hashicorp/ + export GO111MODULE=on +} + +build() { + cd src/github.com/hashicorp/"${pkgname}" + export CGO_CPPFLAGS="${CPPFLAGS}" + export CGO_CFLAGS="${CFLAGS}" + export CGO_CXXFLAGS="${CXXFLAGS}" + export CGO_LDFLAGS="${LDFLAGS}" + export GOFLAGS="-buildmode=pie -trimpath -mod=readonly -modcacherw" + go build -o consul-template-binary +} + +package() { + cd src/github.com/hashicorp/"${pkgname}" + install -Dm755 consul-template-binary "${pkgdir}/usr/bin/consul-template" + install -Dm644 "${srcdir}/${pkgname}.hcl" "${pkgdir}/etc/${pkgname}/${pkgname}.hcl" + install -Dm644 "${srcdir}/${pkgname}.service" "${pkgdir}/usr/lib/systemd/system/${pkgname}.service" +} Deleted: consul-template.hcl =================================================================== --- consul-template.hcl 2021-05-30 00:03:37 UTC (rev 950303) +++ consul-template.hcl 2021-05-30 00:03:43 UTC (rev 950304) @@ -1,350 +0,0 @@ -# This denotes the start of the configuration section for Consul. All values -# contained in this section pertain to Consul. -consul { - # This block specifies the basic authentication information to pass with the - # request. For more information on authentication, please see the Consul - # documentation. - auth { - enabled = true - username = "test" - password = "test" - } - - # This is the address of the Consul agent. By default, this is - # 127.0.0.1:8500, which is the default bind and port for a local Consul - # agent. It is not recommended that you communicate directly with a Consul - # server, and instead communicate with the local Consul agent. There are many - # reasons for this, most importantly the Consul agent is able to multiplex - # connections to the Consul server and reduce the number of open HTTP - # connections. Additionally, it provides a "well-known" IP address for which - # clients can connect. - address = "127.0.0.1:8500" - - # This is the ACL token to use when connecting to Consul. If you did not - # enable ACLs on your Consul cluster, you do not need to set this option. - # - # This option is also available via the environment variable CONSUL_TOKEN. - token = "abcd1234" - - # This controls the retry behavior when an error is returned from Consul. - # Consul Template is highly fault tolerant, meaning it does not exit in the - # face of failure. Instead, it uses exponential back-off and retry functions - # to wait for the cluster to become available, as is customary in distributed - # systems. - retry { - # This enabled retries. Retries are enabled by default, so this is - # redundant. - enabled = true - - # This specifies the number of attempts to make before giving up. Each - # attempt adds the exponential backoff sleep time. Setting this to - # zero will implement an unlimited number of retries. - attempts = 12 - - # This is the base amount of time to sleep between retry attempts. Each - # retry sleeps for an exponent of 2 longer than this base. For 5 retries, - # the sleep times would be: 250ms, 500ms, 1s, 2s, then 4s. - backoff = "250ms" - - # This is the maximum amount of time to sleep between retry attempts. - # When max_backoff is set to zero, there is no upper limit to the - # exponential sleep between retry attempts. - # If max_backoff is set to 10s and backoff is set to 1s, sleep times - # would be: 1s, 2s, 4s, 8s, 10s, 10s, ... - max_backoff = "1m" - } - - # This block configures the SSL options for connecting to the Consul server. - ssl { - # This enables SSL. Specifying any option for SSL will also enable it. - enabled = true - - # This enables SSL peer verification. The default value is "true", which - # will check the global CA chain to make sure the given certificates are - # valid. If you are using a self-signed certificate that you have not added - # to the CA chain, you may want to disable SSL verification. However, please - # understand this is a potential security vulnerability. - verify = false - - # This is the path to the certificate to use to authenticate. If just a - # certificate is provided, it is assumed to contain both the certificate and - # the key to convert to an X509 certificate. If both the certificate and - # key are specified, Consul Template will automatically combine them into an - # X509 certificate for you. - cert = "/path/to/client/cert" - key = "/path/to/client/key" - - # This is the path to the certificate authority to use as a CA. This is - # useful for self-signed certificates or for organizations using their own - # internal certificate authority. - ca_cert = "/path/to/ca" - - # This is the path to a directory of PEM-encoded CA cert files. If both - # `ca_cert` and `ca_path` is specified, `ca_cert` is preferred. - ca_path = "path/to/certs/" - - # This sets the SNI server name to use for validation. - server_name = "my-server.com" - } -} - -# This is the signal to listen for to trigger a reload event. The default -# value is shown below. Setting this value to the empty string will cause CT -# to not listen for any reload signals. -reload_signal = "SIGHUP" - -# This is the signal to listen for to trigger a graceful stop. The default -# value is shown below. Setting this value to the empty string will cause CT -# to not listen for any graceful stop signals. -kill_signal = "SIGINT" - -# This is the maximum interval to allow "stale" data. By default, only the -# Consul leader will respond to queries; any requests to a follower will -# forward to the leader. In large clusters with many requests, this is not as -# scalable, so this option allows any follower to respond to a query, so long -# as the last-replicated data is within these bounds. Higher values result in -# less cluster load, but are more likely to have outdated data. -max_stale = "10m" - -# This is the log level. If you find a bug in Consul Template, please enable -# debug logs so we can help identify the issue. This is also available as a -# command line flag. -log_level = "warn" - -# This is the path to store a PID file which will contain the process ID of the -# Consul Template process. This is useful if you plan to send custom signals -# to the process. -pid_file = "/path/to/pid" - -# This is the quiescence timers; it defines the minimum and maximum amount of -# time to wait for the cluster to reach a consistent state before rendering a -# template. This is useful to enable in systems that have a lot of flapping, -# because it will reduce the the number of times a template is rendered. -wait { - min = "5s" - max = "10s" -} - -# This denotes the start of the configuration section for Vault. All values -# contained in this section pertain to Vault. -vault { - # This is the address of the Vault leader. The protocol (http(s)) portion - # of the address is required. - address = "https://vault.service.consul:8200" - - # This is the grace period between lease renewal of periodic secrets and secret - # re-acquisition. When renewing a secret, if the remaining lease is less than or - # equal to the configured grace, Consul Template will request a new credential. - # This prevents Vault from revoking the credential at expiration and Consul - # Template having a stale credential. - # - # Note: If you set this to a value that is higher than your default TTL or - # max TTL, Consul Template will always read a new secret! - grace = "5m" - - # This is the token to use when communicating with the Vault server. - # Like other tools that integrate with Vault, Consul Template makes the - # assumption that you provide it with a Vault token; it does not have the - # incorporated logic to generate tokens via Vault's auth methods. - # - # This value can also be specified via the environment variable VAULT_TOKEN. - token = "abcd1234" - - # This tells Consul Template that the provided token is actually a wrapped - # token that should be unwrapped using Vault's cubbyhole response wrapping - # before being used. Please see Vault's cubbyhole response wrapping - # documentation for more information. - unwrap_token = true - - # This option tells Consul Template to automatically renew the Vault token - # given. If you are unfamiliar with Vault's architecture, Vault requires - # tokens be renewed at some regular interval or they will be revoked. Consul - # Template will automatically renew the token at half the lease duration of - # the token. The default value is true, but this option can be disabled if - # you want to renew the Vault token using an out-of-band process. - # - # Note that secrets specified in a template (using {{secret}} for example) - # are always renewed, even if this option is set to false. This option only - # applies to the top-level Vault token itself. - renew_token = true - - # This section details the retry options for connecting to Vault. Please see - # the retry options in the Consul section for more information (they are the - # same). - retry { - # ... - } - - # This section details the SSL options for connecting to the Vault server. - # Please see the SSL options in the Consul section for more information (they - # are the same). - ssl { - # ... - } -} - -# This block defines the configuration for connecting to a syslog server for -# logging. -syslog { - # This enables syslog logging. Specifying any other option also enables - # syslog logging. - enabled = true - - # This is the name of the syslog facility to log to. - facility = "LOCAL5" -} - -# This block defines the configuration for de-duplication mode. Please see the -# de-duplication mode documentation later in the README for more information -# on how de-duplication mode operates. -deduplicate { - # This enables de-duplication mode. Specifying any other options also enables - # de-duplication mode. - enabled = true - - # This is the prefix to the path in Consul's KV store where de-duplication - # templates will be pre-rendered and stored. - prefix = "consul-template/dedup/" -} - -# This block defines the configuration for exec mode. Please see the exec mode -# documentation at the bottom of this README for more information on how exec -# mode operates and the caveats of this mode. -exec { - # This is the command to exec as a child process. There can be only one - # command per Consul Template process. - command = "/usr/bin/app" - - # This is a random splay to wait before killing the command. The default - # value is 0 (no wait), but large clusters should consider setting a splay - # value to prevent all child processes from reloading at the same time when - # data changes occur. When this value is set to non-zero, Consul Template - # will wait a random period of time up to the splay value before reloading - # or killing the child process. This can be used to prevent the thundering - # herd problem on applications that do not gracefully reload. - splay = "5s" - - env { - # This specifies if the child process should not inherit the parent - # process's environment. By default, the child will have full access to the - # environment variables of the parent. Setting this to true will send only - # the values specified in `custom_env` to the child process. - pristine = false - - # This specifies additional custom environment variables in the form shown - # below to inject into the child's runtime environment. If a custom - # environment variable shares its name with a system environment variable, - # the custom environment variable takes precedence. Even if pristine, - # whitelist, or blacklist is specified, all values in this option - # are given to the child process. - custom = ["PATH=$PATH:/etc/myapp/bin"] - - # This specifies a list of environment variables to exclusively include in - # the list of environment variables exposed to the child process. If - # specified, only those environment variables matching the given patterns - # are exposed to the child process. These strings are matched using Go's - # glob function, so wildcards are permitted. - whitelist = ["CONSUL_*"] - - # This specifies a list of environment variables to exclusively prohibit in - # the list of environment variables exposed to the child process. If - # specified, any environment variables matching the given patterns will not - # be exposed to the child process, even if they are whitelisted. The values - # in this option take precedence over the values in the whitelist. - # These strings are matched using Go's glob function, so wildcards are - # permitted. - blacklist = ["VAULT_*"] - } - - # This defines the signal that will be sent to the child process when a - # change occurs in a watched template. The signal will only be sent after the - # process is started, and the process will only be started after all - # dependent templates have been rendered at least once. The default value is - # nil, which tells Consul Template to stop the child process and spawn a new - # one instead of sending it a signal. This is useful for legacy applications - # or applications that cannot properly reload their configuration without a - # full reload. - reload_signal = "" - - # This defines the signal sent to the child process when Consul Template is - # gracefully shutting down. The application should begin a graceful cleanup. - # If the application does not terminate before the `kill_timeout`, it will - # be terminated (effectively "kill -9"). The default value is "SIGTERM". - kill_signal = "SIGINT" - - # This defines the amount of time to wait for the child process to gracefully - # terminate when Consul Template exits. After this specified time, the child - # process will be force-killed (effectively "kill -9"). The default value is - # "30s". - kill_timeout = "2s" -} - -# This block defines the configuration for a template. Unlike other blocks, -# this block may be specified multiple times to configure multiple templates. -# It is also possible to configure templates via the CLI directly. -template { - # This is the source file on disk to use as the input template. This is often - # called the "Consul Template template". This option is required if not using - # the `contents` option. - source = "/path/on/disk/to/template.ctmpl" - - # This is the destination path on disk where the source template will render. - # If the parent directories do not exist, Consul Template will attempt to - # create them, unless create_dest_dirs is false. - destination = "/path/on/disk/where/template/will/render.txt" - - # This options tells Consul Template to create the parent directories of the - # destination path if they do not exist. The default value is true. - create_dest_dirs = true - - # This option allows embedding the contents of a template in the configuration - # file rather then supplying the `source` path to the template file. This is - # useful for short templates. This option is mutually exclusive with the - # `source` option. - contents = "{{ keyOrDefault \"service/redis/maxconns@east-aws\" \"5\" }}" - - # This is the optional command to run when the template is rendered. The - # command will only run if the resulting template changes. The command must - # return within 30s (configurable), and it must have a successful exit code. - # Consul Template is not a replacement for a process monitor or init system. - command = "restart service foo" - - # This is the maximum amount of time to wait for the optional command to - # return. Default is 30s. - command_timeout = "60s" - - # Exit with an error when accessing a struct or map field/key that does not - # exist. The default behavior will print "<no value>" when accessing a field - # that does not exist. It is highly recommended you set this to "true" when - # retrieving secrets from Vault. - error_on_missing_key = false - - # This is the permission to render the file. If this option is left - # unspecified, Consul Template will attempt to match the permissions of the - # file that already exists at the destination path. If no file exists at that - # path, the permissions are 0644. - perms = 0600 - - # This option backs up the previously rendered template at the destination - # path before writing a new one. It keeps exactly one backup. This option is - # useful for preventing accidental changes to the data without having a - # rollback strategy. - backup = true - - # These are the delimiters to use in the template. The default is "{{" and - # "}}", but for some templates, it may be easier to use a different delimiter - # that does not conflict with the output file itself. - left_delimiter = "{{" - right_delimiter = "}}" - - # This is the `minimum(:maximum)` to wait before rendering a new template to - # disk and triggering a command, separated by a colon (`:`). If the optional - # maximum value is omitted, it is assumed to be 4x the required minimum value. - # This is a numeric time with a unit suffix ("5s"). There is no default value. - # The wait value for a template takes precedence over any globally-configured - # wait. - wait { - min = "2s" - max = "10s" - } -} Copied: consul-template/repos/community-x86_64/consul-template.hcl (from rev 950303, consul-template/trunk/consul-template.hcl) =================================================================== --- consul-template.hcl (rev 0) +++ consul-template.hcl 2021-05-30 00:03:43 UTC (rev 950304) @@ -0,0 +1,350 @@ +# This denotes the start of the configuration section for Consul. All values +# contained in this section pertain to Consul. +consul { + # This block specifies the basic authentication information to pass with the + # request. For more information on authentication, please see the Consul + # documentation. + auth { + enabled = true + username = "test" + password = "test" + } + + # This is the address of the Consul agent. By default, this is + # 127.0.0.1:8500, which is the default bind and port for a local Consul + # agent. It is not recommended that you communicate directly with a Consul + # server, and instead communicate with the local Consul agent. There are many + # reasons for this, most importantly the Consul agent is able to multiplex + # connections to the Consul server and reduce the number of open HTTP + # connections. Additionally, it provides a "well-known" IP address for which + # clients can connect. + address = "127.0.0.1:8500" + + # This is the ACL token to use when connecting to Consul. If you did not + # enable ACLs on your Consul cluster, you do not need to set this option. + # + # This option is also available via the environment variable CONSUL_TOKEN. + token = "abcd1234" + + # This controls the retry behavior when an error is returned from Consul. + # Consul Template is highly fault tolerant, meaning it does not exit in the + # face of failure. Instead, it uses exponential back-off and retry functions + # to wait for the cluster to become available, as is customary in distributed + # systems. + retry { + # This enabled retries. Retries are enabled by default, so this is + # redundant. + enabled = true + + # This specifies the number of attempts to make before giving up. Each + # attempt adds the exponential backoff sleep time. Setting this to + # zero will implement an unlimited number of retries. + attempts = 12 + + # This is the base amount of time to sleep between retry attempts. Each + # retry sleeps for an exponent of 2 longer than this base. For 5 retries, + # the sleep times would be: 250ms, 500ms, 1s, 2s, then 4s. + backoff = "250ms" + + # This is the maximum amount of time to sleep between retry attempts. + # When max_backoff is set to zero, there is no upper limit to the + # exponential sleep between retry attempts. + # If max_backoff is set to 10s and backoff is set to 1s, sleep times + # would be: 1s, 2s, 4s, 8s, 10s, 10s, ... + max_backoff = "1m" + } + + # This block configures the SSL options for connecting to the Consul server. + ssl { + # This enables SSL. Specifying any option for SSL will also enable it. + enabled = true + + # This enables SSL peer verification. The default value is "true", which + # will check the global CA chain to make sure the given certificates are + # valid. If you are using a self-signed certificate that you have not added + # to the CA chain, you may want to disable SSL verification. However, please + # understand this is a potential security vulnerability. + verify = false + + # This is the path to the certificate to use to authenticate. If just a + # certificate is provided, it is assumed to contain both the certificate and + # the key to convert to an X509 certificate. If both the certificate and + # key are specified, Consul Template will automatically combine them into an + # X509 certificate for you. + cert = "/path/to/client/cert" + key = "/path/to/client/key" + + # This is the path to the certificate authority to use as a CA. This is + # useful for self-signed certificates or for organizations using their own + # internal certificate authority. + ca_cert = "/path/to/ca" + + # This is the path to a directory of PEM-encoded CA cert files. If both + # `ca_cert` and `ca_path` is specified, `ca_cert` is preferred. + ca_path = "path/to/certs/" + + # This sets the SNI server name to use for validation. + server_name = "my-server.com" + } +} + +# This is the signal to listen for to trigger a reload event. The default +# value is shown below. Setting this value to the empty string will cause CT +# to not listen for any reload signals. +reload_signal = "SIGHUP" + +# This is the signal to listen for to trigger a graceful stop. The default +# value is shown below. Setting this value to the empty string will cause CT +# to not listen for any graceful stop signals. +kill_signal = "SIGINT" + +# This is the maximum interval to allow "stale" data. By default, only the +# Consul leader will respond to queries; any requests to a follower will +# forward to the leader. In large clusters with many requests, this is not as +# scalable, so this option allows any follower to respond to a query, so long +# as the last-replicated data is within these bounds. Higher values result in +# less cluster load, but are more likely to have outdated data. +max_stale = "10m" + +# This is the log level. If you find a bug in Consul Template, please enable +# debug logs so we can help identify the issue. This is also available as a +# command line flag. +log_level = "warn" + +# This is the path to store a PID file which will contain the process ID of the +# Consul Template process. This is useful if you plan to send custom signals +# to the process. +pid_file = "/path/to/pid" + +# This is the quiescence timers; it defines the minimum and maximum amount of +# time to wait for the cluster to reach a consistent state before rendering a +# template. This is useful to enable in systems that have a lot of flapping, +# because it will reduce the the number of times a template is rendered. +wait { + min = "5s" + max = "10s" +} + +# This denotes the start of the configuration section for Vault. All values +# contained in this section pertain to Vault. +vault { + # This is the address of the Vault leader. The protocol (http(s)) portion + # of the address is required. + address = "https://vault.service.consul:8200" + + # This is the grace period between lease renewal of periodic secrets and secret + # re-acquisition. When renewing a secret, if the remaining lease is less than or + # equal to the configured grace, Consul Template will request a new credential. + # This prevents Vault from revoking the credential at expiration and Consul + # Template having a stale credential. + # + # Note: If you set this to a value that is higher than your default TTL or + # max TTL, Consul Template will always read a new secret! + grace = "5m" + + # This is the token to use when communicating with the Vault server. + # Like other tools that integrate with Vault, Consul Template makes the + # assumption that you provide it with a Vault token; it does not have the + # incorporated logic to generate tokens via Vault's auth methods. + # + # This value can also be specified via the environment variable VAULT_TOKEN. + token = "abcd1234" + + # This tells Consul Template that the provided token is actually a wrapped + # token that should be unwrapped using Vault's cubbyhole response wrapping + # before being used. Please see Vault's cubbyhole response wrapping + # documentation for more information. + unwrap_token = true + + # This option tells Consul Template to automatically renew the Vault token + # given. If you are unfamiliar with Vault's architecture, Vault requires + # tokens be renewed at some regular interval or they will be revoked. Consul + # Template will automatically renew the token at half the lease duration of + # the token. The default value is true, but this option can be disabled if + # you want to renew the Vault token using an out-of-band process. + # + # Note that secrets specified in a template (using {{secret}} for example) + # are always renewed, even if this option is set to false. This option only + # applies to the top-level Vault token itself. + renew_token = true + + # This section details the retry options for connecting to Vault. Please see + # the retry options in the Consul section for more information (they are the + # same). + retry { + # ... + } + + # This section details the SSL options for connecting to the Vault server. + # Please see the SSL options in the Consul section for more information (they + # are the same). + ssl { + # ... + } +} + +# This block defines the configuration for connecting to a syslog server for +# logging. +syslog { + # This enables syslog logging. Specifying any other option also enables + # syslog logging. + enabled = true + + # This is the name of the syslog facility to log to. + facility = "LOCAL5" +} + +# This block defines the configuration for de-duplication mode. Please see the +# de-duplication mode documentation later in the README for more information +# on how de-duplication mode operates. +deduplicate { + # This enables de-duplication mode. Specifying any other options also enables + # de-duplication mode. + enabled = true + + # This is the prefix to the path in Consul's KV store where de-duplication + # templates will be pre-rendered and stored. + prefix = "consul-template/dedup/" +} + +# This block defines the configuration for exec mode. Please see the exec mode +# documentation at the bottom of this README for more information on how exec +# mode operates and the caveats of this mode. +exec { + # This is the command to exec as a child process. There can be only one + # command per Consul Template process. + command = "/usr/bin/app" + + # This is a random splay to wait before killing the command. The default + # value is 0 (no wait), but large clusters should consider setting a splay + # value to prevent all child processes from reloading at the same time when + # data changes occur. When this value is set to non-zero, Consul Template + # will wait a random period of time up to the splay value before reloading + # or killing the child process. This can be used to prevent the thundering + # herd problem on applications that do not gracefully reload. + splay = "5s" + + env { + # This specifies if the child process should not inherit the parent + # process's environment. By default, the child will have full access to the + # environment variables of the parent. Setting this to true will send only + # the values specified in `custom_env` to the child process. + pristine = false + + # This specifies additional custom environment variables in the form shown + # below to inject into the child's runtime environment. If a custom + # environment variable shares its name with a system environment variable, + # the custom environment variable takes precedence. Even if pristine, + # whitelist, or blacklist is specified, all values in this option + # are given to the child process. + custom = ["PATH=$PATH:/etc/myapp/bin"] + + # This specifies a list of environment variables to exclusively include in + # the list of environment variables exposed to the child process. If + # specified, only those environment variables matching the given patterns + # are exposed to the child process. These strings are matched using Go's + # glob function, so wildcards are permitted. + whitelist = ["CONSUL_*"] + + # This specifies a list of environment variables to exclusively prohibit in + # the list of environment variables exposed to the child process. If + # specified, any environment variables matching the given patterns will not + # be exposed to the child process, even if they are whitelisted. The values + # in this option take precedence over the values in the whitelist. + # These strings are matched using Go's glob function, so wildcards are + # permitted. + blacklist = ["VAULT_*"] + } + + # This defines the signal that will be sent to the child process when a + # change occurs in a watched template. The signal will only be sent after the + # process is started, and the process will only be started after all + # dependent templates have been rendered at least once. The default value is + # nil, which tells Consul Template to stop the child process and spawn a new + # one instead of sending it a signal. This is useful for legacy applications + # or applications that cannot properly reload their configuration without a + # full reload. + reload_signal = "" + + # This defines the signal sent to the child process when Consul Template is + # gracefully shutting down. The application should begin a graceful cleanup. + # If the application does not terminate before the `kill_timeout`, it will + # be terminated (effectively "kill -9"). The default value is "SIGTERM". + kill_signal = "SIGINT" + + # This defines the amount of time to wait for the child process to gracefully + # terminate when Consul Template exits. After this specified time, the child + # process will be force-killed (effectively "kill -9"). The default value is + # "30s". + kill_timeout = "2s" +} + +# This block defines the configuration for a template. Unlike other blocks, +# this block may be specified multiple times to configure multiple templates. +# It is also possible to configure templates via the CLI directly. +template { + # This is the source file on disk to use as the input template. This is often + # called the "Consul Template template". This option is required if not using + # the `contents` option. + source = "/path/on/disk/to/template.ctmpl" + + # This is the destination path on disk where the source template will render. + # If the parent directories do not exist, Consul Template will attempt to + # create them, unless create_dest_dirs is false. + destination = "/path/on/disk/where/template/will/render.txt" + + # This options tells Consul Template to create the parent directories of the + # destination path if they do not exist. The default value is true. + create_dest_dirs = true + + # This option allows embedding the contents of a template in the configuration + # file rather then supplying the `source` path to the template file. This is + # useful for short templates. This option is mutually exclusive with the + # `source` option. + contents = "{{ keyOrDefault \"service/redis/maxconns@east-aws\" \"5\" }}" + + # This is the optional command to run when the template is rendered. The + # command will only run if the resulting template changes. The command must + # return within 30s (configurable), and it must have a successful exit code. + # Consul Template is not a replacement for a process monitor or init system. + command = "restart service foo" + + # This is the maximum amount of time to wait for the optional command to + # return. Default is 30s. + command_timeout = "60s" + + # Exit with an error when accessing a struct or map field/key that does not + # exist. The default behavior will print "<no value>" when accessing a field + # that does not exist. It is highly recommended you set this to "true" when + # retrieving secrets from Vault. + error_on_missing_key = false + + # This is the permission to render the file. If this option is left + # unspecified, Consul Template will attempt to match the permissions of the + # file that already exists at the destination path. If no file exists at that + # path, the permissions are 0644. + perms = 0600 + + # This option backs up the previously rendered template at the destination + # path before writing a new one. It keeps exactly one backup. This option is + # useful for preventing accidental changes to the data without having a + # rollback strategy. + backup = true + + # These are the delimiters to use in the template. The default is "{{" and + # "}}", but for some templates, it may be easier to use a different delimiter + # that does not conflict with the output file itself. + left_delimiter = "{{" + right_delimiter = "}}" + + # This is the `minimum(:maximum)` to wait before rendering a new template to + # disk and triggering a command, separated by a colon (`:`). If the optional + # maximum value is omitted, it is assumed to be 4x the required minimum value. + # This is a numeric time with a unit suffix ("5s"). There is no default value. + # The wait value for a template takes precedence over any globally-configured + # wait. + wait { + min = "2s" + max = "10s" + } +} Deleted: consul-template.service =================================================================== --- consul-template.service 2021-05-30 00:03:37 UTC (rev 950303) +++ consul-template.service 2021-05-30 00:03:43 UTC (rev 950304) @@ -1,12 +0,0 @@ -[Unit] -Description=template rendering, notifier, and supervisor for HashiCorp Consul and Vault data -Documentation=https://github.com/hashicorp/consul-template -After=vault.service consul.service - -[Service] -ExecStart=/usr/bin/consul-template -config /etc/consul-template/config.hcl -ExecReload=/usr/bin/kill -HUP $MAINPID -KillSignal=SIGINT - -[Install] -WantedBy=multi-user.target Copied: consul-template/repos/community-x86_64/consul-template.service (from rev 950303, consul-template/trunk/consul-template.service) =================================================================== --- consul-template.service (rev 0) +++ consul-template.service 2021-05-30 00:03:43 UTC (rev 950304) @@ -0,0 +1,12 @@ +[Unit] +Description=template rendering, notifier, and supervisor for HashiCorp Consul and Vault data +Documentation=https://github.com/hashicorp/consul-template +After=vault.service consul.service + +[Service] +ExecStart=/usr/bin/consul-template -config /etc/consul-template/config.hcl +ExecReload=/usr/bin/kill -HUP $MAINPID +KillSignal=SIGINT + +[Install] +WantedBy=multi-user.target