consul-templaterb 1.26.3 → 1.28.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +65 -27
- data/README.md +19 -4
- data/TemplateAPI.md +9 -0
- data/bin/consul-templaterb +52 -6
- data/lib/consul/async/consul_endpoint.rb +19 -3
- data/lib/consul/async/consul_template.rb +26 -8
- data/lib/consul/async/consul_template_render.rb +1 -1
- data/lib/consul/async/json_endpoint.rb +15 -2
- data/lib/consul/async/process_handler.rb +7 -1
- data/lib/consul/async/vault_endpoint.rb +16 -2
- data/lib/consul/async/version.rb +1 -1
- data/samples/checks_in_warning_or_critical_state.yaml.erb +13 -0
- data/samples/consul-ui/css/style.css +4 -0
- data/samples/consul-ui/js/nodes.js +1 -1
- data/samples/consul-ui/js/service.js +1 -1
- data/samples/consul-ui/js/utils.js +45 -20
- data/samples/display_timestamped_changes.txt.erb +17 -0
- data/samples/prometheus_datacenter_coordinates.erb +56 -0
- metadata +35 -51
- data/.gitignore +0 -41
- data/.rspec +0 -2
- data/.rubocop.yml +0 -57
- data/.ruby_app +0 -0
- data/.travis.yml +0 -19
- data/CODE_OF_CONDUCT.md +0 -76
- data/CONTRIBUTING.md +0 -25
- data/Dockerfile +0 -15
- data/Gemfile +0 -5
- data/INTERNALS.md +0 -49
- data/LICENSE.txt +0 -201
- data/Rakefile +0 -8
- data/consul-templaterb.gemspec +0 -42
- data/docker-nginx-conf/nginx.conf +0 -27
- data/docs/article-06_Template-based_discovery_with_consul-templaterb.md +0 -124
- data/docs/images/consul-templaterb.png +0 -0
- data/docs/images/consul-templaterb.svg +0 -3
- data/docs/images/consul-ui_001.png +0 -0
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: ca62994383929bd3874db5527f85efeaaf184fdb83b8f3b17e05fbadbfbbc90a
|
4
|
+
data.tar.gz: e878ff880557ffdfd8db6e5cb900a19e8191d4db11ba28fa0b4e7bbe9b1b9240
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 62afc852ef61329a30bba3a67f43ed372130d9a87cd1afce559b5f88f9aa0a6db336c84c63b173eaa96896e8c9088686cfa37f10d540cd91c80ca2fb976b00b3
|
7
|
+
data.tar.gz: 4a02aa15f2d4f95e5d144e916bf6a51190a90756e134456aece5b4afbf7ba106e150faeb8cf7b0e09ff27f1f61b237c47dd11f236299d922a519e91b019e3705
|
data/CHANGELOG.md
CHANGED
@@ -2,19 +2,57 @@
|
|
2
2
|
|
3
3
|
## (UNRELEASED)
|
4
4
|
|
5
|
+
## 1.28.1 (Sept 30,, 2020)
|
6
|
+
|
7
|
+
IMPROVEMENTS:
|
8
|
+
|
9
|
+
* Reduced size of GEM from 400k o 100k by removing not needed files
|
10
|
+
|
11
|
+
## 1.28.0 (Sept 25, 2020)
|
12
|
+
|
13
|
+
NEW FEATURES:
|
14
|
+
|
15
|
+
* Added `-W` or `--wait-between-reload-signal` to avoid sending too many signals
|
16
|
+
to a process executed. This avoids for instance reloading too much a HAProxy configuration
|
17
|
+
without having to play with `-w` as described in [#69](https://github.com/criteo/consul-templaterb/issues/69)
|
18
|
+
|
19
|
+
BUG FIXES:
|
20
|
+
|
21
|
+
* Removed warnings at runtime with Ruby 2.7+
|
22
|
+
* Minor JS fix in Consul-UI (Added missing unused parameter to function `serviceTitleGenerator`)
|
23
|
+
|
24
|
+
## 1.27.2 (Sept 4, 2020)
|
25
|
+
|
26
|
+
IMPROVEMENTS:
|
27
|
+
|
28
|
+
* Consul-UI now supports navigation between nodes and services in both ways
|
29
|
+
|
30
|
+
## 1.27.1 (July 28, 2020)
|
31
|
+
|
32
|
+
BUGIX:
|
33
|
+
|
34
|
+
* Fix collision in JSON queries when using payload in requests [#68](https://github.com/criteo/consul-templaterb/pull/68)
|
35
|
+
|
36
|
+
## 1.27.0 (June 5, 2020)
|
37
|
+
|
5
38
|
NEW FEATURES:
|
6
39
|
|
40
|
+
* For Consul 1.7+, now support `checks_in_state(check_state, dc: nil, [agent: consul_agent_address])`,
|
41
|
+
fixes feature [#65](https://github.com/criteo/consul-templaterb/issues/65)
|
42
|
+
* New options to support/disable TLS validation thanks to [@jeromegn](https://github.com/jeromegn)
|
43
|
+
[#66](https://github.com/criteo/consul-templaterb/pull/66)
|
44
|
+
|
7
45
|
## 1.26.3 (April 15, 2020)
|
8
46
|
|
9
|
-
|
47
|
+
BUG FIXES:
|
10
48
|
|
11
49
|
* Removed all Criteo specific decorators from Consul-UI
|
12
50
|
|
13
51
|
## 1.26.2 (April 15, 2020)
|
14
52
|
|
15
|
-
|
53
|
+
BUG FIXES:
|
16
54
|
|
17
|
-
* Fixed broken Dockerfile (was missing the new `decorator.js.erb` file). Fixes #61 (Thanks to @
|
55
|
+
* Fixed broken Dockerfile (was missing the new `decorator.js.erb` file). Fixes #61 (Thanks to [@simongareste](https://github.com/simongareste))
|
18
56
|
|
19
57
|
NEW FEATURES:
|
20
58
|
|
@@ -22,7 +60,7 @@ NEW FEATURES:
|
|
22
60
|
|
23
61
|
## 1.26.1 (March 27, 2020)
|
24
62
|
|
25
|
-
|
63
|
+
BUG FIXES:
|
26
64
|
|
27
65
|
* Using `agent: http://vault_or_consul_agent:port>` was not properly taken into account in some endpoints
|
28
66
|
|
@@ -40,7 +78,7 @@ NEW FEATURES:
|
|
40
78
|
|
41
79
|
## 1.25.2 (February 29, 2020)
|
42
80
|
|
43
|
-
|
81
|
+
BUG FIXES:
|
44
82
|
|
45
83
|
* Update rake to 12.3.3 to fix [CVE-2020-8130](https://github.com/advisories/GHSA-jppv-gw3r-w3q8)
|
46
84
|
|
@@ -59,7 +97,7 @@ NEW FEATURES:
|
|
59
97
|
|
60
98
|
## 1.24.1 (February 19, 2020)
|
61
99
|
|
62
|
-
|
100
|
+
BUG FIXES:
|
63
101
|
|
64
102
|
* Properly set service meta in node meta decorator
|
65
103
|
|
@@ -76,7 +114,7 @@ NEW FEATURES:
|
|
76
114
|
* Implementation of #59 - implementation of `--retry` and `--vault-retry` new flags
|
77
115
|
Those flags work in a similar way as in consul-template: stop program after X failures
|
78
116
|
of consul or vault endpoints
|
79
|
-
* Added
|
117
|
+
* Added `--fail-fast` that stop the programs immediately if vault or consul are not available
|
80
118
|
at startup (also works with `--once`)
|
81
119
|
|
82
120
|
## 1.22.0 (January 17, 2020)
|
@@ -87,7 +125,7 @@ NEW FEATURES:
|
|
87
125
|
|
88
126
|
## 1.21.8 (January 2, 2020)
|
89
127
|
|
90
|
-
|
128
|
+
BUG FIXES:
|
91
129
|
|
92
130
|
* Escape properly metadata containing double quotes in prometheus exporter
|
93
131
|
|
@@ -101,13 +139,13 @@ IMPROVEMENTS:
|
|
101
139
|
|
102
140
|
IMPROVEMENTS:
|
103
141
|
|
104
|
-
* Added node_meta_info for serviceInstanceDecorator and serviceMetaDecorator
|
142
|
+
* Added `node_meta_info` for `serviceInstanceDecorator` and `serviceMetaDecorator` in Consul-UI
|
105
143
|
|
106
144
|
## 1.21.5 (December 6, 2019)
|
107
145
|
|
108
146
|
NEW FEATURES:
|
109
147
|
|
110
|
-
* Added clean() method in nodes.js to allow
|
148
|
+
* Added `clean()` method in nodes.js to allow new behaviors
|
111
149
|
|
112
150
|
## 1.21.4 (November 28, 2019)
|
113
151
|
|
@@ -138,7 +176,7 @@ IMPROVEMENTS:
|
|
138
176
|
## 1.21.0 (November 21, 2019)
|
139
177
|
|
140
178
|
* added function `templates` to list all templates being rendered
|
141
|
-
* added support for JS decorators in consul-ui (thanks to @Thib17)
|
179
|
+
* added support for JS decorators in consul-ui (thanks to [@Thib17](https://github.com/Thib17))
|
142
180
|
|
143
181
|
## 1.20.0 (October 16, 2019)
|
144
182
|
|
@@ -157,7 +195,7 @@ NEW FEATURES:
|
|
157
195
|
|
158
196
|
* Added new function `checks_for_node`
|
159
197
|
|
160
|
-
|
198
|
+
BUG FIXES:
|
161
199
|
|
162
200
|
* Avoid try publishing several times Gem on rubygems.org
|
163
201
|
|
@@ -179,13 +217,13 @@ IMPROVEMENTS:
|
|
179
217
|
|
180
218
|
## 1.18.3 (September 2, 2019)
|
181
219
|
|
182
|
-
|
220
|
+
BUG FIXES:
|
183
221
|
|
184
222
|
* When vault receives at timeout, correctly reschedule it
|
185
223
|
|
186
224
|
## 1.18.2 (August 28, 2019)
|
187
225
|
|
188
|
-
|
226
|
+
BUG FIXES:
|
189
227
|
|
190
228
|
* In Consul UI, showing data from KV with markup was not properly handled
|
191
229
|
|
@@ -201,7 +239,7 @@ Support any request method for remote_resource.as_json (#41)
|
|
201
239
|
|
202
240
|
## 1.18.1 (July 27, 2019)
|
203
241
|
|
204
|
-
|
242
|
+
BUG FIXES:
|
205
243
|
|
206
244
|
Fixed wrong lazy initialization in `remote_resource.as_json` that
|
207
245
|
cause too many connections to be opened.
|
@@ -210,13 +248,13 @@ cause too many connections to be opened.
|
|
210
248
|
|
211
249
|
NEW FEATURES:
|
212
250
|
|
213
|
-
* Support for `remote_resource` provided by @kamaradclimber
|
251
|
+
* Support for `remote_resource` provided by [@kamaradclimber](https://github.com/kamaradclimber)
|
214
252
|
* Added support for `remote_resource.as_json` to fetch JSON remote resource from a web server
|
215
253
|
* Added `samples/list_ruby_versions_from_rubygems.txt.erb` to demonstrate usage
|
216
254
|
|
217
255
|
## 1.17.3 (July 18, 2019)
|
218
256
|
|
219
|
-
|
257
|
+
BUG FIXES:
|
220
258
|
|
221
259
|
* Added gem parallel as a dependency to allow `samples/prometheus_consul_coordinates.erb`
|
222
260
|
to work properly
|
@@ -341,7 +379,7 @@ NEW FEATURES:
|
|
341
379
|
|
342
380
|
## 1.10.1 (February 28, 2019)
|
343
381
|
|
344
|
-
|
382
|
+
BUG FIXES:
|
345
383
|
|
346
384
|
* Ensure that timeline sort properly events when healthchecks are removed (eg: maintenance)
|
347
385
|
|
@@ -364,7 +402,7 @@ IMPROVEMENTS:
|
|
364
402
|
|
365
403
|
## 1.9.8 (January 16, 2019)
|
366
404
|
|
367
|
-
|
405
|
+
BUG FIXES:
|
368
406
|
|
369
407
|
* When default value was the same as real value, endpoints were always marked as
|
370
408
|
dirty, thus rendering of templates did never succeed.
|
@@ -380,7 +418,7 @@ IMPROVEMENTS:
|
|
380
418
|
|
381
419
|
## 1.9.6 (January 15, 2019)
|
382
420
|
|
383
|
-
|
421
|
+
BUG FIXES:
|
384
422
|
|
385
423
|
* Keep connections open properly as it increase timeouts on Consul servers on
|
386
424
|
very large templates
|
@@ -391,7 +429,7 @@ IMPROVEMENTS:
|
|
391
429
|
|
392
430
|
## 1.9.5 (January 14, 2019)
|
393
431
|
|
394
|
-
|
432
|
+
BUG FIXES:
|
395
433
|
|
396
434
|
* Ensure to always re-open Connection to Consul agent in case of network error
|
397
435
|
|
@@ -441,11 +479,11 @@ IMPROVEMENTS:
|
|
441
479
|
|
442
480
|
OPTIMIZATIONS:
|
443
481
|
|
444
|
-
* Better network
|
482
|
+
* Better network usage because of X-Consul-Index parsing bug
|
445
483
|
|
446
|
-
|
484
|
+
BUG FIXES:
|
447
485
|
|
448
|
-
* value.endpoint.x_consul_index now works as expected
|
486
|
+
* `value.endpoint.x_consul_index` now works as expected
|
449
487
|
|
450
488
|
IMPROVEMENTS:
|
451
489
|
|
@@ -485,7 +523,7 @@ NEW FEATURES:
|
|
485
523
|
|
486
524
|
## 1.8.1 (December 12, 2018)
|
487
525
|
|
488
|
-
|
526
|
+
BUG FIXES:
|
489
527
|
|
490
528
|
* Properly fill `template_info` strtucture when hot reload is performed so templates using
|
491
529
|
`template_info()` new function can behave nicely.
|
@@ -594,8 +632,8 @@ IMPROVEMENTS:
|
|
594
632
|
* [Prometheus template](samples/metrics.erb) to export easily Consul
|
595
633
|
informations about nodes, datacenters and all services states
|
596
634
|
* Code style cleanup + travis now enforces Rubocop
|
597
|
-
* Remove criteo references in spec files thanks to @pierrecdn
|
598
|
-
* Bitrate display more consistent thanks to @pierrecdn
|
635
|
+
* Remove criteo references in spec files thanks to [@pierrecdn](https://github.com/pierrecdn)
|
636
|
+
* Bitrate display more consistent thanks to [@pierrecdn](https://github.com/pierrecdn)
|
599
637
|
|
600
638
|
## 1.5.3 (September 24, 2018)
|
601
639
|
|
data/README.md
CHANGED
@@ -165,9 +165,19 @@ USAGE: consul-templaterb [[options]]
|
|
165
165
|
-f, --[no-]fail-fast If consul/vault endpoints fail at startup, fail immediately
|
166
166
|
-g, --no-gzip-compression Disable GZIP compression in HTTP requests
|
167
167
|
-c, --consul-addr=<address> Address of Consul, eg: http://localhost:8500
|
168
|
+
--consul-cert-chain=<path/to/cert_chain>
|
169
|
+
Path to Consul TLS client certificate chain to use
|
170
|
+
--consul-private-key=<path/to/private_key>
|
171
|
+
Path to Consul TLS client private key to use
|
172
|
+
--skip-consul-verify-tls Skip verifying Consul TLS via certificate authority (DANGEROUS)
|
168
173
|
-l, --log-level=<log_level> Log level, default=info, any of none|error|info|debug
|
169
174
|
--consul-token=<token> Use a token to connect to Consul
|
170
175
|
-V, --vault-addr=<address> Address of Vault, eg: http://localhost:8200
|
176
|
+
--vault-cert-chain=<path/to/cert_chain>
|
177
|
+
Path to Vault TLS client certificate chain to use
|
178
|
+
--vault-private-key=<path/to/private_key>
|
179
|
+
Path to Vault TLS client private key to use
|
180
|
+
--skip-vault-verify-tls Skip verifying Vault TLS via certificate authority (DANGEROUS)
|
171
181
|
--vault-token=<token> Token used to authenticate against vault.
|
172
182
|
--[no-]vault-renew Control auto-renewal of the Vault token. Default: activated
|
173
183
|
--vault-retry, --vault-retry-attempts [RETRIES]
|
@@ -178,10 +188,11 @@ USAGE: consul-templaterb [[options]]
|
|
178
188
|
-r, --retry-delay=<min_duration> Min Retry delay on Error/Missing Consul Index
|
179
189
|
-k, --hot-reload=<behavior> Control hot reload behaviour, one of :[die (kill daemon on hot reload failure), keep (on error, keep running), disable (hot reload disabled)]
|
180
190
|
-K, --sig-term=kill_signal Signal to send to next --exec command on kill, default=TERM
|
191
|
+
-M, --debug-memory-usage Display messages when RAM grows
|
181
192
|
-T, --trim-mode=trim_mode ERB Trim mode to use (- by default)
|
182
193
|
-R, --sig-reload=reload_signal Signal to send to next --exec command on reload (NONE supported), default=HUP
|
183
|
-
-
|
184
|
-
-e, --exec=<command> Execute the following command
|
194
|
+
-W, --wait-signal=min_duration Wait at least n seconds before each reload signal being sent to next --exec process
|
195
|
+
-e, --exec=<command> Execute the following command in as a subprocess when all templates are ready
|
185
196
|
-d, --debug-network-usage Debug the network usage
|
186
197
|
-t erb_file:[output]:[command]:[params_file],
|
187
198
|
--template Add a erb template, its output and optional reload command
|
@@ -235,7 +246,11 @@ nor write the file.
|
|
235
246
|
Signals can be customized per process. Two signals are supported with options `--sig-reload` and
|
236
247
|
`--sig-term`. When the option is added, the next `--exec` options to start a process will use the
|
237
248
|
given signal. By default, HUP will be sent to reload events (you can use NONE to avoid sending any
|
238
|
-
reload signal), TERM will be used when leaving consul-templaterb.
|
249
|
+
reload signal), TERM will be used when leaving consul-templaterb. A minimum duration between reload
|
250
|
+
signals can be specified for each sub process by prepending `--wait-signal=min_duration` to `--exec`
|
251
|
+
command.
|
252
|
+
In such case, the signal will be sent every `min_duration` as a maximum (very useful for templates
|
253
|
+
changing a lot, but you don't want to trigger too many reloads, for instance for a load-balancer).
|
239
254
|
|
240
255
|
### Bandwidth limitation
|
241
256
|
|
@@ -332,7 +347,7 @@ Please consult [CHANGELOG.md](CHANGELOG.md) for fixed bugs.
|
|
332
347
|
|
333
348
|
## TODO
|
334
349
|
|
335
|
-
* [x] Hashi's Vault support
|
350
|
+
* [x] Hashi's Vault support
|
336
351
|
* [ ] Implement automatic dynamic rate limit
|
337
352
|
* [x] More samples: apache, nginx, a full website displaying consul information...
|
338
353
|
* [x] Optimize rendering speed at start-up: an iteration is done every second by default, but it would be possible to speed
|
data/TemplateAPI.md
CHANGED
@@ -388,6 +388,15 @@ name or its ID. If DC is specified, will lookup for given node in another datace
|
|
388
388
|
|
389
389
|
[Find all the checks](https://www.consul.io/api/health.html#list-checks-for-service) of a given service.
|
390
390
|
|
391
|
+
## checks_in_state(check_state, dc: nil, [agent: consul_agent_address])
|
392
|
+
|
393
|
+
[Find all the checks in a given state](https://www.consul.io/api-docs/health#list-checks-in-state) in the whole cluster.
|
394
|
+
|
395
|
+
The filter check_state must be one of any|critical|warning|passing.
|
396
|
+
|
397
|
+
Warning: this endpoint might be very frequently updated in a
|
398
|
+
large cluster if you are using `any` value. This endpoint is supported with Consul 1.7+.
|
399
|
+
|
391
400
|
## kv(name, [dc: nil], [keys: false], [recurse: false], [agent: consul_agent_address])
|
392
401
|
|
393
402
|
[Read keys from KV Store](https://www.consul.io/api/kv.html#read-key). It can be used for both listing the keys and
|
data/bin/consul-templaterb
CHANGED
@@ -28,6 +28,9 @@ options = {
|
|
28
28
|
},
|
29
29
|
base_url: ENV['VAULT_ADDR'] || 'http://localhost:8200',
|
30
30
|
token: ENV['VAULT_TOKEN'] || nil,
|
31
|
+
tls_cert_chain: ENV['VAULT_CLIENT_CERT'] || nil,
|
32
|
+
tls_private_key: ENV['VAULT_CLIENT_KEY'] || nil,
|
33
|
+
tls_verify_peer: true,
|
31
34
|
max_consecutive_errors_on_endpoint: 10, # Stop program after n consecutive failures on same endpoint
|
32
35
|
fail_fast_errors: nil, # fail fast the program if endpoint was never success
|
33
36
|
token_renew: true,
|
@@ -48,6 +51,9 @@ options = {
|
|
48
51
|
},
|
49
52
|
base_url: ENV['CONSUL_HTTP_ADDR'] || 'http://localhost:8500',
|
50
53
|
token: ENV['CONSUL_HTTP_TOKEN'] || nil,
|
54
|
+
tls_cert_chain: ENV['CONSUL_CLIENT_CERT'] || nil,
|
55
|
+
tls_private_key: ENV['CONSUL_CLIENT_KEY'] || nil,
|
56
|
+
tls_verify_peer: true,
|
51
57
|
max_consecutive_errors_on_endpoint: 10, # Stop program after n consecutive failures on same endpoint
|
52
58
|
fail_fast_errors: nil, # fail fast the program if endpoint was never success
|
53
59
|
retry_duration: 10, # On error, retry after n seconds
|
@@ -88,6 +94,7 @@ consul_engine = Consul::Async::ConsulTemplateEngine.new
|
|
88
94
|
@programs = {}
|
89
95
|
cur_sig_reload = 'HUP'.freeze
|
90
96
|
cur_sig_term = 'TERM'.freeze
|
97
|
+
cur_min_duration_between_signals = 1
|
91
98
|
|
92
99
|
optparse = OptionParser.new do |opts|
|
93
100
|
opts.banner = usage_text
|
@@ -122,6 +129,18 @@ optparse = OptionParser.new do |opts|
|
|
122
129
|
options[:consul][:base_url] = consul_url
|
123
130
|
end
|
124
131
|
|
132
|
+
opts.on('--consul-cert-chain=<path/to/cert_chain>', String, 'Path to Consul TLS client certificate chain to use') do |consul_client_cert|
|
133
|
+
options[:consul][:tls_cert_chain] = consul_client_cert
|
134
|
+
end
|
135
|
+
|
136
|
+
opts.on('--consul-private-key=<path/to/private_key>', String, 'Path to Consul TLS client private key to use') do |consul_client_key|
|
137
|
+
options[:consul][:tls_private_key] = consul_client_key
|
138
|
+
end
|
139
|
+
|
140
|
+
opts.on('--skip-consul-verify-tls', 'Skip verifying Consul TLS via certificate authority (DANGEROUS)') do
|
141
|
+
options[:consul][:tls_verify_peer] = false
|
142
|
+
end
|
143
|
+
|
125
144
|
opts.on('-l', '--log-level=<log_level>', String, "Log level, default=info, any of #{::Consul::Async::Debug.levels.join('|')}") do |log_level|
|
126
145
|
::Consul::Async::Debug.level = log_level
|
127
146
|
end
|
@@ -134,6 +153,18 @@ optparse = OptionParser.new do |opts|
|
|
134
153
|
options[:vault][:base_url] = vault_url
|
135
154
|
end
|
136
155
|
|
156
|
+
opts.on('--vault-cert-chain=<path/to/cert_chain>', String, 'Path to Vault TLS client certificate chain to use') do |vault_client_cert|
|
157
|
+
options[:vault][:tls_cert_chain] = vault_client_cert
|
158
|
+
end
|
159
|
+
|
160
|
+
opts.on('--vault-private-key=<path/to/private_key>', String, 'Path to Vault TLS client private key to use') do |vault_client_key|
|
161
|
+
options[:vault][:tls_private_key] = vault_client_key
|
162
|
+
end
|
163
|
+
|
164
|
+
opts.on('--skip-vault-verify-tls', 'Skip verifying Vault TLS via certificate authority (DANGEROUS)') do
|
165
|
+
options[:vault][:tls_verify_peer] = false
|
166
|
+
end
|
167
|
+
|
137
168
|
opts.on('-T', '--vault-token=<token>', String, 'Token used to authenticate against vault.') do |vault_token|
|
138
169
|
options[:vault][:token] = vault_token
|
139
170
|
end
|
@@ -185,6 +216,10 @@ optparse = OptionParser.new do |opts|
|
|
185
216
|
cur_sig_term = compute_signal(sig, nil)
|
186
217
|
end
|
187
218
|
|
219
|
+
opts.on('-M', '--debug-memory-usage', 'Display messages when RAM grows') do
|
220
|
+
consul_engine.debug_memory = true
|
221
|
+
end
|
222
|
+
|
188
223
|
opts.on('-T', '--trim-mode=trim_mode', String,
|
189
224
|
"ERB Trim mode to use (#{options[:erb][:trim_mode]} by default)") do |trim_mode|
|
190
225
|
options[:erb][:trim_mode] = trim_mode
|
@@ -195,25 +230,36 @@ optparse = OptionParser.new do |opts|
|
|
195
230
|
cur_sig_reload = compute_signal(sig, 'NONE')
|
196
231
|
end
|
197
232
|
|
198
|
-
opts.on('-
|
199
|
-
|
233
|
+
opts.on('-W', '--wait-signal=min_duration', Float, 'Wait at least n seconds before each reload signal being sent to next --exec process') do |min_duration|
|
234
|
+
raise "-wait-between-reload-signal=#{min_duration} must be greater than 0" unless min_duration.positive?
|
235
|
+
|
236
|
+
cur_min_duration_between_signals = min_duration
|
200
237
|
end
|
201
238
|
|
202
|
-
opts.on('-e', '--exec=<command>', String, 'Execute the following command') do |cmd|
|
239
|
+
opts.on('-e', '--exec=<command>', String, 'Execute the following command in as a subprocess when all templates are ready') do |cmd|
|
203
240
|
sig_reload = cur_sig_reload
|
204
241
|
sig_term = cur_sig_term
|
242
|
+
sig_min_interval = cur_min_duration_between_signals
|
205
243
|
consul_engine.add_template_callback do |all_ready, template_manager, results|
|
206
244
|
if all_ready
|
207
245
|
modified = results.any?(&:modified)
|
208
246
|
if @programs[cmd].nil?
|
209
|
-
warn "[EXEC] Starting process: #{cmd}... on_reload=#{sig_reload || 'NONE'} on_term=#{sig_term}"
|
247
|
+
warn "[EXEC] Starting process: #{cmd}... on_reload=#{sig_reload || 'NONE'} on_term=#{sig_term}, delay between reloads=#{sig_min_interval}s"
|
210
248
|
@programs[cmd] = Consul::Async::ProcessHandler.new(cmd, sig_reload: sig_reload, sig_term: sig_term)
|
211
249
|
@programs[cmd].start
|
212
250
|
else
|
251
|
+
|
213
252
|
# At least one template has been modified
|
214
|
-
@programs[cmd]
|
253
|
+
process_to_reload = @programs[cmd]
|
254
|
+
if modified && !process_to_reload.reload_scheduled
|
255
|
+
process_to_reload.reload_scheduled = true
|
256
|
+
now = Time.now
|
257
|
+
delay = sig_min_interval - (now - @programs[cmd].last_signal_sent)
|
258
|
+
delay = 0 if delay.negative?
|
259
|
+
EventMachine.add_timer(delay) { process_to_reload.reload }
|
260
|
+
end
|
215
261
|
begin
|
216
|
-
|
262
|
+
process_to_reload.process_status
|
217
263
|
rescue Consul::Async::ProcessDoesNotExist => e
|
218
264
|
warn "[FATAL] The process is dead, aborting run: #{e.inspect}"
|
219
265
|
template_manager.terminate
|
@@ -9,7 +9,7 @@ module Consul
|
|
9
9
|
class ConsulConfiguration
|
10
10
|
attr_reader :base_url, :token, :retry_duration, :min_duration, :wait_duration, :max_retry_duration, :retry_on_non_diff,
|
11
11
|
:missing_index_retry_time_on_diff, :missing_index_retry_time_on_unchanged, :debug, :enable_gzip_compression,
|
12
|
-
:fail_fast_errors, :max_consecutive_errors_on_endpoint
|
12
|
+
:fail_fast_errors, :max_consecutive_errors_on_endpoint, :tls_cert_chain, :tls_private_key, :tls_verify_peer
|
13
13
|
def initialize(base_url: 'http://localhost:8500',
|
14
14
|
debug: { network: false },
|
15
15
|
token: nil,
|
@@ -23,7 +23,10 @@ module Consul
|
|
23
23
|
enable_gzip_compression: true,
|
24
24
|
paths: {},
|
25
25
|
max_consecutive_errors_on_endpoint: 10,
|
26
|
-
fail_fast_errors: 1
|
26
|
+
fail_fast_errors: 1,
|
27
|
+
tls_cert_chain: nil,
|
28
|
+
tls_private_key: nil,
|
29
|
+
tls_verify_peer: true)
|
27
30
|
@base_url = base_url
|
28
31
|
@token = token
|
29
32
|
@debug = debug
|
@@ -38,6 +41,9 @@ module Consul
|
|
38
41
|
@paths = paths
|
39
42
|
@max_consecutive_errors_on_endpoint = max_consecutive_errors_on_endpoint
|
40
43
|
@fail_fast_errors = fail_fast_errors
|
44
|
+
@tls_cert_chain = tls_cert_chain
|
45
|
+
@tls_private_key = tls_private_key
|
46
|
+
@tls_verify_peer = tls_verify_peer
|
41
47
|
end
|
42
48
|
|
43
49
|
def ch(path, symbol)
|
@@ -71,7 +77,10 @@ module Consul
|
|
71
77
|
enable_gzip_compression: enable_gzip_compression,
|
72
78
|
paths: @paths,
|
73
79
|
max_consecutive_errors_on_endpoint: @max_consecutive_errors_on_endpoint,
|
74
|
-
fail_fast_errors: @fail_fast_errors
|
80
|
+
fail_fast_errors: @fail_fast_errors,
|
81
|
+
tls_cert_chain: ch(path, :tls_cert_chain),
|
82
|
+
tls_private_key: ch(path, :tls_private_key),
|
83
|
+
tls_verify_peer: ch(path, :tls_verify_peer))
|
75
84
|
end
|
76
85
|
end
|
77
86
|
|
@@ -233,6 +242,13 @@ module Consul
|
|
233
242
|
connect_timeout: 5, # default connection setup timeout
|
234
243
|
inactivity_timeout: conf.wait_duration + 1 + (conf.wait_duration / 16) # default connection inactivity (post-setup) timeout
|
235
244
|
}
|
245
|
+
unless conf.tls_cert_chain.nil?
|
246
|
+
options[:tls] = {
|
247
|
+
cert_chain_file: conf.tls_cert_chain,
|
248
|
+
private_key_file: conf.tls_private_key,
|
249
|
+
verify_peer: conf.tls_verify_peer
|
250
|
+
}
|
251
|
+
end
|
236
252
|
connection = {
|
237
253
|
conn: EventMachine::HttpRequest.new(conf.base_url, options)
|
238
254
|
}
|