Skip to content

Instantly share code, notes, and snippets.

@eranchetz

eranchetz/config.ctmpl

Created March 29, 2017 09:22
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save eranchetz/d861043fba274922638244ca19d3173a to your computer and use it in GitHub Desktop.
Save eranchetz/d861043fba274922638244ca19d3173a to your computer and use it in GitHub Desktop.
Download ZIP
Example Chef recipe to install Consul Template
Raw
config.ctmpl
{{
# /opt/my-app/consul.ctmpl
#
# This file is read by Consul Template and rendered onto disk using
# the configuration placed in /etc/consul-template.d.
}}
{{ with vault "postgresql/creds/readonly" }}
[config]
username = "{{ .Data.username }}"
password = "{{ .Data.password }}"
{{ end }}
Raw
default.rb
# NOTE: This recipe is designed to be informational and is not a copy-paste
# implementation. Please see the following blog post for more information:
#
# https://www.hashicorp.com/blog/using-hashicorp-vault-with-chef.html
#
# Install the unzip package because Consul and Consul Template are
# published as ZIP files.
package "unzip"
# Download the latest version of Consul Template using the remote_file
# resource in Chef and trigger an extraction.
remote_file "/tmp/consul-template.zip" do
source "https://releases.hashicorp.com/consul-template/0.12.1/consul-template_0.12.1_linux_amd64.zip"
owner "root"
group "root"
mode "0755"
backup false
action :create_if_missing
notifies :run, "execute[extract_consul_template]", :immediately
end
# Unzips the binary.
execute "extract_consul_template" do
command <<-EOH
unzip /tmp/consul-template.zip
mv consul-template /usr/local/bin/consul-template
chmod +x /usr/local/bin/consul-template
EOH
action :nothing
end
# Create the configuration directory where the template configurations
# will reside.
directory "/etc/consul-template.d" do
owner "root"
group "root"
action :create
end
# Create an upstart script - this could also be systemd or some other
# init system of your preference.
template "/etc/init/consul-template.conf" do
source "upstart-consul-template.conf"
owner "root"
group "root"
mode "0644"
end
# Start the service and register it with Chef.
service "consul-template" do
provider Chef::Provider::Service::Upstart
action :enable
end
# This writes the Consul Template template that Consul Template will
# read, parse, communicate with Vault, and render as the application
# configuration. Since Consul Template is running as a process, it
# will read all files in /etc/consul-template.d as configured in the
# upstart script above.
template "/etc/consul-template.d/my-app.hcl" do
source "my-app-ct.hcl"
owner "root"
group "root"
mode "0644"
notifies :reload, "service[consul-template]", :delayed
end
Raw
my-app.hcl
# templates/my-app.hcl
#
# This file is used to configure an instance of the Consul
# Template process. This tells Consul Template to ingress
# the file at /etc/my-app/config.ctmpl, communicate with Vault,
# and then write the resulting contents to /opt/my-app/config.
# If the template changes, Consul Template will restart the
# application.
template {
source = "/opt/my-app/config.ctmpl"
destination = "/opt/my-app/config"
command = "service my-app reload"
}
Raw
upstart-consul-template.conf
# templates/upstart-consul-template.conf
#
# This is a sample upstart configuration template for Consul
# Template that tells Consul Template to read all configuration
# from /etc/consul-template.d.
description "consul-template"
start on runlevel [2345]
stop on runlevel [!2345]
respawn
script
/usr/local/bin/consul-template \
-config="/etc/consul-template.d/" \
>> /var/log/consul-template.log 2>&1
end script
post-stop exec sleep 10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment