Version information
This version is compatible with:
- RedHat,CentOS,Scientific Linux,Oracle Linux,Ubuntu, Archlinux,Fedora,OpenSuSE,SLES,SLED
This module has been deprecated by its author since May 11th 2022.
The author has suggested puppet-consul as its replacement.
Start using this module
Documentation
puppet-consul
Compatibility
Consul Version | Recommended Puppet Module Version |
---|---|
>= 0.6.0 | latest |
0.5.x | 1.0.3 |
0.4.x | 0.4.6 |
0.3.x | 0.3.0 |
What This Module Affects
- Installs the consul daemon (via url or package)
- If installing from zip, you must ensure the unzip utility is available.
- Optionally installs a user to run it under
- Installs a configuration file (/etc/consul/config.json)
- Manages the consul service via upstart, sysv, or systemd
- Optionally installs the Web UI
Usage
To set up a single consul server, with several agents attached: On the server:
class { '::consul':
config_hash => {
'bootstrap_expect' => 1,
'data_dir' => '/opt/consul',
'datacenter' => 'east-aws',
'log_level' => 'INFO',
'node_name' => 'server',
'server' => true,
}
}
On the agent(s):
class { '::consul':
config_hash => {
'data_dir' => '/opt/consul',
'datacenter' => 'east-aws',
'log_level' => 'INFO',
'node_name' => 'agent',
'retry_join' => ['172.16.0.1'],
}
}
Disable install and service components:
class { '::consul':
install_method => 'none',
init_style => false,
manage_service => false,
config_hash => {
'data_dir' => '/opt/consul',
'datacenter' => 'east-aws',
'log_level' => 'INFO',
'node_name' => 'agent',
'retry_join' => ['172.16.0.1'],
}
}
Web UI
To install and run the Web UI on the server, include ui_dir
in the
config_hash
. You may also want to change the client_addr
to 0.0.0.0
from
the default 127.0.0.1
, for example:
class { '::consul':
config_hash => {
'bootstrap_expect' => 1,
'client_addr' => '0.0.0.0',
'data_dir' => '/opt/consul',
'datacenter' => 'east-aws',
'log_level' => 'INFO',
'node_name' => 'server',
'server' => true,
'ui_dir' => '/opt/consul/ui',
}
}
For more security options, consider leaving the client_addr
set to 127.0.0.1
and use with a reverse proxy:
$aliases = ['consul', 'consul.example.com']
# Reverse proxy for Web interface
include 'nginx'
$server_names = [$::fqdn, $aliases]
nginx::resource::vhost { $::fqdn:
proxy => 'http://localhost:8500',
server_name => $server_names,
}
Service Definition
To declare the availability of a service, you can use the service
define. This
will register the service through the local consul client agent and optionally
configure a health check to monitor its availability.
::consul::service { 'redis':
checks => [
{
script => '/usr/local/bin/check_redis.py',
interval => '10s'
}
],
port => 6379,
tags => ['master']
}
See the service.pp docstrings for all available inputs.
You can also use consul::services
which accepts a hash of services, and makes
it easy to declare in hiera. For example:
consul::services:
service1:
address: "%{::ipaddress}"
checks:
- http: http://localhost:42/status
interval: 5s
port: 42
tags:
- "foo:%{::bar}"
service2:
address: "%{::ipaddress}"
checks:
- http: http://localhost:43/status
interval: 5s
port: 43
tags:
- "foo:%{::baz}"
Watch Definitions
::consul::watch { 'my_watch':
handler => 'handler_path',
passingonly => true,
service => 'serviceName',
service_tag => 'serviceTagName',
type => 'service',
}
See the watch.pp docstrings for all available inputs.
You can also use consul::watches
which accepts a hash of watches, and makes
it easy to declare in hiera.
Check Definitions
::consul::check { 'true_check':
interval => '30s',
script => '/bin/true',
}
See the check.pp docstrings for all available inputs.
You can also use consul::checks
which accepts a hash of checks, and makes
it easy to declare in hiera.
Removing Service, Check and Watch definitions
Do ensure => absent
while removing existing service, check and watch
definitions. This ensures consul will be reloaded via SIGHUP
. If you have
purge_config_dir
set to true
and simply remove the definition it will cause
consul to restart.
ACL Definitions
consul_acl { 'ctoken':
ensure => 'present',
rules => {'key' => {'test' => {'policy' => 'read'}}},
type => 'client',
}
Do not use duplicate names, and remember that the ACL ID (a read-only property for this type) is used as the token for requests, not the name
Optionally, you may supply an acl_api_token
. This will allow you to create
ACLs if the anonymous token doesn't permit ACL changes (which is likely).
The api token may be the master token, another management token, or any
client token with sufficient privileges.
Limitations
Depends on the JSON gem, or a modern ruby. (Ruby 1.8.7 is not officially supported)
Consul Template
Consul Template is a piece of software to dynamically write out config files using templates that are populated with values from Consul. This module does not configure consul template. See gdhbashton/consul_template for a module that can do that.
Development
Open an issue or fork and open a Pull Request
Types in this module release
Change Log
v1.0.8 (2016-04-13)
Closed issues:
- Switch from using staging module to archive #242
- Service start is broken on Debian > 8.0 #232
- Services variable not working with hiera hash. Expects an array of hashes it seems. #230
- ensure_packages unzip with 'before' breaks interoperability #187
- Setting consul::version in hiera does not change the download_url #129
- add maintenance mode option to init scripts #124
- Watches key in config_hash should expect an array of hashes? #83
v1.0.6 (2016-03-24)
Closed issues:
- Master broken on EL6 due to "Invalid service provider 'sysv'" #240
- Service reload too quick #231
- Systemd limits issue #225
- Encryption #224
- Duplicate declaration: Class[Staging] with puppet/mysql mysqltuner #223
- Consul reload fails when rpc_addr is 0.0.0.0 #220
- Support creating ACLs while talking to a hostname other than localhost #216
- Release version 1.0.5 #215
Merged pull requests:
- Switching from staging to archive module #243 (split3)
- EL \< 7 uses init service provider, not sysv. #241 (fatmcgav)
- Update reload_service.pp #235 (nvtkaszpir)
- add support for arm (Raspberry pi's ARM here) architecture #234 (gibre)
- Added custom init style "custom" #233 (ph0enix49)
- lazily return nil when consul client isn't installed #227 (roobert)
- add NOFILE limit to systemd template #226 (DjxDeaf)
- Debian init script should depend on networking, resolution and syslog #222 (chrisboulton)
- When reloading consul, use 127.0.0.1 as rpc_addr when rpc_addr was set to 0.0.0.0 #221 (danielbenzvi)
- Add hostname proprety for ACL operations, defaults to localhost, like before #219 (gozer)
- Consul Version Fact #209 (robrankin)
- Set provider on consul service #125 (albustax)
v1.0.5 (2016-01-08)
Fixed bugs:
- umask feature breaks CentOS init scripts #107
Closed issues:
- If $install_method = 'url', won't upgrade consul #103
Merged pull requests:
- ACL fixes - idempotentcy and port bug. #214 (sigerber)
- Fix port property #213 (horsehay)
- Add support of OpenSuSE and SLED #212 (kscherer)
- Fix web_ui installation on Consul 0.6.0 and greater #208 (dbeckham)
- mitigate .to_json segfaults on Ruby 1.8.7 #205 (duritong)
v1.0.4 (2015-12-15)
Merged pull requests:
v1.0.3 (2015-12-10)
Closed issues:
- Default mode on config.json and service files is too permissive #199
- Wrong number of arguments given #194
- metadata.json - needs at least 4.6.0 of stdlib #190
- Strange (probably unnecessary) behavior in sysv stop script #174
Merged pull requests:
- Updating staging file download to use the version and symlink #202 (split3)
- Updated download_urls used to be the new releases.hashicorp.com location #201 (split3)
- parameterize config file mode #200 (aj-jester)
- Add parameter for setting port to custom acl type #197 (horsehay)
- Allow ACL ID to be writeable #196 (robrankin)
- need at least 4.6.0 of puppetlabs/stdlib #191 (gdhbashton)
- Remove management of unzip package #189 (danieldreier)
- consul init sysv: lower stop priority #188 (koendc)
- actually we want to escape / globally for filenames #186 (duritong)
- Fixed chuid / consul executed as root #183 (sw0x2A)
- Rework sysv stop script to fix issues #181 (pforman)
- explicitly define ownership of config directory, installation breaks for hardened Linux boxes with default umask of 0077 - this fixes the problem #168 (proletaryo)
v1.0.2 (2015-09-05)
Closed issues:
- Log rotation? #182
- Staging missing dependency on
Package\['unzip'\]
#164 - Documentation #161
- Ruby 1.8 support #148
- GOMAXPROCS discarded by upstart init due to sudo's env_reset option #126
- Module should have a CHANGELOG #122
- Debian: /var/run/consul/consul.pid user affinity inconsistent #120
- config_hash converts strings to integers => breaks port mappings #119
- Invalid resource type staging::file #117
- Need to add -data-dir option to startup scripts. #115
- Meta stuff Not up to snuff #76
- Send SIGHUP to consul agent when new checks/services are detected #43
- Support consul-template #36
Merged pull requests:
- Update beaker tests + travis integration #180 (solarkennedy)
- fix 'consul reload' on custom rpc port #179 (mdelagrange)
- More rpc port support for debian/upstart #177 (solarkennedy)
- Archlinux support #176 (vdloo)
- pretty config (that properly sorts) #175 (aj-jester)
- prevent unnecessary consul restarts on puppet runs #173 (mdelagrange)
- Add a check for $service_ensure in reload_service #172 (pforman)
- deep_merge to support nested objects #171 (aj-jester)
- parameterize restart on change for the main config #169 (aj-jester)
- unzip depedency for staging #166 (aj-jester)
- Adding support for Ubuntu 15.04 #163 (asasfu)
- Ensure all network interfaces are up before starting in upstart config #162 (jbarbuto)
- UI dir symlink should depend on the dist existing #158 (jsok)
- remove string casting to int #157 (aj-jester)
- convert quoted integers to int object #156 (aj-jester)
- Update the gemfile, hopefully to something beaker and puppet-rspec can tolerate #154 (solarkennedy)
- travis update #153 (jlambert121)
- reload on service, checks and watch changes #152 (aj-jester)
- acl token support for services and checks #151 (aj-jester)
- Modify consul_validate_checks to work with ruby 1.8 #149 (solarnz)
- Adding groups parameter to user definition #147 (robrankin)
- upstart: Agents should gracefully leave cluster on stop #146 (jsok)
- explicitly set depedencies for package install #145 (jlambert121)
- Use strict vars all the time, and future parser for later versions #144 (solarkennedy)
- add puppet 4 testing to travis #143 (jlambert121)
- create user/group as system accounts #142 (jlambert121)
- correct links for consul template #140 (jlambert121)
- compatibiliy fix: ensure variables are defined #139 (mklette)
- Pass ensure to service definition file #138 (mklette)
- Fix debian init #137 (dizzythinks)
- update default consul version #136 (jlambert121)
- Make consul::install optional #135 (potto007)
- Add an exec to daemon-reload systemctl when the unit-file changes #134 (robrankin)
- Fix issue #129 - https://github.com/solarkennedy/puppet-consul/issues/129 #133 (potto007)
- Escape the ID & make fixtures useable more widely #132 (duritong)
- Change name of File['config.json'] to File['consul config.json'] #131 (EvanKrall)
- Switch to using start-stop-daemon for consul upstart init script #130 (bdellegrazie)
- Supply optional token for ACL changes #128 (mdelagrange)
- Fix pidfile handling on Debian #121 (weitzj)
v1.0.0 (2015-04-30)
Closed issues:
- README for consul::service is out of date #110
- delete_undef_values required stdlib 4.2.0, dependency not set properly #109
- init script doesn't have data-dir (0.5.0) #100
- passingonly needs to be a boolean for watch type #97
- Dependency cycle using consul::services #90
- consul should not 'leave' for init script 'stop' action #85
- Cycling dependancy in Hiera-based config #81
- Support for Consul 0.5.0 and multiple check configuration #73
- Path to /home/kyle is hard coded, somewhere #65
Merged pull requests:
- Debian 8.0+ uses systemd #113 (CyBeRoni)
- Update README, ensure passingonly is a bool #112 (zxjinn)
- Update puppetlabs-stdlib dependency to 4.2.0 for the delete_undef_values function #111 (zxjinn)
- Revert "Allow setting of the umask for the consul daemon." #108 (sjoeboo)
- Allow setting of the umask for the consul daemon. #106 (EvanKrall)
- Respect user and group in launchd. #105 (EvanKrall)
- Anchor the consul install/config/run_service classes #102 (koendc)
- Added support for consul 0.5.0 features: #99 (split3)
- make module work with future parser #92 (duritong)
- Add consul_acl type and provider #91 (michaeltchapman)
- Consul expects prefix rather than keyprefix in watch config #89 (codesplicer)
- Expose id parameter for service definitions #88 (codesplicer)
- sysv & debian init updates to kill or leave #87 (runswithd6s)
- Updated the params for OracleLinux Support #84 (MarsuperMammal)
- Fixes #81 bugfix cycle dependency when specifying a service #82 (tayzlor)
- Added compatibility for Scientific Linux #78 (tracyde)
- More lint fixes #77 (solarkennedy)
- Support for Amazon OS #68 (dcoxall)
v0.4.6 (2015-01-23)
Closed issues:
- Consul init scripts sometimes not installed in the correct order #74
Merged pull requests:
- Move init script to config.pp to ensure it gets set AFTER the package gets installed #75 (tayzlor)
- Add support for providing watches/checks/services via hiera #72 (tayzlor)
- Fix Puppet 3.7.3 giving evaluation error in run_service.pp #71 (tayzlor)
- Update install.pp #69 (ianlunam)
- Adding ability to disable managing of the service #67 (sedan07)
- Some linting fixes and resolves joining wan not actually joining the wan #66 (justicel)
- Better OS support for init_style #63 (avishai-ish-shalom)
v0.4.5 (2015-01-16)
v0.4.4 (2015-01-16)
Closed issues:
- Allow Consul clients to join cluster #61
- new function sorted_json does not work if keys are set to undef #59
- Bump to hashicorp/consul GitHub version e9615c50e6 #58
- cannot generate right retry_join string #57
- join_cluster not working on agents #56
- Multiple consul::service with same name causes ArgumentError #46
- service definition file will be changed frequently #45
- cut a new release? #41
- join_cluster doesn't seem to work in some cases #31
- Tests need ruby >= 1.9.2 #7
Merged pull requests:
- Adding "status" to the debian init script #64 (paulhamby)
- Allow hash keys to be set to undef #60 (bodepd)
- Add config_defaults hash parameter #54 (michaeltchapman)
- Make init_style can be disabled #53 (TieWei)
- Make rake spec running #52 (TieWei)
- use versioncmp to compare versions #49 (jfroche)
- Allow overriding a service's name #47 (jsok)
- Make puppet-consul install on OS X #44 (EvanKrall)
v0.4.2 (2014-10-28)
v0.4.1 (2014-10-28)
Closed issues:
- Add support for joining multiple datacenters #34
- Configuring consul client nodes #26
- Add support for the new "watch" resource exposed in Consul 0.4.0 #23
- Install ui broken ? #19
Merged pull requests:
- Set default of GOMAXPROCS=2 for SLES #40 (tehranian)
- Fix the GOMAXPROCS warning for Upstart-based systems #39 (tehranian)
- bump to version 0.4.1 #38 (kennyg)
- Add sysconfig support for sysv #37 (dblessing)
- Add join_wan feature #35 (dblessing)
- Version bump; Download Consul 0.4.0 #33 (tehranian)
- Add support for SLES #32 (tehranian)
- Add option to purge config dir #30 (sorenh)
- Changed cluster join code #29 (hkumarmk)
- (retry) Service Definition documentation and fix #28 (benschw)
- Adding in explicit support for "watches" #24 (jrnt30)
- Added join_cluster param to have consul join a cluster after (re)starting service #21 (tylerwalts)
- Fixing gui_package install #20 (KrisBuytaert)
- Added upstart link for old init.d functionality on upstart jobs #18 (lynxman)
- bump to version 0.3.1 #17 (kennyg)
- Install the consul web ui #15 (croomes)
- Adds systemd support #14 (croomes)
- Update CONTRIBUTORS #12 (kennyg)
- bumped to version 0.3.0 #11 (kennyg)
v0.3.0 (2014-06-20)
Closed issues:
Merged pull requests:
- Add extra_options parameter, to allow extra arguments to the consul agent #9 (EvanKrall)
- Define consul::service and consul::check types #8 (EvanKrall)
- Convert from setuid/setgid to sudo for Lucid support. Allow for group management. #6 (EvanKrall)
- Make download actually work #3 (nberlee)
- Make example config parseable #2 (nberlee)
* This Change Log was automatically generated by github_changelog_generator
Dependencies
- puppetlabs/stdlib (>= 4.6.0 <5.0.0)
- puppet/archive (>=0.5.0 <1.0.0)
Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 1. Definitions. "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document. "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License. "Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files. "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types. "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below). "Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof. "Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution." "Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work. 2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form. 3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed. 4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions: (a) You must give any other recipients of the Work or Derivative Works a copy of this License; and (b) You must cause any modified files to carry prominent notices stating that You changed the files; and (c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and (d) If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License. You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License. 5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions. 6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file. 7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License. 8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages. 9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. END OF TERMS AND CONDITIONS APPENDIX: How to apply the Apache License to your work. To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets "[]" replaced with your own identifying information. (Don't include the brackets!) The text should be enclosed in the appropriate comment syntax for the file format. We also recommend that a file or class name and description of purpose be included on the same "printed page" as the copyright notice for easier identification within third-party archives. Copyright [yyyy] [name of copyright owner] Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.