search

claranet / puppet-consul_template

A Puppet module to manage the config and jobs of Consul Template from Hashicorp
Apache License 2.0
30 stars 89 forks source link

vault-ssl and watch definitions clash #107

Closed martinwaite closed 6 years ago

martinwaite commented 6 years ago

Affected Puppet, Ruby, OS and module versions/distributions

How to reproduce (e.g Puppet code you use)

class { 'consul_template':
  vault_enabled => true,
  vault_address => 'https://127.0.0.1:8200',
  vault_token => 'my-token',
  vault_ssl_ca_cert => '/etc/vault/my-CA.pem'
}

consul_template::watch { 'first':
  template => '/home/martinwaite/first.json.ctmpl.erb',
  destination => '/tmp/first.json',
  command => true,
}

What are you seeing

consul-template code intermingles Vault and Watch definition:

consul {
  address = "localhost:8500"
  token = ""
  retry {
    attempts = 5
    backoff = "250ms"
  }
}

log_level = "info"
reload_signal = "SIGHUP"
kill_signal = "SIGTERM"

vault {
  address = "https://127.0.0.1:8200"
  token = "my-token"
  ssl {
    enabled = true
    verify = true
template {
  source = "/etc/consul-template/first.ctmpl"
  destination = "/tmp/first.json"
  command = "true"
  perms = 0644
}

    cert = ""
    ca_cert = "/etc/vault/my-CA.pem"
  }
}

What behaviour did you expect instead

The Watch definition should appear at the end of the Vault config.

Output log

Any additional information you'd like to impart

I can workaround this by making a change to manifests/watch.pp:

@@ -51,7 +51,7 @@
   concat::fragment { $frag_name:
     target  => 'consul-template/config.json',
     content => "template {\n  source = \"${source_name}\"\n  destination = \"${destination}\"\n  command = \"${command}\"\n  perms = ${perms}\n}\n\n",
-    order   => '10',
+    order   => '20',
     notify  => Service['consul-template']
   }
 }

The problem is that the concat fragment for the watch has the same order as a concat fragment for one of the conditional vault fragments (vault-ssl2) in manifests/config.pp.

sts commented 6 years ago

@martinwaite should be fixed once #100 gets merged.

craigwatson commented 6 years ago

@martinwaite I can confirm that this is now fixed in the master branch of the module, so I'll close the issue for now - please feel free to re-open if the problem still exists for you.