search

voxpupuli / puppet-consul

A Puppet Module to Manage Consul
Apache License 2.0
121 stars 315 forks source link

alternative commands to Consul Reload #629

Open lukebigum opened 1 year ago

lukebigum commented 1 year ago

Affected Puppet, Ruby, OS and module versions/distributions

What are you seeing

The Exec inside consul::reload_service never works for me. Trying to reload Consul via the Consul CLI is the most universal method, however it means a token must be in place for it to work. I use ACLs, and I will not pass any token to Puppet for security reasons.

If I were to submit a PR to optionally change the behaviour of consul::reload_service to call out to systemctl reload consul if $facts['systemd'] plus another class Boolean, would that be acceptable? It's not pretty, but it's the best I've got.

The other thing I can do is spaceship operator and override:

Exec <| title == 'reload consul service' |> {
  command => 'systemctl reload consul'
}

Which is even nastier, but it'll work for me.

Output log

Notice: /Stage[main]/Consul::Reload_service/Exec[reload consul service]/returns: Error reloading: Unexpected response code: 403 (Permission denied: anonymous token lacks permission 'agent:write' on "hostname". The anonymous token is used implicitly when a request does not specify a token.)
Error: /Stage[main]/Consul::Reload_service/Exec[reload consul service]: Failed to call refresh: 'consul reload -http-addr=127.0.0.1:8500' returned 1 instead of one of [0]
Error: /Stage[main]/Consul::Reload_service/Exec[reload consul service]: 'consul reload -http-addr=127.0.0.1:8500' returned 1 instead of one of [0]