-
Notifications
You must be signed in to change notification settings - Fork 97
consul*/install.sls refactoring #38
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: master
Are you sure you want to change the base?
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| {{ consul_template.hashicorp_gpg_key }} |
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,4 +1,6 @@ | ||
| {% from "consul-template/map.jinja" import consul_template with context %} | ||
| {% from slspath + '/map.jinja' import consul_template with context %} | ||
|
|
||
| {% set version = consul_template.version %} | ||
|
|
||
| consul-template-config-dir: | ||
| file.directory: | ||
|
|
@@ -10,37 +12,57 @@ consul-template-template-dir: | |
| - makedirs: True | ||
|
|
||
| # Install template renderer | ||
| consul-template-download: | ||
| /opt/consul-template/{{ version }}/consul-template_{{ version }}_SHA256SUMS: | ||
| file.managed: | ||
| - name: /tmp/consul_template_{{ consul_template.version }}_linux_amd64.zip | ||
| - source: https://releases.hashicorp.com/consul-template/{{ consul_template.version }}/consul-template_{{ consul_template.version }}_linux_amd64.zip | ||
| - source_hash: sha256={{ consul_template.hash }} | ||
| - unless: test -f /usr/local/bin/consul-template-{{ consul_template.version }} | ||
|
|
||
| consul-template-extract: | ||
| cmd.wait: | ||
| - name: unzip /tmp/consul_template_{{ consul_template.version }}_linux_amd64.zip -d /tmp | ||
| - watch: | ||
| - file: consul-template-download | ||
|
|
||
| consul-template-install: | ||
| file.rename: | ||
| - name: /usr/local/bin/consul-template-{{ consul_template.version }} | ||
| - source: /tmp/consul-template | ||
| - require: | ||
| - file: /usr/local/bin | ||
| - watch: | ||
| - cmd: consul-template-extract | ||
| - source: https://releases.hashicorp.com/consul-template/{{ version }}/consul-template_{{ version }}_SHA256SUMS | ||
| - makedirs: true | ||
| - skip_verify: true | ||
|
|
||
| consul-template-clean: | ||
| file.absent: | ||
| - name: /tmp/consul_template_{{ consul_template.version }}_linux_amd64.zip | ||
| - watch: | ||
| - file: consul-template-install | ||
| /opt/consul-template/{{ version }}/bin: | ||
| archive.extracted: | ||
| - source: https://releases.hashicorp.com/consul-template/{{ version }}/consul-template_{{ version }}_linux_amd64.zip | ||
| - source_hash: /opt/consul-template/{{ version }}/consul-template_{{ version }}_SHA256SUMS | ||
| - enforce_toplevel: false | ||
| - require: | ||
| - /opt/consul-template/{{ version }}/consul-template_{{ version }}_SHA256SUMS | ||
|
|
||
| consul-template-link: | ||
| /usr/local/bin/consul-template: | ||
| file.symlink: | ||
| - target: consul-template-{{ consul_template.version }} | ||
| - name: /usr/local/bin/consul-template | ||
| - watch: | ||
| - file: consul-template-install | ||
| - target: /opt/consul-template/{{ version }}/bin/consul-template | ||
| - force: true | ||
| - require: | ||
| - /opt/consul-template/{{ version }}/bin | ||
|
|
||
| {% if consul_template.secure_download -%} | ||
| /opt/consul-template/{{ version }}/consul-template_{{ version }}_SHA256SUMS.sig: | ||
| file.managed: | ||
| - source: https://releases.hashicorp.com/consul-template/{{ version }}/consul-template_{{ version }}_SHA256SUMS.sig | ||
| - skip_verify: true | ||
| - require: | ||
| - /opt/consul-template/{{ version }}/consul-template_{{ version }}_SHA256SUMS | ||
|
|
||
|
|
||
| /tmp/hashicorp.asc: | ||
| file.managed: | ||
| - source: salt://{{ slspath }}/files/hashicorp.asc.jinja | ||
| - template: jinja | ||
| - context: | ||
| consul_template: | ||
| {{ consul_template | yaml }} | ||
|
|
||
| import key: | ||
| cmd.run: | ||
| - name: gpg --import /tmp/hashicorp.asc | ||
| - unless: gpg --list-keys {{ consul_template.hashicorp_key_id }} | ||
| - require: | ||
| - /tmp/hashicorp.asc | ||
|
|
||
| verify shasums sig: | ||
| cmd.run: | ||
| - name: gpg --verify /opt/consul-template/{{ version }}/consul-template_{{ version }}_SHA256SUMS.sig /opt/consul-template/{{ version }}/consul-template_{{ version }}_SHA256SUMS | ||
|
Contributor
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. @nledez could you try to use the verify function in the salt GPG module instead of calling a command here directly? |
||
| - require: | ||
| - /opt/consul-template/{{ version }}/consul-template_{{ version }}_SHA256SUMS.sig | ||
| - import key | ||
| - prereq: | ||
| - /usr/local/bin/consul-template | ||
| {%- endif %} | ||
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| {{ consul.hashicorp_gpg_key }} |
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,5 +1,7 @@ | ||
| {%- from slspath + '/map.jinja' import consul with context -%} | ||
|
|
||
| {% set version = consul.version %} | ||
|
|
||
| consul-dep-unzip: | ||
| pkg.installed: | ||
| - name: unzip | ||
|
|
@@ -42,37 +44,57 @@ consul-data-dir: | |
| - mode: 0750 | ||
|
|
||
| # Install agent | ||
| consul-download: | ||
| /opt/consul/{{ version }}/consul_{{ version }}_SHA256SUMS: | ||
| file.managed: | ||
| - name: /tmp/consul_{{ consul.version }}_linux_{{ consul.arch }}.zip | ||
| - source: https://{{ consul.download_host }}/consul/{{ consul.version }}/consul_{{ consul.version }}_linux_{{ consul.arch }}.zip | ||
| - source_hash: https://releases.hashicorp.com/consul/{{ consul.version }}/consul_{{ consul.version }}_SHA256SUMS | ||
| - unless: test -f /usr/local/bin/consul-{{ consul.version }} | ||
| - source: https://releases.hashicorp.com/consul/{{ version }}/consul_{{ version }}_SHA256SUMS | ||
| - makedirs: true | ||
| - skip_verify: true | ||
|
|
||
| consul-extract: | ||
| cmd.wait: | ||
| - name: unzip /tmp/consul_{{ consul.version }}_linux_{{ consul.arch }}.zip -d /tmp | ||
| - watch: | ||
| - file: consul-download | ||
| /opt/consul/{{ version }}/bin: | ||
| archive.extracted: | ||
| - source: https://releases.hashicorp.com/consul/{{ version }}/consul_{{ version }}_linux_amd64.zip | ||
| - source_hash: /opt/consul/{{ version }}/consul_{{ version }}_SHA256SUMS | ||
|
Contributor
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. @nledez I don't think we need to keep the checksums file around in the filesystem after we use them. You could point it to the upstream directly. However I assume you are explicitly downloading them to enforce the GPG check, right? |
||
| - enforce_toplevel: false | ||
| - require: | ||
| - /opt/consul/{{ version }}/consul_{{ version }}_SHA256SUMS | ||
|
|
||
| consul-install: | ||
| file.rename: | ||
| - name: /usr/local/bin/consul-{{ consul.version }} | ||
| - source: /tmp/consul | ||
| /usr/local/bin/consul: | ||
| file.symlink: | ||
| - target: /opt/consul/{{ version }}/bin/consul | ||
| - force: true | ||
| - require: | ||
| - file: /usr/local/bin | ||
| - watch: | ||
| - cmd: consul-extract | ||
| - /opt/consul/{{ version }}/bin | ||
|
|
||
| consul-clean: | ||
| file.absent: | ||
| - name: /tmp/consul_{{ consul.version }}_linux_{{ consul.arch }}.zip | ||
| - watch: | ||
| - file: consul-install | ||
| {% if consul.secure_download -%} | ||
| /opt/consul/{{ version }}/consul_{{ version }}_SHA256SUMS.sig: | ||
| file.managed: | ||
| - source: https://releases.hashicorp.com/consul/{{ version }}/consul_{{ version }}_SHA256SUMS.sig | ||
| - skip_verify: true | ||
| - require: | ||
| - /opt/consul/{{ version }}/consul_{{ version }}_SHA256SUMS | ||
|
|
||
| consul-link: | ||
| file.symlink: | ||
| - target: consul-{{ consul.version }} | ||
| - name: /usr/local/bin/consul | ||
| - watch: | ||
| - file: consul-install | ||
|
|
||
| /tmp/hashicorp.asc: | ||
| file.managed: | ||
| - source: salt://{{ slspath }}/files/hashicorp.asc.jinja | ||
| - template: jinja | ||
| - context: | ||
| consul: | ||
| {{ consul | yaml }} | ||
|
|
||
| import key: | ||
|
Contributor
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. @nledez same comment here regarding importing the GPG using using a salt state instead of running a command directly |
||
| cmd.run: | ||
| - name: gpg --import /tmp/hashicorp.asc | ||
| - unless: gpg --list-keys {{ consul.hashicorp_key_id }} | ||
| - require: | ||
| - /tmp/hashicorp.asc | ||
|
|
||
| verify shasums sig: | ||
| cmd.run: | ||
| - name: gpg --verify /opt/consul/{{ version }}/consul_{{ version }}_SHA256SUMS.sig /opt/consul/{{ version }}/consul_{{ version }}_SHA256SUMS | ||
|
Contributor
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. @nledez same comment here regarding using the Salt module instead of a command. |
||
| - require: | ||
| - /opt/consul/{{ version }}/consul_{{ version }}_SHA256SUMS.sig | ||
| - import key | ||
| - prereq: | ||
| - /usr/local/bin/consul | ||
| {%- endif %} | ||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@nledez could you try to use the gpg state here instead of calling the command line directly?