Mail archive
alpine-devel

[alpine-devel] [PATCH] testing/consul: new aport

From: Olivier Mauras <olivier_at_mauras.ch>
Date: Thu, 02 Apr 2015 12:56:56 +0200

 From d557e1c4388fda66e422d53e6b5af2a78f056dcf Mon Sep 17 00:00:00 2001
 From: Olivier Mauras <olivier_at_mauras.ch>
Date: Thu, 2 Apr 2015 11:43:13 +0200
Subject: testing/consul: new aport

https://consul.io/
A tool for service discovery, monitoring and configuration

diff --git a/testing/consul/0001-Remove-git-requirement.patch
b/testing/consul/0001-Remove-git-requirement.patch
new file mode 100644
index 0000000..96cc508
--- /dev/null
+++ b/testing/consul/0001-Remove-git-requirement.patch
_at_@ -0,0 +1,37 @@
+From 866df648ed3665ab685c144bb7c709b579411a8b Mon Sep 17 00:00:00 2001
+From: Olivier Mauras <olivier_at_mauras.ch>
+Date: Wed, 1 Apr 2015 16:22:36 +0200
+Subject: [PATCH] Remove Git requirement
+
+---
+ scripts/build.sh | 7 +------
+ 1 file changed, 1 insertion(+), 6 deletions(-)
+
+diff --git a/scripts/build.sh b/scripts/build.sh
+index 5f08688..65240a1 100755
+--- a/scripts/build.sh
++++ b/scripts/build.sh
+_at_@ -11,11 +11,6 @@ DIR="$( cd -P "$( dirname "$SOURCE" )/.." && pwd )"
+ # Change into that directory
+ cd $DIR
+
+-# Get the git commit
+-GIT_COMMIT=$(git rev-parse HEAD)
+-GIT_DIRTY=$(test -n "`git status --porcelain`" && echo "+CHANGES" ||
true)
+-GIT_DESCRIBE=$(git describe --tags)
+-
+ # If we're building on Windows, specify an extension
+ EXTENSION=""
+ if [ "$(go env GOOS)" = "windows" ]; then
+_at_@ -46,7 +41,7 @@ go get \
+ # Build!
+ echo "--> Building..."
+ go build \
+- -ldflags "${CGO_LDFLAGS} -X main.GitCommit
${GIT_COMMIT}${GIT_DIRTY} -X main.GitDescribe ${GIT_DESCRIBE}" \
++ -ldflags "${CGO_LDFLAGS} -X main.GitDescribe v0.5.0" \
+ -v \
+ -o bin/consul${EXTENSION}
+ cp bin/consul${EXTENSION} ${GOPATHSINGLE}/bin
+--
+2.3.4
+
diff --git a/testing/consul/APKBUILD b/testing/consul/APKBUILD
new file mode 100644
index 0000000..e3a34eb
--- /dev/null
+++ b/testing/consul/APKBUILD
_at_@ -0,0 +1,119 @@
+# Contributor: Olivier Mauras <olivier_at_mauras.ch>
+# Maintainer:
+pkgname=consul
+pkgver=0.5.0
+pkgrel=0
+pkgdesc="A tool for service discovery, monitoring and configuration"
+url="https://www.consul.io/"
+arch="all"
+license="MPL 2.0"
+depends=""
+depends_dev=""
+makedepends="go $depends_dev"
+install="$pkgname.pre-install $pkgname.pre-deinstall
$pkgname.post-deinstall"
+pkgusers="consul"
+pkggroups="consul"
+subpackages=""
+source="
+ https://github.com/hashicorp/consul/archive/v${pkgver}.tar.gz
+ 0001-Remove-git-requirement.patch
+ consul.initd
+ consul.confd
+ acl.json.sample
+ encrypt.json.sample
+ server.json
+ tls.json.sample
+ "
+
+_builddir="$srcdir"/${pkgname}_go_build
+prepare() {
+ cd "$srcdir"/${pkgname}-${pkgver}
+ local i
+ for i in $source; do
+ case $i in
+ *.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;;
+ esac
+ done
+
+ # Move sources in GOPATH
+ mkdir -p $_builddir
+ cd "$_builddir"
+
+ mkdir -p src/github.com/hashicorp/${pkgname}
+ mv ../${pkgname}-${pkgver}/* src/github.com/hashicorp/${pkgname}/
+}
+
+build() {
+ cd "$_builddir"
+ export GOPATH="$_builddir"
+
+ # Install godep
+ echo "! Installing godep"
+ go get github.com/tools/godep
+
+ # Fetch Godeps file
+ mkdir -p Godeps
+ wget -q -O Godeps/Godeps.json
https://raw.githubusercontent.com/hashicorp/consul/master/deps/v0-5-0.json
+
+ # Install deps with godep
+ echo "! Installing deps using godep"
+ $GOPATH/bin/godep restore
+
+ # Doesn't make sense but seems it can't get everything in one pass
-_-
+ go get github.com/prometheus/client_golang/_vendor/goautoneg
+ go get github.com/prometheus/client_golang/_vendor/perks/quantile
+
+ # Run consul make
+ echo "! Building consul"
+ cd src/github.com/hashicorp/${pkgname}/
+ make
+}
+
+package() {
+ cd "$_builddir"
+
+ # Consul init script
+ install -m755 -D "$srcdir"/$pkgname.initd \
+ "$pkgdir"/etc/init.d/$pkgname || return 1
+ # Consul init conf
+ install -m644 -D "$srcdir"/$pkgname.confd \
+ "$pkgdir"/etc/conf.d/$pkgname || return 1
+ # Main binary
+ install -m750 -o root -g consul \
+ -D src/github.com/hashicorp/${pkgname}/bin/${pkgname} \
+ "$pkgdir"/usr/sbin/${pkgname} || return 1
+ # Consul datadir
+ install -m750 -o consul -g consul -d "$pkgdir"/var/${pkgname} ||
return 1
+ # Consul configdir
+ install -m750 -o root -g consul -d "$pkgdir"/etc/${pkgname} || return
1
+ # Consul sample config files
+ for cf in acl.json.sample encrypt.json.sample server.json
tls.json.sample; do
+ install -m640 -o root -g consul "$srcdir"/$cf
"$pkgdir"/etc/${pkgname} || return 1
+ done
+
+}
+
+md5sums="1f69f1c90f3a595c24bbd7d0eecb138b v0.5.0.tar.gz
+75c92e72009c39d14a8bfc072024077c 0001-Remove-git-requirement.patch
+34adfd50f993e57f5941d77963a23eef consul.initd
+9873f8d9a30f788eda9298e89366a1c9 consul.confd
+3ecdfa3d217bf8517a2b025da321811d acl.json.sample
+3cfcc6f98d15ce3f3ac7021657786ab6 encrypt.json.sample
+75a654690d6096987d52796a6e01e405 server.json
+11b09a876487013ddd564c152a4e0920 tls.json.sample"
+sha256sums="282f561c814fdb1f61106f3bb64b881c8eabc71f79f70f581509714e96f0449a
  v0.5.0.tar.gz
+c7e879bcdd99867f8412661396899cb4ebb7e93bebb0944c0bcc2c464a584de8
0001-Remove-git-requirement.patch
+f6caf13d0797f1cdc3d861e3417baa4e4fc3e8beaf5698b278ce514b3af5edac
consul.initd
+888aaaee84b3d8431526960becfdb123eaf438ae10fa58f59b5520ae0c0d0830
consul.confd
+40b230f47a5a52eac87cfea4cdda99125a2136630bdf49d22af0df814201f313
acl.json.sample
+927f9b480d4593a9d3dfe5e3e047e30fddc954a83157517135db3f60e7596a6f
encrypt.json.sample
+1058636fbbe66890c8a04a264f1200572202b205976aa562b07fe86f4faab89f
server.json
+b404ee9359c6e041cffe98bc4ab0808703bec627ed4a30e44386c7038580b74f
tls.json.sample"
+sha512sums="8d86b4f9e7cf14aa2bd063a81a459d0bf9953d880901471759dacbb2a920d7143e41dad8a880fb92a1e6fbd250ceeae55dc6138a7da6247bb1ecec7ddd8a8886
  v0.5.0.tar.gz
+6b83d4a3d16197564f68ccefe126ee9d9ed24fa0186bc55acd8abe5d9949a1cdcf4211034d0457af7426037cec1218ba8e651817128f559f8caef160d7843ff1
  0001-Remove-git-requirement.patch
+8510cdd05c8fa8e856cbc3806d8851adfebf64f34d7736503e6516050df6c98537e0fe334a28dc8ce2278be87ab7e1c0e09f77f26848bb6fff70f28ff702218a
  consul.initd
+f2c5af74dfcbca2fea8ebea31139d93f44455b93ef17ec611b880d7071af4125615dbbd23969d0d04ca636c26d7b4e7eb97f1266baa89252097f4cbc5173d817
  consul.confd
+d4310dde63d3b8fc4791124bd255bf2a1402b86d00f6b1732e18b0caedb75eae6c77382e1a48f12469828ef4bb363db4580fb1aafa63fcdc97b1431f6ea96d58
  acl.json.sample
+ec30ad73c13f9dd5ba15389567436dbf74c24e822cb959c6ccc40a35e36e212313c70f3cf1ccee3f63a7bb98760173d6c2478161a25b85e14dd889a47572aff1
  encrypt.json.sample
+a8b984db03f0bfb652d541dbdd3f1bc9be22f16cce78f73e495cc54adea1e09e9ac0e2f306ca8436590433c80a2ef824641f790b30aea9acb806b01fcabc918e
  server.json
+8ff5241ca0c195ba23bdd9786b4da81148cd51da429193c6f32b67a8d25e7ba1c12c91e22287e64ab6f02bc511308b2774ed8f768244f78b1ffb54c27fd84d76
  tls.json.sample"
diff --git a/testing/consul/acl.json.sample
b/testing/consul/acl.json.sample
new file mode 100644
index 0000000..629e05c
--- /dev/null
+++ b/testing/consul/acl.json.sample
_at_@ -0,0 +1,8 @@
+# Sample locked down default ACL policy
+# Use uuidgen to generate a master_token - Accepts any string format
+#{
+# "acl_datacenter": "dc1",
+# "acl_master_token": "35629809-57c6-4ef5-a807-b3a23394d57d",
+# "acl_default_policy": "deny",
+# "acl_down_policy": "deny"
+#}
diff --git a/testing/consul/consul.confd b/testing/consul/consul.confd
new file mode 100644
index 0000000..c06224b
--- /dev/null
+++ b/testing/consul/consul.confd
_at_@ -0,0 +1,2 @@
+# Consul startup
+consul_opts="agent -config-dir=/etc/consul"
diff --git a/testing/consul/consul.initd b/testing/consul/consul.initd
new file mode 100644
index 0000000..73613d9
--- /dev/null
+++ b/testing/consul/consul.initd
_at_@ -0,0 +1,30 @@
+#!/sbin/runscript
+
+name=consul
+daemon=/usr/sbin/$name
+daemon_user=$name
+daemon_group=$name
+
+depend() {
+ need net
+ after firewall
+}
+
+start() {
+ ebegin "Starting ${name}"
+ start-stop-daemon --start --quiet \
+ -m --pidfile /var/run/${name}.pid \
+ --user ${daemon_user} --group ${daemon_group}
\
+ -b -1 /dev/null -2 /dev/null \
+ -k 027 --exec ${daemon} -- ${consul_opts}
+ eend $?
+}
+
+stop() {
+ ebegin "Stopping ${name}"
+ start-stop-daemon --stop --quiet \
+ --pidfile /var/run/${name}.pid \
+ --exec ${daemon}
+ eend $?
+}
+
diff --git a/testing/consul/consul.post-deinstall
b/testing/consul/consul.post-deinstall
new file mode 100644
index 0000000..a4da5f3
--- /dev/null
+++ b/testing/consul/consul.post-deinstall
_at_@ -0,0 +1,7 @@
+#!/bin/sh
+
+# Delete consul group and user
+delgroup consul 2> /dev/null
+deluser consul 2> /dev/null
+exit 0
+
diff --git a/testing/consul/consul.pre-deinstall
b/testing/consul/consul.pre-deinstall
new file mode 100644
index 0000000..e352a05
--- /dev/null
+++ b/testing/consul/consul.pre-deinstall
_at_@ -0,0 +1,6 @@
+#!/bin/sh
+
+# Stop consul service
+rc-service consul stop &> /dev/null
+exit 0
+
diff --git a/testing/consul/consul.pre-install
b/testing/consul/consul.pre-install
new file mode 100644
index 0000000..aef4230
--- /dev/null
+++ b/testing/consul/consul.pre-install
_at_@ -0,0 +1,7 @@
+#!/bin/sh
+
+# Create consul group and user
+addgroup -S consul 2> /dev/null
+adduser -h /var/consul -s /sbin/nologin -G consul -S -D consul 2>
/dev/null
+exit 0
+
diff --git a/testing/consul/encrypt.json.sample
b/testing/consul/encrypt.json.sample
new file mode 100644
index 0000000..8e8fc89
--- /dev/null
+++ b/testing/consul/encrypt.json.sample
_at_@ -0,0 +1,5 @@
+# Enable gossip message encryption
+# Use 'consul keygen' to generate a new one
+#{
+# "encrypt": "HnAKJceZzkkqiHBkP52iEQ=="
+#}
diff --git a/testing/consul/server.json b/testing/consul/server.json
new file mode 100644
index 0000000..d09b568
--- /dev/null
+++ b/testing/consul/server.json
_at_@ -0,0 +1,8 @@
+{
+ "data_dir": "/var/consul",
+ "server": true,
+ "bootstrap_expect": 1,
+ "disable_update_check": true,
+ "disable_remote_exec": true,
+ "enable_syslog": true
+}
diff --git a/testing/consul/tls.json.sample
b/testing/consul/tls.json.sample
new file mode 100644
index 0000000..fda1d0d
--- /dev/null
+++ b/testing/consul/tls.json.sample
_at_@ -0,0 +1,8 @@
+# Enable RPC encryption with TLS
+#{
+# "ca_file": "/etc/consul/ssl/ca_cert.pem",
+# "cert_file": "/etc/consul/ssl/server.pem",
+# "key_file": "/etc/consul/ssl/server.key",
+# "verify_incoming": true,
+# "verify_outgoing": true
+#}
-- 
cgit v0.10.1
---
Direct patch access here: 
http://git.mauras.ch/aports/patch/?id=d557e1c4388fda66e422d53e6b5af2a78f056dcf
The package follows my article about securing consul 
https://www.mauras.ch/securing-consul.html and provide sane default 
config with samples to enable encryption as well as enforced 
permissions.
---
Unsubscribe:  alpine-devel+unsubscribe_at_lists.alpinelinux.org
Help:         alpine-devel+help_at_lists.alpinelinux.org
---
Received on Thu Apr 02 2015 - 12:56:56 UTC