X-Original-To: alpine-devel@lists.alpinelinux.org Delivered-To: alpine-devel@mail.alpinelinux.org Received: from smtp.core-hosting.net (ns1.core-hosting.net [95.130.13.75]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.alpinelinux.org (Postfix) with ESMTPS id 874E9DC0C27 for ; Thu, 2 Apr 2015 10:56:59 +0000 (UTC) Received: from mail.core-hosting.net (unknown [10.0.0.4]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.core-hosting.net (Postfix) with ESMTPSA id 2D95BAA1F10 for ; Thu, 2 Apr 2015 12:56:56 +0200 (CEST) X-Mailinglist: alpine-devel Precedence: list List-Id: Alpine Development List-Unsubscribe: List-Post: List-Help: List-Subscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Date: Thu, 02 Apr 2015 12:56:56 +0200 From: Olivier Mauras To: Subject: [alpine-devel] [PATCH] testing/consul: new aport Reply-To: Mail-Reply-To: Message-ID: <87742e9a14b503094df60cca9925cf93@core-hosting.net> X-Sender: olivier@mauras.ch User-Agent: Roundcube Webmail/0.7.2 From d557e1c4388fda66e422d53e6b5af2a78f056dcf Mon Sep 17 00:00:00 2001 From: Olivier Mauras Date: Thu, 2 Apr 2015 11:43:13 +0200 Subject: testing/consul: new aport https://consul.io/ A tool for service discovery, monitoring and configuration diff --git a/testing/consul/0001-Remove-git-requirement.patch b/testing/consul/0001-Remove-git-requirement.patch new file mode 100644 index 0000000..96cc508 --- /dev/null +++ b/testing/consul/0001-Remove-git-requirement.patch @@ -0,0 +1,37 @@ +From 866df648ed3665ab685c144bb7c709b579411a8b Mon Sep 17 00:00:00 2001 +From: Olivier Mauras +Date: Wed, 1 Apr 2015 16:22:36 +0200 +Subject: [PATCH] Remove Git requirement + +--- + scripts/build.sh | 7 +------ + 1 file changed, 1 insertion(+), 6 deletions(-) + +diff --git a/scripts/build.sh b/scripts/build.sh +index 5f08688..65240a1 100755 +--- a/scripts/build.sh ++++ b/scripts/build.sh +@@ -11,11 +11,6 @@ DIR="$( cd -P "$( dirname "$SOURCE" )/.." && pwd )" + # Change into that directory + cd $DIR + +-# Get the git commit +-GIT_COMMIT=$(git rev-parse HEAD) +-GIT_DIRTY=$(test -n "`git status --porcelain`" && echo "+CHANGES" || true) +-GIT_DESCRIBE=$(git describe --tags) +- + # If we're building on Windows, specify an extension + EXTENSION="" + if [ "$(go env GOOS)" = "windows" ]; then +@@ -46,7 +41,7 @@ go get \ + # Build! + echo "--> Building..." + go build \ +- -ldflags "${CGO_LDFLAGS} -X main.GitCommit ${GIT_COMMIT}${GIT_DIRTY} -X main.GitDescribe ${GIT_DESCRIBE}" \ ++ -ldflags "${CGO_LDFLAGS} -X main.GitDescribe v0.5.0" \ + -v \ + -o bin/consul${EXTENSION} + cp bin/consul${EXTENSION} ${GOPATHSINGLE}/bin +-- +2.3.4 + diff --git a/testing/consul/APKBUILD b/testing/consul/APKBUILD new file mode 100644 index 0000000..e3a34eb --- /dev/null +++ b/testing/consul/APKBUILD @@ -0,0 +1,119 @@ +# Contributor: Olivier Mauras +# Maintainer: +pkgname=consul +pkgver=0.5.0 +pkgrel=0 +pkgdesc="A tool for service discovery, monitoring and configuration" +url="https://www.consul.io/" +arch="all" +license="MPL 2.0" +depends="" +depends_dev="" +makedepends="go $depends_dev" +install="$pkgname.pre-install $pkgname.pre-deinstall $pkgname.post-deinstall" +pkgusers="consul" +pkggroups="consul" +subpackages="" +source=" + https://github.com/hashicorp/consul/archive/v${pkgver}.tar.gz + 0001-Remove-git-requirement.patch + consul.initd + consul.confd + acl.json.sample + encrypt.json.sample + server.json + tls.json.sample + " + +_builddir="$srcdir"/${pkgname}_go_build +prepare() { + cd "$srcdir"/${pkgname}-${pkgver} + local i + for i in $source; do + case $i in + *.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;; + esac + done + + # Move sources in GOPATH + mkdir -p $_builddir + cd "$_builddir" + + mkdir -p src/github.com/hashicorp/${pkgname} + mv ../${pkgname}-${pkgver}/* src/github.com/hashicorp/${pkgname}/ +} + +build() { + cd "$_builddir" + export GOPATH="$_builddir" + + # Install godep + echo "! Installing godep" + go get github.com/tools/godep + + # Fetch Godeps file + mkdir -p Godeps + wget -q -O Godeps/Godeps.json https://raw.githubusercontent.com/hashicorp/consul/master/deps/v0-5-0.json + + # Install deps with godep + echo "! Installing deps using godep" + $GOPATH/bin/godep restore + + # Doesn't make sense but seems it can't get everything in one pass -_- + go get github.com/prometheus/client_golang/_vendor/goautoneg + go get github.com/prometheus/client_golang/_vendor/perks/quantile + + # Run consul make + echo "! Building consul" + cd src/github.com/hashicorp/${pkgname}/ + make +} + +package() { + cd "$_builddir" + + # Consul init script + install -m755 -D "$srcdir"/$pkgname.initd \ + "$pkgdir"/etc/init.d/$pkgname || return 1 + # Consul init conf + install -m644 -D "$srcdir"/$pkgname.confd \ + "$pkgdir"/etc/conf.d/$pkgname || return 1 + # Main binary + install -m750 -o root -g consul \ + -D src/github.com/hashicorp/${pkgname}/bin/${pkgname} \ + "$pkgdir"/usr/sbin/${pkgname} || return 1 + # Consul datadir + install -m750 -o consul -g consul -d "$pkgdir"/var/${pkgname} || return 1 + # Consul configdir + install -m750 -o root -g consul -d "$pkgdir"/etc/${pkgname} || return 1 + # Consul sample config files + for cf in acl.json.sample encrypt.json.sample server.json tls.json.sample; do + install -m640 -o root -g consul "$srcdir"/$cf "$pkgdir"/etc/${pkgname} || return 1 + done + +} + +md5sums="1f69f1c90f3a595c24bbd7d0eecb138b v0.5.0.tar.gz +75c92e72009c39d14a8bfc072024077c 0001-Remove-git-requirement.patch +34adfd50f993e57f5941d77963a23eef consul.initd +9873f8d9a30f788eda9298e89366a1c9 consul.confd +3ecdfa3d217bf8517a2b025da321811d acl.json.sample +3cfcc6f98d15ce3f3ac7021657786ab6 encrypt.json.sample +75a654690d6096987d52796a6e01e405 server.json +11b09a876487013ddd564c152a4e0920 tls.json.sample" +sha256sums="282f561c814fdb1f61106f3bb64b881c8eabc71f79f70f581509714e96f0449a v0.5.0.tar.gz +c7e879bcdd99867f8412661396899cb4ebb7e93bebb0944c0bcc2c464a584de8 0001-Remove-git-requirement.patch +f6caf13d0797f1cdc3d861e3417baa4e4fc3e8beaf5698b278ce514b3af5edac consul.initd +888aaaee84b3d8431526960becfdb123eaf438ae10fa58f59b5520ae0c0d0830 consul.confd +40b230f47a5a52eac87cfea4cdda99125a2136630bdf49d22af0df814201f313 acl.json.sample +927f9b480d4593a9d3dfe5e3e047e30fddc954a83157517135db3f60e7596a6f encrypt.json.sample +1058636fbbe66890c8a04a264f1200572202b205976aa562b07fe86f4faab89f server.json +b404ee9359c6e041cffe98bc4ab0808703bec627ed4a30e44386c7038580b74f tls.json.sample" +sha512sums="8d86b4f9e7cf14aa2bd063a81a459d0bf9953d880901471759dacbb2a920d7143e41dad8a880fb92a1e6fbd250ceeae55dc6138a7da6247bb1ecec7ddd8a8886 v0.5.0.tar.gz +6b83d4a3d16197564f68ccefe126ee9d9ed24fa0186bc55acd8abe5d9949a1cdcf4211034d0457af7426037cec1218ba8e651817128f559f8caef160d7843ff1 0001-Remove-git-requirement.patch +8510cdd05c8fa8e856cbc3806d8851adfebf64f34d7736503e6516050df6c98537e0fe334a28dc8ce2278be87ab7e1c0e09f77f26848bb6fff70f28ff702218a consul.initd +f2c5af74dfcbca2fea8ebea31139d93f44455b93ef17ec611b880d7071af4125615dbbd23969d0d04ca636c26d7b4e7eb97f1266baa89252097f4cbc5173d817 consul.confd +d4310dde63d3b8fc4791124bd255bf2a1402b86d00f6b1732e18b0caedb75eae6c77382e1a48f12469828ef4bb363db4580fb1aafa63fcdc97b1431f6ea96d58 acl.json.sample +ec30ad73c13f9dd5ba15389567436dbf74c24e822cb959c6ccc40a35e36e212313c70f3cf1ccee3f63a7bb98760173d6c2478161a25b85e14dd889a47572aff1 encrypt.json.sample +a8b984db03f0bfb652d541dbdd3f1bc9be22f16cce78f73e495cc54adea1e09e9ac0e2f306ca8436590433c80a2ef824641f790b30aea9acb806b01fcabc918e server.json +8ff5241ca0c195ba23bdd9786b4da81148cd51da429193c6f32b67a8d25e7ba1c12c91e22287e64ab6f02bc511308b2774ed8f768244f78b1ffb54c27fd84d76 tls.json.sample" diff --git a/testing/consul/acl.json.sample b/testing/consul/acl.json.sample new file mode 100644 index 0000000..629e05c --- /dev/null +++ b/testing/consul/acl.json.sample @@ -0,0 +1,8 @@ +# Sample locked down default ACL policy +# Use uuidgen to generate a master_token - Accepts any string format +#{ +# "acl_datacenter": "dc1", +# "acl_master_token": "35629809-57c6-4ef5-a807-b3a23394d57d", +# "acl_default_policy": "deny", +# "acl_down_policy": "deny" +#} diff --git a/testing/consul/consul.confd b/testing/consul/consul.confd new file mode 100644 index 0000000..c06224b --- /dev/null +++ b/testing/consul/consul.confd @@ -0,0 +1,2 @@ +# Consul startup +consul_opts="agent -config-dir=/etc/consul" diff --git a/testing/consul/consul.initd b/testing/consul/consul.initd new file mode 100644 index 0000000..73613d9 --- /dev/null +++ b/testing/consul/consul.initd @@ -0,0 +1,30 @@ +#!/sbin/runscript + +name=consul +daemon=/usr/sbin/$name +daemon_user=$name +daemon_group=$name + +depend() { + need net + after firewall +} + +start() { + ebegin "Starting ${name}" + start-stop-daemon --start --quiet \ + -m --pidfile /var/run/${name}.pid \ + --user ${daemon_user} --group ${daemon_group} \ + -b -1 /dev/null -2 /dev/null \ + -k 027 --exec ${daemon} -- ${consul_opts} + eend $? +} + +stop() { + ebegin "Stopping ${name}" + start-stop-daemon --stop --quiet \ + --pidfile /var/run/${name}.pid \ + --exec ${daemon} + eend $? +} + diff --git a/testing/consul/consul.post-deinstall b/testing/consul/consul.post-deinstall new file mode 100644 index 0000000..a4da5f3 --- /dev/null +++ b/testing/consul/consul.post-deinstall @@ -0,0 +1,7 @@ +#!/bin/sh + +# Delete consul group and user +delgroup consul 2> /dev/null +deluser consul 2> /dev/null +exit 0 + diff --git a/testing/consul/consul.pre-deinstall b/testing/consul/consul.pre-deinstall new file mode 100644 index 0000000..e352a05 --- /dev/null +++ b/testing/consul/consul.pre-deinstall @@ -0,0 +1,6 @@ +#!/bin/sh + +# Stop consul service +rc-service consul stop &> /dev/null +exit 0 + diff --git a/testing/consul/consul.pre-install b/testing/consul/consul.pre-install new file mode 100644 index 0000000..aef4230 --- /dev/null +++ b/testing/consul/consul.pre-install @@ -0,0 +1,7 @@ +#!/bin/sh + +# Create consul group and user +addgroup -S consul 2> /dev/null +adduser -h /var/consul -s /sbin/nologin -G consul -S -D consul 2> /dev/null +exit 0 + diff --git a/testing/consul/encrypt.json.sample b/testing/consul/encrypt.json.sample new file mode 100644 index 0000000..8e8fc89 --- /dev/null +++ b/testing/consul/encrypt.json.sample @@ -0,0 +1,5 @@ +# Enable gossip message encryption +# Use 'consul keygen' to generate a new one +#{ +# "encrypt": "HnAKJceZzkkqiHBkP52iEQ==" +#} diff --git a/testing/consul/server.json b/testing/consul/server.json new file mode 100644 index 0000000..d09b568 --- /dev/null +++ b/testing/consul/server.json @@ -0,0 +1,8 @@ +{ + "data_dir": "/var/consul", + "server": true, + "bootstrap_expect": 1, + "disable_update_check": true, + "disable_remote_exec": true, + "enable_syslog": true +} diff --git a/testing/consul/tls.json.sample b/testing/consul/tls.json.sample new file mode 100644 index 0000000..fda1d0d --- /dev/null +++ b/testing/consul/tls.json.sample @@ -0,0 +1,8 @@ +# Enable RPC encryption with TLS +#{ +# "ca_file": "/etc/consul/ssl/ca_cert.pem", +# "cert_file": "/etc/consul/ssl/server.pem", +# "key_file": "/etc/consul/ssl/server.key", +# "verify_incoming": true, +# "verify_outgoing": true +#} -- cgit v0.10.1 --- Direct patch access here: http://git.mauras.ch/aports/patch/?id=d557e1c4388fda66e422d53e6b5af2a78f056dcf The package follows my article about securing consul https://www.mauras.ch/securing-consul.html and provide sane default config with samples to enable encryption as well as enforced permissions. --- Unsubscribe: alpine-devel+unsubscribe@lists.alpinelinux.org Help: alpine-devel+help@lists.alpinelinux.org ---