Adoptable Cookbooks List

Looking for a cookbook to adopt? You can now see a list of cookbooks available for adoption!
List of Adoptable Cookbooks

Supermarket Belongs to the Community

Supermarket belongs to the community. While Chef has the responsibility to keep it running and be stewards of its functionality, what it does and how it works is driven by the community. The chef/supermarket repository will continue to be where development of the Supermarket application takes place. Come be part of shaping the direction of Supermarket by opening issues and pull requests or by joining us on the Chef Mailing List.

Select Badges

Select Supported Platforms

Select Status

RSS

consul (77) Versions 3.2.0

Application cookbook which installs and configures Consul.

Policyfile
Berkshelf
Knife
cookbook 'consul', '= 3.2.0', :supermarket
cookbook 'consul', '= 3.2.0'
knife supermarket install consul
knife supermarket download consul
README
Dependencies
Changelog
Quality 83%

Consul Cookbook

Cookbook Version
Build Status
OpenCollective
OpenCollective
License

Application cookbook which installs and configures Consul.

Consul is a tool for discovering and configuring services within your
infrastructure. This is an application cookbook which takes a
simplified approach to configuring and installing
Consul. Additionally, it provides Chef primitives for more advanced
configuration.

Maintainers

This cookbook is maintained by the Sous Chefs. The Sous Chefs are a community of Chef cookbook maintainers working together to maintain important cookbooks. If you’d like to know more please visit sous-chefs.org or come chat with us on the Chef Community Slack in #sous-chefs.

Basic Usage

For most infrastructure we suggest first starting with the default
recipe. This installs and configures Consul from the latest supported
release. It is also what is used to certify platform support through
the use of our integration tests.

This cookbook provides node attributes which are used to fine tune
the default recipe which installs and configures Consul. These values
are passed directly into the Chef resource/providers which are exposed
for more advanced configuration.

Out of the box the following platforms are certified to work and are
tested using our Test Kitchen configuration. Additional platforms
may work, but your mileage may vary.

  • RHEL/CentOS 5.11, 6.8, 7.3
  • Ubuntu 12.04, 14.04, 16.04
  • Debian 7.11, 8.7
  • Windows Server 2012 R2

Client

Out of the box the default recipe installs and configures the Consul
agent to run as a service in client mode. The intent here is that
your infrastructure already has a quorum of servers. In order
to configure Consul to connect to your cluster you would supply an
array of addresses for the Consul agent to join. This would be done
in your wrapper cookbook:

node.default['consul']['config']['start_join'] = %w{c1.internal.corporate.com c2.internal.corporate.com c3.internal.corporate.com}

Server

This cookbook is designed to allow for the flexibility to bootstrap a
new cluster. The best way to do this is through the use of a
wrapper cookbook which tunes specific node attributes for a
production server deployment.

The Consul cluster cookbook is provided as an example.

Advanced Usage

As explained above this cookbook provides Chef primitives in the form
of resource/provider to further manage the install and configuration
of Consul. These primitives are what is used in the default recipe,
and should be used in your own wrapper cookbooks for more
advanced configurations.

Configuration

It is very important to understand that each resource/provider has
defaults for some properties. Any changes to a resource's default
properties may need to be also changed in other resources. The best
example is the Consul configuration directory.

In the example below we're going to change the configuration file from
the default (/etc/consul.json) to one that may be on a special volume.
It is obvious that we need to change the path where consul_config
writes its file to, but it is less obvious that this needs to be
passed into consul_service.

Inside of a recipe in your wrapper cookbook you'll want to do
something like the following block of code. It uses the validated
input from the configuration resource and passes it into the service
resource. This ensures that we're using the same data.

config = consul_config '/data/consul/default.json'
consul_service 'consul' do
  config_file config.path
end

Security

The default recipe makes the Consul configuration writable by the consul service
user to avoid breaking existing implementations. You can make this more secure
by setting the node['consul']['config']['owner'] attribute to root, or set
the owner property of consul_config explicitly:

# attributes file
default['consul']['config']['owner'] = 'root'

or

# recipe file
consul_config '/etc/consul/consul.json' do
  owner 'root'
end

Watches/Definitions

In order to provide an idempotent implementation of Consul
watches and definitions. We write these out as
a separate configuration file in the JSON file format. The provider
for both of these resources are identical in functionality.

Below is an example of writing a Consul service definition for
the master instance of Redis. We pass in several parameters and tell
the resource to notify the proper instance of the Consul service to
reload.

consul_definition 'redis' do
  type 'service'
  parameters(tags: %w{master}, address: '127.0.0.1', port: 6379)
  notifies :reload, 'consul_service[consul]', :delayed
end

A check definition can easily be added as well. You simply have
to change the type and pass in the correct parameters. The definition
below checks memory utilization using a script on a ten second interval.

consul_definition 'mem-util' do
  type 'check'
  parameters(script: '/usr/local/bin/check_mem.py', interval: '10s')
  notifies :reload, 'consul_service[consul]', :delayed
end

A service definition with an integrated check can also be created. You will have to define a regular service and then add a check as a an additional parameter. The definition below checks if the vault service is healthy on a 10 second interval and 5 second timeout.

consul_definition 'vault' do
  type 'service'
  parameters(
    port:  8200,
    address: '127.0.0.1',
    tags: ['vault', 'http'],
    check: {
      interval: '10s',
      timeout: '5s',
      http: 'http://127.0.0.1:8200/v1/sys/health'
    }
  )
  notifies :reload, 'consul_service[consul]', :delayed
end

Finally, a watch is created below to tell the agent to monitor to
see if an application has been deployed. Once that application is
deployed a script is run locally. This can be used, for example, as a
lazy way to clear a HTTP disk cache.

consul_watch 'app-deploy' do
  type 'event'
  parameters(handler: '/usr/local/bin/clear-disk-cache.sh')
  notifies :reload, 'consul_service[consul]', :delayed
end

A keen eye would notice that we are delaying the reload of the Consul
service instance
. The reason we do this is to minimize the number of
times we need to tell Consul to actually reload configurations. If
there are several definitions this may save a little time off your
Chef run.

ACLs

The consul_acl resource allows management of Consul ACL rules. Supported
actions are :create and :delete. The :create action will update/insert
as necessary.

The consul_acl resource requires the Diplomat Ruby API gem to be
installed and available to Chef before using the resource. This can be
accomplished by including consul::client_gem recipe in your run list.

In order to make the resource idempotent and only notify when necessary, the
id field is always required (defaults to the name of the resource).
If type is not provided, it will default to "client". The acl_name
and rules attributes are also optional; if not included they will be empty
in the resulting ACL.

The example below will create a client ACL token with an ID of the given UUID,
Name of "AwesomeApp Token", and Rules of the given string.

consul_acl '49f06aa9-782f-465a-becf-44f0aaefd335' do
  acl_name 'AwesomeApp Token'
  type 'client'
  rules <<-EOS.gsub(/^\s{4}/, '')
    key "" {
      policy = "read"
    }
    service "" {
      policy = "write"
    }
  EOS
  auth_token node['consul']['config']['acl_master_token']
end

Execute

The command-line agent provides a mechanism to facilitate remote
execution. For example, this can be used to run the uptime command
across your fleet of nodes which are hosting a particular API service.

consul_execute 'uptime' do
  options(service: 'api')
end

Warning on git based installs

Consul v1.0 states that Go 1.9 is a requirement. The default go installation uses
1.5, so you may need to override a ['go']['version'] attribute to allow the
git installation to work reliably.

All of the options available on the command-line can be passed
into the resource. This could potentially be a very dangerous
operation. You should absolutely understand what you are doing. By the
nature of this command it is impossible for it to be idempotent.

Contributors

This project exists thanks to all the people who contribute.

Backers

Thank you to all our backers!

https://opencollective.com/sous-chefs#backers

Sponsors

Support this project by becoming a sponsor. Your logo will show up here with a link to your website.

https://opencollective.com/sous-chefs/sponsor/0/website
https://opencollective.com/sous-chefs/sponsor/1/website
https://opencollective.com/sous-chefs/sponsor/2/website
https://opencollective.com/sous-chefs/sponsor/3/website
https://opencollective.com/sous-chefs/sponsor/4/website
https://opencollective.com/sous-chefs/sponsor/5/website
https://opencollective.com/sous-chefs/sponsor/6/website
https://opencollective.com/sous-chefs/sponsor/7/website
https://opencollective.com/sous-chefs/sponsor/8/website
https://opencollective.com/sous-chefs/sponsor/9/website

Change Log

v3.2.0 (2020-01-26)

  • Set default mode of Consul definitions to 640 to avoid ACL tokens leak attack.
  • Added all missing configuration options up to Consul 1.7.0 (#517)
  • Fix the Ruby type for tls_cipher_suites config property (#501, #510)
  • Removed node send in helper.rb (Stop polutiting node object - Collides with hashicorp-vault too. So the practice should be stopped. Added extend to attributes/default
  • Changed testing to be circleci
  • Updated circleci orb to latest - implemented markdown and yaml linting
  • Updated with latest cookstyle
  • Migrate to actions

v3.1.0 (2017-10-12)

Full Changelog

  • Add required ACL token to Windows reload action (#452)
  • Add config options encrypt_verify_incoming, encrypt_verify_outgoing, verify_incoming_https (#459)
  • Add enable_script_checks config param (#462)
  • Update Consul to v0.9.3 & add missing config values for 0.9 releases (#468)
  • Upgrade to nssm v4.x (#464)

v3.0.0 (2017-06-11)

Full Changelog

Fixed bugs:

  • Problems with package install #389
  • upstart: consul info hangs with custom client_addr #355

Closed issues:

  • windows service config file/dir paths not escaped with quotes in NSSM config #448
  • Error message when running the server enable action on windows #436
  • ArgumentError: consul_service[consul] #428
  • Default recipe starts consul with server: true #423
  • Need to add the configuration option for specifying node\_id #418
  • No resource or method named `platform_family?' for ConsulCookbook::Provider::ConsulService #414
  • Need a way to override default application dir. #413
  • Can't enable or reload service #412
  • Be more flexible on configuration accepted by this cookbook #410
  • UI support is not available #409
  • Reload happens before start of service #407
  • When service_user is root and config user is consul, cookbook fails #405
  • Can't use the cookbook with Chef 11 because of firewall cookbook #392
  • Bind consul to a specific IP #391
  • Not able to run consul resource consul_definition as root:root #372
  • dev_mode attribute causes error in startup #367
  • Bump supermarket cookbook version #439
  • restart followed by reload is unnecessary #438

Merged pull requests:

v2.3.0 (2017-01-11)

Full Changelog

Fixed bugs:

  • When ui_dir is set in windows, ui does not work. Separate UI download/extraction seems to not be required for current version of consul on Windows. #339

Closed issues:

  • Update to consul.json does not trigger service restart #381
  • Move from zipfile to poise-archive broke webui provider #377
  • Latest Configuration Changes - New version release? #375
  • Sensitive data in Chef logs #370
  • What happened with the consul data bag? #369
  • Changelog doesn't mention v2.2.0, 2.1.3 or 2.1.1 #366
  • Four failing RSpec tests in master branch #365
  • Add support for Supervisord #363
  • ARM not properly supported #354
  • There is no longer a symlink to consul in /usr/local/bin #351
  • Cut a new release of this cookbook? #347
  • Installation archive URL should be configurable #342
  • consul acl resource is not defaulting to configured consul url and port #338
  • Question: How can a wrapper cookbook specify additional systemd options #314

Merged pull requests:

v2.2.0 (2016-09-27)

Full Changelog

Implemented enhancements:

  • translate_wan_addrs config option not implemented #317

Closed issues:

  • Consul 0.7 is out! #343
  • Restart service instead reload as only few configurations are reloadble. #341
  • consul_service reload on Windows fails #334
  • Service restart on Windows does nothing #333
  • Package custom matchers for testing using ChefSpec #329
  • Restrict config write access #322
  • Delay upstart started event until Consul is ready #318

Merged pull requests:

v2.1.3 (2016-05-18)

Full Changelog

v2.1.2 (2016-05-18)

Full Changelog

v2.1.1 (2016-05-16)

Full Changelog

Implemented enhancements:

  • Finding the Consul executable #311
  • Convert integration tests to use InSpec #303

Closed issues:

  • Consul service should restart instead of reload #307
  • Documentation for Data Bag Setup #238

Merged pull requests:

v2.1.0 (2016-03-18)

Full Changelog

Closed issues:

  • no more web ui? #297
  • Windows 2012 R2 Issue #295

Merged pull requests:

v2.0.0 (2016-03-17)

Full Changelog

Implemented enhancements:

  • sysvinit.service.erb has the consul service log to /dev/null #284
  • Refactor the population of TLS files to wrapper cookbooks? #247

Fixed bugs:

  • Updating consul version does not restart consul #251

Closed issues:

  • Key not found: "consul_0.6.3_linux_amd64" #294
  • where does consul installed through this cookbook write its logs #290
  • restart_on_update considered harmful #288
  • Use 'system' attribute when adding consul user & group #287
  • client config not being created #217
  • AWS Autoscaling #192

Merged pull requests:

v1.5.0 (2016-03-07)

Full Changelog

Closed issues:

  • consul_acl (or Diplomat gem) misbehaving #283
  • Service definition with an integrated check #280
  • Atlas Integration go away with v1? #277
  • default['consul']['config']['bag_name'] broke consul_config #276

Merged pull requests:

  • changing the consul_definition tags to an array #286 (fstradiotti)
  • GH-277 - Adding in atlas centric configuration options #285 (jrnt30)
  • adding service definition with integrated check to readme #281 (fstradiotti)
  • Fix "ConsulAcl" provider when specified "id" doesn't exist #278 (legal90)

v1.4.3 (2016-02-08)

Full Changelog

Merged pull requests:

v1.4.2 (2016-02-08)

Full Changelog

Fixed bugs:

  • Windows Consul service does not start up #273

Merged pull requests:

v1.4.1 (2016-02-05)

Full Changelog

Fixed bugs:

  • consul service user /bin/false shell ? #271

Closed issues:

  • New version? #258
  • consul_ui resource does not work #255

v1.4.0 (2016-02-03)

Full Changelog

Implemented enhancements:

  • Basis for selinux set to disabled #242
  • Consul ACL custom resource #240
  • Windows install on 64-bit fails #236
  • Added Windows Support #259 (Ginja)

Fixed bugs:

  • libarchive error when installing consul on Ubuntu 14.04 #241
  • Unable to override databag attributes #239
  • does not start at boot on CentOS 6 #235
  • Consul systemd unit should wait for network #226

Closed issues:

  • Idempotency #262
  • retry_interval should be a string #244
  • Configuring TLS for RPC #230
  • Update README with what has changed #201

Merged pull requests:

v1.3.2 (2015-11-30)

Full Changelog

Closed issues:

  • Question: Configuring Consul #229

Merged pull requests:

v1.3.1 (2015-10-07)

Full Changelog

Closed issues:

  • Cut a new release? #225

v1.3.0 (2015-10-07)

Full Changelog

Implemented enhancements:

  • web UI install missing since 1.0 #215

Merged pull requests:

v1.2.0 (2015-08-24)

Full Changelog

Closed issues:

  • How to pass extra options since refactor? #209
  • golang upgrade? #207

Merged pull requests:

v1.1.1 (2015-08-13)

Full Changelog

v1.1.0 (2015-08-13)

Full Changelog

Closed issues:

  • regression of allowing http checks #206
  • Write more comprehensive unit tests. #202
  • Update README with new, detailed examples. #200

v1.0.0 (2015-08-06)

Full Changelog

Implemented enhancements:

  • Multiple checks for one service #173
  • Add HWRPs for installing and managing consul. #126 (johnbellone)

Merged pull requests:

  • Fix directory permissions on config_dir and data_dir #205 (ewr)
  • Remove references to "quicks_mode" in JSON generation #204 (ewr)

v0.11.1 (2015-07-25)

Full Changelog

Merged pull requests:

v0.11.0 (2015-07-23)

Full Changelog

Implemented enhancements:

  • Windows: resolved merge conflicts and added tests #196 (gdavison)

Fixed bugs:

  • chown resource executes every run, even when not changing anything #191
  • Sensitivity to HUP during launch #125

Closed issues:

  • Anything chef-brigade can do to help? #197
  • Kitchen tests failing on master (commit a8d3060) #194

Merged pull requests:

v0.10.1 (2015-07-10)

Full Changelog

Implemented enhancements:

  • consul systemd hangs at 'create symlink at /etc/service/consul to /etc/sv/consul' on Centos70 #168
  • ui-dir not in config template #131
  • Add support for Consul 0.5.0 and Atlas auto-join #135 (shanesveller)

Fixed bugs:

  • Error executing action extract on resource 'libarchive_file[consul.zip]' #170
  • Missing package on RHEL7 AWS #165
  • Databag item 'ca_file' misnamed #124
  • Wrong user used for services when using upstart #96

Closed issues:

  • Release Tag for 0.10.0 #187
  • HTML tables are garbage, use markdown #186
  • Missing checksum for 0.5.2 #185
  • Windows support #184
  • Question - How to use consul_check #182
  • Gossip/TLS encryption node attributes still requires consul data_bag, encrypt item, secret #151
  • server v cluster semantics unclear to new user / "Getting Started" under-discoverable #149

Merged pull requests:

v0.10 (2015-06-04)

Full Changelog

v0.10.0 (2015-06-04)

Full Changelog

Implemented enhancements:

Closed issues:

  • Question - How to do different configs on different servers #177
  • consul::ui doesn't start with UI process #175
  • Broken SysVinit script -- Consul fails to start on RHEL platforms (Amazon Linux, CentOS, etc.) #150

Merged pull requests:

v0.9.1 (2015-03-30)

Full Changelog

Merged pull requests:

  • Lock libarchive cookbook version to maintain Chef 11 compatibility #156 (agperson)

0.9.0 (2015-03-17)

Full Changelog

Implemented enhancements:

Closed issues:

  • Consul fails to restart with access denied error if the consul user is change #140
  • Is the chef-provisioning cookbook a dependency? #139
  • chef-provisioning should not be a dependency #137
  • Add 0.5.0 checksums #136
  • consul::ui recipe is failing to converge with Errno::EISDIR #133

Merged pull requests:

v0.8.3 (2015-02-14)

Full Changelog

Merged pull requests:

v0.8.2 (2015-02-11)

Full Changelog

Closed issues:

  • Kill on incomplete shutdown #128
  • Add support for dnsmasq #89

Merged pull requests:

v0.8.1 (2015-02-06)

Full Changelog

Merged pull requests:

  • correction to EL init template for active binary and config dir argument... #123 (paulysullivan)

v0.8.0 (2015-02-06)

Full Changelog

Closed issues:

  • install_binary breaks upgrade #116
  • extra_params doesn't merge #111

Merged pull requests:

  • remove unit tests which describe exactly what the code describes #122 (reset)
  • Upgradeable Consul Binary #121 (reset)
  • Fix quoting of bootstrap_expect in README #112 (jhmartin)
  • Make upstart script respawn consul on crash #108 (tgwizard)

v0.7.1 (2015-01-24)

Full Changelog

Merged pull requests:

v0.7.0 (2015-01-23)

Full Changelog

Implemented enhancements:

  • Create a new provider "check_def" #66
  • Implementing bootstrap-expect #31

Fixed bugs:

  • Should check_def create the file using the id property instead of name? #99
  • Install from source fails integration tests #41

Closed issues:

  • Every NEW node will fail at first chef-client #97
  • Allow to use retry_join instead of start_join #93

Merged pull requests:

v0.6.0 (2014-12-11)

Full Changelog

Implemented enhancements:

Closed issues:

  • Interest in Key/Value LWRP #77
  • /etc/sysconfig does not exist on Ubuntu 14.04 #63
  • Write HOWTO #49

Merged pull requests:

0.5.1 (2014-11-06)

Full Changelog

Implemented enhancements:

  • GOMAXPROCS picks number of CPUs using sysconfig - Also updated Serverspec to 2.0 #52 (goncalopereira)

Closed issues:

  • The service consul is not present and restart fail #76
  • Doesn't restart on configuration change #72
  • Stop Consul With SIGINT #47
  • Create consul_directories in install_* recipes #40

Merged pull requests:

0.4.3 (2014-09-19)

Full Changelog

v0.4.3 (2014-09-19)

Full Changelog

Closed issues:

  • Publish v0.4.2 #45
  • Installation fails with ERROR: service[consul] (consul::_service line 112) had an error: Chef::Exceptions::Service: service[consul]: unable to locate the init.d script! #33
  • Add service LWRP example #23

Merged pull requests:

v0.4.2 (2014-09-15)

Full Changelog

Merged pull requests:

  • Correct LWRP examples #44 (johntdyer)
  • Recipe names in readme were wrong #43 (johntdyer)
  • Update for 0.4.0 #42 (johntdyer)
  • fix for #31 , implements support for bootstrap-expect and now creates the data_dir #39 (ravaa)
  • Fix resource order to suppress error when service start before create default.json. #38 (Sheile)

v0.3.1 (2014-08-29)

Full Changelog

Closed issues:

  • Repoforge dependency #30
  • Ark version #28

Merged pull requests:

v0.3.0 (2014-07-04)

Full Changelog

Merged pull requests:

  • add service_def LWRP #20 (reset)
  • bump binary installed version of consul to 0.3.0 #19 (reset)
  • minor refactorings #18 (reset)
  • Fix service_group attribute reference in README #17 (databus23)
  • Add support for runit #16 (webcoyote)
  • support more configuration parameters #15 (bkw)
  • Reload on changes #14 (bkw)
  • support reload via init #13 (bkw)
  • use configfile instead of hardcoding values into init file #12 (bkw)
  • remove superfluous subdir consol_ui #11 (bkw)
  • Remove 0.2 #10 (bkw)

v0.2.2 (2014-05-31)

Full Changelog

Fixed bugs:

  • Source installs are broken #1

Merged pull requests:

v0.2.0 (2014-05-09)

Full Changelog

Closed issues:

  • Binary installs broken on centos #2

Merged pull requests:

  • Fix a wrong attribute definition #6 (jemiam)
  • Fix issues with source install #5 (jemiam)
  • Add default recipe which installs and starts consul as a service #4 (kevinreedy)
  • Update README.md #3 (ijin)

* This Change Log was automatically generated by github_changelog_generator

Collaborator Number Metric
            

3.2.0 passed this metric

Contributing File Metric
            

3.2.0 passed this metric

Foodcritic Metric
            

3.2.0 failed this metric

FC109: Use platform-specific package resources instead of provider property: consul/libraries/consul_installation_package.rb:42
FC109: Use platform-specific package resources instead of provider property: consul/libraries/consul_installation_package.rb:53
Run with Foodcritic Version 14.3.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any

No Binaries Metric
            

3.2.0 passed this metric

Testing File Metric
            

3.2.0 passed this metric

Version Tag Metric
            

3.2.0 passed this metric