~ consul-cluster: fix /etc/consul permissions (777->600)

ref #75
zanedeg · Oct 25, 2015 · 8a72aa5 · 8a72aa5
1 parent c1bf581
commit 8a72aa5
Show file tree

Hide file tree

Showing 10 changed files with 74 additions and 60 deletions.
diff --git a/consul-cluster/aws-beginner-consul-cluster/terraform/instances.tf b/consul-cluster/aws-beginner-consul-cluster/terraform/instances.tf
@@ -25,16 +25,15 @@ resource "aws_instance" "consul_client" {
     Name = "consul_client"
   }
 
-  provisioner "remote-exec" {
+  provisioner "file" {
     connection {
       user     = "ubuntu"
       key_file = "${module.shared.private_key_path}"
       agent    = "false"
     }
 
-    scripts = [
-      "${module.shared.path}/consul/installers/consul_install.sh"
-    ]
+    source      = "${module.shared.path}/consul/consul.d/consul_client.json"
+    destination = "/tmp/consul.json.tmp"
   }
 
   provisioner "file" {
@@ -44,19 +43,21 @@ resource "aws_instance" "consul_client" {
       agent    = "false"
     }
 
-    source      = "${module.shared.path}/consul/consul.d/consul_client.json"
-    destination = "/etc/consul.d/consul.json.tmp"
+    source      = "${module.shared.path}/consul/init/consul.conf"
+    destination = "/tmp/consul.conf"
   }
 
-  provisioner "file" {
+  provisioner "remote-exec" {
     connection {
       user     = "ubuntu"
       key_file = "${module.shared.private_key_path}"
       agent    = "false"
     }
 
-    source      = "${module.shared.path}/consul/init/consul.conf"
-    destination = "/etc/init/consul.conf"
+    scripts = [
+      "${module.shared.path}/consul/installers/consul_install.sh",
+      "${module.shared.path}/consul/installers/consul_conf_install.sh",
+    ]
   }
 
   provisioner "remote-exec" {
@@ -86,16 +87,15 @@ resource "aws_instance" "consul_0" {
     Name = "consul_0"
   }
 
-  provisioner "remote-exec" {
+  provisioner "file" {
     connection {
       user     = "ubuntu"
       key_file = "${module.shared.private_key_path}"
       agent    = "false"
     }
 
-    scripts = [
-      "${module.shared.path}/consul/installers/consul_install.sh"
-    ]
+    source      = "${module.shared.path}/consul/consul.d/consul_server.json"
+    destination = "/tmp/consul.json.tmp"
   }
 
   provisioner "file" {
@@ -105,19 +105,21 @@ resource "aws_instance" "consul_0" {
       agent    = "false"
     }
 
-    source      = "${module.shared.path}/consul/consul.d/consul_server.json"
-    destination = "/etc/consul.d/consul.json.tmp"
+    source      = "${module.shared.path}/consul/init/consul.conf"
+    destination = "/tmp/consul.conf"
   }
 
-  provisioner "file" {
+  provisioner "remote-exec" {
     connection {
       user     = "ubuntu"
       key_file = "${module.shared.private_key_path}"
       agent    = "false"
     }
 
-    source      = "${module.shared.path}/consul/init/consul.conf"
-    destination = "/etc/init/consul.conf"
+    scripts = [
+      "${module.shared.path}/consul/installers/consul_install.sh",
+      "${module.shared.path}/consul/installers/consul_conf_install.sh",
+    ]
   }
 
   provisioner "remote-exec" {
@@ -144,16 +146,15 @@ resource "aws_instance" "consul_1" {
     Name = "consul_1"
   }
 
-  provisioner "remote-exec" {
+  provisioner "file" {
     connection {
       user     = "ubuntu"
       key_file = "${module.shared.private_key_path}"
       agent    = "false"
     }
 
-    scripts = [
-      "${module.shared.path}/consul/installers/consul_install.sh"
-    ]
+    source      = "${module.shared.path}/consul/consul.d/consul_server.json"
+    destination = "/tmp/consul.json.tmp"
   }
 
   provisioner "file" {
@@ -163,19 +164,21 @@ resource "aws_instance" "consul_1" {
       agent    = "false"
     }
 
-    source      = "${module.shared.path}/consul/consul.d/consul_server.json"
-    destination = "/etc/consul.d/consul.json.tmp"
+    source      = "${module.shared.path}/consul/init/consul.conf"
+    destination = "/tmp/consul.conf"
   }
 
-  provisioner "file" {
+  provisioner "remote-exec" {
     connection {
       user     = "ubuntu"
       key_file = "${module.shared.private_key_path}"
       agent    = "false"
     }
 
-    source      = "${module.shared.path}/consul/init/consul.conf"
-    destination = "/etc/init/consul.conf"
+    scripts = [
+      "${module.shared.path}/consul/installers/consul_install.sh",
+      "${module.shared.path}/consul/installers/consul_conf_install.sh",
+    ]
   }
 
   provisioner "remote-exec" {
@@ -202,16 +205,15 @@ resource "aws_instance" "consul_2" {
     Name = "consul_2"
   }
 
-  provisioner "remote-exec" {
+  provisioner "file" {
     connection {
       user     = "ubuntu"
       key_file = "${module.shared.private_key_path}"
       agent    = "false"
     }
 
-    scripts = [
-      "${module.shared.path}/consul/installers/consul_install.sh"
-    ]
+    source      = "${module.shared.path}/consul/consul.d/consul_server.json"
+    destination = "/tmp/consul.json.tmp"
   }
 
   provisioner "file" {
@@ -221,19 +223,21 @@ resource "aws_instance" "consul_2" {
       agent    = "false"
     }
 
-    source      = "${module.shared.path}/consul/consul.d/consul_server.json"
-    destination = "/etc/consul.d/consul.json.tmp"
+    source      = "${module.shared.path}/consul/init/consul.conf"
+    destination = "/tmp/consul.conf"
   }
 
-  provisioner "file" {
+  provisioner "remote-exec" {
     connection {
       user     = "ubuntu"
       key_file = "${module.shared.private_key_path}"
       agent    = "false"
     }
 
-    source      = "${module.shared.path}/consul/init/consul.conf"
-    destination = "/etc/init/consul.conf"
+    scripts = [
+      "${module.shared.path}/consul/installers/consul_install.sh",
+      "${module.shared.path}/consul/installers/consul_conf_install.sh",
+    ]
   }
 
   provisioner "remote-exec" {

diff --git a/consul-cluster/shared/consul/consul.d/consul_client.json b/consul-cluster/shared/consul/consul.d/consul_client.json
@@ -1,8 +1,5 @@
 {
   "node_name": "{{ instance_id }}",
-  "service": {
-    "name": "consul-client"
-  },
 
   "atlas_join": true,
   "atlas_infrastructure": "{{ atlas_username }}/{{ atlas_environment }}",

diff --git a/consul-cluster/shared/consul/consul.d/consul_server.json b/consul-cluster/shared/consul/consul.d/consul_server.json
@@ -1,8 +1,5 @@
 {
   "node_name": "{{ instance_id }}",
-  "service": {
-    "name": "consul"
-  },
 
   "atlas_join": true,
   "atlas_infrastructure": "{{ atlas_username }}/{{ atlas_environment }}",

diff --git a/consul-cluster/shared/consul/consul.d/consul_server_multiregion.json b/consul-cluster/shared/consul/consul.d/consul_server_multiregion.json
@@ -1,8 +1,5 @@
 {
   "node_name": "{{ instance_id }}",
-  "service": {
-    "name": "consul"
-  },
 
   "atlas_join": true,
   "atlas_infrastructure": "{{ atlas_username }}/{{ atlas_environment }}",

diff --git a/consul-cluster/shared/consul/installers/consul_conf_install.sh b/consul-cluster/shared/consul/installers/consul_conf_install.sh
@@ -0,0 +1,6 @@
+#!/bin/bash
+
+set -ex
+
+sudo mv /tmp/consul.conf /etc/init/
+sudo mv /tmp/consul.json.tmp /etc/consul.d/
diff --git a/consul-cluster/shared/consul/installers/consul_install.sh b/consul-cluster/shared/consul/installers/consul_install.sh
@@ -20,9 +20,7 @@ echo "Installing consul..."
 unzip consul.zip
 sudo chmod +x consul
 sudo mv consul /usr/bin/consul
-sudo mkdir -m 777 /etc/consul.d
-sudo chmod a+w /var/log
-sudo chmod a+w /etc/init/
+sudo mkdir -m 0600 /etc/consul.d
 
 # setup consul directories
 sudo mkdir -p /opt/consul/data

diff --git a/consul-cluster/shared/consul/userdata/consul_update.sh.tpl b/consul-cluster/shared/consul/userdata/consul_update.sh.tpl
@@ -5,16 +5,16 @@ set -e
 FILE_FINAL=/etc/consul.d/consul.json
 FILE_TMP=$FILE_FINAL.tmp
 
-sed -i -- "s/{{ region }}/${region}/g" $FILE_TMP
-sed -i -- "s/{{ atlas_token }}/${atlas_token}/g" $FILE_TMP
-sed -i -- "s/{{ atlas_username }}/${atlas_username}/g" $FILE_TMP
-sed -i -- "s/{{ atlas_environment }}/${atlas_environment}/g" $FILE_TMP
+sudo sed -i -- "s/{{ region }}/${region}/g" $FILE_TMP
+sudo sed -i -- "s/{{ atlas_token }}/${atlas_token}/g" $FILE_TMP
+sudo sed -i -- "s/{{ atlas_username }}/${atlas_username}/g" $FILE_TMP
+sudo sed -i -- "s/{{ atlas_environment }}/${atlas_environment}/g" $FILE_TMP
 # Note: consul_bootstrap_expect isn't required for consul clients, only servers.
-sed -i -- "s/{{ consul_bootstrap_expect }}/${consul_bootstrap_expect}/g" $FILE_TMP
+sudo sed -i -- "s/{{ consul_bootstrap_expect }}/${consul_bootstrap_expect}/g" $FILE_TMP
 
 # Note: placeholders below replaced by bash, not the Terraform go template.
 METADATA_INSTANCE_ID=`curl http://169.254.169.254/2014-02-25/meta-data/instance-id`
-sed -i -- "s/{{ instance_id }}/$METADATA_INSTANCE_ID/g" $FILE_TMP
+sudo sed -i -- "s/{{ instance_id }}/$METADATA_INSTANCE_ID/g" $FILE_TMP
 
 sudo mv $FILE_TMP $FILE_FINAL
 sudo service consul start

diff --git a/consul-cluster/shared/packer/consul_client.json b/consul-cluster/shared/packer/consul_client.json
@@ -25,19 +25,24 @@
     {
       "type":        "file",
       "source":      "shared/consul/consul.d/consul_client.json",
-      "destination": "/etc/consul.d/consul.json.tmp"
+      "destination": "/tmp/consul.json.tmp"
     },
     {
       "type":        "file",
       "source":      "shared/consul/init/consul.conf",
-      "destination": "/etc/init/consul.conf"
+      "destination": "/tmp/consul.conf"
+    },
+    {
+      "type":   "shell",
+      "script": "shared/consul/installers/consul_conf_install.sh"
     }
   ],
   "push": {
     "name":     "{{user `atlas_username`}}/{{user `atlas_name`}}",
     "vcs":      false,
     "base_dir": "../../",
     "include": [
+      "shared/consul/installers/consul_conf_install.sh",
       "shared/consul/installers/consul_install.sh",
       "shared/consul/consul.d/consul_client.json",
       "shared/consul/init/consul.conf"

diff --git a/consul-cluster/shared/packer/consul_server.json b/consul-cluster/shared/packer/consul_server.json
@@ -25,19 +25,24 @@
     {
       "type":        "file",
       "source":      "shared/consul/consul.d/consul_server.json",
-      "destination": "/etc/consul.d/consul.json.tmp"
+      "destination": "/tmp/consul.json.tmp"
     },
     {
       "type":        "file",
       "source":      "shared/consul/init/consul.conf",
-      "destination": "/etc/init/consul.conf"
+      "destination": "/tmp/consul.conf"
+    },
+    {
+      "type":   "shell",
+      "script": "shared/consul/installers/consul_conf_install.sh"
     }
   ],
   "push": {
     "name":     "{{user `atlas_username`}}/{{user `atlas_name`}}",
     "vcs":      false,
     "base_dir": "../../",
     "include": [
+      "shared/consul/installers/consul_conf_install.sh",
       "shared/consul/installers/consul_install.sh",
       "shared/consul/consul.d/consul_server.json",
       "shared/consul/init/consul.conf"

diff --git a/consul-cluster/shared/packer/consul_server_multiregion.json b/consul-cluster/shared/packer/consul_server_multiregion.json
@@ -25,19 +25,24 @@
     {
       "type":        "file",
       "source":      "shared/consul/consul.d/consul_server_multiregion.json",
-      "destination": "/etc/consul.d/consul.json.tmp"
+      "destination": "/tmp/consul.json.tmp"
     },
     {
       "type":        "file",
       "source":      "shared/consul/init/consul.conf",
-      "destination": "/etc/init/consul.conf"
+      "destination": "/tmp/consul.conf"
+    },
+    {
+      "type":   "shell",
+      "script": "shared/consul/installers/consul_conf_install.sh"
     }
   ],
   "push": {
     "name":     "{{user `atlas_username`}}/{{user `atlas_name`}}",
     "vcs":      false,
     "base_dir": "../../",
     "include": [
+      "shared/consul/installers/consul_conf_install.sh",
       "shared/consul/installers/consul_install.sh",
       "shared/consul/consul.d/consul_server_multiregion.json",
       "shared/consul/init/consul.conf"