confd
README version 0.2.0
confd
is a lightweight configuration management tool focused on:
- keeping local configuration files up-to-date by polling etcd and processing template resources.
- reloading applications to pick up new config file changes
Getting Started
Installing confd
Download the latest binary from Github.
Building
You can build confd from source:
git clone https://github.com/kelseyhightower/confd.git
cd confd
go build
This will produce the confd
binary in the current directory.
Usage
The following commands will process all the template resources found under /etc/confd/conf.d
.
Poll the etcd cluster in 30 second intervals
The "/production" string will be prefixed to keys when querying etcd at http://127.0.0.1:4001.
confd -interval 30 -prefix '/production' -node 'http://127.0.0.1:4001'
Same as above in noop mode
confd -interval 30 -prefix '/production' -node 'http://127.0.0.1:4001' -noop
Single run without polling
Using default settings run one time and exit.
confd -onetime
Client authentication
Same as above but authenticate with client certificates.
confd -onetime -client-key /etc/confd/ssl/client.key -client-cert /etc/confd/ssl/client.crt
Lookup etcd nodes using SRV records
dig SRV _etcd._tcp.confd.io
...
;; ANSWER SECTION:
_etcd._tcp.confd.io. 300 IN SRV 1 50 4001 etcd0.confd.io.
_etcd._tcp.confd.io. 300 IN SRV 2 50 4001 etcd1.confd.io.
confd -srv-domain example.com -etcd-scheme https
confd would connect to the nodes at ["https://etcd0.confd.io:4001", "https://etcd1.confd.io:4001"]
Configuration
The confd configuration file is written in TOML
and loaded from /etc/confd/confd.toml
by default.
Optional:
debug
(bool) - Enable debug logging.
client_cert
(string) The cert file of the client.
client_key
(string) The key file of the client.
confdir
(string) - The path to confd configs. The default is /etc/confd.
etcd_nodes
(array of strings) - An array of etcd cluster nodes. The default
is ["http://127.0.0.1:4001"].
etcd_scheme
(string) - The etcd scheme to use. Must be 'http' or 'https'
interval
(int) - The number of seconds to wait between calls to etcd. The
default is 600.
noop
(bool) - Enable noop mode. Process all template resource, but don't update target config.
prefix
(string) - The prefix string to prefix to keys when making calls to
etcd. The default is "/".
quiet
(bool) - Enable quiet logging. Only error messages are printed.
srv_domain
(string) - The domain to query for etcd SRV records.
verbose
(bool) - Enable verbose logging.
Example:
[confd]
confdir = "/etc/confd"
interval = 600
prefix = "/"
etcd_nodes = [
"http://127.0.0.1:4001",
]
client_cert = "/etc/confd/ssl/client.crt"
client_key = "/etc/confd/ssl/client.key"
Template Resources
Template resources are written in TOML and define a single template resource.
Template resources are stored under the confdir/conf.d
directory.
Required:
dest
(string) - output file where the template should be rendered.
keys
(array of strings) - An array of etcd keys. Keys will be looked up
with the configured prefix.
src
(string) - relative path of a the configuration template.
Optional:
group
(string) - name of the group that should own the file.
mode
(string) - mode the file should be in.
owner
(string) - name of the user that should own the file.
reload_cmd
(string) - command to reload config.
check_cmd
(string) - command to check config. Use {{ .src }}
to reference
the rendered source template.
Example:
[template]
src = "nginx.conf.tmpl"
dest = "/etc/nginx/nginx.conf"
owner = "root"
group = "root"
mode = "0644"
keys = [
"/nginx",
]
check_cmd = "/usr/sbin/nginx -t -c {{ .src }}"
reload_cmd = "/usr/sbin/service nginx restart"
Templates
Templates define a single application configration template.
Templates are stored under the confdir/templates
directory.
Templates are written in Go's text/template
.
Etcd keys are treated as paths and automatically transformed into keys for retrieval in templates. Underscores are used in place of forward slashes. Values retrived from Etcd are never modified.
For example /foo/bar
becomes foo_bar
.
foo_bar
is accessed as {{ .foo_bar }}
Example:
$ etcdctl set /nginx/domain 'example.com'
$ etcdctl set /nginx/root '/var/www/example_dotcom'
$ etcdctl set /nginx/worker_processes '2'
$ cat /etc/confd/templates/nginx.conf.tmpl
:
worker_processes {{ .nginx_worker_processes }};
server {
listen 80;
server_name www.{{ .nginx_domain }};
access_log /var/log/nginx/{{ .nginx_domain }}.access.log;
error_log /var/log/nginx/{{ .nginx_domain }}.log;
location / {
root {{ .nginx_root }};
index index.html index.htm;
}
}
Will produce /etc/nginx/nginx.conf
:
worker_processes 2;
server {
listen 80;
server_name www.example.com;
access_log /var/log/nginx/example.com.access.log;
error_log /var/log/nginx/example.com.error.log;
location / {
root /var/www/example_dotcom;
index index.html index.htm;
}
}
Go's text/template
package is very powerful. For more details on it's capabilities see its documentation.
Configuration Management