consul-template launch command at startup
121 views
Skip to first unread message
Marc CESARINE
Apr 20, 2018, 12:09:03 AM4/20/18
to Consul
Hi,
I'm using consul-template to generate iptable config file than I activate using iptables-restore command.
My configuration is working fine in this use-case :
- No iptable config file (or content not fresh)
- Starting consul-template process
- consul-template generates/updates iptables config file
- consul template launchs iptables-restore command because it created/modified file
But if at consul-template startup, iptables config file is already filled with correct data, consul-template will not launch command (as it didn't modify/create file).
But even if my iptables file is correctly filled, my iptables state can be wrong (or empty).
So to ensure my iptables state is always same as file when consul-template is running, I need consul-template to always launch command at startup even if destination config file was already good.
Do you know if there is a way to get this behaviour in last version of consul-template ?
I'm using 0.19.4 actually ;)
Regards,
Marc Cesarine
I'm using consul-template to generate iptable config file than I activate using iptables-restore command.
My configuration is working fine in this use-case :
- No iptable config file (or content not fresh)
- Starting consul-template process
- consul-template generates/updates iptables config file
- consul template launchs iptables-restore command because it created/modified file
But if at consul-template startup, iptables config file is already filled with correct data, consul-template will not launch command (as it didn't modify/create file).
But even if my iptables file is correctly filled, my iptables state can be wrong (or empty).
So to ensure my iptables state is always same as file when consul-template is running, I need consul-template to always launch command at startup even if destination config file was already good.
Do you know if there is a way to get this behaviour in last version of consul-template ?
I'm using 0.19.4 actually ;)
Regards,
Marc Cesarine
J. Konrad Tegtmeier-Rottach
Apr 20, 2018, 3:57:20 PM4/20/18
to consu...@googlegroups.com
Hi,
Have you considered leveraging your system's service manager (ex
systemd) to do a reload of iptables runtime state on system (or
consul-template) startup, or when runtime state may be corrupted?
This would allow loading a correct file if it exists. Any further
consul-based change to the file would then be picked up by
consul-template, by running a normal iptables-restore.
Regards,
KT
Have you considered leveraging your system's service manager (ex
systemd) to do a reload of iptables runtime state on system (or
consul-template) startup, or when runtime state may be corrupted?
This would allow loading a correct file if it exists. Any further
consul-based change to the file would then be picked up by
consul-template, by running a normal iptables-restore.
Regards,
KT
Marc CESARINE
Apr 20, 2018, 4:19:04 PM4/20/18
to Consul
This is what I'm doing right now with systemd.
But to achieve this I need to maintain unit files dedicated to launch iptables restore when I start consul-template.
It sounds cleaner to me to just have to maintain one place related to this config file usage (consul-template config).
For example if We were able to set a parameter in template part of consul-template json config, it would fit exactly what I need ;)
But to achieve this I need to maintain unit files dedicated to launch iptables restore when I start consul-template.
It sounds cleaner to me to just have to maintain one place related to this config file usage (consul-template config).
For example if We were able to set a parameter in template part of consul-template json config, it would fit exactly what I need ;)
Reply all
Reply to author
Forward
0 new messages