git2consul takes one or many git repositories and mirrors them into Consul KVs. The goal is for organizations of any size to use git as the backing store, audit trail, and access control mechanism for configuration changes and Consul as the delivery mechanism.
npm install git2consul
- git2consul does most of its Git work by shelling out to git. Git must be installed and on your path.
- git2consul does the rest of its work by calling Consul's REST API. A Consul agent must be running on localhost.
- git2consul requires write access to the KV store of its Consul agent.
- git2consul has only been tested on Unix.
Let's start off with a simple example to show you how it works. You can use this as a starting point and then tailor it to your use-case.
I've created a simple repo with a few sample configuration files of different types. Of course, I could have used thousands of files with arbitrarily nested directories, but this is a quick start guide.
The most minimalistic viable git2consul configuration mirrors a single git repo into the KV store with a given prefix. Here's how that would look mirroring the dev branch at https://github.com/ryanbreen/git2consul_data.git into the Consul K/V store with prefix sample_configuration:
{
"version": "1.0",
"repos" : [{
"name" : "sample_configuration",
"url" : "https://github.com/ryanbreen/git2consul_data.git",
"branches" : ["dev"],
"hooks": [{
"type" : "polling",
"interval" : "1"
}]
}]
}Put that configuration in a file called /tmp/git2consul.json. From the git2consul directory, upload that JSON file into the KV as your git2consul config:
node utils/config_seeder.js /tmp/git2consul.json
Start git2consul:
node .
git2consul will now poll the "dev" branch of the "git2consul_data.git" repo once per minute. On first run, it will mirror the 3 files into your Consul K/V with keys:
/sample_configuration/dev/sample.conf
/sample_configuration/dev/sample.json
/sample_configuration/dev/sample.yaml
The Values of those Keys are the contents of the respective files. Changing the contents of that git branch will change the corresponding KVs within 1 minute.
Once you are happy with your configuration, you can run git2consul as a daemon either in a screen session or via an init script of whatever type is appropriate on your platform.
git2consul expects to be run on the same node as a Consul agent. git2consul expects its own configuration to be stored as a JSON object in '/git2consul/config' in your Consul KV. The utility utils/config_seeder.js will take a JSON file and set /git2consul/config to contain its contents.
{
"version": "1.0",
"local_store": "/var/lib/git2consul_cache",
"logger" : {
"name" : "git2consul",
"streams" : [{
"level": "trace",
"stream": "process.stdout"
},
{
"level": "debug",
"type": "rotating-file",
"path": "/var/log/git2consul/git2consul.log"
}]
},
"repos" : [{
"name" : "vp_config",
"url" : "ssh://stash.mydomain.com/team_configuration_data.git",
"include_branch_name" : false,
"mountpoint": "nested/root/for/keys",
"branches" : ["development", "staging", "production"],
"hooks": [{
"type" : "stash",
"port" : "5050",
"url" : "/gitpoke"
},
{
"type" : "polling",
"interval" : "1"
}]
},{
"name" : "github_data",
"mode" : "expand_keys",
"url" : "[email protected]:ryanbreen/git2consul_data.git",
"branches" : [ "master" ],
"hooks": [{
"type" : "github",
"port" : "5151",
"url" : "/gitpoke"
}]
}]
}The above example illustrates a 2 repo git2consul setup: one repo lives in an on-premises Git solution and the other is hosted at Github. The hooks array under each repository defines how git2consul will be notified of changes. git2consul supports Atlassian Stash, Atlassian Bitbucket, GitHub, and Gitlab webhooks as well as a basic polling model.
Note that multiple webhooks can share the same port. The only constraint is that webhooks for different repos do not share the same port and path.
The above example also logs to stdout as well as to file. Logging is handled via Bunyan. The value of the logger property is passed to the Bunyan createLogger() method, so any configuration supported by vanilla Bunyan will work out of the box in git2consul.
git2consul uses the name and branches of configured repos to namespace the created KVs. The goal is to allow multiple teams to use the same Consul agents and KV store to migrate configuration data around a network without needing to worry about data conflicts. In the above example, a settings file stored at foo_service/settings.json in the development branch of the repo vp_config would be persisted in Consul as vp_config/development/foo_service/settings.json.
If you are using a more Twelve-Factor approach, where you wish to configure your applications via environment variables, you would store these settings as files in Git whose name is the key and whose body is the value. For example, we could create the file foo_service/log_level with the body trace in the development branch of the foo_service repo and git2consul will create the KV vp_config/development/foo_service/log_level with the value trace.
As changes are detected in the specified Git repos, git2consul determines which files have been added, updated, or deleted and replicates those changes to the KV. Because only changed branches and files are analyzed, git2consul should have a very slim profile on hosting systems.
If there are no webhooks or polling watchers configured, git2consul will terminate as soon as all tracked repos and branches have been synced with Consul. If you would like to force git2consul not to attach any webhooks or polling watchers, you can either pass the command-line switch -n or include the field "no_daemon": true at the top level of your config JSON.
If you would like git2consul to shutdown every time its configuration changes, you can enable halt-on-change with the command-line switch -h or inclusion of the field "halt_on_change": true at the top level of your config JSON. If this switch is enabled, git2consul will wait for changes in the config (which is itself stored in Consul) and gracefully halt when a change is detected. It is expected that your git2consul process is configured to run as a service, so restarting git2consul is the responsibility of your service manager.
If you would like git2consul to treat JSON documents in your repo as fully formed subtrees, you can enable expand_keys mode via inclusion of the field "expand_keys": true at the top level of the repo's configuration. If this mode is enabled, git2consul will treat any valid JSON file (that is, any file with extension ".json" that parses to an object) as if it contains a subtree of Consul KVs. For example, if you have the file root.json in repo expando_keys with the following contents:
{
'first_level' : {
'second_level' : {
'third_level' : {
'you get the picture' : 'right?'
}
}
}
}git2consul in expand_keys mode will generate the following KV:
/expando_keys/root.json/first_level/second_level/third_level/you%20get%20the%20picture
The value in that KV pair will be right?.
A few notes on how this behaves:
-
Any arrays in your JSON file are ignored. Only objects and primitives are transformed into keys.
-
Expanded keys are URI-encoded. The spaces in "you get the picture" are thus converted into
%20. -
Any non-JSON files, including files with the extension ".json" that contain invalid JSON, are stored in your KV as if expand_keys mode was not enabled.
include_branch_name is a repo-level option instructing git2consul to use the branch name as part of the key prefix. Setting this option to false will omit the branch name.
A mountpoint is a repo-level option instructing git2consul to prepend a string to the key name. By default, git2consul creates keys at the root of the KV store with the repo name being a top-level key. By setting a mountpoint, you define a prefix of arbitrary depth that will serve as the root for your key names. When building the key name, git2consul will concatenate mountpoint, repo name, branch name (assuming include_branch_name is true), and the path of the file in your git repo.
Note: mountpoints can neither begin or end in with the character '/'. git2consul will reject your repo config if that's the case.
A client system should query Consul for the subset of the KV containing the data relevant to its operation. To extend the above example, our foo_service on the development network might subscribe to the KV root vp_config/development/foo_service and emit any changes to disk (via something like fsconsul) or environment variables (via something like envconsul).
If you are using tokens for ACLs, you can pass a token to git2consul by specifying the TOKEN environment variable. git2consul requires read/write access to your KV. The purpose of git2consul is to treat git as the single source of truth for KVs, so it typically makes the most sense to give all other users a read-only token to the KV.
Builds are automatically run by Travis on any push or pull request.
Coverage is run automatically by Travis and uploaded to coveralls.io.
Apache 2.0