If the output file does not exist on disk, Consul Template will create a new file with the default permissions. For sensitive information, this may not be the desired behavior. This change would add an optional 4th parameter: mode, which is the octal representation of the file permissions on disk.

consul-template \
  -template "in.ctmpl:out.txt:some command:644"

or in the Config:

template {
  Source  = "in.ctmpl"
  Destination = "out.txt"
  Command = "some command"
  FilePermissions = "644"
}

This:

{{range keyPrefix "haproxy/tcp/frontend"}}
{{.Key}} {{.Value}}{{end}}

produces this:

haproxy/tcp/frontend/mysql-offline/acl/mysql_offline_dead nbsrv(offline) lt 1
haproxy/tcp/frontend/mysql-offline/acl/
haproxy/tcp/frontend/mysql-offline/bind *:3307
haproxy/tcp/frontend/mysql-offline/default_backend offline
haproxy/tcp/frontend/mysql-offline/maxconn 2000

while expecting something along:

bind *:3307
default_backend offline
maxconn 2000

It would also be useful if there was no recursion down subdirs (or at least an option to avoid that), so that one could use nesting (think multiple acl lines in haproxy config, differing between services).

If you pass the -template argument multiple times on the CLI, it will keep track of each one and update it as necessary. If you create a single .hcl file with multiple template blocks, the same result happens. However, if you pass consul-template a directory containing multiple .hcl files, each file with a template block, then consul-template seems to merge those template blocks and only render one.

After speaking with armon on IRC, this appears to be a bug.

The following block of text in the examples lead me to believe that the Service Dependency would support a range across all DCs.

The tag, datacenter and port attributes are optional. To query all nodes in the "webapp" service (regardless of tag, datacenter, etc)

The documentation should be updated to make it more clear that without the datacenter qualifier the dependency will instead default to the current DC.

We were attempting to dynamically add in ranges per DC in a somewhat "creative" solution to allow a single template to service a dynamic number of DCs. We are massing the output from the /v1/catalog/datacenters endpoint into a JSON file to indicate the DC's health/addressability of the DC and attempting to use this file in conditionals to add in the range or not.

What we've observed is the dependency graph does not get properly generated when the range is inside a conditional block that is reliant upon the parsed JSON.

Note: I don't know how feasible it would be, but allowing the creation of a dependency against a DC that currently does not exist would fix this issue by simply removing the need to do the conditional in the first place.

Given the contents of dcs.json are:

{
  "us-east-1":true, 
  "us-west-2":false
}

Fails when conditional is based solely on the dynamic value via the file pipeline/parsed JSON

{{ with $dcs := file "dcs.json" | replaceAll "-" "_" | parseJSON }}
  {{if $dcs.us_east_1}}
    {{ range service "consul@us-east-1"}}node {{.Node}}{{end}}
  {{end}}
  {{if $dcs.us_west_2}}
    us-west-2 SHOULDN'T APPEAR
  {{end}}
{{end}}

Works "properly" because the dependency was created outside conditional, however not really an option because adding in a range to a non-addressable DC abends the consul-template

{{ range service "consul@us-east-1"}}{{end}}
{{ with $dcs := file "dcs.json" | replaceAll "-" "_" | parseJSON }}
  {{if $dcs.us_east_1}}
    {{ range service "consul@us-east-1"}}node {{.Node}}{{end}}
  {{end}}
  {{if $dcs.us_west_2}}
    us-west-2 SHOULDN'T APPEAR
  {{end}}
{{end}}

Works properly with non-dynamic conditional

{{ with $dcs := true }}
  {{if $dcs }}
    {{ range service "consul@us-east-1"}}node {{.Node}}
    {{end}}
  {{end}}
{{end}}

Option to specify config directory instead of a single file.

-config=/etc/consul-template/conf/ -consul=127.0.0.1:8500

With this option, we might require that the consul address be specified on the command line and ignore the key in the files since I think consul template can currently only maintain a connection to 1 client at a time.

I got this panic, I'm still trying to figure out what config is causing it:

panic: runtime error: invalid memory address or nil pointer dereference
[signal 0xb code=0x1 addr=0x0 pc=0x493e00]

goroutine 28 [running]:
runtime.panic(0x75c060, 0x98c8b3)
    /usr/local/Cellar/go/1.3.3/libexec/src/pkg/runtime/panic.c:279 +0xf5
github.com/hashicorp/consul-template/util.(*WatchData).poll(0xc20808ae40, 0xc2080046c0)
    /Users/sethvargo/Development/go/src/github.com/hashicorp/consul-template/util/watcher.go:160 +0x350
github.com/hashicorp/consul-template/util.func·002(0xc20808ae40)
    /Users/sethvargo/Development/go/src/github.com/hashicorp/consul-template/util/watcher.go:85 +0x64
created by github.com/hashicorp/consul-template/util.(*Watcher).Watch
    /Users/sethvargo/Development/go/src/github.com/hashicorp/consul-template/util/watcher.go:86 +0x392

If you provide a template with just static text consul-template returns this error:
2014/10/22 22:51:57 DEBUG creating Runner
2014/10/22 22:51:57 DEBUG creating Consul API client
2014/10/22 22:51:57 DEBUG creating Watcher
2014/10/22 22:51:57 [ERR] watcher: must supply at least one Dependency

This would probably never happen in practice but it's a difficult error to debug.

Hi,

I'm using consul-template (with {{range service "api"}}) to generate my HAProxy configuration and everything is working fine.

I recently added node health checks. Now, when there is a memory warning on the node, the "api" service from that node gets dropped from the HAProxy configuration.

It looks like - and this is probably by design - when some checks on the node warn or fail, the services on the machine are considered "not passing" too.

In my use case, I don't want a memory warning on the node dropping the services from HAProxy. And I can't use the "any" option because I don't want nodes having critical states to show up in my HAProxy config file.

Is there a workaround for this? I checked to see if I could use conditionals in the templates, but the Status is not exposed (and it's not the service's status that fails anyway).

Example node health:

$ curl localhost:8500/v1/health/node/api1

[
    {
        "CheckID": "mem",
        "Name": "mem",
        "Node": "api1",
        "Notes": "",
        "Output": "",
        "ServiceID": "",
        "ServiceName": "",
        "Status": "warning"
    },
    {
        "CheckID": "service:api",
        "Name": "Service 'api' check",
        "Node": "api1",
        "Notes": "",
        "Output": "",
        "ServiceID": "api",
        "ServiceName": "api",
        "Status": "passing"
    }
]

Since it is fairly common for keys to store JSON, it would be great to provide a json function that would automatically decode the JSON into a usable struct:

Potential examples:

{{with whatever := json key "service/consul-replicate/status@sfo1"}}

{{with status := key "service/consul-replicate/status@sfo1"}}
{{with parsed := json status}}
UpdatedAt: {{.LastReplicated}}
{{end}}
{{end}}

There is a really weird bug I have encountered sporadically when testing Consul Template manually. It seems that sometimes the file is only partially written and that data at the end of the file is persisted. I believe this must have something to do with file.sync() or file.close().

I get the error "invalid key dependency format" when I try to output a key containing a colon: {{key "myapp/vagrant-ubuntu-trusty-64:loving_elion:80/cname"}}

consul itself doesn't seem to have a problem with the colon. The service-id's generated by registrator contain colons, so working around this will be cumbersome.

In case consul-template process is restarted it would regenerate all configs and invoke defined commands which would needlessly restart services etc...
If consul-template would track all consul kv/service modifyIndex used in teplates and dump them so some statefile each time blocking call returns with modified index of some key, and load this file on startup if it exists , that would be amazing :)

Here's what I've done:

https://gist.github.com/darron/5c3b84036f6aad0eb43a

And key2 is definitely gone:

http://shared.froese.org/2014/2n411-12-23.jpg

Am I missing something? Or is there a bug here?

Thanks for all your work already - it looks like a great solution to a few problems I'm working on.

I get this warning on files that do not contain any consul-template instructions

[WARN] (watcher) no dependencies in template(s)

In this situation, consul-template does not generate the output file. It would be nice if it did so.

If consul returns a key which is "empty" for ls, we should not include it in the set (refs #53)

Some way to list all services registered in Consul filtering by tag and DC would be handy.

How would I go about running consul-template inside a container along side my python app, for example.

Use supervisor, or?

Thanks

I'm trying to grab a range of keys using {{range ls "path"}} and then iterate over those, using something like: {{range ls "path/$key"}} but can't find a way to make this work.
I've gone as far as create the following:

{{range ls "haproxy/tcp/frontend"}}
{{$y := .Key | printf "haproxy/tcp/frontend/%s" }}
y = {{$y}}
{{range ls $y}}
{{.Key}}
{{end}}
{{end}}

But that doesn't work either (though $y does contain the correct path). Nesting of {{}} doesn't work either.
Without this capability, use of ranges is quite limited. If there's a way to achieve this that I'm missing, I'd love to know how!

I have config files used by some apps and consul-template can generate them just fine (especially after the #39 - tnx a lot for this).

My current issue is that i can only take one action then template is rendered - full restart of the relevant app. But I would like to go further, depending on what has changed in template i want to take different actions. I know i can split one config template into multiple templates where each one will make different action if rendered. But i was wondering if its technically possible to do this with one template and specify action command next to template functions for example smthing like this:

{{key "service/redis/maxconns@east-aws" command:"/some/command"}}
{{key "service/redis/minconns@east-aws" command:"/another/command"}}

in case more that one keys/services with different command has changed , all command would be executed.

I have the following key structure:

mysql-offline => ""
mysql-online => ""
mysql-offline/
mysql-online/

The following template:

{{range ls "haproxy/tcp/frontend@chidc2"}}
|-{{.Key}}-|
{{end}}

Generates the following output:

|-mysql-offline-|

|-mysql-online-|

|--|

and if further dirs are added in that path, additional "empty keys" appear as well. The expected behavior is that no empty keys will appear at all.

Let's say I have a template like this:

backends{{range service "consul"}}
    server {{.Address}} {{.Node}}{{end}}

And for some reason, none of the consul nodes are healthy. The API would query and consulapi would return an empty service list. The rendered template would be:

backends

This could, theoretically, cause a restart of the service and everything could die 😦. What is the right behavior in this case? Should we push that off to the user?

/cc @mitchellh @armon

Need to investigate the following cases and write tests to ensure Consul Template behaves correctly:

• Containing folder for output file does not exist
• Output file does not exist
• Output file exists but is not writable by the current user (perms and locked)
• Output file retains original permissions if they exist

Would like the ability to use Consul's ability to query nodes in addition to services.

http://www.consul.io/docs/agent/http.html#catalog

I'd rather not have different config files for different datacenters.

The inclusion of the parentheses in the following example for file is incorrect

{{(with $d := key "user/info" | parseJSON)}}{{$d.name}}{{end}}

that results in

unexpected in parenthesized pipeline

A request came up in IRC on #consul for some basic ToUpper(), ToLower(), Title(), etc. functions to be available from within a template. Looking at go's funcMap in the template package, this seems like it might be pretty easy to do and could be useful.

I don't see it mentioned in the docs, so this would be a new feature request
{{service "api.*"}}

I have the misfortune to be running windows in production.

This syntax works fine:

C:\Users\craigs>c:\consul\consul-template.exe -consul=127.0.0.1:8500 -template="\chef-solo\cache\node.ctmpl:\chef-solo\continuity.json"

However, if I need to specify a template on a drive other than the boot drive, consul-template choaks (is this because of the surfeit of colons?):

C:\Users\craigs>c:\consul\consul-template.exe -consul=127.0.0.1:8500 -template="d:\chef-solo\cache\node.ctmpl:d:\chef-solo\continuity.json"

invalid value "d:\chef-solo\cache\node.ctmpl:d:\chef-solo\continuity.json"
for flag -template: invalid template declaration format

Creating an issue to document a TODO in the code.

Is it possible to read the template from stdin and/or write the output to stdout rather than from a file? It would be nice to avoid managing extraneous temporary files.

Using stdin/stdout without the -once flag would be nonsensical.

the -dry flag almost works for standard output, but it adds an extra leading line.

P.S. Do you have another mechanism for these sorts of questions, such as a mailing list? This is the third time I've (ab)used the issue tracker for usage questions like this.

For some configs, which change frequently, I believe it would be useful to store the ctmpl file in consul itself in k/v

With the following KV data:

$ curl localhost:5200/v1/kv/service/app/config?recurse
[
  {
    "CreateIndex": 2592,
    "ModifyIndex": 2680,
    "LockIndex": 0,
    "Key": "service/app/config/key1",
    "Flags": 0,
    "Value": "aGVsbG8="
  },
  {
    "CreateIndex": 2591,
    "ModifyIndex": 2681,
    "LockIndex": 0,
    "Key": "service/app/config/key2",
    "Flags": 0,
    "Value": "d29ybGQ="
  },
  {
    "CreateIndex": 2587,
    "ModifyIndex": 2587,
    "LockIndex": 0,
    "Key": "service/app/config/",
    "Flags": 0,
    "Value": null
  }
]

And this template:

{{ range ls "service/app/config" }}{{ .Key | toUpper }} = "{{ .Value}}"
{{end}}

I get this output:

KEY1 = "hello"
KEY2 = "world"
 = ""

Desired output:

KEY1 = "hello"
KEY2 = "world"

Could we add support for allowing the user to specify whether or not to return only passing nodes. Perhaps we could inherit the syntax the Consul api uses and allow the user to add '?passing' to the service query.

{{ service "data-service-api@dc1:8080?passing" }}

Seems like a relatively small code change, but it would change the default behavior.

• Add regex match for '?passing' to ParseServiceDependency()
• Add Passing param to ServiceDependency struct
• Replace hardcoded true with ServiceDependency struct property in api call in (d *ServiceDependency) Fetch

I had a source of /etc/hosts-template to destination of /etc/hosts
the problem is that my /tmp is on a different volume, so I received an error saying
that cannot rename /tmp/201230FILENAME to /etc/hosts because they are not on the same file system.

As a work around, i set the destination in the tmp folder, and use the command to overwrite the file i want.
I think that's probably what consul-template should do to begin with...

Consul Template should reload itself and re-parse all dependencies when sent SIGHUP.

/cc @bryanlarsen @armon

It would be great if the service API function could be used to query all services (similar to the new nodes functionality).

I may submit a PR for this if I get some time this weekend.

I think I've got my workaround for bug #64 and the limitation that filenames cannot be dynamic. I should probably turn this into a documentation PR once things look good. I'm going to write it in that style. My enhancement request is at the bottom.

Examples

Multiple Nginx config files

Nginx is a popular web server, also popular as a proxy. For this example, we are going to create multiple nginx site files, where the site name is listed in a consul key namespace.

For this example to work, you must have your consul-template configured to read it's configuration from a directory rather than a file.

Our strategy is to create a two layer template. Our template generates templates. It is possible to do this by using consul-template for both the outer and inner templates: you use the printf function to write out lines containing {{}}, but this becomes very awkward quite quickly. So instead for this example we'll use a simple sed script to generate the outer layer.

webapp-nginx.conf.outer-template:

upstream %SERVICE% {
{{range service "%SERVICE%"}}
  server {{ .Address }}:{{ .Port }};
{{end}}
}
server {
  listen 80;
  server_name {{key "%SERVICE%/cname"}};
  location / {
    proxy_pass http://%SERVICE%;
  }
}

We'll use consul-template to dynamically generate and trigger a script that will run sed on this file multiple times, once for each site.

Note: in this example, all file paths are elided for simplicity.

webapp-nginx.sh.template:

#!/bin/sh

{{ range ls "webapp" }}
sed -e "s!%SERVICE%!{{ .Key }}!g" -e "s!%ID%!{{ .Value }}!g" < webapp-nginx.conf.outer-template > "{{ .Key }}.conf.template"
{{ end }}

We also use consul-template to dynamically generate a config file for consul-template to process the new templates.

webapp-nginx.consul-template.cfg.template:

{{ range ls "webapp" }}
template {
  source = "{{ .Key }}.conf.templ"
  destination = "{{ .Key }}.conf"
  command = "service nginx reload"
}
{{ end }}

And finally the outer configuration file:

webapp-nginx.cfg:

template {
  source = "webapp-nginx.sh.tmplate"
  destination = "webapp-nginx.sh"
  command = "sh webapp-nginx.sh"
}

template {
  source = "/opt/plugins/webapp-nginx/webapp-nginx.consul-template.cfg.tmpl"
  destination = "/opt/consul-template/config/webapp-nginx.gen.cfg"
}

The big thing missing from the above example that I have in my system is the line service consul-template restart at the bottom of webapp-nginx.sh.template. That's there to force consul-template to reload it's configuration. But you'll notice that there are actually 2 places that should trigger a reload: the execution of webapp-nginx.sh and the writing of webapp-nginx.gen.cfg. Right now I assume that webapp-nginx.gen.cfg finishes first. A fairly safe assumption, but a nasty race if it doesn't.

If consul-template supported the HUP signal to safely reload it's configuration, I could send HUP in both places and it wouldn't matter which finished first.

 In a Linux setup, where /tmp is mounted on a different device than the destination file (/etc/haproxy/haproxy.cfg in the example) I get the following error:

2014/11/06 18:19:15 [ERR] rename /tmp/033905806 /etc/haproxy/haproxy.cfg: invalid cross-device link

os.Rename(), which is used at the end of runner.go/atomicWrite(), line 372, can not rename across devices on Linux, see also https://groups.google.com/forum/#!topic/golang-dev/5w7Jmg_iCJQ

Unfortunatly, I have no immediate idea how to fix this.

Is there a way to lookup a key value based on the value of another key?
I haven't been able to do this using Go Templates

Suppose I would like to get the IP address of any consul agent. I would expect something like this to work:

 {{ index (service "consul") 0 }}

What am I doing wrong? Thanks.

By default, consul-template uses a hard-coded wait time of 5 seconds when a query with Consul fails. It would be nice if this was configurable:

$ consul-template -retry 30s

using consul-template v0.3.0

this template:

{{range service "consul"}}
   a {{printf "%s/%s/foo" .Name .Address}}
   b {{key (printf "%s/%s/foo" .Name .Address) }}
{{end}}

produces:

   a consul/172.17.0.2/foo
   b 

yet

{{range service "consul"}}
   a {{printf "%s/%s/foo" .Name .Address}}
   b {{key (printf "%s/%s/foo" .Name .Address) }}
{{end}}
   c {{key "consul/172.17.0.2/foo"}}

produces

   a consul/172.17.0.2/foo
   b bar1

   c bar1

I understand this is a hard problem: b is dependent on both the service and the key. However, adding arbitrary keys per service is probably a common use case. Is there a better way to accomplish what I'm trying to do?

There is a really weird bug I have encountered sporadically when testing Consul Template manually. It seems that sometimes the file is only partially written and that data at the end of the file is persisted. I believe this must have something to do with file.sync() or file.close().

I know this is subjective but I was surprised to see that consul-template exited with an error when the specified post command exited with an error.
In the command line section of the ReadMe, there is the following example:

consul-template \
  -consul my.consul.internal:6124 \
  -template "/tmp/nginx.ctmpl:/var/nginx/nginx.conf:service nginx restart" \
  -template "/tmp/redis.ctmpl:/var/redis/redis.conf:service redis restart" \
  -template "/tmp/haproxy.ctmpl:/var/haproxy/haproxy.conf"

If the nginx restart command above exits with an error which it will if an invalid piece of config is pushed into consul then consul-template will exit with an error. There is no way to recover other than updating the config in consul then restarting consul-template on all hosts.
Is there a particular reason consul exits in this case? I think ideally this could be configured?
At a minimum it should be documented?

FYI I was able to work around this by appending "|| true" to the command

I don't seem to get consul-template running as a background daemon. Is there a way to achieve this?

While I love the ideas behind this, I find the templating language ugly. How about integrating Jinja2? http://jinja.pocoo.org/

Given the path to a directory that does not exist, Consul Template crashes:

panic: runtime error: invalid memory address or nil pointer dereference
[signal 0xb code=0x1 addr=0x20 pc=0x40aaa4]
goroutine 16 [running]:
runtime.panic(0x761e80, 0x9958b3)
/usr/local/Cellar/go/1.3.3/libexec/src/pkg/runtime/panic.c:279 +0xf5
main.func·002(0x7fffffd84f5c, 0x19, 0x0, 0x0, 0x7fd80c2f9818, 0xc208010cc0, 0x0, 0x0)
/Users/sethvargo/Development/go/src/github.com/hashicorp/consul-template/cli.go:282 +0x64
path/filepath.Walk(0x7fffffd84f5c, 0x19, 0x7fd80c15ac60, 0x0, 0x0)
/usr/local/Cellar/go/1.3.3/libexec/src/pkg/path/filepath/path.go:388 +0xa9
main.(*CLI).BuildConfig(0xc2080404c0, 0xc2080041e0, 0x7fffffd84f5c, 0x19, 0x0, 0x0)
/Users/sethvargo/Development/go/src/github.com/hashicorp/consul-template/cli.go:294 +0x1c6
main.(*CLI).Run(0xc2080404c0, 0xc20800e000, 0x5, 0x5, 0x14)
/Users/sethvargo/Development/go/src/github.com/hashicorp/consul-template/cli.go:102 +0x827
main.main()
/Users/sethvargo/Development/go/src/github.com/hashicorp/consul-template/main.go:12 +0xc7