Recent Blog Posts
In this article on extending Converge, we’ll walk through the process of
developing a brand new Converge resource from scratch. We’ll go into detail on
the resource authors’ API and building a resource that’s safe and usable. This
article was generated from a literate program, you
can download the original orgmode document if
you want to build the examples yourself.
This article was updated on 2017-01-06. The How Resource Work section has
been updated to use the updated Resource Authors API.
We’re delighted to introduce our newest project, Converge. Converge is a
configuration management tool that makes it easy to configure servers, desktops, and Raspberry Pi devices.
Converge manages apt and rpm packages, files, directories, docker images
and containers, and the Linux LVM subsystem. The CLI, modules, and API server are all
bundled in a single 11Mb binary file, making it easy to deploy and run.
Converge is powered by a sophisticated graph execution engine that automatically
creates dependencies and runs tasks in parallel. Internally, the desired state of a system
is represented as a directed graph.
HashiCorp’s Consul is a popular service discovery and key/value storage tool that has
become a core component of many distributed applications.
However, if Consul is not secured an intruder could register their own service and
capture traffic. For example, if you have an
auth service, the intruder could register another
service with the same DNS entry
auth.service.consul and collect login information.
Consul does not implement access controls on the key-value data or service discovery
endpoints by default. This means anyone (including intruders) are able to connect to a Consul host, register services, and
But don’t despair! Consul has an Access Control List (ACL) system that
can be used to control who can read and write data. This means we can keep intruders from registering
services without authenticating to the Consul server.