lldap: Make it work on first bootstrap
Can't use the job id for creating the variables and permissions because we end up with circular dependencies. The job won't return until it's successful in Nomad and it won't start in nomad without access to varibles
This commit is contained in:
parent
198f96f3f7
commit
056eac976c
@ -27,7 +27,21 @@ namespace "default" {
|
|||||||
EOH
|
EOH
|
||||||
|
|
||||||
job_acl {
|
job_acl {
|
||||||
job_id = resource.nomad_job.lldap.id
|
# job_id = resource.nomad_job.lldap.id
|
||||||
|
job_id = "lldap"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
# Create self-scoped psk so that config is valid at first start
|
||||||
|
resource "random_password" "lldap_ldap_psk" {
|
||||||
|
length = 32
|
||||||
|
override_special = "!@#%&*-_="
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "nomad_variable" "lldap_ldap_psk" {
|
||||||
|
path = "secrets/ldap/allowed_psks/ldap"
|
||||||
|
items = {
|
||||||
|
psk = "lldap:${resource.random_password.lldap_ldap_psk.result}"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -46,7 +60,8 @@ namespace "default" {
|
|||||||
EOH
|
EOH
|
||||||
|
|
||||||
job_acl {
|
job_acl {
|
||||||
job_id = resource.nomad_job.lldap.id
|
# job_id = resource.nomad_job.lldap.id
|
||||||
|
job_id = "lldap"
|
||||||
group = "lldap"
|
group = "lldap"
|
||||||
task = "lldap"
|
task = "lldap"
|
||||||
}
|
}
|
||||||
@ -67,7 +82,8 @@ namespace "default" {
|
|||||||
EOH
|
EOH
|
||||||
|
|
||||||
job_acl {
|
job_acl {
|
||||||
job_id = resource.nomad_job.lldap.id
|
# job_id = resource.nomad_job.lldap.id
|
||||||
|
job_id = "lldap"
|
||||||
group = "lldap"
|
group = "lldap"
|
||||||
task = "bootstrap"
|
task = "bootstrap"
|
||||||
}
|
}
|
||||||
@ -99,7 +115,8 @@ namespace "default" {
|
|||||||
EOH
|
EOH
|
||||||
|
|
||||||
job_acl {
|
job_acl {
|
||||||
job_id = resource.nomad_job.lldap.id
|
# job_id = resource.nomad_job.lldap.id
|
||||||
|
job_id = "lldap"
|
||||||
group = "lldap"
|
group = "lldap"
|
||||||
task = "stunnel"
|
task = "stunnel"
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user