Improve vault bootstrap and nomad connection
This commit is contained in:
parent
1dad4d22a1
commit
723b5fab78
@ -150,7 +150,9 @@
|
||||
- "-address=http://127.0.0.1:8200/"
|
||||
- "{{ item }}"
|
||||
loop: "{{ unseal_keys_hex }}"
|
||||
when: unseal_keys_hex is defined
|
||||
when:
|
||||
- unseal_keys_hex is defined
|
||||
- vault_status.json["sealed"]
|
||||
|
||||
- name: Bootstrap Vault secrets
|
||||
delegate_to: localhost
|
||||
@ -322,6 +324,8 @@
|
||||
nomad_acl_enabled: true
|
||||
|
||||
# Enable vault integration
|
||||
nomad_vault_address: "http://vault.service.consul:8200"
|
||||
nomad_vault_create_from_role: "nomad-cluster"
|
||||
nomad_vault_enabled: "{{ root_token is defined }}"
|
||||
nomad_vault_token: "{{ root_token | default('') }}"
|
||||
|
||||
@ -387,6 +391,7 @@
|
||||
delegate_to: localhost
|
||||
run_once: true
|
||||
no_log: true
|
||||
changed_when: false
|
||||
register: read_secretid
|
||||
|
||||
- name: Copy policy
|
||||
|
Loading…
Reference in New Issue
Block a user