diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl index a3678e4..9da49e4 100644 --- a/.terraform.lock.hcl +++ b/.terraform.lock.hcl @@ -57,3 +57,22 @@ provider "registry.terraform.io/hashicorp/nomad" { "zh:ffd1e096c1cc35de879c740a91918e9f06b627818a3cb4b1d87b829b54a6985f", ] } + +provider "registry.terraform.io/hashicorp/vault" { + version = "3.14.0" + hashes = [ + "h1:/0pqMLODukJUiVpBdxXbb8vwp0HCtbTXWFq0BaNkcZM=", + "zh:07e797c3b14cc45f1a3fa3adb6269f28f182630b9af9403a2a447919d4e9992a", + "zh:0d88c6c50f7975f60c84d446bf95b26652c9457e62f2d5b24221b769d6daf809", + "zh:1670c513f85788308d317e45038234ac367f52f7bd0ea8f527f0a6291dd23659", + "zh:1b5a07fd053a0d7d1da80cb3e929b44c000c614d3738bb7ff82b4d56ed854017", + "zh:34a43de7f3d3749cbc50b81b84fe38961c3dfbda819708a814c2206045ecf69b", + "zh:416f710365d060c8239522363257e162a267c01463ac95ad2c2dd0acf05b6d35", + "zh:73956090e0e9b69adbcfe1bcaad20ec45779f2e7f3f2fb3a5f865402a2cd2485", + "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", + "zh:e2df6077e925a8438cfd2deb3bce5f1029a2e3edd2a635b12636d426390600dd", + "zh:e3e2797ae1cfc6aff66329ee81baaf780e1f5f295ad887ac7ff4c1e2754a8c8c", + "zh:f34ec435d16244ecf0f909872850070428aeadd352b6a21ab1f787d81f8bae9f", + "zh:f3a930e64b2c10d2ece5acc856d3438cdd375ccfc5ac10fc4a8fe163f74af93a", + ] +} diff --git a/providers.tf b/providers.tf index 0c909a1..6e5ef19 100644 --- a/providers.tf +++ b/providers.tf @@ -1,6 +1,45 @@ +# Configure Consul provider +provider "consul" { + address = var.consul_address +} + +# Get Nomad client from Consul +data "consul_service" "nomad" { + name = "nomad-client" +} + +# Get Vault client from Consul +data "consul_service" "vault" { + name = "vault" + tag = "active" +} + +locals { + # Get Nomad address from Consul + nomad_node = data.consul_service.nomad.service[0] + nomad_node_address = "http://${local.nomad_node.node_address}:${local.nomad_node.port}" + + # Get Vault address from Consul + vault_node = data.consul_service.vault.service[0] + vault_node_address = "http://${local.vault_node.node_address}:${local.vault_node.port}" +} + +# Configure the Vault provider +provider "vault" { + address = length(var.vault_address) == 0 ? local.vault_node_address : var.vault_address + token = var.vault_token +} + +# Something that should exist in a post bootstrap module, right now module includes bootstrapping +# which requries Admin +# data "vault_nomad_access_token" "deploy" { +# backend = "nomad" +# role = "deploy" +# } + # Configure the Nomad provider provider "nomad" { - address = var.nomad_address + address = length(var.nomad_address) == 0 ? local.nomad_node_address : var.nomad_address secret_id = var.nomad_secret_id # secret_id = length(var.nomad_secret_id) == 0 ? data.vault_nomad_access_token.admin.secret_id : var.nomad_secret_id region = "global" diff --git a/vars.tf b/vars.tf index 6702560..5b8bf7f 100644 --- a/vars.tf +++ b/vars.tf @@ -1,3 +1,8 @@ +variable "consul_address" { + type = string + default = "http://n1.thefij:8500" +} + variable "nomad_address" { type = string default = "http://n1.thefij:4646"