diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl index d0bc9c1..158693f 100644 --- a/.terraform.lock.hcl +++ b/.terraform.lock.hcl @@ -4,6 +4,7 @@ provider "registry.terraform.io/hashicorp/consul" { version = "2.14.0" hashes = [ + "h1:lJWOdlqevg6FQLFlfM3tGOsy9yPrjm9/vqkfzVrqT/A=", "h1:xRwktNwLL3Vo43F7v73tfcgbcnjCE2KgCzcNrsQJ1cc=", "zh:06dcca1f76b839af8f86c7b6f65b944003a7a35b30b865b3884f48e2c42f9aee", "zh:16111df6a485e21cee6ca33cb863434baa1ca360c819c8e2af85e465c1361d2b", @@ -19,28 +20,10 @@ provider "registry.terraform.io/hashicorp/consul" { ] } -provider "registry.terraform.io/hashicorp/external" { - version = "2.2.2" - hashes = [ - "h1:BKQ5f5ijzeyBSnUr+j0wUi+bYv6KBQVQNDXNRVEcfJE=", - "zh:0b84ab0af2e28606e9c0c1289343949339221c3ab126616b831ddb5aaef5f5ca", - "zh:10cf5c9b9524ca2e4302bf02368dc6aac29fb50aeaa6f7758cce9aa36ae87a28", - "zh:56a016ee871c8501acb3f2ee3b51592ad7c3871a1757b098838349b17762ba6b", - "zh:719d6ef39c50e4cffc67aa67d74d195adaf42afcf62beab132dafdb500347d39", - "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:7fbfc4d37435ac2f717b0316f872f558f608596b389b895fcb549f118462d327", - "zh:8ac71408204db606ce63fe8f9aeaf1ddc7751d57d586ec421e62d440c402e955", - "zh:a4cacdb06f114454b6ed0033add28006afa3f65a0ea7a43befe45fc82e6809fb", - "zh:bb5ce3132b52ae32b6cc005bc9f7627b95259b9ffe556de4dad60d47d47f21f0", - "zh:bb60d2976f125ffd232a7ccb4b3f81e7109578b23c9c6179f13a11d125dca82a", - "zh:f9540ecd2e056d6e71b9ea5f5a5cf8f63dd5c25394b9db831083a9d4ea99b372", - "zh:ffd998b55b8a64d4335a090b6956b4bf8855b290f7554dd38db3302de9c41809", - ] -} - provider "registry.terraform.io/hashicorp/nomad" { version = "1.4.16" hashes = [ + "h1:PQxNPNmMVOErxryTWIJwr22k95DTSODmgRylqjc2TjI=", "h1:tyfjD/maKzb0RxxD9KWgLnkJu9lnYziYsQgGw85Giz8=", "zh:0d4fbb7030d9caac3b123e60afa44f50c83cc2a983e1866aec7f30414abe7b0e", "zh:0db080228e07c72d6d8ca8c45249d6f97cd0189fce82a77abbdcd49a52e57572", @@ -60,6 +43,7 @@ provider "registry.terraform.io/hashicorp/vault" { version = "3.3.1" hashes = [ "h1:SOTmxGynxFf1hECFq0/FGujGQZNktePze/4mfdR/iiU=", + "h1:i7EC2IF0KParI+JPA5ZtXJrAn3bAntW5gEMLvOXwpW4=", "zh:3e1866037f43c1083ff825dce2a9e3853c757bb0121c5ae528ee3cf3f99b4113", "zh:49636cc5c4939134e098c4ec0163c41fae103f24d7e1e8fc0432f8ad93d596a0", "zh:5258a7001719c4aeb84f4c4da7115b795da4794754938a3c4176a4b578fe93a1", diff --git a/Makefile b/Makefile index 08de9e9..7321f76 100644 --- a/Makefile +++ b/Makefile @@ -65,6 +65,10 @@ ansible-cluster: venv/bin/ansible $(shell test -f vault-keys.json && echo '-e "@vault-keys.json"') \ -i ansible_hosts.yml -M ./roles ./setup-cluster.yml +.PHONY: init +init: + @terraform init + .PHONY: plan plan: @terraform plan \ diff --git a/acls/.terraform.lock.hcl b/acls/.terraform.lock.hcl index e640ec8..ac3b11f 100644 --- a/acls/.terraform.lock.hcl +++ b/acls/.terraform.lock.hcl @@ -1,38 +1,59 @@ # This file is maintained automatically by "terraform init". # Manual edits may be lost in future updates. -provider "registry.terraform.io/hashicorp/nomad" { - version = "1.4.16" +provider "registry.terraform.io/hashicorp/consul" { + version = "2.15.1" hashes = [ - "h1:tyfjD/maKzb0RxxD9KWgLnkJu9lnYziYsQgGw85Giz8=", - "zh:0d4fbb7030d9caac3b123e60afa44f50c83cc2a983e1866aec7f30414abe7b0e", - "zh:0db080228e07c72d6d8ca8c45249d6f97cd0189fce82a77abbdcd49a52e57572", - "zh:0df88393271078533a217654b96f0672c60eb59570d72e6aefcb839eea87a7a0", - "zh:2883b335bb6044b0db6a00e602d6926c047c7f330294a73a90d089f98b24d084", - "zh:390158d928009a041b3a182bdd82376b50530805ae92be2b84ed7c3b0fa902a0", - "zh:7169b8f8df4b8e9659c49043848fd5f7f8473d0471f67815e8b04980f827f5ef", - "zh:9417ee1383b1edd137024882d7035be4dca51fb4f725ca00ed87729086ec1755", - "zh:a22910b5a29eeab5610350700b4899267c1b09b66cf21f7e4d06afc61d425800", - "zh:a6185c9cd7aa458cd81861058ba568b6411fbac344373a20155e20256f4a7557", - "zh:b6260ca9f034df1b47905b4e2a9c33b67dbf77224a694d5b10fb09ae92ffad4c", - "zh:d87c12a6a7768f2b6c2a59495c7dc00f9ecc52b1b868331d4c284f791e278a1e", + "h1:PexyQBRLDA+SR+sWlzYBZswry5O5h/tTfj87CaECtLc=", + "zh:1806830a3cf103e65e772a7d28fd4df2788c29a029fb2def1326bc777ad107ed", + "zh:252be544fb4c9daf09cad7d3776daf5fa66b62740d3ea9d6d499a7b1697c3433", + "zh:50985fe02a8e5ae47c75d7c28c911b25d7dc4716cff2ed55ca05889ab77a1f73", + "zh:54cf0ec90538703c66937c77e8d72a38d5af47437eb0b8b55eb5836c5d288878", + "zh:704f536c621337e06fffef6d5f49ac81f52d249f937250527c12884cb83aefed", + "zh:896d8ef6d0b555299f124eb25bce8a17d735da14ef21f07582098d301f47da30", + "zh:976277a85b0a0baafe267cc494f766448d1da5b6936ddcb3ce393bd4d22f08d2", + "zh:c7faa9a2b11bc45833a3e8e340f22f1ecf01597eaeffa7669234b4549d7dfa85", + "zh:caf851ef9c8ce482864badf7058f9278d4537112fa236efd8f1a9315801d9061", + "zh:db203435d58b0ac842540861b3307a623423275d85754c171773f3b210ae5b24", + "zh:f3d3efac504c9484a025beb919d22b290aa6dbff256f6e86c1f8ce7817e077e5", + "zh:f710a37190429045d109edd35de69db3b5f619919c2fa04c77a3a639fea9fd7d", + ] +} + +provider "registry.terraform.io/hashicorp/nomad" { + version = "1.4.17" + hashes = [ + "h1:iPylWr144mqXvM8NBVMTm+MS6JRhqIihlpJG91GYDyA=", + "zh:146f97eacd9a0c78b357a6cfd2cb12765d4b18e9660a75500ee3e748c6eba41a", + "zh:2eb89a6e5cee9aea03a96ea9f141096fe3baf219b2700ce30229d2d882f5015f", + "zh:3d0f971f79b615c1014c75e2f99f34bd4b4da542ca9f31d5ea7fadc4e9de39c1", + "zh:46099a750c752ce05aa14d663a86478a5ad66d95aff3d69367f1d3628aac7792", + "zh:71e56006b013dcfe1e4e059b2b07148b44fcd79351ae2c357e0d97e27ae0d916", + "zh:74febd25d776688f0558178c2f5a0e6818bbf4cdaa2e160d7049da04103940f0", + "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", + "zh:af18c064a5f0dd5422d6771939274841f635b619ab392c73d5bf9720945fdb85", + "zh:c133d7a862079da9f06e301c530eacbd70e9288fa2276ec0704df907270ee328", + "zh:c894cf98d239b9f5a4b7cde9f5c836face0b5b93099048ee817b0380ea439c65", + "zh:c918642870f0cafdbe4d7dd07c909701fc3ddb47cac8357bdcde1327bf78c11d", + "zh:f8f5655099a57b4b9c0018a2d49133771e24c7ff8262efb1ceb140fd224aa9b6", ] } provider "registry.terraform.io/hashicorp/vault" { - version = "3.4.1" + version = "3.7.0" hashes = [ - "h1:oow6cAwKiFpJBBWKsDqNmwZIrFTWWvoeIbqs+vyUDE0=", - "zh:1eb8370a1846e34e2bcc4d11eece5733735784a8eab447bbed3cfd822101b577", - "zh:2df3989327cea68b2167514b7ebddc67b09340f00bbf3fa85df03c97adfb9d25", - "zh:3dd1e317264f574985e856296deef71a76464918bf0566eb0d7f6389ea0586bd", - "zh:9750861f2822482aa608ea5a52b385bc42b2e1f2511094e6a975412618c4495d", - "zh:9b940e7f78975d29a4d0a116cf43c0bc1cb03bec4ad8d34887d64e6e60bacb9e", - "zh:9cb6e7ad2a62529d35dacd20695d49c2f02230cb785d46178cc10f4ec80e5a51", - "zh:a12718689bbcb37bcbb9132c18bffd354fad8ab5c8cb89cec1a0ee85c65b8cb7", - "zh:a6e38afacca1af4fab04a9f2dc49b8295eb462db68bdc7451352d0f950f804f8", - "zh:d6e0e994d51b9e07d5713d4796381f9e129e9de962e79caae2b7055f6f68297e", - "zh:ea4bbef7a1bb2553db473fa304c93845674167b61e8c9677107a96c8c696da12", - "zh:f985a8b7f4ef7d1eba9cef7d99997ee9c4a54ffe76dab7fa8b1fdec2a9edca7e", + "h1:idawLPCbZgHIb+NRLJs4YdIcQgACqYiT5VwQfChkn+w=", + "zh:256b82692c560c76ad51414a2c003cadfa10338a9df333dbe22dd14a9ed16f95", + "zh:329ed8135a98bd6a000d014e40bc5981c6868cf50eedf454f1a1f72ac463bdf0", + "zh:3b32c18b492a6ac8e1ccac40d28cd42a88892ef8f3515291676136e3faac351c", + "zh:4c5ea8e80543b36b1999257a41c8b9cde852542251de82a94cff2f9d280ac2ec", + "zh:5d968ed305cde7aa3567a943cb2f5f8def54b40a2292b66027b1405a1cf28585", + "zh:60226d1a0a496a9a6c1d646800dd7e1bd1c4f5527e7307ff0bca9f4d0b5395e2", + "zh:71b11def501c994ee5305f24bd47ebfcca2314c5acca3efcdd209373d0068ac0", + "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", + "zh:89be6b5db3be473bfd14422a9abf83245c4b22ce47a8fe463bbebf8e20958ab1", + "zh:8f91051d43ae309bb8f3f6a9659f0fd26b1b239faf671c139b4e9ad0d208db05", + "zh:b5114983273d3170878f657b92738b2c40953aedeef2e1840588ecaf1bc0827e", + "zh:fd56db01c5444dc8ca2e0ad2f13fc4c17735d0fdeb5960e23176fb3f5a5114d3", ] } diff --git a/acls/providers.tf b/acls/providers.tf new file mode 100644 index 0000000..f454d1c --- /dev/null +++ b/acls/providers.tf @@ -0,0 +1,38 @@ +# Configure Consul provider +provider "consul" { + address = var.consul_address +} + +# Get Nomad client from Consul +data "consul_service" "nomad" { + name = "nomad-client" +} + +# Get Vault client from Consul +data "consul_service" "vault" { + name = "vault" + tag = "active" +} + +locals { + # Get Nomad address from Consul + nomad_node = data.consul_service.nomad.service[0] + nomad_node_address = "http://${local.nomad_node.node_address}:${local.nomad_node.port}" + + # Get Vault address from Consul + vault_node = data.consul_service.vault.service[0] + vault_node_address = "http://${local.vault_node.node_address}:${local.vault_node.port}" +} + +# Configure the Nomad provider +provider "nomad" { + address = local.nomad_node_address + secret_id = var.nomad_secret_id + region = "global" +} + +# Configure the Vault provider +provider "vault" { + address = local.vault_node_address + token = var.vault_token +} diff --git a/acls/vars.tf b/acls/vars.tf new file mode 100644 index 0000000..4c6fcca --- /dev/null +++ b/acls/vars.tf @@ -0,0 +1,17 @@ +variable "consul_address" { + type = string + default = "http://n1.thefij:8500" +} + +variable "nomad_secret_id" { + type = string + description = "Secret ID for ACL bootstrapped Nomad" + sensitive = true + default = "" +} + +variable "vault_token" { + type = string + sensitive = true + default = "" +} diff --git a/root.tf b/root.tf index deb63a4..94a9246 100644 --- a/root.tf +++ b/root.tf @@ -1,6 +1,11 @@ -module "acls" { - source = "./acls" -} +# Can't run this as part of root and as a submodule because of tf state +# module "acls" { +# source = "./acls" +# +# consul_address = var.consul_address +# nomad_secret_id = var.nomad_secret_id +# vault_token = var.vault_token +# } # module "storage_plugins" { # source = "./storage_plugins"