Update bootstrap for acls

This commit is contained in:
IamTheFij 2022-03-21 20:13:13 -07:00
parent d7a1a3c6f6
commit e3d894a8d5

View File

@ -84,7 +84,7 @@
- "-address=http://127.0.0.1:8200/" - "-address=http://127.0.0.1:8200/"
- "{{ item }}" - "{{ item }}"
loop: "{{ vault_keys }}" loop: "{{ vault_keys }}"
# no_log: true no_log: true
when: vault_keys is defined when: vault_keys is defined
# Not on Ubuntu 20.04 # Not on Ubuntu 20.04
@ -158,13 +158,13 @@
nomad_bind_address: 0.0.0.0 nomad_bind_address: 0.0.0.0
# Default interface for binding tasks # Default interface for binding tasks
nomad_network_interface: lo # nomad_network_interface: lo
# Create networks for binding task ports # Create networks for binding task ports
nomad_host_networks: nomad_host_networks:
- name: public # - name: public
interface: eth0 # interface: eth0
reserved_ports: "22" # reserved_ports: "22"
- name: nomad-bridge - name: nomad-bridge
interface: nomad interface: nomad
reserved_ports: "22" reserved_ports: "22"
@ -172,8 +172,12 @@
interface: lo interface: lo
reserved_ports: "22" reserved_ports: "22"
# Enable ACLs
nomad_acl_enabled: true
# Enable vault integration # Enable vault integration
# nomad_vault_enabled: true nomad_vault_enabled: "{{ vault_token is defined }}"
nomad_vault_token: "{{ vault_token | default('') }}"
nomad_config_custom: nomad_config_custom:
ui: ui:
@ -183,7 +187,7 @@
vault: vault:
ui_url: "http://{{ ansible_hostname }}:8200/ui" ui_url: "http://{{ ansible_hostname }}:8200/ui"
consul: consul:
tag: tags:
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.consulcatalog.connect=true" - "traefik.consulcatalog.connect=true"
- "traefik.http.routers.nomadclient.entrypoints=websecure" - "traefik.http.routers.nomadclient.entrypoints=websecure"