Update bootstrap for acls

2022-03-21 20:13:13 -07:00 · 2022-03-21 20:13:13 -07:00 · 970a9f740e
parent 3ce91f2d0b
commit 970a9f740e
1 changed files with 11 additions and 7 deletions
--- a/nomad/setup-cluster.yml
+++ b/nomad/setup-cluster.yml
@ -84,7 +84,7 @@
          - "-address=http://127.0.0.1:8200/"
          - "{{ item }}"
      loop: "{{ vault_keys }}"
-      # no_log: true
+      no_log: true
      when: vault_keys is defined

 # Not on Ubuntu 20.04
@ -158,13 +158,13 @@
        nomad_bind_address: 0.0.0.0

        # Default interface for binding tasks
-        nomad_network_interface: lo
+        # nomad_network_interface: lo

        # Create networks for binding task ports
        nomad_host_networks:
-          - name: public
-            interface: eth0
-            reserved_ports: "22"
+          # - name: public
+          #   interface: eth0
+          #   reserved_ports: "22"
          - name: nomad-bridge
            interface: nomad
            reserved_ports: "22"
@ -172,8 +172,12 @@
            interface: lo
            reserved_ports: "22"

+        # Enable ACLs
+        nomad_acl_enabled: true
+
        # Enable vault integration
-        # nomad_vault_enabled: true
+        nomad_vault_enabled: "{{ vault_token is defined }}"
+        nomad_vault_token: "{{ vault_token | default('') }}"

        nomad_config_custom:
          ui:
@ -183,7 +187,7 @@
            vault:
              ui_url: "http://{{ ansible_hostname }}:8200/ui"
          consul:
-            tag:
+            tags:
              - "traefik.enable=true"
              - "traefik.consulcatalog.connect=true"
              - "traefik.http.routers.nomadclient.entrypoints=websecure"