Clean up comments in setup cluster playbook

2022-09-07 11:09:33 -07:00 · 2022-09-07 11:09:33 -07:00 · bd1280b970
parent ecbd9626e8
commit bd1280b970
1 changed files with 7 additions and 6 deletions
--- a/nomad/setup-cluster.yml
+++ b/nomad/setup-cluster.yml
@ -354,9 +354,6 @@

        # Create networks for binding task ports
        nomad_host_networks:
-          # - name: public
-          #   interface: eth0
-          #   reserved_ports: "22"
          - name: nomad-bridge
            interface: nomad
            reserved_ports: "22"
@ -368,13 +365,17 @@
        nomad_acl_enabled: true

        # Enable vault integration
+        # HACK: Only talk to local Vault for now because it doesn't have HTTPS
+        # TODO: Would be really great to hvae this over https and point to vault.consul.service
+        # nomad_vault_address: "https://vault.service.consul:8200"
+        # Right now, each node only talks to it's local Vault, so if that node is rebooted and
+        # that vault is sealed, it will not have access to vault. This is a problem if a node
+        # must reboot.
+        nomad_vault_address: "http://127.0.0.1:8200"
        # TODO: This fails on first run because the Nomad-Vault integration can't be set up
        # until Nomad has started. Could maybe figure out if ACLs have been set up and leave
        # these out until the later play, maybe just bootstrap the nomad-cluster role in Vault
        # befor Nomad is set up
-        # nomad_vault_address: "http://vault.service.consul:8200"
-        # Only talk to local Vault for now because it doesn't have HTTPS
-        nomad_vault_address: "http://127.0.0.1:8200"
        nomad_vault_create_from_role: "nomad-cluster"
        # TODO: (security) Probably want to restict this to a narrower scoped token
        nomad_vault_enabled: "{{ root_token is defined }}"