Clean up comments in setup cluster playbook

This commit is contained in:
IamTheFij 2022-09-07 11:09:33 -07:00
parent ecbd9626e8
commit bd1280b970

View File

@ -354,9 +354,6 @@
# Create networks for binding task ports
nomad_host_networks:
# - name: public
# interface: eth0
# reserved_ports: "22"
- name: nomad-bridge
interface: nomad
reserved_ports: "22"
@ -368,13 +365,17 @@
nomad_acl_enabled: true
# Enable vault integration
# HACK: Only talk to local Vault for now because it doesn't have HTTPS
# TODO: Would be really great to hvae this over https and point to vault.consul.service
# nomad_vault_address: "https://vault.service.consul:8200"
# Right now, each node only talks to it's local Vault, so if that node is rebooted and
# that vault is sealed, it will not have access to vault. This is a problem if a node
# must reboot.
nomad_vault_address: "http://127.0.0.1:8200"
# TODO: This fails on first run because the Nomad-Vault integration can't be set up
# until Nomad has started. Could maybe figure out if ACLs have been set up and leave
# these out until the later play, maybe just bootstrap the nomad-cluster role in Vault
# befor Nomad is set up
# nomad_vault_address: "http://vault.service.consul:8200"
# Only talk to local Vault for now because it doesn't have HTTPS
nomad_vault_address: "http://127.0.0.1:8200"
nomad_vault_create_from_role: "nomad-cluster"
# TODO: (security) Probably want to restict this to a narrower scoped token
nomad_vault_enabled: "{{ root_token is defined }}"