iamthefij/orchestration-tests
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Improve vault bootstrap and nomad connection

Browse Source
This commit is contained in:
IamTheFij 2022-06-28 12:10:18 -07:00
parent bf1ac31cdf
commit c0215bf153
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
nomad/setup-cluster.yml
View File

@ -150,7 +150,9 @@
- "-address=http://127.0.0.1:8200/" - "-address=http://127.0.0.1:8200/"
- "{{ item }}" - "{{ item }}"
loop: "{{ unseal_keys_hex }}" loop: "{{ unseal_keys_hex }}"
when: unseal_keys_hex is defined when:
- unseal_keys_hex is defined
- vault_status.json["sealed"]
- name: Bootstrap Vault secrets - name: Bootstrap Vault secrets
delegate_to: localhost delegate_to: localhost
@ -322,6 +324,8 @@
nomad_acl_enabled: true nomad_acl_enabled: true
# Enable vault integration # Enable vault integration
nomad_vault_address: "http://vault.service.consul:8200"
nomad_vault_create_from_role: "nomad-cluster"
nomad_vault_enabled: "{{ root_token is defined }}" nomad_vault_enabled: "{{ root_token is defined }}"
nomad_vault_token: "{{ root_token | default('') }}" nomad_vault_token: "{{ root_token | default('') }}"
@ -387,6 +391,7 @@
delegate_to: localhost delegate_to: localhost
run_once: true run_once: true
no_log: true no_log: true
changed_when: false
register: read_secretid register: read_secretid
- name: Copy policy - name: Copy policy