Improve vault bootstrap and nomad connection

This commit is contained in:
IamTheFij 2022-06-28 12:10:18 -07:00
parent bf1ac31cdf
commit c0215bf153

View File

@ -150,7 +150,9 @@
- "-address=http://127.0.0.1:8200/"
- "{{ item }}"
loop: "{{ unseal_keys_hex }}"
when: unseal_keys_hex is defined
when:
- unseal_keys_hex is defined
- vault_status.json["sealed"]
- name: Bootstrap Vault secrets
delegate_to: localhost
@ -322,6 +324,8 @@
nomad_acl_enabled: true
# Enable vault integration
nomad_vault_address: "http://vault.service.consul:8200"
nomad_vault_create_from_role: "nomad-cluster"
nomad_vault_enabled: "{{ root_token is defined }}"
nomad_vault_token: "{{ root_token | default('') }}"
@ -387,6 +391,7 @@
delegate_to: localhost
run_once: true
no_log: true
changed_when: false
register: read_secretid
- name: Copy policy