2022-09-02 18:00:22 +02:00
|
|
|
vault {
|
2022-09-06 18:00:22 +02:00
|
|
|
address = "{{ nomad_vault_secrets.vault_address }}"
|
|
|
|
|
token = "{{ nomad_vault_secrets.vault_token }}"
|
2022-09-02 18:00:22 +02:00
|
|
|
unwrap_token = false
|
|
|
|
|
}
|
|
|
|
|
|
2022-09-06 18:00:22 +02:00
|
|
|
# Sleep 10 sec before sending nomad service a reload to prevent it from crashing as
|
|
|
|
|
# Nomad doesn't support getting a reload while it's still initializing
|
|
|
|
|
{% if nomad_vault_secrets.pki.enabled %}
|
2022-09-02 18:00:22 +02:00
|
|
|
template {
|
|
|
|
|
source = "{{ nomad_root_dir }}/consul-template/agent.crt.tpl"
|
|
|
|
|
left_delimiter = "[["
|
|
|
|
|
right_delimiter = "]]"
|
|
|
|
|
destination = "{{ nomad_conf.tls.cert_file }}"
|
|
|
|
|
perms = 0644
|
|
|
|
|
exec {
|
2022-09-06 18:00:22 +02:00
|
|
|
command = "sh -c 'sleep 10 && systemctl reload nomad || true'"
|
2022-09-02 18:00:22 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
template {
|
|
|
|
|
source = "{{ nomad_root_dir }}/consul-template/agent.key.tpl"
|
|
|
|
|
left_delimiter = "[["
|
|
|
|
|
right_delimiter = "]]"
|
|
|
|
|
destination = "{{ nomad_conf.tls.key_file }}"
|
|
|
|
|
perms = 0640
|
|
|
|
|
exec {
|
2022-09-06 18:00:22 +02:00
|
|
|
command = ["sh", "-c", "chgrp {{ nomad_user }} {{ nomad_conf.tls.key_file }} && sleep 10 && systemctl reload nomad || true"]
|
2022-09-02 18:00:22 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
template {
|
|
|
|
|
source = "{{ nomad_root_dir }}/consul-template/ca.crt.tpl"
|
|
|
|
|
left_delimiter = "[["
|
|
|
|
|
right_delimiter = "]]"
|
|
|
|
|
destination = "{{ nomad_conf.tls.ca_file }}"
|
|
|
|
|
perms = 0644
|
|
|
|
|
exec {
|
2022-09-06 18:00:22 +02:00
|
|
|
command = "sh -c 'sleep 10 && systemctl reload nomad || true'"
|
2022-09-02 18:00:22 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2022-09-04 01:00:25 +02:00
|
|
|
{% if nomad_conf.server.enabled %}
|
2022-09-02 18:00:22 +02:00
|
|
|
template {
|
|
|
|
|
source = "{{ nomad_root_dir }}/consul-template/cli.crt.tpl"
|
|
|
|
|
left_delimiter = "[["
|
|
|
|
|
right_delimiter = "]]"
|
|
|
|
|
destination = "{{ nomad_root_dir }}/tls/cli.crt"
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
template {
|
|
|
|
|
source = "{{ nomad_root_dir }}/consul-template/cli.key.tpl"
|
|
|
|
|
left_delimiter = "[["
|
|
|
|
|
right_delimiter = "]]"
|
|
|
|
|
destination = "{{ nomad_root_dir }}/tls/cli.key"
|
|
|
|
|
perms = 0640
|
|
|
|
|
}
|
2022-09-04 01:00:25 +02:00
|
|
|
{% endif %}
|
2022-09-06 18:00:22 +02:00
|
|
|
{% endif %}
|
|
|
|
|
|
2022-09-04 18:00:17 +02:00
|
|
|
|
2022-09-08 18:00:11 +02:00
|
|
|
{% if nomad_vault_secrets.consul_pki.enabled and nomad_conf.consul.ssl %}
|
2022-09-04 18:00:17 +02:00
|
|
|
template {
|
|
|
|
|
source = "{{ nomad_root_dir }}/consul-template/consul.crt.tpl"
|
|
|
|
|
left_delimiter = "[["
|
|
|
|
|
right_delimiter = "]]"
|
|
|
|
|
destination = "{{ nomad_conf.consul.cert_file }}"
|
2022-09-06 18:00:22 +02:00
|
|
|
exec {
|
|
|
|
|
command = "sh -c 'sleep 10 && systemctl reload nomad || true'"
|
|
|
|
|
}
|
2022-09-04 18:00:17 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
template {
|
|
|
|
|
source = "{{ nomad_root_dir }}/consul-template/consul.key.tpl"
|
|
|
|
|
left_delimiter = "[["
|
|
|
|
|
right_delimiter = "]]"
|
|
|
|
|
destination = "{{ nomad_conf.consul.key_file }}"
|
|
|
|
|
perms = 0640
|
2022-09-06 18:00:22 +02:00
|
|
|
exec {
|
|
|
|
|
command = "sh -c 'sleep 10 && systemctl reload nomad || true'"
|
|
|
|
|
}
|
2022-09-04 18:00:17 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
template {
|
|
|
|
|
source = "{{ nomad_root_dir }}/consul-template/consul_ca.crt.tpl"
|
|
|
|
|
left_delimiter = "[["
|
|
|
|
|
right_delimiter = "]]"
|
|
|
|
|
destination = "{{ nomad_conf.consul.ca_file }}"
|
|
|
|
|
perms = 0644
|
|
|
|
|
exec {
|
2022-09-06 18:00:22 +02:00
|
|
|
command = "sh -c 'sleep 10 && systemctl reload nomad || true'"
|
2022-09-04 18:00:17 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
{% endif %}
|
2022-09-06 18:00:22 +02:00
|
|
|
|
