jpp/ansible-roles
1
0
Fork 0
mirror of https://git.lapiole.org/dani/ansible-roles.git synced 2025-07-27 00:05:44 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update to 2022-09-06 18:00

Browse Source
This commit is contained in:
Daniel Berteaud
2022-09-06 18:00:22 +02:00
parent ac46e06fb3
commit 382804b568
33 changed files with 311 additions and 113 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
roles/nomad/defaults/main.yml
View File

@@ -57,7 +57,7 @@ nomad_base_conf:
# TLS Settings
# See the nomad_vault_tls configuration if you want to integrate with vault to obtain and renew the certificates
# See the nomad_vault_secrets configuration if you want to integrate with vault to obtain and renew the certificates
tls:
http: False
rpc: False
@@ -228,23 +228,23 @@ nomad_host_services: {}
nomad_services: "{{ nomad_base_services | combine(nomad_extra_services, recursive=True) | combine(nomad_host_services, recursive=True) }}"
# When using vault to setup TLS for Nomad
nomad_base_vault_tls:
enabled: False
address: "{{ nomad_conf.vault.address | default(omit) }}"
nomad_base_vault_secrets:
vault_address: "{{ nomad_conf.vault.address | default(omit) }}"
# Token to use to issue certificates
# token: XXXXXXXXX
pki:
enabled: False
# The path of the PKI secret where cert will be issued
path: /pki/nomad
role: nomad-{{ nomad_conf.server.enabled | ternary('server', 'client') }}
ttl: 24h
# ttl: 6h # if not set, will use the default ttl of the role
consul_pki:
enabled: False
path: /pki/consul
role: nomad-client # Only nomad clients will use the gRPC endpoint and requires a client cert for consul
ttl: 24h
root_pki:
path: /pki/root # This is used to fetch the top level root CA, as envoy can't validate the chain unless it has it complete up to the auto-signed root
root_path: /pki/root # This is used to fetch the top level root CA, as envoy can't validate the chain unless it has it complete up to the auto-signed root
role: nomad-client # Only nomad clients will use this
# ttl: 6h # if not set, will use the default ttl of the role
nomad_extra_vault_tls: {}
nomad_host_vault_tls: {}
nomad_vault_tls: "{{ nomad_base_vault_tls | combine(nomad_extra_vault_tls, recursive=True) | combine(nomad_host_vault_tls, recursive=True) }}"
nomad_extra_vault_secrets: {}
nomad_host_vault_secrets: {}
nomad_vault_secrets: "{{ nomad_base_vault_secrets | combine(nomad_extra_vault_secrets, recursive=True) | combine(nomad_host_vault_secrets, recursive=True) }}"