jpp/ansible-roles
1
0
Fork 0
mirror of https://git.lapiole.org/dani/ansible-roles.git synced 2025-08-07 00:57:00 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update to 2023-07-03 00:00

Browse Source
This commit is contained in:
Daniel Berteaud
2023-07-03 00:00:20 +02:00
parent 71179d1d72
commit 53d90f07e0
33 changed files with 312 additions and 283 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
roles/vault/templates/update_nomad_cert.j2
View File

@@ -1,25 +0,0 @@
#!/bin/sh
set -eo pipefail
NOMAD_TOKEN=$1
VAULT_TOKEN=$2
VAULT_ADDR={{ vault_conf.api_addr }}
if [ "$(vault status -format=json | jq .is_self)" != "true" ]; then
echo "We're not the active vault, exiting"
elif [ "$(vault status -format=json | jq .sealed)" != "false" ]; then
echo "Vault is sealed, exiting"
elif [ "$(vault status -format=json | jq .initialized)" != "true" ]; then
echo "Vault is not initialized yet, exiting"
else
echo Updating Vault certificate to access Nomad API
VAULT_TOKEN=$VAULT_TOKEN \
vault write {{ vault_secrets.nomad.secret.path }}/config/access \
address="{{ vault_secrets.nomad.address }}" \
token="$NOMAD_TOKEN" \
ca_cert="$(cat {{ vault_root_dir }}/tls/nomad_ca.crt)" \
client_cert="$(cat {{ vault_root_dir }}/tls/nomad_client.crt)" \
client_key="$(cat {{ vault_root_dir }}/tls/nomad_client.key)"
fi