Update to 2024-09-26 14:00

roles/nomad/tasks/conf.yml

@@ -38,17 +38,18 @@
       template: src=jwks-proxy.conf.j2 dest={{ nomad_root_dir }}/jwks-proxy/nginx.conf
       notify: reload nomad-jwks-proxy
 
-    - name: Deploy jwks-proxy unit
-      template: src=jwks-proxy.service.j2 dest=/etc/systemd/system/nomad-jwks-proxy.service
-      register: nomad_jwks_proxy_unit
-
     - name: Deploy logrotate conf
       template: src=logrotate.conf.j2 dest=/etc/logrotate.d/nomad-jwks-proxy
   tags: nomad
 
+- name: Deploy jwks-proxy unit
+  template: src=jwks-proxy.service.j2 dest=/etc/systemd/system/nomad-jwks-proxy.service
+  register: nomad_jwks_proxy_unit
+  tags: nomad
+
 - name: Reload systemd
   systemd: daemon_reload=true
-  when: nomad_jwks_proxy_unit is defined and nomad_jwks_proxy_unit.changed
+  when: nomad_jwks_proxy_unit.changed
   tags: nomad
 
 - name: Copy consul cert as consul CA

roles/vault_agent/templates/nomad/nomad.hcl.j2

@@ -21,7 +21,7 @@ template {
   perms           = 0640
   exec {
     # Wait a few sec before reloading Nomad as it fails if reloaded while not fully initialized yet
-    command = ["sh", "-c", "sleep 15 && systemctl reload nomad || true"]
+    command = ["sh", "-c", "sleep 15 && systemctl reload nomad{% if nomad_conf.tls.http and nomad_conf.server.enabled %} nomad-jwks-proxy{% endif %} || true"]
   }
 }
 

roles/vault_bin/defaults/main.yml

@@ -1,7 +1,7 @@
 # Version of Vault to install
-vault_version: 1.17.5
+vault_version: 1.17.6
 # URL of the archive
 vault_archive_url: https://releases.hashicorp.com/vault/{{ vault_version }}/vault_{{ vault_version }}_linux_amd64.zip
 # Expected sha256 of the archive
-vault_archive_sha256: 67eb9f95d37975e2525bbd455e19528a7759f3a56022de064bf8605fc220be47
+vault_archive_sha256: 0cddc1fbbb88583b5ba5b845f9f8fae47c6fb39a6d48cd543c6ba6fd3ac1a669