Update to 2023-07-08 16:00

2025-08-02 14:55:37 +02:00 · 2023-07-08 16:00:11 +02:00
parent f16dd6e98d
commit d87c1bdc89
60 changed files with 708 additions and 439 deletions
--- a/roles/vault_agent/templates/nomad/nomad.hcl.j2
+++ b/roles/vault_agent/templates/nomad/nomad.hcl.j2
@@ -0,0 +1,69 @@
+{% if vault_agent_nomad.vault_token.enabled %}
+template {
+  source          = "{{ vault_agent_root_dir }}/templates/nomad/vault.env.tpl"
+  destination     = "/run/nomad/vault.env"
+  left_delimiter  = "[["
+  right_delimiter = "]]"
+  perms           = 0640
+  exec {
+    # Wait a few sec before reloading Nomad as it fails if reloaded while not fully initialized yet
+    command = ["chown", ":{{ nomad_user }}", "/run/nomad/vault.env"]
+  }
+}
+{% endif %}
+
+{% if vault_agent_nomad.nomad_pki.enabled %}
+template {
+  source          = "{{ vault_agent_root_dir }}/templates/nomad/agent_bundle.pem.tpl"
+  destination     = "{{ nomad_root_dir }}/tls/agent_bundle.pem"
+  left_delimiter  = "[["
+  right_delimiter = "]]"
+  perms           = 0640
+  exec {
+    # Wait a few sec before reloading Nomad as it fails if reloaded while not fully initialized yet
+    command = ["sh", "-c", "sleep 15 && systemctl reload nomad || true"]
+  }
+}
+
+{% if nomad_conf.server.enabled %}
+template {
+  source          = "{{ vault_agent_root_dir }}/templates/nomad/cli_bundle.pem.tpl"
+  destination     = "{{ nomad_root_dir }}/tls/cli_bundle.pem"
+  left_delimiter  = "[["
+  right_delimiter = "]]"
+  perms           = 0640
+{% if vault_agent_nomad.nomad_pki.cli.enabled and vault_agent_nomad.nomad_pki.cli.secret_path is defined %}
+  exec {
+    command = "{{ vault_agent_root_dir }}/bin/update_nomad_cert.sh"
+  }
+{% endif %}
+}
+{% endif %}
+{% endif %}
+
+
+{% if vault_agent_nomad.consul_pki.enabled and nomad_conf.consul.ssl %}
+template {
+  source          = "{{ vault_agent_root_dir }}/templates/nomad/consul_bundle.pem.tpl"
+  destination     = "{{ nomad_root_dir }}/tls/consul_bundle.pem"
+  left_delimiter  = "[["
+  right_delimiter = "]]"
+  perms           = 0640
+  exec {
+    command = ["sh", "-c", "chown :{{ nomad_user }} && sleep 15 && systemctl reload nomad || true"]
+  }
+}
+{% endif %}
+
+{% if vault_agent_nomad.consul_token.enabled %}
+template {
+  source          = "{{ vault_agent_root_dir }}/templates/nomad/consul.env.tpl"
+  destination     = "/run/nomad/consul.env"
+  left_delimiter  = "[["
+  right_delimiter = "]]"
+  perms           = 0640
+  exec {
+    command = ["chown", ":{{ nomad_user}}", "/run/nomad/consul.env"]
+  }
+}
+{% endif %}