Update to 2023-07-25 10:00

2025-07-27 00:05:44 +02:00 · 2023-07-25 10:00:20 +02:00
parent a46990279b
commit e033ed4f44
13 changed files with 22 additions and 17 deletions
--- a/roles/vault_agent/templates/nomad/nomad.hcl.j2
+++ b/roles/vault_agent/templates/nomad/nomad.hcl.j2
@@ -34,7 +34,7 @@ template {
  perms           = 0640
 {% if vault_agent_nomad.nomad_pki.cli.enabled and vault_agent_nomad.nomad_pki.cli.secret_path is defined %}
  exec {
-    command = ["sh", "-c", "export $(cat /run/nomad/vault.env) && {{ vault_agent_root_dir }}/bin/update_nomad_cert.sh"]
+    command = ["{{ vault_agent_root_dir }}/bin/update_nomad_cert.sh"]
  }
 {% endif %}
 }
--- a/roles/vault_agent/templates/nomad/update_nomad_cert.sh.j2
+++ b/roles/vault_agent/templates/nomad/update_nomad_cert.sh.j2
@@ -13,6 +13,10 @@ elif [ "$(echo ${VAULT_STATUS} | jq .initialized)" != "true" ]; then
  echo "Vault is not initialized yet, exiting"
 else
  echo Updating Vault certificate to access Nomad API
+  if [ -z "${VAULT_TOKEN}" -a -e /run/nomad/vault.env ]; then
+    echo "Using VAULT_TOKEN from Nomad agent"
+    export $(cat /run/nomad/vault.env)
+  fi
  vault write {{ vault_agent_nomad.nomad_pki.cli.secret_path | default('nomad') }}/config/access \
    ca_cert="$(cat {{ nomad_root_dir }}/tls/ca.crt)" \
    client_cert="$(cat {{ nomad_root_dir }}/tls/cli.crt)" \