Update to 2022-09-20 13:00

roles/nomad/tasks/conf.yml

@@ -133,7 +133,7 @@
 
 - name: Set ACL on the TLS dir
   shell: |
-    setfacl -R -b -k {{ nomad_root_dir }}/tls
+    setfacl -R -k -b {{ nomad_root_dir }}/tls
     {% if nomad_admin_groups | length > 0 %}
     setfacl -m {% for group in nomad_admin_groups %}g:{{ group }}:rx{{ ',' if not loop.last }}{% endfor %} {{ nomad_root_dir }}/tls
     setfacl -m {% for group in nomad_admin_groups %}d:g:{{ group }}:r{{ ',' if not loop.last }}{% endfor %} {{ nomad_root_dir }}/tls
@@ -153,3 +153,22 @@
   when: nomad_vault_secrets.consul_pki.enabled and nomad_conf.consul.ssl
   tags: nomad
 
+- name: Ensure the bridge module is loaded
+  modprobe: name=bridge state=present
+  when: nomad_conf.client.enabled and 'docker' in nomad_enabled_task_drivers
+  tags: nomad
+
+- name: Set sysctl
+  sysctl:
+    name: "{{ item.key }}"
+    value: "{{ item.val }}"
+    sysctl_file: /etc/sysctl.d/nomad.conf
+    state: "{{ (nomad_conf.client.enabled and 'docker' in nomad_enabled_task_drivers) | ternary('present', 'absent') }}"
+  loop:
+    - key: net.bridge.bridge-nf-call-arptables
+      val: 1
+    - key: net.bridge.bridge-nf-call-ip6tables
+      val: 1
+    - key: net.bridge.bridge-nf-call-iptables
+      val: 1
+  tags: nomad

roles/nomad/templates/consul-template.hcl.j2

@@ -31,7 +31,7 @@ template {
 {% if nomad_vault_secrets.consul_pki.enabled and nomad_conf.consul.ssl %}
 template {
   source          = "{{ nomad_root_dir }}/consul-template/consul_bundle.pem.tpl"
-  destination     = "{{ nomad_root_dir }}/tlc/consul_bundle.pem"
+  destination     = "{{ nomad_root_dir }}/tls/consul_bundle.pem"
   left_delimiter  = "[["
   right_delimiter = "]]"
   perms           = 0640