Update to 2022-09-20 13:00

2025-08-07 00:57:00 +02:00 · 2022-09-20 13:00:08 +02:00
parent 66df749295
commit e6019f8e32
12 changed files with 50 additions and 26 deletions
--- a/roles/vault/templates/update_nomad_cert.j2
+++ b/roles/vault/templates/update_nomad_cert.j2
@@ -5,7 +5,6 @@ set -eo pipefail
 NOMAD_TOKEN=$1
 VAULT_TOKEN=$2

-NOMAD_CERT_BUNDLE={{ vault_root_dir }}/tmp/nomad_client_bundle.json
 VAULT_ADDR={{ vault_conf.api_addr }}

 if [ "$(vault status -format=json| jq .is_self)" != "true" ]; then
@@ -20,10 +19,7 @@ else
    vault write {{ vault_secrets.nomad.secret.path }}/config/access \
      address="{{ vault_secrets.nomad.address }}" \
      token="$NOMAD_TOKEN" \
-      ca_cert="$(cat $NOMAD_CERT_BUNDLE | jq -r .issuing_ca)" \
-      client_cert="$(cat $NOMAD_CERT_BUNDLE | jq -r .certificate)" \
-      client_key="$(cat $NOMAD_CERT_BUNDLE | jq -r .private_key)"
+      ca_cert="$(cat {{ vault_root_dir }}/tls/nomad_ca.crt)" \
+      client_cert="$(cat {{ vault_root_dir }}/tls/nomad_client.crt)" \
+      client_key="$(cat {{ vault_root_dir }}/tls/nomad_client.key)"
 fi
-
-echo Removing Nomad client certificate from the filesystem
-rm -f $NOMAD_CERT_BUNDLE