jpp/ansible-roles
1
0
Fork 0
mirror of https://git.lapiole.org/dani/ansible-roles.git synced 2025-08-03 23:26:58 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update to 2024-10-08 16:00

Browse Source
This commit is contained in:
Daniel Berteaud
2024-10-08 16:00:13 +02:00
parent c8bd6e6109
commit fc993adf3d
11 changed files with 154 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

54
roles/nomad/templates/nomad.hcl.j2
View File

@@ -281,6 +281,35 @@ consul {
]
{% endif %}
{% if nomad_conf.server.enabled %}
{% if nomad_conf.consul.service_identity is defined %}
service_identity {
aud = [
{% for aud in nomad_conf.consul.service_identity.aud | default(['consul.io']) %}
"{{ aud }}",
{% endfor %}
]
ttl = "{{ nomad_conf.consul.service_identity.ttl | default('1h') }}"
}
{% endif %}
{% if nomad_conf.consul.task_identity is defined %}
task_identity {
aud = [
{% for aud in nomad_conf.consul.task_identity.aud | default(['consul.io']) %}
"{{ aud }}",
{% endfor %}
]
ttl = "{{ nomad_conf.consul.task_identity.ttl | default('1h') }}"
{% for key in ['env', 'file'] %}
{% if nomad_conf.consul.task_identity[key] is defined %}
{{ key }} = {{ nomad_conf.consul.task_identity[key] | ternary('true', 'false') }}
{% endif %}
{% endfor %}
}
{% endif %}
{% endif %}
{% if nomad_conf.consul.ssl %}
ssl = true
{% for key in ['ca_file', 'cert_file', 'key_file'] %}
@@ -304,19 +333,38 @@ vault {
{{ key }} = {{ nomad_conf.vault[key] | ternary('true', 'false') }}
{% endif %}
{% endfor %}
{% for key in ['create_from_role'] %}
{% if nomad_conf.vault[key] is defined %}
{{ key }} = "{{ nomad_conf.vault[key] }}"
{% endif %}
{% endfor %}
{% if nomad_conf.server.enabled %}
{% for key in ['address', 'create_from_role', 'task_token_ttl', 'ca_file', 'ca_path', 'cert_file', 'key_file', 'namespace', 'tls_server_name', 'token'] %}
{% for key in ['address', 'task_token_ttl', 'ca_file', 'ca_path', 'cert_file', 'key_file', 'tls_server_name', 'token'] %}
{% if nomad_conf.vault[key] is defined %}
{{ key }} = "{{ nomad_conf.vault[key] }}"
{% endif %}
{% endfor %}
{% if nomad_conf.vault.default_identity is defined %}
default_identity {
aud = [
{% for aud in nomad_conf.vault.default_identity.aud | default(['vault.io']) %}
"{{ aud }}",
{% endfor %}
]
ttl = "{{ nomad_conf.vault.default_identity.ttl | default('1h') }}"
{% for key in ['env', 'file'] %}
{% if nomad_conf.consul.task_identity[key] is defined %}
{{ key }} = {{ nomad_conf.vault.default_identity[key] | ternary('true', 'false') }}
{% endif %}
{% endfor %}
}
{% endif %}
{% elif nomad_conf.client.enabled and not nomad_conf.server.enabled %}
{% for key in ['address', 'ca_file', 'ca_path', 'cert_file', 'key_file', 'namespace', 'tls_server_name'] %}
{% for key in ['namespace', 'address', 'ca_file', 'ca_path', 'cert_file', 'key_file', 'namespace', 'tls_server_name', 'jwt_auth_backend_path'] %}
{% if nomad_conf.vault[key] is defined %}
{{ key }} = "{{ nomad_conf.vault[key] }}"
{% endif %}
{% endfor %}
{% endif %}
}