vault { address = "{{ nomad_vault_secrets.vault_address }}" token = "{{ nomad_vault_secrets.vault_token }}" unwrap_token = false } # Sleep 25 sec before sending nomad service a reload to prevent it from crashing as # Nomad doesn't support getting a reload while it's still initializing {% if nomad_vault_secrets.pki.enabled %} template { source = "{{ nomad_root_dir }}/consul-template/agent_bundle.pem.tpl" left_delimiter = "[[" right_delimiter = "]]" destination = "{{ nomad_root_dir }}/tls/agent_bundle.pem" perms = 0640 exec { command = "sh -c 'sleep 25 && systemctl reload nomad || true'" } } {% if nomad_conf.server.enabled %} template { source = "{{ nomad_root_dir }}/consul-template/cli_bundle.pem.tpl" destination = "{{ nomad_root_dir }}/tls/cli_bundle.pem" left_delimiter = "[[" right_delimiter = "]]" perms = 0640 } {% endif %} {% if nomad_vault_secrets.consul_pki.enabled and nomad_conf.consul.ssl %} template { source = "{{ nomad_root_dir }}/consul-template/consul_bundle.pem.tpl" destination = "{{ nomad_root_dir }}/tls/consul_bundle.pem" left_delimiter = "[[" right_delimiter = "]]" perms = 0640 exec { command = "sh -c 'sleep 25 && systemctl reload nomad || true'" } } {% endif %} {% endif %}