jpp/ansible-roles
1
0
Fork 0
mirror of https://git.lapiole.org/dani/ansible-roles.git synced 2025-04-16 02:03:09 +02:00
Code Issues Packages Projects Releases Wiki Activity
ansible-roles/roles/vault/templates/update_nomad_cert.j2
Daniel Berteaud 382804b568 Update to 2022-09-06 18:00
2022-09-06 18:00:22 +02:00

30 lines
1.0 KiB
Django/Jinja
Raw Blame History

#!/bin/sh
set -eo pipefail
NOMAD_TOKEN=$1
VAULT_TOKEN=$2
NOMAD_CERT_BUNDLE={{ vault_root_dir }}/tmp/nomad_client_bundle.json
VAULT_ADDR={{ vault_conf.api_addr }}
if [ "$(vault status -format=json| jq .is_self)" != "true" ]; then
echo "We're not the active vault, exiting"
elif [ "$(vault status -format=json | jq .sealed)" != "false" ]; then
echo "Vault is sealed, exiting"
elif [ "$(vault status -format=json | jq .initialized)" != "true" ]; then
echo "Vault is not initialized yet, exiting"
else
echo Updating Vault certificate to access Nomad API
VAULT_TOKEN=$VAULT_TOKEN \
vault write {{ vault_secrets.nomad.secret.path }}/config/access \
address="{{ vault_secrets.nomad.address }}" \
token="$NOMAD_TOKEN" \
ca_cert="$(cat $NOMAD_CERT_BUNDLE | jq -r .issuing_ca)" \
client_cert="$(cat $NOMAD_CERT_BUNDLE | jq -r .certificate)" \
client_key="$(cat $NOMAD_CERT_BUNDLE | jq -r .private_key)"
fi
echo Removing Nomad client certificate from the filesystem
rm -f $NOMAD_CERT_BUNDLE
Reference in New Issue View Git Blame Copy Permalink