commit 438c43aa2f5f7f3604abece98890285f7e5ef6e6
parent cc2525a002adc4ee82626b09969aef4d354ab2ed
Author: Andreas Gruhler <agruhl@gmx.ch>
Date: Fri, 31 Jan 2025 00:17:12 +0100
fix: TLS_DIR order and quotes
Diffstat:
| M | nomad.sh | | | 27 | ++++++++++++++------------- |
1 file changed, 14 insertions(+), 13 deletions(-)
diff --git a/nomad.sh b/nomad.sh
@@ -9,16 +9,6 @@ set -o xtrace
cd "/home/${USERNAME}"
-# Move uploaded tls files
-TLS_DIR=/etc/nomad.d/tls
-mkdir -p $TLS_DIR
-mv /tmp/tls/* $TLS_DIR
-
-chmod 640 $TLS_DIR/*.pem
-chmod 644 $TLS_DIR/dc1-{cli,client,server}*
-chmod 644 $TLS_DIR/nomad-agent-ca.pem
-chmod 644 $TLS_DIR/nomad-agent-ca.p12
-
# Install podman driver for Nomad
# https://developer.hashicorp.com/nomad/plugins/drivers/community/containerd
curl -LO "https://releases.hashicorp.com/nomad-driver-podman/${NOMAD_PODMAN_DRIVER_VERSION}/nomad-driver-podman_${NOMAD_PODMAN_DRIVER_VERSION}_linux_arm64.zip"
@@ -29,10 +19,21 @@ mv nomad-driver-podman /opt/nomad/plugins/
# Create Nomad data directory
mkdir -p /opt/nomad
-# Create Nomads config files
+# Prepare Nomad config folders
mkdir -p /etc/nomad.d
rm -rf /etc/nomad.d/*
+# Move uploaded tls files
+TLS_DIR=/etc/nomad.d/tls
+mkdir -p $TLS_DIR
+mv /tmp/tls/* $TLS_DIR
+
+chmod 640 $TLS_DIR/*.pem
+chmod 644 $TLS_DIR/dc1-{cli,client,server}*
+chmod 644 $TLS_DIR/nomad-agent-ca.pem
+chmod 644 $TLS_DIR/nomad-agent-ca.p12
+
+# Nomad config files
cat << EOF > /etc/nomad.d/nomad.hcl
datacenter = "dc1"
data_dir = "/opt/nomad"
@@ -47,13 +48,13 @@ vault {
$(if [[ "$NOMAD_SERVER" = true ]]; then
# Only servers create further Tokens for clients from the Token role
# https://developer.hashicorp.com/nomad/docs/configuration/vault#nomad-client
- echo -e "
+ echo -e '
# default workload identity for bao
# https://developer.hashicorp.com/nomad/docs/configuration/vault#default_identity
default_identity {
aud = ["vault.in0rdr.ch"]
ttl = "1h"
- }"
+ }'
fi)
}
