commit 6c32662b22ccd3dfef888a5549334628892e7188
parent 4fdc7ffedade3826b5b513b3e8c83e7fc4d5a172
Author: Andreas Gruhler <agruhl@gmx.ch>
Date: Sat, 12 Feb 2022 20:19:04 +0100
feat(nomad): integrate vault
Diffstat:
1 file changed, 13 insertions(+), 0 deletions(-)
diff --git a/nomad.sh b/nomad.sh
@@ -92,6 +92,14 @@ server {
enabled = true
bootstrap_expect = 3
}
+
+vault {
+ # https://www.nomadproject.io/docs/configuration/vault
+ enabled = true
+ address = "https://127.0.0.1:8200"
+ create_from_role = "nomad-cluster"
+}
+
EOF
# Configure systemd service unit
@@ -103,6 +111,7 @@ Wants=network-online.target
After=network-online.target
[Service]
+EnvironmentFile=/etc/nomad.d/nomad.env
ExecReload=/bin/kill -HUP
ExecStart=/usr/local/bin/nomad agent -config /etc/nomad.d
KillMode=process
@@ -119,6 +128,10 @@ TasksMax=infinity
WantedBy=multi-user.target
EOF
+# Add VAULT_TOKEN placeholder, replace w/ real token
+# https://www.nomadproject.io/docs/integrations/vault-integration
+echo "VAULT_TOKEN=changeme" > /etc/nomad.d/nomad.env
+
systemctl enable nomad
# Configure .bashrc
