commit 166004904d078be4dead27478556a5a7bae2e272
parent 430611153f69123dadb8cc409aef1eb62260cb5a
Author: Andreas Gruhler <andreas.gruhler@adfinis.com>
Date: Sat, 27 Jul 2024 20:37:06 +0200
fix(vault-tls): process and tls dir
Diffstat:
2 files changed, 5 insertions(+), 23 deletions(-)
diff --git a/hcl/default/vault-tls/nomad-vault-tls.nomad b/hcl/default/vault-tls/nomad-vault-tls.nomad
@@ -10,17 +10,6 @@ variable "user" {
job "vault-tls" {
datacenters = ["dc1"]
-
- # Use batch + distinct_host constraint until system/sysbatch jobs work
- # properly w/ CSI.
- #
- # The sysbatch variant even fails to place the allocation, even though
- # this should be a "multi-node-multi-write" type of access mode:
- #
- # Constraint "missing CSI Volume certbot": 9 nodes excluded by filter
- #
- # 3x3 = 9, but why 9 nodes? I only have 3..
- #
type = "batch"
periodic {
@@ -30,17 +19,10 @@ job "vault-tls" {
}
group "vault-tls" {
- # All groups in this job should be scheduled on different hosts
- count = 3
-
+ count = 5
constraint {
distinct_hosts = true
}
- constraint {
- # bao only running on nomad/consul server nodes
- attribute = "${attr.consul.server}"
- value = "true"
- }
volume "tls" {
type = "csi"
diff --git a/hcl/default/vault-tls/templates/vault-tls.sh.tmpl b/hcl/default/vault-tls/templates/vault-tls.sh.tmpl
@@ -12,10 +12,10 @@ set -o xtrace
{{- $host := env "node.unique.name" }}
# copy certificate files
-sudo cp -f /etc/letsencrypt/live/$1/fullchain.pem /opt/openbao/tls/{{ $host }}.pem
-sudo cp -f /etc/letsencrypt/live/$1/privkey.pem /opt/openbao/tls/{{ $host }}.key
+sudo cp -f /etc/letsencrypt/live/$1/fullchain.pem /etc/openbao/tls/{{ $host }}.pem
+sudo cp -f /etc/letsencrypt/live/$1/privkey.pem /etc/openbao/tls/{{ $host }}.key
# change ownership for bao
-sudo chown openbao: /opt/openbao/tls/{{ $host }}*
+sudo chown openbao: /etc/openbao/tls/{{ $host }}*
-sudo pkill -HUP openbao
+sudo pkill -HUP bao
