nomad

HCL and Docker files for Nomad deployments
git clone https://git.in0rdr.ch/nomad.git
Log | Files | Refs | Pull requests |Archive

commit 166004904d078be4dead27478556a5a7bae2e272
parent 430611153f69123dadb8cc409aef1eb62260cb5a
Author: Andreas Gruhler <andreas.gruhler@adfinis.com>
Date:   Sat, 27 Jul 2024 20:37:06 +0200

fix(vault-tls): process and tls dir

Diffstat:
Mhcl/default/vault-tls/nomad-vault-tls.nomad | 20+-------------------
Mhcl/default/vault-tls/templates/vault-tls.sh.tmpl | 8++++----
2 files changed, 5 insertions(+), 23 deletions(-)

diff --git a/hcl/default/vault-tls/nomad-vault-tls.nomad b/hcl/default/vault-tls/nomad-vault-tls.nomad @@ -10,17 +10,6 @@ variable "user" { job "vault-tls" { datacenters = ["dc1"] - - # Use batch + distinct_host constraint until system/sysbatch jobs work - # properly w/ CSI. - # - # The sysbatch variant even fails to place the allocation, even though - # this should be a "multi-node-multi-write" type of access mode: - # - # Constraint "missing CSI Volume certbot": 9 nodes excluded by filter - # - # 3x3 = 9, but why 9 nodes? I only have 3.. - # type = "batch" periodic { @@ -30,17 +19,10 @@ job "vault-tls" { } group "vault-tls" { - # All groups in this job should be scheduled on different hosts - count = 3 - + count = 5 constraint { distinct_hosts = true } - constraint { - # bao only running on nomad/consul server nodes - attribute = "${attr.consul.server}" - value = "true" - } volume "tls" { type = "csi" diff --git a/hcl/default/vault-tls/templates/vault-tls.sh.tmpl b/hcl/default/vault-tls/templates/vault-tls.sh.tmpl @@ -12,10 +12,10 @@ set -o xtrace {{- $host := env "node.unique.name" }} # copy certificate files -sudo cp -f /etc/letsencrypt/live/$1/fullchain.pem /opt/openbao/tls/{{ $host }}.pem -sudo cp -f /etc/letsencrypt/live/$1/privkey.pem /opt/openbao/tls/{{ $host }}.key +sudo cp -f /etc/letsencrypt/live/$1/fullchain.pem /etc/openbao/tls/{{ $host }}.pem +sudo cp -f /etc/letsencrypt/live/$1/privkey.pem /etc/openbao/tls/{{ $host }}.key # change ownership for bao -sudo chown openbao: /opt/openbao/tls/{{ $host }}* +sudo chown openbao: /etc/openbao/tls/{{ $host }}* -sudo pkill -HUP openbao +sudo pkill -HUP bao