From 1d6d26428e60fd5eefdb7b456ed30321aa110d67 Mon Sep 17 00:00:00 2001 From: vincent Date: Tue, 22 Mar 2022 18:38:02 +0100 Subject: [PATCH] add vault option --- defaults/main.yml | 6 ++++++ templates/config.hcl.j2 | 11 +++++++++++ 2 files changed, 17 insertions(+) diff --git a/defaults/main.yml b/defaults/main.yml index 0512e0d..5f73114 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -3,3 +3,9 @@ nomad_data_dir: /opt/nomad nomad_bind_addr: 0.0.0.0 nomad_datacenter: dc1 nomad_bootstrap_expect: 3 +nomad_vault_enabled: False +nomad_vault_address: "https://active.vault.service.consul:8200" +nomad_vault_token_ttl: "1h" +nomad_vault_namespace: "secrets/nomad/" +nomad_vault_role: "nomad-cluster" +nomad_vault_token: "" diff --git a/templates/config.hcl.j2 b/templates/config.hcl.j2 index f126a1d..f34add9 100644 --- a/templates/config.hcl.j2 +++ b/templates/config.hcl.j2 @@ -20,3 +20,14 @@ plugin "raw_exec" { consul { address = "127.0.0.1:8500" } + +{% if nomad_vault_enabled %} +vault { + enabled = true + address = {{ nomad_vault_address}} + create_from_role = {{ nomad_vault_role }} + token = {{ nomad_vault_token }} + namespace = {{ nomad_vault_namespace}} + task_token_ttl = {{ nomad_vault_token_ttl }} +} +{% endif %}