44 lines
1.3 KiB
Django/Jinja
44 lines
1.3 KiB
Django/Jinja
vault {
|
|
address = "{{ nomad_vault_secrets.vault_address }}"
|
|
token = "{{ nomad_vault_secrets.vault_token }}"
|
|
unwrap_token = false
|
|
}
|
|
|
|
# Sleep 25 sec before sending nomad service a reload to prevent it from crashing as
|
|
# Nomad doesn't support getting a reload while it's still initializing
|
|
{% if nomad_vault_secrets.pki.enabled %}
|
|
template {
|
|
source = "{{ nomad_root_dir }}/consul-template/agent_bundle.pem.tpl"
|
|
left_delimiter = "[["
|
|
right_delimiter = "]]"
|
|
destination = "{{ nomad_root_dir }}/tls/agent_bundle.pem"
|
|
perms = 0640
|
|
exec {
|
|
command = "sh -c 'sleep 25 && systemctl reload nomad || true'"
|
|
}
|
|
}
|
|
|
|
{% if nomad_conf.server.enabled %}
|
|
template {
|
|
source = "{{ nomad_root_dir }}/consul-template/cli_bundle.pem.tpl"
|
|
destination = "{{ nomad_root_dir }}/tls/cli_bundle.pem"
|
|
left_delimiter = "[["
|
|
right_delimiter = "]]"
|
|
perms = 0640
|
|
}
|
|
{% endif %}
|
|
|
|
{% if nomad_vault_secrets.consul_pki.enabled and nomad_conf.consul.ssl %}
|
|
template {
|
|
source = "{{ nomad_root_dir }}/consul-template/consul_bundle.pem.tpl"
|
|
destination = "{{ nomad_root_dir }}/tls/consul_bundle.pem"
|
|
left_delimiter = "[["
|
|
right_delimiter = "]]"
|
|
perms = 0640
|
|
exec {
|
|
command = "sh -c 'sleep 25 && systemctl reload nomad || true'"
|
|
}
|
|
}
|
|
{% endif %}
|
|
{% endif %}
|