Add automatic encryption key setup about ansible-nomad HOT 3 CLOSED

Hi @tommyalatalo @lanefu @beechesII
I was about to open an issue on this when I saw this one.
I have a different solution based on the work done in the ansible-consul role: https://github.com/ansible-community/ansible-consul/blob/master/tasks/nix.yml#L58.
I've adjusted this block to nomad by using nomad operator keygen and fetching the existing key from the server.hcl file.

I can open a PR for it to resolve this issue

from ansible-nomad.

Hi @tommyalatalo , @lanefu ,
i think we maybe can use openssl for automatic creation of nomad_encryption variable as mentioned in the Nomad documentation: https://learn.hashicorp.com/tutorials/nomad/security-gossip-encryption

I wrote a little example playbook for this:

---
- hosts: localhost
  gather_facts: true
  vars:
    nomad_encrypt: ""
  tasks:
    - name: generate nomad_encrypt key with openssl
      shell: "openssl rand -base64 32"
      register: nomad_encrypt_raw
      run_once: true
      when: nomad_encrypt | length == 0

    - name: set nomad_encrypt_raw key as nomad_encrypt
      set_fact:
        nomad_encrypt: "{{ nomad_encrypt_raw.stdout }}"
      run_once: true
      when: nomad_encrypt | length == 0

    - name: create client.hcl.j2
      template:
        src: client.hcl.j2
        dest: client.hcl

Output in File:

$> cat client.hcl
nomad_encrypt = "dB8VaV+KGvp0zxw4RabZqOvVHw8+gw7Ee7KfLUwGBNY="

If you think this might be resolv the issue I can create a Pull Request.

from ansible-nomad.

@ygalblum great please open PR and tag me in it

from ansible-nomad.