Comments (3)
Hi @tommyalatalo @lanefu @beechesII
I was about to open an issue on this when I saw this one.
I have a different solution based on the work done in the ansible-consul role: https://github.com/ansible-community/ansible-consul/blob/master/tasks/nix.yml#L58.
I've adjusted this block to nomad by using nomad operator keygen and fetching the existing key from the server.hcl file.
I can open a PR for it to resolve this issue
from ansible-nomad.
Hi @tommyalatalo , @lanefu ,
i think we maybe can use openssl for automatic creation of nomad_encryption variable as mentioned in the Nomad documentation: https://learn.hashicorp.com/tutorials/nomad/security-gossip-encryption
I wrote a little example playbook for this:
---
- hosts: localhost
gather_facts: true
vars:
nomad_encrypt: ""
tasks:
- name: generate nomad_encrypt key with openssl
shell: "openssl rand -base64 32"
register: nomad_encrypt_raw
run_once: true
when: nomad_encrypt | length == 0
- name: set nomad_encrypt_raw key as nomad_encrypt
set_fact:
nomad_encrypt: "{{ nomad_encrypt_raw.stdout }}"
run_once: true
when: nomad_encrypt | length == 0
- name: create client.hcl.j2
template:
src: client.hcl.j2
dest: client.hcl
Output in File:
$> cat client.hcl
nomad_encrypt = "dB8VaV+KGvp0zxw4RabZqOvVHw8+gw7Ee7KfLUwGBNY="
If you think this might be resolv the issue I can create a Pull Request.
from ansible-nomad.
@ygalblum great please open PR and tag me in it
from ansible-nomad.
Related Issues (20)
- Unable to apply allow_caps to Docker config under nomad_plugins HOT 1
- bootstrap_expect is wrong when using consul HOT 1
- Windows client support
- Packer build using this role HOT 1
- Enable nomad_encrypt_enable by default.
- Question: How feasible would it be to use this role to deploy a Nomad server and a Nomad client on the same machine? HOT 1
- _poor^ *src.crt
- What specific task needs sudo/root privilege's when nomad_user is not root?
- There's a duplicate config for the consul ssl, line 25-28 & 43-46. HOT 2
- Combining This Role With ‘ansible-consul’ HOT 5
- These additions are redundant and cause an error because Consul does not expect duplicated config.
- Upgrade default raft version to 3
- Is this playbook able to upgrade a nomad binary? HOT 1
- Add MacOS support
- nomad operator keygen does not work on new set up
- When running nomad as root and ansible_manage_group is true, existing root user's group ID is changed from 0 to 1
- Nomad 1.7.0 compatibility issue with 'consul' Block HOT 7
- Helping with maintaining the collection HOT 7
- ansible.builtin.include was removed from ansible-core 2.16 version HOT 1
- Ubuntu 18.04 and 20.04 support regression HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ansible-nomad.