43 lines
1.2 KiB
Terraform
43 lines
1.2 KiB
Terraform
|
resource "tls_private_key" "nomad" {
|
||
|
algorithm = "ECDSA"
|
||
|
ecdsa_curve = "P384"
|
||
|
}
|
||
|
|
||
|
resource "tls_cert_request" "nomad" {
|
||
|
key_algorithm = "ECDSA"
|
||
|
private_key_pem = tls_private_key.nomad.private_key_pem
|
||
|
ip_addresses = [var.instance.public_ip, var.instance.private_ip, "127.0.0.1"]
|
||
|
dns_names = ["${var.role}.global.nomad"]
|
||
|
|
||
|
subject {
|
||
|
common_name = "${var.role}.global.nomad"
|
||
|
}
|
||
|
}
|
||
|
|
||
|
resource "tls_locally_signed_cert" "nomad" {
|
||
|
cert_request_pem = tls_cert_request.nomad.cert_request_pem
|
||
|
ca_key_algorithm = var.tls_ca_algorithm
|
||
|
ca_private_key_pem = var.tls_ca_key
|
||
|
ca_cert_pem = var.tls_ca_cert
|
||
|
|
||
|
validity_period_hours = 720
|
||
|
|
||
|
# Reasonable set of uses for a server SSL certificate.
|
||
|
allowed_uses = [
|
||
|
"key_encipherment",
|
||
|
"digital_signature",
|
||
|
"client_auth",
|
||
|
"server_auth",
|
||
|
]
|
||
|
}
|
||
|
|
||
|
resource "local_file" "nomad_client_key" {
|
||
|
sensitive_content = tls_private_key.nomad.private_key_pem
|
||
|
filename = "keys/agent-${var.instance.public_ip}.key"
|
||
|
}
|
||
|
|
||
|
resource "local_file" "nomad_client_cert" {
|
||
|
sensitive_content = tls_locally_signed_cert.nomad.cert_pem
|
||
|
filename = "keys/agent-${var.instance.public_ip}.crt"
|
||
|
}
|