566dae7b19
Adds a `nomad_acls` flag to our Terraform stack that bootstraps Nomad ACLs via a `local-exec` provider. There's no way to set the `NOMAD_TOKEN` in the Nomad TF provider if we're bootstrapping in the same Terraform stack, so instead of using `resource.nomad_acl_token`, we also bootstrap a wide-open anonymous policy. The resulting management token is exported as an environment var with `$(terraform output environment)` and tests that want stricter ACLs will be able to write them using that token. This should also provide a basis to do similar work with Consul ACLs in the future. |
||
|---|---|---|
| .. | ||
| disable-windows-updates.ps1 | ||
| fix-tls.ps1 | ||
| install-consul.ps1 | ||
| install-docker.ps1 | ||
| install-nuget.ps1 | ||
| install-openssh.ps1 | ||
| install-tools.ps1 | ||
| install-vault.ps1 | ||
| provision.ps1 | ||
| README.md | ||
| setup-directories.ps1 | ||
| setupwinrm.ps1 | ||
Windows Packer Build
There are a few boilerplate items in the Powershell scripts, explained below.
The default TLS protocol in the version of .NET that our Powershell cmdlets are built in it 1.0, which means plenty of properly configured HTTP servers will reject requests. The boilerplate snippet below sets this for the current script:
# Force TLS1.2
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
We need to run some of the scripts as an administrator role. The following is a safety check that we're doing so:
$RunningAsAdmin = ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")
if (!$RunningAsAdmin) {
Write-Error "Must be executed in Administrator level shell."
exit 1
}