luxolus/open-nomad
2
0
Fork 0
Code Issues 1 Pull requests Packages Releases Wiki Activity
open-nomad/e2e/terraform/nomad-acls.tf
Tim Gross 9f05d62338
E2E with HCP Consul/Vault (#12267) 
Use HCP Consul and HCP Vault for the Consul and Vault clusters used in E2E testing. This has the following benefits:

* Without the need to support mTLS bootstrapping for Consul and Vault, we can simplify the mTLS configuration by leaning on Terraform instead of janky bash shell scripting.
* Vault bootstrapping is no longer required, so we can eliminate even more janky shell scripting
* Our E2E exercises HCP, which is important to us as an organization
* With the reduction in configurability, we can simplify the Terraform configuration and drop the complicated `provision.sh`/`provision.ps1` scripts we were using previously. We can template Nomad configuration files and upload them with the `file` provisioner.
* Packer builds for Linux and Windows become much simpler.

tl;dr way less janky shell scripting!
2022-03-18 09:27:28 -04:00

34 lines
1.3 KiB
HCL
Raw Blame History

# Bootstrapping Nomad ACLs:
# We can't both bootstrap the ACLs and use the Nomad TF provider's
# resource.nomad_acl_token in the same Terraform run, because there's no way
# to get the management token into the provider's environment after we bootstrap.
# So we run a bootstrapping script and write our management token into a file
# that we read in for the output of $(terraform output environment) later.
locals {
nomad_env = "NOMAD_ADDR=https://${aws_instance.server.0.public_ip}:4646 NOMAD_CACERT=keys/tls_ca.crt NOMAD_CLIENT_CERT=keys/tls_api_client.crt NOMAD_CLIENT_KEY=keys/tls_api_client.key"
}
resource "null_resource" "bootstrap_nomad_acls" {
depends_on = [module.nomad_server]
triggers = {
script = data.template_file.bootstrap_nomad_script.rendered
}
provisioner "local-exec" {
command = data.template_file.bootstrap_nomad_script.rendered
}
}
# write the bootstrap token to the keys/ directory (where the ssh key is)
# so that we can read it into the data.local_file later. If not set,
# ensure that it's empty.
data "template_file" "bootstrap_nomad_script" {
template = "${local.nomad_env} ./scripts/bootstrap-nomad.sh"
}
data "local_file" "nomad_token" {
depends_on = [null_resource.bootstrap_nomad_acls]
filename = "${path.root}/keys/nomad_root_token"
}
Reference in a new issue View git blame Copy permalink