infra/ansible/roles/nomad_client/templates/nomad.hcl.j2

45 lines
1.1 KiB
Text
Raw Normal View History

datacenter = "{{ main_dc_name }}"
data_dir = "/opt/nomad"
client {
enabled = true
options {
"docker.volumes.enabled" = true
}
meta {
{% for nomad_meta in nomad_meta_values %}
"{{ nomad_meta.name }}" = "{{ nomad_meta.value }}"
{% endfor %}
}
}
consul {
2022-11-06 02:11:23 +00:00
token = "{{ lookup('hashi_vault', 'secret=kv/data/nomad:consul-acl-client ca_cert=/etc/pki/certs/MaskedName_Root_CA.crt') }}"
}
2020-10-01 00:59:50 +00:00
vault {
enabled = true
ca_file = "/etc/pki/certs/{{ vault_ca_cert_name }}"
2022-11-06 02:11:23 +00:00
token = "{{ lookup('hashi_vault', 'secret=kv/data/nomad:vault-token ca_cert=/etc/pki/certs/MaskedName_Root_CA.crt') }}"
address = "https://vault.service.{{ consul_domain }}:8200"
create_from_role = "nomad-cluster"
unwrap_token = true
}
2020-10-01 02:37:18 +00:00
tls {
http = true
rpc = true
ca_file = "/etc/pki/certs/{{ vault_ca_cert_name }}"
cert_file = "/etc/nomad.d/certs/nomad.pem"
key_file = "/etc/nomad.d/certs/nomad.key"
}
2020-10-01 00:59:50 +00:00
plugin_dir = "/opt/nomad_plugins"
plugin "nomad-driver-podman" {
enabled = true
config {
2022-03-26 22:06:26 +00:00
socket_path = "unix:///run/user/{{ getent_passwd.podman[1] }}/podman/podman.sock"
}
2020-10-01 00:59:50 +00:00
}