remove nomad policies, remove consul from servers

This commit is contained in:
Amarpreet Minhas 2023-03-20 23:17:53 -04:00
parent 5cc64a7170
commit 5395377679
8 changed files with 27 additions and 61 deletions

View file

@ -56,5 +56,5 @@ vault_ca_cert_payload: |
-----END CERTIFICATE----- -----END CERTIFICATE-----
# lnd # lnd
lnd_version: 0.15.4-beta lnd_version: 0.15.5-beta
... ...

View file

@ -2,7 +2,7 @@
- import_playbook: common.yml - import_playbook: common.yml
- import_playbook: vault-server.yml - import_playbook: vault-server.yml
- import_playbook: k3s.yml - import_playbook: k3s.yml
- import_playbook: docker-repo.yml #- import_playbook: docker-repo.yml
- import_playbook: lnd.yml - import_playbook: lnd.yml
- import_playbook: wekan.yml - import_playbook: wekan.yml
... ...

View file

@ -1,4 +1,14 @@
--- ---
- name: remove consul
systemd:
name: consul
state: stopped
enabled: false
- name: daemon-reload
systemd:
daemon_reload: true
- name: apt update - name: apt update
apt: apt:
update_cache: True update_cache: True

View file

@ -1,19 +1,4 @@
--- ---
- name: template k3s server systemd
template:
src: templates/k3s.service.j2
dest: /etc/systemd/system/k3s.service
owner: root
group: root
mode: 0644
- name: enable and start k3s
systemd:
daemon_reload: yes
enabled: yes
name: k3s
state: started
- name: get k3s token - name: get k3s token
slurp: slurp:
src: /var/lib/rancher/k3s/server/node-token src: /var/lib/rancher/k3s/server/node-token
@ -28,4 +13,19 @@
state: link state: link
src: /usr/local/bin/k3s src: /usr/local/bin/k3s
dest: /usr/local/bin/kubectl dest: /usr/local/bin/kubectl
- name: template k3s server systemd
template:
src: templates/k3s.service.j2
dest: /etc/systemd/system/k3s.service
owner: root
group: root
mode: 0644
- name: enable and start k3s
systemd:
daemon_reload: yes
enabled: yes
name: k3s
state: started
... ...

View file

@ -1,30 +0,0 @@
# Allow creating tokens under "nomad-cluster" role.
path "auth/token/create/nomad-cluster" {
capabilities = ["update"]
}
# Allow looking up "nomad-cluster" role.
path "auth/token/roles/nomad-cluster" {
capabilities = ["read"]
}
# Allow looking up incoming tokens to validate they have permissions to access
# the tokens they are requesting.
path "auth/token/lookup" {
capabilities = ["update"]
}
# Allow revoking tokens that should no longer exist.
path "auth/token/revoke-accessor" {
capabilities = ["update"]
}
# Allow checking the capabilities of our own token.
path "sys/capabilities-self" {
capabilities = ["update"]
}
# Allow our own token to be renewed.
path "auth/token/renew-self" {
capabilities = ["update"]
}

View file

@ -1,3 +0,0 @@
path "kv/data/sudoscientist" {
capabilities = ["read"]
}

View file

@ -1,3 +0,0 @@
path "kv/data/wallabag" {
capabilities = ["read"]
}

View file

@ -1,8 +0,0 @@
{
"disallowed_policies": "nomad-server,root",
"token_explicit_max_ttl": 0,
"name": "nomad-cluster",
"orphan": true,
"token_period": 259200,
"renewable": true
}