29 lines
835 B
Django/Jinja
29 lines
835 B
Django/Jinja
datacenter = "{{ main_dc_name }}"
|
|
data_dir = "/opt/nomad"
|
|
|
|
server {
|
|
enabled = true
|
|
bootstrap_expect = 1
|
|
}
|
|
|
|
vault {
|
|
enabled = true
|
|
ca_file = "/etc/pki/certs/{{ vault_ca_cert_name }}"
|
|
token = "{{ lookup('hashi_vault', 'secret=kv/data/nomad:data ca_cert=/etc/pki/certs/MaskedName_Root_CA.crt')['vault-token'] }}"
|
|
address = "https://vault.service.{{ consul_domain }}:8200"
|
|
create_from_role = "nomad-cluster"
|
|
unwrap_token = true
|
|
}
|
|
|
|
consul {
|
|
token = "{{ lookup('hashi_vault', 'secret=kv/data/nomad:data ca_cert=/etc/pki/certs/MaskedName_Root_CA.crt')['consul-acl-server'] }}"
|
|
}
|
|
|
|
tls {
|
|
http = true
|
|
rpc = true
|
|
ca_file = "/etc/pki/certs/{{ vault_ca_cert_name }}"
|
|
cert_file = "/etc/nomad.d/certs/nomad.pem"
|
|
key_file = "/etc/nomad.d/certs/nomad.key"
|
|
}
|