55 lines
1.1 KiB
Ruby
55 lines
1.1 KiB
Ruby
|
# Use Vault to retrieve the token to generate jwt.
|
||
|
|
%w( roleid secretid ).each do |f|
|
||
|
|
encrypted_remote_file "/etc/vault.d/tokens/#{f}" do
|
||
|
|
owner 'root'
|
||
|
|
group 'root'
|
||
|
|
mode '0644'
|
||
|
|
|
||
|
|
source "files/etc/vault.d/tokens/#{f}"
|
||
|
|
password ENV['ITAMAE_PASSWORD']
|
||
|
|
end
|
||
|
|
end
|
||
|
|
|
||
|
|
remote_file '/etc/vault.d/agent/consul-jwt.hcl' do
|
||
|
|
owner 'vault'
|
||
|
|
group 'vault'
|
||
|
|
mode '0644'
|
||
|
|
|
||
|
|
notifies :restart, 'service[vault-agent-consul-jwt]'
|
||
|
|
end
|
||
|
|
|
||
|
|
remote_file '/etc/default/vault-agent-consul-jwt' do
|
||
|
|
owner 'vault'
|
||
|
|
group 'vault'
|
||
|
|
mode '0644'
|
||
|
|
end
|
||
|
|
|
||
|
|
remote_file '/etc/systemd/system/vault-agent-consul-jwt.service' do
|
||
|
|
owner 'root'
|
||
|
|
group 'root'
|
||
|
|
mode '0644'
|
||
|
|
|
||
|
|
notifies :restart, 'service[vault-agent-consul-jwt]'
|
||
|
|
end
|
||
|
|
|
||
|
|
service 'vault-agent-consul-jwt' do
|
||
|
|
action [:enable, :start]
|
||
|
|
end
|
||
|
|
|
||
|
|
# Use consul-template to retrieve the JWT token.
|
||
|
|
remote_file '/etc/consul-template.d/conf/consul-jwt.conf' do
|
||
|
|
owner 'root'
|
||
|
|
group 'root'
|
||
|
|
mode '0644'
|
||
|
|
|
||
|
|
notifies :restart, 'service[consul-template]'
|
||
|
|
end
|
||
|
|
|
||
|
|
remote_file '/etc/consul-template.d/templates/consul-jwt.tmpl' do
|
||
|
|
owner 'root'
|
||
|
|
group 'root'
|
||
|
|
mode '0644'
|
||
|
|
|
||
|
|
notifies :restart, 'service[consul-template]'
|
||
|
|
end
|