|
|
d1297a02c9
|
Merge pull request 'Modify indent.' (#11) from modify-indent into master
Reviewed-on: #11
|
2022-07-10 07:30:03 +00:00 |
|
|
|
956cf439ee
|
Modify indent.
|
2022-07-10 16:28:49 +09:00 |
|
|
|
b8d053126c
|
Merge pull request 'Consul Connect Support' (#4) from consul-connect-support into master
Reviewed-on: #4
|
2022-07-10 07:26:33 +00:00 |
|
|
|
73f7ec44b7
|
Enable Consul Connect for client side.
|
2022-07-10 16:22:28 +09:00 |
|
|
|
37d51b5ed5
|
Create /etc/vault.d/agent & /etc/vault.d/tokens directory.
```
--- a/cookbooks/vault/default.rb
+++ b/cookbooks/vault/default.rb
@@ -2,6 +2,14 @@ include_recipe './attributes.rb'
include_recipe './install.rb'
+%w( agent tokens ).each do |d|
+ directory "/etc/vault.d/#{d}" do
+ owner 'vault'
+ group 'vault'
+ mode '0755'
+ end
+end
+
if node['vault']['manager']
include_recipe './setup.rb'
end
```
|
2022-07-10 16:22:28 +09:00 |
|
|
|
48702191fe
|
Allow Consul gcp port to communicate.
```
--- a/cookbooks/consul/setup.rb
+++ b/cookbooks/consul/setup.rb
@@ -44,7 +44,7 @@ service 'consul' do
end
# iptables settings here:
-%w( 8300/tcp 8301/tcp 8301/udp 8500/tcp ).each do |port|
+%w( 8300/tcp 8301/tcp 8301/udp 8500/tcp 8502/tcp ).each do |port|
execute "ufw allow #{port}" do
user 'root'
```
|
2022-07-10 16:22:28 +09:00 |
|
|
|
c15c2f3de8
|
Start Consul after Vault generates the jwt token.
```
--- a/cookbooks/consul/files/etc/systemd/system/consul.service
+++ b/cookbooks/consul/files/etc/systemd/system/consul.service
@@ -2,7 +2,7 @@
Description="HashiCorp Consul - A service mesh solution"
Documentation=https://www.consul.io/
Requires=network-online.target
-After=network-online.target
+After=network-online.target vault-agent-consul-jwt.target
ConditionFileNotEmpty=/etc/consul.d/consul.hcl
[Service]
```
|
2022-07-10 16:22:28 +09:00 |
|
|
|
94489f71d5
|
Modify consul.hcl template to support Consul Connect.
|
2022-07-10 16:22:28 +09:00 |
|
|
|
43fbbe1f18
|
Support Ubuntu 22.04.
|
2022-07-10 14:32:35 +09:00 |
|
|
|
cb66b7eed3
|
Install Vault before Consul.
|
2022-07-10 14:32:18 +09:00 |
|
|
|
8193d651a8
|
Merge pull request 'node jsonファイルのサンプルを追加' (#10) from add-example-of-node-json into master
Reviewed-on: #10
|
2022-07-03 12:47:13 +00:00 |
|
|
|
7beddd8b59
|
Add node json example.
|
2022-07-03 21:46:04 +09:00 |
|
|
|
c638d97a55
|
Manage node example json under git.
|
2022-07-03 21:46:04 +09:00 |
|
|
|
0d1bcb5108
|
Merge pull request 'Modify the logic to decide the download URL.' (#9) from modify-logic-to-decide-url into master
Reviewed-on: #9
|
2022-07-03 12:37:40 +00:00 |
|
|
|
ba7d01f16d
|
Modify the logic to decide the download URL.
|
2022-07-03 21:36:19 +09:00 |
|
|
|
971e1adf8e
|
Merge pull request 'Modify Github repository URI from git to https.' (#8) from modify-github-repositories into master
Reviewed-on: #8
|
2022-07-03 12:32:51 +00:00 |
|
|
|
8f09026fed
|
Modify Github repository URI from git to https.
|
2022-07-03 21:29:46 +09:00 |
|
|
|
569423ee2d
|
Merge pull request 'Bump gems' versions.' (#7) from bump-gems-version into master
Reviewed-on: #7
|
2022-07-03 12:27:30 +00:00 |
|
|
|
2d165906e6
|
Bump gems' versions.
|
2022-07-03 21:26:20 +09:00 |
|
|
|
52ce9574d7
|
Merge pull request 'Bump ruby version.' (#6) from bump-ruby-version into master
Reviewed-on: #6
|
2022-07-03 12:25:34 +00:00 |
|
|
|
195b85a32c
|
Bump ruby version.
|
2022-07-03 21:23:53 +09:00 |
|
|
|
cdbd937455
|
Merge pull request 'Deploy /etc/logrotate.d/vault.' (#5) from vault-audit-log-rotation into master
Reviewed-on: #5
|
2022-07-02 11:40:31 +00:00 |
|
|
|
4455fe6b62
|
Deploy /etc/logrotate.d/vault.
|
2022-07-02 11:40:31 +00:00 |
|
|
|
6ed1e9cf90
|
Merge pull request 'NomadでConsul Connectジョブを利用できるようにする' (#3) from nomad-modify into master
Reviewed-on: #3
|
2022-03-14 14:22:17 +00:00 |
|
|
|
4a57c21614
|
Deploy example Consul Connect job.
|
2022-03-14 23:19:25 +09:00 |
|
|
|
ef40d3dc01
|
Create /etc/nomad.d/jobs
|
2022-03-14 23:19:25 +09:00 |
|
|
|
9a5a78d657
|
Deploy /etc/nomad.d/policies/anonymous.hcl.
|
2022-03-14 23:19:25 +09:00 |
|
|
|
ce7a80db7a
|
Create /etc/nomad.d/policies/ directory.
|
2022-03-14 23:17:44 +09:00 |
|
|
|
a882f52b3f
|
Delete shared_dir.rb.
|
2022-03-14 23:17:32 +09:00 |
|
|
|
64066ab78f
|
Add consul stanza.
|
2022-03-14 23:17:12 +09:00 |
|
|
|
34a2f107e7
|
Merge pull request 'Vaultサーバのセットアップファイルのデプロイ' (#2) from vault-server into master
Reviewed-on: #2
|
2022-03-13 12:50:29 +00:00 |
|
|
|
3bd4973c90
|
Deploy Vault policies.
|
2022-03-13 21:48:27 +09:00 |
|
|
|
cf79f30c4d
|
Create /etc/vault.d/policies/.
|
2022-03-13 21:46:00 +09:00 |
|
|
|
da78e76d19
|
Deploy /etc/vault.d/vault.hcl.
|
2022-03-13 21:45:36 +09:00 |
|
|
|
7681522b6b
|
Specify the default Vault managers.
```
--- a/cookbooks/vault/attributes.rb
+++ b/cookbooks/vault/attributes.rb
@@ -21,5 +21,6 @@ node.reverse_merge!({
'manager' => false,
'ipaddr' => ipaddr,
'hostname' => hostname,
+ 'ips' => ['192.168.10.141', '192.168.10.142', '192.168.10.143'],
}
})
```
|
2022-03-13 21:45:17 +09:00 |
|
|
|
67fab4951a
|
Retrieve hostname.
|
2022-03-13 21:45:01 +09:00 |
|
|
|
6fa35a923b
|
Retrieve IP address.
|
2022-03-13 21:44:18 +09:00 |
|
|
|
a917563b06
|
Conduct setup procedures, when explicitly requested.
|
2022-03-13 21:43:52 +09:00 |
|
|
|
9be1deae21
|
Merge pull request 'Vaultをインストールする' (#1) from install-vault into master
Reviewed-on: #1
|
2022-03-12 11:59:43 +00:00 |
|
|
|
28e3f21141
|
Install Vault.
|
2022-03-12 11:59:44 +00:00 |
|
|
|
8e1638d5e6
|
Install Vault by default:
```
include_recipe '../cookbooks/vector/default.rb'
include_recipe '../cookbooks/prometheus-exporters/default.rb'
include_recipe '../cookbooks/nomad/default.rb'
+include_recipe '../cookbooks/vault/default.rb'
```
|
2022-03-12 11:59:44 +00:00 |
|
|
|
e340adfdcd
|
Merge pull request 'Add CSI support for nomad.' (#95) from nomad-csi-support into master
Reviewed-on: #95
|
2022-01-14 23:54:37 +09:00 |
|
|
|
2bec4d88f3
|
Do not deploy docker-registry.hcl.
|
2022-01-14 23:52:59 +09:00 |
|
|
|
8c712e6ffa
|
Delete /etc/nomad.d/datadir.hcl.
|
2022-01-14 23:52:59 +09:00 |
|
|
|
5e176ff230
|
Modify /etc/nomad.d/client.hcl:
```
--- a/cookbooks/nomad/files/etc/nomad.d/client.hcl
+++ b/cookbooks/nomad/files/etc/nomad.d/client.hcl
@@ -1,13 +1,3 @@
-# /etc/nomad.d/server.hcl
-
client {
- enabled = true
-}
-
-plugin "docker" {
- config {
- volumes {
- enabled = true
- }
- }
+ enabled = true
}
```
|
2022-01-14 23:52:58 +09:00 |
|
|
|
935f773bca
|
Deploy csi settings.
|
2022-01-14 23:52:58 +09:00 |
|
|
|
4c0c65fc1f
|
[WIP] Add CSI support for nomad.
nomadのCSIサポート機能を有効にします
|
2022-01-10 15:31:52 +09:00 |
|
|
|
d898ea65b4
|
Merge pull request 'nomad用のPromtail設定ファイルのデプロイ' (#94) from promtail-setting-for-nomad into master
Reviewed-on: #94
|
2022-01-10 15:29:00 +09:00 |
|
|
|
de06f5575c
|
Add logrotated config for nomad log files.
```
--- /dev/null
+++ b/cookbooks/nomad/files/etc/logrotate.d/nomad
@@ -0,0 +1,13 @@
+/var/log/nomad.log
+{
+ rotate 4
+ weekly
+ missingok
+ notifempty
+ compress
+ delaycompress
+ sharedscripts
+ postrotate
+ /usr/lib/rsyslog/rsyslog-rotate
+ endscript
+}
```
|
2022-01-10 15:29:00 +09:00 |
|
|
|
dffb57e2fc
|
Add rsyslog config for nomad.
|
2022-01-10 15:29:00 +09:00 |
|
