itamae/cookbooks/consul/consul-connect-prep.rb

55 lines
1.1 KiB
Ruby

# Use Vault to retrieve the token to generate jwt.
%w( roleid secretid ).each do |f|
encrypted_remote_file "/etc/vault.d/tokens/#{f}" do
owner 'root'
group 'root'
mode '0644'
source "files/etc/vault.d/tokens/#{f}"
password ENV['ITAMAE_PASSWORD']
end
end
remote_file '/etc/vault.d/agent/consul-jwt.hcl' do
owner 'vault'
group 'vault'
mode '0644'
notifies :restart, 'service[vault-agent-consul-jwt]'
end
remote_file '/etc/default/vault-agent-consul-jwt' do
owner 'vault'
group 'vault'
mode '0644'
end
remote_file '/etc/systemd/system/vault-agent-consul-jwt.service' do
owner 'root'
group 'root'
mode '0644'
notifies :restart, 'service[vault-agent-consul-jwt]'
end
service 'vault-agent-consul-jwt' do
action [:enable, :start]
end
# Use consul-template to retrieve the JWT token.
remote_file '/etc/consul-template.d/conf/consul-jwt.conf' do
owner 'root'
group 'root'
mode '0644'
notifies :restart, 'service[consul-template]'
end
remote_file '/etc/consul-template.d/templates/consul-jwt.tmpl' do
owner 'root'
group 'root'
mode '0644'
notifies :restart, 'service[consul-template]'
end