283 lines
5.3 KiB
HCL
283 lines
5.3 KiB
HCL
job "vault-cluster-exec" {
|
||
datacenters = ["dc1"]
|
||
type = "service"
|
||
|
||
group "vault-ch4" {
|
||
count = 1
|
||
|
||
# 使用存在的属性替代consul版本检查
|
||
constraint {
|
||
attribute = "${driver.exec}"
|
||
operator = "="
|
||
value = "1"
|
||
}
|
||
|
||
constraint {
|
||
attribute = "${node.unique.name}"
|
||
value = "ch4"
|
||
}
|
||
|
||
network {
|
||
port "api" {
|
||
static = 8200
|
||
}
|
||
port "cluster" {
|
||
static = 8201
|
||
}
|
||
}
|
||
|
||
task "vault" {
|
||
driver = "exec"
|
||
|
||
config {
|
||
command = "vault"
|
||
args = [
|
||
"server",
|
||
"-config=/opt/nomad/data/vault/config/vault.hcl"
|
||
]
|
||
}
|
||
|
||
template {
|
||
data = <<EOH
|
||
storage "consul" {
|
||
address = "{{ with nomadService "consul" }}{{ range . }}{{ if contains .Tags "http" }}{{ .Address }}:{{ .Port }}{{ end }}{{ end }}{{ end }}"
|
||
path = "vault/"
|
||
# Consul服务发现配置
|
||
service {
|
||
name = "vault"
|
||
tags = ["vault"]
|
||
}
|
||
}
|
||
|
||
listener "tcp" {
|
||
address = "0.0.0.0:8200"
|
||
tls_disable = 1 # 生产环境应启用TLS
|
||
}
|
||
|
||
api_addr = "http://{{ env "NOMAD_IP_api" }}:8200"
|
||
cluster_addr = "http://{{ env "NOMAD_IP_cluster" }}:8201"
|
||
|
||
ui = true
|
||
disable_mlock = true
|
||
|
||
# 添加更多配置来解决权限问题
|
||
disable_sealwrap = true
|
||
disable_cache = false
|
||
|
||
# 启用原始日志记录
|
||
enable_raw_log = true
|
||
|
||
# 集成Nomad服务发现
|
||
service_registration {
|
||
enabled = true
|
||
}
|
||
EOH
|
||
destination = "/opt/nomad/data/vault/config/vault.hcl"
|
||
}
|
||
|
||
resources {
|
||
cpu = 100
|
||
memory = 256
|
||
}
|
||
|
||
service {
|
||
name = "vault"
|
||
port = "api"
|
||
|
||
check {
|
||
name = "vault-health"
|
||
type = "http"
|
||
path = "/v1/sys/health"
|
||
interval = "10s"
|
||
timeout = "2s"
|
||
}
|
||
}
|
||
}
|
||
}
|
||
|
||
group "vault-ash3c" {
|
||
count = 1
|
||
|
||
# 移除对consul版本的约束,使用driver约束替代
|
||
constraint {
|
||
attribute = "${driver.exec}"
|
||
operator = "="
|
||
value = "1"
|
||
}
|
||
|
||
constraint {
|
||
attribute = "${node.unique.name}"
|
||
value = "us-ash3c"
|
||
}
|
||
|
||
network {
|
||
port "api" {
|
||
static = 8200
|
||
}
|
||
port "cluster" {
|
||
static = 8201
|
||
}
|
||
}
|
||
|
||
task "vault" {
|
||
driver = "exec"
|
||
|
||
config {
|
||
command = "vault"
|
||
args = [
|
||
"server",
|
||
"-config=/opt/nomad/data/vault/config/vault.hcl"
|
||
]
|
||
}
|
||
|
||
template {
|
||
data = <<EOH
|
||
storage "consul" {
|
||
address = "{{ with nomadService "consul" }}{{ range . }}{{ if contains .Tags "http" }}{{ .Address }}:{{ .Port }}{{ end }}{{ end }}{{ end }}"
|
||
path = "vault/"
|
||
# Consul服务发现配置
|
||
service {
|
||
name = "vault"
|
||
tags = ["vault"]
|
||
}
|
||
}
|
||
|
||
listener "tcp" {
|
||
address = "0.0.0.0:8200"
|
||
tls_disable = 1 # 生产环境应启用TLS
|
||
}
|
||
|
||
api_addr = "http://{{ env "NOMAD_IP_api" }}:8200"
|
||
cluster_addr = "http://{{ env "NOMAD_IP_cluster" }}:8201"
|
||
|
||
ui = true
|
||
disable_mlock = true
|
||
|
||
# 添加更多配置来解决权限问题
|
||
disable_sealwrap = true
|
||
disable_cache = false
|
||
|
||
# 启用原始日志记录
|
||
enable_raw_log = true
|
||
|
||
# 集成Nomad服务发现
|
||
service_registration {
|
||
enabled = true
|
||
}
|
||
EOH
|
||
destination = "/opt/nomad/data/vault/config/vault.hcl"
|
||
}
|
||
|
||
resources {
|
||
cpu = 100
|
||
memory = 256
|
||
}
|
||
|
||
service {
|
||
name = "vault"
|
||
port = "api"
|
||
|
||
check {
|
||
name = "vault-health"
|
||
type = "http"
|
||
path = "/v1/sys/health"
|
||
interval = "10s"
|
||
timeout = "2s"
|
||
}
|
||
}
|
||
}
|
||
}
|
||
|
||
group "vault-warden" {
|
||
count = 1
|
||
|
||
# 移除对consul版本的约束,使用driver约束替代
|
||
constraint {
|
||
attribute = "${driver.exec}"
|
||
operator = "="
|
||
value = "1"
|
||
}
|
||
|
||
constraint {
|
||
attribute = "${node.unique.name}"
|
||
value = "bj-warden"
|
||
}
|
||
|
||
network {
|
||
port "api" {
|
||
static = 8200
|
||
}
|
||
port "cluster" {
|
||
static = 8201
|
||
}
|
||
}
|
||
|
||
task "vault" {
|
||
driver = "exec"
|
||
|
||
config {
|
||
command = "vault"
|
||
args = [
|
||
"server",
|
||
"-config=/opt/nomad/data/vault/config/vault.hcl"
|
||
]
|
||
}
|
||
|
||
template {
|
||
data = <<EOH
|
||
storage "consul" {
|
||
address = "{{ with nomadService "consul" }}{{ range . }}{{ if contains .Tags "http" }}{{ .Address }}:{{ .Port }}{{ end }}{{ end }}{{ end }}"
|
||
path = "vault/"
|
||
# Consul服务发现配置
|
||
service {
|
||
name = "vault"
|
||
tags = ["vault"]
|
||
}
|
||
}
|
||
|
||
listener "tcp" {
|
||
address = "0.0.0.0:8200"
|
||
tls_disable = 1 # 生产环境应启用TLS
|
||
}
|
||
|
||
api_addr = "http://{{ env "NOMAD_IP_api" }}:8200"
|
||
cluster_addr = "http://{{ env "NOMAD_IP_cluster" }}:8201"
|
||
|
||
ui = true
|
||
disable_mlock = true
|
||
|
||
# 添加更多配置来解决权限问题
|
||
disable_sealwrap = true
|
||
disable_cache = false
|
||
|
||
# 启用原始日志记录
|
||
enable_raw_log = true
|
||
|
||
# 集成Nomad服务发现
|
||
service_registration {
|
||
enabled = true
|
||
}
|
||
EOH
|
||
destination = "/opt/nomad/data/vault/config/vault.hcl"
|
||
}
|
||
|
||
resources {
|
||
cpu = 100
|
||
memory = 256
|
||
}
|
||
|
||
service {
|
||
name = "vault"
|
||
port = "api"
|
||
|
||
check {
|
||
name = "vault-health"
|
||
type = "http"
|
||
path = "/v1/sys/health"
|
||
interval = "10s"
|
||
timeout = "2s"
|
||
}
|
||
}
|
||
}
|
||
}
|
||
} |