ben
/
mgmt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
mgmt/components/vault/jobs/vault-cluster-exec.nomad

271 lines
4.9 KiB
HCL
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

job "vault-cluster-exec" {
datacenters = ["dc1"]
type = "service"
group "vault-master" {
count = 1
# 使用存在的属性替代consul版本检查
constraint {
attribute = "${driver.exec}"
operator = "="
value = "1"
}
constraint {
attribute = "${node.unique.name}"
value = "kr-master"
}
network {
port "api" {
static = 8200
}
port "cluster" {
static = 8201
}
}
task "vault" {
driver = "exec"
config {
command = "vault"
args = [
"server",
"-config=/opt/nomad/data/vault/config/vault.hcl"
]
}
template {
data = <<EOH
storage "file" {
path = "/opt/nomad/data/vault/data"
}
listener "tcp" {
address = "0.0.0.0:8200"
tls_disable = 1 # 生产环境应启用TLS
}
api_addr = "http://{{ env "NOMAD_IP_api" }}:8200"
cluster_addr = "http://{{ env "NOMAD_IP_cluster" }}:8201"
ui = true
disable_mlock = true
# 添加更多配置来解决权限问题
disable_sealwrap = true
disable_cache = false
# 配置consul连接
consul {
address = "127.0.0.1:8500"
path = "vault/"
# 注意可能需要配置token
# token = "your-consul-token"
}
# 配置consul连接
consul {
address = "127.0.0.1:8500"
path = "vault/"
# 注意可能需要配置token
# token = "your-consul-token"
}
EOH
destination = "/opt/nomad/data/vault/config/vault.hcl"
}
resources {
cpu = 100
memory = 256
}
service {
name = "vault"
port = "api"
check {
name = "vault-health"
type = "http"
path = "/v1/sys/health"
interval = "10s"
timeout = "2s"
}
}
}
}
group "vault-ash3c" {
count = 1
# 显式指定consul版本要求覆盖自动约束
constraint {
attribute = "${attr.consul.version}"
operator = "version"
value = ">= 1.0.0"
}
# 添加一个总是满足的约束来确保调度
constraint {
attribute = "${driver.exec}"
operator = "="
value = "1"
}
constraint {
attribute = "${node.unique.name}"
value = "us-ash3c"
}
network {
port "api" {
static = 8200
}
port "cluster" {
static = 8201
}
}
task "vault" {
driver = "exec"
config {
command = "vault"
args = [
"server",
"-config=/opt/nomad/data/vault/config/vault.hcl"
]
}
template {
data = <<EOH
storage "file" {
path = "/opt/nomad/data/vault/data"
}
listener "tcp" {
address = "0.0.0.0:8200"
tls_disable = 1 # 生产环境应启用TLS
}
api_addr = "http://{{ env "NOMAD_IP_api" }}:8200"
cluster_addr = "http://{{ env "NOMAD_IP_cluster" }}:8201"
ui = true
disable_mlock = true
# 添加更多配置来解决权限问题
disable_sealwrap = true
disable_cache = false
EOH
destination = "/opt/nomad/data/vault/config/vault.hcl"
}
resources {
cpu = 100
memory = 256
}
service {
name = "vault"
port = "api"
check {
name = "vault-health"
type = "http"
path = "/v1/sys/health"
interval = "10s"
timeout = "2s"
}
}
}
}
group "vault-warden" {
count = 1
# 显式指定consul版本要求覆盖自动约束
constraint {
attribute = "${attr.consul.version}"
operator = "version"
value = ">= 1.0.0"
}
# 添加一个总是满足的约束来确保调度
constraint {
attribute = "${driver.exec}"
operator = "="
value = "1"
}
constraint {
attribute = "${node.unique.name}"
value = "bj-warden"
}
network {
port "api" {
static = 8200
}
port "cluster" {
static = 8201
}
}
task "vault" {
driver = "exec"
config {
command = "vault"
args = [
"server",
"-config=/opt/nomad/data/vault/config/vault.hcl"
]
}
template {
data = <<EOH
storage "file" {
path = "/opt/nomad/data/vault/data"
}
listener "tcp" {
address = "0.0.0.0:8200"
tls_disable = 1 # 生产环境应启用TLS
}
api_addr = "http://{{ env "NOMAD_IP_api" }}:8200"
cluster_addr = "http://{{ env "NOMAD_IP_cluster" }}:8201"
ui = true
disable_mlock = true
# 添加更多配置来解决权限问题
disable_sealwrap = true
disable_cache = false
EOH
destination = "/opt/nomad/data/vault/config/vault.hcl"
}
resources {
cpu = 100
memory = 256
}
service {
name = "vault"
port = "api"
check {
name = "vault-health"
type = "http"
path = "/v1/sys/health"
interval = "10s"
timeout = "2s"
}
}
}
}
}
Reference in New Issue View Git Blame Copy Permalink