242 lines
4.0 KiB
HCL
242 lines
4.0 KiB
HCL
job "vault-cluster-nomad" {
|
|
datacenters = ["dc1"]
|
|
type = "service"
|
|
|
|
group "vault-ch4" {
|
|
count = 1
|
|
|
|
constraint {
|
|
attribute = "${node.unique.name}"
|
|
operator = "="
|
|
value = "ch4"
|
|
}
|
|
|
|
network {
|
|
port "http" {
|
|
static = 8200
|
|
to = 8200
|
|
}
|
|
}
|
|
|
|
task "vault" {
|
|
driver = "exec"
|
|
|
|
consul {
|
|
namespace = "default"
|
|
}
|
|
|
|
resources {
|
|
cpu = 500
|
|
memory = 1024
|
|
}
|
|
|
|
env {
|
|
VAULT_ADDR = "http://127.0.0.1:8200"
|
|
}
|
|
|
|
# 从 consul 读取配置
|
|
template {
|
|
data = <<EOF
|
|
{{ key "vault/config" }}
|
|
EOF
|
|
destination = "local/vault.hcl"
|
|
perms = "644"
|
|
wait {
|
|
min = "2s"
|
|
max = "10s"
|
|
}
|
|
}
|
|
|
|
config {
|
|
command = "vault"
|
|
args = [
|
|
"server",
|
|
"-config=/local/vault.hcl"
|
|
]
|
|
}
|
|
|
|
restart {
|
|
attempts = 2
|
|
interval = "30m"
|
|
delay = "15s"
|
|
mode = "fail"
|
|
}
|
|
}
|
|
|
|
update {
|
|
max_parallel = 3
|
|
health_check = "checks"
|
|
min_healthy_time = "10s"
|
|
healthy_deadline = "5m"
|
|
progress_deadline = "10m"
|
|
auto_revert = true
|
|
canary = 0
|
|
}
|
|
|
|
migrate {
|
|
max_parallel = 1
|
|
health_check = "checks"
|
|
min_healthy_time = "10s"
|
|
healthy_deadline = "5m"
|
|
}
|
|
}
|
|
|
|
group "vault-ash3c" {
|
|
count = 1
|
|
|
|
constraint {
|
|
attribute = "${node.unique.name}"
|
|
operator = "="
|
|
value = "ash3c"
|
|
}
|
|
|
|
network {
|
|
port "http" {
|
|
static = 8200
|
|
to = 8200
|
|
}
|
|
}
|
|
|
|
task "vault" {
|
|
driver = "exec"
|
|
|
|
consul {
|
|
namespace = "default"
|
|
}
|
|
|
|
resources {
|
|
cpu = 500
|
|
memory = 1024
|
|
}
|
|
|
|
env {
|
|
VAULT_ADDR = "http://127.0.0.1:8200"
|
|
}
|
|
|
|
# 从 consul 读取配置
|
|
template {
|
|
data = <<EOF
|
|
{{ key "vault/config" }}
|
|
EOF
|
|
destination = "local/vault.hcl"
|
|
perms = "644"
|
|
wait {
|
|
min = "2s"
|
|
max = "10s"
|
|
}
|
|
}
|
|
|
|
config {
|
|
command = "vault"
|
|
args = [
|
|
"server",
|
|
"-config=/local/vault.hcl"
|
|
]
|
|
}
|
|
|
|
restart {
|
|
attempts = 2
|
|
interval = "30m"
|
|
delay = "15s"
|
|
mode = "fail"
|
|
}
|
|
}
|
|
|
|
update {
|
|
max_parallel = 3
|
|
health_check = "checks"
|
|
min_healthy_time = "10s"
|
|
healthy_deadline = "5m"
|
|
progress_deadline = "10m"
|
|
auto_revert = true
|
|
canary = 0
|
|
}
|
|
|
|
migrate {
|
|
max_parallel = 1
|
|
health_check = "checks"
|
|
min_healthy_time = "10s"
|
|
healthy_deadline = "5m"
|
|
}
|
|
}
|
|
|
|
group "vault-warden" {
|
|
count = 1
|
|
|
|
constraint {
|
|
attribute = "${node.unique.name}"
|
|
operator = "="
|
|
value = "warden"
|
|
}
|
|
|
|
network {
|
|
port "http" {
|
|
static = 8200
|
|
to = 8200
|
|
}
|
|
}
|
|
|
|
task "vault" {
|
|
driver = "exec"
|
|
|
|
consul {
|
|
namespace = "default"
|
|
}
|
|
|
|
resources {
|
|
cpu = 500
|
|
memory = 1024
|
|
}
|
|
|
|
env {
|
|
VAULT_ADDR = "http://127.0.0.1:8200"
|
|
}
|
|
|
|
# 从 consul 读取配置
|
|
template {
|
|
data = <<EOF
|
|
{{ key "vault/config" }}
|
|
EOF
|
|
destination = "local/vault.hcl"
|
|
perms = "644"
|
|
wait {
|
|
min = "2s"
|
|
max = "10s"
|
|
}
|
|
}
|
|
|
|
config {
|
|
command = "vault"
|
|
args = [
|
|
"server",
|
|
"-config=/local/vault.hcl"
|
|
]
|
|
}
|
|
|
|
restart {
|
|
attempts = 2
|
|
interval = "30m"
|
|
delay = "15s"
|
|
mode = "fail"
|
|
}
|
|
}
|
|
|
|
update {
|
|
max_parallel = 3
|
|
health_check = "checks"
|
|
min_healthy_time = "10s"
|
|
healthy_deadline = "5m"
|
|
progress_deadline = "10m"
|
|
auto_revert = true
|
|
canary = 0
|
|
}
|
|
|
|
migrate {
|
|
max_parallel = 1
|
|
health_check = "checks"
|
|
min_healthy_time = "10s"
|
|
healthy_deadline = "5m"
|
|
}
|
|
}
|
|
}
|