Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Improve Vault Support #101

Closed
adawalli opened this issue Jul 23, 2020 · 0 comments
Closed

Improve Vault Support #101

adawalli opened this issue Jul 23, 2020 · 0 comments

Comments

@adawalli
Copy link
Contributor

adawalli commented Jul 23, 2020

Namespacing an enterprise feature that is offered in vault. Nomad offers this feature, but this ansible role currently does not expose support for it.

Furthermore, the Nomad documentation specifies that a vault token does not need to be added for a client node: https://www.nomadproject.io/docs/configuration/vault#nomad-client
In order to reduce the spread of tokens, it is recommended that vault tokens only be provided directly to the server.

@adawalli adawalli changed the title Add Vault Namespace Support Improve Vault Support Jul 23, 2020
adawalli added a commit to adawalli/ansible-nomad that referenced this issue Jul 23, 2020
This adds support for Vault namespaces (from Vault Enterprise).
Additionally, this ensures that a vault token is not installed on client
nodes. Per the nomad documentation, this token only needs be installed
on servers, and tokens will be delegated appropriately to client nodes.

Addresses ansible-community#101
adawalli added a commit to adawalli/ansible-nomad that referenced this issue Jul 23, 2020
This adds support for Vault namespaces (from Vault Enterprise).
Additionally, this ensures that a vault token is not installed on client
nodes. Per the nomad documentation, this token only needs be installed
on servers, and tokens will be delegated appropriately to client nodes.

Addresses ansible-community#101
lanefu pushed a commit that referenced this issue Jul 23, 2020
This adds support for Vault namespaces (from Vault Enterprise).
Additionally, this ensures that a vault token is not installed on client
nodes. Per the nomad documentation, this token only needs be installed
on servers, and tokens will be delegated appropriately to client nodes.

Addresses #101
lanefu added a commit that referenced this issue Nov 7, 2020
* Update to Nomad 0.11.3 (#96)

Addresses #84

* Fix booleans in template (#94)

nomad expects booleans in lower-case. this fixes several variables

* Update nomad to 0.12.0 (#98)

Update to nomad 0.12.0 #97

* Update nomad to v0.12.1 (#104)

Addresses #103

* Improve Vault Support for Namespace, Tokens (#102)

This adds support for Vault namespaces (from Vault Enterprise).
Additionally, this ensures that a vault token is not installed on client
nodes. Per the nomad documentation, this token only needs be installed
on servers, and tokens will be delegated appropriately to client nodes.

Addresses #101

* add parameter deployment_gc_threshold (#99)

Co-authored-by: beechesII <christopher.grau@t-systems.com>

* Feature/nomad autopilot (#100)

* add configuration for Nomad autopilot Stanza

* correct variable names

Co-authored-by: beechesII <christopher.grau@t-systems.com>

* Reference requirement for unzip

In response to #89 ...  unzip is a dependency of ansible unarchive module.

* fix cgroup-bin transition package for newer distro releases (#108)

* Fix After and Wants to start after networking (#110)

According to https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/ this is the correct way to start a service only after the network has come all the way up.
According to https://www.freedesktop.org/software/systemd/man/systemd.special.html#basic.target "systemd automatically adds dependency of the type After= for this target unit to all services (except for those with DefaultDependencies=no)", therefore having it here is redundant.

* Added configuation for podman and general plugin setups. (#111)

* Added configuation for podman and general plugin setups.

* Added storage usiing the same macro.

* Removed the new hosts storage since the function existed already.

* Corrected installation order.

* CI test

* CI test

* fix action

* fix action

* CI test

* CI bug wa

* CI bug wa

* File permissions

* File permissions

* Add centos7

* File permissions

* Fix syntax

* Use sh

* Disable idempotence molecule test

* Cleaning

* fix lint

* Fix tests

* cleanup in lists of systems

* Comment all except Ubuntu-18

* Fix tests

* Add Ubuntu-20

* Set ansible-lint warnings

* Set ansible-lint warnings

* Set ansible-lint exceptions

* Temp. disable lint

* Edit scenario

* Try different image

* Edit scenario

* add molecule github actions

* add molecle tasks

* add lint forgiveness

* lint tweaks

* fix ansible lint

* remove custom yaml lint

* copied yamllint config from consul rolee

* remove document start linting

* test remove idempotence test

* comment spacing

* exclude 301, ansible lint

* use new lint syntax

* rollback base

* just 1 scenario while debugging

* fixes fro yamllint

* CI test

* CI test

* fix action

* fix action

* CI test

* CI bug wa

* CI bug wa

* File permissions

* File permissions

* Add centos7

* File permissions

* Fix syntax

* Use sh

* Disable idempotence molecule test

* Cleaning

* fix lint

* Fix tests

* cleanup in lists of systems

* Comment all except Ubuntu-18

* Fix tests

* Add Ubuntu-20

* Set ansible-lint warnings

* Set ansible-lint warnings

* Set ansible-lint exceptions

* Temp. disable lint

* Edit scenario

* Try different image

* Edit scenario

* Edit scenario

* CI test

* Clean the mess

* Clean the mess

* Rmove temporary CI rule

* CI test

* Rmove temporary CI rule

Co-authored-by: adawalli <adam.wallis@gmail.com>
Co-authored-by: Sebastian Gumprich <rndmh3ro@users.noreply.github.com>
Co-authored-by: Christopher Grau <66788631+beechesII@users.noreply.github.com>
Co-authored-by: beechesII <christopher.grau@t-systems.com>
Co-authored-by: lanefu <lanefu@users.noreply.github.com>
Co-authored-by: John Adams <john@hexb.it>
Co-authored-by: jebas <jeff.l.baskin@gmail.com>
Co-authored-by: Michal Muransky <michal.muransky@pan-net.eu>
Co-authored-by: Lane Jennison <lane@lane-fu.com>
Co-authored-by: Bas Meijer <bas.meijer@me.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant