-
Notifications
You must be signed in to change notification settings - Fork 166
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Improve Vault Support #101
Comments
adawalli
added a commit
to adawalli/ansible-nomad
that referenced
this issue
Jul 23, 2020
This adds support for Vault namespaces (from Vault Enterprise). Additionally, this ensures that a vault token is not installed on client nodes. Per the nomad documentation, this token only needs be installed on servers, and tokens will be delegated appropriately to client nodes. Addresses ansible-community#101
adawalli
added a commit
to adawalli/ansible-nomad
that referenced
this issue
Jul 23, 2020
This adds support for Vault namespaces (from Vault Enterprise). Additionally, this ensures that a vault token is not installed on client nodes. Per the nomad documentation, this token only needs be installed on servers, and tokens will be delegated appropriately to client nodes. Addresses ansible-community#101
lanefu
pushed a commit
that referenced
this issue
Jul 23, 2020
This adds support for Vault namespaces (from Vault Enterprise). Additionally, this ensures that a vault token is not installed on client nodes. Per the nomad documentation, this token only needs be installed on servers, and tokens will be delegated appropriately to client nodes. Addresses #101
lanefu
added a commit
that referenced
this issue
Nov 7, 2020
* Update to Nomad 0.11.3 (#96) Addresses #84 * Fix booleans in template (#94) nomad expects booleans in lower-case. this fixes several variables * Update nomad to 0.12.0 (#98) Update to nomad 0.12.0 #97 * Update nomad to v0.12.1 (#104) Addresses #103 * Improve Vault Support for Namespace, Tokens (#102) This adds support for Vault namespaces (from Vault Enterprise). Additionally, this ensures that a vault token is not installed on client nodes. Per the nomad documentation, this token only needs be installed on servers, and tokens will be delegated appropriately to client nodes. Addresses #101 * add parameter deployment_gc_threshold (#99) Co-authored-by: beechesII <christopher.grau@t-systems.com> * Feature/nomad autopilot (#100) * add configuration for Nomad autopilot Stanza * correct variable names Co-authored-by: beechesII <christopher.grau@t-systems.com> * Reference requirement for unzip In response to #89 ... unzip is a dependency of ansible unarchive module. * fix cgroup-bin transition package for newer distro releases (#108) * Fix After and Wants to start after networking (#110) According to https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/ this is the correct way to start a service only after the network has come all the way up. According to https://www.freedesktop.org/software/systemd/man/systemd.special.html#basic.target "systemd automatically adds dependency of the type After= for this target unit to all services (except for those with DefaultDependencies=no)", therefore having it here is redundant. * Added configuation for podman and general plugin setups. (#111) * Added configuation for podman and general plugin setups. * Added storage usiing the same macro. * Removed the new hosts storage since the function existed already. * Corrected installation order. * CI test * CI test * fix action * fix action * CI test * CI bug wa * CI bug wa * File permissions * File permissions * Add centos7 * File permissions * Fix syntax * Use sh * Disable idempotence molecule test * Cleaning * fix lint * Fix tests * cleanup in lists of systems * Comment all except Ubuntu-18 * Fix tests * Add Ubuntu-20 * Set ansible-lint warnings * Set ansible-lint warnings * Set ansible-lint exceptions * Temp. disable lint * Edit scenario * Try different image * Edit scenario * add molecule github actions * add molecle tasks * add lint forgiveness * lint tweaks * fix ansible lint * remove custom yaml lint * copied yamllint config from consul rolee * remove document start linting * test remove idempotence test * comment spacing * exclude 301, ansible lint * use new lint syntax * rollback base * just 1 scenario while debugging * fixes fro yamllint * CI test * CI test * fix action * fix action * CI test * CI bug wa * CI bug wa * File permissions * File permissions * Add centos7 * File permissions * Fix syntax * Use sh * Disable idempotence molecule test * Cleaning * fix lint * Fix tests * cleanup in lists of systems * Comment all except Ubuntu-18 * Fix tests * Add Ubuntu-20 * Set ansible-lint warnings * Set ansible-lint warnings * Set ansible-lint exceptions * Temp. disable lint * Edit scenario * Try different image * Edit scenario * Edit scenario * CI test * Clean the mess * Clean the mess * Rmove temporary CI rule * CI test * Rmove temporary CI rule Co-authored-by: adawalli <adam.wallis@gmail.com> Co-authored-by: Sebastian Gumprich <rndmh3ro@users.noreply.github.com> Co-authored-by: Christopher Grau <66788631+beechesII@users.noreply.github.com> Co-authored-by: beechesII <christopher.grau@t-systems.com> Co-authored-by: lanefu <lanefu@users.noreply.github.com> Co-authored-by: John Adams <john@hexb.it> Co-authored-by: jebas <jeff.l.baskin@gmail.com> Co-authored-by: Michal Muransky <michal.muransky@pan-net.eu> Co-authored-by: Lane Jennison <lane@lane-fu.com> Co-authored-by: Bas Meijer <bas.meijer@me.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Namespacing an enterprise feature that is offered in vault. Nomad offers this feature, but this ansible role currently does not expose support for it.
Furthermore, the Nomad documentation specifies that a vault token does not need to be added for a client node: https://www.nomadproject.io/docs/configuration/vault#nomad-client
In order to reduce the spread of tokens, it is recommended that vault tokens only be provided directly to the server.
The text was updated successfully, but these errors were encountered: