trial run

allthingsclowd · Feb 12, 2019 · 0430129 · 0430129
1 parent 7e31d16
commit 0430129
Show file tree

Hide file tree

Showing 4 changed files with 12 additions and 23 deletions.
diff --git a/main.go b/main.go
@@ -40,7 +40,7 @@ func main() {
 	portPtr := flag.Int("port", 8080, "Default's to port 8080. Use -port=nnnn to use listen on an alternate port.")
 	ipPtr := flag.String("ip", "127.0.0.1", "Default's to all interfaces by using 127.0.0.1")
 	appRoleID = flag.String("appRole", "id-factory", "Application Role Name to be used to bootstrap access to Vault's secrets")
-	consulACL = flag.String("consulACL", "f8732bef-6085-f2e1-2281-8af91b5b0f6c", "Application ACL from Consul")
+	consulACL = flag.String("consulACL", "oi-someone-forgot-to-set-me", "Application ACL from Consul")
 	flag.Parse()
 	targetPort = strconv.Itoa(*portPtr)
 	targetIP = *ipPtr
@@ -173,13 +173,6 @@ func convert4connect(serviceURL string) string {
 
 func getVaultKV(consulClient consul.Client, vaultKey string) string {
 
-	// // Get a new Consul client
-	// consulClient, err := consul.NewClient(consul.DefaultConfig())
-	// if err != nil {
-	// 	fmt.Printf("Failed to contact consul - Please ensure both local agent and remote server are running : e.g. consul members >> %v \n", err)
-	// 	goapphealth = "NOTGOOD"
-	// }
-
 	// Read in the Vault service details from consul
 	vaultService := getConsulSVC(consulClient, "vault")
 	vaultAddress = "http://" + vaultService
@@ -262,18 +255,6 @@ func redisInit() (string, string) {
 	var redisService string
 	var redisPassword string
 
-	// consulTLSConfig, err := consul.SetupTLSConfig(&consul.TLSConfig{
-	// 	CAFile:             "/usr/local/bootstrap/certificate-config/consul-ca.pem",
-	// 	CertFile:           "/usr/local/bootstrap/certificate-config/cli.pem",
-	// 	KeyFile:            "/usr/local/bootstrap/certificate-config/cli-key.pem",
-	// 	Address:			"127.0.0.1",
-	//   })
-	//   if err != nil {
-	// 	panic(fmt.Sprintf("TLS Configuration error 1: %s\n", err))
-	// 	}
-
-	//   fmt.Printf("ConsulTLSConfig: %+v \n", consulTLSConfig)
-
 	// Get a new Consul client
 	consulConfig := consul.DefaultConfig()
 	consulConfig.Address = "192.168.2.11:8321"

diff --git a/nomad_job.hcl b/nomad_job.hcl
@@ -8,7 +8,7 @@ job "webpagecounter" {
         driver = "raw_exec"
         config {
             command = "/usr/local/bin/webcounter"
-            args = ["-port=${NOMAD_PORT_http}", "-ip=0.0.0.0"]
+            args = ["-port=${NOMAD_PORT_http}", "-ip=0.0.0.0", "-consulACL=${CONSUL_ACL_TOKEN}"]
         }
         resources {
           cpu    = 20

diff --git a/scripts/install_Go_app.sh b/scripts/install_Go_app.sh
@@ -130,5 +130,6 @@ chmod +x /usr/local/bin/webcounter
 
 cp /usr/local/bootstrap/scripts/consul_goapp_verify.sh /usr/local/bin/.
 
-# nomad job run /usr/local/bootstrap/nomad_job.hcl || true
+export CONSUL_ACL_TOKEN=${CONSUL_HTTP_TOKEN}
+nomad job run /usr/local/bootstrap/nomad_job.hcl || true
 
diff --git a/scripts/install_nomad.sh b/scripts/install_nomad.sh
@@ -26,7 +26,7 @@ User=${1}
 Group=${1}
 PIDFile=/var/run/${1}/${1}.pid
 PermissionsStartOnly=true
-ExecStartPre=-/bin/mkdir -p /var/run/${1}
+ExecStartPre=-/bin/mkdir -p /var/run/${1} && export CONSUL_ACL_TOKEN=${CONSUL_HTTP_TOKEN}
 ExecStartPre=/bin/chown -R ${1}:${1} /var/run/${1}
 ExecStart=${3}
 ExecReload=/bin/kill -HUP ${MAINPID}
@@ -72,6 +72,13 @@ else
   LOG="nomad.log"
 fi
 
+# Configure consul environment variables for use with certificates 
+export CONSUL_HTTP_ADDR=https://127.0.0.1:8321
+export CONSUL_CACERT=/usr/local/bootstrap/certificate-config/consul-ca.pem
+export CONSUL_CLIENT_CERT=/usr/local/bootstrap/certificate-config/cli.pem
+export CONSUL_CLIENT_KEY=/usr/local/bootstrap/certificate-config/cli-key.pem
+export CONSUL_HTTP_TOKEN=`cat /usr/local/bootstrap/.agenttoken_acl`
+
 which wget unzip &>/dev/null || {
   apt-get update
   apt-get install -y wget unzip