-
Notifications
You must be signed in to change notification settings - Fork 4.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bootstrap Nomad ACL system if no token is given #12451
Conversation
@Mongey are you still interested in working on this PR? |
a90860f
to
4cf01e3
Compare
@hghaf099 yep |
5bd5a77
to
7b2eb0d
Compare
7b2eb0d
to
1ca413b
Compare
bump |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for this! Just a few small-ish comments.
Similar to the [Bootstrap the Consul ACL system if no token is given][boostrap-consul] it would be very useful to bootstrap Nomads ACL system and manage it in Vault. [boostrap-consul]:hashicorp#10751
1ca413b
to
105b898
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
I pulled it down and tested it locally. It seems to simplify the process of getting it to work locally, i.e., I can now just run
# window 1
sudo nomad agent -dev -bind 0.0.0.0 -log-level INFO -acl-enabled
# window 2
vault server -dev
# window 3
vault secrets enable nomad
vault write nomad/config/access address=http://127.0.0.1:4646
vault write nomad/role/monitoring policies=readonly
vault read nomad/creds/monitoring
And skip having to run nomad acl boostrap
. Though if we do still run nomad acl boostrap
manually, as before, it works as expected.
Thanks so much for your contribution!
* Bootstrap Nomad ACL system if no token is given Similar to the [Bootstrap the Consul ACL system if no token is given][boostrap-consul] it would be very useful to bootstrap Nomads ACL system and manage it in Vault. [boostrap-consul]:#10751 * Add changelog entry * Remove debug log line * Remove redundant else * Rename Nomad acl bootstrap param * Replace sleep with attempt to list nomad leader, setup will retry until successful * fmt
* Bootstrap Nomad ACL system if no token is given Similar to the [Bootstrap the Consul ACL system if no token is given][boostrap-consul] it would be very useful to bootstrap Nomads ACL system and manage it in Vault. [boostrap-consul]:#10751 * Add changelog entry * Remove debug log line * Remove redundant else * Rename Nomad acl bootstrap param * Replace sleep with attempt to list nomad leader, setup will retry until successful * fmt
Similar to the Bootstrap the Consul ACL system if no token is given
it would be very useful to bootstrap Nomads ACL system and manage it in
Vault.