jasonodonnell/nomad-tfvp-manual.sh Secret

## nomad-tfvp-manual.sh
#!/bin/bash

set -e

export VAULT_DEV_ROOT_TOKEN_ID="root"
export VAULT_TOKEN="root"
export VAULT_ADDR="http://0.0.0.0:8200"
export NOMAD_ADDR="http://0.0.0.0:4646"

cat <<'EOF' > nomad.hcl
acl {
  enabled = true
}

client {
  options = {"driver.blacklist" = "java"}
}
EOF

screen -d -m -S nomadScreen nomad agent -dev -config=nomad.hcl
screen -d -m -S vaultScreen vault server -dev &

sleep 10

export TF_VAR_TOKEN=$(curl -s --request POST http://localhost:4646/v1/acl/bootstrap | jq -r '.SecretID')

if [[ -z ${TF_VAR_TOKEN} ]]
then
    echo "Could not create bootstrap token. Exiting.."
    exit 1
fi

cat <<'EOF' > nomad.tf
variable "TOKEN" {}

provider "vault" {
  address = "http://0.0.0.0:8200"
  token = "root"
}

resource "vault_nomad_secret_backend" "config" {
    backend = "nomad"
    address = "http://0.0.0.0:4646"
    token = var.TOKEN
}

resource "vault_nomad_secret_lease" "lease" {
    backend = vault_nomad_secret_backend.config.backend
    max_ttl = 60
    ttl = 30
}

resource "vault_nomad_secret_role" "test" {
    backend = vault_nomad_secret_backend.config.backend
    role = "test"
    type = "client"
    policies = ["readonly"]
}

data "vault_nomad_access_token" "token" {
  backend = vault_nomad_secret_backend.config.backend
  role    = vault_nomad_secret_role.test.role
  depends_on = [vault_nomad_secret_role.test]
}

output "secret" {
  value = data.vault_nomad_access_token.token.secret_id
}

output "accessor" {
  value = data.vault_nomad_access_token.token.accessor_id
}
EOF

terraform init
terraform apply -auto-approve

process=$(ps -ef | grep 'vault server' | grep -v 'grep' | awk '{print $2}')
kill $(echo $process | cut -f1 -d'.')
process=$(ps -ef | grep 'nomad agent' | grep -v 'grep' | awk '{print $2}')
kill $(echo $process | cut -f1 -d'.')

rm terraform.tfstate*
	#!/bin/bash

	set -e

	export VAULT_DEV_ROOT_TOKEN_ID="root"
	export VAULT_TOKEN="root"
	export VAULT_ADDR="http://0.0.0.0:8200"
	export NOMAD_ADDR="http://0.0.0.0:4646"

	cat <<'EOF' > nomad.hcl
	acl {
	enabled = true
	}

	client {
	options = {"driver.blacklist" = "java"}
	}
	EOF

	screen -d -m -S nomadScreen nomad agent -dev -config=nomad.hcl
	screen -d -m -S vaultScreen vault server -dev &

	sleep 10

	export TF_VAR_TOKEN=$(curl -s --request POST http://localhost:4646/v1/acl/bootstrap \| jq -r '.SecretID')

	if [[ -z ${TF_VAR_TOKEN} ]]
	then
	echo "Could not create bootstrap token. Exiting.."
	exit 1
	fi

	cat <<'EOF' > nomad.tf
	variable "TOKEN" {}

	provider "vault" {
	address = "http://0.0.0.0:8200"
	token = "root"
	}

	resource "vault_nomad_secret_backend" "config" {
	backend = "nomad"
	address = "http://0.0.0.0:4646"
	token = var.TOKEN
	}

	resource "vault_nomad_secret_lease" "lease" {
	backend = vault_nomad_secret_backend.config.backend
	max_ttl = 60
	ttl = 30
	}

	resource "vault_nomad_secret_role" "test" {
	backend = vault_nomad_secret_backend.config.backend
	role = "test"
	type = "client"
	policies = ["readonly"]
	}

	data "vault_nomad_access_token" "token" {
	backend = vault_nomad_secret_backend.config.backend
	role = vault_nomad_secret_role.test.role
	depends_on = [vault_nomad_secret_role.test]
	}

	output "secret" {
	value = data.vault_nomad_access_token.token.secret_id
	}

	output "accessor" {
	value = data.vault_nomad_access_token.token.accessor_id
	}
	EOF

	terraform init
	terraform apply -auto-approve

	process=$(ps -ef \| grep 'vault server' \| grep -v 'grep' \| awk '{print $2}')
	kill $(echo $process \| cut -f1 -d'.')
	process=$(ps -ef \| grep 'nomad agent' \| grep -v 'grep' \| awk '{print $2}')
	kill $(echo $process \| cut -f1 -d'.')

	rm terraform.tfstate*