schmichael/vault.nomad.hcl

## vault.nomad.hcl
variable "vault_version" {
  type = string
  default = "1.14.0"
}

job "vault" {
  datacenters = ["*"]
  type = "service"
  group "vault" {
    count = 1
    network {
     mode = "bridge"
      port "api" {
        static = 8200
        to = 8200
      }
      port "cluster" {
        static = 8201
        to = 8201
      }

    }

    task "vault.service" {
      driver = "exec"
      resources {
        cpu = 20
        memory = 512
      }
      artifact {
        source      = "https://releases.hashicorp.com/vault/${var.vault_version}/vault_${var.vault_version}_${attr.kernel.name}_${attr.cpu.arch}.zip"
        destination = "${NOMAD_ALLOC_DIR}/artifacts/"
      }
      template {
        data        = <<EOH
        ui = true
        storage "raft" {
          path = "{{ env "NOMAD_SECRETS_DIR" }}"
          node_id = "{{ env "NOMAD_ALLOC_NAME" | replaceAll "[" "" | replaceAll "]" "" | replaceAll "." "_" }}"
        }
        listener "tcp" {
          address = "0.0.0.0:8200" #"{{ env "NOMAD_ADDR_api" }}"
          tls_disable = 1
        }
        cluster_addr = "http://0.0.0.0:8201" #"http://{{ env "NOMAD_ADDR_cluster" }}"
        api_addr = "http://0.0.0.0:8200" #"http://{{ env "NOMAD_ADDR_api" }}"
        license_path = "{{ env "NOMAD_SECRETS_DIR" }}/license"
        EOH
        destination = "${NOMAD_ALLOC_DIR}/configuration/vault.hcl"
      }

      config {
        command = "${NOMAD_ALLOC_DIR}/artifacts/vault"
        args = ["server", "-config=${NOMAD_ALLOC_DIR}/configuration/vault.hcl"]
      # needed for 1.6.0-beta
      #  cap_add = ["ipc_lock"]
      }
      service {
        name = "vault-api"
        port = "api"
        provider = "nomad"
        check {
          name = "healthy"
          type = "http"
          path = "/v1/sys/health?sealedcode=210&standbycode=210&performancestandbycode=211&uninintcode=212"
          interval = "10s"
          timeout  = "5s"
        }

        check {
          name = "active"
          on_update = "ignore"
          type = "http"
          path = "/v1/sys/health"
          interval = "10s"
          timeout  = "5s"
        }
        check {
          name = "active_or_standby"
          on_update = "ignore"
          type = "http"
          path = "/v1/sys/health?perfstandbyok=true"
          interval = "10s"
          timeout  = "5s"
        }
      }

      service {
        name = "vault-cluster"
        port = "cluster"
        provider = "nomad"
        check {
          type = "tcp"
          interval = "10s"
          timeout  = "5s"
        }
      }
    }
  }
}
	variable "vault_version" {
	type = string
	default = "1.14.0"
	}

	job "vault" {
	datacenters = ["*"]
	type = "service"
	group "vault" {
	count = 1
	network {
	mode = "bridge"
	port "api" {
	static = 8200
	to = 8200
	}
	port "cluster" {
	static = 8201
	to = 8201
	}

	}

	task "vault.service" {
	driver = "exec"
	resources {
	cpu = 20
	memory = 512
	}
	artifact {
	source = "https://releases.hashicorp.com/vault/${var.vault_version}/vault_${var.vault_version}_${attr.kernel.name}_${attr.cpu.arch}.zip"
	destination = "${NOMAD_ALLOC_DIR}/artifacts/"
	}
	template {
	data = <<EOH
	ui = true
	storage "raft" {
	path = "{{ env "NOMAD_SECRETS_DIR" }}"
	node_id = "{{ env "NOMAD_ALLOC_NAME" \| replaceAll "[" "" \| replaceAll "]" "" \| replaceAll "." "_" }}"
	}
	listener "tcp" {
	address = "0.0.0.0:8200" #"{{ env "NOMAD_ADDR_api" }}"
	tls_disable = 1
	}
	cluster_addr = "http://0.0.0.0:8201" #"http://{{ env "NOMAD_ADDR_cluster" }}"
	api_addr = "http://0.0.0.0:8200" #"http://{{ env "NOMAD_ADDR_api" }}"
	license_path = "{{ env "NOMAD_SECRETS_DIR" }}/license"
	EOH
	destination = "${NOMAD_ALLOC_DIR}/configuration/vault.hcl"
	}

	config {
	command = "${NOMAD_ALLOC_DIR}/artifacts/vault"
	args = ["server", "-config=${NOMAD_ALLOC_DIR}/configuration/vault.hcl"]
	# needed for 1.6.0-beta
	# cap_add = ["ipc_lock"]
	}
	service {
	name = "vault-api"
	port = "api"
	provider = "nomad"
	check {
	name = "healthy"
	type = "http"
	path = "/v1/sys/health?sealedcode=210&standbycode=210&performancestandbycode=211&uninintcode=212"
	interval = "10s"
	timeout = "5s"
	}

	check {
	name = "active"
	on_update = "ignore"
	type = "http"
	path = "/v1/sys/health"
	interval = "10s"
	timeout = "5s"
	}
	check {
	name = "active_or_standby"
	on_update = "ignore"
	type = "http"
	path = "/v1/sys/health?perfstandbyok=true"
	interval = "10s"
	timeout = "5s"
	}
	}

	service {
	name = "vault-cluster"
	port = "cluster"
	provider = "nomad"
	check {
	type = "tcp"
	interval = "10s"
	timeout = "5s"
	}
	}
	}
	}
	}