From f1cd5af333a3b44d7bd94802532cebfafb3a31bc Mon Sep 17 00:00:00 2001 From: Tim Gross Date: Mon, 1 Apr 2024 16:50:40 -0400 Subject: [PATCH] address comments from code review --- e2e/terraform/consul-servers.tf | 16 ++++++++-------- e2e/terraform/etc/consul.d/servers.hcl | 4 ---- e2e/terraform/nomad-acls.tf | 19 ++++++++++--------- 3 files changed, 18 insertions(+), 21 deletions(-) diff --git a/e2e/terraform/consul-servers.tf b/e2e/terraform/consul-servers.tf index a55a4bb92aa..eaffbc65697 100644 --- a/e2e/terraform/consul-servers.tf +++ b/e2e/terraform/consul-servers.tf @@ -162,17 +162,17 @@ resource "null_resource" "install_consul_server_configs" { # get the management token into the provider's environment after we bootstrap, # and we want to pass various tokens in the Nomad and Consul configuration # files. So we run a bootstrapping script that uses tokens we generate randomly. -locals { - consul_env = "CONSUL_HTTP_ADDR=https://${aws_instance.consul_server.public_ip}:8501 CONSUL_CACERT=keys/tls_ca.crt CONSUL_HTTP_TOKEN=${random_uuid.consul_initial_management_token.result} CONSUL_AGENT_TOKEN=${random_uuid.consul_agent_token.result} NOMAD_CLUSTER_CONSUL_TOKEN=${random_uuid.consul_token_for_nomad.result}" -} - resource "null_resource" "bootstrap_consul_acls" { depends_on = [null_resource.install_consul_server_configs] - triggers = { - command = aws_instance.consul_server.public_ip != "" ? local.consul_env : "echo 'Consul server not ready yet, skipping bootstrap'" - } provisioner "local-exec" { - command = "${local.consul_env} ./scripts/bootstrap-consul.sh" + command = "./scripts/bootstrap-consul.sh" + environment = { + CONSUL_HTTP_ADDR = "https://${aws_instance.consul_server.public_ip}:8501" + CONSUL_CACERT = "keys/tls_ca.crt" + CONSUL_HTTP_TOKEN = "${random_uuid.consul_initial_management_token.result}" + CONSUL_AGENT_TOKEN = "${random_uuid.consul_agent_token.result}" + NOMAD_CLUSTER_CONSUL_TOKEN = "${random_uuid.consul_token_for_nomad.result}" + } } } diff --git a/e2e/terraform/etc/consul.d/servers.hcl b/e2e/terraform/etc/consul.d/servers.hcl index 73f17a4927d..54f35892cf5 100644 --- a/e2e/terraform/etc/consul.d/servers.hcl +++ b/e2e/terraform/etc/consul.d/servers.hcl @@ -20,10 +20,6 @@ acl { initial_management = "${management_token}" agent = "${token}" default = "${token}" - - # this isn't a Consul config value, but the bootstrap script will read - # this to create an initial pre-existing token for our Nomad agents - # nomad_cluster = "${nomad_token}" } } diff --git a/e2e/terraform/nomad-acls.tf b/e2e/terraform/nomad-acls.tf index 6218235425e..fbe3d7651b9 100644 --- a/e2e/terraform/nomad-acls.tf +++ b/e2e/terraform/nomad-acls.tf @@ -7,19 +7,17 @@ # to get the management token into the provider's environment after we bootstrap. # So we run a bootstrapping script and write our management token into a file # that we read in for the output of $(terraform output environment) later. - -locals { - nomad_env = "NOMAD_ADDR=https://${aws_instance.server.0.public_ip}:4646 NOMAD_CACERT=keys/tls_ca.crt NOMAD_CLIENT_CERT=keys/tls_api_client.crt NOMAD_CLIENT_KEY=keys/tls_api_client.key" -} - resource "null_resource" "bootstrap_nomad_acls" { depends_on = [module.nomad_server, null_resource.bootstrap_consul_acls] - triggers = { - command = aws_instance.server.0.public_ip != "" ? local.nomad_env : "echo 'Nomad server not ready yet, skipping bootstrap'" - } provisioner "local-exec" { - command = "${local.nomad_env} ./scripts/bootstrap-nomad.sh" + command = "./scripts/bootstrap-nomad.sh" + environment = { + NOMAD_ADDR = "https://${aws_instance.server.0.public_ip}:4646" + NOMAD_CACERT = "keys/tls_ca.crt" + NOMAD_CLIENT_CERT = "keys/tls_api_client.crt" + NOMAD_CLIENT_KEY = "keys/tls_api_client.key" + } } } @@ -41,6 +39,9 @@ export NOMAD_SKIP_VERIFY=true export NOMAD_CLIENT_CERT=/etc/nomad.d/tls/agent.crt export NOMAD_CLIENT_KEY=/etc/nomad.d/tls/agent.key export NOMAD_TOKEN=${data.local_sensitive_file.nomad_token.content} +export CONSUL_HTTP_ADDR=https://localhost:8501 +export CONSUL_HTTP_TOKEN="${random_uuid.consul_initial_management_token.result}" +export CONSUL_CACERT=/etc/consul.d/ca.pem ENV EXEC }