search

Skatteetaten / terraform-nomad-postgres

Apache License 2.0
8 stars 5 forks source link

added host volumes #17

Closed dangernil closed 3 years ago

dangernil commented 4 years ago

Closes #12 and #24

zhenik commented 4 years ago

Tests?

claesgill commented 4 years ago

Changed to draft since we have some issues with permission denied when setting /var/lib/postgres/data as a volume to /vagrant/persitence/postgres.

claesgill commented 4 years ago

STATUS:

We're taking a break from this issue due to problems with permission denied with postgres and vagrant. This will unfortunately not be able to reach the release v0.1.0 deadline (02.10.2020).

Going to pick this up on monday next week.

Neha-Sinha2305 commented 3 years ago

You have missed out this piece of code that we need to add so that the new host_policy in nomad gets applied. Without this you will end up getting 403 permission denied when run with nomad_acl=true :

- name: Fetch bootstrap token nomad
  shell:
    cmd: vault kv get -field=secret-id secret/nomad-bootstrap-token
  when: lookup('env', 'nomad_acl') | bool
  register: bootstrap_token

- name: Copy nomad policy file to /etc/nomad.d/policies/
  copy:
    src: host_volume_policy.hcl
    dest: /etc/nomad.d/policies/host_volume_policy.hcl
  when: lookup('env', 'nomad_acl') | bool

- name: Update default write policy on nomad
  shell:
    cmd: nomad acl policy apply write-default /etc/nomad.d/policies/host_volume_policy.hcl
  when: lookup('env', 'nomad_acl') | bool
  environment:
    NOMAD_TOKEN: "{{ bootstrap_token.stdout }}

You can check the code in minio_repo

claesgill commented 3 years ago

You have missed out this piece of code that we need to add so that the new host_policy in nomad gets applied. Without this you will end up getting 403 permission denied when run with nomad_acl=true :

- name: Fetch bootstrap token nomad
  shell:
    cmd: vault kv get -field=secret-id secret/nomad-bootstrap-token
  when: lookup('env', 'nomad_acl') | bool
  register: bootstrap_token

- name: Copy nomad policy file to /etc/nomad.d/policies/
  copy:
    src: host_volume_policy.hcl
    dest: /etc/nomad.d/policies/host_volume_policy.hcl
  when: lookup('env', 'nomad_acl') | bool

- name: Update default write policy on nomad
  shell:
    cmd: nomad acl policy apply write-default /etc/nomad.d/policies/host_volume_policy.hcl
  when: lookup('env', 'nomad_acl') | bool
  environment:
    NOMAD_TOKEN: "{{ bootstrap_token.stdout }}

You can check the code in minio_repo

Oh, that's right! Thank's! :pray: