Closed Ranjandas closed 4 months ago
Great job, man! Can you review submit-job
capability? It looks like there should be write policy to be ably to submit, but I am not familiar with Nomad's ACL.
Related: https://github.com/hashicorp/learn-nomad-cluster-setup/issues/28
@tunzor Could you take over the PR from here and help get this PR merged? Thank you!
@Ranjandas I figured out a way around updating the anonymous policy by adding the agent token to the Consul client configuration but couldn't add the suggestions to this PR so I opened another one that includes your other changes.
Can you double check PR #29 and make sure it's complete? I've tested it and DNS lookups work as they should but feel free to test it out if you like.
Closing this PR as the changes have been merged as part of #29, thank you very much for your contributions!
This is a combination of multiple PRs (#23, #24, #25)
In addition to the PRs, here are two additional changes:
alloc-exec
permission.23
The Ubuntu Xenial image is not available anymore officially from Canonical on AWS (except the Pro versions).
The following changes were introduced as part of the AMI change:
ip
command instead ofifconfig
(deprecated)Introduced a system-resolved drop-in for Consul DNS access and stopped Consul from listening on port 53. This is because systemd-resolved already binds to port 53, and Consul won't start.
The drop-in configuration also listens on the Docker bridge IP so that Nomad tasks can resolve Consul DNS names by overriding DNS by pointing to the Docker bridge IP
jq
andredis-tools
installation were failingIn addition,
packer {}
block was added so thatpacker init
installs the required plugins for thebuild
to work.Fixes the following issues:
24
Update the anonymous token policy so that the Consul DNS resolution works out of the box.
25
zone_pattern
forretry_join
for faster discovery in GCP