-
Notifications
You must be signed in to change notification settings - Fork 39
/
Copy pathmulti_batch_job.nomad.hcl
129 lines (103 loc) · 2.4 KB
/
multi_batch_job.nomad.hcl
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
job "cascading_bash_jobs" {
region = "eu-west-2"
datacenters = ["eu-west-2a","eu-west-2b","eu-west-2c"]
type = "batch"
group "jobs" {
count = 1
task "Generate_keys" {
constraint {
attribute = "${meta.type}"
value = "server"
}
lifecycle {
hook = "prestart"
}
driver = "raw_exec"
template {
data = <<EOH
set -v
# Generate a 2048 bit RSA Key
openssl genrsa -out keypair.pem 2048
# Export the RSA Public Key to a File
openssl rsa -in keypair.pem -pubout -out publickey.crt
# Exports the Private Key
openssl rsa -in keypair.pem -out private_unencrypted.pem -outform PEM
# convert to PKCS#8
openssl pkcs8 -topk8 -inform PEM -outform PEM -nocrypt -in keypair.pem -out pkcs8.key
pwd
# copy files to a shared directory
cp keypair.pem /tmp/keypair.pem
cp publickey.crt /tmp/publickey.crt
cp private_unencrypted.pem /tmp/private_unencrypted.pem
cp pkcs8.key /tmp/pkcs8.key
EOH
destination = "script.sh"
perms = "755"
}
config {
command = "bash"
args = ["script.sh"]
}
}
task "Load_to_vault" {
constraint {
attribute = "${meta.type}"
value = "server"
}
/*
volume_mount {
volume = "mongodb_vol"
destination = "/data/db"
}
*/
driver = "raw_exec"
vault {
policies = ["superuser"]
}
env {
VAULT_ADDR = "https://active.vault.service.consul:8200"
}
template {
data = <<EOH
set -v
# view the previously generated files
cat /tmp/keypair.pem
cat /tmp/publickey.crt
cat /tmp/private_unencrypted.pem
cat /tmp/pkcs8.key
cd /tmp
vault kv put kv/nomad_keys [email protected]
vault kv patch kv/nomad_keys [email protected]
vault kv patch kv/nomad_keys private_unencrypted=@private_unencrypted.pem
vault kv patch kv/nomad_keys [email protected]
EOH
destination = "script.sh"
perms = "755"
}
config {
command = "bash"
args = ["script.sh"]
}
}
task "Third_Job" {
constraint {
attribute = "${meta.type}"
value = "server"
}
driver = "raw_exec"
template {
data = <<EOH
set -v
# Generate a 2048 bit RSA Key
echo "get your nomad groove on"
EOH
destination = "script.sh"
perms = "755"
}
config {
command = "bash"
args = ["script.sh"]
}
}
} #group
} #jobs