fix: add secrets for CONSUL and VAULT to env with template

Signed-off-by: Bruce Becker <[email protected]>
brucellino · Jun 30, 2024 · e10cd71 · e10cd71
1 parent 08ae614
commit e10cd71
Showing 1 changed file with 23 additions and 14 deletions.
diff --git a/consul-snapshot.nomad b/consul-snapshot.nomad
@@ -2,10 +2,10 @@
 job "consul-backup" {
   datacenters = ["dc1"]
   type        = "batch"
-  // periodic {
-  //   crons = ["1-59/15 * * * * *"]
-  //       prohibit_overlap = false
-  // }
+  periodic {
+    crons            = ["1-59/15 * * * * *"]
+    prohibit_overlap = false
+  }
   group "data" {
     count = 1
     network {}
@@ -15,32 +15,41 @@ job "consul-backup" {
     restart {
       attempts = 0
     }
-
     task "check-consul" {
       # Get a vault token so that we can read consul creds
       template {
         data        = <<-EOH
 #!/bin/env bash
+env
+source ${NOMAD_SECRETS_DIR}/env
+env
 echo "Hi there! I'm a dufus"
 # Lookup vault token
-curl -H "X-Vault-Token: ${VAULT_TOKEN}" \
-     -X GET \
-     http://active.vault.service.consul:8200/v1/auth/token/lookup-self > output.json
-cat output.json | jq
-sleep 120
-
+curl -v -X GET -H "X-Consul-Token: ${CONSUL_HTTP_TOKEN}" http://localhost:8500/v1/snapshot > ${NOMAD_ALLOC_DIR}/data/snapshot
+# Get the playbook
+curl -X GET \
+  -H "Accept: applicaton/vnd.github+json" \
+  -H "Authorization: Bearer ${GITHUB_TOKEN}" \
+  -H "X-Github-Api-Version: 2022-11-28" \
+  https://api.github.com/repos/brucellino/personal-automation/contents/playbooks/backup-state.yml > playbook.yml
+ls -lht
         EOH
         destination = "local/start.sh"
         perms       = "777"
       }
       template {
         data        = <<-EOH
-{{ with secret "hashi_at_home/creds/cluster-role" }}{{ .Data.token }}{{ end }}
+CONSUL_HTTP_TOKEN="{{ with secret "hashi_at_home/creds/cluster-role" }}{{ .Data.token }}{{ end }}"
+GITHUB_TOKEN="{{ with secret "/github_personal_tokens/token"  "repositories=personal-automation"
+"installation_id=44668070"}}{{ .Data.token }}{{ end }}"
+NOMAD_ADDR={{ with service "http.nomad" }}{{ with index . 0 }}http://{{ .Address }}:{{ .Port }}{{ end }}{{ end }}
+VAULT_ADDR={{ range service "vault" }}http://{{ .Address }}:{{ .Port }}{{- end }}
       EOH
-        destination = "local/consul_token"
+        destination = "${NOMAD_SECRETS_DIR}/env"
         perms       = "400"
+        env         = true
       }
-      driver = "raw_exec"
+      driver = "exec"
       config {
         command = "local/start.sh"
       }