cluster/services/consul: laod system management token on startup WIP
This commit is contained in:
parent
9c260fd0f7
commit
5704e358e0
1 changed files with 24 additions and 1 deletions
|
@ -35,7 +35,30 @@ in
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.services.consul.serviceConfig.Type = "notify";
|
systemd.services = {
|
||||||
|
consul.serviceConfig.Type = "notify";
|
||||||
|
consul-load-smt = {
|
||||||
|
wantedBy = [ "consul.service" ];
|
||||||
|
after = [ "consul.service" ];
|
||||||
|
environment.CONSUL_HTTP_ADDR = config.links.consulAgent.tuple;
|
||||||
|
path = [
|
||||||
|
config.services.consul.package
|
||||||
|
];
|
||||||
|
serviceConfig = {
|
||||||
|
Type = "oneshot";
|
||||||
|
RemainAfterExit = true;
|
||||||
|
};
|
||||||
|
script = ''
|
||||||
|
while ! test -e /run/locksmith/consul-systemManagementToken; do
|
||||||
|
echo Waiting for System Management Token
|
||||||
|
systemctl start locksmith.service
|
||||||
|
sleep 5
|
||||||
|
done
|
||||||
|
export CONSUL_HTTP_TOKEN_FILE=/run/locksmith/consul-systemManagementToken
|
||||||
|
consul acl set-agent-token default "$(< /run/locksmith/consul-systemManagementToken)" # TODO: don't leak token on cmdline
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
services.grafana-agent.settings.integrations.consul_exporter = {
|
services.grafana-agent.settings.integrations.consul_exporter = {
|
||||||
enabled = true;
|
enabled = true;
|
||||||
|
|
Loading…
Reference in a new issue