Hashicorp Nomad: Server configuration for production

剛開始建置PRD環境時，總會怕漏設定了甚麼，一段時間的經驗累積後，總算有個樣子了，紀錄讓想使用的人參考。

datacenter = "Nomad-PRD"
data_dir = "/nomad/data"

name = "nomad-server-1"
bind_addr = "10.x.x.x"

acl {
  enabled = true
  token_ttl = "1h"
  policy_ttl = "24h"
}

log_level = "DEBUG"
log_file = "/nomad/logs/nomad.log"
log_rotate_duration = "24h"


server {
  enabled = true
  bootstrap_expect = 3
  server_join {
    retry_join = [ "10.x.x.x","10.x.x.x","10.x.x.x" ]
    retry_max = 3
    retry_interval = "15s"
  }
  
  license_path = /nomad/license.hclic
}


tls {
  http = true
  ca_file   = "/nomad/ssl/ca.cer"
  cert_file = "/nomad/ssl/cert.cer"
  key_file  = "/nomad/ssl/key.key"
}

telemetry {
  prometheus_metrics = true
}

consul {
  address = "10.x.x.x:8500
  server_service_name = "nomad-server"
  server_auto_join = true
  client_auto_join = true
  allow_unauthenticated = false
  
  ssl = true
  verify_ssl = true
  ca_file = "/nomad/ssl/consul-ca.cer"
  cert_file = "/nomad/ssl/consul-cer.cer"
  key_file = "/nomad/ssl/consul-key.key"
  
  token   = "xxx-xxxx-xxx"
}


vault {
  enabled     = true
  address     = "https://vault.com:8200"
  ca_path     = "/nomad/ssl/vault-ca.cer"
  cert_file   = "/nomad/ssl/vault-cer.crt"
  key_file    = "/nomad/ssl/vault-key.key"
  
  token       = "xxx-xxxx-xxx"
}