github.com/hernad/nomad@v1.6.112/e2e/terraform/provision-nomad/tls.tf (about) 1 # Copyright (c) HashiCorp, Inc. 2 # SPDX-License-Identifier: MPL-2.0 3 4 resource "tls_private_key" "nomad" { 5 algorithm = "ECDSA" 6 ecdsa_curve = "P384" 7 } 8 9 resource "tls_cert_request" "nomad" { 10 private_key_pem = tls_private_key.nomad.private_key_pem 11 ip_addresses = [var.instance.public_ip, var.instance.private_ip, "127.0.0.1"] 12 dns_names = ["${var.role}.global.nomad"] 13 14 subject { 15 common_name = "${var.role}.global.nomad" 16 } 17 } 18 19 resource "tls_locally_signed_cert" "nomad" { 20 cert_request_pem = tls_cert_request.nomad.cert_request_pem 21 ca_private_key_pem = var.tls_ca_key 22 ca_cert_pem = var.tls_ca_cert 23 24 validity_period_hours = 720 25 26 # Reasonable set of uses for a server SSL certificate. 27 allowed_uses = [ 28 "key_encipherment", 29 "digital_signature", 30 "client_auth", 31 "server_auth", 32 ] 33 } 34 35 resource "local_sensitive_file" "nomad_client_key" { 36 content = tls_private_key.nomad.private_key_pem 37 filename = "keys/agent-${var.instance.public_ip}.key" 38 } 39 40 resource "local_sensitive_file" "nomad_client_cert" { 41 content = tls_locally_signed_cert.nomad.cert_pem 42 filename = "keys/agent-${var.instance.public_ip}.crt" 43 }