Hi!
I have a private GitHub repository where all my Nomad configuration and jobs are.
I’m trying to find a better way to check out the repository than how I do it today.
Today I store a SSH key on the nomad clients (different for all of them).
I’d like to be able to run jobs from my laptop/computer and submit to a nomad server.
This works but
- assume that I have a ssh key on the server
- I’m not able to run it from my own computer, only from the nomad server.
(I’ll get a error message that the value must be known.)
artifact {
source = "git::git@github.com:me/myrepo"
destination = "${NOMAD_TASK_DIR}/repo"
options {
sshkey = "${base64encode(file(pathexpand("/opt/nomad/data/.ssh/id_ed25519")))}"
depth = 1
}
}
Is it possible to pull out the base64 secret with vault?
This is my attempt but I fail to get it to work
task "traefik-lb" {
artifact {
source = "git::git@github.com:me/myrepo"
destination = "${NOMAD_TASK_DIR}/repo"
options {
{{ with secret "kv/nomad/artifacts" }}
sshkey = {{.Data.ssh_key}}
{{ end }}
depth = 1
}
}
The error message I get is:
Error getting job struct: Error parsing job file from traefik.hcl:
traefik.hcl:43,11-12: Argument or block definition required; An argument or block definition is required here.
traefik.hcl:57,7-13: Unsupported argument; An argument named “driver” is not expected here.
traefik.hcl:50,7-15: Unsupported block type; Blocks of type “template” are not expected here.
traefik.hcl:58,7-13: Unsupported block type; Blocks of type “config” are not expected here.
traefik.hcl:66,7-16: Unsupported block type; Blocks of type “resources” are not expected here.
traefik.hcl:46,11-16: Unsupported argument; An argument named “depth” is not expected here.
traefik.hcl:44,11-17: Unsupported argument; An argument named “sshkey” is not expected here.
I’ve checked the job file and the artifact block is on the exact same indentation level as it is on another job I have. The error only seems to occur when I have the {{ with secret [...] }}