Multi datacenter jobs | andalso auth tokens

I hope I’m not conflating issues here. I’m struggling to elegantly deploy a job to multiple datacenters in multiple regions.

My challenge is that I cannot simply load up one provider per region and run a module against it - I don’t have vault, and we don’t want the tokens in the terraform, so I need to source the token per env before running the apply. So we’re doing this as multiple terraform plans, with a token source prior to the plan.

The other issue once I’ve overcome this is how to dynamically allocate the datacenter. Short of using all available DC’s in the list or adding gross sed lines in my CI job, I’m not sure how to accomplish this.

The answer here may be federation, but I wanted to run this past other eyes.

Thanks for your time.

Hi @ret-aws! You almost certainly want federation for this case. You can create a token with a global scope that will be replicated from the authoritative region to all regions. (See the ACL Tokens Fundamentals guide for details).

For the datacenters, there’s a few approaches you can try:

  • If you’re a Nomad Enterprise customer you can use Multi-Cluster Deployments
  • You can use HCL2 variables inject them at deployment time.
  • You could use Terraform variables and templatize the jobspec field.
  • You could use Levant, which I’ll admit I haven’t had a chance to spend much time with but was designed for this kind of use case.