Nomad(>1.5.0) artifact from s3 bucket

vvarga · August 31, 2023, 6:57pm

Hi,

So I realized that since 1.5.0 artifact downloads occur in a sub-process.
And when I configure the artifact stanza with the access key and secret key in it, it works just fine.

            artifact {
                source = "s3::http://fubar.com:9020/nomad_artifacts/sandbox/wdc/fake-service/gelf.tpl"
                options {
                    aws_access_key_id     = "6rMOOHXeW/sfsafas"
                    aws_access_key_secret = "1OnW76rMOOHXeW/sfsafasfasd"
                }
            }

However I don’t want to store the credentials in the manifest file. So the idea would be to use environment variables.
For backward compatibility, the artifact sandbox can be configured to inherit specified environment variables from the Nomad client by setting set_environment_variables.
But where do I set these variables? I am confused about this configuration.

vvarga · September 1, 2023, 3:23pm

So I figured out the systemd service file for nomad pulls environment variables from “/etc/nomad.d/nomad.env”

[root@xxxxx ~]# grep Environment /usr/lib/systemd/system/nomad.service
EnvironmentFile=-/etc/nomad.d/nomad.env

If you set the AWS access id, and secret key there, it works with AWS S3,
but doesn’t work with an on-prem s3 compatible object storage.

Topic		Replies	Views
Use env variable in artifact block Nomad	4	411	September 9, 2024
Artifact issue with Vault Nomad	0	213	December 13, 2022
Where does the artifact stanza runs and under what user? Nomad	2	642	June 15, 2021
Nomad job - google cloud storage artifact Nomad	2	517	March 2, 2023
How to pass environment variable created by template block Nomad	4	1603	September 23, 2021

Nomad(>1.5.0) artifact from s3 bucket

Related topics