Nomad ACL Bootstrap with ansible

Hey there.

I’ve been working with Nomad for a couple of months now and I’m trying to automate everything. After deploying a new Nomad cluster I need to bootstrap the ACLs, so I need to run the nomad acl bootstrap.

We are deploying Nomad with the help of terraform and ansible, so I am trying to figure it out how to bootstrap the cluster with Nomad in a standard or correct way.

Have you ever needed to do this?

Thanks in advance!

Interesting topic…

At first glance, this sounds like a few ansible.builtin.uri tasks against the Nomad API, and maybe a few ansible.builtin.template tasks to deliver a Nomad configuration acl stanza.

Specifically the ACL bootstrap endpoint . From the docs:

This endpoint is used to bootstrap the ACL system and provide the initial management token.

Reading the output of a uri tasks will provide the initial management token…

(my thought goes immediately to writing a Nomad Operator which may be implemented in Ansible: a special Nomad job which takes care of everything – getting Ansible, running the playbook against Nomad itself, etc etc)

Let us know how it goes :slight_smile:

1 Like

Bonjour, :wave:

I use this task to create an ACL bootstrap:

    - name: "Nomad ACL | Generate Bootstrap token"
        url: "{{ nomad_install_http_scheme }}://{{ nomad_install_http_ip }}:{{ nomad_install_http_port }}/v1/acl/bootstrap"
        ca_path: "{{ nomad_install_tls_host_certificate_dir }}/{{ nomad_install_tls_ca_pubkey }}"
        client_cert: "{{ nomad_install_tls_host_certificate_dir }}/{{ nomad_install_tls_cert }}"
        client_key: "{{ nomad_install_tls_host_certificate_dir }}/{{ nomad_install_tls_privatekey }}"
        method: POST
        body_format: json
            - 200
      register: nomad_management_token_result

    - ansible.builtin.debug:
        msg: "{{ nomad_management_token_result.json.SecretID }}"

Hope that can help you. :smiley:


I love these solutions! I didn’t know there was an endpoint in the HTTP API for doing this! It’s pretty helpful.

I will test it myself and I will post the solution here. Thanks guys !