Infra: Additional changes

Signed-off-by: pmikus <pmikus@cisco.com>
Change-Id: Ie08bd125c0d7b8e47344d34db77526f6714f5c0d

7 files changed, 114 insertions, 65 deletions

diff --git a/fdio.infra.terraform/1n_nmd/alertmanager/versions.tf b/fdio.infra.terraform/1n_nmd/alertmanager/versions.tf
new file mode 100644
index 0000000000..960bd4bba6
--- /dev/null
+++ b/fdio.infra.terraform/1n_nmd/alertmanager/versions.tf
@@ -0,0 +1,13 @@
+terraform {
+  required_providers {
+    nomad = {
+      source  = "hashicorp/nomad"
+      version = "~> 1.4.9"
+    }
+    template = {
+      source  = "hashicorp/template"
+      version = "~> 2.1.2"
+    }
+  }
+  required_version = ">= 0.13"
+}
diff --git a/fdio.infra.terraform/1n_nmd/grafana/versions.tf b/fdio.infra.terraform/1n_nmd/grafana/versions.tf
new file mode 100644
index 0000000000..960bd4bba6
--- /dev/null
+++ b/fdio.infra.terraform/1n_nmd/grafana/versions.tf
@@ -0,0 +1,13 @@
+terraform {
+  required_providers {
+    nomad = {
+      source  = "hashicorp/nomad"
+      version = "~> 1.4.9"
+    }
+    template = {
+      source  = "hashicorp/template"
+      version = "~> 2.1.2"
+    }
+  }
+  required_version = ">= 0.13"
+}
diff --git a/fdio.infra.terraform/1n_nmd/nginx/conf/nomad/nginx.hcl b/fdio.infra.terraform/1n_nmd/nginx/conf/nomad/nginx.hcl
index 0775a498da..1382060ba6 100644
--- a/fdio.infra.terraform/1n_nmd/nginx/conf/nomad/nginx.hcl
+++ b/fdio.infra.terraform/1n_nmd/nginx/conf/nomad/nginx.hcl
@@ -132,8 +132,10 @@ job "${job_name}" {
         }
         privileged   = false
         volumes      = [
-          "/etc/consul.d/ssl/consul.pem:/etc/ssl/certs/nginx-cert.pem",
-          "/etc/consul.d/ssl/consul-key.pem:/etc/ssl/private/nginx-key.pem",
+          "/etc/ssl/certs/docs.nginx.service.consul.crt:/etc/ssl/certs/docs.nginx.service.consul.crt",
+          "/etc/ssl/private/docs.nginx.service.consul.key:/etc/ssl/private/docs.nginx.service.consul.key",
+          "/etc/ssl/certs/logs.nginx.service.consul.crt:/etc/ssl/certs/logs.nginx.service.consul.crt",
+          "/etc/ssl/private/logs.nginx.service.consul.key:/etc/ssl/private/logs.nginx.service.consul.key",
           "custom/upstream.conf:/etc/nginx/conf.d/upstream.conf",
           "custom/logs.conf:/etc/nginx/conf.d/logs.conf",
           "custom/docs.conf:/etc/nginx/conf.d/docs.conf"
@@ -170,8 +172,8 @@ job "${job_name}" {
             ssl_protocols TLSv1.2;
             ssl_prefer_server_ciphers on;
             ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384";
-            ssl_certificate /etc/ssl/certs/nginx-cert.pem;
-            ssl_certificate_key /etc/ssl/private/nginx-key.pem;
+            ssl_certificate /etc/ssl/certs/logs.nginx.service.consul.crt;
+            ssl_certificate_key /etc/ssl/private/logs.nginx.service.consul.key;
             location / {
               chunked_transfer_encoding off;
               proxy_connect_timeout 300;
@@ -229,8 +231,8 @@ job "${job_name}" {
             ssl_protocols TLSv1.2;
             ssl_prefer_server_ciphers on;
             ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384";
-            ssl_certificate /etc/ssl/certs/nginx-cert.pem;
-            ssl_certificate_key /etc/ssl/private/nginx-key.pem;
+            ssl_certificate /etc/ssl/certs/docs.nginx.service.consul.crt;
+            ssl_certificate_key /etc/ssl/private/docs.nginx.service.consul.key;
             location / {
               chunked_transfer_encoding off;
               proxy_connect_timeout 300;
diff --git a/fdio.infra.terraform/1n_nmd/prometheus/versions.tf b/fdio.infra.terraform/1n_nmd/prometheus/versions.tf
new file mode 100644
index 0000000000..960bd4bba6
--- /dev/null
+++ b/fdio.infra.terraform/1n_nmd/prometheus/versions.tf
@@ -0,0 +1,13 @@
+terraform {
+  required_providers {
+    nomad = {
+      source  = "hashicorp/nomad"
+      version = "~> 1.4.9"
+    }
+    template = {
+      source  = "hashicorp/template"
+      version = "~> 2.1.2"
+    }
+  }
+  required_version = ">= 0.13"
+}
diff --git a/fdio.infra.terraform/1n_nmd/terraform.tfstate b/fdio.infra.terraform/1n_nmd/terraform.tfstate
index 727a458509..a7cb3a7e68 100644
--- a/fdio.infra.terraform/1n_nmd/terraform.tfstate
+++ b/fdio.infra.terraform/1n_nmd/terraform.tfstate
@@ -1,7 +1,7 @@
 {
   "version": 4,
-  "terraform_version": "0.14.9",
-  "serial": 1159,
+  "terraform_version": "0.15.3",
+  "serial": 1167,
   "lineage": "e4e7f30a-652d-7a31-e31c-5e3a3388c9b9",
   "outputs": {},
   "resources": [
@@ -54,13 +54,12 @@
           "schema_version": 0,
           "attributes": {
             "allocation_ids": [
-              "be1a3799-a3c2-1fc7-333d-c6d16012b8e4",
-              "0fafbccb-8855-e1e6-dc14-caa45e611a72"
+              "778f4f9d-dea8-e5bd-c9cf-f7a7e2d3a24e"
             ],
             "datacenters": [
               "yul1"
             ],
-            "deployment_id": "0caf7327-a01d-a326-6ac7-bdc9fd4757b5",
+            "deployment_id": "1cd42f80-d43d-96cf-bce9-c1f77872e48b",
             "deployment_status": "successful",
             "deregister_on_destroy": true,
             "deregister_on_id_change": true,
@@ -68,7 +67,7 @@
             "id": "prod-alertmanager",
             "jobspec": "job \"prod-alertmanager\" {\n  # The \"region\" parameter specifies the region in which to execute the job.\n  # If omitted, this inherits the default region name of \"global\".\n  # region = \"global\"\n  #\n  # The \"datacenters\" parameter specifies the list of datacenters which should\n  # be considered when placing this task. This must be provided.\n  datacenters         = \"yul1\"\n\n  # The \"type\" parameter controls the type of job, which impacts the scheduler's\n  # decision on placement. This configuration is optional and defaults to\n  # \"service\". For a full list of job types and their differences, please see\n  # the online documentation.\n  #\n  # For more information, please see the online documentation at:\n  #\n  #     https://www.nomadproject.io/docs/jobspec/schedulers\n  #\n  type                = \"service\"\n\n  update {\n    # The \"max_parallel\" parameter specifies the maximum number of updates to\n    # perform in parallel. In this case, this specifies to update a single task\n    # at a time.\n    max_parallel      = 1\n\n    health_check      = \"checks\"\n\n    # The \"min_healthy_time\" parameter specifies the minimum time the allocation\n    # must be in the healthy state before it is marked as healthy and unblocks\n    # further allocations from being updated.\n    min_healthy_time  = \"10s\"\n\n    # The \"healthy_deadline\" parameter specifies the deadline in which the\n    # allocation must be marked as healthy after which the allocation is\n    # automatically transitioned to unhealthy. Transitioning to unhealthy will\n    # fail the deployment and potentially roll back the job if \"auto_revert\" is\n    # set to true.\n    healthy_deadline  = \"3m\"\n\n    # The \"progress_deadline\" parameter specifies the deadline in which an\n    # allocation must be marked as healthy. The deadline begins when the first\n    # allocation for the deployment is created and is reset whenever an allocation\n    # as part of the deployment transitions to a healthy state. If no allocation\n    # transitions to the healthy state before the progress deadline, the\n    # deployment is marked as failed.\n    progress_deadline = \"10m\"\n\n\n    # The \"canary\" parameter specifies that changes to the job that would result\n    # in destructive updates should create the specified number of canaries\n    # without stopping any previous allocations. Once the operator determines the\n    # canaries are healthy, they can be promoted which unblocks a rolling update\n    # of the remaining allocations at a rate of \"max_parallel\".\n    #\n    # Further, setting \"canary\" equal to the count of the task group allows\n    # blue/green deployments. When the job is updated, a full set of the new\n    # version is deployed and upon promotion the old version is stopped.\n    canary            = 1\n\n    # Specifies if the job should auto-promote to the canary version when all\n    # canaries become healthy during a deployment. Defaults to false which means\n    # canaries must be manually updated with the nomad deployment promote\n    # command.\n    auto_promote      = true\n\n    # The \"auto_revert\" parameter specifies if the job should auto-revert to the\n    # last stable job on deployment failure. A job is marked as stable if all the\n    # allocations as part of its deployment were marked healthy.\n    auto_revert       = true\n\n  }\n\n  # The reschedule stanza specifies the group's rescheduling strategy. If\n  # specified at the job level, the configuration will apply to all groups\n  # within the job. If the reschedule stanza is present on both the job and the\n  # group, they are merged with the group stanza taking the highest precedence\n  # and then the job.\n  reschedule {\n    delay             = \"30s\"\n    delay_function    = \"constant\"\n    unlimited         = true\n  }\n\n  # The \"group\" stanza defines a series of tasks that should be co-located on\n  # the same Nomad client. Any task within a group will be placed on the same\n  # client.\n  #\n  # For more information and examples on the \"group\" stanza, please see\n  # the online documentation at:\n  #\n  #     https://www.nomadproject.io/docs/job-specification/group\n  #\n  group \"prod-group1-alertmanager\" {\n    # The \"count\" parameter specifies the number of the task groups that should\n    # be running under this group. This value must be non-negative and defaults\n    # to 1.\n    count             = 1\n\n    # The restart stanza configures a tasks's behavior on task failure. Restarts\n    # happen on the client that is running the task.\n    #\n    # https://www.nomadproject.io/docs/job-specification/restart\n    #\n    restart {\n      interval  = \"30m\"\n      attempts  = 40\n      delay     = \"15s\"\n      mode      = \"delay\"\n    }\n\n    # The constraint allows restricting the set of eligible nodes. Constraints\n    # may filter on attributes or client metadata.\n    #\n    # For more information and examples on the \"volume\" stanza, please see\n    # the online documentation at:\n    #\n    #     https://www.nomadproject.io/docs/job-specification/constraint\n    #\n    constraint {\n      attribute       = \"${attr.cpu.arch}\"\n      operator        = \"!=\"\n      value           = \"arm64\"\n    }\n\n    # The \"task\" stanza creates an individual unit of work, such as a Docker\n    # container, web application, or batch processing.\n    #\n    # For more information and examples on the \"task\" stanza, please see\n    # the online documentation at:\n    #\n    #     https://www.nomadproject.io/docs/job-specification/task\n    #\n    task \"prod-task1-alertmanager\" {\n      # The \"driver\" parameter specifies the task driver that should be used to\n      # run the task.\n      driver          = \"exec\"\n\n      \n\n      # The \"config\" stanza specifies the driver configuration, which is passed\n      # directly to the driver to start the task. The details of configurations\n      # are specific to each driver, so please see specific driver\n      # documentation for more information.\n      config {\n        command       = \"local/alertmanager-0.21.0.linux-amd64/alertmanager\"\n        args          = [\n          \"--config.file=secrets/alertmanager.yml\"\n        ]\n      }\n\n      # The artifact stanza instructs Nomad to fetch and unpack a remote resource,\n      # such as a file, tarball, or binary. Nomad downloads artifacts using the\n      # popular go-getter library, which permits downloading artifacts from a\n      # variety of locations using a URL as the input source.\n      #\n      # For more information and examples on the \"artifact\" stanza, please see\n      # the online documentation at:\n      #\n      #     https://www.nomadproject.io/docs/job-specification/artifact\n      #\n      artifact {\n        source          = \"https://github.com/prometheus/alertmanager/releases/download/v0.21.0/alertmanager-0.21.0.linux-amd64.tar.gz\"\n      }\n\n      # The \"template\" stanza instructs Nomad to manage a template, such as\n      # a configuration file or script. This template can optionally pull data\n      # from Consul or Vault to populate runtime configuration data.\n      #\n      # For more information and examples on the \"template\" stanza, please see\n      # the online documentation at:\n      #\n      #     https://www.nomadproject.io/docs/job-specification/template\n      #\n      template {\n        change_mode     = \"noop\"\n        change_signal   = \"SIGINT\"\n        destination     = \"secrets/alertmanager.yml\"\n        left_delimiter  = \"{{{\"\n        right_delimiter = \"}}}\"\n        data            = \u003c\u003cEOH\n# The directory from which notification templates are read.\ntemplates:\n- '/etc/alertmanager/template/*.tmpl'\n\n#tls_config:\n#  # CA certificate to validate the server certificate with.\n#  ca_file: \u003cfilepath\u003e ]\n#\n#  # Certificate and key files for client cert authentication to the server.\n#  cert_file: \u003cfilepath\u003e\n#  key_file: \u003cfilepath\u003e\n#\n#  # ServerName extension to indicate the name of the server.\n#  # http://tools.ietf.org/html/rfc4366#section-3.1\n#  server_name: \u003cstring\u003e\n#\n#  # Disable validation of the server certificate.\n#  insecure_skip_verify: true\n\n# The root route on which each incoming alert enters.\nroute:\n  receiver: 'default-slack-receiver'\n\n  # The labels by which incoming alerts are grouped together. For example,\n  # multiple alerts coming in for cluster=A and alertname=LatencyHigh would\n  # be batched into a single group.\n  #\n  # To aggregate by all possible labels use '...' as the sole label name.\n  # This effectively disables aggregation entirely, passing through all\n  # alerts as-is. This is unlikely to be what you want, unless you have\n  # a very low alert volume or your upstream notification system performs\n  # its own grouping. Example: group_by: [...]\n  group_by: ['alertname']\n\n  # When a new group of alerts is created by an incoming alert, wait at\n  # least 'group_wait' to send the initial notification.\n  # This way ensures that you get multiple alerts for the same group that start\n  # firing shortly after another are batched together on the first\n  # notification.\n  group_wait: 30s\n\n  # When the first notification was sent, wait 'group_interval' to send a batch\n  # of new alerts that started firing for that group.\n  group_interval: 5m\n\n  # If an alert has successfully been sent, wait 'repeat_interval' to\n  # resend them.\n  repeat_interval: 3h\n\n  # All the above attributes are inherited by all child routes and can\n  # overwritten on each.\n  # The child route trees.\n  routes:\n  - match_re:\n      alertname: JenkinsJob.*\n    receiver: jenkins-slack-receiver\n    routes:\n    - match:\n        severity: critical\n      receiver: 'jenkins-slack-receiver'\n\n  - match_re:\n      service: .*\n    receiver: default-slack-receiver\n    routes:\n    - match:\n        severity: critical\n      receiver: 'default-slack-receiver'\n\n# Inhibition rules allow to mute a set of alerts given that another alert is\n# firing.\n# We use this to mute any warning-level notifications if the same alert is\n# already critical.\ninhibit_rules:\n- source_match:\n    severity: 'critical'\n  target_match:\n    severity: 'warning'\n  equal: ['alertname', 'instance']\n\nreceivers:\n- name: 'jenkins-slack-receiver'\n  slack_configs:\n  - api_url: 'TE07RD1V1/B01U1NV9HV3/hKZXJJ74g2JcISq4K3QC1eG9'\n    channel: '#fdio-jobs-monitoring'\n    send_resolved: true\n    icon_url: https://avatars3.githubusercontent.com/u/3380462\n    title: |-\n     [{{ .Status | toUpper }}{{ if eq .Status \"firing\" }}:{{ .Alerts.Firing | len }}{{ end }}] {{ .CommonLabels.alertname }} for {{ .CommonLabels.job }}\n     {{- if gt (len .CommonLabels) (len .GroupLabels) -}}\n       {{\" \"}}(\n       {{- with .CommonLabels.Remove .GroupLabels.Names }}\n         {{- range $index, $label := .SortedPairs -}}\n           {{ if $index }}, {{ end }}\n           {{- $label.Name }}=\"{{ $label.Value -}}\"\n         {{- end }}\n       {{- end -}}\n       )\n     {{- end }}\n    text: \u003e-\n     {{ range .Alerts -}}\n     *Alert:* {{ .Annotations.summary }}{{ if .Labels.severity }} - `{{ .Labels.severity }}`{{ end }}\n\n     *Description:* {{ .Annotations.description }}\n\n     *Details:*\n       {{ range .Labels.SortedPairs }} • *{{ .Name }}:* `{{ .Value }}`\n       {{ end }}\n     {{ end }}\n\n- name: 'default-slack-receiver'\n  slack_configs:\n  - api_url: 'TE07RD1V1/B01UUK23B6C/hZTcCu42FUv8d6rtirHtcYIi'\n    channel: '#fdio-infra-monitoring'\n    send_resolved: true\n    icon_url: https://avatars3.githubusercontent.com/u/3380462\n    title: |-\n     [{{ .Status | toUpper }}{{ if eq .Status \"firing\" }}:{{ .Alerts.Firing | len }}{{ end }}] {{ .CommonLabels.alertname }} for {{ .CommonLabels.job }}\n     {{- if gt (len .CommonLabels) (len .GroupLabels) -}}\n       {{\" \"}}(\n       {{- with .CommonLabels.Remove .GroupLabels.Names }}\n         {{- range $index, $label := .SortedPairs -}}\n           {{ if $index }}, {{ end }}\n           {{- $label.Name }}=\"{{ $label.Value -}}\"\n         {{- end }}\n       {{- end -}}\n       )\n     {{- end }}\n    text: \u003e-\n     {{ range .Alerts -}}\n     *Alert:* {{ .Annotations.summary }}{{ if .Labels.severity }} - `{{ .Labels.severity }}`{{ end }}\n\n     *Description:* {{ .Annotations.description }}\n\n     *Details:*\n       {{ range .Labels.SortedPairs }} • *{{ .Name }}:* `{{ .Value }}`\n       {{ end }}\n     {{ end }}\nEOH\n      }\n\n      # The service stanza instructs Nomad to register a service with Consul.\n      #\n      # For more information and examples on the \"task\" stanza, please see\n      # the online documentation at:\n      #\n      #     https://www.nomadproject.io/docs/job-specification/service\n      #\n      service {\n        name            = \"alertmanager\"\n        port            = \"alertmanager\"\n        tags            = [ \"alertmanager${NOMAD_ALLOC_INDEX}\" ]\n        check {\n          name          = \"Alertmanager Check Live\"\n          type          = \"http\"\n          path          = \"/-/healthy\"\n          interval      = \"10s\"\n          timeout       = \"2s\"\n        }\n      }\n\n      # The \"resources\" stanza describes the requirements a task needs to\n      # execute. Resource requirements include memory, network, cpu, and more.\n      # This ensures the task will execute on a machine that contains enough\n      # resource capacity.\n      #\n      # For more information and examples on the \"resources\" stanza, please see\n      # the online documentation at:\n      #\n      #     https://www.nomadproject.io/docs/job-specification/resources\n      #\n      resources {\n        cpu             = 1000\n        memory          = 1024\n        # The network stanza specifies the networking requirements for the task\n        # group, including the network mode and port allocations. When scheduling\n        # jobs in Nomad they are provisioned across your fleet of machines along\n        # with other jobs and services. Because you don't know in advance what host\n        # your job will be provisioned on, Nomad will provide your tasks with\n        # network configuration when they start up.\n        #\n        # For more information and examples on the \"template\" stanza, please see\n        # the online documentation at:\n        #\n        #     https://www.nomadproject.io/docs/job-specification/network\n        #\n        network {\n          port \"alertmanager\" {\n            static      = 9093\n          }\n        }\n      }\n    }\n  }\n}",
             "json": null,
-            "modify_index": "7897599",
+            "modify_index": "8219920",
             "name": "prod-alertmanager",
             "namespace": "default",
             "policy_override": null,
@@ -142,7 +141,7 @@
           "schema_version": 0,
           "attributes": {
             "allocation_ids": [
-              "ef47688b-01f1-2c0a-a7a7-431b110fa47c"
+              "24a62387-6e3e-2a43-0d90-a287f161b4d9"
             ],
             "datacenters": [
               "yul1"
@@ -271,10 +270,9 @@
           "schema_version": 0,
           "attributes": {
             "allocation_ids": [
-              "88cb1365-2623-d033-ee0b-8e24d325a5f6",
-              "d6eb67f6-8bfd-cc04-164e-4f60996a3c18",
-              "edc4511e-405a-9406-8aa1-20a8a1de5c68",
-              "af2d6f9d-7b8a-9300-328c-88449cc893cf"
+              "bd315c5e-035d-3a08-698d-d119fb48035f",
+              "e82e0119-4d2e-89eb-baa3-0ec6bde71661",
+              "24e462a6-6d55-a109-47bf-4c83ad5596a7"
             ],
             "datacenters": [
               "yul1"
@@ -343,9 +341,9 @@
           "schema_version": 0,
           "attributes": {
             "filename": null,
-            "id": "92bd3cfebeb2b4fc1876937515d89affe5135575364a5154f8da4f06706669a0",
-            "rendered": "job \"prod-nginx\" {\n  # The \"region\" parameter specifies the region in which to execute the job.\n  # If omitted, this inherits the default region name of \"global\".\n  # region = \"global\"\n  #\n  # The \"datacenters\" parameter specifies the list of datacenters which should\n  # be considered when placing this task. This must be provided.\n  datacenters = \"yul1\"\n\n  # The \"type\" parameter controls the type of job, which impacts the scheduler's\n  # decision on placement. This configuration is optional and defaults to\n  # \"service\". For a full list of job types and their differences, please see\n  # the online documentation.\n  #\n  # For more information, please see the online documentation at:\n  #\n  #     https://www.nomadproject.io/docs/jobspec/schedulers.html\n  #\n  type = \"service\"\n\n  update {\n    # The \"max_parallel\" parameter specifies the maximum number of updates to\n    # perform in parallel. In this case, this specifies to update a single task\n    # at a time.\n    max_parallel      = 0\n\n    # The \"min_healthy_time\" parameter specifies the minimum time the allocation\n    # must be in the healthy state before it is marked as healthy and unblocks\n    # further allocations from being updated.\n    min_healthy_time  = \"10s\"\n\n    # The \"healthy_deadline\" parameter specifies the deadline in which the\n    # allocation must be marked as healthy after which the allocation is\n    # automatically transitioned to unhealthy. Transitioning to unhealthy will\n    # fail the deployment and potentially roll back the job if \"auto_revert\" is\n    # set to true.\n    healthy_deadline  = \"3m\"\n\n    # The \"progress_deadline\" parameter specifies the deadline in which an\n    # allocation must be marked as healthy. The deadline begins when the first\n    # allocation for the deployment is created and is reset whenever an allocation\n    # as part of the deployment transitions to a healthy state. If no allocation\n    # transitions to the healthy state before the progress deadline, the\n    # deployment is marked as failed.\n    progress_deadline = \"10m\"\n\n    # The \"auto_revert\" parameter specifies if the job should auto-revert to the\n    # last stable job on deployment failure. A job is marked as stable if all the\n    # allocations as part of its deployment were marked healthy.\n    auto_revert       = false\n\n    # The \"canary\" parameter specifies that changes to the job that would result\n    # in destructive updates should create the specified number of canaries\n    # without stopping any previous allocations. Once the operator determines the\n    # canaries are healthy, they can be promoted which unblocks a rolling update\n    # of the remaining allocations at a rate of \"max_parallel\".\n    #\n    # Further, setting \"canary\" equal to the count of the task group allows\n    # blue/green deployments. When the job is updated, a full set of the new\n    # version is deployed and upon promotion the old version is stopped.\n    canary            = 0\n  }\n\n  # The reschedule stanza specifies the group's rescheduling strategy. If\n  # specified at the job level, the configuration will apply to all groups\n  # within the job. If the reschedule stanza is present on both the job and the\n  # group, they are merged with the group stanza taking the highest precedence\n  # and then the job.\n  reschedule {\n    delay             = \"30s\"\n    delay_function    = \"constant\"\n    unlimited         = true\n  }\n\n  # The \"group\" stanza defines a series of tasks that should be co-located on\n  # the same Nomad client. Any task within a group will be placed on the same\n  # client.\n  #\n  # For more information and examples on the \"group\" stanza, please see\n  # the online documentation at:\n  #\n  #     https://www.nomadproject.io/docs/job-specification/group.html\n  #\n  group \"prod-group1-nginx\" {\n    # The \"count\" parameter specifies the number of the task groups that should\n    # be running under this group. This value must be non-negative and defaults\n    # to 1.\n    count = 1\n\n    # https://www.nomadproject.io/docs/job-specification/volume\n    \n    volume \"prod-volume1-nginx\" {\n      type      = \"host\"\n      read_only = false\n      source    = \"prod-volume-data1-1\"\n    }\n    \n\n    # The restart stanza configures a tasks's behavior on task failure. Restarts\n    # happen on the client that is running the task.\n    #\n    # https://www.nomadproject.io/docs/job-specification/restart\n    #\n    restart {\n      interval  = \"30m\"\n      attempts  = 40\n      delay     = \"15s\"\n      mode      = \"delay\"\n    }\n\n    # The \"task\" stanza creates an individual unit of work, such as a Docker\n    # container, web application, or batch processing.\n    #\n    # For more information and examples on the \"task\" stanza, please see\n    # the online documentation at:\n    #\n    #     https://www.nomadproject.io/docs/job-specification/task.html\n    #\n    task \"prod-task1-nginx\" {\n      # The \"driver\" parameter specifies the task driver that should be used to\n      # run the task.\n      driver = \"docker\"\n\n      # The \"config\" stanza specifies the driver configuration, which is passed\n      # directly to the driver to start the task. The details of configurations\n      # are specific to each driver, so please see specific driver\n      # documentation for more information.\n      config {\n        image        = \"nginx:stable\"\n        port_map {\n          https      = 443\n        }\n        privileged   = false\n        volumes      = [\n          \"/etc/consul.d/ssl/consul.pem:/etc/ssl/certs/nginx-cert.pem\",\n          \"/etc/consul.d/ssl/consul-key.pem:/etc/ssl/private/nginx-key.pem\",\n          \"custom/upstream.conf:/etc/nginx/conf.d/upstream.conf\",\n          \"custom/logs.conf:/etc/nginx/conf.d/logs.conf\",\n          \"custom/docs.conf:/etc/nginx/conf.d/docs.conf\"\n        ]\n      }\n\n      # The \"template\" stanza instructs Nomad to manage a template, such as\n      # a configuration file or script. This template can optionally pull data\n      # from Consul or Vault to populate runtime configuration data.\n      #\n      # For more information and examples on the \"template\" stanza, please see\n      # the online documentation at:\n      #\n      #     https://www.nomadproject.io/docs/job-specification/template.html\n      #\n      template {\n        data = \u003c\u003cEOH\n          upstream storage {\n            {{ range service \"storage\" }}\n              server {{ .Address }}:{{ .Port }};\n            {{ end }}\n          }\n        EOH\n        destination = \"custom/upstream.conf\"\n      }\n      template {\n        data = \u003c\u003cEOH\n          server {\n            listen 443 ssl default_server;\n            server_name logs.nginx.service.consul;\n            keepalive_timeout 70;\n            ssl_session_cache shared:SSL:10m;\n            ssl_session_timeout 10m;\n            ssl_protocols TLSv1.2;\n            ssl_prefer_server_ciphers on;\n            ssl_ciphers \"ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384\";\n            ssl_certificate /etc/ssl/certs/nginx-cert.pem;\n            ssl_certificate_key /etc/ssl/private/nginx-key.pem;\n            location / {\n              chunked_transfer_encoding off;\n              proxy_connect_timeout 300;\n              proxy_http_version 1.1;\n              proxy_set_header Host $host:$server_port;\n              proxy_set_header Connection \"\";\n              proxy_pass http://storage/logs.fd.io/;\n              server_name_in_redirect off;\n            }\n            location ~ (.*html.gz)$ {\n              add_header Content-Encoding gzip;\n              add_header Content-Type text/html;\n              chunked_transfer_encoding off;\n              proxy_connect_timeout 300;\n              proxy_http_version 1.1;\n              proxy_set_header Host $host:$server_port;\n              proxy_set_header Connection \"\";\n              proxy_pass http://storage/logs.fd.io/$1;\n              server_name_in_redirect off;\n            }\n            location ~ (.*txt.gz|.*log.gz)$ {\n              add_header Content-Encoding gzip;\n              add_header Content-Type text/plain;\n              chunked_transfer_encoding off;\n              proxy_connect_timeout 300;\n              proxy_http_version 1.1;\n              proxy_set_header Host $host:$server_port;\n              proxy_set_header Connection \"\";\n              proxy_pass http://storage/logs.fd.io/$1;\n              server_name_in_redirect off;\n            }\n            location ~ (.*xml.gz)$ {\n              add_header Content-Encoding gzip;\n              add_header Content-Type application/xml;\n              chunked_transfer_encoding off;\n              proxy_connect_timeout 300;\n              proxy_http_version 1.1;\n              proxy_set_header Host $host:$server_port;\n              proxy_set_header Connection \"\";\n              proxy_pass http://storage/logs.fd.io/$1;\n              server_name_in_redirect off;\n            }\n        }\n        EOH\n        destination = \"custom/logs.conf\"\n      }\n      template {\n        data = \u003c\u003cEOH\n          server {\n            listen 443 ssl;\n            server_name docs.nginx.service.consul;\n            keepalive_timeout 70;\n            ssl_session_cache shared:SSL:10m;\n            ssl_session_timeout 10m;\n            ssl_protocols TLSv1.2;\n            ssl_prefer_server_ciphers on;\n            ssl_ciphers \"ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384\";\n            ssl_certificate /etc/ssl/certs/nginx-cert.pem;\n            ssl_certificate_key /etc/ssl/private/nginx-key.pem;\n            location / {\n              chunked_transfer_encoding off;\n              proxy_connect_timeout 300;\n              proxy_http_version 1.1;\n              proxy_set_header Host $host:$server_port;\n              proxy_set_header Connection \"\";\n              proxy_pass http://storage/docs.fd.io/;\n              server_name_in_redirect off;\n            }\n          }\n        EOH\n        destination = \"custom/docs.conf\"\n      }\n\n      # The service stanza instructs Nomad to register a service with Consul.\n      #\n      # For more information and examples on the \"task\" stanza, please see\n      # the online documentation at:\n      #\n      #     https://www.nomadproject.io/docs/job-specification/service.html\n      #\n      service {\n        name       = \"nginx\"\n        port       = \"https\"\n        tags       = [ \"docs\", \"logs\" ]\n      }\n\n      # The \"resources\" stanza describes the requirements a task needs to\n      # execute. Resource requirements include memory, network, cpu, and more.\n      # This ensures the task will execute on a machine that contains enough\n      # resource capacity.\n      #\n      # For more information and examples on the \"resources\" stanza, please see\n      # the online documentation at:\n      #\n      #     https://www.nomadproject.io/docs/job-specification/resources.html\n      #\n      resources {\n        cpu        = 2000\n        memory     = 4096\n        network {\n          mode     = \"bridge\"\n          port \"https\" {\n            static = 443\n          }\n        }\n      }\n    }\n  }\n}",
-            "template": "job \"${job_name}\" {\n  # The \"region\" parameter specifies the region in which to execute the job.\n  # If omitted, this inherits the default region name of \"global\".\n  # region = \"global\"\n  #\n  # The \"datacenters\" parameter specifies the list of datacenters which should\n  # be considered when placing this task. This must be provided.\n  datacenters = \"${datacenters}\"\n\n  # The \"type\" parameter controls the type of job, which impacts the scheduler's\n  # decision on placement. This configuration is optional and defaults to\n  # \"service\". For a full list of job types and their differences, please see\n  # the online documentation.\n  #\n  # For more information, please see the online documentation at:\n  #\n  #     https://www.nomadproject.io/docs/jobspec/schedulers.html\n  #\n  type = \"service\"\n\n  update {\n    # The \"max_parallel\" parameter specifies the maximum number of updates to\n    # perform in parallel. In this case, this specifies to update a single task\n    # at a time.\n    max_parallel      = 0\n\n    # The \"min_healthy_time\" parameter specifies the minimum time the allocation\n    # must be in the healthy state before it is marked as healthy and unblocks\n    # further allocations from being updated.\n    min_healthy_time  = \"10s\"\n\n    # The \"healthy_deadline\" parameter specifies the deadline in which the\n    # allocation must be marked as healthy after which the allocation is\n    # automatically transitioned to unhealthy. Transitioning to unhealthy will\n    # fail the deployment and potentially roll back the job if \"auto_revert\" is\n    # set to true.\n    healthy_deadline  = \"3m\"\n\n    # The \"progress_deadline\" parameter specifies the deadline in which an\n    # allocation must be marked as healthy. The deadline begins when the first\n    # allocation for the deployment is created and is reset whenever an allocation\n    # as part of the deployment transitions to a healthy state. If no allocation\n    # transitions to the healthy state before the progress deadline, the\n    # deployment is marked as failed.\n    progress_deadline = \"10m\"\n\n    # The \"auto_revert\" parameter specifies if the job should auto-revert to the\n    # last stable job on deployment failure. A job is marked as stable if all the\n    # allocations as part of its deployment were marked healthy.\n    auto_revert       = false\n\n    # The \"canary\" parameter specifies that changes to the job that would result\n    # in destructive updates should create the specified number of canaries\n    # without stopping any previous allocations. Once the operator determines the\n    # canaries are healthy, they can be promoted which unblocks a rolling update\n    # of the remaining allocations at a rate of \"max_parallel\".\n    #\n    # Further, setting \"canary\" equal to the count of the task group allows\n    # blue/green deployments. When the job is updated, a full set of the new\n    # version is deployed and upon promotion the old version is stopped.\n    canary            = 0\n  }\n\n  # The reschedule stanza specifies the group's rescheduling strategy. If\n  # specified at the job level, the configuration will apply to all groups\n  # within the job. If the reschedule stanza is present on both the job and the\n  # group, they are merged with the group stanza taking the highest precedence\n  # and then the job.\n  reschedule {\n    delay             = \"30s\"\n    delay_function    = \"constant\"\n    unlimited         = true\n  }\n\n  # The \"group\" stanza defines a series of tasks that should be co-located on\n  # the same Nomad client. Any task within a group will be placed on the same\n  # client.\n  #\n  # For more information and examples on the \"group\" stanza, please see\n  # the online documentation at:\n  #\n  #     https://www.nomadproject.io/docs/job-specification/group.html\n  #\n  group \"prod-group1-nginx\" {\n    # The \"count\" parameter specifies the number of the task groups that should\n    # be running under this group. This value must be non-negative and defaults\n    # to 1.\n    count = 1\n\n    # https://www.nomadproject.io/docs/job-specification/volume\n    %{ if use_host_volume }\n    volume \"prod-volume1-nginx\" {\n      type      = \"host\"\n      read_only = false\n      source    = \"${host_volume}\"\n    }\n    %{ endif }\n\n    # The restart stanza configures a tasks's behavior on task failure. Restarts\n    # happen on the client that is running the task.\n    #\n    # https://www.nomadproject.io/docs/job-specification/restart\n    #\n    restart {\n      interval  = \"30m\"\n      attempts  = 40\n      delay     = \"15s\"\n      mode      = \"delay\"\n    }\n\n    # The \"task\" stanza creates an individual unit of work, such as a Docker\n    # container, web application, or batch processing.\n    #\n    # For more information and examples on the \"task\" stanza, please see\n    # the online documentation at:\n    #\n    #     https://www.nomadproject.io/docs/job-specification/task.html\n    #\n    task \"prod-task1-nginx\" {\n      # The \"driver\" parameter specifies the task driver that should be used to\n      # run the task.\n      driver = \"docker\"\n\n      # The \"config\" stanza specifies the driver configuration, which is passed\n      # directly to the driver to start the task. The details of configurations\n      # are specific to each driver, so please see specific driver\n      # documentation for more information.\n      config {\n        image        = \"nginx:stable\"\n        port_map {\n          https      = 443\n        }\n        privileged   = false\n        volumes      = [\n          \"/etc/consul.d/ssl/consul.pem:/etc/ssl/certs/nginx-cert.pem\",\n          \"/etc/consul.d/ssl/consul-key.pem:/etc/ssl/private/nginx-key.pem\",\n          \"custom/upstream.conf:/etc/nginx/conf.d/upstream.conf\",\n          \"custom/logs.conf:/etc/nginx/conf.d/logs.conf\",\n          \"custom/docs.conf:/etc/nginx/conf.d/docs.conf\"\n        ]\n      }\n\n      # The \"template\" stanza instructs Nomad to manage a template, such as\n      # a configuration file or script. This template can optionally pull data\n      # from Consul or Vault to populate runtime configuration data.\n      #\n      # For more information and examples on the \"template\" stanza, please see\n      # the online documentation at:\n      #\n      #     https://www.nomadproject.io/docs/job-specification/template.html\n      #\n      template {\n        data = \u003c\u003cEOH\n          upstream storage {\n            {{ range service \"storage\" }}\n              server {{ .Address }}:{{ .Port }};\n            {{ end }}\n          }\n        EOH\n        destination = \"custom/upstream.conf\"\n      }\n      template {\n        data = \u003c\u003cEOH\n          server {\n            listen 443 ssl default_server;\n            server_name logs.nginx.service.consul;\n            keepalive_timeout 70;\n            ssl_session_cache shared:SSL:10m;\n            ssl_session_timeout 10m;\n            ssl_protocols TLSv1.2;\n            ssl_prefer_server_ciphers on;\n            ssl_ciphers \"ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384\";\n            ssl_certificate /etc/ssl/certs/nginx-cert.pem;\n            ssl_certificate_key /etc/ssl/private/nginx-key.pem;\n            location / {\n              chunked_transfer_encoding off;\n              proxy_connect_timeout 300;\n              proxy_http_version 1.1;\n              proxy_set_header Host $host:$server_port;\n              proxy_set_header Connection \"\";\n              proxy_pass http://storage/logs.fd.io/;\n              server_name_in_redirect off;\n            }\n            location ~ (.*html.gz)$ {\n              add_header Content-Encoding gzip;\n              add_header Content-Type text/html;\n              chunked_transfer_encoding off;\n              proxy_connect_timeout 300;\n              proxy_http_version 1.1;\n              proxy_set_header Host $host:$server_port;\n              proxy_set_header Connection \"\";\n              proxy_pass http://storage/logs.fd.io/$1;\n              server_name_in_redirect off;\n            }\n            location ~ (.*txt.gz|.*log.gz)$ {\n              add_header Content-Encoding gzip;\n              add_header Content-Type text/plain;\n              chunked_transfer_encoding off;\n              proxy_connect_timeout 300;\n              proxy_http_version 1.1;\n              proxy_set_header Host $host:$server_port;\n              proxy_set_header Connection \"\";\n              proxy_pass http://storage/logs.fd.io/$1;\n              server_name_in_redirect off;\n            }\n            location ~ (.*xml.gz)$ {\n              add_header Content-Encoding gzip;\n              add_header Content-Type application/xml;\n              chunked_transfer_encoding off;\n              proxy_connect_timeout 300;\n              proxy_http_version 1.1;\n              proxy_set_header Host $host:$server_port;\n              proxy_set_header Connection \"\";\n              proxy_pass http://storage/logs.fd.io/$1;\n              server_name_in_redirect off;\n            }\n        }\n        EOH\n        destination = \"custom/logs.conf\"\n      }\n      template {\n        data = \u003c\u003cEOH\n          server {\n            listen 443 ssl;\n            server_name docs.nginx.service.consul;\n            keepalive_timeout 70;\n            ssl_session_cache shared:SSL:10m;\n            ssl_session_timeout 10m;\n            ssl_protocols TLSv1.2;\n            ssl_prefer_server_ciphers on;\n            ssl_ciphers \"ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384\";\n            ssl_certificate /etc/ssl/certs/nginx-cert.pem;\n            ssl_certificate_key /etc/ssl/private/nginx-key.pem;\n            location / {\n              chunked_transfer_encoding off;\n              proxy_connect_timeout 300;\n              proxy_http_version 1.1;\n              proxy_set_header Host $host:$server_port;\n              proxy_set_header Connection \"\";\n              proxy_pass http://storage/docs.fd.io/;\n              server_name_in_redirect off;\n            }\n          }\n        EOH\n        destination = \"custom/docs.conf\"\n      }\n\n      # The service stanza instructs Nomad to register a service with Consul.\n      #\n      # For more information and examples on the \"task\" stanza, please see\n      # the online documentation at:\n      #\n      #     https://www.nomadproject.io/docs/job-specification/service.html\n      #\n      service {\n        name       = \"nginx\"\n        port       = \"https\"\n        tags       = [ \"docs\", \"logs\" ]\n      }\n\n      # The \"resources\" stanza describes the requirements a task needs to\n      # execute. Resource requirements include memory, network, cpu, and more.\n      # This ensures the task will execute on a machine that contains enough\n      # resource capacity.\n      #\n      # For more information and examples on the \"resources\" stanza, please see\n      # the online documentation at:\n      #\n      #     https://www.nomadproject.io/docs/job-specification/resources.html\n      #\n      resources {\n        cpu        = 2000\n        memory     = 4096\n        network {\n          mode     = \"bridge\"\n          port \"https\" {\n            static = 443\n          }\n        }\n      }\n    }\n  }\n}",
+            "id": "f6d48eb498752cd7c1c73a26a146961048a1b7f7d53602df55b413f27226e519",
+            "rendered": "job \"prod-nginx\" {\n  # The \"region\" parameter specifies the region in which to execute the job.\n  # If omitted, this inherits the default region name of \"global\".\n  # region = \"global\"\n  #\n  # The \"datacenters\" parameter specifies the list of datacenters which should\n  # be considered when placing this task. This must be provided.\n  datacenters = \"yul1\"\n\n  # The \"type\" parameter controls the type of job, which impacts the scheduler's\n  # decision on placement. This configuration is optional and defaults to\n  # \"service\". For a full list of job types and their differences, please see\n  # the online documentation.\n  #\n  # For more information, please see the online documentation at:\n  #\n  #     https://www.nomadproject.io/docs/jobspec/schedulers.html\n  #\n  type = \"service\"\n\n  update {\n    # The \"max_parallel\" parameter specifies the maximum number of updates to\n    # perform in parallel. In this case, this specifies to update a single task\n    # at a time.\n    max_parallel      = 0\n\n    # The \"min_healthy_time\" parameter specifies the minimum time the allocation\n    # must be in the healthy state before it is marked as healthy and unblocks\n    # further allocations from being updated.\n    min_healthy_time  = \"10s\"\n\n    # The \"healthy_deadline\" parameter specifies the deadline in which the\n    # allocation must be marked as healthy after which the allocation is\n    # automatically transitioned to unhealthy. Transitioning to unhealthy will\n    # fail the deployment and potentially roll back the job if \"auto_revert\" is\n    # set to true.\n    healthy_deadline  = \"3m\"\n\n    # The \"progress_deadline\" parameter specifies the deadline in which an\n    # allocation must be marked as healthy. The deadline begins when the first\n    # allocation for the deployment is created and is reset whenever an allocation\n    # as part of the deployment transitions to a healthy state. If no allocation\n    # transitions to the healthy state before the progress deadline, the\n    # deployment is marked as failed.\n    progress_deadline = \"10m\"\n\n    # The \"auto_revert\" parameter specifies if the job should auto-revert to the\n    # last stable job on deployment failure. A job is marked as stable if all the\n    # allocations as part of its deployment were marked healthy.\n    auto_revert       = false\n\n    # The \"canary\" parameter specifies that changes to the job that would result\n    # in destructive updates should create the specified number of canaries\n    # without stopping any previous allocations. Once the operator determines the\n    # canaries are healthy, they can be promoted which unblocks a rolling update\n    # of the remaining allocations at a rate of \"max_parallel\".\n    #\n    # Further, setting \"canary\" equal to the count of the task group allows\n    # blue/green deployments. When the job is updated, a full set of the new\n    # version is deployed and upon promotion the old version is stopped.\n    canary            = 0\n  }\n\n  # The reschedule stanza specifies the group's rescheduling strategy. If\n  # specified at the job level, the configuration will apply to all groups\n  # within the job. If the reschedule stanza is present on both the job and the\n  # group, they are merged with the group stanza taking the highest precedence\n  # and then the job.\n  reschedule {\n    delay             = \"30s\"\n    delay_function    = \"constant\"\n    unlimited         = true\n  }\n\n  # The \"group\" stanza defines a series of tasks that should be co-located on\n  # the same Nomad client. Any task within a group will be placed on the same\n  # client.\n  #\n  # For more information and examples on the \"group\" stanza, please see\n  # the online documentation at:\n  #\n  #     https://www.nomadproject.io/docs/job-specification/group.html\n  #\n  group \"prod-group1-nginx\" {\n    # The \"count\" parameter specifies the number of the task groups that should\n    # be running under this group. This value must be non-negative and defaults\n    # to 1.\n    count = 1\n\n    # https://www.nomadproject.io/docs/job-specification/volume\n    \n    volume \"prod-volume1-nginx\" {\n      type      = \"host\"\n      read_only = false\n      source    = \"prod-volume-data1-1\"\n    }\n    \n\n    # The restart stanza configures a tasks's behavior on task failure. Restarts\n    # happen on the client that is running the task.\n    #\n    # https://www.nomadproject.io/docs/job-specification/restart\n    #\n    restart {\n      interval  = \"30m\"\n      attempts  = 40\n      delay     = \"15s\"\n      mode      = \"delay\"\n    }\n\n    # The \"task\" stanza creates an individual unit of work, such as a Docker\n    # container, web application, or batch processing.\n    #\n    # For more information and examples on the \"task\" stanza, please see\n    # the online documentation at:\n    #\n    #     https://www.nomadproject.io/docs/job-specification/task.html\n    #\n    task \"prod-task1-nginx\" {\n      # The \"driver\" parameter specifies the task driver that should be used to\n      # run the task.\n      driver = \"docker\"\n\n      # The \"config\" stanza specifies the driver configuration, which is passed\n      # directly to the driver to start the task. The details of configurations\n      # are specific to each driver, so please see specific driver\n      # documentation for more information.\n      config {\n        image        = \"nginx:stable\"\n        port_map {\n          https      = 443\n        }\n        privileged   = false\n        volumes      = [\n          \"/etc/ssl/certs/docs.nginx.service.consul.crt:/etc/ssl/certs/docs.nginx.service.consul.crt\",\n          \"/etc/ssl/private/docs.nginx.service.consul.key:/etc/ssl/private/docs.nginx.service.consul.key\",\n          \"/etc/ssl/certs/logs.nginx.service.consul.crt:/etc/ssl/certs/logs.nginx.service.consul.crt\",\n          \"/etc/ssl/private/logs.nginx.service.consul.key:/etc/ssl/private/logs.nginx.service.consul.key\",\n          \"custom/upstream.conf:/etc/nginx/conf.d/upstream.conf\",\n          \"custom/logs.conf:/etc/nginx/conf.d/logs.conf\",\n          \"custom/docs.conf:/etc/nginx/conf.d/docs.conf\"\n        ]\n      }\n\n      # The \"template\" stanza instructs Nomad to manage a template, such as\n      # a configuration file or script. This template can optionally pull data\n      # from Consul or Vault to populate runtime configuration data.\n      #\n      # For more information and examples on the \"template\" stanza, please see\n      # the online documentation at:\n      #\n      #     https://www.nomadproject.io/docs/job-specification/template.html\n      #\n      template {\n        data = \u003c\u003cEOH\n          upstream storage {\n            {{ range service \"storage\" }}\n              server {{ .Address }}:{{ .Port }};\n            {{ end }}\n          }\n        EOH\n        destination = \"custom/upstream.conf\"\n      }\n      template {\n        data = \u003c\u003cEOH\n          server {\n            listen 443 ssl default_server;\n            server_name logs.nginx.service.consul;\n            keepalive_timeout 70;\n            ssl_session_cache shared:SSL:10m;\n            ssl_session_timeout 10m;\n            ssl_protocols TLSv1.2;\n            ssl_prefer_server_ciphers on;\n            ssl_ciphers \"ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384\";\n            ssl_certificate /etc/ssl/certs/logs.nginx.service.consul.crt;\n            ssl_certificate_key /etc/ssl/private/logs.nginx.service.consul.key;\n            location / {\n              chunked_transfer_encoding off;\n              proxy_connect_timeout 300;\n              proxy_http_version 1.1;\n              proxy_set_header Host $host:$server_port;\n              proxy_set_header Connection \"\";\n              proxy_pass http://storage/logs.fd.io/;\n              server_name_in_redirect off;\n            }\n            location ~ (.*html.gz)$ {\n              add_header Content-Encoding gzip;\n              add_header Content-Type text/html;\n              chunked_transfer_encoding off;\n              proxy_connect_timeout 300;\n              proxy_http_version 1.1;\n              proxy_set_header Host $host:$server_port;\n              proxy_set_header Connection \"\";\n              proxy_pass http://storage/logs.fd.io/$1;\n              server_name_in_redirect off;\n            }\n            location ~ (.*txt.gz|.*log.gz)$ {\n              add_header Content-Encoding gzip;\n              add_header Content-Type text/plain;\n              chunked_transfer_encoding off;\n              proxy_connect_timeout 300;\n              proxy_http_version 1.1;\n              proxy_set_header Host $host:$server_port;\n              proxy_set_header Connection \"\";\n              proxy_pass http://storage/logs.fd.io/$1;\n              server_name_in_redirect off;\n            }\n            location ~ (.*xml.gz)$ {\n              add_header Content-Encoding gzip;\n              add_header Content-Type application/xml;\n              chunked_transfer_encoding off;\n              proxy_connect_timeout 300;\n              proxy_http_version 1.1;\n              proxy_set_header Host $host:$server_port;\n              proxy_set_header Connection \"\";\n              proxy_pass http://storage/logs.fd.io/$1;\n              server_name_in_redirect off;\n            }\n        }\n        EOH\n        destination = \"custom/logs.conf\"\n      }\n      template {\n        data = \u003c\u003cEOH\n          server {\n            listen 443 ssl;\n            server_name docs.nginx.service.consul;\n            keepalive_timeout 70;\n            ssl_session_cache shared:SSL:10m;\n            ssl_session_timeout 10m;\n            ssl_protocols TLSv1.2;\n            ssl_prefer_server_ciphers on;\n            ssl_ciphers \"ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384\";\n            ssl_certificate /etc/ssl/certs/docs.nginx.service.consul.crt;\n            ssl_certificate_key /etc/ssl/private/docs.nginx.service.consul.key;\n            location / {\n              chunked_transfer_encoding off;\n              proxy_connect_timeout 300;\n              proxy_http_version 1.1;\n              proxy_set_header Host $host:$server_port;\n              proxy_set_header Connection \"\";\n              proxy_pass http://storage/docs.fd.io/;\n              server_name_in_redirect off;\n            }\n          }\n        EOH\n        destination = \"custom/docs.conf\"\n      }\n\n      # The service stanza instructs Nomad to register a service with Consul.\n      #\n      # For more information and examples on the \"task\" stanza, please see\n      # the online documentation at:\n      #\n      #     https://www.nomadproject.io/docs/job-specification/service.html\n      #\n      service {\n        name       = \"nginx\"\n        port       = \"https\"\n        tags       = [ \"docs\", \"logs\" ]\n      }\n\n      # The \"resources\" stanza describes the requirements a task needs to\n      # execute. Resource requirements include memory, network, cpu, and more.\n      # This ensures the task will execute on a machine that contains enough\n      # resource capacity.\n      #\n      # For more information and examples on the \"resources\" stanza, please see\n      # the online documentation at:\n      #\n      #     https://www.nomadproject.io/docs/job-specification/resources.html\n      #\n      resources {\n        cpu        = 2000\n        memory     = 4096\n        network {\n          mode     = \"bridge\"\n          port \"https\" {\n            static = 443\n          }\n        }\n      }\n    }\n  }\n}",
+            "template": "job \"${job_name}\" {\n  # The \"region\" parameter specifies the region in which to execute the job.\n  # If omitted, this inherits the default region name of \"global\".\n  # region = \"global\"\n  #\n  # The \"datacenters\" parameter specifies the list of datacenters which should\n  # be considered when placing this task. This must be provided.\n  datacenters = \"${datacenters}\"\n\n  # The \"type\" parameter controls the type of job, which impacts the scheduler's\n  # decision on placement. This configuration is optional and defaults to\n  # \"service\". For a full list of job types and their differences, please see\n  # the online documentation.\n  #\n  # For more information, please see the online documentation at:\n  #\n  #     https://www.nomadproject.io/docs/jobspec/schedulers.html\n  #\n  type = \"service\"\n\n  update {\n    # The \"max_parallel\" parameter specifies the maximum number of updates to\n    # perform in parallel. In this case, this specifies to update a single task\n    # at a time.\n    max_parallel      = 0\n\n    # The \"min_healthy_time\" parameter specifies the minimum time the allocation\n    # must be in the healthy state before it is marked as healthy and unblocks\n    # further allocations from being updated.\n    min_healthy_time  = \"10s\"\n\n    # The \"healthy_deadline\" parameter specifies the deadline in which the\n    # allocation must be marked as healthy after which the allocation is\n    # automatically transitioned to unhealthy. Transitioning to unhealthy will\n    # fail the deployment and potentially roll back the job if \"auto_revert\" is\n    # set to true.\n    healthy_deadline  = \"3m\"\n\n    # The \"progress_deadline\" parameter specifies the deadline in which an\n    # allocation must be marked as healthy. The deadline begins when the first\n    # allocation for the deployment is created and is reset whenever an allocation\n    # as part of the deployment transitions to a healthy state. If no allocation\n    # transitions to the healthy state before the progress deadline, the\n    # deployment is marked as failed.\n    progress_deadline = \"10m\"\n\n    # The \"auto_revert\" parameter specifies if the job should auto-revert to the\n    # last stable job on deployment failure. A job is marked as stable if all the\n    # allocations as part of its deployment were marked healthy.\n    auto_revert       = false\n\n    # The \"canary\" parameter specifies that changes to the job that would result\n    # in destructive updates should create the specified number of canaries\n    # without stopping any previous allocations. Once the operator determines the\n    # canaries are healthy, they can be promoted which unblocks a rolling update\n    # of the remaining allocations at a rate of \"max_parallel\".\n    #\n    # Further, setting \"canary\" equal to the count of the task group allows\n    # blue/green deployments. When the job is updated, a full set of the new\n    # version is deployed and upon promotion the old version is stopped.\n    canary            = 0\n  }\n\n  # The reschedule stanza specifies the group's rescheduling strategy. If\n  # specified at the job level, the configuration will apply to all groups\n  # within the job. If the reschedule stanza is present on both the job and the\n  # group, they are merged with the group stanza taking the highest precedence\n  # and then the job.\n  reschedule {\n    delay             = \"30s\"\n    delay_function    = \"constant\"\n    unlimited         = true\n  }\n\n  # The \"group\" stanza defines a series of tasks that should be co-located on\n  # the same Nomad client. Any task within a group will be placed on the same\n  # client.\n  #\n  # For more information and examples on the \"group\" stanza, please see\n  # the online documentation at:\n  #\n  #     https://www.nomadproject.io/docs/job-specification/group.html\n  #\n  group \"prod-group1-nginx\" {\n    # The \"count\" parameter specifies the number of the task groups that should\n    # be running under this group. This value must be non-negative and defaults\n    # to 1.\n    count = 1\n\n    # https://www.nomadproject.io/docs/job-specification/volume\n    %{ if use_host_volume }\n    volume \"prod-volume1-nginx\" {\n      type      = \"host\"\n      read_only = false\n      source    = \"${host_volume}\"\n    }\n    %{ endif }\n\n    # The restart stanza configures a tasks's behavior on task failure. Restarts\n    # happen on the client that is running the task.\n    #\n    # https://www.nomadproject.io/docs/job-specification/restart\n    #\n    restart {\n      interval  = \"30m\"\n      attempts  = 40\n      delay     = \"15s\"\n      mode      = \"delay\"\n    }\n\n    # The \"task\" stanza creates an individual unit of work, such as a Docker\n    # container, web application, or batch processing.\n    #\n    # For more information and examples on the \"task\" stanza, please see\n    # the online documentation at:\n    #\n    #     https://www.nomadproject.io/docs/job-specification/task.html\n    #\n    task \"prod-task1-nginx\" {\n      # The \"driver\" parameter specifies the task driver that should be used to\n      # run the task.\n      driver = \"docker\"\n\n      # The \"config\" stanza specifies the driver configuration, which is passed\n      # directly to the driver to start the task. The details of configurations\n      # are specific to each driver, so please see specific driver\n      # documentation for more information.\n      config {\n        image        = \"nginx:stable\"\n        port_map {\n          https      = 443\n        }\n        privileged   = false\n        volumes      = [\n          \"/etc/ssl/certs/docs.nginx.service.consul.crt:/etc/ssl/certs/docs.nginx.service.consul.crt\",\n          \"/etc/ssl/private/docs.nginx.service.consul.key:/etc/ssl/private/docs.nginx.service.consul.key\",\n          \"/etc/ssl/certs/logs.nginx.service.consul.crt:/etc/ssl/certs/logs.nginx.service.consul.crt\",\n          \"/etc/ssl/private/logs.nginx.service.consul.key:/etc/ssl/private/logs.nginx.service.consul.key\",\n          \"custom/upstream.conf:/etc/nginx/conf.d/upstream.conf\",\n          \"custom/logs.conf:/etc/nginx/conf.d/logs.conf\",\n          \"custom/docs.conf:/etc/nginx/conf.d/docs.conf\"\n        ]\n      }\n\n      # The \"template\" stanza instructs Nomad to manage a template, such as\n      # a configuration file or script. This template can optionally pull data\n      # from Consul or Vault to populate runtime configuration data.\n      #\n      # For more information and examples on the \"template\" stanza, please see\n      # the online documentation at:\n      #\n      #     https://www.nomadproject.io/docs/job-specification/template.html\n      #\n      template {\n        data = \u003c\u003cEOH\n          upstream storage {\n            {{ range service \"storage\" }}\n              server {{ .Address }}:{{ .Port }};\n            {{ end }}\n          }\n        EOH\n        destination = \"custom/upstream.conf\"\n      }\n      template {\n        data = \u003c\u003cEOH\n          server {\n            listen 443 ssl default_server;\n            server_name logs.nginx.service.consul;\n            keepalive_timeout 70;\n            ssl_session_cache shared:SSL:10m;\n            ssl_session_timeout 10m;\n            ssl_protocols TLSv1.2;\n            ssl_prefer_server_ciphers on;\n            ssl_ciphers \"ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384\";\n            ssl_certificate /etc/ssl/certs/logs.nginx.service.consul.crt;\n            ssl_certificate_key /etc/ssl/private/logs.nginx.service.consul.key;\n            location / {\n              chunked_transfer_encoding off;\n              proxy_connect_timeout 300;\n              proxy_http_version 1.1;\n              proxy_set_header Host $host:$server_port;\n              proxy_set_header Connection \"\";\n              proxy_pass http://storage/logs.fd.io/;\n              server_name_in_redirect off;\n            }\n            location ~ (.*html.gz)$ {\n              add_header Content-Encoding gzip;\n              add_header Content-Type text/html;\n              chunked_transfer_encoding off;\n              proxy_connect_timeout 300;\n              proxy_http_version 1.1;\n              proxy_set_header Host $host:$server_port;\n              proxy_set_header Connection \"\";\n              proxy_pass http://storage/logs.fd.io/$1;\n              server_name_in_redirect off;\n            }\n            location ~ (.*txt.gz|.*log.gz)$ {\n              add_header Content-Encoding gzip;\n              add_header Content-Type text/plain;\n              chunked_transfer_encoding off;\n              proxy_connect_timeout 300;\n              proxy_http_version 1.1;\n              proxy_set_header Host $host:$server_port;\n              proxy_set_header Connection \"\";\n              proxy_pass http://storage/logs.fd.io/$1;\n              server_name_in_redirect off;\n            }\n            location ~ (.*xml.gz)$ {\n              add_header Content-Encoding gzip;\n              add_header Content-Type application/xml;\n              chunked_transfer_encoding off;\n              proxy_connect_timeout 300;\n              proxy_http_version 1.1;\n              proxy_set_header Host $host:$server_port;\n              proxy_set_header Connection \"\";\n              proxy_pass http://storage/logs.fd.io/$1;\n              server_name_in_redirect off;\n            }\n        }\n        EOH\n        destination = \"custom/logs.conf\"\n      }\n      template {\n        data = \u003c\u003cEOH\n          server {\n            listen 443 ssl;\n            server_name docs.nginx.service.consul;\n            keepalive_timeout 70;\n            ssl_session_cache shared:SSL:10m;\n            ssl_session_timeout 10m;\n            ssl_protocols TLSv1.2;\n            ssl_prefer_server_ciphers on;\n            ssl_ciphers \"ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384\";\n            ssl_certificate /etc/ssl/certs/docs.nginx.service.consul.crt;\n            ssl_certificate_key /etc/ssl/private/docs.nginx.service.consul.key;\n            location / {\n              chunked_transfer_encoding off;\n              proxy_connect_timeout 300;\n              proxy_http_version 1.1;\n              proxy_set_header Host $host:$server_port;\n              proxy_set_header Connection \"\";\n              proxy_pass http://storage/docs.fd.io/;\n              server_name_in_redirect off;\n            }\n          }\n        EOH\n        destination = \"custom/docs.conf\"\n      }\n\n      # The service stanza instructs Nomad to register a service with Consul.\n      #\n      # For more information and examples on the \"task\" stanza, please see\n      # the online documentation at:\n      #\n      #     https://www.nomadproject.io/docs/job-specification/service.html\n      #\n      service {\n        name       = \"nginx\"\n        port       = \"https\"\n        tags       = [ \"docs\", \"logs\" ]\n      }\n\n      # The \"resources\" stanza describes the requirements a task needs to\n      # execute. Resource requirements include memory, network, cpu, and more.\n      # This ensures the task will execute on a machine that contains enough\n      # resource capacity.\n      #\n      # For more information and examples on the \"resources\" stanza, please see\n      # the online documentation at:\n      #\n      #     https://www.nomadproject.io/docs/job-specification/resources.html\n      #\n      resources {\n        cpu        = 2000\n        memory     = 4096\n        network {\n          mode     = \"bridge\"\n          port \"https\" {\n            static = 443\n          }\n        }\n      }\n    }\n  }\n}",
             "vars": {
               "datacenters": "yul1",
               "host_volume": "prod-volume-data1-1",
@@ -368,7 +366,8 @@
           "schema_version": 0,
           "attributes": {
             "allocation_ids": [
-              "ba66cc37-aee0-df52-8395-769454bc60bc"
+              "0cb0b594-09c2-bad6-fca4-0fbc2479ef3e",
+              "99dab0de-0e97-4ad8-56eb-ffdd062ef656"
             ],
             "datacenters": [
               "yul1"
@@ -379,9 +378,9 @@
             "deregister_on_id_change": true,
             "detach": false,
             "id": "prod-nginx",
-            "jobspec": "job \"prod-nginx\" {\n  # The \"region\" parameter specifies the region in which to execute the job.\n  # If omitted, this inherits the default region name of \"global\".\n  # region = \"global\"\n  #\n  # The \"datacenters\" parameter specifies the list of datacenters which should\n  # be considered when placing this task. This must be provided.\n  datacenters = \"yul1\"\n\n  # The \"type\" parameter controls the type of job, which impacts the scheduler's\n  # decision on placement. This configuration is optional and defaults to\n  # \"service\". For a full list of job types and their differences, please see\n  # the online documentation.\n  #\n  # For more information, please see the online documentation at:\n  #\n  #     https://www.nomadproject.io/docs/jobspec/schedulers.html\n  #\n  type = \"service\"\n\n  update {\n    # The \"max_parallel\" parameter specifies the maximum number of updates to\n    # perform in parallel. In this case, this specifies to update a single task\n    # at a time.\n    max_parallel      = 0\n\n    # The \"min_healthy_time\" parameter specifies the minimum time the allocation\n    # must be in the healthy state before it is marked as healthy and unblocks\n    # further allocations from being updated.\n    min_healthy_time  = \"10s\"\n\n    # The \"healthy_deadline\" parameter specifies the deadline in which the\n    # allocation must be marked as healthy after which the allocation is\n    # automatically transitioned to unhealthy. Transitioning to unhealthy will\n    # fail the deployment and potentially roll back the job if \"auto_revert\" is\n    # set to true.\n    healthy_deadline  = \"3m\"\n\n    # The \"progress_deadline\" parameter specifies the deadline in which an\n    # allocation must be marked as healthy. The deadline begins when the first\n    # allocation for the deployment is created and is reset whenever an allocation\n    # as part of the deployment transitions to a healthy state. If no allocation\n    # transitions to the healthy state before the progress deadline, the\n    # deployment is marked as failed.\n    progress_deadline = \"10m\"\n\n    # The \"auto_revert\" parameter specifies if the job should auto-revert to the\n    # last stable job on deployment failure. A job is marked as stable if all the\n    # allocations as part of its deployment were marked healthy.\n    auto_revert       = false\n\n    # The \"canary\" parameter specifies that changes to the job that would result\n    # in destructive updates should create the specified number of canaries\n    # without stopping any previous allocations. Once the operator determines the\n    # canaries are healthy, they can be promoted which unblocks a rolling update\n    # of the remaining allocations at a rate of \"max_parallel\".\n    #\n    # Further, setting \"canary\" equal to the count of the task group allows\n    # blue/green deployments. When the job is updated, a full set of the new\n    # version is deployed and upon promotion the old version is stopped.\n    canary            = 0\n  }\n\n  # The reschedule stanza specifies the group's rescheduling strategy. If\n  # specified at the job level, the configuration will apply to all groups\n  # within the job. If the reschedule stanza is present on both the job and the\n  # group, they are merged with the group stanza taking the highest precedence\n  # and then the job.\n  reschedule {\n    delay             = \"30s\"\n    delay_function    = \"constant\"\n    unlimited         = true\n  }\n\n  # The \"group\" stanza defines a series of tasks that should be co-located on\n  # the same Nomad client. Any task within a group will be placed on the same\n  # client.\n  #\n  # For more information and examples on the \"group\" stanza, please see\n  # the online documentation at:\n  #\n  #     https://www.nomadproject.io/docs/job-specification/group.html\n  #\n  group \"prod-group1-nginx\" {\n    # The \"count\" parameter specifies the number of the task groups that should\n    # be running under this group. This value must be non-negative and defaults\n    # to 1.\n    count = 1\n\n    # https://www.nomadproject.io/docs/job-specification/volume\n    \n    volume \"prod-volume1-nginx\" {\n      type      = \"host\"\n      read_only = false\n      source    = \"prod-volume-data1-1\"\n    }\n    \n\n    # The restart stanza configures a tasks's behavior on task failure. Restarts\n    # happen on the client that is running the task.\n    #\n    # https://www.nomadproject.io/docs/job-specification/restart\n    #\n    restart {\n      interval  = \"30m\"\n      attempts  = 40\n      delay     = \"15s\"\n      mode      = \"delay\"\n    }\n\n    # The \"task\" stanza creates an individual unit of work, such as a Docker\n    # container, web application, or batch processing.\n    #\n    # For more information and examples on the \"task\" stanza, please see\n    # the online documentation at:\n    #\n    #     https://www.nomadproject.io/docs/job-specification/task.html\n    #\n    task \"prod-task1-nginx\" {\n      # The \"driver\" parameter specifies the task driver that should be used to\n      # run the task.\n      driver = \"docker\"\n\n      # The \"config\" stanza specifies the driver configuration, which is passed\n      # directly to the driver to start the task. The details of configurations\n      # are specific to each driver, so please see specific driver\n      # documentation for more information.\n      config {\n        image        = \"nginx:stable\"\n        port_map {\n          https      = 443\n        }\n        privileged   = false\n        volumes      = [\n          \"/etc/consul.d/ssl/consul.pem:/etc/ssl/certs/nginx-cert.pem\",\n          \"/etc/consul.d/ssl/consul-key.pem:/etc/ssl/private/nginx-key.pem\",\n          \"custom/upstream.conf:/etc/nginx/conf.d/upstream.conf\",\n          \"custom/logs.conf:/etc/nginx/conf.d/logs.conf\",\n          \"custom/docs.conf:/etc/nginx/conf.d/docs.conf\"\n        ]\n      }\n\n      # The \"template\" stanza instructs Nomad to manage a template, such as\n      # a configuration file or script. This template can optionally pull data\n      # from Consul or Vault to populate runtime configuration data.\n      #\n      # For more information and examples on the \"template\" stanza, please see\n      # the online documentation at:\n      #\n      #     https://www.nomadproject.io/docs/job-specification/template.html\n      #\n      template {\n        data = \u003c\u003cEOH\n          upstream storage {\n            {{ range service \"storage\" }}\n              server {{ .Address }}:{{ .Port }};\n            {{ end }}\n          }\n        EOH\n        destination = \"custom/upstream.conf\"\n      }\n      template {\n        data = \u003c\u003cEOH\n          server {\n            listen 443 ssl default_server;\n            server_name logs.nginx.service.consul;\n            keepalive_timeout 70;\n            ssl_session_cache shared:SSL:10m;\n            ssl_session_timeout 10m;\n            ssl_protocols TLSv1.2;\n            ssl_prefer_server_ciphers on;\n            ssl_ciphers \"ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384\";\n            ssl_certificate /etc/ssl/certs/nginx-cert.pem;\n            ssl_certificate_key /etc/ssl/private/nginx-key.pem;\n            location / {\n              chunked_transfer_encoding off;\n              proxy_connect_timeout 300;\n              proxy_http_version 1.1;\n              proxy_set_header Host $host:$server_port;\n              proxy_set_header Connection \"\";\n              proxy_pass http://storage/logs.fd.io/;\n              server_name_in_redirect off;\n            }\n            location ~ (.*html.gz)$ {\n              add_header Content-Encoding gzip;\n              add_header Content-Type text/html;\n              chunked_transfer_encoding off;\n              proxy_connect_timeout 300;\n              proxy_http_version 1.1;\n              proxy_set_header Host $host:$server_port;\n              proxy_set_header Connection \"\";\n              proxy_pass http://storage/logs.fd.io/$1;\n              server_name_in_redirect off;\n            }\n            location ~ (.*txt.gz|.*log.gz)$ {\n              add_header Content-Encoding gzip;\n              add_header Content-Type text/plain;\n              chunked_transfer_encoding off;\n              proxy_connect_timeout 300;\n              proxy_http_version 1.1;\n              proxy_set_header Host $host:$server_port;\n              proxy_set_header Connection \"\";\n              proxy_pass http://storage/logs.fd.io/$1;\n              server_name_in_redirect off;\n            }\n            location ~ (.*xml.gz)$ {\n              add_header Content-Encoding gzip;\n              add_header Content-Type application/xml;\n              chunked_transfer_encoding off;\n              proxy_connect_timeout 300;\n              proxy_http_version 1.1;\n              proxy_set_header Host $host:$server_port;\n              proxy_set_header Connection \"\";\n              proxy_pass http://storage/logs.fd.io/$1;\n              server_name_in_redirect off;\n            }\n        }\n        EOH\n        destination = \"custom/logs.conf\"\n      }\n      template {\n        data = \u003c\u003cEOH\n          server {\n            listen 443 ssl;\n            server_name docs.nginx.service.consul;\n            keepalive_timeout 70;\n            ssl_session_cache shared:SSL:10m;\n            ssl_session_timeout 10m;\n            ssl_protocols TLSv1.2;\n            ssl_prefer_server_ciphers on;\n            ssl_ciphers \"ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384\";\n            ssl_certificate /etc/ssl/certs/nginx-cert.pem;\n            ssl_certificate_key /etc/ssl/private/nginx-key.pem;\n            location / {\n              chunked_transfer_encoding off;\n              proxy_connect_timeout 300;\n              proxy_http_version 1.1;\n              proxy_set_header Host $host:$server_port;\n              proxy_set_header Connection \"\";\n              proxy_pass http://storage/docs.fd.io/;\n              server_name_in_redirect off;\n            }\n          }\n        EOH\n        destination = \"custom/docs.conf\"\n      }\n\n      # The service stanza instructs Nomad to register a service with Consul.\n      #\n      # For more information and examples on the \"task\" stanza, please see\n      # the online documentation at:\n      #\n      #     https://www.nomadproject.io/docs/job-specification/service.html\n      #\n      service {\n        name       = \"nginx\"\n        port       = \"https\"\n        tags       = [ \"docs\", \"logs\" ]\n      }\n\n      # The \"resources\" stanza describes the requirements a task needs to\n      # execute. Resource requirements include memory, network, cpu, and more.\n      # This ensures the task will execute on a machine that contains enough\n      # resource capacity.\n      #\n      # For more information and examples on the \"resources\" stanza, please see\n      # the online documentation at:\n      #\n      #     https://www.nomadproject.io/docs/job-specification/resources.html\n      #\n      resources {\n        cpu        = 2000\n        memory     = 4096\n        network {\n          mode     = \"bridge\"\n          port \"https\" {\n            static = 443\n          }\n        }\n      }\n    }\n  }\n}",
+            "jobspec": "job \"prod-nginx\" {\n  # The \"region\" parameter specifies the region in which to execute the job.\n  # If omitted, this inherits the default region name of \"global\".\n  # region = \"global\"\n  #\n  # The \"datacenters\" parameter specifies the list of datacenters which should\n  # be considered when placing this task. This must be provided.\n  datacenters = \"yul1\"\n\n  # The \"type\" parameter controls the type of job, which impacts the scheduler's\n  # decision on placement. This configuration is optional and defaults to\n  # \"service\". For a full list of job types and their differences, please see\n  # the online documentation.\n  #\n  # For more information, please see the online documentation at:\n  #\n  #     https://www.nomadproject.io/docs/jobspec/schedulers.html\n  #\n  type = \"service\"\n\n  update {\n    # The \"max_parallel\" parameter specifies the maximum number of updates to\n    # perform in parallel. In this case, this specifies to update a single task\n    # at a time.\n    max_parallel      = 0\n\n    # The \"min_healthy_time\" parameter specifies the minimum time the allocation\n    # must be in the healthy state before it is marked as healthy and unblocks\n    # further allocations from being updated.\n    min_healthy_time  = \"10s\"\n\n    # The \"healthy_deadline\" parameter specifies the deadline in which the\n    # allocation must be marked as healthy after which the allocation is\n    # automatically transitioned to unhealthy. Transitioning to unhealthy will\n    # fail the deployment and potentially roll back the job if \"auto_revert\" is\n    # set to true.\n    healthy_deadline  = \"3m\"\n\n    # The \"progress_deadline\" parameter specifies the deadline in which an\n    # allocation must be marked as healthy. The deadline begins when the first\n    # allocation for the deployment is created and is reset whenever an allocation\n    # as part of the deployment transitions to a healthy state. If no allocation\n    # transitions to the healthy state before the progress deadline, the\n    # deployment is marked as failed.\n    progress_deadline = \"10m\"\n\n    # The \"auto_revert\" parameter specifies if the job should auto-revert to the\n    # last stable job on deployment failure. A job is marked as stable if all the\n    # allocations as part of its deployment were marked healthy.\n    auto_revert       = false\n\n    # The \"canary\" parameter specifies that changes to the job that would result\n    # in destructive updates should create the specified number of canaries\n    # without stopping any previous allocations. Once the operator determines the\n    # canaries are healthy, they can be promoted which unblocks a rolling update\n    # of the remaining allocations at a rate of \"max_parallel\".\n    #\n    # Further, setting \"canary\" equal to the count of the task group allows\n    # blue/green deployments. When the job is updated, a full set of the new\n    # version is deployed and upon promotion the old version is stopped.\n    canary            = 0\n  }\n\n  # The reschedule stanza specifies the group's rescheduling strategy. If\n  # specified at the job level, the configuration will apply to all groups\n  # within the job. If the reschedule stanza is present on both the job and the\n  # group, they are merged with the group stanza taking the highest precedence\n  # and then the job.\n  reschedule {\n    delay             = \"30s\"\n    delay_function    = \"constant\"\n    unlimited         = true\n  }\n\n  # The \"group\" stanza defines a series of tasks that should be co-located on\n  # the same Nomad client. Any task within a group will be placed on the same\n  # client.\n  #\n  # For more information and examples on the \"group\" stanza, please see\n  # the online documentation at:\n  #\n  #     https://www.nomadproject.io/docs/job-specification/group.html\n  #\n  group \"prod-group1-nginx\" {\n    # The \"count\" parameter specifies the number of the task groups that should\n    # be running under this group. This value must be non-negative and defaults\n    # to 1.\n    count = 1\n\n    # https://www.nomadproject.io/docs/job-specification/volume\n    \n    volume \"prod-volume1-nginx\" {\n      type      = \"host\"\n      read_only = false\n      source    = \"prod-volume-data1-1\"\n    }\n    \n\n    # The restart stanza configures a tasks's behavior on task failure. Restarts\n    # happen on the client that is running the task.\n    #\n    # https://www.nomadproject.io/docs/job-specification/restart\n    #\n    restart {\n      interval  = \"30m\"\n      attempts  = 40\n      delay     = \"15s\"\n      mode      = \"delay\"\n    }\n\n    # The \"task\" stanza creates an individual unit of work, such as a Docker\n    # container, web application, or batch processing.\n    #\n    # For more information and examples on the \"task\" stanza, please see\n    # the online documentation at:\n    #\n    #     https://www.nomadproject.io/docs/job-specification/task.html\n    #\n    task \"prod-task1-nginx\" {\n      # The \"driver\" parameter specifies the task driver that should be used to\n      # run the task.\n      driver = \"docker\"\n\n      # The \"config\" stanza specifies the driver configuration, which is passed\n      # directly to the driver to start the task. The details of configurations\n      # are specific to each driver, so please see specific driver\n      # documentation for more information.\n      config {\n        image        = \"nginx:stable\"\n        port_map {\n          https      = 443\n        }\n        privileged   = false\n        volumes      = [\n          \"/etc/ssl/certs/docs.nginx.service.consul.crt:/etc/ssl/certs/docs.nginx.service.consul.crt\",\n          \"/etc/ssl/private/docs.nginx.service.consul.key:/etc/ssl/private/docs.nginx.service.consul.key\",\n          \"/etc/ssl/certs/logs.nginx.service.consul.crt:/etc/ssl/certs/logs.nginx.service.consul.crt\",\n          \"/etc/ssl/private/logs.nginx.service.consul.key:/etc/ssl/private/logs.nginx.service.consul.key\",\n          \"custom/upstream.conf:/etc/nginx/conf.d/upstream.conf\",\n          \"custom/logs.conf:/etc/nginx/conf.d/logs.conf\",\n          \"custom/docs.conf:/etc/nginx/conf.d/docs.conf\"\n        ]\n      }\n\n      # The \"template\" stanza instructs Nomad to manage a template, such as\n      # a configuration file or script. This template can optionally pull data\n      # from Consul or Vault to populate runtime configuration data.\n      #\n      # For more information and examples on the \"template\" stanza, please see\n      # the online documentation at:\n      #\n      #     https://www.nomadproject.io/docs/job-specification/template.html\n      #\n      template {\n        data = \u003c\u003cEOH\n          upstream storage {\n            {{ range service \"storage\" }}\n              server {{ .Address }}:{{ .Port }};\n            {{ end }}\n          }\n        EOH\n        destination = \"custom/upstream.conf\"\n      }\n      template {\n        data = \u003c\u003cEOH\n          server {\n            listen 443 ssl default_server;\n            server_name logs.nginx.service.consul;\n            keepalive_timeout 70;\n            ssl_session_cache shared:SSL:10m;\n            ssl_session_timeout 10m;\n            ssl_protocols TLSv1.2;\n            ssl_prefer_server_ciphers on;\n            ssl_ciphers \"ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384\";\n            ssl_certificate /etc/ssl/certs/logs.nginx.service.consul.crt;\n            ssl_certificate_key /etc/ssl/private/logs.nginx.service.consul.key;\n            location / {\n              chunked_transfer_encoding off;\n              proxy_connect_timeout 300;\n              proxy_http_version 1.1;\n              proxy_set_header Host $host:$server_port;\n              proxy_set_header Connection \"\";\n              proxy_pass http://storage/logs.fd.io/;\n              server_name_in_redirect off;\n            }\n            location ~ (.*html.gz)$ {\n              add_header Content-Encoding gzip;\n              add_header Content-Type text/html;\n              chunked_transfer_encoding off;\n              proxy_connect_timeout 300;\n              proxy_http_version 1.1;\n              proxy_set_header Host $host:$server_port;\n              proxy_set_header Connection \"\";\n              proxy_pass http://storage/logs.fd.io/$1;\n              server_name_in_redirect off;\n            }\n            location ~ (.*txt.gz|.*log.gz)$ {\n              add_header Content-Encoding gzip;\n              add_header Content-Type text/plain;\n              chunked_transfer_encoding off;\n              proxy_connect_timeout 300;\n              proxy_http_version 1.1;\n              proxy_set_header Host $host:$server_port;\n              proxy_set_header Connection \"\";\n              proxy_pass http://storage/logs.fd.io/$1;\n              server_name_in_redirect off;\n            }\n            location ~ (.*xml.gz)$ {\n              add_header Content-Encoding gzip;\n              add_header Content-Type application/xml;\n              chunked_transfer_encoding off;\n              proxy_connect_timeout 300;\n              proxy_http_version 1.1;\n              proxy_set_header Host $host:$server_port;\n              proxy_set_header Connection \"\";\n              proxy_pass http://storage/logs.fd.io/$1;\n              server_name_in_redirect off;\n            }\n        }\n        EOH\n        destination = \"custom/logs.conf\"\n      }\n      template {\n        data = \u003c\u003cEOH\n          server {\n            listen 443 ssl;\n            server_name docs.nginx.service.consul;\n            keepalive_timeout 70;\n            ssl_session_cache shared:SSL:10m;\n            ssl_session_timeout 10m;\n            ssl_protocols TLSv1.2;\n            ssl_prefer_server_ciphers on;\n            ssl_ciphers \"ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384\";\n            ssl_certificate /etc/ssl/certs/docs.nginx.service.consul.crt;\n            ssl_certificate_key /etc/ssl/private/docs.nginx.service.consul.key;\n            location / {\n              chunked_transfer_encoding off;\n              proxy_connect_timeout 300;\n              proxy_http_version 1.1;\n              proxy_set_header Host $host:$server_port;\n              proxy_set_header Connection \"\";\n              proxy_pass http://storage/docs.fd.io/;\n              server_name_in_redirect off;\n            }\n          }\n        EOH\n        destination = \"custom/docs.conf\"\n      }\n\n      # The service stanza instructs Nomad to register a service with Consul.\n      #\n      # For more information and examples on the \"task\" stanza, please see\n      # the online documentation at:\n      #\n      #     https://www.nomadproject.io/docs/job-specification/service.html\n      #\n      service {\n        name       = \"nginx\"\n        port       = \"https\"\n        tags       = [ \"docs\", \"logs\" ]\n      }\n\n      # The \"resources\" stanza describes the requirements a task needs to\n      # execute. Resource requirements include memory, network, cpu, and more.\n      # This ensures the task will execute on a machine that contains enough\n      # resource capacity.\n      #\n      # For more information and examples on the \"resources\" stanza, please see\n      # the online documentation at:\n      #\n      #     https://www.nomadproject.io/docs/job-specification/resources.html\n      #\n      resources {\n        cpu        = 2000\n        memory     = 4096\n        network {\n          mode     = \"bridge\"\n          port \"https\" {\n            static = 443\n          }\n        }\n      }\n    }\n  }\n}",
             "json": null,
-            "modify_index": "7575033",
+            "modify_index": "8220180",
             "name": "prod-nginx",
             "namespace": "default",
             "policy_override": null,
@@ -466,10 +465,9 @@
           "schema_version": 0,
           "attributes": {
             "allocation_ids": [
-              "2c468165-5040-7772-7440-20dd8c45aa5c",
-              "cb90709f-447d-84be-6585-63da6e48c4b1",
-              "170912be-ce88-34bd-cf6b-236fbdb8c85f",
-              "08a60634-ef3f-a190-bea3-0c44380d579d"
+              "dd7ade6e-43c4-cac3-3294-9bd32d6b9764",
+              "d4ad3ff3-7b2d-b257-e24e-93955addefad",
+              "037ac779-c647-2dba-5b64-d11e2243066c"
             ],
             "datacenters": [
               "yul1"
@@ -566,10 +564,10 @@
           "schema_version": 0,
           "attributes": {
             "allocation_ids": [
-              "eeb165f2-e66c-4243-676d-475dd832c648",
-              "ac12f7df-4528-d3a1-a8dd-aeac91723e02",
-              "58f76145-fbf5-35dc-b1c4-4bbc03836d62",
-              "f7abf2a1-6dcd-56fe-ee40-430daa61faa6"
+              "516e389c-e3ce-92ed-217d-68fceb56f61e",
+              "93db39cc-26d0-ef8a-02af-f10d0e7d8db0",
+              "a8ee42a1-ff17-8a57-6276-75dc9498653e",
+              "a497e3ee-2d8b-2750-620e-223d23114ba0"
             ],
             "datacenters": [
               "yul1"
diff --git a/fdio.infra.terraform/1n_nmd/terraform.tfstate.backup b/fdio.infra.terraform/1n_nmd/terraform.tfstate.backup
index f6124a3e58..c2c2c30bdf 100644
--- a/fdio.infra.terraform/1n_nmd/terraform.tfstate.backup
+++ b/fdio.infra.terraform/1n_nmd/terraform.tfstate.backup
@@ -1,7 +1,7 @@
 {
   "version": 4,
-  "terraform_version": "0.14.9",
-  "serial": 1157,
+  "terraform_version": "0.15.3",
+  "serial": 1165,
   "lineage": "e4e7f30a-652d-7a31-e31c-5e3a3388c9b9",
   "outputs": {},
   "resources": [
@@ -16,8 +16,8 @@
           "schema_version": 0,
           "attributes": {
             "filename": null,
-            "id": "40c0e65c584f1cd7bf80b7d0f78835b9e99544aee324011785f5001877c5258c",
-            "rendered": "job \"prod-alertmanager\" {\n  # The \"region\" parameter specifies the region in which to execute the job.\n  # If omitted, this inherits the default region name of \"global\".\n  # region = \"global\"\n  #\n  # The \"datacenters\" parameter specifies the list of datacenters which should\n  # be considered when placing this task. This must be provided.\n  datacenters         = \"yul1\"\n\n  # The \"type\" parameter controls the type of job, which impacts the scheduler's\n  # decision on placement. This configuration is optional and defaults to\n  # \"service\". For a full list of job types and their differences, please see\n  # the online documentation.\n  #\n  # For more information, please see the online documentation at:\n  #\n  #     https://www.nomadproject.io/docs/jobspec/schedulers\n  #\n  type                = \"service\"\n\n  update {\n    # The \"max_parallel\" parameter specifies the maximum number of updates to\n    # perform in parallel. In this case, this specifies to update a single task\n    # at a time.\n    max_parallel      = 1\n\n    health_check      = \"checks\"\n\n    # The \"min_healthy_time\" parameter specifies the minimum time the allocation\n    # must be in the healthy state before it is marked as healthy and unblocks\n    # further allocations from being updated.\n    min_healthy_time  = \"10s\"\n\n    # The \"healthy_deadline\" parameter specifies the deadline in which the\n    # allocation must be marked as healthy after which the allocation is\n    # automatically transitioned to unhealthy. Transitioning to unhealthy will\n    # fail the deployment and potentially roll back the job if \"auto_revert\" is\n    # set to true.\n    healthy_deadline  = \"3m\"\n\n    # The \"progress_deadline\" parameter specifies the deadline in which an\n    # allocation must be marked as healthy. The deadline begins when the first\n    # allocation for the deployment is created and is reset whenever an allocation\n    # as part of the deployment transitions to a healthy state. If no allocation\n    # transitions to the healthy state before the progress deadline, the\n    # deployment is marked as failed.\n    progress_deadline = \"10m\"\n\n\n    # The \"canary\" parameter specifies that changes to the job that would result\n    # in destructive updates should create the specified number of canaries\n    # without stopping any previous allocations. Once the operator determines the\n    # canaries are healthy, they can be promoted which unblocks a rolling update\n    # of the remaining allocations at a rate of \"max_parallel\".\n    #\n    # Further, setting \"canary\" equal to the count of the task group allows\n    # blue/green deployments. When the job is updated, a full set of the new\n    # version is deployed and upon promotion the old version is stopped.\n    canary            = 1\n\n    # Specifies if the job should auto-promote to the canary version when all\n    # canaries become healthy during a deployment. Defaults to false which means\n    # canaries must be manually updated with the nomad deployment promote\n    # command.\n    auto_promote      = true\n\n    # The \"auto_revert\" parameter specifies if the job should auto-revert to the\n    # last stable job on deployment failure. A job is marked as stable if all the\n    # allocations as part of its deployment were marked healthy.\n    auto_revert       = true\n\n  }\n\n  # The reschedule stanza specifies the group's rescheduling strategy. If\n  # specified at the job level, the configuration will apply to all groups\n  # within the job. If the reschedule stanza is present on both the job and the\n  # group, they are merged with the group stanza taking the highest precedence\n  # and then the job.\n  reschedule {\n    delay             = \"30s\"\n    delay_function    = \"constant\"\n    unlimited         = true\n  }\n\n  # The \"group\" stanza defines a series of tasks that should be co-located on\n  # the same Nomad client. Any task within a group will be placed on the same\n  # client.\n  #\n  # For more information and examples on the \"group\" stanza, please see\n  # the online documentation at:\n  #\n  #     https://www.nomadproject.io/docs/job-specification/group\n  #\n  group \"prod-group1-alertmanager\" {\n    # The \"count\" parameter specifies the number of the task groups that should\n    # be running under this group. This value must be non-negative and defaults\n    # to 1.\n    count             = 1\n\n    # The restart stanza configures a tasks's behavior on task failure. Restarts\n    # happen on the client that is running the task.\n    #\n    # https://www.nomadproject.io/docs/job-specification/restart\n    #\n    restart {\n      interval  = \"30m\"\n      attempts  = 40\n      delay     = \"15s\"\n      mode      = \"delay\"\n    }\n\n    # The constraint allows restricting the set of eligible nodes. Constraints\n    # may filter on attributes or client metadata.\n    #\n    # For more information and examples on the \"volume\" stanza, please see\n    # the online documentation at:\n    #\n    #     https://www.nomadproject.io/docs/job-specification/constraint\n    #\n    constraint {\n      attribute       = \"${attr.cpu.arch}\"\n      operator        = \"!=\"\n      value           = \"arm64\"\n    }\n\n    # The \"task\" stanza creates an individual unit of work, such as a Docker\n    # container, web application, or batch processing.\n    #\n    # For more information and examples on the \"task\" stanza, please see\n    # the online documentation at:\n    #\n    #     https://www.nomadproject.io/docs/job-specification/task\n    #\n    task \"prod-task1-alertmanager\" {\n      # The \"driver\" parameter specifies the task driver that should be used to\n      # run the task.\n      driver          = \"exec\"\n\n      \n\n      # The \"config\" stanza specifies the driver configuration, which is passed\n      # directly to the driver to start the task. The details of configurations\n      # are specific to each driver, so please see specific driver\n      # documentation for more information.\n      config {\n        command       = \"local/alertmanager-0.21.0.linux-amd64/alertmanager\"\n        args          = [\n          \"--config.file=secrets/alertmanager.yml\"\n        ]\n      }\n\n      # The artifact stanza instructs Nomad to fetch and unpack a remote resource,\n      # such as a file, tarball, or binary. Nomad downloads artifacts using the\n      # popular go-getter library, which permits downloading artifacts from a\n      # variety of locations using a URL as the input source.\n      #\n      # For more information and examples on the \"artifact\" stanza, please see\n      # the online documentation at:\n      #\n      #     https://www.nomadproject.io/docs/job-specification/artifact\n      #\n      artifact {\n        source          = \"https://github.com/prometheus/alertmanager/releases/download/v0.21.0/alertmanager-0.21.0.linux-amd64.tar.gz\"\n      }\n\n      # The \"template\" stanza instructs Nomad to manage a template, such as\n      # a configuration file or script. This template can optionally pull data\n      # from Consul or Vault to populate runtime configuration data.\n      #\n      # For more information and examples on the \"template\" stanza, please see\n      # the online documentation at:\n      #\n      #     https://www.nomadproject.io/docs/job-specification/template\n      #\n      template {\n        change_mode     = \"noop\"\n        change_signal   = \"SIGINT\"\n        destination     = \"secrets/alertmanager.yml\"\n        left_delimiter  = \"{{{\"\n        right_delimiter = \"}}}\"\n        data            = \u003c\u003cEOH\n# The directory from which notification templates are read.\ntemplates:\n- '/etc/alertmanager/template/*.tmpl'\n\n#tls_config:\n#  # CA certificate to validate the server certificate with.\n#  ca_file: \u003cfilepath\u003e ]\n#\n#  # Certificate and key files for client cert authentication to the server.\n#  cert_file: \u003cfilepath\u003e\n#  key_file: \u003cfilepath\u003e\n#\n#  # ServerName extension to indicate the name of the server.\n#  # http://tools.ietf.org/html/rfc4366#section-3.1\n#  server_name: \u003cstring\u003e\n#\n#  # Disable validation of the server certificate.\n#  insecure_skip_verify: true\n\n# The root route on which each incoming alert enters.\nroute:\n  receiver: 'default-slack-receiver'\n\n  # The labels by which incoming alerts are grouped together. For example,\n  # multiple alerts coming in for cluster=A and alertname=LatencyHigh would\n  # be batched into a single group.\n  #\n  # To aggregate by all possible labels use '...' as the sole label name.\n  # This effectively disables aggregation entirely, passing through all\n  # alerts as-is. This is unlikely to be what you want, unless you have\n  # a very low alert volume or your upstream notification system performs\n  # its own grouping. Example: group_by: [...]\n  group_by: ['alertname']\n\n  # When a new group of alerts is created by an incoming alert, wait at\n  # least 'group_wait' to send the initial notification.\n  # This way ensures that you get multiple alerts for the same group that start\n  # firing shortly after another are batched together on the first\n  # notification.\n  group_wait: 30s\n\n  # When the first notification was sent, wait 'group_interval' to send a batch\n  # of new alerts that started firing for that group.\n  group_interval: 5m\n\n  # If an alert has successfully been sent, wait 'repeat_interval' to\n  # resend them.\n  repeat_interval: 3h\n\n  # All the above attributes are inherited by all child routes and can\n  # overwritten on each.\n  # The child route trees.\n  routes:\n  - match_re:\n      alertname: JenkinsJob.*\n    receiver: jenkins-slack-receiver\n    routes:\n    - match:\n        severity: critical\n      receiver: 'jenkins-slack-receiver'\n\n  - match_re:\n      service: .*\n    receiver: default-slack-receiver\n    routes:\n    - match:\n        severity: critical\n      receiver: 'default-slack-receiver'\n\n# Inhibition rules allow to mute a set of alerts given that another alert is\n# firing.\n# We use this to mute any warning-level notifications if the same alert is\n# already critical.\ninhibit_rules:\n- source_match:\n    severity: 'critical'\n  target_match:\n    severity: 'warning'\n  equal: ['alertname', 'instance']\n\nreceivers:\n- name: 'jenkins-slack-receiver'\n  slack_configs:\n  - api_url: 'TE07RD1V1/B01LPL8KM0F/KAd80wc9vS8CPMtrNtmQqCfT'\n    channel: '#fdio-jobs-monitoring'\n    send_resolved: true\n    icon_url: https://avatars3.githubusercontent.com/u/3380462\n    title: |-\n     [{{ .Status | toUpper }}{{ if eq .Status \"firing\" }}:{{ .Alerts.Firing | len }}{{ end }}] {{ .CommonLabels.alertname }} for {{ .CommonLabels.job }}\n     {{- if gt (len .CommonLabels) (len .GroupLabels) -}}\n       {{\" \"}}(\n       {{- with .CommonLabels.Remove .GroupLabels.Names }}\n         {{- range $index, $label := .SortedPairs -}}\n           {{ if $index }}, {{ end }}\n           {{- $label.Name }}=\"{{ $label.Value -}}\"\n         {{- end }}\n       {{- end -}}\n       )\n     {{- end }}\n    text: \u003e-\n     {{ range .Alerts -}}\n     *Alert:* {{ .Annotations.summary }}{{ if .Labels.severity }} - `{{ .Labels.severity }}`{{ end }}\n\n     *Description:* {{ .Annotations.description }}\n\n     *Details:*\n       {{ range .Labels.SortedPairs }} • *{{ .Name }}:* `{{ .Value }}`\n       {{ end }}\n     {{ end }}\n\n- name: 'default-slack-receiver'\n  slack_configs:\n  - api_url: 'TE07RD1V1/B01L7PQK9S8/vJTSCr3OUprfAEGKBV5uZoJ6'\n    channel: '#fdio-infra-monitoring'\n    send_resolved: true\n    icon_url: https://avatars3.githubusercontent.com/u/3380462\n    title: |-\n     [{{ .Status | toUpper }}{{ if eq .Status \"firing\" }}:{{ .Alerts.Firing | len }}{{ end }}] {{ .CommonLabels.alertname }} for {{ .CommonLabels.job }}\n     {{- if gt (len .CommonLabels) (len .GroupLabels) -}}\n       {{\" \"}}(\n       {{- with .CommonLabels.Remove .GroupLabels.Names }}\n         {{- range $index, $label := .SortedPairs -}}\n           {{ if $index }}, {{ end }}\n           {{- $label.Name }}=\"{{ $label.Value -}}\"\n         {{- end }}\n       {{- end -}}\n       )\n     {{- end }}\n    text: \u003e-\n     {{ range .Alerts -}}\n     *Alert:* {{ .Annotations.summary }}{{ if .Labels.severity }} - `{{ .Labels.severity }}`{{ end }}\n\n     *Description:* {{ .Annotations.description }}\n\n     *Details:*\n       {{ range .Labels.SortedPairs }} • *{{ .Name }}:* `{{ .Value }}`\n       {{ end }}\n     {{ end }}\nEOH\n      }\n\n      # The service stanza instructs Nomad to register a service with Consul.\n      #\n      # For more information and examples on the \"task\" stanza, please see\n      # the online documentation at:\n      #\n      #     https://www.nomadproject.io/docs/job-specification/service\n      #\n      service {\n        name            = \"alertmanager\"\n        port            = \"alertmanager\"\n        tags            = [ \"alertmanager${NOMAD_ALLOC_INDEX}\" ]\n        check {\n          name          = \"Alertmanager Check Live\"\n          type          = \"http\"\n          path          = \"/-/healthy\"\n          interval      = \"10s\"\n          timeout       = \"2s\"\n        }\n      }\n\n      # The \"resources\" stanza describes the requirements a task needs to\n      # execute. Resource requirements include memory, network, cpu, and more.\n      # This ensures the task will execute on a machine that contains enough\n      # resource capacity.\n      #\n      # For more information and examples on the \"resources\" stanza, please see\n      # the online documentation at:\n      #\n      #     https://www.nomadproject.io/docs/job-specification/resources\n      #\n      resources {\n        cpu             = 1000\n        memory          = 1024\n        # The network stanza specifies the networking requirements for the task\n        # group, including the network mode and port allocations. When scheduling\n        # jobs in Nomad they are provisioned across your fleet of machines along\n        # with other jobs and services. Because you don't know in advance what host\n        # your job will be provisioned on, Nomad will provide your tasks with\n        # network configuration when they start up.\n        #\n        # For more information and examples on the \"template\" stanza, please see\n        # the online documentation at:\n        #\n        #     https://www.nomadproject.io/docs/job-specification/network\n        #\n        network {\n          port \"alertmanager\" {\n            static      = 9093\n          }\n        }\n      }\n    }\n  }\n}",
+            "id": "7e96dc4e316a25b07430e5ffc2ecdb94ae41f06770ba8667ae4d5f77ef25c6f7",
+            "rendered": "job \"prod-alertmanager\" {\n  # The \"region\" parameter specifies the region in which to execute the job.\n  # If omitted, this inherits the default region name of \"global\".\n  # region = \"global\"\n  #\n  # The \"datacenters\" parameter specifies the list of datacenters which should\n  # be considered when placing this task. This must be provided.\n  datacenters         = \"yul1\"\n\n  # The \"type\" parameter controls the type of job, which impacts the scheduler's\n  # decision on placement. This configuration is optional and defaults to\n  # \"service\". For a full list of job types and their differences, please see\n  # the online documentation.\n  #\n  # For more information, please see the online documentation at:\n  #\n  #     https://www.nomadproject.io/docs/jobspec/schedulers\n  #\n  type                = \"service\"\n\n  update {\n    # The \"max_parallel\" parameter specifies the maximum number of updates to\n    # perform in parallel. In this case, this specifies to update a single task\n    # at a time.\n    max_parallel      = 1\n\n    health_check      = \"checks\"\n\n    # The \"min_healthy_time\" parameter specifies the minimum time the allocation\n    # must be in the healthy state before it is marked as healthy and unblocks\n    # further allocations from being updated.\n    min_healthy_time  = \"10s\"\n\n    # The \"healthy_deadline\" parameter specifies the deadline in which the\n    # allocation must be marked as healthy after which the allocation is\n    # automatically transitioned to unhealthy. Transitioning to unhealthy will\n    # fail the deployment and potentially roll back the job if \"auto_revert\" is\n    # set to true.\n    healthy_deadline  = \"3m\"\n\n    # The \"progress_deadline\" parameter specifies the deadline in which an\n    # allocation must be marked as healthy. The deadline begins when the first\n    # allocation for the deployment is created and is reset whenever an allocation\n    # as part of the deployment transitions to a healthy state. If no allocation\n    # transitions to the healthy state before the progress deadline, the\n    # deployment is marked as failed.\n    progress_deadline = \"10m\"\n\n\n    # The \"canary\" parameter specifies that changes to the job that would result\n    # in destructive updates should create the specified number of canaries\n    # without stopping any previous allocations. Once the operator determines the\n    # canaries are healthy, they can be promoted which unblocks a rolling update\n    # of the remaining allocations at a rate of \"max_parallel\".\n    #\n    # Further, setting \"canary\" equal to the count of the task group allows\n    # blue/green deployments. When the job is updated, a full set of the new\n    # version is deployed and upon promotion the old version is stopped.\n    canary            = 1\n\n    # Specifies if the job should auto-promote to the canary version when all\n    # canaries become healthy during a deployment. Defaults to false which means\n    # canaries must be manually updated with the nomad deployment promote\n    # command.\n    auto_promote      = true\n\n    # The \"auto_revert\" parameter specifies if the job should auto-revert to the\n    # last stable job on deployment failure. A job is marked as stable if all the\n    # allocations as part of its deployment were marked healthy.\n    auto_revert       = true\n\n  }\n\n  # The reschedule stanza specifies the group's rescheduling strategy. If\n  # specified at the job level, the configuration will apply to all groups\n  # within the job. If the reschedule stanza is present on both the job and the\n  # group, they are merged with the group stanza taking the highest precedence\n  # and then the job.\n  reschedule {\n    delay             = \"30s\"\n    delay_function    = \"constant\"\n    unlimited         = true\n  }\n\n  # The \"group\" stanza defines a series of tasks that should be co-located on\n  # the same Nomad client. Any task within a group will be placed on the same\n  # client.\n  #\n  # For more information and examples on the \"group\" stanza, please see\n  # the online documentation at:\n  #\n  #     https://www.nomadproject.io/docs/job-specification/group\n  #\n  group \"prod-group1-alertmanager\" {\n    # The \"count\" parameter specifies the number of the task groups that should\n    # be running under this group. This value must be non-negative and defaults\n    # to 1.\n    count             = 1\n\n    # The restart stanza configures a tasks's behavior on task failure. Restarts\n    # happen on the client that is running the task.\n    #\n    # https://www.nomadproject.io/docs/job-specification/restart\n    #\n    restart {\n      interval  = \"30m\"\n      attempts  = 40\n      delay     = \"15s\"\n      mode      = \"delay\"\n    }\n\n    # The constraint allows restricting the set of eligible nodes. Constraints\n    # may filter on attributes or client metadata.\n    #\n    # For more information and examples on the \"volume\" stanza, please see\n    # the online documentation at:\n    #\n    #     https://www.nomadproject.io/docs/job-specification/constraint\n    #\n    constraint {\n      attribute       = \"${attr.cpu.arch}\"\n      operator        = \"!=\"\n      value           = \"arm64\"\n    }\n\n    # The \"task\" stanza creates an individual unit of work, such as a Docker\n    # container, web application, or batch processing.\n    #\n    # For more information and examples on the \"task\" stanza, please see\n    # the online documentation at:\n    #\n    #     https://www.nomadproject.io/docs/job-specification/task\n    #\n    task \"prod-task1-alertmanager\" {\n      # The \"driver\" parameter specifies the task driver that should be used to\n      # run the task.\n      driver          = \"exec\"\n\n      \n\n      # The \"config\" stanza specifies the driver configuration, which is passed\n      # directly to the driver to start the task. The details of configurations\n      # are specific to each driver, so please see specific driver\n      # documentation for more information.\n      config {\n        command       = \"local/alertmanager-0.21.0.linux-amd64/alertmanager\"\n        args          = [\n          \"--config.file=secrets/alertmanager.yml\"\n        ]\n      }\n\n      # The artifact stanza instructs Nomad to fetch and unpack a remote resource,\n      # such as a file, tarball, or binary. Nomad downloads artifacts using the\n      # popular go-getter library, which permits downloading artifacts from a\n      # variety of locations using a URL as the input source.\n      #\n      # For more information and examples on the \"artifact\" stanza, please see\n      # the online documentation at:\n      #\n      #     https://www.nomadproject.io/docs/job-specification/artifact\n      #\n      artifact {\n        source          = \"https://github.com/prometheus/alertmanager/releases/download/v0.21.0/alertmanager-0.21.0.linux-amd64.tar.gz\"\n      }\n\n      # The \"template\" stanza instructs Nomad to manage a template, such as\n      # a configuration file or script. This template can optionally pull data\n      # from Consul or Vault to populate runtime configuration data.\n      #\n      # For more information and examples on the \"template\" stanza, please see\n      # the online documentation at:\n      #\n      #     https://www.nomadproject.io/docs/job-specification/template\n      #\n      template {\n        change_mode     = \"noop\"\n        change_signal   = \"SIGINT\"\n        destination     = \"secrets/alertmanager.yml\"\n        left_delimiter  = \"{{{\"\n        right_delimiter = \"}}}\"\n        data            = \u003c\u003cEOH\n# The directory from which notification templates are read.\ntemplates:\n- '/etc/alertmanager/template/*.tmpl'\n\n#tls_config:\n#  # CA certificate to validate the server certificate with.\n#  ca_file: \u003cfilepath\u003e ]\n#\n#  # Certificate and key files for client cert authentication to the server.\n#  cert_file: \u003cfilepath\u003e\n#  key_file: \u003cfilepath\u003e\n#\n#  # ServerName extension to indicate the name of the server.\n#  # http://tools.ietf.org/html/rfc4366#section-3.1\n#  server_name: \u003cstring\u003e\n#\n#  # Disable validation of the server certificate.\n#  insecure_skip_verify: true\n\n# The root route on which each incoming alert enters.\nroute:\n  receiver: 'default-slack-receiver'\n\n  # The labels by which incoming alerts are grouped together. For example,\n  # multiple alerts coming in for cluster=A and alertname=LatencyHigh would\n  # be batched into a single group.\n  #\n  # To aggregate by all possible labels use '...' as the sole label name.\n  # This effectively disables aggregation entirely, passing through all\n  # alerts as-is. This is unlikely to be what you want, unless you have\n  # a very low alert volume or your upstream notification system performs\n  # its own grouping. Example: group_by: [...]\n  group_by: ['alertname']\n\n  # When a new group of alerts is created by an incoming alert, wait at\n  # least 'group_wait' to send the initial notification.\n  # This way ensures that you get multiple alerts for the same group that start\n  # firing shortly after another are batched together on the first\n  # notification.\n  group_wait: 30s\n\n  # When the first notification was sent, wait 'group_interval' to send a batch\n  # of new alerts that started firing for that group.\n  group_interval: 5m\n\n  # If an alert has successfully been sent, wait 'repeat_interval' to\n  # resend them.\n  repeat_interval: 3h\n\n  # All the above attributes are inherited by all child routes and can\n  # overwritten on each.\n  # The child route trees.\n  routes:\n  - match_re:\n      alertname: JenkinsJob.*\n    receiver: jenkins-slack-receiver\n    routes:\n    - match:\n        severity: critical\n      receiver: 'jenkins-slack-receiver'\n\n  - match_re:\n      service: .*\n    receiver: default-slack-receiver\n    routes:\n    - match:\n        severity: critical\n      receiver: 'default-slack-receiver'\n\n# Inhibition rules allow to mute a set of alerts given that another alert is\n# firing.\n# We use this to mute any warning-level notifications if the same alert is\n# already critical.\ninhibit_rules:\n- source_match:\n    severity: 'critical'\n  target_match:\n    severity: 'warning'\n  equal: ['alertname', 'instance']\n\nreceivers:\n- name: 'jenkins-slack-receiver'\n  slack_configs:\n  - api_url: 'TE07RD1V1/B01U1NV9HV3/hKZXJJ74g2JcISq4K3QC1eG9'\n    channel: '#fdio-jobs-monitoring'\n    send_resolved: true\n    icon_url: https://avatars3.githubusercontent.com/u/3380462\n    title: |-\n     [{{ .Status | toUpper }}{{ if eq .Status \"firing\" }}:{{ .Alerts.Firing | len }}{{ end }}] {{ .CommonLabels.alertname }} for {{ .CommonLabels.job }}\n     {{- if gt (len .CommonLabels) (len .GroupLabels) -}}\n       {{\" \"}}(\n       {{- with .CommonLabels.Remove .GroupLabels.Names }}\n         {{- range $index, $label := .SortedPairs -}}\n           {{ if $index }}, {{ end }}\n           {{- $label.Name }}=\"{{ $label.Value -}}\"\n         {{- end }}\n       {{- end -}}\n       )\n     {{- end }}\n    text: \u003e-\n     {{ range .Alerts -}}\n     *Alert:* {{ .Annotations.summary }}{{ if .Labels.severity }} - `{{ .Labels.severity }}`{{ end }}\n\n     *Description:* {{ .Annotations.description }}\n\n     *Details:*\n       {{ range .Labels.SortedPairs }} • *{{ .Name }}:* `{{ .Value }}`\n       {{ end }}\n     {{ end }}\n\n- name: 'default-slack-receiver'\n  slack_configs:\n  - api_url: 'TE07RD1V1/B01UUK23B6C/hZTcCu42FUv8d6rtirHtcYIi'\n    channel: '#fdio-infra-monitoring'\n    send_resolved: true\n    icon_url: https://avatars3.githubusercontent.com/u/3380462\n    title: |-\n     [{{ .Status | toUpper }}{{ if eq .Status \"firing\" }}:{{ .Alerts.Firing | len }}{{ end }}] {{ .CommonLabels.alertname }} for {{ .CommonLabels.job }}\n     {{- if gt (len .CommonLabels) (len .GroupLabels) -}}\n       {{\" \"}}(\n       {{- with .CommonLabels.Remove .GroupLabels.Names }}\n         {{- range $index, $label := .SortedPairs -}}\n           {{ if $index }}, {{ end }}\n           {{- $label.Name }}=\"{{ $label.Value -}}\"\n         {{- end }}\n       {{- end -}}\n       )\n     {{- end }}\n    text: \u003e-\n     {{ range .Alerts -}}\n     *Alert:* {{ .Annotations.summary }}{{ if .Labels.severity }} - `{{ .Labels.severity }}`{{ end }}\n\n     *Description:* {{ .Annotations.description }}\n\n     *Details:*\n       {{ range .Labels.SortedPairs }} • *{{ .Name }}:* `{{ .Value }}`\n       {{ end }}\n     {{ end }}\nEOH\n      }\n\n      # The service stanza instructs Nomad to register a service with Consul.\n      #\n      # For more information and examples on the \"task\" stanza, please see\n      # the online documentation at:\n      #\n      #     https://www.nomadproject.io/docs/job-specification/service\n      #\n      service {\n        name            = \"alertmanager\"\n        port            = \"alertmanager\"\n        tags            = [ \"alertmanager${NOMAD_ALLOC_INDEX}\" ]\n        check {\n          name          = \"Alertmanager Check Live\"\n          type          = \"http\"\n          path          = \"/-/healthy\"\n          interval      = \"10s\"\n          timeout       = \"2s\"\n        }\n      }\n\n      # The \"resources\" stanza describes the requirements a task needs to\n      # execute. Resource requirements include memory, network, cpu, and more.\n      # This ensures the task will execute on a machine that contains enough\n      # resource capacity.\n      #\n      # For more information and examples on the \"resources\" stanza, please see\n      # the online documentation at:\n      #\n      #     https://www.nomadproject.io/docs/job-specification/resources\n      #\n      resources {\n        cpu             = 1000\n        memory          = 1024\n        # The network stanza specifies the networking requirements for the task\n        # group, including the network mode and port allocations. When scheduling\n        # jobs in Nomad they are provisioned across your fleet of machines along\n        # with other jobs and services. Because you don't know in advance what host\n        # your job will be provisioned on, Nomad will provide your tasks with\n        # network configuration when they start up.\n        #\n        # For more information and examples on the \"template\" stanza, please see\n        # the online documentation at:\n        #\n        #     https://www.nomadproject.io/docs/job-specification/network\n        #\n        network {\n          port \"alertmanager\" {\n            static      = 9093\n          }\n        }\n      }\n    }\n  }\n}",
             "template": "job \"${job_name}\" {\n  # The \"region\" parameter specifies the region in which to execute the job.\n  # If omitted, this inherits the default region name of \"global\".\n  # region = \"global\"\n  #\n  # The \"datacenters\" parameter specifies the list of datacenters which should\n  # be considered when placing this task. This must be provided.\n  datacenters         = \"${datacenters}\"\n\n  # The \"type\" parameter controls the type of job, which impacts the scheduler's\n  # decision on placement. This configuration is optional and defaults to\n  # \"service\". For a full list of job types and their differences, please see\n  # the online documentation.\n  #\n  # For more information, please see the online documentation at:\n  #\n  #     https://www.nomadproject.io/docs/jobspec/schedulers\n  #\n  type                = \"service\"\n\n  update {\n    # The \"max_parallel\" parameter specifies the maximum number of updates to\n    # perform in parallel. In this case, this specifies to update a single task\n    # at a time.\n    max_parallel      = 1\n\n    health_check      = \"checks\"\n\n    # The \"min_healthy_time\" parameter specifies the minimum time the allocation\n    # must be in the healthy state before it is marked as healthy and unblocks\n    # further allocations from being updated.\n    min_healthy_time  = \"10s\"\n\n    # The \"healthy_deadline\" parameter specifies the deadline in which the\n    # allocation must be marked as healthy after which the allocation is\n    # automatically transitioned to unhealthy. Transitioning to unhealthy will\n    # fail the deployment and potentially roll back the job if \"auto_revert\" is\n    # set to true.\n    healthy_deadline  = \"3m\"\n\n    # The \"progress_deadline\" parameter specifies the deadline in which an\n    # allocation must be marked as healthy. The deadline begins when the first\n    # allocation for the deployment is created and is reset whenever an allocation\n    # as part of the deployment transitions to a healthy state. If no allocation\n    # transitions to the healthy state before the progress deadline, the\n    # deployment is marked as failed.\n    progress_deadline = \"10m\"\n\n%{ if use_canary }\n    # The \"canary\" parameter specifies that changes to the job that would result\n    # in destructive updates should create the specified number of canaries\n    # without stopping any previous allocations. Once the operator determines the\n    # canaries are healthy, they can be promoted which unblocks a rolling update\n    # of the remaining allocations at a rate of \"max_parallel\".\n    #\n    # Further, setting \"canary\" equal to the count of the task group allows\n    # blue/green deployments. When the job is updated, a full set of the new\n    # version is deployed and upon promotion the old version is stopped.\n    canary            = 1\n\n    # Specifies if the job should auto-promote to the canary version when all\n    # canaries become healthy during a deployment. Defaults to false which means\n    # canaries must be manually updated with the nomad deployment promote\n    # command.\n    auto_promote      = true\n\n    # The \"auto_revert\" parameter specifies if the job should auto-revert to the\n    # last stable job on deployment failure. A job is marked as stable if all the\n    # allocations as part of its deployment were marked healthy.\n    auto_revert       = true\n%{ endif }\n  }\n\n  # The reschedule stanza specifies the group's rescheduling strategy. If\n  # specified at the job level, the configuration will apply to all groups\n  # within the job. If the reschedule stanza is present on both the job and the\n  # group, they are merged with the group stanza taking the highest precedence\n  # and then the job.\n  reschedule {\n    delay             = \"30s\"\n    delay_function    = \"constant\"\n    unlimited         = true\n  }\n\n  # The \"group\" stanza defines a series of tasks that should be co-located on\n  # the same Nomad client. Any task within a group will be placed on the same\n  # client.\n  #\n  # For more information and examples on the \"group\" stanza, please see\n  # the online documentation at:\n  #\n  #     https://www.nomadproject.io/docs/job-specification/group\n  #\n  group \"prod-group1-${service_name}\" {\n    # The \"count\" parameter specifies the number of the task groups that should\n    # be running under this group. This value must be non-negative and defaults\n    # to 1.\n    count             = ${group_count}\n\n    # The restart stanza configures a tasks's behavior on task failure. Restarts\n    # happen on the client that is running the task.\n    #\n    # https://www.nomadproject.io/docs/job-specification/restart\n    #\n    restart {\n      interval  = \"30m\"\n      attempts  = 40\n      delay     = \"15s\"\n      mode      = \"delay\"\n    }\n\n    # The constraint allows restricting the set of eligible nodes. Constraints\n    # may filter on attributes or client metadata.\n    #\n    # For more information and examples on the \"volume\" stanza, please see\n    # the online documentation at:\n    #\n    #     https://www.nomadproject.io/docs/job-specification/constraint\n    #\n    constraint {\n      attribute       = \"$${attr.cpu.arch}\"\n      operator        = \"!=\"\n      value           = \"arm64\"\n    }\n\n    # The \"task\" stanza creates an individual unit of work, such as a Docker\n    # container, web application, or batch processing.\n    #\n    # For more information and examples on the \"task\" stanza, please see\n    # the online documentation at:\n    #\n    #     https://www.nomadproject.io/docs/job-specification/task\n    #\n    task \"prod-task1-${service_name}\" {\n      # The \"driver\" parameter specifies the task driver that should be used to\n      # run the task.\n      driver          = \"exec\"\n\n      %{ if use_vault_provider }\n      vault {\n        policies        = \"${vault_kv_policy_name}\"\n      }\n      %{ endif }\n\n      # The \"config\" stanza specifies the driver configuration, which is passed\n      # directly to the driver to start the task. The details of configurations\n      # are specific to each driver, so please see specific driver\n      # documentation for more information.\n      config {\n        command       = \"local/alertmanager-${version}.linux-amd64/alertmanager\"\n        args          = [\n          \"--config.file=secrets/alertmanager.yml\"\n        ]\n      }\n\n      # The artifact stanza instructs Nomad to fetch and unpack a remote resource,\n      # such as a file, tarball, or binary. Nomad downloads artifacts using the\n      # popular go-getter library, which permits downloading artifacts from a\n      # variety of locations using a URL as the input source.\n      #\n      # For more information and examples on the \"artifact\" stanza, please see\n      # the online documentation at:\n      #\n      #     https://www.nomadproject.io/docs/job-specification/artifact\n      #\n      artifact {\n        source          = \"${url}\"\n      }\n\n      # The \"template\" stanza instructs Nomad to manage a template, such as\n      # a configuration file or script. This template can optionally pull data\n      # from Consul or Vault to populate runtime configuration data.\n      #\n      # For more information and examples on the \"template\" stanza, please see\n      # the online documentation at:\n      #\n      #     https://www.nomadproject.io/docs/job-specification/template\n      #\n      template {\n        change_mode     = \"noop\"\n        change_signal   = \"SIGINT\"\n        destination     = \"secrets/alertmanager.yml\"\n        left_delimiter  = \"{{{\"\n        right_delimiter = \"}}}\"\n        data            = \u003c\u003cEOH\n# The directory from which notification templates are read.\ntemplates:\n- '/etc/alertmanager/template/*.tmpl'\n\n#tls_config:\n#  # CA certificate to validate the server certificate with.\n#  ca_file: \u003cfilepath\u003e ]\n#\n#  # Certificate and key files for client cert authentication to the server.\n#  cert_file: \u003cfilepath\u003e\n#  key_file: \u003cfilepath\u003e\n#\n#  # ServerName extension to indicate the name of the server.\n#  # http://tools.ietf.org/html/rfc4366#section-3.1\n#  server_name: \u003cstring\u003e\n#\n#  # Disable validation of the server certificate.\n#  insecure_skip_verify: true\n\n# The root route on which each incoming alert enters.\nroute:\n  receiver: '${slack_default_receiver}'\n\n  # The labels by which incoming alerts are grouped together. For example,\n  # multiple alerts coming in for cluster=A and alertname=LatencyHigh would\n  # be batched into a single group.\n  #\n  # To aggregate by all possible labels use '...' as the sole label name.\n  # This effectively disables aggregation entirely, passing through all\n  # alerts as-is. This is unlikely to be what you want, unless you have\n  # a very low alert volume or your upstream notification system performs\n  # its own grouping. Example: group_by: [...]\n  group_by: ['alertname']\n\n  # When a new group of alerts is created by an incoming alert, wait at\n  # least 'group_wait' to send the initial notification.\n  # This way ensures that you get multiple alerts for the same group that start\n  # firing shortly after another are batched together on the first\n  # notification.\n  group_wait: 30s\n\n  # When the first notification was sent, wait 'group_interval' to send a batch\n  # of new alerts that started firing for that group.\n  group_interval: 5m\n\n  # If an alert has successfully been sent, wait 'repeat_interval' to\n  # resend them.\n  repeat_interval: 3h\n\n  # All the above attributes are inherited by all child routes and can\n  # overwritten on each.\n  # The child route trees.\n  routes:\n  - match_re:\n      alertname: JenkinsJob.*\n    receiver: ${slack_jenkins_receiver}\n    routes:\n    - match:\n        severity: critical\n      receiver: '${slack_jenkins_receiver}'\n\n  - match_re:\n      service: .*\n    receiver: ${slack_default_receiver}\n    routes:\n    - match:\n        severity: critical\n      receiver: '${slack_default_receiver}'\n\n# Inhibition rules allow to mute a set of alerts given that another alert is\n# firing.\n# We use this to mute any warning-level notifications if the same alert is\n# already critical.\ninhibit_rules:\n- source_match:\n    severity: 'critical'\n  target_match:\n    severity: 'warning'\n  equal: ['alertname', 'instance']\n\nreceivers:\n- name: '${slack_jenkins_receiver}'\n  slack_configs:\n  - api_url: '${slack_jenkins_api_key}'\n    channel: '#${slack_jenkins_channel}'\n    send_resolved: true\n    icon_url: https://avatars3.githubusercontent.com/u/3380462\n    title: |-\n     [{{ .Status | toUpper }}{{ if eq .Status \"firing\" }}:{{ .Alerts.Firing | len }}{{ end }}] {{ .CommonLabels.alertname }} for {{ .CommonLabels.job }}\n     {{- if gt (len .CommonLabels) (len .GroupLabels) -}}\n       {{\" \"}}(\n       {{- with .CommonLabels.Remove .GroupLabels.Names }}\n         {{- range $index, $label := .SortedPairs -}}\n           {{ if $index }}, {{ end }}\n           {{- $label.Name }}=\"{{ $label.Value -}}\"\n         {{- end }}\n       {{- end -}}\n       )\n     {{- end }}\n    text: \u003e-\n     {{ range .Alerts -}}\n     *Alert:* {{ .Annotations.summary }}{{ if .Labels.severity }} - `{{ .Labels.severity }}`{{ end }}\n\n     *Description:* {{ .Annotations.description }}\n\n     *Details:*\n       {{ range .Labels.SortedPairs }} • *{{ .Name }}:* `{{ .Value }}`\n       {{ end }}\n     {{ end }}\n\n- name: '${slack_default_receiver}'\n  slack_configs:\n  - api_url: '${slack_default_api_key}'\n    channel: '#${slack_default_channel}'\n    send_resolved: true\n    icon_url: https://avatars3.githubusercontent.com/u/3380462\n    title: |-\n     [{{ .Status | toUpper }}{{ if eq .Status \"firing\" }}:{{ .Alerts.Firing | len }}{{ end }}] {{ .CommonLabels.alertname }} for {{ .CommonLabels.job }}\n     {{- if gt (len .CommonLabels) (len .GroupLabels) -}}\n       {{\" \"}}(\n       {{- with .CommonLabels.Remove .GroupLabels.Names }}\n         {{- range $index, $label := .SortedPairs -}}\n           {{ if $index }}, {{ end }}\n           {{- $label.Name }}=\"{{ $label.Value -}}\"\n         {{- end }}\n       {{- end -}}\n       )\n     {{- end }}\n    text: \u003e-\n     {{ range .Alerts -}}\n     *Alert:* {{ .Annotations.summary }}{{ if .Labels.severity }} - `{{ .Labels.severity }}`{{ end }}\n\n     *Description:* {{ .Annotations.description }}\n\n     *Details:*\n       {{ range .Labels.SortedPairs }} • *{{ .Name }}:* `{{ .Value }}`\n       {{ end }}\n     {{ end }}\nEOH\n      }\n\n      # The service stanza instructs Nomad to register a service with Consul.\n      #\n      # For more information and examples on the \"task\" stanza, please see\n      # the online documentation at:\n      #\n      #     https://www.nomadproject.io/docs/job-specification/service\n      #\n      service {\n        name            = \"${service_name}\"\n        port            = \"${service_name}\"\n        tags            = [ \"${service_name}$${NOMAD_ALLOC_INDEX}\" ]\n        check {\n          name          = \"Alertmanager Check Live\"\n          type          = \"http\"\n          path          = \"/-/healthy\"\n          interval      = \"10s\"\n          timeout       = \"2s\"\n        }\n      }\n\n      # The \"resources\" stanza describes the requirements a task needs to\n      # execute. Resource requirements include memory, network, cpu, and more.\n      # This ensures the task will execute on a machine that contains enough\n      # resource capacity.\n      #\n      # For more information and examples on the \"resources\" stanza, please see\n      # the online documentation at:\n      #\n      #     https://www.nomadproject.io/docs/job-specification/resources\n      #\n      resources {\n        cpu             = ${cpu}\n        memory          = ${mem}\n        # The network stanza specifies the networking requirements for the task\n        # group, including the network mode and port allocations. When scheduling\n        # jobs in Nomad they are provisioned across your fleet of machines along\n        # with other jobs and services. Because you don't know in advance what host\n        # your job will be provisioned on, Nomad will provide your tasks with\n        # network configuration when they start up.\n        #\n        # For more information and examples on the \"template\" stanza, please see\n        # the online documentation at:\n        #\n        #     https://www.nomadproject.io/docs/job-specification/network\n        #\n        network {\n          port \"${service_name}\" {\n            static      = ${port}\n          }\n        }\n      }\n    }\n  }\n}",
             "vars": {
               "cpu": "1000",
@@ -27,10 +27,10 @@
               "mem": "1024",
               "port": "9093",
               "service_name": "alertmanager",
-              "slack_default_api_key": "TE07RD1V1/B01L7PQK9S8/vJTSCr3OUprfAEGKBV5uZoJ6",
+              "slack_default_api_key": "TE07RD1V1/B01UUK23B6C/hZTcCu42FUv8d6rtirHtcYIi",
               "slack_default_channel": "fdio-infra-monitoring",
               "slack_default_receiver": "default-slack-receiver",
-              "slack_jenkins_api_key": "TE07RD1V1/B01LPL8KM0F/KAd80wc9vS8CPMtrNtmQqCfT",
+              "slack_jenkins_api_key": "TE07RD1V1/B01U1NV9HV3/hKZXJJ74g2JcISq4K3QC1eG9",
               "slack_jenkins_channel": "fdio-jobs-monitoring",
               "slack_jenkins_receiver": "jenkins-slack-receiver",
               "url": "https://github.com/prometheus/alertmanager/releases/download/v0.21.0/alertmanager-0.21.0.linux-amd64.tar.gz",
@@ -54,20 +54,21 @@
           "schema_version": 0,
           "attributes": {
             "allocation_ids": [
-              "0fafbccb-8855-e1e6-dc14-caa45e611a72"
+              "778f4f9d-dea8-e5bd-c9cf-f7a7e2d3a24e",
+              "644eb7b6-268c-4b0f-ba49-e3f7d2582298"
             ],
             "datacenters": [
               "yul1"
             ],
-            "deployment_id": "b82d8258-f69e-fb94-0416-c85779fa42cd",
+            "deployment_id": "1cd42f80-d43d-96cf-bce9-c1f77872e48b",
             "deployment_status": "successful",
             "deregister_on_destroy": true,
             "deregister_on_id_change": true,
             "detach": false,
             "id": "prod-alertmanager",
-            "jobspec": "job \"prod-alertmanager\" {\n  # The \"region\" parameter specifies the region in which to execute the job.\n  # If omitted, this inherits the default region name of \"global\".\n  # region = \"global\"\n  #\n  # The \"datacenters\" parameter specifies the list of datacenters which should\n  # be considered when placing this task. This must be provided.\n  datacenters         = \"yul1\"\n\n  # The \"type\" parameter controls the type of job, which impacts the scheduler's\n  # decision on placement. This configuration is optional and defaults to\n  # \"service\". For a full list of job types and their differences, please see\n  # the online documentation.\n  #\n  # For more information, please see the online documentation at:\n  #\n  #     https://www.nomadproject.io/docs/jobspec/schedulers\n  #\n  type                = \"service\"\n\n  update {\n    # The \"max_parallel\" parameter specifies the maximum number of updates to\n    # perform in parallel. In this case, this specifies to update a single task\n    # at a time.\n    max_parallel      = 1\n\n    health_check      = \"checks\"\n\n    # The \"min_healthy_time\" parameter specifies the minimum time the allocation\n    # must be in the healthy state before it is marked as healthy and unblocks\n    # further allocations from being updated.\n    min_healthy_time  = \"10s\"\n\n    # The \"healthy_deadline\" parameter specifies the deadline in which the\n    # allocation must be marked as healthy after which the allocation is\n    # automatically transitioned to unhealthy. Transitioning to unhealthy will\n    # fail the deployment and potentially roll back the job if \"auto_revert\" is\n    # set to true.\n    healthy_deadline  = \"3m\"\n\n    # The \"progress_deadline\" parameter specifies the deadline in which an\n    # allocation must be marked as healthy. The deadline begins when the first\n    # allocation for the deployment is created and is reset whenever an allocation\n    # as part of the deployment transitions to a healthy state. If no allocation\n    # transitions to the healthy state before the progress deadline, the\n    # deployment is marked as failed.\n    progress_deadline = \"10m\"\n\n\n    # The \"canary\" parameter specifies that changes to the job that would result\n    # in destructive updates should create the specified number of canaries\n    # without stopping any previous allocations. Once the operator determines the\n    # canaries are healthy, they can be promoted which unblocks a rolling update\n    # of the remaining allocations at a rate of \"max_parallel\".\n    #\n    # Further, setting \"canary\" equal to the count of the task group allows\n    # blue/green deployments. When the job is updated, a full set of the new\n    # version is deployed and upon promotion the old version is stopped.\n    canary            = 1\n\n    # Specifies if the job should auto-promote to the canary version when all\n    # canaries become healthy during a deployment. Defaults to false which means\n    # canaries must be manually updated with the nomad deployment promote\n    # command.\n    auto_promote      = true\n\n    # The \"auto_revert\" parameter specifies if the job should auto-revert to the\n    # last stable job on deployment failure. A job is marked as stable if all the\n    # allocations as part of its deployment were marked healthy.\n    auto_revert       = true\n\n  }\n\n  # The reschedule stanza specifies the group's rescheduling strategy. If\n  # specified at the job level, the configuration will apply to all groups\n  # within the job. If the reschedule stanza is present on both the job and the\n  # group, they are merged with the group stanza taking the highest precedence\n  # and then the job.\n  reschedule {\n    delay             = \"30s\"\n    delay_function    = \"constant\"\n    unlimited         = true\n  }\n\n  # The \"group\" stanza defines a series of tasks that should be co-located on\n  # the same Nomad client. Any task within a group will be placed on the same\n  # client.\n  #\n  # For more information and examples on the \"group\" stanza, please see\n  # the online documentation at:\n  #\n  #     https://www.nomadproject.io/docs/job-specification/group\n  #\n  group \"prod-group1-alertmanager\" {\n    # The \"count\" parameter specifies the number of the task groups that should\n    # be running under this group. This value must be non-negative and defaults\n    # to 1.\n    count             = 1\n\n    # The restart stanza configures a tasks's behavior on task failure. Restarts\n    # happen on the client that is running the task.\n    #\n    # https://www.nomadproject.io/docs/job-specification/restart\n    #\n    restart {\n      interval  = \"30m\"\n      attempts  = 40\n      delay     = \"15s\"\n      mode      = \"delay\"\n    }\n\n    # The constraint allows restricting the set of eligible nodes. Constraints\n    # may filter on attributes or client metadata.\n    #\n    # For more information and examples on the \"volume\" stanza, please see\n    # the online documentation at:\n    #\n    #     https://www.nomadproject.io/docs/job-specification/constraint\n    #\n    constraint {\n      attribute       = \"${attr.cpu.arch}\"\n      operator        = \"!=\"\n      value           = \"arm64\"\n    }\n\n    # The \"task\" stanza creates an individual unit of work, such as a Docker\n    # container, web application, or batch processing.\n    #\n    # For more information and examples on the \"task\" stanza, please see\n    # the online documentation at:\n    #\n    #     https://www.nomadproject.io/docs/job-specification/task\n    #\n    task \"prod-task1-alertmanager\" {\n      # The \"driver\" parameter specifies the task driver that should be used to\n      # run the task.\n      driver          = \"exec\"\n\n      \n\n      # The \"config\" stanza specifies the driver configuration, which is passed\n      # directly to the driver to start the task. The details of configurations\n      # are specific to each driver, so please see specific driver\n      # documentation for more information.\n      config {\n        command       = \"local/alertmanager-0.21.0.linux-amd64/alertmanager\"\n        args          = [\n          \"--config.file=secrets/alertmanager.yml\"\n        ]\n      }\n\n      # The artifact stanza instructs Nomad to fetch and unpack a remote resource,\n      # such as a file, tarball, or binary. Nomad downloads artifacts using the\n      # popular go-getter library, which permits downloading artifacts from a\n      # variety of locations using a URL as the input source.\n      #\n      # For more information and examples on the \"artifact\" stanza, please see\n      # the online documentation at:\n      #\n      #     https://www.nomadproject.io/docs/job-specification/artifact\n      #\n      artifact {\n        source          = \"https://github.com/prometheus/alertmanager/releases/download/v0.21.0/alertmanager-0.21.0.linux-amd64.tar.gz\"\n      }\n\n      # The \"template\" stanza instructs Nomad to manage a template, such as\n      # a configuration file or script. This template can optionally pull data\n      # from Consul or Vault to populate runtime configuration data.\n      #\n      # For more information and examples on the \"template\" stanza, please see\n      # the online documentation at:\n      #\n      #     https://www.nomadproject.io/docs/job-specification/template\n      #\n      template {\n        change_mode     = \"noop\"\n        change_signal   = \"SIGINT\"\n        destination     = \"secrets/alertmanager.yml\"\n        left_delimiter  = \"{{{\"\n        right_delimiter = \"}}}\"\n        data            = \u003c\u003cEOH\n# The directory from which notification templates are read.\ntemplates:\n- '/etc/alertmanager/template/*.tmpl'\n\n#tls_config:\n#  # CA certificate to validate the server certificate with.\n#  ca_file: \u003cfilepath\u003e ]\n#\n#  # Certificate and key files for client cert authentication to the server.\n#  cert_file: \u003cfilepath\u003e\n#  key_file: \u003cfilepath\u003e\n#\n#  # ServerName extension to indicate the name of the server.\n#  # http://tools.ietf.org/html/rfc4366#section-3.1\n#  server_name: \u003cstring\u003e\n#\n#  # Disable validation of the server certificate.\n#  insecure_skip_verify: true\n\n# The root route on which each incoming alert enters.\nroute:\n  receiver: 'default-slack-receiver'\n\n  # The labels by which incoming alerts are grouped together. For example,\n  # multiple alerts coming in for cluster=A and alertname=LatencyHigh would\n  # be batched into a single group.\n  #\n  # To aggregate by all possible labels use '...' as the sole label name.\n  # This effectively disables aggregation entirely, passing through all\n  # alerts as-is. This is unlikely to be what you want, unless you have\n  # a very low alert volume or your upstream notification system performs\n  # its own grouping. Example: group_by: [...]\n  group_by: ['alertname']\n\n  # When a new group of alerts is created by an incoming alert, wait at\n  # least 'group_wait' to send the initial notification.\n  # This way ensures that you get multiple alerts for the same group that start\n  # firing shortly after another are batched together on the first\n  # notification.\n  group_wait: 30s\n\n  # When the first notification was sent, wait 'group_interval' to send a batch\n  # of new alerts that started firing for that group.\n  group_interval: 5m\n\n  # If an alert has successfully been sent, wait 'repeat_interval' to\n  # resend them.\n  repeat_interval: 3h\n\n  # All the above attributes are inherited by all child routes and can\n  # overwritten on each.\n  # The child route trees.\n  routes:\n  - match_re:\n      alertname: JenkinsJob.*\n    receiver: jenkins-slack-receiver\n    routes:\n    - match:\n        severity: critical\n      receiver: 'jenkins-slack-receiver'\n\n  - match_re:\n      service: .*\n    receiver: default-slack-receiver\n    routes:\n    - match:\n        severity: critical\n      receiver: 'default-slack-receiver'\n\n# Inhibition rules allow to mute a set of alerts given that another alert is\n# firing.\n# We use this to mute any warning-level notifications if the same alert is\n# already critical.\ninhibit_rules:\n- source_match:\n    severity: 'critical'\n  target_match:\n    severity: 'warning'\n  equal: ['alertname', 'instance']\n\nreceivers:\n- name: 'jenkins-slack-receiver'\n  slack_configs:\n  - api_url: 'TE07RD1V1/B01LPL8KM0F/KAd80wc9vS8CPMtrNtmQqCfT'\n    channel: '#fdio-jobs-monitoring'\n    send_resolved: true\n    icon_url: https://avatars3.githubusercontent.com/u/3380462\n    title: |-\n     [{{ .Status | toUpper }}{{ if eq .Status \"firing\" }}:{{ .Alerts.Firing | len }}{{ end }}] {{ .CommonLabels.alertname }} for {{ .CommonLabels.job }}\n     {{- if gt (len .CommonLabels) (len .GroupLabels) -}}\n       {{\" \"}}(\n       {{- with .CommonLabels.Remove .GroupLabels.Names }}\n         {{- range $index, $label := .SortedPairs -}}\n           {{ if $index }}, {{ end }}\n           {{- $label.Name }}=\"{{ $label.Value -}}\"\n         {{- end }}\n       {{- end -}}\n       )\n     {{- end }}\n    text: \u003e-\n     {{ range .Alerts -}}\n     *Alert:* {{ .Annotations.summary }}{{ if .Labels.severity }} - `{{ .Labels.severity }}`{{ end }}\n\n     *Description:* {{ .Annotations.description }}\n\n     *Details:*\n       {{ range .Labels.SortedPairs }} • *{{ .Name }}:* `{{ .Value }}`\n       {{ end }}\n     {{ end }}\n\n- name: 'default-slack-receiver'\n  slack_configs:\n  - api_url: 'TE07RD1V1/B01L7PQK9S8/vJTSCr3OUprfAEGKBV5uZoJ6'\n    channel: '#fdio-infra-monitoring'\n    send_resolved: true\n    icon_url: https://avatars3.githubusercontent.com/u/3380462\n    title: |-\n     [{{ .Status | toUpper }}{{ if eq .Status \"firing\" }}:{{ .Alerts.Firing | len }}{{ end }}] {{ .CommonLabels.alertname }} for {{ .CommonLabels.job }}\n     {{- if gt (len .CommonLabels) (len .GroupLabels) -}}\n       {{\" \"}}(\n       {{- with .CommonLabels.Remove .GroupLabels.Names }}\n         {{- range $index, $label := .SortedPairs -}}\n           {{ if $index }}, {{ end }}\n           {{- $label.Name }}=\"{{ $label.Value -}}\"\n         {{- end }}\n       {{- end -}}\n       )\n     {{- end }}\n    text: \u003e-\n     {{ range .Alerts -}}\n     *Alert:* {{ .Annotations.summary }}{{ if .Labels.severity }} - `{{ .Labels.severity }}`{{ end }}\n\n     *Description:* {{ .Annotations.description }}\n\n     *Details:*\n       {{ range .Labels.SortedPairs }} • *{{ .Name }}:* `{{ .Value }}`\n       {{ end }}\n     {{ end }}\nEOH\n      }\n\n      # The service stanza instructs Nomad to register a service with Consul.\n      #\n      # For more information and examples on the \"task\" stanza, please see\n      # the online documentation at:\n      #\n      #     https://www.nomadproject.io/docs/job-specification/service\n      #\n      service {\n        name            = \"alertmanager\"\n        port            = \"alertmanager\"\n        tags            = [ \"alertmanager${NOMAD_ALLOC_INDEX}\" ]\n        check {\n          name          = \"Alertmanager Check Live\"\n          type          = \"http\"\n          path          = \"/-/healthy\"\n          interval      = \"10s\"\n          timeout       = \"2s\"\n        }\n      }\n\n      # The \"resources\" stanza describes the requirements a task needs to\n      # execute. Resource requirements include memory, network, cpu, and more.\n      # This ensures the task will execute on a machine that contains enough\n      # resource capacity.\n      #\n      # For more information and examples on the \"resources\" stanza, please see\n      # the online documentation at:\n      #\n      #     https://www.nomadproject.io/docs/job-specification/resources\n      #\n      resources {\n        cpu             = 1000\n        memory          = 1024\n        # The network stanza specifies the networking requirements for the task\n        # group, including the network mode and port allocations. When scheduling\n        # jobs in Nomad they are provisioned across your fleet of machines along\n        # with other jobs and services. Because you don't know in advance what host\n        # your job will be provisioned on, Nomad will provide your tasks with\n        # network configuration when they start up.\n        #\n        # For more information and examples on the \"template\" stanza, please see\n        # the online documentation at:\n        #\n        #     https://www.nomadproject.io/docs/job-specification/network\n        #\n        network {\n          port \"alertmanager\" {\n            static      = 9093\n          }\n        }\n      }\n    }\n  }\n}",
+            "jobspec": "job \"prod-alertmanager\" {\n  # The \"region\" parameter specifies the region in which to execute the job.\n  # If omitted, this inherits the default region name of \"global\".\n  # region = \"global\"\n  #\n  # The \"datacenters\" parameter specifies the list of datacenters which should\n  # be considered when placing this task. This must be provided.\n  datacenters         = \"yul1\"\n\n  # The \"type\" parameter controls the type of job, which impacts the scheduler's\n  # decision on placement. This configuration is optional and defaults to\n  # \"service\". For a full list of job types and their differences, please see\n  # the online documentation.\n  #\n  # For more information, please see the online documentation at:\n  #\n  #     https://www.nomadproject.io/docs/jobspec/schedulers\n  #\n  type                = \"service\"\n\n  update {\n    # The \"max_parallel\" parameter specifies the maximum number of updates to\n    # perform in parallel. In this case, this specifies to update a single task\n    # at a time.\n    max_parallel      = 1\n\n    health_check      = \"checks\"\n\n    # The \"min_healthy_time\" parameter specifies the minimum time the allocation\n    # must be in the healthy state before it is marked as healthy and unblocks\n    # further allocations from being updated.\n    min_healthy_time  = \"10s\"\n\n    # The \"healthy_deadline\" parameter specifies the deadline in which the\n    # allocation must be marked as healthy after which the allocation is\n    # automatically transitioned to unhealthy. Transitioning to unhealthy will\n    # fail the deployment and potentially roll back the job if \"auto_revert\" is\n    # set to true.\n    healthy_deadline  = \"3m\"\n\n    # The \"progress_deadline\" parameter specifies the deadline in which an\n    # allocation must be marked as healthy. The deadline begins when the first\n    # allocation for the deployment is created and is reset whenever an allocation\n    # as part of the deployment transitions to a healthy state. If no allocation\n    # transitions to the healthy state before the progress deadline, the\n    # deployment is marked as failed.\n    progress_deadline = \"10m\"\n\n\n    # The \"canary\" parameter specifies that changes to the job that would result\n    # in destructive updates should create the specified number of canaries\n    # without stopping any previous allocations. Once the operator determines the\n    # canaries are healthy, they can be promoted which unblocks a rolling update\n    # of the remaining allocations at a rate of \"max_parallel\".\n    #\n    # Further, setting \"canary\" equal to the count of the task group allows\n    # blue/green deployments. When the job is updated, a full set of the new\n    # version is deployed and upon promotion the old version is stopped.\n    canary            = 1\n\n    # Specifies if the job should auto-promote to the canary version when all\n    # canaries become healthy during a deployment. Defaults to false which means\n    # canaries must be manually updated with the nomad deployment promote\n    # command.\n    auto_promote      = true\n\n    # The \"auto_revert\" parameter specifies if the job should auto-revert to the\n    # last stable job on deployment failure. A job is marked as stable if all the\n    # allocations as part of its deployment were marked healthy.\n    auto_revert       = true\n\n  }\n\n  # The reschedule stanza specifies the group's rescheduling strategy. If\n  # specified at the job level, the configuration will apply to all groups\n  # within the job. If the reschedule stanza is present on both the job and the\n  # group, they are merged with the group stanza taking the highest precedence\n  # and then the job.\n  reschedule {\n    delay             = \"30s\"\n    delay_function    = \"constant\"\n    unlimited         = true\n  }\n\n  # The \"group\" stanza defines a series of tasks that should be co-located on\n  # the same Nomad client. Any task within a group will be placed on the same\n  # client.\n  #\n  # For more information and examples on the \"group\" stanza, please see\n  # the online documentation at:\n  #\n  #     https://www.nomadproject.io/docs/job-specification/group\n  #\n  group \"prod-group1-alertmanager\" {\n    # The \"count\" parameter specifies the number of the task groups that should\n    # be running under this group. This value must be non-negative and defaults\n    # to 1.\n    count             = 1\n\n    # The restart stanza configures a tasks's behavior on task failure. Restarts\n    # happen on the client that is running the task.\n    #\n    # https://www.nomadproject.io/docs/job-specification/restart\n    #\n    restart {\n      interval  = \"30m\"\n      attempts  = 40\n      delay     = \"15s\"\n      mode      = \"delay\"\n    }\n\n    # The constraint allows restricting the set of eligible nodes. Constraints\n    # may filter on attributes or client metadata.\n    #\n    # For more information and examples on the \"volume\" stanza, please see\n    # the online documentation at:\n    #\n    #     https://www.nomadproject.io/docs/job-specification/constraint\n    #\n    constraint {\n      attribute       = \"${attr.cpu.arch}\"\n      operator        = \"!=\"\n      value           = \"arm64\"\n    }\n\n    # The \"task\" stanza creates an individual unit of work, such as a Docker\n    # container, web application, or batch processing.\n    #\n    # For more information and examples on the \"task\" stanza, please see\n    # the online documentation at:\n    #\n    #     https://www.nomadproject.io/docs/job-specification/task\n    #\n    task \"prod-task1-alertmanager\" {\n      # The \"driver\" parameter specifies the task driver that should be used to\n      # run the task.\n      driver          = \"exec\"\n\n      \n\n      # The \"config\" stanza specifies the driver configuration, which is passed\n      # directly to the driver to start the task. The details of configurations\n      # are specific to each driver, so please see specific driver\n      # documentation for more information.\n      config {\n        command       = \"local/alertmanager-0.21.0.linux-amd64/alertmanager\"\n        args          = [\n          \"--config.file=secrets/alertmanager.yml\"\n        ]\n      }\n\n      # The artifact stanza instructs Nomad to fetch and unpack a remote resource,\n      # such as a file, tarball, or binary. Nomad downloads artifacts using the\n      # popular go-getter library, which permits downloading artifacts from a\n      # variety of locations using a URL as the input source.\n      #\n      # For more information and examples on the \"artifact\" stanza, please see\n      # the online documentation at:\n      #\n      #     https://www.nomadproject.io/docs/job-specification/artifact\n      #\n      artifact {\n        source          = \"https://github.com/prometheus/alertmanager/releases/download/v0.21.0/alertmanager-0.21.0.linux-amd64.tar.gz\"\n      }\n\n      # The \"template\" stanza instructs Nomad to manage a template, such as\n      # a configuration file or script. This template can optionally pull data\n      # from Consul or Vault to populate runtime configuration data.\n      #\n      # For more information and examples on the \"template\" stanza, please see\n      # the online documentation at:\n      #\n      #     https://www.nomadproject.io/docs/job-specification/template\n      #\n      template {\n        change_mode     = \"noop\"\n        change_signal   = \"SIGINT\"\n        destination     = \"secrets/alertmanager.yml\"\n        left_delimiter  = \"{{{\"\n        right_delimiter = \"}}}\"\n        data            = \u003c\u003cEOH\n# The directory from which notification templates are read.\ntemplates:\n- '/etc/alertmanager/template/*.tmpl'\n\n#tls_config:\n#  # CA certificate to validate the server certificate with.\n#  ca_file: \u003cfilepath\u003e ]\n#\n#  # Certificate and key files for client cert authentication to the server.\n#  cert_file: \u003cfilepath\u003e\n#  key_file: \u003cfilepath\u003e\n#\n#  # ServerName extension to indicate the name of the server.\n#  # http://tools.ietf.org/html/rfc4366#section-3.1\n#  server_name: \u003cstring\u003e\n#\n#  # Disable validation of the server certificate.\n#  insecure_skip_verify: true\n\n# The root route on which each incoming alert enters.\nroute:\n  receiver: 'default-slack-receiver'\n\n  # The labels by which incoming alerts are grouped together. For example,\n  # multiple alerts coming in for cluster=A and alertname=LatencyHigh would\n  # be batched into a single group.\n  #\n  # To aggregate by all possible labels use '...' as the sole label name.\n  # This effectively disables aggregation entirely, passing through all\n  # alerts as-is. This is unlikely to be what you want, unless you have\n  # a very low alert volume or your upstream notification system performs\n  # its own grouping. Example: group_by: [...]\n  group_by: ['alertname']\n\n  # When a new group of alerts is created by an incoming alert, wait at\n  # least 'group_wait' to send the initial notification.\n  # This way ensures that you get multiple alerts for the same group that start\n  # firing shortly after another are batched together on the first\n  # notification.\n  group_wait: 30s\n\n  # When the first notification was sent, wait 'group_interval' to send a batch\n  # of new alerts that started firing for that group.\n  group_interval: 5m\n\n  # If an alert has successfully been sent, wait 'repeat_interval' to\n  # resend them.\n  repeat_interval: 3h\n\n  # All the above attributes are inherited by all child routes and can\n  # overwritten on each.\n  # The child route trees.\n  routes:\n  - match_re:\n      alertname: JenkinsJob.*\n    receiver: jenkins-slack-receiver\n    routes:\n    - match:\n        severity: critical\n      receiver: 'jenkins-slack-receiver'\n\n  - match_re:\n      service: .*\n    receiver: default-slack-receiver\n    routes:\n    - match:\n        severity: critical\n      receiver: 'default-slack-receiver'\n\n# Inhibition rules allow to mute a set of alerts given that another alert is\n# firing.\n# We use this to mute any warning-level notifications if the same alert is\n# already critical.\ninhibit_rules:\n- source_match:\n    severity: 'critical'\n  target_match:\n    severity: 'warning'\n  equal: ['alertname', 'instance']\n\nreceivers:\n- name: 'jenkins-slack-receiver'\n  slack_configs:\n  - api_url: 'TE07RD1V1/B01U1NV9HV3/hKZXJJ74g2JcISq4K3QC1eG9'\n    channel: '#fdio-jobs-monitoring'\n    send_resolved: true\n    icon_url: https://avatars3.githubusercontent.com/u/3380462\n    title: |-\n     [{{ .Status | toUpper }}{{ if eq .Status \"firing\" }}:{{ .Alerts.Firing | len }}{{ end }}] {{ .CommonLabels.alertname }} for {{ .CommonLabels.job }}\n     {{- if gt (len .CommonLabels) (len .GroupLabels) -}}\n       {{\" \"}}(\n       {{- with .CommonLabels.Remove .GroupLabels.Names }}\n         {{- range $index, $label := .SortedPairs -}}\n           {{ if $index }}, {{ end }}\n           {{- $label.Name }}=\"{{ $label.Value -}}\"\n         {{- end }}\n       {{- end -}}\n       )\n     {{- end }}\n    text: \u003e-\n     {{ range .Alerts -}}\n     *Alert:* {{ .Annotations.summary }}{{ if .Labels.severity }} - `{{ .Labels.severity }}`{{ end }}\n\n     *Description:* {{ .Annotations.description }}\n\n     *Details:*\n       {{ range .Labels.SortedPairs }} • *{{ .Name }}:* `{{ .Value }}`\n       {{ end }}\n     {{ end }}\n\n- name: 'default-slack-receiver'\n  slack_configs:\n  - api_url: 'TE07RD1V1/B01UUK23B6C/hZTcCu42FUv8d6rtirHtcYIi'\n    channel: '#fdio-infra-monitoring'\n    send_resolved: true\n    icon_url: https://avatars3.githubusercontent.com/u/3380462\n    title: |-\n     [{{ .Status | toUpper }}{{ if eq .Status \"firing\" }}:{{ .Alerts.Firing | len }}{{ end }}] {{ .CommonLabels.alertname }} for {{ .CommonLabels.job }}\n     {{- if gt (len .CommonLabels) (len .GroupLabels) -}}\n       {{\" \"}}(\n       {{- with .CommonLabels.Remove .GroupLabels.Names }}\n         {{- range $index, $label := .SortedPairs -}}\n           {{ if $index }}, {{ end }}\n           {{- $label.Name }}=\"{{ $label.Value -}}\"\n         {{- end }}\n       {{- end -}}\n       )\n     {{- end }}\n    text: \u003e-\n     {{ range .Alerts -}}\n     *Alert:* {{ .Annotations.summary }}{{ if .Labels.severity }} - `{{ .Labels.severity }}`{{ end }}\n\n     *Description:* {{ .Annotations.description }}\n\n     *Details:*\n       {{ range .Labels.SortedPairs }} • *{{ .Name }}:* `{{ .Value }}`\n       {{ end }}\n     {{ end }}\nEOH\n      }\n\n      # The service stanza instructs Nomad to register a service with Consul.\n      #\n      # For more information and examples on the \"task\" stanza, please see\n      # the online documentation at:\n      #\n      #     https://www.nomadproject.io/docs/job-specification/service\n      #\n      service {\n        name            = \"alertmanager\"\n        port            = \"alertmanager\"\n        tags            = [ \"alertmanager${NOMAD_ALLOC_INDEX}\" ]\n        check {\n          name          = \"Alertmanager Check Live\"\n          type          = \"http\"\n          path          = \"/-/healthy\"\n          interval      = \"10s\"\n          timeout       = \"2s\"\n        }\n      }\n\n      # The \"resources\" stanza describes the requirements a task needs to\n      # execute. Resource requirements include memory, network, cpu, and more.\n      # This ensures the task will execute on a machine that contains enough\n      # resource capacity.\n      #\n      # For more information and examples on the \"resources\" stanza, please see\n      # the online documentation at:\n      #\n      #     https://www.nomadproject.io/docs/job-specification/resources\n      #\n      resources {\n        cpu             = 1000\n        memory          = 1024\n        # The network stanza specifies the networking requirements for the task\n        # group, including the network mode and port allocations. When scheduling\n        # jobs in Nomad they are provisioned across your fleet of machines along\n        # with other jobs and services. Because you don't know in advance what host\n        # your job will be provisioned on, Nomad will provide your tasks with\n        # network configuration when they start up.\n        #\n        # For more information and examples on the \"template\" stanza, please see\n        # the online documentation at:\n        #\n        #     https://www.nomadproject.io/docs/job-specification/network\n        #\n        network {\n          port \"alertmanager\" {\n            static      = 9093\n          }\n        }\n      }\n    }\n  }\n}",
             "json": null,
-            "modify_index": "7575031",
+            "modify_index": "8219920",
             "name": "prod-alertmanager",
             "namespace": "default",
             "policy_override": null,
@@ -141,8 +142,7 @@
           "schema_version": 0,
           "attributes": {
             "allocation_ids": [
-              "110eefb6-1c11-3d08-cf24-5340b112b760",
-              "666f879f-f189-e038-9a57-bcbd758060fa"
+              "24a62387-6e3e-2a43-0d90-a287f161b4d9"
             ],
             "datacenters": [
               "yul1"
@@ -271,10 +271,9 @@
           "schema_version": 0,
           "attributes": {
             "allocation_ids": [
-              "bd2fae48-5ab9-7860-b277-99b2f04ec11e",
-              "03ca66a1-21fc-1d02-68a6-ef806a9f758e",
-              "56ab78ad-d7a3-d830-7666-f4486d5d12b4",
-              "68c878f6-dbb3-bb49-cc51-3857256b30e1"
+              "bd315c5e-035d-3a08-698d-d119fb48035f",
+              "e82e0119-4d2e-89eb-baa3-0ec6bde71661",
+              "24e462a6-6d55-a109-47bf-4c83ad5596a7"
             ],
             "datacenters": [
               "yul1"
@@ -343,9 +342,9 @@
           "schema_version": 0,
           "attributes": {
             "filename": null,
-            "id": "92bd3cfebeb2b4fc1876937515d89affe5135575364a5154f8da4f06706669a0",
-            "rendered": "job \"prod-nginx\" {\n  # The \"region\" parameter specifies the region in which to execute the job.\n  # If omitted, this inherits the default region name of \"global\".\n  # region = \"global\"\n  #\n  # The \"datacenters\" parameter specifies the list of datacenters which should\n  # be considered when placing this task. This must be provided.\n  datacenters = \"yul1\"\n\n  # The \"type\" parameter controls the type of job, which impacts the scheduler's\n  # decision on placement. This configuration is optional and defaults to\n  # \"service\". For a full list of job types and their differences, please see\n  # the online documentation.\n  #\n  # For more information, please see the online documentation at:\n  #\n  #     https://www.nomadproject.io/docs/jobspec/schedulers.html\n  #\n  type = \"service\"\n\n  update {\n    # The \"max_parallel\" parameter specifies the maximum number of updates to\n    # perform in parallel. In this case, this specifies to update a single task\n    # at a time.\n    max_parallel      = 0\n\n    # The \"min_healthy_time\" parameter specifies the minimum time the allocation\n    # must be in the healthy state before it is marked as healthy and unblocks\n    # further allocations from being updated.\n    min_healthy_time  = \"10s\"\n\n    # The \"healthy_deadline\" parameter specifies the deadline in which the\n    # allocation must be marked as healthy after which the allocation is\n    # automatically transitioned to unhealthy. Transitioning to unhealthy will\n    # fail the deployment and potentially roll back the job if \"auto_revert\" is\n    # set to true.\n    healthy_deadline  = \"3m\"\n\n    # The \"progress_deadline\" parameter specifies the deadline in which an\n    # allocation must be marked as healthy. The deadline begins when the first\n    # allocation for the deployment is created and is reset whenever an allocation\n    # as part of the deployment transitions to a healthy state. If no allocation\n    # transitions to the healthy state before the progress deadline, the\n    # deployment is marked as failed.\n    progress_deadline = \"10m\"\n\n    # The \"auto_revert\" parameter specifies if the job should auto-revert to the\n    # last stable job on deployment failure. A job is marked as stable if all the\n    # allocations as part of its deployment were marked healthy.\n    auto_revert       = false\n\n    # The \"canary\" parameter specifies that changes to the job that would result\n    # in destructive updates should create the specified number of canaries\n    # without stopping any previous allocations. Once the operator determines the\n    # canaries are healthy, they can be promoted which unblocks a rolling update\n    # of the remaining allocations at a rate of \"max_parallel\".\n    #\n    # Further, setting \"canary\" equal to the count of the task group allows\n    # blue/green deployments. When the job is updated, a full set of the new\n    # version is deployed and upon promotion the old version is stopped.\n    canary            = 0\n  }\n\n  # The reschedule stanza specifies the group's rescheduling strategy. If\n  # specified at the job level, the configuration will apply to all groups\n  # within the job. If the reschedule stanza is present on both the job and the\n  # group, they are merged with the group stanza taking the highest precedence\n  # and then the job.\n  reschedule {\n    delay             = \"30s\"\n    delay_function    = \"constant\"\n    unlimited         = true\n  }\n\n  # The \"group\" stanza defines a series of tasks that should be co-located on\n  # the same Nomad client. Any task within a group will be placed on the same\n  # client.\n  #\n  # For more information and examples on the \"group\" stanza, please see\n  # the online documentation at:\n  #\n  #     https://www.nomadproject.io/docs/job-specification/group.html\n  #\n  group \"prod-group1-nginx\" {\n    # The \"count\" parameter specifies the number of the task groups that should\n    # be running under this group. This value must be non-negative and defaults\n    # to 1.\n    count = 1\n\n    # https://www.nomadproject.io/docs/job-specification/volume\n    \n    volume \"prod-volume1-nginx\" {\n      type      = \"host\"\n      read_only = false\n      source    = \"prod-volume-data1-1\"\n    }\n    \n\n    # The restart stanza configures a tasks's behavior on task failure. Restarts\n    # happen on the client that is running the task.\n    #\n    # https://www.nomadproject.io/docs/job-specification/restart\n    #\n    restart {\n      interval  = \"30m\"\n      attempts  = 40\n      delay     = \"15s\"\n      mode      = \"delay\"\n    }\n\n    # The \"task\" stanza creates an individual unit of work, such as a Docker\n    # container, web application, or batch processing.\n    #\n    # For more information and examples on the \"task\" stanza, please see\n    # the online documentation at:\n    #\n    #     https://www.nomadproject.io/docs/job-specification/task.html\n    #\n    task \"prod-task1-nginx\" {\n      # The \"driver\" parameter specifies the task driver that should be used to\n      # run the task.\n      driver = \"docker\"\n\n      # The \"config\" stanza specifies the driver configuration, which is passed\n      # directly to the driver to start the task. The details of configurations\n      # are specific to each driver, so please see specific driver\n      # documentation for more information.\n      config {\n        image        = \"nginx:stable\"\n        port_map {\n          https      = 443\n        }\n        privileged   = false\n        volumes      = [\n          \"/etc/consul.d/ssl/consul.pem:/etc/ssl/certs/nginx-cert.pem\",\n          \"/etc/consul.d/ssl/consul-key.pem:/etc/ssl/private/nginx-key.pem\",\n          \"custom/upstream.conf:/etc/nginx/conf.d/upstream.conf\",\n          \"custom/logs.conf:/etc/nginx/conf.d/logs.conf\",\n          \"custom/docs.conf:/etc/nginx/conf.d/docs.conf\"\n        ]\n      }\n\n      # The \"template\" stanza instructs Nomad to manage a template, such as\n      # a configuration file or script. This template can optionally pull data\n      # from Consul or Vault to populate runtime configuration data.\n      #\n      # For more information and examples on the \"template\" stanza, please see\n      # the online documentation at:\n      #\n      #     https://www.nomadproject.io/docs/job-specification/template.html\n      #\n      template {\n        data = \u003c\u003cEOH\n          upstream storage {\n            {{ range service \"storage\" }}\n              server {{ .Address }}:{{ .Port }};\n            {{ end }}\n          }\n        EOH\n        destination = \"custom/upstream.conf\"\n      }\n      template {\n        data = \u003c\u003cEOH\n          server {\n            listen 443 ssl default_server;\n            server_name logs.nginx.service.consul;\n            keepalive_timeout 70;\n            ssl_session_cache shared:SSL:10m;\n            ssl_session_timeout 10m;\n            ssl_protocols TLSv1.2;\n            ssl_prefer_server_ciphers on;\n            ssl_ciphers \"ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384\";\n            ssl_certificate /etc/ssl/certs/nginx-cert.pem;\n            ssl_certificate_key /etc/ssl/private/nginx-key.pem;\n            location / {\n              chunked_transfer_encoding off;\n              proxy_connect_timeout 300;\n              proxy_http_version 1.1;\n              proxy_set_header Host $host:$server_port;\n              proxy_set_header Connection \"\";\n              proxy_pass http://storage/logs.fd.io/;\n              server_name_in_redirect off;\n            }\n            location ~ (.*html.gz)$ {\n              add_header Content-Encoding gzip;\n              add_header Content-Type text/html;\n              chunked_transfer_encoding off;\n              proxy_connect_timeout 300;\n              proxy_http_version 1.1;\n              proxy_set_header Host $host:$server_port;\n              proxy_set_header Connection \"\";\n              proxy_pass http://storage/logs.fd.io/$1;\n              server_name_in_redirect off;\n            }\n            location ~ (.*txt.gz|.*log.gz)$ {\n              add_header Content-Encoding gzip;\n              add_header Content-Type text/plain;\n              chunked_transfer_encoding off;\n              proxy_connect_timeout 300;\n              proxy_http_version 1.1;\n              proxy_set_header Host $host:$server_port;\n              proxy_set_header Connection \"\";\n              proxy_pass http://storage/logs.fd.io/$1;\n              server_name_in_redirect off;\n            }\n            location ~ (.*xml.gz)$ {\n              add_header Content-Encoding gzip;\n              add_header Content-Type application/xml;\n              chunked_transfer_encoding off;\n              proxy_connect_timeout 300;\n              proxy_http_version 1.1;\n              proxy_set_header Host $host:$server_port;\n              proxy_set_header Connection \"\";\n              proxy_pass http://storage/logs.fd.io/$1;\n              server_name_in_redirect off;\n            }\n        }\n        EOH\n        destination = \"custom/logs.conf\"\n      }\n      template {\n        data = \u003c\u003cEOH\n          server {\n            listen 443 ssl;\n            server_name docs.nginx.service.consul;\n            keepalive_timeout 70;\n            ssl_session_cache shared:SSL:10m;\n            ssl_session_timeout 10m;\n            ssl_protocols TLSv1.2;\n            ssl_prefer_server_ciphers on;\n            ssl_ciphers \"ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384\";\n            ssl_certificate /etc/ssl/certs/nginx-cert.pem;\n            ssl_certificate_key /etc/ssl/private/nginx-key.pem;\n            location / {\n              chunked_transfer_encoding off;\n              proxy_connect_timeout 300;\n              proxy_http_version 1.1;\n              proxy_set_header Host $host:$server_port;\n              proxy_set_header Connection \"\";\n              proxy_pass http://storage/docs.fd.io/;\n              server_name_in_redirect off;\n            }\n          }\n        EOH\n        destination = \"custom/docs.conf\"\n      }\n\n      # The service stanza instructs Nomad to register a service with Consul.\n      #\n      # For more information and examples on the \"task\" stanza, please see\n      # the online documentation at:\n      #\n      #     https://www.nomadproject.io/docs/job-specification/service.html\n      #\n      service {\n        name       = \"nginx\"\n        port       = \"https\"\n        tags       = [ \"docs\", \"logs\" ]\n      }\n\n      # The \"resources\" stanza describes the requirements a task needs to\n      # execute. Resource requirements include memory, network, cpu, and more.\n      # This ensures the task will execute on a machine that contains enough\n      # resource capacity.\n      #\n      # For more information and examples on the \"resources\" stanza, please see\n      # the online documentation at:\n      #\n      #     https://www.nomadproject.io/docs/job-specification/resources.html\n      #\n      resources {\n        cpu        = 2000\n        memory     = 4096\n        network {\n          mode     = \"bridge\"\n          port \"https\" {\n            static = 443\n          }\n        }\n      }\n    }\n  }\n}",
-            "template": "job \"${job_name}\" {\n  # The \"region\" parameter specifies the region in which to execute the job.\n  # If omitted, this inherits the default region name of \"global\".\n  # region = \"global\"\n  #\n  # The \"datacenters\" parameter specifies the list of datacenters which should\n  # be considered when placing this task. This must be provided.\n  datacenters = \"${datacenters}\"\n\n  # The \"type\" parameter controls the type of job, which impacts the scheduler's\n  # decision on placement. This configuration is optional and defaults to\n  # \"service\". For a full list of job types and their differences, please see\n  # the online documentation.\n  #\n  # For more information, please see the online documentation at:\n  #\n  #     https://www.nomadproject.io/docs/jobspec/schedulers.html\n  #\n  type = \"service\"\n\n  update {\n    # The \"max_parallel\" parameter specifies the maximum number of updates to\n    # perform in parallel. In this case, this specifies to update a single task\n    # at a time.\n    max_parallel      = 0\n\n    # The \"min_healthy_time\" parameter specifies the minimum time the allocation\n    # must be in the healthy state before it is marked as healthy and unblocks\n    # further allocations from being updated.\n    min_healthy_time  = \"10s\"\n\n    # The \"healthy_deadline\" parameter specifies the deadline in which the\n    # allocation must be marked as healthy after which the allocation is\n    # automatically transitioned to unhealthy. Transitioning to unhealthy will\n    # fail the deployment and potentially roll back the job if \"auto_revert\" is\n    # set to true.\n    healthy_deadline  = \"3m\"\n\n    # The \"progress_deadline\" parameter specifies the deadline in which an\n    # allocation must be marked as healthy. The deadline begins when the first\n    # allocation for the deployment is created and is reset whenever an allocation\n    # as part of the deployment transitions to a healthy state. If no allocation\n    # transitions to the healthy state before the progress deadline, the\n    # deployment is marked as failed.\n    progress_deadline = \"10m\"\n\n    # The \"auto_revert\" parameter specifies if the job should auto-revert to the\n    # last stable job on deployment failure. A job is marked as stable if all the\n    # allocations as part of its deployment were marked healthy.\n    auto_revert       = false\n\n    # The \"canary\" parameter specifies that changes to the job that would result\n    # in destructive updates should create the specified number of canaries\n    # without stopping any previous allocations. Once the operator determines the\n    # canaries are healthy, they can be promoted which unblocks a rolling update\n    # of the remaining allocations at a rate of \"max_parallel\".\n    #\n    # Further, setting \"canary\" equal to the count of the task group allows\n    # blue/green deployments. When the job is updated, a full set of the new\n    # version is deployed and upon promotion the old version is stopped.\n    canary            = 0\n  }\n\n  # The reschedule stanza specifies the group's rescheduling strategy. If\n  # specified at the job level, the configuration will apply to all groups\n  # within the job. If the reschedule stanza is present on both the job and the\n  # group, they are merged with the group stanza taking the highest precedence\n  # and then the job.\n  reschedule {\n    delay             = \"30s\"\n    delay_function    = \"constant\"\n    unlimited         = true\n  }\n\n  # The \"group\" stanza defines a series of tasks that should be co-located on\n  # the same Nomad client. Any task within a group will be placed on the same\n  # client.\n  #\n  # For more information and examples on the \"group\" stanza, please see\n  # the online documentation at:\n  #\n  #     https://www.nomadproject.io/docs/job-specification/group.html\n  #\n  group \"prod-group1-nginx\" {\n    # The \"count\" parameter specifies the number of the task groups that should\n    # be running under this group. This value must be non-negative and defaults\n    # to 1.\n    count = 1\n\n    # https://www.nomadproject.io/docs/job-specification/volume\n    %{ if use_host_volume }\n    volume \"prod-volume1-nginx\" {\n      type      = \"host\"\n      read_only = false\n      source    = \"${host_volume}\"\n    }\n    %{ endif }\n\n    # The restart stanza configures a tasks's behavior on task failure. Restarts\n    # happen on the client that is running the task.\n    #\n    # https://www.nomadproject.io/docs/job-specification/restart\n    #\n    restart {\n      interval  = \"30m\"\n      attempts  = 40\n      delay     = \"15s\"\n      mode      = \"delay\"\n    }\n\n    # The \"task\" stanza creates an individual unit of work, such as a Docker\n    # container, web application, or batch processing.\n    #\n    # For more information and examples on the \"task\" stanza, please see\n    # the online documentation at:\n    #\n    #     https://www.nomadproject.io/docs/job-specification/task.html\n    #\n    task \"prod-task1-nginx\" {\n      # The \"driver\" parameter specifies the task driver that should be used to\n      # run the task.\n      driver = \"docker\"\n\n      # The \"config\" stanza specifies the driver configuration, which is passed\n      # directly to the driver to start the task. The details of configurations\n      # are specific to each driver, so please see specific driver\n      # documentation for more information.\n      config {\n        image        = \"nginx:stable\"\n        port_map {\n          https      = 443\n        }\n        privileged   = false\n        volumes      = [\n          \"/etc/consul.d/ssl/consul.pem:/etc/ssl/certs/nginx-cert.pem\",\n          \"/etc/consul.d/ssl/consul-key.pem:/etc/ssl/private/nginx-key.pem\",\n          \"custom/upstream.conf:/etc/nginx/conf.d/upstream.conf\",\n          \"custom/logs.conf:/etc/nginx/conf.d/logs.conf\",\n          \"custom/docs.conf:/etc/nginx/conf.d/docs.conf\"\n        ]\n      }\n\n      # The \"template\" stanza instructs Nomad to manage a template, such as\n      # a configuration file or script. This template can optionally pull data\n      # from Consul or Vault to populate runtime configuration data.\n      #\n      # For more information and examples on the \"template\" stanza, please see\n      # the online documentation at:\n      #\n      #     https://www.nomadproject.io/docs/job-specification/template.html\n      #\n      template {\n        data = \u003c\u003cEOH\n          upstream storage {\n            {{ range service \"storage\" }}\n              server {{ .Address }}:{{ .Port }};\n            {{ end }}\n          }\n        EOH\n        destination = \"custom/upstream.conf\"\n      }\n      template {\n        data = \u003c\u003cEOH\n          server {\n            listen 443 ssl default_server;\n            server_name logs.nginx.service.consul;\n            keepalive_timeout 70;\n            ssl_session_cache shared:SSL:10m;\n            ssl_session_timeout 10m;\n            ssl_protocols TLSv1.2;\n            ssl_prefer_server_ciphers on;\n            ssl_ciphers \"ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384\";\n            ssl_certificate /etc/ssl/certs/nginx-cert.pem;\n            ssl_certificate_key /etc/ssl/private/nginx-key.pem;\n            location / {\n              chunked_transfer_encoding off;\n              proxy_connect_timeout 300;\n              proxy_http_version 1.1;\n              proxy_set_header Host $host:$server_port;\n              proxy_set_header Connection \"\";\n              proxy_pass http://storage/logs.fd.io/;\n              server_name_in_redirect off;\n            }\n            location ~ (.*html.gz)$ {\n              add_header Content-Encoding gzip;\n              add_header Content-Type text/html;\n              chunked_transfer_encoding off;\n              proxy_connect_timeout 300;\n              proxy_http_version 1.1;\n              proxy_set_header Host $host:$server_port;\n              proxy_set_header Connection \"\";\n              proxy_pass http://storage/logs.fd.io/$1;\n              server_name_in_redirect off;\n            }\n            location ~ (.*txt.gz|.*log.gz)$ {\n              add_header Content-Encoding gzip;\n              add_header Content-Type text/plain;\n              chunked_transfer_encoding off;\n              proxy_connect_timeout 300;\n              proxy_http_version 1.1;\n              proxy_set_header Host $host:$server_port;\n              proxy_set_header Connection \"\";\n              proxy_pass http://storage/logs.fd.io/$1;\n              server_name_in_redirect off;\n            }\n            location ~ (.*xml.gz)$ {\n              add_header Content-Encoding gzip;\n              add_header Content-Type application/xml;\n              chunked_transfer_encoding off;\n              proxy_connect_timeout 300;\n              proxy_http_version 1.1;\n              proxy_set_header Host $host:$server_port;\n              proxy_set_header Connection \"\";\n              proxy_pass http://storage/logs.fd.io/$1;\n              server_name_in_redirect off;\n            }\n        }\n        EOH\n        destination = \"custom/logs.conf\"\n      }\n      template {\n        data = \u003c\u003cEOH\n          server {\n            listen 443 ssl;\n            server_name docs.nginx.service.consul;\n            keepalive_timeout 70;\n            ssl_session_cache shared:SSL:10m;\n            ssl_session_timeout 10m;\n            ssl_protocols TLSv1.2;\n            ssl_prefer_server_ciphers on;\n            ssl_ciphers \"ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384\";\n            ssl_certificate /etc/ssl/certs/nginx-cert.pem;\n            ssl_certificate_key /etc/ssl/private/nginx-key.pem;\n            location / {\n              chunked_transfer_encoding off;\n              proxy_connect_timeout 300;\n              proxy_http_version 1.1;\n              proxy_set_header Host $host:$server_port;\n              proxy_set_header Connection \"\";\n              proxy_pass http://storage/docs.fd.io/;\n              server_name_in_redirect off;\n            }\n          }\n        EOH\n        destination = \"custom/docs.conf\"\n      }\n\n      # The service stanza instructs Nomad to register a service with Consul.\n      #\n      # For more information and examples on the \"task\" stanza, please see\n      # the online documentation at:\n      #\n      #     https://www.nomadproject.io/docs/job-specification/service.html\n      #\n      service {\n        name       = \"nginx\"\n        port       = \"https\"\n        tags       = [ \"docs\", \"logs\" ]\n      }\n\n      # The \"resources\" stanza describes the requirements a task needs to\n      # execute. Resource requirements include memory, network, cpu, and more.\n      # This ensures the task will execute on a machine that contains enough\n      # resource capacity.\n      #\n      # For more information and examples on the \"resources\" stanza, please see\n      # the online documentation at:\n      #\n      #     https://www.nomadproject.io/docs/job-specification/resources.html\n      #\n      resources {\n        cpu        = 2000\n        memory     = 4096\n        network {\n          mode     = \"bridge\"\n          port \"https\" {\n            static = 443\n          }\n        }\n      }\n    }\n  }\n}",
+            "id": "70bf6c25655c0506a3f1a3946c114216b977c39241f495ef56ef0c07b888e8bc",
+            "rendered": "job \"prod-nginx\" {\n  # The \"region\" parameter specifies the region in which to execute the job.\n  # If omitted, this inherits the default region name of \"global\".\n  # region = \"global\"\n  #\n  # The \"datacenters\" parameter specifies the list of datacenters which should\n  # be considered when placing this task. This must be provided.\n  datacenters = \"yul1\"\n\n  # The \"type\" parameter controls the type of job, which impacts the scheduler's\n  # decision on placement. This configuration is optional and defaults to\n  # \"service\". For a full list of job types and their differences, please see\n  # the online documentation.\n  #\n  # For more information, please see the online documentation at:\n  #\n  #     https://www.nomadproject.io/docs/jobspec/schedulers.html\n  #\n  type = \"service\"\n\n  update {\n    # The \"max_parallel\" parameter specifies the maximum number of updates to\n    # perform in parallel. In this case, this specifies to update a single task\n    # at a time.\n    max_parallel      = 0\n\n    # The \"min_healthy_time\" parameter specifies the minimum time the allocation\n    # must be in the healthy state before it is marked as healthy and unblocks\n    # further allocations from being updated.\n    min_healthy_time  = \"10s\"\n\n    # The \"healthy_deadline\" parameter specifies the deadline in which the\n    # allocation must be marked as healthy after which the allocation is\n    # automatically transitioned to unhealthy. Transitioning to unhealthy will\n    # fail the deployment and potentially roll back the job if \"auto_revert\" is\n    # set to true.\n    healthy_deadline  = \"3m\"\n\n    # The \"progress_deadline\" parameter specifies the deadline in which an\n    # allocation must be marked as healthy. The deadline begins when the first\n    # allocation for the deployment is created and is reset whenever an allocation\n    # as part of the deployment transitions to a healthy state. If no allocation\n    # transitions to the healthy state before the progress deadline, the\n    # deployment is marked as failed.\n    progress_deadline = \"10m\"\n\n    # The \"auto_revert\" parameter specifies if the job should auto-revert to the\n    # last stable job on deployment failure. A job is marked as stable if all the\n    # allocations as part of its deployment were marked healthy.\n    auto_revert       = false\n\n    # The \"canary\" parameter specifies that changes to the job that would result\n    # in destructive updates should create the specified number of canaries\n    # without stopping any previous allocations. Once the operator determines the\n    # canaries are healthy, they can be promoted which unblocks a rolling update\n    # of the remaining allocations at a rate of \"max_parallel\".\n    #\n    # Further, setting \"canary\" equal to the count of the task group allows\n    # blue/green deployments. When the job is updated, a full set of the new\n    # version is deployed and upon promotion the old version is stopped.\n    canary            = 0\n  }\n\n  # The reschedule stanza specifies the group's rescheduling strategy. If\n  # specified at the job level, the configuration will apply to all groups\n  # within the job. If the reschedule stanza is present on both the job and the\n  # group, they are merged with the group stanza taking the highest precedence\n  # and then the job.\n  reschedule {\n    delay             = \"30s\"\n    delay_function    = \"constant\"\n    unlimited         = true\n  }\n\n  # The \"group\" stanza defines a series of tasks that should be co-located on\n  # the same Nomad client. Any task within a group will be placed on the same\n  # client.\n  #\n  # For more information and examples on the \"group\" stanza, please see\n  # the online documentation at:\n  #\n  #     https://www.nomadproject.io/docs/job-specification/group.html\n  #\n  group \"prod-group1-nginx\" {\n    # The \"count\" parameter specifies the number of the task groups that should\n    # be running under this group. This value must be non-negative and defaults\n    # to 1.\n    count = 1\n\n    # https://www.nomadproject.io/docs/job-specification/volume\n    \n    volume \"prod-volume1-nginx\" {\n      type      = \"host\"\n      read_only = false\n      source    = \"prod-volume-data1-1\"\n    }\n    \n\n    # The restart stanza configures a tasks's behavior on task failure. Restarts\n    # happen on the client that is running the task.\n    #\n    # https://www.nomadproject.io/docs/job-specification/restart\n    #\n    restart {\n      interval  = \"30m\"\n      attempts  = 40\n      delay     = \"15s\"\n      mode      = \"delay\"\n    }\n\n    # The \"task\" stanza creates an individual unit of work, such as a Docker\n    # container, web application, or batch processing.\n    #\n    # For more information and examples on the \"task\" stanza, please see\n    # the online documentation at:\n    #\n    #     https://www.nomadproject.io/docs/job-specification/task.html\n    #\n    task \"prod-task1-nginx\" {\n      # The \"driver\" parameter specifies the task driver that should be used to\n      # run the task.\n      driver = \"docker\"\n\n      # The \"config\" stanza specifies the driver configuration, which is passed\n      # directly to the driver to start the task. The details of configurations\n      # are specific to each driver, so please see specific driver\n      # documentation for more information.\n      config {\n        image        = \"nginx:stable\"\n        port_map {\n          https      = 443\n        }\n        privileged   = false\n        volumes      = [\n          \"/etc/ssl/certs/docs.nginx.service.consul.crt:/etc/ssl/certs/docs.nginx.service.consul.crt\",\n          \"/etc/ssl/certs/docs.nginx.service.consul.key:/etc/ssl/certs/docs.nginx.service.consul.key\",\n          \"/etc/ssl/certs/logs.nginx.service.consul.crt:/etc/ssl/certs/logs.nginx.service.consul.crt\",\n          \"/etc/ssl/certs/logs.nginx.service.consul.key:/etc/ssl/certs/logs.nginx.service.consul.key\",\n          \"custom/upstream.conf:/etc/nginx/conf.d/upstream.conf\",\n          \"custom/logs.conf:/etc/nginx/conf.d/logs.conf\",\n          \"custom/docs.conf:/etc/nginx/conf.d/docs.conf\"\n        ]\n      }\n\n      # The \"template\" stanza instructs Nomad to manage a template, such as\n      # a configuration file or script. This template can optionally pull data\n      # from Consul or Vault to populate runtime configuration data.\n      #\n      # For more information and examples on the \"template\" stanza, please see\n      # the online documentation at:\n      #\n      #     https://www.nomadproject.io/docs/job-specification/template.html\n      #\n      template {\n        data = \u003c\u003cEOH\n          upstream storage {\n            {{ range service \"storage\" }}\n              server {{ .Address }}:{{ .Port }};\n            {{ end }}\n          }\n        EOH\n        destination = \"custom/upstream.conf\"\n      }\n      template {\n        data = \u003c\u003cEOH\n          server {\n            listen 443 ssl default_server;\n            server_name logs.nginx.service.consul;\n            keepalive_timeout 70;\n            ssl_session_cache shared:SSL:10m;\n            ssl_session_timeout 10m;\n            ssl_protocols TLSv1.2;\n            ssl_prefer_server_ciphers on;\n            ssl_ciphers \"ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384\";\n            ssl_certificate /etc/ssl/certs/logs.nginx.service.consul.crt;\n            ssl_certificate_key /etc/ssl/certs/logs.nginx.service.consul.key;\n            location / {\n              chunked_transfer_encoding off;\n              proxy_connect_timeout 300;\n              proxy_http_version 1.1;\n              proxy_set_header Host $host:$server_port;\n              proxy_set_header Connection \"\";\n              proxy_pass http://storage/logs.fd.io/;\n              server_name_in_redirect off;\n            }\n            location ~ (.*html.gz)$ {\n              add_header Content-Encoding gzip;\n              add_header Content-Type text/html;\n              chunked_transfer_encoding off;\n              proxy_connect_timeout 300;\n              proxy_http_version 1.1;\n              proxy_set_header Host $host:$server_port;\n              proxy_set_header Connection \"\";\n              proxy_pass http://storage/logs.fd.io/$1;\n              server_name_in_redirect off;\n            }\n            location ~ (.*txt.gz|.*log.gz)$ {\n              add_header Content-Encoding gzip;\n              add_header Content-Type text/plain;\n              chunked_transfer_encoding off;\n              proxy_connect_timeout 300;\n              proxy_http_version 1.1;\n              proxy_set_header Host $host:$server_port;\n              proxy_set_header Connection \"\";\n              proxy_pass http://storage/logs.fd.io/$1;\n              server_name_in_redirect off;\n            }\n            location ~ (.*xml.gz)$ {\n              add_header Content-Encoding gzip;\n              add_header Content-Type application/xml;\n              chunked_transfer_encoding off;\n              proxy_connect_timeout 300;\n              proxy_http_version 1.1;\n              proxy_set_header Host $host:$server_port;\n              proxy_set_header Connection \"\";\n              proxy_pass http://storage/logs.fd.io/$1;\n              server_name_in_redirect off;\n            }\n        }\n        EOH\n        destination = \"custom/logs.conf\"\n      }\n      template {\n        data = \u003c\u003cEOH\n          server {\n            listen 443 ssl;\n            server_name docs.nginx.service.consul;\n            keepalive_timeout 70;\n            ssl_session_cache shared:SSL:10m;\n            ssl_session_timeout 10m;\n            ssl_protocols TLSv1.2;\n            ssl_prefer_server_ciphers on;\n            ssl_ciphers \"ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384\";\n            ssl_certificate /etc/ssl/certs/docs.nginx.service.consul.crt;\n            ssl_certificate_key /etc/ssl/certs/docs.nginx.service.consul.key;\n            location / {\n              chunked_transfer_encoding off;\n              proxy_connect_timeout 300;\n              proxy_http_version 1.1;\n              proxy_set_header Host $host:$server_port;\n              proxy_set_header Connection \"\";\n              proxy_pass http://storage/docs.fd.io/;\n              server_name_in_redirect off;\n            }\n          }\n        EOH\n        destination = \"custom/docs.conf\"\n      }\n\n      # The service stanza instructs Nomad to register a service with Consul.\n      #\n      # For more information and examples on the \"task\" stanza, please see\n      # the online documentation at:\n      #\n      #     https://www.nomadproject.io/docs/job-specification/service.html\n      #\n      service {\n        name       = \"nginx\"\n        port       = \"https\"\n        tags       = [ \"docs\", \"logs\" ]\n      }\n\n      # The \"resources\" stanza describes the requirements a task needs to\n      # execute. Resource requirements include memory, network, cpu, and more.\n      # This ensures the task will execute on a machine that contains enough\n      # resource capacity.\n      #\n      # For more information and examples on the \"resources\" stanza, please see\n      # the online documentation at:\n      #\n      #     https://www.nomadproject.io/docs/job-specification/resources.html\n      #\n      resources {\n        cpu        = 2000\n        memory     = 4096\n        network {\n          mode     = \"bridge\"\n          port \"https\" {\n            static = 443\n          }\n        }\n      }\n    }\n  }\n}",
+            "template": "job \"${job_name}\" {\n  # The \"region\" parameter specifies the region in which to execute the job.\n  # If omitted, this inherits the default region name of \"global\".\n  # region = \"global\"\n  #\n  # The \"datacenters\" parameter specifies the list of datacenters which should\n  # be considered when placing this task. This must be provided.\n  datacenters = \"${datacenters}\"\n\n  # The \"type\" parameter controls the type of job, which impacts the scheduler's\n  # decision on placement. This configuration is optional and defaults to\n  # \"service\". For a full list of job types and their differences, please see\n  # the online documentation.\n  #\n  # For more information, please see the online documentation at:\n  #\n  #     https://www.nomadproject.io/docs/jobspec/schedulers.html\n  #\n  type = \"service\"\n\n  update {\n    # The \"max_parallel\" parameter specifies the maximum number of updates to\n    # perform in parallel. In this case, this specifies to update a single task\n    # at a time.\n    max_parallel      = 0\n\n    # The \"min_healthy_time\" parameter specifies the minimum time the allocation\n    # must be in the healthy state before it is marked as healthy and unblocks\n    # further allocations from being updated.\n    min_healthy_time  = \"10s\"\n\n    # The \"healthy_deadline\" parameter specifies the deadline in which the\n    # allocation must be marked as healthy after which the allocation is\n    # automatically transitioned to unhealthy. Transitioning to unhealthy will\n    # fail the deployment and potentially roll back the job if \"auto_revert\" is\n    # set to true.\n    healthy_deadline  = \"3m\"\n\n    # The \"progress_deadline\" parameter specifies the deadline in which an\n    # allocation must be marked as healthy. The deadline begins when the first\n    # allocation for the deployment is created and is reset whenever an allocation\n    # as part of the deployment transitions to a healthy state. If no allocation\n    # transitions to the healthy state before the progress deadline, the\n    # deployment is marked as failed.\n    progress_deadline = \"10m\"\n\n    # The \"auto_revert\" parameter specifies if the job should auto-revert to the\n    # last stable job on deployment failure. A job is marked as stable if all the\n    # allocations as part of its deployment were marked healthy.\n    auto_revert       = false\n\n    # The \"canary\" parameter specifies that changes to the job that would result\n    # in destructive updates should create the specified number of canaries\n    # without stopping any previous allocations. Once the operator determines the\n    # canaries are healthy, they can be promoted which unblocks a rolling update\n    # of the remaining allocations at a rate of \"max_parallel\".\n    #\n    # Further, setting \"canary\" equal to the count of the task group allows\n    # blue/green deployments. When the job is updated, a full set of the new\n    # version is deployed and upon promotion the old version is stopped.\n    canary            = 0\n  }\n\n  # The reschedule stanza specifies the group's rescheduling strategy. If\n  # specified at the job level, the configuration will apply to all groups\n  # within the job. If the reschedule stanza is present on both the job and the\n  # group, they are merged with the group stanza taking the highest precedence\n  # and then the job.\n  reschedule {\n    delay             = \"30s\"\n    delay_function    = \"constant\"\n    unlimited         = true\n  }\n\n  # The \"group\" stanza defines a series of tasks that should be co-located on\n  # the same Nomad client. Any task within a group will be placed on the same\n  # client.\n  #\n  # For more information and examples on the \"group\" stanza, please see\n  # the online documentation at:\n  #\n  #     https://www.nomadproject.io/docs/job-specification/group.html\n  #\n  group \"prod-group1-nginx\" {\n    # The \"count\" parameter specifies the number of the task groups that should\n    # be running under this group. This value must be non-negative and defaults\n    # to 1.\n    count = 1\n\n    # https://www.nomadproject.io/docs/job-specification/volume\n    %{ if use_host_volume }\n    volume \"prod-volume1-nginx\" {\n      type      = \"host\"\n      read_only = false\n      source    = \"${host_volume}\"\n    }\n    %{ endif }\n\n    # The restart stanza configures a tasks's behavior on task failure. Restarts\n    # happen on the client that is running the task.\n    #\n    # https://www.nomadproject.io/docs/job-specification/restart\n    #\n    restart {\n      interval  = \"30m\"\n      attempts  = 40\n      delay     = \"15s\"\n      mode      = \"delay\"\n    }\n\n    # The \"task\" stanza creates an individual unit of work, such as a Docker\n    # container, web application, or batch processing.\n    #\n    # For more information and examples on the \"task\" stanza, please see\n    # the online documentation at:\n    #\n    #     https://www.nomadproject.io/docs/job-specification/task.html\n    #\n    task \"prod-task1-nginx\" {\n      # The \"driver\" parameter specifies the task driver that should be used to\n      # run the task.\n      driver = \"docker\"\n\n      # The \"config\" stanza specifies the driver configuration, which is passed\n      # directly to the driver to start the task. The details of configurations\n      # are specific to each driver, so please see specific driver\n      # documentation for more information.\n      config {\n        image        = \"nginx:stable\"\n        port_map {\n          https      = 443\n        }\n        privileged   = false\n        volumes      = [\n          \"/etc/ssl/certs/docs.nginx.service.consul.crt:/etc/ssl/certs/docs.nginx.service.consul.crt\",\n          \"/etc/ssl/certs/docs.nginx.service.consul.key:/etc/ssl/certs/docs.nginx.service.consul.key\",\n          \"/etc/ssl/certs/logs.nginx.service.consul.crt:/etc/ssl/certs/logs.nginx.service.consul.crt\",\n          \"/etc/ssl/certs/logs.nginx.service.consul.key:/etc/ssl/certs/logs.nginx.service.consul.key\",\n          \"custom/upstream.conf:/etc/nginx/conf.d/upstream.conf\",\n          \"custom/logs.conf:/etc/nginx/conf.d/logs.conf\",\n          \"custom/docs.conf:/etc/nginx/conf.d/docs.conf\"\n        ]\n      }\n\n      # The \"template\" stanza instructs Nomad to manage a template, such as\n      # a configuration file or script. This template can optionally pull data\n      # from Consul or Vault to populate runtime configuration data.\n      #\n      # For more information and examples on the \"template\" stanza, please see\n      # the online documentation at:\n      #\n      #     https://www.nomadproject.io/docs/job-specification/template.html\n      #\n      template {\n        data = \u003c\u003cEOH\n          upstream storage {\n            {{ range service \"storage\" }}\n              server {{ .Address }}:{{ .Port }};\n            {{ end }}\n          }\n        EOH\n        destination = \"custom/upstream.conf\"\n      }\n      template {\n        data = \u003c\u003cEOH\n          server {\n            listen 443 ssl default_server;\n            server_name logs.nginx.service.consul;\n            keepalive_timeout 70;\n            ssl_session_cache shared:SSL:10m;\n            ssl_session_timeout 10m;\n            ssl_protocols TLSv1.2;\n            ssl_prefer_server_ciphers on;\n            ssl_ciphers \"ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384\";\n            ssl_certificate /etc/ssl/certs/logs.nginx.service.consul.crt;\n            ssl_certificate_key /etc/ssl/certs/logs.nginx.service.consul.key;\n            location / {\n              chunked_transfer_encoding off;\n              proxy_connect_timeout 300;\n              proxy_http_version 1.1;\n              proxy_set_header Host $host:$server_port;\n              proxy_set_header Connection \"\";\n              proxy_pass http://storage/logs.fd.io/;\n              server_name_in_redirect off;\n            }\n            location ~ (.*html.gz)$ {\n              add_header Content-Encoding gzip;\n              add_header Content-Type text/html;\n              chunked_transfer_encoding off;\n              proxy_connect_timeout 300;\n              proxy_http_version 1.1;\n              proxy_set_header Host $host:$server_port;\n              proxy_set_header Connection \"\";\n              proxy_pass http://storage/logs.fd.io/$1;\n              server_name_in_redirect off;\n            }\n            location ~ (.*txt.gz|.*log.gz)$ {\n              add_header Content-Encoding gzip;\n              add_header Content-Type text/plain;\n              chunked_transfer_encoding off;\n              proxy_connect_timeout 300;\n              proxy_http_version 1.1;\n              proxy_set_header Host $host:$server_port;\n              proxy_set_header Connection \"\";\n              proxy_pass http://storage/logs.fd.io/$1;\n              server_name_in_redirect off;\n            }\n            location ~ (.*xml.gz)$ {\n              add_header Content-Encoding gzip;\n              add_header Content-Type application/xml;\n              chunked_transfer_encoding off;\n              proxy_connect_timeout 300;\n              proxy_http_version 1.1;\n              proxy_set_header Host $host:$server_port;\n              proxy_set_header Connection \"\";\n              proxy_pass http://storage/logs.fd.io/$1;\n              server_name_in_redirect off;\n            }\n        }\n        EOH\n        destination = \"custom/logs.conf\"\n      }\n      template {\n        data = \u003c\u003cEOH\n          server {\n            listen 443 ssl;\n            server_name docs.nginx.service.consul;\n            keepalive_timeout 70;\n            ssl_session_cache shared:SSL:10m;\n            ssl_session_timeout 10m;\n            ssl_protocols TLSv1.2;\n            ssl_prefer_server_ciphers on;\n            ssl_ciphers \"ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384\";\n            ssl_certificate /etc/ssl/certs/docs.nginx.service.consul.crt;\n            ssl_certificate_key /etc/ssl/certs/docs.nginx.service.consul.key;\n            location / {\n              chunked_transfer_encoding off;\n              proxy_connect_timeout 300;\n              proxy_http_version 1.1;\n              proxy_set_header Host $host:$server_port;\n              proxy_set_header Connection \"\";\n              proxy_pass http://storage/docs.fd.io/;\n              server_name_in_redirect off;\n            }\n          }\n        EOH\n        destination = \"custom/docs.conf\"\n      }\n\n      # The service stanza instructs Nomad to register a service with Consul.\n      #\n      # For more information and examples on the \"task\" stanza, please see\n      # the online documentation at:\n      #\n      #     https://www.nomadproject.io/docs/job-specification/service.html\n      #\n      service {\n        name       = \"nginx\"\n        port       = \"https\"\n        tags       = [ \"docs\", \"logs\" ]\n      }\n\n      # The \"resources\" stanza describes the requirements a task needs to\n      # execute. Resource requirements include memory, network, cpu, and more.\n      # This ensures the task will execute on a machine that contains enough\n      # resource capacity.\n      #\n      # For more information and examples on the \"resources\" stanza, please see\n      # the online documentation at:\n      #\n      #     https://www.nomadproject.io/docs/job-specification/resources.html\n      #\n      resources {\n        cpu        = 2000\n        memory     = 4096\n        network {\n          mode     = \"bridge\"\n          port \"https\" {\n            static = 443\n          }\n        }\n      }\n    }\n  }\n}",
             "vars": {
               "datacenters": "yul1",
               "host_volume": "prod-volume-data1-1",
@@ -368,7 +367,10 @@
           "schema_version": 0,
           "attributes": {
             "allocation_ids": [
-              "12b59783-7f42-d57a-f17f-5811224f8bdf"
+              "99dab0de-0e97-4ad8-56eb-ffdd062ef656",
+              "2a22caca-680f-d551-8d33-a236a446ecd7",
+              "7542b5ec-2690-6e2c-16de-e93ff5fddb7a",
+              "e5dd038d-ac82-49d9-24c0-338460688136"
             ],
             "datacenters": [
               "yul1"
@@ -379,9 +381,9 @@
             "deregister_on_id_change": true,
             "detach": false,
             "id": "prod-nginx",
-            "jobspec": "job \"prod-nginx\" {\n  # The \"region\" parameter specifies the region in which to execute the job.\n  # If omitted, this inherits the default region name of \"global\".\n  # region = \"global\"\n  #\n  # The \"datacenters\" parameter specifies the list of datacenters which should\n  # be considered when placing this task. This must be provided.\n  datacenters = \"yul1\"\n\n  # The \"type\" parameter controls the type of job, which impacts the scheduler's\n  # decision on placement. This configuration is optional and defaults to\n  # \"service\". For a full list of job types and their differences, please see\n  # the online documentation.\n  #\n  # For more information, please see the online documentation at:\n  #\n  #     https://www.nomadproject.io/docs/jobspec/schedulers.html\n  #\n  type = \"service\"\n\n  update {\n    # The \"max_parallel\" parameter specifies the maximum number of updates to\n    # perform in parallel. In this case, this specifies to update a single task\n    # at a time.\n    max_parallel      = 0\n\n    # The \"min_healthy_time\" parameter specifies the minimum time the allocation\n    # must be in the healthy state before it is marked as healthy and unblocks\n    # further allocations from being updated.\n    min_healthy_time  = \"10s\"\n\n    # The \"healthy_deadline\" parameter specifies the deadline in which the\n    # allocation must be marked as healthy after which the allocation is\n    # automatically transitioned to unhealthy. Transitioning to unhealthy will\n    # fail the deployment and potentially roll back the job if \"auto_revert\" is\n    # set to true.\n    healthy_deadline  = \"3m\"\n\n    # The \"progress_deadline\" parameter specifies the deadline in which an\n    # allocation must be marked as healthy. The deadline begins when the first\n    # allocation for the deployment is created and is reset whenever an allocation\n    # as part of the deployment transitions to a healthy state. If no allocation\n    # transitions to the healthy state before the progress deadline, the\n    # deployment is marked as failed.\n    progress_deadline = \"10m\"\n\n    # The \"auto_revert\" parameter specifies if the job should auto-revert to the\n    # last stable job on deployment failure. A job is marked as stable if all the\n    # allocations as part of its deployment were marked healthy.\n    auto_revert       = false\n\n    # The \"canary\" parameter specifies that changes to the job that would result\n    # in destructive updates should create the specified number of canaries\n    # without stopping any previous allocations. Once the operator determines the\n    # canaries are healthy, they can be promoted which unblocks a rolling update\n    # of the remaining allocations at a rate of \"max_parallel\".\n    #\n    # Further, setting \"canary\" equal to the count of the task group allows\n    # blue/green deployments. When the job is updated, a full set of the new\n    # version is deployed and upon promotion the old version is stopped.\n    canary            = 0\n  }\n\n  # The reschedule stanza specifies the group's rescheduling strategy. If\n  # specified at the job level, the configuration will apply to all groups\n  # within the job. If the reschedule stanza is present on both the job and the\n  # group, they are merged with the group stanza taking the highest precedence\n  # and then the job.\n  reschedule {\n    delay             = \"30s\"\n    delay_function    = \"constant\"\n    unlimited         = true\n  }\n\n  # The \"group\" stanza defines a series of tasks that should be co-located on\n  # the same Nomad client. Any task within a group will be placed on the same\n  # client.\n  #\n  # For more information and examples on the \"group\" stanza, please see\n  # the online documentation at:\n  #\n  #     https://www.nomadproject.io/docs/job-specification/group.html\n  #\n  group \"prod-group1-nginx\" {\n    # The \"count\" parameter specifies the number of the task groups that should\n    # be running under this group. This value must be non-negative and defaults\n    # to 1.\n    count = 1\n\n    # https://www.nomadproject.io/docs/job-specification/volume\n    \n    volume \"prod-volume1-nginx\" {\n      type      = \"host\"\n      read_only = false\n      source    = \"prod-volume-data1-1\"\n    }\n    \n\n    # The restart stanza configures a tasks's behavior on task failure. Restarts\n    # happen on the client that is running the task.\n    #\n    # https://www.nomadproject.io/docs/job-specification/restart\n    #\n    restart {\n      interval  = \"30m\"\n      attempts  = 40\n      delay     = \"15s\"\n      mode      = \"delay\"\n    }\n\n    # The \"task\" stanza creates an individual unit of work, such as a Docker\n    # container, web application, or batch processing.\n    #\n    # For more information and examples on the \"task\" stanza, please see\n    # the online documentation at:\n    #\n    #     https://www.nomadproject.io/docs/job-specification/task.html\n    #\n    task \"prod-task1-nginx\" {\n      # The \"driver\" parameter specifies the task driver that should be used to\n      # run the task.\n      driver = \"docker\"\n\n      # The \"config\" stanza specifies the driver configuration, which is passed\n      # directly to the driver to start the task. The details of configurations\n      # are specific to each driver, so please see specific driver\n      # documentation for more information.\n      config {\n        image        = \"nginx:stable\"\n        port_map {\n          https      = 443\n        }\n        privileged   = false\n        volumes      = [\n          \"/etc/consul.d/ssl/consul.pem:/etc/ssl/certs/nginx-cert.pem\",\n          \"/etc/consul.d/ssl/consul-key.pem:/etc/ssl/private/nginx-key.pem\",\n          \"custom/upstream.conf:/etc/nginx/conf.d/upstream.conf\",\n          \"custom/logs.conf:/etc/nginx/conf.d/logs.conf\",\n          \"custom/docs.conf:/etc/nginx/conf.d/docs.conf\"\n        ]\n      }\n\n      # The \"template\" stanza instructs Nomad to manage a template, such as\n      # a configuration file or script. This template can optionally pull data\n      # from Consul or Vault to populate runtime configuration data.\n      #\n      # For more information and examples on the \"template\" stanza, please see\n      # the online documentation at:\n      #\n      #     https://www.nomadproject.io/docs/job-specification/template.html\n      #\n      template {\n        data = \u003c\u003cEOH\n          upstream storage {\n            {{ range service \"storage\" }}\n              server {{ .Address }}:{{ .Port }};\n            {{ end }}\n          }\n        EOH\n        destination = \"custom/upstream.conf\"\n      }\n      template {\n        data = \u003c\u003cEOH\n          server {\n            listen 443 ssl default_server;\n            server_name logs.nginx.service.consul;\n            keepalive_timeout 70;\n            ssl_session_cache shared:SSL:10m;\n            ssl_session_timeout 10m;\n            ssl_protocols TLSv1.2;\n            ssl_prefer_server_ciphers on;\n            ssl_ciphers \"ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384\";\n            ssl_certificate /etc/ssl/certs/nginx-cert.pem;\n            ssl_certificate_key /etc/ssl/private/nginx-key.pem;\n            location / {\n              chunked_transfer_encoding off;\n              proxy_connect_timeout 300;\n              proxy_http_version 1.1;\n              proxy_set_header Host $host:$server_port;\n              proxy_set_header Connection \"\";\n              proxy_pass http://storage/logs.fd.io/;\n              server_name_in_redirect off;\n            }\n            location ~ (.*html.gz)$ {\n              add_header Content-Encoding gzip;\n              add_header Content-Type text/html;\n              chunked_transfer_encoding off;\n              proxy_connect_timeout 300;\n              proxy_http_version 1.1;\n              proxy_set_header Host $host:$server_port;\n              proxy_set_header Connection \"\";\n              proxy_pass http://storage/logs.fd.io/$1;\n              server_name_in_redirect off;\n            }\n            location ~ (.*txt.gz|.*log.gz)$ {\n              add_header Content-Encoding gzip;\n              add_header Content-Type text/plain;\n              chunked_transfer_encoding off;\n              proxy_connect_timeout 300;\n              proxy_http_version 1.1;\n              proxy_set_header Host $host:$server_port;\n              proxy_set_header Connection \"\";\n              proxy_pass http://storage/logs.fd.io/$1;\n              server_name_in_redirect off;\n            }\n            location ~ (.*xml.gz)$ {\n              add_header Content-Encoding gzip;\n              add_header Content-Type application/xml;\n              chunked_transfer_encoding off;\n              proxy_connect_timeout 300;\n              proxy_http_version 1.1;\n              proxy_set_header Host $host:$server_port;\n              proxy_set_header Connection \"\";\n              proxy_pass http://storage/logs.fd.io/$1;\n              server_name_in_redirect off;\n            }\n        }\n        EOH\n        destination = \"custom/logs.conf\"\n      }\n      template {\n        data = \u003c\u003cEOH\n          server {\n            listen 443 ssl;\n            server_name docs.nginx.service.consul;\n            keepalive_timeout 70;\n            ssl_session_cache shared:SSL:10m;\n            ssl_session_timeout 10m;\n            ssl_protocols TLSv1.2;\n            ssl_prefer_server_ciphers on;\n            ssl_ciphers \"ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384\";\n            ssl_certificate /etc/ssl/certs/nginx-cert.pem;\n            ssl_certificate_key /etc/ssl/private/nginx-key.pem;\n            location / {\n              chunked_transfer_encoding off;\n              proxy_connect_timeout 300;\n              proxy_http_version 1.1;\n              proxy_set_header Host $host:$server_port;\n              proxy_set_header Connection \"\";\n              proxy_pass http://storage/docs.fd.io/;\n              server_name_in_redirect off;\n            }\n          }\n        EOH\n        destination = \"custom/docs.conf\"\n      }\n\n      # The service stanza instructs Nomad to register a service with Consul.\n      #\n      # For more information and examples on the \"task\" stanza, please see\n      # the online documentation at:\n      #\n      #     https://www.nomadproject.io/docs/job-specification/service.html\n      #\n      service {\n        name       = \"nginx\"\n        port       = \"https\"\n        tags       = [ \"docs\", \"logs\" ]\n      }\n\n      # The \"resources\" stanza describes the requirements a task needs to\n      # execute. Resource requirements include memory, network, cpu, and more.\n      # This ensures the task will execute on a machine that contains enough\n      # resource capacity.\n      #\n      # For more information and examples on the \"resources\" stanza, please see\n      # the online documentation at:\n      #\n      #     https://www.nomadproject.io/docs/job-specification/resources.html\n      #\n      resources {\n        cpu        = 2000\n        memory     = 4096\n        network {\n          mode     = \"bridge\"\n          port \"https\" {\n            static = 443\n          }\n        }\n      }\n    }\n  }\n}",
+            "jobspec": "job \"prod-nginx\" {\n  # The \"region\" parameter specifies the region in which to execute the job.\n  # If omitted, this inherits the default region name of \"global\".\n  # region = \"global\"\n  #\n  # The \"datacenters\" parameter specifies the list of datacenters which should\n  # be considered when placing this task. This must be provided.\n  datacenters = \"yul1\"\n\n  # The \"type\" parameter controls the type of job, which impacts the scheduler's\n  # decision on placement. This configuration is optional and defaults to\n  # \"service\". For a full list of job types and their differences, please see\n  # the online documentation.\n  #\n  # For more information, please see the online documentation at:\n  #\n  #     https://www.nomadproject.io/docs/jobspec/schedulers.html\n  #\n  type = \"service\"\n\n  update {\n    # The \"max_parallel\" parameter specifies the maximum number of updates to\n    # perform in parallel. In this case, this specifies to update a single task\n    # at a time.\n    max_parallel      = 0\n\n    # The \"min_healthy_time\" parameter specifies the minimum time the allocation\n    # must be in the healthy state before it is marked as healthy and unblocks\n    # further allocations from being updated.\n    min_healthy_time  = \"10s\"\n\n    # The \"healthy_deadline\" parameter specifies the deadline in which the\n    # allocation must be marked as healthy after which the allocation is\n    # automatically transitioned to unhealthy. Transitioning to unhealthy will\n    # fail the deployment and potentially roll back the job if \"auto_revert\" is\n    # set to true.\n    healthy_deadline  = \"3m\"\n\n    # The \"progress_deadline\" parameter specifies the deadline in which an\n    # allocation must be marked as healthy. The deadline begins when the first\n    # allocation for the deployment is created and is reset whenever an allocation\n    # as part of the deployment transitions to a healthy state. If no allocation\n    # transitions to the healthy state before the progress deadline, the\n    # deployment is marked as failed.\n    progress_deadline = \"10m\"\n\n    # The \"auto_revert\" parameter specifies if the job should auto-revert to the\n    # last stable job on deployment failure. A job is marked as stable if all the\n    # allocations as part of its deployment were marked healthy.\n    auto_revert       = false\n\n    # The \"canary\" parameter specifies that changes to the job that would result\n    # in destructive updates should create the specified number of canaries\n    # without stopping any previous allocations. Once the operator determines the\n    # canaries are healthy, they can be promoted which unblocks a rolling update\n    # of the remaining allocations at a rate of \"max_parallel\".\n    #\n    # Further, setting \"canary\" equal to the count of the task group allows\n    # blue/green deployments. When the job is updated, a full set of the new\n    # version is deployed and upon promotion the old version is stopped.\n    canary            = 0\n  }\n\n  # The reschedule stanza specifies the group's rescheduling strategy. If\n  # specified at the job level, the configuration will apply to all groups\n  # within the job. If the reschedule stanza is present on both the job and the\n  # group, they are merged with the group stanza taking the highest precedence\n  # and then the job.\n  reschedule {\n    delay             = \"30s\"\n    delay_function    = \"constant\"\n    unlimited         = true\n  }\n\n  # The \"group\" stanza defines a series of tasks that should be co-located on\n  # the same Nomad client. Any task within a group will be placed on the same\n  # client.\n  #\n  # For more information and examples on the \"group\" stanza, please see\n  # the online documentation at:\n  #\n  #     https://www.nomadproject.io/docs/job-specification/group.html\n  #\n  group \"prod-group1-nginx\" {\n    # The \"count\" parameter specifies the number of the task groups that should\n    # be running under this group. This value must be non-negative and defaults\n    # to 1.\n    count = 1\n\n    # https://www.nomadproject.io/docs/job-specification/volume\n    \n    volume \"prod-volume1-nginx\" {\n      type      = \"host\"\n      read_only = false\n      source    = \"prod-volume-data1-1\"\n    }\n    \n\n    # The restart stanza configures a tasks's behavior on task failure. Restarts\n    # happen on the client that is running the task.\n    #\n    # https://www.nomadproject.io/docs/job-specification/restart\n    #\n    restart {\n      interval  = \"30m\"\n      attempts  = 40\n      delay     = \"15s\"\n      mode      = \"delay\"\n    }\n\n    # The \"task\" stanza creates an individual unit of work, such as a Docker\n    # container, web application, or batch processing.\n    #\n    # For more information and examples on the \"task\" stanza, please see\n    # the online documentation at:\n    #\n    #     https://www.nomadproject.io/docs/job-specification/task.html\n    #\n    task \"prod-task1-nginx\" {\n      # The \"driver\" parameter specifies the task driver that should be used to\n      # run the task.\n      driver = \"docker\"\n\n      # The \"config\" stanza specifies the driver configuration, which is passed\n      # directly to the driver to start the task. The details of configurations\n      # are specific to each driver, so please see specific driver\n      # documentation for more information.\n      config {\n        image        = \"nginx:stable\"\n        port_map {\n          https      = 443\n        }\n        privileged   = false\n        volumes      = [\n          \"/etc/ssl/certs/docs.nginx.service.consul.crt:/etc/ssl/certs/docs.nginx.service.consul.crt\",\n          \"/etc/ssl/certs/docs.nginx.service.consul.key:/etc/ssl/certs/docs.nginx.service.consul.key\",\n          \"/etc/ssl/certs/logs.nginx.service.consul.crt:/etc/ssl/certs/logs.nginx.service.consul.crt\",\n          \"/etc/ssl/certs/logs.nginx.service.consul.key:/etc/ssl/certs/logs.nginx.service.consul.key\",\n          \"custom/upstream.conf:/etc/nginx/conf.d/upstream.conf\",\n          \"custom/logs.conf:/etc/nginx/conf.d/logs.conf\",\n          \"custom/docs.conf:/etc/nginx/conf.d/docs.conf\"\n        ]\n      }\n\n      # The \"template\" stanza instructs Nomad to manage a template, such as\n      # a configuration file or script. This template can optionally pull data\n      # from Consul or Vault to populate runtime configuration data.\n      #\n      # For more information and examples on the \"template\" stanza, please see\n      # the online documentation at:\n      #\n      #     https://www.nomadproject.io/docs/job-specification/template.html\n      #\n      template {\n        data = \u003c\u003cEOH\n          upstream storage {\n            {{ range service \"storage\" }}\n              server {{ .Address }}:{{ .Port }};\n            {{ end }}\n          }\n        EOH\n        destination = \"custom/upstream.conf\"\n      }\n      template {\n        data = \u003c\u003cEOH\n          server {\n            listen 443 ssl default_server;\n            server_name logs.nginx.service.consul;\n            keepalive_timeout 70;\n            ssl_session_cache shared:SSL:10m;\n            ssl_session_timeout 10m;\n            ssl_protocols TLSv1.2;\n            ssl_prefer_server_ciphers on;\n            ssl_ciphers \"ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384\";\n            ssl_certificate /etc/ssl/certs/logs.nginx.service.consul.crt;\n            ssl_certificate_key /etc/ssl/certs/logs.nginx.service.consul.key;\n            location / {\n              chunked_transfer_encoding off;\n              proxy_connect_timeout 300;\n              proxy_http_version 1.1;\n              proxy_set_header Host $host:$server_port;\n              proxy_set_header Connection \"\";\n              proxy_pass http://storage/logs.fd.io/;\n              server_name_in_redirect off;\n            }\n            location ~ (.*html.gz)$ {\n              add_header Content-Encoding gzip;\n              add_header Content-Type text/html;\n              chunked_transfer_encoding off;\n              proxy_connect_timeout 300;\n              proxy_http_version 1.1;\n              proxy_set_header Host $host:$server_port;\n              proxy_set_header Connection \"\";\n              proxy_pass http://storage/logs.fd.io/$1;\n              server_name_in_redirect off;\n            }\n            location ~ (.*txt.gz|.*log.gz)$ {\n              add_header Content-Encoding gzip;\n              add_header Content-Type text/plain;\n              chunked_transfer_encoding off;\n              proxy_connect_timeout 300;\n              proxy_http_version 1.1;\n              proxy_set_header Host $host:$server_port;\n              proxy_set_header Connection \"\";\n              proxy_pass http://storage/logs.fd.io/$1;\n              server_name_in_redirect off;\n            }\n            location ~ (.*xml.gz)$ {\n              add_header Content-Encoding gzip;\n              add_header Content-Type application/xml;\n              chunked_transfer_encoding off;\n              proxy_connect_timeout 300;\n              proxy_http_version 1.1;\n              proxy_set_header Host $host:$server_port;\n              proxy_set_header Connection \"\";\n              proxy_pass http://storage/logs.fd.io/$1;\n              server_name_in_redirect off;\n            }\n        }\n        EOH\n        destination = \"custom/logs.conf\"\n      }\n      template {\n        data = \u003c\u003cEOH\n          server {\n            listen 443 ssl;\n            server_name docs.nginx.service.consul;\n            keepalive_timeout 70;\n            ssl_session_cache shared:SSL:10m;\n            ssl_session_timeout 10m;\n            ssl_protocols TLSv1.2;\n            ssl_prefer_server_ciphers on;\n            ssl_ciphers \"ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384\";\n            ssl_certificate /etc/ssl/certs/docs.nginx.service.consul.crt;\n            ssl_certificate_key /etc/ssl/certs/docs.nginx.service.consul.key;\n            location / {\n              chunked_transfer_encoding off;\n              proxy_connect_timeout 300;\n              proxy_http_version 1.1;\n              proxy_set_header Host $host:$server_port;\n              proxy_set_header Connection \"\";\n              proxy_pass http://storage/docs.fd.io/;\n              server_name_in_redirect off;\n            }\n          }\n        EOH\n        destination = \"custom/docs.conf\"\n      }\n\n      # The service stanza instructs Nomad to register a service with Consul.\n      #\n      # For more information and examples on the \"task\" stanza, please see\n      # the online documentation at:\n      #\n      #     https://www.nomadproject.io/docs/job-specification/service.html\n      #\n      service {\n        name       = \"nginx\"\n        port       = \"https\"\n        tags       = [ \"docs\", \"logs\" ]\n      }\n\n      # The \"resources\" stanza describes the requirements a task needs to\n      # execute. Resource requirements include memory, network, cpu, and more.\n      # This ensures the task will execute on a machine that contains enough\n      # resource capacity.\n      #\n      # For more information and examples on the \"resources\" stanza, please see\n      # the online documentation at:\n      #\n      #     https://www.nomadproject.io/docs/job-specification/resources.html\n      #\n      resources {\n        cpu        = 2000\n        memory     = 4096\n        network {\n          mode     = \"bridge\"\n          port \"https\" {\n            static = 443\n          }\n        }\n      }\n    }\n  }\n}",
             "json": null,
-            "modify_index": "7575033",
+            "modify_index": "8219998",
             "name": "prod-nginx",
             "namespace": "default",
             "policy_override": null,
@@ -466,10 +468,9 @@
           "schema_version": 0,
           "attributes": {
             "allocation_ids": [
-              "1d354fb9-60c9-c610-2071-54cab71d0f37",
-              "82b2a20f-10df-7220-db28-9e579bb5a601",
-              "06f33a7e-877b-b886-b2bb-c82e7b0a2535",
-              "bcaa4705-27cd-156d-81ed-18cd98cfead0"
+              "dd7ade6e-43c4-cac3-3294-9bd32d6b9764",
+              "d4ad3ff3-7b2d-b257-e24e-93955addefad",
+              "037ac779-c647-2dba-5b64-d11e2243066c"
             ],
             "datacenters": [
               "yul1"
@@ -566,14 +567,10 @@
           "schema_version": 0,
           "attributes": {
             "allocation_ids": [
-              "485b058d-2c4d-10ff-6df5-7202fcb4098a",
-              "58f76145-fbf5-35dc-b1c4-4bbc03836d62",
-              "78d87ca0-1a89-1c1e-1953-815c69942354",
-              "f7abf2a1-6dcd-56fe-ee40-430daa61faa6",
-              "abeb4d1b-e183-d7ee-a06f-b2056261f85e",
-              "8a028159-b7c0-be60-cfaf-d5afbed485f7",
-              "eb0ef52d-046e-74bf-9cd9-1ebe8e530ff4",
-              "76174535-f2da-288f-ea14-8af495e631cc"
+              "516e389c-e3ce-92ed-217d-68fceb56f61e",
+              "93db39cc-26d0-ef8a-02af-f10d0e7d8db0",
+              "a8ee42a1-ff17-8a57-6276-75dc9498653e",
+              "a497e3ee-2d8b-2750-620e-223d23114ba0"
             ],
             "datacenters": [
               "yul1"
diff --git a/fdio.infra.terraform/1n_nmd/vpp_device/versions.tf b/fdio.infra.terraform/1n_nmd/vpp_device/versions.tf
new file mode 100644
index 0000000000..960bd4bba6
--- /dev/null
+++ b/fdio.infra.terraform/1n_nmd/vpp_device/versions.tf
@@ -0,0 +1,13 @@
+terraform {
+  required_providers {
+    nomad = {
+      source  = "hashicorp/nomad"
+      version = "~> 1.4.9"
+    }
+    template = {
+      source  = "hashicorp/template"
+      version = "~> 2.1.2"
+    }
+  }
+  required_version = ">= 0.13"
+}