diff options
| author |   pmikus <pmikus@cisco.com> | 2021-05-05 14:56:45 +0000 |
|---|---|---|
| committer | Peter Mikus <pmikus@cisco.com> | 2021-05-11 12:09:01 +0000 |
| commit | 78a8427cc50c137e5d59ad3448ae128fdda369b2 (patch) | |
| tree | cac13b10bf90af6f271e5a38f17f8254e64a5e9f /fdio.infra.ansible/roles/nomad/templates | |
| parent | 6c70887b91dd02d5c7bba0df61c2503db97abc6d (diff) | |
Infra: Backend infra upgrade
Signed-off-by: pmikus <pmikus@cisco.com>
Change-Id: If1e659339f0d25ebcaab4388745c62aa0852abb3
Diffstat (limited to 'fdio.infra.ansible/roles/nomad/templates')
3 files changed, 20 insertions, 12 deletions
diff --git a/fdio.infra.ansible/roles/nomad/templates/nomad_systemd.service.j2 b/fdio.infra.ansible/roles/nomad/templates/nomad_systemd.service.j2 index 2a87c65063..61f07df5b6 100644 --- a/fdio.infra.ansible/roles/nomad/templates/nomad_systemd.service.j2 +++ b/fdio.infra.ansible/roles/nomad/templates/nomad_systemd.service.j2 @@ -1,21 +1,28 @@ [Unit] -Description=Nomad Service -Documentation=https://www.nomadproject.io/docs/ +Description=Nomad +Documentation=https://nomadproject.io/docs/ Wants=network-online.target After=network-online.target +# When using Nomad with Consul it is not necessary to start Consul first. These +# lines start Consul before Nomad as an optimization to avoid Nomad logging +# that Consul is unavailable at startup. +#Wants=consul.service +#After=consul.service + [Service] -# TODO: Decrease privilege -ExecReload=/bin/kill -SIGHUP $MAINPID -ExecStart={{ nomad_bin_dir }}/nomad agent -config={{ nomad_config_dir }} -KillSignal=SIGTERM +ExecReload=/bin/kill -HUP $MAINPID +ExecStart={{ nomad_bin_dir }}/nomad agent -config {{ nomad_config_dir }} +KillMode=process +KillSignal=SIGINT LimitNOFILE=infinity LimitNPROC=infinity Restart=on-failure -RestartSec=1 -User=root -Group=root -Environment="GOMAXPROCS=2" +RestartSec=2 +StartLimitBurst=3 +StartLimitInterval=10 +TasksMax=infinity +OOMScoreAdjust=-1000 [Install] -WantedBy=multi-user.target +WantedBy=multi-user.target
\ No newline at end of file diff --git a/fdio.infra.ansible/roles/nomad/templates/telemetry.hcl.j2 b/fdio.infra.ansible/roles/nomad/templates/telemetry.hcl.j2 index 256c6999e9..7b62f76976 100644 --- a/fdio.infra.ansible/roles/nomad/templates/telemetry.hcl.j2 +++ b/fdio.infra.ansible/roles/nomad/templates/telemetry.hcl.j2 @@ -16,5 +16,4 @@ telemetry { use_node_name = {{ nomad_use_node_name | bool | lower }} publish_allocation_metrics = {{ nomad_publish_allocation_metrics | bool | lower }} publish_node_metrics = {{ nomad_publish_node_metrics | bool | lower }} - backwards_compatible_metrics = {{ nomad_backwards_compatible_metrics | bool | lower }} } diff --git a/fdio.infra.ansible/roles/nomad/templates/tls.hcl.j2 b/fdio.infra.ansible/roles/nomad/templates/tls.hcl.j2 index 650765f1b1..46dc1fe6b1 100644 --- a/fdio.infra.ansible/roles/nomad/templates/tls.hcl.j2 +++ b/fdio.infra.ansible/roles/nomad/templates/tls.hcl.j2 @@ -5,6 +5,8 @@ tls { http = {{ nomad_http | bool | lower }} rpc = {{ nomad_rpc | bool | lower }} + verify_server_hostname = {{ nomad_verify_server_hostname | bool | lower }} + verify_https_client = {{ nomad_verify_https_client | bool | lower }} ca_file = "{{ nomad_ca_file }}" cert_file = "{{ nomad_cert_file }}" key_file = "{{ nomad_key_file }}" |