diff options
author | pmikus <pmikus@cisco.com> | 2020-05-22 14:46:43 +0000 |
---|---|---|
committer | Peter Mikus <pmikus@cisco.com> | 2020-05-22 14:52:10 +0000 |
commit | 216073ac4b05619d9e9fc73131075597196af753 (patch) | |
tree | 3d5976c760a434c346575be598a1362a1a0f664e /resources/tools/testbed-setup/ansible/roles | |
parent | ae80dfa4c98049d96163b6ad3d67221a7851ba4b (diff) |
Infra: Ansible Nomad II
Signed-off-by: pmikus <pmikus@cisco.com>
Change-Id: Iaa5c02d14223b578c316f48e31a0b3613303eecf
Diffstat (limited to 'resources/tools/testbed-setup/ansible/roles')
8 files changed, 47 insertions, 36 deletions
diff --git a/resources/tools/testbed-setup/ansible/roles/nomad/defaults/main.yaml b/resources/tools/testbed-setup/ansible/roles/nomad/defaults/main.yaml index ad8b36ee66..0efbc6af5a 100644 --- a/resources/tools/testbed-setup/ansible/roles/nomad/defaults/main.yaml +++ b/resources/tools/testbed-setup/ansible/roles/nomad/defaults/main.yaml @@ -64,7 +64,7 @@ nomad_name: "{{ inventory_hostname }}" nomad_region: "global" nomad_syslog_enable: true -# Conf - base.hcl (TLS) +# Conf - tls.hcl nomad_ca_file: "{{ nomad_ssl_dir }}/ca.pem" nomad_cert_file: "{{ nomad_ssl_dir }}/nomad.pem" nomad_http: false @@ -84,20 +84,10 @@ nomad_no_host_uuid: true nomad_options: {} nomad_servers: [] +# Conf - server.hcl +nomad_bootstrap_expect: 2 +nomad_encrypt: "" +nomad_retry_join: true + # Conf - custom.hcl # empty - -# Conf - server.hcl -#nomad_retry_max: 0 -#nomad_retry_join: false -#nomad_retry_interval: "30s" -#nomad_rejoin_after_leave: false -#nomad_enabled_schedulers: -# - service -# - batch -# - system -#nomad_num_schedulers: "{{ ansible_processor_vcpus }}" -#nomad_node_gc_threshold: "24h" -#nomad_job_gc_threshold: "4h" -#nomad_eval_gc_threshold: "1h" -#nomad_encrypt: "" diff --git a/resources/tools/testbed-setup/ansible/roles/nomad/tasks/main.yaml b/resources/tools/testbed-setup/ansible/roles/nomad/tasks/main.yaml index 9093afd08e..fa95d645fd 100644 --- a/resources/tools/testbed-setup/ansible/roles/nomad/tasks/main.yaml +++ b/resources/tools/testbed-setup/ansible/roles/nomad/tasks/main.yaml @@ -127,6 +127,16 @@ tags: - nomad-conf +- name: Conf - TLS Configuration + template: + src: tls.hcl.j2 + dest: "{{ nomad_config_dir }}/tls.hcl" + owner: "{{ nomad_user }}" + group: "{{ nomad_group }}" + mode: 0644 + tags: + - nomad-conf + - name: Conf - Custom Configuration template: src: custom.json.j2 @@ -158,7 +168,7 @@ owner: "root" group: "root" mode: 0644 - notify: - - "Restart Nomad" +# notify: +# - "Restart Nomad" tags: - nomad-conf diff --git a/resources/tools/testbed-setup/ansible/roles/nomad/templates/base.hcl.j2 b/resources/tools/testbed-setup/ansible/roles/nomad/templates/base.hcl.j2 index 0e2b60c6d4..7badecf9e0 100644 --- a/resources/tools/testbed-setup/ansible/roles/nomad/templates/base.hcl.j2 +++ b/resources/tools/testbed-setup/ansible/roles/nomad/templates/base.hcl.j2 @@ -9,16 +9,3 @@ enable_syslog = {{ nomad_syslog_enable | bool | lower }} enable_debug = {{ nomad_enable_debug | bool | lower }} disable_update_check = {{ nomad_disable_update_check | bool | lower }} log_level = "{{ nomad_log_level }}" - -{% if ( nomad_ca_file ) and - ( nomad_cert_file ) and - ( nomad_key_file ) -%} -tls { - http = {{ nomad_http | bool | lower }} - rpc = {{ nomad_rpc | bool | lower }} - ca_file = "{{ nomad_ca_file }}" - cert_file = "{{ nomad_cert_file }}" - key_file = "{{ nomad_key_file }}" -} -{% endif %} diff --git a/resources/tools/testbed-setup/ansible/roles/nomad/templates/client.hcl.j2 b/resources/tools/testbed-setup/ansible/roles/nomad/templates/client.hcl.j2 index 91fd1c947f..c097d214a5 100644 --- a/resources/tools/testbed-setup/ansible/roles/nomad/templates/client.hcl.j2 +++ b/resources/tools/testbed-setup/ansible/roles/nomad/templates/client.hcl.j2 @@ -4,7 +4,7 @@ client { node_class = "{{ nomad_node_class }}" {% if nomad_servers -%} - servers = [ {{ nomad_servers }} ] + servers = [ {% for ip_port in nomad_servers -%} "{{ ip_port }}" {% if not loop.last %},{% endif %}{%- endfor -%} ] {% endif %} {% if nomad_options -%} diff --git a/resources/tools/testbed-setup/ansible/roles/nomad/templates/nomad_systemd.service.j2 b/resources/tools/testbed-setup/ansible/roles/nomad/templates/nomad_systemd.service.j2 index d0beed24b8..7652983417 100644 --- a/resources/tools/testbed-setup/ansible/roles/nomad/templates/nomad_systemd.service.j2 +++ b/resources/tools/testbed-setup/ansible/roles/nomad/templates/nomad_systemd.service.j2 @@ -1,5 +1,6 @@ [Unit] -Description=nomad agent +Description=Nomad Service +Documentation=https://www.nomadproject.io/docs/index.html Wants=network.target After=nomad.service diff --git a/resources/tools/testbed-setup/ansible/roles/nomad/templates/server.hcl.j2 b/resources/tools/testbed-setup/ansible/roles/nomad/templates/server.hcl.j2 index c28a43c5d2..b581de9ad0 100644 --- a/resources/tools/testbed-setup/ansible/roles/nomad/templates/server.hcl.j2 +++ b/resources/tools/testbed-setup/ansible/roles/nomad/templates/server.hcl.j2 @@ -1,4 +1,16 @@ server { - enabled = false - encrypt = "Y4T+5JGx1C3l2NFBBvkTWQ==" + enabled = {{ nomad_node_server | bool | lower }} + + {% if nomad_node_server | bool -%} + bootstrap_expect = {{ nomad_bootstrap_expect }} + {%- endif %} + + encrypt = "{{ nomad_encrypt }}" + + {% if nomad_retry_join | bool -%} + server_join { + retry_join = [ {% for ip_port in nomad_retry_servers -%} "{{ ip_port }}" {% if not loop.last %},{% endif %}{%- endfor -%} ] + } + {%- endif %} + } diff --git a/resources/tools/testbed-setup/ansible/roles/nomad/templates/tls.hcl.j2 b/resources/tools/testbed-setup/ansible/roles/nomad/templates/tls.hcl.j2 new file mode 100644 index 0000000000..650765f1b1 --- /dev/null +++ b/resources/tools/testbed-setup/ansible/roles/nomad/templates/tls.hcl.j2 @@ -0,0 +1,12 @@ +{% if ( nomad_ca_file ) and + ( nomad_cert_file ) and + ( nomad_key_file ) +%} +tls { + http = {{ nomad_http | bool | lower }} + rpc = {{ nomad_rpc | bool | lower }} + ca_file = "{{ nomad_ca_file }}" + cert_file = "{{ nomad_cert_file }}" + key_file = "{{ nomad_key_file }}" +} +{% endif %} diff --git a/resources/tools/testbed-setup/ansible/roles/user_add/tasks/main.yaml b/resources/tools/testbed-setup/ansible/roles/user_add/tasks/main.yaml index 8323284261..f980aff84d 100644 --- a/resources/tools/testbed-setup/ansible/roles/user_add/tasks/main.yaml +++ b/resources/tools/testbed-setup/ansible/roles/user_add/tasks/main.yaml @@ -6,7 +6,6 @@ append: "{{ item.append | default(omit) }}" createhome: "{{ 'yes' if users_create_homedirs else 'no' }}" generate_ssh_key: "{{ item.generate_ssh_key | default(omit) }}" - group: "{{ item.group | default(item.username) }}" groups: "{{ item.groups | join(',') if 'groups' in item else '' }}" name: "{{ item.username }}" password: "{{ item.password if item.password is defined else '!' }}" |