aboutsummaryrefslogtreecommitdiffstats
path: root/fdio.infra.ansible/roles/nomad/tasks/main.yaml
diff options
context:
space:
mode:
Diffstat (limited to 'fdio.infra.ansible/roles/nomad/tasks/main.yaml')
-rw-r--r--fdio.infra.ansible/roles/nomad/tasks/main.yaml151
1 files changed, 151 insertions, 0 deletions
diff --git a/fdio.infra.ansible/roles/nomad/tasks/main.yaml b/fdio.infra.ansible/roles/nomad/tasks/main.yaml
new file mode 100644
index 0000000000..72b78458f8
--- /dev/null
+++ b/fdio.infra.ansible/roles/nomad/tasks/main.yaml
@@ -0,0 +1,151 @@
+---
+# file: tasks/main.yaml
+
+- name: Update Repositories Cache
+ ansible.builtin.apt:
+ update_cache: true
+ when:
+ - ansible_os_family == 'Debian'
+ tags:
+ - nomad-inst-package
+
+- name: Dependencies
+ ansible.builtin.apt:
+ name: "{{ packages | flatten(levels=1) }}"
+ state: "present"
+ cache_valid_time: 3600
+ install_recommends: false
+ when:
+ - ansible_os_family == 'Debian'
+ tags:
+ - nomad-inst-dependencies
+
+- name: Add Nomad Group
+ ansible.builtin.group:
+ name: "{{ nomad_group }}"
+ state: "present"
+ tags:
+ - nomad-conf-user
+
+- name: Add Nomad user
+ ansible.builtin.user:
+ name: "{{ nomad_user }}"
+ group: "{{ nomad_group }}"
+ state: "present"
+ system: true
+ tags:
+ - nomad-conf-user
+
+- name: Download Nomad
+ ansible.builtin.get_url:
+ url: "{{ nomad_zip_url }}"
+ dest: "{{ nomad_inst_dir }}/{{ nomad_pkg }}"
+ mode: 0644
+ tags:
+ - nomad-inst-package
+
+- name: Clean Nomad
+ ansible.builtin.file:
+ path: "{{ nomad_inst_dir }}/nomad"
+ state: "absent"
+ when:
+ - nomad_force_update | bool
+ tags:
+ - nomad-inst-package
+
+- name: Unarchive Nomad
+ ansible.builtin.unarchive:
+ src: "{{ nomad_inst_dir }}/{{ nomad_pkg }}"
+ dest: "{{ nomad_inst_dir }}/"
+ remote_src: true
+ tags:
+ - nomad-inst-package
+
+- name: Nomad
+ ansible.builtin.copy:
+ src: "{{ nomad_inst_dir }}/nomad"
+ dest: "{{ nomad_bin_dir }}"
+ owner: "{{ nomad_user }}"
+ group: "{{ nomad_group }}"
+ force: true
+ mode: 0755
+ remote_src: true
+ tags:
+ - nomad-inst-package
+
+- name: Create Directories
+ ansible.builtin.file:
+ dest: "{{ item }}"
+ state: "directory"
+ owner: "{{ nomad_user }}"
+ group: "{{ nomad_group }}"
+ mode: 0755
+ with_items:
+ - "{{ nomad_data_dir }}"
+ - "{{ nomad_config_dir }}"
+ - "{{ nomad_ssl_dir }}"
+ tags:
+ - nomad-conf
+
+- name: Base Configuration
+ ansible.builtin.template:
+ src: "{{ item }}.hcl.j2"
+ dest: "{{ nomad_config_dir }}/{{ item }}.hcl"
+ owner: "{{ nomad_user }}"
+ group: "{{ nomad_group }}"
+ mode: 0644
+ with_items:
+ - "base"
+ - "consul"
+ - "client"
+ - "server"
+ - "telemetry"
+ - "tls"
+ - "vault"
+ tags:
+ - nomad-conf
+
+- name: Conf - Copy Certificates And Keys
+ ansible.builtin.copy:
+ content: "{{ item.src }}"
+ dest: "{{ item.dest }}"
+ owner: "{{ nomad_user }}"
+ group: "{{ nomad_group }}"
+ mode: 0600
+ no_log: true
+ loop: "{{ nomad_certificates | flatten(levels=1) }}"
+ when:
+ - nomad_certificates is defined
+ tags:
+ - nomad-conf
+
+- name: Nomad CLI Environment Variables
+ ansible.builtin.lineinfile:
+ path: "/etc/profile.d/nomad.sh"
+ line: "{{ item }}"
+ mode: 0644
+ create: true
+ loop:
+ - "export NOMAD_ADDR=https://nomad-server.service.consul:4646"
+ - "export NOMAD_CACERT={{ nomad_tls_ca_file }}"
+ - "export NOMAD_CLIENT_CERT={{ nomad_tls_cli_cert_file }}"
+ - "export NOMAD_CLIENT_KEY={{ nomad_tls_cli_key_file }}"
+ tags:
+ - nomad-conf
+
+- name: System.d Script
+ ansible.builtin.template:
+ src: "nomad_systemd.service.j2"
+ dest: "/lib/systemd/system/nomad.service"
+ owner: "root"
+ group: "root"
+ mode: 0644
+ notify:
+ - "Restart Nomad"
+ when:
+ - nomad_service_mgr == "systemd"
+ tags:
+ - nomad-conf
+
+- name: Meta - Flush handlers
+ ansible.builtin.meta: flush_handlers