aboutsummaryrefslogtreecommitdiffstats
path: root/fdio.infra.ansible/roles/nomad
diff options
context:
space:
mode:
Diffstat (limited to 'fdio.infra.ansible/roles/nomad')
-rw-r--r--fdio.infra.ansible/roles/nomad/defaults/main.yaml105
-rw-r--r--fdio.infra.ansible/roles/nomad/handlers/main.yaml10
-rw-r--r--fdio.infra.ansible/roles/nomad/meta/main.yaml9
-rw-r--r--fdio.infra.ansible/roles/nomad/tasks/main.yaml192
-rw-r--r--fdio.infra.ansible/roles/nomad/templates/base.hcl.j211
-rw-r--r--fdio.infra.ansible/roles/nomad/templates/client.hcl.j231
-rw-r--r--fdio.infra.ansible/roles/nomad/templates/custom.hcl.j25
-rw-r--r--fdio.infra.ansible/roles/nomad/templates/nomad_systemd.service.j221
-rw-r--r--fdio.infra.ansible/roles/nomad/templates/server.hcl.j216
-rw-r--r--fdio.infra.ansible/roles/nomad/templates/telemetry.hcl.j220
-rw-r--r--fdio.infra.ansible/roles/nomad/templates/tls.hcl.j212
-rw-r--r--fdio.infra.ansible/roles/nomad/vars/main.yaml5
12 files changed, 437 insertions, 0 deletions
diff --git a/fdio.infra.ansible/roles/nomad/defaults/main.yaml b/fdio.infra.ansible/roles/nomad/defaults/main.yaml
new file mode 100644
index 0000000000..864890c11e
--- /dev/null
+++ b/fdio.infra.ansible/roles/nomad/defaults/main.yaml
@@ -0,0 +1,105 @@
+---
+# file: roles/nomad/defaults/main.yaml
+
+# Inst - Prerequisites.
+packages: "{{ packages_base + packages_by_distro[ansible_distribution | lower] + packages_by_arch[ansible_machine] }}"
+
+packages_base:
+ - "cgroup-bin"
+ - "curl"
+ - "git"
+ - "libcgroup1"
+ - "unzip"
+ - "htop"
+packages_by_distro:
+ ubuntu:
+ - []
+packages_by_arch:
+ aarch64:
+ - []
+ x86_64:
+ - []
+
+# Inst - Download Nomad.
+nomad_architecture_map:
+ amd64: "amd64"
+ x86_64: "amd64"
+ armv7l: "arm"
+ aarch64: "arm64"
+ 32-bit: "386"
+ 64-bit: "amd64"
+nomad_architecture: "{{ nomad_architecture_map[ansible_architecture] }}"
+nomad_version: "0.12.0"
+nomad_pkg: "nomad_{{ nomad_version }}_linux_{{ nomad_architecture }}.zip"
+nomad_zip_url: "https://releases.hashicorp.com/nomad/{{ nomad_version }}/{{ nomad_pkg }}"
+
+# Inst - System paths.
+nomad_bin_dir: "/usr/local/bin"
+nomad_config_dir: "/etc/nomad.d"
+nomad_data_dir: "/var/nomad"
+nomad_inst_dir: "/opt"
+nomad_lockfile: "/var/lock/subsys/nomad"
+nomad_run_dir: "/var/run/nomad"
+nomad_ssl_dir: "/etc/nomad.d/ssl"
+
+# Conf - Service.
+nomad_node_role: "both"
+nomad_restart_handler_state: "restarted"
+
+# Conf - User and group.
+nomad_group: "nomad"
+nomad_group_state: "present"
+nomad_manage_group: true
+nomad_manage_user: true
+nomad_user: "nomad"
+nomad_user_groups: [ docker, nomad, root ]
+nomad_user_state: "present"
+
+# Conf - base.hcl
+nomad_bind_addr: "0.0.0.0"
+nomad_datacenter: "dc1"
+nomad_disable_update_check: true
+nomad_enable_debug: false
+nomad_log_level: "INFO"
+nomad_name: "{{ inventory_hostname }}"
+nomad_region: "global"
+nomad_syslog_enable: true
+
+# Conf - tls.hcl
+nomad_ca_file: "{{ nomad_ssl_dir }}/ca.pem"
+nomad_cert_file: "{{ nomad_ssl_dir }}/nomad.pem"
+nomad_http: false
+nomad_key_file: "{{ nomad_ssl_dir }}/nomad-key.pem"
+nomad_rpc: false
+
+# Conf - client.hcl
+nomad_certificates:
+ - src: "{{ vault_nomad_ca_file }}"
+ dest: "{{ nomad_ca_file }}"
+ - src: "{{ vault_nomad_cert_file }}"
+ dest: "{{ nomad_cert_file }}"
+ - src: "{{ vault_nomad_key_file }}"
+ dest: "{{ nomad_key_file }}"
+nomad_node_class: ""
+nomad_no_host_uuid: true
+nomad_options: {}
+nomad_servers: []
+nomad_volumes: []
+
+# Conf - server.hcl
+nomad_bootstrap_expect: 2
+nomad_encrypt: ""
+nomad_retry_join: true
+
+# Conf - telemetry.hcl
+nomad_disable_hostname: false
+nomad_collection_interval: 60s
+nomad_use_node_name: false
+nomad_publish_allocation_metrics: true
+nomad_publish_node_metrics: true
+nomad_backwards_compatible_metrics: false
+nomad_telemetry_provider_parameters:
+ prometheus_metrics: true
+
+# Conf - custom.hcl
+# empty
diff --git a/fdio.infra.ansible/roles/nomad/handlers/main.yaml b/fdio.infra.ansible/roles/nomad/handlers/main.yaml
new file mode 100644
index 0000000000..f0bcee9142
--- /dev/null
+++ b/fdio.infra.ansible/roles/nomad/handlers/main.yaml
@@ -0,0 +1,10 @@
+---
+# file roles/nomad/handlers/main.yaml
+
+- name: Restart Nomad
+ systemd:
+ daemon_reload: true
+ enabled: true
+ name: "nomad"
+ state: "{{ nomad_restart_handler_state }}"
+
diff --git a/fdio.infra.ansible/roles/nomad/meta/main.yaml b/fdio.infra.ansible/roles/nomad/meta/main.yaml
new file mode 100644
index 0000000000..9fc40d9ae1
--- /dev/null
+++ b/fdio.infra.ansible/roles/nomad/meta/main.yaml
@@ -0,0 +1,9 @@
+---
+# file: roles/nomad/meta/main.yaml
+
+# desc: Install nomad from stable branch and configure service.
+# inst: Nomad
+# conf: ?
+# info: 1.0 - added role
+
+dependencies: [ docker ]
diff --git a/fdio.infra.ansible/roles/nomad/tasks/main.yaml b/fdio.infra.ansible/roles/nomad/tasks/main.yaml
new file mode 100644
index 0000000000..54e80513b8
--- /dev/null
+++ b/fdio.infra.ansible/roles/nomad/tasks/main.yaml
@@ -0,0 +1,192 @@
+---
+# file: roles/nomad/tasks/main.yaml
+
+- name: Inst - Update Package Cache (APT)
+ apt:
+ update_cache: yes
+ cache_valid_time: 3600
+ when:
+ - ansible_distribution|lower == 'ubuntu'
+ tags:
+ - nomad-inst-prerequisites
+
+- name: Inst - Prerequisites
+ package:
+ name: "{{ packages | flatten(levels=1) }}"
+ state: latest
+ tags:
+ - nomad-inst-prerequisites
+
+- name: Conf - Add Nomad Group
+ group:
+ name: "{{ nomad_group }}"
+ state: "{{ nomad_group_state }}"
+ when:
+ - nomad_manage_group | bool
+ tags:
+ - nomad-conf-user
+
+- name: Conf - Add Nomad user
+ user:
+ name: "{{ nomad_user }}"
+ group: "{{ nomad_group }}"
+ groups: "{{ nomad_user_groups }}"
+ state: "{{ nomad_user_state }}"
+ system: true
+ when:
+ - nomad_manage_user | bool
+ tags:
+ - nomad-conf-user
+
+- name: Inst - Clean Nomad
+ file:
+ path: "{{ nomad_inst_dir }}/nomad"
+ state: "absent"
+ tags:
+ - nomad-inst-package
+
+- name: Inst - Download Nomad
+ get_url:
+ url: "{{ nomad_zip_url }}"
+ dest: "{{ nomad_inst_dir }}/{{ nomad_pkg }}"
+ tags:
+ - nomad-inst-package
+
+- name: Inst - Unarchive Nomad
+ unarchive:
+ src: "{{ nomad_inst_dir }}/{{ nomad_pkg }}"
+ dest: "{{ nomad_inst_dir }}/"
+ creates: "{{ nomad_inst_dir }}/nomad"
+ remote_src: true
+ tags:
+ - nomad-inst-package
+
+- name: Inst - Nomad
+ copy:
+ src: "{{ nomad_inst_dir }}/nomad"
+ dest: "{{ nomad_bin_dir }}"
+ owner: "{{ nomad_user }}"
+ group: "{{ nomad_group }}"
+ force: true
+ mode: 0755
+ remote_src: true
+ tags:
+ - nomad-inst-package
+
+- name: Conf - Create Directories "{{ nomad_data_dir }}"
+ file:
+ dest: "{{ nomad_data_dir }}"
+ state: directory
+ owner: "{{ nomad_user }}"
+ group: "{{ nomad_group }}"
+ tags:
+ - nomad-conf
+
+- name: Conf - Create Directories "{{ nomad_ssl_dir }}"
+ file:
+ dest: "{{ nomad_ssl_dir }}"
+ state: directory
+ owner: "{{ nomad_user }}"
+ group: "{{ nomad_group }}"
+ tags:
+ - nomad-conf
+
+- name: Conf - Create Config Directory
+ file:
+ dest: "{{ nomad_config_dir }}"
+ state: directory
+ owner: "{{ nomad_user }}"
+ group: "{{ nomad_group }}"
+ mode: 0755
+ tags:
+ - nomad-conf
+
+- name: Conf - Base Configuration
+ template:
+ src: base.hcl.j2
+ dest: "{{ nomad_config_dir }}/base.hcl"
+ owner: "{{ nomad_user }}"
+ group: "{{ nomad_group }}"
+ mode: 0644
+ tags:
+ - nomad-conf
+
+- name: Conf - Server Configuration
+ template:
+ src: server.hcl.j2
+ dest: "{{ nomad_config_dir }}/server.hcl"
+ owner: "{{ nomad_user }}"
+ group: "{{ nomad_group }}"
+ mode: 0644
+ when:
+ - nomad_node_server | bool
+ tags:
+ - nomad-conf
+
+- name: Conf - Client Configuration
+ template:
+ src: client.hcl.j2
+ dest: "{{ nomad_config_dir }}/client.hcl"
+ owner: "{{ nomad_user }}"
+ group: "{{ nomad_group }}"
+ mode: 0644
+ when:
+ - nomad_node_client | bool
+ tags:
+ - nomad-conf
+
+- name: Conf - TLS Configuration
+ template:
+ src: tls.hcl.j2
+ dest: "{{ nomad_config_dir }}/tls.hcl"
+ owner: "{{ nomad_user }}"
+ group: "{{ nomad_group }}"
+ mode: 0644
+ tags:
+ - nomad-conf
+
+- name: Conf - Telemetry Configuration
+ template:
+ src: telemetry.hcl.j2
+ dest: "{{ nomad_config_dir }}/telemetry.hcl"
+ owner: "{{ nomad_user }}"
+ group: "{{ nomad_group }}"
+ mode: 0644
+ tags:
+ - nomad-conf
+
+- name: Conf - Custom Configuration
+ template:
+ src: custom.json.j2
+ dest: "{{ nomad_config_dir }}/custom.json"
+ owner: "{{ nomad_user }}"
+ group: "{{ nomad_group }}"
+ mode: 0644
+ when:
+ - nomad_config_custom is defined
+ tags:
+ - nomad-conf
+
+- name: Conf - Copy Certificates And Keys
+ copy:
+ content: "{{ item.src }}"
+ dest: "{{ item.dest }}"
+ owner: "{{ nomad_user }}"
+ group: "{{ nomad_group }}"
+ mode: 0600
+ no_log: true
+ loop: "{{ nomad_certificates | flatten(levels=1) }}"
+ tags:
+ - nomad-conf
+
+- name: Conf - System.d Script
+ template:
+ src: "nomad_systemd.service.j2"
+ dest: "/lib/systemd/system/nomad.service"
+ owner: "root"
+ group: "root"
+ mode: 0644
+# notify:
+# - "Restart Nomad"
+ tags:
+ - nomad-conf
diff --git a/fdio.infra.ansible/roles/nomad/templates/base.hcl.j2 b/fdio.infra.ansible/roles/nomad/templates/base.hcl.j2
new file mode 100644
index 0000000000..7badecf9e0
--- /dev/null
+++ b/fdio.infra.ansible/roles/nomad/templates/base.hcl.j2
@@ -0,0 +1,11 @@
+name = "{{ nomad_name }}"
+region = "{{ nomad_region }}"
+datacenter = "{{ nomad_datacenter }}"
+
+bind_addr = "{{ nomad_bind_addr }}"
+data_dir = "{{ nomad_data_dir }}"
+
+enable_syslog = {{ nomad_syslog_enable | bool | lower }}
+enable_debug = {{ nomad_enable_debug | bool | lower }}
+disable_update_check = {{ nomad_disable_update_check | bool | lower }}
+log_level = "{{ nomad_log_level }}"
diff --git a/fdio.infra.ansible/roles/nomad/templates/client.hcl.j2 b/fdio.infra.ansible/roles/nomad/templates/client.hcl.j2
new file mode 100644
index 0000000000..f245697a22
--- /dev/null
+++ b/fdio.infra.ansible/roles/nomad/templates/client.hcl.j2
@@ -0,0 +1,31 @@
+client {
+ enabled = {{ nomad_node_client | bool | lower }}
+ no_host_uuid = {{ nomad_no_host_uuid | bool | lower }}
+ node_class = "{{ nomad_node_class }}"
+
+ {% if nomad_cpu_total_compute is defined -%}
+ cpu_total_compute = {{ nomad_cpu_total_compute }}
+ {% endif -%}
+
+ {% if nomad_servers -%}
+ servers = [ {% for ip_port in nomad_servers -%} "{{ ip_port }}" {% if not loop.last %},{% endif %}{%- endfor -%} ]
+ {% endif %}
+
+ {% if nomad_options -%}
+ options = {
+ {% for key, value in nomad_options.items() %}
+ "{{ key }}" = "{{ value }}"
+ {% endfor -%}
+ }
+ {% endif %}
+
+ {% if nomad_volumes -%}
+ {% for volume in nomad_volumes -%}
+ host_volume "{{ volume.name }}" {
+ path = "{{ volume.path }}"
+ read_only = {{ volume.read_only | bool | lower }}
+ }
+ {% endfor -%}
+ {% endif %}
+
+}
diff --git a/fdio.infra.ansible/roles/nomad/templates/custom.hcl.j2 b/fdio.infra.ansible/roles/nomad/templates/custom.hcl.j2
new file mode 100644
index 0000000000..37ff6f3496
--- /dev/null
+++ b/fdio.infra.ansible/roles/nomad/templates/custom.hcl.j2
@@ -0,0 +1,5 @@
+{% if nomad_config_custom -%}
+{{ nomad_config_custom | to_nice_json }}
+{% else %}
+{}
+{% endif %}
diff --git a/fdio.infra.ansible/roles/nomad/templates/nomad_systemd.service.j2 b/fdio.infra.ansible/roles/nomad/templates/nomad_systemd.service.j2
new file mode 100644
index 0000000000..2a87c65063
--- /dev/null
+++ b/fdio.infra.ansible/roles/nomad/templates/nomad_systemd.service.j2
@@ -0,0 +1,21 @@
+[Unit]
+Description=Nomad Service
+Documentation=https://www.nomadproject.io/docs/
+Wants=network-online.target
+After=network-online.target
+
+[Service]
+# TODO: Decrease privilege
+ExecReload=/bin/kill -SIGHUP $MAINPID
+ExecStart={{ nomad_bin_dir }}/nomad agent -config={{ nomad_config_dir }}
+KillSignal=SIGTERM
+LimitNOFILE=infinity
+LimitNPROC=infinity
+Restart=on-failure
+RestartSec=1
+User=root
+Group=root
+Environment="GOMAXPROCS=2"
+
+[Install]
+WantedBy=multi-user.target
diff --git a/fdio.infra.ansible/roles/nomad/templates/server.hcl.j2 b/fdio.infra.ansible/roles/nomad/templates/server.hcl.j2
new file mode 100644
index 0000000000..b581de9ad0
--- /dev/null
+++ b/fdio.infra.ansible/roles/nomad/templates/server.hcl.j2
@@ -0,0 +1,16 @@
+server {
+ enabled = {{ nomad_node_server | bool | lower }}
+
+ {% if nomad_node_server | bool -%}
+ bootstrap_expect = {{ nomad_bootstrap_expect }}
+ {%- endif %}
+
+ encrypt = "{{ nomad_encrypt }}"
+
+ {% if nomad_retry_join | bool -%}
+ server_join {
+ retry_join = [ {% for ip_port in nomad_retry_servers -%} "{{ ip_port }}" {% if not loop.last %},{% endif %}{%- endfor -%} ]
+ }
+ {%- endif %}
+
+}
diff --git a/fdio.infra.ansible/roles/nomad/templates/telemetry.hcl.j2 b/fdio.infra.ansible/roles/nomad/templates/telemetry.hcl.j2
new file mode 100644
index 0000000000..256c6999e9
--- /dev/null
+++ b/fdio.infra.ansible/roles/nomad/templates/telemetry.hcl.j2
@@ -0,0 +1,20 @@
+telemetry {
+ # Telemetry provider parameters
+ {% for key, value in nomad_telemetry_provider_parameters.items() -%}
+ {% if value|bool -%}
+ {{ key }} = {{ value | bool | lower }}
+ {% elif value|string or value == "" -%}
+ {{ key }} = "{{ value }}"
+ {% else %}
+ {{ key }} = {{ value }}
+ {% endif -%}
+ {% endfor -%}
+
+ # Common parameters
+ disable_hostname = {{ nomad_disable_hostname | bool | lower }}
+ collection_interval = "{{ nomad_collection_interval }}"
+ use_node_name = {{ nomad_use_node_name | bool | lower }}
+ publish_allocation_metrics = {{ nomad_publish_allocation_metrics | bool | lower }}
+ publish_node_metrics = {{ nomad_publish_node_metrics | bool | lower }}
+ backwards_compatible_metrics = {{ nomad_backwards_compatible_metrics | bool | lower }}
+}
diff --git a/fdio.infra.ansible/roles/nomad/templates/tls.hcl.j2 b/fdio.infra.ansible/roles/nomad/templates/tls.hcl.j2
new file mode 100644
index 0000000000..650765f1b1
--- /dev/null
+++ b/fdio.infra.ansible/roles/nomad/templates/tls.hcl.j2
@@ -0,0 +1,12 @@
+{% if ( nomad_ca_file ) and
+ ( nomad_cert_file ) and
+ ( nomad_key_file )
+%}
+tls {
+ http = {{ nomad_http | bool | lower }}
+ rpc = {{ nomad_rpc | bool | lower }}
+ ca_file = "{{ nomad_ca_file }}"
+ cert_file = "{{ nomad_cert_file }}"
+ key_file = "{{ nomad_key_file }}"
+}
+{% endif %}
diff --git a/fdio.infra.ansible/roles/nomad/vars/main.yaml b/fdio.infra.ansible/roles/nomad/vars/main.yaml
new file mode 100644
index 0000000000..a72222c992
--- /dev/null
+++ b/fdio.infra.ansible/roles/nomad/vars/main.yaml
@@ -0,0 +1,5 @@
+---
+# file: roles/nomad/vars/main.yaml
+
+nomad_node_client: "{{ (nomad_node_role == 'client') or (nomad_node_role == 'both') }}"
+nomad_node_server: "{{ (nomad_node_role == 'server') or (nomad_node_role == 'both') }}"