diff options
Diffstat (limited to 'fdio.infra.ansible/roles/nomad')
-rw-r--r-- | fdio.infra.ansible/roles/nomad/defaults/main.yaml | 8 | ||||
-rw-r--r-- | fdio.infra.ansible/roles/nomad/handlers/main.yaml | 2 | ||||
-rw-r--r-- | fdio.infra.ansible/roles/nomad/meta/main.yaml | 6 | ||||
-rw-r--r-- | fdio.infra.ansible/roles/nomad/tasks/main.yaml | 70 |
4 files changed, 54 insertions, 32 deletions
diff --git a/fdio.infra.ansible/roles/nomad/defaults/main.yaml b/fdio.infra.ansible/roles/nomad/defaults/main.yaml index f58ac0961d..b4741f8d43 100644 --- a/fdio.infra.ansible/roles/nomad/defaults/main.yaml +++ b/fdio.infra.ansible/roles/nomad/defaults/main.yaml @@ -16,7 +16,7 @@ packages_by_arch: - [] # Package -nomad_version: "{{ lookup('env','NOMAD_VERSION') | default('1.0.4', true) }}" +nomad_version: "{{ lookup('env','NOMAD_VERSION') | default('1.3.1', true) }}" nomad_architecture_map: amd64: "amd64" x86_64: "amd64" @@ -63,7 +63,7 @@ nomad_log_level: "INFO" nomad_syslog_enable: true nomad_iface: "{{ lookup('env','NOMAD_IFACE') | default(ansible_default_ipv4.interface, true) }}" nomad_node_name: "{{ inventory_hostname }}" -nomad_node_role: "{{ lookup('env','NOMAD_NODE_ROLE') | default('client', true) }}" +nomad_node_role: "{{ lookup('env','NOMAD_NODE_ROLE') | default('server', true) }}" nomad_leave_on_terminate: true nomad_leave_on_interrupt: false nomad_disable_update_check: true @@ -172,9 +172,11 @@ nomad_docker_dmsetup: true # TLS nomad_tls_enable: true -nomad_ca_file: "{{ nomad_ssl_dir }}/ca.pem" +nomad_ca_file: "{{ nomad_ssl_dir }}/nomad-ca.pem" nomad_cert_file: "{{ nomad_ssl_dir }}/nomad.pem" nomad_key_file: "{{ nomad_ssl_dir }}/nomad-key.pem" +nomad_cli_cert_file: "{{ nomad_ssl_dir }}/nomad-cli.pem" +nomad_cli_key_file: "{{ nomad_ssl_dir }}/nomad-cli-key.pem" nomad_http: false nomad_rpc: false nomad_rpc_upgrade_mode: false diff --git a/fdio.infra.ansible/roles/nomad/handlers/main.yaml b/fdio.infra.ansible/roles/nomad/handlers/main.yaml index 8ef4d80353..6263f3dda1 100644 --- a/fdio.infra.ansible/roles/nomad/handlers/main.yaml +++ b/fdio.infra.ansible/roles/nomad/handlers/main.yaml @@ -2,7 +2,7 @@ # file roles/nomad/handlers/main.yaml - name: Restart Nomad - systemd: + ansible.builtin.systemd: daemon_reload: true enabled: true name: "nomad" diff --git a/fdio.infra.ansible/roles/nomad/meta/main.yaml b/fdio.infra.ansible/roles/nomad/meta/main.yaml index 4f467ceee3..f7b25fe8eb 100644 --- a/fdio.infra.ansible/roles/nomad/meta/main.yaml +++ b/fdio.infra.ansible/roles/nomad/meta/main.yaml @@ -1,11 +1,6 @@ --- # file: roles/nomad/meta/main.yaml -# desc: Install nomad from repo and configure service. -# inst: Nomad -# conf: ? -# info: 1.0 - added role - dependencies: [docker] galaxy_info: @@ -19,5 +14,6 @@ galaxy_info: - name: Ubuntu versions: - focal + - jammy galaxy_tags: - nomad diff --git a/fdio.infra.ansible/roles/nomad/tasks/main.yaml b/fdio.infra.ansible/roles/nomad/tasks/main.yaml index 8d58c8bb0e..480c4da0be 100644 --- a/fdio.infra.ansible/roles/nomad/tasks/main.yaml +++ b/fdio.infra.ansible/roles/nomad/tasks/main.yaml @@ -1,26 +1,34 @@ --- -# file: roles/nomad/tasks/main.yaml +# file: tasks/main.yaml -- name: Install Dependencies - apt: +- name: Inst - Update Repositories Cache + ansible.builtin.apt: + update_cache: true + when: + - ansible_os_family == 'Debian' + tags: + - nomad-inst-package + +- name: Inst - Dependencies + ansible.builtin.apt: name: "{{ packages | flatten(levels=1) }}" state: "present" cache_valid_time: 3600 install_recommends: false when: - - ansible_distribution|lower == 'ubuntu' + - ansible_os_family == 'Debian' tags: - nomad-inst-dependencies - name: Conf - Add Nomad Group - group: + ansible.builtin.group: name: "{{ nomad_group }}" state: "{{ nomad_user_state }}" tags: - nomad-conf-user - name: Conf - Add Nomad user - user: + ansible.builtin.user: name: "{{ nomad_user }}" group: "{{ nomad_group }}" state: "{{ nomad_group_state }}" @@ -29,14 +37,14 @@ - nomad-conf-user - name: Inst - Download Nomad - get_url: + ansible.builtin.get_url: url: "{{ nomad_zip_url }}" dest: "{{ nomad_inst_dir }}/{{ nomad_pkg }}" tags: - nomad-inst-package - name: Inst - Clean Nomad - file: + ansible.builtin.file: path: "{{ nomad_inst_dir }}/nomad" state: "absent" when: @@ -45,7 +53,7 @@ - nomad-inst-package - name: Inst - Unarchive Nomad - unarchive: + ansible.builtin.unarchive: src: "{{ nomad_inst_dir }}/{{ nomad_pkg }}" dest: "{{ nomad_inst_dir }}/" remote_src: true @@ -53,7 +61,7 @@ - nomad-inst-package - name: Inst - Nomad - copy: + ansible.builtin.copy: src: "{{ nomad_inst_dir }}/nomad" dest: "{{ nomad_bin_dir }}" owner: "{{ nomad_user }}" @@ -65,25 +73,27 @@ - nomad-inst-package - name: Conf - Create Directories "{{ nomad_data_dir }}" - file: + ansible.builtin.file: dest: "{{ nomad_data_dir }}" state: directory owner: "{{ nomad_user }}" group: "{{ nomad_group }}" + mode: 0755 tags: - nomad-conf - name: Conf - Create Directories "{{ nomad_ssl_dir }}" - file: + ansible.builtin.file: dest: "{{ nomad_ssl_dir }}" state: directory owner: "{{ nomad_user }}" group: "{{ nomad_group }}" + mode: 0755 tags: - nomad-conf - name: Conf - Create Config Directory - file: + ansible.builtin.file: dest: "{{ nomad_config_dir }}" state: directory owner: "{{ nomad_user }}" @@ -93,7 +103,7 @@ - nomad-conf - name: Conf - Base Configuration - template: + ansible.builtin.template: src: base.hcl.j2 dest: "{{ nomad_config_dir }}/base.hcl" owner: "{{ nomad_user }}" @@ -103,7 +113,7 @@ - nomad-conf - name: Conf - Server Configuration - template: + ansible.builtin.template: src: server.hcl.j2 dest: "{{ nomad_config_dir }}/server.hcl" owner: "{{ nomad_user }}" @@ -115,7 +125,7 @@ - nomad-conf - name: Conf - Client Configuration - template: + ansible.builtin.template: src: client.hcl.j2 dest: "{{ nomad_config_dir }}/client.hcl" owner: "{{ nomad_user }}" @@ -127,7 +137,7 @@ - nomad-conf - name: Conf - TLS Configuration - template: + ansible.builtin.template: src: tls.hcl.j2 dest: "{{ nomad_config_dir }}/tls.hcl" owner: "{{ nomad_user }}" @@ -137,7 +147,7 @@ - nomad-conf - name: Conf - Telemetry Configuration - template: + ansible.builtin.template: src: telemetry.hcl.j2 dest: "{{ nomad_config_dir }}/telemetry.hcl" owner: "{{ nomad_user }}" @@ -147,7 +157,7 @@ - nomad-conf - name: Conf - Consul Configuration - template: + ansible.builtin.template: src: consul.hcl.j2 dest: "{{ nomad_config_dir }}/consul.hcl" owner: "{{ nomad_user }}" @@ -157,7 +167,7 @@ - nomad-conf - name: Conf - Copy Certificates And Keys - copy: + ansible.builtin.copy: content: "{{ item.src }}" dest: "{{ item.dest }}" owner: "{{ nomad_user }}" @@ -166,12 +176,25 @@ no_log: true loop: "{{ nomad_certificates | flatten(levels=1) }}" when: - - nomad_certificates + - nomad_certificates is defined + tags: + - nomad-conf + +- name: Conf - Nomad CLI Environment Variables + ansible.builtin.lineinfile: + path: "/etc/profile.d/nomad.sh" + line: "{{ item }}" + create: true + loop: + - "export NOMAD_ADDR=https://nomad.service.consul:4646" + - "export NOMAD_CACERT={{ nomad_ca_file }}" + - "export NOMAD_CLIENT_CERT={{ nomad_cli_cert_file }}" + - "export NOMAD_CLIENT_KEY={{ nomad_cli_key_file }}" tags: - nomad-conf - name: Conf - System.d Script - template: + ansible.builtin.template: src: "nomad_systemd.service.j2" dest: "/lib/systemd/system/nomad.service" owner: "root" @@ -184,4 +207,5 @@ tags: - nomad-conf -- meta: flush_handlers +- name: Meta - Flush handlers + ansible.builtin.meta: flush_handlers |