aboutsummaryrefslogtreecommitdiffstats
path: root/fdio.infra.ansible/roles/nomad
diff options
context:
space:
mode:
Diffstat (limited to 'fdio.infra.ansible/roles/nomad')
-rw-r--r--fdio.infra.ansible/roles/nomad/defaults/main.yaml8
-rw-r--r--fdio.infra.ansible/roles/nomad/handlers/main.yaml2
-rw-r--r--fdio.infra.ansible/roles/nomad/meta/main.yaml6
-rw-r--r--fdio.infra.ansible/roles/nomad/tasks/main.yaml70
4 files changed, 54 insertions, 32 deletions
diff --git a/fdio.infra.ansible/roles/nomad/defaults/main.yaml b/fdio.infra.ansible/roles/nomad/defaults/main.yaml
index f58ac0961d..b4741f8d43 100644
--- a/fdio.infra.ansible/roles/nomad/defaults/main.yaml
+++ b/fdio.infra.ansible/roles/nomad/defaults/main.yaml
@@ -16,7 +16,7 @@ packages_by_arch:
- []
# Package
-nomad_version: "{{ lookup('env','NOMAD_VERSION') | default('1.0.4', true) }}"
+nomad_version: "{{ lookup('env','NOMAD_VERSION') | default('1.3.1', true) }}"
nomad_architecture_map:
amd64: "amd64"
x86_64: "amd64"
@@ -63,7 +63,7 @@ nomad_log_level: "INFO"
nomad_syslog_enable: true
nomad_iface: "{{ lookup('env','NOMAD_IFACE') | default(ansible_default_ipv4.interface, true) }}"
nomad_node_name: "{{ inventory_hostname }}"
-nomad_node_role: "{{ lookup('env','NOMAD_NODE_ROLE') | default('client', true) }}"
+nomad_node_role: "{{ lookup('env','NOMAD_NODE_ROLE') | default('server', true) }}"
nomad_leave_on_terminate: true
nomad_leave_on_interrupt: false
nomad_disable_update_check: true
@@ -172,9 +172,11 @@ nomad_docker_dmsetup: true
# TLS
nomad_tls_enable: true
-nomad_ca_file: "{{ nomad_ssl_dir }}/ca.pem"
+nomad_ca_file: "{{ nomad_ssl_dir }}/nomad-ca.pem"
nomad_cert_file: "{{ nomad_ssl_dir }}/nomad.pem"
nomad_key_file: "{{ nomad_ssl_dir }}/nomad-key.pem"
+nomad_cli_cert_file: "{{ nomad_ssl_dir }}/nomad-cli.pem"
+nomad_cli_key_file: "{{ nomad_ssl_dir }}/nomad-cli-key.pem"
nomad_http: false
nomad_rpc: false
nomad_rpc_upgrade_mode: false
diff --git a/fdio.infra.ansible/roles/nomad/handlers/main.yaml b/fdio.infra.ansible/roles/nomad/handlers/main.yaml
index 8ef4d80353..6263f3dda1 100644
--- a/fdio.infra.ansible/roles/nomad/handlers/main.yaml
+++ b/fdio.infra.ansible/roles/nomad/handlers/main.yaml
@@ -2,7 +2,7 @@
# file roles/nomad/handlers/main.yaml
- name: Restart Nomad
- systemd:
+ ansible.builtin.systemd:
daemon_reload: true
enabled: true
name: "nomad"
diff --git a/fdio.infra.ansible/roles/nomad/meta/main.yaml b/fdio.infra.ansible/roles/nomad/meta/main.yaml
index 4f467ceee3..f7b25fe8eb 100644
--- a/fdio.infra.ansible/roles/nomad/meta/main.yaml
+++ b/fdio.infra.ansible/roles/nomad/meta/main.yaml
@@ -1,11 +1,6 @@
---
# file: roles/nomad/meta/main.yaml
-# desc: Install nomad from repo and configure service.
-# inst: Nomad
-# conf: ?
-# info: 1.0 - added role
-
dependencies: [docker]
galaxy_info:
@@ -19,5 +14,6 @@ galaxy_info:
- name: Ubuntu
versions:
- focal
+ - jammy
galaxy_tags:
- nomad
diff --git a/fdio.infra.ansible/roles/nomad/tasks/main.yaml b/fdio.infra.ansible/roles/nomad/tasks/main.yaml
index 8d58c8bb0e..480c4da0be 100644
--- a/fdio.infra.ansible/roles/nomad/tasks/main.yaml
+++ b/fdio.infra.ansible/roles/nomad/tasks/main.yaml
@@ -1,26 +1,34 @@
---
-# file: roles/nomad/tasks/main.yaml
+# file: tasks/main.yaml
-- name: Install Dependencies
- apt:
+- name: Inst - Update Repositories Cache
+ ansible.builtin.apt:
+ update_cache: true
+ when:
+ - ansible_os_family == 'Debian'
+ tags:
+ - nomad-inst-package
+
+- name: Inst - Dependencies
+ ansible.builtin.apt:
name: "{{ packages | flatten(levels=1) }}"
state: "present"
cache_valid_time: 3600
install_recommends: false
when:
- - ansible_distribution|lower == 'ubuntu'
+ - ansible_os_family == 'Debian'
tags:
- nomad-inst-dependencies
- name: Conf - Add Nomad Group
- group:
+ ansible.builtin.group:
name: "{{ nomad_group }}"
state: "{{ nomad_user_state }}"
tags:
- nomad-conf-user
- name: Conf - Add Nomad user
- user:
+ ansible.builtin.user:
name: "{{ nomad_user }}"
group: "{{ nomad_group }}"
state: "{{ nomad_group_state }}"
@@ -29,14 +37,14 @@
- nomad-conf-user
- name: Inst - Download Nomad
- get_url:
+ ansible.builtin.get_url:
url: "{{ nomad_zip_url }}"
dest: "{{ nomad_inst_dir }}/{{ nomad_pkg }}"
tags:
- nomad-inst-package
- name: Inst - Clean Nomad
- file:
+ ansible.builtin.file:
path: "{{ nomad_inst_dir }}/nomad"
state: "absent"
when:
@@ -45,7 +53,7 @@
- nomad-inst-package
- name: Inst - Unarchive Nomad
- unarchive:
+ ansible.builtin.unarchive:
src: "{{ nomad_inst_dir }}/{{ nomad_pkg }}"
dest: "{{ nomad_inst_dir }}/"
remote_src: true
@@ -53,7 +61,7 @@
- nomad-inst-package
- name: Inst - Nomad
- copy:
+ ansible.builtin.copy:
src: "{{ nomad_inst_dir }}/nomad"
dest: "{{ nomad_bin_dir }}"
owner: "{{ nomad_user }}"
@@ -65,25 +73,27 @@
- nomad-inst-package
- name: Conf - Create Directories "{{ nomad_data_dir }}"
- file:
+ ansible.builtin.file:
dest: "{{ nomad_data_dir }}"
state: directory
owner: "{{ nomad_user }}"
group: "{{ nomad_group }}"
+ mode: 0755
tags:
- nomad-conf
- name: Conf - Create Directories "{{ nomad_ssl_dir }}"
- file:
+ ansible.builtin.file:
dest: "{{ nomad_ssl_dir }}"
state: directory
owner: "{{ nomad_user }}"
group: "{{ nomad_group }}"
+ mode: 0755
tags:
- nomad-conf
- name: Conf - Create Config Directory
- file:
+ ansible.builtin.file:
dest: "{{ nomad_config_dir }}"
state: directory
owner: "{{ nomad_user }}"
@@ -93,7 +103,7 @@
- nomad-conf
- name: Conf - Base Configuration
- template:
+ ansible.builtin.template:
src: base.hcl.j2
dest: "{{ nomad_config_dir }}/base.hcl"
owner: "{{ nomad_user }}"
@@ -103,7 +113,7 @@
- nomad-conf
- name: Conf - Server Configuration
- template:
+ ansible.builtin.template:
src: server.hcl.j2
dest: "{{ nomad_config_dir }}/server.hcl"
owner: "{{ nomad_user }}"
@@ -115,7 +125,7 @@
- nomad-conf
- name: Conf - Client Configuration
- template:
+ ansible.builtin.template:
src: client.hcl.j2
dest: "{{ nomad_config_dir }}/client.hcl"
owner: "{{ nomad_user }}"
@@ -127,7 +137,7 @@
- nomad-conf
- name: Conf - TLS Configuration
- template:
+ ansible.builtin.template:
src: tls.hcl.j2
dest: "{{ nomad_config_dir }}/tls.hcl"
owner: "{{ nomad_user }}"
@@ -137,7 +147,7 @@
- nomad-conf
- name: Conf - Telemetry Configuration
- template:
+ ansible.builtin.template:
src: telemetry.hcl.j2
dest: "{{ nomad_config_dir }}/telemetry.hcl"
owner: "{{ nomad_user }}"
@@ -147,7 +157,7 @@
- nomad-conf
- name: Conf - Consul Configuration
- template:
+ ansible.builtin.template:
src: consul.hcl.j2
dest: "{{ nomad_config_dir }}/consul.hcl"
owner: "{{ nomad_user }}"
@@ -157,7 +167,7 @@
- nomad-conf
- name: Conf - Copy Certificates And Keys
- copy:
+ ansible.builtin.copy:
content: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: "{{ nomad_user }}"
@@ -166,12 +176,25 @@
no_log: true
loop: "{{ nomad_certificates | flatten(levels=1) }}"
when:
- - nomad_certificates
+ - nomad_certificates is defined
+ tags:
+ - nomad-conf
+
+- name: Conf - Nomad CLI Environment Variables
+ ansible.builtin.lineinfile:
+ path: "/etc/profile.d/nomad.sh"
+ line: "{{ item }}"
+ create: true
+ loop:
+ - "export NOMAD_ADDR=https://nomad.service.consul:4646"
+ - "export NOMAD_CACERT={{ nomad_ca_file }}"
+ - "export NOMAD_CLIENT_CERT={{ nomad_cli_cert_file }}"
+ - "export NOMAD_CLIENT_KEY={{ nomad_cli_key_file }}"
tags:
- nomad-conf
- name: Conf - System.d Script
- template:
+ ansible.builtin.template:
src: "nomad_systemd.service.j2"
dest: "/lib/systemd/system/nomad.service"
owner: "root"
@@ -184,4 +207,5 @@
tags:
- nomad-conf
-- meta: flush_handlers
+- name: Meta - Flush handlers
+ ansible.builtin.meta: flush_handlers