From 78a8427cc50c137e5d59ad3448ae128fdda369b2 Mon Sep 17 00:00:00 2001 From: pmikus Date: Wed, 5 May 2021 14:56:45 +0000 Subject: Infra: Backend infra upgrade Signed-off-by: pmikus Change-Id: If1e659339f0d25ebcaab4388745c62aa0852abb3 --- .../roles/nomad/templates/nomad_systemd.service.j2 | 29 ++++++++++++++-------- .../roles/nomad/templates/telemetry.hcl.j2 | 1 - .../roles/nomad/templates/tls.hcl.j2 | 2 ++ 3 files changed, 20 insertions(+), 12 deletions(-) (limited to 'fdio.infra.ansible/roles/nomad/templates') diff --git a/fdio.infra.ansible/roles/nomad/templates/nomad_systemd.service.j2 b/fdio.infra.ansible/roles/nomad/templates/nomad_systemd.service.j2 index 2a87c65063..61f07df5b6 100644 --- a/fdio.infra.ansible/roles/nomad/templates/nomad_systemd.service.j2 +++ b/fdio.infra.ansible/roles/nomad/templates/nomad_systemd.service.j2 @@ -1,21 +1,28 @@ [Unit] -Description=Nomad Service -Documentation=https://www.nomadproject.io/docs/ +Description=Nomad +Documentation=https://nomadproject.io/docs/ Wants=network-online.target After=network-online.target +# When using Nomad with Consul it is not necessary to start Consul first. These +# lines start Consul before Nomad as an optimization to avoid Nomad logging +# that Consul is unavailable at startup. +#Wants=consul.service +#After=consul.service + [Service] -# TODO: Decrease privilege -ExecReload=/bin/kill -SIGHUP $MAINPID -ExecStart={{ nomad_bin_dir }}/nomad agent -config={{ nomad_config_dir }} -KillSignal=SIGTERM +ExecReload=/bin/kill -HUP $MAINPID +ExecStart={{ nomad_bin_dir }}/nomad agent -config {{ nomad_config_dir }} +KillMode=process +KillSignal=SIGINT LimitNOFILE=infinity LimitNPROC=infinity Restart=on-failure -RestartSec=1 -User=root -Group=root -Environment="GOMAXPROCS=2" +RestartSec=2 +StartLimitBurst=3 +StartLimitInterval=10 +TasksMax=infinity +OOMScoreAdjust=-1000 [Install] -WantedBy=multi-user.target +WantedBy=multi-user.target \ No newline at end of file diff --git a/fdio.infra.ansible/roles/nomad/templates/telemetry.hcl.j2 b/fdio.infra.ansible/roles/nomad/templates/telemetry.hcl.j2 index 256c6999e9..7b62f76976 100644 --- a/fdio.infra.ansible/roles/nomad/templates/telemetry.hcl.j2 +++ b/fdio.infra.ansible/roles/nomad/templates/telemetry.hcl.j2 @@ -16,5 +16,4 @@ telemetry { use_node_name = {{ nomad_use_node_name | bool | lower }} publish_allocation_metrics = {{ nomad_publish_allocation_metrics | bool | lower }} publish_node_metrics = {{ nomad_publish_node_metrics | bool | lower }} - backwards_compatible_metrics = {{ nomad_backwards_compatible_metrics | bool | lower }} } diff --git a/fdio.infra.ansible/roles/nomad/templates/tls.hcl.j2 b/fdio.infra.ansible/roles/nomad/templates/tls.hcl.j2 index 650765f1b1..46dc1fe6b1 100644 --- a/fdio.infra.ansible/roles/nomad/templates/tls.hcl.j2 +++ b/fdio.infra.ansible/roles/nomad/templates/tls.hcl.j2 @@ -5,6 +5,8 @@ tls { http = {{ nomad_http | bool | lower }} rpc = {{ nomad_rpc | bool | lower }} + verify_server_hostname = {{ nomad_verify_server_hostname | bool | lower }} + verify_https_client = {{ nomad_verify_https_client | bool | lower }} ca_file = "{{ nomad_ca_file }}" cert_file = "{{ nomad_cert_file }}" key_file = "{{ nomad_key_file }}" -- cgit 1.2.3-korg