1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
|
---
# file: roles/nomad/defaults/main.yaml
# Prerequisites
packages: "{{ packages_base + packages_by_distro[ansible_distribution | lower] + packages_by_arch[ansible_machine] }}"
packages_base:
- "curl"
- "unzip"
packages_by_distro:
ubuntu:
- []
packages_by_arch:
aarch64:
- []
x86_64:
- []
# Package
nomad_version: "{{ lookup('env','NOMAD_VERSION') | default('1.3.1', true) }}"
nomad_architecture_map:
amd64: "amd64"
x86_64: "amd64"
armv7l: "arm"
aarch64: "arm64"
32-bit: "386"
64-bit: "amd64"
nomad_architecture: "{{ nomad_architecture_map[ansible_architecture] }}"
nomad_pkg: "nomad_{{ nomad_version }}_linux_{{nomad_architecture}}.zip"
nomad_zip_url: "https://releases.hashicorp.com/nomad/{{ nomad_version }}/nomad_{{ nomad_version }}_linux_{{nomad_architecture}}.zip"
nomad_checksum_file_url: "https://releases.hashicorp.com/nomad/{{ nomad_version }}/nomad_{{ nomad_version}}_SHA256SUMS"
nomad_podman_enable: false
nomad_podman_version: "{{ lookup('env','NOMAD_PODMAN_VERSION') | default('0.1.0', true) }}"
nomad_podman_pkg: "nomad-driver-podman_{{ nomad_podman_version }}_linux_{{nomad_architecture}}.zip"
nomad_podman_url: "https://releases.hashicorp.com/nomad-driver-podman/{{ nomad_podman_version }}"
nomad_podman_zip_url: "{{ nomad_podman_url }}/{{ nomad_podman_pkg }}"
nomad_podman_checksum_file_url: "{{ nomad_podman_url }}/nomad-driver-podman_{{ nomad_podman_version }}_SHA256SUMS"
nomad_force_update: false
# Paths
nomad_inst_dir: "/opt"
nomad_bin_dir: "/usr/local/bin"
nomad_config_dir: "/etc/nomad.d"
nomad_data_dir: "/var/nomad"
nomad_plugin_dir: "{{ nomad_data_dir }}/plugins"
nomad_lockfile: "/var/lock/subsys/nomad"
nomad_run_dir: "/var/run/nomad"
nomad_ssl_dir: "/etc/nomad.d/ssl"
# Initialization and startup script templates
nomad_restart_handler_state: "restarted"
nomad_service_mgr: ""
# System user and group
nomad_group: "nomad"
nomad_group_state: "present"
nomad_user: "nomad"
nomad_user_state: "present"
# Nomad settings
nomad_datacenter: "dc1"
nomad_region: "global"
nomad_log_level: "INFO"
nomad_syslog_enable: true
nomad_iface: "{{ lookup('env','NOMAD_IFACE') | default(ansible_default_ipv4.interface, true) }}"
nomad_node_name: "{{ inventory_hostname }}"
nomad_node_role: "{{ lookup('env','NOMAD_NODE_ROLE') | default('server', true) }}"
nomad_leave_on_terminate: true
nomad_leave_on_interrupt: false
nomad_disable_update_check: true
nomad_enable_debug: false
# Server settings
nomad_bootstrap_expect: 2
nomad_encrypt: ""
nomad_retry_join: true
# Specifies how long a node must be in a terminal state before it is garbage
# collected and purged from the system.
nomad_node_gc_threshold: "24h"
# Specifies the interval between the job garbage collections. Only jobs who have
# been terminal for at least job_gc_threshold will be collected.
nomad_job_gc_interval: "10m"
# Specifies the minimum time a job must be in the terminal state before it is
# eligible for garbage collection.
nomad_job_gc_threshold: "4h"
# Specifies the minimum time an evaluation must be in the terminal state before
# it is eligible for garbage collection.
nomad_eval_gc_threshold: "1h"
# Specifies the minimum time a deployment must be in the terminal state before
# it is eligible for garbage collection.
nomad_deployment_gc_threshold: "1h"
nomad_encrypt_enable: "{{ lookup('env','NOMAD_ENCRYPT_ENABLE') | default('false', true) }}"
nomad_raft_protocol: 2
# Client settings
nomad_node_class: "compute"
nomad_no_host_uuid: true
nomad_max_kill_timeout: "30s"
nomad_gc_interval: "1m"
nomad_gc_disk_usage_threshold: 80
nomad_gc_inode_usage_threshold: 70
nomad_gc_parallel_destroys: 2
nomad_reserved:
cpu: "{{ nomad_reserved_cpu | default('0', true) }}"
memory: "{{ nomad_reserved_memory | default('0', true) }}"
disk: "{{ nomad_reserved_disk | default('0', true) }}"
ports: "{{ nomad_reserved_ports | default('22', true) }}"
nomad_volumes: []
nomad_options: {}
nomad_meta: {}
nomad_chroot_env: false
nomad_plugins: {}
# Addresses
nomad_bind_address: "{{ hostvars[inventory_hostname]['ansible_'+ nomad_iface ]['ipv4']['address'] }}"
nomad_advertise_address: "{{ hostvars[inventory_hostname]['ansible_' + nomad_iface]['ipv4']['address'] }}"
# Ports
nomad_ports:
http: "{{ nomad_ports_http | default('4646', true) }}"
rpc: "{{ nomad_ports_rpc | default('4647', true) }}"
serf: "{{ nomad_ports_serf | default('4648', true) }}"
# Servers
nomad_group_name: "nomad"
nomad_servers: "\
{% if nomad_use_consul==false %}\
{% set _nomad_servers = [] %}\
{% for host in groups[nomad_group_name] %}\
{% set _nomad_node_role = hostvars[host]['nomad_node_role'] | default('client', true) %}\
{% if ( _nomad_node_role == 'server' or _nomad_node_role == 'both') %}\
{% if _nomad_servers.append(host) %}{% endif %}\
{% endif %}\
{% endfor %}\
{{ _nomad_servers }}\
{% else %}\
[]\
{% endif %}"
nomad_gather_server_facts: false
# Consul
nomad_use_consul: true
nomad_consul_address: "localhost:8500"
nomad_consul_token: ""
nomad_consul_servers_service_name: "nomad"
nomad_consul_clients_service_name: "nomad-client"
nomad_consul_tags: {}
# ACLs
nomad_acl_enabled: "{{ lookup('env', 'NOMAD_ACL_ENABLED') | default('no', true) }}"
nomad_acl_token_ttl: "30s"
nomad_acl_policy_ttl: "30s"
nomad_acl_replication_token: ""
# Vault
nomad_vault_enabled: "{{ lookup('env', 'NOMAD_VAULT_ENABLED') | default('no', true) }}"
nomad_vault_address: "{{ vault_address | default('0.0.0.0', true) }}"
nomad_vault_allow_unauthenticated: true
nomad_vault_create_from_role: ""
nomad_vault_task_token_ttl: ""
nomad_vault_ca_file: ""
nomad_vault_ca_path: ""
nomad_vault_cert_file: ""
nomad_vault_key_file: ""
nomad_vault_tls_server_name: ""
nomad_vault_tls_skip_verify: false
nomad_vault_token: ""
nomad_vault_namespace: ""
# Docker
nomad_docker_enable: "{{ lookup('env','NOMAD_DOCKER_ENABLE') | default('false', true) }}"
nomad_docker_dmsetup: true
# TLS
nomad_tls_enable: true
nomad_ca_file: "{{ nomad_ssl_dir }}/nomad-ca.pem"
nomad_cert_file: "{{ nomad_ssl_dir }}/nomad.pem"
nomad_key_file: "{{ nomad_ssl_dir }}/nomad-key.pem"
nomad_cli_cert_file: "{{ nomad_ssl_dir }}/nomad-cli.pem"
nomad_cli_key_file: "{{ nomad_ssl_dir }}/nomad-cli-key.pem"
nomad_http: false
nomad_rpc: false
nomad_rpc_upgrade_mode: false
nomad_verify_server_hostname: false
nomad_verify_https_client: false
# Conf - autopilot.hcl
nomad_autopilot_cleanup_dead_servers: true
nomad_autopilot_last_contact_threshold: "200ms"
nomad_autopilot_max_trailing_logs: 250
nomad_autopilot_server_stabilization_time: "10s"
# Telemetry
nomad_telemetry: true
nomad_telemetry_disable_hostname: false
nomad_telemetry_collection_interval: 60s
nomad_telemetry_use_node_name: false
nomad_telemetry_publish_allocation_metrics: true
nomad_telemetry_publish_node_metrics: true
nomad_telemetry_prometheus_metrics: true
|