mirror of
https://github.com/luigieai/homelab.git
synced 2025-06-06 15:46:35 -03:00
feat: nomad provisioning with ansible
This commit is contained in:
parent
90b0b7c300
commit
d7a86294b8
8 changed files with 160 additions and 1 deletions
|
|
@ -19,4 +19,12 @@ dockeragent:
|
|||
csgo.home:
|
||||
vars:
|
||||
ansible_user: luigi
|
||||
ansible_become: true
|
||||
ansible_become: true
|
||||
|
||||
nomad:
|
||||
hosts:
|
||||
nomad.home:
|
||||
vars:
|
||||
ansible_user: root
|
||||
docker_users:
|
||||
- nomad
|
||||
9
ansible/nomadserver.yml
Normal file
9
ansible/nomadserver.yml
Normal file
|
|
@ -0,0 +1,9 @@
|
|||
- hosts: nomad
|
||||
tasks:
|
||||
#NOMAD USER ADDED IN DOCKER GROUP BECAUSE OF VARIABLE AT INVENTORY!!!!!
|
||||
- name: install docker
|
||||
ansible.builtin.import_role:
|
||||
name: docker
|
||||
- name: install nomad
|
||||
ansible.builtin.import_role:
|
||||
name: nomad
|
||||
3
ansible/roles/nomad/defaults/main.yml
Normal file
3
ansible/roles/nomad/defaults/main.yml
Normal file
|
|
@ -0,0 +1,3 @@
|
|||
---
|
||||
nomad_version: "1.6.1"
|
||||
nomad_architecture: "amd64"
|
||||
5
ansible/roles/nomad/handlers/main.yaml
Normal file
5
ansible/roles/nomad/handlers/main.yaml
Normal file
|
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
- name: Restart Nomad
|
||||
ansible.builtin.systemd:
|
||||
name: nomad.service
|
||||
state: restarted
|
||||
64
ansible/roles/nomad/tasks/install.yaml
Normal file
64
ansible/roles/nomad/tasks/install.yaml
Normal file
|
|
@ -0,0 +1,64 @@
|
|||
- name: Download Nomad release
|
||||
register: nomad_zip
|
||||
ansible.builtin.get_url:
|
||||
checksum: "sha256:https://releases.hashicorp.com/nomad/{{ nomad_version }}/nomad_{{ nomad_version }}_SHA256SUMS"
|
||||
dest: "/tmp/nomad_{{ nomad_version }}_linux_{{ nomad_architecture }}.zip"
|
||||
mode: "0644"
|
||||
url: "https://releases.hashicorp.com/nomad/{{ nomad_version }}/nomad_{{ nomad_version }}_linux_{{ nomad_architecture }}.zip"
|
||||
|
||||
- name: Install unzip
|
||||
when: ansible_os_family == "Debian"
|
||||
ansible.builtin.apt:
|
||||
cache_valid_time: 3600
|
||||
name: unzip
|
||||
state: present
|
||||
|
||||
- name: Extract Nomad binary
|
||||
ansible.builtin.unarchive:
|
||||
dest: /usr/local/bin
|
||||
group: root
|
||||
mode: "0755"
|
||||
owner: root
|
||||
remote_src: true
|
||||
src: "{{ nomad_zip.dest }}"
|
||||
|
||||
- name: Create Nomad group
|
||||
ansible.builtin.group:
|
||||
name: nomad
|
||||
system: true
|
||||
|
||||
- name: Create Nomad user
|
||||
ansible.builtin.user:
|
||||
comment: nomad user
|
||||
create_home: false
|
||||
group: nomad
|
||||
home: /usr/local/etc/nomad.d
|
||||
name: nomad
|
||||
shell: /usr/bin/false
|
||||
system: true
|
||||
|
||||
- name: Create Nomad configuration directory
|
||||
ansible.builtin.file:
|
||||
group: nomad
|
||||
mode: "0750"
|
||||
owner: nomad
|
||||
path: /usr/local/etc/nomad.d
|
||||
state: directory
|
||||
notify: Restart Nomad
|
||||
|
||||
- name: Create Nomad data directory
|
||||
ansible.builtin.file:
|
||||
group: nomad
|
||||
mode: "0750"
|
||||
owner: nomad
|
||||
path: /opt/nomad
|
||||
state: directory
|
||||
|
||||
- name: Create Nomad systemd service file
|
||||
ansible.builtin.template:
|
||||
dest: /etc/systemd/system/nomad.service
|
||||
group: root
|
||||
mode: "0444"
|
||||
owner: root
|
||||
src: nomad.service.j2
|
||||
notify: Restart Nomad
|
||||
19
ansible/roles/nomad/tasks/main.yml
Normal file
19
ansible/roles/nomad/tasks/main.yml
Normal file
|
|
@ -0,0 +1,19 @@
|
|||
- name: Install Nomad
|
||||
ansible.builtin.include_tasks: install.yaml
|
||||
|
||||
- name: Create Nomad agent configuration file
|
||||
no_log: true
|
||||
ansible.builtin.template:
|
||||
dest: /usr/local/etc/nomad.d/nomad.hcl
|
||||
group: nomad
|
||||
lstrip_blocks: true
|
||||
mode: "0440"
|
||||
owner: nomad
|
||||
src: nomad.hcl.j2
|
||||
notify: Restart Nomad
|
||||
|
||||
- name: Enable the Nomad service
|
||||
ansible.builtin.systemd:
|
||||
daemon_reload: true
|
||||
enabled: true
|
||||
name: nomad.service
|
||||
29
ansible/roles/nomad/templates/nomad.hcl.j2
Normal file
29
ansible/roles/nomad/templates/nomad.hcl.j2
Normal file
|
|
@ -0,0 +1,29 @@
|
|||
##### Managed by Ansible #####
|
||||
|
||||
datacenter = "dc"
|
||||
data_dir = "/opt/nomad"
|
||||
|
||||
server {
|
||||
enabled = true
|
||||
bootstrap_expect = 1
|
||||
}
|
||||
client {
|
||||
enabled = true
|
||||
options {
|
||||
docker.privileged.enabled = true
|
||||
docker.volumes.enabled = true
|
||||
}
|
||||
}
|
||||
|
||||
plugin "docker" {
|
||||
config {
|
||||
allow_caps = ["CHOWN","DAC_OVERRIDE","FSETID","FOWNER","MKNOD","NET_RAW","SETGID","SETUID","SETFCAP","SETPCAP"," NET_BIND_SERVICE","SYS_CHROOT","KILL","AUDIT_WRITE","NET_ADMIN","NET_BROADCAST"]
|
||||
# extra Docker labels to be set by Nomad on each Docker container with the appropriate value
|
||||
extra_labels = ["job_name", "task_group_name", "task_name", "namespace", "node_name"]
|
||||
allow_privileged = true
|
||||
volumes {
|
||||
enabled = true
|
||||
selinuxlabel = "z"
|
||||
}
|
||||
}
|
||||
}
|
||||
22
ansible/roles/nomad/templates/nomad.service.j2
Normal file
22
ansible/roles/nomad/templates/nomad.service.j2
Normal file
|
|
@ -0,0 +1,22 @@
|
|||
[Unit]
|
||||
Description=Nomad
|
||||
Documentation=https://nomadproject.io/docs/
|
||||
Wants=network-online.target
|
||||
After=network-online.target
|
||||
|
||||
[Service]
|
||||
User=root
|
||||
Group=root
|
||||
ExecReload=/bin/kill -HUP $MAINPID
|
||||
ExecStart=/usr/local/bin/nomad agent -config /usr/local/etc/nomad.d/nomad.hcl
|
||||
KillMode=process
|
||||
KillSignal=SIGINT
|
||||
LimitNOFILE=infinity
|
||||
LimitNPROC=infinity
|
||||
Restart=on-failure
|
||||
RestartSec=2
|
||||
StartLimitBurst=5
|
||||
TasksMax=infinity
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
Loading…
Add table
Reference in a new issue