diff --git a/ansible/inventory/proxmox.yml b/ansible/inventory/proxmox.yml index 0bb4653..b0c02b1 100644 --- a/ansible/inventory/proxmox.yml +++ b/ansible/inventory/proxmox.yml @@ -19,4 +19,12 @@ dockeragent: csgo.home: vars: ansible_user: luigi - ansible_become: true \ No newline at end of file + ansible_become: true + +nomad: + hosts: + nomad.home: + vars: + ansible_user: root + docker_users: + - nomad \ No newline at end of file diff --git a/ansible/nomadserver.yml b/ansible/nomadserver.yml new file mode 100644 index 0000000..5fee9b4 --- /dev/null +++ b/ansible/nomadserver.yml @@ -0,0 +1,9 @@ +- hosts: nomad + tasks: + #NOMAD USER ADDED IN DOCKER GROUP BECAUSE OF VARIABLE AT INVENTORY!!!!! + - name: install docker + ansible.builtin.import_role: + name: docker + - name: install nomad + ansible.builtin.import_role: + name: nomad diff --git a/ansible/roles/nomad/defaults/main.yml b/ansible/roles/nomad/defaults/main.yml new file mode 100644 index 0000000..fd85019 --- /dev/null +++ b/ansible/roles/nomad/defaults/main.yml @@ -0,0 +1,3 @@ +--- +nomad_version: "1.6.1" +nomad_architecture: "amd64" diff --git a/ansible/roles/nomad/handlers/main.yaml b/ansible/roles/nomad/handlers/main.yaml new file mode 100644 index 0000000..5120195 --- /dev/null +++ b/ansible/roles/nomad/handlers/main.yaml @@ -0,0 +1,5 @@ +--- +- name: Restart Nomad + ansible.builtin.systemd: + name: nomad.service + state: restarted diff --git a/ansible/roles/nomad/tasks/install.yaml b/ansible/roles/nomad/tasks/install.yaml new file mode 100644 index 0000000..6effedc --- /dev/null +++ b/ansible/roles/nomad/tasks/install.yaml @@ -0,0 +1,64 @@ +- name: Download Nomad release + register: nomad_zip + ansible.builtin.get_url: + checksum: "sha256:https://releases.hashicorp.com/nomad/{{ nomad_version }}/nomad_{{ nomad_version }}_SHA256SUMS" + dest: "/tmp/nomad_{{ nomad_version }}_linux_{{ nomad_architecture }}.zip" + mode: "0644" + url: "https://releases.hashicorp.com/nomad/{{ nomad_version }}/nomad_{{ nomad_version }}_linux_{{ nomad_architecture }}.zip" + +- name: Install unzip + when: ansible_os_family == "Debian" + ansible.builtin.apt: + cache_valid_time: 3600 + name: unzip + state: present + +- name: Extract Nomad binary + ansible.builtin.unarchive: + dest: /usr/local/bin + group: root + mode: "0755" + owner: root + remote_src: true + src: "{{ nomad_zip.dest }}" + +- name: Create Nomad group + ansible.builtin.group: + name: nomad + system: true + +- name: Create Nomad user + ansible.builtin.user: + comment: nomad user + create_home: false + group: nomad + home: /usr/local/etc/nomad.d + name: nomad + shell: /usr/bin/false + system: true + +- name: Create Nomad configuration directory + ansible.builtin.file: + group: nomad + mode: "0750" + owner: nomad + path: /usr/local/etc/nomad.d + state: directory + notify: Restart Nomad + +- name: Create Nomad data directory + ansible.builtin.file: + group: nomad + mode: "0750" + owner: nomad + path: /opt/nomad + state: directory + +- name: Create Nomad systemd service file + ansible.builtin.template: + dest: /etc/systemd/system/nomad.service + group: root + mode: "0444" + owner: root + src: nomad.service.j2 + notify: Restart Nomad diff --git a/ansible/roles/nomad/tasks/main.yml b/ansible/roles/nomad/tasks/main.yml new file mode 100644 index 0000000..3e47d02 --- /dev/null +++ b/ansible/roles/nomad/tasks/main.yml @@ -0,0 +1,19 @@ +- name: Install Nomad + ansible.builtin.include_tasks: install.yaml + +- name: Create Nomad agent configuration file + no_log: true + ansible.builtin.template: + dest: /usr/local/etc/nomad.d/nomad.hcl + group: nomad + lstrip_blocks: true + mode: "0440" + owner: nomad + src: nomad.hcl.j2 + notify: Restart Nomad + +- name: Enable the Nomad service + ansible.builtin.systemd: + daemon_reload: true + enabled: true + name: nomad.service diff --git a/ansible/roles/nomad/templates/nomad.hcl.j2 b/ansible/roles/nomad/templates/nomad.hcl.j2 new file mode 100644 index 0000000..ad5869f --- /dev/null +++ b/ansible/roles/nomad/templates/nomad.hcl.j2 @@ -0,0 +1,29 @@ +##### Managed by Ansible ##### + +datacenter = "dc" +data_dir = "/opt/nomad" + +server { + enabled = true + bootstrap_expect = 1 +} +client { + enabled = true + options { + docker.privileged.enabled = true + docker.volumes.enabled = true + } +} + +plugin "docker" { + config { + allow_caps = ["CHOWN","DAC_OVERRIDE","FSETID","FOWNER","MKNOD","NET_RAW","SETGID","SETUID","SETFCAP","SETPCAP"," NET_BIND_SERVICE","SYS_CHROOT","KILL","AUDIT_WRITE","NET_ADMIN","NET_BROADCAST"] + # extra Docker labels to be set by Nomad on each Docker container with the appropriate value + extra_labels = ["job_name", "task_group_name", "task_name", "namespace", "node_name"] + allow_privileged = true + volumes { + enabled = true + selinuxlabel = "z" + } + } +} \ No newline at end of file diff --git a/ansible/roles/nomad/templates/nomad.service.j2 b/ansible/roles/nomad/templates/nomad.service.j2 new file mode 100644 index 0000000..b42fa7d --- /dev/null +++ b/ansible/roles/nomad/templates/nomad.service.j2 @@ -0,0 +1,22 @@ +[Unit] +Description=Nomad +Documentation=https://nomadproject.io/docs/ +Wants=network-online.target +After=network-online.target + +[Service] +User=root +Group=root +ExecReload=/bin/kill -HUP $MAINPID +ExecStart=/usr/local/bin/nomad agent -config /usr/local/etc/nomad.d/nomad.hcl +KillMode=process +KillSignal=SIGINT +LimitNOFILE=infinity +LimitNPROC=infinity +Restart=on-failure +RestartSec=2 +StartLimitBurst=5 +TasksMax=infinity + +[Install] +WantedBy=multi-user.target \ No newline at end of file