feat: nomad provisioning with ansible

2025-06-07 07:56:37 -03:00 · 2023-08-03 00:26:59 -03:00 · 2023-08-03 00:26:59 -03:00 · d7a86294b8
commit d7a86294b8
parent 90b0b7c300
8 changed files with 160 additions and 1 deletions
--- a/ansible/inventory/proxmox.yml
+++ b/ansible/inventory/proxmox.yml
@ -20,3 +20,11 @@ dockeragent:
  vars:
    ansible_user: luigi
    ansible_become: true
 nomad:
  hosts:
    nomad.home:
  vars:
    ansible_user: root
    docker_users:
      - nomad
--- a/ansible/nomadserver.yml
+++ b/ansible/nomadserver.yml
@ -0,0 +1,9 @@
 - hosts: nomad
  tasks:
    #NOMAD USER ADDED IN DOCKER GROUP BECAUSE OF VARIABLE AT INVENTORY!!!!!
    - name: install docker
      ansible.builtin.import_role:
        name: docker
    - name: install nomad
      ansible.builtin.import_role:
        name: nomad
--- a/ansible/roles/nomad/defaults/main.yml
+++ b/ansible/roles/nomad/defaults/main.yml
@ -0,0 +1,3 @@
 ---
 nomad_version: "1.6.1"
 nomad_architecture: "amd64"
--- a/ansible/roles/nomad/handlers/main.yaml
+++ b/ansible/roles/nomad/handlers/main.yaml
@ -0,0 +1,5 @@
 ---
 - name: Restart Nomad
  ansible.builtin.systemd:
    name: nomad.service
    state: restarted
--- a/ansible/roles/nomad/tasks/install.yaml
+++ b/ansible/roles/nomad/tasks/install.yaml
@ -0,0 +1,64 @@
 - name: Download Nomad release
  register: nomad_zip
  ansible.builtin.get_url:
    checksum: "sha256:https://releases.hashicorp.com/nomad/{{ nomad_version }}/nomad_{{ nomad_version }}_SHA256SUMS"
    dest: "/tmp/nomad_{{ nomad_version }}_linux_{{ nomad_architecture }}.zip"
    mode: "0644"
    url: "https://releases.hashicorp.com/nomad/{{ nomad_version }}/nomad_{{ nomad_version }}_linux_{{ nomad_architecture }}.zip"
 - name: Install unzip
  when: ansible_os_family == "Debian"
  ansible.builtin.apt:
    cache_valid_time: 3600
    name: unzip
    state: present
 - name: Extract Nomad binary
  ansible.builtin.unarchive:
    dest: /usr/local/bin
    group: root
    mode: "0755"
    owner: root
    remote_src: true
    src: "{{ nomad_zip.dest }}"
 - name: Create Nomad group
  ansible.builtin.group:
    name: nomad
    system: true
 - name: Create Nomad user
  ansible.builtin.user:
    comment: nomad user
    create_home: false
    group: nomad
    home: /usr/local/etc/nomad.d
    name: nomad
    shell: /usr/bin/false
    system: true
 - name: Create Nomad configuration directory
  ansible.builtin.file:
    group: nomad
    mode: "0750"
    owner: nomad
    path: /usr/local/etc/nomad.d
    state: directory
  notify: Restart Nomad
 - name: Create Nomad data directory
  ansible.builtin.file:
    group: nomad
    mode: "0750"
    owner: nomad
    path: /opt/nomad
    state: directory
 - name: Create Nomad systemd service file
  ansible.builtin.template:
    dest: /etc/systemd/system/nomad.service
    group: root
    mode: "0444"
    owner: root
    src: nomad.service.j2
  notify: Restart Nomad
--- a/ansible/roles/nomad/tasks/main.yml
+++ b/ansible/roles/nomad/tasks/main.yml
@ -0,0 +1,19 @@
 - name: Install Nomad
  ansible.builtin.include_tasks: install.yaml
 - name: Create Nomad agent configuration file
  no_log: true
  ansible.builtin.template:
    dest: /usr/local/etc/nomad.d/nomad.hcl
    group: nomad
    lstrip_blocks: true
    mode: "0440"
    owner: nomad
    src: nomad.hcl.j2
  notify: Restart Nomad
 - name: Enable the Nomad service
  ansible.builtin.systemd:
    daemon_reload: true
    enabled: true
    name: nomad.service
--- a/ansible/roles/nomad/templates/nomad.hcl.j2
+++ b/ansible/roles/nomad/templates/nomad.hcl.j2
@ -0,0 +1,29 @@
 ##### Managed by Ansible #####
 datacenter = "dc"
 data_dir = "/opt/nomad"
 server {
  enabled = true
  bootstrap_expect = 1
 }
 client {
  enabled = true
  options {
    docker.privileged.enabled = true
    docker.volumes.enabled = true
  }
 }
 plugin "docker" {
  config {
    allow_caps = ["CHOWN","DAC_OVERRIDE","FSETID","FOWNER","MKNOD","NET_RAW","SETGID","SETUID","SETFCAP","SETPCAP"," NET_BIND_SERVICE","SYS_CHROOT","KILL","AUDIT_WRITE","NET_ADMIN","NET_BROADCAST"]
    # extra Docker labels to be set by Nomad on each Docker container with the appropriate value
    extra_labels = ["job_name", "task_group_name", "task_name", "namespace", "node_name"]
    allow_privileged = true
    volumes {
      enabled      = true
      selinuxlabel = "z"
    }
  }
 }
--- a/ansible/roles/nomad/templates/nomad.service.j2
+++ b/ansible/roles/nomad/templates/nomad.service.j2
@ -0,0 +1,22 @@
 [Unit]
 Description=Nomad
 Documentation=https://nomadproject.io/docs/
 Wants=network-online.target
 After=network-online.target
 [Service]
 User=root
 Group=root
 ExecReload=/bin/kill -HUP $MAINPID
 ExecStart=/usr/local/bin/nomad agent -config /usr/local/etc/nomad.d/nomad.hcl
 KillMode=process
 KillSignal=SIGINT
 LimitNOFILE=infinity
 LimitNPROC=infinity
 Restart=on-failure
 RestartSec=2
 StartLimitBurst=5
 TasksMax=infinity
 [Install]
 WantedBy=multi-user.target