diff --git a/nomad.yml b/nomad.yml new file mode 100644 index 0000000..59e314f --- /dev/null +++ b/nomad.yml @@ -0,0 +1,7 @@ +- name: Instala Consul + hosts: nomad_node + any_errors_fatal: true + become: true + become_user: root + roles: + - nomad diff --git a/proxmox-inv/hosts b/proxmox-inv/hosts index bb5c73f..13a6ba6 100644 --- a/proxmox-inv/hosts +++ b/proxmox-inv/hosts @@ -3,9 +3,19 @@ ansible_connection=ssh ansible_user=alpine ansible_ssh_private_key_file=~/.ssh/alpine-cloud +[admin] +192.168.1.111 vm_name=hashi-1 vm_ip=192.168.1.111 + +[client] +192.168.1.112 vm_name=hashi-2 vm_ip=192.168.1.112 + [consul_node] -192.168.1.71 consul_iface=eth0 consul_node_role=server vm_name=hashi-1 vm_ip=192.168.1.71 -192.168.1.72 consul_iface=eth0 consul_node_role=client vm_name=hashi-2 vm_ip=192.168.1.72 +192.168.1.111 consul_iface=eth0 consul_node_role=server vm_name=hashi-1 vm_ip=192.168.1.111 +192.168.1.112 consul_iface=eth0 consul_node_role=client vm_name=hashi-2 vm_ip=192.168.1.112 [consul_node:vars] consul_dc_name=tr4ck + +[nomad_node] +192.168.1.111 vm_name=hashi-1 vm_ip=192.168.1.111 +192.168.1.112 vm_name=hashi-2 vm_ip=192.168.1.112 diff --git a/roles/nomad/defaults/main.yml b/roles/nomad/defaults/main.yml new file mode 100644 index 0000000..36abf31 --- /dev/null +++ b/roles/nomad/defaults/main.yml @@ -0,0 +1,11 @@ +--- +nomad_version: 1.6.2 +nomad_etc_dir: /etc/nomad.d +nomad_data_dir: /opt/nomad +nomad_datacenter: tr4ck + +nomad_namespaces: + admin: + name: admin + client: + name: client diff --git a/roles/nomad/tasks/cni.yml b/roles/nomad/tasks/cni.yml new file mode 100644 index 0000000..bf141db --- /dev/null +++ b/roles/nomad/tasks/cni.yml @@ -0,0 +1,18 @@ +--- +- name: create cni folders + ansible.builtin.file: + path: "{{ item }}" + state: directory + owner: root + group: root + loop: + - /opt/cni/bin + - /opt/cni/config + become: true + +- name: extract plugins + ansible.builtin.unarchive: + remote_src: true + src: "https://github.com/containernetworking/plugins/releases/download/v1.3.0/cni-plugins-linux-{{ pkg_arch_map[ansible_architecture] }}-v1.3.0.tgz" + dest: "/opt/cni/bin" + become: true diff --git a/roles/nomad/tasks/install_alpine_binary.yml b/roles/nomad/tasks/install_alpine_binary.yml new file mode 100644 index 0000000..2b733f7 --- /dev/null +++ b/roles/nomad/tasks/install_alpine_binary.yml @@ -0,0 +1,27 @@ +--- +- name: ensure dirs are there + ansible.builtin.file: + path: "{{ item }}" + state: directory + owner: root + group: root + become: true + loop: + - "{{ nomad_etc_dir }}" + - "{{ nomad_data_dir }}" + +- name: install nomad apk package + community.general.apk: + name: "{{ item }}" + state: present + update_cache: yes + loop: + - python3-pip + - nomad + become: true + +- name: install python-nomad + ansible.builtin.pip: + name: python-nomad + state: latest + become: true diff --git a/roles/nomad/tasks/main.yml b/roles/nomad/tasks/main.yml new file mode 100644 index 0000000..6c7deed --- /dev/null +++ b/roles/nomad/tasks/main.yml @@ -0,0 +1,46 @@ +--- +- name: check version installed + ansible.builtin.command: + cmd: nomad --version + register: nomad_version_installed + changed_when: false + failed_when: false + +- name: install nomad + ansible.builtin.include_tasks: "install_{{ ansible_distribution | lower }}_binary.yml" + when: nomad_installed_version is not defined or nomad_version not in nomad_version_installed.stdout + +- name: setup configs + ansible.builtin.include_tasks: "setup_nomad_configs.yml" + +- name: install cni plugins + ansible.builtin.include_tasks: "cni.yml" + +- name: enable nomad + ansible.builtin.service: + name: nomad + state: restarted + enabled: true + become: true + +- name: set namespaces + ansible.builtin.command: + cmd: nomad namespace apply -descr "{{ item }} namespace" {{ item }} + changed_when: false + failed_when: false + loop: "{{ nomad_namespaces }}" + run_once: true + +#- name: Setup csi plugins +# ansible.builtin.include_tasks: "csi_plugins.yml" +# loop: +# - azure_csi_controller +# - azure_csi_node +# when: nomad_csi_volumes is defined +# run_once: true +# +#- name: Create csi volumes +# ansible.builtin.include_tasks: "csi_volumes.yml" +# loop: "{{ nomad_csi_volumes }}" +# when: nomad_csi_volumes is defined +# run_once: true diff --git a/roles/nomad/tasks/setup_nomad_configs.yml b/roles/nomad/tasks/setup_nomad_configs.yml new file mode 100644 index 0000000..90d0d11 --- /dev/null +++ b/roles/nomad/tasks/setup_nomad_configs.yml @@ -0,0 +1,9 @@ +--- +- name: setup nomad server/worker config + ansible.builtin.template: + src: "nomad.hcl.j2" + dest: "{{ nomad_etc_dir }}/nomad.hcl" + owner: root + group: root + mode: 0660 + become: true diff --git a/roles/nomad/templates/nomad.hcl.j2 b/roles/nomad/templates/nomad.hcl.j2 new file mode 100644 index 0000000..8b04899 --- /dev/null +++ b/roles/nomad/templates/nomad.hcl.j2 @@ -0,0 +1,59 @@ +datacenter = "{{ nomad_datacenter }}" +data_dir = "{{ nomad_data_dir }}" +bind_addr = "{{ vm_ip }}" +name = "{{ vm_name }}" +advertise { + http = "{{ vm_ip }}" + rpc = "{{ vm_ip }}" + serf = "{{ vm_ip }}" +} + +{% if 'admin' in group_names %} +server { + enabled = true + bootstrap_expect = 3 + retry_join = [{% for host in groups['admin'] %}"{{ hostvars[host]['vm_ip'] }}"{% if not loop.last %},{% endif %}{% endfor %}] +} +{% endif %} +client { + enabled = true + host_network "public" { + cidr = "{{ network_cidr }}" + } + meta { + admin = {{ "1" if 'admin' in group_names else "0" }} + } +} +consul { + address = "{{ vm_ip}}:8500" +} +plugin "docker" { + config { + volumes { + enabled = true + selinuxlabel = "z" + } + extra_labels = ["job_name", "job_id", "task_group_name", "task_name", "namespace", "node_name", "node_id"] + gc { + image = true + image_delay = "3m" + container = true + + dangling_containers { + enabled = true + dry_run = false + period = "5m" + creation_grace = "5m" + } + } + + allow_privileged = true + } +} +telemetry { + collection_interval = "1s" + disable_hostname = true + prometheus_metrics = true + publish_allocation_metrics = true + publish_node_metrics = true +}