cambio de direcciós IPs e rol nomad

nomad.yml

@@ -0,0 +1,7 @@
+- name: Instala Consul
+  hosts: nomad_node
+  any_errors_fatal: true
+  become: true
+  become_user: root
+  roles:
+    - nomad

proxmox-inv/hosts

@@ -3,9 +3,19 @@ ansible_connection=ssh
 ansible_user=alpine
 ansible_ssh_private_key_file=~/.ssh/alpine-cloud
 
+[admin]
+192.168.1.111 vm_name=hashi-1 vm_ip=192.168.1.111
+
+[client]
+192.168.1.112 vm_name=hashi-2 vm_ip=192.168.1.112
+
 [consul_node]
-192.168.1.71 consul_iface=eth0 consul_node_role=server vm_name=hashi-1 vm_ip=192.168.1.71
-192.168.1.72 consul_iface=eth0 consul_node_role=client vm_name=hashi-2 vm_ip=192.168.1.72
+192.168.1.111 consul_iface=eth0 consul_node_role=server vm_name=hashi-1 vm_ip=192.168.1.111
+192.168.1.112 consul_iface=eth0 consul_node_role=client vm_name=hashi-2 vm_ip=192.168.1.112
 
 [consul_node:vars]
 consul_dc_name=tr4ck
+
+[nomad_node]
+192.168.1.111 vm_name=hashi-1 vm_ip=192.168.1.111
+192.168.1.112 vm_name=hashi-2 vm_ip=192.168.1.112

roles/nomad/defaults/main.yml

@@ -0,0 +1,11 @@
+---
+nomad_version: 1.6.2
+nomad_etc_dir: /etc/nomad.d
+nomad_data_dir: /opt/nomad
+nomad_datacenter: tr4ck 
+
+nomad_namespaces:
+  admin:
+    name: admin
+  client:
+    name: client

roles/nomad/tasks/cni.yml

@@ -0,0 +1,18 @@
+---
+- name: create cni folders
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: directory
+    owner: root
+    group: root
+  loop:
+    - /opt/cni/bin
+    - /opt/cni/config
+  become: true
+
+- name: extract plugins
+  ansible.builtin.unarchive:
+    remote_src: true
+    src: "https://github.com/containernetworking/plugins/releases/download/v1.3.0/cni-plugins-linux-{{ pkg_arch_map[ansible_architecture] }}-v1.3.0.tgz"
+    dest: "/opt/cni/bin"
+  become: true

roles/nomad/tasks/install_alpine_binary.yml

@@ -0,0 +1,27 @@
+---
+- name: ensure dirs are there
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: directory
+    owner: root
+    group: root
+  become: true
+  loop:
+    - "{{ nomad_etc_dir }}"
+    - "{{ nomad_data_dir }}"
+
+- name: install nomad apk package
+  community.general.apk:
+    name: "{{ item }}"
+    state: present
+    update_cache: yes
+  loop: 
+    - python3-pip
+    - nomad
+  become: true
+
+- name: install python-nomad
+  ansible.builtin.pip:
+    name: python-nomad
+    state: latest
+  become: true

roles/nomad/tasks/main.yml

@@ -0,0 +1,46 @@
+---
+- name: check version installed
+  ansible.builtin.command:
+    cmd: nomad --version
+  register: nomad_version_installed
+  changed_when: false
+  failed_when: false
+
+- name: install nomad
+  ansible.builtin.include_tasks: "install_{{ ansible_distribution | lower }}_binary.yml"
+  when: nomad_installed_version is not defined or nomad_version not in nomad_version_installed.stdout
+
+- name: setup configs
+  ansible.builtin.include_tasks: "setup_nomad_configs.yml"
+
+- name: install cni plugins
+  ansible.builtin.include_tasks: "cni.yml"
+
+- name: enable nomad
+  ansible.builtin.service:
+    name: nomad
+    state: restarted
+    enabled: true
+  become: true
+
+- name: set namespaces
+  ansible.builtin.command:
+    cmd: nomad namespace apply -descr "{{ item }} namespace" {{ item }}
+  changed_when: false
+  failed_when: false
+  loop: "{{ nomad_namespaces }}"
+  run_once: true
+
+#- name: Setup csi plugins
+#  ansible.builtin.include_tasks: "csi_plugins.yml"
+#  loop:
+#     - azure_csi_controller
+#     - azure_csi_node
+#  when: nomad_csi_volumes is defined
+#  run_once: true
+#
+#- name: Create csi volumes
+#  ansible.builtin.include_tasks: "csi_volumes.yml"
+#  loop: "{{ nomad_csi_volumes }}"
+#  when: nomad_csi_volumes is defined
+#  run_once: true

roles/nomad/tasks/setup_nomad_configs.yml

@@ -0,0 +1,9 @@
+---
+- name: setup nomad server/worker config
+  ansible.builtin.template:
+    src: "nomad.hcl.j2"
+    dest: "{{ nomad_etc_dir }}/nomad.hcl"
+    owner: root
+    group: root
+    mode: 0660
+  become: true

roles/nomad/templates/nomad.hcl.j2

@@ -0,0 +1,59 @@
+datacenter = "{{ nomad_datacenter }}"
+data_dir = "{{ nomad_data_dir }}"
+bind_addr = "{{ vm_ip }}"
+name = "{{ vm_name }}"
+advertise {
+  http = "{{ vm_ip }}"
+  rpc = "{{ vm_ip }}"
+  serf = "{{ vm_ip }}"
+}
+
+{% if 'admin' in group_names %}
+server {
+  enabled = true
+  bootstrap_expect = 3
+  retry_join = [{% for host in groups['admin'] %}"{{ hostvars[host]['vm_ip'] }}"{% if not loop.last %},{% endif %}{% endfor %}]
+}
+{% endif %}
+client {
+  enabled = true
+  host_network "public" {
+    cidr = "{{ network_cidr }}"
+  }
+  meta {
+    admin = {{ "1" if 'admin' in group_names else "0" }}
+  }
+}
+consul {
+  address = "{{ vm_ip}}:8500"
+}
+plugin "docker" {
+  config {
+    volumes {
+      enabled = true
+      selinuxlabel = "z"
+    }
+    extra_labels = ["job_name", "job_id", "task_group_name", "task_name", "namespace", "node_name", "node_id"]
+    gc {
+      image       = true
+      image_delay = "3m"
+      container   = true
+
+      dangling_containers {
+        enabled        = true
+        dry_run        = false
+        period         = "5m"
+        creation_grace = "5m"
+      }
+    }
+
+    allow_privileged = true
+  }
+}
+telemetry {
+  collection_interval = "1s"
+  disable_hostname = true
+  prometheus_metrics = true
+  publish_allocation_metrics = true
+  publish_node_metrics = true
+}