mirror of
				https://git.lapiole.org/dani/ansible-roles.git
				synced 2025-10-26 16:31:33 +01:00 
			
		
		
		
	Update to 2022-07-21 01:00
This commit is contained in:
		
							
								
								
									
										85
									
								
								roles/consul/defaults/main.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										85
									
								
								roles/consul/defaults/main.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,85 @@ | ||||
| --- | ||||
|  | ||||
| # Version of consul to deploy | ||||
| consul_version: 1.12.3 | ||||
| # URL from where the consul archive will be downloaded | ||||
| consul_archive_url: https://releases.hashicorp.com/consul/{{ consul_version }}/consul_{{ consul_version }}_linux_amd64.zip | ||||
| # Expected sha256 of the archive | ||||
| consul_archive_sha256: 620a47cfba34bdf918b4c3238d22f6318b29403888cfd927c6006a4ac1b1c9f6 | ||||
|  | ||||
| # user account under which consul will run (will be created if needed) | ||||
| consul_user: consul | ||||
|  | ||||
| # Root directory where consul will be installed | ||||
| consul_root_dir: /opt/consul | ||||
|  | ||||
| # List of consul servers name or IP | ||||
| consul_servers: [] | ||||
|  | ||||
| # List of services exposed by consul, the ports they use, and the list of IP | ||||
| # for which the service is accessible at the firewall level (if iptables_manage == True) | ||||
| consul_services: | ||||
|   dns: | ||||
|     port: 8600 | ||||
|     src_ip: [] | ||||
|     proto: [tcp,udp] | ||||
|   http_api: | ||||
|     port: 8500 | ||||
|     src_ip: [] | ||||
|     proto: [tcp] | ||||
|   https_api: | ||||
|     port: 8501 | ||||
|     src_ip: [] | ||||
|     proto: [tcp] | ||||
|   grpc_api: | ||||
|     port: 8502 | ||||
|     src_ip: [] | ||||
|     proto: [tcp] | ||||
|   lan_serf: | ||||
|     port: 8301 | ||||
|     src_ip: [] | ||||
|     proto: [tcp,udp] | ||||
|   wan_serf: | ||||
|     port: 8302 | ||||
|     src_ip: [] | ||||
|     proto: [tcp_udp] | ||||
|   server_rpc: | ||||
|     port: 8300 | ||||
|     src_ip: [] | ||||
|     proto: [tcp] | ||||
|   sidecar_proxy: | ||||
|     port: '21000:21255' | ||||
|     src_ip: [] | ||||
|     proto: [tcp] | ||||
|  | ||||
| # Consul configuration (which will be converted to JSON) | ||||
| # The configuration is splited in a base conf and an extra conf, so you can override part of the config easily | ||||
| consul_base_conf: | ||||
|   node_name: "{{ inventory_hostname }}" | ||||
|   data_dir: "{{ consul_root_dir }}/data" | ||||
|   client_addr: 0.0.0.0 | ||||
|   log_level: INFO | ||||
|   bind_addr: 0.0.0.0 | ||||
|   advertise_addr: "{{ ansible_default_ipv4.address }}" | ||||
|   retry_join: "{{ consul_servers }}" | ||||
|   bootstrap_expect: "{{ consul_servers | length }}" | ||||
|   server: "{{ (inventory_hostname in consul_servers) | ternary(True, False) }}" | ||||
|   ui_config: | ||||
|     enabled: "{{ (inventory_hostname in consul_servers) | ternary(True, False) }}" | ||||
|   connect: | ||||
|     enabled: "{{ (inventory_hostname in consul_servers) | ternary(True, False) }}" | ||||
|  | ||||
| # For example | ||||
| # consul_extra_conf: | ||||
| #   datacenter: my-dc | ||||
| #   domain: dev.example.org | ||||
| #   encrypt: WSnGbK30nI6K/xk9w+AAtk0Y3RMXKoAlsj4VEICqi0I= | ||||
| #   ui_config: | ||||
| #     enabled: False | ||||
|  | ||||
| consul_extra_conf: {} | ||||
| # Host conf is just another level of configuration override | ||||
| consul_host_conf: {} | ||||
|  | ||||
| # Merge all the conf | ||||
| consul_conf: "{{ consul_base_conf | combine(consul_extra_conf, recursive=True) | combine(consul_host_conf, recursive=True) }}" | ||||
							
								
								
									
										8
									
								
								roles/consul/handlers/main.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										8
									
								
								roles/consul/handlers/main.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,8 @@ | ||||
| --- | ||||
|  | ||||
| - name: restart consul | ||||
|   service: name=consul state=restarted | ||||
|   when: consul_service_started is not defined or not consul_service_started.changed | ||||
|  | ||||
| - name: reload consul | ||||
|   service: name=consul state=reloaded | ||||
							
								
								
									
										15
									
								
								roles/consul/tasks/archive_post.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										15
									
								
								roles/consul/tasks/archive_post.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,15 @@ | ||||
| --- | ||||
|  | ||||
| - name: Compress previous version | ||||
|   command: tar cf {{ consul_root_dir }}/archives/{{ consul_current_version }}.tar.zst --use-compress-program=zstd ./ | ||||
|   args: | ||||
|     chdir: "{{ consul_root_dir }}/archives/{{ consul_current_version }}" | ||||
|     warn: False | ||||
|   environment: | ||||
|     ZSTD_CLEVEL: 10 | ||||
|   tags: consul | ||||
|  | ||||
| - name: Remove archive dir | ||||
|   file: path={{ consul_root_dir }}/archives/{{ consul_current_version }} state=absent | ||||
|   tags: consul | ||||
|  | ||||
							
								
								
									
										10
									
								
								roles/consul/tasks/archive_pre.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										10
									
								
								roles/consul/tasks/archive_pre.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,10 @@ | ||||
| --- | ||||
|  | ||||
| - name: Create the archive dir | ||||
|   file: path={{ consul_root_dir }}/archives/{{ consul_current_version }} state=directory | ||||
|   tags: consul | ||||
|  | ||||
| - name: Backup previous version | ||||
|   copy: src={{ consul_root_dir }}/bin/consul dest={{ consul_root_dir }}/archives/{{ consul_current_version }}/ remote_src=True | ||||
|   tags: consul | ||||
|  | ||||
							
								
								
									
										8
									
								
								roles/consul/tasks/cleanup.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										8
									
								
								roles/consul/tasks/cleanup.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,8 @@ | ||||
| --- | ||||
|  | ||||
| - name: Remove tmp and obsolete files | ||||
|   file: path={{ item }} state=absent | ||||
|   loop: | ||||
|     - "{{ consul_root_dir }}/tmp/consul_{{ consul_version }}_linux_amd64.zip" | ||||
|     - "{{ consul_root_dir }}/tmp/consul" | ||||
|   tags: consul | ||||
							
								
								
									
										6
									
								
								roles/consul/tasks/conf.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										6
									
								
								roles/consul/tasks/conf.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,6 @@ | ||||
| --- | ||||
|  | ||||
| - name: Deploy consul configuration | ||||
|   template: src=consul.json.j2 dest={{ consul_root_dir }}/etc/consul.json owner=root group={{ consul_user }} mode=640 | ||||
|   notify: reload consul | ||||
|   tags: consul | ||||
							
								
								
									
										31
									
								
								roles/consul/tasks/directories.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										31
									
								
								roles/consul/tasks/directories.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,31 @@ | ||||
| --- | ||||
|  | ||||
| - name: Create needed directories | ||||
|   file: path={{ consul_root_dir }}/{{ item.dir }} state=directory owner={{ item.owner | default(omit) }} group={{ item.group | default(omit) }} mode={{ item.mode | default(omit) }} | ||||
|   loop: | ||||
|     - dir: archives | ||||
|       owner: root | ||||
|       group: root | ||||
|       mode: 700 | ||||
|     - dir: backup | ||||
|       owner: root | ||||
|       group: root | ||||
|       mode: 700 | ||||
|     - dir: meta | ||||
|       owner: root | ||||
|       group: root | ||||
|       mode: 700 | ||||
|     - dir: bin | ||||
|     - dir: tmp | ||||
|       owner: "{{ consul_user }}" | ||||
|       group: "{{ consul_user }}" | ||||
|       mode: 700 | ||||
|     - dir: data | ||||
|       owner: "{{ consul_user }}" | ||||
|       group: "{{ consul_user }}" | ||||
|       mode: 700 | ||||
|     - dir: etc | ||||
|       owner: root | ||||
|       group: "{{ consul_user }}" | ||||
|       mode: 750 | ||||
|   tags: consul | ||||
							
								
								
									
										12
									
								
								roles/consul/tasks/facts.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										12
									
								
								roles/consul/tasks/facts.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,12 @@ | ||||
| --- | ||||
|  | ||||
| - name: Detect installed version | ||||
|   block: | ||||
|     - import_tasks: ../includes/webapps_set_install_mode.yml | ||||
|       vars: | ||||
|         - root_dir: "{{ consul_root_dir }}" | ||||
|         - version: "{{ consul_version }}" | ||||
|     - set_fact: consul_install_mode={{ install_mode | default('none') }} | ||||
|     - set_fact: consul_current_version={{ current_version | default('') }} | ||||
|   tags: consul | ||||
|  | ||||
							
								
								
									
										55
									
								
								roles/consul/tasks/install.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										55
									
								
								roles/consul/tasks/install.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,55 @@ | ||||
| --- | ||||
|  | ||||
| - name: Install needed tools | ||||
|   package: | ||||
|     name: | ||||
|       - tar | ||||
|       - zstd | ||||
|       - unzip | ||||
|   tags: consul | ||||
|  | ||||
| - when: consul_install_mode != 'none' | ||||
|   block: | ||||
|     - name: Download consul | ||||
|       get_url: | ||||
|         url: "{{ consul_archive_url }}" | ||||
|         dest: "{{ consul_root_dir }}/tmp" | ||||
|         checksum: sha256:{{ consul_archive_sha256 }} | ||||
|  | ||||
|     - name: Extract the archive | ||||
|       unarchive: | ||||
|         src: "{{ consul_root_dir }}/tmp/consul_{{ consul_version }}_linux_amd64.zip" | ||||
|         dest: "{{ consul_root_dir }}/tmp" | ||||
|         remote_src: True | ||||
|  | ||||
|     - name: Install consul binary | ||||
|       copy: | ||||
|         src: "{{ consul_root_dir }}/tmp/consul" | ||||
|         dest: "{{ consul_root_dir }}/bin/consul" | ||||
|         remote_src: True | ||||
|         mode: 755 | ||||
|  | ||||
|     - name: Link in /usr/local/bin | ||||
|       file: src={{ consul_root_dir }}/bin/consul dest=/usr/local/bin/consul state=link force=True | ||||
|  | ||||
|   tags: consul | ||||
|  | ||||
| - name: Install bash completion support | ||||
|   copy: | ||||
|     content: | | ||||
|       complete -C {{ consul_root_dir }}/bin/consul consul | ||||
|     dest: /etc/bash_completion.d/consul | ||||
|     mode: 755 | ||||
|   tags: consul | ||||
|  | ||||
| - name: Deploy systemd service unit | ||||
|   template: src=consul.service.j2 dest=/etc/systemd/system/consul.service | ||||
|   register: consul_unit | ||||
|   notify: restart consul | ||||
|   tags: consul | ||||
|  | ||||
| - name: Reload systemd | ||||
|   systemd: daemon_reload=True | ||||
|   when: consul_unit.changed | ||||
|   tags: consul | ||||
|  | ||||
							
								
								
									
										15
									
								
								roles/consul/tasks/iptables.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										15
									
								
								roles/consul/tasks/iptables.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,15 @@ | ||||
| --- | ||||
|  | ||||
| - name: Handle consul ports in the firewall | ||||
|   iptables_raw: | ||||
|     name: consul_port_{{ item }} | ||||
|     state: "{{ (('tcp' in consul_services[item].proto or 'udp' in consul_services[item].proto) and consul_services[item].src_ip | length > 0) | ternary('present', 'absent') }}" | ||||
|     rules: | | ||||
|       {% if 'tcp' in consul_services[item].proto %} | ||||
|       -A INPUT -m state --state NEW -p tcp --dport {{ consul_services[item].port }} -j ACCEPT | ||||
|       {% endif %} | ||||
|       {% if 'udp' in consul_services[item].proto %} | ||||
|       -A INPUT -m state --state NEW -p udp --dport {{ consul_services[item].port }} -j ACCEPT | ||||
|       {% endif %} | ||||
|   loop: "{{ consul_services.keys() | list }}" | ||||
|   tags: firewall,consul | ||||
							
								
								
									
										38
									
								
								roles/consul/tasks/main.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										38
									
								
								roles/consul/tasks/main.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,38 @@ | ||||
| --- | ||||
|  | ||||
| - include_tasks: user.yml | ||||
|   tags: always | ||||
|  | ||||
| - include_tasks: directories.yml | ||||
|   tags: always | ||||
|  | ||||
| - include_tasks: facts.yml | ||||
|   tags: always | ||||
|  | ||||
| - include_tasks: archive_pre.yml | ||||
|   when: consul_install_mode | default('none') == 'upgrade' | ||||
|   tags: always | ||||
|  | ||||
| - include_tasks: install.yml | ||||
|   tags: always | ||||
|  | ||||
| - include_tasks: conf.yml | ||||
|   tags: always | ||||
|  | ||||
| - include_tasks: iptables.yml | ||||
|   when: iptables_manage | default(True) | ||||
|   tags: always | ||||
|  | ||||
| - include_tasks: services.yml | ||||
|   tags: always | ||||
|  | ||||
| - include_tasks: write_version.yml | ||||
|   tags: always | ||||
|  | ||||
| - include_tasks: archive_post.yml | ||||
|   when: consul_install_mode | default('none') == 'upgrade' | ||||
|   tags: always | ||||
|  | ||||
| - include_tasks: cleanup.yml | ||||
|   tags: always | ||||
|  | ||||
							
								
								
									
										6
									
								
								roles/consul/tasks/services.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										6
									
								
								roles/consul/tasks/services.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,6 @@ | ||||
| --- | ||||
|  | ||||
| - name: Start and enable consul service | ||||
|   service: name=consul state=started enabled=True | ||||
|   register: consul_service_started | ||||
|   tags: consul | ||||
							
								
								
									
										9
									
								
								roles/consul/tasks/user.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										9
									
								
								roles/consul/tasks/user.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,9 @@ | ||||
| --- | ||||
|  | ||||
| - name: Create consul user | ||||
|   user: | ||||
|     name: "{{ consul_user }}" | ||||
|     home: "{{ consul_root_dir }}" | ||||
|     system: True | ||||
|     shell: /sbin/nologin | ||||
|   tags: consul | ||||
							
								
								
									
										5
									
								
								roles/consul/tasks/write_version.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										5
									
								
								roles/consul/tasks/write_version.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,5 @@ | ||||
| --- | ||||
|  | ||||
| - name: Write installed version | ||||
|   copy: content={{ consul_version }} dest={{ consul_root_dir }}/meta/ansible_version | ||||
|   tags: consul | ||||
							
								
								
									
										1
									
								
								roles/consul/templates/consul.json.j2
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										1
									
								
								roles/consul/templates/consul.json.j2
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1 @@ | ||||
| {{ consul_conf | to_nice_json(indent=2) }} | ||||
							
								
								
									
										20
									
								
								roles/consul/templates/consul.service.j2
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										20
									
								
								roles/consul/templates/consul.service.j2
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,20 @@ | ||||
| [Unit] | ||||
| Description="HashiCorp Consul - A service mesh solution" | ||||
| Documentation=https://www.consul.io/ | ||||
| Requires=network-online.target | ||||
| After=network-online.target | ||||
| ConditionFileNotEmpty={{ consul_root_dir }}/etc/consul.json | ||||
|  | ||||
| [Service] | ||||
| EnvironmentFile=-{{ consul_root_dir }}/etc/consul.env | ||||
| User={{ consul_user }} | ||||
| Group={{ consul_user }} | ||||
| ExecStart={{ consul_root_dir }}/bin/consul agent -config-dir={{ consul_root_dir }}/etc/ | ||||
| ExecReload=/bin/kill --signal HUP $MAINPID | ||||
| KillMode=process | ||||
| KillSignal=SIGTERM | ||||
| Restart=on-failure | ||||
| LimitNOFILE=65536 | ||||
|  | ||||
| [Install] | ||||
| WantedBy=multi-user.target | ||||
							
								
								
									
										69
									
								
								roles/nomad/defaults/main.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										69
									
								
								roles/nomad/defaults/main.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,69 @@ | ||||
| --- | ||||
|  | ||||
| # Version of Nomad to install | ||||
| nomad_version: 1.3.2 | ||||
| # URL of the archive | ||||
| nomad_archive_url: https://releases.hashicorp.com/nomad/{{ nomad_version }}/nomad_{{ nomad_version }}_linux_amd64.zip | ||||
| # Expected sha256 of the archive | ||||
| nomad_archive_sha256: fc6b3800935c621633d98148ea30737ab8ac1f698020f45b28b07ac61fbf4a96 | ||||
|  | ||||
| # Root dir where Nomad will be installed | ||||
| nomad_root_dir: /opt/nomad | ||||
|  | ||||
| # user under which nomad will run. | ||||
| # Servers can run under an unprivileged user, while clients should run as root (or with equivalent privileges) | ||||
| nomad_user: "{{ nomad_conf.client.enabled | ternary('root', 'nomad') }}" | ||||
|  | ||||
| # List of nomad servers (not clients) | ||||
| nomad_servers: [] | ||||
|  | ||||
| # Ports used by Nomad, the protocols, and the list of IP/CIDR for which the ports will be opened in the firewall | ||||
| nomad_services: | ||||
|   http_api: | ||||
|     port: 4646 | ||||
|     proto: [tcp] | ||||
|     src_ip: [] | ||||
|   rpc: | ||||
|     port: 4647 | ||||
|     proto: [tcp] | ||||
|     src_ip: [] | ||||
|   serf: | ||||
|     port: 4648 | ||||
|     proto: [tcp,udp] | ||||
|     src_ip: [] | ||||
|  | ||||
| # Nomad configuration (which will be converted to JSON) | ||||
| # The configuration is splited in a base conf, an extra conf, and a host conf so you can override part of the config easily | ||||
| nomad_base_conf: | ||||
|   name: "{{ inventory_hostname }}" | ||||
|   data_dir: "{{ nomad_root_dir }}/data" | ||||
|   log_level: INFO | ||||
|   bind_addr: 0.0.0.0 | ||||
|   client: | ||||
|     enabled: "{{ (inventory_hostname in nomad_servers) | ternary(False, True) }}" | ||||
|     servers: "{{ (inventory_hostname in nomad_servers) | ternary([], nomad_servers) }}" | ||||
|   server: | ||||
|     enabled: "{{ (inventory_hostname in nomad_servers) | ternary(True, False) }}" | ||||
|     server_join: | ||||
|       retry_join: "{{ (inventory_hostname in nomad_servers) | ternary(nomad_servers, []) }}" | ||||
|     bootstrap_expect: "{{ nomad_servers | length }}" | ||||
|   ports: | ||||
|     http: "{{ nomad_services.http_api.port }}" | ||||
|     rpc: "{{ nomad_services.rpc.port }}" | ||||
|     serf: "{{ nomad_services.serf.port }}" | ||||
|  | ||||
| # For example | ||||
| # nomad_extra_conf: | ||||
| #   datacenter: my-dc | ||||
| #   server: | ||||
| #     encrypt: umizzu2vi9VaYwdRiOjDXgZIjV8AJ2AV+prqaAhElz0= | ||||
| #   ui_config: | ||||
| #     enabled: True | ||||
| # | ||||
| nomad_extra_conf: {} | ||||
| # Host conf is just another level of configuration override | ||||
| nomad_host_conf: {} | ||||
|  | ||||
| # Merge all the conf | ||||
| nomad_conf: "{{ nomad_base_conf | combine(nomad_extra_conf, recursive=True) | combine(nomad_host_conf, recursive=True) }}" | ||||
|  | ||||
							
								
								
									
										8
									
								
								roles/nomad/handlers/main.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										8
									
								
								roles/nomad/handlers/main.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,8 @@ | ||||
| --- | ||||
|  | ||||
| - name: restart nomad | ||||
|   service: name=nomad state=restarted | ||||
|   when: nomad_service_started is not defined or not nomad_service_started.changed | ||||
|  | ||||
| - name: reload nomad | ||||
|   service: name=nomad state=reloaded | ||||
							
								
								
									
										15
									
								
								roles/nomad/tasks/archive_post.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										15
									
								
								roles/nomad/tasks/archive_post.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,15 @@ | ||||
| --- | ||||
|  | ||||
| - name: Compress previous version | ||||
|   command: tar cf {{ nomad_root_dir }}/archives/{{ nomad_current_version }}.tar.zst --use-compress-program=zstd ./ | ||||
|   args: | ||||
|     chdir: "{{ nomad_root_dir }}/archives/{{ nomad_current_version }}" | ||||
|     warn: False | ||||
|   environment: | ||||
|     ZSTD_CLEVEL: 10 | ||||
|   tags: nomad | ||||
|  | ||||
| - name: Remove archive dir | ||||
|   file: path={{ nomad_root_dir }}/archives/{{ nomad_current_version }} state=absent | ||||
|   tags: nomad | ||||
|  | ||||
							
								
								
									
										10
									
								
								roles/nomad/tasks/archive_pre.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										10
									
								
								roles/nomad/tasks/archive_pre.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,10 @@ | ||||
| --- | ||||
|  | ||||
| - name: Create the archive dir | ||||
|   file: path={{ nomad_root_dir }}/archives/{{ nomad_current_version }} state=directory | ||||
|   tags: nomad | ||||
|  | ||||
| - name: Backup previous version | ||||
|   copy: src={{ nomad_root_dir }}/bin/nomad dest={{ nomad_root_dir }}/archives/{{ nomad_current_version }}/ remote_src=True | ||||
|   tags: nomad | ||||
|  | ||||
							
								
								
									
										8
									
								
								roles/nomad/tasks/cleanup.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										8
									
								
								roles/nomad/tasks/cleanup.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,8 @@ | ||||
| --- | ||||
|  | ||||
| - name: Remove tmp and obsolete files | ||||
|   file: path={{ item }} state=absent | ||||
|   loop: | ||||
|     - "{{ nomad_root_dir }}/tmp/nomad_{{ nomad_version }}_linux_amd64.zip" | ||||
|     - "{{ nomad_root_dir }}/tmp/nomad" | ||||
|   tags: nomad | ||||
							
								
								
									
										6
									
								
								roles/nomad/tasks/conf.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										6
									
								
								roles/nomad/tasks/conf.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,6 @@ | ||||
| --- | ||||
|  | ||||
| - name: Deploy nomad configuration | ||||
|   template: src=nomad.json.j2 dest={{ nomad_root_dir }}/etc/nomad.json owner=root group={{ nomad_user }} mode=640 | ||||
|   notify: restart nomad | ||||
|   tags: nomad | ||||
							
								
								
									
										37
									
								
								roles/nomad/tasks/directories.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										37
									
								
								roles/nomad/tasks/directories.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,37 @@ | ||||
| --- | ||||
|  | ||||
| - name: Create needed directories | ||||
|   file: path={{ nomad_root_dir }}/{{ item.dir }} state=directory owner={{ item.owner | default(omit) }} group={{ item.group | default(omit) }} mode={{ item.mode | default(omit) }} recurse={{ item.recurse | default(omit) }} | ||||
|   loop: | ||||
|     - dir: / | ||||
|       owner: root | ||||
|       group: root | ||||
|       mode: 755 | ||||
|     - dir: archives | ||||
|       owner: root | ||||
|       group: root | ||||
|       mode: 700 | ||||
|     - dir: backup | ||||
|       owner: root | ||||
|       group: root | ||||
|       mode: 700 | ||||
|     - dir: meta | ||||
|       owner: root | ||||
|       group: root | ||||
|       mode: 700 | ||||
|     - dir: bin | ||||
|     - dir: tmp | ||||
|       owner: "{{ nomad_user }}" | ||||
|       group: "{{ nomad_user }}" | ||||
|       mode: u=rwX,g=-,o=- | ||||
|       recurse: True | ||||
|     - dir: data | ||||
|       owner: "{{ nomad_user }}" | ||||
|       group: "{{ nomad_user }}" | ||||
|       mode: u=rwX,g=-,o=- | ||||
|       recurse: True | ||||
|     - dir: etc | ||||
|       owner: root | ||||
|       group: "{{ nomad_user }}" | ||||
|       mode: 750 | ||||
|   tags: nomad | ||||
							
								
								
									
										12
									
								
								roles/nomad/tasks/facts.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										12
									
								
								roles/nomad/tasks/facts.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,12 @@ | ||||
| --- | ||||
|  | ||||
| - name: Detect installed version | ||||
|   block: | ||||
|     - import_tasks: ../includes/webapps_set_install_mode.yml | ||||
|       vars: | ||||
|         - root_dir: "{{ nomad_root_dir }}" | ||||
|         - version: "{{ nomad_version }}" | ||||
|     - set_fact: nomad_install_mode={{ install_mode | default('none') }} | ||||
|     - set_fact: nomad_current_version={{ current_version | default('') }} | ||||
|   tags: nomad | ||||
|  | ||||
							
								
								
									
										55
									
								
								roles/nomad/tasks/install.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										55
									
								
								roles/nomad/tasks/install.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,55 @@ | ||||
| --- | ||||
|  | ||||
| - name: Install needed tools | ||||
|   package: | ||||
|     name: | ||||
|       - tar | ||||
|       - zstd | ||||
|       - unzip | ||||
|   tags: nomad | ||||
|  | ||||
| - when: nomad_install_mode != 'none' | ||||
|   block: | ||||
|     - name: Download nomad | ||||
|       get_url: | ||||
|         url: "{{ nomad_archive_url }}" | ||||
|         dest: "{{ nomad_root_dir }}/tmp" | ||||
|         checksum: sha256:{{ nomad_archive_sha256 }} | ||||
|  | ||||
|     - name: Extract the archive | ||||
|       unarchive: | ||||
|         src: "{{ nomad_root_dir }}/tmp/nomad_{{ nomad_version }}_linux_amd64.zip" | ||||
|         dest: "{{ nomad_root_dir }}/tmp" | ||||
|         remote_src: True | ||||
|  | ||||
|     - name: Install nomad binary | ||||
|       copy: | ||||
|         src: "{{ nomad_root_dir }}/tmp/nomad" | ||||
|         dest: "{{ nomad_root_dir }}/bin/nomad" | ||||
|         remote_src: True | ||||
|         mode: 755 | ||||
|  | ||||
|     - name: Link in /usr/local/bin | ||||
|       file: src={{ nomad_root_dir }}/bin/nomad dest=/usr/local/bin/nomad state=link force=True | ||||
|  | ||||
|   tags: nomad | ||||
|  | ||||
| - name: Install bash completion support | ||||
|   copy: | ||||
|     content: | | ||||
|       complete -C {{ nomad_root_dir }}/bin/nomad nomad | ||||
|     dest: /etc/bash_completion.d/nomad | ||||
|     mode: 755 | ||||
|   tags: nomad | ||||
|  | ||||
| - name: Deploy systemd service unit | ||||
|   template: src=nomad.service.j2 dest=/etc/systemd/system/nomad.service | ||||
|   register: nomad_unit | ||||
|   notify: restart nomad | ||||
|   tags: nomad | ||||
|  | ||||
| - name: Reload systemd | ||||
|   systemd: daemon_reload=True | ||||
|   when: nomad_unit.changed | ||||
|   tags: nomad | ||||
|  | ||||
							
								
								
									
										15
									
								
								roles/nomad/tasks/iptables.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										15
									
								
								roles/nomad/tasks/iptables.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,15 @@ | ||||
| --- | ||||
|  | ||||
| - name: Handle nomad ports in the firewall | ||||
|   iptables_raw: | ||||
|     name: nomad_port_{{ item }} | ||||
|     state: "{{ (('tcp' in nomad_services[item].proto or 'udp' in nomad_services[item].proto) and nomad_services[item].src_ip | length > 0) | ternary('present', 'absent') }}" | ||||
|     rules: | | ||||
|       {% if 'tcp' in nomad_services[item].proto %} | ||||
|       -A INPUT -m state --state NEW -p tcp --dport {{ nomad_services[item].port }} -j ACCEPT | ||||
|       {% endif %} | ||||
|       {% if 'udp' in nomad_services[item].proto %} | ||||
|       -A INPUT -m state --state NEW -p udp --dport {{ nomad_services[item].port }} -j ACCEPT | ||||
|       {% endif %} | ||||
|   loop: "{{ nomad_services.keys() | list }}" | ||||
|   tags: firewall,nomad | ||||
							
								
								
									
										39
									
								
								roles/nomad/tasks/main.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										39
									
								
								roles/nomad/tasks/main.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,39 @@ | ||||
| --- | ||||
|  | ||||
| - include_tasks: user.yml | ||||
|   when: nomad_user != 'root' | ||||
|   tags: always | ||||
|  | ||||
| - include_tasks: directories.yml | ||||
|   tags: always | ||||
|  | ||||
| - include_tasks: facts.yml | ||||
|   tags: always | ||||
|  | ||||
| - include_tasks: archive_pre.yml | ||||
|   when: nomad_install_mode | default('none') == 'upgrade' | ||||
|   tags: always | ||||
|  | ||||
| - include_tasks: install.yml | ||||
|   tags: always | ||||
|  | ||||
| - include_tasks: conf.yml | ||||
|   tags: always | ||||
|  | ||||
| - include_tasks: iptables.yml | ||||
|   when: iptables_manage | default(True) | ||||
|   tags: always | ||||
|  | ||||
| - include_tasks: services.yml | ||||
|   tags: always | ||||
|  | ||||
| - include_tasks: write_version.yml | ||||
|   tags: always | ||||
|  | ||||
| - include_tasks: archive_post.yml | ||||
|   when: nomad_install_mode | default('none') == 'upgrade' | ||||
|   tags: always | ||||
|  | ||||
| - include_tasks: cleanup.yml | ||||
|   tags: always | ||||
|  | ||||
							
								
								
									
										6
									
								
								roles/nomad/tasks/services.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										6
									
								
								roles/nomad/tasks/services.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,6 @@ | ||||
| --- | ||||
|  | ||||
| - name: Start and enable nomad service | ||||
|   service: name=nomad state=started enabled=True | ||||
|   register: nomad_service_started | ||||
|   tags: nomad | ||||
							
								
								
									
										9
									
								
								roles/nomad/tasks/user.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										9
									
								
								roles/nomad/tasks/user.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,9 @@ | ||||
| --- | ||||
|  | ||||
| - name: Create nomad user | ||||
|   user: | ||||
|     name: "{{ nomad_user }}" | ||||
|     home: "{{ nomad_root_dir }}" | ||||
|     system: True | ||||
|     shell: /sbin/nologin | ||||
|   tags: nomad | ||||
							
								
								
									
										5
									
								
								roles/nomad/tasks/write_version.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										5
									
								
								roles/nomad/tasks/write_version.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,5 @@ | ||||
| --- | ||||
|  | ||||
| - name: Write installed version | ||||
|   copy: content={{ nomad_version }} dest={{ nomad_root_dir }}/meta/ansible_version | ||||
|   tags: nomad | ||||
							
								
								
									
										1
									
								
								roles/nomad/templates/nomad.json.j2
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										1
									
								
								roles/nomad/templates/nomad.json.j2
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1 @@ | ||||
| {{ nomad_conf | to_nice_json(indent=2) }} | ||||
							
								
								
									
										24
									
								
								roles/nomad/templates/nomad.service.j2
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										24
									
								
								roles/nomad/templates/nomad.service.j2
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,24 @@ | ||||
| [Unit] | ||||
| Description=Nomad | ||||
| Documentation=https://nomadproject.io/docs/ | ||||
| Wants=network-online.target | ||||
| After=network-online.target | ||||
| ConditionFileNotEmpty={{ nomad_root_dir }}/etc/nomad.json | ||||
|  | ||||
| [Service] | ||||
| EnvironmentFile=-{{ nomad_root_dir }}/etc/nomad.env | ||||
| User={{ nomad_user }} | ||||
| Group={{ nomad_user }} | ||||
| ExecStart={{ nomad_root_dir }}/bin/nomad agent -config={{ nomad_root_dir }}/etc/ | ||||
| ExecReload=/bin/kill --signal HUP $MAINPID | ||||
| KillMode=process | ||||
| KillSignal=SIGINT | ||||
| Restart=on-failure | ||||
| LimitNOFILE=65536 | ||||
| LimitNPROC=infinity | ||||
| RestartSec=2 | ||||
| TasksMax=infinity | ||||
| OOMScoreAdjust=-1000 | ||||
|  | ||||
| [Install] | ||||
| WantedBy=multi-user.target | ||||
		Reference in New Issue
	
	Block a user
	 Daniel Berteaud
					Daniel Berteaud