Update to 2022-07-21 01:00

roles/nomad/tasks/archive_post.yml

@@ -0,0 +1,15 @@
+---
+
+- name: Compress previous version
+  command: tar cf {{ nomad_root_dir }}/archives/{{ nomad_current_version }}.tar.zst --use-compress-program=zstd ./
+  args:
+    chdir: "{{ nomad_root_dir }}/archives/{{ nomad_current_version }}"
+    warn: False
+  environment:
+    ZSTD_CLEVEL: 10
+  tags: nomad
+
+- name: Remove archive dir
+  file: path={{ nomad_root_dir }}/archives/{{ nomad_current_version }} state=absent
+  tags: nomad
+

roles/nomad/tasks/archive_pre.yml

@@ -0,0 +1,10 @@
+---
+
+- name: Create the archive dir
+  file: path={{ nomad_root_dir }}/archives/{{ nomad_current_version }} state=directory
+  tags: nomad
+
+- name: Backup previous version
+  copy: src={{ nomad_root_dir }}/bin/nomad dest={{ nomad_root_dir }}/archives/{{ nomad_current_version }}/ remote_src=True
+  tags: nomad
+

roles/nomad/tasks/cleanup.yml

@@ -0,0 +1,8 @@
+---
+
+- name: Remove tmp and obsolete files
+  file: path={{ item }} state=absent
+  loop:
+    - "{{ nomad_root_dir }}/tmp/nomad_{{ nomad_version }}_linux_amd64.zip"
+    - "{{ nomad_root_dir }}/tmp/nomad"
+  tags: nomad

roles/nomad/tasks/conf.yml

@@ -0,0 +1,6 @@
+---
+
+- name: Deploy nomad configuration
+  template: src=nomad.json.j2 dest={{ nomad_root_dir }}/etc/nomad.json owner=root group={{ nomad_user }} mode=640
+  notify: restart nomad
+  tags: nomad

roles/nomad/tasks/directories.yml

@@ -0,0 +1,37 @@
+---
+
+- name: Create needed directories
+  file: path={{ nomad_root_dir }}/{{ item.dir }} state=directory owner={{ item.owner | default(omit) }} group={{ item.group | default(omit) }} mode={{ item.mode | default(omit) }} recurse={{ item.recurse | default(omit) }}
+  loop:
+    - dir: /
+      owner: root
+      group: root
+      mode: 755
+    - dir: archives
+      owner: root
+      group: root
+      mode: 700
+    - dir: backup
+      owner: root
+      group: root
+      mode: 700
+    - dir: meta
+      owner: root
+      group: root
+      mode: 700
+    - dir: bin
+    - dir: tmp
+      owner: "{{ nomad_user }}"
+      group: "{{ nomad_user }}"
+      mode: u=rwX,g=-,o=-
+      recurse: True
+    - dir: data
+      owner: "{{ nomad_user }}"
+      group: "{{ nomad_user }}"
+      mode: u=rwX,g=-,o=-
+      recurse: True
+    - dir: etc
+      owner: root
+      group: "{{ nomad_user }}"
+      mode: 750
+  tags: nomad

roles/nomad/tasks/facts.yml

@@ -0,0 +1,12 @@
+---
+
+- name: Detect installed version
+  block:
+    - import_tasks: ../includes/webapps_set_install_mode.yml
+      vars:
+        - root_dir: "{{ nomad_root_dir }}"
+        - version: "{{ nomad_version }}"
+    - set_fact: nomad_install_mode={{ install_mode | default('none') }}
+    - set_fact: nomad_current_version={{ current_version | default('') }}
+  tags: nomad
+

roles/nomad/tasks/install.yml

@@ -0,0 +1,55 @@
+---
+
+- name: Install needed tools
+  package:
+    name:
+      - tar
+      - zstd
+      - unzip
+  tags: nomad
+
+- when: nomad_install_mode != 'none'
+  block:
+    - name: Download nomad
+      get_url:
+        url: "{{ nomad_archive_url }}"
+        dest: "{{ nomad_root_dir }}/tmp"
+        checksum: sha256:{{ nomad_archive_sha256 }}
+
+    - name: Extract the archive
+      unarchive:
+        src: "{{ nomad_root_dir }}/tmp/nomad_{{ nomad_version }}_linux_amd64.zip"
+        dest: "{{ nomad_root_dir }}/tmp"
+        remote_src: True
+
+    - name: Install nomad binary
+      copy:
+        src: "{{ nomad_root_dir }}/tmp/nomad"
+        dest: "{{ nomad_root_dir }}/bin/nomad"
+        remote_src: True
+        mode: 755
+
+    - name: Link in /usr/local/bin
+      file: src={{ nomad_root_dir }}/bin/nomad dest=/usr/local/bin/nomad state=link force=True
+
+  tags: nomad
+
+- name: Install bash completion support
+  copy:
+    content: |
+      complete -C {{ nomad_root_dir }}/bin/nomad nomad
+    dest: /etc/bash_completion.d/nomad
+    mode: 755
+  tags: nomad
+
+- name: Deploy systemd service unit
+  template: src=nomad.service.j2 dest=/etc/systemd/system/nomad.service
+  register: nomad_unit
+  notify: restart nomad
+  tags: nomad
+
+- name: Reload systemd
+  systemd: daemon_reload=True
+  when: nomad_unit.changed
+  tags: nomad
+

roles/nomad/tasks/iptables.yml

@@ -0,0 +1,15 @@
+---
+
+- name: Handle nomad ports in the firewall
+  iptables_raw:
+    name: nomad_port_{{ item }}
+    state: "{{ (('tcp' in nomad_services[item].proto or 'udp' in nomad_services[item].proto) and nomad_services[item].src_ip | length > 0) | ternary('present', 'absent') }}"
+    rules: |
+      {% if 'tcp' in nomad_services[item].proto %}
+      -A INPUT -m state --state NEW -p tcp --dport {{ nomad_services[item].port }} -j ACCEPT
+      {% endif %}
+      {% if 'udp' in nomad_services[item].proto %}
+      -A INPUT -m state --state NEW -p udp --dport {{ nomad_services[item].port }} -j ACCEPT
+      {% endif %}
+  loop: "{{ nomad_services.keys() | list }}"
+  tags: firewall,nomad

roles/nomad/tasks/main.yml

@@ -0,0 +1,39 @@
+---
+
+- include_tasks: user.yml
+  when: nomad_user != 'root'
+  tags: always
+
+- include_tasks: directories.yml
+  tags: always
+
+- include_tasks: facts.yml
+  tags: always
+
+- include_tasks: archive_pre.yml
+  when: nomad_install_mode | default('none') == 'upgrade'
+  tags: always
+
+- include_tasks: install.yml
+  tags: always
+
+- include_tasks: conf.yml
+  tags: always
+
+- include_tasks: iptables.yml
+  when: iptables_manage | default(True)
+  tags: always
+
+- include_tasks: services.yml
+  tags: always
+
+- include_tasks: write_version.yml
+  tags: always
+
+- include_tasks: archive_post.yml
+  when: nomad_install_mode | default('none') == 'upgrade'
+  tags: always
+
+- include_tasks: cleanup.yml
+  tags: always
+

roles/nomad/tasks/services.yml

@@ -0,0 +1,6 @@
+---
+
+- name: Start and enable nomad service
+  service: name=nomad state=started enabled=True
+  register: nomad_service_started
+  tags: nomad

roles/nomad/tasks/user.yml

@@ -0,0 +1,9 @@
+---
+
+- name: Create nomad user
+  user:
+    name: "{{ nomad_user }}"
+    home: "{{ nomad_root_dir }}"
+    system: True
+    shell: /sbin/nologin
+  tags: nomad

roles/nomad/tasks/write_version.yml

@@ -0,0 +1,5 @@
+---
+
+- name: Write installed version
+  copy: content={{ nomad_version }} dest={{ nomad_root_dir }}/meta/ansible_version
+  tags: nomad